privateloader | hxxps://github[.]com/Tenclea/ReYANG

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 02:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Tenclea/ReYANG

Score

10^/10

privateloader loader spyware stealer

Malware Config

Signatures

PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
loader privateloader

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation	ReYANG-win.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation	ReYANG-win.exe

Executes dropped EXE 2 IoCs

pid	Process
3580	ReYANG-win.exe
3640	ReYANG-win.exe

Loads dropped DLL 4 IoCs

pid	Process
3580	ReYANG-win.exe
3580	ReYANG-win.exe
3640	ReYANG-win.exe
3640	ReYANG-win.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 36 IoCs

Web Service

T1102

flow	ioc
129	raw.githubusercontent.com
375	raw.githubusercontent.com
379	raw.githubusercontent.com
391	raw.githubusercontent.com
36	camo.githubusercontent.com
116	raw.githubusercontent.com
128	raw.githubusercontent.com
380	raw.githubusercontent.com
392	raw.githubusercontent.com
37	camo.githubusercontent.com
140	raw.githubusercontent.com
371	raw.githubusercontent.com
130	raw.githubusercontent.com
142	raw.githubusercontent.com
381	raw.githubusercontent.com
33	camo.githubusercontent.com
35	camo.githubusercontent.com
125	raw.githubusercontent.com
127	raw.githubusercontent.com
389	raw.githubusercontent.com
376	raw.githubusercontent.com
38	camo.githubusercontent.com
123	raw.githubusercontent.com
126	raw.githubusercontent.com
393	raw.githubusercontent.com
34	camo.githubusercontent.com
141	raw.githubusercontent.com
383	raw.githubusercontent.com
390	raw.githubusercontent.com
139	raw.githubusercontent.com
377	raw.githubusercontent.com
378	raw.githubusercontent.com
138	raw.githubusercontent.com
39	camo.githubusercontent.com
120	raw.githubusercontent.com
124	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1196	msedge.exe
1196	msedge.exe
464	msedge.exe
464	msedge.exe
2400	identity_helper.exe
2400	identity_helper.exe
4924	msedge.exe
4924	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4104	msedge.exe
4104	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	4672	7zG.exe
Token: 35	4672	7zG.exe
Token: SeSecurityPrivilege	4672	7zG.exe
Token: SeSecurityPrivilege	4672	7zG.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
4672	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 464 wrote to memory of 4756	464	msedge.exe	83
PID 464 wrote to memory of 4756	464	msedge.exe	83
PID 464 wrote to memory of 1160	464	msedge.exe	84
PID 464 wrote to memory of 1160	464	msedge.exe	84
PID 464 wrote to memory of 1160	464	msedge.exe	84
PID 464 wrote to memory of 1160	464	msedge.exe	84
PID 464 wrote to memory of 1160	464	msedge.exe	84
PID 464 wrote to memory of 1160	464	msedge.exe	84
PID 464 wrote to memory of 1160	464	msedge.exe	84
PID 464 wrote to memory of 1160	464	msedge.exe	84
PID 464 wrote to memory of 1160	464	msedge.exe	84
PID 464 wrote to memory of 1160	464	msedge.exe	84
PID 464 wrote to memory of 1160	464	msedge.exe	84
PID 464 wrote to memory of 1160	464	msedge.exe	84
PID 464 wrote to memory of 1160	464	msedge.exe	84
PID 464 wrote to memory of 1160	464	msedge.exe	84
PID 464 wrote to memory of 1160	464	msedge.exe	84
PID 464 wrote to memory of 1160	464	msedge.exe	84
PID 464 wrote to memory of 1160	464	msedge.exe	84
PID 464 wrote to memory of 1160	464	msedge.exe	84
PID 464 wrote to memory of 1160	464	msedge.exe	84
PID 464 wrote to memory of 1160	464	msedge.exe	84
PID 464 wrote to memory of 1160	464	msedge.exe	84
PID 464 wrote to memory of 1160	464	msedge.exe	84
PID 464 wrote to memory of 1160	464	msedge.exe	84
PID 464 wrote to memory of 1160	464	msedge.exe	84
PID 464 wrote to memory of 1160	464	msedge.exe	84
PID 464 wrote to memory of 1160	464	msedge.exe	84
PID 464 wrote to memory of 1160	464	msedge.exe	84
PID 464 wrote to memory of 1160	464	msedge.exe	84
PID 464 wrote to memory of 1160	464	msedge.exe	84
PID 464 wrote to memory of 1160	464	msedge.exe	84
PID 464 wrote to memory of 1160	464	msedge.exe	84
PID 464 wrote to memory of 1160	464	msedge.exe	84
