Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Quote Request - Project FMD2024UOS..exe

Overview

General Information

Sample name:Quote Request - Project FMD2024UOS..exe
Analysis ID:1528233
MD5:29cdc055c6c580cd9e3beeb12f6a5125
SHA1:e87596ac38f1d259cead6a3df577e8f4ba684da7
SHA256:3257c2795fbf8521fde8240b090eb9f2aff0c3d989a7a246ff02ec31d0abbcdd
Tags:exeuser-lowmal3
Infos:

Detection

FormBook
Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Injects a PE file into a foreign processes
Machine Learning detection for sample
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.2324711001.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000004.00000002.2324711001.0000000000400000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2ee83:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x17292:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000004.00000002.2324996009.0000000000EA0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000004.00000002.2324996009.0000000000EA0000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2ba10:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x13e1f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      Process Memory Space: Quote Request - Project FMD2024UOS..exe PID: 4424JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        4.2.Quote Request - Project FMD2024UOS..exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          4.2.Quote Request - Project FMD2024UOS..exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2ee83:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x17292:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          4.2.Quote Request - Project FMD2024UOS..exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            4.2.Quote Request - Project FMD2024UOS..exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2e083:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x16492:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            No Suricata rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: Quote Request - Project FMD2024UOS..exeReversingLabs: Detection: 47%
            Yara detected FormBook
            Source: Yara matchFile source: 4.2.Quote Request - Project FMD2024UOS..exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 4.2.Quote Request - Project FMD2024UOS..exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000004.00000002.2324711001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2324996009.0000000000EA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: Quote Request - Project FMD2024UOS..exeJoe Sandbox ML: detected
            Source: Quote Request - Project FMD2024UOS..exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: Quote Request - Project FMD2024UOS..exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: BrSe.pdbSHA256 source: Quote Request - Project FMD2024UOS..exe
            Source: Binary string: wntdll.pdbUGP source: Quote Request - Project FMD2024UOS..exe, 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: Quote Request - Project FMD2024UOS..exe, Quote Request - Project FMD2024UOS..exe, 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: BrSe.pdb source: Quote Request - Project FMD2024UOS..exe
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4x nop then jmp 06DC7B12h0_2_06DC763E

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 4.2.Quote Request - Project FMD2024UOS..exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 4.2.Quote Request - Project FMD2024UOS..exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000004.00000002.2324711001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2324996009.0000000000EA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 4.2.Quote Request - Project FMD2024UOS..exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 4.2.Quote Request - Project FMD2024UOS..exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.2324711001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.2324996009.0000000000EA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0042C1F3 NtClose,4_2_0042C1F3
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01462DF0 NtQuerySystemInformation,LdrInitializeThunk,4_2_01462DF0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01462C70 NtFreeVirtualMemory,LdrInitializeThunk,4_2_01462C70
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014635C0 NtCreateMutant,LdrInitializeThunk,4_2_014635C0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01464340 NtSetContextThread,4_2_01464340
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01464650 NtSuspendThread,4_2_01464650
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01462B60 NtClose,4_2_01462B60
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01462BE0 NtQueryValueKey,4_2_01462BE0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01462BF0 NtAllocateVirtualMemory,4_2_01462BF0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01462B80 NtQueryInformationFile,4_2_01462B80
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01462BA0 NtEnumerateValueKey,4_2_01462BA0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01462AD0 NtReadFile,4_2_01462AD0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01462AF0 NtWriteFile,4_2_01462AF0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01462AB0 NtWaitForSingleObject,4_2_01462AB0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01462D00 NtSetInformationFile,4_2_01462D00
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01462D10 NtMapViewOfSection,4_2_01462D10
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01462D30 NtUnmapViewOfSection,4_2_01462D30
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01462DD0 NtDelayExecution,4_2_01462DD0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01462DB0 NtEnumerateKey,4_2_01462DB0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01462C60 NtCreateKey,4_2_01462C60
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01462C00 NtQueryInformationProcess,4_2_01462C00
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01462CC0 NtQueryVirtualMemory,4_2_01462CC0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01462CF0 NtOpenProcess,4_2_01462CF0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01462CA0 NtQueryInformationToken,4_2_01462CA0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01462F60 NtCreateProcessEx,4_2_01462F60
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01462F30 NtCreateSection,4_2_01462F30
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01462FE0 NtCreateFile,4_2_01462FE0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01462F90 NtProtectVirtualMemory,4_2_01462F90
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01462FA0 NtQuerySection,4_2_01462FA0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01462FB0 NtResumeThread,4_2_01462FB0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01462E30 NtWriteVirtualMemory,4_2_01462E30
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01462EE0 NtQueueApcThread,4_2_01462EE0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01462E80 NtReadVirtualMemory,4_2_01462E80
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01462EA0 NtAdjustPrivilegesToken,4_2_01462EA0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01463010 NtOpenDirectoryObject,4_2_01463010
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01463090 NtSetValueKey,4_2_01463090
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014639B0 NtGetContextThread,4_2_014639B0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01463D70 NtOpenThread,4_2_01463D70
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01463D10 NtOpenProcessToken,4_2_01463D10
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 0_2_00C8D55C0_2_00C8D55C
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 0_2_06DC88B80_2_06DC88B8
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 0_2_06DC56200_2_06DC5620
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 0_2_06DC34700_2_06DC3470
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 0_2_06DC4C700_2_06DC4C70
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 0_2_06DC34600_2_06DC3460
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 0_2_06DC2BF00_2_06DC2BF0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 0_2_06DC00070_2_06DC0007
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 0_2_06DC30380_2_06DC3038
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 0_2_06DC30280_2_06DC3028
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_004029404_2_00402940
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_004031F04_2_004031F0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_004012004_2_00401200
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_004024534_2_00402453
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_00401C194_2_00401C19
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0040FCEA4_2_0040FCEA
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_00402CEB4_2_00402CEB
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_00402CF04_2_00402CF0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0040FCF34_2_0040FCF3
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_004165FE4_2_004165FE
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_004166034_2_00416603
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_004026104_2_00402610
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0042E7734_2_0042E773
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0040FF134_2_0040FF13
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0040DF934_2_0040DF93
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014B81584_2_014B8158
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014201004_2_01420100
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014CA1184_2_014CA118
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014E81CC4_2_014E81CC
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014F01AA4_2_014F01AA
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014E41A24_2_014E41A2
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014C20004_2_014C2000
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014EA3524_2_014EA352
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014F03E64_2_014F03E6
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0143E3F04_2_0143E3F0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014D02744_2_014D0274
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014B02C04_2_014B02C0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014305354_2_01430535
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014F05914_2_014F0591
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014E24464_2_014E2446
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014D44204_2_014D4420
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014DE4F64_2_014DE4F6
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014547504_2_01454750
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014307704_2_01430770
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0142C7C04_2_0142C7C0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0144C6E04_2_0144C6E0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014469624_2_01446962
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014329A04_2_014329A0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014FA9A64_2_014FA9A6
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0143A8404_2_0143A840
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014328404_2_01432840
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145E8F04_2_0145E8F0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014168B84_2_014168B8
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014EAB404_2_014EAB40
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014E6BD74_2_014E6BD7
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0142EA804_2_0142EA80
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0143AD004_2_0143AD00
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014CCD1F4_2_014CCD1F
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0142ADE04_2_0142ADE0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01448DBF4_2_01448DBF
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01430C004_2_01430C00
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01420CF24_2_01420CF2
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014D0CB54_2_014D0CB5
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A4F404_2_014A4F40
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01472F284_2_01472F28
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01450F304_2_01450F30
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014D2F304_2_014D2F30
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01422FC84_2_01422FC8
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0143CFE04_2_0143CFE0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014AEFA04_2_014AEFA0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01430E594_2_01430E59
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014EEE264_2_014EEE26
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014EEEDB4_2_014EEEDB
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01442E904_2_01442E90
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014ECE934_2_014ECE93
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014FB16B4_2_014FB16B
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0146516C4_2_0146516C
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0141F1724_2_0141F172
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0143B1B04_2_0143B1B0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014DF0CC4_2_014DF0CC
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014370C04_2_014370C0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014E70E94_2_014E70E9
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014EF0E04_2_014EF0E0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0141D34C4_2_0141D34C
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014E132D4_2_014E132D
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0147739A4_2_0147739A
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0144B2C04_2_0144B2C0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014D12ED4_2_014D12ED
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014352A04_2_014352A0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014E75714_2_014E7571
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014F95C34_2_014F95C3
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014CD5B04_2_014CD5B0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014214604_2_01421460
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014EF43F4_2_014EF43F
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014EF7B04_2_014EF7B0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014756304_2_01475630
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014E16CC4_2_014E16CC
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014399504_2_01439950
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0144B9504_2_0144B950
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014C59104_2_014C5910
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0149D8004_2_0149D800
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014338E04_2_014338E0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014EFB764_2_014EFB76
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A5BF04_2_014A5BF0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0146DBF94_2_0146DBF9
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0144FB804_2_0144FB80
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014EFA494_2_014EFA49
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014E7A464_2_014E7A46
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A3A6C4_2_014A3A6C
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014DDAC64_2_014DDAC6
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014CDAAC4_2_014CDAAC
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01475AA04_2_01475AA0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014D1AA34_2_014D1AA3
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01433D404_2_01433D40
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014E1D5A4_2_014E1D5A
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014E7D734_2_014E7D73
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0144FDC04_2_0144FDC0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A9C324_2_014A9C32
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014EFCF24_2_014EFCF2
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014EFF094_2_014EFF09
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01431F924_2_01431F92
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_013F3FD54_2_013F3FD5
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_013F3FD24_2_013F3FD2
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014EFFB14_2_014EFFB1
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01439EB04_2_01439EB0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: String function: 0149EA12 appears 86 times
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: String function: 0141B970 appears 280 times
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: String function: 01477E54 appears 111 times
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: String function: 014AF290 appears 105 times
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: String function: 01465130 appears 58 times
            Source: Quote Request - Project FMD2024UOS..exe, 00000000.00000002.2049713455.0000000003629000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Quote Request - Project FMD2024UOS..exe
            Source: Quote Request - Project FMD2024UOS..exe, 00000000.00000002.2052742090.0000000006CF0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Quote Request - Project FMD2024UOS..exe
            Source: Quote Request - Project FMD2024UOS..exe, 00000000.00000000.2019263748.00000000002AE000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameBrSe.exe8 vs Quote Request - Project FMD2024UOS..exe
            Source: Quote Request - Project FMD2024UOS..exe, 00000000.00000002.2049713455.000000000384D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Quote Request - Project FMD2024UOS..exe
            Source: Quote Request - Project FMD2024UOS..exe, 00000000.00000002.2046437804.000000000094E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Quote Request - Project FMD2024UOS..exe
            Source: Quote Request - Project FMD2024UOS..exe, 00000004.00000002.2325298188.000000000151D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Quote Request - Project FMD2024UOS..exe
            Source: Quote Request - Project FMD2024UOS..exeBinary or memory string: OriginalFilenameBrSe.exe8 vs Quote Request - Project FMD2024UOS..exe
            Source: Quote Request - Project FMD2024UOS..exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 4.2.Quote Request - Project FMD2024UOS..exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 4.2.Quote Request - Project FMD2024UOS..exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.2324711001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.2324996009.0000000000EA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: Quote Request - Project FMD2024UOS..exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.3739f40.1.raw.unpack, tbsL7Rh7C9pm6j7Ar8.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.3739f40.1.raw.unpack, tbsL7Rh7C9pm6j7Ar8.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.3739f40.1.raw.unpack, tbsL7Rh7C9pm6j7Ar8.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.38e0768.2.raw.unpack, vxYAgrcRRwupFi3Z1a.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.38e0768.2.raw.unpack, tbsL7Rh7C9pm6j7Ar8.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.38e0768.2.raw.unpack, tbsL7Rh7C9pm6j7Ar8.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.38e0768.2.raw.unpack, tbsL7Rh7C9pm6j7Ar8.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.3739f40.1.raw.unpack, vxYAgrcRRwupFi3Z1a.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.6cf0000.4.raw.unpack, vxYAgrcRRwupFi3Z1a.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.6cf0000.4.raw.unpack, tbsL7Rh7C9pm6j7Ar8.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.6cf0000.4.raw.unpack, tbsL7Rh7C9pm6j7Ar8.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.6cf0000.4.raw.unpack, tbsL7Rh7C9pm6j7Ar8.csSecurity API names: _0020.AddAccessRule
            Source: classification engineClassification label: mal88.troj.evad.winEXE@5/1@0/0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Quote Request - Project FMD2024UOS..exe.logJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeMutant created: NULL
            Source: Quote Request - Project FMD2024UOS..exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: Quote Request - Project FMD2024UOS..exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: Quote Request - Project FMD2024UOS..exeReversingLabs: Detection: 47%
            Source: unknownProcess created: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exe "C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exe"
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess created: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exe "C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exe"
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess created: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exe "C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exe"
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess created: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exe "C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exe"Jump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess created: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exe "C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exe"Jump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: Quote Request - Project FMD2024UOS..exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: Quote Request - Project FMD2024UOS..exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Quote Request - Project FMD2024UOS..exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: BrSe.pdbSHA256 source: Quote Request - Project FMD2024UOS..exe
            Source: Binary string: wntdll.pdbUGP source: Quote Request - Project FMD2024UOS..exe, 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: Quote Request - Project FMD2024UOS..exe, Quote Request - Project FMD2024UOS..exe, 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: BrSe.pdb source: Quote Request - Project FMD2024UOS..exe

