Code:
"
ÀNtQuerySystemInformation
76A6388F ³. 3BC3 CMP EAX,EBX
76A63891 ³.7D 15 JGE SHORT 3ba1ea5.76A638A8
76A63893 ³> 50 PUSH EAX
76A63894 ³. FF15 E410A676 CALL DWORD PTR DS:[<&ntdll.RtlNtStatusTo>; ntdll.RtlNtStatusToDosError
76A6389A ³. 50 PUSH EAX ; ÚError
76A6389B ³. FF15 5810A676 CALL DWORD PTR DS:[<&KERNEL32.SetLastErr>; ÀSetLastError
76A638A1 ³. 33C0 XOR EAX,EAX
76A638A3 ³.E9 1A010000 JMP 3ba1ea5.76A639C2
76A638A8 ³> 57 PUSH EDI
76A638A9 ³. BF 00100000 MOV EDI,1000
76A638AE ³. 57 PUSH EDI
76A638AF ³. 53 PUSH EBX
76A638B0 ³. 8B1D 6010A676 MOV EBX,DWORD PTR DS:[<&KERNEL32.LocalAl>; kernel32.LocalAlloc
76A638B6 ³. 897D 0C MOV DWORD PTR SS:[EBP+C],EDI
76A638B9 ³.EB 40 JMP SHORT 3ba1ea5.76A638FB
76A638BB ³> 8D45 FC ÚLEA EAX,DWORD PTR SS:[EBP-4]
76A638BE ³. 50 ³PUSH EAX
76A638BF ³. FF75 0C ³PUSH DWORD PTR SS:[EBP+C]
76A638C2 ³. FF75 F8 ³PUSH DWORD PTR SS:[EBP-8]
76A638C5 ³. 6A 05 ³PUSH 5
76A638C7 ³. FFD6 ³CALL ESI
76A638C9 ³. 85C0 ³TEST EAX,EAX
76A638CB ³. 8945 F4 ³MOV DWORD PTR SS:[EBP-C],EAX
76A638CE ³.7D 3E ³JGE SHORT 3ba1ea5.76A6390E
76A638D0 ³. FF75 F8 ³PUSH DWORD PTR SS:[EBP-8] ; ÚhMemory
76A638D3 ³. FF15 5C10A676 ³CALL DWORD PTR DS:[<&KERNEL32.LocalFree>; ÀLocalFree
76A638D9 ³. 817D F4 040000>³CMP DWORD PTR SS:[EBP-C],C0000004
76A638E0 ³.0F85 C9000000 ³JNZ 3ba1ea5.76A639AF
76A638E6 ³. 8B45 FC ³MOV EAX,DWORD PTR SS:[EBP-4]
76A638E9 ³. 3B45 0C ³CMP EAX,DWORD PTR SS:[EBP+C]
76A638EC ³.76 05 ³JBE SHORT 3ba1ea5.76A638F3
76A638EE ³. 8945 0C ³MOV DWORD PTR SS:[EBP+C],EAX
76A638F1 ³.EB 03 ³JMP SHORT 3ba1ea5.76A638F6
76A638F3 ³> 017D 0C ³ADD DWORD PTR SS:[EBP+C],EDI
76A638F6 ³> FF75 0C ³PUSH DWORD PTR SS:[EBP+C]
76A638F9 ³. 6A 00 ³PUSH 0
76A638FB ³> FFD3 CALL EBX
76A638FD ³. 85C0 ³TEST EAX,EAX
76A638FF ³. 8945 F8 ³MOV DWORD PTR SS:[EBP-8],EAX
76A63902 ³.75 B7 ÀJNZ SHORT 3ba1ea5.76A638BB
76A63904 ³. 68 9A0000C0 PUSH C000009A
76A63909 ³.E9 A4000000 JMP 3ba1ea5.76A639B2
76A6390E ³> 8365 0C 00 AND DWORD PTR SS:[EBP+C],0
76A63912 ³. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
76A63915 ³. 33F6 XOR ESI,ESI
76A63917 ³. 33FF XOR EDI,EDI
76A63919 ³. B9 B8000000 MOV ECX,0B8
76A6391E ³.EB 19 JMP SHORT 3ba1ea5.76A63939
76A63920 ³> 8B10 ÚMOV EDX,DWORD PTR DS:[EAX]
76A63922 ³. FF45 0C ³INC DWORD PTR SS:[EBP+C]
76A63925 ³. 0370 04 ³ADD ESI,DWORD PTR DS:[EAX+4]
76A63928 ³. 0378 4C ³ADD EDI,DWORD PTR DS:[EAX+4C]
76A6392B ³. 85D2 ³TEST EDX,EDX
76A6392D ³.74 0F ³JE SHORT 3ba1ea5.76A6393E
76A6392F ³. 3B55 FC ³CMP EDX,DWORD PTR SS:[EBP-4]
76A63932 ³.77 0A ³JA SHORT 3ba1ea5.76A6393E
76A63934 ³. 2955 FC ³SUB DWORD PTR SS:[EBP-4],EDX
76A63937 ³. 0300 ³ADD EAX,DWORD PTR DS:[EAX]
76A63939 ³> 394D FC CMP DWORD PTR SS:[EBP-4],ECX
76A6393C ³.77 E2 ÀJA SHORT 3ba1ea5.76A63920
76A6393E ³> FF75 F8 PUSH DWORD PTR SS:[EBP-8] ; ÚhMemory
76A63941 ³. FF15 5C10A676 CALL DWORD PTR DS:[<&KERNEL32.LocalFree>>; ÀLocalFree
76A63947 ³. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
76A6394A ³. 8B8D 9CFEFFFF MOV ECX,DWORD PTR SS:[EBP-164]
76A63950 ³. 8B95 DCFEFFFF MOV EDX,DWORD PTR SS:[EBP-124]
76A63956 ³. 8948 04 MOV DWORD PTR DS:[EAX+4],ECX
76A63959 ³. 8B8D A0FEFFFF MOV ECX,DWORD PTR SS:[EBP-160]
76A6395F ³. 8948 08 MOV DWORD PTR DS:[EAX+8],ECX
76A63962 ³. 8B8D A4FEFFFF MOV ECX,DWORD PTR SS:[EBP-15C]
76A63968 ³. 8948 0C MOV DWORD PTR DS:[EAX+C],ECX
76A6396B ³. 8B4D D4 MOV ECX,DWORD PTR SS:[EBP-2C]
76A6396E ³. 8948 10 MOV DWORD PTR DS:[EAX+10],ECX
76A63971 ³. 8B8D 98FEFFFF MOV ECX,DWORD PTR SS:[EBP-168]
76A63977 ³. 8948 14 MOV DWORD PTR DS:[EAX+14],ECX
76A6397A ³. 8B4D B8 MOV ECX,DWORD PTR SS:[EBP-48]
76A6397D ³. 8948 18 MOV DWORD PTR DS:[EAX+18],ECX
76A63980 ³. 8B8D E0FEFFFF MOV ECX,DWORD PTR SS:[EBP-120]
76A63986 ³. 8948 24 MOV DWORD PTR DS:[EAX+24],ECX
76A63989 ³. 8D1C11 LEA EBX,DWORD PTR DS:[ECX+EDX]
76A6398C ³. 8B4D D0 MOV ECX,DWORD PTR SS:[EBP-30]
76A6398F ³. 8948 28 MOV DWORD PTR DS:[EAX+28],ECX
76A63992 ³. 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+C]
76A63995 ³. C700 38000000 MOV DWORD PTR DS:[EAX],38
76A6399B ³. 8958 1C MOV DWORD PTR DS:[EAX+1C],EBX
76A6399E ³. 8950 20 MOV DWORD PTR DS:[EAX+20],EDX
76A639A1 ³. 8978 2C MOV DWORD PTR DS:[EAX+2C],EDI
76A639A4 ³. 8948 30 MOV DWORD PTR DS:[EAX+30],ECX
76A639A7 ³. 8970 34 MOV DWORD PTR DS:[EAX+34],ESI
76A639AA ³. 33C0 XOR EAX,EAX
76A639AC ³. 40 INC EAX
76A639AD ³.EB 12 JMP SHORT 3ba1ea5.76A639C1
76A639AF ³> FF75 F4 PUSH DWORD PTR SS:[EBP-C]
76A639B2 ³> FF15 E410A676 CALL DWORD PTR DS:[<&ntdll.RtlNtStatusTo>; ntdll.RtlNtStatusToDosError
76A639B8 ³. 50 PUSH EAX ; ÚError
76A639B9 ³. FF15 5810A676 CALL DWORD PTR DS:[<&KERNEL32.SetLastErr>; ÀSetLastError
76A639BF ³. 33C0 XOR EAX,EAX
76A639C1 ³> 5F POP EDI
76A639C2 ³> 5E POP ESI
76A639C3 ³. 5B POP EBX
76A639C4 ³> C9 LEAVE
76A639C5 À. C2 0800 RETN 8
76A639C8 CC INT3
76A639C9 CC INT3
76A639CA CC INT3
76A639CB CC INT3
76A639CC CC INT3
76A639CD >Ú$ 8BFF MOV EDI,EDI
76A639CF ³. 55 PUSH EBP
76A639D0 ³. 8BEC MOV EBP,ESP
76A639D2 ³. 83EC 20 SUB ESP,20
76A639D5 ³. 53 PUSH EBX
76A639D6 ³. 56 PUSH ESI
76A639D7 ³. 57 PUSH EDI
76A639D8 ³. 8B3D 6010A676 MOV EDI,DWORD PTR DS:[<&KERNEL32.LocalAl>; kernel32.LocalAlloc
76A639DE ³. BE 00100000 MOV ESI,1000
76A639E3 ³. 8BDE MOV EBX,ESI
76A639E5 ³. 56 PUSH ESI
76A639E6 ³.EB 3A JMP SHORT 3ba1ea5.76A63A22
76A639E8 ³> 8D45 FC ÚLEA EAX,DWORD PTR SS:[EBP-4]
76A639EB ³. 50 ³PUSH EAX ; ÚpReqsize
76A639EC ³. 53 ³PUSH EBX ; ³Bufsize
76A639ED ³. FF75 F8 ³PUSH DWORD PTR SS:[EBP-8] ; ³Buffer
76A639F0 ³. 6A 12 ³PUSH 12 ; ³InfoType = SystemPageFileInformation
76A639F2 ³. FF15 E010A676 ³CALL DWORD PTR DS:[<&ntdll.NtQuerySyste>; ÀZwQuerySystemInformation
76A639F8 ³. 85C0 ³TEST EAX,EAX
76A639FA ³. 8945 F4 ³MOV DWORD PTR SS:[EBP-C],EAX
76A639FD ³.7D 35 ³JGE SHORT 3ba1ea5.76A63A34
76A639FF ³. FF75 F8 ³PUSH DWORD PTR SS:[EBP-8] ; ÚhMemory
76A63A02 ³. FF15 5C10A676 ³CALL DWORD PTR DS:[<&KERNEL32.LocalFree>; ÀLocalFree
76A63A08 ³. 817D F4 040000>³CMP DWORD PTR SS:[EBP-C],C0000004
76A63A0F ³.0F85 89000000 ³JNZ 3ba1ea5.76A63A9E
76A63A15 ³. 395D FC ³CMP DWORD PTR SS:[EBP-4],EBX
76A63A18 ³.76 05 ³JBE SHORT 3ba1ea5.76A63A1F
76A63A1A ³. 8B5D FC ³MOV EBX,DWORD PTR SS:[EBP-4]
76A63A1D ³.EB 02 ³JMP SHORT 3ba1ea5.76A63A21
76A63A1F ³> 03DE ³ADD EBX,ESI
76A63A21 ³> 53 ³PUSH EBX
76A63A22 ³> 6A 00 PUSH 0
76A63A24 ³. FFD7 ³CALL EDI
76A63A26 ³. 85C0 ³TEST EAX,EAX
76A63A28 ³. 8945 F8 ³MOV DWORD PTR SS:[EBP-8],EAX
76A63A2B ³.75 BB ÀJNZ SHORT 3ba1ea5.76A639E8
76A63A2D ³. 68 9A0000C0 PUSH C000009A
76A63A32 ³.EB 6D JMP SHORT 3ba1ea5.76A63AA1
76A63A34 ³> 8B75 F8 MOV ESI,DWORD PTR SS:[EBP-8]
76A63A37 ³.EB 51 JMP SHORT 3ba1ea5.76A63A8A
76A63A39 ³> 8365 E4 00 ÚAND DWORD PTR SS:[EBP-1C],0
76A63A3D ³. C745 E0 140000>³MOV DWORD PTR SS:[EBP-20],14
76A63A44 ³. 8B46 04 ³MOV EAX,DWORD PTR DS:[ESI+4]
76A63A47 ³. 8945 E8 ³MOV DWORD PTR SS:[EBP-18],EAX
76A63A4A ³. 8B46 08 ³MOV EAX,DWORD PTR DS:[ESI+8]
76A63A4D ³. 8945 EC ³MOV DWORD PTR SS:[EBP-14],EAX
76A63A50 ³. 8B46 0C ³MOV EAX,DWORD PTR DS:[ESI+C]
76A63A53 ³. 8945 F0 ³MOV DWORD PTR SS:[EBP-10],EAX
76A63A56 ³. 6A 3A ³PUSH 3A ; Úw = 003A (':')
76A63A58 ³. FF76 14 ³PUSH DWORD PTR DS:[ESI+14] ; ³wstr
76A63A5B ³. FF15 9810A676 ³CALL DWORD PTR DS:[<&ntdll.wcschr>] ; Àwcschr
76A63A61 ³. 85C0 ³TEST EAX,EAX
76A63A63 ³. 59 ³POP ECX
76A63A64 ³. 59 ³POP ECX
76A63A65 ³.74 13 ³JE SHORT 3ba1ea5.76A63A7A
76A63A67 ³. 3B46 14 ³CMP EAX,DWORD PTR DS:[ESI+14]
76A63A6A ³.76 0E ³JBE SHORT 3ba1ea5.76A63A7A
76A63A6C ³. 83C0 FE ³ADD EAX,-2
76A63A6F ³. 50 ³PUSH EAX
76A63A70 ³. 8D45 E0 ³LEA EAX,DWORD PTR SS:[EBP-20]
76A63A73 ³. 50 ³PUSH EAX
76A63A74 ³. FF75 0C ³PUSH DWORD PTR SS:[EBP+C]
76A63A77 ³. FF55 08 ³CALL DWORD PTR SS:[EBP+8]
76A63A7A ³> 8B06 ³MOV EAX,DWORD PTR DS:[ESI]
76A63A7C ³. 85C0 ³TEST EAX,EAX
76A63A7E ³.74 10 ³JE SHORT 3ba1ea5.76A63A90
76A63A80 ³. 3B45 FC ³CMP EAX,DWORD PTR SS:[EBP-4]
76A63A83 ³.77 0B ³JA SHORT 3ba1ea5.76A63A90
76A63A85 ³. 2945 FC ³SUB DWORD PTR SS:[EBP-4],EAX
76A63A88 ³. 0336 ³ADD ESI,DWORD PTR DS:[ESI]
76A63A8A ³> 837D FC 18 CMP DWORD PTR SS:[EBP-4],18
76A63A8E ³.77 A9 ÀJA SHORT 3ba1ea5.76A63A39
76A63A90 ³> FF75 F8 PUSH DWORD PTR SS:[EBP-8] ; ÚhMemory
76A63A93 ³. FF15 5C10A676 CALL DWORD PTR DS:[<&KERNEL32.LocalFree>>; ÀLocalFree
76A63A99 ³. 33C0 XOR EAX,EAX
76A63A9B ³. 40 INC EAX
76A63A9C ³.EB 12 JMP SHORT 3ba1ea5.76A63AB0
76A63A9E ³> FF75 F4 PUSH DWORD PTR SS:[EBP-C]
76A63AA1 ³> FF15 E410A676 CALL DWORD PTR DS:[<&ntdll.RtlNtStatusTo>; ntdll.RtlNtStatusToDosError
76A63AA7 ³. 50 PUSH EAX ; ÚError
76A63AA8 ³. FF15 5810A676 CALL DWORD PTR DS:[<&KERNEL32.SetLastErr>; ÀSetLastError
76A63AAE ³. 33C0 XOR EAX,EAX
76A63AB0 ³> 5F POP EDI
76A63AB1 ³. 5E POP ESI
76A63AB2 ³. 5B POP EBX
76A63AB3 ³. C9 LEAVE
76A63AB4 À. C2 0800 RETN 8
76A63AB7 CC INT3
76A63AB8 CC INT3
76A63AB9 CC INT3
76A63ABA CC INT3
76A63ABB CC INT3
76A63ABC 8BFF MOV EDI,EDI
76A63ABE Ú. 55 PUSH EBP
76A63ABF ³. 8BEC MOV EBP,ESP
76A63AC1 ³. 53 PUSH EBX
76A63AC2 ³. 56 PUSH ESI
76A63AC3 ³. 57 PUSH EDI
76A63AC4 ³. FF75 10 PUSH DWORD PTR SS:[EBP+10] ; Ús
76A63AC7 ³. FF15 9410A676 CALL DWORD PTR DS:[<&ntdll.wcslen>] ; Àwcslen
76A63ACD ³. 8BF0 MOV ESI,EAX
76A63ACF ³. 59 POP ECX
76A63AD0 ³. 46 INC ESI
76A63AD1 ³. 56 PUSH ESI ; ÚSize
76A63AD2 ³. 33FF XOR EDI,EDI ; ³
76A63AD4 ³. 57 PUSH EDI ; ³Flags => LMEM_FIXED
76A63AD5 ³. FF15 6010A676 CALL DWORD PTR DS:[<&KERNEL32.LocalAlloc>; ÀLocalAlloc
76A63ADB ³. 8BD8 MOV EBX,EAX
76A63ADD ³. 3BDF CMP EBX,EDI
76A63ADF ³.75 15 JNZ SHORT 3ba1ea5.76A63AF6
76A63AE1 ³. 68 9A0000C0 PUSH C000009A
76A63AE6 ³. FF15 E410A676 CALL DWORD PTR DS:[<&ntdll.RtlNtStatusTo>; ntdll.RtlNtStatusToDosError
76A63AEC ³. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
76A63AEF ³. 8941 08 MOV DWORD PTR DS:[ECX+8],EAX
76A63AF2 ³. 33C0 XOR EAX,EAX
76A63AF4 ³.EB 3A JMP SHORT 3ba1ea5.76A63B30
76A63AF6 ³> 57 PUSH EDI ; ÚpDefaultCharUsed
76A63AF7 ³. 57 PUSH EDI ; ³pDefaultChar
76A63AF8 ³. 56 PUSH ESI ; ³MultiByteCount
76A63AF9 ³. 53 PUSH EBX ; ³MultiByteStr
76A63AFA ³. 6A FF PUSH -1 ; ³WideCharCount = FFFFFFFF (-1.)
