sub_outside():
	NTDLL.RtlEnterCriticalSection
	KERNEL32.lstrlenA
	NTDLL.RtlLeaveCriticalSection
	KERNEL32.VirtualProtectEx
	KERNEL32.GetCommandLineA
	KERNEL32.CreateMutexW
	NTDLL.RtlGetLastWin32Error
	KERNEL32.CloseHandle
	KERNEL32.Sleep
	KERNEL32.GetModuleFileNameW
	KERNEL32.lstrcmpiW
	KERNEL32.CopyFileW
	KERNEL32.SetFileAttributesW
	KERNEL32.CreateFileW
	KERNEL32.SetFilePointer
	KERNEL32.WriteFile
	KERNEL32.FlushFileBuffers
	KERNEL32.GetFileTime
	KERNEL32.SetFileTime
	KERNEL32.lstrcpyA
	KERNEL32.CreateEventW
	KERNEL32.ResetEvent
	KERNEL32.GetSystemTime
	KERNEL32.lstrcpyW
	KERNEL32.lstrcatW
	KERNEL32.WaitForSingleObject
	KERNEL32.GetCurrentThread
	KERNEL32.SetThreadPriority
	KERNEL32.GetLogicalDrives
	KERNEL32.GetDriveTypeW
	KERNEL32.InitializeCriticalSection
	KERNEL32.lstrlenW
	KERNEL32.SetEvent
	KERNEL32.GetProcAddress
	KERNEL32.ExpandEnvironmentStringsW
	KERNEL32.FindFirstFileW
	KERNEL32.FindNextFileW
	KERNEL32.FindClose
	KERNEL32.MultiByteToWideChar
	KERNEL32.DisconnectNamedPipe
	KERNEL32.ConnectNamedPipe
	KERNEL32.ReadFile
	KERNEL32.MoveFileExW
	KERNEL32.CreateThread

sub_403EB7(02d1):
	KERNEL32.GetCurrentThread
	KERNEL32.SetThreadPriority
	KERNEL32.WaitForSingleObject
	KERNEL32.GetLogicalDrives
	KERNEL32.GetDriveTypeW

sub_4089D8(0345):
	KERNEL32.lstrlenA

	"2="
	"&n="
	"&v="
	"&i="
	"&s="
	"&sp="
	"&lcp="
	"&pr="

sub_4035AD(073c):
	KERNEL32.CloseHandle
	KERNEL32.GetCurrentThread
	KERNEL32.SetThreadPriority

sub_414AD3(073c):
	KERNEL32.CloseHandle
	KERNEL32.GetCurrentThread
	KERNEL32.SetThreadPriority

sub_405E38(07d2):
	KERNEL32.CreateFileW
	KERNEL32.GetFileSize
	KERNEL32.ReadFile
	KERNEL32.lstrlenA
	KERNEL32.SetFilePointer
	KERNEL32.SetEndOfFile
	KERNEL32.WriteFile
	KERNEL32.FlushFileBuffers
	KERNEL32.CloseHandle

	" "

sub_41735E(07d2):
	KERNEL32.CreateFileW
	KERNEL32.GetFileSize
	KERNEL32.ReadFile
	KERNEL32.lstrlenA
	KERNEL32.SetFilePointer
	KERNEL32.SetEndOfFile
	KERNEL32.WriteFile
	KERNEL32.FlushFileBuffers
	KERNEL32.CloseHandle

	" "

sub_40A263(0867):
	KERNEL32.CreateThread
	KERNEL32.CloseHandle

sub_41B789(0867):
	KERNEL32.CreateThread
	KERNEL32.CloseHandle

sub_40C519(0869):
	KERNEL32.InitializeCriticalSection

sub_41DA3F(0869):
	KERNEL32.InitializeCriticalSection

sub_4171F1(0927):
	KERNEL32.CreateFileW
	KERNEL32.WaitForSingleObject
	KERNEL32.WriteFile
	KERNEL32.FlushFileBuffers
	KERNEL32.CloseHandle

sub_405CCB(0927):
	KERNEL32.CreateFileW
	KERNEL32.WaitForSingleObject
	KERNEL32.WriteFile
	KERNEL32.FlushFileBuffers
	KERNEL32.CloseHandle