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: Quote Request - Project FMD2024UOS..exe, Form1.cs.Net Code: InitializeComponent contains xor as well as GetObject
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.3739f40.1.raw.unpack, tbsL7Rh7C9pm6j7Ar8.cs.Net Code: NCA91RlOs7 System.Reflection.Assembly.Load(byte[])
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.6cf0000.4.raw.unpack, tbsL7Rh7C9pm6j7Ar8.cs.Net Code: NCA91RlOs7 System.Reflection.Assembly.Load(byte[])
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.38e0768.2.raw.unpack, tbsL7Rh7C9pm6j7Ar8.cs.Net Code: NCA91RlOs7 System.Reflection.Assembly.Load(byte[])
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.2654978.0.raw.unpack, RZ.cs.Net Code: System.Reflection.Assembly.Load(byte[])
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.51e0000.3.raw.unpack, RZ.cs.Net Code: System.Reflection.Assembly.Load(byte[])
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 0_2_06DC7C50 pushfd ; retf 0_2_06DC7C5D
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 0_2_06DC9549 push es; ret 0_2_06DC9554
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 0_2_06DC7D17 push es; retf 0_2_06DC7D24
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0041483D push ebp; iretd 4_2_0041485A
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_004019C2 push esp; retf 4_2_004019E8
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_00401A7D pushfd ; retf 4_2_00401A85
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_00401A15 push ds; retf 4_2_00401A2E
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_00401AAA pushfd ; retf 4_2_00401AB9
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0040D3DA push cs; iretd 4_2_0040D3DB
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_00423393 push cs; iretd 4_2_0042339F
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_00403470 push eax; ret 4_2_00403472
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0041A4B7 push DBFAC769h; retf 4_2_0041A4BC
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_00418D52 push E6A709CAh; iretd 4_2_00418D84
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0040AD89 push esi; ret 4_2_0040AD8A
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_00423635 pushfd ; iretd 4_2_00423636
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_00404EC4 push 29136795h; ret 4_2_00404ECC
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_00401F44 pushfd ; retf 4_2_00401F69
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_00413757 push esi; ret 4_2_0041375E
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_013F225F pushad ; ret 4_2_013F27F9
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_013F27FA pushad ; ret 4_2_013F27F9
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014209AD push ecx; mov dword ptr [esp], ecx4_2_014209B6
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_013F283D push eax; iretd 4_2_013F2858
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_013F135E push eax; iretd 4_2_013F1369
            Source: Quote Request - Project FMD2024UOS..exeStatic PE information: section name: .text entropy: 7.9859819789295425
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.3739f40.1.raw.unpack, LNX5sF9k0IXCSdhhBb.csHigh entropy of concatenated method names: 'aHGa3xYAgr', 'XRwahupFi3', 'YPgan07jRh', 'aLCagwGJxs', 'nZDax5h3iA', 'qqva21tcuH', 'rRP6Y6gFe190B4rObL', 'mpswZn9XJH9fSMcrBq', 'D2PaauksUJ', 'xysaOgIskN'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.3739f40.1.raw.unpack, tbsL7Rh7C9pm6j7Ar8.csHigh entropy of concatenated method names: 'yN3OHSXlLa', 'jiHOFoTHmV', 'OGWO4v5WZJ', 'MHhOE4f31A', 'm85ObJK2ly', 'S5lOC9srqJ', 'm8FO3OpVwT', 'Lx7Ohk88bQ', 'NBkOtfBRtm', 'b1aOnQPUQS'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.3739f40.1.raw.unpack, SfTYrufVKNqinUMgYF.csHigh entropy of concatenated method names: 'D8X3AOdMt8', 'C2M3Ya3T1u', 'HAw31W0MNd', 'nae3VysRAv', 'DQo3WM5dWu', 'Goe3SqrTUr', 'yWN3T3KCNb', 'C5A3chyKL8', 'reS3P6HwJR', 'xwv36Ys5Nt'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.3739f40.1.raw.unpack, nCHZ9ORhO02L9eLbOC.csHigh entropy of concatenated method names: 'fbC7pkdYa3', 'EU67Q5K62p', 'rYY7BQ8TKW', 'q4W78ki9GR', 'pM87lxVvpy', 'pk27rh7g66', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.3739f40.1.raw.unpack, zpWlpUPPg07jRh5LCw.csHigh entropy of concatenated method names: 'g2TEVkuxbo', 'mP7ES2RPsn', 'EHmEcgmgnr', 'cneEP2kMEh', 'zU6ExjMC9C', 'TmeE2hnJn1', 'W2uEdKB1O9', 'BNnE71GDu9', 'ASREk9obot', 'wmNELrWhLN'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.3739f40.1.raw.unpack, V3A75fa54JltvcmPudJ.csHigh entropy of concatenated method names: 'MhokAbLJBU', 'tvqkYOr9Io', 'wvBk1kAYUU', 'WFLkVYxxFf', 'q2wkWS7aGd', 'DJykSufpXl', 'X1JkTXrxfZ', 'Ssmkc5L44b', 'x12kPuiRSj', 'BWak6uifBb'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.3739f40.1.raw.unpack, aT2I3aumfubbA8pScL.csHigh entropy of concatenated method names: 'NNyIcxW7iT', 'NTgIPgPXZC', 'tZKIpUko1G', 'lcEIQU1J0d', 'OlgI8uYU3k', 'MVsIr6qtYw', 'KdIIN3Wkhb', 'ie4IK8heoa', 'alPI0b2UoZ', 'i6HIMvYZWY'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.3739f40.1.raw.unpack, dEMyr1evxPsD9tEyAj.csHigh entropy of concatenated method names: 'LKa7FxYZ9B', 'TQI74mldqE', 'ayn7E6TvBX', 'AlS7byelvQ', 'ffS7CvZrPs', 'FDs73IVfkf', 'mGm7hHmQrT', 'gZt7tTXAy1', 'rYB7nh0pc6', 'iBk7gTNs8y'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.3739f40.1.raw.unpack, SvsV15mbg87NSelUQA.csHigh entropy of concatenated method names: 'PjL12Je9x', 'ySqVkvIdM', 'waISRFF7D', 'ecyTxbh7Q', 'P9tPBrLVX', 'Xun6ntZtw', 'm3Me90WL7h6aLOdCVc', 'Q75E3RGW9HtZRFKOER', 'S5H7DUued', 'wOsLf7H9j'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.3739f40.1.raw.unpack, DOkC2PZsANcmtvjMvW.csHigh entropy of concatenated method names: 'ldvdnSyH34', 'PhvdgecTXp', 'ToString', 'GWcdFAFxKF', 'gkbd4tJsHR', 'Bt7dEV2hmX', 'xNGdbfwIW9', 'AjqdCPO4CF', 'MqOd3i5UaP', 'TEDdhMPIjV'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.3739f40.1.raw.unpack, ABqk95aOjWmxbEc3ipi.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'FrwLl0r5Uo', 'S3SLiGbYhd', 'UZJLXFBVKj', 'Ah5LZiliQZ', 'cqxLoW7Hnl', 'iEFLqE9DPY', 'qXdLvAQLym'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.3739f40.1.raw.unpack, QoWKkalsrcgwFy3YoD.csHigh entropy of concatenated method names: 'zFkx0m6tCC', 'kxyxDZpXt6', 'fRPxlBD1ch', 'okMxijDBs3', 'hPOxQvIXsh', 'dYZxBZ8dkl', 'b3rx8do5Zj', 'DMExrZy2Ie', 'BD8xjcQwPg', 'FWVxNIZsFG'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.3739f40.1.raw.unpack, mfWdck4R7hMAtTUP7X.csHigh entropy of concatenated method names: 'Dispose', 'x6laR5lsmY', 'IggmQgZr80', 'yE7ffbLELY', 'z9EaUMyr1v', 'oPsazD9tEy', 'ProcessDialogKey', 'yjIm5CHZ9O', 'kO0ma2L9eL', 'iOCmmQ3iLg'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.3739f40.1.raw.unpack, vJxsBA6Hg0sLVIZD5h.csHigh entropy of concatenated method names: 'hudbWT840e', 'w8BbTWxZQU', 'C9TEBpDWts', 'vpFE8gMkQV', 'Qn5Er66Xvp', 'HyCEjMJtcP', 'P9QENFPO4u', 'HHSEK9s7Ew', 'JXbEfK6D76', 'TXlE0nU6Hg'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.3739f40.1.raw.unpack, vxYAgrcRRwupFi3Z1a.csHigh entropy of concatenated method names: 'fbK4lniWnG', 'iqD4iqq00E', 'ALA4XJbgVR', 'DBM4ZcEr0v', 'TdE4o97Ydm', 'egW4q4jkbl', 'hQL4vS0jLo', 'NKU4epFTg7', 'fjF4Rj3xk8', 'Mgt4UqaPZ5'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.3739f40.1.raw.unpack, njqRQONO2sdsf9mrQM.csHigh entropy of concatenated method names: 'jIp3FLd0DE', 'GDe3ENontH', 'TCt3CREZtu', 'iiaCU92JfK', 'ahHCzaKcCj', 'Ro1353gLJ1', 'N3L3aLgRGi', 'jCA3mgGG6W', 'uKB3O3Mbq5', 'NSn39wKjbp'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.3739f40.1.raw.unpack, Nnl4r7qKGePXGORp0o.csHigh entropy of concatenated method names: 'r38deCKOyE', 'MKwdUfHtKo', 'XLR75FJlIP', 'lnQ7aSYIPb', 'nOIdM3X0IN', 'nWrdDBsnI8', 'ETFduqaSAf', 'EnRdlV4eaG', 'NY1diSV1hk', 'lgadXhl2oM'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.3739f40.1.raw.unpack, G3iLg1UVawUgHv8WDb.csHigh entropy of concatenated method names: 'PcxkaQ6J6d', 'uaakOBxNOC', 'VQpk9YfTOp', 'WjikFmF0g6', 'npvk4sthA7', 'L34kbCPiNh', 'NdBkC3gZjr', 'eRi7v3uIil', 'fLa7e06D28', 'ux37Ro2Rjf'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.3739f40.1.raw.unpack, HVZ7oXXcpVUL4MCie1.csHigh entropy of concatenated method names: 'ToString', 'e9d2MnOjrL', 'V402QXbtRS', 'cgx2BuhEeD', 'skL28JQ9pv', 'SQO2rQ1mm8', 'O6u2jAvuE1', 'M8P2NlSSIM', 'WyJ2K8a6sX', 'VST2fxemfK'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.3739f40.1.raw.unpack, KYubDpzbRANERnZPo3.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'mFHkITjSmD', 'K5tkxOHfuC', 'iLmk2P7ZPr', 'sYSkdjMqxJ', 'xCpk7fZMlW', 'KDnkkXIxC9', 'NvhkLWV5uf'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.3739f40.1.raw.unpack, jiAdqvp1tcuHOXTHQR.csHigh entropy of concatenated method names: 'VepCHJdO2A', 'X4KC4i2xMo', 'NayCbutRy2', 'RosC3B9L4D', 'mcLChuu0i6', 'Sa4boeJM6c', 'BWFbq7wQin', 'S7VbvnwOk3', 'esYbeStggY', 'LY8bR4t2V3'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.6cf0000.4.raw.unpack, LNX5sF9k0IXCSdhhBb.csHigh entropy of concatenated method names: 'aHGa3xYAgr', 'XRwahupFi3', 'YPgan07jRh', 'aLCagwGJxs', 'nZDax5h3iA', 'qqva21tcuH', 'rRP6Y6gFe190B4rObL', 'mpswZn9XJH9fSMcrBq', 'D2PaauksUJ', 'xysaOgIskN'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.6cf0000.4.raw.unpack, tbsL7Rh7C9pm6j7Ar8.csHigh entropy of concatenated method names: 'yN3OHSXlLa', 'jiHOFoTHmV', 'OGWO4v5WZJ', 'MHhOE4f31A', 'm85ObJK2ly', 'S5lOC9srqJ', 'm8FO3OpVwT', 'Lx7Ohk88bQ', 'NBkOtfBRtm', 'b1aOnQPUQS'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.6cf0000.4.raw.unpack, SfTYrufVKNqinUMgYF.csHigh entropy of concatenated method names: 'D8X3AOdMt8', 'C2M3Ya3T1u', 'HAw31W0MNd', 'nae3VysRAv', 'DQo3WM5dWu', 'Goe3SqrTUr', 'yWN3T3KCNb', 'C5A3chyKL8', 'reS3P6HwJR', 'xwv36Ys5Nt'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.6cf0000.4.raw.unpack, nCHZ9ORhO02L9eLbOC.csHigh entropy of concatenated method names: 'fbC7pkdYa3', 'EU67Q5K62p', 'rYY7BQ8TKW', 'q4W78ki9GR', 'pM87lxVvpy', 'pk27rh7g66', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.6cf0000.4.raw.unpack, zpWlpUPPg07jRh5LCw.csHigh entropy of concatenated method names: 'g2TEVkuxbo', 'mP7ES2RPsn', 'EHmEcgmgnr', 'cneEP2kMEh', 'zU6ExjMC9C', 'TmeE2hnJn1', 'W2uEdKB1O9', 'BNnE71GDu9', 'ASREk9obot', 'wmNELrWhLN'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.6cf0000.4.raw.unpack, V3A75fa54JltvcmPudJ.csHigh entropy of concatenated method names: 'MhokAbLJBU', 'tvqkYOr9Io', 'wvBk1kAYUU', 'WFLkVYxxFf', 'q2wkWS7aGd', 'DJykSufpXl', 'X1JkTXrxfZ', 'Ssmkc5L44b', 'x12kPuiRSj', 'BWak6uifBb'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.6cf0000.4.raw.unpack, aT2I3aumfubbA8pScL.csHigh entropy of concatenated method names: 'NNyIcxW7iT', 'NTgIPgPXZC', 'tZKIpUko1G', 'lcEIQU1J0d', 'OlgI8uYU3k', 'MVsIr6qtYw', 'KdIIN3Wkhb', 'ie4IK8heoa', 'alPI0b2UoZ', 'i6HIMvYZWY'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.6cf0000.4.raw.unpack, dEMyr1evxPsD9tEyAj.csHigh entropy of concatenated method names: 'LKa7FxYZ9B', 'TQI74mldqE', 'ayn7E6TvBX', 'AlS7byelvQ', 'ffS7CvZrPs', 'FDs73IVfkf', 'mGm7hHmQrT', 'gZt7tTXAy1', 'rYB7nh0pc6', 'iBk7gTNs8y'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.6cf0000.4.raw.unpack, SvsV15mbg87NSelUQA.csHigh entropy of concatenated method names: 'PjL12Je9x', 'ySqVkvIdM', 'waISRFF7D', 'ecyTxbh7Q', 'P9tPBrLVX', 'Xun6ntZtw', 'm3Me90WL7h6aLOdCVc', 'Q75E3RGW9HtZRFKOER', 'S5H7DUued', 'wOsLf7H9j'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.6cf0000.4.raw.unpack, DOkC2PZsANcmtvjMvW.csHigh entropy of concatenated method names: 'ldvdnSyH34', 'PhvdgecTXp', 'ToString', 'GWcdFAFxKF', 'gkbd4tJsHR', 'Bt7dEV2hmX', 'xNGdbfwIW9', 'AjqdCPO4CF', 'MqOd3i5UaP', 'TEDdhMPIjV'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.6cf0000.4.raw.unpack, ABqk95aOjWmxbEc3ipi.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'FrwLl0r5Uo', 'S3SLiGbYhd', 'UZJLXFBVKj', 'Ah5LZiliQZ', 'cqxLoW7Hnl', 'iEFLqE9DPY', 'qXdLvAQLym'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.6cf0000.4.raw.unpack, QoWKkalsrcgwFy3YoD.csHigh entropy of concatenated method names: 'zFkx0m6tCC', 'kxyxDZpXt6', 'fRPxlBD1ch', 'okMxijDBs3', 'hPOxQvIXsh', 'dYZxBZ8dkl', 'b3rx8do5Zj', 'DMExrZy2Ie', 'BD8xjcQwPg', 'FWVxNIZsFG'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.6cf0000.4.raw.unpack, mfWdck4R7hMAtTUP7X.csHigh entropy of concatenated method names: 'Dispose', 'x6laR5lsmY', 'IggmQgZr80', 'yE7ffbLELY', 'z9EaUMyr1v', 'oPsazD9tEy', 'ProcessDialogKey', 'yjIm5CHZ9O', 'kO0ma2L9eL', 'iOCmmQ3iLg'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.6cf0000.4.raw.unpack, vJxsBA6Hg0sLVIZD5h.csHigh entropy of concatenated method names: 'hudbWT840e', 'w8BbTWxZQU', 'C9TEBpDWts', 'vpFE8gMkQV', 'Qn5Er66Xvp', 'HyCEjMJtcP', 'P9QENFPO4u', 'HHSEK9s7Ew', 'JXbEfK6D76', 'TXlE0nU6Hg'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.6cf0000.4.raw.unpack, vxYAgrcRRwupFi3Z1a.csHigh entropy of concatenated method names: 'fbK4lniWnG', 'iqD4iqq00E', 'ALA4XJbgVR', 'DBM4ZcEr0v', 'TdE4o97Ydm', 'egW4q4jkbl', 'hQL4vS0jLo', 'NKU4epFTg7', 'fjF4Rj3xk8', 'Mgt4UqaPZ5'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.6cf0000.4.raw.unpack, njqRQONO2sdsf9mrQM.csHigh entropy of concatenated method names: 'jIp3FLd0DE', 'GDe3ENontH', 'TCt3CREZtu', 'iiaCU92JfK', 'ahHCzaKcCj', 'Ro1353gLJ1', 'N3L3aLgRGi', 'jCA3mgGG6W', 'uKB3O3Mbq5', 'NSn39wKjbp'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.6cf0000.4.raw.unpack, Nnl4r7qKGePXGORp0o.csHigh entropy of concatenated method names: 'r38deCKOyE', 'MKwdUfHtKo', 'XLR75FJlIP', 'lnQ7aSYIPb', 'nOIdM3X0IN', 'nWrdDBsnI8', 'ETFduqaSAf', 'EnRdlV4eaG', 'NY1diSV1hk', 'lgadXhl2oM'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.6cf0000.4.raw.unpack, G3iLg1UVawUgHv8WDb.csHigh entropy of concatenated method names: 'PcxkaQ6J6d', 'uaakOBxNOC', 'VQpk9YfTOp', 'WjikFmF0g6', 'npvk4sthA7', 'L34kbCPiNh', 'NdBkC3gZjr', 'eRi7v3uIil', 'fLa7e06D28', 'ux37Ro2Rjf'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.6cf0000.4.raw.unpack, HVZ7oXXcpVUL4MCie1.csHigh entropy of concatenated method names: 'ToString', 'e9d2MnOjrL', 'V402QXbtRS', 'cgx2BuhEeD', 'skL28JQ9pv', 'SQO2rQ1mm8', 'O6u2jAvuE1', 'M8P2NlSSIM', 'WyJ2K8a6sX', 'VST2fxemfK'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.6cf0000.4.raw.unpack, KYubDpzbRANERnZPo3.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'mFHkITjSmD', 'K5tkxOHfuC', 'iLmk2P7ZPr', 'sYSkdjMqxJ', 'xCpk7fZMlW', 'KDnkkXIxC9', 'NvhkLWV5uf'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.6cf0000.4.raw.unpack, jiAdqvp1tcuHOXTHQR.csHigh entropy of concatenated method names: 'VepCHJdO2A', 'X4KC4i2xMo', 'NayCbutRy2', 'RosC3B9L4D', 'mcLChuu0i6', 'Sa4boeJM6c', 'BWFbq7wQin', 'S7VbvnwOk3', 'esYbeStggY', 'LY8bR4t2V3'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.38e0768.2.raw.unpack, LNX5sF9k0IXCSdhhBb.csHigh entropy of concatenated method names: 'aHGa3xYAgr', 'XRwahupFi3', 'YPgan07jRh', 'aLCagwGJxs', 'nZDax5h3iA', 'qqva21tcuH', 'rRP6Y6gFe190B4rObL', 'mpswZn9XJH9fSMcrBq', 'D2PaauksUJ', 'xysaOgIskN'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.38e0768.2.raw.unpack, tbsL7Rh7C9pm6j7Ar8.csHigh entropy of concatenated method names: 'yN3OHSXlLa', 'jiHOFoTHmV', 'OGWO4v5WZJ', 'MHhOE4f31A', 'm85ObJK2ly', 'S5lOC9srqJ', 'm8FO3OpVwT', 'Lx7Ohk88bQ', 'NBkOtfBRtm', 'b1aOnQPUQS'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.38e0768.2.raw.unpack, SfTYrufVKNqinUMgYF.csHigh entropy of concatenated method names: 'D8X3AOdMt8', 'C2M3Ya3T1u', 'HAw31W0MNd', 'nae3VysRAv', 'DQo3WM5dWu', 'Goe3SqrTUr', 'yWN3T3KCNb', 'C5A3chyKL8', 'reS3P6HwJR', 'xwv36Ys5Nt'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.38e0768.2.raw.unpack, nCHZ9ORhO02L9eLbOC.csHigh entropy of concatenated method names: 'fbC7pkdYa3', 'EU67Q5K62p', 'rYY7BQ8TKW', 'q4W78ki9GR', 'pM87lxVvpy', 'pk27rh7g66', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.38e0768.2.raw.unpack, zpWlpUPPg07jRh5LCw.csHigh entropy of concatenated method names: 'g2TEVkuxbo', 'mP7ES2RPsn', 'EHmEcgmgnr', 'cneEP2kMEh', 'zU6ExjMC9C', 'TmeE2hnJn1', 'W2uEdKB1O9', 'BNnE71GDu9', 'ASREk9obot', 'wmNELrWhLN'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.38e0768.2.raw.unpack, V3A75fa54JltvcmPudJ.csHigh entropy of concatenated method names: 'MhokAbLJBU', 'tvqkYOr9Io', 'wvBk1kAYUU', 'WFLkVYxxFf', 'q2wkWS7aGd', 'DJykSufpXl', 'X1JkTXrxfZ', 'Ssmkc5L44b', 'x12kPuiRSj', 'BWak6uifBb'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.38e0768.2.raw.unpack, aT2I3aumfubbA8pScL.csHigh entropy of concatenated method names: 'NNyIcxW7iT', 'NTgIPgPXZC', 'tZKIpUko1G', 'lcEIQU1J0d', 'OlgI8uYU3k', 'MVsIr6qtYw', 'KdIIN3Wkhb', 'ie4IK8heoa', 'alPI0b2UoZ', 'i6HIMvYZWY'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.38e0768.2.raw.unpack, dEMyr1evxPsD9tEyAj.csHigh entropy of concatenated method names: 'LKa7FxYZ9B', 'TQI74mldqE', 'ayn7E6TvBX', 'AlS7byelvQ', 'ffS7CvZrPs', 'FDs73IVfkf', 'mGm7hHmQrT', 'gZt7tTXAy1', 'rYB7nh0pc6', 'iBk7gTNs8y'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.38e0768.2.raw.unpack, SvsV15mbg87NSelUQA.csHigh entropy of concatenated method names: 'PjL12Je9x', 'ySqVkvIdM', 'waISRFF7D', 'ecyTxbh7Q', 'P9tPBrLVX', 'Xun6ntZtw', 'm3Me90WL7h6aLOdCVc', 'Q75E3RGW9HtZRFKOER', 'S5H7DUued', 'wOsLf7H9j'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.38e0768.2.raw.unpack, DOkC2PZsANcmtvjMvW.csHigh entropy of concatenated method names: 'ldvdnSyH34', 'PhvdgecTXp', 'ToString', 'GWcdFAFxKF', 'gkbd4tJsHR', 'Bt7dEV2hmX', 'xNGdbfwIW9', 'AjqdCPO4CF', 'MqOd3i5UaP', 'TEDdhMPIjV'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.38e0768.2.raw.unpack, ABqk95aOjWmxbEc3ipi.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'FrwLl0r5Uo', 'S3SLiGbYhd', 'UZJLXFBVKj', 'Ah5LZiliQZ', 'cqxLoW7Hnl', 'iEFLqE9DPY', 'qXdLvAQLym'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.38e0768.2.raw.unpack, QoWKkalsrcgwFy3YoD.csHigh entropy of concatenated method names: 'zFkx0m6tCC', 'kxyxDZpXt6', 'fRPxlBD1ch', 'okMxijDBs3', 'hPOxQvIXsh', 'dYZxBZ8dkl', 'b3rx8do5Zj', 'DMExrZy2Ie', 'BD8xjcQwPg', 'FWVxNIZsFG'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.38e0768.2.raw.unpack, mfWdck4R7hMAtTUP7X.csHigh entropy of concatenated method names: 'Dispose', 'x6laR5lsmY', 'IggmQgZr80', 'yE7ffbLELY', 'z9EaUMyr1v', 'oPsazD9tEy', 'ProcessDialogKey', 'yjIm5CHZ9O', 'kO0ma2L9eL', 'iOCmmQ3iLg'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.38e0768.2.raw.unpack, vJxsBA6Hg0sLVIZD5h.csHigh entropy of concatenated method names: 'hudbWT840e', 'w8BbTWxZQU', 'C9TEBpDWts', 'vpFE8gMkQV', 'Qn5Er66Xvp', 'HyCEjMJtcP', 'P9QENFPO4u', 'HHSEK9s7Ew', 'JXbEfK6D76', 'TXlE0nU6Hg'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.38e0768.2.raw.unpack, vxYAgrcRRwupFi3Z1a.csHigh entropy of concatenated method names: 'fbK4lniWnG', 'iqD4iqq00E', 'ALA4XJbgVR', 'DBM4ZcEr0v', 'TdE4o97Ydm', 'egW4q4jkbl', 'hQL4vS0jLo', 'NKU4epFTg7', 'fjF4Rj3xk8', 'Mgt4UqaPZ5'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.38e0768.2.raw.unpack, njqRQONO2sdsf9mrQM.csHigh entropy of concatenated method names: 'jIp3FLd0DE', 'GDe3ENontH', 'TCt3CREZtu', 'iiaCU92JfK', 'ahHCzaKcCj', 'Ro1353gLJ1', 'N3L3aLgRGi', 'jCA3mgGG6W', 'uKB3O3Mbq5', 'NSn39wKjbp'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.38e0768.2.raw.unpack, Nnl4r7qKGePXGORp0o.csHigh entropy of concatenated method names: 'r38deCKOyE', 'MKwdUfHtKo', 'XLR75FJlIP', 'lnQ7aSYIPb', 'nOIdM3X0IN', 'nWrdDBsnI8', 'ETFduqaSAf', 'EnRdlV4eaG', 'NY1diSV1hk', 'lgadXhl2oM'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.38e0768.2.raw.unpack, G3iLg1UVawUgHv8WDb.csHigh entropy of concatenated method names: 'PcxkaQ6J6d', 'uaakOBxNOC', 'VQpk9YfTOp', 'WjikFmF0g6', 'npvk4sthA7', 'L34kbCPiNh', 'NdBkC3gZjr', 'eRi7v3uIil', 'fLa7e06D28', 'ux37Ro2Rjf'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.38e0768.2.raw.unpack, HVZ7oXXcpVUL4MCie1.csHigh entropy of concatenated method names: 'ToString', 'e9d2MnOjrL', 'V402QXbtRS', 'cgx2BuhEeD', 'skL28JQ9pv', 'SQO2rQ1mm8', 'O6u2jAvuE1', 'M8P2NlSSIM', 'WyJ2K8a6sX', 'VST2fxemfK'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.38e0768.2.raw.unpack, KYubDpzbRANERnZPo3.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'mFHkITjSmD', 'K5tkxOHfuC', 'iLmk2P7ZPr', 'sYSkdjMqxJ', 'xCpk7fZMlW', 'KDnkkXIxC9', 'NvhkLWV5uf'
            Source: 0.2.Quote Request - Project FMD2024UOS..exe.38e0768.2.raw.unpack, jiAdqvp1tcuHOXTHQR.csHigh entropy of concatenated method names: 'VepCHJdO2A', 'X4KC4i2xMo', 'NayCbutRy2', 'RosC3B9L4D', 'mcLChuu0i6', 'Sa4boeJM6c', 'BWFbq7wQin', 'S7VbvnwOk3', 'esYbeStggY', 'LY8bR4t2V3'
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: Quote Request - Project FMD2024UOS..exe PID: 4424, type: MEMORYSTR
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeMemory allocated: C40000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeMemory allocated: 2620000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeMemory allocated: 4620000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeMemory allocated: 73B0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeMemory allocated: 83B0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeMemory allocated: 8560000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeMemory allocated: 9560000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0146096E rdtsc 4_2_0146096E
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeAPI coverage: 0.6 %
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exe TID: 1968Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exe TID: 4196Thread sleep time: -30000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: Quote Request - Project FMD2024UOS..exe, 00000000.00000002.2049713455.000000000384D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: LvmCIS8TUL
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0146096E rdtsc 4_2_0146096E
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_004175B3 LdrLoadDll,4_2_004175B3
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014B4144 mov eax, dword ptr fs:[00000030h]4_2_014B4144
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014B4144 mov eax, dword ptr fs:[00000030h]4_2_014B4144
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014B4144 mov ecx, dword ptr fs:[00000030h]4_2_014B4144
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014B4144 mov eax, dword ptr fs:[00000030h]4_2_014B4144
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014B4144 mov eax, dword ptr fs:[00000030h]4_2_014B4144
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014B8158 mov eax, dword ptr fs:[00000030h]4_2_014B8158
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01426154 mov eax, dword ptr fs:[00000030h]4_2_01426154
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01426154 mov eax, dword ptr fs:[00000030h]4_2_01426154
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0141C156 mov eax, dword ptr fs:[00000030h]4_2_0141C156
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014F4164 mov eax, dword ptr fs:[00000030h]4_2_014F4164
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014F4164 mov eax, dword ptr fs:[00000030h]4_2_014F4164
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014CE10E mov eax, dword ptr fs:[00000030h]4_2_014CE10E
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014CE10E mov ecx, dword ptr fs:[00000030h]4_2_014CE10E
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014CE10E mov eax, dword ptr fs:[00000030h]4_2_014CE10E
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014CE10E mov eax, dword ptr fs:[00000030h]4_2_014CE10E
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014CE10E mov ecx, dword ptr fs:[00000030h]4_2_014CE10E
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014CE10E mov eax, dword ptr fs:[00000030h]4_2_014CE10E
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014CE10E mov eax, dword ptr fs:[00000030h]4_2_014CE10E
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014CE10E mov ecx, dword ptr fs:[00000030h]4_2_014CE10E
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014CE10E mov eax, dword ptr fs:[00000030h]4_2_014CE10E
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014CE10E mov ecx, dword ptr fs:[00000030h]4_2_014CE10E
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014CA118 mov ecx, dword ptr fs:[00000030h]4_2_014CA118
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014CA118 mov eax, dword ptr fs:[00000030h]4_2_014CA118
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014CA118 mov eax, dword ptr fs:[00000030h]4_2_014CA118
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014CA118 mov eax, dword ptr fs:[00000030h]4_2_014CA118
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014E0115 mov eax, dword ptr fs:[00000030h]4_2_014E0115
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01450124 mov eax, dword ptr fs:[00000030h]4_2_01450124
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014E61C3 mov eax, dword ptr fs:[00000030h]4_2_014E61C3
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014E61C3 mov eax, dword ptr fs:[00000030h]4_2_014E61C3
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0149E1D0 mov eax, dword ptr fs:[00000030h]4_2_0149E1D0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0149E1D0 mov eax, dword ptr fs:[00000030h]4_2_0149E1D0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0149E1D0 mov ecx, dword ptr fs:[00000030h]4_2_0149E1D0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0149E1D0 mov eax, dword ptr fs:[00000030h]4_2_0149E1D0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0149E1D0 mov eax, dword ptr fs:[00000030h]4_2_0149E1D0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014F61E5 mov eax, dword ptr fs:[00000030h]4_2_014F61E5
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014501F8 mov eax, dword ptr fs:[00000030h]4_2_014501F8
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01460185 mov eax, dword ptr fs:[00000030h]4_2_01460185
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014DC188 mov eax, dword ptr fs:[00000030h]4_2_014DC188
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014DC188 mov eax, dword ptr fs:[00000030h]4_2_014DC188
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014C4180 mov eax, dword ptr fs:[00000030h]4_2_014C4180
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014C4180 mov eax, dword ptr fs:[00000030h]4_2_014C4180
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A019F mov eax, dword ptr fs:[00000030h]4_2_014A019F
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A019F mov eax, dword ptr fs:[00000030h]4_2_014A019F
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A019F mov eax, dword ptr fs:[00000030h]4_2_014A019F
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A019F mov eax, dword ptr fs:[00000030h]4_2_014A019F
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0141A197 mov eax, dword ptr fs:[00000030h]4_2_0141A197
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0141A197 mov eax, dword ptr fs:[00000030h]4_2_0141A197
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0141A197 mov eax, dword ptr fs:[00000030h]4_2_0141A197
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01422050 mov eax, dword ptr fs:[00000030h]4_2_01422050
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A6050 mov eax, dword ptr fs:[00000030h]4_2_014A6050
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0144C073 mov eax, dword ptr fs:[00000030h]4_2_0144C073
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A4000 mov ecx, dword ptr fs:[00000030h]4_2_014A4000
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014C2000 mov eax, dword ptr fs:[00000030h]4_2_014C2000
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014C2000 mov eax, dword ptr fs:[00000030h]4_2_014C2000
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014C2000 mov eax, dword ptr fs:[00000030h]4_2_014C2000
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014C2000 mov eax, dword ptr fs:[00000030h]4_2_014C2000
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014C2000 mov eax, dword ptr fs:[00000030h]4_2_014C2000
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014C2000 mov eax, dword ptr fs:[00000030h]4_2_014C2000
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014C2000 mov eax, dword ptr fs:[00000030h]4_2_014C2000
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014C2000 mov eax, dword ptr fs:[00000030h]4_2_014C2000
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0143E016 mov eax, dword ptr fs:[00000030h]4_2_0143E016
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0143E016 mov eax, dword ptr fs:[00000030h]4_2_0143E016
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0143E016 mov eax, dword ptr fs:[00000030h]4_2_0143E016
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0143E016 mov eax, dword ptr fs:[00000030h]4_2_0143E016
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0141A020 mov eax, dword ptr fs:[00000030h]4_2_0141A020
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0141C020 mov eax, dword ptr fs:[00000030h]4_2_0141C020
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014B6030 mov eax, dword ptr fs:[00000030h]4_2_014B6030
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A20DE mov eax, dword ptr fs:[00000030h]4_2_014A20DE
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0141A0E3 mov ecx, dword ptr fs:[00000030h]4_2_0141A0E3
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A60E0 mov eax, dword ptr fs:[00000030h]4_2_014A60E0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014280E9 mov eax, dword ptr fs:[00000030h]4_2_014280E9
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0141C0F0 mov eax, dword ptr fs:[00000030h]4_2_0141C0F0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014620F0 mov ecx, dword ptr fs:[00000030h]4_2_014620F0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0142208A mov eax, dword ptr fs:[00000030h]4_2_0142208A
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014180A0 mov eax, dword ptr fs:[00000030h]4_2_014180A0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014B80A8 mov eax, dword ptr fs:[00000030h]4_2_014B80A8
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014E60B8 mov eax, dword ptr fs:[00000030h]4_2_014E60B8
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014E60B8 mov ecx, dword ptr fs:[00000030h]4_2_014E60B8
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014F634F mov eax, dword ptr fs:[00000030h]4_2_014F634F
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A2349 mov eax, dword ptr fs:[00000030h]4_2_014A2349
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A2349 mov eax, dword ptr fs:[00000030h]4_2_014A2349
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A2349 mov eax, dword ptr fs:[00000030h]4_2_014A2349
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A2349 mov eax, dword ptr fs:[00000030h]4_2_014A2349
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A2349 mov eax, dword ptr fs:[00000030h]4_2_014A2349
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A2349 mov eax, dword ptr fs:[00000030h]4_2_014A2349
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A2349 mov eax, dword ptr fs:[00000030h]4_2_014A2349
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A2349 mov eax, dword ptr fs:[00000030h]4_2_014A2349
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A2349 mov eax, dword ptr fs:[00000030h]4_2_014A2349
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A2349 mov eax, dword ptr fs:[00000030h]4_2_014A2349
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A2349 mov eax, dword ptr fs:[00000030h]4_2_014A2349
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A2349 mov eax, dword ptr fs:[00000030h]4_2_014A2349
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A2349 mov eax, dword ptr fs:[00000030h]4_2_014A2349
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A2349 mov eax, dword ptr fs:[00000030h]4_2_014A2349
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A2349 mov eax, dword ptr fs:[00000030h]4_2_014A2349
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A035C mov eax, dword ptr fs:[00000030h]4_2_014A035C
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A035C mov eax, dword ptr fs:[00000030h]4_2_014A035C
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A035C mov eax, dword ptr fs:[00000030h]4_2_014A035C
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A035C mov ecx, dword ptr fs:[00000030h]4_2_014A035C
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A035C mov eax, dword ptr fs:[00000030h]4_2_014A035C
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A035C mov eax, dword ptr fs:[00000030h]4_2_014A035C
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014EA352 mov eax, dword ptr fs:[00000030h]4_2_014EA352
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014C8350 mov ecx, dword ptr fs:[00000030h]4_2_014C8350
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014C437C mov eax, dword ptr fs:[00000030h]4_2_014C437C
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145A30B mov eax, dword ptr fs:[00000030h]4_2_0145A30B
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145A30B mov eax, dword ptr fs:[00000030h]4_2_0145A30B
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145A30B mov eax, dword ptr fs:[00000030h]4_2_0145A30B
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0141C310 mov ecx, dword ptr fs:[00000030h]4_2_0141C310
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01440310 mov ecx, dword ptr fs:[00000030h]4_2_01440310
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014F8324 mov eax, dword ptr fs:[00000030h]4_2_014F8324
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014F8324 mov ecx, dword ptr fs:[00000030h]4_2_014F8324
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014F8324 mov eax, dword ptr fs:[00000030h]4_2_014F8324
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014F8324 mov eax, dword ptr fs:[00000030h]4_2_014F8324
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014DC3CD mov eax, dword ptr fs:[00000030h]4_2_014DC3CD
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0142A3C0 mov eax, dword ptr fs:[00000030h]4_2_0142A3C0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0142A3C0 mov eax, dword ptr fs:[00000030h]4_2_0142A3C0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0142A3C0 mov eax, dword ptr fs:[00000030h]4_2_0142A3C0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0142A3C0 mov eax, dword ptr fs:[00000030h]4_2_0142A3C0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0142A3C0 mov eax, dword ptr fs:[00000030h]4_2_0142A3C0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0142A3C0 mov eax, dword ptr fs:[00000030h]4_2_0142A3C0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014283C0 mov eax, dword ptr fs:[00000030h]4_2_014283C0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014283C0 mov eax, dword ptr fs:[00000030h]4_2_014283C0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014283C0 mov eax, dword ptr fs:[00000030h]4_2_014283C0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014283C0 mov eax, dword ptr fs:[00000030h]4_2_014283C0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A63C0 mov eax, dword ptr fs:[00000030h]4_2_014A63C0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014CE3DB mov eax, dword ptr fs:[00000030h]4_2_014CE3DB
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014CE3DB mov eax, dword ptr fs:[00000030h]4_2_014CE3DB
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014CE3DB mov ecx, dword ptr fs:[00000030h]4_2_014CE3DB
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014CE3DB mov eax, dword ptr fs:[00000030h]4_2_014CE3DB
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014C43D4 mov eax, dword ptr fs:[00000030h]4_2_014C43D4
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014C43D4 mov eax, dword ptr fs:[00000030h]4_2_014C43D4
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014303E9 mov eax, dword ptr fs:[00000030h]4_2_014303E9
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014303E9 mov eax, dword ptr fs:[00000030h]4_2_014303E9
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014303E9 mov eax, dword ptr fs:[00000030h]4_2_014303E9
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014303E9 mov eax, dword ptr fs:[00000030h]4_2_014303E9
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014303E9 mov eax, dword ptr fs:[00000030h]4_2_014303E9
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014303E9 mov eax, dword ptr fs:[00000030h]4_2_014303E9
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014303E9 mov eax, dword ptr fs:[00000030h]4_2_014303E9
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014303E9 mov eax, dword ptr fs:[00000030h]4_2_014303E9
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0143E3F0 mov eax, dword ptr fs:[00000030h]4_2_0143E3F0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0143E3F0 mov eax, dword ptr fs:[00000030h]4_2_0143E3F0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0143E3F0 mov eax, dword ptr fs:[00000030h]4_2_0143E3F0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014563FF mov eax, dword ptr fs:[00000030h]4_2_014563FF
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0141E388 mov eax, dword ptr fs:[00000030h]4_2_0141E388
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0141E388 mov eax, dword ptr fs:[00000030h]4_2_0141E388
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0141E388 mov eax, dword ptr fs:[00000030h]4_2_0141E388
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0144438F mov eax, dword ptr fs:[00000030h]4_2_0144438F
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0144438F mov eax, dword ptr fs:[00000030h]4_2_0144438F
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01418397 mov eax, dword ptr fs:[00000030h]4_2_01418397
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01418397 mov eax, dword ptr fs:[00000030h]4_2_01418397
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01418397 mov eax, dword ptr fs:[00000030h]4_2_01418397
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A8243 mov eax, dword ptr fs:[00000030h]4_2_014A8243
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A8243 mov ecx, dword ptr fs:[00000030h]4_2_014A8243
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0141A250 mov eax, dword ptr fs:[00000030h]4_2_0141A250
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014F625D mov eax, dword ptr fs:[00000030h]4_2_014F625D
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01426259 mov eax, dword ptr fs:[00000030h]4_2_01426259
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014DA250 mov eax, dword ptr fs:[00000030h]4_2_014DA250
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014DA250 mov eax, dword ptr fs:[00000030h]4_2_014DA250
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01424260 mov eax, dword ptr fs:[00000030h]4_2_01424260
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01424260 mov eax, dword ptr fs:[00000030h]4_2_01424260
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01424260 mov eax, dword ptr fs:[00000030h]4_2_01424260
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0141826B mov eax, dword ptr fs:[00000030h]4_2_0141826B
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014D0274 mov eax, dword ptr fs:[00000030h]4_2_014D0274