76A63AFC ³. FF75 10 PUSH DWORD PTR SS:[EBP+10] ; ³WideCharStr
76A63AFF ³. 57 PUSH EDI ; ³Options
76A63B00 ³. 57 PUSH EDI ; ³CodePage
76A63B01 ³. FF15 6810A676 CALL DWORD PTR DS:[<&KERNEL32.WideCharTo>; ÀWideCharToMultiByte
76A63B07 ³. 85C0 TEST EAX,EAX
76A63B09 ³.74 10 JE SHORT 3ba1ea5.76A63B1B
76A63B0B ³. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
76A63B0E ³. 53 PUSH EBX
76A63B0F ³. FF75 0C PUSH DWORD PTR SS:[EBP+C]
76A63B12 ³. FF30 PUSH DWORD PTR DS:[EAX]
76A63B14 ³. FF50 04 CALL DWORD PTR DS:[EAX+4]
76A63B17 ³. 8BF8 MOV EDI,EAX
76A63B19 ³.EB 0C JMP SHORT 3ba1ea5.76A63B27
76A63B1B ³> FF15 3810A676 CALL DWORD PTR DS:[<&KERNEL32.GetLastErr>; [GetLastError
76A63B21 ³. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
76A63B24 ³. 8941 08 MOV DWORD PTR DS:[ECX+8],EAX
76A63B27 ³> 53 PUSH EBX ; ÚhMemory
76A63B28 ³. FF15 5C10A676 CALL DWORD PTR DS:[<&KERNEL32.LocalFree>>; ÀLocalFree
76A63B2E ³. 8BC7 MOV EAX,EDI
76A63B30 ³> 5F POP EDI
76A63B31 ³. 5E POP ESI
76A63B32 ³. 5B POP EBX
76A63B33 ³. 5D POP EBP
76A63B34 À. C2 0C00 RETN 0C
76A63B37 CC INT3
76A63B38 CC INT3
76A63B39 CC INT3
76A63B3A CC INT3
76A63B3B CC INT3
76A63B3C > 8BFF MOV EDI,EDI
76A63B3E Ú. 55 PUSH EBP
76A63B3F ³. 8BEC MOV EBP,ESP
76A63B41 ³. 83EC 0C SUB ESP,0C
76A63B44 ³. 8B45 0C MOV EAX,DWORD PTR SS:[EBP+C]
76A63B47 ³. 8365 FC 00 AND DWORD PTR SS:[EBP-4],0
76A63B4B ³. 8945 F4 MOV DWORD PTR SS:[EBP-C],EAX
76A63B4E ³. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
76A63B51 ³. 56 PUSH ESI
76A63B52 ³. 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX
76A63B55 ³. 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C]
76A63B58 ³. 50 PUSH EAX ; ÚArg2
76A63B59 ³. 68 BC3AA676 PUSH 3ba1ea5.76A63ABC ; ³Arg1 = 76A63ABC
76A63B5E ³. E8 6AFEFFFF CALL 3ba1ea5.EnumPageFilesW ; ÀEnumPageFilesW
76A63B63 ³. 8BF0 MOV ESI,EAX
76A63B65 ³. 85F6 TEST ESI,ESI
76A63B67 ³.74 11 JE SHORT 3ba1ea5.76A63B7A
76A63B69 ³. 837D FC 00 CMP DWORD PTR SS:[EBP-4],0
76A63B6D ³.74 0B JE SHORT 3ba1ea5.76A63B7A
76A63B6F ³. FF75 FC PUSH DWORD PTR SS:[EBP-4] ; ÚError
76A63B72 ³. 33F6 XOR ESI,ESI ; ³
76A63B74 ³. FF15 5810A676 CALL DWORD PTR DS:[<&KERNEL32.SetLastErr>; ÀSetLastError
76A63B7A ³> 8BC6 MOV EAX,ESI
76A63B7C ³. 5E POP ESI
76A63B7D ³. C9 LEAVE
76A63B7E À. C2 0800 RETN 8
76A63B81 CC INT3
76A63B82 CC INT3
76A63B83 CC INT3
76A63B84 CC INT3
76A63B85 CC INT3
76A63B86 Ú$ 8BFF MOV EDI,EDI
76A63B88 ³. 55 PUSH EBP
76A63B89 ³. 8BEC MOV EBP,ESP
76A63B8B ³. 83EC 10 SUB ESP,10
76A63B8E ³. A1 2050A676 MOV EAX,DWORD PTR DS:[76A65020]
76A63B93 ³. 85C0 TEST EAX,EAX
76A63B95 ³.74 07 JE SHORT 3ba1ea5.76A63B9E
76A63B97 ³. 3D 40BB0000 CMP EAX,0BB40
76A63B9C ³.75 4D JNZ SHORT 3ba1ea5.76A63BEB
76A63B9E ³> 56 PUSH ESI
76A63B9F ³. 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
76A63BA2 ³. 50 PUSH EAX ; ÚpFileTime
76A63BA3 ³. FF15 2410A676 CALL DWORD PTR DS:[<&KERNEL32.GetSystemT>; ÀGetSystemTimeAsFileTime
76A63BA9 ³. 8B75 FC MOV ESI,DWORD PTR SS:[EBP-4]
76A63BAC ³. 3375 F8 XOR ESI,DWORD PTR SS:[EBP-8]
76A63BAF ³. FF15 2810A676 CALL DWORD PTR DS:[<&KERNEL32.GetCurrent>; [GetCurrentProcessId
76A63BB5 ³. 33F0 XOR ESI,EAX
76A63BB7 ³. FF15 2C10A676 CALL DWORD PTR DS:[<&KERNEL32.GetCurrent>; [GetCurrentThreadId
76A63BBD ³. 33F0 XOR ESI,EAX
76A63BBF ³. FF15 3010A676 CALL DWORD PTR DS:[<&KERNEL32.GetTickCou>; [GetTickCount
76A63BC5 ³. 33F0 XOR ESI,EAX
76A63BC7 ³. 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
76A63BCA ³. 50 PUSH EAX ; ÚpPerformanceCount
76A63BCB ³. FF15 3410A676 CALL DWORD PTR DS:[<&KERNEL32.QueryPerfo>; ÀQueryPerformanceCounter
76A63BD1 ³. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
76A63BD4 ³. 3345 F0 XOR EAX,DWORD PTR SS:[EBP-10]
76A63BD7 ³. 33C6 XOR EAX,ESI
76A63BD9 ³. 25 FFFF0000 AND EAX,0FFFF
76A63BDE ³. 5E POP ESI
76A63BDF ³.75 05 JNZ SHORT 3ba1ea5.76A63BE6
76A63BE1 ³. B8 40BB0000 MOV EAX,0BB40
76A63BE6 ³> A3 2050A676 MOV DWORD PTR DS:[76A65020],EAX
76A63BEB ³> F7D0 NOT EAX
76A63BED ³. A3 1C50A676 MOV DWORD PTR DS:[76A6501C],EAX
76A63BF2 ³. C9 LEAVE
76A63BF3 À. C3 RETN
76A63BF4 CC INT3
76A63BF5 CC INT3
76A63BF6 CC INT3
76A63BF7 CC INT3
76A63BF8 CC INT3
76A63BF9 $ 3B0D 2050A676 CMP ECX,DWORD PTR DS:[76A65020]
76A63BFF .75 09 JNZ SHORT 3ba1ea5.76A63C0A
76A63C01 . F7C1 0000FFFF TEST ECX,FFFF0000
76A63C07 .75 01 JNZ SHORT 3ba1ea5.76A63C0A
76A63C09 . C3 RETN
76A63C0A >E9 21000000 JMP 3ba1ea5.76A63C30
76A63C0F CC INT3
76A63C10 CC INT3
76A63C11 CC INT3
76A63C12 CC INT3
76A63C13 CC INT3
76A63C14 Ú$ 8BFF MOV EDI,EDI
76A63C16 ³. 55 PUSH EBP
76A63C17 ³. 8BEC MOV EBP,ESP
76A63C19 ³. 837D 0C 01 CMP DWORD PTR SS:[EBP+C],1
76A63C1D ³.75 05 JNZ SHORT 3ba1ea5.76A63C24
76A63C1F ³. E8 62FFFFFF CALL 3ba1ea5.76A63B86
76A63C24 ³> 33C0 XOR EAX,EAX
76A63C26 ³. 40 INC EAX
76A63C27 ³. 5D POP EBP
76A63C28 À. C2 0C00 RETN 0C
76A63C2B CC INT3
76A63C2C CC INT3
76A63C2D CC INT3
76A63C2E CC INT3
76A63C2F CC INT3
76A63C30 > 8BFF MOV EDI,EDI
76A63C32 . 55 PUSH EBP
76A63C33 . 8BEC MOV EBP,ESP
76A63C35 . 81EC 20030000 SUB ESP,320
76A63C3B . 57 PUSH EDI
76A63C3C . A3 8051A676 MOV DWORD PTR DS:[76A65180],EAX
76A63C41 . 890D 7C51A676 MOV DWORD PTR DS:[76A6517C],ECX
76A63C47 . 8915 7851A676 MOV DWORD PTR DS:[76A65178],EDX
76A63C4D . 891D 7451A676 MOV DWORD PTR DS:[76A65174],EBX
76A63C53 . 8935 7051A676 MOV DWORD PTR DS:[76A65170],ESI
76A63C59 . 893D 6C51A676 MOV DWORD PTR DS:[76A6516C],EDI
76A63C5F . 66:8C15 9851A6>MOV WORD PTR DS:[76A65198],SS
76A63C66 . 66:8C0D 8C51A6>MOV WORD PTR DS:[76A6518C],CS
76A63C6D . 66:8C1D 6851A6>MOV WORD PTR DS:[76A65168],DS
76A63C74 . 66:8C05 6451A6>MOV WORD PTR DS:[76A65164],ES
76A63C7B . 66:8C25 6051A6>MOV WORD PTR DS:[76A65160],FS
76A63C82 . 66:8C2D 5C51A6>MOV WORD PTR DS:[76A6515C],GS
76A63C89 . 9C PUSHFD
76A63C8A . 8F05 9051A676 POP DWORD PTR DS:[76A65190]
76A63C90 . 8B45 04 MOV EAX,DWORD PTR SS:[EBP+4]
76A63C93 . 8D4D 04 LEA ECX,DWORD PTR SS:[EBP+4]
76A63C96 . 83C1 04 ADD ECX,4
76A63C99 . 890D 9451A676 MOV DWORD PTR DS:[76A65194],ECX
76A63C9F . A3 8851A676 MOV DWORD PTR DS:[76A65188],EAX
76A63CA4 . C705 D050A676 >MOV DWORD PTR DS:[76A650D0],10001
76A63CAE . 8D4D 04 LEA ECX,DWORD PTR SS:[EBP+4]
76A63CB1 . 8B49 FC MOV ECX,DWORD PTR DS:[ECX-4]
76A63CB4 . A3 8C50A676 MOV DWORD PTR DS:[76A6508C],EAX
76A63CB9 . A1 2050A676 MOV EAX,DWORD PTR DS:[76A65020]
76A63CBE . 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
76A63CC1 . A1 1C50A676 MOV EAX,DWORD PTR DS:[76A6501C]
76A63CC6 . 33FF XOR EDI,EDI
76A63CC8 . 47 INC EDI
76A63CC9 . 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
76A63CCC . 6A 00 PUSH 0 ; ÚpTopLevelFilter = NULL
76A63CCE . 890D 8451A676 MOV DWORD PTR DS:[76A65184],ECX ; ³
76A63CD4 . C705 8050A676 >MOV DWORD PTR DS:[76A65080],C0000409 ; ³
76A63CDE . 893D 8450A676 MOV DWORD PTR DS:[76A65084],EDI ; ³
76A63CE4 . FF15 1410A676 CALL DWORD PTR DS:[<&KERNEL32.SetUnhandl>; ÀSetUnhandledExceptionFilter
76A63CEA . 68 2C14A676 PUSH 3ba1ea5.76A6142C ; ÚpExceptionInfo = 3ba1ea5.76A6142C
76A63CEF . FF15 1810A676 CALL DWORD PTR DS:[<&KERNEL32.UnhandledE>; ÀUnhandledExceptionFilter
76A63CF5 . 68 090400C0 PUSH C0000409 ; ÚExitCode = C0000409 (-1073740791.)
