sub_outside():
	KERNEL32.GetStdHandle
	NTDLL.RtlEnterCriticalSection
	NTDLL.RtlLeaveCriticalSection
	KERNEL32.GetLocalTime
	WS2_32.WSACleanup
	WS2_32.socket
	WSOCK32.setsockopt
	WSOCK32.recv
	WS2_32.getsockname
	WS2_32.htons
	WS2_32.gethostname
	WS2_32.inet_ntoa
	KERNEL32.GetModuleFileNameA
	KERNEL32.CreateMutexA
	NTDLL.RtlGetLastWin32Error
	KERNEL32.CloseHandle
	KERNEL32.CreateProcessA
	KERNEL32.CreateEventA
	KERNEL32.SetEvent
	ADVAPI32.SetServiceStatus
	ADVAPI32.RegisterServiceCtrlHandlerA
	KERNEL32.InterlockedExchange
	KERNEL32.HeapDestroy
	NTDLL.RtlReAllocateHeap
	NTDLL.RtlSizeHeap
	KERNEL32.HeapValidate
	KERNEL32.CreateFileA
	KERNEL32.TlsFree
	KERNEL32.GetSystemTimeAsFileTime
	NTDLL.RtlDeleteCriticalSection
	KERNEL32.GetFileType
	KERNEL32.Sleep
	KERNEL32.GetTempPathA
	KERNEL32.GetTempFileNameA
	KERNEL32.CopyFileA
	KERNEL32.SetFileAttributesA
	KERNEL32.DeleteFileA
	KERNEL32.InterlockedExchangeAdd
	KERNEL32.ExitProcess
	KERNEL32.WaitForSingleObject
	WS2_32.WSAGetLastError
	KERNEL32.GetFileAttributesA
	KERNEL32.ResetEvent
	KERNEL32.WriteConsoleA
	KERNEL32.TlsSetValue
	KERNEL32.GetStartupInfoA
	KERNEL32.GetModuleHandleA

sub_40103C(0126):
	KERNEL32.InitializeCriticalSection

sub_4095D0(0126):
	KERNEL32.GetSystemTimeAsFileTime

sub_442502(0126):
	KERNEL32.InitializeCriticalSection

sub_44AA3B(0126):
	KERNEL32.GetSystemTimeAsFileTime

sub_401097(0126):
	KERNEL32.InitializeCriticalSection

sub_4425D0(0126):
	KERNEL32.InitializeCriticalSection

sub_401165(0126):
	KERNEL32.InitializeCriticalSection

sub_4424A7(0126):
	KERNEL32.InitializeCriticalSection

sub_443847(0194):
	KERNEL32.CreateFileMappingA
	NTDLL.RtlGetLastWin32Error
	KERNEL32.MapViewOfFile
	KERNEL32.UnmapViewOfFile

	"{6EA9B038-C801-4F76-805F-E41ACF9ED165}"

sub_443017(0368):
	"PktRecv(): invalid signature (%i)\n"
	"PktRecv(): packetId: 0x%03x\n"
	"protorecv(): data size: %i (of %i)\n"

sub_401BAC(0368):
	"PktRecv(): invalid signature (%i)\n"
	"PktRecv(): packetId: 0x%03x\n"
	"protorecv(): data size: %i (of %i)\n"

sub_404CDF(050b):
	KERNEL32.CloseHandle
	KERNEL32.InterlockedExchange
	KERNEL32.Sleep

	"listener...\n"
	"SOCKS port: %i\n"
	"NATPMP: forwarded to:	%i\n"
	"starting COMM	thread...\n"

sub_401048(0639):
	NTDLL.RtlEnterCriticalSection
	NTDLL.RtlLeaveCriticalSection

sub_4424B3(0639):
	NTDLL.RtlEnterCriticalSection
	NTDLL.RtlLeaveCriticalSection

sub_444FF1(09d4):
	NTDLL.RtlEnterCriticalSection
	WS2_32.inet_ntoa
	NTDLL.RtlLeaveCriticalSection

	"authorized IP	#%i [%s]\n"

sub_403B86(09d4):
	NTDLL.RtlEnterCriticalSection
	WS2_32.inet_ntoa
	NTDLL.RtlLeaveCriticalSection

	"authorized IP	#%i [%s]\n"

sub_4455CD(0c7c):
	KERNEL32.CloseHandle

sub_403113(0dc1):
	WS2_32.htons
	WS2_32.inet_ntoa
	WS2_32.socket
	WS2_32.bind
	WS2_32.sendto
	WS2_32.closesocket
	WSOCK32.setsockopt
	WSOCK32.recvfrom
	WS2_32.WSAGetLastError

	"default gateway: [%s]\n"
	"sending NAT-PMP request #%i...\n"
	"setsockopt NAT-PMP request #%i...\n"
	"receiving NAT-PMP request #%i...\n"
	"NAT-PMP request #%i -	ok\n"
	"NAT-PMP request #%i -	public IP: [%s]\n"

sub_409420(0e13):
	NTDLL.RtlGetLastWin32Error
	KERNEL32.TlsGetValue
	KERNEL32.TlsSetValue
	KERNEL32.GetCurrentThreadId
	NTDLL.RtlRestoreLastWin32Error

sub_44A88B(0e13):
	NTDLL.RtlGetLastWin32Error
	KERNEL32.TlsGetValue
	KERNEL32.TlsSetValue
	KERNEL32.GetCurrentThreadId
	NTDLL.RtlRestoreLastWin32Error

sub_442C29(10cf):
	WS2_32.inet_addr
	WS2_32.gethostbyname

sub_4017BE(10cf):
	WS2_32.inet_addr
	WS2_32.gethostbyname

sub_40AC60(113e):
	KERNEL32.InitializeCriticalSection
	NTDLL.RtlEnterCriticalSection
	NTDLL.RtlLeaveCriticalSection

sub_44C0CB(113e):
	KERNEL32.InitializeCriticalSection
	NTDLL.RtlEnterCriticalSection
	NTDLL.RtlLeaveCriticalSection

sub_449A3B(12b2):
	"Handshake: bad packed (%i)\n"

sub_401001(13bb):
	KERNEL32.GetTickCount

sub_44246C(13bb):
	KERNEL32.GetTickCount

sub_409630(1975):
	KERNEL32.GetStartupInfoA
	KERNEL32.GetFileType
	KERNEL32.GetStdHandle
	KERNEL32.GetCurrentProcess
	KERNEL32.DuplicateHandle
	KERNEL32.LockResource

sub_44AA9B(1975):
	KERNEL32.GetStartupInfoA
	KERNEL32.GetFileType
	KERNEL32.GetStdHandle
	KERNEL32.GetCurrentProcess
	KERNEL32.DuplicateHandle
	KERNEL32.LockResource