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014D0274 mov eax, dword ptr fs:[00000030h]4_2_014D0274
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014D0274 mov eax, dword ptr fs:[00000030h]4_2_014D0274
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014D0274 mov eax, dword ptr fs:[00000030h]4_2_014D0274
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014D0274 mov eax, dword ptr fs:[00000030h]4_2_014D0274
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014D0274 mov eax, dword ptr fs:[00000030h]4_2_014D0274
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014D0274 mov eax, dword ptr fs:[00000030h]4_2_014D0274
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014D0274 mov eax, dword ptr fs:[00000030h]4_2_014D0274
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014D0274 mov eax, dword ptr fs:[00000030h]4_2_014D0274
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014D0274 mov eax, dword ptr fs:[00000030h]4_2_014D0274
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014D0274 mov eax, dword ptr fs:[00000030h]4_2_014D0274
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014D0274 mov eax, dword ptr fs:[00000030h]4_2_014D0274
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0141823B mov eax, dword ptr fs:[00000030h]4_2_0141823B
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0142A2C3 mov eax, dword ptr fs:[00000030h]4_2_0142A2C3
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0142A2C3 mov eax, dword ptr fs:[00000030h]4_2_0142A2C3
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0142A2C3 mov eax, dword ptr fs:[00000030h]4_2_0142A2C3
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0142A2C3 mov eax, dword ptr fs:[00000030h]4_2_0142A2C3
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0142A2C3 mov eax, dword ptr fs:[00000030h]4_2_0142A2C3
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014F62D6 mov eax, dword ptr fs:[00000030h]4_2_014F62D6
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014302E1 mov eax, dword ptr fs:[00000030h]4_2_014302E1
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014302E1 mov eax, dword ptr fs:[00000030h]4_2_014302E1
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014302E1 mov eax, dword ptr fs:[00000030h]4_2_014302E1
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145E284 mov eax, dword ptr fs:[00000030h]4_2_0145E284
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145E284 mov eax, dword ptr fs:[00000030h]4_2_0145E284
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A0283 mov eax, dword ptr fs:[00000030h]4_2_014A0283
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A0283 mov eax, dword ptr fs:[00000030h]4_2_014A0283
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A0283 mov eax, dword ptr fs:[00000030h]4_2_014A0283
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014302A0 mov eax, dword ptr fs:[00000030h]4_2_014302A0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014302A0 mov eax, dword ptr fs:[00000030h]4_2_014302A0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014B62A0 mov eax, dword ptr fs:[00000030h]4_2_014B62A0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014B62A0 mov ecx, dword ptr fs:[00000030h]4_2_014B62A0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014B62A0 mov eax, dword ptr fs:[00000030h]4_2_014B62A0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014B62A0 mov eax, dword ptr fs:[00000030h]4_2_014B62A0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014B62A0 mov eax, dword ptr fs:[00000030h]4_2_014B62A0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014B62A0 mov eax, dword ptr fs:[00000030h]4_2_014B62A0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01428550 mov eax, dword ptr fs:[00000030h]4_2_01428550
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01428550 mov eax, dword ptr fs:[00000030h]4_2_01428550
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145656A mov eax, dword ptr fs:[00000030h]4_2_0145656A
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145656A mov eax, dword ptr fs:[00000030h]4_2_0145656A
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145656A mov eax, dword ptr fs:[00000030h]4_2_0145656A
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014B6500 mov eax, dword ptr fs:[00000030h]4_2_014B6500
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014F4500 mov eax, dword ptr fs:[00000030h]4_2_014F4500
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014F4500 mov eax, dword ptr fs:[00000030h]4_2_014F4500
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014F4500 mov eax, dword ptr fs:[00000030h]4_2_014F4500
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014F4500 mov eax, dword ptr fs:[00000030h]4_2_014F4500
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014F4500 mov eax, dword ptr fs:[00000030h]4_2_014F4500
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014F4500 mov eax, dword ptr fs:[00000030h]4_2_014F4500
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014F4500 mov eax, dword ptr fs:[00000030h]4_2_014F4500
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01430535 mov eax, dword ptr fs:[00000030h]4_2_01430535
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01430535 mov eax, dword ptr fs:[00000030h]4_2_01430535
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01430535 mov eax, dword ptr fs:[00000030h]4_2_01430535
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01430535 mov eax, dword ptr fs:[00000030h]4_2_01430535
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01430535 mov eax, dword ptr fs:[00000030h]4_2_01430535
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01430535 mov eax, dword ptr fs:[00000030h]4_2_01430535
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0144E53E mov eax, dword ptr fs:[00000030h]4_2_0144E53E
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0144E53E mov eax, dword ptr fs:[00000030h]4_2_0144E53E
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0144E53E mov eax, dword ptr fs:[00000030h]4_2_0144E53E
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0144E53E mov eax, dword ptr fs:[00000030h]4_2_0144E53E
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0144E53E mov eax, dword ptr fs:[00000030h]4_2_0144E53E
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145E5CF mov eax, dword ptr fs:[00000030h]4_2_0145E5CF
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145E5CF mov eax, dword ptr fs:[00000030h]4_2_0145E5CF
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014265D0 mov eax, dword ptr fs:[00000030h]4_2_014265D0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145A5D0 mov eax, dword ptr fs:[00000030h]4_2_0145A5D0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145A5D0 mov eax, dword ptr fs:[00000030h]4_2_0145A5D0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014225E0 mov eax, dword ptr fs:[00000030h]4_2_014225E0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0144E5E7 mov eax, dword ptr fs:[00000030h]4_2_0144E5E7
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0144E5E7 mov eax, dword ptr fs:[00000030h]4_2_0144E5E7
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0144E5E7 mov eax, dword ptr fs:[00000030h]4_2_0144E5E7
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0144E5E7 mov eax, dword ptr fs:[00000030h]4_2_0144E5E7
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0144E5E7 mov eax, dword ptr fs:[00000030h]4_2_0144E5E7
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0144E5E7 mov eax, dword ptr fs:[00000030h]4_2_0144E5E7
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0144E5E7 mov eax, dword ptr fs:[00000030h]4_2_0144E5E7
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0144E5E7 mov eax, dword ptr fs:[00000030h]4_2_0144E5E7
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145C5ED mov eax, dword ptr fs:[00000030h]4_2_0145C5ED
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145C5ED mov eax, dword ptr fs:[00000030h]4_2_0145C5ED
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01422582 mov eax, dword ptr fs:[00000030h]4_2_01422582
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01422582 mov ecx, dword ptr fs:[00000030h]4_2_01422582
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01454588 mov eax, dword ptr fs:[00000030h]4_2_01454588
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145E59C mov eax, dword ptr fs:[00000030h]4_2_0145E59C
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A05A7 mov eax, dword ptr fs:[00000030h]4_2_014A05A7
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A05A7 mov eax, dword ptr fs:[00000030h]4_2_014A05A7
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A05A7 mov eax, dword ptr fs:[00000030h]4_2_014A05A7
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014445B1 mov eax, dword ptr fs:[00000030h]4_2_014445B1
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014445B1 mov eax, dword ptr fs:[00000030h]4_2_014445B1
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145E443 mov eax, dword ptr fs:[00000030h]4_2_0145E443
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145E443 mov eax, dword ptr fs:[00000030h]4_2_0145E443
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145E443 mov eax, dword ptr fs:[00000030h]4_2_0145E443
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145E443 mov eax, dword ptr fs:[00000030h]4_2_0145E443
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145E443 mov eax, dword ptr fs:[00000030h]4_2_0145E443
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145E443 mov eax, dword ptr fs:[00000030h]4_2_0145E443
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145E443 mov eax, dword ptr fs:[00000030h]4_2_0145E443
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145E443 mov eax, dword ptr fs:[00000030h]4_2_0145E443
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014DA456 mov eax, dword ptr fs:[00000030h]4_2_014DA456
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0141645D mov eax, dword ptr fs:[00000030h]4_2_0141645D
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0144245A mov eax, dword ptr fs:[00000030h]4_2_0144245A
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014AC460 mov ecx, dword ptr fs:[00000030h]4_2_014AC460
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0144A470 mov eax, dword ptr fs:[00000030h]4_2_0144A470
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0144A470 mov eax, dword ptr fs:[00000030h]4_2_0144A470
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0144A470 mov eax, dword ptr fs:[00000030h]4_2_0144A470
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01458402 mov eax, dword ptr fs:[00000030h]4_2_01458402
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01458402 mov eax, dword ptr fs:[00000030h]4_2_01458402
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01458402 mov eax, dword ptr fs:[00000030h]4_2_01458402
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0141E420 mov eax, dword ptr fs:[00000030h]4_2_0141E420
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0141E420 mov eax, dword ptr fs:[00000030h]4_2_0141E420
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0141E420 mov eax, dword ptr fs:[00000030h]4_2_0141E420
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0141C427 mov eax, dword ptr fs:[00000030h]4_2_0141C427
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A6420 mov eax, dword ptr fs:[00000030h]4_2_014A6420
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A6420 mov eax, dword ptr fs:[00000030h]4_2_014A6420
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A6420 mov eax, dword ptr fs:[00000030h]4_2_014A6420
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A6420 mov eax, dword ptr fs:[00000030h]4_2_014A6420
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A6420 mov eax, dword ptr fs:[00000030h]4_2_014A6420
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A6420 mov eax, dword ptr fs:[00000030h]4_2_014A6420
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A6420 mov eax, dword ptr fs:[00000030h]4_2_014A6420
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145A430 mov eax, dword ptr fs:[00000030h]4_2_0145A430
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014204E5 mov ecx, dword ptr fs:[00000030h]4_2_014204E5
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014DA49A mov eax, dword ptr fs:[00000030h]4_2_014DA49A
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014264AB mov eax, dword ptr fs:[00000030h]4_2_014264AB
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014544B0 mov ecx, dword ptr fs:[00000030h]4_2_014544B0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014AA4B0 mov eax, dword ptr fs:[00000030h]4_2_014AA4B0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145674D mov esi, dword ptr fs:[00000030h]4_2_0145674D
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145674D mov eax, dword ptr fs:[00000030h]4_2_0145674D
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145674D mov eax, dword ptr fs:[00000030h]4_2_0145674D
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01420750 mov eax, dword ptr fs:[00000030h]4_2_01420750
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01462750 mov eax, dword ptr fs:[00000030h]4_2_01462750
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01462750 mov eax, dword ptr fs:[00000030h]4_2_01462750
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014AE75D mov eax, dword ptr fs:[00000030h]4_2_014AE75D
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A4755 mov eax, dword ptr fs:[00000030h]4_2_014A4755
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01428770 mov eax, dword ptr fs:[00000030h]4_2_01428770
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01430770 mov eax, dword ptr fs:[00000030h]4_2_01430770
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01430770 mov eax, dword ptr fs:[00000030h]4_2_01430770
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01430770 mov eax, dword ptr fs:[00000030h]4_2_01430770
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01430770 mov eax, dword ptr fs:[00000030h]4_2_01430770
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01430770 mov eax, dword ptr fs:[00000030h]4_2_01430770
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01430770 mov eax, dword ptr fs:[00000030h]4_2_01430770
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01430770 mov eax, dword ptr fs:[00000030h]4_2_01430770
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01430770 mov eax, dword ptr fs:[00000030h]4_2_01430770
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01430770 mov eax, dword ptr fs:[00000030h]4_2_01430770
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01430770 mov eax, dword ptr fs:[00000030h]4_2_01430770
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01430770 mov eax, dword ptr fs:[00000030h]4_2_01430770
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01430770 mov eax, dword ptr fs:[00000030h]4_2_01430770
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145C700 mov eax, dword ptr fs:[00000030h]4_2_0145C700
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01420710 mov eax, dword ptr fs:[00000030h]4_2_01420710
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01450710 mov eax, dword ptr fs:[00000030h]4_2_01450710
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145C720 mov eax, dword ptr fs:[00000030h]4_2_0145C720
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145C720 mov eax, dword ptr fs:[00000030h]4_2_0145C720
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145273C mov eax, dword ptr fs:[00000030h]4_2_0145273C
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145273C mov ecx, dword ptr fs:[00000030h]4_2_0145273C
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145273C mov eax, dword ptr fs:[00000030h]4_2_0145273C
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0149C730 mov eax, dword ptr fs:[00000030h]4_2_0149C730
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0142C7C0 mov eax, dword ptr fs:[00000030h]4_2_0142C7C0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A07C3 mov eax, dword ptr fs:[00000030h]4_2_014A07C3
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014427ED mov eax, dword ptr fs:[00000030h]4_2_014427ED
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014427ED mov eax, dword ptr fs:[00000030h]4_2_014427ED
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014427ED mov eax, dword ptr fs:[00000030h]4_2_014427ED
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014AE7E1 mov eax, dword ptr fs:[00000030h]4_2_014AE7E1
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014247FB mov eax, dword ptr fs:[00000030h]4_2_014247FB
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014247FB mov eax, dword ptr fs:[00000030h]4_2_014247FB
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014C678E mov eax, dword ptr fs:[00000030h]4_2_014C678E
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014207AF mov eax, dword ptr fs:[00000030h]4_2_014207AF
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014D47A0 mov eax, dword ptr fs:[00000030h]4_2_014D47A0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0143C640 mov eax, dword ptr fs:[00000030h]4_2_0143C640
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014E866E mov eax, dword ptr fs:[00000030h]4_2_014E866E
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014E866E mov eax, dword ptr fs:[00000030h]4_2_014E866E
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145A660 mov eax, dword ptr fs:[00000030h]4_2_0145A660
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145A660 mov eax, dword ptr fs:[00000030h]4_2_0145A660
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01452674 mov eax, dword ptr fs:[00000030h]4_2_01452674
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0149E609 mov eax, dword ptr fs:[00000030h]4_2_0149E609
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0143260B mov eax, dword ptr fs:[00000030h]4_2_0143260B
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0143260B mov eax, dword ptr fs:[00000030h]4_2_0143260B
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0143260B mov eax, dword ptr fs:[00000030h]4_2_0143260B
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0143260B mov eax, dword ptr fs:[00000030h]4_2_0143260B
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0143260B mov eax, dword ptr fs:[00000030h]4_2_0143260B
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0143260B mov eax, dword ptr fs:[00000030h]4_2_0143260B
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0143260B mov eax, dword ptr fs:[00000030h]4_2_0143260B
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01462619 mov eax, dword ptr fs:[00000030h]4_2_01462619
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0143E627 mov eax, dword ptr fs:[00000030h]4_2_0143E627
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01456620 mov eax, dword ptr fs:[00000030h]4_2_01456620
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01458620 mov eax, dword ptr fs:[00000030h]4_2_01458620
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0142262C mov eax, dword ptr fs:[00000030h]4_2_0142262C
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145A6C7 mov ebx, dword ptr fs:[00000030h]4_2_0145A6C7
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145A6C7 mov eax, dword ptr fs:[00000030h]4_2_0145A6C7
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0149E6F2 mov eax, dword ptr fs:[00000030h]4_2_0149E6F2
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0149E6F2 mov eax, dword ptr fs:[00000030h]4_2_0149E6F2
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0149E6F2 mov eax, dword ptr fs:[00000030h]4_2_0149E6F2
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0149E6F2 mov eax, dword ptr fs:[00000030h]4_2_0149E6F2
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A06F1 mov eax, dword ptr fs:[00000030h]4_2_014A06F1
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A06F1 mov eax, dword ptr fs:[00000030h]4_2_014A06F1
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01424690 mov eax, dword ptr fs:[00000030h]4_2_01424690
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01424690 mov eax, dword ptr fs:[00000030h]4_2_01424690
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145C6A6 mov eax, dword ptr fs:[00000030h]4_2_0145C6A6
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014566B0 mov eax, dword ptr fs:[00000030h]4_2_014566B0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A0946 mov eax, dword ptr fs:[00000030h]4_2_014A0946
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014F4940 mov eax, dword ptr fs:[00000030h]4_2_014F4940
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01446962 mov eax, dword ptr fs:[00000030h]4_2_01446962
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01446962 mov eax, dword ptr fs:[00000030h]4_2_01446962
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01446962 mov eax, dword ptr fs:[00000030h]4_2_01446962
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0146096E mov eax, dword ptr fs:[00000030h]4_2_0146096E
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0146096E mov edx, dword ptr fs:[00000030h]4_2_0146096E
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0146096E mov eax, dword ptr fs:[00000030h]4_2_0146096E
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014C4978 mov eax, dword ptr fs:[00000030h]4_2_014C4978
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014C4978 mov eax, dword ptr fs:[00000030h]4_2_014C4978
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014AC97C mov eax, dword ptr fs:[00000030h]4_2_014AC97C
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0149E908 mov eax, dword ptr fs:[00000030h]4_2_0149E908
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0149E908 mov eax, dword ptr fs:[00000030h]4_2_0149E908
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014AC912 mov eax, dword ptr fs:[00000030h]4_2_014AC912
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01418918 mov eax, dword ptr fs:[00000030h]4_2_01418918
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01418918 mov eax, dword ptr fs:[00000030h]4_2_01418918
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A892A mov eax, dword ptr fs:[00000030h]4_2_014A892A
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014B892B mov eax, dword ptr fs:[00000030h]4_2_014B892B
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014B69C0 mov eax, dword ptr fs:[00000030h]4_2_014B69C0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0142A9D0 mov eax, dword ptr fs:[00000030h]4_2_0142A9D0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0142A9D0 mov eax, dword ptr fs:[00000030h]4_2_0142A9D0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0142A9D0 mov eax, dword ptr fs:[00000030h]4_2_0142A9D0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0142A9D0 mov eax, dword ptr fs:[00000030h]4_2_0142A9D0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0142A9D0 mov eax, dword ptr fs:[00000030h]4_2_0142A9D0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0142A9D0 mov eax, dword ptr fs:[00000030h]4_2_0142A9D0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014549D0 mov eax, dword ptr fs:[00000030h]4_2_014549D0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014EA9D3 mov eax, dword ptr fs:[00000030h]4_2_014EA9D3
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014AE9E0 mov eax, dword ptr fs:[00000030h]4_2_014AE9E0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014529F9 mov eax, dword ptr fs:[00000030h]4_2_014529F9
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014529F9 mov eax, dword ptr fs:[00000030h]4_2_014529F9
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014329A0 mov eax, dword ptr fs:[00000030h]4_2_014329A0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014329A0 mov eax, dword ptr fs:[00000030h]4_2_014329A0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014329A0 mov eax, dword ptr fs:[00000030h]4_2_014329A0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014329A0 mov eax, dword ptr fs:[00000030h]4_2_014329A0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014329A0 mov eax, dword ptr fs:[00000030h]4_2_014329A0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014329A0 mov eax, dword ptr fs:[00000030h]4_2_014329A0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014329A0 mov eax, dword ptr fs:[00000030h]4_2_014329A0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014329A0 mov eax, dword ptr fs:[00000030h]4_2_014329A0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014329A0 mov eax, dword ptr fs:[00000030h]4_2_014329A0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014329A0 mov eax, dword ptr fs:[00000030h]4_2_014329A0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014329A0 mov eax, dword ptr fs:[00000030h]4_2_014329A0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014329A0 mov eax, dword ptr fs:[00000030h]4_2_014329A0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014329A0 mov eax, dword ptr fs:[00000030h]4_2_014329A0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014209AD mov eax, dword ptr fs:[00000030h]4_2_014209AD
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014209AD mov eax, dword ptr fs:[00000030h]4_2_014209AD
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A89B3 mov esi, dword ptr fs:[00000030h]4_2_014A89B3
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A89B3 mov eax, dword ptr fs:[00000030h]4_2_014A89B3
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014A89B3 mov eax, dword ptr fs:[00000030h]4_2_014A89B3
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01432840 mov ecx, dword ptr fs:[00000030h]4_2_01432840
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01450854 mov eax, dword ptr fs:[00000030h]4_2_01450854
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01424859 mov eax, dword ptr fs:[00000030h]4_2_01424859
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01424859 mov eax, dword ptr fs:[00000030h]4_2_01424859
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014AE872 mov eax, dword ptr fs:[00000030h]4_2_014AE872
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014AE872 mov eax, dword ptr fs:[00000030h]4_2_014AE872
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014B6870 mov eax, dword ptr fs:[00000030h]4_2_014B6870
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014B6870 mov eax, dword ptr fs:[00000030h]4_2_014B6870
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014AC810 mov eax, dword ptr fs:[00000030h]4_2_014AC810
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01442835 mov eax, dword ptr fs:[00000030h]4_2_01442835
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01442835 mov eax, dword ptr fs:[00000030h]4_2_01442835
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01442835 mov eax, dword ptr fs:[00000030h]4_2_01442835
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01442835 mov ecx, dword ptr fs:[00000030h]4_2_01442835
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01442835 mov eax, dword ptr fs:[00000030h]4_2_01442835
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01442835 mov eax, dword ptr fs:[00000030h]4_2_01442835
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145A830 mov eax, dword ptr fs:[00000030h]4_2_0145A830
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014C483A mov eax, dword ptr fs:[00000030h]4_2_014C483A
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014C483A mov eax, dword ptr fs:[00000030h]4_2_014C483A
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0144E8C0 mov eax, dword ptr fs:[00000030h]4_2_0144E8C0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014F08C0 mov eax, dword ptr fs:[00000030h]4_2_014F08C0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014EA8E4 mov eax, dword ptr fs:[00000030h]4_2_014EA8E4
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145C8F9 mov eax, dword ptr fs:[00000030h]4_2_0145C8F9
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145C8F9 mov eax, dword ptr fs:[00000030h]4_2_0145C8F9
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01420887 mov eax, dword ptr fs:[00000030h]4_2_01420887
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014AC89D mov eax, dword ptr fs:[00000030h]4_2_014AC89D
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014D4B4B mov eax, dword ptr fs:[00000030h]4_2_014D4B4B
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014D4B4B mov eax, dword ptr fs:[00000030h]4_2_014D4B4B
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014B6B40 mov eax, dword ptr fs:[00000030h]4_2_014B6B40
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014B6B40 mov eax, dword ptr fs:[00000030h]4_2_014B6B40
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014EAB40 mov eax, dword ptr fs:[00000030h]4_2_014EAB40
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014C8B42 mov eax, dword ptr fs:[00000030h]4_2_014C8B42
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01418B50 mov eax, dword ptr fs:[00000030h]4_2_01418B50
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014F2B57 mov eax, dword ptr fs:[00000030h]4_2_014F2B57
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014F2B57 mov eax, dword ptr fs:[00000030h]4_2_014F2B57
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014F2B57 mov eax, dword ptr fs:[00000030h]4_2_014F2B57
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014F2B57 mov eax, dword ptr fs:[00000030h]4_2_014F2B57
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014CEB50 mov eax, dword ptr fs:[00000030h]4_2_014CEB50
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0141CB7E mov eax, dword ptr fs:[00000030h]4_2_0141CB7E
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014F4B00 mov eax, dword ptr fs:[00000030h]4_2_014F4B00
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0149EB1D mov eax, dword ptr fs:[00000030h]4_2_0149EB1D
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0149EB1D mov eax, dword ptr fs:[00000030h]4_2_0149EB1D
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0149EB1D mov eax, dword ptr fs:[00000030h]4_2_0149EB1D
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0149EB1D mov eax, dword ptr fs:[00000030h]4_2_0149EB1D
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0149EB1D mov eax, dword ptr fs:[00000030h]4_2_0149EB1D
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0149EB1D mov eax, dword ptr fs:[00000030h]4_2_0149EB1D
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0149EB1D mov eax, dword ptr fs:[00000030h]4_2_0149EB1D
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0149EB1D mov eax, dword ptr fs:[00000030h]4_2_0149EB1D
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0149EB1D mov eax, dword ptr fs:[00000030h]4_2_0149EB1D
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0144EB20 mov eax, dword ptr fs:[00000030h]4_2_0144EB20
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0144EB20 mov eax, dword ptr fs:[00000030h]4_2_0144EB20
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014E8B28 mov eax, dword ptr fs:[00000030h]4_2_014E8B28
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014E8B28 mov eax, dword ptr fs:[00000030h]4_2_014E8B28
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01440BCB mov eax, dword ptr fs:[00000030h]4_2_01440BCB
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01440BCB mov eax, dword ptr fs:[00000030h]4_2_01440BCB
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01440BCB mov eax, dword ptr fs:[00000030h]4_2_01440BCB
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01420BCD mov eax, dword ptr fs:[00000030h]4_2_01420BCD
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01420BCD mov eax, dword ptr fs:[00000030h]4_2_01420BCD
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01420BCD mov eax, dword ptr fs:[00000030h]4_2_01420BCD
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014CEBD0 mov eax, dword ptr fs:[00000030h]4_2_014CEBD0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01428BF0 mov eax, dword ptr fs:[00000030h]4_2_01428BF0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01428BF0 mov eax, dword ptr fs:[00000030h]4_2_01428BF0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01428BF0 mov eax, dword ptr fs:[00000030h]4_2_01428BF0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0144EBFC mov eax, dword ptr fs:[00000030h]4_2_0144EBFC
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014ACBF0 mov eax, dword ptr fs:[00000030h]4_2_014ACBF0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01430BBE mov eax, dword ptr fs:[00000030h]4_2_01430BBE
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01430BBE mov eax, dword ptr fs:[00000030h]4_2_01430BBE
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014D4BB0 mov eax, dword ptr fs:[00000030h]4_2_014D4BB0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014D4BB0 mov eax, dword ptr fs:[00000030h]4_2_014D4BB0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01426A50 mov eax, dword ptr fs:[00000030h]4_2_01426A50
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01426A50 mov eax, dword ptr fs:[00000030h]4_2_01426A50
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01426A50 mov eax, dword ptr fs:[00000030h]4_2_01426A50
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01426A50 mov eax, dword ptr fs:[00000030h]4_2_01426A50
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01426A50 mov eax, dword ptr fs:[00000030h]4_2_01426A50
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01426A50 mov eax, dword ptr fs:[00000030h]4_2_01426A50
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01426A50 mov eax, dword ptr fs:[00000030h]4_2_01426A50
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01430A5B mov eax, dword ptr fs:[00000030h]4_2_01430A5B
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01430A5B mov eax, dword ptr fs:[00000030h]4_2_01430A5B
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145CA6F mov eax, dword ptr fs:[00000030h]4_2_0145CA6F
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145CA6F mov eax, dword ptr fs:[00000030h]4_2_0145CA6F
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145CA6F mov eax, dword ptr fs:[00000030h]4_2_0145CA6F
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014CEA60 mov eax, dword ptr fs:[00000030h]4_2_014CEA60
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0149CA72 mov eax, dword ptr fs:[00000030h]4_2_0149CA72
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0149CA72 mov eax, dword ptr fs:[00000030h]4_2_0149CA72
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_014ACA11 mov eax, dword ptr fs:[00000030h]4_2_014ACA11
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145CA24 mov eax, dword ptr fs:[00000030h]4_2_0145CA24
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0144EA2E mov eax, dword ptr fs:[00000030h]4_2_0144EA2E
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01444A35 mov eax, dword ptr fs:[00000030h]4_2_01444A35
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01444A35 mov eax, dword ptr fs:[00000030h]4_2_01444A35
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145CA38 mov eax, dword ptr fs:[00000030h]4_2_0145CA38
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01476ACC mov eax, dword ptr fs:[00000030h]4_2_01476ACC
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01476ACC mov eax, dword ptr fs:[00000030h]4_2_01476ACC
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01476ACC mov eax, dword ptr fs:[00000030h]4_2_01476ACC
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01420AD0 mov eax, dword ptr fs:[00000030h]4_2_01420AD0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01454AD0 mov eax, dword ptr fs:[00000030h]4_2_01454AD0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_01454AD0 mov eax, dword ptr fs:[00000030h]4_2_01454AD0
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145AAEE mov eax, dword ptr fs:[00000030h]4_2_0145AAEE
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0145AAEE mov eax, dword ptr fs:[00000030h]4_2_0145AAEE
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0142EA80 mov eax, dword ptr fs:[00000030h]4_2_0142EA80
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0142EA80 mov eax, dword ptr fs:[00000030h]4_2_0142EA80
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeCode function: 4_2_0142EA80 mov eax, dword ptr fs:[00000030h]4_2_0142EA80
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeMemory written: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exe base: 400000 value starts with: 4D5AJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess created: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exe "C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exe"Jump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeProcess created: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exe "C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exe"Jump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeQueries volume information: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 4.2.Quote Request - Project FMD2024UOS..exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 4.2.Quote Request - Project FMD2024UOS..exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000004.00000002.2324711001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2324996009.0000000000EA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 4.2.Quote Request - Project FMD2024UOS..exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 4.2.Quote Request - Project FMD2024UOS..exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000004.00000002.2324711001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2324996009.0000000000EA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		111
            Process Injection            		1
            Masquerading            		OS Credential Dumping21
            Security Software Discovery            		Remote Services1
            Archive Collected Data            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            DLL Side-Loading            		1
            Disable or Modify Tools            		LSASS Memory1
            Process Discovery            		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)41
            Virtualization/Sandbox Evasion            		Security Account Manager41
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
            Process Injection            		NTDS12
            System Information Discovery            		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts4
            Obfuscated Files or Information            		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
            Software Packing            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            DLL Side-Loading            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            Quote Request - Project FMD2024UOS..exe47%ReversingLabsByteCode-MSIL.Trojan.CrypterX
            Quote Request - Project FMD2024UOS..exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            No Antivirus matches