76A63CFA . 89BD E0FCFFFF MOV DWORD PTR SS:[EBP-320],EDI ; ³
76A63D00 . FF15 1C10A676 CALL DWORD PTR DS:[<&KERNEL32.GetCurrent>; ³[GetCurrentProcess
76A63D06 . 50 PUSH EAX ; ³hProcess
76A63D07 . FF15 2010A676 CALL DWORD PTR DS:[<&KERNEL32.TerminateP>; ÀTerminateProcess
76A63D0D . 5F POP EDI
76A63D0E . C9 LEAVE
76A63D0F . C3 RETN
76A63D10 CC INT3
76A63D11 CC INT3
76A63D12 CC INT3
76A63D13 CC INT3
76A63D14 CC INT3
76A63D15 CC INT3
76A63D16 CC INT3
76A63D17 CC INT3
76A63D18 Ú$ 68 E03DA676 PUSH 3ba1ea5.76A63DE0
76A63D1D ³. 64:A1 00000000 MOV EAX,DWORD PTR FS:[0]
76A63D23 ³. 50 PUSH EAX
76A63D24 ³. 8B4424 10 MOV EAX,DWORD PTR SS:[ESP+10]
76A63D28 ³. 896C24 10 MOV DWORD PTR SS:[ESP+10],EBP
76A63D2C ³. 8D6C24 10 LEA EBP,DWORD PTR SS:[ESP+10]
76A63D30 ³. 2BE0 SUB ESP,EAX
76A63D32 ³. 53 PUSH EBX
76A63D33 ³. 56 PUSH ESI
76A63D34 ³. 57 PUSH EDI
76A63D35 ³. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
76A63D38 ³. 8965 E8 MOV DWORD PTR SS:[EBP-18],ESP
76A63D3B ³. 50 PUSH EAX
76A63D3C ³. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
76A63D3F ³. C745 FC FFFFFF>MOV DWORD PTR SS:[EBP-4],-1
76A63D46 ³. 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX
76A63D49 ³. 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
76A63D4C ³. 64:A3 00000000 MOV DWORD PTR FS:[0],EAX
76A63D52 À. C3 RETN
76A63D53 Ú$ 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10]
76A63D56 ³. 64:890D 000000>MOV DWORD PTR FS:[0],ECX
76A63D5D ³. 59 POP ECX
76A63D5E ³. 5F POP EDI
76A63D5F ³. 5E POP ESI
76A63D60 ³. 5B POP EBX
76A63D61 ³. C9 LEAVE
76A63D62 ³. 51 PUSH ECX
76A63D63 À. C3 RETN
76A63D64 CC INT3
76A63D65 CC INT3
76A63D66 CC INT3
76A63D67 CC INT3
76A63D68 CC INT3
76A63D69 CC INT3
76A63D6A CC INT3
76A63D6B CC INT3
76A63D6C CC INT3
76A63D6D CC INT3
76A63D6E CC INT3
76A63D6F CC INT3
76A63D70 Ú$ 53 PUSH EBX
76A63D71 ³. 56 PUSH ESI
76A63D72 ³. 8B4424 18 MOV EAX,DWORD PTR SS:[ESP+18]
76A63D76 ³. 0BC0 OR EAX,EAX
76A63D78 ³.75 18 JNZ SHORT 3ba1ea5.76A63D92
76A63D7A ³. 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+14]
76A63D7E ³. 8B4424 10 MOV EAX,DWORD PTR SS:[ESP+10]
76A63D82 ³. 33D2 XOR EDX,EDX
76A63D84 ³. F7F1 DIV ECX
76A63D86 ³. 8BD8 MOV EBX,EAX
76A63D88 ³. 8B4424 0C MOV EAX,DWORD PTR SS:[ESP+C]
76A63D8C ³. F7F1 DIV ECX
76A63D8E ³. 8BD3 MOV EDX,EBX
76A63D90 ³.EB 41 JMP SHORT 3ba1ea5.76A63DD3
76A63D92 ³> 8BC8 MOV ECX,EAX
76A63D94 ³. 8B5C24 14 MOV EBX,DWORD PTR SS:[ESP+14]
76A63D98 ³. 8B5424 10 MOV EDX,DWORD PTR SS:[ESP+10]
76A63D9C ³. 8B4424 0C MOV EAX,DWORD PTR SS:[ESP+C]
76A63DA0 ³> D1E9 ÚSHR ECX,1
76A63DA2 ³. D1DB ³RCR EBX,1
76A63DA4 ³. D1EA ³SHR EDX,1
76A63DA6 ³. D1D8 ³RCR EAX,1
76A63DA8 ³. 0BC9 ³OR ECX,ECX
76A63DAA ³.75 F4 ÀJNZ SHORT 3ba1ea5.76A63DA0
76A63DAC ³. F7F3 DIV EBX
76A63DAE ³. 8BF0 MOV ESI,EAX
76A63DB0 ³. F76424 18 MUL DWORD PTR SS:[ESP+18]
76A63DB4 ³. 8BC8 MOV ECX,EAX
76A63DB6 ³. 8B4424 14 MOV EAX,DWORD PTR SS:[ESP+14]
76A63DBA ³. F7E6 MUL ESI
76A63DBC ³. 03D1 ADD EDX,ECX
76A63DBE ³.72 0E JB SHORT 3ba1ea5.76A63DCE
76A63DC0 ³. 3B5424 10 CMP EDX,DWORD PTR SS:[ESP+10]
76A63DC4 ³.77 08 JA SHORT 3ba1ea5.76A63DCE
76A63DC6 ³.72 07 JB SHORT 3ba1ea5.76A63DCF
76A63DC8 ³. 3B4424 0C CMP EAX,DWORD PTR SS:[ESP+C]
76A63DCC ³.76 01 JBE SHORT 3ba1ea5.76A63DCF
76A63DCE ³> 4E DEC ESI
76A63DCF ³> 33D2 XOR EDX,EDX
76A63DD1 ³. 8BC6 MOV EAX,ESI
76A63DD3 ³> 5E POP ESI
76A63DD4 ³. 5B POP EBX
76A63DD5 À. C2 1000 RETN 10
76A63DD8 . 56 PUSH ESI
76A63DD9 . 43 INC EBX
76A63DDA . 3230 XOR DH,BYTE PTR DS:[EAX]
76A63DDC . 58 POP EAX
76A63DDD . 43 INC EBX
76A63DDE . 3030 XOR BYTE PTR DS:[EAX],DH
76A63DE0 Ú. 55 PUSH EBP
76A63DE1 ³. 8BEC MOV EBP,ESP
76A63DE3 ³. 83EC 08 SUB ESP,8
76A63DE6 ³. 53 PUSH EBX
76A63DE7 ³. 56 PUSH ESI
76A63DE8 ³. 57 PUSH EDI
76A63DE9 ³. 55 PUSH EBP
76A63DEA ³. FC CLD
76A63DEB ³. 8B5D 0C MOV EBX,DWORD PTR SS:[EBP+C]
76A63DEE ³. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
76A63DF1 ³. F740 04 060000>TEST DWORD PTR DS:[EAX+4],6
76A63DF8 ³.0F85 AB000000 JNZ 3ba1ea5.76A63EA9
76A63DFE ³. 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX
76A63E01 ³. 8B45 10 MOV EAX,DWORD PTR SS:[EBP+10]
76A63E04 ³. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
76A63E07 ³. 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
76A63E0A ³. 8943 FC MOV DWORD PTR DS:[EBX-4],EAX
76A63E0D ³. 8B73 0C MOV ESI,DWORD PTR DS:[EBX+C]
76A63E10 ³. 8B7B 08 MOV EDI,DWORD PTR DS:[EBX+8]
76A63E13 ³. 53 PUSH EBX
76A63E14 ³. E8 01020000 CALL 3ba1ea5.76A6401A
76A63E19 ³. 83C4 04 ADD ESP,4
76A63E1C ³. 0BC0 OR EAX,EAX
76A63E1E ³.74 7B JE SHORT 3ba1ea5.76A63E9B
76A63E20 ³> 83FE FF ÚCMP ESI,-1
76A63E23 ³.74 7D ³JE SHORT 3ba1ea5.76A63EA2
76A63E25 ³. 8D0C76 ³LEA ECX,DWORD PTR DS:[ESI+ESI*2]
76A63E28 ³. 8B448F 04 ³MOV EAX,DWORD PTR DS:[EDI+ECX*4+4]
76A63E2C ³. 0BC0 ³OR EAX,EAX
76A63E2E ³.74 59 ³JE SHORT 3ba1ea5.76A63E89
76A63E30 ³. 56 ³PUSH ESI
76A63E31 ³. 55 ³PUSH EBP
76A63E32 ³. 8D6B 10 ³LEA EBP,DWORD PTR DS:[EBX+10]
76A63E35 ³. 33DB ³XOR EBX,EBX
76A63E37 ³. 33C9 ³XOR ECX,ECX
76A63E39 ³. 33D2 ³XOR EDX,EDX
76A63E3B ³. 33F6 ³XOR ESI,ESI
76A63E3D ³. 33FF ³XOR EDI,EDI
76A63E3F ³. FFD0 ³CALL EAX
76A63E41 ³. 5D ³POP EBP
76A63E42 ³. 5E ³POP ESI
76A63E43 ³. 8B5D 0C ³MOV EBX,DWORD PTR SS:[EBP+C]
76A63E46 ³. 0BC0 ³OR EAX,EAX
76A63E48 ³.74 3F ³JE SHORT 3ba1ea5.76A63E89
76A63E4A ³.78 48 ³JS SHORT 3ba1ea5.76A63E94
76A63E4C ³. 8B7B 08 ³MOV EDI,DWORD PTR DS:[EBX+8]
76A63E4F ³. 53 ³PUSH EBX ; ÚArg1
76A63E50 ³. E8 AB000000 ³CALL 3ba1ea5.76A63F00 ; À3ba1ea5.76A63F00
76A63E55 ³. 83C4 04 ³ADD ESP,4
76A63E58 ³. 8D6B 10 ³LEA EBP,DWORD PTR DS:[EBX+10]
76A63E5B ³. 56 ³PUSH ESI
76A63E5C ³. 53 ³PUSH EBX
76A63E5D ³. E8 F9000000 ³CALL 3ba1ea5.76A63F5B
76A63E62 ³. 83C4 08 ³ADD ESP,8
76A63E65 ³. 8D0C76 ³LEA ECX,DWORD PTR DS:[ESI+ESI*2]
76A63E68 ³. 6A 01 ³PUSH 1
76A63E6A ³. 8B448F 08 ³MOV EAX,DWORD PTR DS:[EDI+ECX*4+8]
76A63E6E ³. E8 84010000 ³CALL 3ba1ea5.76A63FF7
76A63E73 ³. 8B048F ³MOV EAX,DWORD PTR DS:[EDI+ECX*4]
76A63E76 ³. 8943 0C ³MOV DWORD PTR DS:[EBX+C],EAX
76A63E79 ³. 8B448F 08 ³MOV EAX,DWORD PTR DS:[EDI+ECX*4+8]
76A63E7D ³. 33DB ³XOR EBX,EBX
76A63E7F ³. 33C9 ³XOR ECX,ECX
76A63E81 ³. 33D2 ³XOR EDX,EDX
76A63E83 ³. 33F6 ³XOR ESI,ESI
76A63E85 ³. 33FF ³XOR EDI,EDI
76A63E87 ³. FFD0 ³CALL EAX
76A63E89 ³> 8B7B 08 ³MOV EDI,DWORD PTR DS:[EBX+8]
76A63E8C ³. 8D0C76 ³LEA ECX,DWORD PTR DS:[ESI+ESI*2]
76A63E8F ³. 8B348F ³MOV ESI,DWORD PTR DS:[EDI+ECX*4]
76A63E92 ³.EB 8C ÀJMP SHORT 3ba1ea5.76A63E20
76A63E94 ³> B8 00000000 MOV EAX,0
76A63E99 ³.EB 23 JMP SHORT 3ba1ea5.76A63EBE
76A63E9B ³> 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
76A63E9E ³. 8348 04 08 OR DWORD PTR DS:[EAX+4],8
76A63EA2 ³> B8 01000000 MOV EAX,1
76A63EA7 ³.EB 15 JMP SHORT 3ba1ea5.76A63EBE
76A63EA9 ³> 55 PUSH EBP
76A63EAA ³. 8D6B 10 LEA EBP,DWORD PTR DS:[EBX+10]
76A63EAD ³. 6A FF PUSH -1
76A63EAF ³. 53 PUSH EBX
76A63EB0 ³. E8 A6000000 CALL 3ba1ea5.76A63F5B
76A63EB5 ³. 83C4 08 ADD ESP,8
76A63EB8 ³. 5D POP EBP
76A63EB9 ³. B8 01000000 MOV EAX,1
76A63EBE ³> 5D POP EBP
76A63EBF ³. 5F POP EDI
76A63EC0 ³. 5E POP ESI
76A63EC1 ³. 5B POP EBX
76A63EC2 ³. 8BE5 MOV ESP,EBP
76A63EC4 ³. 5D POP EBP
76A63EC5 À. C3 RETN
76A63EC6 . 55 PUSH EBP
76A63EC7 . 8B4C24 08 MOV ECX,DWORD PTR SS:[ESP+8]
76A63ECB . 8B29 MOV EBP,DWORD PTR DS:[ECX]
76A63ECD . 8B41 1C MOV EAX,DWORD PTR DS:[ECX+1C]
76A63ED0 . 50 PUSH EAX
76A63ED1 . 8B41 18 MOV EAX,DWORD PTR DS:[ECX+18]
76A63ED4 . 50 PUSH EAX
76A63ED5 . E8 81000000 CALL 3ba1ea5.76A63F5B
76A63EDA . 83C4 08 ADD ESP,8
76A63EDD . 5D POP EBP
76A63EDE . C2 0400 RETN 4
76A63EE1 CC INT3
76A63EE2 CC INT3
76A63EE3 CC INT3
76A63EE4 CC INT3
76A63EE5 CC INT3
76A63EE6 $FF25 DC10A676 JMP DWORD PTR DS:[<&ntdll.NtQueryVirtual>; ntdll.ZwQueryVirtualMemory
76A63EEC CC INT3
76A63EED CC INT3
76A63EEE CC INT3
76A63EEF CC INT3
76A63EF0 CC INT3
76A63EF1 CC INT3
76A63EF2 $FF25 B010A676 JMP DWORD PTR DS:[<&ntdll.DbgPrint>] ; ntdll.DbgPrint
76A63EF8 CC INT3
76A63EF9 CC INT3
76A63EFA CC INT3
76A63EFB CC INT3
76A63EFC CC INT3
76A63EFD CC INT3
76A63EFE CC INT3
76A63EFF CC INT3
76A63F00 Ú$ 55 PUSH EBP
76A63F01 ³. 8BEC MOV EBP,ESP
76A63F03 ³. 53 PUSH EBX
76A63F04 ³. 56 PUSH ESI
76A63F05 ³. 57 PUSH EDI
76A63F06 ³. 55 PUSH EBP
76A63F07 ³. 6A 00 PUSH 0 ; Ú_eax_value = 0
76A63F09 ³. 6A 00 PUSH 0 ; ³pExcptRec = NULL
76A63F0B ³. 68 183FA676 PUSH 3ba1ea5.76A63F18 ; ³ReturnAddr = 3ba1ea5.76A63F18
76A63F10 ³. FF75 08 PUSH DWORD PTR SS:[EBP+8] ; ³pRegistrationFrame
76A63F13 ³. E8 2A030000 CALL <JMP.&ntdll.RtlUnwind> ; ÀRtlUnwind
76A63F18 ³. 5D POP EBP
76A63F19 ³. 5F POP EDI
76A63F1A ³. 5E POP ESI
76A63F1B ³. 5B POP EBX
76A63F1C ³. 8BE5 MOV ESP,EBP
76A63F1E ³. 5D POP EBP
76A63F1F À. C3 RETN
76A63F20 Ú$ 8B4C24 04 MOV ECX,DWORD PTR SS:[ESP+4] ; Structured exception handler
76A63F24 ³. F741 04 060000>TEST DWORD PTR DS:[ECX+4],6
76A63F2B ³. B8 01000000 MOV EAX,1
76A63F30 ³.74 28 JE SHORT 3ba1ea5.76A63F5A
76A63F32 ³. 8B4424 14 MOV EAX,DWORD PTR SS:[ESP+14]
76A63F36 ³. 55 PUSH EBP
76A63F37 ³. 8B68 10 MOV EBP,DWORD PTR DS:[EAX+10]
76A63F3A ³. 8B50 28 MOV EDX,DWORD PTR DS:[EAX+28]