PID 464 wrote to memory of 1160	464	msedge.exe	84
PID 464 wrote to memory of 1160	464	msedge.exe	84
PID 464 wrote to memory of 1160	464	msedge.exe	84
PID 464 wrote to memory of 1160	464	msedge.exe	84
PID 464 wrote to memory of 1160	464	msedge.exe	84
PID 464 wrote to memory of 1160	464	msedge.exe	84
PID 464 wrote to memory of 1160	464	msedge.exe	84
PID 464 wrote to memory of 1160	464	msedge.exe	84
PID 464 wrote to memory of 1196	464	msedge.exe	85
PID 464 wrote to memory of 1196	464	msedge.exe	85
PID 464 wrote to memory of 4548	464	msedge.exe	86
PID 464 wrote to memory of 4548	464	msedge.exe	86
PID 464 wrote to memory of 4548	464	msedge.exe	86
PID 464 wrote to memory of 4548	464	msedge.exe	86
PID 464 wrote to memory of 4548	464	msedge.exe	86
PID 464 wrote to memory of 4548	464	msedge.exe	86
PID 464 wrote to memory of 4548	464	msedge.exe	86
PID 464 wrote to memory of 4548	464	msedge.exe	86
PID 464 wrote to memory of 4548	464	msedge.exe	86
PID 464 wrote to memory of 4548	464	msedge.exe	86
PID 464 wrote to memory of 4548	464	msedge.exe	86
PID 464 wrote to memory of 4548	464	msedge.exe	86
PID 464 wrote to memory of 4548	464	msedge.exe	86
PID 464 wrote to memory of 4548	464	msedge.exe	86
PID 464 wrote to memory of 4548	464	msedge.exe	86
PID 464 wrote to memory of 4548	464	msedge.exe	86
PID 464 wrote to memory of 4548	464	msedge.exe	86
PID 464 wrote to memory of 4548	464	msedge.exe	86
PID 464 wrote to memory of 4548	464	msedge.exe	86
PID 464 wrote to memory of 4548	464	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Tenclea/ReYANG
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a1dd46f8,0x7ff9a1dd4708,0x7ff9a1dd4718
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,12416122780659008230,8597670933508149220,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,12416122780659008230,8597670933508149220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,12416122780659008230,8597670933508149220,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12416122780659008230,8597670933508149220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12416122780659008230,8597670933508149220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,12416122780659008230,8597670933508149220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,12416122780659008230,8597670933508149220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12416122780659008230,8597670933508149220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12416122780659008230,8597670933508149220,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12416122780659008230,8597670933508149220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12416122780659008230,8597670933508149220,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12416122780659008230,8597670933508149220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2220,12416122780659008230,8597670933508149220,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6064 /prefetch:8
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2220,12416122780659008230,8597670933508149220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,12416122780659008230,8597670933508149220,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5416 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12416122780659008230,8597670933508149220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12416122780659008230,8597670933508149220,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12416122780659008230,8597670933508149220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12416122780659008230,8597670933508149220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12416122780659008230,8597670933508149220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2220,12416122780659008230,8597670933508149220,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3468 /prefetch:8
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2220,12416122780659008230,8597670933508149220,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3032 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:8