            Domains and IPs

            Contacted Domains

            No contacted domains info

            World Map of Contacted IPs

            No contacted IP infos

            General Information

            Joe Sandbox version:41.0.0 Charoite
            Analysis ID:1528233
            Start date and time:2024-10-07 17:11:10 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 5m 59s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:7
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:Quote Request - Project FMD2024UOS..exe
            Detection:MAL
            Classification:mal88.troj.evad.winEXE@5/1@0/0
            EGA Information:
            • Successful, ratio: 100%
            HCA Information:
            • Successful, ratio: 97%
            • Number of executed functions: 43
            • Number of non-executed functions: 272
            Cookbook Comments:
            • Found application associated with file extension: .exe

            Warnings

            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
            • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
            • VT rate limit hit for: Quote Request - Project FMD2024UOS..exe

            Simulations

            Behavior and APIs

            TimeTypeDescription
            11:11:59API Interceptor4x Sleep call for process: Quote Request - Project FMD2024UOS..exe modified

            Joe Sandbox View / Context

            IPs

            No context

            Domains

            No context

            ASNs

            No context

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Quote Request - Project FMD2024UOS..exe.log

            Download File
            Process:C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):1216
            Entropy (8bit):5.34331486778365
            Encrypted:false
            SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
            MD5:1330C80CAAC9A0FB172F202485E9B1E8
            SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
            SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
            SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
            Malicious:true
            Reputation:high, very likely benign file
            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

            Static File Info

            General

            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Entropy (8bit):7.981765832088061
            TrID:
            • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
            • Win32 Executable (generic) a (10002005/4) 49.78%
            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
            • Generic Win/DOS Executable (2004/3) 0.01%
            • DOS Executable Generic (2002/1) 0.01%
            File name:Quote Request - Project FMD2024UOS..exe
            File size:699'904 bytes
            MD5:29cdc055c6c580cd9e3beeb12f6a5125
            SHA1:e87596ac38f1d259cead6a3df577e8f4ba684da7
            SHA256:3257c2795fbf8521fde8240b090eb9f2aff0c3d989a7a246ff02ec31d0abbcdd
            SHA512:a703cd7a6ee80c49f217a2de23bd2412cd07d4873c84c26b0c2848dc3fdb1cad9ea2c6318c9fc4fe0c431da6625243b19029996fc9e0fa47d608cb2d30e7dcc1
            SSDEEP:12288:IEf0Lt9DDhqoDuRbBWXudE90N1nEqvjBoV8/UYP4gH30+qiL5Xceit:IES/3ouGbBWXp90N1LvKVUfYiL5M3
            TLSH:D4E4231D5B68DB64D5291F30B1CAD80203787392BED1DB18EEA119BB097F3A85CC7E09
            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....|.g..............0.............B.... ........@.. ....................... ............@................................

            File Icon

            Icon Hash:00928e8e8686b000

            Static PE Info

            General

            Entrypoint:0x4ac242
            Entrypoint Section:.text
            Digitally signed:false
            Imagebase:0x400000
            Subsystem:windows gui
            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Time Stamp:0x67037CE1 [Mon Oct 7 06:17:05 2024 UTC]
            TLS Callbacks:
            CLR (.Net) Version:
            OS Version Major:4
            OS Version Minor:0
            File Version Major:4
            File Version Minor:0
            Subsystem Version Major:4
            Subsystem Version Minor:0
            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

            Entrypoint Preview

            Instruction
            jmp dword ptr [00402000h]
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al

            Data Directories

            NameVirtual AddressVirtual Size Is in Section
            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IMPORT0xac1f00x4f.text
            IMAGE_DIRECTORY_ENTRY_RESOURCE0xae0000x5a4.rsrc
            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
            IMAGE_DIRECTORY_ENTRY_BASERELOC0xb00000xc.reloc
            IMAGE_DIRECTORY_ENTRY_DEBUG0xaabf40x54.text
            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

            Sections

            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
            .text0x20000xaa2480xaa400a375d88dadb4acb8ca7147078fbf8164False0.9854691515234949data7.9859819789295425IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            .rsrc0xae0000x5a40x6000d9699a63efe08b21e0130333aba19afFalse0.419921875data4.060477729659347IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
            .reloc0xb00000xc0x200d76e1594fc178eafaf82b71a6b4de9d7False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

            Resources

            NameRVASizeTypeLanguageCountryZLIB Complexity
            RT_VERSION0xae0900x314data0.43274111675126903
            RT_MANIFEST0xae3b40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

            Imports

            DLLImport
            mscoree.dll_CorExeMain

            Network Behavior

            No network behavior found

            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            High Level Behavior Distribution

            Click to dive into process behavior distribution

            Behavior

            Click to jump to process

            System Behavior

            General

            Target ID:0
            Start time:11:11:58
            Start date:07/10/2024
            Path:C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exe
            Wow64 process (32bit):true
            Commandline:"C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exe"
            Imagebase:0x200000
            File size:699'904 bytes
            MD5 hash:29CDC055C6C580CD9E3BEEB12F6A5125
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:true

            General

            Target ID:3
            Start time:11:12:00
            Start date:07/10/2024
            Path:C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exe
            Wow64 process (32bit):false
            Commandline:"C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exe"
            Imagebase:0x1d0000
            File size:699'904 bytes
            MD5 hash:29CDC055C6C580CD9E3BEEB12F6A5125
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:true

            General

            Target ID:4
            Start time:11:12:00
            Start date:07/10/2024
            Path:C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exe
            Wow64 process (32bit):true
            Commandline:"C:\Users\user\Desktop\Quote Request - Project FMD2024UOS..exe"
            Imagebase:0x820000
            File size:699'904 bytes
            MD5 hash:29CDC055C6C580CD9E3BEEB12F6A5125
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.2324711001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.2324711001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.2324996009.0000000000EA0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.2324996009.0000000000EA0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
            Reputation:low
            Has exited:true

            Disassembly

            Reset < >

              Execution Graph

              Execution Coverage:10%
              Dynamic/Decrypted Code Coverage:100%
              Signature Coverage:0%
              Total number of Nodes:185
              Total number of Limit Nodes:8
              execution_graph 20723 c84668 20724 c8467a 20723->20724 20725 c84686 20724->20725 20727 c84778 20724->20727 20728 c8479d 20727->20728 20732 c84888 20728->20732 20736 c84878 20728->20736 20733 c848af 20732->20733 20734 c8498c 20733->20734 20740 c844b0 20733->20740 20738 c848af 20736->20738 20737 c8498c 20738->20737 20739 c844b0 CreateActCtxA 20738->20739 20739->20737 20741 c85918 CreateActCtxA 20740->20741 20743 c859db 20741->20743 20937 6dc7e28 20939 6dc7e2c 20937->20939 20938 6dc7fb3 20939->20938 20941 6dc43c0 20939->20941 20942 6dc80a8 PostMessageW 20941->20942 20943 6dc8114 20942->20943 20943->20939 20744 c8cfe0 20745 c8d026 GetCurrentProcess 20744->20745 20747 c8d078 GetCurrentThread 20745->20747 20748 c8d071 20745->20748 20749 c8d0ae 20747->20749 20750 c8d0b5 GetCurrentProcess 20747->20750 20748->20747 20749->20750 20753 c8d0eb 20750->20753 20751 c8d113 GetCurrentThreadId 20752 c8d144 20751->20752 20753->20751 20944 c8ac50 20945 c8ac5f 20944->20945 20948 c8ad48 20944->20948 20953 c8ad38 20944->20953 20949 c8ad7c 20948->20949 20950 c8ad59 20948->20950 20949->20945 20950->20949 20951 c8af80 GetModuleHandleW 20950->20951 20952 c8afad 20951->20952 20952->20945 20954 c8ad7c 20953->20954 20955 c8ad59 20953->20955 20954->20945 20955->20954 20956 c8af80 GetModuleHandleW 20955->20956 20957 c8afad 20956->20957 20957->20945 20958 c8d630 DuplicateHandle 20959 c8d6c6 20958->20959 20754 6dc6355 20755 6dc62dd 20754->20755 20756 6dc635d 20754->20756 20757 6dc62cf 20755->20757 20761 6dc6bee 20755->20761 20779 6dc6b79 20755->20779 20796 6dc6b88 20755->20796 20762 6dc6b7c 20761->20762 20763 6dc6bf1 20761->20763 20764 6dc6baa 20762->20764 20813 6dc74d4 20762->20813 20820 6dc731b 20762->20820 20824 6dc7418 20762->20824 20830 6dc74be 20762->20830 20835 6dc72e2 20762->20835 20839 6dc7066 20762->20839 20844 6dc73c4 20762->20844 20848 6dc7504 20762->20848 20852 6dc7464 20762->20852 20857 6dc752a 20762->20857 20861 6dc704a 20762->20861 20865 6dc75a8 20762->20865 20869 6dc78f5 20762->20869 20874 6dc6f74 20762->20874 20763->20757 20764->20757 20780 6dc6b7c 20779->20780 20781 6dc6baa 20780->20781 20782 6dc74be 2 API calls 20780->20782 20783 6dc7418 4 API calls 20780->20783 20784 6dc731b 2 API calls 20780->20784 20785 6dc74d4 4 API calls 20780->20785 20786 6dc6f74 2 API calls 20780->20786 20787 6dc78f5 2 API calls 20780->20787 20788 6dc75a8 2 API calls 20780->20788 20789 6dc704a 2 API calls 20780->20789 20790 6dc752a 2 API calls 20780->20790 20791 6dc7464 2 API calls 20780->20791 20792 6dc7504 2 API calls 20780->20792 20793 6dc73c4 2 API calls 20780->20793 20794 6dc7066 2 API calls 20780->20794 20795 6dc72e2 2 API calls 20780->20795 20781->20757 20782->20781 20783->20781 20784->20781 20785->20781 20786->20781 20787->20781 20788->20781 20789->20781 20790->20781 20791->20781 20792->20781 20793->20781 20794->20781 20795->20781 20797 6dc6ba2 20796->20797 20798 6dc6baa 20797->20798 20799 6dc74be 2 API calls 20797->20799 20800 6dc7418 4 API calls 20797->20800 20801 6dc731b 2 API calls 20797->20801 20802 6dc74d4 4 API calls 20797->20802 20803 6dc6f74 2 API calls 20797->20803 20804 6dc78f5 2 API calls 20797->20804 20805 6dc75a8 2 API calls 20797->20805 20806 6dc704a 2 API calls 20797->20806 20807 6dc752a 2 API calls 20797->20807 20808 6dc7464 2 API calls 20797->20808 20809 6dc7504 2 API calls 20797->20809 20810 6dc73c4 2 API calls 20797->20810 20811 6dc7066 2 API calls 20797->20811 20812 6dc72e2 2 API calls 20797->20812 20798->20757 20799->20798 20800->20798 20801->20798 20802->20798 20803->20798 20804->20798 20805->20798 20806->20798 20807->20798 20808->20798 20809->20798 20810->20798 20811->20798 20812->20798 20814 6dc7417 20813->20814 20815 6dc7052 20813->20815 20879 6dc5548 20814->20879 20883 6dc5543 20814->20883 20815->20764 20887 6dc5498 20815->20887 20891 6dc5490 20815->20891 20895 6dc5c08 20820->20895 20899 6dc5c00 20820->20899 20821 6dc7340 20821->20764 20826 6dc5548 Wow64SetThreadContext 20824->20826 20827 6dc5543 Wow64SetThreadContext 20824->20827 20825 6dc7052 20825->20764 20828 6dc5498 ResumeThread 20825->20828 20829 6dc5490 ResumeThread 20825->20829 20826->20825 20827->20825 20828->20825 20829->20825 20831 6dc747b 20830->20831 20831->20830 20832 6dc7946 20831->20832 20903 6dc5b18 20831->20903 20907 6dc5b10 20831->20907 20836 6dc719c 20835->20836 20836->20835 20837 6dc5498 ResumeThread 20836->20837 20838 6dc5490 ResumeThread 20836->20838 20837->20836 20838->20836 20840 6dc708d 20839->20840 20842 6dc5b18 WriteProcessMemory 20840->20842 20843 6dc5b10 WriteProcessMemory 20840->20843 20841 6dc72c2 20841->20764 20842->20841 20843->20841 20845 6dc7052 20844->20845 20845->20764 20846 6dc5498 ResumeThread 20845->20846 20847 6dc5490 ResumeThread 20845->20847 20846->20845 20847->20845 20849 6dc719c 20848->20849 20850 6dc5498 ResumeThread 20849->20850 20851 6dc5490 ResumeThread 20849->20851 20850->20849 20851->20849 20853 6dc746a 20852->20853 20854 6dc7946 20853->20854 20855 6dc5b18 WriteProcessMemory 20853->20855 20856 6dc5b10 WriteProcessMemory 20853->20856 20855->20853 20856->20853 20859 6dc5548 Wow64SetThreadContext 20857->20859 20860 6dc5543 Wow64SetThreadContext 20857->20860 20858 6dc71e9 20858->20764 20859->20858 20860->20858 20862 6dc705d 20861->20862 20863 6dc5498 ResumeThread 20862->20863 20864 6dc5490 ResumeThread 20862->20864 20863->20862 20864->20862 20867 6dc5b18 WriteProcessMemory 20865->20867 20868 6dc5b10 WriteProcessMemory 20865->20868 20866 6dc7376 20866->20764 20867->20866 20868->20866 20870 6dc79a1 20869->20870 20911 6dc7c10 20870->20911 20916 6dc7c00 20870->20916 20871 6dc79bd 20875 6dc6f96 20874->20875 20929 6dc5d94 20875->20929 20933 6dc5da0 20875->20933 20880 6dc558d Wow64SetThreadContext 20879->20880 20882 6dc55d5 20880->20882 20882->20815 20884 6dc5548 Wow64SetThreadContext 20883->20884 20886 6dc55d5 20884->20886 20886->20815 20888 6dc54d8 ResumeThread 20887->20888 20890 6dc5509 20888->20890 20890->20815 20892 6dc5498 ResumeThread 20891->20892 20894 6dc5509 20892->20894 20894->20815 20896 6dc5c53 ReadProcessMemory 20895->20896 20898 6dc5c97 20896->20898 20898->20821 20900 6dc5c08 ReadProcessMemory 20899->20900 20902 6dc5c97 20900->20902 20902->20821 20904 6dc5b60 WriteProcessMemory 20903->20904 20906 6dc5bb7 20904->20906 20906->20831 20908 6dc5b18 WriteProcessMemory 20907->20908 20910 6dc5bb7 20908->20910 20910->20831 20912 6dc7c25 20911->20912 20921 6dc5a58 20912->20921 20925 6dc5a50 20912->20925 20913 6dc7c44 20913->20871 20917 6dc7c10 20916->20917 20919 6dc5a58 VirtualAllocEx 20917->20919 20920 6dc5a50 VirtualAllocEx 20917->20920 20918 6dc7c44 20918->20871 20919->20918 20920->20918 20922 6dc5a98 VirtualAllocEx 20921->20922 20924 6dc5ad5 20922->20924 20924->20913 20926 6dc5a58 VirtualAllocEx 20925->20926 20928 6dc5ad5 20926->20928 20928->20913 20930 6dc5da0 CreateProcessA 20929->20930 20932 6dc5feb 20930->20932 20934 6dc5e29 CreateProcessA 20933->20934 20936 6dc5feb 20934->20936 20960 6dc9860 CloseHandle 20961 6dc98c7 20960->20961