76A63F3D ³. 52 PUSH EDX
76A63F3E ³. 8B50 24 MOV EDX,DWORD PTR DS:[EAX+24]
76A63F41 ³. 52 PUSH EDX
76A63F42 ³. E8 14000000 CALL 3ba1ea5.76A63F5B
76A63F47 ³. 83C4 08 ADD ESP,8
76A63F4A ³. 5D POP EBP
76A63F4B ³. 8B4424 08 MOV EAX,DWORD PTR SS:[ESP+8]
76A63F4F ³. 8B5424 10 MOV EDX,DWORD PTR SS:[ESP+10]
76A63F53 ³. 8902 MOV DWORD PTR DS:[EDX],EAX
76A63F55 ³. B8 03000000 MOV EAX,3
76A63F5A À> C3 RETN
76A63F5B Ú$ 53 PUSH EBX
76A63F5C ³. 56 PUSH ESI
76A63F5D ³. 57 PUSH EDI
76A63F5E ³. 8B4424 10 MOV EAX,DWORD PTR SS:[ESP+10]
76A63F62 ³. 55 PUSH EBP
76A63F63 ³. 50 PUSH EAX
76A63F64 ³. 6A FE PUSH -2
76A63F66 ³. 68 203FA676 PUSH 3ba1ea5.76A63F20 ; SE handler installation
76A63F6B ³. 64:FF35 000000>PUSH DWORD PTR FS:[0]
76A63F72 ³. 64:8925 000000>MOV DWORD PTR FS:[0],ESP
76A63F79 ³> 8B4424 24 ÚMOV EAX,DWORD PTR SS:[ESP+24]
76A63F7D ³. 8B58 08 ³MOV EBX,DWORD PTR DS:[EAX+8]
76A63F80 ³. 8B70 0C ³MOV ESI,DWORD PTR DS:[EAX+C]
76A63F83 ³. 83FE FF ³CMP ESI,-1
76A63F86 ³.74 35 ³JE SHORT 3ba1ea5.76A63FBD
76A63F88 ³. 837C24 28 FF ³CMP DWORD PTR SS:[ESP+28],-1
76A63F8D ³.74 06 ³JE SHORT 3ba1ea5.76A63F95
76A63F8F ³. 3B7424 28 ³CMP ESI,DWORD PTR SS:[ESP+28]
76A63F93 ³.76 28 ³JBE SHORT 3ba1ea5.76A63FBD
76A63F95 ³> 8D3476 ³LEA ESI,DWORD PTR DS:[ESI+ESI*2]
76A63F98 ³. 8B0CB3 ³MOV ECX,DWORD PTR DS:[EBX+ESI*4]
76A63F9B ³. 894C24 08 ³MOV DWORD PTR SS:[ESP+8],ECX
76A63F9F ³. 8948 0C ³MOV DWORD PTR DS:[EAX+C],ECX
76A63FA2 ³. 837CB3 04 00 ³CMP DWORD PTR DS:[EBX+ESI*4+4],0
76A63FA7 ³.75 12 ³JNZ SHORT 3ba1ea5.76A63FBB
76A63FA9 ³. 68 01010000 ³PUSH 101
76A63FAE ³. 8B44B3 08 ³MOV EAX,DWORD PTR DS:[EBX+ESI*4+8]
76A63FB2 ³. E8 40000000 ³CALL 3ba1ea5.76A63FF7
76A63FB7 ³. FF54B3 08 ³CALL DWORD PTR DS:[EBX+ESI*4+8]
76A63FBB ³>EB BC ÀJMP SHORT 3ba1ea5.76A63F79
76A63FBD ³> 64:8F05 000000>POP DWORD PTR FS:[0]
76A63FC4 ³. 83C4 10 ADD ESP,10
76A63FC7 ³. 5F POP EDI
76A63FC8 ³. 5E POP ESI
76A63FC9 ³. 5B POP EBX
76A63FCA À. C3 RETN
76A63FCB . 33C0 XOR EAX,EAX
76A63FCD . 64:8B0D 000000>MOV ECX,DWORD PTR FS:[0]
76A63FD4 . 8179 04 203FA6>CMP DWORD PTR DS:[ECX+4],3ba1ea5.76A63F2>; Entry address
76A63FDB .75 10 JNZ SHORT 3ba1ea5.76A63FED
76A63FDD . 8B51 0C MOV EDX,DWORD PTR DS:[ECX+C]
76A63FE0 . 8B52 0C MOV EDX,DWORD PTR DS:[EDX+C]
76A63FE3 . 3951 08 CMP DWORD PTR DS:[ECX+8],EDX
76A63FE6 .75 05 JNZ SHORT 3ba1ea5.76A63FED
76A63FE8 . B8 01000000 MOV EAX,1
76A63FED > C3 RETN
76A63FEE . 53 PUSH EBX
76A63FEF . 51 PUSH ECX
76A63FF0 . BB 3050A676 MOV EBX,3ba1ea5.76A65030
76A63FF5 .EB 0A JMP SHORT 3ba1ea5.76A64001
76A63FF7 Ú$ 53 PUSH EBX
76A63FF8 ³. 51 PUSH ECX
76A63FF9 ³. BB 3050A676 MOV EBX,3ba1ea5.76A65030
76A63FFE ³. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
76A64001 ³> 894B 08 MOV DWORD PTR DS:[EBX+8],ECX
76A64004 ³. 8943 04 MOV DWORD PTR DS:[EBX+4],EAX
76A64007 ³. 896B 0C MOV DWORD PTR DS:[EBX+C],EBP
76A6400A ³. 55 PUSH EBP
76A6400B ³. 51 PUSH ECX
76A6400C ³. 50 PUSH EAX
76A6400D ³. 58 POP EAX
76A6400E ³. 59 POP ECX
76A6400F ³. 5D POP EBP
76A64010 ³. 59 POP ECX
76A64011 ³. 5B POP EBX
76A64012 À. C2 0400 RETN 4
76A64015 CC INT3
76A64016 CC INT3
76A64017 CC INT3
76A64018 CC INT3
76A64019 CC INT3
76A6401A Ú$ 8BFF MOV EDI,EDI
76A6401C ³. 55 PUSH EBP
76A6401D ³. 8BEC MOV EBP,ESP
76A6401F ³. 83EC 20 SUB ESP,20
76A64022 ³. 53 PUSH EBX
76A64023 ³. 56 PUSH ESI
76A64024 ³. 8B75 08 MOV ESI,DWORD PTR SS:[EBP+8]
76A64027 ³. 8B5E 08 MOV EBX,DWORD PTR DS:[ESI+8]
76A6402A ³. F6C3 03 TEST BL,3
76A6402D ³.75 1C JNZ SHORT 3ba1ea5.76A6404B
76A6402F ³. 64:A1 04000000 MOV EAX,DWORD PTR FS:[4]
76A64035 ³. 8945 08 MOV DWORD PTR SS:[EBP+8],EAX
76A64038 ³. 64:A1 08000000 MOV EAX,DWORD PTR FS:[8]
76A6403E ³. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
76A64041 ³. 3B5D FC CMP EBX,DWORD PTR SS:[EBP-4]
76A64044 ³.72 0C JB SHORT 3ba1ea5.76A64052
76A64046 ³. 3B5D 08 CMP EBX,DWORD PTR SS:[EBP+8]
76A64049 ³.73 07 JNB SHORT 3ba1ea5.76A64052
76A6404B ³> 33C0 XOR EAX,EAX
76A6404D ³.E9 E6010000 JMP 3ba1ea5.76A64238
76A64052 ³> 57 PUSH EDI
76A64053 ³. 8B7E 0C MOV EDI,DWORD PTR DS:[ESI+C]
76A64056 ³. 83FF FF CMP EDI,-1
76A64059 ³.75 08 JNZ SHORT 3ba1ea5.76A64063
76A6405B ³> 33C0 XOR EAX,EAX
76A6405D ³. 40 INC EAX
76A6405E ³.E9 D4010000 JMP 3ba1ea5.76A64237
76A64063 ³> 33D2 XOR EDX,EDX
76A64065 ³. 8955 08 MOV DWORD PTR SS:[EBP+8],EDX
76A64068 ³. 8BC3 MOV EAX,EBX
76A6406A ³> 8B08 ÚMOV ECX,DWORD PTR DS:[EAX]
76A6406C ³. 83F9 FF ³CMP ECX,-1
76A6406F ³.74 04 ³JE SHORT 3ba1ea5.76A64075
76A64071 ³. 3BCA ³CMP ECX,EDX
76A64073 ³.73 64 ³JNB SHORT 3ba1ea5.76A640D9
76A64075 ³> 8378 04 00 ³CMP DWORD PTR DS:[EAX+4],0
76A64079 ³.74 03 ³JE SHORT 3ba1ea5.76A6407E
76A6407B ³. FF45 08 ³INC DWORD PTR SS:[EBP+8]
76A6407E ³> 42 ³INC EDX
76A6407F ³. 83C0 0C ³ADD EAX,0C
76A64082 ³. 3BD7 ³CMP EDX,EDI
76A64084 ³.76 E4 ÀJBE SHORT 3ba1ea5.76A6406A
76A64086 ³. 837D 08 00 CMP DWORD PTR SS:[EBP+8],0
76A6408A ³.74 0C JE SHORT 3ba1ea5.76A64098
76A6408C ³. 8B46 F8 MOV EAX,DWORD PTR DS:[ESI-8]
76A6408F ³. 3B45 FC CMP EAX,DWORD PTR SS:[EBP-4]
76A64092 ³.72 45 JB SHORT 3ba1ea5.76A640D9
76A64094 ³. 3BC6 CMP EAX,ESI
76A64096 ³.73 41 JNB SHORT 3ba1ea5.76A640D9
76A64098 ³> 8B0D A053A676 MOV ECX,DWORD PTR DS:[76A653A0]
76A6409E ³. 8BF3 MOV ESI,EBX
76A640A0 ³. 81E6 00F0FFFF AND ESI,FFFFF000
76A640A6 ³. 33C0 XOR EAX,EAX
76A640A8 ³. 85C9 TEST ECX,ECX
76A640AA ³.7E 0E JLE SHORT 3ba1ea5.76A640BA
76A640AC ³> 393485 A853A67>ÚCMP DWORD PTR DS:[EAX*4+76A653A8],ESI
76A640B3 ³.74 2B ³JE SHORT 3ba1ea5.76A640E0
76A640B5 ³. 40 ³INC EAX
76A640B6 ³. 3BC1 ³CMP EAX,ECX
76A640B8 ³.7C F2 ÀJL SHORT 3ba1ea5.76A640AC
76A640BA ³> 8D45 08 LEA EAX,DWORD PTR SS:[EBP+8]
76A640BD ³. 50 PUSH EAX
76A640BE ³. 6A 1C PUSH 1C
76A640C0 ³. 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20]
76A640C3 ³. 50 PUSH EAX
76A640C4 ³. 6A 00 PUSH 0
76A640C6 ³. 53 PUSH EBX
76A640C7 ³. 83CF FF OR EDI,FFFFFFFF
76A640CA ³. 57 PUSH EDI
76A640CB ³. E8 16FEFFFF CALL <JMP.&ntdll.NtQueryVirtualMemory>
76A640D0 ³. 85C0 TEST EAX,EAX
76A640D2 ³.7C 7C JL SHORT 3ba1ea5.76A64150
76A640D4 ³. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
76A640D7 ³.EB 79 JMP SHORT 3ba1ea5.76A64152
76A640D9 ³> 33C0 XOR EAX,EAX
76A640DB ³.E9 57010000 JMP 3ba1ea5.76A64237
76A640E0 ³> 85C0 TEST EAX,EAX
76A640E2 ³.0F8E 73FFFFFF JLE 3ba1ea5.76A6405B
76A640E8 ³. 33D2 XOR EDX,EDX
76A640EA ³. BB E853A676 MOV EBX,3ba1ea5.76A653E8
76A640EF ³. 42 INC EDX
76A640F0 ³. 8BFB MOV EDI,EBX
76A640F2 ³. 8717 XCHG DWORD PTR DS:[EDI],EDX
76A640F4 ³. 85D2 TEST EDX,EDX
76A640F6 ³.0F85 5FFFFFFF JNZ 3ba1ea5.76A6405B
76A640FC ³. 393485 A853A67>CMP DWORD PTR DS:[EAX*4+76A653A8],ESI
76A64103 ³.74 2A JE SHORT 3ba1ea5.76A6412F
76A64105 ³. 8D41 FF LEA EAX,DWORD PTR DS:[ECX-1]
76A64108 ³. 85C0 TEST EAX,EAX
76A6410A ³.7C 10 JL SHORT 3ba1ea5.76A6411C
76A6410C ³> 393485 A853A67>ÚCMP DWORD PTR DS:[EAX*4+76A653A8],ESI
76A64113 ³.74 03 ³JE SHORT 3ba1ea5.76A64118
76A64115 ³. 48 ³DEC EAX
76A64116 ³.79 F4 ÀJNS SHORT 3ba1ea5.76A6410C
76A64118 ³> 85C0 TEST EAX,EAX
76A6411A ³.7D 11 JGE SHORT 3ba1ea5.76A6412D
76A6411C ³> 83F9 10 CMP ECX,10
76A6411F ³.7D 07 JGE SHORT 3ba1ea5.76A64128
76A64121 ³. 41 INC ECX
76A64122 ³. 890D A053A676 MOV DWORD PTR DS:[76A653A0],ECX
76A64128 ³> 8D41 FF LEA EAX,DWORD PTR DS:[ECX-1]
76A6412B ³.EB 02 JMP SHORT 3ba1ea5.76A6412F
76A6412D ³>74 18 JE SHORT 3ba1ea5.76A64147
76A6412F ³> 33D2 XOR EDX,EDX
76A64131 ³. 85C0 TEST EAX,EAX
76A64133 ³.7C 12 JL SHORT 3ba1ea5.76A64147
76A64135 ³> 8D0C95 A853A67>ÚLEA ECX,DWORD PTR DS:[EDX*4+76A653A8]
76A6413C ³. 8B39 ³MOV EDI,DWORD PTR DS:[ECX]
76A6413E ³. 42 ³INC EDX
76A6413F ³. 3BD0 ³CMP EDX,EAX
76A64141 ³. 8931 ³MOV DWORD PTR DS:[ECX],ESI
76A64143 ³. 8BF7 ³MOV ESI,EDI
76A64145 ³.7E EE ÀJLE SHORT 3ba1ea5.76A64135
76A64147 ³> 33C0 XOR EAX,EAX
76A64149 ³. 8703 XCHG DWORD PTR DS:[EBX],EAX
76A6414B ³.E9 0BFFFFFF JMP 3ba1ea5.76A6405B
76A64150 ³> 33C0 XOR EAX,EAX
76A64152 ³> 85C0 TEST EAX,EAX
76A64154 ³.0F84 DB000000 JE 3ba1ea5.76A64235
76A6415A ³. 817D F8 000000>CMP DWORD PTR SS:[EBP-8],1000000
76A64161 ³.0F85 CE000000 JNZ 3ba1ea5.76A64235
76A64167 ³. F645 F4 CC TEST BYTE PTR SS:[EBP-C],0CC
76A6416B ³.74 5A JE SHORT 3ba1ea5.76A641C7
76A6416D ³. 8B4D E4 MOV ECX,DWORD PTR SS:[EBP-1C]
76A64170 ³. 66:8139 4D5A CMP WORD PTR DS:[ECX],5A4D
76A64175 ³.0F85 BA000000 JNZ 3ba1ea5.76A64235
76A6417B ³. 8B41 3C MOV EAX,DWORD PTR DS:[ECX+3C]
76A6417E ³. 03C1 ADD EAX,ECX
76A64180 ³. 8138 50450000 CMP DWORD PTR DS:[EAX],4550
76A64186 ³.0F85 A9000000 JNZ 3ba1ea5.76A64235
76A6418C ³. 66:8178 18 0B0>CMP WORD PTR DS:[EAX+18],10B
76A64192 ³.0F85 9D000000 JNZ 3ba1ea5.76A64235
76A64198 ³. 2BD9 SUB EBX,ECX
76A6419A ³. 66:8378 06 00 CMP WORD PTR DS:[EAX+6],0
76A6419F ³. 0FB748 14 MOVZX ECX,WORD PTR DS:[EAX+14]
76A641A3 ³. 8D4C01 18 LEA ECX,DWORD PTR DS:[ECX+EAX+18]
76A641A7 ³.0F86 88000000 JBE 3ba1ea5.76A64235
76A641AD ³. 8B41 0C MOV EAX,DWORD PTR DS:[ECX+C]
76A641B0 ³. 3BD8 CMP EBX,EAX
76A641B2 ³.72 13 JB SHORT 3ba1ea5.76A641C7
76A641B4 ³. 8B51 08 MOV EDX,DWORD PTR DS:[ECX+8]
76A641B7 ³. 03D0 ADD EDX,EAX
