sub_4082AE(06bc):
	KERNEL32.GetCPInfo

sub_404200(0828):
	KERNEL32.GetVersion
	KERNEL32.GetCommandLineA
	KERNEL32.GetStartupInfoA
	KERNEL32.GetModuleHandleA

sub_4044CF(0a41):
	KERNEL32.HeapCreate
	KERNEL32.HeapDestroy

sub_4039D6(0ce5):
	KERNEL32.GetLocalTime
	KERNEL32.GetSystemTime
	KERNEL32.GetTimeZoneInformation

sub_40844F(0e35):
	KERNEL32.LoadLibraryA
	KERNEL32.GetProcAddress

	"user32.dll"
	"MessageBoxA"
	"GetActiveWindow"
	"GetLastActivePopup"

sub_402D53(15cb):
	ADVAPI32.OpenSCManagerA
	ADVAPI32.OpenServiceA
	ADVAPI32.ChangeServiceConfigA
	ADVAPI32.ControlService
	ADVAPI32.CloseServiceHandle

	"winsock"

sub_406661(18d1):
	KERNEL32.GetModuleFileNameA

	"C:\\m_unpacker\\packed.exe"

sub_401635(1b59):
	KERNEL32.GetModuleFileNameA
	KERNEL32.WinExec

	"Guard	Page Violation"
	"Segment Notification"
	"Pending"
	"Timeout"
	"User	APC"
	"Abandoned Wait 0"
	"Wait	0"
	"Data Type Misalignment"
	"Illegal Instruction"
	"No Memory"
	"In Page Error"
	"writing to"
	"reading from"
	"Access Violation %s 0x%08x"
	"Noncontinuable Exception"
	"Float	Invalid	Operation"
	"Float	Inexact	Result"
	"Divide by Zero"
	"Float	Denormal Operand"
	"Array	Bounds Exceeded"
	"Invalid Disposition"
	"Float	Stack Check"
	"Unknown exception"
	"Ctrl+C Exit"
	"Privileged Instruction"
	"Integer Overflow"
	"Integer Divide by Zero"
	"Exception: %s	at address 0x%08x in win3"...

sub_4011A5(2730):
	WS2_32.accept

sub_40301A(279e):
	"mcupdmgr.exe"
	"McTskshd.exe"
	"McDetect.exe"
	"McShield"
	"LiveUpdate"
	"navapsvc"
	"NSCService"
	"SAVScan"
	"SNDSrvc"
	"ccSetMgr"
	"SENS"
	"AVP"
	"FireSvc"
	"KPfwSvc"
	"KVSrvXP"
	"KVWSC"
	"McTaskManager"
	"MskService"
	"RsCCenter"
	"RsRavMon"

sub_40279C(27f3):
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegSetValueExA
	ADVAPI32.RegCloseKey

	"Software\\Microsoft\\Windows\\CurrentVersi"...
	"NoFolderOptions"
	"Software\\Microsoft\\Windows\\CurrentVersi"...
	"Hidden"
	"ShowSuperHidden"
	"HideFileExt"

sub_4063CC(2f2e):
	ADVAPI32.ChangeServiceConfig2A
	KERNEL32.UnhandledExceptionFilter

sub_40728A(33c3):
	KERNEL32.GetTimeZoneInformation
	KERNEL32.WideCharToMultiByte

	"TZ"

sub_402F19(35c0):
	ADVAPI32.RegisterServiceCtrlHandlerExA
	ADVAPI32.SetServiceStatus

	"PDM"

sub_401586(36f0):
	KERNEL32.Sleep

	"host238.hl556.com"

sub_402EED(38be):
	ADVAPI32.SetServiceStatus

sub_406BC4(4164):
	KERNEL32.GetModuleFileNameA
	KERNEL32.GetStdHandle
	KERNEL32.WriteFile

	""
	"..."
	"Runtime Error!\n\nProgram: "
	"\n\n"
	"Microsoft Visual C++ Runtime Library"

sub_404387(45c9):
	KERNEL32.GetVersionExA
	KERNEL32.GetEnvironmentVariableA
	KERNEL32.GetModuleFileNameA

	"__MSVCRT_HEAP_SELECT"
	"__GLOBAL_HEAP_SELECTED"

sub_4029DE(463c):
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegQueryInfoKeyA
	ADVAPI32.RegEnumKeyExA
	ADVAPI32.RegDeleteKeyA
	ADVAPI32.RegCloseKey