              Executed Functions

              Function 06DC88B8 Relevance: .4, Instructions: 398COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2053019720.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6dc0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e0a013884d9e171a5917d0cb2f0c32ee6eaf5630b9787e542fb77f19fd11f76f
              • Instruction ID: 1044ed15368607b9ff53546d453dfd4465b02e0c957c7d1db8cf4b097876600c
              • Opcode Fuzzy Hash: e0a013884d9e171a5917d0cb2f0c32ee6eaf5630b9787e542fb77f19fd11f76f
              • Instruction Fuzzy Hash: 04E1D070B016098FEBA9EB65C450BAF7BF6AF89710F14446EE146DB390CB34D801EB61
              Function 06DC0007 Relevance: .1, Instructions: 79COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2053019720.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6dc0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f2b7ff4774be0855e18b9381a9bd63882f2eb858173caa30e9f129980e8a2c5e
              • Instruction ID: bcb8470b09e5ecde5ac71cac2f43723ab913479cb2d0880c3c9878786de970d2
              • Opcode Fuzzy Hash: f2b7ff4774be0855e18b9381a9bd63882f2eb858173caa30e9f129980e8a2c5e
              • Instruction Fuzzy Hash: 06315CB0D096499FEB19CF66C8143DEBFB6AFCA300F04C0AAC448A7251D7790946CFA1
              Function 00C8CFD0 Relevance: 6.1, APIs: 4, Instructions: 134threadCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 526 c8cfd0-c8d06f GetCurrentProcess 530 c8d078-c8d0ac GetCurrentThread 526->530 531 c8d071-c8d077 526->531 532 c8d0ae-c8d0b4 530->532 533 c8d0b5-c8d0e9 GetCurrentProcess 530->533 531->530 532->533 534 c8d0eb-c8d0f1 533->534 535 c8d0f2-c8d10d call c8d5b9 533->535 534->535 539 c8d113-c8d142 GetCurrentThreadId 535->539 540 c8d14b-c8d1ad 539->540 541 c8d144-c8d14a 539->541 541->540
              APIs
              • GetCurrentProcess.KERNEL32 ref: 00C8D05E
              • GetCurrentThread.KERNEL32 ref: 00C8D09B
              • GetCurrentProcess.KERNEL32 ref: 00C8D0D8
              • GetCurrentThreadId.KERNEL32 ref: 00C8D131
              Memory Dump Source
              • Source File: 00000000.00000002.2046975188.0000000000C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_c80000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID: Current$ProcessThread
              • String ID:
              • API String ID: 2063062207-0
              • Opcode ID: f8040e91dc850292acf81f7f57c650272a7755bc71bd362262e631fc644973ea
              • Instruction ID: 3d5c2916f54777be4ec05c45146b6922bc98943f55d2ab1b59656b01d677680e
              • Opcode Fuzzy Hash: f8040e91dc850292acf81f7f57c650272a7755bc71bd362262e631fc644973ea
              • Instruction Fuzzy Hash: 485177B0D017498FDB64DFA9D548BEEBFF1AF88314F208459E409A7390D7345985CB2A
              Function 00C8CFE0 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 548 c8cfe0-c8d06f GetCurrentProcess 552 c8d078-c8d0ac GetCurrentThread 548->552 553 c8d071-c8d077 548->553 554 c8d0ae-c8d0b4 552->554 555 c8d0b5-c8d0e9 GetCurrentProcess 552->555 553->552 554->555 556 c8d0eb-c8d0f1 555->556 557 c8d0f2-c8d10d call c8d5b9 555->557 556->557 561 c8d113-c8d142 GetCurrentThreadId 557->561 562 c8d14b-c8d1ad 561->562 563 c8d144-c8d14a 561->563 563->562
              APIs
              • GetCurrentProcess.KERNEL32 ref: 00C8D05E
              • GetCurrentThread.KERNEL32 ref: 00C8D09B
              • GetCurrentProcess.KERNEL32 ref: 00C8D0D8
              • GetCurrentThreadId.KERNEL32 ref: 00C8D131
              Memory Dump Source
              • Source File: 00000000.00000002.2046975188.0000000000C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_c80000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID: Current$ProcessThread
              • String ID:
              • API String ID: 2063062207-0
              • Opcode ID: 799b23d3fe9954af117698c4c149e663a6638554690935abcffb0a754b5839cb
              • Instruction ID: 040dd7b1730db5b96becaee8d1d2f062ea81744080e0ab09c7915c094ec975f9
              • Opcode Fuzzy Hash: 799b23d3fe9954af117698c4c149e663a6638554690935abcffb0a754b5839cb
              • Instruction Fuzzy Hash: BC5166B0D016498FDB14DFAAD548BDEBBF1FF88314F208459E419A7390D7345985CB2A
              Function 06DC5D94 Relevance: 1.7, APIs: 1, Instructions: 249processCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 592 6dc5d94-6dc5e35 595 6dc5e6e-6dc5e8e 592->595 596 6dc5e37-6dc5e41 592->596 603 6dc5ec7-6dc5ef6 595->603 604 6dc5e90-6dc5e9a 595->604 596->595 597 6dc5e43-6dc5e45 596->597 598 6dc5e68-6dc5e6b 597->598 599 6dc5e47-6dc5e51 597->599 598->595 601 6dc5e55-6dc5e64 599->601 602 6dc5e53 599->602 601->601 605 6dc5e66 601->605 602->601 612 6dc5f2f-6dc5fe9 CreateProcessA 603->612 613 6dc5ef8-6dc5f02 603->613 604->603 606 6dc5e9c-6dc5e9e 604->606 605->598 608 6dc5ea0-6dc5eaa 606->608 609 6dc5ec1-6dc5ec4 606->609 610 6dc5eac 608->610 611 6dc5eae-6dc5ebd 608->611 609->603 610->611 611->611 614 6dc5ebf 611->614 624 6dc5feb-6dc5ff1 612->624 625 6dc5ff2-6dc6078 612->625 613->612 615 6dc5f04-6dc5f06 613->615 614->609 617 6dc5f08-6dc5f12 615->617 618 6dc5f29-6dc5f2c 615->618 619 6dc5f14 617->619 620 6dc5f16-6dc5f25 617->620 618->612 619->620 620->620 622 6dc5f27 620->622 622->618 624->625 635 6dc6088-6dc608c 625->635 636 6dc607a-6dc607e 625->636 638 6dc609c-6dc60a0 635->638 639 6dc608e-6dc6092 635->639 636->635 637 6dc6080 636->637 637->635 641 6dc60b0-6dc60b4 638->641 642 6dc60a2-6dc60a6 638->642 639->638 640 6dc6094 639->640 640->638 643 6dc60c6-6dc60cd 641->643 644 6dc60b6-6dc60bc 641->644 642->641 645 6dc60a8 642->645 646 6dc60cf-6dc60de 643->646 647 6dc60e4 643->647 644->643 645->641 646->647 649 6dc60e5 647->649 649->649
              APIs
              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06DC5FD6
              Memory Dump Source
              • Source File: 00000000.00000002.2053019720.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6dc0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID: CreateProcess
              • String ID:
              • API String ID: 963392458-0
              • Opcode ID: 16f821d04273bb580d965779561398579c5f68e9c621a74ee63e816533245a10
              • Instruction ID: c1997426ba24a34cf6a3e35085cb01059bc7f8cd0c994faeb522472e73ae41b0
              • Opcode Fuzzy Hash: 16f821d04273bb580d965779561398579c5f68e9c621a74ee63e816533245a10
              • Instruction Fuzzy Hash: D8A16BB1D0021EDFDB64DFA9C8417EEBBB2BF48310F148569E809A7240DB75A985CF91
              Function 06DC5DA0 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 650 6dc5da0-6dc5e35 652 6dc5e6e-6dc5e8e 650->652 653 6dc5e37-6dc5e41 650->653 660 6dc5ec7-6dc5ef6 652->660 661 6dc5e90-6dc5e9a 652->661 653->652 654 6dc5e43-6dc5e45 653->654 655 6dc5e68-6dc5e6b 654->655 656 6dc5e47-6dc5e51 654->656 655->652 658 6dc5e55-6dc5e64 656->658 659 6dc5e53 656->659 658->658 662 6dc5e66 658->662 659->658 669 6dc5f2f-6dc5fe9 CreateProcessA 660->669 670 6dc5ef8-6dc5f02 660->670 661->660 663 6dc5e9c-6dc5e9e 661->663 662->655 665 6dc5ea0-6dc5eaa 663->665 666 6dc5ec1-6dc5ec4 663->666 667 6dc5eac 665->667 668 6dc5eae-6dc5ebd 665->668 666->660 667->668 668->668 671 6dc5ebf 668->671 681 6dc5feb-6dc5ff1 669->681 682 6dc5ff2-6dc6078 669->682 670->669 672 6dc5f04-6dc5f06 670->672 671->666 674 6dc5f08-6dc5f12 672->674 675 6dc5f29-6dc5f2c 672->675 676 6dc5f14 674->676 677 6dc5f16-6dc5f25 674->677 675->669 676->677 677->677 679 6dc5f27 677->679 679->675 681->682 692 6dc6088-6dc608c 682->692 693 6dc607a-6dc607e 682->693 695 6dc609c-6dc60a0 692->695 696 6dc608e-6dc6092 692->696 693->692 694 6dc6080 693->694 694->692 698 6dc60b0-6dc60b4 695->698 699 6dc60a2-6dc60a6 695->699 696->695 697 6dc6094 696->697 697->695 700 6dc60c6-6dc60cd 698->700 701 6dc60b6-6dc60bc 698->701 699->698 702 6dc60a8 699->702 703 6dc60cf-6dc60de 700->703 704 6dc60e4 700->704 701->700 702->698 703->704 706 6dc60e5 704->706 706->706
              APIs
              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06DC5FD6
              Memory Dump Source
              • Source File: 00000000.00000002.2053019720.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6dc0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID: CreateProcess
              • String ID:
              • API String ID: 963392458-0
              • Opcode ID: 5d4264f7665631d8a31e1bd6138113c15f0f30a6bb23e37462f14d4fd1b9279e
              • Instruction ID: d8cb5cb8137c035b89975db6181f0ca2ab19f169feba719bfd9584debd145bb6
              • Opcode Fuzzy Hash: 5d4264f7665631d8a31e1bd6138113c15f0f30a6bb23e37462f14d4fd1b9279e
              • Instruction Fuzzy Hash: 90917C71D0021ECFDB64CFA9C8417EDBBB2BF48310F148569E809A7240DB74A985CF91
              Function 00C8AD48 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 707 c8ad48-c8ad57 708 c8ad59-c8ad66 call c8a06c 707->708 709 c8ad83-c8ad87 707->709 716 c8ad68 708->716 717 c8ad7c 708->717 710 c8ad89-c8ad93 709->710 711 c8ad9b-c8addc 709->711 710->711 718 c8ade9-c8adf7 711->718 719 c8adde-c8ade6 711->719 762 c8ad6e call c8afe0 716->762 763 c8ad6e call c8afd1 716->763 717->709 721 c8adf9-c8adfe 718->721 722 c8ae1b-c8ae1d 718->722 719->718 720 c8ad74-c8ad76 720->717 723 c8aeb8-c8af78 720->723 725 c8ae09 721->725 726 c8ae00-c8ae07 call c8a078 721->726 724 c8ae20-c8ae27 722->724 757 c8af7a-c8af7d 723->757 758 c8af80-c8afab GetModuleHandleW 723->758 728 c8ae29-c8ae31 724->728 729 c8ae34-c8ae3b 724->729 727 c8ae0b-c8ae19 725->727 726->727 727->724 728->729 732 c8ae48-c8ae51 call c8a088 729->732 733 c8ae3d-c8ae45 729->733 738 c8ae5e-c8ae63 732->738 739 c8ae53-c8ae5b 732->739 733->732 740 c8ae81-c8ae85 738->740 741 c8ae65-c8ae6c 738->741 739->738 745 c8ae8b-c8ae8e 740->745 741->740 743 c8ae6e-c8ae7e call c8a098 call c8a0a8 741->743 743->740 748 c8ae90-c8aeae 745->748 749 c8aeb1-c8aeb7 745->749 748->749 757->758 759 c8afad-c8afb3 758->759 760 c8afb4-c8afc8 758->760 759->760 762->720 763->720
              APIs
              • GetModuleHandleW.KERNELBASE(00000000), ref: 00C8AF9E
              Memory Dump Source
              • Source File: 00000000.00000002.2046975188.0000000000C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_c80000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID: HandleModule
              • String ID:
              • API String ID: 4139908857-0
              • Opcode ID: 8b313f4f18d8164ad9b89800ab4e709d72af7f9536af0c63a29fbd9c79843abf
              • Instruction ID: 7abffd2a74905843e2e7382a08236fc225f403211761d82fce81b9b85529a68b
              • Opcode Fuzzy Hash: 8b313f4f18d8164ad9b89800ab4e709d72af7f9536af0c63a29fbd9c79843abf
              • Instruction Fuzzy Hash: 8C715670A00B058FE724EF2AD44179ABBF1FF88304F10892EE496D7A40D735E959CB96
              Function 00C8590C Relevance: 1.6, APIs: 1, Instructions: 97COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 764 c8590c-c85913 765 c8591c-c859d9 CreateActCtxA 764->765 767 c859db-c859e1 765->767 768 c859e2-c85a3c 765->768 767->768 775 c85a4b-c85a4f 768->775 776 c85a3e-c85a41 768->776 777 c85a60 775->777 778 c85a51-c85a5d 775->778 776->775 779 c85a61 777->779 778->777 779->779
              APIs
              • CreateActCtxA.KERNEL32(?), ref: 00C859C9
              Memory Dump Source
              • Source File: 00000000.00000002.2046975188.0000000000C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_c80000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID: Create
              • String ID:
              • API String ID: 2289755597-0
              • Opcode ID: 8ee5fa6193d4cfefc4c8dc1334b4173cc86f03e166fb23313ed02c9500abcf6e
              • Instruction ID: 2c129ca4cc889938aef27237e5cef1a5fc6c77631d6a994b3bf24baa99c37034
              • Opcode Fuzzy Hash: 8ee5fa6193d4cfefc4c8dc1334b4173cc86f03e166fb23313ed02c9500abcf6e
              • Instruction Fuzzy Hash: C34112B0C00719CBDB24DFA9C884BDDBBF5BF48304F20815AD418AB251DBB1694ACF95
              Function 00C844B0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 781 c844b0-c859d9 CreateActCtxA 784 c859db-c859e1 781->784 785 c859e2-c85a3c 781->785 784->785 792 c85a4b-c85a4f 785->792 793 c85a3e-c85a41 785->793 794 c85a60 792->794 795 c85a51-c85a5d 792->795 793->792 796 c85a61 794->796 795->794 796->796
              APIs
              • CreateActCtxA.KERNEL32(?), ref: 00C859C9
              Memory Dump Source
              • Source File: 00000000.00000002.2046975188.0000000000C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_c80000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID: Create
              • String ID:
              • API String ID: 2289755597-0
              • Opcode ID: 6cdbb3dc478a1b8616361730d382fa7f38b22147183ded175a37d090e15cf04b
              • Instruction ID: 7778afe2429a665971361e5902946dd1545fe999cdca53825d75e60d2569e056
              • Opcode Fuzzy Hash: 6cdbb3dc478a1b8616361730d382fa7f38b22147183ded175a37d090e15cf04b
              • Instruction Fuzzy Hash: F141F4B0C0061DCBDB24DFA9C884BDEBBF5BF45304F208159D409AB251DBB5694ACF95
              Function 06DC5B10 Relevance: 1.6, APIs: 1, Instructions: 74injectionCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 798 6dc5b10-6dc5b66 801 6dc5b68-6dc5b74 798->801 802 6dc5b76-6dc5bb5 WriteProcessMemory 798->802 801->802 804 6dc5bbe-6dc5bee 802->804 805 6dc5bb7-6dc5bbd 802->805 805->804
              APIs
              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06DC5BA8
              Memory Dump Source
              • Source File: 00000000.00000002.2053019720.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6dc0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID: MemoryProcessWrite
              • String ID:
              • API String ID: 3559483778-0
              • Opcode ID: 7803b27337e0ab13d56ec61de2c8044c10316f6ba3ab46dedcbcaf61da5a18b8
              • Instruction ID: e994e9b61345a83e71c8ddfceb3e29bd93ea28fdaede61ee61ae952b07f7fdb3
              • Opcode Fuzzy Hash: 7803b27337e0ab13d56ec61de2c8044c10316f6ba3ab46dedcbcaf61da5a18b8
              • Instruction Fuzzy Hash: 4F2125719002499FCB10DFA9C885BDEBFF5FF48320F108429E959A7240C778A954CBA1
              Function 06DC5B18 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 809 6dc5b18-6dc5b66 811 6dc5b68-6dc5b74 809->811 812 6dc5b76-6dc5bb5 WriteProcessMemory 809->812 811->812 814 6dc5bbe-6dc5bee 812->814 815 6dc5bb7-6dc5bbd 812->815 815->814
              APIs
              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06DC5BA8
              Memory Dump Source
              • Source File: 00000000.00000002.2053019720.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6dc0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID: MemoryProcessWrite
              • String ID:
              • API String ID: 3559483778-0
              • Opcode ID: 58bd83f4f1e7c0083ab7e2800263327b2d6436d898f5ac6847dbedc74addafe6
              • Instruction ID: 5537eef7faeba4d7e9aa071574d569d0d50dbae43d701ea54099972067f93f21
              • Opcode Fuzzy Hash: 58bd83f4f1e7c0083ab7e2800263327b2d6436d898f5ac6847dbedc74addafe6
              • Instruction Fuzzy Hash: B6211775D003499FCB10DFA9C885BDEBFF5FB48310F108429E919A7240D778A955CBA1
              Function 06DC5543 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 819 6dc5543-6dc5593 822 6dc5595-6dc55a1 819->822 823 6dc55a3-6dc55d3 Wow64SetThreadContext 819->823 822->823 825 6dc55dc-6dc560c 823->825 826 6dc55d5-6dc55db 823->826 826->825
              APIs
              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06DC55C6
              Memory Dump Source
              • Source File: 00000000.00000002.2053019720.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6dc0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID: ContextThreadWow64
              • String ID:
              • API String ID: 983334009-0
              • Opcode ID: 826c2662dca9750b89a99bfd684969f249a509d05ccca9a824368f35ec7628d2
              • Instruction ID: d92784c06b58a8e9c98f6f794f6b60ca49ea9a1d5abbb4e640fcaf73c5f484c5
              • Opcode Fuzzy Hash: 826c2662dca9750b89a99bfd684969f249a509d05ccca9a824368f35ec7628d2
              • Instruction Fuzzy Hash: 13211671D102098FDB10DFAAC485BEEBBF5EB88324F108429D459A7240CB78A945CFA1
              Function 06DC5C00 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 830 6dc5c00-6dc5c95 ReadProcessMemory 834 6dc5c9e-6dc5cce 830->834 835 6dc5c97-6dc5c9d 830->835 835->834
              APIs
              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06DC5C88
              Memory Dump Source
              • Source File: 00000000.00000002.2053019720.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6dc0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID: MemoryProcessRead
              • String ID:
              • API String ID: 1726664587-0
              • Opcode ID: cf3477cbcbc3b4eafb260a54be722c377a793903bf12d262b7557358298f0a19
              • Instruction ID: 215d8fdc61bd1b3ca8c0b8437e516f99cd5595105c218fcfdc99d02f70bf038b
              • Opcode Fuzzy Hash: cf3477cbcbc3b4eafb260a54be722c377a793903bf12d262b7557358298f0a19
              • Instruction Fuzzy Hash: 422107B1C003599FCB10DF9AC985AEEBBF5FF48320F50842DE559A7240C738A955DBA1
              Function 00C8D629 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 839 c8d629-c8d6c4 DuplicateHandle 840 c8d6cd-c8d6ea 839->840 841 c8d6c6-c8d6cc 839->841 841->840
              APIs
              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00C8D6B7
              Memory Dump Source
              • Source File: 00000000.00000002.2046975188.0000000000C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_c80000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID: DuplicateHandle
              • String ID:
              • API String ID: 3793708945-0
              • Opcode ID: 705b03af1e47574de3a7f2cd2a7eb24c405e0aeb2ae48498bcba845df71c2cf3
              • Instruction ID: 653508eb407e2e4991c0412b5b28476cf87a2f901329fc7f67cae59c796894de
              • Opcode Fuzzy Hash: 705b03af1e47574de3a7f2cd2a7eb24c405e0aeb2ae48498bcba845df71c2cf3
              • Instruction Fuzzy Hash: B62103B5D002499FDB10CFAAD484AEEBFF4EB48314F14841AE819A3350D374A945CF64
              Function 06DC5C08 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
              Download Yara Rule
              APIs
              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06DC5C88
              Memory Dump Source
              • Source File: 00000000.00000002.2053019720.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6dc0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID: MemoryProcessRead
              • String ID:
              • API String ID: 1726664587-0
              • Opcode ID: cdf0d3d17df50b75151ad70d08d5fbea164490d846988437bd673eaa554d6f7c
              • Instruction ID: 2c42f142368bab5a06d35a50fd66d7d571c05f6b18cf20049d81c910249dd2f3
              • Opcode Fuzzy Hash: cdf0d3d17df50b75151ad70d08d5fbea164490d846988437bd673eaa554d6f7c
              • Instruction Fuzzy Hash: 342116B1C003499FCB10DFAAC985AEEBBF5FF48320F108429E519A7240C738A955DBA1
              Function 06DC5548 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
              Download Yara Rule
              APIs
              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06DC55C6
              Memory Dump Source
              • Source File: 00000000.00000002.2053019720.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6dc0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID: ContextThreadWow64
              • String ID:
              • API String ID: 983334009-0
              • Opcode ID: 8ba11dd8cd60e2f43b89bd91259c5be9fec027fcb54dd216f72183c127adcd0e
              • Instruction ID: a7596467fb65f7e638fcc56278b53aa794882234ffa3d2f7a80c1198ebf8cdeb
              • Opcode Fuzzy Hash: 8ba11dd8cd60e2f43b89bd91259c5be9fec027fcb54dd216f72183c127adcd0e
              • Instruction Fuzzy Hash: 7B2107B1D103098FDB14DFAAC4857EEBBF5EB88324F54842DD419A7240DB78A945CFA1
              Function 00C8D630 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
              Download Yara Rule
              APIs
              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00C8D6B7
              Memory Dump Source
              • Source File: 00000000.00000002.2046975188.0000000000C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_c80000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID: DuplicateHandle
              • String ID:
              • API String ID: 3793708945-0
              • Opcode ID: 6f68cc775ea54bd4485d20e0b91687cf2af54143ef509cbd5d7ac9c0fb6f451a
              • Instruction ID: b0d619a332d6c95282df1358d3681ea32d30f86047e7ed6119c49223398a7f7e
              • Opcode Fuzzy Hash: 6f68cc775ea54bd4485d20e0b91687cf2af54143ef509cbd5d7ac9c0fb6f451a
              • Instruction Fuzzy Hash: 2621C4B5D002499FDB10DF9AD584ADEBFF8FB48310F14841AE919A3350D374A954CFA5
              Function 06DC5A50 Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON
              Download Yara Rule
              APIs
              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06DC5AC6
              Memory Dump Source
              • Source File: 00000000.00000002.2053019720.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6dc0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID: AllocVirtual
              • String ID:
              • API String ID: 4275171209-0
              • Opcode ID: 5c0b7576da9800937131d5fb5d07165e87c15ce42ece0b83393be6787f6b1754
              • Instruction ID: 2838f5d1705d9bd1b7597a33b8ca4911a9bae278f4759e61dac4b668d3ad1075
              • Opcode Fuzzy Hash: 5c0b7576da9800937131d5fb5d07165e87c15ce42ece0b83393be6787f6b1754
              • Instruction Fuzzy Hash: 9A114476C002499FCB20DFAAD845ADEBFF5EF88320F208819E559A7250C735A954CFA1
              Function 06DC5490 Relevance: 1.6, APIs: 1, Instructions: 53threadCOMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2053019720.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6dc0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID: ResumeThread
              • String ID:
              • API String ID: 947044025-0
              • Opcode ID: c6e3cde76a59ab8045ceafe8483da0db4429deff38fd8fe512b8ca8c4bc6e2b6
              • Instruction ID: a044c7645a60ba116186fcb6325b2aaa62e0677c5a4242311681f097e946cd94
              • Opcode Fuzzy Hash: c6e3cde76a59ab8045ceafe8483da0db4429deff38fd8fe512b8ca8c4bc6e2b6
              • Instruction Fuzzy Hash: A81134B5D002498BCB24DFAAC4457EEFFF4AB88324F208819D559A7240C775A945CFA5
              Function 06DC5A58 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
              Download Yara Rule
              APIs
              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06DC5AC6
              Memory Dump Source
              • Source File: 00000000.00000002.2053019720.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6dc0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID: AllocVirtual
              • String ID:
              • API String ID: 4275171209-0
              • Opcode ID: 9fd6c1f8c35f6f6651ba49b43440dc9439e697ed5c13dd7cd743323799aa1161
              • Instruction ID: 8e0659462659c844b45355b7fe67d6ebdf7d02ceba180eef23a4c5e2aa315170
              • Opcode Fuzzy Hash: 9fd6c1f8c35f6f6651ba49b43440dc9439e697ed5c13dd7cd743323799aa1161
              • Instruction Fuzzy Hash: F5116772C002499FCB10DFAAD844ADFBFF5EF88320F208419E519A7250C735A954CFA1
              Function 06DC5498 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2053019720.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6dc0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID: ResumeThread
              • String ID:
              • API String ID: 947044025-0
              • Opcode ID: b39a46dda82c1143e7d36f5aa0e3ae5c0726ea97a6d5023e2e981d47935fb2ae
              • Instruction ID: 485a4731cda136d494ed7ee14f68881a55f5b388c845a028d08fa9e15da5d911
              • Opcode Fuzzy Hash: b39a46dda82c1143e7d36f5aa0e3ae5c0726ea97a6d5023e2e981d47935fb2ae
              • Instruction Fuzzy Hash: BF1125B5D002498BCB24DFAAD445BEEFFF5AB88324F208419D419A7240CB79A945CBA5
              Function 06DC80A1 Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON
              Download Yara Rule
              APIs
              • PostMessageW.USER32(?,00000010,00000000,?), ref: 06DC8105
              Memory Dump Source
              • Source File: 00000000.00000002.2053019720.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6dc0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID: MessagePost
              • String ID:
              • API String ID: 410705778-0
              • Opcode ID: 8f38f99b979bf24fa0b44599e0c72cd4403e5ec9d8a132d3404f8c238043c367
              • Instruction ID: f38aabb44bad36b93622a514688bb0c1adb8928228198ff4967f52cc37ea677a
              • Opcode Fuzzy Hash: 8f38f99b979bf24fa0b44599e0c72cd4403e5ec9d8a132d3404f8c238043c367
              • Instruction Fuzzy Hash: DF11F5B58002499FDB20DF99D885BDEFFF8EB48320F108419E558A3200C375A944CFA1
              Function 00C8AF38 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
              Download Yara Rule
              APIs
              • GetModuleHandleW.KERNELBASE(00000000), ref: 00C8AF9E
              Memory Dump Source
              • Source File: 00000000.00000002.2046975188.0000000000C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_c80000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID: HandleModule
              • String ID:
              • API String ID: 4139908857-0
              • Opcode ID: 0f83e092e45603a2fc506669cbb8b9e25036ad7041439eaf423ce7559ac9f465
              • Instruction ID: 17a77a0b7d3a6c9848714b7e89f24337443cfa5bc7017cc3c862cad37ab8e7ba
              • Opcode Fuzzy Hash: 0f83e092e45603a2fc506669cbb8b9e25036ad7041439eaf423ce7559ac9f465
              • Instruction Fuzzy Hash: 6411E0B5C006498FDB14DF9AD444ADEFBF4EF88318F10842AD929A7210D379A545CFA5
              Function 06DC43C0 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
              Download Yara Rule
              APIs
              • PostMessageW.USER32(?,00000010,00000000,?), ref: 06DC8105
              Memory Dump Source
              • Source File: 00000000.00000002.2053019720.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6dc0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID: MessagePost
              • String ID:
              • API String ID: 410705778-0
              • Opcode ID: c62e6a4ce77f4272ec4ce8c9277b2d584ac0b864e549a2b2caf1133f7f6868bd
              • Instruction ID: 8269d81a219ba9cbafcb27d55c3833be5236c604e05797ad586c72404af6a7a6
              • Opcode Fuzzy Hash: c62e6a4ce77f4272ec4ce8c9277b2d584ac0b864e549a2b2caf1133f7f6868bd
              • Instruction Fuzzy Hash: 6511F2B58003499FDB60DF9AD889BDEBFF8EB48320F108419E519A7200C375A944CFA1
              Function 06DC9859 Relevance: 1.3, APIs: 1, Instructions: 49COMMON
              Download Yara Rule
              APIs
              • CloseHandle.KERNELBASE(?), ref: 06DC98B8
              Memory Dump Source
              • Source File: 00000000.00000002.2053019720.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6dc0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID: CloseHandle
              • String ID:
              • API String ID: 2962429428-0
              • Opcode ID: 0cc703703765989b0c0bf049b2ae172138162a71394b09ff3d03b5cde1125dea
              • Instruction ID: b1d1ce5c7805bb99a95d6bdbaf5d43f488cf6b2cac5b3d806becf89b9391d6ae
              • Opcode Fuzzy Hash: 0cc703703765989b0c0bf049b2ae172138162a71394b09ff3d03b5cde1125dea
              • Instruction Fuzzy Hash: 3D11F5B5C0024A8FDB10DF99C589BDEBBF4EF48320F25841AD559A7341D338A945CFA5
              Function 06DC9860 Relevance: 1.3, APIs: 1, Instructions: 47COMMON
              Download Yara Rule
              APIs
              • CloseHandle.KERNELBASE(?), ref: 06DC98B8
              Memory Dump Source
              • Source File: 00000000.00000002.2053019720.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6dc0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID: CloseHandle
              • String ID:
              • API String ID: 2962429428-0
              • Opcode ID: db19c76c7333f161c98d3a3f8bba5db6671452316b6d41859a727694c51099e2
              • Instruction ID: 0b3a17d9d55e8a2d5adf67637b77087910b93d71144336319f1dfcd3a12372ba
              • Opcode Fuzzy Hash: db19c76c7333f161c98d3a3f8bba5db6671452316b6d41859a727694c51099e2
              • Instruction Fuzzy Hash: BD11F2B5C002498FDB10DF9AC585BDEBBF4EB48320F24841AD559A7340D338A945CFA5
              Function 008AD1FC Relevance: .1, Instructions: 76COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2046175079.00000000008AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008AD000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_8ad000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 70a11882c39ea582d8cdbec14361d4c70ade4c9d35518266daab73e2dcfc1cca
              • Instruction ID: acc27c1cc38b1e406682011fa18a86a983ac8fcad5e12b4818483badeba6f21d
              • Opcode Fuzzy Hash: 70a11882c39ea582d8cdbec14361d4c70ade4c9d35518266daab73e2dcfc1cca
              • Instruction Fuzzy Hash: BB2133B1504304DFEB05CF14D8C0B2ABF65FB89314F24C569ED0A8BA46C336E816CBA1
              Function 008BD01C Relevance: .1, Instructions: 72COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2046232747.00000000008BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008BD000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_8bd000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 97c9d79566f41bf3d1da1835f17e597a28e55d69c0c4a983461cc73279ab1c8b
              • Instruction ID: 2b144139c2eae62ca0a5926e0c0b2cfec91f5f7cf19803dd1043c4130a5b9eb0
              • Opcode Fuzzy Hash: 97c9d79566f41bf3d1da1835f17e597a28e55d69c0c4a983461cc73279ab1c8b
              • Instruction Fuzzy Hash: A521D375504744EFDB14EF14D584B56BB65FB84314F24C569D80A8B346D33AD807CA61
              Function 008BD1D4 Relevance: .1, Instructions: 72COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2046232747.00000000008BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008BD000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_8bd000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e3ae136cbd053e813929a9c751f202131c02bc6d2df23fc57f813deceacff037
              • Instruction ID: 7e2c500345f9731eabe1827a1b9fd905a094e7e0892eac8b6988b2d340239669
              • Opcode Fuzzy Hash: e3ae136cbd053e813929a9c751f202131c02bc6d2df23fc57f813deceacff037
              • Instruction Fuzzy Hash: 6521F2B1904384EFDB05DF14D9C0B66BBA5FB84318F24C56DE8098B392D33AE806CA61
              Function 008BD006 Relevance: .1, Instructions: 63COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2046232747.00000000008BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008BD000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_8bd000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f4d62a6030fd4d78c80775be031f453d8fea972d8c529542757ac5686a7dbabb
              • Instruction ID: c904156015ed20f1e0ff9ae3d578085a79cba3f32f3e8d477a2ae6a8e62668fe
              • Opcode Fuzzy Hash: f4d62a6030fd4d78c80775be031f453d8fea972d8c529542757ac5686a7dbabb
              • Instruction Fuzzy Hash: 93217F755087809FCB02DF14D994B11BFB1FB46314F28C5EAD8498B2A6D33A981ACB62
              Function 008AD1F7 Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2046175079.00000000008AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008AD000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_8ad000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 137f5766051e4324e45f0217ede9c43a14289fab1ea42f994ba2cff73d56ee7c
              • Instruction ID: 1554a4fcd77d0d3f2dd365cb5572e96be52ab63b755aa098eb64d53fc8ddcd2b
              • Opcode Fuzzy Hash: 137f5766051e4324e45f0217ede9c43a14289fab1ea42f994ba2cff73d56ee7c
              • Instruction Fuzzy Hash: 36219D76504240DFDB06CF50D9C4B16BF62FB85314F24C5A9DD498BA56C33AE82ACBA1
              Function 008BD1CF Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2046232747.00000000008BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008BD000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_8bd000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5ecdbd2196c02b2d36a90ebf2b22d30fffd8b7da1097997a33617a95b9f44a3d
              • Instruction ID: f83e0a911415ebee87a742efb0433c43c8286d3e81e605518a498c277191596d
              • Opcode Fuzzy Hash: 5ecdbd2196c02b2d36a90ebf2b22d30fffd8b7da1097997a33617a95b9f44a3d
              • Instruction Fuzzy Hash: A511BB75904380EFCB02CF10D5C4B15BFA2FB84314F24C6A9D8498B796C33AE80ACB61
              Function 008AD759 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2046175079.00000000008AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008AD000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_8ad000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c8c5588b2b5c340af3f4b39944676cb7d454a1d1b5fc2b5f63d12f9bd2e8918c
              • Instruction ID: 4052ac132573f558e990e44f99365f5c5d1c96ab295f228b4a809521ab23c01d
              • Opcode Fuzzy Hash: c8c5588b2b5c340af3f4b39944676cb7d454a1d1b5fc2b5f63d12f9bd2e8918c
              • Instruction Fuzzy Hash: E201DB710053449AF7145A55DCC4B77FFE8FF56324F28C81AED0ACAA86C3799844C671
              Function 008AD758 Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2046175079.00000000008AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008AD000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_8ad000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2a3d2fb3d49e634102446b9ae65261c30996d014ff562adc277a0968391b8897
              • Instruction ID: 29e95a3cf660de65a44869769758630445a09bcd598386890b85b9bc2f6abb6d
              • Opcode Fuzzy Hash: 2a3d2fb3d49e634102446b9ae65261c30996d014ff562adc277a0968391b8897
              • Instruction Fuzzy Hash: E6F06D71405344AEE7248A1ADDC4B62FFE8EF51724F18C45AED098B696C379A844CAB1

              Non-executed Functions

              Function 06DC2BF0 Relevance: .3, Instructions: 317COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2053019720.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6dc0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 59e078be4fea27c7552cc211813f5dda086f394e42c81be82cf3f5c38224a9da
              • Instruction ID: 847a2cb2585796e760a1d1d977a3a6ac681e52afe236b013fab228f0dcd10ae7
              • Opcode Fuzzy Hash: 59e078be4fea27c7552cc211813f5dda086f394e42c81be82cf3f5c38224a9da
              • Instruction Fuzzy Hash: 68E10D74E0021A8FDB14DFA9C5809AEFBF2FF89314F648169D414A735AD730AA41CFA1
              Function 06DC5620 Relevance: .3, Instructions: 312COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2053019720.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6dc0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3f89542c6d5844d65f4fe54b2539637c55ecc9cd81ae6feba4e75b762894f8ba
              • Instruction ID: 05eb6f685ce9c5b374b92b09ae7c75d7f5fafb632a892f39bb87e444095d7c4b
              • Opcode Fuzzy Hash: 3f89542c6d5844d65f4fe54b2539637c55ecc9cd81ae6feba4e75b762894f8ba
              • Instruction Fuzzy Hash: BEE11774E1021A8FCB14DFA9D5809AEFBF2FF89314F648169D414AB35AD730A941CFA1
              Function 06DC4C70 Relevance: .3, Instructions: 312COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2053019720.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6dc0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 07d5f9b6e44db0bbc6a3968fc9b3460d9d62a99b56d81b3d25ad34a46241271b
              • Instruction ID: ba1c77e1cd175c576fe7fa4245644ecf29958dce4cfa0cd77713ba995f604565
              • Opcode Fuzzy Hash: 07d5f9b6e44db0bbc6a3968fc9b3460d9d62a99b56d81b3d25ad34a46241271b
              • Instruction Fuzzy Hash: 55E12974E0021A8FDB14DFA9C5909AEFBF2FF89314F248169D454AB35AD730A941CFA1
              Function 06DC3470 Relevance: .3, Instructions: 312COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2053019720.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6dc0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b546a80c81b13205c4373428757c9c9213f56edcde42ec8fa4d1a7959ad7d578
              • Instruction ID: eabb6ac4837747c939bbeb613e24f22d212c0527e0e0256292ccbf7bc55d566e
              • Opcode Fuzzy Hash: b546a80c81b13205c4373428757c9c9213f56edcde42ec8fa4d1a7959ad7d578
              • Instruction Fuzzy Hash: 97E1F774E1021A8FCB14DFA9C5809AEFBF2BF89314F65C169D414AB35AD730A941CFA1
              Function 06DC3038 Relevance: .3, Instructions: 312COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2053019720.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6dc0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 316c3b77d489dea2950e9b82356809cc79c384a73557e052493cb6e4f149e8d8
              • Instruction ID: 6d5df65aaff84b227c6e110b1254706fa3ba7af9340007d0b933bbb5b851498d
              • Opcode Fuzzy Hash: 316c3b77d489dea2950e9b82356809cc79c384a73557e052493cb6e4f149e8d8
              • Instruction Fuzzy Hash: 9DE1F874E0021A8FCB14DFA9C5809AEFBF2BF89314F25C169D414AB35AD731A941CFA1
              Function 00C8D55C Relevance: .3, Instructions: 264COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2046975188.0000000000C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_c80000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 01d9a53f785ec535a2246960e5a7dbef1e60dbb5d54ede9aef86f60b5562159b
              • Instruction ID: c8ee5bf85b2a395a981df84f7b99f4aa4d822d93dee59c15bed83e7b49d26768
              • Opcode Fuzzy Hash: 01d9a53f785ec535a2246960e5a7dbef1e60dbb5d54ede9aef86f60b5562159b
              • Instruction Fuzzy Hash: 06A14C32A00205CFCF05EFA5C88459EB7B2FF85304B25857EE815AB265DB31ED56DB80
              Function 06DC3460 Relevance: .1, Instructions: 137COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2053019720.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6dc0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fbde6e8e3e5ba0bb8d0c98710190bef5746eb001059ae3abf2b34d728a3e0650
              • Instruction ID: 959c230db0e9048c452775b397a8d1467bfa5b04ee476af248cfe81391ce0038
              • Opcode Fuzzy Hash: fbde6e8e3e5ba0bb8d0c98710190bef5746eb001059ae3abf2b34d728a3e0650
              • Instruction Fuzzy Hash: D5512C70E1421A8FCB14DFA9C5409AEFBF2BF89310F25C16AD418A7316D7359A41CFA1
              Function 06DC3028 Relevance: .1, Instructions: 133COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2053019720.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6dc0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c4059a1451f5c7e6012cbf6ef2c59fadd36df35e2c9fbd65f77e4e293961294e
              • Instruction ID: c00fabe7e563631a6c1131578fa060b1bcef100f581be25b5213605f72e738ef
              • Opcode Fuzzy Hash: c4059a1451f5c7e6012cbf6ef2c59fadd36df35e2c9fbd65f77e4e293961294e
              • Instruction Fuzzy Hash: CC512C74E042198FCB14DFA9C5409AEFBF2BF89310F25C16AD458A735AD7349A41CFA1
              Function 06DC763E Relevance: .0, Instructions: 16COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2053019720.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6dc0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 69368cdf83e07c0b6e6b8a0292c8d6108402146ba788aa9c06b2b687be282973
              • Instruction ID: 3a642f02046f2226049e7fdb5db47200fc52c723b0e3374fbce55a0f095dfc13
              • Opcode Fuzzy Hash: 69368cdf83e07c0b6e6b8a0292c8d6108402146ba788aa9c06b2b687be282973
              • Instruction Fuzzy Hash: 32C04C25A8D119DBEB400D94B4054F8F73DD2CB173F007455918EE30028651C2555998

              Execution Graph

              Execution Coverage:0.8%
              Dynamic/Decrypted Code Coverage:5.1%
              Signature Coverage:9.2%
              Total number of Nodes:98
              Total number of Limit Nodes:8
              execution_graph 94570 424683 94571 42469f 94570->94571 94572 4246c7 94571->94572 94573 4246db 94571->94573 94574 42c1f3 NtClose 94572->94574 94580 42c1f3 94573->94580 94577 4246d0 94574->94577 94576 4246e4 94583 42e333 RtlAllocateHeap 94576->94583 94579 4246ef 94581 42c20d 94580->94581 94582 42c21e NtClose 94581->94582 94582->94576 94583->94579 94584 42f503 94585 42f473 94584->94585 94586 42f4d0 94585->94586 94590 42e2f3 94585->94590 94588 42f4ad 94593 42e213 94588->94593 94596 42c503 94590->94596 94592 42e30e 94592->94588 94599 42c553 94593->94599 94595 42e22c 94595->94586 94597 42c51d 94596->94597 94598 42c52e RtlAllocateHeap 94597->94598 94598->94592 94600 42c570 94599->94600 94601 42c581 RtlFreeHeap 94600->94601 94601->94595 94608 42f3d3 94609 42f3e3 94608->94609 94610 42f3e9 94608->94610 94611 42e2f3 RtlAllocateHeap 94610->94611 94612 42f40f 94611->94612 94618 424a13 94623 424a2c 94618->94623 94619 424abc 94620 424a77 94621 42e213 RtlFreeHeap 94620->94621 94622 424a87 94621->94622 94623->94619 94623->94620 94624 424ab7 94623->94624 94625 42e213 RtlFreeHeap 94624->94625 94625->94619 94626 42b813 94627 42b830 94626->94627 94630 1462df0 LdrInitializeThunk 94627->94630 94628 42b858 94630->94628 94602 413aa3 94604 413ac0 94602->94604 94606 413b26 94604->94606 94607 41b1c3 RtlFreeHeap LdrInitializeThunk 94604->94607 94605 413b1c 94607->94605 94631 4175b3 94632 4175d7 94631->94632 94633 417613 LdrLoadDll 94632->94633 94634 4175de 94632->94634 94633->94634 94635 401abb 94636 401ac9 94635->94636 94639 42f8a3 94636->94639 94642 42ddc3 94639->94642 94643 42dde9 94642->94643 94652 4075d3 94643->94652 94645 42ddff 94646 401bc7 94645->94646 94655 41aeb3 94645->94655 94648 42de1e 94649 42de33 94648->94649 94650 42c5a3 ExitProcess 94648->94650 94666 42c5a3 94649->94666 94650->94649 94654 4075e0 94652->94654 94669 416273 94652->94669 94654->94645 94656 41aedf 94655->94656 94687 41ada3 94656->94687 94659 41af24 94663 42c1f3 NtClose 94659->94663 94664 41af40 94659->94664 94660 41af0c 94661 42c1f3 NtClose 94660->94661 94662 41af17 94660->94662 94661->94662 94662->94648 94665 41af36 94663->94665 94664->94648 94665->94648 94667 42c5c0 94666->94667 94668 42c5ce ExitProcess 94667->94668 94668->94646 94670 416290 94669->94670 94672 4162a9 94670->94672 94673 42cc13 94670->94673 94672->94654 94675 42cc2d 94673->94675 94674 42cc5c 94674->94672 94675->94674 94680 42b863 94675->94680 94678 42e213 RtlFreeHeap 94679 42ccd2 94678->94679 94679->94672 94681 42b87d 94680->94681 94684 1462c0a 94681->94684 94682 42b8a9 94682->94678 94685 1462c1f LdrInitializeThunk 94684->94685 94686 1462c11 94684->94686 94685->94682 94686->94682 94688 41ae99 94687->94688 94689 41adbd 94687->94689 94688->94659 94688->94660 94693 42b903 94689->94693 94692 42c1f3 NtClose 94692->94688 94694 42b91d 94693->94694 94697 14635c0 LdrInitializeThunk 94694->94697 94695 41ae8d 94695->94692 94697->94695

              Executed Functions

              Function 004175B3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
              Download Yara Rule

              Control-flow Graph

              APIs
              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417625
              Memory Dump Source
              • Source File: 00000004.00000002.2324711001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_400000_Quote Request - Project FMD2024UOS.jbxd
              Yara matches
              Similarity
              • API ID: Load
              • String ID:
              • API String ID: 2234796835-0
              • Opcode ID: b1ab608f6a434d690aace906f631f60dad52016000f19f13757925202364d872
              • Instruction ID: 226138a02fe1fcdf6906db9a92a152450a814d1c82cddcc527c31de774233805
              • Opcode Fuzzy Hash: b1ab608f6a434d690aace906f631f60dad52016000f19f13757925202364d872
              • Instruction Fuzzy Hash: 02011EB5E0020DBBDF10DAE5DD42FDEB378AB54308F4041AAE90897241F675EB588B95
              Function 0042C1F3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 32 42c1f3-42c22c call 404913 call 42d3d3 NtClose
              APIs
              • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C227
              Memory Dump Source
              • Source File: 00000004.00000002.2324711001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_400000_Quote Request - Project FMD2024UOS.jbxd
              Yara matches
              Similarity
              • API ID: Close
              • String ID:
              • API String ID: 3535843008-0
              • Opcode ID: 431212fdab63761c87ab79be39f6fbe23cd1eed9a1b40f8b58dd6ac8dfba57c5
              • Instruction ID: b33aed934dd9bd27afca2d347c66c5b642718a411458aada5dba0cf8e1efa3bf
              • Opcode Fuzzy Hash: 431212fdab63761c87ab79be39f6fbe23cd1eed9a1b40f8b58dd6ac8dfba57c5
              • Instruction Fuzzy Hash: 91E04F712002187BD220EA5ADC01F9B776CDFC5714F10401AFA48A7186C670BA0087A5
              Function 01462DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 47 1462df0-1462dfc LdrInitializeThunk
              APIs
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: da0f6553456adf455130c60495fe9af2d98bd298f454b3c8d93f2cdc9daa8dcf
              • Instruction ID: c750160baa19f715617bd432b86c03dba9cae87245b9cbae0d6f6da60ecea77a
              • Opcode Fuzzy Hash: da0f6553456adf455130c60495fe9af2d98bd298f454b3c8d93f2cdc9daa8dcf
              • Instruction Fuzzy Hash: CC90023120140513D11171584508747000997E0241F95C423A0424559DD7668A56A221
              Function 01462C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 46 1462c70-1462c7c LdrInitializeThunk
              APIs
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: f09be347fbdf522eb15a2869874e6af3d2dbe073f1c1f0a47515d74d8572f376
              • Instruction ID: d804c3e64f1c276b3b48b8df6143221833a54c226848d930eebd924a35dccc88
              • Opcode Fuzzy Hash: f09be347fbdf522eb15a2869874e6af3d2dbe073f1c1f0a47515d74d8572f376
              • Instruction Fuzzy Hash: F190023120148902D1107158840878A000597E0301F59C422A4424659DC7A589957221
              Function 014635C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 48 14635c0-14635cc LdrInitializeThunk
              APIs
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: 67bd818040d254c19299f56d314ca54b03b5123eb15fb2331032bee312583048
              • Instruction ID: 42431dc34975e4505897ffb0f278cf6122599ea87fc3b2db91252f76c4984271
              • Opcode Fuzzy Hash: 67bd818040d254c19299f56d314ca54b03b5123eb15fb2331032bee312583048
              • Instruction Fuzzy Hash: 4C90023160550502D10071584518746100597E0201F65C422A0424569DC7A58A5566A2
              Function 0042C553 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 27 42c553-42c597 call 404913 call 42d3d3 RtlFreeHeap
              APIs
              • RtlFreeHeap.NTDLL(00000000,00000004,00000000,8BF02B27,00000007,00000000,00000004,00000000,00416E38,000000F4), ref: 0042C592
              Memory Dump Source
              • Source File: 00000004.00000002.2324711001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_400000_Quote Request - Project FMD2024UOS.jbxd
              Yara matches
              Similarity
              • API ID: FreeHeap
              • String ID:
              • API String ID: 3298025750-0
              • Opcode ID: d49cd647ab8136e7af5835910ef1f0b3ae7253d90042e551d659c959f8cdb196
              • Instruction ID: 2b55bb41ca85779f70f9695dfda8ce5347689ae50b76c5bd144ea4738f1be451
              • Opcode Fuzzy Hash: d49cd647ab8136e7af5835910ef1f0b3ae7253d90042e551d659c959f8cdb196
              • Instruction Fuzzy Hash: F3E06DB16002047BD620EE59EC41FEB33ACEFC8710F000419F908A7242C670B9118AB4
              Function 0042C503 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 22 42c503-42c544 call 404913 call 42d3d3 RtlAllocateHeap
              APIs
              • RtlAllocateHeap.NTDLL(?,0041E318,?,?,00000000,?,0041E318,?,?,?), ref: 0042C53F
              Memory Dump Source
              • Source File: 00000004.00000002.2324711001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_400000_Quote Request - Project FMD2024UOS.jbxd
              Yara matches
              Similarity
              • API ID: AllocateHeap
              • String ID:
              • API String ID: 1279760036-0
              • Opcode ID: 216e9a690d27d1962fceeb557caec7662cd634590553b0e850795b9b9f34aaea
              • Instruction ID: f9a0228f59235e8f153fd7f88619c884668c70a1dddf6d5298aa240f6907bc1b
              • Opcode Fuzzy Hash: 216e9a690d27d1962fceeb557caec7662cd634590553b0e850795b9b9f34aaea
              • Instruction Fuzzy Hash: 6DE06DB1200608BBD610EF59DC41F9B73ACEFC4710F004019FD09A7281DA70B910CBB8
              Function 0042C5A3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 37 42c5a3-42c5dc call 404913 call 42d3d3 ExitProcess
              APIs
              Memory Dump Source
              • Source File: 00000004.00000002.2324711001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_400000_Quote Request - Project FMD2024UOS.jbxd
              Yara matches
              Similarity
              • API ID: ExitProcess
              • String ID:
              • API String ID: 621844428-0
              • Opcode ID: 3a7dee4e6dd0dc098ab0eda27db5c28de65434d13b3fc7a6b32ccacbb9158ed3
              • Instruction ID: c5152a25c7ff3224d3ff6f2a1c337dd8fab2398011ce6e3edd03a710fb85773a
              • Opcode Fuzzy Hash: 3a7dee4e6dd0dc098ab0eda27db5c28de65434d13b3fc7a6b32ccacbb9158ed3
              • Instruction Fuzzy Hash: 58E086712002147BD220EE5ADC41F9B776CDFC5714F00451AFA48A7281C675BD0187F4
              Function 01462C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 42 1462c0a-1462c0f 43 1462c11-1462c18 42->43 44 1462c1f-1462c26 LdrInitializeThunk 42->44
              APIs
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: f6f74bcd47975b36e83420b2ea5e622f9a13712478cd2502d361d0fde4ba2153
              • Instruction ID: 1652681ba7f666d9345951e9e80a9fa7bcf55f6ad23245ccebe64a66eb6d4bd1
              • Opcode Fuzzy Hash: f6f74bcd47975b36e83420b2ea5e622f9a13712478cd2502d361d0fde4ba2153
              • Instruction Fuzzy Hash: 62B09B719015C5D9DA11F764460CB17790477D0705F15C073D3030653F4778C1D5E276

