Edit tour

Windows Analysis Report
MayitaV16.exe

Overview

General Information

Sample name:	MayitaV16.exe
Analysis ID:	1560584
MD5:	e5bb039da501cae7edddf9268ec43741
SHA1:	a7571b4b9a2c93187f20bf4de5d7852154b15216
SHA256:	e92d4f3c94a734fb23d91270012fe3c13f566d1f3d6b7ec166bd30666cd2b036
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption

Drops large PE files

Tries to harvest and steal browser information (history, passwords, etc)

Creates a process in suspended mode (likely to inject code)

Drops PE files

Drops files with a non-matching file extension (content does not match file extension)

Enables security privileges

Found dropped PE file which has not been started or loaded

IP address seen in connection with other malware

Installs a raw input device (often for capturing keystrokes)

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries keyboard layouts

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: Browser Started with Remote Debugging

Stores files to the Windows start menu directory

Uses 32bit PE files

Uses taskkill to terminate processes

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

System is w10x64

MayitaV16.exe (PID: 7396 cmdline: "C:\Users\user\Desktop\MayitaV16.exe" MD5: E5BB039DA501CAE7EDDDF9268EC43741)

MayitaV16.exe (PID: 7840 cmdline: "C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe" MD5: DF1D5E605E98A3A533E6AD7E585442E0)

cmd.exe (PID: 8136 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 8148 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WMIC.exe (PID: 8188 cmdline: wmic csproduct get uuid MD5: C37F2F4F4B3CD128BDABCAEB2266A785)

MayitaV16.exe (PID: 1052 cmdline: "C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1852 --field-trial-handle=1856,i,4436367812585847446,8332434346284091481,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2 MD5: DF1D5E605E98A3A533E6AD7E585442E0)

MayitaV16.exe (PID: 2800 cmdline: "C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=2348 --field-trial-handle=1856,i,4436367812585847446,8332434346284091481,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8 MD5: DF1D5E605E98A3A533E6AD7E585442E0)

chrome.exe (PID: 2720 cmdline: "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5820 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2020 --field-trial-handle=1984,i,3138843665654156619,11594928844437088871,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

msedge.exe (PID: 7684 cmdline: "C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 5184 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2116 --field-trial-handle=1972,i,14171082060860887493,6740327589289574467,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8560 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --no-sandbox --mojo-platform-channel-handle=5364 --field-trial-handle=1972,i,14171082060860887493,6740327589289574467,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

cmd.exe (PID: 8616 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 8624 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tasklist.exe (PID: 8680 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)

cmd.exe (PID: 8640 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 8656 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tasklist.exe (PID: 8764 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)

cmd.exe (PID: 8668 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 8700 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tasklist.exe (PID: 8776 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)

cmd.exe (PID: 8852 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM EpicGamesLauncher.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 8860 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 8892 cmdline: taskkill /IM EpicGamesLauncher.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

cmd.exe (PID: 8900 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /T /IM chrome.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 8916 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 8984 cmdline: taskkill /F /T /IM chrome.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

cmd.exe (PID: 8924 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /T /IM chrome.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 8944 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 9072 cmdline: taskkill /F /T /IM chrome.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

cmd.exe (PID: 8992 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /T /IM chrome.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 9004 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 9088 cmdline: taskkill /F /T /IM chrome.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

cmd.exe (PID: 9136 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM javaw.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 9144 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 9184 cmdline: taskkill /IM javaw.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

cmd.exe (PID: 9212 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM Steam.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 1312 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 6204 cmdline: taskkill /IM Steam.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

cmd.exe (PID: 7760 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 3248 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tasklist.exe (PID: 5272 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)

cleanup

Sigma Signatures

System Summary

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000, CommandLine: "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000, CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe" , ParentImage: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe, ParentProcessId: 7840, ParentProcessName: MayitaV16.exe, ProcessCommandLine: "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000, ProcessId: 2720, ProcessName: chrome.exe

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: -----BEGIN PUBLIC KEY-----

memstr_230c0e73-8

Source: MayitaV16.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Users\user\Desktop\MayitaV16.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ab644055-b4e9-5f6e-a5b5-ef13859cd8b1

Jump to behavior

Source: C:\Users\user\Desktop\MayitaV16.exe	File created: C:\Users\user\AppData\Local\Temp\nse79D5.tmp\7z-out\LICENSE.electron.txt			Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	File created: C:\Users\user\AppData\Local\Programs\unrealgame\LICENSE.electron.txt			Jump to behavior

Source: MayitaV16.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: 'ProgramDataBaseFileName': '$(IntDir)\\vc90b.pdb', source: MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: pdb_base = '%s.%s.pdb' % (pdb_base, TARGET_TYPE_EXT[target_dict['type']]) source: MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: pdbpath_cc = pdbpath + '.cc.pdb' source: MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Dev\elevate\bin\x86\Release\Elevate.pdb source: MayitaV16.exe, 00000000.00000003.1916544111.0000000002B34000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: pdb = self.GetPDBName(config, expand_special, output_name + '.pdb') source: MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: pdbpath_c = pdbpath + '.c.pdb' source: MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: # the .pdb by the precompiled header step for .cc and the compilation of source: MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D3DCompiler_47.pdb source: MayitaV16.exe, 00000000.00000003.1858941135.00000000051E5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: - Use '<(PRODUCT_DIR)/<(product_name).(exe\|dll).pdb' if 'product_name' is source: MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 'ProgramDatabaseFile': 'Flob.pdb', source: MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: - Use '<(PRODUCT_DIR)/<(target_name).(exe\|dll).pdb'. source: MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: config_name, self.ExpandSpecial, output + '.pdb') source: MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\projects\src\out\Default\ffmpeg.dll.pdb source: MayitaV16.exe, 00000000.00000003.1860288601.00000000051EC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D3DCompiler_47.pdbGCTL source: MayitaV16.exe, 00000000.00000003.1858941135.00000000051E5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\projects\src\out\Default\electron.exe.pdb source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 'ProgramDataBaseFileName': '$(IntDir)vc90b.pdb', source: MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\projects\src\out\Default\vk_swiftshader.dll.pdb source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1911988645.00000000051EC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\projects\src\out\Default\libGLESv2.dll.pdb source: MayitaV16.exe, 00000000.00000003.1778684027.0000000006930000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: config_name, self.ExpandSpecial, output + '.pdb') source: MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: '$(IntDir)$(ProjectName)\\vc80.pdb', only_if_unset=True) source: MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: # See comment at cc_command for why there's two .pdb files. source: MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\projects\src\out\Default\vulkan-1.dll.pdb source: MayitaV16.exe, 00000000.00000003.1856211062.0000000005BE0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1854051189.0000000005490000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1853858810.0000000004C60000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1912128736.0000000002B34000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\MayitaV16.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	File opened: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	File opened: C:\Users\user\AppData\Local\Programs\unrealgame	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	File opened: C:\Users\user\AppData\Local\Programs	Jump to behavior

Source: chrome.exe

Memory has grown: Private usage: 12MB later: 27MB

Source: Joe Sandbox View	IP Address: 172.67.169.156 172.67.169.156
Source: Joe Sandbox View	IP Address: 162.159.61.3 162.159.61.3
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View	IP Address: 45.112.123.126 45.112.123.126

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp

String found in binary or memory: * **Google Hangouts Video**: http://www.youtube.com/watch?v=I9nDOSGfwZg equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: hexon.fun
Source: global traffic	DNS traffic detected: DNS query: api.gofile.io
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: ntp.msn.com

