Windows Analysis Report
https://downloads.xrite.com/downloads/software/FM100_Scoring_SW/v4.0.7/FM100_HueTest_32-bit_v407.exe

Overview

General Information

Sample URL: https://downloads.xrite.com/downloads/software/FM100_Scoring_SW/v4.0.7/FM100_HueTest_32-bit_v407.exe
Analysis ID: 1431062
Infos:

Detection

Score: 10
Range: 0 - 100
Whitelisted: false
Confidence: 0%

Signatures

Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Usage Of Web Request Commands And Cmdlets
Stores files to the Windows start menu directory
Uses code obfuscation techniques (call, push, ret)
Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Source: unknown HTTPS traffic detected: 18.154.206.90:443 -> 192.168.2.5:49705 version: TLS 1.2
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdbDD source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3341574654.000000006D10D000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtsvg\plugins\imageformats\qsvg.pdb source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3342686574.000000006E483000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdb source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3336788671.000000006B8A0000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\printsupport\windowsprintersupport.pdb"" source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3343378148.000000006E636000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdb source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3341574654.000000006D10D000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3342958874.000000006E494000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qgif.pdb source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3343959634.0000000073AF5000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\printsupport\windowsprintersupport.pdb source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3343378148.000000006E636000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtga.pdb source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3342444220.000000006E473000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: *.pdbom source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3328580153.0000000003E40000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtsvg\lib\Qt5Svg.pdb source: FM100_HueTest_32-bit_v407.tmp, 00000005.00000003.2441887140.0000000006084000.00000004.00001000.00020000.00000000.sdmp, Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3340397822.000000006C377000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qicns.pdb source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3343698383.000000006E646000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qgif.pdb!! source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3343959634.0000000073AF5000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Sql.pdb source: FM100_HueTest_32-bit_v407.tmp, 00000005.00000003.2441887140.0000000006084000.00000004.00001000.00020000.00000000.sdmp, Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3337858411.000000006B9A9000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\styles\qwindowsvistastyle.pdb%% source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3335932267.000000006B2E6000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\styles\qwindowsvistastyle.pdb source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3335932267.000000006B2E6000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5PrintSupport.pdb44 source: FM100_HueTest_32-bit_v407.tmp, 00000005.00000003.2441887140.0000000006084000.00000004.00001000.00020000.00000000.sdmp, Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3340661810.000000006C3BC000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwebp.pdb source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3341266574.000000006D0C3000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb"" source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3342958874.000000006E494000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Sql.pdb22 source: FM100_HueTest_32-bit_v407.tmp, 00000005.00000003.2441887140.0000000006084000.00000004.00001000.00020000.00000000.sdmp, Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3337858411.000000006B9A9000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Gui.pdb source: FM100_HueTest_32-bit_v407.tmp, 00000005.00000003.2441887140.0000000006084000.00000004.00001000.00020000.00000000.sdmp, Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3339507279.000000006C11B000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\sqldrivers\qsqlite.pdb source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3340982635.000000006D04F000.00000002.00000001.01000000.0000001F.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5PrintSupport.pdb source: FM100_HueTest_32-bit_v407.tmp, 00000005.00000003.2441887140.0000000006084000.00000004.00001000.00020000.00000000.sdmp, Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3340661810.000000006C3BC000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdbTT source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3341849568.000000006E225000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: <glob pattern="*.pdb"/> source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000003.2614217945.0000000003C19000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\sqldrivers\qsqlite.pdb!! source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3340982635.000000006D04F000.00000002.00000001.01000000.0000001F.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtsvg\lib\Qt5Svg.pdb,, source: FM100_HueTest_32-bit_v407.tmp, 00000005.00000003.2441887140.0000000006084000.00000004.00001000.00020000.00000000.sdmp, Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3340397822.000000006C377000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Widgets.pdb source: FM100_HueTest_32-bit_v407.tmp, 00000005.00000003.2441887140.0000000005F20000.00000004.00001000.00020000.00000000.sdmp, Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3338337083.000000006BC76000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qwindows.pdb source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3336232454.000000006B3D2000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdb source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3341849568.000000006E225000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwbmp.pdb source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3342199429.000000006E463000.00000002.00000001.01000000.0000001A.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdbE source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3336788671.000000006B8A0000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: *.pdbA source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3329141458.0000000003FD9000.00000004.00000020.00020000.00000000.sdmp
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /downloads/software/FM100_Scoring_SW/v4.0.7/FM100_HueTest_32-bit_v407.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like GeckoAccept: */*Accept-Encoding: identityHost: downloads.xrite.comConnection: Keep-Alive
Source: global traffic DNS traffic detected: DNS query: downloads.xrite.com
Source: wget.exe, 00000002.00000003.2085211195.0000000000BBE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2085211195.0000000000BB6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: wget.exe, 00000002.00000003.2085211195.0000000000BBE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2085211195.0000000000BB6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: wget.exe, 00000002.00000003.2085211195.0000000000BBE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2085211195.0000000000BB6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: wget.exe, 00000002.00000003.2085211195.0000000000BBE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2085211195.0000000000BB6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: wget.exe, 00000002.00000003.2085211195.0000000000BBE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2085211195.0000000000BB6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3332138336.00000000044B0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ns.adob
Source: wget.exe, 00000002.00000003.2085211195.0000000000BBE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2085211195.0000000000BB6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0
Source: wget.exe, 00000002.00000003.2085211195.0000000000BBE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2085211195.0000000000BB6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0A
Source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3332502972.0000000005EAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://purl.or
Source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3332502972.0000000005EAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://purl.ora
Source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3332502972.0000000005EAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://purl.orc
Source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3332502972.0000000005EAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://purl.ore
Source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3332502972.0000000005EAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://purl.ori
Source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3332502972.0000000005EAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://purl.orm
Source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3332502972.0000000005EAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://purl.oro
Source: wget.exe, 00000002.00000003.2088683896.0000000000BC4000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2085211195.0000000000BBE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.2089360796.0000000000BC5000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2085211195.0000000000BB6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2088435716.0000000000BC1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: wget.exe, 00000002.00000003.2088683896.0000000000BC4000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2085211195.0000000000BBE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.2089360796.0000000000BC5000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2085211195.0000000000BB6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2088435716.0000000000BC1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://s.symcd.com06