              Non-executed Functions

              Function 014A2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
              • API String ID: 0-2160512332
              • Opcode ID: cd26dd6bc3e9509f823b6d19694b27e405d7f331e83a29fc3f35ffdb26f689d7
              • Instruction ID: dd9530ebf40027f84f1df2b409238e44b1b0245f33776a6a8d7d4067ec8241cf
              • Opcode Fuzzy Hash: cd26dd6bc3e9509f823b6d19694b27e405d7f331e83a29fc3f35ffdb26f689d7
              • Instruction Fuzzy Hash: 6292C071604342AFE721CF19C840F6BBBE8BBA4754F45482EFA94D7260D7B0E845DB92
              Function 01458620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
              Download Yara Rule
              Strings
              • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 014954CE
              • Critical section debug info address, xrefs: 0149541F, 0149552E
              • double initialized or corrupted critical section, xrefs: 01495508
              • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 014954E2
              • Invalid debug info address of this critical section, xrefs: 014954B6
              • Critical section address., xrefs: 01495502
              • 8, xrefs: 014952E3
              • corrupted critical section, xrefs: 014954C2
              • Thread is in a state in which it cannot own a critical section, xrefs: 01495543
              • undeleted critical section in freed memory, xrefs: 0149542B
              • Thread identifier, xrefs: 0149553A
              • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0149540A, 01495496, 01495519
              • Address of the debug info found in the active list., xrefs: 014954AE, 014954FA
              • Critical section address, xrefs: 01495425, 014954BC, 01495534
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
              • API String ID: 0-2368682639
              • Opcode ID: aa67cd27eb4fb66b5506d6c4e3d954bc6307e9ef876c995fadc59ff56a7901f5
              • Instruction ID: 9a686fc5eb535dfb85e5fe3c5d44e997220b2e45d28826bcedac894c7c062c9d
              • Opcode Fuzzy Hash: aa67cd27eb4fb66b5506d6c4e3d954bc6307e9ef876c995fadc59ff56a7901f5
              • Instruction Fuzzy Hash: C4818070E40359AFDF22CF9AC945BAEBBB5BB48714F20412BF504BB2A1D371A945CB50
              Function 014529F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
              Download Yara Rule
              Strings
              • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01492506
              • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 014925EB
              • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01492624
              • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01492602
              • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01492498
              • @, xrefs: 0149259B
              • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01492412
              • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 014922E4
              • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 014924C0
              • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01492409
              • RtlpResolveAssemblyStorageMapEntry, xrefs: 0149261F
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
              • API String ID: 0-4009184096
              • Opcode ID: bd52e5143725040ee22edf66f8c3de0502ff6ac159b0e0e625c44685dea23657
              • Instruction ID: 888f73dd47ae1f7db553effb55d688f1c241389d9e32d743a6ec32d4f13c243f
              • Opcode Fuzzy Hash: bd52e5143725040ee22edf66f8c3de0502ff6ac159b0e0e625c44685dea23657
              • Instruction Fuzzy Hash: 650284B1D00229ABDF71DB55CC80FDAB7B8AB54304F4041EBEA09A7262D7706E85CF59
              Function 014C8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
              • API String ID: 0-2515994595
              • Opcode ID: 0c83abf601786824011bab6194c9e5f1e06aad1e4ff5f9e2112854f0acd7f3be
              • Instruction ID: 2c41340f15f55e98ed5f2eb769c186be12880d444ccf6ccb36a273c17ca30016
              • Opcode Fuzzy Hash: 0c83abf601786824011bab6194c9e5f1e06aad1e4ff5f9e2112854f0acd7f3be
              • Instruction Fuzzy Hash: B151E0791043129BC365CF198844BABBBECEF94B58F14091EEA59C3260E770D609CB92
              Function 014D0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
              • API String ID: 0-1700792311
              • Opcode ID: 77bbb6585781cfd8da90a8081b6d0add1dda205e23c6ef2133d36f78c4dcd667
              • Instruction ID: d0d7203109662c9cfc269e09edea84613866ca2398125836f108e0ddd07775bf
              • Opcode Fuzzy Hash: 77bbb6585781cfd8da90a8081b6d0add1dda205e23c6ef2133d36f78c4dcd667
              • Instruction Fuzzy Hash: 67D1CB35600686EFDF22DF69C460AAABBF1FF59710F18805EF9499B362C7349942CB10
              Function 014A89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
              Download Yara Rule
              Strings
              • AVRF: -*- final list of providers -*- , xrefs: 014A8B8F
              • VerifierDebug, xrefs: 014A8CA5
              • VerifierFlags, xrefs: 014A8C50
              • HandleTraces, xrefs: 014A8C8F
              • VerifierDlls, xrefs: 014A8CBD
              • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 014A8A3D
              • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 014A8A67
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
              • API String ID: 0-3223716464
              • Opcode ID: 7af95a82c8504ae88f4ed2973f3f6510c32e5fcd849b3a02f80cf6f73bf6b652
              • Instruction ID: 5bc44ce9080fe7f7ed9005cd711d07a64e7536770af910b3c3485b5e38777a83
              • Opcode Fuzzy Hash: 7af95a82c8504ae88f4ed2973f3f6510c32e5fcd849b3a02f80cf6f73bf6b652
              • Instruction Fuzzy Hash: 10913272601303AFE322EF29D880B5B77A4EBB5A14F87041EFA516F261D3709C05CB91
              Function 0142EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
              • API String ID: 0-1109411897
              • Opcode ID: 795a6c701ebd16444e32b4d3ea3632ab7fd7732d83dcf32a2250fa22427f2f98
              • Instruction ID: d881c7a6ce7c1916cc3e235bcef9c4f0dbe6ab3ea8c51238fb1585bd1831cdd4
              • Opcode Fuzzy Hash: 795a6c701ebd16444e32b4d3ea3632ab7fd7732d83dcf32a2250fa22427f2f98
              • Instruction Fuzzy Hash: 01A24A74A0562A8FDB64DF19C8987AEBBB5AF45304F5442EAD90DA7360DB309EC5CF00
              Function 014563FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
              • API String ID: 0-792281065
              • Opcode ID: 116bb20fbfacd9226e81518e80efb0b8990186fd3b63f910591018577d175587
              • Instruction ID: 73be6e96938dc5e45bd60d5be160becb6f06d182ce75ae329d9aecdad9e922af
              • Opcode Fuzzy Hash: 116bb20fbfacd9226e81518e80efb0b8990186fd3b63f910591018577d175587
              • Instruction Fuzzy Hash: EE918A70B003129BEF36DF19D945BAA3FA1BB52B24F56002FE9106B3B2D7B44802C794
              Function 0141645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
              Download Yara Rule
              Strings
              • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01479A2A
              • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 014799ED
              • LdrpInitShimEngine, xrefs: 014799F4, 01479A07, 01479A30
              • apphelp.dll, xrefs: 01416496
              • minkernel\ntdll\ldrinit.c, xrefs: 01479A11, 01479A3A
              • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01479A01
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
              • API String ID: 0-204845295
              • Opcode ID: 7ead988855caf62a77617c1321ccddcf80fb788b43d443fdebedd12aa900d7dd
              • Instruction ID: 890d4706493bc751ca5a08ee8af25f88387d6667b8d2c4072eb51ca47d0641f1
              • Opcode Fuzzy Hash: 7ead988855caf62a77617c1321ccddcf80fb788b43d443fdebedd12aa900d7dd
              • Instruction Fuzzy Hash: 4D5125712083019FE722EF25D841F9B77E8FB94658F01092FF5959B2B4D670E944CB92
              Function 01452674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
              Download Yara Rule
              Strings
              • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01492178
              • RtlGetAssemblyStorageRoot, xrefs: 01492160, 0149219A, 014921BA
              • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0149219F
              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 014921BF
              • SXS: %s() passed the empty activation context, xrefs: 01492165
              • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01492180
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
              • API String ID: 0-861424205
              • Opcode ID: 2537561b6723bf65ee2dc32981fcf10c33626696ff7975704d728b67c55476cd
              • Instruction ID: fa3ab336d0c68f2198402695226f4228403077dfbdd4ffab347360447fe4537c
              • Opcode Fuzzy Hash: 2537561b6723bf65ee2dc32981fcf10c33626696ff7975704d728b67c55476cd
              • Instruction Fuzzy Hash: 90313B77B00211B7EB11CA9A9C81F5F7F78DB65A40F05006FFA0467272D3B0AA01C7A1
              Function 0145C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
              Download Yara Rule
              Strings
              • Unable to build import redirection Table, Status = 0x%x, xrefs: 014981E5
              • LdrpInitializeImportRedirection, xrefs: 01498177, 014981EB
              • minkernel\ntdll\ldrredirect.c, xrefs: 01498181, 014981F5
              • LdrpInitializeProcess, xrefs: 0145C6C4
              • Loading import redirection DLL: '%wZ', xrefs: 01498170
              • minkernel\ntdll\ldrinit.c, xrefs: 0145C6C3
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
              • API String ID: 0-475462383
              • Opcode ID: 6bb9af2f63aa04918e9d46b40f6a8c54947f669e6289030c77f4d75d429e36e2
              • Instruction ID: 5b10ac683a485c3752cd457a3ad9a8e39c9e410d9927aefa314da40231c80e53
              • Opcode Fuzzy Hash: 6bb9af2f63aa04918e9d46b40f6a8c54947f669e6289030c77f4d75d429e36e2
              • Instruction Fuzzy Hash: D3313471604306AFD321EF2AD846E1B7B94EFA5B14F05051EF9446B3B1D670ED04C7A2
              Function 0146096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
              Download Yara Rule
              APIs
                • Part of subcall function 01462DF0: LdrInitializeThunk.NTDLL ref: 01462DFA
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01460BA3
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01460BB6
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01460D60
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01460D74
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
              • String ID:
              • API String ID: 1404860816-0
              • Opcode ID: 7e4b788887c19774e3186f6c5d4bf1d96e8bad950949895e48a96fed3920ae37
              • Instruction ID: be7722452b93ba7e49f1b3a722860038372aafb2e775258beb59911b2b78ba9c
              • Opcode Fuzzy Hash: 7e4b788887c19774e3186f6c5d4bf1d96e8bad950949895e48a96fed3920ae37
              • Instruction Fuzzy Hash: C3425A719007159FDB21CF28C880BAABBF9FF14318F0445AEE9899B351D770AA85CF61
              Function 0142A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
              • API String ID: 0-379654539
              • Opcode ID: 70f4397bec24a792dbbab7321f74d15ae149b30090675f2571b0ce5551800126
              • Instruction ID: 8d3d1b25b7a3cec206ee42ff5c7d7af947ca35889ad489cecc251ab2b5a02861
              • Opcode Fuzzy Hash: 70f4397bec24a792dbbab7321f74d15ae149b30090675f2571b0ce5551800126
              • Instruction Fuzzy Hash: 2AC1A8741083928FD721DF58C144B6BBBE4BF94304F50496BF9968BB61E374C98ACB52
              Function 01458402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
              Download Yara Rule
              Strings
              • @, xrefs: 01458591
              • LdrpInitializeProcess, xrefs: 01458422
              • minkernel\ntdll\ldrinit.c, xrefs: 01458421
              • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0145855E
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
              • API String ID: 0-1918872054
              • Opcode ID: a77c41e02fb70bff44ca3a883d773fb1e0a0dd319e19e48b642bbe4161b937c4
              • Instruction ID: 6a7f3be9731f60a2f9ab1d366a308d2c03f42dece25aaed240abe4e76ae72117
              • Opcode Fuzzy Hash: a77c41e02fb70bff44ca3a883d773fb1e0a0dd319e19e48b642bbe4161b937c4
              • Instruction Fuzzy Hash: 96919F71508346AFD762DF26CC41F6BBAECFB94658F40092FFA8496162E770D904CB62
              Function 0145273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
              Download Yara Rule
              Strings
              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 014922B6
              • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 014921D9, 014922B1
              • .Local, xrefs: 014528D8
              • SXS: %s() passed the empty activation context, xrefs: 014921DE
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
              • API String ID: 0-1239276146
              • Opcode ID: a68bda192c1391d48d456e046c276d0dc298c9e67e7ca6341cbfcf6c93b1c7ff
              • Instruction ID: 3783f79714fdc324199df11adf834b6102474dafe03e8977cfcc33c46450a148
              • Opcode Fuzzy Hash: a68bda192c1391d48d456e046c276d0dc298c9e67e7ca6341cbfcf6c93b1c7ff
              • Instruction Fuzzy Hash: 3DA1B335A00229DBDB65CF59D884F9AB7B0BF58314F1541EBD908AB362D7709E81CF90
              Function 01454AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
              Download Yara Rule
              Strings
              • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01493456
              • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01493437
              • RtlDeactivateActivationContext, xrefs: 01493425, 01493432, 01493451
              • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0149342A
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
              • API String ID: 0-1245972979
              • Opcode ID: d49d04105aa42e638a3ac5927413755eec869f9e5278e43d8eeeffb58b715b81
              • Instruction ID: 6086464c78546f53f15ec3136c4d8876445d8cebca6f3b7e175f497a23b0e154
              • Opcode Fuzzy Hash: d49d04105aa42e638a3ac5927413755eec869f9e5278e43d8eeeffb58b715b81
              • Instruction Fuzzy Hash: 006114366006129BDB23CF29C841B2BBBE1EF90B50F1A852FE9559F361D730E841CB91
              Function 014264AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
              Download Yara Rule
              Strings
              • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 014810AE
              • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01480FE5
              • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01481028
              • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0148106B
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
              • API String ID: 0-1468400865
              • Opcode ID: afd552a4cc836205e249d68be37785a02d6ed4e223be132071be892527fbefdd
              • Instruction ID: d8f3c8a6e6cdbf1d632a9206578de6c95c0b4ef43ac0c14e78310e22b254cec4
              • Opcode Fuzzy Hash: afd552a4cc836205e249d68be37785a02d6ed4e223be132071be892527fbefdd
              • Instruction Fuzzy Hash: 297101B19043159FCB21EF15C884B9B7BA8AFA4754F40046AFD488B26AD370D1C9CBD2
              Function 0144245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
              Download Yara Rule
              Strings
              • minkernel\ntdll\ldrinit.c, xrefs: 0148A9A2
              • apphelp.dll, xrefs: 01442462
              • LdrpDynamicShimModule, xrefs: 0148A998
              • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0148A992
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
              • API String ID: 0-176724104
              • Opcode ID: 55d8b6681495bff6e75f32e95acf64b5f302f04da27672a0df82e38c40ed4e5f
              • Instruction ID: 92ee43c7718be0fde8c007ff03d9bc5a618afc364a88b21349369ff5eadd2211
              • Opcode Fuzzy Hash: 55d8b6681495bff6e75f32e95acf64b5f302f04da27672a0df82e38c40ed4e5f
              • Instruction Fuzzy Hash: A0312975600202ABD732AF59D885E6EBBB4FB84714F27006FF9106B365C7F45986D740
              Function 014329A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
              Download Yara Rule
              Strings
              • HEAP[%wZ]: , xrefs: 01433255
              • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0143327D
              • HEAP: , xrefs: 01433264
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
              • API String ID: 0-617086771
              • Opcode ID: 889743bd47919fdb3b29977b48bc4f6ab9b1e5e991314a6704ecddc2bf29ae85
              • Instruction ID: 123f34774a022377f6ee31b7f4292631afc7eaddcd4b2816e68c0e5c5e925e6c
              • Opcode Fuzzy Hash: 889743bd47919fdb3b29977b48bc4f6ab9b1e5e991314a6704ecddc2bf29ae85
              • Instruction Fuzzy Hash: 1892CE71A042499FEB25CF69C444BAEBBF1FF88310F14805EE859AB3A1D774A946CF50
              Function 01430770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
              • API String ID: 0-4253913091
              • Opcode ID: c0fa2fadbe869f1e8e44cc7c74460b9f0b444b00c3bd99a192c7dec67ce2819c
              • Instruction ID: 5bb6f18abf3fe07fd6437b029337a4409ea53915cb5fff30cb84ec2624cd670c
              • Opcode Fuzzy Hash: c0fa2fadbe869f1e8e44cc7c74460b9f0b444b00c3bd99a192c7dec67ce2819c
              • Instruction Fuzzy Hash: 1FF1AE30A00605DFEB25DF69C894B6EB7B5FF88304F14426AE4169B3A1D734E982CF90
              Function 01446962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: $@
              • API String ID: 0-1077428164
              • Opcode ID: 52950880d0f59b4e17ca71d58db381aa9fdda155e9921acab5bc62333b8cbf77
              • Instruction ID: fadec01d959eaef3c047715323687b952edcd72be61f7d4077b3f0de802e014f
              • Opcode Fuzzy Hash: 52950880d0f59b4e17ca71d58db381aa9fdda155e9921acab5bc62333b8cbf77
              • Instruction Fuzzy Hash: C1C292716083419FE725CF29C481BABBBE5BF88754F05892EE989C7361D734D806CB62
              Function 0141A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: FilterFullPath$UseFilter$\??\
              • API String ID: 0-2779062949
              • Opcode ID: f7bb902222e61b06f82142f7c5b00adb0dbbf43d9bd4f745db61a22576b16a20
              • Instruction ID: b1b5d1e57e3a1acba6c891f8c2535b68f57f2e159be4398eccd1310e49ed8676
              • Opcode Fuzzy Hash: f7bb902222e61b06f82142f7c5b00adb0dbbf43d9bd4f745db61a22576b16a20
              • Instruction Fuzzy Hash: EEA16F7191122A9BDB31DF64CC88BEAB7B8EF54714F1001EBE909A7260D7359E85CF50
              Function 01440BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
              Download Yara Rule
              Strings
              • LdrpCheckModule, xrefs: 0148A117
              • minkernel\ntdll\ldrinit.c, xrefs: 0148A121
              • Failed to allocated memory for shimmed module list, xrefs: 0148A10F
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
              • API String ID: 0-161242083
              • Opcode ID: 841fa3181a5ba299d0b92ae0f9d50689c5fb98836449af741000edc9da2d3108
              • Instruction ID: 83da8792776efe1c925eb5b1965e8f2cc3c8985d4836d9baf4b141f92f2257ca
              • Opcode Fuzzy Hash: 841fa3181a5ba299d0b92ae0f9d50689c5fb98836449af741000edc9da2d3108
              • Instruction Fuzzy Hash: A971F470A00206DFEB2AEF69C940AAEB7F4FB44204F15406FE912DB361E774AD46CB54
              Function 01430A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
              • API String ID: 0-1334570610
              • Opcode ID: 2d88917e3a9a8c8d7119832097d0f3d3564507e82084bd958a30244965148a74
              • Instruction ID: 215d56a562535dd520c5edeb353788fae167fab18412e172ea8655580b6fac98
              • Opcode Fuzzy Hash: 2d88917e3a9a8c8d7119832097d0f3d3564507e82084bd958a30244965148a74
              • Instruction Fuzzy Hash: BD61AE706003019FDB29DF68C444B6ABBE1FF99704F14866EE4598F3A6D770E882CB91
              Function 0145C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
              Download Yara Rule
              Strings
              • Failed to reallocate the system dirs string !, xrefs: 014982D7
              • minkernel\ntdll\ldrinit.c, xrefs: 014982E8
              • LdrpInitializePerUserWindowsDirectory, xrefs: 014982DE
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
              • API String ID: 0-1783798831
              • Opcode ID: 2c409027f632e110af7373f902042e51ba3108300c9d932b0e8c62b850e47234
              • Instruction ID: e2414476666acf8eba3cdc686a81c4ca7cab6b858aa70604752a76d349402746
              • Opcode Fuzzy Hash: 2c409027f632e110af7373f902042e51ba3108300c9d932b0e8c62b850e47234
              • Instruction Fuzzy Hash: 84412471544302ABD722EB69D880F5B7BE8EF68A10F01082FF954DB2B5E7B0D804CB91
              Function 014DC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
              Download Yara Rule
              Strings
              • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 014DC1C5
              • @, xrefs: 014DC1F1
              • PreferredUILanguages, xrefs: 014DC212
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
              • API String ID: 0-2968386058
              • Opcode ID: 37cf488b0386f693164da7cd486324d7504e6f310cc14a1a58fdf4da5fc52233
              • Instruction ID: 7bf4b64b17a4b38dfdd72259fb9dd25f4cfceb212da748b2ca446f55899dbf9e
              • Opcode Fuzzy Hash: 37cf488b0386f693164da7cd486324d7504e6f310cc14a1a58fdf4da5fc52233
              • Instruction Fuzzy Hash: 85418072E0020AEBDF11DBD9C891FEEBBB9AB24704F10416FE609A7260D7749A44CB50
              Function 014B4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
              • API String ID: 0-1373925480
              • Opcode ID: fa787307a947492878c4e297a7164d2bda4f9115b76d7ad90c063db851118342
              • Instruction ID: 7c05f3b7102692789d84a45464fe6fbbd8b5eeeb0796308b6a83eb927c38dee9
              • Opcode Fuzzy Hash: fa787307a947492878c4e297a7164d2bda4f9115b76d7ad90c063db851118342
              • Instruction Fuzzy Hash: 2541F931A006588BEB25DBD9D884BEDBBB4FF65340F18045BD902EB7B2D7349902CB61
              Function 014A4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
              Download Yara Rule
              Strings
              • minkernel\ntdll\ldrredirect.c, xrefs: 014A4899
              • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 014A4888
              • LdrpCheckRedirection, xrefs: 014A488F
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
              • API String ID: 0-3154609507
              • Opcode ID: a7094dec4d98975524d71a6c165c1653479d466da9e698befb04c18cce26f012
              • Instruction ID: f120406db55e6ca886c8d15857a20b0a4d378e30ceeefd5c44c1cede3d9e48ff
              • Opcode Fuzzy Hash: a7094dec4d98975524d71a6c165c1653479d466da9e698befb04c18cce26f012
              • Instruction Fuzzy Hash: 7541D63A6002919FCB22CF19E840A2B7BE4EF69650B8F055FED559B371D3B0D800CB81
              Function 01430BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
              • API String ID: 0-2558761708
              • Opcode ID: 8135ac81683937a3632ade11cb2b659c19ad4bab9e9fe67605dce5fd958a843f
              • Instruction ID: c576c6480feb8d89354541fa3267691ee24bbeae8c260eef80fafbc3d3813d4f
              • Opcode Fuzzy Hash: 8135ac81683937a3632ade11cb2b659c19ad4bab9e9fe67605dce5fd958a843f
              • Instruction Fuzzy Hash: B111CD313151029FDB29EA19C441B7AB3A5EF94A1AF18822FF4068F375DB30D842CB50
              Function 014A20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
              Download Yara Rule
              Strings
              • Process initialization failed with status 0x%08lx, xrefs: 014A20F3
              • LdrpInitializationFailure, xrefs: 014A20FA
              • minkernel\ntdll\ldrinit.c, xrefs: 014A2104
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
              • API String ID: 0-2986994758
              • Opcode ID: 7b2171b51a1a2d030876a5e3cf1521eca9850acef6457e6186ec7363432471d5
              • Instruction ID: 05ca540ed4ca2e8adfc72378ada3f49d650b5900c1c3f64f03689c3b0f51f127
              • Opcode Fuzzy Hash: 7b2171b51a1a2d030876a5e3cf1521eca9850acef6457e6186ec7363432471d5
              • Instruction Fuzzy Hash: 32F02835640309ABE721E70EDC46F9A3768EB51B58F51002EF7007B2E1D2F0A600D641
              Function 014303E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID: ___swprintf_l
              • String ID: #%u
              • API String ID: 48624451-232158463
              • Opcode ID: 3fe2e305de9013dcc89e9ee1b2bd8bbec9cb9410153043054f3f8f5157f3513f
              • Instruction ID: 4b6c60fdb8e75e91e0c8458f42cc2290c93584073598ebd3cd7430b82eafccd6
              • Opcode Fuzzy Hash: 3fe2e305de9013dcc89e9ee1b2bd8bbec9cb9410153043054f3f8f5157f3513f
              • Instruction Fuzzy Hash: 3C715D71A0014A9FDB01DFA9D984FAEB7F8BF68304F15406AE905E7261E634EE01CB61
              Function 0142A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
              Download Yara Rule
              Strings
              • LdrResSearchResource Enter, xrefs: 0142AA13
              • LdrResSearchResource Exit, xrefs: 0142AA25
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
              • API String ID: 0-4066393604
              • Opcode ID: 8b606ebdf7109172e299fc24f6cd3d31430e5e5bef0779268c98f813edbd9153
              • Instruction ID: 1358b60279c4f83713d98dcefb614c42d9581a7f9bd91e2b5f3cc66f6fca98a2
              • Opcode Fuzzy Hash: 8b606ebdf7109172e299fc24f6cd3d31430e5e5bef0779268c98f813edbd9153
              • Instruction Fuzzy Hash: B4E17171E002299FEF21DE99C984BAEBBB9BF14710F64042BEE01E7661D774D981CB50
              Function 014EA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: `$`
              • API String ID: 0-197956300
              • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
              • Instruction ID: cb1a066bc26226a4c3ef6c74aa06d1d655beae4ca5449369c74f2d7ce116cabe
              • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
              • Instruction Fuzzy Hash: 56C1D4312043429BEB24CF29C849B6BBBE5BFD4319F284A2EF695C72A0D774D505CB41
              Function 0149E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID: Legacy$UEFI
              • API String ID: 2994545307-634100481
              • Opcode ID: b39bc9f85a1a4b70f8933ea0e287b526f7cdf709516e74570f30f1cc191b1e3c
              • Instruction ID: d7fe28a52b6b5c631a6bc60d6ab0d6dd86dae9cebae2cad21540dfdfba2655dd
              • Opcode Fuzzy Hash: b39bc9f85a1a4b70f8933ea0e287b526f7cdf709516e74570f30f1cc191b1e3c
              • Instruction Fuzzy Hash: 47617B71E002199FDF24DFA9C840BAEBBB9FB58704F14406EE649EB2A1D731E941CB50
              Function 014C43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: @$MUI
              • API String ID: 0-17815947
              • Opcode ID: 7ac3e111d47ed178708d5fa3fa80db8d7ad1aa49c19e47fa0c596114a3d789b8
              • Instruction ID: 82860796b2f95f08e589d2cdf99408319a84ae45d11dd3156d6a94b8fb02b69a
              • Opcode Fuzzy Hash: 7ac3e111d47ed178708d5fa3fa80db8d7ad1aa49c19e47fa0c596114a3d789b8
              • Instruction Fuzzy Hash: 26516B71E0021DAFDB11DFA9CD90EEFBBBCEB54B54F14052AE601B72A0D6309A05CB60
              Function 014204E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
              Download Yara Rule
              Strings
              • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0142063D
              • kLsE, xrefs: 01420540
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
              • API String ID: 0-2547482624
              • Opcode ID: 72fa7abc147dc3df11efd4359ca0b7472af401b5675ba717e3f76bc2fda08e81
              • Instruction ID: 0eeb18fb6b2bad7310ca3bfe2371553854e2bc43352abd17886450c000d7311a
              • Opcode Fuzzy Hash: 72fa7abc147dc3df11efd4359ca0b7472af401b5675ba717e3f76bc2fda08e81
              • Instruction Fuzzy Hash: E051AB716047528BD735EF29C4446A7BBE4AF84304F50883FFAAA87361E770E585CB92
              Function 0142A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
              Download Yara Rule
              Strings
              • RtlpResUltimateFallbackInfo Exit, xrefs: 0142A309
              • RtlpResUltimateFallbackInfo Enter, xrefs: 0142A2FB
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
              • API String ID: 0-2876891731
              • Opcode ID: 1485ee92002bd4203a6bb7d313c12182f22d27e1415c05706da42885105d2854
              • Instruction ID: 677314143fa23870b3c0fc1da75bcd396afa4ed0e1286af682a3c70682b8184c
              • Opcode Fuzzy Hash: 1485ee92002bd4203a6bb7d313c12182f22d27e1415c05706da42885105d2854
              • Instruction Fuzzy Hash: DE419A30A01665DBEB22DF59C844B6E7BB4EF94700F2440AAED00DB7B2E2B5D981CB50
              Function 0145A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID: Cleanup Group$Threadpool!
              • API String ID: 2994545307-4008356553
              • Opcode ID: 4e20f59309abb7a156f13051ff64c86d686eebe329960cb811de16ee4811f54c
              • Instruction ID: 9539bb24e1101e5f10b9ebccd43023d7568aa66650b4f004f1fa44d7c0b069e6
              • Opcode Fuzzy Hash: 4e20f59309abb7a156f13051ff64c86d686eebe329960cb811de16ee4811f54c
              • Instruction Fuzzy Hash: 3E01ADB2240700AFD351DF24CD45B2677E8E794719F058A3EAA9CCB1A1E374D804CB56
              Function 0142C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: MUI
              • API String ID: 0-1339004836
              • Opcode ID: 75ef14fd7f42459976b730f2ac29f12d76ba0847a1b9b53ec736dcafbbbc5d6d
              • Instruction ID: 1b2ee79bac08d5f8a8eeda43a15cac01345d83e7c360b49e1f5d72e6bf3024c2
              • Opcode Fuzzy Hash: 75ef14fd7f42459976b730f2ac29f12d76ba0847a1b9b53ec736dcafbbbc5d6d
              • Instruction Fuzzy Hash: 7A825075E002299FDB25CFA9C880BEEBBB1BF48310F54816AD919AB361D7709D81CF50
              Function 014A6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID: 0-3916222277
              • Opcode ID: c3b3f0b59409fc6cefcbc39eb8c81ad78dcf15ccc2cac7af16b155c351ebb1df
              • Instruction ID: 1a070f95e4c142b3d32873ee567e2059ec621fc3888f9aafccd2e90ae939cd77
              • Opcode Fuzzy Hash: c3b3f0b59409fc6cefcbc39eb8c81ad78dcf15ccc2cac7af16b155c351ebb1df
              • Instruction Fuzzy Hash: 5E918771900219AFEB21DF95DD85FAF7BB8EF68B50F55401AF600AB1A0D774AD00CB60
              Function 014CE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID: 0-3916222277
              • Opcode ID: 3754c7dc9c9f6b34e2dab115dcf106deedd32f8a5746c61d92c48ab513f16948
              • Instruction ID: 733ebc06afdbd0811367ef3954c19660d4c5669c87117b91bc58ca3eb409f1c5
              • Opcode Fuzzy Hash: 3754c7dc9c9f6b34e2dab115dcf106deedd32f8a5746c61d92c48ab513f16948
              • Instruction Fuzzy Hash: 9E918076900605ABDB62AFA6DC44FAFBF7AEF95B50F10001EF501A7271DB74A902CB50
              Function 0145A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: GlobalTags
              • API String ID: 0-1106856819
              • Opcode ID: 152b1da8774bd2f34773fa8ba6696e33629551170a1d3e542e3db4615507ddf9
              • Instruction ID: e3e4775dc36cdb48fa8d9b01747aab1acaa92dd3fac50fced3d3a42e8bb8a0a2
              • Opcode Fuzzy Hash: 152b1da8774bd2f34773fa8ba6696e33629551170a1d3e542e3db4615507ddf9
              • Instruction Fuzzy Hash: CE716DB5E0120A9FDF28CF9DD590AAEBBB1BF58710F15816FE905AB361E7308841CB50
              Function 014C4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: .mui
              • API String ID: 0-1199573805
              • Opcode ID: 7860167e2f1fe3d14304b3c94a20a7ba7689c1241fa87f5b0e6176fd07c6b825
              • Instruction ID: 4d34663643234b8ef876a5992279c2b2249ad1403553a448b5e8150f69a7c169
              • Opcode Fuzzy Hash: 7860167e2f1fe3d14304b3c94a20a7ba7689c1241fa87f5b0e6176fd07c6b825
              • Instruction Fuzzy Hash: 1551A476D00226DBDF50DF99D950AAEBBB4AF14E10F09412FEA11B7360D7359901CBA0
              Function 0143E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: EXT-
              • API String ID: 0-1948896318
              • Opcode ID: df41af4d690b5c09fa92b3bbaa12551546e3ed33c731aa1fd481cffc3c33d1bb
              • Instruction ID: d39fc7003f6a1714b74bd27d18b06b1aab20f0c96fb1fc64de9c7a1b11eac6c2
              • Opcode Fuzzy Hash: df41af4d690b5c09fa92b3bbaa12551546e3ed33c731aa1fd481cffc3c33d1bb
              • Instruction Fuzzy Hash: B741A07250A3429BD721DA76C840B6BB7E8AFDC718F44092FF684E72A0E774D9058793
              Function 0149C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: BinaryHash
              • API String ID: 0-2202222882
              • Opcode ID: b3a283750c384760051c8a2dce2124237a784d9ad66d8c2265933693062ee26c
              • Instruction ID: 5543ad128b549ebb945f9afb5001e2deb2afa026e19a91cf067836b07004c3d0
              • Opcode Fuzzy Hash: b3a283750c384760051c8a2dce2124237a784d9ad66d8c2265933693062ee26c
              • Instruction Fuzzy Hash: 7D4146B1D0012DAADF21DB51CC84FDEBB7CAB54718F0045EAE608AB150DB709E498FA5
              Function 014B6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: #
              • API String ID: 0-1885708031
              • Opcode ID: fc7bab727f906a80a69c6feceb861c7e9065585ee38e9c647cd54f31d9add0c8
              • Instruction ID: 60c9bda3f12b89c6b645fe7d47cd88f3864c109f97f9871da51bd0d0e93cfcc7
              • Opcode Fuzzy Hash: fc7bab727f906a80a69c6feceb861c7e9065585ee38e9c647cd54f31d9add0c8
              • Instruction Fuzzy Hash: F0311631A007199BEB32DB69C890BEE7BB8DF55704F16402EE950AB2A2D775DC05CB60
              Function 0149CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: BinaryName
              • API String ID: 0-215506332
              • Opcode ID: fa631a78cd87b0022ded1c2997b553975ce4c17bd20c90e089c235ea71b06249
              • Instruction ID: 1aeff1b6e65b8094cfcafde2a0e8cb97130429af7ac336e100929ed7fcc0b6dd
              • Opcode Fuzzy Hash: fa631a78cd87b0022ded1c2997b553975ce4c17bd20c90e089c235ea71b06249
              • Instruction Fuzzy Hash: F631E13690051AAFEF16DB59D895E7FBF74EB90760F01412AE905AB2A0D7309E04DBE0
              Function 014A892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
              Download Yara Rule
              Strings
              • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 014A895E
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
              • API String ID: 0-702105204
              • Opcode ID: 5f7c4cf10e7be55064e67f9979ef97c891c532aba09718184a0afd24827bcd7d
              • Instruction ID: 70d13e965de468c60fcb8482ab2a9fc4188d1edc9d178b1d6f61f4f738f9edb2
              • Opcode Fuzzy Hash: 5f7c4cf10e7be55064e67f9979ef97c891c532aba09718184a0afd24827bcd7d
              • Instruction Fuzzy Hash: 3E0147322102029BF6226B1AC884A977F69FFF6655BC6002FF6410A275CB306C86C792
              Function 014C2000 Relevance: .8, Instructions: 757COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0ad9e1e79cb0a46e979e0daa5b87e6998128cd73893628d562cc10d62fa88dae
              • Instruction ID: 9ee7d3b654e2787c709558536d6a0f7dc1b604b5c4f2e68f0d085e464aa861e5
              • Opcode Fuzzy Hash: 0ad9e1e79cb0a46e979e0daa5b87e6998128cd73893628d562cc10d62fa88dae
              • Instruction Fuzzy Hash: 8E42A3796043419BD765CF69C890E6BBBE5AB98B00F08092FFA8697370D6F0D845CB52
              Function 014B8158 Relevance: .6, Instructions: 617COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1fdefaa12979b1d3a148834dceacf98af05b1a0bc5a84ac9c368bed0fbae2608
              • Instruction ID: f43157d889328e832e83fd7570640688f42a4e8f31c98ad93b60bccc59b4a8d3
              • Opcode Fuzzy Hash: 1fdefaa12979b1d3a148834dceacf98af05b1a0bc5a84ac9c368bed0fbae2608
              • Instruction Fuzzy Hash: 07425275A0021A8FEB25CF69C881BEEBBF9BF54300F14819AE549EB351D7349985CF60
              Function 01432840 Relevance: .6, Instructions: 605COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f449394c1f34c1ff5781971955570e41a396a38a2eab5df75967c2e3ac059ad8
              • Instruction ID: adc37ff4065a90e4692e88a24add3b77eaa4d5e1d1a1f00b3abd3bf7a3e91ac3
              • Opcode Fuzzy Hash: f449394c1f34c1ff5781971955570e41a396a38a2eab5df75967c2e3ac059ad8
              • Instruction Fuzzy Hash: 91320E70A007558FEB65EF69C844BBEBBF2BF84704F25412ED44A9B3A4D774A802CB50
              Function 014CA118 Relevance: .6, Instructions: 591COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 85105b51c0591b042adff3455619da1ea6c849b749e42297dc36ffafa3dc0d6e
              • Instruction ID: a243472c79593cfba11edd7343f1792c74017f7ba5afa4c7b593ac52ad4550a3
              • Opcode Fuzzy Hash: 85105b51c0591b042adff3455619da1ea6c849b749e42297dc36ffafa3dc0d6e
              • Instruction Fuzzy Hash: 3C22BD782046698AEBA5CF29C054372BBF1AF44B04F28845FD9868F3A6F735D452DB60
              Function 01426A50 Relevance: .5, Instructions: 548COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8c87376cf0161bf9b5c772e9b459884438eb538a8bbf56c8ed5887d1c7f06de3
              • Instruction ID: df7c6622dc4e8c952c1de15c344287fe7e0143f42de1e552d0512af200d222c0
              • Opcode Fuzzy Hash: 8c87376cf0161bf9b5c772e9b459884438eb538a8bbf56c8ed5887d1c7f06de3
              • Instruction Fuzzy Hash: B5329C70A00225CFDB25DF69C480BAEBBF1FF48310F55456BE955AB3A1D730A882CB50
              Function 01444A35 Relevance: .4, Instructions: 423COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
              • Instruction ID: 8268117823e53cb46fae859c5ca18d309f4875e9ab6a111a3de1b356307e8dad
              • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
              • Instruction Fuzzy Hash: 68F15071E0021A9FEF15DF99C580BAEBBF5BF48710F09812AE945AB364DB74D842CB50
              Function 014B892B Relevance: .4, Instructions: 386COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a56f6bf04eecde620889eea61cd67d0a693037482d6a11b4c85e311631535922
              • Instruction ID: 6bb2fe7c51cbb242c4135dd8cfe4e3b7466e34c7ea87853a0018149f1ee867c1
              • Opcode Fuzzy Hash: a56f6bf04eecde620889eea61cd67d0a693037482d6a11b4c85e311631535922
              • Instruction Fuzzy Hash: 33D1E071A0060B8BDF15CF69C881AFFB7F9AF88304F18816BD955A7251E735E9068B60
              Function 014265D0 Relevance: .4, Instructions: 383COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3f8df15d2fd9e875df3fcd70706625e9198b82bebad04fedcf61aede77788c60
              • Instruction ID: be3380699d87574a1d4a9de0ab05f7b3ab846a2bf0bd52be4f9b4c334c7cb2f3
              • Opcode Fuzzy Hash: 3f8df15d2fd9e875df3fcd70706625e9198b82bebad04fedcf61aede77788c60
              • Instruction Fuzzy Hash: 24E1B271609352CFC715CF28C090A6BBBE0FF89304F45896EE99987361DB31E946CB91
              Function 01418397 Relevance: .4, Instructions: 380COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bd5ccc479aece69a62c1d82b6c0dd72da2ec8c1134f0123b4bd62318c7f8c6ee
              • Instruction ID: ff61af58dc043b32d2f7c169481225b9ce073db214e163b70acf6a0d19a6bf0d
              • Opcode Fuzzy Hash: bd5ccc479aece69a62c1d82b6c0dd72da2ec8c1134f0123b4bd62318c7f8c6ee
              • Instruction Fuzzy Hash: FBD1F171A002079BDB14CF69C880BBBB7A5FF64314F04462FEA16DB2A4EB30D955CB60
              Function 014A8243 Relevance: .3, Instructions: 322COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
              • Instruction ID: 384a0b13611203f3e8b0952ab97a9ba2fe8e58c93aad11980f3d2f153456e35e
              • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
              • Instruction Fuzzy Hash: 14B1B675A00606AFEB24DF55C940EBBBBB5FFA4305F91442EAE42973A0DA30E905CB10
              Function 01430535 Relevance: .3, Instructions: 300COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
              • Instruction ID: b43e4c43482839ea4275f180015af1b36cf890f97c549449399e7d6ef521ee94
              • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
              • Instruction Fuzzy Hash: 19B10871604646AFDB16DB68C850BBFBBF6AF98200F18025BE656DB3A1D730D942CB50
              Function 014283C0 Relevance: .3, Instructions: 281COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d686f3a2f037ab38aac0c39c961fa5a31b2761911578b610ae45547775e238c5
              • Instruction ID: aca3495a3c3f6d4f781c3e3b1930ee7824ac73d98d521d6c14820bf11254c928
              • Opcode Fuzzy Hash: d686f3a2f037ab38aac0c39c961fa5a31b2761911578b610ae45547775e238c5
              • Instruction Fuzzy Hash: 9EC166701083418FE764DF19C484BAFB7E4BF98708F44492EE989873A1E774E949CB92
              Function 0141C427 Relevance: .3, Instructions: 280COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ce4fbd655cb8b83971159a766c17199080441a61b62fd8c05369391091a44880
              • Instruction ID: 23de03f0f7d36526070575b52fd61b7d5fb42654df47a9ec0d57f450b88bcb1d
              • Opcode Fuzzy Hash: ce4fbd655cb8b83971159a766c17199080441a61b62fd8c05369391091a44880
              • Instruction Fuzzy Hash: 33B19270A402658BDB24CF59CC90BAEB3B5EF54700F1485EAD50AE7365EB30DD86CB21
              Function 0144E5E7 Relevance: .3, Instructions: 278COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5612a65e51f153cb84eb22102ff42e69b393bc958706640aeabaa517d7f32057
              • Instruction ID: 5cf982fd2be13364c63af923ff312b34c3453443ccf5187f88c65b1fe0e6c0da
              • Opcode Fuzzy Hash: 5612a65e51f153cb84eb22102ff42e69b393bc958706640aeabaa517d7f32057
              • Instruction Fuzzy Hash: 66A1F731E006159FFB22EF59C848BAEBBA4BB05724F050167EA10BB3B1D7789D45CB91
              Function 01460185 Relevance: .3, Instructions: 276COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3a223a4381575135e6425d78a639324694abd7c5f3cc89090cd8bf7c01b9bf82
              • Instruction ID: d760d726b2646ada2c4ce4ba5b57d56b68a7c74f595d1d526c3873aef44e9eb7
              • Opcode Fuzzy Hash: 3a223a4381575135e6425d78a639324694abd7c5f3cc89090cd8bf7c01b9bf82
              • Instruction Fuzzy Hash: 04A1B270B016169BDB25CF69C590BAAB7B9FF54318F00402FEA05973A1EB34E812CB91
              Function 014F4500 Relevance: .3, Instructions: 275COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 85859eb59cdf7a85a22f9c6e715e3728d6c2f771dc6d48110fe28836dd0e5e02
              • Instruction ID: 795e0cf6e45645426e9e0b54d1725bed9cd8c4d9b6bf068d080e0de4370fe91c
              • Opcode Fuzzy Hash: 85859eb59cdf7a85a22f9c6e715e3728d6c2f771dc6d48110fe28836dd0e5e02
              • Instruction Fuzzy Hash: 9BA1CC72A04212AFD712DF18C980B6BB7E9FF58714F09092EE6499B761CB74ED01CB91
              Function 014F2B57 Relevance: .3, Instructions: 266COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
              • Instruction ID: 7b53f2b33b6f1de5a6f69ab721f11b4f10d03e5a7748466ae45ce22e3e02921c
              • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
              • Instruction Fuzzy Hash: 95B12871E0061ADFDB15CFA9C880AAEBBB5FF48310F14812EEA14A7360D770E941CB90
              Function 014A60E0 Relevance: .3, Instructions: 264COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 41ad645ef7890b8e96f4b592202e27dd1b6154baab126263b06dbb4595a11bdd
              • Instruction ID: dfc146b99fffea5599a5aab798e895c0ccc53260ccf901b1e5b395553f18e047
              • Opcode Fuzzy Hash: 41ad645ef7890b8e96f4b592202e27dd1b6154baab126263b06dbb4595a11bdd
              • Instruction Fuzzy Hash: AD91E872D00216AFDB11DF69D890B7EBFB5AF58310F5B405AE610AB360D734D9018BA0
              Function 0143E3F0 Relevance: .3, Instructions: 261COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2d27cc8e6c8805e1f59434eb6ff9a1a8d5833272c23b1cae99b938a1e1bd70c9
              • Instruction ID: c84e9dccc9f8fe3511b794a9fdcc8e71f0dad9e1c5aa7bcad3d1abc3e9855f50
              • Opcode Fuzzy Hash: 2d27cc8e6c8805e1f59434eb6ff9a1a8d5833272c23b1cae99b938a1e1bd70c9
              • Instruction Fuzzy Hash: 11910431A02616DBEB25EB59C444B7EBBA1EFEC714F05406BE905AB3A0E734D902CB51
              Function 01476ACC Relevance: .2, Instructions: 226COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 611a4beabbb67ce1357a89dff08eb0af9978f516d46fe6627640e112e5822bcf
              • Instruction ID: ff6e63ab809014f49d6d1142a6a35ac5f54d5f0dc638ba66fcbe58b493a6fd8b
              • Opcode Fuzzy Hash: 611a4beabbb67ce1357a89dff08eb0af9978f516d46fe6627640e112e5822bcf
              • Instruction Fuzzy Hash: 2A8171B1A006259FEB18CF69D940AFEBBFAFB48700F05852EE455E7650E334D941CB94
              Function 014EAB40 Relevance: .2, Instructions: 222COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
              • Instruction ID: 271d877023298e770832c92a7b0255ca11ce5079a5ab3f16da3c1ba978b110b3
              • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
              • Instruction Fuzzy Hash: 91819431A002059FDF19CF99C488AAEBBF2FF94311F24856ED9169B364D774D912CB40
              Function 0145E284 Relevance: .2, Instructions: 212COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d35f9af75da7e431705f40a239584bd2f71f048154d0c3f2861d5533b4e88515
              • Instruction ID: 7d5c9cedc523dd3fc931f1f107afc815c8e3b8da2a728453c3080bf35a98b880