Source: unknown

HTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message

Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://2x.io)
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.izs.me)
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://blog.izs.me/)
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://certificates.godaddy.com/repository/gd_intermediate.crt0
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://certificates.godaddy.com/repository100.
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cgit.freedesktop.org/xorg/xserver/tree/COPYING
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://christalkington.com/
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cldr.unicode.org/index/downloads
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://code.google.com/p/smhasher/
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://code.google.com/p/v8
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cr.yp.to/djb.html
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.godaddy.com/gds1-20
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dev.w3.org/2006/webapi/XMLHttpRequest-2/Overview.html#the-formdata-interface
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://devel.freebsoft.org/speechd
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://developer.android.com/tools/extras/support-library.html
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://docs.python.org/library/uuid.html
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://dominictarr.com)
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://encoding.spec.whatwg.org/#big5-encoder
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/common
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/commonnode-set..
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fedorahosted.org/lohit>
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://feross.org
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://form-data.github.io/images/gitterbadge.svg)
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://freedesktop.org
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://git.linuxtv.org/v4l-utils.git
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/garycourt/uri-js
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.github.io/snappy/
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://hyperelliptic.org/tanja
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://icl.com/saxon
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://icl.com/saxonorg.apache.xalan.xslt.extensions.RedirectxsltDocumentElem:
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://icu-project.org/docs/papers/gb18030.html
Source: MayitaV16.exe, 00000000.00000003.1916544111.0000000002B34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://int3.de/
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://juliangruber.com
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://labs.creativecommons.org/licenses/zero-waive/1.0/us/legalcode>
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ljharb.codes
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://localhosthttp://127.0.0.1object-src
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://me.abelcheung.org/articles/research/what-is-cp951/
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://moztw.org/docs/big5/
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://mxr.mozilla.org/comm-central/source/mozilla/netwerk/base/src/nsURLParsers.cpp
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://n8.io/)
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://narwhaljs.org)
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://npm.im/minipass)
Source: MayitaV16.exe, 00000000.00000000.1689311795.000000000040A000.00000008.00000001.01000000.00000003.sdmp, MayitaV16.exe, 00000000.00000002.1963522660.000000000040A000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.godaddy.com/0J
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://pajhome.org.uk/crypt/md5
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://re-becca.org/)
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://s..
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://scripts.sil.org/OFL
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://semver.org/
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://source.android.com/
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://source.android.com/compatibility)
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://source.icu-project.org/repos/icu/data/trunk/charset/data/xml/gb-18030-2000.xml
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://src.chromium.org/viewvc/blink/trunk/Source/devtools/front_end/SourceMap.js
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/xz/COPYING
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://stackoverflow.com/a/16459606/376773
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stackoverflow.com/a/22747272/680742
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://stackoverflow.com/a/398120/376773
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://substack.net)
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tanyabrassie.com/
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc3501#section-5.1.3
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc3501#section-5.1.3)
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tukaani.org/xz/
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tweetnacl.cr.yp.to/
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tweetnacl.cr.yp.to/)
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://unlicense.org
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://unlicense.org/)
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://userguide.icu-project.org/strings/properties
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://valgrind.org
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://webkit.org/
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://wiki.whatwg.org/wiki/Crypto
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.chromium.org
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.cryptojedi.org/users/peter/
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.cs.ru.nl/~sjakie/
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.freedesktop.org/wiki/Software/xdg-user-dirs
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.futurealoof.com)
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.gutenberg.org/ebooks/53).
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.haible.de/bruno/charsets/conversion-tables/Big5.html
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.jclark.com/xt
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.joyent.com
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.khngai.com/chinese/charmap/tblgbk.php?page=0
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.linux-usb.org/usb-ids.html
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.midnight-commander.org/browser/lib/tty/key.c
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.movable-type.co.uk/scripts/sha1.html
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/MPL/
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.nongnu.org/freebangfont/downloads.html#mukti
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.ogcio.gov.hk/en/business/tech_promotion/ccli/terms/doc/2003cmp_2008.txt
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.ogcio.gov.hk/tc/business/tech_promotion/ccli/terms/doc/hkscs-2008-big5-iso.txt
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ploscompbiol.org/static/license
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.squid-cache.org/Doc/config/half_closed_clients/
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.strongtalk.org/
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.suitable.com
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.suitable.com/tools/smslib.html
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.suitable.com/tools/smslib.html>
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.unicode.org/Public/MAPPINGS/OBSOLETE/EASTASIA/OTHER/BIG5.TXT)
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.unicode.org/Public/MAPPINGS/VENDORS/MICSFT/WINDOWS/CP950.TXT
Source: MayitaV16.exe, 00000000.00000003.1755606463.0000000005DE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.unicode.org/copyright.html
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.unix.org/Public/UNIDATA/EastAsianWidth.txt
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.webrtc.org
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.youtube.com/watch?v=I9nDOSGfwZg
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www8.plala.or.jp/tkubota1/unicode-symbols-map2.html
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xmlsoft.org/XSLT/
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xmlsoft.org/XSLT/namespace
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xmlsoft.org/XSLT/namespacehttp://www.jclark.com/xtxsl:key
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xmlsoft.org/XSLT/xsltNewExtDef
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zlib.net/
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://android.com/pay
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons.gcp.gvt2.com/domainreliability/upload
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons.gcp.gvt2.com/domainreliability/uploadhttps://beacons.gvt2.com/domainreliability/uplo
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons.gvt2.com/domainreliability/upload
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons2.gvt2.com/domainreliability/upload
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons3.gvt2.com/domainreliability/upload
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons4.gvt2.com/domainreliability/upload
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons5.gvt2.com/domainreliability/upload
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons5.gvt3.com/domainreliability/upload
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bit.ly/audio-worklet)
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bit.ly/audio-worklet)ScriptProcessorHandler::ProcessScriptProcessorHandler::Process
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://blueimp.net
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=10201
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=3175#c4
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=162431
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=310299
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=695438).
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=745678
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=912470#c31
Source: MayitaV16.exe, 00000000.00000003.1912812737.0000000002B34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en&category=theme81https://myactivity.google.com/myactivity/?u
Source: MayitaV16.exe, 00000000.00000003.1915246930.0000000002B34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=sr&category=theme81https://myactivity.google.com/myactivity/?u
Source: MayitaV16.exe, 00000000.00000003.1916544111.0000000002B34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=ur&category=theme81https://myactivity.google.com/myactivity/?u
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chromium.googlesource.com/chromium/src/
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chromium.googlesource.com/vulkan-deps/
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chromium.googlesource.com/webm/libwebm
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chromium.googlesource.com/webm/libwebp
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/domainreliability/upload
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=25916
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#clear
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#console-namespace
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#count
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#count-map
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#countreset
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#table
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://cr.joyent.us)
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1144908
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1144908.
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1144908.The
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1144908Changing
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1393662).
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/v8/7848
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://creativecommons.org/licenses/by-sa/4.0/
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://creativecommons.org/licenses/by/3.0/
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://cs.chromium.org/chromium/src/v8/tools/SourceMap.js?rcl=dd10454c1d
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://datatracker.ietf.org/doc/draft-ietf-rtcweb-ip-handling.
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://datatracker.ietf.org/doc/html/rfc7231#section-6.4
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://datatracker.ietf.org/doc/html/rfc7238
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dejavu-fonts.github.io/Download.html
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Tools/Web_Console#Styling_messages
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/PerformanceResourceTiming
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Equality_comparisons_and_sameness#Loose_equa
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/endsWith
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/includes
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/startsWith
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://developers.google.com/android/guides/setup
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/d/17aTgLnjMXIrfjgNaTUnHQO7m3xgzHR2VXBTmi03Qii4/
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org/#encode-and-enqueue-a-chunk
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org/#encode-and-flush
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org/#textdecoder
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org/#textencoder
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org/#utf-8-decoder
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://esdiscuss.org/topic/isconstructor#content-11
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://example.org
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://example.orgExpired
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://feross.org
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://feross.org/support
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://fetch.spec.whatwg.org/
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://fetch.spec.whatwg.org/#fetch-timing-info
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gist.github.com/XVilka/8346728#gistcomment-2823421
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/ChromiumWebApps/chromium/blob/b3d3b4da8bb94c1b2e061600df106d590fda3620/net/cookie
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Cyan4973/xxHash
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/GPUOpen-LibrariesAndSDKs/VulkanMemoryAllocator
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/GoogleChromeLabs/text-fragments-polyfill
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/KhronosGroup/SPIRV-Cross
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/KhronosGroup/SPIRV-Headers.git
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/KhronosGroup/SPIRV-Tools.git
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/KhronosGroup/Vulkan-Headers
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/KhronosGroup/Vulkan-Loader
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/LiosK/UUID.js
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Qix-/color-convert/blob/3f0e0d4e92e235796ccb17f6e85c72094a651f49/conversions.js
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/RyanZim/universalify#readme
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/RyanZim/universalify.git
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/STRML/async-limiter
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Squirrel/Squirrel.Mac
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/TooTallNate/util-deprecate
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/WICG/scheduling-apis
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/WebAssembly/esm-integration/issues/42
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/WebBluetoothCG/web-bluetooth/blob/main/implementation-status.md
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/aawc/unrar.git
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/addaleax/eventemitter-asyncresource
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/andyperlitch/jsbn.git
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/archiverjs/node-compress-commons
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/archiverjs/node-zip-stream
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/archiverjs/node-zip-stream.git
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/archiverjs/node-zip-stream/blob/master/LICENSE
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/ashtuchkin/iconv-lite
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/ashtuchkin/iconv-lite/wiki/Javascript-source-file-encodings
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/ashtuchkin/iconv-lite/wiki/Node-v4-compatibility
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/ashtuchkin/iconv-lite/wiki/Use-Buffers-when-decoding
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/blueimp/JavaScript-MD5
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/browserify/node-util
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chalk/ansi-regex/blob/HEAD/index.js
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chalk/ansi-styles?sponsor=1
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chalk/strip-ansi?sponsor=1
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chalk/supports-color
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chalk/wrap-ansi?sponsor=1
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chromium/chromium/blob/HEAD/third_party/blink/public/platform/web_crypto_algorith
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/da-x/rxvt-unicode/tree/v9.22-with-24bit-color
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/davepacheco/javascriptlint
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/davepacheco/jsstyle
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dchest/tweetnacl-js.git
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dchest/tweetnacl-util-js
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/defunctzombie/node-util
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dominictarr/varstruct
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dominictarr/varstruct.git
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/facebook/react-native/pull/1632
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/feross/buffer
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/feross/buffer/issues/154
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/feross/buffer/issues/166
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/feross/buffer/issues/219
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/feross/buffer/pull/148
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/feross/safe-buffer
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/floodyberry/poly1305-donna
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/floodyberry/poly1305-donna)
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/garycourt/uri-js
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/repairES5.js
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/startSES.js
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/closure-compiler/wiki/Source-Maps
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/diff-match-patch/tree/master/javascript
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/distributed_point_functions
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/google-api-cpp-client/
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/ruy
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/ukey2
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/woff2
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/wuffs-mirror-release-c
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/xnnpack
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/heycam/webidl/pull/946.
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/holepunchto/text-decoder#readme
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/holepunchto/text-decoder.git
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/iarna/wide-align
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/iojs/readable-stream/issues/101)
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/iojs/readable-stream/issues/102)
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/iojs/readable-stream/issues/105)
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/iojs/readable-stream/issues/106
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/iojs/readable-stream/issues/99)
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/iojs/readable-stream/labels/wg-agenda
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/color-support.
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/minipass.git
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/minizlib.git
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/node-glob/issues/167
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/node-glob/issues/205
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/yallist.git
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/joyent/eng/blob/master/docs/index.md)
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/joyent/joyent-gerrit/blob/master/docs/user/README.md).
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/joyent/node
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/joyent/node/issues/3295.
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/juliangruber/brace-expansion
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/juliangruber/isarray
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/libuv/libuv/pull/1501.
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mafintosh/end-of-stream
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mafintosh/pump
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mafintosh/tar-stream
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mafintosh/tar-stream.git
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mathiasbynens/emoji-regex.git
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mikeal/tunnel-agent
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mysticatea/abort-controller
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/TSC/blob/master/Moderation-Policy.md
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/io.js/blob/cff7300a578be1b10001f2d967aaedc88aee6402/lib/readline.js#L1345
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/io.js/blob/cff7300a578be1b10001f2d967aaedc88aee6402/lib/readline.js#L1369
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node-v0.x-archive/issues/2876.
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/blob/master/CODE_OF_CONDUCT.md
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/blob/v10.8.0/lib/internal/errors.js
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/commit/112cc7c27551254aa2b17098fb774867f05ed0d9
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/commit/ec2822adaad76b126b5cccdeaa1addf2376c9aa6
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/commit/f7620fb96d339f704932f9bb9a0dceb9952df2d4
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/10673
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/13435
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/19009
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/2006
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/2119
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/3392
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/34532
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/35452
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/35475
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/35862
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/35981
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/39707
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/39758
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/45699
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/8871#issuecomment-250915913
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/12342
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/12607
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/13870#discussion_r124515293
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/1771#issuecomment-119351671
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/21313
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/26334.
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/30380#issuecomment-552948364
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/30958
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/32887
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/33515.
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/33661
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/3394
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/34010
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/34103#issuecomment-652002364
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/34375
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/34385
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/35941
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/35949#issuecomment-722496598
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/36061#discussion_r533718029
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/38248
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/38433#issuecomment-828426932
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/38614)
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/43714
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/44952
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/46161
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/string_decoder
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/npm/fs-minipass#readme
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/npm/fs-minipass.git
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/npm/node-semver
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/npm/node-semver.git
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/npm/node-tar.git
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/npm/node-tar/blob/51b6627a1f357d2eb433e7378e5f05e83b7aa6cd/lib/header.js#L349
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/npm/node-tar/issues/183
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/npm/node-tar/pull/187
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/npm/nopt.git
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/npm/wrappy
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/salesforce/tough-cookie
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/sindresorhus/p-is-promise/blob/cda35a513bda03f977ad5cde3a079d237e82d7ef/index.js
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/sponsors/feross
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/sponsors/isaacs
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/sponsors/ljharb
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/standard-things/esm/issues/821.
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/stash
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/substack/node-mkdirp.git
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tapjs/signal-exit
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tapjs/signal-exit.git
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tc39/ecma262/blob/HEAD/LICENSE.md
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tc39/ecma262/issues/1209
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tc39/proposal-iterator-helpers/issues/169
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tc39/proposal-ses/blob/e5271cc42a257a05dcae2fd94713ed2f46c08620/shim/src/freeze.j
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tc39/proposal-weakrefs
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/models
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/tensorflow
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/text.git
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/tflite-support
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/uuidjs/uuid
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/uuidjs/uuid.git
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/gamepad/pull/120
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/gamepad/pull/120Access
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-featuresDeviceOri
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/wasdk/wasmparser
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/web-animations/web-animations-js
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/websockets/ws
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/websockets/ws.git
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/websockets/ws/issues/1202
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/websockets/ws/issues/1869.
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/websockets/ws/issues/1940.
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/yetingli
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitlab.freedesktop.org/wayland/weston
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitlab.freedesktop.org/xdg/xdgmime
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitlab.freedesktop.org/xorg/proto/xproto/
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitter.im/form-data/form-data
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitter.im/form-data/form-data)
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/4NeimX
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/7K7WLu
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/7K7WLuThe
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/7K7WLuWebAudio.AutoplayWebAudio.Autoplay.CrossOriginWebAudio.Autoplay.UnlockType..
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/EuHzyv
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/HxfxSQ
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/J6ASzs
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/t5IS6M).
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://google.com/pay
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://google.com/payhttps://android.com/paysecure-payment-confirmationAppStoreBillingPlaceHolderZZ
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#Replaceable
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#define-the-operations
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#dfn-class-string
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#dfn-default-iterator-object
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#dfn-iterator-prototype-object
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-interfaces
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-iterable
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-iterable-entries
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-iterators
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-namespaces
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-operations
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-stringifier
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#ascii-serialisation-of-an-origin
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#concept-origin-opaque
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequentlyOut
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/comms.html#the-websocket-interface
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setinterval
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/webappapis.html#windoworworkerglobalscope
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img.shields.io/appveyor/ci/alexindigo/form-data/master.svg?label=windows:4.x-9.x)
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img.shields.io/npm/v/form-data.svg)
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img.shields.io/travis/form-data/form-data/master.svg?label=linux:4.x-9.x)
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img.shields.io/travis/form-data/form-data/master.svg?label=macos:4.x-9.x)
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://infra.spec.whatwg.org/#forgiving-base64
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://infra.spec.whatwg.org/#forgiving-base64-decode
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://invisible-island.net/ncurses/terminfo.ti.html#toc-_Specials
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://istanbul.js.org/
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://linux.die.net/man/1/dircolors).
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mathiasbynens.be/
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mths.be/emoji
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mths.be/emoji-regex
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://no-color.org/
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode).
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/api/fs.html
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/api/fs.html#fs_stat_time_values)
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/api/zlib.html#zlib_class_options
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://opensource.org/licenses/MIT
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pagure.io/lohit
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://play.google.com/billing
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://play.google.com/billingQuota
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html).
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://semver.org/
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sindresorhus.com
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sindresorhus.com)
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sites.google.com/site/gaviotachessengine/Home/endgame-tablebases-1
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://source.chromium.org/chromium/chromium/src/
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sourceforge.net/projects/wtl/files/WTL%2010/
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sourcemaps.info/spec.html
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sqlite.org/
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/a/5501711/3561
Source: MayitaV16.exe, 00000000.00000003.1913537198.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1915420712.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916544111.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1913719069.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1915338616.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1914021068.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1914360554.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1914233029.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1914678988.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1913261780.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1913341916.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1913604749.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1913073283.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1914504169.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1914124365.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1913892148.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1913406165.0000000002B34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.google.com/chrome/a/answer/9122284
Source: MayitaV16.exe, 00000000.00000003.1912812737.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1913719069.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1915338616.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1914021068.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1914360554.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1914233029.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1914678988.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1913261780.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1913814892.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1913341916.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1913604749.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1913073283.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1914504169.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1914124365.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1913892148.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1913406165.0000000002B34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.google.com/chrome/answer/6098869
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://swiftshader.googlesource.com/SwiftShader
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.es/ecma262/#sec-%typedarray%-intrinsic-object
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.es/ecma262/#sec-timeclip
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.es/ecma262/#table-typeof-operator-results
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-%iteratorprototype%-object
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-%typedarray%.of
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-object.prototype.tostring
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://testanything.org/tap-version-14-specification.html
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://testanything.org/tap-version-14-specification.html#subtests
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc2152
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc2397#section-2
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc3492#section-3.4
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc3986#section-3.2.2
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc6455#section-1.3
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc6455#section-9.1
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.2
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.6
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7540#section-8.1.2.5
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://travis-ci.org/form-data/form-data)
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tweetnacl.js.org
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#cannot-have-a-username-password-port
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-url
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-url-origin
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-byte-serializer
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-parser
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-serializer
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#forbidden-host-code-point
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#special-scheme
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#url
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#url-serializing
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams-stringification-behavior
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://v8.dev/blog/v8-release-89
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/manifest/#installability-signals
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/resource-timing/#dfn-mark-resource-timing
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/resource-timing/#dfn-setup-the-resource-timing-entry
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/resource-timing/#dom-performance-setresourcetimingbuffersize
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#the-integrity-attribute
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://webassembly.github.io/spec/web-api
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://webidl.spec.whatwg.org/#es-dictionary
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://webrtc.googlesource.com/src/
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://wiki.squid-cache.org/SquidFaq/InnerWorkings#What_is_a_half-closed_filedescriptor.3F
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.bluetooth.com/specifications/gatt/characteristics
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.bluetooth.com/specifications/gatt/descriptors
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.bluetooth.com/specifications/gatt/services
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5644273861001216.
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5682658461876224.
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5718547946799104
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.cl.cam.ac.uk/%7Emgk25/ucs/utf8_check.c
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-line-terminators
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-promise.all
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/5.1/#sec-15.1.3.4
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.iana.org/assignments/tls-extensiontype-values
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.npmjs.com/package/form-data)
Source: MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.patreon.com/feross
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.rfc-editor.org/rfc/rfc9110#section-5.2
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.swift.org/download/
Source: MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txt
Source: MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.unicode.org/copyright.html.

