MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b06beeb0116f23b271122767f0be842dd5c5082b1e585e79ded01985a8fe0036. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 16 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b06beeb0116f23b271122767f0be842dd5c5082b1e585e79ded01985a8fe0036
SHA3-384 hash: 16f6f7f1f6a473a1a6ac9fa21654d51a000ca1c72a7a26f787693a6f717c361ff0a62e57bf8e817cad2c6a3d4584767d
SHA1 hash: a2ae5fb4d614f3fca87a42f1fc15800a22d36504
MD5 hash: 921557c2b17618359e49a321117a5917
humanhash: jig-shade-gee-west
File name:SecuriteInfo.com.Trojan.MSIL.Rozena.9214.20581
Download: download sample
File size:14'477'139 bytes
First seen:2024-04-17 05:31:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b819c89ac9b569d0bbb77889674017b2 (1 x AgentTesla)
ssdeep 196608:PhCe9IfzJidXDDGSFzaICetJCoabNuOb4:PQeufzJiVWSFXXtJC7G
TLSH T15EE6AE02E3FC02A9E5BFC278C5665517D7B278151720EBDF165489A92F33BD0AE39322
TrID 68.8% (.CPL) Windows Control Panel Item (generic) (57583/11/19)
12.5% (.EXE) Win64 Executable (generic) (10523/12/4)
6.0% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.3% (.EXE) Win32 Executable (generic) (4504/4/1)
2.4% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
354
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
b06beeb0116f23b271122767f0be842dd5c5082b1e585e79ded01985a8fe0036.exe
Verdict:
No threats detected
Analysis date:
2024-04-17 05:33:21 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/6882bcb3-b883-43fc-8dbc-f13091b34e82

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Result
Verdict:
Clean
Maliciousness:
Verdict:
Suspicious
Labled as:
Malware.4E9F2A27
Link:
https://www.hybrid-analysis.com/sample/b06beeb0116f23b271122767f0be842dd5c5082b1e585e79ded01985a8fe0036
Result
Verdict:
MALICIOUS
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/31db75da-9ac5-4ebb-a8cb-b595de719123
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1427173
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Score:
1%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/b06beeb0116f23b271122767f0be842dd5c5082b1e585e79ded01985a8fe0036
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b06beeb0116f23b271122767f0be842dd5c5082b1e585e79ded01985a8fe0036/
Threat name:
Win64.Trojan.Casdet
Create hunting rule
Status:
Malicious
First seen:
2024-04-15 21:51:05 UTC
File Type:
PE+ (Exe)
Extracted files:
76
AV detection:
13 of 24 (54.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wbv65marn4r3e4ise5t7bpuefxk4kcbldzmf46o62amylkh6aa3a._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/240417-f8allaeg82/
Unpacked files
SH256 hash:
6593ff065e9c7bd7f7bcc2532a23711268edd2e8cbe56abf8e2acbd4c537fea6
MD5 hash:
44b0e0918b5ef017369ea31023a8b100
SHA1 hash:
9172f0a1a305153e647ff9b0f5bbe97f51458bdf
Link:
https://www.unpac.me/results/86ea1b21-de2e-4521-8697-015d79baf9a9/
SH256 hash:
b2fc66205009e93ca73bd9d86f64f132c20ff04190bc43a356cce64894441ef1
MD5 hash:
4fadaa33aed51c36df8daccb1c3c5e5b
SHA1 hash:
64bcfc9401c35b6f28a0fdf60026dd4eb0e09060
Link:
https://www.unpac.me/results/86ea1b21-de2e-4521-8697-015d79baf9a9/
