sub_6028E0(066b):
	ADVAPI32.RegisterServiceCtrlHandlerA
	ADVAPI32.SetServiceStatus

	"winsvcmon"

sub_603ABE(09ba):
	KERNEL32.LoadLibraryA
	KERNEL32.GetProcAddress

	"dnsapi.dll"
	"DnsFlushResolverCache"

sub_6034D2(198c):
	KERNEL32.GetCurrentProcess
	ADVAPI32.SetSecurityInfo
	ADVAPI32.RegCreateKeyA
	ADVAPI32.RegSetValueExA
	ADVAPI32.RegCloseKey
	KERNEL32.GetWindowsDirectoryA
	USER32.wsprintfA
	KERNEL32._lcreat
	KERNEL32._lclose
	KERNEL32.SetFileAttributesA
	ADVAPI32.OpenSCManagerA
	ADVAPI32.OpenServiceA
	ADVAPI32.ControlService
	ADVAPI32.ChangeServiceConfigA
	ADVAPI32.CloseServiceHandle

	"n"
	"software\\microsoft\\ole"
	"enabledcom"
	"system\\currentcontrolset\\control\\lsa"
	"restrictanonymous"
	"restrictanonymoussam"
	"system\\currentcontrolset\\services\\lanma"...
	"autoshareserver"
	"autosharewks"
	"software\\microsoft\\security	center"
	"antivirusdisablenotify"
	"antivirusoverride"
	"firewalldisablenotify"
	"firewalldisableoverride"
	"software\\policies\\microsoft\\windowsfire"...
	"enablefirewall"
	"software\\policies\\microsoft\\windowsfire"...
	"enablefirewall"
	"%s\\debug\\dcpromo.log"
	"sharedaccess"

sub_603FC5(1af0):
	KERNEL32.lstrcpyn
	KERNEL32.CreateThread
	KERNEL32.Sleep

sub_6026A5(2101):
	KERNEL32.GetSystemDirectoryA
	USER32.wsprintfA
	KERNEL32.SetFileAttributesA
	KERNEL32.CopyFileA
	KERNEL32.Sleep

	"C:\\WINDOWS\\System32\\winsvcmon.exe"
	"C:\\WINDOWS\\System32\\winsvcmon.exe"
	"C:\\WINDOWS\\System32\\winsvcmon.exe"
	"C:\\WINDOWS\\System32\\winsvcmon.exe"
	"C:\\WINDOWS\\System32\\winsvcmon.exe"
	"C:\\m_unpacker\\packed.exe"

sub_60272B(2c69):
	ADVAPI32.OpenSCManagerA
	ADVAPI32.OpenServiceA
	ADVAPI32.CreateServiceA
	ADVAPI32.ChangeServiceConfig2A
	KERNEL32.lstrcpyn
	ADVAPI32.StartServiceA

	"winsvcmon"
	"C:\\WINDOWS\\System32\\winsvcmon.exe"
	"Windows Service Monitor"
	"winsvcmon"
	"Monitors and verifies	integrity of all "...

sub_6028BA(2c89):
	KERNEL32.IsDebuggerPresent
	KERNEL32.ExitProcess
	KERNEL32.Sleep

sub_602CF3(3041):
	USER32.wsprintfA
	WS2_32.send

	"PRiVMSG %.16s	:%.480s\n"

sub_603B4B(3b5d):
	KERNEL32.GetTickCount
	KERNEL32.GetCurrentThreadId
	KERNEL32.Sleep

sub_6028A0(5992):
	KERNEL32.CreateThread

sub_603F01(65d0):
	USER32.CharUpperA

sub_602614(6c12):
	ADVAPI32.StartServiceCtrlDispatcherA

	"winsvcmon"

sub_602804(7477):
	ADVAPI32.OpenSCManagerA
	ADVAPI32.OpenServiceA
	ADVAPI32.DeleteService
	ADVAPI32.CloseServiceHandle

	"winsvcmon"

sub_604C6A(74c7):
	WS2_32.send
	WS2_32.recv

sub_6048A6(86eb):
	KERNEL32.lstrcpyn
	KERNEL32.GetTempFileNameA
	KERNEL32.CreateThread
	KERNEL32.Sleep

	"."

sub_60401F(88aa):
	KERNEL32.GetLogicalDriveStringsA
	KERNEL32.lstrlen
	KERNEL32.GetDriveTypeA

sub_602853(8d33):
	KERNEL32.GetModuleFileNameA

	"C:\\m_unpacker\\packed.exe"
	"C:\\m_unpacker\\packed.exe"

sub_603AF7(905a):
	KERNEL32.CreateThread

sub_604B25(97af):
	WS2_32.socket
	WS2_32.connect
	WS2_32.closesocket
	KERNEL32.GetTickCount
	KERNEL32.Sleep

sub_604422(bdec):
	KERNEL32.lstrcpyn
	KERNEL32.CreateThread

sub_60266C(be3a):
	WS2_32.WSAStartup
	KERNEL32.Sleep

sub_602D3E(bfc4):
	KERNEL32.lstrcmp
	USER32.wsprintfA
	WS2_32.send
	KERNEL32.lstrcpyn
	WS2_32.inet_addr
	WS2_32.gethostbyname