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: GetRawInputData

memstr_fc6ae329-b

System Summary

Drops large PE files

Source: C:\Users\user\Desktop\MayitaV16.exe	File dump: MayitaV16.exe.0.dr 162117120			Jump to dropped file
Source: C:\Users\user\Desktop\MayitaV16.exe	File dump: MayitaV16.exe0.0.dr 162117120			Jump to dropped file

Source: C:\Users\user\Desktop\MayitaV16.exe

Process token adjusted: Security

Jump to behavior

Source: MayitaV16.exe0.0.dr	Static PE information: Number of sections : 15 > 10
Source: libEGL.dll.0.dr	Static PE information: Number of sections : 11 > 10
Source: MayitaV16.exe.0.dr	Static PE information: Number of sections : 15 > 10
Source: libGLESv2.dll.0.dr	Static PE information: Number of sections : 11 > 10
Source: vk_swiftshader.dll.0.dr	Static PE information: Number of sections : 11 > 10
Source: libGLESv2.dll0.0.dr	Static PE information: Number of sections : 11 > 10
Source: vulkan-1.dll.0.dr	Static PE information: Number of sections : 11 > 10
Source: libEGL.dll0.0.dr	Static PE information: Number of sections : 11 > 10

Source: MayitaV16.exe, 00000000.00000003.1858941135.00000000051E5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamed3dcompiler_47.dllj% vs MayitaV16.exe
Source: MayitaV16.exe, 00000000.00000003.1916544111.0000000002B34000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameElevate.exeH vs MayitaV16.exe
Source: MayitaV16.exe, 00000000.00000003.1864468245.00000000051EC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibGLESv2.dllb! vs MayitaV16.exe
Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevk_swiftshader.dll, vs MayitaV16.exe
Source: MayitaV16.exe, 00000000.00000003.1775992920.0000000006956000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamed3dcompiler_47.dllj% vs MayitaV16.exe
Source: MayitaV16.exe, 00000000.00000003.1869399976.00000000051EB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename4 vs MayitaV16.exe
Source: MayitaV16.exe, 00000000.00000003.1856780835.0000000006E70000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilename4 vs MayitaV16.exe
Source: MayitaV16.exe, 00000000.00000003.1778684027.0000000006930000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibGLESv2.dllb! vs MayitaV16.exe
Source: MayitaV16.exe, 00000000.00000003.1911988645.00000000051EC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevk_swiftshader.dll, vs MayitaV16.exe

Source: MayitaV16.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: sln_path = build_file_root + options.suffix + '.sln'
Source: MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: sln_path = os.path.splitext(build_file)[0] + options.suffix + '.sln'
Source: MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: """Generate .sln and .vcproj files.
Source: MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: # GUID is the same whether it's included from base/base.sln or
Source: MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: # foo/bar/baz/baz.sln.

Source: classification engine

Classification label: mal56.troj.spyw.winEXE@93/213@8/6

Source: C:\Users\user\Desktop\MayitaV16.exe

File created: C:\Users\user\AppData\Local\Programs

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8944:120:WilError_03
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9004:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8624:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8700:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8916:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8656:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9144:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3248:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8860:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1312:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8148:120:WilError_03
Source: C:\Users\user\Desktop\MayitaV16.exe	Mutant created: \Sessions\1\BaseNamedObjects\ab644055-b4e9-5f6e-a5b5-ef13859cd8b1

Source: C:\Users\user\Desktop\MayitaV16.exe

File created: C:\Users\user\AppData\Local\Temp\nse784E.tmp

Jump to behavior

Source: MayitaV16.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\System32\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "EpicGamesLauncher.exe")
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "javaw.exe")
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "Steam.exe")
Source: C:\Windows\System32\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process

Source: C:\Users\user\Desktop\MayitaV16.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\MayitaV16.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior

Source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: SELECT name FROM sqlite_master WHERE type='table';

Source: C:\Users\user\Desktop\MayitaV16.exe

File read: C:\Users\user\Desktop\MayitaV16.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\MayitaV16.exe "C:\Users\user\Desktop\MayitaV16.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe "C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe "C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1852 --field-trial-handle=1856,i,4436367812585847446,8332434346284091481,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe "C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=2348 --field-trial-handle=1856,i,4436367812585847446,8332434346284091481,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2020 --field-trial-handle=1984,i,3138843665654156619,11594928844437088871,262144 /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2116 --field-trial-handle=1972,i,14171082060860887493,6740327589289574467,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --no-sandbox --mojo-platform-channel-handle=5364 --field-trial-handle=1972,i,14171082060860887493,6740327589289574467,262144 /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM EpicGamesLauncher.exe /F"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM EpicGamesLauncher.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /T /IM chrome.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /T /IM chrome.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /T /IM chrome.exe
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /T /IM chrome.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /T /IM chrome.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /T /IM chrome.exe
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM javaw.exe /F"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM javaw.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM Steam.exe /F"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM Steam.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe "C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1852 --field-trial-handle=1856,i,4436367812585847446,8332434346284091481,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe "C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=2348 --field-trial-handle=1856,i,4436367812585847446,8332434346284091481,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM EpicGamesLauncher.exe /F"	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /T /IM chrome.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /T /IM chrome.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /T /IM chrome.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM javaw.exe /F"	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM Steam.exe /F"	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2020 --field-trial-handle=1984,i,3138843665654156619,11594928844437088871,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2116 --field-trial-handle=1972,i,14171082060860887493,6740327589289574467,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --no-sandbox --mojo-platform-channel-handle=5364 --field-trial-handle=1972,i,14171082060860887493,6740327589289574467,262144 /prefetch:8
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM EpicGamesLauncher.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /T /IM chrome.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /T /IM chrome.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /T /IM chrome.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM javaw.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM Steam.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist

Source: C:\Users\user\Desktop\MayitaV16.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: ffmpeg.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: kbdus.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: mscms.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: coloradapterclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: msxml6.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vbscript.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: ffmpeg.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: mf.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: mfplat.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: rtworkq.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: msmpeg2vdec.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: mfperfhelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: dxva2.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: msvproc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: version.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: version.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: version.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: version.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: profapi.dll

Source: C:\Users\user\Desktop\MayitaV16.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\tasklist.exe tasklist

Source: C:\Users\user\Desktop\MayitaV16.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ab644055-b4e9-5f6e-a5b5-ef13859cd8b1

Jump to behavior

Source: MayitaV16.exe

Static file information: File size 79067379 > 1048576

Source: MayitaV16.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: 'ProgramDataBaseFileName': '$(IntDir)\\vc90b.pdb', source: MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: pdb_base = '%s.%s.pdb' % (pdb_base, TARGET_TYPE_EXT[target_dict['type']]) source: MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: pdbpath_cc = pdbpath + '.cc.pdb' source: MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Dev\elevate\bin\x86\Release\Elevate.pdb source: MayitaV16.exe, 00000000.00000003.1916544111.0000000002B34000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: pdb = self.GetPDBName(config, expand_special, output_name + '.pdb') source: MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: pdbpath_c = pdbpath + '.c.pdb' source: MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: # the .pdb by the precompiled header step for .cc and the compilation of source: MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D3DCompiler_47.pdb source: MayitaV16.exe, 00000000.00000003.1858941135.00000000051E5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: - Use '<(PRODUCT_DIR)/<(product_name).(exe\|dll).pdb' if 'product_name' is source: MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 'ProgramDatabaseFile': 'Flob.pdb', source: MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: - Use '<(PRODUCT_DIR)/<(target_name).(exe\|dll).pdb'. source: MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: config_name, self.ExpandSpecial, output + '.pdb') source: MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\projects\src\out\Default\ffmpeg.dll.pdb source: MayitaV16.exe, 00000000.00000003.1860288601.00000000051EC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D3DCompiler_47.pdbGCTL source: MayitaV16.exe, 00000000.00000003.1858941135.00000000051E5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\projects\src\out\Default\electron.exe.pdb source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 'ProgramDataBaseFileName': '$(IntDir)vc90b.pdb', source: MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\projects\src\out\Default\vk_swiftshader.dll.pdb source: MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1911988645.00000000051EC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\projects\src\out\Default\libGLESv2.dll.pdb source: MayitaV16.exe, 00000000.00000003.1778684027.0000000006930000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: config_name, self.ExpandSpecial, output + '.pdb') source: MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: '$(IntDir)$(ProjectName)\\vc80.pdb', only_if_unset=True) source: MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: # See comment at cc_command for why there's two .pdb files. source: MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\projects\src\out\Default\vulkan-1.dll.pdb source: MayitaV16.exe, 00000000.00000003.1856211062.0000000005BE0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1854051189.0000000005490000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1853858810.0000000004C60000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1912128736.0000000002B34000.00000004.00000020.00020000.00000000.sdmp

Source: ffmpeg.dll.0.dr	Static PE information: section name: .00cfg
Source: ffmpeg.dll.0.dr	Static PE information: section name: .gxfg
Source: ffmpeg.dll.0.dr	Static PE information: section name: .retplne
Source: ffmpeg.dll.0.dr	Static PE information: section name: _RDATA
Source: libEGL.dll.0.dr	Static PE information: section name: .00cfg
Source: libEGL.dll.0.dr	Static PE information: section name: .gxfg
Source: libEGL.dll.0.dr	Static PE information: section name: .retplne
Source: libEGL.dll.0.dr	Static PE information: section name: _RDATA
Source: libGLESv2.dll.0.dr	Static PE information: section name: .00cfg
Source: libGLESv2.dll.0.dr	Static PE information: section name: .gxfg
Source: libGLESv2.dll.0.dr	Static PE information: section name: .retplne
Source: libGLESv2.dll.0.dr	Static PE information: section name: _RDATA
Source: MayitaV16.exe.0.dr	Static PE information: section name: .00cfg
Source: MayitaV16.exe.0.dr	Static PE information: section name: .gxfg
Source: MayitaV16.exe.0.dr	Static PE information: section name: .retplne
Source: MayitaV16.exe.0.dr	Static PE information: section name: .rodata
Source: MayitaV16.exe.0.dr	Static PE information: section name: CPADinfo
Source: MayitaV16.exe.0.dr	Static PE information: section name: LZMADEC
Source: MayitaV16.exe.0.dr	Static PE information: section name: _RDATA
Source: MayitaV16.exe.0.dr	Static PE information: section name: malloc_h
Source: vk_swiftshader.dll.0.dr	Static PE information: section name: .00cfg
Source: vk_swiftshader.dll.0.dr	Static PE information: section name: .gxfg
Source: vk_swiftshader.dll.0.dr	Static PE information: section name: .retplne
Source: vk_swiftshader.dll.0.dr	Static PE information: section name: _RDATA
Source: vulkan-1.dll.0.dr	Static PE information: section name: .00cfg
Source: vulkan-1.dll.0.dr	Static PE information: section name: .gxfg
Source: vulkan-1.dll.0.dr	Static PE information: section name: .retplne
Source: vulkan-1.dll.0.dr	Static PE information: section name: _RDATA
Source: ffmpeg.dll0.0.dr	Static PE information: section name: .00cfg
Source: ffmpeg.dll0.0.dr	Static PE information: section name: .gxfg
Source: ffmpeg.dll0.0.dr	Static PE information: section name: .retplne
Source: ffmpeg.dll0.0.dr	Static PE information: section name: _RDATA
Source: libEGL.dll0.0.dr	Static PE information: section name: .00cfg
Source: libEGL.dll0.0.dr	Static PE information: section name: .gxfg
Source: libEGL.dll0.0.dr	Static PE information: section name: .retplne
Source: libEGL.dll0.0.dr	Static PE information: section name: _RDATA
Source: libGLESv2.dll0.0.dr	Static PE information: section name: .00cfg
Source: libGLESv2.dll0.0.dr	Static PE information: section name: .gxfg
Source: libGLESv2.dll0.0.dr	Static PE information: section name: .retplne
Source: libGLESv2.dll0.0.dr	Static PE information: section name: _RDATA
Source: MayitaV16.exe0.0.dr	Static PE information: section name: .00cfg
Source: MayitaV16.exe0.0.dr	Static PE information: section name: .gxfg
Source: MayitaV16.exe0.0.dr	Static PE information: section name: .retplne
Source: MayitaV16.exe0.0.dr	Static PE information: section name: .rodata
Source: MayitaV16.exe0.0.dr	Static PE information: section name: CPADinfo
Source: MayitaV16.exe0.0.dr	Static PE information: section name: LZMADEC
Source: MayitaV16.exe0.0.dr	Static PE information: section name: _RDATA
Source: MayitaV16.exe0.0.dr	Static PE information: section name: malloc_h
Source: 28b06dd0-38bd-4037-96fc-06ceb5da9870.tmp.node.4.dr	Static PE information: section name: _RDATA