SH256 hash:
dd2b259aa200e718947e75e0faf88ef98056c0d90535a8c7ae488f54b446bd46
MD5 hash:
79b2a52b5644926d4cf965e0be59bc35
SHA1 hash:
2ca13227d4067760c5803c83534fe87ee371af2e
Link:
https://www.unpac.me/results/86ea1b21-de2e-4521-8697-015d79baf9a9/
SH256 hash:
488c285bde35a7fc3c49e18588849d38899af044fc3c07fec86b0b7e787a7a46
MD5 hash:
5bae0005be0fcd8e733054c704a2b3da
SHA1 hash:
cdf763c13464602c83d333f5e5617998979abe91
Link:
https://www.unpac.me/results/86ea1b21-de2e-4521-8697-015d79baf9a9/
SH256 hash:
aac240883b3465189ff200cf6442bafb26a89c73d77ba9d3afe49e76aca3797e
MD5 hash:
2cad69cc1de401c937c219d97df413d5
SHA1 hash:
3a7453ce2a86bd6e6c2db8143b3f4c15c2a98a72
Link:
https://www.unpac.me/results/86ea1b21-de2e-4521-8697-015d79baf9a9/
SH256 hash:
4ec3699c52c43d9d4158715f7c24d2c43f1cba15e2338b296548f26a5bbc90dd
MD5 hash:
2b3d0b6b6ef962a3de77d744cc27d294
SHA1 hash:
c403086fd278169cb95b9541f83576f204a1c0a9
Link:
https://www.unpac.me/results/86ea1b21-de2e-4521-8697-015d79baf9a9/
SH256 hash:
be52bc70579da90ba0613866fb278cb5cc67755084483a1cb253a1e9a13425c7
MD5 hash:
86d34d2ef1d1e206d17d6be19fb0bd18
SHA1 hash:
03d14f714c4cd3930598e6ba8b6c89313a6be9cb
Link:
https://www.unpac.me/results/86ea1b21-de2e-4521-8697-015d79baf9a9/
SH256 hash:
a3316714edd769ba83cef5e5dec25af513599888dd0ed601cd0597c96793b434
MD5 hash:
8ab586ffc4c3d1f1cce189dd9e03792e
SHA1 hash:
32e88fd10999154bb6dbdcb7c45c1d90e6ff4a28
Link:
https://www.unpac.me/results/86ea1b21-de2e-4521-8697-015d79baf9a9/
SH256 hash:
94cea8eaddd1b53708ef35b7b7a132857d9110d4818b5b1ae232c5359aca65b0
MD5 hash:
fb0b08b993afaaec5341a88f54bbe4e3
SHA1 hash:
e8b0e38a0fe875d9bae24f367f18ec523a076459
Link:
https://www.unpac.me/results/86ea1b21-de2e-4521-8697-015d79baf9a9/
SH256 hash:
2e6a3667ec38f5144bf5955f135899be3e6f8699af78c403b5f528b518c6e09c
MD5 hash:
53e09f19d5a88056e373fa756e7745b7
SHA1 hash:
e07c78444ae3b586733061a6bb1bc91fabe43389
Link:
https://www.unpac.me/results/86ea1b21-de2e-4521-8697-015d79baf9a9/
SH256 hash:
1d6a0148ce03f75357be1ea4796b367a70737c50ffe6d5aa0d10f2d128bb016a
MD5 hash:
e3ac4676877e22c3d641ef8f0fd7d85a
SHA1 hash:
68baf1df034532fdd104a700187681759d971bc0
Link:
https://www.unpac.me/results/86ea1b21-de2e-4521-8697-015d79baf9a9/
SH256 hash:
bd114e434a38b82684de7e3880e2b4f798cb32d9abd06eff39aeadd36c96bc6f
MD5 hash:
cdc8d138d4a56caf7b10de390c5ae6eb
SHA1 hash:
2a6ce065e0826623fb9001870cc15fa5978c2987
Link:
https://www.unpac.me/results/86ea1b21-de2e-4521-8697-015d79baf9a9/
SH256 hash:
76db50be55158b1c43de920fb9c4b4703ca410c83db554df1ac3548c1d4196b5
MD5 hash:
1447fede55abf6fc6f04f3d42d8d4966
SHA1 hash:
2cddecdc77aabe39673ae8443536c1d73487833a
Link:
https://www.unpac.me/results/86ea1b21-de2e-4521-8697-015d79baf9a9/
SH256 hash:
5946277055a1eabf09244f0257f22a126467a9c8e740074dd6014ac8aca69c92
MD5 hash:
a84ecd2601b0de0fac3e67560348b546
SHA1 hash:
20eb5e851b44984eb6e4fcd541a655716c8627ea
Link:
https://www.unpac.me/results/86ea1b21-de2e-4521-8697-015d79baf9a9/
SH256 hash:
44f73b65590631b84dba3772ddf2349ef8d373efaac638002d64f7c0f1051408
MD5 hash:
f97a937ccbcc96264f129f28cd4be055
