sub_outside():
	WS2_32.send
	KERNEL32.Sleep
	KERNEL32.InterlockedIncrement
	WS2_32.shutdown
	WS2_32.closesocket
	KERNEL32.ExitThread
	KERNEL32.GetModuleHandleA
	WS2_32.WSAStartup
	KERNEL32.GetCommandLineA
	MSVCRT.strstr
	KERNEL32.DeleteFileA
	NTDLL.RtlGetLastWin32Error
	KERNEL32.ExitProcess
	ADVAPI32.AbortSystemShutdownA
	WININET.InternetGetConnectedState
	WS2_32.htons

sub_402A30(0038):
	KERNEL32.GetTickCount
	MSVCRT.srand

sub_4015F0(0059):
	WS2_32.socket
	WS2_32.htons
	WS2_32.bind
	WS2_32.listen
	WS2_32.accept
	KERNEL32.CreateEventA
	KERNEL32.CreateThread
	KERNEL32.CloseHandle
	KERNEL32.WaitForSingleObject

sub_4020A0(0770):
	MSVCRT.strstr
	KERNEL32.lstrlen
	KERNEL32.lstrcpyn
	USER32.wsprintfA
	WS2_32.send

	"PING"
	"PONG%s\r\n"

sub_4011F0(15b9):
	ADVAPI32.CryptDestroyKey
	ADVAPI32.CryptReleaseContext

sub_403610(2b5c):
	KERNEL32.GetModuleFileNameA
	KERNEL32.lstrcmpi

	"SysTray"
	"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
	"1"
	"Client"
	"Software\\Microsoft\\Wireless"
	"Client"
	"Software\\Microsoft\\Wireless"
	"Client"
	"Software\\Microsoft\\Wireless"

sub_402400(2bc9):
	KERNEL32.lstrlen
	USER32.wsprintfA
	KERNEL32.Sleep
	WS2_32.send

	"PRIVMSG %s	%s\r\n"

sub_401530(2cfd):
	KERNEL32.SetEvent
	WS2_32.recv
	WS2_32.closesocket
	KERNEL32.ExitThread

sub_402C60(2e4f):
	KERNEL32.GetModuleFileNameA
	KERNEL32.CreateFileA
	KERNEL32.ExitThread
	KERNEL32.GetFileSize
	KERNEL32.ReadFile
	KERNEL32.CloseHandle
	WS2_32.socket
	MSVCRT.rand
	WS2_32.htons
	WS2_32.bind
	WS2_32.listen
	WS2_32.accept

sub_402710(3d03):
	WININET.InternetOpenA
	KERNEL32.GetSystemDirectoryA
	KERNEL32.lstrcat
	KERNEL32.lstrlen
	KERNEL32.CreateFileA
	WININET.InternetOpenUrlA
	KERNEL32.CloseHandle
	WININET.InternetReadFile
	KERNEL32.WriteFile

	"Mozilla/4.0 (compatible; MSIE	6.0; Wind"...
	"\\"
	".exe"

sub_402AB0(420a):
	MSVCRT.rand

sub_402130(4537):
	USER32.wsprintfA
	KERNEL32.Sleep
	KERNEL32.lstrlen
	WS2_32.send
	WS2_32.recv
	MSVCRT.strstr
	KERNEL32.lstrcpyn

	"JOIN	%s\r\n"
	"451"
	"PING"

sub_403300(4c6f):
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegQueryValueExA
	ADVAPI32.RegCloseKey

sub_401CA0(50da):
	MSVCRT.strchr

	"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
	"abcdefghijklmnopqrstuvwxyz"

sub_402240(6885):
	MSVCRT.rand
	USER32.wsprintfA
	KERNEL32.lstrlen
	WS2_32.send
	WS2_32.closesocket

	"QUIT	%s\r\n"

sub_403710(6922):
	KERNEL32.VirtualAlloc

sub_402A70(6e9f):
	KERNEL32.CreateMutexA

sub_403730(6e9f):
	KERNEL32.VirtualFree

sub_402BA0(6f7a):
	WS2_32.WSAGetLastError
	WS2_32.gethostbyname

sub_403530(75a6):
	KERNEL32.DeleteFileA
	KERNEL32.GetSystemDirectoryA
	MSVCRT.rand
	KERNEL32.lstrcat
	KERNEL32.CopyFileA
	KERNEL32.lstrlen
	KERNEL32.CloseHandle
	KERNEL32.WinExec
	KERNEL32.Sleep
	KERNEL32.ExitProcess

	".exe"
	"\\"
	"SysTray"
	"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...

