sub_outside():
	MSVCRT.sprintf
	MSVCRT.strncat
	WS2_32.htonl
	MSVCRT.rand
	WS2_32.inet_ntoa
	WS2_32.socket
	WS2_32.htons
	WS2_32.ioctlsocket
	WS2_32.connect
	WS2_32.select
	WS2_32.closesocket
	WS2_32.inet_addr
	WS2_32.WSASocketA
	WS2_32.send
	WS2_32.recv
	WININET.InternetGetConnectedStateEx
	WS2_32.gethostbyname
	WS2_32.gethostbyaddr
	MSVCRT.atoi
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegEnumKeyExA
	ADVAPI32.RegQueryValueExA
	MSVCRT.strstr
	ADVAPI32.OpenSCManagerA
	ADVAPI32.OpenServiceA
	ADVAPI32.ControlService
	ADVAPI32.CloseServiceHandle
	ADVAPI32.LsaOpenPolicy
	ADVAPI32.LsaEnumerateAccountsWithUserRight
	ADVAPI32.LsaFreeMemory
	ADVAPI32.LsaClose
	WS2_32.gethostname
	DNSAPI.DnsFlushResolverCache

sub_4013A5(0203):
	WS2_32.inet_ntoa

	"SC:"
	"%s Current IP: %s."
	"SC:"
	"%s Scan not active."

sub_40F579(0304):
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegQueryValueExA
	ADVAPI32.RegCloseKey

sub_408AEB(03aa):
	"A:\\"
	"Drive	Totals (N/A), total: %s%s, free: "...

sub_412A6A(04c1):
	WS2_32.closesocket

sub_4094C5(079c):
	MSVCRT.fseek
	WS2_32.closesocket

	"rb"

sub_412D84(0972):
	MSVCRT.fread

	"rb"

sub_40AEBF(0f23):
	MSVCRT._strlwr

	"PRIVMSG %s	:%s\r\n"

sub_411500(119c):
	ADVAPI32.LsaLookupNames2
	ADVAPI32.LsaFreeMemory

sub_4114C3(14b2):
	ADVAPI32.LsaAddAccountRights
	ADVAPI32.LsaRemoveAccountRights

sub_40D383(178e):
	"%s"
	"Error: <%d>"

sub_40DF22(18de):
	"Go fuck yourself %s."

sub_4013F9(1eb1):
	MSVCRT.strncpy

	"ShellCode Server started, Port: %i"
	"FT:"
	"%s Server started, Port: %i, File: %s."

sub_40FD00(2126):
	MSVCRT.fwrite

	"r+b"
	"MZ�"

sub_412B96(243d):
	"T:"
	"%s %s	thread stopped.	(%d thread(s) sto"...
	"T:"
	"%s No	%s thread found."

sub_40AFB4(27a8):
	"%s\r\n"

sub_409C5D(2804):
	IPHLPAPI.GetIfTable

sub_4133F1(2f03):
	ADVAPI32.OpenSCManagerA
	ADVAPI32.OpenServiceA
	ADVAPI32.DeleteService

	"NTVDM."
	"88907"
	"SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVe"...
	"556789"
	"SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVe"...

sub_40173A(3c85):
	WS2_32.inet_addr
	WS2_32.inet_ntoa

	"SC:"
	"%s Failed to initialize critical sectio"...
	"SC:"
	"%s %s:%d, Scan thread: %d, Sub-thread: "...
	"SC:"
	"%s Finished at %s:%d after %d	minute(s)"...
	"Scanner"

sub_40F359(3df9):
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegQueryInfoKeyA
	ADVAPI32.RegEnumKeyExA
	ADVAPI32.RegEnumValueA
	ADVAPI32.RegCloseKey

	"(%.2d) %s\\%s"

sub_40AE05(3eba):
	"NOTICE %s :%s\r\n"

sub_412DFB(4276):
	"Shell"
	"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...