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4444

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3740

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\ReYANG-Windows\" -ad -an -ai#7zMap9511:90:7zEvent31074
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4672

C:\Users\Admin\Downloads\ReYANG-Windows\ReYANG-win.exe
"C:\Users\Admin\Downloads\ReYANG-Windows\ReYANG-win.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:3580

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\ReYANG-Windows\required\http-proxies.txt
1⤵
PID:5044

C:\Users\Admin\Downloads\ReYANG-Windows\ReYANG-win.exe
"C:\Users\Admin\Downloads\ReYANG-Windows\ReYANG-win.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:3640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f94dd6da4a76f63f48c89a2a6f3c8e0b

SHA1
a090ba72f2e7f049a8f22e343be0589f88ac8dff

SHA256
ba5e7eb87952d3d78971e24acdf54cb7cc22886da0d8fb792f253112f32a110a

SHA512
3797acbaaab3b7b38764823efc3b5ceabe06162b92a6d8fa6ec993029c1b0f55e99a604feac94c4f9a94561d39e743a4a1f44b19a23b1647e06d5073e26f4de2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
13KB

MD5
c7de58b8cadfe968400a40687b05bc2c

SHA1
ad34d2b8727022eedc0a2330a27d82dcc6ff0b84

SHA256
045863f71e41f7c9187ed7ae943aa8d806c013687419af9e5f5eb8b274c64e61

SHA512
3cc6743e04e1400ebc509dd259e16fe964833f062cc45bd9f66ac76e9acea1c66632e8ea02f3501641cd718b8cafc252909b74d8af1e0125c40c8dfcffb1167a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
580B

MD5
274c9513098635574ab79d36ed508630

SHA1
8b08eb91e603a556ef75e9e7a18b3e9857a54910

SHA256
c2bc315314f77eb894c4408e46a81f8fa6836454cbf96eb45de6e36336ca0201

SHA512
f7748ddf63fb7b5db1f3949c27fe19c31f47df8614fa3ec6bd3ecabfd7caf4ace72bccfb57c38c433f2fdf5b6b371bf56512e594667bfe8658737ef247ecf3ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fdaa06c1a5c0c7cce156c21c3a341218

SHA1
66e0f931ce81f7598e667633dd2dd6a3edbd2b41

SHA256
eca05f4dde7023ad8aa56d795e3c9f87f1e4e9ddfd46a812166472b9d6757b97

SHA512
ad8cf0d840079cb6856e40338065372653ee1e4b020ebd879b08ec8f4c12f81b7f717febe428b7f72802916bdd6af441ced636b41af321721921154644499411

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0ae643adca7fe30a853fcd33486bb047

SHA1
de686afc4852ae5abd91cee08a98d14c98392cd1

SHA256
b93c5ea5ebe2e5379ac244d31f5ca946449f356017aa40228251700f95c4be04

SHA512
74e10e241f3bba3010d871f9c14e9e691589b62760e55a3391dff752aa423abbb44e5a72ff9ade863108f7b4495c1596086b558f25cfef4e04d0b0eac9a50902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
afbfb6e0aab772f405141e2b2108acae

SHA1
e677d64a52832f1f5c7cfc8ab40fa6867f0260b1

SHA256
87c8dc81a472ef392528dbe96e4431b28ad06133de121df2c7d92b92c14fc6f4

SHA512
fcccb052e9a0bb9f2d996f46ef79969bd38342f1b87b9e31c8e658a9a29d452109ce137bbf3f111ef1f6fc27da4a4bfaf2dafcee50c3e24e9edc1eb3d0704004

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
710af1440fcc6605d771f955c84927dd

SHA1
ff2c314d809567da16517846f7310269fec15ae5

SHA256
55a44eab62b36b3516aed2ea4efc6eeeb0fac70ed5f28a3abf4e1e00f04b3c13

SHA512
3a8cc293dfbd8dad34b76364a148cf522f1c3b75b9521de000524e1624ebcf3acd3c4da73d54c131d24c9f2bab23f6f883a865b0136983cc4efe66c7189d62f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fae86adcdf0e27a85a9f152c599fed47

SHA1
443ee50bf025e23032f86628448938f7bf86679a

SHA256
25957642b5b4cea01dc686e9458062f32d98642fefc4add40110ed4e52b0e137

SHA512
f9b2cae22474118d9dcdda2d2435a8daad5d4c38a1c0e42d9ef5382094ac99f720fe05581f21e6fe3501481fc0a3260dcbfe5fbafd9f56701a510f4edc24b2b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3e690146e0b4b1a48ee409809584cf8d

SHA1
cbe68bdfbb86777abfc1768e35f0d6595e205d4f

SHA256
46997561761bb558ec8f3ec900a9757336a9818678f920742be57d09e813090c

SHA512
8c0a0ba7e64140fbabab484e16179bc83101f9e735950e64eae3324e61bdb443cba45b8263cee1a65492641c8112fffa227be8dc596c2318ef201898ed0fad8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
42d0cb4544cdf877fcf8400778832917

SHA1
00f88873895e1c55b1dc1b3af8609a0635a83f96

SHA256
fe751760e155355bebc87d97dffeead77c0fb1bfaba0d89885951b3323edc32e

SHA512
bf5815b73d7a80a1b30686dc8fa035ef917ee9dee970ef72316babbbbe0dcd7b81ccd696164f1ab6eced1045760f3aec30f927b9fc75abdbb5a1e016b983e433

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
96c28aed00edd8d9559c90c610dcf2dd