76A641B9 ³. 3BDA CMP EBX,EDX
76A641BB ³.73 0A JNB SHORT 3ba1ea5.76A641C7
76A641BD ³. F641 27 80 TEST BYTE PTR DS:[ECX+27],80
76A641C1 ³.0F85 12FFFFFF JNZ 3ba1ea5.76A640D9
76A641C7 ³> 33C0 XOR EAX,EAX
76A641C9 ³. 40 INC EAX
76A641CA ³. 8BC8 MOV ECX,EAX
76A641CC ³. BA E853A676 MOV EDX,3ba1ea5.76A653E8
76A641D1 ³. 870A XCHG DWORD PTR DS:[EDX],ECX
76A641D3 ³. 85C9 TEST ECX,ECX
76A641D5 ³.75 60 JNZ SHORT 3ba1ea5.76A64237
76A641D7 ³. 8B0D A053A676 MOV ECX,DWORD PTR DS:[76A653A0]
76A641DD ³. 85C9 TEST ECX,ECX
76A641DF ³. 8BD1 MOV EDX,ECX
76A641E1 ³.7E 13 JLE SHORT 3ba1ea5.76A641F6
76A641E3 ³. 8D048D A453A67>LEA EAX,DWORD PTR DS:[ECX*4+76A653A4]
76A641EA ³> 3930 ÚCMP DWORD PTR DS:[EAX],ESI
76A641EC ³.74 08 ³JE SHORT 3ba1ea5.76A641F6
76A641EE ³. 4A ³DEC EDX
76A641EF ³. 83E8 04 ³SUB EAX,4
76A641F2 ³. 85D2 ³TEST EDX,EDX
76A641F4 ³.7F F4 ÀJG SHORT 3ba1ea5.76A641EA
76A641F6 ³> 85D2 TEST EDX,EDX
76A641F8 ³.75 2D JNZ SHORT 3ba1ea5.76A64227
76A641FA ³. 6A 0F PUSH 0F
76A641FC ³. 5B POP EBX
76A641FD ³. 3BCB CMP ECX,EBX
76A641FF ³.7F 02 JG SHORT 3ba1ea5.76A64203
76A64201 ³. 8BD9 MOV EBX,ECX
76A64203 ³> 33D2 XOR EDX,EDX
76A64205 ³. 85DB TEST EBX,EBX
76A64207 ³.7C 12 JL SHORT 3ba1ea5.76A6421B
76A64209 ³> 8D0495 A853A67>ÚLEA EAX,DWORD PTR DS:[EDX*4+76A653A8]
76A64210 ³. 8B38 ³MOV EDI,DWORD PTR DS:[EAX]
76A64212 ³. 42 ³INC EDX
76A64213 ³. 3BD3 ³CMP EDX,EBX
76A64215 ³. 8930 ³MOV DWORD PTR DS:[EAX],ESI
76A64217 ³. 8BF7 ³MOV ESI,EDI
76A64219 ³.7E EE ÀJLE SHORT 3ba1ea5.76A64209
76A6421B ³> 83F9 10 CMP ECX,10
76A6421E ³.7D 07 JGE SHORT 3ba1ea5.76A64227
76A64220 ³. 41 INC ECX
76A64221 ³. 890D A053A676 MOV DWORD PTR DS:[76A653A0],ECX
76A64227 ³> 33C0 XOR EAX,EAX
76A64229 ³. B9 E853A676 MOV ECX,3ba1ea5.76A653E8
76A6422E ³. 8701 XCHG DWORD PTR DS:[ECX],EAX
76A64230 ³.E9 26FEFFFF JMP 3ba1ea5.76A6405B
76A64235 ³> 8BC7 MOV EAX,EDI
76A64237 ³> 5F POP EDI
76A64238 ³> 5E POP ESI
76A64239 ³. 5B POP EBX
76A6423A ³. C9 LEAVE
76A6423B À. C3 RETN
76A6423C CC INT3
76A6423D CC INT3
76A6423E CC INT3
76A6423F CC INT3
76A64240 CC INT3
76A64241 CC INT3
76A64242 $FF25 9010A676 JMP DWORD PTR DS:[<&ntdll.RtlUnwind>] ; ntdll.RtlUnwind
76A64248 $ B8 5850A676 MOV EAX,3ba1ea5.76A65058
76A6424D .E9 00000000 JMP 3ba1ea5.76A64252
76A64252 > 51 PUSH ECX
76A64253 . 52 PUSH EDX
76A64254 . 50 PUSH EAX ; ÚArg2
76A64255 . 68 E844A676 PUSH 3ba1ea5.76A644E8 ; ³Arg1 = 76A644E8
76A6425A . E8 45000000 CALL 3ba1ea5.76A642A4 ; À3ba1ea5.76A642A4
76A6425F . 5A POP EDX
76A64260 . 59 POP ECX
76A64261 . FFE0 JMP EAX
76A64263 $ B8 4050A676 MOV EAX,3ba1ea5.76A65040
76A64268 .E9 E5FFFFFF JMP 3ba1ea5.76A64252
76A6426D $ B8 4450A676 MOV EAX,3ba1ea5.76A65044
76A64272 .E9 DBFFFFFF JMP 3ba1ea5.76A64252
76A64277 $ B8 4850A676 MOV EAX,3ba1ea5.76A65048
76A6427C .E9 D1FFFFFF JMP 3ba1ea5.76A64252
76A64281 $ B8 4C50A676 MOV EAX,3ba1ea5.76A6504C
76A64286 .E9 C7FFFFFF JMP 3ba1ea5.76A64252
76A6428B $ B8 5050A676 MOV EAX,3ba1ea5.76A65050
76A64290 .E9 BDFFFFFF JMP 3ba1ea5.76A64252
76A64295 $ B8 5450A676 MOV EAX,3ba1ea5.76A65054
76A6429A .E9 B3FFFFFF JMP 3ba1ea5.76A64252
76A6429F CC INT3
76A642A0 CC INT3
76A642A1 CC INT3
76A642A2 CC INT3
76A642A3 CC INT3
76A642A4 Ú$ 55 PUSH EBP
76A642A5 ³. 8BEC MOV EBP,ESP
76A642A7 ³. 83EC 44 SUB ESP,44
76A642AA ³. 53 PUSH EBX
76A642AB ³. B8 0000A676 MOV EAX,3ba1ea5.76A60000
76A642B0 ³. 56 PUSH ESI
76A642B1 ³. 8B75 08 MOV ESI,DWORD PTR SS:[EBP+8]
76A642B4 ³. 8B56 08 MOV EDX,DWORD PTR DS:[ESI+8]
76A642B7 ³. 8B4E 04 MOV ECX,DWORD PTR DS:[ESI+4]
76A642BA ³. 8B5E 0C MOV EBX,DWORD PTR DS:[ESI+C]
76A642BD ³. 03D0 ADD EDX,EAX
76A642BF ³. 57 PUSH EDI
76A642C0 ³. 8B7E 14 MOV EDI,DWORD PTR DS:[ESI+14]
76A642C3 ³. 03F8 ADD EDI,EAX
76A642C5 ³. 03C8 ADD ECX,EAX
76A642C7 ³. 8955 E8 MOV DWORD PTR SS:[EBP-18],EDX
76A642CA ³. 8B56 10 MOV EDX,DWORD PTR DS:[ESI+10]
76A642CD ³. 03D8 ADD EBX,EAX
76A642CF ³. 03D0 ADD EDX,EAX
76A642D1 ³. 8B46 1C MOV EAX,DWORD PTR DS:[ESI+1C]
76A642D4 ³. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
76A642D7 ³. 8B45 0C MOV EAX,DWORD PTR SS:[EBP+C]
76A642DA ³. 894D C8 MOV DWORD PTR SS:[EBP-38],ECX
76A642DD ³. 33C9 XOR ECX,ECX
76A642DF ³. 897D F4 MOV DWORD PTR SS:[EBP-C],EDI
76A642E2 ³. 8945 C4 MOV DWORD PTR SS:[EBP-3C],EAX
76A642E5 ³. 33C0 XOR EAX,EAX
76A642E7 ³. F706 01000000 TEST DWORD PTR DS:[ESI],1
76A642ED ³. 8D7D D0 LEA EDI,DWORD PTR SS:[EBP-30]
76A642F0 ³. C745 BC 240000>MOV DWORD PTR SS:[EBP-44],24
76A642F7 ³. 8975 C0 MOV DWORD PTR SS:[EBP-40],ESI
76A642FA ³. 894D CC MOV DWORD PTR SS:[EBP-34],ECX
76A642FD ³. AB STOS DWORD PTR ES:[EDI]
76A642FE ³. 894D D4 MOV DWORD PTR SS:[EBP-2C],ECX
76A64301 ³. 894D D8 MOV DWORD PTR SS:[EBP-28],ECX
76A64304 ³. 894D DC MOV DWORD PTR SS:[EBP-24],ECX
76A64307 ³.75 1F JNZ SHORT 3ba1ea5.76A64328
76A64309 ³. 8D45 BC LEA EAX,DWORD PTR SS:[EBP-44]
76A6430C ³. 8945 0C MOV DWORD PTR SS:[EBP+C],EAX
76A6430F ³. 8D45 0C LEA EAX,DWORD PTR SS:[EBP+C]
76A64312 ³. 50 PUSH EAX ; ÚpArguments
76A64313 ³. 6A 01 PUSH 1 ; ³nArguments = 1
76A64315 ³. 51 PUSH ECX ; ³ExceptionFlags => EXCEPTION_CONTINUABLE
76A64316 ³. 68 57006DC0 PUSH C06D0057 ; ³ExceptionCode = C06D0057
76A6431B ³. FF15 7010A676 CALL DWORD PTR DS:[<&KERNEL32.RaiseExcep>; ÀRaiseException
76A64321 ³. 33C0 XOR EAX,EAX
76A64323 ³.E9 B8010000 JMP 3ba1ea5.76A644E0
76A64328 ³> 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18]
76A6432B ³. 8B38 MOV EDI,DWORD PTR DS:[EAX]
76A6432D ³. 8B45 0C MOV EAX,DWORD PTR SS:[EBP+C]
76A64330 ³. 2BC3 SUB EAX,EBX
76A64332 ³. C1F8 02 SAR EAX,2
76A64335 ³. C1E0 02 SHL EAX,2
76A64338 ³. 03D0 ADD EDX,EAX
76A6433A ³. 8B12 MOV EDX,DWORD PTR DS:[EDX]
76A6433C ³. 8945 08 MOV DWORD PTR SS:[EBP+8],EAX
76A6433F ³. 8BC2 MOV EAX,EDX
76A64341 ³. C1E8 1F SHR EAX,1F
76A64344 ³. F7D0 NOT EAX
76A64346 ³. 83E0 01 AND EAX,1
76A64349 ³. 8945 CC MOV DWORD PTR SS:[EBP-34],EAX
76A6434C ³.74 0B JE SHORT 3ba1ea5.76A64359
76A6434E ³. 8D82 0200A676 LEA EAX,DWORD PTR DS:[EDX+76A60002]
76A64354 ³. 8945 D0 MOV DWORD PTR SS:[EBP-30],EAX
76A64357 ³.EB 09 JMP SHORT 3ba1ea5.76A64362
76A64359 ³> 81E2 FFFF0000 AND EDX,0FFFF
76A6435F ³. 8955 D0 MOV DWORD PTR SS:[EBP-30],EDX
76A64362 ³> A1 F853A676 MOV EAX,DWORD PTR DS:[76A653F8]
76A64367 ³. 33DB XOR EBX,EBX
76A64369 ³. 3BC1 CMP EAX,ECX
76A6436B ³.74 11 JE SHORT 3ba1ea5.76A6437E
76A6436D ³. 8D55 BC LEA EDX,DWORD PTR SS:[EBP-44]
76A64370 ³. 52 PUSH EDX
76A64371 ³. 51 PUSH ECX
76A64372 ³. FFD0 CALL EAX
76A64374 ³. 8BD8 MOV EBX,EAX
76A64376 ³. 85DB TEST EBX,EBX
76A64378 ³.0F85 45010000 JNZ 3ba1ea5.76A644C3
76A6437E ³> 85FF TEST EDI,EDI
76A64380 ³.0F85 A2000000 JNZ 3ba1ea5.76A64428
76A64386 ³. A1 F853A676 MOV EAX,DWORD PTR DS:[76A653F8]
76A6438B ³. 85C0 TEST EAX,EAX
76A6438D ³.74 0E JE SHORT 3ba1ea5.76A6439D
76A6438F ³. 8D4D BC LEA ECX,DWORD PTR SS:[EBP-44]
76A64392 ³. 51 PUSH ECX
76A64393 ³. 6A 01 PUSH 1
76A64395 ³. FFD0 CALL EAX
76A64397 ³. 8BF8 MOV EDI,EAX
76A64399 ³. 85FF TEST EDI,EDI
76A6439B ³.75 50 JNZ SHORT 3ba1ea5.76A643ED
76A6439D ³> FF75 C8 PUSH DWORD PTR SS:[EBP-38] ; ÚFileName
76A643A0 ³. FF15 0410A676 CALL DWORD PTR DS:[<&KERNEL32.LoadLibrar>; ÀLoadLibraryA
76A643A6 ³. 8BF8 MOV EDI,EAX
76A643A8 ³. 85FF TEST EDI,EDI
76A643AA ³.75 41 JNZ SHORT 3ba1ea5.76A643ED
76A643AC ³. FF15 3810A676 CALL DWORD PTR DS:[<&KERNEL32.GetLastErr>; [GetLastError
76A643B2 ³. 8945 DC MOV DWORD PTR SS:[EBP-24],EAX
76A643B5 ³. A1 F453A676 MOV EAX,DWORD PTR DS:[76A653F4]
76A643BA ³. 85C0 TEST EAX,EAX
76A643BC ³.74 0E JE SHORT 3ba1ea5.76A643CC
76A643BE ³. 8D4D BC LEA ECX,DWORD PTR SS:[EBP-44]
76A643C1 ³. 51 PUSH ECX
76A643C2 ³. 6A 03 PUSH 3
76A643C4 ³. FFD0 CALL EAX
76A643C6 ³. 8BF8 MOV EDI,EAX
76A643C8 ³. 85FF TEST EDI,EDI
76A643CA ³.75 21 JNZ SHORT 3ba1ea5.76A643ED
76A643CC ³> 8D45 BC LEA EAX,DWORD PTR SS:[EBP-44]
76A643CF ³. 8945 0C MOV DWORD PTR SS:[EBP+C],EAX
76A643D2 ³. 8D45 0C LEA EAX,DWORD PTR SS:[EBP+C]
76A643D5 ³. 50 PUSH EAX ; ÚpArguments
76A643D6 ³. 6A 01 PUSH 1 ; ³nArguments = 1
76A643D8 ³. 6A 00 PUSH 0 ; ³ExceptionFlags = EXCEPTION_CONTINUABLE
76A643DA ³. 68 7E006DC0 PUSH C06D007E ; ³ExceptionCode = C06D007E
76A643DF ³. FF15 7010A676 CALL DWORD PTR DS:[<&KERNEL32.RaiseExcep>; ÀRaiseException
76A643E5 ³. 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28]
76A643E8 ³.E9 F3000000 JMP 3ba1ea5.76A644E0
76A643ED ³> 57 PUSH EDI ; ÚNewValue
76A643EE ³. FF75 E8 PUSH DWORD PTR SS:[EBP-18] ; ³pTarget
76A643F1 ³. FF15 0810A676 CALL DWORD PTR DS:[<&KERNEL32.Interlocke>; ÀInterlockedExchange
76A643F7 ³. 3BC7 CMP EAX,EDI
76A643F9 ³.74 26 JE SHORT 3ba1ea5.76A64421
76A643FB ³. 837E 18 00 CMP DWORD PTR DS:[ESI+18],0
76A643FF ³.74 27 JE SHORT 3ba1ea5.76A64428
76A64401 ³. 6A 08 PUSH 8 ; ÚSize = 8
76A64403 ³. 6A 40 PUSH 40 ; ³Flags = LPTR
76A64405 ³. FF15 6010A676 CALL DWORD PTR DS:[<&KERNEL32.LocalAlloc>; ÀLocalAlloc
76A6440B ³. 85C0 TEST EAX,EAX
76A6440D ³.74 19 JE SHORT 3ba1ea5.76A64428
76A6440F ³. 8970 04 MOV DWORD PTR DS:[EAX+4],ESI
76A64412 ³. 8B0D F053A676 MOV ECX,DWORD PTR DS:[76A653F0]
76A64418 ³. 8908 MOV DWORD PTR DS:[EAX],ECX