SHA1 hash:
202aa8e0526af03cc9428b6b29f4cda85290bb04
Link:
https://www.unpac.me/results/86ea1b21-de2e-4521-8697-015d79baf9a9/
SH256 hash:
a0d66499407b1cf71b58ae6d98d020cad5c5c765647d7a93ad2dfb0b661773d9
MD5 hash:
a491cdb0e1a5e8372574b3af7fb720d7
SHA1 hash:
79f70482f1f49797c7ca79b80907f90c6efa0dfe
Link:
https://www.unpac.me/results/86ea1b21-de2e-4521-8697-015d79baf9a9/
SH256 hash:
921a932e2d9909892e72b88ed74d247eb25e4cc104fefe1be7002c6da8113d7b
MD5 hash:
5e7a82ee1a476a4900f80bce6b1237f3
SHA1 hash:
0b597a3121250c5abbf85f92363dfe4ffda01054
Link:
https://www.unpac.me/results/86ea1b21-de2e-4521-8697-015d79baf9a9/
SH256 hash:
9324ec5757b306298211cea2bc83b1dc8d37f285347c587ccbcca3943500e5f9
MD5 hash:
8308610a10b834004163b962295948b4
SHA1 hash:
e3100b9a215a61cd0e33a1df4d9d12d4169fba91
Link:
https://www.unpac.me/results/86ea1b21-de2e-4521-8697-015d79baf9a9/
SH256 hash:
b9259f540a9fa1d774a097778062b61615f7ab7f2e66fc112c2c443d3d53f9f6
MD5 hash:
8000a707b9b2b4f6043a1a1264f72bca
SHA1 hash:
450b064d931e25b3e95f97ab9ece7ab200c04674
Link:
https://www.unpac.me/results/86ea1b21-de2e-4521-8697-015d79baf9a9/
SH256 hash:
463adb87c448fe842ea81eff333f25bc7670497d8a5c2bf7dc3747094c9198f8
MD5 hash:
98ad58a6c910eecb551e1941105f5941
SHA1 hash:
4a6bb0078410d7207d48dc4c63b939861a80ad96
Link:
https://www.unpac.me/results/86ea1b21-de2e-4521-8697-015d79baf9a9/
SH256 hash:
6d61aa84e7b67c119de8d3fe486b0045f4986e24b652fa1f0ec8af631880e27c
MD5 hash:
ab51abcc581a05e91ef45a45cddbe159
SHA1 hash:
2cb185249783f84052b904769d50e6bde8947d13
Link:
https://www.unpac.me/results/86ea1b21-de2e-4521-8697-015d79baf9a9/
SH256 hash:
e5a885bb5055b000bcb79e7e931d7cae71f8f5729c28c5804a6da80930230bab
MD5 hash:
f9a9fca9ada727bcbebbaf058ac42b2f
SHA1 hash:
270606a83459d18e3c94af74f1876c7f4c07bab4
Link:
https://www.unpac.me/results/86ea1b21-de2e-4521-8697-015d79baf9a9/
SH256 hash:
66e9c844b6b42ea77a5e43cdac7a8d294c3fb0737340f0916cc7c7bac6cd4e1a
MD5 hash:
9635570214d6622a42a6c0d4d556f5a0
SHA1 hash:
aa10fd517c3d786d4c8e48c6680fadb7853397b8
Link:
https://www.unpac.me/results/86ea1b21-de2e-4521-8697-015d79baf9a9/
SH256 hash:
c6eb8c66123cf99185fc95ea7e879fee86b6c1dade11ec12253eee97104d03d8
MD5 hash:
d748c4885fa96f8063ac259b00de144c
SHA1 hash:
048d4f66d160a9855c827a346bc7da96df3e84a0
Link:
https://www.unpac.me/results/86ea1b21-de2e-4521-8697-015d79baf9a9/
SH256 hash:
cdaa0ca84e5bed32b57c9882e84560b23b55ad82391220033b048e706654c1a7
MD5 hash:
52d8c8b6e6511c01d9f4ff97928ecf54
SHA1 hash:
29f66af8e4ce26eebcef70e85de1ac14ab7a7968
Link:
https://www.unpac.me/results/86ea1b21-de2e-4521-8697-015d79baf9a9/
SH256 hash:
475186919955f12743753edd136bc5530405e3569ad2c6955adaf056e213afa0
MD5 hash:
e3f513ac054336f2ea62fde023c9394a
SHA1 hash:
48fa957ff9675a309edf8fd432b0b5d36946f1a1
Link:
https://www.unpac.me/results/86ea1b21-de2e-4521-8697-015d79baf9a9/
SH256 hash:
527d915402ea6fd0c524e4e482e6a8414ed39d01f3aa244ece4005a21a066375
MD5 hash:
08be02812e44eb0be65ca8b7196bb9dc
SHA1 hash:
9cac9b97d772b5925900186acb9271823ecba0bf
Link:
https://www.unpac.me/results/86ea1b21-de2e-4521-8697-015d79baf9a9/