sub_449C8B(1d0d):
	NTDLL.RtlUnwind

sub_44AA0B(1ec1):
	KERNEL32.DeleteFileA
	NTDLL.RtlGetLastWin32Error

sub_4095A0(1ec1):
	KERNEL32.DeleteFileA
	NTDLL.RtlGetLastWin32Error

sub_40440D(1f27):
	KERNEL32.CloseHandle
	KERNEL32.Sleep

	"can't bind port mapper listen socket!\n"

sub_401607(2114):
	WS2_32.listen

sub_442A72(2114):
	WS2_32.listen

sub_449FBB(213e):
	NTDLL.RtlLeaveCriticalSection

sub_408B50(213e):
	NTDLL.RtlLeaveCriticalSection

sub_449EDB(230b):
	NTDLL.RtlDeleteCriticalSection

sub_408A70(230b):
	NTDLL.RtlDeleteCriticalSection

sub_40B5E0(241a):
	"0123456789abcdef"
	"0123456789ABCDEF"

sub_44CA4B(241a):
	"0123456789abcdef"
	"0123456789ABCDEF"

sub_407C00(28bc):
	KERNEL32.TlsSetValue

sub_44450F(28f5):
	IPHLPAPI.GetIpForwardTable

sub_4030A4(28f5):
	IPHLPAPI.GetIpForwardTable

sub_446651(2921):
	ADVAPI32.OpenSCManagerA
	ADVAPI32.OpenServiceA
	ADVAPI32.CloseServiceHandle
	ADVAPI32.QueryServiceStatus
	ADVAPI32.StartServiceA
	NTDLL.RtlGetLastWin32Error

	"NMSL"
	"NMSL"

sub_4051E6(2921):
	ADVAPI32.OpenSCManagerA
	ADVAPI32.OpenServiceA
	ADVAPI32.CloseServiceHandle
	ADVAPI32.QueryServiceStatus
	ADVAPI32.StartServiceA
	NTDLL.RtlGetLastWin32Error

	"NMSL"
	"NMSL"

sub_40614F(29d7):
	KERNEL32.GetTickCount

sub_4475BA(29d7):
	KERNEL32.GetTickCount

sub_44BB6B(2a22):
	"				     "
	"00000000000000000000000000000000"
	"00000000000000000000000000000000"
	"00000000000000000000000000000000"
	"				     "

sub_40A700(2a22):
	"				     "
	"00000000000000000000000000000000"
	"00000000000000000000000000000000"
	"00000000000000000000000000000000"
	"				     "

sub_40596B(2c2a):
	"Userinit"
	"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
	"Userinit"
	"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
	","
	"Userinit"
	"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...

sub_446DD6(2c2a):
	"Userinit"
	"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
	"Userinit"
	"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
	","
	"Userinit"
	"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...

sub_446982(2c38):
	ADVAPI32.RegCreateKeyExA
	ADVAPI32.RegSetValueExA
	ADVAPI32.RegCloseKey

	"SYSTEM\\CurrentControlSet\\Services\\"
	"NMSL"
	"Type"
	"Start"
	"ErrorControl"
	"ErrorControl"
	"LocalSystem"
	"ObjectName"
	"Windows Network Management and Security"...
	"Windows Network Management and Security"...
	"DisplayName"
	"Provides support for Microsoft Windows®"...
	"Provides support for Microsoft Windows®"...
	"Description"
	"C:\\WINDOWS\\system32\\nmsl.exe"
	"C:\\WINDOWS\\system32\\nmsl.exe"
	"ImagePath"

sub_405517(2c38):
	ADVAPI32.RegCreateKeyExA
	ADVAPI32.RegSetValueExA
	ADVAPI32.RegCloseKey

	"SYSTEM\\CurrentControlSet\\Services\\"
	"NMSL"
	"Type"
	"Start"
	"ErrorControl"
	"ErrorControl"
	"LocalSystem"
	"ObjectName"
	"Windows Network Management and Security"...
	"Windows Network Management and Security"...
	"DisplayName"
	"Provides support for Microsoft Windows®"...
	"Provides support for Microsoft Windows®"...
	"Description"
	"C:\\WINDOWS\\system32\\nmsl.exe"
	"C:\\WINDOWS\\system32\\nmsl.exe"
	"ImagePath"

sub_40B240(2c80):
	"(null)"

sub_44C6AB(2c80):
	"(null)"

sub_406A81(2cc8):
	KERNEL32.InitializeCriticalSection
	KERNEL32.GetCommandLineA
	KERNEL32.lstrcmpi
	KERNEL32.Sleep
	KERNEL32.SetFileAttributesA
	KERNEL32.CopyFileA
	KERNEL32.GetFileAttributesA
	KERNEL32.DeleteFileA
	KERNEL32.WaitForSingleObject

	"NMSL"
	"*update"
	"ShutdownMutexCreate()=%i, h=%i\r\n"
	"waiting 10 secs -- shutdown...\r\n"
	"C:\\WINDOWS\\system32\\nmsl.exe"
	"copying...\n"
	"C:\\WINDOWS\\system32\\nmsl.exe"
	"C:\\WINDOWS\\system32\\nmsl.exe"
	"C:\\WINDOWS\\system32\\nmsl.exe"
	"cmdline: <%s>\n"
	"CreateProcess() failed %%-(\n"
	"initializing winsock library...\n"
	"removing: <%s>\n"
	"C:\\WINDOWS\\system32\\nmsl.exe"
	"C:\\WINDOWS\\system32\\nmsl.exe"
	"**"
	"*** waiting...\n"
	"*** waiting complete...\n"
	"no registered	service, "
	"C:\\WINDOWS\\system32\\nmsl.exe"
	"register it and restart\n"
	"DON'T register it\n"
	"registered service is	here...\n"
	"registered service is	not running.\n"
	"installing service, res="
	"%i\n"
	"starting service...\n"
	"registered service is	not running, unre"...
	"C:\\WINDOWS\\system32\\nmsl.exe"
	"installing service...\n"
	"service installed ok...\n"
	"C:\\WINDOWS\\system32\\nmsl.exe"
	"**"
	"starting service...\n"
	"C:\\WINDOWS\\system32\\nmsl.exe"
	"**"
	"initializing service startup sequence.."...
	"not daemonized...\n"

sub_447EEC(2cc8):
	KERNEL32.InitializeCriticalSection
	KERNEL32.GetCommandLineA
	KERNEL32.lstrcmpi
	KERNEL32.Sleep
	KERNEL32.SetFileAttributesA
	KERNEL32.CopyFileA
	KERNEL32.GetFileAttributesA
	KERNEL32.DeleteFileA
	KERNEL32.WaitForSingleObject