Source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000003.2614217945.0000000003C19000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://schema.omg.org/spec/XMI/2.0
Source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000003.2614217945.0000000003C19000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://schema.omg.org/spec/XMI/2.1
Source: splwow64.exe, 00000008.00000003.2506250353.000000000294F000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2534302490.000000000294F000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2549917292.000000000294F000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2513415515.000000000294F000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2544933218.000000000294F000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2548147285.000000000294F000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2512905032.000000000294F000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2578310209.000000000294F000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2506796712.000000000294F000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2535982708.000000000294F000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2584655420.000000000294F000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2577835325.000000000294F000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2545567719.000000000294F000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2533562085.000000000294F000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2520330402.000000000294F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://schemas.mi
Source: splwow64.exe, 00000008.00000003.2579412835.00000000028F5000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2593636496.00000000028F3000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2579930612.00000000028F9000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2597157108.00000000028F9000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2535204974.00000000028F9000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000002.3326083470.00000000028F9000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2506250353.000000000294F000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2518682433.00000000028E4000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2506434588.00000000028E8000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2608306612.00000000028F9000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2595746792.00000000028F9000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2525603369.00000000028F3000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2513415515.000000000294F000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2544933218.00000000028F3000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2492316502.00000000028FD000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2609479214.00000000028F9000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2493584348.00000000028FD000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2604952735.00000000028F9000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2491268495.00000000028F3000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2512905032.000000000294F000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2545567719.00000000028F9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://schemas.mic
Source: splwow64.exe, 00000008.00000003.2492316502.00000000028FD000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2491268495.00000000028F3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://schemas.mic(F
Source: splwow64.exe, 00000008.00000003.2579412835.00000000028F5000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2593636496.00000000028F3000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2579930612.00000000028F9000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2597157108.00000000028F9000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2535204974.00000000028F9000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000002.3326083470.00000000028F9000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2518682433.00000000028E4000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2506434588.00000000028E8000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2608306612.00000000028F9000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2595746792.00000000028F9000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2525603369.00000000028F3000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2544933218.00000000028F3000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2492316502.00000000028FD000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2609479214.00000000028F9000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2493584348.00000000028FD000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2604952735.00000000028F9000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2491268495.00000000028F3000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2545567719.00000000028F9000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2577978016.00000000028F5000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2584588002.00000000028F9000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2594479858.00000000028F9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://schemas.mic9F
Source: splwow64.exe, 00000008.00000003.2492399926.00000000028EF000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2492788331.00000000028EF000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2491859868.00000000028EA000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2497392107.00000000028EA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://schemas.micr
Source: splwow64.exe, 00000008.00000003.2611416572.0000000003063000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2611932827.0000000003063000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2537713024.0000000003063000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2552522173.000000000305F000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2598304042.0000000003063000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2552797492.0000000003061000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2537146223.0000000003062000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2537211176.0000000003063000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2583177981.0000000003063000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2510833832.0000000002E93000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2510347400.0000000002E92000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2510408064.0000000002E93000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2582372266.0000000003063000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2597865510.0000000003063000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://schemas.micro
Source: splwow64.exe, 00000008.00000003.2492316502.00000000028FD000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2493584348.00000000028FD000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2491268495.00000000028F3000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2497392107.00000000028FD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://schemas.microso
Source: splwow64.exe, 00000008.00000003.2492399926.00000000028EF000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2491859868.00000000028EA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://schemas.microsof
Source: splwow64.exe, 00000008.00000003.2549917292.000000000294F000.00000004.00000020.00020000.00000000.sdmp, splwow64.exe, 00000008.00000003.2548147285.000000000294F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://schemas.microsoft.indows/2015/02/printing/printschemakeywords/microsoftprinttopdf
Source: wget.exe, 00000002.00000003.2088683896.0000000000BC4000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2085211195.0000000000BBE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.2089360796.0000000000BC5000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2085211195.0000000000BB6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2088435716.0000000000BC1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: wget.exe, 00000002.00000003.2088683896.0000000000BC4000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2085211195.0000000000BBE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.2089360796.0000000000BC5000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2085211195.0000000000BB6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2088435716.0000000000BC1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: wget.exe, 00000002.00000003.2088683896.0000000000BC4000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2085211195.0000000000BBE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.2089360796.0000000000BC5000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2085211195.0000000000BB6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2088435716.0000000000BC1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000003.2614217945.0000000003C19000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.abisource.com/awml.dtd
Source: FM100_HueTest_32-bit_v407.tmp, 00000005.00000003.2441887140.0000000006084000.00000004.00001000.00020000.00000000.sdmp, Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3339507279.000000006C11B000.00000002.00000001.01000000.0000000B.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: FM100_HueTest_32-bit_v407.tmp, 00000005.00000003.2441887140.0000000006084000.00000004.00001000.00020000.00000000.sdmp, Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3339507279.000000006C11B000.00000002.00000001.01000000.0000000B.sdmp String found in binary or memory: http://www.color.org)
Source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000003.2614217945.0000000003C19000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.daa.com.au/~james/dia-shape-ns
