sub_outside():
	WS2_32.inet_addr
	WS2_32.gethostbyname
	WS2_32.select
	WS2_32.__WSAFDIsSet
	WS2_32.htons
	WS2_32.setsockopt
	WS2_32.bind
	WS2_32.socket
	WS2_32.ioctlsocket
	WS2_32.connect
	WS2_32.WSAGetLastError
	KERNEL32.Sleep
	WS2_32.sendto
	WS2_32.recvfrom
	WS2_32.closesocket
	KERNEL32.GetModuleFileNameA
	KERNEL32.WinExec
	KERNEL32.GetWindowsDirectoryA
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegQueryValueExA
	ADVAPI32.RegDeleteValueA
	ADVAPI32.RegCloseKey
	ADVAPI32.OpenSCManagerA
	ADVAPI32.OpenServiceA
	ADVAPI32.ChangeServiceConfigA
	ADVAPI32.ControlService
	ADVAPI32.CloseServiceHandle
	ADVAPI32.SetServiceStatus
	KERNEL32.CreateMutexA
	NTDLL.RtlGetLastWin32Error
	ADVAPI32.RegisterServiceCtrlHandlerExA
	NTDLL.RtlFreeHeap
	KERNEL32.GetStartupInfoA
	KERNEL32.GetProcessHeap
	NTDLL.RtlAllocateHeap
	KERNEL32.GetVersionExA
	KERNEL32.GetCommandLineA
	KERNEL32.InitializeCriticalSection
	NTDLL.RtlUnwind
	NTDLL.RtlReAllocateHeap

sub_40C003(0130):
	KERNEL32.GetCPInfo
	KERNEL32.MultiByteToWideChar
	KERNEL32.WideCharToMultiByte

sub_40C2EF(0635):
	KERNEL32.FlushFileBuffers
	NTDLL.RtlGetLastWin32Error

sub_40A63B(0746):
	NTDLL.RtlEnterCriticalSection

sub_40C1B5(08d2):
	KERNEL32.CreateFileA

	"CONOUT$"

sub_4054D9(08e4):
	NTDLL.RtlReAllocateHeap
	NTDLL.RtlAllocateHeap
	KERNEL32.VirtualAlloc
	NTDLL.RtlFreeHeap

sub_4082B7(123e):
	KERNEL32.IsValidCodePage
	KERNEL32.GetCPInfo

sub_404D8F(1c1d):
	KERNEL32.IsDebuggerPresent
	KERNEL32.SetUnhandledExceptionFilter
	KERNEL32.UnhandledExceptionFilter
	KERNEL32.GetCurrentProcess
	KERNEL32.TerminateProcess

sub_403540(2345):
	ADVAPI32.OpenSCManagerA
	KERNEL32.GetModuleFileNameA
	ADVAPI32.CreateServiceA
	ADVAPI32.ChangeServiceConfig2A
	KERNEL32.lstrcpyn
	ADVAPI32.StartServiceA
	ADVAPI32.CloseServiceHandle

	"Windows Protocol Deployment Manager"
	"Provides implementation support for thi"...

sub_40A70C(240f):
	KERNEL32.WideCharToMultiByte
	NTDLL.RtlGetLastWin32Error

sub_405152(2585):
	NTDLL.RtlAllocateHeap

sub_401BC0(2b71):
	WS2_32.socket
	WS2_32.inet_addr
	WS2_32.gethostbyname
	WS2_32.htons

sub_40A965(2daa):
	NTDLL.RtlSizeHeap

sub_408B7B(2e92):
	KERNEL32.SetUnhandledExceptionFilter

sub_404279(336b):
	KERNEL32.ExitProcess

sub_40BB4F(34be):
	NTDLL.RtlLeaveCriticalSection

sub_403450(34f0):
	ADVAPI32.OpenSCManagerA
	ADVAPI32.OpenServiceA
	ADVAPI32.ChangeServiceConfigA
	ADVAPI32.StartServiceA
	ADVAPI32.CloseServiceHandle