	"NMSL"
	"*update"
	"ShutdownMutexCreate()=%i, h=%i\r\n"
	"waiting 10 secs -- shutdown...\r\n"
	"C:\\WINDOWS\\system32\\nmsl.exe"
	"copying...\n"
	"C:\\WINDOWS\\system32\\nmsl.exe"
	"C:\\WINDOWS\\system32\\nmsl.exe"
	"C:\\WINDOWS\\system32\\nmsl.exe"
	"cmdline: <%s>\n"
	"CreateProcess() failed %%-(\n"
	"initializing winsock library...\n"
	"removing: <%s>\n"
	"C:\\WINDOWS\\system32\\nmsl.exe"
	"C:\\WINDOWS\\system32\\nmsl.exe"
	"**"
	"*** waiting...\n"
	"*** waiting complete...\n"
	"no registered	service, "
	"C:\\WINDOWS\\system32\\nmsl.exe"
	"register it and restart\n"
	"DON'T register it\n"
	"registered service is	here...\n"
	"registered service is	not running.\n"
	"installing service, res="
	"%i\n"
	"starting service...\n"
	"registered service is	not running, unre"...
	"C:\\WINDOWS\\system32\\nmsl.exe"
	"installing service...\n"
	"service installed ok...\n"
	"C:\\WINDOWS\\system32\\nmsl.exe"
	"**"
	"starting service...\n"
	"C:\\WINDOWS\\system32\\nmsl.exe"
	"**"
	"initializing service startup sequence.."...
	"not daemonized...\n"

sub_405B8F(2d1b):
	":*:Enabled:"
	"Windows Network Management and Security"...
	"SYSTEM\\CurrentControlSet\\Services\\Share"...

sub_446FFA(2d1b):
	":*:Enabled:"
	"Windows Network Management and Security"...
	"SYSTEM\\CurrentControlSet\\Services\\Share"...

sub_40AE40(351c):
	KERNEL32.SetStdHandle

sub_44C2AB(351c):
	KERNEL32.SetStdHandle

sub_406815(3695):
	KERNEL32.ResetEvent
	KERNEL32.WaitForSingleObject
	KERNEL32.Sleep

	"old DLL found; waiting for 	e"...
	"iexplore.exe"
	"explorer.exe"
	"winlogon.exe"
	"waiting for  event...\n"
	"dying\n"
	"InjectionThread complete\n"

sub_44B0AB(377c):
	KERNEL32.VirtualAlloc
	KERNEL32.VirtualQuery

sub_409C40(377c):
	KERNEL32.VirtualAlloc
	KERNEL32.VirtualQuery

sub_405B04(3821):
	"*"
	"writing to HKLM/autorun key...\n"
	"Windows Network Management and Security"...
	"Software\\Microsoft\\Windows\\CurrentVersi"...
	"writing to HKCU/autorun key...\n"
	"Windows Network Management and Security"...
	"Software\\Microsoft\\Windows\\CurrentVersi"...

sub_446F6F(3821):
	"*"
	"writing to HKLM/autorun key...\n"
	"Windows Network Management and Security"...
	"Software\\Microsoft\\Windows\\CurrentVersi"...
	"writing to HKCU/autorun key...\n"
	"Windows Network Management and Security"...
	"Software\\Microsoft\\Windows\\CurrentVersi"...

sub_4464B3(3b59):
	ADVAPI32.OpenSCManagerA
	ADVAPI32.OpenServiceA
	ADVAPI32.CloseServiceHandle

	"NMSL"

sub_405048(3b59):
	ADVAPI32.OpenSCManagerA
	ADVAPI32.OpenServiceA
	ADVAPI32.CloseServiceHandle

	"NMSL"

sub_44910B(3fa8):
	KERNEL32.CreateThread
	NTDLL.RtlGetLastWin32Error
	KERNEL32.ResumeThread

sub_407CA0(3fa8):
	KERNEL32.CreateThread
	NTDLL.RtlGetLastWin32Error
	KERNEL32.ResumeThread

sub_44E08B(3fc4):
	KERNEL32.ReadFile
	NTDLL.RtlGetLastWin32Error

sub_40CC20(3fc4):
	KERNEL32.ReadFile
	NTDLL.RtlGetLastWin32Error

sub_444B8E(3fd1):
	KERNEL32.CreateProcessA
	KERNEL32.CloseHandle

	"\""
	"C:\\WINDOWS\\system32\\nmsl.exe"
	"\""
	" "

sub_403723(3fd1):
	KERNEL32.CreateProcessA
	KERNEL32.CloseHandle

	"\""
	"C:\\WINDOWS\\system32\\nmsl.exe"
	"\""
	" "

sub_4053FC(426b):
	ADVAPI32.OpenSCManagerA
	ADVAPI32.OpenServiceA
	ADVAPI32.DeleteService
	ADVAPI32.CloseServiceHandle

	"NMSL"

sub_446867(426b):
	ADVAPI32.OpenSCManagerA
	ADVAPI32.OpenServiceA
	ADVAPI32.DeleteService
	ADVAPI32.CloseServiceHandle

	"NMSL"

sub_4067B2(4377):
	KERNEL32.ResetEvent
	KERNEL32.WaitForSingleObject
	KERNEL32.CloseHandle

sub_447C1D(4377):
	KERNEL32.ResetEvent
	KERNEL32.WaitForSingleObject
	KERNEL32.CloseHandle

sub_442BF2(44c4):
	WS2_32.send

sub_442B47(44c4):
	WSOCK32.recv

sub_401787(44c4):
	WS2_32.send

sub_4016DC(44c4):
	WSOCK32.recv

sub_444AF0(45ad):
	KERNEL32.CloseHandle

sub_407E30(46cf):
	KERNEL32.GetStartupInfoA
	KERNEL32.GetModuleHandleA

sub_4014C2(48c7):
	WS2_32.closesocket

sub_44292D(48c7):
	WS2_32.closesocket

sub_405103(4bc0):
	ADVAPI32.ChangeServiceConfigA
	NTDLL.RtlGetLastWin32Error
	ADVAPI32.ChangeServiceConfig2A

	"C:\\WINDOWS\\system32\\nmsl.exe"

sub_44656E(4bc0):
	ADVAPI32.ChangeServiceConfigA
	NTDLL.RtlGetLastWin32Error
	ADVAPI32.ChangeServiceConfig2A

	"C:\\WINDOWS\\system32\\nmsl.exe"

sub_403FEA(4bda):
	KERNEL32.ExitProcess
	KERNEL32.Sleep

sub_40400E(4d2e):
	KERNEL32.WaitForSingleObject
	KERNEL32.CloseHandle
	KERNEL32.Sleep

