Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
js8call-2.2.0-win32.exe

Overview

General Information

Sample name:js8call-2.2.0-win32.exe
Analysis ID:1486753
MD5:eae3cf1bf43009c0284e8fb9afbd6c09
SHA1:61cd8c30c01bd0856fe1648ef8b39b049174b8fa
SHA256:4b341bd6b9ab0dce7666c4a2782580d70e43ca2edec8ebe5c4af427f45111e9b
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Allocates memory in foreign processes
Writes to foreign memory regions
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64_ra
  • js8call-2.2.0-win32.exe (PID: 7136 cmdline: "C:\Users\user\Desktop\js8call-2.2.0-win32.exe" MD5: EAE3CF1BF43009C0284E8FB9AFBD6C09)
    • js8call.exe (PID: 5756 cmdline: "C:\Program Files (x86)\js8call\bin\js8call.exe" MD5: 41049A9AC0653172195373AC01B05F68)
      • js8.exe (PID: 1228 cmdline: "C:\Program Files (x86)\js8call\bin\js8" -s JS8Call -w 1 -m 3 -e "C:\Program Files (x86)\js8call\bin" -a C:\Users\user\AppData\Local\JS8Call -t C:\Users\user\AppData\Local\Temp\JS8Call MD5: 5ADCEEEB7315860CA5FD5C718994DBEE)
        • conhost.exe (PID: 2660 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: js8call-2.2.0-win32.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeWindow detected: < &BackI &AgreeCancelNullsoft Install System v3.0b1 Nullsoft Install System v3.0b1License AgreementPlease review the license terms before installing js8call.Press Page Down to see the rest of the agreement.GNU GENERAL PUBLIC LICENSE Version 3 29 June 2007Copyright (C) 2007 Free Software Foundation Inc.Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not allowed.Preamble The GNU General Public License is a free copyleft license for software and other kinds of works.The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast the GNU General Public License is intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free software for all its users. We the Free Software Foundation use the GNU General Public License for most of our software; it applies also to any other work released this way by its authors. You can apply it to your programs too.When we speak of free software we are referring to freedom not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish) that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs and that you know you can do these things.To protect your rights we need to prevent others from denying you these rights or asking you to surrender the rights. Therefore you have certain responsibilities if you distribute copies of the software or if you modify it: responsibilities to respect the freedom of others.For example if you distribute copies of such a program whether gratis or for a fee you must pass on to the recipients the same freedoms that you received. You must make sure that they too receive or can get the source code. And you must show them these terms so they know their rights.Developers that use the GNU GPL protect your rights with two steps: (1) assert copyright on the software and (2) offer you this License giving you legal permission to copy distribute and/or modify it.For the developers' and authors' protection the GPL clearly explains that there is no warranty for this free software. For both users' and authors' sake the GPL requires that modified versions be marked as changed so that their problems will not be attributed erroneously to authors of previous versions.Some devices are designed to deny users access to install or run modified versions of the software inside them although the manufacturer can do so. This is fundamentally incompatible with the aim of protecting users' freedom to change the software. The systematic pattern of such abuse occurs in the area of products for individuals to use which is precisely where it is most unacceptable. Therefore we have designed this version of the GPL to prohibit the practice for those products. If such problems ar
Source: js8call-2.2.0-win32.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile opened: C:\Users\user
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile opened: C:\Users\user\AppData\Roaming
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile opened: C:\Users\user\AppData
Source: global trafficUDP traffic: 192.168.2.16:52755 -> 52.44.76.40:50000
Source: global trafficHTTP traffic detected: GET /version.txt HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzip, deflateAccept-Language: en-CH,*User-Agent: Mozilla/5.0Host: files.js8call.com
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /version.txt HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzip, deflateAccept-Language: en-CH,*User-Agent: Mozilla/5.0Host: files.js8call.com
Source: global trafficDNS traffic detected: DNS query: report.pskreporter.info
Source: global trafficDNS traffic detected: DNS query: spot.js8call.com
Source: global trafficDNS traffic detected: DNS query: files.js8call.com
Source: js8call-2.2.0-win32.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engineClassification label: mal48.winEXE@5/55@3/12
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\Program Files (x86)\js8call
Source: C:\Program Files (x86)\js8call\bin\js8call.exeFile created: C:\Users\user\AppData\Local\JS8Call
Source: C:\Program Files (x86)\js8call\bin\js8.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2660:120:WilError_03
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\Users\user\AppData\Local\Temp\nsm1902.tmp
Source: js8call-2.2.0-win32.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile read: C:\Users\desktop.ini
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile read: C:\Users\user\Desktop\js8call-2.2.0-win32.exe
Source: unknownProcess created: C:\Users\user\Desktop\js8call-2.2.0-win32.exe "C:\Users\user\Desktop\js8call-2.2.0-win32.exe"
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeProcess created: C:\Program Files (x86)\js8call\bin\js8call.exe "C:\Program Files (x86)\js8call\bin\js8call.exe"
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess created: C:\Program Files (x86)\js8call\bin\js8.exe "C:\Program Files (x86)\js8call\bin\js8" -s JS8Call -w 1 -m 3 -e "C:\Program Files (x86)\js8call\bin" -a C:\Users\user\AppData\Local\JS8Call -t C:\Users\user\AppData\Local\Temp\JS8Call
Source: C:\Program Files (x86)\js8call\bin\js8.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess created: C:\Program Files (x86)\js8call\bin\js8.exe "C:\Program Files (x86)\js8call\bin\js8" -s JS8Call -w 1 -m 3 -e "C:\Program Files (x86)\js8call\bin" -a C:\Users\user\AppData\Local\JS8Call -t C:\Users\user\AppData\Local\Temp\JS8Call
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeSection loaded: apphelp.dll
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeSection loaded: version.dll
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeSection loaded: uxtheme.dll
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeSection loaded: shfolder.dll
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeSection loaded: windows.storage.dll
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeSection loaded: wldp.dll
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeSection loaded: propsys.dll
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeSection loaded: sspicli.dll
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeSection loaded: riched20.dll
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeSection loaded: usp10.dll
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeSection loaded: msls31.dll
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeSection loaded: textinputframework.dll
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeSection loaded: coremessaging.dll
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeSection loaded: ntmarta.dll
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeSection loaded: textshaping.dll
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeSection loaded: profapi.dll
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeSection loaded: linkinfo.dll
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeSection loaded: ntshrui.dll
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeSection loaded: srvcli.dll
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeSection loaded: cscapi.dll
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: qt5core.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: qt5gui.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: qt5multimedia.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: qt5network.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: qt5printsupport.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: qt5serialport.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: qt5widgets.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: libgcc_s_dw2-1.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: libwinpthread-1.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: libgfortran-3.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: libgomp-1.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: libstdc++-6.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: libfftw3f-3.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: libgcc_s_dw2-1.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: libstdc++-6.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: qt5gui.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: libgcc_s_dw2-1.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: mpr.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: libwinpthread-1.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: libgcc_s_dw2-1.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: libstdc++-6.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: libstdc++-6.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: libgcc_s_dw2-1.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: libgcc_s_dw2-1.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: libstdc++-6.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: qt5gui.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: libwinpthread-1.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: libstdc++-6.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: qt5gui.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: libstdc++-6.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: libquadmath-0.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: version.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: wintab32.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: qt5svg.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: devenum.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: winmmbase.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: mmdevapi.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: ksuser.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: avrt.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: audioses.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: powrprof.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: umpdc.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: msacm32.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: midimap.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: msdmo.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: dsound.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: quartz.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: dataexchange.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: d3d11.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: dcomp.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: dxgi.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: twinapi.appcore.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: textinputframework.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: coremessaging.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: ssleay32.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: ssleay32.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: libssl-10.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: libssl-10.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: libssl-8.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: libssl-8.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: libssl-7.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: libssl-7.dll
Source: C:\Program Files (x86)\js8call\bin\js8.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\js8call\bin\js8.exeSection loaded: qt5core.dll
Source: C:\Program Files (x86)\js8call\bin\js8.exeSection loaded: libgcc_s_dw2-1.dll
Source: C:\Program Files (x86)\js8call\bin\js8.exeSection loaded: libgfortran-3.dll
Source: C:\Program Files (x86)\js8call\bin\js8.exeSection loaded: libgomp-1.dll
Source: C:\Program Files (x86)\js8call\bin\js8.exeSection loaded: libstdc++-6.dll
Source: C:\Program Files (x86)\js8call\bin\js8.exeSection loaded: libfftw3f-3.dll
Source: C:\Program Files (x86)\js8call\bin\js8.exeSection loaded: libwinpthread-1.dll
Source: C:\Program Files (x86)\js8call\bin\js8.exeSection loaded: libwinpthread-1.dll
Source: C:\Program Files (x86)\js8call\bin\js8.exeSection loaded: libwinpthread-1.dll
Source: C:\Program Files (x86)\js8call\bin\js8.exeSection loaded: libquadmath-0.dll
Source: C:\Program Files (x86)\js8call\bin\js8.exeSection loaded: libwinpthread-1.dll
Source: C:\Program Files (x86)\js8call\bin\js8.exeSection loaded: mpr.dll
Source: C:\Program Files (x86)\js8call\bin\js8.exeSection loaded: version.dll
Source: C:\Program Files (x86)\js8call\bin\js8call.exeSection loaded: dxcore.dll
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeWindow detected: < &BackI &AgreeCancelNullsoft Install System v3.0b1 Nullsoft Install System v3.0b1License AgreementPlease review the license terms before installing js8call.Press Page Down to see the rest of the agreement.GNU GENERAL PUBLIC LICENSE Version 3 29 June 2007Copyright (C) 2007 Free Software Foundation Inc.Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not allowed.Preamble The GNU General Public License is a free copyleft license for software and other kinds of works.The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast the GNU General Public License is intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free software for all its users. We the Free Software Foundation use the GNU General Public License for most of our software; it applies also to any other work released this way by its authors. You can apply it to your programs too.When we speak of free software we are referring to freedom not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish) that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs and that you know you can do these things.To protect your rights we need to prevent others from denying you these rights or asking you to surrender the rights. Therefore you have certain responsibilities if you distribute copies of the software or if you modify it: responsibilities to respect the freedom of others.For example if you distribute copies of such a program whether gratis or for a fee you must pass on to the recipients the same freedoms that you received. You must make sure that they too receive or can get the source code. And you must show them these terms so they know their rights.Developers that use the GNU GPL protect your rights with two steps: (1) assert copyright on the software and (2) offer you this License giving you legal permission to copy distribute and/or modify it.For the developers' and authors' protection the GPL clearly explains that there is no warranty for this free software. For both users' and authors' sake the GPL requires that modified versions be marked as changed so that their problems will not be attributed erroneously to authors of previous versions.Some devices are designed to deny users access to install or run modified versions of the software inside them although the manufacturer can do so. This is fundamentally incompatible with the aim of protecting users' freedom to change the software. The systematic pattern of such abuse occurs in the area of products for individuals to use which is precisely where it is most unacceptable. Therefore we have designed this version of the GPL to prohibit the practice for those products. If such problems ar
Source: js8call-2.2.0-win32.exeStatic file information: File size 20165789 > 1048576
Source: js8call-2.2.0-win32.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\Program Files (x86)\js8call\bin\Qt5SerialPort.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\Program Files (x86)\js8call\bin\rigctld-local.exeJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\Program Files (x86)\js8call\bin\libgfortran-3.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\Program Files (x86)\js8call\plugins\imageformats\qmng.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\Program Files (x86)\js8call\bin\libgomp-1.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\Program Files (x86)\js8call\plugins\imageformats\qdds.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\Program Files (x86)\js8call\bin\rigctl-local.exeJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\Program Files (x86)\js8call\bin\Qt5Network.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\Program Files (x86)\js8call\plugins\audio\qtaudio_windows.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\Users\user\AppData\Local\Temp\nss1971.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\Program Files (x86)\js8call\plugins\imageformats\qtiff.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\Program Files (x86)\js8call\bin\Qt5PrintSupport.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\Program Files (x86)\js8call\bin\js8.exeJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\Users\user\AppData\Local\Temp\nss1971.tmp\StartMenu.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\Program Files (x86)\js8call\plugins\imageformats\qico.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\Program Files (x86)\js8call\bin\js8call.exeJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\Program Files (x86)\js8call\bin\libgcc_s_dw2-1.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\Program Files (x86)\js8call\Uninstall.exeJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\Program Files (x86)\js8call\plugins\imageformats\qwebp.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\Program Files (x86)\js8call\plugins\imageformats\qwbmp.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\Program Files (x86)\js8call\plugins\imageformats\qtga.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\Program Files (x86)\js8call\plugins\imageformats\qicns.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\Program Files (x86)\js8call\bin\libfftw3f-3.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\Users\user\AppData\Local\Temp\nss1971.tmp\nsDialogs.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\Program Files (x86)\js8call\bin\Qt5Svg.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\Users\user\AppData\Local\Temp\nss1971.tmp\UserInfo.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\Program Files (x86)\js8call\bin\libquadmath-0.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\Program Files (x86)\js8call\bin\libstdc++-6.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\Program Files (x86)\js8call\plugins\imageformats\qsvg.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\Program Files (x86)\js8call\bin\Qt5Gui.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\Program Files (x86)\js8call\bin\Qt5Core.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\Program Files (x86)\js8call\bin\Qt5Multimedia.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\Program Files (x86)\js8call\plugins\imageformats\qgif.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\Program Files (x86)\js8call\plugins\imageformats\qjp2.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\Program Files (x86)\js8call\plugins\platforms\qwindows.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\Program Files (x86)\js8call\plugins\imageformats\qjpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\Program Files (x86)\js8call\bin\Qt5Widgets.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\Program Files (x86)\js8call\bin\libwinpthread-1.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\js8call
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\js8call\JS8Call.lnk
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\js8call\JS8Call Web Site.url
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\js8call\Uninstall.lnk
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\js8call\bin\js8call.exeWindow / User API: foregroundWindowGot 624
Source: C:\Program Files (x86)\js8call\bin\js8.exeWindow / User API: threadDelayed 942
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeDropped PE file which has not been started: C:\Program Files (x86)\js8call\bin\Qt5SerialPort.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeDropped PE file which has not been started: C:\Program Files (x86)\js8call\bin\rigctld-local.exeJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeDropped PE file which has not been started: C:\Program Files (x86)\js8call\bin\libgfortran-3.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeDropped PE file which has not been started: C:\Program Files (x86)\js8call\plugins\imageformats\qmng.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeDropped PE file which has not been started: C:\Program Files (x86)\js8call\bin\libgomp-1.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeDropped PE file which has not been started: C:\Program Files (x86)\js8call\plugins\imageformats\qdds.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeDropped PE file which has not been started: C:\Program Files (x86)\js8call\bin\rigctl-local.exeJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeDropped PE file which has not been started: C:\Program Files (x86)\js8call\bin\Qt5Network.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeDropped PE file which has not been started: C:\Program Files (x86)\js8call\plugins\audio\qtaudio_windows.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss1971.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeDropped PE file which has not been started: C:\Program Files (x86)\js8call\plugins\imageformats\qtiff.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeDropped PE file which has not been started: C:\Program Files (x86)\js8call\bin\Qt5PrintSupport.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeDropped PE file which has not been started: C:\Program Files (x86)\js8call\bin\js8.exeJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeDropped PE file which has not been started: C:\Program Files (x86)\js8call\plugins\imageformats\qico.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss1971.tmp\StartMenu.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeDropped PE file which has not been started: C:\Program Files (x86)\js8call\bin\libgcc_s_dw2-1.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeDropped PE file which has not been started: C:\Program Files (x86)\js8call\Uninstall.exeJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeDropped PE file which has not been started: C:\Program Files (x86)\js8call\plugins\imageformats\qwebp.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeDropped PE file which has not been started: C:\Program Files (x86)\js8call\plugins\imageformats\qwbmp.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeDropped PE file which has not been started: C:\Program Files (x86)\js8call\plugins\imageformats\qtga.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeDropped PE file which has not been started: C:\Program Files (x86)\js8call\plugins\imageformats\qicns.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeDropped PE file which has not been started: C:\Program Files (x86)\js8call\bin\libfftw3f-3.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss1971.tmp\nsDialogs.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeDropped PE file which has not been started: C:\Program Files (x86)\js8call\bin\Qt5Svg.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeDropped PE file which has not been started: C:\Program Files (x86)\js8call\bin\libquadmath-0.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss1971.tmp\UserInfo.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeDropped PE file which has not been started: C:\Program Files (x86)\js8call\bin\libstdc++-6.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeDropped PE file which has not been started: C:\Program Files (x86)\js8call\plugins\imageformats\qsvg.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeDropped PE file which has not been started: C:\Program Files (x86)\js8call\bin\Qt5Gui.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeDropped PE file which has not been started: C:\Program Files (x86)\js8call\bin\Qt5Core.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeDropped PE file which has not been started: C:\Program Files (x86)\js8call\bin\Qt5Multimedia.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeDropped PE file which has not been started: C:\Program Files (x86)\js8call\plugins\imageformats\qgif.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeDropped PE file which has not been started: C:\Program Files (x86)\js8call\plugins\imageformats\qjp2.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeDropped PE file which has not been started: C:\Program Files (x86)\js8call\plugins\platforms\qwindows.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeDropped PE file which has not been started: C:\Program Files (x86)\js8call\plugins\imageformats\qjpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeDropped PE file which has not been started: C:\Program Files (x86)\js8call\bin\Qt5Widgets.dllJump to dropped file
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeDropped PE file which has not been started: C:\Program Files (x86)\js8call\bin\libwinpthread-1.dllJump to dropped file
Source: C:\Program Files (x86)\js8call\bin\js8.exe TID: 1428Thread sleep count: 942 > 30
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile Volume queried: C:\Program Files (x86) FullSizeInformation
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile Volume queried: C:\Program Files (x86) FullSizeInformation
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile opened: C:\Users\user
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile opened: C:\Users\user\AppData\Roaming
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeFile opened: C:\Users\user\AppData
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess information queried: ProcessInformation