Source: wget.exe, 00000002.00000003.2085211195.0000000000BBE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2085211195.0000000000BB6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.digicert.com/CPS0
Source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3325569603.0000000001203000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.freedesktop.org/standards/sha
Source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000003.2614217945.0000000003C19000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.freedesktop.org/standards/shared-mime-info
Source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000003.2614217945.0000000003C19000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.gribuser.ru/xml/fictionbook/2.0
Source: FM100_HueTest_32-bit_v407.exe, 00000004.00000003.2107075735.0000000002520000.00000004.00001000.00020000.00000000.sdmp, FM100_HueTest_32-bit_v407.exe, 00000004.00000003.2107309173.000000007FD20000.00000004.00001000.00020000.00000000.sdmp, FM100_HueTest_32-bit_v407.tmp, 00000005.00000000.2108000988.0000000000401000.00000020.00000001.01000000.00000004.sdmp String found in binary or memory: http://www.innosetup.com/
Source: FM100_HueTest_32-bit_v407.exe, 00000004.00000000.2105956847.0000000000401000.00000020.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000003.2614217945.0000000003C19000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.lysator.liu.se/~alla/dia/
Source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000003.2614217945.0000000003C19000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.metalinker.org/
Source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000003.2614217945.0000000003C19000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000003.2614217945.0000000003C19000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.opengis.net/gml/3.2
Source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000003.2614217945.0000000003C19000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.opengis.net/kml/2.2
Source: FM100_HueTest_32-bit_v407.exe, 00000004.00000003.2107075735.0000000002520000.00000004.00001000.00020000.00000000.sdmp, FM100_HueTest_32-bit_v407.exe, 00000004.00000003.2107309173.000000007FD20000.00000004.00001000.00020000.00000000.sdmp, FM100_HueTest_32-bit_v407.tmp, 00000005.00000000.2108000988.0000000000401000.00000020.00000001.01000000.00000004.sdmp String found in binary or memory: http://www.remobjects.com/ps
Source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000003.2614217945.0000000003C19000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.topografix.com/GPX/1/0
Source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000003.2614217945.0000000003C19000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.topografix.com/GPX/1/1
Source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3332138336.00000000044B0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.w3.
Source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000003.2614217945.0000000003C19000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xspf.org/ns/0/
Source: wget.exe, 00000002.00000003.2088683896.0000000000BC4000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2085211195.0000000000BBE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.2089360796.0000000000BC5000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2085211195.0000000000BB6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2088435716.0000000000BC1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://d.symcb.com/cps0%
Source: wget.exe, 00000002.00000003.2088683896.0000000000BC4000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2085211195.0000000000BBE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.2089360796.0000000000BC5000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2085211195.0000000000BB6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2088435716.0000000000BC1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://d.symcb.com/rpa0
Source: wget.exe, 00000002.00000003.2088683896.0000000000BC4000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2085211195.0000000000BBE000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.2089360796.0000000000BC5000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2085211195.0000000000BB6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2088435716.0000000000BC1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://d.symcb.com/rpa0.
Source: wget.exe, 00000002.00000002.2089379637.0000000000CE8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://downloads.xrite.com/downloads/software/FM100_Scoring_SW/v4.0.7/FM100_H
Source: wget.exe, 00000002.00000002.2089509546.00000000013B5000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2088435716.0000000000BC1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://downloads.xrite.com/downloads/software/FM100_Scoring_SW/v4.0.7/FM100_HueTest_32-bit_v407.exe
Source: FM100_HueTest_32-bit_v407.tmp, 00000005.00000003.2109027993.00000000031B0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.xrite.com/
Source: FM100_HueTest_32-bit_v407.exe, 00000004.00000003.2451203509.0000000002291000.00000004.00001000.00020000.00000000.sdmp, FM100_HueTest_32-bit_v407.tmp, 00000005.00000003.2446466511.00000000022BA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.xrite.com/1
Source: FM100_HueTest_32-bit_v407.tmp, 00000005.00000003.2446466511.00000000022BA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.xrite.com/q
Source: unknown Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown HTTPS traffic detected: 18.154.206.90:443 -> 192.168.2.5:49705 version: TLS 1.2
Contains functionality to call native functions
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_6B336990 ??0?$QVector@VQPointF@@@@QAE@XZ,??4QString@@QAEAAV0@ABV0@@Z,??1QString@@QAE@XZ,?utf16@QString@@QBEPBGXZ,?load@QSystemLibrary@@SAPAUHINSTANCE__@@PB_W_N@Z,GetProcAddress,NtProtectVirtualMemory, 7_2_6B336990
Detected potential crypto function
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_00C81251 7_2_00C81251
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_00C803F0 7_2_00C803F0
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_00C97380 7_2_00C97380
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_00C7B450 7_2_00C7B450
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_00C76C50 7_2_00C76C50
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_00C6FDB0 7_2_00C6FDB0
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_00C97E00 7_2_00C97E00
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_00C98E20 7_2_00C98E20
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_6B2E1AD0 7_2_6B2E1AD0
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_6B2D19E0 7_2_6B2D19E0
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_6B2E2C40 7_2_6B2E2C40
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_6B2D97F0 7_2_6B2D97F0
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_6B2E16F0 7_2_6B2E16F0
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_6B2D5408 7_2_6B2D5408
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_6B346B20 7_2_6B346B20
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_6B308B50 7_2_6B308B50
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_6B35E970 7_2_6B35E970
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_6B36C970 7_2_6B36C970
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_6B3C2967 7_2_6B3C2967
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_6B35C940 7_2_6B35C940
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_6B3969A0 7_2_6B3969A0
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_6B3C48B0 7_2_6B3C48B0
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_6B3748A0 7_2_6B3748A0
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_6B3A08C0 7_2_6B3A08C0
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_6B36EF00 7_2_6B36EF00
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_6B3A2F00 7_2_6B3A2F00
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_6B316FA0 7_2_6B316FA0
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_6B396FC0 7_2_6B396FC0
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_6B3C4E50 7_2_6B3C4E50
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_6B3B2ED0 7_2_6B3B2ED0
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_6B378D20 7_2_6B378D20
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_6B366C90 7_2_6B366C90
Found potential string decryption / allocating functions
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: String function: 00C8B540 appears 101 times
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: String function: 00C767F0 appears 104 times
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: String function: 00C7FB10 appears 60 times
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: String function: 00CA73C0 appears 70 times
PE file contains executable resources (Code or Archives)
Source: FM100_HueTest_32-bit_v407.tmp.4.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: FM100_HueTest_32-bit_v407.tmp.4.dr Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: is-HFNJP.tmp.5.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-HFNJP.tmp.5.dr Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: wget.exe, 00000002.00000002.2089379637.0000000000CE8000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: XE;.BAT;.CMD;.VBppDB
Source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3336788671.000000006B770000.00000002.00000001.01000000.0000000E.sdmp Binary or memory string: com.slnishinomiya.hyogo.jpkustanai.rucom.snpassenger-association.aerocom.sotsushima.nagasaki.jpcom.stuy.comx.seisa-geek.comcom.sv
Source: classification engine Classification label: clean10.win@11/1265@1/1
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_6B332B70 ?cleanPath@QDir@@SA?AVQString@@ABV2@@Z,??1QString@@QAE@XZ,??0?$QVector@VQPointF@@@@QAE@XZ,CoCreateInstance,?cleanPath@QDir@@SA?AVQString@@ABV2@@Z,??4QUrl@@QAEAAV0@$$QAV0@@Z,??1QString@@QAE@XZ,??1QString@@QAE@XZ,??0?$QVector@VQPointF@@@@QAE@XZ, 7_2_6B332B70
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe File created: C:\Users\user\Desktop\cmdline.out Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4400:120:WilError_03
Source: C:\Users\user\Desktop\download\FM100_HueTest_32-bit_v407.exe File created: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp Jump to behavior