	"Srv: waiting %i seconds...\n"
	"\r			     \r"

sub_4479E1(4d3a):
	KERNEL32.OpenProcess
	KERNEL32.WaitForSingleObject
	KERNEL32.GetExitCodeThread
	KERNEL32.CloseHandle

	"process opened.\n"
	"thread injected (%i).\n"
	"thread complete (%i).\n"
	"DLL injected!\n"

sub_406576(4d3a):
	KERNEL32.OpenProcess
	KERNEL32.WaitForSingleObject
	KERNEL32.GetExitCodeThread
	KERNEL32.CloseHandle

	"process opened.\n"
	"thread injected (%i).\n"
	"thread complete (%i).\n"
	"DLL injected!\n"

sub_40399A(51ed):
	KERNEL32.GetTempPathA
	KERNEL32.GetTempFileNameA
	KERNEL32.CopyFileA
	KERNEL32.SetFileAttributesA
	KERNEL32.Sleep
	KERNEL32.InterlockedExchange
	KERNEL32.DeleteFileA

	"UPDATE URL: <%s>\n"
	"msss"
	"msssx"
	"*update \""
	"\"	\""
	"\""
	"running	%s (%s)...\r\n"

sub_44A99B(53e7):
	KERNEL32.UnhandledExceptionFilter

sub_409530(53e7):
	KERNEL32.UnhandledExceptionFilter

sub_44C20B(572f):
	KERNEL32.SetStdHandle

sub_40ADA0(572f):
	KERNEL32.SetStdHandle

sub_406010(5849):
	KERNEL32.ResetEvent
	KERNEL32.SetEvent

	"DLLTestThread: pulsing...\n"

sub_404162(5c38):
	KERNEL32.CloseHandle

sub_402896(5ca1):
	WS2_32.inet_addr

	"

sub_443D01(5ca1):
	WS2_32.inet_addr

	"

sub_40417F(5cec):
	NTDLL.RtlEnterCriticalSection
	NTDLL.RtlLeaveCriticalSection
	WS2_32.inet_ntoa
	WS2_32.WSAGetLastError
	KERNEL32.Sleep

	"connection rejected (from [%s])\n"
	"127.0.0.1"
	"connecting to	%s:%i\n"
	"connection to	%s:%i failed! %-( (%i)\n"
	"data exchange	complete\n"
	"connection closed.\n"

sub_446D40(5e2d):
	"StartupPrograms"
	"System\\CurrentControlSet\\Control\\Termin"...
	"StartupPrograms"
	"System\\CurrentControlSet\\Control\\Termin"...
	"StartupPrograms"
	"System\\CurrentControlSet\\Control\\Termin"...

sub_40B010(6826):
	KERNEL32.InitializeCriticalSection
	NTDLL.RtlEnterCriticalSection

sub_44C47B(6826):
	KERNEL32.InitializeCriticalSection
	NTDLL.RtlEnterCriticalSection

sub_4058D5(69b0):
	"StartupPrograms"
	"System\\CurrentControlSet\\Control\\Termin"...
	"StartupPrograms"
	"System\\CurrentControlSet\\Control\\Termin"...
	"StartupPrograms"
	"System\\CurrentControlSet\\Control\\Termin"...

sub_4075B0(6b36):
	KERNEL32.WriteConsoleA

sub_449DAB(6bae):
	KERNEL32.HeapCreate

sub_408940(6bae):
	KERNEL32.HeapCreate

sub_408B70(6dab):
	"hjltzL"

sub_449FDB(6dab):
	"hjltzL"

sub_447325(6e18):
	KERNEL32.CreateProcessA
	KERNEL32.CloseHandle

	"\""
	"C:\\WINDOWS\\system32\\nmsl.exe"
	"\"	"

sub_405EBA(6e18):
	KERNEL32.CreateProcessA
	KERNEL32.CloseHandle

	"\""
	"C:\\WINDOWS\\system32\\nmsl.exe"
	"\"	"

sub_409AA0(6f0a):
	KERNEL32.GetCommandLineA
	KERNEL32.GetModuleFileNameA

sub_44AF0B(6f0a):
	KERNEL32.GetCommandLineA
	KERNEL32.GetModuleFileNameA

sub_405F73(6fec):
	KERNEL32.GetFileAttributesA
	KERNEL32.Sleep

	"ServiceFixerThread started.\n"
	"C:\\WINDOWS\\system32\\nmsl.exe"
	"**"

sub_40356A(70b2):
	KERNEL32.Sleep
	KERNEL32.InterlockedExchange

sub_402562(7590):
	KERNEL32.GetTickCount
	KERNEL32.Sleep

	"."

sub_4439CD(7590):
	KERNEL32.GetTickCount
	KERNEL32.Sleep

	"."

sub_402511(75be):
	KERNEL32.CompareStringA

sub_40571E(75be):
	KERNEL32.CompareStringA

sub_44397C(75be):
	KERNEL32.CompareStringA

sub_446B89(75be):
	KERNEL32.CompareStringA

sub_443A14(7718):
	WS2_32.inet_addr
	WS2_32.htons
	WS2_32.socket

	"http://"
	"HTTP discovery request: [%s:%i]...\n"
	"GET %s HTTP/1.1\r\nHOST: %s:%i\r\nACCEPT-LA"...
	"HTTP discovery request [%s:%i]: receive"...
	"\n"
	"200"

sub_4025A9(7718):
	WS2_32.inet_addr
	WS2_32.htons
	WS2_32.socket

	"http://"
	"HTTP discovery request: [%s:%i]...\n"
	"GET %s HTTP/1.1\r\nHOST: %s:%i\r\nACCEPT-LA"...
	"HTTP discovery request [%s:%i]: receive"...
	"\n"
	"200"

sub_44552E(786d):
	ADVAPI32.GetUserNameA
	KERNEL32.lstrcmpi

	"SYSTEM"

sub_4040C3(786d):
	ADVAPI32.GetUserNameA
	KERNEL32.lstrcmpi

	"SYSTEM"

sub_406A07(78a9):
	KERNEL32.CreateEventA
	KERNEL32.WaitForSingleObject
	KERNEL32.CloseHandle
	KERNEL32.Sleep

sub_402449(7bd4):
	KERNEL32.OpenFileMappingA
	KERNEL32.MapViewOfFile
	KERNEL32.UnmapViewOfFile
	KERNEL32.CloseHandle

	"{6EA9B038-C801-4F76-805F-E41ACF9ED165}"

sub_4438B4(7bd4):
	KERNEL32.OpenFileMappingA
	KERNEL32.MapViewOfFile
	KERNEL32.UnmapViewOfFile
	KERNEL32.CloseHandle