sub_40A8B5(0967):
	KERNEL32.lstrlenA

sub_41BDDB(0967):
	KERNEL32.lstrlenA

sub_415D04(0a8e):
	NTDLL.RtlEnterCriticalSection
	KERNEL32.lstrlenA
	NTDLL.RtlLeaveCriticalSection

sub_409B94(0b92):
	KERNEL32.GetTickCount

sub_41B052(0d56):
	KERNEL32.SetFileAttributesW
	KERNEL32.DeleteFileW

sub_409B2C(0d56):
	KERNEL32.SetFileAttributesW
	KERNEL32.DeleteFileW

sub_4087B5(0fb0):
	KERNEL32.GetCurrentThread
	KERNEL32.SetThreadPriority
	KERNEL32.CreateEventW
	KERNEL32.WaitForSingleObject
	KERNEL32.Sleep
	KERNEL32.CloseHandle

sub_40681A(10db):
	KERNEL32.IsBadReadPtr
	KERNEL32.lstrcmpiA

sub_417D40(10db):
	KERNEL32.IsBadReadPtr
	KERNEL32.lstrcmpiA

sub_4178A9(1184):
	KERNEL32.lstrcpyA

sub_406383(1184):
	KERNEL32.lstrcpyA

sub_41ED7D(122c):
	NTDLL.RtlLeaveCriticalSection
	NTDLL.RtlEnterCriticalSection

sub_403B25(194c):
	KERNEL32.InitializeCriticalSection

sub_41504B(194c):
	KERNEL32.InitializeCriticalSection

sub_406FC4(204d):
	"-!-@hj01N./1@};|"

sub_406F8C(204d):
	"=-=-PaNdA!$2+)(*"

sub_41C395(2984):
	KERNEL32.CreateToolhelp32Snapshot
	KERNEL32.lstrcpyW
	KERNEL32.Process32FirstW
	KERNEL32.lstrcmpiW
	KERNEL32.OpenProcess
	KERNEL32.CloseHandle
	KERNEL32.Process32NextW

sub_40AE6F(2984):
	KERNEL32.CreateToolhelp32Snapshot
	KERNEL32.lstrcpyW
	KERNEL32.Process32FirstW
	KERNEL32.lstrcmpiW
	KERNEL32.OpenProcess
	KERNEL32.CloseHandle
	KERNEL32.Process32NextW

sub_40A791(2b2c):
	KERNEL32.lstrlenA
	KERNEL32.MultiByteToWideChar

sub_41BCB7(2b2c):
	KERNEL32.lstrlenA
	KERNEL32.MultiByteToWideChar

sub_41D739(2ee3):
	KERNEL32.lstrlenA
	KERNEL32.lstrcpyA

sub_40A28B(3084):
	KERNEL32.FindFirstFileW
	KERNEL32.FindNextFileW
	KERNEL32.FindClose

sub_41B7B1(3084):
	KERNEL32.FindFirstFileW
	KERNEL32.FindNextFileW
	KERNEL32.FindClose

sub_40B1A0(30d0):
	KERNEL32.lstrlenA

sub_40A91F(3124):
	NTDLL.RtlReAllocateHeap

sub_41BE45(3124):
	NTDLL.RtlReAllocateHeap

sub_407028(334f):
	KERNEL32.ExpandEnvironmentStringsW
	KERNEL32.FindFirstFileW
	KERNEL32.FindNextFileW
	KERNEL32.FindClose

sub_415DD5(3601):
	KERNEL32.GetTickCount
	KERNEL32.GetCurrentProcessId
	KERNEL32.WideCharToMultiByte

	"unknown"

sub_4048AF(3601):
	KERNEL32.GetTickCount
	KERNEL32.GetCurrentProcessId
	KERNEL32.WideCharToMultiByte

	"unknown"

sub_41CAA9(3a63):
	KERNEL32.GetCurrentThread
	KERNEL32.GetThreadPriority
	KERNEL32.SetThreadPriority
	KERNEL32.lstrlenA
	KERNEL32.GetTickCount
	KERNEL32.GetSystemTime
	KERNEL32.CreateFileW
	KERNEL32.SetFilePointer
	KERNEL32.WriteFile
	KERNEL32.SetEndOfFile
	KERNEL32.FlushFileBuffers
	KERNEL32.CloseHandle

