.version 22 .entry !MAIN .type primitive(Pointer) Pointer .type primitive(U32) U32 .type primitive(Variant) Variant .type primitive(PChar) PChar .type primitive(Currency) Currency .type primitive(Extended) Extended .type primitive(Double) Double .type primitive(Single) Single .type primitive(String) String .type primitive(U32) U32_2 .type primitive(S32) S32 .type primitive(S16) S16 .type primitive(U16) U16 .type primitive(S8) S8 .type primitive(Char) Char .type primitive(U32) U32_3 .type(export) primitive(U8) BOOLEAN .type primitive(U8) U8 .type(export) class(TWIZARDFORM) TWIZARDFORM .type(export) class(TPASSWORDEDIT) TPASSWORDEDIT .type array(Char,4,0) Type20 .type array(Char,4,0) Type21 .global String Global0 .global BOOLEAN Global1 .function(export) void !MAIN() ret .function(import) external dll("kernel32.dll","CreateFileA") __stdcall void kernel32.dll!CreateFileA(__out __unknown,__in __unknown,__in __unknown,__in __unknown,__in __unknown,__in __unknown,__in __unknown,__in __unknown) .function(import) external dll("kernel32.dll","WriteFile") __stdcall void kernel32.dll!WriteFile(__out __unknown,__in __unknown,__in __unknown,__in __unknown,__in __unknown,__in __unknown) .function(import) external dll("kernel32.dll","CloseHandle") __stdcall void kernel32.dll!CloseHandle(__out __unknown,__in __unknown) .function(import) external dll("kernel32.dll","ExitProcess") __stdcall void kernel32.dll!ExitProcess(__out __unknown,__in __unknown) .function(import) external dll("User32.dll","GetSystemMetrics") __stdcall void User32.dll!GetSystemMetrics(__out __unknown,__in __unknown) .function(import) external dll("kernel32.dll","GetTickCount") __stdcall void kernel32.dll!GetTickCount(__out __unknown) .function(export) BOOLEAN INITIALIZESETUP() pushtype U32_2 ; StackCount = 1 pushtype U32_2 ; StackCount = 2 pushtype U32_2 ; StackCount = 3 pushtype BOOLEAN ; StackCount = 4 assign Var1, S32(14) assign Var2, S32(10) assign Var3, S32(0) pushtype String ; StackCount = 5 assign Var5, String("path") pushvar Global0 ; StackCount = 6 call GETENV pop ; StackCount = 5 pop ; StackCount = 4 pushtype BOOLEAN ; StackCount = 5 pushtype S32 ; StackCount = 6 pushtype String ; StackCount = 7 assign Var7, String("{97A21FA3-7FD8-4808-9A05-BD2914FA36A5}") pushvar Var6 ; StackCount = 8 call FINDWINDOWBYCLASSNAME pop ; StackCount = 7 pop ; StackCount = 6 eq Var5, Var6, S32(0) pop ; StackCount = 5 sfz Var5 pop ; StackCount = 4 jf loc_2a4 starteh null, loc_25a, null, loc_2a4 assign Global0, String("B2FD6140898A5B3A") pushtype BOOLEAN ; StackCount = 5 pushtype String ; StackCount = 6 assign Var6, Global0 pushvar Var5 ; StackCount = 7 call CHECKFORMUTEXES pop ; StackCount = 6 pop ; StackCount = 5 sfz Var5 pop ; StackCount = 4 jf loc_19c pushtype S32 ; StackCount = 5 pushvar Var5 ; StackCount = 6 call GETUILANGUAGE pop ; StackCount = 5 assign Var3, Var5 pop ; StackCount = 4 pushtype BOOLEAN ; StackCount = 5 pushtype S32 ; StackCount = 6 assign Var6, Var3 pushvar Var5 ; StackCount = 7 call FREEDLL pop ; StackCount = 6 pop ; StackCount = 5 pop ; StackCount = 4 pushtype S32 ; StackCount = 5 pushtype S32 ; StackCount = 6 assign Var6, Var3 pushvar Var5 ; StackCount = 7 call kernel32.dll!ExitProcess pop ; StackCount = 6 pop ; StackCount = 5 pop ; StackCount = 4 loc_19c: pushtype S32 ; StackCount = 5 pushvar Var5 ; StackCount = 6 call kernel32.dll!GetTickCount pop ; StackCount = 5 assign Var1, Var5 pop ; StackCount = 4 assign Var3, Var2 pushtype S32 ; StackCount = 5 pushtype S32 ; StackCount = 6 assign Var6, S32(44) pushvar Var5 ; StackCount = 7 call User32.dll!GetSystemMetrics pop ; StackCount = 6 pop ; StackCount = 5 div Var3, Var5 pop ; StackCount = 4 pushtype S32 ; StackCount = 5 assign Var5, Var3 pushvar Var4 ; StackCount = 6 call FREEDLL pop ; StackCount = 5 pop ; StackCount = 4 pushtype BOOLEAN ; StackCount = 5 assign Var5, Var4 sfz Var5 pop ; StackCount = 4 jf loc_258 pushtype S32 ; StackCount = 5 pushtype S32 ; StackCount = 6 assign Var6, S32(255) pushvar Var5 ; StackCount = 7 call kernel32.dll!ExitProcess pop ; StackCount = 6 pop ; StackCount = 5 pop ; StackCount = 4 loc_258: endtry loc_25a: pushtype S32 ; StackCount = 5 pushvar Var5 ; StackCount = 6 call kernel32.dll!GetTickCount pop ; StackCount = 5 assign Var3, Var5 pop ; StackCount = 4 assign Global0, String("2FD61B4A098A85B3") assign Global1, BOOLEAN(1) endcatch loc_2a4: pushtype BOOLEAN ; StackCount = 5 lt Var5, Var3, Var1 sfz Var5 pop ; StackCount = 4 jf loc_2d8 assign RetVal, BOOLEAN(0) jump loc_2e4 loc_2d8: assign RetVal, BOOLEAN(1) loc_2e4: ret .function(import) external internal returnsval GETENV(__in __unknown) .function(import) external internal returnsval FINDWINDOWBYCLASSNAME(__in __unknown) .function(import) external internal returnsval CHECKFORMUTEXES(__in __unknown) .function(import) external internal returnsval GETUILANGUAGE() .function(import) external internal returnsval FREEDLL(__in __unknown) .function(export) void INITIALIZEWIZARD() pushtype BOOLEAN ; StackCount = 1 assign Var1, BOOLEAN(0) pushtype TPASSWORDEDIT ; StackCount = 2 pushtype TWIZARDFORM ; StackCount = 3 pushvar Var3 ; StackCount = 4 call WIZARDFORM pop ; StackCount = 3 pushvar Var2 ; StackCount = 4 call TWIZARDFORM->PASSWORDEDIT pop ; StackCount = 3 pop ; StackCount = 2 call TCONTROL->VISIBLE pop ; StackCount = 1 pop ; StackCount = 0 pushtype String ; StackCount = 1 assign Var1, Global0 pushtype TPASSWORDEDIT ; StackCount = 2 pushtype TWIZARDFORM ; StackCount = 3 pushvar Var3 ; StackCount = 4 call WIZARDFORM pop ; StackCount = 3 pushvar Var2 ; StackCount = 4 call TWIZARDFORM->PASSWORDEDIT pop ; StackCount = 3 pop ; StackCount = 2 call TPASSWORDEDIT->TEXT pop ; StackCount = 1 pop ; StackCount = 0 ret .function(import) external internal returnsval WIZARDFORM() .function(import) external class(TWIZARDFORM, PASSWORDEDIT) __pascal void TWIZARDFORM->PASSWORDEDIT(__in __unknown,__in __unknown) .function(import) external class(TCONTROL, VISIBLE, property) __pascal void TCONTROL->VISIBLE(__in __unknown,__in __unknown) .function(import) external class(TPASSWORDEDIT, TEXT, property) __pascal void TPASSWORDEDIT->TEXT(__in __unknown,__in __unknown) .function(export) String UNDELETEMYFILESPROOPEN(__in String Arg1) pushtype String ; StackCount = 1 pushtype U32_2 ; StackCount = 2 pushtype S32 ; StackCount = 3 assign Var3, S32(3) pushvar Var1 ; StackCount = 4 call PARAMSTR pop ; StackCount = 3 pop ; StackCount = 2 pushtype String ; StackCount = 3 assign Var3, Var1 pushvar Var1 ; StackCount = 4 call EXTRACTFILENAME pop ; StackCount = 3 pop ; StackCount = 2 add Var1, String("....") pushtype