Source: C:\Users\user\Desktop\MayitaV16.exe	File created: C:\Users\user\AppData\Local\Temp\nse79D5.tmp\nsis7z.dll	Jump to dropped file
Source: C:\Users\user\Desktop\MayitaV16.exe	File created: C:\Users\user\AppData\Local\Temp\nse79D5.tmp\7z-out\vk_swiftshader.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	File created: C:\Users\user\AppData\Local\Temp\28b06dd0-38bd-4037-96fc-06ceb5da9870.tmp.node	Jump to dropped file
Source: C:\Users\user\Desktop\MayitaV16.exe	File created: C:\Users\user\AppData\Local\Programs\unrealgame\ffmpeg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\MayitaV16.exe	File created: C:\Users\user\AppData\Local\Temp\nse79D5.tmp\7z-out\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\Desktop\MayitaV16.exe	File created: C:\Users\user\AppData\Local\Programs\unrealgame\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\MayitaV16.exe	File created: C:\Users\user\AppData\Local\Temp\nse79D5.tmp\7z-out\ffmpeg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\MayitaV16.exe	File created: C:\Users\user\AppData\Local\Temp\nse79D5.tmp\7z-out\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\MayitaV16.exe	File created: C:\Users\user\AppData\Local\Programs\unrealgame\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\Desktop\MayitaV16.exe	File created: C:\Users\user\AppData\Local\Temp\nse79D5.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\MayitaV16.exe	File created: C:\Users\user\AppData\Local\Temp\nse79D5.tmp\SpiderBanner.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	File created: C:\Users\user\AppData\Local\Temp\a6581550-1096-4c7c-b670-a23929eacb81.tmp.node	Jump to dropped file
Source: C:\Users\user\Desktop\MayitaV16.exe	File created: C:\Users\user\AppData\Local\Temp\nse79D5.tmp\7z-out\resources\elevate.exe	Jump to dropped file
Source: C:\Users\user\Desktop\MayitaV16.exe	File created: C:\Users\user\AppData\Local\Temp\nse79D5.tmp\StdUtils.dll	Jump to dropped file
Source: C:\Users\user\Desktop\MayitaV16.exe	File created: C:\Users\user\AppData\Local\Temp\nse79D5.tmp\7z-out\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\MayitaV16.exe	File created: C:\Users\user\AppData\Local\Temp\nse79D5.tmp\7z-out\MayitaV16.exe	Jump to dropped file
Source: C:\Users\user\Desktop\MayitaV16.exe	File created: C:\Users\user\AppData\Local\Programs\unrealgame\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\MayitaV16.exe	File created: C:\Users\user\AppData\Local\Temp\nse79D5.tmp\7z-out\vulkan-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\MayitaV16.exe	File created: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Jump to dropped file

Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	File created: C:\Users\user\AppData\Local\Temp\28b06dd0-38bd-4037-96fc-06ceb5da9870.tmp.node			Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	File created: C:\Users\user\AppData\Local\Temp\a6581550-1096-4c7c-b670-a23929eacb81.tmp.node			Jump to dropped file

Source: C:\Users\user\Desktop\MayitaV16.exe	File created: C:\Users\user\AppData\Local\Temp\nse79D5.tmp\7z-out\LICENSE.electron.txt			Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	File created: C:\Users\user\AppData\Local\Programs\unrealgame\LICENSE.electron.txt			Jump to behavior

Source: C:\Users\user\Desktop\MayitaV16.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MayitaV16.lnk

Jump to behavior

Source: C:\Users\user\Desktop\MayitaV16.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Users\user\Desktop\MayitaV16.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nse79D5.tmp\nsis7z.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\28b06dd0-38bd-4037-96fc-06ceb5da9870.tmp.node	Jump to dropped file
Source: C:\Users\user\Desktop\MayitaV16.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nse79D5.tmp\7z-out\vk_swiftshader.dll	Jump to dropped file
Source: C:\Users\user\Desktop\MayitaV16.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\unrealgame\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\MayitaV16.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nse79D5.tmp\7z-out\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\Desktop\MayitaV16.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\unrealgame\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\Desktop\MayitaV16.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nse79D5.tmp\7z-out\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\MayitaV16.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nse79D5.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\MayitaV16.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nse79D5.tmp\SpiderBanner.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\a6581550-1096-4c7c-b670-a23929eacb81.tmp.node	Jump to dropped file
Source: C:\Users\user\Desktop\MayitaV16.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nse79D5.tmp\7z-out\resources\elevate.exe	Jump to dropped file
Source: C:\Users\user\Desktop\MayitaV16.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nse79D5.tmp\7z-out\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\MayitaV16.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nse79D5.tmp\StdUtils.dll	Jump to dropped file
Source: C:\Users\user\Desktop\MayitaV16.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\unrealgame\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\MayitaV16.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nse79D5.tmp\7z-out\vulkan-1.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809

Source: C:\Windows\System32\wbem\WMIC.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UUID FROM Win32_ComputerSystemProduct

Source: C:\Users\user\Desktop\MayitaV16.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\Desktop\MayitaV16.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	File opened: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	File opened: C:\Users\user\AppData\Local\Programs\unrealgame	Jump to behavior
Source: C:\Users\user\Desktop\MayitaV16.exe	File opened: C:\Users\user\AppData\Local\Programs	Jump to behavior

Source: MayitaV16.exe, 00000000.00000003.1778684027.0000000006930000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMware
Source: MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: ADD tools/docker/architecture/linux-arm64/local/qemu-aarch64-static /usr/bin/qemu-aarch64-static
Source: MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: cp -a "/usr/bin/qemu-${arch}-static" "${this_dir}/local"
Source: MayitaV16.exe, 00000000.00000003.1778684027.0000000006930000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: IIAMDARMAppleBroadcomGoogleIntelMesaMicrosoftNVIDIAImagination TechnologiesQualcommSamsung Electronics Co., Ltd.VivanteVMwareVirtIOTestX
Source: MayitaV16.exe, 00000000.00000003.1860288601.00000000051EC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vmncVMware Screen Codec / VMware Videovp5On2 VP5vp6On2 VP6vp6fOn2 VP6 (Flash version)targaTruevision Targa imageimage/x-targaimage/x-tga
Source: MayitaV16.exe, 00000000.00000003.1778684027.0000000006930000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: (IsLinux() && isVMWare) \|\| (IsAndroid() && isNvidia) \|\| (IsAndroid() && GetAndroidSdkLevel() < 27 && IsAdreno5xxOrOlder(functions)) \|\| (IsAndroid() && IsMaliT8xxOrOlder(functions)) \|\| (IsAndroid() && IsMaliG31OrOlder(functions))
Source: MayitaV16.exe, 00000000.00000003.1860288601.00000000051EC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware Screen Codec / VMware Video

Source: C:\Users\user\Desktop\MayitaV16.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe "C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1852 --field-trial-handle=1856,i,4436367812585847446,8332434346284091481,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe "C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=2348 --field-trial-handle=1856,i,4436367812585847446,8332434346284091481,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM EpicGamesLauncher.exe /F"	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /T /IM chrome.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /T /IM chrome.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /T /IM chrome.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM javaw.exe /F"	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM Steam.exe /F"	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM EpicGamesLauncher.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /T /IM chrome.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /T /IM chrome.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /T /IM chrome.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM javaw.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM Steam.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM EpicGamesLauncher.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /T /IM chrome.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /T /IM chrome.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /T /IM chrome.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM javaw.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM Steam.exe /F

Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe "c:\users\user\appdata\local\programs\unrealgame\mayitav16.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\unrealgame" --gpu-preferences=uaaaaaaaaadgaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaqaaaaaaaaaaaaaaaaaaaaaaaaabgaaaaaaaaagaaaaaaaaaaiaaaaaaaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1852 --field-trial-handle=1856,i,4436367812585847446,8332434346284091481,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe "c:\users\user\appdata\local\programs\unrealgame\mayitav16.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\unrealgame" --mojo-platform-channel-handle=2348 --field-trial-handle=1856,i,4436367812585847446,8332434346284091481,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe "c:\users\user\appdata\local\programs\unrealgame\mayitav16.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\unrealgame" --gpu-preferences=uaaaaaaaaadgaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaqaaaaaaaaaaaaaaaaaaaaaaaaabgaaaaaaaaagaaaaaaaaaaiaaaaaaaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1852 --field-trial-handle=1856,i,4436367812585847446,8332434346284091481,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Process created: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe "c:\users\user\appdata\local\programs\unrealgame\mayitav16.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\unrealgame" --mojo-platform-channel-handle=2348 --field-trial-handle=1856,i,4436367812585847446,8332434346284091481,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:8	Jump to behavior

Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Users VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Users\user VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\unrealgame VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\mnjk9j2skp9o VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\mnjk9j2skp9o\Autofill VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\mnjk9j2skp9o\Cookies VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\mnjk9j2skp9o\Autofill VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\mnjk9j2skp9o\Cookies VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\mnjk9j2skp9o\Cookies VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\mnjk9j2skp9o\Passwords VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\mnjk9j2skp9o\Passwords VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Users\user\AppData\Local\Temp VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Program Files\Google\Chrome\Application\chrome.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\AutofillStates VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\CommerceHeuristics VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\first_party_sets.db-journal VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\TrustTokenKeyCommitments VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Shopping VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\First Run VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Safe Browsing VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\chrome_default_cookies.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\edge_default_cookies.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\passwords_36.db VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Users\user\AppData\Roaming\All_Wallets.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Users\user\Downloads VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Users\user\Desktop VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default	Jump to behavior

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Windows Management Instrumentation	1 Windows Service	1 Windows Service	11 Masquerading	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	11 Input Capture	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Command and Scripting Interpreter	1 Registry Run Keys / Startup Folder	11 Process Injection	1 Disable or Modify Tools	11 Input Capture	1 Virtualization/Sandbox Evasion	Remote Desktop Protocol	1 Archive Collected Data	1 Remote Access Software	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 DLL Side-Loading	1 Registry Run Keys / Startup Folder	1 Virtualization/Sandbox Evasion	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	1 Data from Local System	1 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 DLL Side-Loading	11 Process Injection	NTDS	1 Remote System Discovery	Distributed Component Object Model	Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	1 Extra Window Memory Injection	1 DLL Side-Loading	LSA Secrets	2 File and Directory Discovery	SSH	Keylogging	4 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Extra Window Memory Injection	Cached Domain Credentials	33 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner
C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe	8%	ReversingLabs
C:\Users\user\AppData\Local\Programs\unrealgame\d3dcompiler_47.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\unrealgame\ffmpeg.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\unrealgame\libEGL.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\unrealgame\libGLESv2.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\28b06dd0-38bd-4037-96fc-06ceb5da9870.tmp.node	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\a6581550-1096-4c7c-b670-a23929eacb81.tmp.node	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nse79D5.tmp\7z-out\MayitaV16.exe	8%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nse79D5.tmp\7z-out\d3dcompiler_47.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nse79D5.tmp\7z-out\ffmpeg.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nse79D5.tmp\7z-out\libEGL.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nse79D5.tmp\7z-out\libGLESv2.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nse79D5.tmp\7z-out\resources\elevate.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nse79D5.tmp\7z-out\vk_swiftshader.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nse79D5.tmp\7z-out\vulkan-1.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nse79D5.tmp\SpiderBanner.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nse79D5.tmp\StdUtils.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nse79D5.tmp\System.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nse79D5.tmp\nsis7z.dll	0%	ReversingLabs