sub_40BC33(364e):
	KERNEL32.MultiByteToWideChar

sub_403040(37b8):
	KERNEL32.CreateToolhelp32Snapshot
	KERNEL32.Process32First
	KERNEL32.OpenProcess
	KERNEL32.CloseHandle
	KERNEL32.TerminateProcess
	KERNEL32.WaitForSingleObject
	KERNEL32.Process32Next
	KERNEL32.DeleteFileA

sub_4017C0(3d96):
	WS2_32.accept

sub_401470(43c1):
	WS2_32.connect
	WS2_32.WSAGetLastError

sub_40B130(4d78):
	KERNEL32.GetStringTypeW
	NTDLL.RtlGetLastWin32Error
	KERNEL32.MultiByteToWideChar
	KERNEL32.GetStringTypeA

sub_4061E9(55af):
	KERNEL32.GetModuleHandleA

sub_408788(5886):
	KERNEL32.InterlockedIncrement

sub_4038C0(5955):
	KERNEL32.SetErrorMode
	KERNEL32.GetModuleFileNameA
	KERNEL32.GetWindowsDirectoryA
	ADVAPI32.OpenSCManagerA
	ADVAPI32.OpenServiceA
	ADVAPI32.CloseServiceHandle
	ADVAPI32.StartServiceCtrlDispatcherA

	"%s\\system32"
	"pdm.exe"
	"PDM"
	"PDM"
	"PDM"
	"PDM"

sub_4063B2(5a88):
	KERNEL32.GetModuleHandleA
	KERNEL32.GetProcAddress
	KERNEL32.InterlockedIncrement

	"KERNEL32.DLL"

sub_404FF4(5be9):
	NTDLL.RtlDeleteCriticalSection

sub_401A80(5d16):
	WS2_32.closesocket

sub_409323(60a0):
	KERNEL32.Sleep

sub_405D62(6392):
	KERNEL32.GetModuleFileNameA
	KERNEL32.GetStdHandle
	KERNEL32.WriteFile

	"Runtime Error!\n\nProgram: "
	""
	"..."
	"\n\n"
	"Microsoft Visual C++ Runtime Library"

sub_401840(6556):
	WS2_32.select
	WS2_32.send

sub_403150(6587):
	KERNEL32.FindFirstFileA
	KERNEL32.FindNextFileA
	KERNEL32.GetFileAttributesA
	KERNEL32.DeleteFileA
	NTDLL.RtlGetLastWin32Error
	KERNEL32.FindClose
	KERNEL32.RemoveDirectoryA

	"%s\\*"
	"%s\\%s"

sub_4093AB(6721):
	KERNEL32.Sleep

sub_405589(6919):
	KERNEL32.VirtualAlloc

sub_40823D(705a):
	KERNEL32.GetOEMCP
	KERNEL32.GetACP

sub_40BB71(71e5):
	KERNEL32.WriteConsoleW
	NTDLL.RtlGetLastWin32Error
	KERNEL32.GetConsoleOutputCP
	KERNEL32.WideCharToMultiByte
	KERNEL32.WriteConsoleA

sub_407B1C(7249):
	KERNEL32.GetModuleHandleA
	KERNEL32.GetProcAddress
	KERNEL32.TlsSetValue
	NTDLL.RtlRestoreLastWin32Error

	"kernel32.dll"
	"InitializeCriticalSectionAndSpinCount"

sub_4060E5(7a5e):
	KERNEL32.IsDebuggerPresent
	KERNEL32.SetUnhandledExceptionFilter
	KERNEL32.UnhandledExceptionFilter
	KERNEL32.GetCurrentProcess
	KERNEL32.TerminateProcess

sub_402F20(7f54):
	KERNEL32.GetModuleFileNameA
	KERNEL32.SetCurrentDirectoryA
	KERNEL32.CreateDirectoryA
	KERNEL32.CopyFileA
	KERNEL32.CreateProcessA
	KERNEL32.CloseHandle
	KERNEL32.ExitProcess