Source: C:\Users\user\Desktop\download\FM100_HueTest_32-bit_v407.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File read: C:\Program Files (x86)\desktop.ini Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization Jump to behavior
Source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3340982635.000000006D04F000.00000002.00000001.01000000.0000001F.sdmp Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3340982635.000000006D04F000.00000002.00000001.01000000.0000001F.sdmp Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3340982635.000000006D04F000.00000002.00000001.01000000.0000001F.sdmp Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3340982635.000000006D04F000.00000002.00000001.01000000.0000001F.sdmp Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3340982635.000000006D04F000.00000002.00000001.01000000.0000001F.sdmp Binary or memory string: UPDATE %Q.%s SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3340982635.000000006D04F000.00000002.00000001.01000000.0000001F.sdmp Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3340982635.000000006D04F000.00000002.00000001.01000000.0000001F.sdmp Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: Farnsworth-Munsell 100 Hue Test.exe String found in binary or memory: :/Images/add.png
Source: Farnsworth-Munsell 100 Hue Test.exe String found in binary or memory: :/Images/add-selected.png
Source: Farnsworth-Munsell 100 Hue Test.exe String found in binary or memory: <!--StartFragment-->
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://downloads.xrite.com/downloads/software/FM100_Scoring_SW/v4.0.7/FM100_HueTest_32-bit_v407.exe" > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://downloads.xrite.com/downloads/software/FM100_Scoring_SW/v4.0.7/FM100_HueTest_32-bit_v407.exe"
Source: unknown Process created: C:\Users\user\Desktop\download\FM100_HueTest_32-bit_v407.exe "C:\Users\user\Desktop\download\FM100_HueTest_32-bit_v407.exe"
Source: C:\Users\user\Desktop\download\FM100_HueTest_32-bit_v407.exe Process created: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp "C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp" /SL5="$2048E,14043495,139776,C:\Users\user\Desktop\download\FM100_HueTest_32-bit_v407.exe"
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Process created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe "C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe"
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://downloads.xrite.com/downloads/software/FM100_Scoring_SW/v4.0.7/FM100_HueTest_32-bit_v407.exe" Jump to behavior
Source: C:\Users\user\Desktop\download\FM100_HueTest_32-bit_v407.exe Process created: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp "C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp" /SL5="$2048E,14043495,139776,C:\Users\user\Desktop\download\FM100_HueTest_32-bit_v407.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Process created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe "C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe" Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\Desktop\download\FM100_HueTest_32-bit_v407.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\download\FM100_HueTest_32-bit_v407.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Section loaded: msftedit.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Section loaded: windows.globalization.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Section loaded: bcp47mrm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Section loaded: globinputhost.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Section loaded: windows.ui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Section loaded: windowmanagementapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Section loaded: inputhost.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Section loaded: sfc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Section loaded: linkinfo.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Section loaded: ntshrui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Section loaded: cscapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Section loaded: netutils.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: qt5printsupport.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: qt5svg.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: qt5widgets.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: qt5gui.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: qt5sql.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: qt5core.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: msvcp140.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: qt5widgets.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: qt5gui.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: qt5core.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: qt5core.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: msvcp140.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: qt5core.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: msvcp140.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: qt5core.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: version.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: msvcp140.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: netprofm.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: npmproxy.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: d3d9.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: d3d10warp.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: dataexchange.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32 Jump to behavior
Source: Farnsworth-Munsell 100 Hue Test.lnk.5.dr LNK file: ..\..\..\..\..\..\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Window found: window name: TSelectLanguageForm Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Automated click: OK
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Automated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdbDD source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3341574654.000000006D10D000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtsvg\plugins\imageformats\qsvg.pdb source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3342686574.000000006E483000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdb source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3336788671.000000006B8A0000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\printsupport\windowsprintersupport.pdb"" source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3343378148.000000006E636000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdb source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3341574654.000000006D10D000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3342958874.000000006E494000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qgif.pdb source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3343959634.0000000073AF5000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\printsupport\windowsprintersupport.pdb source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3343378148.000000006E636000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtga.pdb source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3342444220.000000006E473000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: *.pdbom source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3328580153.0000000003E40000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtsvg\lib\Qt5Svg.pdb source: FM100_HueTest_32-bit_v407.tmp, 00000005.00000003.2441887140.0000000006084000.00000004.00001000.00020000.00000000.sdmp, Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3340397822.000000006C377000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qicns.pdb source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3343698383.000000006E646000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qgif.pdb!! source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3343959634.0000000073AF5000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Sql.pdb source: FM100_HueTest_32-bit_v407.tmp, 00000005.00000003.2441887140.0000000006084000.00000004.00001000.00020000.00000000.sdmp, Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3337858411.000000006B9A9000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\styles\qwindowsvistastyle.pdb%% source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3335932267.000000006B2E6000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\styles\qwindowsvistastyle.pdb source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3335932267.000000006B2E6000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5PrintSupport.pdb44 source: FM100_HueTest_32-bit_v407.tmp, 00000005.00000003.2441887140.0000000006084000.00000004.00001000.00020000.00000000.sdmp, Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3340661810.000000006C3BC000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwebp.pdb source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3341266574.000000006D0C3000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb"" source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3342958874.000000006E494000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Sql.pdb22 source: FM100_HueTest_32-bit_v407.tmp, 00000005.00000003.2441887140.0000000006084000.00000004.00001000.00020000.00000000.sdmp, Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3337858411.000000006B9A9000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Gui.pdb source: FM100_HueTest_32-bit_v407.tmp, 00000005.00000003.2441887140.0000000006084000.00000004.00001000.00020000.00000000.sdmp, Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3339507279.000000006C11B000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\sqldrivers\qsqlite.pdb source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3340982635.000000006D04F000.00000002.00000001.01000000.0000001F.