Source	Detection	Scanner	Label
http://www.cs.ru.nl/~sjakie/	0%	Avira URL Cloud	safe
http://cr.yp.to/djb.html	0%	Avira URL Cloud	safe
http://hyperelliptic.org/tanja	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
chrome.cloudflare-dns.com	162.159.61.3	true	false	high
hexon.fun	172.67.169.156	true	false	unknown
www.google.com	142.250.181.100	true	false	high
api.gofile.io	45.112.123.126	true	false	high
ntp.msn.com	unknown	unknown	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://bugzilla.mozilla.org/show_bug.cgi?id=310299	MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://url.spec.whatwg.org/#concept-url-origin	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://tools.ietf.org/html/rfc6455#section-1.3	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://github.com/browserify/node-util	MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://github.com/isaacs/node-glob/issues/205	MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.google.com/chrome/answer/6098869	MayitaV16.exe, 00000000.00000003.1912812737.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1913719069.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1915338616.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1914021068.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1914360554.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1914233029.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1914678988.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1913261780.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1913814892.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1913341916.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1913604749.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1913073283.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1914504169.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1914124365.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1913892148.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1913406165.0000000002B34000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.bluetooth.com/specifications/gatt/services	MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	false		high
https://github.com/mathiasbynens/emoji-regex.git	MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/WebBluetoothCG/web-bluetooth/blob/main/implementation-status.md	MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	false		high
https://github.com/nodejs/node/pull/35941	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp	false		high
https://console.spec.whatwg.org/#table	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://github.com/nodejs/string_decoder	MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://goo.gl/7K7WLuThe	MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	false		high
https://encoding.spec.whatwg.org/#textencoder	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://goo.gl/7K7WLu	MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	false		high
https://www.patreon.com/feross	MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp	false		high
https://github.com/tc39/proposal-weakrefs	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://goo.gl/t5IS6M).	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/repairES5.js	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://tc39.github.io/ecma262/#sec-%iteratorprototype%-object	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://url.spec.whatwg.org/#concept-urlencoded-serializer	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://semver.org/	MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://wiki.squid-cache.org/SquidFaq/InnerWorkings#What_is_a_half-closed_filedescriptor.3F	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://nodejs.org/api/fs.html	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://chromium.googlesource.com/chromium/src/	MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/nodejs/node/pull/21313	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://w3c.github.io/manifest/#installability-signals	MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.midnight-commander.org/browser/lib/tty/key.c	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://nodejs.org/	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://tools.ietf.org/html/rfc7540#section-8.1.2.5	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
http://exslt.org/common	MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	false		high
https://github.com/tensorflow/models	MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.squid-cache.org/Doc/config/half_closed_clients/	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://github.com/KhronosGroup/SPIRV-Headers.git	MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	false		high
https://tc39.es/ecma262/#sec-timeclip	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
http://127.0.0.1	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://github.com/nodejs/node/pull/33661	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.nongnu.org/freebangfont/downloads.html#mukti	MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	false		high
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/endsWith	MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	false		high
http://narwhaljs.org)	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://github.com/tensorflow/tflite-support	MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/WICG/scheduling-apis	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://sqlite.org/	MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	false		high
http://localhosthttp://127.0.0.1object-src	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://code.google.com/p/chromium/issues/detail?id=25916	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
http://moztw.org/docs/big5/	MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://fetch.spec.whatwg.org/#fetch-timing-info	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.ogcio.gov.hk/tc/business/tech_promotion/ccli/terms/doc/hkscs-2008-big5-iso.txt	MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://webassembly.github.io/spec/web-api	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://github.com/nodejs/node/pull/12607	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://www.ecma-international.org/ecma-262/#sec-line-terminators	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.cs.ru.nl/~sjakie/	MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txt	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
http://ljharb.codes	MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://gitter.im/form-data/form-data)	MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/npm/node-tar/issues/183	MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://www.npmjs.com/package/form-data)	MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/facebook/react-native/pull/1632	MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://gitlab.freedesktop.org/xdg/xdgmime	MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.unicode.org/copyright.html	MayitaV16.exe, 00000000.00000003.1755606463.0000000005DE0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://beacons.gcp.gvt2.com/domainreliability/upload	MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	false		high
https://github.com/blueimp/JavaScript-MD5	MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://opensource.org/licenses/MIT	MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://github.com/RyanZim/universalify.git	MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp	false		high
https://heycam.github.io/webidl/#es-iterable-entries	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://github.com/wasdk/wasmparser	MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	false		high
https://heycam.github.io/webidl/#es-interfaces	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://html.spec.whatwg.org/multipage/browsers.html#concept-origin-opaque	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://github.com/nodejs/node/issues	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://encoding.spec.whatwg.org/#encode-and-enqueue-a-chunk	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://tc39.github.io/ecma262/#sec-object.prototype.tostring	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://url.spec.whatwg.org/#urlsearchparams	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://github.com/sponsors/isaacs	MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp	false		high
https://infra.spec.whatwg.org/#ascii-whitespace	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
http://hyperelliptic.org/tanja	MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pajhome.org.uk/crypt/md5	MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://dejavu-fonts.github.io/Download.html	MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	false		high
https://heycam.github.io/webidl/#Replaceable	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://www.rfc-editor.org/rfc/rfc9110#section-5.2	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
http://stackoverflow.com/a/16459606/376773	MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://github.com/nodejs/node/pull/30380#issuecomment-552948364	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://pagure.io/lohit	MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	false		high
https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setinterval	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
http://juliangruber.com	MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/sponsors/feross	MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp	false		high
https://heycam.github.io/webidl/#dfn-class-string	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://heycam.github.io/webidl/#dfn-iterator-prototype-object	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://datatracker.ietf.org/doc/html/rfc7238	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
http://cr.yp.to/djb.html	MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://android.com/pay	MayitaV16.exe, 00000000.00000003.1856498094.0000000006930000.00000004.00001000.00020000.00000000.sdmp	false		high
https://github.com/nodejs/node/pull/38614)	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://github.com/nodejs/node/issues/10673	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://bugzilla.mozilla.org/show_bug.cgi?id=695438).	MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/nodejs/node/pull/32887	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1770644615.0000000005131000.00000004.00001000.00020000.00000000.sdmp	false		high
https://github.com/web-animations/web-animations-js	MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	false		high
http://labs.creativecommons.org/licenses/zero-waive/1.0/us/legalcode>	MayitaV16.exe, 00000000.00000003.1866290249.00000000051E4000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/npm/fs-minipass#readme	MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://tc39.es/ecma262/#sec-%typedarray%-intrinsic-object	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://github.com/nodejs/node/issues/19009	MayitaV16.exe, 00000000.00000003.1857026590.00000000073B0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://sindresorhus.com	MayitaV16.exe, 00000000.00000003.1771018100.00000000067F0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1771274830.0000000006BF0000.00000004.00001000.00020000.00000000.sdmp, MayitaV16.exe, 00000000.00000003.1916251294.00000000051E2000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.181.100	www.google.com	United States	15169	GOOGLEUS	false
172.67.169.156	hexon.fun	United States	13335	CLOUDFLARENETUS	false
162.159.61.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
45.112.123.126	api.gofile.io	Singapore	16509	AMAZON-02US	false

Private

IP
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1560584
Start date and time:	2024-11-22 00:35:15 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 5s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	50
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	MayitaV16.exe
Detection:	MAL
Classification:	mal56.troj.spyw.winEXE@93/213@8/6
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.21.35, 172.217.19.238, 74.125.205.84, 13.107.42.16, 204.79.197.203, 204.79.197.239, 13.107.21.239, 13.107.6.158, 13.87.96.169, 142.250.65.163, 142.250.80.35, 142.251.32.99
Excluded domains from analysis (whitelisted): nav-edge.smartscreen.microsoft.com, config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, clientservices.googleapis.com, clients2.google.com, ocsp.digicert.com, login.live.com, config-edge-skype.l-0007.l-msedge.net, www.gstatic.com, l-0007.l-msedge.net, config.edge.skype.com, edge-microsoft-com.dual-a-0036.a-msedge.net, fs.microsoft.com, accounts.google.com, prod-agic-us-1.uksouth.cloudapp.azure.com, otelrules.azureedge.net, a-0003.a-msedge.net, ctldl.windowsupdate.com, www-msn-com.a-0003.a-msedge.net, b-0005.b-msedge.net, prod-atm-wds-edge.trafficmanager.net, edge.microsoft.com, business-bing-com.b-0005.b-msedge.net, fe3cr.delivery.mp.microsoft.com, l-0007.config.skype.com, business.bing.com, clients.l.google.com, dual-a-0036.a-msedge.net
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtQueryVolumeInformationFile calls found.
VT rate limit hit for: MayitaV16.exe

Simulations

Behavior and APIs

Time	Type	Description
18:36:21	API Interceptor	12x Sleep call for process: MayitaV16.exe modified
18:36:37	API Interceptor	1x Sleep call for process: WMIC.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
172.67.169.156	https://webhosting.icicidirect.com/TDSCERT/UserResponseClickLogs.jsp?ID=DMAIL_03-JUL-2023_457530_48792&type=GETINSTANTEMICARDNOW&url=https://dalexglobal.com/ahhgdbbed/QuaYHqKjWucBYFI/CI1hColjh4wbAgPrZmwS1dprkh1ofe	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse
	Secured Doc-[aQb-26731].pdf	Get hash	malicious	HTMLPhisher	Browse
	Secured Doc-[aAO-49313]-2.pdf	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse
	Secured Doc-[TmW-65795].pdf	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse
	Secured Doc-[wSP-29072].pdf	Get hash	malicious	Unknown	Browse
162.159.61.3	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, XWorm	Browse
	FW_ Signature Required For Agreement with ID_41392PJBM8759674.msg	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	1732215862df90b858ebf82740ce134fb5917becbb3385f4dfc36cbe28d6e90709df01f065739.dat-decoded.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc	Browse
	S0FTWARE.exe	Get hash	malicious	Stealc, Vidar	Browse
	wE1inOhJA5.msi	Get hash	malicious	Remcos, RHADAMANTHYS	Browse
	test2.exe	Get hash	malicious	Unknown	Browse
239.255.255.250	https://doam29-kk5ug.ondigitalocean.app/	Get hash	malicious	TechSupportScam	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	Clipboard Hijacker, Cryptbot	Browse
	http://amz-account-unlock-dashboard4.duckdns.org	Get hash	malicious	Unknown	Browse
	Invoice_Billing_carolinadunesbh.com_6995261057.html	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	https://temp.farenheit.net/XMDNvVFp0d0NmOUNSbFJTSVB2QTRuZktxeWdPaG5ReWxrK1NleVgvbGgvakhBRU5TWkZPQW14RDZLMTlST0pJK3Jja1R0bjkyZkxubHc1UXhLdmU5UVNJcVIyU25JdFVIV0hEc3l3R0kvb3VpWWFlWGxvWmJMSDIwaWRkYTV3c2V3ZnpXcVArUkJXbEpTeWU1SCtuRWNpRVI2RFFuNXh1ODEyQUx3WlNCdDB1N3NjcDh2M1p4MU9qSkJ0R2VDV0VDeVJ4THU5bDM5SkkvaGMxc1hEc3pOb0VtcWl0cDUxemRyc1BwMkE9PS0tRklOcExLZUVZVVZGemhWRC0teTZKNGN1UnI2dUIxL3E5Zm91Q2hVZz09?cid=2268024206	Get hash	malicious	KnowBe4	Browse
45.112.123.126	bZPAo2e2Pv.jar	Get hash	malicious	Can Stealer	Browse
	bZPAo2e2Pv.jar	Get hash	malicious	Can Stealer	Browse
	iDvmIRCPBw.exe	Get hash	malicious	Unknown	Browse
	ZdXUGLQpoL.exe	Get hash	malicious	Unknown	Browse
	jaPB8q3WL1.exe	Get hash	malicious	Unknown	Browse
	yx7VCK1nxU.exe	Get hash	malicious	Unknown	Browse
	RuntimeusererVers.exe	Get hash	malicious	Python Stealer	Browse
	file.exe	Get hash	malicious	CStealer	Browse
	dens.exe	Get hash	malicious	Python Stealer, Exela Stealer, Waltuhium Grabber	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
chrome.cloudflare-dns.com	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	Amadey, XWorm	Browse	162.159.61.3
	file.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	162.159.61.3
	1732215862df90b858ebf82740ce134fb5917becbb3385f4dfc36cbe28d6e90709df01f065739.dat-decoded.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc	Browse	162.159.61.3
	S0FTWARE.exe	Get hash	malicious	Stealc, Vidar	Browse	162.159.61.3
	wE1inOhJA5.msi	Get hash	malicious	Remcos, RHADAMANTHYS	Browse	172.64.41.3
	test2.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
api.gofile.io	bZPAo2e2Pv.jar	Get hash	malicious	Can Stealer	Browse	45.112.123.126
	bZPAo2e2Pv.jar	Get hash	malicious	Can Stealer	Browse	45.112.123.126
	iDvmIRCPBw.exe	Get hash	malicious	Unknown	Browse	45.112.123.126
	ZdXUGLQpoL.exe	Get hash	malicious	Unknown	Browse	45.112.123.126
	jaPB8q3WL1.exe	Get hash	malicious	Unknown	Browse	45.112.123.126
	yx7VCK1nxU.exe	Get hash	malicious	Unknown	Browse	45.112.123.126
	RuntimeusererVers.exe	Get hash	malicious	Python Stealer	Browse	45.112.123.126
	file.exe	Get hash	malicious	CStealer	Browse	45.112.123.126
	dens.exe	Get hash	malicious	Python Stealer, Exela Stealer, Waltuhium Grabber	Browse	45.112.123.126
	Creal.exe	Get hash	malicious	Creal Stealer	Browse	45.112.123.126

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	https://doam29-kk5ug.ondigitalocean.app/	Get hash	malicious	TechSupportScam	Browse	162.159.140.98
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc	Browse	104.21.66.38
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	LummaC	Browse	172.67.155.248
	http://amz-account-unlock-dashboard4.duckdns.org	Get hash	malicious	Unknown	Browse	104.18.11.207
	Invoice_Billing_carolinadunesbh.com_6995261057.html	Get hash	malicious	Unknown	Browse	104.17.25.14
	file.exe	Get hash	malicious	LummaC	Browse	104.21.66.38
	file.exe	Get hash	malicious	Amadey, XWorm	Browse	172.67.75.163
	http://t.ly/YSjhI	Get hash	malicious	Unknown	Browse	104.17.25.14
	https://app.smartsheet.com/b/form/9141bdd4d7da45789170a7064a677627	Get hash	malicious	HTMLPhisher	Browse	104.18.11.207
CLOUDFLARENETUS	https://doam29-kk5ug.ondigitalocean.app/	Get hash	malicious	TechSupportScam	Browse	162.159.140.98
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc	Browse	104.21.66.38
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	LummaC	Browse	172.67.155.248
	http://amz-account-unlock-dashboard4.duckdns.org	Get hash	malicious	Unknown	Browse	104.18.11.207
	Invoice_Billing_carolinadunesbh.com_6995261057.html	Get hash	malicious	Unknown	Browse	104.17.25.14
	file.exe	Get hash	malicious	LummaC	Browse	104.21.66.38
	file.exe	Get hash	malicious	Amadey, XWorm	Browse	172.67.75.163
	http://t.ly/YSjhI	Get hash	malicious	Unknown	Browse	104.17.25.14
	https://app.smartsheet.com/b/form/9141bdd4d7da45789170a7064a677627	Get hash	malicious	HTMLPhisher	Browse	104.18.11.207
AMAZON-02US	x86_32.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	54.105.14.168
	anarchy.arm6.elf	Get hash	malicious	Mirai	Browse	34.249.145.219
	https://temp.farenheit.net/XMDNvVFp0d0NmOUNSbFJTSVB2QTRuZktxeWdPaG5ReWxrK1NleVgvbGgvakhBRU5TWkZPQW14RDZLMTlST0pJK3Jja1R0bjkyZkxubHc1UXhLdmU5UVNJcVIyU25JdFVIV0hEc3l3R0kvb3VpWWFlWGxvWmJMSDIwaWRkYTV3c2V3ZnpXcVArUkJXbEpTeWU1SCtuRWNpRVI2RFFuNXh1ODEyQUx3WlNCdDB1N3NjcDh2M1p4MU9qSkJ0R2VDV0VDeVJ4THU5bDM5SkkvaGMxc1hEc3pOb0VtcWl0cDUxemRyc1BwMkE9PS0tRklOcExLZUVZVVZGemhWRC0teTZKNGN1UnI2dUIxL3E5Zm91Q2hVZz09?cid=2268024206	Get hash	malicious	KnowBe4	Browse	52.217.192.233
	file.exe	Get hash	malicious	Amadey, XWorm	Browse	18.238.49.99
	http://t.ly/YSjhI	Get hash	malicious	Unknown	Browse	13.227.8.58
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	3.168.102.127
	tftp.elf	Get hash	malicious	Unknown	Browse	54.171.230.55
	https://bafkreifkijr4deqnzixvigwgbpmegtl7w7z65bwaf2xegf6wb5oejvy7je.ipfs.flk-ipfs.xyz/#mail@andrejsmanagement.com&c=E,1,7ZfSQ9vAYe7rvB9NwKAqcoBV6_2nCPL09QKb7jG3WYDaiZix9u1hiaulren8GlCVh8tr3ArY61yo0-gZFvLQqJ6pANsbQuIKnEW2EuUntXIIWBvyOuRTAdpQ&typo=1	Get hash	malicious	Unknown	Browse	108.158.75.9
	https://t.apemail.net/c/nqkr6vk3kzmvyhqvdmdrwaabb4caabycb4nqogyhdmkxs5qvdmkqcvagayhveflk-nqdbwfkcivnrkgyvpf3bkgygamaa4bqedmcagbahdmdrwbqcaubqoayfdmdrwby3cupvkw2wlfob4fi3a4nvsqs3lmnrkzcskzbugw2sc5svevs3c5zeiq2winjbo5kcirpfsuseiqlwer2tkzbvefi3aaaq6baaa4ba6gyvl5bugr2ebumbqvsdjzlfcgk3jymfmrcekjbuifi3incueuq3aabaegyvpf3bkg2zijnvwg2zijnvwg2zijnvwg2zijnvwgyvafkambqpkikwu	Get hash	malicious	Unknown	Browse	54.201.238.29
	ULNZPn6D33.exe	Get hash	malicious	Sliver	Browse	18.197.239.5