76A6441A ³. A3 F053A676 MOV DWORD PTR DS:[76A653F0],EAX
76A6441F ³.EB 07 JMP SHORT 3ba1ea5.76A64428
76A64421 ³> 57 PUSH EDI ; ÚhLibModule
76A64422 ³. FF15 0C10A676 CALL DWORD PTR DS:[<&KERNEL32.FreeLibrar>; ÀFreeLibrary
76A64428 ³> A1 F853A676 MOV EAX,DWORD PTR DS:[76A653F8]
76A6442D ³. 85C0 TEST EAX,EAX
76A6442F ³. 897D D4 MOV DWORD PTR SS:[EBP-2C],EDI
76A64432 ³.74 0A JE SHORT 3ba1ea5.76A6443E
76A64434 ³. 8D4D BC LEA ECX,DWORD PTR SS:[EBP-44]
76A64437 ³. 51 PUSH ECX
76A64438 ³. 6A 02 PUSH 2
76A6443A ³. FFD0 CALL EAX
76A6443C ³. 8BD8 MOV EBX,EAX
76A6443E ³> 85DB TEST EBX,EBX
76A64440 ³.75 7C JNZ SHORT 3ba1ea5.76A644BE
76A64442 ³. 395E 14 CMP DWORD PTR DS:[ESI+14],EBX
76A64445 ³.74 2C JE SHORT 3ba1ea5.76A64473
76A64447 ³. 395E 1C CMP DWORD PTR DS:[ESI+1C],EBX
76A6444A ³.74 27 JE SHORT 3ba1ea5.76A64473
76A6444C ³. 8B47 3C MOV EAX,DWORD PTR DS:[EDI+3C]
76A6444F ³. 03C7 ADD EAX,EDI
76A64451 ³. 8138 50450000 CMP DWORD PTR DS:[EAX],4550
76A64457 ³.75 1A JNZ SHORT 3ba1ea5.76A64473
76A64459 ³. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
76A6445C ³. 3948 08 CMP DWORD PTR DS:[EAX+8],ECX
76A6445F ³.75 12 JNZ SHORT 3ba1ea5.76A64473
76A64461 ³. 3B78 34 CMP EDI,DWORD PTR DS:[EAX+34]
76A64464 ³.75 0D JNZ SHORT 3ba1ea5.76A64473
76A64466 ³. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
76A64469 ³. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
76A6446C ³. 8B1C01 MOV EBX,DWORD PTR DS:[ECX+EAX]
76A6446F ³. 85DB TEST EBX,EBX
76A64471 ³.75 4B JNZ SHORT 3ba1ea5.76A644BE
76A64473 ³> FF75 D0 PUSH DWORD PTR SS:[EBP-30] ; ÚProcNameOrOrdinal
76A64476 ³. 57 PUSH EDI ; ³hModule
76A64477 ³. FF15 1010A676 CALL DWORD PTR DS:[<&KERNEL32.GetProcAdd>; ÀGetProcAddress
76A6447D ³. 8BD8 MOV EBX,EAX
76A6447F ³. 85DB TEST EBX,EBX
76A64481 ³.75 3B JNZ SHORT 3ba1ea5.76A644BE
76A64483 ³. FF15 3810A676 CALL DWORD PTR DS:[<&KERNEL32.GetLastErr>; [GetLastError
76A64489 ³. 8945 DC MOV DWORD PTR SS:[EBP-24],EAX
76A6448C ³. A1 F453A676 MOV EAX,DWORD PTR DS:[76A653F4]
76A64491 ³. 85C0 TEST EAX,EAX
76A64493 ³.74 0A JE SHORT 3ba1ea5.76A6449F
76A64495 ³. 8D4D BC LEA ECX,DWORD PTR SS:[EBP-44]
76A64498 ³. 51 PUSH ECX
76A64499 ³. 6A 04 PUSH 4
76A6449B ³. FFD0 CALL EAX
76A6449D ³. 8BD8 MOV EBX,EAX
76A6449F ³> 85DB TEST EBX,EBX
76A644A1 ³.75 1B JNZ SHORT 3ba1ea5.76A644BE
76A644A3 ³. 8D45 BC LEA EAX,DWORD PTR SS:[EBP-44]
76A644A6 ³. 8945 08 MOV DWORD PTR SS:[EBP+8],EAX
76A644A9 ³. 8D45 08 LEA EAX,DWORD PTR SS:[EBP+8]
76A644AC ³. 50 PUSH EAX ; ÚpArguments
76A644AD ³. 6A 01 PUSH 1 ; ³nArguments = 1
76A644AF ³. 53 PUSH EBX ; ³ExceptionFlags
76A644B0 ³. 68 7F006DC0 PUSH C06D007F ; ³ExceptionCode = C06D007F
76A644B5 ³. FF15 7010A676 CALL DWORD PTR DS:[<&KERNEL32.RaiseExcep>; ÀRaiseException
76A644BB ³. 8B5D D8 MOV EBX,DWORD PTR SS:[EBP-28]
76A644BE ³> 8B45 0C MOV EAX,DWORD PTR SS:[EBP+C]
76A644C1 ³. 8918 MOV DWORD PTR DS:[EAX],EBX
76A644C3 ³> A1 F853A676 MOV EAX,DWORD PTR DS:[76A653F8]
76A644C8 ³. 85C0 TEST EAX,EAX
76A644CA ³.74 12 JE SHORT 3ba1ea5.76A644DE
76A644CC ³. 8365 DC 00 AND DWORD PTR SS:[EBP-24],0
76A644D0 ³. 8D4D BC LEA ECX,DWORD PTR SS:[EBP-44]
76A644D3 ³. 51 PUSH ECX
76A644D4 ³. 6A 05 PUSH 5
76A644D6 ³. 897D D4 MOV DWORD PTR SS:[EBP-2C],EDI
76A644D9 ³. 895D D8 MOV DWORD PTR SS:[EBP-28],EBX
76A644DC ³. FFD0 CALL EAX
76A644DE ³> 8BC3 MOV EAX,EBX
76A644E0 ³> 5F POP EDI
76A644E1 ³. 5E POP ESI
76A644E2 ³. 5B POP EBX
76A644E3 ³. C9 LEAVE
76A644E4 À. C2 0800 RETN 8
76A644E7 CC INT3
76A644E8 01 DB 01
76A644E9 00 DB 00
76A644EA 00 DB 00
76A644EB 00 DB 00
76A644EC 40 DB 40 ; CHAR '@'
76A644ED 14 DB 14
76A644EE 00 DB 00
76A644EF 00 DB 00
76A644F0 EC DB EC
76A644F1 53 DB 53 ; CHAR 'S'
76A644F2 00 DB 00
76A644F3 00 DB 00
76A644F4 . 40 50 00 ASCII "@P",0
76A644F7 00 DB 00
76A644F8 . 28 45 00 ASCII "(E",0
76A644FB 00 DB 00
76A644FC C8 DB C8
76A644FD 45 DB 45 ; CHAR 'E'
76A644FE 00 DB 00
76A644FF 00 DB 00
76A64500 00 DB 00
76A64501 00 DB 00
76A64502 00 DB 00
76A64503 00 DB 00
76A64504 00 DB 00
76A64505 00 DB 00
76A64506 00 DB 00
76A64507 00 DB 00
76A64508 00 DB 00
76A64509 00 DB 00
76A6450A 00 DB 00
76A6450B 00 DB 00
76A6450C 00 DB 00
76A6450D 00 DB 00
76A6450E 00 DB 00
76A6450F 00 DB 00
76A64510 00 DB 00
76A64511 00 DB 00
76A64512 00 DB 00
76A64513 00 DB 00
76A64514 00 DB 00
76A64515 00 DB 00
76A64516 00 DB 00
76A64517 00 DB 00
76A64518 00 DB 00
76A64519 00 DB 00
76A6451A 00 DB 00
76A6451B 00 DB 00
76A6451C 00 DB 00
76A6451D 00 DB 00
76A6451E 00 DB 00
76A6451F 00 DB 00
76A64520 00 DB 00
76A64521 00 DB 00
76A64522 00 DB 00
76A64523 00 DB 00
76A64524 00 DB 00
76A64525 00 DB 00
76A64526 00 DB 00
76A64527 00 DB 00
76A64528 . 5A 45 00 ASCII "ZE",0
76A6452B 00 DB 00
76A6452C . 6E 45 00 ASCII "nE",0
76A6452F 00 DB 00
76A64530 82 DB 82
76A64531 45 DB 45 ; CHAR 'E'
76A64532 00 DB 00
76A64533 00 DB 00
76A64534 92 DB 92
76A64535 45 DB 45 ; CHAR 'E'
76A64536 00 DB 00
76A64537 00 DB 00
76A64538 A6 DB A6
76A64539 45 DB 45 ; CHAR 'E'
76A6453A 00 DB 00
76A6453B 00 DB 00
76A6453C B6 DB B6
76A6453D 45 DB 45 ; CHAR 'E'
76A6453E 00 DB 00
76A6453F 00 DB 00
76A64540 . 48 45 00 ASCII "HE",0
76A64543 00 DB 00
76A64544 00 DB 00
76A64545 00 DB 00
76A64546 00 DB 00
76A64547 00 DB 00
76A64548 00 DB 00
76A64549 00 DB 00
76A6454A . 53 79 6D 55 6E>ASCII "SymUnloadModule",0
76A6455A 00 DB 00
76A6455B 00 DB 00
76A6455C . 53 79 6D 47 65>ASCII "SymGetSymFromAdd"
76A6456C . 72 00 ASCII "r",0
76A6456E 00 DB 00
76A6456F 00 DB 00
76A64570 . 53 79 6D 47 65>ASCII "SymGetModuleInfo"
76A64580 . 00 ASCII 0
76A64581 6C DB 6C ; CHAR 'l'
76A64582 00 DB 00
76A64583 00 DB 00
76A64584 . 53 79 6D 4C 6F>ASCII "SymLoadModule",0
76A64592 00 DB 00
76A64593 00 DB 00
76A64594 . 53 79 6D 47 65>ASCII "SymGetSearchPath"
76A645A4 . 00 ASCII 0
76A645A5 6C DB 6C ; CHAR 'l'
76A645A6 00 DB 00
76A645A7 00 DB 00
76A645A8 . 53 79 6D 49 6E>ASCII "SymInitialize",0
76A645B6 00 DB 00
76A645B7 00 DB 00
76A645B8 . 53 79 6D 53 65>ASCII "SymSetOptions",0
76A645C6 00 DB 00
76A645C7 00 DB 00
76A645C8 00 DB 00
76A645C9 00 DB 00
76A645CA 00 DB 00
76A645CB 00 DB 00
76A645CC 00 DB 00
76A645CD 00 DB 00
76A645CE 00 DB 00
76A645CF 00 DB 00
76A645D0 00 DB 00
76A645D1 00 DB 00
76A645D2 00 DB 00
76A645D3 00 DB 00
76A645D4 00 DB 00
76A645D5 00 DB 00
76A645D6 00 DB 00
76A645D7 00 DB 00
76A645D8 00 DB 00
76A645D9 00 DB 00
76A645DA 00 DB 00
76A645DB 00 DB 00
76A645DC 00 DB 00
76A645DD 00 DB 00
76A645DE 00 DB 00
76A645DF 00 DB 00
76A645E0 00 DB 00
76A645E1 00 DB 00
76A645E2 00 DB 00
76A645E3 00 DB 00
76A645E4 00 DB 00
76A645E5 00 DB 00
76A645E6 00 DB 00
76A645E7 00 DB 00
76A645E8 . B4460000 DD 000046B4 ; Struct 'IMAGE_IMPORT_DESCRIPTOR'
76A645EC . FFFFFFFF DD FFFFFFFF
76A645F0 . FFFFFFFF DD FFFFFFFF
76A645F4 . 94480000 DD 00004894
76A645F8 . 90100000 DD 00001090
76A645FC . 24460000 DD 00004624 ; Struct 'IMAGE_IMPORT_DESCRIPTOR'
76A64600 . FFFFFFFF DD FFFFFFFF
76A64604 . FFFFFFFF DD FFFFFFFF
76A64608 . EE4A0000 DD 00004AEE
76A6460C . 00100000 DD 00001000
76A64610 . 00000000 DD 00000000 ; Struct 'IMAGE_IMPORT_DESCRIPTOR'
76A64614 . 00000000 DD 00000000
76A64618 . 00000000 DD 00000000
76A6461C . 00000000 DD 00000000
76A64620 . 00000000 DD 00000000
76A64624 . 14490000 DD 00004914 ; Import lookup table for 'KERNEL32.dll'
76A64628 . 324B0000 DD 00004B32
76A6462C . 1C4B0000 DD 00004B1C
76A64630 . 0E4B0000 DD 00004B0E
76A64634 . FC4A0000 DD 00004AFC
76A64638 . D04A0000 DD 00004AD0
76A6463C . B44A0000 DD 00004AB4
76A64640 . A04A0000 DD 00004AA0
76A64644 . 8C4A0000 DD 00004A8C
76A64648 . 724A0000 DD 00004A72
76A6464C . 5C4A0000 DD 00004A5C
76A64650 . 464A0000 DD 00004A46
76A64654 . 364A0000 DD 00004A36
76A64658 . 1C4A0000 DD 00004A1C
76A6465C . 0C4A0000 DD 00004A0C
76A64660 . F0490000 DD 000049F0
76A64664 . DC490000 DD 000049DC
76A64668 . CC490000 DD 000049CC
76A6466C . BA490000 DD 000049BA
76A64670 . AC490000 DD 000049AC
76A64674 . 9E490000 DD 0000499E
76A64678 . 8C490000 DD 0000498C
76A6467C . AA480000 DD 000048AA
76A64680 . BA480000 DD 000048BA
76A64684 . C6480000 DD 000048C6
76A64688 . D4480000 DD 000048D4
76A6468C . EA480000 DD 000048EA
76A64690 . 00490000 DD 00004900
76A64694 . 424B0000 DD 00004B42
76A64698 . 24490000 DD 00004924
76A6469C . 40490000 DD 00004940
76A646A0 . 5C490000 DD 0000495C
76A646A4 . 68490000 DD 00004968
76A646A8 . 74490000 DD 00004974
76A646AC . 80490000 DD 00004980
76A646B0 . 00000000 DD 00000000
76A646B4 . 9E480000 DD 0000489E ; Import lookup table for 'ntdll.dll'
76A646B8 . 8A480000 DD 0000488A
76A646BC . 80480000 DD 00004880
76A646C0 . 74480000 DD 00004874
76A646C4 . 6C480000 DD 0000486C
76A646C8 . 62480000 DD 00004862
76A646CC . 52480000 DD 00004852
76A646D0 . 46480000 DD 00004846
76A646D4 . 3A480000 DD 0000483A
76A646D8 . 26480000 DD 00004826
76A646DC . 10480000 DD 00004810
76A646E0 . F6470000 DD 000047F6
76A646E4 . DC470000 DD 000047DC
76A646E8 . CA470000 DD 000047CA
76A646EC . B2470000 DD 000047B2
76A646F0 . A0470000 DD 000047A0
76A646F4 . 92470000 DD 00004792
76A646F8 . 78470000 DD 00004778
76A646FC . 5C470000 DD 0000475C
76A64700 . 44470000 DD 00004744