HIPS / PFW / Operating System Protection Evasion

barindex
Allocates memory in foreign processes
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeMemory allocated: C:\Program Files (x86)\js8call\bin\js8call.exe base: B0000 protect: page read and write
Writes to foreign memory regions
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeMemory written: C:\Program Files (x86)\js8call\bin\js8call.exe base: B0000
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeMemory written: C:\Program Files (x86)\js8call\bin\js8call.exe base: 25F2D8
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeMemory written: C:\Program Files (x86)\js8call\bin\js8call.exe base: 2601E8
Source: C:\Program Files (x86)\js8call\bin\js8call.exeProcess created: C:\Program Files (x86)\js8call\bin\js8.exe "C:\Program Files (x86)\js8call\bin\js8" -s JS8Call -w 1 -m 3 -e "C:\Program Files (x86)\js8call\bin" -a C:\Users\user\AppData\Local\JS8Call -t C:\Users\user\AppData\Local\Temp\JS8Call
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\js8call-2.2.0-win32.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8call.exeQueries volume information: C:\Program Files (x86)\js8call\bin\qt.conf VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8call.exeQueries volume information: C:\Program Files (x86)\js8call\plugins\platforms\qwindows.dll VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8call.exeQueries volume information: C:\Program Files (x86)\js8call\plugins\imageformats\qdds.dll VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8call.exeQueries volume information: C:\Program Files (x86)\js8call\plugins\imageformats\qgif.dll VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8call.exeQueries volume information: C:\Program Files (x86)\js8call\plugins\imageformats\qicns.dll VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8call.exeQueries volume information: C:\Program Files (x86)\js8call\plugins\imageformats\qtga.dll VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8call.exeQueries volume information: C:\Program Files (x86)\js8call\plugins\imageformats\qwbmp.dll VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8call.exeQueries volume information: C:\Program Files (x86)\js8call\plugins\audio\qtaudio_windows.dll VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8call.exeQueries volume information: C:\Users\user\AppData\Local\JS8Call\ALL.TXT VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8call.exeQueries volume information: C:\Users\user\AppData\Local\JS8Call\ALL.TXT VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\JS8Call\timer.out VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: stderr VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\JS8Call\timer.out VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: stdout VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: stdin VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation
Source: C:\Program Files (x86)\js8call\bin\js8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\JS8Call\.lock VolumeInformation

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder		211
Process Injection		2
Masquerading		OS Credential Dumping1
Virtualization/Sandbox Evasion		Remote ServicesData from Local System1
Non-Standard Port		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
Registry Run Keys / Startup Folder		1
Virtualization/Sandbox Evasion		LSASS Memory1
Process Discovery		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
DLL Side-Loading		211
Process Injection		Security Account Manager1
Application Window Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDS2
File and Directory Discovery		Distributed Component Object ModelInput Capture12
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets12
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
js8call-2.2.0-win32.exe1%VirustotalBrowse
js8call-2.2.0-win32.exe0%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\nss1971.tmp\System.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nss1971.tmp\System.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\nss1971.tmp\UserInfo.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nss1971.tmp\UserInfo.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\nss1971.tmp\nsDialogs.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nss1971.tmp\nsDialogs.dll0%VirustotalBrowse
C:\Program Files (x86)\js8call\bin\Qt5Core.dll0%ReversingLabs
C:\Program Files (x86)\js8call\bin\Qt5Core.dll0%VirustotalBrowse
C:\Program Files (x86)\js8call\bin\Qt5Gui.dll0%ReversingLabs
C:\Program Files (x86)\js8call\bin\Qt5Gui.dll0%VirustotalBrowse
C:\Program Files (x86)\js8call\bin\Qt5Multimedia.dll0%ReversingLabs
C:\Program Files (x86)\js8call\bin\Qt5Multimedia.dll0%VirustotalBrowse
C:\Program Files (x86)\js8call\bin\Qt5Network.dll0%ReversingLabs
C:\Program Files (x86)\js8call\bin\Qt5Network.dll0%VirustotalBrowse
C:\Program Files (x86)\js8call\bin\Qt5PrintSupport.dll0%ReversingLabs
C:\Program Files (x86)\js8call\bin\Qt5PrintSupport.dll0%VirustotalBrowse
C:\Program Files (x86)\js8call\bin\Qt5SerialPort.dll0%ReversingLabs
C:\Program Files (x86)\js8call\bin\Qt5SerialPort.dll0%VirustotalBrowse
C:\Program Files (x86)\js8call\bin\Qt5Svg.dll0%ReversingLabs
C:\Program Files (x86)\js8call\bin\Qt5Svg.dll0%VirustotalBrowse
C:\Program Files (x86)\js8call\bin\Qt5Widgets.dll0%ReversingLabs
C:\Program Files (x86)\js8call\bin\Qt5Widgets.dll0%VirustotalBrowse
C:\Program Files (x86)\js8call\bin\js8.exe2%ReversingLabs
C:\Program Files (x86)\js8call\bin\js8.exe0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\nss1971.tmp\StartMenu.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nss1971.tmp\StartMenu.dll0%VirustotalBrowse
C:\Program Files (x86)\js8call\Uninstall.exe4%ReversingLabs
C:\Program Files (x86)\js8call\Uninstall.exe1%VirustotalBrowse
C:\Program Files (x86)\js8call\bin\js8call.exe2%ReversingLabs
C:\Program Files (x86)\js8call\bin\js8call.exe2%VirustotalBrowse
C:\Program Files (x86)\js8call\bin\libfftw3f-3.dll0%ReversingLabs
C:\Program Files (x86)\js8call\bin\libfftw3f-3.dll0%VirustotalBrowse
C:\Program Files (x86)\js8call\bin\libgcc_s_dw2-1.dll0%ReversingLabs
C:\Program Files (x86)\js8call\bin\libgfortran-3.dll0%ReversingLabs
C:\Program Files (x86)\js8call\bin\libgomp-1.dll0%ReversingLabs
C:\Program Files (x86)\js8call\bin\libquadmath-0.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
spot.js8call.com
52.44.76.40
truefalse
    		unknown
    s3-website.us-east-1.amazonaws.com
    		16.182.102.5
    		truefalse
      		unknown
      report.pskreporter.info
      		74.116.41.13
      		truefalse
        		unknown
        files.js8call.com
        		unknown
        		unknownfalse
          		unknown

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          52.44.76.40
          		spot.js8call.comUnited States
          		14618AMAZON-AESUSfalse
          16.182.102.5
          		s3-website.us-east-1.amazonaws.comUnited States
          		unknownunknownfalse

          Private

          IP
          127.0.0.1

          General Information

          Joe Sandbox version:40.0.0 Tourmaline
          Analysis ID:1486753
          Start date and time:2024-08-02 14:06:26 +02:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:defaultwindowsinteractivecookbook.jbs
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:18
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • EGA enabled
          Analysis Mode:stream
          Analysis stop reason:Timeout
          Sample name:js8call-2.2.0-win32.exe
          Detection:MAL
          Classification:mal48.winEXE@5/55@3/12
          Cookbook Comments:
          • Found application associated with file extension: .exe

          Warnings

          • Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, svchost.exe
          • Excluded domains from analysis (whitelisted): fs.microsoft.com
          • Not all processes where analyzed, report is missing behavior information
          • Report size getting too big, too many NtOpenKeyEx calls found.
          • Report size getting too big, too many NtProtectVirtualMemory calls found.
          • Report size getting too big, too many NtQueryValueKey calls found.
          • VT rate limit hit for: C:\Program Files (x86)\js8call\bin\libgcc_s_dw2-1.dll

          Created / dropped Files

          C:\Program Files (x86)\js8call\Uninstall.exe

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
          Category:dropped
          Size (bytes):375215
          Entropy (8bit):4.444391363280649
          Encrypted:false
          SSDEEP:
          MD5:CDC67BB4EA9978D71AAAE0BFB803BA65
          SHA1:06770DA9C9E7AA504A470A2AD05688843EE7A895
          SHA-256:6E96A888EFE1EB00BA12B729B58423753FD5B2AC19D48D0C629DC3CCD4292D90
          SHA-512:A64DBFC50DF4A98D540F0A62D50D68057F04E4C0C4C1D55D5CC90E14F04DA2B0396B3DAA116DF064120E72D62CB1959D2B12501CEB972E89F302647F0C77D57A
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 4%
          • Antivirus: Virustotal, Detection: 1%, Browse
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1p.:u..iu..iu..i...iw..iu..i...i...id..i!2.i...i...it..iRichu..i........PE..L....n3T.................\...........0.......p....@.......................................@..................................s..........(............................................................................p...............................text...|Z.......\.................. ..`.rdata.......p.......`..............@..@.data...............r..............@....ndata.......@...........................rsrc...(............v..............@..@................................................................................................................................................................................................................................................................................................................................................................

          C:\Program Files (x86)\js8call\bin\Qt5Core.dll

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
          Category:dropped
          Size (bytes):5385216
          Entropy (8bit):6.74394248132489
          Encrypted:false
          SSDEEP:
          MD5:9994E23112ECF1ECAA0DE86D9C381C83
          SHA1:43752C1F80038732AAB4ACF4F3A12C6F14EDDDA3
          SHA-256:332C0C6F5E90702CB46CC3E95E09C134480404AD3B8024074D81EDE9624B59B4
          SHA-512:D7A323CB1F09ED2AE54848BC81D027BCF5A4480916E24E42AF38AA621DA55474CCC46381726BB2E91E1787F65B0CFAD72DF495DB00695A5F51C85216A3972552
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          • Antivirus: Virustotal, Detection: 0%, Browse
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._gzw...........#......+..(R..@.. ........ +....h..........................R......hR....... ......................@M.h....PQ.x%....Q.4.....................Q..+............................Q......................VQ..............................text.....+.......+.................`.P`.data...x.... +.......+.............@.p..rdata..ph...@+..j....+.............@.p@.eh_framDK....E..L....E.............@.0@.bss.....>....M.......................p..edata..h....@M.......L.............@.0@.idata..x%...PQ..&....P.............@.0..CRT....,.....Q.......P.............@.0..tls.... .....Q.......P.............@.0..rsrc...4.....Q.......P.............@.0..reloc...+....Q..,....Q.............@.0B........................................................................................................................................................................................