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Programs\unrealgame\d3dcompiler_47.dll	Xa04iTOvv5.exe	Get hash	malicious	Unknown	Browse
	Setup.exe	Get hash	malicious	Unknown	Browse
	ArenaWarsSetup.exe	Get hash	malicious	Unknown	Browse
	ArenaWarsSetup.exe	Get hash	malicious	Unknown	Browse
	Launcher 1.0.0.exe	Get hash	malicious	Unknown	Browse
	Launcher 1.0.0.exe	Get hash	malicious	Unknown	Browse
	Xeno Executor Setup 1.0.0.exe	Get hash	malicious	Unknown	Browse
	Xeno Executor Setup 1.0.0.exe	Get hash	malicious	Unknown	Browse
	Setup.exe	Get hash	malicious	Unknown	Browse
	Setup.exe	Get hash	malicious	Unknown	Browse

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	8389
Entropy (8bit):	5.788778281165924
Encrypted:	false
SSDEEP:	192:fsNwzCvReiRUoqQXklkt6qRAq1k8SPxVLZ7VTiQ:fsNwevhVzUlC6q3QxVNZTiQ
MD5:	BA12919B8111B85A4A2E6A516E57964D
SHA1:	C7952D637FA2F798DAC93BEFB6F2F02906758939
SHA-256:	B947F687FEEC487BB858F86BEB64677EF1F35529529CE9879EFB71426461042B
SHA-512:	F69B6D73FF75184DB5954B451626A73665F8FB201886737F7A631061EC2452381F146D5A54BC5FB425497F05D9E98E9CEEA4B41CAF4E327FE3D1C24FE8F359F9
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"oem_bookmarks_set":true,"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration

Process:	C:\Users\user\Desktop\MayitaV16.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1096
Entropy (8bit):	5.13006727705212
Encrypted:	false
SSDEEP:	24:36DiJHxRHuyPP3GtIHw1Gg9QH+sUW8Ok4F+d1o36qjFD:36DiJzfPvGt7ICQH+sfIte36AFD
MD5:	4D42118D35941E0F664DDDBD83F633C5
SHA1:	2B21EC5F20FE961D15F2B58EFB1368E66D202E5C
SHA-256:	5154E165BD6C2CC0CFBCD8916498C7ABAB0497923BAFCD5CB07673FE8480087D
SHA-512:	3FFBBA2E4CD689F362378F6B0F6060571F57E228D3755BDD308283BE6CBBEF8C2E84BEB5FCF73E0C3C81CD944D01EE3FCF141733C4D8B3B0162E543E0B9F3E63
Malicious:	false
Preview:	Copyright (c) Electron contributors.Copyright (c) 2013-2020 GitHub Inc...Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the."Software"), to deal in the Software without restriction, including.without limitation the rights to use, copy, modify, merge, publish,.distribute, sublicense, and/or sell copies of the Software, and to.permit persons to whom the Software is furnished to do so, subject to.the following conditions:..The above copyright notice and this permission notice shall be.included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,.EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND.NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE.LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION.OF CONTRACT, TORT OR OTHERWISE, ARISIN

File type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Entropy (8bit):	7.999980602541402
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	MayitaV16.exe
File size:	79'067'379 bytes
MD5:	e5bb039da501cae7edddf9268ec43741
SHA1:	a7571b4b9a2c93187f20bf4de5d7852154b15216
SHA256:	e92d4f3c94a734fb23d91270012fe3c13f566d1f3d6b7ec166bd30666cd2b036
SHA512:	bb4f298f7a91af549ef20bce09f807ef8bf815cfc484fb7c3e307af902baf31fe9bda4f5f91f50bcb3f970f52bc3440088454076b65303da24f2e77469533d71
SSDEEP:	1572864:JyJ39Kk9MrWJx/iB8ceyIS7nqYdd6hIEhSmn6nlN/DFC5:JRk9MrWJ4/vP7nMhJnUXDI5
TLSH:	A5083344F28A1614DA0DB8F1BBB9F874D8D0B586B5B3D0F227651F46A86C217BFA04C7
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf._9..Pf..Pg.LPf._;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L......\.................h...8...@.

Entrypoint:	0x40338f
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x5C157F86 [Sat Dec 15 22:26:14 2018 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	b34f154ec913d2d2c435cbd644e91687

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x8610	0xa0	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x19f000	0x5a70	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x8000	0x2b0	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x6627	0x6800	7618d4c0cd8bb67ea9595b4266b3a91f	False	0.6646259014423077	data	6.450282348506287	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x8000	0x14a2	0x1600	eecac1fed9cc6b447d50940d178404d8	False	0.4405184659090909	data	5.025178929113415	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xa000	0x70ff8	0x600	db8f31a08a2242d80c29e1f9500c6527	False	0.5182291666666666	data	4.037117731448378	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.ndata	0x7b000	0x124000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x19f000	0x5a70	0x5c00	7356b1ed813f9f79008f793d1f6a8ee3	False	0.490531589673913	data	5.4006605292220335	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x19f5c8	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.7213883677298312
RT_ICON	0x1a0670	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2688, 256 important colors	English	United States	0.6751066098081023
RT_ICON	0x1a1518	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1152, 256 important colors	English	United States	0.7851985559566786
RT_ICON	0x1a1dc0	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 320, 256 important colors	English	United States	0.6560693641618497
RT_ICON	0x1a2328	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.8031914893617021
RT_ICON	0x1a2790	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 640	English	United States	0.3118279569892473
RT_ICON	0x1a2a78	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	United States	0.36824324324324326
RT_DIALOG	0x1a2ba0	0x202	data	English	United States	0.4085603112840467
RT_DIALOG	0x1a2da8	0xf8	data	English	United States	0.6290322580645161
RT_DIALOG	0x1a2ea0	0xee	data	English	United States	0.6260504201680672
RT_DIALOG	0x1a2f90	0x1fa	data	English	United States	0.40118577075098816
RT_DIALOG	0x1a3190	0xf0	data	English	United States	0.6666666666666666
RT_DIALOG	0x1a3280	0xe6	data	English	United States	0.6565217391304348
RT_DIALOG	0x1a3368	0x1ee	data	English	United States	0.38866396761133604
RT_DIALOG	0x1a3558	0xe4	data	English	United States	0.6447368421052632
RT_DIALOG	0x1a3640	0xda	data	English	United States	0.6422018348623854
RT_DIALOG	0x1a3720	0x1ee	data	English	United States	0.3866396761133603
RT_DIALOG	0x1a3910	0xe4	data	English	United States	0.6359649122807017
RT_DIALOG	0x1a39f8	0xda	data	English	United States	0.6376146788990825
RT_DIALOG	0x1a3ad8	0x1f2	data	English	United States	0.39759036144578314
RT_DIALOG	0x1a3cd0	0xe8	data	English	United States	0.6508620689655172
RT_DIALOG	0x1a3db8	0xde	data	English	United States	0.6486486486486487
RT_DIALOG	0x1a3e98	0x202	data	English	United States	0.42217898832684825
RT_DIALOG	0x1a40a0	0xf8	data	English	United States	0.6653225806451613
RT_DIALOG	0x1a4198	0xee	data	English	United States	0.6512605042016807
RT_GROUP_ICON	0x1a4288	0x68	data	English	United States	0.6634615384615384
RT_VERSION	0x1a42f0	0x354	data	English	United States	0.47300469483568075
RT_MANIFEST	0x1a4648	0x423	XML 1.0 document, ASCII text, with very long lines (1059), with no line terminators	English	United States	0.5127478753541076