sub_40DFC5(4290):
	MSVCRT.strncpy
	MSVCRT.strstr
	MSVCRT.strtok

	"$dec("
	")"
	"|"
	"topic"
	"%s"

sub_40C56A(43bb):
	"Kernel32.dll failed. <%d>"
	"User32.dll failed. <%d>"
	"Advapi32.dll failed. <%d>"
	"Parts	of Advapi32.dll	failed.	(Lsa Rest"...
	"Gdi32.dll failed. <%d>"
	"Ws2_32.dll failed. <%d>"
	"Wininet.dll failed. <%d>"
	"Icmp.dll failed. <%d>"
	"Netapi32.dll failed. <%d>"
	"Dnsapi.dll failed. <%d>"
	"Iphlpapi.dll failed. <%d>"
	"Parts	of Iphlpapi.dll	failed.	(Netstatp"...
	"Mpr32.dll failed. <%d>"
	"Shell32.dll failed. <%d>"
	"Odbc32.dll failed. <%d>"
	"Psapi.dll failed. <%d>"
	"PStore.dll failed. <%d>"
	"Shlwapi.dll failed. <%d>"
	"M:"
	"%s DLL test complete."

sub_41038D(449e):
	MSVCRT.wcslen

sub_403252(4596):
	MSVCRT.rand

	"%s\\%s\\%s"
	"m%d%d%d%d%d.exe"
	"%s\\%s\\%s"
	"(Blank)"
	"netapi139"
	"SC:"
	"%s %s: Exploiting IP:	%s\\%s,	%s/%s (Cre"...
	"(Blank)"
	"netapi139"
	"SC:"
	"%s %s: Exploiting IP:	%s\\%s,	%s/%s (Net"...
	"(Blank)"
	"netapi139"
	"SC:"
	"%s %s: Failed	to exploit IP: %s\\%s, %s/"...

sub_408A45(45b0):
	"failed"

sub_411E13(4b09):
	WS2_32.htons

sub_40959E(4b3a):
	WS2_32.closesocket

	"Exploit FTPD"
	"T:"
	"%s %s	stopped. (%d thread(s) stopped.)"
	"Exploit FTPD"
	"T:"
	"%s No	%s thread found."

sub_40F68D(4bcf):
	ADVAPI32.RegCreateKeyExA
	ADVAPI32.RegSetValueExA
	ADVAPI32.RegCloseKey

sub_40AF6C(4c64):
	"JOIN	%s %s\r\n"