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5PrintSupport.pdb source: FM100_HueTest_32-bit_v407.tmp, 00000005.00000003.2441887140.0000000006084000.00000004.00001000.00020000.00000000.sdmp, Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3340661810.000000006C3BC000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdbTT source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3341849568.000000006E225000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: <glob pattern="*.pdb"/> source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000003.2614217945.0000000003C19000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\sqldrivers\qsqlite.pdb!! source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3340982635.000000006D04F000.00000002.00000001.01000000.0000001F.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtsvg\lib\Qt5Svg.pdb,, source: FM100_HueTest_32-bit_v407.tmp, 00000005.00000003.2441887140.0000000006084000.00000004.00001000.00020000.00000000.sdmp, Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3340397822.000000006C377000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Widgets.pdb source: FM100_HueTest_32-bit_v407.tmp, 00000005.00000003.2441887140.0000000005F20000.00000004.00001000.00020000.00000000.sdmp, Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3338337083.000000006BC76000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qwindows.pdb source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3336232454.000000006B3D2000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdb source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3341849568.000000006E225000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwbmp.pdb source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3342199429.000000006E463000.00000002.00000001.01000000.0000001A.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdbE source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3336788671.000000006B8A0000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: *.pdbA source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3329141458.0000000003FD9000.00000004.00000020.00020000.00000000.sdmp
Contains functionality to dynamically determine API calls
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_6B33CDF0 ?window@QPlatformWindow@@QBEPAVQWindow@@XZ,?qgetenv@@YA?AVQByteArray@@PBD@Z,??4QByteArray@@QAEAAV0@ABV0@@Z,?toLower@QByteArray@@QGBE?AV1@XZ,??4QUrl@@QAEAAV0@$$QAV0@@Z,??1QByteArray@@QAE@XZ,?isDebugEnabled@QLoggingCategory@@QBE_NXZ,??0QMessageLogger@@QAE@PBDH00@Z,?debug@QMessageLogger@@QBE?AVQDebug@@XZ,??6QDebug@@QAEAAV0@PBD@Z,??6QDebug@@QAEAAV0@ABVQByteArray@@@Z,??1QDebug@@QAE@XZ,??BQByteArray@@QBEPBDXZ,LoadLibraryA,LoadLibraryA,??BQByteArray@@QBEPBDXZ,GetLastError,?qErrnoWarning@@YAXHPBDZZ,??1QByteArray@@QAE@XZ,??1QByteArray@@QAE@XZ,??1QByteArray@@QAE@XZ,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 7_2_6B33CDF0
PE file contains sections with non-standard names
Source: is-NNQ02.tmp.5.dr Static PE information: section name: .qtmetad
Source: is-VE6RN.tmp.5.dr Static PE information: section name: .qtmetad
Source: is-26ESB.tmp.5.dr Static PE information: section name: .qtmetad
Source: is-V75EJ.tmp.5.dr Static PE information: section name: .qtmetad
Source: is-E76M3.tmp.5.dr Static PE information: section name: .qtmetad
Source: is-80S1U.tmp.5.dr Static PE information: section name: _RDATA
Source: is-0OA6J.tmp.5.dr Static PE information: section name: .qtmetad
Source: is-LLB6R.tmp.5.dr Static PE information: section name: .qtmetad
Source: is-4RL8F.tmp.5.dr Static PE information: section name: .qtmetad
Source: is-RD8HQ.tmp.5.dr Static PE information: section name: .qtmetad
Source: is-N8M6P.tmp.5.dr Static PE information: section name: .qtmetad
Source: is-HH4ER.tmp.5.dr Static PE information: section name: .qtmetad
Source: is-SV5JB.tmp.5.dr Static PE information: section name: .qtmetad
Source: is-OSKN4.tmp.5.dr Static PE information: section name: .qtmetad
Source: is-SPNC8.tmp.5.dr Static PE information: section name: .qtmetad
Source: is-76014.tmp.5.dr Static PE information: section name: .qtmetad
Source: is-76014.tmp.5.dr Static PE information: section name: _RDATA
Source: is-1JAHE.tmp.5.dr Static PE information: section name: .qtmetad
Source: is-2SSH6.tmp.5.dr Static PE information: section name: .qtmetad
Uses code obfuscation techniques (call, push, ret)
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_00C7A102 push dword ptr [ecx+ebx-75h]; iretd 7_2_00C7A119
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_00CACC76 push ecx; ret 7_2_00CACC89
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_00C7DD22 push esp; retf 7_2_00C7DD23
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_00C68FFD push dword ptr [ebp+edx-75h]; iretd 7_2_00C6900B
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_00C79FFC push es; retf 7_2_00C79FFD
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_6B2E38D0 push ecx; mov dword ptr [esp], 00000000h 7_2_6B2E38D1
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_6B2E50F6 push ecx; ret 7_2_6B2E5109
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_6B312801 pushad ; ret 7_2_6B312803
Drops PE files
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\is-DU63R.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\imageformats\is-OSKN4.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Qt5Core.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\imageformats\is-76014.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\imageformats\is-HH4ER.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\sqldrivers\qsqlodbc.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\imageformats\qjpeg.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Qt5Gui.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\imageformats\qwebp.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\printsupport\is-2SSH6.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\imageformats\is-4RL8F.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\sqldrivers\qsqlmysql.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\imageformats\qgif.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\sqldrivers\is-VE6RN.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\imageformats\qtiff.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Qt5Sql.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\is-J5JNS.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\is-OIKVU.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\imageformats\qicns.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\printsupport\windowsprintersupport.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\is-IHB33.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\is-SPRN6.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Qt5Widgets.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\imageformats\is-N8M6P.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\is-CSRRK.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Qt5PrintSupport.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\opengl32sw.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Users\user\AppData\Local\Temp\is-0R3CD.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\imageformats\qsvg.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\sqldrivers\qsqlite.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\iconengines\is-0OA6J.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\iconengines\qsvgicon.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\libEGL.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\styles\qwindowsvistastyle.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\d3dcompiler_47.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\imageformats\is-SPNC8.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\is-HFNJP.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\sqldrivers\qsqlpsql.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Users\user\AppData\Local\Temp\is-0R3CD.tmp\_isetup\_shfoldr.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\styles\is-E76M3.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\libGLESV2.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\imageformats\is-LLB6R.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\platforms\qwindows.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Qt5Svg.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\is-INFOL.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\imageformats\is-SV5JB.tmp Jump to dropped file
Source: C:\Users\user\Desktop\download\FM100_HueTest_32-bit_v407.exe File created: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\platforms\is-1JAHE.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\is-QSTCC.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\imageformats\qtga.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\is-5HL0H.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\imageformats\is-RD8HQ.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\sqldrivers\is-NNQ02.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\sqldrivers\is-26ESB.tmp Jump to dropped file
Source: C:\Windows\SysWOW64\wget.exe File created: C:\Users\user\Desktop\download\FM100_HueTest_32-bit_v407.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\imageformats\qico.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\imageformats\qwbmp.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\unins000.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\is-3PPH8.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\is-80S1U.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\sqldrivers\is-V75EJ.tmp Jump to dropped file
Stores files to the Windows start menu directory
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farnsworth-Munsell 100 Hue Test Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.lnk Jump to behavior
Extensive use of GetProcAddress (often used to hide API calls)
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_6B33CDF0 ?window@QPlatformWindow@@QBEPAVQWindow@@XZ,?qgetenv@@YA?AVQByteArray@@PBD@Z,??4QByteArray@@QAEAAV0@ABV0@@Z,?toLower@QByteArray@@QGBE?AV1@XZ,??4QUrl@@QAEAAV0@$$QAV0@@Z,??1QByteArray@@QAE@XZ,?isDebugEnabled@QLoggingCategory@@QBE_NXZ,??0QMessageLogger@@QAE@PBDH00@Z,?debug@QMessageLogger@@QBE?AVQDebug@@XZ,??6QDebug@@QAEAAV0@PBD@Z,??6QDebug@@QAEAAV0@ABVQByteArray@@@Z,??1QDebug@@QAE@XZ,??BQByteArray@@QBEPBDXZ,LoadLibraryA,LoadLibraryA,??BQByteArray@@QBEPBDXZ,GetLastError,?qErrnoWarning@@YAXHPBDZZ,??1QByteArray@@QAE@XZ,??1QByteArray@@QAE@XZ,??1QByteArray@@QAE@XZ,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 7_2_6B33CDF0