          C:\Program Files (x86)\js8call\bin\Qt5Gui.dll

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
          Category:dropped
          Size (bytes):5330432
          Entropy (8bit):6.574689142202221
          Encrypted:false
          SSDEEP:
          MD5:9AA29964A972CBAA7EF43BC2A6238EA1
          SHA1:43A2B12949D2D5A9554CEB69AB48085824B8FE4E
          SHA-256:643155C5664D1DC79B868D3A6466242D465290F01E1FEE4C942AE0B9227BFB9D
          SHA-512:32164A3177D5384B57ABBCE3F4731FE09CA4CE9FA36AFD7670B40242914AFF56730A721182C52BD6646328988CA9CC730562E7F988EDFD0ED4C7CDBAF873F273
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          • Antivirus: Virustotal, Detection: 0%, Browse
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#......8..RQ..B.. .........8....a..........................R.....t.Q....... .......................I.......O.....PP.4....................`P.L............................@P.....................4.O..............................text...h.8.......8.................`.P`.data...$(....8..*....8.............@.p..rdata..8.....9.......8.............@.p@.eh_fram<.....>.......>.............@.0@.bss....`@....I.......................p..edata........I.......I.............@.0@.idata.......O.......O.............@.0..CRT....,....0P.......O.............@.0..tls.... ....@P.......O.............@.0..rsrc...4....PP.......O.............@.0..reloc..L....`P.......O.............@.0B........................................................................................................................................................................................

          C:\Program Files (x86)\js8call\bin\Qt5Multimedia.dll

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
          Category:dropped
          Size (bytes):799744
          Entropy (8bit):6.322876041085583
          Encrypted:false
          SSDEEP:
          MD5:8A6C07F6E69C51B3991BAA1B9AE70011
          SHA1:282EA2771B50EC1AF3CC576BC9096C0845C3FA12
          SHA-256:D791FD083E739E07EF04EC7C6C058B0A2A08970E64612FE2B5720B0635BFB246
          SHA-512:1B7BDB9C9329204A44BF0BE674AAD16C12E72CC4AC5D8AEEF5294C32760451EC9282C58DF7F42E8142009D84A77AE0593500E5E12646726E46D2743AA4167CB7
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          • Antivirus: Virustotal, Detection: 0%, Browse
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.........0...... .............Hk.................................(........ .........................L........;... ..@....................0...`......................................................l............................text...............................`.P`.data...............................@.@..rdata....... ......................@.p@.eh_fram............................@.0@.bss..................................`..edata..L...........................@.0@.idata...;.......<..................@.0..CRT....,...........................@.0..tls.... ...........................@.0..rsrc...@.... ......................@.0..reloc...`...0...b..................@.0B........................................................................................................................................................................................

          C:\Program Files (x86)\js8call\bin\Qt5Network.dll

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
          Category:dropped
          Size (bytes):1527296
          Entropy (8bit):6.414161240150744
          Encrypted:false
          SSDEEP:
          MD5:EBB5BFBD2FFAEACB36A81FA97CD4E361
          SHA1:BB10D28DA1985B086C070DFCB63FAF60D1AE1F2C
          SHA-256:56D3602E34E60F1282BD4304E8783AE437FB2D92752E6385D39454AF7BDECA7E
          SHA-512:919788A09EFFF05920DDA6E12B93DD5B2AE7E495A3710FF7D7E030804C701C973036917762A1E8741986CD38B6DD53DFEE55130B55AAF511AF2A37E4066E9580
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          • Antivirus: Virustotal, Detection: 0%, Browse
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.........J...6.. .............pi.......................................... .........................`........~... ..<....................0......................................................T................................text...L...........................`.P`.data...@...........................@.@..rdata..............................@.p@.eh_fram.d.......d..................@.0@.bss....`5...@........................p..edata..`...........................@.0@.idata...~..........................@.0..CRT....,...........................@.0..tls.... ...........................@.0..rsrc...<.... ......................@.0..reloc.......0......................@.0B........................................................................................................................................................................................

          C:\Program Files (x86)\js8call\bin\Qt5PrintSupport.dll

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
          Category:dropped
          Size (bytes):357888
          Entropy (8bit):6.691822016135488
          Encrypted:false
          SSDEEP:
          MD5:74A2FA28A6FA4B445F04C05E22D9463F
          SHA1:9278074CD8B5DC327F2790DDA707A05A2A60B885
          SHA-256:9B3E86990BBF05B7FE7B016373A5F548E43D8B4835B1DA6269766417DD599B3A
          SHA-512:1DFD769EB06D0B8C575D2B4C58C8C0744186A2CABF17354F913A2220027A9B157A33027DAAC10B209C4912AC985DB646AADBA2079C3AFF3A4C26BF0C41756BED
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          • Antivirus: Virustotal, Detection: 0%, Browse
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.........r...... ..............m.................................@........ ..........................a..............D.......................|+...................................................................................text...............................`.P`.data...............................@.@..rdata..............................@.p@.eh_fram4...........................@.0@.bss..................................`..edata...a.......b...F..............@.0@.idata..............................@.0..CRT....,............B..............@.0..tls.... ............D..............@.0..rsrc...D............F..............@.0..reloc..|+.......,...J..............@.0B........................................................................................................................................................................................

          C:\Program Files (x86)\js8call\bin\Qt5SerialPort.dll

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
          Category:dropped
          Size (bytes):86016
          Entropy (8bit):6.120362136598485
          Encrypted:false
          SSDEEP:
          MD5:563DCA82169FB9284A48960E951132C9
          SHA1:0A2554843996448D67CA9204422FAC629D396C9C
          SHA-256:7ADE27AC202BD3927579DC615E2608369A07D4286CF3D2C04515B4312E60A01E
          SHA-512:F1F4541DC8E2B47B9BBD9DAFCF9C3A56377F327DA8B573CFF8CF14F700EFC4266F7C5CBC42740BFCEAC45271C447871D6125B9725100349B591D64F3C2041667
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          • Antivirus: Virustotal, Detection: 0%, Browse
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.........L...... ..............e................................A......... ......................P.......p..T.......@...........................................................................4s...............................text...............................`.P`.data...4...........................@.0..rdata... ....... ..................@.p@.eh_fram@0.......2..................@.0@.bss.........@........................`..edata.......P......................@.0@.idata..T....p.......&..............@.0..CRT....,............@..............@.0..tls.... ............B..............@.0..rsrc...@............D..............@.0..reloc...............H..............@.0B........................................................................................................................................................................................

          C:\Program Files (x86)\js8call\bin\Qt5Svg.dll

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
          Category:dropped
          Size (bytes):331776
          Entropy (8bit):6.507939041620409
          Encrypted:false
          SSDEEP:
          MD5:E25BFD0D6ABC4F87ECDEC70BC51FC7A9
          SHA1:FAFB10832B91412D255F59037017558DCB8D5E3C
          SHA-256:DB354712A22D2DF19D0D3C3FFC386197B9B1D1FF3093609E520E5B762749C74E
          SHA-512:A320EE861BC55C63B372D4EBBF61659B048BFE233CEBDB93478804F112B94A08EA01975AEA9420C76AC1CE558B805EC8A60A6757821BC2B25F9A5A3115988FDC
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          • Antivirus: Virustotal, Detection: 0%, Browse
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#................ ........@....tg................................)......... ......................`...O......|j...@..4....................P...&...........................0.......................................................text....,..........................`.P`.data...d....@.......2..............@.0..rdata..dF...P...H...4..............@.p@.eh_framX............|..............@.0@.bss.........P........................`..edata...O...`...P...$..............@.0@.idata..|j.......l...t..............@.0..CRT....,.... ......................@.0..tls.... ....0......................@.0..rsrc...4....@......................@.0..reloc...&...P...(..................@.0B........................................................................................................................................................................................

          C:\Program Files (x86)\js8call\bin\Qt5Widgets.dll

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
          Category:dropped
          Size (bytes):6541312
          Entropy (8bit):6.642719646894915
          Encrypted:false
          SSDEEP:
          MD5:CE28C2432F00CBA4A8C696325557F1A2
          SHA1:421727E981F5E04BDF2E1BFDA7A13A86A46749BA
          SHA-256:CA28B3A64023E2E91F508A17255CF44E5F573801E29D4A51AB340A7A060C8F90
          SHA-512:2D22687D19954A7DE7C523A0A290109D816AC60A3BD5F33ABD3782E59A124BB8D76B69F2F7B7EF525E2537A9E8DC27C99F6B8C019A5F4675F4ADD27C2B7BA25B
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          • Antivirus: Virustotal, Detection: 0%, Browse
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#......>...c..... .........>....a.........................Pd......|d....... .......................Y.`m...p_.......a.<.....................a.,.............................a.....................X._..&...........................text...h.>.......>.................`.P`.data.........>.......>.............@.p..rdata.. .....>.......>.............@.p@.eh_fram......J.......J.............@.0@.bss..........X.......................p..edata..`m....Y..n....X.............@.0@.idata.......p_......2_.............@.0..CRT....,....pa......$a.............@.0..tls.... .....a......&a.............@.0..rsrc...<.....a......(a.............@.0..reloc..,.....a......,a.............@.0B........................................................................................................................................................................................

          C:\Program Files (x86)\js8call\bin\js8.exe

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:PE32 executable (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):786348
          Entropy (8bit):5.53251039518299
          Encrypted:false
          SSDEEP:
          MD5:5ADCEEEB7315860CA5FD5C718994DBEE
          SHA1:9836D5C0CCA4A4385CB4771D195725673C175E6B
          SHA-256:B8992386BA6210F697748678B3BCA1D185800AB1EF4A5C1B0C6C0B28A705122A
          SHA-512:DE79E3F7BC966B311F17D2E8C0324B06CB8C6F77F0FD8405326E7DD8F6291CD779A5CC218F095378E3E5A661691F86536528AE404D14147655B0C22BC0A30807
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 2%
          • Antivirus: Virustotal, Detection: 0%, Browse
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.................................................@..........................P+............... ..............................@&.......&.<|...................................................p&......................B&.<............................text...............................`.P`.data....b.......d..................@.p..rdata..8....0......................@.p@/4......()... ...*..................@.0@.bss.........P........................p..idata.......@&......*..............@.0..CRT....4....`&......>..............@.0..tls.... ....p&......@..............@.0..rsrc...<|....&..~...B..............@.0./14.....8.....+.....................@.@B/29...........+.....................@..B/41.......... +.....................@..B/55..........0+.....................@..B/67.....8....@+.....................@.0B................................................................

          C:\Program Files (x86)\js8call\bin\js8call.exe

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):35701672
          Entropy (8bit):4.441398131043771
          Encrypted:false
          SSDEEP:
          MD5:41049A9AC0653172195373AC01B05F68
          SHA1:7E192232FE5DBB447938802A3A84B698FEA665F9
          SHA-256:03FD819408549B3D049CE8C8CCCF64F282DBD3EF2D439B7F79643513035A6702
          SHA-512:91F49A9B78FCD94235866CAE9F02474F5F468C7CA62A415A2485449DCE2E26F7A00EC008710A44BCD43E93D3F505ED0341557ED01189AB05E876FCDA47D532D3
          Malicious:true
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 2%
          • Antivirus: Virustotal, Detection: 2%, Browse
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...`>?......9............O...................O...@..................................]!.................................................<|.............................................................................. )...........................text.....O.......O.................`.P`.data........O......O.............@.p..rdata..H....p.......X..............@.p@/4..........@......................@.0@.bss.... .............................p..edata..............................@.0@.idata..............................@.0..CRT....4...........................@.0..tls.... ...........................@.0..rsrc...<|.......~..................@.0..reloc...............X..............@.0B/14.....8....@......................@.@B/29..........P......................@..B/41..........`......................@..B/55..........p......................@..B/67.....8...............

          C:\Program Files (x86)\js8call\bin\libfftw3f-3.dll

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):2312789
          Entropy (8bit):6.24616796436731
          Encrypted:false
          SSDEEP:
          MD5:42A0A22EAC3B3D8D728C70E0EE5B5B28
          SHA1:6252FCFE47B706FDE875AA1D6CE0C25C86D731CD
          SHA-256:554B77DF210E85252F20E6E611A1DEBEFFF5F64756BCC35E04072B754E4E795A
          SHA-512:FC096AFE495B0BC74CDE8586B5239B8CE562D7CB007016F40E7F82FD7E94B8647BDFBAB7270C2155EB861E2A09870296B94BB130A3F4D27A89AB258BB00CAB56
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          • Antivirus: Virustotal, Detection: 0%, Browse
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....$S.....7.....!................ .............tc.................................T#....... ......................`..........................................H...................................................8................................text...4...........................`.P`.data...............................@.`..rdata...m.......n..................@.`@.bss....4....P........................`..edata.......`.......,..............@.0@.idata...............J..............@.0..CRT....,............R..............@.0..tls.... ............T..............@.0..reloc..H............V..............@.0B/4...........p......................@.@B/19.....:e.......f..................@..B/31..................~..............@..B/45.................................@..B/57..........0......................@.0B/70..........@......................@..B/81..........P..........