SHA1
2d2e608ddbfb6e1c63e78c17a9532162a86f0b46

SHA256
587922dc9246fe8a5825b0e6097bed977365dd934b190a99cea170d44f3d9f5d

SHA512
29c718ea9167ffd43865342bf029b28ae6f969753882a8727bfa2dfc7802589e7080739ce85ee4d51654c5add51e6fc992a2ef9058720fe1d57e9fd95b14d27c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5785ab.TMP

Filesize
874B

MD5
11c7221d9e8cd2ac7c2bd358854d607e

SHA1
17b36c3f637a9f10180ceceeb278d26d86c48787

SHA256
c5b5fdd014425cd569565eb53583fd8066191c1c4efede03a88b41ea5a727bb3

SHA512
8d800fc624fd6884334b1aed583aadb5db375b661e26cc8fc2eae883c915490df4f7afba1fb0197e5474ffec7bf69fe7d45605a3855a17e5ae4bf5a59c68e5f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fa4cc30651eb70b00a68cc24b5df3082

SHA1
ffc9001c7e56371455ee61cc08e96889d04baf53

SHA256
664436dfd74bb1260d3176bd0aa181ff359d655a632851eb5d22566137ef2bed

SHA512
85775beb178b316d55a075b737e57179772176c62bcc03b74d751331c5eed2ffbcfe84bb82f71b8bd0b215cdf0be49c2ffaefcdb6411e84ce99166d966aa875e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
6d578ad7d553f21b56519ad18cfed778

SHA1
21be7af4a80a20e490e4d48307d2c294dabc329e

SHA256
44af38c552791e49ce524f6ca38a6c1b2adc698b707b8bd60cb738653bad1454

SHA512
8000f0ab876272801d2ffb5ea4042adf81be89f02ba9113d02f3df05a875b6a7878aa11013f9a34f61c9f29cc121b58baebf97056c4affa49a45ce2a0e3b5bcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg-USXJak\3cb442a7039ddcad2aac3f8bd5bfd6a4f9ff253ce47c1616b3a4495f11a5d0b9

Filesize
1.8MB

MD5
3072b68e3c226aff39e6782d025f25a8

SHA1
cf559196d74fa490ac8ce192db222c9f5c5a006a

SHA256
7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01

SHA512
61ebc72c20195e99244d95af1ab44fa06201a1aee2b5da04490fdc4312e8324a40b0e15a7b42fab5179753d767c1d08ae1a7a56ac71a6e100e63f83db849ee61

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\binding.gyp

Filesize
1KB

MD5
c15ddfb3a6b52dfb1296423cd1742b79

SHA1
5974a5e7b7adf82c77d5ac39658efc92c95af51a

SHA256
82567c55bb0ba88de564bbc66e7e4557b1747caff6bb950ce568c87f73050e8e

SHA512
35bc7f00b8663d6fb18341d461f9031b7fee823cee87dc6ac6e1926be31db0503b1e32b5a6f08754194b2fa97207deb774b41322d7ff6dcbe0f3b9b73a5aba5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\deps\common-sqlite.gypi

Filesize
1KB

MD5
92c4c5168a6a883f2a69ea4a1a37b7b5

SHA1
6dedc03d603631c1f70c626f5ef9d8ee6f342efa

SHA256
7b557c097c162c9ba04985ab822f92a176bf848c34ca38e54f061057ad0d8bd0

SHA512
904e605fe5bf1134031edcadc91ed55bf72d7fb1c862f99f25a672d29fdb34af22d4114cae389a853d703bc35bfc2c8429f86608fed5eec897c115ac3dea8de5

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\deps\extract.js

Filesize
224B

MD5
f0a82a6a6043bf87899114337c67df6c

SHA1
a906c146eb0a359742ff85c1d96a095bd0dd95fd

SHA256
5be353d29c0fabea29cfd34448c196da9506009c0b20fde55e01d4191941dd74

SHA512
d26879f890226808d9bd2644c5ca85cc339760e86b330212505706e5749464fafad1cb5f018c59a8f034d68d327cd3fa5234ceac0677de1ac9ae09039f574240

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\deps\sqlite-autoconf-3410100.tar.gz

Filesize
3.0MB

MD5
c6d5034cf39232299ccfdf8e3ddc5781

SHA1
e77599a2df4c5b114c942ddba4483550d8982bf2

SHA256
4dadfbeab9f8e16c695d4fbbc51c16b2f77fb97ff4c1c3d139919dfc038c9e33

SHA512
6e6dafc35b8b11df3cd3bea48aaf84a102893242cffbe18eb7b111791563095111a2a8a5632636b8f46523d98d16e2b48dab79ee6707a141b22c2e6fde3002a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\deps\sqlite3.gyp