sub_40B501(4d9d):
	WININET.InternetOpenA

	"kernel32.dll"
	"SetErrorMode"
	"CreateToolhelp32Snapshot"
	"Process32First"
	"GetDiskFreeSpaceExA"
	"GetLogicalDriveStringsA"
	"SearchPathA"
	"QueryPerformanceCounter"
	"QueryPerformanceFrequency"
	"GetComputerNameA"
	"RegisterServiceProcess"
	"user32.dll"
	"CloseWindow"
	"SendMessageA"
	"FindWindowA"
	"IsWindow"
	"GetClipboardData"
	"CloseClipboard"
	"GetAsyncKeyState"
	"GetKeyState"
	"GetWindowTextA"
	"GetForegroundWindow"
	"EnumWindows"
	"GetWindowThreadProcessId"
	"ShowWindow"
	"IsWindowVisible"
	"advapi32.dll"
	"RegCreateKeyExA"
	"RegSetValueExA"
	"RegQueryValueExA"
	"RegDeleteValueA"
	"RegCloseKey"
	"RegQueryInfoKeyA"
	"OpenThreadToken"
	"OpenProcessToken"
	"LookupPrivilegeValueA"
	"AdjustTokenPrivileges"
	"LsaEnumerateAccountsWithUserRight"
	"LsaLookupNames2"
	"LsaAddAccountRights"
	"LsaRemoveAccountRights"
	"LsaClose"
	"LsaNtStatusToWinError"
	"OpenSCManagerA"
	"OpenServiceA"
	"ControlService"
	"CloseServiceHandle"
	"EnumServicesStatusA"
	"IsValidSecurityDescriptor"
	"CreateServiceA"
	"StartServiceCtrlDispatcherA"
	"ImpersonateLoggedOnUser"
	"LockServiceDatabase"
	"QueryServiceLockStatusA"
	"ChangeServiceConfig2A"
	"UnlockServiceDatabase"
	"RegisterServiceCtrlHandlerA"
	"SetServiceStatus"
	"GetUserNameA"
	"ClearEventLogA"
	"gdi32.dll"
	"CreateDCA"
	"CreateDIBSection"
	"CreateCompatibleDC"
	"GetDIBColorTable"
	"SelectObject"
	"BitBlt"
	"DeleteDC"
	"DeleteObject"
	"ws2_32.dll"
	"WSAStartup"
	"WSASocketA"
	"WSAAsyncSelect"
	"__WSAFDIsSet"
	"WSAIoctl"
	"WSAGetLastError"
	"WSACleanup"
	"socket"
	"ioctlsocket"
	"connect"
	"inet_ntoa"
	"inet_addr"
	"htons"
	"htonl"
	"ntohs"
	"ntohl"
	"send"
	"sendto"
	"recv"
	"recvfrom"
	"bind"
	"select"
	"listen"
	"accept"
	"setsockopt"
	"getsockname"
	"gethostname"
	"getpeername"
	"closesocket"
	"shutdown"
	"wininet.dll"
	"InternetGetConnectedState"
	"InternetGetConnectedStateEx"
	"HttpOpenRequestA"
	"HttpSendRequestA"
	"FtpGetFileA"
	"FtpPutFileA"
	"InternetConnectA"
	"InternetOpenUrlA"
	"InternetCrackUrlA"
	"InternetReadFile"
	"InternetCloseHandle"
	"Mozilla/4.0 (compatible)"
	"icmp.dll"
	"IcmpCreateFile"
	"IcmpCloseHandle"
	"IcmpSendEcho"
	"netapi32.dll"
	"NetShareAdd"
	"NetShareDel"
	"NetShareEnum"
	"NetScheduleJobAdd"
	"NetApiBufferFree"
	"NetRemoteTOD"
	"NetUserAdd"
	"NetUserDel"
	"NetUserEnum"
	"NetUserGetInfo"
	"NetMessageBufferSend"
	"dnsapi.dll"
	"DnsFlushResolverCache"
	"DnsFlushResolverCacheEntry_A"
	"iphlpapi.dll"
	"DeleteIpNetEntry"
	"GetIfTable"
	"GetTcpTable"
	"GetUdpTable"
	"GetNetworkParams"
	"mpr.dll"
	"WNetAddConnection2A"
	"WNetAddConnection2W"
	"WNetCancelConnection2A"
	"WNetCancelConnection2W"
	"shell32.dll"
	"SHChangeNotify"
	"odbc32.dll"
	"SQLDriverConnect"
	"SQLAllocHandle"
	"psapi.dll"
	"GetModuleFileNameExA"
	"GetModuleBaseNameA"
	"EnumProcessModules"
	"GetProcessMemoryInfo"
	"pstorec.dll"
	"PStoreCreateInstance"
	"shlwapi.dll"
	"PathRemoveFileSpecA"

sub_411ACD(4e8f):
	ADVAPI32.OpenSCManagerA
	ADVAPI32.CreateServiceA
	ADVAPI32.CloseServiceHandle

	"\"%s\""
	"NTVDM."
	"NTVDM."
	"NTVDM."

sub_40D771(5047):
	ADVAPI32.OpenThreadToken
	ADVAPI32.OpenProcessToken
	ADVAPI32.LookupPrivilegeValueA
	ADVAPI32.AdjustTokenPrivileges

	"SeDebugPrivilege"

sub_408C01(507b):
	"KB"
	"MB"
	"GB"
	"DRI:"
	"%s Listing drives:"
	"A:\\"
	"KB"
	"MB"
	"GB"
	"KB"
	"MB"
	"GB"
	"DRI:"
	"%s End of list."

sub_40CB5E(51a9):
	"%s"

sub_40D568(51f8):
	ADVAPI32.OpenThreadToken
	ADVAPI32.OpenProcessToken
	ADVAPI32.LookupPrivilegeValueA
	ADVAPI32.AdjustTokenPrivileges

	"SeDebugPrivilege"
	"%i"

sub_4136BC(52fc):
	ADVAPI32.OpenProcessToken
	ADVAPI32.ImpersonateLoggedOnUser

sub_409938(5539):
	MSVCRT.sprintf
	ADVAPI32.GetUserNameA
	KERNEL32.GetComputerNameA

	"???"
	"95"
	"NT"
	"98"
	"ME"
	"2K"
	"XP"
	"2003"
	"%s (%s)"
	"dd:MMM:yyyy"
	"HH:mm:ss"

sub_40C854(569e):
	WININET.InternetOpenA
	WININET.InternetOpenUrlA
	WININET.InternetReadFile
	WININET.InternetCloseHandle