              • Opcode Fuzzy Hash: d35f9af75da7e431705f40a239584bd2f71f048154d0c3f2861d5533b4e88515
              • Instruction Fuzzy Hash: F7817D71A00609EFDB65CFA9C880AEEFBBAFF48354F10442EE555A7221D770AD05CB60
              Function 0143C640 Relevance: .2, Instructions: 206COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6b6f0e208d3f3bd152c630f5c5f39a8c3ce5f07291c7a1a62286a31ab05e22dd
              • Instruction ID: 773f25abdb69e9edbc0774b04c7a5a4561c683a3195a9656527b1c143c6f1f9c
              • Opcode Fuzzy Hash: 6b6f0e208d3f3bd152c630f5c5f39a8c3ce5f07291c7a1a62286a31ab05e22dd
              • Instruction Fuzzy Hash: 5071BB75D0062ADBCB269F59C9907BEBBF1FF98710F14411BE952AB360D3709806CBA0
              Function 014D47A0 Relevance: .2, Instructions: 202COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0800611e5125894e8e13f2479b1fc7d930987e8e105e4678e999d4017af6a6b6
              • Instruction ID: 7130b95d5b7a50ea85d431e16bf7cbd69c626b9482265684828d0004cba83076
              • Opcode Fuzzy Hash: 0800611e5125894e8e13f2479b1fc7d930987e8e105e4678e999d4017af6a6b6
              • Instruction Fuzzy Hash: 6F71A070A01205EFDF21CF99D964A9ABBF8FF91300B0A415FE610AB768C7B18944DF65
              Function 0143260B Relevance: .2, Instructions: 201COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d617634ee1c33d5243c8ef709ea79af57d29bb0fa4d86456651b896c55965078
              • Instruction ID: 7e7ef2b06cd9e81ef427c83ac9e8a0de341d5833e57c78c76539c70befc9ff7e
              • Opcode Fuzzy Hash: d617634ee1c33d5243c8ef709ea79af57d29bb0fa4d86456651b896c55965078
              • Instruction Fuzzy Hash: 5871DE756046429FD312DF29C480B2AB7E5FFD8310F0585ABE899CB362DBB4D846CB91
              Function 014A035C Relevance: .2, Instructions: 198COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
              • Instruction ID: 6f0add81e3ae3600b79122699f5caa60d78a0d50abbb38837cb3e0c1b4e922a3
              • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
              • Instruction Fuzzy Hash: 21717171D00619AFDB10DFAAC984EDEBBB9FFA8700F51456AE505E7260DB34EA01CB50
              Function 014B62A0 Relevance: .2, Instructions: 198COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8ab2f245ded64e8c726dbcaa5220feac9d6f6917afda6e6e4f9f7e735873e516
              • Instruction ID: fcc564156a1969303f5d3924874e7f3feb2f0527f9e40a24ef68425b34d502dd
              • Opcode Fuzzy Hash: 8ab2f245ded64e8c726dbcaa5220feac9d6f6917afda6e6e4f9f7e735873e516
              • Instruction Fuzzy Hash: 8671F432200B01AFE732DF19C884F96BBA6EF54724F16452EE6158B2B0D779E945CB60
              Function 014F8324 Relevance: .2, Instructions: 192COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0e6d9d9419a3e8f394717f203bca26ec165a8ee2a537b281ea815fdd6c3c8404
              • Instruction ID: 5d354b9a72d601d9b5258967c91795eec6f84999cd79dbbf6b1be00d05d4efc5
              • Opcode Fuzzy Hash: 0e6d9d9419a3e8f394717f203bca26ec165a8ee2a537b281ea815fdd6c3c8404
              • Instruction Fuzzy Hash: CE711A71E0020ABFDF15DF95C841FEEBBB9FB14354F10412EE610AA2A0D775AA05CB91
              Function 014DA250 Relevance: .2, Instructions: 184COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aebd29c3291db53cdb9fe38daa4aee9ef496ed2706f21516dfc219228e944a4d
              • Instruction ID: a5ada792be4c52ff8b4b0fa880e611b0327d9244f9115d23896152faadddf4b6
              • Opcode Fuzzy Hash: aebd29c3291db53cdb9fe38daa4aee9ef496ed2706f21516dfc219228e944a4d
              • Instruction Fuzzy Hash: F451DF72504612AFDB12DE68C864E5BB7E8EBD9754F00093EFA40DB220D774ED05C7A2
              Function 014C8350 Relevance: .2, Instructions: 161COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1f0b707f3a5085ddaa4567a87b53834f56b1324093e746064a9325fd8ef5a05e
              • Instruction ID: 3685a7f05acdc40a060e952add118844f2225912ffc4fcb4577cf5fe1972089b
              • Opcode Fuzzy Hash: 1f0b707f3a5085ddaa4567a87b53834f56b1324093e746064a9325fd8ef5a05e
              • Instruction Fuzzy Hash: 0E51CE74900706AFD761CF5AC884AABFBF8BFA4B10F10462FD292976B0D7B0A541CB54
              Function 0145E443 Relevance: .2, Instructions: 158COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 710169d2d7ee39cab4aee769a2c9f0630bd2f1e237eed8d46bb5ad5605b0c53b
              • Instruction ID: 76ef97e18d045e44853e82df7094603ccd9924cf7af82bb3dfd70f1e524627eb
              • Opcode Fuzzy Hash: 710169d2d7ee39cab4aee769a2c9f0630bd2f1e237eed8d46bb5ad5605b0c53b
              • Instruction Fuzzy Hash: 8A516C71200A05EFDB22DFAAC980E6AB7B9FF68754F40046FE95197271D734EA41CB50
              Function 014C4180 Relevance: .2, Instructions: 156COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 400d3faa13a6759ae2cc7888bbd86f984c60f6589252a3d495041f1256e57936
              • Instruction ID: a3f9bfbf6566863c58070d0dbba79955799c906ecd40cc8efb7bf56d44f42a17
              • Opcode Fuzzy Hash: 400d3faa13a6759ae2cc7888bbd86f984c60f6589252a3d495041f1256e57936
              • Instruction Fuzzy Hash: 89517A756083028FD790DF2AC991A6BBBE5BFD8A18F48492EF585C7360D730D905CB52
              Function 014445B1 Relevance: .2, Instructions: 156COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
              • Instruction ID: 05893762fbaea78ffd5f1d6250403e44634b9e0fb72fef99ba42ab7f607c385e
              • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
              • Instruction Fuzzy Hash: E0518D71E0021AABEF15DF98C440BEEBBB5AF45354F08406AEA05AB360D734DD45CBA0
              Function 014AE9E0 Relevance: .2, Instructions: 154COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
              • Instruction ID: de3716bd0e5e03f8cd590fa8af3ecf81d6c8a77001841bb98299c0aeeee43ceb
              • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
              • Instruction Fuzzy Hash: 7C51B73190021AEFDF11DB95C894BAFBB78AB24314F52465BD622772B0D7709D41C7A0
              Function 014E8B28 Relevance: .2, Instructions: 152COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a0157577bb64443ad05fa2f3d7aea14886dd5bae879b577a16d53012c05a70b7
              • Instruction ID: 7690b450c72c738e481df2a392eef58d651b4bc2487ae5d3aa49d095d892d0ec
              • Opcode Fuzzy Hash: a0157577bb64443ad05fa2f3d7aea14886dd5bae879b577a16d53012c05a70b7
              • Instruction Fuzzy Hash: C941E6707016039FEE25DB2DC99CB3BBBDAEF91222F04461AF9558B3A1D734D811C690
              Function 014ACBF0 Relevance: .1, Instructions: 148COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 424e832c75259a15a9ee2e22a7e3d61b28f5066a6e3aa5ff001637394e4ee298
              • Instruction ID: 2377aeb4b44af13e198ece6e040c23fd4d8060c78af7d838c35c47a344c2abdd
              • Opcode Fuzzy Hash: 424e832c75259a15a9ee2e22a7e3d61b28f5066a6e3aa5ff001637394e4ee298
              • Instruction Fuzzy Hash: C7518D71900216DFCB61DFA9C9C09AFBBF9FB68214B92451AD516AB314D770AD02CBD0
              Function 0145A430 Relevance: .1, Instructions: 139COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: baca3b564c1bdf3b752c7fb2e65431d6103ba1f3b61592e87324f2b9acdcb439
              • Instruction ID: 29c1a519d677fd5e3fcecbbb326112186a72335a83ab882ddde3b8b9c3eda88c
              • Opcode Fuzzy Hash: baca3b564c1bdf3b752c7fb2e65431d6103ba1f3b61592e87324f2b9acdcb439
              • Instruction Fuzzy Hash: B2412E716403029BDF66EF6A9890F6A3B64E76970CF02012FED159F272D7B19C05D790
              Function 014EA9D3 Relevance: .1, Instructions: 139COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
              • Instruction ID: 5d3d1eec8cc8e61d3cb58c7c060096e01c4bdfde9ca74ea9ae1b7f4e12a615c3
              • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
              • Instruction Fuzzy Hash: 76411A716007169FDB25CF19C988A6BB7E9FF94211B15462FE91287750EB30ED09C7D0
              Function 014501F8 Relevance: .1, Instructions: 138COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0159190ec8a45406742aa3e85bff289296c2a3c87b603bfc81154c0cf1df1337
              • Instruction ID: 086b0ae4ffc141b95b57df6c137c8df185ce2ffff8368d4bd65eaed8611f7a4c
              • Opcode Fuzzy Hash: 0159190ec8a45406742aa3e85bff289296c2a3c87b603bfc81154c0cf1df1337
              • Instruction Fuzzy Hash: 9041A93A9002199BDB50DF99C440AEEBBB4AF58710F14826BFD15A7362D7349D42CBA4
              Function 0144EBFC Relevance: .1, Instructions: 138COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d050663956222a86f3947f6406f1b3fc724608668ba6affd6922b214be934f18
              • Instruction ID: 416398e337fb09b764d395975c36d0e97e1228965f53286cd3f58b595f0aec38
              • Opcode Fuzzy Hash: d050663956222a86f3947f6406f1b3fc724608668ba6affd6922b214be934f18
              • Instruction Fuzzy Hash: 1D41E6716043028FE721EF29C880A2BB7E5FF98214F01482FEA57D7761DB75E8498B55
              Function 01462750 Relevance: .1, Instructions: 137COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
              • Instruction ID: b5bf0fa278fe4f8b76c6684a5bc274d0b7e82616b51d787de2e1ed27bbaef121
              • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
              • Instruction Fuzzy Hash: 7E517E75A00215CFCB15CF59C480AAEFBB1FF84710F2881AAD915EB361D770AE42CB90
              Function 01426154 Relevance: .1, Instructions: 133COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 347dc5a723645e59dedc5e75ba355522297e0888c290f7f06f5f18bbc7ebfe9b
              • Instruction ID: 9341e5536894cbcc3bd3cac4ced69abc9dddc1ec8155343d6980511ca709c908
              • Opcode Fuzzy Hash: 347dc5a723645e59dedc5e75ba355522297e0888c290f7f06f5f18bbc7ebfe9b
              • Instruction Fuzzy Hash: 65510870900226DBEB26AF28CC40BA9B7B1FF25314F1542ABD925973E1DB7499C1CF90
              Function 01420BCD Relevance: .1, Instructions: 130COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4e7129b216425a8f01b5f6c30e9f587253278b9c26685229aba02031d6d5f97f
              • Instruction ID: e1fd427e8b1f31559997fbcb1b728a46663a9ca277cfe888fa4ebb07085597f0
              • Opcode Fuzzy Hash: 4e7129b216425a8f01b5f6c30e9f587253278b9c26685229aba02031d6d5f97f
              • Instruction Fuzzy Hash: AF41C271A002299BDB21DF29C940BEA77B8AF59700F4100ABE908AB361D774DE81CB91
              Function 014E866E Relevance: .1, Instructions: 129COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
              • Instruction ID: 8a238c20c994d383c5668967b7e8655a4efe9d36095fec865efddc6b4a0798b8
              • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
              • Instruction Fuzzy Hash: 3B419675B00107ABDF15DFA9CC88AAFBBFAAF94601F14406AE944A7361D670DD11CB50
              Function 01420887 Relevance: .1, Instructions: 128COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: edb0b1db513ad8980d53beb281ba49c2ba303e0230cf38a0a802df9483e736bd
              • Instruction ID: 2bbbe4ee7b271c97f5236cc571187a3461805968ae0d9c060ccae3871ee6e37d
              • Opcode Fuzzy Hash: edb0b1db513ad8980d53beb281ba49c2ba303e0230cf38a0a802df9483e736bd
              • Instruction Fuzzy Hash: 4541B1B16007119FE325CF29C480A23B7F9FF99314B544A6FE55787A60E770E886CB90
              Function 0144A470 Relevance: .1, Instructions: 127COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cfa6bbe05b0a229848395c8ad8c02851ec4b61662f68493760ed8cf14bdab30f
              • Instruction ID: 34b13fd6c932e1694df70cc4660bb79eea68bbb90486d61a94d7123506e0df49
              • Opcode Fuzzy Hash: cfa6bbe05b0a229848395c8ad8c02851ec4b61662f68493760ed8cf14bdab30f
              • Instruction Fuzzy Hash: BA41C432980205CFEB21DF68C554BEE7BB0FB58314F25016BD422BB3A5DB349945DB94
              Function 01428BF0 Relevance: .1, Instructions: 124COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0280301313aa696977fee476fb2e8de8393c7cd8bd41cbd68b781a7a9d5cc3c1
              • Instruction ID: 5ee280d2fd9461dcc8a677eb5512463eb3206580be739d8a5fb948d3ac259861
              • Opcode Fuzzy Hash: 0280301313aa696977fee476fb2e8de8393c7cd8bd41cbd68b781a7a9d5cc3c1
              • Instruction Fuzzy Hash: CC410271900212CBD7259F5AC880A6EBBF1FBA8714F55802FD9219B365C775D886CB90
              Function 01418918 Relevance: .1, Instructions: 123COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cde00edd5a3b1f3fb7cca5e971f07674ef3e207cc66dcc5849eb7721064dfe5a
              • Instruction ID: 85e530bb36896a45b9193e5b68b0da5aa9e3e06c18f13ffe6251cc06228c1c2a
              • Opcode Fuzzy Hash: cde00edd5a3b1f3fb7cca5e971f07674ef3e207cc66dcc5849eb7721064dfe5a
              • Instruction Fuzzy Hash: D64129715187469FE312DF698840AABF6E9EF98B54F40092FF984D7260E730DE058B93
              Function 0141A020 Relevance: .1, Instructions: 122COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
              • Instruction ID: e562bb11a6bd45a022f82027be34d5e35d0bbd89a940423d806f367516dac3bb
              • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
              • Instruction Fuzzy Hash: 0A418A71A01251DBDB21DE2D84607FBBFB1EBA0B54F25806BE945CB368D6338D80CB90
              Function 014209AD Relevance: .1, Instructions: 122COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 153c12d01101ae45583c9393fd5c60a3a3529f0513dbb36b6855e9888eadcc81
              • Instruction ID: c2687beb0b063ccefb8493f12212b92dfded8171ede72cc89f03cf07949c1d37
              • Opcode Fuzzy Hash: 153c12d01101ae45583c9393fd5c60a3a3529f0513dbb36b6855e9888eadcc81
              • Instruction Fuzzy Hash: C4415971601611EFD721DF19C840B66BBF4FF68314FA4866BE449CB361E771E9828B90
              Function 01450710 Relevance: .1, Instructions: 121COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
              • Instruction ID: f18817607a1cae3885bb4fd32f235fd83ada6692f2a427ed5a3843d6dd7686ba
              • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
              • Instruction Fuzzy Hash: 67413975A00605EFDB64CF99C980EAABBF4FF18704B10496EE956D7261D330EA44CF50
              Function 0142262C Relevance: .1, Instructions: 119COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 66cf9739765631d2e49872a8b1648b01a74761b6e8a3f12155b008e2f8068c28
              • Instruction ID: a2269e1d6ff426457d57d596b53d214d4bceaf68d5657af5dd51bafb2959e231
              • Opcode Fuzzy Hash: 66cf9739765631d2e49872a8b1648b01a74761b6e8a3f12155b008e2f8068c28
              • Instruction Fuzzy Hash: A0418D71505711DFC722EF29C940A55B7F1FFA4320F5185AFC41A9B2B1DBB09981CB51
              Function 0145C8F9 Relevance: .1, Instructions: 116COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7fb9755aa26f0d0b0e829d80e11425ded4e6e2f6d635cb16e4315b6d45f1f166
              • Instruction ID: 4ea16118a103ffba5933521cfc5c88003db5b0fcc96ea14a4c9c55112f83b7ca
              • Opcode Fuzzy Hash: 7fb9755aa26f0d0b0e829d80e11425ded4e6e2f6d635cb16e4315b6d45f1f166
              • Instruction Fuzzy Hash: 343158B1A00345DFDB52CF68C480B99BBF4EB19724F2185AED519EB362D3329902CB90
              Function 014A07C3 Relevance: .1, Instructions: 114COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fdeef7d3dc2a4aca7876d8bd8a7036fef32c6e50088dc2ea9bacd989cb264da2
              • Instruction ID: 9fcd56dc880fcc8e245826dd0d7fb8b5ea7d74fcf6d33a7f808b73f33db480c8
              • Opcode Fuzzy Hash: fdeef7d3dc2a4aca7876d8bd8a7036fef32c6e50088dc2ea9bacd989cb264da2
              • Instruction Fuzzy Hash: DB41AC719083019BD721DF29C844B9BBBE8FF98714F414A2EF9A8D72A1D770D905CB92
              Function 014180A0 Relevance: .1, Instructions: 111COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 95b98dd3ff28e031859cdbdf9d2fa6a51d56428bb87ac442a00b84787e4dba2b
              • Instruction ID: 5bfa95e416435d5861c2b84eacedd8fd65e90a0819d9de1d79fd4dfbec58a48f
              • Opcode Fuzzy Hash: 95b98dd3ff28e031859cdbdf9d2fa6a51d56428bb87ac442a00b84787e4dba2b
              • Instruction Fuzzy Hash: 5041F472E046179FCB01DF19C980AA9B7B1FF64760F24822BD815A73A4DB34ED418BD0
              Function 014A05A7 Relevance: .1, Instructions: 111COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 91e35fa663782f019ba40f92606369a40d9779fdb5c262164b066f17404a9db6
              • Instruction ID: 3e2e7fb62ff6d902dbbb3bb8f1b9d2bc73e0a953415e30d11836f59a2c74399d
              • Opcode Fuzzy Hash: 91e35fa663782f019ba40f92606369a40d9779fdb5c262164b066f17404a9db6
              • Instruction Fuzzy Hash: 6C41D3725086419FC320DF29D840A6BB7E9BFE8704F55061EF998877A0E730D914C7A6
              Function 01424859 Relevance: .1, Instructions: 111COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 529b766b5178ef031d566bd44e2a4ea5d05fcdf8eed1873b31997412561e13d8
              • Instruction ID: 80cd05169bce823e4f900e790d9df30dda49b313d2eee7bd1c84c2d3c61b6d29
              • Opcode Fuzzy Hash: 529b766b5178ef031d566bd44e2a4ea5d05fcdf8eed1873b31997412561e13d8
              • Instruction Fuzzy Hash: E341C0313003228BD725DF29D894B2BBBE9EF94360F58442EE6558B3B1DB70D985CB91
              Function 01418B50 Relevance: .1, Instructions: 111COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 93a4046ecebe0ac05a3c9060222fc707cd1acde8ea91b33ea98f17a137050cf1
              • Instruction ID: cb8e3b872fc141376b6ae81dae04b67269fe60ef80d8671c34842f4651ad1155
              • Opcode Fuzzy Hash: 93a4046ecebe0ac05a3c9060222fc707cd1acde8ea91b33ea98f17a137050cf1
              • Instruction Fuzzy Hash: E0419071A01616CFCB14CF6AC98099DBBF1FF99320B20862FD466A7374E7349941CB40
              Function 014302E1 Relevance: .1, Instructions: 106COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
              • Instruction ID: 316951b7ff04eca8ad4d092e92b888a046490d5d002a3add25d50c0aa9314cb6
              • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
              • Instruction Fuzzy Hash: F8312731A04245AFDB229B69CC40B9FBFE8AF68750F04426BF455D7362C7B49885CBA0
              Function 014CE3DB Relevance: .1, Instructions: 105COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3a0f6c8aeb0c5649b34d19e8eeb829f165b4025210de3ed04d00febdc6e52123
              • Instruction ID: 0f507bd14f5aac56734cae0f503a5ea8b7374de74ffb1ae10bbfb88758aa66b6
              • Opcode Fuzzy Hash: 3a0f6c8aeb0c5649b34d19e8eeb829f165b4025210de3ed04d00febdc6e52123
              • Instruction Fuzzy Hash: FD319835740716ABE7229F568C41F6BBAA8AB59F50F10003EF600BB3A1DBB4DC0187A4
              Function 014D4B4B Relevance: .1, Instructions: 104COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1272b69667a41695c94011e572137c651fc7953bf16dab8bbd9a1a8070143930
              • Instruction ID: ce4fecc67feca7fc5791c3c4e0ed7c381c7757cbfc54d8e537995bb587010878
              • Opcode Fuzzy Hash: 1272b69667a41695c94011e572137c651fc7953bf16dab8bbd9a1a8070143930
              • Instruction Fuzzy Hash: 8A31D0322052018FCB22DF1DD8A0E26B7E5FB85760F0A446FE9A58BB61D771E805DF91
              Function 01424260 Relevance: .1, Instructions: 102COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: eff831578098e7c7bf6ea21a19d79c557e75a72dead134bd6cee6b8155ac5ad0
              • Instruction ID: 55d75c56a7e4bf17941e9e931028b2ebe03b77ac47487b53b9a0b58db7aa1059
              • Opcode Fuzzy Hash: eff831578098e7c7bf6ea21a19d79c557e75a72dead134bd6cee6b8155ac5ad0
              • Instruction Fuzzy Hash: FF418F31200B45DFD722DF29C491BDB7BE9EB59754F05482EE6598B360C7B4E848CB50
              Function 014D4BB0 Relevance: .1, Instructions: 101COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2f380427d54890e7ac840c7f2f08ec54296904d28dc3671891d4bef4bc1824df
              • Instruction ID: c173e97fa9c120527d21a26420c74ea4dbd394668fe345e1a8f4e10d81b292e5
              • Opcode Fuzzy Hash: 2f380427d54890e7ac840c7f2f08ec54296904d28dc3671891d4bef4bc1824df
              • Instruction Fuzzy Hash: 0131A3716042018FDB20DF29C890E26B7E5FB84720F0A456EF9559B760D730EC05DB51
              Function 0149EB1D Relevance: .1, Instructions: 100COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d4dc8bb00ba671041075334ae517dd354d9cdc434214009dbdb4b94a83dae030
              • Instruction ID: b9fc6ddb3401854c554097d786d509b15a8b010f0feafaa821b1b5ed14170edd
              • Opcode Fuzzy Hash: d4dc8bb00ba671041075334ae517dd354d9cdc434214009dbdb4b94a83dae030
              • Instruction Fuzzy Hash: C331C4312416C29BFB22DB5DC948B267FD8BB54744F1D04A6AB85AB7F2DB38D841C220
              Function 014E61C3 Relevance: .1, Instructions: 97COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a2eeafefab9f71f406085f0449eae680459c466f34a386d1d71cf09d344b592c
              • Instruction ID: 8cd5b87866c9209ed65100fda55924b30637419205c691163284cb58b854a6b9
              • Opcode Fuzzy Hash: a2eeafefab9f71f406085f0449eae680459c466f34a386d1d71cf09d344b592c
              • Instruction Fuzzy Hash: 3531E475A00116EBDB15EF98CC44BAEB7F9FB58741F46416AE900AB254D770ED00CBA0
              Function 014C483A Relevance: .1, Instructions: 96COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 726c8c2d0743479f2bd8043de06baec142a30732b8ad3c2e62ba33a99040f592
              • Instruction ID: 2c5a148407c2790092a8b8000e31069c459fe123085e236df55bf2f5eb717460
              • Opcode Fuzzy Hash: 726c8c2d0743479f2bd8043de06baec142a30732b8ad3c2e62ba33a99040f592
              • Instruction Fuzzy Hash: 71316776A4012DABCF61DF55DD54BDE7BF9AB98710F1400AAE508A7260CA30DE91CF90
              Function 0144EB20 Relevance: .1, Instructions: 96COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c38cd4d36016f631c96adf868bcaaac919d5ba087e31a0c8099b0f65759d8f5a
              • Instruction ID: 3e4f3fd253e6b5c143634f5d61d927132be435bb2181519d9838a0d4b4656b19
              • Opcode Fuzzy Hash: c38cd4d36016f631c96adf868bcaaac919d5ba087e31a0c8099b0f65759d8f5a
              • Instruction Fuzzy Hash: 4B31C972E00655AFEB21DFA9CC40AAFBBF8FF54750F11442BE516E7260D2749E018BA0
              Function 014E60B8 Relevance: .1, Instructions: 95COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 12737d07548b1cb3f8afaf9623cb565b20675190f6b48aa5d560e06a6ca4da14
              • Instruction ID: 298b2db2cdbbbedcd9605969304d67d67575be1657e349c3d42f53af7894b108
              • Opcode Fuzzy Hash: 12737d07548b1cb3f8afaf9623cb565b20675190f6b48aa5d560e06a6ca4da14
              • Instruction Fuzzy Hash: A831F671640212EBDB13DF9AC854B6FB7F9AFA4315F02006EE505DB362DA70DD018790
              Function 014207AF Relevance: .1, Instructions: 95COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6b3a60412391e5241ed8fa4e9f3fda8937946d22b00a63e839f6d4255a36dea2
              • Instruction ID: 6f7a29c10368985ff245d6db31371383f1fc463a80780d3921f33860012e7a0a
              • Opcode Fuzzy Hash: 6b3a60412391e5241ed8fa4e9f3fda8937946d22b00a63e839f6d4255a36dea2
              • Instruction Fuzzy Hash: 73310876A04722DBC722DE298880D6B7BE5AFE4650F42452FFD55A7330DA70DC4187D1
              Function 01428550 Relevance: .1, Instructions: 94COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ef6366ca9fde3134beacfb3c8ca30bb00fe2a443b86038a15edf8912b9dd9e72
              • Instruction ID: 3e2ddbb070d55e4f42564a58bd1c4c374a949374b2ce950afcd2c8a2d0a5d44f
              • Opcode Fuzzy Hash: ef6366ca9fde3134beacfb3c8ca30bb00fe2a443b86038a15edf8912b9dd9e72
              • Instruction Fuzzy Hash: 2A3181B26053128FE721DF19C840B1BBBE5FB98700F45496EEA8497761D7B0E885CB91
              Function 0145A6C7 Relevance: .1, Instructions: 92COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
              • Instruction ID: 48529a652b115c9afc02a5f713c414e04681b918121414784e927e6bf86f8201
              • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
              • Instruction Fuzzy Hash: 7F312DB2B00B01AFD761CF6ADD41B57BBF8BB18650F14052EA99AC7761E630E900CB60
              Function 014CEBD0 Relevance: .1, Instructions: 91COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e8bad1134d3ce93f144d5b6cebeeb6eba4438c2e35702770e24588776268c9e6
              • Instruction ID: 4fddbf608da20555c2e1130821a5d4ef70216041a6707510b7397dc67c3abc7f
              • Opcode Fuzzy Hash: e8bad1134d3ce93f144d5b6cebeeb6eba4438c2e35702770e24588776268c9e6
              • Instruction Fuzzy Hash: C131CD75509301CFC712DF1AC54081ABFF1FF99A18F4449AEE488AB361D330DA45CB92
              Function 0144438F Relevance: .1, Instructions: 89COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fffdca62f76573740a371e793a368fd2e0a219efb8c18cd00395b0f66c7de350
              • Instruction ID: a8d1edf2703930743d42f97ee739f3a9716d562f46eaf70fb3ba2ffa1aa1ef1d
              • Opcode Fuzzy Hash: fffdca62f76573740a371e793a368fd2e0a219efb8c18cd00395b0f66c7de350
              • Instruction Fuzzy Hash: 8231F432B002059FE720EFA9C981B6EBBF9EB94304F04843BD515D7260D730D946CB91
              Function 0141CB7E Relevance: .1, Instructions: 89COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
              • Instruction ID: 27c33c7082fd01f3215f1356e5e03fe13ac9ce4f3a6cf22ba6b0cc1926220244
              • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
              • Instruction Fuzzy Hash: 06210436E4125AAADB10DFB98841BEFBBB5AF54740F198037AE15E7360E270CD0187A0
              Function 0141C156 Relevance: .1, Instructions: 88COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d98e9156f7790f0fe0fdb4ec18f6c90e91fe884f847eab08caa1e52dcec93266
              • Instruction ID: 068ed8555ee1964eb70fe27ebbdf9e3dc052e4e335fb15a693e30879fae9cd39
              • Opcode Fuzzy Hash: d98e9156f7790f0fe0fdb4ec18f6c90e91fe884f847eab08caa1e52dcec93266
              • Instruction Fuzzy Hash: 6C3170B19002118BD731AF58CC40BF9B7B4EF94314F44816FD94A9F3A6DA74D986CB90
              Function 014DC3CD Relevance: .1, Instructions: 88COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
              • Instruction ID: 20a675dc2303af720d328645cef3d8a71ba94292ad3dd3737c0e95a17f70edc5
              • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
              • Instruction Fuzzy Hash: 9D214F36600652B7CF15AB968C50EBBBBB5EF60710F40802FFA958B6B1E634D944C360
              Function 0141E420 Relevance: .1, Instructions: 88COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3e03b2163cd6908561d5d08ac9dedd2540df18771d70edace84f27ee89198597
              • Instruction ID: 375f66ab77db343a3abbd0d7b31115485ed69d645f5c8f4e73110eaae912058d
              • Opcode Fuzzy Hash: 3e03b2163cd6908561d5d08ac9dedd2540df18771d70edace84f27ee89198597
              • Instruction Fuzzy Hash: ED31FC35A4011C9BDB32DF19CC41FEEB7B9EB25750F0101A6EA45B72A0D6749E818F90
              Function 01454588 Relevance: .1, Instructions: 87COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
              • Instruction ID: 987bbf65226fe52c0ce9b8dfed6489fbd43bff627c1869901bde0b03d6c3fbe1
              • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
              • Instruction Fuzzy Hash: EA21B435A00609EFCB50CF59C580A8EBBF5FF58314F54806AEE199F252E674DA418B60
              Function 014544B0 Relevance: .1, Instructions: 87COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0585018020b518b6eaa8cf9e622f740f6d17bd5dc0d17d02532a793d0030dcdb
              • Instruction ID: 018da78e54f9b2f59c1ee09f82a13e6b991a13af454dfa7d6b62d2d50ce965a9
              • Opcode Fuzzy Hash: 0585018020b518b6eaa8cf9e622f740f6d17bd5dc0d17d02532a793d0030dcdb
              • Instruction Fuzzy Hash: D221D1726047099BCB22DF19C840B6B77E4FB8C764F05451AFE549F252E730E9418BA2
              Function 0141E388 Relevance: .1, Instructions: 86COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
              • Instruction ID: b56ffa5ffa53794e5e2805bf727b96d4cfb00935f229263d7d0a23690f7def00
              • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
              • Instruction Fuzzy Hash: 2A318D35600604AFD721CF69C884F6AB7B9EF85354F1445AAE916DB2A5E730ED02CB50
              Function 0149E609 Relevance: .1, Instructions: 86COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5d760d5bd48a9bcea41bf2ad2f7043e05ab677cfa82135ba3d90ab469914fe83
              • Instruction ID: 07114813b742ac782057712327c981cdf1ee6616004c7267aad02837c0f0cb8b
              • Opcode Fuzzy Hash: 5d760d5bd48a9bcea41bf2ad2f7043e05ab677cfa82135ba3d90ab469914fe83
              • Instruction Fuzzy Hash: D7318B75A00206DFCF15CF1CC8889AEBBB5FF84304B55855AE809AB3A1E771EE51CB90
              Function 014A06F1 Relevance: .1, Instructions: 79COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f7455a23528249e17f7322371cf8f0d0b313f20b4a7dc352ab1949fba5a902aa
              • Instruction ID: 0dc267e3cf875b4460abed83608c8185a9039ea87e4ac441c32d89d32570b4fe
              • Opcode Fuzzy Hash: f7455a23528249e17f7322371cf8f0d0b313f20b4a7dc352ab1949fba5a902aa
              • Instruction Fuzzy Hash: B321B1759002299BCF21DF59C881ABEBBF8FF58740B51006AF541AB360D738AD42CBA1
              Function 014A019F Relevance: .1, Instructions: 78COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e5faff1db44c0d1ee8b2323206ab8e32967ee3ef22b3d34414cd4751dcdeecdf
              • Instruction ID: 4b0a787d8333504e1c16f77ba9068403ef044cb98d973b507b76e9925e427b39
              • Opcode Fuzzy Hash: e5faff1db44c0d1ee8b2323206ab8e32967ee3ef22b3d34414cd4751dcdeecdf
              • Instruction Fuzzy Hash: C721A972600645AFD715DF69D840A6AB7A8FFA8744F14006AF904DB7A0E638ED00CBA8
              Function 014A0283 Relevance: .1, Instructions: 74COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8626ed447ab6054a44bdfdac47faebe3184c33545ca0b672f19972f75a1f9bd3
              • Instruction ID: 40c695233eca7ab6902cd252ff59f66f72cd47a124c457e97af01d72d014b642
              • Opcode Fuzzy Hash: 8626ed447ab6054a44bdfdac47faebe3184c33545ca0b672f19972f75a1f9bd3
              • Instruction Fuzzy Hash: 1121FF729043469FE311EF5AD848B6BBBDCAFB5240F09045BB980C7271D734D909C7A2
              Function 01442835 Relevance: .1, Instructions: 73COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 825a644c14364e52fb4e4d9e182f4749d0300113027dcb9c9470598a1e28874a
              • Instruction ID: 855c9aa3d1b9ad6c061adf57f726d8aa86dbc5c7d5e009e8eedf3f2fd53fd1a8
              • Opcode Fuzzy Hash: 825a644c14364e52fb4e4d9e182f4749d0300113027dcb9c9470598a1e28874a
              • Instruction Fuzzy Hash: 8821F8316056819BF322AA2D9C08F197BD5AF51760F290367F920DB7F2D7B88843C240
              Function 0145A30B Relevance: .1, Instructions: 70COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 48e3a433488fac581c8ff1a1bf572fb5667088e1b329d74fac5ce2c707cae38a
              • Instruction ID: e1fb00e56740dadd6842a9e712fa5c7c0626fa5ee266cd0cadab20ecd8a10899
              • Opcode Fuzzy Hash: 48e3a433488fac581c8ff1a1bf572fb5667088e1b329d74fac5ce2c707cae38a
              • Instruction Fuzzy Hash: C021AC752006019FCB25DF29C801B4677F5BF58718F24846DA909CB762E775E842CB94
              Function 014DA49A Relevance: .1, Instructions: 70COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f59ae52e62048cc907487e402464649707ad756cc9e86f48fa217bbcada6a201
              • Instruction ID: 35e159901e112a729de2305ccc9ba621ec0aae3882006c17618c1e6139ae025e
              • Opcode Fuzzy Hash: f59ae52e62048cc907487e402464649707ad756cc9e86f48fa217bbcada6a201
              • Instruction Fuzzy Hash: 28110A72340A11BFDF2256559C21F677699DBE4B60FB1012EF708DB2A0DB70DC018795
              Function 014A0946 Relevance: .1, Instructions: 70COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d03ef074a834754fe626cca2022602ed3e1b1b55b8b783abab30b60480b779ee
              • Instruction ID: eca054d3c5d76c088cb1106068ee850f21c0d0a849d8c623c4b17f23e554dcb4
              • Opcode Fuzzy Hash: d03ef074a834754fe626cca2022602ed3e1b1b55b8b783abab30b60480b779ee
              • Instruction Fuzzy Hash: 272116B1E00209ABDB20DFAAD8809AEFBF8FFA8B10F11012FE405A7354D7709945CB54
              Function 014B80A8 Relevance: .1, Instructions: 69COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
              • Instruction ID: f3833b4bc87290193d9074bf63d6d301316142b7f0b5028c5ee572635e9cc8cb
              • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
              • Instruction Fuzzy Hash: 2621817290020AEFDF129F59CC80BEEBBB9EF98320F24445AF940A7261D734D9519F60
              Function 01450124 Relevance: .1, Instructions: 68COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
              • Instruction ID: 4ba357b3eaab731fda56e803fe6923f99cfdfee9b1eec4be9fd10860cafa1bf8
              • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
              • Instruction Fuzzy Hash: 4D11EF76600605BFE7229F49CC41F9ABBB8EB90754F10002AFA008F2A1E672ED44CB61
              Function 01428770 Relevance: .1, Instructions: 68COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ef5808c523343da2713c0edbca93932278870f9a18aefc34692560cea3d2b946
              • Instruction ID: 7a0d8c4972159e164fae651dca520e92ffda2cad158c0b4f0a087d646ce7d3b4
              • Opcode Fuzzy Hash: ef5808c523343da2713c0edbca93932278870f9a18aefc34692560cea3d2b946
              • Instruction Fuzzy Hash: E411C8357016329BDB11CF4DC8C0A6BBBE5AF9A710B54406EED08DF315D6B1D941C790
              Function 0145AAEE Relevance: .1, Instructions: 68COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
              • Instruction ID: dbc61e093e6466f3d25620ada7a80210b2e2ceeba72514d034e5a69fe9ce6606
              • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
              • Instruction Fuzzy Hash: 0F218E72600641DFD7758F4AC540A66FBE6EB98B10F258A3FEA4587722D730EC01CB80
              Function 014280E9 Relevance: .1, Instructions: 66COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 963f3c3082242e363d5ceabb77e6d1b2b110543e8990c4da5fbf9066975a6370
              • Instruction ID: f371afe671bcbd42d20a2cb4578c8e2a278df7478cceb8ad23683766c319dd43
              • Opcode Fuzzy Hash: 963f3c3082242e363d5ceabb77e6d1b2b110543e8990c4da5fbf9066975a6370
              • Instruction Fuzzy Hash: 27218E31A00206DFCB14CF58C581A6EBBF5FB88314F30416ED105AB3A5C771AD46CB90
              Function 0145674D Relevance: .1, Instructions: 65COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a7daf145bcb0192632b7008ab8bcd7bcdba0041890f0c4e91b91267361fa4040
              • Instruction ID: 9ceb604e3080f01bd2e3787118be8583b3a3b2caa20807076a190f01e07627d2
              • Opcode Fuzzy Hash: a7daf145bcb0192632b7008ab8bcd7bcdba0041890f0c4e91b91267361fa4040
              • Instruction Fuzzy Hash: 7F219075601A01EFD7618F69C841F66B7F8FF84350F45882EE99AC7661DB70A841CB60
              Function 014B6870 Relevance: .1, Instructions: 63COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5c20845bc38c941af9c5bd12c9d2e72975cf253ef065d6d7b4f1314bc790522d
              • Instruction ID: f8b4119f42a0a1d2d52eec135d0620773729b92757d697e1d766241ffac25c69
              • Opcode Fuzzy Hash: 5c20845bc38c941af9c5bd12c9d2e72975cf253ef065d6d7b4f1314bc790522d
              • Instruction Fuzzy Hash: 24119132240515EBD722DF6AC980FDA77A8EBA9664F12402AF205DB271DA70E905C7A0
              Function 0144E8C0 Relevance: .1, Instructions: 63COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e078c3935677283e2e4fc6007cba7142fa0f869d603cb691432eaa8be1bbd517
              • Instruction ID: c7c642e78a448bdb34c3732513c51545a79ec274ebe91e0ed57b73bc2ac3842d
              • Opcode Fuzzy Hash: e078c3935677283e2e4fc6007cba7142fa0f869d603cb691432eaa8be1bbd517
              • Instruction Fuzzy Hash: EA1108373001149BDB1ADB29CC85A6F7296FBD5274B25492AD9229F3A1E9709802C390
              Function 014566B0 Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 897c9223ad5db964b67f56146df27dd08d901b386a04399091581e50c6c1d1e3
              • Instruction ID: 0d9ba814817cabefaae877c10c6e76f1ed9ebb8acceae1660069bf39c026906a
              • Opcode Fuzzy Hash: 897c9223ad5db964b67f56146df27dd08d901b386a04399091581e50c6c1d1e3
              • Instruction Fuzzy Hash: 8911CE76A01205DFCB66CF9AC580E5ABBF8AF98610B42407FDD059B326E670DD00CBA0
              Function 014EA8E4 Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
              • Instruction ID: 298c4308e26cc79d53749091976077c83389ddd66d23334ad88a1f776aaab9c2
              • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
              • Instruction Fuzzy Hash: 1A110436A00905AFDB19CB58C805B9EBBF5EF94210F15826AE84597390E671AD11CB80
              Function 01420AD0 Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
              • Instruction ID: 006bf6d5c0ab31c59c8504d2051040dc2c923a25fb478a6bda560d44d9cf8d73
              • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
              • Instruction Fuzzy Hash: 9F21F4B5A00B059FD3A0CF29C441B52BBF4FB48B20F10492EE98AC7B50E371E854CB90
              Function 014AE7E1 Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
              • Instruction ID: 3654cd54cbfdf4ab67902fef4428422d1cd4430d6d7b85664782928d17ce074a
              • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
              • Instruction Fuzzy Hash: 9C11A331600601EFE7219F49C840B577BA5EF79754F46842EE929BB270D731DD40D7A0
              Function 014427ED Relevance: .1, Instructions: 58COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4623e11401510404e26cce42d2d1cc0aaaa2276deb100f92431b37142aa12586
              • Instruction ID: d574f3c2c2aeebdc845dcd11b27fa4b76840f921229ef3d73d38c4fbd81a17fe
              • Opcode Fuzzy Hash: 4623e11401510404e26cce42d2d1cc0aaaa2276deb100f92431b37142aa12586
              • Instruction Fuzzy Hash: 2101D631605645ABF316A66EE888F2FBB9DEF90394F15006BF900DB271D9B8DC02C271
              Function 01424690 Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 604f45c3b9f90195ba24c9eaa0b7de28770532c8e0958a19b49d880c2bfab66d
              • Instruction ID: 2255a1cc6f40e5bc931e562c6695a6ad74f57cfa5c58371a7f6cf31807272da8
              • Opcode Fuzzy Hash: 604f45c3b9f90195ba24c9eaa0b7de28770532c8e0958a19b49d880c2bfab66d
              • Instruction Fuzzy Hash: 2E11C236200665AFDB25CF9AD940F577BA4EBD5764F49451BFA288B360C770E880CF60
              Function 014F4B00 Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 15700b50432468af5bf5d92502ca8b39f0a13370e8fd22fb4149e1b97a35418b
              • Instruction ID: 26d096efd270f9604bd9e8e23221cf5048f0a6f653ccc28a08783f1b955b8c68
              • Opcode Fuzzy Hash: 15700b50432468af5bf5d92502ca8b39f0a13370e8fd22fb4149e1b97a35418b
              • Instruction Fuzzy Hash: 3811E0322006059BE7229A29D844B27B7A6FFC4210F19442FEB42877A1DE30A802CB90
              Function 01456620 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8e812e79a45cce0cc9c76068058bb95aa63a45b3de870ab51000cdff8c86a2c1
              • Instruction ID: 57b8a7263d217e79d85db8b3f0bab2900b9663cfa065e912d5d505a1324bd8d4
              • Opcode Fuzzy Hash: 8e812e79a45cce0cc9c76068058bb95aa63a45b3de870ab51000cdff8c86a2c1
              • Instruction Fuzzy Hash: FD11C672900615ABDB21DF59C980B5EFBB8FF98750F92045ADE04A7321D730AD418B60
              Function 0144EA2E Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9f1784c98e7d9fd86082b463563ff12d14ec840c4f1410076c5999cfa58e33de
              • Instruction ID: 6d59e87bea06c6240ce4379a94c68ddebc6cc5d732aed1ae2f4d61c1e251b4f3
              • Opcode Fuzzy Hash: 9f1784c98e7d9fd86082b463563ff12d14ec840c4f1410076c5999cfa58e33de
              • Instruction Fuzzy Hash: 0101C0715101059FE326DF19D404F16BBF9FBD6318F61816BE104AB274E7749C86CB90
              Function 0144E53E Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
              • Instruction ID: e2c42a26ed1d58b231ad4af820c155cc887a30d24530786ada1a494b64a9cb8c
              • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
              • Instruction Fuzzy Hash: 0511A071201A829BF722AB6DD948B2A7B94BB50654F1900A3DE4197772F33CC847C290
              Function 014AE75D Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
              • Instruction ID: 7c5314d3c1a05b6a255d299c01cf7cde8f7ebcd341382cc7ab7f8947d229791f
              • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
              • Instruction Fuzzy Hash: 9F01D23A600205AFE7219F5AC840F5B7EA9EBB4750F46802BEA15AB270E771DD40CB90
              Function 0141A250 Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
              • Instruction ID: ee38c62ba82a5b6fb5a3fd0ceaa5eeb056c8ceebc9ab688be6c1b1b516b0437a
              • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
              • Instruction Fuzzy Hash: 5E0126714067629BCB318F19D840AB37BA4EF55760B10852EFC958B3A5C331D405CB60
              Function 014F4940 Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 09602b11445ae97bf1553bcff91eeaa2b112e321e8679402585e124bd6c76d05
              • Instruction ID: e47e16a34c808377e2d65b9a748f7690c58c23d480d731749308dc6b554ff2f0
              • Opcode Fuzzy Hash: 09602b11445ae97bf1553bcff91eeaa2b112e321e8679402585e124bd6c76d05
              • Instruction Fuzzy Hash: DA01C4726415119BC7229F2DD840E13BBA8EB95770B19426EEA699B3B6EA30D801C790
              Function 0149E1D0 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 07027adf542ba34d8c6847714ef194b7fd3e7782d965c94384e7c25953d20179
              • Instruction ID: 370cba72e6b785ef7a0f0e5ed0b0dd83d87c962ed719a03a848b94afaa9f7085
              • Opcode Fuzzy Hash: 07027adf542ba34d8c6847714ef194b7fd3e7782d965c94384e7c25953d20179
              • Instruction Fuzzy Hash: 2A11C036241241EFDB16EF1ACD90F16BBB8FF68B54F2000AAF9059B661C675ED01CA90
              Function 01426259 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 59f3573af9df0baed7b21f59e99647e72c99756eb558d113c5eca0f679bd3577
              • Instruction ID: e35bb20ac78fe331d956f0af0249eab25a911ef5cad04dc75f824a7f64e1ff07
              • Opcode Fuzzy Hash: 59f3573af9df0baed7b21f59e99647e72c99756eb558d113c5eca0f679bd3577
              • Instruction Fuzzy Hash: 09119E71501228ABDB25AF25CC41FE97278EB24714F50419AA718A61F0D6709E85CF95
              Function 014A6050 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 761ea585d627e9865e9903f1fc274b2974817a5029d7d6d72b3e959bfb7fecbd
              • Instruction ID: d9e39a90b3de0aeef47918d092e99cd925f36c560e155a669643a3d2a94d213c
              • Opcode Fuzzy Hash: 761ea585d627e9865e9903f1fc274b2974817a5029d7d6d72b3e959bfb7fecbd
              • Instruction Fuzzy Hash: DA112DB3900119ABCB12DB95CC80DDF777CEF58258F054166E906E7211EA34EA55CBE0
              Function 0142208A Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
              • Instruction ID: 63c56cbd36671984491947d8de76022164e087712d83cb515eaaba7417bb69c8
              • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
              • Instruction Fuzzy Hash: 0001F5726001209BEF118E59D880E9377A6BFD8600F9540ABEF15CF366DAB5CC81C390
              Function 014B6500 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 337ddc1296450623aba92fc47aaca23b75d8a6f956fe3b90be067e862b285bbc
              • Instruction ID: 9212d4f79d373cbcb062f9d3b50a9f37f4d1377aa2a811c3f3809b0002c0a521
              • Opcode Fuzzy Hash: 337ddc1296450623aba92fc47aaca23b75d8a6f956fe3b90be067e862b285bbc
              • Instruction Fuzzy Hash: 3511A5326441459FD711CF59D840BE6B7B9FB9A314F09815AE8488F325D731EC55CBB0
              Function 014AC810 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4042fd3006e3e654d6be73287c800eb82a2787f69285497fb14beed3ffd9ee2a
              • Instruction ID: 9dbb8ba384e9cd0be750d1f2d69e5728b77bc63647bceb5e087507dc706282c9
              • Opcode Fuzzy Hash: 4042fd3006e3e654d6be73287c800eb82a2787f69285497fb14beed3ffd9ee2a
              • Instruction Fuzzy Hash: 131118B1E002099BCB00DFAAD581AAEBBF8FF58350F10406AA905E7351D674EA018BA4
              Function 014CEA60 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 58f7a2168f14cb0a1ca17a2cfce349d09efb4a893cc5278be5940d0e977e9903
              • Instruction ID: e23b10235fc69121dc13cf3181df4426fe0029844bdefe01549aa4c3b89d29ab
              • Opcode Fuzzy Hash: 58f7a2168f14cb0a1ca17a2cfce349d09efb4a893cc5278be5940d0e977e9903
              • Instruction Fuzzy Hash: 0301B13A1402119FC772AF1E8440D27BFA9FFA5A60B05442FE2556B371CB72DD42CB91
              Function 0141C020 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
              • Instruction ID: 9039d473d3da5c86fa057c1cb02d32ab96b17c93dbd98b9113c648e437860a5a
              • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
              • Instruction Fuzzy Hash: 2601FC726007459FEB22DBAAD840FA77BE9FFD6650F04441FEA468B660DE74E402C760
              Function 014620F0 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 23517fc7142b9521e45efe716c6a551393fa1a8ea415f7ba64cd3712da7cfc75
              • Instruction ID: 3e18248bb531cc2cd76359ec02d231f6c5ea93649446d1505f3e0d0ecb19142e
              • Opcode Fuzzy Hash: 23517fc7142b9521e45efe716c6a551393fa1a8ea415f7ba64cd3712da7cfc75
              • Instruction Fuzzy Hash: F811AD75A0020DEBCF05EF64C841EAE7BB9EB98384F00405AE9019B360D635AE11CB91
              Function 0145E5CF Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f173ab1ad76dbac68ecf7fb7973f7d9a389ef2e4e1fd6e54fe2d726dd074cea8
              • Instruction ID: ec9fa543ae3e232a400aa39ba844900daf7e012317a133f6046f50acc2f5e814
              • Opcode Fuzzy Hash: f173ab1ad76dbac68ecf7fb7973f7d9a389ef2e4e1fd6e54fe2d726dd074cea8
              • Instruction Fuzzy Hash: 77018472201515BBD711AB6ACD40E57BBACFBE8664700056FB50597671DB74EC01C6A0