sub_41BD07(3e06):
	KERNEL32.lstrlenW
	KERNEL32.lstrcpyW

sub_40A7E1(3e06):
	KERNEL32.lstrlenW
	KERNEL32.lstrcpyW

sub_404308(3fa8):
	KERNEL32.GetModuleHandleA

sub_405C0B(4093):
	KERNEL32.WaitForSingleObject

sub_417131(4093):
	KERNEL32.WaitForSingleObject

sub_41816A(4412):
	KERNEL32.CreateToolhelp32Snapshot
	KERNEL32.Thread32First
	KERNEL32.Thread32Next
	KERNEL32.CloseHandle

sub_406C44(4412):
	KERNEL32.CreateToolhelp32Snapshot
	KERNEL32.Thread32First
	KERNEL32.Thread32Next
	KERNEL32.CloseHandle

sub_416137(44b2):
	KERNEL32.lstrlenA

	"Macromedia\\Flash Player"
	"*.sol"

sub_404C11(44b2):
	KERNEL32.lstrlenA

	"Macromedia\\Flash Player"
	"*.sol"

sub_40A137(4692):
	KERNEL32.CloseHandle

sub_41B65D(4692):
	KERNEL32.CloseHandle

sub_41B2B4(47fd):
	KERNEL32.GetProcessTimes

sub_409D8E(47fd):
	KERNEL32.GetProcessTimes

sub_409CE2(4bc1):
	KERNEL32.CreateFileW
	KERNEL32.lstrcpyW
	KERNEL32.CloseHandle

sub_41B208(4bc1):
	KERNEL32.CreateFileW
	KERNEL32.lstrcpyW
	KERNEL32.CloseHandle

sub_40B2E4(4c90):
	KERNEL32.lstrlenA
	KERNEL32.lstrcpyA

sub_41C80A(4c90):
	KERNEL32.lstrlenA
	KERNEL32.lstrcpyA

sub_406DB8(5026):
	KERNEL32.OpenProcess
	KERNEL32.CreateRemoteThread
	KERNEL32.CloseHandle

sub_4182DE(5026):
	KERNEL32.OpenProcess
	KERNEL32.CreateRemoteThread
	KERNEL32.CloseHandle

sub_41B390(502f):
	KERNEL32.CreateDirectoryW
	KERNEL32.SetFileAttributesW

sub_409E6A(502f):
	KERNEL32.CreateDirectoryW
	KERNEL32.SetFileAttributesW

sub_40BAC3(508e):
	KERNEL32.lstrlenA

	"&i="
	"&s="

sub_41A83D(5172):
	NTDLL.RtlFreeHeap

sub_415B17(5424):
	NTDLL.RtlEnterCriticalSection
	NTDLL.RtlLeaveCriticalSection

sub_4045F1(5424):
	NTDLL.RtlEnterCriticalSection
	NTDLL.RtlLeaveCriticalSection

sub_41A649(5500):
	"script"
	"script"

sub_409123(5500):
	"script"
	"script"

sub_407570(55e4):
	KERNEL32.LoadLibraryA
	KERNEL32.GetProcAddress
	KERNEL32.lstrcmpiW

sub_418A96(55e4):
	KERNEL32.LoadLibraryA
	KERNEL32.GetProcAddress
	KERNEL32.lstrcmpiW

sub_4093FA(579e):
	KERNEL32.CreateMutexW
	KERNEL32.SetEvent
	KERNEL32.DisconnectNamedPipe
	KERNEL32.WaitForSingleObject
	KERNEL32.ConnectNamedPipe
	KERNEL32.ReadFile
	KERNEL32.WriteFile
	KERNEL32.FlushFileBuffers
	KERNEL32.CloseHandle

sub_40D058(5856):
	KERNEL32.lstrlenA
	KERNEL32.GetSystemTime

sub_4033DA(5a5c):
	KERNEL32.GetSystemTime
	KERNEL32.lstrcatW
	KERNEL32.lstrlenW

	"grb"
	".txt"

sub_404624(5a86):
	NTDLL.RtlEnterCriticalSection
	KERNEL32.GetTickCount
	NTDLL.RtlLeaveCriticalSection

sub_415B4A(5a86):
	NTDLL.RtlEnterCriticalSection
	KERNEL32.GetTickCount
	NTDLL.RtlLeaveCriticalSection

sub_417B1A(5b15):
	KERNEL32.VirtualAllocEx
	KERNEL32.WriteProcessMemory
	KERNEL32.VirtualProtectEx