	"%s\\%s"

sub_40A669(81f8):
	NTDLL.RtlLeaveCriticalSection

sub_4036D0(82a3):
	"CAISafe"
	"UmxCfg"
	"UmxAgent"
	"KPF4"
	"WebrootFirewall"
	"WinRoute"
	"AVGFwSrv"
	"Avg7Alrt"
	"OutpostFirewall"
	"LavasoftFirewall"
	"MpfService"
	"vsmon"
	"NPFMntor"
	"ccEvtMgr"
	"ccProxy"
	"cclSPwdSvc"
	"SPBBCSvc"

sub_409C48(83d5):
	KERNEL32.SetFilePointer
	NTDLL.RtlGetLastWin32Error

sub_406255(84ee):
	KERNEL32.TlsGetValue
	KERNEL32.GetModuleHandleA
	KERNEL32.GetProcAddress

	"KERNEL32.DLL"

sub_4062CC(84ee):
	KERNEL32.TlsGetValue
	KERNEL32.GetModuleHandleA
	KERNEL32.GetProcAddress

	"KERNEL32.DLL"

sub_406471(8594):
	NTDLL.RtlGetLastWin32Error
	KERNEL32.GetCurrentThreadId
	NTDLL.RtlRestoreLastWin32Error

sub_40800F(87b5):
	KERNEL32.GetCPInfo

sub_403780(8ff4):
	"wsas"
	"nlc"
	"nsms"
	"ntrcs"
	"VistaRuntimeSvc"
	"PDM"

sub_40880E(9237):
	KERNEL32.InterlockedDecrement

sub_401710(9ca7):
	WS2_32.socket
	WS2_32.htons
	WS2_32.bind
	WS2_32.listen
	WS2_32.ioctlsocket

sub_4067A5(9e2e):
	KERNEL32.GetSystemTimeAsFileTime

sub_401E40(a077):
	WS2_32.sendto
	WS2_32.WSAGetLastError
	WS2_32.closesocket
	KERNEL32.Sleep

	"host238.hl556.com"
	"%d"

sub_40BD5D(a109):
	NTDLL.RtlDeleteCriticalSection

sub_409DE4(a83e):
	KERNEL32.GetConsoleMode
	KERNEL32.GetConsoleCP
	KERNEL32.WideCharToMultiByte
	KERNEL32.WriteFile
	NTDLL.RtlGetLastWin32Error

sub_406621(a9bf):
	KERNEL32.GetModuleHandleA
	KERNEL32.GetProcAddress
	KERNEL32.TlsAlloc
	KERNEL32.TlsSetValue
	KERNEL32.TlsFree
	KERNEL32.GetCurrentThreadId

	"KERNEL32.DLL"
	"FlsGetValue"
	"FlsSetValue"
	"FlsFree"

sub_403B17(ad53):
	NTDLL.RtlAllocateHeap

sub_408E59(b143):
	KERNEL32.GetModuleFileNameA

	"C:\\m_unpacker\\packed.exe"

sub_40BFBC(b2da):
	KERNEL32.GetLocaleInfoA

sub_40B9BD(b451):
	KERNEL32.SetStdHandle

sub_401A10(b837):
	WS2_32.recv
	WS2_32.WSAGetLastError

sub_4032F0(bcdf):
	ADVAPI32.OpenSCManagerA
	ADVAPI32.OpenServiceA
	ADVAPI32.ChangeServiceConfigA
	ADVAPI32.ControlService
	ADVAPI32.DeleteService
	KERNEL32.LocalAlloc
	ADVAPI32.QueryServiceConfigA
	KERNEL32.DeleteFileA
	KERNEL32.LocalFree
	ADVAPI32.CloseServiceHandle

sub_402E60(be02):
	ADVAPI32.RegOpenKeyExA
	KERNEL32.GetModuleFileNameA
	ADVAPI32.RegSetValueExA
	ADVAPI32.RegCloseKey