Filesize
2KB

MD5
0e4d1d898d697ec33a9ad8a27f0483bf

SHA1
1505f707a17f35723cd268744c189d8df47bb3a3

SHA256
8793f62b1133892ba376d18a15f552ef12b1e016f7e5df32ffb7279b760c11bd

SHA512
c530aba70e5555a27d547562d8b826b186540068af9b4ccd01483ec39f083a991ac11d0cc66f40acaa8b03d774080f227ee705a38995f356a14abe6e5f97b545

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\lib\sqlite3-binding.js

Filesize
241B

MD5
ff6a0462767c6bf185a566f4aef65ba5

SHA1
7a3c3ee6748d00fac6e51e366518bb48a41794bb

SHA256
049b7b1b10417274be6c3e6a9518ac364729354435298d70abf834c35e8f3bf3

SHA512
088d706f5a18323128547b0f126564fb7fa7a36dc8365ee8287663b2cb63da2d02a991bc5cda19af24da2aa063357c25f21347835f9a8aaef341b33bd21127df

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\lib\sqlite3.d.ts

Filesize
6KB

MD5
ef8ef3bd8e4332d3fc264f0adf877b8d

SHA1
7e4d52f5e397ed1d51dcced24ace9a5e00f91500

SHA256
a39db87a3a3aa954ac3f6553b9fbfc642eb22bef7586cc1f0559e676aa073fa8

SHA512
5e456ee839f988fed95f816278a3da6998c8757403b98351c4bc26ca197146747b7a20e0c1a702818053547c4d9f9bcf9607bb778c88ca7cf22f21d9c9b4b091

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\lib\sqlite3.js

Filesize
6KB

MD5
275019a4199a84cfd18abd0f1ae497aa

SHA1
8601683f9b6206e525e4a087a7cca40d07828fd8

SHA256
8d6b400ae7f69a80d0cdd37a968d7b9a913661fa53475e5b8de49dda21684973

SHA512
6422249ccd710973f15d1242a8156d98fa8bdea820012df669e5363c50c5d8492d21ffefcdfa05b46c3c18033dde30f03349e880a4943feda8d1ee3c00f952b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\lib\trace.js

Filesize
1KB

MD5
e5c2de3c74bc66d4906bb34591859a5f

SHA1
37ec527d9798d43898108080506126b4146334e7

SHA256
d06caec6136120c6fb7ee3681b1ca949e8b634e747ea8d3080c90f35aeb7728f

SHA512
e250e53dae618929cbf3cb2f1084a105d3a78bdfb6bb29e290f63a1fd5fbb5b2fab934ad16bc285e245d749a90c84bdc72fdc1a77af912b7356c18b0b197fbe5

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\package.json

Filesize
2KB

MD5
4092df8ba917fc1f5c1a894e82dbcda7

SHA1
64f6bd61b1f5add58797b1cb4b7f2c4f0209ee93

SHA256
6e76bbf0929f90c0fd803b4a5c920d2a3895d0d6d5f21aaec2d581ef55b54854

SHA512
878ab30b2a488caea72a0ebfdedb6769a84726811cc7dcc3723200244d2348ff525644637fd7a5517c4a034b19a1b4008ae9ae1ec4e8161f3b3092cbf5a1eb6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\src\async.h

Filesize
1KB

MD5
7fcbaffdc03bb5164fbb27f8552dcf5d

SHA1
590e3430c1dfa30f241d56ea01f364d5b9e7e991

SHA256
b6e86bf43d74c8ee2c2f57eb1947be6ce5d8c258c4866609571ed6c97b58b53c

SHA512
e44d4850651e0e070d3f686db3d3797632121e32dc65b869739c0b45cfa13c055fc42d650f04c41915264b8772fcfeb2a38148b9fbe21a001af5a455854336b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\src\backup.cc

Filesize
13KB

MD5
0378851cbf52bbc5bde41bcc23532741

SHA1
ebdf918ccfd19a5b07e71d6e446d203468c32ff7

SHA256
c011d2d4e3ac82c55a8f9a9af39d4adea144ab5f1d2dc259299fbf6107b8a6d0

SHA512
cc7354f3d9a815156c5fd8cd134b61bd398df707a79a3d8d287018d58a9ec326cf0d238138a7dbc2e3f0ab0a6ef8063339b531769e25707263d4782cf88e5947