              Function 014B69C0 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 80df40e2e8e95a6e5d8202d814030fcd0ef2dc28eb0c075c3cf9f291a4e371ae
              • Instruction ID: 882215306392526d783577f65a283a4439f6ea6aba5927f763c1c0db60506fc3
              • Opcode Fuzzy Hash: 80df40e2e8e95a6e5d8202d814030fcd0ef2dc28eb0c075c3cf9f291a4e371ae
              • Instruction Fuzzy Hash: ED0140323142059BDB20DF6AD4C89A7FBACFF5D620F12411BE95887290D7309911C7E1
              Function 014AC460 Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4f808e6941ecef5e8d339af1a7fe4f9723d1452ba90c9042ebae1720bb3d215f
              • Instruction ID: f67f7444118259778fd486200920197eb1b4005d3e13601eaec892de856136ec
              • Opcode Fuzzy Hash: 4f808e6941ecef5e8d339af1a7fe4f9723d1452ba90c9042ebae1720bb3d215f
              • Instruction Fuzzy Hash: 15116D75A0120DEBDF15EF69C884EAE7BBAFB68344F01406AFD0197360DA35E911CB90
              Function 014AC97C Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1b493ff7aa0b9367a015a9d8b91a29cfe97253646f50de1a6581ed0344ded603
              • Instruction ID: 408d2dcf8594664ca95e784eb91efa133454e4d45ca077c6d28266b2172eb23a
              • Opcode Fuzzy Hash: 1b493ff7aa0b9367a015a9d8b91a29cfe97253646f50de1a6581ed0344ded603
              • Instruction Fuzzy Hash: 5B1179B16083089FC700DF6AD44195BBBF8EFA8310F00451FB998D73A0E630E901CB92
              Function 014ACA11 Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 139c9cf5755c9c5b4af42a321540b6f191b750ff21b5a2f553fc6aab4ce8be36
              • Instruction ID: 143883ce134dd587df5562694a55f118077d52f20c3eacad25ab71e51ef813f3
              • Opcode Fuzzy Hash: 139c9cf5755c9c5b4af42a321540b6f191b750ff21b5a2f553fc6aab4ce8be36
              • Instruction Fuzzy Hash: 4B1127B16183099FC710DF6AD441A5BBBE8AFA9750F40851FB958D73A4E630E9018B92
              Function 0143E016 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
              • Instruction ID: 6037187abc1b6cbfcf17762be92e85beac3d9473566f9025e4da49e68b1c3421
              • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
              • Instruction Fuzzy Hash: 900171712015809FE322861DC948F67BBE8EB98754F0904A7F905DB7B2D638DC41CA21
              Function 0141826B Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fecf05cdb89f0e8148820cbdbda4351cb997b4cdae820890e3d328eec41f7ccf
              • Instruction ID: 2711f87dec55cc952f08d33d5829f44ac57f785a2c984725295d8f699eccfb3b
              • Opcode Fuzzy Hash: fecf05cdb89f0e8148820cbdbda4351cb997b4cdae820890e3d328eec41f7ccf
              • Instruction Fuzzy Hash: A401D4317005069BD715EB6AD8109EB7BA8FFA0620F4A402B9901DB768DE30D801C390
              Function 014CEB50 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: 91bfb67e4cbd9784e9114481b2b0574bec746663597f2c7e1b8f4f96d7b11eac
              • Instruction ID: 6dce6cfa648d97e6b44cf015611b13ff2df356e2c91289ec73f669fc033c4182
              • Opcode Fuzzy Hash: 91bfb67e4cbd9784e9114481b2b0574bec746663597f2c7e1b8f4f96d7b11eac
              • Instruction Fuzzy Hash: B901A771240701AFD3329B1AD841F12BEA8EF65F60F05482FB215AF3A0D7F0D9418B54
              Function 01422582 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d2733ec6ddacafecc3a30d2a6e9c11c9f871f5d3078fc79b2609e85771cba557
              • Instruction ID: fe0cf14d34930d47ff94d9dc53ccfc0f9b2a383274e128e078118202f48bbda3
              • Opcode Fuzzy Hash: d2733ec6ddacafecc3a30d2a6e9c11c9f871f5d3078fc79b2609e85771cba557
              • Instruction Fuzzy Hash: 34F0F933641A20B7C7319F578C40F477AA9EBD4AA0F14802AE605D7660C670ED41C6A0
              Function 0144C073 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
              • Instruction ID: 08d66e2b9837261088499359d45c0bc2cc9e818e694734b4bc8b32f8ffae24e5
              • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
              • Instruction Fuzzy Hash: F6F0C2F2601611ABE328CF8EDC40E57FBEEDBD5A90F088129A505CB320EA31DD04CB90
              Function 014F634F Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 76f8d7309107f7b49291252578c744006498fb6a1bfe6ea59ec4e4936effe5df
              • Instruction ID: 37a8e293693707d856fd76f816fa3acafbe79744688a36109912c35650671e07
              • Opcode Fuzzy Hash: 76f8d7309107f7b49291252578c744006498fb6a1bfe6ea59ec4e4936effe5df
              • Instruction Fuzzy Hash: 1C018471A10209EFDB00DFA9D44099EB7F8FF58304F11401EF904E7350D6349A018BA1
              Function 0141C310 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
              • Instruction ID: df9235d0aca1196f96331b1994e11e609a22402696a1c9702871e63e5f5ff051
              • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
              • Instruction Fuzzy Hash: B8F0FC732846339BD7321B9A8CC0B6BA9959FE5A64F19003BE2099B668C9748D0356D0
              Function 014F625D Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0a89e2a591efa8517757040002ed81d5a4e232ff88063e4b54c3a78cb8b9c4ac
              • Instruction ID: 2f1de567e0c676aa7be3ddaed3c7fc5cf93c68617eb9b1b5bf437a84ab005134
              • Opcode Fuzzy Hash: 0a89e2a591efa8517757040002ed81d5a4e232ff88063e4b54c3a78cb8b9c4ac
              • Instruction Fuzzy Hash: 5B018471A00209EFCB04EFA9D4419AEB7F8FF58304F11401BF904E7350D6749A01CBA1
              Function 014F62D6 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2aaac162fa2d3acfd90ccad50c20c68574716d96ef2e3ff19c0336f129083b28
              • Instruction ID: 02ff67626e70053a47efda7123dc712b59efef3fec1c699318d533317db0891d
              • Opcode Fuzzy Hash: 2aaac162fa2d3acfd90ccad50c20c68574716d96ef2e3ff19c0336f129083b28
              • Instruction Fuzzy Hash: A1014471A00209EFDB04DFA9D44599EB7F8FF58304F51405AFA14E7350D6749D018BA1
              Function 0145CA6F Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
              • Instruction ID: c4f03f741cf276046e2254db56302f8aaab5386f2ddaa712fd0f0a02450ea179
              • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
              • Instruction Fuzzy Hash: E601D63120068A9BE722D65DC849B5ABF9CEF52750F09406BFE048B7B2E679C801C610
              Function 014F61E5 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5df2b8d1661519903bcf9debd2a760c4fb2b17ef632b5b6982e8b0ab7c4877d7
              • Instruction ID: 9c18423991a39ba9714ce5845be852d424a12cb6fd888a61e55000fa43b6ce68
              • Opcode Fuzzy Hash: 5df2b8d1661519903bcf9debd2a760c4fb2b17ef632b5b6982e8b0ab7c4877d7
              • Instruction Fuzzy Hash: AE018F71A002499BDB00EFA9D445AEEBBF8BF58314F15005EE500EB390D734EA02CB95
              Function 014A63C0 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
              • Instruction ID: 5c3fa22929a38a99e5d39ff92c45d0e47b93f0005b5840b5e7e31ecebc858f69
              • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
              • Instruction Fuzzy Hash: 67F01D7220001DBFEF019F95DD80DAF7B7EEB692A8B154129FA1192170D635DD21ABA0
              Function 014AA4B0 Relevance: .0, Instructions: 40COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 10948ff9454a0751950f29273c33d31b897f7ab076357cdafc699ae7791c2e26
              • Instruction ID: 2104eda7760a6ce6332734042c94deb0661b0b1ef869dda92a3eae0be072f5db
              • Opcode Fuzzy Hash: 10948ff9454a0751950f29273c33d31b897f7ab076357cdafc699ae7791c2e26
              • Instruction Fuzzy Hash: DB019A36110209ABCF129F84DC40EDE3F66FB5C754F068116FE186A220C332D971EB81
              Function 0141C0F0 Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c91603ce3d13aa75ccfb06b55f3c6b713b4522b92efb872d63ffadac9bb5235c
              • Instruction ID: accfe712f35a2d60fcc1981b143c1ec98a0280cf6d6031ed4d47c4c7b2c377ea
              • Opcode Fuzzy Hash: c91603ce3d13aa75ccfb06b55f3c6b713b4522b92efb872d63ffadac9bb5235c
              • Instruction Fuzzy Hash: 87F024712C42419BF310962A8C81F233296EBD0664F65802FEB098F3E5EA70DC058BA4
              Function 0145656A Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 546770970305d316d2c5a98994e9158fda362db2cdfc0e12f3ba9857f3860844
              • Instruction ID: e3bc83f37d788dd39f9ddd4fe72083ec05449a7fb646dc37efaf0fd234269773
              • Opcode Fuzzy Hash: 546770970305d316d2c5a98994e9158fda362db2cdfc0e12f3ba9857f3860844
              • Instruction Fuzzy Hash: B90181702406859BF7729B3CDD58B263BA8BB55B48F9A0596BA01CB6F6D778D4028210
              Function 014C437C Relevance: .0, Instructions: 37COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
              • Instruction ID: 360faa03e27e653314ae2b38e21ad26c98f4bcc64372fbbc47ac3961dff18f98
              • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
              • Instruction Fuzzy Hash: BDF0E93934191347EBB5AA2F8930B2FAA559FE0D11B0D062F9501CB7B0DF30DC118790
              Function 014AE872 Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
              • Instruction ID: b2b381291a52fb81bdafbf27d5c2c379af64babac74e51d339aee54ce2da17a3
              • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
              • Instruction Fuzzy Hash: DCF030336115119BD3219A4EC880F17B768AFE5A60F9B006EA614AB270C674EC028790
              Function 014AC89D Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b6dfb086eeb4f2e26e50c403075006bf927c6e3f599b981d8d9c52926d4eced7
              • Instruction ID: 8f84c9cd6cfe85bda55c965cb79b6beed8c7592e0d5c22787e0d5d9d2eeb7bbc
              • Opcode Fuzzy Hash: b6dfb086eeb4f2e26e50c403075006bf927c6e3f599b981d8d9c52926d4eced7
              • Instruction Fuzzy Hash: 5FF0AF706093449FC310EF29C445A1BB7E4FFA8714F80465FB898DB3A4E634E901C796
              Function 01450854 Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
              • Instruction ID: fcfbae9f477dfc861ab32d77cf16c3143b5537c7d6ae20f332e217f2157af8b7
              • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
              • Instruction Fuzzy Hash: FAF0B472610204AFE714DF26CC01F56B6E9EFA8350F148079A945D7275FAB0ED01C654
              Function 014AC912 Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c71606b82f3d84facf3452a8751537b681c0ba7aa9994f3302cc55492a930439
              • Instruction ID: d5b873d833b65b7fce2b1d632e71d345a4f6060fec79dbfafe90c3a7cd040118
              • Opcode Fuzzy Hash: c71606b82f3d84facf3452a8751537b681c0ba7aa9994f3302cc55492a930439
              • Instruction Fuzzy Hash: 57F0C270A0024DDFDB04EF69C555A9EBBB8FF28300F00805AB815EB395DA38EA05CB50
              Function 014247FB Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 77203fce325103816c6c2cafb14225e3345bb75d42dd0deaf1d80e7eea3e3a64
              • Instruction ID: 0b60c361f24f689bca303fef730f60ccba6405253cc2fc5a1d78f9460ea6b1a8
              • Opcode Fuzzy Hash: 77203fce325103816c6c2cafb14225e3345bb75d42dd0deaf1d80e7eea3e3a64
              • Instruction Fuzzy Hash: F9F0F0399222F18EE7228B1CC004B23BFC4DB00770F8D586BC94987232C7B0D8C0C601
              Function 014E0115 Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a2b2c6c0f96234f25602c470e6940f38152a6cbe04f585d33c468bfb264f1fae
              • Instruction ID: cfe706a521492e392e9b2b88c333810f424ee6a4db5da40b67b9a0b8651a787a
              • Opcode Fuzzy Hash: a2b2c6c0f96234f25602c470e6940f38152a6cbe04f585d33c468bfb264f1fae
              • Instruction Fuzzy Hash: 24F0A76651568107DF335B2C74683D2BBA5AB52510F1B148FE4B15F329C6F5C887D324
              Function 0145C5ED Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: df738d4e4a95a363d4e862cd31967689b8f714386b23a52654b6e0c08236e31c
              • Instruction ID: 759046baafe181cff7d9e0a7c3a78885d0ad5e0ffc69e65ef820716c050a1e3a
              • Opcode Fuzzy Hash: df738d4e4a95a363d4e862cd31967689b8f714386b23a52654b6e0c08236e31c
              • Instruction Fuzzy Hash: CBF0BE755117519FE3A29A1CC188B527BDC9B44AA4F09942BDD0A87633C670EA82CAA0
              Function 01462619 Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
              • Instruction ID: cf3ccda5eff8d1b3102c9e1b1e4ba96b1ebdba59ab2e316af1ef1a7efe48945b
              • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
              • Instruction Fuzzy Hash: 50E092723006012BE7119E5A8C80F47776E9FE6B14F04007EB5045E261C9F2DD0982A5
              Function 014B6030 Relevance: .0, Instructions: 29COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
              • Instruction ID: a99a33496c4698ced0f7d23b220ab6c51c0b913f91b5a8a3d9c88d6a212b1bb3
              • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
              • Instruction Fuzzy Hash: 85F030B21042049FE321CF0AD984FA2B7F8EB55364F46C02AE6099B671D379EC40CBB4
              Function 01420710 Relevance: .0, Instructions: 28COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
              • Instruction ID: dae9d996976502f7f915792b7645e0ebd19304df3c77fd56064d4c717a3c4b5f
              • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
              • Instruction Fuzzy Hash: AEF0E57A2043559FEB16CF1AD050AE5BBE4FB95350F0000AAF8428B321D731E9C2CB50
              Function 014549D0 Relevance: .0, Instructions: 28COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
              • Instruction ID: c731f38cfe384ed3c9f84a9b3091553d276c309a4e34f255047003c158d464e4
              • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
              • Instruction Fuzzy Hash: EFE0D832244145ABD3E15A598800B6777A5DBE47A0F19042BEA088F272FB70DCC1C7E8
              Function 014F4164 Relevance: .0, Instructions: 27COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 328c5421602bb8bccb93ef0154d93699d7a0433059c675118360ee4e22270f55
              • Instruction ID: 15dd0d8e5d58d1107ba0bc8932c8f1b7d83740b89702f3cc2809e6e6e749b6db
              • Opcode Fuzzy Hash: 328c5421602bb8bccb93ef0154d93699d7a0433059c675118360ee4e22270f55
              • Instruction Fuzzy Hash: 19F0E531A255918FE772D76CE748B5377E0AB20630F0E055ED50087B36CB30DC40C650
              Function 014C678E Relevance: .0, Instructions: 27COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
              • Instruction ID: 4edd8d36e7d749cc8e2ecc1ea7c6d24ab9e18b8961d3bffc087b6b14b9a4a3a7
              • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
              • Instruction Fuzzy Hash: 52E0D832601110BBDB6197598D01F9B7EACDFA4EA0F05405AB600DB1A0E530DE00C690
              Function 014F08C0 Relevance: .0, Instructions: 25COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
              • Instruction ID: d2311cefa7f3810f6a06eb44d8389eec0dc1022ba1c9a882cf5302b6ccd971e6
              • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
              • Instruction Fuzzy Hash: 6DE09B316403508BCB258A1EC140A53B7EDDFE5661F15806FEA0547723C231F842C6D0
              Function 014225E0 Relevance: .0, Instructions: 23COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7be1e7eb52e4d65b1b50021bdf944fdf09b8da8cce6e431d1da6058445ae3c19
              • Instruction ID: bbfe94d9e1db623be3a5c66acf6e8d446d0f26865b3c297866e58d1e2266ece6
              • Opcode Fuzzy Hash: 7be1e7eb52e4d65b1b50021bdf944fdf09b8da8cce6e431d1da6058445ae3c19
              • Instruction Fuzzy Hash: 71E09232100554ABC322BF2ADD01F8A779AEBB4764F01451AF116571A0CA74AD50C794
              Function 014DA456 Relevance: .0, Instructions: 23COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
              • Instruction ID: 2d46b6ad7c2bbf721d5d977c3110079fb3dfc341b7689bb09181f1b60eaa0e6b
              • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
              • Instruction Fuzzy Hash: 62E09231010611DFEB326F2BC858B537BE4FFA0711F288C2EA096125B0C7B498C0CA40
              Function 014A4000 Relevance: .0, Instructions: 22COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
              • Instruction ID: 4a267e5c9226fff82a2563f0e263f11aa89bdb5353d881c4842bbc01db057b27
              • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
              • Instruction Fuzzy Hash: 6FE0AE743442058BE715CF19C040B667BA6BFE5A10F6DC069A9488F305EB72A8429A40
              Function 0145CA38 Relevance: .0, Instructions: 22COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7e862fcc806b594130e59b570a1abbf47101588b3cbe57948d2ff34293bf958d
              • Instruction ID: 232aa4ced6d536d8221feed9d9d6aade5cfc163bf06be646800e524668cd78d4
              • Opcode Fuzzy Hash: 7e862fcc806b594130e59b570a1abbf47101588b3cbe57948d2ff34293bf958d
              • Instruction Fuzzy Hash: BCD02B328811306ACFB6E3197C44FE33E5DAB64220F024873F90897032D574CC81D2D4
              Function 0141823B Relevance: .0, Instructions: 21COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
              • Instruction ID: 56147e6438947ce3fce7406208854882562ffe5692b41aca5ca49b79ef400131
              • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
              • Instruction Fuzzy Hash: 0FE0CD31500512EFD7332F16DC00F9276A5FF64F14F10481FE0411507887B45C82CB45
              Function 01422050 Relevance: .0, Instructions: 20COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fd65a07ce24a6873c541d3bc373c84e828ff0106dc165ffb08e16b14036ed52c
              • Instruction ID: 8f12afb9f7dd71e6442bb69fe4c24c3072ff1d4683de0b5e60707e0a05c9790a
              • Opcode Fuzzy Hash: fd65a07ce24a6873c541d3bc373c84e828ff0106dc165ffb08e16b14036ed52c
              • Instruction Fuzzy Hash: 22E0C2332004606BC322FF6EDD00F4A739EEFB4270F45022AF1558B2A0CAB4AC40C794
              Function 0145E59C Relevance: .0, Instructions: 16COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
              • Instruction ID: 9f8d1217b22d9e481da9f5fb1d207726a3bc9fca9a52a75a9f8e30e51e2beba2
              • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
              • Instruction Fuzzy Hash: 58D0A933204620ABDB32AA1DFC00FC333E8BB9C720F06089EB008C7160C374AC81CA84
              Function 0149E908 Relevance: .0, Instructions: 16COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
              • Instruction ID: 84ce0fadfff6a1368e4aa13dc223ab135f7b6242293111e8ec7622137dcd0e53
              • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
              • Instruction Fuzzy Hash: 2AE0EC369506849BDF12DF5AC640F5ABBB5BB94B40F150059E1486B771C634A900CB40
              Function 0141A0E3 Relevance: .0, Instructions: 15COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
              • Instruction ID: 77c9f615573fb04996573f18dbcc86e41979947781530e45285648dc0c91f35d
              • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
              • Instruction Fuzzy Hash: B7D022332130B093CB285A566900F636D05ABC0AA0F2A002E340A93924C0288C43C2E0
              Function 0145A830 Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
              • Instruction ID: c081683a56f5977fd3f303e17543c0610ba5fa97f882ea38358d201d17289ea1
              • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
              • Instruction Fuzzy Hash: ADD012371D054DBBCB119F66DC01F957BA9E7A4BA0F444021B504875A0C63AE950D584
              Function 0145CA24 Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5ab0e0475f2d3244c8a376ac3e0e2b359cfbf3d0af3a505836f2c1c8af2b7b21
              • Instruction ID: bc2f864c5f5f68b8f61959a779c12a64b4d2e844be32ea9efec8f77041d42642
              • Opcode Fuzzy Hash: 5ab0e0475f2d3244c8a376ac3e0e2b359cfbf3d0af3a505836f2c1c8af2b7b21
              • Instruction Fuzzy Hash: 30D05E315011168BDF16CF09C550E2A3E74EF24A41B40007EEA0151131E338EC018640
              Function 014302A0 Relevance: .0, Instructions: 13COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
              • Instruction ID: f071a15fc289585a890c766d60fac35107779a074ff121d55620e34128f1d3f5
              • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
              • Instruction Fuzzy Hash: F6D0C935212E80CFD61BCB0CC5A4F1633A8BB88B44F850591F401CBB32D67CDD40CA00
              Function 0145C700 Relevance: .0, Instructions: 12COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
              • Instruction ID: fe13125b6d153defbdeefedff4a074c1e6729eee6199258d04a9b102a861bede
              • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
              • Instruction Fuzzy Hash: 69C01233290648AFC712AE9ACD01F027BA9EBA8B50F000022F2048B670C635E820EA84
              Function 01440310 Relevance: .0, Instructions: 11COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
              • Instruction ID: 2c3ae73593acde9cc35406a8f7a04fa278982bd79f2a1cedea0875d21b264bc9
              • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
              • Instruction Fuzzy Hash: 73D01236100248EFCB01DF41C890D9A7B2AFBD8710F108019FD19076108A31ED62DA50
              Function 01420750 Relevance: .0, Instructions: 9COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
              • Instruction ID: e0477905d6e52c1aa94fc3b6b8e223d084b5738ac60d12bb1ae8eb57dc19c0c0
              • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
              • Instruction Fuzzy Hash: A3C002796015418FDF15DA1AD294A4577E4B754750F150891E805DB722E624E801CA10
              Function 01464340 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 040a0d4dd73e73c8c7971f4a1264a97727c41b497dc695be92398812176d96b0
              • Instruction ID: 52b205ebd11f89386961aacf365dcf924986073274ddd6601f57e45eeb8eccc4
              • Opcode Fuzzy Hash: 040a0d4dd73e73c8c7971f4a1264a97727c41b497dc695be92398812176d96b0
              • Instruction Fuzzy Hash: ED900231605801129140715848885864005A7F0301B55C022E0424555CCB248A5A5361
              Function 01464650 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c18e20a677e162759978c5ab9fb6f7ffbb7a0e3d148e31e36b6bf788f128cee8
              • Instruction ID: 06e743cedf042dac2a4b5a5e5c6695699c5979c19469a553ae243186dd49c09b
              • Opcode Fuzzy Hash: c18e20a677e162759978c5ab9fb6f7ffbb7a0e3d148e31e36b6bf788f128cee8
              • Instruction Fuzzy Hash: C1900271601501424140715848084466005A7F1301395C126A0554561CC72889599369
              Function 01462B60 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: add815d2a5a7a64ad90e60a8563ee0ce6ad9d0bce20c52a84069633e08206745
              • Instruction ID: 15e6bfd57ade6d6efddfd964209354e4d5e1da77aa9a736fd7b3ff6562d2a033
              • Opcode Fuzzy Hash: add815d2a5a7a64ad90e60a8563ee0ce6ad9d0bce20c52a84069633e08206745
              • Instruction Fuzzy Hash: B490027120240103410571584418656400A97F0201B55C032E1014591DC63589956225
              Function 01462BE0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 254f7c2a89565ef1d9373f7d93ac454abbb2d6f3c597dc2665d5310aa57053c1
              • Instruction ID: 4d3de7ca7200f85a650daa0460bcc41c7c5446741fc9d663c17eafb44345b3b1
              • Opcode Fuzzy Hash: 254f7c2a89565ef1d9373f7d93ac454abbb2d6f3c597dc2665d5310aa57053c1
              • Instruction Fuzzy Hash: 1990023120544942D14071584408A86001597E0305F55C022A0064695DD7358E59B761
              Function 01462BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9df14d8f7ee7c7a93a41717f43cc0aefdcbc74f299e7909a40f9335f0f1b5c1c
              • Instruction ID: bb936e50812fa9d6264e0d3fb36b9cd93727e1b2bc05154eed0d12c5457f2cdf
              • Opcode Fuzzy Hash: 9df14d8f7ee7c7a93a41717f43cc0aefdcbc74f299e7909a40f9335f0f1b5c1c
              • Instruction Fuzzy Hash: E090023120140902D1807158440868A000597E1301F95C026A0025655DCB258B5D77A1
              Function 01462B80 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 89d788db3b692ef0ac6e327353ea865406eb48f02414b5cb41499d5d926f42d5
              • Instruction ID: 434a69248475e54255d86d5c42f77080bae30d703640acbde8b78e81722e0332
              • Opcode Fuzzy Hash: 89d788db3b692ef0ac6e327353ea865406eb48f02414b5cb41499d5d926f42d5
              • Instruction Fuzzy Hash: 9790023120140902D104715848086C6000597E0301F55C022A6024656ED77589957231
              Function 01462BA0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e211244ad8caece836d7fdbf5ede2e58bf43d8ab990232e6b5a1a5d9abe32f7e
              • Instruction ID: 631833c40db3b0ae91049a6f1289fcaad13ffa8e3f0dd1aa6d9de4d54684344d
              • Opcode Fuzzy Hash: e211244ad8caece836d7fdbf5ede2e58bf43d8ab990232e6b5a1a5d9abe32f7e
              • Instruction Fuzzy Hash: F590023160540902D15071584418786000597E0301F55C022A0024655DC7658B5977A1
              Function 01462AD0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fac0cd0c9f03295053a0313d8db86f19bd20328e98dc1f106da3dc3581067614
              • Instruction ID: 6a5a002db1f9ea2b37538e671c9fcf5639ba1c7a3eda1b0d252ddaacb43bed6c
              • Opcode Fuzzy Hash: fac0cd0c9f03295053a0313d8db86f19bd20328e98dc1f106da3dc3581067614
              • Instruction Fuzzy Hash: 2B900435311401030105F55C070C5470047D7F5351355C033F1015551CD731CD755331
              Function 01462AF0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 916d78f5dc674f69059b2e9b1ab32de285fceac8bf0ba78746484486e0a6bbb9
              • Instruction ID: 96255e2ca9b62e8899c504d25181383d5f72181a66aac977c68347fd512a8c63
              • Opcode Fuzzy Hash: 916d78f5dc674f69059b2e9b1ab32de285fceac8bf0ba78746484486e0a6bbb9
              • Instruction Fuzzy Hash: 50900235221401020145B558060854B0445A7E6351395C026F1416591CC73189695321
              Function 01462AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f96a57a5f7baba142e72bf06feba5a7e462270d0f956aab58f8699f157285149
              • Instruction ID: e7e8a232e012eb406bb98de1aded184be4bd239ed4d5f4cccfb52568072ec195
              • Opcode Fuzzy Hash: f96a57a5f7baba142e72bf06feba5a7e462270d0f956aab58f8699f157285149
              • Instruction Fuzzy Hash: 5C9002B1201541924500B2588408B4A450597F0201B55C027E1054561CC63589559235
              Function 01462D00 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1462c2d9bdfdb5b2d9439102b68fbad43603a7ef6fea6297535e4e5fa0224977
              • Instruction ID: d26aa4e3547ac3f4adc82393687b59646d3b757d307e1e7bc7133ff13a51e510
              • Opcode Fuzzy Hash: 1462c2d9bdfdb5b2d9439102b68fbad43603a7ef6fea6297535e4e5fa0224977
              • Instruction Fuzzy Hash: D290023120544542D1007558540CA46000597E0205F55D022A1064596DC7358955A231
              Function 01462D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fb179e336c2b8b6435f95370b9ad0840f6087c2b99039dc84dc96d9c6850a46d
              • Instruction ID: c77d63a222b0355584544841be36841804ba66324a8f438537d3d08e268e7a7a
              • Opcode Fuzzy Hash: fb179e336c2b8b6435f95370b9ad0840f6087c2b99039dc84dc96d9c6850a46d
              • Instruction Fuzzy Hash: 9C90023921340102D1807158540C64A000597E1202F95D426A0015559CCA25896D5321
              Function 01462D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 52d610a5c8363f83267743ab4c6c70dec89acc4a4fc8acc640757f7dffd48735
              • Instruction ID: 6966389b3c9ce4382a3a4a855ea4b4c655268f7823df37997b9f8d02a5df4981
              • Opcode Fuzzy Hash: 52d610a5c8363f83267743ab4c6c70dec89acc4a4fc8acc640757f7dffd48735
              • Instruction Fuzzy Hash: 6590023130140103D1407158541C6464005E7F1301F55D022E0414555CDA25895A5322
              Function 01462DD0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 21733a6ab0a9cce02a5fde14227154e1a8472a4949cec961093e47671cb67409
              • Instruction ID: 0932c6f1ed72174e7f8fbedd96c94d6617617c699926999eaca792e17c997e83
              • Opcode Fuzzy Hash: 21733a6ab0a9cce02a5fde14227154e1a8472a4949cec961093e47671cb67409
              • Instruction Fuzzy Hash: 58900231242442525545B15844085474006A7F0241795C023A1414951CC636995AD721
              Function 01462DB0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5537d9624734dd658dd92589d03cca259edcb2291876d058b561ba494a5c9873
              • Instruction ID: 78deb22a6ce5cba29ff133b1dbc0ac6846a7512d7b28c07ad7dddcb66eccc7ca
              • Opcode Fuzzy Hash: 5537d9624734dd658dd92589d03cca259edcb2291876d058b561ba494a5c9873
              • Instruction Fuzzy Hash: 7690023124140502D141715844086460009A7E0241F95C023A0424555EC7658B5AAB61
              Function 01462C60 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 14df7e22f1fbe136e0ff03112fbb2eeb9336662b628ee1dd44049bab29cb3d87
              • Instruction ID: 4920b96c2789e7901ec9254bd64441c52b106e470553b12439ea667f36a2dcab
              • Opcode Fuzzy Hash: 14df7e22f1fbe136e0ff03112fbb2eeb9336662b628ee1dd44049bab29cb3d87
              • Instruction Fuzzy Hash: CC90023120140942D10071584408B86000597F0301F55C027A0124655DC725C9557621
              Function 01462CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cbb9245645a2576a1201ee8146e7ce8fd45c2667ea635e592c3f530a4d151d12
              • Instruction ID: acaf2161ed57cdf2bc7b2ec8b0244643fbc3a60ac92ca50d2ad245b746c077cb
              • Opcode Fuzzy Hash: cbb9245645a2576a1201ee8146e7ce8fd45c2667ea635e592c3f530a4d151d12
              • Instruction Fuzzy Hash: 3E90023160540502D1407158541C746001597E0201F55D022A0024555DC7698B5967A1
              Function 01462CF0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 06c1d0a6dd2ed867323e9bc605c5fb88cb3d8e98e88e48c2cb377c9374bc8a53
              • Instruction ID: 9491d001565c888468da7bde9f2d8e872dc43a9993390f56d50d36162bd6e25d
              • Opcode Fuzzy Hash: 06c1d0a6dd2ed867323e9bc605c5fb88cb3d8e98e88e48c2cb377c9374bc8a53
              • Instruction Fuzzy Hash: 0390023120140503D1007158550C747000597E0201F55D422A0424559DD76689556221
              Function 01462CA0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3c4bac59d0bb963c648b6bb63b86f119aff0cef861cce3af8f5f83d16f27c820
              • Instruction ID: 9553893a6a9a02cb9aa2d241f3890fcff86eadad9a3461e42d6c7bc1bfad2207
              • Opcode Fuzzy Hash: 3c4bac59d0bb963c648b6bb63b86f119aff0cef861cce3af8f5f83d16f27c820
              • Instruction Fuzzy Hash: 2C90023120140502D1007598540C686000597F0301F55D022A5024556EC77589956231
              Function 01462F60 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c2f4b8ac6c3b746fba1b748ff387fbd91e903c7666452077be2c2701842927a5
              • Instruction ID: 8cc29bd06c0737edd7b4a4057d08af5de599310136136a66cd31447f2057083c
              • Opcode Fuzzy Hash: c2f4b8ac6c3b746fba1b748ff387fbd91e903c7666452077be2c2701842927a5
              • Instruction Fuzzy Hash: 2990047131140143D104715C440C7470045D7F1301F55C033F3154555CC73DCD755335
              Function 01462F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 49984eafbf5c72b5219fb244ade7e87af0fa7c35073028d95bcf471791795d8c
              • Instruction ID: 3d726ebcb499723a46d17dcd1f3977c4e98b564b8d243871666ead5546f37b6a
              • Opcode Fuzzy Hash: 49984eafbf5c72b5219fb244ade7e87af0fa7c35073028d95bcf471791795d8c
              • Instruction Fuzzy Hash: 8B90027134140542D10071584418B460005D7F1301F55C026E1064555DC729CD566226
              Function 01462FE0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: eec076077bbd9f8e1b628fb433604c1d384e34f14e706d121596323116f8ab4e
              • Instruction ID: 37da1dde41591d82b3d8daaf542998c65ae0ff088b5b88be0db8b8d4d2269a28
              • Opcode Fuzzy Hash: eec076077bbd9f8e1b628fb433604c1d384e34f14e706d121596323116f8ab4e
              • Instruction Fuzzy Hash: 52900231211C0142D20075684C18B47000597E0303F55C126A0154555CCA2589655621
              Function 01462F90 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fd20a38bf030ebcf4ee13352b035ef165128ff3b77ef6cdd4464015d8a0061ab
              • Instruction ID: 5cc79f42183b2e272acf213d7da15ec9408c4f0faec28a8a6fbf78c7619043fd
              • Opcode Fuzzy Hash: fd20a38bf030ebcf4ee13352b035ef165128ff3b77ef6cdd4464015d8a0061ab
              • Instruction Fuzzy Hash: 4F90023120180502D1007158481874B000597E0302F55C022A1164556DC73589556671
              Function 01462FA0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 84c623df19a8b3f15c797fb66b08f9b2ae6e768e0f6b0cdecd674253f00ddd0a
              • Instruction ID: ab891b469ef9e978eaac302aa57217e63862c521e0187bcf65467db1935d444b
              • Opcode Fuzzy Hash: 84c623df19a8b3f15c797fb66b08f9b2ae6e768e0f6b0cdecd674253f00ddd0a
              • Instruction Fuzzy Hash: D590023120180502D1007158480C787000597E0302F55C022A5164556EC775C9956631
              Function 01462FB0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 880beb02a7ad6a20c0a5fb77956eedecbda8b39d65603845436aa1657ede65d0
              • Instruction ID: 785e5fb1135903bb6f9d0a030c1a26d42cee525b40662f28f3b669628cbf9876
              • Opcode Fuzzy Hash: 880beb02a7ad6a20c0a5fb77956eedecbda8b39d65603845436aa1657ede65d0
              • Instruction Fuzzy Hash: BE900231601401424140716888489464005BBF1211755C132A0998551DC66989695765
              Function 01462E30 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 444f7c635a6fd9444177bb2ce673d90df7495f6d785c6be3b3503b743df9f3c3
              • Instruction ID: ca261d3b7a7c12dffd45322cd915048ff3c91c7656195ec748e0f3b15a1ae699
              • Opcode Fuzzy Hash: 444f7c635a6fd9444177bb2ce673d90df7495f6d785c6be3b3503b743df9f3c3
              • Instruction Fuzzy Hash: 1790023130140502D102715844186460009D7E1345F95C023E1424556DC7358A57A232
              Function 01462EE0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6e8d711c86db67b40d72a6511b94265cf47fa04081c52e6ef8af13150b45310d
              • Instruction ID: 5ba8d0b706a0d0fbe36298ea6db5c3b6eaabbe034dfdaff31d66f9134624edf8
              • Opcode Fuzzy Hash: 6e8d711c86db67b40d72a6511b94265cf47fa04081c52e6ef8af13150b45310d
              • Instruction Fuzzy Hash: 2290027120180503D14075584808647000597E0302F55C022A2064556ECB398D556235
              Function 01462E80 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c0b6992c1d7d0208ec5309f43a81783a66de20c1ab5bc3691dfb6296b5a11caa
              • Instruction ID: f61d11a078c3069cc859fbfff18bfa99ca11adb6dc82555ff8dc5cebeb420e67
              • Opcode Fuzzy Hash: c0b6992c1d7d0208ec5309f43a81783a66de20c1ab5bc3691dfb6296b5a11caa
              • Instruction Fuzzy Hash: CD90023160140602D10171584408656000A97E0241F95C033A1024556ECB358A96A231
              Function 01462EA0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7dc82ea92cd34742746ecada69c32b2942dc3309fb918426d6c189f301d416df
              • Instruction ID: 7f185621527febbb44093cc083ae945a29362efa3ecb3c0b1a698f3de8cd40e7
              • Opcode Fuzzy Hash: 7dc82ea92cd34742746ecada69c32b2942dc3309fb918426d6c189f301d416df
              • Instruction Fuzzy Hash: 8590027120140502D14071584408786000597E0301F55C022A5064555EC7698ED96765
              Function 01463010 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d9fdf24e923385505c0c51c55e0b1a4bb814da7af2772c0a42e6f93375f2ed2a
              • Instruction ID: c272f97d74ee198e7fd30f0f134d92832d7c021105c4747b673b6165d4d6aa74
              • Opcode Fuzzy Hash: d9fdf24e923385505c0c51c55e0b1a4bb814da7af2772c0a42e6f93375f2ed2a
              • Instruction Fuzzy Hash: C690023120184542D14072584808B4F410597F1202F95C02AA4156555CCA2589595721
              Function 01463090 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6e45124fff60e10492976114ce930bdfb99b56345bcd1d35935ba54b160f4072
              • Instruction ID: 22474261e2ebcb7d2a19de0b4f8843c6f6dfc6cb3200453ff296b0e2f6e6fb98
              • Opcode Fuzzy Hash: 6e45124fff60e10492976114ce930bdfb99b56345bcd1d35935ba54b160f4072
              • Instruction Fuzzy Hash: D290023124140902D140715884187470006D7E0601F55C022A0024555DC7268A6967B1
              Function 014639B0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1d60a5820a68bf52cf4602a7dfdd8c0b97985668fcfd846c560aa23f55fadae8
              • Instruction ID: 26923b49c62bd21ab05fd64b13982f9cbaf9949233457b9f8eba9d94cdcaf0db
              • Opcode Fuzzy Hash: 1d60a5820a68bf52cf4602a7dfdd8c0b97985668fcfd846c560aa23f55fadae8
              • Instruction Fuzzy Hash: 0390023124545202D150715C44086564005B7F0201F55C032A0814595DC66589596321
              Function 01463D70 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 917d248e6db02e6007e0b66cefb0b6468db03cef0a4841c9a5ba3c1c107ebbb0
              • Instruction ID: 5de36f85900b094b6f09dc308b3bd50602daa5588973f26e73ffabb78dde4868
              • Opcode Fuzzy Hash: 917d248e6db02e6007e0b66cefb0b6468db03cef0a4841c9a5ba3c1c107ebbb0
              • Instruction Fuzzy Hash: F090023520140502D51071585808686004697E0301F55D422A0424559DC76489A5A221
              Function 01463D10 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7e9e271312f24bdcb617f4bfcc80be50de6e0ab4f50c80e4f0067a77dbdecb65
              • Instruction ID: fd8d892b3ca3ade68b05edc5b65150b30129e9df33d794daedf369b83b19d566
              • Opcode Fuzzy Hash: 7e9e271312f24bdcb617f4bfcc80be50de6e0ab4f50c80e4f0067a77dbdecb65
              • Instruction Fuzzy Hash: DB90023120240242954072585808A8E410597F1302B95D426A0015555CCA2489655321
              Function 01462C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
              • Instruction ID: e92e6181618958a10a58889b768929d238eb8c5b276a41f028c9df8da4f78d73
              • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
              • Instruction Fuzzy Hash:
              Function 01462890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID: ___swprintf_l
              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
              • API String ID: 48624451-2108815105
              • Opcode ID: 20cdd772f2ec0a9f3e1b961e164b267f392f339a2cf229f44ee0665facadf5b8
              • Instruction ID: b8006cddcf04347b0d2a17a02805051ad7e2b369b2637d3c591a99c7fb3d4af1
              • Opcode Fuzzy Hash: 20cdd772f2ec0a9f3e1b961e164b267f392f339a2cf229f44ee0665facadf5b8
              • Instruction Fuzzy Hash: 0751F3B2B00116BFCB11DF9D8880D7EFBB8BB59244714C22BE469D3651D374DE048BA1
              Function 014D2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID: ___swprintf_l
              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
              • API String ID: 48624451-2108815105
              • Opcode ID: cd0e0e72dc5003a193763dbcf3ed6dfddf816994f74c9de675f865fab7a79ccd
              • Instruction ID: 9f5621ee5ce9ad780a775780d2ce2fbc7cb4f3eb66ad80478f1fda8c2b7b7cc9
              • Opcode Fuzzy Hash: cd0e0e72dc5003a193763dbcf3ed6dfddf816994f74c9de675f865fab7a79ccd
              • Instruction Fuzzy Hash: 6D511571A00646AFCF30DF9DC9A0D7FBBF8EB44204B54846FE896D3651E6B4EA008760
              Function 01457630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
              Download Yara Rule
              Strings
              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01494742
              • ExecuteOptions, xrefs: 014946A0
              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 014946FC
              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01494655
              • CLIENT(ntdll): Processing section info %ws..., xrefs: 01494787
              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01494725
              • Execute=1, xrefs: 01494713
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
              • API String ID: 0-484625025
              • Opcode ID: 458e1fbe02e6346d4d1377ea602778df2d4be8816e3068266eda712b9adf81dc
              • Instruction ID: ad862b95476a79597cd59283b52feabcdb34cad104b4705bda3ac57ed64bc6cb
              • Opcode Fuzzy Hash: 458e1fbe02e6346d4d1377ea602778df2d4be8816e3068266eda712b9adf81dc
              • Instruction Fuzzy Hash: E95160316002097ADF119B95EC85FAE7BACAF24315F5400BFD909A72B1D770DE468F61
              Function 014F6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
              • Instruction ID: b2393ab72c56b44771bb0d784cd292317e4f2ef3542d7825e97a2d82248c9de5
              • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
              • Instruction Fuzzy Hash: 78023571508342AFD305CF19C494A6BBBE5EFD8714F018A2EFA998B364DB31E945CB42
              Function 0146B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID: __aulldvrm
              • String ID: +$-$0$0
              • API String ID: 1302938615-699404926
              • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
              • Instruction ID: 4b2cc6140c5775eef3be87593ccc589b279aba2cebb399959635c9f03f7b5fb4
              • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
              • Instruction Fuzzy Hash: 3B81C070F0524A8EEF258E6CC8517FEBBA9EF55328F18411BD955E73A1C73888418B63
              Function 014D20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID: ___swprintf_l
              • String ID: %%%u$[$]:%u
              • API String ID: 48624451-2819853543
              • Opcode ID: 7a84df6be53338dd65f05c8c5362422a0aa30c8f657124d76013202cb4d9c3cd
              • Instruction ID: 9566ef0459a79e3d7a85aaa3545f15a688379dd10680d897190168c5638d7834
              • Opcode Fuzzy Hash: 7a84df6be53338dd65f05c8c5362422a0aa30c8f657124d76013202cb4d9c3cd
              • Instruction Fuzzy Hash: BB21A17AA0011AABDF11DF79CC50EEFBBF8AF55654F08411BE914E3214E770DA018BA1
              Function 0144F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
              Download Yara Rule
              Strings
              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 014902E7
              • RTL: Re-Waiting, xrefs: 0149031E
              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 014902BD
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
              • API String ID: 0-2474120054
              • Opcode ID: 4f7f43d2fd14debc3cbfa663e3598425c939c8c540142ac82bc0973b8ea94af8
              • Instruction ID: 82770a62b65fc0f2654f5e6cbf50b80acbe02471511c1a78e3ace046eee606f1
              • Opcode Fuzzy Hash: 4f7f43d2fd14debc3cbfa663e3598425c939c8c540142ac82bc0973b8ea94af8
              • Instruction Fuzzy Hash: 86E18B706047429FEB25CF2CC884B2ABBE4AB94314F140A5EF5A58B3F1D775D94ACB42
              Function 0145BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
              Download Yara Rule
              Strings
              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01497B7F
              • RTL: Re-Waiting, xrefs: 01497BAC
              • RTL: Resource at %p, xrefs: 01497B8E
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
              • API String ID: 0-871070163
              • Opcode ID: 5121ad276460454366262617096d81c69e000ebdd96ef3c928c5204a1c24d548
              • Instruction ID: edb61785349b45b18308091a3b433f6f66dee57a9200fbf13a09f5e64d699d43
              • Opcode Fuzzy Hash: 5121ad276460454366262617096d81c69e000ebdd96ef3c928c5204a1c24d548
              • Instruction Fuzzy Hash: CB41E4327007029FDB21CE29C850B6BB7E6EF98725F100A1EEA56D77A1D771E405CB91
              Function 0145B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
              Download Yara Rule
              APIs
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0149728C
              Strings
              • RTL: Re-Waiting, xrefs: 014972C1
              • RTL: Resource at %p, xrefs: 014972A3
              • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01497294
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
              • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
              • API String ID: 885266447-605551621
              • Opcode ID: 84e5fce5f572011186dcd55e33d26953b5b1729a96b230fb6e831cad8339abf3
              • Instruction ID: 94107e2cb21baea99dc55c79cdd568d767a056325145833b163275f22a372813
              • Opcode Fuzzy Hash: 84e5fce5f572011186dcd55e33d26953b5b1729a96b230fb6e831cad8339abf3
              • Instruction Fuzzy Hash: FF411431610206ABCB21CF25CC41B6ABBA5FF65715F10062EFD559B361DB31E8068BD1
              Function 014D2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID: ___swprintf_l
              • String ID: %%%u$]:%u
              • API String ID: 48624451-3050659472
              • Opcode ID: f7e5ad4be51c24a2ce99f24ed741379a867a0a729582cac3a07b64312a32bb0d
              • Instruction ID: 8a3d47bf071881e0cc57fab18189bf4036fb35a156eab6671be3235bbfc47864
              • Opcode Fuzzy Hash: f7e5ad4be51c24a2ce99f24ed741379a867a0a729582cac3a07b64312a32bb0d
              • Instruction Fuzzy Hash: 4F317F72A002299FDB60DF39CC50FEFB7F8AB54610F54055BE949E3210EF70AA448BA0
              Function 01467D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID: __aulldvrm
              • String ID: +$-
              • API String ID: 1302938615-2137968064
              • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
              • Instruction ID: 37bd394eea8d88816a25c54c08051276187826e2c53e13ea3d3ec9271bb9d17d
              • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
              • Instruction Fuzzy Hash: 6791D370E002069BEB28CF6DC890ABFBBA9EF5472EF14451BE955E73E0D73489418712
              Function 01429126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2325298188.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_13f0000_Quote Request - Project FMD2024UOS.jbxd
              Similarity
              • API ID:
              • String ID: $$@
              • API String ID: 0-1194432280
              • Opcode ID: 9bb98da2bc9bc25e18f3757afe47c089ece8a59f8cc3465ec7f78b9887038825
              • Instruction ID: 2e8e88c5259bba616b4415033769b9e5ce8397c1ecab7ef3ef95763b0505ed94
              • Opcode Fuzzy Hash: 9bb98da2bc9bc25e18f3757afe47c089ece8a59f8cc3465ec7f78b9887038825
              • Instruction Fuzzy Hash: E0812871D002799BDB319B54CC44BEEBAB8AF48714F0441EBEA19B7250D7709E85CFA0