SH256 hash:
6bc74748d9c32952c76b09f162ca872a384a33bbc5cb159a47796b065637b197
MD5 hash:
e43998b2499aff5da85d793a84a1f55c
SHA1 hash:
ee4d48672ad129f50c39b1e33648d312c3527b6d
Link:
https://www.unpac.me/results/86ea1b21-de2e-4521-8697-015d79baf9a9/
SH256 hash:
9d5ea402500302cac274d980eec30403a7fad39363dcbc786b58eadd9606eab7
MD5 hash:
dd2c8cfdc69786c3e66bcd2871300ae0
SHA1 hash:
19860f648b0ba8e2c4bfc404e260b76105632220
Link:
https://www.unpac.me/results/86ea1b21-de2e-4521-8697-015d79baf9a9/
SH256 hash:
aa1cd458ccfc32d8b0076d2757f17fb90aa4fe42e8e6d076297e961173f5dba6
MD5 hash:
6faca267983aa0ffa94a08a3a01072f3
SHA1 hash:
4e3335599e431d909f5f82fd6e2b7e1fc176f739
Link:
https://www.unpac.me/results/86ea1b21-de2e-4521-8697-015d79baf9a9/
SH256 hash:
9e73452a292df283db14a296828694040d7793f84062e5a7be9dca187b238245
MD5 hash:
f42ec7c9039a708f729a0900f911641c
SHA1 hash:
55f44cefaef3305ef5adc726a7f2befed4e03789
Link:
https://www.unpac.me/results/86ea1b21-de2e-4521-8697-015d79baf9a9/
SH256 hash:
5caf44ba9364afdd87cffdbb3fa93f48e3118499555dafb416ba8aea2c58c12b
MD5 hash:
6909172b7563590ea8af7bb55cf14230
SHA1 hash:
67793252d1d3826cfe581a2b539336796c7648f1
Link:
https://www.unpac.me/results/86ea1b21-de2e-4521-8697-015d79baf9a9/
SH256 hash:
68beec093bc89f17662286018ead8ac2d0dcb6aa1be0498b82c60143325896d7
MD5 hash:
84a7978274c477bddc383b64b4cabb89
SHA1 hash:
7c1ea7681d6f70019aabdfee327a9fe1622818e3
Link:
https://www.unpac.me/results/86ea1b21-de2e-4521-8697-015d79baf9a9/
SH256 hash:
fdb212843f9bf9c24eb2cdaa5dbf4c2653d5808403b32cb31a992f903aa6f1b3
MD5 hash:
d053dfd2630b77d77d90f2a5a5ce90ea
SHA1 hash:
0eafcf78bdb6660fb8ea40f721347371c4863b9f
Link:
https://www.unpac.me/results/86ea1b21-de2e-4521-8697-015d79baf9a9/
SH256 hash:
f6a10009ac9c410225e6701cd01f7c45c075450548a099dc67db8bde9e2cc15f
MD5 hash:
ab12e132ed2c2a64b15f678ff69da3dc
SHA1 hash:
877d80c31589c4f904b656cb3db32ec240ba8feb
Link:
https://www.unpac.me/results/86ea1b21-de2e-4521-8697-015d79baf9a9/
SH256 hash:
3c1eca3282cb3cc52e84dc20d1cbb3699a874b9cc29aae580682472fcb723a99
MD5 hash:
8fe16c00d5e00c6b47beade55f9a806d
SHA1 hash:
c7ec7a60a6601d3f397d127103c5baa546996e5a
Link:
https://www.unpac.me/results/86ea1b21-de2e-4521-8697-015d79baf9a9/
SH256 hash:
e2b377cc0207b764c76e73ac404150e181b788f7d733bc011377c9f0a2c4a98b
MD5 hash:
61bb3b5c8a73d8dd667c309685f3cf44
SHA1 hash:
200f434b237b3d415d3816d2ed53a93cfeb930d0
Link:
https://www.unpac.me/results/86ea1b21-de2e-4521-8697-015d79baf9a9/
SH256 hash:
4e489a013835489bec6954a359757d7d4549d49d8214a35e56edde7022599797
MD5 hash:
5b02d3b86ebd6b464525f72b9a156d84
SHA1 hash:
1f77c0fa901510ab4493d82f44437ae41988fec4
Link:
https://www.unpac.me/results/86ea1b21-de2e-4521-8697-015d79baf9a9/
SH256 hash:
8516984ea2c473877cee61a51e04a747649a62f84ed6cc58daa0e349d6517ae0
MD5 hash:
e07d712404d8a4f7d94606471939a384
SHA1 hash:
87947a3bb709c6e3edae81c76e7b3609db1bcb56
Link:
https://www.unpac.me/results/86ea1b21-de2e-4521-8697-015d79baf9a9/
SH256 hash:
b06beeb0116f23b271122767f0be842dd5c5082b1e585e79ded01985a8fe0036
MD5 hash:
921557c2b17618359e49a321117a5917