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\src\backup.h

Filesize
6KB

MD5
283f3987e0e65dca1b029bdbb625ccc2

SHA1
285d7995459c11a47e13834ae3ec0167eacf7d01

SHA256
d3956cdbb650e1ecff8c94fe4e8645f80e10088156d409703c19f186a9c41aa8

SHA512
ff5c21bd53bf75b33a5430d1abdc8a8649af1535ec02aa5fceb91ed1189e44f0818e25556946d3ad8032b077fa30e73503464aff219b42cbace1ea3f97acb605

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\src\database.cc

Filesize
22KB

MD5
d3e2d9c6b33e40f55f6e7c8ca338ea05

SHA1
49a0f20904612566ad64b01e4bf32ac36f1e3acb

SHA256
9b799ccdcf9649a9b79d78dcc2882f60e1a9bfbac98949ad18cef97cb433b22b

SHA512
6012fa83d0cd547d8401b8f9342da046e940b1fe135e6fb71d79d80444ba7101ad161a157bf5e63ec8a24a8cf7a48f641de1d4578ab4b49204294f8951030a60

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\src\database.h

Filesize
5KB

MD5
f023c6c0baf0411cb6eef0a7b2baad13

SHA1
748b78bf3ed5adc11e83f705033d8338d7eef2b5

SHA256
8c5bcd084dddab2f2994b6cddc9b69a8f78a1034588b765e7bd859f27868fe43

SHA512
08648cb37c0284799bb98fa2eb1abb508c8b992b43425203839e1e7f4092b7d2d7c83f6419417281ae278d3d61ade0b65959cf12f0c449a9688ee97749593dad

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\src\gcc-preinclude.h

Filesize
861B

MD5
55a9165c6720727b6ec6cb815b026deb

SHA1
e737e117bdefa5838834f342d2c51e8009011008

SHA256
9d4264bb1dcbef8d927bb3a1809a01b0b89d726c217cee99ea9ccfdc7d456b6f

SHA512
79ed80377bfb576f695f271ed5200bb975f2546110267d264f0ab917f56c26abf6d3385878285fe3e378b254af99b59bdb8bbcab7427788c90a0460eb2ee5b77

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\src\macros.h

Filesize
11KB

MD5
592ca8ac280135c059c9ed651ac738c3

SHA1
ac8e8b5e835ea2810a443df2a57f3bdc3c60b2c6

SHA256
8d1afb5d27eab8302de08aca87eb6edc1b99ae963a854d3bd652a4fc61cbe3c6

SHA512
b4e317200e3cab4dfac93e684150d21f7dd89a656f8a9f576b9cfb22090e8db6c458008a4a1406121fabdac034cfb80200a740d0caf6ec63fbf71ad2fde41029

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\src\node_sqlite3.cc

Filesize
5KB

MD5
7d033e9b15e4f2230d8ef59cde708c69

SHA1
9b05c5cf3f4fc9b2c20ba46420002bb48edceb21

SHA256
e80fae190ace1a5153a397ae9fe55d6d28651471fb7bebf9bbb5528095d70f44

SHA512
0e709a8c58b73cf6d90f99ce2e0d9f2dbd8defe8dc8bc8919f82ab8ce66e7b4435dacb25b919e3a75030777e6a91beb2132653424b129f12d1169e6a28ab163c

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\src\statement.cc

Filesize
29KB

MD5
e4fdd4a8050136f79a1812970449eaaf

SHA1
2aaf4df70fd3b3acc34c258dd6067c259de33a18

SHA256
f868e9b32074053bdb621d6d1ffc8d8dbe65d14f95b273d57d97b0479741731a

SHA512
0ca732aa6c706bc0c0c54d09ff31e9c648c7baf5fa81ea44606276072767664f0d72cbe3f8c354eec120f5f2040dcda52481d9d32ba286f22c23cf51fa6919e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\src\statement.h

Filesize
6KB

MD5
13d7bf3557e57ef3036bad68cfa8faae

SHA1
94c1af952f38e9f1ad2d722ec3a063fbe666e66b

SHA256
2c99d9cef21876db64b610dd9baba8de1f7c94028d6d1c463eb3db213745b3bf

SHA512
63e4543833d602b0c6ad9c21438e61782c252a5e30b776a9c942e1ecc34c1a7c471a39195caa20aefb072add66c83d99af902d620857d18ddad196f4f207a161