          C:\Program Files (x86)\js8call\bin\libgcc_s_dw2-1.dll

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
          Category:dropped
          Size (bytes):119822
          Entropy (8bit):6.3909187174348965
          Encrypted:false
          SSDEEP:
          MD5:FADDE43C97607E4445A6F924D851F04E
          SHA1:36C1AA0E1B6D4A322C350F5E502C10C64C203041
          SHA-256:F0614835136413217ED3BAEC9BA22AAAC4C37956AFCB0209F1F89B7676AE86BC
          SHA-512:66F5637419F88070838ED522DEFAD9AA1B46DD4FD8CB045E0292742831520740D152795B6E99770F34061DB596019EF3A342A956B541180E78D1C48B2703F42C
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.....V.......... ........p.....n.........................@......<;........ ........................._....................................0............................... .......................................................text...HT.......V..................`.P`.data........p.......Z..............@.0..rdata...).......*...\..............@.p@/4......4........0..................@.0@.bss....8.............................`..edata.._...........................@.0@.idata..............................@.0..CRT....,...........................@.0..tls.... .... ......................@.0..reloc.......0......................@.0B................................................................................................................................................................................................................................

          C:\Program Files (x86)\js8call\bin\libgfortran-3.dll

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
          Category:dropped
          Size (bytes):1146894
          Entropy (8bit):6.440603240113732
          Encrypted:false
          SSDEEP:
          MD5:DDFAD7EECF24CC20A4D44A754B097DFD
          SHA1:DD8636E10E17DC1D9C7315AE868DF911160329A7
          SHA-256:DA4A1B1309EF36BEACD20AEF3863F31BE71555A3272F4BB91DAB9D71E4198940
          SHA-512:5BB97495D4BD4EF4F3BFB176E97276C4F8A3A1FE448FBB6223BC2552B51EC56F82C6F6F245B0F2A951436A3D15D2535E51A3D8C92EC251A5CAD06616C523D4E8
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....0.............#.........|...... .............`o......................... ................ .................................(...............................hA......................................................T............................text...............................`.P`.data...............................@.p..rdata....... ......................@.p@/4......X.... ......................@.0@.bss..................................`..edata..............................@.0@.idata..(............$..............@.0..CRT....,............:..............@.0..tls.... ............<..............@.0..reloc..hA.......B...>..............@.0B................................................................................................................................................................................................................................

          C:\Program Files (x86)\js8call\bin\libgomp-1.dll

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
          Category:dropped
          Size (bytes):88590
          Entropy (8bit):6.3296578511496
          Encrypted:false
          SSDEEP:
          MD5:A1FB590C2F7846115C2C4FDAC9EC4658
          SHA1:87041FE59E6270D11971CC5A66D286F2ACC51ABD
          SHA-256:9567D12A2AF448D82137577B0B70441ABEABBE4AD0B2C176AD2062CA874C58DD
          SHA-512:62B15B76FCC80FFAF2F5B87974E70CB6E5615AE7A7953CF204328DC9B7D8C124EE1704B191AA171E0F23B7C3441923ECA6FB3BE64EF466D84E3CAE9F9F318FA6
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........Z.........#.........V...... .............`c................................KY........ ......................`...$......t.......................................................................................L............................text...............................`.P`.data...............................@.`..rdata..L...........................@.p@/4........... ...0..................@.0@.bss....$....P........................`..edata...$...`...&..................@.0@.idata..t............D..............@.0..CRT....,............N..............@.0..tls.... ............P..............@.0..reloc...............R..............@.0B................................................................................................................................................................................................................................

          C:\Program Files (x86)\js8call\bin\libquadmath-0.dll

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
          Category:dropped
          Size (bytes):479758
          Entropy (8bit):5.889944399482274
          Encrypted:false
          SSDEEP:
          MD5:871478B13F667A0E18D30D2850D7973C
          SHA1:3C1A299C811AEB5474688C706E35FA4DEFBA5017
          SHA-256:6CBD8FE28F8B5A4DC07C062018CD1FDFAE35633863046901BF13727E2973EB6D
          SHA-512:ED2ED1D52A38A0D6CE7A4BE0F3231CD30DBD37A8DBC3FA2899D9F4F5AB557831BBBD3F9A494B0C4C1E450CAD1B9DDA769C6AD0F94B61F83B6299DBD87BE6E87E
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...i..P.R.........#.........N...... ..............l................................2......... ......................p..........L.......................................................................................8............................text...4...........................`.P`.data...............................@.p..rdata...4.......6..................@.p@/4......@6... ...8..................@.0@.bss.........`........................`..edata.......p......................@.0@.idata..L............8..............@.0..CRT....,............B..............@.0..tls.... ............D..............@.0..reloc...............F..............@.0B................................................................................................................................................................................................................................

          C:\Program Files (x86)\js8call\bin\libstdc++-6.dll

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
          Category:dropped
          Size (bytes):1026062
          Entropy (8bit):6.4304256270205205
          Encrypted:false
          SSDEEP:
          MD5:C283D446B34E75019B81D0981CB11F0D
          SHA1:A6E146975DFC55B0659D09E25B9A69F7CFF993DC
          SHA-256:F6530962659D0641236A42517A30DC55C4FCB7D30E942C3E820AF343798A770D
          SHA-512:EB51969A79EE4501C955A81CEC9F07E9A39007C1EA69C5021E03EBF3B640D949E19F6E0CD7AF969E80EC60EA6B8477804FB76DEEC2704DB503E72906103FEA63
          Malicious:false
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#................ ..............o.......................................... .........................5g...... ................................O......................................................H............................text...............................`.P`.data....i.......j..................@.p..rdata.......`.......B..............@.p@/4...........@......................@.0@.bss..................................`..edata..5g.......h..................@.0@.idata.. ............B..............@.0..CRT....,............T..............@.0..tls.... ............V..............@.0..reloc...O.......P...X..............@.0B................................................................................................................................................................................................................................

          C:\Program Files (x86)\js8call\bin\libwinpthread-1.dll

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
          Category:dropped
          Size (bytes):49152
          Entropy (8bit):6.198246444448612
          Encrypted:false
          SSDEEP:
          MD5:D128AE39A79E5D196FC001907B5EC3D1
          SHA1:71DE74D0AA93903E0A169C88FD21E0C617F0660A
          SHA-256:4195AC1E3A4A8056DE42C31D511E0E595772439ADBA96180B8953EF5F135F7A5
          SHA-512:5B32EB7E2F01FB17ED0C4434A525AE3056ACDDDE75C32C5036C18B6F2FFA4CF80CFEE9BAB4C824CA313E6E33114EA0E761DC8F75DB3BBBBE4319C079848A3C06
          Malicious:false
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..............#................ ..............d.........................@.......j........ .................................P.... ..P....................0..........................................................D............................text...............................`.P`.data...T...........................@.0..rdata..............................@.0@.bss..................................`..edata..............................@.0@.idata..P...........................@.0..CRT....0...........................@.0..tls.... ...........................@.0..rsrc...P.... ......................@.0..reloc.......0......................@.0B................................................................................................................................................................................................................................

          C:\Program Files (x86)\js8call\bin\qt.conf

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:MS-DOS MSDOS.SYS
          Category:dropped
          Size (bytes):31
          Entropy (8bit):4.15565155225257
          Encrypted:false
          SSDEEP:
          MD5:AA8C8221C3D9E6E75527082B97F141DD
          SHA1:BE090BBCE50BBBA1A84D2BB9D16BB49A36713C7C
          SHA-256:7631DC6ED353648A8C09EF9BC04300154476F2A5F30D2F31C6F70C13ABF10A25
          SHA-512:CC3D24F7943A3E37FBDF09AAEF923B152142457CD0E2928CE17C81A7C2FEE349E6CD6C904629323188B6B20D50996504CBE7028D32288500BFDE802A32EFCC60
          Malicious:false
          Reputation:unknown
          Preview:[Paths]..Plugins = ../plugins..

          C:\Program Files (x86)\js8call\bin\rigctl-local.exe

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
          Category:dropped
          Size (bytes):7312398
          Entropy (8bit):2.2969831401742367
          Encrypted:false
          SSDEEP:
          MD5:D8538E85D15228D0FB5F1D68E4D28635
          SHA1:05C7DD185D25E814DE0BD19A2AD6EA7953BB0114
          SHA-256:3709701D5A4FB915251CBC2C05FB4610815B480CA10C2EBCAC920D6294F392F1
          SHA-512:BC862637BD0A3B22CD2272646A857BCDEBA9FFB0760F253B2A3487F9D3753946F83D9D5135EC31FE0897BEAA151FFDBC4CDC0A6DE9210EDC8D3DA271EE440AB8
          Malicious:false
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p.....o...................o...................@.......................... p.......o....... ......................pn.......n.H.............................n..T............................n.....................p.n..............................text...............................`.P`.data...P...........................@.p..rdata....Q.......Q..t..............@.p@/4......|....@k.......k.............@.0@.bss.........Pn.......................p..edata.......pn.......n.............@.0@.idata..H.....n......&n.............@.0..CRT....4.....n......:n.............@.0..tls.... .....n......<n.............@.0..reloc...T....n..V...>n.............@.0B................................................................................................................................................................................................................................

          C:\Program Files (x86)\js8call\bin\rigctld-local.exe

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
          Category:dropped
          Size (bytes):7319054
          Entropy (8bit):2.3008579488071454
          Encrypted:false
          SSDEEP:
          MD5:88517AAFDB43A3C08756DBA167461136
          SHA1:D94A79B4FF1247545490B188FAFD79D80F827B60
          SHA-256:D9003B386B8881AD26912EDA33160F64C3C55FF2E9595066EAF88CE51AA7A8C6
          SHA-512:15A4D52954491F8275AAB7D5A41B604385BBE077F2FBFFF54E4FDE927B18594DBD0B90620D489852B023248D3DE10844D6DB5966C210B741A1B3EDB2C6E188A4
          Malicious:false
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.........o...................o...................@..........................0p.....`Mp....... .......................n.......n...............................n.(U............................n.......................n..............................text...............................`.P`.data...............................@.p..rdata....Q.......Q.................@.p@/4...........Pk......4k.............@.0@.bss.........`n.......................p..edata........n......8n.............@.0@.idata........n......@n.............@.0..CRT....4.....n......Tn.............@.0..tls.... .....n......Vn.............@.0..reloc..(U....n..V...Xn.............@.0B................................................................................................................................................................................................................................

          C:\Program Files (x86)\js8call\plugins\audio\qtaudio_windows.dll

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
          Category:dropped
          Size (bytes):82944
          Entropy (8bit):6.554543384589339
          Encrypted:false
          SSDEEP:
          MD5:00D7D6E299E5D01EE4132F77874BAA55
          SHA1:A4FE392BBE1ED09095C35F64912CB78402B8F244
          SHA-256:B54813EB2A51D71AB0667EA994C11CB8CF6D48CE1AEB72C3A313BCAA8A03355F
          SHA-512:FD0FC585092B0A9BE8DA8BC7109E06F2751BA84C1E033046C1D007F1192D2A8F8D9E150CF8A03FC28D9A7BD1F59A397E9DE1ABA494F82E5910D15C75F597A550
          Malicious:false
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.....t...@...... ..............l.......................................... ......................`..|....p..T.......D............................................................................s...............................text....s.......t..................`.P`.data................x..............@.0..rdata..(h.......j...z..............@.p@.qtmetad............................@.p@.eh_fram (... ...*..................@.0@.bss.........P........................`..edata..|....`......................@.0@.idata..T....p... ..................@.0..CRT....,............2..............@.0..tls.... ............4..............@.0..rsrc...D............6..............@.0..reloc...............:..............@.0B................................................................................................................................................

          C:\Program Files (x86)\js8call\plugins\imageformats\qdds.dll

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
          Category:dropped
          Size (bytes):58880
          Entropy (8bit):6.200429169538795
          Encrypted:false
          SSDEEP:
          MD5:FF59DEC739D60604197688EF9127C9F6
          SHA1:B2FDE2EFA0B2F60DF5904B062752C7A842A21E2B
          SHA-256:8E41ADC5BFCA597C18EA1C7A99771EA2B33DB2A218686E8B313FECF14EC3FF1E
          SHA-512:FFDB2C9C0358A20330CDFC4B1D7ECCEDE6A9246424EFC62D9F131A0AAE36C64E8BDB76A06B859775F42CAA720DE312949A13556AF35710B867745C011501E4F8
          Malicious:false
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#................ ..............p.......................................... .........................q.... .......`..0....................p..p............................P......................."...............................text...h...........................`.P`.data...4...........................@.0..rdata..............................@.p@.qtmetad@...........................@.p@.eh_fram............................@.0@.bss..................................`..edata..q...........................@.0@.idata....... ......................@.0..CRT....,....@......................@.0..tls.... ....P......................@.0..rsrc...0....`......................@.0..reloc..p....p......................@.0B................................................................................................................................................

          C:\Program Files (x86)\js8call\plugins\imageformats\qgif.dll

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
          Category:dropped
          Size (bytes):33280
          Entropy (8bit):5.923942573859847
          Encrypted:false
          SSDEEP:
          MD5:893E78AFD9078F6F6D1D3A371E29D25F
          SHA1:4DCBC9C8A1520996895E541035323FE0F580B83F
          SHA-256:F465E8C64168D96FFC4FE6B31D1F0547137DAB51F9D74A6A12B754363C3E191C
          SHA-512:A26204E75C7E56588C503BB9D70969490239A57C1A81D9275526300567558C5A7D89F23B8323F0A985C11EAF621E4D3C7597E27FA76C95DDC5B11A8EFF48FF1C
          Malicious:false
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.....B...~...... ........`.....a................................$......... .........................q...............0...........................................................................,................................text...h@.......B..................`.P`.data...4....`.......F..............@.0..rdata.......p.......H..............@.p@.qtmetad@............R..............@.p@.eh_fram.............T..............@.0@.bss..................................`..edata..q............d..............@.0@.idata...............f..............@.0..CRT....,............v..............@.0..tls.... ............x..............@.0..rsrc...0............z..............@.0..reloc...............~..............@.0B................................................................................................................................................