Source: C:\Users\user\Desktop\download\FM100_HueTest_32-bit_v407.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Window / User API: foregroundWindowGot 1520 Jump to behavior
Source: C:\Windows\splwow64.exe Window / User API: threadDelayed 5141 Jump to behavior
Source: C:\Windows\splwow64.exe Window / User API: threadDelayed 4681 Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\is-DU63R.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\imageformats\is-OSKN4.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\imageformats\is-76014.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\imageformats\is-HH4ER.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\sqldrivers\qsqlodbc.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\imageformats\qjpeg.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\imageformats\qwebp.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\printsupport\is-2SSH6.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\imageformats\is-4RL8F.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\sqldrivers\qsqlmysql.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\imageformats\qgif.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\sqldrivers\is-VE6RN.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\imageformats\qtiff.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\is-OIKVU.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\imageformats\qicns.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\printsupport\windowsprintersupport.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\is-IHB33.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\is-SPRN6.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\imageformats\is-N8M6P.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\is-CSRRK.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\opengl32sw.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-0R3CD.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\imageformats\qsvg.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\sqldrivers\qsqlite.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\iconengines\is-0OA6J.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\iconengines\qsvgicon.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\libEGL.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\styles\qwindowsvistastyle.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\d3dcompiler_47.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\imageformats\is-SPNC8.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\is-HFNJP.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\sqldrivers\qsqlpsql.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-0R3CD.tmp\_isetup\_shfoldr.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\styles\is-E76M3.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\libGLESV2.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\imageformats\is-LLB6R.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\platforms\qwindows.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\is-INFOL.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\imageformats\is-SV5JB.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\platforms\is-1JAHE.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\is-QSTCC.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\is-5HL0H.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\imageformats\qtga.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\imageformats\is-RD8HQ.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\sqldrivers\is-NNQ02.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\sqldrivers\is-26ESB.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\imageformats\qico.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\unins000.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\imageformats\qwbmp.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\is-80S1U.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\is-3PPH8.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\sqldrivers\is-V75EJ.tmp Jump to dropped file
Queries keyboard layouts
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809 Jump to behavior
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\splwow64.exe Last function: Thread delayed
Source: C:\Windows\splwow64.exe Last function: Thread delayed
Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_6B30BBB0 GetKeyboardLayoutList followed by cmp: cmp ecx, 59h and CTI: jnbe 6B30BD32h 7_2_6B30BBB0
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_6B30BBB0 GetKeyboardLayoutList followed by cmp: cmp eax, ebx and CTI: jl 6B30BD14h 7_2_6B30BBB0
Source: C:\Windows\splwow64.exe Thread delayed: delay time: 120000 Jump to behavior
Source: C:\Windows\splwow64.exe Thread delayed: delay time: 120000 Jump to behavior
Source: FM100_HueTest_32-bit_v407.tmp, 00000005.00000003.2447738077.00000000005F0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3340182729.000000006C318000.00000004.00000001.01000000.0000000B.sdmp Binary or memory string: l.?AVQEmulationPaintEngine@@
Source: wget.exe, 00000002.00000002.2089379637.0000000000CE8000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: FM100_HueTest_32-bit_v407.tmp, 00000005.00000003.2447738077.00000000005F0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}ms
Source: FM100_HueTest_32-bit_v407.tmp, 00000005.00000003.2441887140.0000000006084000.00000004.00001000.00020000.00000000.sdmp, Farnsworth-Munsell 100 Hue Test.exe, 00000007.00000002.3340182729.000000006C318000.00000004.00000001.01000000.0000000B.sdmp Binary or memory string: .?AVQEmulationPaintEngine@@
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Process information queried: ProcessInformation Jump to behavior
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_00CACA47 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 7_2_00CACA47
Contains functionality to dynamically determine API calls
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_6B33CDF0 ?window@QPlatformWindow@@QBEPAVQWindow@@XZ,?qgetenv@@YA?AVQByteArray@@PBD@Z,??4QByteArray@@QAEAAV0@ABV0@@Z,?toLower@QByteArray@@QGBE?AV1@XZ,??4QUrl@@QAEAAV0@$$QAV0@@Z,??1QByteArray@@QAE@XZ,?isDebugEnabled@QLoggingCategory@@QBE_NXZ,??0QMessageLogger@@QAE@PBDH00@Z,?debug@QMessageLogger@@QBE?AVQDebug@@XZ,??6QDebug@@QAEAAV0@PBD@Z,??6QDebug@@QAEAAV0@ABVQByteArray@@@Z,??1QDebug@@QAE@XZ,??BQByteArray@@QBEPBDXZ,LoadLibraryA,LoadLibraryA,??BQByteArray@@QBEPBDXZ,GetLastError,?qErrnoWarning@@YAXHPBDZZ,??1QByteArray@@QAE@XZ,??1QByteArray@@QAE@XZ,??1QByteArray@@QAE@XZ,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 7_2_6B33CDF0
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_00CAC670 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 7_2_00CAC670
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_00CACA47 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 7_2_00CACA47
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_00CACBDC SetUnhandledExceptionFilter, 7_2_00CACBDC
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_6B2E4F78 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 7_2_6B2E4F78
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_6B2E512E SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 7_2_6B2E512E
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_6B3D0E08 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 7_2_6B3D0E08
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe c:\windows\system32\cmd.exe /c wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://downloads.xrite.com/downloads/software/fm100_scoring_sw/v4.0.7/fm100_huetest_32-bit_v407.exe" > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://downloads.xrite.com/downloads/software/fm100_scoring_sw/v4.0.7/fm100_huetest_32-bit_v407.exe"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://downloads.xrite.com/downloads/software/fm100_scoring_sw/v4.0.7/fm100_huetest_32-bit_v407.exe" Jump to behavior
Contains functionality to query CPU information (cpuid)
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_00CAC89D cpuid 7_2_00CAC89D
Queries the volume information (name, serial number etc) of a device
Source: C:\Windows\SysWOW64\wget.exe Queries volume information: C:\Users\user\Desktop\download VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5VM9G.tmp\FM100_HueTest_32-bit_v407.tmp Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Queries volume information: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\platforms\qwindows.dll VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Queries volume information: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\styles\qwindowsvistastyle.dll VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Queries volume information: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\printsupport\windowsprintersupport.dll VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Queries volume information: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\iconengines\qsvgicon.dll VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Queries volume information: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\imageformats\qgif.dll VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Queries volume information: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\imageformats\qicns.dll VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Queries volume information: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\imageformats\qico.dll VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Queries volume information: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\imageformats\qwbmp.dll VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Queries volume information: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\imageformats\qwebp.dll VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Queries volume information: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\sqldrivers\qsqlite.dll VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Queries volume information: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\sqldrivers\qsqlmysql.dll VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Queries volume information: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\sqldrivers\qsqlodbc.dll VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Queries volume information: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\sqldrivers\qsqlpsql.dll VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_00CACCAE GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, 7_2_00CACCAE