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\src\threading.h

Filesize
388B

MD5
f2a075d3101c2bf109d94f8c65b4ecb5

SHA1
d48294aec0b7aeb03cf5d56a9912e704b9e90bf6

SHA256
e0ab4f798bccb877548b0ab0f3d98c051b36cde240fdf424c70ace7daf0ffd36

SHA512
d95b5fda6cb93874fe577439f7bd16b10eae37b70c45ae2bd914790c1e3ba70dfb6bda7be79d196f2c40837d98f1005c3ed209cab9ba346ada9ce2ed62a87f13

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\da2172ce055fa47d6a0ea1c90654f530abed33f69a74d52fab06c4c7653b48fd\@primno\dpapi\binding.gyp

Filesize
938B

MD5
91d941775043df9c39de968e43d95e3b

SHA1
fd881a43ce443f0eedfd11d595eb47f873d0e083

SHA256
d093676ff7f72b93d21cd1cb809167ab2198868f990eac8ab7dd4d196f33f18d

SHA512
bbd8019c300e68d951b97e3d2b3e3088b110ee318b150b39b4c8e374a1239f929f6bc17b131ef8321d8e68ba443f28c0119f4605a97aa4061b4f3195591c6ded

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\da2172ce055fa47d6a0ea1c90654f530abed33f69a74d52fab06c4c7653b48fd\@primno\dpapi\dist\index.d.ts

Filesize
411B

MD5
fec85fa3a3a7565a40baf3ce1bb3ce01

SHA1
9ecd3b70ea677c149d32ff49179151647e867987

SHA256
cb781599f1fa516e89e70f9cea142fbe35df7e42e2b48cf499839b8a23e203f4

SHA512
d3633d143fa7dff7048aa9acaedb73171d5222828fe56300cb57b4ff2ad6fdf576dd54d3d757f7b83f9ab639c26ece6044882a7bd66b4ac293d0b32559cde56d

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\da2172ce055fa47d6a0ea1c90654f530abed33f69a74d52fab06c4c7653b48fd\@primno\dpapi\dist\index.js

Filesize
412B

MD5
0b33e83d33b01a51625a0fdcbef42ce3

SHA1
1c29d999ff7da39426b97f2eb31a3d83db8f5fc7

SHA256
a7ff0225cb5ebcbef8499c6c8ac2be924f584eb375dacb1d8bd3dc6540b510f2

SHA512
1d04caf4fc2e876bdf2a089ae938a41fe4d3f2928aa846709bafd2de236fa8c754fcc84d7e8a5f5734bc1cecc04b395ab9d2114945b35e8c85cd3b9ee8f9799c

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\da2172ce055fa47d6a0ea1c90654f530abed33f69a74d52fab06c4c7653b48fd\@primno\dpapi\package.json

Filesize
1KB

MD5
2f21c3a26ec0b7aa14918f7347428f40

SHA1
dc0dc2418a4197eb605501d1f95da5b9d8b655e2

SHA256
34f3eb34fc4f852b4d68dbfdc1dde831467bc8fe2b4280c50453efb56444078a

SHA512
49f6c54a80a4ee476127a2d5c89c5722257dfbc21ca241e6502ff2cd858a59fe16e5993188acb57c3802c3dd0a67d007323105b948082806fad58aa6360af9f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\da2172ce055fa47d6a0ea1c90654f530abed33f69a74d52fab06c4c7653b48fd\@primno\dpapi\prebuilds\win32-x64\node.napi.node

Filesize
137KB

MD5
04bfbfec8db966420fe4c7b85ebb506a

SHA1
939bb742a354a92e1dcd3661a62d69e48030a335

SHA256
da2172ce055fa47d6a0ea1c90654f530abed33f69a74d52fab06c4c7653b48fd

SHA512
4ea97a9a120ed5bee8638e0a69561c2159fc3769062d7102167b0e92b4f1a5c002a761bd104282425f6cee8d0e39dbe7e12ad4e4a38570c3f90f31b65072dd65

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\da2172ce055fa47d6a0ea1c90654f530abed33f69a74d52fab06c4c7653b48fd\@primno\dpapi\src\dpapi_addon.h

Filesize
206B

MD5
ea1e5899ec0210d7de4ce325d1d94022

SHA1
464da48d40547cb08a67a1ed38cb0ae8369f2f42

SHA256
18280b1135123aff82fbf4188a5aadfc9a5d6fffad9309f72f347f380f2da550

SHA512
6dae672ea822a7dc5e42914def21c019c0fa8aeaf1c27c155b78312d8a33a63ae9a1910dd32b72760578671780b8c37b91ff5e1f6588f08c7fbaaff80d8fb6fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\da2172ce055fa47d6a0ea1c90654f530abed33f69a74d52fab06c4c7653b48fd\@primno\dpapi\src\dpapi_not_supported.cpp