sub_4065F4(5b15):
	KERNEL32.VirtualAllocEx
	KERNEL32.WriteProcessMemory
	KERNEL32.VirtualProtectEx

sub_41C9C6(5b90):
	KERNEL32.GetModuleFileNameA
	KERNEL32.GetTimeZoneInformation
	KERNEL32.GetVersionExW
	KERNEL32.lstrlenW

sub_40B4A0(5b90):
	KERNEL32.GetModuleFileNameA
	KERNEL32.GetTimeZoneInformation
	KERNEL32.GetVersionExW
	KERNEL32.lstrlenW

sub_416B93(6077):
	KERNEL32.CloseHandle

sub_406FDE(62d4):
	"-!-@hj01N./1@};|"

sub_406FA6(62d4):
	"=-=-PaNdA!$2+)(*"

sub_4056AC(6560):
	KERNEL32.SetEvent
	KERNEL32.GetProcAddress

sub_41C198(66fd):
	KERNEL32.lstrlenW
	KERNEL32.GetComputerNameW
	KERNEL32.lstrcpyW
	KERNEL32.GetTickCount

	"unknown"

sub_40AC72(66fd):
	KERNEL32.lstrlenW
	KERNEL32.GetComputerNameW
	KERNEL32.lstrcpyW
	KERNEL32.GetTickCount

	"unknown"

sub_41B0BA(68d9):
	KERNEL32.GetTickCount

sub_409B48(696a):
	KERNEL32.CreateMutexW
	KERNEL32.WaitForSingleObject
	KERNEL32.CloseHandle

sub_41B06E(696a):
	KERNEL32.CreateMutexW
	KERNEL32.WaitForSingleObject
	KERNEL32.CloseHandle

sub_409588(6a48):
	KERNEL32.OpenMutexW
	KERNEL32.CloseHandle

sub_41AAAE(6a48):
	KERNEL32.OpenMutexW
	KERNEL32.CloseHandle

sub_41E71F(6da6):
	KERNEL32.CreateEventW
	NTDLL.RtlGetLastWin32Error
	KERNEL32.ResetEvent
	KERNEL32.CloseHandle
	KERNEL32.lstrlenA
	KERNEL32.GetSystemTime
	NTDLL.RtlEnterCriticalSection
	NTDLL.RtlLeaveCriticalSection

	"grab_%S_%02u_%02u_%02u.bin"

sub_40A6F7(6e9a):
	KERNEL32.lstrlenW
	KERNEL32.WideCharToMultiByte

sub_41BC1D(6e9a):
	KERNEL32.lstrlenW
	KERNEL32.WideCharToMultiByte

sub_417CC6(710e):
	KERNEL32.VirtualQueryEx
	KERNEL32.VirtualProtectEx
	KERNEL32.WriteProcessMemory

sub_4067A0(710e):
	KERNEL32.VirtualQueryEx
	KERNEL32.VirtualProtectEx
	KERNEL32.WriteProcessMemory

sub_41FC7E(7386):
	NTDLL.RtlEnterCriticalSection
	NTDLL.RtlLeaveCriticalSection
	KERNEL32.lstrlenA

sub_40E758(7386):
	NTDLL.RtlEnterCriticalSection
	NTDLL.RtlLeaveCriticalSection
	KERNEL32.lstrlenA

sub_417F96(76d7):
	KERNEL32.IsBadReadPtr

sub_406A70(76d7):
	KERNEL32.IsBadReadPtr

sub_408413(7a68):
	KERNEL32.GetCurrentThread
	KERNEL32.GetThreadPriority
	KERNEL32.SetThreadPriority
	KERNEL32.CreateToolhelp32Snapshot
	KERNEL32.Process32FirstW
	KERNEL32.OpenProcess
	KERNEL32.CloseHandle
	KERNEL32.Process32NextW

sub_419939(7a68):
	KERNEL32.GetCurrentThread
	KERNEL32.GetThreadPriority
	KERNEL32.SetThreadPriority
	KERNEL32.CreateToolhelp32Snapshot
	KERNEL32.Process32FirstW
	KERNEL32.OpenProcess
	KERNEL32.CloseHandle
	KERNEL32.Process32NextW

sub_40471E(7c9d):
	KERNEL32.GlobalLock
	KERNEL32.lstrlenA
	KERNEL32.lstrlenW
	KERNEL32.GlobalUnlock