	"%s\\%s"

sub_40878E(4712):
	KERNEL32.SetStdHandle

sub_408B67(4a0d):
	KERNEL32.FlushFileBuffers
	NTDLL.RtlGetLastWin32Error

sub_40327B(4cad):
	"wsas"
	"nlc"
	"nsms"
	"ntrcs"

sub_407DDE(547a):
	KERNEL32.LCMapStringW
	KERNEL32.LCMapStringA
	KERNEL32.MultiByteToWideChar
	KERNEL32.WideCharToMultiByte

sub_40435A(5645):
	KERNEL32.GetModuleHandleA

sub_40806F(56fe):
	KERNEL32.GetOEMCP
	KERNEL32.GetCPInfo

sub_40536B(58ed):
	KERNEL32.VirtualAlloc

sub_402EAC(5df1):
	ADVAPI32.OpenSCManagerA
	ADVAPI32.OpenServiceA
	ADVAPI32.CloseServiceHandle

sub_40915F(6050):
	NTDLL.RtlAllocateHeap
	NTDLL.RtlReAllocateHeap

sub_4077D4(6091):
	KERNEL32.SetFilePointer
	NTDLL.RtlGetLastWin32Error

sub_404C82(64eb):
	KERNEL32.VirtualAlloc

sub_401554(65f8):
	WS2_32.closesocket

sub_4025AD(6613):
	KERNEL32.GetModuleFileNameA
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegSetValueExA
	KERNEL32.GetSystemDirectoryA
	ADVAPI32.RegCloseKey

	"Software\\Microsoft\\Windows NT\\CurrentVe"...
	"load"
	"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
	"Microsoft (R)	Windows	Protocol Deployme"...
	"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
	"%s\\userinit.exe,%s"
	"Userinit"
	"Shell"

sub_407B3E(66df):
	KERNEL32.WideCharToMultiByte

sub_4018FD(678c):
	WS2_32.WSAStartup
	KERNEL32.GetCurrentProcessId
	KERNEL32.CreateThread
	WS2_32.select
	WS2_32.__WSAFDIsSet

	"http://"
	"%d.%d.%d.%d"
	"%d.%d.%d.%d"
	"HTTP/1.0 200 Connection established\r\nPr"...
	"HTTP/1.0 201 Unable to connect\r\nProxy-a"...

sub_4014FC(6b9a):
	WS2_32.sendto
	WS2_32.WSAGetLastError

sub_403B18(6c37):
	NTDLL.RtlFreeHeap

sub_4032B7(6d23):
	KERNEL32.CreateMutexA
	NTDLL.RtlGetLastWin32Error

	"WPDM_Class_"

sub_401118(6f7e):
	WS2_32.socket
	WS2_32.htons
	WS2_32.bind
	WS2_32.listen
	WS2_32.ioctlsocket

sub_4032FB(7350):
	KERNEL32.SetErrorMode
	KERNEL32.GetModuleFileNameA
	KERNEL32.GetWindowsDirectoryA
	KERNEL32.GetSystemDirectoryA
	ADVAPI32.StartServiceCtrlDispatcherA

	"%WINDIR%"
	"%SYSDIR%"
	"system32"
	"%s\\%s"
	"pdm.exe"
	"PDM"

sub_40349C(7566):
	NTDLL.RtlAllocateHeap

sub_4028DE(799e):
	KERNEL32.GetModuleFileNameA
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegCreateKeyExA
	ADVAPI32.RegSetValueExA
	ADVAPI32.RegCloseKey

	"SOFTWARE\\Tmp"
	"Path"

sub_408BBE(8107):
	KERNEL32.CompareStringW
	KERNEL32.CompareStringA
	KERNEL32.GetCPInfo
	KERNEL32.MultiByteToWideChar

sub_407C95(81be):
	KERNEL32.GetStringTypeW
	KERNEL32.GetStringTypeA
	KERNEL32.MultiByteToWideChar

sub_402CF9(82b5):
	ADVAPI32.OpenSCManagerA
	ADVAPI32.OpenServiceA
	ADVAPI32.ChangeServiceConfigA
	ADVAPI32.StartServiceA
	ADVAPI32.CloseServiceHandle

sub_409081(84ec):
	KERNEL32.CloseHandle
	NTDLL.RtlGetLastWin32Error

sub_40452C(8555):
	NTDLL.RtlAllocateHeap

sub_40459F(87ad):
	KERNEL32.VirtualFree
	NTDLL.RtlFreeHeap

sub_401210(88ec):
	WS2_32.select
	WS2_32.send

sub_403EC0(8af0):
	NTDLL.RtlUnwind

sub_402C5C(9352):
	ADVAPI32.OpenSCManagerA
	ADVAPI32.OpenServiceA
	ADVAPI32.ChangeServiceConfigA
	ADVAPI32.ControlService
	ADVAPI32.DeleteService
	KERNEL32.LocalAlloc
	ADVAPI32.QueryServiceConfigA
	KERNEL32.DeleteFileA
	KERNEL32.LocalFree
	ADVAPI32.CloseServiceHandle

sub_40786E(94b9):
	KERNEL32.WriteFile
	NTDLL.RtlGetLastWin32Error

sub_401000(96ec):
	WS2_32.connect
	WS2_32.WSAGetLastError

sub_402DC2(abf8):
	ADVAPI32.OpenSCManagerA
	KERNEL32.GetModuleFileNameA
	ADVAPI32.CreateServiceA
	ADVAPI32.ChangeServiceConfig2A
	KERNEL32.lstrcpyn
	ADVAPI32.StartServiceA
	ADVAPI32.CloseServiceHandle