	"ww2.dokidoki.ne.jp/tomocrus/cgi-bin/che"...
	"%s%%s"

sub_413567(5ad1):
	IPHLPAPI.GetIpNetTable
	IPHLPAPI.DeleteIpNetEntry

sub_40ABE0(5f7e):
	MSVCRT.strchr

	"JOIN"
	"PART"
	"QUIT"
	"NOTICE"
	"PRIVMSG"
	"NICK"
	"PING"
	"PONG	%s\r\n"

sub_40F072(66f1):
	"HKEY_LOCAL_MACHINE"

sub_40B0CF(6739):
	KERNEL32.GetComputerNameA

	"Error"

sub_40AA9E(69b2):
	WS2_32.shutdown
	WS2_32.closesocket

	"Leaving"

sub_40CBDE(6bd6):
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegQueryValueExA
	ADVAPI32.RegCloseKey

	"SOFTWARE\\Kazaa\\LocalContent"
	"DownloadDir"
	"\\"
	"*.*"
	"exe"
	"%s\\%s"

sub_412D04(6d80):
	MSVCRT.strtok

	" "

sub_4020D1(6e81):
	WS2_32.select
	WS2_32.__WSAFDIsSet
	WS2_32.recv

sub_40886E(6ec9):
	MSVCRT._snprintf
	MSVCRT.sprintf

	"%s%s"
	"failed"

sub_40F233(7115):
	ADVAPI32.RegDeleteKeyA
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegEnumKeyExA
	ADVAPI32.RegDeleteValueA
	ADVAPI32.RegCloseKey

sub_40943E(74d4):
	WS2_32.socket
	WS2_32.inet_addr
	WS2_32.htons
	WS2_32.connect
	WS2_32.WSAGetLastError
	WS2_32.closesocket

	"FT:"
	"%s Couldn't open data connection to: %s"...

sub_40A897(756f):
	"M:"
	"%s Login List:"
	"<%i>	%s!%s@%s"
	"<%i>	"
	"M:"
	"%s Login List	complete."

sub_411D62(759b):
	MSVCRT.rand

sub_40881B(7639):
	KERNEL32.SetErrorMode

sub_40C9B6(7712):
	MSVCRT.strncpy
	WS2_32.inet_addr
	WS2_32.gethostbyaddr

	"Couldn't resolve host"

sub_40AF92(77c9):
	"PART	%s\r\n"

sub_40AF4A(825a):
	"JOIN	%s\r\n"

sub_41370F(8723):
	ADVAPI32.OpenSCManagerA
	ADVAPI32.EnumServicesStatusA
	ADVAPI32.CloseServiceHandle

sub_40B4D0(8bc2):
	"NICK	%s\r\n"

sub_411C08(8bf5):
	ADVAPI32.OpenSCManagerA
	ADVAPI32.OpenServiceA
	ADVAPI32.LockServiceDatabase
	ADVAPI32.QueryServiceLockStatusA
	ADVAPI32.ChangeServiceConfig2A
	ADVAPI32.UnlockServiceDatabase
	ADVAPI32.CloseServiceHandle

	"NTVDM."

sub_40AAD0(8e61):
	"QUIT	%s\r\n"
	"QUIT\r\n"

sub_411F81(8f94):
	WS2_32.recv
	MSVCRT.fread
	WS2_32.send
	WS2_32.closesocket
	WS2_32.socket
	WS2_32.setsockopt
	WS2_32.htons
	WS2_32.bind
	WS2_32.listen
	WS2_32.accept

	"rb"

sub_40AFD6(9131):
	"MODE	%s %s\r\n"
	"MODE	%s %s %s\r\n"

sub_412EBD(9418):
	MSVCRT.strtok

	"%s\\%s"

sub_402151(981b):
	WS2_32.htonl
	WS2_32.send

sub_403925(9862):
	ADVAPI32.OpenEventLogA
	ADVAPI32.ClearEventLogA
	ADVAPI32.CloseEventLog
	USER32.FindWindowA
	MSVCRT.sprintf
	USER32.SendMessageA
	MSVCRT._snprintf
	MSVCRT.atoi
	MSVCRT.strstr
	MSVCRT._strlwr
	WININET.InternetGetConnectedStateEx
	KERNEL32.QueryPerformanceCounter
	KERNEL32.QueryPerformanceFrequency
	WS2_32.getsockname
	WS2_32.inet_ntoa
	MSVCRT.strrchr
	MSVCRT.rand
	MSVCRT.fgets
	WS2_32.inet_addr
	WS2_32.gethostbyaddr
	WS2_32.gethostbyname
	DNSAPI.DnsFlushResolverCache
	MSVCRT.strncpy
	WS2_32.WSACleanup