	" "
	" "

sub_4092F9(7fe2):
	NTDLL.RtlAllocateHeap

sub_41A81F(7fe2):
	NTDLL.RtlAllocateHeap

sub_404222(847d):
	KERNEL32.CreateMutexW
	KERNEL32.InitializeCriticalSection

	"LoadLibraryA"
	"GetProcAddress"

sub_4035F5(8658):
	KERNEL32.SetFilePointer
	KERNEL32.ReadFile

sub_414B1B(8658):
	KERNEL32.SetFilePointer
	KERNEL32.ReadFile

sub_4057EE(87e6):
	KERNEL32.CreateEventW
	KERNEL32.CreateFileW
	KERNEL32.Sleep
	KERNEL32.WaitForSingleObject
	KERNEL32.CloseHandle

sub_40C000(88a5):
	KERNEL32.lstrcpyW
	KERNEL32.lstrcatW
	KERNEL32.FindFirstFileW
	KERNEL32.FindClose
	KERNEL32.WaitForSingleObject

sub_4063D8(8977):
	KERNEL32.lstrcpyA

	"/"
	"POST"

sub_4178FE(8977):
	KERNEL32.lstrcpyA

	"/"
	"POST"

sub_407BDB(8b92):
	KERNEL32.lstrlenA

	"CONNECT "
	"http://"
	"Proxy-Connection: "
	"Connection: "
	"*keep-alive*"
	"Proxy-"
	"Host: "
	"HTTP/1.0 200 Connection established\r\n\r\n"...
	"Connection: close\r\n\r\n"

sub_406E98(8df8):
	KERNEL32.OpenMutexW
	KERNEL32.CloseHandle
	KERNEL32.CreateMutexW
	KERNEL32.Sleep
	KERNEL32.GetExitCodeProcess

sub_4183BE(8df8):
	KERNEL32.OpenMutexW
	KERNEL32.CloseHandle
	KERNEL32.CreateMutexW
	KERNEL32.Sleep
	KERNEL32.GetExitCodeProcess

sub_409DD4(8e1d):
	KERNEL32.GetTempPathW
	KERNEL32.GetTempFileNameW

sub_41B2FA(8e1d):
	KERNEL32.GetTempPathW
	KERNEL32.GetTempFileNameW

sub_414A0E(8f9f):
	KERNEL32.CreateFileW
	KERNEL32.GetFileSize
	KERNEL32.CloseHandle
	KERNEL32.GetCurrentThread
	KERNEL32.GetThreadPriority
	KERNEL32.SetThreadPriority

sub_4034E8(8f9f):
	KERNEL32.CreateFileW
	KERNEL32.GetFileSize
	KERNEL32.CloseHandle
	KERNEL32.GetCurrentThread
	KERNEL32.GetThreadPriority
	KERNEL32.SetThreadPriority

sub_403F78(9288):
	NTDLL.RtlEnterCriticalSection
	NTDLL.RtlLeaveCriticalSection

sub_41549E(9288):
	NTDLL.RtlEnterCriticalSection
	NTDLL.RtlLeaveCriticalSection

sub_41D679(93a0):
	KERNEL32.lstrlenA

sub_40B583(955b):
	KERNEL32.GetCurrentThread
	KERNEL32.GetThreadPriority
	KERNEL32.SetThreadPriority
	KERNEL32.lstrlenA
	KERNEL32.GetTickCount
	KERNEL32.GetSystemTime
	KERNEL32.CreateFileW
	KERNEL32.SetFilePointer
	KERNEL32.WriteFile
	KERNEL32.SetEndOfFile
	KERNEL32.FlushFileBuffers
	KERNEL32.CloseHandle

sub_404D6D(967d):
	KERNEL32.LoadLibraryA
	KERNEL32.GetProcAddress
	KERNEL32.WideCharToMultiByte
	KERNEL32.lstrlenW

	"\nIE Cookies:\n"

sub_416293(967d):
	KERNEL32.LoadLibraryA
	KERNEL32.GetProcAddress
	KERNEL32.WideCharToMultiByte
	KERNEL32.lstrlenW