Filesize
327B

MD5
c510e65ebcb2fa7c00712e770ec8c692

SHA1
ca1ea3c8340dcf69f344d5eaa884631eef37472b

SHA256
7c03cec11c438b6d2512239477d9f1b45d6e16763122a3a36458ab339f50d3c4

SHA512
b0b312426b4409c80b45a0f3337069be9870e050dc8b55184fb2bc63532c247089c8d35cbd1f12f0bd2bd38d581566faa74a6469b548a1ad7d837285ad37c178

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\da2172ce055fa47d6a0ea1c90654f530abed33f69a74d52fab06c4c7653b48fd\@primno\dpapi\src\dpapi_win.cpp

Filesize
2KB

MD5
4a55597a2c7466278439452bb708b822

SHA1
eaadcda8f410f2dd1fd9522fd7a2221624dd1713

SHA256
da37b02fb0babb651244479ea019d229fff1c41ecde74bc06335b5e603d9b30e

SHA512
b20efe8026de41dd8c13c6f844455cacc13fa80bc3dd41fef422fb178054a7c8d6f14af8b1d6928e52648ab95a793aee1f996dc2aceead3aa8d317a99aad23bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\da2172ce055fa47d6a0ea1c90654f530abed33f69a74d52fab06c4c7653b48fd\@primno\dpapi\src\main.cpp

Filesize
698B

MD5
88934cc736b505ada3d07afe22083568

SHA1
6d1d112f4e7fc943dc5c9ce5ad2f32154aeb2f3a

SHA256
1ada21451bab629832372d519e366bfb08c80facfefe5a40c76a4f10a697c905

SHA512
9f45386cba32d13a50360916b0c2f240e43cba5983a86ad80f85c75cd8e6ac2c6b931992842a736e84e234b91fc46a7a66824a3a2748f474cf1bbd22ec138a99

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\da2172ce055fa47d6a0ea1c90654f530abed33f69a74d52fab06c4c7653b48fd\@primno\dpapi\test\dpapi.spec.ts

Filesize
1KB

MD5
eae2e98d30b688201cdb21dba195caa7

SHA1
2e023daae996d1562d77db748bbe488ff5b8ffc9

SHA256
76c7b4ef93b24d30ffda6de645aecbf2859ce44053b48d71750aeeb92a0ed82a

SHA512
8411e9ac726a02c3adc2ee8315166bcd026e6418d79118a130e8e4b952e585aa92324d526d45812238593a30211da6fa58dc0e9899fc6b6df17a75b711ea3e3e

Download Submit
C:\Users\Admin\Downloads\ReYANG-Windows\ReYANG-win.exe

Filesize
45.0MB

MD5
b23926a5155fdb7b6a2b346798b3ed89

SHA1
f765081c0ff0e84008f30dcdf75293ae5f79a7b3

SHA256
840a59be8a916081f7f969ece99b1986ba2b46f9c7d3ea23a2e39fee6d16f090

SHA512
94d3a32d4c862079ffa52582ff3357bbdfeffc40fb1761702249e9de461fdfcf1198a95f3589e34ce0c495b4b2ec273122abfb6697d3efa079407fe6d76ac4fe

Download Submit
C:\Users\Admin\Downloads\ReYANG-Windows\config.yml

Filesize
1KB

MD5
98d55c31ac02b32ac3c147cad3a97ed0

SHA1
1d72218c5cdd5cfe65187d66833eeaa16fad9368

SHA256
b61bac80531f43058953c0747218203b4794908db361ed0a032d79f1168f6bdc

SHA512
36e48ab538dc41350ad4cb2a0127a1727db54b136e65f12526ac1648d884e462a28ebf7f7ca85eff37da5e7de9baddac9b28819395e65a7eb3dc83dbdd50f78e

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 863822.crdownload

Filesize
22.7MB

MD5
a150089be54a7375f3e9c7ed51a8784b

SHA1
16d741a238f7d1a4e11d71dd0df24d3f91cbc698

SHA256
3682eb85d6c27e72adf2bb1de1888946287d7ab2daa9d4ac58a4c0b2858f5182

SHA512
d1687dcbe3a6c46343d17ed4e0cbffc4a971aaf074c6aefde66817cd37ebe0a2680367cb55a63f003b55c470cea02338a27c4fa1e1fe0d8d09e0f3a6234c60ff

Download Submit