	"{6EA9B038-C801-4F76-805F-E41ACF9ED165}"

sub_442757(7dbe):
	WS2_32.WSAStartup

	"WinSock 1.1 initialized.\n"
	"WinSock 2.x initialized.\n"

sub_4012EC(7dbe):
	WS2_32.WSAStartup

	"WinSock 1.1 initialized.\n"
	"WinSock 2.x initialized.\n"

sub_405E59(7e45):
	ADVAPI32.StartServiceCtrlDispatcherA

sub_4472C4(7e45):
	ADVAPI32.StartServiceCtrlDispatcherA

sub_40644C(8069):
	KERNEL32.VirtualAllocEx
	KERNEL32.GetModuleHandleA
	KERNEL32.GetProcAddress
	KERNEL32.WriteProcessMemory
	KERNEL32.CreateRemoteThread

	"VirtualAllocEx() ok\n"
	"kernel32.dll"
	"LoadLibraryA"
	"ExitThread"
	"GetLastError"
	"WriteProcessMemory() ok\n"
	"<%s>\n"

sub_4478B7(8069):
	KERNEL32.VirtualAllocEx
	KERNEL32.GetModuleHandleA
	KERNEL32.GetProcAddress
	KERNEL32.WriteProcessMemory
	KERNEL32.CreateRemoteThread

	"VirtualAllocEx() ok\n"
	"kernel32.dll"
	"LoadLibraryA"
	"ExitThread"
	"GetLastError"
	"WriteProcessMemory() ok\n"
	"<%s>\n"

sub_405C00(80ab):
	KERNEL32.LocalAlloc
	ADVAPI32.InitializeSecurityDescriptor
	ADVAPI32.SetSecurityDescriptorDacl
	KERNEL32.CreateEventA
	NTDLL.RtlGetLastWin32Error
	KERNEL32.CloseHandle
	KERNEL32.WaitForMultipleObjects
	KERNEL32.WaitForSingleObject

	"{1EA9B031-C301-4F76-805F-A41ECF9ED164}"
	"EVENT	CREATON	ERROR: %i\n"
	"WAITING FOR STOP EVENT!\n"

sub_44706B(80ab):
	KERNEL32.LocalAlloc
	ADVAPI32.InitializeSecurityDescriptor
	ADVAPI32.SetSecurityDescriptorDacl
	KERNEL32.CreateEventA
	NTDLL.RtlGetLastWin32Error
	KERNEL32.CloseHandle
	KERNEL32.WaitForMultipleObjects
	KERNEL32.WaitForSingleObject

	"{1EA9B031-C301-4F76-805F-A41ECF9ED164}"
	"EVENT	CREATON	ERROR: %i\n"
	"WAITING FOR STOP EVENT!\n"

sub_401621(852f):
	WS2_32.accept

sub_442A8C(852f):
	WS2_32.accept

sub_446BDA(85c6):
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegQueryValueExA
	ADVAPI32.RegCloseKey

	"RegRead(): opened %s\n"
	"RegRead(): read %i bytes from	%s (%s)\n"
	"RegRead(): can't read key %s\n"

sub_40576F(85c6):
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegQueryValueExA
	ADVAPI32.RegCloseKey

	"RegRead(): opened %s\n"
	"RegRead(): read %i bytes from	%s (%s)\n"
	"RegRead(): can't read key %s\n"

sub_40225E(867d):
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegDeleteKeyA
	ADVAPI32.RegCloseKey

sub_4436C9(867d):
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegDeleteKeyA
	ADVAPI32.RegCloseKey

sub_44C4DB(86b5):
	NTDLL.RtlLeaveCriticalSection

sub_40B070(86b5):
	NTDLL.RtlLeaveCriticalSection

sub_408820(8af0):
	NTDLL.RtlUnwind

sub_405092(8d8e):
	ADVAPI32.OpenSCManagerA
	ADVAPI32.OpenServiceA
	ADVAPI32.CloseServiceHandle
	ADVAPI32.QueryServiceStatus

	"NMSL"

sub_4464FD(8d8e):
	ADVAPI32.OpenSCManagerA
	ADVAPI32.OpenServiceA
	ADVAPI32.CloseServiceHandle
	ADVAPI32.QueryServiceStatus

	"NMSL"

sub_44478D(8da5):
	WS2_32.htons
	WS2_32.inet_ntoa
	WS2_32.socket
	WS2_32.bind
	WS2_32.sendto
	WS2_32.closesocket
	WSOCK32.setsockopt
	WSOCK32.recvfrom
	WS2_32.WSAGetLastError

	"router ip:	[%s]\n"
	"sending NAT-PMP fwd request #%i...\n"
	"setsockopt NAT-PMP fwd request #%i...\n"
	"receiving NAT-PMP fwd	request	#%i...\n"
	"NAT-PMP fwd request #%i - ok\n"
	"NAT-PMP request #%i -	port: [%i]\n"

sub_403322(8da5):
	WS2_32.htons
	WS2_32.inet_ntoa
	WS2_32.socket
	WS2_32.bind
	WS2_32.sendto
	WS2_32.closesocket
	WSOCK32.setsockopt
	WSOCK32.recvfrom
	WS2_32.WSAGetLastError

	"router ip:	[%s]\n"
	"sending NAT-PMP fwd request #%i...\n"
	"setsockopt NAT-PMP fwd request #%i...\n"
	"receiving NAT-PMP fwd	request	#%i...\n"
	"NAT-PMP fwd request #%i - ok\n"
	"NAT-PMP request #%i -	port: [%i]\n"

sub_408DF0(8eb3):
	KERNEL32.CreateFileA

	"CONOUT$"

sub_44A25B(8eb3):
	KERNEL32.CreateFileA

	"CONOUT$"

sub_443701(8f38):
	KERNEL32.GetModuleFileNameA

	":*:Enabled:"
	"Windows Network Management and Security"...
	"SYSTEM\\CurrentControlSet\\Services\\Share"...

sub_402296(8f38):
	KERNEL32.GetModuleFileNameA

	":*:Enabled:"
	"Windows Network Management and Security"...
	"SYSTEM\\CurrentControlSet\\Services\\Share"...