	"\nIE Cookies:\n"

sub_41AECF(97bd):
	KERNEL32.LoadLibraryA
	KERNEL32.GetProcAddress

sub_4099A9(97bd):
	KERNEL32.LoadLibraryA
	KERNEL32.GetProcAddress

sub_41BE85(97c8):
	KERNEL32.CreateNamedPipeW
	KERNEL32.CreateEventW
	KERNEL32.CreateThread
	KERNEL32.CloseHandle
	KERNEL32.WaitForSingleObject

sub_40A95F(97c8):
	KERNEL32.CreateNamedPipeW
	KERNEL32.CreateEventW
	KERNEL32.CreateThread
	KERNEL32.CloseHandle
	KERNEL32.WaitForSingleObject

sub_403CC8(98e0):
	KERNEL32.FindFirstFileW
	KERNEL32.WaitForSingleObject
	NTDLL.RtlEnterCriticalSection
	NTDLL.RtlLeaveCriticalSection
	KERNEL32.Sleep
	KERNEL32.FindNextFileW
	KERNEL32.FindClose

sub_4151EE(98e0):
	KERNEL32.FindFirstFileW
	KERNEL32.WaitForSingleObject
	NTDLL.RtlEnterCriticalSection
	NTDLL.RtlLeaveCriticalSection
	KERNEL32.Sleep
	KERNEL32.FindNextFileW
	KERNEL32.FindClose

sub_40BE2F(9a25):
	KERNEL32.MoveFileExW
	KERNEL32.SetFileAttributesW
	KERNEL32.lstrlenA

	"&i="

sub_417DFB(9d85):
	KERNEL32.IsBadReadPtr
	KERNEL32.VirtualProtectEx

sub_4068D5(9d85):
	KERNEL32.IsBadReadPtr
	KERNEL32.VirtualProtectEx

sub_409BD4(9ec0):
	KERNEL32.CreateFileW
	KERNEL32.GetFileSizeEx
	KERNEL32.CreateFileMappingW
	KERNEL32.MapViewOfFile
	KERNEL32.CloseHandle

sub_41B0FA(9ec0):
	KERNEL32.CreateFileW
	KERNEL32.GetFileSizeEx
	KERNEL32.CreateFileMappingW
	KERNEL32.MapViewOfFile
	KERNEL32.CloseHandle

sub_40CD45(9f49):
	KERNEL32.lstrlenA

	"=-=-PaNdA!$2+)(*"

sub_41E26B(9f49):
	KERNEL32.lstrlenA

	"=-=-PaNdA!$2+)(*"

sub_407164(a2ae):
	KERNEL32.ExpandEnvironmentStringsW
	KERNEL32.lstrlenW
	KERNEL32.Sleep
	KERNEL32.MultiByteToWideChar

sub_416BA4(a584):
	KERNEL32.lstrlenW

sub_4072A7(a5f4):
	KERNEL32.lstrlenA

	"3="
	"&id="

sub_40857D(a715):
	KERNEL32.SetEvent

sub_404034(a989):
	NTDLL.RtlEnterCriticalSection
	KERNEL32.lstrcmpiW
	NTDLL.RtlLeaveCriticalSection

sub_41555A(a989):
	NTDLL.RtlEnterCriticalSection
	KERNEL32.lstrcmpiW
	NTDLL.RtlLeaveCriticalSection

sub_409317(aa2f):
	NTDLL.RtlFreeHeap

sub_403956(ad7a):
	NTDLL.RtlEnterCriticalSection
	KERNEL32.lstrcpyW
	KERNEL32.lstrcatW
	KERNEL32.WaitForSingleObject
	NTDLL.RtlLeaveCriticalSection

sub_40AA42(afc1):
	KERNEL32.SetEvent
	KERNEL32.WaitForSingleObject
	KERNEL32.CloseHandle

sub_41BF68(afc1):
	KERNEL32.SetEvent
	KERNEL32.WaitForSingleObject
	KERNEL32.CloseHandle

sub_408BAD(b031):
	KERNEL32.Sleep
	KERNEL32.WaitForSingleObject

sub_40A3EB(b6d6):
	KERNEL32.lstrlenA

sub_41B911(b6d6):
	KERNEL32.lstrlenA

sub_406D52(b7cd):
	NTDLL.RtlEnterCriticalSection
	NTDLL.RtlLeaveCriticalSection

sub_41E377(bb83):
	KERNEL32.lstrlenA

sub_40CE51(bb83):
	KERNEL32.lstrlenA

sub_409B7F(bee2):
	KERNEL32.ReleaseMutex
	KERNEL32.CloseHandle

sub_41B0A5(bee2):
	KERNEL32.ReleaseMutex
	KERNEL32.CloseHandle

sub_41C90A(bfa9):
	KERNEL32.lstrlenA

sub_40B3E4(bfa9):
	KERNEL32.lstrlenA

sub_40BC8E(c057):
	KERNEL32.FindClose
	KERNEL32.Sleep
	KERNEL32.FindFirstFileW
	KERNEL32.WaitForSingleObject