          C:\Program Files (x86)\js8call\plugins\imageformats\qicns.dll

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
          Category:dropped
          Size (bytes):46592
          Entropy (8bit):6.058620800681505
          Encrypted:false
          SSDEEP:
          MD5:BE11098A8785C294B1A47DFDCF5FEE9A
          SHA1:2E39FA6182776F1144D483616850EB1D58FF041F
          SHA-256:9482F7C8968B5F71E08A03304589ECB10447CB2B822C31A43D3F5F71DCDD7603
          SHA-512:C0AE8032B5FA57547A03D7AE93616DFC1A4B7B54E17BD31DBD2714FD25E57F60859463C36DA88BBC4533972BC496A63DC718D1D2C31C6DD10EEA3E2F76BF43F4
          Malicious:false
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.....\.......... ........p....`l.........................P................ .........................r............0..0....................@..h............................ ..........................0............................text....[.......\..................`.P`.data...4....p.......`..............@.0..rdata...............b..............@.p@.qtmetad@............x..............@.p@.eh_fram,............z..............@.0@.bss..................................`..edata..r...........................@.0@.idata..............................@.0..CRT....,...........................@.0..tls.... .... ......................@.0..rsrc...0....0......................@.0..reloc..h....@......................@.0B................................................................................................................................................

          C:\Program Files (x86)\js8call\plugins\imageformats\qico.dll

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
          Category:dropped
          Size (bytes):34816
          Entropy (8bit):5.877463370753019
          Encrypted:false
          SSDEEP:
          MD5:3574B608A67140BAAC9C904BF75FDF77
          SHA1:611E8C128BF3B24C2AF1FB135F255C3978653C70
          SHA-256:0BA9E6084515B00B1877A4D691D7F6BC7E64A619359FFBCDC4026DEFFDFE608B
          SHA-512:F94DC98A14058A3FAD3D8A26968F02589CCE65E67271FAEFA875C2BA0044131012A151362E6E22A0A0448343111BA869FA24308769DE55243733E568B0315B38
          Malicious:false
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.....<.......... ........P.....n......................... .......6........ .........................q.......t.......0.......................8....................................................................................text....:.......<..................`.P`.data...4....P.......@..............@.0..rdata..H....`.......B..............@.p@.qtmetad@....p.......L..............@.p@.eh_fram.............N..............@.0@.bss..................................`..edata..q............b..............@.0@.idata..t............d..............@.0..CRT....,............z..............@.0..tls.... ............|..............@.0..rsrc...0............~..............@.0..reloc..8...........................@.0B................................................................................................................................................

          C:\Program Files (x86)\js8call\plugins\imageformats\qjp2.dll

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
          Category:dropped
          Size (bytes):517120
          Entropy (8bit):6.422367848540233
          Encrypted:false
          SSDEEP:
          MD5:1B0F3255A28097919BA0F8886D9137B2
          SHA1:B215A98532A7934ECC9B52959B37FE1F3BD96481
          SHA-256:C0163B594B8FD38622196C3E80FCC245748AE9241A12561ECC096F1A54F1429A
          SHA-512:26284FFA12508FFB3A89CE08849926F4992898BECD2EC22B282671F6F88C12AFA7B3C9BC4088C4BD9DEC2375D9EBDDA8A03679CC6E079DA7D54AB070E71F01FA
          Malicious:false
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.............j.. .............Dm......................................... ......................P..q....`..0.......0...........................................................................hc...............................text...8...........................`.P`.data....".......$..................@.p..rdata.......0......................@.p@.qtmetad............................@.p@.eh_fram$...........................@.0@.bss.....h............................p..edata..q....P......................@.0@.idata..0....`......................@.0..CRT....,...........................@.0..tls.... ...........................@.0..rsrc...0...........................@.0..reloc..............................@.0B................................................................................................................................................

          C:\Program Files (x86)\js8call\plugins\imageformats\qjpeg.dll

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
          Category:dropped
          Size (bytes):246784
          Entropy (8bit):6.369462434342828
          Encrypted:false
          SSDEEP:
          MD5:033E0E26BA3DC1201B6B829E656167F5
          SHA1:9AE95E314FE18343CAB3CF0108451E59294B048F
          SHA-256:B07AA694656D7AE986E091607B93826CDC93AA88C0723C65A5A959B2CD960FC3
          SHA-512:6E07906DC48AA6276ACFE9864D71CE964E32E82D2ACA140DFF0E2E9BF21097AB9B8ADBF52C12E2DDDC7D2FA869247F51020EF52A97032F1BD21500FD549BCD48
          Malicious:false
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#................ .............lb.........................P....../R........ .........................r.......h....0..0....................@............................... ......................|................................text...............................`.P`.data...4...........................@.0..rdata...A.......B..................@.p@.qtmetad.....P.......$..............@.p@.eh_fram`f...`...h...&..............@.0@.bss..................................`..edata..r...........................@.0@.idata..h........ ..................@.0..CRT....,...........................@.0..tls.... .... ......................@.0..rsrc...0....0......................@.0..reloc.......@......................@.0B................................................................................................................................................

          C:\Program Files (x86)\js8call\plugins\imageformats\qmng.dll

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
          Category:dropped
          Size (bytes):366592
          Entropy (8bit):6.258260142607527
          Encrypted:false
          SSDEEP:
          MD5:EA65BD4394FE302188552F67479F87A0
          SHA1:95E98754D882193FF4D092182BCB97D67DD2ECE0
          SHA-256:3D6EFA687D3C49422021A5DF29009432DE6B3A8B747764BBE1238D61B95FCF52
          SHA-512:3F7C9FD8EA785539849D91F53F004263EFA1E65F242118CE466D4257DF7CF7FC3D703D490A7C932229D0F9F67B0C6BD861EBE297AA2ABBF92E9292C1D4E24B0E
          Malicious:false
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.....P.......... ........`....$i.........................0.......%........ .........................q...............0...........................................................................d................................text....O.......P..................`.P`.data........`.......T..............@.p..rdata...E...p...F...\..............@.p@.qtmetad@...........................@.p@.eh_fram............................@.0@.bss..................................`..edata..q............h..............@.0@.idata...............j..............@.0..CRT....,............|..............@.0..tls.... ............~..............@.0..rsrc...0...........................@.0..reloc..............................@.0B................................................................................................................................................

          C:\Program Files (x86)\js8call\plugins\imageformats\qsvg.dll

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
          Category:dropped
          Size (bytes):28672
          Entropy (8bit):5.808378318303407
          Encrypted:false
          SSDEEP:
          MD5:8B8E83FCE96576E188A8FF9AF0C9574E
          SHA1:B5E6837D4BC72523CE0F615606B888C40C869B93
          SHA-256:848BD768987C910D0DD739EAC9014B7F22E2387245A80AB2C74E8D7E443AC537
          SHA-512:2C8631E1DE76089C7DE5E17B0560BBF70532B938508F27DB33C0563B6C283E3090B9A9BB27E07FBD261813E49C00DFAD37C532A3C2E1DEB32A95FA09C2C1BFFB
          Malicious:false
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.....*...l...... ........@.....a......................................... .........................q...............0............................................................................................................text...X).......*..................`.P`.data...4....@......................@.0..rdata.......P.......0..............@.p@.qtmetad@....`.......:..............@.p@.eh_framH....p.......<..............@.0@.bss..................................`..edata..q............L..............@.0@.idata...............N..............@.0..CRT....,............d..............@.0..tls.... ............f..............@.0..rsrc...0............h..............@.0..reloc...............l..............@.0B................................................................................................................................................

          C:\Program Files (x86)\js8call\plugins\imageformats\qtga.dll

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
          Category:dropped
          Size (bytes):27648
          Entropy (8bit):5.7952438625729785
          Encrypted:false
          SSDEEP:
          MD5:9DDCA5AA7A5E0D7B05565A72FB11FE52
          SHA1:BFBF07344DFD02B9B3F08F0863C7E029E70AAFEE
          SHA-256:3B106529FC0DECF17FFEF7FDA308D064BBD3190E8AF07CA9BE9AEB73A1C927A8
          SHA-512:3A52FC44EF60E9097B1C36F5B12989DE40F39A7F7457F3F4E0637D151C42976956E0329D4216249562D85381ACF25331178961249C2255EABCD1AD8F89934437
          Malicious:false
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.....(...h...... ........@....dk................................#......... .........................q.......t.......0...........................................................................0................................text....'.......(..................`.P`.data...4....@.......,..............@.0..rdata.......P......................@.p@.qtmetad@....`.......:..............@.p@.eh_fram4....p.......<..............@.0@.bss..................................`..edata..q............L..............@.0@.idata..t............N..............@.0..CRT....,............`..............@.0..tls.... ............b..............@.0..rsrc...0............d..............@.0..reloc...............h..............@.0B................................................................................................................................................

          C:\Program Files (x86)\js8call\plugins\imageformats\qtiff.dll

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
          Category:dropped
          Size (bytes):433664
          Entropy (8bit):5.810805029709853
          Encrypted:false
          SSDEEP:
          MD5:CF83734F17F3DA2F8225584E248FF433
          SHA1:8FC68BCE461A818F7EBEBF86E7F4C716DB23A1A4
          SHA-256:E4EB85796A6E5831D49A69E2672A8A60F0F2435751677F2DBAD61BEE494370A3
          SHA-512:F24921E3FAF1E6554C8A432906F4D1269C3958CAD47851BFAFAA24904C017CD5C590FACB1481024233E5855C0B471E11A94C3F220798BDB9CF971FF32E17F08C
          Malicious:false
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#................ ..............l......................... ......]......... .........................r...............0.......................( ..................................................P................................text...............................`.P`.data............ ..................@.p..rdata...&.......(..................@.p@.qtmetad............................@.p@.eh_fram<}.......~..................@.0@.bss..................................p..edata..r............X..............@.0@.idata...............Z..............@.0..CRT....,............t..............@.0..tls.... ............v..............@.0..rsrc...0............x..............@.0..reloc..( ......."...|..............@.0B................................................................................................................................................

          C:\Program Files (x86)\js8call\plugins\imageformats\qwbmp.dll

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
          Category:dropped
          Size (bytes):27136
          Entropy (8bit):5.746531027943039
          Encrypted:false
          SSDEEP:
          MD5:CA017D371DD9C85AEC9406BF11C7F12E
          SHA1:433F34BD402785F1B011F19FC55A83609A95D313
          SHA-256:F3468703268C3A2908945B33E10FAB110473208ECD42389F299F105542C36BAA
          SHA-512:33217538CBC0B2EB31F2C94D3210A189614312153C702A2D9BF2C3CF5B0F2CA3D5C46C94BEE7E5CB437A58AA53403A5B176B2803A57255D5722F6C1C1402A8D7
          Malicious:false
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.....(...f...... ........@.....f.................................R........ .........................r.......H.......0.......................l...................................................\................................text...H&.......(..................`.P`.data...4....@.......,..............@.0..rdata.......P......................@.p@.qtmetad@....`.......8..............@.p@.eh_fram.....p.......:..............@.0@.bss..................................`..edata..r............H..............@.0@.idata..H............J..............@.0..CRT....,............^..............@.0..tls.... ............`..............@.0..rsrc...0............b..............@.0..reloc..l............f..............@.0B................................................................................................................................................

          C:\Program Files (x86)\js8call\plugins\imageformats\qwebp.dll

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
          Category:dropped
          Size (bytes):362496
          Entropy (8bit):6.433939830408757
          Encrypted:false
          SSDEEP:
          MD5:CA9C0782C43FFB6918C5F04A83F18628
          SHA1:2CE43D80425FC4CDAD50C35FE8599144D8296841
          SHA-256:1B248E1B38F79A3699ED860E7E40961D9C3AF2FF07086BCC163CA556A76E7E21
          SHA-512:A3E338C2BAD490B4CBA52F0523484AC3202F0756EDCCC35953D00412F24EFDC4EB38C4809FC5C566EE3B05C2EC0B023843D460DCAD8409F055D9C688C387ACC6
          Malicious:false
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...pn/............#................ .............\g.........................0................ .........................r...............0............................................................................................................text...............................`.P`.data...h...........................@.0..rdata..............................@.p@.qtmetad@...........................@.p@.eh_fram4...........................@.0@.bss..................................p..edata..r............R..............@.0@.idata...............T..............@.0..CRT....,............h..............@.0..tls.... ............j..............@.0..rsrc...0............l..............@.0..reloc...............p..............@.0B................................................................................................................................................

          C:\Program Files (x86)\js8call\plugins\platforms\qwindows.dll

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
          Category:dropped
          Size (bytes):1414144
          Entropy (8bit):6.427149289197306
          Encrypted:false
          SSDEEP:
          MD5:BDF323EDA0A4E807C7800D646F7EF9D4
          SHA1:231D0AE55CABB81A42DE4931B5A8B0EC41D114C0
          SHA-256:AF2918154E2F1CC354A25E9DDE56CC1576B9BEED39E671A75495A5E7BE2E8900
          SHA-512:A3E76C59759A2D1A8C86A8AC51C04898618746D29FC1A1DA34D58A97EDD7C408B86714F908EC2F9017E4A3F3C02991EA8E73E7FD87B350D38A3AD6A2AD570E60
          Malicious:false
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....f*............#.............$.. ..............j.........................@................ ......................p..u...............8.......................h...................................................h...<............................text...............................`.P`.data...............................@.p..rdata..............................@.p@.qtmetad@............z..............@.p@.eh_fram............|..............@.0@.bss.....#...@........................p..edata..u....p......................@.0@.idata..............................@.0..CRT....,...........................@.0..tls.... ...........................@.0..rsrc...8...........................@.0..reloc..h...........................@.0B................................................................................................................................................