sub_446B33(8f85):
	ADVAPI32.RegCreateKeyExA
	ADVAPI32.RegSetValueExA
	ADVAPI32.RegCloseKey

sub_443673(8f85):
	ADVAPI32.RegCreateKeyExA
	ADVAPI32.RegSetValueExA
	ADVAPI32.RegCloseKey

sub_402208(8f85):
	ADVAPI32.RegCreateKeyExA
	ADVAPI32.RegSetValueExA
	ADVAPI32.RegCloseKey

sub_4056C8(8f85):
	ADVAPI32.RegCreateKeyExA
	ADVAPI32.RegSetValueExA
	ADVAPI32.RegCloseKey

sub_40670D(9112):
	KERNEL32.CreateToolhelp32Snapshot
	KERNEL32.Process32First
	KERNEL32.CloseHandle
	KERNEL32.Process32Next

sub_447B78(9112):
	KERNEL32.CreateToolhelp32Snapshot
	KERNEL32.Process32First
	KERNEL32.CloseHandle
	KERNEL32.Process32Next

sub_408AD0(9122):
	KERNEL32.InitializeCriticalSection
	NTDLL.RtlEnterCriticalSection

sub_449F3B(9122):
	KERNEL32.InitializeCriticalSection
	NTDLL.RtlEnterCriticalSection

sub_44457E(92ea):
	WS2_32.htons
	WS2_32.inet_ntoa
	WS2_32.socket
	WS2_32.bind
	WS2_32.sendto
	WS2_32.closesocket
	WSOCK32.setsockopt
	WSOCK32.recvfrom
	WS2_32.WSAGetLastError

	"default gateway: [%s]\n"
	"sending NAT-PMP request #%i...\n"
	"setsockopt NAT-PMP request #%i...\n"
	"receiving NAT-PMP request #%i...\n"
	"NAT-PMP request #%i -	ok\n"
	"NAT-PMP request #%i -	public IP: [%s]\n"

sub_4024A6(93c2):
	KERNEL32.OpenFileMappingA
	KERNEL32.MapViewOfFile
	KERNEL32.UnmapViewOfFile
	KERNEL32.CloseHandle

	"{6EA9B038-C801-4F76-805F-E41ACF9ED165}"

sub_443911(93c2):
	KERNEL32.OpenFileMappingA
	KERNEL32.MapViewOfFile
	KERNEL32.UnmapViewOfFile
	KERNEL32.CloseHandle

	"{6EA9B038-C801-4F76-805F-E41ACF9ED165}"

sub_401713(95d9):
	WSOCK32.recv

sub_442B7E(95d9):
	WSOCK32.recv

sub_406183(9711):
	KERNEL32.CloseHandle
	KERNEL32.FindResourceA
	KERNEL32.SizeofResource
	KERNEL32.LoadResource
	KERNEL32.LockResource
	KERNEL32.SetFileAttributesA

	"#8001"
	"resource here, size: %i\n"
	"wb+"
	"file <%s> NOT	created\n"
	"file <%s> created\n"
	"file <%s> written, wsz=%i\n"

sub_4475EE(9711):
	KERNEL32.CloseHandle
	KERNEL32.FindResourceA
	KERNEL32.SizeofResource
	KERNEL32.LoadResource
	KERNEL32.LockResource
	KERNEL32.SetFileAttributesA

	"#8001"
	"resource here, size: %i\n"
	"wb+"
	"file <%s> NOT	created\n"
	"file <%s> created\n"
	"file <%s> written, wsz=%i\n"

sub_449E9B(98ea):
	KERNEL32.InitializeCriticalSection

sub_408A30(98ea):
	KERNEL32.InitializeCriticalSection

sub_4429AD(9964):
	WS2_32.ioctlsocket

sub_401542(9964):
	WS2_32.ioctlsocket

sub_405441(99ac):
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegQueryValueExA
	KERNEL32.lstrcmpi
	ADVAPI32.RegCloseKey

	"SYSTEM\\CurrentControlSet\\Services\\"
	"NMSL"
	"ImagePath"
	"C:\\WINDOWS\\system32\\nmsl.exe"

sub_4468AC(99ac):
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegQueryValueExA
	KERNEL32.lstrcmpi
	ADVAPI32.RegCloseKey

	"SYSTEM\\CurrentControlSet\\Services\\"
	"NMSL"
	"ImagePath"
	"C:\\WINDOWS\\system32\\nmsl.exe"

sub_404645(9aec):
	WS2_32.inet_ntoa
	NTDLL.RtlEnterCriticalSection
	NTDLL.RtlLeaveCriticalSection
	WS2_32.htons
	WS2_32.WSAGetLastError
	KERNEL32.Sleep

	"connection from [%s]\n"
	"connection rejected (from [%s])\n"
	"socks v%i  [%s]\n"
	"connecting to	%s:%i\n"
	"connection to	%s:%i failed! %-( (%i)\n"
	"transferring data...\n"
	"data exchange	complete\n"
	"connection closed.\n"

sub_447AA9(9b65):
	KERNEL32.CreateToolhelp32Snapshot
	KERNEL32.Process32First
	KERNEL32.lstrcmpi
	KERNEL32.CloseHandle
	KERNEL32.Process32Next

	"trying <%s> with <%s>\n"
	"<%s>\n"
	"trying <%s> with <%s>	failed\n"

sub_40663E(9b65):
	KERNEL32.CreateToolhelp32Snapshot
	KERNEL32.Process32First
	KERNEL32.lstrcmpi
	KERNEL32.CloseHandle
	KERNEL32.Process32Next

	"trying <%s> with <%s>\n"
	"<%s>\n"
	"trying <%s> with <%s>	failed\n"

sub_446EAE(9cf3):
	"load"
	"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
	"load"
	"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
	"load"
	"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...

sub_405A43(9cf3):
	"load"
	"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
	"load"
	"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
	"load"
	"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...

sub_443F6D(a465):
	WS2_32.inet_addr
	WS2_32.htons
	WS2_32.socket
	WSOCK32.setsockopt
	WS2_32.bind
	WS2_32.sendto
	WS2_32.closesocket
	WSOCK32.recvfrom
	WS2_32.WSAGetLastError

	"239.255.255.250"
	"239.255.255.250"
	"shit!\n"
	"xbind...\n"
	"sending IUPnP	discovery request #%i...\n"...
	"M-SEARCH * HTTP/1.1\r\nHost: 239.255.255."...
	"M-SEARCH * HTTP/1.1\r\nHost: 239.255.255."...
	"setsockopt IUPnP discovery request #%i."...
	"receiving IUPnP discovery request #%i.."...
	"IUPnP	discovery request #%i -- checking"...
	"schemas-upnp-org:service:WANIPConnectio"...
	"IUPnP	discovery request #%i: bad (0)..."...
	"location"
	"IUPnP	discovery request #%i: bad (1)..."...
	"IUPnP	discovery request #%i: bad (2)..."...
	"location: <%s>\n"
	"IUPnP	discovery request #%i: bad (3)..."...
	"urn:schemas-upnp-org:service:WANIPConne"...
	""
	""
	""
	"http://"
	"IUPnP	discovery request #%i: ok.\n"

sub_402B02(a465):
	WS2_32.inet_addr
	WS2_32.htons
	WS2_32.socket
	WSOCK32.setsockopt
	WS2_32.bind
	WS2_32.sendto
	WS2_32.closesocket
	WSOCK32.recvfrom
	WS2_32.WSAGetLastError