sub_41B3DB(c162):
	KERNEL32.lstrlenW
	KERNEL32.lstrcpyW

	","

sub_409EB5(c162):
	KERNEL32.lstrlenW
	KERNEL32.lstrcpyW

	","

sub_41512C(c235):
	NTDLL.RtlEnterCriticalSection
	KERNEL32.lstrlenA
	NTDLL.RtlLeaveCriticalSection

sub_403C06(c235):
	NTDLL.RtlEnterCriticalSection
	KERNEL32.lstrlenA
	NTDLL.RtlLeaveCriticalSection

sub_41CD76(c2ce):
	KERNEL32.GetTickCount
	KERNEL32.CreateFileW
	KERNEL32.lstrlenA
	KERNEL32.WriteFile
	KERNEL32.FlushFileBuffers
	KERNEL32.CloseHandle

sub_40B850(c2ce):
	KERNEL32.GetTickCount
	KERNEL32.CreateFileW
	KERNEL32.lstrlenA
	KERNEL32.WriteFile
	KERNEL32.FlushFileBuffers
	KERNEL32.CloseHandle

sub_41835C(c7ce):
	KERNEL32.CreateToolhelp32Snapshot
	KERNEL32.Module32FirstW
	KERNEL32.Module32NextW

sub_406E36(c7ce):
	KERNEL32.CreateToolhelp32Snapshot
	KERNEL32.Module32FirstW
	KERNEL32.Module32NextW

sub_40AAA0(c98b):
	KERNEL32.GetProcessHeap

sub_41BFC6(c98b):
	KERNEL32.GetProcessHeap

sub_40E603(c9d3):
	KERNEL32.InitializeCriticalSection

sub_41FB29(c9d3):
	KERNEL32.InitializeCriticalSection

sub_40BDED(c9de):
	KERNEL32.FlushFileBuffers

sub_41F7AC(c9f5):
	NTDLL.RtlEnterCriticalSection
	NTDLL.RtlLeaveCriticalSection
	NTDLL.RtlSetLastWin32Error
	KERNEL32.lstrlenA

	"-!-@hj01N./1@};|"

sub_40E286(c9f5):
	NTDLL.RtlEnterCriticalSection
	NTDLL.RtlLeaveCriticalSection
	NTDLL.RtlSetLastWin32Error
	KERNEL32.lstrlenA

	"-!-@hj01N./1@};|"

sub_40A049(ca9d):
	KERNEL32.lstrcmpiW

sub_41B56F(ca9d):
	KERNEL32.lstrcmpiW

sub_41DCA5(cf39):
	KERNEL32.lstrlenA

	"%%0%uu"

sub_41BFFA(cf42):
	KERNEL32.GetCurrentProcessId
	KERNEL32.GetProcAddress
	NTDLL.RtlGetLastWin32Error
	KERNEL32.CloseHandle
	KERNEL32.GetUserDefaultUILanguage

sub_40AAD4(cf42):
	KERNEL32.GetCurrentProcessId
	KERNEL32.GetProcAddress
	NTDLL.RtlGetLastWin32Error
	KERNEL32.CloseHandle
	KERNEL32.GetUserDefaultUILanguage

sub_40CBC4(cfc6):
	KERNEL32.lstrlenA

	"=-=-PaNdA!$2+)(*"

sub_41E0EA(cfc6):
	KERNEL32.lstrlenA

	"=-=-PaNdA!$2+)(*"

sub_40A747(d0b0):
	KERNEL32.lstrlenA

sub_41BC6D(d0b0):
	KERNEL32.lstrlenA

sub_407335(d120):
	KERNEL32.Sleep

	"rcmd"

sub_40A555(d392):
	"\tµ°§spjž¤¢"

sub_41BA7B(d392):
	"\tµ°§spjž¤¢"