SHA1 hash:
a2ae5fb4d614f3fca87a42f1fc15800a22d36504
Link:
https://www.unpac.me/results/86ea1b21-de2e-4521-8697-015d79baf9a9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b06beeb0116f23b271122767f0be842dd5c5082b1e585e79ded01985a8fe0036

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:adonunix2
Create hunting rule
Author:Tim Brown @timb_machine
Description:AD on UNIX
Rule name:Check_OutputDebugStringA_iat
Create hunting rule
Rule name:command_and_control
Create hunting rule
Author:CD_R0M_
Description:This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerCheck__MemoryWorkingSet
Create hunting rule
Author:Fernando Mercês
Description:Anti-debug process memory working set size check
Reference:http://www.gironsec.com/blog/2015/06/anti-debugger-trick-quicky/
Rule name:DebuggerException__SetConsoleCtrl
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:Jupyter_infostealer
Create hunting rule
Author:CD_R0M_
Description:Rule for Jupyter Infostealer/Solarmarker malware from september 2021-December 2022
Rule name:MD5_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for MD5 constants
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:NETDLLMicrosoft
Create hunting rule
Author:malware-lu
Rule name:QbotStuff
Create hunting rule
Author:anonymous
Rule name:reverse_http
Create hunting rule
Author:CD_R0M_
Description:Identify strings with http reversed (ptth)
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SEH__vectored
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants
Rule name:ThreadControl__Context
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (FORCE_INTEGRITY)high
Reviews
IDCapabilitiesEvidence
AUTH_APIManipulates User AuthorizationADVAPI32.dll::GetSidSubAuthorityCount
ADVAPI32.dll::GetSidSubAuthority
ADVAPI32.dll::RevertToSelf
COM_BASE_APICan Download & Execute componentsole32.dll::CLSIDFromProgID
ole32.dll::CreateStreamOnHGlobal
SECURITY_BASE_APIUses Security Base APIADVAPI32.dll::AdjustTokenPrivileges
ADVAPI32.dll::GetTokenInformation
ADVAPI32.dll::SetKernelObjectSecurity
SHELL_APIManipulates System ShellSHELL32.dll::ShellExecuteW
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CreateProcessW
ADVAPI32.dll::OpenProcessToken
ADVAPI32.dll::OpenThreadToken
ADVAPI32.dll::SetThreadToken
KERNEL32.dll::VirtualAllocExNuma
KERNEL32.dll::CloseHandle
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::GetActiveProcessorGroupCount
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::LoadLibraryExA
KERNEL32.dll::LoadLibraryW
KERNEL32.dll::LoadLibraryA
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::SetConsoleCtrlHandler
KERNEL32.dll::GetConsoleOutputCP
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateDirectoryW
KERNEL32.dll::CreateFileW
KERNEL32.dll::CreateFileA
KERNEL32.dll::CreateFileMappingA
KERNEL32.dll::CreateFileMappingW
KERNEL32.dll::GetWindowsDirectoryW
WIN_BASE_USER_APIRetrieves Account InformationADVAPI32.dll::LookupPrivilegeValueW
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegGetValueW
ADVAPI32.dll::RegOpenKeyExW
ADVAPI32.dll::RegQueryValueExW

Comments