- GetCurrentProcessId.KERNEL32(001D1410,00000184,001D3308,00000000,00000001,00000113,?,?,001D2421), ref: 001D30B4
- OpenProcess.KERNEL32(001F0FFF,00000001,00000000,?,?,001D2421), ref: 001D30C1
- Part of subcall function 001D3734: GetEnvironmentVariableA.KERNEL32(SystemRoot,?,?,00000044,00000000,?,?,?,001D3118,?,00000104), ref: 001D3751
- Part of subcall function 001D3734: lstrcatA.KERNEL32(?,\System32\svchost.exe,?,?,?,001D3118,?,00000104), ref: 001D3763
- Part of subcall function 001D3734: RegOpenKeyA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\App Paths\iexplore.exe,?), ref: 001D377C
- Part of subcall function 001D3734: RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,?,?,?,?,?,001D3118,?,00000104), ref: 001D3799
- Part of subcall function 001D3734: RegCloseKey.ADVAPI32(?,?,?,?,001D3118,?,00000104), ref: 001D37A9
- Part of subcall function 001D2B08: GetModuleFileNameA.KERNEL32(?,00000104), ref: 001D2B23
- Part of subcall function 001D2B08: lstrcpyA.KERNEL32(?,?,00000044,00000000,76E1EA18), ref: 001D2B59
- Part of subcall function 001D2B08: lstrlenA.KERNEL32(?), ref: 001D2B5C
- Part of subcall function 001D2B08: lstrcmpiA.KERNEL32(-00000003,001D11C8), ref: 001D2B6A
- Part of subcall function 001D2B08: lstrcpyA.KERNEL32(-00000003,001D11C8), ref: 001D2B7C
- Part of subcall function 001D2B08: CopyFileA.KERNEL32(?,?,00000000), ref: 001D2B89
- Part of subcall function 001D2B08: CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000000,00000000), ref: 001D2BA0
- Part of subcall function 001D2B08: SetFilePointer.KERNEL32(00000000,00000092,00000000,00000000), ref: 001D2BDF
- Part of subcall function 001D2B08: WriteFile.KERNEL32(00000000,00000000,00000002,?,00000000), ref: 001D2BF1
- Part of subcall function 001D2B08: CloseHandle.KERNEL32(00000000), ref: 001D2BF8
- DuplicateTokenEx.ADVAPI32(?,02000000,00000000,00000000,00000001,00000000,?,00000104), ref: 001D3151
- SetTokenInformation.ADVAPI32(00000000,0000000C,?,00000004), ref: 001D3169
- CreateProcessAsUserA.ADVAPI32(?,00000000,?,00000000,00000000,00000001,00000004,00000000,00000000,?,?), ref: 001D3197
- CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000001,?,00000000,00000000,?,?), ref: 001D31C8
- Part of subcall function 001D3683: VirtualAllocEx.KERNEL32(?,00000000,00001000,00001000,00000004,?,00000000,76E1EA18,?,?,001D31F9,?,?,00000000,?,00000000), ref: 001D369D
- Part of subcall function 001D3683: lstrlenA.KERNEL32(?,00000000,?,?,001D31F9,?,?,00000000,?,00000000), ref: 001D36AE
- Part of subcall function 001D3683: WriteProcessMemory.KERNEL32(?,00000000,?,00000001,?,?,001D31F9,?,?,00000000,?,00000000), ref: 001D36BB
- Part of subcall function 001D3683: VirtualFreeEx.KERNEL32(?,00000000,00001000,00008000,?,?,001D31F9,?,?,00000000,?,00000000), ref: 001D36E3
- CloseHandle.KERNEL32(00000000), ref: 001D31A8
- Part of subcall function 001D3020: CreateRemoteThread.KERNEL32(?,00000000,00000000,?,001D2421,00000000,00000000), ref: 001D3045
- Part of subcall function 001D3020: WaitForMultipleObjects.KERNEL32(00000001,?,00000000,000000FF), ref: 001D3070
- Part of subcall function 001D3020: GetExitCodeThread.KERNEL32(?,?,?,?,?,001D36DB,?,00000000,001D2421,00000000,00000001,?,?,001D31F9,?,?), ref: 001D307E
- Part of subcall function 001D3020: CloseHandle.KERNEL32(?), ref: 001D3087
- TerminateProcess.KERNEL32(?,00000000,?,?,00000000,?,00000000), ref: 001D322D
- CloseHandle.KERNEL32(?), ref: 001D3236
- CloseHandle.KERNEL32(?), ref: 001D3247
- CreateThread.KERNEL32(00000000,00000000,Function_00002965,?,00000000,?), ref: 001D326D
- SetStdHandle.KERNEL32(000000F6,00000000), ref: 001D327B
- Part of subcall function 001D2965: SetStdHandle.KERNEL32(000000F4,?,00000000,001D3289,?), ref: 001D296D
- Part of subcall function 001D2965: WaitForSingleObject.KERNEL32(?,000000FF), ref: 001D2976
- Part of subcall function 001D2965: CloseHandle.KERNEL32(?), ref: 001D297D
- Part of subcall function 001D32B0: CloseHandle.KERNEL32(?), ref: 001D32C2
- Part of subcall function 001D32B0: CloseHandle.KERNEL32(?), ref: 001D32CC
- Part of subcall function 001D32B0: CloseHandle.KERNEL32(?), ref: 001D32D6
|