Source: C:\Windows\SysWOW64\wget.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_00C94080 ?text@QLineEdit@@QBE?AVQString@@XZ,?currentText@QComboBox@@QBE?AVQString@@XZ,?number@QString@@SA?AV1@HH@Z,?database@QSqlDatabase@@SA?AV1@ABVQString@@_N@Z,??0QSqlQuery@@QAE@VQSqlDatabase@@@Z,??1QString@@QAE@XZ,??0QString@@QAE@XZ,??4QString@@QAEAAV0@PBD@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QA 7_2_00C94080
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_00C92140 ?append@QString@@QAEAAV1@ABV1@@Z,?number@QString@@SA?AV1@HH@Z,?database@QSqlDatabase@@SA?AV1@ABVQString@@_N@Z,??0QSqlQuery@@QAE@VQSqlDatabase@@@Z,??1QString@@QAE@XZ,??0QString@@QAE@XZ,??4QString@@QAEAAV0@PBD@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,??0QVariant@@QAE@ABVQString@@@Z,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,?exec@QSqlQuery@@QAE_NXZ,?exec@QSqlQuery@@QAE_NXZ,??4QString@@QAEAAV0@PBD@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,?exec@QSqlQuery@@QAE_NXZ,?next@QSqlQuery@@QAE_NXZ,?toInt@QVariant@@QBEHPA_N@Z,?value@QSqlQuery@@QBE?AVQVariant@@H@Z,?value@QSqlQuery@@QBE?AVQVariant@@H@Z,?toInt@QVariant@@QBEHPA_N@Z,??1QVariant@@QAE@XZ,?next@QSqlQuery@@QAE_NXZ,??1QString@@QAE@XZ,??1QS 7_2_00C92140
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_00C93140 ??0QString@@QAE@XZ,?number@QString@@SA?AV1@HH@Z,?database@QSqlDatabase@@SA?AV1@ABVQString@@_N@Z,??0QSqlQuery@@QAE@VQSqlDatabase@@@Z,??1QString@@QAE@XZ,??4QString@@QAEAAV0@PBD@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,?exec@QSqlQuery@@QAE_NXZ,??1QSqlQuery@@QAE@XZ,??1QString@@QAE@XZ,??1QString@@QAE@XZ,??1QString@@QAE@XZ,??1QString@@QAE@XZ, 7_2_00C93140
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_00C90250 ?number@QString@@SA?AV1@HH@Z,?database@QSqlDatabase@@SA?AV1@ABVQString@@_N@Z,??0QSqlQuery@@QAE@VQSqlDatabase@@@Z,??1QString@@QAE@XZ,??0QString@@QAE@XZ,??4QString@@QAEAAV0@PBD@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,??0QVariant@@QAE@H@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,?exec@QSqlQuery@@QAE_NXZ,??1QString@@QAE@XZ,??1QSqlQuery@@QAE@XZ, 7_2_00C90250
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_00C90360 ?number@QString@@SA?AV1@HH@Z,?database@QSqlDatabase@@SA?AV1@ABVQString@@_N@Z,??0QSqlQuery@@QAE@VQSqlDatabase@@@Z,??1QString@@QAE@XZ,??0QString@@QAE@XZ,??4QString@@QAEAAV0@PBD@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,?exec@QSqlQuery@@QAE_NXZ,??1QString@@QAE@XZ,??1QSqlQuery@@QAE@XZ,??1QString@@QAE@XZ,??1QString@@QAE@XZ,??1QString@@QAE@XZ,??1QString@@QAE@XZ, 7_2_00C90360
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_00C93320 ??0QString@@QAE@XZ,?number@QString@@SA?AV1@HH@Z,?database@QSqlDatabase@@SA?AV1@ABVQString@@_N@Z,??0QSqlQuery@@QAE@VQSqlDatabase@@@Z,??1QString@@QAE@XZ,??4QString@@QAEAAV0@PBD@Z,?append@QString@@QAEAAV1@PBD@Z,?append@QString@@QAEAAV1@PBD@Z,?append@QString@@QAEAAV1@PBD@Z,?append@QString@@QAEAAV1@PBD@Z,?append@QString@@QAEAAV1@PBD@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,??0QVariant@@QAE@H@Z,??0QVariant@@QAE@H@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@H@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@H@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@H@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@H@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@H@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@H@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@H@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@H@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@H@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@H@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@H@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@H 7_2_00C93320
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_00C91410 ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?number@QString@@SA?AV1@HH@Z,?addDatabase@QSqlDatabase@@SA?AV1@ABVQString@@0@Z,??1QString@@QAE@XZ,??1QString@@QAE@XZ,?setDatabaseName@QSqlDatabase@@QAEXABVQString@@@Z,?open@QSqlDatabase@@QAE_NXZ,??0QSqlDatabase@@QAE@ABV0@@Z,??0QSqlQuery@@QAE@VQSqlDatabase@@@Z,??0QString@@QAE@XZ,??4QString@@QAEAAV0@PBD@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,?exec@QSqlQuery@@QAE_NXZ,?exec@QSqlQuery@@QAE_NXZ,??4QString@@QAEAAV0@PBD@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,?exec@QSqlQuery@@QAE_NXZ,??4QString@@QAEAAV0@PBD@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,?exec@QSqlQuery@@QAE_NXZ,??4QString@@QAEAAV0@PBD@Z,?append@QString@@QAEAAV1@PBD@Z,?append@QString@@QAEAAV1@PBD@Z,?append@QString@@QAEAAV1@PBD@Z,?append@QString@@QAEAAV1@PBD@Z,?append@QString@@QAEAAV1@PBD@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,?exec@QSqlQuery@@QAE_NXZ,??4QString@@QAEAAV0@PBD@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,?exec@QSqlQuery@@QAE_NXZ,?next@QSqlQuery@@QAE_NXZ,??4QString@@QAEAAV0@PBD@Z,?append@QString@@QAEAAV1@PBD@Z,?append@QString@@QAEAAV1@PBD@Z,?append@QString@@QAEAAV1@PBD@Z,?append@QString@@QAEAAV1@PBD@Z,?append@QString@@QAEAAV1@PBD@Z,?append@QString@@QAEAAV1@PBD@Z,?append@QString@@QAEAAV1@PBD@Z,?append@QString@@QAEAAV1@PBD@Z,?append@QString@@QAEAAV1@PBD@Z,?append@QString@@QAEAAV1@PBD@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,??0QVariant@@QAE@H@Z,??0QVariant@@QAE@H@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@H@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@H@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@H@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@H@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@H@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@H@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$ 7_2_00C91410
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_00C8F5D0 ?shared_null@QMapDataBase@@2U1@B,??0QString@@QAE@XZ,?number@QString@@SA?AV1@HH@Z,?database@QSqlDatabase@@SA?AV1@ABVQString@@_N@Z,??0QSqlQuery@@QAE@VQSqlDatabase@@@Z,??1QString@@QAE@XZ,??4QString@@QAEAAV0@PBD@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,?exec@QSqlQuery@@QAE_NXZ,??1QSqlQuery@@QAE@XZ,??1QString@@QAE@XZ,??1QString@@QAE@XZ,??1QString@@QAE@XZ, 7_2_00C8F5D0
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_00C906F0 ?number@QString@@SA?AV1@HH@Z,?database@QSqlDatabase@@SA?AV1@ABVQString@@_N@Z,??0QSqlQuery@@QAE@VQSqlDatabase@@@Z,??1QString@@QAE@XZ,??0QString@@QAE@XZ,??4QString@@QAEAAV0@PBD@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,?exec@QSqlQuery@@QAE_NXZ,?next@QSqlQuery@@QAE_NXZ,?value@QSqlQuery@@QBE?AVQVariant@@H@Z,?toString@QVariant@@QBE?AVQString@@XZ,??1QVariant@@QAE@XZ,??0QChar@@QAE@H@Z,?indexOf@QString@@QBEHVQChar@@HW4CaseSensitivity@Qt@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,??0QChar@@QAE@H@Z,?replace@QString@@QAEAAV1@VQChar@@ABV1@W4CaseSensitivity@Qt@@@Z,??1QString@@QAE@XZ,??0QString@@QAE@$$QAV0@@Z,??1QString@@QAE@XZ,??1QString@@QAE@XZ,??1QSqlQuery@@QAE@XZ,??1QString@@QAE@XZ,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,??1QString@@QAE@XZ,??1QSqlQuery@@QAE@XZ,??1QString@@QAE@XZ, 7_2_00C906F0
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_00C92700 ??0QString@@QAE@XZ,?number@QString@@SA?AV1@HH@Z,?database@QSqlDatabase@@SA?AV1@ABVQString@@_N@Z,??0QSqlQuery@@QAE@VQSqlDatabase@@@Z,??1QString@@QAE@XZ,??4QString@@QAEAAV0@PBD@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,?exec@QSqlQuery@@QAE_NXZ,??1QSqlQuery@@QAE@XZ,??1QString@@QAE@XZ,??1QString@@QAE@XZ, 7_2_00C92700
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_00C8F800 ??8QString@@QBE_NPBD@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?number@QString@@SA?AV1@HH@Z,?addDatabase@QSqlDatabase@@SA?AV1@ABVQString@@0@Z,??1QString@@QAE@XZ,??1QString@@QAE@XZ,?setDatabaseName@QSqlDatabase@@QAEXABVQString@@@Z,?open@QSqlDatabase@@QAE_NXZ,??4QString@@QAEAAV0@ABV0@@Z,??0QSqlDatabase@@QAE@ABV0@@Z,??0QSqlQuery@@QAE@VQSqlDatabase@@@Z,??0QString@@QAE@XZ,??4QString@@QAEAAV0@PBD@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,?exec@QSqlQuery@@QAE_NXZ,?exec@QSqlQuery@@QAE_NXZ,??4QString@@QAEAAV0@PBD@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,?exec@QSqlQuery@@QAE_NXZ,??4QString@@QAEAAV0@PBD@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,?exec@QSqlQuery@@QAE_NXZ,??4QString@@QAEAAV0@PBD@Z,?append@QString@@QAEAAV1@PBD@Z,?append@QString@@QAEAAV1@PBD@Z,?append@QString@@QAEAAV1@PBD@Z,?append@QString@@QAEAAV1@PBD@Z,?append@QString@@QAEAAV1@PBD@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,?exec@QSqlQuery@@QAE_NXZ,??4QString@@QAEAAV0@PBD@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,?exec@QSqlQuery@@QAE_NXZ,?next@QSqlQuery@@QAE_NXZ,??4QString@@QAEAAV0@PBD@Z,?append@QString@@QAEAAV1@PBD@Z,?append@QString@@QAEAAV1@PBD@Z,?append@QString@@QAEAAV1@PBD@Z,?append@QString@@QAEAAV1@PBD@Z,?append@QString@@QAEAAV1@PBD@Z,?append@QString@@QAEAAV1@PBD@Z,?append@QString@@QAEAAV1@PBD@Z,?append@QString@@QAEAAV1@PBD@Z,?append@QString@@QAEAAV1@PBD@Z,?append@QString@@QAEAAV1@PBD@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,??0QVariant@@QAE@H@Z,??0QVariant@@QAE@H@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@H@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@H@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@H@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@H@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@H@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@H@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4 7_2_00C8F800
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_00C93C10 ?currentText@QComboBox@@QBE?AVQString@@XZ,?number@QString@@SA?AV1@HH@Z,?database@QSqlDatabase@@SA?AV1@ABVQString@@_N@Z,??0QSqlQuery@@QAE@VQSqlDatabase@@@Z,??1QString@@QAE@XZ,??0QString@@QAE@XZ,??4QString@@QAEAAV0@PBD@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,??0QVariant@@QAE@H@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@ABVQString@@@Z,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,?exec@QSqlQuery@@QAE_NXZ,??1QString@@QAE@XZ,??1QSqlQuery@@QAE@XZ,??1QString@@QAE@XZ,??1QString@@QAE@XZ,??1QString@@QAE@XZ,??1QString@@QAE@XZ,??1QString@@QAE@XZ,??1QString@@QAE@XZ,??1QString@ 7_2_00C93C10