sub_401350(7fb1):
	KERNEL32.GetSystemDirectoryA
	KERNEL32.SetCurrentDirectoryA
	KERNEL32.lstrcpyn
	KERNEL32.CreateFileA
	WS2_32.send
	WS2_32.recv
	KERNEL32.WriteFile
	KERNEL32.CloseHandle

sub_4032C0(818b):
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegDeleteValueA
	ADVAPI32.RegCloseKey

sub_402BF0(81da):
	WININET.InternetGetConnectedState

sub_402490(8352):
	KERNEL32.GetSystemTime
	MSVCRT.srand
	MSVCRT.rand

sub_4022B0(88c3):
	KERNEL32.GetTickCount
	WS2_32.select
	WS2_32.closesocket
	WS2_32.recv
	KERNEL32.Sleep

sub_401170(91be):
	KERNEL32.lstrcpy

	"cont"

sub_402B60(92b0):
	WS2_32.inet_addr
	WS2_32.gethostbyname

sub_401DE0(97e3):
	KERNEL32.lstrcpyn

sub_402EE0(a8b6):
	MSVCRT.rand
	WS2_32.socket
	WS2_32.htonl
	WS2_32.htons
	WS2_32.bind
	WS2_32.listen
	WS2_32.accept
	KERNEL32.Sleep
	WS2_32.recv
	WS2_32.closesocket
	WS2_32.send

	" : USERID : UNIX : "
	"\r\n"

sub_403140(aa70):
	MSVCRT.rand
	KERNEL32.InterlockedIncrement
	KERNEL32.Sleep
	KERNEL32.ExitThread

sub_4033F0(b31e):
	KERNEL32.lstrlen
	KERNEL32.CreateToolhelp32Snapshot
	KERNEL32.Process32First
	MSVCRT.strstr
	KERNEL32.OpenProcess
	KERNEL32.TerminateProcess
	KERNEL32.Process32Next

sub_403380(b427):
	ADVAPI32.RegCreateKeyExA
	ADVAPI32.RegSetValueExA
	ADVAPI32.RegCloseKey

sub_402AF0(bd0b):
	KERNEL32.CreateProcessA
	KERNEL32.CloseHandle

sub_402A80(c7c9):
	KERNEL32.CreateThread
	KERNEL32.CloseHandle

sub_4030E0(d075):
	MSVCRT.rand
	KERNEL32.Sleep

sub_402850(d503):
	MSVCRT.strstr
	KERNEL32.GetTickCount
	KERNEL32.lstrlen
	MSVCRT.strchr
	KERNEL32.lstrcmp
	KERNEL32.lstrcpy
	KERNEL32.lstrcat
	USER32.wsprintfA
	KERNEL32.ExitProcess
	MSVCRT.rand

	"e"
	"|"
	"-1"
	"i"
	"%d,%d,7"
	"q"
	"JOIN"

sub_4016F0(d83c):
	WS2_32.socket
	WS2_32.inet_ntoa
	KERNEL32.lstrcpyn
	USER32.wsprintfA
	WS2_32.htons
	WS2_32.connect
	KERNEL32.Sleep
	WS2_32.send
	WS2_32.recv
	KERNEL32.lstrlen
	WS2_32.shutdown
	WS2_32.closesocket

sub_401E20(ddfc):
	WS2_32.socket
	WS2_32.htons
	WS2_32.connect
	WS2_32.recv
	USER32.wsprintfA
	KERNEL32.Sleep
	KERNEL32.lstrlen
	WS2_32.send
	MSVCRT.strstr
	WS2_32.closesocket

	"PASS	%s\r\n"
	"NICK	%s\r\n"
	"already"
	"NICK	%s\r\n"
	"already"
	"USER	%s 8 * :%s\r\n"

sub_401210(e415):
	KERNEL32.GetSystemTime
	KERNEL32.SystemTimeToFileTime
	WS2_32.recv
	ADVAPI32.CryptCreateHash
	ADVAPI32.CryptHashData
	ADVAPI32.CryptVerifySignatureA
	NTDLL.RtlGetLastWin32Error
	ADVAPI32.CryptDestroyHash
	MSVCRT.rand
	WS2_32.send

sub_402500(e42f):
	MSVCRT.rand
	KERNEL32.lstrcat
	KERNEL32.Sleep
	KERNEL32.lstrlen

	"_"
	"7"

sub_4034A0(e4da):
	"Windows Security Manager"
	"avserve.exe"
	"avserve2.exe"
	"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
	"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...

sub_401190(e564):
	ADVAPI32.CryptAcquireContextA
	ADVAPI32.CryptImportKey

sub_4023E1(faad):
	WS2_32.closesocket