	"Windows Protocol Deployment Manager"
	"Provides implementation support for thi"...

sub_4031FA(af1d):
	"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
	"SYSTEM\\CurrentControlSet\\Services\\Share"...
	"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
	"Software\\Microsoft\\Windows\\CurrentVersi"...
	"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
	"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
	"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
	"Software\\Microsoft\\Windows\\CurrentVersi"...

sub_40431B(af5c):
	KERNEL32.ExitProcess

sub_40312E(b396):
	"CAISafe"
	"UmxAgent"
	"KPF4"
	"WinRoute"
	"AVGFwSrv"
	"Avg7Alrt"
	"MpfService"
	"vsmon"
	"NPFMntor"
	"ccEvtMgr"
	"ccProxy"
	"cclSPwdSvc"
	"SPBBCSvc"

sub_40146B(b9b9):
	WS2_32.socket
	WS2_32.inet_addr
	WS2_32.gethostbyname
	WS2_32.htons

sub_402AC3(b9cb):
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegQueryInfoKeyA
	ADVAPI32.RegEnumValueA
	ADVAPI32.RegDeleteValueA
	ADVAPI32.RegCloseKey

sub_40140A(c3ce):
	WS2_32.closesocket

sub_4013B6(c62f):
	WSOCK32.recv
	WS2_32.WSAGetLastError

sub_4069E0(c890):
	KERNEL32.GetStartupInfoA
	KERNEL32.GetFileType
	KERNEL32.GetStdHandle
	KERNEL32.LockResource

sub_404BD1(cbe8):
	NTDLL.RtlReAllocateHeap
	NTDLL.RtlAllocateHeap
	KERNEL32.VirtualAlloc
	NTDLL.RtlFreeHeap

sub_4068AE(dcdc):
	KERNEL32.GetEnvironmentStringsW
	KERNEL32.GetEnvironmentStrings
	KERNEL32.WideCharToMultiByte
	KERNEL32.FreeEnvironmentStringsW
	KERNEL32.FreeEnvironmentStringsA

sub_40296A(dd35):
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegQueryValueExA
	KERNEL32.DeleteFileA
	ADVAPI32.RegDeleteValueA
	ADVAPI32.RegCloseKey

	"SOFTWARE\\Tmp"
	"Path"

sub_405073(df93):
	NTDLL.RtlAllocateHeap
	KERNEL32.VirtualAlloc
	KERNEL32.VirtualFree
	NTDLL.RtlFreeHeap

sub_402849(e273):
	ADVAPI32.RegOpenKeyExA
	KERNEL32.GetModuleFileNameA
	ADVAPI32.RegSetValueExA
	ADVAPI32.RegCloseKey

	"SYSTEM\\CurrentControlSet\\Services\\Share"...
	"Microsoft (R)	Windows	Protocol Deployme"...
	"%s:*:Enabled:%s"

sub_402716(e4c1):
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegSetValueExA
	ADVAPI32.RegCloseKey

	"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
	"SFCDisable"
	"SOFTWARE\\Policies\\Microsoft\\Windows NT\\"...
	"SFCDisable"

sub_408E3B(e51d):
	KERNEL32.SetEnvironmentVariableA

sub_403923(e781):
	KERNEL32.GetCurrentProcess
	KERNEL32.TerminateProcess
	KERNEL32.ExitProcess

sub_4051B7(ea79):
	KERNEL32.VirtualFree
	NTDLL.RtlFreeHeap

sub_402B5D(ebfc):
	KERNEL32.GetModuleFileNameA
	KERNEL32.SetCurrentDirectoryA
	KERNEL32.CreateDirectoryA
	KERNEL32.CopyFileA
	KERNEL32.SetFileAttributesA
	KERNEL32.CreateProcessA
	KERNEL32.CloseHandle
	KERNEL32.ExitProcess

	"%s\\%s"

sub_408845(ef2b):
	NTDLL.RtlAllocateHeap

sub_401063(fa8c):
	WS2_32.socket
	WS2_32.inet_addr
	WS2_32.gethostbyname
	WS2_32.htons
	WS2_32.ioctlsocket

sub_408AA3(fe6c):
	KERNEL32.WideCharToMultiByte

sub_402F96(ff56):
	"SharedAccess"
	"Alerter"
	"ALG"
	"ERSvc"
	"helpsvc"
	"Messenger"
	"srservice"
	"SamSs"
	"SENS"

sub_40520D(ffe7):
	KERNEL32.VirtualFree