	"login"
	"l"
	"logout"
	"lo"
	"remove"
	"bye"
	"threads"
	"t"
	"process"
	"ps"
	"secure"
	"sec"
	"unsecure"
	"unsec"
	"exploitftpd"
	"eftpd"
	"driveinfo"
	"di"
	"scanall"
	"sa"
	"ntscan"
	"nts"
	"lsascan"
	"lsa"
	"advscan"
	"asc"
	"banner"
	"ban"
	"sniffer"
	"sniff"
	"pstore"
	"pst"
	"down"
	"wget"
	"update"
	"upd"
	"socks4"
	"s4"
	"redirect"
	"rd"
	"Redirect thread"
	"Socks4 Server"
	"Update"
	"Download"
	"Protected Storage"
	"Scanner"
	"Drive list"
	"Secure"
	"Process"
	"Thread list"
	"login"
	"l"
	"encrypt"
	"enc"
	"encrypt2"
	"enc2"
	"server"
	"srv"
	"logout"
	"lo"
	"who"
	"remove"
	"bye"
	"testdlls"
	"cel"
	"M:"
	"%s Cleared %d/%d event logs."
	"M:"
	"%s Failed to clear event logs."
	"M:"
	"%s Advapi.dll	is not loaded."
	"threads"
	"t"
	"sniffer"
	"sniff"
	"uptime"
	"up"
	"installed"
	"it"
	"version"
	"v"
	"status"
	"s"
	"open"
	"o"
	"secure"
	"sec"
	"unsecure"
	"unsec"
	"process"
	"ps"
	"nickupdate"
	"nu"
	"randnick"
	"rand"
	"exploitftpd"
	"eftpd"
	"iestart"
	"ies"
	"join"
	"j"
	"part"
	"p"
	"raw"
	"r"
	"prefix"
	"pr"
	"flusharp"
	"farp"
	"flushdns"
	"fdns"
	"resolve"
	"dns"
	"pstore"
	"pst"
	"sysinfo"
	"si"
	"netinfo"
	"ni"
	"driveinfo"
	"di"
	"system"
	"sys"
	"file"
	"f"
	"down"
	"wget"
	"update"
	"upd"
	"stats"
	"st"
	"currentip"
	"cip"
	"advscan"
	"asc"
	"scanall"
	"sa"
	"ntscan"
	"nts"
	"if"
	"i"
	"else"
	"e"
	"regctrl"
	"reg"
	"mircinfo"
	"minfo"
	"mIRC"
	"$version"
	"%s"
	"$me"
	"%s"
	"$server"
	"%s"
	"$serverip"
	"%s"
	"$port"
	"%s"
	"$chan(0)"
	"$chan(%i)"
	", "
	"."
	"MI:"
	"%s User is running mIRC %s, connected	t"...
	"MI:"
	"%s Client not	open."
	"delete"
	"d"
	"query"
	"q"
	"write"
	"w"
	"R:"
	"%s Successfully wrote: %s\\%s\\%s (%d)"
	"R:"
	"%s Failed to write: %s\\%s\\%s (%d)"
	"R:"
	"R:"
	"%s Failed to write: %s\\%s\\%s (%s)"
	"R:"
	"R:"
	"%s Done with query: %s\\%s"
	"%s Failed to query: %s\\%s"
	"R:"
	"%s Query:	%s\\%s\\%s: %d"
	"%s"
	"\n"
	"%s"
	"R:"
	"%s Finished displaying: %s\\%s\\%s"
	"R:"
	"%s Query:	%s\\%s\\%s: %s"
	"R:"
	"%s Failed to query: %s\\%s\\%s"
	"*"
	"R:"
	"*"
	"R:"
	"%s Failed to erase key: %s\\%s\\%s"
	"i"
	"else"
	"e"
	"nick"
	"n"
	"host"
	"h"
	"LO:"
	"%s Trying to get external IP."
	"*"
	"?"
	"*"
	"?"
	"*"
	"?"
	"*"
	"?"
	"*"
	"?"
	"appi"
	"app"
	"%s"
	"%s %s"