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_00C7DDB7 ?text@QLineEdit@@QBE?AVQString@@XZ,??4QString@@QAEAAV0@ABV0@@Z,??1QString@@QAE@XZ,??1QString@@QAE@XZ,??1QString@@QAE@XZ,?currentText@QComboBox@@QBE?AVQString@@XZ,??8@YA_NABVQString@@0@Z,??1QString@@QAE@XZ,??1QString@@QAE@XZ,??4QString@@QAEAAV0@PBD@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?currentText@QComboBox@@QBE?AVQString@@XZ,??8@YA_NABVQString@@0@Z,??1QString@@QAE@XZ,??1QString@@QAE@XZ,??4QString@@QAEAAV0@PBD@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,?exec@QSqlQuery@@QAE_NXZ,?exec@QSqlQuery@@QAE_NXZ,?currentText@QComboBox@@QBE?AVQString@@XZ,??8@YA_NABVQString@@0@Z,??1QString@@QAE@XZ,??1QString@@QAE@XZ,??4QString@@QAEAAV0@PBD@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?currentText@QComboBox@@QBE?AVQString@@XZ,??8@YA_NABVQString@@0@Z,??1QString@@QAE@XZ,??1QString@@QAE@XZ,??4QString@@QAEAAV0@PBD@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?currentText@QComboBox@@QBE?AVQString@@XZ,??8@YA_NABVQString@@0@Z,??1QString@@QAE@XZ,??1QString@@QAE@XZ,??4QString@@QAEAAV0@PBD@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?currentText@QComboBox@@QBE?AVQString@@XZ,??8@YA_NABVQString@@0@Z,??1QString@@QAE@XZ,??1QString@@QAE@XZ,??4QString@@QAEAAV0@PBD@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?currentText@QComboBox@@QBE?AVQString@@XZ,??8@YA_NABVQString@@0@Z,??1QString@@QAE@XZ,??1QString@@QAE@XZ,??4QString@@QAEAAV0@PBD@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?currentText@QComboBox@@QBE?AVQString@@XZ,??8@YA_NABVQString@@0@Z,??1QString@@QAE@XZ,??1QString@@QAE@XZ,??4QString@@QAEAAV0@PBD@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?currentText@QComboBox@@QBE?AVQString@@XZ,??8@YA_NABVQString@@0@Z,??1QString@@QAE@XZ,??1QString@@QAE@XZ,??4QString@@QAEAAV0@PBD@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU 7_2_00C7DDB7
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_00C7DE98 ?currentText@QComboBox@@QBE?AVQString@@XZ,??8@YA_NABVQString@@0@Z,??1QString@@QAE@XZ,??1QString@@QAE@XZ,?text@QLineEdit@@QBE?AVQString@@XZ,?currentText@QComboBox@@QBE?AVQString@@XZ,??8@YA_NABVQString@@0@Z,??1QString@@QAE@XZ,??1QString@@QAE@XZ,?text@QLineEdit@@QBE?AVQString@@XZ,??4QString@@QAEAAV0@ABV0@@Z,??1QString@@QAE@XZ,??1QString@@QAE@XZ,?currentText@QComboBox@@QBE?AVQString@@XZ,??8@YA_NABVQString@@0@Z,??1QString@@QAE@XZ,??1QString@@QAE@XZ,??4QString@@QAEAAV0@PBD@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,?exec@QSqlQuery@@QAE_NXZ,?exec@QSqlQuery@@QAE_NXZ,??4QString@@QAEAAV0@PBD@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,?exec@QSqlQuery@@QAE_NXZ,?shared_null@QListData@@2UData@1@B,?next@QSqlQuery@@QAE_NXZ,?toString@QVariant@@QBE?AVQString@@XZ,??1QVariant@@QAE@XZ,?value@QSqlQuery@@QBE?AVQVariant@@H@Z,?toString@QVariant@@QBE?AVQString@@XZ,??1QVariant@@QAE@XZ,?value@QSqlQuery@@QBE?AVQVariant@@H@Z,?toString@QVariant@@QBE?AVQString@@XZ,??1QVariant@@QAE@XZ,?value@QSqlQuery@@QBE?AVQVariant@@H@Z,?toString@QVariant@@QBE?AVQString@@XZ,??1QVariant@@QAE@XZ,?value@QSqlQuery@@QBE?AVQVariant@@H@Z,?toString@QVariant@@QBE?AVQString@@XZ,??1QVariant@@QAE@XZ,?value@QSqlQuery@@QBE?AVQVariant@@H@Z,?toString@QVariant@@QBE?AVQString@@XZ,??1QVariant@@QAE@XZ,?value@QSqlQuery@@QBE?AVQVariant@@H@Z,?toString@QVariant@@QBE?AVQString@@XZ,??1QVariant@@QAE@XZ,?value@QSqlQuery@@QBE?AVQVariant@@H@Z,?toString@QVariant@@QBE?AVQString@@XZ,??1QVariant@@QAE@XZ,?value@QSqlQuery@@QBE?AVQVariant@@H@Z,?toString@QVariant@@QBE?AVQString@@XZ,??1QVariant@@QAE@XZ,?value@QSqlQuery@@QBE?AVQVariant@@H@Z,?toString@QVariant@@QBE?AVQString@@XZ,??1QVariant@@QAE@XZ,?value@QSqlQuery@@QBE?AVQVariant@@H@Z,?toString@QVariant@@QBE?AVQString@@XZ,??1QVariant@@QAE@XZ,?value@QSqlQuery@@QBE?AVQVariant@@H@Z,?toString@QVariant@@QBE?AVQString@@XZ,??1QVariant@@QAE@XZ,?value@QSqlQuery@@QBE?AVQVariant@@H@Z,?toString@QVariant@@QBE?AVQString@@XZ,??1QVariant@@QAE@XZ,?value@QSqlQuery@@QBE?AVQVariant@@H@Z,?toString@QVariant@@QBE?AVQString@@XZ,??1QVariant@@QAE@XZ,?value@QSqlQuery@@QBE?AVQVariant@@H@Z,?toString@QVariant@@QBE?AVQString@@XZ,??1QVariant@@QAE@XZ,?value@QSqlQuery@@QBE?AVQVariant@@H@Z,?toString@QVariant@@QBE?AVQString@@XZ,??1QVariant@@QAE@XZ,?value@QSqlQuery@@QBE?AVQVariant@@H@Z,?toString@QVariant@@QBE?AVQString@@XZ,??1QVariant@@QAE@XZ,??0QString@@QAE@ABV0@@Z,??4QString@@QAEAAV0@ABV0@@Z,??4QString@@QAEAAV0@ABV0@@Z,??4QString@@QAEAAV0@ABV0@@Z,??4QString@@QAEAAV0@ABV0@@Z,??4QString@@QAEAAV0@ABV0@@Z,??4QString@@QAEAAV0@ABV0@@Z,??4QString@@QAEAAV0@ABV0@@Z,??4QString@@QAEAAV0@ABV0@@Z,??4QString@@QAEAAV0@ABV0@@Z,??4QString@@QAEAAV0@ABV0@@Z,??4QString@@QAEAAV0@ABV0@@Z,??4QString@@QAEAAV0@ABV0@@Z,??4QString@@QAEAAV0@ABV0@@Z,??4QString@@QAEAAV0@ABV0@@Z,??4 7_2_00C7DE98
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_00C7DE66 ?text@QLineEdit@@QBE?AVQString@@XZ,??4QString@@QAEAAV0@$$QAV0@@Z,??1QString@@QAE@XZ,?currentText@QComboBox@@QBE?AVQString@@XZ,??8@YA_NABVQString@@0@Z,??1QString@@QAE@XZ,??1QString@@QAE@XZ,??4QString@@QAEAAV0@PBD@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,?exec@QSqlQuery@@QAE_NXZ,?exec@QSqlQuery@@QAE_NXZ,??4QString@@QAEAAV0@PBD@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,?exec@QSqlQuery@@QAE_NXZ,?shared_null@QListData@@2UData@1@B,?next@QSqlQuery@@QAE_NXZ,?toString@QVariant@@QBE?AVQString@@XZ,??1QVariant@@QAE@XZ,?value@QSqlQuery@@QBE?AVQVariant@@H@Z,?toString@QVariant@@QBE?AVQString@@XZ,??1QVariant@@QAE@XZ,?value@QSqlQuery@@QBE?AVQVariant@@H@Z,?toString@QVariant@@QBE?AVQString@@XZ,??1QVariant@@QAE@XZ,?value@QSqlQuery@@QBE?AVQVariant@@H@Z,?toString@QVariant@@QBE?AVQString@@XZ,??1QVariant@@QAE@XZ,?value@QSqlQuery@@QBE?AVQVariant@@H@Z,?toString@QVariant@@QBE?AVQString@@XZ,??1QVariant@@QAE@XZ,?value@QSqlQuery@@QBE?AVQVariant@@H@Z,?toString@QVariant@@QBE?AVQString@@XZ,??1QVariant@@QAE@XZ,?value@QSqlQuery@@QBE?AVQVariant@@H@Z,?toString@QVariant@@QBE?AVQString@@XZ,??1QVariant@@QAE@XZ,?value@QSqlQuery@@QBE?AVQVariant@@H@Z,?toString@QVariant@@QBE?AVQString@@XZ,??1QVariant@@QAE@XZ,?value@QSqlQuery@@QBE?AVQVariant@@H@Z,?toString@QVariant@@QBE?AVQString@@XZ,??1QVariant@@QAE@XZ,?value@QSqlQuery@@QBE?AVQVariant@@H@Z,?toString@QVariant@@QBE?AVQString@@XZ,??1QVariant@@QAE@XZ,?value@QSqlQuery@@QBE?AVQVariant@@H@Z,?toString@QVariant@@QBE?AVQString@@XZ,??1QVariant@@QAE@XZ,?value@QSqlQuery@@QBE?AVQVariant@@H@Z,?toString@QVariant@@QBE?AVQString@@XZ,??1QVariant@@QAE@XZ,?value@QSqlQuery@@QBE?AVQVariant@@H@Z,?toString@QVariant@@QBE?AVQString@@XZ,??1QVariant@@QAE@XZ,?value@QSqlQuery@@QBE?AVQVariant@@H@Z,?toString@QVariant@@QBE?AVQString@@XZ,??1QVariant@@QAE@XZ,?value@QSqlQuery@@QBE?AVQVariant@@H@Z,?toString@QVariant@@QBE?AVQString@@XZ,??1QVariant@@QAE@XZ,?value@QSqlQuery@@QBE?AVQVariant@@H@Z,?toString@QVariant@@QBE?AVQString@@XZ,??1QVariant@@QAE@XZ,?value@QSqlQuery@@QBE?AVQVariant@@H@Z,?toString@QVariant@@QBE?AVQString@@XZ,??1QVariant@@QAE@XZ,??0QString@@QAE@ABV0@@Z,??4QString@@QAEAAV0@ABV0@@Z,??4QString@@QAEAAV0@ABV0@@Z,??4QString@@QAEAAV0@ABV0@@Z,??4QString@@QAEAAV0@ABV0@@Z,??4QString@@QAEAAV0@ABV0@@Z,??4QString@@QAEAAV0@ABV0@@Z,??4QString@@QAEAAV0@ABV0@@Z,??4QString@@QAEAAV0@ABV0@@Z,??4QString@@QAEAAV0@ABV0@@Z,??4QString@@QAEAAV0@ABV0@@Z,??4QString@@QAEAAV0@ABV0@@Z,??4QString@@QAEAAV0@ABV0@@Z,??4QString@@QAEAAV0@ABV0@@Z,??4QString@@QAEAAV0@ABV0@@Z,??4QString@@QAEAAV0@ABV0@@Z,??4QString@@QAEAAV0@ABV0@@Z,??4QString@@QAEAAV0@ABV0@@Z,??4QString@@QAEAAV0@ABV0@@Z,??1QString@@QAE@XZ,??1QString@@QAE@XZ,??1QString@@QAE@XZ,??1QString@@QAE@XZ,??1QString@@QAE@XZ,??1QString@@QAE@XZ,??1QString@@QAE@XZ,??1QString@@QAE@XZ 7_2_00C7DE66
Source: C:\Program Files (x86)\Farnsworth-Munsell 100 Hue Test\Farnsworth-Munsell 100 Hue Test.exe Code function: 7_2_00C91E20 ?append@QString@@QAEAAV1@ABV1@@Z,?number@QString@@SA?AV1@HH@Z,?database@QSqlDatabase@@SA?AV1@ABVQString@@_N@Z,??0QSqlQuery@@QAE@VQSqlDatabase@@@Z,??1QString@@QAE@XZ,??0QString@@QAE@XZ,??4QString@@QAEAAV0@PBD@Z,?prepare@QSqlQuery@@QAE_NABVQString@@@Z,??0QVariant@@QAE@H@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@ABVQString@@@Z,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,??0QVariant@@QAE@ABVQString@@@Z,?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z,?bindValue@QSqlQuery@@QAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z,??1QString@@QAE@XZ,??1QVariant@@QAE@XZ,?exec@QSqlQuery@@QAE_NXZ,??1QString@@QAE@XZ,??1QSqlQuery@@QAE@XZ,??1QString@@QAE@XZ,??1QString@@QAE@XZ,??1QString@@QAE@XZ,??1QString@@QAE@XZ,??1QString@@QAE@XZ,??1QString@@QAE@XZ, 7_2_00C91E20
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1431062 URL: https://downloads.xrite.com... Startdate: 24/04/2024 Architecture: WINDOWS Score: 10 39 downloads.xrite.com 2->39 41 ddw46c9gijmcm.cloudfront.net 2->41 8 FM100_HueTest_32-bit_v407.exe 2 2->8         started        11 cmd.exe 2 2->11         started        process3 file4 25 C:\Users\...\FM100_HueTest_32-bit_v407.tmp, PE32 8->25 dropped 13 FM100_HueTest_32-bit_v407.tmp 27 664 8->13         started        16 wget.exe 2 11->16         started        19 conhost.exe 11->19         started        process5 dnsIp6 27 C:\Users\user\AppData\Local\...\_shfoldr.dll, PE32 13->27 dropped 29 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 13->29 dropped 31 C:\...\unins000.exe (copy), PE32 13->31 dropped 35 57 other files (none is malicious) 13->35 dropped 21 Farnsworth-Munsell 100 Hue Test.exe 3 13->21         started        37 ddw46c9gijmcm.cloudfront.net 18.154.206.90, 443, 49705 AMAZON-02US United States 16->37 33 C:\Users\...\FM100_HueTest_32-bit_v407.exe, PE32 16->33 dropped file7 process8 process9 23 splwow64.exe 1 21->23         started       
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
18.154.206.90
 ddw46c9gijmcm.cloudfront.net United States
16509 AMAZON-02US false

Contacted Domains

Name IP Active
ddw46c9gijmcm.cloudfront.net 18.154.206.90 true
downloads.xrite.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://downloads.xrite.com/downloads/software/FM100_Scoring_SW/v4.0.7/FM100_HueTest_32-bit_v407.exe false
    		high