	"SYSTEM\\CurrentControlSet\\Services\\Share"...
	"Microsoft (R)	Windows	Protocol Deployme"...
	"%s:*:Enabled:%s"

sub_4014F0(bf13):
	WS2_32.socket
	WS2_32.inet_addr
	WS2_32.gethostbyname
	WS2_32.htons
	WS2_32.ioctlsocket

sub_405121(c36e):
	NTDLL.RtlEnterCriticalSection

sub_409287(c391):
	KERNEL32.GetSystemTimeAsFileTime
	KERNEL32.GetCurrentProcessId
	KERNEL32.GetCurrentThreadId
	KERNEL32.GetTickCount
	KERNEL32.QueryPerformanceCounter

sub_405049(c70d):
	NTDLL.RtlLeaveCriticalSection

sub_409047(ca1e):
	KERNEL32.GetStartupInfoA
	KERNEL32.GetFileType
	KERNEL32.GetStdHandle
	KERNEL32.LockResource

sub_40A69F(ce96):
	NTDLL.RtlLeaveCriticalSection

sub_408F12(ced3):
	KERNEL32.GetEnvironmentStringsW
	NTDLL.RtlGetLastWin32Error
	KERNEL32.WideCharToMultiByte
	KERNEL32.FreeEnvironmentStringsW
	KERNEL32.GetEnvironmentStrings
	KERNEL32.FreeEnvironmentStringsA

sub_408199(d02f):
	KERNEL32.InterlockedDecrement
	KERNEL32.InterlockedIncrement

sub_40A5FF(d15a):
	NTDLL.RtlEnterCriticalSection

sub_40B684(d327):
	NTDLL.RtlAllocateHeap

sub_40AD4B(d5b0):
	KERNEL32.LCMapStringW
	NTDLL.RtlGetLastWin32Error
	KERNEL32.MultiByteToWideChar
	KERNEL32.WideCharToMultiByte
	KERNEL32.LCMapStringA

sub_406375(d7e5):
	KERNEL32.TlsFree

sub_408490(d858):
	KERNEL32.InterlockedDecrement
	KERNEL32.InterlockedIncrement

sub_406343(d8a3):
	KERNEL32.TlsGetValue
	KERNEL32.TlsSetValue

sub_40BAAF(e051):
	NTDLL.RtlEnterCriticalSection

sub_406500(e07f):
	KERNEL32.InterlockedDecrement

sub_40C1D4(e22c):
	KERNEL32.CloseHandle

sub_402040(e26f):
	WS2_32.WSAStartup
	KERNEL32.GetCurrentProcessId
	KERNEL32.CreateThread
	WS2_32.select
	WS2_32.__WSAFDIsSet

	"http://"
	"%d.%d.%d.%d"
	"%d.%d.%d.%d"
	"HTTP/1.0 200 Connection established\r\nPr"...
	"HTTP/1.0 201 Unable to connect\r\nProxy-a"...

sub_40B7A2(e37e):
	NTDLL.RtlAllocateHeap
	NTDLL.RtlReAllocateHeap

sub_405D08(e479):
	KERNEL32.HeapCreate
	KERNEL32.HeapDestroy

sub_409765(e6c3):
	KERNEL32.LoadLibraryA
	KERNEL32.GetProcAddress

	"USER32.DLL"
	"MessageBoxA"
	"GetActiveWindow"
	"GetLastActivePopup"
	"GetUserObjectInformationA"
	"GetProcessWindowStation"

sub_40AA11(e6d5):
	KERNEL32.SetUnhandledExceptionFilter
	KERNEL32.UnhandledExceptionFilter

sub_40633A(ef17):
	KERNEL32.TlsAlloc

sub_404253(f11f):
	KERNEL32.GetModuleHandleA
	KERNEL32.GetProcAddress

	"mscoree.dll"
	"CorExitProcess"

sub_407F5A(f36d):
	NTDLL.RtlUnwind

sub_409363(f675):
	KERNEL32.Sleep

sub_4051C5(f7b2):
	KERNEL32.VirtualFree
	NTDLL.RtlFreeHeap

sub_40C431(fb55):
	KERNEL32.CloseHandle
	NTDLL.RtlGetLastWin32Error