          C:\Program Files (x86)\js8call\share\doc\JS8Call\COPYING

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:ASCII text, with very long lines (2347), with CRLF line terminators
          Category:dropped
          Size (bytes):31952
          Entropy (8bit):4.570577753051389
          Encrypted:false
          SSDEEP:
          MD5:003D5FB6ED8D84C379823C94F7402ABF
          SHA1:36B789B38F1A5D23444F73B728A5AB3AE5C5EB6C
          SHA-256:F066C3542CDE425B45C70139437D4A0D5A89A838A8683722220CB3E65E8AD649
          SHA-512:8DEEDA0D4EEBBAFB81F88BF583908CC55616288A538B49039CD424D7C44577D7ABA7040EF11EFC9AAE1A10D5F99441AF49F0F786BF52A31D1CFDF1F4BA3272B1
          Malicious:false
          Reputation:unknown
          Preview:GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007....Copyright (C) 2007 Free Software Foundation, Inc.....Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.....Preamble The GNU General Public License is a free, copyleft license for software and other kinds of works.....The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free software for all its users. We, the Free Software Foundation, use the GNU General Public License for most of our software; it applies also to any other work released this way by its authors. You can apply it to your programs, too.....When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have th

          C:\Program Files (x86)\js8call\share\doc\JS8Call\INSTALL

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):1918
          Entropy (8bit):5.262097502158103
          Encrypted:false
          SSDEEP:
          MD5:F5BDFE4A8B59F3E328E1F0F8480E5A09
          SHA1:FECE944ECC0E3647E0B2670290ADF6D76E22E73E
          SHA-256:FC54D91BCEF47ABFE80D7984E5B1DD11F23318C541360A3652205E4454562330
          SHA-512:F95F88633935D89BEC5D14CD9FE9813B1323DEBE76321084DF8AF4473E062D0D4B50ADC1BE79AE163354DFBC771EE7FBD59DF6D861BAABBDCC8CA0B2EF439474
          Malicious:false
          Reputation:unknown
          Preview:# JS8Call....JS8Call is built atop the Qt framework and can be compiled on Linux, Windows, and MacOS.....## Compiling for Linux....### Get the Hamlib Source....mkdir ~/hamlib-prefix..cd ~/hamlib-prefix..git clone https://github.com/Hamlib/Hamlib.git src....### Get the JS8Call Source....mkdir ~/js8call-prefix..cd ~/js8call-prefix..git clone https://bitbucket.org/widefido/js8call.git src....### Get the Dependencies....Most Debian-based distributions make it very easy to install the required dependencies. Other distributions may require a little more effort. ....JS8Call depends on:....* Qt5..* FFTW3..* Hamlib....#### 18.04 LTS:....sudo apt install build-essential git automake cmake clang gfortran libfftw3-dev git libgfortran5 libusb-1.0-0-dev autoconf libtool texinfo qt5-default qtmultimedia5-dev libqt5multimedia5-plugins libqt5serialport5-dev libudev-dev pkg-config....#### 20.04 LTS:....sudo apt install build-essential git automake make cmake clang gfortran libfftw3-dev git libgfortran-1

          C:\Program Files (x86)\js8call\share\doc\JS8Call\INSTALL-WSJTX

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):15590
          Entropy (8bit):4.943243927630692
          Encrypted:false
          SSDEEP:
          MD5:657B0C03200EF9B71AD5772E3BB9D327
          SHA1:1CBE843B80AF6CC6D40E12243C7D32B3FA535AEB
          SHA-256:6A12C0DA1C6B4CDF70150E791052C43325F47ED1230D42296E2E2D0A42B50EF4
          SHA-512:DA3B5AA76F7F90F8558349DC9A378034943DA1A9E92277518403DB340A1E54B8040200D80BD21BFAA2152D38A49649A629A1D9DBE6ABB176DF02E4D0C6DFA890
          Malicious:false
          Reputation:unknown
          Preview:.. __ __ ______ _____ ________ __ __ ..| \ _ | \ / \ | \| \ | \ | \..| $$ / \ | $$| $$$$$$\ \$$$$$ \$$$$$$$$ | $$ | $$..| $$/ $\| $$| $$___\$$ | $$ | $$ ______ \$$\/ $$..| $$ $$$\ $$ \$$ \ __ | $$ | $$| \ >$$ $$ ..| $$ $$\$$\$$ _\$$$$$$\| \ | $$ | $$ \$$$$$$/ $$$$\ ..| $$$$ \$$$$| \__| $$| $$__| $$ | $$ | $$ \$$\..| $$$ \$$$ \$$ $$ \$$ $$ | $$ | $$ | $$.. \$$ \$$ \$$$$$$ \$$$$$$ \$$ \$$ \$$.. .. .. ..Installing WSJT-X..=================....Binary packages of WSJT-X are available from the project web site:.... http://www.physics.princeton.edu/pulsar/K1JT/wsjtx.html......Building from Source..====================....On Linux systems some of the prerequisite libraries are availabl

          C:\Program Files (x86)\js8call\share\doc\JS8Call\README

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:Unicode text, UTF-8 text, with very long lines (520), with CRLF line terminators
          Category:dropped
          Size (bytes):4355
          Entropy (8bit):5.090048133382954
          Encrypted:false
          SSDEEP:
          MD5:58D3C4731C92448E8CEB69CBDD881D80
          SHA1:74AC307D08D1C746ADC19F446DBE9ED9159B035F
          SHA-256:5F57EEC737B78BD54C5BC5E79D373BE794852397E017C073B6A988330E43C262
          SHA-512:4E24E69D632CE934DDEE3099DC4338568BEB810284AFDA2BE725EAB7B545C10DE575F3BB9F87CDC2ACEE0EE3E645489DC2ACA9D3AA24ACCEF20FDECE599D9288
          Malicious:false
          Reputation:unknown
          Preview:# JS8Call....JS8Call is an experiment in combining the robustness of FT8 (a weak-signal mode by K1JT) with a messaging and network protocol layer for weak signal communication. The open source software is designed for connecting amateur radio operators who are operating under weak signal conditions and offers real-time keyboard-to-keyboard messaging, store-and-forward messaging, and automatic station announcements. ....* Read more on the original design inspiration here: https://github.com/jsherer/js8call....* For release announcements and discussion, join the JS8Call mailing list here: https://groups.io/g/js8call....* Documentation is available here: https://docs.google.com/document/d/159S4wqMUVdMA7qBgaSWmU-iDI4C9wd4CuWnetN68O9U/edit?pli=1#heading=h.kfnyge37yfr......# Notice....JS8Call is a derivative of the WSJT-X application, restructured and redesigned for message passing using a custom FSK modulation called JS8. It is not supported by nor endorsed by the WSJT-X development group.

          C:\Program Files (x86)\js8call\share\js8call\JPLEPH

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:data
          Category:dropped
          Size (bytes):3738096
          Entropy (8bit):7.818291585355595
          Encrypted:false
          SSDEEP:
          MD5:F9D521112BA3198A8623C19A57FEC538
          SHA1:69096ED89F8B7BFD90CD3B518740A910B51BA6D2
          SHA-256:A0F35B54A1A9DCE859F54F29EFD822A14C2B96B1F85BCC971FFE101BCF7DBD21
          SHA-512:23A5DC695AEC4DAF262550585B8F219038464D5B463DFFEB4BE8F40B4F69FD63B20AFD769BC9EF1CC2CD4BB6BC8DB15B9B72F39A420D0D3C2C6DF6D98D31915E
          Malicious:false
          Reputation:unknown
          Preview:JPL Planetary Ephemeris DE405/DE405 Start Epoch: JED= 2305424.5 1599 DEC 09 00:00:00 Final Epoch: JED= 2525008.5 2201 FEB 20 00:00:00 DENUM LENUM TDATEFTDATEBCENTERCLIGHTAU EMRAT GM1 GM2 GMB GM4 GM5 GM6 GM7 GM8 GM9 GMS RAD1 RAD2 RAD4 JDEPOCX1 Y1 Z1 XD1 YD1 ZD1 X2 Y2 Z2 XD2 YD2 ZD2 XB YB ZB XDB YDB ZDB X4 Y4 Z4 XD4 YD4 ZD4 X5 Y5 Z5 XD5 YD5 ZD5 X6 Y6 Z6 XD6 YD6 ZD6 X7 Y7 Z7 XD7 YD7 ZD7 X8 Y8 Z8 XD8 YD8 ZD8 X9 Y9 Z9 XD9 YD9 ZD9 XM YM ZM XDM YDM ZDM XS YS ZS XDS YDS ZDS BETA GAMMA J2SUN GDOT MA0001MA0002MA0004MAD1 MAD2 MAD3 RE ASUN PHI THT PSI OMEGAXOMEGAYOMEGAZAM J2M J3M J4M C22M C31M C32M C33M S31M S32M S33M C41M C42M C43M C44M S41M S42M S43M S44M

          C:\ProgramData\Microsoft\Windows\Start Menu\Programs\js8call\JS8Call Web Site.url

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:MS Windows 95 Internet shortcut text (URL=<https://groups.io/g/js8call>), ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):53
          Entropy (8bit):4.637836727944006
          Encrypted:false
          SSDEEP:
          MD5:D37358ABCC70763951AEE626250EEF5A
          SHA1:764AEFC060FE7C00B0FBCB6D2F56507A40CD2BC3
          SHA-256:1944A89F8816AF4753E3544D7DEC9578BFAFF9766BF06C7788C470D050E0D629
          SHA-512:B9721B5D63C8225DBE82FCB810E3C58067568567B381C3BD42DC4613C76E2E93DF6115A1F4C5115013B0AD09EA78B253547DFC80C3E7295403A894BC9348E787
          Malicious:false
          Reputation:unknown
          Preview:[InternetShortcut]..URL=https://groups.io/g/js8call..

          C:\ProgramData\Microsoft\Windows\Start Menu\Programs\js8call\JS8Call.lnk

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sun Jun 21 02:41:56 2020, mtime=Fri Aug 2 11:07:20 2024, atime=Sun Jun 21 02:41:56 2020, length=35701672, window=hide
          Category:dropped
          Size (bytes):1168
          Entropy (8bit):4.623432385865961
          Encrypted:false
          SSDEEP:
          MD5:5D47C054AFDF743B009C731A739EA292
          SHA1:3D170DC25B91D7421CDF55194338D01B4BB3C010
          SHA-256:ACF2664DBA78436DE178119765A45436BA6FC55FB37A36D8D70A9C68FCC76CC7
          SHA-512:C1E6B7FA96A583477CCB43E21FE328512AC4660C799F242641E53D46B3F1A6D54A2043B981F58E846845539FF70D0B02F89DFA4BCEC383A387BE0EC9E3D29E05
          Malicious:false
          Reputation:unknown
          Preview:L..................F.... ....Z..}G..s.m......Z..}G.... ..........................P.O. .:i.....+00.../C:\.....................1......Y.`..PROGRA~2.........O.I.Y.`....................V........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....V.1......Y.`..js8call.@.......Y.`.Y.`....KY.....................1,.j.s.8.c.a.l.l.....J.1......Y.`..bin.8.......Y.`.Y.`....MY.....................3.b.i.n.....b.2... ..P<. .js8call.exe.H.......P<..Y.`....#Z........................j.s.8.c.a.l.l...e.x.e.......]...............-.......\..............;.....C:\Program Files (x86)\js8call\bin\js8call.exe..=.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.j.s.8.c.a.l.l.\.b.i.n.\.j.s.8.c.a.l.l...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.j.s.8.c.a.l.l.........*................@Z|...K.J.........`.......X.......585948...........hT..CrF.f4... ..............%..hT..CrF.f4... ..............%.............1SPS.XF.L8C....&.m.q............/

          C:\ProgramData\Microsoft\Windows\Start Menu\Programs\js8call\Uninstall.lnk

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Fri Aug 2 11:07:29 2024, mtime=Fri Aug 2 11:07:29 2024, atime=Fri Aug 2 11:07:29 2024, length=375215, window=hide
          Category:modified
          Size (bytes):1094
          Entropy (8bit):4.701754552786066
          Encrypted:false
          SSDEEP:
          MD5:5B2DC17A2650D8E92452B997530D208E
          SHA1:841FF5F1FD41C20A40CD53A1A66B300949615399
          SHA-256:DAC2BE5280F44EF348BE4BE37F2F030246D45693EAD2FF335CB748C51CAB0995
          SHA-512:90821B073794E507254D19E908CF35AD2EDA6596FBB34BEA0B54E32C76846E828233F3E41255F2D7E20341178823C539BE0F303749B0DA451AE4D2CB3F824CFA
          Malicious:false
          Reputation:unknown
          Preview:L..................F.... ...........0>......0>..................................P.O. .:i.....+00.../C:\.....................1......Y.`..PROGRA~2.........O.I.Y.`....................V........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....V.1......Y.`..js8call.@.......Y.`.Y.`....KY.......................j.s.8.c.a.l.l.....h.2......Y.` .UNINST~1.EXE..L.......Y.`.Y.`...........................|..U.n.i.n.s.t.a.l.l...e.x.e.......[...............-.......Z..............;.....C:\Program Files (x86)\js8call\Uninstall.exe..;.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.j.s.8.c.a.l.l.\.U.n.i.n.s.t.a.l.l...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.j.s.8.c.a.l.l.........*................@Z|...K.J.........`.......X.......585948...........hT..CrF.f4... ..............%..hT..CrF.f4... ..............%.............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7

          C:\Users\user\AppData\Local\JS8Call\ALL.TXT

          Download File
          Process:C:\Program Files (x86)\js8call\bin\js8call.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):38
          Entropy (8bit):3.862948816520147
          Encrypted:false
          SSDEEP:
          MD5:CB992641598F4F51D8A33E6A18B07420
          SHA1:AD3FC4918419C4A38C99E2CA4750092BAE2B52A3
          SHA-256:D14AB2E788B648589DFE27A24AF1796B8BB2B74A5F6A09B742BDFD564D81F489
          SHA-512:55D5ECB88CDDF8EC1BB31F1D9705140FFDBF6392B79FBB1246C3C54EF6D0DA4A9FBC809CAB15EDFB9A661251823E6FF4FC9B319C2CCF6DD3DAFAE27B4678FE2F
          Malicious:false
          Reputation:unknown
          Preview:2024-08-02 12:07:43 14.078 MHz JS8..