	"id"
	"y9r6k1q6e2"
	"uptime"
	"up"
	"file"
	"f"
	"connected"
	"con"
	"recordup"
	"rup"
	"private"
	"p"
	"dialup"
	"d"
	"status"
	"s"
	"os"
	"95"
	"nt"
	"98"
	"me"
	"2k"
	"xp"
	"2k3"
	"inip"
	"*"
	"?"
	"exip"
	"*"
	"?"
	"LO:"
	"%s Failed to parse command."
	"scanning"
	"scan"
	"LO:"
	"%s Missing parameter(s)."
	"%s"
	" %s"
	"LO:"
	"%s Should run: \"%s\"."
	"LO:"
	"ntscan"
	"nts"
	"SC:"
	"%s Already scanning with %d threads. To"...
	"netapi139"
	"SC:"
	"%s Failed to start scan, port	is invali"...
	"x.x.x.x"
	"%d.x.x.x"
	"SC:"
	"%s Trying to get external IP."
	"Random"
	"Sequential"
	"SC:"
	"%s Failed to start scan, no IP specifie"...
	"SC:"
	"%s Could not parse external IP."
	"SC:"
	"SC:"
	"%s Already scanning with %d threads. To"...
	"banner"
	"SC:"
	"%s Failed to start scan, port	is invali"...
	"SC:"
	"%s Failed to start scan, port	is invali"...
	"x.x.x.x"
	"%d.x.x.x"
	"SC:"
	"%s Trying to get external IP."
	"SC:"
	"%s Could not parse external IP."
	"SC:"
	"%s No	subnet class specified,	try \"-a\" "...
	"Random"
	"Sequential"
	"UPD:"
	"y9r6k1q6e2"
	"transfer thread"
	"UPD:"
	"%s %s	already	running	at thread number:"...
	"%s%d%d%d%d%d.exe"
	"%s Downloading update	from: %s to: %s."
	"%s Failed to start %s, error:	<%d>."
	"transfer thread"
	"D:"
	"D:"
	"%s"
	" %s"
	"type"
	"cat"
	"exists"
	"ex"
	"del"
	"rm"
	"rmdir"
	"FI:"
	"%s Folder deleted: %s"
	"FI:"
	"%s Failed to delete folder: %s"
	"FI:"
	"%s %s	is not a folder."
	"FI:"
	"%s %s	doesn't exist."
	"move"
	"mv"
	"copy"
	"cp"
	"attrib"
	"at"
	"open"
	"op"
	"open"
	"FI:"
	"%s	Opened:	\"%s\"."
	"FI:"
	"%s Failed to open: \"%s\", error: <%d>"
	"FI:"
	"%s Attibutes set to: \"%s\"."
	"FI:"
	"%s Failed to set attibutes to: \"%s\", er"...
	"FI:"
	"FI:"
	"%s Copied: \"%s\" to: \"%s\""
	"FI:"
	"%s Failed to copy: \"%s\" to:	\"%s\",	error"...
	"FI:"
	"%s Moved:	\"%s\" to: \"%s\""
	"FI:"
	"%s Failed to move: \"%s\" to:	\"%s\",	error"...
	"FI:"
	"FI:"
	"%s Failed to delete file: %s,	error: <%"...
	"FI:"
	"%s File	exists:	%s"
	"%s"
	" %s"
	"r"
	"FI:"
	"%s Displaying	file: %s"
	"%s"
	"FI:"
	"%s File displayed: %s"
	"FI:"
	"%s Failed to read file: %s, error: <%d>"...
	"M:"
	"%s System call failed."
	"M:"
	"%s System call sent: \"%s\""
	"Drive	list thread"
	"DRI:"
	"mb"