	"239.255.255.250"
	"239.255.255.250"
	"shit!\n"
	"xbind...\n"
	"sending IUPnP	discovery request #%i...\n"...
	"M-SEARCH * HTTP/1.1\r\nHost: 239.255.255."...
	"M-SEARCH * HTTP/1.1\r\nHost: 239.255.255."...
	"setsockopt IUPnP discovery request #%i."...
	"receiving IUPnP discovery request #%i.."...
	"IUPnP	discovery request #%i -- checking"...
	"schemas-upnp-org:service:WANIPConnectio"...
	"IUPnP	discovery request #%i: bad (0)..."...
	"location"
	"IUPnP	discovery request #%i: bad (1)..."...
	"IUPnP	discovery request #%i: bad (2)..."...
	"location: <%s>\n"
	"IUPnP	discovery request #%i: bad (3)..."...
	"urn:schemas-upnp-org:service:WANIPConne"...
	""
	""
	""
	"http://"
	"IUPnP	discovery request #%i: ok.\n"

sub_409B40(a608):
	KERNEL32.GetEnvironmentStrings
	KERNEL32.FreeEnvironmentStringsA

sub_44AFAB(a608):
	KERNEL32.GetEnvironmentStrings
	KERNEL32.FreeEnvironmentStringsA

sub_4023DC(a95d):
	KERNEL32.CreateFileMappingA
	NTDLL.RtlGetLastWin32Error
	KERNEL32.MapViewOfFile
	KERNEL32.UnmapViewOfFile

	"{6EA9B038-C801-4F76-805F-E41ACF9ED165}"

sub_409490(aa28):
	KERNEL32.TlsGetValue
	KERNEL32.TlsSetValue

sub_44A8FB(aa28):
	KERNEL32.TlsGetValue
	KERNEL32.TlsSetValue

sub_401ADA(ab88):
	"PktSend(%i): %i bytes\n"

sub_442F45(ab88):
	"PktSend(%i): %i bytes\n"

sub_403685(ad18):
	KERNEL32.CloseHandle

sub_40BC70(ae0a):
	KERNEL32.CreateFileA
	NTDLL.RtlGetLastWin32Error
	KERNEL32.GetFileType
	KERNEL32.CloseHandle

sub_44D0DB(ae0a):
	KERNEL32.CreateFileA
	NTDLL.RtlGetLastWin32Error
	KERNEL32.GetFileType
	KERNEL32.CloseHandle

sub_40166C(b8a0):
	WS2_32.accept
	WS2_32.htons

sub_442AD7(b8a0):
	WS2_32.accept
	WS2_32.htons

sub_40238A(b9ad):
	KERNEL32.LocalAlloc
	ADVAPI32.InitializeSecurityDescriptor
	ADVAPI32.SetSecurityDescriptorDacl

sub_4437F5(b9ad):
	KERNEL32.LocalAlloc
	ADVAPI32.InitializeSecurityDescriptor
	ADVAPI32.SetSecurityDescriptorDacl

sub_4085D0(bafb):
	"Handshake: bad packed (%i)\n"

sub_4089C0(bc2c):
	NTDLL.RtlFreeHeap

sub_408980(bc2c):
	NTDLL.RtlAllocateHeap

sub_449E2B(bc2c):
	NTDLL.RtlFreeHeap

sub_449DEB(bc2c):
	NTDLL.RtlAllocateHeap

sub_40C180(c3e2):
	KERNEL32.SetFilePointer
	NTDLL.RtlGetLastWin32Error

sub_44D5EB(c3e2):
	KERNEL32.SetFilePointer
	NTDLL.RtlGetLastWin32Error

sub_44293A(c461):
	WS2_32.select

sub_4014CF(c461):
	WS2_32.select

sub_403C3F(c5c5):
	NTDLL.RtlEnterCriticalSection
	NTDLL.RtlLeaveCriticalSection
	KERNEL32.InterlockedExchange
	WS2_32.inet_ntoa
	KERNEL32.InterlockedExchangeAdd
	KERNEL32.CloseHandle

	"dep.mvl0an7.com"
	"my port [%i]\n"
	"SRV:	[%s:%i]\n"
	"SRV: connecting...\n"
	"SRV: connecting failed.\n"
	"SRV: handshaking...\n"
	"SRV: rip? %i\n"
	"SRV: handshaking failed.\n"
	"SRV: ACK handshacking	failed\n"
	"* SRV: sending rejected IPs\n"
	"SRV: ACK rejected IPs\n"
	"SRV: ACK rejected IPs	failed\n"
	"SrvCommThread: done\n"

sub_445579(c61e):
	KERNEL32.CreateMutexA
	NTDLL.RtlGetLastWin32Error
	KERNEL32.CloseHandle

	"_win32__nmsl_um__"

sub_403604(c61e):
	KERNEL32.CreateMutexA
	NTDLL.RtlGetLastWin32Error
	KERNEL32.CloseHandle

	"__win32__nmsl_sdm__"

sub_40410E(c61e):
	KERNEL32.CreateMutexA
	NTDLL.RtlGetLastWin32Error
	KERNEL32.CloseHandle

	"_win32__nmsl_um__"

sub_444A6F(c61e):
	KERNEL32.CreateMutexA
	NTDLL.RtlGetLastWin32Error
	KERNEL32.CloseHandle

	"__win32__nmsl_sdm__"

sub_40C050(c81a):
	"abort"
	"arithmetic error"
	"invalid executable code"
	"interruption"
	"invalid storage access"
	"termination request"
	"signal #"
	"	-- terminating\n"

sub_44D4BB(c81a):
	"abort"
	"arithmetic error"
	"invalid executable code"
	"interruption"
	"invalid storage access"
	"termination request"
	"signal #"
	"	-- terminating\n"

sub_44A57B(ca7c):
	KERNEL32.CloseHandle
	NTDLL.RtlGetLastWin32Error

sub_409110(ca7c):
	KERNEL32.CloseHandle
	NTDLL.RtlGetLastWin32Error

sub_4036F6(caad):
	KERNEL32.OpenMutexA
	KERNEL32.CloseHandle

	"_win32__nmsl_sm__"

sub_444AC3(caad):
	KERNEL32.OpenMutexA
	KERNEL32.CloseHandle

	"__win32__nmsl_sdm__"

sub_444B61(caad):
	KERNEL32.OpenMutexA
	KERNEL32.CloseHandle

	"_win32__nmsl_sm__"

sub_403658(caad):
	KERNEL32.OpenMutexA
	KERNEL32.CloseHandle

	"__win32__nmsl_sdm__"

sub_405198(cb84):
	ADVAPI32.OpenSCManagerA
	ADVAPI32.OpenServiceA
	ADVAPI32.CloseServiceHandle