sub_4176F7(d48a):
	KERNEL32.GetTickCount

sub_4061D1(d48a):
	KERNEL32.GetTickCount

sub_409E08(d5a4):
	KERNEL32.IsBadReadPtr

sub_41B32E(d5a4):
	KERNEL32.IsBadReadPtr

sub_41F4B6(d62e):
	KERNEL32.lstrlenA
	NTDLL.RtlEnterCriticalSection
	NTDLL.RtlLeaveCriticalSection

sub_40566D(d86e):
	KERNEL32.CloseHandle

sub_40826C(d967):
	KERNEL32.Sleep
	KERNEL32.CreateThread
	KERNEL32.CloseHandle
	KERNEL32.WaitForSingleObject

sub_41B1B0(d987):
	KERNEL32.UnmapViewOfFile
	KERNEL32.CloseHandle

sub_409C8A(d987):
	KERNEL32.UnmapViewOfFile
	KERNEL32.CloseHandle

sub_404416(d9a4):
	KERNEL32.lstrlenW
	KERNEL32.lstrcmpiW

sub_40325F(daec):
	KERNEL32.GetSystemTime

sub_414785(daec):
	KERNEL32.GetSystemTime

sub_4093DB(dc23):
	KERNEL32.lstrcpyW

	"\\\\.\\pipe\\"

sub_41A901(dc23):
	KERNEL32.lstrcpyW

	"\\\\.\\pipe\\"

sub_40A0CC(dc2b):
	KERNEL32.GetCurrentThread
	KERNEL32.SetThreadPriority
	KERNEL32.Sleep

sub_41B5F2(dc2b):
	KERNEL32.GetCurrentThread
	KERNEL32.SetThreadPriority
	KERNEL32.Sleep

sub_415DAE(dc2f):
	KERNEL32.InitializeCriticalSection

sub_404888(dc2f):
	KERNEL32.InitializeCriticalSection

sub_40567E(e3a3):
	KERNEL32.lstrlenW

sub_416B4F(e48b):
	KERNEL32.CreateFileW
	KERNEL32.Sleep

sub_405629(e48b):
	KERNEL32.CreateFileW
	KERNEL32.Sleep

sub_40412F(e8ee):
	KERNEL32.InitializeCriticalSection
	KERNEL32.CreateThread
	KERNEL32.CloseHandle

sub_415655(e8ee):
	KERNEL32.InitializeCriticalSection
	KERNEL32.CreateThread
	KERNEL32.CloseHandle

sub_4070E1(ea81):
	"-!-@hj01N./1@};|"

sub_41664D(eb0e):
	KERNEL32.CreateToolhelp32Snapshot
	KERNEL32.Process32FirstW
	KERNEL32.lstrcmpiW
	KERNEL32.Process32NextW
	KERNEL32.CloseHandle

sub_405127(eb0e):
	KERNEL32.CreateToolhelp32Snapshot
	KERNEL32.Process32FirstW
	KERNEL32.lstrcmpiW
	KERNEL32.Process32NextW
	KERNEL32.CloseHandle

sub_40B154(eef1):
	KERNEL32.lstrlenA

sub_41C67A(eef1):
	KERNEL32.lstrlenA

sub_40B046(ef3c):
	KERNEL32.OpenProcess
	KERNEL32.CloseHandle
	KERNEL32.CreateProcessW

sub_41C56C(ef3c):
	KERNEL32.OpenProcess
	KERNEL32.CloseHandle
	KERNEL32.CreateProcessW

sub_40D1D5(f311):
	KERNEL32.SetEvent

sub_4095AA(f626):
	KERNEL32.WaitNamedPipeW
	KERNEL32.CreateFileW
	KERNEL32.SetNamedPipeHandleState
	KERNEL32.WriteFile
	KERNEL32.ReadFile
	KERNEL32.CloseHandle

sub_41AAD0(f626):
	KERNEL32.WaitNamedPipeW
	KERNEL32.CreateFileW
	KERNEL32.SetNamedPipeHandleState
	KERNEL32.WriteFile
	KERNEL32.ReadFile
	KERNEL32.CloseHandle

sub_403AF2(f6a6):
	KERNEL32.WaitForSingleObject

sub_414C49(fa81):
	KERNEL32.GetCurrentThread
	KERNEL32.GetThreadPriority
	KERNEL32.SetThreadPriority
	KERNEL32.MoveFileExW

sub_403723(fa81):
	KERNEL32.GetCurrentThread
	KERNEL32.GetThreadPriority
	KERNEL32.SetThreadPriority
	KERNEL32.MoveFileExW