	"gb"
	"total"
	"t"
	"KB"
	"MB"
	"GB"
	"DRI:"
	"%s Drive list	thread."
	"Drive	list thread"
	"NET:"
	"%s Trying to get external IP."
	"gb"
	"mb"
	"Protected storage thread"
	"PS:"
	"Protected storage thread"
	"M:"
	"%s Lookup: %s -> %s."
	"M:"
	"%s Could not resolve hostname."
	"M:"
	"%s DNS cache flushed."
	"M:"
	"%s Failed to flush DNS cache."
	"M:"
	"%s Failed to load dnsapi.dll."
	"M:"
	"%s ARP cache flushed."
	"M:"
	"%s Failed to flush ARP cache."
	"I:"
	"M:"
	"%s Prefix changed to:	'%c'."
	"I:"
	"Start Page"
	"Software\\Microsoft\\Internet	Explorer\\Ma"...
	"M:"
	"%s Error retrieving start page."
	"M:"
	"%s Current Internet Explorer start page"...
	"Start Page"
	"Software\\Microsoft\\Internet	Explorer\\Ma"...
	"M:"
	"%s Set Internet Explorer start page to:"...
	"M:"
	"%s Failed to set the Internet	Explorer "...
	"FT:"
	"%s Exploit FTPD is running on	port: %i,"...
	"FT:"
	"%s Server started, Port: %i, File: %s."
	"%s Exploit FTPD enabled on port: %i, th"...
	"Exploit FTPD"
	"P:"
	"P:"
	"list"
	"P:"
	"kill"
	"del"
	"P:"
	"%s Process thread."
	"%s Failed to start %s, error:	<%d>."
	"create"
	"P:"
	"%s Create process thread."
	"sec"
	"Secure thread"
	"S:"
	"[SHELL]: File	opened:	%s"
	"[SHELL]: Couldn't open file: %s"
	"Scanning"
	"Idle"
	"M:"
	"%s Status: %s. Box Uptime: %s, Bot Upti"...
	"y9r6k1q6e2"
	". Built on: Jun 28 2007."
	". Built on: Jun 28 2007."
	"y9r6k1q6e2"
	"NTVDM"
	"M:"
	"%s %s (%s)%s"
	"M:"
	"%s Bot installed on: %s."
	"SNI:"
	"%s Started packet sniffer."
	"kill"
	"k"
	"T:"
	"%s Stopped: <%d> thread(s)."
	"T:"
	"%s No	active threads found."
	"T:"
	"%s Killed thread: <%s>"
	"T:"
	"%s Failed to kill thread: <%s>"
	"T:"
	"sub"
	"T:"
	"%s Thread listing."
	"%s Failed to start %s, error:	<%d>."
	"*"
	"Remove command received from:	%s!%s@%s"
	"M:"
	"%s Slot <%i> logged out."
	"M:"
	"%s No	user logged in at slot:	<%i>"
	"M:"
	"%s Invalid login slot	number:	<%i>"
	"M:"
	"%s User %s logged out."
	" (SSL)"
	"M:"
	"%s: Current Server: %i: %s:%d%s"
	"list"
	"M:"
	"%s Server List:"
	" (SSL)"
	"%i: %s:%d%s,	%s"
	"M:"
	"%s Server List complete."
	"jump"
	"M:"
	"%s Missing parameter(s)."
	"Changing servers"
	"M:"
	"%s Invalid server."
	"M:"
	"%s Cipher text:	\"%s\""
	"M:"
	"%s You are already logged in."