	"PING"
	"PoNG %.500s\r\n"
	"PRIVMSG"
	"433"
	"NiCK %.24s\n"
	"332"
	"302"
	"001"
	"USeRHOST %.16s\n"
	"9yc8b2ni"
	"JOiN %.16s %.16s\n"

sub_604CA5(c07e):
	WS2_32.send
	KERNEL32.Sleep

sub_604D9C(c222):
	WS2_32.send

sub_604AC1(c2b8):
	WS2_32.inet_ntoa
	USER32.wsprintfA

sub_602928(cff1):
	WS2_32.gethostbyname
	WS2_32.socket
	WS2_32.setsockopt
	WS2_32.connect
	USER32.wsprintfA
	WS2_32.send
	KERNEL32.lstrcpyn
	WS2_32.getsockname
	WS2_32.select
	WS2_32.recv
	WS2_32.closesocket

	"aj74mj33o.v46suer0dszx.info"
	"aj74mj33o.v46suer0dszx.info"
	"aj74mj33o.v46suer0dszx.info"
	"gm2ud36"
	"PaSS %.32s\n"
	"USeR l l l l\n"
	"NiCK %.24s\n"

sub_6030CA(d50a):
	WS2_32.send
	WS2_32.closesocket
	USER32.wsprintfA
	WS2_32.inet_ntoa
	KERNEL32.lstrcpyn
	KERNEL32.CreateProcessA

	"QUiT\n"
	"%.500s\n"
	"[ni] %.16s %.16s"
	"t"
	"[exec] :)"
	"[exec] :("

sub_603C3B(d79b):
	WS2_32.socket
	WS2_32.ioctlsocket
	KERNEL32.Sleep
	WS2_32.htonl
	WS2_32.connect
	WS2_32.select
	WS2_32.closesocket
	WS2_32.__WSAFDIsSet
	KERNEL32.CreateThread

sub_60424F(dc69):
	KERNEL32.lstrcpyn
	WS2_32.inet_addr
	WS2_32.htons
	WS2_32.WSASocketA
	WS2_32.bind
	WS2_32.listen
	WS2_32.accept
	WS2_32.closesocket
	WS2_32.connect
	KERNEL32.ExpandEnvironmentStringsA
	KERNEL32.CreateProcessA

	"\"%comspec%\" /Q"
	"t"

sub_60383E(dc6b):
	KERNEL32.GetCurrentProcess
	KERNEL32.CreateProcessA
	KERNEL32.DuplicateHandle
	KERNEL32.VirtualAllocEx
	KERNEL32.WriteProcessMemory
	KERNEL32.CreateRemoteThread
	KERNEL32.ExitProcess

	"t"
	"explorer.exe"
	"t"
	"t"
	"t"
	"C:\\m_unpacker\\packed.exe"
	"t"
	"t"

sub_6044D2(dd1c):
	WS2_32.getsockname
	WS2_32.socket
	WS2_32.bind
	WS2_32.closesocket
	WS2_32.WSAIoctl
	KERNEL32.GlobalAlloc
	WS2_32.recv
	WS2_32.htons
	WS2_32.inet_ntoa
	KERNEL32.lstrcpyn
	USER32.wsprintfA
	KERNEL32.GlobalFree

	"[%.16s:%hu->%.16s:%hu] \"%.256s\""

sub_6034AE(dde2):
	KERNEL32.GetTickCount
	USER32.wsprintfA

	"%.8s%08x"

sub_6041F5(ea83):
	KERNEL32.lstrcpyn
	KERNEL32.CreateThread
	KERNEL32.Sleep

sub_6040D9(ed32):
	USER32.wsprintfA
	KERNEL32.FindFirstFileA
	KERNEL32.lstrcmp
	KERNEL32.FindNextFileA
	KERNEL32.FindClose

	"%.256s*"
	"."
	".."
	"%.256s%.250s\\"
	"[findfile] %.256s%.240s"

sub_6037CF(f902):
	KERNEL32.OpenMutexA
	NTDLL.RtlGetLastWin32Error
	KERNEL32.CreateMutexA
	KERNEL32.CloseHandle
	KERNEL32.Sleep
	KERNEL32.ExitProcess

	"winsvcmon"
	"winsvcmon"

sub_604E6C(ffc4):
	WS2_32.socket
	WS2_32.connect
	WS2_32.closesocket
	KERNEL32.CreateFileA
	KERNEL32.CloseHandle

	"C:\\m_unpacker\\packed.exe"

sub_60492B(fffd):
	KERNEL32.LoadLibraryA
	KERNEL32.GetProcAddress
	KERNEL32.GetCurrentThreadId
	USER32.wsprintfA
	KERNEL32.CreateProcessA

	"urlmon.dll"
	"URLDownloadToFileA"
	"[dl:%08x] %.180s to %.180s"
	"t"
	"[dl:%08x] :)"
	"[dl:%08x] :( exec"
	"[dl:%08x] :(	dl"