76A64704 . 28470000 DD 00004728
76A64708 . 10470000 DD 00004710
76A6470C . 00000000 DD 00000000
76A64710 . 0B03 DW 030B
76A64712 . 52 74 6C 4E 74>ASCII "RtlNtStatusToDos"
76A64722 . 45 72 72 6F 72>ASCII "Error",0
76A64728 . 3001 DW 0130
76A6472A . 4E 74 51 75 65>ASCII "NtQuerySystemInf"
76A6473A . 6F 72 6D 61 74>ASCII "ormation",0
76A64743 . 00 DB 00
76A64744 . 3501 DW 0135
76A64746 . 4E 74 51 75 65>ASCII "NtQueryVirtualMe"
76A64756 . 6D 6F 72 79 00>ASCII "mory",0
76A6475B . 00 DB 00
76A6475C . 1B01 DW 011B
76A6475E . 4E 74 51 75 65>ASCII "NtQueryInformati"
76A6476E . 6F 6E 50 72 6F>ASCII "onProcess",0
76A64778 . 6901 DW 0169
76A6477A . 4E 74 53 65 74>ASCII "NtSetInformation"
76A6478A . 50 72 6F 63 65>ASCII "Process",0
76A64792 . 9A01 DW 019A
76A64794 . 4E 74 57 72 69>ASCII "NtWriteFile",0
76A647A0 . 8001 DW 0180
76A647A2 . 4E 74 53 74 61>ASCII "NtStartProfile",0
76A647B1 . 00 DB 00
76A647B2 . 6C01 DW 016C
76A647B4 . 4E 74 53 65 74>ASCII "NtSetIntervalPro"
76A647C4 . 66 69 6C 65 00>ASCII "file",0
76A647C9 . 00 DB 00
76A647CA . A900 DW 00A9
76A647CC . 4E 74 43 72 65>ASCII "NtCreateProfile",0
76A647DC . 8700 DW 0087
76A647DE . 4E 74 41 6C 6C>ASCII "NtAllocateVirtua"
76A647EE . 6C 4D 65 6D 6F>ASCII "lMemory",0
76A647F6 . 0003 DW 0300
76A647F8 . 52 74 6C 4D 75>ASCII "RtlMultiByteToUn"
76A64808 . 69 63 6F 64 65>ASCII "icodeN",0
76A6480F . 00 DB 00
76A64810 . C001 DW 01C0
76A64812 . 52 74 6C 41 64>ASCII "RtlAdjustPrivile"
76A64822 . 67 65 00 ASCII "ge",0
76A64825 . 00 DB 00
76A64826 . 9103 DW 0391
76A64828 . 52 74 6C 55 6E>ASCII "RtlUnicodeToOemN"
76A64838 . 00 ASCII 0
76A64839 . 00 DB 00
76A6483A . 1000 DW 0010
76A6483C . 44 62 67 50 72>ASCII "DbgPrint",0
76A64845 . 00 DB 00
76A64846 . 0E05 DW 050E
76A64848 . 5F 73 6E 70 72>ASCII "_snprintf",0
76A64852 . 8101 DW 0181
76A64854 . 4E 74 53 74 6F>ASCII "NtStopProfile",0
76A64862 . 9000 DW 0090
76A64864 . 4E 74 43 6C 6F>ASCII "N***ose",0
76A6486C . 2905 DW 0529
76A6486E . 61 74 6F 69 00>ASCII "atoi",0
76A64873 . 00 DB 00
76A64874 . 1205 DW 0512
76A64876 . 5F 73 74 72 69>ASCII "_stricmp",0
76A6487F . 00 DB 00
76A64880 . 6805 DW 0568
76A64882 . 77 63 73 63 68>ASCII "wcschr",0
76A64889 . 00 DB 00
76A6488A . 6C05 DW 056C
76A6488C . 77 63 73 6C 65>ASCII "wcslen",0
76A64893 . 00 DB 00
76A64894 . 6E 74 64 6C 6C>ASCII "ntdll.dll",0
76A6489E . 9603 DW 0396
76A648A0 . 52 74 6C 55 6E>ASCII "RtlUnwind",0
76A648AA . 2803 DW 0328
76A648AC . 53 65 74 4C 61>ASCII "SetLastError",0
76A648B9 . 00 DB 00
76A648BA . 5C02 DW 025C
76A648BC . 4C 6F 63 61 6C>ASCII "LocalFree",0
76A648C6 . 5802 DW 0258
76A648C8 . 4C 6F 63 61 6C>ASCII "LocalAlloc",0
76A648D3 . 00 DB 00
76A648D4 . 7502 DW 0275
76A648D6 . 4D 75 6C 74 69>ASCII "MultiByteToWideC"
76A648E6 . 68 61 72 00 ASCII "har",0
76A648EA . 9403 DW 0394
76A648EC . 57 69 64 65 43>ASCII "WideCharToMultiB"
76A648FC . 79 74 65 00 ASCII "yte",0
76A64900 . B802 DW 02B8
76A64902 . 52 65 61 64 50>ASCII "ReadProcessMemor"
76A64912 . 79 00 ASCII "y",0
76A64914 . C501 DW 01C5
76A64916 . 47 65 74 53 79>ASCII "GetSystemInfo",0
76A64924 . 3503 DW 0335
76A64926 . 53 65 74 50 72>ASCII "SetProcessWorkin"
76A64936 . 67 53 65 74 53>ASCII "gSetSize",0
76A6493F . 00 DB 00
76A64940 . AC01 DW 01AC
76A64942 . 47 65 74 50 72>ASCII "GetProcessWorkin"
76A64952 . 67 53 65 74 53>ASCII "gSetSize",0
76A6495B . 00 DB 00
76A6495C . C603 DW 03C6
76A6495E . 6C 73 74 72 63>ASCII "lstrcpyA",0
76A64967 . 00 DB 00
76A64968 . CC03 DW 03CC
76A6496A . 6C 73 74 72 6C>ASCII "lstrlenA",0
76A64973 . 00 DB 00
76A64974 . 1602 DW 0216
76A64976 . 48 65 61 70 46>ASCII "HeapFree",0
76A6497F . 00 DB 00
76A64980 . 1002 DW 0210
76A64982 . 48 65 61 70 41>ASCII "HeapAlloc",0
76A6498C . A301 DW 01A3
76A6498E . 47 65 74 50 72>ASCII "GetProcessHeap",0
76A6499D . 00 DB 00
76A6499E . 3400 DW 0034
76A649A0 . 43 6C 6F 73 65>ASCII "CloseHandle",0
76A649AC . 5300 DW 0053
76A649AE . 43 72 65 61 74>ASCII "CreateFileA",0
76A649BA . 7103 DW 0371
76A649BC . 55 6E 6D 61 70>ASCII "UnmapViewOfFile",0
76A649CC . 6802 DW 0268
76A649CE . 4D 61 70 56 69>ASCII "MapViewOfFile",0
76A649DC . 8002 DW 0280
76A649DE . 4F 70 65 6E 46>ASCII "OpenFileMappingA"
76A649EE . 00 ASCII 0
76A649EF . 00 DB 00
76A649F0 . 8B00 DW 008B
76A649F2 . 44 69 73 61 62>ASCII "DisableThreadLib"
76A64A02 . 72 61 72 79 43>ASCII "raryCalls",0
76A64A0C . 7101 DW 0171
76A64A0E . 47 65 74 4C 61>ASCII "GetLastError",0
76A64A1B . 00 DB 00
76A64A1C . A302 DW 02A3
76A64A1E . 51 75 65 72 79>ASCII "QueryPerformance"
76A64A2E . 43 6F 75 6E 74>ASCII "Counter",0
76A64A36 . DF01 DW 01DF
76A64A38 . 47 65 74 54 69>ASCII "GetTickCount",0
76A64A45 . 00 DB 00
76A64A46 . 4601 DW 0146
76A64A48 . 47 65 74 43 75>ASCII "GetCurrentThread"
76A64A58 . 49 64 00 ASCII "Id",0
76A64A5B . 00 DB 00
76A64A5C . 4301 DW 0143
76A64A5E . 47 65 74 43 75>ASCII "GetCurrentProces"
76A64A6E . 73 49 64 00 ASCII "sId",0
76A64A72 . CA01 DW 01CA
76A64A74 . 47 65 74 53 79>ASCII "GetSystemTimeAsF"
76A64A84 . 69 6C 65 54 69>ASCII "ileTime",0
76A64A8C . 5E03 DW 035E
76A64A8E . 54 65 72 6D 69>ASCII "TerminateProcess"
76A64A9E . 00 ASCII 0
76A64A9F . 00 DB 00
76A64AA0 . 4201 DW 0142
76A64AA2 . 47 65 74 43 75>ASCII "GetCurrentProces"
76A64AB2 . 73 00 ASCII "s",0
76A64AB4 . 6E03 DW 036E
76A64AB6 . 55 6E 68 61 6E>ASCII "UnhandledExcepti"
76A64AC6 . 6F 6E 46 69 6C>ASCII "onFilter",0
76A64ACF . 00 DB 00
76A64AD0 . 4A03 DW 034A
76A64AD2 . 53 65 74 55 6E>ASCII "SetUnhandledExce"
76A64AE2 . 70 74 69 6F 6E>ASCII "ptionFilter",0
76A64AEE . 4B 45 52 4E 45>ASCII "KERNEL32.dll",0
76A64AFB 00 DB 00
76A64AFC . A001 DW 01A0
76A64AFE . 47 65 74 50 72>ASCII "GetProcAddress",0
76A64B0D . 00 DB 00
76A64B0E . F800 DW 00F8
76A64B10 . 46 72 65 65 4C>ASCII "FreeLibrary",0
76A64B1C . 2902 DW 0229
76A64B1E . 49 6E 74 65 72>ASCII "InterlockedExcha"
76A64B2E . 6E 67 65 00 ASCII "nge",0
76A64B32 . 5202 DW 0252
76A64B34 . 4C 6F 61 64 4C>ASCII "LoadLibraryA",0
76A64B41 . 00 DB 00
76A64B42 . A702 DW 02A7
76A64B44 . 52 61 69 73 65>ASCII "RaiseException",0
76A64B53 . 00 DB 00
76A64B54 00 DB 00
76A64B55 00 DB 00
76A64B56 00 DB 00
76A64B57 00 DB 00
76A64B58 00 DB 00
76A64B59 00 DB 00
76A64B5A 00 DB 00
76A64B5B 00 DB 00
76A64B5C 00 DB 00
76A64B5D 00 DB 00
76A64B5E 00 DB 00
76A64B5F 00 DB 00
76A64B60 . 00000000 DD 00000000 ; Struct 'IMAGE_EXPORT_DIRECTORY'
76A64B64 . F0474342 DD 424347F0
76A64B68 . 0000 DW 0000
76A64B6A . 0000 DW 0000
76A64B6C . 824C0000 DD 00004C82
76A64B70 . 01000000 DD 00000001
76A64B74 . 19000000 DD 00000019
76A64B78 . 19000000 DD 00000019
76A64B7C . 884B0000 DD 00004B88
76A64B80 . EC4B0000 DD 00004BEC
76A64B84 . 504C0000 DD 00004C50
76A64B88 . 201E0000 DD 00001E20 ; Export Address Table
76A64B8C . A3150000 DD 000015A3
76A64B90 . 3C3B0000 DD 00003B3C
76A64B94 . CD390000 DD 000039CD
76A64B98 . 8A1A0000 DD 00001A8A
76A64B9C . A9340000 DD 000034A9
76A64BA0 . 48170000 DD 00001748
76A64BA4 . 23180000 DD 00001823
76A64BA8 . CD160000 DD 000016CD
76A64BAC . C7170000 DD 000017C7
76A64BB0 . 45190000 DD 00001945
76A64BB4 . 7F180000 DD 0000187F
76A64BB8 . 2F1D0000 DD 00001D2F
76A64BBC . B21C0000 DD 00001CB2
76A64BC0 . 4A1C0000 DD 00001C4A
76A64BC4 . CD1B0000 DD 00001BCD
76A64BC8 . 971D0000 DD 00001D97
76A64BCC . 2D380000 DD 0000382D
76A64BD0 . A9370000 DD 000037A9
76A64BD4 . 1B370000 DD 0000371B
76A64BD8 . C2350000 DD 000035C2
76A64BDC . E1360000 DD 000036E1
76A64BE0 . 9D360000 DD 0000369D
76A64BE4 . 8B1E0000 DD 00001E8B
76A64BE8 . C71E0000 DD 00001EC7
76A64BEC . 8C4C0000 DD 00004C8C ; Export Name Pointer Table
76A64BF0 . 9C4C0000 DD 00004C9C
76A64BF4 . AE4C0000 DD 00004CAE
76A64BF8 . BD4C0000 DD 00004CBD
76A64BFC . CC4C0000 DD 00004CCC
76A64C00 . DF4C0000 DD 00004CDF
76A64C04 . ED4C0000 DD 00004CED
76A64C08 . 064D0000 DD 00004D06
76A64C0C . 1F4D0000 DD 00004D1F
76A64C10 . 384D0000 DD 00004D38
76A64C14 . 514D0000 DD 00004D51
76A64C18 . 644D0000 DD 00004D64
76A64C1C . 774D0000 DD 00004D77
76A64C20 . 8A4D0000 DD 00004D8A
76A64C24 . 9D4D0000 DD 00004D9D
76A64C28 . B24D0000 DD 00004DB2
76A64C2C . C74D0000 DD 00004DC7
76A64C30 . DC4D0000 DD 00004DDC
76A64C34 . EF4D0000 DD 00004DEF
76A64C38 . 084E0000 DD 00004E08
76A64C3C . 214E0000 DD 00004E21
76A64C40 . 364E0000 DD 00004E36
76A64C44 . 434E0000 DD 00004E43
76A64C48 . 5F4E0000 DD 00004E5F
76A64C4C . 6F4E0000 DD 00004E6F
76A64C50 . 0000 DW 0000 ; Export Ordinal Table
76A64C52 . 0100 DW 0001
76A64C54 . 0200 DW 0002
76A64C56 . 0300 DW 0003
76A64C58 . 0400 DW 0004
76A64C5A . 0500 DW 0005
76A64C5C . 0600 DW 0006
76A64C5E . 0700 DW 0007
76A64C60 . 0800 DW 0008
76A64C62 . 0900 DW 0009
76A64C64 . 0A00 DW 000A
76A64C66 . 0B00 DW 000B
76A64C68 . 0C00 DW 000C
76A64C6A . 0D00 DW 000D
76A64C6C . 0E00 DW 000E
76A64C6E . 0F00 DW 000F
76A64C70 . 1000 DW 0010
76A64C72 . 1100 DW 0011
76A64C74 . 1200 DW 0012
76A64C76 . 1300 DW 0013
76A64C78 . 1400 DW 0014
76A64C7A . 1500 DW 0015
76A64C7C . 1600 DW 0016
76A64C7E . 1700 DW 0017
76A64C80 . 1800 DW 0018
76A64C82 . 50 53 41 50 49>ASCII "PSAPI.DLL",0