sub_40CA1F(9daf):
	"10"
	"172"
	"16"
	"192"
	"168"
	"90"
	"0"

sub_40301B(a09b):
	ADVAPI32.OpenSCManagerA
	MSVCRT.sprintf
	MSVCRT.rand
	ADVAPI32.CreateServiceA
	ADVAPI32.StartServiceA
	ADVAPI32.DeleteService
	ADVAPI32.CloseServiceHandle
	ADVAPI32.OpenServiceA

	"ServicesActive"
	"%s\\%s\\%s"
	"m%d%d%d%d%d.exe"
	"NTVDM."

sub_40D88F(a1e7):
	"???"
	"%s"

sub_402272(a2f7):
	WS2_32.send

sub_411B74(a315):
	ADVAPI32.OpenSCManagerA
	ADVAPI32.OpenServiceA
	ADVAPI32.StartServiceA
	ADVAPI32.CloseServiceHandle

	"NTVDM."

sub_409824(acb8):
	"88907"
	"SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVe"...

sub_401000(ad7e):
	MSVCRT.sprintf
	MSVCRT.strncat

	"SC:"
	"%s Exploit Statistics:"
	"netapi139"
	"banner"
	" %s:	%d,"

sub_40FD9E(af92):
	MSVCRT._snprintf

	"%s\\ftp.exe"
	"%s\\dllcache\\ftp.exe"
	"%s\\microsoft\\backup.ftp"
	"%s\\tftp.exe"
	"%s\\dllcache\\tftp.exe"
	"%s\\microsoft\\backup.tftp"

sub_408DB9(b628):
	WS2_32.socket
	WS2_32.setsockopt
	WS2_32.ioctlsocket
	WS2_32.htons
	WS2_32.bind
	WS2_32.listen
	WS2_32.select
	WS2_32.__WSAFDIsSet
	WS2_32.accept
	WS2_32.send
	WS2_32.recv
	WS2_32.closesocket
	MSVCRT.sscanf
	MSVCRT.atoi

	"220 Reptile welcomes you..\r\n"
	"%s %s"
	"USER"
	"331 Password required\r\n"
	"PASS"
	"230 User logged in.\r\n"
	"SYST"
	"215 StnyFtpd\r\n"
	"REST"
	"350 Restarting.\r\n"
	"257 \"/\" is current directory.\r\n"
	"TYPE"
	"A"
	"200 Type set to A.\r\n"
	"TYPE"
	"I"
	"200 Type set to I.\r\n"
	"PASV"
	"425 Passive not supported on this serve"...
	"LIST"
	"226 Transfer complete\r\n"
	"FT:"
	"W:"
	"%s %s	LIST request from: %s"
	"FT:"
	"W:"
	"%s %s	LIST request from: %s"
	"PORT"
	"%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^\n]"...
	"RETR"
	"FT:"
	"%s Started send to IP: %s."
	"150 Opening BINARY mode data connection"...
	"226 Transfer complete.\n"
	"FT:"
	"%s File transfer complete to IP: %s, Fi"...
	"FT:"
	"%s File transfer complete to IP: %s."
	"425 Can't open data connection.\n"
	"QUIT"
	"221 Goodbye, happy rooting.\r\n"
	"503 Command not understood.\r\n"

sub_401661(bf1c):
	WS2_32.inet_ntoa

sub_41030A(bfa7):
	ADVAPI32.OpenProcessToken
	ADVAPI32.LookupPrivilegeValueA
	ADVAPI32.AdjustTokenPrivileges

	"SeDebugPrivilege"

sub_410270(c2dd):
	MSVCRT.malloc
	MSVCRT.wcsncmp
	MSVCRT.wcscpy
	MSVCRT.free

	"\\??\\"

sub_4087D2(c8a3):
	"?"
	"Cdrom"
	"Network"
	"Disk"
	"Invalid"
	"Unknown"

sub_411DB6(cc4d):
	WS2_32.getpeername
	WS2_32.gethostbyaddr
	WS2_32.inet_ntoa

sub_40F503(d743):
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegQueryValueExA
	ADVAPI32.RegCloseKey

sub_40AE62(dc05):
	"PRIVMSG %s	:%s\r\n"

sub_4132D1(dcc6):
	MSVCRT.rand
	MSVCRT.sprintf

	"%s\\removeMe%i%i%i%i.bat"
	"@echo	off\r\n:Repeat\r\ndel \"%s\">nul\r\nping "...
	"@echo	off\r\n:Repeat\r\ndel \"%s\">nul\r\nif ex"...

sub_4103D7(e16e):
	MSVCRT.wcslen
	ADVAPI32.RegCloseKey

	"%s\\trash%X"
	"\\sfc.dll"
	"\\sfc_os.dll"

sub_4097A3(e649):
	"88907"
	"SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVe"...
	"88907"
	"SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVe"...

sub_40F150(e69a):
	"REG_SZ"
	"SZ"
	"EX"
	"REG_MULTI_SZ"
	"MU"
	"REG_DWORD"
	"DW"

sub_40ABA0(ec76):
	MSVCRT.strstr

	"\r\n"

sub_401D6B(f1cc):
	"�B�B�B�B"
	"CCCC"
	"0"

sub_40D813(f677):
	ADVAPI32.AdjustTokenPrivileges

sub_401298(faf0):
	MSVCRT.sprintf

	"x"
	"0"
	"x"
	"0"
	"x"
	"0"
	"%s.%s.%s.%s"