DLL	Import
KERNEL32.dll	SetEnvironmentVariableW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, SetCurrentDirectoryW, GetFileAttributesW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, ExitProcess, GetShortPathNameW, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
USER32.dll	GetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage
GDI32.dll	SelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
SHELL32.dll	SHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW
ADVAPI32.dll	AdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
COMCTL32.dll	ImageList_Create, ImageList_AddMasked, ImageList_Destroy
ole32.dll	OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 22, 2024 00:36:39.724490881 CET	49739	443	192.168.2.4	172.67.169.156
Nov 22, 2024 00:36:39.724533081 CET	443	49739	172.67.169.156	192.168.2.4
Nov 22, 2024 00:36:39.724615097 CET	49739	443	192.168.2.4	172.67.169.156
Nov 22, 2024 00:36:39.725223064 CET	49739	443	192.168.2.4	172.67.169.156
Nov 22, 2024 00:36:39.725235939 CET	443	49739	172.67.169.156	192.168.2.4
Nov 22, 2024 00:36:41.038465977 CET	443	49739	172.67.169.156	192.168.2.4
Nov 22, 2024 00:36:41.040821075 CET	49739	443	192.168.2.4	172.67.169.156
Nov 22, 2024 00:36:41.040831089 CET	443	49739	172.67.169.156	192.168.2.4
Nov 22, 2024 00:36:41.042388916 CET	443	49739	172.67.169.156	192.168.2.4
Nov 22, 2024 00:36:41.042463064 CET	49739	443	192.168.2.4	172.67.169.156
Nov 22, 2024 00:36:41.044950008 CET	49739	443	192.168.2.4	172.67.169.156
Nov 22, 2024 00:36:41.045017004 CET	443	49739	172.67.169.156	192.168.2.4
Nov 22, 2024 00:36:41.045181990 CET	443	49739	172.67.169.156	192.168.2.4
Nov 22, 2024 00:36:41.045239925 CET	49739	443	192.168.2.4	172.67.169.156
Nov 22, 2024 00:36:41.045469046 CET	49739	443	192.168.2.4	172.67.169.156
Nov 22, 2024 00:36:41.060882092 CET	49740	443	192.168.2.4	172.67.169.156
Nov 22, 2024 00:36:41.060957909 CET	443	49740	172.67.169.156	192.168.2.4
Nov 22, 2024 00:36:41.061084032 CET	49740	443	192.168.2.4	172.67.169.156
Nov 22, 2024 00:36:41.061417103 CET	49740	443	192.168.2.4	172.67.169.156
Nov 22, 2024 00:36:41.061444044 CET	443	49740	172.67.169.156	192.168.2.4
Nov 22, 2024 00:36:42.407795906 CET	443	49740	172.67.169.156	192.168.2.4
Nov 22, 2024 00:36:42.408266068 CET	49740	443	192.168.2.4	172.67.169.156
Nov 22, 2024 00:36:42.408293009 CET	443	49740	172.67.169.156	192.168.2.4
Nov 22, 2024 00:36:42.411201000 CET	443	49740	172.67.169.156	192.168.2.4
Nov 22, 2024 00:36:42.411292076 CET	49740	443	192.168.2.4	172.67.169.156
Nov 22, 2024 00:36:42.412319899 CET	49740	443	192.168.2.4	172.67.169.156
Nov 22, 2024 00:36:42.412364960 CET	443	49740	172.67.169.156	192.168.2.4
Nov 22, 2024 00:36:42.412429094 CET	49740	443	192.168.2.4	172.67.169.156
Nov 22, 2024 00:36:42.417381048 CET	49742	443	192.168.2.4	172.67.169.156
Nov 22, 2024 00:36:42.417409897 CET	443	49742	172.67.169.156	192.168.2.4
Nov 22, 2024 00:36:42.417618990 CET	49742	443	192.168.2.4	172.67.169.156
Nov 22, 2024 00:36:42.417923927 CET	49742	443	192.168.2.4	172.67.169.156
Nov 22, 2024 00:36:42.417939901 CET	443	49742	172.67.169.156	192.168.2.4
Nov 22, 2024 00:36:43.685147047 CET	443	49742	172.67.169.156	192.168.2.4
Nov 22, 2024 00:36:43.685750961 CET	49742	443	192.168.2.4	172.67.169.156
Nov 22, 2024 00:36:43.685812950 CET	443	49742	172.67.169.156	192.168.2.4
Nov 22, 2024 00:36:43.687109947 CET	443	49742	172.67.169.156	192.168.2.4
Nov 22, 2024 00:36:43.687241077 CET	49742	443	192.168.2.4	172.67.169.156
Nov 22, 2024 00:36:43.688011885 CET	49742	443	192.168.2.4	172.67.169.156
Nov 22, 2024 00:36:43.688096046 CET	443	49742	172.67.169.156	192.168.2.4
Nov 22, 2024 00:36:43.688278913 CET	443	49742	172.67.169.156	192.168.2.4
Nov 22, 2024 00:36:43.688370943 CET	49742	443	192.168.2.4	172.67.169.156
Nov 22, 2024 00:36:43.688371897 CET	49742	443	192.168.2.4	172.67.169.156
Nov 22, 2024 00:36:43.841696978 CET	49743	443	192.168.2.4	45.112.123.126
Nov 22, 2024 00:36:43.841742992 CET	443	49743	45.112.123.126	192.168.2.4
Nov 22, 2024 00:36:43.842387915 CET	49743	443	192.168.2.4	45.112.123.126
Nov 22, 2024 00:36:43.842387915 CET	49743	443	192.168.2.4	45.112.123.126
Nov 22, 2024 00:36:43.842418909 CET	443	49743	45.112.123.126	192.168.2.4
Nov 22, 2024 00:36:45.254786968 CET	443	49743	45.112.123.126	192.168.2.4
Nov 22, 2024 00:36:45.255182028 CET	49743	443	192.168.2.4	45.112.123.126
Nov 22, 2024 00:36:45.255211115 CET	443	49743	45.112.123.126	192.168.2.4
Nov 22, 2024 00:36:45.256867886 CET	443	49743	45.112.123.126	192.168.2.4
Nov 22, 2024 00:36:45.256937981 CET	49743	443	192.168.2.4	45.112.123.126
Nov 22, 2024 00:36:45.257810116 CET	49743	443	192.168.2.4	45.112.123.126
Nov 22, 2024 00:36:45.257865906 CET	443	49743	45.112.123.126	192.168.2.4
Nov 22, 2024 00:36:45.258024931 CET	443	49743	45.112.123.126	192.168.2.4
Nov 22, 2024 00:36:45.258075953 CET	49743	443	192.168.2.4	45.112.123.126
Nov 22, 2024 00:36:45.258095026 CET	49743	443	192.168.2.4	45.112.123.126
Nov 22, 2024 00:36:47.211141109 CET	49748	443	192.168.2.4	142.250.181.100
Nov 22, 2024 00:36:47.211179972 CET	443	49748	142.250.181.100	192.168.2.4
Nov 22, 2024 00:36:47.211240053 CET	49748	443	192.168.2.4	142.250.181.100
Nov 22, 2024 00:36:47.211271048 CET	49749	443	192.168.2.4	142.250.181.100
Nov 22, 2024 00:36:47.211294889 CET	443	49749	142.250.181.100	192.168.2.4
Nov 22, 2024 00:36:47.211354971 CET	49749	443	192.168.2.4	142.250.181.100
Nov 22, 2024 00:36:47.211462021 CET	49748	443	192.168.2.4	142.250.181.100
Nov 22, 2024 00:36:47.211479902 CET	443	49748	142.250.181.100	192.168.2.4
Nov 22, 2024 00:36:47.211652040 CET	49749	443	192.168.2.4	142.250.181.100
Nov 22, 2024 00:36:47.211678028 CET	443	49749	142.250.181.100	192.168.2.4
Nov 22, 2024 00:36:47.268748999 CET	49750	443	192.168.2.4	142.250.181.100
Nov 22, 2024 00:36:47.268779039 CET	443	49750	142.250.181.100	192.168.2.4
Nov 22, 2024 00:36:47.268847942 CET	49750	443	192.168.2.4	142.250.181.100
Nov 22, 2024 00:36:47.269196987 CET	49750	443	192.168.2.4	142.250.181.100
Nov 22, 2024 00:36:47.269226074 CET	443	49750	142.250.181.100	192.168.2.4
Nov 22, 2024 00:36:47.304965973 CET	49751	443	192.168.2.4	142.250.181.100
Nov 22, 2024 00:36:47.304991961 CET	443	49751	142.250.181.100	192.168.2.4
Nov 22, 2024 00:36:47.305063963 CET	49751	443	192.168.2.4	142.250.181.100
Nov 22, 2024 00:36:47.305252075 CET	49751	443	192.168.2.4	142.250.181.100
Nov 22, 2024 00:36:47.305282116 CET	443	49751	142.250.181.100	192.168.2.4
Nov 22, 2024 00:36:48.935271978 CET	49754	443	192.168.2.4	162.159.61.3
Nov 22, 2024 00:36:48.935311079 CET	443	49754	162.159.61.3	192.168.2.4
Nov 22, 2024 00:36:48.935442924 CET	49754	443	192.168.2.4	162.159.61.3
Nov 22, 2024 00:36:48.945174932 CET	443	49748	142.250.181.100	192.168.2.4
Nov 22, 2024 00:36:48.986994982 CET	49748	443	192.168.2.4	142.250.181.100
Nov 22, 2024 00:36:49.015759945 CET	443	49749	142.250.181.100	192.168.2.4
Nov 22, 2024 00:36:49.023020983 CET	49754	443	192.168.2.4	162.159.61.3
Nov 22, 2024 00:36:49.023045063 CET	443	49754	162.159.61.3	192.168.2.4
Nov 22, 2024 00:36:49.035159111 CET	49748	443	192.168.2.4	142.250.181.100
Nov 22, 2024 00:36:49.035188913 CET	443	49748	142.250.181.100	192.168.2.4
Nov 22, 2024 00:36:49.035240889 CET	49749	443	192.168.2.4	142.250.181.100
Nov 22, 2024 00:36:49.035250902 CET	443	49749	142.250.181.100	192.168.2.4
Nov 22, 2024 00:36:49.036770105 CET	443	49748	142.250.181.100	192.168.2.4
Nov 22, 2024 00:36:49.036850929 CET	49748	443	192.168.2.4	142.250.181.100
Nov 22, 2024 00:36:49.037065029 CET	443	49749	142.250.181.100	192.168.2.4
Nov 22, 2024 00:36:49.037125111 CET	49749	443	192.168.2.4	142.250.181.100
Nov 22, 2024 00:36:49.038089991 CET	443	49750	142.250.181.100	192.168.2.4
Nov 22, 2024 00:36:49.083101988 CET	443	49751	142.250.181.100	192.168.2.4
Nov 22, 2024 00:36:49.084943056 CET	49749	443	192.168.2.4	142.250.181.100
Nov 22, 2024 00:36:49.085094929 CET	443	49749	142.250.181.100	192.168.2.4
Nov 22, 2024 00:36:49.088409901 CET	49748	443	192.168.2.4	142.250.181.100
Nov 22, 2024 00:36:49.088515997 CET	443	49748	142.250.181.100	192.168.2.4
Nov 22, 2024 00:36:49.092106104 CET	49750	443	192.168.2.4	142.250.181.100
Nov 22, 2024 00:36:49.092128038 CET	443	49750	142.250.181.100	192.168.2.4
Nov 22, 2024 00:36:49.093632936 CET	443	49750	142.250.181.100	192.168.2.4
Nov 22, 2024 00:36:49.093651056 CET	443	49750	142.250.181.100	192.168.2.4
Nov 22, 2024 00:36:49.093806028 CET	49750	443	192.168.2.4	142.250.181.100
Nov 22, 2024 00:36:49.095931053 CET	49751	443	192.168.2.4	142.250.181.100
Nov 22, 2024 00:36:49.095948935 CET	443	49751	142.250.181.100	192.168.2.4
Nov 22, 2024 00:36:49.099518061 CET	443	49751	142.250.181.100	192.168.2.4
Nov 22, 2024 00:36:49.099591970 CET	49751	443	192.168.2.4	142.250.181.100
Nov 22, 2024 00:36:49.099641085 CET	49750	443	192.168.2.4	142.250.181.100
Nov 22, 2024 00:36:49.099725008 CET	49749	443	192.168.2.4	142.250.181.100
Nov 22, 2024 00:36:49.099756002 CET	443	49749	142.250.181.100	192.168.2.4
Nov 22, 2024 00:36:49.099770069 CET	443	49750	142.250.181.100	192.168.2.4
Nov 22, 2024 00:36:49.099802971 CET	49748	443	192.168.2.4	142.250.181.100
Nov 22, 2024 00:36:49.099834919 CET	443	49748	142.250.181.100	192.168.2.4
Nov 22, 2024 00:36:49.103177071 CET	49751	443	192.168.2.4	142.250.181.100
Nov 22, 2024 00:36:49.103388071 CET	443	49751	142.250.181.100	192.168.2.4
Nov 22, 2024 00:36:49.103406906 CET	49750	443	192.168.2.4	142.250.181.100
Nov 22, 2024 00:36:49.103415012 CET	443	49750	142.250.181.100	192.168.2.4
Nov 22, 2024 00:36:49.103450060 CET	49751	443	192.168.2.4	142.250.181.100
Nov 22, 2024 00:36:49.140192032 CET	49748	443	192.168.2.4	142.250.181.100
Nov 22, 2024 00:36:49.142657042 CET	49749	443	192.168.2.4	142.250.181.100
Nov 22, 2024 00:36:49.151357889 CET	443	49751	142.250.181.100	192.168.2.4
Nov 22, 2024 00:36:49.155795097 CET	49750	443	192.168.2.4	142.250.181.100
Nov 22, 2024 00:36:49.155797005 CET	49751	443	192.168.2.4	142.250.181.100
Nov 22, 2024 00:36:49.155812979 CET	443	49751	142.250.181.100	192.168.2.4
Nov 22, 2024 00:36:49.202680111 CET	49751	443	192.168.2.4	142.250.181.100
Nov 22, 2024 00:36:49.270232916 CET	49748	443	192.168.2.4	142.250.181.100
Nov 22, 2024 00:36:49.270349979 CET	443	49748	142.250.181.100	192.168.2.4
Nov 22, 2024 00:36:49.270435095 CET	49748	443	192.168.2.4	142.250.181.100
Nov 22, 2024 00:36:49.503068924 CET	49750	443	192.168.2.4	142.250.181.100
Nov 22, 2024 00:36:49.503098011 CET	49749	443	192.168.2.4	142.250.181.100
Nov 22, 2024 00:36:49.503133059 CET	49751	443	192.168.2.4	142.250.181.100
Nov 22, 2024 00:36:49.776179075 CET	49755	443	192.168.2.4	162.159.61.3
Nov 22, 2024 00:36:49.776228905 CET	443	49755	162.159.61.3	192.168.2.4
Nov 22, 2024 00:36:49.776297092 CET	49755	443	192.168.2.4	162.159.61.3
Nov 22, 2024 00:36:49.940532923 CET	49755	443	192.168.2.4	162.159.61.3
Nov 22, 2024 00:36:49.940577984 CET	443	49755	162.159.61.3	192.168.2.4
Nov 22, 2024 00:36:50.305802107 CET	443	49754	162.159.61.3	192.168.2.4
Nov 22, 2024 00:36:50.358161926 CET	49754	443	192.168.2.4	162.159.61.3
Nov 22, 2024 00:36:50.573260069 CET	49754	443	192.168.2.4	162.159.61.3
Nov 22, 2024 00:36:50.573318958 CET	443	49754	162.159.61.3	192.168.2.4
Nov 22, 2024 00:36:50.574527025 CET	443	49754	162.159.61.3	192.168.2.4
Nov 22, 2024 00:36:50.574542999 CET	443	49754	162.159.61.3	192.168.2.4
Nov 22, 2024 00:36:50.574621916 CET	49754	443	192.168.2.4	162.159.61.3
Nov 22, 2024 00:36:50.814250946 CET	49754	443	192.168.2.4	162.159.61.3
Nov 22, 2024 00:36:50.814469099 CET	443	49754	162.159.61.3	192.168.2.4
Nov 22, 2024 00:36:50.815788984 CET	49754	443	192.168.2.4	162.159.61.3
Nov 22, 2024 00:36:50.815813065 CET	443	49754	162.159.61.3	192.168.2.4
Nov 22, 2024 00:36:50.859466076 CET	49754	443	192.168.2.4	162.159.61.3
Nov 22, 2024 00:36:51.113178968 CET	49756	443	192.168.2.4	162.159.61.3
Nov 22, 2024 00:36:51.113221884 CET	443	49756	162.159.61.3	192.168.2.4
Nov 22, 2024 00:36:51.113296986 CET	49756	443	192.168.2.4	162.159.61.3
Nov 22, 2024 00:36:51.113673925 CET	49756	443	192.168.2.4	162.159.61.3
Nov 22, 2024 00:36:51.113692999 CET	443	49756	162.159.61.3	192.168.2.4
Nov 22, 2024 00:36:51.202567101 CET	443	49755	162.159.61.3	192.168.2.4
Nov 22, 2024 00:36:51.203011036 CET	49755	443	192.168.2.4	162.159.61.3
Nov 22, 2024 00:36:51.203042030 CET	443	49755	162.159.61.3	192.168.2.4
Nov 22, 2024 00:36:51.204030991 CET	443	49755	162.159.61.3	192.168.2.4
Nov 22, 2024 00:36:51.204087019 CET	49755	443	192.168.2.4	162.159.61.3
Nov 22, 2024 00:36:51.204874039 CET	49755	443	192.168.2.4	162.159.61.3
Nov 22, 2024 00:36:51.204935074 CET	443	49755	162.159.61.3	192.168.2.4
Nov 22, 2024 00:36:51.205086946 CET	49755	443	192.168.2.4	162.159.61.3
Nov 22, 2024 00:36:51.245039940 CET	443	49754	162.159.61.3	192.168.2.4
Nov 22, 2024 00:36:51.245106936 CET	443	49754	162.159.61.3	192.168.2.4
Nov 22, 2024 00:36:51.245182991 CET	49754	443	192.168.2.4	162.159.61.3
Nov 22, 2024 00:36:51.250166893 CET	49755	443	192.168.2.4	162.159.61.3
Nov 22, 2024 00:36:51.250180006 CET	443	49755	162.159.61.3	192.168.2.4
Nov 22, 2024 00:36:51.275352001 CET	49754	443	192.168.2.4	162.159.61.3
Nov 22, 2024 00:36:51.275393009 CET	443	49754	162.159.61.3	192.168.2.4
Nov 22, 2024 00:36:51.296578884 CET	49755	443	192.168.2.4	162.159.61.3
Nov 22, 2024 00:36:51.717128038 CET	443	49755	162.159.61.3	192.168.2.4
Nov 22, 2024 00:36:51.717305899 CET	443	49755	162.159.61.3	192.168.2.4
Nov 22, 2024 00:36:51.717376947 CET	49755	443	192.168.2.4	162.159.61.3
Nov 22, 2024 00:36:51.808406115 CET	49755	443	192.168.2.4	162.159.61.3
Nov 22, 2024 00:36:51.808428049 CET	443	49755	162.159.61.3	192.168.2.4
Nov 22, 2024 00:36:52.368026018 CET	443	49756	162.159.61.3	192.168.2.4
Nov 22, 2024 00:36:52.368463993 CET	49756	443	192.168.2.4	162.159.61.3
Nov 22, 2024 00:36:52.368491888 CET	443	49756	162.159.61.3	192.168.2.4
Nov 22, 2024 00:36:52.369934082 CET	443	49756	162.159.61.3	192.168.2.4
Nov 22, 2024 00:36:52.369983912 CET	49756	443	192.168.2.4	162.159.61.3
Nov 22, 2024 00:36:52.370822906 CET	49756	443	192.168.2.4	162.159.61.3
Nov 22, 2024 00:36:52.370909929 CET	443	49756	162.159.61.3	192.168.2.4
Nov 22, 2024 00:36:52.378885984 CET	49756	443	192.168.2.4	162.159.61.3
Nov 22, 2024 00:36:52.378895044 CET	443	49756	162.159.61.3	192.168.2.4
Nov 22, 2024 00:36:52.513765097 CET	49756	443	192.168.2.4	162.159.61.3
Nov 22, 2024 00:36:52.814282894 CET	443	49756	162.159.61.3	192.168.2.4
Nov 22, 2024 00:36:52.814376116 CET	443	49756	162.159.61.3	192.168.2.4
Nov 22, 2024 00:36:52.814500093 CET	49756	443	192.168.2.4	162.159.61.3
Nov 22, 2024 00:36:52.815109015 CET	49756	443	192.168.2.4	162.159.61.3
Nov 22, 2024 00:36:52.815125942 CET	443	49756	162.159.61.3	192.168.2.4
Nov 22, 2024 00:36:53.502490044 CET	49768	443	192.168.2.4	45.112.123.126
Nov 22, 2024 00:36:53.502538919 CET	443	49768	45.112.123.126	192.168.2.4
Nov 22, 2024 00:36:53.502615929 CET	49768	443	192.168.2.4	45.112.123.126
Nov 22, 2024 00:36:53.503211975 CET	49768	443	192.168.2.4	45.112.123.126
Nov 22, 2024 00:36:53.503226042 CET	443	49768	45.112.123.126	192.168.2.4
Nov 22, 2024 00:36:54.997239113 CET	443	49768	45.112.123.126	192.168.2.4
Nov 22, 2024 00:36:54.997638941 CET	49768	443	192.168.2.4	45.112.123.126
Nov 22, 2024 00:36:54.997673988 CET	443	49768	45.112.123.126	192.168.2.4
Nov 22, 2024 00:36:54.999104023 CET	443	49768	45.112.123.126	192.168.2.4
Nov 22, 2024 00:36:54.999172926 CET	49768	443	192.168.2.4	45.112.123.126
Nov 22, 2024 00:36:54.999979973 CET	49768	443	192.168.2.4	45.112.123.126
Nov 22, 2024 00:36:55.000017881 CET	443	49768	45.112.123.126	192.168.2.4
Nov 22, 2024 00:36:55.000077009 CET	49768	443	192.168.2.4	45.112.123.126
Nov 22, 2024 00:36:55.104418039 CET	49770	443	192.168.2.4	172.67.169.156
Nov 22, 2024 00:36:55.104471922 CET	443	49770	172.67.169.156	192.168.2.4
Nov 22, 2024 00:36:55.104610920 CET	49770	443	192.168.2.4	172.67.169.156
Nov 22, 2024 00:36:55.104844093 CET	49770	443	192.168.2.4	172.67.169.156
Nov 22, 2024 00:36:55.104861021 CET	443	49770	172.67.169.156	192.168.2.4
Nov 22, 2024 00:36:56.414994955 CET	443	49770	172.67.169.156	192.168.2.4
Nov 22, 2024 00:36:56.415287018 CET	49770	443	192.168.2.4	172.67.169.156
Nov 22, 2024 00:36:56.415323019 CET	443	49770	172.67.169.156	192.168.2.4
Nov 22, 2024 00:36:56.416440010 CET	443	49770	172.67.169.156	192.168.2.4
Nov 22, 2024 00:36:56.416498899 CET	49770	443	192.168.2.4	172.67.169.156
Nov 22, 2024 00:36:56.417515993 CET	49770	443	192.168.2.4	172.67.169.156
Nov 22, 2024 00:36:56.417555094 CET	443	49770	172.67.169.156	192.168.2.4
Nov 22, 2024 00:36:56.417659998 CET	49770	443	192.168.2.4	172.67.169.156
Nov 22, 2024 00:36:58.349553108 CET	49771	443	192.168.2.4	172.67.169.156
Nov 22, 2024 00:36:58.349630117 CET	443	49771	172.67.169.156	192.168.2.4
Nov 22, 2024 00:36:58.349745035 CET	49771	443	192.168.2.4	172.67.169.156
Nov 22, 2024 00:36:58.350397110 CET	49771	443	192.168.2.4	172.67.169.156
Nov 22, 2024 00:36:58.350434065 CET	443	49771	172.67.169.156	192.168.2.4
Nov 22, 2024 00:36:59.568276882 CET	443	49771	172.67.169.156	192.168.2.4
Nov 22, 2024 00:36:59.568696022 CET	49771	443	192.168.2.4	172.67.169.156
Nov 22, 2024 00:36:59.568732023 CET	443	49771	172.67.169.156	192.168.2.4
Nov 22, 2024 00:36:59.569938898 CET	443	49771	172.67.169.156	192.168.2.4
Nov 22, 2024 00:36:59.570008993 CET	49771	443	192.168.2.4	172.67.169.156
Nov 22, 2024 00:36:59.571057081 CET	49771	443	192.168.2.4	172.67.169.156
Nov 22, 2024 00:36:59.571120977 CET	443	49771	172.67.169.156	192.168.2.4
Nov 22, 2024 00:36:59.571182966 CET	49771	443	192.168.2.4	172.67.169.156
Nov 22, 2024 00:36:59.575793028 CET	49772	443	192.168.2.4	172.67.169.156
Nov 22, 2024 00:36:59.575890064 CET	443	49772	172.67.169.156	192.168.2.4
Nov 22, 2024 00:36:59.576003075 CET	49772	443	192.168.2.4	172.67.169.156
Nov 22, 2024 00:36:59.576517105 CET	49772	443	192.168.2.4	172.67.169.156
Nov 22, 2024 00:36:59.576556921 CET	443	49772	172.67.169.156	192.168.2.4
Nov 22, 2024 00:37:00.897505999 CET	443	49772	172.67.169.156	192.168.2.4
Nov 22, 2024 00:37:00.897964001 CET	49772	443	192.168.2.4	172.67.169.156
Nov 22, 2024 00:37:00.898029089 CET	443	49772	172.67.169.156	192.168.2.4
Nov 22, 2024 00:37:00.899252892 CET	443	49772	172.67.169.156	192.168.2.4
Nov 22, 2024 00:37:00.899389029 CET	49772	443	192.168.2.4	172.67.169.156
Nov 22, 2024 00:37:00.900077105 CET	49772	443	192.168.2.4	172.67.169.156
Nov 22, 2024 00:37:00.900124073 CET	443	49772	172.67.169.156	192.168.2.4
Nov 22, 2024 00:37:00.900228977 CET	49772	443	192.168.2.4	172.67.169.156