S32 ; StackCount = 3 pushtype String ; StackCount = 4 assign Var4, Var1 pushtype String ; StackCount = 5 assign Var5, String("....") pushvar Var3 ; StackCount = 6 call POS pop ; StackCount = 5 pop ; StackCount = 4 pop ; StackCount = 3 assign Var2, Var3 pop ; StackCount = 2 pushtype S32 ; StackCount = 3 assign Var3, S32(8) pushtype S32 ; StackCount = 4 assign Var4, Var2 sub Var4, S32(4) pushtype Pointer ; StackCount = 5 setptr Var5, Var1 call DELETE pop ; StackCount = 4 pop ; StackCount = 3 pop ; StackCount = 2 add Var1, String(".exe") pushtype String ; StackCount = 3 assign Var3, Var1 pushvar RetVal ; StackCount = 4 call GETMD5OFSTRING pop ; StackCount = 3 pop ; StackCount = 2 ret .function(import) external internal returnsval PARAMSTR(__in __unknown) .function(import) external internal returnsval EXTRACTFILENAME(__in __unknown) .function(import) external internal returnsval POS(__in __unknown,__in __unknown) .function(import) external internal void DELETE(__out __unknown,__in __unknown,__in __unknown) .function(import) external internal returnsval GETMD5OFSTRING(__in __unknown) .function(export) BOOLEAN UNDELETEMYFILESPROINSTALL(__in String Arg1) pushtype S32 ; StackCount = 1 pushtype Type20 ; StackCount = 2 pushtype Type21 ; StackCount = 3 pushtype BOOLEAN ; StackCount = 4 assign Var4, Global1 sfz Var4 pop ; StackCount = 3 jf loc_193 pushtype U32_2 ; StackCount = 4 pushtype U32_2 ; StackCount = 5 assign Var5, S32(0) pushtype U32_2 ; StackCount = 6 assign Var6, S32(32) pushtype U32_2 ; StackCount = 7 assign Var7, S32(3) pushtype U32_2 ; StackCount = 8 assign Var8, S32(0) pushtype U32_2 ; StackCount = 9 assign Var9, S32(0) pushtype U32_2 ; StackCount = 10 assign Var10, S32(1073741824) pushtype String ; StackCount = 11 assign Var11, Arg1 pushvar Var4 ; StackCount = 12 call kernel32.dll!CreateFileA pop ; StackCount = 11 pop ; StackCount = 10 pop ; StackCount = 9 pop ; StackCount = 8 pop ; StackCount = 7 pop ; StackCount = 6 pop ; StackCount = 5 pop ; StackCount = 4 assign Var1, Var4 pop ; StackCount = 3 assign Var2[0], Char("M") pushtype BOOLEAN ; StackCount = 4 pushtype U32_2 ; StackCount = 5 assign Var5, S32(0) pushtype String ; StackCount = 6 assign Var6, Var3[0] pushtype U32_2 ; StackCount = 7 assign Var7, S32(1) pushtype String ; StackCount = 8 assign Var8, Var2[0] pushtype U32_2 ; StackCount = 9 assign Var9, Var1 pushvar Var4 ; StackCount = 10 call kernel32.dll!WriteFile pop ; StackCount = 9 pop ; StackCount = 8 pop ; StackCount = 7 pop ; StackCount = 6 pop ; StackCount = 5 pop ; StackCount = 4 pop ; StackCount = 3 pushtype BOOLEAN ; StackCount = 4 pushtype U32_2 ; StackCount = 5 assign Var5, Var1 pushvar Var4 ; StackCount = 6 call kernel32.dll!CloseHandle pop ; StackCount = 5 pop ; StackCount = 4 pop ; StackCount = 3 assign RetVal, BOOLEAN(1) jump loc_1b6 loc_193: pushtype S32 ; StackCount = 4 pushtype S32 ; StackCount = 5 assign Var5, Var1 pushvar Var4 ; StackCount = 6 call kernel32.dll!ExitProcess pop ; StackCount = 5 pop ; StackCount = 4 pop ; StackCount = 3 loc_1b6: ret .function(export) void UNDELETEMYFILESPROCLOSE() pushtype S32 ; StackCount = 1 pushtype S32 ; StackCount = 2 assign Var2, S32(0) pushvar Var1 ; StackCount = 3 call kernel32.dll!ExitProcess pop ; StackCount = 2 pop ; StackCount = 1 pop ; StackCount = 0 ret