          C:\Users\user\AppData\Local\JS8Call\JS8Call.ini (copy)

          Download File
          Process:C:\Program Files (x86)\js8call\bin\js8call.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:75B6D801B8DA983259E6FECEB3A96DA5
          SHA1:5096ED84821C99CC359B982E00B4970F0989389E
          SHA-256:FC0847CCC706D7E53D9F0ABE6BE8B3A02D98CF039BB1174030FFBADD45817825
          SHA-512:720039FCD3B21161782BDCCAAEE67DA6175A02394AE4E5A3B7C9959E87F5F9C49B8AC9DCF972509D81816550E772EF506073A30FC867A579BBCEB66CBCFD0365
          Malicious:false
          Reputation:unknown
          Preview:[MultiSettings]..CurrentName=Default..

          C:\Users\user\AppData\Local\JS8Call\JS8Call.ini.OA5756

          Download File
          Process:C:\Program Files (x86)\js8call\bin\js8call.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):38
          Entropy (8bit):4.238334671954105
          Encrypted:false
          SSDEEP:
          MD5:75B6D801B8DA983259E6FECEB3A96DA5
          SHA1:5096ED84821C99CC359B982E00B4970F0989389E
          SHA-256:FC0847CCC706D7E53D9F0ABE6BE8B3A02D98CF039BB1174030FFBADD45817825
          SHA-512:720039FCD3B21161782BDCCAAEE67DA6175A02394AE4E5A3B7C9959E87F5F9C49B8AC9DCF972509D81816550E772EF506073A30FC867A579BBCEB66CBCFD0365
          Malicious:false
          Reputation:unknown
          Preview:[MultiSettings]..CurrentName=Default..

          C:\Users\user\AppData\Local\JS8Call\JS8Call.ini.cp5756

          Download File
          Process:C:\Program Files (x86)\js8call\bin\js8call.exe
          File Type:Generic INItialization configuration [Configuration]
          Category:dropped
          Size (bytes):205
          Entropy (8bit):4.350918148213834
          Encrypted:false
          SSDEEP:
          MD5:595807B1530A97E2CA4F66FBBAD8C29D
          SHA1:F86C5B6B2B4330BC60E29160D1DAFE88BED967A8
          SHA-256:0A6C22D632353D45B049F2B82CE5EEE9865B728274B2E26BAE442F296E93F9F3
          SHA-512:24A905CDFC34B6BA77A6990465A9BDB08A87A01B43E30B32B20AA3B9D7B0A971E21F146AA1EBC147A545754D7925FFB0CD8375344530697BA66C4ED34A84CC70
          Malicious:false
          Reputation:unknown
          Preview:[MultiSettings]..CurrentName=Default....[Configuration]..WindowGeometry=@ByteArray(\x1\xd9\xd0\xcb\0\x2\0\0\0\0\0\x61\0\0\0\x2\0\0\x3\x90\0\0\x2\x80\0\0\0i\0\0\0!\0\0\x3\x88\0\0\x2x\0\0\0\0\0\0\0\0\x5\0)..

          C:\Users\user\AppData\Local\JS8Call\JS8Call.ini.lock

          Download File
          Process:C:\Program Files (x86)\js8call\bin\js8call.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):21
          Entropy (8bit):3.7489948035250964
          Encrypted:false
          SSDEEP:
          MD5:ABBBCE47FB4B84A04A0698FCFBB32661
          SHA1:2637AF1A17F3E74B5B71EE721CCCD73279795556
          SHA-256:AE2929F08347DB0BBC015DE93BFF81BD964851141066826198FA620DA1DE7832
          SHA-512:80BBBA29FAD524EE1D2C0D8DB8647017F7F236386DE138D8464C26B85792B913456461334219E226BA8EDD5940D27B90FDB4383A1C4BE3552217D85FC9975508
          Malicious:false
          Reputation:unknown
          Preview:5756.JS8Call.user-PC.

          C:\Users\user\AppData\Local\JS8Call\JS8Call.ini.vb5756

          Download File
          Process:C:\Program Files (x86)\js8call\bin\js8call.exe
          File Type:Generic INItialization configuration [Configuration]
          Category:dropped
          Size (bytes):8579
          Entropy (8bit):5.317009557648785
          Encrypted:false
          SSDEEP:
          MD5:67DAFFBCB110884934EF8397982D5CCF
          SHA1:AE86F347BDC0A9667383230E5C8DD04E573C16A1
          SHA-256:1D1B39DD9A2BC96BD8A1827850C7E493D1FFB346EC049CDD0B061DD2DD332825
          SHA-512:A30B415CC0C18823B33165F9571214A9E3E361B66A6B23CFC0051685050D70B2DB6162F42BEED4303913CCF74BA741881ABAC8EDD13429BC806580576CF8C693
          Malicious:false
          Reputation:unknown
          Preview:[MultiSettings]..CurrentName=Default....[Configuration]..WindowGeometry=@ByteArray(\x1\xd9\xd0\xcb\0\x2\0\0\0\0\0\x61\0\0\0\x2\0\0\x3\x90\0\0\x2\x80\0\0\0i\0\0\0!\0\0\x3\x88\0\0\x2x\0\0\0\0\0\0\0\0\x5\0)..AutoSwitchBands=false..MyCall=..MyGrid=..MyGroups=@Invalid()..AutoWhitelist=@Invalid()..AutoBlacklist=@Invalid()..HBBlacklist=@Invalid()..SpotBlacklist=@Invalid()..PrimaryHighlightWords=@Invalid()..SecondaryHighlightWords=@Invalid()..EOTCharacter=\x2662..MFICharacter=\x2026\x2026..MyInfo=..MyStatus=IDLE <MYIDLE> VERSION <MYVERSION>..CQMessage=CQ CQ CQ <MYGRID4>..HBMessage=HB <MYGRID4>..Reply=HW CPY?..CallsignAging=0..ActivityAging=2..colorCQ=@Variant(\0\0\0\x43\x1\xff\xff\x66\x66\xff\xff\x66\x66\0\0)..colorPrimary=@Variant(\0\0\0\x43\x1\xff\xff\xf1\xf1\xc4\xc4\xf\xf\0\0)..colorSecondary=@Variant(\0\0\0\x43\x1\xff\xff\xff\xff\xff\xff\x66\x66\0\0)..colorMyCall=@Variant(\0\0\0\x43\x1\xff\xff\xff\xff\x66\x66\x66\x66\0\0)..color_rx_background=@Variant(\0\0\0\x43\x1\xff\xff\xff\xff\xea\xea\

          C:\Users\user\AppData\Local\JS8Call\wsjtx_wisdom.dat

          Download File
          Process:C:\Program Files (x86)\js8call\bin\js8call.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):73
          Entropy (8bit):4.449648963304693
          Encrypted:false
          SSDEEP:
          MD5:9DF4120910F180343EA5E190E8FEEA09
          SHA1:34E2E054AE24F3947D789820D5FB53DCDBF18C13
          SHA-256:1766336C511076A4A2F9FA60A2C2B8CF265A3554213C482FF0CC4E54BA638ED7
          SHA-512:805FF88262214B3E0DF884A0ADC25E16C518C0ABEC45FEC4DEEF45FC4DF5C0D9FEC4F3ECC2A7A464B5041D5881B14FA37053F5E1BCBE8949C8A8E739FBEC93FA
          Malicious:false
          Reputation:unknown
          Preview:(fftw-3.3.4 fftwf_wisdom #x9e7d4dee #xdb14fed1 #x34bf76a4 #xeb6e8fdf..)..

          C:\Users\user\AppData\Local\Temp\nss1971.tmp\StartMenu.dll

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):7680
          Entropy (8bit):4.614943590037361
          Encrypted:false
          SSDEEP:
          MD5:5831D36066B6DAF42FBF2AB1773308C8
          SHA1:6122EBCA175EFB3607013EDC67D3F5E3D4143F3F
          SHA-256:994EB5C54F6E2F4C0328E6EB667A82CA133800964BEA7A0CCAE8ABA60C98E966
          SHA-512:D741B4EF4396E7ACB7496E223BD131AC4BE18D4666556FD108660DD0098A1E683E244B35A5FAAF06466CB78186F8F31858AEC5B8FE9D507CBF639AD3D4D53EA8
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          • Antivirus: Virustotal, Detection: 0%, Browse
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........I...(...(...(...(...(..<'...(.......(..8....(.......(..Rich.(..........................PE..L....n3T...........!........."............... ...............................p.......................................$..e.... ..x....P..(....................`..t.................................................... ...............................text............................... ..`.rdata..U.... ......................@..@.data........0......................@....rsrc...(....P......................@..@.reloc..8....`......................@..B................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nss1971.tmp\System.dll

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):11264
          Entropy (8bit):5.779567759802416
          Encrypted:false
          SSDEEP:
          MD5:883EFF06AC96966270731E4E22817E11
          SHA1:523C87C98236CBC04430E87EC19B977595092AC8
          SHA-256:44E5DFD551B38E886214BD6B9C8EE913C4C4D1F085A6575D97C3E892B925DA82
          SHA-512:60333253342476911C84BBC1D9BF8A29F811207787FDD6107DCE8D2B6E031669303F28133FFC811971ED7792087FE90FB1FAABC0AF4E91C298BA51E28109A390
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          • Antivirus: Virustotal, Detection: 0%, Browse
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j.9..i....l....l.Richm.........................PE..L....n3T...........!.................'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text..._........................... ..`.rdata..S....0......."..............@..@.data...h....@.......&..............@....reloc..b....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nss1971.tmp\UserInfo.dll

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):4096
          Entropy (8bit):3.2846082700058967
          Encrypted:false
          SSDEEP:
          MD5:D9A3FC12D56726DDE60C1EAD1DF366F7
          SHA1:F531768159C14F07AC896437445652B33750A237
          SHA-256:401F1A02000FF7CF9853D964DCBA77E6F0FA8E57256B11ED3C01171D7A97388A
          SHA-512:6B06E3446DF419151DD20CDB1D9C595FE9FB0972E7DFC50DADEEA9F868D8EF0CD4CEFCB18C7EBFC0D2A3E9171F8AA1F9FE762F54C374667F6060E8CE7E845F51
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          • Antivirus: Virustotal, Detection: 0%, Browse
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......K..................[.........Rich..........................PE..L....n3T...........!................i........ ...............................P...................................... "......L ..<............................@..p.................................................... ..L............................text............................... ..`.rdata....... ......................@..@.data...x....0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nss1971.tmp\modern-header.bmp

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:PC bitmap, Windows 3.x format, 150 x 57 x 24, image size 25764, resolution 3779 x 3779 px/m, cbSize 25818, bits offset 54
          Category:dropped
          Size (bytes):25818
          Entropy (8bit):2.0104202566829117
          Encrypted:false
          SSDEEP:
          MD5:8E52D18D6F0DC0E9C534CFDBEBB49D8B
          SHA1:6007C3533B62E178472936A533406733F19BC519
          SHA-256:E11AA7E89396B01E420CFCD3F842D7571EF8D16709BFEB8D61FFC23FE4112261
          SHA-512:82824899EFF36F12CBD16BF2E1C3DD4B111A1F1DDB3C21821BA4FB9CBA42D80654C74FD6258D909E96FBBA6A92BDB2F41BB6EEA38CD6325FB0226A86B4886228
          Malicious:false
          Reputation:unknown
          Preview:BM.d......6...(.......9............d..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................qqqGGG***.....................---JJJvvv..................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nss1971.tmp\modern-wizard.bmp

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:PC bitmap, Windows 3.x format, 164 x 314 x 4, image size 26376, resolution 2834 x 2834 px/m, cbSize 26494, bits offset 118
          Category:dropped
          Size (bytes):26494
          Entropy (8bit):1.9568109962493656
          Encrypted:false
          SSDEEP:
          MD5:CBE40FD2B1EC96DAEDC65DA172D90022
          SHA1:366C216220AA4329DFF6C485FD0E9B0F4F0A7944
          SHA-256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
          SHA-512:62990CB16E37B6B4EFF6AB03571C3A82DCAA21A1D393C3CB01D81F62287777FB0B4B27F8852B5FA71BC975FEAB5BAA486D33F2C58660210E115DE7E2BD34EA63
          Malicious:false
          Reputation:unknown
          Preview:BM~g......v...(.......:............g..................................................................................DDD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@..DDD....DDDDDD........................................DDDDDDDDDD....DDDDDDDDD........DD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDD@@@@DDDDDDDDDD@@@@@@D..DD....DDDDDDD......................................DDDDDDDDDD....DDDDDDDDDD......D..D@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@DDD..D.....DDDDDD......................................DDDDDDDDD.....DDDDDDDDD......DDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@@DDDD.......DDDDDD.....................................DDDDDDDDDD....DDDDDDDDDD.....DDDDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@DDDDDD.......DDDDDD....................................DDDDDDDDD....DDDDDDDDDD......DDDDDD..@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

          C:\Users\user\AppData\Local\Temp\nss1971.tmp\nsDialogs.dll

          Download File
          Process:C:\Users\user\Desktop\js8call-2.2.0-win32.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):9728
          Entropy (8bit):5.0519675883435875
          Encrypted:false
          SSDEEP:
          MD5:36BDF3E282EE81EA2F9A400604A55FF6
          SHA1:032C7337754BD9BDDB71DB20FEADDAD7837E0A29
          SHA-256:C5BF321A3A2AACE7B42014CF78A3D0FB3EEC03B2C8FF00AD72445F56657377AF
          SHA-512:58A99987FB63E392632F855F97F945BFD9DE941788905636807A925B711DB290370965875F1074478CE40EC4CD6F9E671A661E14C14A17DDCEB08DF692FE9C5D
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          • Antivirus: Virustotal, Detection: 0%, Browse
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../.c.N`0.N`0.N`0.Na0.N`0{A=0.N`0.mP0.N`0.Hf0.N`0Gnd0.N`0Rich.N`0........................PE..L....n3T...........!......... ...............0.......................................................................6..k....0.......`.......................p.......................................................0...............................text...>........................... ..`.rdata..k....0......................@..@.data........@......................@....rsrc........`....... ..............@..@.reloc..h....p......."..............@..B................................................................................................................................................................................................................................................................................................................................................