	"NMSL"

sub_446603(cb84):
	ADVAPI32.OpenSCManagerA
	ADVAPI32.OpenServiceA
	ADVAPI32.CloseServiceHandle

	"NMSL"

sub_4063D2(ccbf):
	ADVAPI32.LookupPrivilegeValueA
	KERNEL32.GetCurrentProcess
	ADVAPI32.OpenProcessToken
	ADVAPI32.AdjustTokenPrivileges
	NTDLL.RtlGetLastWin32Error

	"SeDebugPrivilege"

sub_44783D(ccbf):
	ADVAPI32.LookupPrivilegeValueA
	KERNEL32.GetCurrentProcess
	ADVAPI32.OpenProcessToken
	ADVAPI32.AdjustTokenPrivileges
	NTDLL.RtlGetLastWin32Error

	"SeDebugPrivilege"

sub_44BE6B(cf78):
	KERNEL32.WriteFile
	NTDLL.RtlGetLastWin32Error

sub_40AA00(cf78):
	KERNEL32.WriteFile
	NTDLL.RtlGetLastWin32Error

sub_40628E(d442):
	KERNEL32.GetTempPathA
	KERNEL32.GetTempFileNameA

	"r"
	"old DLL: <%s>\n"
	"nmsl_"
	"000.tmp"
	"checking DLL: <%s>\n"
	" DLL found: <%s>\n"
	"nmsl_"
	"trying DLL: <%s>\n"
	"DLL ok: <%s>\n"
	"DLL not extracted.\n"

sub_4476F9(d442):
	KERNEL32.GetTempPathA
	KERNEL32.GetTempFileNameA

	"r"
	"old DLL: <%s>\n"
	"nmsl_"
	"000.tmp"
	"checking DLL: <%s>\n"
	" DLL found: <%s>\n"
	"nmsl_"
	"trying DLL: <%s>\n"
	"DLL ok: <%s>\n"
	"DLL not extracted.\n"

sub_4424E1(daa4):
	NTDLL.RtlEnterCriticalSection
	NTDLL.RtlLeaveCriticalSection

sub_401076(daa4):
	NTDLL.RtlEnterCriticalSection
	NTDLL.RtlLeaveCriticalSection

sub_44E44B(dc13):
	NTDLL.RtlGetLastWin32Error
	KERNEL32.SetEndOfFile

sub_40CFE0(dc13):
	NTDLL.RtlGetLastWin32Error
	KERNEL32.SetEndOfFile

sub_444CA3(dc53):
	WININET.InternetOpenA
	WININET.InternetOpenUrlA
	WININET.InternetCloseHandle
	NTDLL.RtlRestoreLastWin32Error
	WININET.InternetReadFile
	NTDLL.RtlGetLastWin32Error
	KERNEL32.DeleteFileA

	"msdownloader"
	"InternetOpenUrl(): %i\n"
	"wb"
	"fopen(%s)...\n"
	"downloaded failed: [%s] --> %s\r\n"
	"downloaded [%s]	--> %s\r\n"

sub_403838(dc53):
	WININET.InternetOpenA
	WININET.InternetOpenUrlA
	WININET.InternetCloseHandle
	NTDLL.RtlRestoreLastWin32Error
	WININET.InternetReadFile
	NTDLL.RtlGetLastWin32Error
	KERNEL32.DeleteFileA

	"msdownloader"
	"InternetOpenUrl(): %i\n"
	"wb"
	"fopen(%s)...\n"
	"downloaded failed: [%s] --> %s\r\n"
	"downloaded [%s]	--> %s\r\n"

sub_44A7CB(e23b):
	KERNEL32.TlsAlloc
	KERNEL32.TlsSetValue
	KERNEL32.GetCurrentThreadId

sub_409360(e23b):
	KERNEL32.TlsAlloc
	KERNEL32.TlsSetValue
	KERNEL32.GetCurrentThreadId

sub_40B390(e625):
	"0123456789ABCDEF"
	"0123456789abcdef"

sub_44C7FB(e625):
	"0123456789ABCDEF"
	"0123456789abcdef"

sub_401359(e78e):
	WS2_32.socket
	WSOCK32.setsockopt

sub_4427C4(e78e):
	WS2_32.socket
	WSOCK32.setsockopt

sub_409520(e89a):
	KERNEL32.ExitProcess

sub_44A98B(e89a):
	KERNEL32.ExitProcess

sub_406086(ebc7):
	KERNEL32.CloseHandle

	"DLLTestListenThread: binding...\n"
	"DLLTestListenThread: listening...\n"
	"DLLTestListenThread: accepting...\n"
	"DLLTestListenThread: done...\n"

sub_4015B7(ef0c):
	WS2_32.htons
	WS2_32.bind

sub_442A22(ef0c):
	WS2_32.htons
	WS2_32.bind

sub_4429D2(ef0c):
	WS2_32.htons
	WS2_32.connect

sub_401567(ef0c):
	WS2_32.htons
	WS2_32.connect

sub_446725(ef6f):
	ADVAPI32.OpenSCManagerA
	ADVAPI32.CreateServiceA
	NTDLL.RtlGetLastWin32Error
	ADVAPI32.CloseServiceHandle
	KERNEL32.lstrcpyn
	ADVAPI32.ChangeServiceConfig2A

	"C:\\WINDOWS\\system32\\nmsl.exe"
	"Windows Network Management and Security"...
	"NMSL"
	"service registered\n"
	"Provides support for Microsoft Windows®"...

sub_4052BA(ef6f):
	ADVAPI32.OpenSCManagerA
	ADVAPI32.CreateServiceA
	NTDLL.RtlGetLastWin32Error
	ADVAPI32.CloseServiceHandle
	KERNEL32.lstrcpyn
	ADVAPI32.ChangeServiceConfig2A

	"C:\\WINDOWS\\system32\\nmsl.exe"
	"Windows Network Management and Security"...
	"NMSL"
	"service registered\n"
	"Provides support for Microsoft Windows®"...

sub_44C54B(f5c4):
	KERNEL32.SetConsoleCtrlHandler

sub_40B0E0(f5c4):
	KERNEL32.SetConsoleCtrlHandler

sub_44919B(f905):
	KERNEL32.CloseHandle
	KERNEL32.ExitThread

sub_407D30(f905):
	KERNEL32.CloseHandle
	KERNEL32.ExitThread

sub_44B06B(fb0d):
	KERNEL32.GetCommandLineA

sub_409C00(fb0d):
	KERNEL32.GetCommandLineA