76A64C8C . 45 6D 70 74 79>ASCII "EmptyWorkingSet",0
76A64C9C . 45 6E 75 6D 44>ASCII "EnumDeviceDriver"
76A64CAC . 73 00 ASCII "s",0
76A64CAE . 45 6E 75 6D 50>ASCII "EnumPageFilesA",0
76A64CBD . 45 6E 75 6D 50>ASCII "EnumPageFilesW",0
76A64CCC . 45 6E 75 6D 50>ASCII "EnumProcessModul"
76A64CDC . 65 73 00 ASCII "es",0
76A64CDF . 45 6E 75 6D 50>ASCII "EnumProcesses",0
76A64CED . 47 65 74 44 65>ASCII "GetDeviceDriverB"
76A64CFD . 61 73 65 4E 61>ASCII "aseNameA",0
76A64D06 . 47 65 74 44 65>ASCII "GetDeviceDriverB"
76A64D16 . 61 73 65 4E 61>ASCII "aseNameW",0
76A64D1F . 47 65 74 44 65>ASCII "GetDeviceDriverF"
76A64D2F . 69 6C 65 4E 61>ASCII "ileNameA",0
76A64D38 . 47 65 74 44 65>ASCII "GetDeviceDriverF"
76A64D48 . 69 6C 65 4E 61>ASCII "ileNameW",0
76A64D51 . 47 65 74 4D 61>ASCII "GetMappedFileNam"
76A64D61 . 65 41 00 ASCII "eA",0
76A64D64 . 47 65 74 4D 61>ASCII "GetMappedFileNam"
76A64D74 . 65 57 00 ASCII "eW",0
76A64D77 . 47 65 74 4D 6F>ASCII "GetModuleBaseNam"
76A64D87 . 65 41 00 ASCII "eA",0
76A64D8A . 47 65 74 4D 6F>ASCII "GetModuleBaseNam"
76A64D9A . 65 57 00 ASCII "eW",0
76A64D9D . 47 65 74 4D 6F>ASCII "GetModuleFileNam"
76A64DAD . 65 45 78 41 00>ASCII "eExA",0
76A64DB2 . 47 65 74 4D 6F>ASCII "GetModuleFileNam"
76A64DC2 . 65 45 78 57 00>ASCII "eExW",0
76A64DC7 . 47 65 74 4D 6F>ASCII "GetModuleInforma"
76A64DD7 . 74 69 6F 6E 00>ASCII "tion",0
76A64DDC . 47 65 74 50 65>ASCII "GetPerformanceIn"
76A64DEC . 66 6F 00 ASCII "fo",0
76A64DEF . 47 65 74 50 72>ASCII "GetProcessImageF"
76A64DFF . 69 6C 65 4E 61>ASCII "ileNameA",0
76A64E08 . 47 65 74 50 72>ASCII "GetProcessImageF"
76A64E18 . 69 6C 65 4E 61>ASCII "ileNameW",0
76A64E21 . 47 65 74 50 72>ASCII "GetProcessMemory"
76A64E31 . 49 6E 66 6F 00>ASCII "Info",0
76A64E36 . 47 65 74 57 73>ASCII "GetWsChanges",0
76A64E43 . 49 6E 69 74 69>ASCII "InitializeProces"
76A64E53 . 73 46 6F 72 57>ASCII "sForWsWatch",0
76A64E5F . 51 75 65 72 79>ASCII "QueryWorkingSet",0
76A64E6F . 51 75 65 72 79>ASCII "QueryWorkingSetE"
76A64E7F . 78 00 ASCII "x",0
76A64E81 00 DB 00
76A64E82 00 DB 00
76A64E83 00 DB 00
76A64E84 00 DB 00
76A64E85 00 DB 00
76A64E86 00 DB 00
76A64E87 00 DB 00
76A64E88 00 DB 00
76A64E89 00 DB 00
76A64E8A 00 DB 00
76A64E8B 00 DB 00
76A64E8C 00 DB 00
76A64E8D 00 DB 00
76A64E8E 00 DB 00
76A64E8F 00 DB 00
76A64E90 00 DB 00
76A64E91 00 DB 00
76A64E92 00 DB 00
76A64E93 00 DB 00
76A64E94 00 DB 00
76A64E95 00 DB 00
76A64E96 00 DB 00
76A64E97 00 DB 00
76A64E98 00 DB 00
76A64E99 00 DB 00
76A64E9A 00 DB 00
76A64E9B 00 DB 00
76A64E9C 00 DB 00
76A64E9D 00 DB 00
76A64E9E 00 DB 00
76A64E9F 00 DB 00
76A64EA0 00 DB 00
76A64EA1 00 DB 00
76A64EA2 00 DB 00
76A64EA3 00 DB 00
76A64EA4 00 DB 00
76A64EA5 00 DB 00
76A64EA6 00 DB 00
76A64EA7 00 DB 00
76A64EA8 00 DB 00
76A64EA9 00 DB 00
76A64EAA 00 DB 00
76A64EAB 00 DB 00
76A64EAC 00 DB 00
76A64EAD 00 DB 00
76A64EAE 00 DB 00
76A64EAF 00 DB 00
76A64EB0 00 DB 00
76A64EB1 00 DB 00
76A64EB2 00 DB 00
76A64EB3 00 DB 00
76A64EB4 00 DB 00
76A64EB5 00 DB 00
76A64EB6 00 DB 00
76A64EB7 00 DB 00
76A64EB8 00 DB 00
76A64EB9 00 DB 00
76A64EBA 00 DB 00
76A64EBB 00 DB 00
76A64EBC 00 DB 00
76A64EBD 00 DB 00
76A64EBE 00 DB 00
76A64EBF 00 DB 00
76A64EC0 00 DB 00
76A64EC1 00 DB 00
76A64EC2 00 DB 00
76A64EC3 00 DB 00
76A64EC4 00 DB 00
76A64EC5 00 DB 00
76A64EC6 00 DB 00
76A64EC7 00 DB 00
76A64EC8 00 DB 00
76A64EC9 00 DB 00
76A64ECA 00 DB 00
76A64ECB 00 DB 00
76A64ECC 00 DB 00
76A64ECD 00 DB 00
76A64ECE 00 DB 00
76A64ECF 00 DB 00
76A64ED0 00 DB 00
76A64ED1 00 DB 00
76A64ED2 00 DB 00
76A64ED3 00 DB 00
76A64ED4 00 DB 00
76A64ED5 00 DB 00
76A64ED6 00 DB 00
76A64ED7 00 DB 00
76A64ED8 00 DB 00
76A64ED9 00 DB 00
76A64EDA 00 DB 00
76A64EDB 00 DB 00
76A64EDC 00 DB 00
76A64EDD 00 DB 00
76A64EDE 00 DB 00
76A64EDF 00 DB 00
76A64EE0 00 DB 00
76A64EE1 00 DB 00
76A64EE2 00 DB 00
76A64EE3 00 DB 00
76A64EE4 00 DB 00
76A64EE5 00 DB 00
76A64EE6 00 DB 00
76A64EE7 00 DB 00
76A64EE8 00 DB 00
76A64EE9 00 DB 00
76A64EEA 00 DB 00
76A64EEB 00 DB 00
76A64EEC 00 DB 00
76A64EED 00 DB 00
76A64EEE 00 DB 00
76A64EEF 00 DB 00
76A64EF0 00 DB 00
76A64EF1 00 DB 00
76A64EF2 00 DB 00
76A64EF3 00 DB 00
76A64EF4 00 DB 00
76A64EF5 00 DB 00
76A64EF6 00 DB 00
76A64EF7 00 DB 00
76A64EF8 00 DB 00
76A64EF9 00 DB 00
76A64EFA 00 DB 00
76A64EFB 00 DB 00
76A64EFC 00 DB 00
76A64EFD 00 DB 00
76A64EFE 00 DB 00
76A64EFF 00 DB 00
76A64F00 00 DB 00
76A64F01 00 DB 00
76A64F02 00 DB 00
76A64F03 00 DB 00
76A64F04 00 DB 00
76A64F05 00 DB 00
76A64F06 00 DB 00
76A64F07 00 DB 00
76A64F08 00 DB 00
76A64F09 00 DB 00
76A64F0A 00 DB 00
76A64F0B 00 DB 00
76A64F0C 00 DB 00
76A64F0D 00 DB 00
76A64F0E 00 DB 00
76A64F0F 00 DB 00
76A64F10 00 DB 00
76A64F11 00 DB 00
76A64F12 00 DB 00
76A64F13 00 DB 00
76A64F14 00 DB 00
76A64F15 00 DB 00
76A64F16 00 DB 00
76A64F17 00 DB 00
76A64F18 00 DB 00
76A64F19 00 DB 00
76A64F1A 00 DB 00
76A64F1B 00 DB 00
76A64F1C 00 DB 00
76A64F1D 00 DB 00
76A64F1E 00 DB 00
76A64F1F 00 DB 00
76A64F20 00 DB 00
76A64F21 00 DB 00
76A64F22 00 DB 00
76A64F23 00 DB 00
76A64F24 00 DB 00
76A64F25 00 DB 00
76A64F26 00 DB 00
76A64F27 00 DB 00
76A64F28 00 DB 00
76A64F29 00 DB 00
76A64F2A 00 DB 00
76A64F2B 00 DB 00
76A64F2C 00 DB 00
76A64F2D 00 DB 00
76A64F2E 00 DB 00
76A64F2F 00 DB 00
76A64F30 00 DB 00
76A64F31 00 DB 00
76A64F32 00 DB 00
76A64F33 00 DB 00
76A64F34 00 DB 00
76A64F35 00 DB 00
76A64F36 00 DB 00
76A64F37 00 DB 00
76A64F38 00 DB 00
76A64F39 00 DB 00
76A64F3A 00 DB 00
76A64F3B 00 DB 00
76A64F3C 00 DB 00
76A64F3D 00 DB 00
76A64F3E 00 DB 00
76A64F3F 00 DB 00
76A64F40 00 DB 00
76A64F41 00 DB 00
76A64F42 00 DB 00
76A64F43 00 DB 00
76A64F44 00 DB 00
76A64F45 00 DB 00
76A64F46 00 DB 00
76A64F47 00 DB 00
76A64F48 00 DB 00
76A64F49 00 DB 00
76A64F4A 00 DB 00
76A64F4B 00 DB 00
76A64F4C 00 DB 00
76A64F4D 00 DB 00
76A64F4E 00 DB 00
76A64F4F 00 DB 00
76A64F50 00 DB 00
76A64F51 00 DB 00
76A64F52 00 DB 00
76A64F53 00 DB 00
76A64F54 00 DB 00
76A64F55 00 DB 00
76A64F56 00 DB 00
76A64F57 00 DB 00
76A64F58 00 DB 00
76A64F59 00 DB 00
76A64F5A 00 DB 00
76A64F5B 00 DB 00
76A64F5C 00 DB 00
76A64F5D 00 DB 00
76A64F5E 00 DB 00
76A64F5F 00 DB 00
76A64F60 00 DB 00
76A64F61 00 DB 00
76A64F62 00 DB 00
76A64F63 00 DB 00
76A64F64 00 DB 00
76A64F65 00 DB 00
76A64F66 00 DB 00
76A64F67 00 DB 00
76A64F68 00 DB 00
76A64F69 00 DB 00
76A64F6A 00 DB 00
76A64F6B 00 DB 00
76A64F6C 00 DB 00
76A64F6D 00 DB 00
76A64F6E 00 DB 00
76A64F6F 00 DB 00
76A64F70 00 DB 00
76A64F71 00 DB 00
76A64F72 00 DB 00
76A64F73 00 DB 00
76A64F74 00 DB 00
76A64F75 00 DB 00
76A64F76 00 DB 00
76A64F77 00 DB 00
76A64F78 00 DB 00
76A64F79 00 DB 00
76A64F7A 00 DB 00
76A64F7B 00 DB 00
76A64F7C 00 DB 00
76A64F7D 00 DB 00
76A64F7E 00 DB 00
76A64F7F 00 DB 00
76A64F80 00 DB 00
76A64F81 00 DB 00
76A64F82 00 DB 00
76A64F83 00 DB 00
76A64F84 00 DB 00
76A64F85 00 DB 00
76A64F86 00 DB 00
76A64F87 00 DB 00
76A64F88 00 DB 00
76A64F89 00 DB 00
76A64F8A 00 DB 00
76A64F8B 00 DB 00
76A64F8C 00 DB 00
76A64F8D 00 DB 00
76A64F8E 00 DB 00
76A64F8F 00 DB 00
76A64F90 00 DB 00
76A64F91 00 DB 00
76A64F92 00 DB 00
76A64F93 00 DB 00
76A64F94 00 DB 00
76A64F95 00 DB 00
76A64F96 00 DB 00
76A64F97 00 DB 00
76A64F98 00 DB 00
76A64F99 00 DB 00
76A64F9A 00 DB 00
76A64F9B 00 DB 00
76A64F9C 00 DB 00
76A64F9D 00 DB 00
76A64F9E 00 DB 00
76A64F9F 00 DB 00
76A64FA0 00 DB 00
76A64FA1 00 DB 00
76A64FA2 00 DB 00
76A64FA3 00 DB 00
76A64FA4 00 DB 00
76A64FA5 00 DB 00
76A64FA6 00 DB 00
76A64FA7 00 DB 00
76A64FA8 00 DB 00
76A64FA9 00 DB 00
76A64FAA 00 DB 00
76A64FAB 00 DB 00
76A64FAC 00 DB 00
76A64FAD 00 DB 00
76A64FAE 00 DB 00
76A64FAF 00 DB 00
76A64FB0 00 DB 00
76A64FB1 00 DB 00
76A64FB2 00 DB 00
76A64FB3 00 DB 00
76A64FB4 00 DB 00
76A64FB5 00 DB 00
76A64FB6 00 DB 00
76A64FB7 00 DB 00
76A64FB8 00 DB 00
76A64FB9 00 DB 00
76A64FBA 00 DB 00
76A64FBB 00 DB 00
76A64FBC 00 DB 00
76A64FBD 00 DB 00
76A64FBE 00 DB 00
76A64FBF 00 DB 00
76A64FC0 00 DB 00
76A64FC1 00 DB 00
76A64FC2 00 DB 00
76A64FC3 00 DB 00
76A64FC4 00 DB 00
76A64FC5 00 DB 00
76A64FC6 00 DB 00
76A64FC7 00 DB 00
76A64FC8 00 DB 00
76A64FC9 00 DB 00
76A64FCA 00 DB 00
76A64FCB 00 DB 00
76A64FCC 00 DB 00
76A64FCD 00 DB 00
76A64FCE 00 DB 00
76A64FCF 00 DB 00
76A64FD0 00 DB 00
76A64FD1 00 DB 00
76A64FD2 00 DB 00
76A64FD3 00 DB 00
76A64FD4 00 DB 00
76A64FD5 00 DB 00
76A64FD6 00 DB 00
76A64FD7 00 DB 00
76A64FD8 00 DB 00
76A64FD9 00 DB 00
76A64FDA 00 DB 00
76A64FDB 00 DB 00
76A64FDC 00 DB 00
76A64FDD 00 DB 00
76A64FDE 00 DB 00
76A64FDF 00 DB 00
76A64FE0 00 DB 00
76A64FE1 00 DB 00
76A64FE2 00 DB 00
76A64FE3 00 DB 00
76A64FE4 00 DB 00
76A64FE5 00 DB 00
76A64FE6 00 DB 00
76A64FE7 00 DB 00
76A64FE8 00 DB 00
76A64FE9 00 DB 00
76A64FEA 00 DB 00
76A64FEB 00 DB 00
76A64FEC 00 DB 00
76A64FED 00 DB 00
76A64FEE 00 DB 00
76A64FEF 00 DB 00
76A64FF0 00 DB 00
76A64FF1 00 DB 00
76A64FF2 00 DB 00
76A64FF3 00 DB 00
76A64FF4 00 DB 00
76A64FF5 00 DB 00
76A64FF6 00 DB 00
76A64FF7 00 DB 00
76A64FF8 00 DB 00
76A64FF9 00 DB 00
76A64FFA 00 DB 00
76A64FFB 00 DB 00
76A64FFC 00 DB 00
76A64FFD 00 DB 00
76A64FFE 00 DB 00
76A64FFF 00 DB 00