          Static File Info

          General

          File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
          Entropy (8bit):7.991237098195336
          TrID:
          • Win32 Executable (generic) a (10002005/4) 92.16%
          • NSIS - Nullsoft Scriptable Install System (846627/2) 7.80%
          • Generic Win/DOS Executable (2004/3) 0.02%
          • DOS Executable Generic (2002/1) 0.02%
          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
          File name:js8call-2.2.0-win32.exe
          File size:20'165'789 bytes
          MD5:eae3cf1bf43009c0284e8fb9afbd6c09
          SHA1:61cd8c30c01bd0856fe1648ef8b39b049174b8fa
          SHA256:4b341bd6b9ab0dce7666c4a2782580d70e43ca2edec8ebe5c4af427f45111e9b
          SHA512:d88fe8e3afae77a68769aa46a38139c94499f75b7824801e40163ac5982d75454402e7c9642887fbf1236dc2da81e0eea0ed71e62493b9a8954d9a6d7830d0a7
          SSDEEP:393216:14f/Unr5FalTwPO85UbK5J1Svq5MpHuMeEqIUmvobrAK:2/UnrmlKH6iJhwKJ+vA
          TLSH:111733A387915843EEDAB6B7AED8E3786A213F465C94A6D174D0FEA33F7904334041E4
          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1p.:u..iu..iu..i...iw..iu..i...i...id..i!2.i...i...it..iRichu..i........PE..L....n3T.................\...........0.......p....@

          File Icon

          Icon Hash:334c8a8e8eaa6513

          Static PE Info

          General

          Entrypoint:0x4030b6
          Entrypoint Section:.text
          Digitally signed:false
          Imagebase:0x400000
          Subsystem:windows gui
          Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Time Stamp:0x54336EAA [Tue Oct 7 04:40:10 2014 UTC]
          TLS Callbacks:
          CLR (.Net) Version:
          OS Version Major:4
          OS Version Minor:0
          File Version Major:4
          File Version Minor:0
          Subsystem Version Major:4
          Subsystem Version Minor:0
          Import Hash:e160ef8e55bb9d162da4e266afd9eef3

          Entrypoint Preview

          Instruction
          sub esp, 00000184h
          push ebx
          push ebp
          push esi
          xor ebx, ebx
          push edi
          mov dword ptr [esp+18h], ebx
          mov dword ptr [esp+10h], 00409190h
          mov dword ptr [esp+20h], ebx
          mov byte ptr [esp+14h], 00000020h
          call dword ptr [00407034h]
          push 00008001h
          call dword ptr [0040711Ch]
          push ebx
          call dword ptr [0040728Ch]
          push 00000009h
          mov dword ptr [00423798h], eax
          call 00007F58B529FA2Dh
          mov dword ptr [004236E4h], eax
          push ebx
          lea eax, dword ptr [esp+38h]
          push 00000160h
          push eax
          push ebx
          push 0041EC98h
          call dword ptr [00407164h]
          push 00409180h
          push 00422EE0h
          call 00007F58B529F6D7h
          call dword ptr [00407120h]
          mov ebp, 00429000h
          push eax
          push ebp
          call 00007F58B529F6C5h
          push ebx
          call dword ptr [00407118h]
          cmp byte ptr [00429000h], 00000022h
          mov dword ptr [004236E0h], eax
          mov eax, ebp
          jne 00007F58B529CC8Ch
          mov byte ptr [esp+14h], 00000022h
          mov eax, 00429001h
          push dword ptr [esp+14h]
          push eax
          call 00007F58B529F155h
          push eax
          call dword ptr [00407220h]
          mov dword ptr [esp+1Ch], eax
          jmp 00007F58B529CD45h
          cmp cl, 00000020h
          jne 00007F58B529CC88h
          inc eax
          cmp byte ptr [eax], 00000020h
          je 00007F58B529CC7Ch

          Rich Headers

          Programming Language:
          • [EXP] VC++ 6.0 SP5 build 8804

          Data Directories

          NameVirtual AddressVirtual Size Is in Section
          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IMPORT0x73a40xb4.rdata
          IMAGE_DIRECTORY_ENTRY_RESOURCE0x3d0000x4bb28.rsrc
          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IAT0x70000x298.rdata
          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

          Sections

          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
          .text0x10000x5a7c0x5c0071ecbec9470d0e846ce5d68f3bbdbddfFalse0.6614724864130435data6.422249494521571IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          .rdata0x70000x11ce0x1200640f709ec19b4ed0455a4c64e5934d5eFalse0.4520399305555556OpenPGP Secret Key5.23558258677739IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .data0x90000x1a7d80x400bc7151fcf37fc84430446d29785eaf5dFalse0.611328125data4.963740024747551IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
          .ndata0x240000x190000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
          .rsrc0x3d0000x4bb280x4bc00499f83fbc8dab3fd41863dfd685d9792False0.15847063221947194data3.5267877317880676IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

          Resources

          NameRVASizeTypeLanguageCountryZLIB Complexity
          RT_ICON0x3dd300x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/mEnglishUnited States0.10746184786466344
          RT_ICON0x4e5580x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/mEnglishUnited States0.08704010410505146
          RT_ICON0x5ed800x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 36864, resolution 3779 x 3779 px/mEnglishUnited States0.10747319739331511
          RT_ICON0x682280x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 36864, resolution 3779 x 3779 px/mEnglishUnited States0.13393420222829513
          RT_ICON0x716d00x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 3779 x 3779 px/mEnglishUnited States0.18593528578176666
          RT_ICON0x758f80x30cbPNG image data, 256 x 256, 8-bit gray+alpha, non-interlacedEnglishUnited States1.0008806340565206
          RT_ICON0x789c80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 3779 x 3779 px/mEnglishUnited States0.23215767634854773
          RT_ICON0x7af700x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 3779 x 3779 px/mEnglishUnited States0.24139004149377594
          RT_ICON0x7d5180x1a68Device independent bitmap graphic, 40 x 80 x 32, image size 6400, resolution 3779 x 3779 px/mEnglishUnited States0.28772189349112426
          RT_ICON0x7ef800x1a68Device independent bitmap graphic, 40 x 80 x 32, image size 6400, resolution 3779 x 3779 px/mEnglishUnited States0.2980769230769231
          RT_ICON0x809e80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 3779 x 3779 px/mEnglishUnited States0.3595215759849906
          RT_ICON0x81a900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 3779 x 3779 px/mEnglishUnited States0.3578799249530957
          RT_ICON0x82b380x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304, resolution 3779 x 3779 px/mEnglishUnited States0.41065573770491803
          RT_ICON0x834c00x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304, resolution 3779 x 3779 px/mEnglishUnited States0.4077868852459016
          RT_ICON0x83e480x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1600, resolution 3779 x 3779 px/mEnglishUnited States0.4697674418604651
          RT_ICON0x845000x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1600, resolution 3779 x 3779 px/mEnglishUnited States0.4511627906976744
          RT_ICON0x84bb80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 3779 x 3779 px/mEnglishUnited States0.5336879432624113
          RT_ICON0x850200x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 3779 x 3779 px/mEnglishUnited States0.5132978723404256
          RT_DIALOG0x854880xb4dataEnglishUnited States0.6111111111111112
          RT_DIALOG0x855400x120dataEnglishUnited States0.5138888888888888
          RT_DIALOG0x856600x200dataEnglishUnited States0.3984375
          RT_DIALOG0x858600xf8dataEnglishUnited States0.6290322580645161
          RT_DIALOG0x859580xa0dataEnglishUnited States0.60625
          RT_DIALOG0x859f80xeedataEnglishUnited States0.6260504201680672
          RT_DIALOG0x85ae80xb4dataEnglishUnited States0.6888888888888889
          RT_DIALOG0x85ba00x120dataEnglishUnited States0.5381944444444444
          RT_DIALOG0x85cc00x200dataEnglishUnited States0.4140625
          RT_DIALOG0x85ec00xf8dataEnglishUnited States0.6653225806451613
          RT_DIALOG0x85fb80xa0dataEnglishUnited States0.68125
          RT_DIALOG0x860580xeedataEnglishUnited States0.6512605042016807
          RT_DIALOG0x861480xb4dataEnglishUnited States0.6888888888888889
          RT_DIALOG0x862000x120dataEnglishUnited States0.5381944444444444
          RT_DIALOG0x863200x200dataEnglishUnited States0.4140625
          RT_DIALOG0x865200xf8dataEnglishUnited States0.6653225806451613
          RT_DIALOG0x866180xa0dataEnglishUnited States0.68125
          RT_DIALOG0x866b80xeedataEnglishUnited States0.6512605042016807
          RT_DIALOG0x867a80xb4dataEnglishUnited States0.6888888888888889
          RT_DIALOG0x868600x120dataEnglishUnited States0.5381944444444444
          RT_DIALOG0x869800x200dataEnglishUnited States0.4140625
          RT_DIALOG0x86b800xf8dataEnglishUnited States0.6653225806451613
          RT_DIALOG0x86c780xa0dataEnglishUnited States0.68125
          RT_DIALOG0x86d180xeedataEnglishUnited States0.6512605042016807
          RT_DIALOG0x86e080xacdataEnglishUnited States0.6337209302325582
          RT_DIALOG0x86eb80x118dataEnglishUnited States0.5321428571428571
          RT_DIALOG0x86fd00x1f8dataEnglishUnited States0.4027777777777778
          RT_DIALOG0x871c80xf0dataEnglishUnited States0.6666666666666666
          RT_DIALOG0x872b80x98dataEnglishUnited States0.625
          RT_DIALOG0x873500xe6dataEnglishUnited States0.6565217391304348
          RT_DIALOG0x874380xa0dataEnglishUnited States0.60625
          RT_DIALOG0x874d80x10cdataEnglishUnited States0.5111940298507462
          RT_DIALOG0x875e80x1ecdataEnglishUnited States0.3861788617886179
          RT_DIALOG0x877d80xe4dataEnglishUnited States0.6447368421052632
          RT_DIALOG0x878c00x8cdataEnglishUnited States0.5928571428571429
          RT_DIALOG0x879500xdadataEnglishUnited States0.6422018348623854
          RT_DIALOG0x87a300xa0dataEnglishUnited States0.6
          RT_DIALOG0x87ad00x10cdataEnglishUnited States0.5111940298507462
          RT_DIALOG0x87be00x1ecdataEnglishUnited States0.3861788617886179
          RT_DIALOG0x87dd00xe4dataEnglishUnited States0.6359649122807017
          RT_DIALOG0x87eb80x8cdataEnglishUnited States0.5857142857142857
          RT_DIALOG0x87f480xdadataEnglishUnited States0.6376146788990825
          RT_DIALOG0x880280xa4dataEnglishUnited States0.6158536585365854
          RT_DIALOG0x880d00x110dataEnglishUnited States0.5183823529411765
          RT_DIALOG0x881e00x1f0dataEnglishUnited States0.3911290322580645
          RT_DIALOG0x883d00xe8dataEnglishUnited States0.6508620689655172
          RT_DIALOG0x884b80x90dataEnglishUnited States0.6041666666666666
          RT_DIALOG0x885480xdedataEnglishUnited States0.6486486486486487
          RT_GROUP_ICON0x886280x102dataEnglishUnited States0.5
          RT_MANIFEST0x887300x3f5XML 1.0 document, ASCII text, with very long lines (1013), with no line terminatorsEnglishUnited States0.5172754195459033

          Imports

          DLLImport
          KERNEL32.dllGetTickCount, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, SearchPathA, GetShortPathNameA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetEnvironmentVariableA, GetWindowsDirectoryA, GetTempPathA, Sleep, CloseHandle, LoadLibraryA, lstrlenA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, ReadFile, lstrcpyA, lstrcatA, GetSystemDirectoryA, GetVersion, GetProcAddress, GlobalAlloc, CompareFileTime, SetFileTime, ExpandEnvironmentStringsA, lstrcmpiA, lstrcmpA, WaitForSingleObject, GlobalFree, GetExitCodeProcess, GetModuleHandleA, SetErrorMode, GetCommandLineA, LoadLibraryExA, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, WriteFile, FindClose, WritePrivateProfileStringA, MultiByteToWideChar, MulDiv, GetPrivateProfileStringA, FreeLibrary
          USER32.dllCreateWindowExA, EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, GetDC, SystemParametersInfoA, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, DestroyWindow, CreateDialogParamA, SetTimer, GetDlgItem, wsprintfA, SetForegroundWindow, ShowWindow, IsWindow, LoadImageA, SetWindowLongA, SetClipboardData, EmptyClipboard, OpenClipboard, EndPaint, PostQuitMessage, FindWindowExA, SendMessageTimeoutA, SetWindowTextA
          GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
          SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA
          ADVAPI32.dllRegCloseKey, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegEnumValueA, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
          COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
          ole32.dllCoCreateInstance, CoTaskMemFree, OleInitialize, OleUninitialize
          VERSION.dllGetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

          Possible Origin

          Language of compilation systemCountry where language is spokenMap
          EnglishUnited States