sub_401000(1bcf):
	KERNEL32.GetCurrentProcess
	ADVAPI32.OpenProcessToken
	ADVAPI32.LookupPrivilegeValueA
	ADVAPI32.AdjustTokenPrivileges
	KERNEL32.CloseHandle

	"SeDebugPrivilege"

sub_40106C(4629):
	KERNEL32.CreateToolhelp32Snapshot
	KERNEL32.GetModuleHandleA
	KERNEL32.GetProcAddress
	KERNEL32.Process32First
	KERNEL32.OpenProcess
	KERNEL32.lstrlen
	KERNEL32.VirtualAllocEx
	KERNEL32.CloseHandle
	KERNEL32.Process32Next

	"CreateRemoteThread"
	"KERNEL32.DLL"
	"WriteProcessMemory"
	"LoadLibraryA"
	"kernel32.dll"

start(d8c3):
	KERNEL32.GetModuleFileNameA
	KERNEL32.CreateFileA
	KERNEL32.GetFileSize
	KERNEL32.SetFilePointer
	KERNEL32.ReadFile
	KERNEL32.GlobalAlloc
	KERNEL32.GetSystemDirectoryA
	KERNEL32.lstrcat
	KERNEL32.WriteFile
	KERNEL32.CloseHandle
	KERNEL32.GlobalFree

	"\\ldcore.dll"