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 22, 2024 00:36:39.393799067 CET	58148	53	192.168.2.4	1.1.1.1
Nov 22, 2024 00:36:39.721038103 CET	53	58148	1.1.1.1	192.168.2.4
Nov 22, 2024 00:36:43.705581903 CET	56806	53	192.168.2.4	1.1.1.1
Nov 22, 2024 00:36:43.839545012 CET	53	56806	1.1.1.1	192.168.2.4
Nov 22, 2024 00:36:47.070888996 CET	56846	53	192.168.2.4	1.1.1.1
Nov 22, 2024 00:36:47.070888996 CET	62430	53	192.168.2.4	1.1.1.1
Nov 22, 2024 00:36:47.157778978 CET	53	55427	1.1.1.1	192.168.2.4
Nov 22, 2024 00:36:47.208831072 CET	53	56846	1.1.1.1	192.168.2.4
Nov 22, 2024 00:36:47.208859921 CET	53	59998	1.1.1.1	192.168.2.4
Nov 22, 2024 00:36:47.210778952 CET	53	62430	1.1.1.1	192.168.2.4
Nov 22, 2024 00:36:48.797838926 CET	57837	53	192.168.2.4	1.1.1.1
Nov 22, 2024 00:36:48.797838926 CET	50791	53	192.168.2.4	1.1.1.1
Nov 22, 2024 00:36:48.932178020 CET	53	57837	1.1.1.1	192.168.2.4
Nov 22, 2024 00:36:48.934050083 CET	53	50791	1.1.1.1	192.168.2.4
Nov 22, 2024 00:36:51.066730022 CET	59470	53	192.168.2.4	1.1.1.1
Nov 22, 2024 00:36:51.090151072 CET	49521	53	192.168.2.4	1.1.1.1
Nov 22, 2024 00:36:51.222817898 CET	53	49521	1.1.1.1	192.168.2.4

Timestamp	Bytes transferred	Direction	Data
2024-11-21 23:36:50 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-21 23:36:50 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-21 23:36:51 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Thu, 21 Nov 2024 23:36:51 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8e6481169d46c338-EWR alt-svc: h3=":443"; ma=86400
2024-11-21 23:36:51 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 10 00 04 8e fa 41 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcomA)

Timestamp	Bytes transferred	Direction	Data
2024-11-21 23:36:52 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-21 23:36:52 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-21 23:36:52 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Thu, 21 Nov 2024 23:36:52 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8e64812119c042a1-EWR alt-svc: h3=":443"; ma=86400
2024-11-21 23:36:52 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 07 00 04 8e fb 20 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom c)

Target ID:	0
Start time:	18:36:08
Start date:	21/11/2024
Path:	C:\Users\user\Desktop\MayitaV16.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\MayitaV16.exe"
Imagebase:	0x400000
File size:	79'067'379 bytes
MD5 hash:	E5BB039DA501CAE7EDDDF9268EC43741
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	4
Start time:	18:36:33
Start date:	21/11/2024
Path:	C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe"
Imagebase:	0x7ff759b90000
File size:	162'117'120 bytes
MD5 hash:	DF1D5E605E98A3A533E6AD7E585442E0
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 8%, ReversingLabs
Reputation:	low
Has exited:	false

Target ID:	10
Start time:	18:36:39
Start date:	21/11/2024
Path:	C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1852 --field-trial-handle=1856,i,4436367812585847446,8332434346284091481,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Imagebase:	0x7ff759b90000
File size:	162'117'120 bytes
MD5 hash:	DF1D5E605E98A3A533E6AD7E585442E0
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	11
Start time:	18:36:41
Start date:	21/11/2024
Path:	C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Programs\unrealgame\MayitaV16.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=2348 --field-trial-handle=1856,i,4436367812585847446,8332434346284091481,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
Imagebase:	0x7ff759b90000
File size:	162'117'120 bytes
MD5 hash:	DF1D5E605E98A3A533E6AD7E585442E0
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	12
Start time:	18:36:44
Start date:	21/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	14
Start time:	18:36:48
Start date:	21/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000
Imagebase:	0x7ff67dcd0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	18
Start time:	18:36:52
Start date:	21/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --no-sandbox --mojo-platform-channel-handle=5364 --field-trial-handle=1972,i,14171082060860887493,6740327589289574467,262144 /prefetch:8
Imagebase:	0x7ff67dcd0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	19
Start time:	18:36:54
Start date:	21/11/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Imagebase:	0x7ff7618a0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report MayitaV16.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\28a0cb84-93f4-4571-805c-0e20b49aaa86.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2e9bc0ff-3bcf-4063-b594-69e9c3dcb497.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-673FC410-1E04.pma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_2

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_3

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\index

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000001.dbtmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\CURRENT (copy)

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeEDrop\EdgeEDropSQLite.db

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeEDrop\EdgeEDropSQLite.db-journal

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000001.dbtmp

Windows Analysis Report
MayitaV16.exe

Target ID:	28
Start time:	18:36:55
Start date:	21/11/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM EpicGamesLauncher.exe /F"
Imagebase:	0x7ff7618a0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Target ID:	37
Start time:	18:36:56
Start date:	21/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Target ID:	43
Start time:	18:36:57
Start date:	21/11/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM Steam.exe /F"
Imagebase:	0x7ff7618a0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre